fimc_m2m_job_finish() has to be called with the m2m context for the necessary
cleanup while resume. But currently fimc_m2m_job_finish() always passes m2m
context as NULL.
This patch preserves the context before making it null, for necessary cleanup.
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
gsc_m2m_job_finish() has to be called with the m2m context for the necessary
cleanup while resume. But currently gsc_m2m_job_finish() always passes m2m
context as NULL.
This patch preserves the context before making it null, for necessary cleanup.
Use gsc_m2m_opened() instead gsc_m2m_active() in gsc_resume().
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Changing the variable type to 'int' from 'unsigned int'. Driver
logic expects the variable type to be 'int'.
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
v4l2_ctrl_new() uses check_range() for control range checking.
This function expects 'step' value for V4L2_CTRL_TYPE_BOOLEAN type control.
If 'step' value doesn't match to '1', it returns -ERANGE error.
This patch adds the default .step value to 1.
Signed-off-by: Shaik Ameer Basha <shaik.ameer@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
If pin_free is called on a pin already freed, mux_usecount is set to
UINT_MAX which is really a bad idea.
This will issue a warning, so that we can correct the code responsible
for the double free.
Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This patch fixes a minor bug (probably due to a typo) while checking
the SoC specific controls in mvebu_pinctrl_probe().
Acked-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
We've had several reports of people attempting to mount Windows 8 shares
and getting failures with a return code of -EINVAL. The default sec=
mode changed recently to sec=ntlmssp. With that, we expect and parse a
SPNEGO blob from the server in the NEGOTIATE reply.
The current decode_negTokenInit function first parses all of the
mechTypes and then tries to parse the rest of the negTokenInit reply.
The parser however currently expects a mechListMIC or nothing to follow the
mechTypes, but Windows 8 puts a mechToken field there instead to carry
some info for the new NegoEx stuff.
In practice, we don't do anything with the fields after the mechTypes
anyway so I don't see any real benefit in continuing to parse them.
This patch just has the kernel ignore the fields after the mechTypes.
We'll probably need to reinstate some of this if we ever want to support
NegoEx.
Reported-by: Jason Burgess <jason@jacknife2.dns2go.com>
Reported-by: Yan Li <elliot.li.tech@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
default_file_splice_from() ends up calling vfs_write() (via very convoluted
callchain). It's an overkill, since we already have done rw_verify_area()
in the caller by the time we call vfs_write() we are under set_fs(KERNEL_DS),
so access_ok() is also pointless. Add a new helper (__kernel_write()),
use it instead of kernel_write() in there.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
- Add the lost dependency check for DEBUG_IMX_UART_PORT back
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJRR/5HAAoJEFBXWFqHsHzOQxsH/2vXHYV3ds9HeBzb9UPIQEo5
dXKdUiSz/Sh/5gdm43swUOHr8nl3Wm0hqErGM1acyEBUcG9zDIJUMF5UX59tXCKs
uEFp/TufyDK1VCMwdkUrPZG9WNXnYZuAkAWv6plGZk+ZhHFYAUQccOH9TN8JE11E
IgmO2NTt9gG83dMF/jxsLQBGE0YcPWzdR34Uyfl4TUwq8w+MTUalWKpajn5pKkQ2
4rvqNRaXevlVRzKxYH5/Xpd0VeFZH1eK/wbWEQfc1jBXlGv52Fz3OTJWSOCi2z+y
FQ9DwShaHfHbhwJmM8pgWyHzUsd4iPuPxpsbtAIuM9yhOQkxxDLAshjCSjpJByI=
=lu20
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-3.9-3' of git://git.linaro.org/people/shawnguo/linux-2.6 into fixes
From Shawn Guo <shawn.guo@linaro.org>:
The imx fixes for 3.9, take 3:
- Add the lost dependency check for DEBUG_IMX_UART_PORT back
* tag 'imx-fixes-3.9-3' of git://git.linaro.org/people/shawnguo/linux-2.6:
ARM: imx: add dependency check for DEBUG_IMX_UART_PORT
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- Fix the shifted framebuffer with X11 system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJRR/2TAAoJEFBXWFqHsHzOxSYH/1ZOu9LcOclGxw79GE+GxZqK
ZiZXyPSlgb+0+oXGezYq04ciGfKMgNmORuJfuxseH1cHPY0JqccmWac3mXKC7fYE
qlNdp/xjLihHJnYH3XJCbUJJ0axtt518FJB2WAT5oi3+MP7+XhqSaYvwpwq3d+Hy
pVC/VuSdfqKJg6JhxoQ+F8G/y7OXMF92C9WjQCeQZlfYDsr40e6Wg7UsXnerqqhi
HmY/hLF0vZatgsO4LNxRFJpzYl5Ahr+/svv6gH1MbcaL4iMo5U6RhgAtAiDSAY6E
jgpfNUHmCjAWHCjr30uxiD0fyXZk9Aq1jiQ3iUBZ9GbghHkxKWgeNtuKdn8JkMo=
=kmVW
-----END PGP SIGNATURE-----
Merge tag 'mxs-fixes-3.9-3' of git://git.linaro.org/people/shawnguo/linux-2.6 into fixes
From Shawn Guo <shawn.guo@linaro.org>:
The mxs fixes for 3.9, take 3:
- Fix the shifted framebuffer with X11 system
* tag 'mxs-fixes-3.9-3' of git://git.linaro.org/people/shawnguo/linux-2.6:
ARM: video: mxs: Fix mxsfb misconfiguring VDCTRL0
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Follow the common pattern and define *_DIAG_MAX like:
[...]
__XXX_DIAG_MAX,
};
Because everyone is used to do:
struct nlattr *attrs[XXX_DIAG_MAX+1];
nla_parse([...], XXX_DIAG_MAX, [...]
Reported-by: Thomas Graf <tgraf@suug.ch>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The generic parser should evaluate the availability of the independent
HP when specified. Otherwise a DAC without the direct connection to
the corresponding pin may be assigned for the HP, but the driver
doesn't check it at all. The problem was actually seen on some
machines with VT1708s or equivalent codec, where DAC0 is assigned to
HP although it can be connected only via aamix.
This patch adds the badness evaluation for the independent HP to make
it working properly.
Reported-by: Lydia Wang <LydiaWang@viatech.com.cn>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Or Gerlitz says:
====================
Here's a batch of mlx4 driver fixes for 3.9, mostly SRIOV/Flow-steering
related. Series done against the net tree as of commit 5a3da1f
"inet: limit length of fragment queue hash table bucket lists
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
VF QPs must not be released when they have steering rules attached to them.
For that end, introduce a reference count field to the QP object in the
SRIOV resource tracker which is incremented/decremented when steering rules
are attached/detached to it. QPs can be released by VF only when their
ref count is zero.
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
One of the resource tracker code paths was wrongly using int and not u64
for resource tracking IDs, fix it.
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix the ethtool flow steering rules cleanup to be carried out before
releasing the RX QPs.
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On the resource tracker cleanup flow, the DMFS rules must be deleted before we
destroy the QPs, else the HW may attempt doing packet steering to non existent QPs.
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the mask is wrongly set in the MAP_EQ wrapper, fix that.
Without the fix any EQ number above 511 is mapped to one below 511.
Signed-off-by: Moshe Lazer <moshel@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The error check in cpsw_probe_dt() has an '&&' where an '||' is
meant to be. This causes a NULL pointer dereference when incomplet DT
data is passed to the driver ('phy_id' property for cpsw_emac1
missing).
Signed-off-by: Lothar Waßmann <LW@KARO-electronics.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Freeing netdev without free_netdev() leads to net, tx leaks.
And it may lead to dereferencing freed pointer.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
udc-core learned that it shouldn't use invalid pointers
when unloading a gadget driver.
net2272 and net2280 got a fix for a regression caused by
the udc_start/udc_stop conversion.
We're defining a static inline no-op for otg_ulpi_create()
to prevent build errors when that driver isn't enabled.
FunctionFS got a fix for an off-by-one error when binding
and unbinding instances of FunctionFS.
MUSB learned that it shouldn't try to unmap buffers which
weren't previously mapped.
f_rndis got a fix for a possible NULL pointer dereference
in a debugging message code.
MUSB's DA8xx glue layer got a build fix due to a typo.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJRSu6dAAoJEIaOsuA1yqREdA8P/R4iKKZ3H23xfSJirQaEYADY
ejeCefHeev+QFXcRVtkhTMGV1Kt6ZLAJ19wrTT3xdENjUbBZdx+9GzN/bUsr5yAO
SjBFSzVkbbELn4es+hbUPIJgGDa+/DOs9nLgDLlzdaaWbbyvpsl5cbokGAYFgstn
xy/36e5wctm066cZzG78+cewtuvKxXHANhZt7tTNLWfu/ARaBfiDoYH+fhobJwzq
poZ47hZPxPE5nn9ppB16jtvpAFAXT8AQZg4SGA2yIRKXkExNNCOUh2xxIHnmWdI2
k3Qp0YUlCUsoCifFu6k0vhJBxctbi9AVTnnBJXWokw4tX4bVt9uglDkXXZdOfQ/y
vA3j+lY9rSjuBixmNjVlvwP77qyR85ILFF9WDhwsGrSNJyeUyV/Fmy2s7sRZFLjL
X6ziN2Tj/3gC6uaO5Rbgmw7aURy8UyML/byBVq/uRMTu0NJPGxnC5xM2WPmGl9nz
dWP2mcd193rxys8GYH7G6zz4MJ3WFyPgJ0VszsT/kGI/rL0ij1xTuKnw7zsP38Mk
RINfeBcY2Msi0Mt4KnXJ8vgSIyI3XOwVCebKCAIdc4rktVAryKCJTjtXMlHD4niI
rTztkXPkM4bcEiqa29FIhGkiYsQfQ66N8a9RbH6nWZSvhbgs1p8Y721FYfTKt+54
oTvm35fUgthYTtpig5bN
=wGIr
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-v3.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus
Felipe writes:
usb: fixes for v3.9-rc4
udc-core learned that it shouldn't use invalid pointers
when unloading a gadget driver.
net2272 and net2280 got a fix for a regression caused by
the udc_start/udc_stop conversion.
We're defining a static inline no-op for otg_ulpi_create()
to prevent build errors when that driver isn't enabled.
FunctionFS got a fix for an off-by-one error when binding
and unbinding instances of FunctionFS.
MUSB learned that it shouldn't try to unmap buffers which
weren't previously mapped.
f_rndis got a fix for a possible NULL pointer dereference
in a debugging message code.
MUSB's DA8xx glue layer got a build fix due to a typo.
Pull thermal management fixes from Zhang Rui.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
thermal: exynos_thermal: return a proper error code while thermal_zone_device_register fail.
thermal: rcar_thermal: propagate return value of thermal_zone_device_register
Thermal: kirkwood: Convert to devm_ioremap_resource()
Thermal: rcar: Convert to devm_ioremap_resource()
Thermal: dove: Convert to devm_ioremap_resource()
thermal: rcar: fix missing unlock on error in rcar_thermal_update_temp()
Pull perf fixes from Ingo Molnar:
"A fair chunk of the linecount comes from a fix for a tracing bug that
corrupts latency tracing buffers when the overwrite mode is changed on
the fly - the rest is mostly assorted fewliner fixlets."
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86: Add SNB/SNB-EP scheduling constraints for cycle_activity event
kprobes/x86: Check Interrupt Flag modifier when registering probe
kprobes: Make hash_64() as always inlined
perf: Generate EXIT event only once per task context
perf: Reset hwc->last_period on sw clock events
tracing: Prevent buffer overwrite disabled for latency tracers
tracing: Keep overwrite in sync between regular and snapshot buffers
tracing: Protect tracer flags with trace_types_lock
perf tools: Fix LIBNUMA build with glibc 2.12 and older.
tracing: Fix free of probe entry by calling call_rcu_sched()
perf/POWER7: Create a sysfs format entry for Power7 events
perf probe: Fix segfault
libtraceevent: Remove hard coded include to /usr/local/include in Makefile
perf record: Fix -C option
perf tools: check if -DFORTIFY_SOURCE=2 is allowed
perf report: Fix build with NO_NEWT=1
perf annotate: Fix build with NO_NEWT=1
tracing: Fix race in snapshot swapping
Pull drm fixes from Dave Airlie:
"Radeon, intel and nouveau, along with one mgag200 fix
- intel fix for an ioctl overflow, along with a regression fix for
some phantom irqs on Ironlake.
- nouveau has a lockdep warning and a bunch of thermal fixes
- radeon has new pci ids and some minor fixes."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (26 commits)
drm/mgag200: Bug fix: Modified pll algorithm for EH project
drm/i915: stop using GMBUS IRQs on Gen4 chips
drm/nv50/kms: prevent lockdep false-positive in page flipping path
drm/nouveau/core: fix return value of nouveau_object_del()
MAINTAINERS: intel-gfx is no longer subscribers-only
drm/i915: Use the fixed pixel clock for eDP in intel_dp_set_m_n()
drm/nouveau/hwmon: do not expose a buggy temperature if it is unavailable
drm/nouveau/therm: display the availability of the internal sensor
drm/nouveau/therm: disable temperature management if the sensor isn't readable
drm/nouveau/therm: disable auto fan management if temperature is not available
drm/nv40/therm: reserve negative temperatures for errors
drm/nv40/therm: disable temperature reading if the bios misses some parameters
drm/nouveau/therm-ic: the temperature is off by sensor_constant, warn the user
drm/nouveau/therm: remove some confusion introduced by therm_mode
drm/nouveau/therm: do not make assumptions on temperature
drm/nv40/therm: increase the sensor's settling delay to 20ms
drm/nv40/therm: improve selection between the old and the new style
Revert "drm/i915: try to train DP even harder"
drm/radeon: add Richland pci ids
drm/radeon: add support for Richland APUs
...
Fix reported data loss with discards and thin snapshots; avoid a
deadlock observed in dm verity; fix a race in the new dm cache code
along with some other minor bugs; store the cache policy version on disk
to make the stored hints format future-proof.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJRSfH2AAoJEK2W1qbAHj1nENIP+wQCLqY5Sl1uBbtJ1s1T102U
RDDqSNQKRvsRlR+lfL4QR+kAeUyOyU8C4K/RPh3G4BUXjT+3UxMtQ1ZeliUQX8qa
Vt2gywtAS+eyydOHgUmywnDc/u9OT5JRcbww/uEoeUj9GnhBZJQ205t4eqPxcP6q
cx0S3pBAQqwMu2BTmBQY1CrDP/7LQ545TU/PPbu/Y7VStgd+XyNkPA5VcuyBuwl1
MlK1666x2QMQ5whJBSs8diGZYXZo4rRLUWQuaytJdyvANdip7Kv1jZyx/M1nMBk2
/dtBY79RoOQEeUrptwF/BltuFrXY1YGnX5f/lhCaVtpaKusKcLX19foIM+0jnlVg
qigMn0RVtXKckWfSVa0rA5I+XFpRwjgPtqAIbeFWYrOG6qcjamvlIB4fz2ARMYDD
clymfIzPk/HRrbgmrFvZSa/LCwLWrU6ZXchVuPKzqjtj1doBBdKT4tgrLeIlsNJE
Cx1q5bLKJAUXGpoW9yfNGWrAujF6rmMU0xhOk+SjmUQU5JZguCpX+5TsCqB43tup
wW8/BamGWijlsIJzFi0VyvtqspXL/nwfXO+hx8KitXaszduj5EulDJ9dopqJOV1p
N9VfCQ6xbWW+iTBsnkCf5bgNPSZpPa2V/CQrXM6eSmYQhnK1YMTKXmYRfCnBJtjC
rmvMV/VpWddO82NA4bq0
=7+/X
-----END PGP SIGNATURE-----
Merge tag 'dm-3.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm
Pull device-mapper fixes from Alasdair G Kergon:
"Fix reported data loss with discards and thin snapshots; avoid a
deadlock observed in dm verity; fix a race in the new dm cache code
along with some other minor bugs; store the cache policy version on
disk to make the stored hints format future-proof."
* tag 'dm-3.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm:
dm cache: policy ignore hints if generated by different version
dm cache: policy change version from string to integer set
dm cache: fix race in writethrough implementation
dm cache: metadata clear dirty bits on clean shutdown
dm cache: avoid calling policy destructor twice on error
dm cache: detect cache_create failure
dm cache: avoid 64 bit division on 32 bit
dm verity: avoid deadlock
dm thin: fix non power of two discard granularity calc
dm thin: fix discard corruption
In order to be able to safely return the layout in nfs4_proc_setattr,
we need to block new uses of the layout, wait for all outstanding
users of the layout to complete, commit the layout and then return it.
This patch adds a helper in order to do all this safely.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Boaz Harrosh <bharrosh@panasas.com>
Note that clearing NFS_INO_LAYOUTCOMMIT is tricky, since it requires
you to also clear the NFS_LSEG_LAYOUTCOMMIT bits from the layout
segments.
The only two sites that need to do this are the ones that call
pnfs_return_layout() without first doing a layout commit.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: Benny Halevy <bhalevy@tonian.com>
Cc: stable@vger.kernel.org
We need to clear the NFS_LSEG_LAYOUTCOMMIT bits atomically with the
NFS_INO_LAYOUTCOMMIT bit, otherwise we may end up with situations
where the two are out of sync.
The first half of the problem is to ensure that pnfs_layoutcommit_inode
clears the NFS_LSEG_LAYOUTCOMMIT bit through pnfs_list_write_lseg.
We still need to keep the reference to those segments until the RPC call
is finished, so in order to make it clear _where_ those references come
from, we add a helper pnfs_list_write_lseg_done() that cleans up after
pnfs_list_write_lseg.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: Benny Halevy <bhalevy@tonian.com>
Cc: stable@vger.kernel.org
when pnfs block using device mapper,if umounting later,it maybe
cause oops. we apply "1 + sizeof(bl_umount_request)" memory for
msg->data, the memory maybe overflow when we do "memcpy(&dataptr
[sizeof(bl_msg)], &bl_umount_request, sizeof(bl_umount_request))",
because the size of bl_msg is more than 1 byte.
Signed-off-by: fanchaoting<fanchaoting@cn.fujitsu.com>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Some firmware exhibits a bug where the same VariableName and
VendorGuid values are returned on multiple invocations of
GetNextVariableName(). See,
https://bugzilla.kernel.org/show_bug.cgi?id=47631
As a consequence of such a bug, Andre reports hitting the following
WARN_ON() in the sysfs code after updating the BIOS on his, "Gigabyte
Technology Co., Ltd. To be filled by O.E.M./Z77X-UD3H, BIOS F19e
11/21/2012)" machine,
[ 0.581554] EFI Variables Facility v0.08 2004-May-17
[ 0.584914] ------------[ cut here ]------------
[ 0.585639] WARNING: at /home/andre/linux/fs/sysfs/dir.c:536 sysfs_add_one+0xd4/0x100()
[ 0.586381] Hardware name: To be filled by O.E.M.
[ 0.587123] sysfs: cannot create duplicate filename '/firmware/efi/vars/SbAslBufferPtrVar-01f33c25-764d-43ea-aeea-6b5a41f3f3e8'
[ 0.588694] Modules linked in:
[ 0.589484] Pid: 1, comm: swapper/0 Not tainted 3.8.0+ #7
[ 0.590280] Call Trace:
[ 0.591066] [<ffffffff81208954>] ? sysfs_add_one+0xd4/0x100
[ 0.591861] [<ffffffff810587bf>] warn_slowpath_common+0x7f/0xc0
[ 0.592650] [<ffffffff810588bc>] warn_slowpath_fmt+0x4c/0x50
[ 0.593429] [<ffffffff8134dd85>] ? strlcat+0x65/0x80
[ 0.594203] [<ffffffff81208954>] sysfs_add_one+0xd4/0x100
[ 0.594979] [<ffffffff81208b78>] create_dir+0x78/0xd0
[ 0.595753] [<ffffffff81208ec6>] sysfs_create_dir+0x86/0xe0
[ 0.596532] [<ffffffff81347e4c>] kobject_add_internal+0x9c/0x220
[ 0.597310] [<ffffffff81348307>] kobject_init_and_add+0x67/0x90
[ 0.598083] [<ffffffff81584a71>] ? efivar_create_sysfs_entry+0x61/0x1c0
[ 0.598859] [<ffffffff81584b2b>] efivar_create_sysfs_entry+0x11b/0x1c0
[ 0.599631] [<ffffffff8158517e>] register_efivars+0xde/0x420
[ 0.600395] [<ffffffff81d430a7>] ? edd_init+0x2f5/0x2f5
[ 0.601150] [<ffffffff81d4315f>] efivars_init+0xb8/0x104
[ 0.601903] [<ffffffff8100215a>] do_one_initcall+0x12a/0x180
[ 0.602659] [<ffffffff81d05d80>] kernel_init_freeable+0x13e/0x1c6
[ 0.603418] [<ffffffff81d05586>] ? loglevel+0x31/0x31
[ 0.604183] [<ffffffff816a6530>] ? rest_init+0x80/0x80
[ 0.604936] [<ffffffff816a653e>] kernel_init+0xe/0xf0
[ 0.605681] [<ffffffff816ce7ec>] ret_from_fork+0x7c/0xb0
[ 0.606414] [<ffffffff816a6530>] ? rest_init+0x80/0x80
[ 0.607143] ---[ end trace 1609741ab737eb29 ]---
There's not much we can do to work around and keep traversing the
variable list once we hit this firmware bug. Our only solution is to
terminate the loop because, as Lingzhu reports, some machines get
stuck when they encounter duplicate names,
> I had an IBM System x3100 M4 and x3850 X5 on which kernel would
> get stuck in infinite loop creating duplicate sysfs files because,
> for some reason, there are several duplicate boot entries in nvram
> getting GetNextVariableName into a circle of iteration (with
> period > 2).
Also disable the workqueue, as efivar_update_sysfs_entries() uses
GetNextVariableName() to figure out which variables have been created
since the last iteration. That algorithm isn't going to work if
GetNextVariableName() returns duplicates. Note that we don't disable
EFI variable creation completely on the affected machines, it's just
that any pstore dump-* files won't appear in sysfs until the next
boot.
Reported-by: Andre Heider <a.heider@gmail.com>
Reported-by: Lingzhu Xiang <lxiang@redhat.com>
Tested-by: Lingzhu Xiang <lxiang@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
It's not wise to assume VariableNameSize represents the length of
VariableName, as not all firmware updates VariableNameSize in the same
way (some don't update it at all if EFI_SUCCESS is returned). There
are even implementations out there that update VariableNameSize with
values that are both larger than the string returned in VariableName
and smaller than the buffer passed to GetNextVariableName(), which
resulted in the following bug report from Michael Schroeder,
> On HP z220 system (firmware version 1.54), some EFI variables are
> incorrectly named :
>
> ls -d /sys/firmware/efi/vars/*8be4d* | grep -v -- -8be returns
> /sys/firmware/efi/vars/dbxDefault-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
> /sys/firmware/efi/vars/KEKDefault-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
> /sys/firmware/efi/vars/SecureBoot-pport8be4df61-93ca-11d2-aa0d-00e098032b8c
> /sys/firmware/efi/vars/SetupMode-Information8be4df61-93ca-11d2-aa0d-00e098032b8c
The issue here is that because we blindly use VariableNameSize without
verifying its value, we can potentially read garbage values from the
buffer containing VariableName if VariableNameSize is larger than the
length of VariableName.
Since VariableName is a string, we can calculate its size by searching
for the terminating NULL character.
Reported-by: Frederic Crozat <fcrozat@suse.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Michael Schroeder <mls@suse.com>
Cc: Lee, Chun-Yi <jlee@suse.com>
Cc: Lingzhu Xiang <lxiang@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
We know that with some firmware implementations writing too much data to
UEFI variables can lead to bricking machines. Recent changes attempt to
address this issue, but for some it may still be prudent to avoid
writing large amounts of data until the solution has been proven on a
wide variety of hardware.
Crash dumps or other data from pstore can potentially be a large data
source. Add a pstore_module parameter to efivars to allow disabling its
use as a backend for pstore. Also add a config option,
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE, to allow setting the default
value of this paramter to true (i.e. disabled by default).
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Add a new option, CONFIG_EFI_VARS_PSTORE, which can be set to N to
avoid using efivars as a backend to pstore, as some users may want to
compile out the code completely.
Set the default to Y to maintain backwards compatability, since this
feature has always been enabled until now.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Cc: Josh Boyer <jwboyer@redhat.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
The Kconfig symbol USB_GADGET_NET2272_DMA was renamed to USB_NET2272_DMA
in commit 193ab2a607 ("usb: gadget: allow
multiple gadgets to be built"). That commit did not convert the only
occurrence of the corresponding Kconfig macro. Convert that macro now.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Felipe Balbi <balbi@ti.com>
This reverts commit 891104ed00.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This reverts commit e763eb699b.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Daniel writes:
Bunch of fixes, all pretty high-priority
- Fix execbuf argument checking (Kees Cook)
- Optionally obfuscate kernel addresses in dumps (Kees Cook)
- Two patches from Takashi Iwai to fix DP link training regressions he's
seen.
- intel-gfx is no longer subscribers-only (well, just no longer moderated
in an annoying way for non-subscribers), update MAINTAINERS
- gm45 gmbus irq fallout fix (Jiri Kosina)
* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
drm/i915: stop using GMBUS IRQs on Gen4 chips
MAINTAINERS: intel-gfx is no longer subscribers-only
drm/i915: Use the fixed pixel clock for eDP in intel_dp_set_m_n()
Revert "drm/i915: try to train DP even harder"
drm/i915: bounds check execbuffer relocation count
drm/i915: restrict kernel address leak in debugfs
While testing the mgag200 kms driver on the HP ProLiant Gen8, a
bug was seen. Once the bootloader would load the selected kernel,
the screen would go black. At first it was assumed that the
mgag200 kms driver was hanging. But after setting up the grub
serial output, it was seen that the driver was being loaded
properly. After trying serval monitors, one finaly displayed
the message "Frequency Out of Range". By comparing the kms pll
algorithm with the previous mgag200 xorg driver pll algorithm,
discrepencies were found. Once the kms pll algorithm was
modified, the expected pll values were produced. This fix was
tested on several monitors of varying native resolutions.
Signed-off-by: Julia Lemire <jlemire@matrox.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
In case of 'if (filp->f_pos == 0 or 1)' of sysfs_readdir(),
the failure from filldir() isn't handled, and the reference counter
of the sysfs_dirent object pointed by filp->private_data will be
released without clearing filp->private_data, so use after free
bug will be triggered later.
This patch returns immeadiately under the situation for fixing the bug,
and it is reasonable to return from readdir() when filldir() fails.
Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
While readdir() is running, lseek() may set filp->f_pos as zero,
then may leave filp->private_data pointing to one sysfs_dirent
object without holding its reference counter, so the sysfs_dirent
object may be used after free in next readdir().
This patch holds inode->i_mutex to avoid the problem since
the lock is always held in readdir path.
Reported-by: Dave Jones <davej@redhat.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch (as1670) fixes a regression caused by commit
6402c796d3 (USB: EHCI: work around
silicon bug in Intel's EHCI controllers). The workaround goes through
two IAA cycles for each QH being unlinked. During the first cycle,
the QH is not added to the async_iaa list (because it isn't fully gone
from the hardware yet), which means that list will be empty.
Unfortunately, I forgot to update the IAA watchdog timer routine. It
thinks that an empty async_iaa list means the timer expiration was an
error, which isn't true any more. This problem didn't show up during
initial testing because the controllers being tested all had working
IAA interrupts. But not all controllers do, and when the watchdog
timer expires, the empty-list check prevents the second IAA cycle from
starting. As a result, URB unlinks never complete. The check needs
to be removed.
Among the symptoms of the regression are processes stuck in D wait
states and hangs during system shutdown.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Stephen Warren <swarren@wwwdotorg.org>
Reported-and-tested-by: Sven Joachim <svenjoac@gmx.de>
Reported-by: Andreas Bombe <aeb@debian.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Functions like nfs_map_uid_to_name() and nfs_map_gid_to_group() are
expected to return a string without any terminating NUL character.
Regression introduced by commit 57e62324e4
(NFS: Store the legacy idmapper result in the keyring).
Reported-by: Dave Chiluk <dave.chiluk@canonical.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Bryan Schumaker <bjschuma@netapp.com>
Cc: stable@vger.kernel.org [>=3.4]
John W. Linville says:
====================
I present to you another batch of fixes intended for the 3.9 stream...
On the bluetooth bits, Gustavo says:
"I put together 3 fixes intended for 3.9, there are support for two
new devices and a NULL dereference fix in the SCO code."
Amitkumar Karwar fixes a command queueing race in mwifiex.
Bing Zhao provides a pair of mwifiex related to cleaning-up before
a shutdown.
Felix Fietkau provides an ath9k fix for a regression caused by an
earlier calibration fix, and another ath9k fix to avoid race conditions
that unnecessarily lead to chip resets.
Jussi Kivilinna prevents and skbuff leak in rtlwifi.
Stanislaw Gruszka corrects a length paramater for a DMA buffer mapping
operation in iwlegacy.
Please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The current DSP loader code abuses snd_hda_lock_devices() for ensuring
the DSP loader not conflicting with the other normal operations. But
this trick obviously doesn't work for the PM resume since the streams
are kept opened there where snd_hda_lock_devices() returns -EBUSY.
That means we need another lock mechanism instead of abuse.
This patch provides the new lock state to azx_dev. Theoretically it's
possible that the DSP loader conflicts with the stream that has been
already assigned for another PCM. If it's running, the DSP loader
should simply fail. If not -- it's the case for PM resume --, we
should assign this stream temporarily to the DSP loader, and take it
back to the PCM after finishing DSP loading. If the PCM is operated
during the DSP loading, it should get an error, too.
Reported-and-tested-by: Dylan Reid <dgreid@chromium.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When reading the dm cache metadata from disk, ignore the policy hints
unless they were generated by the same major version number of the same
policy module.
The hints are considered to be private data belonging to the specific
module that generated them and there is no requirement for them to make
sense to different versions of the policy that generated them.
Policy modules are all required to work fine if no previous hints are
supplied (or if existing hints are lost).
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Separate dm cache policy version string into 3 unsigned numbers
corresponding to major, minor and patchlevel and store them at the end
of the on-disk metadata so we know which version of the policy generated
the hints in case a future version wants to use them differently.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
We have found a race in the optimisation used in the dm cache
writethrough implementation. Currently, dm core sends the cache target
two bios, one for the origin device and one for the cache device and
these are processed in parallel. This patch avoids the race by
changing the code back to a simpler (slower) implementation which
processes the two writes in series, one after the other, until we can
develop a complete fix for the problem.
When the cache is in writethrough mode it needs to send WRITE bios to
both the origin and cache devices.
Previously we've been implementing this by having dm core query the
cache target on every write to find out how many copies of the bio it
wants. The cache will ask for two bios if the block is in the cache,
and one otherwise.
Then main problem with this is it's racey. At the time this check is
made the bio hasn't yet been submitted and so isn't being taken into
account when quiescing a block for migration (promotion or demotion).
This means a single bio may be submitted when two were needed because
the block has since been promoted to the cache (catastrophic), or two
bios where only one is needed (harmless).
I really don't want to start entering bios into the quiescing system
(deferred_set) in the get_num_write_bios callback. Instead this patch
simplifies things; only one bio is submitted by the core, this is
first written to the origin and then the cache device in series.
Obviously this will have a latency impact.
deferred_writethrough_bios is introduced to record bios that must be
later issued to the cache device from the worker thread. This deferred
submission, after the origin bio completes, is required given that we're
in interrupt context (writethrough_endio).
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>