- 21 1月, 2015 5 次提交
-
-
由 Michael S. Tsirkin 提交于
Some devices might not implement config space access (e.g. remoteproc used not to - before 3.9). virtio/blk needs config space access so make it fail gracefully if not there. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
由 Michael S. Tsirkin 提交于
Some devices might not implement config space access (e.g. remoteproc used not to - before 3.9). virtio/9p needs config space access so make it fail gracefully if not there. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
由 Michael S. Tsirkin 提交于
virtio_pci does not depend on virtio_config: let's not include it, users can pull it in as necessary. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata由 Linus Torvalds 提交于
Pull libata fixes from Tejun Heo: - Bartlomiej will be co-maintaining PATA portion of libata. git workflow will stay the same. - sata_sil24 wasn't happy with tag ordered submission. An option to restore the old tag allocation behavior is implemented for sil24. - a very old race condition in PIO host state machine which can trigger BUG fixed. - other driver-specific changes * 'for-3.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: libata: prevent HSM state change race between ISR and PIO libata: allow sata_sil24 to opt-out of tag ordered submission ata: pata_at91: depend on !ARCH_MULTIPLATFORM ahci: Remove Device ID for Intel Sunrise Point PCH ahci: Use dev_info() to inform about the lack of Device Sleep support libata: Whitelist SSDs that are known to properly return zeroes after TRIM sata_dwc_460ex: fix resource leak on error path ata: add MAINTAINERS entry for libata PATA drivers libata: clean up MAINTAINERS entries libata: export ata_get_cmd_descript() ahci_xgene: Fix the DMA state machine lockup for the ATA_CMD_PACKET PIO mode command. ahci_xgene: Fix the endianess issue in APM X-Gene SoC AHCI SATA controller driver.
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq由 Linus Torvalds 提交于
Pull workqueue fix from Tejun Heo: "The xfs folks have been running into weird and very rare lockups for some time now. I didn't think this could have been from workqueue side because no one else was reporting it. This time, Eric had a kdump which we looked into and it turned out this actually was a workqueue bug and the bug has been there since the beginning of concurrency managed workqueue. A worker pool ensures forward progress of the workqueues associated with it by always having at least one worker reserved from executing work items. When the pool is under contention, the idle one tries to create more workers for the pool and if that doesn't succeed quickly enough, it calls the rescuers to the pool. This logic had a subtle race condition in an early exit path. When a worker invokes this manager function, the function may return %false indicating that the caller may proceed to executing work items either because another worker is already performing the role or conditions have changed and the pool is no longer under contention. The latter part depended on the assumption that whether more workers are necessary or not remains stable while the pool is locked; however, pool->nr_running (concurrency count) may change asynchronously and it getting bumped from zero asynchronously could send off the last idle worker to execute work items. The race window is fairly narrow, and, even when it gets triggered, the pool deadlocks iff if all work items get blocked on pending work items of the pool, which is highly unlikely but can be triggered by xfs. The patch removes the race window by removing the early exit path, which doesn't server any purpose anymore anyway" * 'for-3.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: fix subtle pool management issue which can stall whole worker_pool
-
- 20 1月, 2015 15 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl由 Linus Torvalds 提交于
Pull pin control fixes from Linus Walleij: "Here is a (hopefully final) slew of pin control fixes for the v3.19 series. The deadlock fix is kind of serious and tagged for stable, the rest is business as usual. - Fix two deadlocks around the pin control mutexes, a long-standing issue that manifest itself in plug/unplug of pin controllers. (Tagged for stable.) - Handle an error path with zero functions in the Qualcomm pin controller. - Drop a bogus second GPIO chip added in the Lantiq driver. - Fix sudden IRQ loss on Rockchip pin controllers. - Register the GIT tree in MAINTAINERS" * tag 'pinctrl-v3.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: MAINTAINERS: add git tree reference pinctrl: qcom: Don't iterate past end of function array pinctrl: lantiq: remove bogus of_gpio_chip_add pinctrl: Fix two deadlocks pinctrl: rockchip: Avoid losing interrupts when supporting both edges
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking fixes from David Miller: 1) Socket addresses returned in the error queue need to be fully initialized before being passed on to userspace, fix from Willem de Bruijn. 2) Interrupt handling fixes to davinci_emac driver from Tony Lindgren. 3) Fix races between receive packet steering and cpu hotplug, from Eric Dumazet. 4) Allowing netlink sockets to subscribe to unknown multicast groups leads to crashes, don't allow it. From Johannes Berg. 5) One to many socket races in SCTP fixed by Daniel Borkmann. 6) Put in a guard against the mis-use of ipv6 atomic fragments, from Hagen Paul Pfeifer. 7) Fix promisc mode and ethtool crashes in sh_eth driver, from Ben Hutchings. 8) NULL deref and double kfree fix in sxgbe driver from Girish K.S and Byungho An. 9) cfg80211 deadlock fix from Arik Nemtsov. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (36 commits) s2io: use snprintf() as a safety feature r8152: remove sram_read r8152: remove generic_ocp_read before writing bgmac: activate irqs only if there is nothing to poll bgmac: register napi before the device sh_eth: Fix ethtool operation crash when net device is down sh_eth: Fix promiscuous mode on chips without TSU ipv6: stop sending PTB packets for MTU < 1280 net: sctp: fix race for one-to-many sockets in sendmsg's auto associate genetlink: synchronize socket closing and family removal genetlink: disallow subscribing to unknown mcast groups genetlink: document parallel_ops net: rps: fix cpu unplug net: davinci_emac: Add support for emac on dm816x net: davinci_emac: Fix ioremap for devices with MDIO within the EMAC address space net: davinci_emac: Fix incomplete code for getting the phy from device tree net: davinci_emac: Free clock after checking the frequency net: davinci_emac: Fix runtime pm calls for davinci_emac net: davinci_emac: Fix hangs with interrupts ip: zero sockaddr returned on error queue ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6由 Linus Torvalds 提交于
Pull crypto fix from Herbert Xu: "This fixes a regression that arose from the change to add a crypto prefix to module names which was done to prevent the loading of arbitrary modules through the Crypto API. In particular, a number of modules were missing the crypto prefix which meant that they could no longer be autoloaded" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: add missing crypto module aliases
-
由 Dan Carpenter 提交于
"sp->desc[i]" has 25 characters. "dev->name" has 15 characters. If we used all 15 characters then the sprintf() would overflow. I changed the "sprintf(sp->name, "%s Neterion %s"" to snprintf(), as well, even though it can't overflow just to be consistent. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Hayes Wang says: ==================== r8152: couldn't read OCP_SRAM_DATA Read OCP_SRAM_DATA would read additional bytes and may let the hw abnormal. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 hayeswang 提交于
Read OCP register 0xa43a~0xa43b would clear some flags which the hw would use, and it may let the device lost. However, the unit of reading is 4 bytes. That is, it would read 0xa438~0xa43b when calling sram_read() to read OCP_SRAM_DATA. Signed-off-by: NHayes Wang <hayeswang@realtek.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 hayeswang 提交于
For ocp_write_word() and ocp_write_byte(), there is a generic_ocp_read() which is used to read the whole 4 byte data, keep the unchanged bytes, and modify the expected bytes. However, the "byen" could be used to determine which bytes of the 4 bytes to write, so the action could be removed. Signed-off-by: NHayes Wang <hayeswang@realtek.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Hauke Mehrtens says: ==================== bgmac: some fixes to napi usage I compared the napi documentation with the bgmac driver and found some problems in that driver. These two patches should fix the problems. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Hauke Mehrtens 提交于
IRQs should only get activated when there is nothing to poll in the queue any more and to after every poll. Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Hauke Mehrtens 提交于
napi should get registered before the netdev and not after. Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Ben Hutchings says: ==================== sh_eth fixes I'm currently looking at Ethernet support on the R-Car H2 chip, reviewing and testing the sh_eth driver. Here are fixes for two fairly obvious bugs in the driver; I will probably have some more later. These are not tested on any of the other supported chips. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Hutchings 提交于
The driver connects and disconnects the PHY device whenever the net device is brought up and down. The ethtool get_settings, set_settings and nway_reset operations will dereference a null or dangling pointer if called while it is down. I think it would be preferable to keep the PHY connected, but there may be good reasons not to. As an immediate fix for this bug: - Set the phydev pointer to NULL after disconnecting the PHY - Change those three operations to return -ENODEV while the PHY is not connected Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Hutchings 提交于
Currently net_device_ops::set_rx_mode is only implemented for chips with a TSU (multiple address table). However we do need to turn the PRM (promiscuous) flag on and off for other chips. - Remove the unlikely() from the TSU functions that we may safely call for chips without a TSU - Make setting of the MCT flag conditional on the tsu capability flag - Rename sh_eth_set_multicast_list() to sh_eth_set_rx_mode() and plumb it into both net_device_ops structures - Remove the previously-unreachable branch in sh_eth_rx_mode() that would otherwise reset the flags to defaults for non-TSU chips Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Hagen Paul Pfeifer 提交于
Reduce the attack vector and stop generating IPv6 Fragment Header for paths with an MTU smaller than the minimum required IPv6 MTU size (1280 byte) - called atomic fragments. See IETF I-D "Deprecating the Generation of IPv6 Atomic Fragments" [1] for more information and how this "feature" can be misused. [1] https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00Signed-off-by: NFernando Gont <fgont@si6networks.com> Signed-off-by: NHagen Paul Pfeifer <hagen@jauu.net> Acked-by: NHannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David Jeffery 提交于
It is possible for ata_sff_flush_pio_task() to set ap->hsm_task_state to HSM_ST_IDLE in between the time __ata_sff_port_intr() checks for HSM_ST_IDLE and before it calls ata_sff_hsm_move() causing ata_sff_hsm_move() to BUG(). This problem is hard to reproduce making this patch hard to verify, but this fix will prevent the race. I have not been able to reproduce the problem, but here is a crash dump from a 2.6.32 kernel. On examining the ata port's state, its hsm_task_state field has a value of HSM_ST_IDLE: crash> struct ata_port.hsm_task_state ffff881c1121c000 hsm_task_state = 0 Normally, this should not be possible as ata_sff_hsm_move() was called from ata_sff_host_intr(), which checks hsm_task_state and won't call ata_sff_hsm_move() if it has a HSM_ST_IDLE value. PID: 11053 TASK: ffff8816e846cae0 CPU: 0 COMMAND: "sshd" #0 [ffff88008ba03960] machine_kexec at ffffffff81038f3b #1 [ffff88008ba039c0] crash_kexec at ffffffff810c5d92 #2 [ffff88008ba03a90] oops_end at ffffffff8152b510 #3 [ffff88008ba03ac0] die at ffffffff81010e0b #4 [ffff88008ba03af0] do_trap at ffffffff8152ad74 #5 [ffff88008ba03b50] do_invalid_op at ffffffff8100cf95 #6 [ffff88008ba03bf0] invalid_op at ffffffff8100bf9b [exception RIP: ata_sff_hsm_move+317] RIP: ffffffff813a77ad RSP: ffff88008ba03ca0 RFLAGS: 00010097 RAX: 0000000000000000 RBX: ffff881c1121dc60 RCX: 0000000000000000 RDX: ffff881c1121dd10 RSI: ffff881c1121dc60 RDI: ffff881c1121c000 RBP: ffff88008ba03d00 R8: 0000000000000000 R9: 000000000000002e R10: 000000000001003f R11: 000000000000009b R12: ffff881c1121c000 R13: 0000000000000000 R14: 0000000000000050 R15: ffff881c1121dd78 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffff88008ba03d08] ata_sff_host_intr at ffffffff813a7fbd #8 [ffff88008ba03d38] ata_sff_interrupt at ffffffff813a821e #9 [ffff88008ba03d78] handle_IRQ_event at ffffffff810e6ec0 --- <IRQ stack> --- [exception RIP: pipe_poll+48] RIP: ffffffff81192780 RSP: ffff880f26d459b8 RFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff880f26d459c8 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff881a0539fa80 RBP: ffffffff8100bb8e R8: ffff8803b23324a0 R9: 0000000000000000 R10: ffff880f26d45dd0 R11: 0000000000000008 R12: ffffffff8109b646 R13: ffff880f26d45948 R14: 0000000000000246 R15: 0000000000000246 ORIG_RAX: ffffffffffffff10 CS: 0010 SS: 0018 RIP: 00007f26017435c3 RSP: 00007fffe020c420 RFLAGS: 00000206 RAX: 0000000000000017 RBX: ffffffff8100b072 RCX: 00007fffe020c45c RDX: 00007f2604a3f120 RSI: 00007f2604a3f140 RDI: 000000000000000d RBP: 0000000000000000 R8: 00007fffe020e570 R9: 0101010101010101 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe020e5f0 R13: 00007fffe020e5f4 R14: 00007f26045f373c R15: 00007fffe020e5e0 ORIG_RAX: 0000000000000017 CS: 0033 SS: 002b Somewhere between the ata_sff_hsm_move() check and the ata_sff_host_intr() check, the value changed. On examining the other cpus to see what else was running, another cpu was running the error handler routines: PID: 326 TASK: ffff881c11014aa0 CPU: 1 COMMAND: "scsi_eh_1" #0 [ffff88008ba27e90] crash_nmi_callback at ffffffff8102fee6 #1 [ffff88008ba27ea0] notifier_call_chain at ffffffff8152d515 #2 [ffff88008ba27ee0] atomic_notifier_call_chain at ffffffff8152d57a #3 [ffff88008ba27ef0] notify_die at ffffffff810a154e #4 [ffff88008ba27f20] do_nmi at ffffffff8152b1db #5 [ffff88008ba27f50] nmi at ffffffff8152aaa0 [exception RIP: _spin_lock_irqsave+47] RIP: ffffffff8152a1ff RSP: ffff881c11a73aa0 RFLAGS: 00000006 RAX: 0000000000000001 RBX: ffff881c1121deb8 RCX: 0000000000000000 RDX: 0000000000000246 RSI: 0000000000000020 RDI: ffff881c122612d8 RBP: ffff881c11a73aa0 R8: ffff881c17083800 R9: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff881c1121c000 R13: 000000000000001f R14: ffff881c1121dd50 R15: ffff881c1121dc60 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000 --- <NMI exception stack> --- #6 [ffff881c11a73aa0] _spin_lock_irqsave at ffffffff8152a1ff #7 [ffff881c11a73aa8] ata_exec_internal_sg at ffffffff81396fb5 #8 [ffff881c11a73b58] ata_exec_internal at ffffffff81397109 #9 [ffff881c11a73bd8] atapi_eh_request_sense at ffffffff813a34eb Before it tried to acquire a spinlock, ata_exec_internal_sg() called ata_sff_flush_pio_task(). This function will set ap->hsm_task_state to HSM_ST_IDLE, and has no locking around setting this value. ata_sff_flush_pio_task() can then race with the interrupt handler and potentially set HSM_ST_IDLE at a fatal moment, which will trigger a kernel BUG. v2: Fixup comment in ata_sff_flush_pio_task() tj: Further updated comment. Use ap->lock instead of shost lock and use the [un]lock_irq variant instead of the irqsave/restore one. Signed-off-by: NDavid Milburn <dmilburn@redhat.com> Signed-off-by: NTejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org
-
- 19 1月, 2015 5 次提交
-
-
由 Dan Williams 提交于
Ronny reports: https://bugzilla.kernel.org/show_bug.cgi?id=87101 "Since commit 8a4aeec8 "libata/ahci: accommodate tag ordered controllers" the access to the harddisk on the first SATA-port is failing on its first access. The access to the harddisk on the second port is working normal. When reverting the above commit, access to both harddisks is working fine again." Maintain tag ordered submission as the default, but allow sata_sil24 to continue with the old behavior. Cc: <stable@vger.kernel.org> Cc: Tejun Heo <tj@kernel.org> Reported-by: NRonny Hegewald <Ronny.Hegewald@online.de> Signed-off-by: NDan Williams <dan.j.williams@intel.com> Signed-off-by: NTejun Heo <tj@kernel.org>
-
由 Linus Walleij 提交于
Reference my pinctrl GIT tree @kernel.org Reported-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Stephen Boyd 提交于
Timur reports that this code crashes if nfunctions is 0. Fix the loop iteration to only consider valid elements of the functions array. Reported-by: NTimur Tabi <timur@codeaurora.org> Cc: Pramod Gurav <pramod.gurav@smartplayin.com> Cc: Bjorn Andersson <bjorn.andersson@sonymobile.com> Cc: Ivan T. Ivanov <iivanov@mm-sol.com> Cc: Andy Gross <agross@codeaurora.org> Fixes: 32745581 "pinctrl: qcom: Add support for reset for apq8064" Signed-off-by: NStephen Boyd <sboyd@codeaurora.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio由 Linus Torvalds 提交于
Pull GPIO fixes from Linus Walleij: "Here is a set of fixes that mainly appeared when Johan Hovold started exercising the removal path of the GPIO library, dealing with hotplugging of GPIO controllers. Details from tag: A slew of fixes dealing with some irritating bugs (non-regressions) that have been around forever in the GPIO subsystem, most of them also tagged for stable: - A large slew of fixes from Johan Hovold who is finally testing and reviewing the removal path of the GPIO drivers. - Fix of_get_named_gpiod_flags() so it works as expected. - Fix an IRQ handling bug in the crystalcove driver" * tag 'gpio-v3.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpiolib: of: Correct error handling in of_get_named_gpiod_flags gpio: sysfs: fix gpio attribute-creation race gpio: sysfs: fix gpio device-attribute leak gpio: sysfs: fix gpio-chip device-attribute leak gpio: unregister gpiochip device before removing it gpio: fix sleep-while-atomic in gpiochip_remove gpio: fix memory leak and sleep-while-atomic gpio: clean up gpiochip_add error handling gpio: fix gpio-chip list corruption gpio: fix memory and reference leaks in gpiochip_add error path gpio: crystalcove: use handle_nested_irq
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input由 Linus Torvalds 提交于
Pull input subsystem fixes from Dmitry Torokhov. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: uinput - fix ioctl nr overflow for UI_GET_SYSNAME/VERSION Input: I8042 - add Acer Aspire 7738 to the nomux list Input: elantech - support new ICs types for version 4 Input: i8042 - reset keyboard to fix Elantech touchpad detection MAINTAINERS: remove Dmitry Torokhov's alternate address
-
- 18 1月, 2015 10 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc由 Linus Torvalds 提交于
Pull ARM SoC fixes from Olof Johansson: "We've been sitting on our fixes branch for a while, so this batch is unfortunately on the large side. A lot of these are tweaks and fixes to device trees, fixing various bugs around clocks, reg ranges, etc. There's also a few defconfig updates (which are on the late side, no more of those). All in all the diffstat is bigger than ideal at this time, but nothing in here seems particularly risky" * tag 'armsoc-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits) reset: sunxi: fix spinlock initialization ARM: dts: disable CCI on exynos5420 based arndale-octa drivers: bus: check cci device tree node status ARM: rockchip: disable jtag/sdmmc autoswitching on rk3288 ARM: nomadik: fix up leftover device tree pins ARM: at91: board-dt-sama5: add phy_fixup to override NAND_Tree ARM: at91/dt: sam9263: Add missing clocks to lcdc node ARM: at91: sama5d3: dt: correct the sound route ARM: at91/dt: sama5d4: fix the timer reg length ARM: exynos_defconfig: Enable LM90 driver ARM: exynos_defconfig: Enable options for display panel support arm: dts: Use pmu_system_controller phandle for dp phy ARM: shmobile: sh73a0 legacy: Set .control_parent for all irqpin instances ARM: dts: berlin: correct BG2Q's SM GPIO location. ARM: dts: berlin: add broken-cd and set bus width for eMMC in Marvell DMP DT ARM: dts: berlin: fix io clk and add missing core clk for BG2Q sdhci2 host ARM: dts: Revert disabling of smc91x for n900 ARM: dts: imx51-babbage: Fix ULPI PHY reset modelling ARM: dts: dra7-evm: fix qspi device tree partition size ARM: omap2plus_defconfig: use CONFIG_CPUFREQ_DT ...
-
由 Daniel Borkmann 提交于
I.e. one-to-many sockets in SCTP are not required to explicitly call into connect(2) or sctp_connectx(2) prior to data exchange. Instead, they can directly invoke sendmsg(2) and the SCTP stack will automatically trigger connection establishment through 4WHS via sctp_primitive_ASSOCIATE(). However, this in its current implementation is racy: INIT is being sent out immediately (as it cannot be bundled anyway) and the rest of the DATA chunks are queued up for later xmit when connection is established, meaning sendmsg(2) will return successfully. This behaviour can result in an undesired side-effect that the kernel made the application think the data has already been transmitted, although none of it has actually left the machine, worst case even after close(2)'ing the socket. Instead, when the association from client side has been shut down e.g. first gracefully through SCTP_EOF and then close(2), the client could afterwards still receive the server's INIT_ACK due to a connection with higher latency. This INIT_ACK is then considered out of the blue and hence responded with ABORT as there was no alive assoc found anymore. This can be easily reproduced f.e. with sctp_test application from lksctp. One way to fix this race is to wait for the handshake to actually complete. The fix defers waiting after sctp_primitive_ASSOCIATE() and sctp_primitive_SEND() succeeded, so that DATA chunks cooked up from sctp_sendmsg() have already been placed into the output queue through the side-effect interpreter, and therefore can then be bundeled together with COOKIE_ECHO control chunks. strace from example application (shortened): socket(PF_INET, SOCK_SEQPACKET, IPPROTO_SCTP) = 3 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(0)=[], msg_controllen=48, {cmsg_len=48, cmsg_level=0x84 /* SOL_??? */, cmsg_type=, ...}, msg_flags=0}, 0) = 0 // graceful shutdown for SOCK_SEQPACKET via SCTP_EOF close(3) = 0 tcpdump before patch (fooling the application): 22:33:36.306142 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [INIT] [init tag: 3879023686] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3139201684] 22:33:36.316619 IP 192.168.1.115.8888 > 192.168.1.114.41462: sctp (1) [INIT ACK] [init tag: 3345394793] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 3380109591] 22:33:36.317600 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [ABORT] tcpdump after patch: 14:28:58.884116 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [INIT] [init tag: 438593213] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3092969729] 14:28:58.888414 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [INIT ACK] [init tag: 381429855] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2141904492] 14:28:58.888638 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [COOKIE ECHO] , (2) [DATA] (B)(E) [TSN: 3092969729] [...] 14:28:58.893278 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [COOKIE ACK] , (2) [SACK] [cum ack 3092969729] [a_rwnd 106491] [#gap acks 0] [#dup tsns 0] 14:28:58.893591 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN: 3092969730] [...] 14:28:59.096963 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack 3092969730] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:28:59.097086 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN: 3092969731] [...] , (2) [DATA] (B)(E) [TSN: 3092969732] [...] 14:28:59.103218 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack 3092969732] [a_rwnd 106486] [#gap acks 0] [#dup tsns 0] 14:28:59.103330 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN] 14:28:59.107793 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SHUTDOWN ACK] 14:28:59.107890 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN COMPLETE] Looks like this bug is from the pre-git history museum. ;) Fixes: 08707d5482df ("lksctp-2_5_31-0_5_1.patch") Signed-off-by: NDaniel Borkmann <dborkman@redhat.com> Acked-by: NVlad Yasevich <vyasevich@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.linaro.org/people/mike.turquette/linux由 Linus Torvalds 提交于
Pull clock driver fixes from Mike Turquette: "Small number of fixes for clock drivers and a single null pointer dereference fix in the framework core code. The driver fixes vary from fixing section mismatch warnings to preventing machines from hanging (and preventing developers from crying)" * tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux: clk: fix possible null pointer dereference Revert "clk: ppc-corenet: Fix Section mismatch warning" clk: rockchip: fix deadlock possibility in cpuclk clk: berlin: bg2q: remove non-exist "smemc" gate clock clk: at91: keep slow clk enabled to prevent system hang clk: rockchip: fix rk3288 cpuclk core dividers clk: rockchip: fix rk3066 pll lock bit location clk: rockchip: Fix clock gate for rk3188 hclk_emem_peri clk: rockchip: add CLK_IGNORE_UNUSED flag to fix rk3066/rk3188 USB Host
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull SCSI fixes from James Bottomley: "This is one fix for a Multiqueue sleeping in invalid context problem and a MAINTAINER file update for Qlogic" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ->queue_rq can't sleep MAINTAINERS: Update maintainer list for qla4xxx
-
由 Stanimir Varbanov 提交于
The commit 646cafc6 (clk: Change clk_ops->determine_rate to return a clk_hw as the best parent) opens a possibility for null pointer dereference, fix this. Signed-off-by: NStanimir Varbanov <svarbanov@mm-sol.com> Reviewed-by: NStephen Boyd <sboyd@codeaurora.org> Signed-off-by: NMichael Turquette <mturquette@linaro.org>
-
由 Kevin Hao 提交于
This reverts commit da788acb. That commit tried to fix the section mismatch warning by moving the ppc_corenet_clk_driver struct to init section. This is definitely wrong because the kernel would free the memories occupied by this struct after boot while this driver is still registered in the driver core. The kernel would panic when accessing this driver struct. Cc: stable@vger.kernel.org # 3.17 Signed-off-by: NKevin Hao <haokexin@gmail.com> Acked-by: NScott Wood <scottwood@freescale.com> Signed-off-by: NMichael Turquette <mturquette@linaro.org>
-
由 Heiko Stübner 提交于
Lockdep reported a possible deadlock between the cpuclk lock and for example the i2c driver. CPU0 CPU1 ---- ---- lock(clk_lock); local_irq_disable(); lock(&(&i2c->lock)->rlock); lock(clk_lock); <Interrupt> lock(&(&i2c->lock)->rlock); *** DEADLOCK *** The generic clock-types of the core ccf already use spin_lock_irqsave when touching clock registers, so do the same for the cpuclk. Signed-off-by: NHeiko Stuebner <heiko@sntech.de> Reviewed-by: NDoug Anderson <dianders@chromium.org> Signed-off-by: NMichael Turquette <mturquette@linaro.org> [mturquette@linaro.org: removed initialization of "flags"]
-
git://git.infradead.org/users/vkoul/slave-dma由 Linus Torvalds 提交于
Pull dmaengine fixes from Vinod Koul: "Two patches, the first by Andy to fix dw dmac runtime pm and second one by me to fix the dmaengine headers in MAINTAINERS" * 'fixes' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: dw: balance PM runtime calls MAINTAINERS: dmaengine: fix the header file for dmaengine
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Ingo Molnar: "Mostly tooling fixes, but also two PMU driver fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf tools powerpc: Use dwfl_report_elf() instead of offline. perf tools: Fix segfault for symbol annotation on TUI perf test: Fix dwarf unwind using libunwind. perf tools: Avoid build splat for syscall numbers with uclibc perf tools: Elide strlcpy warning with uclibc perf tools: Fix statfs.f_type data type mismatch build error with uclibc tools: Remove bitops/hweight usage of bits in tools/perf perf machine: Fix __machine__findnew_thread() error path perf tools: Fix building error in x86_64 when dwarf unwind is on perf probe: Propagate error code when write(2) failed perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM perf/rapl: Fix sysfs_show() initialization for RAPL PMU
-
- 17 1月, 2015 5 次提交
-
-
由 Ingo Molnar 提交于
Merge tag 'perf-urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Fix segfault when using both the map symtab viewer and annotation in the TUI (Namhyung Kim). - uClibc build fixes (Alexey Brodkin, Vineet Gupta). - bitops/hweight were moved from tools/perf/ too tools/include, move some leftovers (Arnaldo Carvalho de Melo) - Fix dwarf unwind x86_64 build error (Namhyung Kim) - Fix __machine__findnew_thread() error path (Namhyung Kim) - Propagate error code when write(2) failed in 'perf probe' (Namhyung Kim) - Use dwfl_report_elf() instead of offline in powerpc bits to properly handle non prelinked DSOs (Sukadev Bhattiprolu). - Fix dwarf unwind using libunwind in 'perf test' (Wang Nan) Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: NIngo Molnar <mingo@kernel.org>
-
由 Olof Johansson 提交于
Merge tag 'samsung-fixes-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes Merge "Samsung fixes for v3.19" from Kukjin Kim: Samsung fixes for v3.19 - exynos_defconfig: enable LM90 driver and display panel support - HWMON - SENSORS_LM90 - Direct Rendering Manager (DRM) - DRM bridge registration and lookup framework - Parade ps8622/ps8625 eDP/LVDS bridge - NXP ptn3460 eDP/LVDS bridge - Exynos Fully Interactive Mobile Display controller (FIMD) - Panel registration and lookup framework - Simple panels - Backlight & LCD device support - use pmu_system_controller phandle for dp phy : DP PHY requires pmu_system_controller to handle PMU reg. now * tag 'samsung-fixes-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: exynos_defconfig: Enable LM90 driver ARM: exynos_defconfig: Enable options for display panel support arm: dts: Use pmu_system_controller phandle for dp phy Signed-off-by: NOlof Johansson <olof@lixom.net>
-
由 Tyler Baker 提交于
Call spin_lock_init() before the spinlocks are used, both in early init and probe functions preventing a lockdep splat. I have been observing lockdep complaining [1] during boot on my a80 optimus [2] when CONFIG_PROVE_LOCKING has been enabled. This patch resolves the splat, and has been tested on a few other sunxi platforms without issue. [1] http://storage.kernelci.org/next/next-20150107/arm-multi_v7_defconfig+CONFIG_PROVE_LOCKING=y/lab-tbaker/boot-sun9i-a80-optimus.html [2] http://kernelci.org/boot/?a80-optimusSigned-off-by: NTyler Baker <tyler.baker@linaro.org> Cc: <stable@vger.kernel.org> Acked-by: NPhilipp Zabel <p.zabel@pengutronix.de> Signed-off-by: NKevin Hilman <khilman@linaro.org> Signed-off-by: NOlof Johansson <olof@lixom.net>
-
由 Olof Johansson 提交于
Merge tag 'renesas-soc-fixes-for-v3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Merge "Renesas ARM Based SoC Fixes for v3.19" from Simon Horman: Renesas ARM Based SoC Fixes for v3.19 This pull request is based on the last round of SoC updates for v3.19, Fourth Round of Renesas ARM Based SoC Updates for v3.19, tagged as renesas-soc3-for-v3.19, merged into your next/soc branch and included in v3.19-rc1. - ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds Set .control_parent for all irqpin instances for sh73a0 SoC when booting using legacy C. - ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds This fixes a long standing problem which has been present since the sh73a0 SoC started using the INTC External IRQ pin driver. The patch that introduced the problem is 341eb546 ("ARM: shmobile: INTC External IRQ pin driver on sh73a0") which was included in v3.10. * tag 'renesas-soc-fixes-for-v3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: ARM: shmobile: sh73a0 legacy: Set .control_parent for all irqpin instances ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds
-
由 Abhilash Kesavan 提交于
The arndale-octa board was giving "imprecise external aborts" during boot-up with MCPM enabled. CCI enablement of the boot cluster was found to be the cause of these aborts (possibly because the secure f/w was not allowing it). Hence, disable CCI for the arndale-octa board. Signed-off-by: NAbhilash Kesavan <a.kesavan@samsung.com> Tested-by: NKrzysztof Kozlowski <k.kozlowski@samsung.com> Tested-by: NKevin Hilman <khilman@linaro.org> Tested-by: NTyler Baker <tyler.baker@linaro.org> Signed-off-by: NOlof Johansson <olof@lixom.net>
-