tracing_read_pipe zeros all fields bellow "seq". The declaration contains
a comment about that, but it doesn't help.
The first field is "snapshot", it's true when current open file is
snapshot. Looks obvious, that it should not be zeroed.
The second field is "started". It was converted from cpumask_t to
cpumask_var_t (v2.6.28-4983-g4462344), in other words it was
converted from cpumask to pointer on cpumask.
Currently the reference on "started" memory is lost after the first read
from tracing_read_pipe and a proper object will never be freed.
The "started" is never dereferenced for trace_pipe, because trace_pipe
can't have the TRACE_FILE_ANNOTATE options.
Link: http://lkml.kernel.org/r/1375463803-3085183-1-git-send-email-avagin@openvz.org
Cc: stable@vger.kernel.org # 2.6.30
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
NetLabel has the ability to selectively assign network security labels
to outbound traffic based on either the LSM's "domain" (different for
each LSM), the network destination, or a combination of both. Depending
on the type of traffic, local or forwarded, and the type of traffic
selector, domain or address based, different hooks are used to label the
traffic; the goal being minimal overhead.
Unfortunately, there is a bug such that a system using NetLabel domain
based traffic selectors does not correctly label outbound local traffic
that is not assigned to a socket. The issue is that in these cases
the associated NetLabel hook only looks at the address based selectors
and not the domain based selectors. This patch corrects this by
checking both the domain and address based selectors so that the correct
labeling is applied, regardless of the configuration type.
In order to acomplish this fix, this patch also simplifies some of the
NetLabel domainhash structures to use a more common outbound traffic
mapping type: struct netlbl_dommap_def. This simplifies some of the code
in this patch and paves the way for further simplifications in the
future.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.
The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.
before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100
after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"
Based on a prior patch from Changli Gao.
Signed-off-by: Roman Gushchin <klamm@yandex-team.ru>
Reported-by: Changli Gao <xiaosuo@gmail.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Fixes for the newly merged mlx5 hardware driver
- Stack info leak fixes from Dan Carpenter
- Fixes for pkey table handling with SR-IOV
- A few other small things
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJR+9nLAAoJEENa44ZhAt0hBPQP/RSRLYaN4k9apw8mOdiQo8hD
LDFt/DTSSZz/0/VtCgQoOblqAmsDeHp8Tj/WS7bm1zi8ajBPLmUBuQ9GWza0KDFT
BDbhcdndvg6FO47GdyF8KWQrBB/WRfGg1ucqeelqRB1WoMtUnP/bX3umFrn7adNG
/W38KNfx+G2/WwQMbUWl7jxJuqS2tGGKBQEvdO0LjsNTfU4LSqI8L9WrLXhwAV4V
GXNc3rV1EsLqoHe9IznKGw3Ls02ZuFw7b/+WEVY6PjSf73sqfAm3LJnGO6h9Jd79
CKLr2ev0cadosorMrdL9GdOGZX/gGw0Ub9YBLiRdNNq1aPIHaWzbQbsW2nQHYQ/l
bZufcye2A/10LaP9JsX4RaK3mE5dm7jvZKoT5sqX+j6k3KgDuCmBjsGVaWaP+NyZ
iqrIcyJxQfB6Cpm2vELrBeCusvVv9/Z5v4yeMQYhnAdVSEsqFEmE200Udnm3viiq
sHtSe9fN7fkN7aB+immIlrOV1tMZARwbJ6yz/3Gw4gu6O8Yfjo74dIiu0m2feiUl
tNlzPzPiIPx1PTEmjTKAKtuauTxHNVxp7yQS8IJLzmtU9BmYmau11CLI08e1gnce
HY7hMfeq65pxbNu4pcn6V7HUmU4u6kUeQkygzi+f6w6FMLH5CWbF0Hw7Ly7wpSNL
g56DkcamFKr86ex/J80z
=ZwEX
-----END PGP SIGNATURE-----
Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
Pull infiniband/rdma fixes from Roland Dreier:
- Fixes for the newly merged mlx5 hardware driver
- Stack info leak fixes from Dan Carpenter
- Fixes for pkey table handling with SR-IOV
- A few other small things
* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IPoIB: Fix pkey change flow for virtualization environments
IPoIB: Make sure child devices use valid/proper pkeys
IB/core: Create QP1 using the pkey index which contains the default pkey
mlx5_core: Variable may be used uninitialized
mlx5_core: Implement new initialization sequence
mlx5_core: Fix use after free in mlx5_cmd_comp_handler()
IB/mlx5: Fix stack info leak in mlx5_ib_alloc_ucontext()
IB/mlx5: Fix error return code in init_one()
IB/mlx4: Use default pkey when creating tunnel QPs
RDMA/cma: Only call cma_save_ib_info() for CM REQs
RDMA/cma: Fix accessing invalid private data for UD
RDMA/cma: Fix gcc warning
Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"
IB/qib: Add err_decode() call for ring dump
RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
RDMA/nes: Fix info leaks in nes_create_qp() and nes_create_cq()
RDMA/ocrdma: Fix several stack info leaks
RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()
RDMA/ocrdma: Remove unused include
- Revert the OMAP fixes that caused more problems than they solved.
- Fix a build error.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAABAgAGBQJR+h+XAAoJEEEQszewGV1zIMYQAK7VFsYq1ZNkzpoTYSkglnaa
7twmEFqyV4U+jWtJRjpygJ1ZP6uL/ZdI/ouDlvOXlNf0dFJUtaSiqrL1eB2l7OXN
9t463se/0h4/aoN4i09aN0CiDntmfrFxHnu6xe5oO4ukcw1EJu3gWekKBFZ6lX79
1cayVAnrk2dudIjpNqBxJP+SzNGOI0yn1Ig+iznXw5JHhfjkZ0Heh1UQYpnVOjjC
attVs4++lxj7Tj4qkdPibztEnvOzMFV4zAqMFsCiqv/8IqSui9J7zHBYdde05ICZ
yynf3VWuhDjmhMYkNr+wUbfpBJA75u2ViEc/hKJihTykOOxuU+XvX/KGsBwbK7J+
EENTzBDZmyH3OYntKHWJlHkFy6Ym6hWPVGIZ3AJoiMFX2SQzWMgqW/yVUvmeWNj+
2Ds/of9n3VkN9j1dDnAdvrR1TqjpTDHCP+ZSgPSO1X4bBAbWi2HajwvMWZNKUIIP
md2Qu+KWUuDBoq1FpndJWubmEzfRXAZJn4Ghk2ldoy8Q2zI6pSeG1yUHI0IFTLaD
QsCpE84lUoBA1isLt9X2nRTNAKwBjb/9+x5VvT4tACd5V2nYk8TKiuE9DCVKDDNd
7/KNO9p9HgisV+ZqSJyT8hPz42d0PXapKr+jW/dikX+7fXDJj3EY+s/jt0bTQlkS
1Ut/Dhm0HAAzKBh+dHUV
=PQ04
-----END PGP SIGNATURE-----
Merge tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Yet another GPIO pull request, fixing the fix from the last one. It
turns out that fixing the boot path for device tree boots on OMAP
breaks out antique systems (such as OMAP1) and we need to find a
better way. So we're reverting that "fix" for the moment and thinking
about something better.
Also fixing a build issue on the MSM driver"
* tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio_msm: Fix build error due to missing err.h
Revert "gpio/omap: don't create an IRQ mapping for every GPIO on DT"
Revert "gpio/omap: auto request GPIO as input if used as IRQ via DT"
Revert "gpio/omap: fix build error when OF_GPIO is not defined."
Commit 5c766d642 ("ipv4: introduce address lifetime") leaves the ifa
resource that was allocated via inet_alloc_ifa() unfreed when returning
the function with -EINVAL. Thus, free it first via inet_free_ifa().
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
This message was added in commit a7154cb8 (June 2004, [PATCH] r8169:
link handling and phy reset rework) and is printed every ten seconds
when no cable is connected and runtime power management is disabled.
(Before that commit, "Reset RTL8169s PHY" would be printed instead.)
Signed-off-by: Peter Wu <lekensteyn@gmail.com>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
IRQF_DISABLED is a no-op by now and should be
removed.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Acked-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When userspace passes a large priority value
the assignment of the unsigned value hopt->prio
to signed int cl->prio causes cl->prio to become negative and the
comparison is with TC_HTB_NUMPRIO is always false.
The result is that HTB crashes by referencing outside
the array when processing packets. With this patch the large value
wraps around like other values outside the normal range.
See: https://bugzilla.kernel.org/show_bug.cgi?id=60669
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull powerpc fixes from Ben Herrenschmidt:
"Here is not quite a handful of powerpc fixes for rc3.
The windfarm fix is a regression fix (though not a new one), the PMU
interrupt rename is not a fix per-se but has been submitted a long
time ago and I kept forgetting to put it in (it puts us back in sync
with x86), the other perf bit is just about putting an API/ABI bit
definition in the right place for userspace to consume, and finally,
we have a fix for the VPHN (Virtual Partition Home Node) feature
(notification that the hypervisor is moving nodes around) which could
cause lockups so we may as well fix it now"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31)
powerpc: VPHN topology change updates all siblings
powerpc/perf: Export PERF_EVENT_CONFIG_EBB_SHIFT to userspace
powerpc: Rename PMU interrupts from CNT to PMI
Pull ARM fixes from Russell King:
"I've thought long and hard about what to say for this pull request,
and I really can't work out anything sane to say to summarise much of
these commits. The problem is, for most of these are, yet again, lots
of small bits scattered around the place without any real overall
theme to them"
Most notable is probably the kuser page helper improvements.
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm: (22 commits)
ARM: Add .text annotations where required after __CPUINIT removal
ARM: 7803/1: Fix deadlock scenario with smp_send_stop()
ARM: make vectors page inaccessible from userspace
ARM: move signal handlers into a vdso-like page
ARM: allow kuser helpers to be removed from the vector page
ARM: update FIQ support for relocation of vectors
ARM: use linker magic for vectors and vector stubs
ARM: move vector stubs
ARM: poison memory between kuser helpers
ARM: poison the vectors page
ARM: 7801/1: v6: prevent gcc 4.5 from reordering extended CP15 reads above is_smp() test
ARM: 7800/1: ARMv7-M: Fix name of NVIC handler function
ARM: Fix sorting of machine- initializers
ARM: 7791/1: a.out: remove partial a.out support
ARM: 7790/1: Fix deferred mm switch on VIVT processors
ARM: 7789/1: Do not run dummy_flush_tlb_a15_erratum() on non-Cortex-A15
ARM: 7787/1: virt: ensure visibility of __boot_cpu_mode
ARM: 7788/1: elf: fix lpae hwcap feature reporting in proc/cpuinfo
ARM: 7786/1: hyp: fix macro parameterisation
ARM: 7785/1: mm: restrict early_alloc to section-aligned memory
...
Pull parisc updates from Helge Deller:
"The majority of lines changed are due the addition of a defconfig for
the C8000 machine. Even the fix in parisc/kernel/cache.c file is
actually ony a 10-line fix, but the change became bigger (and much
nicer) to avoid errors of the checkpatch script.
Here is the short-changelog:
This round of parisc updates includes mostly fixes for the C8000
workstation. We have a new defconfig file for this machine, as well
as fixes for it's serial port, the AGP driver and the cache routines
to cope with the vmas of the FireGL card in a C8000. The sys32.h
header file was not used and as such it's now gone"
* 'parisc-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix interrupt routing for C8000 serial ports
parisc: Remove arch/parisc/kernel/sys32.h header
parisc: add defconfig for c8000 machine
parisc: agp/parisc-agp: allow binding of user memory to the AGP GART
parisc: Fix cache routines to ignore vma's with an invalid pfn
Hotplug
PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
PCI: hotplug: Convert to be builtin only, not modular
PCI: pciehp: Convert pciehp to be builtin only, not modular
Resource allocation
PCI: Retry allocation of only the resource type that failed
ARM
PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJR+/RRAAoJEFmIoMA60/r8iloP/is7mx667v9F9WRlYMJss+ig
K0cVOauokmr/pyS7Tgr0jfhtulXOmN/VJTvCw6h7+qYtsO/DQ7Y5LPXoMW83s5hK
/N33HDZcm2/1hUxv/4GS3omtO9VefWcmzXmPM7l1fEBQyACTg/zj1Mb97U8j8mhh
vr6y/pLDLwwaRcQNP/Y2F6H8RsDDWE/IyC9MN1qEz+b7Qve5fAPPrDBgExakzmu/
UiiJV3nl7fqBeITA/LSWDCgsOeavmmabqZuaXnKWN0L5PaEa3/8Of6kbsG5ZGgdZ
Y5/Qu0HRtAhaFNAd1670IzcMThC6TJV685z09/OQ+4uKpZ2jJYM26ISSdiMG2He4
FQmLQcgkxGX0xYxdD7K37VC7O17NH+3jEouM2SNSCXGz5RQ3qvW5F4IvSctHmIO8
Q0m2HladNYHtOYk1eGNSlxPd3U0nyQwlXSTgJrKYd/cJgUqYjs+Q9zuAmUj+4QPR
ywwO3rgpetaROY6avw31fWFGqQFAQEQeXvMwTrAJbdIcxvVz77yRiOrD72X61Z7h
A6owzbMmuYKPuym5EbBr0GoCJWAuHc8GIvXKHQQ9QMGuRAj9X4Qrk+BdudeqlTxD
e9WKkKGPmPxR6IuSlZdLCNqcTDDlQZFTnq5WJ989pPsUMKFu8LjybKntBEbPtIue
ydWvibCrxNbTEMyyg+c6
=z2eX
-----END PGP SIGNATURE-----
Merge tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
Pull PCI fixes from Bjorn Helgaas:
"Yinghai fixed a couple regressions: one resource assignment problem
introduced in v3.10 that showed up with SR-IOV on powerpc, and another
SR-IOV hot-remove issue related to refcounting changes we merged for
v3.11.
Yinghai is still working on another SR-IOV-related fix or two, which
will be simpler if pciehp is non-modular, so I included the Kconfig
changes now to get them in earlier.
Finally, a minor fix for the ARM Marvell EBU host bridge driver that
was merged for v3.11
Hotplug:
PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
PCI: hotplug: Convert to be builtin only, not modular
PCI: pciehp: Convert pciehp to be builtin only, not modular
Resource allocation:
PCI: Retry allocation of only the resource type that failed
ARM:
PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge"
* tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
PCI: Retry allocation of only the resource type that failed
PCI: pciehp: Convert pciehp to be builtin only, not modular
PCI: hotplug: Convert to be builtin only, not modular
PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
- Revert two cpuidle commits added during the 3.8 development cycle that
turn out to have introduced a significant performance regression as
requested by Jeremy Eder.
- The recent patches that made the freezer less heavy-weight introduced
a regression causing user-space-driven hibernation using the ioctl()
interface to block indefinitely when the hibernate process executes
try_to_freeze(). Fix from Colin Cross addresses this by adding a
process flag to mark the hibernate/suspend process to inform the
freezer that that process should be ignored.
- One of the recent cpufreq reverts uncovered a problem in the core
causing the cpufreq driver module refcount to become negative after
a system suspend-resume cycle. Fix from Rafael J Wysocki.
- The evaluation of the ACPI battery _BIX method has never worked
correctly, because the commit that added support for it forgot to
take the "Revision" field in the return package into account. As
a result, the reading of battery info doesn't work at all on some
systems, which is addressed by a fix from Lan Tianyu.
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJR+6ptAAoJEKhOf7ml8uNsRpIP/0P2HbCFM52/4Rv/Iltnt4fI
9Vo2dyuL7JKP2U8jtHxfhFGg3oMdYQoUIdnpjtKr4O3obhzl4vHwE9vtrRlhHpRZ
SnHGe0W5v0eQOdCbVzdwS1NrJwckkTy1JuybV+PH66T84Usu0QoxE4iNveK2LX23
eJvOgWGBoyEEWJb+1/KJNIcKk77A0Cnc2CCLMN5bmhwH1QGDRZdzSnrjK5fGniF0
akCGq8jJhBaI1xJF/42LgNBiPpAYk42SPuiSOqniKzweUK1P6YzHjArh0qaTBoUj
27HRkZlY6Y8WLFxqQio7zvbbLSdRuwosESofw2kCFkAAEnCc71kw2nbebNr3sCap
MqrmEMcxqT803PiB2RGyS53WNE7mM3NFCPRLOPL+cWeNQhoYzbZ+UiNx4Dw667cr
Ow+egCY+jyAZm5TFqY6Y75lG61UM6oCs6M6iIwiv/BOmJqCmkTjvNBxHWrVcWxin
YhiLJGyt7iAcIaxhy+fCs2j2a7B0Ai62kZ6YLqaEtNBzjuDbm6sr61A6Nu8bpOTU
C7e76AocyfuDpdU99uawDvuazCGWEg+f8eH8C/ij19jF1/Mrlr0x+4x9MmMm9Iz5
ux0uroTteEuswz9aHmY270qdDLIuSGUsmqD05RoaO61U8dVigWw+ZKqUCImrAM7x
4bK1+2eOig794g9vSsen
=7x7r
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
- Revert two cpuidle commits added during the 3.8 development cycle
that turn out to have introduced a significant performance regression
as requested by Jeremy Eder.
- The recent patches that made the freezer less heavy-weight introduced
a regression causing user-space-driven hibernation using the ioctl()
interface to block indefinitely when the hibernate process executes
try_to_freeze(). Fix from Colin Cross addresses this by adding a
process flag to mark the hibernate/suspend process to inform the
freezer that that process should be ignored.
- One of the recent cpufreq reverts uncovered a problem in the core
causing the cpufreq driver module refcount to become negative after a
system suspend-resume cycle. Fix from Rafael J Wysocki.
- The evaluation of the ACPI battery _BIX method has never worked
correctly, because the commit that added support for it forgot to
take the "Revision" field in the return package into account. As a
result, the reading of battery info doesn't work at all on some
systems, which is addressed by a fix from Lan Tianyu.
* tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
freezer: set PF_SUSPEND_TASK flag on tasks that call freeze_processes
ACPI / battery: Fix parsing _BIX return value
cpufreq: Fix cpufreq driver module refcount balance after suspend/resume
Revert "cpuidle: Quickly notice prediction failure for repeat mode"
Revert "cpuidle: Quickly notice prediction failure in general case"
Panda's DVI connector's DDC pins are connected to OMAP's third i2c bus.
With non-DT, the bus number was 3, and that is what is used in the
dss-common.c which contains the platform data for Panda's DVI.
However, with DT, the bus number is 2. As we now only have DT boot for
Panda, we have to change the bus number to make DVI EDID read
operational.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Acked-by: Tony Lindgren <tony@atomide.com>
For a combination of 18bit LCD data bus width and a color
mode of 32bpp, the driver was setting the color mapping to
rgb666, which is wrong, as the color in memory realy has an
rgb888 layout.
This patch also removes the setting of flag CTRL_DF24 that
makes the driver dimiss the upper 2 bits when handling 32/24bpp
colors in a diplay with 18bit data bus width. This flag made
true color images display wrong in such configurations.
Finally, the color mapping rgb666 has also been removed as nobody
is using it and high level applications like Qt5 cannot work
with it either.
Reference: https://lkml.org/lkml/2013/5/23/220
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Acked-by: Juergen Beisert <jbe@pengutronix.de>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
connector-analog-tv.c uses omap_dss_pal_timings, defined in omapdss's
venc.c, for default timings. omap_dss_pal_timings only exists when VENC
is enabled in the kernel config, so disabling VENC breaks
omap_dss_pal_timings connector-analog-tv compilation.
Instead of adding dependency to VENC, add internal default timings to
the connector driver, because the connector driver should not depend on
VENC, and it can be used with any other analog TV encoder.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
A fixup for Apple Mac Mini was lost during the adaption to the generic
parser because the fallback for the generic ID 8384:7680 was dropped,
and it resulted in the silence output (and maybe other problems).
Unfortunately, just adding the missing subsystem ID wasn't enough, in
this case. The subsystem ID of this machine is 0000:0100 (what Apple
thought...?), and since snd_hda_pick_fixup() doesn't take the vendor
id zero into account, the driver ignored this entry. Now it's fixed
to regard the vendor id zero as a valid value.
Reported-and-tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org> [v3.9+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
It's quite unlikely that dev_set_promiscuity will fail,
but worth checking just in case.
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan passthrough mode is special: it's not possible to switch to or
from it through a netlink command.
But if you try, the command will succeed, which is
confusing.
Validate input and return error to user.
Cc: Sridhar Samudrala <sri@us.ibm.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Uprobes suffer the same problem that kprobes have. There's a race between
writing to the "enable" file and removing the probe. The probe checks for
it being in use and if it is not, goes about deleting the probe and the
event that represents it. But the problem with that is, after it checks
if it is in use it can be enabled, and the deletion of the event (access
to the probe) will fail, as it is in use. But the uprobe will still be
deleted. This is a problem as the event can reference the uprobe that
was deleted.
The fix is to remove the event first, and check to make sure the event
removal succeeds. Then it is safe to remove the probe.
When the event exists, either ftrace or perf can enable the probe and
prevent the event from being removed.
Link: http://lkml.kernel.org/r/20130704034038.991525256@goodmis.org
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Eliezer renames several *ll_poll to *busy_poll, but forgets
CONFIG_NET_LL_RX_POLL, so in case of confusion, rename it too.
Cc: Eliezer Tamir <eliezer.tamir@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When CONFIG_NET_LL_RX_POLL is not set, I got:
net/socket.c: In function ‘sock_poll’:
net/socket.c:1165:4: error: implicit declaration of function ‘sk_busy_loop’ [-Werror=implicit-function-declaration]
Fix this by adding a nop when !CONFIG_NET_LL_RX_POLL.
Cc: Eliezer Tamir <eliezer.tamir@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Slaves get the 64B CQE/EQE state from QUERY_HCA, not from the module parameter.
If the parameter is set to zero, the slave outputs an incorrect/irrelevant
warning message that 64B CQEs/EQEs are supported but not enabled (even if the
hypervisor has enabled 64B CQEs/EQEs).
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If the user has not assigned a MAC address to a VM, then don't give it MAC which
is based on the PF one. The current derivation scheme is wrong and leads to VM
MAC collisions when the number of cards/hypervisors becomes big enough.
Instead, just give it zeros and let them figure out what to do with that.
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There's a race in IPv6 automatic addess assignment. The address is created
with zero lifetime when it's added to various address lists. Before it gets
assigned the correct lifetime, there's a window where a new address may be
configured. This causes the semi-initiated address to be deleted in
addrconf_verify.
This was discovered as a reference leak caused by concurrent run of
__ipv6_ifa_notify for both RTM_NEWADDR and RTM_DELADDR with the same
address.
Fix this by setting the lifetime before the address is added to
inet6_addr_lst.
A few notes:
1. In addrconf_prefix_rcv, by setting update_lft to zero, the
if (update_lft) { ... } condition is no longer executed for newly
created addresses. This is okay, as the ifp fields are set in
ipv6_add_addr now and ipv6_ifa_notify is called (and has been called)
through addrconf_dad_start.
2. The removal of the whole block under ifp->lock in inet6_addr_add is okay,
too, as tstamp is initialized to jiffies in ipv6_add_addr.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
As pointed out by Eric Dumazet, net->ipv6.ip6_rt_last_gc should
hold the last time garbage collector was run so that we should
update it whenever fib6_run_gc() calls fib6_clean_all(), not only
if we got there from ip6_dst_gc().
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
On a high-traffic router with many processors and many IPv6 dst
entries, soft lockup in fib6_run_gc() can occur when number of
entries reaches gc_thresh.
This happens because fib6_run_gc() uses fib6_gc_lock to allow
only one thread to run the garbage collector but ip6_dst_gc()
doesn't update net->ipv6.ip6_rt_last_gc until fib6_run_gc()
returns. On a system with many entries, this can take some time
so that in the meantime, other threads pass the tests in
ip6_dst_gc() (ip6_rt_last_gc is still not updated) and wait for
the lock. They then have to run the garbage collector one after
another which blocks them for quite long.
Resolve this by replacing special value ~0UL of expire parameter
to fib6_run_gc() by explicit "force" parameter to choose between
spin_lock_bh() and spin_trylock_bh() and call fib6_run_gc() with
force=false if gc_thresh is reached but not max_size.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Marvell PCIe driver uses an emulated PCI-to-PCI bridge to be able
to dynamically set up MBus address decoding windows for PCI I/O and
memory regions depending on the PCI devices enumerated by Linux.
However, this emulated PCI-to-PCI bridge logic makes the Linux PCI
core believe that prefetchable memory regions are supported (because
the registers are read/write), while in fact no adress decoding window
is ever created for such regions. Since the Marvell MBus address
decoding windows do not distinguish memory regions and prefetchable
memory regions, this patch takes a simple approach: change the
PCI-to-PCI bridge emulation to let the Linux PCI core know that we
don't support prefetchable memory regions.
To achieve this, we simply make the prefetchable memory base a
read-only register that always returns 0. Reading/writing all the
other prefetchable memory related registers has no effect.
This problem was originally reported by Finn Hoffmann
<finn@uni-bremen.de>, who couldn't get a RTL8111/8168B PCI NIC working
on the NSA310 Kirkwood platform after updating to 3.11-rc. The problem
was that the PCI-to-PCI bridge emulation was making the Linux PCI core
believe that we support prefetchable memory, so the Linux PCI core was
only filling the prefetchable memory base and limit registers, which
does not lead to a MBus window being created. The below patch has been
confirmed by Finn Hoffmann to fix his problem on Kirkwood, and has
otherwise been successfully tested on the Armada XP GP platform with a
e1000e PCIe NIC and a Marvell SATA PCIe card.
Reported-by: Finn Hoffmann <finn@uni-bremen.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
John W. Linville says:
====================
This pull request is intended for the 3.11 stream. It is a bit
larger than usual, as it includes pulls from most of my feeder trees
as well...
For the Bluetooth bits, Gustavo says:
"A few fixes and devices ID additions for 3.11:
* There are 4 new ath3k device ids
* Fixed stack memory usage in ath3k.
* Fixed the init process of BlueFRITZ! devices, they were failing to init
due to an unsupported command we sent.
* Fixed wrong use of PTR_ERR in btusb code that was preventing intel devices
to work properly.
* Fixed race condition between hci_register_dev() and hci_dev_open() that
could cause a NULL pointer dereference.
* Fixed race condition that could call hci_req_cmd_complete() and make some
devices to fail as showed in the log added to the commit message."
Regarding the NFC bits, Samuel says:
"We have:
1) A build failure fix for the NCI SPI transport layer due to a
missing CRC_CCITT Kconfig dependency.
2) A netlink command rename: CMD_FW_UPLOAD was merged during the 3.11
merge window but the typical terminology for loading a firmware to a
target is firmware download rather than upload. In order to avoid any
confusion in a file exported to userspace, we rename this command to
CMD_FW_DOWNLOAD."
Samuel's item #2 isn't strictly a fix, but it seems safe and should
avoid confusion in the future.
As for the mac80211 bits, Johannes says:
"I only have three fixes this time, a fix for a suspend regression, a
patch correcting the initiator in regulatory code and one fix for mesh
station powersave."
With respect to the iwlwifi bits, Johannes says:
"We have a scan fix for passive channels, a new PCI device ID for an old
device, a NIC reset fix, an RF-Kill fix, a fix for powersave when GO
interfaces are present as well as an aggregation session fix (for a
corner case) and a workaround for a firmware design issue - it only
supports a single GTK in D3."
Bringing-up the rear with the Atheros trees, Kalle says:
"Geert Uytterhoeven fixed an ath10k build problem when NO_DMA=y. I added
a missing MAINTAINERS entry for ath10k and updated ath6kl git tree
location."
Along with the above...
Arend van Spriel fixes a brcmfmac WARNING when unplugging the device.
Avinash Patil proves a couple of minor mwifiex fixes relating to P2P mode.
Luciano Coelho updates the MAINTAINERS entry for the wilink drivers.
Stanislaw Gruszka brings an rt2x00 fix for a queue start/stop problem.
Stone Piao fixes another mwifiex problem, a command timeout related to P2P mode.
Tomasz Moń corrects an endian problem in mwifiex.
I'll remind my feeder maintainers to slowdown the patchflow.
Beyond that, please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 8bd26e3a7 (arm: delete __cpuinit/__CPUINIT usage from all ARM
users) caused some code to leak into sections which are discarded
through the removal of __CPUINIT annotations. Add appropriate .text
annotations to bring these back into the kernel text.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
If one process calls sys_reboot and that process then stops other
CPUs while those CPUs are within a spin_lock() region we can
potentially encounter a deadlock scenario like below.
CPU 0 CPU 1
----- -----
spin_lock(my_lock)
smp_send_stop()
<send IPI> handle_IPI()
disable_preemption/irqs
while(1);
<PREEMPT>
spin_lock(my_lock) <--- Waits forever
We shouldn't attempt to run any other tasks after we send a stop
IPI to a CPU so disable preemption so that this task runs to
completion. We use local_irq_disable() here for cross-arch
consistency with x86.
Reported-by: Sundarajan Srinivasan <sundaraj@codeaurora.com>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
If kuser helpers are not provided by the kernel, disable user access to
the vectors page. With the kuser helpers gone, there is no reason for
this page to be visible to userspace.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Move the signal handlers into a VDSO page rather than keeping them in
the vectors page. This allows us to place them randomly within this
page, and also map the page at a random location within userspace
further protecting these code fragments from ROP attacks. The new
VDSO page is also poisoned in the same way as the vector page.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The change made to rsc_parse() in
0dc1531aca "svcrpc: store gss mech in
svc_cred" should also have been propagated to the gss-proxy codepath.
This fixes a crash in the gss-proxy case.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Uninitialized stack data was being used as the destination for memcpy's.
Longer term we'll just delete some of this code; all we're doing is
skipping over xdr that we don't care about.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Since we enabled auto-tuning for sunrpc TCP connections we do not
guarantee that there is enough write-space on each connection to
queue a reply.
If memory pressure causes the window to shrink too small, the request
throttling in sunrpc/svc will not accept any requests so no more requests
will be handled. Even when pressure decreases the window will not
grow again until data is sent on the connection.
This means we get a deadlock: no requests will be handled until there
is more space, and no space will be allocated until a request is
handled.
This can be simulated by modifying svc_tcp_has_wspace to inflate the
number of byte required and removing the 'svc_sock_setbufsize' calls
in svc_setup_socket.
I found that multiplying by 16 was enough to make the requirement
exceed the default allocation. With this modification in place:
mount -o vers=3,proto=tcp 127.0.0.1:/home /mnt
would block and eventually time out because the nfs server could not
accept any requests.
This patch relaxes the request throttling to always allow at least one
request through per connection. It does this by checking both
sk_stream_min_wspace() and xprt->xpt_reserved
are zero.
The first is zero when the TCP transmit queue is empty.
The second is zero when there are no RPC requests being processed.
When both of these are zero the socket is idle and so one more
request can safely be allowed through.
Applying this patch allows the above mount command to succeed cleanly.
Tracing shows that the allocated write buffer space quickly grows and
after a few requests are handled, the extra tests are no longer needed
to permit further requests to be processed.
The main purpose of request throttling is to handle the case when one
client is slow at collecting replies and the send queue gets full of
replies that the client hasn't acknowledged (at the TCP level) yet.
As we only change behaviour when the send queue is empty this main
purpose is still preserved.
Reported-by: Ben Myers <bpm@sgi.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
$echo '0' > /sys/bus/workqueue/devices/xxx/numa
$cat /sys/bus/workqueue/devices/xxx/numa
I got 1. It should be 0, the reason is copy_workqueue_attrs() called
in apply_workqueue_attrs() doesn't copy no_numa field.
Fix it by making copy_workqueue_attrs() copy ->no_numa too. This
would also make get_unbound_pool() set a pool's ->no_numa attribute
according to the workqueue attributes used when the pool was created.
While harmelss, as ->no_numa isn't a pool attribute, this is a bit
confusing. Clear it explicitly.
tj: Updated description and comments a bit.
Signed-off-by: Shaohua Li <shli@fusionio.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
A fix to make sure userspace knows when control writes have caused a
change in value, fixing some UIs, plus a few few driver fixes mainly
cleaning up issues from recent refactorings on less mainstream platforms.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJR+iU1AAoJELSic+t+oim9vJcP/Ro/AhPccuGwTa7tyMFSGAYO
3xQh4REis7TGgCWu018G+zA4bS5Inrqo7B0M61PFxCJoZ3R4QvIgKXHasQ9SNXmW
+nUYqs05rgzl4U2uyEUNLoVelFa1ZbQLKQxuOUQt0+u9rvtBZczNd85KeNtn3IVp
38LTc2scrxo2HmU7UE418euPuFYiz7PMWKSMGd/r5Ht2h6Tij8eQ/Vkm8IgKJ7n6
kfMZCdMgTx0k/JC3Akz2colIIc0I8ioV2FWkZ1XAMaktFR0u585EbqBC2QJhiXRF
RJREXCxp8SGI4H961m53GICk39xfWLC7d1/sprzWDWZ6XTM5T9rp8x3iJNw74AcG
2ERMrDjlJKNVpedhnY7KgtegC+qT/9XcLa1qKpAR9Ym61HUvRvUVD9OsEJ4l5ISn
m+EZFt1Z9BhXU/HlhLN9Nr6mw0A6OnpvyUwR8cR83gz9OHFCmg8MOxVP26sNQSuX
1Ll7XRikSxC5n4AxG3APE8MLB7bcvUoL7benD4zekXG+pJhoefg5hmL7qvMCv+fy
bkeFafc3QUSsaiuf2tQjfHF99wvJC/BWt4cx1hdRjLNMxqoJre5hpJE9/l4JLs7X
Z6j6RTOD7/cXPZNMh67zK2w/V2NzcvK9I4U20HA9+IjfiYYugCc2XzCLaYrp1bwo
6P8Y8EXhUC3thSti/WUZ
=WtLE
-----END PGP SIGNATURE-----
Merge tag 'asoc-v3.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.11
A fix to make sure userspace knows when control writes have caused a
change in value, fixing some UIs, plus a few few driver fixes mainly
cleaning up issues from recent refactorings on less mainstream platforms.
slots-fan on G5 Xserve is always running at full speed with windfarm_rm31
driver, resulting in a very high acoustic noise level. It seems the fan
parameters are incorrect, and have been copied from the Drive Bay fan
(RPM, not present on rm31) of the legacy therm_pm72 driver. This patch
changes the parameters to match the Slots fan (PWM) of therm_pm72. With
the patch, slots-fan speed drops from 99% to 19% during normal use,
and slots-temp settle to ~42'C.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
When an associativity level change is found for one thread, the
siblings threads need to be updated as well. This is done today
for PRRN in stage_topology_update() but is missing for VPHN in
update_cpu_associativity_changes_mask(). This patch will correctly
update all thread siblings during a topology change.
Without this patch a topology update can result in a CPU in
init_sched_groups_power() getting stuck indefinitely in a loop.
This loop is built in build_sched_groups(). As a result of the thread
moving to a node separate from its siblings the struct sched_group will
have its next pointer set to point to itself rather than the sched_group
struct of the next thread. This happens because we have a domain without
the SD_OVERLAP flag, which is correct, and a topology that doesn't conform
with reality (threads on the same core assigned to different numa nodes).
When this list is traversed by init_sched_groups_power() it will reach
the thread's sched_group structure and loop indefinitely; the cpu will
be stuck at this point.
The bug was exposed when VPHN was enabled in commit b7abef0 (v3.9).
Cc: <stable@vger.kernel.org> [v3.9+]
Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Robert Jennings <rcj@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>