Граф коммитов

494996 Коммитов

Автор SHA1 Сообщение Дата
Nicholas Mc Guire 6e4ab361b6 net: incorrect use of init_completion fixup
The second init_completion call should be a reinit_completion here.

patch is against 3.18.0 linux-next

Signed-off-by: Nicholas Mc Guire <der.herr@hofr.at>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-26 17:07:50 -05:00
Nicolas Dichtel ef8f342b43 neigh: remove next ptr from struct neigh_table
After commit
d7480fd3b1 ("neigh: remove dynamic neigh table registration support"),
this field is not used anymore.

CC: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-26 17:07:08 -05:00
Appana Durga Kedareswara Rao 16d8614b4f net: xilinx: Remove unnecessary temac_property in the driver
This property is no longer used in the code yet the code looks for it in the device tree.
It does not cause an error if it's not in the tree.

Signed-off-by: Kedareswara rao Appana <appanad@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-26 17:06:20 -05:00
Linus Torvalds 58628a7831 Merge branch 'parisc-3.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc build fix from Helge Deller:
 "This unbreaks the kernel compilation on parisc with gcc-4.9"

* 'parisc-3.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: fix out-of-register compiler error in ldcw inline assembler function
2014-12-26 13:41:05 -08:00
Johan Hovold d0e1df9cf4 net: phy: micrel: use generic config_init for KSZ8021/KSZ8031
Use generic config_init callback also for KSZ8021 and KSZ8031.

This has been avoided this far due to commit b838b4aced ("phy/micrel:
KSZ8031RNL RMII clock reconfiguration bug"), which claims that the PHY
becomes unresponsive if the broadcast-disable flag is set before
configuring the clock mode.

Turns out that the problem seemingly worked-around by the above
mentioned commit was really due to a hardware-configuration issue, where
the PHY was in fact strapped to address 3 rather than 0.

Tested-by: Bruno Thomsen <bth@kamstrup.dk>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-26 16:19:50 -05:00
Jay Vosburgh 2c26d34bbc net/core: Handle csum for CHECKSUM_COMPLETE VXLAN forwarding
When using VXLAN tunnels and a sky2 device, I have experienced
checksum failures of the following type:

[ 4297.761899] eth0: hw csum failure
[...]
[ 4297.765223] Call Trace:
[ 4297.765224]  <IRQ>  [<ffffffff8172f026>] dump_stack+0x46/0x58
[ 4297.765235]  [<ffffffff8162ba52>] netdev_rx_csum_fault+0x42/0x50
[ 4297.765238]  [<ffffffff8161c1a0>] ? skb_push+0x40/0x40
[ 4297.765240]  [<ffffffff8162325c>] __skb_checksum_complete+0xbc/0xd0
[ 4297.765243]  [<ffffffff8168c602>] tcp_v4_rcv+0x2e2/0x950
[ 4297.765246]  [<ffffffff81666ca0>] ? ip_rcv_finish+0x360/0x360

	These are reliably reproduced in a network topology of:

container:eth0 == host(OVS VXLAN on VLAN) == bond0 == eth0 (sky2) -> switch

	When VXLAN encapsulated traffic is received from a similarly
configured peer, the above warning is generated in the receive
processing of the encapsulated packet.  Note that the warning is
associated with the container eth0.

        The skbs from sky2 have ip_summed set to CHECKSUM_COMPLETE, and
because the packet is an encapsulated Ethernet frame, the checksum
generated by the hardware includes the inner protocol and Ethernet
headers.

	The receive code is careful to update the skb->csum, except in
__dev_forward_skb, as called by dev_forward_skb.  __dev_forward_skb
calls eth_type_trans, which in turn calls skb_pull_inline(skb, ETH_HLEN)
to skip over the Ethernet header, but does not update skb->csum when
doing so.

	This patch resolves the problem by adding a call to
skb_postpull_rcsum to update the skb->csum after the call to
eth_type_trans.

Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-26 16:16:51 -05:00
John David Anglin 45db07382a parisc: fix out-of-register compiler error in ldcw inline assembler function
The __ldcw macro has a problem when its argument needs to be reloaded from
memory. The output memory operand and the input register operand both need to
be reloaded using a register in class R1_REGS when generating 64-bit code.
This fails because there's only a single register in the class. Instead, use a
memory clobber. This also makes the __ldcw macro a compiler memory barrier.

Signed-off-by: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org>        [3.13+]
Signed-off-by: Helge Deller <deller@gmx.de>
2014-12-26 17:47:01 +01:00
Libin Yang d6795827bd ALSA: hda_intel: apply the Seperate stream_tag for Skylake
The total stream number of Skylake's input and output stream
exceeds 15, which will cause some streams do not work because
of the overflow on SDxCTL.STRM field if using the legacy
stream tag allocation method.

This patch uses the new stream tag allocation method by add
the flag AZX_DCAPS_SEPARATE_STREAM_TAG for Skylake platform.

Signed-off-by: Libin Yang <libin.yang@intel.com>
Reviewed-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-26 12:21:31 +01:00
Rafal Redzimski 93e3423e6b ALSA: hda_controller: Separate stream_tag for input and output streams.
Implemented separate stream_tag assignment for input and output streams.
According to hda specification stream tag must be unique throughout the
input streams group, however an output stream might use a stream tag
which is already in use by an input stream. This change is necessary
to support HW which provides a total of more than 15 stream DMA engines
which with legacy implementation causes an overflow on SDxCTL.STRM
field (and the whole SDxCTL register) and as a result usage of
Reserved value 0 in the SDxCTL.STRM field which confuses HDA controller.

Signed-off-by: Rafal Redzimski <rafal.f.redzimski@intel.com>
Signed-off-by: Jayachandran B <jayachandran.b@intel.com>
Signed-off-by: Libin Yang <libin.yang@intel.com>
Reviewed-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-12-26 12:21:21 +01:00
Linus Torvalds 08b022a965 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "Xmas fixes pull:

  core:
      one atomic fix, revert the WARN_ON dumb buffers patch.

  agp:
      fixup Dave J.

  nouveau:
      fix 3.18 regression for old userspace

  tegra fixes:
      vblank and iommu fixes

  amdkfd:
      fix bugs shown by testing with userspace, init apertures once

  msm:
      hdmi fixes and cleanup

  i915:
      misc fixes

  There is also a link ordering fix that I've asked to be cc'ed to you,
  putting iommu before gpu, it fixes an issue with amdkfd when things
  are all in the kernel, but I didn't like sending it via my tree
  without discussion.

  I'll probably be a bit on/off for a few weeks with pulls now, due to
  holidays and LCA, so don't be surprised if stuff gets a bit backed up,
  and things end up a bit large due to lag"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (28 commits)
  Revert "drm/gem: Warn on illegal use of the dumb buffer interface v2"
  agp: Fix up email address & attributions in AGP MODULE_AUTHOR tags
  nouveau: bring back legacy mmap handler
  drm/msm/hdmi: rework HDMI IRQ handler
  drm/msm/hdmi: enable regulators before clocks to avoid warnings
  drm/msm/mdp5: update irqs on crtc<->encoder link change
  drm/msm: block incoming update on pending updates
  drm/atomic: fix potential null ptr on plane enable
  drm/msm: Deletion of unnecessary checks before the function call "release_firmware"
  drm/msm: Deletion of unnecessary checks before two function calls
  drm/tegra: dc: Select root window for event dispatch
  drm/tegra: gem: Use the proper size for GEM objects
  drm/tegra: gem: Flush buffer objects upon allocation
  drm/tegra: dc: Fix a potential race on page-flip completion
  drm/tegra: dc: Consistently use the same pipe
  drm/irq: Add drm_crtc_vblank_count()
  drm/irq: Add drm_crtc_handle_vblank()
  drm/irq: Add drm_crtc_send_vblank_event()
  drm/i915: Disable PSMI sleep messages on all rings around context switches
  drm/i915: Force the CS stall for invalidate flushes
  ...
2014-12-25 16:04:15 -08:00
Linus Torvalds ebda37c90e Fix two bugs:
One that lockdep turned up, I didn't go far enough with cleanup
 of attributes for IPMI.  This has been there a long time; my
 previous fix of this didn't fix all the attributes.
 
 One fix for some arches that need an explicit linux/ctype.h for
 isspace().
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlSXWLcACgkQIXnXXONXERd+LACeKXjsGiTpTUe4vjnOsJj8oLPg
 I80AmwT20SVzlxGSVqSrwBn6uVirwjs5
 =ByuY
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-2' of git://git.code.sf.net/p/openipmi/linux-ipmi

Pull ipmi driver bugfixes from Corey Minyard:
 "Fix two bugs:

  One that lockdep turned up, I didn't go far enough with cleanup of
  attributes for IPMI.  This has been there a long time; my previous fix
  of this didn't fix all the attributes.

  One fix for some arches that need an explicit linux/ctype.h for
  isspace()"

* tag 'for-linus-2' of git://git.code.sf.net/p/openipmi/linux-ipmi:
  ipmi: Fix compile issue with isspace()
  ipmi: Finish cleanup of BMC attributes
2014-12-25 15:56:34 -08:00
Wu Fengguang 4aa6118811 openvswitch: fix odd_ptr_err.cocci warnings
net/openvswitch/vport-gre.c:188:5-11: inconsistent IS_ERR and PTR_ERR, PTR_ERR on line 189

 PTR_ERR should access the value just tested by IS_ERR

Semantic patch information:
 There can be false positives in the patch case, where it is the call
 IS_ERR that is wrong.

Generated by: scripts/coccinelle/tests/odd_ptr_err.cocci

CC: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-24 15:18:09 -05:00
Johan Hedberg 6a8fc95c87 Bluetooth: Fix accepting connections when not using mgmt
When connectable mode is enabled (page scan on) through some non-mgmt
method the HCI_CONNECTABLE flag will not be set. For backwards
compatibility with user space versions not using mgmt we should not
require HCI_CONNECTABLE to be set if HCI_MGMT is not set.

Reported-by: Pali Rohár <pali.rohar@gmail.com>
Tested-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17+
2014-12-24 20:02:00 +01:00
Marcel Holtmann 8bfe8442ff Bluetooth: Fix controller configuration with HCI_QUIRK_INVALID_BDADDR
When controllers set the HCI_QUIRK_INVALID_BDADDR flag, it is required
by userspace to program a valid public Bluetooth device address into
the controller before it can be used.

After successful address configuration, the internal state changes and
the controller runs the complete initialization procedure. However one
small difference is that this is no longer the HCI_SETUP stage. The
HCI_SETUP stage is only valid during initial controller setup. In this
case the stack runs the initialization as part of the HCI_CONFIG stage.

The controller version information, default name and supported commands
are only stored during HCI_SETUP. While these information are static,
they are not read initially when HCI_QUIRK_INVALID_BDADDR is set. So
when running in HCI_CONFIG state, these information need to be updated
as well.

This especially impacts Bluetooth 4.1 and later controllers using
extended feature pages and second event mask page.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org # 3.17+
2014-12-24 20:35:46 +02:00
Mika Westerberg 8975842bed brcmfmac: Do not crash if platform data is not populated
The driver looks for pdata->oob_irq_supported to find out if wowl can be
supported. However, not all platforms populate pdata in which case we crash
the kernel because of NULL pointer dereference.

Fixes: 330b4e4be9 ("brcmfmac: Add wowl support for SDIO devices.")
Reported-by: Christophe Prigent <christophe.prigent@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2014-12-24 15:26:46 +02:00
Paul Bolle dddd60220f ipw2200: select CFG80211_WEXT
Commit 24a0aa212e ("cfg80211: make WEXT compatibility unselectable")
made it impossible to depend on CFG80211_WEXT. It does still allow to
select that symbol. (Yes, the commit summary is confusing.)

So make IPW2200 select CFG80211_WEXT, so that the ipw2200 driver can be
enabled in config again.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2014-12-24 15:15:25 +02:00
Mark Brown ee4629f5b2 Merge remote-tracking branches 'spi/fix/img-spfi' and 'spi/fix/msiof' into spi-linus 2014-12-24 12:57:54 +00:00
Mark Brown f2ec1d3b25 Merge remote-tracking branches 'asoc/fix/dwc', 'asoc/fix/intel', 'asoc/fix/rockchip' and 'asoc/fix/rt5677' into asoc-linus 2014-12-24 12:56:32 +00:00
Mark Brown c533b8e60a Merge remote-tracking branch 'asoc/fix/dapm' into asoc-linus 2014-12-24 12:56:32 +00:00
Jianqun Xu 27fd36ab13 ASoC: rockchip: i2s: fix maxburst of dma data to 4
Since RK3288 DMAC's burst length only support max to 4, here
set maxburst of playback and capture dma data to 4.

Signed-off-by: Jianqun Xu <jay.xu@rock-chips.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2014-12-24 12:43:20 +00:00
Jianqun Xu 4db9c4a9b2 ASoC: rockchip: i2s: fix error defination of transmit data level
According to description about "Transmit Data Level",

This bit field controls the level at which a DMA request
is made by the transmit logic.

It is equal to the watermark level.

That is, the dma_tx_req signal is generated when the number
of valid data entries in the TXFIFO
(TXFIFO0 if CSR=00
 TXFIFO1 if CSR=01
 TXFIFO2 if CSR=10
 TXFIFO3 if CSR=11)
is equal to or below this field value.

Different to receive data level, transmit data level does not need
to "-1".

Signed-off-by: Jianqun Xu <jay.xu@rock-chips.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2014-12-24 12:42:55 +00:00
Andrew Bresticker 76fe5e95fa spi: img-spfi: Increase DMA burst size
A 1-byte burst size is rather inefficient and has been shown to cause
TX issues during testing.  Increase the DMA burst size to 4-bytes for
both RX and TX DMA when using the 8-bit FIFO.

Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
2014-12-24 12:20:03 +00:00
Jie Yang 25f97549b5 ASoC: Intel: correct the fixed free block allocation
For block span more than 1 section, when allocate it from
a free block, we need allocate the remain buffers within
the block, and then continue alloc the rest of needed
size buffer.

Here also make sure this free block is moved from free
list to used list, and add it to block_list which may
be used for power gating disabling later.

Signed-off-by: Jie Yang <yang.jie@intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2014-12-24 12:14:06 +00:00
Fang, Yang A 6087fcab7b ASoC: rt5677: fixed rt5677_dsp_vad_put rt5677_dsp_vad_get panic
snd_kcontrol_chip should return snd_soc_component instead of
snd_soc_codec

Signed-off-by: Fang, Yang A <yang.a.fang@intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2014-12-24 11:56:52 +00:00
Thomas Graf b8fb4e0648 net: Reset secmark when scrubbing packet
skb_scrub_packet() is called when a packet switches between a context
such as between underlay and overlay, between namespaces, or between
L3 subnets.

While we already scrub the packet mark, connection tracking entry,
and cached destination, the security mark/context is left intact.

It seems wrong to inherit the security context of a packet when going
from overlay to underlay or across forwarding paths.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-24 00:21:43 -05:00
Toshiaki Makita 796f2da81b net: Fix stacked vlan offload features computation
When vlan tags are stacked, it is very likely that the outer tag is stored
in skb->vlan_tci and skb->protocol shows the inner tag's vlan_proto.
Currently netif_skb_features() first looks at skb->protocol even if there
is the outer tag in vlan_tci, thus it incorrectly retrieves the protocol
encapsulated by the inner vlan instead of the inner vlan protocol.
This allows GSO packets to be passed to HW and they end up being
corrupted.

Fixes: 58e998c6d2 ("offloading: Force software GSO for multiple vlan tags.")
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-24 00:08:33 -05:00
David S. Miller e51a08b8df Merge branch 'openvswitch-net'
Pravin B Shelar says:

====================
openvswitch: datapath fixes

Following patch series is mostly targeted to MPLS fixes. other
patches are related datapth transmit path error handling.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:38 -05:00
Pravin B Shelar 74f47278cb vxlan: Fix double free of skb.
In case of error vxlan_xmit_one() can free already freed skb.
Also fixes memory leak of dst-entry.

Fixes: acbf74a763 ("vxlan: Refactor vxlan driver to make use
of the common UDP tunnel functions").

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:31 -05:00
Pravin B Shelar 997e068ebc openvswitch: Fix vport_send double free
Today vport-send has complex error handling because it involves
freeing skb and updating stats depending on return value from
vport send implementation.
This can be simplified by delegating responsibility of freeing
skb to the vport implementation for all cases. So that
vport-send needs just update stats.

Fixes: 91b7514cdf ("openvswitch: Unify vport error stats
handling")
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:31 -05:00
Pravin B Shelar cbe7e76d94 openvswitch: Fix GSO with multiple MPLS label.
MPLS GSO needs to know inner most protocol to process GSO packets.

Fixes: 25cd9ba0ab ("openvswitch: Add basic MPLS support to
kernel").

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:31 -05:00
Pravin B Shelar ec449f40bb openvswitch: Fix MPLS action validation.
Linux stack does not implement GSO for packet with multiple
encapsulations.  Therefore there was check in MPLS action
validation to detect such case, But this check introduced
bug which deleted one or more actions from actions list.
Following patch removes this check to fix the validation.

Fixes: 25cd9ba0ab ("openvswitch: Add basic MPLS support to
kernel").

Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Reported-by: Srinivas Neginhal <sneginha@vmware.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:31 -05:00
Pravin B Shelar 4cc1beca30 mpls: Fix allowed protocols for mpls gso
MPLS and Tunnel GSO does not work together.  Reject packet which
request such GSO.

Fixes: 0d89d2035f ("MPLS: Add limited GSO support").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:31 -05:00
Pravin B Shelar d0edc7bf39 mpls: Fix config check for mpls.
Fixes MPLS GSO for case when mpls is compiled as kernel module.

Fixes: 0d89d2035f ("MPLS: Add limited GSO support").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:57:30 -05:00
Herbert Xu ceb8d5bf17 net: Rearrange loop in net_rx_action
This patch rearranges the loop in net_rx_action to reduce the
amount of jumping back and forth when reading the code.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:20:21 -05:00
Herbert Xu 6bd373ebba net: Always poll at least one device in net_rx_action
We should only perform the softnet_break check after we have polled
at least one device in net_rx_action.  Otherwise a zero or negative
setting of netdev_budget can lock up the whole system.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:20:21 -05:00
Herbert Xu 001ce546bb net: Detect drivers that reschedule NAPI and exhaust budget
The commit d75b1ade56 (net: less
interrupt masking in NAPI) required drivers to leave poll_list
empty if the entire budget is consumed.

We have already had two broken drivers so let's add a check for
this.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:20:21 -05:00
Herbert Xu 726ce70e9e net: Move napi polling code out of net_rx_action
This patch creates a new function napi_poll and moves the napi
polling code from net_rx_action into it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:20:21 -05:00
Antonio Quartulli 0d16449195 batman-adv: avoid NULL dereferences and fix if check
Gateway having bandwidth_down equal to zero are not accepted
at all and so never added to the Gateway list.
For this reason checking the bandwidth_down member in
batadv_gw_out_of_range() is useless.

This is probably a copy/paste error and this check was supposed
to be "!gw_node" only. Moreover, the way the check is written
now may also lead to a NULL dereference.

Fix this by rewriting the if-condition properly.

Introduced by 414254e342
("batman-adv: tvlv - gateway download/upload bandwidth container")

Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:13:37 -05:00
Sven Eckelmann 0402e444cd batman-adv: Unify fragment size calculation
The fragmentation code was replaced in 610bfc6bc9
("batman-adv: Receive fragmented packets and merge") by an implementation which
can handle up to 16 fragments of a packet. The packet is prepared for the split
in fragments by the function batadv_frag_send_packet and the actual split is
done by batadv_frag_create.

Both functions calculate the size of a fragment themself. But their calculation
differs because batadv_frag_send_packet also subtracts ETH_HLEN. Therefore,
the check in batadv_frag_send_packet "can a full fragment can be created?" may
return true even when batadv_frag_create cannot create a full fragment.

The function batadv_frag_create doesn't check the size of the skb before
splitting it and therefore might try to create a larger fragment than the
remaining buffer. This creates an integer underflow and an invalid len is given
to skb_split.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:13:37 -05:00
Sven Eckelmann 5b6698b0e4 batman-adv: Calculate extra tail size based on queued fragments
The fragmentation code was replaced in 610bfc6bc9
("batman-adv: Receive fragmented packets and merge"). The new code provided a
mostly unused parameter skb for the merging function. It is used inside the
function to calculate the additionally needed skb tailroom. But instead of
increasing its own tailroom, it is only increasing the tailroom of the first
queued skb. This is not correct in some situations because the first queued
entry can be a different one than the parameter.

An observed problem was:

1. packet with size 104, total_size 1464, fragno 1 was received
   - packet is queued
2. packet with size 1400, total_size 1464, fragno 0 was received
   - packet is queued at the end of the list
3. enough data was received and can be given to the merge function
   (1464 == (1400 - 20) + (104 - 20))
   - merge functions gets 1400 byte large packet as skb argument
4. merge function gets first entry in queue (104 byte)
   - stored as skb_out
5. merge function calculates the required extra tail as total_size - skb->len
   - pskb_expand_head tail of skb_out with 64 bytes
6. merge function tries to squeeze the extra 1380 bytes from the second queued
   skb (1400 byte aka skb parameter) in the 64 extra tail bytes of skb_out

Instead calculate the extra required tail bytes for skb_out also using skb_out
instead of using the parameter skb. The skb parameter is only used to get the
total_size from the last received packet. This is also the total_size used to
decide that all fragments were received.

Reported-by: Philipp Psurek <philipp.psurek@gmail.com>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Acked-by: Martin Hundebøll <martin@hundeboll.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:13:37 -05:00
Jason Wang af6dabc9c7 net: drop the packet when fails to do software segmentation or header check
Commit cecda693a9 ("net: keep original skb
which only needs header checking during software GSO") keeps the original
skb for packets that only needs header check, but it doesn't drop the
packet if software segmentation or header check were failed.

Fixes cecda693a9 ("net: keep original skb which only needs header checking during software GSO")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-12-23 23:12:11 -05:00
Dave Airlie da6b51d007 Revert "drm/gem: Warn on illegal use of the dumb buffer interface v2"
This reverts commit 355a701838.

This had some bad side effects under normal operation, and should
have been dropped earlier.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2014-12-24 13:13:22 +10:00
Dave Airlie 0d83b72acd Merge tag 'amdkfd-fixes-2014-12-23' of git://people.freedesktop.org/~gabbayo/linux into drm-fixes
- Display MEC fw version in topology. Without this, the HSA userspace
  stack is broken.

- Init apertures information only once per process

* tag 'amdkfd-fixes-2014-12-23' of git://people.freedesktop.org/~gabbayo/linux:
  amdkfd: init aperture once per process
  amdkfd: Display MEC fw version in topology node
  drm/radeon: Add implementation of get_fw_version
  drm/amd: Add get_fw_version to kfd-->kgd interface
2014-12-24 12:59:08 +10:00
Zhang Rui 7429b1e0d0 Merge branches 'thermal-core', 'thermal-soc' and 'thermal-int340x' of .git into next 2014-12-24 10:38:30 +08:00
Srinivas Pandruvada f8061d383b Thermal/int340x/int3403: Free acpi notification handler
Remove acpi notification handler when zone is removed.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
2014-12-24 10:37:44 +08:00
Srinivas Pandruvada cc3f71a415 Thermal/int340x/processor_thermal: Fix memory leak
Address memory leak for buffer allocated with ACPI_ALLOCATE_BUFFER.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
2014-12-24 10:37:43 +08:00
Srinivas Pandruvada f01bc8f37e Thermal/int340x/int3403: Fix memory leak
Address memory leak for buffer allocated with ACPI_ALLOCATE_BUFFER.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
2014-12-24 10:37:43 +08:00
Srinivas Pandruvada 47c93e6b3f thermal: int340x: Introduce processor reporting device
The Int340x thermal provides a processor thermal device, which
is used to control processor thermal states. These devices are
either reported as a PCI device or an ACPI device. This
device provides power limits, control states and optional
temperature.
This change implements minimal requirements to expose processor
power limits which can be used during thermal power limiting.
Power limits are exposed via an attribute group called
"power_limits" under the device. The exported attributes
are:
power_limit_0_max_uw
power_limit_1_max_uw
power_limit_0_min_uw
power_limit_1_min_uw
power_limit_0_tmin_us
power_limit_1_tmin_us
power_limit_0_tmax_us
power_limit_1_tmax_us
power_limit_0_step_uw
power_limit_1_step_uw

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
2014-12-24 10:37:35 +08:00
Linus Torvalds 66b3f4f0a0 Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
Pull audit fixes from Paul Moore:
 "Four patches to fix various problems with the audit subsystem, all are
  fairly small and straightforward.

  One patch fixes a problem where we weren't using the correct gfp
  allocation flags (GFP_KERNEL regardless of context, oops), one patch
  fixes a problem with old userspace tools (this was broken for a
  while), one patch fixes a problem where we weren't recording pathnames
  correctly, and one fixes a problem with PID based filters.

  In general I don't think there is anything controversial with this
  patchset, and it fixes some rather unfortunate bugs; the allocation
  flag one can be particularly scary looking for users"

* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
  audit: restore AUDIT_LOGINUID unset ABI
  audit: correctly record file names with different path name types
  audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb
  audit: don't attempt to lookup PIDs when changing PID filtering audit rules
2014-12-23 18:13:16 -08:00
Richard Guy Briggs 041d7b98ff audit: restore AUDIT_LOGINUID unset ABI
A regression was caused by commit 780a7654cee8:
	 audit: Make testing for a valid loginuid explicit.
(which in turn attempted to fix a regression caused by e1760bd)

When audit_krule_to_data() fills in the rules to get a listing, there was a
missing clause to convert back from AUDIT_LOGINUID_SET to AUDIT_LOGINUID.

This broke userspace by not returning the same information that was sent and
expected.

The rule:
	auditctl -a exit,never -F auid=-1
gives:
	auditctl -l
		LIST_RULES: exit,never f24=0 syscall=all
when it should give:
		LIST_RULES: exit,never auid=-1 (0xffffffff) syscall=all

Tag it so that it is reported the same way it was set.  Create a new
private flags audit_krule field (pflags) to store it that won't interact with
the public one from the API.

Cc: stable@vger.kernel.org # v3.10-rc1+
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
2014-12-23 16:40:18 -05:00