summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* KEYS: Rename public key parameter name arraysDavid Howells2013-09-254-16/+16
| | | | | | | | | Rename the arrays of public key parameters (public key algorithm names, hash algorithm names and ID type names) so that the array name ends in "_name". Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Josh Boyer <jwboyer@redhat.com>
* KEYS: Add per-user_namespace registers for persistent per-UID kerberos cachesDavid Howells2013-09-2411-0/+230
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for per-user_namespace registers of persistent per-UID kerberos caches held within the kernel. This allows the kerberos cache to be retained beyond the life of all a user's processes so that the user's cron jobs can work. The kerberos cache is envisioned as a keyring/key tree looking something like: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 big_key - A ccache blob \___ tkt12345 big_key - Another ccache blob Or possibly: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 keyring - A ccache \___ krbtgt/REDHAT.COM@REDHAT.COM big_key \___ http/REDHAT.COM@REDHAT.COM user \___ afs/REDHAT.COM@REDHAT.COM user \___ nfs/REDHAT.COM@REDHAT.COM user \___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key \___ http/KERNEL.ORG@KERNEL.ORG big_key What goes into a particular Kerberos cache is entirely up to userspace. Kernel support is limited to giving you the Kerberos cache keyring that you want. The user asks for their Kerberos cache by: krb_cache = keyctl_get_krbcache(uid, dest_keyring); The uid is -1 or the user's own UID for the user's own cache or the uid of some other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to mess with the cache. The cache returned is a keyring named "_krb.<uid>" that the possessor can read, search, clear, invalidate, unlink from and add links to. Active LSMs get a chance to rule on whether the caller is permitted to make a link. Each uid's cache keyring is created when it first accessed and is given a timeout that is extended each time this function is called so that the keyring goes away after a while. The timeout is configurable by sysctl but defaults to three days. Each user_namespace struct gets a lazily-created keyring that serves as the register. The cache keyrings are added to it. This means that standard key search and garbage collection facilities are available. The user_namespace struct's register goes away when it does and anything left in it is then automatically gc'd. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Simo Sorce <simo@redhat.com> cc: Serge E. Hallyn <serge.hallyn@ubuntu.com> cc: Eric W. Biederman <ebiederm@xmission.com>
* KEYS: Implement a big key type that can save to tmpfsDavid Howells2013-09-245-0/+242
| | | | | | | | Implement a big key type that can save its contents to tmpfs and thus swapspace when memory is tight. This is useful for Kerberos ticket caches. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Simo Sorce <simo@redhat.com>
* KEYS: Expand the capacity of a keyringDavid Howells2013-09-249-762/+803
| | | | | | | | | | | | | | | | | | | | Expand the capacity of a keyring to be able to hold a lot more keys by using the previously added associative array implementation. Currently the maximum capacity is: (PAGE_SIZE - sizeof(header)) / sizeof(struct key *) which, on a 64-bit system, is a little more 500. However, since this is being used for the NFS uid mapper, we need more than that. The new implementation gives us effectively unlimited capacity. With some alterations, the keyutils testsuite runs successfully to completion after this patch is applied. The alterations are because (a) keyrings that are simply added to no longer appear ordered and (b) some of the errors have changed a bit. Signed-off-by: David Howells <dhowells@redhat.com>
* Add a generic associative array implementation.David Howells2013-09-246-0/+2608
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a generic associative array implementation that can be used as the container for keyrings, thereby massively increasing the capacity available whilst also speeding up searching in keyrings that contain a lot of keys. This may also be useful in FS-Cache for tracking cookies. Documentation is added into Documentation/associative_array.txt Some of the properties of the implementation are: (1) Objects are opaque pointers. The implementation does not care where they point (if anywhere) or what they point to (if anything). [!] NOTE: Pointers to objects _must_ be zero in the two least significant bits. (2) Objects do not need to contain linkage blocks for use by the array. This permits an object to be located in multiple arrays simultaneously. Rather, the array is made up of metadata blocks that point to objects. (3) Objects are labelled as being one of two types (the type is a bool value). This information is stored in the array, but has no consequence to the array itself or its algorithms. (4) Objects require index keys to locate them within the array. (5) Index keys must be unique. Inserting an object with the same key as one already in the array will replace the old object. (6) Index keys can be of any length and can be of different lengths. (7) Index keys should encode the length early on, before any variation due to length is seen. (8) Index keys can include a hash to scatter objects throughout the array. (9) The array can iterated over. The objects will not necessarily come out in key order. (10) The array can be iterated whilst it is being modified, provided the RCU readlock is being held by the iterator. Note, however, under these circumstances, some objects may be seen more than once. If this is a problem, the iterator should lock against modification. Objects will not be missed, however, unless deleted. (11) Objects in the array can be looked up by means of their index key. (12) Objects can be looked up whilst the array is being modified, provided the RCU readlock is being held by the thread doing the look up. The implementation uses a tree of 16-pointer nodes internally that are indexed on each level by nibbles from the index key. To improve memory efficiency, shortcuts can be emplaced to skip over what would otherwise be a series of single-occupancy nodes. Further, nodes pack leaf object pointers into spare space in the node rather than making an extra branch until as such time an object needs to be added to a full node. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Drop the permissions argument from __keyring_search_one()David Howells2013-09-243-9/+5
| | | | | | | Drop the permissions argument from __keyring_search_one() as the only caller passes 0 here - which causes all checks to be skipped. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Define a __key_get() wrapper to use rather than atomic_inc()David Howells2013-09-245-20/+27
| | | | | | | Define a __key_get() wrapper to use rather than atomic_inc() on the key usage count as this makes it easier to hook in refcount error debugging. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Search for auth-key by name rather than target key IDDavid Howells2013-09-241-14/+7
| | | | | | | | Search for auth-key by name rather than by target key ID as, in a future patch, we'll by searching directly by index key in preference to iteration over all keys. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Introduce a search context structureDavid Howells2013-09-248-158/+179
| | | | | | | | | | | | | | | | | | | Search functions pass around a bunch of arguments, each of which gets copied with each call. Introduce a search context structure to hold these. Whilst we're at it, create a search flag that indicates whether the search should be directly to the description or whether it should iterate through all keys looking for a non-description match. This will be useful when keyrings use a generic data struct with generic routines to manage their content as the search terms can just be passed through to the iterator callback function. Also, for future use, the data to be supplied to the match function is separated from the description pointer in the search context. This makes it clear which is being supplied. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Consolidate the concept of an 'index key' for key accessDavid Howells2013-09-245-67/+83
| | | | | | | | | | | Consolidate the concept of an 'index key' for accessing keys. The index key is the search term needed to find a key directly - basically the key type and the key description. We can add to that the description length. This will be useful when turning a keyring into an associative array rather than just a pointer block. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: key_is_dead() should take a const key pointer argumentDavid Howells2013-09-241-1/+1
| | | | | | | key_is_dead() should take a const key pointer argument as it doesn't modify what it points to. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Use bool in make_key_ref() and is_key_possessed()David Howells2013-09-243-8/+8
| | | | | | | Make make_key_ref() take a bool possession parameter and make is_key_possessed() return a bool. Signed-off-by: David Howells <dhowells@redhat.com>
* KEYS: Skip key state checks when checking for possessionDavid Howells2013-09-244-6/+11
| | | | | | | | | | | | | | | | | Skip key state checks (invalidation, revocation and expiration) when checking for possession. Without this, keys that have been marked invalid, revoked keys and expired keys are not given a possession attribute - which means the possessor is not granted any possession permits and cannot do anything with them unless they also have one a user, group or other permit. This causes failures in the keyutils test suite's revocation and expiration tests now that commit 96b5c8fea6c0861621051290d705ec2e971963f1 reduced the initial permissions granted to a key. The failures are due to accesses to revoked and expired keys being given EACCES instead of EKEYREVOKED or EKEYEXPIRED. Signed-off-by: David Howells <dhowells@redhat.com>
* selinux: add Paul Moore as a SELinux maintainerPaul Moore2013-09-241-1/+2
| | | | | | Signed-off-by: Paul Moore <paul@paul-moore.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
* security: remove erroneous comment about capabilities.o link orderingEric Paris2013-09-241-1/+0
| | | | | | | | | | | | | Back when we had half ass LSM stacking we had to link capabilities.o after bigger LSMs so that on initialization the bigger LSM would register first and the capabilities module would be the one stacked as the 'seconday'. Somewhere around 6f0f0fd496333777d53 (back in 2008) we finally removed the last of the kinda module stacking code but this comment in the makefile still lives today. Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
* Linux 3.12-rc2v3.12-rc2Linus Torvalds2013-09-241-1/+1
|
* Merge tag 'staging-3.12-rc2' of ↵Linus Torvalds2013-09-2335-97/+160
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging fixes from Greg KH: "Here are a number of small staging tree and iio driver fixes. Nothing major, just lots of little things" * tag 'staging-3.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (34 commits) iio:buffer_cb: Add missing iio_buffer_init() iio: Prevent race between IIO chardev opening and IIO device free iio: fix: Keep a reference to the IIO device for open file descriptors iio: Stop sampling when the device is removed iio: Fix crash when scan_bytes is computed with active_scan_mask == NULL iio: Fix mcp4725 dev-to-indio_dev conversion in suspend/resume iio: Fix bma180 dev-to-indio_dev conversion in suspend/resume iio: Fix tmp006 dev-to-indio_dev conversion in suspend/resume iio: iio_device_add_event_sysfs() bugfix staging: iio: ade7854-spi: Fix return value staging:iio:hmc5843: Fix measurement conversion iio: isl29018: Fix uninitialized value staging:iio:dummy fix kfifo_buf kconfig dependency issue if kfifo modular and buffer enabled for built in dummy driver. iio: at91: fix adc_clk overflow staging: line6: add bounds check in snd_toneport_source_put() Staging: comedi: Fix dependencies for drivers misclassified as PCI staging: r8188eu: Adjust RX gain staging: r8188eu: Fix smatch warning in core/rtw_ieee80211. staging: r8188eu: Fix smatch error in core/rtw_mlme_ext.c staging: r8188eu: Fix Smatch off-by-one warning in hal/rtl8188e_hal_init.c ...
| * Merge tag 'iio-fixes-for-3.12a' of ↵Greg Kroah-Hartman2013-09-2213-36/+91
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: First round of IIO fixes for 3.12 A series of wrong 'struct dev' assumptions in suspend/resume callbacks following on from this issue being identified in a new driver review. One to watch out for in future. A number of driver specific fixes 1) at91 - fix a overflow in clock rate computation 2) dummy - Kconfig dependency issue 3) isl29018 - uninitialized value 4) hmc5843 - measurement conversion bug introduced by recent cleanup. 5) ade7854-spi - wrong return value. Some IIO core fixes 1) Wrong value picked up for event code creation for a modified channel 2) A null dereference on failure to initialize a buffer after no buffer has been in use, when using the available_scan_masks approach. 3) Sampling not stopped when a device is removed. Effects forced removal such as hot unplugging. 4) Prevent device going away if a chrdev is still open in userspace. 5) Prevent race on chardev opening and device being freed. 6) Add a missing iio_buffer_init in the call back buffer. These last few are the first part of a set from Lars-Peter Clausen who has been taking a closer look at our removal paths and buffer handling than anyone has for quite some time.
| | * iio:buffer_cb: Add missing iio_buffer_init()Lars-Peter Clausen2013-09-211-0/+2
| | | | | | | | | | | | | | | | | | | | | Make sure to properly initialize the IIO buffer data structure. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Prevent race between IIO chardev opening and IIO device freeLars-Peter Clausen2013-09-211-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the IIO device as the parent for the character device We need to make sure that the IIO device is not freed while the character device exists, otherwise the freeing of the IIO device might race against the file open callback. Do this by setting the character device's parent to the IIO device, this will cause the character device to grab a reference to the IIO device and only release it once the character device itself has been removed. Also move the registration of the character device before the registration of the IIO device to avoid the (rather theoretical case) that the IIO device is already freed again before we can add the character device and grab a reference to the IIO device. We also need to move the call to cdev_del() from iio_dev_release() to iio_device_unregister() (where it should have been in the first place anyway) to avoid a reference cycle. As iio_dev_release() is only called once all reference are dropped, but the character device holds a reference to the IIO device. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: fix: Keep a reference to the IIO device for open file descriptorsLars-Peter Clausen2013-09-212-5/+17
| | | | | | | | | | | | | | | | | | | | | | | | Make sure that the IIO device is not freed while we still have file descriptors for it. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Stop sampling when the device is removedLars-Peter Clausen2013-09-213-1/+28
| | | | | | | | | | | | | | | | | | | | | | | | Make sure to stop sampling when the device is removed, otherwise it will continue to sample forever. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Fix crash when scan_bytes is computed with active_scan_mask == NULLPeter Meerwald2013-09-211-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if device has available_scan_masks set and the buffer is enabled without any scan_elements enabled, in a NULL pointer is dereferenced in iio_compute_scan_bytes() [ 18.993713] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 19.002593] pgd = debd4000 [ 19.005432] [00000000] *pgd=9ebc0831, *pte=00000000, *ppte=00000000 [ 19.012329] Internal error: Oops: 17 [#1] PREEMPT ARM [ 19.017639] Modules linked in: [ 19.020843] CPU: 0 Not tainted (3.9.11-00036-g75c888a-dirty #207) [ 19.027587] PC is at _find_first_bit_le+0xc/0x2c [ 19.032440] LR is at iio_compute_scan_bytes+0x2c/0xf4 [ 19.037719] pc : [<c021dc60>] lr : [<c03198d0>] psr: 200d0013 [ 19.037719] sp : debd9ed0 ip : 00000000 fp : 000802bc [ 19.049713] r10: 00000000 r9 : 00000000 r8 : deb67250 [ 19.055206] r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : deb67000 [ 19.062011] r3 : de96ec00 r2 : 00000000 r1 : 00000004 r0 : 00000000 [ 19.068847] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 19.076324] Control: 10c5387d Table: 9ebd4019 DAC: 00000015 problem is the rollback code in iio_update_buffers(), old_mask may be NULL (e.g. on first call) I'm not too confident about the fix; works for me... Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net> Reviewed-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Fix mcp4725 dev-to-indio_dev conversion in suspend/resumePeter Meerwald2013-09-211-6/+6
| | | | | | | | | | | | | | | | | | | | | dev_to_iio_dev() is a false friend Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Fix bma180 dev-to-indio_dev conversion in suspend/resumePeter Meerwald2013-09-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | dev_to_iio_dev() is a false friend Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net> Cc: Oleksandr Kravchenko <o.v.kravchenko@globallogic.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: Fix tmp006 dev-to-indio_dev conversion in suspend/resumePeter Meerwald2013-09-211-2/+4
| | | | | | | | | | | | | | | | | | | | | dev_to_iio_dev() is a false friend Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: iio_device_add_event_sysfs() bugfixLukasz Czerwinski2013-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | Fix mask generation for modified channels. Signed-off-by: Lukasz Czerwinski <l.czerwinski@samsung.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * staging: iio: ade7854-spi: Fix return valueSachin Kamat2013-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | ade7854_probe can fail. Return the value obtained from it instead of 0 (success). Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org> Cc: Barry Song <21cnbao@gmail.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * staging:iio:hmc5843: Fix measurement conversionPeter Meerwald2013-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | recently broken, cd6fe06588423ff4cca85c85c4402027b04dccf1 staging:iio:hmc5843: Use i2c_smbus_read_word_swapped() Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: isl29018: Fix uninitialized valueDerek Basehore2013-09-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The lux_uscale value is not initialized at probe. The value will be uninitialized unless a value is written to it through the iio channel interface. This fixes that. Signed-off-by: Derek Basehore <dbasehore@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/65998 Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * staging:iio:dummy fix kfifo_buf kconfig dependency issue if kfifo modular ↵Jonathan Cameron2013-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and buffer enabled for built in dummy driver. This only occurs in the unlikely event that the example driver is built in whilst the buffer implementation is not. Solved by switching from a depends on to a select for this particular case. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Reported-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| | * iio: at91: fix adc_clk overflowJosh Wu2013-09-181-5/+6
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | The adc_clk variable is currently defined using a 32-bits unsigned integer, which will overflow under some very valid range of operations. Such overflow will occur if, for example, the parent clock is set to a 20MHz frequency and the ADC startup time is larger than 215ns. To fix this, introduce an intermediate variable holding the clock rate in kHz. Signed-off-by: Josh Wu <josh.wu@atmel.com> Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
| * staging: line6: add bounds check in snd_toneport_source_put()Dan Carpenter2013-09-171-3/+7
| | | | | | | | | | | | | | | | | | "source" comes from the user in snd_ctl_elem_write() so it needs to be checked. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * Staging: comedi: Fix dependencies for drivers misclassified as PCIBen Hutchings2013-09-171-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | The Fastwel UNIOxx-5 is a PC/104 board, so put COMEDI_UNIOXX5 under COMEDI_ISA_DRIVERS. The DIL/Net-PC 1486 is a 486 system, so put COMEDI_SSV_DNP under COMEDI_MISC_DRIVERS and add a dependency on X86_32 || COMPILE_TEST. Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: r8188eu: Adjust RX gainLarry Finger2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | In some circumstances, the performance of this driver is highly degraded, and ifconfig reports large numbers of dropped packets. By increasing the maximum RX gain from 0x3e to 0x4e, performance is greatly improved. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: r8188eu: Fix smatch warning in core/rtw_ieee80211.Larry Finger2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | | | Smatch shows the following warning: drivers/staging/rtl8188eu/core/rtw_ieee80211.c:161 rtw_set_ie() info: ignoring unreachable code. The cause is a module exit tracing statement after a return. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: r8188eu: Fix smatch error in core/rtw_mlme_ext.cLarry Finger2013-09-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Smatch reports the following warning: "drivers/staging/rtl8188eu/core/rtw_mlme_ext.c:8328 mlme_evt_hdl() error: buffer overflow 'wlanevents' 24 <= 24" 8321 /* checking if event code is valid */ 8322 if (evt_code >= MAX_C2HEVT) { ^^^^^^^^^^^^^^^^^^^^^^ 8323 RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, ("\nEvent Code(%d) mismatch!\n", evt_code)); 8324 goto _abort_event_; 8325 } 8326 8327 /* checking if event size match the event parm size */ 8328 if ((wlanevents[evt_code].parmsize != 0) && ^^^^^^^^^^^^^^^^^^^^ 8329 (wlanevents[evt_code].parmsize != evt_sz)) { 8330 RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, 8331 ("\nEvent(%d) Parm Size mismatch (%d vs %d)!\n", 8332 evt_code, wlanevents[evt_code].parmsize, evt_sz)); 8333 goto _abort_event_; 8334 } This warning results because the number of items in "enum rtw_c2h_event", which determines the value of MAX_C2HEVT, is one more than in "struct wlanevents". Adding an extra dummy event to the latter fixes the problem. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: r8188eu: Fix Smatch off-by-one warning in hal/rtl8188e_hal_init.cLarry Finger2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Smatch reports the following warning: "drivers/staging/rtl8188eu/hal/rtl8188e_hal_init.c:2008 Hal_ReadPowerValueFromPROM_8188E() error: buffer overflow 'pwrInfo24G->IndexBW40_Base[rfPath]' 5 <= 5" drivers/staging/rtl8188eu/hal/rtl8188e_hal_init.c 2005 /* 2.4G default value */ 2006 for (group = 0; group < MAX_CHNL_GROUP_24G; group++) { 2007 pwrInfo24G->IndexCCK_Base[rfPath][group] = EEPROM_DEFAULT_24G_INDEX; 2008 pwrInfo24G->IndexBW40_Base[rfPath][group] = EEPROM_DEFAULT_24G_INDEX; The reason is that IndexCCK_Base[] has MAX_CHNL_GROUP_24G elements, but IndexBW40_Base is smaller by 1. Make them both have MAX_CHNL_GROUP_24G elements. Reported by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: Disable lustre file system for MIPS, SH, and XTENSAGuenter Roeck2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mips allmodconfig fails with ERROR: "copy_from_user_page" [drivers/staging/lustre/lustre/libcfs/libcfs.ko] undefined! which is due to LUSTRE using copy_from_user_page which is not exported by any architecture. Unfortunately, LUSTRE can only be built as module, so there is no easy fix. MIPS, SH, and optionally XTENSA implement copy_from_user_page as unexported functions. Disable LUSTRE for those. Cc: Peng Tao <bergwolf@gmail.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * Revert "staging: zram: Add auto loading of module if user opens /dev/zram."Greg Kroah-Hartman2013-09-171-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit c70bda992c12e593e411c02a52e4bd6985407539. It's incorrect, Kay writes: Please just remove it. "devname" is meant to be used for single-instance devices with a static dev_t, never for things like zramX. It will not do anything useful here, it does nothing really without a statically assigned dev_t, and it should not be used for devices of this kind anyway. Reported-by: Tom Gundersen <teg@jklm.no> Reported-by: Kay Sievers <kay@vrfy.org> Cc: Minchan Kim <minchan@kernel.org> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: octeon-ethernet: rgmii: enable interrupts that we can handleAaro Koskinen2013-09-171-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enable only those interrupts that we can handle & acknowledge in the interrupt handler. At least on EdgeRouter Lite, the hardware may occasionally interrupt with some error condition when the physical link status changes frequently. Since the interrupt condition is not acked properly, this leads to the following warning and the IRQ gets disabled completely: [ 41.324700] eth0: Link down [ 44.324721] eth0: 1000 Mbps Full duplex, port 0, queue 0 [ 44.885590] irq 117: nobody cared (try booting with the "irqpoll" option) [ 44.892397] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.11.0-rc5-edge-los.git-27d042f-dirty-00950-gaa42f2d-dirty #8 [ 44.902825] Stack : ffffffff815c0000 0000000000000004 0000000000000003 0000000000000000 ffffffff81fd0000 ffffffff815c0000 0000000000000004 ffffffff8118530c ffffffff815c0000 ffffffff811858d8 0000000000000000 0000000000000000 ffffffff81fd0000 ffffffff81fc0000 ffffffff8152f3a0 ffffffff815b7bf7 ffffffff81fc6688 ffffffff815b8060 0000000000000000 0000000000000000 0000000000000000 ffffffff815346c8 ffffffff815346b0 ffffffff814a6a18 ffffffff8158b848 ffffffff81145614 ffffffff81593800 ffffffff81187174 ffffffff815b7d00 ffffffff8158b760 0000000000000000 ffffffff814a9184 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff811203b8 0000000000000000 0000000000000000 ... [ 44.968408] Call Trace: [ 44.970873] [<ffffffff811203b8>] show_stack+0x68/0x80 [ 44.975937] [<ffffffff814a9184>] dump_stack+0x78/0xb8 [ 44.980999] [<ffffffff811aac54>] __report_bad_irq+0x44/0x108 [ 44.986662] [<ffffffff811ab238>] note_interrupt+0x248/0x2a0 [ 44.992240] [<ffffffff811a85e4>] handle_irq_event_percpu+0x144/0x200 [ 44.998598] [<ffffffff811a86f4>] handle_irq_event+0x54/0x90 [ 45.004176] [<ffffffff811ab908>] handle_level_irq+0xd0/0x148 [ 45.009839] [<ffffffff811a7b04>] generic_handle_irq+0x34/0x50 [ 45.015589] [<ffffffff8111dae8>] do_IRQ+0x18/0x30 [ 45.020301] [<ffffffff8110486c>] plat_irq_dispatch+0x74/0xb8 [ 45.025958] [ 45.027451] handlers: [ 45.029731] [<ffffffff813fca10>] cvm_oct_rgmii_rml_interrupt [ 45.035397] Disabling IRQ #117 [ 45.038742] Port 0 receive error code 13, packet dropped [ 46.324719] eth0: Link down [ 48.324733] eth0: 1000 Mbps Full duplex, port 0, queue 0 Reported-by: "Jason A. Donenfeld" <Jason@zx2c4.com> Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Acked-by: David Daney <david.daney@cavium.com> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: octeon-ethernet: remove skb alloc failure warningsAaro Koskinen2013-09-172-9/+1
| | | | | | | | | | | | | | | | | | | | | | Remove skb allocation failure warnings. They will trigger a page allocation warning already. Also, one of the warnings was not ratelimited, causing the box to lock up under heavy traffic & low memory. Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Acked-by: David Daney <david.daney@cavium.com> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: octeon-ethernet: make dropped packets to consume NAPI budgetAaro Koskinen2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | We should count also dropped packets, otherwise the NAPI handler may end up running too long. Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * drivers/staging/lustre/lustre/ptlrpc/sec_bulk.c: rename PTRS_PER_PAGEAndrew Morton2013-09-171-2/+2
| | | | | | | | | | | | | | | | | | | | It duplicates the definition in arch/alpha/include/asm/pgtable.h and emits warnings. Cc: Andreas Dilger <andreas.dilger@intel.com> Cc: Peng Tao <tao.peng@emc.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: dgnc: fix potential format string flawKees Cook2013-09-171-2/+2
| | | | | | | | | | | | | | | | Make sure that format strings cannot leak into printk() calls from the msgbuf string. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: lustre: clean up format string usagesKees Cook2013-09-177-14/+14
| | | | | | | | | | | | | | | | | | This fixes up the usage of snprintf, strncpy, and format strings in the call to kthread_run to avoid ever accidentally allowing a format string into the thread name. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: dgap: fix overflows and format stringsKees Cook2013-09-171-7/+10
| | | | | | | | | | | | | | | | | | The boot message buffer could potentially overflow the stack and the heap. Additionally make sure format strings could not leak into printk() calls. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: xillybus: fix format string usageKees Cook2013-09-171-1/+1
| | | | | | | | | | | | | | Makes sure format string cannot leak into device_create() call. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging: r8188eu: Fix uninitialized variable change_inxGeert Uytterhoeven2013-09-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | drivers/staging/rtl8188eu/core/rtw_wlan_util.c: In function ‘WMMOnAssocRsp’: drivers/staging/rtl8188eu/core/rtw_wlan_util.c:634: warning: ‘change_inx’ may be used uninitialized in this function And the compiler is right: change_inx should be initialized to false. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * staging/lustre: Correct default for LUSTRE_TRANSLATE_ERRNOSGeert Uytterhoeven2013-09-171-1/+1
| | | | | | | | | | | | | | | | LUSTRE_TRANSLATE_ERRNOS is never enabled, a "true" is not a valid value. Use "default y" instead of "default true" to fix this. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>