summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-09-13bnx2x: Use pci_dev pm_capJon Mason
Use the already existing pm_cap variable in struct pci_dev for determining the power management offset. This saves the driver from having to keep track of an extra variable. Signed-off-by: Jon Mason <jdmason@kudzu.us> Cc: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13alx: remove redundant D0 power state setYijing Wang
Pci_enable_device_mem() will set device power state to D0, so it's no need to do it again in alx_probe(). Also remove redundant PM Cap find code, because pci core has been saved the pci device pm cap value. Signed-off-by: Yijing Wang <wangyijing@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13be2net: missing variable initializationAntonio Alecrim Jr
Signed-off-by: Antonio Alecrim Jr <antonio.alecrim@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13isdn: clean up debug format string usageKees Cook
Avoid unneeded local string buffers for constructing debug output. Also cleans up debug calls that contain a single parameter so that they cannot be accidentally parsed as format strings. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13drivers/atm/he.c: convert to module_pci_driverLibo Chen
Signed-off-by: Libo Chen <libo.chen@huawei.com> Cc: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains updates to ixgbe and e1000e. Jacob provides a ixgbe patch to fix the configure_rx patch to properly disable RSC hardware logic when a user disables it. Previously we only disabled RSC in the queue settings, but this does not fully disable hardware RSC logic which can lead to unexpected performance issues. Emil provides three fixes for ixgbe. First fixes the ethtool loopback test when DCB is enabled, where the frames may be modified on Tx (by adding VLAN tag) which will fail the check on receive. Then a fix for QSFP+ modules, limit the speed setting to advertise only one speed at a time since the QSFP+ modules do not support auto negotiation. Lastly, resolve an issue where the driver will display incorrect info for QSFP+ modules that were inserted after the driver has been loaded. David Ertman provides to fixes for e1000e, one removes a comparison to the boolean value true where evaluating the lvalue will produce the same result. The other fixes an error in the calculation of the rar_entry_count, which causes a write of unkown/undefined register space in the MAC to unknown/undefined register space in the PHY. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-13cifs: update cifs.txt and remove some outdated infosBjörn Jacke
Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Björn JACKE <bj@sernet.de> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-13cifs: Avoid calling unlock_page() twice in cifs_readpage() when using fscacheSachin Prabhu
When reading a single page with cifs_readpage(), we make a call to fscache_read_or_alloc_page() which once done, asynchronously calls the completion function cifs_readpage_from_fscache_complete(). This completion function unlocks the page once it has been populated from cache. The module then attempts to unlock the page a second time in cifs_readpage() which leads to warning messages. In case of a successful call to fscache_read_or_alloc_page() we should skip the second unlock_page() since this will be called by the cifs_readpage_from_fscache_complete() once the page has been populated by fscache. With the modifications to cifs_readpage_worker(), we will need to re-grab the page lock in cifs_write_begin(). The problem was first noticed when testing new fscache patches for cifs. https://bugzilla.redhat.com/show_bug.cgi?id=1005737 Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-13cifs: Do not take a reference to the page in cifs_readpage_worker()Sachin Prabhu
We do not need to take a reference to the pagecache in cifs_readpage_worker() since the calling function will have already taken one before passing the pointer to the page as an argument to the function. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
2013-09-13Merge tag 'hwmon-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "Some more low risk cleanup patches: - Remove unnecessary pci_set_drvdata in k10temp driver from Jingoo Han - Fix return values in several drivers from Sachin Kamat - Remove redundant break in amc6821 driver from Sachin Kamat" * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (k10temp) remove unnecessary pci_set_drvdata() hwmon: (tmp421) Fix return value hwmon: (amc6821) Remove redundant break hwmon: (amc6821) Fix return value hwmon: (ibmaem) Fix return value hwmon: (emc2103) Fix return value
2013-09-13Merge tag 'xtensa-next-20130912' of git://github.com/czankel/xtensa-linuxLinus Torvalds
Pull Xtensa updates from Chris Zankel. * tag 'xtensa-next-20130912' of git://github.com/czankel/xtensa-linux: xtensa: Fix broken allmodconfig build xtensa: remove CCOUNT_PER_JIFFY xtensa: fix !CONFIG_XTENSA_CALIBRATE_CCOUNT build failure xtensa: don't use echo -e needlessly xtensa: new fast_alloca handler xtensa: keep a3 and excsave1 on entry to exception handlers xtensa: enable kernel preemption xtensa: check thread flags atomically on return from user exception
2013-09-13Merge git://git.kvack.org/~bcrl/aio-nextLinus Torvalds
Pull aio changes from Ben LaHaise: "First off, sorry for this pull request being late in the merge window. Al had raised a couple of concerns about 2 items in the series below. I addressed the first issue (the race introduced by Gu's use of mm_populate()), but he has not provided any further details on how he wants to rework the anon_inode.c changes (which were sent out months ago but have yet to be commented on). The bulk of the changes have been sitting in the -next tree for a few months, with all the issues raised being addressed" * git://git.kvack.org/~bcrl/aio-next: (22 commits) aio: rcu_read_lock protection for new rcu_dereference calls aio: fix race in ring buffer page lookup introduced by page migration support aio: fix rcu sparse warnings introduced by ioctx table lookup patch aio: remove unnecessary debugging from aio_free_ring() aio: table lookup: verify ctx pointer staging/lustre: kiocb->ki_left is removed aio: fix error handling and rcu usage in "convert the ioctx list to table lookup v3" aio: be defensive to ensure request batching is non-zero instead of BUG_ON() aio: convert the ioctx list to table lookup v3 aio: double aio_max_nr in calculations aio: Kill ki_dtor aio: Kill ki_users aio: Kill unneeded kiocb members aio: Kill aio_rw_vect_retry() aio: Don't use ctx->tail unnecessarily aio: io_cancel() no longer returns the io_event aio: percpu ioctx refcount aio: percpu reqs_available aio: reqs_active -> reqs_available aio: fix build when migration is disabled ...
2013-09-13ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()Dan Carpenter
This is called from snd_ctl_elem_write() with user supplied data so we need to add some bounds checking. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mark Brown <broonie@linaro.org> Cc: stable@vger.kernel.org
2013-09-13ASoC: ab8500-codec: info leak in anc_status_control_put()Dan Carpenter
If the user passes an invalid value it leads to an info leak when we print the error message or it could oops. This is called with user supplied data from snd_ctl_elem_write(). Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mark Brown <broonie@linaro.org> Cc: stable@vger.kernel.org
2013-09-13ASoC: max98095: a couple array underflowsDan Carpenter
The ->put() function are called from snd_ctl_elem_write() with user supplied data. The limit checks here could underflow leading to a crash. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mark Brown <broonie@linaro.org> Cc: stable@vger.kernel.org
2013-09-13ASoC: core: Only add platform DAI widgets once.Liam Girdwood
Currently platform CPU DAI widgets are created in soc_probe_platform and soc_probe_link_dais. Remove the extra call in soc_probe_link_dais(). Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com> Signed-off-by: Mark Brown <broonie@linaro.org>
2013-09-13e1000e: fix overrun of PHY RAR arrayDavid Ertman
When copying the MAC RAR registers to PHY there is an error in the calculation of the rar_entry_count, which causes a write of unknown/ undefined register space in the MAC to unknown/undefined register space in the PHY. This patch fixes the overrun with writing to the PHY RAR and also fixes the ethtool offline register tests so that the correctly addressed registers have the appropriate bitmasks for R/W and RO bits for affected parts. Shawn Rader gets credit for finding and fixing the register overrun. Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> CC: Shawn Rader <shawn.t.rader@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13e1000e: cleanup boolean comparison to trueDavid Ertman
Removing a comparison to the boolean value true where simply interrogating the lvalue will produce the same result. Signed-off-by: David Ertman <davidx.m.ertman@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13ixgbe: fix ethtool reporting of supported links for SFP modulesEmil Tantilov
This patch resolves an issue where the driver will display incorrect info for Q/SFP+ modules that were inserted after the driver has been loaded. This patch adds a call to identify_phy() in ixgbe_get_settings() prior to calling get_link_capabilities() which needs the PHY data in order to determine the correct settings. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13ixgbe: limit setting speed to only one at a time for QSFP modulesEmil Tantilov
QSFP+ modules do not support auto negotiation and should advertise only one speed at a time. This patch adds logic in ethtool to allow setting and reporting the advertised speed at either 1Gbps or 10Gbps, but not both. Also limits the speed set in ixgbe_sfp_link_config_subtask() to highest supported. Previously the link was set to whatever the supported speeds were. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13ixgbe: fix ethtool loopback diagnostic with DCB enabledEmil Tantilov
This patch disables DCB prior to running the loopback test. When DCB is enabled the frames may be modified on Tx (by adding vlan tag) which will fail the check on Rx. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Tested-by: Jack Morgan <jack.morgan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13tile: remove stale arch/tile/kernel/futex_64.SChris Metcalf
This should have been removed with commit 47d632f9f8f3, but it was overlooked. Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
2013-09-13tile: remove HUGE_VMAP dead codeChris Metcalf
A config option to allow a variant vmap() using huge pages that was never upstreamed had some bits of code related to it scattered around the tile architecture; the config option was removed downstream and this commit cleans up the scattered evidence of it from the upstream as well. Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
2013-09-13tile: use pmd_pfn() instead of casting via pte_tChris Metcalf
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
2013-09-13tile: fix typos in comment in arch/tile/kernel/unaligned.cChris Metcalf
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
2013-09-13ixgbe: fully disable hardware RSC logic when disabling RSCJacob Keller
This patch modifies the configure_rx path in order to properly disable RSC hardware logic when the user disables it. Previously we only disabled RSC in the queue settings, but this does not fully disable hardware RSC logic which can lead to some unexpected performance issues. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-09-13Merge branch 'genirq' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull generic hardirq option removal from Martin Schwidefsky: "All architectures now use generic hardirqs, s390 has been last to switch. With that the code under !CONFIG_GENERIC_HARDIRQS and the related HAVE_GENERIC_HARDIRQS and GENERIC_HARDIRQS config options can be removed. Yay!" * 'genirq' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: Remove GENERIC_HARDIRQ config option
2013-09-13Merge branch 'kconfig' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kconfig fix from Michal Marek: "This is a fix for a regression caused by my previous pull request. A sed command in scripts/config that used colons as separator was accidentally changed to use slashes, which fails when you use slashes in a value. Changing it back to colons is of course not a proper fix, but at least it will be broken in the same way it had been for four years. A proper fix is pending" * 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: scripts/config: fix variable substitution command
2013-09-13Merge tag 'blackfin-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/realmz6/blackfin-linux Pull blackfin updates from Steven Miao. * tag 'blackfin-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/realmz6/blackfin-linux: blackfin: Ignore generated uImages blackfin: Add STMMAC platform data to enable dwmac1000 driver on BF60x. bf609: adv7343: add S-Video and Component output support bf609: add adv7343 video encoder support clock: add stmmac clock for ethernet driver blackfin: scb: Add SCB1 to SCB9 config options and data. blackfin: scb: Add system crossbar init code.
2013-09-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
Pull crypto fixes from Herbert Xu: "This fixes a 7+ year race condition in the crypto API that causes sporadic crashes when multiple threads load the same algorithm. It also fixes the crct10dif algorithm again to prevent boot failures on systems where the initramfs tool ignores module softdeps" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: crct10dif - Add fallback for broken initrds crypto: api - Fix race condition in larval lookup
2013-09-13HID: lenovo-tpkbd: fix leak if tpkbd_probe_tp failsBenjamin Tissoires
If tpkbd_probe_tp() bails out, the probe() function return an error, but hid_hw_stop() is never called. fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1003998 Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: multitouch: validate indexes detailsBenjamin Tissoires
When working on report indexes, always validate that they are in bounds. Without this, a HID device could report a malicious feature report that could trick the driver into a heap overflow: [ 634.885003] usb 1-1: New USB device found, idVendor=0596, idProduct=0500 ... [ 676.469629] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten Note that we need to change the indexes from s8 to s16 as they can be between -1 and 255. CVE-2013-2897 Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: logitech-dj: validate output report detailsKees Cook
A HID device could send a malicious output report that would cause the logitech-dj HID driver to leak kernel memory contents to the device, or trigger a NULL dereference during initialization: [ 304.424553] usb 1-1: New USB device found, idVendor=046d, idProduct=c52b ... [ 304.780467] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 [ 304.781409] IP: [<ffffffff815d50aa>] logi_dj_recv_send_report.isra.11+0x1a/0x90 CVE-2013-2895 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: validate feature and input report detailsBenjamin Tissoires
When dealing with usage_index, be sure to properly use unsigned instead of int to avoid overflows. When working on report fields, always validate that their report_counts are in bounds. Without this, a HID device could report a malicious feature report that could trick the driver into a heap overflow: [ 634.885003] usb 1-1: New USB device found, idVendor=0596, idProduct=0500 ... [ 676.469629] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten CVE-2013-2897 Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: lenovo-tpkbd: validate output report detailsKees Cook
A HID device could send a malicious output report that would cause the lenovo-tpkbd HID driver to write just beyond the output report allocation during initialization, causing a heap overflow: [ 76.109807] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009 ... [ 80.462540] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten CVE-2013-2894 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13MIPS: kernel: vpe: Make vpe_attrs an array of pointers.Markos Chandras
Commit 567b21e973ccf5b0d13776e408d7c67099749eb8 "mips: convert vpe_class to use dev_groups" broke the build on MIPS since vpe_attrs should be an array of 'struct device_attribute' pointers. Fixes the following build problem: arch/mips/kernel/vpe.c:1372:2: error: missing braces around initializer [-Werror=missing-braces] arch/mips/kernel/vpe.c:1372:2: error: (near initialization for 'vpe_attrs[0]') [-Werror=missing-braces] Cc: Ralf Baechle <ralf@linux-mips.org> Cc: John Crispin <blogic@openwrt.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5819/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2013-09-13HID: LG: validate HID output report detailsKees Cook
A HID device could send a malicious output report that would cause the lg, lg3, and lg4 HID drivers to write beyond the output report allocation during an event, causing a heap overflow: [ 325.245240] usb 1-1: New USB device found, idVendor=046d, idProduct=c287 ... [ 414.518960] BUG kmalloc-4096 (Not tainted): Redzone overwritten Additionally, while lg2 did correctly validate the report details, it was cleaned up and shortened. CVE-2013-2893 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: steelseries: validate output report detailsKees Cook
A HID device could send a malicious output report that would cause the steelseries HID driver to write beyond the output report allocation during initialization, causing a heap overflow: [ 167.981534] usb 1-1: New USB device found, idVendor=1038, idProduct=1410 ... [ 182.050547] BUG kmalloc-256 (Tainted: G W ): Redzone overwritten CVE-2013-2891 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: sony: validate HID output report detailsKees Cook
This driver must validate the availability of the HID output report and its size before it can write LED states via buzz_set_leds(). This stops a heap overflow that is possible if a device provides a malicious HID output report: [ 108.171280] usb 1-1: New USB device found, idVendor=054c, idProduct=0002 ... [ 117.507877] BUG kmalloc-192 (Not tainted): Redzone overwritten CVE-2013-2890 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org #3.11 Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: zeroplus: validate output report detailsKees Cook
The zeroplus HID driver was not checking the size of allocated values in fields it used. A HID device could send a malicious output report that would cause the driver to write beyond the output report allocation during initialization, causing a heap overflow: [ 1442.728680] usb 1-1: New USB device found, idVendor=0c12, idProduct=0005 ... [ 1466.243173] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten CVE-2013-2889 Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13HID: provide a helper for validating hid reportsKees Cook
Many drivers need to validate the characteristics of their HID report during initialization to avoid misusing the reports. This adds a common helper to perform validation of the report exisitng, the field existing, and the expected number of values within the field. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13Remove GENERIC_HARDIRQ config optionMartin Schwidefsky
After the last architecture switched to generic hard irqs the config options HAVE_GENERIC_HARDIRQS & GENERIC_HARDIRQS and the related code for !CONFIG_GENERIC_HARDIRQS can be removed. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-09-13scripts/config: fix variable substitution commandClement Chauplannaz
Commit 229455bc02b87f7128f190c4491b4ceffff38648 accidentally changed the separator between sed `s' command and its parameters from ':' to '/'. Revert this change. Reported-and-tested-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Clement Chauplannaz <chauplac@gmail.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-09-13MIPS: Fix SMP core calculations when using MT support.Leonid Yegoshin
The TCBIND register is only available if the core has MT support. It should not be read otherwise. Secondly, the number of TCs (siblings) are calculated differently depending on if the kernel is configured as SMVP or SMTC. Signed-off-by: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Signed-off-by: Steven J. Hill <Steven.Hill@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5822/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2013-09-13netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pktPhil Oester
In commit 58a317f1 (netfilter: ipv6: add IPv6 NAT support), icmpv6_manip_pkt was added with an incorrect comparison of ICMP codes to types. This causes problems when using NAT rules with the --random option. Correct the comparison. This closes netfilter bugzilla #851, reported by Alexander Neumann. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-09-13netfilter: nf_conntrack: use RCU safe kfree for conntrack extensionsMichal Kubeček
Commit 68b80f11 (netfilter: nf_nat: fix RCU races) introduced RCU protection for freeing extension data when reallocation moves them to a new location. We need the same protection when freeing them in nf_ct_ext_free() in order to prevent a use-after-free by other threads referencing a NAT extension data via bysource list. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-09-13MIPS: DECstation I/O ASIC DMA interrupt handling fixMaciej W. Rozycki
This change complements commit d0da7c002f7b2a93582187a9e3f73891a01d8ee4 and brings clear_ioasic_irq back, renaming it to clear_ioasic_dma_irq at the same time, to make I/O ASIC DMA interrupts functional. Unlike ordinary I/O ASIC interrupts DMA interrupts need to be deasserted by software by writing 0 to the respective bit in I/O ASIC's System Interrupt Register (SIR), similarly to how CP0.Cause.IP0 and CP0.Cause.IP1 bits are handled in the CPU (the difference is SIR DMA interrupt bits are R/W0C so there's no need for an RMW cycle). Otherwise the handler is reentered over and over again. The only current user is the DEC LANCE Ethernet driver and its extremely uncommon DMA memory error handler that does not care when exactly the interrupt is cleared. Anticipating the use of DMA interrupts by the Zilog SCC driver this change however exports clear_ioasic_dma_irq for device drivers to choose the right application-specific sequence to clear the request explicitly rather than calling it implicitly in the .irq_eoi handler of `struct irq_chip'. Previously these interrupts were cleared in the .end handler of the said structure, before it was removed. Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5826/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2013-09-13MIPS: DECstation HRT initialization rearrangementMaciej W. Rozycki
Not all I/O ASIC versions have the free-running counter implemented, an early revision used in the 5000/1xx models aka 3MIN and 4MIN did not have it. Therefore we cannot unconditionally use it as a clock source. Fortunately if not implemented its register slot has a fixed value so it is enough if we check for the value at the end of the calibration period being the same as at the beginning. This also means we need to look for another high-precision clock source on the systems affected. The 5000/1xx can have an R4000SC processor installed where the CP0 Count register can be used as a clock source. Unfortunately all the R4k DECstations suffer from the missed timer interrupt on CP0 Count reads erratum, so we cannot use the CP0 timer as a clock source and a clock event both at a time. However we never need an R4k clock event device because all DECstations have a DS1287A RTC chip whose periodic interrupt can be used as a clock source. This gives us the following four configuration possibilities for I/O ASIC DECstations: 1. No I/O ASIC counter and no CP0 timer, e.g. R3k 5000/1xx (3MIN). 2. No I/O ASIC counter but the CP0 timer, i.e. R4k 5000/150 (4MIN). 3. The I/O ASIC counter but no CP0 timer, e.g. R3k 5000/240 (3MAX+). 4. The I/O ASIC counter and the CP0 timer, e.g. R4k 5000/260 (4MAX+). For #1 and #2 this change stops the I/O ASIC free-running counter from being installed as a clock source of a 0Hz frequency. For #2 it also arranges for the CP0 timer to be used as a clock source rather than a clock event device, because having an accurate wall clock is more important than a high-precision interval timer. For #3 there is no change. For #4 the change makes the I/O ASIC free-running counter installed as a clock source so that the CP0 timer can be used as a clock event device. Unfortunately the use of the CP0 timer as a clock event device relies on a succesful completion of c0_compare_interrupt. That never happens, because while waiting for a CP0 Compare interrupt to happen the function spins in a loop reading the CP0 Count register. This makes the CP0 Count erratum trigger reliably causing the interrupt waited for to be lost in all cases. As a result #4 resorts to using the CP0 timer as a clock source as well, just as #2. However we want to keep this separate arrangement in case (hope) c0_compare_interrupt is eventually rewritten such that it avoids the erratum. Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5825/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2013-09-12net/irda/mcs7780: fix memory leaks in mcs_net_open()Alexey Khoroshilov
If rx_urb allocation fails in mcs_setup_urbs(), tx_urb leaks. If mcs_receive_start() fails in mcs_net_open(), the both urbs are not deallocated. The patch fixes the issues and by the way fixes label indentation. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-09-12net/mlx4_en: Check device state when setting coalescingEugenia Emantayev
When the device is down, CQs are freed. We must check the device state to avoid issuing firmware commands on non existing CQs. CC: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com> Signed-off-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>