- 26 4月, 2013 11 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media由 Linus Torvalds 提交于
Pull media fixes from Mauro Carvalho Chehab: "Two driver fixes. One avoids reading any file at a system with a cx25821 board (fortunately, this is not a common device). The other one prevents reading after a buffer with ISDB-T devices based on mb86a20s." * 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] cx25821: do not expose broken video output streams [media] mb86a20s: Fix estimate_rate setting
-
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux由 Linus Torvalds 提交于
Pull late parisc fixes from Helge Deller: "I know it's *very* late in the 3.9 release cycle, but since there aren't that many people testing the parisc linux kernel, a few (for our port) critical issues just showed up a few days back for the first time. What's in it? - add missing __ucmpdi2 symbol, which is required for btrfs on 32bit kernel. - change kunmap() macro to static inline function. This fixes a debian/gcc-4.4 build error. - add locking when doing PTE updates. This fixes random userspace crashes. - disable (optional) -mlong-calls compiler option for modules, else modules can't be loaded at runtime. - a smart patch by Will Deacon which fixes 64bit put_user() warnings on 32bit kernel." * 'fixes-3.9-late' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: use spin_lock_irqsave/spin_unlock_irqrestore for PTE updates parisc: disable -mlong-calls compiler option for kernel modules parisc: uaccess: fix compiler warnings caused by __put_user casting parisc: Change kunmap macro to static inline function parisc: Provide __ucmpdi2 to resolve undefined references in 32 bit builds.
-
由 Matt Fleming 提交于
variable_is_present() accesses '__efivars' directly, but when called via gsmi_init() Michel reports observing the following crash, BUG: unable to handle kernel NULL pointer dereference at (null) IP: variable_is_present+0x55/0x170 Call Trace: register_efivars+0x106/0x370 gsmi_init+0x2ad/0x3da do_one_initcall+0x3f/0x170 The reason for the crash is that '__efivars' hasn't been initialised nor has it been registered with register_efivars() by the time the google EFI SMI driver runs. The gsmi code uses its own struct efivars, and therefore, a different variable list. Fix the above crash by passing the registered struct efivars to variable_is_present(), so that we traverse the correct list. Reported-by: NMichel Lespinasse <walken@google.com> Tested-by: NMichel Lespinasse <walken@google.com> Cc: Mike Waychison <mikew@google.com> Cc: Matthew Garrett <matthew.garrett@nebula.com> Cc: Seiji Aguchi <seiji.aguchi@hds.com> Signed-off-by: NMatt Fleming <matt.fleming@intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Jiri Slaby 提交于
In commit b0de59b5 ("TTY: do not update atime/mtime on read/write") we removed timestamps from tty inodes to fix a security issue and waited if something breaks. Well, 'w', the utility to find out logged users and their inactivity time broke. It shows that users are inactive since the time they logged in. To revert to the old behaviour while still preventing attackers to guess the password length, we update the timestamps in one-minute intervals by this patch. Signed-off-by: NJiri Slaby <jslaby@suse.cz> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Zhao Hongjiang 提交于
dprintk() shouldn't access @ring after it's unmapped. Signed-off-by: NZhao Hongjiang <zhaohongjiang@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 H. Peter Anvin 提交于
* The EFI variable anti-bricking algorithm merged in -rc8 broke booting on some Apple machines because they implement EFI spec 1.10, which doesn't provide a QueryVariableInfo() runtime function and the logic used to check for the existence of that function was insufficient. Fix from Josh Boyer. * The anti-bricking algorithm also introduced a compiler warning on 32-bit. Fix from Borislav Petkov. Signed-off-by: NH. Peter Anvin <hpa@linux.intel.com>
-
由 John David Anglin 提交于
User applications running on SMP kernels have long suffered from instability and random segmentation faults. This patch improves the situation although there is more work to be done. One of the problems is the various routines in pgtable.h that update page table entries use different locking mechanisms, or no lock at all (set_pte_at). This change modifies the routines to all use the same lock pa_dbit_lock. This lock is used for dirty bit updates in the interruption code. The patch also purges the TLB entries associated with the PTE to ensure that inconsistent values are not used after the page table entry is updated. The UP and SMP code are now identical. The change also includes a minor update to the purge_tlb_entries function in cache.c to improve its efficiency. Signed-off-by: NJohn David Anglin <dave.anglin@bell.net> Cc: Helge Deller <deller@gmx.de> Signed-off-by: NHelge Deller <deller@gmx.de>
-
由 Helge Deller 提交于
CONFIG_MLONGCALLS was introduced in commit ec758f98 to overcome linker issues when linking huge linux kernels, e.g. with many modules linked in. But in the kernel module loader there is no support yet for the new relocation types, which is why modules built with -mlong-calls can't be loaded. Furthermore, for modules long calls are not really necessary, since we already use stub sections which resolve long distance calls. So, let's just disable this compiler option when compiling kernel modules. Signed-off-by: NHelge Deller <deller@gmx.de>
-
由 Will Deacon 提交于
When targetting 32-bit processors, __put_user emits a pair of stw instructions for the 8-byte case. If the type of __val is a pointer, the marshalling code casts it to the wider integer type of u64, resulting in the following compiler warnings: kernel/signal.c: In function 'copy_siginfo_to_user': kernel/signal.c:2752:11: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] kernel/signal.c:2752:11: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] [...] This patch fixes the warnings by removing the marshalling code and using the correct output modifiers in the __put_{user,kernel}_asm64 macros so that GCC will allocate the right registers without the need to extract the two words explicitly. Cc: Helge Deller <deller@gmx.de> Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NHelge Deller <deller@gmx.de>
-
由 John David Anglin 提交于
Change kunmap macro to static inline function to fix build error compiling drivers/base/dma-buf.c. Without the change, the following error can occur: CC drivers/base/dma-buf.o drivers/base/dma-buf.c: In function 'dma_buf_kunmap': drivers/base/dma-buf.c:427:46: error: macro "kunmap" passed 3 arguments, but takes just 1 I believe parisc is the only arch to implement kunmap using a macro. Signed-off-by: NJohn David Anglin <dave.anglin@bell.net> Cc: "James E.J. Bottomley" <jejb@parisc-linux.org> Cc: Helge Deller <deller@gmx.de> Signed-off-by: NHelge Deller <deller@gmx.de>
-
由 John David Anglin 提交于
The Debian experimental linux source package (3.8.5-1) build fails with the following errors: ... MODPOST 2016 modules ERROR: "__ucmpdi2" [fs/btrfs/btrfs.ko] undefined! ERROR: "__ucmpdi2" [drivers/md/dm-verity.ko] undefined! The attached patch resolves this problem. It is based on the s390 implementation of ucmpdi2.c. Signed-off-by: NJohn David Anglin <dave.anglin@bell.net> Cc: "James E.J. Bottomley" <jejb@parisc-linux.org> Signed-off-by: NHelge Deller <deller@gmx.de>
-
- 25 4月, 2013 4 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc由 Linus Torvalds 提交于
Pull sparc fix from David Miller: "Brown paper bag fix for sparc64" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix missing put_cpu_var() in tlb_batch_add_one() when not batching.
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio由 Linus Torvalds 提交于
Pull gpi fix from Linus Walleij: "This is a last minute revert for the GPIO tree, as Mike Dunn noticed breakage on some older PXA machines due to moving PXA GPIO initcalls to the module_init initlevel" * tag 'gpio-v3.9-lastminute' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: Revert "gpio: pxa: set initcall level to module init"
-
由 David S. Miller 提交于
Reported-by: NMeelis Roos <mroos@linux.ee> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Linus Walleij 提交于
This reverts commit 6c7e660a. The commit causes breakage on several older PXA machines. Reported-by: NMike Dunn <mikedunn@newsguy.com> Acked-by: NHaojian Zhuang <haojian.zhuang@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 24 4月, 2013 2 次提交
-
-
由 Josh Boyer 提交于
We need to check the runtime sys_table for the EFI version the firmware specifies instead of just checking for a NULL QueryVariableInfo. Older implementations of EFI don't have QueryVariableInfo but the runtime is a smaller structure, so the pointer to it may be pointing off into garbage. This is apparently the case with several Apple firmwares that support EFI 1.10, and the current check causes them to no longer boot. Fix based on a suggestion from Matthew Garrett. Signed-off-by: NJosh Boyer <jwboyer@redhat.com> Signed-off-by: NMatt Fleming <matt.fleming@intel.com>
-
由 Borislav Petkov 提交于
Fix this: arch/x86/boot/compressed/eboot.c: In function ‘setup_efi_vars’: arch/x86/boot/compressed/eboot.c:269:2: warning: passing argument 1 of ‘efi_call_phys’ makes pointer from integer without a cast [enabled by default] In file included from arch/x86/boot/compressed/eboot.c:12:0: /w/kernel/linux/arch/x86/include/asm/efi.h:8:33: note: expected ‘void *’ but argument is of type ‘long unsigned int’ after cc5a080c ("efi: Pass boot services variable info to runtime code"). Reported-by: NPaul Bolle <pebolle@tiscali.nl> Cc: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: NBorislav Petkov <bp@suse.de> Signed-off-by: NMatt Fleming <matt.fleming@intel.com>
-
- 23 4月, 2013 2 次提交
-
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linus由 Linus Torvalds 提交于
Pull MIPS fix from Ralf Baechle: "Revert the change of the definition of PAGE_MASK which was prettier but broke a few relativly rare platforms" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: Revert "MIPS: page.h: Provide more readable definition for PAGE_MASK."
-
由 Ralf Baechle 提交于
This reverts commit c17a6554. Manuel Lauss writes: lmo commit c17a6554 (MIPS: page.h: Provide more readable definition for PAGE_MASK) apparently breaks ioremap of 36-bit addresses on my Alchemy systems (PCI and PCMCIA) The reason is that in arch/mips/mm/ioremap.c line 157 (phys_addr &= PAGE_MASK) bits 32-35 are cut off. Seems the new PAGE_MASK is explicitly 32bit, or one could make it signed instead of unsigned long.
-
- 22 4月, 2013 5 次提交
-
-
由 Rusty Russell 提交于
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6由 Linus Torvalds 提交于
Pull crypto fix from Herbert Xu: "This fixes a kernel memory leak in the algif interface" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif - suppress sending source address information in recvmsg
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Ingo Molnar: "Misc fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix offcore_rsp valid mask for SNB/IVB perf: Treat attr.config as u64 in perf_swevent_init()
-
由 Linus Torvalds 提交于
I'm going to do an -rc8, so I'm just going to do this rather than delay it any further. They are arguably stable material anyway. * vm_ioremap_memory-examples: mtdchar: remove no-longer-used vma helpers vm: convert snd_pcm_lib_mmap_iomem() to vm_iomap_memory() helper vm: convert fb_mmap to vm_iomap_memory() helper vm: convert mtdchar mmap to vm_iomap_memory() helper vm: convert HPET mmap to vm_iomap_memory() helper
-
- 21 4月, 2013 6 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull kdump fixes from Peter Anvin: "The kexec/kdump people have found several problems with the support for loading over 4 GiB that was introduced in this merge cycle. This is partly due to a number of design problems inherent in the way the various pieces of kdump fit together (it is pretty horrifically manual in many places.) After a *lot* of iterations this is the patchset that was agreed upon, but of course it is now very late in the cycle. However, because it changes both the syntax and semantics of the crashkernel option, it would be desirable to avoid a stable release with the broken interfaces." I'm not happy with the timing, since originally the plan was to release the final 3.9 tomorrow. But apparently I'm doing an -rc8 instead... * 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: kexec: use Crash kernel for Crash kernel low x86, kdump: Change crashkernel_high/low= to crashkernel=,high/low x86, kdump: Retore crashkernel= to allocate under 896M x86, kdump: Set crashkernel_low automatically
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull x86 fixes from Peter Anvin: "Three groups of fixes: 1. Make sure we don't execute the early microcode patching if family < 6, since it would touch MSRs which don't exist on those families, causing crashes. 2. The Xen partial emulation of HyperV can be dealt with more gracefully than just disabling the driver. 3. More EFI variable space magic. In particular, variables hidden from runtime code need to be taken into account too." * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, microcode: Verify the family before dispatching microcode patching x86, hyperv: Handle Xen emulation of Hyper-V more gracefully x86,efi: Implement efi_no_storage_paranoia parameter efi: Export efi_query_variable_store() for efivars.ko x86/Kconfig: Make EFI select UCS2_STRING efi: Distinguish between "remaining space" and actually used space efi: Pass boot services variable info to runtime code Move utf16 functions to kernel core and rename x86,efi: Check max_size only if it is non-zero. x86, efivars: firmware bug workarounds should be in platform code
-
git://git.linaro.org/people/rmk/linux-arm由 Linus Torvalds 提交于
Pull ARM fixes from Russell King: "A set of fixes from various people - Will Deacon gets a prize for removing code this time around. The biggest fix in this lot is sorting out the ARM740T mess. The rest are relatively small fixes." * 'fixes' of git://git.linaro.org/people/rmk/linux-arm: ARM: 7699/1: sched_clock: Add more notrace to prevent recursion ARM: 7698/1: perf: fix group validation when using enable_on_exec ARM: 7697/1: hw_breakpoint: do not use __cpuinitdata for dbg_cpu_pm_nb ARM: 7696/1: Fix kexec by setting outer_cache.inv_all for Feroceon ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch() ARM: 7692/1: iop3xx: move IOP3XX_PERIPHERAL_VIRT_BASE ARM: modules: don't export cpu_set_pte_ext when !MMU ARM: mm: remove broken condition check for v4 flushing ARM: mm: fix numerous hideous errors in proc-arm740.S ARM: cache: remove ARMv3 support code ARM: tlbflush: remove ARMv3 support
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc由 Linus Torvalds 提交于
Pull sparc fixes from David Miller: 1) Fix race in sparc64 TLB shootdowns, we have to synchronize with the sibling cpus completing if we are passing them a reference via pointer to a data structure. 2) Fix cleaning of bitmaps in sparc32, from Akinobu Mita. 3) Fix various sparc header mistakes, some of which resulted in userland build breakage. From Sam Ravnborg. 4) Kill ghost declarations and defines missed when several bits of code got deleted recently. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix race in TLB batch processing. sparc: use asm-generic version of types.h bbc_i2c: fix section mismatch warning sparc: use generic headers sparc:cleanup unused code in smp_32.h sparc/iommu: fix typo s/265KB/256KB/ sparc/srmmu: clear trailing edge of bitmap properly sparc:remove unused declaration smp_boot_cpus()
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking updates from David Miller: 1) ax88796 does 64-bit divides which causes link errors on ARM, fix from Arnd Bergmann. 2) Once an improper offload setting is detected on an SKB we don't rate limit the log message so we can very easily live lock. From Ben Greear. 3) Openvswitch cannot report vport configuration changes reliably because it didn't preallocate the netlink notification message before changing state. From Jesse Gross. 4) The effective UID/GID SCM credentials fix, from Linus. 5) When a user explicitly asks for wireless authentication, cfg80211 isn't told about the AP detachment leaving inconsistent state. Fix from Johannes Berg. 6) Fix self-MAC checks in batman-adv on multi-mesh nodes, from Antonio Quartulli. 7) Revert build_skb() change sin IGB driver, can result in memory corruption. From Alexander Duyck. 8) Fix setting VLANs on virtual functions in IXGBE, from Greg Rose. 9) Fix TSO races in qlcnic driver, from Sritej Velaga. 10) In bnx2x the kernel driver and UNDI firmware can try to program the chip at the same time, resulting in corruption. Add proper synchronization. From Dmitry Kravkov. 11) Fix corruption of status block in firmware ram in bxn2x, from Ariel Elior. 12) Fix load balancing hash regression of bonding driver in forwarding configurations, from Eric Dumazet. 13) Fix TS ECR regression in TCP by calling tcp_replace_ts_recent() in all the right spots, from Eric Dumazet. 14) Fix several bonding bugs having to do with address manintainence, including not removing address when configuration operations encounter errors, missed locking on the address lists, missing refcounting on VLAN objects, etc. All from Nikolay Aleksandrov. 15) Add workarounds for firmware bugs in LTE qmi_wwan devices, wherein the devices fail to add a proper ethernet header while on LTE networks but otherwise properly do so on 2G and 3G ones. From Bjørn Mork. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits) net: fix incorrect credentials passing net: rate-limit warn-bad-offload splats. net: ax88796: avoid 64 bit arithmetic qlge: Update version to 1.00.00.32. qlge: Fix ethtool autoneg advertising. qlge: Fix receive path to drop error frames net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround) net: qmi_wwan: fixup destination address (firmware bug workaround) net: qmi_wwan: fixup missing ethernet header (firmware bug workaround) bonding: in bond_mc_swap() bond's mc addr list is walked without lock bonding: disable netpoll on enslave failure bonding: primary_slave & curr_active_slave are not cleaned on enslave failure bonding: vlans don't get deleted on enslave failure bonding: mc addresses don't get deleted on enslave failure pkt_sched: fix error return code in fw_change_attrs() irda: small read past the end of array in debug code tcp: call tcp_replace_ts_recent() from tcp_ack() netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too netfilter: ipset: bitmap:ip,mac: fix listing with timeout bonding: fix l23 and l34 load balancing in forwarding path ...
-
由 Linus Torvalds 提交于
Commit 257b5358 ("scm: Capture the full credentials of the scm sender") changed the credentials passing code to pass in the effective uid/gid instead of the real uid/gid. Obviously this doesn't matter most of the time (since normally they are the same), but it results in differences for suid binaries when the wrong uid/gid ends up being used. This just undoes that (presumably unintentional) part of the commit. Reported-by: NAndy Lutomirski <luto@amacapital.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: David S. Miller <davem@davemloft.net> Cc: stable@vger.kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org> Acked-by: N"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 20 4月, 2013 10 次提交
-
-
由 H. Peter Anvin 提交于
Matt Fleming (1): x86, efivars: firmware bug workarounds should be in platform code Matthew Garrett (3): Move utf16 functions to kernel core and rename efi: Pass boot services variable info to runtime code efi: Distinguish between "remaining space" and actually used space Richard Weinberger (2): x86,efi: Check max_size only if it is non-zero. x86,efi: Implement efi_no_storage_paranoia parameter Sergey Vlasov (2): x86/Kconfig: Make EFI select UCS2_STRING efi: Export efi_query_variable_store() for efivars.ko Signed-off-by: NH. Peter Anvin <hpa@linux.intel.com>
-
由 H. Peter Anvin 提交于
For each CPU vendor that implements CPU microcode patching, there will be a minimum family for which this is implemented. Verify this minimum level of support. This can be done in the dispatch function or early in the application functions. Doing the latter turned out to be somewhat awkward because of the ineviable split between the BSP and the AP paths, and rather than pushing deep into the application functions, do this in the dispatch function. Reported-by: N"Bryan O'Donoghue" <bryan.odonoghue.lkml@nexus-software.ie> Suggested-by: NBorislav Petkov <bp@alien8.de> Cc: Fenghua Yu <fenghua.yu@intel.com> Link: http://lkml.kernel.org/r/1366392183-4149-1-git-send-email-bryan.odonoghue.lkml@nexus-software.ie
-
由 Ben Greear 提交于
If one does do something unfortunate and allow a bad offload bug into the kernel, this the skb_warn_bad_offload can effectively live-lock the system, filling the logs with the same error over and over. Add rate limitation to this so that box remains otherwise functional in this case. Signed-off-by: NBen Greear <greearb@candelatech.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Arnd Bergmann 提交于
When building ax88796 on an ARM platform with 64-bit resource_size_t, we currently get drivers/net/ethernet/8390/ax88796.c:875: undefined reference to `__aeabi_uldivmod' because we do a division on the length of the MMIO resource. Since we know that this resource is very short, using an "unsigned long" instead of "resource_size_t" is entirely sufficient, and avoids this link-time error. Cc: Ben Dooks <ben-linux@fluff.org> Cc: netdev@vger.kernel.org Signed-off-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jitendra Kalsaria 提交于
Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jitendra Kalsaria 提交于
Autoneg is supported on specific port types only. Fix the driver to advertise autoneg based on the port type. Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Sritej Velaga 提交于
o Fix the driver to drop error frames in the receive path o Update error counter which was not getting incremented Signed-off-by: NSritej Velaga <sritej.velaga@qlogic.com> Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Bjørn Mork says: ==================== This series adds workarounds for 3 different firmware bugs, each preventing the affected devices from working at all. I therefore humbly request that these fixes go to stable-3.8 (if still maintained) and 3.9 (either via net if still possible, or via stable if not). All 3 workarounds are applied to all devices supported by the driver. Adding quirks for specific devices was considered as an alternative, but was rejected because we have too little information about the exact distribution of the buggy firmwares. All we know is that the same bug shows up in devices from at least 3 different, and presumably independent, vendors. The workarounds have instead been designed to automatically apply when necessary, and to have as little impact as possible on unaffected devices. The series has been tested on a number of devices both with and without these bugs. The series should apply cleanly to net/master, net-next/master and stable/linux-3.8.y ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bjørn Mork 提交于
We normally trust and use the CDC functional descriptors provided by a number of devices. But some of these will erroneously list the address reserved for the device end of the link. Attempting to use this on both the device and host side will naturally not work. Work around this bug by ignoring the functional descriptor and assign a random address instead in this case. Signed-off-by: NBjørn Mork <bjorn@mork.no> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bjørn Mork 提交于
Received packets are sometimes addressed to 00:a0:c6:00:00:00 instead of the address the device firmware should have learned from the host: 321.224126 77.16.85.204 -> 148.122.171.134 ICMP 98 Echo (ping) request id=0x4025, seq=64/16384, ttl=64 0000 82 c0 82 c9 f1 67 82 c0 82 c9 f1 67 08 00 45 00 .....g.....g..E. 0010 00 54 00 00 40 00 40 01 57 cc 4d 10 55 cc 94 7a .T..@.@.W.M.U..z 0020 ab 86 08 00 62 fc 40 25 00 40 b2 bc 6e 51 00 00 ....b.@%.@..nQ.. 0030 00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15 ..k............. 0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$% 0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345 0060 36 37 67 321.240607 148.122.171.134 -> 77.16.85.204 ICMP 98 Echo (ping) reply id=0x4025, seq=64/16384, ttl=55 0000 00 a0 c6 00 00 00 02 50 f3 00 00 00 08 00 45 00 .......P......E. 0010 00 54 00 56 00 00 37 01 a0 76 94 7a ab 86 4d 10 .T.V..7..v.z..M. 0020 55 cc 00 00 6a fc 40 25 00 40 b2 bc 6e 51 00 00 U...j.@%.@..nQ.. 0030 00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15 ..k............. 0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$% 0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345 0060 36 37 67 The bogus address is always the same, and matches the address suggested by many devices as a default address. It is likely a hardcoded firmware default. The circumstances where this bug has been observed indicates that the trigger is related to timing or some other factor the host cannot control. Repeating the exact same configuration sequence that caused it to trigger once, will not necessarily cause it to trigger the next time. Reproducing the bug is therefore difficult. This opens up a possibility that the bug is more common than we can confirm, because affected devices often will work properly again after a reset. A procedure most users are likely to try out before reporting a bug. Unconditionally rewriting the destination address if the first digit of the received packet is 0, is considered an acceptable compromise since we already have to inspect this digit. The simplification will cause unnecessary rewrites if the real address starts with 0, but this is still better than adding additional tests for this particular case. Signed-off-by: NBjørn Mork <bjorn@mork.no> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-