If kmsg->msg_namelen > sizeof(struct sockaddr_storage) then in the
original code that would lead to memory corruption in the kernel if you
had audit configured. If you didn't have audit configured it was
harmless.
There are some programs such as beta versions of Ruby which use too
large of a buffer and returning an error code breaks them. We should
clamp the ->msg_namelen value instead.
Fixes: 1661bf364a ("net: heap overflow in __audit_sockaddr()")
Reported-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Eric Wong <normalperson@yhbt.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently we're using plain spin_lock() in prb_shutdown_retire_blk_timer(),
however the timer might fire right in the middle and thus try to re-aquire
the same spinlock, leaving us in a endless loop.
To fix that, use the spin_lock_bh() to block it.
Fixes: f6fb8f100b ("af-packet: TPACKET_V3 flexible buffer implementation.")
CC: "David S. Miller" <davem@davemloft.net>
CC: Daniel Borkmann <dborkman@redhat.com>
CC: Willem de Bruijn <willemb@google.com>
CC: Phil Sutter <phil@nwl.cc>
CC: Eric Dumazet <edumazet@google.com>
Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently macvlan will count received packets after calling each
vlans receive handler. Macvtap attempts to count the packet
yet again when the user reads the packet from the tap socket.
This code doesn't do this consistently either. Remove the
counting from macvtap and let only macvlan count received
packets.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Remove preempt_count modifications in the arm64 IRQ handling code
since that's already dealt with in generic irq_enter/irq_exit
- PTE_PROT_NONE bit moved higher up to avoid overlapping with the
hardware bits (for PROT_NONE mappings which are pte_present)
- Big-endian fixes for ptrace support
- Asynchronous aborts unmasking while in the kernel
- pgprot_writecombine() change to create Normal NonCacheable memory
rather than Device GRE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAABAgAGBQJSmM3cAAoJEGvWsS0AyF7xNGAP/RjRS8gnNPRpM9EB/ZsLM9M3
iNQVaPHJcXaeWXJHVjaHdFi1CQ9n/07EtHyRGjzwXqwm+e/2qjvZ3XqAKJbARu7G
vdHnq0Ng7Gde3DQ4ZomH/YvUCdO+r7/ZWCXhGDDKPyEu9q/3sTLp9z7x+Vp8LjdX
610v3zNY4pLvhEB4DXXjP4hUmjxUyhlOBW/kieL0CZ3BQBzB1xWd1iztRCaXpVzc
czf+JuNHLAyTlVUg2T4JxZYAimO4wc1OnyFHkabWLecEcAmj6CzuVQNi+U+G9ooE
HeTCn61Szc+M5Zta53yHqh86f5KFDlAy/YdCEovs/1dPuCTGzB29CD96LNZme00/
y8FXj7NQXyOqDqH31CxiFrH+Us/1HOw/cM3qOgogHSOwvuitI8g6dVdszrngfdcy
pSviJ4xa9mDwqnfKYWlpA2fx4TKzX0rZLniy7Jk4K1SY71W9eax0uCKj0BcyBscg
Jn+npLVIdcwAi53BpzgwvZnAnvFqDoTQ3bGEyM3ReSkbC2LFgBwjXlSJgDaazuOa
vfNaZxHgul5QL0oUVoD+dPzBTEwK4omU29Mt16DJP2eiFZ829qqTwij2auPEOkjq
jX6G6z0f0tGRQhKWPpLq+VLcW7mu2SBvsUYe4TCValyOv/+tH4r7m65XZ9Yec70n
LvFEHHqe506c95M3FUny
=nfKM
-----END PGP SIGNATURE-----
Merge tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64
Pull ARM64 fixes from Catalin Marinas:
- Remove preempt_count modifications in the arm64 IRQ handling code
since that's already dealt with in generic irq_enter/irq_exit
- PTE_PROT_NONE bit moved higher up to avoid overlapping with the
hardware bits (for PROT_NONE mappings which are pte_present)
- Big-endian fixes for ptrace support
- Asynchronous aborts unmasking while in the kernel
- pgprot_writecombine() change to create Normal NonCacheable memory
rather than Device GRE
* tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: Move PTE_PROT_NONE higher up
arm64: Use Normal NonCacheable memory for writecombine
arm64: debug: make aarch32 bkpt checking endian clean
arm64: ptrace: fix compat registes get/set to be endian clean
arm64: Unmask asynchronous aborts when in kernel mode
arm64: dts: Reserve the memory used for secondary CPU release address
arm64: let the core code deal with preempt_count
Pull s390 updates from Martin Schwidefsky:
"One performance improvement and a few bug fixes. Two of the fixes
deal with the clock related problems we have seen on recent kernels"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/mm: handle asce-type exceptions as normal page fault
s390,time: revert direct ktime path for s390 clockevent device
s390/time,vdso: convert to the new update_vsyscall interface
s390/uaccess: add missing page table walk range check
s390/mm: optimize copy_page
s390/dasd: validate request size before building CCW/TCW request
s390/signal: always restore saved runtime instrumentation psw bit
Pull i2c fixes from Wolfram Sang:
"Some easy but needed fixes for i2c drivers since rc1"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: bcm2835: Linking platform nodes to adapter nodes
i2c: omap: raw read and write endian fix
i2c: i2c-bcm-kona: Fix module build
i2c: i2c-diolan-u2c: different usb endpoints for DLN-2-U2C
i2c: bcm-kona: remove duplicated include
i2c: davinci: raw read and write endian fix
Pull workqueue fixes from Tejun Heo:
"This contains one important fix. The NUMA support added a while back
broke ordering guarantees on ordered workqueues. It was enforced by
having single frontend interface with @max_active == 1 but the NUMA
support puts multiple interfaces on unbound workqueues on NUMA
machines thus breaking the ordered guarantee. This is fixed by
disabling NUMA support on ordered workqueues.
The above and a couple other patches were sitting in for-3.12-fixes
but I forgot to push that out, so they ended up waiting a bit too
long. My aplogies.
Other fixes are minor"
* 'for-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: fix pool ID allocation leakage and remove BUILD_BUG_ON() in init_workqueues
workqueue: fix comment typo for __queue_work()
workqueue: fix ordered workqueues in NUMA setups
workqueue: swap set_cpus_allowed_ptr() and PF_NO_SETAFFINITY
Pull libata fixes from Tejun Heo:
"libata device removal path was removing parent device node before its
child, which is mostly harmless but triggers warning after recent
sysfs changes. Rafael's patch fixes the order.
Other than that, minor controller-specific fixes and device ID
additions"
* 'for-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ATA: Fix port removal ordering
ahci: add Marvell 9230 to the AHCI PCI device list
ata: fix acpi_bus_get_device() return value check
pata_arasan_cf: add missing clk_disable_unprepare() on error path
ahci: add support for IBM Akebono platform device
Pull cgroup fixes from Tejun Heo:
"Fixes for three issues.
- cgroup destruction path could swamp system_wq possibly leading to
deadlock. This actually seems to happen in the wild with memcg
because memcg destruction path adds nested dependency on system_wq.
Resolved by isolating cgroup destruction work items on its
dedicated workqueue.
- Possible locking context deadlock through seqcount reported by
lockdep
- Memory leak under certain conditions"
* 'for-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: fix cgroup_subsys_state leak for seq_files
cpuset: Fix memory allocator deadlock
cgroup: use a dedicated workqueue for cgroup destruction
Quite a few HD-Audio fixes, a WUSB audio fix and a fix for FireWire
audio. The HD-audio part contains a couple of fixes for the generic
parser, and these are the only intrusive fixes. The rest are mostly
device-specific fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJSmD+zAAoJEGwxgFQ9KSmkKHkQAKmA4jYFTmKaUVhP9k6yRetu
yNUkfwoFAuPXAAnp4XkLqiqvhFdkpAiblSvBeasUs8HeSMulg5Pk9810YQa5ZaJH
3tq//72U0/es5cOjJnIKvnebblPDhQfms/HzLVG7yI37NcfGjfLvriUXjIA+648I
/P8K+nZyX4nVuzvct5JqpM77D6gYtnUBWn8Cofcx/ZXJ/aurDH2AlhgR4i3BhZPl
ge+0W8/65Be1Tx1Z4NSJ68xEybxM1kO+GDRDfxcaLFYb9D7pumcgdQXvol5QFhGO
K01cD2sOf+ajW0YVsHIMaWuCtCSDuX4iwG6WvpINqf6xSkv9DhqPoWnDJbuAM+xs
aYeER6kqXssYCZoHrYngTxs1hibJHGKNu73UPka4tnIDmKUB7AaDbcQ6urWzhrod
ynr8NNp1K/y7rAPt+Yjt4RjcmvEO7T3HBTZLf7lRVwtb/Llzy1Fm2fug+uaDPefx
FGRO3mFB99PwpE8wVIOKvPQYcmpgh6ZjibC56Qv+Z0FTEGJR7zTolWwYvwNMeT8d
8R5yvVGdXqA1kyfE41Ls9/drk1eYF86rDUaEPUEDo2rl492rtO9oYsCpeem4YSgA
fqX5bFBNvBHwOUDvcV8M/DedrWKCYK131EFyXmMeFMjbBiSDyghYrp0JClJqwNLG
ek+GzsFaxP0cU1C1DZpH
=emn+
-----END PGP SIGNATURE-----
Merge tag 'sound-3.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Quite a few HD-Audio fixes, a WUSB audio fix and a fix for FireWire
audio. The HD-audio part contains a couple of fixes for the generic
parser, and these are the only intrusive fixes. The rest are mostly
device-specific fixes"
* tag 'sound-3.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Add LFE chmap to ASUS ET2700
ALSA: hda - Initialize missing bass speaker pin for ASUS AIO ET2700
ALSA: hda - limit mic boost on Asus UX31[A,E]
ALSA: hda - Check leaf nodes to find aamix amps
ALSA: hda - Fix hp-mic mode without VREF bits
ALSA: hda - Create Headhpone Mic Jack Mode when really needed
ALSA: usb: use multiple packets per urb for Wireless USB inbound audio
ALSA: hda - Enable mute/mic-mute LEDs for more Thinkpads with Conexant codec
ALSA: hda - Drop bus->avoid_link_reset flag
ALSA: hda/realtek - Set pcbeep amp for ALC668
ALSA: hda/realtek - Add support of ALC231 codec
ALSA: firewire-lib: fix wrong value for FDF field as an empty packet
Pull vfs dentry reference count fix from Al Viro.
This fixes a possible inode_permission NULL pointer dereference (and
other problems) that were due to the root dentry count being decremented
too much. In commit 48a066e72d ("RCU'd vfsmounts") the placement of
clearing the LOOKUP_RCU bit changed, and we then returned failure of
incrementing the lockref on the parent dentry with LOOKUP_RCU cleared.
But that meant we needed to go through the same cleanup routines that
the later failures did wrt LOOKUP_ROOT and nd->root.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix bogus path_put() of nd->root after some unlazy_walk() failures
Pull drm qxl leak fix from Dave Airlie:
"As usual 5 mins after I send a trivial pull fix I find a real bug!
This fixes a memory leak and I'd like to get it into stable queue
asap"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/qxl: fix memory leak in release list handling
PTE_PROT_NONE means that a pte is present but does not have any
read/write attributes. However, setting the memory type like
pgprot_writecombine() is allowed and such bits overlap with
PTE_PROT_NONE. This causes mmap/munmap issues in drivers that change the
vma->vm_pg_prot on PROT_NONE mappings.
This patch reverts the PTE_FILE/PTE_PROT_NONE shift in commit
59911ca432 (ARM64: mm: Move PTE_PROT_NONE bit) and moves PTE_PROT_NONE
together with the other software bits.
Signed-off-by: Steve Capper <steve.capper@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Steve Capper <steve.capper@linaro.org>
Cc: <stable@vger.kernel.org> # 3.11+
The recent kernels got regressions on ASUS W7J with ALC660 codec where
no sound comes out. After a long debugging session, we found out that
setting the pin control on the unused NID 0x10 is mandatory for the
outputs. And, it was found out that another magic of NID 0x0f that is
required for other ASUS laptops isn't needed on this machine.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=66081
Reported-and-tested-by: Andrey Lipaev <lipaev@mail.ru>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_soc_bytes_put treats the data in the binary control as big endian
words, however snd_soc_bytes_get uses the endian of the host machine.
This causes the two functions to be inconsistant with how the mask is
applied on little endian machines.
This patch applies the big_endian format used in snd_soc_bytes_put to
snd_soc_bytes_get.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
This provides better performance compared to Device GRE and also allows
unaligned accesses. Such memory is intended to be used with standard RAM
(e.g. framebuffers) and not I/O.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
If CONFIG_NO_HZ=n tick_nohz_get_sleep_length() returns NSEC_PER_SEC/HZ.
If CONFIG_NO_HZ=y and the nohz functionality is disabled via the
command line option "nohz=off" or not enabled due to missing hardware
support, then tick_nohz_get_sleep_length() returns 0. That happens
because ts->sleep_length is never set in that case.
Set it to NSEC_PER_SEC/HZ when the NOHZ mode is inactive.
Reported-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Pstore fs expects that backends provide a unique id which could avoid
pstore making entries as duplication or denominating entries the same
name. So I combine the timestamp, part and count into id.
Signed-off-by: Madper Xie <cxie@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: stable@vger.kernel.org
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
The array limits are supposed to be in units of u32 instead of in bytes.
The current code has a potential array overflow.
Fixes: c614475b0e ('ALSA: dice: add a proc file to show device information')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This machine also has mono output if run through DAC node 0x03.
Cc: stable@vger.kernel.org (v3.10+)
BugLink: https://bugs.launchpad.net/bugs/1256212
Tested-by: David Chen <david.chen@canonical.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Failure to grab reference to parent dentry should go through the
same cleanup as nd->seq mismatch. As it is, we might end up with
caller thinking it needs to path_put() nd->root, with obvious
nasty results once we'd hit that bug enough times to drive the
refcount of root dentry all the way to zero...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Some host adapters do not pass commands through to the target disk
directly. Instead they provide an emulated target which may or may not
accurately report its capabilities. In some cases the physical device
characteristics are reported even when the host adapter is processing
commands on the device's behalf. This can lead to adapter firmware hangs
or excessive I/O errors.
This patch disables WRITE SAME for devices connected to host adapters
that provide an emulated target. Driver writers can disable WRITE SAME
by setting the no_write_same flag in the host adapter template.
[jejb: fix up rejections due to eh_deadline patch]
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
The recent be2net commit 6384a4d (adds a support for busy polling)
introduces a regression that results in kernel crash. It incorrectly
modified be_close() so napi_disable() is called only for the first queue.
This breaks a correct pairing of napi_enable/_disable for the rest
of event queues and causes a crash in subsequent be_open() call.
v2: Applied suggestions from Sathya
Fixes: 6384a4d ("be2net: add support for ndo_busy_poll")
Cc: Sathya Perla <sathya.perla@emulex.com>
Cc: Subbu Seetharaman <subbu.seetharaman@emulex.com>
Cc: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 55485e7b41.
I applied the wrong version of this patch, the right one is coming up
next.
Signed-off-by: David S. Miller <davem@davemloft.net>
The recent be2net commit 6384a4d (adds a support for busy polling)
introduces a regression that results in kernel crash. It incorrectly
modified be_close() so napi_disable() is called only for the first queue.
This breaks a correct pairing of napi_enable/_disable for the rest
of event queues and causes a crash in subsequent be_open() call.
Cc: Sathya Perla <sathya.perla@emulex.com>
Cc: Subbu Seetharaman <subbu.seetharaman@emulex.com>
Cc: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
since f9242b6b28
inet: Sanitize inet{,6} protocol demux.
there are not pretended hash tables for ipv4 or
ipv6 protocol handler.
Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2fdac010bd ("via-velocity.c: update napi
implementation") overlooked an irq disabling spinlock when the Rx part
of the NAPI poll handler was converted from netif_rx to netif_receive_skb.
NAPI Rx processing can be taken out of the locked section with a pair of
napi_{disable / enable} since it only races with the MTU change function.
An heavier rework of the NAPI locking would be able to perform NAPI Tx
before Rx where I simply removed one of velocity_tx_srv calls.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1022733
Fixes: 2fdac010bd (via-velocity.c: update napi implementation)
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Alex A. Schmidt <aaschmidt1@gmail.com>
Cc: Jamie Heilman <jamie@audible.transient.net>
Cc: Michele Baldessari <michele@acksyn.org>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Marc Kleine-Budde says:
====================
here's a pull request for v3.13, i.e. net/master. It consists of a patch by
Oliver Hartkopp which fixes some corner cases in the interrupt handler of the
sja1000 driver. Then there are two patches for the c_can dirver. One by me,
which fixes a runtime pm related "scheduling while atomic" error and patch by
Holger Bechtold that fixes the calculation of the transmitted bytes.
The fourth patch is by me, it corrects the clock usage in the flexcan
driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
We are now using csum_ipv6_magic, include the appropriate header.
Avoids the following error:
drivers/net/xen-netback/netback.c:1313:4: error: implicit declaration of function 'csum_ipv6_magic' [-Werror=implicit-function-declaration]
tcph->check = ~csum_ipv6_magic(&ipv6h->saddr,
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In failure case, we should use kfree_skb not
dev_kfree_skb to free skbuff, dev_kfree_skb
is defined as consume_skb.
Trace takes advantage of this point.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
After commit 8ffab51b3d
(macvlan: lockless tx path), tx stat counter were converted to percpu stat
structure. So we need use to this also for tx_dropped in macvtap. Otherwise, the
management won't notice the dropping packet in macvtap tx path.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Vlad Yasevich <vyasevic@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently retransmitted DATA chunks could also be used for
RTT measurements since there are no flag to identify whether
the transmitted DATA chunk is a new one or a retransmitted one.
This problem is introduced by commit ae19c5486 ("sctp: remove
'resent' bit from the chunk") which inappropriately removed the
'resent' bit completely, instead of doing this, we should set
the resent bit only for the retransmitted DATA chunks.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The pmcraid driver is abusing the genetlink API and is using its
family ID as the multicast group ID, which is invalid and may
belong to somebody else (and likely will.)
Make it use the correct API, but since this may already be used
as-is by userspace, reserve a family ID for this code and also
reserve that group ID to not break userspace assumptions.
My previous patch broke event delivery in the driver as I missed
that it wasn't using the right API and forgot to update it later
in my series.
While changing this, I noticed that the genetlink code could use
the static group ID instead of a strcmp(), so also do that for
the VFS_DQUOT family.
Cc: Anil Ravindranath <anil_ravindranath@pmc-sierra.com>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netlink/genetlink.c: In function ‘genl_validate_assign_mc_groups’:
net/netlink/genetlink.c:217: warning: ‘err’ may be used uninitialized in this
function
Commit 2a94fe48f3 ("genetlink: make multicast
groups const, prevent abuse") split genl_register_mc_group() in multiple
functions, but dropped the initialization of err.
Initialize err to zero to fix this.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use new hwmon API to simplify code, provide missing mandatory 'name'
sysfs attribute, and attach hwmon attributes to hwmon device instead
of pci device.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Because the ARP monitoring is not support for 802.3ad, but I still
could change the mode to 802.3ad from ab mode while ARP monitoring
is running, it is incorrect.
So add a check for 802.3ad in bonding_store_mode to fix the problem,
and make a new macro BOND_NO_USES_ARP() to simplify the code.
v2: according to the Dan Williams's suggestion, bond mode is the most
important bond option, it should override any of the other sub-options.
So when the mode is changed, the conficting values should be cleared
or reset, otherwise the user has to duplicate more operations to modify
the logic. I disable the arp and enable mii monitoring when the bond mode
is changed to AB, TB and 8023AD if the arp interval is true.
v3: according to the Nik's suggestion, the default value of miimon should need
a name, there is several place to use it, and the bond_store_arp_interval()
could use micro BOND_NO_USES_ARP to make the code more simpify.
Suggested-by: Dan Williams <dcbw@redhat.com>
Suggested-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The first netlink attribute (value 0) must always be defined as none/unspec.
This is correctly done in inet_diag.h, but other diag interfaces are wrong.
Because we cannot change an existing API, I add a comment to point the mistake
and avoid to propagate it in a new diag API in the future.
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
wow no idea how I got this far without seeing this,
leaking the entries in the list makes kmalloc-64 slab grow.
References: https://bugzilla.kernel.org/show_bug.cgi?id=65121
Cc: stable@vger.kernel.org
Reported-by: Matthew Stapleton <matthew4196@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave reported seeing the following incorrect output on his Thinkpad T420
when using earlyprintk=efi,
[ 0.000000] efi: EFI v2.00 by Lenovo
ACPI=0xdabfe000 ACPI 2.0=0xdabfe014 SMBIOS=0xdaa9e000
The output should be on one line, not split over two. The cause is an
off-by-one error when checking that the efi_y coordinate hasn't been
incremented out of bounds.
Reported-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Currently, when mounting pstore file system, a read callback of
efi_pstore driver runs mutiple times as below.
- In the first read callback, scan efivar_sysfs_list from head and pass
a kmsg buffer of a entry to an upper pstore layer.
- In the second read callback, rescan efivar_sysfs_list from the entry
and pass another kmsg buffer to it.
- Repeat the scan and pass until the end of efivar_sysfs_list.
In this process, an entry is read across the multiple read function
calls. To avoid race between the read and erasion, the whole process
above is protected by a spinlock, holding in open() and releasing in
close().
At the same time, kmemdup() is called to pass the buffer to pstore
filesystem during it. And then, it causes a following lockdep warning.
To make the dynamic memory allocation runnable without taking spinlock,
holding off a deletion of sysfs entry if it happens while scanning it
via efi_pstore, and deleting it after the scan is completed.
To implement it, this patch introduces two flags, scanning and deleting,
to efivar_entry.
On the code basis, it seems that all the scanning and deleting logic is
not needed because __efivars->lock are not dropped when reading from the
EFI variable store.
But, the scanning and deleting logic is still needed because an
efi-pstore and a pstore filesystem works as follows.
In case an entry(A) is found, the pointer is saved to psi->data. And
efi_pstore_read() passes the entry(A) to a pstore filesystem by
releasing __efivars->lock.
And then, the pstore filesystem calls efi_pstore_read() again and the
same entry(A), which is saved to psi->data, is used for resuming to scan
a sysfs-list.
So, to protect the entry(A), the logic is needed.
[ 1.143710] ------------[ cut here ]------------
[ 1.144058] WARNING: CPU: 1 PID: 1 at kernel/lockdep.c:2740 lockdep_trace_alloc+0x104/0x110()
[ 1.144058] DEBUG_LOCKS_WARN_ON(irqs_disabled_flags(flags))
[ 1.144058] Modules linked in:
[ 1.144058] CPU: 1 PID: 1 Comm: systemd Not tainted 3.11.0-rc5 #2
[ 1.144058] 0000000000000009 ffff8800797e9ae0 ffffffff816614a5 ffff8800797e9b28
[ 1.144058] ffff8800797e9b18 ffffffff8105510d 0000000000000080 0000000000000046
[ 1.144058] 00000000000000d0 00000000000003af ffffffff81ccd0c0 ffff8800797e9b78
[ 1.144058] Call Trace:
[ 1.144058] [<ffffffff816614a5>] dump_stack+0x54/0x74
[ 1.144058] [<ffffffff8105510d>] warn_slowpath_common+0x7d/0xa0
[ 1.144058] [<ffffffff8105517c>] warn_slowpath_fmt+0x4c/0x50
[ 1.144058] [<ffffffff8131290f>] ? vsscanf+0x57f/0x7b0
[ 1.144058] [<ffffffff810bbd74>] lockdep_trace_alloc+0x104/0x110
[ 1.144058] [<ffffffff81192da0>] __kmalloc_track_caller+0x50/0x280
[ 1.144058] [<ffffffff815147bb>] ? efi_pstore_read_func.part.1+0x12b/0x170
[ 1.144058] [<ffffffff8115b260>] kmemdup+0x20/0x50
[ 1.144058] [<ffffffff815147bb>] efi_pstore_read_func.part.1+0x12b/0x170
[ 1.144058] [<ffffffff81514800>] ? efi_pstore_read_func.part.1+0x170/0x170
[ 1.144058] [<ffffffff815148b4>] efi_pstore_read_func+0xb4/0xe0
[ 1.144058] [<ffffffff81512b7b>] __efivar_entry_iter+0xfb/0x120
[ 1.144058] [<ffffffff8151428f>] efi_pstore_read+0x3f/0x50
[ 1.144058] [<ffffffff8128d7ba>] pstore_get_records+0x9a/0x150
[ 1.158207] [<ffffffff812af25c>] ? selinux_d_instantiate+0x1c/0x20
[ 1.158207] [<ffffffff8128ce30>] ? parse_options+0x80/0x80
[ 1.158207] [<ffffffff8128ced5>] pstore_fill_super+0xa5/0xc0
[ 1.158207] [<ffffffff811ae7d2>] mount_single+0xa2/0xd0
[ 1.158207] [<ffffffff8128ccf8>] pstore_mount+0x18/0x20
[ 1.158207] [<ffffffff811ae8b9>] mount_fs+0x39/0x1b0
[ 1.158207] [<ffffffff81160550>] ? __alloc_percpu+0x10/0x20
[ 1.158207] [<ffffffff811c9493>] vfs_kern_mount+0x63/0xf0
[ 1.158207] [<ffffffff811cbb0e>] do_mount+0x23e/0xa20
[ 1.158207] [<ffffffff8115b51b>] ? strndup_user+0x4b/0xf0
[ 1.158207] [<ffffffff811cc373>] SyS_mount+0x83/0xc0
[ 1.158207] [<ffffffff81673cc2>] system_call_fastpath+0x16/0x1b
[ 1.158207] ---[ end trace 61981bc62de9f6f4 ]---
Signed-off-by: Seiji Aguchi <seiji.aguchi@hds.com>
Tested-by: Madper Xie <cxie@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
The current breakpoint instruction checking code for A32 is not endian
clean. Fix this with appropriate byte-swapping when retrieving
instructions.
Signed-off-by: Matthew Leach <matthew.leach@arm.com>
Reviewed-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
On a BE system the wrong half of the X registers is retrieved/written
when attempting to get/set the value of aarch32 registers through
ptrace.
Ensure that types are the correct width so that the relevant
casting occurs.
Signed-off-by: Matthew Leach <matthew.leach@arm.com>
Reviewed-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
- A big slew of documentation for the gpiod transition that
happened in the merge window, no semantic effect, but we should
provide proper documentation with the new API.
- Fix flags related to the new API.
- Fix to the find_chip_by_name() lookup function related to the
new API.
- Fix of_find_gpio() when not using device tree.
- Bug fix for the TB10x direction setting.
- Error path fixes from Dan Carpenter.
- Nasty IRQdomain bug relating to taking an unitialized spinlock.
- Minor fixes here and there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAABAgAGBQJSl0gWAAoJEEEQszewGV1zSSAQAJVkZCQPMpj+NYOFs8wxubKl
t0cwISUN8VNrUOkUZbNZNev80FYbBsYGtedLiKSNKPuO/Vu0vBWPlx474XNmk0W+
OEoV9bjTFOvLYjh+JDEm5BSjHhVoHbo5dAE6/mk2GCfAxuky6XJ/U1IelV+pBVsK
+AG5ldGomVj64nd7SVnxHT6pu3IR0QspwIY0skgLzX/gmCZFse3jhdmkfuHL7TTg
94H5/FOLP9zFYhwIhu7jb+ryhvixnnhJ4vbNN16lT2ZrOVy/q1a9YYDY4CNp5Qpz
DdTHVJ2GS6z2WIwWwoz5zbjjAid0fL7I8yZ3YmsB8pCxUmRleuy5ciKqUtzyo075
A549HUxMzYuxYzCmGMI8YomMjfdpmtjGnxPd06gKyGUQmEAseAnB1UeGlK8MUMDR
pXaPTdTi+r7qECKWIk/upkTbJjvp7sW2pKrPiK1CQupgSRDAEGjqYHT4hUglJzoC
RVidfh1fb0BCG07F98LCmLTHubAzVmDVM4RjJuMb9KuCEOWEVtKjF7KII/dEtcPI
oNZBwoez4m6glcCAy194ZNn6xON19QhVK4qBB9pdl/h/cIw8JJ+yPagofzLgr25R
HsH0vSWx6lMVAYiFCRn2WKCsVeUIeZZFO6cswywlH6by8glUZOlzLiMeoO4MsoIu
UasaUADY+GKYQEbHi/GA
=GmyD
-----END PGP SIGNATURE-----
Merge tag 'gpio-v3.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Here us a bunch of patches for the v3.13 series. Most important stuff
is related to fixes and documentation for the new GPIO descriptor API.
If the diffstat is scary you'll notice most of it is to
Documentation/*:
- A big slew of documentation for the gpiod transition that happened
in the merge window, no semantic effect, but we should provide
proper documentation with the new API.
- Fix flags related to the new API.
- Fix to the find_chip_by_name() lookup function related to the new
API.
- Fix of_find_gpio() when not using device tree.
- Bug fix for the TB10x direction setting.
- Error path fixes from Dan Carpenter.
- Nasty IRQdomain bug relating to taking an unitialized spinlock.
- Minor fixes here and there"
* tag 'gpio-v3.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: bcm281xx: Fix return value of bcm_kona_gpio_get()
gpio: pl061: move irqdomain initialization
gpio: ucb1400: Add MODULE_ALIAS
gpiolib: fix of_find_gpio() when OF not defined
gpio: fix memory leak in error path
gpio: rcar: NULL dereference on error in probe()
gpio: msm: make msm_gpio.summary_irq signed for error handling
gpio: mvebu: make mvchip->irqbase signed for error handling
gpiolib: use dedicated flags for GPIO properties
gpiolib: fix find_chip_by_name()
Documentation: gpiolib: document new interface
gpio: tb10x: Set output value before setting direction to output
All recent regressions, one in 3.12 so marked for -stable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIVAwUAUpaIkjnsnt1WYoG5AQLNwQ//asj11BcgtWb0kwS/5y4VuVR2+nnxxVLJ
QO1NXvUT9BJGk+TYjfTQj4gLkXdFlyLxTgbApFxquM36rUAtvfpz+K/j7hWk6wsY
NFHuX3U27YD+GWIyOcroT8QhUWYVhonmwqoQFx9Kt6rSa+T1gyloF+Huj5DAUipN
5rtzlPIXsJca/bafbA40E22Wki0nVJL99kTV7F2fKkYOIo+rm+0BuhtUgHinMKRy
jSgE4kqTAQIH5Jnsa1h6mRheeQc7W3TzEB6Cx6JN9aj7NTnZmrf1NCPgTTyza2Ub
oc+FvgDQCqSH9XzKaMEYMn3NixZsYwoBwXkS6joNpm9CzLrpNMs3gX3zjwLAqBH0
eAaFtm8Z5h/pdp3a7SWAv4hnjzIetqAMIR5CFsd1mkBQeHpWml0kWkE/AFzEFx4C
qzyuZHQR7+h4gFrQusEokMoAcIG+dOcTogDFdvLEoxzfU8BooZ9/GyKnkYRq9rLd
OvLtZPJkQ5jcdnvgOtvNpnS9riuLs37UPxlmN+Q862UKoxqg1m1frwIWnShm9eaY
WYmPiPao0kHhK38y/oSQpZ5NkD+r0KloM2KrJYJeybVCckbg4XQLoA3yPwJhXZyP
1FnUY7o7dEKtPCcEGcgsDziw/53b3OrmbLmlLKrZIV04tl19pFbbq0PdOhSejMvV
QHQw4aiJ/HY=
=nRsH
-----END PGP SIGNATURE-----
Merge tag 'md/3.13-fixes' of git://neil.brown.name/md
Pull md fixes from Neil Brown:
"Three bug fixes for md in 3.13-rc
All recent regressions, one in 3.12 so marked for -stable"
* tag 'md/3.13-fixes' of git://neil.brown.name/md:
md/raid5: fix newly-broken locking in get_active_stripe.
md: test mddev->flags more safely in md_check_recovery.
md/raid5: fix new memory-reference bug in alloc_thread_groups.
Pull cifs fixes from Steve French:
"SMB3 "validate negotiate" is needed to prevent certain types of
downgrade attacks.
Also changes SMB2/SMB3 copy offload from using the BTRFS copy ioctl
(BTRFS_IOC_CLONE) to a cifs specific ioctl (CIFS_IOC_COPYCHUNK_FILE)
to address Christoph's comment that there are semantic differences
between requesting copy offload in which copy-on-write is mandatory
(as in the BTRFS ioctl) and optional in the SMB2/SMB3 case. Also
fixes SMB2/SMB3 copychunk for large files"
* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
[CIFS] Do not use btrfs refcopy ioctl for SMB2 copy offload
Check SMB3 dialects against downgrade attacks
Removed duplicated (and unneeded) goto
CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files
The init_kernel_text() and core_kernel_text() functions should not
include the labels _einittext and _etext when checking if an address is
inside the .text or .init sections.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
As of c0114709ed: "irqchip: gic: Perform the gic_secondary_init() call
via CPU notifier", booting on a platform with chained gics (e.g.
Realview EB ARM11MPCore) will result in the gic_cpu_notifier being
registered twice, corrupting the cpu notifier list and rendering the
platform unbootable.
This patch ensures that we only register the notifier for the first
gic, allowing platforms with chained gics to boot. At the same time we
limit the pointlessly duplicated calls to set_smp_cross_call and
set_handle_irq to the first gic registered.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: marc.zyngier@arm.com
Cc: rob.herring@calxeda.com
Cc: olof@lixom.net
Link: http://lkml.kernel.org/r/1385648500-29048-1-git-send-email-mark.rutland@arm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Commit d8a32ac256 (crypto: testmgr - make
test_aead also test 'dst != src' code paths) added support for different
source and destination buffers in test_aead.
This patch modifies the source and destination buffer lengths accordingly:
the lengths are not equal since encryption / decryption adds / removes
the ICV.
Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter