92a19f9cec introduced a local variable
with the same name as the argument to bcm_uart_do_rx, breaking
compilation. Fix this by renaming the new variable and its uses where
expected.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
Acked-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
I've managed to find an 8 port version of the card 4 port card which was discussed here:
http://marc.info/?l=linux-serial&m=120760744205314&w=2
Looking back at that thread there were two issues in the original patch.
1) The I/O ports for the UARTs are within BAR2 not BAR0. This can been seen in the original post.
2) A serial quirk isn't needed as these cards have no memory in BAR0 which makes pci_plx9050_init just return.
This patch fixes the 4 port support to use BAR2, removes the bogus quirk and adds support for the 8 port card.
$ lspci -vvv -n -s 00:08.0
00:08.0 0780: 10b5:9050 (rev 01)
Subsystem: 10b5:1588
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 17
Region 1: I/O ports at ff00 [size=128]
Region 2: I/O ports at fe00 [size=64]
Region 3: I/O ports at fd00 [size=8]
Capabilities: <access denied>
Kernel driver in use: serial
$ dmesg | grep 0000:00:08.0:
[ 0.083320] pci 0000:00:08.0: [10b5:9050] type 0 class 0x000780
[ 0.083355] pci 0000:00:08.0: reg 14: [io 0xff00-0xff7f]
[ 0.083369] pci 0000:00:08.0: reg 18: [io 0xfe00-0xfe3f]
[ 0.083382] pci 0000:00:08.0: reg 1c: [io 0xfd00-0xfd07]
[ 0.083460] pci 0000:00:08.0: PME# supported from D0 D3hot
[ 1.212867] 0000:00:08.0: ttyS4 at I/O 0xfe00 (irq = 17) is a 16550A
[ 1.233073] 0000:00:08.0: ttyS5 at I/O 0xfe08 (irq = 17) is a 16550A
[ 1.253270] 0000:00:08.0: ttyS6 at I/O 0xfe10 (irq = 17) is a 16550A
[ 1.273468] 0000:00:08.0: ttyS7 at I/O 0xfe18 (irq = 17) is a 16550A
[ 1.293666] 0000:00:08.0: ttyS8 at I/O 0xfe20 (irq = 17) is a 16550A
[ 1.313863] 0000:00:08.0: ttyS9 at I/O 0xfe28 (irq = 17) is a 16550A
[ 1.334061] 0000:00:08.0: ttyS10 at I/O 0xfe30 (irq = 17) is a 16550A
[ 1.354258] 0000:00:08.0: ttyS11 at I/O 0xfe38 (irq = 17) is a 16550A
Signed-off-by: Scott Ashcroft <scott.ashcroft@talk21.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove the extra code left over when the serial driver was changed
to require a clock. There is no fallback to 24Mhz as a clock is
now required.
Also remove a second call to of_clk_get which is unnecessary.
Signed-off-by: Tony Prisk <linux@prisktech.co.nz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mpc512x platform clock code names PSC clocks as "pscX_mclk" but
the driver tries to get "pscX_clk" clock and this results in
errors like:
mpc52xx-psc-uart 80011700.psc: Failed to get PSC clock entry!
The problem appears when opening ttyPSC devices other than the
system's serial console. Since getting and enabling the PSC clock
fails, uart port startup doesn't succeed and tty flag TTY_IO_ERROR
remains set causing further errors in tty ioctls, i.e.
'strace stty -F /dev/ttyPSC1' shows:
open("/dev/ttyPSC1", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 3
dup2(3, 0) = 0
close(3) = 0
fcntl64(0, F_GETFL) = 0x10800 (flags O_RDONLY|O_NONBLOCK|O_LARGEFILE)
fcntl64(0, F_SETFL, O_RDONLY|O_LARGEFILE) = 0
ioctl(0, TCGETS, 0xbff89038) = -1 EIO (Input/output error)
Only request PSC clock names that the platform actually provides.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Bug added added in commit 05e8ef4ab2 (net: factor out
skb_mac_gso_segment() from skb_gso_segment() ) ]
move vlan_depth out of while loop, or else vlan_depth always is ETH_HLEN,
can not be increased, and lead to infinite loop when frame has two vlan headers.
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the connection list expansion in hda_codec.c and hda_proc.c, the
value returned from snd_hda_get_num_raw_conns() is used as the array
size to store the connection list. However, the function returns
simply a raw value of the AC_PAR_CONNLIST_LEN parameter, and the
widget list with ranges isn't considered there. Thus it may return a
smaller size than the actual list, which results in -ENOSPC in
snd_hda_get_raw_conections().
This patch fixes the bug by parsing the connection list correctly also
for snd_hda_get_num_raw_conns().
Reported-and-tested-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
If you open a pipe for neither read nor write, the pipe code will not
add any usage counters to the pipe, causing the 'struct pipe_inode_info"
to be potentially released early.
That doesn't normally matter, since you cannot actually use the pipe,
but the pipe release code - particularly fasync handling - still expects
the actual pipe infrastructure to all be there. And rather than adding
NULL pointer checks, let's just disallow this case, the same way we
already do for the named pipe ("fifo") case.
This is ancient going back to pre-2.4 days, and until trinity, nobody
naver noticed.
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Via Sekhar Nori <nsekhar@ti.com>:
This patch fixes a boot breakage on DA830
that was introduced with EDMA DMA engine
conversion. The bug has been there since
v3.7 and has been marked for stable update.
* tag 'davinci-for-v3.9-rc/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci:
ARM: davinci: edma: fix dmaengine induced null pointer dereference on da830
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Commit 455bd4c430 ("ARM: 7668/1: fix memset-related crashes caused by
recent GCC (4.7.2) optimizations") attempted to fix a compliance issue
with the memset return value. However the memset itself became broken
by that patch for misaligned pointers.
This fixes the above by branching over the entry code from the
misaligned fixup code to avoid reloading the original pointer.
Also, because the function entry alignment is wrong in the Thumb mode
compilation, that fixup code is moved to the end.
While at it, the entry instructions are slightly reworked to help dual
issue pipelines.
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Tested-by: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This adds additional error checking to the private edma api implementation
to catch the case where the edma_alloc_slot() has an invalid controller
parameter. The edma dmaengine wrapper driver relies on this condition
being handled in order to avoid setting up a second edma dmaengine
instance on DA830.
Verfied using a DA850 with the second EDMA controller platform instance
removed to simulate a DA830 which only has a single EDMA controller.
Reported-by: Tomas Novotny <tomas@novotny.cz>
Signed-off-by: Matt Porter <mporter@ti.com>
Cc: stable@vger.kernel.org # v3.7.x+
Tested-by: Tomas Novotny <tomas@novotny.cz>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
__netpoll_cleanup() is called in netconsole_netdev_event() while holding a
spinlock. Release/acquire the spinlock before/after it and restart the
loop. Also, disable the netconsole completely, because we won't have chance
after the restart of the loop, and might end up in a situation where
nt->enabled == 1 and nt->np.dev == NULL.
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The definitions have move around recently, causing build errors
in spear3xx for all configurations:
spear3xx.c:47:5: error: 'PL080_BSIZE_16' undeclared here (not in a function)
spear3xx.c:47:23: error: 'PL080_CONTROL_SB_SIZE_SHIFT' undeclared here (not in a function)
spear3xx.c:48:22: error: 'PL080_CONTROL_DB_SIZE_SHIFT' undeclared here (not in a function)
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Alessandro Rubini <rubini@gnudd.com>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
The bridge multicast fast leave feature was added sufficient space
was not reserved in the netlink message. This means the flag may be
lost in netlink events and results of queries.
Found by observation while looking up some netlink stuff for discussion with Vlad.
Problem introduced by commit c2d3babfaf
Author: David S. Miller <davem@davemloft.net>
Date: Wed Dec 5 16:24:45 2012 -0500
bridge: implement multicast fast leave
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is needed in order to detect if the timestamp option appears
more than once in a packet, to remove the option if the packet is
fragmented, etc. My previous change neglected to store the option
location when the router addresses were prespecified and Pointer >
Length. But now the option location is also stored when Flag is an
unrecognized value, to ensure these option handling behaviors are
still performed.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
New scheme calls for 3rd party VPD at offset 0x0 and Chelsio VPD at offset
0x400 of the function. If no 3rd party VPD is present, then a copy of
Chelsio's VPD will be at offset 0x0 to keep in line with PCI spec which
requires the VPD to be present at offset 0x0.
Signed-off-by: Santosh Rastapur <santosh@chelsio.com>
Signed-off-by: Vipul Pandya <vipul@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The ab8500 device is a child of the prcmu device, which is a memory mapped
bus device, whose children are addressable using physical memory addresses,
not using mailboxes, so a mailbox number in the ab8500 node cannot be
parsed by DT. Nothing uses this number, since it was only introduced
as part of the failed attempt to clean up prcmu mailbox handling, and
we can simply remove it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Since commit c8801a8e
"regulator: core: Mark all get and enable calls as __must_check",
we must check return value of regulator_enable() to silence below build warning.
CC drivers/mfd/ab8500-gpadc.o
drivers/mfd/ab8500-gpadc.c: In function 'ab8500_gpadc_runtime_resume':
drivers/mfd/ab8500-gpadc.c:598:18: warning: ignoring return value of 'regulator_enable', declared with attribute warn_unused_result [-Wunused-result]
drivers/mfd/ab8500-gpadc.c: In function 'ab8500_gpadc_probe':
drivers/mfd/ab8500-gpadc.c:655:18: warning: ignoring return value of 'regulator_enable', declared with attribute warn_unused_result [-Wunused-result]
Also convert to devm_regulator_get(), this fixes a missing regulator_put() call
in ab8500_gpadc_remove().
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Clean up interrupts on exit, silencing a sparse warning caused by
tps65912_irq_exit() being defined but not prototyped as we go.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Currently driver sets the irq type to IRQF_TRIGGER_LOW which is
causing interrupt registration failure in ARM based SoCs as:
[ 0.208479] genirq: Setting trigger mode 8 for irq 118 failed (gic_set_type+0x0/0xf0)
[ 0.208513] dummy 0-0059: Failed to request IRQ 118: -22
Provide the irq flags through platform data if device is registered
through board file or get the irq type from DT node property in place
of hardcoding the irq flag in driver to support multiple platforms.
Also configure the device to generate the interrupt signal according to
flag type.
Signed-off-by: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This patch fixes below build error when CONFIG_POWER_SUPPLY is not set.
drivers/built-in.o: In function `ab8500_power_off':
drivers/mfd/ab8500-sysctrl.c:37: undefined reference to `power_supply_get_by_name'
drivers/mfd/ab8500-sysctrl.c:53: undefined reference to `power_supply_get_by_name'
make: *** [vmlinux] Error 1
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The helper functions omap_usbhs_rev1_hostconfig()
and omap_usbhs_rev2_hostconfig() don't write into
the hostconfig register. Make sure that we write
the return value into the hostconfig register.
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The NuForce UDH-100 numbers its interfaces incorrectly, which makes the
interface associations come out wrong, which results in the driver
erroring out with the message "Audio class v2 interfaces need an
interface association".
Work around this by searching for the interface association descriptor
also in some other place where it might have ended up.
Reported-and-tested-by: Dave Helstroom <helstroom@google.com>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This fixes CVE-2013-1792.
There is a race in install_user_keyrings() that can cause a NULL pointer
dereference when called concurrently for the same user if the uid and
uid-session keyrings are not yet created. It might be possible for an
unprivileged user to trigger this by calling keyctl() from userspace in
parallel immediately after logging in.
Assume that we have two threads both executing lookup_user_key(), both
looking for KEY_SPEC_USER_SESSION_KEYRING.
THREAD A THREAD B
=============================== ===============================
==>call install_user_keyrings();
if (!cred->user->session_keyring)
==>call install_user_keyrings()
...
user->uid_keyring = uid_keyring;
if (user->uid_keyring)
return 0;
<==
key = cred->user->session_keyring [== NULL]
user->session_keyring = session_keyring;
atomic_inc(&key->usage); [oops]
At the point thread A dereferences cred->user->session_keyring, thread B
hasn't updated user->session_keyring yet, but thread A assumes it is
populated because install_user_keyrings() returned ok.
The race window is really small but can be exploited if, for example,
thread B is interrupted or preempted after initializing uid_keyring, but
before doing setting session_keyring.
This couldn't be reproduced on a stock kernel. However, after placing
systemtap probe on 'user->session_keyring = session_keyring;' that
introduced some delay, the kernel could be crashed reliably.
Fix this by checking both pointers before deciding whether to return.
Alternatively, the test could be done away with entirely as it is checked
inside the mutex - but since the mutex is global, that may not be the best
way.
Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Mateusz Guzik <mguzik@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
A user who was using a 8TB+ file system and with a very large flexbg
size (> 65536) could cause the atomic_t used in the struct flex_groups
to overflow. This was detected by PaX security patchset:
http://forums.grsecurity.net/viewtopic.php?f=3&t=3289&p=12551#p12551
This bug was introduced in commit 9f24e4208f, so it's been around
since 2.6.30. :-(
Fix this by using an atomic64_t for struct orlav_stats's
free_clusters.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Cc: stable@vger.kernel.org
batadv_iv_ogm_process() accesses the packet using the tt_num_changes
attribute regardless of the real packet len (assuming the length check
was done before). Therefore a length check is needed to avoid reading
random memory.
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
In 4f6a7e5ee1 we effectively dropped support
for the legacy encoding for the OSDMap and incremental. However, we didn't
fix the decoding for the pgid.
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
ext3_msg() takes the printk prefix as the second parameter and the
format string as the third parameter. Two callers of ext3_msg omit the
prefix and pass the format string as the second parameter and the first
parameter to the format string as the third parameter. In both cases
this string comes from an arbitrary source. Which means the string may
contain format string characters, which will
lead to undefined and potentially harmful behavior.
The issue was introduced in commit 4cf46b67eb("ext3: Unify log messages
in ext3") and is fixed by this patch.
CC: stable@vger.kernel.org
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jan Kara <jack@suse.cz>
The bulk of __dquot_initialize runs under the dqptr_sem which
protects the inode->i_dquot pointers. It doesn't protect the
dereferenced contents, though. Those are protected by the
dq_data_lock, which is missing around the dquot_resv_space call.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jan Kara <jack@suse.cz>
This patch adds #dma-cells property to PL330 DMA controller nodes for
supporting generic dma dt bindings on SOCFPGA platform. #dma-channels
and #dma-requests are not required now but added in advance.
Signed-off-by: Padmavathi Venna <padma.v@samsung.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
mvebu fixes for v3.9 from Jason Cooper <jason@lakedaemon.net>:
The first four patches:
89c58c1 rtc: rtc-mv: Add support for clk to avoid lockups
de88747 gpio: mvebu: Add clk support to prevent lockup
7bf5b40 ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels
93fff4c ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency
are Cc'd to stable since they were held over from the previous merge window.
The rest are a small collection of fixes and a couple of devicetree conversion
catchups.
* tag 'mvebu_fixes_for_v3.9' of git://git.infradead.org/users/jcooper/linux:
arm: mach-orion5x: fix typo in compatible string of a .dts file
arm: mvebu: fix address-cells in mpic DT node
arm: plat-orion: fix address decoding when > 4GB is used
arm: mvebu: Reduce reg-io-width with UARTs
ARM: Dove: add RTC device node
arm: mvebu: enable the USB ports on Armada 370 Reference Design board
ARM: dove: drop "select COMMON_CLK_DOVE"
rtc: rtc-mv: Add support for clk to avoid lockups
gpio: mvebu: Add clk support to prevent lockup
ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels
ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
From Shawn Guo <shawn.guo@linaro.org>:
The 2nd take of imx fixes for 3.9:
- Fix pll1_sys clk initial status
- Fix a typo in imx DEBUG_LL Kconfig
* tag 'imx-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6:
ARM: imx: fix typo "DEBUG_IMX50_IMX53_UART"
ARM: imx: pll1_sys should be an initial on clk
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
From Shawn Guo <shawn.guo@linaro.org>:
The 2nd mxs fixes for 3.9:
- Fix an error caused by incorrect conflict resolution when
applying the patch
* tag 'mxs-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6:
ARM: mxs: cfa10049: Fix fb initialisation function
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
When building a multiplatform kernel, we could end up with a smaller
number of GPIOs than the one required by the platform the kernel was
running on.
Sort the max GPIO number by descending order so that we always take the
highest number required.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This patch includes a simple change to the rsxx_pci_remove
function that caused error messages because traffic was halted
too early.
Signed-off-by: Philip J Kelleher <pjk1939@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This patch includes changing the hardware branding name from
IBM RamSan to IBM FlashSystem.
v2 Changes include:
o Removing the unnecessary IBM Vendor ID #define
v1 Changes include:
o Changed all references of RamSan to FlashSystem.
o Changed the vendor/device IDs for the product.
o Changed driver version number.
o Updated the MAINTAINERS file.
o Various other little things.
Signed-off-by: Philip J Kelleher <pjk1939@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This patch includes changes to the cregs locking scheme. Before,
inconsistant locking would occur because of misuse of spin_lock,
spin_lock_bh, and counter parts.
Signed-off-by: Philip J Kelleher <pjk1939@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This patch includes trivial changes that were recommended by
different members of the Linux Community.
Changes include:
o Removing the redundant wmb().
o Formatting
o Various other little things.
Signed-off-by: Philip J Kelleher <pjk1939@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
4 ports; AT/PPP is standard CDC-ACM. The other three (added by this
patch) are QCDM/DIAG, possibly GPS, and unknown.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
when making commit e574d57 (usb: musb: fix
compile warning) I forgot to git add this
part of the patch which ended up introducing
a possible build error.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Samuel Ortiz <sameo@linux.intel.com> says:
This is the first NFC pull request for 3.9 fixes
With this one we have:
- A fix for properly decreasing socket ack log.
- A timer and works cleanup upon NFC device removal.
- A monitoroing socket cleanup round from llcp_socket_release.
- A proper error report to pending sockets upon NFC device removal.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
These values shouldn't be negative, but after an overflow their value
can turn into negative, if they are signed. xentop can show bogus
values in this case.
Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
Reported-by: Ichiro Ogino <ichiro.ogino@citrix.co.jp>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
