1. 14 Jul, 2015 20 commits
    • David Howells's avatar
      PKCS#7: Support CMS messages also [RFC5652] · b02df498
      David Howells authored
      Since CMS is an evolution of PKCS#7, with much of the ASN.1 being
      compatible, add support for CMS signed-data messages also [RFC5652 sec 5].
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-By: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      b02df498
    • David Howells's avatar
      X.509: Change recorded SKID & AKID to not include Subject or Issuer · 3453874e
      David Howells authored
      The key identifiers fabricated from an X.509 certificate are currently:
      
       (A) Concatenation of serial number and issuer
      
       (B) Concatenation of subject and subjectKeyID (SKID)
      
      When verifying one X.509 certificate with another, the AKID in the target
      can be used to match the authoritative certificate.  The AKID can specify
      the match in one or both of two ways:
      
       (1) Compare authorityCertSerialNumber and authorityCertIssuer from the AKID
           to identifier (A) above.
      
       (2) Compare keyIdentifier from the AKID plus the issuer from the target
           certificate to identifier (B) above.
      
      When verifying a PKCS#7 message, the only available comparison is between
      the IssuerAndSerialNumber field and identifier (A) above.
      
      However, a subsequent patch adds CMS support.  Whilst CMS still supports a
      match on IssuerAndSerialNumber as for PKCS#7, it also supports an
      alternative - which is the SubjectKeyIdentifier field.  This is used to
      match to an X.509 certificate on the SKID alone.  No subject information is
      available to be used.
      
      To this end change the fabrication of (B) above to be from the X.509 SKID
      alone.  The AKID in keyIdentifier form then only matches on that and does
      not include the issuer.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-By: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      3453874e
    • David Howells's avatar
      ASN.1: Fix handling of CHOICE in ASN.1 compiler · 3e4d28c1
      David Howells authored
      Fix the handling of CHOICE types in the ASN.1 compiler to make SEQUENCE and
      SET elements in a CHOICE be correctly rendered as skippable and conditional
      as appropriate.
      
      For example, in the following ASN.1:
      
      	Foo ::= SEQUENCE { w1 INTEGER, w2 Bar, w3 OBJECT IDENTIFIER }
      	Bar ::= CHOICE {
      		x1 Seq1,
      		x2 [0] IMPLICIT OCTET STRING,
      		x3 Seq2,
      		x4 SET OF INTEGER
      	}
      	Seq1 ::= SEQUENCE { y1 INTEGER, y2 INTEGER, y3 INTEGER }
      	Seq2 ::= SEQUENCE { z1 BOOLEAN, z2 BOOLEAN, z3 BOOLEAN }
      
      the output in foo.c generated by:
      
      	./scripts/asn1_compiler foo.asn1 foo.c foo.h
      
      included:
      
      	// Bar
      	// Seq1
      	[   4] =  ASN1_OP_MATCH,
      	[   5] =  _tag(UNIV, CONS, SEQ),
      	...
      	[  13] =  ASN1_OP_COND_MATCH_OR_SKIP,		// x2
      	[  14] =  _tagn(CONT, PRIM,  0),
      	// Seq2
      	[  15] =  ASN1_OP_MATCH,
      	[  16] =  _tag(UNIV, CONS, SEQ),
      	...
      	[  24] =  ASN1_OP_COND_MATCH_JUMP_OR_SKIP,		// x4
      	[  25] =  _tag(UNIV, CONS, SET),
      	...
      	[  27] =  ASN1_OP_COND_FAIL,
      
      as a result of the CHOICE - but this is wrong on lines 4 and 15 because
      both of these should be skippable (one and only one of the four can be
      picked) and the one on line 15 should also be conditional so that it is
      ignored if anything before it matches.
      
      After the patch, it looks like:
      
      	// Bar
      	// Seq1
      	[   4] =  ASN1_OP_MATCH_JUMP_OR_SKIP,		// x1
      	[   5] =  _tag(UNIV, CONS, SEQ),
      	...
      	[   7] =  ASN1_OP_COND_MATCH_OR_SKIP,		// x2
      	[   8] =  _tagn(CONT, PRIM,  0),
      	// Seq2
      	[   9] =  ASN1_OP_COND_MATCH_JUMP_OR_SKIP,		// x3
      	[  10] =  _tag(UNIV, CONS, SEQ),
      	...
      	[  12] =  ASN1_OP_COND_MATCH_JUMP_OR_SKIP,		// x4
      	[  13] =  _tag(UNIV, CONS, SET),
      	...
      	[  15] =  ASN1_OP_COND_FAIL,
      
      where all four options are skippable and the second, third and fourth are
      all conditional, as is the backstop at the end.
      
      This hasn't been a problem so far because in the ASN.1 specs we have are
      either using primitives or are using SET OF and SEQUENCE OF which are
      handled correctly.
      
      Whilst we're at it, also make sure that element labels get included in
      comments in the output for elements that have complex types.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-By: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      3e4d28c1
    • David Howells's avatar
      ASN.1: Add an ASN.1 compiler option to dump the element tree · ad547acd
      David Howells authored
      Add an ASN.1 compiler option to dump the element tree to stdout.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-By: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      ad547acd
    • David Howells's avatar
      PKCS#7: Check content type and versions · 396881cc
      David Howells authored
      We only support PKCS#7 signed-data [RFC2315 sec 9] content at the top level,
      so reject anything else.  Further, check that the version numbers in
      SignedData and SignerInfo are 1 in both cases.
      
      Note that we don't restrict the inner content type.  In the PKCS#7 code we
      don't parse the data attached there, but merely verify the signature over
      it.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-By: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      396881cc
    • David Woodhouse's avatar
      modsign: Add explicit CONFIG_SYSTEM_TRUSTED_KEYS option · 21993e70
      David Woodhouse authored
      Let the user explicitly provide a file containing trusted keys, instead of
      just automatically finding files matching *.x509 in the build tree and
      trusting whatever we find. This really ought to be an *explicit*
      configuration, and the build rules for dealing with the files were
      fairly painful too.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      21993e70
    • David Woodhouse's avatar
      modsign: Use single PEM file for autogenerated key · 734d38af
      David Woodhouse authored
      The current rule for generating signing_key.priv and signing_key.x509 is
      a classic example of a bad rule which has a tendency to break parallel
      make. When invoked to create *either* target, it generates the other
      target as a side-effect that make didn't predict.
      
      So let's switch to using a single file signing_key.pem which contains
      both key and certificate. That matches what we do in the case of an
      external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
      slightly cleaner.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      734d38af
    • David Woodhouse's avatar
      modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed · c2984474
      David Woodhouse authored
      Where an external PEM file or PKCS#11 URI is given, we can get the cert
      from it for ourselves instead of making the user drop signing_key.x509
      in place for us.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      c2984474
    • David Woodhouse's avatar
    • David Woodhouse's avatar
      modsign: Allow signing key to be PKCS#11 · aa939372
      David Woodhouse authored
      This is only the key; the corresponding *cert* still needs to be in
      $(topdir)/signing_key.x509. And there's no way to actually use this
      from the build system yet.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      aa939372
    • David Woodhouse's avatar
      modsign: Allow password to be specified for signing key · e9661b72
      David Woodhouse authored
      We don't want this in the Kconfig since it might then get exposed in
      /proc/config.gz. So make it a parameter to Kbuild instead. This also
      means we don't have to jump through hoops to strip quotes from it, as
      we would if it was a config option.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      e9661b72
    • David Woodhouse's avatar
    • David Howells's avatar
      MODSIGN: Extract the blob PKCS#7 signature verifier from module signing · 51fcf616
      David Howells authored
      Extract the function that drives the PKCS#7 signature verification given a
      data blob and a PKCS#7 blob out from the module signing code and lump it with
      the system keyring code as it's generic.  This makes it independent of module
      config options and opens it to use by the firmware loader.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Ming Lei <ming.lei@canonical.com>
      Cc: Seth Forshee <seth.forshee@canonical.com>
      Cc: Kyle McMartin <kyle@kernel.org>
      51fcf616
    • David Howells's avatar
      system_keyring.c doesn't need to #include module-internal.h · 69ff9367
      David Howells authored
      system_keyring.c doesn't need to #include module-internal.h as it doesn't use
      the one thing that exports.  Remove the inclusion.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      69ff9367
    • Luis R. Rodriguez's avatar
      sign-file: Add option to only create signature file · de7ee5d8
      Luis R. Rodriguez authored
      Make the -d option (which currently isn't actually wired to anything) write
      out the PKCS#7 message as per the -p option and then exit without either
      modifying the source or writing out a compound file of the source, signature
      and metadata.
      
      This will be useful when firmware signature support is added
      upstream as firmware will be left intact, and we'll only require
      the signature file. The descriptor is implicit by file extension
      and the file's own size.
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      de7ee5d8
    • David Howells's avatar
      MODSIGN: Use PKCS#7 messages as module signatures · cde942c1
      David Howells authored
      Move to using PKCS#7 messages as module signatures because:
      
       (1) We have to be able to support the use of X.509 certificates that don't
           have a subjKeyId set.  We're currently relying on this to look up the
           X.509 certificate in the trusted keyring list.
      
       (2) PKCS#7 message signed information blocks have a field that supplies the
           data required to match with the X.509 certificate that signed it.
      
       (3) The PKCS#7 certificate carries fields that specify the digest algorithm
           used to generate the signature in a standardised way and the X.509
           certificates specify the public key algorithm in a standardised way - so
           we don't need our own methods of specifying these.
      
       (4) We now have PKCS#7 message support in the kernel for signed kexec purposes
           and we can make use of this.
      
      To make this work, the old sign-file script has been replaced with a program
      that needs compiling in a previous patch.  The rules to build it are added
      here.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      cde942c1
    • David Howells's avatar
      MODSIGN: Provide a utility to append a PKCS#7 signature to a module · 563a71dc
      David Howells authored
      Provide a utility that:
      
       (1) Digests a module using the specified hash algorithm (typically sha256).
      
           [The digest can be dumped into a file by passing the '-d' flag]
      
       (2) Generates a PKCS#7 message that:
      
           (a) Has detached data (ie. the module content).
      
           (b) Is signed with the specified private key.
      
           (c) Refers to the specified X.509 certificate.
      
           (d) Has an empty X.509 certificate list.
      
           [The PKCS#7 message can be dumped into a file by passing the '-p' flag]
      
       (3) Generates a signed module by concatenating the old module, the PKCS#7
           message, a descriptor and a magic string.  The descriptor contains the
           size of the PKCS#7 message and indicates the id_type as PKEY_ID_PKCS7.
      
       (4) Either writes the signed module to the specified destination or renames
           it over the source module.
      
      This allows module signing to reuse the PKCS#7 handling code that was added
      for PE file parsing for signed kexec.
      
      Note that the utility is written in C and must be linked against the OpenSSL
      crypto library.
      
      Note further that I have temporarily dropped support for handling externally
      created signatures until we can work out the best way to do those.  Hopefully,
      whoever creates the signature can give me a PKCS#7 certificate.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      563a71dc
    • David Howells's avatar
      PKCS#7: Allow detached data to be supplied for signature checking purposes · 02373d52
      David Howells authored
      It is possible for a PKCS#7 message to have detached data.  However, to verify
      the signatures on a PKCS#7 message, we have to be able to digest the data.
      Provide a function to supply that data.  An error is given if the PKCS#7
      message included embedded data.
      
      This is used in a subsequent patch to supply the data to module signing where
      the signature is in the form of a PKCS#7 message with detached data, whereby
      the detached data is the module content that is signed.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      02373d52
    • David Howells's avatar
      X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier · 942223eb
      David Howells authored
      If an X.509 certificate has an AuthorityKeyIdentifier extension that provides
      an issuer and serialNumber, then make it so that these are used in preference
      to the keyIdentifier field also held therein for searching for the signing
      certificate.
      
      If both the issuer+serialNumber and the keyIdentifier are supplied, then the
      certificate is looked up by the former but the latter is checked as well.  If
      the latter doesn't match the subjectKeyIdentifier of the parent certificate,
      EKEYREJECTED is returned.
      
      This makes it possible to chain X.509 certificates based on the issuer and
      serialNumber fields rather than on subjectKeyIdentifier.  This is necessary as
      we are having to deal with keys that are represented by X.509 certificates
      that lack a subjectKeyIdentifier.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      942223eb
    • David Howells's avatar
      X.509: Extract both parts of the AuthorityKeyIdentifier · 16a54420
      David Howells authored
      Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier,
      as the second part can be used to match X.509 certificates by issuer and
      serialNumber.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      16a54420
  2. 13 Jul, 2015 3 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · f760b87f
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Missing list head init in bluetooth hidp session creation, from Tedd
          Ho-Jeong An.
      
       2) Don't leak SKB in bridge netfilter error paths, from Florian
          Westphal.
      
       3) ipv6 netdevice private leak in netfilter bridging, fixed by Julien
          Grall.
      
       4) Fix regression in IP over hamradio bpq encapsulation, from Ralf
          Baechle.
      
       5) Fix race between rhashtable resize events and table walks, from Phil
          Sutter.
      
       6) Missing validation of IFLA_VF_INFO netlink attributes, fix from
          Daniel Borkmann.
      
       7) Missing security layer socket state initialization in tipc code,
          from Stephen Smalley.
      
       8) Fix shared IRQ handling in boomerang 3c59x interrupt handler, from
          Denys Vlasenko.
      
       9) Missing minor_idr destroy on module unload on macvtap driver, from
          Johannes Thumshirn.
      
      10) Various pktgen kernel thread races, from Oleg Nesterov.
      
      11) Fix races that can cause packets to be processed in the backlog even
          after a device attached to that SKB has been fully unregistered.
          From Julian Anastasov.
      
      12) bcmgenet driver doesn't account packet drops vs.  errors properly,
          fix from Petri Gynther.
      
      13) Array index validation and off by one fix in DSA layer from Florian
          Fainelli
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (66 commits)
        can: replace timestamp as unique skb attribute
        ARM: dts: dra7x-evm: Prevent glitch on DCAN1 pinmux
        can: c_can: Fix default pinmux glitch at init
        can: rcar_can: unify error messages
        can: rcar_can: print request_irq() error code
        can: rcar_can: fix typo in error message
        can: rcar_can: print signed IRQ #
        can: rcar_can: fix IRQ check
        net: dsa: Fix off-by-one in switch address parsing
        net: dsa: Test array index before use
        net: switchdev: don't abort unsupported operations
        net: bcmgenet: fix accounting of packet drops vs errors
        cdc_ncm: update specs URL
        Doc: z8530book: Fix typo in API-z8530-sync-txdma-open.html
        net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets
        bridge: mdb: allow the user to delete mdb entry if there's a querier
        net: call rcu_read_lock early in process_backlog
        net: do not process device backlog during unregistration
        bridge: fix potential crash in __netdev_pick_tx()
        net: axienet: Fix devm_ioremap_resource return value check
        ...
      f760b87f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 34bef46e
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a duplicate dma_unmap_sg call in omap-des and reentrancy
        bugs in the powerpc nx driver which may cause bogus output or worse
        memory corruption"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: nx - Fix reentrancy bugs
        crypto: omap-des - Fix unmapping of dma channels
      34bef46e
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.2-20150712' of... · cee9f6d0
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.2-20150712' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2015-07-12
      
      this is a pull request of 8 patchs for net/master.
      
      Sergei Shtylyov contributes 5 patches for the rcar_can driver, fixing the IRQ
      check and several info and error messages. There are two patches by J.D.
      Schroeder and Roger Quadros for the c_can driver and dra7x-evm device tree,
      which precent a glitch in the DCAN1 pinmux. Oliver Hartkopp provides a better
      approach to make the CAN skbs unique, the timestamp is replaced by a counter.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cee9f6d0
  3. 12 Jul, 2015 17 commits
    • Linus Torvalds's avatar
      Linux 4.2-rc2 · bc0195aa
      Linus Torvalds authored
      bc0195aa
    • Linus Torvalds's avatar
      Revert "drm/i915: Use crtc_state->active in primary check_plane func" · 01e2d062
      Linus Torvalds authored
      This reverts commit dec4f799.
      
      Jörg Otte reports a NULL pointder dereference due to this commit, as
      'crtc_state' very much can be NULL:
      
              crtc_state = state->base.state ?
                      intel_atomic_get_crtc_state(state->base.state, intel_crtc) : NULL;
      
      So the change to test 'crtc_state->base.active' cannot possibly be
      correct as-is.
      
      There may be some other minimal fix (like just checking crtc_state for
      NULL), but I'm just reverting it now for the rc2 release, and people
      like Daniel Vetter who actually know this code will figure out what the
      right solution is in the longer term.
      Reported-and-bisected-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Cc: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
      Cc: Jani Nikula <jani.nikula@linux.intel.com>
      Cc: Daniel Vetter <daniel.vetter@intel.com>
      CC: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01e2d062
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · c83727a6
      Linus Torvalds authored
      Pull VFS fixes from Al Viro:
       "Fixes for this cycle regression in overlayfs and a couple of
        long-standing (== all the way back to 2.6.12, at least) bugs"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        freeing unlinked file indefinitely delayed
        fix a braino in ovl_d_select_inode()
        9p: don't leave a half-initialized inode sitting around
      c83727a6
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 7fbb58a0
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "A fair number of 4.2 fixes also because Markos opened the flood gates.
      
         - Patch up the math used calculate the location for the page bitmap.
      
         - The FDC (Not what you think, FDC stands for Fast Debug Channel) IRQ
           around was causing issues on non-Malta platforms, so move the code
           to a Malta specific location.
      
         - A spelling fix replicated through several files.
      
         - Fix to the emulation of an R2 instruction for R6 cores.
      
         - Fix the JR emulation for R6.
      
         - Further patching of mindless 64 bit issues.
      
         - Ensure the kernel won't crash on CPUs with L2 caches with >= 8
           ways.
      
         - Use compat_sys_getsockopt for O32 ABI on 64 bit kernels.
      
         - Fix cache flushing for multithreaded cores.
      
         - A build fix"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: O32: Use compat_sys_getsockopt.
        MIPS: c-r4k: Extend way_string array
        MIPS: Pistachio: Support CDMM & Fast Debug Channel
        MIPS: Malta: Make GIC FDC IRQ workaround Malta specific
        MIPS: c-r4k: Fix cache flushing for MT cores
        Revert "MIPS: Kconfig: Disable SMP/CPS for 64-bit"
        MIPS: cps-vec: Use macros for various arithmetics and memory operations
        MIPS: kernel: cps-vec: Replace KSEG0 with CKSEG0
        MIPS: kernel: cps-vec: Use ta0-ta3 pseudo-registers for 64-bit
        MIPS: kernel: cps-vec: Replace mips32r2 ISA level with mips64r2
        MIPS: kernel: cps-vec: Replace 'la' macro with PTR_LA
        MIPS: kernel: smp-cps: Fix 64-bit compatibility errors due to pointer casting
        MIPS: Fix erroneous JR emulation for MIPS R6
        MIPS: Fix branch emulation for BLTC and BGEC instructions
        MIPS: kernel: traps: Fix broken indentation
        MIPS: bootmem: Don't use memory holes for page bitmap
        MIPS: O32: Do not handle require 32 bytes from the stack to be readable.
        MIPS, CPUFREQ: Fix spelling of Institute.
        MIPS: Lemote 2F: Fix build caused by recent mass rename.
      7fbb58a0
    • Oliver Hartkopp's avatar
      can: replace timestamp as unique skb attribute · d3b58c47
      Oliver Hartkopp authored
      Commit 514ac99c "can: fix multiple delivery of a single CAN frame for
      overlapping CAN filters" requires the skb->tstamp to be set to check for
      identical CAN skbs.
      
      Without timestamping to be required by user space applications this timestamp
      was not generated which lead to commit 36c01245 "can: fix loss of CAN frames
      in raw_rcv" - which forces the timestamp to be set in all CAN related skbuffs
      by introducing several __net_timestamp() calls.
      
      This forces e.g. out of tree drivers which are not using alloc_can{,fd}_skb()
      to add __net_timestamp() after skbuff creation to prevent the frame loss fixed
      in mainline Linux.
      
      This patch removes the timestamp dependency and uses an atomic counter to
      create an unique identifier together with the skbuff pointer.
      
      Btw: the new skbcnt element introduced in struct can_skb_priv has to be
      initialized with zero in out-of-tree drivers which are not using
      alloc_can{,fd}_skb() too.
      Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d3b58c47
    • Roger Quadros's avatar
      ARM: dts: dra7x-evm: Prevent glitch on DCAN1 pinmux · 2acb5c30
      Roger Quadros authored
      Driver core sets "default" pinmux on on probe and CAN driver
      sets "sleep" pinmux during register. This causes a small window
      where the CAN pins are in "default" state with the DCAN module
      being disabled.
      
      Change the "default" state to be like sleep so this glitch is
      avoided. Add a new "active" state that is used by the driver
      when CAN is actually active.
      Signed-off-by: default avatarRoger Quadros <rogerq@ti.com>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      2acb5c30
    • J.D. Schroeder's avatar
      can: c_can: Fix default pinmux glitch at init · 03336519
      J.D. Schroeder authored
      The previous change 3973c526 (net: can: c_can: Disable pins when CAN
      interface is down) causes a slight glitch on the pinctrl settings when used.
      Since commit ab78029e (drivers/pinctrl: grab default handles from device core),
      the device core will automatically set the default pins. This causes the pins
      to be momentarily set to the default and then to the sleep state in
      register_c_can_dev(). By adding an optional "enable" state, boards can set the
      default pin state to be disabled and avoid the glitch when the switch from
      default to sleep first occurs. If the "enable" state is not available
      c_can_pinctrl_select_state() falls back to using the "default" pinctrl state.
      
      [Roger Q] - Forward port to v4.2 and use pinctrl_get_select().
      Signed-off-by: default avatarJ.D. Schroeder <jay.schroeder@garmin.com>
      Signed-off-by: default avatarRoger Quadros <rogerq@ti.com>
      Reviewed-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      03336519
    • Sergei Shtylyov's avatar
      can: rcar_can: unify error messages · 585bc2ac
      Sergei Shtylyov authored
      All the error messages in the driver but  the ones from devm_clk_get() failures
      use similar format.  Make those  two messages consitent with others.
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      585bc2ac
    • Sergei Shtylyov's avatar
      can: rcar_can: print request_irq() error code · ae185f19
      Sergei Shtylyov authored
      Also print the error code when the request_irq() call fails in rcar_can_open(),
      rewording  the error message...
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      ae185f19
    • Sergei Shtylyov's avatar
      can: rcar_can: fix typo in error message · 3255f68c
      Sergei Shtylyov authored
      Fix typo in the first error message printed by rcar_can_open().
      
      Based on the original patch by Vladimir Barinov.
      
      Fixes: 862e2b6a ("can: rcar_can: support all input clocks")
      Reported-by: default avatarVladimir Barinov <vladimir.barinov@cogentembedded.com>
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      3255f68c
    • Sergei Shtylyov's avatar
      can: rcar_can: print signed IRQ # · c1a4c87b
      Sergei Shtylyov authored
      Printing IRQ # using "%x" and "%u" unsigned formats isn't quite correct as
      'ndev->irq' is of  type *int*, so  the "%d" format  needs to be used instead.
      
      While fixing this, beautify the dev_info() message in rcar_can_probe() a bit.
      
      Fixes: fd115931 ("can: add Renesas R-Car CAN driver")
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      c1a4c87b
    • Sergei Shtylyov's avatar
      can: rcar_can: fix IRQ check · 5e63e6ba
      Sergei Shtylyov authored
      rcar_can_probe() regards 0 as a wrong IRQ #, despite platform_get_irq() that it
      calls returns negative error code in that case. This leads to the following
      being printed to the console when attempting to open the device:
      
      error requesting interrupt fffffffa
      
      because  rcar_can_open() calls request_irq() with a negative IRQ #, and that
      function naturally fails with -EINVAL.
      
      Check for the negative error codes instead and propagate them upstream instead
      of just returning -ENODEV.
      
      Fixes: fd115931 ("can: add Renesas R-Car CAN driver")
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      5e63e6ba
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1daa1cfb
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - the high latency PIT detection fix, which slipped through the cracks
         for rc1
      
       - a regression fix for the early printk mechanism
      
       - the x86 part to plug irq/vector related hotplug races
      
       - move the allocation of the espfix pages on cpu hotplug to non atomic
         context.  The current code triggers a might_sleep() warning.
      
       - a series of KASAN fixes addressing boot crashes and usability
      
       - a trivial typo fix for Kconfig help text
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/kconfig: Fix typo in the CONFIG_CMDLINE_BOOL help text
        x86/irq: Retrieve irq data after locking irq_desc
        x86/irq: Use proper locking in check_irq_vectors_for_cpu_disable()
        x86/irq: Plug irq vector hotplug race
        x86/earlyprintk: Allow early_printk() to use console style parameters like '115200n8'
        x86/espfix: Init espfix on the boot CPU side
        x86/espfix: Add 'cpu' parameter to init_espfix_ap()
        x86/kasan: Move KASAN_SHADOW_OFFSET to the arch Kconfig
        x86/kasan: Add message about KASAN being initialized
        x86/kasan: Fix boot crash on AMD processors
        x86/kasan: Flush TLBs after switching CR3
        x86/kasan: Fix KASAN shadow region page tables
        x86/init: Clear 'init_level4_pgt' earlier
        x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate()
      1daa1cfb
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7b732169
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "This update from the timer departement contains:
      
         - A series of patches which address a shortcoming in the tick
           broadcast code.
      
           If the broadcast device is not available or an hrtimer emulated
           broadcast device, some of the original assumptions lead to boot
           failures.  I rather plugged all of the corner cases instead of only
           addressing the issue reported, so the change got a little larger.
      
           Has been extensivly tested on x86 and arm.
      
         - Get rid of the last holdouts using do_posix_clock_monotonic_gettime()
      
         - A regression fix for the imx clocksource driver
      
         - An update to the new state callbacks mechanism for clockevents.
           This is required to simplify the conversion, which will take place
           in 4.3"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tick/broadcast: Prevent NULL pointer dereference
        time: Get rid of do_posix_clock_monotonic_gettime
        cris: Replace do_posix_clock_monotonic_gettime()
        tick/broadcast: Unbreak CONFIG_GENERIC_CLOCKEVENTS=n build
        tick/broadcast: Handle spurious interrupts gracefully
        tick/broadcast: Check for hrtimer broadcast active early
        tick/broadcast: Return busy when IPI is pending
        tick/broadcast: Return busy if periodic mode and hrtimer broadcast
        tick/broadcast: Move the check for periodic mode inside state handling
        tick/broadcast: Prevent deep idle if no broadcast device available
        tick/broadcast: Make idle check independent from mode and config
        tick/broadcast: Sanity check the shutdown of the local clock_event
        tick/broadcast: Prevent hrtimer recursion
        clockevents: Allow set-state callbacks to be optional
        clocksource/imx: Define clocksource for mx27
      7b732169
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c4bc680c
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for a cpu hotplug race vs. interrupt descriptors:
      
        Prevent irq setup/teardown across the cpu starting/dying parts of cpu
        hotplug so that the starting/dying cpu has a stable view of the
        descriptor space.  This has been an issue for all architectures in the
        cpu dying phase, where interrupts are migrated away from the dying
        cpu.  In the starting phase its mostly a x86 issue vs the vector space
        update"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        hotplug: Prevent alloc/free of irq descriptors during cpu up/down
      c4bc680c
    • Al Viro's avatar
      freeing unlinked file indefinitely delayed · 75a6f82a
      Al Viro authored
      	Normally opening a file, unlinking it and then closing will have
      the inode freed upon close() (provided that it's not otherwise busy and
      has no remaining links, of course).  However, there's one case where that
      does *not* happen.  Namely, if you open it by fhandle with cold dcache,
      then unlink() and close().
      
      	In normal case you get d_delete() in unlink(2) notice that dentry
      is busy and unhash it; on the final dput() it will be forcibly evicted from
      dcache, triggering iput() and inode removal.  In this case, though, we end
      up with *two* dentries - disconnected (created by open-by-fhandle) and
      regular one (used by unlink()).  The latter will have its reference to inode
      dropped just fine, but the former will not - it's considered hashed (it
      is on the ->s_anon list), so it will stay around until the memory pressure
      will finally do it in.  As the result, we have the final iput() delayed
      indefinitely.  It's trivial to reproduce -
      
      void flush_dcache(void)
      {
              system("mount -o remount,rw /");
      }
      
      static char buf[20 * 1024 * 1024];
      
      main()
      {
              int fd;
              union {
                      struct file_handle f;
                      char buf[MAX_HANDLE_SZ];
              } x;
              int m;
      
              x.f.handle_bytes = sizeof(x);
              chdir("/root");
              mkdir("foo", 0700);
              fd = open("foo/bar", O_CREAT | O_RDWR, 0600);
              close(fd);
              name_to_handle_at(AT_FDCWD, "foo/bar", &x.f, &m, 0);
              flush_dcache();
              fd = open_by_handle_at(AT_FDCWD, &x.f, O_RDWR);
              unlink("foo/bar");
              write(fd, buf, sizeof(buf));
              system("df .");			/* 20Mb eaten */
              close(fd);
              system("df .");			/* should've freed those 20Mb */
              flush_dcache();
              system("df .");			/* should be the same as #2 */
      }
      
      will spit out something like
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 283282     21692  93% /
      - inode gets freed only when dentry is finally evicted (here we trigger
      than by remount; normally it would've happened in response to memory
      pressure hell knows when).
      
      Cc: stable@vger.kernel.org # v2.6.38+; earlier ones need s/kill_it/unhash_it/
      Acked-by: default avatarJ. Bruce Fields <bfields@fieldses.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      75a6f82a
    • Al Viro's avatar
      fix a braino in ovl_d_select_inode() · 9391dd00
      Al Viro authored
      when opening a directory we want the overlayfs inode, not one from
      the topmost layer.
      Reported-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Tested-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      9391dd00