kernel/linux.git/drivers, branch v3.4.70 Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v3.4.70 2013-11-20T18:43:19+00:00 usb: fix cleanup after failure in hub_configure() 2013-11-20T18:43:19+00:00 Krzysztof Mazur krzysiek@podlesie.net 2013-08-22T12:49:38+00:00 urn:sha1:a73ff6145f62f0e744aeb095bf7119edfcb8a2e7 commit d0308d4b6b02597f39fc31a9bddf7bb3faad5622 upstream. If the hub_configure() fails after setting the hdev->maxchild the hub->ports might be NULL or point to uninitialized kzallocated memory causing NULL pointer dereference in hub_quiesce() during cleanup. Now after such error the hdev->maxchild is set to 0 to avoid cleanup of uninitialized ports. Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net> Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> PCI/PM: Clear state_saved during suspend 2013-11-20T18:43:19+00:00 Rafael J. Wysocki rafael.j.wysocki@intel.com 2013-02-04T11:56:05+00:00 urn:sha1:17447567e81dd2e9614ec4837128daebc0c4abb1 commit 82fee4d67ab86d6fe5eb0f9a9e988ca9d654d765 upstream. This patch clears pci_dev->state_saved at the beginning of suspending. PCI config state may be saved long before that. Some drivers call pci_save_state() from the ->probe() callback to get snapshot of sane configuration space to use in the ->slot_reset() callback. [wangyj: adjust context] Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org> # add comment Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Yijing Wang <wangyijing@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> USB: add new zte 3g-dongle's pid to option.c 2013-11-20T18:43:18+00:00 Rui li li.rui27@zte.com.cn 2013-10-25T02:57:21+00:00 urn:sha1:a275776838715e6d7400b03414a23e99d6d85b8a commit 0636fc507a976cdc40f21bdbcce6f0b98ff1dfe9 upstream. Signed-off-by: Rui li <li.rui27@zte.com.cn> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> PCI: fix truncation of resource size to 32 bits 2013-11-20T18:43:18+00:00 Nikhil P Rao nikhil.rao@intel.com 2012-06-20T19:56:00+00:00 urn:sha1:c10141099c1ea42afa3ded64530cf285d8ffc96a commit d6776e6d5c2f8db0252f447b09736075e1bbe387 upstream. _pci_assign_resource() took an int "size" argument, which meant that sizes larger than 4GB were truncated. Change type to resource_size_t. [bhelgaas: changelog] Signed-off-by: Nikhil P Rao <nikhil.rao@intel.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> xen-netback: use jiffies_64 value to calculate credit timeout 2013-11-20T18:43:18+00:00 Wei Liu wei.liu2@citrix.com 2013-10-28T12:07:57+00:00 urn:sha1:2b58df72acb8525ea75947e75d2e79f76b240cca [ Upstream commit 059dfa6a93b779516321e5112db9d7621b1367ba ] time_after_eq() only works if the delta is < MAX_ULONG/2. For a 32bit Dom0, if netfront sends packets at a very low rate, the time between subsequent calls to tx_credit_exceeded() may exceed MAX_ULONG/2 and the test for timer_after_eq() will be incorrect. Credit will not be replenished and the guest may become unable to send packets (e.g., if prior to the long gap, all credit was exhausted). Use jiffies_64 variant to mitigate this problem for 32bit Dom0. Suggested-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Jason Luan <jianhai.luan@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> drm/radeon/atom: workaround vbios bug in transmitter table on rs780 2013-11-13T03:01:49+00:00 Alex Deucher alexander.deucher@amd.com 2013-10-10T20:45:27+00:00 urn:sha1:69ef8f446862dd467bd9da111c3a8c17446d74b6 commit c23632d4e57c0dd20bf50eca08fa0eb8ad3ff680 upstream. Some rs780 asics seem to be affected as well. See: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=91f3a6aaf280294b07c05dfe606e6c27b7ba3c72 Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=60791 Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> drm: Prevent overwriting from userspace underallocating core ioctl structs 2013-11-13T03:01:49+00:00 Chris Wilson chris@chris-wilson.co.uk 2013-10-16T10:22:44+00:00 urn:sha1:b6a155c67112746f43d8f9c86dfc426dd455060f commit b062672e305ce071f21eb9e18b102c2a430e0999 upstream. Apply the protections from commit 1b2f1489633888d4a06028315dc19d65768a1c05 Author: Dave Airlie <airlied@redhat.com> Date: Sat Aug 14 20:20:34 2010 +1000 drm: block userspace under allocating buffer and having drivers overwrite it (v2) to the core ioctl structs as well, for we found one instance where there is a 32-/64-bit size mismatch and were guilty of writing beyond the end of the user's buffer. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: Dave Airlie <airlied@redhat.com> Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Cc: dri-devel@lists.freedesktop.org Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> aacraid: missing capable() check in compat ioctl 2013-11-13T03:01:49+00:00 Dan Carpenter dan.carpenter@oracle.com 2013-10-29T19:11:06+00:00 urn:sha1:8c16bfc9ef0f2353e55b6d44fe6f2fddc76260d7 commit f856567b930dfcdbc3323261bf77240ccdde01f5 upstream. In commit d496f94d22d1 ('[SCSI] aacraid: fix security weakness') we added a check on CAP_SYS_RAWIO to the ioctl. The compat ioctls need the check as well. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Staging: bcm: info leak in ioctl 2013-11-13T03:01:49+00:00 Dan Carpenter dan.carpenter@oracle.com 2013-10-29T20:01:11+00:00 urn:sha1:8c373c185f096a93a70f7ebba792cb16f2a8530e commit 8d1e72250c847fa96498ec029891de4dc638a5ba upstream. The DevInfo.u32Reserved[] array isn't initialized so it leaks kernel information to user space. Reported-by: Nico Golde <nico@ngolde.de> Reported-by: Fabian Yamaguchi <fabs@goesec.de> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> staging: ozwpan: prevent overflow in oz_cdev_write() 2013-11-13T03:01:49+00:00 Dan Carpenter dan.carpenter@oracle.com 2013-10-29T19:07:47+00:00 urn:sha1:8c4ff75c8345b3463a4a76af942ee2d401ccf2e2 commit c2c65cd2e14ada6de44cb527e7f1990bede24e15 upstream. We need to check "count" so we don't overflow the ei->data buffer. Reported-by: Nico Golde <nico@ngolde.de> Reported-by: Fabian Yamaguchi <fabs@goesec.de> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>