AgeCommit message (Collapse)AuthorFilesLines
2015-04-16arm: tizen_odroid_defconfig: enable uinput configsubmit/tizen/20150421.063448accepted/tizen/wearable/20150421.095720accepted/tizen/tv/20150421.095508accepted/tizen/mobile/20150421.095959accepted/tizen/common/20150421.084654Seung-Woo Kim1-1/+21
This patch enables uinput config to support userland input driver. Change-Id: I6937ba3db8b3d9f26f289b45f33f8abb80d053d1 Signed-off-by: Seung-Woo Kim <>
2015-04-16arm: tizen_defconfig: enable uinput configSeung-Woo Kim1-1/+21
This patch enables uinput config to support userland input driver. Change-Id: I69ad7db654d94e882fcc911eef8b8c5d94ef7e36 Signed-off-by: Seung-Woo Kim <>
2015-04-13ARM: dts: exynos4412-trats2: set display clock correctlysubmit/tizen/20150415.044325accepted/tizen/wearable/20150415.132211accepted/tizen/tv/20150415.131701accepted/tizen/mobile/20150415.132824accepted/tizen/common/20150416.090458Inki Dae1-1/+1
This patch sets display clock correctly. If Display clock isn't set correctly then you would find below messages and Display controller doesn't work correctly since a patch[1] exynos-drm: No connectors reported connected with modes [drm] Cannot find any crtc or sizes - going 1024x768 [1] commit abc0b1447d49 ("drm: Perform basic sanity checks on probed modes") Change-Id: I603afb80a27e4ca7cb8c8bb38b968c82309e1559 Signed-off-by: Inki Dae <>
2015-03-30arm: tizen_defconfig: enable Odroid X2/U3 support with single kernel imageMarek Szyprowski1-24/+36
Signed-off-by: Marek Szyprowski <> Change-Id: I92a8db74b9bcfcd55ae8d005f91ed52c844cf833
2015-03-24ARM: dts: exynos4412-trats2: Add 32khz clock property in sound node to ↵Inha Song1-2/+4
control codec_clk32k This patch add 32khz clock property in sound node to control codec_clk32k. Change-Id: Id6c2fdb13433e2c431f530aa48445913c30f6609 Signed-off-by: Inha Song <>
2015-03-24ASoC: samsung: Add 32khz clock control logic for codec mclk2Inha Song1-1/+18
This patch add 32khz clock control logic for codec's master clock 2(MCLK2). WM1811 codec can use MCLK1 and MCLK2 as FLL's source clocks. Change-Id: Ifc57ae1772db9a905b0d1c101442ccf649d53c6b Signed-off-by: Inha Song <>
2015-03-17rinato: Enable CONFIG_DEVPTS_MULTIPLE_INSTANCESsubmit/tizen/20150318.083505accepted/tizen/wearable/20150319.013242accepted/tizen/tv/20150319.020218accepted/tizen/mobile/20150319.013810accepted/tizen/common/20150318.153518Maciej Wereski1-1/+1
This is required by systemd. Other configurations has this already enabled. Related: Change-Id: Ib8e4744c4cea1e0b6fe86ecb9e09cfa49be683be Signed-off-by: Maciej Wereski <>
2015-03-06arm: tizen_rinato_defconfig: enable mali r4p0submit/tizen/20150306.102923accepted/tizen/wearable/20150307.082045accepted/tizen/tv/20150307.081616accepted/tizen/mobile/20150310.065840accepted/tizen/common/20150306.164623Joonyoung Shim1-4/+8
Use mali r4p0 instead of r3p2. Change-Id: Ie777bf67c1887df0ca5180a42ac6c6a5d0753bd6 Signed-off-by: Joonyoung Shim <>
2015-03-06arm: tizen_defconfig: enable mali r4p0Joonyoung Shim1-4/+8
Use mali r4p0 instead of r3p2. Change-Id: I911044ee55e7830f56e93eeeb56adfc1fcfe2b0e Signed-off-by: Joonyoung Shim <>
2015-03-06arm: tizen_odroid_defconfig: enable mali r4p0Joonyoung Shim1-3/+7
Use mali r4p0 instead of r3p2. Change-Id: I9a40493ea1d1dce95576c8d0f17af0a34fa13f28 Signed-off-by: Joonyoung Shim <>
2015-03-04drm/exynos: gsc: always use hw buffer 0 until queue management get fixedMarek Szyprowski1-12/+12
Buffer sequence selection is broken and must be fixed. For the time being always queue buffers for hw id 0, because hardware always operates on the first src and dst buffer. This fixes IOMMU faults and makes the driver usable from userspace. Suggested-by: Andrzej Hajda <> Signed-off-by: Marek Szyprowski <> Change-Id: I46f43a5ad8b714a78bad7383bc5e532bf5015ecd
2015-02-26drm/exynos/ipp: Validate buffer enqueue requestsBeata Michalska1-1/+38
As for now there is no validation of incoming buffer enqueue request as far as the gem buffers are being concerned. This might lead to some undesired cases when the driver tries to operate on invalid buffers (wiht no valid gem object handle i.e.). Add some basic checks to rule out those potential issues. Change-Id: I117b5c566169d33fd46646068f835f48b333da73 Signed-off-by: Beata Michalska <>
2015-02-26ARM: tizen_odroid_defconfig: enable audit optionssubmit/tizen/20150226.040417accepted/tizen/wearable/20150226.095643accepted/tizen/tv/20150226.094420accepted/tizen/mobile/20150226.100351accepted/tizen/common/20150226.085027Seung-Woo Kim1-1/+4
This patch enables audit options to print log for security smack from tizen_odroid_defconfig. Change-Id: I5b6d034accdffce08c6320424960a1576ad03bca Signed-off-by: Seung-Woo Kim <>
2015-02-16V4L: s5c73m3: Use internal firmware by defaultSylwester Nawrocki1-1/+1
Set the boot_from_rom module parameter by default to 1 so the internal sensors's firmware from ROM is used. The external firmware will be loaded only if the module parameter is explicitly set to 0 by the user. This prevents camera stream on failures for some S5C73M3 revisions. Change-Id: I8c8c936c982df0db6f570e33b55596cce11b0b16 Signed-off-by: Sylwester Nawrocki <>
2015-02-12[media] exynos4-is: Fix fimc-lite bayer formatsArun Kumar K1-2/+2
The 10-bit and 12-bit Bayer output formats supported by FIMC-LITE actually use 16 bits where the extra bits are padded with zeros. The patch corrects buffer allocation for these two formats by modifying the depth field. This prevents memory corruption by the output DMA due to insufficient buffer size. Signed-off-by: Arun Kumar K <> Signed-off-by: Sylwester Nawrocki <> Signed-off-by: Mauro Carvalho Chehab <> Cc: Change-Id: Id0e3f13ce13de51218aa0b99f86311fcf411e4ec
2015-02-12[media] exynos5-is: Reset CMU-ISPBeata Michalska1-0/+10
Reset CMU-ISP prior to entering low-power mode. Change-Id: I2caf9ecbee728f07480ee8b18ff1d5558db77bad Signed-off-by: Beata Michalska <>
2015-02-11drm/exynos: debugfs: add debugfs interface and gem_info nodesubmit/tizen/20150212.024415accepted/tizen/wearable/20150213.030440accepted/tizen/tv/20150213.025935accepted/tizen/mobile/20150213.030609accepted/tizen/common/20150212.145007YoungJun Cho5-0/+133
The memps requires gem_info with gem_names to analyze graphics(video) shared memory, so adds gem_info node with debugfs interface. Change-Id: Ia923aa53c1508174e874d36001f53b0c42daac21 Signed-off-by: YoungJun Cho <>
2015-02-12drm: use common drm_gem_dmabuf_release in i915/exynos driversDaniel Vetter4-35/+5
Note that this is slightly tricky since both drivers store their native objects in dma_buf->priv. But both also embed the base drm_gem_object at the first position, so the implicit cast is ok. To use the release helper we need to export it, too. Change-Id: I37e9ffec79c90304d444ae9b6c47346f125feb49 Cc: Inki Dae <> Cc: Intel Graphics Development <> Signed-off-by: Daniel Vetter <> Signed-off-by: Dave Airlie <> [This patch is necessary for commit 7f663e197afa drm/prime: proper locking+refcounting for obj->dma_buf link] Signed-off-by: Seung-Woo Kim <>
2015-02-04packaging: fix kernel-devel requiressubmit/tizen/20150205.100354submit/tizen/20150204.122125accepted/tizen/wearable/20150206.012149accepted/tizen/tv/20150206.011611accepted/tizen/mobile/20150207.035820accepted/tizen/common/20150205.164821tizen_3.0.2015.q1_commontizen_3.0.2014.q4_commonChanho Park1-1/+1
"%{variant}-linux-kernel" is provided instead of "linux-kernel". Change-Id: Iad93b6e0fb53a5ead25842cd1de800b5af1b630b Signed-off-by: Chanho Park <>
2015-02-02exynos/drm: g2d: return 0 instead of ret in g2d_map_cmdlist_gemsubmit/tizen/20150202.023401accepted/tizen/wearable/20150202.095817accepted/tizen/tv/20150202.095715accepted/tizen/mobile/20150202.100101accepted/tizen/common/20150202.085553Chanho Park1-1/+1
This patch fixes a return value of g2d_map_cmdlist_gem. Since applied dmabuf_sync, the return value was changed to ret when success return. This is wrong value when everything is successful. Change-Id: I0ddb735b8f894ec065ee90865d0a8b45bf892b8e Reported-by: Voloshynov Sergii <> Signed-off-by: Voloshynov Sergii <> Signed-off-by: Chanho Park <>
2015-01-29mmc: dw_mmc: exynos: Revert the sdr_timing assignmentYuvaraj Kumar C D1-1/+2
e6c784eded7b3 ("mmc: dw_mmc: exynos: move the exynos private init") was wrongly assigning ddr_timing value to sdr_timing. This patch fixes this by reverting the sdr_timing assignment statement to the earlier location. Change-Id: I00d74956f2ce166063446b388b92c166d8b524dc Signed-off-by: Yuvaraj Kumar C D <> Acked-by: Seungwon Jeon <> Signed-off-by: Chris Ball <>
2015-01-14Workaround for building using perl 5.20.0submit/tizen_wearable/20150127.000000submit/tizen_wearable/20150116.000000submit/tizen_tv/20150120.000002submit/tizen_tv/20150120.000001submit/tizen_tv/20150120.000000submit/tizen_tv/20150119.000001submit/tizen_tv/20150119.000000submit/tizen_tv/20150116.000000submit/tizen_mobile/20150123.000000submit/tizen_mobile/20150116.000003submit/tizen_mobile/20150116.000001submit/tizen_common/20150114.084218accepted/tizen/wearable/20150128.040556accepted/tizen/tv/20150122.091216accepted/tizen/mobile/20150126.012145accepted/tizen/common/20150114.162108Stephane Desneux1-1/+1
Change-Id: Iff1664f694da27ba209bf7c3febf2f3662c8b5cc Signed-off-by: Stephane Desneux <>
2015-01-05Revert "ARM: exynos: add support secondary core bootup in big.LITTLE processor."Chanho Park3-26/+15
This reverts commit c25aae8a02c0e3132df581d1d12be1d6738a08d6. I think we need to investigate this patch more and more. Change-Id: Idb69b33334f53ddd414123f6e9ac432840b99857 Signed-off-by: Chanho Park <>
2015-01-04security: smack: fix out-of-bounds access in smk_parse_smack()Andrey Ryabinin1-4/+3
Setting smack label on file (e.g. 'attr -S -s SMACK64 -V "test" test') triggered following spew on the kernel with KASan applied: ================================================================== BUG: AddressSanitizer: out of bounds access in strncpy+0x28/0x60 at addr ffff8800059ad064 ============================================================================= BUG kmalloc-8 (Not tainted): kasan error ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Slab 0xffffea0000166b40 objects=128 used=7 fp=0xffff8800059ad080 flags=0x4000000000000080 INFO: Object 0xffff8800059ad060 @offset=96 fp=0xffff8800059ad080 Bytes b4 ffff8800059ad050: a0 df 9a 05 00 88 ff ff 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ Object ffff8800059ad060: 74 65 73 74 6b 6b 6b a5 testkkk. Redzone ffff8800059ad068: cc cc cc cc cc cc cc cc ........ Padding ffff8800059ad078: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 0 PID: 528 Comm: attr Tainted: G B 3.18.0-rc1-mm1+ #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 0000000000000000 ffff8800059ad064 ffffffff81534cf2 ffff880005a5bc40 ffffffff8112fe1a 0000000100800006 0000000f059ad060 ffff880006000f90 0000000000000296 ffffea0000166b40 ffffffff8107ca97 ffff880005891060 Call Trace: ? dump_stack (lib/dump_stack.c:52) ? kasan_report_error (mm/kasan/report.c:102 mm/kasan/report.c:178) ? preempt_count_sub (kernel/sched/core.c:2651) ? __asan_load1 (mm/kasan/kasan.h:50 mm/kasan/kasan.c:248 mm/kasan/kasan.c:358) ? strncpy (lib/string.c:121) ? strncpy (lib/string.c:121) ? smk_parse_smack (security/smack/smack_access.c:457) ? setxattr (fs/xattr.c:343) ? smk_import_entry (security/smack/smack_access.c:514) ? smack_inode_setxattr (security/smack/smack_lsm.c:1093 (discriminator 1)) ? security_inode_setxattr (security/security.c:602) ? vfs_setxattr (fs/xattr.c:134) ? setxattr (fs/xattr.c:343) ? setxattr (fs/xattr.c:360) ? get_parent_ip (kernel/sched/core.c:2606) ? preempt_count_sub (kernel/sched/core.c:2651) ? __percpu_counter_add (arch/x86/include/asm/preempt.h:98 lib/percpu_counter.c:90) ? get_parent_ip (kernel/sched/core.c:2606) ? preempt_count_sub (kernel/sched/core.c:2651) ? __mnt_want_write (arch/x86/include/asm/preempt.h:98 fs/namespace.c:359) ? path_setxattr (fs/xattr.c:380) ? SyS_lsetxattr (fs/xattr.c:397) ? system_call_fastpath (arch/x86/kernel/entry_64.S:423) Read of size 1 by task attr: Memory state around the buggy address: ffff8800059ace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8800059acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8800059acf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8800059ad000: 00 fc fc fc 00 fc fc fc 05 fc fc fc 04 fc fc fc ^ ffff8800059ad080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8800059ad100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8800059ad180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== strncpy() copies one byte more than the source string has. Fix this by passing the correct length to strncpy(). Now we can remove initialization of the last byte in 'smack' string because kzalloc() already did this for us. Signed-off-by: Andrey Ryabinin <> Change-Id: I7bb84eed3c348711312434d98d6cc13cbe8f5d76 Signed-off-by: Seung-Woo Kim <>
2015-01-04lib/idr.c: fix out-of-bounds pointer dereferenceAndrey Ryabinin1-11/+14
I'm working on address sanitizer project for kernel. Recently we started experiments with stack instrumentation, to detect out-of-bounds read/write bugs on stack. Just after booting I've hit out-of-bounds read on stack in idr_for_each (and in __idr_remove_all as well): struct idr_layer **paa = &pa[0]; while (id >= 0 && id <= max) { ... while (n < fls(id)) { n += IDR_BITS; p = *--paa; <--- here we are reading pa[-1] value. } } Despite the fact that after this dereference we are exiting out of loop and never use p, such behaviour is undefined and should be avoided. Fix this by moving pointer derference to the beggining of the loop, right before we will use it. Signed-off-by: Andrey Ryabinin <> Reviewed-by: Lai Jiangshan <> Cc: Tejun Heo <> Cc: Alexey Preobrazhensky <> Cc: Dmitry Vyukov <> Cc: Konstantin Khlebnikov <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: Id151fc7e874e3cff64da43eb3359f022de7e6cae Signed-off-by: Seung-Woo Kim <>
2015-01-04drm: delete unconsumed pending event list in drm_events_releaseYoungJun Cho1-1/+3
When there are unconsumed pending events, the events are destroyed by calling destroy callback, but the events list are remained, because there is no list_del(). It is possible that the page flip request is handled after drm_events_release() is called and before drm_fb_release(). In this case a drm_pending_event is remained not freed. So exynos driver checks again to remove it in its post close routine. But the file_priv->event_list contains undeleted ones, this can make oops for accessing invalid memory. Signed-off-by: YoungJun Cho <> Signed-off-by: Kyungmin Park <> Signed-off-by: Dave Airlie <> Change-Id: I25a471f4f4929150542eb6273c7673b9f44936b6 [back-ported from mainline to fix use after free issue] Signed-off-by: Seung-Woo Kim <>
2014-12-29cgroup: replace task_cgroup_path_from_hierarchy() with task_cgroup_path()Tejun Heo2-14/+20
task_cgroup_path_from_hierarchy() was added for the planned new users and none of the currently planned users wants to know about multiple hierarchies. This patch drops the multiple hierarchy part and makes it always return the path in the first non-dummy hierarchy. As unified hierarchy will always have id 1, this is guaranteed to return the path for the unified hierarchy if mounted; otherwise, it will return the path from the hierarchy which happens to occupy the lowest hierarchy id, which will usually be the first hierarchy mounted after boot. Signed-off-by: Tejun Heo <> Acked-by: Li Zefan <> Cc: Lennart Poettering <> Cc: Kay Sievers <> Cc: Jan Kaluža <> Change-Id: Iaa199f7332f01a03f791def776b5403f6fa459b3 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29cgroup: implement task_cgroup_path_from_hierarchy()Tejun Heo2-0/+34
kdbus folks want a sane way to determine the cgroup path that a given task belongs to on a given hierarchy, which is a reasonble thing to expect from cgroup core. Implement task_cgroup_path_from_hierarchy(). v2: Dropped unnecessary NULL check on the return value of task_cgroup_from_root() as suggested by Li Zefan. Signed-off-by: Tejun Heo <> Acked-by: Greg Kroah-Hartman <> Acked-by: Li Zefan <> Cc: Kay Sievers <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Change-Id: Ifd630e09163b8272627c2ef8be1866c5e9dc05f9 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29cgroup: make hierarchy_id use cyclic idrTejun Heo1-20/+8
We want to be able to lookup a hierarchy from its id and cyclic allocation is a whole lot simpler with idr. Convert to idr and use idr_alloc_cyclc(). Signed-off-by: Tejun Heo <> Acked-by: Li Zefan <> Change-Id: Ibd20ebe71ddb452178302cf86a22572b18cd82df Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29cgroup: drop hierarchy_id_lockTejun Heo1-6/+17
Now that hierarchy_id alloc / free are protected by the cgroup mutexes, there's no need for this separate lock. Drop it. Signed-off-by: Tejun Heo <> Acked-by: Li Zefan <> Change-Id: I03fbc8bba08a785c6082a9b5bb1087c53c506c60 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29cgroup: refactor hierarchy_id handlingTejun Heo1-21/+35
We're planning to converting hierarchy_ida to an idr and use it to look up hierarchy from its id. As we want the mapping to happen atomically with cgroupfs_root registration, this patch refactors hierarchy_id init / exit so that ida operations happen inside cgroup_[root_]mutex. * s/init_root_id()/cgroup_init_root_id()/ and make it return 0 or -errno like a normal function. * Move hierarchy_id initialization from cgroup_root_from_opts() into cgroup_mount() block where the root is confirmed to be used and being registered while holding both mutexes. * Split cgroup_drop_id() into cgroup_exit_root_id() and cgroup_free_root(), so that ID release can happen before dropping the mutexes in cgroup_kill_sb(). The latter expects hierarchy_id to be exited before being invoked. Signed-off-by: Tejun Heo <> Acked-by: Li Zefan <> Change-Id: Ie1433632bcde96c359fd1d488a81cc3255ee92e6 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29smack: introduce a special case for tmpfs in smack_d_instantiate()Łukasz Stelmach1-2/+14
Files created with __shmem_file_stup() appear to have somewhat fake dentries which make them look like root directories and not get the label the current process or ("*") star meant for tmpfs files. Change-Id: If0e2e3ceddeff55d5121e76e85dbea60414b786a Signed-off-by: Łukasz Stelmach <>
2014-12-29selftests/memfd: Run test on all architecturesPranith Kumar1-21/+0
Remove the dependence on x86 to run the memfd test. Verfied on 32-bit powerpc. Signed-off-by: Pranith Kumar <> Reviewed-by: David Herrmann <> Signed-off-by: Shuah Khan <> Change-Id: I4e3a0d311842f5d0327abdb6bb8ce3ba1460f902 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29shm: add memfd.h to UAPI export listDavid Drysdale1-0/+1
The new header file memfd.h from commit 9183df25fe7b ("shm: add memfd_create() syscall") should be exported. Signed-off-by: David Drysdale <> Reviewed-by: David Herrmann <> Cc: Hugh Dickins <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: Ibcd915aad320ddedcfcca0b7a098e03cc883fd88 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29memfd_test: Add missing argument to printf()Pranith Kumar1-1/+1
Add a missing path argument buf to printf() Signed-off-by: Pranith Kumar <> Reviewed-by: David Herrmann <> Signed-off-by: Shuah Khan <> Change-Id: Ie4d1f23fc07a397971ee94c0fdd164fb7145771d Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29memfd_test: Make it work on 32-bit systemsPranith Kumar1-18/+16
This test currently fails on 32-bit systems since we use u64 type to pass the flags to fcntl. This commit changes this to use 'unsigned int' type for flags to fcntl making it work on 32-bit systems. Signed-off-by: Pranith Kumar <> Reviewed-by: David Herrmann <> Signed-off-by: Shuah Khan <> Change-Id: I80190741a7cfaf9517cf220a58bcc36177139993 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29asm-generic: add memfd_create system call to unistd.hWill Deacon1-1/+8
Commit 9183df25fe7b ("shm: add memfd_create() syscall") added a new system call (memfd_create) but didn't update the asm-generic unistd header. This patch adds the new system call to the asm-generic version of unistd.h so that it can be used by architectures such as arm64. Cc: Arnd Bergmann <> Reviewed-by: David Herrmann <> Signed-off-by: Will Deacon <> Change-Id: I7fff684716a86ad9f10e19755480c32ce9eeb861 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29arm64: compat: wire up memfd_create and getrandom syscalls for aarch32Will Deacon1-1/+8
arch/arm/ just grew support for the new memfd_create and getrandom syscalls, so add them to our compat layer too. Signed-off-by: Will Deacon <> Origin: Backported-by: Maciej Wereski <> getrandom isn't wired. Change-Id: I0bfb09e924d839ede0f998a73a4b9a395359a1b6 Signed-off-by: Maciej Wereski <>
2014-12-29ARM: wire up memfd_create syscallRussell King3-1/+8
Add the memfd_create syscall to ARM. Signed-off-by: Russell King <> Origin: Backported-by: Maciej Wereski <> Adjusted __NR_syscalls as in commit eb6452537b280652eee66801ec97cc369e27e5d8. Signed-off-by: Maciej Wereski <> Change-Id: I8bcbec0d5fb6241cbb5c13f142552dbfe5307c9e
2014-12-29shm: wait for pins to be released when sealingDavid Herrmann1-1/+109
If we set SEAL_WRITE on a file, we must make sure there cannot be any ongoing write-operations on the file. For write() calls, we simply lock the inode mutex, for mmap() we simply verify there're no writable mappings. However, there might be pages pinned by AIO, Direct-IO and similar operations via GUP. We must make sure those do not write to the memfd file after we set SEAL_WRITE. As there is no way to notify GUP users to drop pages or to wait for them to be done, we implement the wait ourself: When setting SEAL_WRITE, we check all pages for their ref-count. If it's bigger than 1, we know there's some user of the page. We then mark the page and wait for up to 150ms for those ref-counts to be dropped. If the ref-counts are not dropped in time, we refuse the seal operation. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: I952289df3c4261be68ab4dc590890fe20b0906a4 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29selftests: add memfd/sealing page-pinning testsDavid Herrmann5-1/+450
Setting SEAL_WRITE is not possible if there're pending GUP users. This commit adds selftests for memfd+sealing that use FUSE to create pending page-references. FUSE is very helpful here in that it allows us to delay direct-IO operations for an arbitrary amount of time. This way, we can force the kernel to pin pages and then run our normal selftests. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: Ideaf47a24b3522183cbe5ae10c320f7d38e31931 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29selftests: add memfd_create() + sealing testsDavid Herrmann4-0/+945
Some basic tests to verify sealing on memfds works as expected and guarantees the advertised semantics. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: I9a6bfd2205aa868f327fdb04788a1f6bae23eb17 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29shm: add memfd_create() syscallDavid Herrmann6-0/+85
memfd_create() is similar to mmap(MAP_ANON), but returns a file-descriptor that you can pass to mmap(). It can support sealing and avoids any connection to user-visible mount-points. Thus, it's not subject to quotas on mounted file-systems, but can be used like malloc()'ed memory, but with a file-descriptor to it. memfd_create() returns the raw shmem file, so calls like ftruncate() can be used to modify the underlying inode. Also calls like fstat() will return proper information and mark the file as regular file. If you want sealing, you can specify MFD_ALLOW_SEALING. Otherwise, sealing is not supported (like on all other regular files). Compared to O_TMPFILE, it does not require a tmpfs mount-point and is not subject to a filesystem size limit. It is still properly accounted to memcg limits, though, and to the same overcommit or no-overcommit accounting as all user memory. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: I2ac7e2b47a1d68d4b83680f4527e5ed2aa9a420c Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29shm: add sealing APIDavid Herrmann4-0/+180
If two processes share a common memory region, they usually want some guarantees to allow safe access. This often includes: - one side cannot overwrite data while the other reads it - one side cannot shrink the buffer while the other accesses it - one side cannot grow the buffer beyond previously set boundaries If there is a trust-relationship between both parties, there is no need for policy enforcement. However, if there's no trust relationship (eg., for general-purpose IPC) sharing memory-regions is highly fragile and often not possible without local copies. Look at the following two use-cases: 1) A graphics client wants to share its rendering-buffer with a graphics-server. The memory-region is allocated by the client for read/write access and a second FD is passed to the server. While scanning out from the memory region, the server has no guarantee that the client doesn't shrink the buffer at any time, requiring rather cumbersome SIGBUS handling. 2) A process wants to perform an RPC on another process. To avoid huge bandwidth consumption, zero-copy is preferred. After a message is assembled in-memory and a FD is passed to the remote side, both sides want to be sure that neither modifies this shared copy, anymore. The source may have put sensible data into the message without a separate copy and the target may want to parse the message inline, to avoid a local copy. While SIGBUS handling, POSIX mandatory locking and MAP_DENYWRITE provide ways to achieve most of this, the first one is unproportionally ugly to use in libraries and the latter two are broken/racy or even disabled due to denial of service attacks. This patch introduces the concept of SEALING. If you seal a file, a specific set of operations is blocked on that file forever. Unlike locks, seals can only be set, never removed. Hence, once you verified a specific set of seals is set, you're guaranteed that no-one can perform the blocked operations on this file, anymore. An initial set of SEALS is introduced by this patch: - SHRINK: If SEAL_SHRINK is set, the file in question cannot be reduced in size. This affects ftruncate() and open(O_TRUNC). - GROW: If SEAL_GROW is set, the file in question cannot be increased in size. This affects ftruncate(), fallocate() and write(). - WRITE: If SEAL_WRITE is set, no write operations (besides resizing) are possible. This affects fallocate(PUNCH_HOLE), mmap() and write(). - SEAL: If SEAL_SEAL is set, no further seals can be added to a file. This basically prevents the F_ADD_SEAL operation on a file and can be set to prevent others from adding further seals that you don't want. The described use-cases can easily use these seals to provide safe use without any trust-relationship: 1) The graphics server can verify that a passed file-descriptor has SEAL_SHRINK set. This allows safe scanout, while the client is allowed to increase buffer size for window-resizing on-the-fly. Concurrent writes are explicitly allowed. 2) For general-purpose IPC, both processes can verify that SEAL_SHRINK, SEAL_GROW and SEAL_WRITE are set. This guarantees that neither process can modify the data while the other side parses it. Furthermore, it guarantees that even with writable FDs passed to the peer, it cannot increase the size to hit memory-limits of the source process (in case the file-storage is accounted to the source). The new API is an extension to fcntl(), adding two new commands: F_GET_SEALS: Return a bitset describing the seals on the file. This can be called on any FD if the underlying file supports sealing. F_ADD_SEALS: Change the seals of a given file. This requires WRITE access to the file and F_SEAL_SEAL may not already be set. Furthermore, the underlying file must support sealing and there may not be any existing shared mapping of that file. Otherwise, EBADF/EPERM is returned. The given seals are _added_ to the existing set of seals on the file. You cannot remove seals again. The fcntl() handler is currently specific to shmem and disabled on all files. A file needs to explicitly support sealing for this interface to work. A separate syscall is added in a follow-up, which creates files that support sealing. There is no intention to support this on other file-systems. Semantics are unclear for non-volatile files and we lack any use-case right now. Therefore, the implementation is specific to shmem. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: I58642ae2db7fef5d952b22beada3525526dd3a20 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29mm: allow drivers to prevent new writable mappingsDavid Herrmann5-9/+54
This patch (of 6): The i_mmap_writable field counts existing writable mappings of an address_space. To allow drivers to prevent new writable mappings, make this counter signed and prevent new writable mappings if it is negative. This is modelled after i_writecount and DENYWRITE. This will be required by the shmem-sealing infrastructure to prevent any new writable mappings after the WRITE seal has been set. In case there exists a writable mapping, this operation will fail with EBUSY. Note that we rely on the fact that iff you already own a writable mapping, you can increase the counter without using the helpers. This is the same that we do for i_writecount. Signed-off-by: David Herrmann <> Acked-by: Hugh Dickins <> Cc: Michael Kerrisk <> Cc: Ryan Lortie <> Cc: Lennart Poettering <> Cc: Daniel Mack <> Cc: Andy Lutomirski <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: If33fdcedbcf202ab177c4e21afc7eec261088a8b Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29mm: mmap_region: kill correct_wcount/inode, use allow_write_access()Oleg Nesterov1-9/+5
correct_wcount and inode in mmap_region() just complicate the code. This boolean was needed previously, when deny_write_access() was called before vma_merge(), now we can simply check VM_DENYWRITE and do allow_write_access() if it is set. allow_write_access() checks file != NULL, so this is safe even if it was possible to use VM_DENYWRITE && !file. Just we need to ensure we use the same file which was deny_write_access()'ed, so the patch also moves "file = vma->vm_file" down after allow_write_access(). Signed-off-by: Oleg Nesterov <> Cc: Hugh Dickins <> Cc: Al Viro <> Cc: Colin Cross <> Cc: David Rientjes <> Cc: KOSAKI Motohiro <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <> Change-Id: I05df8842b7c4b7e3e29b35d914f297ce37af1685 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-29sched: add cond_resched_rcu() helperSimon Horman1-0/+9
This is intended for use in loops which read data protected by RCU and may have a large number of iterations. Such an example is dumping the list of connections known to IPVS: ip_vs_conn_array() and ip_vs_conn_seq_next(). The benefits are for CONFIG_PREEMPT_RCU=y where we save CPU cycles by moving rcu_read_lock and rcu_read_unlock out of large loops but still allowing the current task to be preempted after every loop iteration for the CONFIG_PREEMPT_RCU=n case. The call to cond_resched() is not needed when CONFIG_PREEMPT_RCU=y. Thanks to Paul E. McKenney for explaining this and for the final version that checks the context with CONFIG_DEBUG_ATOMIC_SLEEP=y for all possible configurations. The function can be empty in the CONFIG_PREEMPT_RCU case, rcu_read_lock and rcu_read_unlock are not needed in this case because the task can be preempted on indication from scheduler. Thanks to Peter Zijlstra for catching this and for his help in trying a solution that changes __might_sleep. Initial cond_resched_rcu_lock() function suggested by Eric Dumazet. Tested-by: Julian Anastasov <> Signed-off-by: Julian Anastasov <> Signed-off-by: Simon Horman <> Acked-by: Peter Zijlstra <> Signed-off-by: Pablo Neira Ayuso <> Change-Id: I5f36f86484198f9064725d424c3d91d5fac8e1d4 Origin: Backported-by: Maciej Wereski <> Signed-off-by: Maciej Wereski <>
2014-12-24ARM: EXYNOS: use four additional chipid bits to identify EXYNOS familyChander Kashyap1-4/+3
Use chipid[27:20] bits to identify the EXYNOS family while setting up the serial port during the uncompression setup. This uses four additional bits of chipid to identify the EXYNOS family since this is required for identifying EXYNOS5420 SoC. Change-Id: Ic7cc14e68d16ae3da2a7d2177b40e40b0295d9a8 Signed-off-by: Chander Kashyap <> Signed-off-by: Thomas Abraham <> Reviewed-by: Tomasz Figa <> Signed-off-by: Kukjin Kim <>
2014-12-24ARM: exynos: add support secondary core bootup in big.LITTLE processor.Hyungwon Hwang3-15/+26
This patch adds support secondary core bootup in big.LITTLE processor for platsmp. Just core id cannot be used for identification, because there is a pair of the cores which have same core id. Cluster id have to be included for their identification. This patch makes cpu index using cluster id and core id for the calculation of their register address and the identification. But there is a problem to use cluster id for core index creation. That is, cluster id does not start from 0 in old processors which do not have more than one cluster. For example, Exynos4412's cluster id for its 4 core is 0xa. So I makes all cluster id to 0 when they are bigger than 1. Normally big.LITTLE processor does not use platsmp. But at this moment, just for the minimal functionality of big.LITTLE, this patch adds support for it. This patch can be reverted after another CPU management method is adopted. Change-Id: Ifa2d62545dd4174998f962c9608fd6d9b6034c16 Signed-off-by: Hyungwon Hwang <>
2014-12-23ARM: dts: exynos4: fix wrong compatible string for hdmiSeung-Woo Kim6-6/+6
The compatible string with exynos5 causes to get wrong configuration data with recently updated hdmi driver. So this patch fixes to bind hdmi with exynos4 family compatible strings. Change-Id: I0c6cae24ad49197de47ce3ca047bd62bf190f8a4 Signed-off-by: Seung-Woo Kim <>