Pablo Neira [Mon, 29 Jul 2013 10:30:04 +0000 (12:30 +0200)]
genetlink: fix usage of NLM_F_EXCL or NLM_F_REPLACE
Currently, it is not possible to use neither NLM_F_EXCL nor
NLM_F_REPLACE from genetlink. This is due to this checking in
genl_family_rcv_msg:
if (nlh->nlmsg_flags & NLM_F_DUMP)
NLM_F_DUMP is NLM_F_MATCH|NLM_F_ROOT. Thus, if NLM_F_EXCL or
NLM_F_REPLACE flag is set, genetlink believes that you're
requesting a dump and it calls the .dumpit callback.
The solution that I propose is to refine this checking to
make it stricter:
if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP)
And given the combination NLM_F_REPLACE and NLM_F_EXCL does
not make sense to me, it removes the ambiguity.
There was a patch that tried to fix this some time ago (0ab03c2
netlink: test for all flags of the NLM_F_DUMP composite) but it
tried to resolve this ambiguity in *all* existing netlink subsystems,
not only genetlink. That patch was reverted since it broke iproute2,
which is using NLM_F_ROOT to request the dump of the routing cache.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Sun, 28 Jul 2013 20:04:45 +0000 (23:04 +0300)]
af_key: more info leaks in pfkey messages
This is inspired by a5cc68f3d6 "af_key: fix info leaks in notify
messages". There are some struct members which don't get initialized
and could disclose small amounts of private information.
Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
net/fec: Don't let ndo_start_xmit return NETDEV_TX_BUSY without link
Don't test for having link and let hardware deal with this situation.
Without this patch I see a machine running an -rt patched Linux being
stuck in sch_direct_xmit when it looses link while there is still a
packet to be sent. In this case the fec_enet_start_xmit routine returned
NETDEV_TX_BUSY which makes the network stack reschedule the packet and
so sch_direct_xmit calls fec_enet_start_xmit again.
I failed to reproduce a complete hang without -rt, but I think the
problem exists there, too.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
MIPS: BMIPS: fix slave CPU booting when physical CPU is not 0
The current BMIPS SMP code assumes that the slave CPU is physical and
logical CPU 1, but on some systems such as BCM3368, the slave CPU is
physical CPU0. Fix the code to read the physical CPU (thread ID) we are
running this code on, and adjust the relocation vector address based on
it. This allows bringing up the second CPU on BCM3368 for instance.
MIPS: BMIPS: do not change interrupt routing depending on boot CPU
Commit 4df715aa ("MIPS: BMIPS: support booting from physical CPU other
than 0") changed the interupt routing when we are booting from physical
CPU 0, but the settings are actually correct if we are booting from
physical CPU 0 or CPU 1. Revert that specific change.
merged in 3.11-rc1, broke the build for the powertv defconfig with
the following build error:
arch/mips/powertv/asic/asic_devices.c: In function 'platform_release_memory':
arch/mips/powertv/asic/asic_devices.c:533:7: error: passing argument 1 of
'free_reserved_area' makes pointer from integer without a cast [-Werror]
The free_reserved_area() function expects a void * pointer for the start
address and a void * pointer for the end one.
If neither BCM47XX_SSD nor BCM47XX_BCMA is selected, then no
CPU type is available leading to build problems. We fix
this problem by using MIPS32r1 as the default CPU type for
the BCM47XX platform.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Acked-by: Steven J. Hill <Steven.Hill@imgtec.com> Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/5618/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Aaro Koskinen [Thu, 25 Jul 2013 17:26:48 +0000 (20:26 +0300)]
MIPS: cavium-octeon: fix I/O space setup on non-PCI systems
Fix I/O space setup, so that on non-PCI systems using inb()/outb()
won't crash the system. Some drivers may try to probe I/O space and for
that purpose we can just allocate some normal memory initially. Drivers
trying to reserve a region will fail early as we set the size to 0. If
a real I/O space is present, the PCI/PCIe support code will re-adjust
the values accordingly.
Tested with EdgeRouter Lite by enabling CONFIG_SERIO_I8042 that caused
the originally reported crash.
Reported-by: Faidon Liambotis <paravoid@debian.org> Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Acked-by: David Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/5626/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
James Hogan [Wed, 3 Jul 2013 13:40:58 +0000 (13:40 +0000)]
MIPS: use generic-y where possible
Use generic-y and remove headers in arch/mips/include/[uapi/]asm/Kbuild
where the header just includes or is identical to the corresponding
<asm-generic/*.h>.
We can't do the same for uapi/asm/kvm_para.h because it's presence is
explicitly checked in include/uapi/linux/Kbuild to decide whether to add
kvm_para.h to header-y.
Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Tejun Heo <tj@kernel.org> Cc: Dave Jones <davej@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: David Sharp <dhsharp@google.com> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/5581/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
It wasn't until GCC 4.3 I believe that the __SIZEOF_*__ predefined macros
were added. The change below switches <uapi/asm/siginfo.h> to the
_MIPS_SZLONG macro so that compilation with e.g. GCC 4.1.2 succeeds.
This is a user API header so I think this is even more important, for
older userland support. The change adds an unsuccessful default too, to
catch any compiler configuration oddities.
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/5630/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Steven J. Hill [Wed, 3 Jul 2013 17:28:22 +0000 (17:28 +0000)]
MIPS: Fix multiple definitions of UNCAC_BASE.
Fix build error below:
arch/mips/include/asm/mach-generic/spaces.h:29:0: warning:
"UNCAC_BASE" redefined [enabled by default]
In file included from arch/mips/include/asm/addrspace.h:13:0,
from arch/mips/include/asm/barrier.h:11,
from arch/mips/include/asm/bitops.h:18,
from include/linux/bitops.h:22,
from include/linux/kernel.h:10,
from include/asm-generic/bug.h:13,
from arch/mips/include/asm/bug.h:41,
from include/linux/bug.h:4,
from include/linux/page-flags.h:9,
from kernel/bounds.c:9:
arch/mips/include/asm/mach-ar7/spaces.h:20:0: note: this is the
location of the previous definition
Signed-off-by: Steven J. Hill <Steven.Hill@imgtec.com> Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/5583/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Change wording for the cpu capabiity changed message:
If such an event occurs it only means that a cpu capability *may* have
changed. A cpu capability change event may also occur for other reasons.
Also change the severity of the message from warning to informational.
If such an event happens user space should into /proc/sysinfo and verify
if some capability values changed, if that is of interest.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
ptep_modify_prot_start uses the pgste_set helper to store the pgste,
while ptep_modify_prot_commit uses its own pointer magic to retrieve
the value again. Add the pgste_get help function to keep things
symmetrical and improve readability.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
On process exit there is no more need for the pgste information.
Skip the expensive storage key operations which should speed up
termination of KVM processes.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Improve the encoding of the different pte types and the naming of the
page, segment table and region table bits. Due to the different pte
encoding the hugetlbfs primitives need to be adapted as well. To improve
compatability with common code make the huge ptes use the encoding of
normal ptes. The conversion between the pte and pmd encoding for a huge
pte is done with set_huge_pte_at and huge_ptep_get.
Overall the code is now easier to understand.
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
s390: convert interrupt handling to use generic hardirq
With the introduction of PCI it became apparent that s390 should
convert to generic hardirqs as too many drivers do not have the
correct dependency for GENERIC_HARDIRQS. On the architecture
level s390 does not have irq lines. It has external interrupts,
I/O interrupts and adapter interrupts. This patch hard-codes all
external interrupts as irq #1, all I/O interrupts as irq #2 and
all adapter interrupts as irq #3. The additional information from
the lowcore associated with the interrupt is stored in the
pt_regs of the interrupt frame, where the interrupt handler can
pick it up. For PCI/MSI interrupts the adapter interrupt handler
scans the relevant bit fields and calls generic_handle_irq with
the virtual irq number for the MSI interrupt.
Reviewed-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Make use of the adapter interrupt helpers in the PCI code. This is
the first step to convert the MSI interrupt code to PCI domains.
The patch removes the limitation of 64 adapter interrupts per
PCI function.
Reviewed-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The PCI code is the first user of adapter interrupts vectors.
Add a set of helpers to airq.c to separate the adatper interrupt
code from the PCI bits. The helpers allow for adapter interrupt
vectors of any size.
Reviewed-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
ARC ASID allocator used asid_mm_map[ ] to find a mm corresponding to an
ASID. This would help identify an existing assignee (from a prev
allocation cycle) and force it to be marked as unallocated so that it
would know to refresh it's ASID when it's mm is switched.
Without the reverse map, it is not possible to reach out to current
assignee so we track the ASID allocations generations and on every
switch mm, refresh the ASID if it is from prev generation.
The motivation for this change is SMP ASID allocatino which wiuld have
required a multi-dimensional asid-to-mmp[ ][ ].
(1) get_new_mmu_context() moves mm->ASID to a new value ONLY if it was
from a prev allocation cycle/generation OR if mm had no ASID
allocated (as opposed to before where it would unconditionally
assign it a new ASID)
Callers desiring unconditional update of ASID, e.g.local_flush_tlb_mm()
(for parent's addess space invalidation at fork) need to first force
the parent to an unallocated ASID.
(2) get_new_mmu_context() always sets the MMU PID reg with unchanged/new
ASID value.
The gains are:
- consolidation of all asid alloc logic into get_new_mmu_context()
- avoiding code duplication in switch_mm() for PID reg setting
- Enables future change to fold activate_mm() into switch_mm()
Vineet Gupta [Mon, 17 Jun 2013 12:42:13 +0000 (18:12 +0530)]
ARC: MMUv4 preps/1 - Fold PTE K/U access flags
The current ARC VM code has 13 flags in Page Table entry: some software
(accesed/dirty/non-linear-maps) and rest hardware specific. With 8k MMU
page, we need 19 bits for addressing page frame so remaining 13 bits is
just about enough to accomodate the current flags.
In MMUv4 there are 2 additional flags, SZ (normal or super page) and WT
(cache access mode write-thru) - and additionally PFN is 20 bits (vs. 19
before for 8k). Thus these can't be held in current PTE w/o making each
entry 64bit wide.
It seems there is some scope of compressing the current PTE flags (and
freeing up a few bits). Currently PTE contains fully orthogonal distinct
access permissions for kernel and user mode (Kr, Kw, Kx; Ur, Uw, Ux)
which can be folded into one set (R, W, X). The translation of 3 PTE
bits into 6 TLB bits (when programming the MMU) can be done based on
following pre-requites/assumptions:
1. For kernel-mode-only translations (vmalloc: 0x7000_0000 to
0x7FFF_FFFF), PTE additionally has PAGE_GLOBAL flag set (and user
space entries can never be global). Thus such a PTE can translate
to Kr, Kw, Kx (as appropriate) and zero for User mode counterparts.
2. For non global entries, the PTE flags can be used to create mirrored
K and U TLB bits. This is true after commit a950549c675f2c8c504
"ARC: copy_(to|from)_user() to honor usermode-access permissions"
which ensured that user-space translations _MUST_ have same access
permissions for both U/K mode accesses so that copy_{to,from}_user()
play fair with fault based CoW break and such...
There is no such thing as free lunch - the cost is slightly infalted
TLB-Miss Handlers.
In the exception return path, for both U/K cases, intr are already
disabled (for various existing reasons). So when we drop down to
@restore_regs, we need not redo that.
There was subtle issue - when intr were NOT being disabled for
ret-to-kernel-but-no-preemption case - now fixed by moving the
IRQ_DISABLE further up in @resume_kernel_mode.
So what do we gain:
* Shaves off a few insn in return path.
* Eliminates the need for IRQ_DISABLE_SAVE assembler macro for ARCv2
hence allows for entry code sharing.
After the recent cleanups, all the exception handlers now have same
boilerplate prologue code. Move that into common macro.
This reduces readability but helps greatly with sharing / duplicating
entry code with ARCv2 ISA where the handlers are pretty much the same,
just the entry prologue is different (due to hardware assist).
Also while at it, add the missing FAKE_RET_FROM_EXCPN calls in couple of
places to drop down to pure kernel mode (from exception mode) before
jumping off into "C" code.
parisc: Fix interrupt routing for C8000 serial ports
We can't use dev->mod_index for selecting the interrupt routing entry,
because it's not an index into interrupt routing table. It will be even
wrong on a machine with 2 CPUs (4 cores). But all needed information is
contained in the PAT entries for the serial ports. mod[0] contains the
iosapic address and mod_info has some indications for the interrupt
input (at least it looks like it). This patch implements the searching
for the right iosapic and uses this interrupt input information.
Alexander Stein [Wed, 5 Jun 2013 11:42:39 +0000 (13:42 +0200)]
m68k/coldfire: flush cache when creating the signal stack frame
When the signal stack frame is created, it must be flushed in order to
make sure the cache fetches the correct data.
Without cache flush the icache might pick up old cached data from an older
signal stack frame if the signal is raised again very fast.
In case of copyback the data cache muist be pushed first, but is untested.
Signed-off-by: Alexander Stein <alexander.stein@systec-electronic.com> Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire regression fix from Stefan Richter:
"This fixes corrupted video capture, seen with IIDC/DCAM video and
certain buffer settings. (Regression since v3.4 inclusive.)"
* tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: fix libdc1394/FlyCap2 iso event regression
USB: serial: ftdi_sio: add more RT Systems ftdi devices
RT Systems makes many usb serial cables based on the ftdi_sio driver for
programming various amateur radios. This patch is a full listing of
their current product offerings and should allow these cables to all
be recognized.
Piotr Sarna [Mon, 29 Jul 2013 10:25:20 +0000 (12:25 +0200)]
staging: zcache: fix "zcache=" kernel parameter
Commit 835f2f5 ("staging: zcache: enable zcache to be built/loaded as
a module") introduced an incorrect handling of "zcache=" parameter.
Inside zcache_comp_init() function, zcache_comp_name variable is
checked for being empty. If not empty, the above variable is tested
for being compatible with Crypto API. Unfortunately, after that
function ends unconditionally (by the "goto out" directive) and returns:
- non-zero value if verification succeeded, wrongly indicating an error
- zero value if verification failed, falsely informing that function
zcache_comp_init() ended properly.
A solution to this problem is as following:
1. Move the "goto out" directive inside the "if (!ret)" statement
2. In case that crypto_has_comp() returned 0, change the value of ret
to non-zero before "goto out" to indicate an error.
This patch replaces an earlier one from Michal Hocko (based on report
from Cristian Rodriguez):
It also addressed the same issue but didn't fix the zcache_comp_init()
for case when the compressor data passed to "zcache=" option was invalid
or unsupported.
Signed-off-by: Piotr Sarna <p.sarna@partner.samsung.com>
[bzolnier: updated patch description] Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Michal Hocko <mhocko@suse.cz> Cc: stable <stable@vger.kernel.org> # 3.10 Cc: Cristian Rodriguez <crrodriguez@opensuse.org> Cc: Bob Liu <bob.liu@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since we clear QUEUE_STARTED in rt2x00queue_stop_queue(), following
call to rt2x00queue_pause_queue() reduce to noop, i.e we do not
stop queue in mac80211.
To fix that introduce rt2x00queue_pause_queue_nocheck() function,
which will stop queue in mac80211 directly.
Note that rt2x00_start_queue() explicitly set QUEUE_PAUSED bit.
Note also that reordering operations i.e. first call to
rt2x00queue_pause_queue() and then clear QUEUE_STARTED bit, will race
with rt2x00queue_unpause_queue(), so calling ieee80211_stop_queue()
directly is the only available solution to fix the problem without
major rework.
Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by: John W. Linville <linville@tuxdriver.com>
usb: chipidea: cast PORTSC_PTS and DEVLC_PTS macros
Fix the following build warnings on x86:
drivers/usb/chipidea/core.c: In function 'hw_phymode_configure':
drivers/usb/chipidea/core.c:226:3: warning: large integer implicitly truncated to unsigned type [-Woverflow]
drivers/usb/chipidea/core.c:230:3: warning: large integer implicitly truncated to unsigned type [-Woverflow]
drivers/usb/chipidea/core.c:243:3: warning: large integer implicitly truncated to unsigned type [-Woverflow]
drivers/usb/chipidea/core.c:246:3: warning: large integer implicitly truncated to unsigned type [-Woverflow]
Reported-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge tag 'fixes-for-v3.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus
Felipe writes:
usb: fixes for v3.11-rc3
Here are some fixes for v3.11-rc3. Mostly related to
the recent conversion to configfs done on the gadget
drivers, but we also have a fix for MUSB resources
on platforms which need 3 resources instead of 2, and
a fix for the sysfs_notify() call on udc-core.c which
was notifying an unexistent file.
ALSA: compress: fix the return value for SNDRV_COMPRESS_VERSION
the return value of SNDRV_COMPRESS_VERSION always return default -ENOTTY as the
return value was never updated for this call
assign return value from put_user()
Rong Wang [Sun, 28 Jul 2013 15:01:35 +0000 (23:01 +0800)]
usb: gadget: udc-core: fix the typo of udc state attribute
The name of udc state attribute file under sysfs is registered as
"state", while usb_gadget_set_state take it as "status" when it's
going to update. This patch fixes the typo.
Signed-off-by: Rong Wang <Rong.Wang@csr.com> Signed-off-by: Barry Song <Baohua.Song@csr.com> Cc: <stable@kernel.org> Signed-off-by: Felipe Balbi <balbi@ti.com>
The compatibility layer which the USBF_PHONET_INCLUDED was a part of
is no longer present - the USBF_PHONET_INCLUDED is not #defined by anyone
anymore, so the ifndef is always true. Removing it.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Acked-by: Michal Nazarewicz <mina86@mina86.com> Signed-off-by: Felipe Balbi <balbi@ti.com>
usb: gadget: multi: fix error return code in cdc_do_config()
Fix to return a negative error code from the error handling
case instead of 0, as returned elsewhere in this function.
Introduced by commit 59835a (usb: gadget: multi: use
function framework for ACM.)
Make rndis_do_config() consistent with cdc_do_config() in the way it
handles returning the PTR_ERR(f_acm_*).
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Acked-by: Michal Nazarewicz <mina86@mina86.com> Signed-off-by: Felipe Balbi <balbi@ti.com>
Amit Shah [Mon, 29 Jul 2013 04:53:21 +0000 (14:23 +0930)]
virtio: console: return -ENODEV on all read operations after unplug
If a port gets unplugged while a user is blocked on read(), -ENODEV is
returned. However, subsequent read()s returned 0, indicating there's no
host-side connection (but not indicating the device went away).
This also happened when a port was unplugged and the user didn't have
any blocking operation pending. If the user didn't monitor the SIGIO
signal, they won't have a chance to find out if the port went away.
Fix by returning -ENODEV on all read()s after the port gets unplugged.
write() already behaves this way.
CC: <stable@vger.kernel.org> Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Amit Shah [Mon, 29 Jul 2013 04:51:32 +0000 (14:21 +0930)]
virtio: console: fix raising SIGIO after port unplug
SIGIO should be sent when a port gets unplugged. It should only be sent
to prcesses that have the port opened, and have asked for SIGIO to be
delivered. We were clearing out guest_connected before calling
send_sigio_to_port(), resulting in a sigio not getting sent to
processes.
Fix by setting guest_connected to false after invoking the sigio
function.
CC: <stable@vger.kernel.org> Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Amit Shah [Mon, 29 Jul 2013 04:50:29 +0000 (14:20 +0930)]
virtio: console: clean up port data immediately at time of unplug
We used to keep the port's char device structs and the /sys entries
around till the last reference to the port was dropped. This is
actually unnecessary, and resulted in buggy behaviour:
1. Open port in guest
2. Hot-unplug port
3. Hot-plug a port with the same 'name' property as the unplugged one
This resulted in hot-plug being unsuccessful, as a port with the same
name already exists (even though it was unplugged).
This behaviour resulted in a warning message like this one:
Instead of relying on guest applications to release all references to
the ports, we should go ahead and unregister the port from all the core
layers. Any open/read calls on the port will then just return errors,
and an unplug/plug operation on the host will succeed as expected.
This also caused buggy behaviour in case of the device removal (not just
a port): when the device was removed (which means all ports on that
device are removed automatically as well), the ports with active
users would clean up only when the last references were dropped -- and
it would be too late then to be referencing char device pointers,
resulting in oopses:
Amit Shah [Mon, 29 Jul 2013 04:46:13 +0000 (14:16 +0930)]
virtio: console: fix race with port unplug and open/close
There's a window between find_port_by_devt() returning a port and us
taking a kref on the port, where the port could get unplugged. Fix it
by taking the reference in find_port_by_devt() itself.
Problem reported and analyzed by Mateusz Guzik.
CC: <stable@vger.kernel.org> Reported-by: Mateusz Guzik <mguzik@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Merge tag 'pinctrl-for-v3.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
- Driver fixes for AM33xx, SIRF and PFC pin controllers
- Fix a compile warning from the pinctrl single-register driver
- Fix a little nasty memory leak
* tag 'pinctrl-for-v3.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: fix a memleak when freeing maps
pinctrl: pinctrl-single: fix compile warning when no CONFIG_PM
pinctrl: sh-pfc: fix SDHI0 VccQ regulator on sh73a0 with DT
arm/dts: sirf: fix the pingroup name mismatch between drivers and dts
pinctrl: sirf: add usp0_uart_nostreamctrl pin group for usp-uart without flowctrl
pinctrl: sirf: fix the pin number and mux bit for usp0
pinctrl: am33xx dt binding: correct include path
Merge tag 'trace-fixes-3.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Oleg is working on fixing a very tight race between opening a event
file and deleting that event at the same time (both must be done as
root).
I also found a bug while testing Oleg's patches which has to do with a
race with kprobes using the function tracer.
There's also a deadlock fix that was introduced with the previous
fixes"
* tag 'trace-fixes-3.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Remove locking trace_types_lock from tracing_reset_all_online_cpus()
ftrace: Add check for NULL regs if ops has SAVE_REGS set
tracing: Kill trace_cpu struct/members
tracing: Change tracing_fops/snapshot_fops to rely on tracing_get_cpu()
tracing: Change tracing_entries_fops to rely on tracing_get_cpu()
tracing: Change tracing_stats_fops to rely on tracing_get_cpu()
tracing: Change tracing_buffers_fops to rely on tracing_get_cpu()
tracing: Change tracing_pipe_fops() to rely on tracing_get_cpu()
tracing: Introduce trace_create_cpu_file() and tracing_get_cpu()
projects / karo-tx-linux.git / log