Commit Graph

362729 Commits

Author SHA1 Message Date
Linus Torvalds a49b7e82ca kobject: fix kset_find_obj() race with concurrent last kobject_put()
Anatol Pomozov identified a race condition that hits module unloading
and re-loading.  To quote Anatol:

 "This is a race codition that exists between kset_find_obj() and
  kobject_put().  kset_find_obj() might return kobject that has refcount
  equal to 0 if this kobject is freeing by kobject_put() in other
  thread.

  Here is timeline for the crash in case if kset_find_obj() searches for
  an object tht nobody holds and other thread is doing kobject_put() on
  the same kobject:

    THREAD A (calls kset_find_obj())     THREAD B (calls kobject_put())
    splin_lock()
                                         atomic_dec_return(kobj->kref), counter gets zero here
                                         ... starts kobject cleanup ....
                                         spin_lock() // WAIT thread A in kobj_kset_leave()
    iterate over kset->list
    atomic_inc(kobj->kref) (counter becomes 1)
    spin_unlock()
                                         spin_lock() // taken
                                         // it does not know that thread A increased counter so it
                                         remove obj from list
                                         spin_unlock()
                                         vfree(module) // frees module object with containing kobj

    // kobj points to freed memory area!!
    kobject_put(kobj) // OOPS!!!!

  The race above happens because module.c tries to use kset_find_obj()
  when somebody unloads module.  The module.c code was introduced in
  commit 6494a93d55fa"

Anatol supplied a patch specific for module.c that worked around the
problem by simply not using kset_find_obj() at all, but rather than make
a local band-aid, this just fixes kset_find_obj() to be thread-safe
using the proper model of refusing the get a new reference if the
refcount has already dropped to zero.

See examples of this proper refcount handling not only in the kref
documentation, but in various other equivalent uses of this pattern by
grepping for atomic_inc_not_zero().

[ Side note: the module race does indicate that module loading and
  unloading is not properly serialized wrt sysfs information using the
  module mutex.  That may require further thought, but this is the
  correct fix at the kobject layer regardless. ]

Reported-analyzed-and-tested-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-13 15:15:30 -07:00
Thomas Petazzoni 2e0cbf2cc2 net: mvmdio: add select PHYLIB
The mvmdio driver uses the phylib API, so it should select the PHYLIB
symbol, otherwise, a build with mvmdio (but without mvneta) fails to
build with undefined symbols such as mdiobus_unregister, mdiobus_free,
etc.

The mvneta driver does not use the phylib API directly, so it does not
need to select PHYLIB. It already selects the mvmdio driver anyway.

Historically, this problem is due to the fact that the PHY handling
was originally part of mvneta, and was later moved to a separate
driver, without updating the Kconfig select statements
accordingly. And since there was no functional reason to use mvmdio
without mvneta, this case was not tested.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-13 16:48:06 -04:00
Josef Bacik 4bc4bee459 Btrfs: make sure nbytes are right after log replay
While trying to track down a tree log replay bug I noticed that fsck was always
complaining about nbytes not being right for our fsynced file.  That is because
the new fsync stuff doesn't wait for ordered extents to complete, so the inodes
nbytes are not necessarily updated properly when we log it.  So to fix this we
need to set nbytes to whatever it is on the inode that is on disk, so when we
replay the extents we can just add the bytes that are being added as we replay
the extent.  This makes it work for the case that we have the wrong nbytes or
the case that we logged everything and nbytes is actually correct.  With this
I'm no longer getting nbytes errors out of btrfsck.

Cc: stable@vger.kernel.org
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
2013-04-13 07:35:06 -04:00
Dave Hansen 1de14c3c5c x86-32: Fix possible incomplete TLB invalidate with PAE pagetables
This patch attempts to fix:

	https://bugzilla.kernel.org/show_bug.cgi?id=56461

The symptom is a crash and messages like this:

	chrome: Corrupted page table at address 34a03000
	*pdpt = 0000000000000000 *pde = 0000000000000000
	Bad pagetable: 000f [#1] PREEMPT SMP

Ingo guesses this got introduced by commit 611ae8e3f5 ("x86/tlb:
enable tlb flush range support for x86") since that code started to free
unused pagetables.

On x86-32 PAE kernels, that new code has the potential to free an entire
PMD page and will clear one of the four page-directory-pointer-table
(aka pgd_t entries).

The hardware aggressively "caches" these top-level entries and invlpg
does not actually affect the CPU's copy.  If we clear one we *HAVE* to
do a full TLB flush, otherwise we might continue using a freed pmd page.
(note, we do this properly on the population side in pud_populate()).

This patch tracks whenever we clear one of these entries in the 'struct
mmu_gather', and ensures that we follow up with a full tlb flush.

BTW, I disassembled and checked that:

	if (tlb->fullmm == 0)
and
	if (!tlb->fullmm && !tlb->need_flush_all)

generate essentially the same code, so there should be zero impact there
to the !PAE case.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Artem S Tashkinov <t.artem@mailcity.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-12 16:56:47 -07:00
Linus Torvalds bf81710c4b Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target fixes from Nicholas Bellinger:
 "Here are remaining target-pending items for v3.9-rc7 code.

  The tcm_vhost patches are more than I'd usually include in a -rc7
  pull, but are changes required for v3.9 to work correctly with the
  pending vhost-scsi-pci QEMU upstream series merge.  (Paolo CC'ed)

  Plus Asias's conversion to use vhost_virtqueue->private_data + RCU for
  managing vhost-scsi endpoints has gotten alot of review + testing over
  the past weeks, and MST has ACKed the full series.

  Also, there is a target patch to fix a long-standing bug within
  control CDB handling with Standby/Offline/Transition ALUA port access
  states, that had been incorrectly rejecting the control CDBs required
  for LUN scan to work during these port group states.  CC'ing to
  stable."

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target: Fix incorrect fallthrough of ALUA Standby/Offline/Transition CDBs
  tcm_vhost: Send bad target to guest when cmd fails
  tcm_vhost: Add vhost_scsi_send_bad_target() helper
  tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq
  tcm_vhost: Remove double check of response
  tcm_vhost: Initialize vq->last_used_idx when set endpoint
  tcm_vhost: Use vq->private_data to indicate if the endpoint is setup
  tcm_vhost: Use ACCESS_ONCE for vs->vs_tpg[target] access
2013-04-12 15:26:42 -07:00
Linus Torvalds 90f340e22c SCSI fixes on 20130412
This is a set of ten bug fixes (and two consisting of copyright year update
 and version number change) pretty much all of which involve either a crash or
 a hang except the removal of the random sleep from the qla2xxx driver (which
 is a coding error so bad, we want it gone before anyone has a chance to copy
 it).
 
 Signed-off-by: James Bottomley <JBottomley@Parallels.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQEcBAABAgAGBQJRaE+2AAoJEDeqqVYsXL0MeuoH/2kwVhnqMrlzu+5ROY+0+MsY
 7rqSJImGvEWYAU/MawV1ujV0rMpxupZ1qMJvRtcZapyiMtz/Ms9lVm4YIqdPWnIr
 HCxSIviC5RtAkRObFX6vQoYXhRL73TyyndV/1lM363sDyLgIKfb6F3F7jsPV04DI
 28AqIzi7tVfhgLhI4whcbVGxocqldbwmJehZPVqzNskPbj/7l2S21IVezc9jwIhz
 LjP6kYr9l9NtSDI2XvjiQ0TMTpJs+F+9rR1cPuT8CcEIzOBSql2Vpi186qO97rdI
 owzzLKrm/jo7bjMkIuaf7FbGw+l5TjteR71KVRTaYgqotRRd7W1UT6A7xjqM4EI=
 =6vuV
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of ten bug fixes (and two consisting of copyright year
  update and version number change) pretty much all of which involve
  either a crash or a hang except the removal of the random sleep from
  the qla2xxx driver (which is a coding error so bad, we want it gone
  before anyone has a chance to copy it)."

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put()
  [SCSI] libsas: fix handling vacant phy in sas_set_ex_phy()
  [SCSI] ibmvscsi: Fix slave_configure deadlock
  [SCSI] qla2xxx: Update the driver version to 8.04.00.13-k.
  [SCSI] qla2xxx: Remove debug code that msleeps for random duration.
  [SCSI] qla2xxx: Update copyright dates information in LICENSE.qla2xxx file.
  [SCSI] qla2xxx: Fix crash during firmware dump procedure.
  [SCSI] Revert "qla2xxx: Add setting of driver version string for vendor application."
  [SCSI] ipr: dlpar failed when adding an adapter back
  [SCSI] ipr: fix addition of abort command to HRRQ free queue
  [SCSI] st: Take additional queue ref in st_probe
  [SCSI] libsas: use right function to alloc smp response
  [SCSI] ipr: ipr_test_msi() fails when running with msi-x enabled adapter
2013-04-12 15:18:56 -07:00
Linus Torvalds 0b1fd266bf Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
Pull CIFS fix from Steve French:
 "Fixes a regression in cifs in which a password which begins with a
  comma is parsed incorrectly as a blank password"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Allow passwords which begin with a delimitor
2013-04-12 15:18:20 -07:00
Steven Rostedt (Red Hat) 7f49ef69db ftrace: Move ftrace_filter_lseek out of CONFIG_DYNAMIC_FTRACE section
As ftrace_filter_lseek is now used with ftrace_pid_fops, it needs to
be moved out of the #ifdef CONFIG_DYNAMIC_FTRACE section as the
ftrace_pid_fops is defined when DYNAMIC_FTRACE is not.

Cc: stable@vger.kernel.org
Cc: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-04-12 17:12:41 -04:00
David Ward fb745e9a03 net/802/mrp: fix possible race condition when calling mrp_pdu_queue()
(Adapted from a very similar change to net/802/garp.c by Cong Wang.)

mrp_pdu_queue() should ways be called with the applicant spin lock.
mrp_uninit_applicant() only holds the rtnl lock which is not enough;
a race is possible because mrp_rcv() is called in BH context:

	mrp_rcv()
	  |->mrp_pdu_parse_msg()
	    |->mrp_pdu_parse_vecattr()
	      |->mrp_pdu_parse_vecattr_event()
	        |-> mrp_attr_event()
	          |-> mrp_pdu_append_vecattr_event()
	            |-> mrp_pdu_queue()

Cc: Cong Wang <amwang@redhat.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-12 15:10:48 -04:00
Wei Yongjun 3be8fbab18 tuntap: fix error return code in tun_set_iff()
Fix to return a negative error code from the error handling
case instead of 0, as returned elsewhere in this function.

[ Bug added in linux-3.8 , commit 4008e97f86
  ("tuntap: fix ambigious multiqueue API") ]

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-12 15:00:04 -04:00
Ivan Vecera f11a869d4e be2net: take care of __vlan_put_tag return value
The driver should use return value of __vlan_put_tag with appropriate
NULL-check instead of old skb pointer.

Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-12 14:55:25 -04:00
Namhyung Kim 6a76f8c0ab tracing: Fix possible NULL pointer dereferences
Currently set_ftrace_pid and set_graph_function files use seq_lseek
for their fops.  However seq_open() is called only for FMODE_READ in
the fops->open() so that if an user tries to seek one of those file
when she open it for writing, it sees NULL seq_file and then panic.

It can be easily reproduced with following command:

  $ cd /sys/kernel/debug/tracing
  $ echo 1234 | sudo tee -a set_ftrace_pid

In this example, GNU coreutils' tee opens the file with fopen(, "a")
and then the fopen() internally calls lseek().

Link: http://lkml.kernel.org/r/1365663302-2170-1-git-send-email-namhyung@kernel.org

Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Namhyung Kim <namhyung.kim@lge.com>
Cc: stable@vger.kernel.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-04-12 14:43:34 -04:00
David S. Miller d900d12052 Merge branch 'fixes-for-3.9' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:

====================
here's another fix for the v3.9 release cycle, if not too late:

Christoph Fritz fixed the device tree property handling on little endian
systems in the sja1000 device tree driver. It was Mylene Josserand who noticed
that the mcp251x spi CAN driver cannot request its interrupt anymore, as the
driver is using a threaded interrupt handler without a primary one and without
specifying IRQF_ONESHOT (which is needed since v3.5). A patch by me fixes this
problem.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-12 14:29:28 -04:00
David S. Miller 8b5b8c2990 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf into netfilter
Pablo Neira Ayuso says:

====================
The following patchset contains late netfilter fixes for your net
tree, they are:

* Don't drop segmented TCP packets in the SIP helper, we've got reports
  from users that this was breaking communications when the SIP phone
  messages are larger than the MTU, from Patrick McHardy.

* Fix refcount leak in the ipset list set, from Jozsef Kadlecsik.

* On hash set resizing, the nomatch flag was lost, thus entirely inverting
  the logic of the set matching, from Jozsef Kadlecsik.

* Fix crash on NAT modules removal. Timer expiration may race with the
  module cleanup exit path while deleting conntracks, from Florian
  Westphal.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-12 14:26:39 -04:00
Felix Fietkau f09a878511 ath9k_hw: change AR9580 initvals to fix a stability issue
The hardware parsing of Control Wrapper Frames needs to be disabled, as
it has been causing spurious decryption error reports. The initvals for
other chips have been updated to disable it, but AR9580 was left out for
some reason.

Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-04-12 13:22:09 -04:00
John W. Linville bef086e08e Merge branch 'for-john' of git://x-git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2013-04-12 13:20:51 -04:00
Linus Torvalds 6074fffbf8 Sound fixes for 3.9-rc7
This contains a few small ASoC fixes (wm8903, wm5102, samsung-i2s,
 tegra, and soc-compress) and an endian fix for NI USB-audio devices,
 update for Mark's e-mail address.
 
 No scary changes, AFAIS.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZ/YNAAoJEGwxgFQ9KSmkPCkQAKt4bPwzCkTaznQlvNGZKI3E
 SGEfhmvqn4DgzwJh6g93MR+zeZqPTA0pBb8ThINf7D2UpmE5YolwawZqvw1fIaBE
 /nb3D+oEGDFfZxbmfF+dTwPa8ObBZGC/zROxG7uDigtcJZ+l4pJXUFtTkV7oXLY/
 aBDbS9k8pZjwnyGMxD31TmcbKiWtRZ01CzksN/h1bMVIhSNUndnhENhtEV9/fMYJ
 7jlcwKX9efrM2kmee2rpdupJ2f8yXxrg5O0SVEg4MuahoKBvOMYgvLrDLknwOHqU
 fT8aCc7pXo4p4nShtJZT3nfBjIuapmTCA1gLKn0wgrGMjLegXaxxHdpfs3xftrhS
 TuOpuLTqtSIcGDWmvjkIrtm61XSMVpJT4I4UQq4M/b4ZvQnMiV57gtMB7YWbX0D0
 WDvnm0/re5TRbc/4NvYY83+InznYYd9LRCJr/YQgp546dUixFI3riLyMp1dqonW0
 Z+PwYM7m6twGF5y03WyUJCjfdFptLGsaeiHwTK8S8uYxbsB1a/X76MKBYcu1ovFK
 voL3D4yWCACypQEUlLSC1LwTgA7mHruRLLO8FNkuIvchOyvB0ew3td1han7uo3Sm
 uP6ku9yHaaLziJIrqF4xzY5svYCNEGEch4vkgr7il5gzH68IbuJLCIjpVdYf0Hxn
 LguWAatKXyQSprmz/CZB
 =JKpk
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This contains a few small ASoC fixes (wm8903, wm5102, samsung-i2s,
  tegra, and soc-compress) and an endian fix for NI USB-audio devices,
  update for Mark's e-mail address.

  No scary changes, AFAIS."

* tag 'sound-3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  MAINTAINERS: Update e-mail address
  ASoC: wm5102: Correct lookup of arizona struct in SYSCLK event
  ASoC: wm8903: Fix the bypass to HP/LINEOUT when no DAC or ADC is running
  ALSA: usb-audio: fix endianness bug in snd_nativeinstruments_*
  ASoC: tegra: Don't claim to support PCM pause and resume
  ASoC: Samsung: set drvdata before adding secondary device
  ASoC: Samsung: return error if drvdata is not set
  ASoC: compress: Cancel delayed power down if needed
  ASoC: core: Fix to check return value of snd_soc_update_bits_locked()
2013-04-12 07:45:17 -07:00
Thomas Gleixner f2530dc71c kthread: Prevent unpark race which puts threads on the wrong cpu
The smpboot threads rely on the park/unpark mechanism which binds per
cpu threads on a particular core. Though the functionality is racy:

CPU0	       	 	CPU1  	     	    CPU2
unpark(T)				    wake_up_process(T)
  clear(SHOULD_PARK)	T runs
			leave parkme() due to !SHOULD_PARK  
  bind_to(CPU2)		BUG_ON(wrong CPU)						    

We cannot let the tasks move themself to the target CPU as one of
those tasks is actually the migration thread itself, which requires
that it starts running on the target cpu right away.

The solution to this problem is to prevent wakeups in park mode which
are not from unpark(). That way we can guarantee that the association
of the task to the target cpu is working correctly.

Add a new task state (TASK_PARKED) which prevents other wakeups and
use this state explicitly for the unpark wakeup.

Peter noticed: Also, since the task state is visible to userspace and
all the parked tasks are still in the PID space, its a good hint in ps
and friends that these tasks aren't really there for the moment.

The migration thread has another related issue.

CPU0	      	     	 CPU1
Bring up CPU2
create_thread(T)
park(T)
 wait_for_completion()
			 parkme()
			 complete()
sched_set_stop_task()
			 schedule(TASK_PARKED)

The sched_set_stop_task() call is issued while the task is on the
runqueue of CPU1 and that confuses the hell out of the stop_task class
on that cpu. So we need the same synchronizaion before
sched_set_stop_task().

Reported-by: Dave Jones <davej@redhat.com>
Reported-and-tested-by: Dave Hansen <dave@sr71.net>
Reported-and-tested-by: Borislav Petkov <bp@alien8.de>
Acked-by: Peter Ziljstra <peterz@infradead.org>
Cc: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Cc: dhillf@gmail.com
Cc: Ingo Molnar <mingo@kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.LFD.2.02.1304091635430.21884@ionos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2013-04-12 14:18:43 +02:00
Takashi Iwai c5a4698d1e MAINTAINERS: Update e-mail address
Update the e-mail address I use for subsystems.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZ+fmAAoJELSic+t+oim9YsIP/R8TPHWeUwB9j7IjX6KY9NEQ
 9RZyfsX/qyiO+ZVshuwLflTayevF+8f0nf0tzp5Yi9RP5R8obM/1xJx7cPe1IILD
 3y/uZTqrlJ+EfEdV+VnwnCPF5tI6JzhFDUQDa5TUjwEAldf2NADAV8reJyo6J7mn
 Ein+m5DziNGeANSYdBuihTU9rfaqFFdS8BKDUuvz9JOld/KqJRKBzFs2Q40qSNGj
 5QoO0o1gD1bCEzROwV7+Dv5HTYVOFO/H0/5MRRfGTvPLpgdLi/M3Th1s/FTr7eg+
 LhwiFsdMLzMu51UKctmJyiAPS6A9dxSZKv7UHKhlTUSZopd2Faxyx8iWqyoWyHrN
 hJVroLELYPKhMdg+q6Uqn5VGdgUkqgtCRrTPTy42GA56CLA0IxAG5YvDcV9YTPMs
 UtW95JZeORuZkAi4Q2PT5iooL4ya/MP9av/ea8RbJxhsqU4RKQK59UI1bxDfNO6l
 dHlx3jYYXOCNlhJXC4Zj0GcnDj9Edo40a/7rRSmSbBIazp0UnHXSAqMS31NRYW0D
 TDrTIbmOVVzJwcu+jv7mXF6loSCAEDgZi2obHX7dgYe4Rn/sO+rv9qNdLBs/mgeS
 E/hq9rBWZeqXVUgQXlLY5f5dV5JxKJDXrT0dzaktA3gtkhM7WERhxWriu9uOGbEt
 +0fTM34Fvf43+DLMKLbG
 =qSGU
 -----END PGP SIGNATURE-----

Merge tag 'asoc-maintainers-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

MAINTAINERS: Update e-mail address

Update the e-mail address I use for subsystems.
2013-04-12 13:53:35 +02:00
Christoph Fritz 0443de5fbf can: sja1000: fix handling on dt properties on little endian systems
To get correct endianes on little endian cpus (like arm) while reading device
tree properties, this patch replaces of_get_property() with
of_property_read_u32(). While there use of_property_read_bool() for the
handling of the boolean "nxp,no-comparator-bypass" property.

Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-04-12 13:03:01 +02:00
Mark Brown b02e48f2f8 MAINTAINERS: Update e-mail address
Update the e-mail address I use for subsystems.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2013-04-12 11:53:41 +01:00
Marc Kleine-Budde db388d6460 can: mcp251x: add missing IRQF_ONESHOT to request_threaded_irq
Since commit:

    1c6c695 genirq: Reject bogus threaded irq requests

threaded irqs must provide a primary handler or set the IRQF_ONESHOT flag.
Since the mcp251x driver doesn't make use of a primary handler set the
IRQF_ONESHOT flag.

Cc: linux-stable <stable@vger.kernel.org> # >= v3.5
Reported-by: Mylene Josserand <Mylene.Josserand@navocap.com>
Tested-by: Mylene Josserand <Mylene.Josserand@navocap.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-04-12 11:56:12 +02:00
Florian Westphal c2d421e171 netfilter: nf_nat: fix race when unloading protocol modules
following oops was reported:
RIP: 0010:[<ffffffffa03227f2>]  [<ffffffffa03227f2>] nf_nat_cleanup_conntrack+0x42/0x70 [nf_nat]
RSP: 0018:ffff880202c63d40  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801ac7bec28 RCX: ffff8801d0eedbe0
RDX: dead000000200200 RSI: 0000000000000011 RDI: ffffffffa03265b8
[..]
Call Trace:
 [..]
 [<ffffffffa02febed>] destroy_conntrack+0xbd/0x110 [nf_conntrack]

Happens when a conntrack timeout expires right after first part
of the nat cleanup has completed (bysrc hash removal), but before
part 2 has completed (re-initialization of nat area).

[ destroy callback tries to delete bysrc again ]

Patrick suggested to just remove the affected conntracks -- the
connections won't work properly anyway without nat transformation.

So, lets do that.

Reported-by: CAI Qian <caiqian@redhat.com>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-04-12 11:46:31 +02:00
Takashi Iwai 232a73dda2 ASoC: Updates for v3.9
A few updates, more than I'd like, fixing some relatively small issues
 but mostly driver specific ones.  Nothing wildly exciting so if it
 doesn't make v3.9 it won't be the end of the world but it'd be nice.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZuy1AAoJELSic+t+oim9OEEP/2gMv6Snvv64DE0QBpEiSuYw
 te8xwz87cQzQp5tqWqnmgtM6g5/zC2zLEybhgZM4PBr/ZFbK6v7Ezki19pE2KOzE
 FhgyeAnfmySkWBrMRHPy0uj5snh8oEdZov64JP2g4wSfoPaOTJKawAnXaJkqRxD9
 uHu37jtEfmdKJITvlKxoFieb9Q5fQc7upzINw4aOW6pr4yAYEAVp+lcSNr3aENKz
 C8ZrI8bbCgbfYHbmCF8j321f/QcFw9cHO8L+auLUpFF4vjn4HEZ4ArG0DxLU2iws
 0o2wj1Xn+nNSlF+fo7+VCtvPKEvBcxLfjoP1yc1RHmo2POzdysxte038thoFCJ3j
 pnIOoq8H6WZejGA6vSMc6nlWkEBjEtworOjaT8wHWSiEbcjCcbeRjzUEo+GU1pdr
 8xyr3bpisabgfJ5VbpJeUTIKMsScwCUbKA6eY3IDAmaUobpvsDVaW/01SdttylKn
 9urEUiWUGOZbW3T/MoeQGeWfyMbWjbr17HzPPn15nzuTFOk44ONP0oQXQe8TJuB+
 rNmV/+b2q4cnpnECG/eMH5fo4TZEp/7INHTFQtMg45ot6/VNMz9JLRm3ikru1+yF
 kuooaRAqA5c5zeavRCQV7yZL9idLEHjtLy8fY55r1FE0fRQZ5PksTCZcNFlrOajj
 DTRWhgFa7b7/c2Jm5W0e
 =W1XN
 -----END PGP SIGNATURE-----

Merge tag 'asoc-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v3.9

A few updates, more than I'd like, fixing some relatively small issues
but mostly driver specific ones.  Nothing wildly exciting so if it
doesn't make v3.9 it won't be the end of the world but it'd be nice.
2013-04-12 10:27:39 +02:00
Boris Ostrovsky 26564600c9 x86/mm: Flush lazy MMU when DEBUG_PAGEALLOC is set
When CONFIG_DEBUG_PAGEALLOC is set page table updates made by
kernel_map_pages() are not made visible (via TLB flush)
immediately if lazy MMU is on. In environments that support lazy
MMU (e.g. Xen) this may lead to fatal page faults, for example,
when zap_pte_range() needs to allocate pages in
__tlb_remove_page() -> tlb_next_batch().

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: konrad.wilk@oracle.com
Link: http://lkml.kernel.org/r/1365703192-2089-1-git-send-email-boris.ostrovsky@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-04-12 07:19:19 +02:00
Andrea Arcangeli 18699739b6 x86/mm/cpa/selftest: Fix false positive in CPA self test
If the pmd is not present, _PAGE_PSE will not be set anymore.
Fix the false positive.

Reported-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Stefan Bader <stefan.bader@canonical.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Borislav Petkov <bp@alien8.de>
Link: http://lkml.kernel.org/r/1365687369-30802-1-git-send-email-aarcange@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-04-12 06:39:20 +02:00
Wei Yongjun c481420248 perf: Fix error return code
Fix to return -ENOMEM in the allocation error case instead of 0
(if pmu_bus_running == 1), as done elsewhere in this function.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: a.p.zijlstra@chello.nl
Cc: paulus@samba.org
Cc: acme@ghostprotocols.net
Link: http://lkml.kernel.org/r/CAPgLHd8j_fWcgqe%3DKLWjpBj%2B%3Do0Pw6Z-SEq%3DNTPU08c2w1tngQ@mail.gmail.com
[ Tweaked the error code setting placement and the changelog. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-04-12 06:33:56 +02:00
Daniel Vetter 89ced12547 drm/fb-helper: Fix locking in drm_fb_helper_hotplug_event
Driver's and ->fill_modes functions are allowed to grab crtc mutexes
(for e.g. load detect). Hence we need to first only grab the general
kms mutex, and only in a second step grab all locks to do the
modesets.

This prevents a deadlock on my gm45 in the tv load detect code called
by drm_helper_probe_single_connector_modes.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-04-12 14:21:12 +10:00
Dave Airlie 1baee58638 udl: handle EDID failure properly.
Don't oops seems proper.

Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-04-12 14:20:38 +10:00
Linus Torvalds cfb63bafdb Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull slave-dmaengine fixes from Vinod Koul:
 "The first one fixes issue in pl330 to check for DT compatible and
  the second one fixes omap-dma to start without delay"

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: omap-dma: Start DMA without delay for cyclic channels
  DMA: PL330: Add check if device tree compatible
2013-04-11 20:35:11 -07:00
Linus Torvalds a3ab02b4c5 Power management fixes for 3.9-rc7
- System reboot/halt fix related to CPU offline ordering
   from Huacai Chen.
 
 - intel_pstate driver fix for a delay time computation error
   occasionally crashing systems using it from Dirk Brandewie.
 
 /
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZynOAAoJEKhOf7ml8uNsYWcQAIZIps7Ivn2+r3ENL+jhTohx
 ErEz/cu/YIS/TnDzO3GO+Yo9CcXjUebMWqefIC//YK/K+tNepVOLovthTGiA/X36
 23RDRrF1hqZlEgiEfFpuXiyq9u33CbUCYt75tsBXhxJkxeG7J7JfiG4AUh8dED4B
 nUCbQ4jWM7r9DYJFl2gjDkFt1SjG/UbxcN9Kua9v4zfJil9fKp9093HHYBHH3a2n
 zXlAE7CskXrNOepwp9Efzu5uPU3gbkIiQdKxvUs91remAcZ3fMsbz8CerZlgfy1S
 +3f4AuU9i2AXeYI5fanhLo6Mwm8jqBvZ8ZE4Fh/EuQs9eHk7VuRsy7n22zaVeU0A
 efaldd/pdP7KbSv5Wrs8adQr3GcRHkuHnMGhTlp41tfR8gJfpZUrK3/6h/jnIPRC
 1UnBAF4K67v85fBO6gnC8UhEp3MXXXZoPtPByGILxj34KVn+oHzrVgE+8+ugv7HM
 ZJ5jobYPWrxI2lZv5kuBdHCVg2TAC3YUz2aev8cEhIo4vdcIC2cofVDyAcN9ArqF
 aF6fcNr6Rgu/M6bB2bP/zbhmDApr8H8z952jss51gprJ+IiKNUh9daiFnYw+o391
 9VVTolC7k6P4pXTbtgqEFDLTJ0dKD8i/J4RLHwIsX7jzVgLctyqKZsNXskovjH4p
 jqIxu/1SPxR2dtBziUEH
 =bkFT
 -----END PGP SIGNATURE-----

Merge tag 'pm-3.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:

 - System reboot/halt fix related to CPU offline ordering from Huacai
   Chen.

 - intel_pstate driver fix for a delay time computation error
   occasionally crashing systems using it from Dirk Brandewie.

* tag 'pm-3.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM / reboot: call syscore_shutdown() after disable_nonboot_cpus()
  cpufreq / intel_pstate: Set timer timeout correctly
2013-04-11 20:33:38 -07:00
Linus Torvalds 89a132ac27 regmap: Back out work buffer fix
This reverts commit bc8ce4 (regmap: don't corrupt work buffer in
 _regmap_raw_write()) since it turns out that it can cause issues when
 taken in isolation from the other changes in -next that lead to its
 discovery.  On the basis that nobody noticed the problems for quite some
 time without that subsequent work let's drop it from v3.9.
 
 Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZW3YAAoJELSic+t+oim9WyMP/i+eAWFtliNe+SpnNY91lR46
 rBD+DgOjLLQVrsX4WVFptPVVczbIZNOtYwKgPm4xabGki7NxTGw+RX4wrDJBxXuq
 EM7YG/wIjPXRXzMA3P5hBZb7BjXVmdEk1t/rd/kFffuYPNy+M7SfusBMR8OsEPHa
 R0XEiUOSJTaYMX18zQR/+FjVTd7pOjGUAfUqJaW1s1Jpwb6bogeJwNl5D217HWMu
 8XaPqiYfleLiEP6bccQpuXuA2BDqhzrQXZgfXJ+RLn/recNxdA72MHqP3nXHroKn
 ccWNXA6imcgrtensEbARCeQmicYBKh/DbXtOICaNI3JEmm36ZeXxA4DsrJAYspwM
 5nURMLPj+SDcX2/G52RdwEUV9JomvaGP6uLvQASPtJMXxF6Wbj5te/9cQ/Glbw8j
 ax9c6QROEa2kSyinzTjandgwGbbf+VWGU+mNMQUrhU7R7pt2yLAIQqRkegIZcJlf
 aW2WiAbAbs9XGCCozfc8YXTss2vFb4Gw4MW+CHoa1XZqOtcik3BlUMevKrbk39+w
 U3NI3ZWw+WbgEQjYjbr3aLVY/2tJ15oVNdMYUUWuiyaZvKO9EG2J27ydcyZJwBgH
 QKAxZRnhyyy/gmAcrsEU2NcDQr3gqMVpNs6P/puyaLfMy7zyRCpfWEtsTWmgpPAr
 m2H1HvKdaCx8KW1YsmwY
 =ROA6
 -----END PGP SIGNATURE-----

Merge tag 'regmap-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

Pull regmap revert from Mark Brown:
 "regmap: Back out work buffer fix

  This reverts commit bc8ce4 (regmap: don't corrupt work buffer in
  _regmap_raw_write()) since it turns out that it can cause issues when
  taken in isolation from the other changes in -next that lead to its
  discovery.  On the basis that nobody noticed the problems for quite
  some time without that subsequent work let's drop it from v3.9."

* tag 'regmap-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
  regmap: Back out work buffer fix
2013-04-11 18:22:20 -07:00
Linus Torvalds ee8b890e1e Oneliner fix for the PCA 953x driver.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJRZu4hAAoJEEEQszewGV1zRs0QAL3uWWRTHwpn0WRVQ/K/gUe4
 nzpXbCm2HFe2HCF0fWedIhvIvYhI2A6AjjqUIn8oPZz/jX6Fhiz450U25aV3pnKS
 vpUJL+ipnOVfC702Zpfa3f0gzdPuV8ipTNeapMSubx0daUT8YXpO/RAgneDJ5B35
 2RMl3OWMzcT5zJK3xK8aPReOQsFnN+orOryW6afPjHawjX9HpbvAuzqtE0fY0aj+
 mKSdCCezbVW9hb5Ux861jY9vwCDBS2I4WrJnYqdhQ1qquLHSb+lbXb8RDuJnkb0T
 rhizXALnYjOVS9bSxi0bP4Uu1lcdCdyU8Sm+rJQOIitg/mW5sQldrRCKkQky9n73
 zVooaUnO2h0j9m1zQ7NtWc6vLGDzEZiTG15LQhsGkaSwOtJ6EHnw1MU2Qw3bEByW
 eWHoYAVp3XutE3qL7d/s2N/r0eMH98O4U2Y/UBupHWXJhXVyl+/SVuApVdddmVGq
 GhTLJHT5K60c4GPMNNhTVoSwOE1rRrF1TSC7LJPFSuGJ//pEl2/GdkUsNGjg7+4E
 THUJSnOJYAxRpGu3Iy0dlLQq6CSf+wVIcYATzEpH8U/0yNKvAxXMerh9eHBhDPJR
 anaQ0URKGRVn5IX5Dp6X3oUE13iD0xnbgYSrkv4Bg8G9Dnx5MZBEb6mtqm/DghkV
 IR4jdUOAWsP6tSuhaEYf
 =2CAA
 -----END PGP SIGNATURE-----

Merge tag 'gpio-fixes-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fix from Linus Walleij:
 "Oneliner fix for the PCA 953x driver."

* tag 'gpio-fixes-v3.9-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: pca953x: fix irq_domain_add_simple usage
2013-04-11 18:21:45 -07:00
Linus Torvalds ce6fbaf160 arm-soc: bug fixes for 3.9-rc6
Some important bug fixes that came in over the last 10 days,
 mostly mvebu and imx:
 
 - Multiple regressions on i.mx following the conversion of
   the clock code, hopefully the last we are seeing of those.
 - a regression in the mvebu irq handling code
 - An incorrect register offset in the rewritten s3c24xx irq code.
 - Two bugs in setting up the iomega_ix2_200 machine
 - Turning on an extra bus clock on imx
 - A MAINTAINERS file entry for Roland Stigge
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIVAwUAUWbTVmCrR//JCVInAQKnAA/6AnxY2FRgtR/XuDTBkaJ/VUObbYBbsnRW
 uvO9DRYzACIy9f4bAOtg8SIB29Zt/tqJCnqj6nG4tbTn3dqQZXSaKktwQB8e9Q3j
 +ttiq4an9CFfl4/9hxTfwadg1G9coUND1774Y4qv3csHYbyd5jBLLx7MEfevQ1ry
 lmzDIQRnf4j4tp3q1d2kZ3sh9O09f+V2Hxnle0JySOsXt3NrfMOQdR6PYt3ZbsyO
 mhuXLsSmHk/5J4rrZD6OuThlZzDEat22gjK/HbBTa/OyVqdYyHMsOWf4O2HR0MGs
 FBqg2dcTap8s/lHQ0jId0Zvt31e4OgLs00ehD7V2ZYeQjG/d2PYrvDaGuFY6kIir
 eNUhAozWTF5FmOe/LJ46waUC7HoYsHqrSkFWcvGWLjLXvQT6G5jie5/lpp9yfq4G
 Ou2RTG+tJ+jiPnsk7E3+Z4/YQXyDhIxvo94xF+kSR3zWgJIKjFjgQ41pSql97tMa
 5AQ7eJgWsmPfsVvIIxnRYAMV3/4jfJq2gM4BviA6OjZ8nHUWNXukLIHPtcADCYYQ
 J0jSbFBX7qCd6UtDDo9t/YvAcLM34FUFsqGP4BjBLZe4XAkI6aVkz6jAE5amEUVm
 1HgTfE5U1QI5u0TgXbaEYii6lbgcLM9Lsdl0wFsXjvXI9rdIfzJYByeV4Mx5J1dB
 V4D42xojJWE=
 =J404
 -----END PGP SIGNATURE-----

Merge tag 'arm-soc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC bug fixes from Arnd Bergmann:
 "A little later during the week than the last few pull requests, since
  there was very little that came in before 3.9-rc6.  At least things
  have calmed down again here.

  Some important bug fixes that came in over the last 10 days, mostly
  mvebu and imx:

   - Multiple regressions on i.mx following the conversion of the clock
     code, hopefully the last we are seeing of those.
   - a regression in the mvebu irq handling code
   - An incorrect register offset in the rewritten s3c24xx irq code.
   - Two bugs in setting up the iomega_ix2_200 machine
   - Turning on an extra bus clock on imx
   - A MAINTAINERS file entry for Roland Stigge"

* tag 'arm-soc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  arm: mvebu: Fix the irq map function in SMP mode
  Fix GE0/GE1 init on ix2-200 as GE0 has no PHY
  ARM: S3C24XX: Fix interrupt pending register offset of the EINT controller
  ARM: S3C24XX: Correct NR_IRQS definition for s3c2440
  ARM i.MX6: Fix ldb_di clock selection
  ARM: imx: provide twd clock lookup from device tree
  ARM: imx35 Bugfix admux clock
  ARM: clk-imx35: Bugfix iomux clock
  ARM: mxs: Slow down the I2C clock speed
  MAINTAINERS: Add maintainer for LPC32xx
  ARM: Kirkwood: Fix typo in the definition of ix2-200 rebuild LED
2013-04-11 18:20:31 -07:00
Thomas Graf 50bceae9bd tcp: Reallocate headroom if it would overflow csum_start
If a TCP retransmission gets partially ACKed and collapsed multiple
times it is possible for the headroom to grow beyond 64K which will
overflow the 16bit skb->csum_start which is based on the start of
the headroom. It has been observed rarely in the wild with IPoIB due
to the 64K MTU.

Verify if the acking and collapsing resulted in a headroom exceeding
what csum_start can cover and reallocate the headroom if so.

A big thank you to Jim Foraker <foraker1@llnl.gov> and the team at
LLNL for helping out with the investigation and testing.

Reported-by: Jim Foraker <foraker1@llnl.gov>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-11 18:12:41 -04:00
Wei Yongjun 5a25bf36b7 [SCSI] lpfc: fix potential NULL pointer dereference in lpfc_sli4_rq_put()
The dereference to 'put_index' should be moved below the NULL test.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: James Smart <james.smart@emulex.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-04-11 14:17:15 -07:00
Christian Ruppert 7078b98422 stmmac: prevent interrupt loop with MMC RX IPC Counter
If the DesignWare MAC is synthesised with MMC RX IPC Counter, an unmanaged
and unacknowledged interrupt is generated after some time of operation.

This patch masks the undesired interrupts.

Signed-off-by: Christian Ruppert <christian.ruppert@abilis.com>
Acked-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-11 16:03:22 -04:00
nikolay@redhat.com b6a5a7b9a5 bonding: IFF_BONDING is not stripped on enslave failure
While enslaving a new device and after IFF_BONDING flag is set, in case
of failure it is not stripped from the device's priv_flags while
cleaning up, which could lead to other problems.
Cleaning at err_close because the flag is set after dev_open().

v2: no change

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-11 16:01:47 -04:00
nikolay@redhat.com 6101391d4a bonding: fix netdev event NULL pointer dereference
In commit 471cb5a33d ("bonding: remove
usage of dev->master") a bug was introduced which causes a NULL pointer
dereference. If a bond device is in mode 6 (ALB) and a slave is added
it will dereference a NULL pointer in bond_slave_netdev_event().
This is because in bond_enslave we have bond_alb_init_slave() which
changes the MAC address of the slave and causes a NETDEV_CHANGEADDR.
Then we have in bond_slave_netdev_event():
        struct slave *slave = bond_slave_get_rtnl(slave_dev);
        struct bonding *bond = slave->bond;
bond_slave_get_rtnl() dereferences slave_dev->rx_handler_data which at
that time is NULL since netdev_rx_handler_register() is called later.

This is fixed by checking if slave is NULL before dereferencing it.

v2: Comment style changed.

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-11 16:01:47 -04:00
Dmitry Popov d66954a066 tcp: incoming connections might use wrong route under synflood
There is a bug in cookie_v4_check (net/ipv4/syncookies.c):
	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
			   inet_sk_flowi_flags(sk),
			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
			   ireq->loc_addr, th->source, th->dest);

Here we do not respect sk->sk_bound_dev_if, therefore wrong dst_entry may be
taken. This dst_entry is used by new socket (get_cookie_sock ->
tcp_v4_syn_recv_sock), so its packets may take the wrong path.

Signed-off-by: Dmitry Popov <dp@highloadlab.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-11 16:01:46 -04:00
Alexandre Belloni e7a7f972f9 gpio: pca953x: fix irq_domain_add_simple usage
We actually have to pass chip as the host_data parameter of
irq_domain_add_simple() as later on, it is used to initialize chip_data
in pca953x_gpio_irq_map(). Failing to do so is leading to a NULL pointer
dereference after calling irq_data_get_irq_chip_data() in
pca953x_irq_mask(), pca953x_irq_unmask(), pca953x_irq_bus_lock(),
pca953x_irq_bus_sync_unlock() and pca953x_irq_set_type().

Fixes regression introduced by commit
0e8f2fdacf (gpio: pca953x: use simple
irqdomain)

Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2013-04-11 19:01:19 +02:00
Mark Brown ca62bed0bb Merge remote-tracking branch 'asoc/fix/wm8903' into tmp 2013-04-11 18:00:31 +01:00
Mark Brown f255e71f3d Merge remote-tracking branch 'asoc/fix/tegra' into tmp 2013-04-11 18:00:30 +01:00
Mark Brown 027d210f24 Merge remote-tracking branch 'asoc/fix/samsung' into tmp 2013-04-11 18:00:29 +01:00
Mark Brown cbf9c5ae32 Merge remote-tracking branch 'asoc/fix/core' into tmp 2013-04-11 18:00:28 +01:00
Mark Brown ee3aee6a3b Merge remote-tracking branch 'asoc/fix/compress' into tmp 2013-04-11 18:00:27 +01:00
Arnd Bergmann 71bd98aff0 mvebu fixes for v3.9 round 3
- Kirkwood
     - a couple of small fixes for the Iomega ix2-200 board (ether and led)
  - mvebu
     - allow GPIO button to work on Mirabox when running SMP
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQEcBAABAgAGBQJRZZxwAAoJEAi3KVZQDZAerwcIAKR1xRKuagtXvfij+xfVVRQ6
 1G645hTIthFXmNiEeo3Y/mswHhVooZvu8SWh3o3J2Wsbnzeh+ch6jTsl+g6Tnb3E
 KmRFU0mcalRmsyYsh4PH9nDi8/oWyP+i3ZytgfcMlsSPNiE+Ek35NdTTWMLCTT8V
 MkGysVc8MWoOmMf47mNboy5UUUTXRdnSUJSjv1ubrsTK33LT7Ii9Ce+eoNvpvF+5
 +6RenfRMzRSwkZf9AaCRPAhXISQKbMAwz6lKGo2GGAW+73Z+JclXXmiCfQ8pWie2
 pfyqiEYigZFqe6Ly5BUtGoVfDjmOLDs+ATTUDOlOj0uaEc7pOwwKoAtpVRdck24=
 =yK1f
 -----END PGP SIGNATURE-----

Merge tag 'mvebu_fixes_for_v3.9_round3' of git://git.infradead.org/users/jcooper/linux into fixes

From Jason Cooper <jason@lakedaemon.net>:

mvebu fixes for v3.9 round 3

 - Kirkwood
    - a couple of small fixes for the Iomega ix2-200 board (ether and led)
 - mvebu
    - allow GPIO button to work on Mirabox when running SMP

* tag 'mvebu_fixes_for_v3.9_round3' of git://git.infradead.org/users/jcooper/linux:
  arm: mvebu: Fix the irq map function in SMP mode
  Fix GE0/GE1 init on ix2-200 as GE0 has no PHY
  ARM: Kirkwood: Fix typo in the definition of ix2-200 rebuild LED

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2013-04-11 16:55:29 +02:00
Richard Weinberger 7791c8423f x86,efi: Check max_size only if it is non-zero.
Some EFI implementations return always a MaximumVariableSize of 0,
check against max_size only if it is non-zero.
My Intel DQ67SW desktop board has such an implementation.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
2013-04-11 15:45:52 +01:00
Scott Wood 4d2be6f7c7 kvm/ppc/e500: eliminate tlb_refs
Commit 523f0e5421 ("KVM: PPC: E500:
Explicitly mark shadow maps invalid") began using E500_TLB_VALID
for guest TLB1 entries, and skipping invalidations if it's not set.

However, when E500_TLB_VALID was set for such entries, it was on a
fake local ref, and so the invalidations never happen.  gtlb_privs
is documented as being only for guest TLB0, though we already violate
that with E500_TLB_BITMAP.

Now that we have MMU notifiers, and thus don't need to actually
retain a reference to the mapped pages, get rid of tlb_refs, and
use gtlb_privs for E500_TLB_VALID in TLB1.

Since we can have more than one host TLB entry for a given tlbe_ref,
be careful not to clear existing flags that are relevant to other
host TLB entries when preparing a new host TLB entry.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-04-11 15:53:43 +02:00
Scott Wood 66a5fecdcc kvm/ppc/e500: g2h_tlb1_map: clear old bit before setting new bit
It's possible that we're using the same host TLB1 slot to map (a
presumably different portion of) the same guest TLB1 entry.  Clear
the bit in the map before setting it, so that if the esels are the same
the bit will remain set.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-04-11 15:53:38 +02:00