- 14 Nov, 2014 40 commits
-
-
Al Viro authored
commit 7e8631e8 upstream. uninitialized msghdr. Broken in "ocfs2: don't open-code kernel_recvmsg()" by me ;-/ Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Hans de Goede authored
commit 5a1426c9 upstream. The acpi-video backlight interface on the NC210 does not work, blacklist it and use the samsung-laptop interface instead. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=861573Signed-off-by:
Hans de Goede <hdegoede@redhat.com> Signed-off-by:
Darren Hart <dvhart@linux.intel.com> Signed-off-by:
-
Hans de Goede authored
commit 183fd8fc upstream. The acpi-video backlight interface on the Acer KAV80 is broken, and worse it causes the entire machine to slow down significantly after a suspend/resume. Blacklist it, and use the acer-wmi backlight interface instead. Note that the KAV80 is somewhat unique in that it is the only Acer model where we fall back to acer-wmi after blacklisting, rather then using the native (e.g. intel) backlight driver. This is done because there is no native backlight interface on this model. BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1128309Signed-off-by:
-
Jan Kara authored
commit a8d42056 upstream. When we fail to allocate page vector in rbd_obj_read_sync() we just basically ignore the problem and continue which will result in an oops later. Fix the problem by returning proper error. CC: Yehuda Sadeh <yehuda@inktank.com> CC: Sage Weil <sage@inktank.com> CC: ceph-devel@vger.kernel.org Coverity-id: 1226882 Signed-off-by:
Jan Kara <jack@suse.cz> Signed-off-by:
Ilya Dryomov <idryomov@redhat.com> Signed-off-by:
-
Laurent Pinchart authored
commit f022d8cb upstream. If activation of the CMA area fails its mutex won't be initialized, leading to an oops at allocation time when trying to lock the mutex. Fix this by setting the cma area count field to 0 when activation fails, leading to allocation returning NULL immediately. Signed-off-by:
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Acked-by:
Michal Nazarewicz <mina86@mina86.com> Signed-off-by:
Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by:
-
jens stein authored
commit b2a9601c upstream. commit c675949e Author: Jani Nikula <jani.nikula@intel.com> Date: Wed Apr 9 11:31:37 2014 +0300 drm/i915: do not setup backlight if not available according to VBT prevents backlight setup on Macbook 2,1. Apply quirk to ignore the VBT check so backlight is set up properly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81438Signed-off-by:
Jens Stein Jørgensen <jens.s.stein@gmail.com> Signed-off-by:
Jani Nikula <jani.nikula@intel.com> Signed-off-by:
-
Ville Syrjälä authored
commit 6be1e3d3 upstream. vlv_cdclk_freq is in kHz but we need MHz for the GMBUSFREQ divider. This is a regression from: commit f8bf63fd Author: Ville Syrjälä <ville.syrjala@linux.intel.com> Date: Fri Jun 13 13:37:54 2014 +0300 drm/i915: Kill duplicated cdclk readout code from i2c Signed-off-by:
Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by:
-
Ville Syrjälä authored
commit f6a19066 upstream. Sometimes we seem to get utter garbage from DPCD reads. The resulting buffer is filled with the same byte, and the operation completed without errors. My HP ZR24w monitor seems particularly susceptible to this problem once it's gone into a sleep mode. The issue seems to happen only for the first AUX message that wakes the sink up. But as the first AUX read we often do is the DPCD receiver cap it does wreak a bit of havoc with subsequent link training etc. when the receiver cap bw/lane/etc. information is garbage. A sufficient workaround seems to be to perform a single byte dummy read before reading the actual data. I suppose that just wakes up the sink sufficiently and we can just throw away the returned data in case it's crap. DP_DPCD_REV seems like a sufficiently safe location to read here. Signed-off-by:
Todd Previte <tprevite@gmail.com> Signed-off-by:
-
Alex Deucher authored
commit 8c3e4347 upstream. 0x4c6e is a secondary device id so should not be used by the driver. Noticed-by:
Mark Kettenis <mark.kettenis@xs4all.nl> Signed-off-by:
Alex Deucher <alexander.deucher@amd.com> Signed-off-by:
-
Alex Deucher authored
commit 72b3f918 upstream. - bapm seems to cause CPU stuck messages so disable it. - nb dpm seems to prevent GPU dpm from getting enabled, so disable it. bug: https://bugs.freedesktop.org/show_bug.cgi?id=85107Signed-off-by:
-
Michel Dänzer authored
commit e5a5fd4d upstream. Should avoid kmalloc failures due to large number of array entries. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81991Reviewed-by:
Dave Airlie <airlied@redhat.com> Reviewed-by:
Christian König <christian.koenig@amd.com> Signed-off-by:
Michel Dänzer <michel.daenzer@amd.com> Signed-off-by:
-
Alex Deucher authored
commit 6fa45593 upstream. Causes problems on some boards. bug: https://bugs.freedesktop.org/show_bug.cgi?id=82889Signed-off-by:
-
Sinclair Yeh authored
commit 9a72384d upstream. When screen objects are enabled, the bpp is assumed to be 32, otherwise it is set to 16. v2: * Use u32 instead of u64 for assumed_bpp. * Fixed mechanism to check for screen objects * Limit the back buffer size to VRAM. Signed-off-by:
Sinclair Yeh <syeh@vmware.com> Reviewed-by:
Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by:
-
Jiang Liu authored
commit f1829859 upstream. Intel MID platforms has no legacy interrupts, so no IRQ descriptors preallocated. We need to call mp_map_gsi_to_irq() to create IRQ descriptors for APB timers and RTC timers, otherwise it may cause invalid memory access as: [ 0.116839] BUG: unable to handle kernel NULL pointer dereference at 0000003a [ 0.123803] IP: [<c1071c0e>] setup_irq+0xf/0x4d Tested-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
Jiang Liu <jiang.liu@linux.intel.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Joerg Roedel <joro@8bytes.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@linux.intel.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Rafael J. Wysocki <rjw@rjwysocki.net> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: David Cohen <david.a.cohen@linux.intel.com> Link: http://lkml.kernel.org/r/1414387308-27148-3-git-send-email-jiang.liu@linux.intel.comSigned-off-by:
Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
Ingo Molnar <mingo@kernel.org> Signed-off-by:
-
Kirill Tkhai authored
commit f1e3a093 upstream. Probability of use-after-free isn't zero in this place. Signed-off-by:
Kirill Tkhai <ktkhai@parallels.com> Signed-off-by:
Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: http://lkml.kernel.org/r/20140922183636.11015.83611.stgit@localhostSigned-off-by:
-
Felipe Balbi authored
[ Upstream commit 52ec49a5 ] During Halt Endpoint Test, our interrupt endpoint will be disabled, which will clear out ep->desc to NULL. Unless we call config_ep_by_speed() again, we will not be able to enable this endpoint which will make us fail that test. Fixes: f9c56cdd (usb: gadget: Clear usb_endpoint_descriptor inside the struct usb_ep on disable) Signed-off-by:
Felipe Balbi <balbi@ti.com> Signed-off-by:
-
Felipe Balbi authored
[ Upstream commit 7a608559 ] According to our Gadget Framework API documentation, ->set_halt() *must* return -EAGAIN if we have pending transfers (on either direction) or FIFO isn't empty (on TX endpoints). Fix this bug so that the mass storage gadget can be used without stall=0 parameter. This patch should be backported to all kernels since v3.2. Suggested-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
Ben Hutchings authored
Based on a5b7616c, but backported so that a bunch of dependencies are not needed. m25p80's device ID table is now spi_nor_ids, defined in spi-nor. The MODULE_DEVICE_TABLE() macro doesn't work with extern definitions, but its use was also removed at the same time. Now if m25p80 is built as a module it doesn't get the necessary aliases to be loaded automatically. A clean solution to this will involve defining the list of device IDs in spi-nor.h and removing struct spi_device_id from the spi-nor API, but this is quite a large change. As a quick fix suitable for stable, copy the device IDs back into m25p80. Fixes: 03e296f6 ("mtd: m25p80: use the SPI nor framework") Signed-off-by:
Ben Hutchings <ben@decadent.org.uk> [Brian: backport without the dependencies] Signed-off-by:
Brian Norris <computersforpeace@gmail.com> Signed-off-by:
-
Ondrej Kozina authored
commit e2cffb5f upstream. On archs with PAGE_SIZE >= 64 KiB the function skcipher_alloc_sgl() fails with -ENOMEM no matter what user space actually requested. This is caused by the fact sock_kmalloc call inside the function tried to allocate more memory than allowed by the default kernel socket buffer size (kernel param net.core.optmem_max). Signed-off-by:
Ondrej Kozina <okozina@redhat.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Sylwester Nawrocki authored
commit 098bcd23 upstream. The PLAT_S5P Kconfig symbol was removed in commit d78c16cc ("ARM: SAMSUNG: Remove remaining legacy code"). However, there are still some references to that symbol left, fix that by substituting them with ARCH_S5PV210. Fixes: d78c16cc ("ARM: SAMSUNG: Remove remaining legacy code") Reported-by:
Paul Bolle <pebolle@tiscali.nl> Signed-off-by:
Sylwester Nawrocki <s.nawrocki@samsung.com> Signed-off-by:
Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by:
-
Jan Kara authored
commit f55fefd1 upstream. The WARN_ON checking whether i_mutex is held in pagecache_isize_extended() was wrong because some filesystems (e.g. XFS) use different locks for serialization of truncates / writes. So just remove the check. Signed-off-by:
Dave Chinner <dchinner@redhat.com> Signed-off-by:
Dave Chinner <david@fromorbit.com> Signed-off-by:
-
Andy Lutomirski authored
commit b47dcbdc upstream. If the TSC is unusable or disabled, then this patch fixes: - Confusion while trying to clear old APIC interrupts. - Division by zero and incorrect programming of the TSC deadline timer. This fixes boot if the CPU has a TSC deadline timer but a missing or broken TSC. The failure to boot can be observed with qemu using -cpu qemu64,-tsc,+tsc-deadline This also happens to me in nested KVM for unknown reasons. With this patch, I can boot cleanly (although without a TSC). Signed-off-by:
Andy Lutomirski <luto@amacapital.net> Cc: Bandan Das <bsd@redhat.com> Link: http://lkml.kernel.org/r/e2fa274e498c33988efac0ba8b7e3120f7f92d78.1413393027.git.luto@amacapital.netSigned-off-by:
-
Mathias Krause authored
commit 6891c450 upstream. If userland creates a timer without specifying a sigevent info, we'll create one ourself, using a stack local variable. Particularly will we use the timer ID as sival_int. But as sigev_value is a union containing a pointer and an int, that assignment will only partially initialize sigev_value on systems where the size of a pointer is bigger than the size of an int. On such systems we'll copy the uninitialized stack bytes from the timer_create() call to userland when the timer actually fires and we're going to deliver the signal. Initialize sigev_value with 0 to plug the stack info leak. Found in the PaX patch, written by the PaX Team. Fixes: 5a9fa730 ("posix-timers: kill ->it_sigev_signo and...") Signed-off-by:
Mathias Krause <minipli@googlemail.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Link: http://lkml.kernel.org/r/1412456799-32339-1-git-send-email-minipli@googlemail.comSigned-off-by:
-
Dmitry Eremin-Solenikov authored
commit 89cf38dd upstream. After '#echo mem > /sys/power/state' some devices can not be properly resumed because apparently the MTD Partition Configuration Register has been reset to default thus the rootfs cannot be mounted cleanly on resume. An example of this can be found in the SA-1100 Developer's Manual at 9.5.3.3 where the second step of the Sleep Shutdown Sequence is described: "An internal reset is applied to the SA-1100. All units are reset...". As workaround we refresh the PCR value as done initially on chip setup. This behavior and the fix are confirmed by our tests done on 2 different Zaurus collie units with kernel 3.17. Fixes: 812c5fa8: ("mtd: cfi_cmdset_0001.c: add support for Sharp LH28F640BF NOR") Signed-off-by:
Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by:
Andrea Adami <andrea.adami@gmail.com> Signed-off-by:
-
Karl Beldan authored
commit c7abf25a upstream. It affects non-(V)HT rates and can lead to selecting an rts_cts rate that is not a basic rate or way superior to the reference rate (ATM rates[0] used for the 1st attempt of the protected frame data). E.g, assuming drivers register growing (bitrate) sorted tables of ieee80211_rate-s, having : - rates[0].idx == d'2 and basic_rates == b'10100 will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise - rates[0].idx == d'2 and basic_rates == b'10001 will select rts_cts idx b'10000 The first is not a basic rate and the second is > rates[0]. Also, wrt severity of the addressed misbehavior, ATM we only have one rts_cts_rate_idx rather than one per rate table entry, so this idx might still point to bitrates > rates[1..MAX_RATES]. Fixes: 5253ffb8 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates") Signed-off-by:
Karl Beldan <karl.beldan@rivierawaves.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Ian Abbott authored
commit 238b5ad8 upstream. As a follow-up to commit 6cab7a37 ("staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl"), Hartley Sweeten pointed out another couple of bugs stemming from commit 6cab7a37 ("staging: comedi: comedi_fops: introduce __comedi_get_user_chanlist()"). Firstly, `do_cmdtest_ioctl()` never frees the kernel copy of the user chanlist allocated by `__comedi_get_user_chanlist()`, so that memory is leaked. Fix it by freeing the allocated kernel memory pointed to by `cmd.chanlist` before that pointer is overwritten with its original pointer to user memory before `cmd` is copied back to user-space. Secondly, if `__comedi_get_user_chanlist()` returns an error, `cmd->chanlist` is left unchanged and in fact will be a pointer to user memory. This causes `do_cmd_ioctl()` to `goto cleanup` and call `do_become_nonbusy()` which would attempt to free the memory pointed to by the user-space pointer. Fix it by setting `cmd->chanlist` to NULL at the start of `__comedi_get_user_chanlist()`. Fixes: c6cd0eef ("staging: comedi: comedi_fops: introduce __comedi_get_user_chanlist()") Reported-by:
H Hartley Sweeten <hsweeten@visionengravers.com> Signed-off-by:
-
Ian Abbott authored
commit 6cab7a37 upstream. `do_cmd_ioctl()`, the handler for the `COMEDI_CMD` ioctl can incorrectly call the Comedi subdevice's `do_cmd()` handler with a NULL channel list pointer. This is a regression as the `do_cmd()` handler has never been expected to deal with that, leading to a kernel OOPS when it tries to dereference it. A NULL channel list pointer is allowed for the `COMEDI_CMDTEST` ioctl, handled by `do_cmdtest_ioctl()` and the subdevice's `do_cmdtest()` handler, but not for the `COMEDI_CMD` ioctl and its handlers. Both `do_cmd_ioctl()` and `do_cmdtest_ioctl()` call `__comedi_get_user_chanlist()` to copy the channel list from user memory into dynamically allocated kernel memory and check it for consistency. That function currently returns 0 if the `user_chanlist` parameter (pointing to the channel list in user memory) is NULL. That's fine for `do_cmdtest_ioctl()`, but `do_cmd_ioctl()` incorrectly assumes the kernel copy of the channel list has been set-up correctly. Fix it by not allowing the `user_chanlist` parameter to be NULL in `__comedi_get_user_chanlist()`, and only calling it from `do_cmdtest_ioctl()` if the parameter is non-NULL. Thanks to Bernd Porr for reporting the bug via an initial patch sent privately. Fixes: c6cd0eef ("staging: comedi: comedi_fops: introduce __comedi_get_user_chanlist()") Reported-by:
Bernd Porr <mail@berndporr.me.uk> Signed-off-by:
Ian Abbott <abbotti@mev.co.uk> Reviewed-by:
-
Imre Deak authored
commit 94fb823f upstream. If a device's dev_pm_ops::freeze callback fails during the QUIESCE phase, we don't rollback things correctly calling the thaw and complete callbacks. This could leave some devices in a suspended state in case of an error during resuming from hibernation. Signed-off-by:
Imre Deak <imre.deak@intel.com> Signed-off-by:
Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by:
-
Imre Deak authored
commit 246ef766 upstream. If an asynchronous suspend_late or freeze_late callback fails during the SUSPEND, FREEZE or QUIESCE phases, we don't propagate the corresponding error correctly, in effect ignoring the error and continuing the suspend-to-ram/hibernation. During suspend-to-ram this could leave some devices without a valid saved context, leading to a failure to reinitialize them during resume. During hibernation this could leave some devices active interfeering with the creation / restoration of the hibernation image. Also this could leave the corresponding devices without a valid saved context and failure to reinitialize them during resume. Fixes: de377b39 (PM / sleep: Asynchronous threads for suspend_late) Signed-off-by:
-
Peter Hurley authored
commit 37b16457 upstream. Kernel oops can cause the tty to be unreleaseable (for example, if n_tty_read() crashes while on the read_wait queue). This will cause tty_release() to endlessly loop without sleeping. Use a killable sleep timeout which grows by 2n+1 jiffies over the interval [0, 120 secs.) and then jumps to forever (but still killable). NB: killable just allows for the task to be rewoken manually, not to be terminated. Signed-off-by:
Peter Hurley <peter@hurleysoftware.com> Signed-off-by:
-
Imre Deak authored
commit 9e326f78 upstream. We can call this function for a dummy console that doesn't support setting the font mapping, which will result in a null ptr BUG. So check for this case and return error for consoles w/o font mapping support. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=59321Signed-off-by:
-
Jan Kara authored
commit 474d2605 upstream. Due to a switched left and right side of an assignment, dquot_writeback_dquots() never returned error. This could result in errors during quota writeback to not be reported to userspace properly. Fix it. Coverity-id: 1226884 Signed-off-by:
-
Greg Kroah-Hartman authored
commit d8e7d53a upstream. Back in commit 5136b2da ("PCI: convert bus code to use dev_groups"), I misstyped the 'enable' sysfs filename as 'enabled', which broke the userspace API. This patch fixes that issue by renaming the file back. Fixes: 5136b2da ("PCI: convert bus code to use dev_groups") Reported-by:
Jeff Epler <jepler@unpythonic.net> Tested-by: Jeff Epler <jepler@unpythonic.net> # on v3.14-rt Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com>
-
Jan Kara authored
commit 7938db44 upstream. The check whether quota format is set even though there are no quota files with journalled quota is pointless and it actually makes it impossible to turn off journalled quotas (as there's no way to unset journalled quota format). Just remove the check. Signed-off-by:
-
Emmanuel Grumbach authored
commit 1ffde699 upstream. This reverts commit aa11bbf3. This commit was causing connection issues and is not needed if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default. Regardless of the issues mentioned above, this patch added the following WARNING: WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]() Got an HT rate for a non data frame 0x8 CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G O 3.17.0+ #6 Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 07/02/2014 0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52 0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600 0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020 Call Trace: [<ffffffff814fa911>] ? dump_stack+0x41/0x51 [<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90 [<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50 [<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm] [<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm] [<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm] [<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211] [<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211] [<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211] [<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0 [<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0 [<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0 [<ffffffff8142f670>] ? ether_setup+0x70/0x70 [<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110 [<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40 [<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0 [<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60 [<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0 [<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180 [<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70 [<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f ---[ end trace cc19a150d311fc63 ]--- which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691Signed-off-by:
Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by:
-
Emmanuel Grumbach authored
commit a0855054 upstream. When mac80211 wants to ensure that a frame is sent, it calls the flush() callback. Until now, iwldvm implemented this by waiting that all the frames are sent (ACKed or timeout). In case of weak signal, this can take a significant amount of time, delaying the next connection (in case of roaming). Many users have reported that the flush would take too long leading to the following error messages to be printed: iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2 iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201 iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00 [snip] iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000 [snip] iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 [9,9] [snip] Instead of waiting for these packets, simply drop them. This significantly improves the responsiveness of the network. Note that all the queues are flushed, but the VO one. This is not typically used by the applications and it likely contains management frames that are useful for connection or roaming. This bug is tracked here: https://bugzilla.kernel.org/show_bug.cgi?id=56581 But it is duplicated in distributions' trackers. A simple search in Ubuntu's database led to these bugs: https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809 Depends-on: 77be2c54 ("mac80211: add vif to flush call") Signed-off-by:
-
Emmanuel Grumbach authored
commit 9180ac50 upstream. The LTR is the handshake between the device and the root complex about the latency allowed when the bus exits power save. This configuration was missing and this led to high latency in the link power up. The end user could experience high latency in the network because of this. Signed-off-by:
-
Emmanuel Grumbach authored
commit d14b28fd upstream. Fixes: 2adc8949 ("iwlwifi: mvm: BT Coex - fix boost register / LUT values") Signed-off-by:
-
Will Deacon authored
commit ce9ec37b upstream. When unmapping a range of pages in zap_pte_range, the page being unmapped is added to an mmu_gather_batch structure for asynchronous freeing. If we run out of space in the batch structure before the range has been completely unmapped, then we break out of the loop, force a TLB flush and free the pages that we have batched so far. If there are further pages to unmap, then we resume the loop where we left off. Unfortunately, we forget to update addr when we break out of the loop, which causes us to truncate the range being invalidated as the end address is exclusive. When we re-enter the loop at the same address, the page has already been freed and the pte_present test will fail, meaning that we do not reconsider the address for invalidation. This patch fixes the problem by incrementing addr by the PAGE_SIZE before breaking out of the loop on batch failure. Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
J. Bruce Fields authored
commit 51904b08 upstream. Unknown operation numbers are caught in nfsd4_decode_compound() which sets op->opnum to OP_ILLEGAL and op->status to nfserr_op_illegal. The error causes the main loop in nfsd4_proc_compound() to skip most processing. But nfsd4_proc_compound also peeks ahead at the next operation in one case and doesn't take similar precautions there. Signed-off-by:
J. Bruce Fields <bfields@redhat.com> Signed-off-by:
-
