This patch fixes a NULL pointer dereference in the event of an
skb allocation failure in arp_reduce().
Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
Acked-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan says:
====================
cnic bug fixes for net-next
Michael Chan (3):
cnic: Use proper ulp_ops for per device operations.
cnic,bnx2i,bnx2fc: Fix inconsistent use of page size
cnic: Update version to 2.5.20 and copyright year.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The bnx2/bnx2x rings are made up of linked pages. However there is an
upper limit on the page size as some the page size settings are 16-bit
in the hardware/firmware interface. In the current code, some parts
use BNX2_PAGE_SIZE which has a 16K upper limit and some parts use
PAGE_SIZE. On archs with >= 64K PAGE_SIZE, it generates some compile
warnings. Define a new CNIC_PAGE_SZIE which has an upper limit of
16K and use it consistently in all relevant parts.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: Eddie Wai <eddie.wai@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
For per device operations, cnic needs to dereference the RCU protected
cp->ulp_ops instead of the global cnic_ulp_tbl. In 2 locations,
cnic_send_nlmsg() and cnic_copy_ulp_stats(), it was referencing the
global table. If the device has been unregistered and these functions
are still being called (very unlikely scenarios), it could lead to NULL
pointer dereference.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The mask bits values were wrong for the SOC_VALUE_ENUM_SINGLE for the PCM/ADC Swap controls
Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Brian Austin <brian.austin@cirrus.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
The mask bits values were wrong for the SOC_VALUE_ENUM_SINGLE for the mono mix controls.
Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Brian Austin <brian.austin@cirrus.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: stable@vger.kernel.org
This is a context modified revert of commit 6a9612e2cb
("net: cdc_ncm: remove ncm_parm field") which introduced
a NCM specification violation, causing setup errors for
some devices. These errors resulted in the device and
host disagreeing about shared settings, with complete
failure to communicate as the end result.
The NCM specification require that many of the NCM specific
control reuests are sent only while the NCM Data Interface
is in alternate setting 0. Reverting the commit ensures that
we follow this requirement.
Fixes: 6a9612e2cb ("net: cdc_ncm: remove ncm_parm field")
Reported-and-tested-by: Pasi Kärkkäinen <pasik@iki.fi>
Reported-by: Thomas Schäfer <tschaefer@t-online.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
In ip6_append_data_mtu(), when the xfrm mode is not tunnel(such as
transport),the ipsec header need to be added in the first fragment, so the mtu
will decrease to reserve space for it, then the second fragment come, the mtu
should be turn back, as the commit 0c1833797a
said. however, in the commit a493e60ac4bbe2e977e7129d6d8cbb0dd236be, it use
*mtu = min(*mtu, ...) to change the mtu, which lead to the new mtu is alway
equal with the first fragment's. and cannot turn back.
when I test through ping6 -c1 -s5000 $ip (mtu=1280):
...frag (0|1232) ESP(spi=0x00002000,seq=0xb), length 1232
...frag (1232|1216)
...frag (2448|1216)
...frag (3664|1216)
...frag (4880|164)
which should be:
...frag (0|1232) ESP(spi=0x00001000,seq=0x1), length 1232
...frag (1232|1232)
...frag (2464|1232)
...frag (3696|1232)
...frag (4928|116)
so delete the min() when change back the mtu.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Fixes: 75a493e60a ("ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size")
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Kconfig symbol ISDN_CAPI_MIDDLEWARE is only used in capi.c. Setting
it without setting ISDN_CAPI_CAPI20 is therefor useless. Make it depend
on ISDN_CAPI_CAPI20 and put its entry after ISDN_CAPI_CAPI20's entry.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Armada 370 DB board not only has analog audio input/output, but
also S/PDIF input/output. This commit adds support for S/PDIF in the
ASoC machine driver of the Armada 370 DB platform, and adjusts the
Device Tree bindings documentation accordingly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTItl6AAoJEBvWZb6bTYby/EMP/A+/l9rU9oji5nns2ei2YVf7
kmnpshb2rgDP6gTtPet3qPKcSUNq4bG7zPEZ04FG5H70PduDYBWchfT/jTZKxcBB
rZgtrsMAzGjoxvtsQAc1yQiMtlkG28HD3yn0TC7BvazTQlZnzHVZTmiCZc9r0Qo7
SjLslo00ITbhRVwkLi1cuSeuaNcim1WDgxeUFhpRd48HoywtkzGLGuU8dWmakwb0
IDoo6X9srNlmZgrRdMaBS3agQtt1GoOE2T/KaJbnJ6lmnkGzBVKrw8kIZamQlwnK
GnmJAM//1zu4eoWJquNuc9wqsZK2t0e68LXAL9HLeMQGyl1YBh5hTiInTUnXiCAI
D/r/rkF2lqPgKotDBY/Q1l0bHABR53MOwa5ooZANLatnTwTv4gSpM8L1CAnekGhq
dxqVYqeJr1+ZemhalO1pbi/V9CfpJHBBye9JDan8rJmkj25kCH7PF3BxLYgKckQs
OtfZyOqpsZSCvpzFQa70VmWTGDqOxk686/R9ql88sdGbgyzZOHxHCeMIoAgCah6c
o5s1CktKKLOmC2M6NNn1z44V1/LmmC2fgKuaSjI/y7rjgGwRoGrAV1giVMdnTc5y
hGo4fD83/zHJnkafVdBQbmkKP69bC65a0w4iLXSxOKkPtHCI3c2IrZpovAC42aTp
iREImat0+YzW4hDRI+qa
=uZp5
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull another kvm fix from Paolo Bonzini:
"A fix for a PowerPC bug that was introduced during the 3.14 merge
window"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: PPC: Book3S HV: Fix register usage when loading/saving VRSAVE
KVM: PPC: Book3S HV: Remove bogus duplicate code
Steffen Klassert says:
====================
1) Fix a sleep in atomic when pfkey_sadb2xfrm_user_sec_ctx()
is called from pfkey_compile_policy().
Fix from Nikolay Aleksandrov.
2) security_xfrm_policy_alloc() can be called in process and atomic
context. Add an argument to let the callers choose the appropriate
way. Fix from Nikolay Aleksandrov.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
With CODEC to CODEC links rtd->codec does not necessarily point to the driver's
CODEC. CODEC drivers should always use dai->codec and never even look at the PCM
runtime.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Acked-by: Jyri Sarha <jsarha@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
The kfree call is not necessary, but we need to call snd_soc_unregister_codec()
in remove().
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Jyri Sarha <jsarha@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
The code introduced in commit 1f91ecc14d ("ALSA: oxygen: modify
adjust_dg_dac_routing function") accidentally disregarded the old value
of the playback routing register, so it broke the "Stereo Upmixing"
mixer control.
The unmuted parts of the channel routing are the same for all settings
of the output destination, so it suffices to revert that part of the
patch.
Fixes: 1f91ecc14d ('ALSA: oxygen: modify adjust_dg_dac_routing function')
Tested-by: Roman Volkov <v1ron@mail.ru>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
. Make 'perf bench mem' (i.e. no args) mean 'run all tests' so that we can run
all tests, not stopping at the numa ones. (Arnaldo Carvalho de Melo)
. Fix NULL pointer dereference after last test in in "perf bench all" (Patrick Palka)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTIzp1AAoJENZQFvNTUqpAYo8P/0Wx6kEI6OhTWQYHYh7OTSjs
StTwVr9v8q1IVoGsWQF0ehqVP1KErBPWAlwp6EzvKJt4XIDe8JfGWqoAo3fbSRUz
j8I7fCqvZC12Befgq035EILCTuaR6OWTOPdwkGr28QSTA5Cfni8LeziizlVPQEt6
52OR1A4vmOZ9ZLA0YXlbjQH70+HdGff86iDkBVQHL+koYjg1itAEY0p//qkLqSMk
v8pjyzdq6mMdpemiqE2caUp/tVUuJhAHTQ8tyaVmETPzNE6uDsk/De9lqvPULAa+
PYhrafFyFUdL5Ee9hJMpFoehYofg8mr5JKTh7SVX/S0EWKzo8Fry+A0BHaZgchlj
0ibey6l85N6dBp9/Ye78In4Tc1BcqG4i9QouMHawFqdMdhA3WdkMLjl9LVu3PY1C
qdFQkTyIC7LYqefSS+hx7WmXugxrrwXTLy6UTX/hzjufaUuu5br9+jr6qYiQsS6G
Exa1tSetfig9+d3VUfAKF6HTxLa4htbNS50XKrEj+ixnhP19XJ8yjbtOiYxMJxkg
OekJ7wv2cFImQp6vzMqG+8ge4olBLATHsM60L6UoIgdwWl2qy83ePx7Fuaif7tQX
tqUtaIxLmqLi/pyl6rreKop4y2fQT/HK0OMab5oUcSqiNvJorb3ujpVISY9YsNY2
/U0Vr9lvU13mH7hdU21x
=9uCB
-----END PGP SIGNATURE-----
Merge tag 'perf-urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent
Pull two 'perf bench' fixes from Arnaldo:
* Make 'perf bench mem' (i.e. no args) mean 'run all tests' so that we can run
all tests, not stopping at the numa ones. (Arnaldo Carvalho de Melo)
* Fix NULL pointer dereference after last test in in "perf bench all" (Patrick Palka)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
If CONFIG_TRANSPARENT_HUGEPAGE is enabled, but CONFIG_HUGETLB_PAGE is not,
it is possible to end up with a configuration that fails to build with the
following error:
include/linux/huge_mm.h:125:2: error: #error "hugepages can't be allocated by the buddy allocator"
This is due to CONFIG_FORCE_MAX_ZONEORDER defaulting to 11. It already has
ranges that change the valid values when HUGETLB_PAGE is enabled, but this
is not done for TRANSPARENT_HUGEPAGE. Fix by changing the HUGETLB_PAGE
dependencies to MIPS_HUGE_TLB_SUPPORT, which includes both
TRANSPARENT_HUGEPAGE and HUGETLB_PAGE.
Signed-off-by: Alex Smith <alex.smith@imgtec.com>
Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/6391/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This regression has been introduced in
commit b3f2333de8
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Wed Dec 11 11:34:31 2013 +0100
drm: restrict the device list for shadow attached drivers
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Two 3.14 specific fixes, two cc: stable.
* tag 'drm-intel-fixes-2014-03-17' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Don't enable display error interrupts from the start
drm/i915: Fix scanline counter fixup on BDW
drm/i915: Add a workaround for HSW scanline counter weirdness
drm/i915: Fix PSR programming
commit f280e89a (drivers: net: cpsw: fix for cpsw crash when build as modules)
moved cpts_register()/cpts_unregister() to ndo_open()/ndo_stop(), but failed
to remove cpts_register in cpsw_probe() which leads to a double registration
and the following debug object splat.
[ 18.991902] ODEBUG: init active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x2c
[ 19.082249] [<c0059e80>] (init_timer_key) from [<c04965d4>] (cpts_register+0x1f0/0x2c4)
[ 19.090642] [<c04965d4>] (cpts_register) from [<c04931dc>] (cpsw_ndo_open+0x780/0x81c)
[ 19.098948] [<c04931dc>] (cpsw_ndo_open) from [<c0599c2c>] (__dev_open+0xb4/0x118)
Signed-off-by: Benedikt Spranger <b.spranger@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull final final block IO fixes from Jens Axboe:
"Yes, the last round was final. This one is final final.
The mtip32xx fix could have waited, but it's so simple and gets rid of
two warning spewages on load. The two block flush fixes are critical
for blk-mq, and are the primary reason for this late pull request"
* 'for-linus' of git://git.kernel.dk/linux-block:
mtip32xx: fix bad use of smp_processor_id()
block: change flush sequence list addition back to front add
block: fix q->flush_rq NULL pointer crash on dm-mpath flush
Pull MIPS updates from Ralf Baechle:
"A fair number of fixes all across arch/mips. Nothing really stands
out though APRP, the FPU code and syscall tracing code received
multiple patches those all were small"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: mark O32+FP64 experimental for now
MIPS: ftrace: Fix icache flush range error
MIPS: Fix syscall tracing interface
MIPS: asm: syscall: Fix copying system call arguments
MIPS: Octeon: Fix fall through on bar type OCTEON_DMA_BAR_TYPE_SMALL
MIPS: FPU: Fix conflict of register usage
MIPS: Replace CONFIG_MIPS64 and CONFIG_MIPS32_R2
MIPS: math-emu: Fix prefx detection and COP1X function field definition
MIPS: APRP: Choose the correct VPE loader by fixing the linking
MIPS: APRP: Unregister rtlx interrupt hook at module exit
MIPS: APRP: Fix the linking of rtlx interrupt hook
MIPS: bcm47xx: Include missing errno.h for ENXIO
MIPS: Alchemy: Fix unchecked kstrtoul return value
MIPS: Fix randconfig build error.
1. For the 64 bits dma mask use dma_set_mask_and_coherent instead of
dma_set_mask and dma_set_coherent_mask.
2. For the 32 bits dma mask dma_set_coherent_mask is only called if
dma_set_mask fails, which is unusual. Assuming this as a bug, fixes
it by replacing calls to dma_set_mask and dma_set_coherent_mask by a
call to dma_set_mask_and_coherent.
Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com>
Tested-by: Jonas Hahnfeld <hahnjo@hahnjo.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is a small patch which uses ARRAY_SIZE macro
rather than a number to make code readability better.
Signed-off-by: Doug Wilson <doug.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When checking a system call return code for an error,
linux_sparc_syscall was sign-extending the lower 32-bit value and
comparing it to -ERESTART_RESTARTBLOCK. lseek can return valid return
codes whose lower 32-bits alone would indicate a failure (such as 4G-1).
Use the whole 64-bit value to check for errors. Only the 32-bit path
should sign extend the lower 32-bit value.
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Acked-by: Bob Picco <bob.picco@oracle.com>
Acked-by: Allen Pais <allen.pais@oracle.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
There was a overlap between the snd_soc_codec_set_cache_io() cleanup and the
addition of the sirf-audio-codec resulting in the sirf-audio-codec driver still
using the old signature of snd_soc_codec_set_cache_io(), which will cause a
compile error. Since the core is able to automatically setup IO for this driver
we can just remove both the snd_soc_set_cache_io() call and the control_data
assignment.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
The global DAI format is used only in the function
asoc_simple_card_parse_of(). So, move it from the private data
to the stack.
Signed-off-by: Jean-Francois Moine <moinejf@free.fr>
Reviewed-by: Xiubo Li <Li.Xiubo@freescale.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
When we boot with non-DT mode the damengine will need the channel number and
a filter function in order to get the channel.
The filter_data is filled in the DAI driver while the filter_function will
be provided by the edma-pcm driver.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Platform driver glue for SoC using eDMA3 to use dmaengine PCM.
The maximum number of periods need to be limited to 19 since the
edma dmaengine driver limits the paRAM slot use for audio at
in cyclic mode.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Mark Brown <broonie@linaro.org>
Commit 597ce1723e "MIPS: Support for 64-bit FP with O32 binaries"
introduced support for setting Status.FR=1 for O32 binaries with the
EF_MIPS_FP64 ELF header flag set. Whilst this flag is currently
supported by binutils it does introduce an ABI break within userland.
Objects built with EF_MIPS_FP64 cannot be safely linked with those built
without it since code in either object may assume behaviour specific to
a value of FR.
More recently there has been discussion around avoiding further
fragmentation of the O32 ABI whilst still allowing the use of FR=1 and
features such as MSA which depend upon it. Details of the plan to allow
this are still being worked on, and whilst the kernel will need the
ability to handle FR=1 with O32 tasks it is unclear what else it may
need to provide to a userland which seeks to avoid another ABI break. In
order to prevent the proliferation of userland which may rely upon the
current EF_MIPS_FP64 behaviour this patch marks the kernel support for
it experimental & disables it by default. Under current proposals it is
likely that this support can simply be enabled again later, but possibly
after the introduction of further interfaces with userland and support
for the MIPS R5 UFR feature.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Matthew Fortune <matthew.fortune@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Paul Burton <paul.burton@imgtec.com>
Patchwork: https://patchwork.linux-mips.org/patch/6549/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Pull HID fixes from Jiri Kosina:
- fix for ordering of device removal actions in hidraw, by Fernando
Luis Vázquez Cao
- fix for uninitialized workqueue usage in hid-sony, by Frank Praznik
- device ID addition for new variant of Logitech G27, from Simon Wood
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: hid-lg4ff: Support new version of G27
HID: hidraw: fix warning destroying hidraw device files after parent
HID: sony: Fix work queue issues.
In 32-bit mode, the start address passed to flush_icache_range is
shifted by 4 bytes before the second safe_store_code() call.
This causes system crash from time to time because the first 4 bytes
might not be flushed properly. This bug exists since linux-3.8.
Also remove obsoleted comment while at it.
Signed-off-by: Viller Hsiao <villerhsiao@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: rostedt@goodmis.org
Cc: fweisbec@gmail.com
Cc: mingo@redhat.com
Cc: Qais.Yousef@imgtec.com
Patchwork: https://patchwork.linux-mips.org/patch/6586/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The syscall_get_arguments function expects the arguments to be copied
to the '*args' argument but instead a local variable was used to hold
the system call argument. As a result of which, this variable was
never passed to the filter and any filter testing the system call
arguments would fail. This is fixed by passing the '*args' variable
as the destination memory for the system call arguments.
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Reviewed-by: Paul Burton <paul.burton@imgtec.com>
Reviewed-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/6402/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Regulator code keep count of enables and disables. Double disable
causes an ugly warning.
Signed-off-by: Jyri Sarha <jsarha@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Pull scheduler fixes from Ingo Molnar:
"Three small fixes"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/clock: Prevent tracing recursion in sched_clock_cpu()
stop_machine: Fix^2 race between stop_two_cpus() and stop_cpus()
sched/deadline: Deny unprivileged users to set/change SCHED_DEADLINE policy
Pull perf fixes from Ingo Molnar:
"Misc smaller fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86: Fix leak in uncore_type_init failure paths
perf machine: Use map as success in ip__resolve_ams
perf symbols: Fix crash in elf_section_by_name
perf trace: Decode architecture-specific signal numbers
While testing and documenting the msgrcv() MSG_COPY flag that Stanislav
Kinsbursky added in commit 4a674f34ba ("ipc: introduce message queue
copy feature" => kernel 3.8), I discovered a couple of bugs in the
implementation. The two bugs concern MSG_COPY interactions with other
msgrcv() flags, namely:
(A) MSG_COPY + MSG_EXCEPT
(B) MSG_COPY + !IPC_NOWAIT
The bugs are distinct (and the fix for the first one is obvious),
however my fix for both is a single-line patch, which is why I'm
combining them in a single mail, rather than writing two mails+patches.
===== (A) MSG_COPY + MSG_EXCEPT =====
With the addition of the MSG_COPY flag, there are now two msgrcv()
flags--MSG_COPY and MSG_EXCEPT--that modify the meaning of the 'msgtyp'
argument in unrelated ways. Specifying both in the same call is a
logical error that is currently permitted, with the effect that MSG_COPY
has priority and MSG_EXCEPT is ignored. The call should give an error
if both flags are specified. The patch below implements that behavior.
===== (B) (B) MSG_COPY + !IPC_NOWAIT =====
The test code that was submitted in commit 3a665531a3 ("selftests: IPC
message queue copy feature test") shows MSG_COPY being used in
conjunction with IPC_NOWAIT. In other words, if there is no message at
the position 'msgtyp'. return immediately with the error in ENOMSG.
What was not (fully) tested is the behavior if MSG_COPY is specified
*without* IPC_NOWAIT, and there is an odd behavior. If the queue
contains less than 'msgtyp' messages, then the call blocks until the
next message is written to the queue. At that point, the msgrcv() call
returns a copy of the newly added message, regardless of whether that
message is at the ordinal position 'msgtyp'. This is clearly bogus, and
problematic for applications that might want to make use of the MSG_COPY
flag.
I considered the following possible solutions to this problem:
(1) Force the call to block until a message *does* appear at the
position 'msgtyp'.
(2) If the MSG_COPY flag is specified, the kernel should implicitly add
IPC_NOWAIT, so that the call fails with ENOMSG for this case.
(3) If the MSG_COPY flag is specified, but IPC_NOWAIT is not, generate
an error (probably, EINVAL is the right one).
I do not know if any application would really want to have the
functionality of solution (1), especially since an application can
determine in advance the number of messages in the queue using msgctl()
IPC_STAT. Obviously, this solution would be the most work to implement.
Solution (2) would have the effect of silently fixing any applications
that tried to employ broken behavior. However, it would mean that if we
later decided to implement solution (1), then user-space could not
easily detect what the kernel supports (but, since I'm somewhat doubtful
that solution (1) is needed, I'm not sure that this is much of a
problem).
Solution (3) would have the effect of informing broken applications that
they are doing something broken. The downside is that this would cause
a ABI breakage for any applications that are currently employing the
broken behavior. However:
a) Those applications are almost certainly not getting the results they
expect.
b) Possibly, those applications don't even exist, because MSG_COPY is
currently hidden behind CONFIG_CHECKPOINT_RESTORE.
The upside of solution (3) is that if we later decided to implement
solution (1), user-space could determine what the kernel supports, via
the error return.
In my view, solution (3) is mildly preferable to solution (2), and
solution (1) could still be done later if anyone really cares. The
patch below implements solution (3).
PS. For anyone out there still listening, it's the usual story:
documenting an API (and the thinking about, and the testing of the API,
that documentation entails) is the one of the single best ways of
finding bugs in the API, as I've learned from a lot of experience. Best
to do that documentation before releasing the API.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Acked-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: stable@vger.kernel.org
Cc: Serge Hallyn <serge.hallyn@canonical.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is a set of six fixes. Two are instant crash/null deref types (storvsc
and isci). The two qla2xxx are initialisation problems that cause MSI-X
failures and card misdetection, the isci erroneous macro is actually illegal C
that's causing a miscompile with certain gcc versions and the be2iscsi bad if
expression is a static checker fix.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJTJI/eAAoJEDeqqVYsXL0MSLkH/2uYBN9YkO6rkafxcIUYY0Ck
8+3xf7qdLVaEYoERkXQOncHg8r0BYWaUl0oi/K5nzq4chvMH3SW5L360SYRLT6Hs
0F2pFZ2bO192FPBSB2zxrkSDYmEtzBviUFbiWwVH2i1GJCGDMvI9TfDVbdnfF5Eh
YB5INjZQ0r5eS45uR5xo5VTotMOUd/3lfYCfcOLDB77SzkX280+OUXJOxRND4QtM
xKcWCahSR2ALzxy4+OUsSHsQNizjEufeDiTij1h9GJctbtPXgm4hRO04AEB2a0aQ
OBI5kKZobqh5DJgknBsASvYNDOaVOVlzML5Qs9m+ie1IEQBOtV6u1rQAONThy/8=
=1qQW
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is a set of six fixes. Two are instant crash/null deref types
(storvsc and isci). The two qla2xxx are initialisation problems that
cause MSI-X failures and card misdetection, the isci erroneous macro
is actually illegal C that's causing a miscompile with certain gcc
versions and the be2iscsi bad if expression is a static checker fix"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] storvsc: NULL pointer dereference fix
[SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
[SCSI] isci: correct erroneous for_each_isci_host macro
[SCSI] isci: fix reset timeout handling
[SCSI] be2iscsi: fix bad if expression
[SCSI] qla2xxx: Fix multiqueue MSI-X registration.
John W. Linville says:
====================
Please pull these last(?) few wireless bits intended for the 3.14
stream. Each is here to address a problem found with a patch already
merged...
Dave Jones gives us a memory leak fix, for an error path in brcmfmac.
Felix Fietkau moves a small delay to make it actually reachable.
Helmut Schaa fixes an ath9k sequence numbering problem for non-data
frames.
Stanislaw Gruszka reverts an earlier fix that was found to cause
random connection drops on RT5390 PCI adapters
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Callers of phy_ethtool_get_wol are supposed to provide a properly
cleared struct ethtool_wolinfo. Therefore, fix phy_suspend to clear
it before passing it to phy_ethtool_get_wol.
Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Reviewed-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
If this is added to the driver files, then maybe it's
appropriate to add to MAINTAINERS as well.
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull x86 fixes from Peter Anvin:
"Two x86 fixes: Suresh's eager FPU fix, and a fix to the NUMA quirk for
AMD northbridges.
This only includes Suresh's fix patch, not the "mostly a cleanup"
patch which had __init issues"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
- A recent ACPI resources handling fix overlooked the fact that it had
to update the ACPI PNP subsystem's resources parsing too and caused
confusing warning messages to be printed during system intialization
on some systems (with arguably buggy ACPI tables). Fix from Zhang Rui.
- Moving the early ACPI initialization before timekeeping_init() earlier
in this cycle broke fast TSC calibration on at least one system, so it
needs to be done later, but still before efi_enter_virtual_mode() to
allow the EFI initialization to refer to ACPI.
- A change related to code duplication reduction in the cpufreq core
inadvertently caused cpufreq intialization to fail for some CPUs
handled by intel_pstate by adding checks that may fail for that
driver, but aren't even necessary when it is used. The issue is
addressed by preventing those checks from run in the configurations
in which they aren't needed.
- If the Hardware Reduced ACPI flag is set in the ACPI tables, system
suspend, hibernation and ACPI power off will only work when special
sleep control and sleep status registeres are provided (their
addresses in the ACPI tables are not zero). If those registers are
not available, the features in question have no chances to work,
so they shouldn't even be regarded as supported. That helps with
power off in particular, because alternative power off methods may
be used then and they may actually work.
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJTIyh1AAoJEILEb/54YlRxvw0P/RZIXtY5+c87JSRy+T1BBhN0
icpA7Qxu2unfckyR+anEIwrOFV7cvAMti7vJONWtSaFjp4sF8u2oEzs5T92DN74z
455sdieSZiTwDlvcbehSiaX6LFniK5OYLZ2RFGYh1D9uoxCSzfb9eugo7RNR+2iO
UMTMQG2RmI2bmjLHLTzotMRxmjRd8RSMVAwvyNULgDAZlrmfKwojqKyJUB7NThAm
kfAqVfzGs49+i0KF9hQrMeCEfNQF3Kj/HWMM78GHBNYu1uJVv+gXxMRUd8F9rGAO
d4Xy14lfLpjPeH/DCO+hqA9eu74gM5nwjM3DbUnsFtt+FUmyBPemnTHCksUfHEeH
wZlzuW0CndRqLijQa9tcFD6eeyh2tMztXCDu8r/UhpW1yGPkmW+SAU36SqqbmaGv
knU+2jte4i/p4etNyPlfNb9mX9G59QQLISkRRfD8hnMm79TGaVT1tVGQ8RCqEG8p
73kVhISZ2WLjO9dLG5q/3uzFvZdJNWPfI/9l570mz2M5+X7VeCMA/tDx5ofDz/hQ
5JWvqIzYDSSOGxTtB1xR9TuwtQblAnsiVlqUoEwfqZ8O8u+RdvP5ymgUREPvLQFN
jkCS1hdFleudZxqrn29MeEOJJg7DvFPyliMVvCxB2k1bg4HgJYWoZ0Hv0v0SKTd9
aCjbIOYxiLYV9clBSyLZ
=d2+L
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-3.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"Three of these are regression fixes, for two recent regressions and
one introduced during the 3.13 cycle, and the fourth one is a working
version of the fix that had to be reverted last time.
Specifics:
- A recent ACPI resources handling fix overlooked the fact that it
had to update the ACPI PNP subsystem's resources parsing too and
caused confusing warning messages to be printed during system
intialization on some systems (with arguably buggy ACPI tables).
Fix from Zhang Rui.
- Moving the early ACPI initialization before timekeeping_init()
earlier in this cycle broke fast TSC calibration on at least one
system, so it needs to be done later, but still before
efi_enter_virtual_mode() to allow the EFI initialization to refer
to ACPI.
- A change related to code duplication reduction in the cpufreq core
inadvertently caused cpufreq intialization to fail for some CPUs
handled by intel_pstate by adding checks that may fail for that
driver, but aren't even necessary when it is used. The issue is
addressed by preventing those checks from run in the configurations
in which they aren't needed.
- If the Hardware Reduced ACPI flag is set in the ACPI tables, system
suspend, hibernation and ACPI power off will only work when special
sleep control and sleep status registeres are provided (their
addresses in the ACPI tables are not zero). If those registers are
not available, the features in question have no chances to work, so
they shouldn't even be regarded as supported. That helps with
power off in particular, because alternative power off methods may
be used then and they may actually work"
* tag 'pm+acpi-3.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states
ACPI / init: Invoke early ACPI initialization later
cpufreq: Skip current frequency initialization for ->setpolicy drivers
PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures
- fix corruption with >2TB fast device due to truncation bug
- fix access beyond end of origin device due to a partial block
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTIxzQAAoJEMUj8QotnQNa2AkIAMXpgGCvxAtuE072ARf2kwxx
qtTtdYms/r1ss8keOgACSDgcrn+NMjk4IP4+s54Iz7tViEgIF148gvqgbSeHwNzk
Vy49aIbVPj8GIqFxuFeS03DnBZ/loEWiLtiHG2BgKnNRy1NmLvGwLoYsrrn9RHWG
AAa4a2cCW/BcrYMJoZSYhlPEEPPvoqSpWTVJr1rjTkmQAAZSsOzsBdklkrEQtHzW
Sle8/OKp4tYwBmXml5XsfAPG+pNRkd7HizIRkJ0roP5iIWHLdnpGUvboKYdu1rVp
rxEl/nQeXzd8zDsUNvoRQs8CLmtEhBBj0h+L+P2Y3Aj7fNg67ismt25mplQWZsY=
=/XEY
-----END PGP SIGNATURE-----
Merge tag 'dm-3.14-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
Pull device-mapper fixes form Mike Snitzer:
"Two small fixes for the DM cache target:
- fix corruption with >2TB fast device due to truncation bug
- fix access beyond end of origin device due to a partial block"
* tag 'dm-3.14-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm cache: fix access beyond end of origin device
dm cache: fix truncation bug when copying a block to/from >2TB fast device
Bar type OCTEON_DMA_BAR_TYPE_SMALL assigns lo and hi addresses and
then falls through to OCTEON_DMA_BAR_TYPE_BIG that re-assignes lo and
hi addresses with totally different values. Add a break so we don't
fall through.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: David Daney <ddaney@caviumnetworks.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/6529/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The reference count of some device nodes is not correctly reset
at end of card probe.
Signed-off-by: Jean-Francois Moine <moinejf@free.fr>
Signed-off-by: Mark Brown <broonie@linaro.org>