Commit Graph

495393 Commits

Author SHA1 Message Date
Willem de Bruijn f812116b17 ip: zero sockaddr returned on error queue
The sockaddr is returned in IP(V6)_RECVERR as part of errhdr. That
structure is defined and allocated on the stack as

    struct {
            struct sock_extended_err ee;
            struct sockaddr_in(6)    offender;
    } errhdr;

The second part is only initialized for certain SO_EE_ORIGIN values.
Always initialize it completely.

An MTU exceeded error on a SOCK_RAW/IPPROTO_RAW is one example that
would return uninitialized bytes.

Signed-off-by: Willem de Bruijn <willemb@google.com>

----

Also verified that there is no padding between errhdr.ee and
errhdr.offender that could leak additional kernel data.
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:41:16 -05:00
David S. Miller 4315ef8d8b linux-can-fixes-for-3.19-20150115
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJUt+OgAAoJECte4hHFiupUcckP/jVRKceArdqteY9YSL4XI7Xl
 CuL3zNDRtl9xhtGy8ZXONOvuQ4aRrTO4RTWtnCveDE1Gft573biG8RFiHLQClVAY
 z3u0cEi47Tx4vUW5ghVkVPxDp+5FKUQ+iOr3ab59aaMZdMds0vhAkR8sdLuQ8gZy
 nRLdH/FTDkbwAGJl+gdDElitZ/XdNcU0sfRMGIbi0l5xgjaDmFepi9H8EWHpnlbe
 z938d1bpsjRWJs3O8qm3ZoBDo1pRywVMDYDA0wtVPHViiCDclhaAhmR8Q6qt22Tx
 0WNUKQhULPxSwtdDHYZEoTOJlFxqst7umUbl46fDWaq/+7GSKvplkwP3j2pyzRU9
 8F8LeVCZqfIKYvfbD+PhGXjD8azg0/XXU64wUxCuED3BrCm2nDQqqycnWlyG5Iax
 /qkQgjj3o3xOYPmjOf2RkfwLSRIG00h9gT7B0KkQLjSmywzMF16WSiqR8xt8RtzA
 9kcsoEFxz8I+qyY0ovo2Bj8IBLhrM0NRbrRCUJuxtt6kKhTZdZOk3/pPUA2Tuh9a
 kHdhKQeqFGKCqCM4UOrKKpyNd1quYOoQ9CtzuMMDvY8cZEabcCZnOoT4SFouoPip
 TrOPgLtrT7jRsgN1/WiNr0Tc/oS3MYzLw4r2ja6yJ+KFaXG1N+p2n9cwYOTQugku
 ZJEACpRWrRQ+J0qBNCid
 =9sbv
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-3.19-20150115' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2015-01-15

this is a pull request of 8 patches.

Ahmed S. Darwish contributes 4 fixes for the kvaser_usb driver. The two patches
by Oliver Hartkopp mark the m_can driver as non-ISO, as the CANFD standard was
updated. Roger Quadros's patch for the c_can driver fixes the register access
during RAMINIT. And one patch by my, which updates the MAINTAINERS file, as we
moved the git repos to the kernel.org infrastructure.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:38:49 -05:00
Or Gerlitz 5eff6dadb9 net/mlx4: Don't disable vxlan offloads under DMFS-A0 optimized steering
Except for VXLAN steering rules, all offloads should work as they were
under plain DMFS mode. Fix that by enabling all the offloads under
DMFS-A0 mode, except for VXLAN steering rules.

Fixes: d57febe1a4 "net/mlx4: Add A0 hybrid steering"
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:35:30 -05:00
David S. Miller aaef66b837 Just two fixes - one for an uninialized variable and
one for a deadlock in regulatory processing.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJUt7Z6AAoJEDBSmw7B7bqrgxoQALEEWcIJ1wmu+M7ijdiXLiUM
 vRNuxGENwIgfdmoTs6R7pgKhEYFzePWccjHOzt9cQB5efdRzDjrxj2fDrPf4o5JB
 7of2uHGoaD2RI2H+pJS1URT8igmxDJii+bOEzHn/WL730Hgr2J2iuJizxZ2lzsVM
 VKkiwOykV3kfN5MGsj7yvJQXR32DlGfmiT86+3bjNhE8hgU38NgE0TeUUnyF0AS9
 jLV5mpJfkLmZyZmnvszV5tiqQQmQAdHImI+vbHuhzNUUAn6RLswxbWBzUrLXpXqu
 5KBR2P/6TU4X89NcYGm+JhTI9PghsMbh1zDuqDQ9gq8j0mrV7Kzh1K6LdYoVpfXf
 s42gHe32+Mh0l6LRTlsjftMxJbFla7I6madPcVTqJCV2y1LocD1BseJ+qX5bngU1
 lBSSbzE9MlAl5gyHVDh1CAV+8FM0CP8Ff3WtAyr8XtDxfAUwmo3xBqmL8pvLq6nh
 49kDqDVOzC5KzASYIjqBwmRMcqW2AnaNQG64iIOzM3ure/l5trncPHHPsMkxgwu+
 dDgEXwjWhJNaxWt7fcTSZndATLCRvkeb6ZeRoqmY6A2GJgzpUIhm6HETXc9BNGbg
 3J56176xx04LYg6U5+vMiU5A+gFjlrUknQ3MGXF0KPgw0MvtSyempobV68Lpul4r
 6DviuT9NiRqxloaBimyx
 =bMKg
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2015-01-15' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Just two fixes - one for an uninialized variable and
one for a deadlock in regulatory processing.

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:28:36 -05:00
Byungho An f7d855566f net: sxgbe: Fix waring for double kfree()
This patch fixes double kfree() calls at init_rx_ring() because
it causes static checker warning.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Byungho An <bh74.an@samsung.com>
Signed-off-by: Kukjin Kim <kgene@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:01:10 -05:00
Girish K.S 1c1832c7cd net: sxgbe: Fix NULL dereferece when using DT
When the MAC address is provided in the device tree file, the
condition is true and kernel crashes due to NULL dereference.

Signed-off-by: Girish K.S <ks.giri@samsung.com>
Signed-off-by: Byungho An <bh74.an@samsung.com>
Signed-off-by: Kukjin Kim <kgene@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 19:01:10 -05:00
Geert Uytterhoeven 01fbd3f55c sh_eth: Fix addition of .trscer_err_mask to wrong SoC data
commit b284fbe3b3 ("sh_eth: Fix access to TRSCER register") wanted
to add a .trscer_err_mask value to the R-Car Gen2 family-specific data
structure (r8a779x_data), but it was accidentally added to the
SH7724-specific data structure (sh7724_data).

Presumably this happened due to a patch conflict with commit
d407bc0203 ("sh-eth: Set fdr_value of R-Car SoCs"), which added
another field at the same position.

Move the field setting to fix this.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Fixes: b284fbe3b3 ("sh_eth: Fix access to TRSCER register")
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 14:09:37 -05:00
Mugunthan V N 9f6bd8fa58 drivers: net: cpsw: fix cpsw hung with add vlan using vconfig
while adding vlan in dual EMAC mode, only specific ports should be
subscribed for the vlan, else it will lead to switching mode and
if both ports connected to same switch cpsw will hung as it creates
a network loop. Fixing this by adding only specific ports in case
of dual EMAC.

Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 13:57:07 -05:00
Hans Holmberg 7b8792bbdf gpiolib: of: Correct error handling in of_get_named_gpiod_flags
of_get_named_gpiod_flags fails with -EPROBE_DEFER in cases
where the gpio chip is available and the GPIO translation fails.

This causes drivers to be re-probed erroneusly, and hides the
real problem(i.e. the GPIO number being out of range).

Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Hans Holmberg <hans.holmberg@intel.com>
Reviewed-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-15 18:31:47 +01:00
Johan Hovold ebbeba120a gpio: sysfs: fix gpio attribute-creation race
Fix attribute-creation race with userspace by using the default group
to create also the contingent gpio device attributes.

Fixes: d8f388d8dc ("gpio: sysfs interface")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-15 17:20:56 +01:00
Johan Hovold 0915e6feb3 gpio: sysfs: fix gpio device-attribute leak
The gpio device attributes were never destroyed when the gpio was
unexported (or on export failures).

Use device_create_with_groups() to create the default device attributes
of the gpio class device. Note that this also fixes the
attribute-creation race with userspace for these attributes.

Remove contingent attributes in export error path and on unexport.

Fixes: d8f388d8dc ("gpio: sysfs interface")
Cc: stable <stable@vger.kernel.org>	# v2.6.27+
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-15 17:20:15 +01:00
Johan Hovold 121b6a7995 gpio: sysfs: fix gpio-chip device-attribute leak
The gpio-chip device attributes were never destroyed when the device was
removed.

Fix by using device_create_with_groups() to create the device attributes
of the chip class device.

Note that this also fixes the attribute-creation race with userspace.

Fixes: d8f388d8dc ("gpio: sysfs interface")
Cc: stable <stable@vger.kernel.org>	# v2.6.27+
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-15 17:19:45 +01:00
Ahmed S. Darwish a58518ccf3 can: kvaser_usb: Don't dereference skb after a netif_rx()
We should not touch the packet after a netif_rx: it might
get freed behind our back.

Suggested-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:58:02 +01:00
Ahmed S. Darwish 5e7e6e0c9b can: kvaser_usb: Don't send a RESET_CHIP for non-existing channels
Recent Leaf firmware versions (>= 3.1.557) do not allow to send
commands for non-existing channels.  If a command is sent for a
non-existing channel, the firmware crashes.

Reported-by: Christopher Storah <Christopher.Storah@invetech.com.au>
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:58:01 +01:00
Ahmed S. Darwish 889b77f7fd can: kvaser_usb: Reset all URB tx contexts upon channel close
Flooding the Kvaser CAN to USB dongle with multiple reads and
writes in very high frequency (*), closing the CAN channel while
all the transmissions are on (#), opening the device again (@),
then sending a small number of packets would make the driver
enter an almost infinite loop of:

[....]
[15959.853988] kvaser_usb 4-3:1.0 can0: cannot find free context
[15959.853990] kvaser_usb 4-3:1.0 can0: cannot find free context
[15959.853991] kvaser_usb 4-3:1.0 can0: cannot find free context
[15959.853993] kvaser_usb 4-3:1.0 can0: cannot find free context
[15959.853994] kvaser_usb 4-3:1.0 can0: cannot find free context
[15959.853995] kvaser_usb 4-3:1.0 can0: cannot find free context
[....]

_dragging the whole system down_ in the process due to the
excessive logging output.

Initially, this has caused random panics in the kernel due to a
buggy error recovery path.  That got fixed in an earlier commit.(%)
This patch aims at solving the root cause. -->

16 tx URBs and contexts are allocated per CAN channel per USB
device. Such URBs are protected by:

a) A simple atomic counter, up to a value of MAX_TX_URBS (16)
b) A flag in each URB context, stating if it's free
c) The fact that ndo_start_xmit calls are themselves protected
   by the networking layers higher above

After grabbing one of the tx URBs, if the driver noticed that all
of them are now taken, it stops the netif transmission queue.
Such queue is worken up again only if an acknowedgment was received
from the firmware on one of our earlier-sent frames.

Meanwhile, upon channel close (#), the driver sends a CMD_STOP_CHIP
to the firmware, effectively closing all further communication.  In
the high traffic case, the atomic counter remains at MAX_TX_URBS,
and all the URB contexts remain marked as active.  While opening
the channel again (@), it cannot send any further frames since no
more free tx URB contexts are available.

Reset all tx URB contexts upon CAN channel close.

(*) 50 parallel instances of `cangen0 -g 0 -ix`
(#) `ifconfig can0 down`
(@) `ifconfig can0 up`
(%) "can: kvaser_usb: Don't free packets when tight on URBs"

Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:58:01 +01:00
Ahmed S. Darwish b442723fce can: kvaser_usb: Don't free packets when tight on URBs
Flooding the Kvaser CAN to USB dongle with multiple reads and
writes in high frequency caused seemingly-random panics in the
kernel.

On further inspection, it seems the driver erroneously freed the
to-be-transmitted packet upon getting tight on URBs and returning
NETDEV_TX_BUSY, leading to invalid memory writes and double frees
at a later point in time.

Note:

Finding no more URBs/transmit-contexts and returning NETDEV_TX_BUSY
is a driver bug in and out of itself: it means that our start/stop
queue flow control is broken.

This patch only fixes the (buggy) error handling code; the root
cause shall be fixed in a later commit.

Acked-by: Olivier Sobrie <olivier@sobrie.be>
Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:58:00 +01:00
Roger Quadros 47e3485af0 can: c_can: use regmap_update_bits() to modify RAMINIT register
use of regmap_read() and regmap_write() in c_can_hw_raminit_syscon()
is not safe as the RAMINIT register can be shared between different drivers
at least for TI SoCs.

To make the modification atomic we switch to using regmap_update_bits().

regmap_update_bits() skips writing to the register if it's read content is the
same as what is going to be written. This causes an issue for us when we
need to clear the DONE bit with the initial condition START:0, DONE:1 as
DONE bit must be written with 1 to clear it.

So we defer the clearing of DONE bit to later when we set the START bit.
There we are sure that START bit is changed from 0 to 1 so the write of
1 to already set DONE bit will happen.

Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:58:00 +01:00
Oliver Hartkopp 6cfda7fbeb can: m_can: tag current CAN FD controllers as non-ISO
During the CAN FD standardization process within the ISO it turned out that
the failure detection capability has to be improved.

The CAN in Automation organization (CiA) defined the already implemented CAN
FD controllers as 'non-ISO' and the upcoming improved CAN FD controllers as
'ISO' compliant. See at http://www.can-cia.com/index.php?id=1937

Finally there will be three types of CAN FD controllers in the future:

1. ISO compliant (fixed)
2. non-ISO compliant (fixed, like the M_CAN IP v3.0.1 in m_can.c)
3. ISO/non-ISO CAN FD controllers (switchable, like the PEAK USB FD)

So the current M_CAN driver for the M_CAN IP v3.0.1 has to expose its non-ISO
implementation by setting the CAN_CTRLMODE_FD_NON_ISO ctrlmode at startup.
As this bit cannot be switched at configuration time CAN_CTRLMODE_FD_NON_ISO
must not be set in ctrlmode_supported of the current M_CAN driver.

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:57:59 +01:00
Oliver Hartkopp 9b1087aa5e can: dev: fix crtlmode_supported check
When changing flags in the CAN drivers ctrlmode the provided new content has to
be checked whether the bits are allowed to be changed. The bits that are to be
changed are given as a bitfield in cm->mask. Therefore checking against
cm->flags is wrong as the content can hold any kind of values.

The iproute2 tool sets the bits in cm->mask and cm->flags depending on the
detected command line options. To be robust against bogus user space
applications additionally sanitize the provided flags with the provided mask.

Cc: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:57:59 +01:00
Marc Kleine-Budde 870482a419 MAINTAINERS: update linux-can git repositories
The linux-can upstream git repositories are now hosted on kernel.org, update
MAINTAINERS accordingly.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-01-15 16:57:58 +01:00
Steven Rostedt (Red Hat) ce1039bd3a tracing: Fix enabling of syscall events on the command line
Commit 5f893b2639 "tracing: Move enabling tracepoints to just after
rcu_init()" broke the enabling of system call events from the command
line. The reason was that the enabling of command line trace events
was moved before PID 1 started, and the syscall tracepoints require
that all tasks have the TIF_SYSCALL_TRACEPOINT flag set. But the
swapper task (pid 0) is not part of that. Since the swapper task is the
only task that is running at this early in boot, no task gets the
flag set, and the tracepoint never gets reached.

Instead of setting the swapper task flag (there should be no reason to
do that), re-enabled trace events again after the init thread (PID 1)
has been started. It requires disabling all command line events and
re-enabling them, as just enabling them again will not reset the logic
to set the TIF_SYSCALL_TRACEPOINT flag, as the syscall tracepoint will
be fooled into thinking that it was already set, and wont try setting
it again. For this reason, we must first disable it and re-enable it.

Link: http://lkml.kernel.org/r/1421188517-18312-1-git-send-email-mpe@ellerman.id.au
Link: http://lkml.kernel.org/r/20150115040506.216066449@goodmis.org

Reported-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-01-15 09:42:50 -05:00
Steven Rostedt (Red Hat) 83829b74f5 tracing: Remove extra call to init_ftrace_syscalls()
trace_init() calls init_ftrace_syscalls() and then calls trace_event_init()
which also calls init_ftrace_syscalls(). It makes more sense to only
call it from trace_event_init().

Calling it twice wastes memory, as it allocates the syscall events twice,
and loses the first copy of it.

Link: http://lkml.kernel.org/r/54AF53BD.5070303@huawei.com
Link: http://lkml.kernel.org/r/20150115040505.930398632@goodmis.org

Reported-by: Wang Nan <wangnan0@huawei.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-01-15 09:41:11 -05:00
Steven Rostedt (Red Hat) 237d28db03 ftrace/jprobes/x86: Fix conflict between jprobes and function graph tracing
If the function graph tracer traces a jprobe callback, the system will
crash. This can easily be demonstrated by compiling the jprobe
sample module that is in the kernel tree, loading it and running the
function graph tracer.

 # modprobe jprobe_example.ko
 # echo function_graph > /sys/kernel/debug/tracing/current_tracer
 # ls

The first two commands end up in a nice crash after the first fork.
(do_fork has a jprobe attached to it, so "ls" just triggers that fork)

The problem is caused by the jprobe_return() that all jprobe callbacks
must end with. The way jprobes works is that the function a jprobe
is attached to has a breakpoint placed at the start of it (or it uses
ftrace if fentry is supported). The breakpoint handler (or ftrace callback)
will copy the stack frame and change the ip address to return to the
jprobe handler instead of the function. The jprobe handler must end
with jprobe_return() which swaps the stack and does an int3 (breakpoint).
This breakpoint handler will then put back the saved stack frame,
simulate the instruction at the beginning of the function it added
a breakpoint to, and then continue on.

For function tracing to work, it hijakes the return address from the
stack frame, and replaces it with a hook function that will trace
the end of the call. This hook function will restore the return
address of the function call.

If the function tracer traces the jprobe handler, the hook function
for that handler will not be called, and its saved return address
will be used for the next function. This will result in a kernel crash.

To solve this, pause function tracing before the jprobe handler is called
and unpause it before it returns back to the function it probed.

Some other updates:

Used a variable "saved_sp" to hold kcb->jprobe_saved_sp. This makes the
code look a bit cleaner and easier to understand (various tries to fix
this bug required this change).

Note, if fentry is being used, jprobes will change the ip address before
the function graph tracer runs and it will not be able to trace the
function that the jprobe is probing.

Link: http://lkml.kernel.org/r/20150114154329.552437962@goodmis.org

Cc: stable@vger.kernel.org # 2.6.30+
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-01-15 09:39:18 -05:00
Steven Rostedt (Red Hat) 7485058eea ftrace: Check both notrace and filter for old hash
Using just the filter for checking for trampolines or regs is not enough
when updating the code against the records that represent all functions.
Both the filter hash and the notrace hash need to be checked.

To trigger this bug (using trace-cmd and perf):

 # perf probe -a do_fork
 # trace-cmd start -B foo -e probe
 # trace-cmd record -p function_graph -n do_fork sleep 1

The trace-cmd record at the end clears the filter before it disables
function_graph tracing and then that causes the accounting of the
ftrace function records to become incorrect and causes ftrace to bug.

Link: http://lkml.kernel.org/r/20150114154329.358378039@goodmis.org

Cc: stable@vger.kernel.org
[ still need to switch old_hash_ops to old_ops_hash ]
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-01-15 09:37:33 -05:00
Steven Rostedt (Red Hat) 8f86f83709 ftrace: Fix updating of filters for shared global_ops filters
As the set_ftrace_filter affects both the function tracer as well as the
function graph tracer, the ops that represent each have a shared
ftrace_ops_hash structure. This allows both to be updated when the filter
files are updated.

But if function graph is enabled and the global_ops (function tracing) ops
is not, then it is possible that the filter could be changed without the
update happening for the function graph ops. This will cause the changes
to not take place and may even cause a ftrace_bug to occur as it could mess
with the trampoline accounting.

The solution is to check if the ops uses the shared global_ops filter and
if the ops itself is not enabled, to check if there's another ops that is
enabled and also shares the global_ops filter. In that case, the
modification still needs to be executed.

Link: http://lkml.kernel.org/r/20150114154329.055980438@goodmis.org

Cc: stable@vger.kernel.org # 3.17+
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-01-15 09:37:07 -05:00
Sriharsha Basavapatna 16dde0d6ac be2net: Allow GRE to work concurrently while a VxLAN tunnel is configured
Other tunnels like GRE break while VxLAN offloads are enabled in Skyhawk-R. To
avoid this, we should restrict offload features on a per-packet basis in such
conditions.

Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-15 01:55:05 -05:00
Linus Torvalds f800c25b7a Merge branch 'thermal-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
Pull thermal fixes from Zhang Rui:
 "Specifics:

   - bogus type qualifier fix in OF thermal code.
   - Minor fixes on imx and rcar thermal drivers.
   - Update TI SoC thermal maintainer entry.
   - Updated documentation of OF cpufreq cooling register"

* 'thermal-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
  thermal: rcar: Spelling/grammar: s/drier use .../driver uses ...s/
  thermal: rcar: change type of ctemp in rcar_thermal_update_temp()
  thermal: rcar: fix ENR register value
  Documentation: thermal: document of_cpufreq_cooling_register()
  Thermal: imx: add clk disable/enable for suspend/resume
  MAINTAINERS: update ti-soc-thermal status
  MAINTAINERS: Add linux-omap to list of reviewers for TI Thermal
  thermal: of: Remove bogus type qualifier for of_thermal_get_trip_points()
2015-01-15 19:20:26 +13:00
Greg Kroah-Hartman f8359dae68 usb: fixes for v3.19-rc6
The final set of fixes for v3.19. Two of the fixes are
 related to dwc3 scatter/gather implementation when we have
 more requests queued than available TRBs, while the other
 is a build fix for mv-usb PHY.
 
 Signed-off-by: Felipe Balbi <balbi@ti.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUtqoQAAoJEIaOsuA1yqRENP4QAJSfu3O8cOepIVnyIAZfnEdT
 BauykTwkZj/LfH2B+6v6cacFVCSr7nuRb7bZ+dTgVykqClzCEIySqahnQEAt65u9
 ergvINYZpi/t7B6DsNK7OHYyIyXKnFGmBr3R8jiHBRbJ832e/3bIZ/0pdFAmwpah
 qhoGtjg0wNolF4ILXAFu3ghB/AkWBulCAwumMpldv+5p6wNzJRV72Vnto0pPpqYo
 C8W6f1aXXx3C8kqv5cU60lmPT85q+CCjtaLPoCneo7KTtSqM4xQgf78M02LUNYFl
 1qymKr3rWxYic6b+VEODA9y/NTBhQz0fy5JhEide6T8+eaQc+QpYSGAO+bxVK1fi
 CHpdF7Yg83TAwT/HCztirqMl1TmkXc2x/NFgzY0di5NMqgDhodC+3vVtnHZPoX5S
 W0g5D4QlGk0mYANx4kvijvLGBbjR/OtAv6OrK96Qvia1Vv9Nb4jrxg4PN/jbwXbR
 nQ8qtU1a1AIqBYE92GIjFIiZIxFPpWzddlnRcbX1wh/1Qr2C8jsFnNQ6QwS2tyw2
 HH0pVRpCLCA0oLgrCE47Y+aSHaJ5t7EsxYmb+fhi/5prOHdsggHTBQSPl526NiK+
 UJ8HWm2h6sel1/JdEITT+plrn62b8UL7Vd5hYQrVewgkyDrXSIpVRYA1V1dBg40U
 kEQDS7JvFdFP46IRh/Cw
 =iLKs
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v3.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus

Felipe writes:

usb: fixes for v3.19-rc6

The final set of fixes for v3.19. Two of the fixes are
related to dwc3 scatter/gather implementation when we have
more requests queued than available TRBs, while the other
is a build fix for mv-usb PHY.

Signed-off-by: Felipe Balbi <balbi@ti.com>
2015-01-14 16:27:23 -08:00
Greg Kroah-Hartman 919ba4ee1b USB-serial fixes for v3.18-rc5
Here are a few fixes for reported problems including a possible
 null-deref on probe with keyspan, a misbehaving modem, and a couple of
 issues with the USB console.
 
 Some new device IDs are also added.
 
 Signed-off-by: Johan Hovold <johan@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJUtivAAAoJEEEN5E/e4bSV6eEQALGHzwqFXAZvWQRuAIA6yEYy
 7KFDtU2bPBLorm6vDFPc9J3Q8Nh8cSwoMneJrrdKZiXoEoRrK5R9Mj34ENTrNNCX
 HwbjHx0QS3OysG3L09uciMxZbtHBZvr72s08QEJrLM9jgzKWdOBJORNeuUihw6vr
 YnxbAvpM4XPmb2PZ3GcvtP9tY12Kbh6Gb8kViaxn9jXFrLyjdsZq9TBqFlmFpwzs
 rk1wSIyo3dnQ41umKcalwqqni03pmdh+JMhXsWUXtFYExknvxQIpvzivUPHjX9pp
 OA1y8AX5l2MAUH2DVPSmPPwjDu4AMT3MLkdzonPNPSmvRPPoygEINaAVY6yxhImj
 nnXUCQKz4YEPBw9YGh4lsYLJlTthV+oit2QS65aJf/itBJYo0lGZUKFX9luHBQZD
 dQ7xYwT9fAmpUZVhNSZDVf6uDCv6fOn3Q5/R5ivTRdLjlTys6xS7FTDVgqzAB0tL
 ztM2P8ujexUt4CYMT28lqy8JbLsTqCRjoyKuuDeiIa1/QaanxIRXeUfj6TUYR9Rz
 9LT+a0V05fWakzzCgyKFD6ul8l1KLzu2pV2Xk35JB+0oyRFr495wcGqS+la85djS
 KXG664RNOtXrsmbjKQFTsJ3MdShcbbyS9gOubLWlp74lNsMVKl5MLACUAyOWuB6o
 HYYC0VCVce1rJKI08s3P
 =umHr
 -----END PGP SIGNATURE-----

Merge tag 'usb-serial-3.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus

Johan writes:

USB-serial fixes for v3.18-rc5

Here are a few fixes for reported problems including a possible
null-deref on probe with keyspan, a misbehaving modem, and a couple of
issues with the USB console.

Some new device IDs are also added.

Signed-off-by: Johan Hovold <johan@kernel.org>
2015-01-14 15:39:23 -08:00
Linus Torvalds a6391a924c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Don't use uninitialized data in IPVS, from Dan Carpenter.

 2) conntrack race fixes from Pablo Neira Ayuso.

 3) Fix TX hangs with i40e, from Jesse Brandeburg.

 4) Fix budget return from poll calls in dnet and alx, from Eric
    Dumazet.

 5) Fix bugus "if (unlikely(x) < 0)" test in AF_PACKET, from Christoph
    Jaeger.

 6) Fix bug introduced by conversion to list_head in TIPC retransmit
    code, from Jon Paul Maloy.

 7) Don't use GFP_NOIO under spinlock in USB kaweth driver, from Alexey
    Khoroshilov.

 8) Fix bridge build with INET disabled, from Arnd Bergmann.

 9) Fix netlink array overrun for PROBE attributes in openvswitch, from
    Thomas Graf.

10) Don't hold spinlock across synchronize_irq() in tg3 driver, from
    Prashant Sreedharan.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  tg3: Release tp->lock before invoking synchronize_irq()
  tg3: tg3_reset_task() needs to use rtnl_lock to synchronize
  tg3: tg3_timer() should grab tp->lock before checking for tp->irq_sync
  team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin
  openvswitch: packet messages need their own probe attribtue
  i40e: adds FCoE configure option
  cxgb4vf: Fix queue allocation for 40G adapter
  netdevice: Add missing parentheses in macro
  bridge: only provide proxy ARP when CONFIG_INET is enabled
  neighbour: fix base_reachable_time(_ms) not effective immediatly when changed
  net: fec: fix MDIO bus assignement for dual fec SoC's
  xen-netfront: use different locks for Rx and Tx stats
  drivers: net: cpsw: fix multicast flush in dual emac mode
  cxgb4vf: Initialize mdio_addr before using it
  net: Corrected the comment describing the ndo operations to reflect the actual prototype for couple of operations
  usb/kaweth: use GFP_ATOMIC under spin_lock in usb_start_wait_urb()
  MAINTAINERS: add me as ibmveth maintainer
  tipc: fix bug in broadcast retransmit code
  update ip-sysctl.txt documentation (v2)
  net/at91_ether: prepare and unprepare clock
  ...
2015-01-15 11:17:37 +13:00
David S. Miller c637dbcedf Merge branch 'tg3-net'
Prashant Sreedharan says:

====================
tg3: synchronize_irq() should be called without taking locks

v2: Added Reported-by, Tested-by fields and reference to the thread that
    reported the problem

This series addresses the problem reported by Peter Hurley in mail thread
https://lkml.org/lkml/2015/1/12/1082
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 17:05:55 -05:00
Prashant Sreedharan 932f19de6a tg3: Release tp->lock before invoking synchronize_irq()
synchronize_irq() can sleep waiting, for pending IRQ handlers so driver
should release the tp->lock spin lock before invoking synchronize_irq()

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 17:05:51 -05:00
Prashant Sreedharan db84bf43ef tg3: tg3_reset_task() needs to use rtnl_lock to synchronize
Currently tg3_reset_task() uses only tp->lock for synchronizing with code
paths like tg3_open() etc. But since tp->lock is released before doing
synchronize_irq(), rtnl_lock should be taken in tg3_reset_task() to
synchronize it with other code paths.

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 17:05:51 -05:00
Prashant Sreedharan 4fd190a938 tg3: tg3_timer() should grab tp->lock before checking for tp->irq_sync
This is to avoid the race between tg3_timer() and the execution paths
which does not invoke tg3_timer_stop() and releases tp->lock before
calling synchronize_irq()

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 17:05:50 -05:00
Linus Torvalds 48c53db220 Two bugfixes for arm64. I will have another pull request next week,
but otherwise things are calm.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJUtonAAAoJEL/70l94x66DeaUH/0ZKXvCUkrfhXMwjgWFkEA/X
 zF3wm6Et7tn+5UdRTPaO9ko9HmmIZJBlZqVu9+RFFbPBFthzZDdGGXUUjVoKvWgS
 2dMejNvf3a+tw9ovXCQwr7Uy1TTqysIQP+0fcOTRJlH4peh1RTEr1JF5IEI3pM0q
 gWAsQIqijiDUg8rLYQOBBqL/Mz2j09K4YYORS548JESXdQBcBJf3nkAeaeh7RNhw
 QDt2dH9rCgLFAWdmg0wmKq12CCcHr01aZav11u30OLUEr9OcGpl9ohMqiFYJr1o9
 9aV/xk7BDBgxEXZpkpth3ziovAQ8Z6MmczykSZFLNMElhYi0V3DMNYm13SCTLBM=
 =uUFZ
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "Two bugfixes for arm64.  I will have another pull request next week,
  but otherwise things are calm"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm64: KVM: Fix HCR setting for 32bit guests
  arm64: KVM: Fix TLB invalidation by IPA/VMID
2015-01-15 10:54:30 +13:00
Jiri Pirko b0d11b4278 team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin
This patch is fixing a race condition that may cause setting
count_pending to -1, which results in unwanted big bulk of arp messages
(in case of "notify peers").

Consider following scenario:

count_pending == 2
   CPU0                                           CPU1
					team_notify_peers_work
					  atomic_dec_and_test (dec count_pending to 1)
					  schedule_delayed_work
 team_notify_peers
   atomic_add (adding 1 to count_pending)
					team_notify_peers_work
					  atomic_dec_and_test (dec count_pending to 1)
					  schedule_delayed_work
					team_notify_peers_work
					  atomic_dec_and_test (dec count_pending to 0)
   schedule_delayed_work
					team_notify_peers_work
					  atomic_dec_and_test (dec count_pending to -1)

Fix this race by using atomic_dec_if_positive - that will prevent
count_pending running under 0.

Fixes: fc423ff00d ("team: add peer notification")
Fixes: 492b200efd  ("team: add support for sending multicast rejoins")
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 16:53:57 -05:00
Linus Torvalds 6fb400d36d Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
 "Two small performance tweaks, the plumbing for the execveat system
  call and a couple of bug fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/uprobes: fix user space PER events
  s390/bpf: Fix JMP_JGE_X (A > X) and JMP_JGT_X (A >= X)
  s390/bpf: Fix ALU_NEG (A = -A)
  s390/mm: avoid using pmd_to_page for !USE_SPLIT_PMD_PTLOCKS
  s390/timex: fix get_tod_clock_ext() inline assembly
  s390: wire up execveat syscall
  s390/kernel: use stnsm 255 instead of stosm 0
  s390/vtime: Get rid of redundant WARN_ON
  s390/zcrypt: kernel oops at insmod of the z90crypt device driver
2015-01-15 10:50:29 +13:00
Thomas Graf 1ba398041f openvswitch: packet messages need their own probe attribtue
User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.

Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining to be binary compatible with existing OVS binaries.

Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Tracked-down-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 16:49:44 -05:00
Vasu Dev 776d4e9f5c i40e: adds FCoE configure option
Adds FCoE config option I40E_FCOE, so that FCoE can be enabled
as needed but otherwise have it disabled by default.

This also eliminate multiple FCoE config checks, instead now just
one config check for CONFIG_I40E_FCOE.

The I40E FCoE was added with 3.17 kernel and therefore this patch
shall be applied to stable 3.17 kernel also.

CC: <stable@vger.kernel.org>
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Tested-by: Jim Young <jamesx.m.young@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 16:48:39 -05:00
Hariprasad Shenai 14b3812f7a cxgb4vf: Fix queue allocation for 40G adapter
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 16:48:08 -05:00
Linus Torvalds fb005c47f7 File-locking related bugfix for v3.19 (and v3.18-stable)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUtmOYAAoJEAAOaEEZVoIV+PwP/1YEQw67tfWoz9M67xhKZ4w7
 KO4+dXnCQFLM0zU29f7o4Yw9tWlh2SSsR07oH8YdnQBrZPxC5CI5tMg9ghDXT/9a
 jBIjsO7gM1Kgi822R2webQ6hcEwutVfOZT37Pk/ZA9jPGUuWaAexJRF8G5VzOW3O
 a4J8pYDT34coo3PsFhUfird5sgLLISCmTQ1izhDd1hE9bpgieL4rimOji84Gprqd
 InXiQvtTvAdDJMWWogEfDNbAO5LzAXy2+5/Jxe3aBKnkS3C0nHIcvBPVeM9s6Dnx
 k0vm47FTA91NTsDF3ybDSTc7QRSw8I7W2IawDoEXoMtW4TgSbE9Yd0/VeP0gFA0v
 QRm80I1pwCBEMA3E6LiDHdsZb8cPTQK4NrR91wlDKq1ln5+4QpIe33YLPk1iv39l
 XagWuxcrub3oxBlxghNw9VQI7rWbpXWtFL7GgaQI+rH8xVRojxa8CvVNxYYvMow+
 5YfrKwgWEm7wksvrzs5dHK/qzl3tlWf2oOe0DMmcy88u74q47AWOTL+N/SQXGIq2
 XJBjiK0ZcSlcF2rT5Ti9WsiJtUvB88duKq9vXIQDJ/8qV5EFKuLIDsRvCgaHNxqz
 NFNb80Dsr+BjZhnWihBpe/l/cs2ECagYE23MlBRmI+gfnL7iGZv/99zG3vx9um1Y
 AJntD7x0JF7cKGc78Epg
 =k0Aw
 -----END PGP SIGNATURE-----

Merge tag 'locks-v3.19-1' of git://git.samba.org/jlayton/linux

Pull file locking fix from Jeff Layton:
 "Just a simple bugfix for a regression that I introduced into v3.18
  with the internal lease API overhaul -- mea culpa.  Kudos to Linda and
  Neil for tracking this down and fixing it"

* tag 'locks-v3.19-1' of git://git.samba.org/jlayton/linux:
  locks: fix NULL-deref in generic_delete_lease
2015-01-15 10:38:07 +13:00
Benjamin Poirier 4ccce02eb3 netdevice: Add missing parentheses in macro
For example, one could conceivably call
	for_each_netdev_in_bond_rcu(condition ? bond1 : bond2, slave)
and get an unexpected result.

Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 16:34:41 -05:00
Linus Torvalds 31238e61b5 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block layer fixes from Jens Axboe:
 "The major part is an update to the NVMe driver, fixing various issues
  around surprise removal and hung controllers.  Most of that is from
  Keith, and parts are simple blk-mq fixes or exports/additions of minor
  functions to aid this effort, and parts are changes directly to the
  NVMe driver.

  Apart from the above, this contains:

   - Small blk-mq change from me, killing an unused member of the
     hardware queue structure.

   - Small fix from Ming Lei, fixing up a few drivers that didn't
     properly check for ERR_PTR() returns from blk_mq_init_queue()"

* 'for-linus' of git://git.kernel.dk/linux-block:
  NVMe: Fix locking on abort handling
  NVMe: Start and stop h/w queues on reset
  NVMe: Command abort handling fixes
  NVMe: Admin queue removal handling
  NVMe: Reference count admin queue usage
  NVMe: Start all requests
  blk-mq: End unstarted requests on a dying queue
  blk-mq: Allow requests to never expire
  blk-mq: Add helper to abort requeued requests
  blk-mq: Let drivers cancel requeue_work
  blk-mq: Export if requests were started
  blk-mq: Wake tasks entering queue on dying
  blk-mq: get rid of ->cmd_size in the hardware queue
  block: fix checking return value of blk_mq_init_queue
  block: wake up waiters when a queue is marked dying
  NVMe: Fix double free irq
  blk-mq: Export freeze/unfreeze functions
  blk-mq: Exit queue on alloc failure
2015-01-15 10:27:56 +13:00
Arnd Bergmann d92cfdbbea bridge: only provide proxy ARP when CONFIG_INET is enabled
When IPV4 support is disabled, we cannot call arp_send from
the bridge code, which would result in a kernel link error:

net/built-in.o: In function `br_handle_frame_finish':
:(.text+0x59914): undefined reference to `arp_send'
:(.text+0x59a50): undefined reference to `arp_tbl'

This makes the newly added proxy ARP support in the bridge
code depend on the CONFIG_INET symbol and lets the compiler
optimize the code out to avoid the link error.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 958501163d ("bridge: Add support for IEEE 802.11 Proxy ARP")
Cc: Kyeyoon Park <kyeyoonp@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-14 15:08:02 -05:00
Amit Virdi 39e60635a0 usb: dwc3: gadget: Stop TRB preparation after limit is reached
DWC3 gadget sets up a pool of 32 TRBs for each EP during initialization. This
means, the max TRBs that can be submitted for an EP is fixed to 32. Since the
request queue for an EP is a linked list, any number of requests can be queued
to it by the gadget layer.  However, the dwc3 driver must not submit TRBs more
than the pool it has created for. This limit wasn't respected when SG was used
resulting in submitting more than the max TRBs, eventually leading to
non-transfer of the TRBs submitted over the max limit.

Root cause:
When SG is used, there are two loops iterating to prepare TRBs:
 - Outer loop over the request_list
 - Inner loop over the SG list
The code was missing break to get out of the outer loop.

Fixes: eeb720fb21 (usb: dwc3: gadget: add support for SG lists)
Cc: <stable@vger.kernel.org> # v3.9+
Signed-off-by: Amit Virdi <amit.virdi@st.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
2015-01-14 11:29:05 -06:00
Amit Virdi ec512fb8e5 usb: dwc3: gadget: Fix TRB preparation during SG
When scatter gather (SG) is used, multiple TRBs are prepared from one DWC3
request (dwc3_request). So while preparing TRBs, the 'last' flag should be set
only when it is the last TRB being prepared from the last dwc3_request entry.

The current implementation uses list_is_last to check if the dwc3_request is the
last entry from the request_list. However, list_is_last returns false for the
last entry too. This is because, while preparing the first TRB from a request,
the function dwc3_prepare_one_trb modifies the request's next and prev pointers
while moving the URB to req_queued. Hence, list_is_last always returns false no
matter what.

The correct way is not to access the modified pointers of dwc3_request but to
use list_empty macro instead.

Fixes: e5ba5ec833 (usb: dwc3: gadget: fix scatter gather implementation)
Signed-off-by: Amit Virdi <amit.virdi@st.com>
Cc: <stable@vger.kernel.org> # v3.9+
Signed-off-by: Felipe Balbi <balbi@ti.com>
2015-01-14 11:28:23 -06:00
Johan Hovold 01cca93a94 gpio: unregister gpiochip device before removing it
Unregister gpiochip device (used to export information through sysfs)
before removing it internally. This way removal will reverse addition.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-14 14:27:01 +01:00
Johan Hovold 6798acaa01 gpio: fix sleep-while-atomic in gpiochip_remove
Move direct and indirect calls to gpiochip_remove_pin_ranges outside of
spin lock as they can end up taking a mutex in pinctrl_remove_gpio_range.

Note that the pin ranges are already added outside of the lock.

Fixes: 9ef0d6f762 ("gpiolib: call pin removal in chip removal function")
Fixes: f23f1516b6 ("gpiolib: provide provision to register pin ranges")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-14 14:26:25 +01:00
Johan Hovold 00acc3dc24 gpio: fix memory leak and sleep-while-atomic
Fix memory leak and sleep-while-atomic in gpiochip_remove.

The memory leak was introduced by afa82fab5e ("gpio / ACPI: Move event
handling registration to gpiolib irqchip helpers") that moved the
release of acpi interrupt resources to gpiochip_irqchip_remove, but by
then the resources are no longer accessible as the acpi_gpio_chip has
already been freed by acpi_gpiochip_remove.

Note that this also fixes a few potential sleep-while-atomics, which has
been around since 1425052097 ("gpio: add IRQ chip helpers in gpiolib")
when the call to gpiochip_irqchip_remove while holding a spinlock was
added (a couple of irq-domain paths can end up grabbing mutexes).

Fixes: afa82fab5e ("gpio / ACPI: Move event handling registration to
gpiolib irqchip helpers")
Fixes: 1425052097 ("gpio: add IRQ chip helpers in gpiolib")
Cc: stable <stable@vger.kernel.org>

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-14 14:25:48 +01:00
Johan Hovold 05aa520334 gpio: clean up gpiochip_add error handling
Clean up gpiochip_add error handling.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-01-14 14:25:09 +01:00