1. 09 Aug, 2014 7 commits
    • Olof Johansson's avatar
      Merge tag 'omap-for-v3.17/soc-fixes' of... · bb7aedff
      Olof Johansson authored
      Merge tag 'omap-for-v3.17/soc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
      
      Merge "few omap fixes for v3.17 merge window" from Tony Lindgren:
      
      Few fixes for the v3.17 merge window:
      
      - Fix for DPLL rate rounding
      - Fix for omap3 ES3.1.2 suspend
      - Few coding style fixes
      
      * tag 'omap-for-v3.17/soc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
        ARM: OMAP3: Fix coding style problems in arch/arm/mach-omap2/control.c
        ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX rev3.1.2 case.
        ARM: OMAP2+: clock: allow omap2_dpll_round_rate() to round to next-lowest rate
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      bb7aedff
    • Doug Anderson's avatar
      ARM: dts: Fix the sort ordering of EHCI and HSIC in rk3288.dtsi · c9c32c50
      Doug Anderson authored
      The EHCI and HSIC device tree nodes were added in the wrong place.
      Fix them.
      Signed-off-by: default avatarDoug Anderson <dianders@chromium.org>
      Signed-off-by: default avatarKever Yang <kever.yang@rock-chips.com>
      Signed-off-by: default avatarHeiko Stuebner <heiko@sntech.de>
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      c9c32c50
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20140808' of git://git.infradead.org/linux-mtd · c309bfa9
      Linus Torvalds authored
      Pull MTD updates from Brian Norris:
       "AMD-compatible CFI driver:
         - Support OTP programming for Micron M29EW family
         - Increase buffer write timeout, according to detected flash
           parameter info
      
        NAND
         - Add helpers for retrieving ONFI timing modes
         - GPMI: provide option to disable bad block marker swapping (required
           for Ka-On electronics platforms)
      
        SPI NOR
         - EON EN25QH128 support
         - Support new Flag Status Register (FSR) on a few Micron flash
      
        Common
         - New sysfs entries for bad block and ECC stats
      
        And a few miscellaneous refactorings, cleanups, and driver
        improvements"
      
      * tag 'for-linus-20140808' of git://git.infradead.org/linux-mtd: (31 commits)
        mtd: gpmi: make blockmark swapping optional
        mtd: gpmi: remove line breaks from error messages and improve wording
        mtd: gpmi: remove useless (void *) type casts and spaces between type casts and variables
        mtd: atmel_nand: NFC: support multiple interrupt handling
        mtd: atmel_nand: implement the nfc_device_ready() by checking the R/B bit
        mtd: atmel_nand: add NFC status error check
        mtd: atmel_nand: make ecc parameters same as definition
        mtd: nand: add ONFI timing mode to nand_timings converter
        mtd: nand: define struct nand_timings
        mtd: cfi_cmdset_0002: fix do_write_buffer() timeout error
        mtd: denali: use 8 bytes for READID command
        mtd/ftl: fix the double free of the buffers allocated in build_maps()
        mtd: phram: Fix whitespace issues
        mtd: spi-nor: add support for EON EN25QH128
        mtd: cfi_cmdset_0002: Add support for locking OTP memory
        mtd: cfi_cmdset_0002: Add support for writing OTP memory
        mtd: cfi_cmdset_0002: Invalidate cache after entering/exiting OTP memory
        mtd: cfi_cmdset_0002: Add support for reading OTP
        mtd: spi-nor: add support for flag status register on Micron chips
        mtd: Account for BBT blocks when a partition is being allocated
        ...
      c309bfa9
    • Linus Torvalds's avatar
      Merge tag 'fbdev-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux · 9e9ac896
      Linus Torvalds authored
      Pull fbdev updates from Tomi Valkeinen:
       - much better HDMI infoframe support for OMAP
       - Cirrus Logic CLPS711X framebuffer driver
       - DT support for PL11x CLCD driver
       - various small fixes
      
      * tag 'fbdev-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (35 commits)
        OMAPDSS: DSI: fix depopulating dsi peripherals
        video: hyperv: hyperv_fb: refresh the VM screen by force on VM panic
        video: ARM CLCD: Fix DT-related build problems
        drivers: video: fbdev: atmel_lcdfb.c: Add ability to inverted backlight PWM.
        video: ARM CLCD: Add DT support
        drm/omap: Add infoframe & dvi/hdmi mode support
        OMAPDSS: HDMI: remove the unused code
        OMAPDSS: HDMI5: add support to set infoframe & HDMI mode
        OMAPDSS: HDMI4: add support to set infoframe & HDMI mode
        OMAPDSS: HDMI: add infoframe and hdmi_dvi_mode fields
        OMAPDSS: add hdmi ops to hdmi-connector and tpd12s015
        OMAPDSS: add hdmi ops to hdmi_ops and omap_dss_driver
        OMAPDSS: HDMI: remove custom avi infoframe
        OMAPDSS: HDMI5: use common AVI infoframe support
        OMAPDSS: HDMI4: use common AVI infoframe support
        OMAPDSS: Kconfig: select HDMI
        OMAPDSS: HDMI: fix name conflict
        OMAPDSS: DISPC: clean up dispc_mgr_timings_ok
        OMAPDSS: DISPC: reject interlace for lcd out
        OMAPDSS: DISPC: fix debugfs reg dump
        ...
      9e9ac896
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-3.17-rc1' of... · 34b20e6d
      Linus Torvalds authored
      Merge tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm changes from Thierry Reding:
       "The set of changes for this merge window contains two new drivers: one
        for Rockchip SoCs and another for STMicroelectronics STiH4xx SoCs.
      
        The remainder of the changes are the usual small cleanups such as
        removing redundant OOM messages, signalling that a PWM chip's
        operations can sleep and removing an unneeded dependency"
      
      * tag 'pwm/for-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
        pwm: rockchip: Added to support for RK3288 SoC
        pwm: rockchip: document RK3288 SoC compatible
        pwm: sti: Remove PWM period table
        pwm: sti: Sync between enable/disable calls
        pwm: sti: Ensure same period values for all channels
        pwm: sti: Fix PWM prescaler handling
        pwm: sti: Supply Device Tree binding documentation for ST's PWM IP
        pwm: sti: Add new driver for ST's PWM IP
        pwm: imx: set can_sleep flag for imx_pwm
        pwm: lpss: remove dependency on clk framework
        pwm: pwm-tipwmss: remove unnecessary OOM messages
        pwm: rockchip: document device tree bindings
        pwm: add Rockchip SoC PWM support
      34b20e6d
    • Linus Torvalds's avatar
      Merge tag 'gpio-v3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 06b49ea4
      Linus Torvalds authored
      Pull GPIO update from Linus Walleij:
       "This is the bulk of GPIO changes for the v3.17 development cycle, and
        this time we got a lot of action going on and it will continue:
      
         - The core GPIO library implementation has been split up in three
           different files:
           - gpiolib.c for the latest and greatest and shiny GPIO library code
             using GPIO descriptors only
           - gpiolib-legacy.c for the old integer number space API that we are
             phasing out gradually
           - gpiolib-sysfs.c for the sysfs interface that we are not entirely
             happy with, but has to live on for ABI compatibility
      
         - Add a flags argument to *gpiod_get* functions, with some
           backward-compatibility macros to ease transitions.  We should have
           had the flags there from the beginning it seems, now we need to
           clean up the mess.  There is a plan on how to move forward here
           devised by Alexandre Courbot and Mark Brown
      
         - Split off a special <linux/gpio/machine.h> header for the board
           gpio table registration, as per example from the regulator
           subsystem
      
         - Start to kill off the return value from gpiochip_remove() by
           removing the __must_check attribute and removing all checks inside
           the drivers/gpio directory.  The rationale is: well what were we
           supposed to do if there is an error code? Not much: print an error
           message.  And gpiolib already does that.  So make this function
           return void eventually
      
         - Some cleanups of hairy gpiolib code, make some functions not to be
           used outside the library private and make sure they are not
           exported, remove gpiod_lock/unlock_as_irq() as the existing
           function is for driver-internal use and fine as it is, delete
           gpio_ensure_requested() as it is not meaningful anymore
      
         - Support the GPIOF_ACTIVE_LOW flag from gpio_request_one() function
           calls, which is logical since this is already supported when
           referencing GPIOs from e.g. device trees
      
         - Switch STMPE, intel-mid, lynxpoint and ACPI (!) to use the gpiolib
           irqchip helpers cutting down on GPIO irqchip boilerplate a bit more
      
         - New driver for the Zynq GPIO block
      
         - The usual incremental improvements around a bunch of drivers
      
         - Janitorial syntactic and semantic cleanups by Jingoo Han, and
           Rickard Strandqvist especially"
      
      * tag 'gpio-v3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (37 commits)
        MAINTAINERS: update GPIO include files
        gpio: add missing includes in machine.h
        gpio: add flags argument to gpiod_get*() functions
        MAINTAINERS: Update Samsung pin control entry
        gpio / ACPI: Move event handling registration to gpiolib irqchip helpers
        gpio: lynxpoint: Convert to use gpiolib irqchip
        gpio: split gpiod board registration into machine header
        gpio: remove gpio_ensure_requested()
        gpio: remove useless check in gpiolib_sysfs_init()
        gpiolib: Export gpiochip_request_own_desc and gpiochip_free_own_desc
        gpio: move gpio_ensure_requested() into legacy C file
        gpio: remove gpiod_lock/unlock_as_irq()
        gpio: make gpiochip_get_desc() gpiolib-private
        gpio: simplify gpiochip_export()
        gpio: remove export of private of_get_named_gpio_flags()
        gpio: Add support for GPIOF_ACTIVE_LOW to gpio_request_one functions
        gpio: zynq: Clear pending interrupt when enabling a IRQ
        gpio: drop retval check enforcing from gpiochip_remove()
        gpio: remove all usage of gpio_remove retval in driver/gpio
        devicetree: Add Zynq GPIO devicetree bindings documentation
        ...
      06b49ea4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 664fb230
      Linus Torvalds authored
      Pull input updates from Dmitry Torokhov:
       - big update to Wacom driver by Benjamin Tissoires, converting it to
         HID infrastructure and unifying USB and Bluetooth models
       - large update to ALPS driver by Hans de Goede, which adds support for
         newer touchpad models as well as cleans up and restructures the code
       - more changes to Atmel MXT driver, including device tree support
       - new driver for iPaq x3xxx touchscreen
       - driver for serial Wacom tablets
       - driver for Microchip's CAP1106
       - assorted cleanups and improvements to existing drover and input core
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (93 commits)
        Input: wacom - update the ABI doc according to latest changes
        Input: wacom - only register once the MODULE_* macros
        Input: HID - remove hid-wacom Bluetooth driver
        Input: wacom - add copyright note and bump version to 2.0
        Input: wacom - remove passing id for wacom_set_report
        Input: wacom - check for bluetooth protocol while setting OLEDs
        Input: wacom - handle Intuos 4 BT in wacom.ko
        Input: wacom - handle Graphire BT tablets in wacom.ko
        Input: wacom - prepare the driver to include BT devices
        Input: hyperv-keyboard - register as a wakeup source
        Input: imx_keypad - remove ifdef round PM methods
        Input: jornada720_ts - get rid of space indentation and use tab
        Input: jornada720_ts - switch to using managed resources
        Input: alps - Rushmore and v7 resolution support
        Input: mcs5000_ts - remove ifdef around power management methods
        Input: mcs5000_ts - protect PM functions with CONFIG_PM_SLEEP
        Input: ads7846 - release resources on failure for clean exit
        Input: wacom - add support for 0x12C ISDv4 sensor
        Input: atmel_mxt_ts - use deep sleep mode when stopped
        ARM: dts: am437x-gp-evm: Update binding for touchscreen size
        ...
      664fb230
  2. 08 Aug, 2014 33 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (second patchbomb from Andrew Morton) · 8065be8d
      Linus Torvalds authored
      Merge more incoming from Andrew Morton:
       "Two new syscalls:
      
           memfd_create in "shm: add memfd_create() syscall"
           kexec_file_load in "kexec: implementation of new syscall kexec_file_load"
      
        And:
      
         - Most (all?) of the rest of MM
      
         - Lots of the usual misc bits
      
         - fs/autofs4
      
         - drivers/rtc
      
         - fs/nilfs
      
         - procfs
      
         - fork.c, exec.c
      
         - more in lib/
      
         - rapidio
      
         - Janitorial work in filesystems: fs/ufs, fs/reiserfs, fs/adfs,
           fs/cramfs, fs/romfs, fs/qnx6.
      
         - initrd/initramfs work
      
         - "file sealing" and the memfd_create() syscall, in tmpfs
      
         - add pci_zalloc_consistent, use it in lots of places
      
         - MAINTAINERS maintenance
      
         - kexec feature work"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org: (193 commits)
        MAINTAINERS: update nomadik patterns
        MAINTAINERS: update usb/gadget patterns
        MAINTAINERS: update DMA BUFFER SHARING patterns
        kexec: verify the signature of signed PE bzImage
        kexec: support kexec/kdump on EFI systems
        kexec: support for kexec on panic using new system call
        kexec-bzImage64: support for loading bzImage using 64bit entry
        kexec: load and relocate purgatory at kernel load time
        purgatory: core purgatory functionality
        purgatory/sha256: provide implementation of sha256 in purgaotory context
        kexec: implementation of new syscall kexec_file_load
        kexec: new syscall kexec_file_load() declaration
        kexec: make kexec_segment user buffer pointer a union
        resource: provide new functions to walk through resources
        kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc()
        kexec: move segment verification code in a separate function
        kexec: rename unusebale_pages to unusable_pages
        kernel: build bin2c based on config option CONFIG_BUILD_BIN2C
        bin2c: move bin2c in scripts/basic
        shm: wait for pins to be released when sealing
        ...
      8065be8d
    • Joe Perches's avatar
      MAINTAINERS: update nomadik patterns · ecc265fe
      Joe Perches authored
      Commit 3a198059 ("pinctrl: nomadik: move all Nomadik drivers to
      subdir") move the files, update the patterns
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Cc: Linus Walleij <linus.walleij@linaro.org>
      Cc: Alessandro Rubini <rubini@unipv.it>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ecc265fe
    • Joe Perches's avatar
      MAINTAINERS: update usb/gadget patterns · faf2e1db
      Joe Perches authored
      Several commits have moved files around, update the section patterns.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Cc: Thomas Dahlmann <dahlmann.thomas@arcor.de>
      Cc: Nicolas Ferre <nicolas.ferre@atmel.com>
      Cc: Li Yang <leoli@freescale.com>
      Cc: Eric Miao <eric.y.miao@gmail.com>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Haojian Zhuang <haojian.zhuang@gmail.com>
      Acked-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      faf2e1db
    • Joe Perches's avatar
      MAINTAINERS: update DMA BUFFER SHARING patterns · e46d12c6
      Joe Perches authored
      One pattern per F: line please...
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Acked-by: default avatarSumit Semwal <sumit.semwal@linaro.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e46d12c6
    • Vivek Goyal's avatar
      kexec: verify the signature of signed PE bzImage · 8e7d8381
      Vivek Goyal authored
      This is the final piece of the puzzle of verifying kernel image signature
      during kexec_file_load() syscall.
      
      This patch calls into PE file routines to verify signature of bzImage.  If
      signature are valid, kexec_file_load() succeeds otherwise it fails.
      
      Two new config options have been introduced.  First one is
      CONFIG_KEXEC_VERIFY_SIG.  This option enforces that kernel has to be
      validly signed otherwise kernel load will fail.  If this option is not
      set, no signature verification will be done.  Only exception will be when
      secureboot is enabled.  In that case signature verification should be
      automatically enforced when secureboot is enabled.  But that will happen
      when secureboot patches are merged.
      
      Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG.  This option
      enables signature verification support on bzImage.  If this option is not
      set and previous one is set, kernel image loading will fail because kernel
      does not have support to verify signature of bzImage.
      
      I tested these patches with both "pesign" and "sbsign" signed bzImages.
      
      I used signing_key.priv key and signing_key.x509 cert for signing as
      generated during kernel build process (if module signing is enabled).
      
      Used following method to sign bzImage.
      
      pesign
      ======
      - Convert DER format cert to PEM format cert
      openssl x509 -in signing_key.x509 -inform DER -out signing_key.x509.PEM -outform
      PEM
      
      - Generate a .p12 file from existing cert and private key file
      openssl pkcs12 -export -out kernel-key.p12 -inkey signing_key.priv -in
      signing_key.x509.PEM
      
      - Import .p12 file into pesign db
      pk12util -i /tmp/kernel-key.p12 -d /etc/pki/pesign
      
      - Sign bzImage
      pesign -i /boot/vmlinuz-3.16.0-rc3+ -o /boot/vmlinuz-3.16.0-rc3+.signed.pesign
      -c "Glacier signing key - Magrathea" -s
      
      sbsign
      ======
      sbsign --key signing_key.priv --cert signing_key.x509.PEM --output
      /boot/vmlinuz-3.16.0-rc3+.signed.sbsign /boot/vmlinuz-3.16.0-rc3+
      
      Patch details:
      
      Well all the hard work is done in previous patches.  Now bzImage loader
      has just call into that code and verify whether bzImage signature are
      valid or not.
      
      Also create two config options.  First one is CONFIG_KEXEC_VERIFY_SIG.
      This option enforces that kernel has to be validly signed otherwise kernel
      load will fail.  If this option is not set, no signature verification will
      be done.  Only exception will be when secureboot is enabled.  In that case
      signature verification should be automatically enforced when secureboot is
      enabled.  But that will happen when secureboot patches are merged.
      
      Second config option is CONFIG_KEXEC_BZIMAGE_VERIFY_SIG.  This option
      enables signature verification support on bzImage.  If this option is not
      set and previous one is set, kernel image loading will fail because kernel
      does not have support to verify signature of bzImage.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Matt Fleming <matt@console-pimps.org>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8e7d8381
    • Vivek Goyal's avatar
      kexec: support kexec/kdump on EFI systems · 6a2c20e7
      Vivek Goyal authored
      This patch does two things.  It passes EFI run time mappings to second
      kernel in bootparams efi_info.  Second kernel parse this info and create
      new mappings in second kernel.  That means mappings in first and second
      kernel will be same.  This paves the way to enable EFI in kexec kernel.
      
      This patch also prepares and passes EFI setup data through bootparams.
      This contains bunch of information about various tables and their
      addresses.
      
      These information gathering and passing has been written along the lines
      of what current kexec-tools is doing to make kexec work with UEFI.
      
      [akpm@linux-foundation.org: s/get_efi/efi_get/g, per Matt]
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Matt Fleming <matt@console-pimps.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6a2c20e7
    • Vivek Goyal's avatar
      kexec: support for kexec on panic using new system call · dd5f7260
      Vivek Goyal authored
      This patch adds support for loading a kexec on panic (kdump) kernel usning
      new system call.
      
      It prepares ELF headers for memory areas to be dumped and for saved cpu
      registers.  Also prepares the memory map for second kernel and limits its
      boot to reserved areas only.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dd5f7260
    • Vivek Goyal's avatar
      kexec-bzImage64: support for loading bzImage using 64bit entry · 27f48d3e
      Vivek Goyal authored
      This is loader specific code which can load bzImage and set it up for
      64bit entry.  This does not take care of 32bit entry or real mode entry.
      
      32bit mode entry can be implemented if somebody needs it.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      27f48d3e
    • Vivek Goyal's avatar
      kexec: load and relocate purgatory at kernel load time · 12db5562
      Vivek Goyal authored
      Load purgatory code in RAM and relocate it based on the location.
      Relocation code has been inspired by module relocation code and purgatory
      relocation code in kexec-tools.
      
      Also compute the checksums of loaded kexec segments and store them in
      purgatory.
      
      Arch independent code provides this functionality so that arch dependent
      bootloaders can make use of it.
      
      Helper functions are provided to get/set symbol values in purgatory which
      are used by bootloaders later to set things like stack and entry point of
      second kernel etc.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      12db5562
    • Vivek Goyal's avatar
      purgatory: core purgatory functionality · 8fc5b4d4
      Vivek Goyal authored
      Create a stand alone relocatable object purgatory which runs between two
      kernels.  This name, concept and some code has been taken from
      kexec-tools.  Idea is that this code runs after a crash and it runs in
      minimal environment.  So keep it separate from rest of the kernel and in
      long term we will have to practically do no maintenance of this code.
      
      This code also has the logic to do verify sha256 hashes of various
      segments which have been loaded into memory.  So first we verify that the
      kernel we are jumping to is fine and has not been corrupted and make
      progress only if checsums are verified.
      
      This code also takes care of copying some memory contents to backup region.
      
      [sfr@canb.auug.org.au: run host built programs from objtree]
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8fc5b4d4
    • Vivek Goyal's avatar
      purgatory/sha256: provide implementation of sha256 in purgaotory context · daeba064
      Vivek Goyal authored
      Next two patches provide code for purgatory.  This is a code which does
      not link against the kernel and runs stand alone.  This code runs between
      two kernels.  One of the primary purpose of this code is to verify the
      digest of newly loaded kernel and making sure it matches the digest
      computed at kernel load time.
      
      We use sha256 for calculating digest of kexec segmetns.  Purgatory can't
      use stanard crypto API as that API is not available in purgatory context.
      
      Hence, I have copied code from crypto/sha256_generic.c and compiled it
      with purgaotry code so that it could be used.  I could not #include
      sha256_generic.c file here as some of the function signature requiered
      little tweaking.  Original functions work with crypto API but these ones
      don't
      
      So instead of doing #include on sha256_generic.c I just copied relevant
      portions of code into arch/x86/purgatory/sha256.c.  Now we shouldn't have
      to touch this code at all.  Do let me know if there are better ways to
      handle it.
      
      This patch does not enable compiling of this code.  That happens in next
      patch.  I wanted to highlight this change in a separate patch for easy
      review.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      daeba064
    • Vivek Goyal's avatar
      kexec: implementation of new syscall kexec_file_load · cb105258
      Vivek Goyal authored
      Previous patch provided the interface definition and this patch prvides
      implementation of new syscall.
      
      Previously segment list was prepared in user space.  Now user space just
      passes kernel fd, initrd fd and command line and kernel will create a
      segment list internally.
      
      This patch contains generic part of the code.  Actual segment preparation
      and loading is done by arch and image specific loader.  Which comes in
      next patch.
      
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cb105258
    • Vivek Goyal's avatar
      kexec: new syscall kexec_file_load() declaration · f0895685
      Vivek Goyal authored
      This is the new syscall kexec_file_load() declaration/interface.  I have
      reserved the syscall number only for x86_64 so far.  Other architectures
      (including i386) can reserve syscall number when they enable the support
      for this new syscall.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f0895685
    • Vivek Goyal's avatar
      kexec: make kexec_segment user buffer pointer a union · 815d5704
      Vivek Goyal authored
      So far kexec_segment->buf was always a user space pointer as user space
      passed the array of kexec_segment structures and kernel copied it.
      
      But with new system call, list of kexec segments will be prepared by
      kernel and kexec_segment->buf will point to a kernel memory.
      
      So while I was adding code where I made assumption that ->buf is pointing
      to kernel memory, sparse started giving warning.
      
      Make ->buf a union.  And where a user space pointer is expected, access it
      using ->buf and where a kernel space pointer is expected, access it using
      ->kbuf.  That takes care of sparse warnings.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      815d5704
    • Vivek Goyal's avatar
      resource: provide new functions to walk through resources · 8c86e70a
      Vivek Goyal authored
      I have added two more functions to walk through resources.
      
      Currently walk_system_ram_range() deals with pfn and /proc/iomem can
      contain partial pages.  By dealing in pfn, callback function loses the
      info that last page of a memory range is a partial page and not the full
      page.  So I implemented walk_system_ram_res() which returns u64 values to
      callback functions and now it properly return start and end address.
      
      walk_system_ram_range() uses find_next_system_ram() to find the next ram
      resource.  This in turn only travels through siblings of top level child
      and does not travers through all the nodes of the resoruce tree.  I also
      need another function where I can walk through all the resources, for
      example figure out where "GART" aperture is.  Figure out where ACPI memory
      is.
      
      So I wrote another function walk_iomem_res() which walks through all
      /proc/iomem resources and returns matches as asked by caller.  Caller can
      specify "name" of resource, start and end and flags.
      
      Got rid of find_next_system_ram_res() and instead implemented more generic
      find_next_iomem_res() which can be used to traverse top level children
      only based on an argument.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8c86e70a
    • Vivek Goyal's avatar
      kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() · 255aedd9
      Vivek Goyal authored
      kimage_normal_alloc() and kimage_crash_alloc() are doing lot of similar
      things and differ only little.  So instead of having two separate
      functions create a common function kimage_alloc_init() and pass it the
      "flags" argument which tells whether it is normal kexec or kexec_on_panic.
       And this function should be able to deal with both the cases.
      
      This consolidation also helps later where we can use a common function
      kimage_file_alloc_init() to handle normal and crash cases for new file
      based kexec syscall.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      255aedd9
    • Vivek Goyal's avatar
      kexec: move segment verification code in a separate function · dabe7862
      Vivek Goyal authored
      Previously do_kimage_alloc() will allocate a kimage structure, copy
      segment list from user space and then do the segment list sanity
      verification.
      
      Break down this function in 3 parts.  do_kimage_alloc_init() to do actual
      allocation and basic initialization of kimage structure.
      copy_user_segment_list() to copy segment list from user space and
      sanity_check_segment_list() to verify the sanity of segment list as passed
      by user space.
      
      In later patches, I need to only allocate kimage and not copy segment list
      from user space.  So breaking down in smaller functions enables re-use of
      code at other places.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dabe7862
    • Vivek Goyal's avatar
      kexec: rename unusebale_pages to unusable_pages · 7d3e2bca
      Vivek Goyal authored
      Let's use the more common "unusable".
      
      This patch was originally written and posted by Boris. I am including it
      in this patch series.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7d3e2bca
    • Vivek Goyal's avatar
      kernel: build bin2c based on config option CONFIG_BUILD_BIN2C · de5b56ba
      Vivek Goyal authored
      currently bin2c builds only if CONFIG_IKCONFIG=y. But bin2c will now be
      used by kexec too.  So make it compilation dependent on CONFIG_BUILD_BIN2C
      and this config option can be selected by CONFIG_KEXEC and CONFIG_IKCONFIG.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      de5b56ba
    • Vivek Goyal's avatar
      bin2c: move bin2c in scripts/basic · 8370edea
      Vivek Goyal authored
      This patch series does not do kernel signature verification yet.  I plan
      to post another patch series for that.  Now distributions are already
      signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
      those signatures.
      
      Primary goal of this patchset is to prepare groundwork so that kernel
      image can be signed and signatures be verified during kexec load.  This
      should help with two things.
      
      - It should allow kexec/kdump on secureboot enabled machines.
      
      - In general it can help even without secureboot. By being able to verify
        kernel image signature in kexec, it should help with avoiding module
        signing restrictions. Matthew Garret showed how to boot into a custom
        kernel, modify first kernel's memory and then jump back to old kernel and
        bypass any policy one wants to.
      
      This patch (of 15):
      
      Kexec wants to use bin2c and it wants to use it really early in the build
      process. See arch/x86/purgatory/ code in later patches.
      
      So move bin2c in scripts/basic so that it can be built very early and
      be usable by arch/x86/purgatory/
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Greg Kroah-Hartman <greg@kroah.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: WANG Chao <chaowang@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8370edea
    • David Herrmann's avatar
      shm: wait for pins to be released when sealing · 05f65b5c
      David Herrmann authored
      If we set SEAL_WRITE on a file, we must make sure there cannot be any
      ongoing write-operations on the file.  For write() calls, we simply lock
      the inode mutex, for mmap() we simply verify there're no writable
      mappings.  However, there might be pages pinned by AIO, Direct-IO and
      similar operations via GUP.  We must make sure those do not write to the
      memfd file after we set SEAL_WRITE.
      
      As there is no way to notify GUP users to drop pages or to wait for them
      to be done, we implement the wait ourself: When setting SEAL_WRITE, we
      check all pages for their ref-count.  If it's bigger than 1, we know
      there's some user of the page.  We then mark the page and wait for up to
      150ms for those ref-counts to be dropped.  If the ref-counts are not
      dropped in time, we refuse the seal operation.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      05f65b5c
    • David Herrmann's avatar
      selftests: add memfd/sealing page-pinning tests · 87b2d440
      David Herrmann authored
      Setting SEAL_WRITE is not possible if there're pending GUP users. This
      commit adds selftests for memfd+sealing that use FUSE to create pending
      page-references. FUSE is very helpful here in that it allows us to delay
      direct-IO operations for an arbitrary amount of time. This way, we can
      force the kernel to pin pages and then run our normal selftests.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      87b2d440
    • David Herrmann's avatar
      selftests: add memfd_create() + sealing tests · 4f5ce5e8
      David Herrmann authored
      Some basic tests to verify sealing on memfds works as expected and
      guarantees the advertised semantics.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4f5ce5e8
    • David Herrmann's avatar
      shm: add memfd_create() syscall · 9183df25
      David Herrmann authored
      memfd_create() is similar to mmap(MAP_ANON), but returns a file-descriptor
      that you can pass to mmap().  It can support sealing and avoids any
      connection to user-visible mount-points.  Thus, it's not subject to quotas
      on mounted file-systems, but can be used like malloc()'ed memory, but with
      a file-descriptor to it.
      
      memfd_create() returns the raw shmem file, so calls like ftruncate() can
      be used to modify the underlying inode.  Also calls like fstat() will
      return proper information and mark the file as regular file.  If you want
      sealing, you can specify MFD_ALLOW_SEALING.  Otherwise, sealing is not
      supported (like on all other regular files).
      
      Compared to O_TMPFILE, it does not require a tmpfs mount-point and is not
      subject to a filesystem size limit.  It is still properly accounted to
      memcg limits, though, and to the same overcommit or no-overcommit
      accounting as all user memory.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9183df25
    • David Herrmann's avatar
      shm: add sealing API · 40e041a2
      David Herrmann authored
      If two processes share a common memory region, they usually want some
      guarantees to allow safe access. This often includes:
        - one side cannot overwrite data while the other reads it
        - one side cannot shrink the buffer while the other accesses it
        - one side cannot grow the buffer beyond previously set boundaries
      
      If there is a trust-relationship between both parties, there is no need
      for policy enforcement.  However, if there's no trust relationship (eg.,
      for general-purpose IPC) sharing memory-regions is highly fragile and
      often not possible without local copies.  Look at the following two
      use-cases:
      
        1) A graphics client wants to share its rendering-buffer with a
           graphics-server. The memory-region is allocated by the client for
           read/write access and a second FD is passed to the server. While
           scanning out from the memory region, the server has no guarantee that
           the client doesn't shrink the buffer at any time, requiring rather
           cumbersome SIGBUS handling.
        2) A process wants to perform an RPC on another process. To avoid huge
           bandwidth consumption, zero-copy is preferred. After a message is
           assembled in-memory and a FD is passed to the remote side, both sides
           want to be sure that neither modifies this shared copy, anymore. The
           source may have put sensible data into the message without a separate
           copy and the target may want to parse the message inline, to avoid a
           local copy.
      
      While SIGBUS handling, POSIX mandatory locking and MAP_DENYWRITE provide
      ways to achieve most of this, the first one is unproportionally ugly to
      use in libraries and the latter two are broken/racy or even disabled due
      to denial of service attacks.
      
      This patch introduces the concept of SEALING.  If you seal a file, a
      specific set of operations is blocked on that file forever.  Unlike locks,
      seals can only be set, never removed.  Hence, once you verified a specific
      set of seals is set, you're guaranteed that no-one can perform the blocked
      operations on this file, anymore.
      
      An initial set of SEALS is introduced by this patch:
        - SHRINK: If SEAL_SHRINK is set, the file in question cannot be reduced
                  in size. This affects ftruncate() and open(O_TRUNC).
        - GROW: If SEAL_GROW is set, the file in question cannot be increased
                in size. This affects ftruncate(), fallocate() and write().
        - WRITE: If SEAL_WRITE is set, no write operations (besides resizing)
                 are possible. This affects fallocate(PUNCH_HOLE), mmap() and
                 write().
        - SEAL: If SEAL_SEAL is set, no further seals can be added to a file.
                This basically prevents the F_ADD_SEAL operation on a file and
                can be set to prevent others from adding further seals that you
                don't want.
      
      The described use-cases can easily use these seals to provide safe use
      without any trust-relationship:
      
        1) The graphics server can verify that a passed file-descriptor has
           SEAL_SHRINK set. This allows safe scanout, while the client is
           allowed to increase buffer size for window-resizing on-the-fly.
           Concurrent writes are explicitly allowed.
        2) For general-purpose IPC, both processes can verify that SEAL_SHRINK,
           SEAL_GROW and SEAL_WRITE are set. This guarantees that neither
           process can modify the data while the other side parses it.
           Furthermore, it guarantees that even with writable FDs passed to the
           peer, it cannot increase the size to hit memory-limits of the source
           process (in case the file-storage is accounted to the source).
      
      The new API is an extension to fcntl(), adding two new commands:
        F_GET_SEALS: Return a bitset describing the seals on the file. This
                     can be called on any FD if the underlying file supports
                     sealing.
        F_ADD_SEALS: Change the seals of a given file. This requires WRITE
                     access to the file and F_SEAL_SEAL may not already be set.
                     Furthermore, the underlying file must support sealing and
                     there may not be any existing shared mapping of that file.
                     Otherwise, EBADF/EPERM is returned.
                     The given seals are _added_ to the existing set of seals
                     on the file. You cannot remove seals again.
      
      The fcntl() handler is currently specific to shmem and disabled on all
      files. A file needs to explicitly support sealing for this interface to
      work. A separate syscall is added in a follow-up, which creates files that
      support sealing. There is no intention to support this on other
      file-systems. Semantics are unclear for non-volatile files and we lack any
      use-case right now. Therefore, the implementation is specific to shmem.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      40e041a2
    • David Herrmann's avatar
      mm: allow drivers to prevent new writable mappings · 4bb5f5d9
      David Herrmann authored
      This patch (of 6):
      
      The i_mmap_writable field counts existing writable mappings of an
      address_space.  To allow drivers to prevent new writable mappings, make
      this counter signed and prevent new writable mappings if it is negative.
      This is modelled after i_writecount and DENYWRITE.
      
      This will be required by the shmem-sealing infrastructure to prevent any
      new writable mappings after the WRITE seal has been set.  In case there
      exists a writable mapping, this operation will fail with EBUSY.
      
      Note that we rely on the fact that iff you already own a writable mapping,
      you can increase the counter without using the helpers.  This is the same
      that we do for i_writecount.
      Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Ryan Lortie <desrt@desrt.ca>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Daniel Mack <zonque@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4bb5f5d9
    • Joe Perches's avatar
      MAINTAINERS: remove unused NFSD pattern · 935e9f02
      Joe Perches authored
      A series of commits by Christoph Hellwig removed all the files in this
      directory, remove the pattern.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      935e9f02
    • Joe Perches's avatar
      MAINTAINERS: remove unusd ARM/QUALCOMM MSM pattern · 1db22e8b
      Joe Perches authored
      Commit 87933a68dce6 ("mfd: pm8921: Remove pm8xxx API now that
      sub-devices use regmap") removed the file, remove the pattern.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Reviewed-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1db22e8b
    • Joe Perches's avatar
      MAINTAINERS: remove unused radeon drm pattern · eb231527
      Joe Perches authored
      Commit 8dcedd7e87f4 ("UAPI: (Scripted) Disintegrate include/drm") moved
      the file, remove the pattern.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      eb231527
    • Joe Perches's avatar
      MAINTAINERS: remove METAG imgdafs pattern · d656143a
      Joe Perches authored
      This never made it into the kernel tree.  Remove it.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Acked-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d656143a
    • Joe Perches's avatar
      MAINTAINERS: remove section CIRRUS LOGIC EP93XX OHCI USB HOST DRIVER · 988636a8
      Joe Perches authored
      Commit e55f7cd2 ("usb: ohci: remove ep93xx bus glue platform
      driver") removed the file, remove the section.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Cc: H Hartley Sweeten <hartleys@visionengravers.com>
      Cc: Lennert Buytenhek <kernel@wantstofly.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      988636a8
    • Joe Perches's avatar
      MAINTAINERS: update picoxcell patterns · b8733987
      Joe Perches authored
      Fix the picoxcell patterns, add the dts directory too.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Acked-by: default avatarJamie Iles <jamie@jamieiles.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b8733987
    • Joe Perches's avatar
      MAINTAINERS: fix PXA3xx NAND FLASH DRIVER pattern · 9a67f099
      Joe Perches authored
      Use underscore, not dash
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9a67f099