Commit Graph

322186 Commits

Author SHA1 Message Date
Matthias Kaehlcke f3d9d365ff ti-st: Fix check for pdata->chip_awake function pointer
ll_device_want_to_wakeup(): Fix the NULL pointer check on pdata->chip_awake,
which is performed on the wrong function pointer

Signed-off-by: Matthias Kaehlcke <matthias@kaehlcke.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 12:32:34 -07:00
Axel Lin 95d1c8c7e2 iio: lm3533-als: Fix build warnings
Fix below build warnings:
  CC [M]  drivers/iio/light/lm3533-als.o
drivers/iio/light/lm3533-als.c:667:8: warning: initialization from incompatible pointer type [enabled by default]
drivers/iio/light/lm3533-als.c:667:8: warning: (near initialization for 'dev_attr_in_illuminance0_thresh_either_en.show') [enabled by default]
drivers/iio/light/lm3533-als.c:667:8: warning: initialization from incompatible pointer type [enabled by default]
drivers/iio/light/lm3533-als.c:667:8: warning: (near initialization for 'dev_attr_in_illuminance0_thresh_either_en.store') [enabled by default]

Signed-off-by: Axel Lin <axel.lin@gmail.com>
2012-08-16 20:24:38 +01:00
Lars-Peter Clausen 70e01880a9 staging:iio:ad7780: Mark channels as unsigned
The values reported by the AD7780 are unsigned with a binary offset:

	0x000000 is negative fullscale
	0x800000 is zeroscale
	0xffffff is positive fullscale

So mark the channel in the channel spec as unsigned rather than signed.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:37 +01:00
Lars-Peter Clausen 4fcbcf95b7 staging:iio:ad7192: Report offset and scale for temperature channel
The temperature channel reports values in degree Kelvin with sensitivity of 5630
codes per degree. If the chip is configured in bipolar mode there is an
additional binary offset of 0x800000 and the sensitivity is divided by two.

Currently the driver does the mapping from the raw value to degree Celsius when
doing a manual conversion. This has several disadvantages, the major one being
that it does not work for buffered mode, also by doing the division by the
sensitivity in the driver the precession of the reported value is needlessly
reduced.

Furthermore the current calculation only works in bipolar mode and the current
scale is of by a factor of 1000.

This patch modifies the driver to report correct offset and scale values in
both unipolar and bipolar mode and to report the raw temperature value
for manual conversions.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:37 +01:00
Lars-Peter Clausen 58cdff6ee7 staging:iio:ad7192: Report channel offset
In bipolar mode there is a a binary offset of 2**(N-1) (with N being the number
of bits) on the reported value. Currently this value is subtracted when doing a
manual read. While this works for manual channel readings it does not work for
buffered mode. So report the offset in the channels offset property, which will
work in both modes.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
2012-08-16 20:24:37 +01:00
Lars-Peter Clausen a684a0c711 staging:iio:ad7192: Mark channels as unsigned
The values reported by the AD7793 are unsigned.
	In uniploar mode:
			0x000000 is zeroscale
			0xffffff is fullscale
	In bipolar mode:
			0x000000 is negative fullscale
			0x800000 is zeroscale
			0xffffff is positive fullscale

In bipolar mode there is a binary offset, but the values are still unsigned.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:36 +01:00
Lars-Peter Clausen 74aa933894 staging:iio:ad7192: Fix setting ACX
Write to the correct register when setting the ACX bit.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:35 +01:00
Lars-Peter Clausen f09906f43b staging:iio:ad7192: Add missing break in switch statement
Without the break statement we fall right through to the default case and return
an error value.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:35 +01:00
Lars-Peter Clausen 87a0c1574d staging:iio:ad7793: Fix internal reference value
The internal reference for the ad7793 and similar is 1.17V

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:35 +01:00
Lars-Peter Clausen 08ca3b7850 staging:iio:ad7793: Follow new IIO naming spec
Make the "in-in_scale_available" attribute follow the new naming spec and
rename it to "in_voltage-voltage_scale_available".

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:35 +01:00
Lars-Peter Clausen 2a9e0662f6 staging:iio:ad7793: Fix temperature scale and offset
The temperature channel uses the internal 1.17V reference with 0.81 mv/C. The
reported temperature is in Kevlin, so we need to add the Kelvin to Celcius
offset when reporting the offset for the temperature channel.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:34 +01:00
Lars-Peter Clausen 680f8ea0e8 staging:iio:ad7793: Report channel offset
In bipolar mode there is a a binary offset of 2**(N-1) (with N being the number
of bits) on the reported value. Currently this value is subtracted when doing a
manual read. While this works for manual channel readings it does not work for
buffered mode. So report the offset in the channels offset property, which will
work in both modes.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:34 +01:00
Lars-Peter Clausen e83539092c staging:iio:ad7793: Mark channels as unsigned
The values reported by the AD7793 are unsigned.
	In uniploar mode:
			0x000000 is zeroscale
			0xffffff is fullscale
	In bipolar mode:
			0x000000 is negative fullscale
			0x800000 is zeroscale
			0xffffff is positive fullscale

In bipolar mode there is a binary offset, but the values are still unsigned.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:34 +01:00
Lars-Peter Clausen 421afe5805 staging:iio:ad7793: Add missing break in switch statement
Without the break statement we fall right through to the default case and return
an error value.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:33 +01:00
Alexey Khoroshilov 1c795ebd00 iio/adjd_s311: Fix potential memory leak in adjd_s311_update_scan_mode()
Do not leak memory by updating pointer with potentially NULL realloc return value.
There is no need to preserve data in the buffer,
so replace krealloc() by kfree()-kmalloc() pair.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Peter Meerwald <pmeerw@pmeerw.net>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:33 +01:00
Michael Hennerich 8857df3ace iio: frequency: ADF4350: Fix potential reference div factor overflow.
With small channel spacing values and high reference frequencies it is
possible to exceed the range of the 10-bit counter.
Workaround by checking the range and widening some constrains.

We don't use the REG1_PHASE value in this case the datasheet recommends to set
it to 1 if not used.

Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:33 +01:00
Michael Hennerich dfffd0d65f iio: staging: ad7298_ring: Fix maybe-uninitialized warning
drivers/staging/iio/adc/ad7298_ring.c:97:37: warning: 'time_ns' may
be used uninitialized in this function [-Wmaybe-uninitialized]

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2012-08-16 20:24:32 +01:00
Jason Wessel 38f8eefccf pmac_zilog,kdb: Fix console poll hook to return instead of loop
kdb <-> kgdb transitioning does not work properly with this UART
driver because the get character routine loops indefinitely as opposed
to returning NO_POLL_CHAR per the expectation of the KDB I/O driver
API.

The symptom is a kernel hang when trying to switch debug modes.

Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 12:20:20 -07:00
Huang Shijie 0059202101 serial: mxs-auart: fix the wrong RTS hardware flow control
Without checking if the auart supports the hardware flow control or not,
the old mxs_auart_set_mctrl() asserted the RTS pin blindly.

This will causes the auart receives wrong data in the following case:
   The far-end has already started the write operation, and wait for
the auart asserts the RTS pin. Then the auart starts the read operation,
but mxs_auart_set_mctrl() may be called before we set the RTSCTS in the
mxs_auart_settermios(). So the RTS pin is asserted in a wrong situation,
and we get the wrong data in the end.

This bug has been catched when I connect the mx23(DTE) to the mx53(DCE).

This patch also replaces the AUART_CTRL2_RTS with AUART_CTRL2_RTSEN.
We should use the real the hardware flow control, not the software-controled
hardware flow control.

Signed-off-by: Huang Shijie <b32955@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 12:15:33 -07:00
Ian Kent a45440f05e autofs4 - fix get_next_positive_subdir()
Following a report of a crash during an automount expire I found that
the locking in fs/autofs4/expire.c:get_next_positive_subdir() was wrong.
Not only is the locking wrong but the function is more complex than it
needs to be.

The function is meant to calculate (and dget) the next entry in the list
of directories contained in the root of an autofs mount point (an autofs
indirect mount to be precise). The main problem was that the d_lock of
the owner of the list was not being taken when walking the list, which
lead to list corruption under load. The only other lock that needs to
be taken is against the next dentry candidate so it can be checked for
usability.

Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-16 11:58:28 -07:00
Linus Torvalds 63ca5f1d17 VFIO for v3.6-rc1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQIVvKAAoJECObm247sIsiSv0P/3vTTHqBHhhw9ZAcO+K6xyjo
 kccytHuMko1+H+J8G2ovvC1YMZzPF/bp81yTDv+H5xjYEHaE5iDRz91X4x+0oP/z
 qAYYdOfufWAXNJqlHL6xNtYKMTnK0jrtqTYkkeKRZbbdyEkvEa0cLbJpHWB16IDW
 jECk1sTmVlCifYiN9cgV8GyNOenXM7/fEtnpsbB1kzmAtBW7sXCEzA2KiEuvtL7S
 Nnjzchu3lvXkGg26qF9zv5qAj4nMOY8uDsQNNJtCxfbWjdG2W5PylqHjeUbE/g95
 C3Kxrw9QZsM8zY/9KO/gGxpQ0S9zMiX9999ySFJtIdy0vcTxlXI5kzJRgiJRlw/y
 KhiKrD3lr0Vlf4vb4YaDAeN07VEsXOthH5kkgswK7rfXwAFhhjub/ezn8xePR8/2
 tbA9C+koMQTc5AbifbNhEGz+Qzjc5HqislM5zeGAL8wHTsgi9yQYjH1AWljM3dAU
 ST/Gqe6rHIXpgrL1YSY0MTpVwaOXpokILVcOcnPpY3HcgatrQMRhNSqdxGMWygmA
 NUbfL79kHYVmlkaPIsEymh9tx0wuDe0KyC/hzxm/dWB4MRGzE9AhMc6Hj4N5gXQY
 H8qbMA5nPV4kS1xZNUc7wRK9YxRbCi7NKVoQba89yR3PBWwceSnGdKMA57G82gOm
 uwe5wfAkno1KCk/m3zXk
 =fUJz
 -----END PGP SIGNATURE-----

Merge tag 'vfio-for-v3.6-rc1' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Just a trivial patch to include vfio.h in the installed headers so we
  can complete userspace integration into QEMU."

* tag 'vfio-for-v3.6-rc1' of git://github.com/awilliam/linux-vfio:
  vfio: Include vfio.h in installed headers
2012-08-16 11:47:42 -07:00
Linus Torvalds 2eac9eb8a2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse updates from Miklos Szeredi.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: verify all ioctl retry iov elements
  fuse: add missing INIT flag descriptions
  fuse: add missing INIT flags
  fuse: update attributes on aio_read
  fuse: invalidate inode mapping if mtime changes
  fuse: add FUSE_AUTO_INVAL_DATA init flag
2012-08-16 11:46:31 -07:00
Linus Torvalds ad54e46113 Fix:
* On machines with large MMIO/PCI E820 spaces we fail to boot b/c
    we failed to pre-allocate large enough virtual space for extend_brk.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJQKlV9AAoJEFjIrFwIi8fJZh4H/0ZlRrgG+8mqwCM+pcyYY+2a
 zqnOrfYUO/aO26oqiOQUrn4quLAElhBuJK19uSj8fckMMZ+sr5rTJTaXmT6b7F7N
 pgTXsKQCYAJ2NNGHVSQ73KYjOUeEW3woDSQZo0y/GRzOjiQsxpoFc8PS94ZieUNT
 G6a8ECZBRv3fz8nAuJlhGV/suqHGOLJ0pwum1gHGOzaH3ZoZVtaQv5LhGYctJspU
 yF5bdeD0qjCbseVtJ72tyxzLxMwLpJtdy2MbSwIv5JGuszj0nRmL4oa7Vc4vYdyv
 p+FrNmbDAZ1j61z1PhBZPmgzwba2LTXtIWhR2zsGJgqlJNzMUtlNkff1kT3NeE0=
 =Gl6V
 -----END PGP SIGNATURE-----

Merge tag 'stable/for-linus-3.6-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen

Pull Xen fix from Konrad Rzeszutek Wilk:
 "Way back in v3.5 we added a mechanism to populate back pages that were
  released (they overlapped with MMIO regions), but neglected to reserve
  the proper amount of virtual space for extend_brk to work properly.

  Coincidentally some other commit aligned the _brk space to larger area
  so I didn't trigger this until it was run on a machine with more than
  2GB of MMIO space."

 * On machines with large MMIO/PCI E820 spaces we fail to boot b/c
   we failed to pre-allocate large enough virtual space for extend_brk.

* tag 'stable/for-linus-3.6-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/p2m: Reserve 8MB of _brk space for P2M leafs when populating back.
2012-08-16 11:31:59 -07:00
Linus Torvalds 15a063f78e SuperH fixes for 3.6-rc2
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iEYEABECAAYFAlAjO/cACgkQGkmNcg7/o7hL1ACfWc3ms6deAxu93JENE+doDdcQ
 fWMAnAy4/8VYhmJKWetNPD/KM0I5Uo6C
 =msmm
 -----END PGP SIGNATURE-----

Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh

Pull SuperH fixes from Paul Mundt.

* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
  sh: intc: Handle domain association for sparseirq pre-allocated vectors.
  sh: sh7269: Fix LCD pinmux
  sh: dma: fix request_irq usage
2012-08-16 11:31:29 -07:00
Dan Williams 1dd8372d35 MAINTAINERS: update address for Dan Williams
Moved to djbw@fb.com

Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Vinod Koul <vinod.koul@linux.intel.com>
Signed-off-by: Dan Williams <djbw@fb.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-16 11:28:57 -07:00
Tim Gardner e74f7fc5d8 staging: comedi: usbduxfast: Declare MODULE_FIRMWARE usage
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: Mori Hess <fmhess@users.sourceforge.net>
Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
Cc: Ravishankar Karkala Mallikarjunayya <ravishankar.km@greenturtles.in>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 11:28:36 -07:00
Tim Gardner 1e1ccc3ad6 staging: comedi: usbdux: Declare MODULE_FIRMWARE usage
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: Mori Hess <fmhess@users.sourceforge.net>
Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 11:28:35 -07:00
Tim Gardner a1d95cfc07 staging: comedi: usbduxsigma: Declare MODULE_FIRMWARE usage
Cc: Ian Abbott <abbotti@mev.co.uk>
Cc: Mori Hess <fmhess@users.sourceforge.net>
Cc: Bernd Porr <berndporr@f2s.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: H Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 11:28:35 -07:00
Borislav Petkov 2a95e37c12 scripts/decodecode: Fixup trapping instruction marker
When dumping "Code: " sections from an oops, the trapping instruction
%rip points to can be a string copy

  2b:*  f3 a5                   rep movsl %ds:(%rsi),%es:(%rdi)

and the line contain a bunch of ":".  Current "cut" selects only the and
the second field output looks funnily overlaid this:

  2b:*  f3 a5                   rep movsl %ds     <-- trapping instruction:(%rsi),%es:(%rdi

Fix this by selecting the remaining fields too.

Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-08-16 11:15:09 -07:00
Linus Torvalds 2b014fcc7d Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull two slave-dmaengine fixes from Vinod Koul:
 "One fixes the correct use of clock API in imx driver and the other
  enables clock for tegra driver, which is used for other tegra driver
  conversion to dmanegine in -next."

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  dma: tegra: enable/disable dma clock
  dma: imx-dma: Fix kernel crash due to missing clock conversion
2012-08-16 11:13:16 -07:00
Linus Torvalds d3b8e0dc82 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull more drm fixes from Dave Airlie:
 "Just some intel and nouveau ones this time, intel has more edp panel
  fixes for macbooks and nouveau has a suspend/resume regression fix in
  there."

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/i915: Apply post-sync write for pipe control invalidates
  drm/i915: reorder edp disabling to fix ivb MacBook Air
  drm/nv86/fifo: suspend fix
  drm/nouveau: disable copy engine on NVAF
  nouveau: fixup scanout enable in nvc0_pm
  drm/nouveau/aux: mask off higher bits of auxch index in i2c table entry
  drm/nvd0/disp: mask off high 16 bit of negative cursor x-coordinate
  drm/i915: ensure i2c adapter is all set before adding it
  drm/i915: ignore eDP bpc settings from vbt
  drm/i915: Fix blank panel at reopening lid
  drm/nve0/fifo: add support for the flip completion swmthd
2012-08-16 11:08:32 -07:00
Tomas Winkler a2f6985332 mei: add mei_quirk_probe function
The main purpose of this function is to exclude ME devices
without support for MEI/HECI interface from binding

Currently affected systems are C600/X79 based servers
that expose PCI device even though it doesn't supported ME Interface.
MEI driver accessing such nonfunctional device can corrupt
the system.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 10:54:01 -07:00
Sage Weil 62b2ce964b vfs: fix propagation of atomic_open create error on negative dentry
If ->atomic_open() returns -ENOENT, we take care to return the create
error (e.g., EACCES), if any.  Do the same when ->atomic_open() returns 1
and provides a negative dentry.

This fixes a regression where an unprivileged open O_CREAT fails with
ENOENT instead of EACCES, introduced with the new atomic_open code.  It
is tested by the open/08.t test in the pjd posix test suite, and was
observed on top of fuse (backed by ceph-fuse).

Signed-off-by: Sage Weil <sage@inktank.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2012-08-16 19:29:09 +02:00
Axel Lin 7b7e995d69 extcon: extcon_gpio: Replace gpio_request_one by devm_gpio_request_one
commit 01eaf24 "extcon: Convert extcon_gpio to devm_gpio_request_one"
missed the replacement for devm_gpio_request_one. fix it.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 10:29:08 -07:00
Jim Cromie af7f2158fd drivers-core: make structured logging play nice with dynamic-debug
commit c4e00daaa9 changed __dev_printk
in a way that broke dynamic-debug's ability to control the dynamic
prefix of dev_dbg(dev,..), but not dev_dbg(NULL,..) or pr_debug(..),
which is why it wasnt noticed sooner.

When dev==NULL, __dev_printk() just calls printk(), which just works.
But otherwise, it assumed that level was always a string like "<L>"
and just plucked out the 'L', ignoring the rest.  However,
dynamic_emit_prefix() adds "[tid] module:func:line:" to the string,
those additions all got lost.

Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Acked-by: Jason Baron <jbaron@redhat.com>
Cc: stable <stable@vger.kernel.org>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 10:20:53 -07:00
Dan Williams 731879f8e3 USB: qcserial: fix port handling on Gobi 1K and 2K+
Bjorn's latest patchset does break Gobi 1K and 2K because on both
devices as it claims usb interface 0.  That's because usbif 0 is not
handled in the switch statement, and thus the if0 gets claimed when it
should not.  So let's just make things even simpler yet, and handle both
the 1K and 2K+ cases separately.  This patch should not affect the new
Sierra device support, because those devices are matched via
interface-specific matching and thus should never hit the composite
code.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Tested-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 09:48:03 -07:00
Tomas Winkler 3e83095517 mei: fix device stall after wd is stopped
After watchdog was disabled the driver would stall
due to wrong calculation of credits reduction

The cat&paste bug was introduced in the commit
7bdf72d3d8
mei: introduce mei_data2slots wrapper

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-08-16 09:44:52 -07:00
Roland Dreier c0369b296e Merge branches 'cma', 'ipoib', 'misc', 'mlx4', 'ocrdma', 'qib' and 'srp' into for-next 2012-08-16 09:38:39 -07:00
Kleber Sacilotto de Souza a0675a386a IB/mlx4: Check iboe netdev pointer before dereferencing it
Unlike other parts of the mlx4_ib code, the function build_mlx_header()
doesn't check if the iboe netdev of the given port is valid before
dereferencing it, which can cause a crash if the ethernet interface
has already been taken down.

Fix this by checking for a valid netdev pointer before using it to get
the port MAC address.

Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
2012-08-16 09:38:19 -07:00
David Henningsson 5e68fb3cab ALSA: hda - Don't send invalid volume knob command on IDT 92hd75bxx
Instead of blindly initializing a volume knob widget, first check
that there actually is a volume knob widget.

Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-16 14:14:56 +02:00
Pablo Neira Ayuso 2614f86490 netfilter: nf_ct_expect: fix possible access to uninitialized timer
In __nf_ct_expect_check, the function refresh_timer returns 1
if a matching expectation is found and its timer is successfully
refreshed. This results in nf_ct_expect_related returning 0.
Note that at this point:

- the passed expectation is not inserted in the expectation table
  and its timer was not initialized, since we have refreshed one
  matching/existing expectation.

- nf_ct_expect_alloc uses kmem_cache_alloc, so the expectation
  timer is in some undefined state just after the allocation,
  until it is appropriately initialized.

This can be a problem for the SIP helper during the expectation
addition:

 ...
 if (nf_ct_expect_related(rtp_exp) == 0) {
         if (nf_ct_expect_related(rtcp_exp) != 0)
                 nf_ct_unexpect_related(rtp_exp);
 ...

Note that nf_ct_expect_related(rtp_exp) may return 0 for the timer refresh
case that is detailed above. Then, if nf_ct_unexpect_related(rtcp_exp)
returns != 0, nf_ct_unexpect_related(rtp_exp) is called, which does:

 spin_lock_bh(&nf_conntrack_lock);
 if (del_timer(&exp->timeout)) {
         nf_ct_unlink_expect(exp);
         nf_ct_expect_put(exp);
 }
 spin_unlock_bh(&nf_conntrack_lock);

Note that del_timer always returns false if the timer has been
initialized.  However, the timer was not initialized since setup_timer
was not called, therefore, the expectation timer remains in some
undefined state. If I'm not missing anything, this may lead to the
removal an unexistent expectation.

To fix this, the optimization that allows refreshing an expectation
is removed. Now nf_conntrack_expect_related looks more consistent
to me since it always add the expectation in case that it returns
success.

Thanks to Patrick McHardy for participating in the discussion of
this patch.

I think this may be the source of the problem described by:
http://marc.info/?l=netfilter-devel&m=134073514719421&w=2

Reported-by: Rafal Fitt <rafalf@aplusc.com.pl>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-08-16 11:49:53 +02:00
NeilBrown 667a5313ec md: Don't truncate size at 4TB for RAID0 and Linear
commit 27a7b260f7
   md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.

changed 0.90 metadata handling to truncated size to 4TB as that is
all that 0.90 can record.
However for RAID0 and Linear, 0.90 doesn't need to record the size, so
this truncation is not needed and causes working arrays to become too small.

So avoid the truncation for RAID0 and Linear

This bug was introduced in 3.1 and is suitable for any stable kernels
from then onwards.
As the offending commit was tagged for 'stable', any stable kernel
that it was applied to should also get this patch.  That includes
at least 2.6.32, 2.6.33 and 3.0. (Thanks to Ben Hutchings for
providing that list).

Cc: stable@vger.kernel.org
Signed-off-by: Neil Brown <neilb@suse.de>
2012-08-16 16:46:12 +10:00
Takashi Iwai e9ba389c5f ALSA: usb-audio: Fix scheduling-while-atomic bug in PCM capture stream
A PCM capture stream on usb-audio causes a scheduling-while-atomic
BUG, as reported in the bugzilla entry below.  It's because
snd_usb_endpoint_start() is called at first at trigger START for a
capture stream, and this function contains the left-over EP
deactivation codes.  The problem doesn't happen for a playback stream
because the function is called at PCM prepare time, which can sleep.

This patch fixes the BUG by moving the EP deactivation code into the
PCM prepare callback.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=46011
Cc: <stable@vger.kernel.org> [v3.5+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-16 08:04:07 +02:00
Mathias Krause 43da5f2e0d net: fix info leak in compat dev_ifconf()
The implementation of dev_ifconf() for the compat ioctl interface uses
an intermediate ifc structure allocated in userland for the duration of
the syscall. Though, it fails to initialize the padding bytes inserted
for alignment and that for leaks four bytes of kernel stack. Add an
explicit memset(0) before filling the structure to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 2d8a041b7b ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
__ip_vs_get_timeouts() to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Wensong Zhang <wensong@linux-vs.org>
Cc: Simon Horman <horms@verge.net.au>
Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 7b07f8eb75 dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)
The CCID3 code fails to initialize the trailing padding bytes of struct
tfrc_tx_info added for alignment on 64 bit architectures. It that for
potentially leaks four bytes kernel stack via the getsockopt() syscall.
Add an explicit memset(0) before filling the structure to avoid the
info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 276bdb82de dccp: check ccid before dereferencing
ccid_hc_rx_getsockopt() and ccid_hc_tx_getsockopt() might be called with
a NULL ccid pointer leading to a NULL pointer dereference. This could
lead to a privilege escalation if the attacker is able to map page 0 and
prepare it with a fake ccid_ops pointer.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 3592aaeb80 llc: fix info leak via getsockname()
The LLC code wrongly returns 0, i.e. "success", when the socket is
zapped. Together with the uninitialized uaddrlen pointer argument from
sys_getsockname this leads to an arbitrary memory leak of up to 128
bytes kernel stack via the getsockname() syscall.

Return an error instead when the socket is zapped to prevent the info
leak. Also remove the unnecessary memset(0). We don't directly write to
the memory pointed by uaddr but memcpy() a local structure at the end of
the function that is properly initialized.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 04d4fbca10 l2tp: fix info leak via getsockname()
The L2TP code for IPv6 fails to initialize the l2tp_unused member of
struct sockaddr_l2tpip6 and that for leaks two bytes kernel stack via
the getsockname() syscall. Initialize l2tp_unused with 0 to avoid the
info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00
Mathias Krause 792039c73c Bluetooth: L2CAP - Fix info leak via getsockname()
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-15 21:36:31 -07:00