Commit Graph

52478 Commits

Author SHA1 Message Date
Linus Torvalds 6a3e3dbee6 IOMMU fixes for Linux v3.6-rc7
Two small patches:
 
 	* One patch to fix the function declarations for
 	  !CONFIG_IOMMU_API. This is causing build errors
 	  in linux-next and should be fixed for v3.6.
 
 	* Another patch to fix an IOMMU group related NULL pointer
 	  dereference.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQZfKiAAoJECvwRC2XARrjc7wP/jprdrOfr8xD8jKxmodVpjyE
 87yQmncv3YwbrcnHiPBywsFgdfdzgKp/ds7Rm9lR8Qn8bhLqvPI2fNpghAcA+ext
 512I89JaUyrqRKcFKWAuFsrhzs58zlN0VfiZgksDpRTjBEqIUk12sHq5w8TRIiu2
 SrHVxxUmcYIWyTjPBdCHbjjKlUXdd1XEtyF2l4Dk22JoUmXIwytHzrnit0bW2lW7
 TtNBGVApwJomVYpAEkCzHYYgyX1HMSxwopm3DI2UpQGOpO2M11MXhFb1emEdwCeY
 QMqRQxO6mqVDzQRC1AVBVT+CltI8ZUWy0mOvAYnp2DEgFFGhfLvtesLpws0FN3ie
 IFm2PRahhlkPCBjH+K/AtC5MEnJBSATEg3VgRELWkUTz8pfmuKs4hwgkzb/SZqyX
 cJAwuhSgsh8idwxrN78HlBoURMEvvi9MrYU8AguDKBpPPP1OlwE4/cEAFfsQINEL
 7fqjUrF+mTmsnLpdTgth65fJZUmTd4jpsfCo5HKNW7FaidxyEFMW6Ws0hSz8B3h+
 OcBLwj21CiFz5SLr1MQKt2koretb7GueFOTBTEWMOyQAputdHFjXHgcA3OPEy60O
 Ou0cAU50V50DejxROwtJ0j9zPGnmqcAcnqXdZ4cvdCVFEjmEwNE22Ih914bAoT0x
 6UxWUqSsIufKL1m6UNI1
 =QISV
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v3.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "Two small patches:

	* One patch to fix the function declarations for
	  !CONFIG_IOMMU_API. This is causing build errors
	  in linux-next and should be fixed for v3.6.

	* Another patch to fix an IOMMU group related NULL pointer
	  dereference."

* tag 'iommu-fixes-v3.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Fix wrong assumption in iommu-group specific code
  iommu: static inline iommu group stub functions
2012-09-29 10:37:04 -07:00
Linus Torvalds 21e98932dc Merge git://git.infradead.org/users/willy/linux-nvme
Pull NVMe driver fixes from Matthew Wilcox:
 "Now that actual hardware has been released (don't have any yet
  myself), people are starting to want some of these fixes merged."

Willy doesn't have hardware? Guys...

* git://git.infradead.org/users/willy/linux-nvme:
  NVMe: Cancel outstanding IOs on queue deletion
  NVMe: Free admin queue memory on initialisation failure
  NVMe: Use ida for nvme device instance
  NVMe: Fix whitespace damage in nvme_init
  NVMe: handle allocation failure in nvme_map_user_pages()
  NVMe: Fix uninitialized iod compiler warning
  NVMe: Do not set IO queue depth beyond device max
  NVMe: Set block queue max sectors
  NVMe: use namespace id for nvme_get_features
  NVMe: replace nvme_ns with nvme_dev for user admin
  NVMe: Fix nvme module init when nvme_major is set
  NVMe: Set request queue logical block size
2012-09-29 10:31:52 -07:00
Linus Torvalds 5e19997a74 Some fixes for v3.6
- Add __NR_kcmp to generic syscall list
   - C6X: Use generic asm/barrier.h
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQY1xlAAoJEOiN4VijXeFPL9gP/0TEai5L7I+tSzYrxxg7XrNg
 Sdz1H0YVeicsfBYUZAxJatGw+bCEr1eecMFYYOVtTGVDaLGQzuE6Jr4np+xhcl/O
 a1XmXj/Hfckw1OMZQZeI+bbvtiWFpkElUgUCrvgJuEe7FpvkLhXagXm9ybk4U7jo
 DL+MTqBC6OV3ozTyPaAhlUpqK6UsvBO7pJX+YHdKTlwtN5XlaVFn3pSOmzQNPzwR
 gy6ip3/xJ14ESQ3ccTP6LKrM9V2FLxf/Oa/x9aLACEMQ8RY3HlzWbtyGp3yZhSUZ
 KVK5djCbb17eD2GLEglTic783uBU1mWCxK/tbngwPlZkwcDt1n2GE02AIzV+fgqY
 5pDSul2KwVWUcgga3s5820pJCYMSFsk80Mvxo1KuKCmNgxG26qzPgDZESjhLZydQ
 G/CyM8NnkpobLIC7Rqb/IU7NOzyPxOfh3yA1thKmhED7fdAcvDdQsT276Cl0H2w/
 CCqfXn3qeirdjBOPFZkeGqx2begQl8it0sNop9GSS8+Rm9fNyU1z1mGx0NH1YPB+
 lw9HIhngvxfJM82CwTzHS0MzRAtPbJh96HJoSyEYUsE5MgKwtHGqr9hLpDYABXW5
 P4O8KLLQRReivi5B4AQczN5KgB4JUU7D9SjZt01FZi9mUgNxJP8Lg1MJ0U41NMV2
 2si01dSOZVYXVeLqqnDT
 =Mli4
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming

Pull c6x arch fixes from Mark Salter:
  - Add __NR_kcmp to generic syscall list
  - C6X: Use generic asm/barrier.h

* tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming:
  syscalls: add __NR_kcmp syscall to generic unistd.h
  c6x: use asm-generic/barrier.h
2012-09-26 14:28:17 -07:00
Mark Salter 11ef4cfac9 syscalls: add __NR_kcmp syscall to generic unistd.h
Commit d97b46a64 ("syscalls, x86: add __NR_kcmp syscall" ) added a new
syscall to support checkpoint restore. It is currently x86-only, but
that restriction will be removed in a subsequent patch. Unfortunately,
the kernel checksyscalls script had a bug which suppressed any warning
to other architectures that the kcmp syscall was not implemented. A
patch to checksyscalls is being tested in linux-next and other
architectures are seeing warnings about kcmp being unimplemented.

This patch adds __NR_kcmp to <asm-generic/unistd.h> so that kcmp is
wired in for architectures using the generic syscall list.

Signed-off-by: Mark Salter <msalter@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
2012-09-26 15:26:30 -04:00
Linus Torvalds 6f0f9b6b3f Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull more networking fixes from David Miller:

 1) Eric Dumazet discovered and fixed what turned out to be a family of
    bugs.  These functions were using pskb_may_pull() which might need
    to reallocate the linear SKB data buffer, but the callers were not
    expecting this possibility.  The callers have cached pointers to the
    packet header areas, and would need to reload them if we were to
    continue using pskb_may_pull().

    So they could end up reading garbage.

    It's easier to just change these RAW4/RAW6/MIP6 routines to use
    skb_header_pointer() instead of pskb_may_pull(), which won't modify
    the linear SKB data area.

 2) Dave Jone's syscall spammer caught a case where a non-TCP socket can
    call down into the TCP keepalive code.  The case basically involves
    creating a raw socket with sk_protocol == IPPROTO_TCP, then calling
    setsockopt(sock_fd, SO_KEEPALIVE, ...)

    Fixed by Eric Dumazet.

 3) Bluetooth devices do not get configured properly while being powered
    on, resulting in always using legacy pairing instead of SSP.  Fix
    from Andrzej Kaczmarek.

 4) Bluetooth cancels delayed work erroneously, put stricter checks in
    place.  From Andrei Emeltchenko.

 5) Fix deadlock between cfg80211_mutex and reg_regdb_search_mutex in
    cfg80211, from Luis R.  Rodriguez.

 6) Fix interrupt double release in iwlwifi, from Emmanuel Grumbach.

 7) Missing module license in bcm87xx driver, from Peter Huewe.

 8) Team driver can lose port changed events when adding devices to a
    team, fix from Jiri Pirko.

 9) Fix endless loop when trying ot unregister PPPOE device in zombie
    state, from Xiaodong Xu.

10) batman-adv layer needs to set MAC address of software device
    earlier, otherwise we call tt_local_add with it uninitialized.

11) Fix handling of KSZ8021 PHYs, it's matched currently by KS8051 but
    that doesn't program the device properly.  From Marek Vasut.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  ipv6: mip6: fix mip6_mh_filter()
  ipv6: raw: fix icmpv6_filter()
  net: guard tcp_set_keepalive() to tcp sockets
  phy/micrel: Add missing header to micrel_phy.h
  phy/micrel: Rename KS80xx to KSZ80xx
  phy/micrel: Implement support for KSZ8021
  batman-adv: Fix symmetry check / route flapping in multi interface setups
  batman-adv: Fix change mac address of soft iface.
  pppoe: drop PPPOX_ZOMBIEs in pppoe_release
  team: send port changed when added
  ipv4: raw: fix icmp_filter()
  net/phy/bcm87xx: Add MODULE_LICENSE("GPL") to GPL driver
  iwlwifi: don't double free the interrupt in failure path
  cfg80211: fix possible circular lock on reg_regdb_search()
  Bluetooth: Fix not removing power_off delayed work
  Bluetooth: Fix freeing uninitialized delayed works
  Bluetooth: mgmt: Fix enabling LE while powered off
  Bluetooth: mgmt: Fix enabling SSP while powered off
2012-09-25 14:20:29 -07:00
Mark Salter be8cfc4af1 c/r: prctl: fix build error for no-MMU case
Commit 1ad75b9e16 ("c/r: prctl: add minimal address test to
PR_SET_MM") added some address checking to prctl_set_mm() used by
checkpoint-restore.  This causes a build error for no-MMU systems:

   kernel/sys.c: In function 'prctl_set_mm':
   kernel/sys.c:1868:34: error: 'mmap_min_addr' undeclared (first use in this function)

The test for mmap_min_addr doesn't make a lot of sense for no-MMU code
as noted in commit 6e14154676 ("NOMMU: Optimise away the
{dac_,}mmap_min_addr tests").

This patch defines mmap_min_addr as 0UL in the no-MMU case so that the
compiler will optimize away tests for "addr < mmap_min_addr".

Signed-off-by: Mark Salter <msalter@redhat.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: <stable@vger.kernel.org>	[3.6.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-25 08:59:21 -07:00
Alex Williamson bef83de5a0 iommu: static inline iommu group stub functions
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
2012-09-25 12:14:56 +02:00
Marek Vasut 69190e67d4 phy/micrel: Add missing header to micrel_phy.h
The license header was missing in micrel_phy.h . This patch adds
one.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-24 15:54:33 -04:00
Marek Vasut 510d573fef phy/micrel: Rename KS80xx to KSZ80xx
There is no such part as KS8001, KS8041 or KS8051. There are only
KSZ8001, KSZ8041 and KSZ8051. Rename these parts as such to match
the Micrel naming.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Cc: Linux ARM kernel <linux-arm-kernel@lists.infradead.org>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-24 15:54:33 -04:00
Marek Vasut 212ea99a85 phy/micrel: Implement support for KSZ8021
The KSZ8021 PHY was previously caught by KS8051, which is not correct.
This PHY needs additional setup if it is strapped for address 0. In such
case an reserved bit must be written in the 0x16, "Operation Mode Strap
Override" register. According to the KS8051 datasheet, that bit means
"PHY Address 0 in non-broadcast" and it indeed behaves as such on KSZ8021.
The issue where the ethernet controller (Freescale FEC) did not communicate
with network is fixed by writing this bit as 1.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-24 15:54:32 -04:00
Linus Torvalds abef3bd710 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking updates from David Miller:
 "More bug fixes, nothing gets past these guys"

 1) More kernel info leaks found by Mathias Krause, this time in the
    IPSEC configuration layers.

 2) When IPSEC policies change, we do not properly make sure that cached
    routes (which could now be stale) throughout the system will be
    revalidated.  Fix this by generalizing the generation count
    invalidation scheme used by ipv4.  From Nicolas Dichtel.

 3) When repairing TCP sockets, we need to allow to restore not just the
    send window scale, but the receive one too.  Extend the existing
    interface to achieve this in a backwards compatible way.  From
    Andrey Vagin.

 4) A fix for FCOE scatter gather feature validation erroneously caused
    scatter gather to be disabled for things like AOE too.  From Ed L
    Cashin.

 5) Several cases of mishandling of error pointers, from Mathias Krause,
    Wei Yongjun, and Devendra Naga.

 6) Fix gianfar build, from Richard Cochran.

 7) CAP_NET_* failures should return -EPERM not -EACCES, from Zhao
    Hongjiang.

 8) Hardware reset fix in janz-ican3 CAN driver, from Ira W Snyder.

 9) Fix oops during rmmod in ti_hecc CAN driver, from Marc Kleine-Budde.

10) The removal of the conditional compilation of the clk support code
    in the stmmac driver broke things.  This is because the interfaces
    used are the ones that don't also perform the enable/disable of the
    clk.  Fix from Stefan Roese.

11) The QFQ packet scheduler can record out of range virtual start
    times, resulting later in misbehavior and even crashes.  Fix from
    Paolo Valente.

12) If MSG_WAITALL is used with IOAT DMA under TCP, we can wedge the
    receiver when the advertised receive window goes to zero.  Detect
    this case and force the processing of the IOAT DMA queue when it
    happens to avoid getting stuck.  Fix from Michal Kubecek.

13) batman-adv assumes that test_bit() returns only 0 or 1, but this is
    not true for x86 (which returns -1 or 0, via the 'sbb' instruction).
    Fix from Linus Lussing.

14) Fix small packet corruption in e1000, from Tushar Dave.

15) make_blackhole() in the IPSEC policy code can do one read unlock too
    many, fix from Li RongQing.

16) The new tcp_try_coalesce() code introduced a bug in TCP URG
    handling, fix from Eric Dumazet.

17) Fix memory leak in __netif_receive_skb() when doing zerocopy and
    when hit an OOM condition.  From Michael S Tsirkin.

18) netxen blindly deferences pdev->bus->self, which is not guarenteed
    to be non-NULL.  Fix from Nikolay Aleksandrov.

19) Fix a performance regression caused by mistakes in ipv6 checksum
    validation in the bnx2x driver, fix from Michal Schmidt.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)
  net/stmmac: Use clk_prepare_enable and clk_disable_unprepare
  net: change return values from -EACCES to -EPERM
  net/irda: sh_sir: fix return value check in sh_sir_set_baudrate()
  stmmac: fix return value check in stmmac_open_ext_timer()
  gianfar: fix phc index build failure
  ipv6: fix return value check in fib6_add()
  bnx2x: remove false warning regarding interrupt number
  can: ti_hecc: fix oops during rmmod
  can: janz-ican3: fix support for older hardware revisions
  net: do not disable sg for packets requiring no checksum
  aoe: assert AoE packets marked as requiring no checksum
  at91ether: return PTR_ERR if call to clk_get fails
  xfrm_user: don't copy esn replay window twice for new states
  xfrm_user: ensure user supplied esn replay window is valid
  xfrm_user: fix info leak in copy_to_user_tmpl()
  xfrm_user: fix info leak in copy_to_user_policy()
  xfrm_user: fix info leak in copy_to_user_state()
  xfrm_user: fix info leak in copy_to_user_auth()
  net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200
  tcp: restore rcv_wscale in a repair mode (v2)
  ...
2012-09-21 14:32:55 -07:00
Linus Torvalds 18f5600ba2 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Small perf fixlets"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  tracing: Don't call page_to_pfn() if page is NULL
  perf/x86: Fix Intel Ivy Bridge support
  perf/x86/ibs: Check syscall attribute flags
  perf/x86: Export Sandy Bridge uncore clockticks event in sysfs
2012-09-21 14:24:48 -07:00
Linus Torvalds 6d77987fe6 Add missing 'name' sysfs attributes to ad7314 and ads7871 drivers
Bump maximum wait time for applesmc driver (again)
 Fix build warning seen with W=1 in include/linux/kernel.h, introduced
 with b6d86d3 (Fix DIV_ROUND_CLOSEST to support negative dividends)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQWhFlAAoJEMsfJm/On5mBNisP/iex3oyGvUjyW8ywdrEDZ03C
 TPMn3CIajCIA9T9HJh3CBc0bUX/NP7+M2dzNsXl0Nh6voJy6+6u0AgF9SpZpH9ke
 VDm5DVW8M66q/g0DRd++UO/KBfTWoQ+lncclhXErdnqIUSII40XE6N0o5VgpT5EJ
 V13QlaS8EiEw/TD7tnOgOdLczM6TWYrsKVu2JjQDrRdJuMz0xvTXr4MFpdZuc0G1
 oxYlvGI5rdkIfkdhXuyD4yxs34Pl//W6K0nj6M9F3cwZcmh3gdPLaQxeck5sHtL+
 63QLdSc1BDmyRS2P0slFNZRmRvresxOSKL5CqXs+AyaQ5R9fiMKY0JOQJb9TME9R
 5nND0ZyTbm57IKUxVAdDvdDD7C037vS8UZLyCXLDgNY1WNsMm8puk+cCvFtTxO3w
 0wlmdPDLXihtgMkmGHssoRPSlcDrk9P6ovAyatbrEkbwUUzRDdAGN2cHkXuwuVkc
 OrD7Bk8aTlJeR8nvL9dORcJtSZ+0xSOsv7/8j+sKpWu0D+i/TIoDPELfe0VvljwA
 J46kS4oQR1tZzEZnEE54jWv/22I6WHll6vUzgGoRDp7zfuj/JAWlO9Ik8DUU1uBO
 q/8Qf7RyN5p1PbKMO8l+23r4UC3MNczMzVlhLBBHGGUMY0F6u8Nq20Z0TE6fn10q
 QITsxQ90n2dAicKhNFMD
 =0dS3
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:
 - Add missing 'name' sysfs attributes to ad7314 and ads7871 drivers
 - Bump maximum wait time for applesmc driver (again)
 - Fix build warning seen with W=1 in include/linux/kernel.h, introduced
   with commit b6d86d3d6d ("Fix DIV_ROUND_CLOSEST to support negative
   dividends")

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST
  hwmon: (applesmc) Bump max wait
  hwmon: (ad7314) Add 'name' sysfs attribute
  hwmon: (ads7871) Add 'name' sysfs attribute
2012-09-21 12:33:31 -07:00
Linus Torvalds 8ca7de9164 Bug-fixes:
* Fix M2P batching re-using the incorrect structure field.
  * Disable BIOS SMP MP table search.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJQXGfdAAoJEFjIrFwIi8fJbWcH/0FI2d/VyB+ZU0ng3R0Oa7mt
 iR/x+Z+mfFdp2dXS6gs6DgJIZVA7i2K9pX4rOXjpDGGGyUeo1xoqjlQfsFWQGjZ/
 p49RrDrM93c2GdRXk3iMSWfboQI7BXBs5rnyYZQL7kMxUSR75MxbeONvhPrMSO9I
 3EBidWH08qjrn2HVF44F6xh5ONjpclo5AvGIzJ0eU4X0D0eqMnhvlAw8/UYJU2HV
 heRvuxWF9l2jNpLhKhZy1730D1X/vKA5qKAcBW8rCOpEijyPpmtKbqapeUJg/9pH
 NVquuwGutP5ozrSi7a/23+L+ezvQBmCPm5ZRG44PccBoZ/HVs8haT8UypSWSDzo=
 =TwvM
 -----END PGP SIGNATURE-----

Merge tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen

Pull Xen bug-fixes from Konrad Rzeszutek Wilk:
 - Fix M2P batching re-using the incorrect structure field.

   In v3.5 we added batching for M2P override (Machine Frame Number ->
   Physical Frame Number), but the original MFN was saved in an
   incorrect structure - and we would oops/restore when restoring with
   the old MFN.

 - Disable BIOS SMP MP table search.

   A bootup issue that we had ignored until we found that on DL380 G6 it
   was needed.

* tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/boot: Disable BIOS SMP MP table search.
  xen/m2p: do not reuse kmap_op->dev_bus_addr
2012-09-21 12:06:54 -07:00
Mathias Krause ecd7918745 xfrm_user: ensure user supplied esn replay window is valid
The current code fails to ensure that the netlink message actually
contains as many bytes as the header indicates. If a user creates a new
state or updates an existing one but does not supply the bytes for the
whole ESN replay window, the kernel copies random heap bytes into the
replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
netlink attribute. This leads to following issues:

1. The replay window has random bits set confusing the replay handling
   code later on.

2. A malicious user could use this flaw to leak up to ~3.5kB of heap
   memory when she has access to the XFRM netlink interface (requires
   CAP_NET_ADMIN).

Known users of the ESN replay window are strongSwan and Steffen's
iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
uses the interface with a bitmap supplied while the former does not.
strongSwan is therefore prone to run into issue 1.

To fix both issues without breaking existing userland allow using the
XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
fully specified one. For the former case we initialize the in-kernel
bitmap with zero, for the latter we copy the user supplied bitmap. For
state updates the full bitmap must be supplied.

To prevent overflows in the bitmap length calculation the maximum size
of bmp_len is limited to 128 by this patch -- resulting in a maximum
replay window of 4096 packets. This should be sufficient for all real
life scenarios (RFC 4303 recommends a default replay window size of 64).

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Martin Willi <martin@revosec.ch>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-20 18:08:40 -04:00
Wen Congyang 85f2a2ef1d tracing: Don't call page_to_pfn() if page is NULL
When allocating memory fails, page is NULL. page_to_pfn() will
cause the kernel panicked if we don't use sparsemem vmemmap.

Link: http://lkml.kernel.org/r/505AB1FF.8020104@cn.fujitsu.com

Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable <stable@vger.kernel.org>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2012-09-20 15:51:16 -04:00
Guenter Roeck 263a523d18 linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST
After commit b6d86d3d (Fix DIV_ROUND_CLOSEST to support negative dividends),
the following warning is seen if the kernel is compiled with W=1 (-Wextra):

warning: comparison of unsigned expression >= 0 is always true

The warning is due to the test '((typeof(x))-1) >= 0', which is used to detect
if the variable type is unsigned. Research on the web suggests that the warning
disappears if '>' instead of '>=' is used for the comparison.

Tests after changing the macro along that line show that the warning is gone,
and that the result is still correct:

i=-4: DIV_ROUND_CLOSEST(i, 2)=-2
i=-3: DIV_ROUND_CLOSEST(i, 2)=-2
i=-2: DIV_ROUND_CLOSEST(i, 2)=-1
i=-1: DIV_ROUND_CLOSEST(i, 2)=-1
i=0: DIV_ROUND_CLOSEST(i, 2)=0
i=1: DIV_ROUND_CLOSEST(i, 2)=1
i=2: DIV_ROUND_CLOSEST(i, 2)=1
i=3: DIV_ROUND_CLOSEST(i, 2)=2
i=4: DIV_ROUND_CLOSEST(i, 2)=2

Code size is the same as before.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Acked-by: Jean Delvare <khali@linux-fr.org>
2012-09-19 06:51:25 -07:00
Nicolas Dichtel 6f3118b571 ipv6: use net->rt_genid to check dst validity
IPv6 dst should take care of rt_genid too. When a xfrm policy is inserted or
deleted, all dst should be invalidated.
To force the validation, dst entries should be created with ->obsolete set to
DST_OBSOLETE_FORCE_CHK. This was already the case for all functions calling
ip6_dst_alloc(), except for ip6_rt_copy().

As a consequence, we can remove the specific code in inet6_connection_sock.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-18 15:57:03 -04:00
Nicolas Dichtel b42664f898 netns: move net->ipv4.rt_genid to net->rt_genid
This commit prepares the use of rt_genid by both IPv4 and IPv6.
Initialization is left in IPv4 part.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-18 15:57:03 -04:00
Nicolas Dichtel bafa6d9d89 ipv4/route: arg delay is useless in rt_cache_flush()
Since route cache deletion (89aef8921b), delay is no
more used. Remove it.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-18 15:44:34 -04:00
Miklos Szeredi b161dfa693 vfs: dcache: use DCACHE_DENTRY_KILLED instead of DCACHE_DISCONNECTED in d_kill()
IBM reported a soft lockup after applying the fix for the rename_lock
deadlock.  Commit c83ce989cb ("VFS: Fix the nfs sillyrename regression
in kernel 2.6.38") was found to be the culprit.

The nfs sillyrename fix used DCACHE_DISCONNECTED to indicate that the
dentry was killed.  This flag can be set on non-killed dentries too,
which results in infinite retries when trying to traverse the dentry
tree.

This patch introduces a separate flag: DCACHE_DENTRY_KILLED, which is
only set in d_kill() and makes try_to_ascend() test only this flag.

IBM reported successful test results with this patch.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-18 11:23:51 -07:00
Andi Kleen 9a858dc7ce compiler.h: add __visible
gcc 4.6+ has support for a externally_visible attribute that prevents the
optimizer from optimizing unused symbols away.  Add a __visible macro to
use it with that compiler version or later.

This is used (at least) by the "Link Time Optimization" patchset.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-17 15:00:38 -07:00
Chuck Lever 35c448a8a3 include/net/sock.h: squelch compiler warning in sk_rmem_schedule()
This warning:

  In file included from linux/include/linux/tcp.h:227:0,
                   from linux/include/linux/ipv6.h:221,
                   from linux/include/net/ipv6.h:16,
                   from linux/include/linux/sunrpc/clnt.h:26,
                   from linux/net/sunrpc/stats.c:22:
  linux/include/net/sock.h: In function `sk_rmem_schedule':
  linux/nfs-2.6/include/net/sock.h:1339:13: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

is seen with gcc (GCC) 4.6.3 20120306 (Red Hat 4.6.3-2) using the
-Wextra option.

Commit c76562b670 ("netvm: prevent a stream-specific deadlock")
accidentally replaced the "size" parameter of sk_rmem_schedule() with an
unsigned int.  This changes the semantics of the comparison in the
return statement.

In sk_wmem_schedule we have syntactically the same comparison, but
"size" is a signed integer.  In addition, __sk_mem_schedule() takes a
signed integer for its "size" parameter, so there is an implicit type
conversion in sk_rmem_schedule() anyway.

Revert the "size" parameter back to a signed integer so that the
semantics of the expressions in both sk_[rw]mem_schedule() are exactly
the same.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Mel Gorman <mgorman@suse.de>
Cc: David Miller <davem@davemloft.net>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-17 15:00:38 -07:00
Jianguo Wu 05cf96398e mm/ia64: fix a memory block size bug
I found following definition in include/linux/memory.h, in my IA64
platform, SECTION_SIZE_BITS is equal to 32, and MIN_MEMORY_BLOCK_SIZE
will be 0.

  #define MIN_MEMORY_BLOCK_SIZE     (1 << SECTION_SIZE_BITS)

Because MIN_MEMORY_BLOCK_SIZE is int type and length of 32bits,
so MIN_MEMORY_BLOCK_SIZE(1 << 32) will will equal to 0.
Actually when SECTION_SIZE_BITS >= 31, MIN_MEMORY_BLOCK_SIZE will be wrong.
This will cause wrong system memory infomation in sysfs.
I think it should be:

  #define MIN_MEMORY_BLOCK_SIZE     (1UL << SECTION_SIZE_BITS)

And "echo offline > memory0/state" will cause following call trace:

  kernel BUG at mm/memory_hotplug.c:885!
  sh[6455]: bugcheck! 0 [1]
  Pid: 6455, CPU 0, comm:                   sh
  psr : 0000101008526030 ifs : 8000000000000fa4 ip  : [<a0000001008c40f0>]    Not tainted (3.6.0-rc1)
  ip is at offline_pages+0x210/0xee0
  Call Trace:
    show_stack+0x80/0xa0
    show_regs+0x640/0x920
    die+0x190/0x2c0
    die_if_kernel+0x50/0x80
    ia64_bad_break+0x3d0/0x6e0
    ia64_native_leave_kernel+0x0/0x270
    offline_pages+0x210/0xee0
    alloc_pages_current+0x180/0x2a0

Signed-off-by: Jianguo Wu <wujianguo@huawei.com>
Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-17 15:00:37 -07:00
Linus Torvalds 73f8be297e This is the remaining MFD fixes for 3.6, with 5 pending fixes:
- A tps65217 build error fix.
 - A lcp_ich regression fix caused by the MFD driver failing to initialize the
   watchdog sub device due to ACPI conflicts.
 - 2 MAX77693 interrupt handling bug fixes.
 - An MFD core fix, adding an IRQ domain argument to the MFD device addition
   API in order to prevent silent and potentially harmful remapping behaviour
   changes for drivers supporting non-DT platforms.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQVQpwAAoJEIqAPN1PVmxKpnQP/iDPakfGT0m00nxk9VvuXfaA
 SlNxhhM1ZPxlZcBrVFULZ+dCVuUaBYIfwoT4Wwl2yZsmp8uYb62Rd6LGXDnjO+FH
 zKMg3b/KDHq/jicYxqFy4bVq3I850jTLN4Hti6hArn8HM6gxZJQxM810Poxt6M0T
 odud6oHSevGpCoL7GU4O+gmx1wKSDRrw6TZPokJDfXaQcFPJEt0YGGtI2zAO1sV+
 iBPQE/bI3bF5r/kowbh9ro5WybGNyFrwiYtaTzJWntXoPKN1lmr0F2F2NaCEo1xj
 2vJPFSCK3qC9Ft7sPQEBYxrSXzyzgu7G8HGgkcBG5SaSo+W3awe9DEaHfk5E7sdr
 iyc01kh4FmGlMAvHG/zcK3YvchR7GJdRI7BrR+MTQ03ZUv/ZrmTYFAHv5fAzBQ+N
 6ZUoC/1bqPKpfeFPOKYpDeYJVnFBWLYr+t7McTqqg+kpxUuYnQ0HyJVjDh01ZVQT
 AtCjjW7R+Ka44B+xfMOartPZMqZZEHSJ0UjacyEyzMpAAY14eUDMtTqs/jtNp+8Z
 B0bZiA8ZhUmNVH7TZoT/u57FgEW34JnM8oH6jLVN+yjInpuugIvqpZn0TA90GL7V
 Fh2DALMgUN5z/TXduGSsSPg1hvXFPOujaS+4o78e8PWiVQd5XUk/mc8OOS/mrRwj
 +mILnzxJcp8iYrYqESbt
 =nP/y
 -----END PGP SIGNATURE-----

Merge tag 'mfd-for-linus-3.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6

Pull mfd fixes from Samuel Ortiz:
 "This is the remaining MFD fixes for 3.6, with 5 pending fixes:

   - A tps65217 build error fix.
   - A lcp_ich regression fix caused by the MFD driver failing to
     initialize the watchdog sub device due to ACPI conflicts.
   - 2 MAX77693 interrupt handling bug fixes.
   - An MFD core fix, adding an IRQ domain argument to the MFD device
     addition API in order to prevent silent and potentially harmful
     remapping behaviour changes for drivers supporting non-DT
     platforms."

* tag 'mfd-for-linus-3.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
  mfd: MAX77693: Fix NULL pointer error when initializing irqs
  mfd: MAX77693: Fix interrupt handling bug
  mfd: core: Push irqdomain mapping out into devices
  mfd: lpc_ich: Fix a 3.5 kernel regression for iTCO_wdt driver
  mfd: Move tps65217 regulator plat data handling to regulator
2012-09-16 13:22:21 -07:00
Linus Torvalds 76e77daf65 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull scsi target fixes from Nicholas Bellinger:
 "Here is the current set of target-pending fixes headed for v3.6-final

  The main parts of this series include bug-fixes from Paolo Bonzini to
  address an use-after-free bug in pSCSI sense exception handling, along
  with addressing some long-standing bugs wrt the handling of zero-
  length SCSI CDB payloads also specific to pSCSI pass-through device
  backends."

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target: go through normal processing for zero-length REQUEST_SENSE
  target: support zero allocation length in REQUEST SENSE
  target: support zero-size allocation lengths in transport_kmap_data_sg
  target: fail REPORT LUNS with less than 16 bytes of payload
  target: report too-small parameter lists everywhere
  target: go through normal processing for zero-length PSCSI commands
  target: fix use-after-free with PSCSI sense data
  target: simplify code around transport_get_sense_data
  target: move transport_get_sense_data
  target: Check idr_get_new return value in iscsi_login_zero_tsih_s1
  target: Fix ->data_length re-assignment bug with SCSI overflow
2012-09-16 13:00:36 -07:00
Linus Torvalds a34689d980 Sound fixes #2 for 3.6-rc6
Yet more (a bunch of) small fixes that slipped from the previous
 pull request.  Most of commits are pending ASoC fixes, all of which
 are fairly trivial commits.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJQVGAHAAoJEGwxgFQ9KSmkyW8P/idw2CiiB2bdU3SwDfg6AXJE
 CmvpTHtxAVtYvejq/WIFP9NkUAwZZePg+DQoVTOYmzdrZjNyCIW0rq7TG2PCo4Dx
 v6Ek9MITrWbT8dil75SF0JeqglWznQFNkUinBCVIZPEzvpvTmjbnQNvja9iVQ41G
 LpWbB0KPTNw88cILnH8YTO0tlvPFhOTx4ZRMZpq26q7nmph5abSjLlkKmYMa59sp
 lbq8P9y2HRSLM7YR5WAV7ydg3L+euFe7ppbCqnp0l0mmhYjj3/ltI/wxkGIWNfRN
 mSAW3ZM2Xz0ZO0NLuLEMcgoCZAoHy3KUMOJqt+DKe91Vn7DpBU/xWrcwU+wT7I3v
 9O4vM6C4h89xxB41n1AejUQivPHIyT1ZmfSRByB5t5l2KwUI2VDD2p7VNHvY6FWF
 JkbYfb2c1VB3sUZKDv0dKDfZDsc5ddLVSnujoRjApel9ghVI7wDZr5ZsLPMW8z/Y
 6wJ5PsBAf1iPc+CS05mQXrLc8LQB3u3bR7xTEt9yVsj8lQIXmN6W6Vm0N0hut6Vs
 snDpKHD0AQ9LjQZysUsX45qPPiSX6PlX2wEFyA49C1ahBKUJ0Nh7wmqvvF9/GA2R
 kqK652uM7Mworw26eYrNfbyL2/DFrPea67lks1tqW3s1o7NQ9A1gNmrF0ZIIbaTt
 zY0D01eyFWkIeeKqKtoU
 =fIXH
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull more sound fixes from Takashi Iwai:
 "Yet more (a bunch of) small fixes that slipped from the previous pull
  request.  Most of commits are pending ASoC fixes, all of which are
  fairly trivial commits."

* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ASoC: wm8904: correct the index
  ALSA: hda - Yet another position_fix quirk for ASUS machines
  ASoC: tegra: fix maxburst settings in dmaengine code
  ASoC: samsung dma - Don't indicate support for pause/resume.
  ASoC: mc13783: Remove mono support
  ASoC: arizona: Fix typo in 44.1kHz rates
  ASoC: spear: correct the check for NULL dma_buffer pointer
  sound: tegra_alc5632: remove HP detect GPIO inversion
  ASoC: atmel-ssc: include linux/io.h for raw io
  ASoC: dapm: Don't force card bias level to be updated
  ASoC: dapm: Make sure we update the bias level for CODECs with no op
  ASoC: am3517evm: fix error return code
  ASoC: ux500_msp_i2s: better use devm functions and fix error return code
  ASoC: imx-sgtl5000: fix error return code
2012-09-16 12:57:59 -07:00
Linus Torvalds 37407ea7f9 Revert "sched: Improve scalability via 'CPU buddies', which withstand random perturbations"
This reverts commit 970e178985.

Nikolay Ulyanitsky reported thatthe 3.6-rc5 kernel has a 15-20%
performance drop on PostgreSQL 9.2 on his machine (running "pgbench").

Borislav Petkov was able to reproduce this, and bisected it to this
commit 970e178985 ("sched: Improve scalability via 'CPU buddies' ...")
apparently because the new single-idle-buddy model simply doesn't find
idle CPU's to reschedule on aggressively enough.

Mike Galbraith suspects that it is likely due to the user-mode spinlocks
in PostgreSQL not reacting well to preemption, but we don't really know
the details - I'll just revert the commit for now.

There are hopefully other approaches to improve scheduler scalability
without it causing these kinds of downsides.

Reported-by: Nikolay Ulyanitsky <lystor@gmail.com>
Bisected-by: Borislav Petkov <bp@alien8.de>
Acked-by: Mike Galbraith <efault@gmx.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-16 12:29:43 -07:00
Mark Brown 0848c94fb4 mfd: core: Push irqdomain mapping out into devices
Currently the MFD core supports remapping MFD cell interrupts using an
irqdomain but only if the MFD is being instantiated using device tree
and only if the device tree bindings use the pattern of registering IPs
in the device tree with compatible properties.  This will be actively
harmful for drivers which support non-DT platforms and use this pattern
for their DT bindings as it will mean that the core will silently change
remapping behaviour and it is also limiting for drivers which don't do
DT with this particular pattern.  There is also a potential fragility if
there are interrupts not associated with MFD cells and all the cells are
omitted from the device tree for some reason.

Instead change the code to take an IRQ domain as an optional argument,
allowing drivers to take the decision about the parent domain for their
interrupts.  The one current user of this feature is ab8500-core, it has
the domain lookup pushed out into the driver.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-15 23:22:04 +02:00
Takashi Iwai 5d037f9064 ASoC: Updates for 3.6
A bigger set of updates than I'm entirely comfortable with - things
 backed up a bit due to travel.  As ever the majority of these are small,
 focused updates for specific drivers though there are a couple of core
 changes.  There's been good exposure in -next.
 
 The AT91 patch fixes a build break.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQU2awAAoJEOoSHmUN5Tg4Wy8P/i7q103BAz0ScA0xu2zg8Sjp
 XVQDHrw24PsDOCQLGI2YXBYekACvGVyCPjic1NVj1vkTo+UCHl1AeVPexh6R+nSl
 1kwDmEHcja9uZ1Z4p5vDTTwWKzaSXqmz7yCZXeywv+Xcw/+JCpKSVdShwJXhL7jj
 z+TQV/wUOKV0cm7aP9B4VNFLnNgschpYiaJh+eIGIGL0edILuCRDuHnTwmgxHaVf
 a4BJXjU71lgz9pLVbw7zRNF1EymqhHcOFAhYAl0xqO5l6+J3pVu8ukOlv2qRt+Gb
 g3Sdo/tX7Iz0mbqOS9NDM5lhaIYaLC9oyQCMbVGWAY3PBWF3I2VFB72ZheL2RA7V
 n5nv/rTplnV+ApPQ8C3nD98WvY82mI5ZOJjVik6u7rDa4/xukZvzbiZdKnAOkQ8r
 LzyMW3KEeN7aKo/Li/rJbwYE3vwXJSfWO0ZS77zzzXFWNFMBOOMLhB8Fc+bKko3x
 xkUNyoKzFfnc4rqQvbTovY7U881ZscW5eBfwwioonBpdRHkuqX6AD4GZORVKtKiq
 4O01E04M2IMuK2qodDOYV+IlHsFM3rXGOu4SzX/yDsVIc+SObKEF0F1XX/8B7/X4
 G/Lc4jCe4rrWlOsswxhie3ZkMV+2p2HQy7YWdp525/8OZt7fFhkt4NQU0vpqyhwM
 giF4gvYVHtsbwd8RzxLe
 =o1sd
 -----END PGP SIGNATURE-----

Merge tag 'asoc-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for 3.6

A bigger set of updates than I'm entirely comfortable with - things
backed up a bit due to travel.  As ever the majority of these are small,
focused updates for specific drivers though there are a couple of core
changes.  There's been good exposure in -next.

The AT91 patch fixes a build break.
2012-09-15 08:24:42 +02:00
Linus Torvalds 5b799dde31 Merge branch 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux
Pull i2c embedded fixes from Wolfram Sang:
 "The last bunch of (typical) i2c-embedded driver fixes for 3.6.

  Also update the MAINTAINERS file to point to my tree since people keep
  asking where to find their patches."

* 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux:
  i2c: algo: pca: Fix mode selection for PCA9665
  MAINTAINERS: fix tree for current i2c-embedded development
  i2c: mxs: correctly setup speed for non devicetree
  i2c: pnx: Fix read transactions of >= 2 bytes
  i2c: pnx: Fix bit definitions
2012-09-14 17:55:57 -07:00
Linus Torvalds dd383af6aa Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "I realise this a bit bigger than I would want at this point.

  Exynos is a large chunk, I got them to half what they wanted already,
  and hey its ARM based, so not going to hurt many people.

  Radeon has only two fixes, but the PLL fixes were a bit bigger, but
  required for a lot of scenarios, the fence fix is really urgent.

  vmwgfx: I've pulled in a dumb ioctl support patch that I was going to
  shove in later and cc stable, but we need it asap, its mainly to stop
  mesa growing a really ugly dependency in userspace to run stuff on
  vmware, and if I don't stick it in the kernel now, everyone will have
  to ship ugly userspace libs to workaround it.

  nouveau: single urgent fix found in F18 testing, causes X to not start
  properly when f18 plymouth is used

  i915: smattering of fixes and debug quieting

  gma500: single regression fix

  So as I said a bit large, but its fairly well scattered and its all
  stuff I'll be shipping in F18's 3.6 kernel."

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (26 commits)
  drm/nouveau: fix booting with plymouth + dumb support
  drm/radeon: make 64bit fences more robust v3
  drm/radeon: rework pll selection (v3)
  drm: Drop the NV12M and YUV420M formats
  drm/exynos: remove DRM_FORMAT_NV12M from plane module
  drm/exynos: fix double call of drm_prime_(init/destroy)_file_private
  drm/exynos: add dummy support for dmabuf-mmap
  drm/exynos: Add missing braces around sizeof in exynos_mixer.c
  drm/exynos: Add missing braces around sizeof in exynos_hdmi.c
  drm/exynos: Make g2d_pm_ops static
  drm/exynos: Add dependency for G2D in Kconfig
  drm/exynos: fixed page align bug.
  drm/exynos: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(.. [1]
  drm/exynos: Use devm_* functions in exynos_drm_g2d.c file
  drm/exynos: Use devm_kzalloc in exynos_drm_hdmi.c file
  drm/exynos: Use devm_kzalloc in exynos_drm_vidi.c file
  drm/exynos: Remove redundant check in exynos_drm_fimd.c file
  drm/exynos: Remove redundant check in exynos_hdmi.c file
  vmwgfx: add dumb ioctl support
  gma500: Fix regression on Oaktrail devices
  ...
2012-09-14 17:51:10 -07:00
Linus Torvalds 7ef6e97380 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "This tree includes various fixes"

Ingo really needs to improve on the whole "explain git pull" part.
"Various fixes" indeed.

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/hwpb: Invoke __perf_event_disable() if interrupts are already disabled
  perf/x86: Enable Intel Cedarview Atom suppport
  perf_event: Switch to internal refcount, fix race with close()
  oprofile, s390: Fix uninitialized memory access when writing to oprofilefs
  perf/x86: Fix microcode revision check for SNB-PEBS
2012-09-14 17:43:45 -07:00
Linus Torvalds a1362d504e Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Use after free and new device IDs in bluetooth from Andre Guedes,
    Yevgeniy Melnichuk, Gustavo Padovan, and Henrik Rydberg.

 2) Fix crashes with short packet lengths and VLAN in pktgen, from
    Nishank Trivedi.

 3) mISDN calls flush_work_sync() with locks held, fix from Karsten
    Keil.

 4) Packet scheduler gred parameters are reported to userspace
    improperly scaled, and WRED idling is not performed correctly.  All
    from David Ward.

 5) Fix TCP socket refcount problem in ipv6, from Julian Anastasov.

 6) ibmveth device has RX queue alignment requirements which are not
    being explicitly met resulting in sporadic failures, fix from
    Santiago Leon.

 7) Netfilter needs to take care when interpreting sockets attached to
    socket buffers, they could be time-wait minisockets.  Fix from Eric
    Dumazet.

 8) sock_edemux() has the same issue as netfilter did in #7 above, fix
    from Eric Dumazet.

 9) Avoid infinite loops in CBQ scheduler with some configurations, from
    Eric Dumazet.

10) Deal with "Reflection scan: an Off-Path Attack on TCP", from Jozsef
    Kadlecsik.

11) SCTP overcharges socket for TX packets, fix from Thomas Graf.

12) CODEL packet scheduler should not reset it's state every time it
    builds a new flow, fix from Eric Dumazet.

13) Fix memory leak in nl80211, from Wei Yongjun.

14) NETROM doesn't check skb_copy_datagram_iovec() return values, from
    Alan Cox.

15) l2tp ethernet was using sizeof(ETH_HLEN) instead of plain ETH_HLEN,
    oops.  From Eric Dumazet.

16) Fix selection of ath9k chips on which PA linearization and AM2PM
    predistoration are used, from Felix Fietkau.

17) Flow steering settings in mlx4 driver need to be validated properly,
    from Hadar Hen Zion.

18) bnx2x doesn't show the correct link duplex setting, from Yaniv
    Rosner.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
  pktgen: fix crash with vlan and packet size less than 46
  bnx2x: Add missing afex code
  bnx2x: fix registers dumped
  bnx2x: correct advertisement of pause capabilities
  bnx2x: display the correct duplex value
  bnx2x: prevent timeouts when using PFC
  bnx2x: fix stats copying logic
  bnx2x: Avoid sending multiple statistics queries
  net: qmi_wwan: call subdriver with control intf only
  net_sched: gred: actually perform idling in WRED mode
  net_sched: gred: fix qave reporting via netlink
  net_sched: gred: eliminate redundant DP prio comparisons
  net_sched: gred: correct comment about qavg calculation in RIO mode
  mISDN: Fix wrong usage of flush_work_sync while holding locks
  netfilter: log: Fix log-level processing
  net-sched: sch_cbq: avoid infinite loop
  net: qmi_wwan: fix Gobi device probing for un2430
  net: fix net/core/sock.c build error
  ixp4xx_hss: fix build failure due to missing linux/module.h inclusion
  caif: move the dereference below the NULL test
  ...
2012-09-14 15:34:07 -07:00
Linus Torvalds 0462bfc88d Driver core fix for 3.6-rc6
Here is one fix for 3.6-rc6 for the kobject.h file.
 
 It fixes a reported oops if CONFIG_HOTPLUG is disabled.  It's been in
 the linux-next tree for a while now.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iEYEABECAAYFAlBSFtQACgkQMUfUDdst+yksuQCg0HgFS6eYiprJCRm6OEwYH00F
 SkAAn3JW81UB1s72y8GeCFSigemiCGW2
 =nHRF
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-3.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fix from Greg Kroah-Hartman:
 "Here is one fix for 3.6-rc6 for the kobject.h file.

  It fixes a reported oops if CONFIG_HOTPLUG is disabled.  It's been in
  the linux-next tree for a while now.

  Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

* tag 'driver-core-3.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  kobject: fix oops with "input0: bad kobj_uevent_env content in show_uevent()"
2012-09-14 14:53:22 -07:00
Karsten Keil 4b921eda53 mISDN: Fix wrong usage of flush_work_sync while holding locks
It is a bad idea to hold a spinlock and call flush_work_sync.
Move the workqueue cleanup outside the spinlock and use cancel_work_sync,
on closing the channel this seems to be the more correct function.
Remove the never used and constant return value of mISDN_freebchannel.

Signed-off-by: Karsten Keil <keil@b1-systems.de>
Cc: <stable@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-13 14:58:54 -04:00
Robert Richter bad9ac2d7f perf/x86/ibs: Check syscall attribute flags
Current implementation simply ignores attribute flags. Thus, there is
no notification to userland of unsupported features. Check syscall's
attribute flags to let userland know if a feature is supported by the
kernel. This is also needed to distinguish between future kernels what
might support a feature.

Cc: <stable@vger.kernel.org> v3.5..
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/20120910093018.GO8285@erda.amd.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2012-09-13 16:59:48 +02:00
Ville Syrjälä d9dd85dd4e drm: Drop the NV12M and YUV420M formats
The NV12M/YUV420M formats are identical to the NV12/YUV420 formats.
So just remove these duplicated format names.

This might look like breaking the ABI, but the code has never actually
accepted these formats, so nothing can be using them.

Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
2012-09-13 12:38:10 +09:00
Linus Torvalds 22b4e63ebe NFS client bugfixes for Linux 3.6
- Final (hopefully) fix for the range checking code in NFSv4 getacl. This
   should fix the Oopses being seen when the acl size is close to PAGE_SIZE.
 - Fix a regression with the legacy binary mount code
 - Fix a regression in the readdir cookieverf initialisation
 - Fix an RPC over UDP regression
 - Ensure that we report all errors in the NFSv4 open code
 - Ensure that fsync() reports all relevant synchronisation errors.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQUN+KAAoJEGcL54qWCgDyHGcQAKj7MYVDIjhdmsVGGNWXUCnf
 X0LVg/ajh+vjusK+hmquzcJikZqgce5IU5DW4vcFr1X8BgP+R51UVvU0KksByD5H
 ourV2JVCztAQzQ4WWOsZAGqN0tooJUjyEjl4lEiDsQCF4Nk1HWbuCHeYuX74OToZ
 jrgedj0EZ6zb7TOizvbgU/7lI+FKu3Hlw6+u27M9phtSuefJdYSHZHYVMOX81qPh
 k0zgZ4tuLIaDuBB84iCrPwNt9icnevq6cIc+AGluI6xhDw+foPvUaUR+OUI420IZ
 tunNzP2So+nNoyjEiyMVENaCdEyA75XAmmGHTUUdBiVOsMV4HF/TqvTtSsjk2mN1
 FbZVvtjD6srjsQaKdVmqMIZBdhY9LSMLIQVqb4H2rYP6Mwq06WTuyCxf5YhzFfoy
 2tai7JuqBkTAWfKB8ESWywV6Qk/MkUWRAOBO6ksS66gAwpcFDj6nfeAdwaEmoYKc
 uzLUIRZaclPMZf661cs1fWeFV5XOnCL7je4owgTRGs7MHooWHPcC3273fEJqnhFz
 5MkC7nfmUiGcdO1v0mfYTEtMj9Pp9icBoZcVTGn4eZIHzvhhZOx//8LhyBfS+jll
 bKjaLZ1rErvIqwnSGcB7PK2yBYY9P6ZaxWjOrAAncZmiOxfhN0hvCo54jNOr/VZ+
 atsDEAuqSTeK7ouBqyO4
 =e5yE
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-3.6-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:

 - Final (hopefully) fix for the range checking code in NFSv4 getacl.
   This should fix the Oopses being seen when the acl size is close to
   PAGE_SIZE.
 - Fix a regression with the legacy binary mount code
 - Fix a regression in the readdir cookieverf initialisation
 - Fix an RPC over UDP regression
 - Ensure that we report all errors in the NFSv4 open code
 - Ensure that fsync() reports all relevant synchronisation errors.

* tag 'nfs-for-3.6-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: fsync() must exit with an error if page writeback failed
  SUNRPC: Fix a UDP transport regression
  NFS: return error from decode_getfh in decode open
  NFSv4: Fix buffer overflow checking in __nfs4_get_acl_uncached
  NFSv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl
  NFS: Fix a problem with the legacy binary mount code
  NFS: Fix the initialisation of the readdir 'cookieverf' array
2012-09-13 09:04:13 +08:00
Roland Stigge c076ada4e4 i2c: pnx: Fix read transactions of >= 2 bytes
On transactions with n>=2 bytes, the controller actually wrongly clocks in n+1
bytes. This is caused by the (wrong) assumption that RFE in the Status Register
is 1 iff there is no byte already ordered (via a dummy TX byte). This lead to
the implementation of synchronized byte ordering, e.g.:

Dummy-TX - RX - Dummy-TX - RX - ...

But since RFE actually stays high after some Dummy-TX, it rather looks like:

Dummy-TX - Dummy-TX - RX - Dummy-TX - RX - (RX)

The last RX byte is clocked in by the bus controller, but ignored by the kernel
when filling the userspace buffer.

This patch fixes the issue by asking for RX via Dummy-TX asynchronously.
Introducing a separate counter for TX bytes.

Signed-off-by: Roland Stigge <stigge@antcom.de>
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
2012-09-12 17:52:44 +02:00
Stefano Stabellini 2fc136eecd xen/m2p: do not reuse kmap_op->dev_bus_addr
If the caller passes a valid kmap_op to m2p_add_override, we use
kmap_op->dev_bus_addr to store the original mfn, but dev_bus_addr is
part of the interface with Xen and if we are batching the hypercalls it
might not have been written by the hypervisor yet. That means that later
on Xen will write to it and we'll think that the original mfn is
actually what Xen has written to it.

Rather than "stealing" struct members from kmap_op, keep using
page->index to store the original mfn and add another parameter to
m2p_remove_override to get the corresponding kmap_op instead.
It is now responsibility of the caller to keep track of which kmap_op
corresponds to a particular page in the m2p_override (gntdev, the only
user of this interface that passes a valid kmap_op, is already doing that).

CC: stable@kernel.org
Reported-and-Tested-By: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2012-09-12 11:21:40 -04:00
John W. Linville 777bf135b7 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
John W. Linville says:

====================
Please pull these fixes intended for 3.6.  There are more commits
here than I would like -- I got a bit behind while I was stalking
Steven Rostedt in San Diego last week...  I'll slow it down after this!

There are a couple of pulls here.  One is from Johannes:

"Please pull (according to the below information) to get a few fixes.

 * a fix to properly disconnect in the driver when authentication or
   association fails
 * a fix to prevent invalid information about mesh paths being reported
   to userspace
 * a memory leak fix in an nl80211 error path"

The other comes via Gustavo:

"A few updates for the 3.6 kernel. There are two btusb patches to add
more supported devices through the new USB_VENDOR_AND_INTEFACE_INFO()
macro and another one that add a new device id for a Sony Vaio laptop,
one fix for a user-after-free and, finally, two patches from Vinicius
to fix a issue in SMP pairing."

Along with those...

Arend van Spriel provides a fix for a use-after-free bug in brcmfmac.

Daniel Drake avoids a hang by not trying to touch the libertas hardware
duing suspend if it is already powered-down.

Felix Fietkau provides a batch of ath9k fixes that adress some
potential problems with power settings, as well as a fix to avoid a
potential interrupt storm.

Gertjan van Wingerde provides a register-width fix for rt2x00, and
a rt2x00 fix to prevent incorrectly detecting the rfkill status.
He also provides a device ID patch.

Hante Meuleman gives us three brcmfmac fixes, one that properly
initializes a command structure, one that fixes a race condition that
could lose usb requests, and one that removes some log spam.

Marc Kleine-Budde offers an rt2x00 fix for a voltage setting on some
specific devices.

Mohammed Shafi Shajakhan sent an ath9k fix to avoid a crash related to
using timers that aren't allocated when 2 wire bluetooth coexistence
hardware is in use.

Sergei Poselenov changes rt2800usb to do some validity checking for
received packets, avoiding crashes on an ARM Soc.

Stone Piao gives us an mwifiex fix for an incorrectly set skb length
value for a command buffer.

All of these are localized to their specific drivers, and relatively
small.  The power-related patches from Felix are bigger than I would
like, but I merged them in consideration of their isolation to ath9k
and the sensitive nature of power settings in wireless devices.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-07 14:38:50 -04:00
Paolo Bonzini 32a8811ff1 target: support zero allocation length in REQUEST SENSE
Similar to INQUIRY and MODE SENSE, construct the sense data in a
buffer and later copy it to the scatterlist.  Do not do anything,
but still clear a pending unit attention condition, if the allocation
length is zero.

However, SPC tells us that "If a REQUEST SENSE command is terminated with
CHECK CONDITION status [and] the REQUEST SENSE command was received on
an I_T nexus with a pending unit attention condition (i.e., before the
device server reports CHECK CONDITION status), then the device server
shall not clear the pending unit attention condition."  Do the
transport_kmap_data_sg early to detect this case.

It also tells us "Device servers shall not adjust the additional sense
length to reflect truncation if the allocation length is less than the
sense data available", so do not do that!  Note that the err variable
is write-only.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-09-07 11:14:21 -07:00
Hadar Hen Zion 7fb40f87c4 net/mlx4_core: Add security check / enforcement for flow steering rules set for VMs
Since VFs may be mapped to VMs which aren't trusted entities,  flow
steering rules attached through the wrapper on behalf of VFs must be
checked to make sure that their L2 specification relate to MAC address
assigned to that VF, and add L2 specification if its missing.

Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-07 12:55:59 -04:00
Hadar Hen Zion a8edc3bf05 net/mlx4_core: Put Firmware flow steering structures in common header files
To allow for usage of the flow steering Firmware structures in more locations over the driver,
such as the resource tracker, move them from mcg.c to common header files.

Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-09-07 12:55:59 -04:00
Trond Myklebust f39c1bfb5a SUNRPC: Fix a UDP transport regression
Commit 43cedbf0e8 (SUNRPC: Ensure that
we grab the XPRT_LOCK before calling xprt_alloc_slot) is causing
hangs in the case of NFS over UDP mounts.

Since neither the UDP or the RDMA transport mechanism use dynamic slot
allocation, we can skip grabbing the socket lock for those transports.
Add a new rpc_xprt_op to allow switching between the TCP and UDP/RDMA
case.

Note that the NFSv4.1 back channel assigns the slot directly
through rpc_run_bc_task, so we can ignore that case.

Reported-by: Dick Streefland <dick.streefland@altium.nl>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@vger.kernel.org [>= 3.1]
2012-09-07 11:43:49 -04:00
Bjørn Mork 60e233a566 kobject: fix oops with "input0: bad kobj_uevent_env content in show_uevent()"
Fengguang Wu <fengguang.wu@intel.com> writes:

> After the __devinit* removal series, I can still get kernel panic in
> show_uevent(). So there are more sources of bug..
>
> Debug patch:
>
> @@ -343,8 +343,11 @@ static ssize_t show_uevent(struct device
>                 goto out;
>
>         /* copy keys to file */
> -       for (i = 0; i < env->envp_idx; i++)
> +       dev_err(dev, "uevent %d env[%d]: %s/.../%s\n", env->buflen, env->envp_idx, top_kobj->name, dev->kobj.name);
> +       for (i = 0; i < env->envp_idx; i++) {
> +               printk(KERN_ERR "uevent %d env[%d]: %s\n", (int)count, i, env->envp[i]);
>                 count += sprintf(&buf[count], "%s\n", env->envp[i]);
> +       }
>
> Oops message, the env[] is again not properly initilized:
>
> [   44.068623] input input0: uevent 61 env[805306368]: input0/.../input0
> [   44.069552] uevent 0 env[0]: (null)

This is a completely different CONFIG_HOTPLUG problem, only
demonstrating another reason why CONFIG_HOTPLUG should go away.  I had a
hard time trying to disable it anyway ;-)

The problem this time is lots of code assuming that a call to
add_uevent_var() will guarantee that env->buflen > 0.  This is not true
if CONFIG_HOTPLUG is unset.  So things like this end up overwriting
env->envp_idx because the array index is -1:

	if (add_uevent_var(env, "MODALIAS="))
		return -ENOMEM;
        len = input_print_modalias(&env->buf[env->buflen - 1],
				   sizeof(env->buf) - env->buflen,
				   dev, 0);

Don't know what the best action is, given that there seem to be a *lot*
of this around the kernel.  This patch "fixes" the problem for me, but I
don't know if it can be considered an appropriate fix.

[ It is the correct fix for now, for 3.7 forcing CONFIG_HOTPLUG to
always be on is the longterm fix, but it's too late for 3.6 and older
kernels to resolve this that way - gregkh ]

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Fengguang Wu <fengguang.wu@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-09-06 10:13:58 -07:00
Linus Torvalds c7c6bf1e8c One patch, fixing DIV_ROUND_CLOSEST to support negative dividends.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQSCWfAAoJEMsfJm/On5mBvicP/0CmzUgasB1MVpBpxZeaLrcf
 buGw5GZpH/Kh7h+4mdfY5egzvn0J9lFt9gWB58lw1xaQhHgihaus/h63K9nDQpyb
 NhsuGDY628st9cJWBFU18KcnSjVKNSEdVOZLtSkqzpbtAiy6zH0pQGfNPCSZaJuo
 XngjHAyIHZaAyORgwudGm9hrTqTGNUdaLPp1NbXO1N7+/Upnm5f237XUWqgboTgK
 4BGVOG6Prjm6ytJqc+eXg/iUACPgdG8Fe8rQMhRm0HjIEdX58+xfjrOZ3IPqxqcX
 F+ri3W615PazVi27wC6Afk9NqssvJagImEzRh7DbbMAeTesh0vAPMb8UihhhX4M6
 BsWU8zE1UVBEHJmi0ZT/Q+5v3heLbBd2kbmyorSBvHZyH+zFaAgvWVSqMCWguKO+
 CBptQnFhFY209Pi3S79tZFe7g5T6xMFddGW+0Wpp7pdT+BgC9EL7UBJGctCzO7Yq
 ipfCtRzZmJO7HnQic9T7XQhQvmCNjZEXHIooFZgZ6uF3GJL0Ipetc3t/uHwZ2C+E
 TwX4eNJH/IxgyRJszjCyKWs6iu7RaRQu7lq4a6ZpROmQJIW64pEF/ZWQ2+QULwnN
 pX2j2mLPltidjUiJ6uAIyzZr8FL97uLSLDkWhc4fZTsDC+2NOLwaK7nPErO1M6Rc
 C9fde4G5GOhkCaGrZX83
 =eZQ4
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull a hwmon fix from Guenter Roeck:
 "One patch, fixing DIV_ROUND_CLOSEST to support negative dividends.

  While the changes are not in the drivers/hwmon directory, the problem
  primarily affects hwmon drivers, and it makes sense to push the patch
  through the hwmon tree."

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  linux/kernel.h: Fix DIV_ROUND_CLOSEST to support negative dividends
2012-09-06 09:39:47 -07:00
Trond Myklebust 1f1ea6c2d9 NFSv4: Fix buffer overflow checking in __nfs4_get_acl_uncached
Pass the checks made by decode_getacl back to __nfs4_get_acl_uncached
so that it knows if the acl has been truncated.

The current overflow checking is broken, resulting in Oopses on
user-triggered nfs4_getfacl calls, and is opaque to the point
where several attempts at fixing it have failed.
This patch tries to clean up the code in addition to fixing the
Oopses by ensuring that the overflow checks are performed in
a single place (decode_getacl). If the overflow check failed,
we will still be able to report the acl length, but at least
we will no longer attempt to cache the acl or copy the
truncated contents to user space.

Reported-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Sachin Prabhu <sprabhu@redhat.com>
2012-09-06 11:11:53 -04:00
Linus Torvalds 0809095036 MMC fixes for 3.6-rc5:
- a firmware bug on several Samsung MoviNAND eMMC models causes
    permanent corruption on the device when secure erase and secure trim
    requests are made, so we disable those requests on these eMMC devices.
  - atmel-mci: fix a hang with some SD cards by waiting for not-busy flag.
  - dw_mmc: low-power mode breaks SDIO interrupts; fix PIO error handling;
    fix handling of error interrupts.
  - mxs-mmc: fix deadlocks; fix compile error due to dma.h arch change.
  - omap: fix broken PIO mode causing memory corruption.
  - sdhci-esdhc: fix card detection.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQR/7BAAoJEHNBYZ7TNxYMT3gQANQDdD/wvYFgUvssIAgdQJdl
 KORu7ke5ks2Gvx0Ef0Ch+GXIFFDoqH0zMkQMXc+c0BdhR4BF/vNBbBYZoVYyvmgK
 GUHK740nznwp9edIVbGbRm+FSxDG7ZpjUlFq+SInBOehIw7tQAep3Tbv1rYZzu6M
 SUBGc31Nif9eCvTKzGU195qbutAhvcGmqEvi/ALP9bUCYR7QaTt/oD3YYuUD/ZjV
 O/mf3R30vrV+R1lrQRqzXIi8vCojPMzkVU8x+C8PdOTjewvYviM0huW9+Lv6WsxK
 DzhCgoNvrB1Q/rYtiNZ1gyWd5cTZWns308slREEwywD5IBQJMo5T68Q/D+h2PkS9
 JCvtiZ+ryycvINyUn2JxEZuygseUiT/nMS0ijSidQY7vrZlNR8JrrK3qf0vRDkWo
 0mXhQG5DvxDN6Dx9K15OgTAuABek1CEdKFD0R/a3X41H/KUvKQwWPWmdTybBriAo
 8jkUl64YMpFt+LZqrmeQ1oOcwc8BvMvcM4dnMbkXrHvBb926fENBIMGNeI7O10o8
 597dEpLlKNZj8e8YxJjbqaCuFhOp/pHRQy+rxdjP28V4mfHASQGgsnFAO4qV7B24
 1wqtSu5ZCor4K616wfDvMYgL88pMg7fVEV3nN9Cc/WpsBaBPZv7vOQbp/f40rKWa
 GRb9+9NC0WU0CP28GlCq
 =n1hi
 -----END PGP SIGNATURE-----

Merge tag 'mmc-fixes-for-3.6-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc

Pull MMC fixes from Chris Ball:
 - a firmware bug on several Samsung MoviNAND eMMC models causes
   permanent corruption on the device when secure erase and secure trim
   requests are made, so we disable those requests on these eMMC devices.
 - atmel-mci: fix a hang with some SD cards by waiting for not-busy flag.
 - dw_mmc: low-power mode breaks SDIO interrupts; fix PIO error handling;
   fix handling of error interrupts.
 - mxs-mmc: fix deadlocks; fix compile error due to dma.h arch change.
 - omap: fix broken PIO mode causing memory corruption.
 - sdhci-esdhc: fix card detection.

* tag 'mmc-fixes-for-3.6-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
  mmc: omap: fix broken PIO mode
  mmc: card: Skip secure erase on MoviNAND; causes unrecoverable corruption.
  mmc: dw_mmc: Disable low power mode if SDIO interrupts are used
  mmc: dw_mmc: fix error handling in PIO mode
  mmc: dw_mmc: correct mishandling error interrupt
  mmc: dw_mmc: amend using error interrupt status
  mmc: atmel-mci: not busy flag has also to be used for read operations
  mmc: sdhci-esdhc: break out early if clock is 0
  mmc: mxs-mmc: fix deadlock caused by recursion loop
  mmc: mxs-mmc: fix deadlock in SDIO IRQ case
  mmc: bfin_sdh: fix dma_desc_array build error
2012-09-05 19:41:58 -07:00