- 27 9月, 2013 16 次提交
-
-
由 Arend van Spriel 提交于
This patch removes the bcma_core_pci_power_save() call from the bcma_core_pci_{up,down}() functions as it tries to schedule thus requiring to call them from non-atomic context. The function bcma_core_pci_power_save() is now exported so the calling module can explicitly use it in non-atomic context. This fixes the 'scheduling while atomic' issue reported by Tod Jackson and Joe Perches. [ 13.210710] BUG: scheduling while atomic: dhcpcd/1800/0x00000202 [ 13.210718] Modules linked in: brcmsmac nouveau coretemp kvm_intel kvm cordic brcmutil bcma dell_wmi atl1c ttm mxm_wmi wmi [ 13.210756] CPU: 2 PID: 1800 Comm: dhcpcd Not tainted 3.11.0-wl #1 [ 13.210762] Hardware name: Alienware M11x R2/M11x R2, BIOS A04 11/23/2010 [ 13.210767] ffff880177c92c40 ffff880170fd1948 ffffffff8169af5b 0000000000000007 [ 13.210777] ffff880170fd1ab0 ffff880170fd1958 ffffffff81697ee2 ffff880170fd19d8 [ 13.210785] ffffffff816a19f5 00000000000f4240 000000000000d080 ffff880170fd1fd8 [ 13.210794] Call Trace: [ 13.210813] [<ffffffff8169af5b>] dump_stack+0x4f/0x84 [ 13.210826] [<ffffffff81697ee2>] __schedule_bug+0x43/0x51 [ 13.210837] [<ffffffff816a19f5>] __schedule+0x6e5/0x810 [ 13.210845] [<ffffffff816a1c34>] schedule+0x24/0x70 [ 13.210855] [<ffffffff816a04fc>] schedule_hrtimeout_range_clock+0x10c/0x150 [ 13.210867] [<ffffffff810684e0>] ? update_rmtp+0x60/0x60 [ 13.210877] [<ffffffff8106915f>] ? hrtimer_start_range_ns+0xf/0x20 [ 13.210887] [<ffffffff816a054e>] schedule_hrtimeout_range+0xe/0x10 [ 13.210897] [<ffffffff8104f6fb>] usleep_range+0x3b/0x40 [ 13.210910] [<ffffffffa00371af>] bcma_pcie_mdio_set_phy.isra.3+0x4f/0x80 [bcma] [ 13.210921] [<ffffffffa003729f>] bcma_pcie_mdio_write.isra.4+0xbf/0xd0 [bcma] [ 13.210932] [<ffffffffa0037498>] bcma_pcie_mdio_writeread.isra.6.constprop.13+0x18/0x30 [bcma] [ 13.210942] [<ffffffffa00374ee>] bcma_core_pci_power_save+0x3e/0x80 [bcma] [ 13.210953] [<ffffffffa003765d>] bcma_core_pci_up+0x2d/0x60 [bcma] [ 13.210975] [<ffffffffa03dc17c>] brcms_c_up+0xfc/0x430 [brcmsmac] [ 13.210989] [<ffffffffa03d1a7d>] brcms_up+0x1d/0x20 [brcmsmac] [ 13.211003] [<ffffffffa03d2498>] brcms_ops_start+0x298/0x340 [brcmsmac] [ 13.211020] [<ffffffff81600a12>] ? cfg80211_netdev_notifier_call+0xd2/0x5f0 [ 13.211030] [<ffffffff815fa53d>] ? packet_notifier+0xad/0x1d0 [ 13.211064] [<ffffffff81656e75>] ieee80211_do_open+0x325/0xf80 [ 13.211076] [<ffffffff8106ac09>] ? __raw_notifier_call_chain+0x9/0x10 [ 13.211086] [<ffffffff81657b41>] ieee80211_open+0x71/0x80 [ 13.211101] [<ffffffff81526267>] __dev_open+0x87/0xe0 [ 13.211109] [<ffffffff8152650c>] __dev_change_flags+0x9c/0x180 [ 13.211117] [<ffffffff815266a3>] dev_change_flags+0x23/0x70 [ 13.211127] [<ffffffff8158cd68>] devinet_ioctl+0x5b8/0x6a0 [ 13.211136] [<ffffffff8158d5c5>] inet_ioctl+0x75/0x90 [ 13.211147] [<ffffffff8150b38b>] sock_do_ioctl+0x2b/0x70 [ 13.211155] [<ffffffff8150b681>] sock_ioctl+0x71/0x2a0 [ 13.211169] [<ffffffff8114ed47>] do_vfs_ioctl+0x87/0x520 [ 13.211180] [<ffffffff8113f159>] ? ____fput+0x9/0x10 [ 13.211198] [<ffffffff8106228c>] ? task_work_run+0x9c/0xd0 [ 13.211202] [<ffffffff8114f271>] SyS_ioctl+0x91/0xb0 [ 13.211208] [<ffffffff816aa252>] system_call_fastpath+0x16/0x1b [ 13.211217] NOHZ: local_softirq_pending 202 The issue was introduced in v3.11 kernel by following commit: commit aa51e598 Author: Hauke Mehrtens <hauke@hauke-m.de> Date: Sat Aug 24 00:32:31 2013 +0200 brcmsmac: use bcma PCIe up and down functions replace the calls to bcma_core_pci_extend_L1timer() by calls to the newly introduced bcma_core_pci_ip() and bcma_core_pci_down() Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de> Cc: Arend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com> This fix has been discussed with Hauke Mehrtens [1] selection option 3) and is intended for v3.12. Ref: [1] http://mid.gmane.org/5239B12D.3040206@hauke-m.de Cc: <stable@vger.kernel.org> # 3.11.x Cc: Tod Jackson <tod.jackson@gmail.com> Cc: Joe Perches <joe@perches.com> Cc: Rafal Milecki <zajec5@gmail.com> Cc: Hauke Mehrtens <hauke@hauke-m.de> Reviewed-by: NHante Meuleman <meuleman@broadcom.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Arend van Spriel 提交于
The driver uses platform_driver_probe() to obtain platform data if any. However, that function is placed in the .init section so it must be called upon driver module initialization. The problem was reported by Fenguang Wu resulting in a kernel oops because the .init section was already freed. [ 48.966342] Switched to clocksource tsc [ 48.970002] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 48.970851] BUG: unable to handle kernel paging request at ffffffff82196446 [ 48.970957] IP: [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] PGD 1e76067 PUD 1e77063 PMD f388063 PTE 8000000002196163 [ 48.970957] Oops: 0011 [#1] [ 48.970957] CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 3.11.0-rc7-00444-gc52dd7f #23 [ 48.970957] Workqueue: events brcmf_driver_init [ 48.970957] task: ffff8800001d2000 ti: ffff8800001d4000 task.ti: ffff8800001d4000 [ 48.970957] RIP: 0010:[<ffffffff82196446>] [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] RSP: 0000:ffff8800001d5d40 EFLAGS: 00000286 [ 48.970957] RAX: 0000000000000001 RBX: ffffffff820c5620 RCX: 0000000000000000 [ 48.970957] RDX: 0000000000000001 RSI: ffffffff816f7380 RDI: ffffffff820c56c0 [ 48.970957] RBP: ffff8800001d5d50 R08: ffff8800001d2508 R09: 0000000000000002 [ 48.970957] R10: 0000000000000000 R11: 0001f7ce298c5620 R12: ffff8800001c76b0 [ 48.970957] R13: ffffffff81e91d40 R14: 0000000000000000 R15: ffff88000e0ce300 [ 48.970957] FS: 0000000000000000(0000) GS:ffffffff81e84000(0000) knlGS:0000000000000000 [ 48.970957] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 48.970957] CR2: ffffffff82196446 CR3: 0000000001e75000 CR4: 00000000000006b0 [ 48.970957] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.970957] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000 [ 48.970957] Stack: [ 48.970957] ffffffff816f7df8 ffffffff820c5620 ffff8800001d5d60 ffffffff816eeec9 [ 48.970957] ffff8800001d5de0 ffffffff81073dc5 ffffffff81073d68 ffff8800001d5db8 [ 48.970957] 0000000000000086 ffffffff820c5620 ffffffff824f7fd0 0000000000000000 [ 48.970957] Call Trace: [ 48.970957] [<ffffffff816f7df8>] ? brcmf_sdio_init+0x18/0x70 [ 48.970957] [<ffffffff816eeec9>] brcmf_driver_init+0x9/0x10 [ 48.970957] [<ffffffff81073dc5>] process_one_work+0x1d5/0x480 [ 48.970957] [<ffffffff81073d68>] ? process_one_work+0x178/0x480 [ 48.970957] [<ffffffff81074188>] worker_thread+0x118/0x3a0 [ 48.970957] [<ffffffff81074070>] ? process_one_work+0x480/0x480 [ 48.970957] [<ffffffff8107aa17>] kthread+0xe7/0xf0 [ 48.970957] [<ffffffff810829f7>] ? finish_task_switch.constprop.57+0x37/0xd0 [ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80 [ 48.970957] [<ffffffff81a6923a>] ret_from_fork+0x7a/0xb0 [ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80 [ 48.970957] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <cc> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc [ 48.970957] RIP [<ffffffff82196446>] classes_init+0x26/0x26 [ 48.970957] RSP <ffff8800001d5d40> [ 48.970957] CR2: ffffffff82196446 [ 48.970957] ---[ end trace 62980817cd525f14 ]--- Cc: <stable@vger.kernel.org> # 3.10.x, 3.11.x Reported-by: NFengguang Wu <fengguang.wu@intel.com> Reviewed-by: NHante Meuleman <meuleman@broadcom.com> Reviewed-by: NPieter-Paul Giesberts <pieterpg@broadcom.com> Tested-by: NFengguang Wu <fengguang.wu@intel.com> Signed-off-by: NArend van Spriel <arend@broadcom.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Bing Zhao 提交于
Bug 60815 - Interface hangs in mwifiex_usb https://bugzilla.kernel.org/show_bug.cgi?id=60815 [ 2.883807] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 [ 2.883813] IP: [<ffffffff815a65e0>] pfifo_fast_enqueue+0x90/0x90 [ 2.883834] CPU: 1 PID: 3220 Comm: kworker/u8:90 Not tainted 3.11.1-monotone-l0 #6 [ 2.883834] Hardware name: Microsoft Corporation Surface with Windows 8 Pro/Surface with Windows 8 Pro, BIOS 1.03.0450 03/29/2013 On Surface Pro, suspend to ram gives a NULL pointer dereference in pfifo_fast_enqueue(). The stack trace reveals that the offending call is clearing carrier in mwifiex_usb suspend handler. Since commit 1499d9fa "mwifiex: don't drop carrier flag over suspend" has removed the carrier flag handling over suspend/resume in SDIO and PCIe drivers, I'm removing it in USB driver too. This also fixes the bug for Surface Pro. Cc: <stable@vger.kernel.org> # 3.5+ Tested-by: NDmitry Khromov <icechrome@gmail.com> Signed-off-by: NBing Zhao <bzhao@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Amitkumar Karwar 提交于
Bug 60815 - Interface hangs in mwifiex_usb https://bugzilla.kernel.org/show_bug.cgi?id=60815 We have 4 bytes of interface header for packets delivered to SDIO and PCIe, but not for USB interface. In Tx AMSDU case, currently 4 bytes of garbage data is unnecessarily appended for USB packets. This sometimes leads to a firmware hang, because it may not interpret the data packet correctly. Problem is fixed by removing this redundant headroom for USB. Cc: <stable@vger.kernel.org> # 3.5+ Tested-by: NDmitry Khromov <icechrome@gmail.com> Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com> Signed-off-by: NBing Zhao <bzhao@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Christian Lamparter 提交于
Added USB ID for Corega WLUSB2GTST USB adapter. Cc: <stable@vger.kernel.org> Reported-by: NJoerg Kalisch <the_force@gmx.de> Signed-off-by: NChristian Lamparter <chunkeey@googlemail.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Solomon Peachy 提交于
This supercedes the older patch ("cw1200: Don't perform SPI transfers in interrupt context") that badly attempted to fix this problem. This is a far simpler solution, which has the added benefit of actually working. Signed-off-by: NSolomon Peachy <pizza@shaftnet.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Solomon Peachy 提交于
This reverts commit aec8e88c. This solution turned out to cause interrupt delivery problems, and rather than trying to fix this approach, it has been scrapped in favor of an alternative (and far simpler) implementation. Signed-off-by: NSolomon Peachy <pizza@shaftnet.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Bing Zhao 提交于
For pcie8897, the hs_cfg cancel command (0xe5) times out when host comes out of suspend. This is caused by an incompleted host sleep handshake between driver and firmware. Like SDIO interface, PCIe also needs to go through firmware power save events to complete the handshake for host sleep configuration. Only USB interface doesn't require power save events for hs_cfg. Cc: <stable@vger.kernel.org> # 3.10+ Signed-off-by: NBing Zhao <bzhao@marvell.com> Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Larry Finger 提交于
The private array at the end of the rtl_priv struct is not aligned. On ARM architecture, this causes an alignment trap and is fixed by aligning that array with __align(sizeof(void *)). That should properly align that space according to the requirements of all architectures. Reported-by: NJason Andrews <jasona@cadence.com> Tested-by: NJason Andrews <jasona@cadence.com> Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
Prevents race conditions when un-aggregated frames are pending in the driver. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Alexey Khoroshilov 提交于
If request_firmware_nowait() fails in p54u_load_firmware(), p54u_load_firmware_cb is not called and no one decrements usb_dev refcnt. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
When .release_buffered_frames was implemented, only A-MPDU packets were buffered internally. Now that this has changed, the BUF_AMPDU flag needs to be checked before calling ath_tx_addto_baw Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Sujith Manoharan 提交于
The commit "ath9k: Optimize LNA check" tried to use the "rs_firstaggr" flag to optimize the LNA combining algorithm when processing subframes in an A-MPDU. This doesn't appear to work well in practice, so revert it and use the old method of relying on "rs_moreaggr". Cc: stable@vger.kernel.org # 3.11 Signed-off-by: NSujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
This might trip up tx completion processing, although the condition that triggers this should not (yet) occur in practice. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Felix Fietkau 提交于
Fixes a regression from commit "ath9k: shrink a few data structures by reordering fields" When cloning a buffer, the stale flag (part of bf_state now) needs to be reset after copying the state to prevent tx processing hangs. Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 24 9月, 2013 1 次提交
-
-
由 Ken O'Brien 提交于
Add generic rule on encountering Belkin bluetooth usb device F8065bf. Relevant section from /sys/kernel/debug/usb/devices: T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=050d ProdID=065a Rev= 1.12 S: Manufacturer=Broadcom Corp S: Product=BCM20702A0 S: SerialNumber=0002723E2D29 C:* #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms Signed-off-by: NKen O'Brien <kernel@kenobrien.org> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 21 9月, 2013 1 次提交
-
-
由 Gianluca Anzolin 提交于
When the dlc is closed, rfcomm_dev_state_change() tries to release the port in the case it cannot get a reference to the tty. However this is racy and not even needed. Infact as Peter Hurley points out: 1. Only consider dlcs that are 'stolen' from a connected socket, ie. reused. Allocated dlcs cannot have been closed prior to port activate and so for these dlcs a tty reference will always be avail in rfcomm_dev_state_change() -- except for the conditions covered by #2b below. 2. If a tty was at some point previously created for this rfcomm, then either (a) the tty reference is still avail, so rfcomm_dev_state_change() will perform a hangup. So nothing to do, or, (b) the tty reference is no longer avail, and the tty_port will be destroyed by the last tty_port_put() in rfcomm_tty_cleanup. Again, no action required. 3. Prior to obtaining the dlc lock in rfcomm_dev_add(), rfcomm_dev_state_change() will not 'see' a rfcomm_dev so nothing to do here. 4. After releasing the dlc lock in rfcomm_dev_add(), rfcomm_dev_state_change() will 'see' an incomplete rfcomm_dev if a tty reference could not be obtained. Again, the best thing to do here is nothing. Any future attempted open() will block on rfcomm_dev_carrier_raised(). The unconnected device will exist until released by ioctl(RFCOMMRELEASEDEV). The patch removes the aforementioned code and uses the tty_port_tty_hangup() helper to hangup the tty. Signed-off-by: NGianluca Anzolin <gianluca@sottospazio.it> Reviewed-by: NPeter Hurley <peter@hurleysoftware.com> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 20 9月, 2013 9 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking fixes from David Miller: 1) If the local_df boolean is set on an SKB we have to allocate a unique ID even if IP_DF is set in the ipv4 headers, from Ansis Atteka. 2) Some fixups for the new chipset support that went into the sfc driver, from Ben Hutchings. 3) Because SCTP bypasses a good chunk of, and actually duplicates, the logic of the ipv6 output path, some IPSEC things don't get done properly. Integrate SCTP better into the ipv6 output path so that these problems are fixed and such issues don't get missed in the future either. From Daniel Borkmann. 4) Fix skge regressions added by the DMA mapping error return checking added in v3.10, from Mikulas Patocka. 5) Kill some more IRQF_DISABLED references, from Michael Opdenacker. 6) Fix races and deadlocks in the bridging code, from Hong Zhiguo. 7) Fix error handling in tun_set_iff(), in particular don't leak resources. From Jason Wang. 8) Prevent format-string injection into xen-netback driver, from Kees Cook. 9) Fix regression added to netpoll ARP packet handling, in particular check for the right ETH_P_ARP protocol code. From Sonic Zhang. 10) Try to deal with AMD IOMMU errors when using r8169 chips, from Francois Romieu. 11) Cure freezes due to recent changes in the rt2x00 wireless driver, from Stanislaw Gruszka. 12) Don't do SPI transfers (which can sleep) in interrupt context in cw1200 driver, from Solomon Peachy. 13) Fix LEDs handling bug in 5720 tg3 chips already handled for 5719. From Nithin Sujir. 14) Make xen_netbk_count_skb_slots() count the actual number of slots that will be used, taking into consideration packing and other issues that the transmit path will run into. From David Vrabel. 15) Use the correct maximum age when calculating the bridge message_age_timer, from Chris Healy. 16) Get rid of memory leaks in mcs7780 IRDA driver, from Alexey Khoroshilov. 17) Netfilter conntrack extensions were converted to RCU but are not always freed properly using kfree_rcu(). Fix from Michal Kubecek. 18) VF reset recovery not being done correctly in qlcnic driver, from Manish Chopra. 19) Fix inverted test in ATM nicstar driver, from Andy Shevchenko. 20) Missing workqueue destroy in cxgb4 error handling, from Wei Yang. 21) Internal switch not initialized properly in bgmac driver, from Rafał Miłecki. 22) Netlink messages report wrong local and remote addresses in IPv6 tunneling, from Ding Zhi. 23) ICMP redirects should not generate socket errors in DCCP and SCTP. We're still working out how this should be handled for RAW and UDP sockets. From Daniel Borkmann and Duan Jiong. 24) We've had several bugs wherein the network namespace's loopback device gets accessed after it is free'd, NULL it out so that we can catch these problems more readily. From Eric W Biederman. 25) Fix regression in TCP RTO calculations, from Neal Cardwell. 26) Fix too early free of xen-netback network device when VIFs still exist. From Paul Durrant. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (87 commits) netconsole: fix a deadlock with rtnl and netconsole's mutex netpoll: fix NULL pointer dereference in netpoll_cleanup skge: fix broken driver ip: generate unique IP identificator if local fragmentation is allowed ip: use ip_hdr() in __ip_make_skb() to retrieve IP header xen-netback: Don't destroy the netdev until the vif is shut down net:dccp: do not report ICMP redirects to user space cnic: Fix crash in cnic_bnx2x_service_kcq() bnx2x, cnic, bnx2i, bnx2fc: Fix bnx2i and bnx2fc regressions. vxlan: Avoid creating fdb entry with NULL destination tcp: fix RTO calculated from cached RTT drivers: net: phy: cicada.c: clears warning Use #include <linux/io.h> instead of <asm/io.h> net loopback: Set loopback_dev to NULL when freed batman-adv: set the TAG flag for the vid passed to BLA netfilter: nfnetlink_queue: use network skb for sequence adjustment net: sctp: rfc4443: do not report ICMP redirects to user space net: usb: cdc_ether: use usb.h macros whenever possible net: usb: cdc_ether: fix checkpatch errors and warnings net: usb: cdc_ether: Use wwan interface for Telit modules ip6_tunnels: raddr and laddr are inverted in nl msg ...
-
由 Nikolay Aleksandrov 提交于
This bug was introduced by commit 7a163bfb ("netconsole: avoid a crash with multiple sysfs writers"). In store_enabled() we have the following sequence: acquire nt->mutex then rtnl, but in the netconsole netdev notifier we have rtnl then nt->mutex effectively leading to a deadlock. The NULL pointer dereference that the above commit tries to fix is actually due to another bug in netpoll_cleanup(). This is fixed by dropping the mutex from the netdev notifier as it's already protected by rtnl. Signed-off-by: NNikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Nikolay Aleksandrov 提交于
I've been hitting a NULL ptr deref while using netconsole because the np->dev check and the pointer manipulation in netpoll_cleanup are done without rtnl and the following sequence happens when having a netconsole over a vlan and we remove the vlan while disabling the netconsole: CPU 1 CPU2 removes vlan and calls the notifier enters store_enabled(), calls netdev_cleanup which checks np->dev and then waits for rtnl executes the netconsole netdev release notifier making np->dev == NULL and releases rtnl continues to dereference a member of np->dev which at this point is == NULL Signed-off-by: NNikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mikulas Patocka 提交于
The patch 136d8f37 broke the skge driver. Note this part of the patch: + if (skge_rx_setup(skge, e, nskb, skge->rx_buf_size) < 0) { + dev_kfree_skb(nskb); + goto resubmit; + } + pci_unmap_single(skge->hw->pdev, dma_unmap_addr(e, mapaddr), dma_unmap_len(e, maplen), PCI_DMA_FROMDEVICE); skb = e->skb; prefetch(skb->data); - skge_rx_setup(skge, e, nskb, skge->rx_buf_size); The function skge_rx_setup modifies e->skb to point to the new skb. Thus, after this change, the new buffer, not the old, is returned to the networking stack. This bug is present in kernels 3.11, 3.11.1 and 3.12-rc1. The patch should be queued for 3.11-stable. Signed-off-by: NMikulas Patocka <mpatocka@redhat.com> Reported-by: NMikulas Patocka <mpatocka@redhat.com> Reported-by: NVasiliy Glazov <vascom2@gmail.com> Tested-by: NMikulas Patocka <mpatocka@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ansis Atteka 提交于
If local fragmentation is allowed, then ip_select_ident() and ip_select_ident_more() need to generate unique IDs to ensure correct defragmentation on the peer. For example, if IPsec (tunnel mode) has to encrypt large skbs that have local_df bit set, then all IP fragments that belonged to different ESP datagrams would have used the same identificator. If one of these IP fragments would get lost or reordered, then peer could possibly stitch together wrong IP fragments that did not belong to the same datagram. This would lead to a packet loss or data corruption. Signed-off-by: NAnsis Atteka <aatteka@nicira.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ansis Atteka 提交于
skb->data already points to IP header, but for the sake of consistency we can also use ip_hdr() to retrieve it. Signed-off-by: NAnsis Atteka <aatteka@nicira.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Paul Durrant 提交于
Without this patch, if a frontend cycles through states Closing and Closed (which Windows frontends need to do) then the netdev will be destroyed and requires re-invocation of hotplug scripts to restore state before the frontend can move to Connected. Thus when udev is not in use the backend gets stuck in InitWait. With this patch, the netdev is left alone whilst the backend is still online and is only de-registered and freed just prior to destroying the vif (which is also nicely symmetrical with the netdev allocation and registration being done during probe) so no re-invocation of hotplug scripts is required. Signed-off-by: NPaul Durrant <paul.durrant@citrix.com> Cc: David Vrabel <david.vrabel@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: NWei Liu <wei.liu2@citrix.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linus由 Linus Torvalds 提交于
Pull MIPS updates from Ralf Baechle: - Minor updates and fixes to the Octeon ethernet driver in staging - A fix to VGA_MAP_MEM() for 64 bit platforms - Fix a workaround for 74K/1074K processors - The symlink arch/mips/boot/dts/include/dt-bindings was pointing to a a file with a name ending in \n. I think this may have been caused by a git bug with with patches sent by email - A build fix for VGA console on BCM1480-based systems - Fix PCI device access via "/sys/bus/pci/.../resource0" or similar work for Alchemy platforms - Fix potential data leak on MIPS R5 cores. This doesn't add proper support for any R5 features, just ensures a kernel without such support will be secure to run - Adding a macros for the CP0 Config5 register to be used by the R5 fix - Make get_cycles() actually return something useful where possible This also requires a preparatory patch for performance sake - Fix a warning about the use of smp_processor_id() in preemptible code. Again this includes a preparatory patch adding the infrastructure to be used by the actual patch - Finally remove pointless one-line comment * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Fix invalid symbolic link file MIPS: PCI: pci-bcm1480: Include missing vt.h header MIPS: Disable usermode switching of the FR bit for MIPS R5 CPUs. MIPS: Add MIPS R5 config5 register. MIPS: PCI: Use pci_resource_to_user to map pci memory space properly MIPS: 74K/1074K: Correct erratum workaround. MIPS: Cleanup CP0 PRId and CP1 FPIR register access masks MIPS: Remove useless comment about kprobe from arch/mips/Makefile MIPS: Fix VGA_MAP_MEM macro. MIPS: Reimplement get_cycles(). MIPS: Optimize current_cpu_type() for better code. MIPS: Fix accessing to per-cpu data when flushing the cache MIPS: Provide nice way to access boot CPU's data. staging: octeon-ethernet: rgmii: enable interrupts that we can handle staging: octeon-ethernet: remove skb alloc failure warnings staging: octeon-ethernet: make dropped packets to consume NAPI budget
-
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client由 Linus Torvalds 提交于
Pull ceph fixes from Sage Weil: "These fix several bugs with RBD from 3.11 that didn't get tested in time for the merge window: some error handling, a use-after-free, and a sequencing issue when unmapping and image races with a notify operation. There is also a patch fixing a problem with the new ceph + fscache code that just went in" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: fscache: check consistency does not decrement refcount rbd: fix error handling from rbd_snap_name() rbd: ignore unmapped snapshots that no longer exist rbd: fix use-after free of rbd_dev->disk rbd: make rbd_obj_notify_ack() synchronous rbd: complete notifies before cleaning up osd_client and rbd_dev libceph: add function to ensure notifies are complete
-
- 19 9月, 2013 13 次提交
-
-
由 Madhavan Srinivasan 提交于
Commit 3b29aa5b [MIPS: add <dt-bindings/> symlink] created a symlink file in include/dt-bindings. Even though commit diff is fine, the symlink is invalid and ls -lb shows a newline character at the end of the filename: lrwxrwxrwx 1 maddy maddy 35 Sep 19 18:11 dt-bindings -> ../../../../../include/dt-bindings\n Signed-off-by: NMadhavan Srinivasan <maddy@linux.vnet.ibm.com> Cc: steven.hill@imgtec.com Cc: mmarek@suse.cz Cc: swarren@nvidia.com Cc: linux-mips@linux-mips.org Cc: linux-kbuild@vger.kernel.org Cc: james.hogan@imgtec.com Patchwork: https://patchwork.linux-mips.org/patch/5859/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Markos Chandras 提交于
It's needed for the MAX_NR_CONSOLES macro. Fixes the following build problem on a randconfig: arch/mips/pci/pci-bcm1480.c: In function 'bcm1480_pcibios_init': arch/mips/pci/pci-bcm1480.c:261:36: error: 'MAX_NR_CONSOLES' undeclared (first use in this function) arch/mips/pci/pci-bcm1480.c:261:36: note: each undeclared identifier is reported only once for each function it appears in make[1]: *** [arch/mips/pci/pci-bcm1480.o] Error 1 Signed-off-by: NMarkos Chandras <markos.chandras@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5858/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
Currently the kernel will always use the FR=0 register model for O32. If an O32 application did enable FR=1 mode, some data from another application might be leaked in the extra registers becoming visible. Iow, this patch is meant to make the kernel MIPS R5 tolerant but leaves proper MIPS R5 support to a future patchset. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
Pull drm radeon/nouveau/core fixes from Dave Airlie: "Mostly radeon fixes, with some nouveau bios parser, ttm fix and a fix for AST driver" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (42 commits) drm/fb-helper: don't sleep for screen unblank when an oops is in progress drm, ttm Fix uninitialized warning drm/ttm: fix the tt_populated check in ttm_tt_destroy() drm/nouveau/ttm: prevent double-free in nouveau_sgdma_create_ttm() failure path drm/nouveau/bios/init: fix thinko in INIT_CONFIGURE_MEM drm/nouveau/kms: enable for non-vga pci classes drm/nouveau/bios/init: stub opcode 0xaa drm/radeon: avoid UVD corruptions on AGP cards drm/radeon: fix panel scaling with eDP and LVDS bridges drm/radeon/dpm: rework auto performance level enable drm/radeon: Fix hmdi typo drm/radeon/dpm/rs780: fix force_performance state for same sclks drm/radeon/dpm/rs780: don't enable sclk scaling if not required drm/radeon/dpm/rs780: add some sanity checking to sclk scaling drm/radeon/dpm/rs780: use drm_mode_vrefresh() drm/udl: rip out set_need_resched drm/ast: fix the ast open key function drm/radeon/dpm: add bapm callback for kb/kv drm/radeon/dpm: add bapm callback for trinity drm/radeon/dpm: add infrastructure to properly handle bapm ...
-
由 Daniel Vetter 提交于
Otherwise the system will burn even brighter and worse, leave the user wondering what's going on exactly. Since we already have a panic handler which will (try) to restore the entire fbdev console mode, we can just bail out. Inspired by a patch from Konstantin Khlebnikov. The callchain leading to this, cut&pasted from Konstantin's original patch: callstack: panic() bust_spinlocks(1) unblank_screen() vc->vc_sw->con_blank() fbcon_blank() fb_blank() info->fbops->fb_blank() drm_fb_helper_blank() drm_fb_helper_dpms() drm_modeset_lock_all() mutex_lock(&dev->mode_config.mutex) Note that the entire locking in the fb helper around panic/sysrq and kdbg is ... non-existant. So we have a decent change of blowing up everything. But since reworking this ties in with funny concepts like the fbdev notifier chain or the impressive things which happen around console_lock while oopsing, I'll leave that as an exercise for braver souls than me. Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch> Cc: Konstantin Khlebnikov <khlebnikov@openvz.org> Cc: Dave Airlie <airlied@gmail.com> Reviewed-by: NRob Clark <robdclark@gmail.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Prarit Bhargava 提交于
Fix uninitialized warning. drivers/gpu/drm/ttm/ttm_object.c: In function ‘ttm_base_object_lookup’: drivers/gpu/drm/ttm/ttm_object.c:213:10: error: ‘base’ may be used uninitialized in this function [-Werror=maybe-uninitialized] kref_put(&base->refcount, ttm_release_base); ^ drivers/gpu/drm/ttm/ttm_object.c:221:26: note: ‘base’ was declared here struct ttm_base_object *base; Signed-off-by: NPrarit Bhargava <prarit@redhat.com> Reviewed-by: NRob Clark <robdclark@gmail.com> Reviewed-by: NDavid Herrmann <dh.herrmann@gmail.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Ben Skeggs 提交于
After a vmalloc failure in ttm_dma_tt_alloc_page_directory(), ttm_dma_tt_init() will call ttm_tt_destroy() to cleanup, and end up inside the driver's unpopulate() hook when populate() has never yet been called. On nouveau, the first issue to be hit because of this is that dma_address[] may be a NULL pointer. After working around this, ttm_pool_unpopulate() may potentially hit the same issue with the pages[] array. It seems to make more sense to avoid calling unpopulate on already unpopulated TTMs than to add checks to all the implementations. Signed-off-by: NBen Skeggs <bskeggs@redhat.com> Reviewed-by: NThomas Hellstrom <thellstrom@vmware.com> Cc: stable@vger.kernel.org Cc: Jerome Glisse <jglisse@redhat.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Dave Airlie 提交于
Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes A couple of bios parser fixes (one for ancient chips, another for new ones - important in Optimus configs). Another to make sure KMS is enabled on certain Optimus configs, and a TTM failure path fix. * 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6: drm/nouveau/ttm: prevent double-free in nouveau_sgdma_create_ttm() failure path drm/nouveau/bios/init: fix thinko in INIT_CONFIGURE_MEM drm/nouveau/kms: enable for non-vga pci classes drm/nouveau/bios/init: stub opcode 0xaa
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs由 Linus Torvalds 提交于
Pull vfs fixes from Al Viro: "atomic_open-related fixes (Miklos' series, with EEXIST-related parts replaced with fix in fs/namei.c:atomic_open() instead of messing with the instances) + race fix in autofs + leak on failure exit in 9p" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: 9p: don't forget to destroy inode cache if fscache registration fails atomic_open: take care of EEXIST in no-open case with O_CREAT|O_EXCL in fs/namei.c vfs: don't set FILE_CREATED before calling ->atomic_open() nfs: set FILE_CREATED gfs2: set FILE_CREATED cifs: fix filp leak in cifs_atomic_open() vfs: improve i_op->atomic_open() documentation autofs4: close the races around autofs4_notify_daemon()
-
由 Wolfgang Grandegger 提交于
[ralf@linux-mips.org: This only matters to Alchemy platforms. On other platforms fixup_bigphys_addr is just an identidy mapping.] Signed-off-by: NWolfgang Grandegger <wg@denx.de> Cc: tiejun.chen <tiejun.chen@windriver.com> Cc: Linux-MIPS <linux-mips@linux-mips.org> Patchwork: https://patchwork.linux-mips.org/patch/1868/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Maciej W. Rozycki 提交于
Make sure 74K revision numbers are not applied to the 1074K. Also catch invalid usage. Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org> Cc: Steven J. Hill <Steven.Hill@imgtec.com> Cc: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5857/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Maciej W. Rozycki 提交于
Replace hardcoded CP0 PRId and CP1 FPIR register access masks throughout. The change does not touch places that use shifted or partial masks. Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5838/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-