David S. Miller [Wed, 11 May 2011 23:13:08 +0000 (19:13 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6
David S. Miller [Tue, 10 May 2011 22:04:35 +0000 (15:04 -0700)]
Merge branch 'pablo/nf-2.6-updates' of git://1984.lsi.us.es/net-2.6
Oliver Hartkopp [Tue, 10 May 2011 20:12:30 +0000 (13:12 -0700)]
slcan: fix ldisc->open retval
TTY layer expects 0 if the ldisc->open operation succeeded.
Reported-by: Matvejchikov Ilya <matvejchikov@gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Williams [Mon, 9 May 2011 07:43:20 +0000 (07:43 +0000)]
net/usb: mark LG VL600 LTE modem ethernet interface as WWAN
Like other mobile broadband device ethernet interfaces, mark the LG
VL600 with the 'wwan' devtype so userspace knows it needs additional
configuration via the AT port before the interface can be used.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 9 May 2011 19:43:05 +0000 (19:43 +0000)]
xfrm: Don't allow esn with disabled anti replay detection
Unlike the standard case, disabled anti replay detection needs some
nontrivial extra treatment on ESN. RFC 4303 states:
Note: If a receiver chooses to not enable anti-replay for an SA, then
the receiver SHOULD NOT negotiate ESN in an SA management protocol.
Use of ESN creates a need for the receiver to manage the anti-replay
window (in order to determine the correct value for the high-order
bits of the ESN, which are employed in the ICV computation), which is
generally contrary to the notion of disabling anti-replay for an SA.
So return an error if an ESN state with disabled anti replay detection
is inserted for now and add the extra treatment later if we need it.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 9 May 2011 19:36:38 +0000 (19:36 +0000)]
xfrm: Assign the inner mode output function to the dst entry
As it is, we assign the outer modes output function to the dst entry
when we create the xfrm bundle. This leads to two problems on interfamily
scenarios. We might insert ipv4 packets into ip6_fragment when called
from xfrm6_output. The system crashes if we try to fragment an ipv4
packet with ip6_fragment. This issue was introduced with git commit
ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets
as needed). The second issue is, that we might insert ipv4 packets in
netfilter6 and vice versa on interfamily scenarios.
With this patch we assign the inner mode output function to the dst entry
when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner
mode is used and the right fragmentation and netfilter functions are called.
We switch then to outer mode with the output_finish functions.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Tue, 10 May 2011 19:26:06 +0000 (12:26 -0700)]
net: dev_close() should check IFF_UP
Commit
443457242beb (factorize sync-rcu call in
unregister_netdevice_many) mistakenly removed one test from dev_close()
Following actions trigger a BUG :
modprobe bonding
modprobe dummy
ifconfig bond0 up
ifenslave bond0 dummy0
rmmod dummy
dev_close() must not close a non IFF_UP device.
With help from Frank Blaschka and Einar EL Lueck
Reported-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Reported-by: Einar EL Lueck <ELELUECK@de.ibm.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Tue, 10 May 2011 19:22:54 +0000 (12:22 -0700)]
vlan: fix GVRP at dismantle time
ip link add link eth2 eth2.103 type vlan id 103 gvrp on loose_binding on
ip link set eth2.103 up
rmmod tg3 # driver providing eth2
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
PGD
11d251067 PUD
11b9e0067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/virtual/net/eth2.104/ifindex
CPU 0
Modules linked in: tg3(-) 8021q garp nfsd lockd auth_rpcgss sunrpc libphy sg [last unloaded: x_tables]
Pid: 11494, comm: rmmod Tainted: G W
2.6.39-rc6-00261-gfd71257-dirty #580 HP ProLiant BL460c G6
RIP: 0010:[<
ffffffffa0030c9e>] [<
ffffffffa0030c9e>] garp_request_leave+0x3e/0xc0 [garp]
RSP: 0018:
ffff88007a19bae8 EFLAGS:
00010286
RAX:
0000000000000000 RBX:
ffff88011b5e2000 RCX:
0000000000000002
RDX:
0000000000000000 RSI:
0000000000000175 RDI:
ffffffffa0030d5b
RBP:
ffff88007a19bb18 R08:
0000000000000001 R09:
ffff88011bd64a00
R10:
ffff88011d34ec00 R11:
0000000000000000 R12:
0000000000000002
R13:
ffff88007a19bc48 R14:
ffff88007a19bb88 R15:
0000000000000001
FS:
0000000000000000(0000) GS:
ffff88011fc00000(0063) knlGS:
00000000f77d76c0
CS: 0010 DS: 002b ES: 002b CR0:
000000008005003b
CR2:
0000000000000000 CR3:
000000011a675000 CR4:
00000000000006f0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process rmmod (pid: 11494, threadinfo
ffff88007a19a000, task
ffff8800798595c0)
Stack:
ffff88007a19bb36 ffff88011c84b800 ffff88011b5e2000 ffff88007a19bc48
ffff88007a19bb88 0000000000000006 ffff88007a19bb38 ffffffffa003a5f6
ffff88007a19bb38 670088007a19bba8 ffff88007a19bb58 ffffffffa00397e7
Call Trace:
[<
ffffffffa003a5f6>] vlan_gvrp_request_leave+0x46/0x50 [8021q]
[<
ffffffffa00397e7>] vlan_dev_stop+0xb7/0xc0 [8021q]
[<
ffffffff8137e427>] __dev_close_many+0x87/0xe0
[<
ffffffff8137e507>] dev_close_many+0x87/0x110
[<
ffffffff8137e630>] rollback_registered_many+0xa0/0x240
[<
ffffffff8137e7e9>] unregister_netdevice_many+0x19/0x60
[<
ffffffffa00389eb>] vlan_device_event+0x53b/0x550 [8021q]
[<
ffffffff8143f448>] ? ip6mr_device_event+0xa8/0xd0
[<
ffffffff81479d03>] notifier_call_chain+0x53/0x80
[<
ffffffff81062539>] __raw_notifier_call_chain+0x9/0x10
[<
ffffffff81062551>] raw_notifier_call_chain+0x11/0x20
[<
ffffffff8137df82>] call_netdevice_notifiers+0x32/0x60
[<
ffffffff8137e69f>] rollback_registered_many+0x10f/0x240
[<
ffffffff8137e85f>] rollback_registered+0x2f/0x40
[<
ffffffff8137e8c8>] unregister_netdevice_queue+0x58/0x90
[<
ffffffff8137e9eb>] unregister_netdev+0x1b/0x30
[<
ffffffffa005d73f>] tg3_remove_one+0x6f/0x10b [tg3]
We should call vlan_gvrp_request_leave() from unregister_vlan_dev(),
not from vlan_dev_stop(), because vlan_gvrp_uninit_applicant()
is called right after unregister_netdevice_queue(). In batch mode,
unregister_netdevice_queue() doesn’t immediately call vlan_dev_stop().
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Fox [Mon, 9 May 2011 09:40:42 +0000 (10:40 +0100)]
libertas: fix cmdpendingq locking
We occasionally see list corruption using libertas.
While we haven't been able to diagnose this precisely, we have spotted
a possible cause: cmdpendingq is generally modified with driver_lock
held. However, there are a couple of points where this is not the case.
Fix up those operations to execute under the lock, it seems like
the correct thing to do and will hopefully improve the situation.
Signed-off-by: Paul Fox <pgf@laptop.org>
Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Sat, 7 May 2011 15:46:21 +0000 (17:46 +0200)]
iwlegacy: fix IBSS mode crashes
We should not switch to non-IBSS channels when working in IBSS mode,
otherwise there are microcode errors, and after some time system
crashes.
This bug is only observable when software scan is used in IBSS mode,
so should be considered as regression after:
commit
0263aa45293838b514b8af674a03faf040991a90
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Tue Mar 29 11:24:21 2011 +0200
iwl3945: disable hw scan by default
However IBSS mode check, which this patch add again, was removed by
commit
b2f30e8bdd8ef5f3b5a7ef9146509585a15347d3
Author: Johannes Berg <johannes.berg@intel.com>
Date: Thu Jan 21 07:32:20 2010 -0800
iwlwifi: remove IBSS channel sanity check
That commit claim that mac80211 will not use non-IBSS channel in IBSS
mode, what definitely is not true. Bug probably should be fixed in
mac80211, but that will require more work, so better to apply that patch
temporally, and provide proper mac80211 fix latter.
Resolves:
https://bugzilla.kernel.org/show_bug.cgi?id=34452
Reported-and-tested-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Cc: stable@kernel.org # 2.6.38.5+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mohammed Shafi Shajakhan [Fri, 6 May 2011 15:13:11 +0000 (20:43 +0530)]
ath9k: Fix a warning due to a queued work during S3 state
during suspend/S3 state drv_flush is called from mac80211 irrespective of
interface count. In ath9k we queue a work in ath9k_flush which we expect
to be cancelled in the drv_stop call back. during suspend process mac80211
calls drv_stop only when the interface count(local->count) is non-zero.
unfortunately when the network manager is enabled, drv_flush is called
while drv_stop is not called as local->count reaches '0'.
So fix this by simply checking for the device presence in the
drv_flush call back in the driver before queueing work or anything else.
this patch fixes the following WARNING
Call Trace:
[<
c014c6e2>] warn_slowpath_common+0x72/0xa0
[<
fc133f99>] ? ieee80211_can_queue_work+0x39/0x50 [mac80211]
[<
fc133f99>] ? ieee80211_can_queue_work+0x39/0x50 [mac80211]
[<
c014c75b>] warn_slowpath_fmt+0x2b/0x30
[<
fc133f99>] ieee80211_can_queue_work+0x39/0x50 [mac80211]
[<
fc134ed1>] ieee80211_queue_delayed_work+0x21/0x50 [mac80211]
[<
fc1e5b22>] ath_tx_complete_poll_work+0xb2/0x100 [ath9k]
[<
c016399e>] run_workqueue+0x8e/0x150
[<
fc1e5a70>] ? ath_tx_complete_poll_work+0x0/0x100 [ath9k]
[<
c0163ae4>] worker_thread+0x84/0xe0
[<
c0167a60>] ? autoremove_wake_function+0x0/0x50
[<
c0163a60>] ? worker_thread+0x0/0xe0
[<
c01677d4>] kthread+0x74/0x80
[<
c0167760>] ? kthread+0x0/0x80
[<
c0104087>] kernel_thread_helper+0x7/0x10
---[ end trace
2aff81010df9215b ]---
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Luciano Coelho [Tue, 3 May 2011 18:40:08 +0000 (21:40 +0300)]
mac80211: don't start the dynamic ps timer if not associated
When we are disconnecting, we set PS off, but this happens before we
send the deauth/disassoc request. When the deauth/disassoc frames are
sent, we trigger the dynamic ps timer, which then times out and turns
PS back on. Thus, PS remains on after disconnecting, causing problems
when associating again.
This can be fixed by preventing the timer to start when we're not
associated anymore.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pablo Neira Ayuso [Tue, 10 May 2011 10:13:36 +0000 (12:13 +0200)]
netfilter: revert
a2361c8735e07322023aedc36e4938b35af31eb0
This patch reverts
a2361c8735e07322023aedc36e4938b35af31eb0:
"[PATCH] netfilter: xt_conntrack: warn about use in raw table"
Florian Wesphal says:
"... when the packet was sent from the local machine the skb
already has ->nfct attached, and -m conntrack seems to do
the right thing."
Acked-by: Jan Engelhardt <jengelh@medozas.de>
Reported-by: Florian Wesphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Fernando Luis Vazquez Cao [Tue, 10 May 2011 08:00:21 +0000 (10:00 +0200)]
netfilter: IPv6: fix DSCP mangle code
The mask indicates the bits one wants to zero out, so it needs to be
inverted before applying to the original TOS field.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Fernando Luis Vazquez Cao [Tue, 10 May 2011 07:55:44 +0000 (09:55 +0200)]
netfilter: IPv6: initialize TOS field in REJECT target module
The IPv6 header is not zeroed out in alloc_skb so we must initialize
it properly unless we want to see IPv6 packets with random TOS fields
floating around. The current implementation resets the flow label
but this could be changed if deemed necessary.
We stumbled upon this issue when trying to apply a mangle rule to
the RST packet generated by the REJECT target module.
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Hans Schillstrom [Tue, 3 May 2011 20:09:31 +0000 (22:09 +0200)]
IPVS: init and cleanup restructuring
DESCRIPTION
This patch tries to restore the initial init and cleanup
sequences that was before namspace patch.
Netns also requires action when net devices unregister
which has never been implemented. I.e this patch also
covers when a device moves into a network namespace,
and has to be released.
IMPLEMENTATION
The number of calls to register_pernet_device have been
reduced to one for the ip_vs.ko
Schedulers still have their own calls.
This patch adds a function __ip_vs_service_cleanup()
and an enable flag for the netfilter hooks.
The nf hooks will be enabled when the first service is loaded
and never disabled again, except when a namespace exit starts.
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
[horms@verge.net.au: minor edit to changelog]
Signed-off-by: Simon Horman <horms@verge.net.au>
Hans Schillstrom [Tue, 3 May 2011 20:09:30 +0000 (22:09 +0200)]
IPVS: Change of socket usage to enable name space exit.
If the sync daemons run in a name space while it crashes
or get killed, there is no way to stop them except for a reboot.
When all patches are there, ip_vs_core will handle register_pernet_(),
i.e. ip_vs_sync_init() and ip_vs_sync_cleanup() will be removed.
Kernel threads should not increment the use count of a socket.
By calling sk_change_net() after creating a socket this is avoided.
sock_release cant be used intead sk_release_kernel() should be used.
Thanks Eric W Biederman for your advices.
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
[horms@verge.net.au: minor edit to changelog]
Signed-off-by: Simon Horman <horms@verge.net.au>
Florian Westphal [Thu, 21 Apr 2011 08:58:25 +0000 (10:58 +0200)]
netfilter: ebtables: only call xt_compat_add_offset once per rule
The optimizations in commit
255d0dc34068a976
(netfilter: x_table: speedup compat operations) assume that
xt_compat_add_offset is called once per rule.
ebtables however called it for each match/target found in a rule.
The match/watcher/target parser already returns the needed delta, so it
is sufficient to move the xt_compat_add_offset call to a more reasonable
location.
While at it, also get rid of the unused COMPAT iterator macros.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Eric Dumazet [Thu, 21 Apr 2011 08:57:21 +0000 (10:57 +0200)]
netfilter: fix ebtables compat support
commit
255d0dc34068a976 (netfilter: x_table: speedup compat operations)
made ebtables not working anymore.
1) xt_compat_calc_jump() is not an exact match lookup
2) compat_table_info() has a typo in xt_compat_init_offsets() call
3) compat_do_replace() misses a xt_compat_init_offsets() call
Reported-by: dann frazier <dannf@dannf.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Pablo Neira Ayuso [Thu, 21 Apr 2011 08:55:07 +0000 (10:55 +0200)]
netfilter: ctnetlink: fix timestamp support for new conntracks
This patch fixes the missing initialization of the start time if
the timestamp support is enabled.
libnetfilter_conntrack/utils# conntrack -E &
libnetfilter_conntrack/utils# ./conntrack_create
tcp 6 109 ESTABLISHED src=1.1.1.1 dst=2.2.2.2 sport=1025 dport=21 packets=0 bytes=0 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=21 dport=1025 packets=0 bytes=0 mark=0 delta-time=
1303296401 use=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Tomoya [Mon, 9 May 2011 01:19:37 +0000 (01:19 +0000)]
pch_gbe: support ML7223 IOH
Support new device OKI SEMICONDUCTOR ML7223 IOH(Input/Output Hub).
The ML7223 IOH is for MP(Media Phone) use.
The ML7223 is companion chip for Intel Atom E6xx series.
The ML7223 is completely compatible for Intel EG20T PCH.
Signed-off-by: Tomoya MORINAGA <tomoya-linux@dsn.okisemi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Toshiharu Okada [Fri, 6 May 2011 02:53:56 +0000 (02:53 +0000)]
PCH_GbE : Fixed the issue of checksum judgment
The checksum judgment was mistaken.
Judgment result
0:Correct 1:Wrong
This patch fixes the issue.
Signed-off-by: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Toshiharu Okada [Fri, 6 May 2011 02:53:51 +0000 (02:53 +0000)]
PCH_GbE : Fixed the issue of collision detection
The collision detection setting was invalid.
When collision occurred, because data was not resent,
there was an issue to which a transmitting throughput falls.
This patch enables the collision detection.
Signed-off-by: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Matvejchikov Ilya [Fri, 6 May 2011 06:23:09 +0000 (06:23 +0000)]
NET: slip, fix ldisc->open retval
TTY layer expects 0 if the ldisc->open operation succeeded.
Signed-off-by : Matvejchikov Ilya <matvejchikov@gmail.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Somnath Kotur [Wed, 4 May 2011 22:40:46 +0000 (22:40 +0000)]
be2net: Fixed bugs related to PVID.
Fixed bug to make sure 'pvid' retrieval will work on big endian hosts.
Fixed incorrect comparison between the Rx Completion's 16-bit VLAN TCI
and the PVID. Now comparing only the relevant 12 bits corresponding to
the VID.
Renamed 'vid' field under Rx Completion to 'vlan_tag' to reflect
accurate description.
Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kleber Sacilotto de Souza [Wed, 4 May 2011 13:05:11 +0000 (13:05 +0000)]
ehea: fix wrongly reported speed and port
Currently EHEA reports to ethtool as supporting 10M, 100M, 1G and
10G and connected to FIBRE independent of the hardware configuration.
However, when connected to FIBRE the only supported speed is 10G
full-duplex, and the other speeds and modes are only supported
when connected to twisted pair.
Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com>
Acked-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
stephen hemminger [Wed, 4 May 2011 10:04:56 +0000 (10:04 +0000)]
tcp_cubic: limit delayed_ack ratio to prevent divide error
TCP Cubic keeps a metric that estimates the amount of delayed
acknowledgements to use in adjusting the window. If an abnormally
large number of packets are acknowledged at once, then the update
could wrap and reach zero. This kind of ACK could only
happen when there was a large window and huge number of
ACK's were lost.
This patch limits the value of delayed ack ratio. The choice of 32
is just a conservative value since normally it should be range of
1 to 4 packets.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Tue, 3 May 2011 07:49:25 +0000 (07:49 +0000)]
ipheth: Properly distinguish length and alignment in URBs and skbs
The USB protocol this driver implements appears to require 2 bytes of
padding in front of each received packet. This used to be equal to
the value of NET_IP_ALIGN on x86, so the driver abused that constant
and mostly worked, but this is no longer the case. The driver also
mixed up the URB and packet lengths, resulting in 2 bytes of junk at
the end of the skb.
Introduce a private constant for the 2 bytes of padding; fix this
confusion and check for the under-length case.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Roland Dreier [Fri, 6 May 2011 08:32:53 +0000 (08:32 +0000)]
vmxnet3: Consistently disable irqs when taking adapter->cmd_lock
Using the vmxnet3 driver produces a lockdep warning because
vmxnet3_set_mc(), which is called with mc->mca_lock held, takes
adapter->cmd_lock. However, there are a couple of places where
adapter->cmd_lock is taken with softirqs enabled, lockdep warns that a
softirq that tries to take mc->mca_lock could happen while
adapter->cmd_lock is held, leading to an AB-BA deadlock.
I'm not sure if this is a real potential deadlock or not, but the
simplest and best fix seems to be simply to make sure we take cmd_lock
with spin_lock_irqsave() everywhere -- the places with plain spin_lock
just look like oversights.
The full enormous lockdep warning is:
=========================================================
[ INFO: possible irq lock inversion dependency detected ]
2.6.39-rc6+ #1
---------------------------------------------------------
ifconfig/567 just changed the state of lock:
(&(&mc->mca_lock)->rlock){+.-...}, at: [<
ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
but this lock took another, SOFTIRQ-unsafe lock in the past:
(&(&adapter->cmd_lock)->rlock){+.+...}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
4 locks held by ifconfig/567:
#0: (rtnl_mutex){+.+.+.}, at: [<
ffffffff8147d547>] rtnl_lock+0x17/0x20
#1: ((inetaddr_chain).rwsem){.+.+.+}, at: [<
ffffffff810896cf>] __blocking_notifier_call_chain+0x5f/0xb0
#2: (&idev->mc_ifc_timer){+.-...}, at: [<
ffffffff8106f21b>] run_timer_softirq+0xeb/0x3f0
#3: (&ndev->lock){++.-..}, at: [<
ffffffff81531dd2>] mld_ifc_timer_expire+0x32/0x280
the shortest dependencies between 2nd lock and 1st lock:
-> (&(&adapter->cmd_lock)->rlock){+.+...} ops: 11 {
HARDIRQ-ON-W at:
[<
ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff81571156>] _raw_spin_lock+0x36/0x70
[<
ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
[<
ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
SOFTIRQ-ON-W at:
[<
ffffffff8109adb7>] __lock_acquire+0x827/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff81571156>] _raw_spin_lock+0x36/0x70
[<
ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
[<
ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
INITIAL USE at:
[<
ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff81571156>] _raw_spin_lock+0x36/0x70
[<
ffffffffa000d212>] vmxnet3_alloc_intr_resources+0x22/0x230 [vmxnet3]
[<
ffffffffa0014031>] vmxnet3_probe_device+0x5f6/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
}
... key at: [<
ffffffffa0017590>] __key.42516+0x0/0xffffffffffffda70 [vmxnet3]
... acquired at:
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff81571bb5>] _raw_spin_lock_irqsave+0x55/0xa0
[<
ffffffffa000de27>] vmxnet3_set_mc+0x97/0x1a0 [vmxnet3]
[<
ffffffff8146ffa0>] __dev_set_rx_mode+0x40/0xb0
[<
ffffffff81470040>] dev_set_rx_mode+0x30/0x50
[<
ffffffff81470127>] __dev_open+0xc7/0x100
[<
ffffffff814703c1>] __dev_change_flags+0xa1/0x180
[<
ffffffff81470568>] dev_change_flags+0x28/0x70
[<
ffffffff814da960>] devinet_ioctl+0x730/0x800
[<
ffffffff814db508>] inet_ioctl+0x88/0xa0
[<
ffffffff814541f0>] sock_do_ioctl+0x30/0x70
[<
ffffffff814542a9>] sock_ioctl+0x79/0x2f0
[<
ffffffff81188798>] do_vfs_ioctl+0x98/0x570
[<
ffffffff81188d01>] sys_ioctl+0x91/0xa0
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
-> (_xmit_ETHER){+.....} ops: 6 {
HARDIRQ-ON-W at:
[<
ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81475618>] __dev_mc_add+0x38/0x90
[<
ffffffff814756a0>] dev_mc_add+0x10/0x20
[<
ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
[<
ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
[<
ffffffff81515e17>] ipv6_add_dev+0x357/0x450
[<
ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
[<
ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
[<
ffffffff8146a944>] register_netdevice+0x244/0x2d0
[<
ffffffff8146aa0f>] register_netdev+0x3f/0x60
[<
ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
INITIAL USE at:
[<
ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81475618>] __dev_mc_add+0x38/0x90
[<
ffffffff814756a0>] dev_mc_add+0x10/0x20
[<
ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
[<
ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
[<
ffffffff81515e17>] ipv6_add_dev+0x357/0x450
[<
ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
[<
ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
[<
ffffffff8146a944>] register_netdevice+0x244/0x2d0
[<
ffffffff8146aa0f>] register_netdev+0x3f/0x60
[<
ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
}
... key at: [<
ffffffff827fd868>] netdev_addr_lock_key+0x8/0x1e0
... acquired at:
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81475618>] __dev_mc_add+0x38/0x90
[<
ffffffff814756a0>] dev_mc_add+0x10/0x20
[<
ffffffff81532c9e>] igmp6_group_added+0x10e/0x1b0
[<
ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
[<
ffffffff81515e17>] ipv6_add_dev+0x357/0x450
[<
ffffffff81519f27>] addrconf_notify+0x2f7/0xb10
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff81089586>] raw_notifier_call_chain+0x16/0x20
[<
ffffffff814689b7>] call_netdevice_notifiers+0x37/0x70
[<
ffffffff8146a944>] register_netdevice+0x244/0x2d0
[<
ffffffff8146aa0f>] register_netdev+0x3f/0x60
[<
ffffffffa001419b>] vmxnet3_probe_device+0x760/0x15c5 [vmxnet3]
[<
ffffffff812df67f>] local_pci_probe+0x5f/0xd0
[<
ffffffff812dfde9>] pci_device_probe+0x119/0x120
[<
ffffffff81373df6>] driver_probe_device+0x96/0x1c0
[<
ffffffff81373fcb>] __driver_attach+0xab/0xb0
[<
ffffffff81372a1e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff81373a2e>] driver_attach+0x1e/0x20
[<
ffffffff813735b8>] bus_add_driver+0xc8/0x290
[<
ffffffff813745b6>] driver_register+0x76/0x140
[<
ffffffff812e0046>] __pci_register_driver+0x66/0xe0
[<
ffffffffa001b03a>] serio_raw_poll+0x3a/0x60 [serio_raw]
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff810aa76b>] sys_init_module+0xfb/0x250
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
-> (&(&mc->mca_lock)->rlock){+.-...} ops: 6 {
HARDIRQ-ON-W at:
[<
ffffffff8109ad86>] __lock_acquire+0x7f6/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81532bd5>] igmp6_group_added+0x45/0x1b0
[<
ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
[<
ffffffff81515e17>] ipv6_add_dev+0x357/0x450
[<
ffffffff81ce0d16>] addrconf_init+0x4e/0x183
[<
ffffffff81ce0ba1>] inet6_init+0x191/0x2a6
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff81ca4d3f>] kernel_init+0xe3/0x168
[<
ffffffff8157b2e4>] kernel_thread_helper+0x4/0x10
IN-SOFTIRQ-W at:
[<
ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
[<
ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
[<
ffffffff810666d0>] __do_softirq+0xc0/0x210
[<
ffffffff8157b3dc>] call_softirq+0x1c/0x30
[<
ffffffff8100d42d>] do_softirq+0xad/0xe0
[<
ffffffff81066afe>] irq_exit+0x9e/0xb0
[<
ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
[<
ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
[<
ffffffff8149d857>] rt_do_flush+0x87/0x2a0
[<
ffffffff814a16b6>] rt_cache_flush+0x46/0x60
[<
ffffffff814e36e0>] fib_disable_ip+0x40/0x60
[<
ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
[<
ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
[<
ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
[<
ffffffff814d8223>] inet_del_ifa+0x13/0x20
[<
ffffffff814da731>] devinet_ioctl+0x501/0x800
[<
ffffffff814db508>] inet_ioctl+0x88/0xa0
[<
ffffffff814541f0>] sock_do_ioctl+0x30/0x70
[<
ffffffff814542a9>] sock_ioctl+0x79/0x2f0
[<
ffffffff81188798>] do_vfs_ioctl+0x98/0x570
[<
ffffffff81188d01>] sys_ioctl+0x91/0xa0
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
INITIAL USE at:
[<
ffffffff8109a9e9>] __lock_acquire+0x459/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81532bd5>] igmp6_group_added+0x45/0x1b0
[<
ffffffff81533f2d>] ipv6_dev_mc_inc+0x2cd/0x430
[<
ffffffff81515e17>] ipv6_add_dev+0x357/0x450
[<
ffffffff81ce0d16>] addrconf_init+0x4e/0x183
[<
ffffffff81ce0ba1>] inet6_init+0x191/0x2a6
[<
ffffffff81002165>] do_one_initcall+0x45/0x190
[<
ffffffff81ca4d3f>] kernel_init+0xe3/0x168
[<
ffffffff8157b2e4>] kernel_thread_helper+0x4/0x10
}
... key at: [<
ffffffff82801be2>] __key.40877+0x0/0x8
... acquired at:
[<
ffffffff810997bc>] check_usage_forwards+0x9c/0x110
[<
ffffffff8109a32c>] mark_lock+0x19c/0x400
[<
ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
[<
ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
[<
ffffffff810666d0>] __do_softirq+0xc0/0x210
[<
ffffffff8157b3dc>] call_softirq+0x1c/0x30
[<
ffffffff8100d42d>] do_softirq+0xad/0xe0
[<
ffffffff81066afe>] irq_exit+0x9e/0xb0
[<
ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
[<
ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
[<
ffffffff8149d857>] rt_do_flush+0x87/0x2a0
[<
ffffffff814a16b6>] rt_cache_flush+0x46/0x60
[<
ffffffff814e36e0>] fib_disable_ip+0x40/0x60
[<
ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
[<
ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
[<
ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
[<
ffffffff814d8223>] inet_del_ifa+0x13/0x20
[<
ffffffff814da731>] devinet_ioctl+0x501/0x800
[<
ffffffff814db508>] inet_ioctl+0x88/0xa0
[<
ffffffff814541f0>] sock_do_ioctl+0x30/0x70
[<
ffffffff814542a9>] sock_ioctl+0x79/0x2f0
[<
ffffffff81188798>] do_vfs_ioctl+0x98/0x570
[<
ffffffff81188d01>] sys_ioctl+0x91/0xa0
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
stack backtrace:
Pid: 567, comm: ifconfig Not tainted 2.6.39-rc6+ #1
Call Trace:
<IRQ> [<
ffffffff810996f6>] print_irq_inversion_bug+0x146/0x170
[<
ffffffff81099720>] ? print_irq_inversion_bug+0x170/0x170
[<
ffffffff810997bc>] check_usage_forwards+0x9c/0x110
[<
ffffffff8109a32c>] mark_lock+0x19c/0x400
[<
ffffffff8109ad5e>] __lock_acquire+0x7ce/0x1e10
[<
ffffffff8109a383>] ? mark_lock+0x1f3/0x400
[<
ffffffff8109b497>] ? __lock_acquire+0xf07/0x1e10
[<
ffffffff81012255>] ? native_sched_clock+0x15/0x70
[<
ffffffff8109ca4d>] lock_acquire+0x9d/0x130
[<
ffffffff81531e9f>] ? mld_ifc_timer_expire+0xff/0x280
[<
ffffffff8109759d>] ? lock_release_holdtime+0x3d/0x1a0
[<
ffffffff8157124b>] _raw_spin_lock_bh+0x3b/0x70
[<
ffffffff81531e9f>] ? mld_ifc_timer_expire+0xff/0x280
[<
ffffffff8157170b>] ? _raw_spin_unlock+0x2b/0x40
[<
ffffffff81531e9f>] mld_ifc_timer_expire+0xff/0x280
[<
ffffffff8106f2a9>] run_timer_softirq+0x179/0x3f0
[<
ffffffff8106f21b>] ? run_timer_softirq+0xeb/0x3f0
[<
ffffffff810122b9>] ? sched_clock+0x9/0x10
[<
ffffffff81531da0>] ? mld_gq_timer_expire+0x30/0x30
[<
ffffffff810666d0>] __do_softirq+0xc0/0x210
[<
ffffffff8109455f>] ? tick_program_event+0x1f/0x30
[<
ffffffff8157b3dc>] call_softirq+0x1c/0x30
[<
ffffffff8100d42d>] do_softirq+0xad/0xe0
[<
ffffffff81066afe>] irq_exit+0x9e/0xb0
[<
ffffffff8157bd40>] smp_apic_timer_interrupt+0x70/0x9b
[<
ffffffff8157ab93>] apic_timer_interrupt+0x13/0x20
<EOI> [<
ffffffff81571f14>] ? retint_restore_args+0x13/0x13
[<
ffffffff810974a7>] ? lock_is_held+0x17/0xd0
[<
ffffffff8149d857>] rt_do_flush+0x87/0x2a0
[<
ffffffff814a16b6>] rt_cache_flush+0x46/0x60
[<
ffffffff814e36e0>] fib_disable_ip+0x40/0x60
[<
ffffffff814e5447>] fib_inetaddr_event+0xd7/0xe0
[<
ffffffff81575c1c>] notifier_call_chain+0x8c/0xc0
[<
ffffffff810896e8>] __blocking_notifier_call_chain+0x78/0xb0
[<
ffffffff81089736>] blocking_notifier_call_chain+0x16/0x20
[<
ffffffff814d8021>] __inet_del_ifa+0xf1/0x2e0
[<
ffffffff814d8223>] inet_del_ifa+0x13/0x20
[<
ffffffff814da731>] devinet_ioctl+0x501/0x800
[<
ffffffff8108a3af>] ? local_clock+0x6f/0x80
[<
ffffffff81575898>] ? do_page_fault+0x268/0x560
[<
ffffffff814db508>] inet_ioctl+0x88/0xa0
[<
ffffffff814541f0>] sock_do_ioctl+0x30/0x70
[<
ffffffff814542a9>] sock_ioctl+0x79/0x2f0
[<
ffffffff810dfe87>] ? __call_rcu+0xa7/0x190
[<
ffffffff81188798>] do_vfs_ioctl+0x98/0x570
[<
ffffffff8117737e>] ? fget_light+0x33e/0x430
[<
ffffffff81571ef9>] ? retint_swapgs+0x13/0x1b
[<
ffffffff81188d01>] sys_ioctl+0x91/0xa0
[<
ffffffff8157a142>] system_call_fastpath+0x16/0x1b
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Shreyas N Bhatewara <sbhatewara@vmware.com>
Signed-off-by: Scott J. Goldman <scottjg@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Rosenberg [Fri, 6 May 2011 03:27:18 +0000 (03:27 +0000)]
dccp: handle invalid feature options length
A length of zero (after subtracting two for the type and len fields) for
the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
the subtraction. The subsequent code may read past the end of the
options value buffer when parsing. I'm unsure of what the consequences
of this might be, but it's probably not good.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kurt Van Dijck [Mon, 2 May 2011 04:50:48 +0000 (04:50 +0000)]
can: fix SJA1000 dlc for RTR packets
RTR frames do have a valid data length code on CAN.
The driver for SJA1000 did not handle that situation properly.
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ming Lei [Thu, 28 Apr 2011 22:37:09 +0000 (22:37 +0000)]
usbnet: runtime pm: fix out of memory
This patch makes use of the EVENT_DEV_OPEN flag introduced recently to
fix one out of memory issue, which can be reproduced on omap3/4 based
pandaboard/beagle XM easily with steps below:
- enable runtime pm
echo auto > /sys/devices/platform/usbhs-omap.0/ehci-omap.0/usb1/1-1/1-1.1/power/control
- ifconfig eth0 up
- then out of memroy happened, see [1] for kernel message.
Follows my analysis:
- 'ifconfig eth0 up' brings eth0 out of suspend, and usbnet_resume
is called to schedule dev->bh, then rx urbs are submited to prepare for
recieving data;
- some usbnet devices will produce garbage rx packets flood if
info->reset is not called in usbnet_open.
- so there is no enough chances for usbnet_bh to handle and release
recieved skb buffers since many rx interrupts consumes cpu, so out of memory
for atomic allocation in rx_submit happened.
This patch fixes the issue by simply not allowing schedule of usbnet_bh until device
is opened.
[1], dmesg
[ 234.712005] smsc95xx 1-1.1:1.0: rpm_resume flags 0x4
[ 234.712066] usb 1-1.1: rpm_resume flags 0x0
[ 234.712066] usb 1-1: rpm_resume flags 0x0
[ 234.712097] usb usb1: rpm_resume flags 0x0
[ 234.712127] usb usb1: usb auto-resume
[ 234.712158] ehci-omap ehci-omap.0: resume root hub
[ 234.754028] hub 1-0:1.0: hub_resume
[ 234.754821] hub 1-0:1.0: port 1: status 0507 change 0000
[ 234.756011] hub 1-0:1.0: state 7 ports 3 chg 0000 evt 0000
[ 234.756042] hub 1-0:1.0: rpm_resume flags 0x4
[ 234.756072] usb usb1: rpm_resume flags 0x0
[ 234.756164] usb usb1: rpm_resume returns 1
[ 234.756195] hub 1-0:1.0: rpm_resume returns 0
[ 234.756195] hub 1-0:1.0: rpm_suspend flags 0x4
[ 234.756225] hub 1-0:1.0: rpm_suspend returns 0
[ 234.756256] usb usb1: rpm_resume returns 0
[ 234.757141] usb 1-1: usb auto-resume
[ 234.793151] ehci-omap ehci-omap.0: GetStatus port:1 status 001005 0 ACK POWER sig=se0 PE CONNECT
[ 234.816558] usb 1-1: finish resume
[ 234.817871] hub 1-1:1.0: hub_resume
[ 234.818420] hub 1-1:1.0: port 1: status 0507 change 0000
[ 234.820495] ehci-omap ehci-omap.0: reused qh
eec50220 schedule
[ 234.820495] usb 1-1: link qh256-0001/
eec50220 start 1 [1/0 us]
[ 234.820587] usb 1-1: rpm_resume returns 0
[ 234.820800] hub 1-1:1.0: state 7 ports 5 chg 0000 evt 0000
[ 234.820800] hub 1-1:1.0: rpm_resume flags 0x4
[ 234.820831] hub 1-1:1.0: rpm_resume returns 0
[ 234.820861] hub 1-1:1.0: rpm_suspend flags 0x4
[ 234.820861] hub 1-1:1.0: rpm_suspend returns 0
[ 234.821777] usb 1-1.1: usb auto-resume
[ 234.868591] hub 1-1:1.0: state 7 ports 5 chg 0000 evt 0002
[ 234.868591] hub 1-1:1.0: rpm_resume flags 0x4
[ 234.868621] hub 1-1:1.0: rpm_resume returns 0
[ 234.868652] hub 1-1:1.0: rpm_suspend flags 0x4
[ 234.868652] hub 1-1:1.0: rpm_suspend returns 0
[ 234.879486] usb 1-1.1: finish resume
[ 234.880279] usb 1-1.1: rpm_resume returns 0
[ 234.880310] smsc95xx 1-1.1:1.0: rpm_resume returns 0
[ 238.880187] ksoftirqd/0: page allocation failure. order:0, mode:0x20
[ 238.880218] Backtrace:
[ 238.880249] [<
c01b9800>] (dump_backtrace+0x0/0xf8) from [<
c065e1dc>] (dump_stack+0x18/0x1c)
[ 238.880249] r6:
00000000 r5:
00000000 r4:
00000020 r3:
00000002
[ 238.880310] [<
c065e1c4>] (dump_stack+0x0/0x1c) from [<
c026ece4>] (__alloc_pages_nodemask+0x620/0x724)
[ 238.880340] [<
c026e6c4>] (__alloc_pages_nodemask+0x0/0x724) from [<
c02986d4>] (kmem_getpages.clone.34+0x34/0xc8)
[ 238.880371] [<
c02986a0>] (kmem_getpages.clone.34+0x0/0xc8) from [<
c02988f8>] (cache_grow.clone.42+0x84/0x154)
[ 238.880371] r6:
ef871aa4 r5:
ef871a80 r4:
ef81fd40 r3:
00000020
[ 238.880401] [<
c0298874>] (cache_grow.clone.42+0x0/0x154) from [<
c0298b64>] (cache_alloc_refill+0x19c/0x1f0)
[ 238.880432] [<
c02989c8>] (cache_alloc_refill+0x0/0x1f0) from [<
c0299804>] (kmem_cache_alloc+0x90/0x190)
[ 238.880462] [<
c0299774>] (kmem_cache_alloc+0x0/0x190) from [<
c052e260>] (__alloc_skb+0x34/0xe8)
[ 238.880493] [<
c052e22c>] (__alloc_skb+0x0/0xe8) from [<
bf0509f4>] (rx_submit+0x2c/0x1d4 [usbnet])
[ 238.880523] [<
bf0509c8>] (rx_submit+0x0/0x1d4 [usbnet]) from [<
bf050d38>] (rx_complete+0x19c/0x1b0 [usbnet])
[ 238.880737] [<
bf050b9c>] (rx_complete+0x0/0x1b0 [usbnet]) from [<
bf006fd0>] (usb_hcd_giveback_urb+0xa8/0xf4 [usbcore])
[ 238.880737] r8:
eeeced34 r7:
eeecec00 r6:
eeecec00 r5:
00000000 r4:
eec2dd20
[ 238.880767] r3:
bf050b9c
[ 238.880859] [<
bf006f28>] (usb_hcd_giveback_urb+0x0/0xf4 [usbcore]) from [<
bf03c8f8>] (ehci_urb_done+0xb0/0xbc [ehci_hcd])
[ 238.880859] r6:
00000000 r5:
eec2dd20 r4:
eeeced44 r3:
eec2dd34
[ 238.880920] [<
bf03c848>] (ehci_urb_done+0x0/0xbc [ehci_hcd]) from [<
bf040204>] (qh_completions+0x308/0x3bc [ehci_hcd])
[ 238.880920] r7:
00000000 r6:
eeda21a0 r5:
ffdfe3c0 r4:
eeda21ac
[ 238.880981] [<
bf03fefc>] (qh_completions+0x0/0x3bc [ehci_hcd]) from [<
bf040ef8>] (scan_async+0xb0/0x16c [ehci_hcd])
[ 238.881011] [<
bf040e48>] (scan_async+0x0/0x16c [ehci_hcd]) from [<
bf040fec>] (ehci_work+0x38/0x90 [ehci_hcd])
[ 238.881042] [<
bf040fb4>] (ehci_work+0x0/0x90 [ehci_hcd]) from [<
bf042940>] (ehci_irq+0x300/0x34c [ehci_hcd])
[ 238.881072] r4:
eeeced34 r3:
00000001
[ 238.881134] [<
bf042640>] (ehci_irq+0x0/0x34c [ehci_hcd]) from [<
bf006828>] (usb_hcd_irq+0x40/0xac [usbcore])
[ 238.881195] [<
bf0067e8>] (usb_hcd_irq+0x0/0xac [usbcore]) from [<
c0239764>] (handle_irq_event_percpu+0xb8/0x240)
[ 238.881225] r6:
eec504e0 r5:
0000006d r4:
eec504e0 r3:
bf0067e8
[ 238.881256] [<
c02396ac>] (handle_irq_event_percpu+0x0/0x240) from [<
c0239930>] (handle_irq_event+0x44/0x64)
[ 238.881256] [<
c02398ec>] (handle_irq_event+0x0/0x64) from [<
c023bbd0>] (handle_level_irq+0xe0/0x114)
[ 238.881286] r6:
0000006d r5:
c080c14c r4:
c080c100 r3:
00020000
[ 238.881317] [<
c023baf0>] (handle_level_irq+0x0/0x114) from [<
c01ab090>] (asm_do_IRQ+0x90/0xd0)
[ 238.881317] r5:
00000000 r4:
0000006d
[ 238.881347] [<
c01ab000>] (asm_do_IRQ+0x0/0xd0) from [<
c06624d0>] (__irq_svc+0x50/0x134)
[ 238.881378] Exception stack(0xef837e20 to 0xef837e68)
[ 238.881378] 7e20:
00000001 00185610 016cc000 c00490c0 eb380000 ef800540 00000020 00004ae0
[ 238.881408] 7e40:
00000020 bf0509f4 60000013 ef837e9c ef837e40 ef837e68 c0226f0c c0298ca0
[ 238.881408] 7e60:
20000013 ffffffff
[ 238.881408] r5:
fa240100 r4:
ffffffff
[ 238.881439] [<
c0298bb8>] (__kmalloc_track_caller+0x0/0x1d0) from [<
c052e284>] (__alloc_skb+0x58/0xe8)
[ 238.881469] [<
c052e22c>] (__alloc_skb+0x0/0xe8) from [<
bf0509f4>] (rx_submit+0x2c/0x1d4 [usbnet])
[ 238.881500] [<
bf0509c8>] (rx_submit+0x0/0x1d4 [usbnet]) from [<
bf0513d8>] (usbnet_bh+0x1b4/0x250 [usbnet])
[ 238.881530] [<
bf051224>] (usbnet_bh+0x0/0x250 [usbnet]) from [<
c01f912c>] (tasklet_action+0xb0/0x1f8)
[ 238.881530] r6:
00000000 r5:
ef9757f0 r4:
ef9757ec r3:
bf051224
[ 238.881561] [<
c01f907c>] (tasklet_action+0x0/0x1f8) from [<
c01f97ac>] (__do_softirq+0x140/0x290)
[ 238.881561] r8:
00000006 r7:
00000101 r6:
00000000 r5:
c0806098 r4:
00000001
[ 238.881591] r3:
c01f907c
[ 238.881622] [<
c01f966c>] (__do_softirq+0x0/0x290) from [<
c01f99cc>] (run_ksoftirqd+0xd0/0x1f4)
[ 238.881622] [<
c01f98fc>] (run_ksoftirqd+0x0/0x1f4) from [<
c02113b0>] (kthread+0x90/0x98)
[ 238.881652] r7:
00000013 r6:
c01f98fc r5:
00000000 r4:
ef831efc
[ 238.881683] [<
c0211320>] (kthread+0x0/0x98) from [<
c01f62f4>] (do_exit+0x0/0x374)
[ 238.881713] r6:
c01f62f4 r5:
c0211320 r4:
ef831efc
[ 238.881713] Mem-info:
[ 238.881744] Normal per-cpu:
[ 238.881744] CPU 0: hi: 186, btch: 31 usd: 38
[ 238.881744] CPU 1: hi: 186, btch: 31 usd: 169
[ 238.881774] HighMem per-cpu:
[ 238.881774] CPU 0: hi: 90, btch: 15 usd: 66
[ 238.881774] CPU 1: hi: 90, btch: 15 usd: 86
[ 238.881805] active_anon:544 inactive_anon:71 isolated_anon:0
[ 238.881805] active_file:926 inactive_file:2538 isolated_file:0
[ 238.881805] unevictable:0 dirty:10 writeback:0 unstable:0
[ 238.881805] free:57782 slab_reclaimable:864 slab_unreclaimable:186898
[ 238.881805] mapped:632 shmem:144 pagetables:50 bounce:0
[ 238.881835] Normal free:1328kB min:3532kB low:4412kB high:5296kB active_anon:0kB inactive_anon:0kB active_file:880kB inactive_file:848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:780288kB mlocked:0kB dirty:36kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:3456kB slab_unreclaimable:747592kB kernel_stack:392kB pagetables:200kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[ 238.881866] lowmem_reserve[]: 0 1904 1904
[ 238.881896] HighMem free:229800kB min:236kB low:508kB high:784kB active_anon:2176kB inactive_anon:284kB active_file:2824kB inactive_file:9304kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:243712kB mlocked:0kB dirty:4kB writeback:0kB mapped:2528kB shmem:576kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[ 238.881927] lowmem_reserve[]: 0 0 0
[ 238.881958] Normal: 0*4kB 4*8kB 6*16kB 0*32kB 1*64kB 1*128kB 0*256kB 2*512kB 0*1024kB 0*2048kB 0*4096kB = 1344kB
[ 238.882019] HighMem: 6*4kB 2*8kB 4*16kB 4*32kB 1*64kB 1*128kB 0*256kB 2*512kB 3*1024kB 0*2048kB 55*4096kB = 229800kB
[ 238.882080] 3610 total pagecache pages
[ 238.882080] 0 pages in swap cache
[ 238.882080] Swap cache stats: add 0, delete 0, find 0/0
[ 238.882110] Free swap = 0kB
[ 238.882110] Total swap = 0kB
[ 238.933776] 262144 pages of RAM
[ 238.933776] 58240 free pages
[ 238.933776] 10503 reserved pages
[ 238.933776] 187773 slab pages
[ 238.933807] 2475 pages shared
[ 238.933807] 0 pages swap cached
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 4 May 2011 10:02:26 +0000 (10:02 +0000)]
net: ip_expire() must revalidate route
Commit
4a94445c9a5c (net: Use ip_route_input_noref() in input path)
added a bug in IP defragmentation handling, in case timeout is fired.
When a frame is defragmented, we use last skb dst field when building
final skb. Its dst is valid, since we are in rcu read section.
But if a timeout occurs, we take first queued fragment to build one ICMP
TIME EXCEEDED message. Problem is all queued skb have weak dst pointers,
since we escaped RCU critical section after their queueing. icmp_send()
might dereference a now freed (and possibly reused) part of memory.
Calling skb_dst_drop() and ip_route_input_noref() to revalidate route is
the only possible choice.
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Lucian Adrian Grijincu [Sun, 1 May 2011 01:44:01 +0000 (01:44 +0000)]
sysctl: net: call unregister_net_sysctl_table where needed
ctl_table_headers registered with register_net_sysctl_table should
have been unregistered with the equivalent unregister_net_sysctl_table
Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Sat, 30 Apr 2011 01:28:17 +0000 (01:28 +0000)]
Revert: veth: remove unneeded ifname code from veth_newlink()
84c49d8c3e4abefb0a41a77b25aa37ebe8d6b743 ("veth: remove unneeded
ifname code from veth_newlink()") caused regression on veth
creation. This patch reverts the original one.
Reported-by: Michał Mirosław <mirqus@gmail.com>
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Rabin Vincent [Sat, 30 Apr 2011 08:29:27 +0000 (08:29 +0000)]
smsc95xx: fix reset check
The reset loop check should check the MII_BMCR register value for
BMCR_RESET rather than for MII_BMCR (the register address, which also
happens to be zero).
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David S. Miller <davem@davemloft.net>
Rafael J. Wysocki [Thu, 28 Apr 2011 11:02:15 +0000 (11:02 +0000)]
tg3: Fix failure to enable WoL by default when possible
tg3 is supposed to enable WoL by default on adapters which support
that, but it fails to do so unless the adapter's
/sys/devices/.../power/wakeup file contains 'enabled' during the
initialization of the adapter. Fix that by making tg3 use
device_set_wakeup_enable() to enable wakeup automatically whenever
WoL should be enabled by default.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Lifeng Sun [Wed, 27 Apr 2011 22:04:51 +0000 (22:04 +0000)]
networking: inappropriate ioctl operation should return ENOTTY
ioctl() calls against a socket with an inappropriate ioctl operation
are incorrectly returning EINVAL rather than ENOTTY:
[ENOTTY]
Inappropriate I/O control operation.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=33992
Signed-off-by: Lifeng Sun <lifongsun@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Joe Perches [Mon, 2 May 2011 09:59:29 +0000 (09:59 +0000)]
amd8111e: trivial typo spelling: Negotitate -> Negotiate
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 2 May 2011 19:21:47 +0000 (12:21 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6
Alexey Dobriyan [Sun, 1 May 2011 02:04:11 +0000 (02:04 +0000)]
ipv4: don't spam dmesg with "Using LC-trie" messages
fib_trie_table() is called during netns creation and
Chromium uses clone(CLONE_NEWNET) to sandbox renderer process.
Don't print anything.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric W. Biederman [Sun, 24 Apr 2011 01:54:57 +0000 (01:54 +0000)]
af_unix: Only allow recv on connected seqpacket sockets.
This fixes the following oops discovered by Dan Aloni:
> Anyway, the following is the output of the Oops that I got on the
> Ubuntu kernel on which I first detected the problem
> (2.6.37-12-generic). The Oops that followed will be more useful, I
> guess.
>[ 5594.669852] BUG: unable to handle kernel NULL pointer dereference
> at      (null)
> [ 5594.681606] IP: [<
ffffffff81550b7b>] unix_dgram_recvmsg+0x1fb/0x420
> [ 5594.687576] PGD
2a05d067 PUD
2b951067 PMD 0
> [ 5594.693720] Oops: 0002 [#1] SMP
> [ 5594.699888] last sysfs file:
The bug was that unix domain sockets use a pseduo packet for
connecting and accept uses that psudo packet to get the socket.
In the buggy seqpacket case we were allowing unconnected
sockets to call recvmsg and try to receive the pseudo packet.
That is always wrong and as of commit
7361c36c5 the pseudo
packet had become enough different from a normal packet
that the kernel started oopsing.
Do for seqpacket_recv what was done for seqpacket_send in 2.5
and only allow it on connected seqpacket sockets.
Cc: stable@kernel.org
Tested-by: Dan Aloni <dan@aloni.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
artpol [Wed, 27 Apr 2011 17:49:14 +0000 (17:49 +0000)]
mii: add support of pause frames in mii_get_an
Add support of pause frames advertise in mii_get_an. This provides all drivers
that use mii_ethtool_gset to represent their own and Link partner flow control
abilities in ethtool.
Signed-off-by: Artem Polyakov <artpol84@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Adam Jaremko [Thu, 28 Apr 2011 07:41:18 +0000 (07:41 +0000)]
net: ftmac100: fix scheduling while atomic during PHY link status change
Signed-off-by: Adam Jaremko <adam.jaremko@gmail.com>
Acked-by: Po-Yu Chuang <ratbert@faraday-tech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Oliver Neukum [Fri, 29 Apr 2011 12:15:53 +0000 (14:15 +0200)]
usbnet: Transfer of maintainership
Somebody has to do it, however unfortunate be the cause.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Williams [Wed, 27 Apr 2011 09:54:28 +0000 (09:54 +0000)]
usbnet: add support for some Huawei modems with cdc-ether ports
Some newer Huawei devices (T-Mobile Rocket, others) have cdc-ether
compatible ports, so recognize and expose them.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Horman [Tue, 26 Apr 2011 10:30:11 +0000 (10:30 +0000)]
bnx2: cancel timer on device removal
This oops was recently reported to me:
invalid opcode: 0000 [#1] SMP
last sysfs file:
/sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:05.0/device
CPU 1
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]
Pid: 23900, comm: pidof Not tainted 2.6.32-130.el6.x86_64 #1 BladeCenter LS21
-[797251Z]-
RIP: 0010:[<
ffffffffa058b270>] [<
ffffffffa058b270>] 0xffffffffa058b270
RSP: 0018:
ffff880002083e48 EFLAGS:
00010246
RAX:
ffff880002083e90 RBX:
ffff88007ccd4000 RCX:
0000000000000000
RDX:
0000000000000100 RSI:
dead000000200200 RDI:
ffff8800007b8700
RBP:
ffff880002083ed0 R08:
ffff88000208db40 R09:
0000022d191d27c8
R10:
0000000000000000 R11:
0000000000000000 R12:
ffff8800007b9bc8
R13:
ffff880002083e90 R14:
ffff8800007b8700 R15:
ffffffffa058b270
FS:
00007fbb3bcf7700(0000) GS:
ffff880002080000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000001664a98 CR3:
0000000060395000 CR4:
00000000000006e0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process pidof (pid: 23900, threadinfo
ffff8800007e8000, task
ffff8800091c0040)
Stack:
ffffffff81079f77 ffffffff8109e010 ffff88007ccd5c20 ffff88007ccd5820
<0>
ffff88007ccd5420 ffff8800007e9fd8 ffff8800007e9fd8 0000010000000000
<0>
ffff88007ccd5020 ffff880002083e90 ffff880002083e90 ffffffff8102a00d
Call Trace:
<IRQ>
[<
ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
[<
ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
[<
ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
[<
ffffffff8106f737>] __do_softirq+0xb7/0x1e0
[<
ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
[<
ffffffff81185f90>] ? filldir+0x0/0xe0
[<
ffffffff8100c2cc>] call_softirq+0x1c/0x30
[<
ffffffff8100df05>] do_softirq+0x65/0xa0
[<
ffffffff8106f525>] irq_exit+0x85/0x90
[<
ffffffff814e3340>] smp_apic_timer_interrupt+0x70/0x9b
[<
ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
<EOI>
[<
ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
[<
ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
[<
ffffffff812050c6>] security_file_permission+0x16/0x20
[<
ffffffff811861c1>] vfs_readdir+0x71/0xe0
[<
ffffffff81186399>] sys_getdents+0x89/0xf0
[<
ffffffff8100b172>] system_call_fastpath+0x16/0x1b
It occured during some stress testing, in which the reporter was repeatedly
removing and modprobing the bnx2 module while doing various other random
operations on the bnx2 registered net device. Noting that this error occured on
a serdes based device, we noted that there were a few ethtool operations (most
notably self_test and set_phys_id) that have execution paths that lead into
bnx2_setup_serdes_phy. This function is notable because it executes a mod_timer
call, which starts the bp->timer running. Currently bnx2 is setup to assume
that this timer only nees to be stopped when bnx2_close or bnx2_suspend is
called. Since the above ethtool operations are not gated on the net device
having been opened however, that assumption is incorrect, and can lead to the
timer still running after the module has been removed, leading to the oops above
(as well as other simmilar oopses).
Fix the problem by ensuring that the timer is stopped when pci_device_unregister
is called.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Hushan Jia <hjia@redhat.com>
CC: Michael Chan <mchan@broadcom.com>
CC: "David S. Miller" <davem@davemloft.net>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stanislaw Gruszka [Fri, 29 Apr 2011 15:51:56 +0000 (17:51 +0200)]
iwl4965: fix "Received BA when not expected"
Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:
"Received BA when not expected"
or (on older kernels):
"BA scd_flow 0 does not match txq_id 10"
This fix regression introduced in 2.6.35 during station management
code rewrite by:
commit
2a87c26bbe9587baeb9e56d3ce0b4971bd777643
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Apr 30 11:30:45 2010 -0700
iwlwifi: use iwl_find_station less
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Fri, 29 Apr 2011 15:51:06 +0000 (17:51 +0200)]
iwlagn: fix "Received BA when not expected"
Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:
"Received BA when not expected"
or (on older kernels):
"BA scd_flow 0 does not match txq_id 10"
This fix regression introduced in 2.6.35 during station management
code rewrite by:
commit
2a87c26bbe9587baeb9e56d3ce0b4971bd777643
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Apr 30 11:30:45 2010 -0700
iwlwifi: use iwl_find_station less
Patch partially resolve:
https://bugzilla.kernel.org/show_bug.cgi?id=16691
However, there are still 11n performance problems on 4965 and 5xxx
devices that need to be investigated.
Cc: stable@kernel.org # 2.6.35+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Peter Korsgaard [Tue, 26 Apr 2011 01:45:41 +0000 (01:45 +0000)]
dsa/mv88e6131: fix unknown multicast/broadcast forwarding on mv88e6085
The
88e6085 has a few differences from the other devices in the port
control registers, causing unknown multicast/broadcast packets to get
dropped when using the standard port setup.
At the same time update kconfig to clarify that the mv88e6085 is now
supported.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Acked-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Stewart [Thu, 28 Apr 2011 05:43:37 +0000 (05:43 +0000)]
usbnet: Resubmit interrupt URB if device is open
Resubmit interrupt URB if device is open. Use a flag set in
usbnet_open() to determine this state. Also kill and free
interrupt URB in usbnet_disconnect().
[Rebased off git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git]
Signed-off-by: Paul Stewart <pstew@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stanislaw Gruszka [Thu, 28 Apr 2011 09:36:54 +0000 (11:36 +0200)]
iwl4965: fix "TX Power requested while scanning"
Fix the following:
WARNING: at drivers/net/wireless/iwlegacy/iwl-4965.c:1128 \
iwl4965_send_tx_power+0x61/0x102 [iwl4965]() Hardware name: [...]
TX Power requested while scanning!
Pid: 5723, comm: kworker/u:28 Not tainted 2.6.39-0.rc4.4.fc14.x86_64 #1
Call Trace:
[<
ffffffff8104e27b>] warn_slowpath_common+0x85/0x9d
[<
ffffffffa02782e0>] ? iwl4965_show_temperature+0x49/0x49 [iwl4965]
[<
ffffffff8104e336>] warn_slowpath_fmt+0x46/0x48
[<
ffffffffa027712f>] iwl4965_send_tx_power+0x61/0x102 [iwl4965]
[<
ffffffff81477e05>] ? mutex_lock+0x36/0x50
[<
ffffffffa0278337>] iwl4965_bg_txpower_work+0x57/0x73 [iwl4965]
[<
ffffffff810647f3>] process_one_work+0x18d/0x286
[<
ffffffff81065a5e>] worker_thread+0xfd/0x181
[<
ffffffff81065961>] ? manage_workers.clone.16+0x172/0x172
[<
ffffffff81069036>] kthread+0x82/0x8a
[<
ffffffff81480524>] kernel_thread_helper+0x4/0x10
[<
ffffffff81068fb4>] ? kthread_worker_fn+0x14b/0x14b
[<
ffffffff81480520>] ? gs_change+0x13/0x13
Reported-and-tested-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Wey-Yi Guy [Mon, 25 Apr 2011 18:12:57 +0000 (11:12 -0700)]
iwlegacy: led stay solid on when no traffic
commit
5ed540aecc2aae92d5c97b9a9306a5bf88ad5574 change the led behavior
for iwlwifi driver; the side effect cause led blink all the time.
Modify the led blink table to fix this problem
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Rafał Miłecki [Tue, 19 Apr 2011 20:49:29 +0000 (22:49 +0200)]
b43: trivial: update module info about ucode16_mimo firmware
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Steffen Klassert [Mon, 25 Apr 2011 19:41:21 +0000 (19:41 +0000)]
xfrm: Check for the new replay implementation if an esn state is inserted
IPsec extended sequence numbers can be used only with the new
anti-replay window implementation. So check if the new implementation
is used if an esn state is inserted and return an error if it is not.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 25 Apr 2011 19:40:23 +0000 (19:40 +0000)]
esp6: Fix scatterlist initialization
When we use IPsec extended sequence numbers, we may overwrite
the last scatterlist of the associated data by the scatterlist
for the skb. This patch fixes this by placing the scatterlist
for the skb right behind the last scatterlist of the associated
data. esp4 does it already like that.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 25 Apr 2011 19:39:24 +0000 (19:39 +0000)]
xfrm: Fix replay window size calculation on initialization
On replay initialization, we compute the size of the replay
buffer to see if the replay window fits into the buffer.
This computation lacks a mutliplication by 8 because we need
the size in bit, not in byte. So we might return an error
even though the replay window would fit into the buffer.
This patch fixes this issue.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Held Bernhard [Sun, 24 Apr 2011 22:07:32 +0000 (22:07 +0000)]
net: provide cow_metrics() methods to blackhole dst_ops
Since commit
62fa8a846d7d (net: Implement read-only protection and COW'ing
of metrics.) the kernel throws an oops.
[ 101.620985] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 101.621050] IP: [< (null)>] (null)
[ 101.621084] PGD
6e53c067 PUD
3dd6a067 PMD 0
[ 101.621122] Oops: 0010 [#1] SMP
[ 101.621153] last sysfs file: /sys/devices/virtual/ppp/ppp/uevent
[ 101.621192] CPU 2
[ 101.621206] Modules linked in: l2tp_ppp pppox ppp_generic slhc
l2tp_netlink l2tp_core deflate zlib_deflate twofish_x86_64
twofish_common des_generic cbc ecb sha1_generic hmac af_key
iptable_filter snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device loop
snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec
snd_pcm snd_timer snd i2c_i801 iTCO_wdt psmouse soundcore snd_page_alloc
evdev uhci_hcd ehci_hcd thermal
[ 101.621552]
[ 101.621567] Pid: 5129, comm: openl2tpd Not tainted 2.6.39-rc4-Quad #3
Gigabyte Technology Co., Ltd. G33-DS3R/G33-DS3R
[ 101.621637] RIP: 0010:[<
0000000000000000>] [< (null)>] (null)
[ 101.621684] RSP: 0018:
ffff88003ddeba60 EFLAGS:
00010202
[ 101.621716] RAX:
ffff88003ddb5600 RBX:
ffff88003ddb5600 RCX:
0000000000000020
[ 101.621758] RDX:
ffffffff81a69a00 RSI:
ffffffff81b7ee61 RDI:
ffff88003ddb5600
[ 101.621800] RBP:
ffff8800537cd900 R08:
0000000000000000 R09:
ffff88003ddb5600
[ 101.621840] R10:
0000000000000005 R11:
0000000000014b38 R12:
ffff88003ddb5600
[ 101.621881] R13:
ffffffff81b7e480 R14:
ffffffff81b7e8b8 R15:
ffff88003ddebad8
[ 101.621924] FS:
00007f06e4182700(0000) GS:
ffff88007fd00000(0000)
knlGS:
0000000000000000
[ 101.621971] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 101.622005] CR2:
0000000000000000 CR3:
0000000045274000 CR4:
00000000000006e0
[ 101.622046] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[ 101.622087] DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
[ 101.622129] Process openl2tpd (pid: 5129, threadinfo
ffff88003ddea000, task
ffff88003de9a280)
[ 101.622177] Stack:
[ 101.622191]
ffffffff81447efa ffff88007d3ded80 ffff88003de9a280
ffff88007d3ded80
[ 101.622245]
0000000000000001 ffff88003ddebbb8 ffffffff8148d5a7
0000000000000212
[ 101.622299]
ffff88003dcea000 ffff88003dcea188 ffffffff00000001
ffffffff81b7e480
[ 101.622353] Call Trace:
[ 101.622374] [<
ffffffff81447efa>] ? ipv4_blackhole_route+0x1ba/0x210
[ 101.622415] [<
ffffffff8148d5a7>] ? xfrm_lookup+0x417/0x510
[ 101.622450] [<
ffffffff8127672a>] ? extract_buf+0x9a/0x140
[ 101.622485] [<
ffffffff8144c6a0>] ? __ip_flush_pending_frames+0x70/0x70
[ 101.622526] [<
ffffffff8146fbbf>] ? udp_sendmsg+0x62f/0x810
[ 101.622562] [<
ffffffff813f98a6>] ? sock_sendmsg+0x116/0x130
[ 101.622599] [<
ffffffff8109df58>] ? find_get_page+0x18/0x90
[ 101.622633] [<
ffffffff8109fd6a>] ? filemap_fault+0x12a/0x4b0
[ 101.622668] [<
ffffffff813fb5c4>] ? move_addr_to_kernel+0x64/0x90
[ 101.622706] [<
ffffffff81405d5a>] ? verify_iovec+0x7a/0xf0
[ 101.622739] [<
ffffffff813fc772>] ? sys_sendmsg+0x292/0x420
[ 101.622774] [<
ffffffff810b994a>] ? handle_pte_fault+0x8a/0x7c0
[ 101.622810] [<
ffffffff810b76fe>] ? __pte_alloc+0xae/0x130
[ 101.622844] [<
ffffffff810ba2f8>] ? handle_mm_fault+0x138/0x380
[ 101.622880] [<
ffffffff81024af9>] ? do_page_fault+0x189/0x410
[ 101.622915] [<
ffffffff813fbe03>] ? sys_getsockname+0xf3/0x110
[ 101.622952] [<
ffffffff81450c4d>] ? ip_setsockopt+0x4d/0xa0
[ 101.622986] [<
ffffffff813f9932>] ? sockfd_lookup_light+0x22/0x90
[ 101.623024] [<
ffffffff814b61fb>] ? system_call_fastpath+0x16/0x1b
[ 101.623060] Code: Bad RIP value.
[ 101.623090] RIP [< (null)>] (null)
[ 101.623125] RSP <
ffff88003ddeba60>
[ 101.623146] CR2:
0000000000000000
[ 101.650871] ---[ end trace
ca3856a7d8e8dad4 ]---
[ 101.651011] __sk_free: optmem leakage (160 bytes) detected.
The oops happens in dst_metrics_write_ptr()
include/net/dst.h:124: return dst->ops->cow_metrics(dst, p);
dst->ops->cow_metrics is NULL and causes the oops.
Provide cow_metrics() methods, like we did in commit
214f45c91bb
(net: provide default_advmss() methods to blackhole dst_ops)
Signed-off-by: Held Bernhard <berny156@gmx.de>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hans Petter Selasky [Mon, 25 Apr 2011 05:35:19 +0000 (22:35 -0700)]
cdc_ncm: fix short packet issue on some devices
The default maximum transmit length for NCM USB frames should be so
that a short packet happens at the end if the device supports a length
greater than the defined maximum. This is achieved by adding 4 bytes
to the maximum length so that the existing logic can fit a short
packet there.
Signed-off-by: Hans Petter Selasky <hselasky@c2i.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 24 Apr 2011 18:51:04 +0000 (11:51 -0700)]
Merge branch 'davem.r8169' of git://git./linux/kernel/git/romieu/netdev-2.6
François Romieu [Sun, 24 Apr 2011 15:38:48 +0000 (17:38 +0200)]
r8169: don't request firmware when there's no userspace.
The firmware is cached during the first successfull call to open() and
released once the network device is unregistered. The driver uses the
cached firmware between open() and unregister_netdev().
So far the firmware is optional : a failure to load the firmware does
not prevent open() to success. It is thus necessary to 1) unregister
all 816x / 810[23] devices and 2) force a driver probe to issue a new
firmware load.
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Fixed-by: Ciprian Docan <docan@eden.rutgers.edu>
Cc: Realtek linux nic maintainers <nic_swsd@realtek.com>
Vladislav Zolotarov [Sat, 23 Apr 2011 07:44:46 +0000 (07:44 +0000)]
bnx2x: fix UDP csum offload
Fixed packets parameters for FW in UDP checksum offload flow.
Do not dereference TCP headers on non TCP frames.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Horman [Fri, 22 Apr 2011 08:10:59 +0000 (08:10 +0000)]
netconsole: fix deadlock when removing net driver that netconsole is using (v2)
A deadlock was reported to me recently that occured when netconsole was being
used in a virtual guest. If the virtio_net driver was removed while netconsole
was setup to use an interface that was driven by that driver, the guest
deadlocked. No backtrace was provided because netconsole was the only console
configured, but it became clear pretty quickly what the problem was. In
netconsole_netdev_event, if we get an unregister event, we call
__netpoll_cleanup with the target_list_lock held and irqs disabled.
__netpoll_cleanup can, if pending netpoll packets are waiting call
cancel_delayed_work_sync, which is a sleeping path. the might_sleep call in
that path gets triggered, causing a console warning to be issued. The
netconsole write handler of course tries to take the target_list_lock again,
which we already hold, causing deadlock.
The fix is pretty striaghtforward. Simply drop the target_list_lock and
re-enable irqs prior to calling __netpoll_cleanup, the re-acquire the lock, and
restart the loop. Confirmed by myself to fix the problem reported.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 22 Apr 2011 20:21:38 +0000 (13:21 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6
David S. Miller [Fri, 22 Apr 2011 04:17:25 +0000 (21:17 -0700)]
Revert "bridge: Forward reserved group addresses if !STP"
This reverts commit
1e253c3b8a1aeed51eef6fc366812f219b97de65.
It breaks 802.3ad bonding inside of a bridge.
The commit was meant to support transport bridging, and specifically
virtual machines bridged to an ethernet interface connected to a
switch port wiht 802.1x enabled.
But this isn't the way to do it, it breaks too many other things.
Signed-off-by: David S. Miller <davem@davemloft.net>
Tim Gardner [Wed, 20 Apr 2011 09:00:49 +0000 (09:00 +0000)]
atl1c: Fix work event interrupt/task races
The mechanism used to initiate work events from the interrupt
handler has a classic read/modify/write race between the interrupt
handler that sets the condition, and the worker task that reads and
clears the condition. Close these races by using atomic
bit fields.
Cc: stable@kernel.org
Cc: Jie Yang <jie.yang@atheros.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ivan Vecera [Thu, 21 Apr 2011 00:20:04 +0000 (00:20 +0000)]
be2net: increment work_counter in be_worker
The commit
609ff3b ("be2net: add code to display temperature of ASIC")
adds support to display temperature of ASIC but there is missing
increment of work_counter in be_worker. Because of this 1) the
function be_cmd_get_die_temperature is called every 1 second instead
of every 32 seconds 2) be_cmd_get_die_temperature is called, although
it is not supported. This patch fixes this bug.
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Egerer [Wed, 20 Apr 2011 22:56:02 +0000 (22:56 +0000)]
ipv6: Remove hoplimit initialization to -1
The changes introduced with git-commit
a02e4b7d ("ipv6: Demark default
hoplimit as zero.") missed to remove the hoplimit initialization. As a
result, ipv6_get_mtu interprets the return value of dst_metric_raw
(-1) as 255 and answers ping6 with this hoplimit. This patche removes
the line such that ping6 is answered with the hoplimit value
configured via sysctl.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andrea Galbusera [Thu, 21 Apr 2011 02:21:21 +0000 (02:21 +0000)]
powerpc: Fix multicast problem in fs_enet driver
mac-fec.c was setting individual UDP address registers instead of multicast
group address registers when joining a multicast group.
This prevented from correctly receiving UDP multicast packets.
According to datasheet, replaced hash_table_high and hash_table_low
with grp_hash_table_high and grp_hash_table_low respectively.
Also renamed hash_table_* with grp_hash_table_* in struct fec declaration
for 8xx: these registers are used only for multicast there.
Tested on a MPC5121 based board.
Build tested also against mpc866_ads_defconfig.
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Shan Wei [Tue, 19 Apr 2011 22:52:49 +0000 (22:52 +0000)]
ipv6: udp: fix the wrong headroom check
At this point, skb->data points to skb_transport_header.
So, headroom check is wrong.
For some case:bridge(UFO is on) + eth device(UFO is off),
there is no enough headroom for IPv6 frag head.
But headroom check is always false.
This will bring about data be moved to there prior to skb->head,
when adding IPv6 frag header to skb.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stanislaw Gruszka [Wed, 20 Apr 2011 14:01:46 +0000 (16:01 +0200)]
iwl4965: fix skb usage after free
Since
commit
a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Fri Feb 19 15:47:33 2010 -0800
iwlwifi: sanity check before counting number of tfds can be free
we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.
On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka [Wed, 20 Apr 2011 13:57:14 +0000 (15:57 +0200)]
iwlwifi: fix skb usage after free
Since
commit
a120e912eb51e347f36c71b60a1d13af74d30e83
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Fri Feb 19 15:47:33 2010 -0800
iwlwifi: sanity check before counting number of tfds can be free
we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.
On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link.
Cc: stable@kernel.org # 2.6.32+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 19 Apr 2011 18:44:04 +0000 (20:44 +0200)]
mac80211: fix SMPS debugfs locking
The locking with SMPS requests means that the
debugs file should lock the mgd mutex, not the
iflist mutex. Calls to __ieee80211_request_smps()
need to hold that mutex, so add an assertion.
This has always been wrong, but for some reason
never been noticed, probably because the locking
error only happens while unassociated.
Cc: stable@kernel.org [2.6.34+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 20 Apr 2011 19:56:44 +0000 (15:56 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/padovan/bluetooth-2.6
Oliver Hartkopp [Wed, 20 Apr 2011 01:57:15 +0000 (01:57 +0000)]
can: add missing socket check in can/raw release
v2: added space after 'if' according code style.
We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.
Thanks to Dave Jones pointing at this issue in net/can/bcm.c
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Bohac [Tue, 19 Apr 2011 02:09:55 +0000 (02:09 +0000)]
bonding: 802.3ad - fix agg_device_up
The slave member of struct aggregator does not necessarily point
to a slave which is part of the aggregator. It points to the
slave structure containing the aggregator structure, while
completely different slaves (or no slaves at all) may be part of
the aggregator.
The agg_device_up() function wrongly uses agg->slave to find the state
of the aggregator. Use agg->lag_ports->slave instead. The bug has
been introduced by commit
4cd6fe1c6483cde93e2ec91f58b7af9c9eea51ad
("bonding: fix link down handling in 802.3ad mode").
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Breno Leitao [Tue, 19 Apr 2011 09:39:22 +0000 (09:39 +0000)]
ehea: Fix a DLPAR bug on ehea_rereg_mrs().
We are currently continuing if ehea_restart_qps() fails, when we
do a memory DLPAR (remove or add more memory to the system).
This patch just let the NAPI disabled if the ehea_restart_qps()
fails.
Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dave Jones [Wed, 20 Apr 2011 03:36:59 +0000 (20:36 -0700)]
can: Add missing socket check in can/bcm release.
We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Felix Fietkau [Thu, 14 Apr 2011 22:41:43 +0000 (00:41 +0200)]
ath9k: fix the return value of ath_stoprecv
The patch 'ath9k_hw: fix stopping rx DMA during resets' added code to detect
a condition where rx DMA was stopped, but the MAC failed to enter the idle
state. This condition requires a hardware reset, however the return value
of ath_stoprecv was 'true' in that case, which allowed it to skip the reset
when issuing a fast channel change.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Paul Stewart <pstew@google.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
David S. Miller [Tue, 19 Apr 2011 18:28:35 +0000 (11:28 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-2.6
Jozsef Kadlecsik [Tue, 19 Apr 2011 13:59:15 +0000 (15:59 +0200)]
netfilter: ipset: Fix the order of listing of sets
A restoreable saving of sets requires that list:set type of sets
come last and the code part which should have taken into account
the ordering was broken. The patch fixes the listing order.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Ruiyi Zhang [Mon, 18 Apr 2011 03:04:30 +0000 (11:04 +0800)]
Bluetooth: Only keeping SAR bits when retransmitting one frame.
When retrasmitting one frame, only SAR bits in control field should
be kept.
Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Luiz Augusto von Dentz [Fri, 8 Apr 2011 14:10:41 +0000 (17:10 +0300)]
Bluetooth: fix shutdown on SCO sockets
shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.
Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Vinicius Costa Gomes [Mon, 11 Apr 2011 21:46:55 +0000 (18:46 -0300)]
Bluetooth: Fix keeping the command timer running
In the teardown path the reset command is sent to the controller,
this event causes the command timer to be reactivated.
So the timer is removed in two situations, when the adapter isn't
marked as UP and when we know that some command has been sent.
Reported-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Ville Tervo [Thu, 7 Apr 2011 11:59:50 +0000 (14:59 +0300)]
Bluetooth: Fix refcount balance for hci connection
hci_io_capa_reply_evt() holds reference for hciconnection. It's useless since
hci_io_capa_request_evt()/hci_simple_pair_complete_evt() already protects the
connection. In addition it leaves connection open after failed SSP pairing.
Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Daniel Halperin [Wed, 6 Apr 2011 19:47:25 +0000 (12:47 -0700)]
iwlwifi: fix frame injection for HT channels
For some reason, sending QoS configuration causes transmission to stop
after a single frame on HT channels when not associated. Removing the
extra QoS configuration has no effect on station mode, and fixes
injection mode.
Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Krishna Kumar [Thu, 14 Apr 2011 06:07:04 +0000 (06:07 +0000)]
ip6_pol_route panic: Do not allow VLAN on loopback
Several tests in the ipv6 routing code check IFF_LOOPBACK, and
allowing stacking such as VLAN'ing on top of loopback results in a
netdevice which reports IFF_LOOPBACK but really isn't the loopback
device.
Instead of spamming the ipv6 routing code with even more special tests,
simply disallow VLAN over loopback.
The result of this patch is:
# modprobe 8021q
# vconfig add lo 43
ERROR: trying to add VLAN #43 to IF -:lo:- error: Operation not supported
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yaniv Rosner [Mon, 18 Apr 2011 00:50:01 +0000 (17:50 -0700)]
bnx2x: Fix port identification problem
This patch fixes port identification on optic devices when there's no link on the port.
Signed-off-by: Yaniv Rosner <yanivr@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Francois Romieu [Mon, 18 Apr 2011 00:46:40 +0000 (17:46 -0700)]
r8169: add Realtek as maintainer.
Per Hayes's request.
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 14 Apr 2011 05:55:37 +0000 (05:55 +0000)]
ip: ip_options_compile() resilient to NULL skb route
Scot Doyle demonstrated ip_options_compile() could be called with an skb
without an attached route, using a setup involving a bridge, netfilter,
and forged IP packets.
Let's make ip_options_compile() and ip_options_rcv_srr() a bit more
robust, instead of changing bridge/netfilter code.
With help from Hiroaki SHIMODA.
Reported-by: Scot Doyle <lkml@scotdoyle.com>
Tested-by: Scot Doyle <lkml@scotdoyle.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Rasesh Mody [Thu, 14 Apr 2011 08:05:19 +0000 (08:05 +0000)]
bna: fix memory leak during RX path cleanup
The memory leak was caused by unintentional assignment of the Rx path
destroy callback function pointer to NULL just after correct
initialization.
Signed-off-by: Debashis Dutt <ddutt@brocade.com>
Signed-off-by: Rasesh Mody <rmody@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Rasesh Mody [Thu, 14 Apr 2011 08:05:18 +0000 (08:05 +0000)]
bna: fix for clean fw re-initialization
During a kernel crash, bna control path state machine and firmware do not
get a notification and hence are not cleanly shutdown. The registers
holding driver/IOC state information are not reset back to valid
disabled/parking values. This causes subsequent driver initialization
to hang during kdump kernel boot. This patch, during the initialization
of first PCI function, resets corresponding register when unclean shutown
is detect by reading chip registers. This will make sure that ioc/fw
gets clean re-initialization.
Signed-off-by: Debashis Dutt <ddutt@brocade.com>
Signed-off-by: Rasesh Mody <rmody@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 14 Apr 2011 20:16:51 +0000 (13:16 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6
huajun li [Wed, 13 Apr 2011 15:43:32 +0000 (15:43 +0000)]
usbnet: Fix up 'FLAG_POINTTOPOINT' and 'FLAG_MULTI_PACKET' overlaps.
USB tethering does not work anymore since 2.6.39-rc2, but it's okay in
-rc1. The root cause is the new added mask code 'FLAG_POINTTOPOINT'
overlaps 'FLAG_MULTI_PACKET' in include/linux/usb/usbnet.h, this
causes logic issue in rx_process(). This patch cleans up the overlap.
Reported-and-Tested-by: Gottfried Haider <gottfried.haider@gmail.com>
Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stanislaw Gruszka [Wed, 13 Apr 2011 08:56:51 +0000 (10:56 +0200)]
iwlegacy: fix tx_power initialization
priv->tx_power_next is not initialized to max supported power,
but instead default value is used, what cause errors like
[ 58.597834] iwl3945 0000:03:00.0: Requested user TXPOWER 15 above upper limit 14.
[ 58.597839] iwl3945 0000:03:00.0: Error setting Tx power (-22).
if maximum tx power read from the eeprom is smaller than default.
In consequence card is unable to initialize properly. Fix the problem
and cleanup tx power initialization.
Reported-and-tested-by: Robin Dong <hao.bigrat@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
David S. Miller [Wed, 13 Apr 2011 19:01:14 +0000 (12:01 -0700)]
Revert "tcp: disallow bind() to reuse addr/port"
This reverts commit
c191a836a908d1dd6b40c503741f91b914de3348.
It causes known regressions for programs that expect to be able to use
SO_REUSEADDR to shutdown a socket, then successfully rebind another
socket to the same ID.
Programs such as haproxy and amavisd expect this to work.
This should fix kernel bugzilla 32832.
Signed-off-by: David S. Miller <davem@davemloft.net>
Amit Kumar Salecha [Tue, 12 Apr 2011 17:05:55 +0000 (17:05 +0000)]
qlcnic: limit skb frags for non tso packet
Machines are getting deadlock in four node cluster environment.
All nodes are accessing (find /gfs2 -depth -print|cpio -ocv > /dev/null)
200 GB storage on a GFS2 filesystem.
This result in memory fragmentation and driver receives 18 frags for
1448 byte packets.
For non tso packet, fw drops the tx request, if it has >14 frags.
Fixing it by pulling extra frags.
Cc: stable@kernel.org
Signed-off-by: Amit Kumar Salecha <amit.salecha@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Anatolij Gustschin [Tue, 12 Apr 2011 23:49:28 +0000 (23:49 +0000)]
net: can: mscan: fix build breakage in mpc5xxx_can
Commit
74888760d40b3ac9054f9c5fa07b566c0676ba2d
"dt/net: Eliminate users of of_platform_{,un}register_driver"
broke building mscan driver. Fix it.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Cc: Grant Likely <grant.likely@secretlab.ca>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jozsef Kadlecsik [Wed, 13 Apr 2011 11:45:57 +0000 (13:45 +0200)]
netfilter: ipset: set match and SET target fixes
The SET target with --del-set did not work due to using wrongly
the internal dimension of --add-set instead of --del-set.
Also, the checkentries did not release the set references when
returned an error. Bugs reported by Lennert Buytenhek.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Jozsef Kadlecsik [Wed, 13 Apr 2011 11:43:23 +0000 (13:43 +0200)]
netfilter: ipset: bitmap:ip,mac type requires "src" for MAC
Enforce that the second "src/dst" parameter of the set match and SET target
must be "src", because we have access to the source MAC only in the packet.
The previous behaviour, that the type required the second parameter
but actually ignored the value was counter-intuitive and confusing.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>