Commit Graph

506726 Commits

Author SHA1 Message Date
Dominique Martinet
b99baa43e5 net/9p: Initialize opts->privport as it should be.
We're currently using an uninitialized value if option privport is not set,
thus (almost) always using a privileged port.

Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-21 19:27:22 -07:00
Andrey Ryabinin
179a5bc4b8 net/9p: use memcpy() instead of snprintf() in p9_mount_tag_show()
p9_mount_tag_show() uses '%s' format string to print
non-NULL terminated chan->tag string. This leads
to out of bounds memory read, because format '%s'
implies that string is NULL-terminated.

The length of string is know here, so its simpler and safer
to use memcpy instead of snprintf().

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:43 -07:00
Kirill A. Shutemov
6250a8badb 9p: use unsigned integers for nwqid/count
As specification says, all integers in messages are unsigned. Let's fix
behaviour of p9pdu_vreadf()/p9pdu_vwritef() accordingly.

Fix for p9pdu_vreadf() is critical. If server replies with Rwalk, where
nwqid > SHRT_MAX, the value will be interpreted as negative. kmalloc, in
its order, will cast the value to (very big) size_t.

It should never happen in normal situation: we never submit Twalk with
nwname > 16, but malicious or broken server can still produce
problematic Rwalk.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:42 -07:00
Kirill A. Shutemov
b642f7269b 9p: do not crash on unknown lock status code
Current 9p implementation will crash whole system if sees unknown lock
status code. It's trivial target for DOS: 9p server can produce such
code easily.

Let's fallback more gracefully: warning in dmesg + -ENOLCK.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:41 -07:00
Kirill A. Shutemov
ad80492df5 9p: fix error handling in v9fs_file_do_lock
p9_client_lock_dotl() doesn't set status if p9_client_rpc() fails.
It can lead to 'default:' case in switch below and kernel crashes.

Let's bypass the switch if p9_client_lock_dotl() fails.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:41 -07:00
Fabian Frederick
9bfc52c109 9p: remove unused variable in p9_fd_create()
p is initialized but unused.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:41 -07:00
Fabian Frederick
e8782e2fbc 9p: kerneldoc warning fixes
options argument was removed from v9fs_session_info in commit 4b53e4b500
("9p: remove unnecessary v9fses->options which duplicates the mount string")

iov and nr_segs were removed from v9fs_direct_IO
in commit d8d3d94b80
("pass iov_iter to ->direct_IO()")

Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Ron Minnich <rminnich@sandia.gov>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Cc: v9fs-developer@lists.sourceforge.net
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2015-03-20 07:34:41 -07:00
Linus Torvalds
b314acaccd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
 "An update to Synaptics driver that makes it usable with the 2015
  lineup from Lenovo"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Revert "Input: synaptics - use dmax in input_mt_assign_slots"
  Input: synaptics - remove X250 from the topbuttonpad list
  Input: synaptics - remove X1 Carbon 3rd gen from the topbuttonpad list
  Input: synaptics - re-route tracksticks buttons on the Lenovo 2015 series
  Input: synaptics - remove TOPBUTTONPAD property for Lenovos 2015
  Input: synaptics - retrieve the extended capabilities in query $10
  Input: synaptics - do not retrieve the board id on old firmwares
  Input: synaptics - handle spurious release of trackstick buttons
  Input: synaptics - fix middle button on Lenovo 2015 products
  Input: synaptics - skip quirks when post-2013 dimensions
  Input: synaptics - support min/max board id in min_max_pnpid_table
  Input: synaptics - remove obsolete min/max quirk for X240
  Input: synaptics - query min dimensions for fw v8.1
  Input: synaptics - log queried and quirked dimension values
  Input: synaptics - split synaptics_resolution(), query first
2015-03-19 16:43:10 -07:00
Linus Torvalds
1e744c938d Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse fixes from Miklos Szeredi:
 "This fixes bugs in zero-copy splice to the fuse device"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: explicitly set /dev/fuse file's private_data
  fuse: set stolen page uptodate
  fuse: notify: don't move pages
2015-03-19 16:36:24 -07:00
Linus Torvalds
e409ac3550 Merge branch 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
 "This fixes minor issues with the multi-layer update in v4.0"

* 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  ovl: upper fs should not be R/O
  ovl: check lowerdir amount for non-upper mount
  ovl: print error message for invalid mount options
2015-03-19 16:27:36 -07:00
Linus Torvalds
32dafb94a6 MMC core:
- Fix error path in mmc_pwrseq_simple_alloc()
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVCqfTAAoJEP4mhCVzWIwpasUQANVHYNWEHhlo8pnu+29VT/R8
 tpNvu2AaHdTiD82C81X6cJeBGegNmzcddZLyK/Q+9aEAyNeKhe/McR+tHiiiaZSQ
 Ty2shtF27za5Ouu2Lr1hElDi1zkk6WHz5rzGFuBE+jLPiQmObrdKKJerUoZBYL2Z
 cQrXJzgVpTkeXMydS+JUjxES5qeeQZWQmxsEf3cmQamkEQirLA4kf7FMDL8R665g
 oA8j1LIPyzPgoXOVjCfTAANomsANszB2ib3CtjrM4gTqzKvQ0aNer61LM44khTBn
 5d2Zu8muGtsFlGaSPjyKrnV2H96bEszJtPFa6ym7P94slyqO/Bx3hXDiH2PvjKmP
 /IoXdcNONuQ+1L4x0dc6WTxHBMXdrl512yC8qxf2mAn3t60wHAfq9KP9urLwrZgx
 ZWRv3kSYh2Y3jJX7E+eQqrdY+lE0urI33ld+P0RZPp29Zzud1UUzXS4s/pCFYDg+
 roNuhR2JW2ytYutZp3dhn7bswZTNDTLx2fvu/xPKrt0U+Ozh7vZTTqMDlEjHLNlG
 iMIChqdiGpM2E0KoO15OalG/sCo1XAwZN/Qze/h1PsbBXKn1G0XApjce7MO60Knj
 LHAwway5W83bVCHQIQonPg0aN53QyvDstkvXH1UWBrRZUw6t5AIO7YRCYT7KUWkB
 8GBzbQ+QLVuY8UtjiAg5
 =Q3/F
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v4.0-rc4' of git://git.linaro.org/people/ulf.hansson/mmc

Pull MMC fix from Ulf Hansson:
 "MMC core: fix error path in mmc_pwrseq_simple_alloc()"

* tag 'mmc-v4.0-rc4' of git://git.linaro.org/people/ulf.hansson/mmc:
  mmc: pwrseq_simple: fix error path in mmc_pwrseq_simple_alloc
2015-03-19 16:18:30 -07:00
Linus Torvalds
01d62ee520 A set of pin control fixes for the v4.0 release cycle:
- Fix up consumer return values on pin control stubs.
 - Four patches fixing up the interrupt handling and
   sleep context save in the Baytrail driver.
 - Make default output directions work properly in the
   Cherryview driver.
 - Fix interrupt locking in the AT91 driver.
 - Fix setting interrupt generating lines as input in
   the sunxi driver.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVCo4HAAoJEEEQszewGV1z+HQQAMAzKL9igh3iCDR8p3tmB1sp
 ZBTgWl4NHT9MFeA1AmilVEn1JbmUDmDetTN7P/sVC8mxaJiheY8PrFbj4bwBsvzA
 JV0mlSBSj7jw8CxNM9rzSWZxRNtdpKr45siLA1SBPdni2x711SRW1H57eK73UQnQ
 PEVW9hWzXY4cHU6Q7dX67YDJuteQsu5A1QCy6hBYX4Kyyy5gT8RJs6lAvx2f5k8g
 Gsdgs60T/bTmIAiQT3FIf6VUQezW2m1PZn2fhuJeUCZWM17ej2YjVoanQUKu3Bz5
 GPvV3wt2FpbKJsum5p4FJQPRD2qPsuq4jg7Msk6QOiVWHOl/QtL30AnS6N/iQ97z
 TlblAH3ze2t182rHeI4J8d4FIX8jRfftb9DHlgBhLZFU4k0EanMvqEWN6/8yqgmy
 n5nYUB88y6rI5RRLoGAStudlRIHqpz0fFvsU6IW5aZ7wpobIv+JPtMBUbfIKdQBV
 Xj39LDJj9W5jtI7Icl2v8q7oTknnEa7rUuH/VYbptMLkXBxndWPKG2JLFwfhQ3Py
 KMZvFdLP7E2uAR89KNvqQxbQQuYOK8wx5T2nFV57wVPX6VFv/G9sKUqdS5F7iraS
 qg8aBloBN9k79mBBWyIo/XEdluYC/zuKf2KPRvH7UhXep+e9iqCSxWyXqgbgv6F9
 MtWvNLoK9kZyxymnqbmJ
 =qp0z
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v4.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 "Here is a slew of pin control fixes I've accumulated for the v4.0
  kernel.  Nothing special, just driver fixes (mainly embedded Intel it
  seems) and a misunderstanding regarding the stub functions was
  reverted:

   - Fix up consumer return values on pin control stubs.
   - Four patches fixing up the interrupt handling and sleep context
     save in the Baytrail driver.
   - Make default output directions work properly in the Cherryview
     driver.
   - Fix interrupt locking in the AT91 driver.
   - Fix setting interrupt generating lines as input in the sunxi
     driver"

* tag 'pinctrl-v4.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sun4i: GPIOs configured as irq must be set to input before reading
  pinctrl: at91: move lock/unlock_as_irq calls into request/release
  pinctrl: update direction_output function of cherryview driver
  pinctrl: baytrail: Save pin context over system sleep
  pinctrl: baytrail: Rework interrupt handling
  pinctrl: baytrail: Clear interrupt triggering from pins that are in GPIO mode
  pinctrl: baytrail: Relax GPIO request rules
  Revert "pinctrl: consumer: use correct retval for placeholder functions"
2015-03-19 15:52:28 -07:00
Linus Torvalds
18eda522c2 nios2 fixes for v4.0-rc5
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAVQkR4VWoEK+e3syCAQIDFBAAyPOv4yrZP9kZu04I6x7HAczDBo2LjE9A
 dZyVC2U6RCOga/K1As2HCZ6nujan0D19MIZBm7wjwr0MgdGbdRpYFqoVlAMTAkWG
 cajvQlOS4bPar+HugKJDsn1C6uhrFBC6Gj8oilkj2oTZWyVVgZzZtJNjQwDVd/41
 bpLBIxpnF0DBbSrAeN7DNlvb5bUVmPvAmGqYNghxmkYZqKY0hYKZNsIhuBo/3dPj
 l1oZRGEdYK/GX1sQB8F9Gk98nru13UUJ1cXFYMn4c0AWgrhwxu4jZCdYvyeO7svV
 inX+OwUYAsxZ8OTfwUtE9+VlidtquHemYfZMiGJnCIrtlBGW2oklys8Ob1WjX3NK
 5Bazjpdi96SYCkhq9wS7nYhZLghU/Kw6daNAw55kECuGTexPmvp1aU02DPIVFlnj
 hLYQKBU/dfu3VKPpmFbw2QxYJStYotGKhlObBp9LMT1DxNvKuWEZkymLUDf3+PB1
 G708afAgAUh547CafIFeBeuuba1eVFwPhhPEKj0mwBoxdpwKnv9FaOAZaI4ekq5w
 xNz6NtTDpUNdZoYn+nt+TCmd9Cip6JB0u45Qn2kGzzR3UuWpscwlogXpFg5b5nvh
 BCq/7iyrrFh7aoyvl/KGXkoYSJGVDH2ZSTb8uMoSFGJSb3vHYs1+AlPbaOxrZdbI
 BA5eS0Q9Rlg=
 =kGbT
 -----END PGP SIGNATURE-----

Merge tag 'nios2-fixes-v4.0-rc5' of git://git.rocketboards.org/linux-socfpga-next

Pull two arch/nios2 fixes from Ley Foon Tan:
 - Remove ucontext.h from exported arch headers
 - nios2: mm: do not invoke OOM killer on kernel fault OOM

* tag 'nios2-fixes-v4.0-rc5' of git://git.rocketboards.org/linux-socfpga-next:
  nios2: mm: do not invoke OOM killer on kernel fault OOM
  nios2: Remove ucontext.h from exported arch headers
2015-03-19 15:24:28 -07:00
Linus Torvalds
a93fc153b1 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
Pull IDE fix from David Miller:
 "Just one fix to convert a by-hand conversion of jiffies to msecs, from
  Nicholas McGuire"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
  ide_tape: convert jiffies with jiffies_to_msecs
2015-03-19 13:16:49 -07:00
Linus Torvalds
22283c8260 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull sparc fixes from David Miller:

 1) Some command cases of semtimedop() not even handled due to miscoded
    comparison on sparc64.  From Rob Gardner.

 2) Due to two bugs, /proc/kcore wan't working properly on sparc.

 3) Make sure fatal traps stop all running cpus, from Dave Kleikamp.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc: Fix /proc/kcore
  sparc: semtimedop() unreachable due to comparison error
  sparc: io_64.h: Replace io function-link macros
  sparc64: fatal trap should stop all cpus
  arch: sparc: kernel: starfire.c: Remove unused function
  arch: sparc: kernel: traps_64.c: Remove some unused functions
2015-03-19 13:11:55 -07:00
Linus Torvalds
47226fe1b5 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix packet header offset calculation in _decode_session6(), from
    Hajime Tazaki.

 2) Fix route leak in error paths of xfrm_lookup(), from Huaibin Wang.

 3) Be sure to clear state properly when scans fail in iwlwifi mvm code,
    from Luciano Coelho.

 4) iwlwifi tries to stop scans that aren't actually running, also from
    Luciano Coelho.

 5) mac80211 should drop mesh frames that are not encrypted, fix from
    Bob Copeland.

 6) Add new device ID to b43 wireless driver for BCM432228 chips, from
    Rafał Miłecki.

 7) Fix accidental addition of members after variable sized array in
    struct tc_u_hnode, from WANG Cong.

 8) Don't re-enable interrupts until after we call napi_complete() in
    ibmveth and WIZnet drivers, frm Yongbae Park.

 9) Fix regression in vlan tag handling of fec driver, from Fugang Duan.

10) If a network namespace change fails during rtnl_newlink(), we don't
    unwind the device registry properly.

11) Fix two TCP regressions, from Neal Cardwell:
  - Don't allow snd_cwnd_cnt to accumulate huge values due to missing
    test in tcp_cong_avoid_ai().
  - Restore CUBIC back to advancing cwnd by 1.5x packets per RTT.

12) Fix performance regression in xne-netback involving push TX
    notifications, from David Vrabel.

13) __skb_tstamp_tx() can be called with a NULL sk pointer, do not
    dereference blindly.  From Willem de Bruijn.

14) Fix potential stack overflow in RDS protocol stack, from Arnd
    Bergmann.

15) VXLAN_VID_MASK used incorrectly in new remote checksum offload
    support of VXLAN driver.  Fix from Alexey Kodanev.

16) Fix too small netlink SKB allocation in inet_diag layer, from Eric
    Dumazet.

17) ieee80211_check_combinations() does not count interfaces correctly,
    from Andrei Otcheretianski.

18) Hardware feature determination in bxn2x driver references a piece of
    software state that actually isn't initialized yet, fix from Michal
    Schmidt.

19) inet_csk_wait_for_connect() needs a sched_annotate_sleep()
    annoation, from Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits)
  Revert "net: cx82310_eth: use common match macro"
  net/mlx4_en: Set statistics bitmap at port init
  IB/mlx4: Saturate RoCE port PMA counters in case of overflow
  net/mlx4_en: Fix off-by-one in ethtool statistics display
  IB/mlx4: Verify net device validity on port change event
  act_bpf: allow non-default TC_ACT opcodes as BPF exec outcome
  Revert "smc91x: retrieve IRQ and trigger flags in a modern way"
  inet: Clean up inet_csk_wait_for_connect() vs. might_sleep()
  ip6_tunnel: fix error code when tunnel exists
  netdevice.h: fix ndo_bridge_* comments
  bnx2x: fix encapsulation features on 57710/57711
  mac80211: ignore CSA to same channel
  nl80211: ignore HT/VHT capabilities without QoS/WMM
  mac80211: ask for ECSA IE to be considered for beacon parse CRC
  mac80211: count interfaces correctly for combination checks
  isdn: icn: use strlcpy() when parsing setup options
  rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg()
  caif: fix MSG_OOB test in caif_seqpkt_recvmsg()
  bridge: reset bridge mtu after deleting an interface
  can: kvaser_usb: Fix tx queue start/stop race conditions
  ...
2015-03-19 11:19:44 -07:00
Tom Van Braeckel
94e4fe2cab fuse: explicitly set /dev/fuse file's private_data
The misc subsystem (which is used for /dev/fuse) initializes private_data to
point to the misc device when a driver has registered a custom open file
operation, and initializes it to NULL when a custom open file operation has
*not* been provided.

This subtle quirk is confusing, to the point where kernel code registers
*empty* file open operations to have private_data point to the misc device
structure. And it leads to bugs, where the addition or removal of a custom open
file operation surprisingly changes the initial contents of a file's
private_data structure.

So to simplify things in the misc subsystem, a patch [1] has been proposed to
*always* set the private_data to point to the misc device, instead of only
doing this when a custom open file operation has been registered.

But before this patch can be applied we need to modify drivers that make the
assumption that a misc device file's private_data is initialized to NULL
because they didn't register a custom open file operation, so they don't rely
on this assumption anymore. FUSE uses private_data to store the fuse_conn and
errors out if this is not initialized to NULL at mount time.

Hence, we now set a file's private_data to NULL explicitly, to be independent
of whatever value the misc subsystem initializes it to by default.

[1] https://lkml.org/lkml/2014/12/4/939

Reported-by: Giedrius Statkevicius <giedriuswork@gmail.com>
Reported-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Tom Van Braeckel <tomvanbraeckel@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2015-03-19 15:29:22 +01:00
NeilBrown
6b7a783ebd mmc: pwrseq_simple: fix error path in mmc_pwrseq_simple_alloc
The current error-path code (when gpiod_get_index() reports
an error) can never free pwrseq->reset_gpios[0], but might
try to tree pwrseq->reset_gpios[-1], which has unfortunate
consequences.

Signed-off-by: NeilBrown <neil@brown.name>
Fixes: 934f1f4833
Acked-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
2015-03-19 11:26:35 +01:00
Nicholas Mc Guire
8421596407 ide_tape: convert jiffies with jiffies_to_msecs
Use jiffies_to_msecs for converting jiffies as it handles all of the corner
cases reliably and also helps readability. The printk format is fixed up
as jiffies_to_msecs returns unsigned int not unsigned long.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 23:25:57 -04:00
Ondrej Zary
8d006e0105 Revert "net: cx82310_eth: use common match macro"
This reverts commit 11ad714b98 because
it breaks cx82310_eth.

The custom USB_DEVICE_CLASS macro matches
bDeviceClass, bDeviceSubClass and bDeviceProtocol
but the common USB_DEVICE_AND_INTERFACE_INFO matches
bInterfaceClass, bInterfaceSubClass and bInterfaceProtocol instead, which are
not specified.

Signed-off-by: Ondrej Zary <linux@rainbow-software.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 22:37:38 -04:00
David S. Miller
3c08158e0e sparc: Fix /proc/kcore
/proc/kcore investigates the "System RAM" elements in /proc/iomem to
initialize it's memory tables.  Therefore we have to register them
before it tries to do so.  kcore uses device_initcall() so let's
use arch_initcall() for the registry.

Also we need ARCH_PROC_KCORE_TEXT to get the virtual addresses of
the kernel image correct.

Reported-by: David Ahern <david.ahern@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 19:15:28 -07:00
David S. Miller
2fc800f2c5 Merge branch 'mlx4-net'
Or Gerlitz says:

====================
mlx4 driver fixes for 4.0-rc

Just few small fixes for the 4.0 rc cycle.

The fix from Moni addresses an issue from 4.0-rc1 so we
just need it for net.

Eran's fix for off-by-one should go to 3.19.y too.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 15:17:17 -04:00
Eran Ben Elisha
39de961a4a net/mlx4_en: Set statistics bitmap at port init
Port statistics bitmap will now be initialized at port init.  Even before
starting the port, statistics are visible to the user and must be properly masked.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 15:17:11 -04:00
Majd Dibbiny
61a3855bb7 IB/mlx4: Saturate RoCE port PMA counters in case of overflow
For RoCE ports, we set the u32 PMA values based on u64 HCA counters. In case of
overflow, according to the IB spec, we have to saturate a counter to its
max value, do that.

Fixes: c37791349c ('IB/mlx4: Support PMA counters for IBoE')
Signed-off-by: Majd Dibbiny <majd@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 15:17:11 -04:00
Eran Ben Elisha
a16f356570 net/mlx4_en: Fix off-by-one in ethtool statistics display
NUM_PORT_STATS was 9 instead of 10, which caused off-by-one bug when
displaying the statistics starting from tx_chksum_offload in ethtool.

Fixes: f8c6455bb0 ('net/mlx4_en: Extend checksum offloading by CHECKSUM COMPLETE')
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 15:17:11 -04:00
Moni Shoua
217e8b16a4 IB/mlx4: Verify net device validity on port change event
Processing an event is done in a different context from the one when
the event was dispatched. This requires a check that the slave
net device is still valid when the event is being processed. The check is done
under the iboe lock which ensure correctness.

Fixes: a575009030 ('IB/mlx4: Add port aggregation support')
Signed-off-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-18 15:17:11 -04:00
Linus Torvalds
7b09ac704b sound fixes for 4.0-rc5
This is a collection of many small fixes.  Most of fixes are for ASoC
 drivers, including the fixes of wrong field usages for boolean kctls.
 
 In addition, there is a fix in ASoC core for adding proper locks for
 component lists, and a fix for a HD-audio regression by the previous
 mono channel fix.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJVCVzYAAoJEGwxgFQ9KSmkcVIP/2stUj7XZVBpRLS+W8DychdN
 Ra64zZdavivSr4JarcE/SDYZtNKjymfFSQKLZDgBaGe+L5/9QZ4vdN4ase1Ng6C5
 mpyDZBlwD7E+Q0aLbs9JJetdWW4z52zjhAjcOdAGb+EQl/0J2tBpjjeDl7cLADdm
 hgS5v/YP8dSlSYEs1Z/pS1eyVK14g/ISfmEv6jiYWOWSud2X+bLoFfvtWO3ZiWKw
 Tno4uXVL8u8F3QmyXlNV0Om1GObOJS6kLqn8aswb/6i2CkfXLP0rsU8L4SexTM1X
 3WYczOzATLZEbxlqi+Jq2Q5WhQh9JJufG69qSOxuiRdnNzJ+sdNRBg1jurASs+a+
 elHcfp5f5/Ty7oh4iSUqtcZRrLQRHpiabfI3W+nJFFoI1XrfL9vPegP3MHViRhsB
 6hehNK3WujeZTKnQmQhUZcgs3WIn4VEr4dGOPeH9hCfXOycLQnqpA51YVUnBegV9
 hIhmA9So7Rkt2/tUoXuENG0sLX2QQFvEsoEctdi1GOmWhoOchShwrWj0XJZ5GX4+
 fnwUzNFz7qBIAzdMY+b7jYh9Lfdl7sj01D5x7NJotCE+Mh67ReA1M1RJKp/EKj6d
 bM6gm6b6vqd9rnAVdejONav+6r6/74kkra5RvdOnUIAAkyfWE9lPfY1p3UsKp8sm
 n/w7cG7bsuHs1auJQSdL
 =CDXF
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This is a collection of many small fixes.  Most of fixes are for ASoC
  drivers, including the fixes of wrong field usages for boolean kctls.

  In addition, there is a fix in ASoC core for adding proper locks for
  component lists, and a fix for a HD-audio regression by the previous
  mono channel fix"

* tag 'sound-4.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (24 commits)
  ALSA: hda - Treat stereo-to-mono mix properly
  ASoC: wm9713: Fix wrong value references for boolean kctl
  ASoC: wm9712: Fix wrong value references for boolean kctl
  ASoC: wm8960: Fix wrong value references for boolean kctl
  ASoC: wm8955: Fix wrong value references for boolean kctl
  ASoC: wm8904: Fix wrong value references for boolean kctl
  ASoC: wm8903: Fix wrong value references for boolean kctl
  ASoC: wm8731: Fix wrong value references for boolean kctl
  ASoC: wm2000: Fix wrong value references for boolean kctl
  ASoC: tas5086: Fix wrong value references for boolean kctl
  ASoC: pcm1681: Fix wrong value references for boolean kctl
  ASoC: es8238: Fix wrong value references for boolean kctl
  ASoC: cs4271: Fix wrong value references for boolean kctl
  ASoC: ak4641: Fix wrong value references for boolean kctl
  ASoC: adav80x: Fix wrong value references for boolean kctl
  ASoC: Fix component lists locking
  ASoC: Intel: remove conflicts when load/unload multiple firmware images
  ASoC: rt286: Change the DMI mapping for Dino
  ASoC: sgtl5000: remove useless register write clearing CHRGPUMP_POWERUP
  ASoC: fsl_ssi: Don't try to round-up for PM divisor calculation
  ...
2015-03-18 11:17:03 -07:00
Linus Torvalds
ec3fbff030 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "Fix a bug in the ARM XTS implementation that can cause failures in
  decrypting encrypted disks, and fix is a memory overwrite bug that can
  cause a crash which can be triggered from userspace"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: aesni - fix memory usage in GCM decryption
  crypto: arm/aes update NEON AES module to latest OpenSSL version
2015-03-18 11:10:41 -07:00
Linus Torvalds
da11508eb0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull livepatching fix from Jiri Kosina:

 - fix for potential race with module loading, from Petr Mladek.

   The race is very unlikely to be seen in real world and has been found
   by code inspection, but should be fixed for 4.0 anyway.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
  livepatch: Fix subtle race with coming and going modules
2015-03-18 10:46:39 -07:00
Linus Torvalds
e63c733d03 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:

 - fixes for pen pen proximity / touch events in wacom driver, from Ping
   Cheng and Benjamin Tissoires

 - two new device-specific quirks from Oliver Neukum and Forest
   Wilkinson

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: wacom: check for wacom->shared before following the pointer
  HID: tivo: enable all buttons on the TiVo Slide Pro remote
  HID: add ALWAYS_POLL quirk for a Logitech 0xc007
  HID: wacom: rely on actual touch down count to decide touch_down
  HID: wacom: do not send pen events before touch is up/forced out
2015-03-18 10:42:19 -07:00
Hans de Goede
ef6d24cc7f pinctrl: sun4i: GPIOs configured as irq must be set to input before reading
On sun4i-a10, when GPIOs are configured as external interrupt the value for
them in the data register does not seem to get updated, so set their mux to
input (and restore afterwards) when reading the pin.

Missed edges seem to be buffered, so this does not introduce a race
condition.

I've also tested this on sun5i-a13 and sun7i-a20 and those do not seem to
be affected, the input value representation in the data register does seem
to correctly get updated to the actual pin value while in irq mode there.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-03-18 10:56:46 +01:00
hujianyang
71cbad7e69 ovl: upper fs should not be R/O
After importing multi-lower layer support, users could mount a r/o
partition as the left most lowerdir instead of using it as upperdir.
And a r/o upperdir may cause an error like

	overlayfs: failed to create directory ./workdir/work

during mount.

This patch check the *s_flags* of upper fs and return an error if
it is a r/o partition. The checking of *upper_mnt->mnt_sb->s_flags*
can be removed now.

This patch also remove

	/* FIXME: workdir is not needed for a R/O mount */

from ovl_fill_super() because:

1) for upper fs r/o case
Setting a r/o partition as upper is prevented, no need to care about
workdir in this case.

2) for "mount overlay -o ro" with a r/w upper fs case
Users could remount overlayfs to r/w in this case, so workdir should
not be omitted.

Signed-off-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2015-03-18 10:29:48 +01:00
hujianyang
6be4506e34 ovl: check lowerdir amount for non-upper mount
Recently multi-lower layer mount support allow upperdir and workdir
to be omitted, then cause overlayfs can be mount with only one
lowerdir directory. This action make no sense and have potential risk.

This patch check the total number of lower directories to prevent
mounting overlayfs with only one directory.

Also, an error message is added to indicate lower directories exceed
OVL_MAX_STACK limit.

Signed-off-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2015-03-18 10:29:47 +01:00
hujianyang
bead55ef77 ovl: print error message for invalid mount options
Overlayfs should print an error message if an incorrect mount option
is caught like other filesystems.

After this patch, improper option input could be clearly known.

Reported-by: Fabian Sturm <fabian.sturm@aduu.de>
Signed-off-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
2015-03-18 10:29:47 +01:00
Daniel Borkmann
ced585c83b act_bpf: allow non-default TC_ACT opcodes as BPF exec outcome
Revisiting commit d23b8ad8ab ("tc: add BPF based action") with regards
to eBPF support, I was thinking that it might be better to improve
return semantics from a BPF program invoked through BPF_PROG_RUN().

Currently, in case filter_res is 0, we overwrite the default action
opcode with TC_ACT_SHOT. A default action opcode configured through tc's
m_bpf can be: TC_ACT_RECLASSIFY, TC_ACT_PIPE, TC_ACT_SHOT, TC_ACT_UNSPEC,
TC_ACT_OK.

In cls_bpf, we have the possibility to overwrite the default class
associated with the classifier in case filter_res is _not_ 0xffffffff
(-1).

That allows us to fold multiple [e]BPF programs into a single one, where
they would otherwise need to be defined as a separate classifier with
its own classid, needlessly redoing parsing work, etc.

Similarly, we could do better in act_bpf: Since above TC_ACT* opcodes
are exported to UAPI anyway, we reuse them for return-code-to-tc-opcode
mapping, where we would allow above possibilities. Thus, like in cls_bpf,
a filter_res of 0xffffffff (-1) means that the configured _default_ action
is used. Any unkown return code from the BPF program would fail in
tcf_bpf() with TC_ACT_UNSPEC.

Should we one day want to make use of TC_ACT_STOLEN or TC_ACT_QUEUED,
which both have the same semantics, we have the option to either use
that as a default action (filter_res of 0xffffffff) or non-default BPF
return code.

All that will allow us to transparently use tcf_bpf() for both BPF
flavours.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-17 22:15:06 -04:00
Boris Brezillon
bd8733738c pinctrl: at91: move lock/unlock_as_irq calls into request/release
The gpiochip_lock_as_irq call can fail and return an error,
while the irq_startup is not expected to fail (returns an
unsigned int which is not checked by irq core code).

irq_request/release_resources functions have been created
to address this problem.

Move gpiochip_lock/unlock_as_irq calls into
irq_request/release_resources functions to prevent using a
gpio as an irq if the gpiochip_lock_as_irq call failed.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2015-03-18 02:01:36 +01:00
Linus Torvalds
c58616580e Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes from all around the place:

   - a KASLR related revert where we ran out of time to get a fix - this
     represents a substantial portion of the diffstat,

   - two FPU fixes,

   - two x86 platform fixes: an ACPI reduced-hw fix and a NumaChip fix,

   - an entry code fix,

   - and a VDSO build fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  Revert "x86/mm/ASLR: Propagate base load address calculation"
  x86/fpu: Drop_fpu() should not assume that tsk equals current
  x86/fpu: Avoid math_state_restore() without used_math() in __restore_xstate_sig()
  x86/apic/numachip: Fix sibling map with NumaChip
  x86/platform, acpi: Bypass legacy PIC and PIT in ACPI hardware reduced mode
  x86/asm/entry/32: Fix user_mode() misuses
  x86/vdso: Fix the build on GCC5
2015-03-17 13:32:17 -07:00
Linus Torvalds
13326e5a62 Merge branches 'perf-urgent-for-linus' and 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf and timer fixes from Ingo Molnar:
 "Two small perf fixes:
   - kernel side context leak fix
   - tooling crash fix

  And two clocksource driver fixes"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf: Fix context leak in put_event()
  perf annotate: Fix fallback to unparsed disassembler line

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  clockevents: sun5i: Fix setup_irq init sequence
  clocksource: efm32: Fix a NULL pointer dereference
2015-03-17 13:22:29 -07:00
Benjamin Tissoires
e2c7d8877e HID: wacom: check for wacom->shared before following the pointer
486b908 (HID: wacom: do not send pen events before touch is up/forced out)
introduces a kernel oops when plugging a tablet without touch.

wacom->shared is null for these devices so this leads to a null pointer
exception.

Change the condition to make it clear that what we need is wacom->shared
not NULL.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2015-03-17 20:59:55 +01:00
Robert Jarzmik
8d7d9cca43 Revert "smc91x: retrieve IRQ and trigger flags in a modern way"
The commit breaks the legacy platforms, ie. these not using device-tree,
and setting up the interrupt resources with a flag to activate edge
detection. The issue was found on the zylonite platform.

The reason is that zylonite uses platform resources to pass the interrupt number
and the irq flags (here IORESOURCE_IRQ_HIGHEDGE). It expects the driver to
request the irq with these flags, which in turn setups the irq as high edge
triggered.

After the patch, this was supposed to be taken care of with :
  irq_resflags = irqd_get_trigger_type(irq_get_irq_data(ndev->irq));

But irq_resflags is 0 for legacy platforms, while for example in
arch/arm/mach-pxa/zylonite.c, in struct resource smc91x_resources[] the
irq flag is specified. This breaks zylonite because the interrupt is not
setup as triggered, and hardware doesn't provide interrupts.

Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-17 15:04:57 -04:00
Eric Dumazet
cb7cf8a33f inet: Clean up inet_csk_wait_for_connect() vs. might_sleep()
I got the following trace with current net-next kernel :

[14723.885290] WARNING: CPU: 26 PID: 22658 at kernel/sched/core.c:7285 __might_sleep+0x89/0xa0()
[14723.885325] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff810e8734>] prepare_to_wait_exclusive+0x34/0xa0
[14723.885355] CPU: 26 PID: 22658 Comm: netserver Not tainted 4.0.0-dbg-DEV #1379
[14723.885359]  ffffffff81a223a8 ffff881fae9e7ca8 ffffffff81650b5d 0000000000000001
[14723.885364]  ffff881fae9e7cf8 ffff881fae9e7ce8 ffffffff810a72e7 0000000000000000
[14723.885367]  ffffffff81a57620 000000000000093a 0000000000000000 ffff881fae9e7e64
[14723.885371] Call Trace:
[14723.885377]  [<ffffffff81650b5d>] dump_stack+0x4c/0x65
[14723.885382]  [<ffffffff810a72e7>] warn_slowpath_common+0x97/0xe0
[14723.885386]  [<ffffffff810a73e6>] warn_slowpath_fmt+0x46/0x50
[14723.885390]  [<ffffffff810f4c5d>] ? trace_hardirqs_on_caller+0x10d/0x1d0
[14723.885393]  [<ffffffff810e8734>] ? prepare_to_wait_exclusive+0x34/0xa0
[14723.885396]  [<ffffffff810e8734>] ? prepare_to_wait_exclusive+0x34/0xa0
[14723.885399]  [<ffffffff810ccdc9>] __might_sleep+0x89/0xa0
[14723.885403]  [<ffffffff81581846>] lock_sock_nested+0x36/0xb0
[14723.885406]  [<ffffffff815829a3>] ? release_sock+0x173/0x1c0
[14723.885411]  [<ffffffff815ea1f7>] inet_csk_accept+0x157/0x2a0
[14723.885415]  [<ffffffff810e8900>] ? abort_exclusive_wait+0xc0/0xc0
[14723.885419]  [<ffffffff8161b96d>] inet_accept+0x2d/0x150
[14723.885424]  [<ffffffff8157db6f>] SYSC_accept4+0xff/0x210
[14723.885428]  [<ffffffff8165a451>] ? retint_swapgs+0xe/0x44
[14723.885431]  [<ffffffff810f4c5d>] ? trace_hardirqs_on_caller+0x10d/0x1d0
[14723.885437]  [<ffffffff81369c0e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[14723.885441]  [<ffffffff8157ef40>] SyS_accept+0x10/0x20
[14723.885444]  [<ffffffff81659872>] system_call_fastpath+0x12/0x17
[14723.885447] ---[ end trace ff74cd83355b1873 ]---

In commit 26cabd3125
Peter added a sched_annotate_sleep() in sk_wait_event()

Is the following patch needed as well ?

Alternative would be to use sk_wait_event() from inet_csk_wait_for_connect()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-17 15:03:54 -04:00
Nicolas Dichtel
37355565ba ip6_tunnel: fix error code when tunnel exists
After commit 2b0bb01b6e, the kernel returns -ENOBUFS when user tries to add
an existing tunnel with ioctl API:
$ ip -6 tunnel add ip6tnl1 mode ip6ip6 dev eth1
add tunnel "ip6tnl0" failed: No buffer space available

It's confusing, the right error is EEXIST.

This patch also change a bit the code returned:
 - ENOBUFS -> ENOMEM
 - ENOENT -> ENODEV

Fixes: 2b0bb01b6e ("ip6_tunnel: Return an error when adding an existing tunnel.")
CC: Steffen Klassert <steffen.klassert@secunet.com>
Reported-by: Pierre Cheynier <me@pierre-cheynier.net>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-17 15:01:18 -04:00
Nicolas Dichtel
ad41faa88e netdevice.h: fix ndo_bridge_* comments
The argument 'flags' was missing in ndo_bridge_setlink().
ndo_bridge_dellink() was missing.

Fixes: 407af3299e ("bridge: Add netlink interface to configure vlans on bridge ports")
Fixes: add511b382 ("bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink")
CC: Vlad Yasevich <vyasevic@redhat.com>
CC: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-17 14:58:39 -04:00
Linus Torvalds
8e6e44fbd2 regulator: Fixes for v4.0
The two main fixes here from Javier and Doug both fix issues seen on the
 Exynos-based ARM Chromebooks with reference counting of GPIO regulators
 over system suspend.  The GPIO enable code didn't properly take account
 of this cases (a full analysis is in Doug's commit log).  This is fixed
 by both fixing the reference counting directly and by making the resume
 code skip enables it doesn't need to do.  We could skip the change in
 the resume code but it's a very simple change and adds extra robustness
 against problems in other drivers.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVCBjKAAoJECTWi3JdVIfQiA4H/2/zS+bEGIJs0yquAsmNT0as
 v1XW+K8pw8klcCUbUpBgeqwBDmhiHHJtL5AWuC68KZHLRmg4+ryRdCyUgZ51AyJ4
 4obGKxVrWpO0xM3BLeoeCc0ZSAAQzVuxplFSyFEbE14ULUKBqsVS8YKD2+FyrDRL
 0RPAdNDak2Z7HD60W6234qqGfmEW0e1NAYTuZ7sCjE4dp8+S8OeauuwT489tuGt7
 7N+BusHHnjWASW3tcitANTE8f3l3K4b5sUueolxi+ZghnrcxHcZn7LlKbVj0tpiF
 yOCjc6jiLUL5UiCZ5q5IhamKPCTpTf/9LJlsjoSmj3Ze4PXn9/rEPW3wrIUyAh4=
 =Dxlj
 -----END PGP SIGNATURE-----

Merge tag 'regulator-fix-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "The two main fixes here from Javier and Doug both fix issues seen on
  the Exynos-based ARM Chromebooks with reference counting of GPIO
  regulators over system suspend.  The GPIO enable code didn't properly
  take account of this case (a full analysis is in Doug's commit log).

  This is fixed by both fixing the reference counting directly and by
  making the resume code skip enables it doesn't need to do.  We could
  skip the change in the resume code but it's a very simple change and
  adds extra robustness against problems in other drivers"

* tag 'regulator-fix-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: tps65910: Add missing #include <linux/of.h>
  regulator: core: Fix enable GPIO reference counting
  regulator: Only enable disabled regulators on resume
2015-03-17 10:47:06 -07:00
Linus Torvalds
529d2eb679 regmap: Fixes for v4.0
A few things here:
 
  - A change from Lars to fix insertion of cache values at the start of
    rather than end of a rbtree block.  This hadn't been noticed before
    since almost everything lists registers in ascending order.
  - A fix from Takashi for spurious warnings during cache sync with read
    once registers, a problem which can be very noticeable on devices
    that it affects.
  - A fix from Valentin for a tighening of the oneshot IRQ request
    interface which would have broken affected devices.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVCAncAAoJECTWi3JdVIfQ3UwH/R94Youeta69sJvSpao38Luo
 jSj6A+zA2x2azwOTNdZ8F4vdqetoabvt8enXR0zxQnx86JP3zYFoEZcos7Bn4HRX
 E85Fn8RNLHVP0NmUdZefvSztG5A0Glf9FxEqoSfGb6r0FztYnjJ3fCEoDO8NYE8S
 xkeFvznLyPGeU39BMXuqROEUN4BNVeQ6ijIQBsP9tIpgIQA9lIzW4vSqTXvGiwLU
 UrPTYpPpVukKGwYD6UB8GQ14M3KDAmzvSTiCO7hal1NUdgtOWqObR2YALhMWBV6z
 bygbobrVGaaxmdb3maEol3h9tCxY6G+5Pcwhl0JDZdVd2McXa2oMMxQ/r1kgcxY=
 =t8iv
 -----END PGP SIGNATURE-----

Merge tag 'regmap-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

Pull regmap fixes from Mark Brown:
 "A few things here:

   - a change from Lars to fix insertion of cache values at the start of
     rather than end of a rbtree block.  This hadn't been noticed before
     since almost everything lists registers in ascending order.

   - a fix from Takashi for spurious warnings during cache sync with
     read once registers, a problem which can be very noticeable on
     devices that it affects.

   - a fix from Valentin for a tighening of the oneshot IRQ request
     interface which would have broken affected devices"

* tag 'regmap-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
  regmap: regcache-rbtree: Fix present bitmap resize
  regmap: Skip read-only registers in regcache_sync()
  regmap-irq: set IRQF_ONESHOT flag to ensure IRQ request
2015-03-17 10:41:26 -07:00
Linus Torvalds
4d272f90a7 Not entirely surprising: the ongoing QEMU work on virtio 1.0 has revealed
more minor issues with our virtio 1.0 drivers just introduced in the
 kernel.
 
 (I would normally use my fixes branch for this, but there were a batch of them...)
 
 Thanks,
 Rusty.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVB4gHAAoJENkgDmzRrbjx+BAP/0Z8TPfP5v2XQ0YlLPFpKMQ0
 DdsL9s1Se74e0RUJ6fvpVZaVgBxFq1+xi2wiSOhlOyIn0fXlO8+eYK886QX13cYO
 CUAvuwbQhGHgj+1DfQ+7pJlQe905VvHVxWIVZU1dq+PEI181kOQQE9lOHhsKsYvQ
 IxEAX3/avYALAV29FN+PvGZcmY5fgeJf58RkQb5h3XXVaBlI175HhiGm3izgqyKe
 qmZqEDuUnsdlxT5rvJnb0kg/VfRJ2MdkpIcpjpqO4DK3lY+x90LibMmnGLdLkigS
 cEfjSXPmJKNug+IoxxQuDH6zRsWqTLnwI4gU/FqbOkN12Ovt5k4F+FrFCuXD7GdW
 tCiBblkQjQ8xS+OP5slXwYKE3a4q4ih6u+9/STNlSVlG1mqZxxmK56WD00CvBpvR
 CDyTO4yHUV9rjDIhD/r8guFXsPwaaiZxKiGP1k+nnel0E9dMmZf0dE8xqHpTrl0Z
 8OAv3TgJFqhmfecFCBxj28e++dl7KvhiAGRKiZvHYkoxWZmJ5EFkw5E8FUOlJQNS
 2apGPbBEyeEQho7emzb0l9vvAu+0jJGEObxvA9wUdEcXg2kbDmGIpidZfN6xBemJ
 5WuMoGJh9UnYeImtGyXINTuQXagXdzt5bB/IkVmUYMcvsGty5lKIH1G87Q/qV4BE
 YCbKn/3J+G2TmF3+m8AH
 =8QwR
 -----END PGP SIGNATURE-----

Merge tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

Pull virtio fixes from Rusty Russell:
 "Not entirely surprising: the ongoing QEMU work on virtio 1.0 has
  revealed more minor issues with our virtio 1.0 drivers just introduced
  in the kernel.

  (I would normally use my fixes branch for this, but there were a batch
  of them...)"

* tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
  virtio_mmio: fix access width for mmio
  uapi/virtio_scsi: allow overriding CDB/SENSE size
  virtio_mmio: generation support
  virtio_rpmsg: set DRIVER_OK before using device
  9p/trans_virtio: fix hot-unplug
  virtio-balloon: do not call blocking ops when !TASK_RUNNING
  virtio_blk: fix comment for virtio 1.0
  virtio_blk: typo fix
  virtio_balloon: set DRIVER_OK before using device
  virtio_console: avoid config access from irq
  virtio_console: init work unconditionally
2015-03-17 10:36:01 -07:00
Linus Torvalds
2fc67756e3 Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Marcelo Tosatti:
 "KVM bug fixes (ARM and x86)"

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm/arm64: KVM: Keep elrsr/aisr in sync with software model
  KVM: VMX: Set msr bitmap correctly if vcpu is in guest mode
  arm/arm64: KVM: fix missing unlock on error in kvm_vgic_create()
  kvm: x86: i8259: return initialized data on invalid-size read
  arm64: KVM: Fix outdated comment about VTCR_EL2.PS
  arm64: KVM: Do not use pgd_index to index stage-2 pgd
  arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting
  kvm: move advertising of KVM_CAP_IRQFD to common code
2015-03-17 10:31:36 -07:00
Kirill A. Shutemov
ab676b7d6f pagemap: do not leak physical addresses to non-privileged userspace
As pointed by recent post[1] on exploiting DRAM physical imperfection,
/proc/PID/pagemap exposes sensitive information which can be used to do
attacks.

This disallows anybody without CAP_SYS_ADMIN to read the pagemap.

[1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

[ Eventually we might want to do anything more finegrained, but for now
  this is the simple model.   - Linus ]

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Seaborn <mseaborn@chromium.org>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-03-17 09:31:30 -07:00
Takashi Iwai
3fc6c5a1cf ASoC: Fixes for v4.0
As well as the usual collection of driver specific fixes there's a few
 more generic things:
 
  - Lots of fixes from Takashi for drivers using the wrong field in the
    control union to communicate with userspace, leading to potential
    errors on 64 bit systems.
  - A fix from Lars for locking of the lists of devices we maintain,
    mostly only likely to trigger during device probe and removal.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVCA+HAAoJECTWi3JdVIfQ6oQIAIOFlrPzKpI3C7MqrK6F+ySC
 g/JOf8XZKbStl+RdSu/RI6gL1Nc4VD7EHv5vEM2Br6KtUHQMoQYpsSiPvn1BFJBX
 EkwY3eoDiIyPqQG7cGmdIF/8NXiZgJYh13coamrkdAhBFMXfmqlbrBHo71Z6o1ic
 cg4rng3AmjyJ1NfUDsMW/KTX0F8AUTw7yYs+B4pyjfRBFVmhmzubXGXNjiW+/Tz4
 zjk9c3Qm7ZxC66dbvg5lpIakwbRtX26p7Fn+pWOewL4y81y9qruSvV6IgDZ1RO95
 DRtLsU7qyIK3G9zCw61xJNiL2QAfgOfYYgi7R6XrlS3nttIFT30oELw5ObwjSM0=
 =iSeG
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v4.0

As well as the usual collection of driver specific fixes there's a few
more generic things:

 - Lots of fixes from Takashi for drivers using the wrong field in the
   control union to communicate with userspace, leading to potential
   errors on 64 bit systems.
 - A fix from Lars for locking of the lists of devices we maintain,
   mostly only likely to trigger during device probe and removal.
2015-03-17 16:30:26 +01:00
Petr Mladek
8cb2c2dc47 livepatch: Fix subtle race with coming and going modules
There is a notifier that handles live patches for coming and going modules.
It takes klp_mutex lock to avoid races with coming and going patches but
it does not keep the lock all the time. Therefore the following races are
possible:

  1. The notifier is called sometime in STATE_MODULE_COMING. The module
     is visible by find_module() in this state all the time. It means that
     new patch can be registered and enabled even before the notifier is
     called. It might create wrong order of stacked patches, see below
     for an example.

   2. New patch could still see the module in the GOING state even after
      the notifier has been called. It will try to initialize the related
      object structures but the module could disappear at any time. There
      will stay mess in the structures. It might even cause an invalid
      memory access.

This patch solves the problem by adding a boolean variable into struct module.
The value is true after the coming and before the going handler is called.
New patches need to be applied when the value is true and they need to ignore
the module when the value is false.

Note that we need to know state of all modules on the system. The races are
related to new patches. Therefore we do not know what modules will get
patched.

Also note that we could not simply ignore going modules. The code from the
module could be called even in the GOING state until mod->exit() finishes.
If we start supporting patches with semantic changes between function
calls, we need to apply new patches to any still usable code.
See below for an example.

Finally note that the patch solves only the situation when a new patch is
registered. There are no such problems when the patch is being removed.
It does not matter who disable the patch first, whether the normal
disable_patch() or the module notifier. There is nothing to do
once the patch is disabled.

Alternative solutions:
======================

+ reject new patches when a patched module is coming or going; this is ugly

+ wait with adding new patch until the module leaves the COMING and GOING
  states; this might be dangerous and complicated; we would need to release
  kgr_lock in the middle of the patch registration to avoid a deadlock
  with the coming and going handlers; also we might need a waitqueue for
  each module which seems to be even bigger overhead than the boolean

+ stop modules from entering COMING and GOING states; wait until modules
  leave these states when they are already there; looks complicated; we would
  need to ignore the module that asked to stop the others to avoid a deadlock;
  also it is unclear what to do when two modules asked to stop others and
  both are in COMING state (situation when two new patches are applied)

+ always register/enable new patches and fix up the potential mess (registered
  patches order) in klp_module_init(); this is nasty and prone to regressions
  in the future development

+ add another MODULE_STATE where the kallsyms are visible but the module is not
  used yet; this looks too complex; the module states are checked on "many"
  locations

Example of patch stacking breakage:
===================================

The notifier could _not_ _simply_ ignore already initialized module objects.
For example, let's have three patches (P1, P2, P3) for functions a() and b()
where a() is from vmcore and b() is from a module M. Something like:

	a()	b()
P1	a1()	b1()
P2	a2()	b2()
P3	a3()	b3(3)

If you load the module M after all patches are registered and enabled.
The ftrace ops for function a() and b() has listed the functions in this
order:

	ops_a->func_stack -> list(a3,a2,a1)
	ops_b->func_stack -> list(b3,b2,b1)

, so the pointer to b3() is the first and will be used.

Then you might have the following scenario. Let's start with state when patches
P1 and P2 are registered and enabled but the module M is not loaded. Then ftrace
ops for b() does not exist. Then we get into the following race:

CPU0					CPU1

load_module(M)

  complete_formation()

  mod->state = MODULE_STATE_COMING;
  mutex_unlock(&module_mutex);

					klp_register_patch(P3);
					klp_enable_patch(P3);

					# STATE 1

  klp_module_notify(M)
    klp_module_notify_coming(P1);
    klp_module_notify_coming(P2);
    klp_module_notify_coming(P3);

					# STATE 2

The ftrace ops for a() and b() then looks:

  STATE1:

	ops_a->func_stack -> list(a3,a2,a1);
	ops_b->func_stack -> list(b3);

  STATE2:
	ops_a->func_stack -> list(a3,a2,a1);
	ops_b->func_stack -> list(b2,b1,b3);

therefore, b2() is used for the module but a3() is used for vmcore
because they were the last added.

Example of the race with going modules:
=======================================

CPU0					CPU1

delete_module()  #SYSCALL

   try_stop_module()
     mod->state = MODULE_STATE_GOING;

   mutex_unlock(&module_mutex);

					klp_register_patch()
					klp_enable_patch()

					#save place to switch universe

					b()     # from module that is going
					  a()   # from core (patched)

   mod->exit();

Note that the function b() can be called until we call mod->exit().

If we do not apply patch against b() because it is in MODULE_STATE_GOING,
it will call patched a() with modified semantic and things might get wrong.

[jpoimboe@redhat.com: use one boolean instead of two]
Signed-off-by: Petr Mladek <pmladek@suse.cz>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2015-03-17 10:31:54 +01:00