Age | Commit message (Collapse) | Author |
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
This is so the flavour header packages have all the headers and
we need no shared linux-headers.
Enable this with do_complete_flavour_headers = true and
do_flavour_header_package = false in the arch.mk files
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
HACK: Must not upload this to primary archive as is.
This is a hack until we find conditional way to do this.
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Kernel module .ko files now have .gnu_debuglink sections pointing
to the full unstripped .ko in /usr/lib/debug/.. in the dbgsym ddebs.
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Only do so if KBUILD_SCRIPTROOT is used in the script makefiles
so the build is not broken for trees lacking the sauce that
adds the script crossbuild support.
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
Cross compiling the binaries in scripts/* is not possible
because various makefiles assume that $(obj)/whatever is
executable on the build host.
This patch introduces a new variable called KBUILD_SCRIPTROOT
that points to script/binaries to use while cross compiling.
Usage:
Build scripts for the build host:
make O=path/to/buildhost/buildscripts \
silentoldconfig prepare scripts
Then cross build script for target:
make O=path/to/target/buildscripts \
HOSTCC=$CROSS_COMPILE \
KBUILD_SCRIPTROOT=path/to/buildhost/buildscripts
silentoldconfig prepare scripts
This patch does not use KBUILD_SCRIPTROOT for all script invocations
it only redefines the following if KBUILD_SCRIPTROOT is defined.
scripts/Makefile.build
scripts/basic/fixdep --> $(KBUILD_SCRIPTROOT)/scripts/basic/fixdep
scripts/kconfig/Makefile
$(obj)/conf --> $(KBUILD_SCRIPTROOT)/scripts/kconfig/conf
scripts/mod/Makefile
$(obj)mk_elfconfig --> $(KBUILD_SCRIPTROOT)/scripts/mod/mk_elfconfig
Signed-off-by: John Rigby <john.rigby@linaro.org>
|
|
BugLink: http://bugs.launchpad.net/bugs/1008905
This patch fixes kernel Oops on rmmod b43 if firmware was not loaded:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000088
IP: [<ffffffff8104e988>] drain_workqueue+0x25/0x142
PGD 153ac6067 PUD 153b82067 PMD 0
Oops: 0000 [#1] SMP
Signed-off-by: Oleksij Rempel <bug-track at fisher-privat.net>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1000831
Fix net tx watchdog timeout recovery. The descriptor ring was reset,
but the DMA engine was not reset to the beginning of the ring.
Also, set the number of AXI outstanding transactions to 8.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1000831
The xgmac driver has problems with bufferable DMA descriptors. For now,
change the memory type to get things working reliably.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1000831
Linux runs in non-secure mode on highbank, so we need secure monitor calls
to enable and disable the PL310.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1000831
Add a keyboard driver to handle power and sleep keys from the management
controller. These are generated via ipc messages.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1000831
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Ike Panhc <ike.pan@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: https://bugs.launchpad.net/bugs/901410
On Dell XPS 13z (L321X) and 15 (L502X), switching off Bluetooth also
disables wifi. Fix by adding those models to the dell_blacklist table.
Signed-off-by: Mario Limonciello <mario_limonciello@dell.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/1003417
Fix following build warnings:
init/initramfs.c: In function 'populate_rootfs_early':
init/initramfs.c:629:7: warning: passing argument 1 of 'async_schedule_domain' from incompatible pointer type [enabled by default]
include/linux/async.h:20:23: note: expected 'void (*)(void *, async_cookie_t)' but argument is of type 'void (*)(void)'
init/initramfs.c:631:1: warning: no return statement in function returning non-void [-Wreturn-type]
init/initramfs.c: In function 'populate_rootfs':
init/initramfs.c:636:7: warning: passing argument 1 of 'async_schedule_domain' from incompatible pointer type [enabled by default]
include/linux/async.h:20:23: note: expected 'void (*)(void *, async_cookie_t)' but argument is of type 'void (*)(void)'
init/initramfs.c:637:1: warning: no return statement in function returning non-void [-Wreturn-type]
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
OriginalLocation: security/next cffee16e8b997ab947de661e8820e486b0830c94
BugLink: http://bugs.launchpad.net/bugs/955892
All failures from __d_path where being treated as disconnected paths,
however __d_path can also fail when the generated pathname is too long.
The initial ENAMETOOLONG error was being lost, and ENAMETOOLONG was only
returned if the subsequent dentry_path call resulted in that error. Other
wise if the path was split across a mount point such that the dentry_path
fit within the buffer when the __d_path did not the failure was treated
as a disconnected path.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
OriginalLocation: security/next bf83208e0b7f5938f5a7f6d9dfa9960bf04692fa
BugLink: http://bugs.launchpad.net/bugs/978038
also affects apparmor portion of
BugLink: http://bugs.launchpad.net/bugs/987371
The unconfined profile is not stored in the regular profile list, but
change_profile and exec transitions may want access to it when setting
up specialized transitions like switch to the unconfined profile of a
new policy namespace.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Base support for network mediation.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Add the ability for apparmor to do mediation of mount operations. Mount
rules require an updated apparmor_parser (2.8 series) for policy compilation.
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
Example mount commands
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) -> /mnt/
umount,
umount /m*,
See the apparmor userspace for full documentation
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
This reverts commit 2448934c6b2b518b46fa360d6f49f4e78cf03d11.
Revert in prepartion for refreshed/updated patch
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
When checking permissions on an overlayfs inode we do not take into
account either device cgroup restrictions nor security permissions.
This allows a user to mount an overlayfs layer over a restricted device
directory and by pass those permissions to open otherwise restricted
files.
Switch over to the newly introduced inode_only_permissions.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
permissions checks
We need to be able to check inode permissions (but not filesystem implied
permissions) for stackable filesystems. Now that permissions involve
checking with the security LSM, cgroups and basic inode permissions it is
easy to miss a key permission check and introduce a security vunerability.
Expose a new interface for these checks.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Imaging using ext4 as upperdir which has a file "hello" and lowdir is
totally empty.
1. mount -t overlayfs overlayfs -o lowerdir=/lower,upperdir=/upper /overlay
2. cd /overlay
3. ln hello bye
then the overlayfs code will call vfs_link to create a real ext4
dentry for "bye" and create
a new overlayfs dentry point to overlayfs inode (which standed for
"hello"). That means:
two overlayfs dentries and only one overlayfs inode.
and then
4. umount /overlay
5. mount -t overlayfs overlayfs -o lowerdir=/lower,upperdir=/upper
/overlay (again)
6. cd /overlay
7. ls hello bye
the overlayfs will create two inodes(one for the "hello", another
for the "bye") and two dentries (each point a inode).That means:
two dentries and two inodes.
As above, with different order of "create link" and "mount", the
result is not the same.
In order to make the behavior coherent, we need to create inode in ovl_link.
Signed-off-by: Robin Dong <sanbai@taobao.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
After allocating a new inode, if the mode of inode is incorrect, we should
release it by iput().
Signed-off-by: Robin Dong <sanbai@taobao.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add a simple read-only counter to super_block that indicates deep this
is in the stack of filesystems. Previously ecryptfs was the only
stackable filesystem and it explicitly disallowed multiple layers of
itself.
Overlayfs, however, can be stacked recursively and also may be stacked
on top of ecryptfs or vice versa.
To limit the kernel stack usage we must limit the depth of the
filesystem stack. Initially the limit is set to 2.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Document the overlay filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
This is useful because of the stacking nature of overlayfs. Users like to
find out (via /proc/mounts) which lower/upper directory were used at mount
time.
Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add support for statfs to the overlayfs filesystem. As the upper layer
is the target of all write operations assume that the space in that
filesystem is the space in the overlayfs. There will be some inaccuracy as
overwriting a file will copy it up and consume space we were not expecting,
but it is better than nothing.
Use the upper layer dentry and mount from the overlayfs root inode,
passing the statfs call to that filesystem.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Overlayfs allows one, usually read-write, directory tree to be
overlaid onto another, read-only directory tree. All modifications
go to the upper, writable layer.
This type of mechanism is most often used for live CDs but there's a
wide variety of other uses.
The implementation differs from other "union filesystem"
implementations in that after a file is opened all operations go
directly to the underlying, lower or upper, filesystems. This
simplifies the implementation and allows native performance in these
cases.
The dentry tree is duplicated from the underlying filesystems, this
enables fast cached lookups without adding special support into the
VFS. This uses slightly more memory than union mounts, but dentries
are relatively small.
Currently inodes are duplicated as well, but it is a possible
optimization to share inodes for non-directories.
Opening non directories results in the open forwarded to the
underlying filesystem. This makes the behavior very similar to union
mounts (with the same limitations vs. fchmod/fchown on O_RDONLY file
descriptors).
Usage:
mount -t overlay -olowerdir=/lower,upperdir=/upper overlay /mnt
Supported:
- all operations
Missing:
- Currently a crash in the middle of copy-up, rename, unlink, rmdir or create
over a whiteout may result in filesystem corruption on the overlay level.
IOW these operations need to become atomic or at least the corruption needs
to be detected.
The following cotributions have been folded into this patch:
Neil Brown <neilb@suse.de>:
- minimal remount support
- use correct seek function for directories
- initialise is_real before use
- rename ovl_fill_cache to ovl_dir_read
Felix Fietkau <nbd@openwrt.org>:
- fix a deadlock in ovl_dir_read_merged
- fix a deadlock in ovl_remove_whiteouts
Erez Zadok <ezk@fsl.cs.sunysb.edu>
- fix cleanup after WARN_ON
Sedat Dilek <sedat.dilek@googlemail.com>
- fix up permission to confirm to new API
Also thanks to the following people for testing and reporting bugs:
Jordi Pujol <jordipujolp@gmail.com>
Andy Whitcroft <apw@canonical.com>
Michal Suchanek <hramrach@centrum.cz>
Felix Fietkau <nbd@openwrt.org>
Erez Zadok <ezk@fsl.cs.sunysb.edu>
Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Overlayfs needs a private clone of the mount, so create a function for
this and export to modules.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Export do_splice_direct() to modules. Needed by overlay filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Add a new inode operation i_op->open(). This is for stacked
filesystems that want to return a struct file from a different
filesystem.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
Make __dentry_open() take a struct path instead of separate vfsmount and dentry
arguments.
Change semantics as well, so that __dentry_open() acquires a reference to path
instead of transferring it to the open file.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
|
|
When we enable the zconfdump() debugging we see assertion failures
attempting to print the config. Convert this into a noop.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/984288
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/977246
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/977246
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Temporarily reverts commit 81e0e2103035c9fc806757ddfa859e66c1b23c32.
Repeated Oops/Panic on boot. Needs re-work after v3.4-rc2 rebase.
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/972355
We have been seeing increasing reports of scarey ioctl messages in
dmesg, such as the below often in bulk:
mdadm: sending ioctl 1261 to a partition!
mdadm: sending ioctl 800c0910 to a partition!
Looking at the upstream discussions these are all benign and can be safely
suppressed. This patch is based on some discussions at the link below,
on some work SUSE did in this area. This is not suitable for upstreaming
as we need some refactoring to fix the 32bit compat ioctl mess.
Link: http://www.spinics.net/lists/raid/msg37770.html
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
If the host returns error for pass through commands, deal with
appropriately. I would like to thank James for patiently helping
me with this patch.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Receieved directly from the upstream maintainer. This is the current
state of the art for this patch, though discussion continues.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/638939
cherry picked from drm-intel-next-queue
This reverts commmit d4b74bf07873da2e94219a7b67a334fc1c3ce649 which
reverted the origin fix fb8b5a39b6310379d7b54c0c7113703a8eaf4a57.
We have at least 3 different bug reports that this fixes things and no
indication what is exactly wrong with this. So try again.
To make matters slightly more fun, the commit itself was cc: stable
whereas the revert has not been.
According to Peter Clifton he discussed this with Zhao Yakui and this
seems to be in contradiction of the GM45 PRM, but rumours have it that
this is how the BIOS does it ... let's see.
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@gmail.com>
Tested-by: Peter Clifton <Peter.Clifton@clifton-electronics.com>
Cc: Zhao Yakui <yakui.zhao@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Eric Anholt <eric@anholt.net>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=16236
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=25913
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=14792
Signed-Off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Violations of seccomp filters should always be reported, regardless
of audit context. This the minimal change version of what has been
proposed upstream: https://lkml.org/lkml/2012/3/23/332
Signed-off-by: Kees Cook <kees@ubuntu.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/969309
OK. Then, I think we also want to fix these warnings probably introduced by
commit a6021559 "UBUNTU: SAUCE: (no-up) Modularize vesafb".
WARNING: drivers/video/vesafb.o(.exit.text+0x42): Section mismatch in reference from the function vesafb_remove() to the (unknown reference) .init.data:(unknown)
The function __exit vesafb_remove() references
a (unknown reference) __initdata (unknown).
This is often seen when error handling in the exit function
uses functionality in the init path.
The fix is often to remove the __initdata annotation of
(unknown) so it may be used outside an init section.
WARNING: drivers/video/vesafb.o(.exit.text+0x4a): Section mismatch in reference from the function vesafb_remove() to the variable .init.data:vesafb_fix
The function __exit vesafb_remove() references
a variable __initdata vesafb_fix.
This is often seen when error handling in the exit function
uses functionality in the init path.
The fix is often to remove the __initdata annotation of
vesafb_fix so it may be used outside an init section.
Reported-by: Tetsuo Honda <from-ubuntu@I-love.SAKURA.ne.jp>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
it is unsupported
Submitted upstream.
BugLink: http://bugs.launchpad.net/bugs/962038
Right now using pcie_aspm=force will not enable ASPM if the FADT indicates
ASPM is unsupported. However, the semantics of force should probably allow
for this, especially as they did before the ASPM disable rework with commit
3c076351c4027a56d5005a39a0b518a4ba393ce2
This patch just skips the clearing of any ASPM setup that the firmware has
carried out on this bus if pcie_aspm=force is being used.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|