linux-stable.git, branch v3.13.8

Linux 3.13.8

2014-03-31T17:05:38+00:00

libceph: fix preallocation check in get_reply()

2014-03-31T17:05:16+00:00

commit f2be82b0058e90b5d9ac2cb896b4914276fb50ef upstream.

The check that makes sure that we have enough memory allocated to read
in the entire header of the message in question is currently busted.
It compares front_len of the incoming message with iov_len field of
ceph_msg::front structure, which is used primarily to indicate the
amount of data already read in, and not the size of the allocated
buffer.  Under certain conditions (e.g. a short read from a socket
followed by that socket's shutdown and owning ceph_connection reset)
this results in a warning similar to

[85688.975866] libceph: get_reply front 198 > preallocated 122 (4#0)

and, through another bug, leads to forever hung tasks and forced
reboots.  Fix this by comparing front_len with front_alloc_len field of
struct ceph_msg, which stores the actual size of the buffer.

Fixes: http://tracker.ceph.com/issues/5425

Signed-off-by: Ilya Dryomov 
Reviewed-by: Sage Weil 
Signed-off-by: Greg Kroah-Hartman

libceph: rename front to front_len in get_reply()

2014-03-31T17:05:16+00:00

commit 3f0a4ac55fe036902e3666be740da63528ad8639 upstream.

Rename front local variable to front_len in get_reply() to make its
purpose more clear.

Signed-off-by: Ilya Dryomov 
Reviewed-by: Sage Weil 
Signed-off-by: Greg Kroah-Hartman

libceph: rename ceph_msg::front_max to front_alloc_len

2014-03-31T17:05:16+00:00

commit 3cea4c3071d4e55e9d7356efe9d0ebf92f0c2204 upstream.

Rename front_max field of struct ceph_msg to front_alloc_len to make
its purpose more clear.

Signed-off-by: Ilya Dryomov 
Reviewed-by: Sage Weil 
Signed-off-by: Greg Kroah-Hartman

e100: Fix "disabling already-disabled device" warning

2014-03-31T17:05:16+00:00

commit 2b6e0ca175fe4a20f21ba82b1e7ccc71029c4dd4 upstream.

In https://bugzilla.redhat.com/show_bug.cgi?id=994438 and
https://bugzilla.redhat.com/show_bug.cgi?id=970480  we
received different reports of e100 throwing the following
warning:

 [] ? pci_disable_device+0x85/0x90
 [] warn_slowpath_fmt+0x33/0x40
 [] pci_disable_device+0x85/0x90
 [] __e100_shutdown+0x80/0x120 [e100]
 [] ? check_preempt_curr+0x65/0x90
 [] e100_suspend+0x16/0x30 [e100]
 [] pci_legacy_suspend+0x2b/0xb0
 [] ? wait_for_completion+0x1f/0xd0
 [] ? pci_pm_poweroff+0xb0/0xb0
 [] pci_pm_freeze+0x94/0xa0
 [] dpm_run_callback+0x37/0x80
 [] ? pm_wakeup_pending+0xc4/0x140
 [] __device_suspend+0xb2/0x1f0
 [] async_suspend+0x1f/0x90
 [] async_run_entry_fn+0x35/0x140
 [] ? wake_up_process+0x1f/0x40
 [] process_one_work+0x115/0x370
 [] ? start_worker+0x25/0x30
 [] ? manage_workers.isra.27+0x1a5/0x250
 [] worker_thread+0xfe/0x330
 [] ? manage_workers.isra.27+0x250/0x250
 [] kthread+0x94/0xa0
 [] ret_from_kernel_thread+0x1b/0x28
 [] ? insert_kthread_work+0x30/0x30

This patch removes pci_disable_device() from __e100_shutdown().
pci_clear_master() is enough.

Signed-off-by: Michele Baldessari 
Tested-by: Mark Harig 
Signed-off-by: Aaron Brown 
Signed-off-by: David S. Miller 
Cc: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman

xhci: Fix resume issues on Renesas chips in Samsung laptops

2014-03-31T17:05:16+00:00

commit 1aa9578c1a9450fb21501c4f549f5b1edb557e6d upstream.

Don Zickus  writes:

Some co-workers of mine bought Samsung laptops that had mostly usb3 ports.
Those ports did not resume correctly (the driver would timeout communicating
and fail).  This led to frustration as suspend/resume is a common use for
laptops.

Poking around, I applied the reset on resume quirk to this chipset and the
resume started working.  Reloading the xhci_hcd module had been the temporary
workaround.

Signed-off-by: Sarah Sharp 
Reported-by: Don Zickus 
Tested-by: Prarit Bhargava 
Signed-off-by: Greg Kroah-Hartman

Input: wacom - add reporting of SW_MUTE_DEVICE events

2014-03-31T17:05:16+00:00

commit 961794a00eab03f4344b7d5e825e8e789e55da87 upstream.

New Intuos series models added a hardware switch to turn touch
data on/off. The state of the switch is reported periodically
from the tablet. To report the state the driver will emit SW_MUTE_DEVICE
events.

Reviewed_by: Chris Bagwell 
Acked-by: Peter Hutterer 
Tested-by: Jason Gerecke 
Signed-off-by: Ping Cheng 
Signed-off-by: Dmitry Torokhov 
Cc: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman

Input: wacom - add support for three new Intuos devices

2014-03-31T17:05:16+00:00

commit b5fd2a3e92ca5c8c1f3c20d31ac5daed3ec4d604 upstream.

Two tablets in this series support both pen and touch. One (Intuos S)
only supports pen. This patch also updates the driver to process wireless
devices that do not support touch interface.

Tested-by: Jason Gerecke 
Reviewed-by: Chris Bagwell 
Signed-off-by: Ping Cheng 
Signed-off-by: Dmitry Torokhov 
Cc: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman

Input: wacom - make sure touch_max is set for touch devices

2014-03-31T17:05:16+00:00

commit 1d0d6df02750b4a6f466768cbfbf860e24f4c8d4 upstream.

Old single touch Tablet PCs do not have touch_max set at
wacom_features. Since touch device at lease supports one
finger, assign touch_max to 1 when touch usage is defined
in its HID Descriptor and touch_max is not pre-defined.

Tested-by: Jason Gerecke 
Signed-off-by: Ping Cheng 
Reviewed-by: Chris Bagwell 
Signed-off-by: Dmitry Torokhov 
Cc: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman

KVM: VMX: fix use after free of vmx->loaded_vmcs

2014-03-31T17:05:16+00:00

commit 26a865f4aa8e66a6d94958de7656f7f1b03c6c56 upstream.

After free_loaded_vmcs executes, the "loaded_vmcs" structure
is kfreed, and now vmx->loaded_vmcs points to a kfreed area.
Subsequent free_loaded_vmcs then attempts to manipulate
vmx->loaded_vmcs.

Switch the order to avoid the problem.

https://bugzilla.redhat.com/show_bug.cgi?id=1047892

Reviewed-by: Jan Kiszka 
Signed-off-by: Marcelo Tosatti 
Cc: Josh Boyer 
Signed-off-by: Greg Kroah-Hartman