There is only one error code to return for a bad user-space buffer
pointer passed to a system call in the same address space as the
system call is executed, and that is EFAULT. Furthermore, the
low-level access routines, which catch most of the faults, return
EFAULT already.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@hack.frob.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The regset common infrastructure assumed that regsets would always
have .get and .set methods, but not necessarily .active methods.
Unfortunately people have since written regsets without .set methods.
Rather than putting in stub functions everywhere, handle regsets with
null .get or .set methods explicitly.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@hack.frob.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git commit 25f269f173 "[S390] qdio: EQBS retry after CCQ 96"
introduced a regression in regard to the zfcp data router.
Revoke the incorrect simplification of the function call arguments
for the qdio handler to make the zfcp hardware data router working
again.
This is applicable to 3.2+ kernels.
Signed-off-by: Steffen Maier <maier@linux.vnet.ibm.com>
Reviewed-by: Jan Glauber <jang@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This patch (as1519) fixes a bug in the block layer's disk-events
polling. The polling is done by a work routine queued on the
system_nrt_wq workqueue. Since that workqueue isn't freezable, the
polling continues even in the middle of a system sleep transition.
Obviously, polling a suspended drive for media changes and such isn't
a good thing to do; in the case of USB mass-storage devices it can
lead to real problems requiring device resets and even re-enumeration.
The patch fixes things by creating a new system-wide, non-reentrant,
freezable workqueue and using it for disk-events polling.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@kernel.org>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Set CommandMailbox with memset before use it. Fix for:
drivers/block/DAC960.c: In function ‘DAC960_V1_EnableMemoryMailboxInterface’:
arch/x86/include/asm/io.h:61:1: warning: ‘CommandMailbox.Bytes[12]’
may be used uninitialized in this function [-Wuninitialized]
drivers/block/DAC960.c:1175:30: note: ‘CommandMailbox.Bytes[12]’
was declared here
Signed-off-by: Danny Kukawka <danny.kukawka@bisect.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Fixed compiler warning:
comparison between ‘DAC960_V2_IOCTL_Opcode_T’ and ‘enum <anonymous>’
Renamed enum, added a new enum for SCSI_10.CommandOpcode in
DAC960_V2_ProcessCompletedCommand().
Signed-off-by: Danny Kukawka <danny.kukawka@bisect.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
The following situation might occur:
__blkdev_get: add_disk:
register_disk()
get_gendisk()
disk_block_events()
disk->ev == NULL
disk_add_events()
__disk_unblock_events()
disk->ev != NULL
--ev->block
Then we unblock events, when they are suppose to be blocked. This can
trigger events related block/genhd.c warnings, but also can crash in
sd_check_events() or other places.
I'm able to reproduce crashes with the following scripts (with
connected usb dongle as sdb disk).
<snip>
DEV=/dev/sdb
ENABLE=/sys/bus/usb/devices/1-2/bConfigurationValue
function stop_me()
{
for i in `jobs -p` ; do kill $i 2> /dev/null ; done
exit
}
trap stop_me SIGHUP SIGINT SIGTERM
for ((i = 0; i < 10; i++)) ; do
while true; do fdisk -l $DEV 2>&1 > /dev/null ; done &
done
while true ; do
echo 1 > $ENABLE
sleep 1
echo 0 > $ENABLE
done
</snip>
I use the script to verify patch fixing oops in sd_revalidate_disk
http://marc.info/?l=linux-scsi&m=132935572512352&w=2
Without Jun'ichi Nomura patch titled "Fix NULL pointer dereference in
sd_revalidate_disk" or this one, script easily crash kernel within
a few seconds. With both patches applied I do not observe crash.
Unfortunately after some time (dozen of minutes), script will hung in:
[ 1563.906432] [<c08354f5>] schedule_timeout_uninterruptible+0x15/0x20
[ 1563.906437] [<c04532d5>] msleep+0x15/0x20
[ 1563.906443] [<c05d60b2>] blk_drain_queue+0x32/0xd0
[ 1563.906447] [<c05d6e00>] blk_cleanup_queue+0xd0/0x170
[ 1563.906454] [<c06d278f>] scsi_free_queue+0x3f/0x60
[ 1563.906459] [<c06d7e6e>] __scsi_remove_device+0x6e/0xb0
[ 1563.906463] [<c06d4aff>] scsi_forget_host+0x4f/0x60
[ 1563.906468] [<c06cd84a>] scsi_remove_host+0x5a/0xf0
[ 1563.906482] [<f7f030fb>] quiesce_and_remove_host+0x5b/0xa0 [usb_storage]
[ 1563.906490] [<f7f03203>] usb_stor_disconnect+0x13/0x20 [usb_storage]
Anyway I think this patch is some step forward.
As drawback, I do not teardown on sysfs file create error, because I do
not know how to nullify disk->ev (since it can be used). However add_disk
error handling practically does not exist too, and things will work
without this sysfs file, except events will not be exported to user
space.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Since 2.6.39 (1196f8b), when a driver returns -ENOMEDIUM for open(),
__blkdev_get() calls rescan_partitions() to remove
in-kernel partition structures and raise KOBJ_CHANGE uevent.
However it ends up calling driver's revalidate_disk without open
and could cause oops.
In the case of SCSI:
process A process B
----------------------------------------------
sys_open
__blkdev_get
sd_open
returns -ENOMEDIUM
scsi_remove_device
<scsi_device torn down>
rescan_partitions
sd_revalidate_disk
<oops>
Oopses are reported here:
http://marc.info/?l=linux-scsi&m=132388619710052
This patch separates the partition invalidation from rescan_partitions()
and use it for -ENOMEDIUM case.
Reported-by: Huajun Li <huajun.li.lee@gmail.com>
Signed-off-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Fix transport header size
Fix the transpoert header size for UDP packets.
Signed-off-by: Shreyas N Bhatewara <sbhatewara@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Watchdog updates from Wim Van Sebroeck:
* git://www.linux-watchdog.org/linux-watchdog:
watchdog: fix GETTIMEOUT ioctl in booke_wdt
watchdog: update maintainers git entry
watchdog: Fix typo in pnx4008_wdt.c
watchdog: Fix typo in Kconfig
watchdog: fix error in probe() of s3c2410_wdt (reset at booting)
watchdog: hpwdt: clean up set_memory_x call for 32 bit
Pull from Mark Brown:
"A simple, driver specific fix. This device isn't widely used outside
of Marvell reference boards most of which are probably used with their
BSPs rather than with mainline so low risk."
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: fix the ldo configure according to 88pm860x spec
i2c bugfix from Wolfram Sang:
"This patch fixes a wrong assumption in the mxs-i2c-driver about a
command queue being done. Without it, we have seen races when the
bus was under load."
* 'i2c-embedded/for-3.3' of git://git.pengutronix.de/git/wsa/linux-2.6:
i2c: mxs: only flag completion when queue is completely done
DRM fixes from Dave Airlie:
intel: fixes for output regression on 965GM, an oops and a machine
hang
radeon: uninitialised var (that gcc didn't warn about for some reason)
+ a couple of correctness fixes.
exynos: fixes for various things, drop some chunks of unused code.
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/kms/vm: fix possible bug in radeon_vm_bo_rmv()
drm/radeon: fix uninitialized variable
drm/radeon/kms: fix radeon_dp_get_modes for LVDS bridges (v2)
drm/i915: Remove use of the autoreported ringbuffer HEAD position
drm/i915: Prevent a machine hang by checking crtc->active before loading lut
drm/i915: fix operator precedence when enabling RC6p
drm/i915: fix a sprite watermark computation to avoid divide by zero if xpos<0
drm/i915: fix mode set on load pipe. (v2)
drm/exynos: exynos_drm.h header file fixes
drm/exynos: added panel physical size.
drm/exynos: added postclose to release resource.
drm/exynos: removed exynos_drm_fbdev_recreate function.
drm/exynos: fixed page flip issue.
drm/exynos: added possible_clones setup function.
drm/exynos: removed pageflip_event_list init code when closed.
drm/exynos: changed priority of mixer layers.
drm/exynos: Fix typo in exynos_mixer.c
Pull s390 fixes from Martin Schwidefsky
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
[S390] memory hotplug: prevent memory zone interleave
[S390] crash_dump: remove duplicate include
[S390] KEYS: Enable the compat keyctl wrapper on s390x
"num_vfs" is a u32 but we only use the high 16 bits and the low 16bits
are left as zero. That isn't a problem for little endian systems but it
will break on big endian ones.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
pch_gbe_validate_option() modifies 32 bits of memory but we pass
&hw->phy.autoneg_advertised which only has 16 bits and &hw->mac.fc
which only has 8 bits.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Carlos was getting
WARNING: at drivers/pci/pci.c:118 pci_ioremap_bar+0x24/0x52()
when probing his sound card, and sound did not work. After adding
pci=use_crs to the kernel command line, no more trouble.
Ok, we can add a quirk. dmidecode output reveals that this is an MSI
MS-7253, for which we already have a quirk, but the short-sighted
author tied the quirk to a single BIOS version, making it not kick in
on Carlos's machine with BIOS V1.2. If a later BIOS update makes it
no longer necessary to look at the _CRS info it will still be
harmless, so let's stop trying to guess which versions have and don't
have accurate _CRS tables.
Addresses https://bugtrack.alsa-project.org/alsa-bug/view.php?id=5533
Also see <https://bugzilla.kernel.org/show_bug.cgi?id=42619>.
Reported-by: Carlos Luna <caralu74@gmail.com>
Reviewed-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
* 'at91-fixes' of git://github.com/at91linux/linux-at91:
ARM: at91/dma: DMA controller registering with DT support
ARM: at91/dma: remove platform data from DMA controller
A small fix for the SSI driver and a fix for system shutdown with modern
devices. Most of the modern devices will never get shut down normally
with a visible kernel log as the systems they're in tend not to shut
down often and when they do it's usually in form factors that don't have
a user visible console.
There are two issues on the default delivery system setting for smsusb:
1) instead of filling the delivery system for the per-client
frontend.ops, it were changing the global structure;
2) The client->frontend.ops copy were keeping the previous value
of the template. So, the first time the device was inserted,
it was using the wrong value.
Reported-by: Eddi De Pieri <eddi@depieri.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
memblock allocator aligns @size to @align to reduce the amount
of fragmentation. Commit:
7bd0b0f0da ("memblock: Reimplement memblock allocation using reverse free area iterator")
Broke it by incorrectly relocating @size aligning to
memblock_find_in_range_node(). As the aligned size is not
propagated back to memblock_alloc_base_nid(), the actually
reserved size isn't aligned.
While this increases memory use for memblock reserved array,
this shouldn't cause any critical failure; however, it seems
that the size aligning was hiding a use-beyond-allocation bug in
sparc64 and losing the aligning causes boot failure.
The underlying problem is currently being debugged but this is a
proper fix in itself, it's already pretty late in -rc cycle for
boot failures and reverting the change for debugging isn't
difficult. Restore the size aligning moving it to
memblock_alloc_base_nid().
Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: Grant Likely <grant.likely@secretlab.ca>
Cc: Rob Herring <rob.herring@calxeda.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Link: http://lkml.kernel.org/r/20120228205621.GC3252@dhcp-172-17-108-109.mtv.corp.google.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
LKML-Reference: <alpine.SOC.1.00.1202130942030.1488@math.ut.ee>
Commit b27b072791 (ARM: 7265/1: restart: S3C24XX: use new restart hook)
introduced the new restart hook also for the S3C244x cpus, but it
was only defined in the S3C2440 scope, i.e. when CPU_S3C2440 was
selected. Devices using the S3C2442 like the GTA02 normally don't select
this CPU which leads to compilation errors like:
LD .tmp_vmlinux1
arch/arm/mach-s3c2440/built-in.o:(.arch.info.init+0x3c): undefined reference
to `s3c2440_restart'
make: *** [.tmp_vmlinux1] Error 1
Therefore move the s3c2440_restart function to s3c244x.c which is
common to both cpus and also fix the naming to reflect this.
Reported-and-tested-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
commit e562966dba added support for S4 to
the balloon driver. The freeze function did nothing to free the pages,
since reclaiming the pages from the host to immediately give them back
(if S4 was successful) seemed wasteful. Also, if S4 wasn't successful,
the guest would have to re-fill the balloon. On restore, the pages were
supposed to be marked freed and the free page counters were incremented
to reflect the balloon was totally deflated.
However, this wasn't done right. The pages that were earlier taken away
from the guest during a balloon inflation operation were just shown as
used pages after a successful restore from S4. Just a fancy way of
leaking lots of memory.
Instead of trying that, just leak the balloon on freeze and fill it on
restore/thaw paths. This works properly now. The optimisation to not
leak can be added later on after a bit of refactoring of the code.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ovl->enable/disable are meant to be synchronous so that they can handle
the configuration of fifo sizes. The current kernel doesn't configure
fifo sizes yet, and so the code doesn't need to block to function (from
omapdss driver's perspective).
However, for the users of omapdss a non-blocking ovl->disable is
confusing, because they don't know when the memory area is not used
any more.
Furthermore, when the fifo size configuration is added in the next merge
window, the change from non-blocking to blocking could cause side
effects to the users of omapdss. So by making the functions block
already will keep them behaving in the same manner.
And, while not the main purpose of this patch, this will also remove the
compile warning:
drivers/video/omap2/dss/apply.c:350: warning:
'wait_pending_extra_info_updates' defined but not used
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
panel-dvi uses i2c, but the Kconfig didn't have dependency on I2C. Add
it.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Add missing break statement in the function omap3xxx_check_revision.
The commit id 4390f5b2cb [ARM: OMAP: TI814X: Add cpu type macros
and detection support], removed the 'break' statement from the function
omap3xxx_check_revision(), resulting into wrong omap/cpu_revision
initialization for AM335x devices.
Signed-off-by: Vaibhav Hiremath <hvaibhav@ti.com>
[tony@atomide.com: refreshed to apply after changes to cpu_rev]
Signed-off-by: Tony Lindgren <tony@atomide.com>
If threads in a multi-threaded process have names shorter than the main
thread the comm for the named threads is not properly terminated.
E.g., for the process 'namedthreads' where each thread is named noploop%d
where %d is the thread number:
Before:
perf script -f comm,tid,ip,sym,dso
noploop:4ads 21616 400a49 noploop (/tmp/namedthreads)
The 'ads' in the thread comm bleeds over from the process name.
After:
perf script -f comm,tid,ip,sym,dso
noploop:4 21616 400a49 noploop (/tmp/namedthreads)
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1330111898-68071-1-git-send-email-dsahern@gmail.com
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Arnd Bergmann says:
"Another set of arm-soc bug fixes on top of v3.3-rc5. The few larger
bits are all for devices that still need to get set up in board code.
Only three platforms are in this set of fixes: omap2+, pxa and lpc32xx."
* tag 'fixes-3.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits)
ARM: LPC32xx: serial.c: Fixed loop limit
ARM: LPC32xx: serial.c: HW bug workaround
ARM: LPC32xx: irq.c: Clear latched event
ARM: LPC32xx: Fix interrupt controller init
ARM: LPC32xx: Fix irq on GPI_28
ARM: OMAP2: fix mailbox init code
ARM: OMAP2+: gpmc-smsc911x: add required smsc911x regulators
ARM: OMAP1: Fix out-of-bounds array access for Innovator
OMAP3 EVM: remove out-of-bounds array access of gpio_leds
ARM: OMAP: Fix build error when mmc_omap is built as module
ARM: OMAP: Fix kernel panic with HSMMC when twl4030_gpio is a module
pxa/hx4700: add platform device and I2C info for AK4641 codec
arch/arm/mach-pxa/: included linux/gpio.h twice
arch/arm/mach-mmp/: some files include some headers twice
ARM: pxa: fix error handling in pxa2xx_drv_pcmcia_probe
ARM: pxa: fix including linux/gpio.h twice
ARM: pxa: fix mixed declarations and code in sharpsl_pm
ARM: pxa: fix wrong parsing gpio event on spitz
ARM: OMAP2+: usb-host: fix compile warning
ARM: OMAP4: Move the barrier memboclk_steal() as part of reserve callback
...
tg3_get_stats64() takes tp->lock when dealing with non-serdes bcm5700
and bcm5701 devices. However, functions that call tg3_halt() have
already acquired tp->lock. When tg3_get_stats64() is called in
tg3_halt(), deadlock will occur.
This patch fixes the problem by separating the stat gathering code into
a new tg3_get_nstats() function. tg3_get_stats64() is recoded to call
this function and take tp->lock. The code that takes tp->lock in
tg3_calc_crc_errors() has been removed. Function signatures have been
cleaned up too.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Build fixes for 3.3 from Jonas Bonn
* tag 'for-3.3' of git://openrisc.net/jonas/linux:
openrisc: Fix up audit_syscall_[entry|exit]() usage
openrisc: include export.h for EXPORT_SYMBOL
Recent commit
"mwifiex: clear previous security setting during association"
fixes association failure problems observed in some corner cases
by clearing previous security setting before each association.
We should reset encryption mode flag as well. This patch takes care
of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Nicolas Cavallari discovered that carl9170 has some
serious problems delivering data to sleeping stations.
It turns out that the driver was not honoring two
important flags (IEEE80211_TX_CTL_POLL_RESPONSE and
IEEE80211_TX_CTL_CLEAR_PS_FILT) which are set on
frames that should be sent although the receiving
station is still in powersave mode.
Cc: stable <stable@vger.kernel.org>
Reported-by: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
On Access Point mode, when transmitting a packet, if the destination
station is in powersave mode, we abort transmitting the packet to the
device queue, but we do not reclaim the allocated memory. Given enough
packets, we can go in a state where there is no packet on the device
queue, but we think the device has no memory left, so no packet gets
transmitted, connections breaks and the AP stops working.
This undo the allocation done in the TX path when the station is in
power-save mode.
Signed-off-by: Nicolas Cavallari <cavallar@lri.fr>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The bo is removed from the list at the top of
radeon_vm_bo_rmv(), but then the list is used
in radeon_vm_bo_update_pte() to look up the vm.
remove the bo_list entry at the end of the
function instead.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Jerome Glisse <j.glisse@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Device tree support on at91sam9g45 family SoC. Only call
platform_device_register() if no dma-controller node is
found in device tree.
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Grant Likely <grant.likely@secretlab.ca>
DMA controller can deduce its configuration data from
the platform. Remove the platform data and match device
types with the compatible ones.
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Grant Likely <grant.likely@secretlab.ca>
Some codecs don't supply the mute amp-capabilities although the lowest
volume gives the mute. It'd be handy if the parser provides the mute
mixers in such a case.
This patch adds an extension amp-cap bit (which is used only in the
driver) to represent the min volume = mute state. Also modified the
amp cache code to support the fake mute feature when this bit is set
but the real mute bit is unset.
In addition, conexant cx5051 parser uses this new feature to implement
the missing mute controls.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42825
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Without this fix the driver randomly treats
textures as arrays and I'm really wondering
why gcc isn't complaining about it.
Signed-off-by: Christian König <deathsimple@vodafone.de>
Reviewed-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
