- 20 Apr, 2014 17 commits
-
-
Lv Zheng authored
The original table handling code does not always verify checksums before installing a table, this is because code to achieve this must be implemented here and there in the redundant code blocks. There are two stages during table initialization: 1. "INSTALLED" after acpi_tb_install_table() and acpi_tb_override_table(), struct acpi_table_desc.Pointer is ensured to be NULL. This can be safely used during OSPM's early boot stage. 2. "VALIDATED" after acpi_tb_validate_table(), struct acpi_table_desc.Pointer is ensured to be not NULL. This must not be used during OSPM's early boot stage. This patch changes acpi_tb_add_table() into an early boot safe API to reduce code redundancies by changing the table state that is returned by this function from "VALIDATED" to "INSTALLED". Then the table verification code can be done in a single place. Originally, the acpi_tb_add_table() can only be used by dynamic table loadings that are executed after early boot stage, it cannot be used by static table loadings that are executed in early boot stage as: 1. The address of the table is a virtual address either maintained by OSPMs who call acpi_load_table() or by ACPICA whenever "Load" or "LoadTable" opcodes are executed, while during early boot stage, physical address of the table should be used for table loading. 2. The API will ensure the state of the loaded table to be "VALIDATED" while during early boot stage, tables maintained by root table list should be kept as "INSTALLED". To achieve this: 1. Rename acpi_tb_install_table() to acpi_tb_install_fixed_table() as it only applies to DSDT/FACS installation. Rename acpi_tb_add_table() to acpi_tb_install_non_fixed_table() as it will be applied to the installation of the rest kinds of tables. 2. Introduce acpi_tb_install_table(), acpi_tb_install_and_override_table to collect redudant code where their invocations actually have slight differences. 1. acpi_tb_install_table() is used to fill an struct acpi_table_desc where the table length is known to the caller. 2. acpi_tb_install_and_override_table() is used to perform necessary overriding before installation. 3. Change a parameter of acpi_tb_install_non_fixed_table() from struct acpi_table_desc to acpi_physical_address to allow it to be invoked by static table loadings. Also cleanup acpi_ex_load_op() and acpi_load_table() to accomodate to the parameter change. 4. Invoke acpi_tb_install_non_fixed_table() for all table loadings other than DSDT/FACS in acpi_tb_parse_root_table() to improve code maintainability (logics are collected in the single function). Also delete useless code from acpi_tb_parse_root_table(). 5. Remove all acpi_tb_validate_table() from acpi_tb_install_non_fixed_table() and acpi_tb_install_fixed_table() so that the table descriptor is kept in the state of "INSTALLED" but not "VALIDATED" after returning from these functions. 6. Introduce temporary struct acpi_table_desc (new_table_desc/old_table_desc) into the functions to indicate a table descriptor that is not maintained by acpi_gbl_root_table_list. Introduce acpi_tb_acquire_temporal_table() and acpi_tb_release_temporal_table() to handle the use cases of such temporal tables. They are only used for verified installation. 7. Introduce acpi_tb_verify_table() to validate table and verify table checksum, also remove table checksum verification from acpi_tb_validate_table(). Invoke acpi_tb_validate_table() in the functions that will convert a table into "LOADED" state or invoke it from acpi_get_table_XXX() APIs. Invoke acpi_tb_verify_table() on temporary struct acpi_table_desc(s) that are going to be "INSTALLED". 8. Change acpi_tb_override_table() logic so that a temporary struct acpi_table_desc will be overridden before installtion, this makes code simpler. After applying the patch, tables are always installed after being overridden and the table checksums are always verified before installation. Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> [rjw: Subject] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
As acpi_tb_validate_table() returns failure on checksum verification without doing invalidatation, all its invocations that are not done to a descriptor stored in acpi_gbl_root_table_list are checked and balanced. But this is not a real issue as the descritors that have been passed to acpi_tb_add_table() are all virtual address tables and the validations are in fact no-op. The cleanup can ensure that any future extensions made on acpi_tb_add_table() to allow it to be invoked with physical address tables will not trigger memory leakage regressions. Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> [rjw: Subject] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
This patch is mainly a naming cleanup to clarify hidden logics, no functional changes. acpi_initialize_tables() is used by Linux to install table addresses for early boot steps. During this stage, table addresses are mapped by early_ioremap() mechanism which is different from the runtime IO mappings. Thus it is not safe for ACPICA to keep mapped pointers in struct acpi_table_desc structure during this stage. In order to support this in ACPICA, table states are divided into 1. "INSTALLED" (where struct acpi_table_desc.Pointer is always NULL) and 2. "VALIDATED" (where struct acpi_table_desc.Pointer is always not NULL). During acpi_initialize_tables(), table state are ensured to be "INSTALLED" but not "VALIDATED". This logic is ensured by the original code in very ambigious way. For example, currently acpi_tb_delete_table() is invoked in some place to perform an uninstallation while it is invoked in other place to perform an invalidation. They happen to work just because no one enters the penalty where the 2 behaviours are not equivalent. The naming cleanups are made in this patch: A. For installation and validation: There is code setting struct acpi_table_desc.Pointer first and delete it immediately to keep the descriptor's state as "INSTALLED" during the installation. This patch implements this in more direct way. After applying it, struct acpi_table_desc.Pointer will never be set in acpi_tb_install_table() and acpi_tb_override_table() as they are the only functions invoked during acpi_initialize_tables(). This is achieved by: 1. Rename acpi_tb_verify_table() to acpi_tb_validate_table() to clarify this change. 2. Rename acpi_tb_table_override() to acpi_tb_override_table() to keep nameing consistencies as other APIs (verb. Table). 3. Stops setting struct acpi_table_desc.Pointer in acpi_tb_install_table() and acpi_tb_table_override(). 4. Introduce acpi_tb_acquire_table() to acquire the table pointer that is not maintained in the struct acpi_table_desc of the global root table list and rewrite acpi_tb_validate_table() using this new function to reduce redundancies. 5. Replace the table pointer using the overridden table pointer in acpi_tb_add_table(). As acpi_tb_add_table() is not invoked during early boot stage, tables returned from this functions should be "VALIDATED". As acpi_tb_override_table() is modified by this patch to return a "INSTALLED" but not "VALIDATED" descriptor, to keep acpi_tb_add_table() unchanged, struct acpi_table_desc.Pointer is filled in acpi_tb_add_table(). B. For invalidation and uninstallation: The original code invalidate table by invoking acpi_tb_delete_table() here and there, but actually this function should only be used to uninstall tables. This can work just because its invocations are equivalent to invalidation in some cases. This patch splits acpi_tb_delete_table() into acpi_tb_invalidate_table() and acpi_tb_uninstall_table() and cleans up the hidden logic using the new APIs. This is achieved by: 1. Rename acpi_tb_delete_table() to acpi_tb_uninstall_table() as it is mainly called before resetting struct acpi_table_desc.Address. Thus the table descriptor is in "not INSTALLED" state. This patch enforces this by setting struct acpi_table_desc.Address to NULL in this function. 2. Introduce acpi_tb_invalidate_table() to be the reversal of acpi_tb_validate_table() and invoke it in acpi_tb_uninstall_table(). 3. Introduce acpi_tb_release_table() to release the table pointer that is not maintained in acpi_gbl_root_table_list and rewrite acpi_tb_invalidate_table() using this new function to reduce redundancies. After cleaning up, the maintainability of the internal APIs are also improved: 1. acpi_tb_acquire_table: Acquire struct acpi_table_header according to ACPI_TABLE_ORIGIN_xxx flags. 2. acpi_tb_release_table: Release struct acpi_table_header according to ACPI_TABLE_ORIGIN_xxx flags. 3. acpi_tb_install_table: Make struct acpi_table_desc.Address not NULL according to ACPI_TABLE_ORIGIN_xxx flags. 4. acpi_tb_uninstall_table: Make struct acpi_table_desc.Address NULL according to ACPI_TABLE_ORIGIN_xxx flags. 5. acpi_tb_validate_table: Make struct acpi_table_desc.Pointer not NULL according to ACPI_TABLE_ORIGIN_xxx flags. 6. acpi_tb_invalidate_table: Make struct acpi_table_desc.Pointer NULL according to ACPI_TABLE_ORIGIN_xxx flags. 7. acpi_tb_override_table: Replace struct acpi_table_desc.Address and struct acpi_table_desc.Flags. It only happens in "INSTALLED" state. The patch has been unit tested in acpi_exec by: 1. Initializing; 2. Executing exc_tbl ASLTS tests; 3. Executing "Load" command. So that all original acpi_tb_install_table() and acpi_tb_override_table() invocations are covered. Known Issues: 1. Cleanup acpi_tb_add_table() to Kill Code Redundancies Current implementation in acpi_tb_add_table() is not very clean, further patch can rewrite acpi_tb_add_table() with ordered acpi_tb_install_table(), acpi_tb_override_table() and acpi_tb_validate_table(). It is not done in this patch so that it is easy for the reviewers to understand the changes in this patch. Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
Currently there are following issues in acpi_tb_add_table(): Following logic is currently correct: 1. When a table is allocated in acpi_ex_load_op(), if a reloading happens, the allocated memory is freed by acpi_tb_add_table() and AE_OK is returned to the caller to avoid the caller to free it again. Following logic is currently incorrect: 1. When a table is allocated in acpi_ex_load_op() or by the acpi_load_table() caller, if the table is already loaded, there will be twice ACPI_FREE() called for the same pointer when acpi_tb_add_table() returns AE_ALREADY_EXISTS. This patch only fixes the above incorrect logic in acpi_tb_add_table(): 1. Only invoke acpi_tb_delete_table() if AE_OK is going to be returned. 2. After doing so, we do not invoke ACPI_FREE() when returning AE_OK; Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> [rjw: Subject] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
When table is overridden or reloaded, acpi_tb_delete_table() is called where struct acpi_table_desc.Pointer will be NULL. It thus is impossible for virtual addressed tables to obtain the .Pointer again in acpi_tb_verify_table(). This patch stores virtual table addresses (ACPI_TABLE_ORIGIN_ALLOCATED, ACPI_TABLE_ORIGIN_UNKNOWN, ACPI_TABLE_ORIGIN_OVERRIDE) in the struct acpi_table_desc.Address field and refills the struct acpi_table_desc.Pointer using these addresses in acpi_tb_verify_table(). Note that if a table with ACPI_TABLE_ORIGIN_ALLOCATED set is actually freed, the .Address field should be invalidated and thus must be replaced with NULL to avoid wrong future validations occuring in acpi_tb_verify_table(). Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
The divergences in the ACPICA files makes it difficult to maintain linuxize ACPICA table commits. This patch reduces such divergences before applying table manager commits so that human interventions of patch rebasing can be reduced. Signed-off-by: Lv Zheng <lv.zheng@intel.com> [rjw: Subject] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
Adds "OriginalSyncLevel" field to the output. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Colin Ian King authored
Adds PPC64 as a 64-bit architecture. Colin Ian King. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
When the following commmit is back ported to ACPICA, comments have been updated: Subject: ACPICA: Linux-specific header: Update support for Linux/acpi applications. This patch back ports the differences between the ACPICA upstream and Linux. Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> [rjw: Subject] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Lv Zheng authored
This patch cleans up all of the acpi_os_wait_events_complete() invocations to make it to be invoked inside of ACPICA in the way to accommodate Linux's work queue implementation. According to the report, current Linux kernel code is facing a boot time race issue in the acpi_remove_notify_handler(). This is because: Linux is using work queues to implement a deferred handler call environment while ACPICA expects OSPM to implement acpi_os_wait_events_complete() using wait queues. The position to invoke a "waiter" is not suitable for a "flusher" as new invocations can be scheduled after this position and before the deletion of the handler from its management container. Since the following commit has deleted acpi_os_wait_events_complete() parameters, it thus might not be possible for OSPM to achieve a safe removal using wait queues. This requires ACPICA to be changed accordingly to "flush" handlers rather than "wait" them to be drain up: Commit: 5ff986a2a9db11858247b71fe242fe17617229aa Date: Wed, 16 May 2012 13:36:07 -0700 Subject: Introduce acpi_os_wait_events_complete interface. This interface will block until asynchronous events like notifies and GPEs are complete. Within ACPICA, it is called before a notify or GPE handler is removed. ACPICA BZ 868. This patch fixes this issue by invoking acpi_os_wait_events_complete() in the way to "flush" things - it thus should be put to the position after handler is removed from its management container but before it is destructed. The technical concerns are: 1. MTX_NAMESPACE is used to protect things that acpi_os_wait_events_complete() might be waiting for, thus MTX_NAMESPACE must be unlocked before invoking acpi_os_wait_events_complete(). 2. MTX_NAMESPACE is also used to implement the serialization of acpi_install_notify_handler() and acpi_remove_notify_handler(). This patch changes this logic, thus if there are many acpi_install/remove_notify_handler() invoked in parallel, the acpi_os_wait_events_complete() might face the races which could cause it never running to an end. Normally this will require additional code to implement a separate locking facility which is not implemented due to 3. 3. Given ACPICA users will always invoke acpi_install_notify_handler() once during Linux module/device initialization and invoke acpi_remove_notify_handler() once during module/device finalization, problem stated in 2 will not happen in Linux environment due to the mutual exclusive module/device existence, this fix thus is sufficient. Same concerns can apply to acpi_install/remove_gpe_handler(). Reported and tested: Ronald Vink. Fixed: Lv Zheng. References: https://bugzilla.kernel.org/show_bug.cgi?id=60583Signed-off-by: Lv Zheng <lv.zheng@intel.com> Reported-and-Tested-by: Ronald Vink <ronald.vink@boskalis.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
For Notify operators, displays a comment that describe the meaning of the notify value. This patch updates the debugging information that is enabled for CONFIG_ACPI_DEBUG builds. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
For _HID and _CID, the disassembler will emit a string that describes the device if the _HID/_CID value is recognized. acpihelp updated also. acpihelp will now search for a specific ID as well as displaying the list of "known" (to ACPICA) IDs. This patch does not affect Linux kernel behavior as the disassembler and the acpihelp are not shipped with it. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
We would like to see the ASL for any machine that uses this operator, so emit at least a warning to hopefully draw some attention. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
Some versions of gcc implement strchr via a macro, which either contains bugs or can provoke a bug in the compiler. This change fixes a possible compile-time error when using this function. The problem is usually seen when compiling the getopt.c module. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
Change all comments that contain the string "ACPI CA" to "ACPICA" so that the name is standard across the entire source base. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
David Binderman authored
ACPICA BZ 1077. David Binderman. References: https://bugs.acpica.org/show_bug.cgi?id=1077Signed-off-by: David Binderman <dcb314@hotmail.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Cc: 3.9+ <stable@vger.kernel.org> # 3.9.x: 42f8fb75: ACPICA: Source restructuring Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
Bob Moore authored
These recently added interfaces did not have these macros, used by some hosts. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lv Zheng <lv.zheng@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
- 13 Apr, 2014 12 commits
-
-
Linus Torvalds authored
-
Geert Uytterhoeven authored
Some versions of gcc even warn about it: mm/shmem.c: In function ‘shmem_file_aio_read’: mm/shmem.c:1414: warning: ‘error’ may be used uninitialized in this function If the loop is aborted during the first iteration by one of the two first break statements, error will be uninitialized. Introduced by commit 6e58e79d ("introduce copy_page_to_iter, kill loop over iovec in generic_file_aio_read()"). Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Geert Uytterhoeven authored
On 32 bit, size_t is "unsigned int", not "unsigned long", causing the following warning when comparing with PAGE_SIZE, which is always "unsigned long": fs/cifs/file.c: In function ‘cifs_readdata_to_iov’: fs/cifs/file.c:2757: warning: comparison of distinct pointer types lacks a cast Introduced by commit 7f25bba8 ("cifs_iovec_read: keep iov_iter between the calls of cifs_readdata_to_iov()"), which changed the signedness of "remaining" and the code from min_t() to min(). Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linuxLinus Torvalds authored
Pull slab changes from Pekka Enberg: "The biggest change is byte-sized freelist indices which reduces slab freelist memory usage: https://lkml.org/lkml/2013/12/2/64" * 'slab/next' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux: mm: slab/slub: use page->list consistently instead of page->lru mm/slab.c: cleanup outdated comments and unify variables naming slab: fix wrongly used macro slub: fix high order page allocation problem with __GFP_NOFAIL slab: Make allocations with GFP_ZERO slightly more efficient slab: make more slab management structure off the slab slab: introduce byte sized index for the freelist of a slab slab: restrict the number of objects in a slab slab: introduce helper functions to get/set free object slab: factor out calculate nr objects in cache_estimate
-
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuildLinus Torvalds authored
Pull misc kbuild changes from Michal Marek: "Here is the non-critical part of kbuild: - One bogus coccinelle check removed, one check fixed not to suggest the obsolete PTR_RET macro - scripts/tags.sh does not index the generated *.mod.c files - new objdiff tool to list differences between two versions of an object file - A fix for scripts/bootgraph.pl" * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: scripts/coccinelle: Use PTR_ERR_OR_ZERO scripts/bootgraph.pl: Add graphic header scripts: objdiff: detect object code changes between two commits Coccicheck: Remove memcpy to struct assignment test scripts/tags.sh: Ignore *.mod.c
-
Mikulas Patocka authored
This patch fixes I/O errors with the sym53c8xx_2 driver when the disk returns QUEUE FULL status. When the controller encounters an error (including QUEUE FULL or BUSY status), it aborts all not yet submitted requests in the function sym_dequeue_from_squeue. This function aborts them with DID_SOFT_ERROR. If the disk has full tag queue, the request that caused the overflow is aborted with QUEUE FULL status (and the scsi midlayer properly retries it until it is accepted by the disk), but the sym53c8xx_2 driver aborts the following requests with DID_SOFT_ERROR --- for them, the midlayer does just a few retries and then signals the error up to sd. The result is that disk returning QUEUE FULL causes request failures. The error was reproduced on 53c895 with COMPAQ BD03685A24 disk (rebranded ST336607LC) with command queue 48 or 64 tags. The disk has 64 tags, but under some access patterns it return QUEUE FULL when there are less than 64 pending tags. The SCSI specification allows returning QUEUE FULL anytime and it is up to the host to retry. Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Cc: Matthew Wilcox <matthew@wil.cx> Cc: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Paul Mackerras authored
Commit 8f619b54 ("powerpc/ppc64: Do not turn AIL (reloc-on interrupts) too early") added code to set the AIL bit in the LPCR without checking whether the kernel is running in hypervisor mode. The result is that when the kernel is running as a guest (i.e., under PowerKVM or PowerVM), the processor takes a privileged instruction interrupt at that point, causing a panic. The visible result is that the kernel hangs after printing "returning from prom_init". This fixes it by checking for hypervisor mode being available before setting LPCR. If we are not in hypervisor mode, we enable relocation-on interrupts later in pSeries_setup_arch using the H_SET_MODE hcall. Signed-off-by: Paul Mackerras <paulus@samba.org> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Davidlohr Bueso authored
Commits 11d4616b ("futex: revert back to the explicit waiter counting code") and 69cd9eba ("futex: avoid race between requeue and wake") changed some of the finer details of how we think about futexes. One was a late fix and the other a consequence of overlooking the whole requeuing logic. The first change caused our documentation to be incorrect, and the second made us aware that we need to explicitly add more details to it. Signed-off-by: Davidlohr Bueso <davidlohr@hp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull yet more networking updates from David Miller: 1) Various fixes to the new Redpine Signals wireless driver, from Fariya Fatima. 2) L2TP PPP connect code takes PMTU from the wrong socket, fix from Dmitry Petukhov. 3) UFO and TSO packets differ in whether they include the protocol header in gso_size, account for that in skb_gso_transport_seglen(). From Florian Westphal. 4) If VLAN untagging fails, we double free the SKB in the bridging output path. From Toshiaki Makita. 5) Several call sites of sk->sk_data_ready() were referencing an SKB just added to the socket receive queue in order to calculate the second argument via skb->len. This is dangerous because the moment the skb is added to the receive queue it can be consumed in another context and freed up. It turns out also that none of the sk->sk_data_ready() implementations even care about this second argument. So just kill it off and thus fix all these use-after-free bugs as a side effect. 6) Fix inverted test in tcp_v6_send_response(), from Lorenzo Colitti. 7) pktgen needs to do locking properly for LLTX devices, from Daniel Borkmann. 8) xen-netfront driver initializes TX array entries in RX loop :-) From Vincenzo Maffione. 9) After refactoring, some tunnel drivers allow a tunnel to be configured on top itself. Fix from Nicolas Dichtel. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits) vti: don't allow to add the same tunnel twice gre: don't allow to add the same tunnel twice drivers: net: xen-netfront: fix array initialization bug pktgen: be friendly to LLTX devices r8152: check RTL8152_UNPLUG net: sun4i-emac: add promiscuous support net/apne: replace IS_ERR and PTR_ERR with PTR_ERR_OR_ZERO net: ipv6: Fix oif in TCP SYN+ACK route lookup. drivers: net: cpsw: enable interrupts after napi enable and clearing previous interrupts drivers: net: cpsw: discard all packets received when interface is down net: Fix use after free by removing length arg from sk_data_ready callbacks. Drivers: net: hyperv: Address UDP checksum issues Drivers: net: hyperv: Negotiate suitable ndis version for offload support Drivers: net: hyperv: Allocate memory for all possible per-pecket information bridge: Fix double free and memory leak around br_allowed_ingress bonding: Remove debug_fs files when module init fails i40evf: program RSS LUT correctly i40evf: remove open-coded skb_cow_head ixgb: remove open-coded skb_cow_head igbvf: remove open-coded skb_cow_head ...
-
Linus Torvalds authored
Merge tag 'blackfin-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/realmz6/blackfin-linux Pull blackfin updates from Steven Miao: "Code cleanup, some previously ignored patches, and bug fixes" * tag 'blackfin-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/realmz6/blackfin-linux: blackfin: cleanup board files bf609: clock: drop unused clock bit set/clear functions Blackfin: bf537: rename "CONFIG_ADT75" Blackfin: bf537: rename "CONFIG_AD7314" Blackfin: bf537: rename ad2s120x ->ad2s1200 blackfin: bf537: fix typo "CONFIG_SND_SOC_ADV80X_MODULE" blackfin: dma: current count mmr is read only bfin_crc: Move architecture independant crc header file out of the blackfin folder. bf54x: drop unuesd HOST status,control,timeout registers bit define macros blackfin: portmux: cleanup head file Blackfin: remove "config IP_CHECKSUM_L1" blackfin: Remove GENERIC_GPIO config option again blackfin:Use generic /proc/interrupts implementation blackfin: bf60x: fix typo "CONFIG_PM_BFIN_WAKE_PA15_POL"
-
Linus Torvalds authored
Merge tag 'remoteproc-3.15-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/remoteproc Pull remoteproc cleanups from Ohad Ben-Cohen: "Several remoteproc cleanup patches coming from Jingoo Han, Julia Lawall and Uwe Kleine-König" * tag 'remoteproc-3.15-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/remoteproc: remoteproc/ste_modem: staticize local symbols remoteproc/davinci: simplify use of devm_ioremap_resource remoteproc/davinci: drop needless devm_clk_put
-
git://git.linuxfoundation.org/llvmlinux/kernelLinus Torvalds authored
Pull llvm patches from Behan Webster: "These are some initial updates to support compiling the kernel with clang. These patches have been through the proper reviews to the best of my ability, and have been soaking in linux-next for a few weeks. These patches by themselves still do not completely allow clang to be used with the kernel code, but lay the foundation for other patches which are still under review. Several other of the LLVMLinux patches have been already added via maintainer trees" * tag 'llvmlinux-for-v3.15' of git://git.linuxfoundation.org/llvmlinux/kernel: x86: LLVMLinux: Fix "incomplete type const struct x86cpu_device_id" x86 kbuild: LLVMLinux: More cc-options added for clang x86, acpi: LLVMLinux: Remove nested functions from Thinkpad ACPI LLVMLinux: Add support for clang to compiler.h and new compiler-clang.h LLVMLinux: Remove warning about returning an uninitialized variable kbuild: LLVMLinux: Fix LINUX_COMPILER definition script for compilation with clang Documentation: LLVMLinux: Update Documentation/dontdiff kbuild: LLVMLinux: Adapt warnings for compilation with clang kbuild: LLVMLinux: Add Kbuild support for building kernel with Clang
-
- 12 Apr, 2014 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pendingLinus Torvalds authored
Pull SCSI target updates from Nicholas Bellinger: "Here are the target pending updates for v3.15-rc1. Apologies in advance for waiting until the second to last day of the merge window to send these out. The highlights this round include: - iser-target support for T10 PI (DIF) offloads (Sagi + Or) - Fix Task Aborted Status (TAS) handling in target-core (Alex Leung) - Pass in transport supported PI at session initialization (Sagi + MKP + nab) - Add WRITE_INSERT + READ_STRIP T10 PI support in target-core (nab + Sagi) - Fix iscsi-target ERL=2 ASYNC_EVENT connection pointer bug (nab) - Fix tcm_fc use-after-free of ft_tpg (Andy Grover) - Use correct ib_sg_dma primitives in ib_isert (Mike Marciniszyn) Also, note the virtio-scsi + vhost-scsi changes to expose T10 PI metadata into KVM guest have been left-out for now, as there where a few comments from MST + Paolo that where not able to be addressed in time for v3.15. Please expect this feature for v3.16-rc1" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (43 commits) ib_srpt: Use correct ib_sg_dma primitives target/tcm_fc: Rename ft_tport_create to ft_tport_get target/tcm_fc: Rename ft_{add,del}_lport to {add,del}_wwn target/tcm_fc: Rename structs and list members for clarity target/tcm_fc: Limit to 1 TPG per wwn target/tcm_fc: Don't export ft_lport_list target/tcm_fc: Fix use-after-free of ft_tpg target: Add check to prevent Abort Task from aborting itself target: Enable READ_STRIP emulation in target_complete_ok_work target/sbc: Add sbc_dif_read_strip software emulation target: Enable WRITE_INSERT emulation in target_execute_cmd target/sbc: Add sbc_dif_generate software emulation target/sbc: Only expose PI read_cap16 bits when supported by fabric target/spc: Only expose PI mode page bits when supported by fabric target/spc: Only expose PI inquiry bits when supported by fabric target: Pass in transport supported PI at session initialization target/iblock: Fix double bioset_integrity_free bug Target/sbc: Initialize COMPARE_AND_WRITE write_sg scatterlist target/rd: T10-Dif: RAM disk is allocating more space than required. iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-mediaLinus Torvalds authored
Pull media fixes from Mauro Carvalho Chehab: "A series of bug fix patches for v3.15-rc1. Most are just driver fixes. There are some changes at remote controller core level, fixing some definitions on a new API added for Kernel v3.15. It also adds the missing include at include/uapi/linux/v4l2-common.h, to allow its compilation on userspace, as pointed by you" * 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (24 commits) [media] gpsca: remove the risk of a division by zero [media] stk1160: warrant a NUL terminated string [media] v4l: ti-vpe: retain v4l2_buffer flags for captured buffers [media] v4l: ti-vpe: Set correct field parameter for output and capture buffers [media] v4l: ti-vpe: zero out reserved fields in try_fmt [media] v4l: ti-vpe: Fix initial configuration queue data [media] v4l: ti-vpe: Use correct bus_info name for the device in querycap [media] v4l: ti-vpe: report correct capabilities in querycap [media] v4l: ti-vpe: Allow usage of smaller images [media] v4l: ti-vpe: Use video_device_release_empty [media] v4l: ti-vpe: Make sure in job_ready that we have the needed number of dst_bufs [media] lgdt3305: include sleep functionality in lgdt3304_ops [media] drx-j: use customise option correctly [media] m88rs2000: fix sparse static warnings [media] r820t: fix size and init values [media] rc-core: remove generic scancode filter [media] rc-core: split dev->s_filter [media] rc-core: do not change 32bit NEC scancode format for now [media] rtl28xxu: remove duplicate ID 0458:707f Genius TVGo DVB-T03 [media] xc2028: add missing break to switch ...
-
git://github.com/jonmason/ntbLinus Torvalds authored
Pull PCIe non-transparent bridge fixes and features from Jon Mason: "NTB driver bug fixes to address issues in list traversal, skb leak in ntb_netdev, a typo, and a leak of msix entries in the error path. Clean ups of the event handling logic, as well as a overall style cleanup. Finally, the driver was converted to use the new pci_enable_msix_range logic (and the refactoring to go along with it)" * tag 'ntb-3.15' of git://github.com/jonmason/ntb: ntb: Use pci_enable_msix_range() instead of pci_enable_msix() ntb: Split ntb_setup_msix() into separate BWD/SNB routines ntb: Use pci_msix_vec_count() to obtain number of MSI-Xs NTB: Code Style Clean-up NTB: client event cleanup ntb: Fix leakage of ntb_device::msix_entries[] array NTB: Fix typo in setting one translation register ntb_netdev: Fix skb free issue in open ntb_netdev: Fix list_for_each_entry exit issue
-
Linus Torvalds authored
The vfs merge caused a latent bug to show up: In file included from fs/ceph/super.h:4:0, from fs/ceph/ioctl.c:3: include/linux/ceph/ceph_debug.h:4:0: warning: "pr_fmt" redefined [enabled by default] #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ^ In file included from include/linux/kernel.h:13:0, from include/linux/uio.h:12, from include/linux/socket.h:7, from include/uapi/linux/in.h:22, from include/linux/in.h:23, from fs/ceph/ioctl.c:1: include/linux/printk.h:214:0: note: this is the location of the previous definition #define pr_fmt(fmt) fmt ^ where the reason is that <linux/ceph_debug.h> is included much too late for the "pr_fmt()" define. The include of <linux/ceph_debug.h> needs to be the first include in the file, but fs/ceph/ioctl.c had for some reason missed that, and it wasn't noticeable until some unrelated header file changes brought in an indirect earlier include of <linux/kernel.h>. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull vfs updates from Al Viro: "The first vfs pile, with deep apologies for being very late in this window. Assorted cleanups and fixes, plus a large preparatory part of iov_iter work. There's a lot more of that, but it'll probably go into the next merge window - it *does* shape up nicely, removes a lot of boilerplate, gets rid of locking inconsistencie between aio_write and splice_write and I hope to get Kent's direct-io rewrite merged into the same queue, but some of the stuff after this point is having (mostly trivial) conflicts with the things already merged into mainline and with some I want more testing. This one passes LTP and xfstests without regressions, in addition to usual beating. BTW, readahead02 in ltp syscalls testsuite has started giving failures since "mm/readahead.c: fix readahead failure for memoryless NUMA nodes and limit readahead pages" - might be a false positive, might be a real regression..." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (63 commits) missing bits of "splice: fix racy pipe->buffers uses" cifs: fix the race in cifs_writev() ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure kill generic_file_buffered_write() ocfs2_file_aio_write(): switch to generic_perform_write() ceph_aio_write(): switch to generic_perform_write() xfs_file_buffered_aio_write(): switch to generic_perform_write() export generic_perform_write(), start getting rid of generic_file_buffer_write() generic_file_direct_write(): get rid of ppos argument btrfs_file_aio_write(): get rid of ppos kill the 5th argument of generic_file_buffered_write() kill the 4th argument of __generic_file_aio_write() lustre: don't open-code kernel_recvmsg() ocfs2: don't open-code kernel_recvmsg() drbd: don't open-code kernel_recvmsg() constify blk_rq_map_user_iov() and friends lustre: switch to kernel_sendmsg() ocfs2: don't open-code kernel_sendmsg() take iov_iter stuff to mm/iov_iter.c process_vm_access: tidy up a bit ...
-
David S. Miller authored
Nicolas Dichtel says: ==================== tunnels: don't allow to add the same tunnel twice This series fixes the check of an existing tunnel with the same parameters when a new tunnel is added. I've checked all users of ip_tunnel_newlink(): gre, gretap, ipip and vti. The bug exists only for gre and vti. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas Dichtel authored
Before the patch, it was possible to add two times the same tunnel: ip l a vti1 type vti remote 10.16.0.121 local 10.16.0.249 key 41 ip l a vti2 type vti remote 10.16.0.121 local 10.16.0.249 key 41 It was possible, because ip_tunnel_newlink() calls ip_tunnel_find() with the argument dev->type, which was set only later (when calling ndo_init handler in register_netdevice()). Let's set this type in the setup handler, which is called before newlink handler. Introduced by commit b9959fd3 ("vti: switch to new ip tunnel code"). CC: Cong Wang <amwang@redhat.com> CC: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas Dichtel authored
Before the patch, it was possible to add two times the same tunnel: ip l a gre1 type gre remote 10.16.0.121 local 10.16.0.249 ip l a gre2 type gre remote 10.16.0.121 local 10.16.0.249 It was possible, because ip_tunnel_newlink() calls ip_tunnel_find() with the argument dev->type, which was set only later (when calling ndo_init handler in register_netdevice()). Let's set this type in the setup handler, which is called before newlink handler. Introduced by commit c5441932 ("GRE: Refactor GRE tunneling code."). CC: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vincenzo Maffione authored
This patch fixes the initialization of an array used in the TX datapath that was mistakenly initialized together with the RX datapath arrays. An out of range array access could happen when RX and TX rings had different sizes. Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/netDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains updates to e1000, e1000e, igb, igbvf, ixgb, ixgbe, ixgbevf and i40evf. Mark fixes an issue with ixgbe and ixgbevf by adding a bit to indicate when workqueues have been initialized. This permits the register read error handling from attempting to use them prior to that, which also generates warnings. Checking for a detected removal after initializing the work queues allows the probe function to return an error without getting the workqueue involved. Further, if the error_detected callback is entered before the workqueues are initialized, exit without recovery since the device initialization was so truncated. Francois Romieu provides several patches to all the drivers to remove the open coded skb_cow_head. Jakub Kicinski provides a fix for igb where last_rx_timestamp should be updated only when Rx time stamp is read. Mitch provides a fix for i40evf where a recent change broke the RSS LUT programming causing it to be programmed with all 0's. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-traceLinus Torvalds authored
Pull more tracing updates from Steven Rostedt: "This includes the final patch to clean up and fix the issue with the design of tracepoints and how a user could register a tracepoint and have that tracepoint not be activated but no error was shown. The design was for an out of tree module but broke in tree users. The clean up was to remove the saving of the hash table of tracepoint names such that they can be enabled before they exist (enabling a module tracepoint before that module is loaded). This added more complexity than needed. The clean up was to remove that code and just enable tracepoints that exist or fail if they do not. This removed a lot of code as well as the complexity that it brought. As a side effect, instead of registering a tracepoint by its name, the tracepoint needs to be registered with the tracepoint descriptor. This removes having to duplicate the tracepoint names that are enabled. The second patch was added that simplified the way modules were searched for. This cleanup required changes that were in the 3.15 queue as well as some changes that were added late in the 3.14-rc cycle. This final change waited till the two were merged in upstream and then the change was added and full tests were run. Unfortunately, the test found some errors, but after it was already submitted to the for-next branch and not to be rebased. Sparse errors were detected by Fengguang Wu's bot tests, and my internal tests discovered that the anonymous union initialization triggered a bug in older gcc compilers. Luckily, there was a bugzilla for the gcc bug which gave a work around to the problem. The third and fourth patch handled the sparse error and the gcc bug respectively. A final patch was tagged along to fix a missing documentation for the README file" * tag 'trace-3.15-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Add missing function triggers dump and cpudump to README tracing: Fix anonymous unions in struct ftrace_event_call tracepoint: Fix sparse warnings in tracepoint.c tracepoint: Simplify tracepoint module search tracepoint: Use struct pointer instead of name hash for reg/unreg tracepoints
-