1. 13 Nov, 2013 40 commits
    • Li Zhong's avatar
      fix unpaired rcu lock in prepend_path() · 4ec6c2ae
      Li Zhong authored
      Signed-off-by: default avatarLi Zhong <zhong@linux.vnet.ibm.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      4ec6c2ae
    • Dan Carpenter's avatar
      locks: missing unlock on error in generic_add_lease() · 4fdb793f
      Dan Carpenter authored
      We should unlock here before returning.
      
      Fixes: df4e8d2c ('locks: implement delegations')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      4fdb793f
    • Dan Carpenter's avatar
      aio: checking for NULL instead of IS_ERR · 7f62656b
      Dan Carpenter authored
      alloc_anon_inode() returns an ERR_PTR(), it doesn't return NULL.
      
      Fixes: 71ad7490 ('rework aio migrate pages to use aio fs')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      7f62656b
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · 42a2d923
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) The addition of nftables.  No longer will we need protocol aware
          firewall filtering modules, it can all live in userspace.
      
          At the core of nftables is a, for lack of a better term, virtual
          machine that executes byte codes to inspect packet or metadata
          (arriving interface index, etc.) and make verdict decisions.
      
          Besides support for loading packet contents and comparing them, the
          interpreter supports lookups in various datastructures as
          fundamental operations.  For example sets are supports, and
          therefore one could create a set of whitelist IP address entries
          which have ACCEPT verdicts attached to them, and use the appropriate
          byte codes to do such lookups.
      
          Since the interpreted code is composed in userspace, userspace can
          do things like optimize things before giving it to the kernel.
      
          Another major improvement is the capability of atomically updating
          portions of the ruleset.  In the existing netfilter implementation,
          one has to update the entire rule set in order to make a change and
          this is very expensive.
      
          Userspace tools exist to create nftables rules using existing
          netfilter rule sets, but both kernel implementations will need to
          co-exist for quite some time as we transition from the old to the
          new stuff.
      
          Kudos to Patrick McHardy, Pablo Neira Ayuso, and others who have
          worked so hard on this.
      
       2) Daniel Borkmann and Hannes Frederic Sowa made several improvements
          to our pseudo-random number generator, mostly used for things like
          UDP port randomization and netfitler, amongst other things.
      
          In particular the taus88 generater is updated to taus113, and test
          cases are added.
      
       3) Support 64-bit rates in HTB and TBF schedulers, from Eric Dumazet
          and Yang Yingliang.
      
       4) Add support for new 577xx tigon3 chips to tg3 driver, from Nithin
          Sujir.
      
       5) Fix two fatal flaws in TCP dynamic right sizing, from Eric Dumazet,
          Neal Cardwell, and Yuchung Cheng.
      
       6) Allow IP_TOS and IP_TTL to be specified in sendmsg() ancillary
          control message data, much like other socket option attributes.
          From Francesco Fusco.
      
       7) Allow applications to specify a cap on the rate computed
          automatically by the kernel for pacing flows, via a new
          SO_MAX_PACING_RATE socket option.  From Eric Dumazet.
      
       8) Make the initial autotuned send buffer sizing in TCP more closely
          reflect actual needs, from Eric Dumazet.
      
       9) Currently early socket demux only happens for TCP sockets, but we
          can do it for connected UDP sockets too.  Implementation from Shawn
          Bohrer.
      
      10) Refactor inet socket demux with the goal of improving hash demux
          performance for listening sockets.  With the main goals being able
          to use RCU lookups on even request sockets, and eliminating the
          listening lock contention.  From Eric Dumazet.
      
      11) The bonding layer has many demuxes in it's fast path, and an RCU
          conversion was started back in 3.11, several changes here extend the
          RCU usage to even more locations.  From Ding Tianhong and Wang
          Yufen, based upon suggestions by Nikolay Aleksandrov and Veaceslav
          Falico.
      
      12) Allow stackability of segmentation offloads to, in particular, allow
          segmentation offloading over tunnels.  From Eric Dumazet.
      
      13) Significantly improve the handling of secret keys we input into the
          various hash functions in the inet hashtables, TCP fast open, as
          well as syncookies.  From Hannes Frederic Sowa.  The key fundamental
          operation is "net_get_random_once()" which uses static keys.
      
          Hannes even extended this to ipv4/ipv6 fragmentation handling and
          our generic flow dissector.
      
      14) The generic driver layer takes care now to set the driver data to
          NULL on device removal, so it's no longer necessary for drivers to
          explicitly set it to NULL any more.  Many drivers have been cleaned
          up in this way, from Jingoo Han.
      
      15) Add a BPF based packet scheduler classifier, from Daniel Borkmann.
      
      16) Improve CRC32 interfaces and generic SKB checksum iterators so that
          SCTP's checksumming can more cleanly be handled.  Also from Daniel
          Borkmann.
      
      17) Add a new PMTU discovery mode, IP_PMTUDISC_INTERFACE, which forces
          using the interface MTU value.  This helps avoid PMTU attacks,
          particularly on DNS servers.  From Hannes Frederic Sowa.
      
      18) Use generic XPS for transmit queue steering rather than internal
          (re-)implementation in virtio-net.  From Jason Wang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1622 commits)
        random32: add test cases for taus113 implementation
        random32: upgrade taus88 generator to taus113 from errata paper
        random32: move rnd_state to linux/random.h
        random32: add prandom_reseed_late() and call when nonblocking pool becomes initialized
        random32: add periodic reseeding
        random32: fix off-by-one in seeding requirement
        PHY: Add RTL8201CP phy_driver to realtek
        xtsonic: add missing platform_set_drvdata() in xtsonic_probe()
        macmace: add missing platform_set_drvdata() in mace_probe()
        ethernet/arc/arc_emac: add missing platform_set_drvdata() in arc_emac_probe()
        ipv6: protect for_each_sk_fl_rcu in mem_check with rcu_read_lock_bh
        vlan: Implement vlan_dev_get_egress_qos_mask as an inline.
        ixgbe: add warning when max_vfs is out of range.
        igb: Update link modes display in ethtool
        netfilter: push reasm skb through instead of original frag skbs
        ip6_output: fragment outgoing reassembled skb properly
        MAINTAINERS: mv643xx_eth: take over maintainership from Lennart
        net_sched: tbf: support of 64bit rates
        ixgbe: deleting dfwd stations out of order can cause null ptr deref
        ixgbe: fix build err, num_rx_queues is only available with CONFIG_RPS
        ...
      42a2d923
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew Morton) · 5cbb3d21
      Linus Torvalds authored
      Merge first patch-bomb from Andrew Morton:
       "Quite a lot of other stuff is banked up awaiting further
        next->mainline merging, but this batch contains:
      
         - Lots of random misc patches
         - OCFS2
         - Most of MM
         - backlight updates
         - lib/ updates
         - printk updates
         - checkpatch updates
         - epoll tweaking
         - rtc updates
         - hfs
         - hfsplus
         - documentation
         - procfs
         - update gcov to gcc-4.7 format
         - IPC"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (269 commits)
        ipc, msg: fix message length check for negative values
        ipc/util.c: remove unnecessary work pending test
        devpts: plug the memory leak in kill_sb
        ./Makefile: export initial ramdisk compression config option
        init/Kconfig: add option to disable kernel compression
        drivers: w1: make w1_slave::flags long to avoid memory corruption
        drivers/w1/masters/ds1wm.cuse dev_get_platdata()
        drivers/memstick/core/ms_block.c: fix unreachable state in h_msb_read_page()
        drivers/memstick/core/mspro_block.c: fix attributes array allocation
        drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr
        kernel/panic.c: reduce 1 byte usage for print tainted buffer
        gcov: reuse kbasename helper
        kernel/gcov/fs.c: use pr_warn()
        kernel/module.c: use pr_foo()
        gcov: compile specific gcov implementation based on gcc version
        gcov: add support for gcc 4.7 gcov format
        gcov: move gcov structs definitions to a gcc version specific file
        kernel/taskstats.c: return -ENOMEM when alloc memory fails in add_del_listener()
        kernel/taskstats.c: add nla_nest_cancel() for failure processing between nla_nest_start() and nla_nest_end()
        kernel/sysctl_binary.c: use scnprintf() instead of snprintf()
        ...
      5cbb3d21
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 9bc9ccd7
      Linus Torvalds authored
      Pull vfs updates from Al Viro:
       "All kinds of stuff this time around; some more notable parts:
      
         - RCU'd vfsmounts handling
         - new primitives for coredump handling
         - files_lock is gone
         - Bruce's delegations handling series
         - exportfs fixes
      
        plus misc stuff all over the place"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (101 commits)
        ecryptfs: ->f_op is never NULL
        locks: break delegations on any attribute modification
        locks: break delegations on link
        locks: break delegations on rename
        locks: helper functions for delegation breaking
        locks: break delegations on unlink
        namei: minor vfs_unlink cleanup
        locks: implement delegations
        locks: introduce new FL_DELEG lock flag
        vfs: take i_mutex on renamed file
        vfs: rename I_MUTEX_QUOTA now that it's not used for quotas
        vfs: don't use PARENT/CHILD lock classes for non-directories
        vfs: pull ext4's double-i_mutex-locking into common code
        exportfs: fix quadratic behavior in filehandle lookup
        exportfs: better variable name
        exportfs: move most of reconnect_path to helper function
        exportfs: eliminate unused "noprogress" counter
        exportfs: stop retrying once we race with rename/remove
        exportfs: clear DISCONNECTED on all parents sooner
        exportfs: more detailed comment for path_reconnect
        ...
      9bc9ccd7
    • Linus Torvalds's avatar
      Merge tag 'dlm-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm · f0230294
      Linus Torvalds authored
      Pull dlm fix from David Teigland:
       "This set includes a single fix to resolve to a race that could cause
        lockspace shutdown to incorrectly return -EBUSY"
      
      * tag 'dlm-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm:
        dlm: Avoid that dlm_release_lockspace() incorrectly returns -EBUSY
      f0230294
    • Linus Torvalds's avatar
      Merge tag 'upstream-3.13-rc1' of git://git.infradead.org/linux-ubi · 39222c82
      Linus Torvalds authored
      Pull UBI changes from Artem Bityutskiy:
       "A bunch of fixes for the fastmap feature, which is still new and
        rather experimental.  It looks like it starts getting more users.
      
        No significant changes for the "classical" non-fastmap UBI"
      
      * tag 'upstream-3.13-rc1' of git://git.infradead.org/linux-ubi:
        UBI: Add some asserts to ubi_attach_fastmap()
        UBI: Fix memory leak in ubi_attach_fastmap() error path
        UBI: simplify image sequence test
        UBI: fastmap: fix backward compatibility with image_seq
        UBI: Call scan_all() with correct offset in error case
        UBI: Fix error path in scan_pool()
        UBI: fix refill_wl_user_pool()
      39222c82
    • Linus Torvalds's avatar
      Merge tag 'upstream-3.13-rc1' of git://git.infradead.org/linux-ubifs · fbe43ff0
      Linus Torvalds authored
      Pull ubifs changes from Artem Bityutskiy:
       "Mostly fixes for the power cut emulation UBIFS mode, and only one
        functional change which fixes a return error code"
      
      * tag 'upstream-3.13-rc1' of git://git.infradead.org/linux-ubifs:
        UBIFS: correct data corruption range
        UBIFS: fix return code
        UBIFS: remove unnecessary code in ubifs_garbage_collect
      fbe43ff0
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · a7fa20a5
      Linus Torvalds authored
      Pull fuse updates from Miklos Szeredi:
       "This adds a ->writepage() implementation to fuse, improving mmaped
        writeout and paving the way for buffered writeback.
      
        And there's a patch to add a fix minor number for /dev/cuse, similarly
        to /dev/fuse"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: writepages: protect secondary requests from fuse file release
        fuse: writepages: update bdi writeout when deleting secondary request
        fuse: writepages: crop secondary requests
        fuse: writepages: roll back changes if request not found
        cuse: add fix minor number to /dev/cuse
        fuse: writepage: skip already in flight
        fuse: writepages: handle same page rewrites
        fuse: writepages: fix aggregation
        fuse: fix race in fuse_writepages()
        fuse: Implement writepages callback
        fuse: don't BUG on no write file
        fuse: lock page in mkwrite
        fuse: Prepare to handle multiple pages in writeback
        fuse: Getting file for writeback helper
      a7fa20a5
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · a3012453
      Linus Torvalds authored
      Pull ext[23], udf and quota fixes from Jan Kara:
       "Assorted fixes in quota, ext2, ext3 & udf.
      
        Probably the most important is a fix of fs corruption issue in ext2
        XIP support (OTOH xip is rarely used)"
      
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        ext2: Fix fs corruption in ext2_get_xip_mem()
        quota: info leak in quota_getquota()
        jbd: Revert "jbd: remove dependency on __GFP_NOFAIL"
        udf: fix for pathetic mount times in case of invalid file system
        ext3: Count journal as bsddf overhead in ext3_statfs
      a3012453
    • Linus Torvalds's avatar
      Merge tag 'for-f2fs-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs · dd1d1399
      Linus Torvalds authored
      Pull f2fs updates from Jaegeuk Kim:
       "This patch-set includes the following major enhancement patches.
         - add a sysfs to control reclaiming free segments
         - enhance the f2fs global lock procedures
         - enhance the victim selection flow
         - wait for selected node blocks during fsync
         - add some tracepoints
         - add a config to remove abundant BUG_ONs
      
        The other bug fixes are as follows.
         - fix deadlock on acl operations
         - fix some bugs with respect to orphan inodes
      
        And, there are a bunch of cleanups"
      
      * tag 'for-f2fs-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (42 commits)
        f2fs: issue more large discard command
        f2fs: fix memory leak after kobject init failed in fill_super
        f2fs: cleanup waiting routine for writeback pages in cp
        f2fs: avoid to use a NULL point in destroy_segment_manager
        f2fs: remove unnecessary TestClearPageError when wait pages writeback
        f2fs: update f2fs document
        f2fs: avoid to wait all the node blocks during fsync
        f2fs: check all ones or zeros bitmap with bitops for better mount performance
        f2fs: change the method of calculating the number summary blocks
        f2fs: fix calculating incorrect free size when update xattr in __f2fs_setxattr
        f2fs: add an option to avoid unnecessary BUG_ONs
        f2fs: introduce CONFIG_F2FS_CHECK_FS for BUG_ON control
        f2fs: fix a deadlock during init_acl procedure
        f2fs: clean up acl flow for better readability
        f2fs: remove unnecessary segment bitmap updates
        f2fs: add tracepoint for vm_page_mkwrite
        f2fs: add tracepoint for set_page_dirty
        f2fs: remove redundant set_page_dirty from write_compacted_summaries
        f2fs: add reclaiming control by sysfs
        f2fs: introduce f2fs_balance_fs_bg for some background jobs
        ...
      dd1d1399
    • Linus Torvalds's avatar
      Merge branch 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · a9986464
      Linus Torvalds authored
      Pull cgroup changes from Tejun Heo:
       "Not too much activity this time around.  css_id is finally killed and
        a minor update to device_cgroup"
      
      * 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        device_cgroup: remove can_attach
        cgroup: kill css_id
        memcg: stop using css id
        memcg: fail to create cgroup if the cgroup id is too big
        memcg: convert to use cgroup id
        memcg: convert to use cgroup_is_descendant()
      a9986464
    • Linus Torvalds's avatar
      Merge branch 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · 13aa7e0b
      Linus Torvalds authored
      Pull libata changes from Tejun Heo:
       "Nothing too interesting.  Only two minor fixes in libata core.  Most
        changes are specific to hardware which isn't too common"
      
      * 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
        ahci: Add Device IDs for Intel Wildcat Point-LP
        sata_rcar: Convert to clk_prepare/unprepare
        drivers/libata: Set max sector to 65535 for Slimtype DVD A DS8A9SH drive
        libata: Add some missing command descriptions
        sata_highbank: clear whole array in highbank_initialize_phys()
        ahci: disabled FBS prior to issuing software reset
        libata: Fix display of sata speed
        ahci: imx: setup power saving methods
        ata_piix: minor typo and a printk fix
        ahci: Changing two module params with static and __read_mostly
      13aa7e0b
    • Linus Torvalds's avatar
      Merge branch 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu · c08acff0
      Linus Torvalds authored
      Pull percpu changes from Tejun Heo:
       "Two smallish changes for percpu.  Two patches to remove unused
        this_cpu_xor() and one to fix a bug in percpu init failure path so
        that it can reach the proper BUG() instead of oopsing earlier"
      
      * 'for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
        x86: remove this_cpu_xor() implementation
        percpu: remove this_cpu_xor() implementation
        percpu: fix bootmem error handling in pcpu_page_first_chunk()
      c08acff0
    • Mathias Krause's avatar
      ipc, msg: fix message length check for negative values · 4e9b45a1
      Mathias Krause authored
      On 64 bit systems the test for negative message sizes is bogus as the
      size, which may be positive when evaluated as a long, will get truncated
      to an int when passed to load_msg().  So a long might very well contain a
      positive value but when truncated to an int it would become negative.
      
      That in combination with a small negative value of msg_ctlmax (which will
      be promoted to an unsigned type for the comparison against msgsz, making
      it a big positive value and therefore make it pass the check) will lead to
      two problems: 1/ The kmalloc() call in alloc_msg() will allocate a too
      small buffer as the addition of alen is effectively a subtraction.  2/ The
      copy_from_user() call in load_msg() will first overflow the buffer with
      userland data and then, when the userland access generates an access
      violation, the fixup handler copy_user_handle_tail() will try to fill the
      remainder with zeros -- roughly 4GB.  That almost instantly results in a
      system crash or reset.
      
        ,-[ Reproducer (needs to be run as root) ]--
        | #include <sys/stat.h>
        | #include <sys/msg.h>
        | #include <unistd.h>
        | #include <fcntl.h>
        |
        | int main(void) {
        |     long msg = 1;
        |     int fd;
        |
        |     fd = open("/proc/sys/kernel/msgmax", O_WRONLY);
        |     write(fd, "-1", 2);
        |     close(fd);
        |
        |     msgsnd(0, &msg, 0xfffffff0, IPC_NOWAIT);
        |
        |     return 0;
        | }
        '---
      
      Fix the issue by preventing msgsz from getting truncated by consistently
      using size_t for the message length.  This way the size checks in
      do_msgsnd() could still be passed with a negative value for msg_ctlmax but
      we would fail on the buffer allocation in that case and error out.
      
      Also change the type of m_ts from int to size_t to avoid similar nastiness
      in other code paths -- it is used in similar constructs, i.e.  signed vs.
      unsigned checks.  It should never become negative under normal
      circumstances, though.
      
      Setting msg_ctlmax to a negative value is an odd configuration and should
      be prevented.  As that might break existing userland, it will be handled
      in a separate commit so it could easily be reverted and reworked without
      reintroducing the above described bug.
      
      Hardening mechanisms for user copy operations would have catched that bug
      early -- e.g.  checking slab object sizes on user copy operations as the
      usercopy feature of the PaX patch does.  Or, for that matter, detect the
      long vs.  int sign change due to truncation, as the size overflow plugin
      of the very same patch does.
      
      [akpm@linux-foundation.org: fix i386 min() warnings]
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Cc: Pax Team <pageexec@freemail.hu>
      Cc: Davidlohr Bueso <davidlohr@hp.com>
      Cc: Brad Spengler <spender@grsecurity.net>
      Cc: Manfred Spraul <manfred@colorfullife.com>
      Cc: <stable@vger.kernel.org>	[ v2.3.27+ -- yes, that old ;) ]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4e9b45a1
    • Xie XiuQi's avatar
      ipc/util.c: remove unnecessary work pending test · 206fa940
      Xie XiuQi authored
      Remove unnecessary work pending test before calling schedule_work().  It
      has been tested in queue_work_on() already.  No functional changed.
      Signed-off-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
      Cc: Tejun Heo <tj@kernel.org>
      Reviewed-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      206fa940
    • Ilija Hadzic's avatar
      devpts: plug the memory leak in kill_sb · 66da0e1f
      Ilija Hadzic authored
      When devpts is unmounted, there may be a no-longer-used IDR tree hanging
      off the superblock we are about to kill.  This needs to be cleaned up
      before destroying the SB.
      
      The leak is usually not a big deal because unmounting devpts is typically
      done when shutting down the whole machine.  However, shutting down an LXC
      container instead of a physical machine exposes the problem (the garbage
      is detectable with kmemleak).
      Signed-off-by: default avatarIlija Hadzic <ihadzic@research.bell-labs.com>
      Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      66da0e1f
    • P J P's avatar
      ./Makefile: export initial ramdisk compression config option · 1bf49dd4
      P J P authored
      Make menuconfig allows one to choose compression format of an initial
      ramdisk image.  But this choice does not result in duly compressed ramdisk
      image.  Because - $ make install - does not pass on the selected
      compression choice to the dracut(8) tool, which creates the initramfs
      file.  dracut(8) generates the image with the default compression, ie.
      gzip(1).
      
      This patch exports the selected compression option to a sub-shell
      environment, so that it could be used by dracut(8) tool to generate
      appropriately compressed initramfs images.
      
      There isn't a straightforward way to pass on options to dracut(8) via
      positional parameters.  Because it is indirectly invoked at the end of a $
      make install sequence.
      
       # make install
         -> arch/$arch/boot/Makefile
          -> arch/$arch/boot/install.sh
           -> /sbing/installkernel ...
            -> /sbin/new-kernel-pkg ...
             -> /sbin/dracut ...
      Signed-off-by: default avatarP J P <ppandit@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1bf49dd4
    • Christian Ruppert's avatar
      init/Kconfig: add option to disable kernel compression · 69f0554e
      Christian Ruppert authored
      Some ARC users say they can boot faster with without kernel compression.
      This probably depends on things like the FLASH chip they use etc.
      
      Until now, kernel compression can only be disabled by removing "select
      HAVE_<compression>" lines from the architecture Kconfig.  So add the
      Kconfig logic to permit disabling of kernel compression.
      Signed-off-by: default avatarChristian Ruppert <christian.ruppert@abilis.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      69f0554e
    • Michal Nazarewicz's avatar
      drivers: w1: make w1_slave::flags long to avoid memory corruption · bb670937
      Michal Nazarewicz authored
      On architectures where long is more then 32 bits, modifying a 32-bit field
      with set_bit (and other atomic bit operations) may cause bytes following
      the field to by modified.
      
      Because the endianness of the bits within a field is the native endianness
      of the CPU[1], on big-endian machines, bit number zero is in the last byte
      of the field.
      
      Therefore, `set_bit(0, ptr)' on a 64-bit big-endian machine is roughly
      equivalent to `((char *)ptr)[7] |= 1', and since w1 driver uses a 32-bit
      field for holding the flags, this causes bytes beyond the field to be
      modified.
      
      [1] From Documentation/atomic_ops.txt:
      
          Native atomic bit operations are defined to operate on objects
          aligned to the size of an "unsigned long" C data type, and are
          least of that size.  The endianness of the bits within each
          "unsigned long" are the native endianness of the cpu.
      Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Cc: Evgeniy Polyakov <zbr@ioremap.net>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bb670937
    • Jingoo Han's avatar
      drivers/w1/masters/ds1wm.cuse dev_get_platdata() · 75f9e937
      Jingoo Han authored
      Use the wrapper function for retrieving the platform data instead of
      accessing dev->platform_data directly.  This is a cosmetic change to make
      the code simpler and enhance the readability.
      Signed-off-by: default avatarJingoo Han <jg1.han@samsung.com>
      Acked-by: default avatarEvgeniy Polyakov <zbr@ioremap.net>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      75f9e937
    • Roger Tseng's avatar
      drivers/memstick/core/ms_block.c: fix unreachable state in h_msb_read_page() · a0e5a12f
      Roger Tseng authored
      In h_msb_read_page() in ms_block.c, flow never reaches case
      MSB_RP_RECIVE_STATUS_REG.  This causes error when MEMSTICK_INT_ERR is
      encountered and status error bits are going to be examined, but the status
      will never be copied back.
      
      Fix it by transitioning to MSB_RP_RECIVE_STATUS_REG right after
      MSB_RP_SEND_READ_STATUS_REG.
      Signed-off-by: default avatarRoger Tseng <rogerable@realtek.com>
      Acked-by: default avatarMaxim Levitsky <maximlevitsky@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a0e5a12f
    • Michal Nazarewicz's avatar
      drivers/memstick/core/mspro_block.c: fix attributes array allocation · be2d3f97
      Michal Nazarewicz authored
      attrs field of attribute_group structure is a pointer to a pointer (as in
      an array of pointers) rather than pointer to attribute struct (as in an
      array of structures), so when allocating size of the pointer sholud be
      used instead of the structure it is pointing to.
      
      While at it, also change the call to use kcalloc rather than kzalloc.
      Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alex Dubov <oakad@yahoo.com>
      Cc: Maxim Levitsky <maximlevitsky@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      be2d3f97
    • Sachin Kamat's avatar
      drivers/pps/clients/pps-gpio.c: remove redundant of_match_ptr · 1a10bd94
      Sachin Kamat authored
      The data structure of_match_ptr() protects is always compiled in.  Hence
      of_match_ptr() is not needed.
      Signed-off-by: default avatarSachin Kamat <sachin.kamat@linaro.org>
      Cc: Rodolfo Giometti <giometti@enneenne.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1a10bd94
    • Chen Gang's avatar
      kernel/panic.c: reduce 1 byte usage for print tainted buffer · 01284764
      Chen Gang authored
      sizeof("Tainted: ") already counts '\0', and after first sprintf(), 's'
      will start from the current string end (its' value is '\0').
      
      So need not add additional 1 byte for maximized usage of 'buf' in
      print_tainted().
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01284764
    • Andy Shevchenko's avatar
      gcov: reuse kbasename helper · 1931d433
      Andy Shevchenko authored
      To get name of the file from a pathname let's use kbasename() helper.
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Cc: Jingoo Han <jg1.han@samsung.com>
      Cc: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1931d433
    • Andrew Morton's avatar
      kernel/gcov/fs.c: use pr_warn() · a5ebb875
      Andrew Morton authored
      pr_warning() is deprecated in favor of pr_warn()
      
      Cc: Andy Gospodarek <agospoda@redhat.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Frantisek Hrbata <fhrbata@redhat.com>
      Cc: Jan Stancek <jstancek@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a5ebb875
    • Andrew Morton's avatar
      kernel/module.c: use pr_foo() · bddb12b3
      Andrew Morton authored
      kernel/module.c uses a mix of printk(KERN_foo and pr_foo().  Convert it
      all to pr_foo and make the offered cleanups.
      
      Not sure what to do about the printk(KERN_DEFAULT).  We don't have a
      pr_default().
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Joe Perches <joe@perches.com>
      Cc: Frantisek Hrbata <fhrbata@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bddb12b3
    • Frantisek Hrbata's avatar
      gcov: compile specific gcov implementation based on gcc version · 17c568d6
      Frantisek Hrbata authored
      Compile the correct gcov implementation file for the specific gcc version.
      Signed-off-by: default avatarFrantisek Hrbata <fhrbata@redhat.com>
      Cc: Jan Stancek <jstancek@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Acked-by: default avatarPeter Oberparleiter <peter.oberparleiter@de.ibm.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Andy Gospodarek <agospoda@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      17c568d6
    • Frantisek Hrbata's avatar
      gcov: add support for gcc 4.7 gcov format · 5f41ea03
      Frantisek Hrbata authored
      The gcov in-memory format changed in gcc 4.7.  The biggest change, which
      requires this special implementation, is that gcov_info no longer contains
      array of counters for each counter type for all functions and gcov_fn_info
      is not used for mapping of function's counters to these arrays(offset).
      Now each gcov_fn_info contans it's counters, which makes things a little
      bit easier.
      
      This is heavily based on the previous gcc_3_4.c implementation and patches
      provided by Peter Oberparleiter.  Specially the buffer gcda implementation
      for iterator.
      
      [akpm@linux-foundation.org: use kmemdup() and kcalloc()]
      [oberpar@linux.vnet.ibm.com: gcc_4_7.c needs vmalloc.h]
      Signed-off-by: default avatarFrantisek Hrbata <fhrbata@redhat.com>
      Cc: Jan Stancek <jstancek@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Reviewed-by: default avatarPeter Oberparleiter <peter.oberparleiter@de.ibm.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Andy Gospodarek <agospoda@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5f41ea03
    • Frantisek Hrbata's avatar
      gcov: move gcov structs definitions to a gcc version specific file · 8cbce376
      Frantisek Hrbata authored
      Since also the gcov structures(gcov_info, gcov_fn_info, gcov_ctr_info) can
      change between gcc releases, as shown in gcc 4.7, they cannot be defined
      in a common header and need to be moved to a specific gcc implemention
      file.  This also requires to make the gcov_info structure opaque for the
      common code and to introduce simple helpers for accessing data inside
      gcov_info.
      Signed-off-by: default avatarFrantisek Hrbata <fhrbata@redhat.com>
      Cc: Jan Stancek <jstancek@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Acked-by: default avatarPeter Oberparleiter <peter.oberparleiter@de.ibm.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Andy Gospodarek <agospoda@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8cbce376
    • Chen Gang's avatar
      kernel/taskstats.c: return -ENOMEM when alloc memory fails in add_del_listener() · 0d20633b
      Chen Gang authored
      For registering in add_del_listener(), when kmalloc_node() fails, need
      return -ENOMEM instead of success code, and cmd_attr_register_cpumask()
      wants to know about it.
      
      After modification, give a simple common test "build -> boot up ->
      kernel/controllers/cgroup/getdelays by LTP tools".
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0d20633b
    • Chen Gang's avatar
      kernel/taskstats.c: add nla_nest_cancel() for failure processing between... · 3fa58266
      Chen Gang authored
      kernel/taskstats.c: add nla_nest_cancel() for failure processing between nla_nest_start() and nla_nest_end()
      
      When failure occurs between nla_nest_start() and nla_nest_end(), we should
      call nla_nest_cancel() to clean up related things.
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Cc: Balbir Singh <bsingharora@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3fa58266
    • Chen Gang's avatar
      kernel/sysctl_binary.c: use scnprintf() instead of snprintf() · f02147ef
      Chen Gang authored
      snprintf() will return the 'ideal' length which may be larger than real
      buffer length, if we only want to use real length, need use scnprintf()
      instead of.
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f02147ef
    • Chen Gang's avatar
      kernel/sysctl.c: check return value after call proc_put_char() in __do_proc_doulongvec_minmax() · 7833819d
      Chen Gang authored
      Need to check the return value of proc_put_char(), as was done in
      __do_proc_doulongvec_minmax().
      Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7833819d
    • Jan Kara's avatar
      rbtree: fix rbtree_postorder_for_each_entry_safe() iterator · 1310a5a9
      Jan Kara authored
      The iterator rbtree_postorder_for_each_entry_safe() relies on pointer
      underflow behavior when testing for loop termination.  In particular it
      expects that
      
        &rb_entry(NULL, type, field)->field
      
      is NULL.  But the result of this expression is not defined by a C standard
      and some gcc versions (e.g.  4.3.4) assume the above expression can never
      be equal to NULL.  The net result is an oops because the iteration is not
      properly terminated.
      
      Fix the problem by modifying the iterator to avoid pointer underflows.
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarCody P Schafer <cody@linux.vnet.ibm.com>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Artem Bityutskiy <dedekind1@gmail.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Paul Mundt <lethal@linux-sh.org>
      Cc: Theodore Ts'o <tytso@mit.edu>
      Cc: <stable@vger.kernel.org>		[3.12.x]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1310a5a9
    • Kees Cook's avatar
      exec/ptrace: fix get_dumpable() incorrect tests · d049f74f
      Kees Cook authored
      The get_dumpable() return value is not boolean.  Most users of the
      function actually want to be testing for non-SUID_DUMP_USER(1) rather than
      SUID_DUMP_DISABLE(0).  The SUID_DUMP_ROOT(2) is also considered a
      protected state.  Almost all places did this correctly, excepting the two
      places fixed in this patch.
      
      Wrong logic:
          if (dumpable == SUID_DUMP_DISABLE) { /* be protective */ }
              or
          if (dumpable == 0) { /* be protective */ }
              or
          if (!dumpable) { /* be protective */ }
      
      Correct logic:
          if (dumpable != SUID_DUMP_USER) { /* be protective */ }
              or
          if (dumpable != 1) { /* be protective */ }
      
      Without this patch, if the system had set the sysctl fs/suid_dumpable=2, a
      user was able to ptrace attach to processes that had dropped privileges to
      that user.  (This may have been partially mitigated if Yama was enabled.)
      
      The macros have been moved into the file that declares get/set_dumpable(),
      which means things like the ia64 code can see them too.
      
      CVE-2013-2929
      Reported-by: default avatarVasily Kulikov <segoon@openwall.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d049f74f
    • Randy Dunlap's avatar
      kcore: add Kconfig help text · 1c3fc3e5
      Randy Dunlap authored
      Under Pseudo filesystems, /proc/kcore support has no help.
      
      Fixes a portion of kernel bugzilla #52671:
        https://bugzilla.kernel.org/show_bug.cgi?id=52671
      
      Thanks for David Howells for the help text.
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: <lailavrazda1979@gmail.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1c3fc3e5
    • HATAYAMA Daisuke's avatar
      procfs: clean up proc_reg_get_unmapped_area for 80-column limit · 5721cf84
      HATAYAMA Daisuke authored
      Clean up proc_reg_get_unmapped_area due to its 80-column limit
      violation.
      Signed-off-by: default avatarHATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
      Tested-by: default avatarMichael Holzheu <holzheu@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5721cf84