1. 27 Apr, 2015 5 commits
    • Hans de Goede's avatar
      uas: Do not blacklist ASM1153 disk enclosures · f0932f97
      Hans de Goede authored
      commit 078fd7d6 upstream.
      
      Our detection logic to avoid doing UAS on ASM1051 bridge chips causes problems
      with newer ASM1153 disk enclosures in 2 ways:
      
      1) Some ASM1153 disk enclosures re-use the ASM1051 device-id of 5106, which
         we assume is always an ASM1051, so remove the quirk for 5106, and instead
         use the same detection logic as we already use for device-id 55aa, which is
         used for all of ASM1051, ASM1053 and ASM1153 devices <sigh>.
      
      2) Our detection logic to differentiate between ASM1051 and ASM1053 sees
         ASM1153 devices as ASM1051 because they have 32 streams like ASM1051 devs.
         Luckily the ASM1153 descriptors are not 100% identical, unlike the previous
         models the ASM1153 has bMaxPower == 0, so use that to differentiate it.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
      f0932f97
    • Arun Chandran's avatar
      arm64: vdso: fix build error when switching from LE to BE · 8b0caebc
      Arun Chandran authored
      commit 1915e2ad upstream.
      
      Building a kernel with CPU_BIG_ENDIAN fails if there are stale objects
      from a !CPU_BIG_ENDIAN build. Due to a missing FORCE prerequisite on an
      if_changed rule in the VDSO Makefile, we attempt to link a stale LE
      object into the new BE kernel.
      
      According to Documentation/kbuild/makefiles.txt, FORCE is required for
      if_changed rules and forgetting it is a common mistake, so fix it by
      'Forcing' the build of vdso. This patch fixes build errors like these:
      
      arch/arm64/kernel/vdso/note.o: compiled for a little endian system and target is big endian
      failed to merge target specific data of file arch/arm64/kernel/vdso/note.o
      
      arch/arm64/kernel/vdso/sigreturn.o: compiled for a little endian system and target is big endian
      failed to merge target specific data of file arch/arm64/kernel/vdso/sigreturn.o
      Tested-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarArun Chandran <achandran@mvista.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
      8b0caebc
    • Ian Abbott's avatar
      spi: spidev: fix possible arithmetic overflow for multi-transfer message · a53a7ec9
      Ian Abbott authored
      commit f20fbaad upstream.
      
      `spidev_message()` sums the lengths of the individual SPI transfers to
      determine the overall SPI message length.  It restricts the total
      length, returning an error if too long, but it does not check for
      arithmetic overflow.  For example, if the SPI message consisted of two
      transfers and the first has a length of 10 and the second has a length
      of (__u32)(-1), the total length would be seen as 9, even though the
      second transfer is actually very long.  If the second transfer specifies
      a null `rx_buf` and a non-null `tx_buf`, the `copy_from_user()` could
      overrun the spidev's pre-allocated tx buffer before it reaches an
      invalid user memory address.  Fix it by checking that neither the total
      nor the individual transfer lengths exceed the maximum allowed value.
      
      Thanks to Dan Carpenter for reporting the potential integer overflow.
      Signed-off-by: default avatarIan Abbott <abbotti@mev.co.uk>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      [ luis: backported to 3.16: used backport provided by Ian ]
      Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
      a53a7ec9
    • Peter Hurley's avatar
      n_tty: Fix read buffer overwrite when no newline · 2d38719a
      Peter Hurley authored
      commit fb5ef9e7 upstream.
      
      In canon mode, the read buffer head will advance over the buffer tail
      if the input > 4095 bytes without receiving a line termination char.
      
      Discard additional input until a line termination is received.
      Before evaluating for overflow, the 'room' value is normalized for
      I_PARMRK and 1 byte is reserved for line termination (even in !icanon
      mode, in case the mode is switched). The following table shows the
      transform:
      
       actual buffer |  'room' value before overflow calc
        space avail  |    !I_PARMRK    |    I_PARMRK
       --------------------------------------------------
            0        |       -1        |       -1
            1        |        0        |        0
            2        |        1        |        0
            3        |        2        |        0
            4+       |        3        |        1
      
      When !icanon or when icanon and the read buffer contains newlines,
      normalized 'room' values of -1 and 0 are clamped to 0, and
      'overflow' is 0, so read_head is not adjusted and the input i/o loop
      exits (setting no_room if called from flush_to_ldisc()). No input
      is discarded since the reader does have input available to read
      which ensures forward progress.
      
      When icanon and the read buffer does not contain newlines and the
      normalized 'room' value is 0, then overflow and room are reset to 1,
      so that the i/o loop will process the next input char normally
      (except for parity errors which are ignored). Thus, erasures, signalling
      chars, 7-bit mode, etc. will continue to be handled properly.
      
      If the input char processed was not a line termination char, then
      the canon_head index will not have advanced, so the normalized 'room'
      value will now be -1 and 'overflow' will be set, which indicates the
      read_head can safely be reset, effectively erasing the last char
      processed.
      
      If the input char processed was a line termination, then the
      canon_head index will have advanced, so 'overflow' is cleared to 0,
      the read_head is not reset, and 'room' is cleared to 0, which exits
      the i/o loop (because the reader now have input available to read
      which ensures forward progress).
      
      Note that it is possible for a line termination to be received, and
      for the reader to copy the line to the user buffer before the
      input i/o loop is ready to process the next input char. This is
      why the i/o loop recomputes the room/overflow state with every
      input char while handling overflow.
      
      Finally, if the input data was processed without receiving
      a line termination (so that overflow is still set), the pty
      driver must receive a write wakeup. A pty writer may be waiting
      to write more data in n_tty_write() but without unthrottling
      here that wakeup will not arrive, and forward progress will halt.
      (Normally, the pty writer is woken when the reader reads data out
      of the buffer and more space become available).
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarJoseph Salisbury <joseph.salisbury@canonical.com>
      Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
      2d38719a
    • Luis Henriques's avatar
      Linux 3.16.7-ckt10 · aaab4ac7
      Luis Henriques authored
      Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
      aaab4ac7
  2. 21 Apr, 2015 11 commits
  3. 13 Apr, 2015 24 commits