--- /dev/null
+From 7106e02baed4a72fb23de56b02ad4d31daa74d95 Mon Sep 17 00:00:00 2001
+From: Prarit Bhargava <prarit@redhat.com>
+Date: Wed, 10 Sep 2014 10:12:08 -0400
+Subject: cpufreq: release policy->rwsem on error
+
+From: Prarit Bhargava <prarit@redhat.com>
+
+commit 7106e02baed4a72fb23de56b02ad4d31daa74d95 upstream.
+
+While debugging a cpufreq-related hardware failure on a system I saw the
+following lockdep warning:
+
+ =========================
+ [ BUG: held lock freed! ] 3.17.0-rc4+ #1 Tainted: G E
+ -------------------------
+ insmod/2247 is freeing memory ffff88006e1b1400-ffff88006e1b17ff, with a lock still held there!
+ (&policy->rwsem){+.+...}, at: [<ffffffff8156d37d>] __cpufreq_add_dev.isra.21+0x47d/0xb80
+ 3 locks held by insmod/2247:
+ #0: (subsys mutex#5){+.+.+.}, at: [<ffffffff81485579>] subsys_interface_register+0x69/0x120
+ #1: (cpufreq_rwsem){.+.+.+}, at: [<ffffffff8156cf73>] __cpufreq_add_dev.isra.21+0x73/0xb80
+ #2: (&policy->rwsem){+.+...}, at: [<ffffffff8156d37d>] __cpufreq_add_dev.isra.21+0x47d/0xb80
+
+ stack backtrace:
+ CPU: 0 PID: 2247 Comm: insmod Tainted: G E 3.17.0-rc4+ #1
+ Hardware name: HP ProLiant MicroServer Gen8, BIOS J06 08/24/2013
+ 0000000000000000 000000008f3063c4 ffff88006f87bb30 ffffffff8171b358
+ ffff88006bcf3750 ffff88006f87bb68 ffffffff810e09e1 ffff88006e1b1400
+ ffffea0001b86c00 ffffffff8156d327 ffff880073003500 0000000000000246
+ Call Trace:
+ [<ffffffff8171b358>] dump_stack+0x4d/0x66
+ [<ffffffff810e09e1>] debug_check_no_locks_freed+0x171/0x180
+ [<ffffffff8156d327>] ? __cpufreq_add_dev.isra.21+0x427/0xb80
+ [<ffffffff8121412b>] kfree+0xab/0x2b0
+ [<ffffffff8156d327>] __cpufreq_add_dev.isra.21+0x427/0xb80
+ [<ffffffff81724cf7>] ? _raw_spin_unlock+0x27/0x40
+ [<ffffffffa003517f>] ? pcc_cpufreq_do_osc+0x17f/0x17f [pcc_cpufreq]
+ [<ffffffff8156da8e>] cpufreq_add_dev+0xe/0x10
+ [<ffffffff814855d1>] subsys_interface_register+0xc1/0x120
+ [<ffffffff8156bcf2>] cpufreq_register_driver+0x112/0x340
+ [<ffffffff8121415a>] ? kfree+0xda/0x2b0
+ [<ffffffffa003517f>] ? pcc_cpufreq_do_osc+0x17f/0x17f [pcc_cpufreq]
+ [<ffffffffa003562e>] pcc_cpufreq_init+0x4af/0xe81 [pcc_cpufreq]
+ [<ffffffffa003517f>] ? pcc_cpufreq_do_osc+0x17f/0x17f [pcc_cpufreq]
+ [<ffffffff81002144>] do_one_initcall+0xd4/0x210
+ [<ffffffff811f7472>] ? __vunmap+0xd2/0x120
+ [<ffffffff81127155>] load_module+0x1315/0x1b70
+ [<ffffffff811222a0>] ? store_uevent+0x70/0x70
+ [<ffffffff811229d9>] ? copy_module_from_fd.isra.44+0x129/0x180
+ [<ffffffff81127b86>] SyS_finit_module+0xa6/0xd0
+ [<ffffffff81725b69>] system_call_fastpath+0x16/0x1b
+ cpufreq: __cpufreq_add_dev: ->get() failed
+insmod: ERROR: could not insert module pcc-cpufreq.ko: No such device
+
+The warning occurs in the __cpufreq_add_dev() code which does
+
+ down_write(&policy->rwsem);
+ ...
+ if (cpufreq_driver->get && !cpufreq_driver->setpolicy) {
+ policy->cur = cpufreq_driver->get(policy->cpu);
+ if (!policy->cur) {
+ pr_err("%s: ->get() failed\n", __func__);
+ goto err_get_freq;
+ }
+
+If cpufreq_driver->get(policy->cpu) returns an error we execute the
+code at err_get_freq, which does not up the policy->rwsem. This causes
+the lockdep warning.
+
+Trivial patch to up the policy->rwsem in the error path.
+
+After the patch has been applied, and an error occurs in the
+cpufreq_driver->get(policy->cpu) call we will now see
+
+cpufreq: __cpufreq_add_dev: ->get() failed
+cpufreq: __cpufreq_add_dev: ->get() failed
+modprobe: ERROR: could not insert 'pcc_cpufreq': No such device
+
+Fixes: 4e97b631f24c (cpufreq: Initialize governor for a new policy under policy->rwsem)
+Signed-off-by: Prarit Bhargava <prarit@redhat.com>
+Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/cpufreq/cpufreq.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/cpufreq/cpufreq.c
++++ b/drivers/cpufreq/cpufreq.c
+@@ -1225,6 +1225,8 @@ err_get_freq:
+ per_cpu(cpufreq_cpu_data, j) = NULL;
+ write_unlock_irqrestore(&cpufreq_driver_lock, flags);
+
++ up_write(&policy->rwsem);
++
+ if (cpufreq_driver->exit)
+ cpufreq_driver->exit(policy);
+ err_set_policy_cpu:
--- /dev/null
+From f2d5a94436cc7cc0221b9a81bba2276a25187dd3 Mon Sep 17 00:00:00 2001
+From: Anton Altaparmakov <aia21@cam.ac.uk>
+Date: Mon, 22 Sep 2014 01:53:03 +0100
+Subject: Fix nasty 32-bit overflow bug in buffer i/o code.
+
+From: Anton Altaparmakov <aia21@cam.ac.uk>
+
+commit f2d5a94436cc7cc0221b9a81bba2276a25187dd3 upstream.
+
+On 32-bit architectures, the legacy buffer_head functions are not always
+handling the sector number with the proper 64-bit types, and will thus
+fail on 4TB+ disks.
+
+Any code that uses __getblk() (and thus bread(), breadahead(),
+sb_bread(), sb_breadahead(), sb_getblk()), and calls it using a 64-bit
+block on a 32-bit arch (where "long" is 32-bit) causes an inifinite loop
+in __getblk_slow() with an infinite stream of errors logged to dmesg
+like this:
+
+ __find_get_block_slow() failed. block=6740375944, b_blocknr=2445408648
+ b_state=0x00000020, b_size=512
+ device sda1 blocksize: 512
+
+Note how in hex block is 0x191C1F988 and b_blocknr is 0x91C1F988 i.e. the
+top 32-bits are missing (in this case the 0x1 at the top).
+
+This is because grow_dev_page() is broken and has a 32-bit overflow due
+to shifting the page index value (a pgoff_t - which is just 32 bits on
+32-bit architectures) left-shifted as the block number. But the top
+bits to get lost as the pgoff_t is not type cast to sector_t / 64-bit
+before the shift.
+
+This patch fixes this issue by type casting "index" to sector_t before
+doing the left shift.
+
+Note this is not a theoretical bug but has been seen in the field on a
+4TiB hard drive with logical sector size 512 bytes.
+
+This patch has been verified to fix the infinite loop problem on 3.17-rc5
+kernel using a 4TB disk image mounted using "-o loop". Without this patch
+doing a "find /nt" where /nt is an NTFS volume causes the inifinite loop
+100% reproducibly whilst with the patch it works fine as expected.
+
+Signed-off-by: Anton Altaparmakov <aia21@cantab.net>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/buffer.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/fs/buffer.c
++++ b/fs/buffer.c
+@@ -1029,7 +1029,8 @@ grow_dev_page(struct block_device *bdev,
+ bh = page_buffers(page);
+ if (bh->b_size == size) {
+ end_block = init_page_buffers(page, bdev,
+- index << sizebits, size);
++ (sector_t)index << sizebits,
++ size);
+ goto done;
+ }
+ if (!try_to_free_buffers(page))
+@@ -1050,7 +1051,8 @@ grow_dev_page(struct block_device *bdev,
+ */
+ spin_lock(&inode->i_mapping->private_lock);
+ link_dev_buffers(page, bh);
+- end_block = init_page_buffers(page, bdev, index << sizebits, size);
++ end_block = init_page_buffers(page, bdev, (sector_t)index << sizebits,
++ size);
+ spin_unlock(&inode->i_mapping->private_lock);
+ done:
+ ret = (block < end_block) ? 1 : -ENXIO;
--- /dev/null
+From 77639ff2b3404a913b8037d230a384798b854bae Mon Sep 17 00:00:00 2001
+From: Hans Verkuil <hverkuil@xs4all.nl>
+Date: Fri, 12 Sep 2014 06:02:02 -0300
+Subject: media: adv7604: fix inverted condition
+
+From: Hans Verkuil <hverkuil@xs4all.nl>
+
+commit 77639ff2b3404a913b8037d230a384798b854bae upstream.
+
+The log_status function should show HDMI information, but the test checking for
+an HDMI input was inverted. Fix this.
+
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/i2c/adv7604.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/i2c/adv7604.c
++++ b/drivers/media/i2c/adv7604.c
+@@ -1984,7 +1984,7 @@ static int adv7604_log_status(struct v4l
+ v4l2_info(sd, "HDCP keys read: %s%s\n",
+ (hdmi_read(sd, 0x04) & 0x20) ? "yes" : "no",
+ (hdmi_read(sd, 0x04) & 0x10) ? "ERROR" : "");
+- if (!is_hdmi(sd)) {
++ if (is_hdmi(sd)) {
+ bool audio_pll_locked = hdmi_read(sd, 0x04) & 0x01;
+ bool audio_sample_packet_detect = hdmi_read(sd, 0x18) & 0x01;
+ bool audio_mute = io_read(sd, 0x65) & 0x40;
--- /dev/null
+From a04646c045cab08a9e62b9be8f01ecbb0632d24e Mon Sep 17 00:00:00 2001
+From: Malcolm Priestley <tvboxspy@gmail.com>
+Date: Tue, 5 Aug 2014 06:19:16 -0300
+Subject: media: af9035: new IDs: add support for PCTV 78e and PCTV 79e
+
+From: Malcolm Priestley <tvboxspy@gmail.com>
+
+commit a04646c045cab08a9e62b9be8f01ecbb0632d24e upstream.
+
+add the following IDs
+USB_PID_PCTV_78E (0x025a) for PCTV 78e
+USB_PID_PCTV_79E (0x0262) for PCTV 79e
+
+For these it9135 devices.
+
+Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
+Cc: Antti Palosaari <crope@iki.fi>
+Signed-off-by: Antti Palosaari <crope@iki.fi>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/dvb-core/dvb-usb-ids.h | 2 ++
+ drivers/media/usb/dvb-usb-v2/af9035.c | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+--- a/drivers/media/dvb-core/dvb-usb-ids.h
++++ b/drivers/media/dvb-core/dvb-usb-ids.h
+@@ -279,6 +279,8 @@
+ #define USB_PID_PCTV_400E 0x020f
+ #define USB_PID_PCTV_450E 0x0222
+ #define USB_PID_PCTV_452E 0x021f
++#define USB_PID_PCTV_78E 0x025a
++#define USB_PID_PCTV_79E 0x0262
+ #define USB_PID_REALTEK_RTL2831U 0x2831
+ #define USB_PID_REALTEK_RTL2832U 0x2832
+ #define USB_PID_TECHNOTREND_CONNECT_S2_3600 0x3007
+--- a/drivers/media/usb/dvb-usb-v2/af9035.c
++++ b/drivers/media/usb/dvb-usb-v2/af9035.c
+@@ -1541,6 +1541,10 @@ static const struct usb_device_id af9035
+ &af9035_props, "Leadtek WinFast DTV Dongle Dual", NULL) },
+ { DVB_USB_DEVICE(USB_VID_HAUPPAUGE, 0xf900,
+ &af9035_props, "Hauppauge WinTV-MiniStick 2", NULL) },
++ { DVB_USB_DEVICE(USB_VID_PCTV, USB_PID_PCTV_78E,
++ &af9035_props, "PCTV 78e", RC_MAP_IT913X_V1) },
++ { DVB_USB_DEVICE(USB_VID_PCTV, USB_PID_PCTV_79E,
++ &af9035_props, "PCTV 79e", RC_MAP_IT913X_V2) },
+ { }
+ };
+ MODULE_DEVICE_TABLE(usb, af9035_id_table);
--- /dev/null
+From 6a03dc92cc2edfa2257502557b9f714893987383 Mon Sep 17 00:00:00 2001
+From: Hans Verkuil <hans.verkuil@cisco.com>
+Date: Tue, 26 Aug 2014 02:59:53 -0300
+Subject: media: cx18: fix kernel oops with tda8290 tuner
+
+From: Hans Verkuil <hans.verkuil@cisco.com>
+
+commit 6a03dc92cc2edfa2257502557b9f714893987383 upstream.
+
+This was caused by an uninitialized setup.config field.
+
+Based on a suggestion from Devin Heitmueller.
+
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Thanks-to: Devin Heitmueller <dheitmueller@kernellabs.com>
+Reported-by: Scott Robinson <scott.robinson55@gmail.com>
+Tested-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/cx18/cx18-driver.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/media/pci/cx18/cx18-driver.c
++++ b/drivers/media/pci/cx18/cx18-driver.c
+@@ -1091,6 +1091,7 @@ static int cx18_probe(struct pci_dev *pc
+ setup.addr = ADDR_UNSET;
+ setup.type = cx->options.tuner;
+ setup.mode_mask = T_ANALOG_TV; /* matches TV tuners */
++ setup.config = NULL;
+ if (cx->options.radio > 0)
+ setup.mode_mask |= T_RADIO;
+ setup.tuner_callback = (setup.type == TUNER_XC2028) ?
--- /dev/null
+From bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 30 Jul 2014 14:55:26 +0200
+Subject: nl80211: clear skb cb before passing to netlink
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 upstream.
+
+In testmode and vendor command reply/event SKBs we use the
+skb cb data to store nl80211 parameters between allocation
+and sending. This causes the code for CONFIG_NETLINK_MMAP
+to get confused, because it takes ownership of the skb cb
+data when the SKB is handed off to netlink, and it doesn't
+explicitly clear it.
+
+Clear the skb cb explicitly when we're done and before it
+gets passed to netlink to avoid this issue.
+
+Reported-by: Assaf Azulay <assaf.azulay@intel.com>
+Reported-by: David Spinadel <david.spinadel@intel.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -6796,6 +6796,9 @@ void __cfg80211_send_event_skb(struct sk
+ struct nlattr *data = ((void **)skb->cb)[2];
+ enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
+
++ /* clear CB data for netlink core to own from now on */
++ memset(skb->cb, 0, sizeof(skb->cb));
++
+ nla_nest_end(skb, data);
+ genlmsg_end(skb, hdr);
+
+@@ -9075,6 +9078,9 @@ int cfg80211_vendor_cmd_reply(struct sk_
+ void *hdr = ((void **)skb->cb)[1];
+ struct nlattr *data = ((void **)skb->cb)[2];
+
++ /* clear CB data for netlink core to own from now on */
++ memset(skb->cb, 0, sizeof(skb->cb));
++
+ if (WARN_ON(!rdev->cur_cmd_info)) {
+ kfree_skb(skb);
+ return -EINVAL;
vgaswitcheroo-add-vga_switcheroo_fini_domain_pm_ops.patch
drm-nouveau-runpm-fix-module-unload.patch
drm-radeon-px-fix-module-unload.patch
+fix-nasty-32-bit-overflow-bug-in-buffer-i-o-code.patch
+nl80211-clear-skb-cb-before-passing-to-netlink.patch
+cpufreq-release-policy-rwsem-on-error.patch
+media-af9035-new-ids-add-support-for-pctv-78e-and-pctv-79e.patch
+media-cx18-fix-kernel-oops-with-tda8290-tuner.patch
+media-adv7604-fix-inverted-condition.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
