This causes the ftrace internal accounting to get screwed up and
crashes ftrace, preventing the user from using the function tracer
after that.
2) if a TRACE_EVENT has a string field, and NULL is given for it.
The internal trace event code does a strlen() and strcpy() on the
source of field. If it is NULL it causes the system to oops.
This bug has been there since 2.6.31, but no TRACE_EVENT ever passed
in a NULL to the string field, until now"
* tag 'trace-fixes-v3.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftrace: Fix function graph with loading of modules
tracing: Allow events to have NULL strings
Linus Torvalds [Wed, 27 Nov 2013 02:02:46 +0000 (18:02 -0800)]
Merge branch 'for-linus-bugs' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull ceph bug-fixes from Sage Weil:
"These include a couple fixes to the new fscache code that went in
during the last cycle (which will need to go stable@ shortly as well),
a couple client-side directory fragmentation fixes, a fix for a race
in the cap release queuing path, and a couple race fixes in the
request abort and resend code.
Obviously some of this could have gone into 3.12 final, but I
preferred to overtest rather than send things in for a late -rc, and
then my travel schedule intervened"
* 'for-linus-bugs' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: allocate non-zero page to fscache in readpage()
ceph: wake up 'safe' waiters when unregistering request
ceph: cleanup aborted requests when re-sending requests.
ceph: handle race between cap reconnect and cap release
ceph: set caps count after composing cap reconnect message
ceph: queue cap release in __ceph_remove_cap()
ceph: handle frag mismatch between readdir request and reply
ceph: remove outdated frag information
ceph: hung on ceph fscache invalidate in some cases
powerpc/windfarm: Fix XServe G5 fan control Makefile issue
We are missing building windfarm_max6690_sensor.o when building
CONFIG_WINDFARM_RM31. Usually all the windfarm drivers are built
and thus this isn't a problem but some more "tailored" setups
(Gentoo ?) building only that driver are not working because
the require sensor module is missing.
Reported-by: Stanislav Ponomarev <devhexorg@gmail.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
* acpica:
ACPI: Clean up incorrect inclusions of ACPICA headers
ACPICA: Update version to 20131115.
ACPICA: Add support to delete all objects attached to the root namespace node.
ACPICA: Delete all attached data objects during namespace node deletion.
ACPICA: Resources: Fix loop termination for the get AML length function.
ACPICA: Tests: Add CHECKSUM_ABORT protection for test utilities.
ACPICA: Debug output: Do not emit function nesting level for kernel build.
Linus Torvalds [Tue, 26 Nov 2013 19:18:37 +0000 (11:18 -0800)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"Mostly bugfixes and a few small code removals. Worth pointing out is:
- A handful of more fixes to get DT enablement working properly on
OMAP, finding new breakage of things that don't work quite right
yet without the traditional board files. I expect a bit more of
this to come in this release as people test on their hardware.
- Implementation of power_down_finish() on vexpress, to make kexec
work and to stop the MCPM core to produce a warning (the warning
was new to 3.13-rc1).
- A handful of minor fixes for various platforms"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: bcm2835: add missing #xxx-cells to I2C nodes
ARM: dts: Add max77686 RTC interrupt to cros5250-common
ARM: vexpress/TC2: Implement MCPM power_down_finish()
ARM: tegra: Provide dummy powergate implementation
ARM: omap: fix warning with LPAE build
ARM: OMAP2+: Remove legacy omap4_twl6030_hsmmc_init
ARM: OMAP2+: Remove legacy mux code for display.c
ARM: OMAP2+: Fix undefined reference to set_cntfreq
gpio: twl4030: Fix passing of pdata in the device tree case
gpio: twl4030: Fix regression for twl gpio output
ARM: OMAP2+: More randconfig fixes for reconfigure_io_chain
ARM: dts: imx6qdl: disable spdif "rxtx5" clock option
ARM: dts: Fix omap2 specific dtsi files by adding the missing entries
ARM: OMAP2+: Fix GPMC and simplify bootloader timings for 8250 and smc91x
i2c: omap: Fix missing device tree flags for omap2
Linus Torvalds [Tue, 26 Nov 2013 19:16:54 +0000 (11:16 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull IMA fixes from James Morris:
"These three patches fix regressions in the IMA code in your current
tree.
The first fixes a couple of bugs in template_desc_init_fields(), and
the other two ensure that changes in this kernel don't break
userspace"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: make a copy of template_fmt in template_desc_init_fields()
ima: do not send field length to userspace for digest of ima template
ima: do not include field length in template digest calc for ima template
Linus Torvalds [Tue, 26 Nov 2013 19:15:12 +0000 (11:15 -0800)]
Merge tag 'ntb-3.13' of git://github.com/jonmason/ntb
Pull non-transparent bridge updates from Jon Mason:
"NTB driver bug fixes to address a missed call to pci_enable_msix,
NTB-RP Link Up issue, Xeon Doorbell errata workaround, ntb_transport
link down race, and correct dmaengine_get/put usage.
Also, clean-ups to remove duplicate defines and document a hardware
errata. Finally, some changes to improve performance"
* tag 'ntb-3.13' of git://github.com/jonmason/ntb:
NTB: Disable interrupts and poll under high load
NTB: Enable Snoop on Primary Side
NTB: Document HW errata
NTB: remove duplicate defines
NTB: correct dmaengine_get/put usage
NTB: Fix ntb_transport link down race
ntb: Fix missed call to pci_enable_msix()
NTB: Fix NTB-RP Link Up
NTB: Xeon Doorbell errata workaround
ftrace: Fix function graph with loading of modules
Commit 8c4f3c3fa9681 "ftrace: Check module functions being traced on reload"
fixed module loading and unloading with respect to function tracing, but
it missed the function graph tracer. If you perform the following
The above mentioned commit didn't go far enough. Well, it covered the
function tracer by adding checks in __register_ftrace_function(). The
problem is that the function graph tracer circumvents that (for a slight
efficiency gain when function graph trace is running with a function
tracer. The gain was not worth this).
The problem came with ftrace_startup() which should always be called after
__register_ftrace_function(), if you want this bug to be completely fixed.
Anyway, this solution moves __register_ftrace_function() inside of
ftrace_startup() and removes the need to call them both.
Reported-by: Dave Wysochanski <dwysocha@redhat.com> Fixes: ed926f9b35cd ("ftrace: Use counters to enable functions to trace") Cc: stable@vger.kernel.org # 3.0+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
New tracepoints have been added that have allowed for NULL pointers
being assigned to strings. To fix this, change the TRACE_EVENT() code
to check for NULL and if it is, it will assign "(null)" to it instead
(similar to what glibc printf does).
Martin Vogt [Sun, 24 Nov 2013 14:57:23 +0000 (15:57 +0100)]
i2c: i2c-diolan-u2c: different usb endpoints for DLN-2-U2C
The previous diolan adapter uses other out/in endpoints than
the current DLN-2-U2C in compatibility mode.
They changed from 0x2/0x84 to 0x3/0x83.
This patch gets the endpoints from the usb interface, instead
of hardcode them in the driver.
This was tested on a current DLN-2-U2C board.
Signed-off-by: Martin Vogt <mvogt1@gmail.com> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Takashi Iwai [Tue, 26 Nov 2013 10:58:40 +0000 (11:58 +0100)]
ALSA: hda - Drop bus->avoid_link_reset flag
Use bus->power_keep_link_on instead. The controller shouldn't go to
D3 when the link isn't reset, so essentially avoiding the link reset
means avoiding the runtime PM.
Taras Kondratiuk [Wed, 20 Nov 2013 18:23:44 +0000 (20:23 +0200)]
i2c: davinci: raw read and write endian fix
I2C IP block expect LE data, but CPU may operate in BE mode.
Need to use endian neutral functions to read/write h/w registers.
I.e instead of __raw_read[lw] and __raw_write[lw] functions code
need to use read[lw]_relaxed and write[lw]_relaxed functions.
If the first simply reads/writes register, the second will byteswap
it if host operates in BE mode.
Changes are trivial sed like replacement of __raw_xxx functions
with xxx_relaxed variant.
Stephen Warren [Tue, 26 Nov 2013 03:35:42 +0000 (20:35 -0700)]
ARM: bcm2835: add missing #xxx-cells to I2C nodes
The I2C controller node needs #address-cells and #size-cells properties,
but these are currently missing. Add them. This allows child nodes to be
parsed correctly.
Cc: stable@vger.kernel.org Signed-off-by: Stephen Warren <swarren@wwwdotorg.org> Signed-off-by: Olof Johansson <olof@lixom.net>
Mattia Dongili [Mon, 25 Nov 2013 22:43:50 +0000 (07:43 +0900)]
sony-laptop: do not scribble keyboard backlight registers on resume
Follow-up to commit 294d31e8227c ("sony-laptop: don't change keyboard
backlight settings"): avoid messing up the state on resume. Leave it to
what was before suspending as it's anyway likely that we still don't
know what value we should write to the EC registers. This fix is also
required in 3.12
Lv Zheng [Fri, 22 Nov 2013 23:27:27 +0000 (07:27 +0800)]
ACPI: Clean up incorrect inclusions of ACPICA headers
Header file <acpi/acpi.h> contains environemnt settings and architecture
specific implementation that should be included before any other ACPICA
headers in order to keep a consistent build environment for ACPICA users.
The following internal ACPICA header files should be included from
<acpi/acpi.h> and should not be included by other kernel files:
<acpi/acpiosxf.h>
<acpi/acpixf.h>
Clean up incorrect inclusions of these files from non-ACPICA source
files.
[rjw: Subject and changelog] Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Doug Anderson [Wed, 23 Oct 2013 13:11:01 +0000 (06:11 -0700)]
ARM: dts: Add max77686 RTC interrupt to cros5250-common
Without the interrupt you'll get problems if you enable
CONFIG_RTC_DRV_MAX77686. Setup the interrupt properly in the device
tree.
Signed-off-by: Doug Anderson <dianders@chromium.org> Tested-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Olof Johansson <olof@lixom.net> Cc: stable@vger.kernel.org
This patch implements the power_down_finish() method for TC2, to
enable the kernel to confirm when CPUs are safely powered down.
The information required for determining when a CPU is parked
cannot be obtained from any single place, so a few sources of
information must be combined:
* mcpm_cpu_power_down() must be pending for the CPU, so that we
don't get confused by false STANDBYWFI positives arising from
CPUidle. This is detected by waiting for the tc2_pm use count
for the target CPU to reach 0.
* Either the SPC must report that the CPU has asserted
STANDBYWFI, or the TC2 tile's reset control logic must be
holding the CPU in reset.
Just checking for STANDBYWFI is not sufficient, because this
signal is not latched when the the cluster is clamped off and
powered down: the relevant status bits just drop to zero. This
means that STANDBYWFI status cannot be used for reliable
detection of the last CPU in a cluster reaching WFI.
This patch is required in order for kexec to work with MCPM on TC2.
MCPM code was changed in commit 0de0d6467525 ('ARM: 7848/1: mcpm:
Implement cpu_kill() to synchronise on powerdown'), and since then it
will hit a WARN_ON_ONCE() due to power_down_finish not being implemented
on the TC2 platform.
Signed-off-by: Dave Martin <Dave.Martin@arm.com> Acked-by: Pawel Moll <pawel.moll@arm.com> Reviewed-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net>
Thomas Renninger [Sat, 16 Nov 2013 13:39:22 +0000 (14:39 +0100)]
tools: cpupower: fix wrong err msg not supported vs not available
idlestates in sysfs are counted from 0.
This fixes a wrong error message.
Current behavior on a machine with 4 sleep states is:
cpupower idle-set -e 4
Idlestate 4 enabled on CPU 0
-----Wrong---------------------
cpupower idle-set -e 5
Idlestate enabling not supported by kernel
-----Must and now will be -----
cpupower idle-set -e 5
Idlestate 6 not available on CPU 0
-------------------------------
cpupower idle-set -e 6
Idlestate 6 not available on CPU 0
Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Thierry Reding [Mon, 25 Nov 2013 18:49:47 +0000 (11:49 -0700)]
ARM: tegra: Provide dummy powergate implementation
In order to support increased build test coverage for drivers, implement
dummies for the powergate implementation. This will allow the drivers to
be built without requiring support for Tegra to be selected.
This patch solves the following build errors, which can be triggered in
v3.13-rc1 by selecting DRM_TEGRA without ARCH_TEGRA:
drivers/built-in.o: In function `gr3d_remove':
drivers/gpu/drm/tegra/gr3d.c:321: undefined reference to `tegra_powergate_power_off'
drivers/gpu/drm/tegra/gr3d.c:325: undefined reference to `tegra_powergate_power_off'
drivers/built-in.o: In function `gr3d_probe':
drivers/gpu/drm/tegra/gr3d.c:266: undefined reference to `tegra_powergate_sequence_power_up'
drivers/gpu/drm/tegra/gr3d.c:273: undefined reference to `tegra_powergate_sequence_power_up'
Signed-off-by: Thierry Reding <treding@nvidia.com>
[swarren, updated commit description] Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Tue, 19 Nov 2013 19:50:37 +0000 (11:50 -0800)]
Merge tag 'omap-for-v3.13/more-fixes-for-merge-window-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
From Tony Lindgren:
Few more fixes for issues found booting older omaps using device tree.
Also few randconfig build fixes and removal of some dead code for omap4
as it no longer has legacy platform data based booting support.
* tag 'omap-for-v3.13/more-fixes-for-merge-window-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP2+: Remove legacy omap4_twl6030_hsmmc_init
ARM: OMAP2+: Remove legacy mux code for display.c
ARM: OMAP2+: Fix undefined reference to set_cntfreq
gpio: twl4030: Fix passing of pdata in the device tree case
gpio: twl4030: Fix regression for twl gpio output
ARM: OMAP2+: More randconfig fixes for reconfigure_io_chain
ARM: dts: Fix omap2 specific dtsi files by adding the missing entries
ARM: OMAP2+: Fix GPMC and simplify bootloader timings for 8250 and smc91x
i2c: omap: Fix missing device tree flags for omap2
Olof Johansson [Wed, 13 Nov 2013 06:51:28 +0000 (22:51 -0800)]
ARM: omap: fix warning with LPAE build
Some omap3 code is throwing a warning:
arch/arm/mach-omap2/pm34xx.c: In function 'omap3_save_secure_ram_context':
arch/arm/mach-omap2/pm34xx.c:123:32: warning: cast to pointer from
integer of different size [-Wint-to-pointer-cast]
In reality this code will never actually execute with LPAE=y, since
Cortex-A8 doesn't support it. So downcasting the __pa() is safe in
this case.
Signed-off-by: Olof Johansson <olof@lixom.net> Acked-by: Tony Lindgren <tony@atomide.com>
Olav Haugan [Fri, 22 Nov 2013 17:30:41 +0000 (09:30 -0800)]
staging: zsmalloc: Ensure handle is never 0 on success
zsmalloc encodes a handle using the pfn and an object
index. On hardware platforms with physical memory starting
at 0x0 the pfn can be 0. This causes the encoded handle to be
0 and is incorrectly interpreted as an allocation failure.
This issue affects all current and future SoCs with physical
memory starting at 0x0. All MSM8974 SoCs which includes
Google Nexus 5 devices are affected.
To prevent this false error we ensure that the encoded handle
will not be 0 when allocation succeeds.
Merge tag 'fixes-for-3.13a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
First round of fixes for IIO in the 3.13 cycle.
The usual mixed bag of fixes.
* 3 cases where kconfig dependencies were missing. We need to keep a closer
eye on this in new drivers.
* hid_sensors was abusing the iio_dev->trigger pointer. We had a round
of clearing this out some time ago but this driver clearly slipped through.
* A misuse of the IIO_ST macro, in mcp3422, which we should really make a
concertive effort to finish removing.
* Avoid a double free introduced by recent buffer reference counting in the
one driver that (quite reasonably!) does things differently (am335x)
* A missing mutex_unlock in kxsd9 that means that driver has been non
functional for some time and no one noticed (including me who for once
actually has one of the supported devices).
* An incorrect assumption about the parameters of sign_extend32 in mcp3422.
So nothing controversial. The only substantial patch is the hid_sensors
one and that is actually just adding a new pointer to the devices private
state then moving the code over to it.
Linus Torvalds [Mon, 25 Nov 2013 20:50:08 +0000 (12:50 -0800)]
Merge tag 'regulator-v3.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A bunch of fixes, a few driver specific ones and a framework fix for
voltage enumeration on fixed voltage regulators which had previously
worked but had been misplaced during some refactoring causing problems
for users that needed to know the voltage"
* tag 'regulator-v3.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: arizona-micsupp: Correct wm5110 voltage selection
regulator: pfuze100: allow misprogrammed ID
regulator: fixed: fix regulator_list_voltage() for regression
regulator: gpio-regulator: Don't oops on missing regulator-type property
Staging: btmtk_usb: Add hdev parameter to hdev->send driver callback
drivers/staging/btmtk_usb/btmtk_usb.c: In function ‘btmtk_usb_probe’:
drivers/staging/btmtk_usb/btmtk_usb.c:1610: warning: assignment from incompatible pointer type
Roberto Sassu [Mon, 25 Nov 2013 19:18:52 +0000 (20:18 +0100)]
ima: make a copy of template_fmt in template_desc_init_fields()
This patch makes a copy of the 'template_fmt' function argument so that
the latter will not be modified by strsep(), which does the splitting by
replacing the given separator with '\0'.
Staging: go7007: fix up some remaining go->dev issues
This fixes up the remaining "dev is used before it is set" issues in the
go7007 driver that were originally caused by commit b6ea5ef80aa7fd6f4b18ff2e4174930e8772e812 but not fixed up by reverting
it due to other patches later on adding these "fixes".
Josh Boyer [Tue, 12 Nov 2013 17:15:45 +0000 (12:15 -0500)]
staging: imx-drm: Fix modular build of DRM_IMX_IPUV3
commit b8d181e408af (staging: drm/imx: add drm plane support) added a file
to the make target for DRM_IMX_IPUV3 but didn't adjust the objs required
to actually build that as a module. Kbuild got confused and this lead to
link errors like:
Additionally, it added a call to imx_drm_crtc_id which also fails with a
link error as above. To fix this, we adjust the make target with the proper
objs, which will change the name of the resulting .ko. We also add an
EXPORT_SYMBOL_GPL for imx_drm_crtc_id.
Peter Hurley [Thu, 7 Nov 2013 19:01:57 +0000 (14:01 -0500)]
n_tty: Protect minimum_to_wake reset for concurrent readers
With multiple, concurrent readers (each waiting to acquire the
atomic_read_lock mutex), a departing reader may mistakenly reset
minimum_to_wake after a new reader has already set a new value.
Protect the minimum_to_wake reset with the atomic_read_lock critical
section.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rashika Kheria [Sun, 10 Nov 2013 16:43:53 +0000 (22:13 +0530)]
Staging: zram: Fix memory leak by refcount mismatch
As suggested by Minchan Kim and Jerome Marchand "The code in reset_store
get the block device (bdget_disk()) but it does not put it (bdput()) when
it's done using it. The usage count is therefore incremented but never
decremented."
staging: vt6656: [BUG] Fix for TX USB resets from vendors driver.
This fixes resets on heavy TX data traffic.
Vendor driver
VT6656_Linux_src_v1.21.03_x86_11.04.zip
http://www.viaembedded.com/servlet/downloadSvl?id=1890&download_file_id=14704
This is GPL-licensed code.
Dan Carpenter [Thu, 7 Nov 2013 07:55:43 +0000 (10:55 +0300)]
Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd()
We fixed this to use free_netdev() instead of kfree() but unfortunately
free_netdev() doesn't accept NULL pointers. Smatch complains about
this, it's not something I discovered through testing.
Fixes: 3030d40b5036 ('staging: vt6655: use free_netdev instead of kfree') Fixes: 0a438d5b381e ('staging: vt6656: use free_netdev instead of kfree') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ian Abbott [Wed, 6 Nov 2013 20:45:59 +0000 (20:45 +0000)]
staging: comedi: s626: fix value written by s626_set_dac()
I broke `s626_set_dac()` by changing the type of the `dacdata` parameter
from `short` to `unsigned short`. It's actually designed to take a
signed value in the range -0x1fff to +0x2000 although values above
0x1fff get clamped to 0x1fff. (We could change the `maxdata` value to
0x1ffe to avoid the clamping, but `maxdata` values are usually a power
of 2 minus 1.) The bug results in all negative values passed to the
function being changed to +0x1fff by the clamp. Change the parameter
type to `int16_t` to fix the problem.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Tue, 19 Nov 2013 13:46:27 +0000 (08:46 -0500)]
tty: Reset hupped state on open
A common security idiom is to hangup the current tty (via vhangup())
after forking but before execing a root shell. This hangs up any
existing opens which other processes may have and ensures subsequent
opens have the necessary permissions to open the root shell tty/pty.
Reset the TTY_HUPPED state after the driver has successfully
returned the opened tty (perform the reset while the tty is locked
to avoid racing with concurrent hangups).
Chao Bi [Thu, 17 Oct 2013 07:08:27 +0000 (15:08 +0800)]
n_gsm: race between ld close and gsmtty open
ttyA has ld associated to n_gsm, when ttyA is closing, it triggers
to release gsmttyB's ld data dlci[B], then race would happen if gsmttyB
is opening in parallel.
Here are race cases we found recently in test:
CASE #1
====================================================================
releasing dlci[B] race with gsmtty_install(gsmttyB), then panic
in gsmtty_open(gsmttyB), as below:
gsmtty_open()
{
struct gsm_dlci *dlci = tty->driver_data; => here it uses dlci[B]
...
}
In gsmtty_open(gsmttyA), it uses dlci[B] which was release, so hit a panic.
=====================================================================
CASE #2
=====================================================================
releasing dlci[0] race with gsmtty_install(gsmttyB), then panic
in gsmtty_open(), as below:
In gsmtty_detach_dlci(dlci[B]), it tries to use dlci[0] which was released,
then hit panic.
=====================================================================
IMHO, n_gsm tty operations would refer released ldisc, as long as
gsm_dlci_release() has chance to release ldisc data when some gsmtty operations
are not completed..
This patch is try to avoid it by:
1) in n_gsm driver, use a global gsm spin lock to avoid gsm_dlci_release() run in
parallel with gsmtty_install();
2) Increase dlci's ref count in gsmtty_install() instead of in gsmtty_open(), the
purpose is to prevent gsm_dlci_release() releasing dlci after gsmtty_install()
allocats dlci but before gsmtty_open increases dlci's ref count;
3) Decrease dlci's ref count in gsmtty_remove(), which is a tty framework api, and
this is the opposite process of step 2).
Signed-off-by: Chao Bi <chao.bi@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Catalin Marinas [Thu, 21 Nov 2013 14:46:17 +0000 (14:46 +0000)]
arm64: Unmask asynchronous aborts when in kernel mode
The asynchronous aborts are generally fatal for the kernel but they can
be masked via the pstate A bit. If a system error happens while in
kernel mode, it won't be visible until returning to user space. This
patch enables this kind of abort early to help identifying the cause.
Catalin Marinas [Thu, 14 Nov 2013 15:15:37 +0000 (15:15 +0000)]
arm64: dts: Reserve the memory used for secondary CPU release address
With the spin-table SMP booting method, secondary CPUs poll a location
passed in the DT. The foundation-v8.dts file doesn't have this memory
reserved and there is a risk of Linux using it before secondary CPUs are
started.
Marc Zyngier [Tue, 12 Nov 2013 17:11:53 +0000 (17:11 +0000)]
arm64: let the core code deal with preempt_count
Commit f27dde8deef3 (sched: Add NEED_RESCHED to the preempt_count)
introduced the use of bit 31 in preempt_count for obscure scheduling
purposes.
This causes interrupts taken from EL0 to hit the (open coded) BUG when
this flag is flipped while handling the interrupt (we compare the
values before and after, and kill the kernel if they are different).
The fix is to stop messing with the preempt count entirely, as this
is already being dealt with in the generic code (irq_enter/irq_exit).
Tested on a dual A53 FPGA running cyclictest.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Peter Hurley [Fri, 22 Nov 2013 12:16:25 +0000 (07:16 -0500)]
n_tty: Fix 4096-byte canonical reads
Although the maximum allowable canonical line is specified to
be 255 bytes (MAX_CANON), the practical limit has actually been
the size of the line discipline read buffer (N_TTY_BUF_SIZE == 4096).
Commit 32f13521ca68bc624ff6effc77f308a52b038bf0,
n_tty: Line copy to user buffer in canonical mode, limited the
line copy to 4095 bytes. With a completely full line discipline
read buffer and a userspace buffer > 4095, _no_ data was copied,
and the read() syscall returned 0, indicating EOF.
Fix the interval arithmetic to compute the correct number of bytes
to copy to userspace in the range [1..4096].
Peter Hurley [Fri, 8 Nov 2013 14:42:18 +0000 (09:42 -0500)]
n_tty: Fix echo overrun tail computation
Commit cbfd0340ae1993378fd47179db949e050e16e697,
'n_tty: Process echoes in blocks', introduced an error when
consuming the echo buffer tail to prevent buffer overrun, where
the incorrect operation code byte is checked to determine how
far to advance the tail to the next echo byte.
Check the correct byte for the echo operation code byte.
Cc: <stable@vger.kernel.org> # 3.12.x : c476f65 tty: incorrect test of echo_buf() result for ECHO_OP_START Cc: <stable@vger.kernel.org> # 3.12.x Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Thu, 7 Nov 2013 18:59:46 +0000 (13:59 -0500)]
n_tty: Ensure reader restarts worker for next reader
A departing reader must restart a flush_to_ldisc() worker _before_
the next reader enters the read loop; this is to avoid the new reader
concluding no more i/o is available and prematurely exiting, when the
old reader simply hasn't re-started the worker yet.
Steve French [Mon, 25 Nov 2013 03:53:17 +0000 (21:53 -0600)]
[CIFS] Do not use btrfs refcopy ioctl for SMB2 copy offload
Change cifs.ko to using CIFS_IOCTL_COPYCHUNK instead
of BTRFS_IOC_CLONE to avoid confusion about whether
copy-on-write is required or optional for this operation.
SMB2/SMB3 copyoffload had used the BTRFS_IOC_CLONE ioctl since
they both speed up copy by offloading the copy rather than
passing many read and write requests back and forth and both have
identical syntax (passing file handles), but for SMB2/SMB3
CopyChunk the server is not required to use copy-on-write
to make a copy of the file (although some do), and Christoph
has commented that since CopyChunk does not require
copy-on-write we should not reuse BTRFS_IOC_CLONE.
This patch renames the ioctl to use a cifs specific IOCTL
CIFS_IOCTL_COPYCHUNK. This ioctl is particularly important
for SMB2/SMB3 since large file copy over the network otherwise
can be very slow, and with this is often more than 100 times
faster putting less load on server and client.
Note that if a copy syscall is ever introduced, depending on
its requirements/format it could end up using one of the other
three methods that CIFS/SMB2/SMB3 can do for copy offload,
but this method is particularly useful for file copy
and broadly supported (not just by Samba server).
Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
Roberto Sassu [Fri, 8 Nov 2013 18:21:40 +0000 (19:21 +0100)]
ima: do not send field length to userspace for digest of ima template
This patch defines a new value for the 'ima_show_type' enumerator
(IMA_SHOW_BINARY_NO_FIELD_LEN) to prevent that the field length
is transmitted through the 'binary_runtime_measurements' interface
for the digest field of the 'ima' template.
Fixes commit: 3ce1217 ima: define template fields library and new helpers
s390/mm: handle asce-type exceptions as normal page fault
Git commit 9e34f2686bb088b211b6cac8772e1f644c6180f8
"s390/mm,tlb: tlb flush on page table upgrade fixup" removed the
exception handler for the asce-type exception. This is incorrect
as the user-copy with MVCOS can cause asce-type exceptions in
the kernel if a user pointer is too large. Those need to be
handled with do_no_context to branch to the fixup in the
user-copy code.
The simplest fix for this problem is to call do_dat_exception for
asce-type excpetions, as there is no vma for the address the code
will handle the exception correctly.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
s390,time: revert direct ktime path for s390 clockevent device
Git commit 4f37a68cdaf6dea833cfdded2a3e0c47c0f006da
"s390: Use direct ktime path for s390 clockevent device" makes use
of the CLOCK_EVT_FEAT_KTIME clockevent option to avoid the delta
calculation with ktime_get() in clockevents_program_event and the
get_tod_clock() in s390_next_event. This is based on the assumption
that the difference between the internal ktime and the hardware
clock is reflected in the wall_to_monotonic delta. But this is not
true, the ntp corrections are applied via changes to the tk->mult
multiplier and this is not reflected in wall_to_monotonic.
In theory this could be solved by using the raw monotonic clock
but it is simpler to switch back to the standard clock delta
calculation.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Thu, 21 Nov 2013 15:22:17 +0000 (16:22 +0100)]
s390/uaccess: add missing page table walk range check
When translating a user space address, the address must be checked against
the ASCE limit of the process. If the address is larger than the maximum
address that is reachable with the ASCE, an ASCE type exception must be
generated.
The current code simply ignored the higher order bits. This resulted in an
address wrap around in user space instead of an exception in user space.
The prototype for static GPIO lookup functions has been updated to use
an explicit type for GPIO lookup flags. Unfortunately the definition of
of_find_gpio() when CONFIG_OF is not defined has been omitted, which
triggers a warning. This patch fixes this.
Dan Carpenter [Thu, 7 Nov 2013 07:51:34 +0000 (10:51 +0300)]
gpio: msm: make msm_gpio.summary_irq signed for error handling
There is a bug in msm_gpio_probe() where we do:
msm_gpio.summary_irq = platform_get_irq(pdev, 0);
if (msm_gpio.summary_irq < 0) {
The problem is that "msm_gpio.summary_irq" is unsigned so the error
handling doesn't work. I've fixed it by making it signed.
Fixes: 43f68444bce7 ('gpio: msm: Add device tree and irqdomain support for gpio-msm-v2') Cc: stable@vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
GPIO mapping properties were defined using the GPIOF_* flags, which are
declared in linux/gpio.h. This file is not included when using the
GPIO descriptor interface.
This patch declares the flags that can be used as GPIO mappings
properties in linux/gpio/driver.h, and uses them in gpiolib, so that no
deprecated declarations are used by the GPIO descriptor interface.
This patch also allows GPIO_OPEN_DRAIN and GPIO_OPEN_SOURCE to be
specified as GPIO mapping properties.
find_chip_by_name() was incorrectly implemented by using
gpio_lookup_list instead of gpiod_chips to iterate through all the
registered GPIO controllers. This patch reimplements it by using
gpiochip_find() with a custom search function, which simplifies the code
on top of fixing the mistake.
gpiolib now exports a new descriptor-based interface which deprecates
the older integer-based one. This patch documents this new interface and
also takes the opportunity to brush-up the GPIO documentation a little
bit.
The new descriptor-based interface follows the same consumer/driver
model as many other kernel subsystems (e.g. clock, regulator), so its
documentation has similarly been splitted into different files.
The content of the former documentation has been reused whenever it
made sense; however, some of its content did not apply to the new
interface anymore and have this been removed. Likewise, new sections
like the mapping of GPIOs to devices have been written from scratch.
The deprecated legacy-based documentation is still available, untouched,
under Documentation/gpio/gpio-legacy.txt.
Axel Lin [Thu, 31 Oct 2013 03:23:46 +0000 (11:23 +0800)]
gpio: tb10x: Set output value before setting direction to output
Signed-off-by: Axel Lin <axel.lin@ingics.com> Acked-by: Christian Ruppert <christian.ruppert@abilis.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Chen Gang [Thu, 24 Jan 2013 04:14:52 +0000 (12:14 +0800)]
arch/powerpc/kernel: Use %12.12s instead of %12s to avoid memory overflow
for tmp_part->header.name:
it is "Terminating null required only for names < 12 chars".
so need to limit the %.12s for it in printk
additional info:
%12s limit the width, not for the original string output length
if name length is more than 12, it still can be fully displayed.
if name length is less than 12, the ' ' will be filled before name.
%.12s truly limit the original string output length (precision)
Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Mon, 25 Nov 2013 00:12:20 +0000 (11:12 +1100)]
powerpc/signals: Improved mark VSX not saved with small contexts fix
In a recent patch:
commit c13f20ac48328b05cd3b8c19e31ed6c132b44b42
Author: Michael Neuling <mikey@neuling.org>
powerpc/signals: Mark VSX not saved with small contexts
We fixed an issue but an improved solution was later discussed after the patch
was merged.
Firstly, this patch doesn't handle the 64bit signals case, which could also hit
this issue (but has never been reported).
Secondly, the original patch isn't clear what MSR VSX should be set to. The
new approach below always clears the MSR VSX bit (to indicate no VSX is in the
context) and sets it only in the specific case where VSX is available (ie. when
VSX has been used and the signal context passed has space to provide the
state).
This reverts the original patch and replaces it with the improved solution. It
also adds a 64 bit version.
Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Hari Bathini [Fri, 15 Nov 2013 17:31:32 +0000 (23:01 +0530)]
powerpc/kdump: Adding symbols in vmcoreinfo to facilitate dump filtering
When CONFIG_SPARSEMEM_VMEMMAP option is used in kernel, makedumpfile fails
to filter vmcore dump as it fails to do vmemmap translations. So far
dump filtering on ppc64 never had to deal with vmemmap addresses seperately
as vmemmap regions where mapped in zone normal. But with the inclusion of
CONFIG_SPARSEMEM_VMEMMAP config option in kernel, this vmemmap address
translation support becomes necessary for dump filtering. For vmemmap adress
translation, few kernel symbols are needed by dump filtering tool. This patch
adds those symbols to vmcoreinfo, which a dump filtering tool can use for
filtering the kernel dump. Tested this changes successfully with makedumpfile
tool that supports vmemmap to physical address translation outside zone normal.
[ Removed unneeded #ifdef as suggested by Michael Ellerman --BenH ]
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Anton Blanchard [Thu, 21 Nov 2013 05:33:55 +0000 (16:33 +1100)]
powerpc: allyesconfig should not select CONFIG_CPU_LITTLE_ENDIAN
Stephen reported a failure in an allyesconfig build.
CONFIG_CPU_LITTLE_ENDIAN=y gets set but his toolchain is not
new enough to support little endian. We really want to
default to a big endian build; Ben suggested using a choice
which defaults to CPU_BIG_ENDIAN.
Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Thu, 21 Nov 2013 03:59:07 +0000 (14:59 +1100)]
powerpc: Fix error when cross building TAGS & cscope
Currently if I cross build TAGS or cscope from x86 I get this:
% make ARCH=powerpc TAGS
gcc-4.8.real: error: unrecognized command line option ‘-mbig-endian’
GEN TAGS
%
I'm not setting CROSS_COMPILE= as logically I shouldn't need to and I
haven't needed to in the past when building TAGS or cscope. Also, the
above completess correct as the error is not fatal to the build.
This was caused by:
commit d72b08017161ab385d4ae080ea415c9eb7ceef83
Author: Ian Munsie <imunsie@au1.ibm.com>
powerpc: Add ability to build little endian kernels
The below fixes this by testing for the -mbig-endian option before
adding it.
I've not done the same thing in the little endian case as if
-mlittle-endian doesn't exist, we probably want to fail quickly as you
probably have an old big endian compiler.
Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Randy Dunlap [Sat, 23 Nov 2013 02:14:38 +0000 (18:14 -0800)]
slab.h: remove duplicate kmalloc declaration and fix kernel-doc warnings
Fix kernel-doc warning for duplicate definition of 'kmalloc':
Documentation/DocBook/kernel-api.xml:9483: element refentry: validity error : ID API-kmalloc already defined
<refentry id="API-kmalloc">
Also combine the kernel-doc info from the 2 kmalloc definitions into one
block and remove the "see kcalloc" comment since kmalloc now contains the
@flags info.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Christoph Lameter <cl@linux.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
crypto/asymmetric_keys/x509_public_key.c: In function ‘x509_key_preparse’:
crypto/asymmetric_keys/x509_public_key.c:237:35: error: ‘system_trusted_keyring’ undeclared (first use in this function)
ret = x509_validate_trust(cert, system_trusted_keyring);
^
crypto/asymmetric_keys/x509_public_key.c:237:35: note: each undeclared identifier is reported only once for each function it appears in
reported by Jim Davis. Mimi says:
"I made the classic mistake of requesting this patch to be upstreamed
at the last second, rather than waiting until the next open window.
At this point, the best course would probably be to revert the two
commits and fix them for the next open window"
Reported-by: Jim Davis <jim.epost@gmail.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’
security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ w
security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used
reported by Krzysztof Kolasa. Mimi says:
"I made the classic mistake of requesting this patch to be upstreamed
at the last second, rather than waiting until the next open window.
At this point, the best course would probably be to revert the two
commits and fix them for the next open window"
Pull crypto update from Herbert Xu:
- Made x86 ablk_helper generic for ARM
- Phase out chainiv in favour of eseqiv (affects IPsec)
- Fixed aes-cbc IV corruption on s390
- Added constant-time crypto_memneq which replaces memcmp
- Fixed aes-ctr in omap-aes
- Added OMAP3 ROM RNG support
- Add PRNG support for MSM SoC's
- Add and use Job Ring API in caam
- Misc fixes
[ NOTE! This pull request was sent within the merge window, but Herbert
has some questionable email sending setup that makes him public enemy
#1 as far as gmail is concerned. So most of his emails seem to be
trapped by gmail as spam, resulting in me not seeing them. - Linus ]
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (49 commits)
crypto: s390 - Fix aes-cbc IV corruption
crypto: omap-aes - Fix CTR mode counter length
crypto: omap-sham - Add missing modalias
padata: make the sequence counter an atomic_t
crypto: caam - Modify the interface layers to use JR API's
crypto: caam - Add API's to allocate/free Job Rings
crypto: caam - Add Platform driver for Job Ring
hwrng: msm - Add PRNG support for MSM SoC's
ARM: DT: msm: Add Qualcomm's PRNG driver binding document
crypto: skcipher - Use eseqiv even on UP machines
crypto: talitos - Simplify key parsing
crypto: picoxcell - Simplify and harden key parsing
crypto: ixp4xx - Simplify and harden key parsing
crypto: authencesn - Simplify key parsing
crypto: authenc - Export key parsing helper function
crypto: mv_cesa: remove deprecated IRQF_DISABLED
hwrng: OMAP3 ROM Random Number Generator support
crypto: sha256_ssse3 - also test for BMI2
crypto: mv_cesa - Remove redundant of_match_ptr
crypto: sahara - Remove redundant of_match_ptr
...
ceph: cleanup aborted requests when re-sending requests.
Aborted requests usually get cleared when the reply is received.
If MDS crashes, no reply will be received. So we need to cleanup
aborted requests when re-sending requests.
ceph: handle race between cap reconnect and cap release
When a cap get released while composing the cap reconnect message.
We should skip queuing the release message if the cap hasn't been
added to the cap reconnect message.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com> Reviewed-by: Sage Weil <sage@inktank.com>