From 6219f392c75e7d18286bab5b3e578dc4ab5a781b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 25 Mar 2014 13:52:02 -0700 Subject: [PATCH] 3.10-stable patches added patches: asoc-max98090-make-revision_id-readable.patch hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch media-dw2102-some-missing-unlocks-on-error.patch tracing-fix-array-size-mismatch-in-format-string.patch --- ...c-max98090-make-revision_id-readable.patch | 34 +++ ...-id-s-for-surface-type-touch-cover-2.patch | 64 ++++++ ...-pause-or-full-osd-map-flags-are-set.patch | 121 +++++++++++ ...after-the-osdmap-loses-the-full-flag.patch | 124 +++++++++++ ...location-failure-in-cx18_read_eeprom.patch | 43 ++++ ...sb-unlock-on-error-in-cxusb_i2c_xfer.patch | 84 +++++++ ...dw2102-some-missing-unlocks-on-error.patch | 205 ++++++++++++++++++ queue-3.10/series | 8 + ...array-size-mismatch-in-format-string.patch | 135 ++++++++++++ 9 files changed, 818 insertions(+) create mode 100644 queue-3.10/asoc-max98090-make-revision_id-readable.patch create mode 100644 queue-3.10/hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch create mode 100644 queue-3.10/libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch create mode 100644 queue-3.10/libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch create mode 100644 queue-3.10/media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch create mode 100644 queue-3.10/media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch create mode 100644 queue-3.10/media-dw2102-some-missing-unlocks-on-error.patch create mode 100644 queue-3.10/tracing-fix-array-size-mismatch-in-format-string.patch diff --git a/queue-3.10/asoc-max98090-make-revision_id-readable.patch b/queue-3.10/asoc-max98090-make-revision_id-readable.patch new file mode 100644 index 00000000000..446d82878df --- /dev/null +++ b/queue-3.10/asoc-max98090-make-revision_id-readable.patch @@ -0,0 +1,34 @@ +From e126a646f77fdd66978785cb0a3a5e46b07aee2e Mon Sep 17 00:00:00 2001 +From: Stephen Warren +Date: Thu, 13 Feb 2014 16:54:24 -0700 +Subject: ASoC: max98090: make REVISION_ID readable + +From: Stephen Warren + +commit e126a646f77fdd66978785cb0a3a5e46b07aee2e upstream. + +The REVISION_ID register is not currently marked readable. snd_soc_read() +refuses to read the register, and hence probe() fails. + +Fixes: d4807ad2c4c0 ("regmap: Check readable regs in _regmap_read") +[exposed the bug, by checking for readability] +Fixes: 685e42154dcf ("ASoC: Replace max98090 Device Driver") +[left out this register from the readable list] +Signed-off-by: Stephen Warren +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/max98090.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/soc/codecs/max98090.c ++++ b/sound/soc/codecs/max98090.c +@@ -336,6 +336,7 @@ static bool max98090_readable_register(s + case M98090_REG_RECORD_TDM_SLOT: + case M98090_REG_SAMPLE_RATE: + case M98090_REG_DMIC34_BIQUAD_BASE ... M98090_REG_DMIC34_BIQUAD_BASE + 0x0E: ++ case M98090_REG_REVISION_ID: + return true; + default: + return false; diff --git a/queue-3.10/hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch b/queue-3.10/hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch new file mode 100644 index 00000000000..1695f1fea17 --- /dev/null +++ b/queue-3.10/hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch @@ -0,0 +1,64 @@ +From 117309c51dca42121f70cacec801511b76acf75c Mon Sep 17 00:00:00 2001 +From: Reyad Attiyat +Date: Tue, 28 Jan 2014 16:17:57 +0100 +Subject: HID: microsoft: Add ID's for Surface Type/Touch Cover 2 + +From: Reyad Attiyat + +commit 117309c51dca42121f70cacec801511b76acf75c upstream. + +The Microsoft Surface Type/Touch cover 2 devices have the flag HID_DG_CONTACTID +in their reports.This causes the device to bind to the hid-multitouch driver, +which doesn't handle generic keyboard/mouse input events. The patch adds +the hardware id's of the device to hid-microsoft and to the HID special +driver array, which makes the device get handled by hid-generic/hid-input +properly. + +Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=64811 + +Singed-off-by: Reyad Attiyat +Reviewed-by: Benjamin Tissoires +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/hid-core.c | 2 ++ + drivers/hid/hid-ids.h | 2 ++ + drivers/hid/hid-microsoft.c | 4 ++++ + 3 files changed, 8 insertions(+) + +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1727,6 +1727,8 @@ static const struct hid_device_id hid_ha + { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_USB) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_WIRELESS_OPTICAL_DESKTOP_3_0) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_2) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TOUCH_COVER_2) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MONTEREY, USB_DEVICE_ID_GENIUS_KB29E) }, + { HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN) }, + { HID_USB_DEVICE(USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_1) }, +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -595,6 +595,8 @@ + #define USB_DEVICE_ID_MS_PRESENTER_8K_USB 0x0713 + #define USB_DEVICE_ID_MS_DIGITAL_MEDIA_3K 0x0730 + #define USB_DEVICE_ID_MS_COMFORT_MOUSE_4500 0x076c ++#define USB_DEVICE_ID_MS_TOUCH_COVER_2 0x07a7 ++#define USB_DEVICE_ID_MS_TYPE_COVER_2 0x07a9 + + #define USB_VENDOR_ID_MOJO 0x8282 + #define USB_DEVICE_ID_RETRO_ADAPTER 0x3201 +--- a/drivers/hid/hid-microsoft.c ++++ b/drivers/hid/hid-microsoft.c +@@ -207,6 +207,10 @@ static const struct hid_device_id ms_dev + .driver_data = MS_NOGET }, + { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_COMFORT_MOUSE_4500), + .driver_data = MS_DUPLICATE_USAGES }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TYPE_COVER_2), ++ .driver_data = 0 }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_TOUCH_COVER_2), ++ .driver_data = 0 }, + + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_MICROSOFT, USB_DEVICE_ID_MS_PRESENTER_8K_BT), + .driver_data = MS_PRESENTER }, diff --git a/queue-3.10/libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch b/queue-3.10/libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch new file mode 100644 index 00000000000..a8a8c4efad1 --- /dev/null +++ b/queue-3.10/libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch @@ -0,0 +1,121 @@ +From d29adb34a94715174c88ca93e8aba955850c9bde Mon Sep 17 00:00:00 2001 +From: Josh Durgin +Date: Mon, 2 Dec 2013 19:11:48 -0800 +Subject: libceph: block I/O when PAUSE or FULL osd map flags are set + +From: Josh Durgin + +commit d29adb34a94715174c88ca93e8aba955850c9bde upstream. + +The PAUSEWR and PAUSERD flags are meant to stop the cluster from +processing writes and reads, respectively. The FULL flag is set when +the cluster determines that it is out of space, and will no longer +process writes. PAUSEWR and PAUSERD are purely client-side settings +already implemented in userspace clients. The osd does nothing special +with these flags. + +When the FULL flag is set, however, the osd responds to all writes +with -ENOSPC. For cephfs, this makes sense, but for rbd the block +layer translates this into EIO. If a cluster goes from full to +non-full quickly, a filesystem on top of rbd will not behave well, +since some writes succeed while others get EIO. + +Fix this by blocking any writes when the FULL flag is set in the osd +client. This is the same strategy used by userspace, so apply it by +default. A follow-on patch makes this configurable. + +__map_request() is called to re-target osd requests in case the +available osds changed. Add a paused field to a ceph_osd_request, and +set it whenever an appropriate osd map flag is set. Avoid queueing +paused requests in __map_request(), but force them to be resent if +they become unpaused. + +Also subscribe to the next osd map from the monitor if any of these +flags are set, so paused requests can be unblocked as soon as +possible. + +Fixes: http://tracker.ceph.com/issues/6079 + +Reviewed-by: Sage Weil +Signed-off-by: Josh Durgin +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ceph/osd_client.h | 1 + + net/ceph/osd_client.c | 29 +++++++++++++++++++++++++++-- + 2 files changed, 28 insertions(+), 2 deletions(-) + +--- a/include/linux/ceph/osd_client.h ++++ b/include/linux/ceph/osd_client.h +@@ -138,6 +138,7 @@ struct ceph_osd_request { + __le64 *r_request_pool; + void *r_request_pgid; + __le32 *r_request_attempts; ++ bool r_paused; + struct ceph_eversion *r_request_reassert_version; + + int r_result; +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -1225,6 +1225,22 @@ void ceph_osdc_set_request_linger(struct + EXPORT_SYMBOL(ceph_osdc_set_request_linger); + + /* ++ * Returns whether a request should be blocked from being sent ++ * based on the current osdmap and osd_client settings. ++ * ++ * Caller should hold map_sem for read. ++ */ ++static bool __req_should_be_paused(struct ceph_osd_client *osdc, ++ struct ceph_osd_request *req) ++{ ++ bool pauserd = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSERD); ++ bool pausewr = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSEWR) || ++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL); ++ return (req->r_flags & CEPH_OSD_FLAG_READ && pauserd) || ++ (req->r_flags & CEPH_OSD_FLAG_WRITE && pausewr); ++} ++ ++/* + * Pick an osd (the first 'up' osd in the pg), allocate the osd struct + * (as needed), and set the request r_osd appropriately. If there is + * no up osd, set r_osd to NULL. Move the request to the appropriate list +@@ -1241,6 +1257,7 @@ static int __map_request(struct ceph_osd + int acting[CEPH_PG_MAX_SIZE]; + int o = -1, num = 0; + int err; ++ bool was_paused; + + dout("map_request %p tid %lld\n", req, req->r_tid); + err = ceph_calc_ceph_pg(&pgid, req->r_oid, osdc->osdmap, +@@ -1257,12 +1274,18 @@ static int __map_request(struct ceph_osd + num = err; + } + ++ was_paused = req->r_paused; ++ req->r_paused = __req_should_be_paused(osdc, req); ++ if (was_paused && !req->r_paused) ++ force_resend = 1; ++ + if ((!force_resend && + req->r_osd && req->r_osd->o_osd == o && + req->r_sent >= req->r_osd->o_incarnation && + req->r_num_pg_osds == num && + memcmp(req->r_pg_osds, acting, sizeof(acting[0])*num) == 0) || +- (req->r_osd == NULL && o == -1)) ++ (req->r_osd == NULL && o == -1) || ++ req->r_paused) + return 0; /* no change */ + + dout("map_request tid %llu pgid %lld.%x osd%d (was osd%d)\n", +@@ -1797,7 +1820,9 @@ done: + * we find out when we are no longer full and stop returning + * ENOSPC. + */ +- if (ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL)) ++ if (ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL) || ++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSERD) || ++ ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_PAUSEWR)) + ceph_monc_request_next_osdmap(&osdc->client->monc); + + mutex_lock(&osdc->request_mutex); diff --git a/queue-3.10/libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch b/queue-3.10/libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch new file mode 100644 index 00000000000..6898fb253ec --- /dev/null +++ b/queue-3.10/libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch @@ -0,0 +1,124 @@ +From 9a1ea2dbff11547a8e664f143c1ffefc586a577a Mon Sep 17 00:00:00 2001 +From: Josh Durgin +Date: Tue, 10 Dec 2013 09:35:13 -0800 +Subject: libceph: resend all writes after the osdmap loses the full flag + +From: Josh Durgin + +commit 9a1ea2dbff11547a8e664f143c1ffefc586a577a upstream. + +With the current full handling, there is a race between osds and +clients getting the first map marked full. If the osd wins, it will +return -ENOSPC to any writes, but the client may already have writes +in flight. This results in the client getting the error and +propagating it up the stack. For rbd, the block layer turns this into +EIO, which can cause corruption in filesystems above it. + +To avoid this race, osds are being changed to drop writes that came +from clients with an osdmap older than the last osdmap marked full. +In order for this to work, clients must resend all writes after they +encounter a full -> not full transition in the osdmap. osds will wait +for an updated map instead of processing a request from a client with +a newer map, so resent writes will not be dropped by the osd unless +there is another not full -> full transition. + +This approach requires both osds and clients to be fixed to avoid the +race. Old clients talking to osds with this fix may hang instead of +returning EIO and potentially corrupting an fs. New clients talking to +old osds have the same behavior as before if they encounter this race. + +Fixes: http://tracker.ceph.com/issues/6938 + +Reviewed-by: Sage Weil +Signed-off-by: Josh Durgin +Signed-off-by: Greg Kroah-Hartman + +--- + net/ceph/osd_client.c | 28 ++++++++++++++++++++++------ + 1 file changed, 22 insertions(+), 6 deletions(-) + +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -1629,14 +1629,17 @@ static void reset_changed_osds(struct ce + * + * Caller should hold map_sem for read. + */ +-static void kick_requests(struct ceph_osd_client *osdc, int force_resend) ++static void kick_requests(struct ceph_osd_client *osdc, bool force_resend, ++ bool force_resend_writes) + { + struct ceph_osd_request *req, *nreq; + struct rb_node *p; + int needmap = 0; + int err; ++ bool force_resend_req; + +- dout("kick_requests %s\n", force_resend ? " (force resend)" : ""); ++ dout("kick_requests %s %s\n", force_resend ? " (force resend)" : "", ++ force_resend_writes ? " (force resend writes)" : ""); + mutex_lock(&osdc->request_mutex); + for (p = rb_first(&osdc->requests); p; ) { + req = rb_entry(p, struct ceph_osd_request, r_node); +@@ -1661,7 +1664,10 @@ static void kick_requests(struct ceph_os + continue; + } + +- err = __map_request(osdc, req, force_resend); ++ force_resend_req = force_resend || ++ (force_resend_writes && ++ req->r_flags & CEPH_OSD_FLAG_WRITE); ++ err = __map_request(osdc, req, force_resend_req); + if (err < 0) + continue; /* error */ + if (req->r_osd == NULL) { +@@ -1681,7 +1687,8 @@ static void kick_requests(struct ceph_os + r_linger_item) { + dout("linger req=%p req->r_osd=%p\n", req, req->r_osd); + +- err = __map_request(osdc, req, force_resend); ++ err = __map_request(osdc, req, ++ force_resend || force_resend_writes); + dout("__map_request returned %d\n", err); + if (err == 0) + continue; /* no change and no osd was specified */ +@@ -1723,6 +1730,7 @@ void ceph_osdc_handle_map(struct ceph_os + struct ceph_osdmap *newmap = NULL, *oldmap; + int err; + struct ceph_fsid fsid; ++ bool was_full; + + dout("handle_map have %u\n", osdc->osdmap ? osdc->osdmap->epoch : 0); + p = msg->front.iov_base; +@@ -1736,6 +1744,8 @@ void ceph_osdc_handle_map(struct ceph_os + + down_write(&osdc->map_sem); + ++ was_full = ceph_osdmap_flag(osdc->osdmap, CEPH_OSDMAP_FULL); ++ + /* incremental maps */ + ceph_decode_32_safe(&p, end, nr_maps, bad); + dout(" %d inc maps\n", nr_maps); +@@ -1760,7 +1770,10 @@ void ceph_osdc_handle_map(struct ceph_os + ceph_osdmap_destroy(osdc->osdmap); + osdc->osdmap = newmap; + } +- kick_requests(osdc, 0); ++ was_full = was_full || ++ ceph_osdmap_flag(osdc->osdmap, ++ CEPH_OSDMAP_FULL); ++ kick_requests(osdc, 0, was_full); + } else { + dout("ignoring incremental map %u len %d\n", + epoch, maplen); +@@ -1803,7 +1816,10 @@ void ceph_osdc_handle_map(struct ceph_os + skipped_map = 1; + ceph_osdmap_destroy(oldmap); + } +- kick_requests(osdc, skipped_map); ++ was_full = was_full || ++ ceph_osdmap_flag(osdc->osdmap, ++ CEPH_OSDMAP_FULL); ++ kick_requests(osdc, skipped_map, was_full); + } + p += maplen; + nr_maps--; diff --git a/queue-3.10/media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch b/queue-3.10/media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch new file mode 100644 index 00000000000..39541c6b12c --- /dev/null +++ b/queue-3.10/media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch @@ -0,0 +1,43 @@ +From e351bf25fa373a3de0be2141b962c5c3c27006a2 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 22 Nov 2013 04:51:47 -0300 +Subject: media: cx18: check for allocation failure in cx18_read_eeprom() + +From: Dan Carpenter + +commit e351bf25fa373a3de0be2141b962c5c3c27006a2 upstream. + +It upsets static checkers when we don't check for allocation failure. I +moved the memset() of "tv" earlier so we don't use uninitialized data on +error. +Fixes: 1d212cf0c2d8 ('[media] cx18: struct i2c_client is too big for stack') + +Signed-off-by: Dan Carpenter +Acked-by: Andy Walls +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/pci/cx18/cx18-driver.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/media/pci/cx18/cx18-driver.c ++++ b/drivers/media/pci/cx18/cx18-driver.c +@@ -327,13 +327,16 @@ void cx18_read_eeprom(struct cx18 *cx, s + struct i2c_client *c; + u8 eedata[256]; + ++ memset(tv, 0, sizeof(*tv)); ++ + c = kzalloc(sizeof(*c), GFP_KERNEL); ++ if (!c) ++ return; + + strlcpy(c->name, "cx18 tveeprom tmp", sizeof(c->name)); + c->adapter = &cx->i2c_adap[0]; + c->addr = 0xa0 >> 1; + +- memset(tv, 0, sizeof(*tv)); + if (tveeprom_read(c, eedata, sizeof(eedata))) + goto ret; + diff --git a/queue-3.10/media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch b/queue-3.10/media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch new file mode 100644 index 00000000000..4a21f9ccb12 --- /dev/null +++ b/queue-3.10/media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch @@ -0,0 +1,84 @@ +From 1cdbcc5db4e6d51ce9bb1313195167cada9aa6e9 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 22 Nov 2013 04:55:43 -0300 +Subject: media: cxusb: unlock on error in cxusb_i2c_xfer() + +From: Dan Carpenter + +commit 1cdbcc5db4e6d51ce9bb1313195167cada9aa6e9 upstream. + +We recently introduced some new error paths which are missing their +unlocks. +Fixes: 64f7ef8afbf8 ('[media] cxusb: Don't use dynamic static allocation') + +Signed-off-by: Dan Carpenter +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/usb/dvb-usb/cxusb.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/drivers/media/usb/dvb-usb/cxusb.c ++++ b/drivers/media/usb/dvb-usb/cxusb.c +@@ -149,6 +149,7 @@ static int cxusb_i2c_xfer(struct i2c_ada + int num) + { + struct dvb_usb_device *d = i2c_get_adapdata(adap); ++ int ret; + int i; + + if (mutex_lock_interruptible(&d->i2c_mutex) < 0) +@@ -173,7 +174,8 @@ static int cxusb_i2c_xfer(struct i2c_ada + if (1 + msg[i].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[i].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = 0; + obuf[1] = msg[i].len; +@@ -193,12 +195,14 @@ static int cxusb_i2c_xfer(struct i2c_ada + if (3 + msg[i].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[i].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + if (1 + msg[i + 1].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[i + 1].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = msg[i].len; + obuf[1] = msg[i+1].len; +@@ -223,7 +227,8 @@ static int cxusb_i2c_xfer(struct i2c_ada + if (2 + msg[i].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[i].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = msg[i].addr; + obuf[1] = msg[i].len; +@@ -237,8 +242,14 @@ static int cxusb_i2c_xfer(struct i2c_ada + } + } + ++ if (i == num) ++ ret = num; ++ else ++ ret = -EREMOTEIO; ++ ++unlock: + mutex_unlock(&d->i2c_mutex); +- return i == num ? num : -EREMOTEIO; ++ return ret; + } + + static u32 cxusb_i2c_func(struct i2c_adapter *adapter) diff --git a/queue-3.10/media-dw2102-some-missing-unlocks-on-error.patch b/queue-3.10/media-dw2102-some-missing-unlocks-on-error.patch new file mode 100644 index 00000000000..83effc9a5f7 --- /dev/null +++ b/queue-3.10/media-dw2102-some-missing-unlocks-on-error.patch @@ -0,0 +1,205 @@ +From 324ed533bf0b23c309b805272c4ffcc5d51493a6 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 22 Nov 2013 04:56:33 -0300 +Subject: media: dw2102: some missing unlocks on error + +From: Dan Carpenter + +commit 324ed533bf0b23c309b805272c4ffcc5d51493a6 upstream. + +We recently introduced some new error paths but the unlocks are missing. +Fixes: 0065a79a8698 ('[media] dw2102: Don't use dynamic static allocation') + +Signed-off-by: Dan Carpenter +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/usb/dvb-usb/dw2102.c | 52 +++++++++++++++++++++++++------------ + 1 file changed, 36 insertions(+), 16 deletions(-) + +--- a/drivers/media/usb/dvb-usb/dw2102.c ++++ b/drivers/media/usb/dvb-usb/dw2102.c +@@ -301,6 +301,7 @@ static int dw2102_serit_i2c_transfer(str + static int dw2102_earda_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], int num) + { + struct dvb_usb_device *d = i2c_get_adapdata(adap); ++ int ret; + + if (!d) + return -ENODEV; +@@ -316,7 +317,8 @@ static int dw2102_earda_i2c_transfer(str + if (2 + msg[1].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[1].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + obuf[0] = msg[0].addr << 1; +@@ -340,7 +342,8 @@ static int dw2102_earda_i2c_transfer(str + if (2 + msg[0].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[1].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + obuf[0] = msg[0].addr << 1; +@@ -357,7 +360,8 @@ static int dw2102_earda_i2c_transfer(str + if (2 + msg[0].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[1].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + obuf[0] = msg[0].addr << 1; +@@ -386,15 +390,17 @@ static int dw2102_earda_i2c_transfer(str + + break; + } ++ ret = num; + ++unlock: + mutex_unlock(&d->i2c_mutex); +- return num; ++ return ret; + } + + static int dw2104_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], int num) + { + struct dvb_usb_device *d = i2c_get_adapdata(adap); +- int len, i, j; ++ int len, i, j, ret; + + if (!d) + return -ENODEV; +@@ -430,7 +436,8 @@ static int dw2104_i2c_transfer(struct i2 + if (2 + msg[j].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[j].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + dw210x_op_rw(d->udev, 0xc3, +@@ -466,7 +473,8 @@ static int dw2104_i2c_transfer(struct i2 + if (2 + msg[j].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[j].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + obuf[0] = msg[j].addr << 1; +@@ -481,15 +489,18 @@ static int dw2104_i2c_transfer(struct i2 + } + + } ++ ret = num; + ++unlock: + mutex_unlock(&d->i2c_mutex); +- return num; ++ return ret; + } + + static int dw3101_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], + int num) + { + struct dvb_usb_device *d = i2c_get_adapdata(adap); ++ int ret; + int i; + + if (!d) +@@ -506,7 +517,8 @@ static int dw3101_i2c_transfer(struct i2 + if (2 + msg[1].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[1].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = msg[0].addr << 1; + obuf[1] = msg[0].len; +@@ -530,7 +542,8 @@ static int dw3101_i2c_transfer(struct i2 + if (2 + msg[0].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[0].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = msg[0].addr << 1; + obuf[1] = msg[0].len; +@@ -556,9 +569,11 @@ static int dw3101_i2c_transfer(struct i2 + msg[i].flags == 0 ? ">>>" : "<<<"); + debug_dump(msg[i].buf, msg[i].len, deb_xfer); + } ++ ret = num; + ++unlock: + mutex_unlock(&d->i2c_mutex); +- return num; ++ return ret; + } + + static int s6x0_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], +@@ -566,7 +581,7 @@ static int s6x0_i2c_transfer(struct i2c_ + { + struct dvb_usb_device *d = i2c_get_adapdata(adap); + struct usb_device *udev; +- int len, i, j; ++ int len, i, j, ret; + + if (!d) + return -ENODEV; +@@ -618,7 +633,8 @@ static int s6x0_i2c_transfer(struct i2c_ + if (msg[j].len > sizeof(ibuf)) { + warn("i2c rd: len=%d is too big!\n", + msg[j].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + dw210x_op_rw(d->udev, 0x91, 0, 0, +@@ -652,7 +668,8 @@ static int s6x0_i2c_transfer(struct i2c_ + if (2 + msg[j].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[j].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + + obuf[0] = msg[j + 1].len; +@@ -671,7 +688,8 @@ static int s6x0_i2c_transfer(struct i2c_ + if (2 + msg[j].len > sizeof(obuf)) { + warn("i2c wr: len=%d is too big!\n", + msg[j].len); +- return -EOPNOTSUPP; ++ ret = -EOPNOTSUPP; ++ goto unlock; + } + obuf[0] = msg[j].len + 1; + obuf[1] = (msg[j].addr << 1); +@@ -685,9 +703,11 @@ static int s6x0_i2c_transfer(struct i2c_ + } + } + } ++ ret = num; + ++unlock: + mutex_unlock(&d->i2c_mutex); +- return num; ++ return ret; + } + + static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], diff --git a/queue-3.10/series b/queue-3.10/series index 28f328f3811..ad1a98998ec 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -1 +1,9 @@ alsa-compress-pass-through-return-value-of-open-ops-callback.patch +tracing-fix-array-size-mismatch-in-format-string.patch +hid-microsoft-add-id-s-for-surface-type-touch-cover-2.patch +media-cxusb-unlock-on-error-in-cxusb_i2c_xfer.patch +media-dw2102-some-missing-unlocks-on-error.patch +media-cx18-check-for-allocation-failure-in-cx18_read_eeprom.patch +libceph-block-i-o-when-pause-or-full-osd-map-flags-are-set.patch +libceph-resend-all-writes-after-the-osdmap-loses-the-full-flag.patch +asoc-max98090-make-revision_id-readable.patch diff --git a/queue-3.10/tracing-fix-array-size-mismatch-in-format-string.patch b/queue-3.10/tracing-fix-array-size-mismatch-in-format-string.patch new file mode 100644 index 00000000000..a99dc475795 --- /dev/null +++ b/queue-3.10/tracing-fix-array-size-mismatch-in-format-string.patch @@ -0,0 +1,135 @@ +From 87291347c49dc40aa339f587b209618201c2e527 Mon Sep 17 00:00:00 2001 +From: Vaibhav Nagarnaik +Date: Thu, 13 Feb 2014 19:51:48 -0800 +Subject: tracing: Fix array size mismatch in format string + +From: Vaibhav Nagarnaik + +commit 87291347c49dc40aa339f587b209618201c2e527 upstream. + +In event format strings, the array size is reported in two locations. +One in array subscript and then via the "size:" attribute. The values +reported there have a mismatch. + +For e.g., in sched:sched_switch the prev_comm and next_comm character +arrays have subscript values as [32] where as the actual field size is +16. + +name: sched_switch +ID: 301 +format: + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1;signed:0; + field:int common_pid; offset:4; size:4; signed:1; + + field:char prev_comm[32]; offset:8; size:16; signed:1; + field:pid_t prev_pid; offset:24; size:4; signed:1; + field:int prev_prio; offset:28; size:4; signed:1; + field:long prev_state; offset:32; size:8; signed:1; + field:char next_comm[32]; offset:40; size:16; signed:1; + field:pid_t next_pid; offset:56; size:4; signed:1; + field:int next_prio; offset:60; size:4; signed:1; + +After bisection, the following commit was blamed: +92edca0 tracing: Use direct field, type and system names + +This commit removes the duplication of strings for field->name and +field->type assuming that all the strings passed in +__trace_define_field() are immutable. This is not true for arrays, where +the type string is created in event_storage variable and field->type for +all array fields points to event_storage. + +Use __stringify() to create a string constant for the type string. + +Also, get rid of event_storage and event_storage_mutex that are not +needed anymore. + +also, an added benefit is that this reduces the overhead of events a bit more: + + text data bss dec hex filename +8424787 2036472 1302528 11763787 b3804b vmlinux +8420814 2036408 1302528 11759750 b37086 vmlinux.patched + +Link: http://lkml.kernel.org/r/1392349908-29685-1-git-send-email-vnagarnaik@google.com + +Cc: Laurent Chavey +Signed-off-by: Vaibhav Nagarnaik +Signed-off-by: Steven Rostedt +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ftrace_event.h | 4 ---- + include/trace/ftrace.h | 7 ++----- + kernel/trace/trace_events.c | 6 ------ + kernel/trace/trace_export.c | 7 ++----- + 4 files changed, 4 insertions(+), 20 deletions(-) + +--- a/include/linux/ftrace_event.h ++++ b/include/linux/ftrace_event.h +@@ -325,10 +325,6 @@ enum { + FILTER_TRACE_FN, + }; + +-#define EVENT_STORAGE_SIZE 128 +-extern struct mutex event_storage_mutex; +-extern char event_storage[EVENT_STORAGE_SIZE]; +- + extern int trace_event_raw_init(struct ftrace_event_call *call); + extern int trace_define_field(struct ftrace_event_call *call, const char *type, + const char *name, int offset, int size, +--- a/include/trace/ftrace.h ++++ b/include/trace/ftrace.h +@@ -299,15 +299,12 @@ static struct trace_event_functions ftra + #undef __array + #define __array(type, item, len) \ + do { \ +- mutex_lock(&event_storage_mutex); \ ++ char *type_str = #type"["__stringify(len)"]"; \ + BUILD_BUG_ON(len > MAX_FILTER_STR_VAL); \ +- snprintf(event_storage, sizeof(event_storage), \ +- "%s[%d]", #type, len); \ +- ret = trace_define_field(event_call, event_storage, #item, \ ++ ret = trace_define_field(event_call, type_str, #item, \ + offsetof(typeof(field), item), \ + sizeof(field.item), \ + is_signed_type(type), FILTER_OTHER); \ +- mutex_unlock(&event_storage_mutex); \ + if (ret) \ + return ret; \ + } while (0); +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -27,12 +27,6 @@ + + DEFINE_MUTEX(event_mutex); + +-DEFINE_MUTEX(event_storage_mutex); +-EXPORT_SYMBOL_GPL(event_storage_mutex); +- +-char event_storage[EVENT_STORAGE_SIZE]; +-EXPORT_SYMBOL_GPL(event_storage); +- + LIST_HEAD(ftrace_events); + static LIST_HEAD(ftrace_common_fields); + +--- a/kernel/trace/trace_export.c ++++ b/kernel/trace/trace_export.c +@@ -95,15 +95,12 @@ static void __always_unused ____ftrace_c + #undef __array + #define __array(type, item, len) \ + do { \ ++ char *type_str = #type"["__stringify(len)"]"; \ + BUILD_BUG_ON(len > MAX_FILTER_STR_VAL); \ +- mutex_lock(&event_storage_mutex); \ +- snprintf(event_storage, sizeof(event_storage), \ +- "%s[%d]", #type, len); \ +- ret = trace_define_field(event_call, event_storage, #item, \ ++ ret = trace_define_field(event_call, type_str, #item, \ + offsetof(typeof(field), item), \ + sizeof(field.item), \ + is_signed_type(type), filter_type); \ +- mutex_unlock(&event_storage_mutex); \ + if (ret) \ + return ret; \ + } while (0); -- 2.47.3