]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
10 years agoMerge remote-tracking branch 'ide/master'
Stephen Rothwell [Tue, 20 May 2014 01:11:38 +0000 (11:11 +1000)]
Merge remote-tracking branch 'ide/master'

10 years agoMerge remote-tracking branch 'crypto-current/master'
Stephen Rothwell [Tue, 20 May 2014 01:11:36 +0000 (11:11 +1000)]
Merge remote-tracking branch 'crypto-current/master'

10 years agoMerge remote-tracking branch 'input-current/for-linus'
Stephen Rothwell [Tue, 20 May 2014 01:11:33 +0000 (11:11 +1000)]
Merge remote-tracking branch 'input-current/for-linus'

10 years agoMerge remote-tracking branch 'staging.current/staging-linus'
Stephen Rothwell [Tue, 20 May 2014 01:11:32 +0000 (11:11 +1000)]
Merge remote-tracking branch 'staging.current/staging-linus'

10 years agoMerge remote-tracking branch 'driver-core.current/driver-core-linus'
Stephen Rothwell [Tue, 20 May 2014 01:11:31 +0000 (11:11 +1000)]
Merge remote-tracking branch 'driver-core.current/driver-core-linus'

10 years agoMerge remote-tracking branch 'wireless/master'
Stephen Rothwell [Tue, 20 May 2014 01:11:29 +0000 (11:11 +1000)]
Merge remote-tracking branch 'wireless/master'

10 years agoMerge remote-tracking branch 'pci-current/for-linus'
Stephen Rothwell [Tue, 20 May 2014 01:11:28 +0000 (11:11 +1000)]
Merge remote-tracking branch 'pci-current/for-linus'

10 years agoMerge remote-tracking branch 'sound-current/for-linus'
Stephen Rothwell [Tue, 20 May 2014 01:11:27 +0000 (11:11 +1000)]
Merge remote-tracking branch 'sound-current/for-linus'

10 years agonext-20140519/net
Stephen Rothwell [Tue, 20 May 2014 00:58:26 +0000 (10:58 +1000)]
next-20140519/net

10 years agoMerge remote-tracking branch 'sparc/master'
Stephen Rothwell [Tue, 20 May 2014 00:40:01 +0000 (10:40 +1000)]
Merge remote-tracking branch 'sparc/master'

10 years agoMerge remote-tracking branch 'powerpc-merge/merge'
Stephen Rothwell [Tue, 20 May 2014 00:40:00 +0000 (10:40 +1000)]
Merge remote-tracking branch 'powerpc-merge/merge'

10 years agoMerge remote-tracking branch 'metag-fixes/fixes'
Stephen Rothwell [Tue, 20 May 2014 00:39:59 +0000 (10:39 +1000)]
Merge remote-tracking branch 'metag-fixes/fixes'

10 years agoMerge remote-tracking branch 'fixes/master'
Stephen Rothwell [Tue, 20 May 2014 00:29:14 +0000 (10:29 +1000)]
Merge remote-tracking branch 'fixes/master'

10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth...
John W. Linville [Mon, 19 May 2014 20:34:27 +0000 (16:34 -0400)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

10 years agoPCI: Wrong register used to check pending traffic
Gavin Shan [Mon, 19 May 2014 03:06:46 +0000 (13:06 +1000)]
PCI: Wrong register used to check pending traffic

The incorrect register offset is passed to pci_wait_for_pending(), which is
caused by commit 157e876ffe ("PCI: Add pci_wait_for_pending() (refactor
pci_wait_for_pending_transaction())").

Fixes: 157e876ffe ("PCI: Add pci_wait_for_pending() (refactor pci_wait_for_pending_transaction())
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Alex Williamson <alex.williamson@gmail.com>
CC: stable@vger.kernel.org # v3.14+
10 years agoALSA: pcm_dmaengine: Add check during device suspend
Tushar Behera [Mon, 19 May 2014 09:23:53 +0000 (14:53 +0530)]
ALSA: pcm_dmaengine: Add check during device suspend

Currently snd_dmaengine_pcm_trigger() calls dmaengine_pause()
unconditinally during device suspend. In case where DMA controller
doesn't support PAUSE/RESUME functionality, this call is not able
to stop the DMA controller. In this scenario, audio playback doesn't
resume after device resume.

Calling dmaengine_pause/dmaengine_terminate_all conditionally fixes
the issue.

It has been tested with audio playback on Samsung platform having
PL330 DMA controller which doesn't support PAUSE/RESUME.

Signed-off-by: Tushar Behera <tushar.behera@linaro.org>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
10 years agosparc64: Add membar to Niagara2 memcpy code.
David S. Miller [Sat, 17 May 2014 18:28:05 +0000 (11:28 -0700)]
sparc64: Add membar to Niagara2 memcpy code.

This is the prevent previous stores from overlapping the block stores
done by the memcpy loop.

Based upon a glibc patch by Jose E. Marchesi

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'stacked_netdevice_locking'
David S. Miller [Sat, 17 May 2014 02:15:23 +0000 (22:15 -0400)]
Merge branch 'stacked_netdevice_locking'

Vlad Yasevich says:

====================
Fix lockdep issues with stacked devices

Recent commit dc8eaaa006350d24030502a4521542e74b5cb39f
    vlan: Fix lockdep warning when vlan dev handle notification

attempted to solve lockdep issues with vlans where multiple
vlans were stacked.  However, the code does not work correctly
when the vlan stack is interspersed with other devices in between
the vlans.  Additionally, similar lockdep issues show up with other
devices.

This series provides a generic way to solve these issue for any
devices that can be stacked.  It also addresses the concern for
vlan and macvlan devices.  I am not sure whether it makes sense
to do so for other types like team, vxlan, and bond.

Thanks
-vlad

Since v2:
  - Remove rcu variants from patch1, since that function is called
    only under rtnl.
  - Fix whitespace problems reported by checkpatch

Since v1:
  - Fixed up a goofed-up rebase.
    * is_vlan_dev() should be bool and that change belongs in patch3.
    * patch4 should not have any vlan changes in it.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agomacvlan: Fix lockdep warnings with stacked macvlan devices
Vlad Yasevich [Fri, 16 May 2014 21:04:56 +0000 (17:04 -0400)]
macvlan: Fix lockdep warnings with stacked macvlan devices

Macvlan devices try to avoid stacking, but that's not always
successfull or even desired.  As an example, the following
configuration is perefectly legal and valid:

eth0 <--- macvlan0 <---- vlan0.10 <--- macvlan1

However, this configuration produces the following lockdep
trace:
[  115.620418] ======================================================
[  115.620477] [ INFO: possible circular locking dependency detected ]
[  115.620516] 3.15.0-rc1+ #24 Not tainted
[  115.620540] -------------------------------------------------------
[  115.620577] ip/1704 is trying to acquire lock:
[  115.620604]  (&vlan_netdev_addr_lock_key/1){+.....}, at: [<ffffffff815df49c>] dev_uc_sync+0x3c/0x80
[  115.620686]
but task is already holding lock:
[  115.620723]  (&macvlan_netdev_addr_lock_key){+.....}, at: [<ffffffff815da5be>] dev_set_rx_mode+0x1e/0x40
[  115.620795]
which lock already depends on the new lock.

[  115.620853]
the existing dependency chain (in reverse order) is:
[  115.620894]
-> #1 (&macvlan_netdev_addr_lock_key){+.....}:
[  115.620935]        [<ffffffff810d57f2>] lock_acquire+0xa2/0x130
[  115.620974]        [<ffffffff816f62e7>] _raw_spin_lock_nested+0x37/0x50
[  115.621019]        [<ffffffffa07296c3>] vlan_dev_set_rx_mode+0x53/0x110 [8021q]
[  115.621066]        [<ffffffff815da557>] __dev_set_rx_mode+0x57/0xa0
[  115.621105]        [<ffffffff815da5c6>] dev_set_rx_mode+0x26/0x40
[  115.621143]        [<ffffffff815da6be>] __dev_open+0xde/0x140
[  115.621174]        [<ffffffff815da9ad>] __dev_change_flags+0x9d/0x170
[  115.621174]        [<ffffffff815daaa9>] dev_change_flags+0x29/0x60
[  115.621174]        [<ffffffff815e7f11>] do_setlink+0x321/0x9a0
[  115.621174]        [<ffffffff815ea59f>] rtnl_newlink+0x51f/0x730
[  115.621174]        [<ffffffff815e6e75>] rtnetlink_rcv_msg+0x95/0x250
[  115.621174]        [<ffffffff81608b19>] netlink_rcv_skb+0xa9/0xc0
[  115.621174]        [<ffffffff815e6dca>] rtnetlink_rcv+0x2a/0x40
[  115.621174]        [<ffffffff81608150>] netlink_unicast+0xf0/0x1c0
[  115.621174]        [<ffffffff8160851f>] netlink_sendmsg+0x2ff/0x740
[  115.621174]        [<ffffffff815bc9db>] sock_sendmsg+0x8b/0xc0
[  115.621174]        [<ffffffff815bd4b9>] ___sys_sendmsg+0x369/0x380
[  115.621174]        [<ffffffff815bdbb2>] __sys_sendmsg+0x42/0x80
[  115.621174]        [<ffffffff815bdc02>] SyS_sendmsg+0x12/0x20
[  115.621174]        [<ffffffff816ffd69>] system_call_fastpath+0x16/0x1b
[  115.621174]
-> #0 (&vlan_netdev_addr_lock_key/1){+.....}:
[  115.621174]        [<ffffffff810d4d43>] __lock_acquire+0x1773/0x1a60
[  115.621174]        [<ffffffff810d57f2>] lock_acquire+0xa2/0x130
[  115.621174]        [<ffffffff816f62e7>] _raw_spin_lock_nested+0x37/0x50
[  115.621174]        [<ffffffff815df49c>] dev_uc_sync+0x3c/0x80
[  115.621174]        [<ffffffffa0696d2a>] macvlan_set_mac_lists+0xca/0x110 [macvlan]
[  115.621174]        [<ffffffff815da557>] __dev_set_rx_mode+0x57/0xa0
[  115.621174]        [<ffffffff815da5c6>] dev_set_rx_mode+0x26/0x40
[  115.621174]        [<ffffffff815da6be>] __dev_open+0xde/0x140
[  115.621174]        [<ffffffff815da9ad>] __dev_change_flags+0x9d/0x170
[  115.621174]        [<ffffffff815daaa9>] dev_change_flags+0x29/0x60
[  115.621174]        [<ffffffff815e7f11>] do_setlink+0x321/0x9a0
[  115.621174]        [<ffffffff815ea59f>] rtnl_newlink+0x51f/0x730
[  115.621174]        [<ffffffff815e6e75>] rtnetlink_rcv_msg+0x95/0x250
[  115.621174]        [<ffffffff81608b19>] netlink_rcv_skb+0xa9/0xc0
[  115.621174]        [<ffffffff815e6dca>] rtnetlink_rcv+0x2a/0x40
[  115.621174]        [<ffffffff81608150>] netlink_unicast+0xf0/0x1c0
[  115.621174]        [<ffffffff8160851f>] netlink_sendmsg+0x2ff/0x740
[  115.621174]        [<ffffffff815bc9db>] sock_sendmsg+0x8b/0xc0
[  115.621174]        [<ffffffff815bd4b9>] ___sys_sendmsg+0x369/0x380
[  115.621174]        [<ffffffff815bdbb2>] __sys_sendmsg+0x42/0x80
[  115.621174]        [<ffffffff815bdc02>] SyS_sendmsg+0x12/0x20
[  115.621174]        [<ffffffff816ffd69>] system_call_fastpath+0x16/0x1b
[  115.621174]
other info that might help us debug this:

[  115.621174]  Possible unsafe locking scenario:

[  115.621174]        CPU0                    CPU1
[  115.621174]        ----                    ----
[  115.621174]   lock(&macvlan_netdev_addr_lock_key);
[  115.621174]                                lock(&vlan_netdev_addr_lock_key/1);
[  115.621174]                                lock(&macvlan_netdev_addr_lock_key);
[  115.621174]   lock(&vlan_netdev_addr_lock_key/1);
[  115.621174]
 *** DEADLOCK ***

[  115.621174] 2 locks held by ip/1704:
[  115.621174]  #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff815e6dbb>] rtnetlink_rcv+0x1b/0x40
[  115.621174]  #1:  (&macvlan_netdev_addr_lock_key){+.....}, at: [<ffffffff815da5be>] dev_set_rx_mode+0x1e/0x40
[  115.621174]
stack backtrace:
[  115.621174] CPU: 3 PID: 1704 Comm: ip Not tainted 3.15.0-rc1+ #24
[  115.621174] Hardware name: Hewlett-Packard HP xw8400 Workstation/0A08h, BIOS 786D5 v02.38 10/25/2010
[  115.621174]  ffffffff82339ae0 ffff880465f79568 ffffffff816ee20c ffffffff82339ae0
[  115.621174]  ffff880465f795a8 ffffffff816e9e1b ffff880465f79600 ffff880465b019c8
[  115.621174]  0000000000000001 0000000000000002 ffff880465b019c8 ffff880465b01230
[  115.621174] Call Trace:
[  115.621174]  [<ffffffff816ee20c>] dump_stack+0x4d/0x66
[  115.621174]  [<ffffffff816e9e1b>] print_circular_bug+0x200/0x20e
[  115.621174]  [<ffffffff810d4d43>] __lock_acquire+0x1773/0x1a60
[  115.621174]  [<ffffffff810d3172>] ? trace_hardirqs_on_caller+0xb2/0x1d0
[  115.621174]  [<ffffffff810d57f2>] lock_acquire+0xa2/0x130
[  115.621174]  [<ffffffff815df49c>] ? dev_uc_sync+0x3c/0x80
[  115.621174]  [<ffffffff816f62e7>] _raw_spin_lock_nested+0x37/0x50
[  115.621174]  [<ffffffff815df49c>] ? dev_uc_sync+0x3c/0x80
[  115.621174]  [<ffffffff815df49c>] dev_uc_sync+0x3c/0x80
[  115.621174]  [<ffffffffa0696d2a>] macvlan_set_mac_lists+0xca/0x110 [macvlan]
[  115.621174]  [<ffffffff815da557>] __dev_set_rx_mode+0x57/0xa0
[  115.621174]  [<ffffffff815da5c6>] dev_set_rx_mode+0x26/0x40
[  115.621174]  [<ffffffff815da6be>] __dev_open+0xde/0x140
[  115.621174]  [<ffffffff815da9ad>] __dev_change_flags+0x9d/0x170
[  115.621174]  [<ffffffff815daaa9>] dev_change_flags+0x29/0x60
[  115.621174]  [<ffffffff811e1db1>] ? mem_cgroup_bad_page_check+0x21/0x30
[  115.621174]  [<ffffffff815e7f11>] do_setlink+0x321/0x9a0
[  115.621174]  [<ffffffff810d394c>] ? __lock_acquire+0x37c/0x1a60
[  115.621174]  [<ffffffff815ea59f>] rtnl_newlink+0x51f/0x730
[  115.621174]  [<ffffffff815ea169>] ? rtnl_newlink+0xe9/0x730
[  115.621174]  [<ffffffff815e6e75>] rtnetlink_rcv_msg+0x95/0x250
[  115.621174]  [<ffffffff810d329d>] ? trace_hardirqs_on+0xd/0x10
[  115.621174]  [<ffffffff815e6dbb>] ? rtnetlink_rcv+0x1b/0x40
[  115.621174]  [<ffffffff815e6de0>] ? rtnetlink_rcv+0x40/0x40
[  115.621174]  [<ffffffff81608b19>] netlink_rcv_skb+0xa9/0xc0
[  115.621174]  [<ffffffff815e6dca>] rtnetlink_rcv+0x2a/0x40
[  115.621174]  [<ffffffff81608150>] netlink_unicast+0xf0/0x1c0
[  115.621174]  [<ffffffff8160851f>] netlink_sendmsg+0x2ff/0x740
[  115.621174]  [<ffffffff815bc9db>] sock_sendmsg+0x8b/0xc0
[  115.621174]  [<ffffffff8119d4af>] ? might_fault+0x5f/0xb0
[  115.621174]  [<ffffffff8119d4f8>] ? might_fault+0xa8/0xb0
[  115.621174]  [<ffffffff8119d4af>] ? might_fault+0x5f/0xb0
[  115.621174]  [<ffffffff815cb51e>] ? verify_iovec+0x5e/0xe0
[  115.621174]  [<ffffffff815bd4b9>] ___sys_sendmsg+0x369/0x380
[  115.621174]  [<ffffffff816faa0d>] ? __do_page_fault+0x11d/0x570
[  115.621174]  [<ffffffff810cfe9f>] ? up_read+0x1f/0x40
[  115.621174]  [<ffffffff816fab04>] ? __do_page_fault+0x214/0x570
[  115.621174]  [<ffffffff8120a10b>] ? mntput_no_expire+0x6b/0x1c0
[  115.621174]  [<ffffffff8120a0b7>] ? mntput_no_expire+0x17/0x1c0
[  115.621174]  [<ffffffff8120a284>] ? mntput+0x24/0x40
[  115.621174]  [<ffffffff815bdbb2>] __sys_sendmsg+0x42/0x80
[  115.621174]  [<ffffffff815bdc02>] SyS_sendmsg+0x12/0x20
[  115.621174]  [<ffffffff816ffd69>] system_call_fastpath+0x16/0x1b

Fix this by correctly providing macvlan lockdep class.

Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agovlan: Fix lockdep warning with stacked vlan devices.
Vlad Yasevich [Fri, 16 May 2014 21:04:55 +0000 (17:04 -0400)]
vlan: Fix lockdep warning with stacked vlan devices.

This reverts commit dc8eaaa006350d24030502a4521542e74b5cb39f.
vlan: Fix lockdep warning when vlan dev handle notification

Instead we use the new new API to find the lock subclass of
our vlan device.  This way we can support configurations where
vlans are interspersed with other devices:
  bond -> vlan -> macvlan -> vlan

Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: Allow for more then a single subclass for netif_addr_lock
Vlad Yasevich [Fri, 16 May 2014 21:04:54 +0000 (17:04 -0400)]
net: Allow for more then a single subclass for netif_addr_lock

Currently netif_addr_lock_nested assumes that there can be only
a single nesting level between 2 devices.  However, if we
have multiple devices of the same type stacked, this fails.
For example:
 eth0 <-- vlan0.10 <-- vlan0.10.20

A more complicated configuration may stack more then one type of
device in different order.
Ex:
  eth0 <-- vlan0.10 <-- macvlan0 <-- vlan1.10.20 <-- macvlan1

This patch adds an ndo_* function that allows each stackable
device to report its nesting level.  If the device doesn't
provide this function default subclass of 1 is used.

Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: Find the nesting level of a given device by type.
Vlad Yasevich [Fri, 16 May 2014 21:04:53 +0000 (17:04 -0400)]
net: Find the nesting level of a given device by type.

Multiple devices in the kernel can be stacked/nested and they
need to know their nesting level for the purposes of lockdep.
This patch provides a generic function that determines a nesting
level of a particular device by its type (ex: vlan, macvlan, etc).
We only care about nesting of the same type of devices.

For example:
  eth0 <- vlan0.10 <- macvlan0 <- vlan1.20

The nesting level of vlan1.20 would be 1, since there is another vlan
in the stack under it.

Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agostaging: rtl8723au: Do not reset wdev->iftype in netdev_close()
Jes Sorensen [Fri, 16 May 2014 20:59:18 +0000 (22:59 +0200)]
staging: rtl8723au: Do not reset wdev->iftype in netdev_close()

wdev->ifdev should be set by .change_virtual_intf(). This solves the
problem of WARN() messages on module unload.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agonet: gro: make sure skb->cb[] initial content has not to be zero
Eric Dumazet [Fri, 16 May 2014 18:34:37 +0000 (11:34 -0700)]
net: gro: make sure skb->cb[] initial content has not to be zero

Starting from linux-3.13, GRO attempts to build full size skbs.

Problem is the commit assumed one particular field in skb->cb[]
was clean, but it is not the case on some stacked devices.

Timo reported a crash in case traffic is decrypted before
reaching a GRE device.

Fix this by initializing NAPI_GRO_CB(skb)->last at the right place,
this also removes one conditional.

Thanks a lot to Timo for providing full reports and bisecting this.

Fixes: 8a29111c7ca6 ("net: gro: allow to build full sized skb")
Bisected-by: Timo Teras <timo.teras@iki.fi>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoipv4: ip_tunnels: disable cache for nbma gre tunnels
Timo Teräs [Fri, 16 May 2014 05:34:39 +0000 (08:34 +0300)]
ipv4: ip_tunnels: disable cache for nbma gre tunnels

The connected check fails to check for ip_gre nbma mode tunnels
properly. ip_gre creates temporary tnl_params with daddr specified
to pass-in the actual target on per-packet basis from neighbor
layer. Detect these tunnels by inspecting the actual tunnel
configuration.

Minimal test case:
 ip route add 192.168.1.1/32 via 10.0.0.1
 ip route add 192.168.1.2/32 via 10.0.0.2
 ip tunnel add nbma0 mode gre key 1 tos c0
 ip addr add 172.17.0.0/16 dev nbma0
 ip link set nbma0 up
 ip neigh add 172.17.0.1 lladdr 192.168.1.1 dev nbma0
 ip neigh add 172.17.0.2 lladdr 192.168.1.2 dev nbma0
 ping 172.17.0.1
 ping 172.17.0.2

The second ping should be going to 192.168.1.2 and head 10.0.0.2;
but cached gre tunnel level route is used and it's actually going
to 192.168.1.1 via 10.0.0.1.

The lladdr's need to go to separate dst for the bug to trigger.
Test case uses separate route entries, but this can also happen
when the route entry is same: if there is a nexthop exception or
the GRE tunnel is IPsec'ed in which case the dst points to xfrm
bundle unique to the gre lladdr.

Fixes: 7d442fab0a67 ("ipv4: Cache dst in tunnels")
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Cc: Tom Herbert <therbert@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet/dsa/dsa.c: increment chip_index during of_node handling on dsa_of_probe()
Fabian Godehardt [Fri, 16 May 2014 04:21:44 +0000 (06:21 +0200)]
net/dsa/dsa.c: increment chip_index during of_node handling on dsa_of_probe()

Adding more than one chip on device-tree currently causes the probing
routine to always use the first chips data pointer.

Signed-off-by: Fabian Godehardt <fg@emlix.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: ipv6: make "ip -6 route get mark xyz" work.
Lorenzo Colitti [Thu, 15 May 2014 23:38:41 +0000 (16:38 -0700)]
net: ipv6: make "ip -6 route get mark xyz" work.

Currently, "ip -6 route get mark xyz" ignores the mark passed in
by userspace. Make it honour the mark, just like IPv4 does.

Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Fri, 16 May 2014 20:28:53 +0000 (16:28 -0400)]
Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge

Include changes:
- fix NULL dereference in batadv_orig_hardif_seq_print_text()
- fix reference counting imbalance when using fragmentation
- avoid access to orig_node objects after they have been free'd
- fix local TT check for outgoing arp requests in DAT

10 years agoxen-netback: fix race between napi_complete() and interrupt handler
David Vrabel [Fri, 16 May 2014 11:26:04 +0000 (12:26 +0100)]
xen-netback: fix race between napi_complete() and interrupt handler

When the NAPI budget was not all used, xenvif_poll() would call
napi_complete() /after/ enabling the interrupt.  This resulted in a
race between the napi_complete() and the napi_schedule() in the
interrupt handler.  The use of local_irq_save/restore() avoided by
race iff the handler is running on the same CPU but not if it was
running on a different CPU.

Fix this properly by calling napi_complete() before reenabling
interrupts (in the xenvif_napi_schedule_or_enable_irq() call).

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...
David S. Miller [Fri, 16 May 2014 19:45:56 +0000 (15:45 -0400)]
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless

John W. Linville says:

====================
pull request: wireless 2014-05-15

Please pull this batch of fixes for the 3.15 stream...

For the mac80211 bits, Johannes says:

"One fix is to get better VHT performance and the other fixes tracing
garbage or other potential issues with the interface name tracing."

And...

"This has a fix from Emmanuel for a problem I failed to fix - when
association is in progress then it needs to be cancelled while
suspending (I had fixed the same for authentication). Also included a
fix from myself for a userspace API problem that hit the iw tool and a
fix to the remain-on-channel framework."

For the iwlwifi bits, Emmanuel says:

"Alex fixes the scan by disabling the fragmented scan. David prevents
scan offload while associated, the firmware seems not to like it. I
fix a stupid bug I made in BT Coex, and fix a bad #ifdef clause in rate
scaling.  Along with that there is a fix for a NULL pointer exception
that can happen if we load the driver and our ISR gets called because
the interrupt line is shared. The fix has been tested by the reporter."

And...

"We have here a fix from David Spinadel that makes a previous fix more
complete, and an off-by-one issue fixed by Eliad in the same area.
I fix the monitor that broke on the way."

Beyond that...

Daniel Kim's one-liner fixes a brcmfmac regression caused by a typo
in an earlier commit..

Rajkumar Manoharan fixes an ath9k oops reported by David Herrmann.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoaf_rxrpc: Fix XDR length check in rxrpc key demarshalling.
Nathaniel W Filardo [Thu, 15 May 2014 14:51:22 +0000 (15:51 +0100)]
af_rxrpc: Fix XDR length check in rxrpc key demarshalling.

There may be padding on the ticket contained in the key payload, so just ensure
that the claimed token length is large enough, rather than exactly the right
size.

Signed-off-by: Nathaniel Wesley Filardo <nwf@cs.jhu.edu>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: phy: resume phydev when going to RESUMING
Zhangfei Gao [Thu, 15 May 2014 05:35:34 +0000 (13:35 +0800)]
net: phy: resume phydev when going to RESUMING

With commit be9dad1f9f26604fb ("net: phy: suspend phydev when going
to HALTED"), an unused PHY device will be put in a low-power mode
using BMCR_PDOWN. Some Ethernet drivers might be calling phy_start()
and phy_stop() from ndo_open and ndo_close() respectively, while
calling phy_connect() and phy_disconnect() from probe and remove.
In such a case, the PHY will be powered down during the phy_stop()
call, but will fail to be powered up in phy_start().
This patch fixes this scenario.

Signed-off-by: Jiancheng Xue <xuejiancheng@huawei.com>
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'mlx4-net'
David S. Miller [Fri, 16 May 2014 19:13:18 +0000 (15:13 -0400)]
Merge branch 'mlx4-net'

Or Gerlitz says:

====================
mlx4: Fix VF MAC address change under RoCE usage

This short series provides proper handling for the case where a
VF netdevice change their MAC address under a RoCE use case. The code
it deals with was introduced in 3.15-rc1

Prior to this series the source MAC used for the VM RoCE CM
packets remains as before the MAC modification. Hence RoCE CM
packets sent by the VF will not carry the same source MAC
address as the non-CM packets.

Earlier 3.15-rc commit f24f790 "net/mlx4_core: Load the Eth driver
first" handled just one instance of the problem, but this one
provides a more generic and proper solution which covers all
cases of VF mac change.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoIB/mlx4: Invoke UPDATE_QP for proxy QP1 on MAC changes
Matan Barak [Thu, 15 May 2014 12:29:28 +0000 (15:29 +0300)]
IB/mlx4: Invoke UPDATE_QP for proxy QP1 on MAC changes

When we receive a netdev event indicating a netdev change and/or
a netdev address change, we must change the MAC index used by the
proxy QP1 (in the QP context), otherwise RoCE CM packets sent by the
VF will not carry the same source MAC address as the non-CM packets.

We use the UPDATE_QP command to perform this change.

In order to avoid modifying a QP context based on netdev event,
while the driver attempts to destroy this QP (e.g either the mlx4_ib
or ib_mad modules are unloaded), we use mutex locking in both flows.

Since the relevant mlx4 proxy GSI QP is created indirectly by the
mad module when they create their GSI QP, the mlx4 didn't need to
keep track on that QP prior to this change.

Now, when QP modifications are needed to this QP from within the
driver, we added refernece to it.

Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet/mlx4_core: Add UPDATE_QP SRIOV wrapper support
Matan Barak [Thu, 15 May 2014 12:29:27 +0000 (15:29 +0300)]
net/mlx4_core: Add UPDATE_QP SRIOV wrapper support

This patch adds UPDATE_QP SRIOV wrapper support.

The mechanism is a general one, but currently only source MAC
index changes are allowed for VFs.

Signed-off-by: Matan Barak <matanb@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agostaging: rtl8723au: Use correct pipe type for USB interrupts
Jes Sorensen [Fri, 16 May 2014 08:05:04 +0000 (10:05 +0200)]
staging: rtl8723au: Use correct pipe type for USB interrupts

Use a correct pipe type when filling un interrupt urbs. This should
finally take care of the WARN() messages on the console when USB urbs
are submitted.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agobonding: fix out of range parameters for bond_intmax_tbl
Nikolay Aleksandrov [Thu, 15 May 2014 11:35:23 +0000 (13:35 +0200)]
bonding: fix out of range parameters for bond_intmax_tbl

I've missed to add a NULL entry to the bond_intmax_tbl when I introduced
it with the conversion of arp_interval so add it now.

CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
Fixes: 7bdb04ed0dbf ("bonding: convert arp_interval to use the new option API")
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Acked-by: Veaceslav Falico <vfalico@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoxen-netback: Fix grant ref resolution in RX path
Zoltan Kiss [Thu, 15 May 2014 10:08:34 +0000 (11:08 +0100)]
xen-netback: Fix grant ref resolution in RX path

The original series for reintroducing grant mapping for netback had a patch [1]
to handle receiving of packets from an another VIF. Grant copy on the receiving
side needs the grant ref of the page to set up the op.
The original patch assumed (wrongly) that the frags array haven't changed. In
the case reported by Sander, the sending guest sent a packet where the linear
buffer and the first frag were under PKT_PROT_LEN (=128) bytes.
xenvif_tx_submit() then pulled up the linear area to 128 bytes, and ditched the
first frag. The receiving side had an off-by-one problem when gathered the grant
refs.
This patch fixes that by checking whether the actual frag's page pointer is the
same as the page in the original frag list. It can handle any kind of changes on
the original frags array, like:
- removing granted frags from the array at any point
- adding local pages to the frags list anywhere
- reordering the frags
It's optimized to the most common case, when there is 1:1 relation between the
frags and the list, plus works optimal when frags are removed from the end or
the beginning.

[1]: 3e2234: xen-netback: Handle foreign mapped pages on the guest RX path

Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoipv6: update Destination Cache entries when gateway turn into host
Duan Jiong [Thu, 15 May 2014 07:56:14 +0000 (15:56 +0800)]
ipv6: update Destination Cache entries when gateway turn into host

RFC 4861 states in 7.2.5:

The IsRouter flag in the cache entry MUST be set based on the
         Router flag in the received advertisement.  In those cases
         where the IsRouter flag changes from TRUE to FALSE as a result
         of this update, the node MUST remove that router from the
         Default Router List and update the Destination Cache entries
         for all destinations using that neighbor as a router as
         specified in Section 7.3.3.  This is needed to detect when a
         node that is used as a router stops forwarding packets due to
         being configured as a host.

Currently, when dealing with NA Message which IsRouter flag changes from
TRUE to FALSE, the kernel only removes router from the Default Router List,
and don't update the Destination Cache entries.

Now in order to update those Destination Cache entries, i introduce
function rt6_clean_tohost().

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
David S. Miller [Fri, 16 May 2014 03:23:48 +0000 (23:23 -0400)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Conflicts:
net/ipv4/ip_vti.c

Steffen Klassert says:

====================
pull request (net): ipsec 2014-05-15

This pull request has a merge conflict in net/ipv4/ip_vti.c
between commit 8d89dcdf80d8 ("vti: don't allow to add the same
tunnel twice") and commit a32452366b72  ("vti4:Don't count header
length twice"). It can be solved like it is done in linux-next.

1) Fix a ipv6 xfrm output crash when a packet is rerouted
   by netfilter to not use IPsec.

2) vti4 counts some header lengths twice leading to an incorrect
   device mtu. Fix this by counting these headers only once.

3) We don't catch the case if an unsupported protocol is submitted
   to the xfrm protocol handlers, this can lead to NULL pointer
   dereferences. Fix this by adding the appropriate checks.

4) vti6 may unregister pernet ops twice on init errors.
   Fix this by removing one of the calls to do it only once.
   From Mathias Krause.

5) Set the vti tunnel mark before doing a lookup in the error
   handlers. Otherwise we don't find the correct xfrm state.
====================

The conflict in ip_vti.c was simple, 'net' had a commit
removing a line from vti_tunnel_init() and this tree
being merged had a commit adding a line to the same
location.

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: phy: Don't call phy_resume if phy_init_hw failed
Guenter Roeck [Wed, 14 May 2014 20:12:49 +0000 (13:12 -0700)]
net: phy: Don't call phy_resume if phy_init_hw failed

After the call to phy_init_hw failed in phy_attach_direct, phy_detach is called
to detach the phy device from its network device. If the attached driver is a
generic phy driver, this also detaches the driver. Subsequently phy_resume
is called, which assumes without checking that a driver is attached to the
device. This will result in a crash such as

Unable to handle kernel paging request for data at address 0xffffffffffffff90
Faulting instruction address: 0xc0000000003a0e18
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [c0000000003a0e18] .phy_attach_direct+0x68/0x17c
LR [c0000000003a0e6c] .phy_attach_direct+0xbc/0x17c
Call Trace:
[c0000003fc0475d0] [c0000000003a0e6c] .phy_attach_direct+0xbc/0x17c (unreliable)
[c0000003fc047670] [c0000000003a0ff8] .phy_connect_direct+0x28/0x98
[c0000003fc047700] [c0000000003f0074] .of_phy_connect+0x4c/0xa4

Only call phy_resume if phy_init_hw was successful.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'altera_tse'
David S. Miller [Thu, 15 May 2014 20:46:54 +0000 (16:46 -0400)]
Merge branch 'altera_tse'

Vince Bridgers says:

====================
Altera TSE: Fix Sparse errors and misc issues

This is version 2 of a patch series to correct sparse errors, cppcheck
warnings, and workaound a multicast filtering issue in the Altera TSE
Ethernet driver. Multicast filtering is not working as expected, so if
present in the hardware will not be used and promiscuous mode enabled
instead. This workaround will be replaced with a working solution when
completely debugged, integrated and tested.

Version 2 is different from the first submission by breaking out the
workaround as a seperate patch and addressing a few structure instance
declarations by making them const per review comments.

If you find this patch acceptable, please consider this for inclusion into
the Altera TSE driver source code.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoAltera TSE: Disable Multicast filtering to workaround problem
Vince Bridgers [Wed, 14 May 2014 19:38:37 +0000 (14:38 -0500)]
Altera TSE: Disable Multicast filtering to workaround problem

This patch disables multicast hash filtering if present in the hardware
and uses promiscuous mode instead until the problem with multicast
filtering has been debugged, integrated and tested.

Signed-off-by: Vince Bridgers <vbridgers2013@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoAltera TSE: Fix sparse errors and warnings
Vince Bridgers [Wed, 14 May 2014 19:38:36 +0000 (14:38 -0500)]
Altera TSE: Fix sparse errors and warnings

This patch fixes the many sparse errors and warnings contained in the
initial submission of the Altera Triple Speed Ethernet driver, and a
few minor cppcheck warnings. Changes are tested on ARM and NIOS2
example designs, and compile tested against multiple architectures.
Typical issues addressed were as follows:

altera_tse_ethtool.c:136:19: warning: incorrect type in argument
    1 (different address spaces)
altera_tse_ethtool.c:136:19:    expected void const volatile
    [noderef] <asn:2>*addr
altera_tse_ethtool.c:136:19:    got unsigned int *<noident>
...
altera_sgdma.c:129:31: warning: cast removes address space of
    expression

Signed-off-by: Vince Bridgers <vbridgers2013@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agortnetlink: wait for unregistering devices in rtnl_link_unregister()
Cong Wang [Mon, 12 May 2014 22:11:20 +0000 (15:11 -0700)]
rtnetlink: wait for unregistering devices in rtnl_link_unregister()

From: Cong Wang <cwang@twopensource.com>

commit 50624c934db18ab90 (net: Delay default_device_exit_batch until no
devices are unregistering) introduced rtnl_lock_unregistering() for
default_device_exit_batch(). Same race could happen we when rmmod a driver
which calls rtnl_link_unregister() as we call dev->destructor without rtnl
lock.

For long term, I think we should clean up the mess of netdev_run_todo()
and net namespce exit code.

Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoPCI: shpchp: Check bridge's secondary (not primary) bus speed
Marcel Apfelbaum [Thu, 15 May 2014 18:42:49 +0000 (12:42 -0600)]
PCI: shpchp: Check bridge's secondary (not primary) bus speed

When a new device is added below a hotplug bridge, the bridge's secondary
bus speed and the device's bus speed must match.  The shpchp driver
previously checked the bridge's *primary* bus speed, not the secondary bus
speed.

This caused hot-add errors like:

  shpchp 0000:00:03.0: Speed of bus ff and adapter 0 mismatch

Check the secondary bus speed instead.

[bhelgaas: changelog]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=75251
Fixes: 3749c51ac6c1 ("PCI: Make current and maximum bus speeds part of the PCI core")
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
CC: stable@vger.kernel.org # v2.6.34+
10 years agobatman-adv: fix local TT check for outgoing arp requests in DAT
Antonio Quartulli [Sat, 29 Mar 2014 16:27:38 +0000 (17:27 +0100)]
batman-adv: fix local TT check for outgoing arp requests in DAT

Change introduced by 88e48d7b3340ef07b108eb8a8b3813dd093cc7f7
("batman-adv: make DAT drop ARP requests targeting local clients")
implements a check that prevents DAT from using the caching
mechanism when the client that is supposed to provide a reply
to an arp request is local.

However change brought by be1db4f6615b5e6156c807ea8985171c215c2d57
("batman-adv: make the Distributed ARP Table vlan aware")
has not converted the above check into its vlan aware version
thus making it useless when the local client is behind a vlan.

Fix the behaviour by properly specifying the vlan when
checking for a client being local or not.

Reported-by: Simon Wunderlich <simon@open-mesh.com>
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
10 years agobatman-adv: increase orig refcount when storing ref in gw_node
Antonio Quartulli [Thu, 1 May 2014 23:35:13 +0000 (01:35 +0200)]
batman-adv: increase orig refcount when storing ref in gw_node

A pointer to the orig_node representing a bat-gateway is
stored in the gw_node->orig_node member, but the refcount
for such orig_node is never increased.
This leads to memory faults when gw_node->orig_node is accessed
and the originator has already been freed.

Fix this by increasing the refcount on gw_node creation
and decreasing it on gw_node free.

Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
10 years agobatman-adv: fix reference counting imbalance while sending fragment
Antonio Quartulli [Wed, 23 Apr 2014 12:05:16 +0000 (14:05 +0200)]
batman-adv: fix reference counting imbalance while sending fragment

In the new fragmentation code the batadv_frag_send_packet()
function obtains a reference to the primary_if, but it does
not release it upon return.

This reference imbalance prevents the primary_if (and then
the related netdevice) to be properly released on shut down.

Fix this by releasing the primary_if in batadv_frag_send_packet().

Introduced by ee75ed88879af88558818a5c6609d85f60ff0df4
("batman-adv: Fragment and send skbs larger than mtu")

Cc: Martin Hundebøll <martin@hundeboll.net>
Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Acked-by: Martin Hundebøll <martin@hundeboll.net>
10 years agobatman-adv: fix indirect hard_iface NULL dereference
Marek Lindner [Wed, 23 Apr 2014 19:44:25 +0000 (03:44 +0800)]
batman-adv: fix indirect hard_iface NULL dereference

If hard_iface is NULL and goto out is made batadv_hardif_free_ref()
doesn't check for NULL before dereferencing it to get to refcount.

Introduced in cb1c92ec37fb70543d133a1fa7d9b54d6f8a1ecd
("batman-adv: add debugfs support to view multiif tables").

Reported-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Acked-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
John W. Linville [Thu, 15 May 2014 14:24:28 +0000 (10:24 -0400)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem

10 years agoasm-generic: remove _STK_LIM_MAX
James Hogan [Thu, 1 May 2014 14:05:07 +0000 (15:05 +0100)]
asm-generic: remove _STK_LIM_MAX

_STK_LIM_MAX could be used to override the RLIMIT_STACK hard limit from
an arch's include/uapi/asm-generic/resource.h file, but is no longer
used since both parisc and metag removed the override. Therefore remove
it entirely, setting the hard RLIMIT_STACK limit to RLIM_INFINITY
directly in include/asm-generic/resource.h.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: linux-arch@vger.kernel.org
Cc: Helge Deller <deller@gmx.de>
Cc: John David Anglin <dave.anglin@bell.net>
10 years agometag: Remove _STK_LIM_MAX override
James Hogan [Thu, 1 May 2014 11:31:14 +0000 (12:31 +0100)]
metag: Remove _STK_LIM_MAX override

Meta overrode _STK_LIM_MAX (the default RLIMIT_STACK hard limit) to
256MB, apparently in an attempt to prevent setup_arg_pages's
STACK_GROWSUP code from choosing the maximum stack size of 1GB, which is
far too large for Meta's limited virtual address space and hits a BUG_ON
(stack_top is usually 0x3ffff000).

However the commit "metag: Reduce maximum stack size to 256MB" reduces
the absolute stack size limit to a safe value for metag. This allows the
default _STK_LIM_MAX override to be removed, bringing the default
behaviour in line with all other architectures. Parisc in particular
recently removed their override of _STK_LIMT_MAX in commit e0d8898d76a7
(parisc: remove _STK_LIM_MAX override) since it subtly affects stack
allocation semantics in userland. Meta's uapi/asm/resource.h can now be
removed and switch to using generic-y.

Suggested-by: Helge Deller <deller@gmx.de>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: John David Anglin <dave.anglin@bell.net>
10 years agoparisc,metag: Do not hardcode maximum userspace stack size
Helge Deller [Wed, 30 Apr 2014 21:26:02 +0000 (23:26 +0200)]
parisc,metag: Do not hardcode maximum userspace stack size

This patch affects only architectures where the stack grows upwards
(currently parisc and metag only). On those do not hardcode the maximum
initial stack size to 1GB for 32-bit processes, but make it configurable
via a config option.

The main problem with the hardcoded stack size is, that we have two
memory regions which grow upwards: stack and heap. To keep most of the
memory available for heap in a flexmap memory layout, it makes no sense
to hard allocate up to 1GB of the memory for stack which can't be used
as heap then.

This patch makes the stack size for 32-bit processes configurable and
uses 80MB as default value which has been in use during the last few
years on parisc and which hasn't showed any problems yet.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: linux-parisc@vger.kernel.org
Cc: linux-metag@vger.kernel.org
Cc: John David Anglin <dave.anglin@bell.net>
10 years agometag: Reduce maximum stack size to 256MB
James Hogan [Tue, 13 May 2014 22:58:24 +0000 (23:58 +0100)]
metag: Reduce maximum stack size to 256MB

Specify the maximum stack size for arches where the stack grows upward
(parisc and metag) in asm/processor.h rather than hard coding in
fs/exec.c so that metag can specify a smaller value of 256MB rather than
1GB.

This fixes a BUG on metag if the RLIMIT_STACK hard limit is increased
beyond a safe value by root. E.g. when starting a process after running
"ulimit -H -s unlimited" it will then attempt to use a stack size of the
maximum 1GB which is far too big for metag's limited user virtual
address space (stack_top is usually 0x3ffff000):

BUG: failure at fs/exec.c:589/shift_arg_pages()!

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Helge Deller <deller@gmx.de>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: linux-parisc@vger.kernel.org
Cc: linux-metag@vger.kernel.org
Cc: John David Anglin <dave.anglin@bell.net>
Cc: stable@vger.kernel.org # only needed for >= v3.9 (arch/metag)
10 years agometag: fix memory barriers
Mikulas Patocka [Thu, 8 May 2014 19:51:37 +0000 (15:51 -0400)]
metag: fix memory barriers

Volatile access doesn't really imply the compiler barrier. Volatile access
is only ordered with respect to other volatile accesses, it isn't ordered
with respect to general memory accesses. Gcc may reorder memory accesses
around volatile access, as we can see in this simple example (if we
compile it with optimization, both increments of *b will be collapsed to
just one):

void fn(volatile int *a, long *b)
{
(*b)++;
*a = 10;
(*b)++;
}

Consequently, we need the compiler barrier after a write to the volatile
variable, to make sure that the compiler doesn't reorder the volatile
write with something else.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
10 years agonet: filter: s390: fix JIT address randomization
Heiko Carstens [Wed, 14 May 2014 07:48:21 +0000 (09:48 +0200)]
net: filter: s390: fix JIT address randomization

This is the s390 variant of Alexei's JIT bug fix.
(patch description below stolen from Alexei's patch)

bpf_alloc_binary() adds 128 bytes of room to JITed program image
and rounds it up to the nearest page size. If image size is close
to page size (like 4000), it is rounded to two pages:
round_up(4000 + 4 + 128) == 8192
then 'hole' is computed as 8192 - (4000 + 4) = 4188
If prandom_u32() % hole selects a number >= PAGE_SIZE - sizeof(*header)
then kernel will crash during bpf_jit_free():

kernel BUG at arch/x86/mm/pageattr.c:887!
Call Trace:
 [<ffffffff81037285>] change_page_attr_set_clr+0x135/0x460
 [<ffffffff81694cc0>] ? _raw_spin_unlock_irq+0x30/0x50
 [<ffffffff810378ff>] set_memory_rw+0x2f/0x40
 [<ffffffffa01a0d8d>] bpf_jit_free_deferred+0x2d/0x60
 [<ffffffff8106bf98>] process_one_work+0x1d8/0x6a0
 [<ffffffff8106bf38>] ? process_one_work+0x178/0x6a0
 [<ffffffff8106c90c>] worker_thread+0x11c/0x370

since bpf_jit_free() does:
  unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
  struct bpf_binary_header *header = (void *)addr;
to compute start address of 'bpf_binary_header'
and header->pages will pass junk to:
  set_memory_rw(addr, header->pages);

Fix it by making sure that &header->image[prandom_u32() % hole] and &header
are in the same page.

Fixes: aa2d2c73c21f2 ("s390/bpf,jit: address randomize and write protect jit code")
Reported-by: Alexei Starovoitov <ast@plumgrid.com>
Cc: <stable@vger.kernel.org> # v3.11+
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoath9k_htc: Stop ANI before doing hw_reset
Rajkumar Manoharan [Wed, 14 May 2014 09:09:21 +0000 (14:39 +0530)]
ath9k_htc: Stop ANI before doing hw_reset

During remain on channel request, ANI worker thread is not stopped
before doing hw reset. This is causing kernel crash in
hw_per_calibration. This change ensures that ANI is stopped before
doing chip reset and it will be rescheduled later when the chip is
configured back to home channel and having valid bss.

Reported-by: David Herrmann <dh.herrmann@gmail.com>
Tested-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
John W. Linville [Wed, 14 May 2014 19:39:45 +0000 (15:39 -0400)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

10 years agoaf_iucv: wrong mapping of sent and confirmed skbs
Ursula Braun [Tue, 13 May 2014 12:38:02 +0000 (14:38 +0200)]
af_iucv: wrong mapping of sent and confirmed skbs

When sending data through IUCV a MESSAGE COMPLETE interrupt
signals that sent data memory can be freed or reused again.
With commit f9c41a62bba3f3f7ef3541b2a025e3371bcbba97
"af_iucv: fix recvmsg by replacing skb_pull() function" the
MESSAGE COMPLETE callback iucv_callback_txdone() identifies
the wrong skb as being confirmed, which leads to data corruption.
This patch fixes the skb mapping logic in iucv_callback_txdone().

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agobe2net: enable interrupts in EEH resume
Kalesh AP [Tue, 13 May 2014 08:33:11 +0000 (14:03 +0530)]
be2net: enable interrupts in EEH resume

On some BE3 FW versions, after a HW reset, interrupts will remain disabled
for each function. So, explicitly enable the interrupts in the eeh_resume
handler, else after an eeh recovery interrupts wouldn't work.

Signed-off-by: Kalesh AP <kalesh.purayil@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agojme: Fix unmap loop counting error:
Neil Horman [Mon, 12 May 2014 14:38:18 +0000 (10:38 -0400)]
jme: Fix unmap loop counting error:

In my recent fix (76a691d0a: fix dma unmap warning), Ben Hutchings noted that my
loop count was incorrect.  Where j started at startidx, it should have started
at zero, and gone on for count entries, not to endidx.  Additionally, a DMA
resource exhaustion should drop the frame and (for now), return
NETDEV_TX_OK, not NETEV_TX_BUSY.  This patch fixes both of those issues:

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Ben Hutchings <ben@decadent.org.uk>
CC: "David S. Miller" <davem@davemloft.net>
CC: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoInput: synaptics - add min/max quirk for the ThinkPad W540
Hans de Goede [Wed, 14 May 2014 18:10:40 +0000 (11:10 -0700)]
Input: synaptics - add min/max quirk for the ThinkPad W540

https://bugzilla.redhat.com/show_bug.cgi?id=1096436

Cc: stable@vger.kernel.org
Tested-and-reported-by: ajayr@bigfoot.com
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
10 years agoBluetooth: Fix L2CAP LE debugfs entries permissions
Samuel Ortiz [Wed, 14 May 2014 15:53:35 +0000 (17:53 +0200)]
Bluetooth: Fix L2CAP LE debugfs entries permissions

0466 was probably meant to be 0644, there's no reason why everyone
except root could write there.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoALSA: sb_mixer: missing return statement
Dan Carpenter [Wed, 14 May 2014 13:32:21 +0000 (16:32 +0300)]
ALSA: sb_mixer: missing return statement

The if condition here was supposed to return on error but the return
statement is missing.  The effect is that the ->mixername is set to
"???" instead of "DT019X".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
10 years agomac80211: fix on-channel remain-on-channel
Johannes Berg [Wed, 14 May 2014 13:34:41 +0000 (15:34 +0200)]
mac80211: fix on-channel remain-on-channel

Jouni reported that if a remain-on-channel was active on the
same channel as the current operating channel, then the ROC
would start, but any frames transmitted using mgmt-tx on the
same channel would get delayed until after the ROC.

The reason for this is that the ROC starts, but doesn't have
any handling for "remain on the same channel", so it stops
the interface queues. The later mgmt-tx then puts the frame
on the interface queues (since it's on the current operating
channel) and thus they get delayed until after the ROC.

To fix this, add some logic to handle remaining on the same
channel specially and not stop the queues etc. in this case.
This not only fixes the bug but also improves behaviour in
this case as data frames etc. can continue to flow.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Tested-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
10 years agoMerge tag 'asoc-v3.15-rc5-intel' of git://git.kernel.org/pub/scm/linux/kernel/git...
Takashi Iwai [Wed, 14 May 2014 12:27:12 +0000 (14:27 +0200)]
Merge tag 'asoc-v3.15-rc5-intel' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Intel fixes for v3.15

This is a relatively large batch of fixes for the newly added
Haswell/Baytrail drivers from Intel.  It's a bit larger than is good for
this point in the cycle but it's all for a newly added driver so not so
worrying as it might otherwise be.  Some of it's integration problems,
some of it's the sort of problem usually turned up in stress tests.

10 years agoMerge tag 'asoc-v3.15-rc5-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git...
Takashi Iwai [Wed, 14 May 2014 12:24:09 +0000 (14:24 +0200)]
Merge tag 'asoc-v3.15-rc5-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Driver fixes for v3.15

A small set of driver fixes, nothing remarkable in itself or of any
relevance outside of the driver.

10 years agoMerge tag 'asoc-v3.15-rc5-core' of git://git.kernel.org/pub/scm/linux/kernel/git...
Takashi Iwai [Wed, 14 May 2014 12:23:48 +0000 (14:23 +0200)]
Merge tag 'asoc-v3.15-rc5-core' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Core fixes for v3.15

A few things here:

 - Fix the creation of spurious CODEC<->CODEC links which caused DAPM to
   have audio paths which shouldn't be present causing spurious powerups
   and potential audible issues for users.
 - Ensure the suspend->off transition doesn't have spurious transitions
   to prepare added to the sequence.
 - Fix incorrect skipping of PCM suspension for active audio streams.
 - Remove Timur Tabi from the CS4270 maintainers, Cirrus are now doing
   this and Timur no longer has the boards that he was using.

10 years agoMerge remote-tracking branch 'asoc/fix/pcm' into asoc-linus
Mark Brown [Wed, 14 May 2014 11:52:41 +0000 (12:52 +0100)]
Merge remote-tracking branch 'asoc/fix/pcm' into asoc-linus

10 years agoMerge remote-tracking branch 'asoc/fix/dapm' into asoc-linus
Mark Brown [Wed, 14 May 2014 11:52:32 +0000 (12:52 +0100)]
Merge remote-tracking branch 'asoc/fix/dapm' into asoc-linus

10 years agoMerge remote-tracking branches 'asoc/fix/audmux', 'asoc/fix/cs42l52', 'asoc/fix/fsl...
Mark Brown [Wed, 14 May 2014 11:49:10 +0000 (12:49 +0100)]
Merge remote-tracking branches 'asoc/fix/audmux', 'asoc/fix/cs42l52', 'asoc/fix/fsl-esai', 'asoc/fix/fsl-spdif', 'asoc/fix/rcar', 'asoc/fix/tlv320aic31xx' and 'asoc/fix/wm8962' into asoc-linus

10 years agoInput: ambakmi - request a shared interrupt for AMBA KMI devices
Liviu Dudau [Wed, 14 May 2014 06:17:12 +0000 (23:17 -0700)]
Input: ambakmi - request a shared interrupt for AMBA KMI devices

Recent ARM boards have the KMI devices share one interrupt line rather
than having dedicated IRQs. Update the driver to take that into account.

Signed-off-by: Liviu Dudau <Liviu.Dudau@arm.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
10 years agoInput: pxa27x-keypad - fix generating scancode
Chao Xie [Tue, 13 May 2014 02:20:48 +0000 (19:20 -0700)]
Input: pxa27x-keypad - fix generating scancode

The number of columns of pxa27x-keypad used by various boards is not fixed.
When building keymap with call to:

matrix_keypad_build_keymap(keymap_data, NULL,
                           pdata->matrix_key_rows,
                           pdata->matrix_key_cols,
                           keypad->keycodes, input_dev);

it will internally calculate needed row shift and use it to fill the
keymap. Therefore when calculating the "scancode" we should no longer use
constant row shift but also calculate it from number of columns.

Signed-off-by: Chao Xie <chao.xie@marvell.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
10 years agoipv6: fix calculation of option len in ip6_append_data
Hannes Frederic Sowa [Sun, 11 May 2014 21:01:13 +0000 (23:01 +0200)]
ipv6: fix calculation of option len in ip6_append_data

tot_len does specify the size of struct ipv6_txoptions. We need opt_flen +
opt_nflen to calculate the overall length of additional ipv6 extensions.

I found this while auditing the ipv6 output path for a memory corruption
reported by Alexey Preobrazhensky while he fuzzed an instrumented
AddressSanitizer kernel with trinity. This may or may not be the cause
of the original bug.

Fixes: 4df98e76cde7c6 ("ipv6: pmtudisc setting not respected with UFO/CORK")
Reported-by: Alexey Preobrazhensky <preobr@google.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: avoid dependency of net_get_random_once on nop patching
Hannes Frederic Sowa [Sun, 11 May 2014 20:59:30 +0000 (22:59 +0200)]
net: avoid dependency of net_get_random_once on nop patching

net_get_random_once depends on the static keys infrastructure to patch up
the branch to the slow path during boot. This was realized by abusing the
static keys api and defining a new initializer to not enable the call
site while still indicating that the branch point should get patched
up. This was needed to have the fast path considered likely by gcc.

The static key initialization during boot up normally walks through all
the registered keys and either patches in ideal nops or enables the jump
site but omitted that step on x86 if ideal nops where already placed at
static_key branch points. Thus net_get_random_once branches not always
became active.

This patch switches net_get_random_once to the ordinary static_key
api and thus places the kernel fast path in the - by gcc considered -
unlikely path.  Microbenchmarks on Intel and AMD x86-64 showed that
the unlikely path actually beats the likely path in terms of cycle cost
and that different nop patterns did not make much difference, thus this
switch should not be noticeable.

Fixes: a48e42920ff38b ("net: introduce new macro net_get_random_once")
Reported-by: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: filter: x86: fix JIT address randomization
Alexei Starovoitov [Tue, 13 May 2014 22:05:55 +0000 (15:05 -0700)]
net: filter: x86: fix JIT address randomization

bpf_alloc_binary() adds 128 bytes of room to JITed program image
and rounds it up to the nearest page size. If image size is close
to page size (like 4000), it is rounded to two pages:
round_up(4000 + 4 + 128) == 8192
then 'hole' is computed as 8192 - (4000 + 4) = 4188
If prandom_u32() % hole selects a number >= PAGE_SIZE - sizeof(*header)
then kernel will crash during bpf_jit_free():

kernel BUG at arch/x86/mm/pageattr.c:887!
Call Trace:
 [<ffffffff81037285>] change_page_attr_set_clr+0x135/0x460
 [<ffffffff81694cc0>] ? _raw_spin_unlock_irq+0x30/0x50
 [<ffffffff810378ff>] set_memory_rw+0x2f/0x40
 [<ffffffffa01a0d8d>] bpf_jit_free_deferred+0x2d/0x60
 [<ffffffff8106bf98>] process_one_work+0x1d8/0x6a0
 [<ffffffff8106bf38>] ? process_one_work+0x178/0x6a0
 [<ffffffff8106c90c>] worker_thread+0x11c/0x370

since bpf_jit_free() does:
  unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
  struct bpf_binary_header *header = (void *)addr;
to compute start address of 'bpf_binary_header'
and header->pages will pass junk to:
  set_memory_rw(addr, header->pages);

Fix it by making sure that &header->image[prandom_u32() % hole] and &header
are in the same page

Fixes: 314beb9bcabfd ("x86: bpf_jit_comp: secure bpf jit against spraying attacks")
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Tue, 13 May 2014 18:52:34 +0000 (14:52 -0400)]
Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

10 years agoASoC: wm8962: Update register CLASS_D_CONTROL_1 to be non-volatile
Charles Keepax [Tue, 13 May 2014 12:45:15 +0000 (13:45 +0100)]
ASoC: wm8962: Update register CLASS_D_CONTROL_1 to be non-volatile

The register CLASS_D_CONTROL_1 is marked as volatile because it contains
a bit, DAC_MUTE, which is also mirrored in the ADC_DAC_CONTROL_1
register. This causes problems for the "Speaker Switch" control, which
will report an error if the CODEC is suspended because it relies on a
volatile register.

To resolve this issue mark CLASS_D_CONTROL_1 as non-volatile and
manually keep the register cache in sync by updating both bits when
changing the mute status.

Reported-by: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
10 years agoASoC: Intel: Fix Baytrail SST DSP firmware loading
Jarkko Nikula [Tue, 13 May 2014 12:46:06 +0000 (15:46 +0300)]
ASoC: Intel: Fix Baytrail SST DSP firmware loading

Commit 10df350977b1 ("ASoC: Intel: Fix Audio DSP usage when IOMMU is
enabled.") caused following regression in Baytrail SST:

baytrail-pcm-audio baytrail-pcm-audio: error: DMA alloc failed
baytrail-pcm-audio baytrail-pcm-audio: error: failed to load firmware

Fix this by calling dma_coerce_mask_and_coherent() in sst_byt_init() with
the same dma_dev device what is now used in sst_fw_new() when allocating the
DMA buffer.

Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
10 years agoMerge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Tue, 13 May 2014 16:53:36 +0000 (12:53 -0400)]
Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge

Included changes:
- properly release neigh_ifinfo in batadv_iv_ogm_process_per_outif()
- properly release orig_ifinfo->router when freeing orig_ifinfo
- properly release neigh_node objects during periodic check
- properly release neigh_info objects when the related hard_iface
  is free'd

These changes are all very important because they fix some
reference counting imbalances that lead to the
impossibility of releasing the netdev object used by
batman-adv on shutdown.
The consequence is that such object cannot be destroyed by
the networking stack (the refcounter does not reach zero)
thus bringing the system in hanging state during a normal
reboot operation or a network reconfiguration.

10 years agoneigh: set nud_state to NUD_INCOMPLETE when probing router reachability
Duan Jiong [Fri, 9 May 2014 05:16:48 +0000 (13:16 +0800)]
neigh: set nud_state to NUD_INCOMPLETE when probing router reachability

Since commit 7e98056964("ipv6: router reachability probing"), a router falls
into NUD_FAILED will be probed.

Now if function rt6_select() selects a router which neighbour state is NUD_FAILED,
and at the same time function rt6_probe() changes the neighbour state to NUD_PROBE,
then function dst_neigh_output() can directly send packets, but actually the
neighbour still is unreachable. If we set nud_state to NUD_INCOMPLETE instead
NUD_PROBE, packets will not be sent out until the neihbour is reachable.

In addition, because the route should be probes with a single NS, so we must
set neigh->probes to neigh_max_probes(), then the neigh timer timeout and function
neigh_timer_handler() will not send other NS Messages.

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonl80211: fix NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL API
Johannes Berg [Tue, 13 May 2014 13:45:55 +0000 (15:45 +0200)]
nl80211: fix NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL API

My commit removing that also removed it from the header file
which can break compilation of userspace that needed it, add
it back for API/ABI compatibility purposes (but no code to
implement anything for it.)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
10 years agoiwlwifi: mvm: prevent sched scan while not idle
David Spinadel [Tue, 13 May 2014 11:29:36 +0000 (14:29 +0300)]
iwlwifi: mvm: prevent sched scan while not idle

Prevent sched scan while not idle (including during association or in AP
mode) instead of while associated only.

This fixes my previous commit which was incomplete:

commit bd5e4744a6ca64299b57a2682c720d00a475a734
Author: David Spinadel <david.spinadel@intel.com>
Date:   Thu Apr 24 13:15:29 2014 +0300

    iwlwifi: mvm: do no sched scan while associated

    Currently the FW doesn't support sched scan while associated,
    Prevent it.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agomac80211: fix suspend vs. association race
Emmanuel Grumbach [Tue, 13 May 2014 09:54:09 +0000 (12:54 +0300)]
mac80211: fix suspend vs. association race

If the association is in progress while we suspend, the
stack will be in a messed up state. Clean it before we
suspend.

This patch completes Johannes's patch:

1a1cb744de160ee70086a77afff605bbc275d291
Author: Johannes Berg <johannes.berg@intel.com>

    mac80211: fix suspend vs. authentication race

Cc: <stable@vger.kernel.org>
Fixes: 12e7f517029d ("mac80211: cleanup generic suspend/resume procedures")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
10 years agokernfs, sysfs, cgroup: restrict extra perm check on open to sysfs
Tejun Heo [Mon, 12 May 2014 17:56:27 +0000 (13:56 -0400)]
kernfs, sysfs, cgroup: restrict extra perm check on open to sysfs

The kernfs open method - kernfs_fop_open() - inherited extra
permission checks from sysfs.  While the vfs layer allows ignoring the
read/write permissions checks if the issuer has CAP_DAC_OVERRIDE,
sysfs explicitly denied open regardless of the cap if the file doesn't
have any of the UGO perms of the requested access or doesn't implement
the requested operation.  It can be debated whether this was a good
idea or not but the behavior is too subtle and dangerous to change at
this point.

After cgroup got converted to kernfs, this extra perm check also got
applied to cgroup breaking libcgroup which opens write-only files with
O_RDWR as root.  This patch gates the extra open permission check with
a new flag KERNFS_ROOT_EXTRA_OPEN_PERM_CHECK and enables it for sysfs.
For sysfs, nothing changes.  For cgroup, root now can perform any
operation regardless of the permissions as it was before kernfs
conversion.  Note that kernfs still fails unimplemented operations
with -EINVAL.

While at it, add comments explaining KERNFS_ROOT flags.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Andrey Wagin <avagin@gmail.com>
Tested-by: Andrey Wagin <avagin@gmail.com>
Cc: Li Zefan <lizefan@huawei.com>
References: http://lkml.kernel.org/g/CANaxB-xUm3rJ-Cbp72q-rQJO5mZe1qK6qXsQM=vh0U8upJ44+A@mail.gmail.com
Fixes: 2bd59d48ebfb ("cgroup: convert to kernfs")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agoiwlwifi: mvm: fix off-by-one in scan channels configuration
Eliad Peller [Sun, 11 May 2014 16:59:43 +0000 (19:59 +0300)]
iwlwifi: mvm: fix off-by-one in scan channels configuration

tail should be equal to the last valid index, so
decrease it by one.

This error causes in "a gap" in some cases (as well as
some possible out-of-bound write), finally resulting in
ucode assertion.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoALSA: hda - mask buggy stream DMA0 for Broadwell display controller
Mengdong Lin [Tue, 13 May 2014 08:57:08 +0000 (16:57 +0800)]
ALSA: hda - mask buggy stream DMA0 for Broadwell display controller

Broadwell display controller has 3 stream DMA engines. DMA0 cannot update DMA
postion buffer properly while DMA1 and DMA2 can work well. So this patch masks
the buggy DMA0 by keeping it as opened.

This is a tentative workaround, so keep the change small as Takashi suggested.

Signed-off-by: Mengdong Lin <mengdong.lin@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
10 years agoALSA: hda - Add new GPU codec ID to snd-hda
Aaron Plattner [Tue, 13 May 2014 03:05:02 +0000 (20:05 -0700)]
ALSA: hda - Add new GPU codec ID to snd-hda

Vendor ID 0x10de0071 is used by a yet-to-be-named GPU chip.

Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
10 years agoip6_tunnel: fix potential NULL pointer dereference
Susant Sahani [Fri, 9 May 2014 18:41:32 +0000 (00:11 +0530)]
ip6_tunnel: fix potential NULL pointer dereference

The function ip6_tnl_validate assumes that the rtnl
attribute IFLA_IPTUN_PROTO always be filled . If this
attribute is not filled by  the userspace application
kernel get crashed with NULL pointer dereference. This
patch fixes the potential kernel crash when
IFLA_IPTUN_PROTO is missing .

Signed-off-by: Susant Sahani <susant@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoMerge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux
Linus Torvalds [Tue, 13 May 2014 02:33:09 +0000 (11:33 +0900)]
Merge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux

Pull file locking fix from Jeff Layton:
 "Fix for regression in handling of F_GETLK commands"

* tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux:
  locks: only validate the lock vs. f_mode in F_SETLK codepaths

10 years agoMerge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck...
Linus Torvalds [Tue, 13 May 2014 02:28:52 +0000 (11:28 +0900)]
Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:
 "Fix resource leak as well as broken store function in emc1403 driver,
  and add support for additional chip revisions"

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (emc1403) Support full range of known chip revision numbers
  hwmon: (emc1403) Fix resource leak on module unload
  hwmon: (emc1403) fix inverted store_hyst()

10 years agoMerge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj...
Linus Torvalds [Tue, 13 May 2014 02:25:56 +0000 (11:25 +0900)]
Merge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu

Pull a percpu fix from Tejun Heo:
 "Fix for a percpu allocator bug where it could try to kfree() a memory
  region allocated using vmalloc().  The bug has been there for years
  now and is unlikely to have ever triggered given the size of struct
  pcpu_chunk.  It's still theoretically possible and the fix is simple
  and safe enough, so the patch is marked with -stable"

* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
  percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()

10 years agoMerge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Linus Torvalds [Tue, 13 May 2014 02:24:07 +0000 (11:24 +0900)]
Merge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq

Pull workqueue fixes from Tejun Heo:
 "Fixes for two bugs in workqueue.

  One is exiting with internal mutex held in a failure path of
  wq_update_unbound_numa().  The other is a subtle and unlikely
  use-after-possible-last-put in the rescuer logic.  Both have been
  around for quite some time now and are unlikely to have triggered
  noticeably often.  All patches are marked for -stable backport"

* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: fix a possible race condition between rescuer and pwq-release
  workqueue: make rescuer_thread() empty wq->maydays list before exiting
  workqueue: fix bugs in wq_update_unbound_numa() failure path

10 years agoMerge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj...
Linus Torvalds [Tue, 13 May 2014 02:22:57 +0000 (11:22 +0900)]
Merge branch 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

Pull cgroup fixes from Tejun Heo:
 "During recent restructuring, device_cgroup unified config input check
  and enforcement logic; unfortunately, it turned out to share too much.
  Aristeu's patches fix the breakage and marked for -stable backport.

  The other two patches are fallouts from kernfs conversion.  The blkcg
  change is temporary and will go away once kernfs internal locking gets
  simplified (patches pending)"

* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  blkcg: use trylock on blkcg_pol_mutex in blkcg_reset_stats()
  device_cgroup: check if exception removal is allowed
  device_cgroup: fix the comment format for recently added functions
  device_cgroup: rework device access check and exception checking
  cgroup: fix the retry path of cgroup_mount()

10 years agoMerge tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kerne...
Linus Torvalds [Tue, 13 May 2014 02:21:01 +0000 (11:21 +0900)]
Merge tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen bug fixes from David Vrabel:
 - Fix arm64 crash on boot.
 - Quiet a noisy arm build warning (virt_to_pfn() redefined).

* tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  arm64: introduce virt_to_pfn
  xen/events/fifo: correctly align bitops
  arm/xen: Remove definiition of virt_to_pfn in asm/xen/page.h

10 years agoMerge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Linus Torvalds [Tue, 13 May 2014 02:19:32 +0000 (11:19 +0900)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fix from Steve French:
 "Small cifs fix for metadata caching"

* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: fix actimeo=0 corner case when cifs_i->time == jiffies

10 years agoMerge tag 'md/3.15-fixes' of git://neil.brown.name/md
Linus Torvalds [Tue, 13 May 2014 02:11:48 +0000 (11:11 +0900)]
Merge tag 'md/3.15-fixes' of git://neil.brown.name/md

Pull md bugfixes from Neil Brown:
 "Two bugfixes for md in 3.15

  Both tagged for -stable"

* tag 'md/3.15-fixes' of git://neil.brown.name/md:
  md: avoid possible spinning md thread at shutdown.
  md/raid10: call wait_barrier() for each request submitted.

10 years agoMerge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
Linus Torvalds [Tue, 13 May 2014 02:07:02 +0000 (11:07 +0900)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Seems like we've had more fixes than usual this release cycle, but
  there's nothing in particular that we're doing differently.  Perhaps
  it's just one of those cycles where more people are finding more
  regressions (and/or that the latency of when people actually test
  what's been in the tree for a while is catching up so that we get the
  bug reports now).

  The bigger changes here are are for TI and Marvell platforms:
   * Timing changes for GPMC (generic localbus) on OMAP causing some
     largeish DTS deltas.
   * Fixes to window allocation on PCI for mvebu touching drivers/
     stuff.  Patches have acks from subsystem maintainers where needed.
   * A fix from Thomas for a botched DT conversion in drivers/edma.

  There's a handful of other fixes for the above platforms as well as
  sunxi, at91, i.MX.  I also included a MAINTAINER update for Broadcom,
  and a trivial move of a binding doc.

  I know you said you'd be offline this week, but I might as well post
  it for when you return.  :)"

I'm not quite offline yet.  Doing a few pulls in the last hour before my
internet goes away..

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
  MAINTAINERS: update Broadcom ARM tree location and add an SoC family
  ARM: dts: i.MX53: Fix ipu register space size
  ARM: dts: kirkwood: fix mislocated pcie-controller nodes
  ARM: sunxi: Enable GMAC in sunxi_defconfig
  ARM: common: edma: Fix xbar mapping
  ARM: sun7i: Fix i2c4 base address
  ARM: Kirkwood: T5325: Fix double probe of Codec
  ARM: mvebu: enable the SATA interface on Armada 375 DB
  ARM: mvebu: specify I2C bus frequency on Armada 370 DB
  ARM: mvebu: use qsgmii phy-mode for Armada XP GP interfaces
  ARM: mvebu: fix NOR bus-width in Armada XP OpenBlocks AX3 Device Tree
  ARM: mvebu: fix NOR bus-width in Armada XP DB Device Tree
  ARM: mvebu: fix NOR bus-width in Armada XP GP Device Tree
  ARM: dts: AM3517: Disable absent IPs inherited from OMAP3
  ARM: dts: OMAP2: Fix interrupts for OMAP2420 mailbox
  ARM: dts: OMAP5: Add mailbox dt node to fix boot warning
  ARM: OMAP5: Switch to THUMB mode if needed on secondary CPU
  ARM: dts: am437x-gp-evm: Do not reset gpio5
  ARM: dts: omap3-igep0020: use SMSC9221 timings
  PCI: mvebu: split PCIe BARs into multiple MBus windows when needed
  ...

10 years agopowerpc/ppc64: Allow allmodconfig to build (finally !)
Benjamin Herrenschmidt [Mon, 12 May 2014 05:57:34 +0000 (15:57 +1000)]
powerpc/ppc64: Allow allmodconfig to build (finally !)

This shuffles code around in exceptions-64s.S in order to
allow an allmodconfig build to succeed.

The main problems were:

 - We have a fixed hole from 0x7000 to 0x8000 for use by FW,
under some circumstances the code before that would grow too
big and hit the . = 0x7000

 - The various attempts at making space in there would trigger
cases where short conditional branches from assembly would no
longer be able to reach their target. This is especially nasty
when these branches reside in alternate feature sections which
are appended at the end of each .o file

This fixes it by essentially moving all the "second level"
exception handlers to after the hole and moving a couple of
functions near the hole itself so they sit at reachable distance
of both the first level handlers (before the hole) and the alternate
feature sections (end of file).

In the long run, if we start hitting this again, we'll probably
have to split the file in two, probably at the hole location,
to keep the alt sections used by the first level handlers close
to them, and move everything else further away.

But for now, this will do.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>