From 5dbbaf2de89613d19a9286d4db0a535ca2735d26 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Mon, 14 Jan 2013 07:12:19 +0000 Subject: tun: fix LSM/SELinux labeling of tun/tap devices This patch corrects some problems with LSM/SELinux that were introduced with the multiqueue patchset. The problem stems from the fact that the multiqueue work changed the relationship between the tun device and its associated socket; before the socket persisted for the life of the device, however after the multiqueue changes the socket only persisted for the life of the userspace connection (fd open). For non-persistent devices this is not an issue, but for persistent devices this can cause the tun device to lose its SELinux label. We correct this problem by adding an opaque LSM security blob to the tun device struct which allows us to have the LSM security state, e.g. SELinux labeling information, persist for the lifetime of the tun device. In the process we tweak the LSM hooks to work with this new approach to TUN device/socket labeling and introduce a new LSM hook, security_tun_dev_attach_queue(), to approve requests to attach to a TUN queue via TUNSETQUEUE. The SELinux code has been adjusted to match the new LSM hooks, the other LSMs do not make use of the LSM TUN controls. This patch makes use of the recently added "tun_socket:attach_queue" permission to restrict access to the TUNSETQUEUE operation. On older SELinux policies which do not define the "tun_socket:attach_queue" permission the access control decision for TUNSETQUEUE will be handled according to the SELinux policy's unknown permission setting. Signed-off-by: Paul Moore Acked-by: Eric Paris Tested-by: Jason Wang Signed-off-by: David S. Miller --- include/linux/security.h | 59 +++++++++++++++++++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 13 deletions(-) (limited to 'include/linux') diff --git a/include/linux/security.h b/include/linux/security.h index 0f6afc657f77..eee7478cda70 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -989,17 +989,29 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * tells the LSM to decrement the number of secmark labeling rules loaded * @req_classify_flow: * Sets the flow's sid to the openreq sid. + * @tun_dev_alloc_security: + * This hook allows a module to allocate a security structure for a TUN + * device. + * @security pointer to a security structure pointer. + * Returns a zero on success, negative values on failure. + * @tun_dev_free_security: + * This hook allows a module to free the security structure for a TUN + * device. + * @security pointer to the TUN device's security structure * @tun_dev_create: * Check permissions prior to creating a new TUN device. - * @tun_dev_post_create: - * This hook allows a module to update or allocate a per-socket security - * structure. - * @sk contains the newly created sock structure. + * @tun_dev_attach_queue: + * Check permissions prior to attaching to a TUN device queue. + * @security pointer to the TUN device's security structure. * @tun_dev_attach: - * Check permissions prior to attaching to a persistent TUN device. This - * hook can also be used by the module to update any security state + * This hook can be used by the module to update any security state * associated with the TUN device's sock structure. * @sk contains the existing sock structure. + * @security pointer to the TUN device's security structure. + * @tun_dev_open: + * This hook can be used by the module to update any security state + * associated with the TUN device's security structure. + * @security pointer to the TUN devices's security structure. * * Security hooks for XFRM operations. * @@ -1620,9 +1632,12 @@ struct security_operations { void (*secmark_refcount_inc) (void); void (*secmark_refcount_dec) (void); void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); - int (*tun_dev_create)(void); - void (*tun_dev_post_create)(struct sock *sk); - int (*tun_dev_attach)(struct sock *sk); + int (*tun_dev_alloc_security) (void **security); + void (*tun_dev_free_security) (void *security); + int (*tun_dev_create) (void); + int (*tun_dev_attach_queue) (void *security); + int (*tun_dev_attach) (struct sock *sk, void *security); + int (*tun_dev_open) (void *security); #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM @@ -2566,9 +2581,12 @@ void security_inet_conn_established(struct sock *sk, int security_secmark_relabel_packet(u32 secid); void security_secmark_refcount_inc(void); void security_secmark_refcount_dec(void); +int security_tun_dev_alloc_security(void **security); +void security_tun_dev_free_security(void *security); int security_tun_dev_create(void); -void security_tun_dev_post_create(struct sock *sk); -int security_tun_dev_attach(struct sock *sk); +int security_tun_dev_attach_queue(void *security); +int security_tun_dev_attach(struct sock *sk, void *security); +int security_tun_dev_open(void *security); #else /* CONFIG_SECURITY_NETWORK */ static inline int security_unix_stream_connect(struct sock *sock, @@ -2733,16 +2751,31 @@ static inline void security_secmark_refcount_dec(void) { } +static inline int security_tun_dev_alloc_security(void **security) +{ + return 0; +} + +static inline void security_tun_dev_free_security(void *security) +{ +} + static inline int security_tun_dev_create(void) { return 0; } -static inline void security_tun_dev_post_create(struct sock *sk) +static inline int security_tun_dev_attach_queue(void *security) +{ + return 0; +} + +static inline int security_tun_dev_attach(struct sock *sk, void *security) { + return 0; } -static inline int security_tun_dev_attach(struct sock *sk) +static inline int security_tun_dev_open(void *security) { return 0; } -- cgit v1.2.3 From 6509141f9c2ba74df6cc72ec35cd1865276ae3a4 Mon Sep 17 00:00:00 2001 From: Wei Shuai Date: Mon, 21 Jan 2013 06:00:31 +0000 Subject: usbnet: add new flag FLAG_NOARP for usb net devices We do have some USB net devices, which cannot do ARP. so we can introduce a new flag FLAG_NOARP, then client drivers can easily handle this kind of devices Signed-off-by: Wei Shuai Signed-off-by: David S. Miller --- include/linux/usb/usbnet.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include/linux') diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h index bd45eb7bedc8..5de7a220e986 100644 --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h @@ -100,6 +100,7 @@ struct driver_info { #define FLAG_LINK_INTR 0x0800 /* updates link (carrier) status */ #define FLAG_POINTTOPOINT 0x1000 /* possibly use "usb%d" names */ +#define FLAG_NOARP 0x2000 /* device can't do ARP */ /* * Indicates to usbnet, that USB driver accumulates multiple IP packets. -- cgit v1.2.3 From 00441b5e6b98ad6a50b5cb7f88d473e3ea1e0d75 Mon Sep 17 00:00:00 2001 From: Lee Jones Date: Wed, 9 Jan 2013 10:06:03 +0000 Subject: mfd: Fix compile errors and warnings when !CONFIG_AB8500_BM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit drivers/mfd/ab8500-core.c:1015:21: error: ‘ab8500_bm_data’ undeclared here include/linux/mfd/abx500/ab8500-bm.h:445:13: warning: ‘ab8500_fg_reinit’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:448:13: warning: ‘ab8500_charger_usb_state_changed’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:451:29: warning: ‘ab8500_btemp_get’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:455:12: warning: ‘ab8500_btemp_get_batctrl_temp’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:463:12: warning: ‘ab8500_fg_inst_curr_blocking’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:442:12: warning: ‘ab8500_fg_inst_curr_done’ defined but not used include/linux/mfd/abx500/ab8500-bm.h:447:26: warning: ‘ab8500_fg_get’ defined but not used Signed-off-by: Lee Jones Signed-off-by: Samuel Ortiz --- include/linux/mfd/abx500.h | 2 -- include/linux/mfd/abx500/ab8500-bm.h | 29 ++++------------------------- 2 files changed, 4 insertions(+), 27 deletions(-) (limited to 'include/linux') diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h index 2138bd33021a..e53dcfeaee69 100644 --- a/include/linux/mfd/abx500.h +++ b/include/linux/mfd/abx500.h @@ -272,8 +272,6 @@ struct abx500_bm_data { const struct abx500_fg_parameters *fg_params; }; -extern struct abx500_bm_data ab8500_bm_data; - enum { NTC_EXTERNAL = 0, NTC_INTERNAL, diff --git a/include/linux/mfd/abx500/ab8500-bm.h b/include/linux/mfd/abx500/ab8500-bm.h index 44310c98ee6e..9bd037df97d9 100644 --- a/include/linux/mfd/abx500/ab8500-bm.h +++ b/include/linux/mfd/abx500/ab8500-bm.h @@ -422,7 +422,10 @@ struct ab8500_chargalg_platform_data { struct ab8500_btemp; struct ab8500_gpadc; struct ab8500_fg; + #ifdef CONFIG_AB8500_BM +extern struct abx500_bm_data ab8500_bm_data; + void ab8500_fg_reinit(void); void ab8500_charger_usb_state_changed(u8 bm_usb_state, u16 mA); struct ab8500_btemp *ab8500_btemp_get(void); @@ -434,31 +437,7 @@ int ab8500_fg_inst_curr_finalize(struct ab8500_fg *di, int *res); int ab8500_fg_inst_curr_done(struct ab8500_fg *di); #else -int ab8500_fg_inst_curr_done(struct ab8500_fg *di) -{ -} -static void ab8500_fg_reinit(void) -{ -} -static void ab8500_charger_usb_state_changed(u8 bm_usb_state, u16 mA) -{ -} -static struct ab8500_btemp *ab8500_btemp_get(void) -{ - return NULL; -} -static int ab8500_btemp_get_batctrl_temp(struct ab8500_btemp *btemp) -{ - return 0; -} -struct ab8500_fg *ab8500_fg_get(void) -{ - return NULL; -} -static int ab8500_fg_inst_curr_blocking(struct ab8500_fg *dev) -{ - return -ENODEV; -} +static struct abx500_bm_data ab8500_bm_data; static inline int ab8500_fg_inst_curr_start(struct ab8500_fg *di) { -- cgit v1.2.3 From d817ac4e181710cd02b582b759d3123ad2cfa8d8 Mon Sep 17 00:00:00 2001 From: Wei WANG Date: Wed, 23 Jan 2013 09:51:04 +0800 Subject: mfd: rtsx: Add output voltage switch hook Different card reader has different method to switch output voltage, add this callback to let the card reader implement its individual switch function. This is needed as rtl8411 has a specific switch output voltage procedure. Signed-off-by: Wei WANG Signed-off-by: Samuel Ortiz --- include/linux/mfd/rtsx_pci.h | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'include/linux') diff --git a/include/linux/mfd/rtsx_pci.h b/include/linux/mfd/rtsx_pci.h index 060b721fcbfb..271b6e5654af 100644 --- a/include/linux/mfd/rtsx_pci.h +++ b/include/linux/mfd/rtsx_pci.h @@ -158,10 +158,9 @@ #define SG_TRANS_DATA (0x02 << 4) #define SG_LINK_DESC (0x03 << 4) -/* SD bank voltage */ -#define SD_IO_3V3 0 -#define SD_IO_1V8 1 - +/* Output voltage */ +#define OUTPUT_3V3 0 +#define OUTPUT_1V8 1 /* Card Clock Enable Register */ #define SD_CLK_EN 0x04 @@ -201,6 +200,20 @@ #define CHANGE_CLK 0x01 /* LDO_CTL */ +#define BPP_ASIC_1V7 0x00 +#define BPP_ASIC_1V8 0x01 +#define BPP_ASIC_1V9 0x02 +#define BPP_ASIC_2V0 0x03 +#define BPP_ASIC_2V7 0x04 +#define BPP_ASIC_2V8 0x05 +#define BPP_ASIC_3V2 0x06 +#define BPP_ASIC_3V3 0x07 +#define BPP_REG_TUNED18 0x07 +#define BPP_TUNED18_SHIFT_8402 5 +#define BPP_TUNED18_SHIFT_8411 4 +#define BPP_PAD_MASK 0x04 +#define BPP_PAD_3V3 0x04 +#define BPP_PAD_1V8 0x00 #define BPP_LDO_POWB 0x03 #define BPP_LDO_ON 0x00 #define BPP_LDO_SUSPEND 0x02 @@ -688,6 +701,8 @@ struct pcr_ops { int (*disable_auto_blink)(struct rtsx_pcr *pcr); int (*card_power_on)(struct rtsx_pcr *pcr, int card); int (*card_power_off)(struct rtsx_pcr *pcr, int card); + int (*switch_output_voltage)(struct rtsx_pcr *pcr, + u8 voltage); unsigned int (*cd_deglitch)(struct rtsx_pcr *pcr); }; @@ -783,6 +798,7 @@ int rtsx_pci_switch_clock(struct rtsx_pcr *pcr, unsigned int card_clock, u8 ssc_depth, bool initial_mode, bool double_clk, bool vpclk); int rtsx_pci_card_power_on(struct rtsx_pcr *pcr, int card); int rtsx_pci_card_power_off(struct rtsx_pcr *pcr, int card); +int rtsx_pci_switch_output_voltage(struct rtsx_pcr *pcr, u8 voltage); unsigned int rtsx_pci_card_exist(struct rtsx_pcr *pcr); void rtsx_pci_complete_unfinished_transfer(struct rtsx_pcr *pcr); -- cgit v1.2.3 From ab4e8f8b7bdfeff0c961fdbbdacb262d68f094c0 Mon Sep 17 00:00:00 2001 From: Wei WANG Date: Wed, 23 Jan 2013 09:51:06 +0800 Subject: mfd: rtsx: Add clock divider hook Add callback function conv_clk_and_div_n to convert between SSC clock and its divider N. For rtl8411, the formula to calculate SSC clock divider N is different with the other card reader models. Signed-off-by: Wei WANG Signed-off-by: Samuel Ortiz --- include/linux/mfd/rtsx_common.h | 3 +++ include/linux/mfd/rtsx_pci.h | 1 + 2 files changed, 4 insertions(+) (limited to 'include/linux') diff --git a/include/linux/mfd/rtsx_common.h b/include/linux/mfd/rtsx_common.h index a8d393e3066b..2b13970596f5 100644 --- a/include/linux/mfd/rtsx_common.h +++ b/include/linux/mfd/rtsx_common.h @@ -38,6 +38,9 @@ #define RTSX_SD_CARD 0 #define RTSX_MS_CARD 1 +#define CLK_TO_DIV_N 0 +#define DIV_N_TO_CLK 1 + struct platform_device; struct rtsx_slot { diff --git a/include/linux/mfd/rtsx_pci.h b/include/linux/mfd/rtsx_pci.h index 271b6e5654af..4b117a3f54d4 100644 --- a/include/linux/mfd/rtsx_pci.h +++ b/include/linux/mfd/rtsx_pci.h @@ -704,6 +704,7 @@ struct pcr_ops { int (*switch_output_voltage)(struct rtsx_pcr *pcr, u8 voltage); unsigned int (*cd_deglitch)(struct rtsx_pcr *pcr); + int (*conv_clk_and_div_n)(int clk, int dir); }; enum PDEV_STAT {PDEV_STAT_IDLE, PDEV_STAT_RUN}; -- cgit v1.2.3 From 0a8c290ac58a86d5e1f2193abcd4d74ec075e20c Mon Sep 17 00:00:00 2001 From: Ashish Jangam Date: Fri, 25 Jan 2013 14:03:49 +0530 Subject: mfd: da9052/53 lockup fix An issue has been reported where the PMIC either locks up or fails to respond following a system Reset. This could result in a second write in which the bus writes the current content of the write buffer to address of the last I2C access. The failure case is where this unwanted write transfers incorrect data to a critical register. This patch fixes this issue to by following any read or write with a dummy read to a safe register address. A safe register address is one where the contents will not affect the operation of the system. Signed-off-by: Ashish Jangam Signed-off-by: Samuel Ortiz --- include/linux/mfd/da9052/da9052.h | 66 ++++++++++++++++++++++++++++++++++++--- include/linux/mfd/da9052/reg.h | 3 ++ 2 files changed, 65 insertions(+), 4 deletions(-) (limited to 'include/linux') diff --git a/include/linux/mfd/da9052/da9052.h b/include/linux/mfd/da9052/da9052.h index 86dd93de6ff2..786d02eb79d2 100644 --- a/include/linux/mfd/da9052/da9052.h +++ b/include/linux/mfd/da9052/da9052.h @@ -99,6 +99,9 @@ struct da9052 { u8 chip_id; int chip_irq; + + /* SOC I/O transfer related fixes for DA9052/53 */ + int (*fix_io) (struct da9052 *da9052, unsigned char reg); }; /* ADC API */ @@ -113,32 +116,87 @@ static inline int da9052_reg_read(struct da9052 *da9052, unsigned char reg) ret = regmap_read(da9052->regmap, reg, &val); if (ret < 0) return ret; + + if (da9052->fix_io) { + ret = da9052->fix_io(da9052, reg); + if (ret < 0) + return ret; + } + return val; } static inline int da9052_reg_write(struct da9052 *da9052, unsigned char reg, unsigned char val) { - return regmap_write(da9052->regmap, reg, val); + int ret; + + ret = regmap_write(da9052->regmap, reg, val); + if (ret < 0) + return ret; + + if (da9052->fix_io) { + ret = da9052->fix_io(da9052, reg); + if (ret < 0) + return ret; + } + + return ret; } static inline int da9052_group_read(struct da9052 *da9052, unsigned char reg, unsigned reg_cnt, unsigned char *val) { - return regmap_bulk_read(da9052->regmap, reg, val, reg_cnt); + int ret; + + ret = regmap_bulk_read(da9052->regmap, reg, val, reg_cnt); + if (ret < 0) + return ret; + + if (da9052->fix_io) { + ret = da9052->fix_io(da9052, reg); + if (ret < 0) + return ret; + } + + return ret; } static inline int da9052_group_write(struct da9052 *da9052, unsigned char reg, unsigned reg_cnt, unsigned char *val) { - return regmap_raw_write(da9052->regmap, reg, val, reg_cnt); + int ret; + + ret = regmap_raw_write(da9052->regmap, reg, val, reg_cnt); + if (ret < 0) + return ret; + + if (da9052->fix_io) { + ret = da9052->fix_io(da9052, reg); + if (ret < 0) + return ret; + } + + return ret; } static inline int da9052_reg_update(struct da9052 *da9052, unsigned char reg, unsigned char bit_mask, unsigned char reg_val) { - return regmap_update_bits(da9052->regmap, reg, bit_mask, reg_val); + int ret; + + ret = regmap_update_bits(da9052->regmap, reg, bit_mask, reg_val); + if (ret < 0) + return ret; + + if (da9052->fix_io) { + ret = da9052->fix_io(da9052, reg); + if (ret < 0) + return ret; + } + + return ret; } int da9052_device_init(struct da9052 *da9052, u8 chip_id); diff --git a/include/linux/mfd/da9052/reg.h b/include/linux/mfd/da9052/reg.h index b97f7309d7f6..c4dd3a8add21 100644 --- a/include/linux/mfd/da9052/reg.h +++ b/include/linux/mfd/da9052/reg.h @@ -34,6 +34,9 @@ #define DA9052_STATUS_C_REG 3 #define DA9052_STATUS_D_REG 4 +/* PARK REGISTER */ +#define DA9052_PARK_REGISTER DA9052_STATUS_D_REG + /* EVENT REGISTERS */ #define DA9052_EVENT_A_REG 5 #define DA9052_EVENT_B_REG 6 -- cgit v1.2.3 From 83e68189745ad931c2afd45d8ee3303929233e7f Mon Sep 17 00:00:00 2001 From: Matt Fleming Date: Wed, 14 Nov 2012 09:42:35 +0000 Subject: efi: Make 'efi_enabled' a function to query EFI facilities Originally 'efi_enabled' indicated whether a kernel was booted from EFI firmware. Over time its semantics have changed, and it now indicates whether or not we are booted on an EFI machine with bit-native firmware, e.g. 64-bit kernel with 64-bit firmware. The immediate motivation for this patch is the bug report at, https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557 which details how running a platform driver on an EFI machine that is designed to run under BIOS can cause the machine to become bricked. Also, the following report, https://bugzilla.kernel.org/show_bug.cgi?id=47121 details how running said driver can also cause Machine Check Exceptions. Drivers need a new means of detecting whether they're running on an EFI machine, as sadly the expression, if (!efi_enabled) hasn't been a sufficient condition for quite some time. Users actually want to query 'efi_enabled' for different reasons - what they really want access to is the list of available EFI facilities. For instance, the x86 reboot code needs to know whether it can invoke the ResetSystem() function provided by the EFI runtime services, while the ACPI OSL code wants to know whether the EFI config tables were mapped successfully. There are also checks in some of the platform driver code to simply see if they're running on an EFI machine (which would make it a bad idea to do BIOS-y things). This patch is a prereq for the samsung-laptop fix patch. Cc: David Airlie Cc: Corentin Chary Cc: Matthew Garrett Cc: Dave Jiang Cc: Olof Johansson Cc: Peter Jones Cc: Colin Ian King Cc: Steve Langasek Cc: Tony Luck Cc: Konrad Rzeszutek Wilk Cc: Rafael J. Wysocki Cc: Signed-off-by: Matt Fleming Signed-off-by: H. Peter Anvin --- include/linux/efi.h | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'include/linux') diff --git a/include/linux/efi.h b/include/linux/efi.h index 8b84916dc671..7a9498ab3c2d 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -618,18 +618,30 @@ extern int __init efi_setup_pcdp_console(char *); #endif /* - * We play games with efi_enabled so that the compiler will, if possible, remove - * EFI-related code altogether. + * We play games with efi_enabled so that the compiler will, if + * possible, remove EFI-related code altogether. */ +#define EFI_BOOT 0 /* Were we booted from EFI? */ +#define EFI_SYSTEM_TABLES 1 /* Can we use EFI system tables? */ +#define EFI_CONFIG_TABLES 2 /* Can we use EFI config tables? */ +#define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ +#define EFI_MEMMAP 4 /* Can we use EFI memory map? */ +#define EFI_64BIT 5 /* Is the firmware 64-bit? */ + #ifdef CONFIG_EFI # ifdef CONFIG_X86 - extern int efi_enabled; - extern bool efi_64bit; +extern int efi_enabled(int facility); # else -# define efi_enabled 1 +static inline int efi_enabled(int facility) +{ + return 1; +} # endif #else -# define efi_enabled 0 +static inline int efi_enabled(int facility) +{ + return 0; +} #endif /* -- cgit v1.2.3