Commit Graph

468531 Commits

Author SHA1 Message Date
Linus Torvalds
26d189b82f arm64 fixes for merge window fallout
This small set of fixes addresses a few issues introduced during the
 merge window, including:
 
   - Fix typo in I-cache detection that was causing us to treat all
     I-caches as aliasing
   - Hook up memfd_create and getrandom syscalls for native and compat
   - Revert a temporary hack for defconfig builds in -next (the audit
     tree changes didn't make it in this merge window)
   - A couple of UEFI fixes for TEXT_OFFSET fuzzing and /memreserve/
   - A simple sparsemem fix for 48-bit physical addressing
   - Small defconfig updates to get autotesters working with X-gene
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT9j4lAAoJEC379FI+VC/ZjVAP/jxBpU5V8i4aUiVVbG4efcTL
 elpu74kPek4LgyI55YZPdxo6Hc5BX/STC06hq6s//vFwSNf0tS+12sOCMpjHkhfU
 oRkuQR4TDgTAo4BvrONHYbwSyQclWS+VhKXp4NwTTIwmA5Mg9jgRQCp+VHGTPzZC
 UK3nObqVVVZh6BHzjEIMfy25mkChULdm8A6IG8ciNSrHxKVNMTAJTE1eKE/92ccM
 cs18zlymRPl02amf/tUgTFxHBgRoFZcaFpM7Qge3AUZY95U70kpEiPGLQNfJ2UBH
 NfcWr9LkdMGXULYdfO98akn7boIFW7W+BuHASCfp+di4odcQDjYQvDAvg1NZ3OCi
 C3IyISYyxBjP9kgShXrIAeDtDP9vjy6aj/E/rhq3ByNSewdP+f9roVq1oapuNs9F
 lAerIiqC8+LMLBan0EOuyaj3MOEGUh26qOUaKY8HEmlDXDJD5ceGsB3dROAx2mtV
 FhU7kqp717ETCloxtmJuZUrIlL+e3SZznnT4aCduL3/S9Jd5wdBTCUdqEoGnwBy/
 rkSjaP9D4QbBP3vMPaK7ANv2aRpjo3U2AuBsqL7iSjdKjj+IqQfNn5qIsTFNfVup
 zOUcecVSdntZj19ejbUj7+TGxEV+9er+HPEtqKo7Pii6zl+Mf8HsqsScAq1FZbw/
 2r/W9FODi0gN4WgKnNb1
 =BqdY
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "This small set of fixes addresses a few issues introduced during the
  merge window, including:

   - fix typo in I-cache detection that was causing us to treat all
     I-caches as aliasing
   - hook up memfd_create and getrandom syscalls for native and compat
   - revert a temporary hack for defconfig builds in -next (the audit
     tree changes didn't make it in this merge window)
   - a couple of UEFI fixes for TEXT_OFFSET fuzzing and /memreserve/
   - a simple sparsemem fix for 48-bit physical addressing
   - small defconfig updates to get autotesters working with X-gene"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  Revert "arm64: Do not invoke audit_syscall_* functions if !CONFIG_AUDIT_SYSCALL"
  arm64: mm: update max pa bits to 48
  arm64: ignore DT memreserve entries when booting in UEFI mode
  arm64: configs: Enable X-Gene SATA and ethernet in defconfig
  arm64: align randomized TEXT_OFFSET on 4 kB boundary
  asm-generic: add memfd_create system call to unistd.h
  arm64: compat: wire up memfd_create and getrandom syscalls for aarch32
  arm64: fix typo in I-cache policy detection
2014-08-22 09:08:20 -07:00
Linus Torvalds
1ae45cf06c IOMMU Fixes for Linux v3.17-rc1
The fixes include:
 
 	* A patch to fix a crash in the VT-d driver when devices with a
 	  driver attached are hot-unplugged
 
 	* A patch for the AMD IOMMU driver to fix a crash with device
 	  assignment of 32 bit PCI devices to KVM guests
 
 	* Fix for a copy&paste error in generic IOMMU code. Now the
 	  right function pointer is checked before calling.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJT9mqKAAoJECvwRC2XARrjVyEQANuc6QDV9DcmXkd+3sXOtC/s
 VA5G8CCxqiDmit+p2/o9+Bq7vbIIWEI140AU4LMSubFoshTejKZn3ejpGkKK/+cB
 qAqyoJNnjiuyEcGpXLxlOwM57/6NFTU5GGT5FqKqTZ8o2jVZHLAqbVXwp0ywww9n
 3j0NQMAmwEmxIzuM29WBVC4ioD5AJYE8z4NOL36rR97cJ3BGA3uH7DbLKpibjOo7
 gz+wW6csRKPODfPhf/08tuR8tgxwo9F03EmJ6ZD1N0/Y3uSqf1FksWE+nDUoszgX
 L6iTkW+d3kDBbqRPaxyr35yPYFALMdvrMsrzqw8b6pcyYFND6XoSj30iGcJJ+8xf
 7jKYTKOfXCZjWNpGovps+dCgBmd4Aa1II8uRn+bVK+ZQuu7Wur5iFvZKAQ0qgjXn
 H86jjwOwBKihnljtdNquU6QjDsE/0wP1qnnkCubcRyYirZiWTEIAqdM/KMy/8298
 KEO7IBAwOw1k2B0kRiOJx762Mz2xsL8+o08AnJxOv6NZ1Jpbl976bUwQu26ILVzm
 FBicMCEFgWBxZ4n9utAZTYLsChMInqwnmQmhnlmN+L0gc5HZli+ACUmgQZx/k80L
 eG6qiUr1TlrEgEZn4IitxyZxPWeekJRb0JLAG0syDVO4EREHW9JGo0u7WRlruqU1
 I02opq+flSipokaWomoh
 =KWBo
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "The fixes include:

   - fix a crash in the VT-d driver when devices with a driver attached
     are hot-unplugged

   - fix a AMD IOMMU driver crash with device assignment of 32 bit PCI
     devices to KVM guests

   - fix for a copy&paste error in generic IOMMU code.  Now the right
     function pointer is checked before calling"

* tag 'iommu-fixes-v3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/core: Check for the right function pointer in iommu_map()
  iommu/amd: Fix cleanup_domain for mass device removal
  iommu/vt-d: Defer domain removal if device is assigned to a driver
2014-08-22 09:06:22 -07:00
Hariprasad Shenai
08f1a1b9d1 cxgb4: Free completed tx skbs promptly
Description of problem:
The NIC card is not reporting back to the driver the transmitted skbs,
so they get stuck in the TX ring causing issues with reference
counters in other kernel components.

Developed a new Automatic Egress Queue Update firmware facility to slowly tick
through Egress Queues and send back any outstanding CIDX Updates which are
laying around.

Based on original work by Casey Leedom <leedom@chelsio.com>

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 21:54:52 -07:00
David S. Miller
215a004c61 linux-can-fixes-for-3.17-20140821
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlP1svIACgkQjTAFq1RaXHPV6wCfWtoj6987iIwKYSuz9q8nUB03
 YtsAn0o3r44apjJT6uwEIfFR1M6NCuQK
 =5Bee
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-3.17-20140821' of git://gitorious.org/linux-can/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2014-08-21

The first patch is from Mirza Krak, it fixes the initialization of the hardware
in the sja1000 driver. The next patch is contributed by Dan Carpenter, it fixes
the error handling in the c_can's probe function. Then there are two patches
for the flexcan driver, one by Alexander Stein, which fixes the resetting of
the bus error interrupt mask, the other one by Sebastian Andrzej Siewior which
adds an additional error state transition message.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 21:53:15 -07:00
Anish Bhatt
29aaee65bc cxgb4: Fix race condition in cleanup
There is a possible race condition when we unregister the PCI Driver and then
flush/destroy the global "workq". This could lead to situations where there
are tasks on the Work Queue with references to now deleted adapter data
structures. Instead, have per-adapter Work Queues which were instantiated and
torn down in init_one() and remove_one(), respectively.

v2: Remove unnecessary call to flush_workqueue() before destroy_workqueue()

Signed-off-by: Anish Bhatt <anish@chelsio.com>
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 21:45:36 -07:00
zhuyj
061079ac0b sctp: not send SCTP_PEER_ADDR_CHANGE notifications with failed probe
Since the transport has always been in state SCTP_UNCONFIRMED, it
therefore wasn't active before and hasn't been used before, and it
always has been, so it is unnecessary to bug the user with a
notification.

Reported-by: Deepak Khandelwal <khandelwal.deepak.1987@gmail.com>
Suggested-by: Vlad Yasevich <vyasevich@gmail.com>
Suggested-by: Michael Tuexen <tuexen@fh-muenster.de>
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Zhu Yanjun <Yanjun.Zhu@windriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 21:33:17 -07:00
Yuval Mintz
7c3afd85dc bnx2x: Revert UNDI flushing mechanism
Commit 91ebb929b6 ("bnx2x: Add support for Multi-Function UNDI") [which was
later supposedly fixed by de682941ee ("bnx2x: Fix UNDI driver unload")]
introduced a bug in which in some [yet-to-be-determined] scenarios the
alternative flushing mechanism which was to guarantee the Rx buffers are
empty before resetting them during device probe will fail.
If this happens, when device will be loaded once more a fatal attention will
occur; Since this most likely happens in boot from SAN scenarios, the machine
will fail to load.

Notice this may occur not only in the 'Multi-Function' scenario but in the
regular scenario as well, i.e., this introduced a regression in the driver's
ability to perform boot from SAN.

The patch reverts the mechanism and applies the old scheme to multi-function
devices as well as to single-function devices.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:54:43 -07:00
David S. Miller
9a6d33c307 Merge branch 'qlcnic'
Shahed Shaikh says:

====================
qlcnic: Bug fixes

This series fixes some bugs related to endianess.

Please apply this series to net.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:43:20 -07:00
Shahed Shaikh
3d8623e600 qlcnic: Fix endianess issue in firmware load from file operation
Firmware binary file is in little endian. On big-endian architecture, while
writing this binary FW file to adapters memory, writel() swaps the data resulting into
corruption of FW image. So, swap the data before writing into adapters memory.

Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:43:15 -07:00
Rajesh Borundia
d874df58ff qlcnic: Fix endianess issue in FW dump template header
Firmware dump template header is read from adapter using
readl() which swaps the data. So, adjust structure
element on the boundary of 32bit dword.

Signed-off-by: Rajesh Borundia <rajesh.borundia@qlogic.com>
Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:43:15 -07:00
Jitendra Kalsaria
26acc71252 qlcnic: Fix flash access interface to application
Application expects flash data in little endian, but driver reads/writes
flash data using readl()/writel() APIs which swaps data on big endian machine.
So, swap the data after reading from and before writing to flash memory.

Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com>
Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:43:15 -07:00
Alan Ott
d715569112 MAINTAINERS: Add section for MRF24J40 IEEE 802.15.4 radio driver
Alan is the original author of the driver. This change was discussed
with the 802.15.4 subsystem maintainer, Alexander Aring.

Signed-off-by: Alan Ott <alan@signal11.us>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 17:36:50 -07:00
Vlad Yasevich
8a50f11c3b macvlan: Allow setting multicast filter on all macvlan types
Currently, macvlan code restricts multicast and unicast
filter setting only to passthru devices.  As a result,
if a guest using macvtap wants to receive multicast
traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.

This patch makes it possible to use the fdb interface
to add multicast addresses to the filter thus allowing
a guest to receive only targeted multicast traffic.

CC: John Fastabend <john.r.fastabend@intel.com>
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 16:54:25 -07:00
Eric Dumazet
dc808110bb packet: handle too big packets for PACKET_V3
af_packet can currently overwrite kernel memory by out of bound
accesses, because it assumed a [new] block can always hold one frame.

This is not generally the case, even if most existing tools do it right.

This patch clamps too long frames as API permits, and issue a one time
error on syslog.

[  394.357639] tpacket_rcv: packet too big, clamped from 5042 to 3966. macoff=82

In this example, packet header tp_snaplen was set to 3966,
and tp_len was set to 5042 (skb->len)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: f6fb8f100b ("af-packet: TPACKET_V3 flexible buffer implementation.")
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 16:44:28 -07:00
Dariusz Marcinkiewicz
564ee3606f MAINTAINERS: add entry for ec_bhf driver
Added entry for ec_bhf driver.

Signed-off-by: Dariusz Marcinkiewicz <reksio@newterm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 16:39:34 -07:00
chas williams - CONTRACTOR
6df378d2d1 lec: Use rtnl lock/unlock when updating MTU
The LECS response contains the MTU that should be used.  Correctly
synchronize with other layers when updating.

Signed-off-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-21 16:31:23 -07:00
Linus Torvalds
5317821c08 Merge branch 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
 "Nothing drastic but pushing out early due to build breakage in the new
  tegra platform.

  Additionally:

   - M550 tagged trim blacklist pattern is widened so that it matches
     the new 1TB model

   - three controller specific fixes"

* 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  libata: widen Crucial M550 blacklist matching
  pata_scc: propagate return value of scc_wait_after_reset
  ata: ahci_tegra: Change include to fix compilation
  pata_samsung_cf: change ret type to signed
  ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host Controller driver.
2014-08-21 14:26:27 -07:00
Linus Torvalds
cee5aa1f81 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:

 - fixes for a couple potential memory corruption problems (the HW would
   have to be manufactured to be deliberately evil to trigger those)
   found by Ben Hawkes
 - fix for potential infinite loop when using sysfs interface of
   logitech driver, from Simon Wood
 - a couple more simple driver fixes

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: fix a couple of off-by-ones
  HID: logitech: perform bounds checking on device_id early enough
  HID: logitech: fix bounds checking on LED report size
  HID: logitech: Prevent possibility of infinite loop when using /sys interface
  HID: rmi: print an error if F11 is not found instead of stopping the device
  HID: hid-sensor-hub: use devm_ functions consistently
  HID: huion: Use allocated buffer for DMA
  HID: huion: Fail on parameter retrieval errors
2014-08-21 14:25:20 -07:00
Linus Torvalds
e9d99a1dec sound fixes for 3.17-rc2
A bunch of ASoC fixes with a few HD-audio fixes in this pull request.
 All fairly small, boring and device-specific fixes, in addition to
 MAINTAINERS update for better reviewing.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJT9b8uAAoJEGwxgFQ9KSmkOZUP/RmB+4/vscB3z+exCFldIG3R
 gHOn4ER/JRWoObVVST3VabU5T5v88/gC2/12uYHFJQdDIwaMQytdVMDzhi6v8Uyf
 MFh24DcHQ7dRsedCCrUeoy2DZ42G+HhPH+SRGinkFUZ0RJjnCgqvyYw1p6KZD29K
 AuB07FbgmThqRVyoZoMh3K7zm8d/ZeZU59SkyGi2U8dhCfgZyrsYZ1jHd/fGuwq4
 XgJIJvHWZoniFnnxoVW/r9wutbF5JSf/FbwRI7ptZT0Rj/u+PcgDPmrhYPINFkt2
 IrIt/ZnGadKZuiK9p+aSSIUPWluVjyChCwskkWfKtg+5N4FOFed48HjZNw5TVsdc
 deJjao7dtyqxugMcA2E6VkWqTprFRhRbauT0WU7KX54HBrnng3792YGLJqqqggCE
 bAP5crrT1wMjk7qXPLouk0TvcXbSkCYQ53Ip+QITGNkLUiN0tj8cgbsfPjDU4GvH
 T9tz0I5thLkKp4xP3xSEphQdaLdmG0zGiBcoOH/6jByUxvQdiQimo7a1YEuxtFN2
 sIGbrpM8k9ypfJaOpqoh6FtHRL9Y41W1guY4TqUm+QZbLw9KQn1QRe9HQF5M6kU+
 vsIoVR8UGTudaLG/AIg+YFEbSsTcTlCNHw1iXYxmqj5pP5J+N0N/aNIFYeObWkcO
 8O9/WAwBUdH0cVdXoWze
 =x5gm
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A bunch of ASoC fixes with a few HD-audio fixes in this pull request.

  All fairly small, boring and device-specific fixes, in addition to
  MAINTAINERS update for better reviewing"

* tag 'sound-3.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec
  ALSA: hda/hdmi - set depop_delay for haswell plus
  ALSA: hda - restore the gpio led after resume
  ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
  ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
  ASoC: fsl-esai: Revert .xlate_tdm_slot_mask() support
  ASoC: mcasp: Fix implicit BLCK divider setting
  ASoC: arizona: Fix TDM slot length handling in arizona_hw_params
  ASoC: pcm512x: Correct Digital Playback control names
  ASoC: dapm: Fix uninitialized variable in snd_soc_dapm_get_enum_double()
  ASoC: Intel: Restore Baytrail ADSP streams only when ADSP was in reset
  ASoC: Intel: Wait Baytrail ADSP boot at resume_early stage
  ASoC: Intel: Merge Baytrail ADSP suspend_noirq into suspend_late
  MAINTAINERS: Add i.MX maintainers and paths to Freescale ASoC entry
  ASoC: Intel: Update Baytrail ADSP firmware name
2014-08-21 14:24:40 -07:00
Linus Torvalds
29fdd5ba62 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
 "Here is the fixup for the 'lowlight' of my last pull request.  I2C is
  not selected anymore by I2C_ACPI.  Instead, the code in question now
  depends on I2C=y.

  Also, Mika has agreed to support me and be the maintainer for I2C-ACPI
  related patches.  Finally, a new-ID-patch came along last week"

* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  MAINTAINERS: add maintainer for ACPI parts of I2C
  i2c: i801: Add PCI ID for Intel Braswell
  i2c: rework kernel config I2C_ACPI
2014-08-21 14:07:44 -07:00
Linus Torvalds
d1433d55c7 Add memfd_create syscall to ia64
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT8j/FAAoJEKurIx+X31iBt9wP/Ro7VFSF2MD23ahFY/CEl+1t
 iJGNr3/1x+UcfYy6MK3L9xPJoSIu42aSDP00oExE45ThQZsdHD+gx0mwoW3GSoPk
 jWmXAbJLzXwRljAGvlu2ppecLxauPX3Lh14iCbRR2CdtQhCTSrsSwIuG/+iikv5X
 BAb14ovIjqhNDeZDIcUr1Mc9lAanDjIcvxbnV94el27LJ48sWgjSPCx00JQk3lo5
 +U1EJ9Ae66ARbtSOqfnv4MClT41iVwAWKtmraGS+f85/CKpWmKyTrEyMyqdO8fyO
 aJn6tS8d43rT/9CqVxKeDXk/Ltmthlj+aJKz5LEalamE7auWAp+egE8fBH7xdag5
 RJqr0oUyrPGSRr/KM+O0sfHTXBTC8UX5O83xuBD3ch9TEgL3LQ9J7ng3blMeaer1
 FnnAUwjoQo61fmsc0M8IJHo6OvOfMx9ekzU3uZr0eVlg6GUC/OBYh44v+zeYI+/t
 Z/m6H4ChOsL4+Ftsyb8ZvMswCD9UW1nQpqAlDhN9HevXgTgZDIERkAInallruy6P
 Cwve0eIDtJp9cIxp+nx6V8rw4Vl1Gdf43vQJzSmsbZP/qpOYW1a9f8wNBQ/Stz3P
 Od+8j+DYbS4fOZYPQ6lGXSKnSOfBBUMhwBTg6X1Y+Qyxd71er+Sm1fkcsg97cXQk
 wQua5ovu3mgCkPHW2ApM
 =/GJm
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-memfd_create' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 update from Tony Luck:
 "Add memfd_create syscall to ia64"

* tag 'please-pull-memfd_create' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Wire up memfd_create() system call
2014-08-21 14:06:56 -07:00
Linus Torvalds
f8d08a1bb4 Microblaze patches for 3.17-rc2
- Wire-up seccomp/getrandom/memfd_create syscalls
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iEYEABECAAYFAlP1rDwACgkQykllyylKDCG+8gCfQPCI3+UBtiLrhY0RLSqZiUs1
 De4An2BtpNkS96vtBZBNJzR1cmbP6Vtb
 =BC1f
 -----END PGP SIGNATURE-----

Merge tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblaze

Pull microblaze update from Michal Simek:
 "Wire-up seccomp/getrandom/memfd_create syscalls"

* tag 'microblaze-3.17-rc2' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Wire-up memfd_create syscall
  microblaze: Wire-up getrandom syscall
  microblaze: Wire-up seccomp syscall
2014-08-21 14:06:18 -07:00
Jiri Kosina
4ab25786c8 HID: fix a couple of off-by-ones
There are a few very theoretical off-by-one bugs in report descriptor size
checking when performing a pre-parsing fixup. Fix those.

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:43:28 -05:00
Jiri Kosina
ad3e14d7c5 HID: logitech: perform bounds checking on device_id early enough
device_index is a char type and the size of paired_dj_deivces is 7
elements, therefore proper bounds checking has to be applied to
device_index before it is used.

We are currently performing the bounds checking in
logi_dj_recv_add_djhid_device(), which is too late, as malicious device
could send REPORT_TYPE_NOTIF_DEVICE_UNPAIRED early enough and trigger the
problem in one of the report forwarding functions called from
logi_dj_raw_event().

Fix this by performing the check at the earliest possible ocasion in
logi_dj_raw_event().

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:43:06 -05:00
Jiri Kosina
51217e6969 HID: logitech: fix bounds checking on LED report size
The check on report size for REPORT_TYPE_LEDS in logi_dj_ll_raw_request()
is wrong; the current check doesn't make any sense -- the report allocated
by HID core in hid_hw_raw_request() can be much larger than
DJREPORT_SHORT_LENGTH, and currently logi_dj_ll_raw_request() doesn't
handle this properly at all.

Fix the check by actually trimming down the report size properly if it is
too large.

Cc: stable@vger.kernel.org
Reported-by: Ben Hawkes <hawkes@google.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-08-21 10:38:13 -05:00
Sebastian Andrzej Siewior
8ce261d0bb can: flexcan: handle state passive -> warning transition
Once the CAN-bus is open and a packet is sent, the controller switches
into the PASSIVE state. Once the BUS is closed again it goes the back
err-warning. The TX error counter goes 0 -> 0x80 -> 0x7f.
This patch makes sure that the user learns about this state chang
(CAN_STATE_ERROR_WARNING => CAN_STATE_ERROR_PASSIVE)

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Matthias Klein <matthias.klein@optimeas.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2014-08-21 10:50:00 +02:00
Alexander Stein
bc03a54139 can: flexcan: Disable error interrupt when bus error reporting is disabled
In case we don't have FLEXCAN_HAS_BROKEN_ERR_STATE and the user set
CAN_CTRLMODE_BERR_REPORTING once it can not be unset again until reboot.
So in case neither hardware nor user wants the error interrupt disable
the bit.

Signed-off-by: Alexander Stein <alexander.stein@systec-electronic.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2014-08-21 10:49:59 +02:00
Dan Carpenter
37b75a3aa8 can: c_can: checking IS_ERR() instead of NULL
devm_ioremap() returns NULL on error, not an ERR_PTR().

Fixes: 33cf756569 ('can: c_can_platform: Fix raminit, use devm_ioremap() instead of devm_ioremap_resource()')

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-stable <stable@vger.kernel.org> # >= v3.11
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2014-08-21 10:49:59 +02:00
Mirza Krak
9e37bc6c63 can: sja1000: Validate initialization state in start method
When sja1000 is not compiled as module the SJA1000 chip is only
initialized during device registration on kernel boot. Should the chip
get a hardware reset there is no way to reinitialize it without re-
booting the Linux kernel.

This patch adds a check in sja1000_start if the chip is initialized, if
not we initialize it.

Signed-off-by: Mirza Krak <mirza.krak@hostmobility.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2014-08-21 10:49:34 +02:00
Michal Simek
83c43c498a microblaze: Wire-up memfd_create syscall
Add new memfd_create syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:19:28 +02:00
Michal Simek
53133453a9 microblaze: Wire-up getrandom syscall
Add new getrandom syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:07:05 +02:00
Michal Simek
b760949144 microblaze: Wire-up seccomp syscall
Add new seccomp syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-08-21 10:07:04 +02:00
Linus Torvalds
372b1dbdd1 Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
 "Most important fixes in this set include three SMB3 fixes for stable
  (including fix for possible kernel oops), and a workaround to allow
  writes to Mac servers (only cifs dialect, not more current SMB2.1,
  worked to Mac servers).  Also fallocate support added, and lease fix
  from Jeff"

* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
  [SMB3] Enable fallocate -z support for SMB3 mounts
  enable fallocate punch hole ("fallocate -p") for SMB3
  Incorrect error returned on setting file compressed on SMB2
  CIFS: Fix wrong directory attributes after rename
  CIFS: Fix SMB2 readdir error handling
  [CIFS] Possible null ptr deref in SMB2_tcon
  [CIFS] Workaround MacOS server problem with SMB2.1 write  response
  cifs: handle lease F_UNLCK requests properly
  Cleanup sparse file support by creating worker function for it
  Add sparse file support to SMB2/SMB3 mounts
  Add missing definitions for CIFS File System Attributes
  cifs: remove unused function cifs_oplock_break_wait
2014-08-20 18:33:21 -05:00
Linus Torvalds
92075f9f64 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull filesystem fixes from Jan Kara:
 "udf, isofs, and ext3 bug fixes"

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  ext3: Count internal journal as bsddf overhead in ext3_statfs
  isofs: Fix unbounded recursion when processing relocated directories
  udf: avoid unneeded up_write when fail to add entry in ->symlink
2014-08-20 18:32:16 -05:00
Linus Torvalds
3951ad2e05 Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver revert from Matthew Garrett:
 "This clearly shouldn't have been merged.  No excuse on my part"

* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
  Revert "platform/x86/toshiba-apci.c possible bad if test?"
2014-08-20 18:23:06 -05:00
Linus Torvalds
e9de42d8ee Reverting a 3.16 patch, fixing two bugs in device assignment
(one has a CVE), and fixing some problems introduced during the merge window
 (the CMA bug came in via Andrew, the x86 ones via yours truly).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJT9IfLAAoJEBvWZb6bTYbyAG8P/2GLPast76I9Pc269UNACV0f
 vNgJfSAH97PrEQtVzCurqb0RKHMKcZ5XyYmKh5TvzlbWYXnqJuJr5TrIh0gsuxn9
 DaBKVgeXBTd43OCRXJKw6SgkKlnf+yfQeASLRwjQgVCqsvNR/rKksEPjAhVqQJIJ
 PlRYKeBc7SA8bPUG64GDtF3yP9e/KG5ItGudj4eUADtadPmyldJbTWl0zLwY7jvJ
 /qcSxRgwqUsIS0c8xE5rlByxuWQ43RF+MfohNttNUjXD/dhvJo07NpkPUS6TsqHf
 x1VyWPuIY1zB/WghKutI8oZxS14iUs1l0LL9egS7fc4sYQqQ7+HHLaJnEMloTXqF
 GYfwmnyz53ocR1M4dgCPyBi0uxM3ydRzbSnsToR2kzVdS3WKu5O8GfjkE2zooEaA
 OP77OsSxtl5mLD68ZtubmLt8ttYCiWOEIOzviUSoJjPv0gUE07oAjecp7C8nKDCP
 lUxM2JZ01SLSzRf3uSlrNfRpeyMWVmYhyiG3lqLmph9FfP7p4donbIdh/QA0W7Nj
 E2GEEv3lCUZp7+TnOydsiWNVwv026dDanh5QLSuCvfCqf+xhNMJbrRzlbUpfGAsm
 89XasETdOnAqIO9VOOBLAKE2wrMEx+9vT2G0Dv3e+3IedGwLuM7/53X4zXUIB8ys
 L9C7kZwci9+X3qIExWJI
 =lhLd
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Reverting a 3.16 patch, fixing two bugs in device assignment (one has
  a CVE), and fixing some problems introduced during the merge window
  (the CMA bug came in via Andrew, the x86 ones via yours truly)"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
  Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
  KVM: x86: do not check CS.DPL against RPL during task switch
  KVM: x86: Avoid emulating instructions on #UD mistakenly
  PC, KVM, CMA: Fix regression caused by wrong get_order() use
  kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
2014-08-20 18:22:10 -05:00
Linus Torvalds
be816bc491 SCSI fixes on 20140819
These are the two bug fixes I mentioned in the final merge window pull.  One
 is a reversed logic check in the device busy tests which can cause a nasty
 hang and another crash seen in the new SCSI pool support if the use count ever
 goes to zero.
 
 Signed-off-by: James Bottomley <JBottomley@Parallels.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJT85zGAAoJEDeqqVYsXL0Mnw4IAJ7BP+4nUlP7Oib8JfPu4Df2
 b6dv3YEGe6th4awrHqUnATusjQLIybk/rgRKb6P50o1iX2VI+rs1mAm9esw9NalS
 8aKzDMAv9pTRsRvAhe3AnIVGGCYAekV4AZWmsXQPCKqcsQZSZKAnIerLBf0lBemR
 X3+1VhYtbB9z4o0Gpv4E5mR/7CqIouDpe5QGRKRY2+/Yyp2El6Vzwqr9XMLyOvmY
 Y9WaIhM1UzABl+NAlDhMnA0Yw27UHJfWY6UWZ3Wa73DQCWsdZ6eydal4g8YNA5pB
 +6UjMQKWh/bXHZl8v+eCuuXODXZQGazKOFFoc6SGumxAcuLraCBFsuU5m4AQ0NA=
 =v+g2
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "These are the two bug fixes I mentioned in the final merge window
  pull.  One is a reversed logic check in the device busy tests which
  can cause a nasty hang and another crash seen in the new SCSI pool
  support if the use count ever goes to zero"

[ The device busy test already got merged from a patch earlier, so is
  now duplicated.  ]

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  [SCSI] save command pool address of Scsi_Host
  [SCSI] fix qemu boot hang problem
2014-08-20 18:20:50 -05:00
Matthew Garrett
8039aabb6c Revert "platform/x86/toshiba-apci.c possible bad if test?"
This reverts commit bdc3ae7221.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2014-08-20 08:18:18 -07:00
Chin-Tsung Cheng
e6d8fb340f ext3: Count internal journal as bsddf overhead in ext3_statfs
The journal blocks of external journal device should not
be counted as overhead.

Signed-off-by: Chin-Tsung Cheng <chintzung@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19 23:16:51 +02:00
Will Deacon
44b375070f Revert "arm64: Do not invoke audit_syscall_* functions if !CONFIG_AUDIT_SYSCALL"
For some reason, the audit patches didn't make it out of -next this
merge window, so revert our temporary hack and let the audit guys deal
with fixing up -next.

This reverts commit 2a8f45b040.

Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-08-19 22:05:45 +01:00
Ganapatrao Kulkarni
07a15dd55a arm64: mm: update max pa bits to 48
Now that we support 48-bit physical addressing, update MAX_PHYSMEM_BITS
accordingly.

Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ganapatrao Kulkarni <ganapatrao.kulkarni@caviumnetworks.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-08-19 20:23:02 +01:00
Leif Lindholm
86c8b27a01 arm64: ignore DT memreserve entries when booting in UEFI mode
UEFI provides its own method for marking regions to reserve, via the
memory map which is also used to initialise memblock. So when using the
UEFI memory map, ignore any memreserve entries present in the DT.

Reported-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-08-19 20:22:03 +01:00
Mark Brown
49d947face arm64: configs: Enable X-Gene SATA and ethernet in defconfig
Currently when run on an APM platform the ARMv8 defconfig has no viable
options for rootfs other than ramdisk which is rather limiting. Since
we already have both SATA and the bits needed for NFS root enabled we just
need to enable the relevant drivers so do that, helping enable direct
testing of upstream.

If the configuration ends up becoming too big we can consider modularising
some of the drivers and asking people to use an initramfs but for now this
is not an issue.

Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-08-19 19:26:09 +01:00
Ard Biesheuvel
4190312beb arm64: align randomized TEXT_OFFSET on 4 kB boundary
When booting via UEFI, the kernel Image is loaded at a 4 kB boundary and
the embedded EFI stub is executed in place. The EFI stub relocates the
Image to reside TEXT_OFFSET bytes above a 2 MB boundary, and jumps into
the kernel proper.

In AArch64, PC relative symbol references are emitted using adrp/add or
adrp/ldr pairs, where the offset into a 4 kB page is resolved using a
separate :lo12: relocation. This implicitly assumes that the code will
always be executed at the same relative offset with respect to a 4 kB
boundary, or the references will point to the wrong address.

This means we should link the kernel at a 4 kB aligned base address in
order to remain compatible with the base address the UEFI loader uses
when doing the initial load of Image. So update the code that generates
TEXT_OFFSET to choose a multiple of 4 kB.

At the same time, update the code so it chooses from the interval [0..2MB)
as the author originally intended.

Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-08-19 19:26:09 +01:00
David S. Miller
02784f1b05 tipc: Fix build.
Missing semicolon in range check fix.

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-19 11:16:38 -07:00
David S. Miller
d3b6f9ffca Merge branch 'cbq-fixes'
Vasily Averin says:

====================
cbq: incorrectly low bandwidth blocks limited traffic

v2: patch description changes
Fixes: f0f6ee1f70 ("cbq: incorrect processing of high limits")

Mainstream commit f0f6ee1f70 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.

This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.

Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.

More detailed problem description can be found here:
http://www.spinics.net/lists/netdev/msg292493.html

Following patches should fix the problem.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-19 10:59:12 -07:00
Vasily Averin
7201c1ddf7 cbq: now_rt removal
Now q->now_rt is identical to q->now and is not required anymore.

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-19 10:58:44 -07:00
Vasily Averin
73d0f37ac4 cbq: incorrectly low bandwidth setting blocks limited traffic
Mainstream commit f0f6ee1f70 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.

This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.

Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.

To fix the problem the patch updates q->now on each cbq_update() call.
L2T-related pre-modification q->now was moved to cbq_update().

My testing confirmed that it fixes the problem and did not discover
any side-effects

Fixes: f0f6ee1f70 ("cbq: incorrect processing of high limits")

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-08-19 10:58:44 -07:00
Guenter Roeck
480cadc2b7 scsi: Fix qemu boot hang problem
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.

brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3

Bisect points to commit 71e75c97f9 ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.

out_delay:
-       if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+       if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
		blk_delay_queue(q, SCSI_QUEUE_DELAY);
	}

'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Acked-by: Jens Axboe <axboe@fb.com>
Reviewed-by: Venkatesh Srinivas <venkateshs@google.com>
Reviewed-by: Webb Scales <webbnh@hp.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-19 12:42:26 -05:00
Jan Kara
410dd3cf4c isofs: Fix unbounded recursion when processing relocated directories
We did not check relocated directory in any way when processing Rock
Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
entry pointing to another CL entry leading to possibly unbounded
recursion in kernel code and thus stack overflow or deadlocks (if there
is a loop created from CL entries).

Fix the problem by not allowing CL entry to point to a directory entry
with CL entry (such use makes no good sense anyway) and by checking
whether CL entry doesn't point to itself.

CC: stable@vger.kernel.org
Reported-by: Chris Evans <cevans@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2014-08-19 18:29:30 +02:00