Commit Graph

388812 Commits

Author SHA1 Message Date
Andrew Vagin
ed5467da0e tracing: Fix fields of struct trace_iterator that are zeroed by mistake
tracing_read_pipe zeros all fields bellow "seq". The declaration contains
a comment about that, but it doesn't help.

The first field is "snapshot", it's true when current open file is
snapshot. Looks obvious, that it should not be zeroed.

The second field is "started". It was converted from cpumask_t to
cpumask_var_t (v2.6.28-4983-g4462344), in other words it was
converted from cpumask to pointer on cpumask.

Currently the reference on "started" memory is lost after the first read
from tracing_read_pipe and a proper object will never be freed.

The "started" is never dereferenced for trace_pipe, because trace_pipe
can't have the TRACE_FILE_ANNOTATE options.

Link: http://lkml.kernel.org/r/1375463803-3085183-1-git-send-email-avagin@openvz.org

Cc: stable@vger.kernel.org # 2.6.30
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-08-02 22:28:41 -04:00
Paul Moore
6a8b7f0c85 netlabel: use domain based selectors when address based selectors are not available
NetLabel has the ability to selectively assign network security labels
to outbound traffic based on either the LSM's "domain" (different for
each LSM), the network destination, or a combination of both.  Depending
on the type of traffic, local or forwarded, and the type of traffic
selector, domain or address based, different hooks are used to label the
traffic; the goal being minimal overhead.

Unfortunately, there is a bug such that a system using NetLabel domain
based traffic selectors does not correctly label outbound local traffic
that is not assigned to a socket.  The issue is that in these cases
the associated NetLabel hook only looks at the address based selectors
and not the domain based selectors.  This patch corrects this by
checking both the domain and address based selectors so that the correct
labeling is applied, regardless of the configuration type.

In order to acomplish this fix, this patch also simplifies some of the
NetLabel domainhash structures to use a more common outbound traffic
mapping type: struct netlbl_dommap_def.  This simplifies some of the code
in this patch and paves the way for further simplifications in the
future.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 16:57:01 -07:00
Roman Gushchin
5f671d6b4e net: check net.core.somaxconn sysctl values
It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.

The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.

before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100

after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"

Based on a prior patch from Changli Gao.

Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Reported-by: Changli Gao <xiaosuo@gmail.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 15:18:53 -07:00
Denis Kirjanov
3508ea333e sis900: Fix the tx queue timeout issue
[  198.720048] ------------[ cut here ]------------
[  198.720108] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:255 dev_watchdog+0x229/0x240()
[  198.720118] NETDEV WATCHDOG: eth0 (sis900): transmit queue 0 timed out
[  198.720125] Modules linked in: bridge stp llc dmfe sundance 3c59x sis900 mii
[  198.720159] CPU: 0 PID: 0 Comm: swapper Not tainted 3.11.0-rc3+ #12
[  198.720167] Hardware name: System Manufacturer System Name/TUSI-M, BIOS ASUS TUSI-M ACPI BIOS
Revision 1013 Beta 001 12/14/2001
[  198.720175]  000000ff c13fa6b9 c169ddcc c12208d6 c169ddf8 c1031e4d c1664a84 c169de24
[  198.720197]  00000000 c165f5ea 000000ff c13fa6b9 00000001 000000ff c1664a84 c169de10
[  198.720217]  c1031f13 00000009 c169de08 c1664a84 c169de24 c169de50 c13fa6b9 c165f5ea
[  198.720240] Call Trace:
[  198.720257]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
[  198.720274]  [<c12208d6>] dump_stack+0x16/0x20
[  198.720306]  [<c1031e4d>] warn_slowpath_common+0x7d/0xa0
[  198.720318]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
[  198.720330]  [<c1031f13>] warn_slowpath_fmt+0x33/0x40
[  198.720342]  [<c13fa6b9>] dev_watchdog+0x229/0x240
[  198.720357]  [<c103f158>] call_timer_fn+0x78/0x150
[  198.720369]  [<c103f0e0>] ? internal_add_timer+0x40/0x40
[  198.720381]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
[  198.720392]  [<c103f33f>] run_timer_softirq+0x10f/0x200
[  198.720412]  [<c103954f>] ? __do_softirq+0x6f/0x210
[  198.720424]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
[  198.720435]  [<c1039598>] __do_softirq+0xb8/0x210
[  198.720467]  [<c14b54d2>] ? _raw_spin_unlock+0x22/0x30
[  198.720484]  [<c1003245>] ? handle_irq+0x25/0xd0
[  198.720496]  [<c1039c0c>] irq_exit+0x9c/0xb0
[  198.720508]  [<c14bc9d7>] do_IRQ+0x47/0x94
[  198.720534]  [<c1056078>] ? hrtimer_start+0x28/0x30
[  198.720564]  [<c14bc8b1>] common_interrupt+0x31/0x38
[  198.720589]  [<c1008692>] ? default_idle+0x22/0xa0
[  198.720600]  [<c10083c7>] arch_cpu_idle+0x17/0x30
[  198.720631]  [<c106d23d>] cpu_startup_entry+0xcd/0x180
[  198.720643]  [<c14ae30a>] rest_init+0xaa/0xb0
[  198.720654]  [<c14ae260>] ? reciprocal_value+0x50/0x50
[  198.720668]  [<c17044e0>] ? repair_env_string+0x60/0x60
[  198.720679]  [<c1704bda>] start_kernel+0x29a/0x350
[  198.720690]  [<c17044e0>] ? repair_env_string+0x60/0x60
[  198.720721]  [<c1704269>] i386_start_kernel+0x39/0xa0
[  198.720729] ---[ end trace 81e0a6266f5c73a8 ]---
[  198.720740] eth0: Transmit timeout, status 00000204 00000000

timer routine checks the link status and if it's up calls
netif_carrier_on() allowing upper layer to start the tx queue
even if the auto-negotiation process is not finished.

Also remove ugly auto-negotiation check from the sis900_start_xmit()

CC: Duan Fugang <B38611@freescale.com>
CC: Ben Hutchings <bhutchings@solarflare.com>

Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 15:04:15 -07:00
Linus Torvalds
abe0308070 InfiniBand/RDMA fixes for 3.11-rc:
- Fixes for the newly merged mlx5 hardware driver
  - Stack info leak fixes from Dan Carpenter
  - Fixes for pkey table handling with SR-IOV
  - A few other small things
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABCAAGBQJR+9nLAAoJEENa44ZhAt0hBPQP/RSRLYaN4k9apw8mOdiQo8hD
 LDFt/DTSSZz/0/VtCgQoOblqAmsDeHp8Tj/WS7bm1zi8ajBPLmUBuQ9GWza0KDFT
 BDbhcdndvg6FO47GdyF8KWQrBB/WRfGg1ucqeelqRB1WoMtUnP/bX3umFrn7adNG
 /W38KNfx+G2/WwQMbUWl7jxJuqS2tGGKBQEvdO0LjsNTfU4LSqI8L9WrLXhwAV4V
 GXNc3rV1EsLqoHe9IznKGw3Ls02ZuFw7b/+WEVY6PjSf73sqfAm3LJnGO6h9Jd79
 CKLr2ev0cadosorMrdL9GdOGZX/gGw0Ub9YBLiRdNNq1aPIHaWzbQbsW2nQHYQ/l
 bZufcye2A/10LaP9JsX4RaK3mE5dm7jvZKoT5sqX+j6k3KgDuCmBjsGVaWaP+NyZ
 iqrIcyJxQfB6Cpm2vELrBeCusvVv9/Z5v4yeMQYhnAdVSEsqFEmE200Udnm3viiq
 sHtSe9fN7fkN7aB+immIlrOV1tMZARwbJ6yz/3Gw4gu6O8Yfjo74dIiu0m2feiUl
 tNlzPzPiIPx1PTEmjTKAKtuauTxHNVxp7yQS8IJLzmtU9BmYmau11CLI08e1gnce
 HY7hMfeq65pxbNu4pcn6V7HUmU4u6kUeQkygzi+f6w6FMLH5CWbF0Hw7Ly7wpSNL
 g56DkcamFKr86ex/J80z
 =ZwEX
 -----END PGP SIGNATURE-----

Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband

Pull infiniband/rdma fixes from Roland Dreier:
 - Fixes for the newly merged mlx5 hardware driver
 - Stack info leak fixes from Dan Carpenter
 - Fixes for pkey table handling with SR-IOV
 - A few other small things

* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IPoIB: Fix pkey change flow for virtualization environments
  IPoIB: Make sure child devices use valid/proper pkeys
  IB/core: Create QP1 using the pkey index which contains the default pkey
  mlx5_core: Variable may be used uninitialized
  mlx5_core: Implement new initialization sequence
  mlx5_core: Fix use after free in mlx5_cmd_comp_handler()
  IB/mlx5: Fix stack info leak in mlx5_ib_alloc_ucontext()
  IB/mlx5: Fix error return code in init_one()
  IB/mlx4: Use default pkey when creating tunnel QPs
  RDMA/cma: Only call cma_save_ib_info() for CM REQs
  RDMA/cma: Fix accessing invalid private data for UD
  RDMA/cma: Fix gcc warning
  Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"
  IB/qib: Add err_decode() call for ring dump
  RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
  RDMA/nes: Fix info leaks in nes_create_qp() and nes_create_cq()
  RDMA/ocrdma: Fix several stack info leaks
  RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()
  RDMA/ocrdma: Remove unused include
2013-08-02 14:58:30 -07:00
Linus Torvalds
1cb39a6cb9 GPIO fixes for v3.11:
- Revert the OMAP fixes that caused more problems than they solved.
 - Fix a build error.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.13 (GNU/Linux)
 
 iQIcBAABAgAGBQJR+h+XAAoJEEEQszewGV1zIMYQAK7VFsYq1ZNkzpoTYSkglnaa
 7twmEFqyV4U+jWtJRjpygJ1ZP6uL/ZdI/ouDlvOXlNf0dFJUtaSiqrL1eB2l7OXN
 9t463se/0h4/aoN4i09aN0CiDntmfrFxHnu6xe5oO4ukcw1EJu3gWekKBFZ6lX79
 1cayVAnrk2dudIjpNqBxJP+SzNGOI0yn1Ig+iznXw5JHhfjkZ0Heh1UQYpnVOjjC
 attVs4++lxj7Tj4qkdPibztEnvOzMFV4zAqMFsCiqv/8IqSui9J7zHBYdde05ICZ
 yynf3VWuhDjmhMYkNr+wUbfpBJA75u2ViEc/hKJihTykOOxuU+XvX/KGsBwbK7J+
 EENTzBDZmyH3OYntKHWJlHkFy6Ym6hWPVGIZ3AJoiMFX2SQzWMgqW/yVUvmeWNj+
 2Ds/of9n3VkN9j1dDnAdvrR1TqjpTDHCP+ZSgPSO1X4bBAbWi2HajwvMWZNKUIIP
 md2Qu+KWUuDBoq1FpndJWubmEzfRXAZJn4Ghk2ldoy8Q2zI6pSeG1yUHI0IFTLaD
 QsCpE84lUoBA1isLt9X2nRTNAKwBjb/9+x5VvT4tACd5V2nYk8TKiuE9DCVKDDNd
 7/KNO9p9HgisV+ZqSJyT8hPz42d0PXapKr+jW/dikX+7fXDJj3EY+s/jt0bTQlkS
 1Ut/Dhm0HAAzKBh+dHUV
 =PQ04
 -----END PGP SIGNATURE-----

Merge tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "Yet another GPIO pull request, fixing the fix from the last one.  It
  turns out that fixing the boot path for device tree boots on OMAP
  breaks out antique systems (such as OMAP1) and we need to find a
  better way.  So we're reverting that "fix" for the moment and thinking
  about something better.

  Also fixing a build issue on the MSM driver"

* tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio_msm: Fix build error due to missing err.h
  Revert "gpio/omap: don't create an IRQ mapping for every GPIO on DT"
  Revert "gpio/omap: auto request GPIO as input if used as IRQ via DT"
  Revert "gpio/omap: fix build error when OF_GPIO is not defined."
2013-08-02 14:57:24 -07:00
Daniel Borkmann
446266b0c7 net: rtm_to_ifaddr: free ifa if ifa_cacheinfo processing fails
Commit 5c766d642 ("ipv4: introduce address lifetime") leaves the ifa
resource that was allocated via inet_alloc_ifa() unfreed when returning
the function with -EINVAL. Thus, free it first via inet_free_ifa().

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 14:56:06 -07:00
Lekensteyn
9bb8eeb554 r8169: remove "PHY reset until link up" log spam
This message was added in commit a7154cb8 (June 2004, [PATCH] r8169:
link handling and phy reset rework) and is printed every ten seconds
when no cable is connected and runtime power management is disabled.
(Before that commit, "Reset RTL8169s PHY" would be printed instead.)

Signed-off-by: Peter Wu <lekensteyn@gmail.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 14:55:09 -07:00
Felipe Balbi
7069f982b9 net: ethernet: cpsw: drop IRQF_DISABLED
IRQF_DISABLED is a no-op by now and should be
removed.

Signed-off-by: Felipe Balbi <balbi@ti.com>
Acked-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 14:53:52 -07:00
stephen hemminger
cbd375567f htb: fix sign extension bug
When userspace passes a large priority value
the assignment of the unsigned value hopt->prio
to  signed int cl->prio causes cl->prio to become negative and the
comparison is with TC_HTB_NUMPRIO is always false.

The result is that HTB crashes by referencing outside
the array when processing packets. With this patch the large value
wraps around like other values outside the normal range.

See: https://bugzilla.kernel.org/show_bug.cgi?id=60669

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-02 14:52:20 -07:00
Linus Torvalds
e7e2e511ba Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
 "Here is not quite a handful of powerpc fixes for rc3.

  The windfarm fix is a regression fix (though not a new one), the PMU
  interrupt rename is not a fix per-se but has been submitted a long
  time ago and I kept forgetting to put it in (it puts us back in sync
  with x86), the other perf bit is just about putting an API/ABI bit
  definition in the right place for userspace to consume, and finally,
  we have a fix for the VPHN (Virtual Partition Home Node) feature
  (notification that the hypervisor is moving nodes around) which could
  cause lockups so we may as well fix it now"

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31)
  powerpc: VPHN topology change updates all siblings
  powerpc/perf: Export PERF_EVENT_CONFIG_EBB_SHIFT to userspace
  powerpc: Rename PMU interrupts from CNT to PMI
2013-08-02 14:39:49 -07:00
Linus Torvalds
6d039f8f03 Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
 "I've thought long and hard about what to say for this pull request,
  and I really can't work out anything sane to say to summarise much of
  these commits.  The problem is, for most of these are, yet again, lots
  of small bits scattered around the place without any real overall
  theme to them"

Most notable is probably the kuser page helper improvements.

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm: (22 commits)
  ARM: Add .text annotations where required after __CPUINIT removal
  ARM: 7803/1: Fix deadlock scenario with smp_send_stop()
  ARM: make vectors page inaccessible from userspace
  ARM: move signal handlers into a vdso-like page
  ARM: allow kuser helpers to be removed from the vector page
  ARM: update FIQ support for relocation of vectors
  ARM: use linker magic for vectors and vector stubs
  ARM: move vector stubs
  ARM: poison memory between kuser helpers
  ARM: poison the vectors page
  ARM: 7801/1: v6: prevent gcc 4.5 from reordering extended CP15 reads above is_smp() test
  ARM: 7800/1: ARMv7-M: Fix name of NVIC handler function
  ARM: Fix sorting of machine- initializers
  ARM: 7791/1: a.out: remove partial a.out support
  ARM: 7790/1: Fix deferred mm switch on VIVT processors
  ARM: 7789/1: Do not run dummy_flush_tlb_a15_erratum() on non-Cortex-A15
  ARM: 7787/1: virt: ensure visibility of __boot_cpu_mode
  ARM: 7788/1: elf: fix lpae hwcap feature reporting in proc/cpuinfo
  ARM: 7786/1: hyp: fix macro parameterisation
  ARM: 7785/1: mm: restrict early_alloc to section-aligned memory
  ...
2013-08-02 14:37:45 -07:00
Linus Torvalds
efc6816415 Merge branch 'parisc-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc updates from Helge Deller:
 "The majority of lines changed are due the addition of a defconfig for
  the C8000 machine.  Even the fix in parisc/kernel/cache.c file is
  actually ony a 10-line fix, but the change became bigger (and much
  nicer) to avoid errors of the checkpatch script.

  Here is the short-changelog:

  This round of parisc updates includes mostly fixes for the C8000
  workstation.  We have a new defconfig file for this machine, as well
  as fixes for it's serial port, the AGP driver and the cache routines
  to cope with the vmas of the FireGL card in a C8000.  The sys32.h
  header file was not used and as such it's now gone"

* 'parisc-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Fix interrupt routing for C8000 serial ports
  parisc: Remove arch/parisc/kernel/sys32.h header
  parisc: add defconfig for c8000 machine
  parisc: agp/parisc-agp: allow binding of user memory to the AGP GART
  parisc: Fix cache routines to ignore vma's with an invalid pfn
2013-08-02 14:36:32 -07:00
Linus Torvalds
f9ed432c92 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:
 - fix hid-sony PS3 sixaxxis breakage from Benjamin Tissories
 - fix hidraw race condition from Yonghua Zheng
 - fix/bandaid for rare device enumeration problems of Logitech Unifying
   receivers from Nestor Lopez Casado

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: hidraw: fix improper mutex release
  HID: sony: fix HID mapping for PS3 sixaxis controller
  HID: hid-logitech-dj: querying_devices was never set
  HID: Revert "Revert "HID: Fix logitech-dj: missing Unifying device issue""
2013-08-02 14:22:15 -07:00
Linus Torvalds
940e84fc26 Fix a regression in mce-severity.c
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJR9rNkAAoJEKurIx+X31iBypYP/RvzIaqZixPwgwkXHgUC3TC/
 /xyKYPl3z5dy3CuOX/lWM6CALEWqu2S+v/+Bvl5x6dc0zeSK8EOfqAHcrjt0mRk3
 x4u0Z1L6NzIK97Nliqgz1fWXJcWB+CxBLFDCaGeQea9b1dmAfeRA3MEs1rwk8Yes
 6sKvLTjcSswBmCObNQF7hplXZv8pxtOrQqjxQ65krYLOsNe1vK/dQDPDIY/HAsZr
 so6xf3tzkxNWT6xfLV2tRI9CP7TOaSDcdYhcZMRijxL6lSxZ/schIzGHOQyzACER
 UaBThQW0S1azC5DsqufFGdzX8uBnKh7vlUI/4xHCfpueFvlx+9lYWoBO4k1plkg/
 AYcdbksbkzrTDIca1SclHYfipBvuJrK/NDnqpDixjAntWrnWoqDoyo6ONhTGAbRy
 I1bN+y1OqH6GsqbqGBTDktF4XkvAbXhvkLNaMsHPsdXwqr1O53xsvU4XOtf15SKn
 4jRN6Iv0EGmdeSUdAxOz/aQ9ug/HO4cvBb9D3UV+hnT1ca2+EbqgWaQlv1tU6oI4
 BX37d9qAZnt8jGhZjT1rmhk+yxp1+pl5vjvL5O2iXJ1sZOQssEux22bUZ67Kq1wi
 MTZ8b3ObHp24+eYjQYwdflBPW06oZTJiEKdBx/8NgVoTVtQdioy0YrfjPG2Z1jmB
 o6no7vWyc4Hqy/onsCdu
 =BIDi
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-fix-mce-regression' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras

Pull MCE fix from Tony Luck:
 "Fix a regression in mce-severity.c"

* tag 'please-pull-fix-mce-regression' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
  x86/mce: Fix mce regression from recent cleanup
2013-08-02 14:21:44 -07:00
Linus Torvalds
aa8032b6fa PCI updates for v3.11:
Hotplug
       PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
       PCI: hotplug: Convert to be builtin only, not modular
       PCI: pciehp: Convert pciehp to be builtin only, not modular
   Resource allocation
       PCI: Retry allocation of only the resource type that failed
   ARM
       PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJR+/RRAAoJEFmIoMA60/r8iloP/is7mx667v9F9WRlYMJss+ig
 K0cVOauokmr/pyS7Tgr0jfhtulXOmN/VJTvCw6h7+qYtsO/DQ7Y5LPXoMW83s5hK
 /N33HDZcm2/1hUxv/4GS3omtO9VefWcmzXmPM7l1fEBQyACTg/zj1Mb97U8j8mhh
 vr6y/pLDLwwaRcQNP/Y2F6H8RsDDWE/IyC9MN1qEz+b7Qve5fAPPrDBgExakzmu/
 UiiJV3nl7fqBeITA/LSWDCgsOeavmmabqZuaXnKWN0L5PaEa3/8Of6kbsG5ZGgdZ
 Y5/Qu0HRtAhaFNAd1670IzcMThC6TJV685z09/OQ+4uKpZ2jJYM26ISSdiMG2He4
 FQmLQcgkxGX0xYxdD7K37VC7O17NH+3jEouM2SNSCXGz5RQ3qvW5F4IvSctHmIO8
 Q0m2HladNYHtOYk1eGNSlxPd3U0nyQwlXSTgJrKYd/cJgUqYjs+Q9zuAmUj+4QPR
 ywwO3rgpetaROY6avw31fWFGqQFAQEQeXvMwTrAJbdIcxvVz77yRiOrD72X61Z7h
 A6owzbMmuYKPuym5EbBr0GoCJWAuHc8GIvXKHQQ9QMGuRAj9X4Qrk+BdudeqlTxD
 e9WKkKGPmPxR6IuSlZdLCNqcTDDlQZFTnq5WJ989pPsUMKFu8LjybKntBEbPtIue
 ydWvibCrxNbTEMyyg+c6
 =z2eX
 -----END PGP SIGNATURE-----

Merge tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "Yinghai fixed a couple regressions: one resource assignment problem
  introduced in v3.10 that showed up with SR-IOV on powerpc, and another
  SR-IOV hot-remove issue related to refcounting changes we merged for
  v3.11.

  Yinghai is still working on another SR-IOV-related fix or two, which
  will be simpler if pciehp is non-modular, so I included the Kconfig
  changes now to get them in earlier.

  Finally, a minor fix for the ARM Marvell EBU host bridge driver that
  was merged for v3.11

  Hotplug:
      PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
      PCI: hotplug: Convert to be builtin only, not modular
      PCI: pciehp: Convert pciehp to be builtin only, not modular

  Resource allocation:
      PCI: Retry allocation of only the resource type that failed

  ARM:
      PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge"

* tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
  PCI: Retry allocation of only the resource type that failed
  PCI: pciehp: Convert pciehp to be builtin only, not modular
  PCI: hotplug: Convert to be builtin only, not modular
  PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
2013-08-02 13:12:52 -07:00
Linus Torvalds
1fe0135b9e ACPI and power management fixes for 3.11-rc4
- Revert two cpuidle commits added during the 3.8 development cycle that
   turn out to have introduced a significant performance regression as
   requested by Jeremy Eder.
 
 - The recent patches that made the freezer less heavy-weight introduced
   a regression causing user-space-driven hibernation using the ioctl()
   interface to block indefinitely when the hibernate process executes
   try_to_freeze().  Fix from Colin Cross addresses this by adding a
   process flag to mark the hibernate/suspend process to inform the
   freezer that that process should be ignored.
 
 - One of the recent cpufreq reverts uncovered a problem in the core
   causing the cpufreq driver module refcount to become negative after
   a system suspend-resume cycle.  Fix from Rafael J Wysocki.
 
 - The evaluation of the ACPI battery _BIX method has never worked
   correctly, because the commit that added support for it forgot to
   take the "Revision" field in the return package into account.  As
   a result, the reading of battery info doesn't work at all on some
   systems, which is addressed by a fix from Lan Tianyu.
 
 /
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJR+6ptAAoJEKhOf7ml8uNsRpIP/0P2HbCFM52/4Rv/Iltnt4fI
 9Vo2dyuL7JKP2U8jtHxfhFGg3oMdYQoUIdnpjtKr4O3obhzl4vHwE9vtrRlhHpRZ
 SnHGe0W5v0eQOdCbVzdwS1NrJwckkTy1JuybV+PH66T84Usu0QoxE4iNveK2LX23
 eJvOgWGBoyEEWJb+1/KJNIcKk77A0Cnc2CCLMN5bmhwH1QGDRZdzSnrjK5fGniF0
 akCGq8jJhBaI1xJF/42LgNBiPpAYk42SPuiSOqniKzweUK1P6YzHjArh0qaTBoUj
 27HRkZlY6Y8WLFxqQio7zvbbLSdRuwosESofw2kCFkAAEnCc71kw2nbebNr3sCap
 MqrmEMcxqT803PiB2RGyS53WNE7mM3NFCPRLOPL+cWeNQhoYzbZ+UiNx4Dw667cr
 Ow+egCY+jyAZm5TFqY6Y75lG61UM6oCs6M6iIwiv/BOmJqCmkTjvNBxHWrVcWxin
 YhiLJGyt7iAcIaxhy+fCs2j2a7B0Ai62kZ6YLqaEtNBzjuDbm6sr61A6Nu8bpOTU
 C7e76AocyfuDpdU99uawDvuazCGWEg+f8eH8C/ij19jF1/Mrlr0x+4x9MmMm9Iz5
 ux0uroTteEuswz9aHmY270qdDLIuSGUsmqD05RoaO61U8dVigWw+ZKqUCImrAM7x
 4bK1+2eOig794g9vSsen
 =7x7r
 -----END PGP SIGNATURE-----

Merge tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI and power management fixes from Rafael Wysocki:

 - Revert two cpuidle commits added during the 3.8 development cycle
   that turn out to have introduced a significant performance regression
   as requested by Jeremy Eder.

 - The recent patches that made the freezer less heavy-weight introduced
   a regression causing user-space-driven hibernation using the ioctl()
   interface to block indefinitely when the hibernate process executes
   try_to_freeze().  Fix from Colin Cross addresses this by adding a
   process flag to mark the hibernate/suspend process to inform the
   freezer that that process should be ignored.

 - One of the recent cpufreq reverts uncovered a problem in the core
   causing the cpufreq driver module refcount to become negative after a
   system suspend-resume cycle.  Fix from Rafael J Wysocki.

 - The evaluation of the ACPI battery _BIX method has never worked
   correctly, because the commit that added support for it forgot to
   take the "Revision" field in the return package into account.  As a
   result, the reading of battery info doesn't work at all on some
   systems, which is addressed by a fix from Lan Tianyu.

* tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  freezer: set PF_SUSPEND_TASK flag on tasks that call freeze_processes
  ACPI / battery: Fix parsing _BIX return value
  cpufreq: Fix cpufreq driver module refcount balance after suspend/resume
  Revert "cpuidle: Quickly notice prediction failure for repeat mode"
  Revert "cpuidle: Quickly notice prediction failure in general case"
2013-08-02 12:21:32 -07:00
Tomi Valkeinen
70a0f60329 ARM: OMAP: dss-common: fix Panda's DVI DDC channel
Panda's DVI connector's DDC pins are connected to OMAP's third i2c bus.
With non-DT, the bus number was 3, and that is what is used in the
dss-common.c which contains the platform data for Panda's DVI.

However, with DT, the bus number is 2. As we now only have DT boot for
Panda, we have to change the bus number to make DVI EDID read
operational.

Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Acked-by: Tony Lindgren <tony@atomide.com>
2013-08-02 15:52:38 +03:00
Hector Palacios
208df1e4cb video: mxsfb: fix color settings for 18bit data bus and 32bpp
For a combination of 18bit LCD data bus width and a color
mode of 32bpp, the driver was setting the color mapping to
rgb666, which is wrong, as the color in memory realy has an
rgb888 layout.

This patch also removes the setting of flag CTRL_DF24 that
makes the driver dimiss the upper 2 bits when handling 32/24bpp
colors in a diplay with 18bit data bus width. This flag made
true color images display wrong in such configurations.

Finally, the color mapping rgb666 has also been removed as nobody
is using it and high level applications like Qt5 cannot work
with it either.

Reference: https://lkml.org/lkml/2013/5/23/220
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Acked-by: Juergen Beisert <jbe@pengutronix.de>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
2013-08-02 13:13:33 +03:00
Tomi Valkeinen
005358c8c0 OMAPDSS: analog-tv-connector: compile fix
connector-analog-tv.c uses omap_dss_pal_timings, defined in omapdss's
venc.c, for default timings. omap_dss_pal_timings only exists when VENC
is enabled in the kernel config, so disabling VENC breaks
omap_dss_pal_timings connector-analog-tv compilation.

Instead of adding dependency to VENC, add internal default timings to
the connector driver, because the connector driver should not depend on
VENC, and it can be used with any other analog TV encoder.

Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
2013-08-02 13:03:21 +03:00
Takashi Iwai
697aebab78 ALSA: hda - Fix missing fixup for Mac Mini with STAC9221
A fixup for Apple Mac Mini was lost during the adaption to the generic
parser because the fallback for the generic ID 8384:7680 was dropped,
and it resulted in the silence output (and maybe other problems).

Unfortunately, just adding the missing subsystem ID wasn't enough, in
this case.  The subsystem ID of this machine is 0000:0100 (what Apple
thought...?), and since snd_hda_pick_fixup() doesn't take the vendor
id zero into account, the driver ignored this entry.  Now it's fixed
to regard the vendor id zero as a valid value.

Reported-and-tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org> [v3.9+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-08-02 08:16:52 +02:00
Michael S. Tsirkin
787381415c macvlan: handle set_promiscuity failures
It's quite unlikely that dev_set_promiscuity will fail,
but worth checking just in case.

Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 16:32:05 -07:00
Michael S. Tsirkin
266e83474c macvlan: better mode validation
macvlan passthrough mode is special: it's not possible to switch to or
from it through a netlink command.

But if you try, the command will succeed, which is
confusing.

Validate input and return error to user.

Cc:  Sridhar Samudrala <sri@us.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 16:32:05 -07:00
Ying Xue
c756891a4e tipc: fix oops when creating server socket fails
When creation of TIPC internal server socket fails,
we get an oops with the following dump:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
IP: [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
PGD 13719067 PUD 12008067 PMD 0
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: tipc(+)
CPU: 4 PID: 4340 Comm: insmod Not tainted 3.10.0+ #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
task: ffff880014360000 ti: ffff88001374c000 task.ti: ffff88001374c000
RIP: 0010:[<ffffffffa0011f49>]  [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
RSP: 0018:ffff88001374dc98  EFLAGS: 00010292
RAX: 0000000000000000 RBX: ffff880012ac09d8 RCX: 0000000000000000
RDX: 0000000000000046 RSI: 0000000000000001 RDI: ffff880014360000
RBP: ffff88001374dcb8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0016fa0
R13: ffffffffa0017010 R14: ffffffffa0017010 R15: ffff880012ac09d8
FS:  0000000000000000(0000) GS:ffff880016600000(0063) knlGS:00000000f76668d0
CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
CR2: 0000000000000020 CR3: 0000000012227000 CR4: 00000000000006e0
Stack:
ffff88001374dcb8 ffffffffa0016fa0 0000000000000000 0000000000000001
ffff88001374dcf8 ffffffffa0012922 ffff88001374dce8 00000000ffffffea
ffffffffa0017100 0000000000000000 ffff8800134241a8 ffffffffa0017150
Call Trace:
[<ffffffffa0012922>] tipc_server_stop+0xa2/0x1b0 [tipc]
[<ffffffffa0009995>] tipc_subscr_stop+0x15/0x20 [tipc]
[<ffffffffa00130f5>] tipc_core_stop+0x1d/0x33 [tipc]
[<ffffffffa001f0d4>] tipc_init+0xd4/0xf8 [tipc]
[<ffffffffa001f000>] ? 0xffffffffa001efff
[<ffffffff8100023f>] do_one_initcall+0x3f/0x150
[<ffffffff81082f4d>] ? __blocking_notifier_call_chain+0x7d/0xd0
[<ffffffff810cc58a>] load_module+0x11aa/0x19c0
[<ffffffff810c8d60>] ? show_initstate+0x50/0x50
[<ffffffff8190311c>] ? retint_restore_args+0xe/0xe
[<ffffffff810cce79>] SyS_init_module+0xd9/0x110
[<ffffffff8190dc65>] sysenter_dispatch+0x7/0x1f
Code: 6c 24 70 4c 89 ef e8 b7 04 8f e1 8b 73 04 4c 89 e7 e8 7c 9e 32 e1 41 83 ac 24
b8 00 00 00 01 4c 89 ef e8 eb 0a 8f e1 48 8b 43 08 <4c> 8b 68 20 4d 8d a5 48 03 00
00 4c 89 e7 e8 04 05 8f e1 4c 89
RIP  [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
RSP <ffff88001374dc98>
CR2: 0000000000000020
---[ end trace b02321f40e4269a3 ]---

We have the following call chain:

tipc_core_start()
    ret = tipc_subscr_start()
        ret = tipc_server_start(){
                  server->enabled = 1;
                  ret = tipc_open_listening_sock()
              }

I.e., the server->enabled flag is unconditionally set to 1, whatever
the return value of tipc_open_listening_sock().

This causes a crash when tipc_core_start() tries to clean up
resources after a failed initialization:

    if (ret == failed)
        tipc_subscr_stop()
            tipc_server_stop(){
                if (server->enabled)
                    tipc_close_conn(){
                        NULL reference of con->sock-sk
                        OOPS!
                }
            }

To avoid this, tipc_server_start() should only set server->enabled
to 1 in case of a succesful socket creation. In case of failure, it
should release all allocated resources before returning.

Problem introduced in commit c5fa7b3cf3
("tipc: introduce new TIPC server infrastructure") in v3.11-rc1.
Note that it won't be seen often; it takes a module load under memory
constrained conditions in order to trigger the failure condition.

Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 15:54:33 -07:00
Steven Rostedt (Red Hat)
c6c2401d8b tracing/uprobes: Fail to unregister if probe event files are in use
Uprobes suffer the same problem that kprobes have. There's a race between
writing to the "enable" file and removing the probe. The probe checks for
it being in use and if it is not, goes about deleting the probe and the
event that represents it. But the problem with that is, after it checks
if it is in use it can be enabled, and the deletion of the event (access
to the probe) will fail, as it is in use. But the uprobe will still be
deleted. This is a problem as the event can reference the uprobe that
was deleted.

The fix is to remove the event first, and check to make sure the event
removal succeeds. Then it is safe to remove the probe.

When the event exists, either ftrace or perf can enable the probe and
prevent the event from being removed.

Link: http://lkml.kernel.org/r/20130704034038.991525256@goodmis.org

Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-08-01 18:25:50 -04:00
Cong Wang
e0d1095ae3 net: rename CONFIG_NET_LL_RX_POLL to CONFIG_NET_RX_BUSY_POLL
Eliezer renames several *ll_poll to *busy_poll, but forgets
CONFIG_NET_LL_RX_POLL, so in case of confusion, rename it too.

Cc: Eliezer Tamir <eliezer.tamir@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 15:11:17 -07:00
Cong Wang
dfcefb0be1 net: fix a compile error when CONFIG_NET_LL_RX_POLL is not set
When CONFIG_NET_LL_RX_POLL is not set, I got:

net/socket.c: In function ‘sock_poll’:
net/socket.c:1165:4: error: implicit declaration of function ‘sk_busy_loop’ [-Werror=implicit-function-declaration]

Fix this by adding a nop when !CONFIG_NET_LL_RX_POLL.

Cc: Eliezer Tamir <eliezer.tamir@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 15:10:58 -07:00
Jack Morgenstein
b30513202c net/mlx4_core: VFs must ignore the enable_64b_cqe_eqe module param
Slaves get the 64B CQE/EQE state from QUERY_HCA, not from the module parameter.

If the parameter is set to zero, the slave outputs an incorrect/irrelevant
warning message that 64B CQEs/EQEs are supported but not enabled (even if the
hypervisor has enabled 64B CQEs/EQEs).

Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 15:09:36 -07:00
Or Gerlitz
0508ad6468 net/mlx4_core: Don't give VFs MAC addresses which are derived from the PF MAC
If the user has not assigned a MAC address to a VM, then don't give it MAC which
is based on the PF one. The current derivation scheme is wrong and leads to VM
MAC collisions when the number of cards/hypervisors becomes big enough.

Instead, just give it zeros and let them figure out what to do with that.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 15:09:35 -07:00
Jiri Benc
8a226b2cfa ipv6: prevent race between address creation and removal
There's a race in IPv6 automatic addess assignment. The address is created
with zero lifetime when it's added to various address lists. Before it gets
assigned the correct lifetime, there's a window where a new address may be
configured. This causes the semi-initiated address to be deleted in
addrconf_verify.

This was discovered as a reference leak caused by concurrent run of
__ipv6_ifa_notify for both RTM_NEWADDR and RTM_DELADDR with the same
address.

Fix this by setting the lifetime before the address is added to
inet6_addr_lst.

A few notes:

1. In addrconf_prefix_rcv, by setting update_lft to zero, the
   if (update_lft) { ... } condition is no longer executed for newly
   created addresses. This is okay, as the ifp fields are set in
   ipv6_add_addr now and ipv6_ifa_notify is called (and has been called)
   through addrconf_dad_start.

2. The removal of the whole block under ifp->lock in inet6_addr_add is okay,
   too, as tstamp is initialized to jiffies in ipv6_add_addr.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 14:16:20 -07:00
Jiri Pirko
3f8f52982a ipv6: move peer_addr init into ipv6_add_addr()
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 14:16:20 -07:00
Michal Kubeček
49a18d86f6 ipv6: update ip6_rt_last_gc every time GC is run
As pointed out by Eric Dumazet, net->ipv6.ip6_rt_last_gc should
hold the last time garbage collector was run so that we should
update it whenever fib6_run_gc() calls fib6_clean_all(), not only
if we got there from ip6_dst_gc().

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 14:16:20 -07:00
Michal Kubeček
2ac3ac8f86 ipv6: prevent fib6_run_gc() contention
On a high-traffic router with many processors and many IPv6 dst
entries, soft lockup in fib6_run_gc() can occur when number of
entries reaches gc_thresh.

This happens because fib6_run_gc() uses fib6_gc_lock to allow
only one thread to run the garbage collector but ip6_dst_gc()
doesn't update net->ipv6.ip6_rt_last_gc until fib6_run_gc()
returns. On a system with many entries, this can take some time
so that in the meantime, other threads pass the tests in
ip6_dst_gc() (ip6_rt_last_gc is still not updated) and wait for
the lock. They then have to run the garbage collector one after
another which blocks them for quite long.

Resolve this by replacing special value ~0UL of expire parameter
to fib6_run_gc() by explicit "force" parameter to choose between
spin_lock_bh() and spin_trylock_bh() and call fib6_run_gc() with
force=false if gc_thresh is reached but not max_size.

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 14:16:20 -07:00
Thomas Petazzoni
36dd1f3e02 PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
The Marvell PCIe driver uses an emulated PCI-to-PCI bridge to be able
to dynamically set up MBus address decoding windows for PCI I/O and
memory regions depending on the PCI devices enumerated by Linux.

However, this emulated PCI-to-PCI bridge logic makes the Linux PCI
core believe that prefetchable memory regions are supported (because
the registers are read/write), while in fact no adress decoding window
is ever created for such regions. Since the Marvell MBus address
decoding windows do not distinguish memory regions and prefetchable
memory regions, this patch takes a simple approach: change the
PCI-to-PCI bridge emulation to let the Linux PCI core know that we
don't support prefetchable memory regions.

To achieve this, we simply make the prefetchable memory base a
read-only register that always returns 0. Reading/writing all the
other prefetchable memory related registers has no effect.

This problem was originally reported by Finn Hoffmann
<finn@uni-bremen.de>, who couldn't get a RTL8111/8168B PCI NIC working
on the NSA310 Kirkwood platform after updating to 3.11-rc. The problem
was that the PCI-to-PCI bridge emulation was making the Linux PCI core
believe that we support prefetchable memory, so the Linux PCI core was
only filling the prefetchable memory base and limit registers, which
does not lead to a MBus window being created. The below patch has been
confirmed by Finn Hoffmann to fix his problem on Kirkwood, and has
otherwise been successfully tested on the Armada XP GP platform with a
e1000e PCIe NIC and a Marvell SATA PCIe card.

Reported-by: Finn Hoffmann <finn@uni-bremen.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2013-08-01 14:47:54 -06:00
David S. Miller
1f1059fcf0 Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:

====================
This pull request is intended for the 3.11 stream.  It is a bit
larger than usual, as it includes pulls from most of my feeder trees
as well...

For the Bluetooth bits, Gustavo says:

"A few fixes and devices ID additions for 3.11:

 * There are 4 new ath3k device ids
 * Fixed stack memory usage in ath3k.
 * Fixed the init process of BlueFRITZ! devices, they were failing to init
   due to an unsupported command we sent.
 * Fixed wrong use of PTR_ERR in btusb code that was preventing intel devices
   to work properly.
 * Fixed race condition between hci_register_dev() and hci_dev_open() that
   could cause a NULL pointer dereference.
 * Fixed race condition that could call hci_req_cmd_complete() and make some
   devices to fail as showed in the log added to the commit message."

Regarding the NFC bits, Samuel says:

"We have:

1) A build failure fix for the NCI SPI transport layer due to a
   missing CRC_CCITT Kconfig dependency.

2) A netlink command rename: CMD_FW_UPLOAD was merged during the 3.11
   merge window but the typical terminology for loading a firmware to a
   target is firmware download rather than upload. In order to avoid any
   confusion in a file exported to userspace, we rename this command to
   CMD_FW_DOWNLOAD."

Samuel's item #2 isn't strictly a fix, but it seems safe and should
avoid confusion in the future.

As for the mac80211 bits, Johannes says:

"I only have three fixes this time, a fix for a suspend regression, a
patch correcting the initiator in regulatory code and one fix for mesh
station powersave."

With respect to the iwlwifi bits, Johannes says:

"We have a scan fix for passive channels, a new PCI device ID for an old
device, a NIC reset fix, an RF-Kill fix, a fix for powersave when GO
interfaces are present as well as an aggregation session fix (for a
corner case) and a workaround for a firmware design issue - it only
supports a single GTK in D3."

Bringing-up the rear with the Atheros trees, Kalle says:

"Geert Uytterhoeven fixed an ath10k build problem when NO_DMA=y. I added
a missing MAINTAINERS entry for ath10k and updated ath6kl git tree
location."

Along with the above...

Arend van Spriel fixes a brcmfmac WARNING when unplugging the device.

Avinash Patil proves a couple of minor mwifiex fixes relating to P2P mode.

Luciano Coelho updates the MAINTAINERS entry for the wilink drivers.

Stanislaw Gruszka brings an rt2x00 fix for a queue start/stop problem.

Stone Piao fixes another mwifiex problem, a command timeout related to P2P mode.

Tomasz Moń corrects an endian problem in mwifiex.

I'll remind my feeder maintainers to slowdown the patchflow.
Beyond that, please let me know if there are problems!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-08-01 12:57:52 -07:00
Russell King
24195cad3e Merge branch 'security-fixes' into fixes 2013-08-01 20:51:13 +01:00
John W. Linville
22e02a0272 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-08-01 14:30:59 -04:00
Russell King
2449189bb7 ARM: Add .text annotations where required after __CPUINIT removal
Commit 8bd26e3a7 (arm: delete __cpuinit/__CPUINIT usage from all ARM
users) caused some code to leak into sections which are discarded
through the removal of __CPUINIT annotations.  Add appropriate .text
annotations to bring these back into the kernel text.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-08-01 14:41:40 +01:00
Stephen Boyd
44424c3404 ARM: 7803/1: Fix deadlock scenario with smp_send_stop()
If one process calls sys_reboot and that process then stops other
CPUs while those CPUs are within a spin_lock() region we can
potentially encounter a deadlock scenario like below.

CPU 0                   CPU 1
-----                   -----
                        spin_lock(my_lock)
smp_send_stop()
 <send IPI>             handle_IPI()
                         disable_preemption/irqs
                          while(1);
 <PREEMPT>
spin_lock(my_lock) <--- Waits forever

We shouldn't attempt to run any other tasks after we send a stop
IPI to a CPU so disable preemption so that this task runs to
completion. We use local_irq_disable() here for cross-arch
consistency with x86.

Reported-by: Sundarajan Srinivasan <sundaraj@codeaurora.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-08-01 14:41:39 +01:00
Russell King
a5463cd343 ARM: make vectors page inaccessible from userspace
If kuser helpers are not provided by the kernel, disable user access to
the vectors page.  With the kuser helpers gone, there is no reason for
this page to be visible to userspace.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-08-01 14:31:58 +01:00
Russell King
48be69a026 ARM: move signal handlers into a vdso-like page
Move the signal handlers into a VDSO page rather than keeping them in
the vectors page.  This allows us to place them randomly within this
page, and also map the page at a random location within userspace
further protecting these code fragments from ROP attacks.  The new
VDSO page is also poisoned in the same way as the vector page.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-08-01 14:31:56 +01:00
J. Bruce Fields
7193bd17ea svcrpc: set cr_gss_mech from gss-proxy as well as legacy upcall
The change made to rsc_parse() in
0dc1531aca "svcrpc: store gss mech in
svc_cred" should also have been propagated to the gss-proxy codepath.
This fixes a crash in the gss-proxy case.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-08-01 08:42:01 -04:00
J. Bruce Fields
743e217129 svcrpc: fix kfree oops in gss-proxy code
mech_oid.data is an array, not kmalloc()'d memory.

Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-08-01 08:41:29 -04:00
J. Bruce Fields
dc43376c26 svcrpc: fix gss-proxy xdr decoding oops
Uninitialized stack data was being used as the destination for memcpy's.

Longer term we'll just delete some of this code; all we're doing is
skipping over xdr that we don't care about.

Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-08-01 08:40:42 -04:00
J. Bruce Fields
9f96392b0a svcrpc: fix gss_rpc_upcall create error
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-08-01 08:39:30 -04:00
NeilBrown
447383d2ba NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure.
Since we enabled auto-tuning for sunrpc TCP connections we do not
guarantee that there is enough write-space on each connection to
queue a reply.

If memory pressure causes the window to shrink too small, the request
throttling in sunrpc/svc will not accept any requests so no more requests
will be handled.  Even when pressure decreases the window will not
grow again until data is sent on the connection.
This means we get a deadlock:  no requests will be handled until there
is more space, and no space will be allocated until a request is
handled.

This can be simulated by modifying svc_tcp_has_wspace to inflate the
number of byte required and removing the 'svc_sock_setbufsize' calls
in svc_setup_socket.

I found that multiplying by 16 was enough to make the requirement
exceed the default allocation.  With this modification in place:
   mount -o vers=3,proto=tcp 127.0.0.1:/home /mnt
would block and eventually time out because the nfs server could not
accept any requests.

This patch relaxes the request throttling to always allow at least one
request through per connection.  It does this by checking both
  sk_stream_min_wspace() and xprt->xpt_reserved
are zero.
The first is zero when the TCP transmit queue is empty.
The second is zero when there are no RPC requests being processed.
When both of these are zero the socket is idle and so one more
request can safely be allowed through.

Applying this patch allows the above mount command to succeed cleanly.
Tracing shows that the allocated write buffer space quickly grows and
after a few requests are handled, the extra tests are no longer needed
to permit further requests to be processed.

The main purpose of request throttling is to handle the case when one
client is slow at collecting replies and the send queue gets full of
replies that the client hasn't acknowledged (at the TCP level) yet.
As we only change behaviour when the send queue is empty this main
purpose is still preserved.

Reported-by: Ben Myers <bpm@sgi.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2013-08-01 08:39:16 -04:00
Shaohua Li
2865a8fb44 workqueue: copy workqueue_attrs with all fields
$echo '0' > /sys/bus/workqueue/devices/xxx/numa
 $cat /sys/bus/workqueue/devices/xxx/numa

I got 1. It should be 0, the reason is copy_workqueue_attrs() called
in apply_workqueue_attrs() doesn't copy no_numa field.

Fix it by making copy_workqueue_attrs() copy ->no_numa too.  This
would also make get_unbound_pool() set a pool's ->no_numa attribute
according to the workqueue attributes used when the pool was created.
While harmelss, as ->no_numa isn't a pool attribute, this is a bit
confusing.  Clear it explicitly.

tj: Updated description and comments a bit.

Signed-off-by: Shaohua Li <shli@fusionio.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
2013-08-01 08:36:40 -04:00
Takashi Iwai
209fb1b7e2 ASoC: Fixes for v3.11
A fix to make sure userspace knows when control writes have caused a
 change in value, fixing some UIs, plus a few few driver fixes mainly
 cleaning up issues from recent refactorings on less mainstream platforms.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJR+iU1AAoJELSic+t+oim9vJcP/Ro/AhPccuGwTa7tyMFSGAYO
 3xQh4REis7TGgCWu018G+zA4bS5Inrqo7B0M61PFxCJoZ3R4QvIgKXHasQ9SNXmW
 +nUYqs05rgzl4U2uyEUNLoVelFa1ZbQLKQxuOUQt0+u9rvtBZczNd85KeNtn3IVp
 38LTc2scrxo2HmU7UE418euPuFYiz7PMWKSMGd/r5Ht2h6Tij8eQ/Vkm8IgKJ7n6
 kfMZCdMgTx0k/JC3Akz2colIIc0I8ioV2FWkZ1XAMaktFR0u585EbqBC2QJhiXRF
 RJREXCxp8SGI4H961m53GICk39xfWLC7d1/sprzWDWZ6XTM5T9rp8x3iJNw74AcG
 2ERMrDjlJKNVpedhnY7KgtegC+qT/9XcLa1qKpAR9Ym61HUvRvUVD9OsEJ4l5ISn
 m+EZFt1Z9BhXU/HlhLN9Nr6mw0A6OnpvyUwR8cR83gz9OHFCmg8MOxVP26sNQSuX
 1Ll7XRikSxC5n4AxG3APE8MLB7bcvUoL7benD4zekXG+pJhoefg5hmL7qvMCv+fy
 bkeFafc3QUSsaiuf2tQjfHF99wvJC/BWt4cx1hdRjLNMxqoJre5hpJE9/l4JLs7X
 Z6j6RTOD7/cXPZNMh67zK2w/V2NzcvK9I4U20HA9+IjfiYYugCc2XzCLaYrp1bwo
 6P8Y8EXhUC3thSti/WUZ
 =WtLE
 -----END PGP SIGNATURE-----

Merge tag 'asoc-v3.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v3.11

A fix to make sure userspace knows when control writes have caused a
change in value, fixing some UIs, plus a few few driver fixes mainly
cleaning up issues from recent refactorings on less mainstream platforms.
2013-08-01 11:12:10 +02:00
Aaro Koskinen
fe956a1d40 powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31)
slots-fan on G5 Xserve is always running at full speed with windfarm_rm31
driver, resulting in a very high acoustic noise level. It seems the fan
parameters are incorrect, and have been copied from the Drive Bay fan
(RPM, not present on rm31) of the legacy therm_pm72 driver. This patch
changes the parameters to match the Slots fan (PWM) of therm_pm72. With
the patch, slots-fan speed drops from 99% to 19% during normal use,
and slots-temp settle to ~42'C.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2013-08-01 13:11:47 +10:00
Robert Jennings
3be7db6ab4 powerpc: VPHN topology change updates all siblings
When an associativity level change is found for one thread, the
siblings threads need to be updated as well.  This is done today
for PRRN in stage_topology_update() but is missing for VPHN in
update_cpu_associativity_changes_mask().  This patch will correctly
update all thread siblings during a topology change.

Without this patch a topology update can result in a CPU in
init_sched_groups_power() getting stuck indefinitely in a loop.

This loop is built in build_sched_groups(). As a result of the thread
moving to a node separate from its siblings the struct sched_group will
have its next pointer set to point to itself rather than the sched_group
struct of the next thread.  This happens because we have a domain without
the SD_OVERLAP flag, which is correct, and a topology that doesn't conform
with reality (threads on the same core assigned to different numa nodes).
When this list is traversed by init_sched_groups_power() it will reach
the thread's sched_group structure and loop indefinitely; the cpu will
be stuck at this point.

The bug was exposed when VPHN was enabled in commit b7abef0 (v3.9).

Cc: <stable@vger.kernel.org> [v3.9+]
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Robert Jennings <rcj@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2013-08-01 13:11:47 +10:00