Kees Cook [Mon, 11 Mar 2013 21:37:35 +0000 (14:37 -0700)]
drm/i915: clarify reasoning for the access_ok call
This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
v2:
- rewrote comment, thanks to Chris Wilson
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
[danvet: add patch history log to commit message.] Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Kees Cook [Sun, 10 Mar 2013 21:10:06 +0000 (14:10 -0700)]
drm/i915: use simple attribute in debugfs routines
This replaces the manual read/write routines in debugfs with the common
simple attribute helpers. Doing this gets rid of repeated copy/pasting
of copy_from_user and value formatting code.
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Sage Weil [Wed, 6 Mar 2013 22:57:03 +0000 (14:57 -0800)]
libceph: fix decoding of pgids
In 4f6a7e5ee1393ec4b243b39dac9f36992d161540 we effectively dropped support
for the legacy encoding for the OSDMap and incremental. However, we didn't
fix the decoding for the pgid.
Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
ext3_msg() takes the printk prefix as the second parameter and the
format string as the third parameter. Two callers of ext3_msg omit the
prefix and pass the format string as the second parameter and the first
parameter to the format string as the third parameter. In both cases
this string comes from an arbitrary source. Which means the string may
contain format string characters, which will
lead to undefined and potentially harmful behavior.
The issue was introduced in commit 4cf46b67eb("ext3: Unify log messages
in ext3") and is fixed by this patch.
CC: stable@vger.kernel.org Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Jan Kara <jack@suse.cz>
Jeff Mahoney [Wed, 27 Feb 2013 19:43:09 +0000 (14:43 -0500)]
quota: add missing use of dq_data_lock in __dquot_initialize
The bulk of __dquot_initialize runs under the dqptr_sem which
protects the inode->i_dquot pointers. It doesn't protect the
dereferenced contents, though. Those are protected by the
dq_data_lock, which is missing around the dquot_resv_space call.
Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Merge branch 'stable/for-linus-3.9-take-two' into linux-next
* stable/for-linus-3.9-take-two:
xen/acpi: remove redundant acpi/acpi_drivers.h include
xen: arm: mandate EABI and use generic atomic operations.
acpi: Export the acpi_processor_get_performance_info
xen/pciback: Don't disable a PCI device that is already disabled.
* tag 'v3.9-rc2': (236 commits)
Linux 3.9-rc2
Atmel MXT touchscreen: increase reset timeouts
proc: Use nd_jump_link in proc_ns_follow_link
Platform: x86: chromeos_laptop : Add basic platform data for atmel devices
Input: atmel_mxt_ts - Support for touchpad variant
alpha: boot: fix build breakage introduced by system.h disintegration
memcg: initialize kmem-cache destroying work earlier
Randy has moved
ksm: fix m68k build: only NUMA needs pfn_to_nid
dmi_scan: fix missing check for _DMI_ signature in smbios_present()
Revert parts of "hlist: drop the node parameter from iterators"
idr: remove WARN_ON_ONCE() on negative IDs
mm/mempolicy.c: fix sp_node_init() argument ordering
mm/mempolicy.c: fix wrong sp_node insertion
ipc: don't allocate a copy larger than max
ipc: fix potential oops when src msg > 4k w/ MSG_COPY
vfs: don't BUG_ON() if following a /proc fd pseudo-symlink results in a symlink
drm/tegra: drop "select DRM_HDMI"
drm: Documentation typo fixes
drm/mgag200: Bug fix: Renesas board now selects native resolution.
...
Jonas Gorski [Mon, 11 Mar 2013 16:44:21 +0000 (17:44 +0100)]
mwl8k: don't overwrite regulatory settings on fw reload
Currently the caps are parsed on every firmware reload, causing any
channel flags to be cleared.
When there is a firmware to interface mode mismatch, the triggered
firmware reload causes a reset of the regulatory settings, causing all
channels to become available:
John W. Linville [Mon, 11 Mar 2013 18:59:46 +0000 (14:59 -0400)]
Merge tag 'nfc-next-3.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz <sameo@linux.intel.com> says:
This is the first NFC pull request for 3.10.
The 2 features we have with this one are:
- An LLCP Service Name Lookup (SNL) netlink interface for querying LLCP
service availability from user space.
Along the way, Thierry also improved the existing SNL interface for
aggregating SNL responses.
- An initial LLCP socket options implementation, for setting the Receive
Window (RW) and the Maximum Information Unit Extension (MIUX) per socket.
This is need for the LLCP validation tests.
We also have a microread MEI build failure here: I am not sending this one to
3.9 because the MEI bus code is not there yet, so it won't break for anyone
else than me.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felipe Balbi [Mon, 11 Mar 2013 18:01:08 +0000 (20:01 +0200)]
usb: musb: core: fix possible build error with randconfig
when making commit e574d57 (usb: musb: fix
compile warning) I forgot to git add this
part of the patch which ended up introducing
a possible build error.
Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
John W. Linville [Mon, 11 Mar 2013 18:07:55 +0000 (14:07 -0400)]
Merge tag 'nfc-fixes-3.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-fixes
Samuel Ortiz <sameo@linux.intel.com> says:
This is the first NFC pull request for 3.9 fixes
With this one we have:
- A fix for properly decreasing socket ack log.
- A timer and works cleanup upon NFC device removal.
- A monitoroing socket cleanup round from llcp_socket_release.
- A proper error report to pending sockets upon NFC device removal.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Liu Jinsong [Mon, 11 Mar 2013 22:42:16 +0000 (06:42 +0800)]
xen/acpi: remove redundant acpi/acpi_drivers.h include
It's redundant since linux/acpi.h has include it when CONFIG_ACPI enabled,
and when CONFIG_ACPI disabled it will trigger compiling warning
In file included from drivers/xen/xen-stub.c:28:0:
include/acpi/acpi_drivers.h:103:31:
warning: 'struct acpi_device' declared inside parameter list [enabled by default]
include/acpi/acpi_drivers.h:103:31:
warning: its scope is only this definition or declaration, which is probably not what you want [enabled by default]
include/acpi/acpi_drivers.h:107:43:
warning: 'struct acpi_pci_root' declared inside parameter list [enabled by default]
Reported-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Ian Campbell [Thu, 7 Mar 2013 07:17:25 +0000 (07:17 +0000)]
xen: arm: mandate EABI and use generic atomic operations.
Rob Herring has observed that c81611c4e96f "xen: event channel arrays are
xen_ulong_t and not unsigned long" introduced a compile failure when building
without CONFIG_AEABI:
Will Deacon pointed out that this is because OABI does not require even base
registers for 64-bit values. We can avoid this by simply using the existing
atomic64_xchg operation and the same containerof trick as used by the cmpxchg
macros. However since this code is used on memory which is shared with the
hypervisor we require proper atomic instructions and cannot use the generic
atomic64 callbacks (which are based on spinlocks), therefore add a dependency
on !GENERIC_ATOMIC64. Since we already depend on !CPU_V6 there isn't much
downside to this.
While thinking about this we also observed that OABI has different struct
alignment requirements to EABI, which is a problem for hypercall argument
structs which are shared with the hypervisor and which must be in EABI layout.
Since I don't expect people to want to run OABI kernels on Xen depend on
CONFIG_AEABI explicitly too (although it also happens to be enforced by the
!GENERIC_ATOMIC64 requirement too).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Rob Herring <robherring2@gmail.com> Acked-by: Stefano Stabellini <Stefano.Stabellini@eu.citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Jan Kara [Mon, 11 Mar 2013 17:24:56 +0000 (13:24 -0400)]
jbd2: fix use after free in jbd2_journal_dirty_metadata()
jbd2_journal_dirty_metadata() didn't get a reference to journal_head it
was working with. This is OK in most of the cases since the journal head
should be attached to a transaction but in rare occasions when we are
journalling data, __ext4_journalled_writepage() can race with
jbd2_journal_invalidatepage() stripping buffers from a page and thus
journal head can be freed under hands of jbd2_journal_dirty_metadata().
Fix the problem by getting own journal head reference in
jbd2_journal_dirty_metadata() (and also in jbd2_journal_set_triggers()
which can possibly have the same issue).
Reported-by: Zheng Liu <gnehzuil.liu@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Cc: stable@vger.kernel.org
Ian Abbott [Tue, 5 Mar 2013 13:13:44 +0000 (13:13 +0000)]
staging: comedi: dt9812: use CR_CHAN() for channel number
As pointed out by Dan Carpenper in
<http://driverdev.linuxdriverproject.org/pipermail/devel/2013-February/036025.html>,
the dt9812 comedi driver's use of the `chanspec` member of `struct
comedi_insn` as a channel number is incorrect. Change it to use
`CR_CHAN(insn->chanspec)` as the channel number (where `insn` is a
pointer to the `struct comedi_insn` being processed).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> # 3.8 onwards Cc: Anders Blomdell <anders.blomdell@control.lth.se> Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging/vt6656: Fix too large integer constant warning on 32-bit
drivers/staging/vt6656/card.c: In function ‘CARDqGetNextTBTT’:
drivers/staging/vt6656/card.c:793: warning: integer constant is too large for ‘unsigned long’ type
Commit c7b7cad0d8df823ea063c86a54316bbcbfa04a7c ("staging/vt6656: Fix
sparse warning constant 0xffffffff00000000U is so big it is unsigned long")
changed the constant to "0xffffffff00000000UL", but that only works on
64-bit. Change it "0xffffffff00000000ULL" to fix it for 32-bit, too.