Felix Fietkau [Thu, 25 Oct 2012 22:31:11 +0000 (00:31 +0200)]
ath9k: fix stale pointers potentially causing access to free'd skbs
bf->bf_next is only while buffers are chained as part of an A-MPDU
in the tx queue. When a tid queue is flushed (e.g. on tearing down
an aggregation session), frames can be enqueued again as normal
transmission, without bf_next being cleared. This can lead to the
old pointer being dereferenced again later.
This patch might fix crashes and "Failed to stop TX DMA!" messages.
Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
Trond Myklebust [Tue, 23 Oct 2012 00:28:44 +0000 (20:28 -0400)]
NFSv4.1: Simplify the sequence setup
Nobody calls nfs4_setup_sequence or nfs41_setup_sequence without
also calling rpc_call_start() on success. This commit therefore
folds the rpc_call_start call into nfs41_setup_sequence().
Trond Myklebust [Mon, 15 Oct 2012 21:14:38 +0000 (17:14 -0400)]
lockd: Remove unnecessary BUG_ON()s in the xdr client code
- Offset bound checks are done in the NFS client code.
- So are filehandle size checks
- The cookie length is a constant
- The utsname()->nodename is already bounded
Trond Myklebust [Mon, 15 Oct 2012 15:51:21 +0000 (11:51 -0400)]
NFS: Remove asserts from the NFS XDR code
Convert the ones that are not trivial to check into WARN_ON_ONCE().
Remove checks for things such as NFS2_MAXPATHLEN, which are trivially
done by the caller.
Add a comment to the case of nfs3_xdr_enc_setacl3args. What is being
done there is just wrong...
Linus Torvalds [Mon, 29 Oct 2012 15:49:25 +0000 (08:49 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fixes form Sage Weil:
"There are two fixes in the messenger code, one that can trigger a NULL
dereference, and one that error in refcounting (extra put). There is
also a trivial fix that in the fs client code that is triggered by NFS
reexport."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: fix dentry reference leak in encode_fh()
libceph: avoid NULL kref_put when osd reset races with alloc_msg
rbd: reset BACKOFF if unable to re-queue
Josh Cartwright [Wed, 24 Oct 2012 20:04:07 +0000 (15:04 -0500)]
zynq: remove use of CLKDEV_LOOKUP
The Zynq support in mainline does not (yet) make use of any of the
generic clk or clk lookup functionality. Remove what is upstream for
now, until the out-of-tree implementation is in suitable form for
merging.
An important side effect of this patch is that it allows the building of
a Zynq kernel without running into unresolved symbol problems:
drivers/built-in.o: In function `amba_get_enable_pclk':
clkdev.c:(.text+0x444): undefined reference to `clk_enable'
drivers/built-in.o: In function `amba_remove':
clkdev.c:(.text+0x488): undefined reference to `clk_disable'
drivers/built-in.o: In function `amba_probe':
clkdev.c:(.text+0x540): undefined reference to `clk_disable'
drivers/built-in.o: In function `amba_device_add':
clkdev.c:(.text+0x77c): undefined reference to `clk_disable'
drivers/built-in.o: In function `enable_clock':
clkdev.c:(.text+0x29738): undefined reference to `clk_enable'
drivers/built-in.o: In function `disable_clock':
clkdev.c:(.text+0x29778): undefined reference to `clk_disable'
drivers/built-in.o: In function `__pm_clk_remove':
clkdev.c:(.text+0x297f8): undefined reference to `clk_disable'
drivers/built-in.o: In function `pm_clk_suspend':
clkdev.c:(.text+0x29bc8): undefined reference to `clk_disable'
drivers/built-in.o: In function `pm_clk_resume':
clkdev.c:(.text+0x29c28): undefined reference to `clk_enable'
make[2]: *** [vmlinux] Error 1
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2
In addition, eliminate Zynq's "use" of the versatile platform, as it is
no longer needed. As Nick Bowler points out:
For the record, I think this was introduced by commit 56a34b03ff427
("ARM: versatile: Make plat-versatile clock optional") which forgot to
select PLAT_VERSATILE_CLOCK on Zynq. This is not all that surprising,
because the fact that Zynq "uses" PLAT_VERSATILE is secretly hidden in
the Makefile.
Nevertheless, the only feature from versatile that Zynq needed was the
clock support, so this patch should *also* delete the secret use of
plat-versatile by removing this line from arch/arm/Makefile:
plat-$(CONFIG_ARCH_ZYNQ) += versatile
Signed-off-by: Josh Cartwright <josh.cartwright@ni.com> Cc: John Linn <john.linn@xilinx.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Tested-by: Michal Simek <michal.simek@xilinx.com>
m68knommu: merge ColdFire 5249 and 525x definitions
The ColdFire 5249 and 525x family of SoCs are very similar. Most of the
internals are the same, and are mapped the same. We can use a single set of
peripheral definitions for all of them.
So merge the current m5249sim.h and m525xsim.h definitions into a single
file. The 5249 is now obsolete, and the 525x parts are current, so I have
chosen to move everything into the existing m525xsim.h file.
This patch removes some code duplication by using
module_platform_driver.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@st.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Bob Liu <lliubbo@gmail.com>
Luis Alves [Thu, 25 Oct 2012 20:01:16 +0000 (21:01 +0100)]
m68knommu: disable MC68000 cpu target when MMU is selected
As pointed out by Geert, MC68000 target needs to be disabled when
MMU support is enabled.
From Geert:
This needs a "depends on !MMU".
Else allmodconfig will select it, causing -m68000 to be passed to the assembler,
which may break the build depending on your version of binutils, a.o.
arch/m68k/kernel/entry.S:186: Error: invalid instruction for this
architecture; needs 68020 or higher (68020 [68k, 68ec020], 68030
[68ec030], 68040 [68ec040], 68060 [68ec060]) -- statement `bfextu
%sp@(50){#0,#4},%d0' ignored
arch/m68k/kernel/entry.S:211: Error: invalid operand mode for this
architecture; needs 68020 or higher -- statement `jbsr
@(sys_call_table,%d0:l:4)@(0)' ignored
Kees Cook [Tue, 23 Oct 2012 20:01:43 +0000 (13:01 -0700)]
arch/unicore32: remove CONFIG_EXPERIMENTAL
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
Guan Xuetao [Thu, 14 Jun 2012 03:38:25 +0000 (11:38 +0800)]
UniCore32-bugfix: Remove definitions in asm/bug.h to solve difference between native and cross compiler
For kernel/bound.c being compiled by native compiler, it will generate following errors in gcc 4.4.3:
CC kernel/bounds.s
In file included from include/linux/bug.h:4,
from include/linux/page-flags.h:9,
from kernel/bounds.c:9:
arch/unicore32/include/asm/bug.h:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void'
arch/unicore32/include/asm/bug.h:23: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void'
So, we moved definitions in asm/bug.h to arch/unicore32/kernel/setup.h to solve the problem.
Because our PCI-bus handler confines dma zone into 128M, we should add
CONFIG_ZONE_DMA for all boards. Otherwise, all memory bigger than 128M
will be pushed into ZONE_MOVABLE.
Jean Delvare [Sun, 28 Oct 2012 20:37:01 +0000 (21:37 +0100)]
i2c-i801: Simplify dependency towards GPIOLIB
Arbitrarily selecting GPIOLIB causes trouble on some architectures,
so don't do that. Instead, just make the optional multiplexing code
depend on CONFIG_I2C_MUX_GPIO instead of CONFIG_I2C_MUX for now. We
can revisit if the i2c-i801 driver ever supports other multiplexing
flavors.
Also make that optional code depend on DMI, as it won't do anything
without that.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Fengguang Wu <fengguang.wu@intel.com>
David S. Miller [Sun, 28 Oct 2012 20:26:37 +0000 (13:26 -0700)]
qlogicpti: Fix build warning.
The build warns:
drivers/scsi/qlogicpti.c: In function 'qpti_sbus_probe':
drivers/scsi/qlogicpti.c:1316:45: warning: passing argument 1 of 'scsi_host_alloc' discards 'const' qualifier from pointer target type [enabled by default]
include/scsi/scsi_host.h:778:26: note: expected 'struct scsi_host_template *' but argument is of type 'const struct scsi_host_template *'
The problem is that of_device_id->data is a const void pointer.
This is pretty silly in this specific instance, because for all
matched device IDs we set match->data to the same value,
&qpti_template.
So just use that directly instead of the unnecessary and improperly
typed abstraction.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 28 Oct 2012 18:14:52 +0000 (11:14 -0700)]
Merge tag 'ktest-v3.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest
Pull ktest confusion fix from Steven Rostedt:
"With the v3.7-rc2 kernel, the network cards on my target boxes were
not being brought up.
I found that the modules for the network was not being installed.
This was due to the config CONFIG_MODULES_USE_ELF_RELA that came
before CONFIG_MODULES, and confused ktest in thinking that
CONFIG_MODULES=y was not found.
Ktest needs to test all configs and not just stop if something starts
with CONFIG_MODULES."
* tag 'ktest-v3.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest:
ktest: Fix ktest confusion with CONFIG_MODULES_USE_ELF_RELA
Linus Torvalds [Sun, 28 Oct 2012 18:13:54 +0000 (11:13 -0700)]
Merge tag 'spi-mxs' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc
Pull minor spi MXS fixes from Mark Brown:
"These fixes are both pretty minor ones and are driver local."
* tag 'spi-mxs' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc:
spi: mxs: Terminate DMA in case of DMA timeout
spi: mxs: Assign message status after transfer finished
Linus Torvalds [Sun, 28 Oct 2012 18:12:38 +0000 (11:12 -0700)]
Merge tag 'fixes-for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull arm-soc fixes from Arnd Bergmann:
"Bug fixes for a number of ARM platforms, mostly OMAP, imx and at91.
These come a little later than I had hoped but unfortunately we had a
few of these patches cause regressions themselves and had to work out
how to deal with those in the meantime."
* tag 'fixes-for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (38 commits)
Revert "ARM i.MX25: Fix PWM per clock lookups"
ARM: versatile: fix versatile_defconfig
ARM: mvebu: update defconfig with 3.7 changes
ARM: at91: fix at91x40 build
ARM: socfpga: Fix socfpga compilation with early_printk() enabled
ARM: SPEAr: Remove unused empty files
MAINTAINERS: Add arm-soc tree entry
ARM: dts: mxs: add the "clock-names" for gpmi-nand
ARM: ux500: Correct SDI5 address and add some format changes
ARM: ux500: Specify AMBA Primecell IDs for Nomadik I2C in DT
ARM: ux500: Fix build error relating to IRQCHIP_SKIP_SET_WAKE
ARM: at91: drop duplicated config SOC_AT91SAM9 entry
ARM: at91/i2c: change id to let i2c-at91 work
ARM: at91/i2c: change id to let i2c-gpio work
ARM: at91/dts: at91sam9g20ek_common: Fix typos in buttons labels.
ARM: at91: fix external interrupt specification in board code
ARM: at91: fix external interrupts in non-DT case
ARM: at91: at91sam9g10: fix SOC type detection
ARM: at91/tc: fix typo in the DT document
ARM: AM33XX: Fix configuration of dmtimer parent clock by dmtimer driverDate:Wed, 17 Oct 2012 13:55:55 -0500
...
Mikulas Patocka [Mon, 15 Oct 2012 21:20:17 +0000 (17:20 -0400)]
Lock splice_read and splice_write functions
Functions generic_file_splice_read and generic_file_splice_write access
the pagecache directly. For block devices these functions must be locked
so that block size is not changed while they are in progress.
This patch is an additional fix for commit b87570f5d349 ("Fix a crash
when block device is read and block size is changed at the same time")
that locked aio_read, aio_write and mmap against block size change.
Mikulas Patocka [Mon, 22 Oct 2012 23:39:16 +0000 (19:39 -0400)]
percpu-rw-semaphores: use rcu_read_lock_sched
Use rcu_read_lock_sched / rcu_read_unlock_sched / synchronize_sched
instead of rcu_read_lock / rcu_read_unlock / synchronize_rcu.
This is an optimization. The RCU-protected region is very small, so
there will be no latency problems if we disable preempt in this region.
So we use rcu_read_lock_sched / rcu_read_unlock_sched that translates
to preempt_disable / preempt_disable. It is smaller (and supposedly
faster) than preemptible rcu_read_lock / rcu_read_unlock.
Mikulas Patocka [Mon, 22 Oct 2012 23:37:47 +0000 (19:37 -0400)]
percpu-rw-semaphores: use light/heavy barriers
This patch introduces new barrier pair light_mb() and heavy_mb() for
percpu rw semaphores.
This patch fixes a bug in percpu-rw-semaphores where a barrier was
missing in percpu_up_write.
This patch improves performance on the read path of
percpu-rw-semaphores: on non-x86 cpus, there was a smp_mb() in
percpu_up_read. This patch changes it to a compiler barrier and removes
the "#if defined(X86) ..." condition.
David S. Miller [Sun, 28 Oct 2012 01:05:20 +0000 (18:05 -0700)]
sparc64: Fix cpu strand yielding.
For atomic backoff, we just loop over an exponentially backed off
counter. This is extremely ineffective as it doesn't actually yield
the cpu strand so that other competing strands can use the cpu core.
In cpus previous to SPARC-T4 we have to do this in a slightly hackish
way, by doing an operation with no side effects that also happens to
mark the strand as unavailable.
The mechanism we choose for this is three reads of the %ccr
(condition-code) register into %g0 (the zero register).
SPARC-T4 has an explicit "pause" instruction, and we'll make use of
that in a subsequent commit.
Yield strands also in cpu_relax(). We really should have done this a
very long time ago.
Signed-off-by: David S. Miller <davem@davemloft.net>
Peter Ujfalusi [Fri, 26 Oct 2012 10:33:08 +0000 (12:33 +0200)]
ASoC: omap-dmic: Correct functional clock name
We should really use "fck" when asking for the functional clock and not
"dmic_fck".
This way we can ensure that multiple dmic modules can exist in the system.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Tony Lindgren [Wed, 3 Oct 2012 16:31:02 +0000 (09:31 -0700)]
ASoC: zoom2: Fix compile error by including correct header files
Also drop the includes that are no longer needed and just
cause problems for the ARM common zImage.
Acked-by: Peter Ujfalusi <peter.ujfalusi@ti.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
[tony@atomide.com: updated to drop unneeded headers] Signed-off-by: Tony Lindgren <tony@atomide.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
arch/arm/mach-imx/clk-imx25.c: In function 'mx25_clocks_init':
arch/arm/mach-imx/clk-imx25.c:206:26: error: 'pwm_ipg_per' undeclared (first use in this function)
arch/arm/mach-imx/clk-imx25.c:206:26: note: each undeclared identifier is reported only once for each function it appears in
Sascha Hauer explains:
> There are several gates missing in clk-imx25.c. I have a patch which
> adds support for them and I seem to have missed that the above depends
> on it.
Arnd Bergmann [Fri, 26 Oct 2012 21:06:43 +0000 (23:06 +0200)]
ARM: versatile: fix versatile_defconfig
With the introduction of CONFIG_ARCH_MULTIPLATFORM, versatile is
no longer the default platform, so we need to enable
CONFIG_ARCH_VERSATILE explicitly in order for that to be selected
rather than the multiplatform configuration.
Thomas Petazzoni [Tue, 23 Oct 2012 08:17:49 +0000 (10:17 +0200)]
ARM: mvebu: update defconfig with 3.7 changes
The split of 370 and XP into two Kconfig options and the multiplatform
kernel support has changed a few Kconfig symbols, so let's update the
mvebu_defconfig file with the latest changes.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Arnd Bergmann [Fri, 26 Oct 2012 20:49:09 +0000 (22:49 +0200)]
ARM: at91: fix at91x40 build
patch 738a0fd7 "ARM: at91: fix external interrupts in non-DT case"
fixed a run-time error on some at91 platforms but did not apply
the same change to at91x40, which now doesn't build.
This changes at91x40 in the same way that the other platforms
were changed.
David S. Miller [Fri, 26 Oct 2012 22:18:37 +0000 (15:18 -0700)]
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
The Montgomery Multiply, Montgomery Square, and Multiple-Precision
Multiply instructions work by loading a combination of the floating
point and multiple register windows worth of integer registers
with the inputs.
These values are 64-bit. But for 32-bit userland processes we only
save the low 32-bits of each integer register during a register spill.
This is because the register window save area is in the user stack and
has a fixed layout.
Therefore, the only way to use these instruction in 32-bit mode is to
perform the following sequence:
1) Load the top-32bits of a choosen integer register with a sentinel,
say "-1". This will be in the outer-most register window.
The idea is that we're trying to see if the outer-most register
window gets spilled, and thus the 64-bit values were truncated.
2) Load all the inputs for the montmul/montsqr/mpmul instruction,
down to the inner-most register window.
3) Execute the opcode.
4) Traverse back up to the outer-most register window.
5) Check the sentinel, if it's still "-1" store the results.
Otherwise retry the entire sequence.
This retry is extremely troublesome. If you're just unlucky and an
interrupt or other trap happens, it'll push that outer-most window to
the stack and clear the sentinel when we restore it.
We could retry forever and never make forward progress if interrupts
arrive at a fast enough rate (consider perf events as one example).
So we have do limited retries and fallback to software which is
extremely non-deterministic.
Luckily it's very straightforward to provide a mechanism to let
32-bit applications use a 64-bit stack. Stacks in 64-bit mode are
biased by 2047 bytes, which means that the lowest bit is set in the
actual %sp register value.
So if we see bit zero set in a 32-bit application's stack we treat
it like a 64-bit stack.
Runtime detection of such a facility is tricky, and cumbersome at
best. For example, just trying to use a biased stack and seeing if it
works is hard to recover from (the signal handler will need to use an
alt stack, plus something along the lines of longjmp). Therefore, we
add a system call to report a bitmask of arch specific features like
this in a cheap and less hairy way.
With help from Andy Polyakov.
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull networking fixes from David Miller:
"This is what we usually expect at this stage of the game, lots of
little things, mostly in drivers. With the occasional 'oops didn't
mean to do that' kind of regressions in the core code."
1) Uninitialized data in __ip_vs_get_timeouts(), from Arnd Bergmann
2) Reject invalid ACK sequences in Fast Open sockets, from Jerry Chu.
3) Lost error code on return from _rtl_usb_receive(), from Christian
Lamparter.
4) Fix reset resume on USB rt2x00, from Stanislaw Gruszka.
5) Release resources on error in pch_gbe driver, from Veaceslav Falico.
6) Default hop limit not set correctly in ip6_template_metrics[], fix
from Li RongQing.
7) Gianfar PTP code requests wrong kind of resource during probe, fix
from Wei Yang.
8) Fix VHOST net driver on big-endian, from Michael S Tsirkin.
9) Mallenox driver bug fixes from Jack Morgenstein, Or Gerlitz, Moni
Shoua, Dotan Barak, and Uri Habusha.
10) usbnet leaks memory on TX path, fix from Hemant Kumar.
11) Use socket state test, rather than presence of FIN bit packet, to
determine FIONREAD/SIOCINQ value. Fix from Eric Dumazet.
12) Fix cxgb4 build failure, from Vipul Pandya.
13) Provide a SYN_DATA_ACKED state to complement SYN_FASTOPEN in socket
info dumps. From Yuchung Cheng.
14) Fix leak of security path in kfree_skb_partial(). Fix from Eric
Dumazet.
15) Handle RX FIFO overflows more resiliently in pch_gbe driver, from
Veaceslav Falico.
16) Fix MAINTAINERS file pattern for networking drivers, from Jean
Delvare.
17) Add iPhone5 IDs to IPHETH driver, from Jay Purohit.
18) VLAN device type change restriction is too strict, and should not
trigger for the automatically generated vlan0 device. Fix from Jiri
Pirko.
19) Make PMTU/redirect flushing work properly again in ipv4, from
Steffen Klassert.
20) Fix memory corruptions by using kfree_rcu() in netlink_release().
From Eric Dumazet.
21) More qmi_wwan device IDs, from Bjørn Mork.
22) Fix unintentional change of SNAT/DNAT hooks in generic NAT
infrastructure, from Elison Niven.
23) Fix 3.6.x regression in xt_TEE netfilter module, from Eric Dumazet.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (57 commits)
tilegx: fix some issues in the SW TSO support
qmi_wwan/cdc_ether: move Novatel 551 and E362 to qmi_wwan
net: usb: Fix memory leak on Tx data path
net/mlx4_core: Unmap UAR also in the case of error flow
net/mlx4_en: Don't use vlan tag value as an indication for vlan presence
net/mlx4_en: Fix double-release-range in tx-rings
bas_gigaset: fix pre_reset handling
vhost: fix mergeable bufs on BE hosts
gianfar_ptp: use iomem, not ioports resource tree in probe
ipv6: Set default hoplimit as zero.
NET_VENDOR_TI: make available for am33xx as well
pch_gbe: fix error handling in pch_gbe_up()
b43: Fix oops on unload when firmware not found
mwifiex: clean up scan state on error
mwifiex: return -EBUSY if specific scan request cannot be honored
brcmfmac: fix potential NULL dereference
Revert "ath9k_hw: Updated AR9003 tx gain table for 5GHz"
ath9k_htc: Add PID/VID for a Ubiquiti WiFiStation
rt2x00: usb: fix reset resume
rtlwifi: pass rx setup error code to caller
...
Linus Torvalds [Fri, 26 Oct 2012 21:59:01 +0000 (14:59 -0700)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull slave-dmaengine fixes from Vinod Koul:
"Three fixes for slave dmanegine.
Two are for typo omissions in sifr dmaengine driver and the last one
is for the imx driver fixing a missing unlock"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: sirf: fix a typo in moving running dma_desc to active queue
dmaengine: sirf: fix a typo in dma_prep_interleaved
dmaengine: imx-dma: fix missing unlock on error in imxdma_xfer_desc()
Linus Torvalds [Fri, 26 Oct 2012 21:23:35 +0000 (14:23 -0700)]
Merge tag 'pm+acpi-for-3.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael J Wysocki:
- Fix for a memory leak in acpi_bind_one() from Jesper Juhl.
- Fix for an error code path memory leak in pm_genpd_attach_cpuidle()
from Jonghwan Choi.
- Fix for smp_processor_id() usage in preemptible code in powernow-k8
from Andreas Herrmann.
- Fix for a suspend-related memory leak in cpufreq stats from Xiaobing
Tu.
- Freezer fix for failure to clear PF_NOFREEZE along with PF_KTHREAD in
flush_old_exec() from Oleg Nesterov.
- acpi_processor_notify() fix from Alan Cox.
* tag 'pm+acpi-for-3.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: missing break
freezer: exec should clear PF_NOFREEZE along with PF_KTHREAD
Fix memory leak in cpufreq stats.
cpufreq / powernow-k8: Remove usage of smp_processor_id() in preemptible code
PM / Domains: Fix memory leak on error path in pm_genpd_attach_cpuidle
ACPI: Fix memory leak in acpi_bind_one()
Johannes Berg [Thu, 25 Oct 2012 22:41:23 +0000 (00:41 +0200)]
mac80211: make sure data is accessible in EAPOL check
The code to allow EAPOL frames even when the station
isn't yet marked associated needs to check that the
incoming frame is long enough and due to paged RX it
also can't assume skb->data contains the right data,
it must use skb_copy_bits(). Fix this to avoid using
data that doesn't really exist.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 25 Oct 2012 22:36:40 +0000 (00:36 +0200)]
mac80211: verify that skb data is present
A number of places in the mesh code don't check that
the frame data is present and in the skb header when
trying to access. Add those checks and the necessary
pskb_may_pull() calls. This prevents accessing data
that doesn't actually exist.
To do this, export ieee80211_get_mesh_hdrlen() to be
able to use it in mac80211.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Thu, 25 Oct 2012 22:33:36 +0000 (00:33 +0200)]
mac80211: check management frame header length
Due to pskb_may_pull() checking the skb length, all
non-management frames are checked on input whether
their 802.11 header is fully present. Also add that
check for management frames and remove a check that
is now duplicate. This prevents accessing skb data
beyond the frame end.
Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>