1. 03 8月, 2015 1 次提交
  2. 31 7月, 2015 5 次提交
    • L
      rtlwifi: Fix NULL dereference when PCI driver used as an AP · 7c629401
      Luis Felipe Dominguez Vega 提交于
      In commit 33511b15 ("rtlwifi: add support to
      send beacon frame"), the mechanism for sending beacons was established. That
      patch works correctly for rtl8192cu, but there is a possibility of getting
      the following warnings in the PCI drivers:
      
      WARNING: CPU: 1 PID: 2439 at net/mac80211/driver-ops.h:12
      ieee80211_bss_info_change_notify+0x179/0x1d0 [mac80211]()
      wlp5s0:  Failed check-sdata-in-driver check, flags: 0x0
      
      The warning is followed by a NULL pointer dereference as follows:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000006
      IP: [<ffffffffc073998e>] rtl_get_tcb_desc+0x5e/0x760 [rtlwifi]
      
      This problem was reported at http://thread.gmane.org/gmane.linux.kernel.wireless.general/138645,
      but no solution was found at that time.
      
      The problem was also reported at https://bugzilla.kernel.org/show_bug.cgi?id=9744
      and this solution was developed and tested there.
      
      The USB driver works with a NULL final argument in the adapter_tx() callback;
      however, the PCI drivers need a struct rtl_tcb_desc in that position.
      
      Fixes: 33511b15 ("rtlwifi: add support to send beacon frame.")
      Signed-off-by: NLuis Felipe Dominguez Vega <lfdominguez@nauta.cu>
      Signed-off-by: NLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org> [3.19+]
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      7c629401
    • H
      b43: fix extpa_gain check for 2GHz · 098697db
      Hauke Mehrtens 提交于
      On the 2GHz and and on the 5GHZ band only the extpa_gain setting from
      the 5GHz band was checked. this patch makes it check the property from
      the correct band.
      Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      098697db
    • M
      rsi: Fix failure to load firmware after memory leak fix and fix the leak · 5d5cd85f
      Mike Looijmans 提交于
      Fixes commit eae79b4f ("rsi: fix memory leak in rsi_load_ta_instructions()")
      which stopped the driver from functioning.
      
      Firmware data has been allocated using vmalloc(), resulting in memory
      that cannot be used for DMA. Hence the firmware was first copied to a
      buffer allocated with kmalloc() in the original code. This patch reverts
      the commit and only calls "kfree()" to release the buffer after sending
      the data. This fixes the memory leak without breaking the driver.
      
      Add a comment to the kmemdup() calls to explain why this is done, and abort
      if memory allocation fails.
      
      Tested on a Topic Miami-Florida board which contains the rsi SDIO chip.
      
      Also added the same kfree() call to the USB glue driver. This was not
      tested on actual hardware though, as I only have the SDIO version.
      
      Fixes: eae79b4f ("rsi: fix memory leak in rsi_load_ta_instructions()")
      Signed-off-by: NMike Looijmans <mike.looijmans@topic.nl>
      Cc: stable@vger.kernel.org
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      5d5cd85f
    • K
      Merge tag 'iwlwifi-for-kalle-2015-07-30' of... · f7c0af82
      Kalle Valo 提交于
      Merge tag 'iwlwifi-for-kalle-2015-07-30' of https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
      
      * a fix for the stuck TFD queue mechanism - it was producing
        noisy false alarms.
      * a fix for the NIC prepare flow that prevented the driver
        from being able to access the device on certain systems.
      * a fix for the scan prority handling which allows the
        regular scan to run even if a scheduled scan is already
        running.
      f7c0af82
    • E
      iwlwifi: pcie: fix stuck queue detection for sleeping clients · aecdc63d
      Emmanuel Grumbach 提交于
      The stuck queue detection mechanism allows to detect queues
      that are stuck. For sleeping clients, a queue may rightfully
      be stuck: if a poor client implementation stays asleep for
      more than 10s, then we don't want to trigger recovery flows
      because of that client.
      In order to cope with this, I added a mechanism that
      monitors the state of the client: when a client goes to
      sleep, the timer of his queues is frozen. When he wakes up,
      the timer is reset to the right value so that if a client
      was awake for more than 10s and the queues are stuck, only
      then, the recovery flow will kick in.
      This is valid only on non-shared queues: A-MPDU queues.
      
      There was a bug in case we Tx to a sleeping client that has
      an empty A-MPDU queue: the timer was armed to now + 10s.
      This is bad, but pretty harmless.
      The problem is that when the client wakes up, the timer is
      modified to be now + remainder. But remainder is 0 since the
      queue was empty when that client went to sleep...
      
      Fix this by checking the state of the client before playing
      with the timer when we add a packet to an empty queue.
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      aecdc63d
  3. 28 7月, 2015 2 次提交
    • A
      iwlwifi: mvm: Fix regular scan priority · dc9f69b9
      Avraham Stern 提交于
      The code checks the total number of iterations to differentiate
      between regular scan and scheduled scan. However, regular scan has
      a total of one iteration, not zero. As a result, regular scan will
      have lower priority than it should have, and in case scheduled
      scan is already running when regular scan is requested, regular scan
      will be delayed until scheduled scan is aborted.
      Fix that by checking for total iterations number of one as an
      identifier for regular scan.
      
      Fixes: 133c8259 ("iwlwifi: mvm: rename generic_scan_cmd functions to dwell")
      Signed-off-by: NAvraham Stern <avraham.stern@intel.com>
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      dc9f69b9
    • E
      iwlwifi: pcie: fix prepare card flow · c9fdec9f
      Emmanuel Grumbach 提交于
      When the card is not owned by the PCIe bus, we need to
      acquire ownership first. This flow is implemented in
      iwl_pcie_prepare_card_hw. Because of a hardware bug, we
      need to disable link power management before we can
      request ownership otherwise the other user of the device
      won't get notified that we are requesting the device which
      will prevent us from acquire ownership.
      
      Same holds for the down flow where we need to make sure
      that any other potential user is notified that the driver
      is going down.
      
      CC: <stable@vger.kernel.org> [4.1]
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      c9fdec9f
  4. 17 7月, 2015 1 次提交
  5. 13 7月, 2015 6 次提交
  6. 12 7月, 2015 1 次提交
  7. 11 7月, 2015 6 次提交
    • M
      Doc: z8530book: Fix typo in API-z8530-sync-txdma-open.html · 145c3708
      Masanari Iida 提交于
      This patch fix a spelling typo found in API-z8530-sync-txdma-open.html.
      It is because this file was generated from comment in source,
      I have to fix comment in source.
      Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      145c3708
    • P
      net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets · 8220ea23
      Phil Sutter 提交于
      Reconsidering my commit 20462155 "net: inet_diag: export IPV6_V6ONLY
      sockopt", I am not happy with the limitations it causes for socket
      analysing code in userspace. Exporting the value only if it is set makes
      it hard for userspace to decide whether the option is not set or the
      kernel does not support exporting the option at all.
      
      >From an auditor's perspective, the interesting question for listening
      AF_INET6 sockets is: "Does it NOT have IPV6_V6ONLY set?" Because it is
      the unexpected case. This patch allows to answer this question reliably.
      Signed-off-by: NPhil Sutter <phil@nwl.cc>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8220ea23
    • S
      bridge: mdb: allow the user to delete mdb entry if there's a querier · 51ed7f3e
      Satish Ashok 提交于
      Until now when a querier was present static entries couldn't be deleted.
      Fix this and allow the user to manipulate the mdb with or without a
      querier.
      Signed-off-by: NSatish Ashok <sashok@cumulusnetworks.com>
      Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51ed7f3e
    • D
      Merge branch 'netdev_unregister_races' · 7234e030
      David S. Miller 提交于
      Julian Anastasov says:
      
      ====================
      net: fixes for device unregistration
      
      Test script from Eric W. Biederman can catch a problem
      where packets from backlog are processed long after the last
      synchronize_net call. This can be reproduced after few tests
      if commit 381c759d ("ipv4: Avoid crashing in ip_error")
      is reverted for the test. Incoming packets do not hold
      reference to device but even if they do, subsystems do not
      expect packets to fly during and after the NETDEV_UNREGISTER
      event.
      
      The first fix has the cost of netif_running check in fast path.
      The second fix calls rcu_read_lock while local IRQ is disabled,
      I hope this is not against the rules.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7234e030
    • J
      net: call rcu_read_lock early in process_backlog · 2c17d27c
      Julian Anastasov 提交于
      Incoming packet should be either in backlog queue or
      in RCU read-side section. Otherwise, the final sequence of
      flush_backlog() and synchronize_net() may miss packets
      that can run without device reference:
      
      CPU 1                  CPU 2
                             skb->dev: no reference
                             process_backlog:__skb_dequeue
                             process_backlog:local_irq_enable
      
      on_each_cpu for
      flush_backlog =>       IPI(hardirq): flush_backlog
                             - packet not found in backlog
      
                             CPU delayed ...
      synchronize_net
      - no ongoing RCU
      read-side sections
      
      netdev_run_todo,
      rcu_barrier: no
      ongoing callbacks
                             __netif_receive_skb_core:rcu_read_lock
                             - too late
      free dev
                             process packet for freed dev
      
      Fixes: 6e583ce5 ("net: eliminate refcounting in backlog queue")
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2c17d27c
    • J
      net: do not process device backlog during unregistration · e9e4dd32
      Julian Anastasov 提交于
      commit 381c759d ("ipv4: Avoid crashing in ip_error")
      fixes a problem where processed packet comes from device
      with destroyed inetdev (dev->ip_ptr). This is not expected
      because inetdev_destroy is called in NETDEV_UNREGISTER
      phase and packets should not be processed after
      dev_close_many() and synchronize_net(). Above fix is still
      required because inetdev_destroy can be called for other
      reasons. But it shows the real problem: backlog can keep
      packets for long time and they do not hold reference to
      device. Such packets are then delivered to upper levels
      at the same time when device is unregistered.
      Calling flush_backlog after NETDEV_UNREGISTER_FINAL still
      accounts all packets from backlog but before that some packets
      continue to be delivered to upper levels long after the
      synchronize_net call which is supposed to wait the last
      ones. Also, as Eric pointed out, processed packets, mostly
      from other devices, can continue to add new packets to backlog.
      
      Fix the problem by moving flush_backlog early, after the
      device driver is stopped and before the synchronize_net() call.
      Then use netif_running check to make sure we do not add more
      packets to backlog. We have to do it in enqueue_to_backlog
      context when the local IRQ is disabled. As result, after the
      flush_backlog and synchronize_net sequence all packets
      should be accounted.
      
      Thanks to Eric W. Biederman for the test script and his
      valuable feedback!
      Reported-by: NVittorio Gambaletta <linuxbugs@vittgam.net>
      Fixes: 6e583ce5 ("net: eliminate refcounting in backlog queue")
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9e4dd32
  8. 10 7月, 2015 8 次提交
  9. 09 7月, 2015 10 次提交
    • J
      macvtap: Destroy minor_idr on module_exit · d5de1987
      Johannes Thumshirn 提交于
      Destroy minor_idr on module_exit, reclaiming the allocated memory.
      
      This was detected by the following semantic patch (written by Luis Rodriguez
      <mcgrof@suse.com>)
      <SmPL>
      @ defines_module_init @
      declarer name module_init, module_exit;
      declarer name DEFINE_IDR;
      identifier init;
      @@
      
      module_init(init);
      
      @ defines_module_exit @
      identifier exit;
      @@
      
      module_exit(exit);
      
      @ declares_idr depends on defines_module_init && defines_module_exit @
      identifier idr;
      @@
      
      DEFINE_IDR(idr);
      
      @ on_exit_calls_destroy depends on declares_idr && defines_module_exit @
      identifier declares_idr.idr, defines_module_exit.exit;
      @@
      
      exit(void)
      {
       ...
       idr_destroy(&idr);
       ...
      }
      
      @ missing_module_idr_destroy depends on declares_idr && defines_module_exit && !on_exit_calls_destroy @
      identifier declares_idr.idr, defines_module_exit.exit;
      @@
      
      exit(void)
      {
       ...
       +idr_destroy(&idr);
      }
      </SmPL>
      Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d5de1987
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · ace15bbb
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree. This batch
      mostly comes with patches to address fallout from the previous merge window
      cycle, they are:
      
      1) Use entry->state.hook_list from nf_queue() instead of the global nf_hooks
         which is not valid when used from NFPROTO_NETDEV, this should cause no
         problems though since we have no userspace queueing for that family, but
         let's fix this now for the sake of correctness. Patch from Eric W. Biederman.
      
      2) Fix compilation breakage in bridge netfilter if CONFIG_NF_DEFRAG_IPV4 is not
         set, from Bernhard Thaler.
      
      3) Use percpu jumpstack in arptables too, now that there's a single copy of the
         rule blob we can't store the return address there anymore. Patch from
         Florian Westphal.
      
      4) Fix a skb leak in the xmit path of bridge netfilter, problem there since
         2.6.37 although it should be not possible to hit invalid traffic there, also
         from Florian.
      
      5) Eric Leblond reports that when loading a large ruleset with many missing
         modules after a fresh boot, nf_tables can take long time commit it. Fix this
         by processing the full batch until the end, even on missing modules, then
         abort only once and restart processing.
      
      6) Add bridge netfilter files to the MAINTAINER files.
      
      7) Fix a net_device refcount leak in the new IPV6 bridge netfilter code, from
         Julien Grall.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ace15bbb
    • P
      sfc: Report TX completions to BQL after all TX events in interrupt · c936835c
      Peter Dunning 提交于
      The limit for BQL is updated each time we call
      netdev_tx_completed_queue.
      Without this patch the BQL limit was updated for every TX event we
      see.
      The issue was that this only updated the limit to handle the data
      we complete in two events as the first event wouldn't show that
      enough traffic had been processed between them.
      
      This was OK when interrupt moderation was off but not when it was
      on as more data had to be completed in a single interrupt.
      
      The patch changes this so that we do report the completion to BQL
      only when all the TX events in the interrupt have been processed.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c936835c
    • Z
      drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet · d065c3c1
      Zheng Liu 提交于
      This device is sold as 'NVIDIA Tegra USB 3.0 Ethernet'.
      Chipset is RTL8153 and works with r8152.
      Signed-off-by: NZheng Liu <zhliu@nvidia.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d065c3c1
    • D
      3c59x: Fix shared IRQ handling · 4eed4d8f
      Denys Vlasenko 提交于
      As its first order of business, boomerang_interrupt() checks whether
      the device really has any pending interrupts. If it does not,
      it does nothing and returns, but it still returns IRQ_HANDLED.
      
      This is wrong: interrupt was not handled, IRQ handlers of other
      devices sharing this IRQ line need to be called.
      
      vortex_interrupt() has it right: it returns IRQ_NONE in this case
      via IRQ_RETVAL(0).
      
      Do the same in boomerang_interrupt().
      Signed-off-by: NDenys Vlasenko <dvlasenk@redhat.com>
      CC: David S. Miller <davem@davemloft.net>
      CC: linux-kernel@vger.kernel.org
      CC: netdev@vger.kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4eed4d8f
    • N
      vmxnet3: prevent receive getting out of sequence on napi poll · 0769636c
      Neil Horman 提交于
      vmxnet3's current napi path is built to count every rx descriptor we recieve,
      and use that as a count of the napi budget.  That means its possible to return
      from a napi poll halfway through recieving a fragmented packet accross multiple
      dma descriptors.  If that happens, the next napi poll will start with the
      descriptor ring in an improper state (e.g. the first descriptor we look at may
      have the end-of-packet bit set), which will cause a BUG halt in the driver.
      
      Fix the issue by only counting whole received packets in the napi poll and
      returning that value, rather than the descriptor count.
      
      Tested by the reporter and myself, successfully
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      CC: Shreyas Bhatewara <sbhatewara@vmware.com>
      CC: "David S. Miller" <davem@davemloft.net>
      Acked-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0769636c
    • A
      ipv4: add support for linkdown sysctl to netconf · 974d7af5
      Andy Gospodarek 提交于
      This kernel patch exports the value of the new
      ignore_routes_with_linkdown via netconf.
      
      v2: changes to notify userspace via netlink when sysctl values change
      and proposed for 'net' since this could be considered a bugfix
      Signed-off-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Suggested-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Acked-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      974d7af5
    • S
      sfc: Ensure down_write(&filter_sem) and up_write() are matched before calling efx_net_open() · 671b53ee
      Shradha Shah 提交于
      This patch avoids the double up_write to filter_sem if
      efx_net_open() fails.
      
      Resolves: 2d432f20Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      671b53ee
    • N
      bridge: mdb: zero out the local br_ip variable before use · f1158b74
      Nikolay Aleksandrov 提交于
      Since commit b0e9a30d ("bridge: Add vlan id to multicast groups")
      there's a check in br_ip_equal() for a matching vlan id, but the mdb
      functions were not modified to use (or at least zero it) so when an
      entry was added it would have a garbage vlan id (from the local br_ip
      variable in __br_mdb_add/del) and this would prevent it from being
      matched and also deleted. So zero out the whole local ip var to protect
      ourselves from future changes and also to fix the current bug, since
      there's no vlan id support in the mdb uapi - use always vlan id 0.
      Example before patch:
      root@debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
      RTNETLINK answers: Invalid argument
      
      After patch:
      root@debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      Signed-off-by: NNikolay Aleksandrov <razor@blackwall.org>
      Fixes: b0e9a30d ("bridge: Add vlan id to multicast groups")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f1158b74
    • M
      drivers: net: cpsw: fix crash while accessing second slave ethernet interface · 1973db0d
      Mugunthan V N 提交于
      When cpsw's number of slave is set to 1 in device tree and while
      accessing second slave ndev and priv in cpsw_tx_interrupt(),
      there is a kernel crash. This is due to cpsw_get_slave_priv()
      not verifying number of slaves while retriving netdev priv and
      returns a invalid memory region. Fixing the issue by introducing
      number of slave check in cpsw_get_slave_priv() and
      cpsw_get_slave_ndev().
      
      [   15.879589] Unable to handle kernel paging request at virtual address 0f0e142c
      [   15.888540] pgd = ed374000
      [   15.891359] [0f0e142c] *pgd=00000000
      [   15.895105] Internal error: Oops: 5 [#1] SMP ARM
      [   15.899936] Modules linked in:
      [   15.903139] CPU: 0 PID: 593 Comm: udhcpc Tainted: G        W       4.1.0-12205-gfda8b18c-dirty #10
      [   15.912386] Hardware name: Generic AM43 (Flattened Device Tree)
      [   15.918557] task: ed2a2e00 ti: ed3fe000 task.ti: ed3fe000
      [   15.924187] PC is at cpsw_tx_interrupt+0x30/0x44
      [   15.929008] LR is at _raw_spin_unlock_irqrestore+0x40/0x44
      [   15.934726] pc : [<c048b9cc>]    lr : [<c05ef4f4>]    psr: 20000193
      [   15.934726] sp : ed3ffc08  ip : ed2a2e40  fp : 00000000
      [   15.946685] r10: c0969ce8  r9 : c0969cfc  r8 : 00000000
      [   15.952129] r7 : 000000c6  r6 : ee54ab00  r5 : ee169c64  r4 : ee534e00
      [   15.958932] r3 : 0f0e0d0c  r2 : 00000000  r1 : ed3ffbc0  r0 : 00000001
      [   15.965735] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
      [   15.973261] Control: 10c5387d  Table: ad374059  DAC: 00000015
      [   15.979246] Process udhcpc (pid: 593, stack limit = 0xed3fe218)
      [   15.985414] Stack: (0xed3ffc08 to 0xed400000)
      [   15.989954] fc00:                   ee54ab00 c009928c c0a9e648 60000193 000032e4 ee169c00
      [   15.998478] fc20: ee169c64 ee169c00 ee169c64 ee54ab00 00000001 00000001 ee67e268 ee008800
      [   16.006995] fc40: ee534800 c009946c ee169c00 ee169c64 c08bd660 c009c370 c009c2a4 000000c6
      [   16.015513] fc60: c08b75c4 c08b0854 00000000 c0098b3c 000000c6 c0098c50 ed3ffcb0 0000003a
      [   16.024033] fc80: ed3ffcb0 fa24010c c08b7800 fa240100 ee7e9880 c00094c4 c05ef4e8 60000013
      [   16.032556] fca0: ffffffff ed3ffce4 ee7e9880 c05ef964 00000001 ed2a33d8 00000000 ed2a2e00
      [   16.041080] fcc0: 60000013 ee536bf8 60000013 ee51b800 ee7e9880 ee67e268 ee7e9880 ee534800
      [   16.049603] fce0: c0ad0768 ed3ffcf8 c008e910 c05ef4e8 60000013 ffffffff 00000001 00000001
      [   16.058121] fd00: ee536bf8 c0487a04 00000000 00000000 ee534800 00000000 00000156 c048c990
      [   16.066645] fd20: 00000000 00000000 c0969f40 00000000 00000000 c05000e8 00000001 00000000
      [   16.075167] fd40: 00000000 c051eefc 00000000 ee67e268 00000000 00000000 ee51b800 ed3ffd9c
      [   16.083690] fd60: 00000000 ee67e200 ee51b800 ee7e9880 ee67e268 00000000 00000000 ee67e200
      [   16.092211] fd80: ee51b800 ee7e9880 ee67e268 ee534800 ee67e200 c051eedc ee67e268 00000010
      [   16.100727] fda0: 00000000 00000000 ee7e9880 ee534800 00000000 ee67e268 ee51b800 c05006fc
      [   16.109247] fdc0: ee67e268 00000001 c0500488 00000156 ee7e9880 00000000 ed3fe000 fffffff4
      [   16.117771] fde0: ed3fff1c ee7e9880 ee534800 00000148 00000000 ed1f8340 00000000 00000000
      [   16.126289] fe00: 00000000 c05a9054 00000000 00000000 00000156 c0ab62a8 00000010 ed3e7000
      [   16.134812] fe20: 00000000 00000008 edcfb700 ed3fff1c c0fb5f94 ed2a2e00 c0fb5f64 000005d8
      [   16.143336] fe40: c0a9b3b8 00000000 ed3e7070 00000000 00000000 00000000 00009f40 00000000
      [   16.151858] fe60: 00000000 00020022 00110008 00000000 00000000 43004400 00000000 ffffffff
      [   16.160374] fe80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [   16.168898] fea0: edcfb700 bee5f380 00000014 00000000 ed3fe000 00000000 00004400 c04e2b64
      [   16.177415] fec0: 00000002 c04e3b00 ed3ffeec 00000001 0000011a 00000000 00000000 bee5f394
      [   16.185937] fee0: 00000148 ed3fff10 00000014 00000001 00000000 00000000 ed3ffee4 00000000
      [   16.194459] ff00: 00000000 00000000 00000000 c04e3664 00080011 00000002 06000000 ffffffff
      [   16.202980] ff20: 0000ffff ffffffff 0000ffff c008dd54 ee5a6f08 ee636e80 c096972d c0089c14
      [   16.211499] ff40: 00000000 60000013 ee5a6f40 60000013 00000000 ee5a6f40 00000002 00000006
      [   16.220023] ff60: 00000000 edcfb700 00000001 ed2a2e00 c000f60c 00000001 0000011a c008ea34
      [   16.228540] ff80: 00000006 00000000 bee5f380 00000014 bee5f380 00000014 bee5f380 00000122
      [   16.237059] ffa0: c000f7c4 c000f5e0 bee5f380 00000014 00000006 bee5f394 00000148 00000000
      [   16.245581] ffc0: bee5f380 00000014 bee5f380 00000122 fffffd6e 00004300 00004800 00004400
      [   16.254104] ffe0: bee5f378 bee5f36c 000307ec b6f39044 40000010 00000006 ed36fa40 00000000
      [   16.262642] [<c048b9cc>] (cpsw_tx_interrupt) from [<c009928c>] (handle_irq_event_percpu+0x64/0x204)
      [   16.272076] [<c009928c>] (handle_irq_event_percpu) from [<c009946c>] (handle_irq_event+0x40/0x64)
      [   16.281330] [<c009946c>] (handle_irq_event) from [<c009c370>] (handle_fasteoi_irq+0xcc/0x1a8)
      [   16.290220] [<c009c370>] (handle_fasteoi_irq) from [<c0098b3c>] (generic_handle_irq+0x20/0x30)
      [   16.299197] [<c0098b3c>] (generic_handle_irq) from [<c0098c50>] (__handle_domain_irq+0x64/0xdc)
      [   16.308273] [<c0098c50>] (__handle_domain_irq) from [<c00094c4>] (gic_handle_irq+0x20/0x60)
      [   16.316987] [<c00094c4>] (gic_handle_irq) from [<c05ef964>] (__irq_svc+0x44/0x5c)
      [   16.324779] Exception stack(0xed3ffcb0 to 0xed3ffcf8)
      [   16.330044] fca0:                                     00000001 ed2a33d8 00000000 ed2a2e00
      [   16.338567] fcc0: 60000013 ee536bf8 60000013 ee51b800 ee7e9880 ee67e268 ee7e9880 ee534800
      [   16.347090] fce0: c0ad0768 ed3ffcf8 c008e910 c05ef4e8 60000013 ffffffff
      [   16.353987] [<c05ef964>] (__irq_svc) from [<c05ef4e8>] (_raw_spin_unlock_irqrestore+0x34/0x44)
      [   16.362973] [<c05ef4e8>] (_raw_spin_unlock_irqrestore) from [<c0487a04>] (cpdma_check_free_tx_desc+0x60/0x6c)
      [   16.373311] [<c0487a04>] (cpdma_check_free_tx_desc) from [<c048c990>] (cpsw_ndo_start_xmit+0xb4/0x1ac)
      [   16.383017] [<c048c990>] (cpsw_ndo_start_xmit) from [<c05000e8>] (dev_hard_start_xmit+0x2a4/0x4c0)
      [   16.392364] [<c05000e8>] (dev_hard_start_xmit) from [<c051eedc>] (sch_direct_xmit+0xf4/0x210)
      [   16.401246] [<c051eedc>] (sch_direct_xmit) from [<c05006fc>] (__dev_queue_xmit+0x2ac/0x7bc)
      [   16.409960] [<c05006fc>] (__dev_queue_xmit) from [<c05a9054>] (packet_sendmsg+0xc68/0xeb4)
      [   16.418585] [<c05a9054>] (packet_sendmsg) from [<c04e2b64>] (sock_sendmsg+0x14/0x24)
      [   16.426663] [<c04e2b64>] (sock_sendmsg) from [<c04e3b00>] (SyS_sendto+0xb4/0xe0)
      [   16.434377] [<c04e3b00>] (SyS_sendto) from [<c000f5e0>] (ret_fast_syscall+0x0/0x54)
      [   16.442360] Code: e5943118 e593303c e3530000 0a000002 (e5930720)
      [   16.448716] ---[ end trace a68159f094d85ba6 ]---
      [   16.453526] Kernel panic - not syncing: Fatal exception in interrupt
      [   16.460149] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
      Signed-off-by: NMugunthan V N <mugunthanvnm@ti.com>
      Cc: <stable@vger.kernel.org> # v3.8+
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1973db0d