summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-07-31Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Conflicts: net/bluetooth/hci_core.c
2013-07-31MAINTAINERS: change email of TI WiLink drivers' maintainerLuciano Coelho
Soon the coelho@ti.com email will not be valid anymore, so change it to my private one. Cc: Luciano Coelho <luca@coelho.fi> Signed-off-by: Luciano Coelho <coelho@ti.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-07-31mwifiex: fix command 0x2c timeout during p2p_find or p2p_connectStone Piao
We missed bss_mode check for P2P client. Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-07-31mwifiex: fix wrong data rates in P2P clientAvinash Patil
This patch fixes an issue wherein adhoc rates were being copied into association request from P2P client. Cc: <stable@vger.kernel.org> # 3.10.y Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-07-31mwifiex: check for bss_role instead of bss_mode for STA operationsAvinash Patil
This patch fixes an issue wherein association would fail on P2P interfaces. This happened because we are checking priv->mode against NL80211_IFTYPE_STATION. While this check is correct for infrastructure stations, it would fail P2P clients for which mode is NL80211_IFTYPE_P2P_CLIENT. Better check would be bss_role which has only 2 values: STA/AP. Cc: <stable@vger.kernel.org> # 3.10.y Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Stone Piao <piaoyun@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-07-31cifs: set sb->s_d_op before calling d_make_root()Jeff Layton
Currently, the s_root dentry doesn't get its d_op pointer set to anything. This breaks lookups in the root of case-insensitive mounts since that relies on having d_hash and d_compare routines that know to treat the filename as case-insensitive. cifs.ko has been broken this way for a long time, but commit 1c929cfe6 ("switch cifs"), added a cryptic comment which is removed in the patch below, which makes me wonder if this was done deliberately for some reason. It's not clear to me why we'd want the s_root not to have d_op set properly. It may have something to do with d_automount or d_revalidate on the root, but my suspicion in looking over the code is that Al was just trying to preserve the existing behavior when changing this code over to use s_d_op. This patch changes it so that we set s_d_op before calling d_make_root and removes the comment. I tested mounting, accessing and unmounting several types of shares (including DFS referrals) and everything still seemed to work OK afterward. I could be missing something however, so please do let me know if I am. Reported-by: Jan-Marek Glogowski <glogow@fbihome.de> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Ian Kent <raven@themaw.net> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-31cifs: fix bad error handling in crypto codeJeff Layton
Jarod reported an Oops like when testing with fips=1: CIFS VFS: could not allocate crypto hmacmd5 CIFS VFS: could not crypto alloc hmacmd5 rc -2 CIFS VFS: Error -2 during NTLMSSP authentication CIFS VFS: Send error in SessSetup = -2 BUG: unable to handle kernel NULL pointer dereference at 000000000000004e IP: [<ffffffff812b5c7a>] crypto_destroy_tfm+0x1a/0x90 PGD 0 Oops: 0000 [#1] SMP Modules linked in: md4 nls_utf8 cifs dns_resolver fscache kvm serio_raw virtio_balloon virtio_net mperf i2c_piix4 cirrus drm_kms_helper ttm drm i2c_core virtio_blk ata_generic pata_acpi CPU: 1 PID: 639 Comm: mount.cifs Not tainted 3.11.0-0.rc3.git0.1.fc20.x86_64 #1 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 task: ffff88007bf496e0 ti: ffff88007b080000 task.ti: ffff88007b080000 RIP: 0010:[<ffffffff812b5c7a>] [<ffffffff812b5c7a>] crypto_destroy_tfm+0x1a/0x90 RSP: 0018:ffff88007b081d10 EFLAGS: 00010282 RAX: 0000000000001f1f RBX: ffff880037422000 RCX: ffff88007b081fd8 RDX: 000000000000001f RSI: 0000000000000006 RDI: fffffffffffffffe RBP: ffff88007b081d30 R08: ffff880037422000 R09: ffff88007c090100 R10: 0000000000000000 R11: 00000000fffffffe R12: fffffffffffffffe R13: ffff880037422000 R14: ffff880037422000 R15: 00000000fffffffe FS: 00007fc322f4f780(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000000004e CR3: 000000007bdaa000 CR4: 00000000000006e0 Stack: ffffffff81085845 ffff880037422000 ffff8800375e7400 ffff880037422000 ffff88007b081d48 ffffffffa0176022 ffff880037422000 ffff88007b081d60 ffffffffa015c07b ffff880037600600 ffff88007b081dc8 ffffffffa01610e1 Call Trace: [<ffffffff81085845>] ? __cancel_work_timer+0x75/0xf0 [<ffffffffa0176022>] cifs_crypto_shash_release+0x82/0xf0 [cifs] [<ffffffffa015c07b>] cifs_put_tcp_session+0x8b/0xe0 [cifs] [<ffffffffa01610e1>] cifs_mount+0x9d1/0xad0 [cifs] [<ffffffffa014ff50>] cifs_do_mount+0xa0/0x4d0 [cifs] [<ffffffff811ab6e9>] mount_fs+0x39/0x1b0 [<ffffffff811c466f>] vfs_kern_mount+0x5f/0xf0 [<ffffffff811c6a9e>] do_mount+0x23e/0xa20 [<ffffffff811c66e6>] ? copy_mount_options+0x36/0x170 [<ffffffff811c7303>] SyS_mount+0x83/0xc0 [<ffffffff8165c8d9>] system_call_fastpath+0x16/0x1b Code: eb 9e 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 41 55 41 54 49 89 fc 53 48 83 ec 08 48 85 ff 74 46 <48> 83 7e 48 00 48 8b 5e 50 74 4b 48 89 f7 e8 83 fc ff ff 4c 8b RIP [<ffffffff812b5c7a>] crypto_destroy_tfm+0x1a/0x90 RSP <ffff88007b081d10> CR2: 000000000000004e The cifs code allocates some crypto structures. If that fails, it returns an error, but it leaves the pointers set to their PTR_ERR values. Then later when it tries to clean up, it sees that those values are non-NULL and then passes them to the routine that frees them. Fix this by setting the pointers to NULL after collecting the error code in this situation. Cc: Sachin Prabhu <sprabhu@redhat.com> Reported-by: Jarod Wilson <jarod@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-31Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds
Pull MIPS fixes from Ralf Baechle: - BMIPS SMP fixes - a build fix necessary for older compilers - two more bugs found my Chandras' testing - and one more build fix * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: BMIPS: fix slave CPU booting when physical CPU is not 0 MIPS: BMIPS: do not change interrupt routing depending on boot CPU MIPS: powertv: Fix arguments for free_reserved_area() MIPS: Set default CPU type for BCM47XX platforms MIPS: uapi/asm/siginfo.h: Fix GCC 4.1.2 compilation MIPS: Fix multiple definitions of UNCAC_BASE.
2013-07-31Merge tag 'stable/for-linus-3.11-rc3-tag' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull Xen fixes from Konrad Rzeszutek Wilk: - Three fixes for ARM/ARM64 to either compile or not certain generic drivers - Fix for avoiding a potential deadlock when an user space event channel is destroyed. - Fix a workqueue resuming multiple times. * tag 'stable/for-linus-3.11-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/tmem: do not allow XEN_TMEM on ARM64 xen/evtchn: avoid a deadlock when unbinding an event channel xen/arm: enable PV control for ARM xen/arm64: Don't compile cpu hotplug xenbus: frontend resume cleanup
2013-07-31Merge tag 'xen-arm-3.11-rc2-warn-tag' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/sstabellini/xen Pull Xen ARM fix from Stefano Stabellini. Update xen_restart to new calling convention. * tag 'xen-arm-3.11-rc2-warn-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/sstabellini/xen: xen/arm,arm64: update xen_restart after ff701306cd49 and 7b6d864b48d9
2013-07-31Merge tag 'usb-3.11-rc4' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some tiny USB fixes for 3.11-rc4 Nothing major, some gadget fixes, some new device ids, a new tiny driver for the ANT+ USB device, and a number of fixes for the mos7840 driver that were much needed" * tag 'usb-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: serial: ftdi_sio: add more RT Systems ftdi devices usb: chipidea: fix the build error with randconfig usb: chipidea: cast PORTSC_PTS and DEVLC_PTS macros usb: gadget: udc-core: fix the typo of udc state attribute usb: gadget: f_phonet: remove unused preprocessor conditional usb: gadget: multi: fix error return code in cdc_do_config() USB: mos7840: fix pointer casts USB: mos7840: fix race in led handling USB: mos7840: fix device-type detection USB: mos7840: fix race in register handling USB: serial: add driver for Suunto ANT+ USB device usb: gadget: free opts struct on error recovery usb: gadget: ether: put_usb_function on unbind usb: musb: fix resource passed from glue layer to musb
2013-07-31Merge tag 'tty-3.11-rc4' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver fixes from Greg KH: "Here are 4 tiny tty and serial driver fixes for 3.11-rc4. Nothing big, a refcount leak, a module alias fix, and two fixes to the mxs-auart serial driver" * tag 'tty-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: arc_uart: Fix module alias tty_port: Fix refcounting leak in tty_port_tty_hangup() serial/mxs-auart: increase time to wait for transmitter to become idle serial/mxs-auart: fix race condition in interrupt handler
2013-07-31usb: xhci: add missing dma-mapping.h includesJames Hogan
A randconfig build hit the following build errors because xhci.c and xhci-mem.c use dma mapping functions but don't include <linux/dma-mapping.h>. Add the missing includes to fix the build errors. drivers/usb/host/xhci.c In function 'xhci_gen_setup': drivers/usb/host/xhci.c +4872 : error: implicit declaration of function 'dma_set_mask' drivers/usb/host/xhci.c +4872 : error: implicit declaration of function 'DMA_BIT_MASK' drivers/usb/host/xhci-mem.c In function 'xhci_free_stream_ctx': drivers/usb/host/xhci-mem.c +435 : error: implicit declaration of function 'dma_free_coherent' drivers/usb/host/xhci-mem.c In function 'xhci_alloc_stream_ctx': drivers/usb/host/xhci-mem.c +463 : error: implicit declaration of function 'dma_alloc_coherent' Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-usb@vger.kernel.org Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2013-07-31HID: hidraw: fix improper mutex releaseYonghua Zheng
Mutex can not be released unless all hid_device members are properly initialized. Otherwise it would result in a race condition that can cause NULL pointer kernel panic issue in hidraw_open where it uses uninitialized 'list' member in list_add_tail(). Signed-off-by: Yonghua Zheng <younghua.zheng@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-07-31tracing: Add comment to describe special break case in probe_remove_event_call()Steven Rostedt (Red Hat)
The "break" used in the do_for_each_event_file() is used as an optimization as the loop is really a double loop. The loop searches all event files for each trace_array. There's only one matching event file per trace_array and after we find the event file for the trace_array, the break is used to jump to the next trace_array and start the search there. As this is not a standard way of using "break" in C code, it requires a comment right before the break to let people know what is going on. Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-07-31tracing: trace_remove_event_call() should fail if call/file is in useOleg Nesterov
Change trace_remove_event_call(call) to return the error if this call is active. This is what the callers assume but can't verify outside of the tracing locks. Both trace_kprobe.c/trace_uprobe.c need the additional changes, unregister_trace_probe() should abort if trace_remove_event_call() fails. The caller is going to free this call/file so we must ensure that nobody can use them after trace_remove_event_call() succeeds. debugfs should be fine after the previous changes and event_remove() does TRACE_REG_UNREGISTER, but still there are 2 reasons why we need the additional checks: - There could be a perf_event(s) attached to this tp_event, so the patch checks ->perf_refcount. - TRACE_REG_UNREGISTER can be suppressed by FTRACE_EVENT_FL_SOFT_MODE, so we simply check FTRACE_EVENT_FL_ENABLED protected by event_mutex. Link: http://lkml.kernel.org/r/20130729175033.GB26284@redhat.com Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-07-31usb: core: don't try to reset_device() a port that got just disconnectedJulius Werner
The USB hub driver's event handler contains a check to catch SuperSpeed devices that transitioned into the SS.Inactive state and tries to fix them with a reset. It decides whether to do a plain hub port reset or call the usb_reset_device() function based on whether there was a device attached to the port. However, there are device/hub combinations (found with a JetFlash Transcend mass storage stick (8564:1000) on the root hub of an Intel LynxPoint PCH) which can transition to the SS.Inactive state on disconnect (and stay there long enough for the host to notice). In this case, above-mentioned reset check will call usb_reset_device() on the stale device data structure. The kernel will send pointless LPM control messages to the no longer connected device address and can even cause several 5 second khubd stalls on some (buggy?) host controllers, before finally accepting the device's fate amongst a flurry of error messages. This patch makes the choice of reset dependent on the port status that has just been read from the hub in addition to the existence of an in-kernel data structure for the device, and only proceeds with the more extensive reset if both are valid. Signed-off-by: Julius Werner <jwerner@chromium.org> Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
2013-07-31debugfs: debugfs_remove_recursive() must not rely on list_empty(d_subdirs)Oleg Nesterov
debugfs_remove_recursive() is wrong, 1. it wrongly assumes that !list_empty(d_subdirs) means that this dir should be removed. This is not that bad by itself, but: 2. if d_subdirs does not becomes empty after __debugfs_remove() it gives up and silently fails, it doesn't even try to remove other entries. However ->d_subdirs can be non-empty because it still has the already deleted !debugfs_positive() entries. 3. simple_release_fs() is called even if __debugfs_remove() fails. Suppose we have dir1/ dir2/ file2 file1 and someone opens dir1/dir2/file2. Now, debugfs_remove_recursive(dir1/dir2) succeeds, and dir1/dir2 goes away. But debugfs_remove_recursive(dir1) silently fails and doesn't remove this directory. Because it tries to delete (the already deleted) dir1/dir2/file2 again and then fails due to "Avoid infinite loop" logic. Test-case: #!/bin/sh cd /sys/kernel/debug/tracing echo 'p:probe/sigprocmask sigprocmask' >> kprobe_events sleep 1000 < events/probe/sigprocmask/id & echo -n >| kprobe_events [ -d events/probe ] && echo "ERR!! failed to rm probe" And after that it is not possible to create another probe entry. With this patch debugfs_remove_recursive() skips !debugfs_positive() files although this is not strictly needed. The most important change is that it does not try to make ->d_subdirs empty, it simply scans the whole list(s) recursively and removes as much as possible. Link: http://lkml.kernel.org/r/20130726151256.GC19472@redhat.com Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-07-31x86, amd, microcode: Fix error path in apply_microcode_amd()Torsten Kaiser
Return -1 (like Intels apply_microcode) when the loading fails, also do not set the active microcode level on failure. Signed-off-by: Torsten Kaiser <just.for.lkml@googlemail.com> Link: http://lkml.kernel.org/r/20130723225823.2e4e7588@googlemail.com Acked-by: Borislav Petkov <bp@suse.de> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2013-07-31ASoC: wm0010: Fix resource leakDimitris Papastamos
If kzalloc() fails for `img' then we are going to leak the memory for `out'. We are freeing the memory of all the tx/rx transfers but the tx/rx buf pointers will be NULL if we drop out earlier. Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com> Signed-off-by: Mark Brown <broonie@linaro.org>
2013-07-31cgroup: fix a leak when percpu_ref_init() failsLi Zefan
ss->css_free() is not called when perfcpu_ref_init() fails. Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
2013-07-31ARM: 7801/1: v6: prevent gcc 4.5 from reordering extended CP15 reads above ↵Paul Walmsley
is_smp() test Commit 621a0147d5c921f4cc33636ccd0602ad5d7cbfbc ("ARM: 7757/1: mm: don't flush icache in switch_mm with hardware broadcasting") breaks the boot on OMAP2430SDP with omap2plus_defconfig. Tracked to an undefined instruction abort from the CP15 read in cache_ops_need_broadcast(). It turns out that gcc 4.5 reorders the extended CP15 read above the is_smp() test. This breaks ARM1136 r0 cores, since they don't support several CP15 registers that later ARM cores do. ARM1136JF-S TRM section 3.2.1 "Register allocation" has the details. So mark the extended CP15 read as clobbering memory, which prevents the compiler from reordering it before the is_smp() test. Russell states that the code generated from this approach is preferable to marking the inline asm as volatile. Remove the existing condition code clobber as it's obsolete, per Nico's post: http://www.spinics.net/lists/arm-kernel/msg261208.html This patch is a collaboration with Will Deacon and Russell King. Comments from Paul Walmsley: Russell, if you accept this one, might you also add Will's ack from the lists: Comments from Paul Walmsley: I'd also be obliged if you could add a Cc: line for Jonathan Austin, since he helped test: Signed-off-by: Paul Walmsley <paul@pwsan.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Nicolas Pitre <nicolas.pitre@linaro.org> Cc: Tony Lindgren <tony@atomide.com> Acked-by: Will Deacon <will.deacon@arm.com> Cc: Jonathan Austin <jonathan.austin@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-07-31ARM: 7800/1: ARMv7-M: Fix name of NVIC handler functionUwe Kleine-König
The name changed in response to review comments for the nvic irqchip driver when the original name was already accepted into Russell King's tree. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-07-31ASoC: au1x: Fix buildRalf Baechle
d8b51c11ff5a70244753ba60abfd47088cf4dcd4 [ASoC: ac97c: Use module_platform_driver()] broke the build: CC sound/soc/au1x/ac97c.o /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: expected identifier or ‘(’ before ‘&’ token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: pasting "__initcall_" and "&" does not give a valid preprocessing token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘&’ token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: expected identifier or ‘(’ before ‘&’ token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: pasting "__exitcall_" and "&" does not give a valid preprocessing token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:344:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘&’ token /home/ralf/src/linux/upstream-sfr/sound/soc/au1x/ac97c.c:334:31: warning: ‘au1xac97c_driver’ defined but not used [-Wunused-variable] make[5]: *** [sound/soc/au1x/ac97c.o] Error 1 make[4]: *** [sound/soc/au1x] Error 2 make[3]: *** [sound/soc] Error 2 Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Mark Brown <broonie@linaro.org>
2013-07-31RDMA/cma: Only call cma_save_ib_info() for CM REQsSean Hefty
Calling cma_save_ib_info() for CM SIDR REQs results in a crash accessing an invalid path record pointer. Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
2013-07-31RDMA/cma: Fix accessing invalid private data for UDSean Hefty
If a application is using AF_IB with a UD QP, but does not provide any private data, we will end up accessing invalid memory. Check for this case and handle it appropriately. Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
2013-07-31iwlwifi: pcie: disable L1 Active after pci_enable_deviceEmmanuel Grumbach
As Arjan pointed out, we mustn't do anything related to PCI configuration until the device is properly enabled with pci_enable_device(). Cc: stable@vger.kernel.org Reported-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-07-31iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULLStanislaw Gruszka
If channel switch is pending and we remove interface we can crash like showed below due to passing NULL vif to mac80211: BUG: unable to handle kernel paging request at fffffffffffff8cc IP: [<ffffffff8130924d>] strnlen+0xd/0x40 Call Trace: [<ffffffff8130ad2e>] string.isra.3+0x3e/0xd0 [<ffffffff8130bf99>] vsnprintf+0x219/0x640 [<ffffffff8130c481>] vscnprintf+0x11/0x30 [<ffffffff81061585>] vprintk_emit+0x115/0x4f0 [<ffffffff81657bd5>] printk+0x61/0x63 [<ffffffffa048987f>] ieee80211_chswitch_done+0xaf/0xd0 [mac80211] [<ffffffffa04e7b34>] iwl_chswitch_done+0x34/0x40 [iwldvm] [<ffffffffa04f83c3>] iwlagn_commit_rxon+0x2a3/0xdc0 [iwldvm] [<ffffffffa04ebc50>] ? iwlagn_set_rxon_chain+0x180/0x2c0 [iwldvm] [<ffffffffa04e5e76>] iwl_set_mode+0x36/0x40 [iwldvm] [<ffffffffa04e5f0d>] iwlagn_mac_remove_interface+0x8d/0x1b0 [iwldvm] [<ffffffffa0459b3d>] ieee80211_do_stop+0x29d/0x7f0 [mac80211] This is because we nulify ctx->vif in iwlagn_mac_remove_interface() before calling some other functions that teardown interface. To fix just check ctx->vif on iwl_chswitch_done(). We should not call ieee80211_chswitch_done() as channel switch works were already canceled by mac80211 in ieee80211_do_stop() -> ieee80211_mgd_stop(). Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=979581 Cc: stable@vger.kernel.org Reported-by: Lukasz Jagiello <jagiello.lukasz@gmail.com> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-07-30cifs: file: initialize oparms.reconnect before using itAndi Shyti
In the cifs_reopen_file function, if the following statement is asserted: (tcon->unix_ext && cap_unix(tcon->ses) && (CIFS_UNIX_POSIX_PATH_OPS_CAP & (tcon->fsUnixInfo.Capability))) and we succeed to open with cifs_posix_open, the function jumps to the label reopen_success and checks for oparms.reconnect which is not initialized. This issue has been reported by scan.coverity.com Signed-off-by: Andi Shyti <andi@etezian.org> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-30Do not attempt to do cifs operations reading symlinks with SMB2Steve French
When use of symlinks is enabled (mounting with mfsymlinks option) to non-Samba servers, we always tried to use cifs, even when we were mounted with SMB2 or SMB3, which causes the server to drop the network connection. This patch separates out the protocol specific operations for cifs from the code which recognizes symlinks, and fixes the problem where with SMB2 mounts we attempt cifs operations to open and read symlinks. The next patch will add support for SMB2 for opening and reading symlinks. Additional followon patches will address the similar problem creating symlinks. Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-30cifs: extend the buffer length enought for sprintf() usingChen Gang
For cifs_set_cifscreds() in "fs/cifs/connect.c", 'desc' buffer length is 'CIFSCREDS_DESC_SIZE' (56 is less than 256), and 'ses->domainName' length may be "255 + '\0'". The related sprintf() may cause memory overflow, so need extend related buffer enough to hold all things. It is also necessary to be sure of 'ses->domainName' must be less than 256, and define the related macro instead of hard code number '256'. Signed-off-by: Chen Gang <gang.chen@asianux.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Scott Lovenberg <scott.lovenberg@gmail.com> CC: <stable@vger.kernel.org> Signed-off-by: Steve French <smfrench@gmail.com>
2013-07-30mlx5: fix error return code in mlx5_alloc_uuars()Wei Yongjun
Fix to return -ENOMEM from the ioremap error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-30mvneta: Try to fix mvneta when compiled as moduleArnaud Patard \(Rtp\)
When the mvneta driver is compiled as module, the clock is disabled before it's loading. This will reset the registers values and all configuration made by the bootloader. This patch sets the "sgmii serdes configuration" register to a magical value found in: https://github.com/yellowback/ubuntu-precise-armadaxp/blob/master/arch/arm/mach-armadaxp/armada_xp_family/ctrlEnv/mvCtrlEnvLib.c With this change, the interrupts are working/generated and ethernet is working. Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-30mvneta: Fix hang when loading the mvneta driverArnaud Patard \(Rtp\)
When the mvneta driver is compiled, it'll be loaded with clocks disabled. This implies that the clocks should be enabled again before any register access or it'll hang. To fix it: - enable clock earlier - move timer callback after setting timer.data Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-30atl1c: Fix misuse of netdev_alloc_skb in refilling rx ringEric Dumazet
On Mon, 2013-07-29 at 08:30 -0700, Eric Dumazet wrote: > On Mon, 2013-07-29 at 13:09 +0100, Luis Henriques wrote: > > > > > I confirm that I can't reproduce the issue using this patch. > > > > Thanks, I'll send a polished patch, as this one had an error if > build_skb() returns NULL (in case sk_buff allocation fails) Please try the following patch : It should use 2K frags instead of 4K for normal 1500 mtu Thanks ! [PATCH] atl1c: use custom skb allocator We had reports ( https://bugzilla.kernel.org/show_bug.cgi?id=54021 ) that using high order pages for skb allocations is problematic for atl1c We do not know exactly what the problem is, but we suspect that crossing 4K pages is not well supported by this hardware. Use a custom allocator, using page allocator and 2K fragments for optimal stack behavior. We might make this allocator generic in future kernels. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Luis Henriques <luis.henriques@canonical.com> Cc: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-31ARM: shmobile: lager: do not annotate gpio_buttons as __initdataSimon Horman
When the gpio-keys device is registered using platform_device_register_data() the platform data argument, lager_keys_pdata is duplicated and thus should be marked as __initdata to avoid wasting memory. However, this is not true of gpio_buttons, a reference to it rather than its value is duplicated when lager_keys_pdata is duplicated. This avoids accessing freed memory if gpio-key events occur after unused kernel memory is freed late in the kernel's boot. This but was added when support for gpio-keys was added to lager in c3842e4fcbb7664276443b79187b7808c2e80a35 ("ARM: shmobile: lager: support GPIO switches") which was included in v3.11-rc1. Tested-by: Magnus Damm <damm@opensource.se> Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2013-07-31ARM: shmobile: BOCK-W: fix SDHI0 PFC settingsSergei Shtylyov
The following message is printed on the BOCK-W kernel bootup: sh-pfc pfc-r8a7778: invalid group "sdhi0" for function "sdhi0" In addition, SD card cannot be detected. The reason is apparently that commit ca7bb309485e4ec89a9addd47bea (ARM: shmobile: bockw: add SDHI0 support) matched the previous version of commit 564617d2f92473031d035deb273da5 (sh-pfc: r8a7778: add SDHI support). Add the missing pin groups according to the BOCK-W board schematics. Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2013-07-31shdma: fixup sh_dmae_get_partial() calculation errorKuninori Morimoto
sh_desc->hw.tcr is controlling real data size, and, register TCR is controlling data transfer count which was xmit_shifted value of hw.tcr. Current sh_dmae_get_partial() is calculating in different unit. This patch fixes it. This bug has been present since c014906a870ce70e009def0c9d170ccabeb0be63 ("dmaengine: shdma: extend .device_terminate_all() to record partial transfer"), which was added in 2.6.34-rc1. Cc: Vinod Koul <vinod.koul@intel.com> Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Acked-by: Guennadi Liakhovetski <g.liakhovetski+renesas@gmail.com> Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2013-07-30ftrace: Check module functions being traced on reloadSteven Rostedt (Red Hat)
There's been a nasty bug that would show up and not give much info. The bug displayed the following warning: WARNING: at kernel/trace/ftrace.c:1529 __ftrace_hash_rec_update+0x1e3/0x230() Pid: 20903, comm: bash Tainted: G O 3.6.11+ #38405.trunk Call Trace: [<ffffffff8103e5ff>] warn_slowpath_common+0x7f/0xc0 [<ffffffff8103e65a>] warn_slowpath_null+0x1a/0x20 [<ffffffff810c2ee3>] __ftrace_hash_rec_update+0x1e3/0x230 [<ffffffff810c4f28>] ftrace_hash_move+0x28/0x1d0 [<ffffffff811401cc>] ? kfree+0x2c/0x110 [<ffffffff810c68ee>] ftrace_regex_release+0x8e/0x150 [<ffffffff81149f1e>] __fput+0xae/0x220 [<ffffffff8114a09e>] ____fput+0xe/0x10 [<ffffffff8105fa22>] task_work_run+0x72/0x90 [<ffffffff810028ec>] do_notify_resume+0x6c/0xc0 [<ffffffff8126596e>] ? trace_hardirqs_on_thunk+0x3a/0x3c [<ffffffff815c0f88>] int_signal+0x12/0x17 ---[ end trace 793179526ee09b2c ]--- It was finally narrowed down to unloading a module that was being traced. It was actually more than that. When functions are being traced, there's a table of all functions that have a ref count of the number of active tracers attached to that function. When a function trace callback is registered to a function, the function's record ref count is incremented. When it is unregistered, the function's record ref count is decremented. If an inconsistency is detected (ref count goes below zero) the above warning is shown and the function tracing is permanently disabled until reboot. The ftrace callback ops holds a hash of functions that it filters on (and/or filters off). If the hash is empty, the default means to filter all functions (for the filter_hash) or to disable no functions (for the notrace_hash). When a module is unloaded, it frees the function records that represent the module functions. These records exist on their own pages, that is function records for one module will not exist on the same page as function records for other modules or even the core kernel. Now when a module unloads, the records that represents its functions are freed. When the module is loaded again, the records are recreated with a default ref count of zero (unless there's a callback that traces all functions, then they will also be traced, and the ref count will be incremented). The problem is that if an ftrace callback hash includes functions of the module being unloaded, those hash entries will not be removed. If the module is reloaded in the same location, the hash entries still point to the functions of the module but the module's ref counts do not reflect that. With the help of Steve and Joern, we found a reproducer: Using uinput module and uinput_release function. cd /sys/kernel/debug/tracing modprobe uinput echo uinput_release > set_ftrace_filter echo function > current_tracer rmmod uinput modprobe uinput # check /proc/modules to see if loaded in same addr, otherwise try again echo nop > current_tracer [BOOM] The above loads the uinput module, which creates a table of functions that can be traced within the module. We add uinput_release to the filter_hash to trace just that function. Enable function tracincg, which increments the ref count of the record associated to uinput_release. Remove uinput, which frees the records including the one that represents uinput_release. Load the uinput module again (and make sure it's at the same address). This recreates the function records all with a ref count of zero, including uinput_release. Disable function tracing, which will decrement the ref count for uinput_release which is now zero because of the module removal and reload, and we have a mismatch (below zero ref count). The solution is to check all currently tracing ftrace callbacks to see if any are tracing any of the module's functions when a module is loaded (it already does that with callbacks that trace all functions). If a callback happens to have a module function being traced, it increments that records ref count and starts tracing that function. There may be a strange side effect with this, where tracing module functions on unload and then reloading a new module may have that new module's functions being traced. This may be something that confuses the user, but it's not a big deal. Another approach is to disable all callback hashes on module unload, but this leaves some ftrace callbacks that may not be registered, but can still have hashes tracing the module's function where ftrace doesn't know about it. That situation can cause the same bug. This solution solves that case too. Another benefit of this solution, is it is possible to trace a module's function on unload and load. Link: http://lkml.kernel.org/r/20130705142629.GA325@redhat.com Reported-by: Jörn Engel <joern@logfs.org> Reported-by: Dave Jones <davej@redhat.com> Reported-by: Steve Hodgson <steve@purestorage.com> Tested-by: Steve Hodgson <steve@purestorage.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2013-07-31drm/i915: fix missed hunk after GT access breakageBen Widawsky
Upon some code refactoring, a hunk was missed. This was fixed for next, but missed the current trees, and hasn't yet been merged by Dave Airlie. It is fixed in: commit 907b28c56ea40629aa6595ddfa414ec2fc7da41c Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Fri Jul 19 20:36:52 2013 +0100 drm/i915: Colocate all GT access routines in the same file It is introduced by: commit 181d1b9e31c668259d3798c521672afb8edd355c Author: Daniel Vetter <daniel.vetter@ffwll.ch> Date: Sun Jul 21 13:16:24 2013 +0200 drm/i915: fix up gt init sequence fallout Reported-by: Dave Jones <davej@redhat.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Ben Widawsky <ben@bwidawsk.net> Signed-off-by: Dave Airlie <airlied@redhat.com>
2013-07-30genetlink: fix usage of NLM_F_EXCL or NLM_F_REPLACEPablo Neira
Currently, it is not possible to use neither NLM_F_EXCL nor NLM_F_REPLACE from genetlink. This is due to this checking in genl_family_rcv_msg: if (nlh->nlmsg_flags & NLM_F_DUMP) NLM_F_DUMP is NLM_F_MATCH|NLM_F_ROOT. Thus, if NLM_F_EXCL or NLM_F_REPLACE flag is set, genetlink believes that you're requesting a dump and it calls the .dumpit callback. The solution that I propose is to refine this checking to make it stricter: if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) And given the combination NLM_F_REPLACE and NLM_F_EXCL does not make sense to me, it removes the ambiguity. There was a patch that tried to fix this some time ago (0ab03c2 netlink: test for all flags of the NLM_F_DUMP composite) but it tried to resolve this ambiguity in *all* existing netlink subsystems, not only genetlink. That patch was reverted since it broke iproute2, which is using NLM_F_ROOT to request the dump of the routing cache. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-30af_key: more info leaks in pfkey messagesDan Carpenter
This is inspired by a5cc68f3d6 "af_key: fix info leaks in notify messages". There are some struct members which don't get initialized and could disclose small amounts of private information. Acked-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-31NFC: netlink: Rename CMD_FW_UPLOAD to CMD_FW_DOWNLOADSamuel Ortiz
Loading a firmware into a target is typically called firmware download, not firmware upload. So we rename the netlink API to NFC_CMD_FW_DOWNLOAD in order to avoid any terminology confusion from userspace. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-07-30RDMA/cma: Fix gcc warningPaul Bolle
Building cma.o triggers this gcc warning: drivers/infiniband/core/cma.c: In function ‘rdma_resolve_addr’: drivers/infiniband/core/cma.c:465:23: warning: ‘port’ may be used uninitialized in this function [-Wmaybe-uninitialized] drivers/infiniband/core/cma.c:426:5: note: ‘port’ was declared here This is a false positive, as "port" will always be initialized if we're at "found". But if we assign to "id_priv->id.port_num" directly, we can drop "port". That will, obviously, silence gcc. Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
2013-07-30net/fec: Don't let ndo_start_xmit return NETDEV_TX_BUSY without linkUwe Kleine-König
Don't test for having link and let hardware deal with this situation. Without this patch I see a machine running an -rt patched Linux being stuck in sch_direct_xmit when it looses link while there is still a packet to be sent. In this case the fec_enet_start_xmit routine returned NETDEV_TX_BUSY which makes the network stack reschedule the packet and so sch_direct_xmit calls fec_enet_start_xmit again. I failed to reproduce a complete hang without -rt, but I think the problem exists there, too. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-30Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"Roland Dreier
This reverts commit bca1935ccdec, which removes variables nes_tcp_state_str and nes_iwarp_state_str, assuming that they aren't defined. However, they are defined within a #ifdef NES_DEBUG statement, which if enabled causes "defined but not used" compiler warning, when the variables are removed. Signed-off-by: Tatyana Nikolova <Tatyana.E.Nikolova@intel.com> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Roland Dreier <roland@purestorage.com>
2013-07-31Merge branch 'drm-fixes-3.11' of git://people.freedesktop.org/~agd5f/linuxDave Airlie
Alex writes: - more fixes for SI dpm - fix DP on some rv6xx boards * 'drm-fixes-3.11' of git://people.freedesktop.org/~agd5f/linux: drm/radeon/dpm: re-enable cac control on SI drm/radeon/dpm: fix calculations in si_calculate_leakage_for_v_and_t_formula drm: fix 64 bit drm fixed point helpers drm/radeon/atom: initialize more atom interpretor elements to 0
2013-07-31gpio_msm: Fix build error due to missing err.hStephen Boyd
drivers/gpio/gpio-msm-v1.c: In function 'gpio_msm_v1_probe': drivers/gpio/gpio-msm-v1.c:656:2: error: implicit declaration of function 'IS_ERR' [-Werror=implicit-function-declaration] drivers/gpio/gpio-msm-v1.c:657:3: error: implicit declaration of function 'PTR_ERR' [-Werror=implicit-function-declaration] This driver failed to compile after commit 68515bb (gpio_msm: Convert to use devm_ioremap_resource, 2013-06-10). Acked-by: Tushar Behera <tushar.behera@linaro.org> Signed-off-by: Stephen Boyd <sboyd@codeaurora.org> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2013-07-31Revert "gpio/omap: don't create an IRQ mapping for every GPIO on DT"Linus Walleij
This reverts commit 0e970cec05635adbe7b686063e2548a8e4afb8f4. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2013-07-31Revert "gpio/omap: auto request GPIO as input if used as IRQ via DT"Linus Walleij
This reverts commit b4419e1a15905191661ffe75ba2f9e649f5d565e. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>