Permalink
Commits on Aug 3, 2014
  1. intelliactive: rework input register/unregister

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jul 19, 2014
  2. intelli_plug: older Qualcomm kernel compatibility fixup

    ARGH... really angry at CAF code.
    
    some cpufreq driver APIs are incredibly unstable with some of the older
    MSM kernels.  The correct way is the fix the cpufreq drivers, but there are
    tons of variations out there, so rather than depending on a fix, make
    intelli_plug more universal by avoiding the troubling APIs altogether
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jul 19, 2014
  3. intelli_plug: use primary CPU's info data for non-boot cpu's settings

    Async CPU design has caused quite a bit of grief for controlling cpu
    frequencies
    
    bump to version 3.8
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jul 15, 2014
  4. intelli_plug: initialize ip_info struct element during driver init

    this will eliminate race issues
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    
    Conflicts:
    	arch/arm/hotplug/intelli_plug.c
    committed Jul 15, 2014
  5. intelli_plug: fix incorrect cpufreq API usage

    This resolves the wakeup kick and screen off max issues
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jul 15, 2014
  6. intelli_plug: only apply suspend/resume logic if active

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jul 3, 2014
Commits on Jun 27, 2014
  1. HACK: TUNA ONLY: disable input boost due to TUNA touchscreen driver bug!

    TUNA board has a serious touchscreen driver bug where once in a while the touch driver will hang during powerup and may lead to unresponsive touchscreen after
    full initialization :(  Until the driver bug is fixed, touch boosting will be
    disabled
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 27, 2014
  2. mm/ksm: engage deferred timer by default

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 27, 2014
  3. ksm: Provide support to use deferred timers for scanner thread

    KSM thread to scan pages is getting schedule on definite timeout.
    That wakes up CPU from idle state and hence may affect the power
    consumption. Provide an optional support to use deferred timer
    which suites low-power use-cases.
    
    To enable deferred timers,
    $ echo 1 > /sys/kernel/mm/ksm/deferred_timer
    
    Change-Id: I07fe199f97fe1f72f9a9e1b0b757a3ac533719e8
    Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
    Chintan Pandya committed with Feb 18, 2014
  4. futex: Make lookup_pi_state more robust

    The current implementation of lookup_pi_state has ambigous handling of
    the TID value 0 in the user space futex. We can get into the kernel
    even if the TID value is 0, because either there is a stale waiters
    bit or the owner died bit is set or we are called from the requeue_pi
    path or from user space just for fun.
    
    The current code avoids an explicit sanity check for pid = 0 in case
    that kernel internal state (waiters) are found for the user space
    address. This can lead to state leakage and worse under some
    circumstances.
    
    Handle the cases explicit:
    
         Waiter | pi_state | pi->owner | uTID      | uODIED | ?
    
    [1]  NULL   | ---      | ---       | 0         | 0/1    | Valid
    [2]  NULL   | ---      | ---       | >0        | 0/1    | Valid
    
    [3]  Found  | NULL     | --        | Any       | 0/1    | Invalid
    
    [4]  Found  | Found    | NULL      | 0         | 1      | Valid
    [5]  Found  | Found    | NULL      | >0        | 1      | Invalid
    
    [6]  Found  | Found    | task      | 0         | 1      | Valid
    
    [7]  Found  | Found    | NULL      | Any       | 0      | Invalid
    
    [8]  Found  | Found    | task      | ==taskTID | 0/1    | Valid
    [9]  Found  | Found    | task      | 0         | 0      | Invalid
    [10] Found  | Found    | task      | !=taskTID | 0/1    | Invalid
    
    [1]  Indicates that the kernel can acquire the futex atomically. We
         came came here due to a stale FUTEX_WAITERS/FUTEX_OWNER_DIED bit.
    
    [2]  Valid, if TID does not belong to a kernel thread. If no matching
         thread is found then it indicates that the owner TID has died.
    
    [3]  Invalid. The waiter is queued on a non PI futex
    
    [4]  Valid state after exit_robust_list(), which sets the user space
         value to FUTEX_WAITERS | FUTEX_OWNER_DIED.
    
    [5]  The user space value got manipulated between exit_robust_list()
         and exit_pi_state_list()
    
    [6]  Valid state after exit_pi_state_list() which sets the new owner in
         the pi_state but cannot access the user space value.
    
    [7]  pi_state->owner can only be NULL when the OWNER_DIED bit is set.
    
    [8]  Owner and user space value match
    
    [9]  There is no transient state which sets the user space TID to 0
         except exit_robust_list(), but this is indicated by the
         FUTEX_OWNER_DIED bit. See [4]
    
    [10] There is no transient state which leaves owner and user space
         TID out of sync.
    
    Backport to 3.13
      conflicts: kernel/futex.c
    
    Change-Id: Ic410036b38ccb7289b3d58eff56ad64d3a9dcada
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Signed-off-by: John Johansen <john.johansen@canonical.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Will Drewry <wad@chromium.org>
    Cc: Darren Hart <dvhart@linux.intel.com>
    Cc: stable@vger.kernel.org
    Thomas Gleixner committed with Jun 3, 2014
  5. futex: Always cleanup owner tid in unlock_pi

    If the owner died bit is set at futex_unlock_pi, we currently do not
    cleanup the user space futex. So the owner TID of the current owner
    (the unlocker) persists. That's observable inconsistant state,
    especially when the ownership of the pi state got transferred.
    
    Clean it up unconditionally.
    
    Change-Id: I4eeb2e139b720f1dd46e43407a96b3d9a19aacd1
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Will Drewry <wad@chromium.org>
    Cc: Darren Hart <dvhart@linux.intel.com>
    Cc: stable@vger.kernel.org
    Thomas Gleixner committed with Jun 3, 2014
  6. futex: Validate atomic acquisition in futex_lock_pi_atomic()

    We need to protect the atomic acquisition in the kernel against rogue
    user space which sets the user space futex to 0, so the kernel side
    acquisition succeeds while there is existing state in the kernel
    associated to the real owner.
    
    Verify whether the futex has waiters associated with kernel state. If
    it has, return -EINVAL. The state is corrupted already, so no point in
    cleaning it up. Subsequent calls will fail as well. Not our problem.
    
    [ tglx: Use futex_top_waiter() and explain why we do not need to try
      	restoring the already corrupted user space state. ]
    
    Change-Id: Ic8714ed2e9dee323a011eed42f7c0159c65dfbf3
    Signed-off-by: Darren Hart <dvhart@linux.intel.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Will Drewry <wad@chromium.org>
    Cc: stable@vger.kernel.org
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Thomas Gleixner committed with Jun 3, 2014
  7. futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == u…

    …addr2 in futex_requeue(..., requeue_pi=1)
    
    If uaddr == uaddr2, then we have broken the rule of only requeueing
    from a non-pi futex to a pi futex with this call. If we attempt this,
    then dangling pointers may be left for rt_waiter resulting in an
    exploitable condition.
    
    This change brings futex_requeue() into line with
    futex_wait_requeue_pi() which performs the same check as per commit
    6f7b0a2a5 (futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi())
    
    [ tglx: Compare the resulting keys as well, as uaddrs might be
      	different depending on the mapping ]
    
    Fixes CVE-2014-3153.
    
    Change-Id: I473bf486ad451de0bfd049a110b69795a6fda451
    Reported-by: Pinkie Pie
    Signed-off-by: Will Drewry <wad@chromium.org>
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Cc: stable@vger.kernel.org
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Thomas Gleixner committed with Jun 3, 2014
  8. futex: Add another early deadlock detection check

    Dave Jones trinity syscall fuzzer exposed an issue in the deadlock
    detection code of rtmutex:
      http://lkml.kernel.org/r/20140429151655.GA14277@redhat.com
    
    That underlying issue has been fixed with a patch to the rtmutex code,
    but the futex code must not call into rtmutex in that case because
        - it can detect that issue early
        - it avoids a different and more complex fixup for backing out
    
    If the user space variable got manipulated to 0x80000000 which means
    no lock holder, but the waiters bit set and an active pi_state in the
    kernel is found we can figure out the recursive locking issue by
    looking at the pi_state owner. If that is the current task, then we
    can safely return -EDEADLK.
    
    The check should have been added in commit 59fa62451 (futex: Handle
    futex_pi OWNER_DIED take over correctly) already, but I did not see
    the above issue caused by user space manipulation back then.
    
    Change-Id: I5242efcdc3c08159c652fe645e1f85b27687e6ca
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: Dave Jones <davej@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Darren Hart <darren@dvhart.com>
    Cc: Davidlohr Bueso <davidlohr@hp.com>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Clark Williams <williams@redhat.com>
    Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
    Cc: Roland McGrath <roland@hack.frob.com>
    Cc: Carlos ODonell <carlos@redhat.com>
    Cc: Jakub Jelinek <jakub@redhat.com>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Link: http://lkml.kernel.org/r/20140512201701.097349971@linutronix.de
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: stable@vger.kernel.org
    Thomas Gleixner committed with May 12, 2014
  9. futex: Prevent attaching to kernel threads

    We happily allow userspace to declare a random kernel thread to be the
    owner of a user space PI futex.
    
    Found while analysing the fallout of Dave Jones syscall fuzzer.
    
    We also should validate the thread group for private futexes and find
    some fast way to validate whether the "alleged" owner has RW access on
    the file which backs the SHM, but that's a separate issue.
    
    Change-Id: I03941dc5737bcb9d3ddd2ec88f7c263c27a1247d
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: Dave Jones <davej@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Darren Hart <darren@dvhart.com>
    Cc: Davidlohr Bueso <davidlohr@hp.com>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Clark Williams <williams@redhat.com>
    Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
    Cc: Lai Jiangshan <laijs@cn.fujitsu.com>
    Cc: Roland McGrath <roland@hack.frob.com>
    Cc: Carlos ODonell <carlos@redhat.com>
    Cc: Jakub Jelinek <jakub@redhat.com>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Link: http://lkml.kernel.org/r/20140512201701.194824402@linutronix.de
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: stable@vger.kernel.org
    Thomas Gleixner committed with May 12, 2014
  10. @peterhurley

    n_tty: Fix n_tty_write crash when echoing in raw mode

    The tty atomic_write_lock does not provide an exclusion guarantee for
    the tty driver if the termios settings are LECHO & !OPOST.  And since
    it is unexpected and not allowed to call TTY buffer helpers like
    tty_insert_flip_string concurrently, this may lead to crashes when
    concurrect writers call pty_write. In that case the following two
    writers:
    * the ECHOing from a workqueue and
    * pty_write from the process
    race and can overflow the corresponding TTY buffer like follows.
    
    If we look into tty_insert_flip_string_fixed_flag, there is:
      int space = __tty_buffer_request_room(port, goal, flags);
      struct tty_buffer *tb = port->buf.tail;
      ...
      memcpy(char_buf_ptr(tb, tb->used), chars, space);
      ...
      tb->used += space;
    
    so the race of the two can result in something like this:
                  A                                B
    __tty_buffer_request_room
                                      __tty_buffer_request_room
    memcpy(buf(tb->used), ...)
    tb->used += space;
                                      memcpy(buf(tb->used), ...) ->BOOM
    
    B's memcpy is past the tty_buffer due to the previous A's tb->used
    increment.
    
    Since the N_TTY line discipline input processing can output
    concurrently with a tty write, obtain the N_TTY ldisc output_lock to
    serialize echo output with normal tty writes.  This ensures the tty
    buffer helper tty_insert_flip_string is not called concurrently and
    everything is fine.
    
    Note that this is nicely reproducible by an ordinary user using
    forkpty and some setup around that (raw termios + ECHO). And it is
    present in kernels at least after commit
    d945cb9 (pty: Rework the pty layer to
    use the normal buffering logic) in 2.6.31-rc3.
    
    js: add more info to the commit log
    js: switch to bool
    js: lock unconditionally
    js: lock only the tty->ops->write call
    
    References: CVE-2014-0196
    Reported-and-tested-by: Jiri Slaby <jslaby@suse.cz>
    Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
    Signed-off-by: Jiri Slaby <jslaby@suse.cz>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    [bwh: Backported to 3.2: output_lock is a member of struct tty_struct]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    
    Change-Id: Ifb8bf28246556efb3c42aa5d153ef7fb4ed95cbc
    peterhurley committed with May 3, 2014
  11. @FrozenCow

    Added cdrom option to luns

    Change-Id: Ic3b97f8bf58171cfa51f57c2674f2ddba0cafe13
    FrozenCow committed with Feb 13, 2013
  12. @FrozenCow

    2048 block size for cdrom-f_mass_storage devices

    Bios will recognize the cdrom device like most other cdrom
    devices. This allows people to boot ISOs from their phone.
    
    Original by Andreas Kemnade:
    http://www.spinics.net/lists/linux-usb/msg25178.html
    
    Change-Id: Id8fba96e1683f6daa6330b1e59f4a4ca4fe5c271
    FrozenCow committed with Feb 13, 2013
  13. intelli_plug: fix logic error for eco mode profiles

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 22, 2014
  14. intelli_plug: fix thread capacity threshold calculation

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 22, 2014
  15. intelli_plug: adjust thread capacity for Cortex A7 SOCs

    Cortex A7 is much weaker than Krait processors
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 21, 2014
  16. intelli_plug: unify powersuspend and earlysuspend drivers

    also minor clean up on the persist logic
    
    bump to version 3.7
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 21, 2014
  17. intelli_plug: move to its own directory. It's been cross platform for…

    … a while
    
    intelli_plug driver has been working on OMAP44xx, TEGRA 3, Exynos and
    MSM Krait/Cortex multi-core SOCs.  So it doesn't make sense to patch on a per
    SOC basis, move it to its own ARM platform independent folder so patches can
    apply to all supported ARM platforms
    
    Cumulative patch to version 3.6 as well for OMAP2 platform
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 27, 2014
  18. intelli_plug: refactor stats calculation code to be less intrusive

    this is done for those kernels which do not have 100% source code available
    and must use existing closed source modules such as wifi drivers
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 22, 2014
  19. Revert avg_nr_running stats patches

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Jun 27, 2014
Commits on Jun 26, 2014
  1. Revert "page_alloc: Make watermarks tunable separately"

    This reverts commit b0a290c.
    committed Jun 26, 2014
Commits on Mar 31, 2014
  1. intelli_plug: switch to generic MT input rather than named devices

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Mar 31, 2014
  2. page_alloc: Make watermarks tunable separately

    This patch introduces three new sysctls to /proc/sys/vm:
    wmark_min_kbytes, wmark_low_kbytes and wmark_high_kbytes.
    
    Each entry is used to compute watermark[min], watermark[low]
    and watermark[high] for each zone.
    
    These parameters are also updated when min_free_kbytes are
    changed because originally they are set based on min_free_kbytes.
    On the other hand, min_free_kbytes is updated when wmark_free_kbytes
    changes.
    
    By using the parameters one can adjust the difference among
    watermark[min], watermark[low] and watermark[high] and as a result
    one can tune the kernel reclaim behaviour to fit their requirement.
    
    Signed-off-by: Satoru Moriya <satoru.moriya@hds.com>
    
    modified and tuned for Hammerhead
    
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Mar 31, 2014
  3. mm: vmscan: If kswapd has been running too long, allow it to sleep

    Under constant allocation pressure, kswapd can be in the situation where
    sleeping_prematurely() will always return true even if kswapd has been
    running a long time. Check if kswapd needs to be scheduled.
    
    Signed-off-by: Mel Gorman <mgorman@suse.de>
    Signed-off-by: Paul Reioux <reioux@gmail.com>
    Mel Gorman committed with May 13, 2011
Commits on Mar 18, 2014
  1. Intelli_plug: special dual-core adaptation for all dualcore SOCs

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Mar 18, 2014
Commits on Mar 15, 2014
  1. misc: sound_control: update with more sane permissions

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Mar 15, 2014
  2. Revert "intelli_plug: change name to correct touchscreen driver"

    This reverts commit 545bbc9.
    
    Revert for now. Don't have time to spend debugging the OMX bug caused by this.
    
    there's some major WTF going with OMX driver somehow caused by registered
    input :(
    
    Ugh
    committed Mar 15, 2014
  3. Revert "intelliactive: change name to correct touch driver"

    This reverts commit 67b10ef.
    committed Mar 15, 2014
  4. @br101

    bcmdhd: workaround broken AC video queue in IBSS mode

    Re-apply this patch as it got lost with commit
    6f16c5ddacd66f9122c6b74ce2979229ebb6be64 "tuna: Revert WiFi sleep power mode".
    It still is necessary as can easily be tested with 'ping -Q 0xa IP'.
    
    The BCM4330 has problems with the WME video (AC_VI) queue in IBSS mode. If we
    put packets into this AC, the symptoms are excessive RTS/CTS, most packets get
    lost and the device get's stuck and no more packets can be sent, even on other
    queues.
    
    Since the AC queue selection happens in the firmware based on the DSCP priority
    and we don't know a way to configure this in the driver the workaround is to
    simply downgrade all packets which would go into AC_VI (priority 4 and 5, TOS
    0x80 and 0xa0) to AC_BE (priority 3 "Excellent Effort"). It's not pretty but
    makes the device usable.
    
    Change-Id: I833fb2f07dc5c46b823b70e93b9b05cc20a7b997
    Signed-off-by: Bruno Randolf <br1@einfach.org>
    br101 committed with Apr 18, 2013
Commits on Mar 14, 2014
  1. intelliactive: change name to correct touch driver

    Signed-off-by: Paul Reioux <reioux@gmail.com>
    committed Mar 14, 2014