The recent change for USB-audio disconnection race fixes introduced a
mutex deadlock again. There is a circular dependency between
chip->shutdown_rwsem and pcm->open_mutex, depicted like below, when a
device is opened during the disconnection operation:
A. snd_usb_audio_disconnect() ->
card.c::register_mutex ->
chip->shutdown_rwsem (write) ->
snd_card_disconnect() ->
pcm.c::register_mutex ->
pcm->open_mutex
B. snd_pcm_open() ->
pcm->open_mutex ->
snd_usb_pcm_open() ->
chip->shutdown_rwsem (read)
Since the chip->shutdown_rwsem protection in the case A is required
only for turning on the chip->shutdown flag and it doesn't have to be
taken for the whole operation, we can reduce its window in
snd_usb_audio_disconnect().
Reported-by: Jiri Slaby <jslaby@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When the firmware is in SNIFFER mode, it leaves
the FCS at the end of frame. Not telling mac80211
means it won't add the right flag to the radiotap
header and that confuses wireshark.
Since mac80211 doesn't have a per-packet flag, set
the HW flag dynamically. This works as the monitor
vif can only be present in the driver by itself.
This fixes a regression introduced by my
commit 5789772641
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri May 11 10:53:18 2012 +0200
iwlwifi: support explicit monitor interface
Cc: stable@vger.kernel.org [3.5+]
Reported-by: MARK PHILLIPS <mark.phillips@virgin.net>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When regulator_register fails and exits through the scrub path the
regulator_put function was called whilst holding the
regulator_list_mutex, causing deadlock.
This patch adds a private version of the regulator_put function which
can be safely called whilst holding the mutex, replacing the
aforementioned call.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
The driver claims to support SMBus quick command but it was not the
case. This patch fixes this issue. Without it, i2cdetect finds imaginary
devices. And with some IP versions, trying to send 0 byte can cause
issue when writing data to an EEPROM.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
[wsa: improved the commit message]
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
There is a precedence bug because | has higher precedence than ?:. This
code was cut and pasted and I fixed a similar bug a few days ago.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Implement support for WRITE SAME(10) and WRITE SAME(16) in the SCSI disk
driver.
- We set the default maximum to 0xFFFF because there are several
devices out there that only support two-byte block counts even with
WRITE SAME(16). We only enable transfers bigger than 0xFFFF if the
device explicitly reports MAXIMUM WRITE SAME LENGTH in the BLOCK
LIMITS VPD.
- max_write_same_blocks can be overriden per-device basis in sysfs.
- The UNMAP discovery heuristics remain unchanged but the discard
limits are tweaked to match the "real" WRITE SAME commands.
- In the error handling logic we now distinguish between WRITE SAME
with and without UNMAP set.
The discovery process heuristics are:
- If the device reports a SCSI level of SPC-3 or greater we'll issue
READ SUPPORTED OPERATION CODES to find out whether WRITE SAME(16) is
supported. If that's the case we will use it.
- If the device supports the block limits VPD and reports a MAXIMUM
WRITE SAME LENGTH bigger than 0xFFFF we will use WRITE SAME(16).
- Otherwise we will use WRITE SAME(10) unless the target LBA is beyond
0xFFFFFFFF or the block count exceeds 0xFFFF.
- no_write_same is set for ATA, FireWire and USB.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Reviewed-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Support requests with more than one bio payload for discards. The total
number of bytes to be discarded is stored in req->__data_len and used in
sd_done() to complete the I/O.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
The REPORT SUPPORTED OPERATION CODES command can be used to query
whether a given opcode is supported by a device. Add a helper function
that allows us to look up commands.
We only issue RSOC if the device reports compliance with SPC-3 or
later. But to err on the side of caution we disable the command for ATA,
FireWire and USB.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
There is no mixer attached to the ASRC on the wm5110 only a multiplexer
to select the source for the single input line. This change correctly
defines this in the wm5110 CODEC driver.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
There is no mixer attached to the ASRC on the wm5102 only a multiplexer
to select the source for the single input line. This change correctly
defines this in the wm5102 CODEC driver.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
The Asynchronous Sample Rate Converters on the wm5102/wm5110 have no
mixer attached to their input, but they do allow the input to be
selected from a number of sources via a multiplexer. Currently the
platform assumes the presence of 4 multiplexers and a mixer for each
block.
This patch adds support multiplexed single input blocks into the Arizona
platform.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
In the event of a VXLAN device being linked to a device that has a
hard_header_len greater than that of standard ethernet we could end up with
the hard_header_len not being large enough for outgoing frames. In order to
prevent this we should update the length when a lowerdev is provided.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Use eXtensible and not eXtensiable in the comment on top.
Signed-off-by: Rami Rosen <ramirose@gmail.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When allocating the memory for i2c busses, the code checked the wrong
variable and thus never detected if there was a memory error.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable@vger.kernel.org
Signed-off-by: Jean Delvare <khali@linux-fr.org>
I have been maintaining the i2c subsystem for 7 years now, it's about
time to let someone else take over. Just before I leave, I would like
to thank several individuals who made this possible at all:
* Greg Kroah-Hartman, for his faith in my potential subsystem
maintainer skills. Greg, I hope I met your expectations.
* Late David Brownell, for helping me convert the i2c subsystem to the
standard device driver model. Rest in peace David, we're missing you.
* Ben Dooks, for stepping in when I asked for someone to take care of
the huge flow of new i2c adapter drivers for embedded systems.
* Wolfram Sang, for joining the crew when it became clear that there
was more review work than Ben and myself could deal with.
I hope I did not forget anyone, please forgive me if I did.
Another big thank is due to Wolfram again, who quickly proposed to
take over as the main i2c subsystem maintainer. This will allow for a
smooth and fast transition.
Note that I will keep maintaining all I2C/SMBus controller drivers for
PC systems as well as a few others. I am hereby updating MAINTAINERS
accordingly. I'll also keep maintaining user-space i2c-tools.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Ben Dooks <ben-linux@fluff.org>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Commit 6bd4a5d96c changed the
ANDROID_ALARM_GET_TIME ioctls from IOW to IOR. While technically
correct, the _IOC_DIR bits are ignored by alarm_ioctl, so the
commit breaks a userspace ABI used by all existing Android devices
for a purely cosmetic reason. Revert it.
Cc: stable <stable@vger.kernel.org>
Cc: Dae S. Kim <dae@velatum.com>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The check whether the IBSS is active and can be removed should be
performed before deinitializing the fields used for the check/search.
Otherwise, the configured BSS will not be found and removed properly.
To make it more clear for the future, rename sdata->u.ibss to the
local pointer ifibss which is used within the checks.
This behaviour was introduced by
f3209bea11
("mac80211: fix IBSS teardown race")
Cc: stable@vger.kernel.org
Cc: Ignacy Gawedzki <i@lri.fr>
Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This change fixes an issue I found where VXLAN frames were fragmented when
they were up to the VXLAN MTU size. I root caused the issue to the fact that
the headroom was 4 + 20 + 8 + 8. This math doesn't appear to be correct
because we are not inserting a VLAN header, but instead a 2nd Ethernet header.
As such the math for the overhead should be 20 + 8 + 8 + 14 to account for the
extra headers that are inserted for VXLAN.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We added support for RFC 5961 in latest kernels but TCP fails
to perform exhaustive check of ACK sequence.
We can update our view of peer tsval from a frame that is
later discarded by tcp_ack()
This makes timestamps enabled sessions vulnerable to injection of
a high tsval : peers start an ACK storm, since the victim
sends a dupack each time it receives an ACK from the other peer.
As tcp_validate_incoming() is called before tcp_ack(), we should
not peform tcp_replace_ts_recent() from it, and let callers do it
at the right time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: H.K. Jerry Chu <hkchu@google.com>
Cc: Romain Francoise <romain@orebokech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
A number of Huawei 3G and LTE modems implement a CDC NCM function,
including the necessary functional descriptors, but using a non
standard interface layout and class/subclass/protocol codes.
These devices can be handled by this driver with only a minor
change to the probing logic, allowing a single combined control
and data interface. This works because the devices
- include a CDC Union descriptor labelling the combined
interface as both master and slave, and
- have an alternate setting #1 for the bulk endpoints on the
combined interface.
The 3G/LTE network connection is managed by vendor specific AT
commands on a serial function in the same composite device.
Handling the managment function is out of the scope of this
driver. It will be handled by an appropriate USB serial
driver.
Reported-and-Tested-by: Olof Ermis <olof.ermis@gmail.com>
Reported-and-Tested-by: Tommy Cheng <tommy7765@yahoo.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
If the set_mac_address() function of qeth is invoked, qeth deletes
the old mac address first on OSA. Only if deletion returns
successfully the new mac address is set on OSA. Deletion may return
with a return value "MAC not found on OSA". In this case qeth
should continue setting the new mac address.
When the OSA cable is pulled, OSA forgets any set mac address. If
the OSA network interface acts as a slave to a bonding master
interface, bonding can invoke the set_mac_address function for
failover purposes and depends on successful setting of the new mac
address even though the old mac address could no longer be deleted.
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Return codes of IPA_CMD_QIPASSIST are not checked, especially the ones which
indicate that the command is not supported. As a result, the device driver
would not enable all available features on older card generations.
This patch adds proper checking and sets the bare minimum in the supported
functions flags to avoid follow-on errors.
Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Reviewed-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The device datasheet specifies the BUSY bit must be set when reading
or writing phy registers. This patch ensures we do that.
Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 73d4066055.
Martin Steigerwald reported that this change caused a hard lockup when
using USB if threadirqs are enabled. Thomas pointed out that this patch
is incorrect, and can cause problems. So revert it to get the
previously working functionality back.
Reported-by: Martin Steigerwald <Martin@lichtvoll.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Chuansheng Liu <chuansheng.liu@intel.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The Dell 5800 appears to be a simple rebrand of the Novatel E362.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit f79b2d0f (USB: keyspan: fix NULL-pointer dereferences and
memory leaks) had a small typo which made the driver use wrong
offsets when mapping serial port private data. This results in
in a GPF when the port is opened.
Reported-by: Richard <richjunk@pacbell.net>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Acked-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
migrating worker threads to other cpus.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJQkEqpAAoJEKurIx+X31iBZk0P/2h4IkLYz7DspI9gxVMXfMEm
0lIWWIEaqAbOkFsi8VuGjlNrgU+7PabKs/2/++tfbq+hJdQYCCxyAKCGeWbdBw/R
fUSTiyQYH84DEFySg6G1AJQwVB8nnRLNWm5wrUtMgX9/2E6D5dpFB0F301XLF+kg
OMY7RaFPWJRiWwlOnWWnbY3czNMragaTAyHIudj7ZvsgwBNWw3bgGY/sjIjJ3yy5
kyz0gYEsanOizSjT6Udr2MPFY2ol11co1MT6Ro4r7ORCvX2wSUTChUks2kZBzJ7l
Jf9g22ymVlvAo2qsCs/DBzRwXw/Ck0MlUMH8QehvMPLD39yoBiUYDeEqRpadmsQE
FLDyKBoxaH6nRzGCDJlTzD2FogHnChQaUtQ9nnyoSBNOjYt2lI8Dc3jEnXwWprim
3P2giL10Gf4LRdHSjHZp/6+kXzbTKqNIs1qfSMPz0GDcujAmTYJ8edyHI7fme5So
BgoSTBtjorxShNQjtg7fBVl3dp3oOnAFyOxDwToLUHWAVZKcXewQh5HkbgIawul4
YoiAsveP2FBCKbJA2xBEbI2S3hMKgRauAvh33JNucgZOM7RqPwkCpiAARzbD6mpR
tDNqhgXJZ+0F/3prIm4MzapaIivrlQ+LLxvVDTOYQtZyJi1Ba914zw+yUY2VMMHM
IvWy1qsmB77XxhmvgWj5
=tv13
-----END PGP SIGNATURE-----
Merge tag 'please-pull-tangchen' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras into x86/urgent
Pull MCE fix from Tony Luck:
"Fix problem in CMCI rediscovery code that was illegally
migrating worker threads to other cpus."
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The CBUS UART's interrupt number was wrong conflicting with the interrupt
being tied to the Intel PIIX4. Since the PIIX4's interrupt is registered
before the CBUS UART which is not being used on most systems this would
not be noticed.
Attempts to open the ttyS2 CBUS UART would result in:
genirq: Flags mismatch irq 18. 00000000 (serial) vs. 00010000 (XT-PIC cascade)
serial_link_irq_chain: request failed: -16 for irq: 18
Qemu was written to match the kernel so will need to be fixed also.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
SATA MICROCODE DOWNALOAD fails on isci driver. After receiving Register
Device to Host (FIS 0x34) frame Initiator resets phy.
In the frame handler routine response (FIS 0x34) was copied into wrong
buffer and upper layer did not receive any answer which resulted in
timeout and reset.
This patch corrects this bug.
Signed-off-by: Maciej Patelczyk <maciej.patelczyk@intel.com>
Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
There are laptops out there that need the eDP bpc from VBT. This is
effectively a revert of
commit 4344b813f1
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Fri Aug 10 11:10:20 2012 +0200
drm/i915: ignore eDP bpc settings from vbt
but putting the VBT check after the EDID check to see them both in dmesg if
this clamps more than the EDID. We have enough history with bpc clamping to
warrant the extra debug info.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=47641
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=56401
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Select HAVE_ALIGNED_STRUCT_PAGE on s390, so that the slub allocator can make
use of compare and swap double for lockless updates. This increases the size
of struct page to 64 bytes (instead of 56 bytes), however the performance gain
justifies the increased size:
- now excactly four struct pages fit into a single cache line; the
case that accessing a struct page causes two cache line loads
does not exist anymore.
- calculating the offset of a struct page within the memmap array
is only a simple shift instead of a more expensive multiplication.
A "hackbench 200 process 200" run on a 32 cpu system did show an 8% runtime
improvement.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
access_ok() returns always "true" on s390. Therefore all access_ok()
invocations are rather pointless.
However when walking page tables we need to make sure that everything
is within bounds of the ASCE limit of the task's address space.
So remove the access_ok() call and add the same check we have in
get_user_pages_fast().
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When walking page tables we need to make sure that everything
is within bounds of the ASCE limit of the task's address space.
Otherwise we might calculate e.g. a pud pointer which is not
within a pud and dereference it.
So check against TASK_SIZE (which is the ASCE limit) before
walking page tables.
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The xfrm gc threshold value depends on ip_rt_max_size. This
value was set to INT_MAX with the routing cache removal patch,
so we start doing garbage collecting when we have INT_MAX/2
IPsec routes cached. Fix this by going back to the static
threshold of 1024 routes.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
I don't think this works as intended. '|' higher precedence than ?: so
the bitwize OR "0 | (val & STR_MOST)" is a no-op.
I have re-written it to be more clear.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
A few small fixes plus a large but simple change for WM5102 which writes
out a bunch of register updates to the device when we enable the clock
as recommended following chip evaluation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJQoeX6AAoJELSic+t+oim9Yg8P/j49T5obxIXTZNMmMjrdc//f
xM61/gLoRfVtY2deHdAzpUw6OSUOCQ0iVuasQalmnz2KNb/htzXXT+npjwPo93ok
QZ4NBiMVJdOj/8m2u64K7flcGv2/llj2kvrj+8HmAI7KZ++zXMbBPVmvCSz0NpBL
tFyd4zQ5Fp7n4MCDiQ7fRKwgUbbkwuW4jm/R4YEJS0tOrEgy0vG4MP/v8oEYcu/f
tsOo0cMo8yESwpsy+fzfzqw7WS8LW/nKJJkRkYkO96YvgpDKbiPHadTJZDZ/+vg4
uDpNOcLP2t7cRV5kh0fIQpjPYxtDFeV9HCua/2NcDwSRbIn2gd4/vP08q8iZeZK7
F7c7VCZs9LgWnur0+RxS/yvlQJD0hmFEnaYobMXsULTZs4cRceigkBWOBSThG19y
iCxRdy0XLaog4yTHb5Aql0szAQ8PkxdtOP7JoyF0nUQn9hwinISWtgyxfHzHXWKb
SZHh2RLyzyyBWDh8VVBr4VM6q6WbQzS5MzS1IHipphoMGuGRKwQ5huPb048XjThB
w1suZvX8aMw1vJy2au/d38P4891c9qUBA4woNqd1r+xrYOBAw8VPw7c5CxCyBgIg
RUuCjEy/4RTkiXrhKzJA0kHmLXJKb53i2yNtzwe+w1lG6zdnhqGIuuHqLmdm89fL
qgm/dUv6FIXhkMxtYz0+
=3xEm
-----END PGP SIGNATURE-----
Merge tag 'asoc-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.7
A few small fixes plus a large but simple change for WM5102 which writes
out a bunch of register updates to the device when we enable the clock
as recommended following chip evaluation.
In case of probe deferral, the allocated GPIO line is not freed, which
prevents it from being claimed and properly asserted in later attempts.
Fix this by using devm_gpio_request().
Signed-off-by: Daniel Mack <zonque@gmail.com>
Reported-by: Michael Hirsch <hirsch@teufel.de>
Cc: Alexander Sverdlin <subaparts@yandex.ru>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Pull KVM fix from Marcelo Tosatti:
"A correction for user triggerable oops"
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
This pull request contains those missing clkdev entries which are needed
to boot that platform.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJQoT87AAoJEDqPOy9afJhJRyYP/0SVLiDlDMZ6bm3UqzKsqY4V
QhlSZQAJo/7FFRATeB7hGVAwayYSnzOcXMPvViCWGPe/30cva+IN7HzUbqvMHOfL
vBfSBIMZT9nqC74gQe8QytKuGG1Aysw4bzhDxLiePxB7yEtMMJ22yoabVQfQSsuS
U09pJ1jfAwNkLFLOwdDGgmx+xajPp3VVQRUC0R5mE/S/MowC1KPjRPZJZZwUPrjf
WXKKXYd2tv7d6IoZ9kPbgu5zsEqdF5a+GHkTuYlJw3Zk1VEOZuFLVAmskyyX9hvi
t6609gsyxch+nxFaz0BYV1Cf/fCcvLgL/oRAGbtspiiJL7IOwBbV7ojfNHd+3Pju
CNh0B1aRE0QrIv5cvcvdOA9VtLo1yyOjWpo5o2iwcSiD0d+txyztb5p16tTausSt
7LRxNdvt7aT9SsxtGLMa/PLlyRO+HSW8BKUo3Y84ZiwxJGGyIqv07tQd0jhlwXzv
OZtFe63f7MeWc/MwuAFBkSQM7UGMtHpyWuZJ2EGwnHCPssq1D7yzTWLLI3n3fgin
G1kIQklQwS+SrkjQGzZyYo436Dt3uJJ4mmCsrHypjfg6dUEYphkuucwJs3aiWNNX
YzIBAKKr9rQWKaYx7vqYe/0Jg3jxnGpAnYqurI1jCJJ0xQhQ5BMksdMehUclujRw
VRvnAZn5oKQVUGPnpVjE
=VC2a
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux
Pull ux500 clk fixes from Mike Turquette:
"Missing clkdev entries are causing regressions on the U8500 platform.
This pull request contains those missing clkdev entries which are
needed to boot that platform."
* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux:
clk: ux500: Register slimbus clock lookups for u8500
clk: ux500: Update rtc clock lookup for u8500
clk: ux500: Register msp clock lookups for u8500
clk: ux500: Register ssp clock lookups for u8500
clk: ux500: Register i2c clock lookups for u8500
Pull menuconfig portability fix from Michal Marek:
"Here is a fix for v3.7 that makes menuconfig compile again on systems
whose C library is lacking CIRCLEQ_* macros. I thought I sent it
earlier, but apparently I did not."
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
menuconfig: Replace CIRCLEQ by list_head-style lists.
Pull LED fix from Bryan Wu.
* 'fixes-for-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
ledtrig-cpu: kill useless mutex to fix sleep in atomic context
Pull futex fix from Thomas Gleixner:
"Single fix for a long standing futex race when taking over a futex
whose owner died. You can end up with two owners, which violates
quite some rules."
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
futex: Handle futex_pi OWNER_DIED take over correctly
On hosts without the XSAVE support unprivileged local user can trigger
oops similar to the one below by setting X86_CR4_OSXSAVE bit in guest
cr4 register using KVM_SET_SREGS ioctl and later issuing KVM_RUN
ioctl.
invalid opcode: 0000 [#2] SMP
Modules linked in: tun ip6table_filter ip6_tables ebtable_nat ebtables
...
Pid: 24935, comm: zoog_kvm_monito Tainted: G D 3.2.0-3-686-pae
EIP: 0060:[<f8b9550c>] EFLAGS: 00210246 CPU: 0
EIP is at kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm]
EAX: 00000001 EBX: 000f387e ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: ef5a0060 ESP: d7c63e70
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process zoog_kvm_monito (pid: 24935, ti=d7c62000 task=ed84a0c0
task.ti=d7c62000)
Stack:
00000001 f70a1200 f8b940a9 ef5a0060 00000000 00200202 f8769009 00000000
ef5a0060 000f387e eda5c020 8722f9c8 00015bae 00000000 ed84a0c0 ed84a0c0
c12bf02d 0000ae80 ef7f8740 fffffffb f359b740 ef5a0060 f8b85dc1 0000ae80
Call Trace:
[<f8b940a9>] ? kvm_arch_vcpu_ioctl_set_sregs+0x2fe/0x308 [kvm]
...
[<c12bfb44>] ? syscall_call+0x7/0xb
Code: 89 e8 e8 14 ee ff ff ba 00 00 04 00 89 e8 e8 98 48 ff ff 85 c0 74
1e 83 7d 48 00 75 18 8b 85 08 07 00 00 31 c9 8b 95 0c 07 00 00 <0f> 01
d1 c7 45 48 01 00 00 00 c7 45 1c 01 00 00 00 0f ae f0 89
EIP: [<f8b9550c>] kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm] SS:ESP
0068:d7c63e70
QEMU first retrieves the supported features via KVM_GET_SUPPORTED_CPUID
and then sets them later. So guest's X86_FEATURE_XSAVE should be masked
out on hosts without X86_FEATURE_XSAVE, making kvm_set_cr4 with
X86_CR4_OSXSAVE fail. Userspaces that allow specifying guest cpuid with
X86_FEATURE_XSAVE even on hosts that do not support it, might be
susceptible to this attack from inside the guest as well.
Allow setting X86_CR4_OSXSAVE bit only if host has XSAVE support.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Since commit edc88ceb0 (ARM: be really quiet when building with 'make -s') the
following output is generated when building a kernel for ARM:
echo ' Kernel: arch/arm/boot/Image is ready'
Kernel: arch/arm/boot/Image is ready
Building modules, stage 2.
echo ' Kernel: arch/arm/boot/zImage is ready'
Kernel: arch/arm/boot/zImage is ready
As per Documentation/kbuild/makefiles.txt the correct way of using kecho is
'@$(kecho)'.
Make this change so no more unwanted 'echo' messages are displayed.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>