1. 24 9月, 2012 2 次提交
    • S
      edac_mc: edac_mc_free() cannot assume mem_ctl_info is registered in sysfs. · faa2ad09
      Shaun Ruffell 提交于
      Fix potential NULL pointer dereference in edac_unregister_sysfs() on
      system boot introduced in 3.6-rc1.
      
      Since commit 7a623c03 ("edac: rewrite the sysfs code to use struct
      device") edac_mc_alloc() no longer initializes embedded kobjects in
      struct mem_ctl_info.  Therefore edac_mc_free() can no longer simply
      decrement a kobject reference count to free the allocated memory unless
      the memory controller driver module had also called edac_mc_add_mc().
      
      Now edac_mc_free() will check if the newly embedded struct device has
      been registered with sysfs before using either the standard device
      release functions or freeing the data structures itself with logic
      pulled out of the error path of edac_mc_alloc().
      
      The BUG this patch resolves for me:
      
        BUG: unable to handle kernel NULL pointer dereference at   (null)
        EIP is at __wake_up_common+0x1a/0x6a
        Process modprobe (pid: 933, ti=f3dc6000 task=f3db9520 task.ti=f3dc6000)
        Call Trace:
          complete_all+0x3f/0x50
          device_pm_remove+0x23/0xa2
          device_del+0x34/0x142
          edac_unregister_sysfs+0x3b/0x5c [edac_core]
          edac_mc_free+0x29/0x2f [edac_core]
          e7xxx_probe1+0x268/0x311 [e7xxx_edac]
          e7xxx_init_one+0x56/0x61 [e7xxx_edac]
          local_pci_probe+0x13/0x15
        ...
      
      Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
      Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
      Signed-off-by: NShaun Ruffell <sruffell@digium.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      faa2ad09
    • F
      edac_mc: fix messy kfree calls in the error path · ef6e7816
      Fengguang Wu 提交于
      coccinelle warns about:
      
      + drivers/edac/edac_mc.c:429:9-23: ERROR: reference preceded by free on line 429
      
         421         if (mci->csrows) {
       > 422                 for (chn = 0; chn < tot_channels; chn++) {
         423                         csr = mci->csrows[chn];
         424                         if (csr) {
       > 425                                 for (chn = 0; chn < tot_channels; chn++)
         426                                          kfree(csr->channels[chn]);
         427                                  kfree(csr);
         428                          }
       > 429                          kfree(mci->csrows[i]);
         430                  }
         431                  kfree(mci->csrows);
         432          }
      
      and that code block seem to mess things up in several ways (double free, memory
      leak, out-of-bound reads etc.):
      
      L422: The iterator "chn" and bound "tot_channels" are totally wrong. Should be
            "row" and "tot_csrows" respectively. Which means either memory leak, or
            out-of-bound reads (which if does not trigger an immediate page fault
            error, will further lead to kfree() on random addresses).
      
      L425: The inner loop is reusing the same iterator "chn" as the outer loop,
            which could lead to premature end of the outer loop, and hence memory leak.
      
      L429: The array index 'i' in mci->csrows[i] is a temporary value used in
            previous loops, and won't change at all in the current loop. Which
            means either out-of-bound read and possibly kfree(random number), or the
            same mci->csrows[i] get freed once and again, and possibly double free
            for the kfree(csr) in L427.
      
      L426/L427: a kfree(csr->channels) is needed in between to avoid leaking the memory.
      
      The buggy code was introduced by commit de3910eb ("edac: change the mem
      allocation scheme to make Documentation/kobject.txt happy") in the 3.6-rc1
      merge window. Fix it by freeing up resources in this order:
      
        free csrows[i]->channels[j]
        free csrows[i]->channels
        free csrows[i]
        free csrows
      
      CC: Mauro Carvalho Chehab <mchehab@redhat.com>
      CC: Shaun Ruffell <sruffell@digium.com>
      Signed-off-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ef6e7816
  2. 23 9月, 2012 4 次提交
    • L
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · e5e77cf9
      Linus Torvalds 提交于
      Pull MIPS fixes from Ralf Baechle:
       "Random fixes across arch/mips, essentially.
      
        One fix for an issue in get_user_pages_fast() which previously was
        discovered on x86, a miscalculation in the support for the MIPS MT
        hardware multithreading support, the RTC support for the Malta and a
        fix for a spurious interrupt issue that seems to bite only very
        special Malta configurations."
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Malta: Don't crash on spurious interrupt.
        MIPS: Malta: Remove RTC Data Mode bootstrap breakage
        MIPS: mm: Add compound tail page _mapcount when mapped
        MIPS: CMP/SMTC: Fix tc_id calculation
      e5e77cf9
    • L
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · b3a297d1
      Linus Torvalds 提交于
      Pull ARM and clkdev fixes from Russell King:
       "Two patches for clkdev which resolve the long standing issue that the
        devm_* versions were dependent on clkdev, which they shouldn't have
        been.  Instead, they're dependent on HAVE_CLK instead, which implies
        that you're providing clk_get() and clk_put().
      
        A small fix to the ARM decompressor to ensure that the page tables are
        properly interpreted by the CPU, and reserve syscall 378 for kcmp (the
        checksyscalls.sh script is unfortunately currently broken so arch
        maintainers aren't getting notified of new syscalls...)
      
        Lastly, a larger fix for an issue between the common clk subsystem and
        smp_twd which causes warnings to be spat out."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: reserve syscall 378 for kcmp
        ARM: 7535/1: Reprogram smp_twd based on new common clk framework notifiers
        ARM: 7537/1: clk: Fix release in devm_clk_put()
        ARM: 7532/1: decompressor: reset SCTLR.TRE for VMSA ARMv7 cores
        ARM: 7534/1: clk: Make the managed clk functions generically available
      b3a297d1
    • L
      Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · cead24c1
      Linus Torvalds 提交于
      Pull HID fixes from Jiri Kosina:
       "The most important fix is Logitech Unifying receiver regression in
        device enumeration fix from Nestor Lopez Casado.  In addition to that,
        there is a small memory leak fix for Thinkpad keyboard driver from
        Axel Lin."
      
      * 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: Fix logitech-dj: missing Unifying device issue
        HID: lenovo-tpkbd: Fix memory leak in tpkbd_remove_tp()
      cead24c1
    • L
      Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6 · a4be6c77
      Linus Torvalds 提交于
      Pull cifs fix from Steve French.
      
      * 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix return value in cifsConvertToUTF16
      a4be6c77
  3. 22 9月, 2012 29 次提交
  4. 21 9月, 2012 5 次提交
    • M
      can: ti_hecc: fix oops during rmmod · ab04c8bd
      Marc Kleine-Budde 提交于
      This patch fixes an oops which occurs when unloading the driver, while the
      network interface is still up. The problem is that first the io mapping is
      teared own, then the CAN device is unregistered, resulting in accessing the
      hardware's iomem:
      
      [  172.744232] Unable to handle kernel paging request at virtual address c88b0040
      [  172.752441] pgd = c7be4000
      [  172.755645] [c88b0040] *pgd=87821811, *pte=00000000, *ppte=00000000
      [  172.762207] Internal error: Oops: 807 [#1] PREEMPT ARM
      [  172.767517] Modules linked in: ti_hecc(-) can_dev
      [  172.772430] CPU: 0    Not tainted  (3.5.0alpha-00037-g3554cc0 #126)
      [  172.778961] PC is at ti_hecc_close+0xb0/0x100 [ti_hecc]
      [  172.784423] LR is at __dev_close_many+0x90/0xc0
      [  172.789123] pc : [<bf00c768>]    lr : [<c033be58>]    psr: 60000013
      [  172.789123] sp : c5c1de68  ip : 00040081  fp : 00000000
      [  172.801025] r10: 00000001  r9 : c5c1c000  r8 : 00100100
      [  172.806457] r7 : c5d0a48c  r6 : c5d0a400  r5 : 00000000  r4 : c5d0a000
      [  172.813232] r3 : c88b0000  r2 : 00000001  r1 : c5d0a000  r0 : c5d0a000
      [  172.820037] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      [  172.827423] Control: 10c5387d  Table: 87be4019  DAC: 00000015
      [  172.833404] Process rmmod (pid: 600, stack limit = 0xc5c1c2f0)
      [  172.839447] Stack: (0xc5c1de68 to 0xc5c1e000)
      [  172.843994] de60:                   bf00c6b8 c5c1dec8 c5d0a000 c5d0a000 00200200 c033be58
      [  172.852478] de80: c5c1de44 c5c1dec8 c5c1dec8 c033bf2c c5c1de90 c5c1de90 c5d0a084 c5c1de44
      [  172.860992] dea0: c5c1dec8 c033c098 c061d3dc c5d0a000 00000000 c05edf28 c05edb34 c000d724
      [  172.869476] dec0: 00000000 c033c2f8 c5d0a084 c5d0a084 00000000 c033c370 00000000 c5d0a000
      [  172.877990] dee0: c05edb00 c033c3b8 c5d0a000 bf00d3ac c05edb00 bf00d7c8 bf00d7c8 c02842dc
      [  172.886474] df00: c02842c8 c0282f90 c5c1c000 c05edb00 bf00d7c8 c0283668 bf00d7c8 00000000
      [  172.894989] df20: c0611f98 befe2f80 c000d724 c0282d10 bf00d804 00000000 00000013 c0068a8c
      [  172.903472] df40: c5c538e8 685f6974 00636365 c61571a8 c5cb9980 c61571a8 c6158a20 c00c9bc4
      [  172.911987] df60: 00000000 00000000 c5cb9980 00000000 c5cb9980 00000000 c7823680 00000006
      [  172.920471] df80: bf00d804 00000880 c5c1df8c 00000000 000d4267 befe2f80 00000001 b6d90068
      [  172.928985] dfa0: 00000081 c000d5a0 befe2f80 00000001 befe2f80 00000880 b6d90008 00000008
      [  172.937469] dfc0: befe2f80 00000001 b6d90068 00000081 00000001 00000000 befe2eac 00000000
      [  172.945983] dfe0: 00000000 befe2b18 00023ba4 b6e6addc 60000010 befe2f80 a8e00190 86d2d344
      [  172.954498] [<bf00c768>] (ti_hecc_close+0xb0/0x100 [ti_hecc]) from [<c033be58>] (__dev__registered_many+0xc0/0x2a0)
      [  172.984161] [<c033c098>] (rollback_registered_many+0xc0/0x2a0) from [<c033c2f8>] (rollback_registered+0x20/0x30)
      [  172.994750] [<c033c2f8>] (rollback_registered+0x20/0x30) from [<c033c370>] (unregister_netdevice_queue+0x68/0x98)
      [  173.005401] [<c033c370>] (unregister_netdevice_queue+0x68/0x98) from [<c033c3b8>] (unregister_netdev+0x18/0x20)
      [  173.015899] [<c033c3b8>] (unregister_netdev+0x18/0x20) from [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc])
      [  173.026245] [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc]) from [<c02842dc>] (platform_drv_remove+0x14/0x18)
      [  173.036712] [<c02842dc>] (platform_drv_remove+0x14/0x18) from [<c0282f90>] (__device_release_driver+0x7c/0xbc)
      
      Cc: stable <stable@vger.kernel.org>
      Cc: Anant Gole <anantgole@ti.com>
      Tested-by: NJan Luebbe <jlu@pengutronix.de>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      ab04c8bd
    • I
      can: janz-ican3: fix support for older hardware revisions · e21093ef
      Ira W. Snyder 提交于
      The Revision 1.0 Janz CMOD-IO Carrier Board does not have support for
      the reset registers. To support older hardware, the code is changed to
      use the hardware reset register on the Janz VMOD-ICAN3 hardware itself.
      
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NIra W. Snyder <iws@ovro.caltech.edu>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      e21093ef
    • D
      Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes · 017a27e7
      Dave Airlie 提交于
      Daniel writes:
      Essentially just flush my -fixes queue before I head off to xdc.
      - gen2 regression fixer, we've enabled the lvds stuff too late. Not
        causing any known issues, but this restores the sequence before a
        refactor that landed in 3.5, and lvds is a fickle beast. And seriously,
        who runs gen2 still ...
      - downgrade a BUG to a WARN - we haven't root-caused/fixed the underlying
        issue yet, but this should help bug reporters quite a bit.
      - properly disable hdmi audio - we've lost track of this, which resulted
        in the alsa driver again losing track of the unplug event.
      
      * 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
        drm/i915: HDMI - Clear Audio Enable bit for Hot Plug
        drm/i915: Reduce a pin-leak BUG into a WARN
        drm/i915: enable lvds pin pairs before dpll on gen2
      017a27e7
    • D
      drm/nouveau: add dmi quirk for gpio reset · 6c06d608
      Dave Airlie 提交于
      This fixes the gpio reset problem so the Retina MBP works, but avoids
      breaking the Dell systems. Ben will work on a better solution for 3.7.
      
      Tested by me on retina MBP.
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      6c06d608
    • E
      net: do not disable sg for packets requiring no checksum · c0d680e5
      Ed Cashin 提交于
      A change in a series of VLAN-related changes appears to have
      inadvertently disabled the use of the scatter gather feature of
      network cards for transmission of non-IP ethernet protocols like ATA
      over Ethernet (AoE).  Below is a reference to the commit that
      introduces a "harmonize_features" function that turns off scatter
      gather when the NIC does not support hardware checksumming for the
      ethernet protocol of an sk buff.
      
        commit f01a5236
        Author: Jesse Gross <jesse@nicira.com>
        Date:   Sun Jan 9 06:23:31 2011 +0000
      
            net offloading: Generalize netif_get_vlan_features().
      
      The can_checksum_protocol function is not equipped to consider a
      protocol that does not require checksumming.  Calling it for a
      protocol that requires no checksum is inappropriate.
      
      The patch below has harmonize_features call can_checksum_protocol when
      the protocol needs a checksum, so that the network layer is not forced
      to perform unnecessary skb linearization on the transmission of AoE
      packets.  Unnecessary linearization results in decreased performance
      and increased memory pressure, as reported here:
      
        http://www.spinics.net/lists/linux-mm/msg15184.html
      
      The problem has probably not been widely experienced yet, because
      only recently has the kernel.org-distributed aoe driver acquired the
      ability to use payloads of over a page in size, with the patchset
      recently included in the mm tree:
      
        https://lkml.org/lkml/2012/8/28/140
      
      The coraid.com-distributed aoe driver already could use payloads of
      greater than a page in size, but its users generally do not use the
      newest kernels.
      Signed-off-by: NEd Cashin <ecashin@coraid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0d680e5