1. 11 5月, 2011 2 次提交
    • E
      net: dev_close() should check IFF_UP · e14a5993
      Eric Dumazet 提交于
      Commit 44345724 (factorize sync-rcu call in
      unregister_netdevice_many) mistakenly removed one test from dev_close()
      
      Following actions trigger a BUG :
      
      modprobe bonding
      modprobe dummy
      ifconfig bond0 up
      ifenslave bond0 dummy0
      rmmod dummy
      
      dev_close() must not close a non IFF_UP device.
      
      With help from Frank Blaschka and Einar EL Lueck
      Reported-by: NFrank Blaschka <blaschka@linux.vnet.ibm.com>
      Reported-by: NEinar EL Lueck <ELELUECK@de.ibm.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e14a5993
    • E
      vlan: fix GVRP at dismantle time · 55aee10d
      Eric Dumazet 提交于
      ip link add link eth2 eth2.103 type vlan id 103 gvrp on loose_binding on
      ip link set eth2.103 up
      rmmod tg3    # driver providing eth2
      
       BUG: unable to handle kernel NULL pointer dereference at           (null)
       IP: [<ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
       PGD 11d251067 PUD 11b9e0067 PMD 0
       Oops: 0000 [#1] SMP
       last sysfs file: /sys/devices/virtual/net/eth2.104/ifindex
       CPU 0
       Modules linked in: tg3(-) 8021q garp nfsd lockd auth_rpcgss sunrpc libphy sg [last unloaded: x_tables]
      
       Pid: 11494, comm: rmmod Tainted: G        W   2.6.39-rc6-00261-gfd71257-dirty #580 HP ProLiant BL460c G6
       RIP: 0010:[<ffffffffa0030c9e>]  [<ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
       RSP: 0018:ffff88007a19bae8  EFLAGS: 00010286
       RAX: 0000000000000000 RBX: ffff88011b5e2000 RCX: 0000000000000002
       RDX: 0000000000000000 RSI: 0000000000000175 RDI: ffffffffa0030d5b
       RBP: ffff88007a19bb18 R08: 0000000000000001 R09: ffff88011bd64a00
       R10: ffff88011d34ec00 R11: 0000000000000000 R12: 0000000000000002
       R13: ffff88007a19bc48 R14: ffff88007a19bb88 R15: 0000000000000001
       FS:  0000000000000000(0000) GS:ffff88011fc00000(0063) knlGS:00000000f77d76c0
       CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
       CR2: 0000000000000000 CR3: 000000011a675000 CR4: 00000000000006f0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
       Process rmmod (pid: 11494, threadinfo ffff88007a19a000, task ffff8800798595c0)
       Stack:
        ffff88007a19bb36 ffff88011c84b800 ffff88011b5e2000 ffff88007a19bc48
        ffff88007a19bb88 0000000000000006 ffff88007a19bb38 ffffffffa003a5f6
        ffff88007a19bb38 670088007a19bba8 ffff88007a19bb58 ffffffffa00397e7
       Call Trace:
        [<ffffffffa003a5f6>] vlan_gvrp_request_leave+0x46/0x50 [8021q]
        [<ffffffffa00397e7>] vlan_dev_stop+0xb7/0xc0 [8021q]
        [<ffffffff8137e427>] __dev_close_many+0x87/0xe0
        [<ffffffff8137e507>] dev_close_many+0x87/0x110
        [<ffffffff8137e630>] rollback_registered_many+0xa0/0x240
        [<ffffffff8137e7e9>] unregister_netdevice_many+0x19/0x60
        [<ffffffffa00389eb>] vlan_device_event+0x53b/0x550 [8021q]
        [<ffffffff8143f448>] ? ip6mr_device_event+0xa8/0xd0
        [<ffffffff81479d03>] notifier_call_chain+0x53/0x80
        [<ffffffff81062539>] __raw_notifier_call_chain+0x9/0x10
        [<ffffffff81062551>] raw_notifier_call_chain+0x11/0x20
        [<ffffffff8137df82>] call_netdevice_notifiers+0x32/0x60
        [<ffffffff8137e69f>] rollback_registered_many+0x10f/0x240
        [<ffffffff8137e85f>] rollback_registered+0x2f/0x40
        [<ffffffff8137e8c8>] unregister_netdevice_queue+0x58/0x90
        [<ffffffff8137e9eb>] unregister_netdev+0x1b/0x30
        [<ffffffffa005d73f>] tg3_remove_one+0x6f/0x10b [tg3]
      
      We should call vlan_gvrp_request_leave() from unregister_vlan_dev(),
      not from vlan_dev_stop(), because vlan_gvrp_uninit_applicant()
      is called right after unregister_netdevice_queue(). In batch mode,
      unregister_netdevice_queue() doesn’t immediately call vlan_dev_stop().
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      55aee10d
  2. 10 5月, 2011 6 次提交
  3. 09 5月, 2011 2 次提交
  4. 07 5月, 2011 2 次提交
    • R
      vmxnet3: Consistently disable irqs when taking adapter->cmd_lock · e328d410
      Roland Dreier 提交于
      Using the vmxnet3 driver produces a lockdep warning because
      vmxnet3_set_mc(), which is called with mc->mca_lock held, takes
      adapter->cmd_lock.  However, there are a couple of places where
      adapter->cmd_lock is taken with softirqs enabled, lockdep warns that a
      softirq that tries to take mc->mca_lock could happen while
      adapter->cmd_lock is held, leading to an AB-BA deadlock.
      
      I'm not sure if this is a real potential deadlock or not, but the
      simplest and best fix seems to be simply to make sure we take cmd_lock
      with spin_lock_irqsave() everywhere -- the places with plain spin_lock
      just look like oversights.
      
      The full enormous lockdep warning is:
      
       =========================================================
       [ INFO: possible irq lock inversion dependency detected ]
       2.6.39-rc6+ #1
       ---------------------------------------------------------
       ifconfig/567 just changed the state of lock:
        (&(&mc->mca_lock)->rlock){+.-...}, at: [<ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
       but this lock took another, SOFTIRQ-unsafe lock in the past:
        (&(&adapter->cmd_lock)->rlock){+.+...}
      
       and interrupts could create inverse lock ordering between them.
      
       other info that might help us debug this:
       4 locks held by ifconfig/567:
        #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff8147d547>] rtnl_lock+0x17/0x20
        #1:  ((inetaddr_chain).rwsem){.+.+.+}, at: [<ffffffff810896cf>] __blocking_notifier_call_chain+0x5f/0xb0
        #2:  (&idev->mc_ifc_timer){+.-...}, at: [<ffffffff8106f21b>] run_timer_softirq+0xeb/0x3f0
        #3:  (&ndev->lock){++.-..}, at: [<ffffffff81531dd2>] mld_ifc_timer_expire+0x32/0x280
      
       the shortest dependencies between 2nd lock and 1st lock:
         -> (&(&adapter->cmd_lock)->rlock){+.+...} ops: 11 {
            HARDIRQ-ON-W at:
                                                  [<ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
                                                  [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                                  [<ffffffff81571156>] _raw_spin_lock+0x36/0x70
                                                  [<ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
                                                  [<ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
                                                  [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
                                                  [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
                                                  [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
                                                  [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
                                                  [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
                                                  [<ffffffff81373a2e>] driver_attach+0x1e/0x20
                                                  [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
                                                  [<ffffffff813745b6>] driver_register+0x76/0x140
                                                  [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
                                                  [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
                                                  [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                                  [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
                                                  [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
            SOFTIRQ-ON-W at:
                                                  [<ffffffff8109adb7>] __lock_acquire+0x827/0x1e10
                                                  [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                                  [<ffffffff81571156>] _raw_spin_lock+0x36/0x70
                                                  [<ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
                                                  [<ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
                                                  [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
                                                  [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
                                                  [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
                                                  [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
                                                  [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
                                                  [<ffffffff81373a2e>] driver_attach+0x1e/0x20
                                                  [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
                                                  [<ffffffff813745b6>] driver_register+0x76/0x140
                                                  [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
                                                  [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
                                                  [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                                  [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
                                                  [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
            INITIAL USE at:
                                                 [<ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
                                                 [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                                 [<ffffffff81571156>] _raw_spin_lock+0x36/0x70
                                                 [<ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
                                                 [<ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
                                                 [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
                                                 [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
                                                 [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
                                                 [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
                                                 [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
                                                 [<ffffffff81373a2e>] driver_attach+0x1e/0x20
                                                 [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
                                                 [<ffffffff813745b6>] driver_register+0x76/0x140
                                                 [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
                                                 [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
                                                 [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                                 [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
                                                 [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
          }
          ... key      at: [<ffffffffa0017590>] __key.42516+0x0/0xffffffffffffda70 [vmxnet3]
          ... acquired at:
          [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
          [<ffffffff81571bb5>] _raw_spin_lock_irqsave+0x55/0xa0
          [<ffffffffa000de27>] vmxnet3_set_mc+0x97/0x1a0 [vmxnet3]
          [<ffffffff8146ffa0>] __dev_set_rx_mode+0x40/0xb0
          [<ffffffff81470040>] dev_set_rx_mode+0x30/0x50
          [<ffffffff81470127>] __dev_open+0xc7/0x100
          [<ffffffff814703c1>] __dev_change_flags+0xa1/0x180
          [<ffffffff81470568>] dev_change_flags+0x28/0x70
          [<ffffffff814da960>] devinet_ioctl+0x730/0x800
          [<ffffffff814db508>] inet_ioctl+0x88/0xa0
          [<ffffffff814541f0>] sock_do_ioctl+0x30/0x70
          [<ffffffff814542a9>] sock_ioctl+0x79/0x2f0
          [<ffffffff81188798>] do_vfs_ioctl+0x98/0x570
          [<ffffffff81188d01>] sys_ioctl+0x91/0xa0
          [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
      
        -> (_xmit_ETHER){+.....} ops: 6 {
           HARDIRQ-ON-W at:
                                                [<ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
                                                [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                                [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
                                                [<ffffffff81475618>] __dev_mc_add+0x38/0x90
                                                [<ffffffff814756a0>] dev_mc_add+0x10/0x20
                                                [<ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
                                                [<ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
                                                [<ffffffff81515e17>] ipv6_add_dev+0x357/0x450
                                                [<ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
                                                [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
                                                [<ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
                                                [<ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
                                                [<ffffffff8146a944>] register_netdevice+0x244/0x2d0
                                                [<ffffffff8146aa0f>] register_netdev+0x3f/0x60
                                                [<ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
                                                [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
                                                [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
                                                [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
                                                [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
                                                [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
                                                [<ffffffff81373a2e>] driver_attach+0x1e/0x20
                                                [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
                                                [<ffffffff813745b6>] driver_register+0x76/0x140
                                                [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
                                                [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
                                                [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                                [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
                                                [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
           INITIAL USE at:
                                               [<ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
                                               [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                               [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
                                               [<ffffffff81475618>] __dev_mc_add+0x38/0x90
                                               [<ffffffff814756a0>] dev_mc_add+0x10/0x20
                                               [<ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
                                               [<ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
                                               [<ffffffff81515e17>] ipv6_add_dev+0x357/0x450
                                               [<ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
                                               [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
                                               [<ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
                                               [<ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
                                               [<ffffffff8146a944>] register_netdevice+0x244/0x2d0
                                               [<ffffffff8146aa0f>] register_netdev+0x3f/0x60
                                               [<ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
                                               [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
                                               [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
                                               [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
                                               [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
                                               [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
                                               [<ffffffff81373a2e>] driver_attach+0x1e/0x20
                                               [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
                                               [<ffffffff813745b6>] driver_register+0x76/0x140
                                               [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
                                               [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
                                               [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                               [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
                                               [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
         }
         ... key      at: [<ffffffff827fd868>] netdev_addr_lock_key+0x8/0x1e0
         ... acquired at:
          [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
          [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
          [<ffffffff81475618>] __dev_mc_add+0x38/0x90
          [<ffffffff814756a0>] dev_mc_add+0x10/0x20
          [<ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
          [<ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
          [<ffffffff81515e17>] ipv6_add_dev+0x357/0x450
          [<ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
          [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
          [<ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
          [<ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
          [<ffffffff8146a944>] register_netdevice+0x244/0x2d0
          [<ffffffff8146aa0f>] register_netdev+0x3f/0x60
          [<ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
          [<ffffffff812df67f>] local_pci_probe+0x5f/0xd0
          [<ffffffff812dfde9>] pci_device_probe+0x119/0x120
          [<ffffffff81373df6>] driver_probe_device+0x96/0x1c0
          [<ffffffff81373fcb>] __driver_attach+0xab/0xb0
          [<ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
          [<ffffffff81373a2e>] driver_attach+0x1e/0x20
          [<ffffffff813735b8>] bus_add_driver+0xc8/0x290
          [<ffffffff813745b6>] driver_register+0x76/0x140
          [<ffffffff812e0046>] __pci_register_driver+0x66/0xe0
          [<ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
          [<ffffffff81002165>] do_one_initcall+0x45/0x190
          [<ffffffff810aa76b>] sys_init_module+0xfb/0x250
          [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
      
       -> (&(&mc->mca_lock)->rlock){+.-...} ops: 6 {
          HARDIRQ-ON-W at:
                                              [<ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
                                              [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                              [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
                                              [<ffffffff81532bd5>] igmp6_group_added+0x45/0x1b0
                                              [<ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
                                              [<ffffffff81515e17>] ipv6_add_dev+0x357/0x450
                                              [<ffffffff81ce0d16>] addrconf_init+0x4e/0x183
                                              [<ffffffff81ce0ba1>] inet6_init+0x191/0x2a6
                                              [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                              [<ffffffff81ca4d3f>] kernel_init+0xe3/0x168
                                              [<ffffffff8157b2e4>] kernel_thread_helper+0x4/0x10
          IN-SOFTIRQ-W at:
                                              [<ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
                                              [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                              [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
                                              [<ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
                                              [<ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
                                              [<ffffffff810666d0>] __do_softirq+0xc0/0x210
                                              [<ffffffff8157b3dc>] call_softirq+0x1c/0x30
                                              [<ffffffff8100d42d>] do_softirq+0xad/0xe0
                                              [<ffffffff81066afe>] irq_exit+0x9e/0xb0
                                              [<ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
                                              [<ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
                                              [<ffffffff8149d857>] rt_do_flush+0x87/0x2a0
                                              [<ffffffff814a16b6>] rt_cache_flush+0x46/0x60
                                              [<ffffffff814e36e0>] fib_disable_ip+0x40/0x60
                                              [<ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
                                              [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
                                              [<ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
                                              [<ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
                                              [<ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
                                              [<ffffffff814d8223>] inet_del_ifa+0x13/0x20
                                              [<ffffffff814da731>] devinet_ioctl+0x501/0x800
                                              [<ffffffff814db508>] inet_ioctl+0x88/0xa0
                                              [<ffffffff814541f0>] sock_do_ioctl+0x30/0x70
                                              [<ffffffff814542a9>] sock_ioctl+0x79/0x2f0
                                              [<ffffffff81188798>] do_vfs_ioctl+0x98/0x570
                                              [<ffffffff81188d01>] sys_ioctl+0x91/0xa0
                                              [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
          INITIAL USE at:
                                             [<ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
                                             [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
                                             [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
                                             [<ffffffff81532bd5>] igmp6_group_added+0x45/0x1b0
                                             [<ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
                                             [<ffffffff81515e17>] ipv6_add_dev+0x357/0x450
                                             [<ffffffff81ce0d16>] addrconf_init+0x4e/0x183
                                             [<ffffffff81ce0ba1>] inet6_init+0x191/0x2a6
                                             [<ffffffff81002165>] do_one_initcall+0x45/0x190
                                             [<ffffffff81ca4d3f>] kernel_init+0xe3/0x168
                                             [<ffffffff8157b2e4>] kernel_thread_helper+0x4/0x10
        }
        ... key      at: [<ffffffff82801be2>] __key.40877+0x0/0x8
        ... acquired at:
          [<ffffffff810997bc>] check_usage_forwards+0x9c/0x110
          [<ffffffff8109a32c>] mark_lock+0x19c/0x400
          [<ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
          [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
          [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
          [<ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
          [<ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
          [<ffffffff810666d0>] __do_softirq+0xc0/0x210
          [<ffffffff8157b3dc>] call_softirq+0x1c/0x30
          [<ffffffff8100d42d>] do_softirq+0xad/0xe0
          [<ffffffff81066afe>] irq_exit+0x9e/0xb0
          [<ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
          [<ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
          [<ffffffff8149d857>] rt_do_flush+0x87/0x2a0
          [<ffffffff814a16b6>] rt_cache_flush+0x46/0x60
          [<ffffffff814e36e0>] fib_disable_ip+0x40/0x60
          [<ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
          [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
          [<ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
          [<ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
          [<ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
          [<ffffffff814d8223>] inet_del_ifa+0x13/0x20
          [<ffffffff814da731>] devinet_ioctl+0x501/0x800
          [<ffffffff814db508>] inet_ioctl+0x88/0xa0
          [<ffffffff814541f0>] sock_do_ioctl+0x30/0x70
          [<ffffffff814542a9>] sock_ioctl+0x79/0x2f0
          [<ffffffff81188798>] do_vfs_ioctl+0x98/0x570
          [<ffffffff81188d01>] sys_ioctl+0x91/0xa0
          [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
      
       stack backtrace:
       Pid: 567, comm: ifconfig Not tainted 2.6.39-rc6+ #1
       Call Trace:
        <IRQ>  [<ffffffff810996f6>] print_irq_inversion_bug+0x146/0x170
        [<ffffffff81099720>] ? print_irq_inversion_bug+0x170/0x170
        [<ffffffff810997bc>] check_usage_forwards+0x9c/0x110
        [<ffffffff8109a32c>] mark_lock+0x19c/0x400
        [<ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
        [<ffffffff8109a383>] ? mark_lock+0x1f3/0x400
        [<ffffffff8109b497>] ? __lock_acquire+0xf07/0x1e10
        [<ffffffff81012255>] ? native_sched_clock+0x15/0x70
        [<ffffffff8109ca4d>] lock_acquire+0x9d/0x130
        [<ffffffff81531e9f>] ? mld_ifc_timer_expire+0xff/0x280
        [<ffffffff8109759d>] ? lock_release_holdtime+0x3d/0x1a0
        [<ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
        [<ffffffff81531e9f>] ? mld_ifc_timer_expire+0xff/0x280
        [<ffffffff8157170b>] ? _raw_spin_unlock+0x2b/0x40
        [<ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
        [<ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
        [<ffffffff8106f21b>] ? run_timer_softirq+0xeb/0x3f0
        [<ffffffff810122b9>] ? sched_clock+0x9/0x10
        [<ffffffff81531da0>] ? mld_gq_timer_expire+0x30/0x30
        [<ffffffff810666d0>] __do_softirq+0xc0/0x210
        [<ffffffff8109455f>] ? tick_program_event+0x1f/0x30
        [<ffffffff8157b3dc>] call_softirq+0x1c/0x30
        [<ffffffff8100d42d>] do_softirq+0xad/0xe0
        [<ffffffff81066afe>] irq_exit+0x9e/0xb0
        [<ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
        [<ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
        <EOI>  [<ffffffff81571f14>] ? retint_restore_args+0x13/0x13
        [<ffffffff810974a7>] ? lock_is_held+0x17/0xd0
        [<ffffffff8149d857>] rt_do_flush+0x87/0x2a0
        [<ffffffff814a16b6>] rt_cache_flush+0x46/0x60
        [<ffffffff814e36e0>] fib_disable_ip+0x40/0x60
        [<ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
        [<ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
        [<ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
        [<ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
        [<ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
        [<ffffffff814d8223>] inet_del_ifa+0x13/0x20
        [<ffffffff814da731>] devinet_ioctl+0x501/0x800
        [<ffffffff8108a3af>] ? local_clock+0x6f/0x80
        [<ffffffff81575898>] ? do_page_fault+0x268/0x560
        [<ffffffff814db508>] inet_ioctl+0x88/0xa0
        [<ffffffff814541f0>] sock_do_ioctl+0x30/0x70
        [<ffffffff814542a9>] sock_ioctl+0x79/0x2f0
        [<ffffffff810dfe87>] ? __call_rcu+0xa7/0x190
        [<ffffffff81188798>] do_vfs_ioctl+0x98/0x570
        [<ffffffff8117737e>] ? fget_light+0x33e/0x430
        [<ffffffff81571ef9>] ? retint_swapgs+0x13/0x1b
        [<ffffffff81188d01>] sys_ioctl+0x91/0xa0
        [<ffffffff8157a142>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NRoland Dreier <roland@purestorage.com>
      Signed-off-by: NShreyas N Bhatewara <sbhatewara@vmware.com>
      Signed-off-by: NScott J. Goldman <scottjg@vmware.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e328d410
    • D
      dccp: handle invalid feature options length · a2948659
      Dan Rosenberg 提交于
      A length of zero (after subtracting two for the type and len fields) for
      the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
      the subtraction.  The subsequent code may read past the end of the
      options value buffer when parsing.  I'm unsure of what the consequences
      of this might be, but it's probably not good.
      Signed-off-by: NDan Rosenberg <drosenberg@vsecurity.com>
      Cc: stable@kernel.org
      Acked-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a2948659
  5. 06 5月, 2011 2 次提交
    • K
      can: fix SJA1000 dlc for RTR packets · 87e9af6c
      Kurt Van Dijck 提交于
      RTR frames do have a valid data length code on CAN.
      The driver for SJA1000 did not handle that situation properly.
      Signed-off-by: NKurt Van Dijck <kurt.van.dijck@eia.be>
      Acked-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      87e9af6c
    • M
      usbnet: runtime pm: fix out of memory · 75bd0cbd
      Ming Lei 提交于
      This patch makes use of the EVENT_DEV_OPEN flag introduced recently to
      fix one out of memory issue, which can be reproduced on omap3/4 based
      pandaboard/beagle XM easily with steps below:
      
      	- enable runtime pm
      	echo auto > /sys/devices/platform/usbhs-omap.0/ehci-omap.0/usb1/1-1/1-1.1/power/control
      
      	- ifconfig eth0 up
      
      	- then out of memroy happened, see [1] for kernel message.
      
      Follows my analysis:
      	- 'ifconfig eth0 up' brings eth0 out of suspend, and usbnet_resume
      	is called to schedule dev->bh, then rx urbs are submited to prepare for
      	recieving data;
      
      	- some usbnet devices will produce garbage rx packets flood if
      	info->reset is not called in usbnet_open.
      
      	- so there is no enough chances for usbnet_bh to handle and release
      	recieved skb buffers since many rx interrupts consumes cpu, so out of memory
      	for atomic allocation in rx_submit happened.
      
      This patch fixes the issue by simply not allowing schedule of usbnet_bh until device
      is opened.
      
      [1], dmesg
      [  234.712005] smsc95xx 1-1.1:1.0: rpm_resume flags 0x4
      [  234.712066] usb 1-1.1: rpm_resume flags 0x0
      [  234.712066] usb 1-1: rpm_resume flags 0x0
      [  234.712097] usb usb1: rpm_resume flags 0x0
      [  234.712127] usb usb1: usb auto-resume
      [  234.712158] ehci-omap ehci-omap.0: resume root hub
      [  234.754028] hub 1-0:1.0: hub_resume
      [  234.754821] hub 1-0:1.0: port 1: status 0507 change 0000
      [  234.756011] hub 1-0:1.0: state 7 ports 3 chg 0000 evt 0000
      [  234.756042] hub 1-0:1.0: rpm_resume flags 0x4
      [  234.756072] usb usb1: rpm_resume flags 0x0
      [  234.756164] usb usb1: rpm_resume returns 1
      [  234.756195] hub 1-0:1.0: rpm_resume returns 0
      [  234.756195] hub 1-0:1.0: rpm_suspend flags 0x4
      [  234.756225] hub 1-0:1.0: rpm_suspend returns 0
      [  234.756256] usb usb1: rpm_resume returns 0
      [  234.757141] usb 1-1: usb auto-resume
      [  234.793151] ehci-omap ehci-omap.0: GetStatus port:1 status 001005 0  ACK POWER sig=se0 PE CONNECT
      [  234.816558] usb 1-1: finish resume
      [  234.817871] hub 1-1:1.0: hub_resume
      [  234.818420] hub 1-1:1.0: port 1: status 0507 change 0000
      [  234.820495] ehci-omap ehci-omap.0: reused qh eec50220 schedule
      [  234.820495] usb 1-1: link qh256-0001/eec50220 start 1 [1/0 us]
      [  234.820587] usb 1-1: rpm_resume returns 0
      [  234.820800] hub 1-1:1.0: state 7 ports 5 chg 0000 evt 0000
      [  234.820800] hub 1-1:1.0: rpm_resume flags 0x4
      [  234.820831] hub 1-1:1.0: rpm_resume returns 0
      [  234.820861] hub 1-1:1.0: rpm_suspend flags 0x4
      [  234.820861] hub 1-1:1.0: rpm_suspend returns 0
      [  234.821777] usb 1-1.1: usb auto-resume
      [  234.868591] hub 1-1:1.0: state 7 ports 5 chg 0000 evt 0002
      [  234.868591] hub 1-1:1.0: rpm_resume flags 0x4
      [  234.868621] hub 1-1:1.0: rpm_resume returns 0
      [  234.868652] hub 1-1:1.0: rpm_suspend flags 0x4
      [  234.868652] hub 1-1:1.0: rpm_suspend returns 0
      [  234.879486] usb 1-1.1: finish resume
      [  234.880279] usb 1-1.1: rpm_resume returns 0
      [  234.880310] smsc95xx 1-1.1:1.0: rpm_resume returns 0
      [  238.880187] ksoftirqd/0: page allocation failure. order:0, mode:0x20
      [  238.880218] Backtrace:
      [  238.880249] [<c01b9800>] (dump_backtrace+0x0/0xf8) from [<c065e1dc>] (dump_stack+0x18/0x1c)
      [  238.880249]  r6:00000000 r5:00000000 r4:00000020 r3:00000002
      [  238.880310] [<c065e1c4>] (dump_stack+0x0/0x1c) from [<c026ece4>] (__alloc_pages_nodemask+0x620/0x724)
      [  238.880340] [<c026e6c4>] (__alloc_pages_nodemask+0x0/0x724) from [<c02986d4>] (kmem_getpages.clone.34+0x34/0xc8)
      [  238.880371] [<c02986a0>] (kmem_getpages.clone.34+0x0/0xc8) from [<c02988f8>] (cache_grow.clone.42+0x84/0x154)
      [  238.880371]  r6:ef871aa4 r5:ef871a80 r4:ef81fd40 r3:00000020
      [  238.880401] [<c0298874>] (cache_grow.clone.42+0x0/0x154) from [<c0298b64>] (cache_alloc_refill+0x19c/0x1f0)
      [  238.880432] [<c02989c8>] (cache_alloc_refill+0x0/0x1f0) from [<c0299804>] (kmem_cache_alloc+0x90/0x190)
      [  238.880462] [<c0299774>] (kmem_cache_alloc+0x0/0x190) from [<c052e260>] (__alloc_skb+0x34/0xe8)
      [  238.880493] [<c052e22c>] (__alloc_skb+0x0/0xe8) from [<bf0509f4>] (rx_submit+0x2c/0x1d4 [usbnet])
      [  238.880523] [<bf0509c8>] (rx_submit+0x0/0x1d4 [usbnet]) from [<bf050d38>] (rx_complete+0x19c/0x1b0 [usbnet])
      [  238.880737] [<bf050b9c>] (rx_complete+0x0/0x1b0 [usbnet]) from [<bf006fd0>] (usb_hcd_giveback_urb+0xa8/0xf4 [usbcore])
      [  238.880737]  r8:eeeced34 r7:eeecec00 r6:eeecec00 r5:00000000 r4:eec2dd20
      [  238.880767] r3:bf050b9c
      [  238.880859] [<bf006f28>] (usb_hcd_giveback_urb+0x0/0xf4 [usbcore]) from [<bf03c8f8>] (ehci_urb_done+0xb0/0xbc [ehci_hcd])
      [  238.880859]  r6:00000000 r5:eec2dd20 r4:eeeced44 r3:eec2dd34
      [  238.880920] [<bf03c848>] (ehci_urb_done+0x0/0xbc [ehci_hcd]) from [<bf040204>] (qh_completions+0x308/0x3bc [ehci_hcd])
      [  238.880920]  r7:00000000 r6:eeda21a0 r5:ffdfe3c0 r4:eeda21ac
      [  238.880981] [<bf03fefc>] (qh_completions+0x0/0x3bc [ehci_hcd]) from [<bf040ef8>] (scan_async+0xb0/0x16c [ehci_hcd])
      [  238.881011] [<bf040e48>] (scan_async+0x0/0x16c [ehci_hcd]) from [<bf040fec>] (ehci_work+0x38/0x90 [ehci_hcd])
      [  238.881042] [<bf040fb4>] (ehci_work+0x0/0x90 [ehci_hcd]) from [<bf042940>] (ehci_irq+0x300/0x34c [ehci_hcd])
      [  238.881072]  r4:eeeced34 r3:00000001
      [  238.881134] [<bf042640>] (ehci_irq+0x0/0x34c [ehci_hcd]) from [<bf006828>] (usb_hcd_irq+0x40/0xac [usbcore])
      [  238.881195] [<bf0067e8>] (usb_hcd_irq+0x0/0xac [usbcore]) from [<c0239764>] (handle_irq_event_percpu+0xb8/0x240)
      [  238.881225]  r6:eec504e0 r5:0000006d r4:eec504e0 r3:bf0067e8
      [  238.881256] [<c02396ac>] (handle_irq_event_percpu+0x0/0x240) from [<c0239930>] (handle_irq_event+0x44/0x64)
      [  238.881256] [<c02398ec>] (handle_irq_event+0x0/0x64) from [<c023bbd0>] (handle_level_irq+0xe0/0x114)
      [  238.881286]  r6:0000006d r5:c080c14c r4:c080c100 r3:00020000
      [  238.881317] [<c023baf0>] (handle_level_irq+0x0/0x114) from [<c01ab090>] (asm_do_IRQ+0x90/0xd0)
      [  238.881317]  r5:00000000 r4:0000006d
      [  238.881347] [<c01ab000>] (asm_do_IRQ+0x0/0xd0) from [<c06624d0>] (__irq_svc+0x50/0x134)
      [  238.881378] Exception stack(0xef837e20 to 0xef837e68)
      [  238.881378] 7e20: 00000001 00185610 016cc000 c00490c0 eb380000 ef800540 00000020 00004ae0
      [  238.881408] 7e40: 00000020 bf0509f4 60000013 ef837e9c ef837e40 ef837e68 c0226f0c c0298ca0
      [  238.881408] 7e60: 20000013 ffffffff
      [  238.881408]  r5:fa240100 r4:ffffffff
      [  238.881439] [<c0298bb8>] (__kmalloc_track_caller+0x0/0x1d0) from [<c052e284>] (__alloc_skb+0x58/0xe8)
      [  238.881469] [<c052e22c>] (__alloc_skb+0x0/0xe8) from [<bf0509f4>] (rx_submit+0x2c/0x1d4 [usbnet])
      [  238.881500] [<bf0509c8>] (rx_submit+0x0/0x1d4 [usbnet]) from [<bf0513d8>] (usbnet_bh+0x1b4/0x250 [usbnet])
      [  238.881530] [<bf051224>] (usbnet_bh+0x0/0x250 [usbnet]) from [<c01f912c>] (tasklet_action+0xb0/0x1f8)
      [  238.881530]  r6:00000000 r5:ef9757f0 r4:ef9757ec r3:bf051224
      [  238.881561] [<c01f907c>] (tasklet_action+0x0/0x1f8) from [<c01f97ac>] (__do_softirq+0x140/0x290)
      [  238.881561]  r8:00000006 r7:00000101 r6:00000000 r5:c0806098 r4:00000001
      [  238.881591] r3:c01f907c
      [  238.881622] [<c01f966c>] (__do_softirq+0x0/0x290) from [<c01f99cc>] (run_ksoftirqd+0xd0/0x1f4)
      [  238.881622] [<c01f98fc>] (run_ksoftirqd+0x0/0x1f4) from [<c02113b0>] (kthread+0x90/0x98)
      [  238.881652]  r7:00000013 r6:c01f98fc r5:00000000 r4:ef831efc
      [  238.881683] [<c0211320>] (kthread+0x0/0x98) from [<c01f62f4>] (do_exit+0x0/0x374)
      [  238.881713]  r6:c01f62f4 r5:c0211320 r4:ef831efc
      [  238.881713] Mem-info:
      [  238.881744] Normal per-cpu:
      [  238.881744] CPU    0: hi:  186, btch:  31 usd:  38
      [  238.881744] CPU    1: hi:  186, btch:  31 usd: 169
      [  238.881774] HighMem per-cpu:
      [  238.881774] CPU    0: hi:   90, btch:  15 usd:  66
      [  238.881774] CPU    1: hi:   90, btch:  15 usd:  86
      [  238.881805] active_anon:544 inactive_anon:71 isolated_anon:0
      [  238.881805]  active_file:926 inactive_file:2538 isolated_file:0
      [  238.881805]  unevictable:0 dirty:10 writeback:0 unstable:0
      [  238.881805]  free:57782 slab_reclaimable:864 slab_unreclaimable:186898
      [  238.881805]  mapped:632 shmem:144 pagetables:50 bounce:0
      [  238.881835] Normal free:1328kB min:3532kB low:4412kB high:5296kB active_anon:0kB inactive_anon:0kB active_file:880kB inactive_file:848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:780288kB mlocked:0kB dirty:36kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:3456kB slab_unreclaimable:747592kB kernel_stack:392kB pagetables:200kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
      [  238.881866] lowmem_reserve[]: 0 1904 1904
      [  238.881896] HighMem free:229800kB min:236kB low:508kB high:784kB active_anon:2176kB inactive_anon:284kB active_file:2824kB inactive_file:9304kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:243712kB mlocked:0kB dirty:4kB writeback:0kB mapped:2528kB shmem:576kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
      [  238.881927] lowmem_reserve[]: 0 0 0
      [  238.881958] Normal: 0*4kB 4*8kB 6*16kB 0*32kB 1*64kB 1*128kB 0*256kB 2*512kB 0*1024kB 0*2048kB 0*4096kB = 1344kB
      [  238.882019] HighMem: 6*4kB 2*8kB 4*16kB 4*32kB 1*64kB 1*128kB 0*256kB 2*512kB 3*1024kB 0*2048kB 55*4096kB = 229800kB
      [  238.882080] 3610 total pagecache pages
      [  238.882080] 0 pages in swap cache
      [  238.882080] Swap cache stats: add 0, delete 0, find 0/0
      [  238.882110] Free swap  = 0kB
      [  238.882110] Total swap = 0kB
      [  238.933776] 262144 pages of RAM
      [  238.933776] 58240 free pages
      [  238.933776] 10503 reserved pages
      [  238.933776] 187773 slab pages
      [  238.933807] 2475 pages shared
      [  238.933807] 0 pages swap cached
      Signed-off-by: NMing Lei <tom.leiming@gmail.com>
      Acked-by: NOliver Neukum <oneukum@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      75bd0cbd
  6. 05 5月, 2011 1 次提交
    • E
      net: ip_expire() must revalidate route · 64f3b9e2
      Eric Dumazet 提交于
      Commit 4a94445c (net: Use ip_route_input_noref() in input path)
      added a bug in IP defragmentation handling, in case timeout is fired.
      
      When a frame is defragmented, we use last skb dst field when building
      final skb. Its dst is valid, since we are in rcu read section.
      
      But if a timeout occurs, we take first queued fragment to build one ICMP
      TIME EXCEEDED message. Problem is all queued skb have weak dst pointers,
      since we escaped RCU critical section after their queueing. icmp_send()
      might dereference a now freed (and possibly reused) part of memory.
      
      Calling skb_dst_drop() and ip_route_input_noref() to revalidate route is
      the only possible choice.
      Reported-by: NDenys Fedoryshchenko <denys@visp.net.lb>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      64f3b9e2
  7. 03 5月, 2011 7 次提交
  8. 02 5月, 2011 2 次提交
    • A
      ipv4: don't spam dmesg with "Using LC-trie" messages · 7cfd2609
      Alexey Dobriyan 提交于
      fib_trie_table() is called during netns creation and
      Chromium uses clone(CLONE_NEWNET) to sandbox renderer process.
      
      Don't print anything.
      Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7cfd2609
    • E
      af_unix: Only allow recv on connected seqpacket sockets. · a05d2ad1
      Eric W. Biederman 提交于
      This fixes the following oops discovered by Dan Aloni:
      > Anyway, the following is the output of the Oops that I got on the
      > Ubuntu kernel on which I first detected the problem
      > (2.6.37-12-generic). The Oops that followed will be more useful, I
      > guess.
      
      >[ 5594.669852] BUG: unable to handle kernel NULL pointer dereference
      > at           (null)
      > [ 5594.681606] IP: [<ffffffff81550b7b>] unix_dgram_recvmsg+0x1fb/0x420
      > [ 5594.687576] PGD 2a05d067 PUD 2b951067 PMD 0
      > [ 5594.693720] Oops: 0002 [#1] SMP
      > [ 5594.699888] last sysfs file:
      
      The bug was that unix domain sockets use a pseduo packet for
      connecting and accept uses that psudo packet to get the socket.
      In the buggy seqpacket case we were allowing unconnected
      sockets to call recvmsg and try to receive the pseudo packet.
      
      That is always wrong and as of commit 7361c36c the pseudo
      packet had become enough different from a normal packet
      that the kernel started oopsing.
      
      Do for seqpacket_recv what was done for seqpacket_send in 2.5
      and only allow it on connected seqpacket sockets.
      
      Cc: stable@kernel.org
      Tested-by: NDan Aloni <dan@aloni.org>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a05d2ad1
  9. 30 4月, 2011 7 次提交
    • A
      mii: add support of pause frames in mii_get_an · 2b5a4ace
      artpol 提交于
      Add support of pause frames advertise in mii_get_an. This provides all drivers
      that use mii_ethtool_gset to represent their own and Link partner flow control
      abilities in ethtool.
      Signed-off-by: NArtem Polyakov <artpol84@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b5a4ace
    • A
    • O
      usbnet: Transfer of maintainership · 686f13bb
      Oliver Neukum 提交于
      Somebody has to do it, however unfortunate be the cause.
      Signed-off-by: NOliver Neukum <oneukum@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      686f13bb
    • D
      usbnet: add support for some Huawei modems with cdc-ether ports · b3c914aa
      Dan Williams 提交于
      Some newer Huawei devices (T-Mobile Rocket, others) have cdc-ether
      compatible ports, so recognize and expose them.
      Signed-off-by: NDan Williams <dcbw@redhat.com>
      Acked-by: NOliver Neukum <oneukum@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b3c914aa
    • N
      bnx2: cancel timer on device removal · 8333a46a
      Neil Horman 提交于
      This oops was recently reported to me:
      
      invalid opcode: 0000 [#1] SMP
      last sysfs file:
      /sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:05.0/device
      CPU 1
      Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
      microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
      shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
      scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
      dm_mod [last unloaded: bnx2]
      
      Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
      microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
      shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
      scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
      dm_mod [last unloaded: bnx2]
      Pid: 23900, comm: pidof Not tainted 2.6.32-130.el6.x86_64 #1 BladeCenter LS21
      -[797251Z]-
      RIP: 0010:[<ffffffffa058b270>]  [<ffffffffa058b270>] 0xffffffffa058b270
      RSP: 0018:ffff880002083e48  EFLAGS: 00010246
      RAX: ffff880002083e90 RBX: ffff88007ccd4000 RCX: 0000000000000000
      RDX: 0000000000000100 RSI: dead000000200200 RDI: ffff8800007b8700
      RBP: ffff880002083ed0 R08: ffff88000208db40 R09: 0000022d191d27c8
      R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800007b9bc8
      R13: ffff880002083e90 R14: ffff8800007b8700 R15: ffffffffa058b270
      FS:  00007fbb3bcf7700(0000) GS:ffff880002080000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000001664a98 CR3: 0000000060395000 CR4: 00000000000006e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process pidof (pid: 23900, threadinfo ffff8800007e8000, task ffff8800091c0040)
      Stack:
       ffffffff81079f77 ffffffff8109e010 ffff88007ccd5c20 ffff88007ccd5820
      <0> ffff88007ccd5420 ffff8800007e9fd8 ffff8800007e9fd8 0000010000000000
      <0> ffff88007ccd5020 ffff880002083e90 ffff880002083e90 ffffffff8102a00d
      Call Trace:
       <IRQ>
       [<ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
       [<ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
       [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
       [<ffffffff8106f737>] __do_softirq+0xb7/0x1e0
       [<ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
       [<ffffffff81185f90>] ? filldir+0x0/0xe0
       [<ffffffff8100c2cc>] call_softirq+0x1c/0x30
       [<ffffffff8100df05>] do_softirq+0x65/0xa0
       [<ffffffff8106f525>] irq_exit+0x85/0x90
       [<ffffffff814e3340>] smp_apic_timer_interrupt+0x70/0x9b
       [<ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
       <EOI>
       [<ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
       [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
       [<ffffffff812050c6>] security_file_permission+0x16/0x20
       [<ffffffff811861c1>] vfs_readdir+0x71/0xe0
       [<ffffffff81186399>] sys_getdents+0x89/0xf0
       [<ffffffff8100b172>] system_call_fastpath+0x16/0x1b
      
      It occured during some stress testing, in which the reporter was repeatedly
      removing and modprobing the bnx2 module while doing various other random
      operations on the bnx2 registered net device.  Noting that this error occured on
      a serdes based device, we noted that there were a few ethtool operations (most
      notably self_test and set_phys_id) that have execution paths that lead into
      bnx2_setup_serdes_phy.  This function is notable because it executes a mod_timer
      call, which starts the bp->timer running.  Currently bnx2 is setup to assume
      that this timer only nees to be stopped when bnx2_close or bnx2_suspend is
      called.  Since the above ethtool operations are not gated on the net device
      having been opened however, that assumption is incorrect, and can lead to the
      timer still running after the module has been removed, leading to the oops above
      (as well as other simmilar oopses).
      
      Fix the problem by ensuring that the timer is stopped when pci_device_unregister
      is called.
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Reported-by: NHushan Jia <hjia@redhat.com>
      CC: Michael Chan <mchan@broadcom.com>
      CC: "David S. Miller" <davem@davemloft.net>
      Acked-by: NMichael Chan <mchan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8333a46a
    • S
      iwl4965: fix "Received BA when not expected" · 16b345d8
      Stanislaw Gruszka 提交于
      Need to use broadcast sta_id for management frames, otherwise we broke
      BA session in the firmware and get messages like that:
      
      "Received BA when not expected"
      
      or (on older kernels):
      
      "BA scd_flow 0 does not match txq_id 10"
      
      This fix regression introduced in 2.6.35 during station management
      code rewrite by:
      
      commit 2a87c26b
      Author: Johannes Berg <johannes.berg@intel.com>
      Date:   Fri Apr 30 11:30:45 2010 -0700
      
          iwlwifi: use iwl_find_station less
      Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      16b345d8
    • S
      iwlagn: fix "Received BA when not expected" · bfd36103
      Stanislaw Gruszka 提交于
      Need to use broadcast sta_id for management frames, otherwise we broke
      BA session in the firmware and get messages like that:
      
      "Received BA when not expected"
      
      or (on older kernels):
      
      "BA scd_flow 0 does not match txq_id 10"
      
      This fix regression introduced in 2.6.35 during station management
      code rewrite by:
      
      commit 2a87c26b
      Author: Johannes Berg <johannes.berg@intel.com>
      Date:   Fri Apr 30 11:30:45 2010 -0700
      
          iwlwifi: use iwl_find_station less
      
      Patch partially resolve:
      https://bugzilla.kernel.org/show_bug.cgi?id=16691
      However, there are still 11n performance problems on 4965 and 5xxx
      devices that need to be investigated.
      
      Cc: stable@kernel.org # 2.6.35+
      Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Acked-by: NWey-Yi Guy <wey-yi.w.guy@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      bfd36103
  10. 29 4月, 2011 5 次提交
  11. 27 4月, 2011 3 次提交
  12. 26 4月, 2011 1 次提交
    • H
      net: provide cow_metrics() methods to blackhole dst_ops · 0972ddb2
      Held Bernhard 提交于
      Since commit 62fa8a84 (net: Implement read-only protection and COW'ing
      of metrics.) the kernel throws an oops.
      
      [  101.620985] BUG: unable to handle kernel NULL pointer dereference at
                 (null)
      [  101.621050] IP: [<          (null)>]           (null)
      [  101.621084] PGD 6e53c067 PUD 3dd6a067 PMD 0
      [  101.621122] Oops: 0010 [#1] SMP
      [  101.621153] last sysfs file: /sys/devices/virtual/ppp/ppp/uevent
      [  101.621192] CPU 2
      [  101.621206] Modules linked in: l2tp_ppp pppox ppp_generic slhc
      l2tp_netlink l2tp_core deflate zlib_deflate twofish_x86_64
      twofish_common des_generic cbc ecb sha1_generic hmac af_key
      iptable_filter snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device loop
      snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec
      snd_pcm snd_timer snd i2c_i801 iTCO_wdt psmouse soundcore snd_page_alloc
      evdev uhci_hcd ehci_hcd thermal
      [  101.621552]
      [  101.621567] Pid: 5129, comm: openl2tpd Not tainted 2.6.39-rc4-Quad #3
      Gigabyte Technology Co., Ltd. G33-DS3R/G33-DS3R
      [  101.621637] RIP: 0010:[<0000000000000000>]  [<          (null)>]   (null)
      [  101.621684] RSP: 0018:ffff88003ddeba60  EFLAGS: 00010202
      [  101.621716] RAX: ffff88003ddb5600 RBX: ffff88003ddb5600 RCX:
      0000000000000020
      [  101.621758] RDX: ffffffff81a69a00 RSI: ffffffff81b7ee61 RDI:
      ffff88003ddb5600
      [  101.621800] RBP: ffff8800537cd900 R08: 0000000000000000 R09:
      ffff88003ddb5600
      [  101.621840] R10: 0000000000000005 R11: 0000000000014b38 R12:
      ffff88003ddb5600
      [  101.621881] R13: ffffffff81b7e480 R14: ffffffff81b7e8b8 R15:
      ffff88003ddebad8
      [  101.621924] FS:  00007f06e4182700(0000) GS:ffff88007fd00000(0000)
      knlGS:0000000000000000
      [  101.621971] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  101.622005] CR2: 0000000000000000 CR3: 0000000045274000 CR4:
      00000000000006e0
      [  101.622046] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
      0000000000000000
      [  101.622087] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
      0000000000000400
      [  101.622129] Process openl2tpd (pid: 5129, threadinfo
      ffff88003ddea000, task ffff88003de9a280)
      [  101.622177] Stack:
      [  101.622191]  ffffffff81447efa ffff88007d3ded80 ffff88003de9a280
      ffff88007d3ded80
      [  101.622245]  0000000000000001 ffff88003ddebbb8 ffffffff8148d5a7
      0000000000000212
      [  101.622299]  ffff88003dcea000 ffff88003dcea188 ffffffff00000001
      ffffffff81b7e480
      [  101.622353] Call Trace:
      [  101.622374]  [<ffffffff81447efa>] ? ipv4_blackhole_route+0x1ba/0x210
      [  101.622415]  [<ffffffff8148d5a7>] ? xfrm_lookup+0x417/0x510
      [  101.622450]  [<ffffffff8127672a>] ? extract_buf+0x9a/0x140
      [  101.622485]  [<ffffffff8144c6a0>] ? __ip_flush_pending_frames+0x70/0x70
      [  101.622526]  [<ffffffff8146fbbf>] ? udp_sendmsg+0x62f/0x810
      [  101.622562]  [<ffffffff813f98a6>] ? sock_sendmsg+0x116/0x130
      [  101.622599]  [<ffffffff8109df58>] ? find_get_page+0x18/0x90
      [  101.622633]  [<ffffffff8109fd6a>] ? filemap_fault+0x12a/0x4b0
      [  101.622668]  [<ffffffff813fb5c4>] ? move_addr_to_kernel+0x64/0x90
      [  101.622706]  [<ffffffff81405d5a>] ? verify_iovec+0x7a/0xf0
      [  101.622739]  [<ffffffff813fc772>] ? sys_sendmsg+0x292/0x420
      [  101.622774]  [<ffffffff810b994a>] ? handle_pte_fault+0x8a/0x7c0
      [  101.622810]  [<ffffffff810b76fe>] ? __pte_alloc+0xae/0x130
      [  101.622844]  [<ffffffff810ba2f8>] ? handle_mm_fault+0x138/0x380
      [  101.622880]  [<ffffffff81024af9>] ? do_page_fault+0x189/0x410
      [  101.622915]  [<ffffffff813fbe03>] ? sys_getsockname+0xf3/0x110
      [  101.622952]  [<ffffffff81450c4d>] ? ip_setsockopt+0x4d/0xa0
      [  101.622986]  [<ffffffff813f9932>] ? sockfd_lookup_light+0x22/0x90
      [  101.623024]  [<ffffffff814b61fb>] ? system_call_fastpath+0x16/0x1b
      [  101.623060] Code:  Bad RIP value.
      [  101.623090] RIP  [<          (null)>]           (null)
      [  101.623125]  RSP <ffff88003ddeba60>
      [  101.623146] CR2: 0000000000000000
      [  101.650871] ---[ end trace ca3856a7d8e8dad4 ]---
      [  101.651011] __sk_free: optmem leakage (160 bytes) detected.
      
      The oops happens in dst_metrics_write_ptr()
      include/net/dst.h:124: return dst->ops->cow_metrics(dst, p);
      
      dst->ops->cow_metrics is NULL and causes the oops.
      
      Provide cow_metrics() methods, like we did in commit 214f45c9
      (net: provide default_advmss() methods to blackhole dst_ops)
      Signed-off-by: NHeld Bernhard <berny156@gmx.de>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0972ddb2