<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers, branch v3.4.106</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets</title>
<updated>2015-02-02T09:05:26+00:00</updated>
<author>
<name>Ben Hutchings</name>
<email>ben@decadent.org.uk</email>
</author>
<published>2014-10-30T18:27:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e02ae9ddc8130c8a83c3439d24ac831608384fc9'/>
<id>e02ae9ddc8130c8a83c3439d24ac831608384fc9</id>
<content type='text'>
commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 upstream.

UFO is now disabled on all drivers that work with virtio net headers,
but userland may try to send UFO/IPv6 packets anyway.  Instead of
sending with ID=0, we should select identifiers on their behalf (as we
used to).

Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
[bwh: For 3.2, net/ipv6/output_core.c is a completely new file]
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 upstream.

UFO is now disabled on all drivers that work with virtio net headers,
but userland may try to send UFO/IPv6 packets anyway.  Instead of
sending with ID=0, we should select identifiers on their behalf (as we
used to).

Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
[bwh: For 3.2, net/ipv6/output_core.c is a completely new file]
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>firewire: cdev: prevent kernel stack leaking into ioctl arguments</title>
<updated>2015-02-02T09:05:24+00:00</updated>
<author>
<name>Stefan Richter</name>
<email>stefanr@s5r6.in-berlin.de</email>
</author>
<published>2014-11-11T16:16:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cadd269d90b521f43fb0717439a2f252e2f27fcd'/>
<id>cadd269d90b521f43fb0717439a2f252e2f27fcd</id>
<content type='text'>
commit eaca2d8e75e90a70a63a6695c9f61932609db212 upstream.

Found by the UC-KLEE tool:  A user could supply less input to
firewire-cdev ioctls than write- or write/read-type ioctl handlers
expect.  The handlers used data from uninitialized kernel stack then.

This could partially leak back to the user if the kernel subsequently
generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
which notably would contain the _u64 closure field which many of the
ioctl argument structures contain.

The fact that the handlers would act on random garbage input is a
lesser issue since all handlers must check their input anyway.

The fix simply always null-initializes the entire ioctl argument buffer
regardless of the actual length of expected user input.  That is, a
runtime overhead of memset(..., 40) is added to each firewirew-cdev
ioctl() call.  [Comment from Clemens Ladisch:  This part of the stack is
most likely to be already in the cache.]

Remarks:
  - There was never any leak from kernel stack to the ioctl output
    buffer itself.  IOW, it was not possible to read kernel stack by a
    read-type or write/read-type ioctl alone; the leak could at most
    happen in combination with read()ing subsequent event data.
  - The actual expected minimum user input of each ioctl from
    include/uapi/linux/firewire-cdev.h is, in bytes:
    [0x00] = 32, [0x05] =  4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
    [0x01] = 36, [0x06] = 20, [0x0b] =  4, [0x10] = 20, [0x15] = 20,
    [0x02] = 20, [0x07] =  4, [0x0c] =  0, [0x11] =  0, [0x16] =  8,
    [0x03] =  4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
    [0x04] = 20, [0x09] = 24, [0x0e] =  4, [0x13] = 40, [0x18] =  4.

Reported-by: David Ramos &lt;daramos@stanford.edu&gt;
Signed-off-by: Stefan Richter &lt;stefanr@s5r6.in-berlin.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit eaca2d8e75e90a70a63a6695c9f61932609db212 upstream.

Found by the UC-KLEE tool:  A user could supply less input to
firewire-cdev ioctls than write- or write/read-type ioctl handlers
expect.  The handlers used data from uninitialized kernel stack then.

This could partially leak back to the user if the kernel subsequently
generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
which notably would contain the _u64 closure field which many of the
ioctl argument structures contain.

The fact that the handlers would act on random garbage input is a
lesser issue since all handlers must check their input anyway.

The fix simply always null-initializes the entire ioctl argument buffer
regardless of the actual length of expected user input.  That is, a
runtime overhead of memset(..., 40) is added to each firewirew-cdev
ioctl() call.  [Comment from Clemens Ladisch:  This part of the stack is
most likely to be already in the cache.]

Remarks:
  - There was never any leak from kernel stack to the ioctl output
    buffer itself.  IOW, it was not possible to read kernel stack by a
    read-type or write/read-type ioctl alone; the leak could at most
    happen in combination with read()ing subsequent event data.
  - The actual expected minimum user input of each ioctl from
    include/uapi/linux/firewire-cdev.h is, in bytes:
    [0x00] = 32, [0x05] =  4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
    [0x01] = 36, [0x06] = 20, [0x0b] =  4, [0x10] = 20, [0x15] = 20,
    [0x02] = 20, [0x07] =  4, [0x0c] =  0, [0x11] =  0, [0x16] =  8,
    [0x03] =  4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
    [0x04] = 20, [0x09] = 24, [0x0e] =  4, [0x13] = 40, [0x18] =  4.

Reported-by: David Ramos &lt;daramos@stanford.edu&gt;
Signed-off-by: Stefan Richter &lt;stefanr@s5r6.in-berlin.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>of/base: Fix PowerPC address parsing hack</title>
<updated>2015-02-02T09:05:22+00:00</updated>
<author>
<name>Benjamin Herrenschmidt</name>
<email>benh@kernel.crashing.org</email>
</author>
<published>2014-11-14T06:55:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a36f0b51eb6821dc794a769030bacc5aad8dd8c3'/>
<id>a36f0b51eb6821dc794a769030bacc5aad8dd8c3</id>
<content type='text'>
commit 746c9e9f92dde2789908e51a354ba90a1962a2eb upstream.

We have a historical hack that treats missing ranges properties as the
equivalent of an empty one. This is needed for ancient PowerMac "bad"
device-trees, and shouldn't be enabled for any other PowerPC platform,
otherwise we get some nasty layout of devices in sysfs or even
duplication when a set of otherwise identically named devices is
created multiple times under a different parent node with no ranges
property.

This fix is needed for the PowerNV i2c busses to be exposed properly
and will fix a number of other embedded cases.

Signed-off-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Acked-by: Grant Likely &lt;grant.likely@linaro.org&gt;
Signed-off-by: Rob Herring &lt;robh@kernel.org&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 746c9e9f92dde2789908e51a354ba90a1962a2eb upstream.

We have a historical hack that treats missing ranges properties as the
equivalent of an empty one. This is needed for ancient PowerMac "bad"
device-trees, and shouldn't be enabled for any other PowerPC platform,
otherwise we get some nasty layout of devices in sysfs or even
duplication when a set of otherwise identically named devices is
created multiple times under a different parent node with no ranges
property.

This fix is needed for the PowerNV i2c busses to be exposed properly
and will fix a number of other embedded cases.

Signed-off-by: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Acked-by: Grant Likely &lt;grant.likely@linaro.org&gt;
Signed-off-by: Rob Herring &lt;robh@kernel.org&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>can: esd_usb2: fix memory leak on disconnect</title>
<updated>2015-02-02T09:05:22+00:00</updated>
<author>
<name>Alexey Khoroshilov</name>
<email>khoroshilov@ispras.ru</email>
</author>
<published>2014-10-10T20:31:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=11c9fc9d691d0a6669319c30f4da60c1d425801e'/>
<id>11c9fc9d691d0a6669319c30f4da60c1d425801e</id>
<content type='text'>
commit efbd50d2f62fc1f69a3dcd153e63ba28cc8eb27f upstream.

It seems struct esd_usb2 dev is not deallocated on disconnect. The patch adds
the missing deallocation.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov &lt;khoroshilov@ispras.ru&gt;
Acked-by: Matthias Fuchs &lt;matthias.fuchs@esd.eu&gt;
Signed-off-by: Marc Kleine-Budde &lt;mkl@pengutronix.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit efbd50d2f62fc1f69a3dcd153e63ba28cc8eb27f upstream.

It seems struct esd_usb2 dev is not deallocated on disconnect. The patch adds
the missing deallocation.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov &lt;khoroshilov@ispras.ru&gt;
Acked-by: Matthias Fuchs &lt;matthias.fuchs@esd.eu&gt;
Signed-off-by: Marc Kleine-Budde &lt;mkl@pengutronix.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>can: dev: avoid calling kfree_skb() from interrupt context</title>
<updated>2015-02-02T09:05:22+00:00</updated>
<author>
<name>Thomas Körper</name>
<email>thomas.koerper@esd.eu</email>
</author>
<published>2014-10-31T06:33:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=79cbdbf4cfbba078cc8864934eaf843db6ad31c3'/>
<id>79cbdbf4cfbba078cc8864934eaf843db6ad31c3</id>
<content type='text'>
commit 5247a589c24022ab34e780039cc8000c48f2035e upstream.

ikfree_skb() is Called in can_free_echo_skb(), which might be called from (TX
Error) interrupt, which triggers the folloing warning:

[ 1153.360705] ------------[ cut here ]------------
[ 1153.360715] WARNING: CPU: 0 PID: 31 at net/core/skbuff.c:563 skb_release_head_state+0xb9/0xd0()
[ 1153.360772] Call Trace:
[ 1153.360778]  [&lt;c167906f&gt;] dump_stack+0x41/0x52
[ 1153.360782]  [&lt;c105bb7e&gt;] warn_slowpath_common+0x7e/0xa0
[ 1153.360784]  [&lt;c158b909&gt;] ? skb_release_head_state+0xb9/0xd0
[ 1153.360786]  [&lt;c158b909&gt;] ? skb_release_head_state+0xb9/0xd0
[ 1153.360788]  [&lt;c105bc42&gt;] warn_slowpath_null+0x22/0x30
[ 1153.360791]  [&lt;c158b909&gt;] skb_release_head_state+0xb9/0xd0
[ 1153.360793]  [&lt;c158be90&gt;] skb_release_all+0x10/0x30
[ 1153.360795]  [&lt;c158bf06&gt;] kfree_skb+0x36/0x80
[ 1153.360799]  [&lt;f8486938&gt;] ? can_free_echo_skb+0x28/0x40 [can_dev]
[ 1153.360802]  [&lt;f8486938&gt;] can_free_echo_skb+0x28/0x40 [can_dev]
[ 1153.360805]  [&lt;f849a12c&gt;] esd_pci402_interrupt+0x34c/0x57a [esd402]
[ 1153.360809]  [&lt;c10a75b5&gt;] handle_irq_event_percpu+0x35/0x180
[ 1153.360811]  [&lt;c10a7623&gt;] ? handle_irq_event_percpu+0xa3/0x180
[ 1153.360813]  [&lt;c10a7731&gt;] handle_irq_event+0x31/0x50
[ 1153.360816]  [&lt;c10a9c7f&gt;] handle_fasteoi_irq+0x6f/0x120
[ 1153.360818]  [&lt;c10a9c10&gt;] ? handle_edge_irq+0x110/0x110
[ 1153.360822]  [&lt;c1011b61&gt;] handle_irq+0x71/0x90
[ 1153.360823]  &lt;IRQ&gt;  [&lt;c168152c&gt;] do_IRQ+0x3c/0xd0
[ 1153.360829]  [&lt;c1680b6c&gt;] common_interrupt+0x2c/0x34
[ 1153.360834]  [&lt;c107d277&gt;] ? finish_task_switch+0x47/0xf0
[ 1153.360836]  [&lt;c167c27b&gt;] __schedule+0x35b/0x7e0
[ 1153.360839]  [&lt;c10a5334&gt;] ? console_unlock+0x2c4/0x4d0
[ 1153.360842]  [&lt;c13df500&gt;] ? n_tty_receive_buf_common+0x890/0x890
[ 1153.360845]  [&lt;c10707b6&gt;] ? process_one_work+0x196/0x370
[ 1153.360847]  [&lt;c167c723&gt;] schedule+0x23/0x60
[ 1153.360849]  [&lt;c1070de1&gt;] worker_thread+0x161/0x460
[ 1153.360852]  [&lt;c1090fcf&gt;] ? __wake_up_locked+0x1f/0x30
[ 1153.360854]  [&lt;c1070c80&gt;] ? rescuer_thread+0x2f0/0x2f0
[ 1153.360856]  [&lt;c1074f01&gt;] kthread+0xa1/0xc0
[ 1153.360859]  [&lt;c1680401&gt;] ret_from_kernel_thread+0x21/0x30
[ 1153.360861]  [&lt;c1074e60&gt;] ? kthread_create_on_node+0x110/0x110
[ 1153.360863] ---[ end trace 5ff83639cbb74b35 ]---

This patch replaces the kfree_skb() by dev_kfree_skb_any().

Signed-off-by: Thomas Körper &lt;thomas.koerper@esd.eu&gt;
Signed-off-by: Marc Kleine-Budde &lt;mkl@pengutronix.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5247a589c24022ab34e780039cc8000c48f2035e upstream.

ikfree_skb() is Called in can_free_echo_skb(), which might be called from (TX
Error) interrupt, which triggers the folloing warning:

[ 1153.360705] ------------[ cut here ]------------
[ 1153.360715] WARNING: CPU: 0 PID: 31 at net/core/skbuff.c:563 skb_release_head_state+0xb9/0xd0()
[ 1153.360772] Call Trace:
[ 1153.360778]  [&lt;c167906f&gt;] dump_stack+0x41/0x52
[ 1153.360782]  [&lt;c105bb7e&gt;] warn_slowpath_common+0x7e/0xa0
[ 1153.360784]  [&lt;c158b909&gt;] ? skb_release_head_state+0xb9/0xd0
[ 1153.360786]  [&lt;c158b909&gt;] ? skb_release_head_state+0xb9/0xd0
[ 1153.360788]  [&lt;c105bc42&gt;] warn_slowpath_null+0x22/0x30
[ 1153.360791]  [&lt;c158b909&gt;] skb_release_head_state+0xb9/0xd0
[ 1153.360793]  [&lt;c158be90&gt;] skb_release_all+0x10/0x30
[ 1153.360795]  [&lt;c158bf06&gt;] kfree_skb+0x36/0x80
[ 1153.360799]  [&lt;f8486938&gt;] ? can_free_echo_skb+0x28/0x40 [can_dev]
[ 1153.360802]  [&lt;f8486938&gt;] can_free_echo_skb+0x28/0x40 [can_dev]
[ 1153.360805]  [&lt;f849a12c&gt;] esd_pci402_interrupt+0x34c/0x57a [esd402]
[ 1153.360809]  [&lt;c10a75b5&gt;] handle_irq_event_percpu+0x35/0x180
[ 1153.360811]  [&lt;c10a7623&gt;] ? handle_irq_event_percpu+0xa3/0x180
[ 1153.360813]  [&lt;c10a7731&gt;] handle_irq_event+0x31/0x50
[ 1153.360816]  [&lt;c10a9c7f&gt;] handle_fasteoi_irq+0x6f/0x120
[ 1153.360818]  [&lt;c10a9c10&gt;] ? handle_edge_irq+0x110/0x110
[ 1153.360822]  [&lt;c1011b61&gt;] handle_irq+0x71/0x90
[ 1153.360823]  &lt;IRQ&gt;  [&lt;c168152c&gt;] do_IRQ+0x3c/0xd0
[ 1153.360829]  [&lt;c1680b6c&gt;] common_interrupt+0x2c/0x34
[ 1153.360834]  [&lt;c107d277&gt;] ? finish_task_switch+0x47/0xf0
[ 1153.360836]  [&lt;c167c27b&gt;] __schedule+0x35b/0x7e0
[ 1153.360839]  [&lt;c10a5334&gt;] ? console_unlock+0x2c4/0x4d0
[ 1153.360842]  [&lt;c13df500&gt;] ? n_tty_receive_buf_common+0x890/0x890
[ 1153.360845]  [&lt;c10707b6&gt;] ? process_one_work+0x196/0x370
[ 1153.360847]  [&lt;c167c723&gt;] schedule+0x23/0x60
[ 1153.360849]  [&lt;c1070de1&gt;] worker_thread+0x161/0x460
[ 1153.360852]  [&lt;c1090fcf&gt;] ? __wake_up_locked+0x1f/0x30
[ 1153.360854]  [&lt;c1070c80&gt;] ? rescuer_thread+0x2f0/0x2f0
[ 1153.360856]  [&lt;c1074f01&gt;] kthread+0xa1/0xc0
[ 1153.360859]  [&lt;c1680401&gt;] ret_from_kernel_thread+0x21/0x30
[ 1153.360861]  [&lt;c1074e60&gt;] ? kthread_create_on_node+0x110/0x110
[ 1153.360863] ---[ end trace 5ff83639cbb74b35 ]---

This patch replaces the kfree_skb() by dev_kfree_skb_any().

Signed-off-by: Thomas Körper &lt;thomas.koerper@esd.eu&gt;
Signed-off-by: Marc Kleine-Budde &lt;mkl@pengutronix.de&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>rt2x00: do not align payload on modern H/W</title>
<updated>2015-02-02T09:05:21+00:00</updated>
<author>
<name>Stanislaw Gruszka</name>
<email>sgruszka@redhat.com</email>
</author>
<published>2014-11-11T13:28:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4c753f06b4e4b09f85fc2bb631bc5e3787bd16d0'/>
<id>4c753f06b4e4b09f85fc2bb631bc5e3787bd16d0</id>
<content type='text'>
commit cfd9167af14eb4ec21517a32911d460083ee3d59 upstream.

RT2800 and newer hardware require padding between header and payload if
header length is not multiple of 4.

For historical reasons we also align payload to to 4 bytes boundary, but
such alignment is not needed on modern H/W.

Patch fixes skb_under_panic problems reported from time to time:

https://bugzilla.kernel.org/show_bug.cgi?id=84911
https://bugzilla.kernel.org/show_bug.cgi?id=72471
http://marc.info/?l=linux-wireless&amp;m=139108549530402&amp;w=2
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1087591

Panic happened because we eat 4 bytes of skb headroom on each
(re)transmission when sending frame without the payload and the header
length not being multiple of 4 (i.e. QoS header has 26 bytes). On such
case because paylad_aling=2 is bigger than header_align=0 we increase
header_align by 4 bytes. To prevent that we could change the check to:

	if (payload_length &amp;&amp; payload_align &gt; header_align)
		header_align += 4;

but not aligning payload at all is more effective and alignment is not
really needed by H/W (that has been tested on OpenWrt project for few
years now).

Reported-and-tested-by: Antti S. Lankila &lt;alankila@bel.fi&gt;
Debugged-by: Antti S. Lankila &lt;alankila@bel.fi&gt;
Reported-by: Henrik Asp &lt;solenskiner@gmail.com&gt;
Originally-From: Helmut Schaa &lt;helmut.schaa@googlemail.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;sgruszka@redhat.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit cfd9167af14eb4ec21517a32911d460083ee3d59 upstream.

RT2800 and newer hardware require padding between header and payload if
header length is not multiple of 4.

For historical reasons we also align payload to to 4 bytes boundary, but
such alignment is not needed on modern H/W.

Patch fixes skb_under_panic problems reported from time to time:

https://bugzilla.kernel.org/show_bug.cgi?id=84911
https://bugzilla.kernel.org/show_bug.cgi?id=72471
http://marc.info/?l=linux-wireless&amp;m=139108549530402&amp;w=2
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1087591

Panic happened because we eat 4 bytes of skb headroom on each
(re)transmission when sending frame without the payload and the header
length not being multiple of 4 (i.e. QoS header has 26 bytes). On such
case because paylad_aling=2 is bigger than header_align=0 we increase
header_align by 4 bytes. To prevent that we could change the check to:

	if (payload_length &amp;&amp; payload_align &gt; header_align)
		header_align += 4;

but not aligning payload at all is more effective and alignment is not
really needed by H/W (that has been tested on OpenWrt project for few
years now).

Reported-and-tested-by: Antti S. Lankila &lt;alankila@bel.fi&gt;
Debugged-by: Antti S. Lankila &lt;alankila@bel.fi&gt;
Reported-by: Henrik Asp &lt;solenskiner@gmail.com&gt;
Originally-From: Helmut Schaa &lt;helmut.schaa@googlemail.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;sgruszka@redhat.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>srp-target: Retry when QP creation fails with ENOMEM</title>
<updated>2015-02-02T09:05:20+00:00</updated>
<author>
<name>Bart Van Assche</name>
<email>bvanassche@acm.org</email>
</author>
<published>2014-10-19T15:05:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9aa66231c8d8efb13ced247c8e8096bcb52a7e86'/>
<id>9aa66231c8d8efb13ced247c8e8096bcb52a7e86</id>
<content type='text'>
commit ab477c1ff5e0a744c072404bf7db51bfe1f05b6e upstream.

It is not guaranteed to that srp_sq_size is supported
by the HCA. So if we failed to create the QP with ENOMEM,
try with a smaller srp_sq_size. Keep it up until we hit
MIN_SRPT_SQ_SIZE, then fail the connection.

Reported-by: Mark Lehrer &lt;lehrer@gmail.com&gt;
Signed-off-by: Bart Van Assche &lt;bvanassche@acm.org&gt;
Signed-off-by: Sagi Grimberg &lt;sagig@mellanox.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ab477c1ff5e0a744c072404bf7db51bfe1f05b6e upstream.

It is not guaranteed to that srp_sq_size is supported
by the HCA. So if we failed to create the QP with ENOMEM,
try with a smaller srp_sq_size. Keep it up until we hit
MIN_SRPT_SQ_SIZE, then fail the connection.

Reported-by: Mark Lehrer &lt;lehrer@gmail.com&gt;
Signed-off-by: Bart Van Assche &lt;bvanassche@acm.org&gt;
Signed-off-by: Sagi Grimberg &lt;sagig@mellanox.com&gt;
Signed-off-by: Nicholas Bellinger &lt;nab@linux-iscsi.org&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>scsi: only re-lock door after EH on devices that were reset</title>
<updated>2015-02-02T09:05:19+00:00</updated>
<author>
<name>Christoph Hellwig</name>
<email>hch@lst.de</email>
</author>
<published>2014-11-03T18:36:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3b5d98d44729594d72d3c36881234b7caa040d87'/>
<id>3b5d98d44729594d72d3c36881234b7caa040d87</id>
<content type='text'>
commit 48379270fe6808cf4612ee094adc8da2b7a83baa upstream.

Setups that use the blk-mq I/O path can lock up if a host with a single
device that has its door locked enters EH.  Make sure to only send the
command to re-lock the door to devices that actually were reset and thus
might have lost their state.  Otherwise the EH code might be get blocked
on blk_get_request as all requests for non-reset devices might be in use.

Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Reported-by: Meelis Roos &lt;meelis.roos@ut.ee&gt;
Tested-by: Meelis Roos &lt;meelis.roos@ut.ee&gt;
Reviewed-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 48379270fe6808cf4612ee094adc8da2b7a83baa upstream.

Setups that use the blk-mq I/O path can lock up if a host with a single
device that has its door locked enters EH.  Make sure to only send the
command to re-lock the door to devices that actually were reset and thus
might have lost their state.  Otherwise the EH code might be get blocked
on blk_get_request as all requests for non-reset devices might be in use.

Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Reported-by: Meelis Roos &lt;meelis.roos@ut.ee&gt;
Tested-by: Meelis Roos &lt;meelis.roos@ut.ee&gt;
Reviewed-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Input: alps - allow up to 2 invalid packets without resetting device</title>
<updated>2015-02-02T09:05:19+00:00</updated>
<author>
<name>Pali Rohár</name>
<email>pali.rohar@gmail.com</email>
</author>
<published>2014-11-08T20:58:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e3412bce0c655b3896c0142b58ccddb6ae91bc01'/>
<id>e3412bce0c655b3896c0142b58ccddb6ae91bc01</id>
<content type='text'>
commit 9d720b34c0a432639252f63012e18b0507f5b432 upstream.

On some Dell Latitude laptops ALPS device or Dell EC send one invalid byte
in 6 bytes ALPS packet. In this case psmouse driver enter out of sync
state. It looks like that all other bytes in packets are valid and also
device working properly. So there is no need to do full device reset, just
need to wait for byte which match condition for first byte (start of
packet). Because ALPS packets are bigger (6 or 8 bytes) default limit is
small.

This patch increase number of invalid bytes to size of 2 ALPS packets which
psmouse driver can drop before do full reset.

Resetting ALPS devices take some time and when doing reset on some Dell
laptops touchpad, trackstick and also keyboard do not respond. So it is
better to do it only if really necessary.

Signed-off-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Tested-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9d720b34c0a432639252f63012e18b0507f5b432 upstream.

On some Dell Latitude laptops ALPS device or Dell EC send one invalid byte
in 6 bytes ALPS packet. In this case psmouse driver enter out of sync
state. It looks like that all other bytes in packets are valid and also
device working properly. So there is no need to do full device reset, just
need to wait for byte which match condition for first byte (start of
packet). Because ALPS packets are bigger (6 or 8 bytes) default limit is
small.

This patch increase number of invalid bytes to size of 2 ALPS packets which
psmouse driver can drop before do full reset.

Resetting ALPS devices take some time and when doing reset on some Dell
laptops touchpad, trackstick and also keyboard do not respond. So it is
better to do it only if really necessary.

Signed-off-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Tested-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Input: alps - ignore potential bare packets when device is out of sync</title>
<updated>2015-02-02T09:05:18+00:00</updated>
<author>
<name>Pali Rohár</name>
<email>pali.rohar@gmail.com</email>
</author>
<published>2014-11-08T20:45:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=11246b668d42617a626de9b4ffdd611c5e7d79dd'/>
<id>11246b668d42617a626de9b4ffdd611c5e7d79dd</id>
<content type='text'>
commit 4ab8f7f320f91f279c3f06a9795cfea5c972888a upstream.

5th and 6th byte of ALPS trackstick V3 protocol match condition for first
byte of PS/2 3 bytes packet. When driver enters out of sync state and ALPS
trackstick is sending data then driver match 5th, 6th and next 1st bytes as
PS/2.

It basically means if user is using trackstick when driver is in out of
sync state driver will never resync. Processing these bytes as 3 bytes PS/2
data cause total mess (random cursor movements, random clicks) and make
trackstick unusable until psmouse driver decide to do full device reset.

Lot of users reported problems with ALPS devices on Dell Latitude E6440,
E6540 and E7440 laptops. ALPS device or Dell EC for unknown reason send
some invalid ALPS PS/2 bytes which cause driver out of sync. It looks like
that i8042 and psmouse/alps driver always receive group of 6 bytes packets
so there are no missing bytes and no bytes were inserted between valid
ones.

This patch does not fix root of problem with ALPS devices found in Dell
Latitude laptops but it does not allow to process some (invalid)
subsequence of 6 bytes ALPS packets as 3 bytes PS/2 when driver is out of
sync.

So with this patch trackstick input device does not report bogus data when
also driver is out of sync, so trackstick should be usable on those
machines.

Signed-off-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Tested-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4ab8f7f320f91f279c3f06a9795cfea5c972888a upstream.

5th and 6th byte of ALPS trackstick V3 protocol match condition for first
byte of PS/2 3 bytes packet. When driver enters out of sync state and ALPS
trackstick is sending data then driver match 5th, 6th and next 1st bytes as
PS/2.

It basically means if user is using trackstick when driver is in out of
sync state driver will never resync. Processing these bytes as 3 bytes PS/2
data cause total mess (random cursor movements, random clicks) and make
trackstick unusable until psmouse driver decide to do full device reset.

Lot of users reported problems with ALPS devices on Dell Latitude E6440,
E6540 and E7440 laptops. ALPS device or Dell EC for unknown reason send
some invalid ALPS PS/2 bytes which cause driver out of sync. It looks like
that i8042 and psmouse/alps driver always receive group of 6 bytes packets
so there are no missing bytes and no bytes were inserted between valid
ones.

This patch does not fix root of problem with ALPS devices found in Dell
Latitude laptops but it does not allow to process some (invalid)
subsequence of 6 bytes ALPS packets as 3 bytes PS/2 when driver is out of
sync.

So with this patch trackstick input device does not report bogus data when
also driver is out of sync, so trackstick should be usable on those
machines.

Signed-off-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Tested-by: Pali Rohár &lt;pali.rohar@gmail.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
