GitHub/LineageOS/android_kernel_motorola_exynos9610.git
12 years agoCIFS: Move set_file_info to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:32 +0000 (16:20 -0700)]
CIFS: Move set_file_info to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for set_file_size
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:32 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for set_file_size

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move set_file_size to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:31 +0000 (16:20 -0700)]
CIFS: Move set_file_size to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for hardlink operation
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:31 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for hardlink operation

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move hardlink to ops struct
Steve French [Tue, 18 Sep 2012 23:20:31 +0000 (16:20 -0700)]
CIFS: Move hardlink to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for rename operation
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:31 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for rename operation

Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move rename to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:30 +0000 (16:20 -0700)]
CIFS: Move rename to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Enable signing in SMB2
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:30 +0000 (16:20 -0700)]
CIFS: Enable signing in SMB2

Use hmac-sha256 and rather than hmac-md5 that is used for CIFS/SMB.

Signature field in SMB2 header is 16 bytes instead of 8 bytes.

Automatically enable signing by client when requested by the server
when signing ability is available to the client.

Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add writepage support for SMB2
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:30 +0000 (16:20 -0700)]
CIFS: Add writepage support for SMB2

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move writepage to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:30 +0000 (16:20 -0700)]
CIFS: Move writepage to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add readpage support for SMB2
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:30 +0000 (16:20 -0700)]
CIFS: Add readpage support for SMB2

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move readpage code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:29 +0000 (16:20 -0700)]
CIFS: Move readpage code to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for cifs_iovec_write
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:29 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for cifs_iovec_write

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
12 years agoCIFS: Move async write to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:29 +0000 (16:20 -0700)]
CIFS: Move async write to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for cifs_iovec_read
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:29 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for cifs_iovec_read

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move async read to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:28 +0000 (16:20 -0700)]
CIFS: Move async read to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 r/wsize negotiating
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:28 +0000 (16:20 -0700)]
CIFS: Add SMB2 r/wsize negotiating

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move r/wsize negotiating to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:28 +0000 (16:20 -0700)]
CIFS: Move r/wsize negotiating to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for flush
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:28 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for flush

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Make flush code use ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:27 +0000 (16:20 -0700)]
CIFS: Make flush code use ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move reopen code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:27 +0000 (16:20 -0700)]
CIFS: Move reopen code to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move create code use ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:27 +0000 (16:20 -0700)]
CIFS: Move create code use ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for query_file_info
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:27 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for query_file_info

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move guery file info code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:26 +0000 (16:20 -0700)]
CIFS: Move guery file info code to ops struct

and make cifs_get_file_info(_unix) calls static.

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add open/close file support for SMB2
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:26 +0000 (16:20 -0700)]
CIFS: Add open/close file support for SMB2

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move close code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:26 +0000 (16:20 -0700)]
CIFS: Move close code to ops struct

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move open code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:26 +0000 (16:20 -0700)]
CIFS: Move open code to ops struct

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Replace netfid with cifs_fid struct in cifsFileInfo
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:26 +0000 (16:20 -0700)]
CIFS: Replace netfid with cifs_fid struct in cifsFileInfo

This is help us to extend the code for future protocols that can use
another fid mechanism (as SMB2 that has it divided into two parts:
persistent and violatile).

Also rename variables and refactor the code around the changes.

Reviewed-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Add SMB2 support for unlink
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:25 +0000 (16:20 -0700)]
CIFS: Add SMB2 support for unlink

Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoCIFS: Move unlink code to ops struct
Pavel Shilovsky [Tue, 18 Sep 2012 23:20:25 +0000 (16:20 -0700)]
CIFS: Move unlink code to ops struct

Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile
Linus Torvalds [Mon, 24 Sep 2012 23:17:17 +0000 (16:17 -0700)]
Merge git://git./linux/kernel/git/cmetcalf/linux-tile

Pull tile gxio ABI fix from Chris Metcalf:
 "This fixes a last-minute change in the Tilera hypervisor ABI for TRIO
  (PCI root complex) support.  We've locked in this ABI going forward
  and will make sure no further ABI changes like this occur."

* git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
  tile: gxio iorpc numbering change for TRIO interface

12 years agoMerge tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio
Linus Torvalds [Mon, 24 Sep 2012 23:16:33 +0000 (16:16 -0700)]
Merge tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio

Pull vfio fixes from Alex Williamson:
 "VFIO doc update and virqfd race fix"

* tag 'vfio-for-linus' of git://github.com/awilliam/linux-vfio:
  vfio: Fix virqfd release race
  vfio: Trivial Documentation correction

12 years agoMerge tag 'stable/for-linus-3.6-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Mon, 24 Sep 2012 23:14:34 +0000 (16:14 -0700)]
Merge tag 'stable/for-linus-3.6-rc7-tag' of git://git./linux/kernel/git/konrad/xen

Pull a Xen fix from Konrad Rzeszutek Wilk:
 "It is a bug-fix when we run the initial PV guest on a AMD K8 machine
  and have CONFIG_AMD_NUMA enabled and detect the NUMA topology from the
  Northbridge.

  We end up in the situation where the initial domain gets too much
  information and gets confused and crashes - the fix is to restrict the
  domain to get the information - and we do it by just disabling NUMA on
  the PV guest (the hypervisor is still able to do its proper NUMA
  allocations of guests).

  It is OK to disable the PV guest from accessing NUMA data as right now
  we do not inject any NUMA node information to the PV guests.  When we
  do get to that point, then this patch will have to be reverted."

 * Disable PV NUMA support as we do not do anything with it (yet) and it
   can cause bootup crashes on certain AMD machines.

* tag 'stable/for-linus-3.6-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/boot: Disable NUMA for PV guests.

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Mon, 24 Sep 2012 23:13:49 +0000 (16:13 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client

Pull two ceph fixes from Sage Weil:
 "The first fixes a leak in the rbd setup error path, and the second
  fixes a more serious problem with mismatched kmap/kunmap that surfaced
  after the recent refactoring work."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  libceph: only kunmap kmapped pages
  rbd: drop dev reference on error in rbd_open()

12 years agotile: gxio iorpc numbering change for TRIO interface
Chris Metcalf [Mon, 24 Sep 2012 18:57:58 +0000 (14:57 -0400)]
tile: gxio iorpc numbering change for TRIO interface

An ABI numbering change was made in the hypervisor for Tilera's 4.1
MDE release (just shipped).  It's incompatible with the previous 4.0
release ABI numbering, so we track the new numbering going forward.
We plan to avoid modifying ABI numbering for these interfaces again.

Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
12 years agoxen/boot: Disable NUMA for PV guests.
Konrad Rzeszutek Wilk [Fri, 17 Aug 2012 14:22:37 +0000 (10:22 -0400)]
xen/boot: Disable NUMA for PV guests.

The hypervisor is in charge of allocating the proper "NUMA" memory
and dealing with the CPU scheduler to keep them bound to the proper
NUMA node. The PV guests (and PVHVM) have no inkling of where they
run and do not need to know that right now. In the future we will
need to inject NUMA configuration data (if a guest spans two or more
NUMA nodes) so that the kernel can make the right choices. But those
patches are not yet present.

In the meantime, disable the NUMA capability in the PV guest, which
also fixes a bootup issue. Andre says:

"we see Dom0 crashes due to the kernel detecting the NUMA topology not
by ACPI, but directly from the northbridge (CONFIG_AMD_NUMA).

This will detect the actual NUMA config of the physical machine, but
will crash about the mismatch with Dom0's virtual memory. Variation of
the theme: Dom0 sees what it's not supposed to see.

This happens with the said config option enabled and on a machine where
this scanning is still enabled (K8 and Fam10h, not Bulldozer class)

We have this dump then:
NUMA: Warning: node ids are out of bound, from=-1 to=-1 distance=10
Scanning NUMA topology in Northbridge 24
Number of physical nodes 4
Node 0 MemBase 0000000000000000 Limit 0000000040000000
Node 1 MemBase 0000000040000000 Limit 0000000138000000
Node 2 MemBase 0000000138000000 Limit 00000001f8000000
Node 3 MemBase 00000001f8000000 Limit 0000000238000000
Initmem setup node 0 0000000000000000-0000000040000000
  NODE_DATA [000000003ffd9000 - 000000003fffffff]
Initmem setup node 1 0000000040000000-0000000138000000
  NODE_DATA [0000000137fd9000 - 0000000137ffffff]
Initmem setup node 2 0000000138000000-00000001f8000000
  NODE_DATA [00000001f095e000 - 00000001f0984fff]
Initmem setup node 3 00000001f8000000-0000000238000000
Cannot find 159744 bytes in node 3
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff81d220e6>] __alloc_bootmem_node+0x43/0x96
Pid: 0, comm: swapper Not tainted 3.3.6 #1 AMD Dinar/Dinar
RIP: e030:[<ffffffff81d220e6>]  [<ffffffff81d220e6>] __alloc_bootmem_node+0x43/0x96
.. snip..
  [<ffffffff81d23024>] sparse_early_usemaps_alloc_node+0x64/0x178
  [<ffffffff81d23348>] sparse_init+0xe4/0x25a
  [<ffffffff81d16840>] paging_init+0x13/0x22
  [<ffffffff81d07fbb>] setup_arch+0x9c6/0xa9b
  [<ffffffff81683954>] ? printk+0x3c/0x3e
  [<ffffffff81d01a38>] start_kernel+0xe5/0x468
  [<ffffffff81d012cf>] x86_64_start_reservations+0xba/0xc1
  [<ffffffff81007153>] ? xen_setup_runstate_info+0x2c/0x36
  [<ffffffff81d050ee>] xen_start_kernel+0x565/0x56c
"

so we just disable NUMA scanning by setting numa_off=1.

CC: stable@vger.kernel.org
Reported-and-Tested-by: Andre Przywara <andre.przywara@amd.com>
Acked-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
12 years agoLinux 3.6-rc7
Linus Torvalds [Mon, 24 Sep 2012 01:10:57 +0000 (18:10 -0700)]
Linux 3.6-rc7

12 years agoMerge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Linus Torvalds [Sun, 23 Sep 2012 22:40:58 +0000 (15:40 -0700)]
Merge branch 'rc-fixes' of git://git./linux/kernel/git/mmarek/kbuild

Pull kbuild fixes from Michal Marek:
 "There are two more kbuild fixes for 3.6.

  One fixes a race between x86's archscripts target and the rule
  (re)building scripts/basic/fixdep.  The second is a fix for the
  previous attempt at fixing make firmware_install with make 3.82.
  This new solution should work with any version of GNU make"

* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  x86/kbuild: archscripts depends on scripts_basic
  firmware: fix directory creation rule matching with make 3.80

12 years agoMerge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelv...
Linus Torvalds [Sun, 23 Sep 2012 21:50:15 +0000 (14:50 -0700)]
Merge branch 'hwmon-for-linus' of git://git./linux/kernel/git/jdelvare/staging

Pull hwmon subsystem fixes from Jean Delvare.

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  hwmon: (fam15h_power) Tweak runavg_range on resume
  hwmon: (coretemp) Use get_online_cpus to avoid races involving CPU hotplug
  hwmon: (via-cputemp) Use get_online_cpus to avoid races involving CPU hotplug

12 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Sun, 23 Sep 2012 21:48:28 +0000 (14:48 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "This is a set of four essential fixes: two oops related (bnx2i,
  virtio-scsi), one data corruption related (hpsa) and one failure to
  boot due to interrupt routing issues (mpt2ss).

Signed-off-by: James Bottomley <JBottomley@Parallels.com>"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] hpsa: fix handling of protocol error
  [SCSI] mpt2sas: Fix for issue - Unable to boot from the drive connected to HBA
  [SCSI] bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
  [SCSI] scsi: virtio-scsi: Fix address translation failure of HighMem pages used by sg list

12 years agoedac_mc: edac_mc_free() cannot assume mem_ctl_info is registered in sysfs.
Shaun Ruffell [Sun, 23 Sep 2012 01:26:38 +0000 (20:26 -0500)]
edac_mc: edac_mc_free() cannot assume mem_ctl_info is registered in sysfs.

Fix potential NULL pointer dereference in edac_unregister_sysfs() on
system boot introduced in 3.6-rc1.

Since commit 7a623c039 ("edac: rewrite the sysfs code to use struct
device") edac_mc_alloc() no longer initializes embedded kobjects in
struct mem_ctl_info.  Therefore edac_mc_free() can no longer simply
decrement a kobject reference count to free the allocated memory unless
the memory controller driver module had also called edac_mc_add_mc().

Now edac_mc_free() will check if the newly embedded struct device has
been registered with sysfs before using either the standard device
release functions or freeing the data structures itself with logic
pulled out of the error path of edac_mc_alloc().

The BUG this patch resolves for me:

  BUG: unable to handle kernel NULL pointer dereference at   (null)
  EIP is at __wake_up_common+0x1a/0x6a
  Process modprobe (pid: 933, ti=f3dc6000 task=f3db9520 task.ti=f3dc6000)
  Call Trace:
    complete_all+0x3f/0x50
    device_pm_remove+0x23/0xa2
    device_del+0x34/0x142
    edac_unregister_sysfs+0x3b/0x5c [edac_core]
    edac_mc_free+0x29/0x2f [edac_core]
    e7xxx_probe1+0x268/0x311 [e7xxx_edac]
    e7xxx_init_one+0x56/0x61 [e7xxx_edac]
    local_pci_probe+0x13/0x15
  ...

Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoedac_mc: fix messy kfree calls in the error path
Fengguang Wu [Sun, 23 Sep 2012 00:18:06 +0000 (08:18 +0800)]
edac_mc: fix messy kfree calls in the error path

coccinelle warns about:

+ drivers/edac/edac_mc.c:429:9-23: ERROR: reference preceded by free on line 429

   421         if (mci->csrows) {
 > 422                 for (chn = 0; chn < tot_channels; chn++) {
   423                         csr = mci->csrows[chn];
   424                         if (csr) {
 > 425                                 for (chn = 0; chn < tot_channels; chn++)
   426                                          kfree(csr->channels[chn]);
   427                                  kfree(csr);
   428                          }
 > 429                          kfree(mci->csrows[i]);
   430                  }
   431                  kfree(mci->csrows);
   432          }

and that code block seem to mess things up in several ways (double free, memory
leak, out-of-bound reads etc.):

L422: The iterator "chn" and bound "tot_channels" are totally wrong. Should be
      "row" and "tot_csrows" respectively. Which means either memory leak, or
      out-of-bound reads (which if does not trigger an immediate page fault
      error, will further lead to kfree() on random addresses).

L425: The inner loop is reusing the same iterator "chn" as the outer loop,
      which could lead to premature end of the outer loop, and hence memory leak.

L429: The array index 'i' in mci->csrows[i] is a temporary value used in
      previous loops, and won't change at all in the current loop. Which
      means either out-of-bound read and possibly kfree(random number), or the
      same mci->csrows[i] get freed once and again, and possibly double free
      for the kfree(csr) in L427.

L426/L427: a kfree(csr->channels) is needed in between to avoid leaking the memory.

The buggy code was introduced by commit de3910eb ("edac: change the mem
allocation scheme to make Documentation/kobject.txt happy") in the 3.6-rc1
merge window. Fix it by freeing up resources in this order:

  free csrows[i]->channels[j]
  free csrows[i]->channels
  free csrows[i]
  free csrows

CC: Mauro Carvalho Chehab <mchehab@redhat.com>
CC: Shaun Ruffell <sruffell@digium.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agohwmon: (fam15h_power) Tweak runavg_range on resume
Andreas Herrmann [Sun, 23 Sep 2012 18:27:32 +0000 (20:27 +0200)]
hwmon: (fam15h_power) Tweak runavg_range on resume

The quirk introduced with commit
00250ec90963b7ef6678438888f3244985ecde14 (hwmon: fam15h_power: fix
bogus values with current BIOSes) is not only required during driver
load but also when system resumes from suspend. The BIOS might set the
previously recommended (but unsuitable) initilization value for the
running average range register during resume.

Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
Tested-by: Andreas Hartmann <andihartmann@01019freenet.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@vger.kernel.org # 3.0+
12 years agohwmon: (coretemp) Use get_online_cpus to avoid races involving CPU hotplug
Silas Boyd-Wickizer [Sun, 23 Sep 2012 18:27:32 +0000 (20:27 +0200)]
hwmon: (coretemp) Use get_online_cpus to avoid races involving CPU hotplug

coretemp_init loops with for_each_online_cpu, adding platform_devices
and sysfs interfaces, then calls register_hotcpu_notifier.  There is a
race if a CPU is offlined or onlined after the loop, but before
register_hotcpu_notifier.  The race might result in the absence of a
platform_device+sysfs interface for an online CPU, or the presence of
a platform_device+sysfs interface for an offline CPU.  A similar race
occurs during coretemp_exit, after the module calls
unregister_hotcpu_notifier, but before it unregisters all devices, a
CPU might offline and a device for an offline CPU will exist for a
short while.

This fix surrounds for_each_online_cpu and register_hotcpu_notifier
with get_online_cpus+put_online_cpus; and surrounds
unregister_hotcpu_notifier and device unregistering with
get_online_cpus+put_online_cpus.

Build tested.

Signed-off-by: Silas Boyd-Wickizer <sbw@mit.edu>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
12 years agohwmon: (via-cputemp) Use get_online_cpus to avoid races involving CPU hotplug
Silas Boyd-Wickizer [Sun, 23 Sep 2012 18:27:32 +0000 (20:27 +0200)]
hwmon: (via-cputemp) Use get_online_cpus to avoid races involving CPU hotplug

via_cputemp_init loops with for_each_online_cpu, adding
platform_devices, then calls register_hotcpu_notifier.  If a CPU is
offlined between the loop and register_hotcpu_notifier, then later
onlined, via_cputemp_device_add will attempt to add platform devices
with the same ID.  A similar race occurs during via_cputemp_exit,
after the module calls unregister_hotcpu_notifier, a CPU might offline
and a device will exist for a CPU that is offline.

This fix surrounds for_each_online_cpu and register_hotcpu_notifier
with get_online_cpus+put_online_cpus; and surrounds
unregister_hotcpu_notifier and device unregistering with
get_online_cpus+put_online_cpus.

Build tested.

Signed-off-by: Silas Boyd-Wickizer <sbw@mit.edu>
Acked-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
12 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Linus Torvalds [Sat, 22 Sep 2012 19:47:53 +0000 (12:47 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus

Pull MIPS fixes from Ralf Baechle:
 "Random fixes across arch/mips, essentially.

  One fix for an issue in get_user_pages_fast() which previously was
  discovered on x86, a miscalculation in the support for the MIPS MT
  hardware multithreading support, the RTC support for the Malta and a
  fix for a spurious interrupt issue that seems to bite only very
  special Malta configurations."

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Malta: Don't crash on spurious interrupt.
  MIPS: Malta: Remove RTC Data Mode bootstrap breakage
  MIPS: mm: Add compound tail page _mapcount when mapped
  MIPS: CMP/SMTC: Fix tc_id calculation

12 years agoMerge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Linus Torvalds [Sat, 22 Sep 2012 19:40:16 +0000 (12:40 -0700)]
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm

Pull ARM and clkdev fixes from Russell King:
 "Two patches for clkdev which resolve the long standing issue that the
  devm_* versions were dependent on clkdev, which they shouldn't have
  been.  Instead, they're dependent on HAVE_CLK instead, which implies
  that you're providing clk_get() and clk_put().

  A small fix to the ARM decompressor to ensure that the page tables are
  properly interpreted by the CPU, and reserve syscall 378 for kcmp (the
  checksyscalls.sh script is unfortunately currently broken so arch
  maintainers aren't getting notified of new syscalls...)

  Lastly, a larger fix for an issue between the common clk subsystem and
  smp_twd which causes warnings to be spat out."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
  ARM: reserve syscall 378 for kcmp
  ARM: 7535/1: Reprogram smp_twd based on new common clk framework notifiers
  ARM: 7537/1: clk: Fix release in devm_clk_put()
  ARM: 7532/1: decompressor: reset SCTLR.TRE for VMSA ARMv7 cores
  ARM: 7534/1: clk: Make the managed clk functions generically available

12 years agoMerge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Linus Torvalds [Sat, 22 Sep 2012 19:37:54 +0000 (12:37 -0700)]
Merge branch 'upstream-fixes' of git://git./linux/kernel/git/jikos/hid

Pull HID fixes from Jiri Kosina:
 "The most important fix is Logitech Unifying receiver regression in
  device enumeration fix from Nestor Lopez Casado.  In addition to that,
  there is a small memory leak fix for Thinkpad keyboard driver from
  Axel Lin."

* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: Fix logitech-dj: missing Unifying device issue
  HID: lenovo-tpkbd: Fix memory leak in tpkbd_remove_tp()

12 years agoMerge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Linus Torvalds [Sat, 22 Sep 2012 19:36:57 +0000 (12:36 -0700)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fix from Steve French.

* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix return value in cifsConvertToUTF16

12 years agoHID: Fix logitech-dj: missing Unifying device issue
Nestor Lopez Casado [Fri, 21 Sep 2012 10:21:34 +0000 (12:21 +0200)]
HID: Fix logitech-dj: missing Unifying device issue

This patch fixes an issue introduced after commit 4ea5454203d991ec
("HID: Fix race condition between driver core and ll-driver").

After that commit, hid-core discards any incoming packet that arrives while
hid driver's probe function is being executed.

This broke the enumeration process of hid-logitech-dj, that must receive
control packets in-band with the mouse and keyboard packets. Discarding mouse
or keyboard data at the very begining is usually fine, but it is not the case
for control packets.

This patch forces a re-enumeration of the paired devices when a packet arrives
that comes from an unknown device.

Based on a patch originally written by Benjamin Tissoires.

Cc: stable@vger.kernel.org # v3.2+
Signed-off-by: Nestor Lopez Casado <nlopezcasad@logitech.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
12 years agoHID: lenovo-tpkbd: Fix memory leak in tpkbd_remove_tp()
Axel Lin [Thu, 13 Sep 2012 05:25:12 +0000 (13:25 +0800)]
HID: lenovo-tpkbd: Fix memory leak in tpkbd_remove_tp()

We need to kfree names for led_mute and led_micmute in tpkbd_remove_tp().

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Bernhard Seibold <mail@bernhard-seibold.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
12 years agolibceph: only kunmap kmapped pages
Alex Elder [Fri, 21 Sep 2012 22:59:58 +0000 (17:59 -0500)]
libceph: only kunmap kmapped pages

In write_partial_msg_pages(), pages need to be kmapped in order to
perform a CRC-32c calculation on them.  As an artifact of the way
this code used to be structured, the kunmap() call was separated
from the kmap() call and both were done conditionally.  But the
conditions under which the kmap() and kunmap() calls were made
differed, so there was a chance a kunmap() call would be done on a
page that had not been mapped.

The symptom of this was tripping a BUG() in kunmap_high() when
pkmap_count[nr] became 0.

Reported-by: Bryan K. Wright <bryan@virginia.edu>
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
12 years agorbd: drop dev reference on error in rbd_open()
Alex Elder [Fri, 10 Aug 2012 20:12:07 +0000 (13:12 -0700)]
rbd: drop dev reference on error in rbd_open()

If a read-only rbd device is opened for writing in rbd_open(), it
returns without dropping the just-acquired device reference.

Fix this by moving the read-only check before getting the reference.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Fri, 21 Sep 2012 21:32:55 +0000 (14:32 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking updates from David Miller:
 "More bug fixes, nothing gets past these guys"

 1) More kernel info leaks found by Mathias Krause, this time in the
    IPSEC configuration layers.

 2) When IPSEC policies change, we do not properly make sure that cached
    routes (which could now be stale) throughout the system will be
    revalidated.  Fix this by generalizing the generation count
    invalidation scheme used by ipv4.  From Nicolas Dichtel.

 3) When repairing TCP sockets, we need to allow to restore not just the
    send window scale, but the receive one too.  Extend the existing
    interface to achieve this in a backwards compatible way.  From
    Andrey Vagin.

 4) A fix for FCOE scatter gather feature validation erroneously caused
    scatter gather to be disabled for things like AOE too.  From Ed L
    Cashin.

 5) Several cases of mishandling of error pointers, from Mathias Krause,
    Wei Yongjun, and Devendra Naga.

 6) Fix gianfar build, from Richard Cochran.

 7) CAP_NET_* failures should return -EPERM not -EACCES, from Zhao
    Hongjiang.

 8) Hardware reset fix in janz-ican3 CAN driver, from Ira W Snyder.

 9) Fix oops during rmmod in ti_hecc CAN driver, from Marc Kleine-Budde.

10) The removal of the conditional compilation of the clk support code
    in the stmmac driver broke things.  This is because the interfaces
    used are the ones that don't also perform the enable/disable of the
    clk.  Fix from Stefan Roese.

11) The QFQ packet scheduler can record out of range virtual start
    times, resulting later in misbehavior and even crashes.  Fix from
    Paolo Valente.

12) If MSG_WAITALL is used with IOAT DMA under TCP, we can wedge the
    receiver when the advertised receive window goes to zero.  Detect
    this case and force the processing of the IOAT DMA queue when it
    happens to avoid getting stuck.  Fix from Michal Kubecek.

13) batman-adv assumes that test_bit() returns only 0 or 1, but this is
    not true for x86 (which returns -1 or 0, via the 'sbb' instruction).
    Fix from Linus Lussing.

14) Fix small packet corruption in e1000, from Tushar Dave.

15) make_blackhole() in the IPSEC policy code can do one read unlock too
    many, fix from Li RongQing.

16) The new tcp_try_coalesce() code introduced a bug in TCP URG
    handling, fix from Eric Dumazet.

17) Fix memory leak in __netif_receive_skb() when doing zerocopy and
    when hit an OOM condition.  From Michael S Tsirkin.

18) netxen blindly deferences pdev->bus->self, which is not guarenteed
    to be non-NULL.  Fix from Nikolay Aleksandrov.

19) Fix a performance regression caused by mistakes in ipv6 checksum
    validation in the bnx2x driver, fix from Michal Schmidt.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)
  net/stmmac: Use clk_prepare_enable and clk_disable_unprepare
  net: change return values from -EACCES to -EPERM
  net/irda: sh_sir: fix return value check in sh_sir_set_baudrate()
  stmmac: fix return value check in stmmac_open_ext_timer()
  gianfar: fix phc index build failure
  ipv6: fix return value check in fib6_add()
  bnx2x: remove false warning regarding interrupt number
  can: ti_hecc: fix oops during rmmod
  can: janz-ican3: fix support for older hardware revisions
  net: do not disable sg for packets requiring no checksum
  aoe: assert AoE packets marked as requiring no checksum
  at91ether: return PTR_ERR if call to clk_get fails
  xfrm_user: don't copy esn replay window twice for new states
  xfrm_user: ensure user supplied esn replay window is valid
  xfrm_user: fix info leak in copy_to_user_tmpl()
  xfrm_user: fix info leak in copy_to_user_policy()
  xfrm_user: fix info leak in copy_to_user_state()
  xfrm_user: fix info leak in copy_to_user_auth()
  net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200
  tcp: restore rcv_wscale in a repair mode (v2)
  ...

12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Linus Torvalds [Fri, 21 Sep 2012 21:31:50 +0000 (14:31 -0700)]
Merge git://git./linux/kernel/git/davem/sparc

Pull sparc updates from David Miller:

1) Debugging builds on 32-bit sparc need to handle the R_SPARC_DISP32
   relocation, not just 64-bit sparc.  From Andreas Larsson.

2) Wei Yongjun noticed that module_alloc() on sparc can return an
   error pointer, but that's not allowed.  module_alloc() should
   return only a valid pointer, or NULL.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc: fix the return value of module_alloc()
  sparc32: Enable the relocation target R_SPARC_DISP32 for sparc32

12 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 21 Sep 2012 21:26:23 +0000 (14:26 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Small fixlets"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm/init.c: Fix devmem_is_allowed() off by one
  x86/kconfig: Remove outdated reference to Intel CPUs in CONFIG_SWIOTLB

12 years agoMerge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 21 Sep 2012 21:25:46 +0000 (14:25 -0700)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull timer fix from Ingo Molnar:
 "One more timekeeping fix for v3.6"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  time: Fix timeekeping_get_ns overflow on 32bit systems

12 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 21 Sep 2012 21:24:48 +0000 (14:24 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
 "Small perf fixlets"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  tracing: Don't call page_to_pfn() if page is NULL
  perf/x86: Fix Intel Ivy Bridge support
  perf/x86/ibs: Check syscall attribute flags
  perf/x86: Export Sandy Bridge uncore clockticks event in sysfs

12 years agoMerge tag 'for-linus-v3.6-rc7' of git://oss.sgi.com/xfs/xfs
Linus Torvalds [Fri, 21 Sep 2012 19:43:01 +0000 (12:43 -0700)]
Merge tag 'for-linus-v3.6-rc7' of git://oss.sgi.com/xfs/xfs

Pull xfs bugfixes from Ben Myers:
 - fix a regression related to xfs_sync_worker racing with unmount.
 - fix a race while discarding xfs buffers.

* tag 'for-linus-v3.6-rc7' of git://oss.sgi.com/xfs/xfs:
  xfs: stop the sync worker before xfs_unmountfs
  xfs: fix race while discarding buffers [V4]

12 years agoMerge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Fri, 21 Sep 2012 19:41:28 +0000 (12:41 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "Fixes for big 3 drivers:

  nouveau: revert earlier MBP fix, put a dmi based MBP fix in its place
  (fixes a regression we found on some Dell eDP panels doing some
  internal testing)

  radeon: revert pll fixes, real fix is too invasive, fix scratch leak

  intel: 3 minor fixes, one for HDMI audio."

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/nouveau: add dmi quirk for gpio reset
  drm/radeon: Prevent leak of scratch register on resume from suspend
  Revert "drm/nv50-/gpio: initialise to vbios defaults during init"
  Revert "drm/radeon: rework pll selection (v3)"
  drm/i915: HDMI - Clear Audio Enable bit for Hot Plug
  drm/i915: Reduce a pin-leak BUG into a WARN
  drm/i915: enable lvds pin pairs before dpll on gen2

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Fri, 21 Sep 2012 19:39:28 +0000 (12:39 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

Pull input updates from Dmitry Torokhov:
 "Updates for the input subsystem.  Just a few driver updates mostly
  dealing with recent regressions."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: edt-ft5x06 - return -EFAULT on copy_to_user() error
  Input: sentelic - filter out erratic movement when lifting finger
  Input: ambakmi - [un]prepare clocks when enabling amd disabling
  Input: i8042 - disable mux on Toshiba C850D
  Revert "input: ab8500-ponkey: Create AB8500 domain IRQ mapping"
  Input: imx_keypad - fix missing clk conversions
  Input: usbtouchscreen - initialize eGalax devices

12 years agoMerge git://www.linux-watchdog.org/linux-watchdog
Linus Torvalds [Fri, 21 Sep 2012 19:36:23 +0000 (12:36 -0700)]
Merge git://www.linux-watchdog.org/linux-watchdog

Pull watchdog fixes from Wim Van Sebroeck:
 "Fix a kdump issue in hpwdt and a possible NULL dereference."

* git://www.linux-watchdog.org/linux-watchdog:
  watchdog: move the dereference below the NULL test
  hpwdt: Fix kdump issue in hpwdt

12 years agoMerge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck...
Linus Torvalds [Fri, 21 Sep 2012 19:33:31 +0000 (12:33 -0700)]
Merge tag 'hwmon-for-linus' of git://git./linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:
 - Add missing 'name' sysfs attributes to ad7314 and ads7871 drivers
 - Bump maximum wait time for applesmc driver (again)
 - Fix build warning seen with W=1 in include/linux/kernel.h, introduced
   with commit b6d86d3d6d6e ("Fix DIV_ROUND_CLOSEST to support negative
   dividends")

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST
  hwmon: (applesmc) Bump max wait
  hwmon: (ad7314) Add 'name' sysfs attribute
  hwmon: (ads7871) Add 'name' sysfs attribute

12 years agoMerge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Linus Torvalds [Fri, 21 Sep 2012 19:15:37 +0000 (12:15 -0700)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma

Pull slave-dmaengine fixes from Vinod Koul:
 "There are two trivial fixes in pl330 driver and two in at_hdmac
  driver."

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  DMA: PL330: Check the pointer returned by kzalloc
  DMA: PL330: Fix potential NULL pointer dereference in pl330_submit_req()
  dmaengine: at_hdmac: check that each sg data length is non-null
  dmaengine: at_hdmac: fix comment in atc_prep_slave_sg()

12 years agoMerge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
Linus Torvalds [Fri, 21 Sep 2012 19:14:47 +0000 (12:14 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc

Pull arm-soc bug fixes from Olof Johansson:
 "A couple of samsung clock locking fixes, at91 device tree gpio
  configuration fix and a couple more for shmobile and i.MX.

  All small targeted fixes."

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM i.MX25: Make timer irq work again
  ARM: imx: armadillo5x0: Fix illegal register access
  ARM: shmobile: kzm9g: bugfix: correct mmcif interrupt settings
  ARM: SAMSUNG: Use spin_lock_{irqsave,irqrestore} in clk_set_rate
  ARM: at91: fix missing #interrupt-cells on gpio-controller
  ARM: SAMSUNG: use spin_lock_irqsave() in clk_set_parent

12 years agosparc: fix the return value of module_alloc()
Wei Yongjun [Thu, 20 Sep 2012 18:57:51 +0000 (18:57 +0000)]
sparc: fix the return value of module_alloc()

In case of error, function module_alloc() in other platform never
returns ERR_PTR(), and all of the user only check for NULL, so
we'd better return NULL instead of ERR_PTR().

dpatch engine is used to auto generated this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosparc32: Enable the relocation target R_SPARC_DISP32 for sparc32
Andreas Larsson [Mon, 17 Sep 2012 19:59:52 +0000 (19:59 +0000)]
sparc32: Enable the relocation target R_SPARC_DISP32 for sparc32

GNU Binutils 2.20.1 generates .eh_frame sections that uses R_SPARC_DISP32.

Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Linus Torvalds [Fri, 21 Sep 2012 19:10:17 +0000 (12:10 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:
 "Bug fixes for 3.6-rc7, including some important patches for large page
  related memory management issues."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/dasd: fix read unit address configuration loop
  s390/dasd: fix pathgroup race
  s390/mm: fix user access page-table walk code
  s390/hwcaps: do not report high gprs for 31 bit kernel
  s390/cio: invalidate cdev pointer before deregistration
  s390/cio: fix IO subchannel event race
  s390/dasd: move wake_up call
  s390/hugetlb: use direct TLB flushing for hugetlbfs pages
  s390/mm: fix deadlock in unmap_hugepage_range()

12 years agoMerge tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 21 Sep 2012 19:06:54 +0000 (12:06 -0700)]
Merge tag 'stable/for-linus-3.6-rc6-tag' of git://git./linux/kernel/git/konrad/xen

Pull Xen bug-fixes from Konrad Rzeszutek Wilk:
 - Fix M2P batching re-using the incorrect structure field.

   In v3.5 we added batching for M2P override (Machine Frame Number ->
   Physical Frame Number), but the original MFN was saved in an
   incorrect structure - and we would oops/restore when restoring with
   the old MFN.

 - Disable BIOS SMP MP table search.

   A bootup issue that we had ignored until we found that on DL380 G6 it
   was needed.

* tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/boot: Disable BIOS SMP MP table search.
  xen/m2p: do not reuse kmap_op->dev_bus_addr

12 years agonet/stmmac: Use clk_prepare_enable and clk_disable_unprepare
Stefan Roese [Fri, 21 Sep 2012 01:06:29 +0000 (01:06 +0000)]
net/stmmac: Use clk_prepare_enable and clk_disable_unprepare

This patch fixes an issue introduced by commit ID 6a81c26f
[net/stmmac: remove conditional compilation of clk code], which
switched from the internal stmmac_clk_{en}{dis}able calls to
clk_{en}{dis}able. By this, calling clk_prepare and clk_unprepare
was removed.

clk_{un}prepare is mandatory for platforms using common clock framework.
Since these drivers are used by SPEAr platform, which supports common
clock framework, add clk_{un}prepare() support for them. Otherwise
the clocks are not correctly en-/disabled and ethernet support doesn't
work.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agodebugfs: fix u32_array race in format_array_alloc
Linus Torvalds [Fri, 21 Sep 2012 18:48:05 +0000 (11:48 -0700)]
debugfs: fix u32_array race in format_array_alloc

The format_array_alloc() function is fundamentally racy, in that it
prints the array twice: once to figure out how much space to allocate
for the buffer, and the second time to actually print out the data.

If any of the array contents changes in between, the allocation size may
be wrong, and the end result may be truncated in odd ways.

Just don't do it.  Allocate a maximum-sized array up-front, and just
format the array contents once.  The only user of the u32_array
interfaces is the Xen spinlock statistics code, and it has 31 entries in
the arrays, so the maximum size really isn't that big, and the end
result is much simpler code without the bug.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agonet: change return values from -EACCES to -EPERM
Zhao Hongjiang [Thu, 20 Sep 2012 22:37:25 +0000 (22:37 +0000)]
net: change return values from -EACCES to -EPERM

Change return value from -EACCES to -EPERM when the permission check fails.

Signed-off-by: Zhao Hongjiang <zhaohongjiang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'fixes-for-3.6' of git://gitorious.org/linux-can/linux-can
David S. Miller [Fri, 21 Sep 2012 17:49:59 +0000 (13:49 -0400)]
Merge branch 'fixes-for-3.6' of git://gitorious.org/linux-can/linux-can

Marc Kleine-Budde says:

====================
two patches for the v3.6 release cycle. Ira W. Snyder fixed support for the
older version of the Janz CMOD-IO Carrier Board. I found and fixed an oops in
the ti_hecc driver, which occurs when removing the module if the network
interface is still open.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet/irda: sh_sir: fix return value check in sh_sir_set_baudrate()
Wei Yongjun [Thu, 20 Sep 2012 21:13:55 +0000 (21:13 +0000)]
net/irda: sh_sir: fix return value check in sh_sir_set_baudrate()

In case of error, the function clk_get() returns ERR_PTR()
and never returns NULL pointer. The NULL test in the error
handling should be replaced with IS_ERR().

dpatch engine is used to auto generated this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agostmmac: fix return value check in stmmac_open_ext_timer()
Wei Yongjun [Thu, 20 Sep 2012 21:06:10 +0000 (21:06 +0000)]
stmmac: fix return value check in stmmac_open_ext_timer()

In case of error, the function clk_get() returns ERR_PTR()
and never returns NULL pointer. The NULL test in the error
handling should be replaced with IS_ERR().

dpatch engine is used to auto generated this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agogianfar: fix phc index build failure
Richard Cochran [Thu, 20 Sep 2012 19:11:12 +0000 (19:11 +0000)]
gianfar: fix phc index build failure

This patch fixes a build failure introduced in commit 66636287
("gianfar: Support the get_ts_info ethtool method."). Not only was a
global variable inconsistently named, but also it was not exported as
it should have been.

This fix is also needed in stable version 3.5.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: fix return value check in fib6_add()
Wei Yongjun [Thu, 20 Sep 2012 18:29:56 +0000 (18:29 +0000)]
ipv6: fix return value check in fib6_add()

In case of error, the function fib6_add_1() returns ERR_PTR()
or NULL pointer. The ERR_PTR() case check is missing in fib6_add().

dpatch engine is used to generated this patch.
(https://github.com/weiyj/dpatch)

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agodebugfs: fix race in u32_array_read and allocate array at open
David Rientjes [Fri, 21 Sep 2012 09:16:29 +0000 (02:16 -0700)]
debugfs: fix race in u32_array_read and allocate array at open

u32_array_open() is racy when multiple threads read from a file with a
seek position of zero, i.e. when two or more simultaneous reads are
occurring after the non-seekable files are created.  It is possible that
file->private_data is double-freed because the threads races between

kfree(file->private-data);

and

file->private_data = NULL;

The fix is to only do format_array_alloc() when the file is opened and
free it when it is closed.

Note that because the file has always been non-seekable, you can't open
it and read it multiple times anyway, so the data has always been
generated just once.  The difference is that now it is generated at open
time rather than at the time of the first read, and that avoids the
race.

Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Tested-by: Raghavendra <raghavendra.kt@linux.vnet.ibm.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agobnx2x: remove false warning regarding interrupt number
Ariel Elior [Thu, 20 Sep 2012 05:26:41 +0000 (05:26 +0000)]
bnx2x: remove false warning regarding interrupt number

Since version 7.4 the FW configures in the pci config space the max
number of interrupts available to the physical function, instead of
the exact number to use.
This causes a false warning in driver when comparing the number of
configured interrupts to the number about to be used.

Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoARM: reserve syscall 378 for kcmp
Russell King [Fri, 21 Sep 2012 16:55:20 +0000 (17:55 +0100)]
ARM: reserve syscall 378 for kcmp

kcmp has appeared on x86, but has not been noticed because
checksyscalls.sh is broken at the moment.  Reserve ARM syscall 378
for this should we ever need it, and add an __IGNORE entry for this
unimplemented syscall.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
12 years agovfio: Fix virqfd release race
Alex Williamson [Fri, 21 Sep 2012 16:48:28 +0000 (10:48 -0600)]
vfio: Fix virqfd release race

vfoi-pci supports a mechanism like KVM's irqfd for unmasking an
interrupt through an eventfd.  There are two ways to shutdown this
interface: 1) close the eventfd, 2) ioctl (such as disabling the
interrupt).  Both of these do the release through a workqueue,
which can result in a segfault if two jobs get queued for the same
virqfd.

Fix this by protecting the pointer to these virqfds by a spinlock.
The vfio pci device will therefore no longer have a reference to it
once the release job is queued under lock.  On the ioctl side, we
still flush the workqueue to ensure that any outstanding releases
are completed.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
12 years agovfio: Trivial Documentation correction
Alex Williamson [Fri, 21 Sep 2012 16:48:03 +0000 (10:48 -0600)]
vfio: Trivial Documentation correction

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
12 years agox86/kbuild: archscripts depends on scripts_basic
Jeff Mahoney [Thu, 20 Sep 2012 14:28:45 +0000 (10:28 -0400)]
x86/kbuild: archscripts depends on scripts_basic

While building the SUSE kernel packages, which build the scripts,
make clean, and then build everything, we have been running into spurious
build failures. We tracked them down to a simple dependency issue:

$ make mrproper
  CLEAN   arch/x86/tools
  CLEAN   scripts/basic
$ cp patches/config/x86_64/desktop .config
$ make archscripts
  HOSTCC  arch/x86/tools/relocs
/bin/sh: scripts/basic/fixdep: No such file or directory
make[3]: *** [arch/x86/tools/relocs] Error 1
make[2]: *** [archscripts] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2

This was introduced by commit
6520fe55 (x86, realmode: 16-bit real-mode code support for relocs),
which added the archscripts dependency to archprepare.

This patch adds the scripts_basic dependency to the x86 archscripts.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
12 years agofirmware: fix directory creation rule matching with make 3.80
Mark Asselstine [Wed, 19 Sep 2012 20:30:44 +0000 (16:30 -0400)]
firmware: fix directory creation rule matching with make 3.80

Since make 3.80 doesn't support secondary expansion it uses a fallback
rule to create firmware directories which is matched after primary
expansion of the $(installed-fw) rule's prerequisite. Commit
6c7080a61fc7 [firmware: fix directory creation rule matching with make
3.82] changed the expression generated after primary expansion such
that the fallback was not matched. Updating the fallback rule to match
the new look primary expansion is not an option for various reasons.

The trailing slash added here to $(INSTALL_FW_PATH)/. while defining
installed-fw-dirs fixes builds with make 3.82 since this will provide
a matching rule for $(INSTALL_FW_PATH)/$$(dir %) when % is in the base
firmware directory (ie. $(dir %) gives './'). Versions of make prior
to 3.82 will strip this trailing slash along with the one generated by
$(dir %) when % is in the base firmware directory and as such continue
to function as before.

Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Tested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
12 years agocan: ti_hecc: fix oops during rmmod
Marc Kleine-Budde [Wed, 19 Sep 2012 12:58:45 +0000 (14:58 +0200)]
can: ti_hecc: fix oops during rmmod

This patch fixes an oops which occurs when unloading the driver, while the
network interface is still up. The problem is that first the io mapping is
teared own, then the CAN device is unregistered, resulting in accessing the
hardware's iomem:

[  172.744232] Unable to handle kernel paging request at virtual address c88b0040
[  172.752441] pgd = c7be4000
[  172.755645] [c88b0040] *pgd=87821811, *pte=00000000, *ppte=00000000
[  172.762207] Internal error: Oops: 807 [#1] PREEMPT ARM
[  172.767517] Modules linked in: ti_hecc(-) can_dev
[  172.772430] CPU: 0    Not tainted  (3.5.0alpha-00037-g3554cc0 #126)
[  172.778961] PC is at ti_hecc_close+0xb0/0x100 [ti_hecc]
[  172.784423] LR is at __dev_close_many+0x90/0xc0
[  172.789123] pc : [<bf00c768>]    lr : [<c033be58>]    psr: 60000013
[  172.789123] sp : c5c1de68  ip : 00040081  fp : 00000000
[  172.801025] r10: 00000001  r9 : c5c1c000  r8 : 00100100
[  172.806457] r7 : c5d0a48c  r6 : c5d0a400  r5 : 00000000  r4 : c5d0a000
[  172.813232] r3 : c88b0000  r2 : 00000001  r1 : c5d0a000  r0 : c5d0a000
[  172.820037] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[  172.827423] Control: 10c5387d  Table: 87be4019  DAC: 00000015
[  172.833404] Process rmmod (pid: 600, stack limit = 0xc5c1c2f0)
[  172.839447] Stack: (0xc5c1de68 to 0xc5c1e000)
[  172.843994] de60:                   bf00c6b8 c5c1dec8 c5d0a000 c5d0a000 00200200 c033be58
[  172.852478] de80: c5c1de44 c5c1dec8 c5c1dec8 c033bf2c c5c1de90 c5c1de90 c5d0a084 c5c1de44
[  172.860992] dea0: c5c1dec8 c033c098 c061d3dc c5d0a000 00000000 c05edf28 c05edb34 c000d724
[  172.869476] dec0: 00000000 c033c2f8 c5d0a084 c5d0a084 00000000 c033c370 00000000 c5d0a000
[  172.877990] dee0: c05edb00 c033c3b8 c5d0a000 bf00d3ac c05edb00 bf00d7c8 bf00d7c8 c02842dc
[  172.886474] df00: c02842c8 c0282f90 c5c1c000 c05edb00 bf00d7c8 c0283668 bf00d7c8 00000000
[  172.894989] df20: c0611f98 befe2f80 c000d724 c0282d10 bf00d804 00000000 00000013 c0068a8c
[  172.903472] df40: c5c538e8 685f6974 00636365 c61571a8 c5cb9980 c61571a8 c6158a20 c00c9bc4
[  172.911987] df60: 00000000 00000000 c5cb9980 00000000 c5cb9980 00000000 c7823680 00000006
[  172.920471] df80: bf00d804 00000880 c5c1df8c 00000000 000d4267 befe2f80 00000001 b6d90068
[  172.928985] dfa0: 00000081 c000d5a0 befe2f80 00000001 befe2f80 00000880 b6d90008 00000008
[  172.937469] dfc0: befe2f80 00000001 b6d90068 00000081 00000001 00000000 befe2eac 00000000
[  172.945983] dfe0: 00000000 befe2b18 00023ba4 b6e6addc 60000010 befe2f80 a8e00190 86d2d344
[  172.954498] [<bf00c768>] (ti_hecc_close+0xb0/0x100 [ti_hecc]) from [<c033be58>] (__dev__registered_many+0xc0/0x2a0)
[  172.984161] [<c033c098>] (rollback_registered_many+0xc0/0x2a0) from [<c033c2f8>] (rollback_registered+0x20/0x30)
[  172.994750] [<c033c2f8>] (rollback_registered+0x20/0x30) from [<c033c370>] (unregister_netdevice_queue+0x68/0x98)
[  173.005401] [<c033c370>] (unregister_netdevice_queue+0x68/0x98) from [<c033c3b8>] (unregister_netdev+0x18/0x20)
[  173.015899] [<c033c3b8>] (unregister_netdev+0x18/0x20) from [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc])
[  173.026245] [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc]) from [<c02842dc>] (platform_drv_remove+0x14/0x18)
[  173.036712] [<c02842dc>] (platform_drv_remove+0x14/0x18) from [<c0282f90>] (__device_release_driver+0x7c/0xbc)

Cc: stable <stable@vger.kernel.org>
Cc: Anant Gole <anantgole@ti.com>
Tested-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocan: janz-ican3: fix support for older hardware revisions
Ira W. Snyder [Tue, 11 Sep 2012 22:58:15 +0000 (15:58 -0700)]
can: janz-ican3: fix support for older hardware revisions

The Revision 1.0 Janz CMOD-IO Carrier Board does not have support for
the reset registers. To support older hardware, the code is changed to
use the hardware reset register on the Janz VMOD-ICAN3 hardware itself.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Ira W. Snyder <iws@ovro.caltech.edu>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agoMerge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel...
Dave Airlie [Fri, 21 Sep 2012 10:46:01 +0000 (20:46 +1000)]
Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes

Daniel writes:
Essentially just flush my -fixes queue before I head off to xdc.
- gen2 regression fixer, we've enabled the lvds stuff too late. Not
  causing any known issues, but this restores the sequence before a
  refactor that landed in 3.5, and lvds is a fickle beast. And seriously,
  who runs gen2 still ...
- downgrade a BUG to a WARN - we haven't root-caused/fixed the underlying
  issue yet, but this should help bug reporters quite a bit.
- properly disable hdmi audio - we've lost track of this, which resulted
  in the alsa driver again losing track of the unplug event.

* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
  drm/i915: HDMI - Clear Audio Enable bit for Hot Plug
  drm/i915: Reduce a pin-leak BUG into a WARN
  drm/i915: enable lvds pin pairs before dpll on gen2

12 years agodrm/nouveau: add dmi quirk for gpio reset
Dave Airlie [Fri, 21 Sep 2012 13:19:50 +0000 (09:19 -0400)]
drm/nouveau: add dmi quirk for gpio reset

This fixes the gpio reset problem so the Retina MBP works, but avoids
breaking the Dell systems. Ben will work on a better solution for 3.7.

Tested by me on retina MBP.

Signed-off-by: Dave Airlie <airlied@redhat.com>
12 years agonet: do not disable sg for packets requiring no checksum
Ed Cashin [Wed, 19 Sep 2012 15:49:00 +0000 (15:49 +0000)]
net: do not disable sg for packets requiring no checksum

A change in a series of VLAN-related changes appears to have
inadvertently disabled the use of the scatter gather feature of
network cards for transmission of non-IP ethernet protocols like ATA
over Ethernet (AoE).  Below is a reference to the commit that
introduces a "harmonize_features" function that turns off scatter
gather when the NIC does not support hardware checksumming for the
ethernet protocol of an sk buff.

  commit f01a5236bd4b140198fbcc550f085e8361fd73fa
  Author: Jesse Gross <jesse@nicira.com>
  Date:   Sun Jan 9 06:23:31 2011 +0000

      net offloading: Generalize netif_get_vlan_features().

The can_checksum_protocol function is not equipped to consider a
protocol that does not require checksumming.  Calling it for a
protocol that requires no checksum is inappropriate.

The patch below has harmonize_features call can_checksum_protocol when
the protocol needs a checksum, so that the network layer is not forced
to perform unnecessary skb linearization on the transmission of AoE
packets.  Unnecessary linearization results in decreased performance
and increased memory pressure, as reported here:

  http://www.spinics.net/lists/linux-mm/msg15184.html

The problem has probably not been widely experienced yet, because
only recently has the kernel.org-distributed aoe driver acquired the
ability to use payloads of over a page in size, with the patchset
recently included in the mm tree:

  https://lkml.org/lkml/2012/8/28/140

The coraid.com-distributed aoe driver already could use payloads of
greater than a page in size, but its users generally do not use the
newest kernels.

Signed-off-by: Ed Cashin <ecashin@coraid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaoe: assert AoE packets marked as requiring no checksum
Ed Cashin [Wed, 19 Sep 2012 15:46:39 +0000 (15:46 +0000)]
aoe: assert AoE packets marked as requiring no checksum

In order for the network layer to see that AoE requires
no checksumming in a generic way, the packets must be
marked as requiring no checksum, so we make this requirement
explicit with the assertion.

Signed-off-by: Ed Cashin <ecashin@coraid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoat91ether: return PTR_ERR if call to clk_get fails
Devendra Naga [Wed, 19 Sep 2012 21:04:36 +0000 (21:04 +0000)]
at91ether: return PTR_ERR if call to clk_get fails

we are currently returning ENODEV, as the clk_get may give a exact
error code in its returned pointer, assign it to the ret by using the
PTR_ERR function, so that the subsequent goto label will jump to the
error path and clean the driver and return the error correctly.

Signed-off-by: Devendra Naga <devendra.aaru@gmail.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: don't copy esn replay window twice for new states
Mathias Krause [Wed, 19 Sep 2012 11:33:43 +0000 (11:33 +0000)]
xfrm_user: don't copy esn replay window twice for new states

The ESN replay window was already fully initialized in
xfrm_alloc_replay_state_esn(). No need to copy it again.

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: ensure user supplied esn replay window is valid
Mathias Krause [Thu, 20 Sep 2012 10:01:49 +0000 (10:01 +0000)]
xfrm_user: ensure user supplied esn replay window is valid

The current code fails to ensure that the netlink message actually
contains as many bytes as the header indicates. If a user creates a new
state or updates an existing one but does not supply the bytes for the
whole ESN replay window, the kernel copies random heap bytes into the
replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
netlink attribute. This leads to following issues:

1. The replay window has random bits set confusing the replay handling
   code later on.

2. A malicious user could use this flaw to leak up to ~3.5kB of heap
   memory when she has access to the XFRM netlink interface (requires
   CAP_NET_ADMIN).

Known users of the ESN replay window are strongSwan and Steffen's
iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
uses the interface with a bitmap supplied while the former does not.
strongSwan is therefore prone to run into issue 1.

To fix both issues without breaking existing userland allow using the
XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
fully specified one. For the former case we initialize the in-kernel
bitmap with zero, for the latter we copy the user supplied bitmap. For
state updates the full bitmap must be supplied.

To prevent overflows in the bitmap length calculation the maximum size
of bmp_len is limited to 128 by this patch -- resulting in a maximum
replay window of 4096 packets. This should be sufficient for all real
life scenarios (RFC 4303 recommends a default replay window size of 64).

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Martin Willi <martin@revosec.ch>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: fix info leak in copy_to_user_tmpl()
Mathias Krause [Wed, 19 Sep 2012 11:33:41 +0000 (11:33 +0000)]
xfrm_user: fix info leak in copy_to_user_tmpl()

The memory used for the template copy is a local stack variable. As
struct xfrm_user_tmpl contains multiple holes added by the compiler for
alignment, not initializing the memory will lead to leaking stack bytes
to userland. Add an explicit memset(0) to avoid the info leak.

Initial version of the patch by Brad Spengler.

Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: fix info leak in copy_to_user_policy()
Mathias Krause [Wed, 19 Sep 2012 11:33:40 +0000 (11:33 +0000)]
xfrm_user: fix info leak in copy_to_user_policy()

The memory reserved to dump the xfrm policy includes multiple padding
bytes added by the compiler for alignment (padding bytes in struct
xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
memset(0) before filling the buffer to avoid the heap info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: fix info leak in copy_to_user_state()
Mathias Krause [Wed, 19 Sep 2012 11:33:39 +0000 (11:33 +0000)]
xfrm_user: fix info leak in copy_to_user_state()

The memory reserved to dump the xfrm state includes the padding bytes of
struct xfrm_usersa_info added by the compiler for alignment (7 for
amd64, 3 for i386). Add an explicit memset(0) before filling the buffer
to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoxfrm_user: fix info leak in copy_to_user_auth()
Mathias Krause [Wed, 19 Sep 2012 11:33:38 +0000 (11:33 +0000)]
xfrm_user: fix info leak in copy_to_user_auth()

copy_to_user_auth() fails to initialize the remainder of alg_name and
therefore discloses up to 54 bytes of heap memory via netlink to
userland.

Use strncpy() instead of strcpy() to fill the trailing bytes of alg_name
with null bytes.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200
Bjørn Mork [Wed, 19 Sep 2012 10:03:36 +0000 (10:03 +0000)]
net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200

One of the modes of Huawei E367 has this QMI/wwan interface:

 I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=07 Driver=(none)
 E:  Ad=83(I) Atr=03(Int.) MxPS=  64 Ivl=2ms
 E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
 E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms

Huawei use subclass and protocol to identify vendor specific
functions, so adding a new vendor rule for this combination.

The Pantech devices UML290 (106c:3718) and P4200 (106c:3721) use
the same subclass to identify the QMI/wwan function.  Replace the
existing device specific UML290 entries with generic vendor matching,
adding support for the Pantech P4200.

The ZTE MF683 has 6 vendor specific interfaces, all using
ff/ff/ff for cls/sub/prot.  Adding a match on interface #5 which
is a QMI/wwan interface.

Cc: Fangxiaozhi (Franko) <fangxiaozhi@huawei.com>
Cc: Thomas Schäfer <tschaefer@t-online.de>
Cc: Dan Williams <dcbw@redhat.com>
Cc: Shawn J. Goff <shawn7400@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agotcp: restore rcv_wscale in a repair mode (v2)
Andrey Vagin [Wed, 19 Sep 2012 09:40:00 +0000 (09:40 +0000)]
tcp: restore rcv_wscale in a repair mode (v2)

rcv_wscale is a symetric parameter with snd_wscale.

Both this parameters are set on a connection handshake.

Without this value a remote window size can not be interpreted correctly,
because a value from a packet should be shifted on rcv_wscale.

And one more thing is that wscale_ok should be set too.

This patch doesn't break a backward compatibility.
If someone uses it in a old scheme, a rcv window
will be restored with the same bug (rcv_wscale = 0).

v2: Save backward compatibility on big-endian system. Before
    the first two bytes were snd_wscale and the second two bytes were
    rcv_wscale. Now snd_wscale is opt_val & 0xFFFF and rcv_wscale >> 16.
    This approach is independent on byte ordering.

Cc: David S. Miller <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
CC: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux into drm...
Dave Airlie [Thu, 20 Sep 2012 20:50:40 +0000 (06:50 +1000)]
Merge branch 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux into drm-fixes

fixes a resume regression on pre-r6xx asics.

* 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux:
  drm/radeon: Prevent leak of scratch register on resume from suspend