Kumar Sanghvi [Wed, 18 Dec 2013 11:08:20 +0000 (16:38 +0530)]
cxgb4: Include TCP as protocol when creating server filters
We were creating LE Workaround Server Filters without specifying
IPPROTO_TCP (6) in the filters (when F_PROTOCOL is set in TP_VLAN_PRI_MAP).
This meant that UDP packets with matching IP Addresses/Ports would get
caught up in the filter and be delivered to ULDs like iw_cxgb4.
So, include the protocol information in the server filter properly.
Based on original work by Casey Leedom <leedom@chelsio.com>
Signed-off-by: Kumar Sanghvi <kumaras@chelsio.com>
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kumar Sanghvi [Wed, 18 Dec 2013 11:08:19 +0000 (16:38 +0530)]
cxgb4: Reserve stid 0 for T4/T5 adapters
When creating offload server entries, an IPv6 passive connection request
can trigger a reply with a null STID, whereas the driver would expect
the reply 'STID to match the value used for the request.
This happens due to h/w limitation on T4 and T5.
This patch ensures that STID 0 is never used if the stid range starts
from zero.
Based on original work by Santosh Rastapur <santosh@chelsio.com>
Signed-off-by: Kumar Sanghvi <kumaras@chelsio.com>
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 22 Dec 2013 03:34:53 +0000 (22:34 -0500)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless
John W. Linville says:
====================
Please consider pulling this batch of fixes for the 3.13 stream...
For the mac80211 bits, Johannes says:
"Here's a fix for another potential radiotap parser buffer overrun thanks
to Evan Huus, and a fix for a cfg80211 warning in a certain corner case
(reconnecting to the same BSS)."
For the bluetooth bits, Gustavo says:
"Two patches in this pull request. An important fix from Marcel in the
permission check for HCI User Channels, there was a extra check for
CAP_NET_RAW, and it was now removed. These channels should only require
CAP_NET_ADMIN. The other patch is a device id addition."
On top of that...
Sujith Manoharan provides a workaround for a hardware problem that
can result in lost interrupts.
Larry Finger fixes an oops when unloading the rtlwifi driver (Red
Hat bug 852761).
Mathy Vanhoef fixes a somewhat minor MAC address privacy issue
(CVE-2013-4579).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Haiyang Zhang [Sat, 21 Dec 2013 00:52:31 +0000 (16:52 -0800)]
hyperv: Fix race between probe and open calls
Moving the register_netdev to the end of probe to prevent
possible open call happens before NetVSP is connected.
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Fri, 20 Dec 2013 20:40:06 +0000 (15:40 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
Wang Weidong [Wed, 18 Dec 2013 02:24:33 +0000 (19:24 -0700)]
dccp: catch failed request_module call in dccp_probe init
Check the return value of request_module during dccp_probe initialisation,
bail out if that call fails.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Wang Weidong <wangweidong1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 20 Dec 2013 00:23:54 +0000 (19:23 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/jkirsher/net
Jeff Kirsher says:
====================
Intel Wired LAN Driver Updates
This series contains updates to net, ixgbe and e1000e.
David provides compiler fixes for e1000e.
Don provides a fix for ixgbe to resolve a compile warning.
John provides a fix to net where it is useful to be able to walk all
upper devices when bringing a device online where the RTNL lock is held.
In this case, it is safe to walk the all_adj_list because the RTNL lock is
used to protect the write side as well. This patch adds a check to see
if the RTNL lock is held before throwing a warning in
netdev_all_upper_get_next_dev_rcu().
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Leigh Brown [Thu, 19 Dec 2013 13:09:48 +0000 (13:09 +0000)]
net: mvmdio: fix interrupt timeout handling
This version corrects the whitespace issue.
orion_mdio_wait_ready uses wait_event_timeout to wait for the
SMI interrupt to fire. wait_event_timeout waits for between
"timeout - 1" and "timeout" jiffies. In this case a 1ms timeout
when HZ is 1000 results in a wait of 0 to 1 jiffies, causing
premature timeouts.
This fix ensures a minimum timeout of 2 jiffies, ensuring
wait_event_timeout will always wait at least 1 jiffie.
Issue reported by Nicolas Schichan.
Tested-by: Nicolas Schichan <nschichan@freebox.fr>
Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Betty Dall [Thu, 19 Dec 2013 17:59:09 +0000 (10:59 -0700)]
atl1c: Check return from pci_find_ext_capability() in atl1c_reset_pcie()
The function atl1c_reset_pcie() does not check the return from
pci_find_ext_cabability() where it is getting the postion of the
PCI_EXT_CAP_ID_ERR. It is possible for the return to be 0.
Signed-off-by: Betty Dall <betty.dall@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Li RongQing [Thu, 19 Dec 2013 04:40:26 +0000 (12:40 +0800)]
ipv6: always set the new created dst's from in ip6_rt_copy
ip6_rt_copy only sets dst.from if ort has flag RTF_ADDRCONF and RTF_DEFAULT.
but the prefix routes which did get installed by hand locally can have an
expiration, and no any flag combination which can ensure a potential from
does never expire, so we should always set the new created dst's from.
This also fixes the new created dst is always expired since the ort, which
is created by RA, maybe has RTF_EXPIRES and RTF_ADDRCONF, but no RTF_DEFAULT.
Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
CC: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 19 Dec 2013 18:53:02 +0000 (10:53 -0800)]
net: fec: fix potential use after free
skb_tx_timestamp(skb) should be called _before_ TX completion
has a chance to trigger, otherwise it is too late and we access
freed memory.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes:
de5fb0a05348 ("net: fec: put tx to napi poll function to fix dead lock")
Cc: Frank Li <Frank.Li@freescale.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Acked-by: Frank Li <Frank.Li@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michal Schmidt [Tue, 17 Dec 2013 17:51:25 +0000 (18:51 +0100)]
bnx2x: downgrade "valid ME register value" message level
"valid ME register value" is not an error. It should be logged for
debugging only.
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Acked-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Salva Peiró [Tue, 17 Dec 2013 09:06:30 +0000 (10:06 +0100)]
hamradio/yam: fix info leak in ioctl
The yam_ioctl() code fails to initialise the cmd field
of the struct yamdrv_ioctl_cfg. Add an explicit memset(0)
before filling the structure to avoid the 4-byte info leak.
Signed-off-by: Salva Peiró <speiro@ai2.upv.es>
Signed-off-by: David S. Miller <davem@davemloft.net>
Wenliang Fan [Tue, 17 Dec 2013 03:25:28 +0000 (11:25 +0800)]
drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
The local variable 'bi' comes from userspace. If userspace passed a
large number to 'bi.data.calibrate', there would be an integer overflow
in the following line:
s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
Signed-off-by: Wenliang Fan <fanwlexca@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Wei Yongjun [Tue, 17 Dec 2013 02:42:09 +0000 (10:42 +0800)]
xen-netback: fix some error return code
'err' is overwrited to 0 after maybe_pull_tail() call, so the error
code was not set if skb_partial_csum_set() call failed. Fix to return
error -EPROTO from those error handling case instead of 0.
Fixes:
d52eb0d46f36 ('xen-netback: make sure skb linear area covers checksum field')
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Mon, 16 Dec 2013 23:38:39 +0000 (00:38 +0100)]
net: inet_diag: zero out uninitialized idiag_{src,dst} fields
Jakub reported while working with nlmon netlink sniffer that parts of
the inet_diag_sockid are not initialized when r->idiag_family != AF_INET6.
That is, fields of r->id.idiag_src[1 ... 3], r->id.idiag_dst[1 ... 3].
In fact, it seems that we can leak 6 * sizeof(u32) byte of kernel [slab]
memory through this. At least, in udp_dump_one(), we allocate a skb in ...
rep = nlmsg_new(sizeof(struct inet_diag_msg) + ..., GFP_KERNEL);
... and then pass that to inet_sk_diag_fill() that puts the whole struct
inet_diag_msg into the skb, where we only fill out r->id.idiag_src[0],
r->id.idiag_dst[0] and leave the rest untouched:
r->id.idiag_src[0] = inet->inet_rcv_saddr;
r->id.idiag_dst[0] = inet->inet_daddr;
struct inet_diag_msg embeds struct inet_diag_sockid that is correctly /
fully filled out in IPv6 case, but for IPv4 not.
So just zero them out by using plain memset (for this little amount of
bytes it's probably not worth the extra check for idiag_family == AF_INET).
Similarly, fix also other places where we fill that out.
Reported-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 16 Dec 2013 14:31:23 +0000 (06:31 -0800)]
ipv6: sit: update mtu check to take care of gso packets
While testing my changes for TSO support in SIT devices,
I was using sit0 tunnel which appears to include nopmtudisc flag.
But using :
ip tun add sittun mode sit remote $REMOTE_IPV4 local $LOCAL_IPV4 \
dev $IFACE
We get a tunnel which rejects too long packets because of the mtu check
which is not yet GSO aware.
erd:~# ip tunnel
sittun: ipv6/ip remote 10.246.17.84 local 10.246.17.83 ttl inherit 6rd-prefix 2002::/16
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 6rd-prefix 2002::/16
This patch is based on an excellent report from
Michal Shmidt.
In the future, we probably want to extend the MTU check to do the
right thing for GSO packets...
Fixes: ("
61c1db7fae21 ipv6: sit: add GSO/TSO support")
Reported-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Mon, 16 Dec 2013 11:36:44 +0000 (12:36 +0100)]
ipv6: pmtudisc setting not respected with UFO/CORK
Sockets marked with IPV6_PMTUDISC_PROBE (or later IPV6_PMTUDISC_INTERFACE)
don't respect this setting when the outgoing interface supports UFO.
We had the same problem in IPv4, which was fixed in commit
daba287b299ec7a2c61ae3a714920e90e8396ad5 ("ipv4: fix DO and PROBE pmtu
mode regarding local fragmentation with UFO/CORK").
Also IPV6_DONTFRAG mode did not care about already corked data, thus
it may generate a fragmented frame even if this socket option was
specified. It also did not care about the length of the ipv6 header and
possible options.
In the error path allow the user to receive the pmtu notifications via
both, rxpmtu method or error queue. The user may opted in for both,
so deliver the notification to both error handlers (the handlers check
if the error needs to be enqueued).
Also report back consistent pmtu values when sending on an already
cork-appended socket.
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Korsgaard [Mon, 16 Dec 2013 10:35:35 +0000 (11:35 +0100)]
dm9601: work around tx fifo sync issue on dm962x
Certain dm962x revisions contain an bug, where if a USB bulk transfer retry
(E.G. if bulk crc mismatch) happens right after a transfer with odd or
maxpacket length, the internal tx hardware fifo gets out of sync causing
the interface to stop working.
Work around it by adding up to 3 bytes of padding to ensure this situation
cannot trigger.
This workaround also means we never pass multiple-of-maxpacket size skb's
to usbnet, so the length adjustment to handle usbnet's padding of those can
be removed.
Cc: <stable@vger.kernel.org>
Reported-by: Joseph Chang <joseph_chang@davicom.com.tw>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Korsgaard [Mon, 16 Dec 2013 10:35:34 +0000 (11:35 +0100)]
dm9601: make it clear that dm9620/dm9621a are also supported
The driver nowadays also support dm9620/dm9621a based USB 2.0 ethernet
adapters, so adjust module/driver description and Kconfig help text to
match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Korsgaard [Mon, 16 Dec 2013 10:35:33 +0000 (11:35 +0100)]
dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
dm9620/dm9621a require room for 4 byte padding even in dm9601 (3 byte
header) mode.
Cc: <stable@vger.kernel.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Korsgaard [Mon, 16 Dec 2013 10:35:32 +0000 (11:35 +0100)]
dm9601: add support for dm9621a based dongle
dm9621a is functionally identical to dm9620, so the existing handling can
directly be used.
Thanks to Davicom for sending me a dongle.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Timo Teräs [Mon, 16 Dec 2013 09:02:09 +0000 (11:02 +0200)]
ip_gre: fix msg_name parsing for recvfrom/recvmsg
ipgre_header_parse() needs to parse the tunnel's ip header and it
uses mac_header to locate the iphdr. This got broken when gre tunneling
was refactored as mac_header is no longer updated to point to iphdr.
Introduce skb_pop_mac_header() helper to do the mac_header assignment
and use it in ipgre_rcv() to fix msg_name parsing.
Bug introduced in commit
c54419321455 (GRE: Refactor GRE tunneling code.)
Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mugunthan V N [Fri, 13 Dec 2013 13:12:55 +0000 (18:42 +0530)]
drivers: net cpsw: Enable In Band mode in cpsw for 10 mbps
This patch adds support for enabling In Band mode in 10 mbps speed.
RGMII supports 1 Gig and 100 mbps mode for Forced mode of operation.
For 10mbps mode it should be configured to in band mode so that link
status, duplexity and speed are determined from the RGMII input data
stream
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 18 Dec 2013 21:52:34 +0000 (16:52 -0500)]
Merge branch 'bond_locking'
Ding Tianhong says:
====================
Jay Vosburgh said that the bond_3ad_adapter_speed_changed and
bond_3ad_adapter_duplex_changed is called with RTNL only, and
the functions will modify the port's information with no further
locking, they will not mutex against bond state machine and
incoming LACPDU which do not hold RTNL, So I add port lock to
protect the port information.
But they are not critical bugs, they exist since day one, and till
now they have never been hit and reported, because change for speed
and duplex is very rare, and will not occur critical problem.
The comments in the function is very old, cleanup the comments together.
====================
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dingtianhong [Fri, 13 Dec 2013 09:29:29 +0000 (17:29 +0800)]
bonding: protect port for bond_3ad_handle_link_change()
The bond_3ad_handle_link_change is called with RTNL only,
and the function will modify the port's information with
no further locking, it will not mutex against bond state
machine and incoming LACPDU which do not hold RTNL, So I
add __get_state_machine_lock to protect the port.
But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.
The comments in the function is very old, cleanup it and
add a new pr_debug to debug the port message.
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dingtianhong [Fri, 13 Dec 2013 09:29:24 +0000 (17:29 +0800)]
bonding: protect port for bond_3ad_adapter_duplex_changed()
Jay Vosburgh said that the bond_3ad_adapter_duplex_changed is
called with RTNL only, and the function will modify the port's
information with no further locking, it will not mutex against
bond state machine and incoming LACPDU which do not hold RTNL,
So I add __get_state_machine_lock to protect the port.
But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.
The comments in the function is very old, cleanup it.
Suggested-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dingtianhong [Fri, 13 Dec 2013 09:29:19 +0000 (17:29 +0800)]
bonding: protect port for bond_3ad_adapter_speed_changed()
Jay Vosburgh said that the bond_3ad_adapter_speed_changed is
called with RTNL only, and the function will modify the port's
information with no further locking, it will not mutex against
bond state machine and incoming LACPDU which do not hold RTNL,
So I add __get_state_machine_lock to protect the port.
But it is not a critical bug, it exist since day one, and till
now it has never been hit and reported, because changes to
speed is very rare, and will not occur critical problem.
The comment in the function is very old, cleanup it.
Suggested-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Wed, 18 Dec 2013 18:46:08 +0000 (13:46 -0500)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth
Don Skidmore [Fri, 22 Nov 2013 04:27:23 +0000 (04:27 +0000)]
ixgbe: fix for unused variable warning with certain config
If CONFIG_PCI_IOV isn't defined we get an "unused variable" warining so
now wrap the variable declaration like it's usage already was.
Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
David Ertman [Tue, 17 Dec 2013 04:42:42 +0000 (04:42 +0000)]
e1000e: Fix a compile flag mis-match for suspend/resume
This patch addresses a mis-match between the declaration and usage of
the e1000_suspend and e1000_resume functions. Previously, these
functions were declared in a CONFIG_PM_SLEEP wrapper, and then utilized
within a CONFIG_PM wrapper. Both the declaration and usage will now be
contained within CONFIG_PM wrappers.
Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
David Ertman [Sat, 14 Dec 2013 07:30:39 +0000 (07:30 +0000)]
e1000e: fix compiler warning (maybe-unitialized variable)
This patch is to fix a compiler warning of maybe-uininitialized-variable
that is generated from gcc when the -O3 flag is used. In the function
e1000_reset_hw_80003es2lan(), the variable krmn_reg_data is first given
a value by being passed to a register read function as a
pass-by-reference parameter. But, the return value of that read
function was never checked to see if the read failed and the variable
not given an initial value. The compiler was smart enough to spot
this. This patch is to check the return value for that read function
and return it, if an error occurs, without trying to utilize the value
in kmrn_reg_data.
Signed-off-by: David Ertman <davidx.m.ertman@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
David Ertman [Sat, 14 Dec 2013 07:18:18 +0000 (07:18 +0000)]
e1000e: fix compiler warnings
This patch is to fix a compiler warning of __bad_udelay due to a value
of >999 being passed as a parameter to udelay() in the function
e1000e_phy_has_link_generic(). This affects the gcc compiler when
it is given a flag of -O3 and the icc compiler.
This patch is also making the change from mdelay() to msleep() in the
same function, since it was determined though code inspection that this
function is never called in atomic context.
Signed-off-by: David Ertman <davidx.m.ertman@intel.com>
Acked-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
John Fastabend [Tue, 26 Nov 2013 06:33:52 +0000 (06:33 +0000)]
net: allow netdev_all_upper_get_next_dev_rcu with rtnl lock held
It is useful to be able to walk all upper devices when bringing
a device online where the RTNL lock is held. In this case it
is safe to walk the all_adj_list because the RTNL lock is used
to protect the write side as well.
This patch adds a check to see if the rtnl lock is held before
throwing a warning in netdev_all_upper_get_next_dev_rcu().
Also because we now have a call site for lockdep_rtnl_is_held()
outside COFIG_LOCK_PROVING an inline definition returning 1 is
needed. Similar to the rcu_read_lock_is_held().
Fixes:
2a47fa45d4df ("ixgbe: enable l2 forwarding acceleration for macvlans")
CC: Veaceslav Falico <vfalico@redhat.com>
Reported-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Linus Torvalds [Wed, 18 Dec 2013 00:59:59 +0000 (16:59 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Definitely seems quieter this week,
Radeon, intel, intel broadwell, vmwgfx, ttm, armada, and a couple of
core fixes, one revert in radeon
Most of these are either going to stable or fixes for things
introduced in the merge window"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (30 commits)
drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
drm/ttm: Fix accesses through vmas with only partial coverage
drm/nouveau: only runtime suspend by default in optimus configuration
drm: don't double-free on driver load error
Revert "drm/radeon: Implement radeon_pci_shutdown"
drm/radeon: add missing display tiling setup for oland
drm/radeon: fix typo in cik_copy_dma
drm/radeon/cik: plug in missing blit callback
drm/radeon/dpm: Fix hwmon crash
drm/radeon: Fix sideport problems on certain RS690 boards
drm/i915: don't update the dri1 breadcrumb with modesetting
DRM: Armada: prime refcounting bug fix
DRM: Armada: fix printing of phys_addr_t/dma_addr_t
DRM: Armada: destroy framebuffer after helper
DRM: Armada: implement lastclose() for fbhelper
drm/i915: Repeat eviction search after idling the GPU
drm/vmwgfx: Add max surface memory param
drm/i915: Fix use-after-free in do_switch
drm/i915: fix pm init ordering
drm/i915: Hold mutex across i915_gem_release
...
Linus Torvalds [Tue, 17 Dec 2013 23:53:24 +0000 (15:53 -0800)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"A quick batch of fixes, including the annoying bad lock stack problem
introduced by udp_sk_rx_dst_set() locking change:
1) Use xchg() instead of sk_dst_lock() in udp_sk_rx_dst_set(), from
Eric Dumazet.
2) qlcnic bug fixes from Himanshu Madhani and Manish Chopra.
3) Update IPSEC MAINTAINERS entry, from Steffen Klassert.
4) Administrative neigh entry changes should generate netlink
notifications the same as event generated ones. From Bob
Gilligan.
5) Netfilter SYNPROXY fixes from Patrick McHardy.
6) Netfilter nft_reject endianness fixes from Eric Leblond"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
qlcnic: Dump mailbox registers when mailbox command times out.
qlcnic: Fix mailbox processing during diagnostic test
qlcnic: Allow firmware dump collection when auto firmware recovery is disabled
qlcnic: Fix memory allocation
qlcnic: Fix TSS/RSS validation for 83xx/84xx series adapter.
qlcnic: Fix TSS/RSS ring validation logic.
qlcnic: Fix diagnostic test for all adapters.
qlcnic: Fix usage of netif_tx_{wake, stop} api during link change.
xen-netback: fix fragments error handling in checksum_setup_ip()
neigh: Netlink notification for administrative NUD state change
ipv4: improve documentation of ip_no_pmtu_disc
net: unix: allow bind to fail on mutex lock
MAINTAINERS: Update the IPsec maintainer entry
udp: ipv4: do not use sk_dst_lock from softirq context
netvsc: don't flush peers notifying work during setting mtu
can: peak_usb: fix mem leak in pcan_usb_pro_init()
can: ems_usb: fix urb leaks on failure paths
sctp: loading sctp when load sctp_probe
netfilter: nft_reject: fix endianness in dump function
netfilter: SYNPROXY target: restrict to INPUT/FORWARD
David S. Miller [Tue, 17 Dec 2013 22:21:30 +0000 (17:21 -0500)]
Merge branch 'fixes-for-3.13' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
this is a pull request with two fixes for net/master, the current release
cycle.
It consists of a patch by Alexey Khoroshilov from the Linux Driver Verification
project, which fixes a memory leak in ems_usb's failure patch. And a patch by
me which fixes a memory leak in the peak usb driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 17 Dec 2013 21:25:24 +0000 (16:25 -0500)]
Merge branch 'qlcnic'
Himanshu Madhani says:
====================
qlcnic: Bug fixes.
This series contains bug fixes for mailbox handling and multi Tx queue support
for all supported adapters.
changes from v1 -> v2
o updated patch to fix usage of netif_tx_{wake,stop} api during link change
as per David Miller's suggestion.
o Dropped patch to use spinklock per tx queue for more work.
o Added reworked patch for memory allocation failures.
o Added patch to allow capturing of dump, when auto recovery is disabled in firmware.
o Added patches for mailbox interrupt handling and debugging data for mailbox failure.
Please apply to net.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish chopra [Mon, 16 Dec 2013 20:37:03 +0000 (15:37 -0500)]
qlcnic: Dump mailbox registers when mailbox command times out.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish chopra [Mon, 16 Dec 2013 20:37:02 +0000 (15:37 -0500)]
qlcnic: Fix mailbox processing during diagnostic test
o Do not enable mailbox polling in case of legacy interrupt.
Process mailbox AEN/response from the interrupt.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Mon, 16 Dec 2013 20:37:01 +0000 (15:37 -0500)]
qlcnic: Allow firmware dump collection when auto firmware recovery is disabled
o Allow driver to collect firmware dump, during a forced firmware dump
operation, when auto firmware recovery is disabled. Also, during this
operation, driver should not allow reset recovery to be performed.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Mon, 16 Dec 2013 20:37:00 +0000 (15:37 -0500)]
qlcnic: Fix memory allocation
o Use vzalloc() instead of kzalloc() for allocation of
bootloader size memory. kzalloc() may fail to allocate
the size of bootloader
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 16 Dec 2013 20:36:59 +0000 (15:36 -0500)]
qlcnic: Fix TSS/RSS validation for 83xx/84xx series adapter.
o Current code was not allowing the user to configure more
than one Tx ring using ethtool for 83xx/84xx adapter.
This regression was introduced by commit id
18afc102fdcb95d6c7d57f2967a06f2f8fe3ba4c ("qlcnic: Enable
multiple Tx queue support for 83xx/84xx Series adapter.")
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 16 Dec 2013 20:36:58 +0000 (15:36 -0500)]
qlcnic: Fix TSS/RSS ring validation logic.
o TSS/RSS ring validation does not take into account that either
of these ring values can be 0. This patch fixes this validation
and would fail set_channel operation if any of these ring value
is 0. This regression was added as part of commit id
34e8c406fda5b5a9d2e126a92bab84cd28e3b5fa ("qlcnic: refactor Tx/SDS
ring calculation and validation in driver.")
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 16 Dec 2013 20:36:57 +0000 (15:36 -0500)]
qlcnic: Fix diagnostic test for all adapters.
o Driver should re-allocate all Tx queues after completing
diagnostic tests. This regression was added by commit id
c2c5e3a0681bb1945c0cb211a5f4baa22cb2cbb3 ("qlcnic: Enable
diagnostic test for multiple Tx queues.")
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Himanshu Madhani [Mon, 16 Dec 2013 20:36:56 +0000 (15:36 -0500)]
qlcnic: Fix usage of netif_tx_{wake, stop} api during link change.
o Driver was using netif_tx_{stop,wake}_all_queues() api
during link change event. Remove these api calls to
manage queue start/stop event, as core networking stack
will manage this based on netif_carrier_{on,off} call.
These API's were modified as part of commit id
012ec81223aa45d2b80aeafb77392fd1a19c7b10 ("qlcnic: Multi Tx
queue support for 82xx Series adapter.")
Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Wei Yongjun [Mon, 16 Dec 2013 02:45:05 +0000 (10:45 +0800)]
xen-netback: fix fragments error handling in checksum_setup_ip()
Fix to return -EPROTO error if fragments detected in checksum_setup_ip().
Fixes:
1431fb31ecba ('xen-netback: fix fragment detection in checksum setup')
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bob Gilligan [Sun, 15 Dec 2013 21:39:56 +0000 (13:39 -0800)]
neigh: Netlink notification for administrative NUD state change
The neighbour code sends up an RTM_NEWNEIGH netlink notification if
the NUD state of a neighbour cache entry is changed by a timer (e.g.
from REACHABLE to STALE), even if the lladdr of the entry has not
changed.
But an administrative change to the the NUD state of a neighbour cache
entry that does not change the lladdr (e.g. via "ip -4 neigh change
... nud ...") does not trigger a netlink notification. This means
that netlink listeners will not hear about administrative NUD state
changes such as from a resolved state to PERMANENT.
This patch changes the neighbor code to generate an RTM_NEWNEIGH
message when the NUD state of an entry is changed administratively.
Signed-off-by: Bob Gilligan <gilligan@aristanetworks.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 17 Dec 2013 20:57:36 +0000 (12:57 -0800)]
Merge tag 's2mps11-build' of git://git./linux/kernel/git/broonie/regulator
Pull regulator/clk fix from Mark Brown:
"Fix s2mps11 build
This patch fixes a build failure that appeared in v3.13-rc4 due to an
RTC/MFD update merged via -mm"
* tag 's2mps11-build' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
mfd: s2mps11: Fix build after regmap field rename in sec-core.c
Linus Torvalds [Tue, 17 Dec 2013 20:36:26 +0000 (12:36 -0800)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull timer fixes from Ingo Molnar:
"Five self-contained fixlets:
- fix clocksource driver build bug
- fix two sched_clock() bugs triggering on specific hardware
- fix devicetree enumeration bug affecting specific hardware
- fix irq handler registration race resulting in boot crash
- fix device node refcount bug"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clocksource: dw_apb_timer_of: Fix support for dts binding "snps,dw-apb-timer"
clocksource: dw_apb_timer_of: Fix read_sched_clock
clocksource: sunxi: Stop timer from ticking before enabling interrupts
clocksource: clksrc-of: Do not drop unheld reference on device node
clocksource: armada-370-xp: Register sched_clock after the counter reset
clocksource: time-efm32: Select CLKSRC_MMIO
Linus Torvalds [Tue, 17 Dec 2013 20:35:54 +0000 (12:35 -0800)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
"Three fixes for scheduler crashes, each triggers in relatively rare,
hardware environment dependent situations"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/fair: Rework sched_fair time accounting
math64: Add mul_u64_u32_shr()
sched: Remove PREEMPT_NEED_RESCHED from generic code
sched: Initialize power_orig for overlapping groups
Linus Torvalds [Tue, 17 Dec 2013 20:35:05 +0000 (12:35 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fix from Ingo Molnar:
"An x86/intel event constraint fix"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86: Fix constraint table end marker bug
Hannes Frederic Sowa [Sat, 14 Dec 2013 03:42:13 +0000 (04:42 +0100)]
ipv4: improve documentation of ip_no_pmtu_disc
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 17 Dec 2013 20:06:20 +0000 (15:06 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
The following patchset contains two Netfilter fixes for your net
tree, they are:
* Fix endianness in nft_reject, the NFTA_REJECT_TYPE netlink attributes
was not converted to network byte order as needed by all nfnetlink
subsystems, from Eric Leblond.
* Restrict SYNPROXY target to INPUT and FORWARD chains, this avoid a
possible crash due to misconfigurations, from Patrick McHardy.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Sasha Levin [Fri, 13 Dec 2013 15:54:22 +0000 (10:54 -0500)]
net: unix: allow bind to fail on mutex lock
This is similar to the set_peek_off patch where calling bind while the
socket is stuck in unix_dgram_recvmsg() will block and cause a hung task
spew after a while.
This is also the last place that did a straightforward mutex_lock(), so
there shouldn't be any more of these patches.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Fri, 13 Dec 2013 11:56:05 +0000 (12:56 +0100)]
MAINTAINERS: Update the IPsec maintainer entry
Add the IPsec git trees and some pure IPsec modules
to the IPsec section in the MAINTAINERS file.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sun, 15 Dec 2013 18:53:46 +0000 (10:53 -0800)]
udp: ipv4: do not use sk_dst_lock from softirq context
Using sk_dst_lock from softirq context is not supported right now.
Instead of adding BH protection everywhere,
udp_sk_rx_dst_set() can instead use xchg(), as suggested
by David.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Fixes:
975022310233 ("udp: ipv4: must add synchronization in udp_sk_rx_dst_set()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 17 Dec 2013 19:47:40 +0000 (11:47 -0800)]
Merge tag 'gpio-v3.13-4' of git://git./linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"All but one are long-standing bug fixes that are also tagged for
stable
- Driver bug fixes for SH PFC, TWL4030, MSM and RCAR.
- Update the MAINTAINERS"
* tag 'gpio-v3.13-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: rcar: Fix level interrupt handling
gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
gpio: twl4030: Fix regression for twl gpio LED output
sh-pfc: Fix PINMUX_GPIO macro
MAINTAINERS: update GPIO maintainers entry
Linus Torvalds [Tue, 17 Dec 2013 19:46:51 +0000 (11:46 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client
Pull two Ceph fixes from Sage Weil:
"One of these is fixing a regression from the d_flags file type patch
that went into -rc1 that broke instantiation of inodes and dentries
(we were doing dentries first). The other is just an off-by-one
corner case"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
ceph: initialize inode before instantiating dentry
Jason Wang [Fri, 13 Dec 2013 09:21:27 +0000 (17:21 +0800)]
netvsc: don't flush peers notifying work during setting mtu
There's a possible deadlock if we flush the peers notifying work during setting
mtu:
[ 22.991149] ======================================================
[ 22.991173] [ INFO: possible circular locking dependency detected ]
[ 22.991198] 3.10.0-54.0.1.el7.x86_64.debug #1 Not tainted
[ 22.991219] -------------------------------------------------------
[ 22.991243] ip/974 is trying to acquire lock:
[ 22.991261] ((&(&net_device_ctx->dwork)->work)){+.+.+.}, at: [<
ffffffff8108af95>] flush_work+0x5/0x2e0
[ 22.991307]
but task is already holding lock:
[ 22.991330] (rtnl_mutex){+.+.+.}, at: [<
ffffffff81539deb>] rtnetlink_rcv+0x1b/0x40
[ 22.991367]
which lock already depends on the new lock.
[ 22.991398]
the existing dependency chain (in reverse order) is:
[ 22.991426]
-> #1 (rtnl_mutex){+.+.+.}:
[ 22.991449] [<
ffffffff810dfdd9>] __lock_acquire+0xb19/0x1260
[ 22.991477] [<
ffffffff810e0d12>] lock_acquire+0xa2/0x1f0
[ 22.991501] [<
ffffffff81673659>] mutex_lock_nested+0x89/0x4f0
[ 22.991529] [<
ffffffff815392b7>] rtnl_lock+0x17/0x20
[ 22.991552] [<
ffffffff815230b2>] netdev_notify_peers+0x12/0x30
[ 22.991579] [<
ffffffffa0340212>] netvsc_send_garp+0x22/0x30 [hv_netvsc]
[ 22.991610] [<
ffffffff8108d251>] process_one_work+0x211/0x6e0
[ 22.991637] [<
ffffffff8108d83b>] worker_thread+0x11b/0x3a0
[ 22.991663] [<
ffffffff81095e5d>] kthread+0xed/0x100
[ 22.991686] [<
ffffffff81681c6c>] ret_from_fork+0x7c/0xb0
[ 22.991715]
-> #0 ((&(&net_device_ctx->dwork)->work)){+.+.+.}:
[ 22.991715] [<
ffffffff810de817>] check_prevs_add+0x967/0x970
[ 22.991715] [<
ffffffff810dfdd9>] __lock_acquire+0xb19/0x1260
[ 22.991715] [<
ffffffff810e0d12>] lock_acquire+0xa2/0x1f0
[ 22.991715] [<
ffffffff8108afde>] flush_work+0x4e/0x2e0
[ 22.991715] [<
ffffffff8108e1b5>] __cancel_work_timer+0x95/0x130
[ 22.991715] [<
ffffffff8108e303>] cancel_delayed_work_sync+0x13/0x20
[ 22.991715] [<
ffffffffa03404e4>] netvsc_change_mtu+0x84/0x200 [hv_netvsc]
[ 22.991715] [<
ffffffff815233d4>] dev_set_mtu+0x34/0x80
[ 22.991715] [<
ffffffff8153bc2a>] do_setlink+0x23a/0xa00
[ 22.991715] [<
ffffffff8153d054>] rtnl_newlink+0x394/0x5e0
[ 22.991715] [<
ffffffff81539eac>] rtnetlink_rcv_msg+0x9c/0x260
[ 22.991715] [<
ffffffff8155cdd9>] netlink_rcv_skb+0xa9/0xc0
[ 22.991715] [<
ffffffff81539dfa>] rtnetlink_rcv+0x2a/0x40
[ 22.991715] [<
ffffffff8155c41d>] netlink_unicast+0xdd/0x190
[ 22.991715] [<
ffffffff8155c807>] netlink_sendmsg+0x337/0x750
[ 22.991715] [<
ffffffff8150d219>] sock_sendmsg+0x99/0xd0
[ 22.991715] [<
ffffffff8150d63e>] ___sys_sendmsg+0x39e/0x3b0
[ 22.991715] [<
ffffffff8150eba2>] __sys_sendmsg+0x42/0x80
[ 22.991715] [<
ffffffff8150ebf2>] SyS_sendmsg+0x12/0x20
[ 22.991715] [<
ffffffff81681d19>] system_call_fastpath+0x16/0x1b
This is because we hold the rtnl_lock() before ndo_change_mtu() and try to flush
the work in netvsc_change_mtu(), in the mean time, netdev_notify_peers() may be
called from worker and also trying to hold the rtnl_lock. This will lead the
flush won't succeed forever. Solve this by not canceling and flushing the work,
this is safe because the transmission done by NETDEV_NOTIFY_PEERS was
synchronized with the netif_tx_disable() called by netvsc_change_mtu().
Reported-by: Yaju Cao <yacao@redhat.com>
Tested-by: Yaju Cao <yacao@redhat.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 17 Dec 2013 19:43:46 +0000 (11:43 -0800)]
Merge branch 'merge' of git://git./linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
"Uli's patch fixes a regression in ptrace caused by a mis-merge of a
previous LE patch. The rest are all more endian fixes, all fairly
trivial, found during testing of 3.13-rc's"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/powernv: Fix OPAL LPC access in Little Endian
powerpc/powernv: Fix endian issue in opal_xscom_read
powerpc: Fix endian issues in crash dump code
powerpc/pseries: Fix endian issues in MSI code
powerpc/pseries: Fix PCIE link speed endian issue
powerpc/pseries: Fix endian issues in nvram code
powerpc/pseries: Fix endian issues in /proc/ppc64/lparcfg
powerpc: Fix topology core_id endian issue on LE builds
powerpc: Fix endian issue in setup-common.c
powerpc: PTRACE_PEEKUSR always returns FPR0
Josh Boyer [Fri, 11 Oct 2013 12:45:51 +0000 (08:45 -0400)]
cpupower: Fix segfault due to incorrect getopt_long arugments
If a user calls 'cpupower set --perf-bias 15', the process will end with
a SIGSEGV in libc because cpupower-set passes a NULL optarg to the atoi
call. This is because the getopt_long structure currently has all of
the options as having an optional_argument when they really have a
required argument. We change the structure to use required_argument to
match the short options and it resolves the issue.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=
1000439
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Thomas Renninger <trenn@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sujith Manoharan [Mon, 16 Dec 2013 01:34:59 +0000 (07:04 +0530)]
ath9k: Fix interrupt handling for the AR9002 family
This patch adds a driver workaround for a HW issue.
A race condition in the HW results in missing interrupts,
which can be avoided by a read/write with the ISR register.
All chips in the AR9002 series are affected by this bug - AR9003
and above do not have this problem.
Cc: stable@vger.kernel.org
Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Wed, 11 Dec 2013 23:13:10 +0000 (17:13 -0600)]
rtlwifi: pci: Fix oops on driver unload
On Fedora systems, unloading rtl8192ce causes an oops. This patch fixes the
problem reported at https://bugzilla.redhat.com/show_bug.cgi?id=852761.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mathy Vanhoef [Thu, 28 Nov 2013 11:21:45 +0000 (12:21 +0100)]
ath9k_htc: properly set MAC address and BSSID mask
Pick the MAC address of the first virtual interface as the new hardware MAC
address. Set BSSID mask according to this MAC address. This fixes CVE-2013-4579.
Signed-off-by: Mathy Vanhoef <vanhoefm@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Tue, 17 Dec 2013 18:32:20 +0000 (13:32 -0500)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Marcel Holtmann [Tue, 17 Dec 2013 11:21:25 +0000 (03:21 -0800)]
Bluetooth: Fix HCI User Channel permission check in hci_sock_sendmsg
The HCI User Channel is an admin operation which enforces CAP_NET_ADMIN
when binding the socket. Problem now is that it then requires also
CAP_NET_RAW when calling into hci_sock_sendmsg. This is not intended
and just an oversight since general HCI sockets (which do not require
special permission to bind) and HCI User Channel share the same code
path here.
Remove the extra CAP_NET_RAW check for HCI User Channel write operation
since the permission check has already been enforced when binding the
socket. This also makes it possible to open HCI User Channel from a
privileged process and then hand the file descriptor to an unprivilged
process.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Tested-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marc Kleine-Budde [Sat, 14 Dec 2013 13:36:25 +0000 (14:36 +0100)]
can: peak_usb: fix mem leak in pcan_usb_pro_init()
This patch fixes a memory leak in pcan_usb_pro_init(). In patch
f14e224 net: can: peak_usb: Do not do dma on the stack
the struct pcan_usb_pro_fwinfo *fi and struct pcan_usb_pro_blinfo *bi were
converted from stack to dynamic allocation va kmalloc(). However the
corresponding kfree() was not introduced.
This patch adds the missing kfree().
Cc: linux-stable <stable@vger.kernel.org> # v3.10
Reported-by: Stephane Grosjean <s.grosjean@peak-system.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Alexey Khoroshilov [Fri, 6 Dec 2013 23:10:35 +0000 (03:10 +0400)]
can: ems_usb: fix urb leaks on failure paths
There are a couple failure paths where urb leaks.
Is spare code within ems_usb_start_xmit(),
usb_free_urb() should be used to deallocate urb instead of usb_unanchor_urb().
In ems_usb_start() there is no usb_free_urb() if usb_submit_urb() fails.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Sebastian Haas <dev@sebastianhaas.info>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Rafał Miłecki [Sat, 7 Dec 2013 12:22:42 +0000 (13:22 +0100)]
drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
This bug in EDID was exposed by:
commit
eccea7920cfb009c2fa40e9ecdce8c36f61cab66
Author: Alex Deucher <alexander.deucher@amd.com>
Date: Mon Mar 26 15:12:54 2012 -0400
drm/radeon/kms: improve bpc handling (v2)
Which resulted in kind of regression in 3.5. This fixes
https://bugs.freedesktop.org/show_bug.cgi?id=70934
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
wangweidong [Fri, 13 Dec 2013 03:00:10 +0000 (11:00 +0800)]
sctp: loading sctp when load sctp_probe
when I modprobe sctp_probe, it failed with "FATAL: ". I found that
sctp should load before sctp_probe register jprobe. So I add a
sctp_setup_jprobe for loading 'sctp' when first failed to register
jprobe, just do this similar to dccp_probe.
v2: add MODULE_SOFTDEP and check of request_module, as suggested by Neil
Signed-off-by: Wang Weidong <wangweidong1@huawei.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dave Airlie [Mon, 16 Dec 2013 23:22:26 +0000 (09:22 +1000)]
Merge branch 'ttm-fixes-3.13' of git://people.freedesktop.org/~thomash/linux into drm-next
A single ttm vm fix.
* 'ttm-fixes-3.13' of git://people.freedesktop.org/~thomash/linux:
drm/ttm: Fix accesses through vmas with only partial coverage
Thomas Hellstrom [Mon, 9 Dec 2013 07:23:57 +0000 (23:23 -0800)]
drm/ttm: Fix accesses through vmas with only partial coverage
VMAs covering a bo but that didn't start at the same address space offset as
the bo they were mapping were incorrectly generating SEGFAULT errors in
the fault handler.
Reported-by: Joseph Dolinak <kanilo2@yahoo.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Jakob Bornecrantz <jakob@vmware.com>
Cc: stable@vger.kernel.org
Krzysztof Kozlowski [Wed, 11 Dec 2013 14:07:43 +0000 (15:07 +0100)]
mfd: s2mps11: Fix build after regmap field rename in sec-core.c
Fix building of s2mps11 regulator and clock drivers after renaming
regmap field in struct sec_pmic_dev in commit:
- "mfd/rtc: s5m: Fix register updating by adding regmap for RTC"
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Johannes Berg [Mon, 16 Dec 2013 11:04:36 +0000 (12:04 +0100)]
radiotap: fix bitmap-end-finding buffer overrun
Evan Huus found (by fuzzing in wireshark) that the radiotap
iterator code can access beyond the length of the buffer if
the first bitmap claims an extension but then there's no
data at all. Fix this.
Cc: stable@vger.kernel.org
Reported-by: Evan Huus <eapache@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Ilia Mirkin [Thu, 12 Dec 2013 03:19:01 +0000 (22:19 -0500)]
drm/nouveau: only runtime suspend by default in optimus configuration
The intent was to only enable it by default for optimus, e.g. see the
runtime_idle callback. The suspend callback may be called directly, e.g.
as a result of nouveau_crtc_set_config.
Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Linus Torvalds [Sun, 15 Dec 2013 20:31:33 +0000 (12:31 -0800)]
Linux 3.13-rc4
Matias Bjorling [Tue, 10 Dec 2013 15:50:38 +0000 (16:50 +0100)]
null_blk: mem garbage on NUMA systems during init
For NUMA systems, initializing the blk-mq layer and using per node hctx.
We initialize submit queues to 1, while blk-mq nr_hw_queues is
initialized to the number of NUMA nodes.
This makes the null_init_hctx function overwrite memory outside of what
it allocated. In my case it lead to writing garbage into struct
request_queue's mq_map.
Signed-off-by: Matias Bjorling <m@bjorling.me>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sergey Senozhatsky [Thu, 12 Dec 2013 23:25:57 +0000 (02:25 +0300)]
radeon_pm: fix oops in hwmon_attributes_visible() and radeon_hwmon_show_temp_thresh()
Since commit
ec39f64bba34 ("drm/radeon/dpm: Convert to use
devm_hwmon_register_with_groups") radeon_hwmon_init() is using
hwmon_device_register_with_groups(), which sets `rdev' as a device
private driver_data, while hwmon_attributes_visible() and
radeon_hwmon_show_temp_thresh() are still waiting for `drm_device'.
Fix them by using dev_get_drvdata(), in order to avoid this oops:
BUG: unable to handle kernel paging request at
0000000000001e28
IP: [<
ffffffffa02ae8b4>] hwmon_attributes_visible+0x18/0x3d [radeon]
PGD
15057e067 PUD
151a8e067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Call Trace:
internal_create_group+0x114/0x1d9
sysfs_create_group+0xe/0x10
sysfs_create_groups+0x22/0x5f
device_add+0x34f/0x501
device_register+0x15/0x18
hwmon_device_register_with_groups+0xb5/0xed
radeon_hwmon_init+0x56/0x7c [radeon]
radeon_pm_init+0x134/0x7e5 [radeon]
radeon_modeset_init+0x75f/0x8ed [radeon]
radeon_driver_load_kms+0xc6/0x187 [radeon]
drm_dev_register+0xf9/0x1b4 [drm]
drm_get_pci_dev+0x98/0x129 [drm]
radeon_pci_probe+0xa3/0xac [radeon]
pci_device_probe+0x6e/0xcf
driver_probe_device+0x98/0x1c4
__driver_attach+0x5c/0x7e
bus_for_each_dev+0x7b/0x85
driver_attach+0x19/0x1b
bus_add_driver+0x104/0x1ce
driver_register+0x89/0xc5
__pci_register_driver+0x58/0x5b
drm_pci_init+0x86/0xea [drm]
radeon_init+0x97/0x1000 [radeon]
do_one_initcall+0x7f/0x117
load_module+0x1583/0x1bb4
SyS_init_module+0xa0/0xaf
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Alexander Deucher <Alexander.Deucher@amd.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 15 Dec 2013 19:56:47 +0000 (11:56 -0800)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Revert CHECKSUM_COMPLETE optimization in pskb_trim_rcsum(), I can't
figure out why it breaks things.
2) Fix comparison in netfilter ipset's hash_netnet4_data_equal(), it
was basically doing "x == x", from Dave Jones.
3) Freescale FEC driver was DMA mapping the wrong number of bytes, from
Sebastian Siewior.
4) Blackhole and prohibit routes in ipv6 were not doing the right thing
because their ->input and ->output methods were not being assigned
correctly. Now they behave properly like their ipv4 counterparts.
From Kamala R.
5) Several drivers advertise the NETIF_F_FRAGLIST capability, but
really do not support this feature and will send garbage packets if
fed fraglist SKBs. From Eric Dumazet.
6) Fix long standing user triggerable BUG_ON over loopback in RDS
protocol stack, from Venkat Venkatsubra.
7) Several not so common code paths can potentially try to invoke
packet scheduler actions that might be NULL without checking. Shore
things up by either 1) defining a method as mandatory and erroring
on registration if that method is NULL 2) defininig a method as
optional and the registration function hooks up a default
implementation when NULL is seen. From Jamal Hadi Salim.
8) Fix fragment detection in xen-natback driver, from Paul Durrant.
9) Kill dangling enter_memory_pressure method in cg_proto ops, from
Eric W Biederman.
10) SKBs that traverse namespaces should have their local_df cleared,
from Hannes Frederic Sowa.
11) IOCB file position is not being updated by macvtap_aio_read() and
tun_chr_aio_read(). From Zhi Yong Wu.
12) Don't free virtio_net netdev before releasing all of the NAPI
instances. From Andrey Vagin.
13) Procfs entry leak in xt_hashlimit, from Sergey Popovich.
14) IPv6 routes that are no cached routes should not count against the
garbage collection limits. We had this almost right, but were
missing handling addrconf generated routes properly. From Hannes
Frederic Sowa.
15) fib{4,6}_rule_suppress() have to consider potentially seeing NULL
route info when they are called, from Stefan Tomanek.
16) TUN and MACVTAP have had truncated packet signalling for some time,
fix from Jason Wang.
17) Fix use after frrr in __udp4_lib_rcv(), from Eric Dumazet.
18) xen-netback does not interpret the NAPI budget properly for TX work,
fix from Paul Durrant.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (132 commits)
igb: Fix for issue where values could be too high for udelay function.
i40e: fix null dereference
xen-netback: fix gso_prefix check
net: make neigh_priv_len in struct net_device 16bit instead of 8bit
drivers: net: cpsw: fix for cpsw crash when build as modules
xen-netback: napi: don't prematurely request a tx event
xen-netback: napi: fix abuse of budget
sch_tbf: use do_div() for 64-bit divide
udp: ipv4: must add synchronization in udp_sk_rx_dst_set()
net:fec: remove duplicate lines in comment about errata ERR006358
Revert "8390 : Replace ei_debug with msg_enable/NETIF_MSG_* feature"
8390 : Replace ei_debug with msg_enable/NETIF_MSG_* feature
xen-netback: make sure skb linear area covers checksum field
net: smc91x: Fix device tree based configuration so it's usable
udp: ipv4: fix potential use after free in udp_v4_early_demux()
macvtap: signal truncated packets
tun: unbreak truncated packet signalling
net: sched: htb: fix the calculation of quantum
net: sched: tbf: fix the calculation of max_size
micrel: add support for KSZ8041RNLI
...
Linus Torvalds [Sun, 15 Dec 2013 19:52:47 +0000 (11:52 -0800)]
Merge branch 'x86/urgent' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Peter Anvin:
"This is a pretty small batch:
The biggest single change is to stop using EFI time services on 32-bit
platforms. This matches our current behavior on 64-bit platforms as
we already had ruled them out there as being too unreliable. Turns
out that affects 32-bit platforms, too.
One NULL pointer fix for SGI UV.
Two minor build fixes, one of which only affects icc and the other
which affects icc and future versions or nonstandard default settings
of gcc"
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, efi: Don't use (U)EFI time services on 32 bit
x86, build, icc: Remove uninitialized_var() from compiler-intel.h
x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the 'nobau' boot option is used
x86, build: Pass in additional -mno-mmx, -mno-sse options
Linus Torvalds [Sun, 15 Dec 2013 19:45:27 +0000 (11:45 -0800)]
Merge tag 'pci-v3.13-fixes-2' of git://git./linux/kernel/git/helgaas/pci
Pull PCI updates from Bjorn Helgaas:
"PCI device hotplug
- Move device_del() from pci_stop_dev() to pci_destroy_dev() (Rafael
Wysocki)
Host bridge drivers
- Update maintainers for DesignWare, i.MX6, Armada, R-Car (Bjorn
Helgaas)
- mvebu: Return 'unsupported' for Interrupt Line and Interrupt Pin
(Jason Gunthorpe)
Miscellaneous
- Avoid unnecessary CPU switch when calling .probe() (Alexander
Duyck)
- Revert "workqueue: allow work_on_cpu() to be called recursively"
(Bjorn Helgaas)
- Disable Bus Master only on kexec reboot (Khalid Aziz)
- Omit PCI ID macro strings to shorten quirk names for LTO (Michal
Marek)"
* tag 'pci-v3.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
MAINTAINERS: Add DesignWare, i.MX6, Armada, R-Car PCI host maintainers
PCI: Disable Bus Master only on kexec reboot
PCI: mvebu: Return 'unsupported' for Interrupt Line and Interrupt Pin
PCI: Omit PCI ID macro strings to shorten quirk names
PCI: Move device_del() from pci_stop_dev() to pci_destroy_dev()
Revert "workqueue: allow work_on_cpu() to be called recursively"
PCI: Avoid unnecessary CPU switch when calling driver .probe() method
Linus Torvalds [Sun, 15 Dec 2013 19:28:02 +0000 (11:28 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security
Pull SELinux fixes from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
selinux: look for IPsec labels on both inbound and outbound packets
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
selinux: fix possible memory leak
Linus Torvalds [Sun, 15 Dec 2013 19:17:45 +0000 (11:17 -0800)]
Revert "selinux: consider filesystem subtype in policies"
This reverts commit
102aefdda4d8275ce7d7100bc16c88c74272b260.
Tom London reports that it causes sync() to hang on Fedora rawhide:
https://bugzilla.redhat.com/show_bug.cgi?id=
1033965
and Josh Boyer bisected it down to this commit. Reverting the commit in
the rawhide kernel fixes the problem.
Eric Paris root-caused it to incorrect subtype matching in that commit
breaking fuse, and has a tentative patch, but by now we're better off
retrying this in 3.14 rather than playing with it any more.
Reported-by: Tom London <selinux@gmail.com>
Bisected-by: Josh Boyer <jwboyer@fedoraproject.org>
Acked-by: Eric Paris <eparis@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Anand Avati <avati@redhat.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Carolyn Wyborny [Sat, 14 Dec 2013 11:26:46 +0000 (03:26 -0800)]
igb: Fix for issue where values could be too high for udelay function.
This patch changes the igb_phy_has_link function to check the value of the
parameter before deciding to use udelay or mdelay in order to be sure that
the value is not too high for udelay function.
CC: stable kernel <stable@vger.kernel.org> # 3.9+
Signed-off-by: Sunil K Pandey <sunil.k.pandey@intel.com>
Signed-off-by: Kevin B Smith <kevin.b.smith@intel.com>
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jesse Brandeburg [Sat, 14 Dec 2013 11:26:45 +0000 (03:26 -0800)]
i40e: fix null dereference
If the vsi->tx_rings structure is NULL we don't want to panic.
Change-Id: Ic694f043701738c434e8ebe0caf0673f4410dc10
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sat, 14 Dec 2013 17:37:17 +0000 (09:37 -0800)]
Merge tag 'edac_fixes_for_3.13' of git://git./linux/kernel/git/bp/bp
Pull EDAC fix from Borislav Petkov:
"Silence a compiler warning in sb_edac"
* tag 'edac_fixes_for_3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
sb_edac: Shut up compiler warning when EDAC_DEBUG is enabled
Linus Torvalds [Sat, 14 Dec 2013 00:16:03 +0000 (16:16 -0800)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"This resolves some further issues with the dma mask changes on ARM
which have been found by TI and others, and also some corner cases
with the updates to the virtual to physical address translations.
Konstantin also found some problems with the unwinder, which now
performs tighter verification that the stack is valid while unwinding"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: fix asm/memory.h build error
ARM: 7917/1: cacheflush: correctly limit range of memory region being flushed
ARM: 7913/1: fix framepointer check in unwind_frame
ARM: 7912/1: check stack pointer in get_wchan
ARM: 7909/1: mm: Call setup_dma_zone() post early_paging_init()
ARM: 7908/1: mm: Fix the arm_dma_limit calculation
ARM: another fix for the DMA mapping checks
Linus Torvalds [Sat, 14 Dec 2013 00:14:39 +0000 (16:14 -0800)]
Merge tag 'arc-fixes-for-3.13' of git://git./linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
"These are couple of weeks old already, but I just couldn't get them to
you earlier.
- couple of fixes for recently added perf code
- build time extable sort"
* tag 'arc-fixes-for-3.13' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: [perf] Fix a few thinkos
ARC: Add guard macro to uapi/asm/unistd.h
ARC: extable: Enable sorting at build time
Linus Torvalds [Fri, 13 Dec 2013 21:22:22 +0000 (13:22 -0800)]
Merge tag 'dm-3.13-fixes' of git://git./linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
"A set of device-mapper fixes for 3.13.
A fix for possible memory corruption during DM table load, fix a
possible leak of snapshot space in case of a crash, fix a possible
deadlock due to a shared workqueue in the delay target, fix to
initialize read-only module parameters that are used to export metrics
for dm stats and dm bufio.
Quite a few stable fixes were identified for both the thin-
provisioning and caching targets as a result of increased regression
testing using the device-mapper-test-suite (dmts). The most notable
of these are the reference counting fixes for the space map btree that
is used by the dm-array interface -- without these the dm-cache
metadata will leak, resulting in dm-cache devices running out of
metadata blocks. Also, some important fixes related to the
thin-provisioning target's transition to read-only mode on error"
* tag 'dm-3.13-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm array: fix a reference counting bug in shadow_ablock
dm space map: disallow decrementing a reference count below zero
dm stats: initialize read-only module parameter
dm bufio: initialize read-only module parameters
dm cache: actually resize cache
dm cache: update Documentation for invalidate_cblocks's range syntax
dm cache policy mq: fix promotions to occur as expected
dm thin: allow pool in read-only mode to transition to read-write mode
dm thin: re-establish read-only state when switching to fail mode
dm thin: always fallback the pool mode if commit fails
dm thin: switch to read-only mode if metadata space is exhausted
dm thin: switch to read only mode if a mapping insert fails
dm space map metadata: return on failure in sm_metadata_new_block
dm table: fail dm_table_create on dm_round_up overflow
dm snapshot: avoid snapshot space leak on crash
dm delay: fix a possible deadlock due to shared workqueue
Linus Torvalds [Fri, 13 Dec 2013 21:21:28 +0000 (13:21 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:
- Genius Gx Imperator Keyboard regression fix (missing break in case),
by Ben Hutchings
- duplicate sysfs entry error fix for hid-sensor-hub driver, by
Srinivas Pandruvada
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: hid-sensor-hub: fix duplicate sysfs entry error
HID: kye: Fix missing break in kye_report_fixup()
Russell King [Tue, 10 Dec 2013 19:21:08 +0000 (19:21 +0000)]
ARM: fix asm/memory.h build error
Jason Gunthorpe reports a build failure when ARM_PATCH_PHYS_VIRT is
not defined:
In file included from arch/arm/include/asm/page.h:163:0,
from include/linux/mm_types.h:16,
from include/linux/sched.h:24,
from arch/arm/kernel/asm-offsets.c:13:
arch/arm/include/asm/memory.h: In function '__virt_to_phys':
arch/arm/include/asm/memory.h:244:40: error: 'PHYS_OFFSET' undeclared (first use in this function)
arch/arm/include/asm/memory.h:244:40: note: each undeclared identifier is reported only once for each function it appears in
arch/arm/include/asm/memory.h: In function '__phys_to_virt':
arch/arm/include/asm/memory.h:249:13: error: 'PHYS_OFFSET' undeclared (first use in this function)
Fixes:
ca5a45c06cd4 ("ARM: mm: use phys_addr_t appropriately in p2v and v2p conversions")
Tested-By: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Linus Torvalds [Fri, 13 Dec 2013 19:39:54 +0000 (11:39 -0800)]
Merge tag 'regulator-v3.13-rc3' of git://git./linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A small set of driver fixes plus one larger core change which changes
the way we check to see if we're using DT so that there aren't any
races between deciding we're using DT and the regulator subsystem
noticing.
This makes the new support for substituting a dummy regulator and
optional regulators work a lot better on DT systems since it ensures
that we don't trigger probe deferral when we shouldn't which was
causing bugs in clients"
* tag 'regulator-v3.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: pfuze100: allow misprogrammed ID
regulator: pfuze100: Fix address of FABID
regulator: as3722: set the correct current limit
regulator: core: Check for DT every time we check full constraints
regulator: core: Replace checks of have_full_constraints with a function
Linus Torvalds [Fri, 13 Dec 2013 19:38:35 +0000 (11:38 -0800)]
Merge tag 'regmap-v3.13-rc3' of git://git./linux/kernel/git/broonie/regmap
Pull regmap fixes from Mark Brown:
"Two small changes to fix some error handling and checking (both of
which would be quite serious if the errors trigger) plus a trivial
documentation fix"
* tag 'regmap-v3.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: use IS_ERR() to check clk_get() results
regmap: make sure we unlock on failure in regmap_bulk_write
regmap: trivial comment fix (copy'n'paste error)
Linus Torvalds [Fri, 13 Dec 2013 19:37:57 +0000 (11:37 -0800)]
Merge branch 'i2c/for-current' of git://git./linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"Here are two simple but wanted fixes for the i2c subsystem"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: imx: Check the return value from clk_prepare_enable()
i2c: mux: Inherit retry count and timeout from parent for muxed bus
Linus Torvalds [Fri, 13 Dec 2013 19:31:22 +0000 (11:31 -0800)]
Merge tag 'for-linus-
20131212' of git://git.infradead.org/linux-mtd
Pull MTD fixes from Brian Norris:
"Two MTD fixes, for the pxa3xx-nand driver:
- This driver was not ready to fully Armada 370 NAND, with
particularly notable problems seen on flash with 2KB page sizes.
This "compatible" entry really should have been held back until
3.14 or later.
- Fix a bug seen in rare cases on the error path of a failed probe
attempt, where we free unallocated DMA resources"
* tag 'for-linus-
20131212' of git://git.infradead.org/linux-mtd:
mtd: nand: pxa3xx: Use info->use_dma to release DMA resources
Partially revert "mtd: nand: pxa3xx: Introduce 'marvell,armada370-nand' compatible string"
Linus Torvalds [Fri, 13 Dec 2013 19:29:51 +0000 (11:29 -0800)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull slave-dmaengine fixes from Vinod Koul:
"Here is the common fixes PULL for dmaengine.
Dan has been working on fixing the build issues in bunch of drivers.
Here we have one fixing s3c24xx-dma, along with fix from Russell on
pl08x. Also we have Kuninori rcar dma fixes. The s3c24xx-dma which
was added in last merge window missed updates to usage of DMA_COMPLETE
so converting the last driver"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dma: fix build breakage in s3c24xx-dma
Fix pl08x warnings
rcar-hpbdma: initialise plane information when halted
rcar-hpbdma: fixup channel busy check for double plane
rcar-hpbdma: add max transfer size
dma: mmp_pdma: add missing platform_set_drvdata() in mmp_pdma_probe()
dmaengine: s3c24xx-dma: use DMA_COMPLETE for dma completion status
Joe Thornber [Fri, 13 Dec 2013 14:55:55 +0000 (14:55 +0000)]
dm array: fix a reference counting bug in shadow_ablock
An old array block could have its reference count decremented below
zero when it is being replaced in the btree by a new array block.
The fix is to increment the old ablock's reference count just before
inserting a new ablock into the btree.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # 3.9+
Joe Thornber [Fri, 13 Dec 2013 12:31:08 +0000 (12:31 +0000)]
dm space map: disallow decrementing a reference count below zero
The old behaviour, returning -EINVAL if a ref_count of 0 would be
decremented, was removed in commit
f722063 ("dm space map: optimise
sm_ll_dec and sm_ll_inc"). To fix this regression we return an error
code from the mutator function pointer passed to sm_ll_mutate() and have
dec_ref_count() return -EINVAL if the old ref_count is 0.
Add a DMERR to reflect the potential seriousness of this error.
Also, add missing dm_tm_unlock() to sm_ll_mutate()'s error path.
With this fix the following dmts regression test now passes:
dmtest run --suite cache -n /metadata_use_kernel/
The next patch fixes the higher-level dm-array code that exposed this
regression.
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # 3.12+
Li Wang [Wed, 13 Nov 2013 07:22:14 +0000 (15:22 +0800)]
ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
If the length of data to be read in readpage() is exactly
PAGE_CACHE_SIZE, the original code does not flush d-cache
for data consistency after finishing reading. This patches fixes
this.
Signed-off-by: Li Wang <liwang@ubuntukylin.com>
Signed-off-by: Sage Weil <sage@inktank.com>