Commit Graph

466986 Commits

Author SHA1 Message Date
Linus Torvalds
77e40aae76 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
 "This is a bunch of small changes built against 3.16-rc6.  The most
  significant change for users is the first patch which makes setns
  drmatically faster by removing unneded rcu handling.

  The next chunk of changes are so that "mount -o remount,.." will not
  allow the user namespace root to drop flags on a mount set by the
  system wide root.  Aks this forces read-only mounts to stay read-only,
  no-dev mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec
  mounts to stay no exec and it prevents unprivileged users from messing
  with a mounts atime settings.  I have included my test case as the
  last patch in this series so people performing backports can verify
  this change works correctly.

  The next change fixes a bug in NFS that was discovered while auditing
  nsproxy users for the first optimization.  Today you can oops the
  kernel by reading /proc/fs/nfsfs/{servers,volumes} if you are clever
  with pid namespaces.  I rebased and fixed the build of the
  !CONFIG_NFS_FS case yesterday when a build bot caught my typo.  Given
  that no one to my knowledge bases anything on my tree fixing the typo
  in place seems more responsible that requiring a typo-fix to be
  backported as well.

  The last change is a small semantic cleanup introducing
  /proc/thread-self and pointing /proc/mounts and /proc/net at it.  This
  prevents several kinds of problemantic corner cases.  It is a
  user-visible change so it has a minute chance of causing regressions
  so the change to /proc/mounts and /proc/net are individual one line
  commits that can be trivially reverted.  Unfortunately I lost and
  could not find the email of the original reporter so he is not
  credited.  From at least one perspective this change to /proc/net is a
  refgression fix to allow pthread /proc/net uses that were broken by
  the introduction of the network namespace"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
  proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net
  proc: Implement /proc/thread-self to point at the directory of the current thread
  proc: Have net show up under /proc/<tgid>/task/<tid>
  NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
  mnt: Add tests for unprivileged remount cases that have found to be faulty
  mnt: Change the default remount atime from relatime to the existing value
  mnt: Correct permission checks in do_remount
  mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
  mnt: Only change user settable mount flags in remount
  namespaces: Use task_lock and not rcu to protect nsproxy
2014-08-09 17:10:41 -07:00
Linus Torvalds
96784de59f Merge branch 'stable-3.17' of git://git.infradead.org/users/pcmoore/selinux
Pull SElinux fixes from Paul Moore:
 "Two small patches to fix a couple of build warnings in SELinux and
  NetLabel.  The patches are obvious enough that I don't think any
  additional explanation is necessary, but it basically boils down to
  the usual: I was stupid, and these patches fix some of the stupid.

  Both patches were posted earlier this week to the SELinux list, and
  that is where they sat as I didn't think there were noteworthy enough
  to go upstream at this point in time, but DaveM would rather see them
  upstream now so who am I to argue.  As the patches are both very
  small"

* 'stable-3.17' of git://git.infradead.org/users/pcmoore/selinux:
  selinux: remove unused variabled in the netport, netnode, and netif caches
  netlabel: fix the netlbl_catmap_setlong() dummy function
2014-08-09 15:09:52 -07:00
Linus Torvalds
0d10c2c170 Merge branch 'for-3.17' of git://linux-nfs.org/~bfields/linux
Pull nfsd updates from Bruce Fields:
 "This includes a major rewrite of the NFSv4 state code, which has
  always depended on a single mutex.  As an example, open creates are no
  longer serialized, fixing a performance regression on NFSv3->NFSv4
  upgrades.  Thanks to Jeff, Trond, and Benny, and to Christoph for
  review.

  Also some RDMA fixes from Chuck Lever and Steve Wise, and
  miscellaneous fixes from Kinglong Mee and others"

* 'for-3.17' of git://linux-nfs.org/~bfields/linux: (167 commits)
  svcrdma: remove rdma_create_qp() failure recovery logic
  nfsd: add some comments to the nfsd4 object definitions
  nfsd: remove the client_mutex and the nfs4_lock/unlock_state wrappers
  nfsd: remove nfs4_lock_state: nfs4_state_shutdown_net
  nfsd: remove nfs4_lock_state: nfs4_laundromat
  nfsd: Remove nfs4_lock_state(): reclaim_complete()
  nfsd: Remove nfs4_lock_state(): setclientid, setclientid_confirm, renew
  nfsd: Remove nfs4_lock_state(): exchange_id, create/destroy_session()
  nfsd: Remove nfs4_lock_state(): nfsd4_open and nfsd4_open_confirm
  nfsd: Remove nfs4_lock_state(): nfsd4_delegreturn()
  nfsd: Remove nfs4_lock_state(): nfsd4_open_downgrade + nfsd4_close
  nfsd: Remove nfs4_lock_state(): nfsd4_lock/locku/lockt()
  nfsd: Remove nfs4_lock_state(): nfsd4_release_lockowner
  nfsd: Remove nfs4_lock_state(): nfsd4_test_stateid/nfsd4_free_stateid
  nfsd: Remove nfs4_lock_state(): nfs4_preprocess_stateid_op()
  nfsd: remove old fault injection infrastructure
  nfsd: add more granular locking to *_delegations fault injectors
  nfsd: add more granular locking to forget_openowners fault injector
  nfsd: add more granular locking to forget_locks fault injector
  nfsd: add a list_head arg to nfsd_foreach_client_lock
  ...
2014-08-09 14:31:18 -07:00
Linus Torvalds
023f78b02c Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
Pull CIFS updates from Steve French:
 "The most visible change in this set is the additional of multi-credit
  support for SMB2/SMB3 which dramatically improves the large file i/o
  performance for these dialects and significantly increases the maximum
  i/o size used on the wire for SMB2/SMB3.

  Also reconnection behavior after network failure is improved"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6: (35 commits)
  Add worker function to set allocation size
  [CIFS] Fix incorrect hex vs. decimal in some debug print statements
  update CIFS TODO list
  Add Pavel to contributor list in cifs AUTHORS file
  Update cifs version
  CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
  CIFS: Optimize readpages in a short read case on reconnects
  CIFS: Optimize cifs_user_read() in a short read case on reconnects
  CIFS: Improve indentation in cifs_user_read()
  CIFS: Fix possible buffer corruption in cifs_user_read()
  CIFS: Count got bytes in read_into_pages()
  CIFS: Use separate var for the number of bytes got in async read
  CIFS: Indicate reconnect with ECONNABORTED error code
  CIFS: Use multicredits for SMB 2.1/3 reads
  CIFS: Fix rsize usage for sync read
  CIFS: Fix rsize usage in user read
  CIFS: Separate page reading from user read
  CIFS: Fix rsize usage in readpages
  CIFS: Separate page search from readpages
  CIFS: Use multicredits for SMB 2.1/3 writes
  ...
2014-08-09 13:03:34 -07:00
Linus Torvalds
63b12bdb0d Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc
Pull arch signal handling cleanup from Richard Weinberger:
 "This patch series moves all remaining archs to the get_signal(),
  signal_setup_done() and sigsp() functions.

  Currently these archs use open coded variants of the said functions.
  Further, unused parameters get removed from get_signal_to_deliver(),
  tracehook_signal_handler() and signal_delivered().

  At the end of the day we save around 500 lines of code."

* 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc: (43 commits)
  powerpc: Use sigsp()
  openrisc: Use sigsp()
  mn10300: Use sigsp()
  mips: Use sigsp()
  microblaze: Use sigsp()
  metag: Use sigsp()
  m68k: Use sigsp()
  m32r: Use sigsp()
  hexagon: Use sigsp()
  frv: Use sigsp()
  cris: Use sigsp()
  c6x: Use sigsp()
  blackfin: Use sigsp()
  avr32: Use sigsp()
  arm64: Use sigsp()
  arc: Use sigsp()
  sas_ss_flags: Remove nested ternary if
  Rip out get_signal_to_deliver()
  Clean up signal_delivered()
  tracehook_signal_handler: Remove sig, info, ka and regs
  ...
2014-08-09 09:58:12 -07:00
Linus Torvalds
ad1f5caf34 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "A number of small fixes:
   - fix loading of the translation table base registers for LPAE
   - add two new syscalls to the ARM syscall tables"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: wire up memfd_create syscall
  ARM: wire up getrandom syscall
  ARM: 8114/1: LPAE: load upper bits of early TTBR0/TTBR1
2014-08-09 09:34:19 -07:00
Linus Torvalds
e853ccf08b ARC changes for 3.17
Mostly cleanup/refactoring in core intc, cache flush, IPI send...
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJT5YDrAAoJEGnX8d3iisJePtgQALJDm3Nn7fUkJRlk6Smb+IpQ
 5LBLysiNWpauPNIEw26FKrAbUb3EnLL79v+DVPc5+5kVsp54T8ucl0kYGWdVrA2F
 yXEWynROB5HLDHW+3a4BhYDUAWf51PmJoL1IO7jXdPi/fM6W+m88UnpuTV2ISNfy
 h6N47MxhFj7EVgjULh254kOgbzpNkaIUsT2CH1VDPlOjn3TFVCvxBL7+IEkYvzFR
 zHV2GI91Y9YwU+xrX2/HhvyXYZYXUIFV/zFH78q0mOH4jl8ED0cH65y0tmG66tA6
 P15Gt1761vU45dSctOvQtapUQ5UI2el2py9nto8m3mhLvKn8UOZ8cvEC40kQ16me
 SsnypLa0ONRMMPApvcJIQkyDiazNeilSkmT1mrX2u5HYJaRozYAbuChxXBwTHkX1
 04HC3fAuZgr+/kQxOWtg0WjUahkycXoYP6nzNQ0MDjrYrbKCKpn7m5zphBWFEdbp
 jKQS1vqgMmMOz/hkez8Ba9G35LOLfzHt+oWB5gf1ibTaLGPIuf9tLOdFk6paz2e0
 lPfDMERBx0JG705+nc7pZR1cWhpRLNPy7YOxQs+HaOqqPIuzYAklUNGwQFliuB12
 AmXbRC/2VOXQIFgmf/jR0oaaxkp6BC9a46N0Qlpnwh9tlpsv7IxmkdwFdO3hCG9x
 s4ySPRIKcBZsJqjpYwcK
 =Mx5r
 -----END PGP SIGNATURE-----

Merge tag 'arc-v3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC changes from Vineet Gupta:
 "Mostly cleanup/refactoring in core intc, cache flush, IPI send..."

* tag 'arc-v3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  mm, arc: remove obsolete pagefault oom killer comment
  ARC: help gcc elide icache helper for !SMP
  ARC: move common ops for line/full cache into helpers
  ARC: cache boot reporting updates
  ARC: [intc] mask/unmask can be hidden again
  ARC: [plat-arcfpga] No need for init_irq hack
  ARC: [intc] don't mask all IRQ by default
  ARC: prune extra header includes from smp.c
  ARC: update some comments
  ARC: [SMP] unify cpu private IRQ requests (TIMER/IPI)
2014-08-09 09:33:18 -07:00
Linus Torvalds
d7b1fd9140 Wire up getrandom system call for ia64
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT4qKEAAoJEKurIx+X31iB7/cP/34HRGvWZQeRYCErh7Ub87tz
 IqiYPM9aK0YN0K7i/dBlwpAUNrzrmmwqlLd/BzcwwJ9kJaIbS5l/lzHszREUz2GV
 p8SnsOsppMMSd30vWF0XOgx9YSq4xanZ8urBaazoGds8KF8CXg+LKmihN0XHVMNg
 X/sT7dH9QFpwIGoblefuPY1USo4Fb82Oewj7beCl/qe8b6IZYkx+fHSEjGdYhac+
 yk7V4qij/HWgHn/YsreZdUCD7UT3LVDjMPZLnJlp2vBoGCMkMVcaYrDJn1d/j/Lr
 t8/+oYNtVBMwQ09RCCjgpDimYxb0QNfWOx3iMCjOf1LJXALypl31SdMgKeZ1wbAA
 /DQPZrkt0KMMJ3CPKJvPBbGDEbWGdwNJqjzyHzuZ7JOqa08xHwj5mptx5XyzutpS
 FEAbncaxj1feIWS5kd6FwSOV9u2auMFBwVQFDZ4joBaDF0LAulkX2jMq0gZkm1dl
 5LRq/wkXdIzcgYkvZIGiVbcs96njZdVWmYvugj8ER9Zo7UpH9hsOR6w8Z8xN4oL4
 0h0i3Odup2XOqfnclCoXasGrjlLtHViYDwvP3E6ju+d+zbMPmP3JF6mzB1sCHLtQ
 bf7m7z6Xxlf5gec6Nyibcq7R3h8yv8F7Owy3BGSaAwlZs9Bb8FHrSJPyD0ehvGOj
 IUgZCdeoggu6xQIJ+IgO
 =zjzv
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-getrandom' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 system call update from Tony Luck:
 "Wire up getrandom system call for ia64"

* tag 'please-pull-getrandom' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Wire up getrandom() system call
2014-08-09 09:32:45 -07:00
Linus Torvalds
f7dbaef505 Merge branch 'i2c/for-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
 "Highlights:

   - class based instantiation finally dropped for most embedded drivers
     bringing boot up performance gains
   - removed two drivers (one outdated, one a duplicate)
   - ACPI has now operation region support (thanks to Lan Tianyu)
   - the i2c-stub driver got overhauled and gained new features to
     become more useful when writing i2c client drivers (thanks to
     Guenter Roeck and Jean Delvare)

  The rest is driver bugfixes, added bindings/ids, cleanups..."

* 'i2c/for-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (43 commits)
  i2c: mpc: delete unneeded test before of_node_put
  i2c: rk3x: fix interrupt handling issue
  i2c: imx: Fix format warning for dev_dbg
  i2c: qup: disable clks and return instead of just returning error
  i2c: exynos5: always enable HSI2C
  i2c: designware: add new bindings
  i2c: gpio: Drop dead code in i2c_gpio_remove
  i2c: pca954x: put the mux to disconnected state after resume
  i2c: st: Update i2c timings
  drivers/i2c/busses: use correct type for dma_map/unmap
  i2c: i2c-st: Use %pa to print 'resource_size_t' type
  i2c: s3c2410: resume the I2C controller earlier
  i2c: stub: Avoid an array overrun on I2C block transfers
  i2c: i801: Add device ID for Intel Wildcat Point PCH
  i2c: i801: Fix the alignment of the device table
  i2c: stub: Add support for banked register ranges
  i2c: stub: Remember the number of emulated chips
  i2c: stub: Add support for SMBus block commands
  i2c: efm32: correct namespacing of location property
  i2c: exynos5: remove extra line and fix an assignment
  ...
2014-08-09 09:15:07 -07:00
Johannes Weiner
7b9828d441 Documentation: SubmittingPatches: overhaul changelog description
Maintainers often repeat the same feedback on poorly written
changelogs - describe the problem, justify your changes, quantify
optimizations, describe user-visible changes - but our documentation
on writing changelogs doesn't include these things.  Fix that.

Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-09 09:13:40 -07:00
Pavel Machek
d74aae4ea0 Documentation: freefall: simplify pathnames
Copying to local variable is actually not neccessary, if all we need
to do is snprintf(). This also removes problem where devname could be
missing zero termination.

Reported-by: Rickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-09 09:13:40 -07:00
Michael Ellerman
efe4a77221 Documentation: add How to avoid botching up ioctls
I pointed some folks at this and they wondered why it wasn't in the
kernel Documentation directory. So now it is.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-09 09:13:40 -07:00
Russell King
e57e419311 ARM: wire up memfd_create syscall
Add the memfd_create syscall to ARM.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-08-09 14:07:59 +01:00
Russell King
eb6452537b ARM: wire up getrandom syscall
Add the new getrandom syscall for ARM.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-08-09 14:07:53 +01:00
Konstantin Khlebnikov
7fb00c2fca ARM: 8114/1: LPAE: load upper bits of early TTBR0/TTBR1
This patch fixes booting when idmap pgd lays above 4gb. Commit
4756dcbfd3 mostly had fixed this, but it'd failed to load upper bits.

Also this fixes adding TTBR1_OFFSET to TTRR1: if lower part overflows
carry flag must be added to the upper part.

Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-08-09 08:42:12 +01:00
Linus Torvalds
c309bfa9b4 MTD updates for 3.17-rc1
AMD-compatible CFI driver:
  - Support OTP programming for Micron M29EW family
  - Increase buffer write timeout, according to detected flash parameter info
 
 NAND
  - Add helpers for retrieving ONFI timing modes
  - GPMI: provide option to disable bad block marker swapping (required for
      Ka-On electronics platforms)
 
 SPI NOR
  - EON EN25QH128 support
  - Support new Flag Status Register (FSR) on a few Micron flash
 
 Common
  - New sysfs entries for bad block and ECC stats
 
 And a few miscellaneous refactorings, cleanups, and driver improvements
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT5WCXAAoJEFySrpd9RFgt0rwP/1anAulAcve/QzVF9LDFPec8
 jSvK8WWFcHLVb9EvTHtUjRz2RSRNhe0eeyEld3WpdKZZ73VVVaHnGdJv8J8Ys8jn
 kfNBDfgDLFrVzycYCqjQ2gdvidCyrjQgtPP0E/Q/RN6FBur0/rp2WKoJ2FvuT6SS
 kOz5f3TOe+iNtxQoJwkFvs/IjfFMThGs+YMJ8Z9s4LcJHD65T6hF+zDwl8xF2xfG
 b104PsG3I58kJdYjKhRQ2/ol+YCPoVhQorhhuaqeouZum/Hb/2g3rKHVZpAv2n6m
 JWnTpbdJDqGoPFVPyJr5Vm/UYOwxEBSWimuNp+2WN7EsXux1x9JZZl5+ZNUMmb4q
 vxYhIDul2+Sg1lN+ruBe+xi6d8DI8Y5WIc9xJgn3YHLC8YSkiZ11bhQyyeHA9i5h
 jZYKSkN/ERl8iAA4ULD6tsZv4ds8LVI/XOxrcSM7myQ4p8oY5QBxEWEuGPgyH6A6
 qCVkc0TAriSPfcCBvs4o8s2uNUocq7x6ZT1xfdlJ0KVstCmeEJBJnBYwWIXR3tu7
 3+I/bI41Q29ZGV8x5PEGDSgLVDNAJZnfGPuCwdMWuVD7UQuEEOJkCvy8o7C2Fold
 hRXh3SlUICCGDzd0JdNmdt5hPuB0tzsG0YkRoRj2sS30TlHi77nN/m3HYi/JQ4UW
 gA21laizfJ+z7g/5Kabb
 =Wkmz
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20140808' of git://git.infradead.org/linux-mtd

Pull MTD updates from Brian Norris:
 "AMD-compatible CFI driver:
   - Support OTP programming for Micron M29EW family
   - Increase buffer write timeout, according to detected flash
     parameter info

  NAND
   - Add helpers for retrieving ONFI timing modes
   - GPMI: provide option to disable bad block marker swapping (required
     for Ka-On electronics platforms)

  SPI NOR
   - EON EN25QH128 support
   - Support new Flag Status Register (FSR) on a few Micron flash

  Common
   - New sysfs entries for bad block and ECC stats

  And a few miscellaneous refactorings, cleanups, and driver
  improvements"

* tag 'for-linus-20140808' of git://git.infradead.org/linux-mtd: (31 commits)
  mtd: gpmi: make blockmark swapping optional
  mtd: gpmi: remove line breaks from error messages and improve wording
  mtd: gpmi: remove useless (void *) type casts and spaces between type casts and variables
  mtd: atmel_nand: NFC: support multiple interrupt handling
  mtd: atmel_nand: implement the nfc_device_ready() by checking the R/B bit
  mtd: atmel_nand: add NFC status error check
  mtd: atmel_nand: make ecc parameters same as definition
  mtd: nand: add ONFI timing mode to nand_timings converter
  mtd: nand: define struct nand_timings
  mtd: cfi_cmdset_0002: fix do_write_buffer() timeout error
  mtd: denali: use 8 bytes for READID command
  mtd/ftl: fix the double free of the buffers allocated in build_maps()
  mtd: phram: Fix whitespace issues
  mtd: spi-nor: add support for EON EN25QH128
  mtd: cfi_cmdset_0002: Add support for locking OTP memory
  mtd: cfi_cmdset_0002: Add support for writing OTP memory
  mtd: cfi_cmdset_0002: Invalidate cache after entering/exiting OTP memory
  mtd: cfi_cmdset_0002: Add support for reading OTP
  mtd: spi-nor: add support for flag status register on Micron chips
  mtd: Account for BBT blocks when a partition is being allocated
  ...
2014-08-08 18:13:21 -07:00
Linus Torvalds
9e9ac89666 fbdev changes for 3.17
* Much better HDMI infoframe support for OMAP
 * Cirrus Logic CLPS711X framebuffer driver
 * DT support for PL11x CLCD driver
 * Various small fixes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT5LUrAAoJEPo9qoy8lh71G2kP/RyomOV8mOPErkVgslJukMlW
 iJO/Y47GcnHzosKK+7u8MUXlpbBdZjyoaKJxuh+D1OL0vc/LrSar4IwicqqGcD2C
 l5N8b9NytOf+sjtYuD24xkGo9bLr8vkaVNC3cgPNjE/x1kgRrtHoap1NOlv8vvuT
 OnbSkRdg/oENrdzwWjwJeayvT5a3TxLJY5JM9IMTzw6CKROIYScEmHUsy0jH2h/g
 60OrGPdzmPPutUKA/ZWe8Nu0Mhf4GcOeIl8CZ/u7ZyME7NKezyF0iATpMzn3+ylf
 9GafGbsxwgNW2KwoF379w6CV49UNyQhx4qxlkg8/N2km6ot6s1WoJrb/32qPu05J
 Wydfbovxo9elM/144m47a89TR4xV6Ia35kbSDmwrR7gmKjIDUE34Ruc7RdCLdO8n
 SxIG5724pktKlP1bdOT6gCLFnDq6vFK0gNnWwlCRKWnwg0H+Cyg5S07BNEF7/dvO
 gOkRPuyWz3m4rlpl9dL+TW+jaQR/FQAAgf8pUdjBeUTogUTvWf2NBb3H1bKoAnaE
 4fhLwE1qUxep3rhOqOpLbGzDmpvt0ebcNJzseypaSTO9c8QNbZJkxLLC1jchUjPj
 6FP4/SocuySik3on6Qulj6xGrp4zskBnjsTXOIZzxXjByX6uf/DNWPHEcEM9zIEk
 u0trGuXxlx8JkRkV/7aE
 =gXX+
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux

Pull fbdev updates from Tomi Valkeinen:
 - much better HDMI infoframe support for OMAP
 - Cirrus Logic CLPS711X framebuffer driver
 - DT support for PL11x CLCD driver
 - various small fixes

* tag 'fbdev-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (35 commits)
  OMAPDSS: DSI: fix depopulating dsi peripherals
  video: hyperv: hyperv_fb: refresh the VM screen by force on VM panic
  video: ARM CLCD: Fix DT-related build problems
  drivers: video: fbdev: atmel_lcdfb.c: Add ability to inverted backlight PWM.
  video: ARM CLCD: Add DT support
  drm/omap: Add infoframe & dvi/hdmi mode support
  OMAPDSS: HDMI: remove the unused code
  OMAPDSS: HDMI5: add support to set infoframe & HDMI mode
  OMAPDSS: HDMI4: add support to set infoframe & HDMI mode
  OMAPDSS: HDMI: add infoframe and hdmi_dvi_mode fields
  OMAPDSS: add hdmi ops to hdmi-connector and tpd12s015
  OMAPDSS: add hdmi ops to hdmi_ops and omap_dss_driver
  OMAPDSS: HDMI: remove custom avi infoframe
  OMAPDSS: HDMI5: use common AVI infoframe support
  OMAPDSS: HDMI4: use common AVI infoframe support
  OMAPDSS: Kconfig: select HDMI
  OMAPDSS: HDMI: fix name conflict
  OMAPDSS: DISPC: clean up dispc_mgr_timings_ok
  OMAPDSS: DISPC: reject interlace for lcd out
  OMAPDSS: DISPC: fix debugfs reg dump
  ...
2014-08-08 18:09:33 -07:00
Linus Torvalds
34b20e6df6 pwm: Changes for v3.17-rc1
The set of changes for this merge window contains two new drivers: one
 for Rockchip SoCs and another for STMicroelectronics STiH4xx SoCs. The
 remainder of the changes are the usual small cleanups such as removing
 redundant OOM messages, signalling that a PWM chip's operations can
 sleep and removing an unneeded dependency.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJT5LH8AAoJEN0jrNd/PrOhm1gQAKZUW7ueTT5Ar9cwBvWwtHSr
 qLtTx0GxJ91cH6h2bNkhBLz3A2ps9KPcxWgDxfod4TyOHsqZmbAwVHZzORyxr3Hi
 n5iQST0SpH/Qon5iptbJdmdeDOJ2MOvLU6YrlCO5XdGzJjVt1JeCXCuYZn1FG4IJ
 rsZbvkp3w0U3BuRwq41FK2RqwlMp+6VkAjMd5gqLL8/AWnLGy+T5pLtADiOyNeBa
 f9EDqrVXz0PwuLt7JXR2TktAVEv/vlGWKnmqYWGTEr45BDsxRVdV49QMnMIIjrPA
 ohLKqYJgX5bU4XwHfbePLU/Jt8P1Kc+bdh4iTpMJSTEETdnMt0W9GdpwI+hKZThH
 hZoALp9KBimIh/To8LnuSLeJ4NItkXelLZzzvGbX4wJSSBtA/CvG+1akyRnhE86m
 Z5xp71tIBAQ45KHBz6sN95NTQirCLgbfReE7jo2xfAspqY8yUotorMoYdHz/gWMs
 xX/x4BdcfYBd25YDYT6SwNLZ0uGwtwxnRvzNURmpLu6WY177cg50CgL32skxVvIJ
 TlsQDVyQj8DcIb0GfevUk1X7EL6lYz2czjgpA2HvyNIXJRGJhm5+1iyTcaGOYQ4F
 WsZj8GI8ECF/LYssa4tyrT2WW7MbHpXY1f4Qn3AD+XymtSQ6la8pPEh2YXBPWwvr
 ep6Sbib+61h+mIMem25i
 =ZE0j
 -----END PGP SIGNATURE-----

Merge tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm

Pull pwm changes from Thierry Reding:
 "The set of changes for this merge window contains two new drivers: one
  for Rockchip SoCs and another for STMicroelectronics STiH4xx SoCs.

  The remainder of the changes are the usual small cleanups such as
  removing redundant OOM messages, signalling that a PWM chip's
  operations can sleep and removing an unneeded dependency"

* tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
  pwm: rockchip: Added to support for RK3288 SoC
  pwm: rockchip: document RK3288 SoC compatible
  pwm: sti: Remove PWM period table
  pwm: sti: Sync between enable/disable calls
  pwm: sti: Ensure same period values for all channels
  pwm: sti: Fix PWM prescaler handling
  pwm: sti: Supply Device Tree binding documentation for ST's PWM IP
  pwm: sti: Add new driver for ST's PWM IP
  pwm: imx: set can_sleep flag for imx_pwm
  pwm: lpss: remove dependency on clk framework
  pwm: pwm-tipwmss: remove unnecessary OOM messages
  pwm: rockchip: document device tree bindings
  pwm: add Rockchip SoC PWM support
2014-08-08 18:06:29 -07:00
Linus Torvalds
06b49ea43c This is the bulk of GPIO changes for the v3.17 development
cycle, and this time we got a lot of action going on and
 it will continue:
 
 - The core GPIO library implementation has been split up in
   three different files:
   - gpiolib.c for the latest and greatest and shiny GPIO
     library code using GPIO descriptors only
   - gpiolib-legacy.c for the old integer number space API
     that we are phasing out gradually
   - gpiolib-sysfs.c for the sysfs interface that we are
     not entirely happy with, but has to live on for
     ABI compatibility
 
 - Add a flags argument to *gpiod_get* functions, with some
   backward-compatibility macros to ease transitions. We
   should have had the flags there from the beginning it
   seems, now we need to clean up the mess. There is a plan
   on how to move forward here devised by Alexandre Courbot
   and Mark Brown.
 
 - Split off a special <linux/gpio/machine.h> header for the
   board gpio table registration, as per example from the
   regulator subsystem.
 
 - Start to kill off the return value from gpiochip_remove()
   by removing the __must_check attribute and removing all
   checks inside the drivers/gpio directory. The rationale
   is: well what were we supposed to do if there is an error
   code? Not much: print an error message. And gpiolib already
   does that. So make this function return void eventually.
 
 - Some cleanups of hairy gpiolib code, make some functions
   not to be used outside the library private and make sure
   they are not exported, remove gpiod_lock/unlock_as_irq()
   as the existing function is for driver-internal use and
   fine as it is, delete gpio_ensure_requested() as it is
   not meaningful anymore.
 
 - Support the GPIOF_ACTIVE_LOW flag from gpio_request_one()
   function calls, which is logical since this is already
   supported when referencing GPIOs from e.g. device trees.
 
 - Switch STMPE, intel-mid, lynxpoint and ACPI (!) to use
   the gpiolib irqchip helpers cutting down on GPIO irqchip
   boilerplate a bit more.
 
 - New driver for the Zynq GPIO block.
 
 - The usual incremental improvements around a bunch of
   drivers.
 
 - Janitorial syntactic and semantic cleanups by Jingoo Han,
   and Rickard Strandqvist especially.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT5Ji9AAoJEEEQszewGV1zch8QAKp67+8ScxRBf/7RCSV6U/dy
 i7kt+nP4au/TScwtjbX264DM8hroW7BzN+GqF10NEFeGkYDR+42lMav9PrNjtKtk
 ojQPWdoGWzwwL0wa4j9rsuG/pRnbAEgDWPb+EkFdHQsLl6h71fyVoLOK+gKwJFyn
 aPYGXyNbT1FN38oj1rarENiOUxM7VMXvcJFfvDYFdDDhCS4PLYPOMw0lrsGtsHMZ
 epDa4z3yt4zHgYiUIT578nQ7EkIbGN3goywk3NQ+9WDQG+sLFHh4BdqcRKg6b9VM
 I64+47uNQxkyvWCvcLma5ziqvtNQk113986g+cv5YeTh18Ajyio1kxEIZM181eBk
 ITUPGrAorWHPLGNbe3psLmtK3+/BwmWIurPmHpckuW8d2JWWSVe0oepkUuqDwu/w
 lUB5KtM0joFOr5k61fj5tCKxH344jc1zvHJ/N+bVYilbOMvunWzuMJlc4hADIGC2
 1uxUAcPbYUAphGaxhdMBca9ellm0lWG19Gj5TtdGbRtNgp6R2qrwI66DDzk+1kLR
 8Szx6KHQdEHFTlCLKSIAMv33p1ClfmNikhdicT3urwR8PeXmmTR1pD7kGmVTDDZa
 gXSU5EilgGpak+77j/GZ2Ivp0Qt5M97UwWlZ7zTp++T1ZY+wwTHJI/09qcoWYjdz
 IpZRIqrQchalbscpn3LY
 =e+d6
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO update from Linus Walleij:
 "This is the bulk of GPIO changes for the v3.17 development cycle, and
  this time we got a lot of action going on and it will continue:

   - The core GPIO library implementation has been split up in three
     different files:
     - gpiolib.c for the latest and greatest and shiny GPIO library code
       using GPIO descriptors only
     - gpiolib-legacy.c for the old integer number space API that we are
       phasing out gradually
     - gpiolib-sysfs.c for the sysfs interface that we are not entirely
       happy with, but has to live on for ABI compatibility

   - Add a flags argument to *gpiod_get* functions, with some
     backward-compatibility macros to ease transitions.  We should have
     had the flags there from the beginning it seems, now we need to
     clean up the mess.  There is a plan on how to move forward here
     devised by Alexandre Courbot and Mark Brown

   - Split off a special <linux/gpio/machine.h> header for the board
     gpio table registration, as per example from the regulator
     subsystem

   - Start to kill off the return value from gpiochip_remove() by
     removing the __must_check attribute and removing all checks inside
     the drivers/gpio directory.  The rationale is: well what were we
     supposed to do if there is an error code? Not much: print an error
     message.  And gpiolib already does that.  So make this function
     return void eventually

   - Some cleanups of hairy gpiolib code, make some functions not to be
     used outside the library private and make sure they are not
     exported, remove gpiod_lock/unlock_as_irq() as the existing
     function is for driver-internal use and fine as it is, delete
     gpio_ensure_requested() as it is not meaningful anymore

   - Support the GPIOF_ACTIVE_LOW flag from gpio_request_one() function
     calls, which is logical since this is already supported when
     referencing GPIOs from e.g. device trees

   - Switch STMPE, intel-mid, lynxpoint and ACPI (!) to use the gpiolib
     irqchip helpers cutting down on GPIO irqchip boilerplate a bit more

   - New driver for the Zynq GPIO block

   - The usual incremental improvements around a bunch of drivers

   - Janitorial syntactic and semantic cleanups by Jingoo Han, and
     Rickard Strandqvist especially"

* tag 'gpio-v3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (37 commits)
  MAINTAINERS: update GPIO include files
  gpio: add missing includes in machine.h
  gpio: add flags argument to gpiod_get*() functions
  MAINTAINERS: Update Samsung pin control entry
  gpio / ACPI: Move event handling registration to gpiolib irqchip helpers
  gpio: lynxpoint: Convert to use gpiolib irqchip
  gpio: split gpiod board registration into machine header
  gpio: remove gpio_ensure_requested()
  gpio: remove useless check in gpiolib_sysfs_init()
  gpiolib: Export gpiochip_request_own_desc and gpiochip_free_own_desc
  gpio: move gpio_ensure_requested() into legacy C file
  gpio: remove gpiod_lock/unlock_as_irq()
  gpio: make gpiochip_get_desc() gpiolib-private
  gpio: simplify gpiochip_export()
  gpio: remove export of private of_get_named_gpio_flags()
  gpio: Add support for GPIOF_ACTIVE_LOW to gpio_request_one functions
  gpio: zynq: Clear pending interrupt when enabling a IRQ
  gpio: drop retval check enforcing from gpiochip_remove()
  gpio: remove all usage of gpio_remove retval in driver/gpio
  devicetree: Add Zynq GPIO devicetree bindings documentation
  ...
2014-08-08 18:00:35 -07:00
Linus Torvalds
664fb23070 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
 - big update to Wacom driver by Benjamin Tissoires, converting it to
   HID infrastructure and unifying USB and Bluetooth models
 - large update to ALPS driver by Hans de Goede, which adds support for
   newer touchpad models as well as cleans up and restructures the code
 - more changes to Atmel MXT driver, including device tree support
 - new driver for iPaq x3xxx touchscreen
 - driver for serial Wacom tablets
 - driver for Microchip's CAP1106
 - assorted cleanups and improvements to existing drover and input core

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (93 commits)
  Input: wacom - update the ABI doc according to latest changes
  Input: wacom - only register once the MODULE_* macros
  Input: HID - remove hid-wacom Bluetooth driver
  Input: wacom - add copyright note and bump version to 2.0
  Input: wacom - remove passing id for wacom_set_report
  Input: wacom - check for bluetooth protocol while setting OLEDs
  Input: wacom - handle Intuos 4 BT in wacom.ko
  Input: wacom - handle Graphire BT tablets in wacom.ko
  Input: wacom - prepare the driver to include BT devices
  Input: hyperv-keyboard - register as a wakeup source
  Input: imx_keypad - remove ifdef round PM methods
  Input: jornada720_ts - get rid of space indentation and use tab
  Input: jornada720_ts - switch to using managed resources
  Input: alps - Rushmore and v7 resolution support
  Input: mcs5000_ts - remove ifdef around power management methods
  Input: mcs5000_ts - protect PM functions with CONFIG_PM_SLEEP
  Input: ads7846 - release resources on failure for clean exit
  Input: wacom - add support for 0x12C ISDv4 sensor
  Input: atmel_mxt_ts - use deep sleep mode when stopped
  ARM: dts: am437x-gp-evm: Update binding for touchscreen size
  ...
2014-08-08 17:39:48 -07:00
Linus Torvalds
8065be8d03 Merge branch 'akpm' (second patchbomb from Andrew Morton)
Merge more incoming from Andrew Morton:
 "Two new syscalls:

     memfd_create in "shm: add memfd_create() syscall"
     kexec_file_load in "kexec: implementation of new syscall kexec_file_load"

  And:

   - Most (all?) of the rest of MM

   - Lots of the usual misc bits

   - fs/autofs4

   - drivers/rtc

   - fs/nilfs

   - procfs

   - fork.c, exec.c

   - more in lib/

   - rapidio

   - Janitorial work in filesystems: fs/ufs, fs/reiserfs, fs/adfs,
     fs/cramfs, fs/romfs, fs/qnx6.

   - initrd/initramfs work

   - "file sealing" and the memfd_create() syscall, in tmpfs

   - add pci_zalloc_consistent, use it in lots of places

   - MAINTAINERS maintenance

   - kexec feature work"

* emailed patches from Andrew Morton <akpm@linux-foundation.org: (193 commits)
  MAINTAINERS: update nomadik patterns
  MAINTAINERS: update usb/gadget patterns
  MAINTAINERS: update DMA BUFFER SHARING patterns
  kexec: verify the signature of signed PE bzImage
  kexec: support kexec/kdump on EFI systems
  kexec: support for kexec on panic using new system call
  kexec-bzImage64: support for loading bzImage using 64bit entry
  kexec: load and relocate purgatory at kernel load time
  purgatory: core purgatory functionality
  purgatory/sha256: provide implementation of sha256 in purgaotory context
  kexec: implementation of new syscall kexec_file_load
  kexec: new syscall kexec_file_load() declaration
  kexec: make kexec_segment user buffer pointer a union
  resource: provide new functions to walk through resources
  kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc()
  kexec: move segment verification code in a separate function
  kexec: rename unusebale_pages to unusable_pages
  kernel: build bin2c based on config option CONFIG_BUILD_BIN2C
  bin2c: move bin2c in scripts/basic
  shm: wait for pins to be released when sealing
  ...
2014-08-08 15:57:47 -07:00
Joe Perches
ecc265fe9e MAINTAINERS: update nomadik patterns
Commit 3a19805920 ("pinctrl: nomadik: move all Nomadik drivers to
subdir") move the files, update the patterns

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Alessandro Rubini <rubini@unipv.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Joe Perches
faf2e1dbd8 MAINTAINERS: update usb/gadget patterns
Several commits have moved files around, update the section patterns.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Thomas Dahlmann <dahlmann.thomas@arcor.de>
Cc: Nicolas Ferre <nicolas.ferre@atmel.com>
Cc: Li Yang <leoli@freescale.com>
Cc: Eric Miao <eric.y.miao@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Haojian Zhuang <haojian.zhuang@gmail.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Joe Perches
e46d12c659 MAINTAINERS: update DMA BUFFER SHARING patterns
One pattern per F: line please...

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Vivek Goyal
8e7d838103 kexec: verify the signature of signed PE bzImage
This is the final piece of the puzzle of verifying kernel image signature
during kexec_file_load() syscall.

This patch calls into PE file routines to verify signature of bzImage.  If
signature are valid, kexec_file_load() succeeds otherwise it fails.

Two new config options have been introduced.  First one is
CONFIG_KEXEC_VERIFY_SIG.  This option enforces that kernel has to be
validly signed otherwise kernel load will fail.  If this option is not
set, no signature verification will be done.  Only exception will be when
secureboot is enabled.  In that case signature verification should be
automatically enforced when secureboot is enabled.  But that will happen
when secureboot patches are merged.

Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG.  This option
enables signature verification support on bzImage.  If this option is not
set and previous one is set, kernel image loading will fail because kernel
does not have support to verify signature of bzImage.

I tested these patches with both "pesign" and "sbsign" signed bzImages.

I used signing_key.priv key and signing_key.x509 cert for signing as
generated during kernel build process (if module signing is enabled).

Used following method to sign bzImage.

pesign
======
- Convert DER format cert to PEM format cert
openssl x509 -in signing_key.x509 -inform DER -out signing_key.x509.PEM -outform
PEM

- Generate a .p12 file from existing cert and private key file
openssl pkcs12 -export -out kernel-key.p12 -inkey signing_key.priv -in
signing_key.x509.PEM

- Import .p12 file into pesign db
pk12util -i /tmp/kernel-key.p12 -d /etc/pki/pesign

- Sign bzImage
pesign -i /boot/vmlinuz-3.16.0-rc3+ -o /boot/vmlinuz-3.16.0-rc3+.signed.pesign
-c "Glacier signing key - Magrathea" -s

sbsign
======
sbsign --key signing_key.priv --cert signing_key.x509.PEM --output
/boot/vmlinuz-3.16.0-rc3+.signed.sbsign /boot/vmlinuz-3.16.0-rc3+

Patch details:

Well all the hard work is done in previous patches.  Now bzImage loader
has just call into that code and verify whether bzImage signature are
valid or not.

Also create two config options.  First one is CONFIG_KEXEC_VERIFY_SIG.
This option enforces that kernel has to be validly signed otherwise kernel
load will fail.  If this option is not set, no signature verification will
be done.  Only exception will be when secureboot is enabled.  In that case
signature verification should be automatically enforced when secureboot is
enabled.  But that will happen when secureboot patches are merged.

Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG.  This option
enables signature verification support on bzImage.  If this option is not
set and previous one is set, kernel image loading will fail because kernel
does not have support to verify signature of bzImage.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Matt Fleming <matt@console-pimps.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Vivek Goyal
6a2c20e7d8 kexec: support kexec/kdump on EFI systems
This patch does two things.  It passes EFI run time mappings to second
kernel in bootparams efi_info.  Second kernel parse this info and create
new mappings in second kernel.  That means mappings in first and second
kernel will be same.  This paves the way to enable EFI in kexec kernel.

This patch also prepares and passes EFI setup data through bootparams.
This contains bunch of information about various tables and their
addresses.

These information gathering and passing has been written along the lines
of what current kexec-tools is doing to make kexec work with UEFI.

[akpm@linux-foundation.org: s/get_efi/efi_get/g, per Matt]
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Matt Fleming <matt@console-pimps.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Vivek Goyal
dd5f726076 kexec: support for kexec on panic using new system call
This patch adds support for loading a kexec on panic (kdump) kernel usning
new system call.

It prepares ELF headers for memory areas to be dumped and for saved cpu
registers.  Also prepares the memory map for second kernel and limits its
boot to reserved areas only.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Vivek Goyal
27f48d3e63 kexec-bzImage64: support for loading bzImage using 64bit entry
This is loader specific code which can load bzImage and set it up for
64bit entry.  This does not take care of 32bit entry or real mode entry.

32bit mode entry can be implemented if somebody needs it.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:33 -07:00
Vivek Goyal
12db5562e0 kexec: load and relocate purgatory at kernel load time
Load purgatory code in RAM and relocate it based on the location.
Relocation code has been inspired by module relocation code and purgatory
relocation code in kexec-tools.

Also compute the checksums of loaded kexec segments and store them in
purgatory.

Arch independent code provides this functionality so that arch dependent
bootloaders can make use of it.

Helper functions are provided to get/set symbol values in purgatory which
are used by bootloaders later to set things like stack and entry point of
second kernel etc.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
8fc5b4d412 purgatory: core purgatory functionality
Create a stand alone relocatable object purgatory which runs between two
kernels.  This name, concept and some code has been taken from
kexec-tools.  Idea is that this code runs after a crash and it runs in
minimal environment.  So keep it separate from rest of the kernel and in
long term we will have to practically do no maintenance of this code.

This code also has the logic to do verify sha256 hashes of various
segments which have been loaded into memory.  So first we verify that the
kernel we are jumping to is fine and has not been corrupted and make
progress only if checsums are verified.

This code also takes care of copying some memory contents to backup region.

[sfr@canb.auug.org.au: run host built programs from objtree]
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
daeba0641a purgatory/sha256: provide implementation of sha256 in purgaotory context
Next two patches provide code for purgatory.  This is a code which does
not link against the kernel and runs stand alone.  This code runs between
two kernels.  One of the primary purpose of this code is to verify the
digest of newly loaded kernel and making sure it matches the digest
computed at kernel load time.

We use sha256 for calculating digest of kexec segmetns.  Purgatory can't
use stanard crypto API as that API is not available in purgatory context.

Hence, I have copied code from crypto/sha256_generic.c and compiled it
with purgaotry code so that it could be used.  I could not #include
sha256_generic.c file here as some of the function signature requiered
little tweaking.  Original functions work with crypto API but these ones
don't

So instead of doing #include on sha256_generic.c I just copied relevant
portions of code into arch/x86/purgatory/sha256.c.  Now we shouldn't have
to touch this code at all.  Do let me know if there are better ways to
handle it.

This patch does not enable compiling of this code.  That happens in next
patch.  I wanted to highlight this change in a separate patch for easy
review.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
cb1052581e kexec: implementation of new syscall kexec_file_load
Previous patch provided the interface definition and this patch prvides
implementation of new syscall.

Previously segment list was prepared in user space.  Now user space just
passes kernel fd, initrd fd and command line and kernel will create a
segment list internally.

This patch contains generic part of the code.  Actual segment preparation
and loading is done by arch and image specific loader.  Which comes in
next patch.

[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
f0895685c7 kexec: new syscall kexec_file_load() declaration
This is the new syscall kexec_file_load() declaration/interface.  I have
reserved the syscall number only for x86_64 so far.  Other architectures
(including i386) can reserve syscall number when they enable the support
for this new syscall.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
815d5704a3 kexec: make kexec_segment user buffer pointer a union
So far kexec_segment->buf was always a user space pointer as user space
passed the array of kexec_segment structures and kernel copied it.

But with new system call, list of kexec segments will be prepared by
kernel and kexec_segment->buf will point to a kernel memory.

So while I was adding code where I made assumption that ->buf is pointing
to kernel memory, sparse started giving warning.

Make ->buf a union.  And where a user space pointer is expected, access it
using ->buf and where a kernel space pointer is expected, access it using
->kbuf.  That takes care of sparse warnings.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
8c86e70ace resource: provide new functions to walk through resources
I have added two more functions to walk through resources.

Currently walk_system_ram_range() deals with pfn and /proc/iomem can
contain partial pages.  By dealing in pfn, callback function loses the
info that last page of a memory range is a partial page and not the full
page.  So I implemented walk_system_ram_res() which returns u64 values to
callback functions and now it properly return start and end address.

walk_system_ram_range() uses find_next_system_ram() to find the next ram
resource.  This in turn only travels through siblings of top level child
and does not travers through all the nodes of the resoruce tree.  I also
need another function where I can walk through all the resources, for
example figure out where "GART" aperture is.  Figure out where ACPI memory
is.

So I wrote another function walk_iomem_res() which walks through all
/proc/iomem resources and returns matches as asked by caller.  Caller can
specify "name" of resource, start and end and flags.

Got rid of find_next_system_ram_res() and instead implemented more generic
find_next_iomem_res() which can be used to traverse top level children
only based on an argument.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
255aedd90e kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc()
kimage_normal_alloc() and kimage_crash_alloc() are doing lot of similar
things and differ only little.  So instead of having two separate
functions create a common function kimage_alloc_init() and pass it the
"flags" argument which tells whether it is normal kexec or kexec_on_panic.
 And this function should be able to deal with both the cases.

This consolidation also helps later where we can use a common function
kimage_file_alloc_init() to handle normal and crash cases for new file
based kexec syscall.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
dabe78628d kexec: move segment verification code in a separate function
Previously do_kimage_alloc() will allocate a kimage structure, copy
segment list from user space and then do the segment list sanity
verification.

Break down this function in 3 parts.  do_kimage_alloc_init() to do actual
allocation and basic initialization of kimage structure.
copy_user_segment_list() to copy segment list from user space and
sanity_check_segment_list() to verify the sanity of segment list as passed
by user space.

In later patches, I need to only allocate kimage and not copy segment list
from user space.  So breaking down in smaller functions enables re-use of
code at other places.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
7d3e2bca22 kexec: rename unusebale_pages to unusable_pages
Let's use the more common "unusable".

This patch was originally written and posted by Boris. I am including it
in this patch series.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
de5b56ba51 kernel: build bin2c based on config option CONFIG_BUILD_BIN2C
currently bin2c builds only if CONFIG_IKCONFIG=y. But bin2c will now be
used by kexec too.  So make it compilation dependent on CONFIG_BUILD_BIN2C
and this config option can be selected by CONFIG_KEXEC and CONFIG_IKCONFIG.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
Vivek Goyal
8370edea81 bin2c: move bin2c in scripts/basic
This patch series does not do kernel signature verification yet.  I plan
to post another patch series for that.  Now distributions are already
signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
those signatures.

Primary goal of this patchset is to prepare groundwork so that kernel
image can be signed and signatures be verified during kexec load.  This
should help with two things.

- It should allow kexec/kdump on secureboot enabled machines.

- In general it can help even without secureboot. By being able to verify
  kernel image signature in kexec, it should help with avoiding module
  signing restrictions. Matthew Garret showed how to boot into a custom
  kernel, modify first kernel's memory and then jump back to old kernel and
  bypass any policy one wants to.

This patch (of 15):

Kexec wants to use bin2c and it wants to use it really early in the build
process. See arch/x86/purgatory/ code in later patches.

So move bin2c in scripts/basic so that it can be built very early and
be usable by arch/x86/purgatory/

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00
David Herrmann
05f65b5c70 shm: wait for pins to be released when sealing
If we set SEAL_WRITE on a file, we must make sure there cannot be any
ongoing write-operations on the file.  For write() calls, we simply lock
the inode mutex, for mmap() we simply verify there're no writable
mappings.  However, there might be pages pinned by AIO, Direct-IO and
similar operations via GUP.  We must make sure those do not write to the
memfd file after we set SEAL_WRITE.

As there is no way to notify GUP users to drop pages or to wait for them
to be done, we implement the wait ourself: When setting SEAL_WRITE, we
check all pages for their ref-count.  If it's bigger than 1, we know
there's some user of the page.  We then mark the page and wait for up to
150ms for those ref-counts to be dropped.  If the ref-counts are not
dropped in time, we refuse the seal operation.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
David Herrmann
87b2d44026 selftests: add memfd/sealing page-pinning tests
Setting SEAL_WRITE is not possible if there're pending GUP users. This
commit adds selftests for memfd+sealing that use FUSE to create pending
page-references. FUSE is very helpful here in that it allows us to delay
direct-IO operations for an arbitrary amount of time. This way, we can
force the kernel to pin pages and then run our normal selftests.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
David Herrmann
4f5ce5e8d7 selftests: add memfd_create() + sealing tests
Some basic tests to verify sealing on memfds works as expected and
guarantees the advertised semantics.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
David Herrmann
9183df25fe shm: add memfd_create() syscall
memfd_create() is similar to mmap(MAP_ANON), but returns a file-descriptor
that you can pass to mmap().  It can support sealing and avoids any
connection to user-visible mount-points.  Thus, it's not subject to quotas
on mounted file-systems, but can be used like malloc()'ed memory, but with
a file-descriptor to it.

memfd_create() returns the raw shmem file, so calls like ftruncate() can
be used to modify the underlying inode.  Also calls like fstat() will
return proper information and mark the file as regular file.  If you want
sealing, you can specify MFD_ALLOW_SEALING.  Otherwise, sealing is not
supported (like on all other regular files).

Compared to O_TMPFILE, it does not require a tmpfs mount-point and is not
subject to a filesystem size limit.  It is still properly accounted to
memcg limits, though, and to the same overcommit or no-overcommit
accounting as all user memory.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
David Herrmann
40e041a2c8 shm: add sealing API
If two processes share a common memory region, they usually want some
guarantees to allow safe access. This often includes:
  - one side cannot overwrite data while the other reads it
  - one side cannot shrink the buffer while the other accesses it
  - one side cannot grow the buffer beyond previously set boundaries

If there is a trust-relationship between both parties, there is no need
for policy enforcement.  However, if there's no trust relationship (eg.,
for general-purpose IPC) sharing memory-regions is highly fragile and
often not possible without local copies.  Look at the following two
use-cases:

  1) A graphics client wants to share its rendering-buffer with a
     graphics-server. The memory-region is allocated by the client for
     read/write access and a second FD is passed to the server. While
     scanning out from the memory region, the server has no guarantee that
     the client doesn't shrink the buffer at any time, requiring rather
     cumbersome SIGBUS handling.
  2) A process wants to perform an RPC on another process. To avoid huge
     bandwidth consumption, zero-copy is preferred. After a message is
     assembled in-memory and a FD is passed to the remote side, both sides
     want to be sure that neither modifies this shared copy, anymore. The
     source may have put sensible data into the message without a separate
     copy and the target may want to parse the message inline, to avoid a
     local copy.

While SIGBUS handling, POSIX mandatory locking and MAP_DENYWRITE provide
ways to achieve most of this, the first one is unproportionally ugly to
use in libraries and the latter two are broken/racy or even disabled due
to denial of service attacks.

This patch introduces the concept of SEALING.  If you seal a file, a
specific set of operations is blocked on that file forever.  Unlike locks,
seals can only be set, never removed.  Hence, once you verified a specific
set of seals is set, you're guaranteed that no-one can perform the blocked
operations on this file, anymore.

An initial set of SEALS is introduced by this patch:
  - SHRINK: If SEAL_SHRINK is set, the file in question cannot be reduced
            in size. This affects ftruncate() and open(O_TRUNC).
  - GROW: If SEAL_GROW is set, the file in question cannot be increased
          in size. This affects ftruncate(), fallocate() and write().
  - WRITE: If SEAL_WRITE is set, no write operations (besides resizing)
           are possible. This affects fallocate(PUNCH_HOLE), mmap() and
           write().
  - SEAL: If SEAL_SEAL is set, no further seals can be added to a file.
          This basically prevents the F_ADD_SEAL operation on a file and
          can be set to prevent others from adding further seals that you
          don't want.

The described use-cases can easily use these seals to provide safe use
without any trust-relationship:

  1) The graphics server can verify that a passed file-descriptor has
     SEAL_SHRINK set. This allows safe scanout, while the client is
     allowed to increase buffer size for window-resizing on-the-fly.
     Concurrent writes are explicitly allowed.
  2) For general-purpose IPC, both processes can verify that SEAL_SHRINK,
     SEAL_GROW and SEAL_WRITE are set. This guarantees that neither
     process can modify the data while the other side parses it.
     Furthermore, it guarantees that even with writable FDs passed to the
     peer, it cannot increase the size to hit memory-limits of the source
     process (in case the file-storage is accounted to the source).

The new API is an extension to fcntl(), adding two new commands:
  F_GET_SEALS: Return a bitset describing the seals on the file. This
               can be called on any FD if the underlying file supports
               sealing.
  F_ADD_SEALS: Change the seals of a given file. This requires WRITE
               access to the file and F_SEAL_SEAL may not already be set.
               Furthermore, the underlying file must support sealing and
               there may not be any existing shared mapping of that file.
               Otherwise, EBADF/EPERM is returned.
               The given seals are _added_ to the existing set of seals
               on the file. You cannot remove seals again.

The fcntl() handler is currently specific to shmem and disabled on all
files. A file needs to explicitly support sealing for this interface to
work. A separate syscall is added in a follow-up, which creates files that
support sealing. There is no intention to support this on other
file-systems. Semantics are unclear for non-volatile files and we lack any
use-case right now. Therefore, the implementation is specific to shmem.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
David Herrmann
4bb5f5d939 mm: allow drivers to prevent new writable mappings
This patch (of 6):

The i_mmap_writable field counts existing writable mappings of an
address_space.  To allow drivers to prevent new writable mappings, make
this counter signed and prevent new writable mappings if it is negative.
This is modelled after i_writecount and DENYWRITE.

This will be required by the shmem-sealing infrastructure to prevent any
new writable mappings after the WRITE seal has been set.  In case there
exists a writable mapping, this operation will fail with EBUSY.

Note that we rely on the fact that iff you already own a writable mapping,
you can increase the counter without using the helpers.  This is the same
that we do for i_writecount.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Ryan Lortie <desrt@desrt.ca>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Daniel Mack <zonque@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
Joe Perches
935e9f02e7 MAINTAINERS: remove unused NFSD pattern
A series of commits by Christoph Hellwig removed all the files in this
directory, remove the pattern.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
Joe Perches
1db22e8b83 MAINTAINERS: remove unusd ARM/QUALCOMM MSM pattern
Commit 87933a68dce6 ("mfd: pm8921: Remove pm8xxx API now that
sub-devices use regmap") removed the file, remove the pattern.

Signed-off-by: Joe Perches <joe@perches.com>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
Joe Perches
eb231527b5 MAINTAINERS: remove unused radeon drm pattern
Commit 8dcedd7e87f4 ("UAPI: (Scripted) Disintegrate include/drm") moved
the file, remove the pattern.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00
Joe Perches
d656143a1d MAINTAINERS: remove METAG imgdafs pattern
This never made it into the kernel tree.  Remove it.

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:31 -07:00