1. 22 3月, 2015 1 次提交
  2. 21 3月, 2015 1 次提交
  3. 16 3月, 2015 2 次提交
  4. 07 3月, 2015 2 次提交
  5. 05 3月, 2015 1 次提交
    • E
      iwlwifi: mvm: BT Coex - fix a NULL pointer exception · 4cd4b50c
      Emmanuel Grumbach 提交于
      The commit below introduced an unsafe dereference of
      mvmvif->phy_ctxt. It can be NULL even if we hold the mutex.
      We can be handling a BT Coex notification while the vif has
      already been unassigned. This can happen since the BT Coex
      notification is hanled asynchronuously: we can have started
      to handle the BT Coex notification trying to acquire the
      mutex while the unassign flow already got it. The BT Coex
      notification handling will wait for the mutext. I'll get it
      later, but then mvmvif->phy_ctxt will be NULL.
      
      Panic log:
      
      BUG: unable to handle kernel NULL pointer dereference at   (null)
      IP: [<f985180d>] iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm]
      *pdpt = 0000000000000000 *pde = f000eef300000007
      Oops: 0000 [#1] SMP
      Workqueue: events iwl_mvm_async_handlers_wk [iwlmvm]
      task: ed719b20 ti: ec03e000 task.ti: ec03e000
      EIP: 0060:[<f985180d>] EFLAGS: 00010202 CPU: 2
      EIP is at iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm]
      EAX: 00000000 EBX: f6d3cb70 ECX: f6d3cb70 EDX: 00000000
      ESI: ec03fe40 EDI: efeb8810 EBP: ec03fdf0 ESP: ec03fdac
       DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
      CR0: 80050033 CR2: 00000000 CR3: 01a1a000 CR4: 001407f0
      Stack:
       f743ca80 f744a404 ec03fdcc c10e3952 00003aba f743ca80 00000246 f743ca80
       00000246 00000000 00000001 00000000 ebd45ff6 ebd458a4 f6d3c500 ebd45578
       ebd44b01 ec03fe18 f99e1bc2 00000002 ebd44bc0 f9851770 00000000 f6d3c500
      Call Trace:
       [<c10e3952>] ? ring_buffer_unlock_commit+0xa2/0xd0
       [<f99e1bc2>] __iterate_interfaces+0x82/0x110 [mac80211]
       [<f9851770>] ? iwl_mvm_bt_coex_reduced_txp+0x140/0x140 [iwlmvm]
       [<f99e1c6a>] ieee80211_iterate_active_interfaces_atomic+0x1a/0x20 [mac80211]
       [<f9851427>] iwl_mvm_bt_coex_notif_handle+0x77/0x280 [iwlmvm]
       [<f9852161>] iwl_mvm_rx_bt_coex_notif_old+0x211/0x220 [iwlmvm]
       [<f9850b8b>] iwl_mvm_rx_bt_coex_notif+0x19b/0x1b0 [iwlmvm]
       [<f983944f>] iwl_mvm_async_handlers_wk+0x7f/0xe0 [iwlmvm]
      
      CC: <stable@vger.kernel.org> [3.19+]
      Fixes: 123f5156 ("iwlwifi: mvm: BT Coex - add support for TTC / RRC")
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      4cd4b50c
  6. 03 3月, 2015 11 次提交
  7. 02 3月, 2015 15 次提交
  8. 01 3月, 2015 7 次提交
    • E
      net: do not use rcu in rtnl_dump_ifinfo() · cac5e65e
      Eric Dumazet 提交于
      We did a failed attempt in the past to only use rcu in rtnl dump
      operations (commit e67f88dd "net: dont hold rtnl mutex during
      netlink dump callbacks")
      
      Now that dumps are holding RTNL anyway, there is no need to also
      use rcu locking, as it forbids any scheduling ability, like
      GFP_KERNEL allocations that controlling path should use instead
      of GFP_ATOMIC whenever possible.
      
      This should fix following splat Cong Wang reported :
      
       [ INFO: suspicious RCU usage. ]
       3.19.0+ #805 Tainted: G        W
      
       include/linux/rcupdate.h:538 Illegal context switch in RCU read-side critical section!
      
       other info that might help us debug this:
      
       rcu_scheduler_active = 1, debug_locks = 0
       2 locks held by ip/771:
        #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff8182b8f4>] netlink_dump+0x21/0x26c
        #1:  (rcu_read_lock){......}, at: [<ffffffff817d785b>] rcu_read_lock+0x0/0x6e
      
       stack backtrace:
       CPU: 3 PID: 771 Comm: ip Tainted: G        W       3.19.0+ #805
       Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        0000000000000001 ffff8800d51e7718 ffffffff81a27457 0000000029e729e6
        ffff8800d6108000 ffff8800d51e7748 ffffffff810b539b ffffffff820013dd
        00000000000001c8 0000000000000000 ffff8800d7448088 ffff8800d51e7758
       Call Trace:
        [<ffffffff81a27457>] dump_stack+0x4c/0x65
        [<ffffffff810b539b>] lockdep_rcu_suspicious+0x107/0x110
        [<ffffffff8109796f>] rcu_preempt_sleep_check+0x45/0x47
        [<ffffffff8109e457>] ___might_sleep+0x1d/0x1cb
        [<ffffffff8109e67d>] __might_sleep+0x78/0x80
        [<ffffffff814b9b1f>] idr_alloc+0x45/0xd1
        [<ffffffff810cb7ab>] ? rcu_read_lock_held+0x3b/0x3d
        [<ffffffff814b9f9d>] ? idr_for_each+0x53/0x101
        [<ffffffff817c1383>] alloc_netid+0x61/0x69
        [<ffffffff817c14c3>] __peernet2id+0x79/0x8d
        [<ffffffff817c1ab7>] peernet2id+0x13/0x1f
        [<ffffffff817d8673>] rtnl_fill_ifinfo+0xa8d/0xc20
        [<ffffffff810b17d9>] ? __lock_is_held+0x39/0x52
        [<ffffffff817d894f>] rtnl_dump_ifinfo+0x149/0x213
        [<ffffffff8182b9c2>] netlink_dump+0xef/0x26c
        [<ffffffff8182bcba>] netlink_recvmsg+0x17b/0x2c5
        [<ffffffff817b0adc>] __sock_recvmsg+0x4e/0x59
        [<ffffffff817b1b40>] sock_recvmsg+0x3f/0x51
        [<ffffffff817b1f9a>] ___sys_recvmsg+0xf6/0x1d9
        [<ffffffff8115dc67>] ? handle_pte_fault+0x6e1/0xd3d
        [<ffffffff8100a3a0>] ? native_sched_clock+0x35/0x37
        [<ffffffff8109f45b>] ? sched_clock_local+0x12/0x72
        [<ffffffff8109f6ac>] ? sched_clock_cpu+0x9e/0xb7
        [<ffffffff810cb7ab>] ? rcu_read_lock_held+0x3b/0x3d
        [<ffffffff811abde8>] ? __fcheck_files+0x4c/0x58
        [<ffffffff811ac556>] ? __fget_light+0x2d/0x52
        [<ffffffff817b376f>] __sys_recvmsg+0x42/0x60
        [<ffffffff817b379f>] SyS_recvmsg+0x12/0x1c
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Fixes: 0c7aecd4 ("netns: add rtnl cmd to add and get peer netns ids")
      Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
      Reported-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cac5e65e
    • G
      sh_eth: Fix lost MAC address on kexec · a14c7d15
      Geert Uytterhoeven 提交于
      Commit 740c7f31 ("sh_eth: Ensure DMA engines are stopped before
      freeing buffers") added a call to sh_eth_reset() to the
      sh_eth_set_ringparam() and sh_eth_close() paths.
      
      However, setting the software reset bit(s) in the EDMR register resets
      the MAC Address Registers to zero. Hence after kexec, the new kernel
      doesn't detect a valid MAC address and assigns a random MAC address,
      breaking DHCP.
      
      Set the MAC address again after the reset in sh_eth_dev_exit() to fix
      this.
      
      Tested on r8a7740/armadillo (GETHER) and r8a7791/koelsch (FAST_RCAR).
      
      Fixes: 740c7f31 ("sh_eth: Ensure DMA engines are stopped before freeing buffers")
      Signed-off-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a14c7d15
    • J
      net: bcmgenet: fix throughtput regression · 4092e6ac
      Jaedon Shin 提交于
      This patch adds bcmgenet_tx_poll for the tx_rings. This can reduce the
      interrupt load and send xmit in network stack on time. This also
      separated for the completion of tx_ring16 from bcmgenet_poll.
      
      The bcmgenet_tx_reclaim of tx_ring[{0,1,2,3}] operative by an interrupt
      is to be not more than a certain number TxBDs. It is caused by too
      slowly reclaiming the transmitted skb. Therefore, performance
      degradation of xmit after 605ad7f1 ("tcp: refine TSO autosizing").
      Signed-off-by: NJaedon Shin <jaedon.shin@gmail.com>
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4092e6ac
    • E
      macvtap: make sure neighbour code can push ethernet header · 2f1d8b9e
      Eric Dumazet 提交于
      Brian reported crashes using IPv6 traffic with macvtap/veth combo.
      
      I tracked the crashes in neigh_hh_output()
      
      -> memcpy(skb->data - HH_DATA_MOD, hh->hh_data, HH_DATA_MOD);
      
      Neighbour code assumes headroom to push Ethernet header is
      at least 16 bytes.
      
      It appears macvtap has only 14 bytes available on arches
      where NET_IP_ALIGN is 0 (like x86)
      
      Effect is a corruption of 2 bytes right before skb->head,
      and possible crashes if accessing non existing memory.
      
      This fix should also increase IPv4 performance, as paranoid code
      in ip_finish_output2() wont have to call skb_realloc_headroom()
      Reported-by: NBrian Rak <brak@vultr.com>
      Tested-by: NBrian Rak <brak@vultr.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2f1d8b9e
    • D
      Merge tag 'mac80211-for-davem-2015-02-27' of... · 32034e05
      David S. Miller 提交于
      Merge tag 'mac80211-for-davem-2015-02-27' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      A few patches have accumulated, among them the fix for Linus's
      four-way-handshake problem. The others are various small fixes
      for problems all over, nothing really stands out.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32034e05
    • E
      net: Verify permission to link_net in newlink · 06615bed
      Eric W. Biederman 提交于
      When applicable verify that the caller has permisson to the underlying
      network namespace for a newly created network device.
      
      Similary checks exist for the network namespace a network device will
      be created in.
      
      Fixes: 317f4810 ("rtnl: allow to create device with IFLA_LINK_NETNSID set")
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      06615bed
    • E
      net: Verify permission to dest_net in newlink · 505ce415
      Eric W. Biederman 提交于
      When applicable verify that the caller has permision to create a
      network device in another network namespace.  This check is already
      present when moving a network device between network namespaces in
      setlink so all that is needed is to duplicate that check in newlink.
      
      This change almost backports cleanly, but there are context conflicts
      as the code that follows was added in v4.0-rc1
      
      Fixes: b51642f6 net: Enable a userns root rtnl calls that are safe for unprivilged users
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      505ce415