1. 27 Mar, 2013 16 commits
  2. 20 Mar, 2013 24 commits
    • Ben Hutchings's avatar
      Linux 3.2.41 · 1c08ea4b
      Ben Hutchings authored
      1c08ea4b
    • Alan Stern's avatar
      NLS: improve UTF8 -> UTF16 string conversion routine · 6022b672
      Alan Stern authored
      commit 0720a06a upstream.
      
      The utf8s_to_utf16s conversion routine needs to be improved.  Unlike
      its utf16s_to_utf8s sibling, it doesn't accept arguments specifying
      the maximum length of the output buffer or the endianness of its
      16-bit output.
      
      This patch (as1501) adds the two missing arguments, and adjusts the
      only two places in the kernel where the function is called.  A
      follow-on patch will add a third caller that does utilize the new
      capabilities.
      
      The two conversion routines are still annoyingly inconsistent in the
      way they handle invalid byte combinations.  But that's a subject for a
      different patch.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      CC: Clemens Ladisch <clemens@ladisch.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      6022b672
    • Eric Sandeen's avatar
      btrfs: use rcu_barrier() to wait for bdev puts at unmount · 2d8db10e
      Eric Sandeen authored
      commit bc178622 upstream.
      
      Doing this would reliably fail with -EBUSY for me:
      
      # mount /dev/sdb2 /mnt/scratch; umount /mnt/scratch; mkfs.btrfs -f /dev/sdb2
      ...
      unable to open /dev/sdb2: Device or resource busy
      
      because mkfs.btrfs tries to open the device O_EXCL, and somebody still has it.
      
      Using systemtap to track bdev gets & puts shows a kworker thread doing a
      blkdev put after mkfs attempts a get; this is left over from the unmount
      path:
      
      btrfs_close_devices
      	__btrfs_close_devices
      		call_rcu(&device->rcu, free_device);
      			free_device
      				INIT_WORK(&device->rcu_work, __free_device);
      				schedule_work(&device->rcu_work);
      
      so unmount might complete before __free_device fires & does its blkdev_put.
      
      Adding an rcu_barrier() to btrfs_close_devices() causes unmount to wait
      until all blkdev_put()s are done, and the device is truly free once
      unmount completes.
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
      Signed-off-by: default avatarChris Mason <chris.mason@fusionio.com>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      2d8db10e
    • Guo Chao's avatar
      loopdev: remove an user triggerable oops · 3a6356e6
      Guo Chao authored
      commit b1a66504 upstream.
      
      When loopdev is built as module and we pass an invalid parameter,
      loop_init() will return directly without deregister misc device, which
      will cause an oops when insert loop module next time because we left some
      garbage in the misc device list.
      
      Test case:
      sudo modprobe loop max_part=1024
      (failed due to invalid parameter)
      sudo modprobe loop
      (oops)
      
      Clean up nicely to avoid such oops.
      Signed-off-by: default avatarGuo Chao <yan@linux.vnet.ibm.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Guo Chao <yan@linux.vnet.ibm.com>
      Cc: M. Hindess <hindessm@uk.ibm.com>
      Cc: Nikanth Karthikesan <knikanth@suse.de>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      3a6356e6
    • Guo Chao's avatar
      loopdev: fix a deadlock · 54d75ff2
      Guo Chao authored
      commit 5370019d upstream.
      
      bd_mutex and lo_ctl_mutex can be held in different order.
      
      Path #1:
      
      blkdev_open
       blkdev_get
        __blkdev_get (hold bd_mutex)
         lo_open (hold lo_ctl_mutex)
      
      Path #2:
      
      blkdev_ioctl
       lo_ioctl (hold lo_ctl_mutex)
        lo_set_capacity (hold bd_mutex)
      
      Lockdep does not report it, because path #2 actually holds a subclass of
      lo_ctl_mutex.  This subclass seems creep into the code by mistake.  The
      patch author actually just mentioned it in the changelog, see commit
      f028f3b2 ("loop: fix circular locking in loop_clr_fd()"), also see:
      
      	http://marc.info/?l=linux-kernel&m=123806169129727&w=2
      
      Path #2 hold bd_mutex to call bd_set_size(), I've protected it
      with i_mutex in a previous patch, so drop bd_mutex at this site.
      Signed-off-by: default avatarGuo Chao <yan@linux.vnet.ibm.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Guo Chao <yan@linux.vnet.ibm.com>
      Cc: M. Hindess <hindessm@uk.ibm.com>
      Cc: Nikanth Karthikesan <knikanth@suse.de>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      54d75ff2
    • Guo Chao's avatar
      block: use i_size_write() in bd_set_size() · c1a782a5
      Guo Chao authored
      commit d646a02a upstream.
      
      blkdev_ioctl(GETBLKSIZE) uses i_size_read() to read size of block device.
      If we update block size directly, reader may see intermediate result in
      some machines and configurations.  Use i_size_write() instead.
      Signed-off-by: default avatarGuo Chao <yan@linux.vnet.ibm.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Guo Chao <yan@linux.vnet.ibm.com>
      Cc: M. Hindess <hindessm@uk.ibm.com>
      Cc: Nikanth Karthikesan <knikanth@suse.de>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      c1a782a5
    • Laszlo Ersek's avatar
      xen-netfront: delay gARP until backend switches to Connected · 29db446a
      Laszlo Ersek authored
      commit 08e34eb1 upstream.
      
      After a guest is live migrated, the xen-netfront driver emits a gratuitous
      ARP message, so that networking hardware on the target host's subnet can
      take notice, and public routing to the guest is re-established. However,
      if the packet appears on the backend interface before the backend is added
      to the target host's bridge, the packet is lost, and the migrated guest's
      peers become unable to talk to the guest.
      
      A sufficient two-parts condition to prevent the above is:
      
      (1) ensure that the backend only moves to Connected xenbus state after its
      hotplug scripts completed, ie. the netback interface got added to the
      bridge; and
      
      (2) ensure the frontend only queues the gARP when it sees the backend move
      to Connected.
      
      These two together provide complete ordering. Sub-condition (1) is already
      satisfied by commit f942dc25 in Linus' tree, based on commit
      6b0b80ca7165 from [1].
      
      In general, the full condition is sufficient, not necessary, because,
      according to [2], live migration has been working for a long time without
      satisfying sub-condition (2). However, after 6b0b80ca7165 was backported
      to the RHEL-5 host to ensure (1), (2) still proved necessary in the RHEL-6
      guest. This patch intends to provide (2) for upstream.
      
      The Reviewed-by line comes from [3].
      
      [1] git://xenbits.xen.org/people/ianc/linux-2.6.git#upstream/dom0/backend/netback-history
      [2] http://old-list-archives.xen.org/xen-devel/2011-06/msg01969.html
      [3] http://old-list-archives.xen.org/xen-devel/2011-07/msg00484.htmlSigned-off-by: default avatarLaszlo Ersek <lersek@redhat.com>
      Reviewed-by: default avatarIan Campbell <ian.campbell@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      29db446a
    • Jiang Liu's avatar
      mm/hotplug: correctly add new zone to all other nodes' zone lists · 1bdb24f5
      Jiang Liu authored
      commit 08dff7b7 upstream.
      
      When online_pages() is called to add new memory to an empty zone, it
      rebuilds all zone lists by calling build_all_zonelists().  But there's a
      bug which prevents the new zone to be added to other nodes' zone lists.
      
      online_pages() {
      	build_all_zonelists()
      	.....
      	node_set_state(zone_to_nid(zone), N_HIGH_MEMORY)
      }
      
      Here the node of the zone is put into N_HIGH_MEMORY state after calling
      build_all_zonelists(), but build_all_zonelists() only adds zones from
      nodes in N_HIGH_MEMORY state to the fallback zone lists.
      build_all_zonelists()
      
          ->__build_all_zonelists()
      	->build_zonelists()
      	    ->find_next_best_node()
      		->for_each_node_state(n, N_HIGH_MEMORY)
      
      So memory in the new zone will never be used by other nodes, and it may
      cause strange behavor when system is under memory pressure.  So put node
      into N_HIGH_MEMORY state before calling build_all_zonelists().
      Signed-off-by: default avatarJianguo Wu <wujianguo@huawei.com>
      Signed-off-by: default avatarJiang Liu <liuj97@gmail.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Keping Chen <chenkeping@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      1bdb24f5
    • Sven Eckelmann's avatar
      batman-adv: Only write requested number of byte to user buffer · f3fa0df5
      Sven Eckelmann authored
      commit b5a1eeef upstream.
      
      Don't write more than the requested number of bytes of an batman-adv icmp
      packet to the userspace buffer. Otherwise unrelated userspace memory might get
      overridden by the kernel.
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <lindner_marek@yahoo.de>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      f3fa0df5
    • Paul Kot's avatar
      batman-adv: bat_socket_read missing checks · 83257435
      Paul Kot authored
      commit c00b6856 upstream.
      
      Writing a icmp_packet_rr and then reading icmp_packet can lead to kernel
      memory corruption, if __user *buf is just below TASK_SIZE.
      Signed-off-by: default avatarPaul Kot <pawlkt@gmail.com>
      [sven@narfation.org: made it checkpatch clean]
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <lindner_marek@yahoo.de>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      83257435
    • Sarah Sharp's avatar
      USB: Fix connected device switch to Inactive state. · 0eb97065
      Sarah Sharp authored
      commit d3b9d7a9 upstream.
      
      A USB 3.0 device can transition to the Inactive state if a U1 or U2 exit
      transition fails.  The current code in hub_events simply issues a warm
      reset, but does not call any pre-reset or post-reset driver methods (or
      unbind/rebind drivers without them).  Therefore the drivers won't know
      their device has just been reset.
      
      hub_events should instead call usb_reset_device.  This means
      hub_port_reset now needs to figure out whether it should issue a warm
      reset or a hot reset.
      
      Remove the FIXME note about needing disconnect() for a NOTATTACHED
      device.  This patch fixes that.
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      0eb97065
    • Sarah Sharp's avatar
      USB: Rip out recursive call on warm port reset. · 52cbf32a
      Sarah Sharp authored
      commit a24a6078 upstream.
      
      When a hot reset fails on a USB 3.0 port, the current port reset code
      recursively calls hub_port_reset inside hub_port_wait_reset.  This isn't
      ideal, since we should avoid recursive calls in the kernel, and it also
      doesn't allow us to issue multiple warm resets on reset failures.
      
      Rip out the recursive call.  Instead, add code to hub_port_reset to
      issue a warm reset if the hot reset fails, and try multiple warm resets
      before giving up on the port.
      
      In hub_port_wait_reset, remove the recursive call and re-indent.  The
      code is basically the same, except:
      
      1. It bails out early if the port has transitioned to Inactive or
      Compliance Mode after the reset completed.
      
      2. It doesn't consider a connect status change to be a failed reset.  If
      multiple warm resets needed to be issued, the connect status may have
      changed, so we need to ignore that and look at the port link state
      instead.  hub_port_reset will now do that.
      
      3. It unconditionally sets udev->speed on all types of successful
      resets.  The old recursive code would set the port speed when the second
      hub_port_reset returned.
      
      The old code did not handle connected devices needing a warm reset well.
      There were only two situations that the old code handled correctly: an
      empty port needing a warm reset, and a hot reset that migrated to a warm
      reset.
      
      When an empty port needed a warm reset, hub_port_reset was called with
      the warm variable set.  The code in hub_port_finish_reset would skip
      telling the USB core and the xHC host that the device was reset, because
      otherwise that would result in a NULL pointer dereference.
      
      When a USB 3.0 device reset migrated to a warm reset, the recursive call
      made the call stack look like this:
      
      hub_port_reset(warm = false)
              hub_wait_port_reset(warm = false)
                      hub_port_reset(warm = true)
                              hub_wait_port_reset(warm = true)
                              hub_port_finish_reset(warm = true)
                              (return up the call stack to the first wait)
      
              hub_port_finish_reset(warm = false)
      
      The old code didn't want to notify the USB core or the xHC host of device reset
      twice, so it only did it in the second call to hub_port_finish_reset,
      when warm was set to false.  This was necessary because
      before patch two ("USB: Ignore xHCI Reset Device status."), the USB core
      would pay attention to the xHC Reset Device command error status, and
      the second call would always fail.
      
      Now that we no longer have the recursive call, and warm can change from
      false to true in hub_port_reset, we need to have hub_port_finish_reset
      unconditionally notify the USB core and the xHC of the device reset.
      
      In hub_port_finish_reset, unconditionally clear the connect status
      change (CSC) bit for USB 3.0 hubs when the port reset is done.  If we
      had to issue multiple warm resets for a device, that bit may have been
      set if the device went into SS.Inactive and then was successfully warm
      reset.
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      52cbf32a
    • Sarah Sharp's avatar
      USB: Prepare for refactoring by adding extra udev checks. · 5bd7c59c
      Sarah Sharp authored
      commit 2d4fa940 upstream.
      
      The next patch will refactor the hub port code to rip out the recursive
      call to hub_port_reset on a failed hot reset.  In preparation for that,
      make sure all code paths can deal with being called with a NULL udev.
      The usb_device will not be valid if warm reset was issued because a port
      transitioned to the Inactive or Compliance Mode on a device connect.
      
      This patch should have no effect on current behavior.
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      5bd7c59c
    • Sarah Sharp's avatar
      USB: Don't use EHCI port sempahore for USB 3.0 hubs. · 541f862e
      Sarah Sharp authored
      commit 0fe51aa5 upstream.
      
      The EHCI host controller needs to prevent EHCI initialization when the
      UHCI or OHCI companion controller is in the middle of a port reset.  It
      uses ehci_cf_port_reset_rwsem to do this.  USB 3.0 hubs can't be under
      an EHCI host controller, so it makes no sense to down the semaphore for
      USB 3.0 hubs.  It also makes the warm port reset code more complex.
      
      Don't down ehci_cf_port_reset_rwsem for USB 3.0 hubs.
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      541f862e
    • Mathieu Desnoyers's avatar
      Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys · d9737ff1
      Mathieu Desnoyers authored
      commit 8aec0f5d upstream.
      
      Looking at mm/process_vm_access.c:process_vm_rw() and comparing it to
      compat_process_vm_rw() shows that the compatibility code requires an
      explicit "access_ok()" check before calling
      compat_rw_copy_check_uvector(). The same difference seems to appear when
      we compare fs/read_write.c:do_readv_writev() to
      fs/compat.c:compat_do_readv_writev().
      
      This subtle difference between the compat and non-compat requirements
      should probably be debated, as it seems to be error-prone. In fact,
      there are two others sites that use this function in the Linux kernel,
      and they both seem to get it wrong:
      
      Now shifting our attention to fs/aio.c, we see that aio_setup_iocb()
      also ends up calling compat_rw_copy_check_uvector() through
      aio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to
      be missing. Same situation for
      security/keys/compat.c:compat_keyctl_instantiate_key_iov().
      
      I propose that we add the access_ok() check directly into
      compat_rw_copy_check_uvector(), so callers don't have to worry about it,
      and it therefore makes the compat call code similar to its non-compat
      counterpart. Place the access_ok() check in the same location where
      copy_from_user() can trigger a -EFAULT error in the non-compat code, so
      the ABI behaviors are alike on both compat and non-compat.
      
      While we are here, fix compat_do_readv_writev() so it checks for
      compat_rw_copy_check_uvector() negative return values.
      
      And also, fix a memory leak in compat_keyctl_instantiate_key_iov() error
      handling.
      Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Acked-by: default avatarAl Viro <viro@ZenIV.linux.org.uk>
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      d9737ff1
    • Mathias Krause's avatar
      crypto: user - fix info leaks in report API · f56cb892
      Mathias Krause authored
      commit 9a5467bf upstream.
      
      Three errors resulting in kernel memory disclosure:
      
      1/ The structures used for the netlink based crypto algorithm report API
      are located on the stack. As snprintf() does not fill the remainder of
      the buffer with null bytes, those stack bytes will be disclosed to users
      of the API. Switch to strncpy() to fix this.
      
      2/ crypto_report_one() does not initialize all field of struct
      crypto_user_alg. Fix this to fix the heap info leak.
      
      3/ For the module name we should copy only as many bytes as
      module_name() returns -- not as much as the destination buffer could
      hold. But the current code does not and therefore copies random data
      from behind the end of the module name, as the module name is always
      shorter than CRYPTO_MAX_ALG_NAME.
      
      Also switch to use strncpy() to copy the algorithm's name and
      driver_name. They are strings, after all.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      f56cb892
    • Guenter Roeck's avatar
      hwmon: (pmbus/ltc2978) Fix temperature reporting · a5f562fe
      Guenter Roeck authored
      commit 8c958c70 upstream.
      
      On LTC2978, only READ_TEMPERATURE is supported. It reports
      the internal junction temperature. This register is unpaged.
      
      On LTC3880, READ_TEMPERATURE and READ_TEMPERATURE2 are supported.
      READ_TEMPERATURE is paged and reports external temperatures.
      READ_TEMPERATURE2 is unpaged and reports the internal junction
      temperature.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Acked-by: default avatarJean Delvare <khali@linux-fr.org>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      a5f562fe
    • Axel Lin's avatar
    • Kees Cook's avatar
      signal: always clear sa_restorer on execve · 125664f0
      Kees Cook authored
      commit 2ca39528 upstream.
      
      When the new signal handlers are set up, the location of sa_restorer is
      not cleared, leaking a parent process's address space location to
      children.  This allows for a potential bypass of the parent's ASLR by
      examining the sa_restorer value returned when calling sigaction().
      
      Based on what should be considered "secret" about addresses, it only
      matters across the exec not the fork (since the VMAs haven't changed
      until the exec).  But since exec sets SIG_DFL and keeps sa_restorer,
      this is where it should be fixed.
      
      Given the few uses of sa_restorer, a "set" function was not written
      since this would be the only use.  Instead, we use
      __ARCH_HAS_SA_RESTORER, as already done in other places.
      
      Example of the leak before applying this patch:
      
        $ cat /proc/$$/maps
        ...
        7fb9f3083000-7fb9f3238000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
        ...
        $ ./leak
        ...
        7f278bc74000-7f278be29000 r-xp 00000000 fd:01 404469 .../libc-2.15.so
        ...
        1 0 (nil) 0x7fb9f30b94a0
        2 4000000 (nil) 0x7f278bcaa4a0
        3 4000000 (nil) 0x7f278bcaa4a0
        4 0 (nil) 0x7fb9f30b94a0
        ...
      
      [akpm@linux-foundation.org: use SA_RESTORER for backportability]
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reported-by: default avatarEmese Revfy <re.emese@gmail.com>
      Cc: Emese Revfy <re.emese@gmail.com>
      Cc: PaX Team <pageexec@freemail.hu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Serge Hallyn <serge.hallyn@canonical.com>
      Cc: Julien Tinnes <jln@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      125664f0
    • Oliver Neukum's avatar
      USB: cdc-wdm: fix buffer overflow · 8e535446
      Oliver Neukum authored
      commit c0f5ecee upstream.
      
      The buffer for responses must not overflow.
      If this would happen, set a flag, drop the data and return
      an error after user space has read all remaining data.
      Signed-off-by: default avatarOliver Neukum <oliver@neukum.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      8e535446
    • Marcin Jurkowski's avatar
      w1: fix oops when w1_search is called from netlink connector · cd144405
      Marcin Jurkowski authored
      commit 9d1817ca upstream.
      
      On Sat, Mar 02, 2013 at 10:45:10AM +0100, Sven Geggus wrote:
      > This is the bad commit I found doing git bisect:
      > 04f482fa is the first bad commit
      > commit 04f482fa
      > Author: Patrick McHardy <kaber@trash.net>
      > Date:   Mon Mar 28 08:39:36 2011 +0000
      
      Good job. I was too lazy to bisect for bad commit;)
      
      Reading the code I found problematic kthread_should_stop call from netlink
      connector which causes the oops. After applying a patch, I've been testing
      owfs+w1 setup for nearly two days and it seems to work very reliable (no
      hangs, no memleaks etc).
      More detailed description and possible fix is given below:
      
      Function w1_search can be called from either kthread or netlink callback.
      While the former works fine, the latter causes oops due to kthread_should_stop
      invocation.
      
      This patch adds a check if w1_search is serving netlink command, skipping
      kthread_should_stop invocation if so.
      Signed-off-by: default avatarMarcin Jurkowski <marcin1j@gmail.com>
      Acked-by: default avatarEvgeniy Polyakov <zbr@ioremap.net>
      Cc: Josh Boyer <jwboyer@gmail.com>
      Tested-by: default avatarSven Geggus <lists@fuchsschwanzdomain.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      cd144405
    • Steve Conklin's avatar
      usb: serial: Add Rigblaster Advantage to device table · 0c0e3753
      Steve Conklin authored
      commit a57e82a1 upstream.
      
      The Rigblaster Advantage is an amateur radio interface sold by West Mountain
      Radio. It contains a cp210x serial interface but the device ID is not in
      the driver.
      Signed-off-by: default avatarSteve Conklin <sconklin@canonical.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      0c0e3753
    • Paul Bolle's avatar
      tty: serial: fix typo "ARCH_S5P6450" · 88ef1234
      Paul Bolle authored
      commit 827aa0d3 upstream.
      
      This could have been either ARCH_S5P64X0 or CPU_S5P6450. Looking at
      commit 2555e663 ("ARM: S5P64X0: Add UART
      serial support for S5P6450") - which added this typo - makes clear this
      should be CPU_S5P6450.
      Signed-off-by: default avatarPaul Bolle <pebolle@tiscali.nl>
      Acked-by: default avatarKukjin Kim <kgene.kim@samsung.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      [bwh: Backported to 3.2: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      88ef1234
    • Wang YanQing's avatar
      serial: 8250_pci: add support for another kind of NetMos Technology PCI 9835 Multi-I/O Controller · 80d17151
      Wang YanQing authored
      commit 8d2f8cd4 upstream.
      
      01:08.0 Communication controller: NetMos Technology PCI 9835 Multi-I/O Controller (rev 01)
      	Subsystem: Device [1000:0012]
      	Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
      	Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
      	Interrupt: pin A routed to IRQ 20
      	Region 0: I/O ports at e050 [size=8]
      	Region 1: I/O ports at e040 [size=8]
      	Region 2: I/O ports at e030 [size=8]
      	Region 3: I/O ports at e020 [size=8]
      	Region 4: I/O ports at e010 [size=8]
      	Region 5: I/O ports at e000 [size=16]
      Signed-off-by: default avatarWang YanQing <udknight@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      [bwh: Backported to 3.2: adjust filename]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      80d17151