Kees Cook [Mon, 11 Mar 2013 21:37:35 +0000 (14:37 -0700)]
drm/i915: clarify reasoning for the access_ok call
This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
v2:
- rewrote comment, thanks to Chris Wilson
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
[danvet: add patch history log to commit message.] Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Kees Cook [Sun, 10 Mar 2013 21:10:06 +0000 (14:10 -0700)]
drm/i915: use simple attribute in debugfs routines
This replaces the manual read/write routines in debugfs with the common
simple attribute helpers. Doing this gets rid of repeated copy/pasting
of copy_from_user and value formatting code.
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Sage Weil [Wed, 6 Mar 2013 22:57:03 +0000 (14:57 -0800)]
libceph: fix decoding of pgids
In 4f6a7e5ee1393ec4b243b39dac9f36992d161540 we effectively dropped support
for the legacy encoding for the OSDMap and incremental. However, we didn't
fix the decoding for the pgid.
Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
ext3_msg() takes the printk prefix as the second parameter and the
format string as the third parameter. Two callers of ext3_msg omit the
prefix and pass the format string as the second parameter and the first
parameter to the format string as the third parameter. In both cases
this string comes from an arbitrary source. Which means the string may
contain format string characters, which will
lead to undefined and potentially harmful behavior.
The issue was introduced in commit 4cf46b67eb("ext3: Unify log messages
in ext3") and is fixed by this patch.
CC: stable@vger.kernel.org Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jan Kara <jack@suse.cz>
Jeff Mahoney [Wed, 27 Feb 2013 19:43:09 +0000 (14:43 -0500)]
quota: add missing use of dq_data_lock in __dquot_initialize
The bulk of __dquot_initialize runs under the dqptr_sem which
protects the inode->i_dquot pointers. It doesn't protect the
dereferenced contents, though. Those are protected by the
dq_data_lock, which is missing around the dquot_resv_space call.
Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Jonas Gorski [Mon, 11 Mar 2013 16:44:21 +0000 (17:44 +0100)]
mwl8k: don't overwrite regulatory settings on fw reload
Currently the caps are parsed on every firmware reload, causing any
channel flags to be cleared.
When there is a firmware to interface mode mismatch, the triggered
firmware reload causes a reset of the regulatory settings, causing all
channels to become available:
John W. Linville [Mon, 11 Mar 2013 18:59:46 +0000 (14:59 -0400)]
Merge tag 'nfc-next-3.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
This is the first NFC pull request for 3.10.
The 2 features we have with this one are:
- An LLCP Service Name Lookup (SNL) netlink interface for querying LLCP
service availability from user space.
Along the way, Thierry also improved the existing SNL interface for
aggregating SNL responses.
- An initial LLCP socket options implementation, for setting the Receive
Window (RW) and the Maximum Information Unit Extension (MIUX) per socket.
This is need for the LLCP validation tests.
We also have a microread MEI build failure here: I am not sending this one to
3.9 because the MEI bus code is not there yet, so it won't break for anyone
else than me.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felipe Balbi [Mon, 11 Mar 2013 18:01:08 +0000 (20:01 +0200)]
usb: musb: core: fix possible build error with randconfig
when making commit e574d57 (usb: musb: fix
compile warning) I forgot to git add this
part of the patch which ended up introducing
a possible build error.
Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
John W. Linville [Mon, 11 Mar 2013 18:07:55 +0000 (14:07 -0400)]
Merge tag 'nfc-fixes-3.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-fixes
Samuel Ortiz <sameo@linux.intel.com> says:
This is the first NFC pull request for 3.9 fixes
With this one we have:
- A fix for properly decreasing socket ack log.
- A timer and works cleanup upon NFC device removal.
- A monitoroing socket cleanup round from llcp_socket_release.
- A proper error report to pending sockets upon NFC device removal.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jan Kara [Mon, 11 Mar 2013 17:24:56 +0000 (13:24 -0400)]
jbd2: fix use after free in jbd2_journal_dirty_metadata()
jbd2_journal_dirty_metadata() didn't get a reference to journal_head it
was working with. This is OK in most of the cases since the journal head
should be attached to a transaction but in rare occasions when we are
journalling data, __ext4_journalled_writepage() can race with
jbd2_journal_invalidatepage() stripping buffers from a page and thus
journal head can be freed under hands of jbd2_journal_dirty_metadata().
Fix the problem by getting own journal head reference in
jbd2_journal_dirty_metadata() (and also in jbd2_journal_set_triggers()
which can possibly have the same issue).
Reported-by: Zheng Liu <gnehzuil.liu@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: stable@vger.kernel.org
Ian Abbott [Tue, 5 Mar 2013 13:13:44 +0000 (13:13 +0000)]
staging: comedi: dt9812: use CR_CHAN() for channel number
As pointed out by Dan Carpenper in
<http://driverdev.linuxdriverproject.org/pipermail/devel/2013-February/036025.html>,
the dt9812 comedi driver's use of the `chanspec` member of `struct
comedi_insn` as a channel number is incorrect. Change it to use
`CR_CHAN(insn->chanspec)` as the channel number (where `insn` is a
pointer to the `struct comedi_insn` being processed).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> # 3.8 onwards Cc: Anders Blomdell <anders.blomdell@control.lth.se> Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging/vt6656: Fix too large integer constant warning on 32-bit
drivers/staging/vt6656/card.c: In function ‘CARDqGetNextTBTT’:
drivers/staging/vt6656/card.c:793: warning: integer constant is too large for ‘unsigned long’ type
Commit c7b7cad0d8df823ea063c86a54316bbcbfa04a7c ("staging/vt6656: Fix
sparse warning constant 0xffffffff00000000U is so big it is unsigned long")
changed the constant to "0xffffffff00000000UL", but that only works on
64-bit. Change it "0xffffffff00000000ULL" to fix it for 32-bit, too.
Philipp Zabel [Wed, 20 Feb 2013 02:57:01 +0000 (10:57 +0800)]
staging: imx/drm: request irq only after adding the crtc
If the bootloader already enabled the display, the interrupt handler
will be called as soon as it is registered. If the CRTC is not already
added at this time, the call to imx_drm_handle_vblank will result in
a NULL pointer dereference.
The patch fixes a kernel panic [1], which has been on linux-next since
Jan 8 [2].
This patch adds support for the Lake Shore Cryotronics devices to
the CP210x driver.
These lines are ported from cp210x driver distributed by Lake Shore web site:
http://www.lakeshore.com/Documents/Lake%20Shore%20cp210x-3.0.0.tar.gz
and licensed under the terms of GPLv2.
Moreover, I've tested this changes with Lake Shore 335 in my labs.
Merge tag 'fixes-for-v3.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus
Felipe writes:
usb: fixes for v3.9-rc3
Most fixes are on 'musb' driver. There's a sparse warning
fix which marks omap2430_glue as static, a build warning
fix which was found with randconfig, a fix for omap_musb_mailbox
check and removal of 'select' from musb's Kconfig to prevent
Kconfig warnings.
Other than that, pxa25x got a fix which was introduced by the
latest conversion to udc_start/udc_stop patchset, kernel-doc
warnings for composite layer and dwc3 got a build fix on
sparc64.
Devendra Naga [Mon, 4 Mar 2013 16:52:48 +0000 (16:52 +0000)]
thermal: exynos_thermal: return a proper error code while thermal_zone_device_register fail.
we are returning EINVAL while the thermal_zone_device_register function fail.
instead we can use the return value from the thermal_zone_device_register by
using PTR_ERR.