- 06 Jan, 2016 40 commits
-
-
Arnd Bergmann authored
commit 4bed5395 upstream. The fixed_phy infrastructure is done in a way that is optional, by providing 'static inline' helper functions doing nothing in include/linux/phy_fixed.h for all its APIs. However, three out of the four users (DSA, BCMGENET, and SYSTEMPORT) always 'select FIXED_PHY', presumably because they need that. MVNETA is the fourth one, and if that is built-in but FIXED_PHY is configured as a loadable module, we get a link error: drivers/built-in.o: In function `mvneta_fixed_link_update': fpga-mgr.c:(.text+0x33ed80): undefined reference to `fixed_phy_update_state' Presumably this driver has the same dependency as the others, so this patch also uses 'select' to ensure that the fixed-phy support is built-in. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 898b2970 ("mvneta: implement SGMII-based in-band link state signaling") Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Jarkko Sakkinen authored
commit b1a4144a upstream. Mimi reported that afb5abc2 reverts the fix in 398a1e71. This patch reverts it back. Fixes: afb5abc2 ("tpm: two-phase chip management functions") Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Peter Huewe <PeterHuewe@gmx.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Martin Wilck authored
commit 2aef9da6 upstream. Release IRQs used for probing only. Otherwise the TPM will end up with all IRQs 3-15 assigned. Fixes: afb5abc2 ("tpm: two-phase chip management functions") Signed-off-by: Martin Wilck <Martin.Wilck@ts.fujitsu.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Acked-by: Peter Huewe <PeterHuewe@gmx.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Arnd Bergmann authored
commit fdcb4b2e upstream. resource_size_t may be 32-bit wide on some architectures, which causes this warning when building the NTB code: drivers/ntb/ntb_transport.c: In function 'ntb_transport_link_work': drivers/ntb/ntb_transport.c:828:46: warning: right shift count >= width of type [-Wshift-count-overflow] The warning is harmless but can be avoided by using the upper_32_bits() macro. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: e26a5843 ("NTB: Split ntb_hw_intel and ntb_transport drivers") Signed-off-by: Jon Mason <jdmason@kudzu.us> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Tero Kristo authored
commit 62c8c20a upstream. mcp794xx alarm registers must be written in BCD format. However, the alarm programming logic neglected this by adding one to the value after bin2bcd conversion has been already done, writing bad values to month register in case the alarm being set is in October. In this case, the alarm month value becomes 0x0a instead of the expected 0x10. Fix by moving the +1 addition within the bin2bcd call also. Fixes: 1d1945d2 ("drivers/rtc/rtc-ds1307.c: add alarm support for mcp7941x chips") Signed-off-by: Tero Kristo <t-kristo@ti.com> Acked-by: Nishanth Menon <nm@ti.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Peter Feiner authored
commit 956959f6 upstream. The -i flag was incorrectly listed as a short flag for --no-inherit. It should have only been listed as a short flag for --input. This documentation error has existed since the --input flag was introduced in 6810fc91 (perf trace: Add option to analyze events in a file versus live). Signed-off-by: Peter Feiner <pfeiner@google.com> Cc: David Ahern <dsahern@gmail.com> Link: http://lkml.kernel.org/r/1446657706-14518-1-git-send-email-pfeiner@google.com Fixes: 6810fc91 ("perf trace: Add option to analyze events in a file versus live") Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
WANG Cong authored
commit 87e9f031 upstream. Sasha reported the following lockdep warning: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); This is due to that for IP_MSFILTER and MCAST_MSFILTER, we take rtnl lock before the socket lock in setsockopt() path, but take the socket lock before rtnl lock in getsockopt() path. All the rest optnames are setsockopt()-only. Fix this by aligning the getsockopt() path with the setsockopt() path, so that all mcast socket path would be locked in the same order. Note, IPv6 part is different where rtnl lock is not held. Fixes: 54ff9ef3 ("ipv4, ipv6: kill ip_mc_{join, leave}_group and ipv6_sock_mc_{join, drop}") Reported-by: Sasha Levin <sasha.levin@oracle.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Krzysztof Kozlowski authored
commit 9e4249b4 upstream. Thermal core could not read the temperature after registering the thermal sensor with thermal_zone_of_sensor_register() because the driver was not yet initialized. The call trace looked like: exynos_tmu_probe() thermal_zone_of_sensor_register() of_thermal_set_mode() thermal_zone_device_update() exynos_get_temp() if (!data->tmu_read) return -EINVAL; exynos_map_dt_data() data->tmu_read = ... This produced an error in dmesg: thermal thermal_zone0: failed to read out thermal zone (-22) Register the thermal_zone_device later, after parsing Device Tree and enabling necessary clocks, but before calling exynos_tmu_initialize() which uses the registered thermal_zone_device. Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com> Tested-by: Alim Akhtar <alim.akhtar@samsung.com> Acked-by: Lukasz Majewski <l.majewski@samsung.com> Tested-by: Lukasz Majewski <l.majewski@samsung.com> Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com> Fixes: 3b6a1a80 ("thermal: samsung: core: Exynos TMU rework to use device tree for configuration") Signed-off-by: Eduardo Valentin <edubezval@gmail.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Ben Hutchings authored
commit 3b4d3819 upstream. Fixes: 87b2d440 ("selftests: add memfd/sealing page-pinning tests") Fixes: 2bf9e0ab ("locking/static_keys: Provide a selftest") Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Ben Hutchings authored
commit c28628b8 upstream. do_fork() is no longer defined on x86, so probe _do_fork() instead. Fixes: 3033f14a ("clone: support passing tls argument via C ...") Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
James Morse authored
commit 1b4bb2ea upstream. vfio_platform_{read,write}_mmio() call ioremap_nocache() to map a region of io memory, which they store in struct vfio_platform_region to be eventually re-used, or unmapped by vfio_platform_regions_cleanup(). These functions receive a copy of their struct vfio_platform_region argument on the stack - so these mapped areas are always allocated, and always leaked. Pass this argument as a pointer instead. Fixes: 6e3f2645 "vfio/platform: read and write support for the device fd" Signed-off-by: James Morse <james.morse@arm.com> Acked-by: Baptiste Reynal <b.reynal@virtualopensystems.com> Tested-by: Baptiste Reynal <b.reynal@virtualopensystems.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Michal Kubeček authored
commit ebac62fe upstream. Both tunnel6_protocol and tunnel46_protocol share the same error handler, tunnel6_err(), which traverses through tunnel6_handlers list. For ipip6 tunnels, we need to traverse tunnel46_handlers as we do e.g. in tunnel46_rcv(). Current code can generate an ICMPv6 error message with an IPv4 packet embedded in it. Fixes: 73d605d1 ("[IPSEC]: changing API of xfrm6_tunnel_register") Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Eric Dumazet authored
commit 1d6119ba upstream. This patch fixes following problems : 1) percpu_counter_init() can return an error, therefore init_frag_mem_limit() must propagate this error so that inet_frags_init_net() can do the same up to its callers. 2) If ip[46]_frags_ns_ctl_register() fail, we must unwind properly and free the percpu_counter. Without this fix, we leave freed object in percpu_counters global list (if CONFIG_HOTPLUG_CPU) leading to crashes. This bug was detected by KASAN and syzkaller tool (http://github.com/google/syzkaller) Fixes: 6d7b857d ("net: use lib/percpu_counter API for fragmentation mem accounting") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Jesper Dangaard Brouer <brouer@redhat.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Mathieu Desnoyers authored
commit a15920be upstream. The documentation on top of __DECLARE_TRACE() does not match its implementation since the condition check has been added to the RCU lockdep checks. Update the documentation to match its implementation. Link: http://lkml.kernel.org/r/1446504164-21563-1-git-send-email-mathieu.desnoyers@efficios.com CC: Dave Hansen <dave@sr71.net> Fixes: a05d59a5 "tracing: Add condition check to RCU lockdep checks" Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Bjørn Mork authored
commit 70910791 upstream. The lt4112 is a HP branded Huawei me906e modem. Like other Huawei modems, it does not have a fixed interface to function mapping. Instead it uses a Huawei specific scheme: functions are mapped by subclass and protocol. However, the HP vendor ID is used for modems from many different manufacturers using different schemes, so we cannot apply a generic vendor rule like we do for the Huawei vendor ID. Replace the previous lt4112 entry pointing to an arbitrary interface number with a device specific subclass + protocol match. Reported-and-tested-by: Muri Nicanor <muri+libqmi@immerda.ch> Tested-by: Martin Hauke <mardnh@gmx.de> Fixes: bb2bdeb8 ("qmi_wwan: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem") Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Chuck Lever authored
commit 4220a072 upstream. Commit 8301a2c0 ("xprtrdma: Limit work done by completion handler") was supposed to prevent xprtrdma's upcall handlers from starving other softIRQ work by letting them return to the provider before all CQEs have been polled. The logic assumes the provider will call the upcall handler again immediately if the CQ is re-armed while there are still queued CQEs. This assumption is invalid. The IBTA spec says that after a CQ is armed, the hardware must interrupt only when a new CQE is inserted. xprtrdma can't rely on the provider calling again, even though some providers do. Therefore, leaving CQEs on queue makes sense only when there is another mechanism that ensures all remaining CQEs are consumed in a timely fashion. xprtrdma does not have such a mechanism. If a CQE remains queued, the transport can wait forever to send the next RPC. Finally, move the wcs array back onto the stack to ensure that the poll array is always local to the CPU where the completion upcall is running. Fixes: 8301a2c0 ("xprtrdma: Limit work done by completion ...") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Devesh Sharma <devesh.sharma@avagotech.com> Tested-By: Devesh Sharma <devesh.sharma@avagotech.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Chuck Lever authored
commit 7b3d770c upstream. ib_req_notify_cq(IB_CQ_REPORT_MISSED_EVENTS) returns a positive value if WCs were added to a CQ after the last completion upcall but before the CQ has been re-armed. Commit 7f23f6f6 ("xprtrmda: Reduce lock contention in completion handlers") assumed that when ib_req_notify_cq() returned a positive RC, the CQ had also been successfully re-armed, making it safe to return control to the provider without losing any completion signals. That is an invalid assumption. Change both completion handlers to continue polling while ib_req_notify_cq() returns a positive value. Fixes: 7f23f6f6 ("xprtrmda: Reduce lock contention in ...") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Devesh Sharma <devesh.sharma@avagotech.com> Tested-By: Devesh Sharma <devesh.sharma@avagotech.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Jon Medhurst \(Tixy\) authored
commit 14f1ba3a upstream. The check for correct frequency being set in bL_cpufreq_set_rate is broken when the big.LITTLE switcher is active, for two reasons. 1. The 'new_rate' variable gets overwritten before the test by the code calculating the frequency of the old cluster. 2. The frequency returned by bL_cpufreq_get_rate will be the virtual frequency, not the actual one the intended version of new_rate contains. This means the function always returns an error causing an endless stream of: "cpufreq: __target_index: Failed to change cpu frequency: -5" As the intent is to check for errors that clk_set_rate doesn't report lets move the check to immediately after that and directly use clk_get_rate, rather than the arm_big_little helpers which only confuse matters. Also, update the comment to be hopefully clearer about the purpose of the code. Fixes: 0a95e630 (cpufreq: arm_big_little: check if the frequency is set correctly) Signed-off-by: Jon Medhurst <tixy@linaro.org> Acked-by: Sudeep Holla <sudeep.holla@arm.com> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Reviewed-by: Michael Turquette <mturquette@baylibre.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Hannes Frederic Sowa authored
commit 682b1a9d upstream. We cannot reliable calculate packet size on MSG_MORE corked sockets and thus cannot decide if they are going to be fragmented later on, so better not use CHECKSUM_PARTIAL in the first place. The IPv6 code also intended to protect and not use CHECKSUM_PARTIAL in the existence of IPv6 extension headers, but the condition was wrong. Fix it up, too. Also the condition to check whether the packet fits into one fragment was wrong and has been corrected. Fixes: commit 32dce968 ("ipv6: Allow for partial checksums on non-ufo packets") See-also: commit 72e843bb ("ipv6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet <edumazet@google.com> Cc: Vlad Yasevich <vyasevich@gmail.com> Cc: Benjamin Coddington <bcodding@redhat.com> Cc: Tom Herbert <tom@herbertland.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Bart Van Assche authored
commit db7489e0 upstream. Move the __attribute_const__ declarations such that sparse understands that these apply to the function itself and not to the return type. This avoids that sparse reports error messages like the following: drivers/infiniband/core/verbs.c:73:12: error: symbol 'ib_event_msg' redeclared with different type (originally declared at include/rdma/ib_verbs.h:470) - different modifiers Fixes: 2b1b5b60 ("IB/core, cma: Nice log-friendly string helpers") Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Sagi Grimberg <sagig@mellanox.com> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Yinghai Lu authored
commit af86fa40 upstream. David reported that a T5-8 sparc system failed to boot with: pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff]) pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff]) pci 0000:00:01.0: can't claim BAR 15 [mem 0x100000000-0x4afffffff pref]: no compatible bridge window Note that we don't know about a host bridge aperture that contains BAR 15. OF does report a MEM64 aperture, but before this patch, pci_determine_mem_io_space() ignored it. Add support for host bridge apertures with 64-bit PCI addresses. Also set IORESOURCE_MEM_64 for PCI device and bridge resources in PCI 64-bit memory space. Sparc doesn't actually print the device and bridge resources, but after this patch, we should have the equivalent of this: pci_sun4v f02dbcfc: PCI host bridge to bus 0000:00 pci_bus 0000:00: root bus resource [io 0x804000000000-0x80400fffffff] (bus address [0x0000-0xfffffff]) pci_bus 0000:00: root bus resource [mem 0x800000000000-0x80007effffff] (bus address [0x00000000-0x7effffff]) pci_bus 0000:00: root bus resource [mem 0x800100000000-0x8007ffffffff] (bus address [0x100000000-0x7ffffffff]) pci 0000:00:01.0: bridge window [mem 0x800100000000-0x8004afffffff 64bit pref] [bhelgaas: changelog, URL to David's report] Fixes: d63e2e1f ("sparc/PCI: Clip bridge windows to fit in upstream windows") Link: http://lkml.kernel.org/r/5514391F.2030300@oracle.comReported-by: David Ahern <david.ahern@oracle.com> Tested-by: David Ahern <david.ahern@oracle.com> Tested-by: Khalid Aziz <khalid.aziz@oracle.com> Signed-off-by: Yinghai Lu <yinghai@kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Alexander Duyck authored
commit ea9a8854 upstream. The enumeration path should leave NumVFs set to zero. But after 4449f079 ("PCI: Calculate maximum number of buses required for VFs"), we call virtfn_max_buses() in the enumeration path, which changes NumVFs. This NumVFs change is visible via lspci and sysfs until a driver enables SR-IOV. Iterate from TotalVFs down to zero so NumVFs is zero when we're finished computing the maximum number of buses. Validate offset and stride in the loop, so we can test it at every possible NumVFs setting. Rename virtfn_max_buses() to compute_max_vf_buses() to hint that it does have a side effect of updating iov->max_VF_buses. [bhelgaas: changelog, rename, allow numVF==1 && stride==0, rework loop, reverse sense of error path] Fixes: 4449f079 ("PCI: Calculate maximum number of buses required for VFs") Based-on-patch-by: Ethan Zhao <ethan.zhao@oracle.com> Signed-off-by: Alexander Duyck <aduyck@mirantis.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Florian Westphal authored
commit dbc3617f upstream. nfnetlink_bind request_module()s all the time as nfnetlink_get_subsys() shifts the argument by 8 to obtain the subsys id. So using type instead of type << 8 always returns NULL. Fixes: 03292745 ("netlink: add nlk->netlink_bind hook for module auto-loading") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Masahiro Yamada authored
commit 3f5ceec9 upstream. fdt_translate_address() returns OF_BAD_ADDR on error. It is defined as a u64 value, so the variable "addr" should be defined as u64 as well. Fixes: fb11ffe7 ("of/fdt: add FDT serial scanning for earlycon") Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Munehisa Kamata authored
commit 94f9cd81 upstream. Commit 8b13eddf ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") has introduced a trivial logic change which can result in the following crash. BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 IP: [<ffffffffa033002d>] nf_nat_redirect_ipv4+0x2d/0xa0 [nf_nat_redirect] PGD 3ba662067 PUD 3ba661067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: ipv6(E) xt_REDIRECT(E) nf_nat_redirect(E) xt_tcpudp(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) ip_tables(E) x_tables(E) binfmt_misc(E) xfs(E) libcrc32c(E) evbug(E) evdev(E) psmouse(E) i2c_piix4(E) i2c_core(E) acpi_cpufreq(E) button(E) ext4(E) crc16(E) jbd2(E) mbcache(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) CPU: 0 PID: 2536 Comm: ip Tainted: G E 4.1.7-15.23.amzn1.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.2.amazon 05/06/2015 task: ffff8800eb438000 ti: ffff8803ba664000 task.ti: ffff8803ba664000 [...] Call Trace: <IRQ> [<ffffffffa0334065>] redirect_tg4+0x15/0x20 [xt_REDIRECT] [<ffffffffa02e2e99>] ipt_do_table+0x2b9/0x5e1 [ip_tables] [<ffffffffa0328045>] iptable_nat_do_chain+0x25/0x30 [iptable_nat] [<ffffffffa031777d>] nf_nat_ipv4_fn+0x13d/0x1f0 [nf_nat_ipv4] [<ffffffffa0328020>] ? iptable_nat_ipv4_fn+0x20/0x20 [iptable_nat] [<ffffffffa031785e>] nf_nat_ipv4_in+0x2e/0x90 [nf_nat_ipv4] [<ffffffffa03280a5>] iptable_nat_ipv4_in+0x15/0x20 [iptable_nat] [<ffffffff81449137>] nf_iterate+0x57/0x80 [<ffffffff814491f7>] nf_hook_slow+0x97/0x100 [<ffffffff814504d4>] ip_rcv+0x314/0x400 unsigned int nf_nat_redirect_ipv4(struct sk_buff *skb, ... { ... rcu_read_lock(); indev = __in_dev_get_rcu(skb->dev); if (indev != NULL) { ifa = indev->ifa_list; newdst = ifa->ifa_local; <--- } rcu_read_unlock(); ... } Before the commit, 'ifa' had been always checked before access. After the commit, however, it could be accessed even if it's NULL. Interestingly, this was once fixed in 2003. http://marc.info/?l=netfilter-devel&m=106668497403047&w=2 In addition to the original one, we have seen the crash when packets that need to be redirected somehow arrive on an interface which hasn't been yet fully configured. This change just reverts the logic to the old behavior to avoid the crash. Fixes: 8b13eddf ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") Signed-off-by: Munehisa Kamata <kamatam@amazon.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Sergei Shtylyov authored
commit 76d63c2b upstream. The "compatible" property text contradicts even the example given in the MMCIF binding document itself; moreover, the Renesas MMCIF driver only matches on the generic "compatible" string and doesn't look for the SoC specific strings at all. Thus describe "renesas,sh-mmcif" as a fallback value. Fixes: b4c27763 ("mmc: sh_mmcif: Document DT bindings") Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Acked-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Ralf Baechle authored
commit f25319d2 upstream. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Fixes: f24219b4 (cherry picked from commit f0a232cde7be18a207fd057dd79bbac8a0a45dec) Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Arnd Bergmann authored
commit cc6a7aab upstream. The gss_key_timeout() function causes a harmless warning in some configurations, e.g. ARM imx_v6_v7_defconfig with gcc-5.2, if the compiler cannot figure out the state of the 'expire' variable across an rcu_read_unlock(): net/sunrpc/auth_gss/auth_gss.c: In function 'gss_key_timeout': net/sunrpc/auth_gss/auth_gss.c:1422:211: warning: 'expire' may be used uninitialized in this function [-Wmaybe-uninitialized] To avoid this warning without adding a bogus initialization, this rewrites the function so the comparison is done inside of the critical section. As a side-effect, it also becomes slightly easier to understand because the implementation now more closely resembles the comment above it. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: c5e6aecd ("sunrpc: fix RCU handling of gc_ctx field") Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Namhyung Kim authored
commit 39ff7cdb upstream. The annotate__configs should be sorted so that it can use bsearch(3). However commit 0c4a5bce ("perf annotate: Display total number of samples with --show-total-period") added a new config item at the end. This resulted in the 'annotate.use_offset' config variable cannot be found and perf terminated like below: $ perf report bad config file line 6 in ~/.perfconfig Signed-off-by: Namhyung Kim <namhyung@kernel.org> Cc: David Ahern <dsahern@gmail.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Martin Liška <mliska@suse.cz> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Taeung Song <treeze.taeung@gmail.com> Fixes: 0c4a5bce ("perf annotate: Display total number of samples with --show-total-period") Link: http://lkml.kernel.org/r/1445396240-3428-1-git-send-email-namhyung@kernel.orgSigned-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Neil Armstrong authored
commit 468a3208 upstream. Since the "Switch driver to use transfer_one" change, the cs_change behavior has changed and a channel chip select can still be asserted when changing channel from a previous last transfer in a message having the cs_change attribute. Since there is no sense having multiple chip select being asserted at the same time, disable all the remaining forced chip selects in a the prepare_message called right before a spi_transfer_one_message call. It ignores the current channel configuration in order to keep the possibility to leave the chip select asserted between messages. It fixes this bug on a DM8168 SoC ES2.1 Soc and an OMAP4 ES2.1 SoC. It was hanging all the other channels transfers when a CHCONF_FORCE is present on the wrong channel. Fixes: b28cb941 ("spi: omap2-mcspi: Switch driver to use transfer_one") Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Reviewed-by: Michael Welling <mwelling@ieee.org> Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Arnd Bergmann authored
commit 5d1e6235 upstream. The INIT_UDATA() macro requires a pointer or unsigned long argument for both input and output buffer, and all callers had a cast from when the code was merged until a recent restructuring, so now we get core/uverbs_cmd.c: In function 'ib_uverbs_create_cq': core/uverbs_cmd.c:1481:66: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] This makes the code behave as before by adding back the cast to unsigned long. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 565197dd ("IB/core: Extend ib_uverbs_create_cq") Reviewed-by: Yann Droneaud <ydroneaud@opteya.com> Signed-off-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Arnd Bergmann authored
commit b61e564a upstream. Casting a pointer to __be64 produces a warning on 32-bit architectures: drivers/infiniband/hw/cxgb4/mem.c:147:20: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] req->wr.wr_lo = (__force __be64)&wr_wait; This was fixed at least twice for this driver in different places, and accidentally reverted once more. This puts the correct version back in place. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 6198dd8d ("iw_cxgb4: 32b platform fixes") Signed-off-by: Doug Ledford <dledford@redhat.com> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Yuchung Cheng authored
commit 9e45a3e3 upstream. Currently ca_seq_rtt_us does not use Kern's check. Fix that by checking if any packet acked is a retransmit, for both RTT used for RTT estimation and congestion control. Fixes: 5b08e47c ("tcp: prefer packet timing to TS-ECR for RTT") Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Michal Sojka authored
commit f6aad261 upstream. Fixes: 31847b67 ("kconfig: allow use of relations other than (in)equality") Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> Reviewed-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Michal Marek <mmarek@suse.cz> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Takashi Sakamoto authored
commit fef586d5 upstream. In former commit, metering is supported for BeBoB based models customized by M-Audio. The data in transaction is aligned to big-endianness, while in the driver code u16 typed variable is assigned to the data. This causes sparse warnings. bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 bebob_maudio.c:651:31: warning: cast to restricted __be16 This commit fixes this bug by using __be16 variable for the data. Fixes: 3149ac48('ALSA: bebob: Add support for M-Audio special Firewire series') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Takashi Sakamoto authored
commit 463543ac upstream. In former commit, snd_efw_command_get_phys_meters() was added to handle metering data. The given buffer is used to save transaction result and to convert between endianness. But this causes sparse warnings. fireworks_command.c:269:25: warning: incorrect type in argument 1 (different base types) fireworks_command.c:269:25: expected unsigned int [usertype] *p fireworks_command.c:269:25: got restricted __be32 [usertype] * This commit fixes this bug. Fixes: bde8a8f2('ALSA: fireworks: Add transaction and some commands') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Takashi Sakamoto authored
commit cbc6f280 upstream. In former commit, u32 data was assigned to __be32 variable instead of an int variable. This is not enough solution because it still causes sparse warnings. dice.c:80:23: warning: incorrect type in assignment (different base types) dice.c:80:23: expected restricted __be32 [usertype] value dice.c:80:23: got unsigned int dice.c:81:21: warning: restricted __be32 degrades to integer dice.c:81:46: warning: restricted __be32 degrades to integer This commit fixes this bug. Fixes: 7c2d4c0c('ALSA: dice: Split transaction functionality into a file') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Takashi Sakamoto authored
commit 3e93d42a upstream. Some local variables in some functions are typed as unsigned int, while __be32 value is assigned to them. This causes sparse warnings. dice-stream.c:50:17: warning: incorrect type in assignment (different base types) dice-stream.c:50:17: expected unsigned int [unsigned] channel dice-stream.c:50:17: got restricted __be32 [usertype] <noident> dice-stream.c:74:17: warning: incorrect type in assignment (different base types) dice-stream.c:74:17: expected unsigned int [unsigned] channel dice-stream.c:74:17: got restricted __be32 [usertype] <noident> This commit fixes this bug. Fixes: 288a8d0c('ALSA: dice: Change the way to start stream') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Lukas Wunner authored
commit 3c67d839 upstream. In its original version, drm_framebuffer_init() returned a negative int if drm_mode_object_get() failed (f453ba04, "DRM: add mode setting support"). This was accidentally disabled by commit 4b096ac1 ("drm: revamp locking around fb creation/destruction"). Thus, drm_framebuffer_init() pretends success if drm_mode_object_get() failed. Reinstate the original behaviour. Also fix erroneous kernel-doc of drm_mode_object_get(). Fixes: 4b096ac1 ("drm: revamp locking around fb creation/ destruction") Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Lukas Wunner <lukas@wunner.de> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-
Takashi Sakamoto authored
commit df483388 upstream. When committed to upstream, these four modules had wrong entries for Makefile. This forces them to be loadable modules even if they're set as built-in. This commit fixes this bug. Fixes: b5b04336('ALSA: fireworks: Add skelton for Fireworks based devices') Fixes: fd6f4b0d('ALSA: bebob: Add skelton for BeBoB based devices') Fixes: 1a4e39c2('ALSA: oxfw: Move to its own directory') Fixes: 14ff6a09('ALSA: dice: Move file to its own directory') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
-