1. 16 3月, 2015 2 次提交
    • A
      rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg() · 7d985ed1
      Al Viro 提交于
      [I would really like an ACK on that one from dhowells; it appears to be
      quite straightforward, but...]
      
      MSG_PEEK isn't passed to ->recvmsg() via msg->msg_flags; as the matter of
      fact, neither the kernel users of rxrpc, nor the syscalls ever set that bit
      in there.  It gets passed via flags; in fact, another such check in the same
      function is done correctly - as flags & MSG_PEEK.
      
      It had been that way (effectively disabled) for 8 years, though, so the patch
      needs beating up - that case had never been tested.  If it is correct, it's
      -stable fodder.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7d985ed1
    • A
      caif: fix MSG_OOB test in caif_seqpkt_recvmsg() · 3eeff778
      Al Viro 提交于
      It should be checking flags, not msg->msg_flags.  It's ->sendmsg()
      instances that need to look for that in ->msg_flags, ->recvmsg() ones
      (including the other ->recvmsg() instance in that file, as well as
      unix_dgram_recvmsg() this one claims to be imitating) check in flags.
      Braino had been introduced in commit dcda13 ("caif: Bugfix - use MSG_TRUNC
      in receive") back in 2010, so it goes quite a while back.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3eeff778
  2. 15 3月, 2015 2 次提交
  3. 14 3月, 2015 6 次提交
  4. 13 3月, 2015 1 次提交
    • J
      virtio-net: correctly delete napi hash · ab3971b1
      Jason Wang 提交于
      We don't delete napi from hash list during module exit. This will
      cause the following panic when doing module load and unload:
      
      BUG: unable to handle kernel paging request at 0000004e00000075
      IP: [<ffffffff816bd01b>] napi_hash_add+0x6b/0xf0
      PGD 3c5d5067 PUD 0
      Oops: 0000 [#1] SMP
      ...
      Call Trace:
      [<ffffffffa0a5bfb7>] init_vqs+0x107/0x490 [virtio_net]
      [<ffffffffa0a5c9f2>] virtnet_probe+0x562/0x791815639d880be [virtio_net]
      [<ffffffff8139e667>] virtio_dev_probe+0x137/0x200
      [<ffffffff814c7f2a>] driver_probe_device+0x7a/0x250
      [<ffffffff814c81d3>] __driver_attach+0x93/0xa0
      [<ffffffff814c8140>] ? __device_attach+0x40/0x40
      [<ffffffff814c6053>] bus_for_each_dev+0x63/0xa0
      [<ffffffff814c7a79>] driver_attach+0x19/0x20
      [<ffffffff814c76f0>] bus_add_driver+0x170/0x220
      [<ffffffffa0a60000>] ? 0xffffffffa0a60000
      [<ffffffff814c894f>] driver_register+0x5f/0xf0
      [<ffffffff8139e41b>] register_virtio_driver+0x1b/0x30
      [<ffffffffa0a60010>] virtio_net_driver_init+0x10/0x12 [virtio_net]
      
      This patch fixes this by doing this in virtnet_free_queues(). And also
      don't delete napi in virtnet_freeze() since it will call
      virtnet_free_queues() which has already did this.
      
      Fixes 91815639 ("virtio-net: rx busy polling support")
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ab3971b1
  5. 12 3月, 2015 8 次提交
    • A
      rds: avoid potential stack overflow · f862e07c
      Arnd Bergmann 提交于
      The rds_iw_update_cm_id function stores a large 'struct rds_sock' object
      on the stack in order to pass a pair of addresses. This happens to just
      fit withint the 1024 byte stack size warning limit on x86, but just
      exceed that limit on ARM, which gives us this warning:
      
      net/rds/iw_rdma.c:200:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]
      
      As the use of this large variable is basically bogus, we can rearrange
      the code to not do that. Instead of passing an rds socket into
      rds_iw_get_device, we now just pass the two addresses that we have
      available in rds_iw_update_cm_id, and we change rds_iw_get_mr accordingly,
      to create two address structures on the stack there.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Acked-by: NSowmini Varadhan <sowmini.varadhan@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f862e07c
    • W
      sock: fix possible NULL sk dereference in __skb_tstamp_tx · 3a8dd971
      Willem de Bruijn 提交于
      Test that sk != NULL before reading sk->sk_tsflags.
      
      Fixes: 49ca0d8b ("net-timestamp: no-payload option")
      Reported-by: NOne Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
      Signed-off-by: NWillem de Bruijn <willemb@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3a8dd971
    • E
      xps: must clear sender_cpu before forwarding · c29390c6
      Eric Dumazet 提交于
      John reported that my previous commit added a regression
      on his router.
      
      This is because sender_cpu & napi_id share a common location,
      so get_xps_queue() can see garbage and perform an out of bound access.
      
      We need to make sure sender_cpu is cleared before doing the transmit,
      otherwise any NIC busy poll enabled (skb_mark_napi_id()) can trigger
      this bug.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NJohn <jw@nuclearfallout.net>
      Bisected-by: NJohn <jw@nuclearfallout.net>
      Fixes: 2bd82484 ("xps: fix xps for stacked devices")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c29390c6
    • D
      xen-netback: notify immediately after pushing Tx response. · c8a4d299
      David Vrabel 提交于
      This fixes a performance regression introduced by
      7fbb9d84 (xen-netback: release pending
      index before pushing Tx responses)
      
      Moving the notify outside of the spin locks means it can be delayed a
      long time (if the dealloc thread is descheduled or there is an
      interrupt or softirq).
      Signed-off-by: NDavid Vrabel <david.vrabel@citrix.com>
      Reviewed-by: NZoltan Kiss <zoltan.kiss@linaro.org>
      Acked-by: NWei Liu <wei.liu2@citrix.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c8a4d299
    • A
      net: sysctl_net_core: check SNDBUF and RCVBUF for min length · b1cb59cf
      Alexey Kodanev 提交于
      sysctl has sysctl.net.core.rmem_*/wmem_* parameters which can be
      set to incorrect values. Given that 'struct sk_buff' allocates from
      rcvbuf, incorrectly set buffer length could result to memory
      allocation failures. For example, set them as follows:
      
          # sysctl net.core.rmem_default=64
            net.core.wmem_default = 64
          # sysctl net.core.wmem_default=64
            net.core.wmem_default = 64
          # ping localhost -s 1024 -i 0 > /dev/null
      
      This could result to the following failure:
      
      skbuff: skb_over_panic: text:ffffffff81628db4 len:-32 put:-32
      head:ffff88003a1cc200 data:ffff88003a1cc200 tail:0xffffffe0 end:0xc0 dev:<NULL>
      kernel BUG at net/core/skbuff.c:102!
      invalid opcode: 0000 [#1] SMP
      ...
      task: ffff88003b7f5550 ti: ffff88003ae88000 task.ti: ffff88003ae88000
      RIP: 0010:[<ffffffff8155fbd1>]  [<ffffffff8155fbd1>] skb_put+0xa1/0xb0
      RSP: 0018:ffff88003ae8bc68  EFLAGS: 00010296
      RAX: 000000000000008d RBX: 00000000ffffffe0 RCX: 0000000000000000
      RDX: ffff88003fdcf598 RSI: ffff88003fdcd9c8 RDI: ffff88003fdcd9c8
      RBP: ffff88003ae8bc88 R08: 0000000000000001 R09: 0000000000000000
      R10: 0000000000000001 R11: 00000000000002b2 R12: 0000000000000000
      R13: 0000000000000000 R14: ffff88003d3f7300 R15: ffff88000012a900
      FS:  00007fa0e2b4a840(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000d0f7e0 CR3: 000000003b8fb000 CR4: 00000000000006f0
      Stack:
       ffff88003a1cc200 00000000ffffffe0 00000000000000c0 ffffffff818cab1d
       ffff88003ae8bd68 ffffffff81628db4 ffff88003ae8bd48 ffff88003b7f5550
       ffff880031a09408 ffff88003b7f5550 ffff88000012aa48 ffff88000012ab00
      Call Trace:
       [<ffffffff81628db4>] unix_stream_sendmsg+0x2c4/0x470
       [<ffffffff81556f56>] sock_write_iter+0x146/0x160
       [<ffffffff811d9612>] new_sync_write+0x92/0xd0
       [<ffffffff811d9cd6>] vfs_write+0xd6/0x180
       [<ffffffff811da499>] SyS_write+0x59/0xd0
       [<ffffffff81651532>] system_call_fastpath+0x12/0x17
      Code: 00 00 48 89 44 24 10 8b 87 c8 00 00 00 48 89 44 24 08 48 8b 87 d8 00
            00 00 48 c7 c7 30 db 91 81 48 89 04 24 31 c0 e8 4f a8 0e 00 <0f> 0b
            eb fe 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83
      RIP  [<ffffffff8155fbd1>] skb_put+0xa1/0xb0
      RSP <ffff88003ae8bc68>
      Kernel panic - not syncing: Fatal exception
      
      Moreover, the possible minimum is 1, so we can get another kernel panic:
      ...
      BUG: unable to handle kernel paging request at ffff88013caee5c0
      IP: [<ffffffff815604cf>] __alloc_skb+0x12f/0x1f0
      ...
      Signed-off-by: NAlexey Kodanev <alexey.kodanev@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b1cb59cf
    • N
      tcp: restore 1.5x per RTT limit to CUBIC cwnd growth in congestion avoidance · d578e18c
      Neal Cardwell 提交于
      Commit 814d488c ("tcp: fix the timid additive increase on stretch
      ACKs") fixed a bug where tcp_cong_avoid_ai() would either credit a
      connection with an increase of snd_cwnd_cnt, or increase snd_cwnd, but
      not both, resulting in cwnd increasing by 1 packet on at most every
      alternate invocation of tcp_cong_avoid_ai().
      
      Although the commit correctly implemented the CUBIC algorithm, which
      can increase cwnd by as much as 1 packet per 1 packet ACKed (2x per
      RTT), in practice that could be too aggressive: in tests on network
      paths with small buffers, YouTube server retransmission rates nearly
      doubled.
      
      This commit restores CUBIC to a maximum cwnd growth rate of 1 packet
      per 2 packets ACKed (1.5x per RTT). In YouTube tests this restored
      retransmit rates to low levels.
      
      Testing: This patch has been tested in datacenter netperf transfers
      and live youtube.com and google.com servers.
      
      Fixes: 9cd981dc ("tcp: fix stretch ACK bugs in CUBIC")
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d578e18c
    • N
      tcp: fix tcp_cong_avoid_ai() credit accumulation bug with decreases in w · 9949afa4
      Neal Cardwell 提交于
      The recent change to tcp_cong_avoid_ai() to handle stretch ACKs
      introduced a bug where snd_cwnd_cnt could accumulate a very large
      value while w was large, and then if w was reduced snd_cwnd could be
      incremented by a large delta, leading to a large burst and high packet
      loss. This was tickled when CUBIC's bictcp_update() sets "ca->cnt =
      100 * cwnd".
      
      This bug crept in while preparing the upstream version of
      814d488c.
      
      Testing: This patch has been tested in datacenter netperf transfers
      and live youtube.com and google.com servers.
      
      Fixes: 814d488c ("tcp: fix the timid additive increase on stretch ACKs")
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9949afa4
    • C
      MAINTAINERS: Update my email address · 366c1bd1
      chas williams - CONTRACTOR 提交于
      Changed to my private email address.
      Signed-off-by: NChas Williams -- CONTRACTOR <chas@cmf.nrl.navy.mil>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      366c1bd1
  6. 11 3月, 2015 5 次提交
  7. 10 3月, 2015 16 次提交
    • Y
      net: WIZnet drivers: enable interrupts after napi_complete() · 5a3dba7a
      Yongbae Park 提交于
      The interrupt is enabled before napi_complete(). A network timeout
      occurs if the interrupt handler is called before napi_complete().
      
      Fix the bug by enabling the interrupt after napi_complete().
      Signed-off-by: NYongbae Park <yongbae2@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5a3dba7a
    • Y
      ibmveth: enable interrupts after napi_complete() · 4736edc7
      Yongbae Park 提交于
      The interrupt is enabled before napi_complete(). A network timeout
      occurs if the interrupt handler is called before napi_complete().
      
      Fix the bug by enabling the interrupt after napi_complete().
      Signed-off-by: NYongbae Park <yongbae2@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4736edc7
    • W
      net_sched: fix struct tc_u_hnode layout in u32 · 5778d39d
      WANG Cong 提交于
      We dynamically allocate divisor+1 entries for ->ht[] in tc_u_hnode:
      
        ht = kzalloc(sizeof(*ht) + divisor*sizeof(void *), GFP_KERNEL);
      
      So ->ht is supposed to be the last field of this struct, however
      this is broken, since an rcu head is appended after it.
      
      Fixes: 1ce87720 ("net: sched: make cls_u32 lockless")
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Cc: John Fastabend <john.fastabend@gmail.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5778d39d
    • L
      Merge git://git.kernel.org/pub/scm/virt/kvm/kvm · affb8172
      Linus Torvalds 提交于
      Pull kvm/s390 bugfixes from Marcelo Tosatti.
      
      * git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: s390: non-LPAR case obsolete during facilities mask init
        KVM: s390: include guest facilities in kvm facility test
        KVM: s390: fix in memory copy of facility lists
        KVM: s390/cpacf: Fix kernel bug under z/VM
        KVM: s390/cpacf: Enable key wrapping by default
      affb8172
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ec0e6bd3
      Linus Torvalds 提交于
      Pull s390 fixes from Martin Schwidefsky:
       "One performance optimization for page_clear and a couple of bug fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/mm: fix incorrect ASCE after crst_table_downgrade
        s390/ftrace: fix crashes when switching tracers / add notrace to cpu_relax()
        s390/pci: unify pci_iomap symbol exports
        s390/pci: fix [un]map_resources sequence
        s390: let the compiler do page clearing
        s390/pci: fix possible information leak in mmio syscall
        s390/dcss: array index 'i' is used before limits check.
        s390/scm_block: fix off by one during cluster reservation
        s390/jump label: improve and fix sanity check
        s390/jump label: add missing jump_label_apply_nops() call
      ec0e6bd3
    • L
      Merge tag 'trace-fixes-v4.0-rc2-2' of... · e7901af1
      Linus Torvalds 提交于
      Merge tag 'trace-fixes-v4.0-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
      
      Pull seq-buf/ftrace fixes from Steven Rostedt:
       "This includes fixes for seq_buf_bprintf() truncation issue.  It also
        contains fixes to ftrace when /proc/sys/kernel/ftrace_enabled and
        function tracing are started.  Doing the following causes some issues:
      
          # echo 0 > /proc/sys/kernel/ftrace_enabled
          # echo function_graph > /sys/kernel/debug/tracing/current_tracer
          # echo 1 > /proc/sys/kernel/ftrace_enabled
          # echo nop > /sys/kernel/debug/tracing/current_tracer
          # echo function_graph > /sys/kernel/debug/tracing/current_tracer
      
        As well as with function tracing too.  Pratyush Anand first reported
        this issue to me and supplied a patch.  When I tested this on my x86
        test box, it caused thousands of backtraces and warnings to appear in
        dmesg, which also caused a denial of service (a warning for every
        function that was listed).  I applied Pratyush's patch but it did not
        fix the issue for me.  I looked into it and found a slight problem
        with trampoline accounting.  I fixed it and sent Pratyush a patch, but
        he said that it did not fix the issue for him.
      
        I later learned tha Pratyush was using an ARM64 server, and when I
        tested on my ARM board, I was able to reproduce the same issue as
        Pratyush.  After applying his patch, it fixed the problem.  The above
        test uncovered two different bugs, one in x86 and one in ARM and
        ARM64.  As this looked like it would affect PowerPC, I tested it on my
        PPC64 box.  It too broke, but neither the patch that fixed ARM or x86
        fixed this box (the changes were all in generic code!).  The above
        test, uncovered two more bugs that affected PowerPC.  Again, the
        changes were only done to generic code.  It's the way the arch code
        expected things to be done that was different between the archs.  Some
        where more sensitive than others.
      
        The rest of this series fixes the PPC bugs as well"
      
      * tag 'trace-fixes-v4.0-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled
        ftrace: Fix en(dis)able graph caller when en(dis)abling record via sysctl
        ftrace: Clear REGS_EN and TRAMP_EN flags on disabling record via sysctl
        seq_buf: Fix seq_buf_bprintf() truncation
        seq_buf: Fix seq_buf_vprintf() truncation
      e7901af1
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 36bef883
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) nft_compat accidently truncates ethernet protocol to 8-bits, from
          Arturo Borrero.
      
       2) Memory leak in ip_vs_proc_conn(), from Julian Anastasov.
      
       3) Don't allow the space required for nftables rules to exceed the
          maximum value representable in the dlen field.  From Patrick
          McHardy.
      
       4) bcm63xx_enet can accidently leave interrupts permanently disabled
          due to errors in the NAPI polling exit logic.  Fix from Nicolas
          Schichan.
      
       5) Fix OOPSes triggerable by the ping protocol module, due to missing
          address family validations etc.  From Lorenzo Colitti.
      
       6) Don't use RCU locking in sleepable context in team driver, from Jiri
          Pirko.
      
       7) xen-netback miscalculates statistic offset pointers when reporting
          the stats to userspace.  From David Vrabel.
      
       8) Fix a leak of up to 256 pages per VIF destroy in xen-netaback, also
          from David Vrabel.
      
       9) ip_check_defrag() cannot assume that skb_network_offset(),
          particularly when it is used by the AF_PACKET fanout defrag code.
          From Alexander Drozdov.
      
      10) gianfar driver doesn't query OF node names properly when trying to
          determine the number of hw queues available.  Fix it to explicitly
          check for OF nodes named queue-group.  From Tobias Waldekranz.
      
      11) MID field in macb driver should be 12 bits, not 16.  From Punnaiah
          Choudary Kalluri.
      
      12) Fix unintentional regression in traceroute due to timestamp socket
          option changes.  Empty ICMP payloads should be allowed in
          non-timestamp cases.  From Willem de Bruijn.
      
      13) When devices are unregistered, we have to get rid of AF_PACKET
          multicast list entries that point to it via ifindex.  Fix from
          Francesco Ruggeri.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits)
        tipc: fix bug in link failover handling
        net: delete stale packet_mclist entries
        net: macb: constify macb configuration data
        MAINTAINERS: add Marc Kleine-Budde as co maintainer for CAN networking layer
        MAINTAINERS: linux-can moved to github
        can: kvaser_usb: Read all messages in a bulk-in URB buffer
        can: kvaser_usb: Avoid double free on URB submission failures
        can: peak_usb: fix missing ctrlmode_ init for every dev
        can: add missing initialisations in CAN related skbuffs
        ip: fix error queue empty skb handling
        bgmac: Clean warning messages
        tcp: align tcp_xmit_size_goal() on tcp_tso_autosize()
        net: fec: fix unbalanced clk disable on driver unbind
        net: macb: Correct the MID field length value
        net: gianfar: correctly determine the number of queue groups
        ipv4: ip_check_defrag should not assume that skb_network_offset is zero
        net: bcmgenet: properly disable password matching
        net: eth: xgene: fix booting with devicetree
        bnx2x: Force fundamental reset for EEH recovery
        xen-netback: refactor xenvif_handle_frag_list()
        ...
      36bef883
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · e93df634
      Linus Torvalds 提交于
      Pull input subsystem fixes from Dmitry Torokhov:
       "Miscellaneous driver fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: psmouse - disable "palm detection" in the focaltech driver
        Input: psmouse - disable changing resolution/rate/scale for FocalTech
        Input: psmouse - ensure that focaltech reports consistent coordinates
        Input: psmouse - remove hardcoded touchpad size from the focaltech driver
        Input: tc3589x-keypad - set IRQF_ONESHOT flag to ensure IRQ request
        Input: ALPS - fix memory leak when detection fails
        Input: sun4i-ts - add thermal driver dependency
        Input: cyapa - remove superfluous type check in cyapa_gen5_read_idac_data()
        Input: cyapa - fix unaligned functions redefinition error
        Input: mma8450 - add parent device
      e93df634
    • L
      Merge tag 'regulator-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator · 068c65c5
      Linus Torvalds 提交于
      Pull regulator fixes from Mark Brown:
       "A couple of driver specific fixes plus a fix for a regression in the
        core where the updates to use sysfs group registration were overly
        enthusiastic in eliding properties and removed some that had been
        previously present"
      
      * tag 'regulator-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: Fix regression due to NULL constraints check
        regulator: rk808: Set the enable time for LDOs
        regulator: da9210: Mask all interrupt sources to deassert interrupt line
      068c65c5
    • L
      Merge tag 'spi-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · d08edd8f
      Linus Torvalds 提交于
      Pull spi fixes from Mark Brown:
       "A collection of driver specific fixes to which the usual comments
        about them being important if you see them mostly apply (except for
        the comment fix).  The pl022 one is particularly nasty for anyone
        affected by it"
      
      * tag 'spi-v4.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: pl022: Fix race in giveback() leading to driver lock-up
        spi: dw-mid: avoid potential NULL dereference
        spi: img-spfi: Verify max spfi transfer length
        spi: fix a typo in comment.
        spi: atmel: Fix interrupt setup for PDC transfers
        spi: dw: revisit FIFO size detection again
        spi: dw-pci: correct number of chip selects
        drivers: spi: ti-qspi: wait for busy bit clear before data write/read
      d08edd8f
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · eca8dac4
      Linus Torvalds 提交于
      Pull tpm fixes from James Morris:
       "fixes for the TPM driver"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        tpm: fix call order in tpm-chip.c
        tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send
      eca8dac4
    • L
      Merge tag 'fbdev-fixes-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux · ecddad64
      Linus Torvalds 提交于
      Pull fbdev fixes from Tomi Valkeinen:
       - Fix regression in with omapdss when using i2c displays
       - Fix possible null deref in fbmon
       - Check kalloc return value in AMBA CLCD
      
      * tag 'fbdev-fixes-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
        OMAPDSS: fix regression with display sysfs files
        video: fbdev: fix possible null dereference
        video: ARM CLCD: Add missing error check for devm_kzalloc
      ecddad64
    • L
      Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · c0e99a71
      Linus Torvalds 提交于
      Pull cgroup fixes from Tejun Heo:
       "The cgroup iteration update two years ago and the recent cpuset
        restructuring introduced regressions in subset of cpuset
        configurations.  Three patches to fix them.
      
        All are marked for -stable"
      
      * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cpuset: Fix cpuset sched_relax_domain_level
        cpuset: fix a warning when clearing configured masks in old hierarchy
        cpuset: initialize effective masks when clone_children is enabled
      c0e99a71
    • L
      Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · f930713b
      Linus Torvalds 提交于
      Pull libata fixlet from Tejun Heo:
       "Speed limiting fix for sata_fsl"
      
      * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
        sata-fsl: Apply link speed limits
      f930713b
    • L
      Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · b695f31f
      Linus Torvalds 提交于
      Pull workqueue fix from Tejun Heo:
       "One fix patch for a subtle livelock condition which can happen on
        PREEMPT_NONE kernels involving two racing cancel_work calls.  Whoever
        comes in the second has to wait for the previous one to finish.  This
        was implemented by making the later one block for the same condition
        that the former would be (work item completion) and then loop and
        retest; unfortunately, depending on the wake up order, the later one
        could lock out the former one to finish by busy looping on the cpu.
      
        This is fixed by implementing explicit wait mechanism.  Work item
        might not belong anywhere at this point and there's remote possibility
        of thundering herd problem.  I originally tried to use bit_waitqueue
        but it didn't work for static work items on modules.  It's currently
        using single wait queue with filtering wake up function and exclusive
        wakeup.  If this ever becomes a problem, which is not very likely, we
        can try to figure out a way to piggy back on bit_waitqueue"
      
      * 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: fix hang involving racing cancel[_delayed]_work_sync()'s for PREEMPT_NONE
      b695f31f
    • J
      tipc: fix bug in link failover handling · e6441bae
      Jon Paul Maloy 提交于
      In commit c637c103
      ("tipc: resolve race problem at unicast message reception") we
      introduced a new mechanism for delivering buffers upwards from link
      to socket layer.
      
      That code contains a bug in how we handle the new link input queue
      during failover. When a link is reset, some of its users may be blocked
      because of congestion, and in order to resolve this, we add any pending
      wakeup pseudo messages to the link's input queue, and deliver them to
      the socket. This misses the case where the other, remaining link also
      may have congested users. Currently, the owner node's reference to the
      remaining link's input queue is unconditionally overwritten by the
      reset link's input queue. This has the effect that wakeup events from
      the remaining link may be unduely delayed (but not lost) for a
      potentially long period.
      
      We fix this by adding the pending events from the reset link to the
      input queue that is currently referenced by the node, whichever one
      it is.
      
      This commit should be applied to both net and net-next.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e6441bae