1. 02 Nov, 2015 8 commits
    • Ben Hutchings's avatar
      ppp, slip: Validate VJ compression slot parameters completely · 4ab42d78
      Ben Hutchings authored
      Currently slhc_init() treats out-of-range values of rslots and tslots
      as equivalent to 0, except that if tslots is too large it will
      dereference a null pointer (CVE-2015-7799).
      
      Add a range-check at the top of the function and make it return an
      ERR_PTR() on error instead of NULL.  Change the callers accordingly.
      
      Compile-tested only.
      Reported-by: default avatar郭永刚 <guoyonggang@360.cn>
      References: http://article.gmane.org/gmane.comp.security.oss.general/17908Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4ab42d78
    • Ben Hutchings's avatar
      isdn_ppp: Add checks for allocation failure in isdn_ppp_open() · 0baa57d8
      Ben Hutchings authored
      Compile-tested only.
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0baa57d8
    • Bjørn Mork's avatar
      qmi_wwan: fix entry for HP lt4112 LTE/HSPA+ Gobi 4G Module · 70910791
      Bjørn Mork authored
      The lt4112 is a HP branded Huawei me906e modem. Like other Huawei
      modems, it does not have a fixed interface to function mapping.
      Instead it uses a Huawei specific scheme: functions are mapped by
      subclass and protocol.
      
      However, the HP vendor ID is used for modems from many different
      manufacturers using different schemes, so we cannot apply a generic
      vendor rule like we do for the Huawei vendor ID.
      
      Replace the previous lt4112 entry pointing to an arbitrary interface
      number with a device specific subclass + protocol match.
      Reported-and-tested-by: default avatarMuri Nicanor <muri+libqmi@immerda.ch>
      Tested-by: default avatarMartin Hauke <mardnh@gmx.de>
      Fixes: bb2bdeb8 ("qmi_wwan: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem")
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      70910791
    • Ani Sinha's avatar
      ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context. · 44f49dd8
      Ani Sinha authored
      Fixes the following kernel BUG :
      
      BUG: using __this_cpu_add() in preemptible [00000000] code: bash/2758
      caller is __this_cpu_preempt_check+0x13/0x15
      CPU: 0 PID: 2758 Comm: bash Tainted: P           O   3.18.19 #2
       ffffffff8170eaca ffff880110d1b788 ffffffff81482b2a 0000000000000000
       0000000000000000 ffff880110d1b7b8 ffffffff812010ae ffff880007cab800
       ffff88001a060800 ffff88013a899108 ffff880108b84240 ffff880110d1b7c8
      Call Trace:
      [<ffffffff81482b2a>] dump_stack+0x52/0x80
      [<ffffffff812010ae>] check_preemption_disabled+0xce/0xe1
      [<ffffffff812010d4>] __this_cpu_preempt_check+0x13/0x15
      [<ffffffff81419d60>] ipmr_queue_xmit+0x647/0x70c
      [<ffffffff8141a154>] ip_mr_forward+0x32f/0x34e
      [<ffffffff8141af76>] ip_mroute_setsockopt+0xe03/0x108c
      [<ffffffff810553fc>] ? get_parent_ip+0x11/0x42
      [<ffffffff810e6974>] ? pollwake+0x4d/0x51
      [<ffffffff81058ac0>] ? default_wake_function+0x0/0xf
      [<ffffffff810553fc>] ? get_parent_ip+0x11/0x42
      [<ffffffff810613d9>] ? __wake_up_common+0x45/0x77
      [<ffffffff81486ea9>] ? _raw_spin_unlock_irqrestore+0x1d/0x32
      [<ffffffff810618bc>] ? __wake_up_sync_key+0x4a/0x53
      [<ffffffff8139a519>] ? sock_def_readable+0x71/0x75
      [<ffffffff813dd226>] do_ip_setsockopt+0x9d/0xb55
      [<ffffffff81429818>] ? unix_seqpacket_sendmsg+0x3f/0x41
      [<ffffffff813963fe>] ? sock_sendmsg+0x6d/0x86
      [<ffffffff813959d4>] ? sockfd_lookup_light+0x12/0x5d
      [<ffffffff8139650a>] ? SyS_sendto+0xf3/0x11b
      [<ffffffff810d5738>] ? new_sync_read+0x82/0xaa
      [<ffffffff813ddd19>] compat_ip_setsockopt+0x3b/0x99
      [<ffffffff813fb24a>] compat_raw_setsockopt+0x11/0x32
      [<ffffffff81399052>] compat_sock_common_setsockopt+0x18/0x1f
      [<ffffffff813c4d05>] compat_SyS_setsockopt+0x1a9/0x1cf
      [<ffffffff813c4149>] compat_SyS_socketcall+0x180/0x1e3
      [<ffffffff81488ea1>] cstar_dispatch+0x7/0x1e
      Signed-off-by: default avatarAni Sinha <ani@arista.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44f49dd8
    • David S. Miller's avatar
      Merge branch 'sh_eth-fixes' · d3e8b858
      David S. Miller authored
      Sergei Shtylyov says:
      
      ====================
      sh_eth: fix bugs in sh_eth_ring_init()
      
         Here's a set of 2 patches against DaveM's 'net.git' repo which fix couple of
      bugs in the sh_eth_ring_init() function.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3e8b858
    • Sergei Shtylyov's avatar
      sh_eth: fix WARNING in dma_common_free_remap() · b61ed8fd
      Sergei Shtylyov authored
      Iff the first dma_alloc_coherent()  call fails in sh_eth_ring_init(), the
      following  is printed to the kernel console:
      
      WARNING: CPU: 0 PID: 1 at drivers/base/dma-mapping.c:334 dma_common_free_remap+0x48/0x6c()
      trying to free invalid coherent area:   (null)
      Modules linked in:
      CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.3.0-rc7-dirty #969
      Hardware name: Generic R8A7791 (Flattened Device Tree)
      Backtrace:
      [<c0013820>] (dump_backtrace) from [<c00139bc>] (show_stack+0x18/0x1c)
       r6:c0662856 r5:00000009 r4:00000000 r3:00204140
      [<c00139a4>] (show_stack) from [<c0227510>] (dump_stack+0x74/0x90)
      [<c022749c>] (dump_stack) from [<c0026ef4>] (warn_slowpath_common+0x8c/0xb8)
       r4:ee84dce0 r3:c0712774
      [<c0026e68>] (warn_slowpath_common) from [<c0026fc4>] (warn_slowpath_fmt+0x38/0x40)
       r8:ee7f8000 r7:c0734520 r6:00001000 r5:20000008 r4:00000000
      [<c0026f90>] (warn_slowpath_fmt) from [<c02df404>] (dma_common_free_remap+0x48/0x6c)
       r3:00000000 r2:c0662871
      [<c02df3bc>] (dma_common_free_remap) from [<c001b9fc>] (__arm_dma_free+0xb8/0xd4)
      r6:00000001 r5:00000000 r4:00001000 r3:ee8c5584
      [<c001b944>] (__arm_dma_free) from [<c001ba68>] (arm_dma_free+0x24/0x2c)
       r10:0000016b r8:00000000 r7:ee9bc830 r6:00000000 r5:00000400 r4:ee9bc800
      [<c001ba44>] (arm_dma_free) from [<c032ebf0>] (sh_eth_ring_init+0x110/0x138)
      [<c032eae0>] (sh_eth_ring_init) from [<c033179c>] (sh_eth_open+0x94/0x1f4)
       r6:00000000 r5:ee9bcd18 r4:ee9bc800
      [<c0331708>] (sh_eth_open) from [<c041bf7c>] (__dev_open+0x84/0x104)
       r6:c0565c50 r5:00000000 r4:ee9bc800
      [<c041bef8>] (__dev_open) from [<c041c208>] (__dev_change_flags+0x94/0x13c)
       r7:00001002 r6:00000001 r5:00001003 r4:ee9bc800
      [<c041c174>] (__dev_change_flags) from [<c041c2e8>] (dev_change_flags+0x20/0x50)
       r7:c072c8a0 r6:00000138 r5:00001002 r4:ee9bc800
      [<c041c2c8>] (dev_change_flags) from [<c06e8d4c>] (ip_auto_config+0x174/0xf7c)
       r8:00001002 r7:c072c8a0 r6:c0700040 r5:00000001 r4:ee9bc800 r3:00000101
      [<c06e8bd8>] (ip_auto_config) from [<c000a810>] (do_one_initcall+0x100/0x1c8)
       r10:c06f883c r9:00000000 r8:c06e8bd8 r7:c0734000 r6:c070e918 r5:c070e918
       r4:ee083640
      [<c000a710>] (do_one_initcall) from [<c06c9ddc>] (kernel_init_freeable+0x11c/0x1ec)
       r10:c06f883c r9:00000000 r8:00000099 r7:c0734000 r6:c070372c r5:c06f8834
       r4:00000007
      [<c06c9cc0>] (kernel_init_freeable) from [<c0514d78>] (kernel_init+0x14/0xec)
       r10:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c0514d64 r4:c0734000
      [<c0514d64>] (kernel_init) from [<c0010458>] (ret_from_fork+0x14/0x3c)
       r4:00000000 r3:ee84c000
      
      This is because the code jumps to a wrong label and so tries to free yet
      unallocated coherent memory.  Fix the *goto* in question.
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b61ed8fd
    • Sergei Shtylyov's avatar
      sh_eth: fix uninitialized arrays in sh_eth_ring_init() · 2c94e856
      Sergei Shtylyov authored
      sh_eth_ring_free()  called in the sh_eth_ring_init()'s error path expects
      the arrays pointed  to  by 'sh_eth_private::[rt]x_skbuff' to be initialized
      with NULLs but they are allocated with just kmalloc_array() and so are left
      filled with random data. Use kcalloc() instead.
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c94e856
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.3-20151030' of... · 615a1003
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.3-20151030' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2015-10-30
      
      this is a pull request for the upcoming v4.3 release.
      
      Marek Vasut provides a patch to use the correct attrlen in the nla_put() in the
      can_fill_info() function.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      615a1003
  2. 01 Nov, 2015 8 commits
    • Phil Reid's avatar
      stmmac: Correctly report PTP capabilities. · e6dbe1eb
      Phil Reid authored
      priv->hwts_*_en indicate if timestamping is enabled/disabled at run
      time. But  priv->dma_cap.time_stamp  and priv->dma_cap.atime_stamp
      indicates HW is support for PTPv1/PTPv2.
      Signed-off-by: default avatarPhil Reid <preid@electromag.com.au>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e6dbe1eb
    • David S. Miller's avatar
      Merge branch 'ipv4_link_down' · fc2a263b
      David S. Miller authored
      Julian Anastasov says:
      
      ====================
      ipv4: fix problems from the RTNH_F_LINKDOWN introduction
      
      Fix two problems from the change that introduced RTNH_F_LINKDOWN
      flag. The first patch deals with the removal of local route on
      DOWN event. The second patch makes sure the RTNH_F_LINKDOWN
      flag is properly updated on UP event because the DOWN event
      sets it in all cases.
      
      v2->v3:
      - use bool for force var
      
      v1->v2:
      - forgot to add ifconfig dummy0 down in the test case
      - split to 2 patches
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fc2a263b
    • Julian Anastasov's avatar
      ipv4: update RTNH_F_LINKDOWN flag on UP event · c9b3292e
      Julian Anastasov authored
      When nexthop is part of multipath route we should clear the
      LINKDOWN flag when link goes UP or when first address is added.
      This is needed because we always set LINKDOWN flag when DEAD flag
      was set but now on UP the nexthop is not dead anymore. Examples when
      LINKDOWN bit can be forgotten when no NETDEV_CHANGE is delivered:
      
      - link goes down (LINKDOWN is set), then link goes UP and device
      shows carrier OK but LINKDOWN remains set
      
      - last address is deleted (LINKDOWN is set), then address is
      added and device shows carrier OK but LINKDOWN remains set
      
      Steps to reproduce:
      modprobe dummy
      ifconfig dummy0 192.168.168.1 up
      
      here add a multipath route where one nexthop is for dummy0:
      
      ip route add 1.2.3.4 nexthop dummy0 nexthop SOME_OTHER_DEVICE
      ifconfig dummy0 down
      ifconfig dummy0 up
      
      now ip route shows nexthop that is not dead. Now set the sysctl var:
      
      echo 1 > /proc/sys/net/ipv4/conf/dummy0/ignore_routes_with_linkdown
      
      now ip route will show a dead nexthop because the forgotten
      RTNH_F_LINKDOWN is propagated as RTNH_F_DEAD.
      
      Fixes: 8a3d0316 ("net: track link-status of ipv4 nexthops")
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c9b3292e
    • Julian Anastasov's avatar
      ipv4: fix to not remove local route on link down · 4f823def
      Julian Anastasov authored
      When fib_netdev_event calls fib_disable_ip on NETDEV_DOWN event
      we should not delete the local routes if the local address
      is still present. The confusion comes from the fact that both
      fib_netdev_event and fib_inetaddr_event use the NETDEV_DOWN
      constant. Fix it by returning back the variable 'force'.
      
      Steps to reproduce:
      modprobe dummy
      ifconfig dummy0 192.168.168.1 up
      ifconfig dummy0 down
      ip route list table local | grep dummy | grep host
      local 192.168.168.1 dev dummy0  proto kernel  scope host  src 192.168.168.1
      
      Fixes: 8a3d0316 ("net: track link-status of ipv4 nexthops")
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f823def
    • Florian Fainelli's avatar
      net: bcmgenet: Software reset EPHY after power on · 5dbebbb4
      Florian Fainelli authored
      The EPHY on GENET v1->v3 is extremely finicky, and will show occasional
      failures based on the timing and reset sequence, ranging from duplicate
      packets, to extremely high latencies.
      
      Perform an additional software reset, and re-configuration to make sure it is
      in a consistent and working state.
      
      Fixes: 6ac3ce82 ("net: bcmgenet: Remove excessive PHY reset")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5dbebbb4
    • Pavel Fedin's avatar
      net: smsc911x: Fix crash if loopback test fails · b43c142f
      Pavel Fedin authored
      On certain hardware in certain situations loopback test fails and the
      driver gets removed. During mdiobus_unregister() instance of PHY driver
      gets disposed. But by this time it has already been started using
      phy_connect_direct().
      
      PHY driver uses DELAYED_WORK in order to maintain its state. Attempting
      to dispose the driver without calling phy_disconnect() causes deallocation
      of DELAYED_WORK being active. This shortly causes a bad crash in timer
      code.
      
      The problem can be discovered by enabling CONFIG_DEBUG_OBJECTS_TIMERS and
      CONFIG_DEBUG_OBJECTS_FREE
      Signed-off-by: default avatarPavel Fedin <p.fedin@samsung.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b43c142f
    • Jon Paul Maloy's avatar
      tipc: linearize arriving NAME_DISTR and LINK_PROTO buffers · 5cbb28a4
      Jon Paul Maloy authored
      Testing of the new UDP bearer has revealed that reception of
      NAME_DISTRIBUTOR, LINK_PROTOCOL/RESET and LINK_PROTOCOL/ACTIVATE
      message buffers is not prepared for the case that those may be
      non-linear.
      
      We now linearize all such buffers before they are delivered up to the
      generic reception layer.
      
      In order for the commit to apply cleanly to 'net' and 'stable', we do
      the change in the function tipc_udp_recv() for now. Later, we will post
      a commit to 'net-next' moving the linearization to generic code, in
      tipc_named_rcv() and tipc_link_proto_rcv().
      
      Fixes: commit d0f91938 ("tipc: add ip/udp media type")
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5cbb28a4
    • Fabio Estevam's avatar
      fec: Use gpio_set_value_cansleep() · f4444574
      Fabio Estevam authored
      We are in a context where we can sleep, and the FEC PHY reset gpio
      may be on an I2C expander. Use the cansleep() variant when
      setting the GPIO value.
      
      Based on a patch from Russell King for pci-mvebu.c.
      Signed-off-by: default avatarFabio Estevam <fabio.estevam@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4444574
  3. 31 Oct, 2015 5 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · 523e1345
      Linus Torvalds authored
      Pull Ceph fix from Sage Weil:
       "This sets the stable pages flag on the RBD block device when we have
        CRCs enabled.  (This is necessary since the default assumption for
        block devices changed in 3.9)"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        rbd: require stable pages if message data CRCs are enabled
      523e1345
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 4bb0fb57
      Linus Torvalds authored
      Pull overlayfs bug fixes from Miklos Szeredi:
       "This contains fixes for bugs that appeared in earlier kernels (all are
        marked for -stable)"
      
      * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: free lower_mnt array in ovl_put_super
        ovl: free stack of paths in ovl_fill_super
        ovl: fix open in stacked overlay
        ovl: fix dentry reference leak
        ovl: use O_LARGEFILE in ovl_copy_up()
      4bb0fb57
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c94eee8a
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix two regressions in ipv6 route lookups, particularly wrt output
          interface specifications in the lookup key.  From David Ahern.
      
       2) Fix checks in ipv6 IPSEC tunnel pre-encap fragmentation, from
          Herbert Xu.
      
       3) Fix mis-advertisement of 1000BASE-T on bcm63xx_enet, from Simon
          Arlott.
      
       4) Some smsc phys misbehave with energy detect mode enabled, so add a
          DT property and disable it on such switches.  From Heiko Schocher.
      
       5) Fix TSO corruption on TX in mv643xx_eth, from Philipp Kirchhofer.
      
       6) Fix regression added by removal of openvswitch vport stats, from
          James Morse.
      
       7) Vendor Kconfig options should be bool, not tristate, from Andreas
          Schwab.
      
       8) Use non-_BH() net stats bump in tcp_xmit_probe_skb(), otherwise we
          barf during TCP REPAIR operations.
      
       9) Fix various bugs in openvswitch conntrack support, from Joe
          Stringer.
      
      10) Fix NETLINK_LIST_MEMBERSHIPS locking, from David Herrmann.
      
      11) Don't have VSOCK do sock_put() in interrupt context, from Jorgen
          Hansen.
      
      12) Fix skb_realloc_headroom() failures properly in ISDN, from Karsten
          Keil.
      
      13) Add some device IDs to qmi_wwan, from Bjorn Mork.
      
      14) Fix ovs egress tunnel information when using lwtunnel devices, from
          Pravin B Shelar.
      
      15) Add missing NETIF_F_FRAGLIST to macvtab feature list, from Jason
          Wang.
      
      16) Fix incorrect handling of throw routes when the result of the throw
          cannot find a match, from Xin Long.
      
      17) Protect ipv6 MTU calculations from wrap-around, from Hannes Frederic
          Sowa.
      
      18) Fix failed autonegotiation on KSZ9031 micrel PHYs, from Nathan
          Sullivan.
      
      19) Add missing memory barries in descriptor accesses or xgbe driver,
          from Thomas Lendacky.
      
      20) Fix release conditon test in pppoe_release(), from Guillaume Nault.
      
      21) Fix gianfar bugs wrt filter configuration, from Claudiu Manoil.
      
      22) Fix violations of RX buffer alignment in sh_eth driver, from Sergei
          Shtylyov.
      
      23) Fixing missing of_node_put() calls in various places around the
          networking, from Julia Lawall.
      
      24) Fix incorrect leaf now walking in ipv4 routing tree, from Alexander
          Duyck.
      
      25) RDS doesn't check pskb_pull()/pskb_trim() return values, from
          Sowmini Varadhan.
      
      26) Fix VLAN configuration in mlx4 driver, from Jack Morgenstein.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (79 commits)
        ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
        Revert "Merge branch 'ipv6-overflow-arith'"
        net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes
        net/mlx4_en: Explicitly set no vlan tags in WQE ctrl segment when no vlan is present
        vhost: fix performance on LE hosts
        bpf: sample: define aarch64 specific registers
        amd-xgbe: Fix race between access of desc and desc index
        RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in rds_tcp_data_recv
        forcedeth: fix unilateral interrupt disabling in netpoll path
        openvswitch: Fix skb leak using IPv6 defrag
        ipv6: Export nf_ct_frag6_consume_orig()
        openvswitch: Fix double-free on ip_defrag() errors
        fib_trie: leaf_walk_rcu should not compute key if key is less than pn->key
        net: mv643xx_eth: add missing of_node_put
        ath6kl: add missing of_node_put
        net: phy: mdio: add missing of_node_put
        netdev/phy: add missing of_node_put
        net: netcp: add missing of_node_put
        net: thunderx: add missing of_node_put
        ipv6: gre: support SIT encapsulation
        ...
      c94eee8a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 38dab9ac
      Linus Torvalds authored
      Pull input layer fixes from Dmitry Torokhov:
      
       - a change to the ALPS driver where we had limit the quirk for
         trackstick handling from being active on all Dells to just a few
         models
      
       - a fix for a build dependency issue in the sur40 driver
      
       - a small clock handling fixup in the LPC32xx touchscreen driver
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: alps - only the Dell Latitude D420/430/620/630 have separate stick button bits
        Input: sur40 - add dependency on VIDEO_V4L2
        Input: lpc32xx_ts - fix warnings caused by enabling unprepared clock
      38dab9ac
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.3-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · f9793e37
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "Sorry for this last-minute update; it's been in -next for quite a
        while, but I forgot about it until I started getting ready for the
        merge window.
      
        It's small and fixes a way a user could cause a panic via sysfs, so I
        think it's worth getting it in v4.3.
      
        NUMA:
          - Prevent out of bounds access in sysfs numa_node override (Sasha Levin)"
      
      * tag 'pci-v4.3-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: Prevent out of bounds access in numa_node override
      f9793e37
  4. 30 Oct, 2015 4 commits
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 9b971e77
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Apologies for this being so late, but we've uncovered a few nasty
        issues on arm64 which didn't settle down until yesterday and the fixes
        all look suitable for 4.3.  Of the four patches, three of them are
        Cc'd to stable, with the remaining patch fixing an issue that only
        took effect during the merge window.
      
        Summary:
      
         - Fix corruption in SWP emulation when STXR fails due to contention
         - Fix MMU re-initialisation when resuming from a low-power state
         - Fix stack unwinding code to match what ftrace expects
         - Fix relocation code in the EFI stub when DRAM base is not 2MB aligned"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64/efi: do not assume DRAM base is aligned to 2 MB
        Revert "ARM64: unwind: Fix PC calculation"
        arm64: kernel: fix tcr_el1.t0sz restore on systems with extended idmap
        arm64: compat: fix stxr failure case in SWP emulation
      9b971e77
    • Linus Torvalds's avatar
      Merge tag 'please-pull-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux · 7c0f488f
      Linus Torvalds authored
      Pull ia64 kcmp syscall from Tony Luck:
       "Missed adding the kcmp() syscall a long time ago.  Now it seems that
        it is essential to build systemd"
      
      * tag 'please-pull-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
        [IA64] Wire up kcmp syscall
      7c0f488f
    • Ronny Hegewald's avatar
      rbd: require stable pages if message data CRCs are enabled · bae818ee
      Ronny Hegewald authored
      rbd requires stable pages, as it performs a crc of the page data before
      they are send to the OSDs.
      
      But since kernel 3.9 (patch 1d1d1a76
      "mm: only enforce stable page writes if the backing device requires
      it") it is not assumed anymore that block devices require stable pages.
      
      This patch sets the necessary flag to get stable pages back for rbd.
      
      In a ceph installation that provides multiple ext4 formatted rbd
      devices "bad crc" messages appeared regularly (ca 1 message every 1-2
      minutes on every OSD that provided the data for the rbd) in the
      OSD-logs before this patch. After this patch this messages are pretty
      much gone (only ca 1-2 / month / OSD).
      
      Cc: stable@vger.kernel.org # 3.9+, needs backporting
      Signed-off-by: default avatarRonny Hegewald <Ronny.Hegewald@online.de>
      [idryomov@gmail.com: require stable pages only in crc case, changelog]
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      bae818ee
    • Marek Vasut's avatar
      can: Use correct type in sizeof() in nla_put() · 562b103a
      Marek Vasut authored
      The sizeof() is invoked on an incorrect variable, likely due to some
      copy-paste error, and this might result in memory corruption. Fix this.
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Cc: Wolfgang Grandegger <wg@grandegger.com>
      Cc: netdev@vger.kernel.org
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      562b103a
  5. 29 Oct, 2015 3 commits
  6. 28 Oct, 2015 12 commits