summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-05-28timekeeping: Correct run-time detection of persistent_clock.Zoran Markovic
Since commit 31ade30692dc9680bfc95700d794818fa3f754ac, timekeeping_init() checks for presence of persistent clock by attempting to read a non-zero time value. This is an issue on platforms where persistent_clock (instead is implemented as a free-running counter (instead of an RTC) starting from zero on each boot and running during suspend. Examples are some ARM platforms (e.g. PandaBoard). An attempt to read such a clock during timekeeping_init() may return zero value and falsely declare persistent clock as missing. Additionally, in the above case suspend times may be accounted twice (once from timekeeping_resume() and once from rtc_resume()), resulting in a gradual drift of system time. This patch does a run-time correction of the issue by doing the same check during timekeeping_suspend(). A better long-term solution would have to return error when trying to read non-existing clock and zero when trying to read an uninitialized clock, but that would require changing all persistent_clock implementations. This patch addresses the immediate breakage, for now. Cc: John Stultz <john.stultz@linaro.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Feng Tang <feng.tang@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Zoran Markovic <zoran.markovic@linaro.org> [jstultz: Tweaked commit message and subject] Signed-off-by: John Stultz <john.stultz@linaro.org>
2013-05-28ntp: Remove unused variable flags in __hardppsGeert Uytterhoeven
kernel/time/ntp.c: In function ‘__hardpps’: kernel/time/ntp.c:877: warning: unused variable ‘flags’ commit a076b2146fabb0894cae5e0189a8ba3f1502d737 ("ntp: Remove ntp_lock, using the timekeeping locks to protect ntp state") removed its users, but not the actual variable. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: John Stultz <john.stultz@linaro.org>
2013-05-28usb: musb: make use_sg flag URB specificVirupax Sadashivpetimath
Since highmem PIO URB handling was introduced in: 8e8a551 usb: musb: host: Handle highmem in PIO mode when a URB is being handled it may happen that the static use_sg flag was set by a previous URB with buffer in highmem. This leads to error in handling the present URB. Fix this by making the use_sg flag URB specific. Cc: stable <stable@vger.kernel.org> # 3.7+ Acked-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Virupax Sadashivpetimath <virupax.sadashivpetimath@stericsson.com> Signed-off-by: Fabio Baltieri <fabio.baltieri@linaro.org> Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-05-28usb: dwc3: gadget: free trb pool only from epnum 2George Cherian
we never allocate a TRB pool for physical endpoints 0 and 1 so trying to free it (a invalid TRB pool pointer) will lead us in a warning while removing dwc3.ko module. In order to fix the situation, all we have to do is skip dwc3_free_trb_pool() for physical endpoints 0 and 1 just as we while deleting endpoints from the endpoints list. Cc: stable@vger.kernel.org Signed-off-by: George Cherian <george.cherian@ti.com> Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-05-28usb: dwc3: exynos: PHY should be deleted later than dwc3 corePeter Chen
If the glue layer is removed first (core layer later), it deletes the phy device first, then the core device. But at core's removal, it still uses PHY's resources, it may cause kernel's oops. It is much like the problem Paul Zimmerman reported at: http://marc.info/?l=linux-usb&m=136547502011472&w=2. Besides, it is reasonable the PHY is deleted at last as the controller is the PHY's user. Signed-off-by: Peter Chen <peter.chen@freescale.com> Cc: <stable@vger.kernel.org> Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-05-28usb: dwc3: pci: PHY should be deleted later than dwc3 corePeter Chen
If the glue layer is removed first (core layer later), it deletes the phy device first, then the core device. But at core's removal, it still uses PHY's resources, it may cause kernel's oops. It is much like the problem Paul Zimmerman reported at: http://marc.info/?l=linux-usb&m=136547502011472&w=2. Besides, it is reasonable the PHY is deleted at last as the controller is the PHY's user. Signed-off-by: Peter Chen <peter.chen@freescale.com> Cc: <stable@vger.kernel.org> Signed-off-by: Felipe Balbi <balbi@ti.com>
2013-05-28ath9k: use correct OTP register offsets for AR9550Gabor Juhos
Accessing the OTP memory on AR9950 causes a data bus like this: Data bus error, epc == 801f7774, ra == 801f7774 Oops[#1]: CPU: 0 PID: 1 Comm: swapper Not tainted 3.10.0-rc3 #592 task: 87c28000 ti: 87c22000 task.ti: 87c22000 $ 0 : 00000000 00000061 deadc0de 00000000 $ 4 : b8115f18 00015f18 00000007 00000004 $ 8 : 00000001 7c7c3c7c 7c7c7c7c 7c7c7c7c $12 : 7c7c3c7c 80320a68 00000000 7c7c7c3c $16 : 87cd8010 00015f18 00000007 00000000 $20 : 00000064 00000004 87c23c7c 8035210c $24 : 00000000 801f3674 $28 : 87c22000 87c23b48 00000001 801f7774 Hi : 00000000 Lo : 00000064 epc : 801f7774 ath9k_hw_wait+0x58/0xb0 Not tainted ra : 801f7774 ath9k_hw_wait+0x58/0xb0 Status: 1000cc03 KERNEL EXL IE Cause : 4080801c PrId : 00019750 (MIPS 74Kc) Modules linked in: Process swapper (pid: 1, threadinfo=87c22000, task=87c28000, ts=00000000) Stack : 0000000f 00000061 00002710 8006240c 00000001 87cd8010 87c23bb0 87cd8010 00000000 00000004 00000003 80210c7c 000000b3 67fa8000 0000032a 000006fe 000003e8 00000002 00000028 87c23bf0 000003ff 80210d24 803e5630 80210e28 00000000 00000007 87cd8010 00007044 00000004 00000061 000003ff 000001ff 87c26000 87cd8010 00000220 87cd8bb8 80210000 8020fcf4 87c22000 87c23c08 ... Call Trace: [<801f7774>] ath9k_hw_wait+0x58/0xb0 [<80210c7c>] ar9300_otp_read_word+0x80/0xd4 [<80210d24>] ar9300_read_otp+0x54/0xb0 [<8020fcf4>] ar9300_check_eeprom_header+0x1c/0x40 [<80210fe4>] ath9k_hw_ar9300_fill_eeprom+0x118/0x39c [<80206650>] ath9k_hw_eeprom_init+0x74/0xb4 [<801f96d0>] ath9k_hw_init+0x7ec/0x96c [<801e65ec>] ath9k_init_device+0x340/0x758 [<801f35d0>] ath_ahb_probe+0x21c/0x2c0 [<801c041c>] driver_probe_device+0xc0/0x1e4 [<801c05ac>] __driver_attach+0x6c/0xa4 [<801bea08>] bus_for_each_dev+0x64/0xa8 [<801bfa40>] bus_add_driver+0xcc/0x24c [<801c0954>] driver_register+0xbc/0x17c [<803f8fc0>] ath9k_init+0x5c/0x88 [<800608fc>] do_one_initcall+0xec/0x1a0 [<803e6a68>] kernel_init_freeable+0x13c/0x200 [<80309cdc>] kernel_init+0x1c/0xe4 [<80062450>] ret_from_kernel_thread+0x10/0x18 On the AR9550, the OTP registers are located at the same address as on the AR9340. Use the correct values to avoid the error. Cc: stable@vger.kernel.org # 3.6+ Signed-off-by: Gabor Juhos <juhosg@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: Disable powersave mode for P2P link.Hante Meuleman
For p2p client mode powersave mode should be kept disabled. It is working but inefficient. In general p2p links do no benefit from this mode, because these links are setup temporarily to transfer data. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: Add multi channel support for P2P.Hante Meuleman
Multi channel support was disabled. This patch will enable it and configure the P2P GO on the correct frequency when multi channel is used. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: use struct net_device::destructor to remove interfacesArend van Spriel
Upon deleting a P2P_CLIENT/GO interface the vif and consequently the wdev is freed before the net_device is actually being unregistered but cfg80211 still needs to access the wdev. Using destructor field to free the net_device and vif. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: free net device when registration failsArend van Spriel
When registration fails the net device is no longer needed. Free the net device and remove reference to private data from the driver. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: add additional parameter to brcmf_free_vif()Arend van Spriel
Pass the struct brcmf_cfg80211_info instance instead of obtaining through vif itself using vif->wdev. This is needed as the netdev associated with this vif is already unregistered. Reviewed-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: Fix p2p setup when connected to ap on 5G.Hante Meuleman
The firmware requires that on p2p setup when net interfaces are created or updated that they start initially with the same channel as the channel in use for the current connection (if any). If none exists take default channel 11. Reviewed-by: Arend Van Spriel <arend@broadcom.com> Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com> Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28brcmfmac: Turn off ARP offloading when configured for AP.Hante Meuleman
ARP offloading should only be used in STA or P2P client mode. It is currently configured once at init. When being configured for AP ARP offloading should be turned off and when AP mode is left it can be turned back on. Cc: stable@vger.kernel.org Reviewed-by: Arend Van Spriel <arend@broadcom.com> Signed-off-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-05-28Merge branch 'for-john' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
2013-05-28Merge branch 'for-john' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
2013-05-28Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull drm fixes from Dave Airlie: "This is mostly exynos and intel fixes, along with some vblank patches I lost from Rob a few months ago that make wayland work better on lots of GPUs, also a qxl kconfig fix." * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (22 commits) qxl: fix Kconfig deps - select FB_DEFERRED_IO drm/exynos: replace request_threaded_irq with devm function drm/exynos: remove unnecessary devm_kfree drm/exynos: fix build warnings from ipp fimc drm/exynos: cleanup device pointer usages drm/exynos: wait for the completion of pending page flip drm/exynos: use drm_send_vblank_event() helper drm/i915: avoid premature DP AUX timeouts drm/i915: avoid premature timeouts in __wait_seqno() drm/i915: use msecs_to_jiffies_timeout instead of open coding the same drm/i915: add msecs_to_jiffies_timeout to guarantee minimum duration drm/i915: force full modeset if the connector is in DPMS OFF mode drm/exynos: page flip fixes drm/exynos: exynos_hdmi: Pass correct pointer to free_irq() drm/exynos: exynos_drm_ipp: Fix incorrect usage of IS_ERR_OR_NULL drm/exynos: exynos_drm_fbdev: Fix incorrect usage of IS_ERR_OR_NULL drm/imx: use drm_send_vblank_event() helper drm/shmob: use drm_send_vblank_event() helper drm/radeon: use drm_send_vblank_event() helper drm/nouveau: use drm_send_vblank_event() helper ...
2013-05-28Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto fixes from Herbert Xu: "This push fixes a crash in the new sha256_ssse3 driver as well as a DMA setup/teardown bug in caam" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations crypto: caam - fix inconsistent assoc dma mapping direction
2013-05-28Merge branch 'for-3.10' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds
Pull CIFS fixes from Steve French: "Fixes for a couple of DFS problems, a problem with extended security negotiation and two other small cifs fixes" * 'for-3.10' of git://git.samba.org/sfrench/cifs-2.6: cifs: fix composing of mount options for DFS referrals cifs: stop printing the unc= option in /proc/mounts cifs: fix error handling when calling cifs_parse_devname cifs: allow sec=none mounts to work against servers that don't support extended security cifs: fix potential buffer overrun when composing a new options string cifs: only set ops for inodes in I_NEW state
2013-05-28net/9p: Handle error in zero copy request correctly for 9p2000.uAneesh Kumar K.V
For zero copy request, error will be encoded in the user space buffer. So copy the error code correctly using copy_from_user. Here we use the extra bytes we allocate for zero copy request. If total error details are more than P9_ZC_HDR_SZ - 7 bytes, we return -EFAULT. The patch also avoid a memory allocation in the error path. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2013-05-28Merge tag 'trace-fixes-v3.10-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Two more fixes: The first one was reported by Mauro Carvalho Chehab, where if a poll() is done against a trace buffer for a CPU that has never been online, it will crash the kernel, as buffers are only created when a CPU comes on line, but the trace files are for all possible CPUs. This fix is to check if the buffer was allocated and if not return -EINVAL. That was the simple fix, the real fix is a bit more complex and not for a -rc release. We could have the files created when the CPUs come online. That would require some design changes. The second one was reported by Peter Zijlstra. If the kernel command line has ftrace=nop, it will lock up the system on boot up. This is because the new design for 3.10 has the nop tracer bootstrap the tracing subsystem. When ftrace=<trace> is defined, when a that tracer is registered, it starts the tracing, but uses the nop tracer to clear things out. What happened here was that ftrace=nop caused the registering of nop to start it and use nop before it was initialized. The only thing nop needs to have done to initialize it is to have the tracer point its current_tracer structure member to the nop tracer. Doing that before registering the nop tracer makes everything work." * tag 'trace-fixes-v3.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ring-buffer: Do not poll non allocated cpu buffers tracing: Fix crash when ftrace=nop on the kernel command line
2013-05-28Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k fixes from Geert Uytterhoeven: - futex support that I had missed before, - A long-overdue update of the m68k defconfigs. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Update defconfigs for v3.9 m68k: implement futex.h to support userspace robust futexes and PI mutexes
2013-05-28Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblazeLinus Torvalds
Pull microblaze fixes from Michal Simek: "One patch fix futex support and my patches fix warnings which were reported by Geert's regression testing" * 'next' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Reversed logic in futex cmpxchg microblaze: Use proper casting for inb/inw/inl in io.h microblaze: Initialize temp variable to remove compilation warning
2013-05-28ring-buffer: Do not poll non allocated cpu buffersSteven Rostedt (Red Hat)
The tracing infrastructure sets up for possible CPUs, but it uses the ring buffer polling, it is possible to call the ring buffer polling code with a CPU that hasn't been allocated. This will cause a kernel oops when it access a ring buffer cpu buffer that is part of the possible cpus but hasn't been allocated yet as the CPU has never been online. Reported-by: Mauro Carvalho Chehab <mchehab@redhat.com> Tested-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-05-28ARM: mvebu: Fix bug in coherency fabric low level init functionNadav Haklai
When adding CPU to the SMP group and enabling the coherency on this CPU we must protect the register access. The previous implementation claims to be atomic but doesn't provide any protection against parallel access to the coherency fabric control and configuration registers. This patch fixes this by using the ldrex and strex mechanism. This method should be used in all accesses to those registers. [gregory.clement@free-electrons.com: fixed the commit's topic] Signed-off-by: Nadav Haklai <nadavh@marvell.com> Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2013-05-28ARM: Kirkwood: TS219: Fix crash by double PCIe instantiationAndrew Lunn
When creating the DT based boards-ts219.c the none DT ts219-setup.c was used as a template. This includes a lateinit() call to initialize the PCIe bus. The code makes use of machine_is_ts219() which is never true on DT, so a FIXME was added and the code left as is. This was unproblematic until b73690c8f8b5d: "ARM: Kirkwood: Support basic hotplug for PCI-E" which changes the way the PCIe bus is initialized. The non-DT ts219-setup.c now crashes during boot. The lateinit() call in the DT boards-ts219.c is being called, machine_is_ts219() is true and so the PCIe is initialized a second time. This patch removes the useless, and now clearly dangerous, code from boards-ts219.c, making ts219-setup.c work again. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Cc: <stable@vger.kernel.org> # v3.9.x Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2013-05-28Merge remote-tracking branch 'asoc/fix/wm8994' into asoc-linusMark Brown
2013-05-28Merge remote-tracking branch 'asoc/fix/max98090' into asoc-linusMark Brown
2013-05-28Merge remote-tracking branch 'asoc/fix/davinci' into asoc-linusMark Brown
2013-05-28Merge remote-tracking branch 'asoc/fix/cs42l52' into asoc-linusMark Brown
2013-05-28Merge remote-tracking branch 'asoc/fix/compress' into asoc-linusMark Brown
2013-05-28Merge remote-tracking branch 'asoc/fix/arizona' into asoc-linusMark Brown
2013-05-28ASoC: cs42l52: fix default value for MASTERA_VOL.Nicolas Schichan
The default register value for MASTERA_VOL is 0x00, the same as MASTERB_VOL. Signed-off-by: Nicolas Schichan <nschichan@freebox.fr> Acked-by: Brian Austin <brian.austin@cirrus.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@vger.kernel.org
2013-05-28ASoC: wm8994: check for array index returnedVinod Koul
The array 'drc_cfg' of size 3 may use index value -22 (EINVAL) The array 'retune_mobile_cfg' of size 3 may use index value -22 (EINVAL) Signed-off-by: Vinod Koul <vinod.koul@intel.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2013-05-28ASoC: wm8994: Fix reporting of accessory removal on WM8958Mark Brown
During recent refactoring the code to report removal when MICDET reports an absent microphone was removed, causing problems for systems which rely solely on the MICDET for this functionality. Restore it. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2013-05-28ASoC: wm8994: use the correct pointer to get the control valueVinod Koul
Signed-off-by: Vinod Koul <vinod.koul@intel.com> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2013-05-28xmem/tmem: fix 'undefined variable' build error.Frederico Cadete
In the (not so useful) kernel configuration where CONFIG_SWAP is undefined and CONFIG_XEN_SELFBALLOONING is defined, xen_tmem_init would use undefined variable 'static bool frontswap'. Added #else to have #define frontswap (0) in the case where CONFIG_FRONTSWAP is not defined. Signed-off-by: Frederico Cadete <frederico@cadete.eu> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2013-05-28s390/pgtable: Fix check for pgste/storage key handlingChristian Borntraeger
pte_present might return true on PAGE_TYPE_NONE, even if the invalid bit is on. Modify the existing check of the pgste functions to avoid crashes. [ Martin Schwidefsky: added ptep_modify_prot_[start|commit] bits ] Reported-by: Martin Schwidefky <schwidefsky@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> CC: stable@vger.kernel.org Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-05-28posix-timers: Show clock ID in proc filePavel Tikhomirov
Expand information about posix-timers in /proc/<pid>/timers by adding info about clock, with which the timer was created. I.e. in the forth line of timer info after "notify:" line go "ClockID: <clock_id>". Signed-off-by: Pavel Tikhomirov <snorcht@gmail.com> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Matthew Helsley <matt.helsley@gmail.com> Cc: Pavel Emelyanov <xemul@parallels.com> Link: http://lkml.kernel.org/r/1368742323-46949-2-git-send-email-snorcht@gmail.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2013-05-28perf: Fix perf mmap bugsPeter Zijlstra
Vince reported a problem found by his perf specific trinity fuzzer. Al noticed 2 problems with perf's mmap(): - it has issues against fork() since we use vma->vm_mm for accounting. - it has an rb refcount leak on double mmap(). We fix the issues against fork() by using VM_DONTCOPY; I don't think there's code out there that uses this; we didn't hear about weird accounting problems/crashes. If we do need this to work, the previously proposed VM_PINNED could make this work. Aside from the rb reference leak spotted by Al, Vince's example prog was indeed doing a double mmap() through the use of perf_event_set_output(). This exposes another problem, since we now have 2 events with one buffer, the accounting gets screwy because we account per event. Fix this by making the buffer responsible for its own accounting. Reported-by: Vince Weaver <vincent.weaver@maine.edu> Signed-off-by: Peter Zijlstra <peterz@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Paul Mackerras <paulus@samba.org> Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Link: http://lkml.kernel.org/r/20130528085548.GA12193@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-05-28kprobes: Fix to free gone and unused optprobesMasami Hiramatsu
Fix to free gone and unused optprobes. This bug will cause a kernel panic if the user reuses the killed and unused probe. Reported at: http://sourceware.org/ml/systemtap/2013-q2/msg00142.html In the normal path, an optprobe on an init function is unregistered when a module goes live. unregister_kprobe(kp) -> __unregister_kprobe_top ->__disable_kprobe ->disarm_kprobe(ap == op) ->__disarm_kprobe ->unoptimize_kprobe : the op is queued on unoptimizing_list and do nothing in __unregister_kprobe_bottom After a while (usually wait 5 jiffies), kprobe_optimizer runs to unoptimize and free optprobe. kprobe_optimizer ->do_unoptimize_kprobes ->arch_unoptimize_kprobes : moved to free_list ->do_free_cleaned_kprobes ->hlist_del: the op is removed ->free_aggr_kprobe ->arch_remove_optimized_kprobe ->arch_remove_kprobe ->kfree: the op is freed Here, if kprobes_module_callback is called and the delayed unoptimizing probe is picked BEFORE kprobe_optimizer runs, kprobes_module_callback ->kill_kprobe ->kill_optimized_kprobe : dequeued from unoptimizing_list <=!!! ->arch_remove_optimized_kprobe ->arch_remove_kprobe (but op is not freed, and on the kprobe hash table) This doesn't happen if the probe unregistration is done AFTER kprobes_module_callback is called (because at that time the op is gone), and kprobe-tracer does it. To fix this bug, this patch changes kprobes_module_callback to enqueue the op to freeing_list at kill_optimized_kprobe only if the op is unused. The unused probes on freeing_list will be freed in do_free_cleaned_kprobes. Note that this calls arch_remove_*kprobe twice on the same probe. Thus those functions have to check the double free. Fortunately, most of arch codes already checked that except for mips. This will be fixed in the next patch. Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi> Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: Frank Ch. Eigler <fche@redhat.com> Cc: systemtap@sourceware.org Cc: yrl.pp-manager.tt@hitachi.com Cc: David S. Miller <davem@davemloft.net> Cc: "David S. Miller" <davem@davemloft.net> Link: http://lkml.kernel.org/r/20130522093409.9084.63554.stgit@mhiramat-M0-7522 [ Minor edits. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-05-28arch: s390: appldata: using strncpy() and strnlen() instead of sprintf()Chen Gang
'buf[2]' is 2 bytes length, and sprintf() will append '\0' at the end of string "?\n", so original implementation is memory overflow. Need use strncpy() and strnlen() instead of sprintf(). Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-05-28m68k: Update defconfigs for v3.9Geert Uytterhoeven
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
2013-05-28tick: Cure broadcast false positive pending bit warningThomas Gleixner
commit 26517f3e (tick: Avoid programming the local cpu timer if broadcast pending) added a warning if the cpu enters broadcast mode again while the pending bit is still set. Meelis reported that the warning triggers. There are two corner cases which have been not considered: 1) cpuidle calls clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER) twice. That can result in the following scenario CPU0 CPU1 cpuidle_idle_call() clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER) set cpu in tick_broadcast_oneshot_mask broadcast interrupt event expired for cpu1 set pending bit acpi_idle_enter_simple() clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER) WARN_ON(pending bit) Move the WARN_ON into the section where we enter broadcast mode so it wont provide false positives on the second call. 2) safe_halt() enables interrupts, so a broadcast interrupt can be delivered befor the broadcast mode is disabled. That sets the pending bit for the CPU which receives the broadcast interrupt. Though the interrupt is delivered right away from the broadcast handler and leaves the pending bit stale. Clear the pending bit for the current cpu in the broadcast handler. Reported-and-tested-by: Meelis Roos <mroos@linux.ee> Cc: Len Brown <lenb@kernel.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Rafael J. Wysocki <rjw@sisk.pl> Link: http://lkml.kernel.org/r/alpine.LFD.2.02.1305271841130.4220@ionos Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2013-05-28qxl: fix Kconfig deps - select FB_DEFERRED_IOAndrew Jones
Signed-off-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-05-27ipv4: fix redirect handling for TCP packetsMichal Kubecek
Unlike ipv4_redirect() and ipv4_sk_redirect(), ip_do_redirect() doesn't call __build_flow_key() directly but via ip_rt_build_flow_key() wrapper. This leads to __build_flow_key() getting pointer to IPv4 header of the ICMP redirect packet rather than pointer to the embedded IPv4 header of the packet initiating the redirect. As a result, handling of ICMP redirects initiated by TCP packets is broken. Issue was introduced by 4895c771c ("ipv4: Add FIB nexthop exceptions.") Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-27net: phy: fix a bug when verify the EEE supportGiuseppe CAVALLARO
The phy_init_eee has to exit with an error when the local device and its link partner both do not support EEE. So this patch fixes a problem when verify this. Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-28crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementationsJussi Kivilinna
The _XFER stack element size was set too small, 8 bytes, when it needs to be 16 bytes. As _XFER is the last stack element used by these implementations, the 16 byte stores with 'movdqa' corrupt the stack where the value of register %r12 is temporarily stored. As these implementations align the stack pointer to 16 bytes, this corruption did not happen every time. Patch corrects this issue. Reported-by: Julian Wollrath <jwollrath@web.de> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Tested-by: Julian Wollrath <jwollrath@web.de> Acked-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-05-27Merge tag 'samsung-fixes-3' of ↵Olof Johansson
git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes From Kukjin Kim: Fixes following for v3.10 - to get usb2 working on the Chromebook with adding the usb phy node for usb2 on exynos5250 - supporting exynos4210 rev0 SoC - exynos5440 restart applying only to powered-on domains - drm-exynos probe failure with adding resource names to fimd0 platform device * tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: SAMSUNG: Add names to fimd0 IRQ resources ARM: EXYNOS: fix software reset logic for EXYNOS5440 SOC ARM: EXYNOS: Fix support of Exynos4210 rev0 SoC ARM: dts: Enabling samsung-usb2phy driver for exynos5250
2013-05-27dmaengine: ste_dma40: fix pm runtime ref countingRabin Vincent
The pm runtime reference counting of the driver is broken for the case when there is more than one transfer queued, leading to the device being runtime suspend while active. Fix it. Signed-off-by: Rabin Vincent <rabin.vincent@stericsson.com> Acked-by: Linus Walleij <linus.walleij@linaro.org> Cc: stable@vger.kernel.org Signed-off-by: Vinod Koul <vinod.koul@intel.com>