summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-03-17netfilter: nf_tables: allow to change chain policy without hook if it existsPablo Neira Ayuso
If there's an existing base chain, we have to allow to change the default policy without indicating the hook information. However, if the chain doesn't exists, we have to enforce the presence of the hook attribute. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-03-13netfilter: Fix potential crash in nft_hash walkerHerbert Xu
When we get back an EAGAIN from rhashtable_walk_next we were treating it as a valid object which obviously doesn't work too well. Luckily this is hard to trigger so it seems nobody has run into it yet. This patch fixes it by redoing the next call when we get an EAGAIN. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-03-12netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()Ian Wilson
nfnl_cthelper_parse_tuple() is called from nfnl_cthelper_new(), nfnl_cthelper_get() and nfnl_cthelper_del(). In each case they pass a pointer to an nf_conntrack_tuple data structure local variable: struct nf_conntrack_tuple tuple; ... ret = nfnl_cthelper_parse_tuple(&tuple, tb[NFCTH_TUPLE]); The problem is that this local variable is not initialized, and nfnl_cthelper_parse_tuple() only initializes two fields: src.l3num and dst.protonum. This leaves all other fields with undefined values based on whatever is on the stack: tuple->src.l3num = ntohs(nla_get_be16(tb[NFCTH_TUPLE_L3PROTONUM])); tuple->dst.protonum = nla_get_u8(tb[NFCTH_TUPLE_L4PROTONUM]); The symptom observed was that when the rpc and tns helpers were added then traffic to port 1536 was being sent to user-space. Signed-off-by: Ian Wilson <iwilson@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-03-11net: Handle unregister properly when netdev namespace change fails.David S. Miller
If rtnl_newlink() fails on it's call to dev_change_net_namespace(), we have to make use of the ->dellink() method, if present, just like we do when rtnl_configure_link() fails. Fixes: 317f4810e45e ("rtnl: allow to create device with IFLA_LINK_NETNSID set") Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10net: add comment for sock_efree() usageOliver Hartkopp
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Acked-by: Alexander Duyck <alexander.h.duyck@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10Merge tag 'wireless-drivers-for-davem-2015-03-10' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers iwlwifi: * fix ROC removal - avoids a firmware crash * fix throughput regression on iwldvm devices * fix panic in BT Coex * fixes in rate control * fixes in scan b43: * fix support for 5 GHz only BCM43228 model rtlwifi: * improve handling of IPv6 packets brcmfmac: * perform bound checking on vendor command buffer Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10cxgb4: fix coccinelle warningsHariprasad Shenai
Commit 16e47624e76b43db ("cxgb4: Add new scheme to update T4/T5 firmware") introduced below coccinelle warning. >> drivers/net/ethernet/chelsio/cxgb4/t4_hw.c:994:2-8: Replace memcpy with struct assignment Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10net: fec: fix receive VLAN CTAG HW acceleration issueNimrod Andy
The current driver support receive VLAN CTAG HW acceleration feature (NETIF_F_HW_VLAN_CTAG_RX) through software simulation. There calls the api .skb_copy_to_linear_data_offset() to skip the VLAN tag, but there have overlap between the two memory data point range. The patch just fix the issue. V2: Michael Grzeschik suggest to use memmove() instead of skb_copy_to_linear_data_offset(). Reported-by: Michael Grzeschik <m.grzeschik@pengutronix.de> Fixes: 1b7bde6d659d ("net: fec: implement rx_copybreak to improve rx performance") Signed-off-by: Fugang Duan <B38611@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10net: WIZnet drivers: enable interrupts after napi_complete()Yongbae Park
The interrupt is enabled before napi_complete(). A network timeout occurs if the interrupt handler is called before napi_complete(). Fix the bug by enabling the interrupt after napi_complete(). Signed-off-by: Yongbae Park <yongbae2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10ibmveth: enable interrupts after napi_complete()Yongbae Park
The interrupt is enabled before napi_complete(). A network timeout occurs if the interrupt handler is called before napi_complete(). Fix the bug by enabling the interrupt after napi_complete(). Signed-off-by: Yongbae Park <yongbae2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10net_sched: fix struct tc_u_hnode layout in u32WANG Cong
We dynamically allocate divisor+1 entries for ->ht[] in tc_u_hnode: ht = kzalloc(sizeof(*ht) + divisor*sizeof(void *), GFP_KERNEL); So ->ht is supposed to be the last field of this struct, however this is broken, since an rcu head is appended after it. Fixes: 1ce87720d456 ("net: sched: make cls_u32 lockless") Cc: Jamal Hadi Salim <jhs@mojatatu.com> Cc: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-10Merge git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull kvm/s390 bugfixes from Marcelo Tosatti. * git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: s390: non-LPAR case obsolete during facilities mask init KVM: s390: include guest facilities in kvm facility test KVM: s390: fix in memory copy of facility lists KVM: s390/cpacf: Fix kernel bug under z/VM KVM: s390/cpacf: Enable key wrapping by default
2015-03-10Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "One performance optimization for page_clear and a couple of bug fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: fix incorrect ASCE after crst_table_downgrade s390/ftrace: fix crashes when switching tracers / add notrace to cpu_relax() s390/pci: unify pci_iomap symbol exports s390/pci: fix [un]map_resources sequence s390: let the compiler do page clearing s390/pci: fix possible information leak in mmio syscall s390/dcss: array index 'i' is used before limits check. s390/scm_block: fix off by one during cluster reservation s390/jump label: improve and fix sanity check s390/jump label: add missing jump_label_apply_nops() call
2015-03-10Merge tag 'trace-fixes-v4.0-rc2-2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull seq-buf/ftrace fixes from Steven Rostedt: "This includes fixes for seq_buf_bprintf() truncation issue. It also contains fixes to ftrace when /proc/sys/kernel/ftrace_enabled and function tracing are started. Doing the following causes some issues: # echo 0 > /proc/sys/kernel/ftrace_enabled # echo function_graph > /sys/kernel/debug/tracing/current_tracer # echo 1 > /proc/sys/kernel/ftrace_enabled # echo nop > /sys/kernel/debug/tracing/current_tracer # echo function_graph > /sys/kernel/debug/tracing/current_tracer As well as with function tracing too. Pratyush Anand first reported this issue to me and supplied a patch. When I tested this on my x86 test box, it caused thousands of backtraces and warnings to appear in dmesg, which also caused a denial of service (a warning for every function that was listed). I applied Pratyush's patch but it did not fix the issue for me. I looked into it and found a slight problem with trampoline accounting. I fixed it and sent Pratyush a patch, but he said that it did not fix the issue for him. I later learned tha Pratyush was using an ARM64 server, and when I tested on my ARM board, I was able to reproduce the same issue as Pratyush. After applying his patch, it fixed the problem. The above test uncovered two different bugs, one in x86 and one in ARM and ARM64. As this looked like it would affect PowerPC, I tested it on my PPC64 box. It too broke, but neither the patch that fixed ARM or x86 fixed this box (the changes were all in generic code!). The above test, uncovered two more bugs that affected PowerPC. Again, the changes were only done to generic code. It's the way the arch code expected things to be done that was different between the archs. Some where more sensitive than others. The rest of this series fixes the PPC bugs as well" * tag 'trace-fixes-v4.0-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled ftrace: Fix en(dis)able graph caller when en(dis)abling record via sysctl ftrace: Clear REGS_EN and TRAMP_EN flags on disabling record via sysctl seq_buf: Fix seq_buf_bprintf() truncation seq_buf: Fix seq_buf_vprintf() truncation
2015-03-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: 1) nft_compat accidently truncates ethernet protocol to 8-bits, from Arturo Borrero. 2) Memory leak in ip_vs_proc_conn(), from Julian Anastasov. 3) Don't allow the space required for nftables rules to exceed the maximum value representable in the dlen field. From Patrick McHardy. 4) bcm63xx_enet can accidently leave interrupts permanently disabled due to errors in the NAPI polling exit logic. Fix from Nicolas Schichan. 5) Fix OOPSes triggerable by the ping protocol module, due to missing address family validations etc. From Lorenzo Colitti. 6) Don't use RCU locking in sleepable context in team driver, from Jiri Pirko. 7) xen-netback miscalculates statistic offset pointers when reporting the stats to userspace. From David Vrabel. 8) Fix a leak of up to 256 pages per VIF destroy in xen-netaback, also from David Vrabel. 9) ip_check_defrag() cannot assume that skb_network_offset(), particularly when it is used by the AF_PACKET fanout defrag code. From Alexander Drozdov. 10) gianfar driver doesn't query OF node names properly when trying to determine the number of hw queues available. Fix it to explicitly check for OF nodes named queue-group. From Tobias Waldekranz. 11) MID field in macb driver should be 12 bits, not 16. From Punnaiah Choudary Kalluri. 12) Fix unintentional regression in traceroute due to timestamp socket option changes. Empty ICMP payloads should be allowed in non-timestamp cases. From Willem de Bruijn. 13) When devices are unregistered, we have to get rid of AF_PACKET multicast list entries that point to it via ifindex. Fix from Francesco Ruggeri. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits) tipc: fix bug in link failover handling net: delete stale packet_mclist entries net: macb: constify macb configuration data MAINTAINERS: add Marc Kleine-Budde as co maintainer for CAN networking layer MAINTAINERS: linux-can moved to github can: kvaser_usb: Read all messages in a bulk-in URB buffer can: kvaser_usb: Avoid double free on URB submission failures can: peak_usb: fix missing ctrlmode_ init for every dev can: add missing initialisations in CAN related skbuffs ip: fix error queue empty skb handling bgmac: Clean warning messages tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() net: fec: fix unbalanced clk disable on driver unbind net: macb: Correct the MID field length value net: gianfar: correctly determine the number of queue groups ipv4: ip_check_defrag should not assume that skb_network_offset is zero net: bcmgenet: properly disable password matching net: eth: xgene: fix booting with devicetree bnx2x: Force fundamental reset for EEH recovery xen-netback: refactor xenvif_handle_frag_list() ...
2015-03-10Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input subsystem fixes from Dmitry Torokhov: "Miscellaneous driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: psmouse - disable "palm detection" in the focaltech driver Input: psmouse - disable changing resolution/rate/scale for FocalTech Input: psmouse - ensure that focaltech reports consistent coordinates Input: psmouse - remove hardcoded touchpad size from the focaltech driver Input: tc3589x-keypad - set IRQF_ONESHOT flag to ensure IRQ request Input: ALPS - fix memory leak when detection fails Input: sun4i-ts - add thermal driver dependency Input: cyapa - remove superfluous type check in cyapa_gen5_read_idac_data() Input: cyapa - fix unaligned functions redefinition error Input: mma8450 - add parent device
2015-03-10Merge tag 'regulator-v4.0-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "A couple of driver specific fixes plus a fix for a regression in the core where the updates to use sysfs group registration were overly enthusiastic in eliding properties and removed some that had been previously present" * tag 'regulator-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: Fix regression due to NULL constraints check regulator: rk808: Set the enable time for LDOs regulator: da9210: Mask all interrupt sources to deassert interrupt line
2015-03-10Merge tag 'spi-v4.0-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "A collection of driver specific fixes to which the usual comments about them being important if you see them mostly apply (except for the comment fix). The pl022 one is particularly nasty for anyone affected by it" * tag 'spi-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: pl022: Fix race in giveback() leading to driver lock-up spi: dw-mid: avoid potential NULL dereference spi: img-spfi: Verify max spfi transfer length spi: fix a typo in comment. spi: atmel: Fix interrupt setup for PDC transfers spi: dw: revisit FIFO size detection again spi: dw-pci: correct number of chip selects drivers: spi: ti-qspi: wait for busy bit clear before data write/read
2015-03-10Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull tpm fixes from James Morris: "fixes for the TPM driver" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: tpm: fix call order in tpm-chip.c tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send
2015-03-10Merge tag 'fbdev-fixes-4.0' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux Pull fbdev fixes from Tomi Valkeinen: - Fix regression in with omapdss when using i2c displays - Fix possible null deref in fbmon - Check kalloc return value in AMBA CLCD * tag 'fbdev-fixes-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: OMAPDSS: fix regression with display sysfs files video: fbdev: fix possible null dereference video: ARM CLCD: Add missing error check for devm_kzalloc
2015-03-10Merge branch 'for-4.0-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: "The cgroup iteration update two years ago and the recent cpuset restructuring introduced regressions in subset of cpuset configurations. Three patches to fix them. All are marked for -stable" * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cpuset: Fix cpuset sched_relax_domain_level cpuset: fix a warning when clearing configured masks in old hierarchy cpuset: initialize effective masks when clone_children is enabled
2015-03-10Merge branch 'for-4.0-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixlet from Tejun Heo: "Speed limiting fix for sata_fsl" * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: sata-fsl: Apply link speed limits
2015-03-10Merge branch 'for-4.0-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue fix from Tejun Heo: "One fix patch for a subtle livelock condition which can happen on PREEMPT_NONE kernels involving two racing cancel_work calls. Whoever comes in the second has to wait for the previous one to finish. This was implemented by making the later one block for the same condition that the former would be (work item completion) and then loop and retest; unfortunately, depending on the wake up order, the later one could lock out the former one to finish by busy looping on the cpu. This is fixed by implementing explicit wait mechanism. Work item might not belong anywhere at this point and there's remote possibility of thundering herd problem. I originally tried to use bit_waitqueue but it didn't work for static work items on modules. It's currently using single wait queue with filtering wake up function and exclusive wakeup. If this ever becomes a problem, which is not very likely, we can try to figure out a way to piggy back on bit_waitqueue" * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: fix hang involving racing cancel[_delayed]_work_sync()'s for PREEMPT_NONE
2015-03-09tipc: fix bug in link failover handlingJon Paul Maloy
In commit c637c1035534867b85b78b453c38c495b58e2c5a ("tipc: resolve race problem at unicast message reception") we introduced a new mechanism for delivering buffers upwards from link to socket layer. That code contains a bug in how we handle the new link input queue during failover. When a link is reset, some of its users may be blocked because of congestion, and in order to resolve this, we add any pending wakeup pseudo messages to the link's input queue, and deliver them to the socket. This misses the case where the other, remaining link also may have congested users. Currently, the owner node's reference to the remaining link's input queue is unconditionally overwritten by the reset link's input queue. This has the effect that wakeup events from the remaining link may be unduely delayed (but not lost) for a potentially long period. We fix this by adding the pending events from the reset link to the input queue that is currently referenced by the node, whichever one it is. This commit should be applied to both net and net-next. Signed-off-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-09net: delete stale packet_mclist entriesFrancesco Ruggeri
When an interface is deleted from a net namespace the ifindex in the corresponding entries in PF_PACKET sockets' mclists becomes stale. This can create inconsistencies if later an interface with the same ifindex is moved from a different namespace (not that unlikely since ifindexes are per-namespace). In particular we saw problems with dev->promiscuity, resulting in "promiscuity touches roof, set promiscuity failed. promiscuity feature of device might be broken" warnings and EOVERFLOW failures of setsockopt(PACKET_ADD_MEMBERSHIP). This patch deletes the mclist entries for interfaces that are deleted. Since this now causes setsockopt(PACKET_DROP_MEMBERSHIP) to fail with EADDRNOTAVAIL if called after the interface is deleted, also make packet_mc_drop not fail. Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-09net: macb: constify macb configuration dataJosh Cartwright
The configurations are not modified by the driver. Make them 'const' so that they may be placed in a read-only section. Signed-off-by: Josh Cartwright <joshc@ni.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-09Merge tag 'linux-can-fixes-for-4.0-20150309' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2015-03-09 this is a pull request for net/master for the 4.0 release cycle, it consists of 6 patches: A patch by Oliver Hartkopp fixes a long outstanding bug in the infrastructure, which leads to skb_under_panics when CAN interfaces are used by AF_PACKET sockets e.g. by dhclient. Stephane Grosjean contributes a patch for the peak_usb driver which adds a missing initialization. Two patches by Ahmed S. Darwish fix problems in the kvaser_usb driver. Followed by two patches by myself, updating the MAINTAINERS file ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-09ftrace: Fix ftrace enable ordering of sysctl ftrace_enabledSteven Rostedt (Red Hat)
Some archs (specifically PowerPC), are sensitive with the ordering of the enabling of the calls to function tracing and setting of the function to use to be traced. That is, update_ftrace_function() sets what function the ftrace_caller trampoline should call. Some archs require this to be set before calling ftrace_run_update_code(). Another bug was discovered, that ftrace_startup_sysctl() called ftrace_run_update_code() directly. If the function the ftrace_caller trampoline changes, then it will not be updated. Instead a call to ftrace_startup_enable() should be called because it tests to see if the callback changed since the code was disabled, and will tell the arch to update appropriately. Most archs do not need this notification, but PowerPC does. The problem could be seen by the following commands: # echo 0 > /proc/sys/kernel/ftrace_enabled # echo function > /sys/kernel/debug/tracing/current_tracer # echo 1 > /proc/sys/kernel/ftrace_enabled # cat /sys/kernel/debug/tracing/trace The trace will show that function tracing was not active. Cc: stable@vger.kernel.org # 2.6.27+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-03-09ftrace: Fix en(dis)able graph caller when en(dis)abling record via sysctlPratyush Anand
When ftrace is enabled globally through the proc interface, we must check if ftrace_graph_active is set. If it is set, then we should also pass the FTRACE_START_FUNC_RET command to ftrace_run_update_code(). Similarly, when ftrace is disabled globally through the proc interface, we must check if ftrace_graph_active is set. If it is set, then we should also pass the FTRACE_STOP_FUNC_RET command to ftrace_run_update_code(). Consider the following situation. # echo 0 > /proc/sys/kernel/ftrace_enabled After this ftrace_enabled = 0. # echo function_graph > /sys/kernel/debug/tracing/current_tracer Since ftrace_enabled = 0, ftrace_enable_ftrace_graph_caller() is never called. # echo 1 > /proc/sys/kernel/ftrace_enabled Now ftrace_enabled will be set to true, but still ftrace_enable_ftrace_graph_caller() will not be called, which is not desired. Further if we execute the following after this: # echo nop > /sys/kernel/debug/tracing/current_tracer Now since ftrace_enabled is set it will call ftrace_disable_ftrace_graph_caller(), which causes a kernel warning on the ARM platform. On the ARM platform, when ftrace_enable_ftrace_graph_caller() is called, it checks whether the old instruction is a nop or not. If it's not a nop, then it returns an error. If it is a nop then it replaces instruction at that address with a branch to ftrace_graph_caller. ftrace_disable_ftrace_graph_caller() behaves just the opposite. Therefore, if generic ftrace code ever calls either ftrace_enable_ftrace_graph_caller() or ftrace_disable_ftrace_graph_caller() consecutively two times in a row, then it will return an error, which will cause the generic ftrace code to raise a warning. Note, x86 does not have an issue with this because the architecture specific code for ftrace_enable_ftrace_graph_caller() and ftrace_disable_ftrace_graph_caller() does not check the previous state, and calling either of these functions twice in a row has no ill effect. Link: http://lkml.kernel.org/r/e4fbe64cdac0dd0e86a3bf914b0f83c0b419f146.1425666454.git.panand@redhat.com Cc: stable@vger.kernel.org # 2.6.31+ Signed-off-by: Pratyush Anand <panand@redhat.com> [ removed extra if (ftrace_start_up) and defined ftrace_graph_active as 0 if CONFIG_FUNCTION_GRAPH_TRACER is not set. ] Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-03-09ftrace: Clear REGS_EN and TRAMP_EN flags on disabling record via sysctlSteven Rostedt (Red Hat)
When /proc/sys/kernel/ftrace_enabled is set to zero, all function tracing is disabled. But the records that represent the functions still hold information about the ftrace_ops that are hooked to them. ftrace_ops may request "REGS" (have a full set of pt_regs passed to the callback), or "TRAMP" (the ops has its own trampoline to use). When the record is updated to represent the state of the ops hooked to it, it sets "REGS_EN" and/or "TRAMP_EN" to state that the callback points to the correct trampoline (REGS has its own trampoline). When ftrace_enabled is set to zero, all ftrace locations are a nop, so they do not point to any trampoline. But the _EN flags are still set. This can cause the accounting to go wrong when ftrace_enabled is cleared and an ops that has a trampoline is registered or unregistered. For example, the following will cause ftrace to crash: # echo function_graph > /sys/kernel/debug/tracing/current_tracer # echo 0 > /proc/sys/kernel/ftrace_enabled # echo nop > /sys/kernel/debug/tracing/current_tracer # echo 1 > /proc/sys/kernel/ftrace_enabled # echo function_graph > /sys/kernel/debug/tracing/current_tracer As function_graph uses a trampoline, when ftrace_enabled is set to zero the updates to the record are not done. When enabling function_graph again, the record will still have the TRAMP_EN flag set, and it will look for an op that has a trampoline other than the function_graph ops, and fail to find one. Cc: stable@vger.kernel.org # 3.17+ Reported-by: Pratyush Anand <panand@redhat.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-03-09Merge branch 'for-current' of https://github.com/PeterHuewe/linux-tpmdd into ↵James Morris
for-linus
2015-03-09MAINTAINERS: add Marc Kleine-Budde as co maintainer for CAN networking layerMarc Kleine-Budde
This patch adds Marc Kleine-Budde as a co maintainer for the CAN networking layer. Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09MAINTAINERS: linux-can moved to githubMarc Kleine-Budde
As gitorious will shut down at the end of May 2015, the linux-can website moved to github. This patch reflects this change. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09can: kvaser_usb: Read all messages in a bulk-in URB bufferAhmed S. Darwish
The Kvaser firmware can only read and write messages that are not crossing the USB endpoint's wMaxPacketSize boundary. While receiving commands from the CAN device, if the next command in the same URB buffer crossed that max packet size boundary, the firmware puts a zero-length placeholder command in its place then moves the real command to the next boundary mark. The driver did not recognize such behavior, leading to missing a good number of rx events during a heavy rx load session. Moreover, a tx URB context only gets freed upon receiving its respective tx ACK event. Over time, the free tx URB contexts pool gets depleted due to the missing ACK events. Consequently, the netif transmission queue gets __permanently__ stopped; no frames could be sent again except after restarting the CAN newtwork interface. Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com> Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09can: kvaser_usb: Avoid double free on URB submission failuresAhmed S. Darwish
Upon a URB submission failure, the driver calls usb_free_urb() but then manually frees the URB buffer by itself. Meanwhile usb_free_urb() has alredy freed out that transfer buffer since we're the only code path holding a reference to this URB. Remove two of such invalid manual free(). Signed-off-by: Ahmed S. Darwish <ahmed.darwish@valeo.com> Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09can: peak_usb: fix missing ctrlmode_ init for every devStephane Grosjean
Fixes a missing initialization of ctrlmode and ctrlmode_supported fields, for all other CAN devices than the first one. This fix only concerns the PCAN-USB Pro FD dual-channels CAN-FD device made by PEAK-System. Signed-off-by: Stephane Grosjean <s.grosjean@peak-system.com> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09can: add missing initialisations in CAN related skbuffsOliver Hartkopp
When accessing CAN network interfaces with AF_PACKET sockets e.g. by dhclient this can lead to a skb_under_panic due to missing skb initialisations. Add the missing initialisations at the CAN skbuff creation times on driver level (rx path) and in the network layer (tx path). Reported-by: Austin Schuh <austin@peloton-tech.com> Reported-by: Daniel Steer <daniel.steer@mclaren.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2015-03-09ip: fix error queue empty skb handlingWillem de Bruijn
When reading from the error queue, msg_name and msg_control are only populated for some errors. A new exception for empty timestamp skbs added a false positive on icmp errors without payload. `traceroute -M udpconn` only displayed gateways that return payload with the icmp error: the embedded network headers are pulled before sock_queue_err_skb, leaving an skb with skb->len == 0 otherwise. Fix this regression by refining when msg_name and msg_control branches are taken. The solutions for the two fields are independent. msg_name only makes sense for errors that configure serr->port and serr->addr_offset. Test the first instead of skb->len. This also fixes another issue. saddr could hold the wrong data, as serr->addr_offset is not initialized in some code paths, pointing to the start of the network header. It is only valid when serr->port is set (non-zero). msg_control support differs between IPv4 and IPv6. IPv4 only honors requests for ICMP and timestamps with SOF_TIMESTAMPING_OPT_CMSG. The skb->len test can simply be removed, because skb->dev is also tested and never true for empty skbs. IPv6 honors requests for all errors aside from local errors and timestamps on empty skbs. In both cases, make the policy more explicit by moving this logic to a new function that decides whether to process msg_control and that optionally prepares the necessary fields in skb->cb[]. After this change, the IPv4 and IPv6 paths are more similar. The last case is rxrpc. Here, simply refine to only match timestamps. Fixes: 49ca0d8bfaf3 ("net-timestamp: no-payload option") Reported-by: Jan Niehusmann <jan@gondor.com> Signed-off-by: Willem de Bruijn <willemb@google.com> ---- Changes v1->v2 - fix local origin test inversion in ip6_datagram_support_cmsg - make v4 and v6 code paths more similar by introducing analogous ipv4_datagram_support_cmsg - fix compile bug in rxrpc Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-09bgmac: Clean warning messagesPeter Senna Tschudin
On my test environment the throughput of a file transfer drops from 4.4MBps to 116KBps due the number of repeated warning messages. This patch removes the warning messages as DMA works correctly with addresses using 0xC0000000 bits. Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com> Acked-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-08Linux 4.0-rc3Linus Torvalds
2015-03-08sunrpc: fix braino in ->poll()Al Viro
POLL_OUT isn't what callers of ->poll() are expecting to see; it's actually __SI_POLL | 2 and it's a siginfo code, not a poll bitmap bit... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Cc: stable@vger.kernel.org Cc: Bruce Fields <bfields@fieldses.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-03-08Merge tag 'usb-4.0-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here's a round of USB fixes for 4.0-rc3. Nothing major, the usual gadget, xhci and usb-serial fixes and a few new device ids as well. All have been in linux-next successfully" * tag 'usb-4.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (36 commits) xhci: Workaround for PME stuck issues in Intel xhci xhci: fix reporting of 0-sized URBs in control endpoint usb: ftdi_sio: Add jtag quirk support for Cyber Cortex AV boards USB: ch341: set tty baud speed according to tty struct USB: serial: cp210x: Adding Seletek device id's USB: pl2303: disable break on shutdown USB: mxuport: fix null deref when used as a console USB: serial: clean up bus probe error handling USB: serial: fix port attribute-creation race USB: serial: fix tty-device error handling at probe USB: serial: fix potential use-after-free after failed probe USB: console: add dummy __module_get USB: ftdi_sio: add PIDs for Actisense USB devices Revert "USB: serial: make bulk_out_size a lower limit" cdc-acm: Add support for Denso cradle CU-321 usb-storage: support for more than 8 LUNs uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS539 USB: usbfs: don't leak kernel data in siginfo xhci: Clear the host side toggle manually when endpoint is 'soft reset' xhci: Allocate correct amount of scratchpad buffers ...
2015-03-08Merge tag 'tty-4.0-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some tty and serial driver fixes for 4.0-rc3. Along with the atime fix that you know about, here are some other serial driver bugfixes as well. Most notable is a wait_until_sent bugfix that was traced back to being around since before 2.6.12 that Johan has fixed up. All have been in linux-next successfully" * tag 'tty-4.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: TTY: fix tty_wait_until_sent maximum timeout TTY: fix tty_wait_until_sent on 64-bit machines USB: serial: fix infinite wait_until_sent timeout TTY: bfin_jtag_comm: remove incorrect wait_until_sent operation net: irda: fix wait_until_sent poll timeout serial: uapi: Declare all userspace-visible io types serial: core: Fix iotype userspace breakage serial: sprd: Fix missing spin_unlock in sprd_handle_irq() console: Fix console name size mismatch tty: fix up atime/mtime mess, take four serial: 8250_dw: Fix get_mctrl behaviour serial:8250:8250_pci: delete unneeded quirk entries serial:8250:8250_pci: fix redundant entry report for WCH_CH352_2S Change email address for 8250_pci serial: 8250: Revert "tty: serial: 8250_core: read only RX if there is something in the FIFO" Revert "tty/serial: of_serial: add DT alias ID handling"
2015-03-08Merge tag 'staging-4.0-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are some IIO and staging driver fixes for 4.0-rc3. Details are in the shortlog, nothing major, mostly IIO fixes for reported issues. All have been in linux-next successfully" * tag 'staging-4.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (23 commits) staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel staging: comedi: vmk80xx: remove "firmware version" kernel messages staging: comedi: comedi_isadma: fix "stalled" detect in comedi_isadma_disable_on_sample() iio: ak8975: fix AK09911 dependencies iio: common: ssp_sensors: Protect PM-only functions to kill warning IIO: si7020: Allocate correct amount of memory in devm_iio_device_alloc Revert "iio:humidity:si7020: fix pointer to i2c client" iio: light: gp2ap020a00f: Select REGMAP_I2C iio: light: jsa1212: Select REGMAP_I2C iio: ad5686: fix optional reference voltage declaration iio:adc:mcp3422 Fix incorrect scales table iio: mxs-lradc: fix iio channel map regression iio: imu: adis16400: Fix sign extension staging: iio: ad2s1200: Fix sign extension iio: mxs-lradc: only update the buffer when its conversions have finished iio: mxs-lradc: make ADC reads not unschedule touchscreen conversions iio: mxs-lradc: make ADC reads not disable touchscreen interrupts iio: mxs-lradc: separate touchscreen and buffer virtual channels iio: imu: inv_mpu6050: Prevent dereferencing NULL iio: iadc: wait_for_completion_timeout time in jiffies ...
2015-03-08Merge tag 'char-misc-4.0-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are two char/misc fixes for 4.0-rc3. One is a reported binder driver fix needed due to a change in the mm core that happened in 4.0-rc1. Another is a mei driver fix that resolves a reported issue in that driver. Both have been in linux-next for a while" * tag 'char-misc-4.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: mei: make device disabled on stop unconditionally android: binder: fix binder mmap failures
2015-03-08Merge tag 'cc-4.0-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull "code of conflict" from Greg KH: "This file tries to set the rational basis for our code reviews, gives some advice on how to conduct them, and provides an excalation channel for any kernel developers if they so desire it" [ Let's see how this works ] * tag 'cc-4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Code of Conflict
2015-03-07Input: psmouse - disable "palm detection" in the focaltech driverMathias Gottschlag
Apparently, the threshold for large contact area seems to be rather low on some devices, causing the touchpad to frequently freeze during normal usage. Because we do now know how we are supposed to use the value in question, this commit just drops the related code completely. Signed-off-by: Mathias Gottschlag <mgottschlag@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-03-07Input: psmouse - disable changing resolution/rate/scale for FocalTechMathias Gottschlag
These PS/2 commands make some touchpads stop responding, so this commit adds some dummy functions to replace the generic implementation. Because scale changes were not encapsulated in a method of struct psmouse yet, this commit adds a method set_scale to psmouse. Signed-off-by: Mathias Gottschlag <mgottschlag@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-03-07Input: psmouse - ensure that focaltech reports consistent coordinatesMathias Gottschlag
We don't know whether x_max or y_max really hold the maximum possible coordinates, and we don't know for sure whether we correctly interpret the coordinates sent by the touchpad, so we clamp the reported values to prevent confusion in userspace code. Signed-off-by: Mathias Gottschlag <mgottschlag@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-03-07Input: psmouse - remove hardcoded touchpad size from the focaltech driverMathias Gottschlag
The size has in most cases already been fetched from the touchpad, the hardcoded values should have been removed. Signed-off-by: Mathias Gottschlag <mgottschlag@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>