Commit Graph

481490 Commits

Author SHA1 Message Date
Nadav Amit 7e46dddd6f KVM: x86: Fix far-jump to non-canonical check
Commit d1442d85cc ("KVM: x86: Handle errors when RIP is set during far
jumps") introduced a bug that caused the fix to be incomplete.  Due to
incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit
segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may
not trigger #GP.  As we know, this imposes a security problem.

In addition, the condition for two warnings was incorrect.

Fixes: d1442d85cc
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
[Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-02 07:54:55 +01:00
Dave Airlie 10a8fce846 Merge branch 'vmwgfx-fixes-3.18' of git://people.freedesktop.org/~thomash/linux
A critical 3.18 regression fix from Rob, (thanks!)
A fix to avoid advertizing modes we can't support from Sinclair
  (welcome Sinclair!)
and a fix for an incorrect  hash key computation from me that is
  completely harmless, but can wait 'til the next merge window if necessary.
  (I can't really bother stable with this one).

* 'vmwgfx-fixes-3.18' of git://people.freedesktop.org/~thomash/linux:
  drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size.
  drm/vmwgfx: Fix hash key computation
  drm/vmwgfx: fix lock breakage
2014-11-02 09:23:31 +10:00
Linus Torvalds 12d7aacab5 Staging fixes for 3.18-rc3
Here are some staging driver fixes for 3.18-rc3.  Mostly iio and comedi
 driver fixes for issues reported by people.
 
 All of these have been in linux-next for a while with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlRVPt0ACgkQMUfUDdst+yndhACgyuy8zg68a3VBujGyJN1iVigF
 wmEAoIqv0NfNrJ6tOKGGQlB40ZEEyjF3
 =h/D5
 -----END PGP SIGNATURE-----

Merge tag 'staging-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging fixes from Greg KH:
 "Here are some staging driver fixes for 3.18-rc3.  Mostly iio and
  comedi driver fixes for issues reported by people.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: comedi: fix memory leak / bad pointer freeing for chanlist
  staging: comedi: Kconfig: fix config COMEDI_ADDI_APCI_3120 dependants
  staging: comedi: widen subdevice number argument in ioctl handlers
  staging: rtl8723au: Fix alignment of mac_addr for ether_addr_copy() usage
  drivers/staging/comedi/Kconfig: Let COMEDI_II_PCI20KC depend on HAS_IOMEM
  staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl
  iio: adc: mxs-lradc: Disable the clock on probe failure
  iio: st_sensors: Fix buffer copy
  staging:iio:ad5933: Drop "raw" from channel names
  staging:iio:ad5933: Fix NULL pointer deref when enabling buffer
2014-11-01 15:11:27 -07:00
Linus Torvalds 528a506e4b USB fixes for 3.18-rc3
Here are a bunch of USB fixes for 3.18-rc3.
 
 Mostly usb-serial device ids and gadget fixes for issues that have been
 reported.  Full details are in the shortlog.
 
 All of these have been in linux-next for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlRVP34ACgkQMUfUDdst+ykxrwCbB2HvQU+YKThwHs2g6Gf+MElI
 Rk8An2ftMJlvvB4rcqwUYqbMZGV02zxV
 =0SHY
 -----END PGP SIGNATURE-----

Merge tag 'usb-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are a bunch of USB fixes for 3.18-rc3.

  Mostly usb-serial device ids and gadget fixes for issues that have
  been reported.  Full details are in the shortlog.

  All of these have been in linux-next for a while"

* tag 'usb-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits)
  usb: chipidea: Fix oops when removing the ci_hdrc module
  usb: gadget: function: Fixed the return value on error path
  usb: dwc2: gadget: disable phy before turning off power regulators
  usb: gadget: function: Remove redundant usb_free_all_descriptors
  usb: dwc3: gadget: Properly initialize LINK TRB
  usb: dwc2: gadget: fix gadget unregistration in udc_stop() function
  usb: dwc2: Bits in bitfield should add up to 32
  usb: dwc2: gadget: sparse warning of context imbalance
  usb: gadget: udc: core: fix kernel oops with soft-connect
  usb: musb: musb_dsps: fix NULL pointer in suspend
  usb: musb: dsps: start OTG timer on resume again
  usb: gadget: loopback: don't queue requests to bogus endpoints
  usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set
  usb: gadget: f_fs: remove redundant ffs_data_get()
  usb: gadget: udc: USB_GADGET_XILINX should depend on HAS_DMA
  Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete"
  usb: gadget: composite: enable BESL support
  usb: musb: cppi41: restart hrtimer only if not yet done
  usb: dwc3: ep0: fix Data Phase for transfer sizes aligned to wMaxPacketSize
  usb: serial: ftdi_sio: add "bricked" FTDI device PID
  ...
2014-11-01 15:08:04 -07:00
Linus Torvalds 4f4274af70 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
 "Filipe is nailing down some problems with our skinny extent variation,
  and Dave's patch fixes endian problems in the new super block checks"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  Btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items
  Btrfs: properly clean up btrfs_end_io_wq_cache
  Btrfs: fix invalid leaf slot access in btrfs_lookup_extent()
  btrfs: use macro accessors in superblock validation checks
2014-11-01 10:41:26 -07:00
Linus Torvalds 9f935675d4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
 "A bunch of fixes for minor defects reported by Coverity, a few driver
  fixups and revert of i8042.nomux change so that we are once again
  enable active MUX mode if box claims to support it"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Revert "Input: i8042 - disable active multiplexing by default"
  Input: altera_ps2 - use correct type for irq return value
  Input: altera_ps2 - write to correct register when disabling interrupts
  Input: max77693-haptic - fix potential overflow
  Input: psmouse - remove unneeded check in psmouse_reconnect()
  Input: vsxxxaa - fix code dropping bytes from queue
  Input: ims-pcu - fix dead code in ims_pcu_ofn_reg_addr_store()
  Input: opencores-kbd - fix error handling
  Input: wm97xx - adapt parameters to tosa touchscreen.
  Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544
  Input: stmpe-keypad - fix valid key line bitmask
  Input: soc_button_array - update calls to gpiod_get*()
2014-10-31 19:51:11 -07:00
Linus Torvalds ab01f963de ACPI and power management fixes for 3.18-rc3
- Fix a crash on r8a7791/koelsch during resume from system suspend
    caused by a recent cpufreq-dt commit (Geert Uytterhoeven).
 
  - Fix an MFD enumeration problem introduced by a recent commit
    adding ACPI support to the MFD subsystem that exposed a weakness
    in the ACPI core causing ACPI enumeration to be applied to all
    devices associated with one ACPI companion object, although it
    should be used for one of them only (Mika Westerberg).
 
  - Fix an ACPI EC regression introduced during the 3.17 cycle
    causing some Samsung laptops to misbehave as a result of a
    workaround targeted at some Acer machines.  That includes
    a revert of a commit that went too far and a quirk for the
    Acer machines in question.  From Lv Zheng.
 
  - Fix a regression in the system suspend error code path introduced
    during the 3.15 cycle that causes it to fail to take errors from
    asychronous execution of "late" suspend callbacks into account
    (Imre Deak).
 
  - Fix a long-standing bug in the hibernation resume error code path
    that fails to roll back everything correcty on "freeze" callback
    errors and leaves some devices in a "suspended" state causing more
    breakage to happen subsequently (Imre Deak).
 
  - Make the cpufreq-dt driver disable operation performance points
    that are not supported by the VR connected to the CPU voltage
    plane with acceptable tolerance instead of constantly failing
    voltage scaling later on (Lucas Stach).
 
 /
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCAAGBQJUVAuPAAoJEILEb/54YlRxGfQP/0nFfTqyuDN8cPA2qRIzDIoi
 8PTOzlhrRuzUlpMkYdsDijxwFcK2/59LomwtuAKHi7309N6UzUa8vAkb8WrzpY7m
 XUU+fhsLEkDnEczMfgmbP5ljtP75eJSSWRO0WIBuk4k79qcsutLNtgGpJV7feYSv
 +t7OE9DrBPM8lSpBKM/4qs5gnXzdaWmi4xGH7upQWyxAC6RG9GosKdDUZxVxSJQt
 oy/y0O4oxwyjg+8EvPwd22JtoFJ6axoEwCJXXlkn7NbIQNGtxrMR9zcMglsuOklg
 bG93g1xJl4YCwLXV8sKfPU2kQkQ1ISY3rYIkwIjvBNIY4QFsQpCg3GYt08OJI0bO
 4wDD7kH8C51aD9Zfi9luCdE4MsMyGB7SeNvQJul5uMujuG9ZeI61a8d7P6fmXu5X
 lk+GeNl/rMujaESwqQlNgm3DvSYfc5FFEDC6F4Wcu4koomSlJwj//lMlOg2ajIgz
 p5En6FeC8yGTuobGqo2dT7yYjmxm+kdX+gTStsto+hkxWA7beNjI1iXXWwPrQa/F
 7pzneSrdbTZVdzZ1F9eR9AcGljhRMLBxs2XembXgkviCv+IVjw4qHWWKveDQKkhG
 CVtcd3jrFSRHeAaqVNnbsoMu2nOLRY2W+f2+FNEfYKc+13aDJYm7pyAOIjujY7ns
 Q1jSP7ZZQBVlxP5j5W5x
 =g4QU
 -----END PGP SIGNATURE-----

Merge tag 'pm+acpi-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI and power management fixes from Rafael Wysocki:
 "These are fixes received after my previous pull request plus one that
  has been in the works for quite a while, but its previous version
  caused problems to happen, so it's been deferred till now.

  Fixed are two recent regressions (MFD enumeration and cpufreq-dt),
  ACPI EC regression introduced in 3.17, system suspend error code path
  regression introduced in 3.15, an older bug related to recovery from
  failing resume from hibernation and a cpufreq-dt driver issue related
  to operation performance points.

  Specifics:

   - Fix a crash on r8a7791/koelsch during resume from system suspend
     caused by a recent cpufreq-dt commit (Geert Uytterhoeven).

   - Fix an MFD enumeration problem introduced by a recent commit adding
     ACPI support to the MFD subsystem that exposed a weakness in the
     ACPI core causing ACPI enumeration to be applied to all devices
     associated with one ACPI companion object, although it should be
     used for one of them only (Mika Westerberg).

   - Fix an ACPI EC regression introduced during the 3.17 cycle causing
     some Samsung laptops to misbehave as a result of a workaround
     targeted at some Acer machines.  That includes a revert of a commit
     that went too far and a quirk for the Acer machines in question.
     From Lv Zheng.

   - Fix a regression in the system suspend error code path introduced
     during the 3.15 cycle that causes it to fail to take errors from
     asychronous execution of "late" suspend callbacks into account
     (Imre Deak).

   - Fix a long-standing bug in the hibernation resume error code path
     that fails to roll back everything correcty on "freeze" callback
     errors and leaves some devices in a "suspended" state causing more
     breakage to happen subsequently (Imre Deak).

   - Make the cpufreq-dt driver disable operation performance points
     that are not supported by the VR connected to the CPU voltage plane
     with acceptable tolerance instead of constantly failing voltage
     scaling later on (Lucas Stach)"

* tag 'pm+acpi-3.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / EC: Fix regression due to conflicting firmware behavior between Samsung and Acer.
  Revert "ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC"
  cpufreq: cpufreq-dt: Restore default cpumask_setall(policy->cpus)
  PM / Sleep: fix recovery during resuming from hibernation
  PM / Sleep: fix async suspend_late/freeze_late error handling
  ACPI: Use ACPI companion to match only the first physical device
  cpufreq: cpufreq-dt: disable unsupported OPPs
2014-10-31 19:08:25 -07:00
Linus Torvalds 08da742ef9 PCI updates for v3.18:
Sysfs
     - Fix "enable" filename change (Greg Kroah-Hartman)
 
   PCI device hotplug
     - Revert duplicate merge (Kamal Mostafa)
 
   Freescale i.MX6
     - Wait for clocks to stabilize after ref_en (Richard Zhu)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUU7kyAAoJEFmIoMA60/r8Y4gQALZtzaD6UCsFT9Ga+RufrXtA
 B5i7gIhgyJWea0uLTATKVljrBH8mO1Cr7AC8Z0MWZ24zC+ot73HF9h6RT3Jl3gSH
 ddWBVntF2+qyzP19vcLQzquA8njdXLHefYX66SvtR0/KmEG1H66r3TOUrTgR8VQg
 2hzFSW2eWlA8Hf5TTt8JrqHA00z9PKBjD+YvWbd75e9kJDKOkN6yn0ljfFgDqkRZ
 CKOa6BRFuX83ZYJipBvQmVQFXpgUzE82VyCd1wy18/R0dUNtChZDOqi01SfHP9mq
 NNBHuNZ+zrdgmeB3mhgPZSYSuo27T4Hu+XoKWOrjGrooKC4mmqLvOyj3l1rgsAr7
 nURTZ93ecVkSUj7IsrhxSiJOD71YD4Fx7MXfzTN6Yb1+K7z821+UIBWLhE362Thq
 8Q+LJAqc6g+Cnh/PkM1iL/KCHUgLWbLO6n/PZNU3Nju2dW10U4dVCmv5QiJy76JM
 prDXqwHls/cvKIJ7I2nT60UGeFcYEs9t88J/DE8SumxMK54Dk+VVKvbESzHdetUo
 LyLriwBtlzl50IE71DFQLLz1haiasBDuDljlq2FmwN5E20MmkoTl46fhtgpQMyKm
 jYsITlScwT/3GEhtnmAGpfUjFihCGJ6zZM1la42NmcVgE85fmCAqneJrHMY8t6mT
 r97g/GsGk4u9DmfMMpKh
 =Uj0Z
 -----END PGP SIGNATURE-----

Merge tag 'pci-v3.18-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "These changes, intended for v3.18, fix:

  Sysfs
    - Fix "enable" filename change (Greg Kroah-Hartman)

      An unintentional sysfs filename change in commit 5136b2da77
      ("PCI: convert bus code to use dev_groups"), which appeared in
      v3.13, changed "enable" to "enabled", and this changes it back.

      Old users of "enable" are currently broken and will be helped by
      this change.  Anything that started to use "enabled" after v3.13
      will be broken by this change.  If necessary, we can add a symlink
      to make both work, but this patch doesn't do that.

  PCI device hotplug
    - Revert duplicate merge (Kamal Mostafa)

      A mistaken duplicate merge that added a check twice.  Nothing's
      broken; this just removes the unnecessary code.

  Freescale i.MX6
    - Wait for clocks to stabilize after ref_en (Richard Zhu)

      An i.MX6 clock problem that prevents mx6 nitrogen boards from booting"

* tag 'pci-v3.18-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: Rename sysfs 'enabled' file back to 'enable'
  PCI: imx6: Wait for clocks to stabilize after ref_en
  Revert duplicate "PCI: pciehp: Prevent NULL dereference during probe"
2014-10-31 18:48:29 -07:00
Andy Lutomirski 653bc77af6 x86_64, entry: Fix out of bounds read on sysenter
Rusty noticed a Really Bad Bug (tm) in my NT fix.  The entry code
reads out of bounds, causing the NT fix to be unreliable.  But, and
this is much, much worse, if your stack is somehow just below the
top of the direct map (or a hole), you read out of bounds and crash.

Excerpt from the crash:

[    1.129513] RSP: 0018:ffff88001da4bf88  EFLAGS: 00010296

  2b:*    f7 84 24 90 00 00 00     testl  $0x4000,0x90(%rsp)

That read is deterministically above the top of the stack.  I
thought I even single-stepped through this code when I wrote it to
check the offset, but I clearly screwed it up.

Fixes: 8c7aa698ba ("x86_64, entry: Filter RFLAGS.NT on entry from userspace")
Reported-by: Rusty Russell <rusty@ozlabs.org>
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-10-31 18:47:09 -07:00
Linus Torvalds 32e8fd2f8e A set of miscellaneous ext4 bug fixes for 3.18.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJUVAF/AAoJENNvdpvBGATwEbAQALNiAIChEyJTnQDkAQc2wqqn
 dv8NQmFr5aefc63A/+n/yJJGrQZtKs0ceh29ty5ksYLFXzUdc2ctFg6vBmllQfbz
 PQawAk2gOkF8zfVuqiQU7X+wTBpGmGXTa8HY+WJTtk0pBfhl+p0PDCYsWXMwZJ1D
 tAZpxJ4AmPc7A4hApWOvce6r7Xg24vZk/8UA93Tif9AkeY6VoN272Hx5b/UGmBHY
 RCEgpowuiIY38bghtLh5+T0J98/EQNof46cEHgGI9nIDZeXRzgvDojE5bLI0/IS/
 K07MjYlm/WFWsLFkgNJkTiqEXgnji9BNYRF1xxUjMMBAR4+fnFLw9kXXgcETrPCx
 U7lHOhs8M2FK40cWhUDz/tukvL4S4lQwPEeqBPlRE8J5/twRyXHeZDp4F7LOobwq
 mk6AajSJlP+05XwXOuCx7Hcf9uxjw/IpqhBS5IZxy8Nn3T2guPlY9wMhYU1RYFws
 54FeE76SJ8EDgjVK/txj7rgh11GggWsjsdXvftSElM2DsKsqYEOKAvDzvwmbm7eV
 dsFOlRB6B/X4UpiAC2MiPJynYg9TJ7LkVBzDZeZ/fbm7JhTqChSJDzapqdrmNPIY
 SQqwLmFXnHqaw6HNitZ5Bs+fD6nfvKqy85NeImxE3lhLWDuiTt77Y3o80IW30TgN
 5bnuXq8Rkukrxs/VDvPq
 =kI6P
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 bugfixes from Ted Ts'o:
 "A set of miscellaneous ext4 bug fixes for 3.18"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: make ext4_ext_convert_to_initialized() return proper number of blocks
  ext4: bail early when clearing inode journal flag fails
  ext4: bail out from make_indexed_dir() on first error
  jbd2: use a better hash function for the revoke table
  ext4: prevent bugon on race between write/fcntl
  ext4: remove extent status procfs files if journal load fails
  ext4: disallow changing journal_csum option during remount
  ext4: enable journal checksum when metadata checksum feature enabled
  ext4: fix oops when loading block bitmap failed
  ext4: fix overflow when updating superblock backups after resize
2014-10-31 16:22:29 -07:00
Linus Torvalds e2488ab6ab Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull quota and ext3 fixes from Jan Kara.

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fs, jbd: use a more generic hash function
  quota: Properly return errors from dquot_writeback_dquots()
  ext3: Don't check quota format when there are no quota files
2014-10-31 16:18:47 -07:00
Linus Torvalds 89453379aa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "A bit has accumulated, but it's been a week or so since my last batch
  of post-merge-window fixes, so...

   1) Missing module license in netfilter reject module, from Pablo.
      Lots of people ran into this.

   2) Off by one in mac80211 baserate calculation, from Karl Beldan.

   3) Fix incorrect return value from ax88179_178a driver's set_mac_addr
      op, which broke use of it with bonding.  From Ian Morgan.

   4) Checking of skb_gso_segment()'s return value was not all
      encompassing, it can return an SKB pointer, a pointer error, or
      NULL.  Fix from Florian Westphal.

      This is crummy, and longer term will be fixed to just return error
      pointers or a real SKB.

   6) Encapsulation offloads not being handled by
      skb_gso_transport_seglen().  From Florian Westphal.

   7) Fix deadlock in TIPC stack, from Ying Xue.

   8) Fix performance regression from using rhashtable for netlink
      sockets.  The problem was the synchronize_net() invoked for every
      socket destroy.  From Thomas Graf.

   9) Fix bug in eBPF verifier, and remove the strong dependency of BPF
      on NET.  From Alexei Starovoitov.

  10) In qdisc_create(), use the correct interface to allocate
      ->cpu_bstats, otherwise the u64_stats_sync member isn't
      initialized properly.  From Sabrina Dubroca.

  11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter.

  12) nf_tables_newchain() was erroneously expecting error pointers from
      netdev_alloc_pcpu_stats().  It only returna a valid pointer or
      NULL.  From Sabrina Dubroca.

  13) Fix use-after-free in _decode_session6(), from Li RongQing.

  14) When we set the TX flow hash on a socket, we mistakenly do so
      before we've nailed down the final source port.  Move the setting
      deeper to fix this.  From Sathya Perla.

  15) NAPI budget accounting in amd-xgbe driver was counting descriptors
      instead of full packets, fix from Thomas Lendacky.

  16) Fix total_data_buflen calculation in hyperv driver, from Haiyang
      Zhang.

  17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke
      Mehrtens.

  18) Fix mis-use of per-cpu memory in TCP md5 code.  The problem is
      that something that ends up being vmalloc memory can't be passed
      to the crypto hash routines via scatter-gather lists.  From Eric
      Dumazet.

  19) Fix regression in promiscuous mode enabling in cdc-ether, from
      Olivier Blin.

  20) Bucket eviction and frag entry killing can race with eachother,
      causing an unlink of the object from the wrong list.  Fix from
      Nikolay Aleksandrov.

  21) Missing initialization of spinlock in cxgb4 driver, from Anish
      Bhatt.

  22) Do not cache ipv4 routing failures, otherwise if the sysctl for
      forwarding is subsequently enabled this won't be seen.  From
      Nicolas Cavallari"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits)
  drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
  drivers: net: cpsw: Fix broken loop condition in switch mode
  net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0
  stmmac: pci: set default of the filter bins
  net: smc91x: Fix gpios for device tree based booting
  mpls: Allow mpls_gso to be built as module
  mpls: Fix mpls_gso handler.
  r8152: stop submitting intr for -EPROTO
  netfilter: nft_reject_bridge: restrict reject to prerouting and input
  netfilter: nft_reject_bridge: don't use IP stack to reject traffic
  netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
  netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
  netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
  drivers/net: macvtap and tun depend on INET
  drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
  drivers/net: Disable UFO through virtio
  net: skb_fclone_busy() needs to detect orphaned skb
  gre: Use inner mac length when computing tunnel length
  mlx4: Avoid leaking steering rules on flow creation error flow
  net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN
  ...
2014-10-31 15:04:58 -07:00
Linus Torvalds 53429290a0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull sparc update from David Miller:
 "Two changes:

  1) It makes no sense to execute a VTOC partition table request in the
     Sun virtual block device driver and fail to load if it doesn't
     succeed because a) we don't use the result at all and b) it won't
     succeed if there is an EFI partition on the disk, for example.

     We read the partition table via the normal means in the block layer
     anyways, so this is really completely useless, so just remove it.

     From Dwight Engen.

  2) Hook up new bpf system call"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sunvdc: don't call VD_OP_GET_VTOC
  sparc: Hook up bpf system call.
2014-10-31 15:00:48 -07:00
Miklos Szeredi 9f2f7d4c8d ovl: initialize ->is_cursor
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-10-31 17:47:51 -04:00
Linus Torvalds 9f58c62fcc Microblaze patches for 3.18-rc3
- Wire-up new syscall
 - Fix PCI bug
 - Fix Kconfig warning
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iEYEABECAAYFAlRTi7YACgkQykllyylKDCGGIACgkMfyXR9QE6SDC09L7k2NoPTw
 qxMAn1/mKUPWGSCIK6NklOXgAEiILscA
 =Gtqs
 -----END PGP SIGNATURE-----

Merge tag 'microblaze-3.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze

Pull Microblaze updates from Michal Simek:
 - wire-up new bpf syscall
 - fix PCI bug
 - fix Kconfig warning

* tag 'microblaze-3.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Wire up bpf syscall
  microblaze: Fix IO space breakage after of_pci_range_to_resource() change
  microblaze: Fix missing NR_CPUS in menuconfig
2014-10-31 14:43:42 -07:00
Linus Torvalds 19e0d5f16a Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Fixes from all around the place:

   - hyper-V 32-bit PAE guest kernel fix
   - two IRQ allocation fixes on certain x86 boards
   - intel-mid boot crash fix
   - intel-quark quirk
   - /proc/interrupts duplicate irq chip name fix
   - cma boot crash fix
   - syscall audit fix
   - boot crash fix with certain TSC configurations (seen on Qemu)
   - smpboot.c build warning fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
  ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi()
  x86, intel-mid: Create IRQs for APB timers and RTC timers
  x86: Don't enable F00F workaround on Intel Quark processors
  x86/irq: Fix XT-PIC-XT-PIC in /proc/interrupts
  x86, cma: Reserve DMA contiguous area after initmem_init()
  i386/audit: stop scribbling on the stack frame
  x86, apic: Handle a bad TSC more gracefully
  x86: ACPI: Do not translate GSI number if IOAPIC is disabled
  x86/smpboot: Move data structure to its primary usage scope
2014-10-31 14:30:16 -07:00
Rafael J. Wysocki 7d627280b3 Merge branches 'pm-cpufreq' and 'pm-sleep'
* pm-cpufreq:
  cpufreq: cpufreq-dt: Restore default cpumask_setall(policy->cpus)
  cpufreq: cpufreq-dt: disable unsupported OPPs

* pm-sleep:
  PM / Sleep: fix recovery during resuming from hibernation
  PM / Sleep: fix async suspend_late/freeze_late error handling
2014-10-31 22:25:07 +01:00
Rafael J. Wysocki 76dfdc2c6e Merge branches 'acpi-scan' and 'acpi-ec'
* acpi-scan:
  ACPI: Use ACPI companion to match only the first physical device

* acpi-ec:
  ACPI / EC: Fix regression due to conflicting firmware behavior between Samsung and Acer.
  Revert "ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC"
2014-10-31 22:24:44 +01:00
Linus Torvalds f5fa363026 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Various scheduler fixes all over the place: three SCHED_DL fixes,
  three sched/numa fixes, two generic race fixes and a comment fix"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/dl: Fix preemption checks
  sched: Update comments for CLONE_NEWNS
  sched: stop the unbound recursion in preempt_schedule_context()
  sched/fair: Fix division by zero sysctl_numa_balancing_scan_size
  sched/fair: Care divide error in update_task_scan_period()
  sched/numa: Fix unsafe get_task_struct() in task_numa_assign()
  sched/deadline: Fix races between rt_mutex_setprio() and dl_task_timer()
  sched/deadline: Don't replenish from a !SCHED_DEADLINE entity
  sched: Fix race between task_group and sched_task_group
2014-10-31 14:05:35 -07:00
Linus Torvalds 5656b408ff Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Mostly tooling fixes, plus on the kernel side:

   - a revert for a newly introduced PMU driver which isn't complete yet
     and where we ran out of time with fixes (to be tried again in
     v3.19) - this makes up for a large chunk of the diffstat.

   - compilation warning fixes

   - a printk message fix

   - event_idx usage fixes/cleanups"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf probe: Trivial typo fix for --demangle
  perf tools: Fix report -F dso_from for data without branch info
  perf tools: Fix report -F dso_to for data without branch info
  perf tools: Fix report -F symbol_from for data without branch info
  perf tools: Fix report -F symbol_to for data without branch info
  perf tools: Fix report -F mispredict for data without branch info
  perf tools: Fix report -F in_tx for data without branch info
  perf tools: Fix report -F abort for data without branch info
  perf tools: Make CPUINFO_PROC an array to support different kernel versions
  perf callchain: Use global caching provided by libunwind
  perf/x86/intel: Revert incomplete and undocumented Broadwell client support
  perf/x86: Fix compile warnings for intel_uncore
  perf: Fix typos in sample code in the perf_event.h header
  perf: Fix and clean up initialization of pmu::event_idx
  perf: Fix bogus kernel printk
  perf diff: Add missing hists__init() call at tool start
2014-10-31 14:01:47 -07:00
Linus Torvalds c958f9200f Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull futex fixes from Ingo Molnar:
 "This contains two futex fixes: one fixes a race condition, the other
  clarifies shared/private futex comments"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  futex: Fix a race condition between REQUEUE_PI and task death
  futex: Mention key referencing differences between shared and private futexes
2014-10-31 13:57:45 -07:00
David S. Miller 99a49ce613 Merge tag 'master-2014-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:

====================
pull request: wireless 2014-10-31

Please pull this small batch of spooky fixes intended for the 3.18
stream...boo!

Cyril Brulebois adds an rt2x00 device ID.

Dan Carpenter provides a one-line masking fix for an ath9k debugfs
entry.

Larry Finger gives us a package of small rtlwifi fixes which add some
bits that were left out of some feature updates that were included
in the merge window.  Hopefully this isn't a sign that the rtlwifi
base is getting too big...

Marc Yang brings a fix for a temporary mwifiex stall when doing 11n
RX reordering.

Please let me know if there are problems!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 16:18:35 -04:00
Lennart Sorensen 1e5c4bc497 drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
The cpsw driver did not support the IFF_ALLMULTI flag which makes dynamic
multicast routing not work.  Related to this, when enabling IFF_PROMISC
in switch mode, all registered multicast addresses are flushed, resulting
in only broadcast and unicast traffic being received.

A new cpsw_ale_set_allmulti function now scans through the ALE entry
table and adds/removes the host port from the unregistered multicast
port mask of each vlan entry depending on the state of IFF_ALLMULTI.
In promiscious mode, cpsw_ale_set_allmulti is used to force reception
of all multicast traffic in addition to the unicast and broadcast traffic.

With this change dynamic multicast and promiscious mode both work in
switch mode.

Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 16:17:56 -04:00
Lennart Sorensen 6f979eb3fc drivers: net: cpsw: Fix broken loop condition in switch mode
0d961b3b52 (drivers: net: cpsw: fix buggy
loop condition) accidentally fixed a loop comparison in too many places
while fixing a real bug.

It was correct to fix the dual_emac mode section since there 'i' is used
as an index into priv->slaves which is a 0 based array.

However the other two changes (which are only used in switch mode)
are wrong since there 'i' is actually the ALE port number, and port 0
is the host port, while port 1 and up are the slave ports.

Putting the loop condition back in the switch mode section fixes it.

A comment has been added to point out the intent clearly to avoid future
confusion.  Also a comment is fixed that said the opposite of what was
actually happening.

Signed-off-by: Len Sorensen <lsorense@csclub.uwaterloo.ca>
Acked-by: Heiko Schocher <hs@denx.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 16:17:56 -04:00
Guenter Roeck e0fb6fb6d5 net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0
If a driver supports reading EEPROM but no EEPROM is installed in the system,
the driver's get_eeprom_len function returns 0. ethtool will subsequently
try to read that zero-length EEPROM anyway. If the driver does not support
EEPROM access at all, this operation will return -EOPNOTSUPP. If the driver
does support EEPROM access but no EEPROM is installed, the operation will
return -EINVAL. Return -EOPNOTSUPP in both cases for consistency.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 16:12:34 -04:00
Andy Shevchenko 1e19e084ea stmmac: pci: set default of the filter bins
The commit 3b57de958e brought the support for a different amount of the
filter bins, but didn't update the PCI driver accordingly. This patch appends
the default values when the device is enumerated via PCI bus.

Fixes: 3b57de958e (net: stmmac: Support devicetree configs for mcast and ucast filter entries)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 16:09:57 -04:00
Tony Lindgren 7d2911c438 net: smc91x: Fix gpios for device tree based booting
With legacy booting, the platform init code was taking care of
the configuring of GPIOs. With device tree based booting, things
may or may not work depending what bootloader has configured or
if the legacy platform code gets called.

Let's add support for the pwrdn and reset GPIOs to the smc91x
driver to fix the issues of smc91x not working properly when
booted in device tree mode.

And let's change n900 to use these settings as some versions
of the bootloader do not configure things properly causing
errors.

Reported-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 15:54:18 -04:00
Dwight Engen 85b0c6e62c sunvdc: don't call VD_OP_GET_VTOC
The VD_OP_GET_VTOC operation will succeed only if the vdisk backend has a
VTOC label, otherwise it will fail. In particular, it will return error
48 (ENOTSUP) if the disk has an EFI label. VTOC disk labels are already
handled by directly reading the disk in block/partitions/sun.c (enabled by
CONFIG_SUN_PARTITION which defaults to y on SPARC). Since port->label is
unused in the driver, remove the call and the field.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 15:49:45 -04:00
Pravin B Shelar de05c400f7 mpls: Allow mpls_gso to be built as module
Kconfig already allows mpls to be built as module. Following patch
fixes Makefile to do same.

CC: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 15:47:21 -04:00
Pravin B Shelar f7065f4bd3 mpls: Fix mpls_gso handler.
mpls gso handler needs to pull skb after segmenting skb.

CC: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Acked-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 15:47:21 -04:00
Linus Torvalds aea4869f68 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core fixes from Ingo Molnar:
 "The tree contains two RCU fixes and a compiler quirk comment fix"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  rcu: Make rcu_barrier() understand about missing rcuo kthreads
  compiler/gcc4+: Remove inaccurate comment about 'asm goto' miscompiles
  rcu: More on deadlock between CPU hotplug and expedited grace periods
2014-10-31 12:43:52 -07:00
Linus Torvalds 0f4b06766b Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
 "As you requested in the rc2 release mail the timer department serves
  you a few real bug fixes:

   - Fix the probe logic of the architected arm/arm64 timer
   - Plug a stack info leak in posix-timers
   - Prevent a shift out of bounds issue in the clockevents core"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  ARM/ARM64: arch-timer: fix arch_timer_probed logic
  clockevents: Prevent shift out of bounds
  posix-timers: Fix stack info leak in timer_create()
2014-10-31 12:33:05 -07:00
Linus Torvalds bcdfdaee5a ARM has system calls outside the NR_syscalls range, and the generic
tracing system does not support that and without checks, it can cause
 an oops to be reported.
 
 Rabin Vincent added checks in the return code on syscall events to make
 sure that the system call number is within the range that tracing
 knows about, and if not, simply ignores the system call.
 
 The system call tracing infrastructure needs to be rewritten to handle these
 cases better, but for now, to keep from oopsing, this patch will do.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJUUt+4AAoJEEjnJuOKh9ld3HgH/0RL7neY1tp05+v0GRvABmGr
 6T47GEmZi9NiQOWjFC4SxNHLQSjpQX7eLD2CC6bljDfFpgKiIqarWHegEBUoBF9K
 Dlg2jPpCwwwKbTXlAKTmv9QTGzvBEYyVZxhSC7mEbziV4Rbt7CVZJlogVdeYP5y0
 4mWyHJg11Dt9SiZJCIv8sIrx2Xka2eX+Aq30dwYd9JGco3vVCH8NZ09ZgYBHaxIm
 YrL6yUVnHP3nqKiEL4qCMUqUzexzdwUhrGPddLANaSRTWT+EAGYPD113bA76jAKc
 cd3eaFwFkmCA0yfmjjBSb23FsPvKHc7j6BtZA6Q3uKPZUVlX+DyVNisUfEnaLQs=
 =9NTR
 -----END PGP SIGNATURE-----

Merge tag 'trace-fixes-v3.18-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
 "ARM has system calls outside the NR_syscalls range, and the generic
  tracing system does not support that and without checks, it can cause
  an oops to be reported.

  Rabin Vincent added checks in the return code on syscall events to
  make sure that the system call number is within the range that tracing
  knows about, and if not, simply ignores the system call.

  The system call tracing infrastructure needs to be rewritten to handle
  these cases better, but for now, to keep from oopsing, this patch will
  do"

* tag 'trace-fixes-v3.18-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing/syscalls: Ignore numbers outside NR_syscalls' range
2014-10-31 12:28:38 -07:00
Linus Torvalds 4f080f05e6 Merge tag 'docs-for-linus' of git://git.lwn.net/linux-2.6
Pull documentation fixes from Jonathan Corbet:
 "So this is my first pull request since I rashly agreed to look after
  the documentation subtree.  It contains some typo fixes, a few minor
  documentation improvements, and, most importantly, fixes for a couple
  of build problems in various bits of sample code.

  I fully intend to start sending pull requests with signed tags.
  However, due to poor planning on my part and the general obnoxiousness
  of life, I'm 2000 miles away from my private key which is sitting on a
  powered-down machine.  This should be fixed before my next request.

  Meanwhile git.lwn.net is a machine under my control, the patches are
  all trivial, and all have done time in linux-next"

* tag 'docs-for-linus' of git://git.lwn.net/linux-2.6:
  Documentation/SubmittingPatches: Reported-by tags and permission
  Documentation: remove outdated references to the linux-next wiki
  Documentation: Restrict TSC test code to x86
  doc: kernel-parameters.txt: Add ide-generic.probe-mask
  vdso: don't require 64-bit math in standalone test
  Documentation: Add CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF case
  Documentation: Add default kmemleak off case in kernel-parameters.txt
  Docs: Document that the sticky bit is understood by hugetlbfs
  DocBook: Reduce noise from make cleandocs
  Documentation: fix vdso_standalone_test_x86 on 32-bit
  Documentation: dt-bindings: Explain order in patch series
  Documentation/ABI/testing/sysfs-ibft: fix a typo
2014-10-31 11:55:40 -07:00
hayeswang d59c876dd6 r8152: stop submitting intr for -EPROTO
For Renesas USB 3.0 host controller, when unplugging the usb hub which
has the RTL8153 plugged, the driver would get -EPROTO for interrupt
transfer. There is high probability to get the information of "HC died;
cleaning up", if the driver continues to submit the interrupt transfer
before the disconnect() is called.

[ 1024.197678] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.213673] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.229668] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.245661] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.261653] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.277648] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.293642] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.309638] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.325633] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.341627] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.357621] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.373615] r8152 9-1.4:1.0 eth0: intr status -71
[ 1024.383097] usb 9-1: USB disconnect, device number 2
[ 1024.383103] usb 9-1.4: USB disconnect, device number 6
[ 1029.391010] xhci_hcd 0000:04:00.0: xHCI host not responding to stop endpoint command.
[ 1029.391016] xhci_hcd 0000:04:00.0: Assuming host is dying, halting host.
[ 1029.392551] xhci_hcd 0000:04:00.0: HC died; cleaning up
[ 1029.421480] usb 8-1: USB disconnect, device number 2

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 13:55:10 -04:00
Dmitry Torokhov e55a336698 Revert "Input: i8042 - disable active multiplexing by default"
This reverts commit 68da166491.

It turns out that the assertion about scope of regressions due to
always keeping keyboard controller in legacy mode was proven wrong.
There are laptops, such as Clevo W650SH, that only have internal
touchpad (no external PS/2 ports), that require active multiplexing
mode to switch the touchpad (Elantech) into native mode instead of
basic PS/2 emulation.

Reported-by: Roel Aaij <roel.aaij@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2014-10-31 09:35:53 -07:00
Tobias Klauser 5f77fc456c Input: altera_ps2 - use correct type for irq return value
The irq function altera_ps2_rxint returns an irqreturn_t, so use the
same type for variable storing the return value.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2014-10-31 09:32:02 -07:00
Tobias Klauser d0269b8475 Input: altera_ps2 - write to correct register when disabling interrupts
In altera_ps2_close, the data register (offset 0) is written instead of
the control register (offset 4), leading to the RX interrupt not being
disabled. Fix this by calling writel() with the offset for the proper
register.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2014-10-31 09:31:57 -07:00
Dmitry Torokhov fbefc5e7e6 Input: max77693-haptic - fix potential overflow
Expression haptic->pwm_dev->period * haptic->magnitude is of type
'unsigned int' and may overflow. We need to convert one of the operands
to u64 before multiplying, instead of casting result (potentially
overflown) to u64.

Reported by Coverity: CID 1248753

Acked-by : Jaewon Kim <jaewon02.kim@samsung.com>
Reviewed-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2014-10-31 09:30:44 -07:00
David S. Miller e3a88f9c4f Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
netfilter/ipvs fixes for net

The following patchset contains fixes for netfilter/ipvs. This round of
fixes is larger than usual at this stage, specifically because of the
nf_tables bridge reject fixes that I would like to see in 3.18. The
patches are:

1) Fix a null-pointer dereference that may occur when logging
   errors. This problem was introduced by 4a4739d56b ("ipvs: Pull
   out crosses_local_route_boundary logic") in v3.17-rc5.

2) Update hook mask in nft_reject_bridge so we can also filter out
   packets from there. This fixes 36d2af5 ("netfilter: nf_tables: allow
   to filter from prerouting and postrouting"), which needs this chunk
   to work.

3) Two patches to refactor common code to forge the IPv4 and IPv6
   reject packets from the bridge. These are required by the nf_tables
   reject bridge fix.

4) Fix nft_reject_bridge by avoiding the use of the IP stack to reject
   packets from the bridge. The idea is to forge the reject packets and
   inject them to the original port via br_deliver() which is now
   exported for that purpose.

5) Restrict nft_reject_bridge to bridge prerouting and input hooks.
   the original skbuff may cloned after prerouting when the bridge stack
   needs to flood it to several bridge ports, it is too late to reject
   the traffic.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 12:29:42 -04:00
Pablo Neira Ayuso 127917c29a netfilter: nft_reject_bridge: restrict reject to prerouting and input
Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-31 12:50:09 +01:00
Pablo Neira Ayuso 523b929d54 netfilter: nft_reject_bridge: don't use IP stack to reject traffic
If the packet is received via the bridge stack, this cannot reject
packets from the IP stack.

This adds functions to build the reject packet and send it from the
bridge stack. Comments and assumptions on this patch:

1) Validate the IPv4 and IPv6 headers before further processing,
   given that the packet comes from the bridge stack, we cannot assume
   they are clean. Truncated packets are dropped, we follow similar
   approach in the existing iptables match/target extensions that need
   to inspect layer 4 headers that is not available. This also includes
   packets that are directed to multicast and broadcast ethernet
   addresses.

2) br_deliver() is exported to inject the reject packet via
   bridge localout -> postrouting. So the approach is similar to what
   we already do in the iptables reject target. The reject packet is
   sent to the bridge port from which we have received the original
   packet.

3) The reject packet is forged based on the original packet. The TTL
   is set based on sysctl_ip_default_ttl for IPv4 and per-net
   ipv6.devconf_all hoplimit for IPv6.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-31 12:50:08 +01:00
Pablo Neira Ayuso 8bfcdf6671 netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
That can be reused by the reject bridge expression to build the reject
packet. The new functions are:

* nf_reject_ip6_tcphdr_get(): to sanitize and to obtain the TCP header.
* nf_reject_ip6hdr_put(): to build the IPv6 header.
* nf_reject_ip6_tcphdr_put(): to build the TCP header.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-31 12:49:57 +01:00
Pablo Neira Ayuso 052b9498ee netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
That can be reused by the reject bridge expression to build the reject
packet. The new functions are:

* nf_reject_ip_tcphdr_get(): to sanitize and to obtain the TCP header.
* nf_reject_iphdr_put(): to build the IPv4 header.
* nf_reject_ip_tcphdr_put(): to build the TCP header.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-31 12:49:05 +01:00
Pablo Neira Ayuso 4d87716cd0 netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
Fixes: 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting and postrouting")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-31 12:44:56 +01:00
David Jeffery b2de525f09 Return short read or 0 at end of a raw device, not EIO
Author: David Jeffery <djeffery@redhat.com>
Changes to the basic direct I/O code have broken the raw driver when reading
to the end of a raw device.  Instead of returning a short read for a read that
extends partially beyond the device's end or 0 when at the end of the device,
these reads now return EIO.

The raw driver needs the same end of device handling as was added for normal
block devices.  Using blkdev_read_iter, which has the needed size checks,
prevents the EIO conditions at the end of the device.

Signed-off-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-10-31 06:33:26 -04:00
Al Viro b0afd8e5db isofs: don't bother with ->d_op for normal case
we only need it for joliet and case-insensitive mounts

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-10-31 06:33:17 -04:00
Sinclair Yeh 9a72384d86 drm/vmwgfx: Filter out modes those cannot be supported by the current VRAM size.
When screen objects are enabled, the bpp is assumed to be 32, otherwise
it is set to 16.

v2:
* Use u32 instead of u64 for assumed_bpp.
* Fixed mechanism to check for screen objects
* Limit the back buffer size to VRAM.

Signed-off-by: Sinclair Yeh <syeh@vmware.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Cc: <stable@vger.kernel.org>
2014-10-31 09:58:06 +01:00
Thomas Hellstrom 0468ab5b79 drm/vmwgfx: Fix hash key computation
The hash key computation in vmw_cmdbuf_res_remove incorrectly didn't take
the resource type into account, contrary to all the other related functions.
This becomes important when the cmdbuf resource manager handles more than
one resource type.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
2014-10-31 09:54:22 +01:00
Rob Clark 21e88620aa drm/vmwgfx: fix lock breakage
After:

commit d059f652e7
Author:     Daniel Vetter <daniel.vetter@ffwll.ch>
AuthorDate: Fri Jul 25 18:07:40 2014 +0200

    drm: Handle legacy per-crtc locking with full acquire ctx

drm_mode_cursor_common() was switched to use drm_modeset_(un)lock_crtc()
which uses full aquire ctx.  So dropping/reaquiring the lock via
drm_modeset_(un)lock() directly isn't the right thing to do, as lockdep
kindly points out.

The 'FIXME's about sorting out whether vmwgfx *really* needs to lock-all
for cursor updates still apply.

Signed-off-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Jakob Bornecrantz <jakob@vmware.com>
Tested-by: Thomas Hellstrom <thellstrom@vmware.com>
2014-10-31 09:44:35 +01:00