Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This fixes up the usage of snprintf, strncpy, and format strings in the
call to kthread_run to avoid ever accidentally allowing a format string
into the thread name.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The boot message buffer could potentially overflow the stack and the
heap. Additionally make sure format strings could not leak into printk()
calls.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/rtl8188eu/core/rtw_wlan_util.c: In function ‘WMMOnAssocRsp’:
drivers/staging/rtl8188eu/core/rtw_wlan_util.c:634: warning: ‘change_inx’ may be used uninitialized in this function
And the compiler is right: change_inx should be initialized to false.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
LUSTRE_TRANSLATE_ERRNOS is never enabled, a "true" is not a valid value.
Use "default y" instead of "default true" to fix this.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The indentation in the swGetOFDMControlRate function is screwed up.
At first it appears that there are missing braces on a multi-line if, but
looking at history, commit dd0a774fc7
("staging: vt6656: card/main_usb/device use new structure names")
incorrectly indented the two lines below.
Signed-off-by: Dave Jones <davej@fedoraproject.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Dave Jones <davej@fedoraproject.org>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the DTS data for ocp2scp node by adding the
missing reg property.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Benoit Cousson <bcousson@baylibre.com>
USB3 block has a 64KiB space, another 64KiB is
used for the wrapper.
Without this change, resource_size() will get
confused and driver won't probe because size
will be negative.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Benoit Cousson <bcousson@baylibre.com>
The BeagleBone Black is basically a regular BeagleBone with eMMC and
HDMI added, so create a common dtsi both can use.
IMPORTANT: booting the existing am335x-bone.dts will blow up the HDMI
transceiver after a dozen boots with an uSD card inserted because LDO
will be at 3.3V instead of 1.8.
MMC support for AM335x still isn't in, so only the LDO change has been
added.
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Tested-by: Tom Rini <trini@ti.com>
Tested-by: Matt Porter <matt.porter@linaro.org>
Acked-by: Kevin Hilman <khilman@linaro.org>
Tested-by: Kevin Hilman <khilman@linaro.org>
Tested-by: Joel Fernandes <joelf@ti.com>
Signed-off-by: Benoit Cousson <bcousson@baylibre.com>
The beagle and beagle-xm entries were inside the same double quote.
Split them to have two distinct entries.
Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
Signed-off-by: Benoit Cousson <bcousson@baylibre.com>
boot_cpu_data is used the same as current_cpu_data but returns the CPU
data for CPU 0. This means it doesn't have to use smp_processor_id()
thus no need to disable preemption.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
When we cancel 'async_pf_execute()', we should behave as if the work was
never scheduled in 'kvm_setup_async_pf()'.
Fixes a bug when we can't unload module because the vm wasn't destroyed.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After nested vmentry stale cache can be used to reload L2 PDPTR pointers
which will cause L2 guest to fail. Fix it by invalidating cache on nested
vmentry emulation.
https://bugzilla.kernel.org/show_bug.cgi?id=60830
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Page tables in a read-only memory slot will currently cause a triple
fault because the page walker uses gfn_to_hva and it fails on such a slot.
OVMF uses such a page table; however, real hardware seems to be fine with
that as long as the accessed/dirty bits are set. Save whether the slot
is readonly, and later check it when updating the accessed and dirty bits.
Reviewed-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Opcode CA
This gets used by a DOS based NetWare guest.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Remove skb allocation failure warnings. They will trigger a page
allocation warning already. Also, one of the warnings was not ratelimited,
causing the box to lock up under heavy traffic & low memory.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Acked-by: David Daney <david.daney@cavium.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: devel@driverdev.osuosl.org
Cc: linux-mips@linux-mips.org
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: richard@nod.at
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Patchwork: https://patchwork.linux-mips.org/patch/5811/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
We should count also dropped packets, otherwise the NAPI handler may
end up running too long.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: devel@driverdev.osuosl.org
Cc: linux-mips@linux-mips.org
Cc: David Daney <david.daney@cavium.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: richard@nod.at
Patchwork: https://patchwork.linux-mips.org/patch/5809/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
the wake_up_process func is included by spin_lock/unlock in
vhost_work_queue,
but it could be done outside the spin_lock.
I have test it with kernel 3.0.27 and guest suse11-sp2 using iperf,
the num as below.
original modified
thread_num tp(Gbps) vhost(%) | tp(Gbps) vhost(%)
1 9.59 28.82 | 9.59 27.49
8 9.61 32.92 | 9.62 26.77
64 9.58 46.48 | 9.55 38.99
256 9.6 63.7 | 9.6 52.59
Signed-off-by: Chuanyu Qin <qinchuanyu@huawei.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The patch "0b7a76a ARM: dts: imx6q{dl}: add DTE pads for uart"
adds the DTE pads for uart. For PAD_EIM_D29, the offset of the
Pad Mux register should be 0x0c8, not 0x0c4.
This patch fixes it.
Signed-off-by: Huang Shijie <b32955@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
The L2 cache controller(PL310) version on the i.MX6D/Q is r3p1-50rel0
The L2 cache controller(PL310) version on the i.MX6DL/SOLO/SL is r3p2
But according to ARM PL310 errata: 752271
ID: 752271: Double linefill feature can cause data corruption
Fault Status: Present in: r3p0, r3p1, r3p1-50rel0. Fixed in r3p2
Workaround: The only workaround to this erratum is to disable the
double linefill feature. This is the default behavior.
without this patch, you will meet the following error when run the
memtester application at: http://pyropus.ca/software/memtester/
FAILURE: 0x00100000 != 0x00200000 at offset 0x01365664.
FAILURE: 0x00100000 != 0x00200000 at offset 0x01365668.
FAILURE: 0x00100000 != 0x00200000 at offset 0x0136566c.
FAILURE: 0x00100000 != 0x00200000 at offset 0x01365670.
FAILURE: 0x00100000 != 0x00200000 at offset 0x01365674.
FAILURE: 0x00100000 != 0x00200000 at offset 0x01365678.
Signed-off-by: Jason Liu <r64343@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Commit 718a350 (ARM: i.MX51: Add PATA support) adds pata support to the
imx51.dtsi file and is using clock 161. The problem is that the right
clock is 172, according to commit 5d530bb (ARM: i.MX5: Add PATA and SRTC
clocks). Using the clock 172 makes things work again (and kills a nasty
system freeze).
Tested-by: Steev Klimaszewski <steev@gentoo.org>
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Since commit beb2d1c1ba (ARM i.MX5: Add S/PDIF clocks), the following clock
error appears on mx51:
TrustZone Interrupt Controller (TZIC) initialized
i.MX51 clk 180: register failed with -17
i.MX5 clk 180: register failed with -17
sched_clock: 32 bits at 24MHz, resolution 41ns, wraps every 178956ms
CPU identified as i.MX51, silicon rev 3.0
...
Clock 180 corresponds to 'spdif1_podf' and this clock is getting registered
twice.
Fix it, by properly registering the 'spdif1_pred' clock, which should not
reference 'spdif1_podf'.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
The clk_init_data.flags of clk-fixup-mux is left there without
initialization. It may hold some random data and cause clock framework
interpret the clock in an unexpected way. At least on imx6sl, the
following division by zero error with sched_clock is seen because of it.
Division by zero in kernel.
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.11.0-rc3+ #19
Backtrace:
[<80011af0>] (dump_backtrace+0x0/0x10c) from [<80011c90>] (show_stack+0x18/0x1c)
r6:3b9aca00 r5:00000020 r4:00000000 r3:00000000
[<80011c78>] (show_stack+0x0/0x1c) from [<8055e02c>] (dump_stack+0x78/0x94)
[<8055dfb4>] (dump_stack+0x0/0x94) from [<80011924>] (__div0+0x18/0x20)
r4:00000000 r3:00000000
[<8001190c>] (__div0+0x0/0x20) from [<8026c408>] (Ldiv0_64+0x8/0x18)
[<8006330c>] (clocks_calc_mult_shift+0x0/0xf8) from [<8072f604>] (setup_sched_clock+0x88/0x1f0)
[<8072f57c>] (setup_sched_clock+0x0/0x1f0) from [<8071ad48>] (mxc_timer_init+0xe8/0x17c)
[<8071ac60>] (mxc_timer_init+0x0/0x17c) from [<807290b0>] (imx6sl_clocks_init+0x1db8/0x1dc0)
r8:807a9ca4 r7:00000000 r6:80777564 r5:8100c1f4 r4:c0820000
[<807272f8>] (imx6sl_clocks_init+0x0/0x1dc0) from [<807420ac>] (of_clk_init+0x40/0x6c)
[<8074206c>] (of_clk_init+0x0/0x6c) from [<807290cc>] (imx6sl_timer_init+0x14/0x18)
r5:807a8e80 r4:ffffffff
[<807290b8>] (imx6sl_timer_init+0x0/0x18) from [<80716e1c>] (time_init+0x24/0x34)
[<80716df8>] (time_init+0x0/0x34) from [<80713738>] (start_kernel+0x1b0/0x310)
[<80713588>] (start_kernel+0x0/0x310) from [<80008074>] (0x80008074)
r7:80770b08 r6:80754cd4 r5:8076c8c4 r4:10c53c7d
sched_clock: 32 bits at 0 Hz, resolution 0ns, wraps every 0ms
Fix the bug by initializing init.flags as zero.
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Ben Hutchings says:
====================
Some bug fixes and future-proofing for the recently added SFC9120
support:
1. Minimal support for the 40G configuration.
2. Disable the incomplete PTP/hardware timestamping support.
3. Reset MAC stats properly after a firmware upgrade.
4. Re-check the datapath firmware capabilities after the controller is
reset.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Adapt the same behaviour for SCTP as present in TCP for ICMP redirect
messages. For IPv6, RFC4443, section 2.4. says:
...
(e) An ICMPv6 error message MUST NOT be originated as a result of
receiving the following:
...
(e.2) An ICMPv6 redirect message [IPv6-DISC].
...
Therefore, do not report an error to user space, just invoke dst's redirect
callback and leave, same for IPv4 as done in TCP as well. The implication
w/o having this patch could be that the reception of such packets would
generate a poll notification and in worst case it could even tear down the
whole connection. Therefore, stop updating sk_err on redirects.
Reported-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Suggested-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use USB_DEVICE_AND_INTERFACE_INFO and USB_VENDOR_AND_INTERFACE_INFO
macros to reduce boilerplate.
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Cc: <stable@vger.kernel.org> # 3.0+ as far back as it applies cleanly
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
IFLA_IPTUN_LOCAL and IFLA_IPTUN_REMOTE were inverted.
Introduced by c075b13098 (ip6tnl: advertise tunnel param via rtnl).
Signed-off-by: Ding Zhi <zhi.ding@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is important patch for new devices that support unaligned
addressing. That devices suffer from the backward-compatibility bug in
DMA engine. In theory we should be able to use old mechanism, but in
practice DMA address seems to be randomly copied into status register
when hardware reaches end of a ring. This breaks reading slot number
from status register and we can't use DMA anymore.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Without this patch it is impossible to read et_swtype, because the 1
byte space is needed for the terminating null byte. The max expected
value is 0xF, so now it should be possible to read decimal form ("15")
and hex form ("0xF").
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Some devices (BCM4749, BCM5357, BCM53572) have internal switch that
requires initialization. We already have code for this, but because
of the typo in code it was never working. This resulted in network not
working for some routers and possibility of soft-bricking them.
Use correct bit for switch initialization and fix typo in the define.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Use separate table for alias entries in the ehea module, otherwise the
probe() function will operate on the separate ports instead of the
lhea-"root" entry of the device-tree
Addresses https://bugzilla.novell.com/show_bug.cgi?id=435215
[ Thadeu notes that: "... this issue might happen with the generation of
initrd, when the scripts check for /sys/class/net/eth0/device/modalias,
which links to the port device at
/sys/devices/ibmebus/23c00400.lhea/port0/" ]
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Olaf Hering <ohering@suse.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If O_CREAT|O_EXCL are passed to open, then we know that either
- the file is successfully created, or
- the operation fails in some way.
So previously we set FILE_CREATED before calling ->atomic_open() so the
filesystem doesn't have to. This, however, led to bugs in the
implementation that went unnoticed when the filesystem didn't check for
existence, yet returned success. To prevent this kind of bug, require
filesystems to always explicitly set FILE_CREATED on O_CREAT|O_EXCL and
verify this in the VFS.
Also added a couple more verifications for the result of atomic_open():
- Warn if filesystem set FILE_CREATED despite the lack of O_CREAT.
- Warn if filesystem set FILE_CREATED but gave a negative dentry.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Set FILE_CREATED on O_CREAT|O_EXCL. If the NFS server honored our request
for exclusivity then this must be correct.
Currently this is a no-op, since the VFS sets FILE_CREATED anyway. The
next patch will, however, require this flag to be always set by
filesystems.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
In gfs2_create_inode() set FILE_CREATED in *opened.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
If an error occurs after having called finish_open() then fput() needs to
be called on the already opened file.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Steve French <sfrench@samba.org>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Fix documentation of ->atomic_open() and related functions: finish_open()
and finish_no_open(). Also add details that seem to be unclear and a
source of bugs (some of which are fixed in the following series).
Cc-ing maintainers of all filesystems implementing ->atomic_open().
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Sage Weil <sage@inktank.com>
Cc: Steve French <sfrench@samba.org>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Don't drop ->wq_mutex before calling autofs4_notify_daemon() only to regain it
there. Besides being pointless, that opens a race window where autofs4_wait_release()
could've come and freed wq->name.name. And do the debugging printk in the "reused an
existing wq" case before dropping ->wq_mutex - the same reason...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Ian Kent <raven@themaw.net>
Pull timer code update from Thomas Gleixner:
- armada SoC clocksource overhaul with a trivial merge conflict
- Minor improvements to various SoC clocksource drivers
* 'timers/core' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clocksource: armada-370-xp: Add detailed clock requirements in devicetree binding
clocksource: armada-370-xp: Get reference fixed-clock by name
clocksource: armada-370-xp: Replace WARN_ON with BUG_ON
clocksource: armada-370-xp: Fix device-tree binding
clocksource: armada-370-xp: Introduce new compatibles
clocksource: armada-370-xp: Use CLOCKSOURCE_OF_DECLARE
clocksource: armada-370-xp: Simplify TIMER_CTRL register access
clocksource: armada-370-xp: Use BIT()
ARM: timer-sp: Set dynamic irq affinity
ARM: nomadik: add dynamic irq flag to the timer
clocksource: sh_cmt: 32-bit control register support
clocksource: em_sti: Convert to devm_* managed helpers