[PATCH 05/14] w1: continue slave search where previous left off

2013-12-28 Thread David Fries 
Search will detect at most max_slave_count devices per run, if there
are more pick up the next search where the previous left off.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.c |   18 +++---
 drivers/w1/w1.h |3 +++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 34ffdc6..4c89f85 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -918,7 +918,8 @@ void w1_search(struct w1_master *dev, u8 search_type, 
w1_slave_found_callback cb
u8  triplet_ret = 0;
 
search_bit = 0;
-   rn = last_rn = 0;
+   rn = dev->search_id;
+   last_rn = 0;
last_device = 0;
last_zero = -1;
 
@@ -989,16 +990,27 @@ void w1_search(struct w1_master *dev, u8 search_type, 
w1_slave_found_callback cb
mutex_unlock(>bus_mutex);
 
if ( (triplet_ret & 0x03) != 0x03 ) {
-   if ( (desc_bit == last_zero) || (last_zero < 0))
+   if ((desc_bit == last_zero) || (last_zero < 0)) {
last_device = 1;
+   dev->search_id = 0;
+   } else {
+   dev->search_id = rn;
+   }
desc_bit = last_zero;
cb(dev, rn);
}
 
if (!last_device && slave_count == dev->max_slave_count &&
!test_bit(W1_WARN_MAX_COUNT, >flags)) {
+   /* Only max_slave_count will be scanned in a search,
+* but it will start where it left off next search
+* until all ids are identified and then it will start
+* over.  A continued search will report the previous
+* last id as the first id (provided it is still on the
+* bus).
+*/
dev_info(>dev, "%s: max_slave_count %d reached, "
-   "additional sensors ignored\n", __func__,
+   "will continue next search.\n", __func__,
dev->max_slave_count);
set_bit(W1_WARN_MAX_COUNT, >flags);
}
diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index bd10b3c..80fbdf9 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -150,6 +150,7 @@ struct w1_bus_master
 
/** Really nice hardware can handles the different types of ROM search
 *  w1_master* is passed to the slave found callback.
+*  u8 is search_type, W1_SEARCH or W1_ALARM_SEARCH
 */
void(*search)(void *, struct w1_master *,
u8, w1_slave_found_callback);
@@ -177,6 +178,8 @@ struct w1_master
int initialized;
u32 id;
int search_count;
+   /* id to start searching on, to continue a search or 0 to restart */
+   u64 search_id;
 
atomic_trefcnt;
 
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 00/14] w1: async netlink, search, fixes, and improvements

2013-12-28 Thread David Fries 
This patch series aims to extend and improve the netlink interface to
the one wire system.  Netlink is exposed as a socket interface which
is normally assumed to be asynchronous which only blocks waiting on
incoming packets or a fulls end buffer, but were executed on the
calling thread.  A bus device search can be a lengthy operation and
temperature conversion can take 750 ms.  With this patch series those
lengthy operations are now processed on the thread originally created
to do automatic searching, which gives it a reason to exist when
automatic search is disabled.  Some other improvements for netlink is
additional commands to add, remove, and list the known slaves, and
send replies only to the requester.  They were previously multicast to
everyone listening on the group, this required an additional argument
to cn_netlink_send.

Search improvements include returning all devices found, as the first
that wouldn't fit in a packet would be lost.  I marked only this patch
for the stable tree, though you would have to have a lot of devices on
one bus to hit it.  I had a fix to support aborting from netlink
rather than just avoiding the oops as the previous patch did.
The search can now pick up where it left off, along with setting the
maximum number of slaves to search for at a time, a large network
could split up the search operation into multiple passes.  ds2490 USB
dongle now gains support for hardware search and along with not
undoing the interface selection operation takes the search for my
network from 23.16 seconds to .307346 seconds.

The largest single change is to change the comment style for DocBook
to process in addition to comment some additional functions and
data structures.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 13/14] w1: use family_data instead of rom in w1_slave

2013-12-28 Thread David Fries 
The first line printed from w1_slave gives the context of the w1
device.  So does the second line, but if the CRC check failed, the
second line contains the last successful result.  It is confusing when
it prints the temperature next to the line that might be a previous
conversion and has nothing to do with that printed temperature value.
Modify the code to store the last good conversion in family_data,
which is designed for custom data structures.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/slaves/w1_therm.c |   21 +++--
 drivers/w1/w1.h  |1 -
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 8b5ff33..1f11a20 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include "../w1.h"
@@ -58,6 +59,19 @@ MODULE_ALIAS("w1-family-" __stringify(W1_THERM_DS28EA00));
 static int w1_strong_pullup = 1;
 module_param_named(strong_pullup, w1_strong_pullup, int, 0);
 
+static int w1_therm_add_slave(struct w1_slave *sl)
+{
+   sl->family_data = kzalloc(9, GFP_KERNEL);
+   if (!sl->family_data)
+   return -ENOMEM;
+   return 0;
+}
+
+static void w1_therm_remove_slave(struct w1_slave *sl)
+{
+   kfree(sl->family_data);
+   sl->family_data = NULL;
+}
 
 static ssize_t w1_slave_show(struct device *device,
struct device_attribute *attr, char *buf);
@@ -71,6 +85,8 @@ static struct attribute *w1_therm_attrs[] = {
 ATTRIBUTE_GROUPS(w1_therm);
 
 static struct w1_family_ops w1_therm_fops = {
+   .add_slave  = w1_therm_add_slave,
+   .remove_slave   = w1_therm_remove_slave,
.groups = w1_therm_groups,
 };
 
@@ -253,12 +269,13 @@ static ssize_t w1_slave_show(struct device *device,
c -= snprintf(buf + PAGE_SIZE - c, c, ": crc=%02x %s\n",
   crc, (verdict) ? "YES" : "NO");
if (verdict)
-   memcpy(sl->rom, rom, sizeof(sl->rom));
+   memcpy(sl->family_data, rom, sizeof(rom));
else
dev_warn(device, "Read failed CRC check\n");
 
for (i = 0; i < 9; ++i)
-   c -= snprintf(buf + PAGE_SIZE - c, c, "%02x ", sl->rom[i]);
+   c -= snprintf(buf + PAGE_SIZE - c, c, "%02x ",
+ ((u8 *)sl->family_data)[i]);
 
c -= snprintf(buf + PAGE_SIZE - c, c, "t=%d\n",
w1_convert_temp(rom, sl->family->fid));
diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index 390a730..0eb5050 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -67,7 +67,6 @@ struct w1_slave
struct list_headw1_slave_entry;
struct w1_reg_num   reg_num;
atomic_trefcnt;
-   u8  rom[9];
int ttl;
unsigned long   flags;
 
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 11/14] w1: ds2490 USB setup fixes

2013-12-28 Thread David Fries 
Calling usb_reset_configuration after usb_set_interface resets the
interface that was just selected, so call reset first.
Using alternative 3 greatly speeds the one wire search.
alt 0 or 1, 10ms int, 23.16 seconds
alt 2 or 3,  1ms int, 2.99 to 3.05 seconds

Use usb_interrupt_msg not usb_bulk_msg as it is an interrupt pipe
(bulk worked, it was just technically the wrong call).

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/masters/ds2490.c |   22 ++
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/drivers/w1/masters/ds2490.c b/drivers/w1/masters/ds2490.c
index 6a3d0a1..cd59e12 100644
--- a/drivers/w1/masters/ds2490.c
+++ b/drivers/w1/masters/ds2490.c
@@ -252,7 +252,8 @@ static int ds_recv_status_nodump(struct ds_device *dev, 
struct ds_status *st,
memset(st, 0, sizeof(*st));
 
count = 0;
-   err = usb_bulk_msg(dev->udev, usb_rcvbulkpipe(dev->udev, 
dev->ep[EP_STATUS]), buf, size, , 100);
+   err = usb_interrupt_msg(dev->udev, usb_rcvintpipe(dev->udev,
+   dev->ep[EP_STATUS]), buf, size, , 100);
if (err < 0) {
printk(KERN_ERR "Failed to read 1-wire data from 0x%x: 
err=%d.\n", dev->ep[EP_STATUS], err);
return err;
@@ -917,7 +918,7 @@ static int ds_probe(struct usb_interface *intf,
struct usb_endpoint_descriptor *endpoint;
struct usb_host_interface *iface_desc;
struct ds_device *dev;
-   int i, err;
+   int i, err, alt;
 
dev = kmalloc(sizeof(struct ds_device), GFP_KERNEL);
if (!dev) {
@@ -935,20 +936,25 @@ static int ds_probe(struct usb_interface *intf,
 
usb_set_intfdata(intf, dev);
 
-   err = usb_set_interface(dev->udev, 
intf->altsetting[0].desc.bInterfaceNumber, 3);
+   err = usb_reset_configuration(dev->udev);
if (err) {
-   printk(KERN_ERR "Failed to set alternative setting 3 for %d 
interface: err=%d.\n",
-   intf->altsetting[0].desc.bInterfaceNumber, err);
+   dev_err(>udev->dev,
+   "Failed to reset configuration: err=%d.\n", err);
goto err_out_clear;
}
 
-   err = usb_reset_configuration(dev->udev);
+   /* alternative 3, 1ms interrupt (greatly speeds search), 64 byte bulk */
+   alt = 3;
+   err = usb_set_interface(dev->udev,
+   intf->altsetting[alt].desc.bInterfaceNumber, alt);
if (err) {
-   printk(KERN_ERR "Failed to reset configuration: err=%d.\n", 
err);
+   dev_err(>udev->dev, "Failed to set alternative setting %d "
+   "for %d interface: err=%d.\n", alt,
+   intf->altsetting[alt].desc.bInterfaceNumber, err);
goto err_out_clear;
}
 
-   iface_desc = >altsetting[0];
+   iface_desc = >altsetting[alt];
if (iface_desc->desc.bNumEndpoints != NUM_EP-1) {
printk(KERN_INFO "Num endpoints=%d. It is not DS9490R.\n", 
iface_desc->desc.bNumEndpoints);
err = -EINVAL;
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 12/14] w1: ds2490 fix and enable hardware search

2013-12-28 Thread David Fries 
The hardware search was failing without the COMM_RST flag.  Enabled
the flag and rewrote the function to handle more than one buffer of
results and to continuing where the search left off.  Remove hardware
search note from the limitations now that it works.  The "w1: ds2490
USB setup fixes" change went from 23.16 seconds to about 3 seconds,
this takes the time for the search down to .307346 seconds.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 Documentation/w1/masters/ds2490 |2 -
 drivers/w1/masters/ds2490.c |  108 +++
 2 files changed, 86 insertions(+), 24 deletions(-)

diff --git a/Documentation/w1/masters/ds2490 b/Documentation/w1/masters/ds2490
index 28176de..3e09115 100644
--- a/Documentation/w1/masters/ds2490
+++ b/Documentation/w1/masters/ds2490
@@ -21,8 +21,6 @@ Notes and limitations.
 - The weak pullup current is a minimum of 0.9mA and maximum of 6.0mA.
 - The 5V strong pullup is supported with a minimum of 5.9mA and a
   maximum of 30.4 mA.  (From DS2490.pdf)
-- While the ds2490 supports a hardware search the code doesn't take
-  advantage of it (in tested case it only returned first device).
 - The hardware will detect when devices are attached to the bus on the
   next bus (reset?) operation, however only a message is printed as
   the core w1 code doesn't make use of the information.  Connecting
diff --git a/drivers/w1/masters/ds2490.c b/drivers/w1/masters/ds2490.c
index cd59e12..db0bf32 100644
--- a/drivers/w1/masters/ds2490.c
+++ b/drivers/w1/masters/ds2490.c
@@ -698,37 +698,102 @@ static int ds_write_block(struct ds_device *dev, u8 
*buf, int len)
return !(err == len);
 }
 
-#if 0
-
-static int ds_search(struct ds_device *dev, u64 init, u64 *buf, u8 id_number, 
int conditional_search)
+static void ds9490r_search(void *data, struct w1_master *master,
+   u8 search_type, w1_slave_found_callback callback)
 {
+   /* When starting with an existing id, the first id returned will
+* be that device (if it is still on the bus most likely).
+*
+* If the number of devices found is less than or equal to the
+* search_limit, that number of IDs will be returned.  If there are
+* more, search_limit IDs will be returned followed by a non-zero
+* discrepency value.
+*/
+   struct ds_device *dev = data;
int err;
u16 value, index;
struct ds_status st;
+   u8 st_buf[ST_SIZE];
+   int search_limit;
+   int found = 0;
+   int i;
 
-   memset(buf, 0, sizeof(buf));
-
-   err = ds_send_data(ds_dev, (unsigned char *), 8);
-   if (err)
-   return err;
+   /* DS18b20 spec, 13.16 ms per device, 75 per second, sleep for
+* discovering 8 devices (1 bulk transfer and 1/2 FIFO size) at a time.
+*/
+   const unsigned long jtime = msecs_to_jiffies(1000*8/75);
+   /* FIFO 128 bytes, bulk packet size 64, read a multiple of the
+* packet size.
+*/
+   u64 buf[2*64/8];
 
-   ds_wait_status(ds_dev, );
+   /* address to start searching at */
+   if (ds_send_data(dev, (u8 *)>search_id, 8) < 0)
+   return;
+   master->search_id = 0;
+
+   value = COMM_SEARCH_ACCESS | COMM_IM | COMM_RST | COMM_SM | COMM_F |
+   COMM_RTS;
+   search_limit = master->max_slave_count;
+   if (search_limit > 255)
+   search_limit = 0;
+   index = search_type | (search_limit << 8);
+   if (ds_send_control(dev, value, index) < 0)
+   return;
 
-   value = COMM_SEARCH_ACCESS | COMM_IM | COMM_SM | COMM_F | COMM_RTS;
-   index = (conditional_search ? 0xEC : 0xF0) | (id_number << 8);
-   err = ds_send_control(ds_dev, value, index);
-   if (err)
-   return err;
+   do {
+   schedule_timeout(jtime);
 
-   ds_wait_status(ds_dev, );
+   if (ds_recv_status_nodump(dev, , st_buf, sizeof(st_buf)) <
+   sizeof(st)) {
+   break;
+   }
 
-   err = ds_recv_data(ds_dev, (unsigned char *)buf, 8*id_number);
-   if (err < 0)
-   return err;
+   if (st.data_in_buffer_status) {
+   /* Bulk in can receive partial ids, but when it does
+* they fail crc and will be discarded anyway.
+* That has only been seen when status in buffer
+* is 0 and bulk is read anyway, so don't read
+* bulk without first checking if status says there
+* is data to read.
+*/
+   err = ds_recv_data(dev, (u8 *)buf, sizeof(buf));
+   if (err < 0)
+   break;
+   for (i = 0; i < err/8; ++i) {
+   ++found;
+   if (found <= search_limit)
+

[PATCH 04/14] w1: increase w1_max_slave_count, allow write access

2013-12-28 Thread David Fries 
w1_max_slave_count is only used to abort the search early
or take a fast search (when 1), so there isn't any reason to not allow
it to be updated through sysfs.  Memory is not allocated based on
the current value and 10 is a rather low base number, increasing to
64, and printing a message the first time the count is reached and
there were more devices to discover to let the user know why not
all the devices were found.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.c |   30 --
 drivers/w1/w1.h |2 ++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 92766a9..34ffdc6 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -46,7 +46,7 @@ MODULE_AUTHOR("Evgeniy Polyakov ");
 MODULE_DESCRIPTION("Driver for 1-wire Dallas network protocol.");
 
 static int w1_timeout = 10;
-int w1_max_slave_count = 10;
+int w1_max_slave_count = 64;
 int w1_max_slave_ttl = 10;
 
 module_param_named(timeout, w1_timeout, int, 0);
@@ -316,6 +316,24 @@ static ssize_t w1_master_attribute_show_timeout(struct 
device *dev, struct devic
return count;
 }
 
+static ssize_t w1_master_attribute_store_max_slave_count(struct device *dev,
+   struct device_attribute *attr, const char *buf, size_t count)
+{
+   long tmp;
+   struct w1_master *md = dev_to_w1_master(dev);
+
+   if (kstrtol(buf, 0, ) == -EINVAL || tmp < 1)
+   return -EINVAL;
+
+   mutex_lock(>mutex);
+   md->max_slave_count = tmp;
+   /* allow each time the max_slave_count is updated */
+   clear_bit(W1_WARN_MAX_COUNT, >flags);
+   mutex_unlock(>mutex);
+
+   return count;
+}
+
 static ssize_t w1_master_attribute_show_max_slave_count(struct device *dev, 
struct device_attribute *attr, char *buf)
 {
struct w1_master *md = dev_to_w1_master(dev);
@@ -518,7 +536,7 @@ static ssize_t w1_master_attribute_store_remove(struct 
device *dev,
 static W1_MASTER_ATTR_RO(name, S_IRUGO);
 static W1_MASTER_ATTR_RO(slaves, S_IRUGO);
 static W1_MASTER_ATTR_RO(slave_count, S_IRUGO);
-static W1_MASTER_ATTR_RO(max_slave_count, S_IRUGO);
+static W1_MASTER_ATTR_RW(max_slave_count, S_IRUGO | S_IWUSR | S_IWGRP);
 static W1_MASTER_ATTR_RO(attempts, S_IRUGO);
 static W1_MASTER_ATTR_RO(timeout, S_IRUGO);
 static W1_MASTER_ATTR_RO(pointer, S_IRUGO);
@@ -976,6 +994,14 @@ void w1_search(struct w1_master *dev, u8 search_type, 
w1_slave_found_callback cb
desc_bit = last_zero;
cb(dev, rn);
}
+
+   if (!last_device && slave_count == dev->max_slave_count &&
+   !test_bit(W1_WARN_MAX_COUNT, >flags)) {
+   dev_info(>dev, "%s: max_slave_count %d reached, "
+   "additional sensors ignored\n", __func__,
+   dev->max_slave_count);
+   set_bit(W1_WARN_MAX_COUNT, >flags);
+   }
}
 }
 
diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index bc329d2..bd10b3c 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -158,9 +158,11 @@ struct w1_bus_master
 /**
  * enum w1_master_flags - bitfields used in w1_master.flags
  * @W1_ABORT_SEARCH: abort searching early on shutdown
+ * @W1_WARN_MAX_COUNT: limit warning when the maximum count is reached
  */
 enum w1_master_flags {
W1_ABORT_SEARCH = 0,
+   W1_WARN_MAX_COUNT = 1,
 };
 
 struct w1_master
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 08/14] connector: add portid to unicast in addition to broadcasting

2013-12-28 Thread David Fries 
This allows replying only to the requestor portid while still
supporting broadcasting.  Pass 0 to portid for the previous behavior.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 Documentation/connector/cn_test.c  |2 +-
 drivers/connector/cn_proc.c|   18 +-
 drivers/connector/connector.c  |   20 +---
 drivers/hv/hv_kvp.c|4 ++--
 drivers/hv/hv_snapshot.c   |2 +-
 drivers/md/dm-log-userspace-transfer.c |2 +-
 drivers/video/uvesafb.c|4 ++--
 drivers/w1/w1_netlink.c|   14 +++---
 include/linux/connector.h  |2 +-
 9 files changed, 37 insertions(+), 31 deletions(-)

diff --git a/Documentation/connector/cn_test.c 
b/Documentation/connector/cn_test.c
index adcca03..d12cc94 100644
--- a/Documentation/connector/cn_test.c
+++ b/Documentation/connector/cn_test.c
@@ -145,7 +145,7 @@ static void cn_test_timer_func(unsigned long __data)
 
memcpy(m + 1, data, m->len);
 
-   cn_netlink_send(m, 0, GFP_ATOMIC);
+   cn_netlink_send(m, 0, 0, GFP_ATOMIC);
kfree(m);
}
 
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 18c5b9b..148d707 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -95,7 +95,7 @@ void proc_fork_connector(struct task_struct *task)
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
/*  If cn_netlink_send() failed, the data is not sent */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_exec_connector(struct task_struct *task)
@@ -122,7 +122,7 @@ void proc_exec_connector(struct task_struct *task)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_id_connector(struct task_struct *task, int which_id)
@@ -163,7 +163,7 @@ void proc_id_connector(struct task_struct *task, int 
which_id)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_sid_connector(struct task_struct *task)
@@ -190,7 +190,7 @@ void proc_sid_connector(struct task_struct *task)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
@@ -225,7 +225,7 @@ void proc_ptrace_connector(struct task_struct *task, int 
ptrace_id)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_comm_connector(struct task_struct *task)
@@ -253,7 +253,7 @@ void proc_comm_connector(struct task_struct *task)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_coredump_connector(struct task_struct *task)
@@ -280,7 +280,7 @@ void proc_coredump_connector(struct task_struct *task)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 void proc_exit_connector(struct task_struct *task)
@@ -309,7 +309,7 @@ void proc_exit_connector(struct task_struct *task)
msg->ack = 0; /* not used */
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 /*
@@ -343,7 +343,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
msg->ack = rcvd_ack + 1;
msg->len = sizeof(*ev);
msg->flags = 0; /* not used */
-   cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+   cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_KERNEL);
 }
 
 /**
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index a36749f..77afe74 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -50,7 +50,7 @@ static int cn_already_initialized;
  *
  * Sequence number is incremented with each message to be sent.
  *
- * If we expect reply to our message then the sequence number in
+ * If we expect a reply to our message then the sequence number in
  * received message MUST be the same as in

[PATCH 09/14] w1: reply only to the requester portid

2013-12-28 Thread David Fries 
Unicast one wire replies back to the sender portid to avoid multiple
programs getting each other's messages, especially as the response
can't be uniquely identified with the sequence coming from the
requesting program when both programs generate the same id.  Continue
to broadcast events such as add/remove master/slave devices.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.h |5 +
 drivers/w1/w1_netlink.c |   42 +-
 2 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index a096ef4..390a730 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -210,6 +210,11 @@ struct w1_master
struct w1_bus_master*bus_master;
 
u32 seq;
+   /* port id to send netlink responses to.  The value is temporarily
+* stored here while processing a message, set after locking the
+* mutex, zero before unlocking the mutex.
+*/
+   u32 portid;
 };
 
 /**
diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c
index b63109a..a5dc219 100644
--- a/drivers/w1/w1_netlink.c
+++ b/drivers/w1/w1_netlink.c
@@ -45,7 +45,7 @@ void w1_netlink_send(struct w1_master *dev, struct 
w1_netlink_msg *msg)
 
memcpy(w, msg, sizeof(struct w1_netlink_msg));
 
-   cn_netlink_send(m, 0, 0, GFP_KERNEL);
+   cn_netlink_send(m, dev->portid, 0, GFP_KERNEL);
 }
 
 static void w1_send_slave(struct w1_master *dev, u64 rn)
@@ -60,7 +60,7 @@ static void w1_send_slave(struct w1_master *dev, u64 rn)
 
if (avail < 8) {
msg->ack++;
-   cn_netlink_send(msg, 0, 0, GFP_KERNEL);
+   cn_netlink_send(msg, dev->portid, 0, GFP_KERNEL);
 
msg->len = sizeof(struct w1_netlink_msg) +
sizeof(struct w1_netlink_cmd);
@@ -131,7 +131,7 @@ static int w1_get_slaves(struct w1_master *dev,
}
 
msg->ack = 0;
-   cn_netlink_send(msg, 0, 0, GFP_KERNEL);
+   cn_netlink_send(msg, dev->portid, 0, GFP_KERNEL);
 
dev->priv = NULL;
dev->priv_size = 0;
@@ -142,7 +142,7 @@ static int w1_get_slaves(struct w1_master *dev,
 }
 
 static int w1_send_read_reply(struct cn_msg *msg, struct w1_netlink_msg *hdr,
-   struct w1_netlink_cmd *cmd)
+   struct w1_netlink_cmd *cmd, u32 portid)
 {
void *data;
struct w1_netlink_msg *h;
@@ -173,7 +173,7 @@ static int w1_send_read_reply(struct cn_msg *msg, struct 
w1_netlink_msg *hdr,
 
memcpy(c->data, cmd->data, c->len);
 
-   err = cn_netlink_send(cm, 0, 0, GFP_KERNEL);
+   err = cn_netlink_send(cm, portid, 0, GFP_KERNEL);
 
kfree(data);
 
@@ -188,11 +188,11 @@ static int w1_process_command_io(struct w1_master *dev, 
struct cn_msg *msg,
switch (cmd->cmd) {
case W1_CMD_TOUCH:
w1_touch_block(dev, cmd->data, cmd->len);
-   w1_send_read_reply(msg, hdr, cmd);
+   w1_send_read_reply(msg, hdr, cmd, dev->portid);
break;
case W1_CMD_READ:
w1_read_block(dev, cmd->data, cmd->len);
-   w1_send_read_reply(msg, hdr, cmd);
+   w1_send_read_reply(msg, hdr, cmd, dev->portid);
break;
case W1_CMD_WRITE:
w1_write_block(dev, cmd->data, cmd->len);
@@ -283,7 +283,8 @@ static int w1_process_command_slave(struct w1_slave *sl, 
struct cn_msg *msg,
return w1_process_command_io(sl->master, msg, hdr, cmd);
 }
 
-static int w1_process_command_root(struct cn_msg *msg, struct w1_netlink_msg 
*mcmd)
+static int w1_process_command_root(struct cn_msg *msg,
+   struct w1_netlink_msg *mcmd, u32 portid)
 {
struct w1_master *m;
struct cn_msg *cn;
@@ -316,7 +317,7 @@ static int w1_process_command_root(struct cn_msg *msg, 
struct w1_netlink_msg *mc
mutex_lock(_mlock);
list_for_each_entry(m, _masters, w1_master_entry) {
if (cn->len + sizeof(*id) > PAGE_SIZE - sizeof(struct cn_msg)) {
-   cn_netlink_send(cn, 0, 0, GFP_KERNEL);
+   cn_netlink_send(cn, portid, 0, GFP_KERNEL);
cn->ack++;
cn->len = sizeof(struct w1_netlink_msg);
w->len = 0;
@@ -329,7 +330,7 @@ static int w1_process_command_root(struct cn_msg *msg, 
struct w1_netlink_msg *mc
id++;
}
cn->ack = 0;
-   cn_netlink_send(cn, 0, 0, GFP_KERNEL);
+   cn_netlink_send(cn, portid, 0, GFP_KERNEL);
mutex_unlock(_mlock);
 
kfree(cn);
@@ -337,7 +338,7 @@ static int w1_process_command_root(struct cn_msg *msg, 
struct w1_netlink_msg *mc
 }
 
 static int w1_netlink_send_error(struct cn_msg *rcmsg, struct w1_netlink_msg 
*rmsg,
-   struct w1_netlink_cmd *rcmd, int error)
+   struct w1_netlink_cmd *rcmd, int portid, int error)
 {

[PATCH 06/14] w1: new netlink commands, add/remove/list slaves

2013-12-28 Thread David Fries 
Introduce new commands to add, remove, and list slave devices through
the netlink interface.  This can be useful to skip the search on a
static network.  They could previously only be added or removed
through automatic search or sysfs, and this allows a program to only
use netlink.

Only allocate memory when needed, so move kzalloc into w1_get_slaves
where it was used.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.c |6 +--
 drivers/w1/w1.h |3 ++
 drivers/w1/w1_netlink.c |  125 ++-
 drivers/w1/w1_netlink.h |   31 +++-
 4 files changed, 126 insertions(+), 39 deletions(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 4c89f85..97b35cb 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -56,8 +56,6 @@ module_param_named(slave_ttl, w1_max_slave_ttl, int, 0);
 DEFINE_MUTEX(w1_mlock);
 LIST_HEAD(w1_masters);
 
-static int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num 
*rn);
-
 static int w1_master_match(struct device *dev, struct device_driver *drv)
 {
return 1;
@@ -444,7 +442,7 @@ static int w1_atoreg_num(struct device *dev, const char 
*buf, size_t count,
 /* Searches the slaves in the w1_master and returns a pointer or NULL.
  * Note: must hold the mutex
  */
-static struct w1_slave *w1_slave_search_device(struct w1_master *dev,
+struct w1_slave *w1_slave_search_device(struct w1_master *dev,
struct w1_reg_num *rn)
 {
struct w1_slave *sl;
@@ -711,7 +709,7 @@ static int __w1_attach_slave_device(struct w1_slave *sl)
return 0;
 }
 
-static int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn)
+int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn)
 {
struct w1_slave *sl;
struct w1_family *f;
diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index 80fbdf9..3376bfb 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -213,6 +213,8 @@ struct w1_slave *w1_search_slave(struct w1_reg_num *id);
 void w1_slave_found(struct w1_master *dev, u64 rn);
 void w1_search_process_cb(struct w1_master *dev, u8 search_type,
w1_slave_found_callback cb);
+struct w1_slave *w1_slave_search_device(struct w1_master *dev,
+   struct w1_reg_num *rn);
 struct w1_master *w1_search_master_id(u32 id);
 
 /* Disconnect and reconnect devices in the given family.  Used for finding
@@ -221,6 +223,7 @@ struct w1_master *w1_search_master_id(u32 id);
  * has just been registered, to 0 when it has been unregistered.
  */
 void w1_reconnect_slaves(struct w1_family *f, int attach);
+int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn);
 void w1_slave_detach(struct w1_slave *sl);
 
 u8 w1_triplet(struct w1_master *dev, int bdir);
diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c
index 73705af..747174b 100644
--- a/drivers/w1/w1_netlink.c
+++ b/drivers/w1/w1_netlink.c
@@ -56,9 +56,6 @@ static void w1_send_slave(struct w1_master *dev, u64 rn)
int avail;
u64 *data;
 
-   /* update kernel slave list */
-   w1_slave_found(dev, rn);
-
avail = dev->priv_size - cmd->len;
 
if (avail < 8) {
@@ -79,17 +76,57 @@ static void w1_send_slave(struct w1_master *dev, u64 rn)
msg->len += 8;
 }
 
-static int w1_process_search_command(struct w1_master *dev, struct cn_msg *msg,
-   unsigned int avail)
+static void w1_found_send_slave(struct w1_master *dev, u64 rn)
 {
-   struct w1_netlink_msg *hdr = (struct w1_netlink_msg *)(msg + 1);
-   struct w1_netlink_cmd *cmd = (struct w1_netlink_cmd *)(hdr + 1);
-   int search_type = (cmd->cmd == 
W1_CMD_ALARM_SEARCH)?W1_ALARM_SEARCH:W1_SEARCH;
+   /* update kernel slave list */
+   w1_slave_found(dev, rn);
+
+   w1_send_slave(dev, rn);
+}
+
+/* Get the current slave list, or search (with or without alarm) */
+static int w1_get_slaves(struct w1_master *dev,
+   struct cn_msg *req_msg, struct w1_netlink_msg *req_hdr,
+   struct w1_netlink_cmd *req_cmd)
+{
+   struct cn_msg *msg;
+   struct w1_netlink_msg *hdr;
+   struct w1_netlink_cmd *cmd;
+   struct w1_slave *sl;
+
+   msg = kzalloc(PAGE_SIZE, GFP_KERNEL);
+   if (!msg)
+   return -ENOMEM;
+
+   msg->id = req_msg->id;
+   msg->seq = req_msg->seq;
+   msg->ack = 0;
+   msg->len = sizeof(struct w1_netlink_msg) +
+   sizeof(struct w1_netlink_cmd);
+
+   hdr = (struct w1_netlink_msg *)(msg + 1);
+   cmd = (struct w1_netlink_cmd *)(hdr + 1);
+
+   hdr->type = W1_MASTER_CMD;
+   hdr->id = req_hdr->id;
+   hdr->len = sizeof(struct w1_netlink_cmd);
+
+   cmd->cmd = req_cmd->cmd;
+   cmd->len = 0;
 
dev->priv = msg;
-   dev->priv_size = avail;
+   dev->priv_size = PAGE_SIZE - msg->len - sizeof(struct cn_msg);
 
-   w1_search_process_cb(dev, search_type, w1_send_slave);
+   if (req_cmd->cmd == W1_CMD_LIST_SLAVES) {
+

[PATCH 10/14] w1: ds2490 reduce magic numbers

2013-12-28 Thread David Fries 
Use a #define for the usb vendor request type, clear the status
byte and use that instead of a magic offset in checking if idle.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/masters/ds2490.c |   23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/w1/masters/ds2490.c b/drivers/w1/masters/ds2490.c
index 4f7e1d7..6a3d0a1 100644
--- a/drivers/w1/masters/ds2490.c
+++ b/drivers/w1/masters/ds2490.c
@@ -1,5 +1,5 @@
 /*
- * dscore.c
+ * ds2490.c  USB to one wire bridge
  *
  * Copyright (c) 2004 Evgeniy Polyakov 
  *
@@ -28,6 +28,10 @@
 #include "../w1_int.h"
 #include "../w1.h"
 
+/* USB Standard */
+/* USB Control request vendor type */
+#define VENDOR 0x40
+
 /* COMMAND TYPE CODES */
 #define CONTROL_CMD0x00
 #define COMM_CMD   0x01
@@ -107,6 +111,8 @@
 #define ST_HALT0x10  /* DS2490 is currently 
halted */
 #define ST_IDLE0x20  /* DS2490 is currently 
idle */
 #define ST_EPOF0x80
+/* Status transfer size, 16 bytes status, 16 byte result flags */
+#define ST_SIZE0x20
 
 /* Result Register flags */
 #define RR_DETECT  0xA5 /* New device detected */
@@ -198,7 +204,7 @@ static int ds_send_control_cmd(struct ds_device *dev, u16 
value, u16 index)
int err;
 
err = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 
dev->ep[EP_CONTROL]),
-   CONTROL_CMD, 0x40, value, index, NULL, 0, 1000);
+   CONTROL_CMD, VENDOR, value, index, NULL, 0, 1000);
if (err < 0) {
printk(KERN_ERR "Failed to send command control message %x.%x: 
err=%d.\n",
value, index, err);
@@ -213,7 +219,7 @@ static int ds_send_control_mode(struct ds_device *dev, u16 
value, u16 index)
int err;
 
err = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 
dev->ep[EP_CONTROL]),
-   MODE_CMD, 0x40, value, index, NULL, 0, 1000);
+   MODE_CMD, VENDOR, value, index, NULL, 0, 1000);
if (err < 0) {
printk(KERN_ERR "Failed to send mode control message %x.%x: 
err=%d.\n",
value, index, err);
@@ -228,7 +234,7 @@ static int ds_send_control(struct ds_device *dev, u16 
value, u16 index)
int err;
 
err = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 
dev->ep[EP_CONTROL]),
-   COMM_CMD, 0x40, value, index, NULL, 0, 1000);
+   COMM_CMD, VENDOR, value, index, NULL, 0, 1000);
if (err < 0) {
printk(KERN_ERR "Failed to send control message %x.%x: 
err=%d.\n",
value, index, err);
@@ -353,7 +359,7 @@ static int ds_recv_data(struct ds_device *dev, unsigned 
char *buf, int size)
err = usb_bulk_msg(dev->udev, usb_rcvbulkpipe(dev->udev, 
dev->ep[EP_DATA_IN]),
buf, size, , 1000);
if (err < 0) {
-   u8 buf[0x20];
+   u8 buf[ST_SIZE];
int count;
 
printk(KERN_INFO "Clearing ep0x%x.\n", dev->ep[EP_DATA_IN]);
@@ -398,7 +404,7 @@ int ds_stop_pulse(struct ds_device *dev, int limit)
 {
struct ds_status st;
int count = 0, err = 0;
-   u8 buf[0x20];
+   u8 buf[ST_SIZE];
 
do {
err = ds_send_control(dev, CTL_HALT_EXE_IDLE, 0);
@@ -450,10 +456,11 @@ int ds_detect(struct ds_device *dev, struct ds_status *st)
 
 static int ds_wait_status(struct ds_device *dev, struct ds_status *st)
 {
-   u8 buf[0x20];
+   u8 buf[ST_SIZE];
int err, count = 0;
 
do {
+   st->status = 0;
err = ds_recv_status_nodump(dev, st, buf, sizeof(buf));
 #if 0
if (err >= 0) {
@@ -464,7 +471,7 @@ static int ds_wait_status(struct ds_device *dev, struct 
ds_status *st)
printk("\n");
}
 #endif
-   } while (!(buf[0x08] & ST_IDLE) && !(err < 0) && ++count < 100);
+   } while (!(st->status & ST_IDLE) && !(err < 0) && ++count < 100);
 
if (err >= 16 && st->status & ST_EPOF) {
printk(KERN_INFO "Resetting device after ST_EPOF.\n");
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 07/14] w1: process w1 netlink commands in w1_process thread

2013-12-28 Thread David Fries 
Netlink is a socket interface and is expected to be asynchronous.
Clients can now make w1 requests without blocking by making use of the
w1_master thread to process netlink commands which was previously only
used for doing an automatic bus search.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.c |  180 +--
 drivers/w1/w1.h |   32 -
 drivers/w1/w1_int.c |   17 +++--
 drivers/w1/w1_netlink.c |  166 +--
 4 files changed, 300 insertions(+), 95 deletions(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 97b35cb..53846c7 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -79,19 +79,10 @@ static void w1_slave_release(struct device *dev)
 {
struct w1_slave *sl = dev_to_w1_slave(dev);
 
-   dev_dbg(dev, "%s: Releasing %s.\n", __func__, sl->name);
-
-   while (atomic_read(>refcnt)) {
-   dev_dbg(dev, "Waiting for %s to become free: refcnt=%d.\n",
-   sl->name, atomic_read(>refcnt));
-   if (msleep_interruptible(1000))
-   flush_signals(current);
-   }
+   dev_dbg(dev, "%s: Releasing %s [%p]\n", __func__, sl->name, sl);
 
w1_family_put(sl->family);
sl->master->slave_count--;
-
-   complete(>released);
 }
 
 static ssize_t name_show(struct device *dev, struct device_attribute *attr, 
char *buf)
@@ -277,7 +268,6 @@ static ssize_t w1_master_attribute_store_pullup(struct 
device *dev,
mutex_lock(>mutex);
md->enable_pullup = tmp;
mutex_unlock(>mutex);
-   wake_up_process(md->thread);
 
return count;
 }
@@ -370,23 +360,20 @@ static ssize_t w1_master_attribute_show_slaves(struct 
device *dev,
 {
struct w1_master *md = dev_to_w1_master(dev);
int c = PAGE_SIZE;
+   struct list_head *ent, *n;
+   struct w1_slave *sl = NULL;
 
-   mutex_lock(>mutex);
-
-   if (md->slave_count == 0)
-   c -= snprintf(buf + PAGE_SIZE - c, c, "not found.\n");
-   else {
-   struct list_head *ent, *n;
-   struct w1_slave *sl;
+   mutex_lock(>list_mutex);
 
-   list_for_each_safe(ent, n, >slist) {
-   sl = list_entry(ent, struct w1_slave, w1_slave_entry);
+   list_for_each_safe(ent, n, >slist) {
+   sl = list_entry(ent, struct w1_slave, w1_slave_entry);
 
-   c -= snprintf(buf + PAGE_SIZE - c, c, "%s\n", sl->name);
-   }
+   c -= snprintf(buf + PAGE_SIZE - c, c, "%s\n", sl->name);
}
+   if (!sl)
+   c -= snprintf(buf + PAGE_SIZE - c, c, "not found.\n");
 
-   mutex_unlock(>mutex);
+   mutex_unlock(>list_mutex);
 
return PAGE_SIZE - c;
 }
@@ -440,19 +427,22 @@ static int w1_atoreg_num(struct device *dev, const char 
*buf, size_t count,
 }
 
 /* Searches the slaves in the w1_master and returns a pointer or NULL.
- * Note: must hold the mutex
+ * Note: must not hold list_mutex
  */
 struct w1_slave *w1_slave_search_device(struct w1_master *dev,
struct w1_reg_num *rn)
 {
struct w1_slave *sl;
+   mutex_lock(>list_mutex);
list_for_each_entry(sl, >slist, w1_slave_entry) {
if (sl->reg_num.family == rn->family &&
sl->reg_num.id == rn->id &&
sl->reg_num.crc == rn->crc) {
+   mutex_unlock(>list_mutex);
return sl;
}
}
+   mutex_unlock(>list_mutex);
return NULL;
 }
 
@@ -509,7 +499,10 @@ static ssize_t w1_master_attribute_store_remove(struct 
device *dev,
mutex_lock(>mutex);
sl = w1_slave_search_device(md, );
if (sl) {
-   w1_slave_detach(sl);
+   result = w1_slave_detach(sl);
+   /* refcnt 0 means it was detached in the call */
+   if (result == 0)
+   result = count;
} else {
dev_info(dev, "Device %02x-%012llx doesn't exists\n", rn.family,
(unsigned long long)rn.id);
@@ -704,7 +697,9 @@ static int __w1_attach_slave_device(struct w1_slave *sl)
dev_set_uevent_suppress(>dev, false);
kobject_uevent(>dev.kobj, KOBJ_ADD);
 
+   mutex_lock(>master->list_mutex);
list_add_tail(>w1_slave_entry, >master->slist);
+   mutex_unlock(>master->list_mutex);
 
return 0;
 }
@@ -731,8 +726,8 @@ int w1_attach_slave_device(struct w1_master *dev, struct 
w1_reg_num *rn)
 
memset(, 0, sizeof(msg));
memcpy(>reg_num, rn, sizeof(sl->reg_num));
-   atomic_set(>refcnt, 0);
-   init_completion(>released);
+   atomic_set(>refcnt, 1);
+   atomic_inc(>master->refcnt);
 
/* slave modules need to be loaded in a context with unlocked mutex */
mutex_unlock(>mutex);
@@ -772,23 +767,48 @@ int

[PATCH 02/14] w1: fixup search to support abort from netlink

2013-12-28 Thread David Fries 
Before 63706172f33 "rework kthread_stop()" kthread_should_stop()
always returned false when called from a non-kthread task, after it
would oops as a non-kthread didn't have that structure and netlink was
calling search from a thread which wasn't a kthread.  9d1817cab2f030
"w1: fix oops when w1_search is called from netlink connector",
modified the code to avoid calling kthread_stop from a netlink thread.

Introduce a w1_master flag and bit W1_ABORT_SEARCH to identify abort
to cleanly support both kthread and netlink search abort.  A search
can take seconds to run, so it is important to abort early if the
hardware is removed in the middle of a search.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
Cc: Marcin Jurkowski 
Cc: Josh Boyer 
Cc: Sven Geggus 
---
 drivers/w1/w1.c |3 +--
 drivers/w1/w1.h |   10 ++
 drivers/w1/w1_int.c |2 ++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 66efa96..67b6d5f 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -960,8 +960,7 @@ void w1_search(struct w1_master *dev, u8 search_type, 
w1_slave_found_callback cb
tmp64 = (triplet_ret >> 2);
rn |= (tmp64 << i);
 
-   /* ensure we're called from kthread and not by netlink 
callback */
-   if (!dev->priv && kthread_should_stop()) {
+   if (test_bit(W1_ABORT_SEARCH, >flags)) {
mutex_unlock(>bus_mutex);
dev_dbg(>dev, "Abort w1_search\n");
return;
diff --git a/drivers/w1/w1.h b/drivers/w1/w1.h
index ca8081a..bc329d2 100644
--- a/drivers/w1/w1.h
+++ b/drivers/w1/w1.h
@@ -155,6 +155,14 @@ struct w1_bus_master
u8, w1_slave_found_callback);
 };
 
+/**
+ * enum w1_master_flags - bitfields used in w1_master.flags
+ * @W1_ABORT_SEARCH: abort searching early on shutdown
+ */
+enum w1_master_flags {
+   W1_ABORT_SEARCH = 0,
+};
+
 struct w1_master
 {
struct list_headw1_master_entry;
@@ -178,6 +186,8 @@ struct w1_master
/** 5V strong pullup duration in milliseconds, zero disabled. */
int pullup_duration;
 
+   longflags;
+
struct task_struct  *thread;
struct mutexmutex;
struct mutexbus_mutex;
diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
index 590bd8a..423f3c2 100644
--- a/drivers/w1/w1_int.c
+++ b/drivers/w1/w1_int.c
@@ -172,6 +172,7 @@ int w1_add_master_device(struct w1_bus_master *master)
 
 #if 0 /* Thread cleanup code, not required currently. */
 err_out_kill_thread:
+   set_bit(W1_ABORT_SEARCH, >flags);
kthread_stop(dev->thread);
 #endif
 err_out_rm_attr:
@@ -187,6 +188,7 @@ void __w1_remove_master_device(struct w1_master *dev)
struct w1_netlink_msg msg;
struct w1_slave *sl, *sln;
 
+   set_bit(W1_ABORT_SEARCH, >flags);
kthread_stop(dev->thread);
 
mutex_lock(_mlock);
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 14/14] w1: format for DocBook and fixes

2013-12-28 Thread David Fries 
Switch the code documentation format style to DocBook format, enable
DocBook documentation generation, and fix some comments.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 Documentation/DocBook/Makefile |2 +-
 Documentation/DocBook/w1.tmpl  |  101 +
 Documentation/w1/w1.netlink|8 +--
 drivers/w1/w1.c|   30 +++--
 drivers/w1/w1.h|  136 +++-
 drivers/w1/w1_family.c |8 +++
 drivers/w1/w1_family.h |   13 
 drivers/w1/w1_int.c|8 +++
 drivers/w1/w1_io.c |  102 +-
 drivers/w1/w1_netlink.h|6 +-
 10 files changed, 315 insertions(+), 99 deletions(-)
 create mode 100644 Documentation/DocBook/w1.tmpl

diff --git a/Documentation/DocBook/Makefile b/Documentation/DocBook/Makefile
index bc3d9f8..662e4ef 100644
--- a/Documentation/DocBook/Makefile
+++ b/Documentation/DocBook/Makefile
@@ -14,7 +14,7 @@ DOCBOOKS := z8530book.xml device-drivers.xml \
genericirq.xml s390-drivers.xml uio-howto.xml scsi.xml \
80211.xml debugobjects.xml sh.xml regulator.xml \
alsa-driver-api.xml writing-an-alsa-driver.xml \
-   tracepoint.xml drm.xml media_api.xml
+   tracepoint.xml drm.xml media_api.xml w1.xml
 
 include $(srctree)/Documentation/DocBook/media/Makefile
 
diff --git a/Documentation/DocBook/w1.tmpl b/Documentation/DocBook/w1.tmpl
new file mode 100644
index 000..b0228d4
--- /dev/null
+++ b/Documentation/DocBook/w1.tmpl
@@ -0,0 +1,101 @@
+
+http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd; []>
+
+
+  
+W1: Dallas' 1-wire bus
+
+
+  
+David
+Fries
+
+  
+da...@fries.net
+  
+
+  
+
+
+
+
+  2013
+  
+
+
+
+  
+This documentation is free software; you can redistribute
+it and/or modify it under the terms of the GNU General Public
+License version 2.
+  
+
+  
+This program is distributed in the hope that it will be
+useful, but WITHOUT ANY WARRANTY; without even the implied
+warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+For more details see the file COPYING in the source
+distribution of Linux.
+  
+
+  
+
+  
+
+  
+W1 API internal to the kernel
+
+
+  W1 API internal to the kernel
+  
+drivers/w1/w1.h
+W1 core functions.
+!Idrivers/w1/w1.h
+  
+
+  
+drivers/w1/w1.c
+W1 core functions.
+!Idrivers/w1/w1.c
+  
+
+  
+drivers/w1/w1_family.h
+Allows registering device family operations.
+!Idrivers/w1/w1_family.h
+  
+
+  
+drivers/w1/w1_family.c
+Allows registering device family operations.
+!Edrivers/w1/w1_family.c
+  
+
+  
+drivers/w1/w1_int.c
+W1 internal initialization for master devices.
+!Edrivers/w1/w1_int.c
+  
+
+  
+drivers/w1/w1_netlink.h
+W1 external netlink API structures and commands.
+!Idrivers/w1/w1_netlink.h
+  
+
+  
+drivers/w1/w1_io.c
+W1 input/output.
+!Edrivers/w1/w1_io.c
+!Idrivers/w1/w1_io.c
+  
+
+
+
+
+  
+
+
diff --git a/Documentation/w1/w1.netlink b/Documentation/w1/w1.netlink
index f59a319..927a52c 100644
--- a/Documentation/w1/w1.netlink
+++ b/Documentation/w1/w1.netlink
@@ -5,8 +5,8 @@ Message types.
 =
 
 There are three types of messages between w1 core and userspace:
-1. Events. They are generated each time new master or slave device
-   found either due to automatic or requested search.
+1. Events. They are generated each time a new master or slave device
+   is found either due to automatic or requested search.
 2. Userspace commands.
 3. Replies to userspace commands.
 
@@ -131,7 +131,7 @@ of the w1_netlink_cmd structure and cn_msg.len will be 
equal to the sum
 of the sizeof(struct w1_netlink_msg) and sizeof(struct w1_netlink_cmd).
 If reply is generated for master or root command (which do not have
 w1_netlink_cmd attached), reply will contain only cn_msg and w1_netlink_msg
-structires.
+structures.
 
 w1_netlink_msg.status field will carry positive error value
 (EINVAL for example) or zero in case of success.
@@ -160,7 +160,7 @@ procedure is started to select given device.
 Then all requested in w1_netlink_msg operations are performed one by one.
 If command requires reply (like read command) it is sent on command completion.
 
-When all commands (w1_netlink_cmd) are processed muster device is unlocked
+When all commands (w1_netlink_cmd) are processed master device is unlocked
 and next w1_netlink_msg header processing started.
 
 
diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 53846c7..9eb816b 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -50,8 +50,21 @@ int w1_max_slave_count = 64;
 int w1_max_slave_ttl =

[PATCH 03/14] w1: Only wake up the search process if it is going to be searching

2013-12-28 Thread David Fries 
It's valid to set the search count to 0 to stop searching, so don't
wake up the search thread to not search.

Signed-off-by: David Fries 
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1.c |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index 67b6d5f..92766a9 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -243,7 +243,9 @@ static ssize_t w1_master_attribute_store_search(struct 
device * dev,
mutex_lock(>mutex);
md->search_count = tmp;
mutex_unlock(>mutex);
-   wake_up_process(md->thread);
+   /* Only wake if it is going to be searching. */
+   if (tmp)
+   wake_up_process(md->thread);
 
return count;
 }
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 01/14] w1: fix w1_send_slave dropping a slave id

2013-12-28 Thread David Fries 
Previous logic,
if (avail > 8) {
store slave;
return;
}
send data; clear;

The logic error is, if there isn't space send the buffer and clear,
but the slave wasn't added to the now empty buffer loosing that slave
id.  It also should have been "if (avail >= 8)" because when it is 8,
there is space.

Instead, if there isn't space send and clear the buffer, then there is
always space for the slave id.

Signed-off-by: David Fries 
Cc: sta...@vger.kernel.org
Cc: Evgeniy Polyakov 
---
 drivers/w1/w1_netlink.c |   25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c
index 40788c9..73705af 100644
--- a/drivers/w1/w1_netlink.c
+++ b/drivers/w1/w1_netlink.c
@@ -54,28 +54,29 @@ static void w1_send_slave(struct w1_master *dev, u64 rn)
struct w1_netlink_msg *hdr = (struct w1_netlink_msg *)(msg + 1);
struct w1_netlink_cmd *cmd = (struct w1_netlink_cmd *)(hdr + 1);
int avail;
+   u64 *data;
 
/* update kernel slave list */
w1_slave_found(dev, rn);
 
avail = dev->priv_size - cmd->len;
 
-   if (avail > 8) {
-   u64 *data = (void *)(cmd + 1) + cmd->len;
+   if (avail < 8) {
+   msg->ack++;
+   cn_netlink_send(msg, 0, GFP_KERNEL);
 
-   *data = rn;
-   cmd->len += 8;
-   hdr->len += 8;
-   msg->len += 8;
-   return;
+   msg->len = sizeof(struct w1_netlink_msg) +
+   sizeof(struct w1_netlink_cmd);
+   hdr->len = sizeof(struct w1_netlink_cmd);
+   cmd->len = 0;
}
 
-   msg->ack++;
-   cn_netlink_send(msg, 0, GFP_KERNEL);
+   data = (void *)(cmd + 1) + cmd->len;
 
-   msg->len = sizeof(struct w1_netlink_msg) + sizeof(struct 
w1_netlink_cmd);
-   hdr->len = sizeof(struct w1_netlink_cmd);
-   cmd->len = 0;
+   *data = rn;
+   cmd->len += 8;
+   hdr->len += 8;
+   msg->len += 8;
 }
 
 static int w1_process_search_command(struct w1_master *dev, struct cn_msg *msg,
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Jason Cooper 
On Sun, Dec 29, 2013 at 01:27:05AM -0500, Gene Heskett wrote:
> On Sunday 29 December 2013, Jason Cooper wrote:
...
> >You may want to try the opposite approach.  x86_64_defconfig, then add
> >just what is necessary to boot and reproduce the bug.
> 
> Did that, then added some stuff for my hdwe, made sure the Makefile version 
> and my makeit script versions matched. Fired off my build/install script, 
> But it bailed out at the mkinitramfs stage, couldn't find 
> /lib/modules/3.8.2 because it was named "3.8.2+".

For this bisect run, can you do without the initramfs?  Just build the
sata driver and the fs driver into the kernel.  You may want to drop
makeit and just do the bare minimum, 'make bzImage && make modules &&
make modules_install' or similar.

The '+' means the kernel build system (using git) determined that there
were changes to the source tree from the most recent tagged version.  If
there weren't, it would just use the tag 3.8.2.  You can take a look at
scripts/setlocalversion to see how it figures it out.

hth,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Gene Heskett 
On Sunday 29 December 2013, Jason Cooper wrote:
>Gene,
>
>On Sun, Dec 29, 2013 at 12:11:26AM -0500, Gene Heskett wrote:
>> On Saturday 28 December 2013, Jason Cooper wrote:
>> >On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
>...
>
>> >> working toward 3.8.3 which doesn't, and I have the disk space
>> >> chowned to me, what is the exact syntax to pull a clone of 3.8.2,
>> >> and then do a bisect to 3.8.3 where the microcode update for an AMD
>> >> phenom doesn't work. Skipping fwd to 3.12.0 it still isn't working.
>> >
>> >The version tags you are referring to are from the linux-stable tree,
>> >so we'll clone that one instead of Linus'.
>> >
>> >So, something like this:
>> >
>> >$ git clone \
>> >git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
>> >\ ~/linux-stable
>> 
>> Looks like its working.
>> 
>> >$ cd ~/linux-stable
>> >$ git checkout v3.8.3
>> >$ git bisect start
>> >$ git bisect bad
>> >$ git bisect good v3.8.2
>> >$ ...
>> >
>> >And now you iterate through as the manpage suggests, until it narrows
>> >it down to a single commit.  Once there, report to this list with
>> >'[BUG BISECTED] ...' in the subject line.
>> >
>> >hth,
>> 
>> Yes, I think I can nail it now.  One final clarification, do I use a
>> .config geared more to my machine, or am I supposed to do a "make
>> allmodconfig?"
>
>I would use the smallest config that allows me to boot the system and
>reproduce the bug.  A good starting point is /proc/config.gz from the
>running system.  allmodconfig is just sticking the knife in and
>twisting unnecessarily.
>
>> I haven't done this in a while and I'm still going thru the xconfig,
>> stripping out modules for hardware I don't have, but if I just transfer
>> the old ones in, they should work but will be building about 1400
>> modules extra.
>
>You may want to try the opposite approach.  x86_64_defconfig, then add
>just what is necessary to boot and reproduce the bug.
>
>hth,
>
>Jason.

Did that, then added some stuff for my hdwe, made sure the Makefile version 
and my makeit script versions matched. Fired off my build/install script, 
But it bailed out at the mkinitramfs stage, couldn't find 
/lib/modules/3.8.2 because it was named "3.8.2+".

So how does this work?  snilmerg? git playing in the sandbox somehow?  I'm 
going to see about some sleep in the meantime as its 1:30 Am here in WV, 
USA now.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Living in New York City gives people real incentives to want things that
nobody else wants.
-- Andy Warhol
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
 law-abiding citizens.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Jason Cooper 
On Sun, Dec 29, 2013 at 12:42:00AM -0500, Gene Heskett wrote:
> On Sunday 29 December 2013, Jason Cooper wrote:
...
> >You may want to try the opposite approach.  x86_64_defconfig, then add
> >just what is necessary to boot and reproduce the bug.
> 
> Oh-oh, and where in this new tree do I find that?  Or is that a make 
> command?

$ make x86_64_defconfig

thx,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Gene Heskett 
On Sunday 29 December 2013, Jason Cooper wrote:
>Gene,
>
>On Sun, Dec 29, 2013 at 12:11:26AM -0500, Gene Heskett wrote:
>> On Saturday 28 December 2013, Jason Cooper wrote:
>> >On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
>...
>
>> >> working toward 3.8.3 which doesn't, and I have the disk space
>> >> chowned to me, what is the exact syntax to pull a clone of 3.8.2,
>> >> and then do a bisect to 3.8.3 where the microcode update for an AMD
>> >> phenom doesn't work. Skipping fwd to 3.12.0 it still isn't working.
>> >
>> >The version tags you are referring to are from the linux-stable tree,
>> >so we'll clone that one instead of Linus'.
>> >
>> >So, something like this:
>> >
>> >$ git clone \
>> >git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
>> >\ ~/linux-stable
>> 
>> Looks like its working.
>> 
>> >$ cd ~/linux-stable
>> >$ git checkout v3.8.3
>> >$ git bisect start
>> >$ git bisect bad
>> >$ git bisect good v3.8.2
>> >$ ...
>> >
>> >And now you iterate through as the manpage suggests, until it narrows
>> >it down to a single commit.  Once there, report to this list with
>> >'[BUG BISECTED] ...' in the subject line.
>> >
>> >hth,
>> 
>> Yes, I think I can nail it now.  One final clarification, do I use a
>> .config geared more to my machine, or am I supposed to do a "make
>> allmodconfig?"
>
>I would use the smallest config that allows me to boot the system and
>reproduce the bug.  A good starting point is /proc/config.gz from the
>running system.  allmodconfig is just sticking the knife in and
>twisting unnecessarily.

That was my thinking. So I asked. :)

>> I haven't done this in a while and I'm still going thru the xconfig,
>> stripping out modules for hardware I don't have, but if I just transfer
>> the old ones in, they should work but will be building about 1400
>> modules extra.
>
>You may want to try the opposite approach.  x86_64_defconfig, then add
>just what is necessary to boot and reproduce the bug.

Oh-oh, and where in this new tree do I find that?  Or is that a make 
command?

I use a script called makeit, does everything but the grub-update.  
Designed to stop if it encounters an error so the error doesn't scroll off 
screen.

Thanks. 
>
>hth,
>
>Jason.


Cheers, Gene
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Jason Cooper 
Gene,

On Sun, Dec 29, 2013 at 12:11:26AM -0500, Gene Heskett wrote:
> On Saturday 28 December 2013, Jason Cooper wrote:
> >On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
...
> >> working toward 3.8.3 which doesn't, and I have the disk space chowned
> >> to me, what is the exact syntax to pull a clone of 3.8.2, and then do
> >> a bisect to 3.8.3 where the microcode update for an AMD phenom doesn't
> >> work. Skipping fwd to 3.12.0 it still isn't working.
> >
> >The version tags you are referring to are from the linux-stable tree, so
> >we'll clone that one instead of Linus'.
> >
> >So, something like this:
> >
> >$ git clone \
> >git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git \
> >~/linux-stable
> 
> Looks like its working.
> 
> >$ cd ~/linux-stable
> >$ git checkout v3.8.3
> >$ git bisect start
> >$ git bisect bad
> >$ git bisect good v3.8.2
> >$ ...
> >
> >And now you iterate through as the manpage suggests, until it narrows it
> >down to a single commit.  Once there, report to this list with '[BUG
> >BISECTED] ...' in the subject line.
> >
> >hth,
> 
> Yes, I think I can nail it now.  One final clarification, do I use a 
> .config geared more to my machine, or am I supposed to do a "make 
> allmodconfig?"

I would use the smallest config that allows me to boot the system and
reproduce the bug.  A good starting point is /proc/config.gz from the
running system.  allmodconfig is just sticking the knife in and
twisting unnecessarily.

> I haven't done this in a while and I'm still going thru the xconfig, 
> stripping out modules for hardware I don't have, but if I just transfer the 
> old ones in, they should work but will be building about 1400 modules 
> extra.

You may want to try the opposite approach.  x86_64_defconfig, then add just
what is necessary to boot and reproduce the bug.

hth,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Gene Heskett 
On Saturday 28 December 2013, Jason Cooper wrote:
>Hey Gene,
>
>On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
>> Hey guys, I need to setup a bisect using git but the man pages aren't
>> giving me what I need to know.  Mainly I have no clue what the URL for
>> the git repos looks like, I've been downloading and building the
>> tarballs from kernel.org all this time.
>
>Looks like you now have your driving problem to learn git. ;-)
>
>> Assuming I start with fresh git pull of 3.8.2 which worked,
>
>Here's where the wheels come off the cart.  You aren't cloning a specific
>revision/tag/version.  'git clone' makes a clone (hence the name) of the
>entire tree's history.  Once you have a clone on your local disk, you
>can then checkout _any_ version you want.  You have *all* of them.  This
>is what 'git bisect' will be doing for you.
>
>> working toward 3.8.3 which doesn't, and I have the disk space chowned
>> to me, what is the exact syntax to pull a clone of 3.8.2, and then do
>> a bisect to 3.8.3 where the microcode update for an AMD phenom doesn't
>> work. Skipping fwd to 3.12.0 it still isn't working.
>
>The version tags you are referring to are from the linux-stable tree, so
>we'll clone that one instead of Linus'.
>
>So, something like this:
>
>$ git clone \
>git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git \
>~/linux-stable

Looks like its working.

>$ cd ~/linux-stable
>$ git checkout v3.8.3
>$ git bisect start
>$ git bisect bad
>$ git bisect good v3.8.2
>$ ...
>
>And now you iterate through as the manpage suggests, until it narrows it
>down to a single commit.  Once there, report to this list with '[BUG
>BISECTED] ...' in the subject line.
>
>hth,

Yes, I think I can nail it now.  One final clarification, do I use a 
.config geared more to my machine, or am I supposed to do a "make 
allmodconfig?"

I haven't done this in a while and I'm still going thru the xconfig, 
stripping out modules for hardware I don't have, but if I just transfer the 
old ones in, they should work but will be building about 1400 modules 
extra.

I just got the 2nd message about marking the subject line, can do, thanks.

Thanks Jason.

>Jason.


Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

BOFH excuse #8:

static buildup
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
 law-abiding citizens.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Jason Cooper 
Gene,

On Sat, Dec 28, 2013 at 11:35:47PM -0500, Jason Cooper wrote:
> On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
...
> > working toward 3.8.3 which doesn't, and I have the disk space chowned
> > to me, what is the exact syntax to pull a clone of 3.8.2, and then do
> > a bisect to 3.8.3 where the microcode update for an AMD phenom doesn't
> > work. Skipping fwd to 3.12.0 it still isn't working.
> 
> The version tags you are referring to are from the linux-stable tree, so
> we'll clone that one instead of Linus'.

Just one small addendum to this:

Once you've identified the commit in the -stable tree, we'll have to
find the corresponding commit in the mainline tree.  Don't worry about
trying to find this for your initial email, just make sure to mention
that the commit identified is from the -stable tree between v3.8.2 and
v3.8.3.

thx,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Git puzzle

2013-12-28 Thread Jason Cooper 
Hey Gene,

On Sat, Dec 28, 2013 at 09:41:40PM -0500, Gene Heskett wrote:
> Hey guys, I need to setup a bisect using git but the man pages aren't 
> giving me what I need to know.  Mainly I have no clue what the URL for the 
> git repos looks like, I've been downloading and building the tarballs from 
> kernel.org all this time.

Looks like you now have your driving problem to learn git. ;-)

> Assuming I start with fresh git pull of 3.8.2 which worked,

Here's where the wheels come off the cart.  You aren't cloning a specific
revision/tag/version.  'git clone' makes a clone (hence the name) of the
entire tree's history.  Once you have a clone on your local disk, you
can then checkout _any_ version you want.  You have *all* of them.  This
is what 'git bisect' will be doing for you.

> working toward 3.8.3 which doesn't, and I have the disk space chowned
> to me, what is the exact syntax to pull a clone of 3.8.2, and then do
> a bisect to 3.8.3 where the microcode update for an AMD phenom doesn't
> work. Skipping fwd to 3.12.0 it still isn't working.

The version tags you are referring to are from the linux-stable tree, so
we'll clone that one instead of Linus'.

So, something like this:

$ git clone \
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git \
~/linux-stable

$ cd ~/linux-stable
$ git checkout v3.8.3
$ git bisect start
$ git bisect bad
$ git bisect good v3.8.2
$ ...

And now you iterate through as the manpage suggests, until it narrows it
down to a single commit.  Once there, report to this list with '[BUG
BISECTED] ...' in the subject line.

hth,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 2/2] ACPI / hotplug / driver core: Handle containers in a special way

2013-12-28 Thread Greg Kroah-Hartman 
On Fri, Dec 27, 2013 at 11:28:34PM +0100, Rafael J. Wysocki wrote:
> From: Rafael J. Wysocki 
> 
> ACPI container devices require special hotplug handling, at least
> on some systems, since generally user space needs to carry out
> system-specific cleanup before it makes sense to offline devices in
> the container.  However, the current ACPI hotplug code for containers
> first attempts to offline devices in the container and only then it
> notifies user space of the container offline.
> 
> Moreover, after commit 202317a573b2 (ACPI / scan: Add acpi_device
> objects for all device nodes in the namespace), ACPI device objects
> representing containers are present as long as the ACPI namespace
> nodes corresponding to them are present, which may be forever, even
> if the container devices are physically detached from the system (the
> return values of the corresponding _STA methods change in those
> cases, but generally the namespace nodes themselves are still there).
> Thus it is useful to introduce entities representing containers that
> will go away during container hot-unplug.
> 
> The goal of this change is to address both the above issues.
> 
> The idea is to create a "companion" container system device for each
> of the ACPI container device objects during the initial namespace
> scan or on a hotplug event making the container present.  That system
> device will be unregistered on container removal.  A new bus type
> for container devices is added for this purpose, because device
> offline and online operations need to be defined for them.  The
> online operation is a trivial function that is always successful
> and the offline uses a callback pointed to by the container device's
> offline member.
> 
> For ACPI containers that callback simply walks the list of ACPI
> device objects right below the container object (its children) and
> checks if all of their physical companion devices are offline.  If
> that's not the case, it returns -EBUSY and the container system
> device cannot be put offline.  Consequently, to put the container
> system device offline, it is necessary to put all of the physical
> devices depending on its ACPI companion object offline beforehand.
> 
> Container system devices created for ACPI container objects are
> initially online.  They are created by the container ACPI scan
> handler whose hotplug.demand_offline flag is set.  That causes
> acpi_scan_hot_remove() to check if the companion container system
> device is offline before attempting to remove an ACPI container or
> any devices below it.  If the check fails, a KOBJ_CHANGE uevent is
> emitted for the container system device in question and user space
> is expected to offline all devices below the container and the
> container itself in response to it.  Then, user space can finalize
> the removal of the container with the help of its ACPI device
> object's eject attribute in sysfs.
> 
> Signed-off-by: Rafael J. Wysocki 
> Tested-by: Yasuaki Ishimatsu 

Acked-by: Greg Kroah-Hartman 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH][tentative] PCI / ACPI: Rework PCI host bridge removal to avoid sysfs warnings

2013-12-28 Thread Greg Kroah-Hartman 
On Sun, Dec 29, 2013 at 12:20:22AM +0100, Rafael J. Wysocki wrote:
> From: Rafael J. Wysocki 
> 
> The device_del(_bridge->dev) in pci_stop_root_bus() is
> problematic, because it causes all sysfs directories below
> the host bridge to be removed recursively and when
> pci_remove_root_bus() attempts to remove devices on the root
> bus (whose sysfs directories are gone now along with all their
> subdirectories), it causes warnings similar to this one to be
> printed:
> 
> WARNING: CPU: 0 PID: 6 at fs/sysfs/group.c:214 sysfs_remove_group+0xc6/0xd0()
> sysfs group 819ac5c0 not found for kobject '0001:ff:10.2'
> Modules linked in: 
> CPU: 0 PID: 6 Comm: kworker/u512:0 Tainted: GW3.13.0-rc5+ #11
> Hardware name:
> Workqueue: kacpi_hotplug acpi_hotplug_work_fn
>  0009 8808738d3bd8 815d84ea 8808738d3c20
>  8808738d3c10 8106594d  819ac5c0
>  880871b9d0a8 8a07d1895000 0103 8808738d3c70
> Call Trace:
>  [] dump_stack+0x45/0x56
>  [] warn_slowpath_common+0x7d/0xa0
>  [] warn_slowpath_fmt+0x4c/0x50
>  [] ? sysfs_get_dirent_ns+0x4e/0x70
>  [] sysfs_remove_group+0xc6/0xd0
>  [] dpm_sysfs_remove+0x43/0x50
>  [] device_del+0x45/0x1c0
>  [] pci_remove_bus_device+0x66/0xd0
>  [] pci_remove_root_bus+0x73/0x80
>  [] acpi_pci_root_remove+0x42/0x4f
>  [] acpi_bus_trim+0x56/0x89
>  [] acpi_bus_trim+0x38/0x89
>  [] acpi_device_hotplug+0x137/0x33b
>  [] acpi_hotplug_work_fn+0x1c/0x27
>  [] process_one_work+0x17b/0x460
>  [] worker_thread+0x11b/0x400
>  [] ? rescuer_thread+0x3e0/0x3e0
>  [] kthread+0xd2/0xf0
>  [] ? kthread_create_on_node+0x180/0x180
>  [] ret_from_fork+0x7c/0xb0
>  [] ? kthread_create_on_node+0x180/0x180
> 
> To avoid that, the host bridge device has to be deleted after all of
> its children, so merge pci_stop_root_bus() and pci_remove_root_bus()
> into one function, pci_stop_and_remove_root_bus(), that first will
> use pci_stop_and_remove_bus_device() to stop and remove all devices
> on the root bus and then will delete the host bridge device, remove
> its bus and drop the final reference to it.
> 
> Reported-by: Yasuaki Ishimatsu 
> Signed-off-by: Rafael J. Wysocki 
> ---
> 
> Hi,
> 
> I can't really test this patch, but I don't know how it can break anything.
> 
> The only user of pci_stop_root_bus() and pci_remove_root_bus() is
> acpi_pci_root_remove() and the code ordering there seems to be somewhat
> arbitrary.  If you are aware of any reason why it may not work, please let
> me know. :-)

Acked-by: Greg Kroah-Hartman 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 0/2] ACPI / hotplug / driver core: Special handling for container devices

2013-12-28 Thread Greg Kroah-Hartman 
On Fri, Dec 27, 2013 at 11:21:59PM +0100, Rafael J. Wysocki wrote:
> Hi Greg,
> 
> The following series of 2 patches (patch [2/2] in particular) make changes
> needed to handle hot-removal of system container devices (represented by
> ACPI container and module device objects) on Fujitsu systems.  Those devices
> represent things like CPU packages, so we need to be able to take care of them
> cleanly for things like in-the-field CPU socked replacement to work.
> 
> The problem being addressed here is that on the systems in question the 
> removal
> of container devices has to be carried out with the help of user space that
> needs to be notified of the container removal before the kernel attempts to
> offline any devices below the container (e.g. in the package represented by 
> the
> container device object in the ACPI tables).  However, our current code works
> the other way around and the entire thing is messed up.
> 
> This patchset adds the bare bones of what's needed to address that issue and 
> it
> should be possible to build on top of the code added by it in the future if
> need be.
> 
> Patch [1/2] introduces a new demand_offline flag for struct 
> acpi_hotplug_profile
> that makes acpi_scan_hot_remove() check the offline status of the device 
> object's
> companion physical devices to start with and return -EBUSY if at least one of 
> them
> is not offline.
> 
> Patch [2/2] uses that flag to implement the container handling.  The details 
> are
> in the changelog, but that's how it works.
> 
> During the initial namespace scan the container ACPI scan handler creates
> "physical" system container device under /sys/devices/system/container/ for
> each ACPI container object whose status is "present" at that time (the sysfs
> name of that device is the same as the sysfs name of the corresponding
> container object and they are linked to each other via the firmware_node and
> physical_node symbolic links, respectively).  Those system container devices
> are initially online.
> 
> The container ACPI scan handler has the demand_offline flag set in its hotplug
> profile, so when a container eject event happens, acpi_scan_hot_remove() will
> notice that the flag is set in the device object's scan handler and will
> check the online status of its "physical" companion device, which is online
> (that is the system container device the above paragraph is about).  That will
> cause KOBJ_CHANGE to be emitted for the system container device and -EBUSY to
> be returned by acpi_scan_hot_remove().  User space is expected to respond to
> that KOBJ_CHANGE by doing what's necessary to remove the container.
> 
> To that end, it needs to offline the system container device through its 
> online
> sysfs attribute (which is present, because the bus type for containers 
> provides
> the online and offline callbacks).  However, the offline for system container
> devices will only succeed if the physical devices right below the container
> (e.g. in the package represented by it) are all offline, so user space will
> have to offline those devices before attempting to offline the system 
> container
> device itself.  When finished, user space can trigger the container removal
> with the help of the eject sysfs attribute of the ACPI container object 
> pointed
> to by the system container device's firmware_node link (this time the check in
> acpi_scan_hot_remove() will succeed, because the system container device in
> question is now offline).
> 
> Please let me know if you have any objections.  If not, I'd like to queue up
> these patches for 3.14.

No objection from me, I've acked the second patch, feel free to take
both of them in your tree.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 122/185] ASoC: wm8731: fix dsp mode configuration

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Bo Shen 

commit b4af6ef99a60c5b56df137d7accd81ba1ee1254e upstream.

According to WM8731 "PD, Rev 4.9 October 2012" datasheet, when it
works in DSP mode A, LRP = 1, while works in DSP mode B, LRP = 0.
So, fix LRP for DSP mode as the datesheet specification.

Signed-off-by: Bo Shen 
Acked-by: Charles Keepax 
Signed-off-by: Mark Brown 
Signed-off-by: Ben Hutchings 
---
 sound/soc/codecs/wm8731.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/sound/soc/codecs/wm8731.c
+++ b/sound/soc/codecs/wm8731.c
@@ -392,10 +392,10 @@ static int wm8731_set_dai_fmt(struct snd
iface |= 0x0001;
break;
case SND_SOC_DAIFMT_DSP_A:
-   iface |= 0x0003;
+   iface |= 0x0013;
break;
case SND_SOC_DAIFMT_DSP_B:
-   iface |= 0x0013;
+   iface |= 0x0003;
break;
default:
return -EINVAL;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 008/185] alarmtimer: return EINVAL instead of ENOTSUPP if rtcdev doesn't exist

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: KOSAKI Motohiro 

commit 98d6f4dd84a134d942827584a3c5f67ffd8ec35f upstream.

Fedora Ruby maintainer reported latest Ruby doesn't work on Fedora Rawhide
on ARM. (http://bugs.ruby-lang.org/issues/9008)

Because of, commit 1c6b39ad3f (alarmtimers: Return -ENOTSUPP if no
RTC device is present) intruduced to return ENOTSUPP when
clock_get{time,res} can't find a RTC device. However this is incorrect.

First, ENOTSUPP isn't exported to userland (ENOTSUP or EOPNOTSUP are the
closest userland equivlents).

Second, Posix and Linux man pages agree that clock_gettime and
clock_getres should return EINVAL if clk_id argument is invalid.
While the arugment that the clockid is valid, but just not supported
on this hardware could be made, this is just a technicality that
doesn't help userspace applicaitons, and only complicates error
handling.

Thus, this patch changes the code to use EINVAL.

Cc: Thomas Gleixner 
Cc: Frederic Weisbecker 
Reported-by: Vit Ondruch 
Signed-off-by: KOSAKI Motohiro 
[jstultz: Tweaks to commit message to include full rational]
Signed-off-by: John Stultz 
Signed-off-by: Ben Hutchings 
---
 kernel/time/alarmtimer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -468,7 +468,7 @@ static int alarm_clock_getres(const cloc
clockid_t baseid = alarm_bases[clock2alarm(which_clock)].base_clockid;
 
if (!alarmtimer_get_rtcdev())
-   return -ENOTSUPP;
+   return -EINVAL;
 
return hrtimer_get_res(baseid, tp);
 }
@@ -485,7 +485,7 @@ static int alarm_clock_get(clockid_t whi
struct alarm_base *base = _bases[clock2alarm(which_clock)];
 
if (!alarmtimer_get_rtcdev())
-   return -ENOTSUPP;
+   return -EINVAL;
 
*tp = ktime_to_timespec(base->gettime());
return 0;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 006/185] rt2400pci: fix RSSI read

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Stanislaw Gruszka 

commit 2bf127a5cc372b9319afcbae10b090663b621c8b upstream.

RSSI value is provided on word3 not on word2.

Signed-off-by: Stanislaw Gruszka 
Signed-off-by: John W. Linville 
Signed-off-by: Ben Hutchings 
---
 drivers/net/wireless/rt2x00/rt2400pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/rt2x00/rt2400pci.c
+++ b/drivers/net/wireless/rt2x00/rt2400pci.c
@@ -1253,7 +1253,7 @@ static void rt2400pci_fill_rxdone(struct
 */
rxdesc->timestamp = ((u64)rx_high << 32) | rx_low;
rxdesc->signal = rt2x00_get_field32(word2, RXD_W2_SIGNAL) & ~0x08;
-   rxdesc->rssi = rt2x00_get_field32(word2, RXD_W3_RSSI) -
+   rxdesc->rssi = rt2x00_get_field32(word3, RXD_W3_RSSI) -
entry->queue->rt2x00dev->rssi_offset;
rxdesc->size = rt2x00_get_field32(word0, RXD_W0_DATABYTE_COUNT);
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 003/185] USB: mos7840: fix tiocmget error handling

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Johan Hovold 

commit a91ccd26e75235d86248d018fe3779732bcafd8d upstream.

Make sure to return errors from tiocmget rather than rely on
uninitialised stack data.

Signed-off-by: Johan Hovold 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Ben Hutchings 
---
 drivers/usb/serial/mos7840.c | 4 
 1 file changed, 4 insertions(+)

--- a/drivers/usb/serial/mos7840.c
+++ b/drivers/usb/serial/mos7840.c
@@ -1689,7 +1689,11 @@ static int mos7840_tiocmget(struct tty_s
return -ENODEV;
 
status = mos7840_get_uart_reg(port, MODEM_STATUS_REGISTER, );
+   if (status != 1)
+   return -EIO;
status = mos7840_get_uart_reg(port, MODEM_CONTROL_REGISTER, );
+   if (status != 1)
+   return -EIO;
result = ((mcr & MCR_DTR) ? TIOCM_DTR : 0)
| ((mcr & MCR_RTS) ? TIOCM_RTS : 0)
| ((mcr & MCR_LOOPBACK) ? TIOCM_LOOP : 0)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] vt: fix potential dual con_driver register for conswitchp

2013-12-28 Thread Wang YanQing 
We should check whether conswitchp is registered before
add it to registered_con_driver in con_init, or it will
cause dual con_driver register for conswitchp.

Although I haven't met it in reality, but I think it could
happen for Embeded devices, who register platform con_driver
earlier than call con_init.

Signed-off-by: Wang YanQing 
---
 drivers/tty/vt/vt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index edcd6b8..3de4504 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -2876,6 +2876,8 @@ static int __init con_init(void)
for (i = 0; i < MAX_NR_CON_DRIVER; i++) {
struct con_driver *con_driver = _con_driver[i];
 
+   if (con_driver->con == conswitchp)
+   break;
if (con_driver->con == NULL) {
con_driver->con = conswitchp;
con_driver->desc = display_desc;
-- 
1.8.3.4.8.g69490f3.dirty
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 111/185] ARM: footbridge: fix VGA initialisation

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Russell King 

commit 43659222e7a0113912ed02f6b2231550b3e471ac upstream.

It's no good setting vga_base after the VGA console has been
initialised, because if we do that we get this:

Unable to handle kernel paging request at virtual address 000b8000
pgd = c0004000
[000b8000] *pgd=07ffc831, *pte=, *ppte=
0Internal error: Oops: 5017 [#1] ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.12.0+ #49
task: c03e2974 ti: c03d8000 task.ti: c03d8000
PC is at vgacon_startup+0x258/0x39c
LR is at request_resource+0x10/0x1c
pc : []lr : []psr: 6053
sp : c03d9f68  ip : 000b8000  fp : c03d9f8c
r10: 55aa  r9 : 4401a103  r8 : aa55
r7 : c03e357c  r6 : c051b460  r5 : 00ff  r4 : 000c
r3 : 000b8000  r2 : c03e0514  r1 :   r0 : c0304971
Flags: nZCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment kernel

which is an access to the 0xb8000 without the PCI offset required to
make it work.

Fixes: cc22b4c18540 ("ARM: set vga memory base at run-time")
Signed-off-by: Russell King 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 arch/arm/mach-footbridge/common.c  | 3 +++
 arch/arm/mach-footbridge/dc21285.c | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

--- a/arch/arm/mach-footbridge/common.c
+++ b/arch/arm/mach-footbridge/common.c
@@ -15,6 +15,7 @@
 #include 
 #include 
 #include 
+#include 
  
 #include 
 #include 
@@ -197,6 +198,8 @@ void __init footbridge_map_io(void)
 */
if (footbridge_cfn_mode())
iotable_init(ebsa285_host_io_desc, 
ARRAY_SIZE(ebsa285_host_io_desc));
+
+   vga_base = PCIMEM_BASE;
 }
 
 #ifdef CONFIG_FOOTBRIDGE_ADDIN
--- a/arch/arm/mach-footbridge/dc21285.c
+++ b/arch/arm/mach-footbridge/dc21285.c
@@ -18,7 +18,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
@@ -297,7 +296,6 @@ void __init dc21285_preinit(void)
int cfn_mode;
 
pcibios_min_mem = 0x8100;
-   vga_base = PCIMEM_BASE;
 
mem_size = (unsigned int)high_memory - PAGE_OFFSET;
for (mem_mask = 0x0010; mem_mask < 0x1000; mem_mask <<= 1)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 170/185] ipv6: fix possible seqlock deadlock in ip6_finish_output2

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Hannes Frederic Sowa 

[ Upstream commit 7f88c6b23afbd31545c676dea77ba9593a1a14bf ]

IPv6 stats are 64 bits and thus are protected with a seqlock. By not
disabling bottom-half we could deadlock here if we don't disable bh and
a softirq reentrantly updates the same mib.

Cc: Eric Dumazet 
Signed-off-by: Hannes Frederic Sowa 
Acked-by: Eric Dumazet 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ipv6/ip6_output.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 97675bf..d3fde7e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -144,8 +144,8 @@ static int ip6_finish_output2(struct sk_buff *skb)
return res;
}
rcu_read_unlock();
-   IP6_INC_STATS_BH(dev_net(dst->dev),
-ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
+   IP6_INC_STATS(dev_net(dst->dev),
+ ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
kfree_skb(skb);
return -EINVAL;
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 163/185] ipv6: fix leaking uninitialized port number of offender sockaddr

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Hannes Frederic Sowa 

[ Upstream commit 1fa4c710b6fe7b0aac9907240291b6fe6aafc3b8 ]

Offenders don't have port numbers, so set it to 0.

Signed-off-by: Hannes Frederic Sowa 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ipv6/datagram.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 144c105..3c7c948 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -375,6 +375,7 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, 
int len, int *addr_len)
if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) {
sin->sin6_family = AF_INET6;
sin->sin6_flowinfo = 0;
+   sin->sin6_port = 0;
sin->sin6_scope_id = 0;
if (skb->protocol == htons(ETH_P_IPV6)) {
ipv6_addr_copy(>sin6_addr, _hdr(skb)->saddr);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 145/185] selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Paul Moore 

commit 446b802437f285de68ffb8d6fac3c44c3cab5b04 upstream.

In selinux_ip_postroute() we perform access checks based on the
packet's security label.  For locally generated traffic we get the
packet's security label from the associated socket; this works in all
cases except for TCP SYN-ACK packets.  In the case of SYN-ACK packet's
the correct security label is stored in the connection's request_sock,
not the server's socket.  Unfortunately, at the point in time when
selinux_ip_postroute() is called we can't query the request_sock
directly, we need to recreate the label using the same logic that
originally labeled the associated request_sock.

See the inline comments for more explanation.

Reported-by: Janak Desai 
Tested-by: Janak Desai 
Signed-off-by: Paul Moore 
Signed-off-by: Ben Hutchings 
---
 security/selinux/hooks.c | 68 +---
 1 file changed, 53 insertions(+), 15 deletions(-)

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3705,6 +3705,30 @@ static int selinux_skb_peerlbl_sid(struc
return 0;
 }
 
+/**
+ * selinux_conn_sid - Determine the child socket label for a connection
+ * @sk_sid: the parent socket's SID
+ * @skb_sid: the packet's SID
+ * @conn_sid: the resulting connection SID
+ *
+ * If @skb_sid is valid then the user:role:type information from @sk_sid is
+ * combined with the MLS information from @skb_sid in order to create
+ * @conn_sid.  If @skb_sid is not valid then then @conn_sid is simply a copy
+ * of @sk_sid.  Returns zero on success, negative values on failure.
+ *
+ */
+static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
+{
+   int err = 0;
+
+   if (skb_sid != SECSID_NULL)
+   err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
+   else
+   *conn_sid = sk_sid;
+
+   return err;
+}
+
 /* socket security operations */
 
 static int socket_sockcreate_sid(const struct task_security_struct *tsec,
@@ -4296,7 +4320,7 @@ static int selinux_inet_conn_request(str
struct sk_security_struct *sksec = sk->sk_security;
int err;
u16 family = sk->sk_family;
-   u32 newsid;
+   u32 connsid;
u32 peersid;
 
/* handle mapped IPv4 packets arriving via IPv6 sockets */
@@ -4306,16 +4330,11 @@ static int selinux_inet_conn_request(str
err = selinux_skb_peerlbl_sid(skb, family, );
if (err)
return err;
-   if (peersid == SECSID_NULL) {
-   req->secid = sksec->sid;
-   req->peer_secid = SECSID_NULL;
-   } else {
-   err = security_sid_mls_copy(sksec->sid, peersid, );
-   if (err)
-   return err;
-   req->secid = newsid;
-   req->peer_secid = peersid;
-   }
+   err = selinux_conn_sid(sksec->sid, peersid, );
+   if (err)
+   return err;
+   req->secid = connsid;
+   req->peer_secid = peersid;
 
return selinux_netlbl_inet_conn_request(req, family);
 }
@@ -4654,12 +4673,12 @@ static unsigned int selinux_ip_postroute
if (!secmark_active && !peerlbl_active)
return NF_ACCEPT;
 
-   /* if the packet is being forwarded then get the peer label from the
-* packet itself; otherwise check to see if it is from a local
-* application or the kernel, if from an application get the peer label
-* from the sending socket, otherwise use the kernel's sid */
sk = skb->sk;
if (sk == NULL) {
+   /* Without an associated socket the packet is either coming
+* from the kernel or it is being forwarded; check the packet
+* to determine which and if the packet is being forwarded
+* query the packet directly to determine the security label. */
if (skb->skb_iif) {
secmark_perm = PACKET__FORWARD_OUT;
if (selinux_skb_peerlbl_sid(skb, family, _sid))
@@ -4668,7 +4687,26 @@ static unsigned int selinux_ip_postroute
secmark_perm = PACKET__SEND;
peer_sid = SECINITSID_KERNEL;
}
+   } else if (sk->sk_state == TCP_LISTEN) {
+   /* Locally generated packet but the associated socket is in the
+* listening state which means this is a SYN-ACK packet.  In
+* this particular case the correct security label is assigned
+* to the connection/request_sock but unfortunately we can't
+* query the request_sock as it isn't queued on the parent
+* socket until after the SYN-ACK packet is sent; the only
+* viable choice is to regenerate the label like we do in
+* selinux_inet_conn_request().  See also selinux_ip_output()
+

[PATCH 3.2 179/185] xfs: underflow bug in xfs_attrlist_by_handle()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 

commit 31978b5cc66b8ba8a7e8eef60b12395d41b7b890 upstream.

If we allocate less than sizeof(struct attrlist) then we end up
corrupting memory or doing a ZERO_PTR_SIZE dereference.

This can only be triggered with CAP_SYS_ADMIN.

Reported-by: Nico Golde 
Reported-by: Fabian Yamaguchi 
Signed-off-by: Dan Carpenter 
Reviewed-by: Dave Chinner 
Signed-off-by: Ben Myers 

(cherry picked from commit 071c529eb672648ee8ca3f90944bcbcc730b4c06)
Signed-off-by: Ben Hutchings 
---
 fs/xfs/xfs_ioctl.c   | 3 ++-
 fs/xfs/xfs_ioctl32.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -404,7 +404,8 @@ xfs_attrlist_by_handle(
return -XFS_ERROR(EPERM);
if (copy_from_user(_hreq, arg, 
sizeof(xfs_fsop_attrlist_handlereq_t)))
return -XFS_ERROR(EFAULT);
-   if (al_hreq.buflen > XATTR_LIST_MAX)
+   if (al_hreq.buflen < sizeof(struct attrlist) ||
+   al_hreq.buflen > XATTR_LIST_MAX)
return -XFS_ERROR(EINVAL);
 
/*
--- a/fs/xfs/xfs_ioctl32.c
+++ b/fs/xfs/xfs_ioctl32.c
@@ -361,7 +361,8 @@ xfs_compat_attrlist_by_handle(
if (copy_from_user(_hreq, arg,
   sizeof(compat_xfs_fsop_attrlist_handlereq_t)))
return -XFS_ERROR(EFAULT);
-   if (al_hreq.buflen > XATTR_LIST_MAX)
+   if (al_hreq.buflen < sizeof(struct attrlist) ||
+   al_hreq.buflen > XATTR_LIST_MAX)
return -XFS_ERROR(EINVAL);
 
/*

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 178/185] aacraid: prevent invalid pointer dereference

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Mahesh Rajashekhara 

commit b4789b8e6be3151a955ade74872822f30e8cd914 upstream.

It appears that driver runs into a problem here if fibsize is too small
because we allocate user_srbcmd with fibsize size only but later we
access it until user_srbcmd->sg.count to copy it over to srbcmd.

It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this
structure already includes one sg element and this is not needed for
commands without data.  So, we would recommend to add the following
(instead of test for fibsize == 0).

Signed-off-by: Mahesh Rajashekhara 
Reported-by: Nico Golde 
Reported-by: Fabian Yamaguchi 
Signed-off-by: Linus Torvalds 
Signed-off-by: Ben Hutchings 
---
 drivers/scsi/aacraid/commctrl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -508,7 +508,8 @@ static int aac_send_raw_srb(struct aac_d
goto cleanup;
}
 
-   if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) {
+   if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct 
user_sgentry))) ||
+   (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr {
rcode = -EINVAL;
goto cleanup;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 004/185] usb: Disable USB 2.0 Link PM before device reset.

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Sarah Sharp 

commit dcc01c0864823f91c3bf3ffca6613e2351702b87 upstream.

Before the USB core resets a device, we need to disable the L1 timeout
for the roothub, if USB 2.0 Link PM is enabled.  Otherwise the port may
transition into L1 in between descriptor fetches, before we know if the
USB device descriptors changed.  LPM will be re-enabled after the
full device descriptors are fetched, and we can confirm the device still
supports USB 2.0 LPM after the reset.

We don't need to wait for the USB device to exit L1 before resetting the
device, since the xHCI roothub port diagrams show a transition to the
Reset state from any of the Ux states (see Figure 34 in the 2012-08-14
xHCI specification update).

This patch should be backported to kernels as old as 3.2, that contain
the commit 65580b4321eb36f16ae8b5987bfa1bb948fc5112 "xHCI: set USB2
hardware LPM".  That was the first commit to enable USB 2.0
hardware-driven Link Power Management.

Signed-off-by: Sarah Sharp 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 drivers/usb/core/hub.c | 6 ++
 1 file changed, 6 insertions(+)

--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -4018,6 +4018,12 @@ static int usb_reset_and_verify_device(s
}
parent_hub = hdev_to_hub(parent_hdev);
 
+   /* Disable USB2 hardware LPM.
+* It will be re-enabled by the enumeration process.
+*/
+   if (udev->usb2_hw_lpm_enabled == 1)
+   usb_set_usb2_hardware_lpm(udev, 0);
+
set_bit(port1, parent_hub->busy_bits);
for (i = 0; i < SET_CONFIG_TRIES; ++i) {
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 174/185] KVM: perform an invalid memslot step for gpa base change

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Marcelo Tosatti 

commit 12d6e7538e2d418c08f082b1b44ffa5fb7270ed8 upstream.

PPC must flush all translations before the new memory slot
is visible.

Signed-off-by: Marcelo Tosatti 
Signed-off-by: Avi Kivity 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 virt/kvm/kvm_main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -774,7 +774,7 @@ skip_lpage:
new.userspace_addr = mem->userspace_addr;
 #endif /* not defined CONFIG_S390 */
 
-   if (!npages) {
+   if (!npages || base_gfn != old.base_gfn) {
r = -ENOMEM;
slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
if (!slots)
@@ -788,8 +788,8 @@ skip_lpage:
old_memslots = kvm->memslots;
rcu_assign_pointer(kvm->memslots, slots);
synchronize_srcu_expedited(>srcu);
-   /* From this point no new shadow pages pointing to a deleted
-* memslot will be created.
+   /* From this point no new shadow pages pointing to a deleted,
+* or moved, memslot will be created.
 *
 * validation of sp->gfn happens in:
 *  - gfn_to_hva (kvm_read_guest, gfn_to_pfn)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 147/185] sched: Avoid throttle_cfs_rq() racing with period_timer stopping

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Ben Segall 

commit f9f9ffc237dd924f048204e8799da74f9ecf40cf upstream.

throttle_cfs_rq() doesn't check to make sure that period_timer is running,
and while update_curr/assign_cfs_runtime does, a concurrently running
period_timer on another cpu could cancel itself between this cpu's
update_curr and throttle_cfs_rq(). If there are no other cfs_rqs running
in the tg to restart the timer, this causes the cfs_rq to be stranded
forever.

Fix this by calling __start_cfs_bandwidth() in throttle if the timer is
inactive.

(Also add some sched_debug lines for cfs_bandwidth.)

Tested: make a run/sleep task in a cgroup, loop switching the cgroup
between 1ms/100ms quota and unlimited, checking for timer_active=0 and
throttled=1 as a failure. With the throttle_cfs_rq() change commented out
this fails, with the full patch it passes.

Signed-off-by: Ben Segall 
Signed-off-by: Peter Zijlstra 
Cc: p...@google.com
Link: 
http://lkml.kernel.org/r/20131016181632.22647.84174.st...@sword-of-the-dawn.mtv.corp.google.com
Signed-off-by: Ingo Molnar 
[bwh: Backported to 3.2: adjust filenames]
Signed-off-by: Ben Hutchings 
---
 kernel/sched_debug.c |8 
 kernel/sched_fair.c  |2 ++
 2 files changed, 10 insertions(+)

--- a/kernel/sched_debug.c
+++ b/kernel/sched_debug.c
@@ -213,6 +213,14 @@ void print_cfs_rq(struct seq_file *m, in
SEQ_printf(m, "  .%-30s: %d\n", "load_tg",
atomic_read(_rq->tg->load_weight));
 #endif
+#ifdef CONFIG_CFS_BANDWIDTH
+   SEQ_printf(m, "  .%-30s: %d\n", "tg->cfs_bandwidth.timer_active",
+   cfs_rq->tg->cfs_bandwidth.timer_active);
+   SEQ_printf(m, "  .%-30s: %d\n", "throttled",
+   cfs_rq->throttled);
+   SEQ_printf(m, "  .%-30s: %d\n", "throttle_count",
+   cfs_rq->throttle_count);
+#endif
 
print_cfs_group_stats(m, cpu, cfs_rq->tg);
 #endif
--- a/kernel/sched_fair.c
+++ b/kernel/sched_fair.c
@@ -1527,6 +1527,8 @@ static void throttle_cfs_rq(struct cfs_r
cfs_rq->throttled_timestamp = rq->clock;
raw_spin_lock(_b->lock);
list_add_tail_rcu(_rq->throttled_list, _b->throttled_cfs_rq);
+   if (!cfs_b->timer_active)
+   __start_cfs_bandwidth(cfs_b);
raw_spin_unlock(_b->lock);
 }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 181/185] ftrace: Fix ftrace hash record update with notrace

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Steven Rostedt 

commit c842e975520f8ab09e293cc92f51a1f396251fd5 upstream.

When disabling the "notrace" records, that means we want to trace them.
If the notrace_hash is zero, it means that we want to trace all
records. But to disable a zero notrace_hash means nothing.

The check for the notrace_hash count was incorrect with:

if (hash && !hash->count)
return

With the correct comment above it that states that we do nothing
if the notrace_hash has zero count. But !hash also means that
the notrace hash has zero count. I think this was done to
protect against dereferencing NULL. But if !hash is true, then
we go through the following loop without doing a single thing.

Fix it to:

if (!hash || !hash->count)
return;

Signed-off-by: Steven Rostedt 
Signed-off-by: Ben Hutchings 
---
 kernel/trace/ftrace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1358,7 +1358,7 @@ static void __ftrace_hash_rec_update(str
 * If the notrace hash has no items,
 * then there's nothing to do.
 */
-   if (hash && !hash->count)
+   if (!hash || !hash->count)
return;
}
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 180/185] net: flow_dissector: fail on evil iph->ihl

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Jason Wang 

commit 6f092343855a71e03b8d209815d8c45bf3a27fcd upstream.

We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).

This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
(rps: support IPIP encapsulation).

Cc: Eric Dumazet 
Cc: Petr Matousek 
Cc: Michael S. Tsirkin 
Cc: Daniel Borkmann 
Signed-off-by: Jason Wang 
Acked-by: Eric Dumazet 
Signed-off-by: David S. Miller 
[bwh: Backported to 3.2: the affected code is in __skb_get_rxhash()]
Signed-off-by: Ben Hutchings 
---
 net/core/flow_dissector.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2609,6 +2609,8 @@ ip:
goto done;
 
ip = (const struct iphdr *) (skb->data + nhoff);
+   if (ip->ihl < 5)
+   goto done;
if (ip_is_fragment(ip))
ip_proto = 0;
else

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 175/185] KVM: Fix iommu map/unmap to handle memory slot moves

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Alex Williamson 

commit e40f193f5bb022e927a57a4f5d5194e4f12ddb74 upstream.

The iommu integration into memory slots expects memory slots to be
added or removed and doesn't handle the move case.  We can unmap
slots from the iommu after we mark them invalid and map them before
installing the final memslot array.  Also re-order the kmemdup vs
map so we don't leave iommu mappings if we get ENOMEM.

Reviewed-by: Gleb Natapov 
Signed-off-by: Alex Williamson 
Signed-off-by: Marcelo Tosatti 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 virt/kvm/kvm_main.c | 19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -788,6 +788,8 @@ skip_lpage:
old_memslots = kvm->memslots;
rcu_assign_pointer(kvm->memslots, slots);
synchronize_srcu_expedited(>srcu);
+   /* slot was deleted or moved, clear iommu mapping */
+   kvm_iommu_unmap_pages(kvm, );
/* From this point no new shadow pages pointing to a deleted,
 * or moved, memslot will be created.
 *
@@ -803,14 +805,6 @@ skip_lpage:
if (r)
goto out_free;
 
-   /* map/unmap the pages in iommu page table */
-   if (npages) {
-   r = kvm_iommu_map_pages(kvm, );
-   if (r)
-   goto out_free;
-   } else
-   kvm_iommu_unmap_pages(kvm, );
-
r = -ENOMEM;
slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL);
if (!slots)
@@ -820,6 +814,13 @@ skip_lpage:
slots->nmemslots = mem->slot + 1;
slots->generation++;
 
+   /* map new memory slot into the iommu */
+   if (npages) {
+   r = kvm_iommu_map_pages(kvm, );
+   if (r)
+   goto out_slots;
+   }
+
/* actual memory is freed via old in kvm_free_physmem_slot below */
if (!npages) {
new.rmap = NULL;
@@ -847,6 +848,8 @@ skip_lpage:
 
return 0;
 
+out_slots:
+   kfree(slots);
 out_free:
kvm_free_physmem_slot(, );
 out:

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 005/185] usb: hub: Clear Port Reset Change during init/resume

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Julius Werner 

commit e92aee330837e4911553761490a8fb843f2053a6 upstream.

This patch adds the Port Reset Change flag to the set of bits that are
preemptively cleared on init/resume of a hub. In theory this bit should
never be set unexpectedly... in practice it can still happen if BIOS,
SMM or ACPI code plays around with USB devices without cleaning up
correctly. This is especially dangerous for XHCI root hubs, which don't
generate any more Port Status Change Events until all change bits are
cleared, so this is a good precaution to have (similar to how it's
already done for the Warm Port Reset Change flag).

Signed-off-by: Julius Werner 
Acked-by: Alan Stern 
Signed-off-by: Greg Kroah-Hartman 
[bwh: Backported to 3.2:
 - Adjust context
 - s/usb_clear_port_feature/clear_port_feature/]
Signed-off-by: Ben Hutchings 
---
 drivers/usb/core/hub.c | 5 +
 1 file changed, 5 insertions(+)

--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -900,6 +900,11 @@ static void hub_activate(struct usb_hub
clear_port_feature(hub->hdev, port1,
USB_PORT_FEAT_C_PORT_LINK_STATE);
}
+   if (portchange & USB_PORT_STAT_C_RESET) {
+   need_debounce_delay = true;
+   clear_port_feature(hub->hdev, port1,
+   USB_PORT_FEAT_C_RESET);
+   }
 
if ((portchange & USB_PORT_STAT_C_BH_RESET) &&
hub_is_superspeed(hub->hdev)) {

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 009/185] USB:add new zte 3g-dongle's pid to option.c

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Rui li 

commit 0636fc507a976cdc40f21bdbcce6f0b98ff1dfe9 upstream.

Signed-off-by: Rui li 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Ben Hutchings 
---
 drivers/usb/serial/option.c | 17 +
 1 file changed, 17 insertions(+)

--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1391,6 +1391,23 @@ static const struct usb_device_id option
.driver_info = (kernel_ulong_t)_intf2_blacklist },
{ USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1426, 0xff, 0xff, 
0xff),  /* ZTE MF91 */
.driver_info = (kernel_ulong_t)_intf2_blacklist },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1533, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1534, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1535, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1545, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1546, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1547, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1565, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1566, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1567, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1589, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1590, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1591, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1592, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1594, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1596, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1598, 0xff, 0xff, 
0xff) },
+   { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1600, 0xff, 0xff, 
0xff) },
{ USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x2002, 0xff,
  0xff, 0xff), .driver_info = (kernel_ulong_t)_k3765_z_blacklist },
{ USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x2003, 0xff, 0xff, 
0xff) },

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 014/185] ARM: sa11x0/assabet: ensure CS2 is configured appropriately

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Russell King 

commit f3964fe1c9d9a887d65faf594669852e4dec46e0 upstream.

The CS2 region contains the Assabet board configuration and status
registers, which are 32-bit.  Unfortunately, some boot loaders do not
configure this region correctly, leaving it setup as a 16-bit region.
Fix this.

Signed-off-by: Russell King 
Signed-off-by: Ben Hutchings 
---
 arch/arm/mach-sa1100/assabet.c | 3 +++
 1 file changed, 3 insertions(+)

--- a/arch/arm/mach-sa1100/assabet.c
+++ b/arch/arm/mach-sa1100/assabet.c
@@ -411,6 +411,9 @@ static void __init assabet_map_io(void)
 * Its called GPCLKR0 in my SA1110 manual.
 */
Ser1SDCR0 |= SDCR0_SUS;
+   MSC1 = (MSC1 & ~0x) |
+   MSC_NonBrst | MSC_32BitStMem |
+   MSC_RdAcc(2) | MSC_WrAcc(2) | MSC_Rec(0);
 
if (machine_has_neponset()) {
 #ifdef CONFIG_ASSABET_NEPONSET

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 002/185] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Trond Myklebust 

commit a6f951ddbdfb7bd87d31a44f61abe202ed6ce57f upstream.

In nfs4_proc_getlk(), when some error causes a retry of the call to
_nfs4_proc_getlk(), we can end up with Oopses of the form

 BUG: unable to handle kernel NULL pointer dereference at 0134
 IP: [] _raw_spin_lock+0xe/0x30

 Call Trace:
  [] _atomic_dec_and_lock+0x4d/0x70
  [] nfs4_put_lock_state+0x32/0xb0 [nfsv4]
  [] nfs4_fl_release_lock+0x15/0x20 [nfsv4]
  [] _nfs4_proc_getlk.isra.40+0x146/0x170 [nfsv4]
  [] nfs4_proc_lock+0x399/0x5a0 [nfsv4]

The problem is that we don't clear the request->fl_ops after the first
try and so when we retry, nfs4_set_lock_state() exits early without
setting the lock stateid.
Regression introduced by commit 70cc6487a4e08b8698c0e2ec935fb48d10490162
(locks: make ->lock release private data before returning in GETLK case)

Reported-by: Weston Andros Adamson 
Reported-by: Jorge Mora 
Signed-off-by: Trond Myklebust 
Signed-off-by: Ben Hutchings 
---
 fs/nfs/nfs4proc.c | 1 +
 1 file changed, 1 insertion(+)

--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -4052,6 +4052,7 @@ static int _nfs4_proc_getlk(struct nfs4_
status = 0;
}
request->fl_ops->fl_release_private(request);
+   request->fl_ops = NULL;
 out:
return status;
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 172/185] HID: multitouch: validate indexes details

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Benjamin Tissoires 

commit 8821f5dc187bdf16cfb32ef5aa8c3035273fa79a upstream.

When working on report indexes, always validate that they are in bounds.
Without this, a HID device could report a malicious feature report that
could trick the driver into a heap overflow:

[  634.885003] usb 1-1: New USB device found, idVendor=0596, idProduct=0500
...
[  676.469629] BUG kmalloc-192 (Tainted: GW   ): Redzone overwritten

Note that we need to change the indexes from s8 to s16 as they can
be between -1 and 255.

CVE-2013-2897

Signed-off-by: Benjamin Tissoires 
Acked-by: Kees Cook 
Signed-off-by: Jiri Kosina 
[bwh: Backported to 3.2: mt_device::{cc,cc_value,inputmode}_index do not
 exist and the corresponding indices do not need to be validated.
 mt_device::maxcontact_report_id does not exist either.  So all we need
 to do is to widen mt_device::inputmode.]
Signed-off-by: Ben Hutchings 
---
--- a/drivers/hid/hid-multitouch.c
+++ b/drivers/hid/hid-multitouch.c
@@ -66,7 +66,7 @@ struct mt_device {
unsigned last_field_index;  /* last field index of the report */
unsigned last_slot_field;   /* the last field of a slot */
int last_mt_collection; /* last known mt-related collection */
-   __s8 inputmode; /* InputMode HID feature, -1 if non-existent */
+   __s16 inputmode;/* InputMode HID feature, -1 if non-existent */
__u8 num_received;  /* how many contacts we received */
__u8 num_expected;  /* expected last contact index */
__u8 maxcontacts;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 013/185] ALSA: 6fire: Fix probe of multiple cards

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Takashi Iwai 

commit 9b389a8a022110b4bc055a19b888283544d9eba6 upstream.

The probe code of snd-usb-6fire driver overrides the devices[] pointer
wrongly without checking whether it's already occupied or not.  This
would screw up the device disconnection later.

Spotted by coverity CID 141423.

Signed-off-by: Takashi Iwai 
Signed-off-by: Ben Hutchings 
---
 sound/usb/6fire/chip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/sound/usb/6fire/chip.c
+++ b/sound/usb/6fire/chip.c
@@ -102,7 +102,7 @@ static int __devinit usb6fire_chip_probe
usb_set_intfdata(intf, chips[i]);
mutex_unlock(_mutex);
return 0;
-   } else if (regidx < 0)
+   } else if (!devices[i] && regidx < 0)
regidx = i;
}
if (regidx < 0) {

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 164/185] atm: idt77252: fix dev refcnt leak

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Ying Xue 

[ Upstream commit b5de4a22f157ca345cdb3575207bf46402414bc1 ]

init_card() calls dev_get_by_name() to get a network deceive. But it
doesn't decrease network device reference count after the device is
used.

Signed-off-by: Ying Xue 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 drivers/atm/idt77252.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 1c05212..b0e75ce 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3513,7 +3513,7 @@ init_card(struct atm_dev *dev)
tmp = dev_get_by_name(_net, tname);/* jhs: was "tmp = 
dev_get(tname);" */
if (tmp) {
memcpy(card->atmdev->esi, tmp->dev_addr, 6);
-
+   dev_put(tmp);
printk("%s: ESI %pM\n", card->name, card->atmdev->esi);
}
/*

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 171/185] {pktgen, xfrm} Update IPv4 header total len and checksum after tranformation

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: "fan.du" 

[ Upstream commit 3868204d6b89ea373a273e760609cb08020beb1a ]

commit a553e4a6317b2cfc7659542c10fe43184ffe53da ("[PKTGEN]: IPSEC support")
tried to support IPsec ESP transport transformation for pktgen, but acctually
this doesn't work at all for two reasons(The orignal transformed packet has
bad IPv4 checksum value, as well as wrong auth value, reported by wireshark)

- After transpormation, IPv4 header total length needs update,
  because encrypted payload's length is NOT same as that of plain text.

- After transformation, IPv4 checksum needs re-caculate because of payload
  has been changed.

With this patch, armmed pktgen with below cofiguration, Wireshark is able to
decrypted ESP packet generated by pktgen without any IPv4 checksum error or
auth value error.

pgset "flag IPSEC"
pgset "flows 1"

Signed-off-by: Fan Du 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/core/pktgen.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 2ef7da0..80aeac9 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2524,6 +2524,8 @@ static int process_ipsec(struct pktgen_dev *pkt_dev,
if (x) {
int ret;
__u8 *eth;
+   struct iphdr *iph;
+
nhead = x->props.header_len - skb_headroom(skb);
if (nhead > 0) {
ret = pskb_expand_head(skb, nhead, 0, 
GFP_ATOMIC);
@@ -2545,6 +2547,11 @@ static int process_ipsec(struct pktgen_dev *pkt_dev,
eth = (__u8 *) skb_push(skb, ETH_HLEN);
memcpy(eth, pkt_dev->hh, 12);
*(u16 *) [12] = protocol;
+
+   /* Update IPv4 header len as well as checksum value */
+   iph = ip_hdr(skb);
+   iph->tot_len = htons(skb->len - ETH_HLEN);
+   ip_send_check(iph);
}
}
return 1;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 182/185] ftrace: Create ftrace_hash_empty() helper routine

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Steven Rostedt 

commit 06a51d9307380c78bb5c92e68fc80ad2c7d7f890 upstream.

There are two types of hashes in the ftrace_ops; one type
is the filter_hash and the other is the notrace_hash. Either
one may be null, meaning it has no elements. But when elements
are added, the hash is allocated.

Throughout the code, a check needs to be made to see if a hash
exists or the hash has elements, but the check if the hash exists
is usually missing causing the possible "NULL pointer dereference bug".

Add a helper routine called "ftrace_hash_empty()" that returns
true if the hash doesn't exist or its count is zero. As they mean
the same thing.

Last-bug-reported-by: Jiri Olsa 
Signed-off-by: Steven Rostedt 
Signed-off-by: Ben Hutchings 
---
 kernel/trace/ftrace.c | 28 +---
 1 file changed, 17 insertions(+), 11 deletions(-)

--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1017,6 +1017,11 @@ static struct ftrace_page*ftrace_pages;
 
 static struct dyn_ftrace *ftrace_free_records;
 
+static bool ftrace_hash_empty(struct ftrace_hash *hash)
+{
+   return !hash || !hash->count;
+}
+
 static struct ftrace_func_entry *
 ftrace_lookup_ip(struct ftrace_hash *hash, unsigned long ip)
 {
@@ -1025,7 +1030,7 @@ ftrace_lookup_ip(struct ftrace_hash *has
struct hlist_head *hhd;
struct hlist_node *n;
 
-   if (!hash->count)
+   if (ftrace_hash_empty(hash))
return NULL;
 
if (hash->size_bits > 0)
@@ -1169,7 +1174,7 @@ alloc_and_copy_ftrace_hash(int size_bits
return NULL;
 
/* Empty hash? */
-   if (!hash || !hash->count)
+   if (ftrace_hash_empty(hash))
return new_hash;
 
size = 1 << hash->size_bits;
@@ -1294,9 +1299,9 @@ ftrace_ops_test(struct ftrace_ops *ops,
filter_hash = rcu_dereference_raw(ops->filter_hash);
notrace_hash = rcu_dereference_raw(ops->notrace_hash);
 
-   if ((!filter_hash || !filter_hash->count ||
+   if ((ftrace_hash_empty(filter_hash) ||
 ftrace_lookup_ip(filter_hash, ip)) &&
-   (!notrace_hash || !notrace_hash->count ||
+   (ftrace_hash_empty(notrace_hash) ||
 !ftrace_lookup_ip(notrace_hash, ip)))
ret = 1;
else
@@ -1348,7 +1353,7 @@ static void __ftrace_hash_rec_update(str
if (filter_hash) {
hash = ops->filter_hash;
other_hash = ops->notrace_hash;
-   if (!hash || !hash->count)
+   if (ftrace_hash_empty(hash))
all = 1;
} else {
inc = !inc;
@@ -1358,7 +1363,7 @@ static void __ftrace_hash_rec_update(str
 * If the notrace hash has no items,
 * then there's nothing to do.
 */
-   if (!hash || !hash->count)
+   if (ftrace_hash_empty(hash))
return;
}
 
@@ -1375,8 +1380,8 @@ static void __ftrace_hash_rec_update(str
if (!other_hash || !ftrace_lookup_ip(other_hash, 
rec->ip))
match = 1;
} else {
-   in_hash = hash && !!ftrace_lookup_ip(hash, rec->ip);
-   in_other_hash = other_hash && 
!!ftrace_lookup_ip(other_hash, rec->ip);
+   in_hash = !!ftrace_lookup_ip(hash, rec->ip);
+   in_other_hash = !!ftrace_lookup_ip(other_hash, rec->ip);
 
/*
 *
@@ -1384,7 +1389,7 @@ static void __ftrace_hash_rec_update(str
if (filter_hash && in_hash && !in_other_hash)
match = 1;
else if (!filter_hash && in_hash &&
-(in_other_hash || !other_hash->count))
+(in_other_hash || 
ftrace_hash_empty(other_hash)))
match = 1;
}
if (!match)
@@ -1799,7 +1804,7 @@ static int ops_traces_mod(struct ftrace_
struct ftrace_hash *hash;
 
hash = ops->filter_hash;
-   return !!(!hash || !hash->count);
+   return ftrace_hash_empty(hash);
 }
 
 static int ftrace_update_code(struct module *mod)
@@ -2112,7 +2117,8 @@ static void *t_start(struct seq_file *m,
 * off, we can short cut and just print out that all
 * functions are enabled.
 */
-   if (iter->flags & FTRACE_ITER_FILTER && !ops->filter_hash->count) {
+   if (iter->flags & FTRACE_ITER_FILTER &&
+   ftrace_hash_empty(ops->filter_hash)) {
if (*pos > 0)
return t_hash_start(m, pos);
iter->flags |= FTRACE_ITER_PRINTALL;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org

[PATCH 3.2 120/185] USB: pl2303: fixed handling of CS5 setting

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Colin Leitner 

commit a313249937820f8b1996133fc285efbd6aad2c5b upstream.

This patch fixes the CS5 setting on the PL2303 USB-to-serial devices. CS5 has a
value of 0 and the CSIZE setting has been skipped altogether by the enclosing
if. Tested on 3.11.6 and the scope shows the correct output after the fix has
been applied.

Tagged to be added to stable, because it fixes a user visible driver bug and is
simple enough to backport easily.

Signed-off-by: Colin Leitner 
Signed-off-by: Johan Hovold 
Signed-off-by: Greg Kroah-Hartman 
[bwh: Backported to 3.2:
 - Old code is cosmetically different]
Signed-off-by: Ben Hutchings 
---
 drivers/usb/serial/pl2303.c | 30 ++
 1 file changed, 14 insertions(+), 16 deletions(-)

--- a/drivers/usb/serial/pl2303.c
+++ b/drivers/usb/serial/pl2303.c
@@ -290,24 +290,21 @@ static void pl2303_set_termios(struct tt
dbg("0xa1:0x21:0:0  %d - %x %x %x %x %x %x %x", i,
buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6]);
 
-   if (cflag & CSIZE) {
-   switch (cflag & CSIZE) {
-   case CS5:
-   buf[6] = 5;
-   break;
-   case CS6:
-   buf[6] = 6;
-   break;
-   case CS7:
-   buf[6] = 7;
-   break;
-   default:
-   case CS8:
-   buf[6] = 8;
-   break;
-   }
-   dbg("%s - data bits = %d", __func__, buf[6]);
+   switch (C_CSIZE(tty)) {
+   case CS5:
+   buf[6] = 5;
+   break;
+   case CS6:
+   buf[6] = 6;
+   break;
+   case CS7:
+   buf[6] = 7;
+   break;
+   default:
+   case CS8:
+   buf[6] = 8;
}
+   dev_dbg(>dev, "data bits = %d\n", buf[6]);
 
/* For reference buf[0]:buf[3] baud rate value */
/* NOTE: Only the values defined in baud_sup are supported !

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 018/185] powerpc/vio: use strcpy in modalias_show

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Prarit Bhargava 

commit 411cabf79e684171669ad29a0628c400b4431e95 upstream.

Commit e82b89a6f19bae73fb064d1b3dd91fcefbb478f4 used strcat instead of
strcpy which can result in an overflow of newlines on the buffer.

Signed-off-by: Prarit Bhargava
Cc: b...@kernel.crashing.org
Cc: b...@decadent.org.uk
Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Ben Hutchings 
---
 arch/powerpc/kernel/vio.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/kernel/vio.c
+++ b/arch/powerpc/kernel/vio.c
@@ -1352,12 +1352,12 @@ static ssize_t modalias_show(struct devi
 
dn = dev->of_node;
if (!dn) {
-   strcat(buf, "\n");
+   strcpy(buf, "\n");
return strlen(buf);
}
cp = of_get_property(dn, "compatible", NULL);
if (!cp) {
-   strcat(buf, "\n");
+   strcpy(buf, "\n");
return strlen(buf);
}
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 015/185] usb: wusbcore: set the RPIPE wMaxPacketSize value correctly

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Thomas Pugliese 

commit 7b6bc07ab554e929c85d51b3d5b26cf7f12c6a3b upstream.

For isochronous endpoints, set the RPIPE wMaxPacketSize value using
wOverTheAirPacketSize from the endpoint companion descriptor instead of
wMaxPacketSize from the normal endpoint descriptor.

Signed-off-by: Thomas Pugliese 
Signed-off-by: Greg Kroah-Hartman 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 drivers/usb/wusbcore/wa-rpipe.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/drivers/usb/wusbcore/wa-rpipe.c
+++ b/drivers/usb/wusbcore/wa-rpipe.c
@@ -332,7 +332,10 @@ static int rpipe_aim(struct wa_rpipe *rp
/* FIXME: compute so seg_size > ep->maxpktsize */
rpipe->descr.wBlocks = cpu_to_le16(16); /* given */
/* ep0 maxpktsize is 0x200 (WUSB1.0[4.8.1]) */
-   rpipe->descr.wMaxPacketSize = cpu_to_le16(ep->desc.wMaxPacketSize);
+   if (usb_endpoint_xfer_isoc(>desc))
+   rpipe->descr.wMaxPacketSize = epcd->wOverTheAirPacketSize;
+   else
+   rpipe->descr.wMaxPacketSize = ep->desc.wMaxPacketSize;
rpipe->descr.bHSHubAddress = 0; /* reserved: zero */
rpipe->descr.bHSHubPort = wusb_port_no_to_idx(urb->dev->portnum);
/* FIXME: use maximum speed as supported or recommended by device */

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 177/185] libertas: potential oops in debugfs

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 

commit a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 upstream.

If we do a zero size allocation then it will oops.  Also we can't be
sure the user passes us a NUL terminated string so I've added a
terminator.

This code can only be triggered by root.

Reported-by: Nico Golde 
Reported-by: Fabian Yamaguchi 
Signed-off-by: Dan Carpenter 
Acked-by: Dan Williams 
Signed-off-by: John W. Linville 
Signed-off-by: Ben Hutchings 
---
 drivers/net/wireless/libertas/debugfs.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/libertas/debugfs.c
+++ b/drivers/net/wireless/libertas/debugfs.c
@@ -919,7 +919,10 @@ static ssize_t lbs_debugfs_write(struct
char *p2;
struct debug_data *d = f->private_data;
 
-   pdata = kmalloc(cnt, GFP_KERNEL);
+   if (cnt == 0)
+   return 0;
+
+   pdata = kmalloc(cnt + 1, GFP_KERNEL);
if (pdata == NULL)
return 0;
 
@@ -928,6 +931,7 @@ static ssize_t lbs_debugfs_write(struct
kfree(pdata);
return 0;
}
+   pdata[cnt] = '\0';
 
p0 = pdata;
for (i = 0; i < num_of_items; i++) {

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 168/185] af_packet: block BH in prb_shutdown_retire_blk_timer()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Veaceslav Falico 

[ Upstream commit ec6f809ff6f19fafba3212f6aff0dda71dfac8e8 ]

Currently we're using plain spin_lock() in prb_shutdown_retire_blk_timer(),
however the timer might fire right in the middle and thus try to re-aquire
the same spinlock, leaving us in a endless loop.

To fix that, use the spin_lock_bh() to block it.

Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
CC: "David S. Miller" 
CC: Daniel Borkmann 
CC: Willem de Bruijn 
CC: Phil Sutter 
CC: Eric Dumazet 
Reported-by: Jan Stancek 
Tested-by: Jan Stancek 
Signed-off-by: Veaceslav Falico 
Acked-by: Daniel Borkmann 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/packet/af_packet.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 7616c58..4f19bf2 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -505,9 +505,9 @@ static void prb_shutdown_retire_blk_timer(struct 
packet_sock *po,
 
pkc = tx_ring ? >tx_ring.prb_bdqc : >rx_ring.prb_bdqc;
 
-   spin_lock(_queue->lock);
+   spin_lock_bh(_queue->lock);
pkc->delete_blk_timer = 1;
-   spin_unlock(_queue->lock);
+   spin_unlock_bh(_queue->lock);
 
prb_del_retire_blk_timer(pkc);
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 165/185] net: core: Always propagate flag changes to interfaces

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Vlad Yasevich 

[ Upstream commit d2615bf450694c1302d86b9cc8a8958edfe4c3a4 ]

The following commit:
b6c40d68ff6498b7f63ddf97cf0aa818d748dee7
net: only invoke dev->change_rx_flags when device is UP

tried to fix a problem with VLAN devices and promiscuouse flag setting.
The issue was that VLAN device was setting a flag on an interface that
was down, thus resulting in bad promiscuity count.
This commit blocked flag propagation to any device that is currently
down.

A later commit:
deede2fabe24e00bd7e246eb81cd5767dc6fcfc7
vlan: Don't propagate flag changes on down interfaces

fixed VLAN code to only propagate flags when the VLAN interface is up,
thus fixing the same issue as above, only localized to VLAN.

The problem we have now is that if we have create a complex stack
involving multiple software devices like bridges, bonds, and vlans,
then it is possible that the flags would not propagate properly to
the physical devices.  A simple examle of the scenario is the
following:

  eth0> bond0 > bridge0 ---> vlan50

If bond0 or eth0 happen to be down at the time bond0 is added to
the bridge, then eth0 will never have promisc mode set which is
currently required for operation as part of the bridge.  As a
result, packets with vlan50 will be dropped by the interface.

The only 2 devices that implement the special flag handling are
VLAN and DSA and they both have required code to prevent incorrect
flag propagation.  As a result we can remove the generic solution
introduced in b6c40d68ff6498b7f63ddf97cf0aa818d748dee7 and leave
it to the individual devices to decide whether they will block
flag propagation or not.

Reported-by: Stefan Priebe 
Suggested-by: Veaceslav Falico 
Signed-off-by: Vlad Yasevich 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/core/dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 8e455b8..ecf5ea2 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4515,7 +4515,7 @@ static void dev_change_rx_flags(struct net_device *dev, 
int flags)
 {
const struct net_device_ops *ops = dev->netdev_ops;
 
-   if ((dev->flags & IFF_UP) && ops->ndo_change_rx_flags)
+   if (ops->ndo_change_rx_flags)
ops->ndo_change_rx_flags(dev, flags);
 }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 149/185] net: Fix "ip rule delete table 256"

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Andreas Henriksson 

[ Upstream commit 13eb2ab2d33c57ebddc57437a7d341995fc9138c ]

When trying to delete a table >= 256 using iproute2 the local table
will be deleted.
The table id is specified as a netlink attribute when it needs more then
8 bits and iproute2 then sets the table field to RT_TABLE_UNSPEC (0).
Preconditions to matching the table id in the rule delete code
doesn't seem to take the "table id in netlink attribute" into condition
so the frh_get_table helper function never gets to do its job when
matching against current rule.
Use the helper function twice instead of peaking at the table value directly.

Originally reported at: http://bugs.debian.org/724783

Reported-by: Nicolas HICHER 
Signed-off-by: Andreas Henriksson 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/core/fib_rules.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index c02e63c..c0c21b1 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -443,7 +443,8 @@ static int fib_nl_delrule(struct sk_buff *skb, struct 
nlmsghdr* nlh, void *arg)
if (frh->action && (frh->action != rule->action))
continue;
 
-   if (frh->table && (frh_get_table(frh, tb) != rule->table))
+   if (frh_get_table(frh, tb) &&
+   (frh_get_table(frh, tb) != rule->table))
continue;
 
if (tb[FRA_PRIORITY] &&

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 173/185] crypto: ansi_cprng - Fix off by one error in non-block size request

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Neil Horman 

commit 714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream.

Stephan Mueller reported to me recently a error in random number generation in
the ansi cprng. If several small requests are made that are less than the
instances block size, the remainder for loop code doesn't increment
rand_data_valid in the last iteration, meaning that the last bytes in the
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
random data.

The fix is pretty easy, just re-code the for loop to make sure that
rand_data_valid gets incremented appropriately

Signed-off-by: Neil Horman 
Reported-by: Stephan Mueller 
CC: Stephan Mueller 
CC: Petr Matousek 
CC: Herbert Xu 
CC: "David S. Miller" 
Signed-off-by: Herbert Xu 
Signed-off-by: Ben Hutchings 
---
 crypto/ansi_cprng.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -230,11 +230,11 @@ remainder:
 */
if (byte_count < DEFAULT_BLK_SZ) {
 empty_rbuf:
-   for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
-   ctx->rand_data_valid++) {
+   while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
*ptr = ctx->rand_data[ctx->rand_data_valid];
ptr++;
byte_count--;
+   ctx->rand_data_valid++;
if (byte_count == 0)
goto done;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 144/185] selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Paul Moore 

commit 47180068276a04ed31d24fe04c673138208b07a9 upstream.

In selinux_ip_output() we always label packets based on the parent
socket.  While this approach works in almost all cases, it doesn't
work in the case of TCP SYN-ACK packets when the correct label is not
the label of the parent socket, but rather the label of the larval
socket represented by the request_sock struct.

Unfortunately, since the request_sock isn't queued on the parent
socket until *after* the SYN-ACK packet is sent, we can't lookup the
request_sock to determine the correct label for the packet; at this
point in time the best we can do is simply pass/NF_ACCEPT the packet.
It must be said that simply passing the packet without any explicit
labeling action, while far from ideal, is not terrible as the SYN-ACK
packet will inherit any IP option based labeling from the initial
connection request so the label *should* be correct and all our
access controls remain in place so we shouldn't have to worry about
information leaks.

Reported-by: Janak Desai 
Tested-by: Janak Desai 
Signed-off-by: Paul Moore 
Signed-off-by: Ben Hutchings 
---
 security/selinux/hooks.c | 25 +++--
 1 file changed, 23 insertions(+), 2 deletions(-)

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -53,6 +53,7 @@
 #include 
 #include /* for local_port_range[] */
 #include/* struct or_callable used in sock_rcv_skb */
+#include 
 #include 
 #include 
 #include 
@@ -4542,6 +4543,7 @@ static unsigned int selinux_ipv6_forward
 static unsigned int selinux_ip_output(struct sk_buff *skb,
  u16 family)
 {
+   struct sock *sk;
u32 sid;
 
if (!netlbl_enabled())
@@ -4550,8 +4552,27 @@ static unsigned int selinux_ip_output(st
/* we do this in the LOCAL_OUT path and not the POST_ROUTING path
 * because we want to make sure we apply the necessary labeling
 * before IPsec is applied so we can leverage AH protection */
-   if (skb->sk) {
-   struct sk_security_struct *sksec = skb->sk->sk_security;
+   sk = skb->sk;
+   if (sk) {
+   struct sk_security_struct *sksec;
+
+   if (sk->sk_state == TCP_LISTEN)
+   /* if the socket is the listening state then this
+* packet is a SYN-ACK packet which means it needs to
+* be labeled based on the connection/request_sock and
+* not the parent socket.  unfortunately, we can't
+* lookup the request_sock yet as it isn't queued on
+* the parent socket until after the SYN-ACK is sent.
+* the "solution" is to simply pass the packet as-is
+* as any IP option based labeling should be copied
+* from the initial connection request (in the IP
+* layer).  it is far from ideal, but until we get a
+* security label in the packet itself this is the
+* best we can do. */
+   return NF_ACCEPT;
+
+   /* standard practice, label using the parent socket */
+   sksec = sk->sk_security;
sid = sksec->sid;
} else
sid = SECINITSID_KERNEL;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 155/185] isdnloop: use strlcpy() instead of strcpy()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 

[ Upstream commit f9a23c84486ed350cce7bb1b2828abd1f6658796 ]

These strings come from a copy_from_user() and there is no way to be
sure they are NUL terminated.

Signed-off-by: Dan Carpenter 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 drivers/isdn/isdnloop/isdnloop.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
index 509135f..4df80fb 100644
--- a/drivers/isdn/isdnloop/isdnloop.c
+++ b/drivers/isdn/isdnloop/isdnloop.c
@@ -1083,8 +1083,10 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * 
sdefp)
spin_unlock_irqrestore(>isdnloop_lock, 
flags);
return -ENOMEM;
}
-   for (i = 0; i < 3; i++)
-   strcpy(card->s0num[i], sdef.num[i]);
+   for (i = 0; i < 3; i++) {
+   strlcpy(card->s0num[i], sdef.num[i],
+   sizeof(card->s0num[0]));
+   }
break;
case ISDN_PTYPE_1TR6:
if (isdnloop_fake(card, 
"DRV1.04TC-1TR6-CAPI-CNS-BASIS-29.11.95",
@@ -1097,7 +1099,7 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * 
sdefp)
spin_unlock_irqrestore(>isdnloop_lock, 
flags);
return -ENOMEM;
}
-   strcpy(card->s0num[0], sdef.num[0]);
+   strlcpy(card->s0num[0], sdef.num[0], 
sizeof(card->s0num[0]));
card->s0num[1][0] = '\0';
card->s0num[2][0] = '\0';
break;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 001/185] selinux: correct locking in selinux_netlbl_socket_connect)

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Paul Moore 

commit 42d64e1add3a1ce8a787116036163b8724362145 upstream.

The SELinux/NetLabel glue code has a locking bug that affects systems
with NetLabel enabled, see the kernel error message below.  This patch
corrects this problem by converting the bottom half socket lock to a
more conventional, and correct for this call-path, lock_sock() call.

 ===
 [ INFO: suspicious RCU usage. ]
 3.11.0-rc3+ #19 Not tainted
 ---
 net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!

 other info that might help us debug this:

 rcu_scheduler_active = 1, debug_locks = 0
 2 locks held by ping/731:
  #0:  (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect
  #1:  (rcu_read_lock){.+.+..}, at: [<...>] netlbl_conn_setattr

 stack backtrace:
 CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  0001 88006f659d28 81726b6a 88003732c500
  88006f659d58 810e4457 88006b845a00 
  000c 880075aa2f50 88006f659d90 8169bec7
 Call Trace:
  [] dump_stack+0x54/0x74
  [] lockdep_rcu_suspicious+0xe7/0x120
  [] cipso_v4_sock_setattr+0x187/0x1a0
  [] netlbl_conn_setattr+0x187/0x190
  [] ? netlbl_conn_setattr+0x5/0x190
  [] selinux_netlbl_socket_connect+0xae/0xc0
  [] selinux_socket_connect+0x135/0x170
  [] ? might_fault+0x57/0xb0
  [] security_socket_connect+0x16/0x20
  [] SYSC_connect+0x73/0x130
  [] ? sysret_check+0x22/0x5d
  [] ? trace_hardirqs_on_caller+0xfd/0x1c0
  [] ? trace_hardirqs_on_thunk+0x3a/0x3f
  [] SyS_connect+0xe/0x10
  [] system_call_fastpath+0x16/0x1b

Signed-off-by: Paul Moore 
Signed-off-by: Ben Hutchings 
---
 security/selinux/netlabel.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct
sksec->nlbl_state != NLBL_CONNLABELED)
return 0;
 
-   local_bh_disable();
-   bh_lock_sock_nested(sk);
+   lock_sock(sk);
 
/* connected sockets are allowed to disconnect when the address family
 * is set to AF_UNSPEC, if that is what is happening we want to reset
@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct
sksec->nlbl_state = NLBL_CONNLABELED;
 
 socket_connect_return:
-   bh_unlock_sock(sk);
-   local_bh_enable();
+   release_sock(sk);
return rc;
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 016/185] usb: wusbcore: change WA_SEGS_MAX to a legal value

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Thomas Pugliese 

commit f74b75e7f920c700636a669c7d16d12e9202 upstream.

change WA_SEGS_MAX to a number that is legal according to the WUSB
spec.

Signed-off-by: Thomas Pugliese 
Signed-off-by: Greg Kroah-Hartman 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 drivers/usb/wusbcore/wa-xfer.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/usb/wusbcore/wa-xfer.c
+++ b/drivers/usb/wusbcore/wa-xfer.c
@@ -90,7 +90,8 @@
 #include "wusbhc.h"
 
 enum {
-   WA_SEGS_MAX = 255,
+   /* [WUSB] section 8.3.3 allocates 7 bits for the segment index. */
+   WA_SEGS_MAX = 128,
 };
 
 enum wa_seg_status {
@@ -444,7 +445,7 @@ static ssize_t __wa_xfer_setup_sizes(str
xfer->seg_size = (xfer->seg_size / maxpktsize) * maxpktsize;
xfer->segs = (urb->transfer_buffer_length + xfer->seg_size - 1)
/ xfer->seg_size;
-   if (xfer->segs >= WA_SEGS_MAX) {
+   if (xfer->segs > WA_SEGS_MAX) {
dev_err(dev, "BUG? ops, number of segments %d bigger than %d\n",
(int)(urb->transfer_buffer_length / xfer->seg_size),
WA_SEGS_MAX);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 160/185] net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Hannes Frederic Sowa 

[ Upstream commit 68c6beb373955da0886d8f4f5995b3922ceda4be ]

In that case it is probable that kernel code overwrote part of the
stack. So we should bail out loudly here.

The BUG_ON may be removed in future if we are sure all protocols are
conformant.

Suggested-by: Eric Dumazet 
Signed-off-by: Hannes Frederic Sowa 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/socket.c b/net/socket.c
index 18d478a..8021b0f 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -215,12 +215,13 @@ static int move_addr_to_user(struct sockaddr *kaddr, int 
klen,
int err;
int len;
 
+   BUG_ON(klen > sizeof(struct sockaddr_storage));
err = get_user(len, ulen);
if (err)
return err;
if (len > klen)
len = klen;
-   if (len < 0 || len > sizeof(struct sockaddr_storage))
+   if (len < 0)
return -EINVAL;
if (len) {
if (audit_sockaddr(klen, kaddr))

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 154/185] bonding: fix two race conditions in bond_store_updelay/downdelay

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Nikolay Aleksandrov 

[ Upstream commit b869ccfab1e324507fa3596e3e1308444fb68227 ]

This patch fixes two race conditions between bond_store_updelay/downdelay
and bond_store_miimon which could lead to division by zero as miimon can
be set to 0 while either updelay/downdelay are being set and thus miss the
zero check in the beginning, the zero div happens because updelay/downdelay
are stored as new_value / bond->params.miimon. Use rtnl to synchronize with
miimon setting.

CC: Jay Vosburgh 
CC: Andy Gospodarek 
CC: Veaceslav Falico 
Signed-off-by: Nikolay Aleksandrov 
Acked-by: Veaceslav Falico 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 drivers/net/bonding/bond_sysfs.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c
index aae24d1..cf95bd8 100644
--- a/drivers/net/bonding/bond_sysfs.c
+++ b/drivers/net/bonding/bond_sysfs.c
@@ -694,6 +694,8 @@ static ssize_t bonding_store_downdelay(struct device *d,
int new_value, ret = count;
struct bonding *bond = to_bond(d);
 
+   if (!rtnl_trylock())
+   return restart_syscall();
if (!(bond->params.miimon)) {
pr_err("%s: Unable to set down delay as MII monitoring is 
disabled\n",
   bond->dev->name);
@@ -727,6 +729,7 @@ static ssize_t bonding_store_downdelay(struct device *d,
}
 
 out:
+   rtnl_unlock();
return ret;
 }
 static DEVICE_ATTR(downdelay, S_IRUGO | S_IWUSR,
@@ -749,6 +752,8 @@ static ssize_t bonding_store_updelay(struct device *d,
int new_value, ret = count;
struct bonding *bond = to_bond(d);
 
+   if (!rtnl_trylock())
+   return restart_syscall();
if (!(bond->params.miimon)) {
pr_err("%s: Unable to set up delay as MII monitoring is 
disabled\n",
   bond->dev->name);
@@ -782,6 +787,7 @@ static ssize_t bonding_store_updelay(struct device *d,
}
 
 out:
+   rtnl_unlock();
return ret;
 }
 static DEVICE_ATTR(updelay, S_IRUGO | S_IWUSR,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 017/185] powerpc/vio: Fix modalias_show return values

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Prarit Bhargava 

commit e82b89a6f19bae73fb064d1b3dd91fcefbb478f4 upstream.

modalias_show() should return an empty string on error, not -ENODEV.

This causes the following false and annoying error:

> find /sys/devices -name modalias -print0 | xargs -0 cat >/dev/null
cat: /sys/devices/vio/4000/modalias: No such device
cat: /sys/devices/vio/4001/modalias: No such device
cat: /sys/devices/vio/4002/modalias: No such device
cat: /sys/devices/vio/4004/modalias: No such device
cat: /sys/devices/vio/modalias: No such device

Signed-off-by: Prarit Bhargava 
Signed-off-by: Benjamin Herrenschmidt 
Signed-off-by: Ben Hutchings 
---
 arch/powerpc/kernel/vio.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

--- a/arch/powerpc/kernel/vio.c
+++ b/arch/powerpc/kernel/vio.c
@@ -1351,11 +1351,15 @@ static ssize_t modalias_show(struct devi
const char *cp;
 
dn = dev->of_node;
-   if (!dn)
-   return -ENODEV;
+   if (!dn) {
+   strcat(buf, "\n");
+   return strlen(buf);
+   }
cp = of_get_property(dn, "compatible", NULL);
-   if (!cp)
-   return -ENODEV;
+   if (!cp) {
+   strcat(buf, "\n");
+   return strlen(buf);
+   }
 
return sprintf(buf, "vio:T%sS%s\n", vio_dev->type, cp);
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 142/185] KVM: Improve create VCPU parameter (CVE-2013-4587)

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Andy Honig 

commit 338c7dbadd2671189cec7faf64c84d01071b3f96 upstream.

In multiple functions the vcpu_id is used as an offset into a bitfield.  Ag
malicious user could specify a vcpu_id greater than 255 in order to set or
clear bits in kernel memory.  This could be used to elevate priveges in the
kernel.  This patch verifies that the vcpu_id provided is less than 255.
The api documentation already specifies that the vcpu_id must be less than
max_vcpus, but this is currently not checked.

Reported-by: Andrew Honig 
Signed-off-by: Andrew Honig 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Ben Hutchings 
---
 virt/kvm/kvm_main.c | 3 +++
 1 file changed, 3 insertions(+)

--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1683,6 +1683,9 @@ static int kvm_vm_ioctl_create_vcpu(stru
int r;
struct kvm_vcpu *vcpu, *v;
 
+   if (id >= KVM_MAX_VCPUS)
+   return -EINVAL;
+
vcpu = kvm_arch_vcpu_create(kvm, id);
if (IS_ERR(vcpu))
return PTR_ERR(vcpu);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 019/185] dm: allocate buffer for messages with small number of arguments using GFP_NOIO

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Mikulas Patocka 

commit f36afb3957353d2529cb2b00f78fdccd14fc5e9c upstream.

dm-mpath and dm-thin must process messages even if some device is
suspended, so we allocate argv buffer with GFP_NOIO. These messages have
a small fixed number of arguments.

On the other hand, dm-switch needs to process bulk data using messages
so excessive use of GFP_NOIO could cause trouble.

The patch also lowers the default number of arguments from 64 to 8, so
that there is smaller load on GFP_NOIO allocations.

Signed-off-by: Mikulas Patocka 
Acked-by: Alasdair G Kergon 
Signed-off-by: Mike Snitzer 
Signed-off-by: Ben Hutchings 
---
 drivers/md/dm-table.c | 18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -581,14 +581,28 @@ static int adjoin(struct dm_table *table
 
 /*
  * Used to dynamically allocate the arg array.
+ *
+ * We do first allocation with GFP_NOIO because dm-mpath and dm-thin must
+ * process messages even if some device is suspended. These messages have a
+ * small fixed number of arguments.
+ *
+ * On the other hand, dm-switch needs to process bulk data using messages and
+ * excessive use of GFP_NOIO could cause trouble.
  */
 static char **realloc_argv(unsigned *array_size, char **old_argv)
 {
char **argv;
unsigned new_size;
+   gfp_t gfp;
 
-   new_size = *array_size ? *array_size * 2 : 64;
-   argv = kmalloc(new_size * sizeof(*argv), GFP_KERNEL);
+   if (*array_size) {
+   new_size = *array_size * 2;
+   gfp = GFP_KERNEL;
+   } else {
+   new_size = 8;
+   gfp = GFP_NOIO;
+   }
+   argv = kmalloc(new_size * sizeof(*argv), gfp);
if (argv) {
memcpy(argv, old_argv, *array_size * sizeof(*argv));
*array_size = new_size;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 007/185] rt2x00: check if device is still available on rt2x00mac_flush()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Stanislaw Gruszka 

commit 5671ab05cf2a579218985ef56595387932d78ee4 upstream.

Fix random kernel panic with below messages when remove dongle.

[ 2212.355447] BUG: unable to handle kernel NULL pointer dereference at 
0250
[ 2212.355527] IP: [] rt2x00usb_kick_tx_entry+0x12/0x160 
[rt2x00usb]
[ 2212.355599] PGD 0
[ 2212.355626] Oops:  [#1] SMP
[ 2212.355664] Modules linked in: rt2800usb rt2x00usb rt2800lib crc_ccitt 
rt2x00lib mac80211 cfg80211 tun arc4 fuse rfcomm bnep snd_hda_codec_realtek 
snd_hda_intel snd_hda_codec btusb uvcvideo bluetooth snd_hwdep 
x86_pkg_temp_thermal snd_seq coretemp aesni_intel aes_x86_64 snd_seq_device 
glue_helper snd_pcm ablk_helper videobuf2_vmalloc sdhci_pci videobuf2_memops 
videobuf2_core sdhci videodev mmc_core serio_raw snd_page_alloc microcode 
i2c_i801 snd_timer hid_multitouch thinkpad_acpi lpc_ich mfd_core snd tpm_tis 
wmi tpm tpm_bios soundcore acpi_cpufreq i915 i2c_algo_bit drm_kms_helper drm 
i2c_core video [last unloaded: cfg80211]
[ 2212.356224] CPU: 0 PID: 34 Comm: khubd Not tainted 3.12.0-rc3-wl+ #3
[ 2212.356268] Hardware name: LENOVO 3444CUU/3444CUU, BIOS G6ET93WW (2.53 ) 
02/04/2013
[ 2212.356319] task: 880212f687c0 ti: 880212f66000 task.ti: 
880212f66000
[ 2212.356392] RIP: 0010:[]  [] 
rt2x00usb_kick_tx_entry+0x12/0x160 [rt2x00usb]
[ 2212.356481] RSP: 0018:880212f67750  EFLAGS: 00010202
[ 2212.356519] RAX: 000c RBX: 000c RCX: 0293
[ 2212.356568] RDX: 8801f4dc219a RSI:  RDI: 0240
[ 2212.356617] RBP: 880212f67778 R08: a02667e0 R09: 0002
[ 2212.356665] R10: 0001f95254ab4b40 R11: 880212f675be R12: 8801f4dc2150
[ 2212.356712] R13:  R14: a02667e0 R15: 000d
[ 2212.356761] FS:  () GS:88021e20() 
knlGS:
[ 2212.356813] CS:  0010 DS:  ES:  CR0: 80050033
[ 2212.356852] CR2: 0250 CR3: 01a0c000 CR4: 001407f0
[ 2212.356899] Stack:
[ 2212.356917]  000c 8801f4dc2150  
a02667e0
[ 2212.356980]  000d 880212f677b8 a03a31ad 
8801f4dc219a
[ 2212.357038]  8801f4dc2150  8800b93217a0 
8801f49bc800
[ 2212.357099] Call Trace:
[ 2212.357122]  [] ? rt2x00usb_interrupt_txdone+0x90/0x90 
[rt2x00usb]
[ 2212.357174]  [] rt2x00queue_for_each_entry+0xed/0x170 
[rt2x00lib]
[ 2212.357244]  [] rt2x00usb_kick_queue+0x5c/0x60 [rt2x00usb]
[ 2212.357314]  [] rt2x00queue_flush_queue+0x62/0xa0 
[rt2x00lib]
[ 2212.357386]  [] rt2x00mac_flush+0x30/0x70 [rt2x00lib]
[ 2212.357470]  [] ieee80211_flush_queues+0xbd/0x140 
[mac80211]
[ 2212.357555]  [] ieee80211_set_disassoc+0x2d2/0x3d0 
[mac80211]
[ 2212.357645]  [] ieee80211_mgd_deauth+0x1d3/0x240 [mac80211]
[ 2212.357718]  [] ? try_to_wake_up+0xec/0x290
[ 2212.357788]  [] ieee80211_deauth+0x18/0x20 [mac80211]
[ 2212.357872]  [] cfg80211_mlme_deauth+0x9c/0x140 [cfg80211]
[ 2212.357913]  [] cfg80211_mlme_down+0x5c/0x60 [cfg80211]
[ 2212.357962]  [] cfg80211_disconnect+0x188/0x1a0 [cfg80211]
[ 2212.358014]  [] ? __cfg80211_stop_sched_scan+0x1c/0x130 
[cfg80211]
[ 2212.358067]  [] cfg80211_leave+0xc4/0xe0 [cfg80211]
[ 2212.358124]  [] cfg80211_netdev_notifier_call+0x3ab/0x5e0 
[cfg80211]
[ 2212.358177]  [] ? inetdev_event+0x38/0x510
[ 2212.358217]  [] ? __wake_up+0x44/0x50
[ 2212.358254]  [] notifier_call_chain+0x4c/0x70
[ 2212.358293]  [] raw_notifier_call_chain+0x16/0x20
[ 2212.358361]  [] call_netdevice_notifiers_info+0x35/0x60
[ 2212.358429]  [] __dev_close_many+0x49/0xd0
[ 2212.358487]  [] dev_close_many+0x88/0x100
[ 2212.358546]  [] rollback_registered_many+0xb0/0x220
[ 2212.358612]  [] unregister_netdevice_many+0x19/0x60
[ 2212.358694]  [] ieee80211_remove_interfaces+0x112/0x190 
[mac80211]
[ 2212.358791]  [] ieee80211_unregister_hw+0x4f/0x100 
[mac80211]
[ 2212.361994]  [] rt2x00lib_remove_dev+0x161/0x1a0 
[rt2x00lib]
[ 2212.365240]  [] rt2x00usb_disconnect+0x2e/0x70 [rt2x00usb]
[ 2212.368470]  [] usb_unbind_interface+0x64/0x1c0
[ 2212.371734]  [] __device_release_driver+0x7f/0xf0
[ 2212.374999]  [] device_release_driver+0x23/0x30
[ 2212.378131]  [] bus_remove_device+0x108/0x180
[ 2212.381358]  [] device_del+0x135/0x1d0
[ 2212.384454]  [] usb_disable_device+0xb0/0x270
[ 2212.387451]  [] usb_disconnect+0xad/0x1d0
[ 2212.390294]  [] hub_thread+0x63d/0x1660
[ 2212.393034]  [] ? wake_up_atomic_t+0x30/0x30
[ 2212.395728]  [] ? hub_port_debounce+0x130/0x130
[ 2212.398412]  [] kthread+0xc0/0xd0
[ 2212.401058]  [] ? insert_kthread_work+0x40/0x40
[ 2212.403639]  [] ret_from_fork+0x7c/0xb0
[ 2212.406193]  [] ? insert_kthread_work+0x40/0x40
[ 2212.408732] Code: 24 58 08 00 00 bf 80 00 00 00 e8 3a c3 e0 e0 5b 41 5c 5d 
c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <48> 8b 
47 10 48 89 fb

[PATCH 3.2 138/185] hwmon: (w83l786ng) Fix fan speed control mode setting and reporting

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Brian Carnes 

commit cf7559bc053471f32373d71d04a9aa19e0b48d59 upstream.

The wrong mask is used, which causes some fan speed control modes
(pwmX_enable) to be incorrectly reported, and some modes to be
impossible to set.

[JD: add subject and description.]

Signed-off-by: Brian Carnes 
Signed-off-by: Jean Delvare 
Signed-off-by: Ben Hutchings 
---
 drivers/hwmon/w83l786ng.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/hwmon/w83l786ng.c
+++ b/drivers/hwmon/w83l786ng.c
@@ -471,7 +471,7 @@ store_pwm_enable(struct device *dev, str
mutex_lock(>update_lock);
reg = w83l786ng_read_value(client, W83L786NG_REG_FAN_CFG);
data->pwm_enable[nr] = val;
-   reg &= ~(0x02 << W83L786NG_PWM_ENABLE_SHIFT[nr]);
+   reg &= ~(0x03 << W83L786NG_PWM_ENABLE_SHIFT[nr]);
reg |= (val - 1) << W83L786NG_PWM_ENABLE_SHIFT[nr];
w83l786ng_write_value(client, W83L786NG_REG_FAN_CFG, reg);
mutex_unlock(>update_lock);
@@ -740,7 +740,7 @@ static struct w83l786ng_data *w83l786ng_
((pwmcfg >> W83L786NG_PWM_MODE_SHIFT[i]) & 1)
? 0 : 1;
data->pwm_enable[i] =
-   ((pwmcfg >> W83L786NG_PWM_ENABLE_SHIFT[i]) & 2) + 1;
+   ((pwmcfg >> W83L786NG_PWM_ENABLE_SHIFT[i]) & 3) + 1;
data->pwm[i] = w83l786ng_read_value(client,
W83L786NG_REG_PWM[i]);
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 185/185] mmc: block: fix a bug of error handling in MMC driver

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: KOBAYASHI Yoshitake 

commit c8760069627ad3b0dbbea170f0c4c58b16e18d3d upstream.

Current MMC driver doesn't handle generic error (bit19 of device
status) in write sequence. As a result, write data gets lost when
generic error occurs. For example, a generic error when updating a
filesystem management information causes a loss of write data and
corrupts the filesystem. In the worst case, the system will never
boot.

This patch includes the following functionality:
  1. To enable error checking for the response of CMD12 and CMD13
 in write command sequence
  2. To retry write sequence when a generic error occurs

Messages are added for v2 to show what occurs.

[Backported to 3.4-stable]

Signed-off-by: KOBAYASHI Yoshitake 
Signed-off-by: Chris Ball 
Signed-off-by: Ben Hutchings 
---
 drivers/mmc/card/block.c | 45 ++---
 1 file changed, 42 insertions(+), 3 deletions(-)

--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -634,7 +634,7 @@ static int mmc_blk_cmd_error(struct requ
  * Otherwise we don't understand what happened, so abort.
  */
 static int mmc_blk_cmd_recovery(struct mmc_card *card, struct request *req,
-   struct mmc_blk_request *brq, int *ecc_err)
+   struct mmc_blk_request *brq, int *ecc_err, int *gen_err)
 {
bool prev_cmd_status_valid = true;
u32 status, stop_status = 0;
@@ -665,6 +665,16 @@ static int mmc_blk_cmd_recovery(struct m
(brq->cmd.resp[0] & R1_CARD_ECC_FAILED))
*ecc_err = 1;
 
+   /* Flag General errors */
+   if (!mmc_host_is_spi(card->host) && rq_data_dir(req) != READ)
+   if ((status & R1_ERROR) ||
+   (brq->stop.resp[0] & R1_ERROR)) {
+   pr_err("%s: %s: general error sending stop or status 
command, stop cmd response %#x, card status %#x\n",
+  req->rq_disk->disk_name, __func__,
+  brq->stop.resp[0], status);
+   *gen_err = 1;
+   }
+
/*
 * Check the current card state.  If it is in some data transfer
 * mode, tell it to stop (and hopefully transition back to TRAN.)
@@ -684,6 +694,13 @@ static int mmc_blk_cmd_recovery(struct m
return ERR_ABORT;
if (stop_status & R1_CARD_ECC_FAILED)
*ecc_err = 1;
+   if (!mmc_host_is_spi(card->host) && rq_data_dir(req) != READ)
+   if (stop_status & R1_ERROR) {
+   pr_err("%s: %s: general error sending stop 
command, stop cmd response %#x\n",
+  req->rq_disk->disk_name, __func__,
+  stop_status);
+   *gen_err = 1;
+   }
}
 
/* Check for set block count errors */
@@ -933,7 +950,7 @@ static int mmc_blk_err_check(struct mmc_
mmc_active);
struct mmc_blk_request *brq = _mrq->brq;
struct request *req = mq_mrq->req;
-   int ecc_err = 0;
+   int ecc_err = 0, gen_err = 0;
 
/*
 * sbc.error indicates a problem with the set block count
@@ -947,7 +964,7 @@ static int mmc_blk_err_check(struct mmc_
 */
if (brq->sbc.error || brq->cmd.error || brq->stop.error ||
brq->data.error) {
-   switch (mmc_blk_cmd_recovery(card, req, brq, _err)) {
+   switch (mmc_blk_cmd_recovery(card, req, brq, _err, 
_err)) {
case ERR_RETRY:
return MMC_BLK_RETRY;
case ERR_ABORT:
@@ -975,6 +992,15 @@ static int mmc_blk_err_check(struct mmc_
 */
if (!mmc_host_is_spi(card->host) && rq_data_dir(req) != READ) {
u32 status;
+
+   /* Check stop command response */
+   if (brq->stop.resp[0] & R1_ERROR) {
+   pr_err("%s: %s: general error sending stop command, 
stop cmd response %#x\n",
+  req->rq_disk->disk_name, __func__,
+  brq->stop.resp[0]);
+   gen_err = 1;
+   }
+
do {
int err = get_card_status(card, , 5);
if (err) {
@@ -982,6 +1008,14 @@ static int mmc_blk_err_check(struct mmc_
   req->rq_disk->disk_name, err);
return MMC_BLK_CMD_ERR;
}
+
+   if (status & R1_ERROR) {
+   pr_err("%s: %s: general error sending status 
command, card status %#x\n",
+  req->rq_disk->disk_name, __func__,
+  status);
+

[PATCH 3.2 012/185] drivers/libata: Set max sector to 65535 for Slimtype DVD A DS8A9SH drive

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Shan Hai 

commit 0523f037f65dba10191b0fa9c51266f90ba64630 upstream.

The "Slimtype DVD A  DS8A9SH" drive locks up with following backtrace when
the max sector is smaller than 65535 bytes, fix it by adding a quirk to set
the max sector to 65535 bytes.

INFO: task flush-11:0:663 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
flush-11:0D 5ceb 0   663  2 0x
 88026d3b1710 0046 0001 
 88026f2530c0 88026d365860 88026d3b16e0 812ffd52
 88026d4fd3d0 00010001 88026d3b16f0 88026d3b1fd8
Call Trace:
 [] ? cfq_may_queue+0x52/0xf0
 [] schedule+0x18/0x30
 [] io_schedule+0x42/0x60
 [] get_request_wait+0xeb/0x1f0
 [] ? autoremove_wake_function+0x0/0x40
 [] ? elv_merge+0x42/0x210
 [] __make_request+0x8e/0x4e0
 [] generic_make_request+0x21e/0x5e0
 [] submit_bio+0x5d/0xd0
 [] submit_bh+0xf2/0x130
 [] __block_write_full_page+0x1dc/0x3a0
 [] ? end_buffer_async_write+0x0/0x120
 [] ? blkdev_get_block+0x0/0x70
 [] ? blkdev_get_block+0x0/0x70
 [] ? end_buffer_async_write+0x0/0x120
 [] block_write_full_page_endio+0xde/0x100
 [] block_write_full_page+0x10/0x20
 [] blkdev_writepage+0x13/0x20
 [] __writepage+0x15/0x40
 [] write_cache_pages+0x1cf/0x3e0
 [] ? __writepage+0x0/0x40
 [] generic_writepages+0x22/0x30
 [] do_writepages+0x1f/0x40
 [] writeback_single_inode+0xe7/0x3b0
 [] writeback_sb_inodes+0x184/0x280
 [] writeback_inodes_wb+0x6b/0x1a0
 [] wb_writeback+0x23b/0x2a0
 [] wb_do_writeback+0x17d/0x190
 [] bdi_writeback_task+0x4b/0xe0
 [] ? bdi_start_fn+0x0/0x100
 [] bdi_start_fn+0x81/0x100
 [] ? bdi_start_fn+0x0/0x100
 [] kthread+0x8e/0xa0
 [] ? finish_task_switch+0x54/0xc0
 [] kernel_thread_helper+0x4/0x10
 [] ? kthread+0x0/0xa0
 [] ? kernel_thread_helper+0x0/0x10

 The above trace was triggered by
   "dd if=/dev/zero of=/dev/sr0 bs=2048 count=32768"

Signed-off-by: Shan Hai 
Signed-off-by: Tejun Heo 
Signed-off-by: Ben Hutchings 
---
 drivers/ata/libata-core.c | 1 +
 1 file changed, 1 insertion(+)

--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4067,6 +4067,7 @@ static const struct ata_blacklist_entry
{ "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 },
{ "QUANTUM DATDAT72-000", NULL, ATA_HORKAGE_ATAPI_MOD16_DMA },
{ "Slimtype DVD A  DS8A8SH", NULL,  ATA_HORKAGE_MAX_SEC_LBA48 },
+   { "Slimtype DVD A  DS8A9SH", NULL,  ATA_HORKAGE_MAX_SEC_LBA48 },
 
/* Devices we expect to fail diagnostics */
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 153/185] 6lowpan: Uncompression of traffic class field was incorrect

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Jukka Rissanen 

[ Upstream commit 1188f05497e7bd2f2614b99c54adfbe7413d5749 ]

If priority/traffic class field in IPv6 header is set (seen when
using ssh), the uncompression sets the TC and Flow fields incorrectly.

Example:

This is IPv6 header of a sent packet. Note the priority/TC (=1) in
the first byte.

: 61 00 00 00 00 2c 06 40 fe 80 00 00 00 00 00 00
0010: 02 02 72 ff fe c6 42 10 fe 80 00 00 00 00 00 00
0020: 02 1e ab ff fe 4c 52 57

This gets compressed like this in the sending side

: 72 31 04 06 02 1e ab ff fe 4c 52 57 ec c2 00 16
0010: aa 2d fe 92 86 4e be c6 

In the receiving end, the packet gets uncompressed to this
IPv6 header

: 60 06 06 02 00 2a 1e 40 fe 80 00 00 00 00 00 00
0010: 02 02 72 ff fe c6 42 10 fe 80 00 00 00 00 00 00
0020: ab ff fe 4c 52 57 ec c2

First four bytes are set incorrectly and we have also lost
two bytes from destination address.

The fix is to switch the case values in switch statement
when checking the TC field.

Signed-off-by: Jukka Rissanen 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ieee802154/6lowpan.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ieee802154/6lowpan.c b/net/ieee802154/6lowpan.c
index 19d6aef..5d42df2 100644
--- a/net/ieee802154/6lowpan.c
+++ b/net/ieee802154/6lowpan.c
@@ -563,7 +563,7 @@ lowpan_process_data(struct sk_buff *skb)
 * Traffic class carried in-line
 * ECN + DSCP (1 byte), Flow Label is elided
 */
-   case 1: /* 10b */
+   case 2: /* 10b */
if (!skb->len)
goto drop;
tmp = lowpan_fetch_skb_u8(skb);
@@ -576,7 +576,7 @@ lowpan_process_data(struct sk_buff *skb)
 * Flow Label carried in-line
 * ECN + 2-bit Pad + Flow Label (3 bytes), DSCP is elided
 */
-   case 2: /* 01b */
+   case 1: /* 01b */
if (!skb->len)
goto drop;
tmp = lowpan_fetch_skb_u8(skb);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 176/185] ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Russell King 

commit 8404663f81d212918ff85f493649a7991209fa04 upstream.

The {get,put}_user macros don't perform range checking on the provided
__user address when !CPU_HAS_DOMAINS.

This patch reworks the out-of-line assembly accessors to check the user
address against a specified limit, returning -EFAULT if is is out of
range.

[will: changed get_user register allocation to match put_user]
[rmk: fixed building on older ARM architectures]

Reported-by: Catalin Marinas 
Signed-off-by: Will Deacon 
Signed-off-by: Russell King 
[bwh: Backported to 3.2: TUSER() was called T()]
Signed-off-by: Ben Hutchings 
---
 arch/arm/include/asm/assembler.h |  8 
 arch/arm/include/asm/uaccess.h   | 40 +++-
 arch/arm/lib/getuser.S   | 23 +++
 arch/arm/lib/putuser.S   |  6 ++
 4 files changed, 56 insertions(+), 21 deletions(-)

--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -307,4 +307,12 @@
.size \name , . - \name
.endm
 
+   .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req
+#ifndef CONFIG_CPU_USE_DOMAINS
+   adds\tmp, \addr, #\size - 1
+   sbcccs  \tmp, \tmp, \limit
+   bcs \bad
+#endif
+   .endm
+
 #endif /* __ASM_ASSEMBLER_H__ */
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -101,28 +101,39 @@ extern int __get_user_1(void *);
 extern int __get_user_2(void *);
 extern int __get_user_4(void *);
 
-#define __get_user_x(__r2,__p,__e,__s,__i...)  \
+#define __GUP_CLOBBER_1"lr", "cc"
+#ifdef CONFIG_CPU_USE_DOMAINS
+#define __GUP_CLOBBER_2"ip", "lr", "cc"
+#else
+#define __GUP_CLOBBER_2 "lr", "cc"
+#endif
+#define __GUP_CLOBBER_4"lr", "cc"
+
+#define __get_user_x(__r2,__p,__e,__l,__s) \
   __asm__ __volatile__ (   \
__asmeq("%0", "r0") __asmeq("%1", "r2") \
+   __asmeq("%3", "r1") \
"bl __get_user_" #__s   \
: "=" (__e), "=r" (__r2)  \
-   : "0" (__p) \
-   : __i, "cc")
+   : "0" (__p), "r" (__l)  \
+   : __GUP_CLOBBER_##__s)
 
 #define get_user(x,p)  \
({  \
+   unsigned long __limit = current_thread_info()->addr_limit - 1; \
register const typeof(*(p)) __user *__p asm("r0") = (p);\
register unsigned long __r2 asm("r2");  \
+   register unsigned long __l asm("r1") = __limit; \
register int __e asm("r0"); \
switch (sizeof(*(__p))) {   \
case 1: \
-   __get_user_x(__r2, __p, __e, 1, "lr");  \
-   break;  \
+   __get_user_x(__r2, __p, __e, __l, 1);   \
+   break;  \
case 2: \
-   __get_user_x(__r2, __p, __e, 2, "r3", "lr");\
+   __get_user_x(__r2, __p, __e, __l, 2);   \
break;  \
case 4: \
-   __get_user_x(__r2, __p, __e, 4, "lr");  \
+   __get_user_x(__r2, __p, __e, __l, 4);   \
break;  \
default: __e = __get_user_bad(); break; \
}   \
@@ -135,31 +146,34 @@ extern int __put_user_2(void *, unsigned
 extern int __put_user_4(void *, unsigned int);
 extern int __put_user_8(void *, unsigned long long);
 
-#define __put_user_x(__r2,__p,__e,__s) \
+#define __put_user_x(__r2,__p,__e,__l,__s) \
   __asm__ __volatile__ (   \
__asmeq("%0", "r0") __asmeq("%2", "r2") \
+   __asmeq("%3", "r1") \
"bl __put_user_" #__s   \
: "=" (__e)   \
-   : "0" (__p), "r"

[PATCH 3.2 011/185] ahci: disabled FBS prior to issuing software reset

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: xiangliang yu 

commit 89dafa20f3daab5b3e0c13d0068a28e8e64e2102 upstream.

Tested with Marvell 88se9125, attached with one port mulitplier(5 ports)
and one disk, we will get following boot log messages if using current
code:

  ata8: SATA link up 6.0 Gbps (SStatus 133 SControl 330)
  ata8.15: Port Multiplier 1.2, 0x1b4b:0x9715 r160, 5 ports, feat 0x1/0x1f
  ahci :03:00.0: FBS is enabled
  ata8.00: hard resetting link
  ata8.00: SATA link down (SStatus 0 SControl 330)
  ata8.01: hard resetting link
  ata8.01: SATA link down (SStatus 0 SControl 330)
  ata8.02: hard resetting link
  ata8.02: SATA link down (SStatus 0 SControl 330)
  ata8.03: hard resetting link
  ata8.03: SATA link up 6.0 Gbps (SStatus 133 SControl 133)
  ata8.04: hard resetting link
  ata8.04: failed to resume link (SControl 133)
  ata8.04: failed to read SCR 0 (Emask=0x40)
  ata8.04: failed to read SCR 0 (Emask=0x40)
  ata8.04: failed to read SCR 1 (Emask=0x40)
  ata8.04: failed to read SCR 0 (Emask=0x40)
  ata8.03: native sectors (2) is smaller than sectors (976773168)
  ata8.03: ATA-8: ST3500413AS, JC4B, max UDMA/133
  ata8.03: 976773168 sectors, multi 0: LBA48 NCQ (depth 31/32)
  ata8.03: configured for UDMA/133
  ata8.04: failed to IDENTIFY (I/O error, err_mask=0x100)
  ata8.15: hard resetting link
  ata8.15: SATA link up 6.0 Gbps (SStatus 133 SControl 330)
  ata8.15: Port Multiplier vendor mismatch '0x1b4b' != '0x133'
  ata8.15: PMP revalidation failed (errno=-19)
  ata8.15: hard resetting link
  ata8.15: SATA link up 6.0 Gbps (SStatus 133 SControl 330)
  ata8.15: Port Multiplier vendor mismatch '0x1b4b' != '0x133'
  ata8.15: PMP revalidation failed (errno=-19)
  ata8.15: limiting SATA link speed to 3.0 Gbps
  ata8.15: hard resetting link
  ata8.15: SATA link up 3.0 Gbps (SStatus 123 SControl 320)
  ata8.15: Port Multiplier vendor mismatch '0x1b4b' != '0x133'
  ata8.15: PMP revalidation failed (errno=-19)
  ata8.15: failed to recover PMP after 5 tries, giving up
  ata8.15: Port Multiplier detaching
  ata8.03: disabled
  ata8.00: disabled
  ata8: EH complete

The reason is that current detection code doesn't follow AHCI spec:

First,the port multiplier detection process look like this:

ahci_hardreset(link, class, deadline)
if (class == ATA_DEV_PMP) {
sata_pmp_attach(dev)/* will enable FBS */
sata_pmp_init_links(ap, nr_ports);
ata_for_each_link(link, ap, EDGE) {
sata_std_hardreset(link, class, deadline);
if (link_is_online) /* do soft reset */
ahci_softreset(link, class, deadline);
}
}
But, according to chapter 9.3.9 in AHCI spec: Prior to issuing software
reset, software shall clear PxCMD.ST to '0' and then clear PxFBS.EN to
'0'.

The patch test ok with kernel 3.11.1.

tj: Patch white space contaminated, applied manually with trivial
updates.

Signed-off-by: Xiangliang Yu 
Signed-off-by: Tejun Heo 
Signed-off-by: Ben Hutchings 
---
 drivers/ata/libahci.c | 16 
 1 file changed, 16 insertions(+)

--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -1247,9 +1247,11 @@ int ahci_do_softreset(struct ata_link *l
 {
struct ata_port *ap = link->ap;
struct ahci_host_priv *hpriv = ap->host->private_data;
+   struct ahci_port_priv *pp = ap->private_data;
const char *reason = NULL;
unsigned long now, msecs;
struct ata_taskfile tf;
+   bool fbs_disabled = false;
int rc;
 
DPRINTK("ENTER\n");
@@ -1259,6 +1261,16 @@ int ahci_do_softreset(struct ata_link *l
if (rc && rc != -EOPNOTSUPP)
ata_link_warn(link, "failed to reset engine (errno=%d)\n", rc);
 
+   /*
+* According to AHCI-1.2 9.3.9: if FBS is enable, software shall
+* clear PxFBS.EN to '0' prior to issuing software reset to devices
+* that is attached to port multiplier.
+*/
+   if (!ata_is_host_link(link) && pp->fbs_enabled) {
+   ahci_disable_fbs(ap);
+   fbs_disabled = true;
+   }
+
ata_tf_init(link->device, );
 
/* issue the first D2H Register FIS */
@@ -1299,6 +1311,10 @@ int ahci_do_softreset(struct ata_link *l
} else
*class = ahci_dev_classify(ap);
 
+   /* re-enable FBS if disabled before */
+   if (fbs_disabled)
+   ahci_enable_fbs(ap);
+
DPRINTK("EXIT, class=%u\n", *class);
return 0;
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 183/185] ftrace: Check module functions being traced on reload

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: "Steven Rostedt (Red Hat)" 

commit 8c4f3c3fa9681dc549cd35419b259496082fef8b upstream.

There's been a nasty bug that would show up and not give much info.
The bug displayed the following warning:

 WARNING: at kernel/trace/ftrace.c:1529 __ftrace_hash_rec_update+0x1e3/0x230()
 Pid: 20903, comm: bash Tainted: G   O 3.6.11+ #38405.trunk
 Call Trace:
  [] warn_slowpath_common+0x7f/0xc0
  [] warn_slowpath_null+0x1a/0x20
  [] __ftrace_hash_rec_update+0x1e3/0x230
  [] ftrace_hash_move+0x28/0x1d0
  [] ? kfree+0x2c/0x110
  [] ftrace_regex_release+0x8e/0x150
  [] __fput+0xae/0x220
  [] fput+0xe/0x10
  [] task_work_run+0x72/0x90
  [] do_notify_resume+0x6c/0xc0
  [] ? trace_hardirqs_on_thunk+0x3a/0x3c
  [] int_signal+0x12/0x17
 ---[ end trace 793179526ee09b2c ]---

It was finally narrowed down to unloading a module that was being traced.

It was actually more than that. When functions are being traced, there's
a table of all functions that have a ref count of the number of active
tracers attached to that function. When a function trace callback is
registered to a function, the function's record ref count is incremented.
When it is unregistered, the function's record ref count is decremented.
If an inconsistency is detected (ref count goes below zero) the above
warning is shown and the function tracing is permanently disabled until
reboot.

The ftrace callback ops holds a hash of functions that it filters on
(and/or filters off). If the hash is empty, the default means to filter
all functions (for the filter_hash) or to disable no functions (for the
notrace_hash).

When a module is unloaded, it frees the function records that represent
the module functions. These records exist on their own pages, that is
function records for one module will not exist on the same page as
function records for other modules or even the core kernel.

Now when a module unloads, the records that represents its functions are
freed. When the module is loaded again, the records are recreated with
a default ref count of zero (unless there's a callback that traces all
functions, then they will also be traced, and the ref count will be
incremented).

The problem is that if an ftrace callback hash includes functions of the
module being unloaded, those hash entries will not be removed. If the
module is reloaded in the same location, the hash entries still point
to the functions of the module but the module's ref counts do not reflect
that.

With the help of Steve and Joern, we found a reproducer:

 Using uinput module and uinput_release function.

 cd /sys/kernel/debug/tracing
 modprobe uinput
 echo uinput_release > set_ftrace_filter
 echo function > current_tracer
 rmmod uinput
 modprobe uinput
 # check /proc/modules to see if loaded in same addr, otherwise try again
 echo nop > current_tracer

 [BOOM]

The above loads the uinput module, which creates a table of functions that
can be traced within the module.

We add uinput_release to the filter_hash to trace just that function.

Enable function tracincg, which increments the ref count of the record
associated to uinput_release.

Remove uinput, which frees the records including the one that represents
uinput_release.

Load the uinput module again (and make sure it's at the same address).
This recreates the function records all with a ref count of zero,
including uinput_release.

Disable function tracing, which will decrement the ref count for uinput_release
which is now zero because of the module removal and reload, and we have
a mismatch (below zero ref count).

The solution is to check all currently tracing ftrace callbacks to see if any
are tracing any of the module's functions when a module is loaded (it already 
does
that with callbacks that trace all functions). If a callback happens to have
a module function being traced, it increments that records ref count and starts
tracing that function.

There may be a strange side effect with this, where tracing module functions
on unload and then reloading a new module may have that new module's functions
being traced. This may be something that confuses the user, but it's not
a big deal. Another approach is to disable all callback hashes on module unload,
but this leaves some ftrace callbacks that may not be registered, but can
still have hashes tracing the module's function where ftrace doesn't know about
it. That situation can cause the same bug. This solution solves that case too.
Another benefit of this solution, is it is possible to trace a module's
function on unload and load.

Link: http://lkml.kernel.org/r/20130705142629.ga...@redhat.com

Reported-by: Jörn Engel 
Reported-by: Dave Jones 
Reported-by: Steve Hodgson 
Tested-by: Steve Hodgson 
Signed-off-by: Steven Rostedt 
[bwh: Backported to 3.2: adjust context, indentation]
Signed-off-by: Ben Hutchings 
---
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1799,12

[PATCH 3.2 135/185] dm bufio: initialize read-only module parameters

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Mikulas Patocka 

commit 4cb57ab4a2e61978f3a9b7d4f53988f30d61c27f upstream.

Some module parameters in dm-bufio are read-only. These parameters
inform the user about memory consumption. They are not supposed to be
changed by the user.

However, despite being read-only, these parameters can be set on
modprobe or insmod command line, for example:
modprobe dm-bufio current_allocated_bytes=12345

The kernel doesn't expect that these variables can be non-zero at module
initialization and if the user sets them, it results in BUG.

This patch initializes the variables in the module init routine, so that
user-supplied values are ignored.

Signed-off-by: Mikulas Patocka 
Signed-off-by: Mike Snitzer 
Signed-off-by: Ben Hutchings 
---
 drivers/md/dm-bufio.c | 5 +
 1 file changed, 5 insertions(+)

--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -1611,6 +1611,11 @@ static int __init dm_bufio_init(void)
 {
__u64 mem;
 
+   dm_bufio_allocated_kmem_cache = 0;
+   dm_bufio_allocated_get_free_pages = 0;
+   dm_bufio_allocated_vmalloc = 0;
+   dm_bufio_current_allocated = 0;
+
memset(_bufio_caches, 0, sizeof dm_bufio_caches);
memset(_bufio_cache_names, 0, sizeof dm_bufio_cache_names);
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 146/185] drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Linus Pizunski 

commit eb3c227289840eed95ddfb0516046f08d8993940 upstream.

Update month and day of month to the alarm month/day instead of current
day/month when setting the RTC alarm mask.

Signed-off-by: Linus Pizunski 
Signed-off-by: Nicolas Ferre 
Signed-off-by: Andrew Morton 
Signed-off-by: Linus Torvalds 
Signed-off-by: Ben Hutchings 
---
 drivers/rtc/rtc-at91rm9200.c | 2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/rtc/rtc-at91rm9200.c
+++ b/drivers/rtc/rtc-at91rm9200.c
@@ -156,6 +156,8 @@ static int at91_rtc_setalarm(struct devi
 
at91_alarm_year = tm.tm_year;
 
+   tm.tm_mon = alrm->time.tm_mon;
+   tm.tm_mday = alrm->time.tm_mday;
tm.tm_hour = alrm->time.tm_hour;
tm.tm_min = alrm->time.tm_min;
tm.tm_sec = alrm->time.tm_sec;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 157/185] ipv4: fix possible seqlock deadlock

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Eric Dumazet 

[ Upstream commit c9e9042994d37cbc1ee538c500e9da1bb9d1bcdf ]

ip4_datagram_connect() being called from process context,
it should use IP_INC_STATS() instead of IP_INC_STATS_BH()
otherwise we can deadlock on 32bit arches, or get corruptions of
SNMP counters.

Fixes: 584bdf8cbdf6 ("[IPV4]: Fix "ipOutNoRoutes" counter error for TCP and 
UDP")
Signed-off-by: Eric Dumazet 
Reported-by: Dave Jones 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ipv4/datagram.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
index 424fafb..ec07510 100644
--- a/net/ipv4/datagram.c
+++ b/net/ipv4/datagram.c
@@ -57,7 +57,7 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr 
*uaddr, int addr_len)
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
if (err == -ENETUNREACH)
-   IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
+   IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
goto out;
}
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 169/185] inet: fix possible seqlock deadlocks

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Eric Dumazet 

[ Upstream commit f1d8cba61c3c4b1eb88e507249c4cb8d635d9a76 ]

In commit c9e9042994d3 ("ipv4: fix possible seqlock deadlock") I left
another places where IP_INC_STATS_BH() were improperly used.

udp_sendmsg(), ping_v4_sendmsg() and tcp_v4_connect() are called from
process context, not from softirq context.

This was detected by lockdep seqlock support.

Reported-by: jongman heo 
Fixes: 584bdf8cbdf6 ("[IPV4]: Fix "ipOutNoRoutes" counter error for TCP and 
UDP")
Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Signed-off-by: Eric Dumazet 
Cc: Hannes Frederic Sowa 
Acked-by: Hannes Frederic Sowa 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ipv4/ping.c | 2 +-
 net/ipv4/tcp_ipv4.c | 2 +-
 net/ipv4/udp.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index a1f6b34..00975b6 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -567,7 +567,7 @@ static int ping_sendmsg(struct kiocb *iocb, struct sock 
*sk, struct msghdr *msg,
err = PTR_ERR(rt);
rt = NULL;
if (err == -ENETUNREACH)
-   IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
+   IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
goto out;
}
 
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a97c9ad..92d7138 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -182,7 +182,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, 
int addr_len)
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
if (err == -ENETUNREACH)
-   IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
+   IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
return err;
}
 
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 55098a6..8c2e259 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -937,7 +937,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct 
msghdr *msg,
err = PTR_ERR(rt);
rt = NULL;
if (err == -ENETUNREACH)
-   IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
+   IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
goto out;
}
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 128/185] ARM: 7913/1: fix framepointer check in unwind_frame

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Konstantin Khlebnikov 

commit 3abb6671a9c04479c4bd026798a05f857393b7e2 upstream.

This patch fixes corner case when (fp + 4) overflows unsigned long,
for example: fp = 0x -> fp + 4 == 3.

Signed-off-by: Konstantin Khlebnikov 
Signed-off-by: Russell King 
Signed-off-by: Ben Hutchings 
---
 arch/arm/kernel/stacktrace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm/kernel/stacktrace.c
+++ b/arch/arm/kernel/stacktrace.c
@@ -31,7 +31,7 @@ int notrace unwind_frame(struct stackfra
high = ALIGN(low, THREAD_SIZE);
 
/* check current frame pointer is within bounds */
-   if (fp < (low + 12) || fp + 4 >= high)
+   if (fp < low + 12 || fp > high - 4)
return -EINVAL;
 
/* restore the registers from the stack frame */

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 167/185] packet: fix use after free race in send path when dev is released

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Daniel Borkmann 

[ Upstream commit e40526cb20b5ee53419452e1f03d97092f144418 ]

Salam reported a use after free bug in PF_PACKET that occurs when
we're sending out frames on a socket bound device and suddenly the
net device is being unregistered. It appears that commit 827d9780
introduced a possible race condition between {t,}packet_snd() and
packet_notifier(). In the case of a bound socket, packet_notifier()
can drop the last reference to the net_device and {t,}packet_snd()
might end up suddenly sending a packet over a freed net_device.

To avoid reverting 827d9780 and thus introducing a performance
regression compared to the current state of things, we decided to
hold a cached RCU protected pointer to the net device and maintain
it on write side via bind spin_lock protected register_prot_hook()
and __unregister_prot_hook() calls.

In {t,}packet_snd() path, we access this pointer under rcu_read_lock
through packet_cached_dev_get() that holds reference to the device
to prevent it from being freed through packet_notifier() while
we're in send path. This is okay to do as dev_put()/dev_hold() are
per-cpu counters, so this should not be a performance issue. Also,
the code simplifies a bit as we don't need need_rls_dev anymore.

Fixes: 827d978037d7 ("af-packet: Use existing netdev reference for bound 
sockets.")
Reported-by: Salam Noureddine 
Signed-off-by: Daniel Borkmann 
Signed-off-by: Salam Noureddine 
Cc: Ben Greear 
Cc: Eric Dumazet 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/packet/af_packet.c | 60 +++---
 1 file changed, 37 insertions(+), 23 deletions(-)

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 74db1cb..7616c58 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -295,6 +295,7 @@ struct packet_sock {
unsigned inttp_reserve;
unsigned inttp_loss:1;
unsigned inttp_tstamp;
+   struct net_device __rcu *cached_dev;
struct packet_type  prot_hook cacheline_aligned_in_smp;
 };
 
@@ -350,11 +351,15 @@ static void __fanout_link(struct sock *sk, struct 
packet_sock *po);
 static void register_prot_hook(struct sock *sk)
 {
struct packet_sock *po = pkt_sk(sk);
+
if (!po->running) {
-   if (po->fanout)
+   if (po->fanout) {
__fanout_link(sk, po);
-   else
+   } else {
dev_add_pack(>prot_hook);
+   rcu_assign_pointer(po->cached_dev, po->prot_hook.dev);
+   }
+
sock_hold(sk);
po->running = 1;
}
@@ -372,10 +377,13 @@ static void __unregister_prot_hook(struct sock *sk, bool 
sync)
struct packet_sock *po = pkt_sk(sk);
 
po->running = 0;
-   if (po->fanout)
+   if (po->fanout) {
__fanout_unlink(sk, po);
-   else
+   } else {
__dev_remove_pack(>prot_hook);
+   RCU_INIT_POINTER(po->cached_dev, NULL);
+   }
+
__sock_put(sk);
 
if (sync) {
@@ -2032,12 +2040,24 @@ static int tpacket_fill_skb(struct packet_sock *po, 
struct sk_buff *skb,
return tp_len;
 }
 
+static struct net_device *packet_cached_dev_get(struct packet_sock *po)
+{
+   struct net_device *dev;
+
+   rcu_read_lock();
+   dev = rcu_dereference(po->cached_dev);
+   if (dev)
+   dev_hold(dev);
+   rcu_read_unlock();
+
+   return dev;
+}
+
 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
 {
struct sk_buff *skb;
struct net_device *dev;
__be16 proto;
-   bool need_rls_dev = false;
int err, reserve = 0;
void *ph;
struct sockaddr_ll *saddr = (struct sockaddr_ll *)msg->msg_name;
@@ -2050,7 +2070,7 @@ static int tpacket_snd(struct packet_sock *po, struct 
msghdr *msg)
 
err = -EBUSY;
if (saddr == NULL) {
-   dev = po->prot_hook.dev;
+   dev = packet_cached_dev_get(po);
proto   = po->num;
addr= NULL;
} else {
@@ -2064,19 +2084,17 @@ static int tpacket_snd(struct packet_sock *po, struct 
msghdr *msg)
proto   = saddr->sll_protocol;
addr= saddr->sll_addr;
dev = dev_get_by_index(sock_net(>sk), saddr->sll_ifindex);
-   need_rls_dev = true;
}
 
err = -ENXIO;
if (unlikely(dev == NULL))
goto out;
-
-   reserve = dev->hard_header_len;
-
err = -ENETDOWN;
if (unlikely(!(dev->flags & IFF_UP)))
goto out_put;
 
+   reserve = dev->hard_header_len;
+
size_max = po->tx_ring.frame_size
- (po->tp_hdrlen - sizeof(struct sockaddr_ll));
 
@@ -2152,8 +2170,7 @@

[PATCH 3.2 139/185] hwmon: (w83l768ng) Fix fan speed control range

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Jean Delvare 

commit 33a7ab91d509fa33b4bcd3ce0038cc80298050da upstream.

The W83L786NG stores the fan speed on 4 bits while the sysfs interface
uses a 0-255 range. Thus the driver should scale the user input down
to map it to the device range, and scale up the value read from the
device before presenting it to the user. The reserved register nibble
should be left unchanged.

Signed-off-by: Jean Delvare 
Reviewed-by: Guenter Roeck 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 drivers/hwmon/w83l786ng.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/hwmon/w83l786ng.c
+++ b/drivers/hwmon/w83l786ng.c
@@ -447,8 +447,11 @@ store_pwm(struct device *dev, struct dev
struct w83l786ng_data *data = i2c_get_clientdata(client);
u32 val = SENSORS_LIMIT(simple_strtoul(buf, NULL, 10), 0, 255);
 
+   val = DIV_ROUND_CLOSEST(val, 0x11);
+
mutex_lock(>update_lock);
-   data->pwm[nr] = val;
+   data->pwm[nr] = val * 0x11;
+   val |= w83l786ng_read_value(client, W83L786NG_REG_PWM[nr]) & 0xf0;
w83l786ng_write_value(client, W83L786NG_REG_PWM[nr], val);
mutex_unlock(>update_lock);
return count;
@@ -741,8 +744,9 @@ static struct w83l786ng_data *w83l786ng_
? 0 : 1;
data->pwm_enable[i] =
((pwmcfg >> W83L786NG_PWM_ENABLE_SHIFT[i]) & 3) + 1;
-   data->pwm[i] = w83l786ng_read_value(client,
-   W83L786NG_REG_PWM[i]);
+   data->pwm[i] =
+   (w83l786ng_read_value(client, W83L786NG_REG_PWM[i])
+& 0x0f) * 0x11;
}
 
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 010/185] libata: Fix display of sata speed

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Gwendal Grignou 

commit 3e85c3ecbc520751324a191d23bb94873ed01b10 upstream.

6.0 Gbps link speed was not decoded properly:
speed was reported at 3.0 Gbps only.

Tested: On a machine where libata reports 6.0 Gbps in
/var/log/messages:
ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)

Before:
cat /sys/class/ata_link/link1/sata_spd
3.0 Gbps
After:
cat /sys/class/ata_link/link1/sata_spd
6.0 Gbps

Signed-off-by: Gwendal Grignou 
Signed-off-by: Tejun Heo 
Signed-off-by: Ben Hutchings 
---
 drivers/ata/libata-transport.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -312,25 +312,25 @@ int ata_tport_add(struct device *parent,
 /*
  * ATA link attributes
  */
+static int noop(int x) { return x; }
 
-
-#define ata_link_show_linkspeed(field) \
+#define ata_link_show_linkspeed(field, format) \
 static ssize_t \
 show_ata_link_##field(struct device *dev,  \
  struct device_attribute *attr, char *buf) \
 {  \
struct ata_link *link = transport_class_to_link(dev);   \
\
-   return sprintf(buf,"%s\n", sata_spd_string(fls(link->field)));  \
+   return sprintf(buf, "%s\n", sata_spd_string(format(link->field))); \
 }
 
-#define ata_link_linkspeed_attr(field) \
-   ata_link_show_linkspeed(field)  \
+#define ata_link_linkspeed_attr(field, format) \
+   ata_link_show_linkspeed(field, format)  \
 static DEVICE_ATTR(field, S_IRUGO, show_ata_link_##field, NULL)
 
-ata_link_linkspeed_attr(hw_sata_spd_limit);
-ata_link_linkspeed_attr(sata_spd_limit);
-ata_link_linkspeed_attr(sata_spd);
+ata_link_linkspeed_attr(hw_sata_spd_limit, fls);
+ata_link_linkspeed_attr(sata_spd_limit, fls);
+ata_link_linkspeed_attr(sata_spd, noop);
 
 
 static DECLARE_TRANSPORT_CLASS(ata_link_class,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 141/185] futex: fix handling of read-only-mapped hugepages

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Linus Torvalds 

commit f12d5bfceb7e1f9051563381ec047f7f13956c3c upstream.

The hugepage code had the exact same bug that regular pages had in
commit 7485d0d3758e ("futexes: Remove rw parameter from
get_futex_key()").

The regular page case was fixed by commit 9ea71503a8ed ("futex: Fix
regression with read only mappings"), but the transparent hugepage case
(added in a5b338f2b0b1: "thp: update futex compound knowledge") case
remained broken.

Found by Dave Jones and his trinity tool.

Reported-and-tested-by: Dave Jones 
Acked-by: Thomas Gleixner 
Cc: Mel Gorman 
Cc: Darren Hart 
Cc: Andrea Arcangeli 
Cc: Oleg Nesterov 
Signed-off-by: Linus Torvalds 
Signed-off-by: Ben Hutchings 
---
 kernel/futex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -285,7 +285,7 @@ again:
put_page(page);
/* serialize against __split_huge_page_splitting() */
local_irq_disable();
-   if (likely(__get_user_pages_fast(address, 1, 1, ) == 1)) {
+   if (likely(__get_user_pages_fast(address, 1, !ro, ) == 1)) 
{
page_head = compound_head(page);
/*
 * page_head is valid pointer but we must pin

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 136/185] ARM: pxa: tosa: fix keys mapping

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dmitry Eremin-Solenikov 

commit 506cac15ac86f204b83e3cfccde73eeb4e7c5f34 upstream.

When converting from tosa-keyboard driver to matrix keyboard, tosa keys
received extra 1 column shift. Replace that with correct values to make
keyboard work again.

Fixes: f69a6548c9d5 ('[ARM] pxa/tosa: make use of the matrix keypad driver')
Signed-off-by: Dmitry Eremin-Solenikov 
Signed-off-by: Haojian Zhuang 
Signed-off-by: Olof Johansson 
Signed-off-by: Ben Hutchings 
---
 arch/arm/mach-pxa/tosa.c | 102 +++
 1 file changed, 51 insertions(+), 51 deletions(-)

--- a/arch/arm/mach-pxa/tosa.c
+++ b/arch/arm/mach-pxa/tosa.c
@@ -424,57 +424,57 @@ static struct platform_device tosa_power
  * Tosa Keyboard
  */
 static const uint32_t tosakbd_keymap[] = {
-   KEY(0, 2, KEY_W),
-   KEY(0, 6, KEY_K),
-   KEY(0, 7, KEY_BACKSPACE),
-   KEY(0, 8, KEY_P),
-   KEY(1, 1, KEY_Q),
-   KEY(1, 2, KEY_E),
-   KEY(1, 3, KEY_T),
-   KEY(1, 4, KEY_Y),
-   KEY(1, 6, KEY_O),
-   KEY(1, 7, KEY_I),
-   KEY(1, 8, KEY_COMMA),
-   KEY(2, 1, KEY_A),
-   KEY(2, 2, KEY_D),
-   KEY(2, 3, KEY_G),
-   KEY(2, 4, KEY_U),
-   KEY(2, 6, KEY_L),
-   KEY(2, 7, KEY_ENTER),
-   KEY(2, 8, KEY_DOT),
-   KEY(3, 1, KEY_Z),
-   KEY(3, 2, KEY_C),
-   KEY(3, 3, KEY_V),
-   KEY(3, 4, KEY_J),
-   KEY(3, 5, TOSA_KEY_ADDRESSBOOK),
-   KEY(3, 6, TOSA_KEY_CANCEL),
-   KEY(3, 7, TOSA_KEY_CENTER),
-   KEY(3, 8, TOSA_KEY_OK),
-   KEY(3, 9, KEY_LEFTSHIFT),
-   KEY(4, 1, KEY_S),
-   KEY(4, 2, KEY_R),
-   KEY(4, 3, KEY_B),
-   KEY(4, 4, KEY_N),
-   KEY(4, 5, TOSA_KEY_CALENDAR),
-   KEY(4, 6, TOSA_KEY_HOMEPAGE),
-   KEY(4, 7, KEY_LEFTCTRL),
-   KEY(4, 8, TOSA_KEY_LIGHT),
-   KEY(4, 10, KEY_RIGHTSHIFT),
-   KEY(5, 1, KEY_TAB),
-   KEY(5, 2, KEY_SLASH),
-   KEY(5, 3, KEY_H),
-   KEY(5, 4, KEY_M),
-   KEY(5, 5, TOSA_KEY_MENU),
-   KEY(5, 7, KEY_UP),
-   KEY(5, 11, TOSA_KEY_FN),
-   KEY(6, 1, KEY_X),
-   KEY(6, 2, KEY_F),
-   KEY(6, 3, KEY_SPACE),
-   KEY(6, 4, KEY_APOSTROPHE),
-   KEY(6, 5, TOSA_KEY_MAIL),
-   KEY(6, 6, KEY_LEFT),
-   KEY(6, 7, KEY_DOWN),
-   KEY(6, 8, KEY_RIGHT),
+   KEY(0, 1, KEY_W),
+   KEY(0, 5, KEY_K),
+   KEY(0, 6, KEY_BACKSPACE),
+   KEY(0, 7, KEY_P),
+   KEY(1, 0, KEY_Q),
+   KEY(1, 1, KEY_E),
+   KEY(1, 2, KEY_T),
+   KEY(1, 3, KEY_Y),
+   KEY(1, 5, KEY_O),
+   KEY(1, 6, KEY_I),
+   KEY(1, 7, KEY_COMMA),
+   KEY(2, 0, KEY_A),
+   KEY(2, 1, KEY_D),
+   KEY(2, 2, KEY_G),
+   KEY(2, 3, KEY_U),
+   KEY(2, 5, KEY_L),
+   KEY(2, 6, KEY_ENTER),
+   KEY(2, 7, KEY_DOT),
+   KEY(3, 0, KEY_Z),
+   KEY(3, 1, KEY_C),
+   KEY(3, 2, KEY_V),
+   KEY(3, 3, KEY_J),
+   KEY(3, 4, TOSA_KEY_ADDRESSBOOK),
+   KEY(3, 5, TOSA_KEY_CANCEL),
+   KEY(3, 6, TOSA_KEY_CENTER),
+   KEY(3, 7, TOSA_KEY_OK),
+   KEY(3, 8, KEY_LEFTSHIFT),
+   KEY(4, 0, KEY_S),
+   KEY(4, 1, KEY_R),
+   KEY(4, 2, KEY_B),
+   KEY(4, 3, KEY_N),
+   KEY(4, 4, TOSA_KEY_CALENDAR),
+   KEY(4, 5, TOSA_KEY_HOMEPAGE),
+   KEY(4, 6, KEY_LEFTCTRL),
+   KEY(4, 7, TOSA_KEY_LIGHT),
+   KEY(4, 9, KEY_RIGHTSHIFT),
+   KEY(5, 0, KEY_TAB),
+   KEY(5, 1, KEY_SLASH),
+   KEY(5, 2, KEY_H),
+   KEY(5, 3, KEY_M),
+   KEY(5, 4, TOSA_KEY_MENU),
+   KEY(5, 6, KEY_UP),
+   KEY(5, 10, TOSA_KEY_FN),
+   KEY(6, 0, KEY_X),
+   KEY(6, 1, KEY_F),
+   KEY(6, 2, KEY_SPACE),
+   KEY(6, 3, KEY_APOSTROPHE),
+   KEY(6, 4, TOSA_KEY_MAIL),
+   KEY(6, 5, KEY_LEFT),
+   KEY(6, 6, KEY_DOWN),
+   KEY(6, 7, KEY_RIGHT),
 };
 
 static struct matrix_keymap_data tosakbd_keymap_data = {

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 152/185] bonding: don't permit to use ARP monitoring in 802.3ad mode

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Veaceslav Falico 

[ Upstream commit ec9f1d15db8185f63a2c3143dc1e90ba18541b08 ]

Currently the ARP monitoring is not supported with 802.3ad, and it's
prohibited to use it via the module params.

However we still can set it afterwards via sysfs, cause we only check for
*LB modes there.

To fix this - add a check for 802.3ad mode in bonding_store_arp_interval.

CC: Jay Vosburgh 
CC: Andy Gospodarek 
Signed-off-by: Veaceslav Falico 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 drivers/net/bonding/bond_sysfs.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c
index 8ed48c2..aae24d1 100644
--- a/drivers/net/bonding/bond_sysfs.c
+++ b/drivers/net/bonding/bond_sysfs.c
@@ -534,8 +534,9 @@ static ssize_t bonding_store_arp_interval(struct device *d,
goto out;
}
if (bond->params.mode == BOND_MODE_ALB ||
-   bond->params.mode == BOND_MODE_TLB) {
-   pr_info("%s: ARP monitoring cannot be used with ALB/TLB. Only 
MII monitoring is supported on %s.\n",
+   bond->params.mode == BOND_MODE_TLB ||
+   bond->params.mode == BOND_MODE_8023AD) {
+   pr_info("%s: ARP monitoring cannot be used with 
ALB/TLB/802.3ad. Only MII monitoring is supported on %s.\n",
bond->dev->name, bond->dev->name);
ret = -EINVAL;
goto out;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 127/185] ARM: 7912/1: check stack pointer in get_wchan

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Konstantin Khlebnikov 

commit 1b15ec7a7427d4188ba91b9bbac696250a059d22 upstream.

get_wchan() is lockless. Task may wakeup at any time and change its own stack,
thus each next stack frame may be overwritten and filled with random stuff.

/proc/$pid/stack interface had been disabled for non-current tasks, see [1]
But 'wchan' still allows to trigger stack frame unwinding on volatile stack.

This patch fixes oops in unwind_frame() by adding stack pointer validation on
each step (as x86 code do), unwind_frame() already checks frame pointer.

Also I've found another report of this oops on stackoverflow (irony).

Link: http://www.spinics.net/lists/arm-kernel/msg110589.html [1]
Link: 
http://stackoverflow.com/questions/18479894/unwind-frame-cause-a-kernel-paging-error

Signed-off-by: Konstantin Khlebnikov 
Acked-by: Will Deacon 
Signed-off-by: Russell King 
Signed-off-by: Ben Hutchings 
---
 arch/arm/kernel/process.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -468,6 +468,7 @@ EXPORT_SYMBOL(kernel_thread);
 unsigned long get_wchan(struct task_struct *p)
 {
struct stackframe frame;
+   unsigned long stack_page;
int count = 0;
if (!p || p == current || p->state == TASK_RUNNING)
return 0;
@@ -476,9 +477,11 @@ unsigned long get_wchan(struct task_stru
frame.sp = thread_saved_sp(p);
frame.lr = 0;   /* recovered from the stack */
frame.pc = thread_saved_pc(p);
+   stack_page = (unsigned long)task_stack_page(p);
do {
-   int ret = unwind_frame();
-   if (ret < 0)
+   if (frame.sp < stack_page ||
+   frame.sp >= stack_page + THREAD_SIZE ||
+   unwind_frame() < 0)
return 0;
if (!in_sched_functions(frame.pc))
return frame.pc;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 126/185] crypto: scatterwalk - Use sg_chain_ptr on chain entries

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Tom Lendacky 

commit 389a5390583a18e45bc4abd4439291abec5e7a63 upstream.

Now that scatterwalk_sg_chain sets the chain pointer bit the sg_page
call in scatterwalk_sg_next hits a BUG_ON when CONFIG_DEBUG_SG is
enabled. Use sg_chain_ptr instead of sg_page on a chain entry.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Ben Hutchings 
---
 include/crypto/scatterwalk.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -66,7 +66,7 @@ static inline struct scatterlist *scatte
if (sg_is_last(sg))
return NULL;
 
-   return (++sg)->length ? sg : (void *)sg_page(sg);
+   return (++sg)->length ? sg : sg_chain_ptr(sg);
 }
 
 static inline void scatterwalk_crypto_chain(struct scatterlist *head,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 184/185] ftrace: Fix function graph with loading of modules

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: "Steven Rostedt (Red Hat)" 

commit 8a56d7761d2d041ae5e8215d20b4167d8aa93f51 upstream.

Commit 8c4f3c3fa9681 "ftrace: Check module functions being traced on reload"
fixed module loading and unloading with respect to function tracing, but
it missed the function graph tracer. If you perform the following

 # cd /sys/kernel/debug/tracing
 # echo function_graph > current_tracer
 # modprobe nfsd
 # echo nop > current_tracer

You'll get the following oops message:

 [ cut here ]
 WARNING: CPU: 2 PID: 2910 at /linux.git/kernel/trace/ftrace.c:1640 
__ftrace_hash_rec_update.part.35+0x168/0x1b9()
 Modules linked in: nfsd exportfs nfs_acl lockd ipt_MASQUERADE sunrpc 
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables uinput 
snd_hda_codec_idt
 CPU: 2 PID: 2910 Comm: bash Not tainted 3.13.0-rc1-test #7
 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by 
O.E.M., BIOS SDBLI944.86P 05/08/2007
  0668 8800787efcf8 814fe193 88007d50
   8800787efd38 8103b80a 0668
  810b2b9a 81a48370 0001 880037aea000
 Call Trace:
  [] dump_stack+0x4f/0x7c
  [] warn_slowpath_common+0x81/0x9b
  [] ? __ftrace_hash_rec_update.part.35+0x168/0x1b9
  [] warn_slowpath_null+0x1a/0x1c
  [] __ftrace_hash_rec_update.part.35+0x168/0x1b9
  [] ? __mutex_lock_slowpath+0x364/0x364
  [] ftrace_shutdown+0xd7/0x12b
  [] unregister_ftrace_graph+0x49/0x78
  [] graph_trace_reset+0xe/0x10
  [] tracing_set_tracer+0xa7/0x26a
  [] tracing_set_trace_write+0x8b/0xbd
  [] ? ftrace_return_to_handler+0xb2/0xde
  [] ? __sb_end_write+0x5e/0x5e
  [] vfs_write+0xab/0xf6
  [] ftrace_graph_caller+0x85/0x85
  [] SyS_write+0x59/0x82
  [] ftrace_graph_caller+0x85/0x85
  [] system_call_fastpath+0x16/0x1b
 ---[ end trace 940358030751eafb ]---

The above mentioned commit didn't go far enough. Well, it covered the
function tracer by adding checks in __register_ftrace_function(). The
problem is that the function graph tracer circumvents that (for a slight
efficiency gain when function graph trace is running with a function
tracer. The gain was not worth this).

The problem came with ftrace_startup() which should always be called after
__register_ftrace_function(), if you want this bug to be completely fixed.

Anyway, this solution moves __register_ftrace_function() inside of
ftrace_startup() and removes the need to call them both.

Reported-by: Dave Wysochanski 
Fixes: ed926f9b35cd ("ftrace: Use counters to enable functions to trace")
Signed-off-by: Steven Rostedt 
Signed-off-by: Ben Hutchings 
---
 kernel/trace/ftrace.c | 68 +--
 1 file changed, 34 insertions(+), 34 deletions(-)

--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -259,9 +259,6 @@ static int remove_ftrace_ops(struct ftra
 
 static int __register_ftrace_function(struct ftrace_ops *ops)
 {
-   if (ftrace_disabled)
-   return -ENODEV;
-
if (FTRACE_WARN_ON(ops == _ops))
return -EINVAL;
 
@@ -290,9 +287,6 @@ static int __unregister_ftrace_function(
 {
int ret;
 
-   if (ftrace_disabled)
-   return -ENODEV;
-
if (WARN_ON(!(ops->flags & FTRACE_OPS_FL_ENABLED)))
return -EBUSY;
 
@@ -1703,10 +1697,15 @@ static void ftrace_startup_enable(int co
 static int ftrace_startup(struct ftrace_ops *ops, int command)
 {
bool hash_enable = true;
+   int ret;
 
if (unlikely(ftrace_disabled))
return -ENODEV;
 
+   ret = __register_ftrace_function(ops);
+   if (ret)
+   return ret;
+
ftrace_start_up++;
command |= FTRACE_UPDATE_CALLS;
 
@@ -1728,12 +1727,17 @@ static int ftrace_startup(struct ftrace_
return 0;
 }
 
-static void ftrace_shutdown(struct ftrace_ops *ops, int command)
+static int ftrace_shutdown(struct ftrace_ops *ops, int command)
 {
bool hash_disable = true;
+   int ret;
 
if (unlikely(ftrace_disabled))
-   return;
+   return -ENODEV;
+
+   ret = __unregister_ftrace_function(ops);
+   if (ret)
+   return ret;
 
ftrace_start_up--;
/*
@@ -1768,9 +1772,10 @@ static void ftrace_shutdown(struct ftrac
}
 
if (!command || !ftrace_enabled)
-   return;
+   return 0;
 
ftrace_run_update_code(command);
+   return 0;
 }
 
 static void ftrace_startup_sysctl(void)
@@ -2622,16 +2627,13 @@ static void __enable_ftrace_function_pro
if (i == FTRACE_FUNC_HASHSIZE)
return;
 
-   ret = __register_ftrace_function(_probe_ops);
-   if (!ret)
-   ret = ftrace_startup(_probe_ops, 0);
+   ret = ftrace_startup(_probe_ops, 0);
 
ftrace_probe_registered = 1;
 }
 
 static void

[PATCH 3.2 130/185] ALSA: memalloc.h - fix wrong truncation of dma_addr_t

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Stefano Panella 

commit 932e9dec380c67ec15ac3eb073bb55797d8b4801 upstream.

When running a 32bit kernel the hda_intel driver is still reporting
a 64bit dma_mask if the HW supports it.

=46romsound/pci/hda/hda_intel.c:

/* allow 64bit DMA address if supported by H/W */
if ((gcap & ICH6_GCAP_64OK) && !pci_set_dma_mask(pci, DMA_BIT_MASK(64)))
pci_set_consistent_dma_mask(pci, DMA_BIT_MASK(64));
else {
pci_set_dma_mask(pci, DMA_BIT_MASK(32));
pci_set_consistent_dma_mask(pci, DMA_BIT_MASK(32));
}

which means when there is a call to dma_alloc_coherent from
snd_malloc_dev_pages a machine address bigger than 32bit can be returned.
This can be true in particular if running  the 32bit kernel as a pv dom0
under the Xen Hypervisor or PAE on bare metal.

The problem is that when calling setup_bdle to program the BLE the
dma_addr_t returned from the dma_alloc_coherent is wrongly truncated
from snd_sgbuf_get_addr if running a 32bit kernel:

static inline dma_addr_t snd_sgbuf_get_addr(struct snd_dma_buffer *dmab,
   size_t offset)
{
struct snd_sg_buf *sgbuf = dmab->private_data;
dma_addr_t addr = sgbuf->table[offset >> PAGE_SHIFT].addr;
addr &= PAGE_MASK;
return addr + offset % PAGE_SIZE;
}

where PAGE_MASK in a 32bit kernel is zeroing the upper 32bit af addr.

Without this patch the HW will fetch the 32bit truncated address,
which is not the one obtained from dma_alloc_coherent and will result
to a non working audio but can corrupt host memory at a random location.

The current patch apply to v3.13-rc3-74-g6c843f5

Signed-off-by: Stefano Panella 
Reviewed-by: Frediano Ziglio 
Signed-off-by: Takashi Iwai 
Signed-off-by: Ben Hutchings 
---
 include/sound/memalloc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/sound/memalloc.h
+++ b/include/sound/memalloc.h
@@ -101,7 +101,7 @@ static inline unsigned int snd_sgbuf_ali
 static inline dma_addr_t snd_sgbuf_get_addr(struct snd_sg_buf *sgbuf, size_t 
offset)
 {
dma_addr_t addr = sgbuf->table[offset >> PAGE_SHIFT].addr;
-   addr &= PAGE_MASK;
+   addr &= ~((dma_addr_t)PAGE_SIZE - 1);
return addr + offset % PAGE_SIZE;
 }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 117/185] USB: spcp8x5: correct handling of CS5 setting

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Colin Leitner 

commit 711fbdfbf2bc4827214a650afe3f64767a1aba16 upstream.

This patch removes an erroneous check of CSIZE, which made it impossible to set
CS5.

Compiles clean, but couldn't test against hardware.

Signed-off-by: Colin Leitner 
Signed-off-by: Johan Hovold 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Ben Hutchings 
---
 drivers/usb/serial/spcp8x5.c | 30 ++
 1 file changed, 14 insertions(+), 16 deletions(-)

--- a/drivers/usb/serial/spcp8x5.c
+++ b/drivers/usb/serial/spcp8x5.c
@@ -394,22 +394,20 @@ static void spcp8x5_set_termios(struct t
}
 
/* Set Data Length : 00:5bit, 01:6bit, 10:7bit, 11:8bit */
-   if (cflag & CSIZE) {
-   switch (cflag & CSIZE) {
-   case CS5:
-   buf[1] |= SET_UART_FORMAT_SIZE_5;
-   break;
-   case CS6:
-   buf[1] |= SET_UART_FORMAT_SIZE_6;
-   break;
-   case CS7:
-   buf[1] |= SET_UART_FORMAT_SIZE_7;
-   break;
-   default:
-   case CS8:
-   buf[1] |= SET_UART_FORMAT_SIZE_8;
-   break;
-   }
+   switch (cflag & CSIZE) {
+   case CS5:
+   buf[1] |= SET_UART_FORMAT_SIZE_5;
+   break;
+   case CS6:
+   buf[1] |= SET_UART_FORMAT_SIZE_6;
+   break;
+   case CS7:
+   buf[1] |= SET_UART_FORMAT_SIZE_7;
+   break;
+   default:
+   case CS8:
+   buf[1] |= SET_UART_FORMAT_SIZE_8;
+   break;
}
 
/* Set Stop bit2 : 0:1bit 1:2bit */

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 162/185] net: clamp ->msg_namelen instead of returning an error

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 

[ Upstream commit db31c55a6fb245fdbb752a2ca4aefec89afabb06 ]

If kmsg->msg_namelen > sizeof(struct sockaddr_storage) then in the
original code that would lead to memory corruption in the kernel if you
had audit configured.  If you didn't have audit configured it was
harmless.

There are some programs such as beta versions of Ruby which use too
large of a buffer and returning an error code breaks them.  We should
clamp the ->msg_namelen value instead.

Fixes: 1661bf364ae9 ("net: heap overflow in __audit_sockaddr()")
Reported-by: Eric Wong 
Signed-off-by: Dan Carpenter 
Tested-by: Eric Wong 
Acked-by: Eric Dumazet 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/compat.c | 2 +-
 net/socket.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/compat.c b/net/compat.c
index 3312574..41724c9 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -72,7 +72,7 @@ int get_compat_msghdr(struct msghdr *kmsg, struct 
compat_msghdr __user *umsg)
__get_user(kmsg->msg_flags, >msg_flags))
return -EFAULT;
if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
-   return -EINVAL;
+   kmsg->msg_namelen = sizeof(struct sockaddr_storage);
kmsg->msg_name = compat_ptr(tmp1);
kmsg->msg_iov = compat_ptr(tmp2);
kmsg->msg_control = compat_ptr(tmp3);
diff --git a/net/socket.c b/net/socket.c
index 8021b0f..d4faade 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1885,7 +1885,7 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
return -EFAULT;
if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
-   return -EINVAL;
+   kmsg->msg_namelen = sizeof(struct sockaddr_storage);
return 0;
 }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 095/185] Staging: zram: Fix memory leak by refcount mismatch

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Rashika Kheria 

commit 1b672224d128ec2570eb37572ff803cfe452b4f7 upstream.

As suggested by Minchan Kim and Jerome Marchand "The code in reset_store
get the block device (bdget_disk()) but it does not put it (bdput()) when
it's done using it. The usage count is therefore incremented but never
decremented."

This patch also puts bdput() for all error cases.

Acked-by: Minchan Kim 
Acked-by: Jerome Marchand 
Signed-off-by: Rashika Kheria 
Signed-off-by: Greg Kroah-Hartman 
[bwh: Backported to 3.2: adjust filename, context]
Signed-off-by: Ben Hutchings 
---
 drivers/staging/zram/zram_sysfs.c | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

--- a/drivers/staging/zram/zram_sysfs.c
+++ b/drivers/staging/zram/zram_sysfs.c
@@ -99,18 +99,23 @@ static ssize_t reset_store(struct device
return -ENOMEM;
 
/* Do not reset an active device! */
-   if (bdev->bd_holders)
-   return -EBUSY;
+   if (bdev->bd_holders) {
+   ret = -EBUSY;
+   goto out;
+   }
 
ret = strict_strtoul(buf, 10, _reset);
if (ret)
-   return ret;
+   goto out;
 
-   if (!do_reset)
-   return -EINVAL;
+   if (!do_reset) {
+   ret = -EINVAL;
+   goto out;
+   }
 
/* Make sure all pending I/O is finished */
fsync_bdev(bdev);
+   bdput(bdev);
 
down_write(>init_lock);
if (zram->init_done)
@@ -118,6 +123,10 @@ static ssize_t reset_store(struct device
up_write(>init_lock);
 
return len;
+
+out:
+   bdput(bdev);
+   return ret;
 }
 
 static ssize_t num_reads_show(struct device *dev,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 150/185] ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Duan Jiong 

[ Upstream commit f104a567e673f382b09542a8dc3500aa689957b4 ]

As the rfc 4191 said, the Router Preference and Lifetime values in a
::/0 Route Information Option should override the preference and lifetime
values in the Router Advertisement header. But when the kernel deals with
a ::/0 Route Information Option, the rt6_get_route_info() always return
NULL, that means that overriding will not happen, because those default
routers were added without flag RTF_ROUTEINFO in rt6_add_dflt_router().

In order to deal with that condition, we should call rt6_get_dflt_router
when the prefix length is 0.

Signed-off-by: Duan Jiong 
Acked-by: Hannes Frederic Sowa 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 net/ipv6/route.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index bc9103d..1768238 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -592,8 +592,11 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
prefix = _buf;
}
 
-   rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, gwaddr,
-   dev->ifindex);
+   if (rinfo->prefix_len == 0)
+   rt = rt6_get_dflt_router(gwaddr, dev);
+   else
+   rt = rt6_get_route_info(net, prefix, rinfo->prefix_len,
+   gwaddr, dev->ifindex);
 
if (rt && !lifetime) {
ip6_del_rt(rt);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 099/185] ALSA: hda/realtek - Set pcbeep amp for ALC668

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Kailang Yang 

commit 9ad54547cf6f4410eba83bb95dfd2a0966718d6d upstream.

Set the missing pcbeep default amp for ALC668.

Signed-off-by: Kailang Yang 
Signed-off-by: Takashi Iwai 
Signed-off-by: Ben Hutchings 
---
 sound/pci/hda/patch_realtek.c | 1 +
 1 file changed, 1 insertion(+)

--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -5943,6 +5943,7 @@ static int patch_alc662(struct hda_codec
case 0x10ec0272:
case 0x10ec0663:
case 0x10ec0665:
+   case 0x10ec0668:
set_beep_amp(spec, 0x0b, 0x04, HDA_INPUT);
break;
case 0x10ec0273:

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 105/185] crypto: scatterwalk - Set the chain pointer indication bit

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Tom Lendacky 

commit 41da8b5adba77e22584f8b45f9641504fa885308 upstream.

The scatterwalk_crypto_chain function invokes the scatterwalk_sg_chain
function to chain two scatterlists, but the chain pointer indication
bit is not set.  When the resulting scatterlist is used, for example,
by sg_nents to count the number of scatterlist entries, a segfault occurs
because sg_nents does not follow the chain pointer to the chained scatterlist.

Update scatterwalk_sg_chain to set the chain pointer indication bit as is
done by the sg_chain function.

Signed-off-by: Tom Lendacky 
Signed-off-by: Herbert Xu 
Signed-off-by: Ben Hutchings 
---
 include/crypto/scatterwalk.h | 1 +
 1 file changed, 1 insertion(+)

--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -58,6 +58,7 @@ static inline void scatterwalk_sg_chain(
 {
sg_set_page([num - 1], (void *)sg2, 0, 0);
sg1[num - 1].page_link &= ~0x02;
+   sg1[num - 1].page_link |= 0x01;
 }
 
 static inline struct scatterlist *scatterwalk_sg_next(struct scatterlist *sg)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 110/185] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Shawn Landden 

commit d3f7d56a7a4671d395e8af87071068a195257bf6 upstream.

Commit 35f9c09fe (tcp: tcp_sendpages() should call tcp_push() once)
added an internal flag MSG_SENDPAGE_NOTLAST, similar to
MSG_MORE.

algif_hash, algif_skcipher, and udp used MSG_MORE from tcp_sendpages()
and need to see the new flag as identical to MSG_MORE.

This fixes sendfile() on AF_ALG.

v3: also fix udp

Cc: Tom Herbert 
Cc: Eric Dumazet 
Cc: David S. Miller 
Reported-and-tested-by: Shawn Landden 
Original-patch: Richard Weinberger 
Signed-off-by: Shawn Landden 
Signed-off-by: David S. Miller 
Signed-off-by: Ben Hutchings 
---
 crypto/algif_hash.c | 3 +++
 crypto/algif_skcipher.c | 3 +++
 net/ipv4/udp.c  | 3 +++
 3 files changed, 9 insertions(+)

--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -114,6 +114,9 @@ static ssize_t hash_sendpage(struct sock
struct hash_ctx *ctx = ask->private;
int err;
 
+   if (flags & MSG_SENDPAGE_NOTLAST)
+   flags |= MSG_MORE;
+
lock_sock(sk);
sg_init_table(ctx->sgl.sg, 1);
sg_set_page(ctx->sgl.sg, page, size, offset);
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -378,6 +378,9 @@ static ssize_t skcipher_sendpage(struct
struct skcipher_sg_list *sgl;
int err = -EINVAL;
 
+   if (flags & MSG_SENDPAGE_NOTLAST)
+   flags |= MSG_MORE;
+
lock_sock(sk);
if (!ctx->more && ctx->used)
goto unlock;
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1036,6 +1036,9 @@ int udp_sendpage(struct sock *sk, struct
struct udp_sock *up = udp_sk(sk);
int ret;
 
+   if (flags & MSG_SENDPAGE_NOTLAST)
+   flags |= MSG_MORE;
+
if (!up->pending) {
struct msghdr msg = {   .msg_flags = flags|MSG_MORE };
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH 3.2 140/185] hwmon: Prevent some divide by zeros in FAN_TO_REG()

2013-12-28 Thread Ben Hutchings 
3.2.54-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 

commit 3806b45ba4655147a011df03242cc197ab986c43 upstream.

The "rpm * div" operations can overflow here, so this patch adds an
upper limit to rpm to prevent that.  Jean Delvare helped me with this
patch.

Signed-off-by: Dan Carpenter 
Acked-by: Roger Lucas 
Signed-off-by: Jean Delvare 
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings 
---
 drivers/hwmon/lm78.c| 2 ++
 drivers/hwmon/sis5595.c | 2 ++
 drivers/hwmon/vt8231.c  | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

--- a/drivers/hwmon/lm78.c
+++ b/drivers/hwmon/lm78.c
@@ -90,6 +90,8 @@ static inline u8 FAN_TO_REG(long rpm, in
 {
if (rpm <= 0)
return 255;
+   if (rpm > 135)
+   return 1;
return SENSORS_LIMIT((135 + rpm * div / 2) / (rpm * div), 1, 254);
 }
 
--- a/drivers/hwmon/sis5595.c
+++ b/drivers/hwmon/sis5595.c
@@ -133,6 +133,8 @@ static inline u8 FAN_TO_REG(long rpm, in
 {
if (rpm <= 0)
return 255;
+   if (rpm > 135)
+   return 1;
return SENSORS_LIMIT((135 + rpm * div / 2) / (rpm * div), 1, 254);
 }
 
--- a/drivers/hwmon/vt8231.c
+++ b/drivers/hwmon/vt8231.c
@@ -139,7 +139,7 @@ static const u8 regtempmin[] = { 0x3a, 0
 */
 static inline u8 FAN_TO_REG(long rpm, int div)
 {
-   if (rpm == 0)
+   if (rpm <= 0 || rpm > 1310720)
return 0;
return SENSORS_LIMIT(1310720 / (rpm * div), 1, 255);
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

  1   2   3   4   5   6   >