summaryrefslogtreecommitdiff
path: root/drivers
AgeCommit message (Collapse)AuthorFilesLines
2014-05-06lustre: get rid of messing with iovecsAl Viro6-163/+37
* switch to ->read_iter/->write_iter * keep a pointer to iov_iter instead of iov/nr_segs * do not modify iovecs; use iov_iter_truncate()/iov_iter_advance() and a new primitive - iov_iter_reexpand() (expand previously truncated iterator) istead. * (racy) check for lustre VMAs intersecting with iovecs kept for now as for_each_iov() loop. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06blkdev_aio_write() - turn into blkdev_write_iter()Al Viro1-2/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06switch simple generic_file_aio_read() users to ->read_iter()Al Viro1-2/+2
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06replace checking for ->read/->aio_read presence with check in ->f_modeAl Viro2-4/+4
Since we are about to introduce new methods (read_iter/write_iter), the tests in a bunch of places would have to grow inconveniently. Check once (at open() time) and store results in ->f_mode as FMODE_CAN_READ and FMODE_CAN_WRITE resp. It might end up being a temporary measure - once everything switches from ->aio_{read,write} to ->{read,write}_iter it might make sense to return to open-coded checks. We'll see... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06new helper: iov_iter_get_pages_alloc()Al Viro1-55/+37
same as iov_iter_get_pages(), except that pages array is allocated (kmalloc if possible, vmalloc if that fails) and left for caller to free. Lustre and NFS ->direct_IO() switched to it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06new primitive: iov_iter_alignment()Al Viro1-5/+2
returns the value aligned as badly as the worst remaining segment in iov_iter is. Use instead of open-coded equivalents. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06get rid of pointless iov_length() in ->direct_IO()Al Viro1-1/+1
all callers have iov_length(iter->iov, iter->nr_segs) == iov_iter_count(iter) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06pass iov_iter to ->direct_IO()Al Viro1-9/+8
unmodified, for now Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06kill generic_segment_checks()Al Viro1-8/+2
all callers of ->aio_read() and ->aio_write() have iov/nr_segs already checked - generic_segment_checks() done after that is just an odd way to spell iov_length(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-05-06agp: info leak in agpioc_info_wrap()Dan Carpenter1-0/+1
On 64 bit systems the agp_info struct has a 4 byte hole between ->agp_mode and ->aper_base. We need to clear it to avoid disclosing stack information to userspace. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: David Airlie <airlied@linux.ie> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-05-06drivers/rtc/rtc-pcf8523.c: fix month definitionChris Cui1-2/+2
PCF8523 uses 1-12 to represent month according to datasheet. link: www.nxp.com/documents/data_sheet/PCF8523.pdf. Signed-off-by: Chris Cui <chris.wei.cui@gmail.com> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-05-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds90-927/+1193
Pull networking fixes from David Miller: 1) e1000e computes header length incorrectly wrt vlans, fix from Vlad Yasevich. 2) ns_capable() check in sock_diag netlink code, from Andrew Lutomirski. 3) Fix invalid queue pairs handling in virtio_net, from Amos Kong. 4) Checksum offloading busted in sxgbe driver due to incorrect descriptor layout, fix from Byungho An. 5) Fix build failure with SMC_DEBUG set to 2 or larger, from Zi Shen Lim. 6) Fix uninitialized A and X registers in BPF interpreter, from Alexei Starovoitov. 7) Fix arch dependencies of candence driver. 8) Fix netlink capabilities checking tree-wide, from Eric W Biederman. 9) Don't dump IFLA_VF_PORTS if netlink request didn't ask for it in IFLA_EXT_MASK, from David Gibson. 10) IPV6 FIB dump restart doesn't handle table changes that happen meanwhile, causing the code to loop forever or emit dups, fix from Kumar Sandararajan. 11) Memory leak on VF removal in bnx2x, from Yuval Mintz. 12) Bug fixes for new Altera TSE driver from Vince Bridgers. 13) Fix route lookup key in SCTP, from Xugeng Zhang. 14) Use BH blocking spinlocks in SLIP, as per a similar fix to CAN/SLCAN driver. From Oliver Hartkopp. 15) TCP doesn't bump retransmit counters in some code paths, fix from Eric Dumazet. 16) Clamp delayed_ack in tcp_cubic to prevent theoretical divides by zero. Fix from Liu Yu. 17) Fix locking imbalance in error paths of HHF packet scheduler, from John Fastabend. 18) Properly reference the transport module when vsock_core_init() runs, from Andy King. 19) Fix buffer overflow in cdc_ncm driver, from Bjørn Mork. 20) IP_ECN_decapsulate() doesn't see a correct SKB network header in ip_tunnel_rcv(), fix from Ying Cai. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (132 commits) net: macb: Fix race between HW and driver net: macb: Remove 'unlikely' optimization net: macb: Re-enable RX interrupt only when RX is done net: macb: Clear interrupt flags net: macb: Pass same size to DMA_UNMAP as used for DMA_MAP ip_tunnel: Set network header properly for IP_ECN_decapsulate() e1000e: Restrict MDIO Slow Mode workaround to relevant parts e1000e: Fix issue with link flap on 82579 e1000e: Expand workaround for 10Mb HD throughput bug e1000e: Workaround for dropped packets in Gig/100 speeds on 82579 net/mlx4_core: Don't issue PCIe speed/width checks for VFs net/mlx4_core: Load the Eth driver first net/mlx4_core: Fix slave id computation for single port VF net/mlx4_core: Adjust port number in qp_attach wrapper when detaching net: cdc_ncm: fix buffer overflow Altera TSE: ALTERA_TSE should depend on HAS_DMA vsock: Make transport the proto owner net: sched: lock imbalance in hhf qdisc net: mvmdio: Check for a valid interrupt instead of an error net phy: Check for aneg completion before setting state to PHY_RUNNING ...
2014-05-05Merge tag 'usb-3.15-rc4' of ↵Linus Torvalds9-16/+58
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small fixes and device ids for 3.15-rc4. All have been in linux-next just fine" * tag 'usb-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: Nokia 5300 should be treated as unusual dev USB: Nokia 305 should be treated as unusual dev fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6 usb: storage: shuttle_usbat: fix discs being detected twice usb: qcserial: add a number of Dell devices USB: OHCI: fix problem with global suspend on ATI controllers usb: gadget: at91-udc: fix irq and iomem resource retrieval usb: phy: fsm: change "|" to "||" for condition OTG_STATE_A_WAIT_BCON at statemachine usb: phy: fsm: update OTG HNP state transition
2014-05-05Merge tag 'tty-3.15-rc4' of ↵Linus Torvalds4-17/+20
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some tty and serial driver fixes for things reported recently" * tag 'tty-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: Fix lockless tty buffer race Revert "tty: Fix race condition between __tty_buffer_request_room and flush_to_ldisc" drivers/tty/hvc: don't free hvc_console_setup after init n_tty: Fix n_tty_write crash when echoing in raw mode tty: serial: 8250_core.c Bug fix for Exar chips.
2014-05-05Merge tag 'staging-3.15-rc4' of ↵Linus Torvalds4-8/+12
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging / iio fixes from Greg KH: "Here are some small IIO driver fixes for 3.15-rc4 that resolve some reported issues" * tag 'staging-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: adc: Nothing in ADC should be a bool CONFIG iio: exynos_adc: use indio_dev->dev structure to handle child nodes iio:imu:mpu6050: Fixed segfault in Invensens MPU driver due to null dereference staging:iio:ad2s1200 fix missing parenthesis in a for statment.
2014-05-05net: macb: Fix race between HW and driverSoren Brinkmann1-10/+0
Under "heavy" RX load, the driver cannot handle the descriptors fast enough. In detail, when a descriptor is consumed, its used flag is cleared and once the RX budget is consumed all descriptors with a cleared used flag are prepared to receive more data. Under load though, the HW may constantly receive more data and use those descriptors with a cleared used flag before they are actually prepared for next usage. The head and tail pointers into the RX-ring should always be valid and we can omit clearing and checking of the used flag. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net: macb: Remove 'unlikely' optimizationSoren Brinkmann1-1/+1
Coverage data suggests that the unlikely case of receiving data while the receive handler is running may not be that unlikely. Coverage data after running iperf for a while: 91320: 891: work_done = bp->macbgem_ops.mog_rx(bp, budget); 91320: 892: if (work_done < budget) { 2362: 893: napi_complete(napi); -: 894: -: 895: /* Packets received while interrupts were disabled */ 4724: 896: status = macb_readl(bp, RSR); 2362: 897: if (unlikely(status)) { 762: 898: if (bp->caps & MACB_CAPS_ISR_CLEAR_ON_WRITE) 762: 899: macb_writel(bp, ISR, MACB_BIT(RCOMP)); -: 900: napi_reschedule(napi); -: 901: } else { 1600: 902: macb_writel(bp, IER, MACB_RX_INT_FLAGS); -: 903: } -: 904: } Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net: macb: Re-enable RX interrupt only when RX is doneSoren Brinkmann1-7/+6
When data is received during the driver processing received data the NAPI is re-scheduled. In that case the RX interrupt should not be re-enabled. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net: macb: Clear interrupt flagsSoren Brinkmann1-0/+10
A few interrupt flags were not cleared in the ISR, resulting in a sytem trapped in the ISR in cases one of those interrupts occurred. Clear all flags to avoid such situations. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net: macb: Pass same size to DMA_UNMAP as used for DMA_MAPSoren Brinkmann1-1/+1
Just as commit "net: macb: DMA-unmap full rx-buffer" (48330e08fa168395b9fd9f369f06cca1df204361), pass the size that was used for mapping the memory also to the unmap routine to avoid warnings from the DMA_API. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05Merge branch 'master' of ↵David S. Miller3-29/+46
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains updates to e1000e only. David provides four fixes for e1000e, first is a workaround for a hardware erratum on 82579 devices which experienced packet loss in gigabit and 100 speeds when interconnect between the PHY and MAC is exiting K1 power saving state. Second expands the scope of a workaround to include i217 and i218 parts as well to address over aggressive transmit behavior when connecting at 10Mbs half-duplex. Next is to resolve a reported link flap issue on 82579 parts which was root caused as an interoperability problem between 82579 and at least some Broadcom PHYs in the Energy Efficient Ethernet wake mechanism. Lastly, restricts the workaround of putting the PHY into MDIO slow mode to access the PHY id to relevant parts since this issue has been fixed on the newer hardware. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05e1000e: Restrict MDIO Slow Mode workaround to relevant partsDavid Ertman1-6/+8
It has been determined that the workaround of putting the PHY into MDIO slow mode to access the PHY id is not necessary with Lynx Point and newer parts. The issue that necessitated the workaround has been fixed on the newer hardware. We will maintains, as a last ditch attempt, the conversion to MDIO Slow Mode in the failure branch when attempting to access the PHY id so as to cover all contingencies. Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2014-05-05e1000e: Fix issue with link flap on 82579David Ertman2-0/+13
Several customers have reported a link flap issue on 82579. The symptoms are random and intermittent link losses when 82579 is connected to specific link partners. Issue has been root caused as interoperability problem between 82579 and at least some Broadcom PHYs in the Energy Efficient Ethernet wake mechanism. To fix the issue, we are disabling the Phase Locked Loop shutdown in 100M Low Power Idle. This solution will cause an increase of power in 100M EEE link. It will cost additional 28mW in this specific mode. Cc: Lukasz Adamczuk <lukasz.adamczuk@intel.com> Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2014-05-05e1000e: Expand workaround for 10Mb HD throughput bugDavid Ertman2-4/+12
In commit 772d05c51c4f4896c120ad418b1e91144a2ac813 "e1000e: slow performance between two 82579 connected via 10Mbit hub", a workaround was put into place to address the overaggressive transmit behavior of 82579 parts when connecting at 10Mbs half-duplex. This same behavior is seen on i217 and i218 parts as well. This patch expands the original workaround to encompass these parts. Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2014-05-05e1000e: Workaround for dropped packets in Gig/100 speeds on 82579David Ertman2-19/+13
This is a workaround for a HW erratum on 82579 devices. Erratum is #23 in Intel 6 Series Chipset and Intel C200 Series Chipset specification Update June 2013. Problem: 82579 parts experience packet loss in Gig and 100 speeds when interconnect between PHY and MAC is exiting K1 power saving state. This was previously believed to only affect 1Gig speed, but has been observed at 100Mbs also. Workaround: Disable K1 for 82579 devices at Gig and 100 speeds. Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2014-05-05net/mlx4_core: Don't issue PCIe speed/width checks for VFsEyal Perry1-1/+2
Carrying out PCI speed/width checks through pcie_get_minimum_link() on VFs yield wrong results, so remove them. Fixes: b912b2f ('net/mlx4_core: Warn if device doesn't have enough PCI bandwidth') Signed-off-by: Eyal Perry <eyalpe@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net/mlx4_core: Load the Eth driver firstOr Gerlitz1-2/+2
When running in SRIOV mode, VM that is assigned with a non-provisioned Ethernet VFs get themselves a random mac when the Eth driver starts. In this case, if the IB driver startup code that deals with RoCE runs first, it will use a zero mac as the source mac for the Para-Virtual CM MADs which is buggy. To handle that, we change the order of loading. Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net/mlx4_core: Fix slave id computation for single port VFMatan Barak1-15/+20
The code that deals with computing the slave id based on a given GID gave wrong results when the number of single port VFs wasn't the same for port 1 vs. port 2 and the relevant VF is single ported on port 2. As a result, incoming CM MADs were dispatched to the wrong VF. Fixed that and added documentation to clarify the computation steps. Fixes: 449fc48 ('net/mlx4: Adapt code for N-Port VF') Signed-off-by: Matan Barak <matanb@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net/mlx4_core: Adjust port number in qp_attach wrapper when detachingJack Morgenstein1-0/+23
When using single ported VFs and the VF is using port 2, we need to adjust the port accordingly (change it from 1 to 2). Fixes: 449fc48 ('net/mlx4: Adapt code for N-Port VF') Signed-off-by: Matan Barak <matanb@mellanox.com> Signed-off-by: Jack Morgenstein <jackm@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05net: cdc_ncm: fix buffer overflowBjørn Mork1-1/+1
Commit 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs") changed the padding logic for devices with the ZLP flag set. This meant that frames of any size will be sent without additional padding, except for the single byte added if the size is a multiple of the USB packet size. But if the unpadded size is identical to the maximum frame size, and the maximum size is a multiplum of the USB packet size, then this one-byte padding will overflow the buffer. Prevent padding if already at maximum frame size, letting usbnet transmit a ZLP instead in this case. Fixes: 4d619f625a60 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs") Reported by: Yu-an Shih <yshih@nvidia.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05Altera TSE: ALTERA_TSE should depend on HAS_DMAGeert Uytterhoeven1-0/+1
If NO_DMA=y: drivers/built-in.o: In function `altera_tse_probe': altera_tse_main.c:(.text+0x25ec2e): undefined reference to `dma_set_mask' altera_tse_main.c:(.text+0x25ec78): undefined reference to `dma_supported' altera_tse_main.c:(.text+0x25ecb6): undefined reference to `dma_supported' drivers/built-in.o: In function `sgdma_async_read': altera_sgdma.c:(.text+0x25f620): undefined reference to `dma_sync_single_for_cpu' drivers/built-in.o: In function `sgdma_uninitialize': (.text+0x25f678): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sgdma_uninitialize': (.text+0x25f696): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sgdma_initialize': (.text+0x25f6f0): undefined reference to `dma_map_single' drivers/built-in.o: In function `sgdma_initialize': (.text+0x25f702): undefined reference to `dma_mapping_error' drivers/built-in.o: In function `sgdma_tx_buffer': (.text+0x25f92a): undefined reference to `dma_sync_single_for_cpu' drivers/built-in.o: In function `sgdma_rx_status': (.text+0x25fa24): undefined reference to `dma_sync_single_for_cpu' make[3]: *** [vmlinux] Error 1 Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Vince Bridgers <vbridgers2013@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05Merge branch 'for-davem' of ↵David S. Miller15-46/+45
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2014-05-01 Please pull the following batch of fixes intended for the 3.15 stream! For the Bluetooth bits, Gustavo says: "Some fixes for 3.15. There is a revert for the intel driver, a new device id, and two important SSP fixes from Johan." On top of that... Ben Hutchings gives us a fix for an unbalanced irq enable in an rtl8192cu error path. Colin Ian King provides an rtlwifi fix for an uninitialized variable. Felix Fietkau brings a pair of ath9k fixes, one that corrects a hardware initialization value and another that removes an (unnecessary) flag that was being used in a way that led to a software tx queue hang in ath9k. Gertjan van Wingerde pushes a MAINTAINERS change to remove himself from the rt2x00 maintainer team. Hans de Goede fixes a brcmfmac firmware load hang. Larry Finger changes rtlwifi to use the correct queue for V0 traffic on rtl8192se. Rajkumar Manoharan corrects a race in ath9k driver initialization. Stanislaw Gruszka fixes an rt2x00 bug in which disabling beaconing once on USB devices led to permanently disabling beaconing for those devices. Tim Harvey provides fixes for a pair of ath9k issues that can lead to soft lockups in that driver. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-05Merge tag 'upstream-3.15-rc5' of git://git.infradead.org/linux-ubifsLinus Torvalds2-1/+7
Pull ubifs fixes from Artem Bityutskiy: "This includes the following fixes: - two real bug-fixes from Tanya for the still "experimental" UBI fastmap feature - a one-liner from Kees which hardens kernel security - a small error-path fix, where we forget to free various resources in case of failure - spotted by the 'smatch' tool" * tag 'upstream-3.15-rc5' of git://git.infradead.org/linux-ubifs: UBI: avoid workqueue format string leak UBI: fix ubi free PEBs count calculation UBI: fix error path in __wl_get_peb UBIFS: fix remount error path
2014-05-05floppy: don't write kernel-only members to FDRAWCMD ioctl outputMatthew Daley1-1/+4
Do not leak kernel-only floppy_raw_cmd structure members to userspace. This includes the linked-list pointer and the pointer to the allocated DMA space. Signed-off-by: Matthew Daley <mattd@bugfuzz.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-05-05floppy: ignore kernel-only members in FDRAWCMD ioctl inputMatthew Daley1-3/+3
Always clear out these floppy_raw_cmd struct members after copying the entire structure from userspace so that the in-kernel version is always valid and never left in an interdeterminate state. Signed-off-by: Matthew Daley <mattd@bugfuzz.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-05-05UBI: avoid workqueue format string leakKees Cook1-1/+1
When building the name for the workqueue thread, make sure a format string cannot leak in from the disk name. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
2014-05-05UBI: fix ubi free PEBs count calculationTanya Brokhman1-0/+3
The ubi->free_count should be updated with every insert/remove to/from the ubi->free list. Signed-off-by: Tanya Brokhman <tlinder@codeaurora.org> Reviewed-by: Dolev Raviv <draviv@codeaurora.org> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
2014-05-05UBI: fix error path in __wl_get_pebTanya Brokhman1-0/+3
In case of an error (if there are not free PEB's for example), __wl_get_peb will return a negative value. In order to prevent access violation we need to test the returned value prior to using it later on. Signed-off-by: Tatyana Brokhman <tlinder@codeaurora.org> Reviewed-by: Dolev Raviv <draviv@codeaurora.org> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
2014-05-04Merge tag 'arm64-fixes' of ↵Linus Torvalds1-0/+2
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: "These are mostly arm64 fixes with an additional arm(64) platform fix for the initialisation of vexpress clocks (the latter only affecting arm64; the arch/arm64 code is SoC agnostic and does not rely on early SoC-specific calls) - vexpress platform clocks initialisation moved earlier following the arm64 move of of_clk_init() call in a previous commit - Default DMA ops changed to non-coherent to preserve compatibility with 32-bit ARM DT files. The "dma-coherent" property can be used to explicitly mark a device coherent. The Applied Micro DT file has been updated to avoid DMA cache maintenance for the X-Gene SATA controller (the only arm64 related driver with such assumption in -rc mainline) - Fixmap correction for earlyprintk - kern_addr_valid() fix for huge pages" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: vexpress: Initialise the sysregs before setting up the clocks arm64: Mark the Applied Micro X-Gene SATA controller as DMA coherent arm64: Use bus notifiers to set per-device coherent DMA ops arm64: Make default dma_ops to be noncoherent arm64: fixmap: fix missing sub-page offset for earlyprintk arm64: Fix for the arm64 kern_addr_valid() function
2014-05-04Merge tag 'scsi-fixes' of ↵Linus Torvalds2-2/+5
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is two patches both fixing bugs in drivers (virtio-scsi and mpt2sas) causing an oops in certain circumstances" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: [SCSI] virtio-scsi: Skip setting affinity on uninitialized vq [SCSI] mpt2sas: Don't disable device twice at suspend.
2014-05-04vexpress: Initialise the sysregs before setting up the clocksCatalin Marinas1-0/+2
Following arm64 commit bc3ee18a7a57 (arm64: init: Move of_clk_init to time_init()), vexpress_osc_of_setup() is called via of_clk_init() long before initcalls are issued. Initialising the vexpress oscillators requires the vespress sysregs to be already initialised, so this patch adds an explicit call to vexpress_sysreg_of_early_init() in vexpress oscillator setup function. Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Tested-by: Will Deacon <will.deacon@arm.com> Acked-by: Will Deacon <will.deacon@arm.com> Tested-by: Pawel Moll <pawel.moll@arm.com> Acked-by: Pawel Moll <pawel.moll@arm.com> Cc: Mike Turquette <mturquette@linaro.org>
2014-05-03USB: Nokia 5300 should be treated as unusual devDaniele Forsi1-0/+7
Signed-off-by: Daniele Forsi <dforsi@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03USB: Nokia 305 should be treated as unusual devVictor A. Santos1-0/+7
Signed-off-by: Victor A. Santos <victoraur.santos@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03tty: Fix lockless tty buffer racePeter Hurley1-3/+14
Commit 6a20dbd6caa2358716136144bf524331d70b1e03, "tty: Fix race condition between __tty_buffer_request_room and flush_to_ldisc" correctly identifies an unsafe race condition between __tty_buffer_request_room() and flush_to_ldisc(), where the consumer flush_to_ldisc() prematurely advances the head before consuming the last of the data committed. For example: CPU 0 | CPU 1 __tty_buffer_request_room | flush_to_ldisc ... | ... | count = head->commit - head->read n = tty_buffer_alloc() | b->commit = b->used | b->next = n | | if (!count) /* T */ | if (head->next == NULL) /* F */ | buf->head = head->next In this case, buf->head has been advanced but head->commit may have been updated with a new value. Instead of reintroducing an unnecessary lock, fix the race locklessly. Read the commit-next pair in the reverse order of writing, which guarantees the commit value read is the latest value written if the head is advancing. Reported-by: Manfred Schlaegl <manfred.schlaegl@gmx.at> Cc: <stable@vger.kernel.org> # 3.12.x+ Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03Revert "tty: Fix race condition between __tty_buffer_request_room and ↵Peter Hurley1-14/+2
flush_to_ldisc" This reverts commit 6a20dbd6caa2358716136144bf524331d70b1e03. Although the commit correctly identifies an unsafe race condition between __tty_buffer_request_room() and flush_to_ldisc(), the commit fixes the race with an unnecessary spinlock in a lockless algorithm. The follow-on commit, "tty: Fix lockless tty buffer race" fixes the race locklessly. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03drivers/tty/hvc: don't free hvc_console_setup after initTomoki Sekiyama1-1/+1
When 'console=hvc0' is specified to the kernel parameter in x86 KVM guest, hvc console is setup within a kthread. However, that will cause SEGV and the boot will fail when the driver is builtin to the kernel, because currently hvc_console_setup() is annotated with '__init'. This patch removes '__init' to boot the guest successfully with 'console=hvc0'. Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03n_tty: Fix n_tty_write crash when echoing in raw modePeter Hurley1-0/+4
The tty atomic_write_lock does not provide an exclusion guarantee for the tty driver if the termios settings are LECHO & !OPOST. And since it is unexpected and not allowed to call TTY buffer helpers like tty_insert_flip_string concurrently, this may lead to crashes when concurrect writers call pty_write. In that case the following two writers: * the ECHOing from a workqueue and * pty_write from the process race and can overflow the corresponding TTY buffer like follows. If we look into tty_insert_flip_string_fixed_flag, there is: int space = __tty_buffer_request_room(port, goal, flags); struct tty_buffer *tb = port->buf.tail; ... memcpy(char_buf_ptr(tb, tb->used), chars, space); ... tb->used += space; so the race of the two can result in something like this: A B __tty_buffer_request_room __tty_buffer_request_room memcpy(buf(tb->used), ...) tb->used += space; memcpy(buf(tb->used), ...) ->BOOM B's memcpy is past the tty_buffer due to the previous A's tb->used increment. Since the N_TTY line discipline input processing can output concurrently with a tty write, obtain the N_TTY ldisc output_lock to serialize echo output with normal tty writes. This ensures the tty buffer helper tty_insert_flip_string is not called concurrently and everything is fine. Note that this is nicely reproducible by an ordinary user using forkpty and some setup around that (raw termios + ECHO). And it is present in kernels at least after commit d945cb9cce20ac7143c2de8d88b187f62db99bdc (pty: Rework the pty layer to use the normal buffering logic) in 2.6.31-rc3. js: add more info to the commit log js: switch to bool js: lock unconditionally js: lock only the tty->ops->write call References: CVE-2014-0196 Reported-and-tested-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03tty: serial: 8250_core.c Bug fix for Exar chips.Michael Welling1-1/+1
The sleep function was updated to put the serial port to sleep only when necessary. This appears to resolve the errant behavior of the driver as described in Kernel Bug 61961 – "My Exar Corp. XR17C/D152 Dual PCI UART modem does not work with 3.8.0". Signed-off-by: Michael Welling <mwelling@ieee.org> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6Nikita Yushchenko1-1/+2
Per reference manuals of Freescale P1020 and P2020 SoCs, USB controller present in these SoCs has bit 17 of USBx_CONTROL register marked as Reserved - there is no PHY_CLK_VALID bit there. Testing for this bit in ehci_fsl_setup_phy() behaves differently on two P1020RDB boards available here - on one board test passes and fsl-usb init succeeds, but on other board test fails, causing fsl-usb init to fail. This patch changes ehci_fsl_setup_phy() not to test PHY_CLK_VALID on controller version 1.6 that (per manual) does not have this bit. Signed-off-by: Nikita Yushchenko <nyushchenko@dev.rtsoft.ru> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-03usb: storage: shuttle_usbat: fix discs being detected twiceDaniele Forsi1-1/+1
Even if the USB-to-ATAPI converter supported multiple LUNs, this driver would always detect the same physical device or media because it doesn't use srb->device->lun in any way. Tested with an Hewlett-Packard CD-Writer Plus 8200e. Signed-off-by: Daniele Forsi <dforsi@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>