1. 15 Apr, 2013 2 commits
  2. 14 Apr, 2013 1 commit
    • Cong Wang's avatar
      ipv6: statically link register_inet6addr_notifier() · f88c91dd
      Cong Wang authored
      Tomas reported the following build error:
      
      net/built-in.o: In function `ieee80211_unregister_hw':
      (.text+0x10f0e1): undefined reference to `unregister_inet6addr_notifier'
      net/built-in.o: In function `ieee80211_register_hw':
      (.text+0x10f610): undefined reference to `register_inet6addr_notifier'
      make: *** [vmlinux] Error 1
      
      when built IPv6 as a module.
      
      So we have to statically link these symbols.
      Reported-by: default avatarTomas Melin <tomas.melin@iki.fi>
      Cc: Tomas Melin <tomas.melin@iki.fi>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: YOSHIFUJI Hidaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: default avatarCong Wang <amwang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f88c91dd
  3. 13 Apr, 2013 1 commit
    • Thomas Petazzoni's avatar
      net: mvmdio: add select PHYLIB · 2e0cbf2c
      Thomas Petazzoni authored
      The mvmdio driver uses the phylib API, so it should select the PHYLIB
      symbol, otherwise, a build with mvmdio (but without mvneta) fails to
      build with undefined symbols such as mdiobus_unregister, mdiobus_free,
      etc.
      
      The mvneta driver does not use the phylib API directly, so it does not
      need to select PHYLIB. It already selects the mvmdio driver anyway.
      
      Historically, this problem is due to the fact that the PHY handling
      was originally part of mvneta, and was later moved to a separate
      driver, without updating the Kconfig select statements
      accordingly. And since there was no functional reason to use mvmdio
      without mvneta, this case was not tested.
      Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
      Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e0cbf2c
  4. 12 Apr, 2013 8 commits
  5. 11 Apr, 2013 5 commits
  6. 10 Apr, 2013 10 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · fe2971a0
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) cfg80211_conn_scan() must be called with the sched_scan_mutex, fix
          from Artem Savkov.
      
       2) Fix regression in TCP ICMPv6 processing, we do not want to treat
          redirects as socket errors, from Christoph Paasch.
      
       3) Fix several recvmsg() msg_name kernel memory leaks into userspace,
          in ATM, AX25, Bluetooth, CAIF, IRDA, s390 IUCV, L2TP, LLC, Netrom,
          NFC, Rose, TIPC, and VSOCK.  From Mathias Krause and Wei Yongjun.
      
       4) Fix AF_IUCV handling of segmented SKBs in recvmsg(), from Ursula
          Braun and Eric Dumazet.
      
       5) CAN gw.c code does kfree() on SLAB cache memory, use
          kmem_cache_free() instead.  Fix from Wei Yongjun.
      
       6) Fix LSM regression on TCP SYN/ACKs, some LSMs such as SELINUX want
          an skb->sk socket context available for these packets, but nothing
          else requires it.  From Eric Dumazet and Paul Moore.
      
       7) Fix ipv4 address lifetime processing so that we don't perform
          sleepable acts inside of rcu_read_lock() sections, do them in an
          rtnl_lock() section instead.  From Jiri Pirko.
      
       8) mvneta driver accidently sets HW features after device registry, it
          should do so beforehand.  Fix from Willy Tarreau.
      
       9) Fix bonding unload races more correctly, from Nikolay Aleksandrov
          and Veaceslav Falico.
      
      10) rtnl_dump_ifinfo() and rtnl_calcit() invoke nlmsg_parse() with wrong
          header size argument.  Fix from Michael Riesch.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
        lsm: add the missing documentation for the security_skb_owned_by() hook
        bnx2x: Prevent null pointer dereference in AFEX mode
        e100: Add dma mapping error check
        selinux: add a skb_owned_by() hook
        can: gw: use kmem_cache_free() instead of kfree()
        netrom: fix invalid use of sizeof in nr_recvmsg()
        qeth: fix qeth_wait_for_threads() deadlock for OSN devices
        af_iucv: fix recvmsg by replacing skb_pull() function
        rtnetlink: Call nlmsg_parse() with correct header length
        bonding: fix bonding_masters race condition in bond unloading
        Revert "bonding: remove sysfs before removing devices"
        net: mvneta: enable features before registering the driver
        hyperv: Fix RNDIS send_completion code path
        hyperv: Fix a kernel warning from netvsc_linkstatus_callback()
        net: ipv4: fix schedule while atomic bug in check_lifetime()
        net: ipv4: reset check_lifetime_work after changing lifetime
        bnx2x: Fix KR2 rapid link flap
        sctp: remove 'sridhar' from maintainers list
        VSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg()
        VSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue()
        ...
      fe2971a0
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming · eb02db38
      Linus Torvalds authored
      Pull C6X fix from Mark Salter.
      
      Final (?) fix from the barrier discussion.
      
      * tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming:
        add memory barrier to arch_local_irq_restore
      eb02db38
    • Paul Moore's avatar
      lsm: add the missing documentation for the security_skb_owned_by() hook · 6b07a24f
      Paul Moore authored
      Unfortunately we didn't catch the missing comments earlier when the
      patch was merged.
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b07a24f
    • Yuval Mintz's avatar
      bnx2x: Prevent null pointer dereference in AFEX mode · fea75645
      Yuval Mintz authored
      The cnic module is responsible for initializing various bnx2x structs
      via callbacks provided by the bnx2x module.
      One such struct is the queue object for the FCoE queue.
      
      If a device is working in AFEX mode and its configuration allows FCoE yet
      the cnic module is not loaded, it's very likely a null pointer dereference
      will occur, as the bnx2x will erroneously access the FCoE's queue object.
      
      Prevent said access until cnic properly registers itself.
      Signed-off-by: default avatarYuval Mintz <yuvalmin@broadcom.com>
      Signed-off-by: default avatarAriel Elior <ariele@broadcom.com>
      Signed-off-by: default avatarEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fea75645
    • Neil Horman's avatar
      e100: Add dma mapping error check · 61a0f6ef
      Neil Horman authored
      e100 uses pci_map_single, but fails to check for a dma mapping error after its
      use, resulting in a stack trace:
      
      [   46.656594] ------------[ cut here ]------------
      [   46.657004] WARNING: at lib/dma-debug.c:933 check_unmap+0x47b/0x950()
      [   46.657004] Hardware name: To Be Filled By O.E.M.
      [   46.657004] e100 0000:00:0e.0: DMA-API: device driver failed to check map
      error[device address=0x000000007a4540fa] [size=90 bytes] [mapped as single]
      [   46.657004] Modules linked in:
      [   46.657004]  w83627hf hwmon_vid snd_via82xx ppdev snd_ac97_codec ac97_bus
      snd_seq snd_pcm snd_mpu401 snd_mpu401_uart ns558 snd_rawmidi gameport parport_pc
      e100 snd_seq_device parport snd_page_alloc snd_timer snd soundcore skge shpchp
      k8temp mii edac_core i2c_viapro edac_mce_amd nfsd auth_rpcgss nfs_acl lockd
      sunrpc binfmt_misc uinput ata_generic pata_acpi radeon i2c_algo_bit
      drm_kms_helper ttm firewire_ohci drm firewire_core pata_via sata_via i2c_core
      sata_promise crc_itu_t
      [   46.657004] Pid: 792, comm: ip Not tainted 3.8.0-0.rc6.git0.1.fc19.x86_64 #1
      [   46.657004] Call Trace:
      [   46.657004]  <IRQ>  [<ffffffff81065ed0>] warn_slowpath_common+0x70/0xa0
      [   46.657004]  [<ffffffff81065f4c>] warn_slowpath_fmt+0x4c/0x50
      [   46.657004]  [<ffffffff81364cfb>] check_unmap+0x47b/0x950
      [   46.657004]  [<ffffffff8136522f>] debug_dma_unmap_page+0x5f/0x70
      [   46.657004]  [<ffffffffa030f0f0>] ? e100_tx_clean+0x30/0x210 [e100]
      [   46.657004]  [<ffffffffa030f1a8>] e100_tx_clean+0xe8/0x210 [e100]
      [   46.657004]  [<ffffffffa030fc6f>] e100_poll+0x56f/0x6c0 [e100]
      [   46.657004]  [<ffffffff8159dce1>] ? net_rx_action+0xa1/0x370
      [   46.657004]  [<ffffffff8159ddb2>] net_rx_action+0x172/0x370
      [   46.657004]  [<ffffffff810703bf>] __do_softirq+0xef/0x3d0
      [   46.657004]  [<ffffffff816e4ebc>] call_softirq+0x1c/0x30
      [   46.657004]  [<ffffffff8101c485>] do_softirq+0x85/0xc0
      [   46.657004]  [<ffffffff81070885>] irq_exit+0xd5/0xe0
      [   46.657004]  [<ffffffff816e5756>] do_IRQ+0x56/0xc0
      [   46.657004]  [<ffffffff816dacb2>] common_interrupt+0x72/0x72
      [   46.657004]  <EOI>  [<ffffffff816da1eb>] ?
      _raw_spin_unlock_irqrestore+0x3b/0x70
      [   46.657004]  [<ffffffff816d124d>] __slab_free+0x58/0x38b
      [   46.657004]  [<ffffffff81214424>] ? fsnotify_clear_marks_by_inode+0x34/0x120
      [   46.657004]  [<ffffffff811b0417>] ? kmem_cache_free+0x97/0x320
      [   46.657004]  [<ffffffff8157fc14>] ? sock_destroy_inode+0x34/0x40
      [   46.657004]  [<ffffffff8157fc14>] ? sock_destroy_inode+0x34/0x40
      [   46.657004]  [<ffffffff811b0692>] kmem_cache_free+0x312/0x320
      [   46.657004]  [<ffffffff8157fc14>] sock_destroy_inode+0x34/0x40
      [   46.657004]  [<ffffffff811e8c28>] destroy_inode+0x38/0x60
      [   46.657004]  [<ffffffff811e8d5e>] evict+0x10e/0x1a0
      [   46.657004]  [<ffffffff811e9605>] iput+0xf5/0x180
      [   46.657004]  [<ffffffff811e4338>] dput+0x248/0x310
      [   46.657004]  [<ffffffff811ce0e1>] __fput+0x171/0x240
      [   46.657004]  [<ffffffff811ce26e>] ____fput+0xe/0x10
      [   46.657004]  [<ffffffff8108d54c>] task_work_run+0xac/0xe0
      [   46.657004]  [<ffffffff8106c6ed>] do_exit+0x26d/0xc30
      [   46.657004]  [<ffffffff8109eccc>] ? finish_task_switch+0x7c/0x120
      [   46.657004]  [<ffffffff816dad58>] ? retint_swapgs+0x13/0x1b
      [   46.657004]  [<ffffffff8106d139>] do_group_exit+0x49/0xc0
      [   46.657004]  [<ffffffff8106d1c4>] sys_exit_group+0x14/0x20
      [   46.657004]  [<ffffffff816e3b19>] system_call_fastpath+0x16/0x1b
      [   46.657004] ---[ end trace 4468c44e2156e7d1 ]---
      [   46.657004] Mapped at:
      [   46.657004]  [<ffffffff813663d1>] debug_dma_map_page+0x91/0x140
      [   46.657004]  [<ffffffffa030e8eb>] e100_xmit_prepare+0x12b/0x1c0 [e100]
      [   46.657004]  [<ffffffffa030c924>] e100_exec_cb+0x84/0x140 [e100]
      [   46.657004]  [<ffffffffa030e56a>] e100_xmit_frame+0x3a/0x190 [e100]
      [   46.657004]  [<ffffffff8159ee89>] dev_hard_start_xmit+0x259/0x6c0
      
      Easy fix, modify the cb paramter to e100_exec_cb to return an error, and do the
      dma_mapping_error check in the obvious place
      
      This was reported previously here:
      http://article.gmane.org/gmane.linux.network/257893
      
      But nobody stepped up and fixed it.
      
      CC: Josh Boyer <jwboyer@redhat.com>
      CC: e1000-devel@lists.sourceforge.net
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reported-by: default avatarMichal Jaegermann <michal@harddata.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      61a0f6ef
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-3.9-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 51de0170
      Linus Torvalds authored
      Pull another nfs fixlet from Trond Myklebust:
       "I suddenly noticed that a one-line issue that I _thought_ I had fixed
        with the nfs41_walk_client_list patch was apparently still there in
        the pull request I sent earlier today.  I'm very sorry for not
        catching that in time.
      
         - Fix a brain fart in nfs41_walk_client_list"
      
      * tag 'nfs-for-3.9-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFSv4: Doh! Typo in the fix to nfs41_walk_client_list
      51de0170
    • Trond Myklebust's avatar
      NFSv4: Doh! Typo in the fix to nfs41_walk_client_list · eb04e0ac
      Trond Myklebust authored
      Make sure that we set the status to 0 on success. Missed in testing
      because it never appears when doing multiple mounts to _different_
      servers.
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: <stable@vger.kernel.org> # 3.7.x: 7b1f1fd1: NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list
      eb04e0ac
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · f94eeb42
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       - fix for memory corruption issues in nfs4[01]_walk_client_list (stable)
       - fix for an Oopsable bug in rpc_clone_client (stable)
       - another state manager deadlock in the NFSv4 open code
       - memory leaks in nfs4_discover_server_trunking and rpc_new_client
      
      * tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFSv4: Fix another potential state manager deadlock
        SUNRPC: Fix a potential memory leak in rpc_new_client
        NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list
        NFSv4: Fix a memory leak in nfs4_discover_server_trunking
        SUNRPC: Remove extra xprt_put()
      f94eeb42
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · d02a9a89
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a GCM bug that breaks IPsec and a compile problem in
        ux500."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ux500 - add missing comma
        crypto: gcm - fix assumption that assoc has one segment
      d02a9a89
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 49b442ca
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Just a spare semicolon in nouveau that caused some issues, and an
        mgag200 fix"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/mgag200: Index 24 in extended CRTC registers is 24 in hex, not decimal.
        drm/nouveau: fix unconditional return waiting on memory
      49b442ca
  7. 09 Apr, 2013 13 commits
    • Christopher Harvey's avatar
      drm/mgag200: Index 24 in extended CRTC registers is 24 in hex, not decimal. · 1812a3db
      Christopher Harvey authored
      This change properly enables the "requester" in G200ER cards that is
      responsible for getting pixels out of memory and clocking them out to
      the screen.
      Signed-off-by: default avatarChristopher Harvey <charvey@matrox.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      1812a3db
    • Mark Salter's avatar
      add memory barrier to arch_local_irq_restore · f934af05
      Mark Salter authored
      arch_local_irq_save() and friends are required to act as compiler
      memory barriers. This patch adds a "memory" clobber to the inline
      asm code in arch_local_irq_restore() which is used as the building
      block for other functions needing to set/clear the interrupt enable
      in the CSR register.
      Signed-off-by: default avatarMark Salter <msalter@redhat.com>
      f934af05
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · e8f2b548
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "A nasty bug in fs/namespace.c caught by Andrey + a couple of less
        serious unpleasantness - ecryptfs misc device playing hopeless games
        with try_module_get() and palinfo procfs support being...  not quite
        correctly done, to be polite."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        mnt: release locks on error path in do_loopback
        palinfo fixes
        procfs: add proc_remove_subtree()
        ecryptfs: close rmmod race
      e8f2b548
    • Linus Torvalds's avatar
      Merge tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio · 43ecdb0d
      Linus Torvalds authored
      Pull vfio overflow fix from Alex Williamson.
      
      * tag 'vfio-v3.9-rc7' of git://github.com/awilliam/linux-vfio:
        vfio-pci: Fix possible integer overflow
      43ecdb0d
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20130409' of git://git.kernel.dk/linux-block · 27387dd8
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "I've got a few smaller fixes queued up for 3.9 that should go in.  The
        major one is the loop regression, the others are nice fixes on their
        own though.  It contains:
      
         - Fix for unitialized var in the block sysfs code, courtesy of Arnd
           and gcc-4.8.
      
         - Two fixes for mtip32xx, fixing probe and command timeout.  Also a
           debug measure that could have waited for 3.10, but it's driver
           only, so I let it slip in.
      
         - Revert the loop partition cleanup fix, it could cause a deadlock on
           auto-teardown as part of umount.  The fix is clear, but at this
           point we just want to revert it and get a real fix in for 3.10."
      
      * tag 'for-linus-20130409' of git://git.kernel.dk/linux-block:
        Revert "loop: cleanup partitions when detaching loop device"
        mtip32xx: fix two smatch warnings
        mtip32xx: Add debugfs entry device_status
        mtip32xx: return 0 from pci probe in case of rebuild
        mtip32xx: recovery from command timeout
        block: avoid using uninitialized value in from queue_var_store
      27387dd8
    • Jozsef Kadlecsik's avatar
      netfilter: ipset: hash:*net*: nomatch flag not excluded on set resize · 6eb4c7e9
      Jozsef Kadlecsik authored
      If a resize is triggered the nomatch flag is not excluded at hashing,
      which leads to the element missed at lookup in the resized set.
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6eb4c7e9
    • Jozsef Kadlecsik's avatar
      netfilter: ipset: list:set: fix reference counter update · 02f815cb
      Jozsef Kadlecsik authored
      The last element can be replaced or pushed off and in both
      cases the reference counter must be updated.
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      02f815cb
    • Andrey Vagin's avatar
      mnt: release locks on error path in do_loopback · e9c5d8a5
      Andrey Vagin authored
      do_loopback calls lock_mount(path) and forget to unlock_mount
      if clone_mnt or copy_mnt fails.
      
      [   77.661566] ================================================
      [   77.662939] [ BUG: lock held when returning to user space! ]
      [   77.664104] 3.9.0-rc5+ #17 Not tainted
      [   77.664982] ------------------------------------------------
      [   77.666488] mount/514 is leaving the kernel with locks still held!
      [   77.668027] 2 locks held by mount/514:
      [   77.668817]  #0:  (&sb->s_type->i_mutex_key#7){+.+.+.}, at: [<ffffffff811cca22>] lock_mount+0x32/0xe0
      [   77.671755]  #1:  (&namespace_sem){+++++.}, at: [<ffffffff811cca3a>] lock_mount+0x4a/0xe0
      Signed-off-by: default avatarAndrey Vagin <avagin@openvz.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      e9c5d8a5
    • Al Viro's avatar
      palinfo fixes · ccf93204
      Al Viro authored
      	* check for proc_mkdir() failures
      	* fix buffer overrun - sizeof(format string) is *not* enough to
      hold sprintf() result.
      	* use proc_remove_subtree(); life's much easier with it
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      ccf93204
    • Al Viro's avatar
      procfs: add proc_remove_subtree() · 8ce584c7
      Al Viro authored
      just what it sounds like; do that only to procfs subtrees you've
      created - doing that to something shared with another driver is
      not only antisocial, but might cause interesting races with
      proc_create() and its ilk.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      8ce584c7
    • Al Viro's avatar
      ecryptfs: close rmmod race · 52f21999
      Al Viro authored
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      52f21999
    • Linus Torvalds's avatar
      spinlocks and preemption points need to be at least compiler barriers · 386afc91
      Linus Torvalds authored
      In UP and non-preempt respectively, the spinlocks and preemption
      disable/enable points are stubbed out entirely, because there is no
      regular code that can ever hit the kind of concurrency they are meant to
      protect against.
      
      However, while there is no regular code that can cause scheduling, we
      _do_ end up having some exceptional (literally!) code that can do so,
      and that we need to make sure does not ever get moved into the critical
      region by the compiler.
      
      In particular, get_user() and put_user() is generally implemented as
      inline asm statements (even if the inline asm may then make a call
      instruction to call out-of-line), and can obviously cause a page fault
      and IO as a result.  If that inline asm has been scheduled into the
      middle of a preemption-safe (or spinlock-protected) code region, we
      obviously lose.
      
      Now, admittedly this is *very* unlikely to actually ever happen, and
      we've not seen examples of actual bugs related to this.  But partly
      exactly because it's so hard to trigger and the resulting bug is so
      subtle, we should be extra careful to get this right.
      
      So make sure that even when preemption is disabled, and we don't have to
      generate any actual *code* to explicitly tell the system that we are in
      a preemption-disabled region, we need to at least tell the compiler not
      to move things around the critical region.
      
      This patch grew out of the same discussion that caused commits
      79e5f05e ("ARC: Add implicit compiler barrier to raw_local_irq*
      functions") and 3e2e0d2c ("tile: comment assumption about
      __insn_mtspr for <asm/irqflags.h>") to come about.
      
      Note for stable: use discretion when/if applying this.  As mentioned,
      this bug may never have actually bitten anybody, and gcc may never have
      done the required code motion for it to possibly ever trigger in
      practice.
      
      Cc: stable@vger.kernel.org
      Cc: Steven Rostedt <srostedt@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      386afc91
    • David S. Miller's avatar
      Merge branch 'fixes-for-3.9' of git://gitorious.org/linux-can/linux-can · 7b9a035f
      David S. Miller authored
      Marc Kleine-Budde says:
      
      ====================
      here's a fix for the v3.9 release cycle, if not too late:
      
      Wei Yongjun contributes a patch for the can-gw protocoll. The patch fixes the
      memory allocated with kmem_cache_alloc(), is now freed using kmem_cache_free(),
      not kfree().
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7b9a035f