Commit Graph

389337 Commits

Author SHA1 Message Date
Alan Stern 9a11899c5e USB: OHCI: add missing PCI PM callbacks to ohci-pci.c
Commit c1117afb85 (USB: OHCI: make ohci-pci a separate driver)
neglected to preserve the entries for the pci_suspend and pci_resume
driver callbacks.  As a result, OHCI controllers don't work properly
during suspend and after hibernation.

This patch adds the missing callbacks to the driver.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Steve Cotton <steve@s.cotton.clara.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-08-23 10:41:46 -07:00
Ian Abbott 3955dfa821 staging: comedi: bug-fix NULL pointer dereference on failed attach
Commit dcd7b8bd63 ("staging: comedi: put
module _after_ detach" by myself) reversed a couple of calls in
`comedi_device_attach()` when recovering from an error returned by the
low-level driver's 'attach' handler.  Unfortunately, that introduced a
NULL pointer dereference bug as `dev->driver` is NULL after the call to
`comedi_device_detach()`.   We still have a pointer to the low-level
comedi driver structure in the `driv` variable, so use that instead.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-08-23 10:31:47 -07:00
Linus Torvalds 41a00f7950 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Merge networking fixes from David Miller:

 1) Revert Johannes Berg's genetlink locking fix, because it causes
    regressions.

    Johannes and Pravin Shelar are working on fixing things properly.

 2) Do not drop ipv6 ICMP messages without a redirected header option,
    they are legal.  From Duan Jiong.

 3) Missing error return propagation in probing of via-ircc driver.
    From Alexey Khoroshilov.

 4) Do not clear out broadcast/multicast/unicast/WOL bits in r8169 when
    initializing, from Peter Wu.

 5) realtek phy driver programs wrong interrupt status bit, from
    Giuseppe CAVALLARO.

 6) Fix statistics regression in AF_PACKET code, from Willem de Bruijn.

 7) Bridge code uses wrong bitmap length, from Toshiaki Makita.

 8) SFC driver uses wrong indexes to look up MAC filters, from Ben
    Hutchings.

 9) Don't pass stack buffers into usb control operations in hso driver,
    from Daniel Gimpelevich.

10) Multiple ipv6 fragmentation headers in one packet is illegal and
    such packets should be dropped, from Hannes Frederic Sowa.

11) When TCP sockets are "repaired" as part of checkpoint/restart, the
    timestamp field of SKBs need to be refreshed otherwise RTOs can be
    wildly off.  From Andrey Vagin.

12) Fix memcpy args (uses 'address of pointer' instead of 'pointer') in
    hostp driver.  From Dan Carpenter.

13) nl80211hdr_put() doesn't return an ERR_PTR, but some code believes
    it does.  From Dan Carpenter.

14) Fix regression in wireless SME disconnects, from Johannes Berg.

15) Don't use a stack buffer for DMA in zd1201 USB wireless driver, from
    Jussi Kivilinna.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (33 commits)
  ipv4: expose IPV4_DEVCONF
  ipv6: handle Redirect ICMP Message with no Redirected Header option
  be2net: fix disabling TX in be_close()
  Revert "genetlink: fix family dump race"
  hso: Fix stack corruption on some architectures
  hso: Earlier catch of error condition
  sfc: Fix lookup of default RX MAC filters when steered using ethtool
  bridge: Use the correct bit length for bitmap functions in the VLAN code
  packet: restore packet statistics tp_packets to include drops
  net: phy: rtl8211: fix interrupt on status link change
  r8169: remember WOL preferences on driver load
  via-ircc: don't return zero if via_ircc_open() failed
  macvtap: Ignore tap features when VNET_HDR is off
  macvtap: Correctly set tap features when IFF_VNET_HDR is disabled.
  macvtap: simplify usage of tap_features
  tcp: set timestamps for restored skb-s
  bnx2x: set VF DMAE when first function has 0 supported VFs
  bnx2x: Protect against VFs' ndos when SR-IOV is disabled
  bnx2x: prevent VF benign attentions
  bnx2x: Consider DCBX remote error
  ...
2013-08-23 09:54:21 -07:00
Linus Torvalds 3db0d4defc Merge branch 'akpm' (patches from Andrew Morton)
Merge fixes from Andrew Morton:
 "A few fixes.  One is a licensing change and I don't do licensing, so
  please eyeball that one"

Licensing eye-balled.

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  lib/lz4: correct the LZ4 license
  memcg: get rid of swapaccount leftovers
  nilfs2: fix issue with counting number of bio requests for BIO_EOPNOTSUPP error detection
  nilfs2: remove double bio_put() in nilfs_end_bio_write() for BIO_EOPNOTSUPP error
  drivers/platform/olpc/olpc-ec.c: initialise earlier
2013-08-23 09:52:32 -07:00
Richard Laager ee8a99bdb4 lib/lz4: correct the LZ4 license
The LZ4 code is listed as using the "BSD 2-Clause License".

Signed-off-by: Richard Laager <rlaager@wiktel.com>
Acked-by: Kyungsik Lee <kyungsik.lee@lge.com>
Cc: Chanho Min <chanho.min@lge.com>
Cc: Richard Yao <ryao@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ The 2-clause BSD can be just converted into GPL, but that's rude and
  pointless, so don't do it   - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-23 09:51:22 -07:00
Michal Hocko 07555ac144 memcg: get rid of swapaccount leftovers
The swapaccount kernel parameter without any values has been removed by
commit a2c8990aed ("memsw: remove noswapaccount kernel parameter") but
it seems that we didn't get rid of all the left overs.

Make sure that menuconfig help text and kernel-parameters.txt are clear
about value for the paramter and remove the stalled comment which is not
very much useful on its own.

Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Gergely Risko <gergely@risko.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-23 09:51:22 -07:00
Vyacheslav Dubeyko 4bf93b50fd nilfs2: fix issue with counting number of bio requests for BIO_EOPNOTSUPP error detection
Fix the issue with improper counting number of flying bio requests for
BIO_EOPNOTSUPP error detection case.

The sb_nbio must be incremented exactly the same number of times as
complete() function was called (or will be called) because
nilfs_segbuf_wait() will call wail_for_completion() for the number of
times set to sb_nbio:

  do {
      wait_for_completion(&segbuf->sb_bio_event);
  } while (--segbuf->sb_nbio > 0);

Two functions complete() and wait_for_completion() must be called the
same number of times for the same sb_bio_event.  Otherwise,
wait_for_completion() will hang or leak.

Signed-off-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-23 09:51:22 -07:00
Vyacheslav Dubeyko 2df37a19c6 nilfs2: remove double bio_put() in nilfs_end_bio_write() for BIO_EOPNOTSUPP error
Remove double call of bio_put() in nilfs_end_bio_write() for the case of
BIO_EOPNOTSUPP error detection.  The issue was found by Dan Carpenter
and he suggests first version of the fix too.

Signed-off-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-23 09:51:22 -07:00
Daniel Drake 93dbc1b3b5 drivers/platform/olpc/olpc-ec.c: initialise earlier
Being a low-level component, various drivers (e.g.  olpc-battery) assume
that it is ok to communicate with the OLPC Embedded Controller during
probe.  Therefore the OLPC EC driver must be initialised before other
drivers try to use it.  This was the case until it was recently moved
out of arch/x86 and restructured around commits ac2504151f ("Platform:
OLPC: turn EC driver into a platform_driver") and 85f90cf6ca ("x86:
OLPC: switch over to using new EC driver on x86").

Use arch_initcall so that olpc-ec is readied earlier, matching the
previous behaviour.

Fixes a regression introduced in Linux-3.6 where various drivers such as
olpc-battery and olpc-xo1-sci failed to load due to an inability to
communicate with the EC.  The user-visible effect was a lack of battery
monitoring, missing ebook/lid switch input devices, etc.

Signed-off-by: Daniel Drake <dsd@laptop.org>
Cc: Andres Salomon <dilinger@queued.net>
Cc: Paul Fox <pgf@laptop.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-23 09:51:22 -07:00
John W. Linville 81ca2ff945 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-08-23 11:47:48 -04:00
Dave Airlie 4dd17ee957 Merge tag 'drm-intel-fixes-2013-08-23' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes
Just one patch that soaked for quite a bit to fix a resume issue,
resulting in gpu hangs (or worse) due to tlb containing garbage.

* tag 'drm-intel-fixes-2013-08-23' of git://people.freedesktop.org/~danvet/drm-intel:
  drm/i915: Invalidate TLBs for the rings after a reset
2013-08-23 18:52:37 +10:00
stephen hemminger 4a5a8aa6c9 ipv4: expose IPV4_DEVCONF
IP sends device configuration (see inet_fill_link_af) as an array
in the netlink information, but the indices in that array are not
exposed to userspace through any current santized header file.

It was available back in 2.6.32 (in /usr/include/linux/sysctl.h)
but was broken by:
  commit 02291680ff
  Author: Eric W. Biederman <ebiederm@xmission.com>
  Date:   Sun Feb 14 03:25:51 2010 +0000

    net ipv4: Decouple ipv4 interface parameters from binary sysctl numbers

Eric was solving the sysctl problem but then the indices were re-exposed
by a later addition of devconf support for IPV4

  commit 9f0f7272ac
  Author: Thomas Graf <tgraf@infradead.org>
  Date:   Tue Nov 16 04:32:48 2010 +0000

    ipv4: AF_INET link address family

Putting them in /usr/include/linux/ip.h seemed the logical match
for the DEVCONF_ definitions for IPV6 in /usr/include/linux/ip6.h

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-22 20:30:15 -07:00
Duan Jiong c92a59eca8 ipv6: handle Redirect ICMP Message with no Redirected Header option
rfc 4861 says the Redirected Header option is optional, so
the kernel should not drop the Redirect Message that has no
Redirected Header option. In this patch, the function
ip6_redirect_no_header() is introduced to deal with that
condition.

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
2013-08-22 20:08:21 -07:00
Sathya Perla 6e1f99757a be2net: fix disabling TX in be_close()
commit fba875591 ("disable TX in be_close()") disabled TX in be_close()
to protect be_xmit() from touching freed up queues in the AER recovery
flow.  But, TX must be disabled *before* cleaning up TX completions in
the close() path, not after. This allows be_tx_compl_clean() to free up
all TX-req skbs that were notified to the HW.

Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-22 19:58:23 -07:00
Rafael J. Wysocki 168cf0eca4 Revert "ACPI / video: Always call acpi_video_init_brightness() on init"
Revert commit c04c697 (ACPI / video: Always call acpi_video_init_brightness()
on init), because it breaks eDP backlight at 1920x1080 on Acer Aspire S3
for Trevor Bortins.

References: https://bugs.freedesktop.org/show_bug.cgi?id=68355
Reported-and-bisected-by: Trevor Bortins <enabfluw@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-08-22 23:39:02 +02:00
David S. Miller 2266c68f36 Merge branch 'sfc-3.11' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc
Merge in a fix for RX MAC address filter programming bug in the sfc
driver.

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-22 14:34:13 -07:00
Takashi Iwai 2ca320e294 ALSA: hda - Fix NULL dereference with CONFIG_SND_DYNAMIC_MINORS=n
Without the dynamic minor assignment, HDMI codec may have less PCM
instances than the number of pins, which eventually leads to Oops.

Reported-by: Stratos Karafotis <stratosk@semaphore.gr>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-08-22 23:22:39 +02:00
Johannes Berg 9d47b38056 Revert "genetlink: fix family dump race"
This reverts commit 58ad436fcf.

It turns out that the change introduced a potential deadlock
by causing a locking dependency with netlink's cb_mutex. I
can't seem to find a way to resolve this without doing major
changes to the locking, so revert this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-22 13:24:02 -07:00
Linus Torvalds 6a7492a4b2 Merge branch 'linux-next' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver fixes from Matthew Garrett:
 "Three trivial fixes - the first reverts a patch that's broken some
  other devices (again - I'm trying to figure out a clean way to
  implement this), the other two fix minor issues in the sony-laptop
  driver"

* 'linux-next' of git://cavan.codon.org.uk/platform-drivers-x86:
  Revert "hp-wmi: Enable hotkeys on some systems"
  sony-laptop: Fix reporting of gfx_switch_status
  sony-laptop: return a negative error code in sonypi_compat_init()
2013-08-22 13:04:11 -07:00
Sujith Manoharan 19c361608c ath9k: Enable PLL fix only for AR9340/AR9330
The PLL hang workaround is required only for AR9330 and
AR9340. This issue was first observed on an AP121 and the WAR
is enabled for AR9340 also (DB120 etc.), since it uses a PLL
design identical to AR9330. This is not required for AR9485 and AR9550.

Various bugs have been reported regarding this:

https://bugzilla.redhat.com/show_bug.cgi?id=997217
https://bugzilla.redhat.com/show_bug.cgi?id=994648

Cc: stable@vger.kernel.org
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-08-22 14:21:04 -04:00
Helmut Schaa d2e9fc141e ath9k_htc: Restore skb headroom when returning skb to mac80211
ath9k_htc adds padding between the 802.11 header and the payload during
TX by moving the header. When handing the frame back to mac80211 for TX
status handling the header is not moved back into its original position.
This can result in a too small skb headroom when entering ath9k_htc
again (due to a soft retransmission for example) causing an
skb_under_panic oops.

Fix this by moving the 802.11 header back into its original position
before returning the frame to mac80211 as other drivers like rt2x00
or ath5k do.

Reported-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Tested-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-08-22 14:21:03 -04:00
Linus Torvalds 1f8b76656b ARM: SoC fixes for 3.11-rc
A handful of fixes for 3.11 are still trickling in. These are:
 - A couple of fixes for older OMAP platforms
 - Another few fixes for at91 (lateish due to European summer vacations)
 - A late-found problem with USB on Tegra, fix is to keep VBUS regulator
   on at all times
 - One fix for Exynos 5440 dealing with CPU detection
 - One MAINTAINERS update
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJSFbbrAAoJEIwa5zzehBx3J3EP/3iaagsR0S9Ya8V+11tquVMQ
 5S6xF7BQddJRiM1wVwkApDXHCVEiNfKs2AAh6aFQTZhHF+2hXFY80afFSCon52tx
 same+gTJw5qsuxrDfFTfBwuyv/cAqGnfAx+EV8nHDPk3vcC62xfLbLemvBWFu+sz
 jXwhmbGmqxOffHiAAaXEbz01YYq1BQeRvm9dTXStJGmcyUomG+73DV8CSs2gKUEU
 vC7MRj1yYDRtuwkEKdHN3IDfyWpwzgYi5iS1nL1OI0MP+6Jt2dLa+j7uALXKV+f/
 R3KOkJRXBQ1W+kCd0DbiyORd9sGOM1rzHPYQF0XqtgdoYGzcQ/2B53OlFaoPBkvs
 Y+Z+B3OZZChLeZRy520x5hi5NkdVq3kcH377rND+w01ss4KFfttjb9Y0rpJ6kqaG
 L61ElFF6TGiU5WVU079gR+zVGNKhG4hZrtPvkyfHA9wN7KX5lin0BUuvX7hmFu3o
 bcF5TkcT30hIGSsvwa+DAsAsyirehuClu3QK0Val9OpZJ01Z8h/amFAjVXz/Y6N9
 xQokQ1LsttwBG/rkniahEy00Vda2sE9PXlPzopHclytq5JyiUs6zdR7nUHhyTXIM
 xpvnxV1CrGZGoNr3J9yzdKiGuw6q7kbjsOR7vwY9nH+BniFpG8YDm418UrhsN3cp
 IRo0ZDIIXlcZCyKrRl5F
 =NVob
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "A handful of fixes for 3.11 are still trickling in.  These are:
   - A couple of fixes for older OMAP platforms
   - Another few fixes for at91 (lateish due to European summer
     vacations)
   - A late-found problem with USB on Tegra, fix is to keep VBUS
     regulator on at all times
   - One fix for Exynos 5440 dealing with CPU detection
   - One MAINTAINERS update"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: tegra: always enable USB VBUS regulators
  ARM: davinci: nand: specify ecc strength
  ARM: OMAP: rx51: change musb mode to OTG
  ARM: OMAP2: fix musb usage for n8x0
  MAINTAINERS: Update email address for Benoit Cousson
  ARM: at91/DT: fix at91sam9n12ek memory node
  ARM: at91: add missing uart clocks DT entries
  ARM: SAMSUNG: fix to support for missing cpu specific map_io
  ARM: at91/DT: at91sam9x5ek: fix USB host property to enable port C
2013-08-22 10:44:44 -07:00
Linus Torvalds 8351fcfe4f For DT unflattening, add missing memory initialization. This is needed
for arches like PPC that use memblock_alloc. This appears to have been
 an issue for some time, but is a somewhat limited usecase of OF_DYNAMIC.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJSFWZgAAoJEMhvYp4jgsXipiIH/3mswl+2WQT+d7+d5cjqOD8P
 xIY4jOZlmkpKcT8fc3eZFkXA/vbcDGU/+PkMcYrP8VqXC3DuAqbTuNr/tet9Vnio
 XuMAE4AeXxSK4RL+L+u+6sEuhXMkrMiZlk0vBLbDo6MVOKEiOoCzp8CH76q8OvdY
 TF6Nyn3M8MCdLW33Una8UcZuUNd53Im+Ycie1AmfgL/dAVsbB9kYa5q8gO6YeFtJ
 Hq6RBXN3Rx2HH5rwzOFVk95MGvxrIthqU5RmmEcvJ/Dz4cZCcqdFYxZ4EXxHvFN2
 LEM89C8Qivoe2ONKDY/BfENLrNkokeFrG4w0mFjGGa5xr8WEj11AJgEuFSSGjdI=
 =vkWu
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-3.11' of git://sources.calxeda.com/kernel/linux

Pull device tree fix from Rob Herring:
 "For DT unflattening, add missing memory initialization.

  This is needed for arches like PPC that use memblock_alloc.  This
  appears to have been an issue for some time, but is a somewhat limited
  usecase of OF_DYNAMIC"

* tag 'devicetree-fixes-for-3.11' of git://sources.calxeda.com/kernel/linux:
  of: fdt: fix memory initialization for expanded DT
2013-08-22 10:43:47 -07:00
Linus Torvalds ee7075d45f A patch to fix dm-cache-policy-mq's remove_mapping() conflict with sparc32.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQEcBAABAgAGBQJSE8bRAAoJEMUj8QotnQNaTEEH/A+Nopgj94CbYaty/6iCeCtE
 kUwQh7mCg+JoGK0YfJFq9BgseYSC0iCH0bqgV0vhd46nLxn6k0SUhVB1+exT+d0b
 5enQOQ0ngyji4ghTrNId+FD0KXqkpg96YPyWg2NgoVlVrH1Nk2TNyZSGn5vVisM6
 xSFJ2gjL5o00pspCamVuAHBDYgQPtq3S/JIVk3ndrc3wvUl4SuhJMT6vc39oo0QA
 MndWBgxTHCcMBgcWo5RF7uCYr+HLXf6mD+ZFt4qw+NF3qAkMzM9lSL7YkCWAghPH
 uPktyvwczGI9C+VT5uPD+EbvFJGQbBscV+/wGIEkniWhyIjXcQTfOaTqVpFRcNQ=
 =qzw6
 -----END PGP SIGNATURE-----

Merge tag 'dm-3.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fix from Mike Snitzer:
 "A patch to fix dm-cache-policy-mq's remove_mapping() conflict with
  sparc32"

* tag 'dm-3.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm cache: avoid conflicting remove_mapping() in mq policy
2013-08-22 10:43:00 -07:00
Radu Caragea 41aacc1eea x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member
This is the updated version of df54d6fa54 ("x86 get_unmapped_area():
use proper mmap base for bottom-up direction") that only randomizes the
mmap base address once.

Signed-off-by: Radu Caragea <sinaelgl@gmail.com>
Reported-and-tested-by: Jeff Shorey <shoreyjeff@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michel Lespinasse <walken@google.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Adrian Sendroiu <molecula2788@gmail.com>
Cc: Greg KH <greg@kroah.com>
Cc: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-22 10:19:35 -07:00
Linus Torvalds 5ea80f76a5 Revert "x86 get_unmapped_area(): use proper mmap base for bottom-up direction"
This reverts commit df54d6fa54.

The commit isn't necessarily wrong, but because it recalculates the
random mmap_base every time, it seems to confuse user memory allocators
that expect contiguous mmap allocations even when the mmap address isn't
specified.

In particular, the MATLAB Java runtime seems to be unhappy. See

  https://bugzilla.kernel.org/show_bug.cgi?id=60774

So we'll want to apply the random offset only once, and Radu has a patch
for that.  Revert this older commit in order to apply the other one.

Reported-by: Jeff Shorey <shoreyjeff@gmail.com>
Cc: Radu Caragea <sinaelgl@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-08-22 10:18:44 -07:00
Martin Peschke b5dc3c4800 [SCSI] zfcp: remove access control tables interface (keep sysfs files)
By popular demand, this patch brings back a couple of sysfs attributes
removed by commit 663e0890e3
"[SCSI] zfcp: remove access control tables interface".
The content has been irrelevant for years, but the files must be
there forever for whatever user space tools that may rely on them.

Since these files always return a constant value, a new stripped
down show-macro was required. Otherwise build warnings would have
been introduced.

Signed-off-by: Martin Peschke <mpeschke@linux.vnet.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-08-22 09:26:51 -07:00
Martin Peschke 924dd584b1 [SCSI] zfcp: fix schedule-inside-lock in scsi_device list loops
BUG: sleeping function called from invalid context at kernel/workqueue.c:2752
in_atomic(): 1, irqs_disabled(): 1, pid: 360, name: zfcperp0.0.1700
CPU: 1 Not tainted 3.9.3+ #69
Process zfcperp0.0.1700 (pid: 360, task: 0000000075b7e080, ksp: 000000007476bc30)
<snip>
Call Trace:
([<00000000001165de>] show_trace+0x106/0x154)
 [<00000000001166a0>] show_stack+0x74/0xf4
 [<00000000006ff646>] dump_stack+0xc6/0xd4
 [<000000000017f3a0>] __might_sleep+0x128/0x148
 [<000000000015ece8>] flush_work+0x54/0x1f8
 [<00000000001630de>] __cancel_work_timer+0xc6/0x128
 [<00000000005067ac>] scsi_device_dev_release_usercontext+0x164/0x23c
 [<0000000000161816>] execute_in_process_context+0x96/0xa8
 [<00000000004d33d8>] device_release+0x60/0xc0
 [<000000000048af48>] kobject_release+0xa8/0x1c4
 [<00000000004f4bf2>] __scsi_iterate_devices+0xfa/0x130
 [<000003ff801b307a>] zfcp_erp_strategy+0x4da/0x1014 [zfcp]
 [<000003ff801b3caa>] zfcp_erp_thread+0xf6/0x2b0 [zfcp]
 [<000000000016b75a>] kthread+0xf2/0xfc
 [<000000000070c9de>] kernel_thread_starter+0x6/0xc
 [<000000000070c9d8>] kernel_thread_starter+0x0/0xc

Apparently, the ref_count for some scsi_device drops down to zero,
triggering device removal through execute_in_process_context(), while
the lldd error recovery thread iterates through a scsi device list.
Unfortunately, execute_in_process_context() decides to immediately
execute that device removal function, instead of scheduling asynchronous
execution, since it detects process context and thinks it is safe to do
so. But almost all calls to shost_for_each_device() in our lldd are
inside spin_lock_irq, even in thread context. Obviously, schedule()
inside spin_lock_irq sections is a bad idea.

Change the lldd to use the proper iterator function,
__shost_for_each_device(), in combination with required locking.

Occurences that need to be changed include all calls in zfcp_erp.c,
since those might be executed in zfcp error recovery thread context
with a lock held.

Other occurences of shost_for_each_device() in zfcp_fsf.c do not
need to be changed (no process context, no surrounding locking).

The problem was introduced in Linux 2.6.37 by commit
b62a8d9b45
"[SCSI] zfcp: Use SCSI device data zfcp_scsi_dev instead of zfcp_unit".

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Peschke <mpeschke@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org #2.6.37+
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-08-22 09:24:02 -07:00
Martin Peschke d79ff14262 [SCSI] zfcp: fix lock imbalance by reworking request queue locking
This patch adds wait_event_interruptible_lock_irq_timeout(), which is a
straight-forward descendant of wait_event_interruptible_timeout() and
wait_event_interruptible_lock_irq().

The zfcp driver used to call wait_event_interruptible_timeout()
in combination with some intricate and error-prone locking. Using
wait_event_interruptible_lock_irq_timeout() as a replacement
nicely cleans up that locking.

This rework removes a situation that resulted in a locking imbalance
in zfcp_qdio_sbal_get():

BUG: workqueue leaked lock or atomic: events/1/0xffffff00/10
    last function: zfcp_fc_wka_port_offline+0x0/0xa0 [zfcp]

It was introduced by commit c2af7545aa
"[SCSI] zfcp: Do not wait for SBALs on stopped queue", which had a new
code path related to ZFCP_STATUS_ADAPTER_QDIOUP that took an early exit
without a required lock being held. The problem occured when a
special, non-SCSI I/O request was being submitted in process context,
when the adapter's queues had been torn down. In this case the bug
surfaced when the Fibre Channel port connection for a well-known address
was closed during a concurrent adapter shut-down procedure, which is a
rare constellation.

This patch also fixes these warnings from the sparse tool (make C=1):

drivers/s390/scsi/zfcp_qdio.c:224:12: warning: context imbalance in
 'zfcp_qdio_sbal_check' - wrong count at exit
drivers/s390/scsi/zfcp_qdio.c:244:5: warning: context imbalance in
 'zfcp_qdio_sbal_get' - unexpected unlock

Last but not least, we get rid of that crappy lock-unlock-lock
sequence at the beginning of the critical section.

It is okay to call zfcp_erp_adapter_reopen() with req_q_lock held.

Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Peschke <mpeschke@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org #2.6.35+
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-08-22 08:53:30 -07:00
Stanislaw Gruszka b2fcc0aee5 iwl4965: fix rfkill set state regression
My current 3.11 fix:

commit 788f7a56fc
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Thu Aug 1 12:07:55 2013 +0200

    iwl4965: reset firmware after rfkill off

broke rfkill notification to user-space . I missed that bug, because
I compiled without CONFIG_RFKILL, sorry about that.

Cc: stable@vger.kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-08-22 11:40:08 -04:00
John W. Linville 89b5f74a26 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2013-08-22 11:35:22 -04:00
Stephen Warren 30ca2226be ARM: tegra: always enable USB VBUS regulators
This fixes a regression exposed during the merge window by commit
9f310de "ARM: tegra: fix VBUS regulator GPIO polarity in DT"; namely that
USB VBUS doesn't get turned on, so USB devices are not detected. This
affects the internal USB port on TrimSlice (i.e. the USB->SATA bridge, to
which the SSD is connected) and the external port(s) on Seaboard/
Springbank and Whistler.

The Tegra DT as written in v3.11 allows two paths to enable USB VBUS:

1) Via the legacy DT binding for the USB controller; it can directly
   acquire a VBUS GPIO and activate it.

2) Via a regulator for VBUS, which is referenced by the new DT binding
   for the USB controller.

Those two methods both use the same GPIO, and hence whichever of the
USB controller and regulator gets probed first ends up owning the GPIO.
In practice, the USB driver only supports path (1) above, since the
patches to support the new USB binding are not present until v3.12:-(

In practice, the regulator ends up being probed first and owning the
GPIO. Since nothing enables the regulator (the USB driver code is not
yet present), the regulator ends up being turned off. This originally
caused no problem, because the polarity in the regulator definition was
incorrect, so attempting to turn off the regulator actually turned it
on, and everything worked:-(

However, when testing the new USB driver code in v3.12, I noticed the
incorrect polarity and fixed it in commit 9f310de "ARM: tegra: fix VBUS
regulator GPIO polarity in DT". In the context of v3.11, this patch then
caused the USB VBUS to actually turn off, which broke USB ports with VBUS
control. I got this patch included in v3.11-rc1 since it fixed a bug in
device tree (incorrect polarity specification), and hence was suitable to
be included early in the rc series. I evidently did not test the patch at
all, or correctly, in the context of v3.11, and hence did not notice the
issue that I have explained above:-(

Fix this by making the USB VBUS regulators always enabled. This way, if
the regulator owns the GPIO, it will always be turned on, even if there
is no USB driver code to request the regulator be turned on. Even
ignoring this bug, this is a reasonable way to configure the HW anyway.

If this patch is applied to v3.11, it will cause a couple pretty trivial
conflicts in tegra20-{trimslice,seaboard}.dts when creating v3.12, since
the context right above the added lines changed in patches destined for
v3.12.

Reported-by: Kyle McMartin <kmcmarti@redhat.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2013-08-21 21:36:19 -07:00
Daniel Gimpelevich e75dc677ff hso: Fix stack corruption on some architectures
As Sergei Shtylyov explained in the #mipslinux IRC channel:
[Mon 2013-08-19 12:28:21 PM PDT] <headless> guys, are you sure it's not "DMA off stack" case?
[Mon 2013-08-19 12:28:35 PM PDT] <headless> it's a known stack corruptor on non-coherent arches
[Mon 2013-08-19 12:31:48 PM PDT] <DonkeyHotei> headless: for usb/ehci?
[Mon 2013-08-19 12:34:11 PM PDT] <DonkeyHotei> headless: explain
[Mon 2013-08-19 12:35:38 PM PDT] <headless> usb_control_msg() (or other such func) should not use buffer on stack. DMA from/to stack is prohibited
[Mon 2013-08-19 12:35:58 PM PDT] <headless> and EHCI uses DMA on control xfers (as well as all the others)

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-21 20:47:59 -07:00
Daniel Gimpelevich 35e57e1b49 hso: Earlier catch of error condition
There is no need to get an interface specification if we know it's the
wrong one.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-21 20:47:59 -07:00
Wladislav Wiebe 9e40127526 of: fdt: fix memory initialization for expanded DT
Already existing property flags are filled wrong for properties created from
initial FDT. This could cause problems if this DYNAMIC device-tree functions
are used later, i.e. properties are attached/detached/replaced. Simply dumping
flags from the running system show, that some initial static (not allocated via
kzmalloc()) nodes are marked as dynamic.

I putted some debug extensions to property_proc_show(..) :
..
+       if (OF_IS_DYNAMIC(pp))
+               pr_err("DEBUG: xxx : OF_IS_DYNAMIC\n");
+       if (OF_IS_DETACHED(pp))
+               pr_err("DEBUG: xxx : OF_IS_DETACHED\n");

when you operate on the nodes (e.g.: ~$ cat /proc/device-tree/*some_node*) you
will see that those flags are filled wrong, basically in most cases it will dump
a DYNAMIC or DETACHED status, which is in not true.
(BTW. this OF_IS_DETACHED is a own define for debug purposes which which just
make a test_bit(OF_DETACHED, &x->_flags)

If nodes are dynamic kernel is allowed to kfree() them. But it will crash
attempting to do so on the nodes from FDT -- they are not allocated via
kzmalloc().

Signed-off-by: Wladislav Wiebe <wladislav.kw@gmail.com>
Acked-by: Alexander Sverdlin <alexander.sverdlin@nsn.com>
Cc: stable@vger.kernel.org
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
2013-08-21 20:05:49 -05:00
Guillaume Clement 6f1e120438 gma500: Fix SDVO turning off randomly
Some Poulsbo cards seem to incorrectly report SDVO_CMD_STATUS_TARGET_NOT_SPECIFIED instead of SDVO_CMD_STATUS_PENDING, which causes the display to be turned off.

Signed-off-by: Guillaume Clement <gclement@baobob.org>
Acked-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-08-22 10:37:49 +10:00
Dave Airlie 317b07b58c Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
regression fixes and null derefs and oops fixes.

* 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
  drm/nv04/disp: fix framebuffer pin refcounting
  drm/nouveau/mc: fix race condition between constructor and request_irq()
  drm/nouveau: fix reclocking on nv40
  drm/nouveau/ltcg: fix allocating memory as free
  drm/nouveau/ltcg: fix ltcg memory initialization after suspend
  drm/nouveau/fb: fix null derefs in nv49 and nv4e init
2013-08-22 10:34:58 +10:00
Linus Torvalds d936d2d452 Bug-fixes:
- On ARM did not have balanced calls to get/put_cpu.
  - Fix to make tboot + Xen + Linux correctly.
  - Fix events VCPU binding issues.
  - Fix a vCPU online race where IPIs are sent to not-yet-online vCPU.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQEcBAABAgAGBQJSFMaJAAoJEFjIrFwIi8fJ+/0H/32rLj60FpKXcPDCvID+9p8T
 XDGnFNttsxyhuzEzetOAd0aLKYKGnUaTDZBHfgSNipGCxjMLYgz84phRmHAYEj8u
 kai1Ag1WjhZilCmImzFvdHFiUwtvKwkeBIL/cZtKr1BetpnuuFsoVnwbH9FVjMpr
 TCg6sUwFq7xRyD1azo/cTLZFeiUqq0aQLw8J72YaapdS3SztHPeDHXlPpmLUdb6+
 hiSYveJMYp2V0SW8g8eLKDJxVr2QdPEfl9WpBzpLlLK8GrNw8BEU6hSOSLzxB7z/
 hDATAuZ5iHiIEi1uGfVjOyDws2ngUhmBKUH5x5iVIZd2P5c/ffLh2ePDVWGO5RI=
 =yMuS
 -----END PGP SIGNATURE-----

Merge tag 'stable/for-linus-3.11-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull Xen bug-fixes from Konrad Rzeszutek Wilk:
 - On ARM did not have balanced calls to get/put_cpu.
 - Fix to make tboot + Xen + Linux correctly.
 - Fix events VCPU binding issues.
 - Fix a vCPU online race where IPIs are sent to not-yet-online vCPU.

* tag 'stable/for-linus-3.11-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/smp: initialize IPI vectors before marking CPU online
  xen/events: mask events when changing their VCPU binding
  xen/events: initialize local per-cpu mask for all possible events
  x86/xen: do not identity map UNUSABLE regions in the machine E820
  xen/arm: missing put_cpu in xen_percpu_init
2013-08-21 16:38:33 -07:00
Linus Torvalds 0903391acb Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Pull MIPS fix from Ralf Baechle:
 "Just a single patch which fixes a special case in the MIPS FPU
  emulator which is always required, even on CPUs with FPU.  There is
  the rare special case that an FPU (or certain other instructions) in a
  branch delay slot is causing an exception and then the branch
  instruction will need to be emulated by the kernel before resuming
  execution.  This is working great except if the branch instruction is
  an Octeon BBIT instruction.

  The boring disclaimer - all MIPS defconfigs build tested and no
  regressions and runtime tested on Octeon, no known issues"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Handle OCTEON BBIT instructions in FPU emulator.
2013-08-21 16:37:14 -07:00
Linus Torvalds 7d06bafc4a Perf backend fixes for arm64 where the user can cause kernel panic
(discovered with Vince's fuzzing tool).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
 iQIcBAABAgAGBQJSE6M4AAoJEGvWsS0AyF7x7ZQP/3A+t3bH2fn6TmxzFyRRsi2i
 YbqX+OP+iGUrtzJQ9cR/cznml0yxePqFKXp76MWvtHkS9eMIcNhyWwhJRuDEV9Rx
 8PJq2yA9eNxYjDvhA+2vtbEEsHaYdu3O+w7tMoHxaBhveeDZIgk+/5YnSuLmDE2i
 HEEW2KYjiH7ILr5YhMJNotMIwyn5xg9r2nC96bDnLN0kjB4Khlaat5bikkn6DOrN
 39EQYV8R7fJSa6t3yYXnO4DBuMrqKdsswQR+JdkQfGCFxYz+BruF+v73f+zlVEd6
 a7Ie86Mjk/Gto7MzItU6PDqLnrTg3alTxYxCJQFj5SKtYX/+vzNicmmeG90PvPUV
 KQc5rVNIYEHu05J8wTHrwZRDFlpr4mllqy6KtmcWDfqgYg5wzj139PEBL4gyw4wb
 9qWk/ti/Nezk039Oh2EV/gUuZuHe2+a/4k2lbJqy8uUqsPvQtifDM6tJS1TgExG5
 X9AGfRMVtBmQH8K/6oVc+S5sXwlddcRBviTzggpvkY6KgJL6kWOuTBla0KKHvrQc
 Ok34e3Bxk5WuUnCa5rxaAW6Ewt9HqolMqL+Bgd0tvD5WKIRvT4pBG0a7mIhzeymM
 Uh1n7FOLLfSNIVm7YU/v6yPJ8v8w+QpJtzX17VzZf1ASHj5JUh6RRoX6Rwshaplv
 q6CA672f7Q7g5sG3HwOz
 =Lajp
 -----END PGP SIGNATURE-----

Merge tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64

Pull arm64 perf fixes from Catalin Marinas:
 "Perf backend fixes for arm64 where the user can cause kernel panic
  (discovered with Vince's fuzzing tool)"

* tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
  arm64: perf: fix event validation for software group leaders
  arm64: perf: fix array out of bounds access in armpmu_map_hw_event()
2013-08-21 16:36:32 -07:00
Linus Torvalds 69bbe136a9 Fixes for ARM and aarch64.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJSEoS0AAoJEBvWZb6bTYbyE/8P/izUr1XtKBqtVuqVBMewEkeB
 SBgvJ2w681f4d+1waVAEPqWVGKHDvSOQC54sG6Y3fWHKijKGLiQhLaY3Y1WaLlO1
 B+duREwCwHaApjrpYoKhkyGQVpgyIfHBVe8d2TM9Q2bRuYNZEEcOtfdXk+Qfr6WR
 2kN+67ivJzAXvjs0uuRyJtXXq9cemcOnngsAfBlJz+j6UbiEdQ3l569D3wQU1jS2
 lUxxCEdtBDKDXkJUbTYvtJNYR48caqVXhYBTjpmY04207iSHmacUytOXO3rRA3OL
 fFhm/QeKVZND0XrJDUOMFzosWdUVdP5Qd5PtYoV/gEydNJMMpPs+dFKv+RXzrWlm
 2S2PWbFlkFT8yM+xwh6uKnLQ1aj614dkK2vKlp9GwDuwWiaod71C8ouTJvanNHGt
 pWgktFlfD+npSc3QDeXG5QB78pTSeyJfZBeVvA+U/etX+vjdfFWZ3bHMScrAE4DX
 xsdvtfamo0m9v2yZsnKzRWtCQq9No5FRb/c31w7yUzSXNBtyNR0Vft9gmiLo4HYa
 FQ0wC2UPyaKbfYtX0orpWnN3u4vaylGw2HuzK+2Mwi2HL+AMI6Piu//nrTbqb/i+
 1a6OARWvv9BQdbcuzBqznUdcllbmRl94kA5zXPvAz0dOBPQFU4X/t6dkxxH+8JFj
 mA/c2PHEyOtuFDOoqZxE
 =RlHG
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "Fixes for ARM and aarch64.

  This pull request is coming a bit later than I would have preferred,
  because I and Gleb happened to have holidays around the same weeks of
  August...  sorry about that"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: ARM: Squash len warning
  arm64: KVM: use 'int' instead of 'u32' for variable 'target' in kvm_host.h.
  arm64: KVM: add missing dsb before invalidating Stage-2 TLBs
  arm64: KVM: perform save/restore of PAR_EL1
  arm64: KVM: fix 2-level page tables unmapping
  ARM: KVM: Fix unaligned unmap_range leak
  ARM: KVM: Fix 64-bit coprocessor handling
2013-08-21 16:35:37 -07:00
Linus Torvalds da2ad2a2c3 Fixes for the sunxi (AllWinner) pin control driver.
This was a new driver in this merge window, so some
 post-merge hardening is happening.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJSCdCbAAoJEEEQszewGV1z5VIP/2BVZyUoh4bCY4ZnuacfhArI
 y83blSEfyvMAfjJfoE2a3vQBLMQpz50IhxDZ2jWIORKUVgCpcuz7FLQge+fW7YRH
 KmDjbRXaeEG2EkPCUT3xSaQx3sOgFnS5fVxa3rMgZKyfnHTQjRC654XDg0O8Ar4Q
 yiYF5BerI+k7jAA+MRUGjz7h23McEcsxf7e/mINbbzFSMdUcYDWYu/VZaM2tU1eL
 XzbG51T0jJi2NPeaezgTp9wDUV338DyYqLkJZ5ForvrvZ42g2Sm2n5w3rXV1XlEM
 zPFjJ0JxwW0YIut/wvXTMto0l+M1I+PdYqEJ8x/3gMA7OmQt2ustBLc/bTYmB7W9
 VR9J7UKmxjYCfN3SQmfYyokyKWF72ELO3C107JBo/KeVaCasjEKF1gxSHGo2d+QI
 6a5TjKbna+fh9XOVXASqJtIL7rI/6q+UIoZh/M5ENBK+7D5sk3dYvCrW60zg1gVj
 KVode0v1Uo48Xub902d68L2lmx/rt6RxHVYSd7atagGTMIpadwU0TrnDGP1IbgWc
 zuhnE+7+uGrVR63xK7MIuKJxA0CxbM6qWiSNB/6OqVaKi9t/NexhB9ujId4bTro2
 IyNDIC2Bj+BjdDm8oQxxBUUP/ozNNg2C45Zo9D39/22BIlIlYhNvUNqoXK5N3rhM
 gTBeSX7bZSUFYXXOPb+j
 =fGdI
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pinctrl fixes from Linus Walleij:
 "Fixes for the sunxi (AllWinner) pin control driver.  This was a new
  driver in this merge window, so some post-merge hardening is
  happening"

[ I had completely missed this pull request for some reason, it was sent
  over a week ago but my mailbox is chaotic ]

* tag 'pinctrl-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sunxi: Add spinlocks
  pinctrl: sunxi: Fix gpio_set behaviour
  pinctrl: sunxi: Read register before writing to it in irq_set_type
2013-08-21 16:33:37 -07:00
Roland Dreier 35dc248383 [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal
There is a nasty bug in the SCSI SG_IO ioctl that in some circumstances
leads to one process writing data into the address space of some other
random unrelated process if the ioctl is interrupted by a signal.
What happens is the following:

 - A process issues an SG_IO ioctl with direction DXFER_FROM_DEV (ie the
   underlying SCSI command will transfer data from the SCSI device to
   the buffer provided in the ioctl)

 - Before the command finishes, a signal is sent to the process waiting
   in the ioctl.  This will end up waking up the sg_ioctl() code:

		result = wait_event_interruptible(sfp->read_wait,
			(srp_done(sfp, srp) || sdp->detached));

   but neither srp_done() nor sdp->detached is true, so we end up just
   setting srp->orphan and returning to userspace:

		srp->orphan = 1;
		write_unlock_irq(&sfp->rq_list_lock);
		return result;	/* -ERESTARTSYS because signal hit process */

   At this point the original process is done with the ioctl and
   blithely goes ahead handling the signal, reissuing the ioctl, etc.

 - Eventually, the SCSI command issued by the first ioctl finishes and
   ends up in sg_rq_end_io().  At the end of that function, we run through:

	write_lock_irqsave(&sfp->rq_list_lock, iflags);
	if (unlikely(srp->orphan)) {
		if (sfp->keep_orphan)
			srp->sg_io_owned = 0;
		else
			done = 0;
	}
	srp->done = done;
	write_unlock_irqrestore(&sfp->rq_list_lock, iflags);

	if (likely(done)) {
		/* Now wake up any sg_read() that is waiting for this
		 * packet.
		 */
		wake_up_interruptible(&sfp->read_wait);
		kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
		kref_put(&sfp->f_ref, sg_remove_sfp);
	} else {
		INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext);
		schedule_work(&srp->ew.work);
	}

   Since srp->orphan *is* set, we set done to 0 (assuming the
   userspace app has not set keep_orphan via an SG_SET_KEEP_ORPHAN
   ioctl), and therefore we end up scheduling sg_rq_end_io_usercontext()
   to run in a workqueue.

 - In workqueue context we go through sg_rq_end_io_usercontext() ->
   sg_finish_rem_req() -> blk_rq_unmap_user() -> ... ->
   bio_uncopy_user() -> __bio_copy_iov() -> copy_to_user().

   The key point here is that we are doing copy_to_user() on a
   workqueue -- that is, we're on a kernel thread with current->mm
   equal to whatever random previous user process was scheduled before
   this kernel thread.  So we end up copying whatever data the SCSI
   command returned to the virtual address of the buffer passed into
   the original ioctl, but it's quite likely we do this copying into a
   different address space!

As suggested by James Bottomley <James.Bottomley@hansenpartnership.com>,
add a check for current->mm (which is NULL if we're on a kernel thread
without a real userspace address space) in bio_uncopy_user(), and skip
the copy if we're on a kernel thread.

There's no reason that I can think of for any caller of bio_uncopy_user()
to want to do copying on a kernel thread with a random active userspace
address space.

Huge thanks to Costa Sapuntzakis <costa@purestorage.com> for the
original pointer to this bug in the sg code.

Signed-off-by: Roland Dreier <roland@purestorage.com>
Tested-by: David Milburn <dmilburn@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-08-21 10:58:35 -07:00
Anton Blanchard f5944daa0a [SCSI] lpfc: Don't force CONFIG_GENERIC_CSUM on
We want ppc64 to be able to select between optimised assembly
checksum routines in big endian and the generic lib/checksum.c
routines in little endian.

The lpfc driver is forcing CONFIG_GENERIC_CSUM on which means
we are unable to make the decision to enable it in the arch
Kconfig. If the option exists it is always forced on.

This got introduced in 3.10 via commit 6a7252fdb0 ([SCSI] lpfc:
fix up Kconfig dependencies). I spoke to Randy about it and
the original issue was with CRC_T10DIF not being defined.

As such, remove the select of CONFIG_GENERIC_CSUM.

Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: <stable@vger.kernel.org> # 3.10
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2013-08-21 10:54:20 -07:00
Mark Brown 7f242bd889 Merge remote-tracking branch 'regmap/fix/rbtree' into regmap-linus 2013-08-21 17:08:17 +01:00
Mark Brown 4ff98c9eb8 Merge remote-tracking branch 'regmap/fix/header' into regmap-linus 2013-08-21 17:08:17 +01:00
David Jander 4e67fb5f5e regmap: rbtree: Fix overlapping rbnodes.
Avoid overlapping register regions by making the initial blklen of a new
node 1. If a register write occurs to a yet uncached register, that is
lower than but near an existing node's base_reg, a new node is created
and it's blklen is set to an arbitrary value (sizeof(*rbnode)). That may
cause this node to overlap with another node. Those nodes should be merged,
but this merge doesn't happen yet, so this patch at least makes the initial
blklen small enough to avoid hitting the wrong node, which may otherwise
lead to severe breakage.

Signed-off-by: David Jander <david@protonic.nl>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
2013-08-21 17:03:54 +01:00
Simon Wunderlich 75a423f493 mac80211: ibss: fix ignored channel parameter
my earlier patch "mac80211: change IBSS channel state to chandef"
created a regression by ignoring the channel parameter in
__ieee80211_sta_join_ibss, which breaks IBSS channel selection. This
patch fixes this situation by using the right channel and adopting the
selected bandwidth mode.

Cc: stable@vger.kernel.org
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-08-21 15:33:08 +02:00
Ben Hutchings f3851b0acc sfc: Fix lookup of default RX MAC filters when steered using ethtool
commit 385904f819 ('sfc: Don't use
efx_filter_{build,hash,increment}() for default MAC filters') used the
wrong name to find the index of default RX MAC filters at insertion/
update time.  This could result in memory corruption and would in any
case silently fail to update the filter.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
2013-08-21 14:18:12 +01:00
Felix Fietkau 2dfca312a9 mac80211: add a flag to indicate CCK support for HT clients
brcm80211 cannot handle sending frames with CCK rates as part of an
A-MPDU session. Other drivers may have issues too. Set the flag in all
drivers that have been tested with CCK rates.

This fixes a reported brcmsmac regression introduced in
commit ef47a5e4f1
"mac80211/minstrel_ht: fix cck rate sampling"

Cc: stable@vger.kernel.org # 3.10
Reported-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-08-21 15:03:25 +02:00