Commit Graph

507470 Commits

Author SHA1 Message Date
Andy Lutomirski 7ea2416909 x86/asm/entry/64: Disable opportunistic SYSRET if regs->flags has TF set
When I wrote the opportunistic SYSRET code, I missed an important difference
between SYSRET and IRET.

Both instructions are capable of setting EFLAGS.TF, but they behave differently
when doing so:

 - IRET will not issue a #DB trap after execution when it sets TF.
   This is critical -- otherwise you'd never be able to make forward progress when
   returning to userspace.

 - SYSRET, on the other hand, will trap with #DB immediately after
   returning to CPL3, and the next instruction will never execute.

This breaks anything that opportunistically SYSRETs to a user
context with TF set.  For example, running this code with TF set
and a SIGTRAP handler loaded never gets past 'post_nop':

	extern unsigned char post_nop[];
	asm volatile ("pushfq\n\t"
		      "popq %%r11\n\t"
		      "nop\n\t"
		      "post_nop:"
		      : : "c" (post_nop) : "r11");

In my defense, I can't find this documented in the AMD or Intel manual.

Fix it by using IRET to restore TF.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 2a23c6b8a9 ("x86_64, entry: Use sysret to return to userspace when possible")
Link: http://lkml.kernel.org/r/9472f1ca4c19a38ecda45bba9c91b7168135fcfa.1427923514.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-04-02 11:09:54 +02:00
Ville Syrjälä 840a1cf0cd drm/i915: Reject the colorkey ioctls for primary and cursor planes
The legcy colorkey ioctls are only implemented for sprite planes, so
reject the ioctl for primary/cursor planes. If we want to support
colorkeying with these planes (assuming we have hw support of course)
we should just move ahead with the colorkey property conversion.

Testcase: kms_legacy_colorkey
Cc: Tommi Rantala <tt.rantala@gmail.com>
Cc: stable@vger.kernel.org
Reference: http://mid.gmane.org/CA+ydwtr+bCo7LJ44JFmUkVRx144UDFgOS+aJTfK6KHtvBDVuAw@mail.gmail.com
Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2015-04-02 11:25:50 +03:00
David S. Miller f5f321c431 iwlwifi:
* fix a memory leak, we leaked memory each time the module
   was loaded.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEcBAABAgAGBQJVHB3DAAoJEG4XJFUm622bLYkH+gMnmUgVD/MQLqhActOwGg/f
 YM+gAmHyHW3arwLStkx8MfYrXf2a+Q3A/+Mj61s9fMKdxtH143JwL3Gu/y76S9vH
 7bbhoiajwCg83IhrN+lIOpAHjHo/bxodXmjojnZFHTQ0MBT6ftXmLUZ7HBDwaL6A
 ct79Yh/k2lhaL8Vk242dIXWjoVmG9HtazVnK7jYB4fX+dIuqZ/53Z4acqTLeKUez
 UMRs/R0MYMtjHXhpnNHegiZ/umf4FfhrtVZ4yW2C3PqPR7wor/XkegnbwEXH3TNq
 zGACPN5YdFjDPacPslBsMT9FkOQPOwvz9Djzn7GEW6fv7AvGTC0lIXQ2E2I2phQ=
 =E1Gh
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
iwlwifi:

* fix a memory leak, we leaked memory each time the module
  was loaded.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:48:50 -04:00
David S. Miller 877e45d60c Merge branch 'cxgb4-net'
Hariprasad Shenai says:

====================
cxgb4 FW macro changes for new FW

Fix to dump device log even in the case of firmware crash. Also
incorporates changes for new FW.

This patch series has been created against net tree and includes patches on
cxgb4 driver.

We have included all the maintainers of respective drivers. Kindly review the
change and let us know in case of any review comments.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:21 -04:00
Hariprasad Shenai ae469b68a5 cxgb4: Fix to dump devlog, even if FW is crashed
Add new Common Code routines to retrieve Firmware Device Log
parameters from PCIE_FW_PF[7]. The firmware initializes its Device Log very
early on and stores the parameters for its location/size in that register.
Using the parameters from the register allows us to access the Firmware
Device Log even when the firmware crashes very early on or we're not
attached to the firmware

Based on original work by Casey Leedom <leedom@chelsio.com>

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:20 -04:00
Hariprasad Shenai 7ef65a4211 cxgb4: Firmware macro changes for fw verison 1.13.32.0
Adds new macro and few macro changes for fw version 1.13.32.0 also
changes version string in driver to match 1.13.32.0

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:20 -04:00
David S. Miller af3e09e666 This contains just a single fix for a crash I happened to randomly
run into today during testing. It's clearly been around for a while,
 but is pretty hard to trigger, even when I tried explicitly (and
 modified the code to make it more likely) it rarely did.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJVG/WSAAoJEDBSmw7B7bqrzmgQALygsyo0GrmHHorg0wkO+PBK
 l6kVknRwlsMil+vmB6mPTnwgUaGnEWJeRXl4zPJeA4Z+Xr58K1lyTFcMC0nu2MVb
 MNcTJycRmF4Lqyycd52zFaA+1vMsgG7AZb6vXLYppchUFTmbLVNX/IWhJGNOAsKZ
 HjYdvLr2kbJunIRofc/0PCC/8J4qFQj2ZphF5WfMckhNrh8+SQjIqmscFdRIqcgj
 R+LtyxscyKWspQ97J6OdoTsKpxTKSZ8mi9IvohdJhkJVnzBEkJx+Krf6PNs+Xnh1
 Z4x1Dkn1RoM8+7cakq2tTwwxokEw7de/3v/s90W+yVuZWNKsaiKHcnU+KGHu6t0J
 2766PXv6hC3KSWN6XrfTxYP7CBsT46Vf5+7FSlDsck1tUbn3W55c2kPFMBKk79yi
 CHjz1O82wzx4bAVNdaKMpR8rz6bSyhZijmduMuYxxrvnKkl5BSHype9IAUo+etVz
 KxPnwGq9yJjf0RYdr9tttxiwXJaADD6/R/bO21SIi1JeKa5sCyoAA5nLDyJfXwyt
 KtlrzzM9NWqoQUi2SGmurHHEIBBmgg9RBBWvq+MNM0Ik7d9kIawCBlvPerVc4IH4
 bUvIXEnrQNOEwxmY/9nsUShQvkzuQbkwR3rpEYA3XemO0qW1t0Tkdp/3UY3TY6Sq
 EOTi9LkOquZnKd9GB7yl
 =Imm5
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
This contains just a single fix for a crash I happened to randomly
run into today during testing. It's clearly been around for a while,
but is pretty hard to trigger, even when I tried explicitly (and
modified the code to make it more likely) it rarely did.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:19:22 -04:00
Linus Torvalds d4039314d0 IOMMU Fixes for Linux v4.0-rc6
This contains fixes for:
 
 	* A VT-d issue where hardware domain-ids might be freed while
 	  still in use.
 
 	* An ipmmu-vmsa issue where where the device-table was not zero
 	  terminated
 
 	* Unchecked register access issue in the arm-smmu driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVG+1oAAoJECvwRC2XARrjWB0P/i52bboZSEmU2oP8mMPTtJZa
 DUNUZeN2TspTmVjzQpKDLmeRKw4A0TDV6QJPceO7/AKKiMaovLdyeFXCsLIaIWWF
 i9n7pPCewE9Y/OE/Scxw+Urscf8t9PAp0YWWac0xjm0KzZMyVfU4JSev0Swn6wxq
 fP6xkAf24VcDldMwEP4vA3nMWs2RU6+ahF1M1EEUgAOXeXZRciZFh3sS+eNfl7Zo
 JijioP1X0/XLlKUJ6AUxm2tOkUCQ6XwEwmBA/V4NaCQMDe+8qXqgzSXtPbWcvCeK
 5bpS0tuiyegXalR90vm0VAoTn1oFFGdjBxqbQx1T8ew5by+3j7M18DbtCSfE6jUG
 W4IEabqSMe8Q3KLWrT/kbri0Kyb9WI8BnIqvNCwaDU6M+1iJrXFRMgEKzSl8I+yP
 aCMyKPBXbrZOopwX3drgbSYINDCDG3wQB2N0NbIuiZBrDeyX2wxOVPqWTsnqT766
 kTbZsMAr5aurs7lW3aiyuYbkyWV4prjDDpIIBwGrWyBdpcR2GFlD3+lo9cMjtGkE
 PF6M7W4AIaAoq4yD6N4ruUBfDBjY9jVwq06xQZVje5CbEdJ7NVxx9bO8Tz1NSPkV
 /Wo8tI+7b4tOuqks6vEb/uZqH4wXSLHyk5c+cy5uhR9StW+/IoIaEm6xYYHulG8i
 RGirVFSz4qgy1NGJrOqt
 =P6CS
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "This contains fixes for:

   - a VT-d issue where hardware domain-ids might be freed while still
     in use.

   - an ipmmu-vmsa issue where where the device-table was not zero
     terminated

   - unchecked register access issue in the arm-smmu driver"

* tag 'iommu-fixes-v4.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Remove unused variable
  iommu: ipmmu-vmsa: Add terminating entry for ipmmu_of_ids
  iommu/vt-d: Detach domain *only* from attached iommus
  iommu/arm-smmu: fix ARM_SMMU_FEAT_TRANS_OPS condition
2015-04-01 10:29:55 -07:00
Rusty Russell e1b7c029a3 lguest: now needs PCI_DIRECT.
Since commit 8e70946943 ("lguest: add a dummy PCI host bridge.")
lguest uses PCI, but it needs you to frob the ports directly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-04-01 10:29:05 -07:00
Linus Torvalds b6c3a5946c This fixes a problem in the lazy time patches, which can cause
frequently updated inods to never have their timestamps updated.
 These changes guarantee that no timestamp on disk will be stale by
 more than 24 hours.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVGx6pAAoJEPL5WVaVDYGjh5cIAKQAyGST92IbTkxRZsxMgqnH
 7LQI+fbNn6oHGEjSSnsWLxl6CpwT4WrCmj8WhVmpAoTLU958nBbF7iZAaaeQCGeS
 3EqaNOlKvuOK9M5PKK7a5AWO04uJuj+t6s536OqHyB1zRb1yYMsywllPzu63eigA
 jxu2yZxkFIKjo2ohSaTDRONVCsQGlqgZ2Aq/Ho5vy5QffVJKTN1G/3Kf33xukUyr
 SAnndaax23jMqcFJE3gePYXc3W8EuGoloehKyo04qFeNNVMmSoytXAwMzcTmHn+H
 biOTN5ezSKbYzv1aevRg7UuSPv17/yIo3aEberfLBgsn5O4wJGDdS+LajaI5/x8=
 =0k0d
 -----END PGP SIGNATURE-----

Merge tag 'lazytime_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull lazytime fixes from Ted Ts'o:
 "This fixes a problem in the lazy time patches, which can cause
  frequently updated inods to never have their timestamps updated.

  These changes guarantee that no timestamp on disk will be stale by
  more than 24 hours"

* tag 'lazytime_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  fs: add dirtytime_expire_seconds sysctl
  fs: make sure the timestamps for lazytime inodes eventually get written
2015-04-01 10:05:42 -07:00
Linus Torvalds 1e848913f0 Merge branch 'for-4.0' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields:
 "Two main issues:

   - We found that turning on pNFS by default (when it's configured at
     build time) was too aggressive, so we want to switch the default
     before the 4.0 release.

   - Recent client changes to increase open parallelism uncovered a
     serious bug lurking in the server's open code.

  Also fix a krb5/selinux regression.

  The rest is mainly smaller pNFS fixes"

* 'for-4.0' of git://linux-nfs.org/~bfields/linux:
  sunrpc: make debugfs file creation failure non-fatal
  nfsd: require an explicit option to enable pNFS
  NFSD: Fix bad update of layout in nfsd4_return_file_layout
  NFSD: Take care the return value from nfsd4_encode_stateid
  NFSD: Printk blocklayout length and offset as format 0x%llx
  nfsd: return correct lockowner when there is a race on hash insert
  nfsd: return correct openowner when there is a race to put one in the hash
  NFSD: Put exports after nfsd4_layout_verify fail
  NFSD: Error out when register_shrinker() fail
  NFSD: Take care the return value from nfsd4_decode_stateid
  NFSD: Check layout type when returning client layouts
  NFSD: restore trace event lost in mismerge
2015-04-01 09:45:47 -07:00
David S. Miller 9c026424db Merge branch 'bnx2'
Yuval Mintz says:

====================
bnx2x: kdump related fixes

This patch series aims to fix bnx2x driver issues when loading in kdump kernel.
Both issues fixed here would be fatal to the device, requiring full reset of
the system in order to recover, preventing the device from serving its purpose
in the kdump environment.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:39 -04:00
Yuval Mintz da254fbc63 bnx2x: Fix kdump when iommu=on
When IOMM-vtd is active, once main kernel crashes unfinished DMAE transactions
will be blocked, putting the HW in an error state which will cause further
transactions to timeout.

Current employed logic uses wrong macros, causing the first function to be the
only function that cleanups that error state during its probe/load.

This patch allows all the functions to successfully re-load in kdump kernel.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:39 -04:00
Yuval Mintz 3d6b72534a bnx2x: Fix kdump on 4-port device
When running in a kdump kernel, it's very likely that due to sync. loss with
management firmware the first PCI function to probe and reach the previous
unload flow would decide it can reset the chip and continue onward. While doing
so, it will only close its own Rx port.

On a 4-port device where 2nd port on engine is a 1g-port, the 2nd port would
allow ingress traffic after the chip is reset [assuming it was active on the
first kernel]. This would later cause a HW attention.

This changes driver flow to close both ports' 1g capabilities during the
previous driver unload flow prior to the chip reset.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:38 -04:00
Johannes Berg 788211d81b mac80211: fix RX A-MPDU session reorder timer deletion
There's an issue with the way the RX A-MPDU reorder timer is
deleted that can cause a kernel crash like this:

 * tid_rx is removed - call_rcu(ieee80211_free_tid_rx)
 * station is destroyed
 * reorder timer fires before ieee80211_free_tid_rx() runs,
   accessing the station, thus potentially crashing due to
   the use-after-free

The station deletion is protected by synchronize_net(), but
that isn't enough -- ieee80211_free_tid_rx() need not have
run when that returns (it deletes the timer.) We could use
rcu_barrier() instead of synchronize_net(), but that's much
more expensive.

Instead, to fix this, add a field tracking that the session
is being deleted. In this case, the only re-arming of the
timer happens with the reorder spinlock held, so make that
code not rearm it if the session is being deleted and also
delete the timer after setting that field. This ensures the
timer cannot fire after ___ieee80211_stop_rx_ba_session()
returns, which fixes the problem.

Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-04-01 14:35:01 +02:00
Stefan Lippers-Hollmann 80313b3078 x86/reboot: Add ASRock Q1900DC-ITX mainboard reboot quirk
The ASRock Q1900DC-ITX mainboard (Baytrail-D) hangs randomly in
both BIOS and UEFI mode while rebooting unless reboot=pci is
used. Add a quirk to reboot via the pci method.

The problem is very intermittent and hard to debug, it might succeed
rebooting just fine 40 times in a row - but fails half a dozen times
the next day. It seems to be slightly less common in BIOS CSM mode
than native UEFI (with the CSM disabled), but it does happen in either
mode. Since I've started testing this patch in late january, rebooting
has been 100% reliable.

Most of the time it already hangs during POST, but occasionally it
might even make it through the bootloader and the kernel might even
start booting, but then hangs before the mode switch. The same symptoms
occur with grub-efi, gummiboot and grub-pc, just as well as (at least)
kernel 3.16-3.19 and 4.0-rc6 (I haven't tried older kernels than 3.16).
Upgrading to the most current mainboard firmware of the ASRock
Q1900DC-ITX, version 1.20, does not improve the situation.

( Searching the web seems to suggest that other Bay Trail-D mainboards
  might be affected as well. )
--
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: <stable@vger.kernel.org>
Cc: Matt Fleming <matt.fleming@intel.com>
Link: http://lkml.kernel.org/r/20150330224427.0fb58e42@mir
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-04-01 14:08:09 +02:00
Keith Packard 8b86ed078a usb: Fix warnings in chaoskey driver
>    drivers/usb/misc/chaoskey.c: In function 'chaoskey_read':
> >> drivers/usb/misc/chaoskey.c:412:3: error: implicit declaration of function 'copy_to_user'
> >> [-Werror=implicit-function-declaration]
>       remain = copy_to_user(buffer, dev->buf + dev->used, this_time);

I was unable to reproduce this locally, but added an explicit

	#include <linux/uaccess.h>

which should ensure the definition on all architectures.

> sparse warnings: (new ones prefixed by >>)
>
> >> drivers/usb/misc/chaoskey.c:117:30: sparse: incorrect type in assignment (different base types)
>    drivers/usb/misc/chaoskey.c:117:30:    expected int [signed] size
>    drivers/usb/misc/chaoskey.c:117:30:    got restricted __le16 [usertype] wMaxPacketSize

Switched the code to using the USB descriptor accessor functions.

Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-04-01 14:00:11 +02:00
Greg Kroah-Hartman dce5bdfe8f IIO fixes for 4.0 set 4
A couple more IIO fixes.
 
 * Fix check for HAS_IOMEM in the cc100001_adc driver to avoid build errors.
   Rather curiously it was ORed with Regulator and clock support.
 * vf610 driver was trying to use an ADC clock outside the possible
   spec on some boards.  The driver assumed a fixed clock speed previously
   across all boards, but that is not true.  This fix ensures that the
   reported frequency is correct on all boards.
 * The adis imu common code directly set the current trigger to the
   driver supplied one.  Unfortunately this didn't increase the use count
   leading to a double free via a particular path of changing the trigger
   then removing the driver.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJVGaWjAAoJEFSFNJnE9BaIWUwP/jtYsUsoILHo8vng+DoFyx5L
 nDEEJqDYM7AROuBFAhayqpWVLjsd88VLCtD/in1HjNYXilhFbEMjIKknc3mmBg37
 YRNS7roxmOM7BD/Emww0eTlnmmNIXJx6iNBPJYizhtlS9xUGYWUwGfWOX2MN/qzq
 5oWL9uC8UAbMU0/hAeQ2rwYer/L7JDykQFrirupSyHqBzhL80gJ2591Bp1f8jTQ6
 CJ+gQZq/7qV1TzCW9PQzbO4oToBAXcShuKT7KEEJWiBEeUyC1lHn0cQocePA4Xd6
 YnO5tARiIZgAFypGHIYRZ22D3bP5HrGNtW7MSGdC5m4UNVTn/JlEO+bMLwaWVQWq
 bufK5bGGU8sS4lvyJSrixWb6S5lVoyCnrnKUc8Azaogd77G3JlMEiZBwp+5Chisr
 2tWSIdrAcH+NW/cp0iDHYjVKnkbHNvlmNqU0CHqWBXqUaIeZnzmhfUQcMih8jIy4
 CdyuBw9qUuVROkGOAzxNxrs5eZy4RiZ/erVZR7iI618l1ZtZcBVhZjek9GGj8Mc7
 6U+gnxR+jq2YUMCZyX8iRkxvW0JIxPh3ePGzvoSdenQuZRdblG8icff3dYup7XkJ
 EtLf7DeHyi1yE6E3TE/0iyTDhBErzv/ayvHkse0BFu4eBps0w60WPmcwjf6r1SUv
 FiYj8KMn1BlKqggX/eX+
 =BbAz
 -----END PGP SIGNATURE-----

Merge tag 'iio-fixes-for-4.0d' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus

Jonathan writes:

IIO fixes for 4.0 set 4

A couple more IIO fixes.

* Fix check for HAS_IOMEM in the cc100001_adc driver to avoid build errors.
  Rather curiously it was ORed with Regulator and clock support.
* vf610 driver was trying to use an ADC clock outside the possible
  spec on some boards.  The driver assumed a fixed clock speed previously
  across all boards, but that is not true.  This fix ensures that the
  reported frequency is correct on all boards.
* The adis imu common code directly set the current trigger to the
  driver supplied one.  Unfortunately this didn't increase the use count
  leading to a double free via a particular path of changing the trigger
  then removing the driver.
2015-04-01 13:51:02 +02:00
Greg Kroah-Hartman d3a3d28f1c USB-serial fixes for v4.0-rc6
Here are a few new device IDs.
 
 Signed-off-by: Johan Hovold <johan@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJVFWvVAAoJEEEN5E/e4bSVG1AP/2fCiXyoEbcI6aYrhfIbPsCk
 UmyeNEyOkVw4w4N9zQNBrbaWfdm2JGWoky+itA3XpSXWgrv5jWoxpK0LtqGfItHh
 gcP6bsMDJp4Jt7CmRtdEHQM9Jbm4M+ymGpGwuurPV44IEfDxmX02wiqFDWNaBkEr
 ItA5N158mxL81U3luEw5nxERi57KDjhtSjE2EOW2Mgyf+SVH6mqgFabRO3SeRUmV
 8BJ8x1px6qPPmrxdyusHV1JN723hyZcCVWFLLcDHKO6bMu84T+QnOafME9cZhlcj
 mm9v36d4pKaQpyWSLVV7WjId1xaTKMda/Zzy5EMBMDimqGYodIzerPrYLFITBKVd
 3MBPIaQJ03XHZ/Z4fZvCYFd0zoCEhIuy7igVbHql9mNFmUUJEJUdYHR0Dk/7J3a/
 1ouYNyFe6GpSb9ew4MvaBC4OStZnUhUOIpQb2vP+TJTIHPHJzMtI4WMf/L0Ikf7r
 yazXRkr9IE4rKHrk5mqXDpET4DIbq1jw9KU4q987k4jKpcJGu2ibcvq/penBPSk+
 Oiab6g9a1vvUTeT3gZd0tv22sZsRdzJP8snKyiF8KIqJwH8MhsWETx633JJMFqcP
 srOf8Nhc5tMObIozBdPmiqjXB+FKPviZ83gJ7n6E992AOa9zouRi8uORUc68LI+j
 J0RCnRGKaL43LD2So7H/
 =8dFl
 -----END PGP SIGNATURE-----

Merge tag 'usb-serial-4.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus

Johan writes:

USB-serial fixes for v4.0-rc6

Here are a few new device IDs.

Signed-off-by: Johan Hovold <johan@kernel.org>
2015-04-01 13:42:58 +02:00
Steve French 4c5930e805 Fix warning
Coverity reports a warning due to unitialized attr structure in one
code path.

Reported by Coverity (CID 728535)

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeff Layton <jlayton@samba.org>
2015-04-01 00:01:47 -05:00
Steve French dfebe40076 Fix another dereference before null check warning
null tcon is not possible in these paths so
remove confusing null check

Reported by Coverity (CID 728519)

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeff Layton <jlayton@samba.org>
2015-04-01 00:01:47 -05:00
Steve French 8b7a454443 CIFS: session servername can't be null
remove impossible check

Pointed out by Coverity (CID 115422)

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeff Layton <jlayton@samba.org>
2015-04-01 00:01:47 -05:00
Steve French c85c35f8fc Fix warning on impossible comparison
workstation_RFC1001_name is part of the struct and can't be null,
remove impossible comparison (array vs. null)

Pointed out by Coverity (CID 140095)

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeff Layton <jlayton@samba.org>
2015-04-01 00:01:47 -05:00
Steve French 064bcc0702 Fix coverity warning
Coverity reports a warning for referencing the beginning of the
SMB2/SMB3 frame using the ProtocolId field as an array. Although
it works the same either way, this patch should quiet the warning
and might be a little clearer.

Reported by Coverity (CID 741269)

Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
2015-04-01 00:01:47 -05:00
Steve French 8e35310605 Fix dereference before null check warning
null tcon is not likely in these paths in current
code, but obviously it does clarify the code to
check for null (if at all) before derefrencing
rather than after.

Reported by Coverity (CID 1042666)

Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
2015-04-01 00:01:47 -05:00
Steve French f3a31a2bbb Don't ignore errors on encrypting password in SMBTcon
Although unlikely to fail (and tree connect does not commonly send
a password since SECMODE_USER is the default for most servers)
do not ignore errors on SMBNTEncrypt in SMB Tree Connect.

Reported by Coverity (CID 1226853)

Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
2015-04-01 00:01:46 -05:00
Steve French 75fdfc849a Fix warning on uninitialized buftype
Pointed out by coverity analyzer.  resp_buftype is
not initialized in one path which can rarely log
a spurious warning (buf is null so there will
not be a problem with freeing data, but if buf_type
were randomly set to wrong value could log a warning)

Reported by Coverity (CID 1269144)

Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
2015-04-01 00:01:46 -05:00
Jeff Kirsher 2f30232481 MAINTAINERS: Update Intel Wired Ethernet Driver info
Update the git tree info with a recent change in tree names.  Also
add our new mailing list created solely for Linux kernel patches
and kernel development, as well as the new patchwork project for
tracking patches.  Lastly update the list of "reviewers" since a
couple of developers have moved on to different projects.

Made an update to the section header so that it is more manageable
going forward as we add new drivers.

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-03-31 21:26:36 -07:00
Ying Xue 7e43690578 tipc: fix a slab object leak
When remove TIPC module, there is a warning to remind us that a slab
object is leaked like:

root@localhost:~# rmmod tipc
[   19.056226] =============================================================================
[   19.057549] BUG TIPC (Not tainted): Objects remaining in TIPC on kmem_cache_close()
[   19.058736] -----------------------------------------------------------------------------
[   19.058736]
[   19.060287] INFO: Slab 0xffffea0000519a00 objects=23 used=1 fp=0xffff880014668b00 flags=0x100000000004080
[   19.061915] INFO: Object 0xffff880014668000 @offset=0
[   19.062717] kmem_cache_destroy TIPC: Slab cache still has objects

This is because the listening socket of TIPC topology server is not
closed before TIPC proto handler is unregistered with proto_unregister().
However, as the socket is closed in tipc_exit_net() which is called by
unregister_pernet_subsys() during unregistering TIPC namespace operation,
the warning can be eliminated if calling unregister_pernet_subsys() is
moved before calling proto_unregister().

Fixes: e05b31f4bf ("tipc: make tipc socket support net namespace")
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 23:10:08 -04:00
Jan Stancek d52356e7f4 powerpc: fix memory corruption by pnv_alloc_idle_core_states
Space allocated for paca is based off nr_cpu_ids,
but pnv_alloc_idle_core_states() iterates paca with
cpu_nr_cores()*threads_per_core, which is using NR_CPUS.

This causes pnv_alloc_idle_core_states() to write over memory,
which is outside of paca array and may later lead to various panics.

Fixes: 7cba160ad7 (powernv/cpuidle: Redesign idle states management)
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-04-01 12:05:44 +11:00
Peter Hutterer 3309677751 Input: define INPUT_PROP_ACCELEROMETER behavior
Spell out what this property means to userspace. If the property is set, all
directional axes must be accelerometer axes, any other axes are left as-is.
This allows an accelerometer device to e.g. have an ABS_WHEEL.

It is not permitted to mix normal directional axes and accelerometer axes on
the same device node.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Reviewed-by: Bastien Nocera <hadess@hadess.net>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-03-31 14:46:40 -07:00
Filip Ayazi 85734b1a5d Input: synaptics - fix min-max quirk value for E440
Commit 98dc070373 ("Input: synaptics - add quirk for Thinkpad E440") had
a typo in ymax, this changes the value to the one reported by
touchpad-edge-detector and mentioned in the commit.

Signed-off-by: Filip Ayazi <filipayazi@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-03-31 14:46:39 -07:00
Christian Hesse 347eec348a net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet
This device is sold as 'Lenovo Tinkpad USB 3.0 Ethernet 4X90E51405'.
Chipset is RTL8153 and works with r8152.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 17:15:37 -04:00
Eugene Crosser ed4ac42217 af_iucv: fix AF_IUCV sendmsg() errno
When sending over AF_IUCV socket, errno was incorrectly set to
ENOMEM even when other values where appropriate, notably EAGAIN.
With this patch, error indicator returned by sock_alloc_send_skb()
is passed to the caller, rather than being overwritten with ENOMEM.

Signed-off-by: Eugene Crosser <Eugene.Crosser@ru.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 16:06:50 -04:00
Thomas Graf fa2d8ff4e3 openvswitch: Return vport module ref before destruction
Return module reference before invoking the respective vport
->destroy() function. This is needed as ovs_vport_del() is not
invoked inside an RCU read side critical section so the kfree
can occur immediately before returning to ovs_vport_del().

Returning the module reference before ->destroy() is safe because
the module unregistration is blocked on ovs_lock which we hold
while destroying the datapath.

Fixes: 62b9c8d037 ("ovs: Turn vports with dependencies into separate modules")
Reported-by: Pravin Shelar <pshelar@nicira.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 15:59:50 -04:00
Jeff Layton f9c72d10d6 sunrpc: make debugfs file creation failure non-fatal
We currently have a problem that SELinux policy is being enforced when
creating debugfs files. If a debugfs file is created as a side effect of
doing some syscall, then that creation can fail if the SELinux policy
for that process prevents it.

This seems wrong. We don't do that for files under /proc, for instance,
so Bruce has proposed a patch to fix that.

While discussing that patch however, Greg K.H. stated:

    "No kernel code should care / fail if a debugfs function fails, so
     please fix up the sunrpc code first."

This patch converts all of the sunrpc debugfs setup code to be void
return functins, and the callers to not look for errors from those
functions.

This should allow rpc_clnt and rpc_xprt creation to work, even if the
kernel fails to create debugfs files for some reason.

Symptoms were failing krb5 mounts on systems using gss-proxy and
selinux.

Fixes: 388f0c7767 "sunrpc: add a debugfs rpc_xprt directory..."
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-03-31 14:15:08 -04:00
Jiri Benc 5899f04785 netlink: pad nla_memcpy dest buffer with zeroes
This is especially important in cases where the kernel allocs a new
structure and expects a field to be set from a netlink attribute. If such
attribute is shorter than expected, the rest of the field is left containing
previous data. When such field is read back by the user space, kernel memory
content is leaked.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 14:07:24 -04:00
Anton Nayshtut f5e2dc5d7f bonding: Bonding Overriding Configuration logic restored.
Before commit 3900f29021 ("bonding: slight
optimizztion for bond_slave_override()") the override logic was to send packets
with non-zero queue_id through the slave with corresponding queue_id, under two
conditions only - if the slave can transmit and it's up.

The above mentioned commit changed this logic by introducing an additional
condition - whether the bond is active (indirectly, using the slave_can_tx and
later - bond_is_active_slave), that prevents the user from implementing more
complex policies according to the Documentation/networking/bonding.txt.

Signed-off-by: Anton Nayshtut <anton@swortex.com>
Signed-off-by: Alexey Bogoslavsky <alexey@swortex.com>
Signed-off-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:49:45 -04:00
David S. Miller d91e9015c7 Merge branch 'ipvlan-corruptions'
Jiri Benc says:

====================
ipvlan: list corruption and rcu fixes

This patch set fixes different issues leading to corrupted lists and
incorrect rcu usage.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:38 -04:00
Jiri Benc e9997c2938 ipvlan: fix check for IP addresses in control path
When an ipvlan interface is down, its addresses are not on the hash list.
Fix checks for existence of addresses not to depend on the hash list, walk
through all interface addresses instead.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc 40891e8ad6 ipvlan: do not use rcu operations for address list
All accesses to ipvlan->addrs are under rtnl.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc 2afa650ce2 ipvlan: protect against concurrent link removal
Adding and removing to the 'ipvlans' list is already done using _rcu list
operations.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc 27705f7085 ipvlan: fix addr hash list corruption
When ipvlan interface with IP addresses attached is brought down and then
deleted, the assigned addresses are deleted twice from the address hash
list, first on the interface down and second on the link deletion.
Similarly, when an address is added while the interface is down, it is added
second time once the interface is brought up.

When the interface is down, the addresses should be kept off the hash list
for performance reasons. Ensure this is true, which also fixes the double add
problem. To fix the double free, check whether the address is hashed before
removing it.

Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Mike Snitzer e9637415a9 block: fix blk_stack_limits() regression due to lcm() change
Linux 3.19 commit 69c953c ("lib/lcm.c: lcm(n,0)=lcm(0,n) is 0, not n")
caused blk_stack_limits() to not properly stack queue_limits for stacked
devices (e.g. DM).

Fix this regression by establishing lcm_not_zero() and switching
blk_stack_limits() over to using it.

DM uses blk_set_stacking_limits() to establish the initial top-level
queue_limits that are then built up based on underlying devices' limits
using blk_stack_limits().  In the case of optimal_io_size (io_opt)
blk_set_stacking_limits() establishes a default value of 0.  With commit
69c953c, lcm(0, n) is no longer n, which compromises proper stacking of
the underlying devices' io_opt.

Test:
$ modprobe scsi_debug dev_size_mb=10 num_tgts=1 opt_blks=1536
$ cat /sys/block/sde/queue/optimal_io_size
786432
$ dmsetup create node --table "0 100 linear /dev/sde 0"

Before this fix:
$ cat /sys/block/dm-5/queue/optimal_io_size
0

After this fix:
$ cat /sys/block/dm-5/queue/optimal_io_size
786432

Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # 3.19+
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
2015-03-31 09:45:50 -06:00
Ingo Molnar 36cbf25dc7 * Fix integer overflow issue in the DMI SMBIOS 3.0 code when
calculating the number of DMI table entries - Jean Delvare
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVFVAYAAoJEC84WcCNIz1VPNYQAISdgO3dgFFo4k0SQQ6Bjpqa
 wQ6Y+nfsOQi6FyMYPO/Fjag8H++QQqvxI7V2p++Aj7kitICyNhzpdWlgP7+SScbJ
 XR6JUWG8UHlkL0pGjYEqIQ+X9D2xILCfO4gEFJ22gfQJwks3lXOfvBaah8Hfoj1Z
 WHjUR2E5MbmDcCC4/amyOV8EF1dnj30lYerW0Qhv9q/o4eq3h+znBb2muap7Ctng
 HvSWaK4ZGtdz+xMvDtqTzTBSSyA/6kaWH7fRhySGG1pSvZHVDvfIfAO9XVs4oKnX
 vIvhiCHATB2+PZML38U+/nvJZTicDgF6XeJyoMZeE3KEZ/UoYYzhv/DPI0rPIonk
 Za2kaiC9BfNsIMgEfh9jVpRrek/4t73FYAwpwnbNxzzklXWVeJcC8PcfPkuqHHin
 BMsBEH0vz/eI7aQ4HY7iail0TB278Z0FexRFUDKeQsNdXW5wcO1seNbkNPvTW01k
 xqHb4JMm2hyDUXRFqrncUr6362zV7s3eiIRnpoMcNK3ZD4gKkuCUHAoma+NimeLu
 3UMs+O/Qv1lzpg8JWScyKdwpVK4OrEeX20O/SeIR7XyGYw2fdksDKMB0l0y+hIdD
 +IDuH55ThaxqYGRhYtIQXck9LqR3rdrDZDQzwVr0iNS6U8zN5Zzs9ybXfKoZmjgk
 zI4ooTN/aNvkS98fD8y8
 =oUNN
 -----END PGP SIGNATURE-----

Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/mfleming/efi into x86/urgent

Pull EFI fix from Matt Fleming:

  - Fix integer overflow issue in the DMI SMBIOS 3.0 code when
    calculating the number of DMI table entries. (Jean Delvare)

Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-03-31 10:45:47 +02:00
Borislav Petkov ca68a525ff MAINTAINERS: Change the x86 microcode loader maintainer
Let's make it official - I've been doing this for a while now anyway.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andreas Herrmann <herrmann.der.user@googlemail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-03-31 10:04:52 +02:00
Linus Torvalds 6c310bc1ac File locking related fix for v4.0 (#5)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVGaCRAAoJEAAOaEEZVoIVGrIQANdWqVT2cUApF/jwct5mgr+L
 63+sbhGq1qSIfI+OzK/3JeUQY+nl60KmHqWFbUays7Lfdc1Olu5WB/57e5o5ryne
 02xg0JqaUTvVTAncZihbyYwUJwIfO4Bwpylf0BmMVWRtV5TGyRDuB0pGuFFnM+jp
 ftQv5tJiXfiG0J9PActKVXs4vIvpJ7ZJYIdGYj96TXz9ZFaZWZ1VtfJKcafCK7OI
 4VHhoAkNQDUEKkwa5guIALS8M4hBfOeQUSqVTXrZ182JxRWOvEJKlPCsh1cj5sEe
 GowPG5Ci1LIEwLriME5H/eIe3jxR3bEGNMLgWfMEmuR5a8jc6yDisO025PO5lrfA
 bLFlaQQX28kq8oSfEgCpHW4rZX93JrhUViXdatLRlSsxMSirsIhwFMrdAPbmw996
 YmErsWF2rgFx5bU5Z7FPThygbeDs+8HFfJEhCJtIkv8CRjJZXfpjKJuJBMprIp8o
 x/PHJPMBkHQfFfeiQPKhVeNsO/7pYFpsw1HEJdkviNq8MS3lprwIcs8pzgdv+RGn
 bb8Pw+cCO7VQBbfUvj1qC74V5D3dvH3yNg8hpkQOWyReeqoavQVR4KIkC7p111lo
 Tm5wTEiG0gId3Z22FjzrzCeN/zfUsz43JGcwDqb5DMobQzs55IPz2/xSdmG48kmv
 Vh6s3/oPKlMYDrGQ9p1f
 =3opM
 -----END PGP SIGNATURE-----

Merge tag 'locks-v4.0-5' of git://git.samba.org/jlayton/linux

Pull file locking fix from Jeff Layton:
 "Another small fix for the lease overhaul"

* tag 'locks-v4.0-5' of git://git.samba.org/jlayton/linux:
  locks: fix file_lock deletion inside loop
2015-03-30 15:13:04 -07:00
Christoph Hellwig f3f03330de nfsd: require an explicit option to enable pNFS
Turns out sending out layouts to any client is a bad idea if they
can't get at the storage device, so require explicit admin action
to enable pNFS.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-03-30 16:05:26 -04:00
Linus Torvalds 32374ea8fe Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
 "Nothing exciting.  Two patches to update queued trim blacklist"

* 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  libata: Blacklist queued TRIM on Samsung SSD 850 Pro
  libata: Update Crucial/Micron blacklist
2015-03-30 11:08:37 -07:00
Peter Ujfalusi fbef403aa7 dmaengine: moxart-dma: Fix memory leak when stopping a running transfer
The vd->node is removed from the lists when the transfer started so the
vchan_get_all_descriptors() will not find it. This results memory leak.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:17:08 +05:30