05 Jan, 2012
27 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
fix CAN MAINTAINERS SCM tree type
mwifiex: fix crash during simultaneous scan and connect
b43: fix regression in PIO case
ath9k: Fix kernel panic in AR2427 in AP mode
CAN MAINTAINERS update
net: fsl: fec: fix build for mx23-only kernel
sch_qfq: fix overflow in qfq_update_start()
Revert "Bluetooth: Increase HCI reset timeout in hci_dev_do_close" -
bitmap size sanity checks should be done *before* allocating ->s_root;
there their cleanup on failure would be correct. As it is, we do iput()
on root inode, but leak the root dentry...Signed-off-by: Al Viro
Acked-by: Josh Boyer
Signed-off-by: Linus Torvalds -
This is the temporary simple fix for 3.2, we need more changes in this
area.1. do_signal_stop() assumes that the running untraced thread in the
stopped thread group is not possible. This was our goal but it is
not yet achieved: a stopped-but-resumed tracee can clone the running
thread which can initiate another group-stop.Remove WARN_ON_ONCE(!current->ptrace).
2. A new thread always starts with ->jobctl = 0. If it is auto-attached
and this group is stopped, __ptrace_unlink() sets JOBCTL_STOP_PENDING
but JOBCTL_STOP_SIGMASK part is zero, this triggers WANR_ON(!signr)
in do_jobctl_trap() if another debugger attaches.Change __ptrace_unlink() to set the artificial SIGSTOP for report.
Alternatively we could change ptrace_init_task() to copy signr from
current, but this means we can copy it for no reason and hide the
possible similar problems.Acked-by: Tejun Heo
Cc: [3.1]
Signed-off-by: Oleg Nesterov
Signed-off-by: Linus Torvalds -
Test-case:
int main(void)
{
int pid, status;pid = fork();
if (!pid) {
for (;;) {
if (!fork())
return 0;
if (waitpid(-1, &status, 0) < 0) {
printf("ERR!! wait: %m\n");
return 0;
}
}
}assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0);
assert(waitpid(-1, NULL, 0) == pid);assert(ptrace(PTRACE_SETOPTIONS, pid, 0,
PTRACE_O_TRACEFORK) == 0);do {
ptrace(PTRACE_CONT, pid, 0, 0);
pid = waitpid(-1, NULL, 0);
} while (pid > 0);return 1;
}It fails because ->real_parent sees its child in EXIT_DEAD state
while the tracer is going to change the state back to EXIT_ZOMBIE
in wait_task_zombie().The offending commit is 823b018e which moved the EXIT_DEAD check,
but in fact we should not blame it. The original code was not
correct as well because it didn't take ptrace_reparented() into
account and because we can't really trust ->ptrace.This patch adds the additional check to close this particular
race but it doesn't solve the whole problem. We simply can't
rely on ->ptrace in this case, it can be cleared if the tracer
is multithreaded by the exiting ->parent.I think we should kill EXIT_DEAD altogether, we should always
remove the soon-to-be-reaped child from ->children or at least
we should never do the DEAD->ZOMBIE transition. But this is too
complex for 3.2.Reported-and-tested-by: Denys Vlasenko
Tested-by: Lukasz Michalik
Acked-by: Tejun Heo
Cc: [3.0+]
Signed-off-by: Oleg Nesterov
Signed-off-by: Linus Torvalds -
* git://git.samba.org/sfrench/cifs-2.6:
[CIFS] default ntlmv2 for cifs mount delayed to 3.3
cifs: fix bad buffer length check in coalesce_t2 -
This ensures a linear behaviour when filling /proc/net/if_inet6 thus making
ifconfig run really fast on IPv6 only addresses. In fact, with this patch and
the IPv4 one sent a while ago, ifconfig will run in linear time regardless of
address type.IPv4 related patch: f04565ddf52e401880f8ba51de0dff8ba51c99fd
dev: use name hash for dev_seq_ops
...Some statistics (running ifconfig > /dev/null on a different setup):
iface count / IPv6 no-patch time / IPv6 patched time / IPv4 time
----------------------------------------------------------------
6250 | 0.23 s | 0.13 s | 0.11 s
12500 | 0.62 s | 0.28 s | 0.22 s
25000 | 2.91 s | 0.57 s | 0.46 s
50000 | 11.37 s | 1.21 s | 0.94 s
128000 | 86.78 s | 3.05 s | 2.54 sSigned-off-by: Mihai Maruseac
Cc: Daniel Baluta
Signed-off-by: David S. Miller -
checkpatch.pl complained about the line exceding 80 columns, and the
comment was actually on the same line as the code, fix that.Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
instead of __attribute__((__aligned(size)__))
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
Bit 1 is the reset bit of the MAC status machine register, define and
use it.Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
MAC_RST bit is already defined, use it instead of 0x1 where applicable.
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
Define more MCR0-register bits and use them in place of the bits values.
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
Since the conversion to phylib (3831861b: r6040: implement phylib) some
PHY-related variables and definitions are now useless, remove them.Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
We should use an unique MDIO bus name which does not clash with anything
else in the system like the Fixed MDIO bus. The bus is now named:
r6040- which is unique in the system.Reported-by: Vladimir Kolpakov
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
Recently Dave noticed that a test we did in ipv6_add_addr to see if we next hop
route for the interface we're adding an addres to was wrong (see commit
7ffbcecbeed91e5874e9a1cfc4c0cbb07dac3069). for one, it never triggers, and two,
it was completely wrong to begin with. This test was meant to cover this
section of RFC 4429:3.3 Modifications to RFC 2462 Stateless Address Autoconfiguration
* (modifies section 5.5) A host MAY choose to configure a new address
as an Optimistic Address. A host that does not know the SLLAO
of its router SHOULD NOT configure a new address as Optimistic.
A router SHOULD NOT configure an Optimistic Address.This patch should bring us into proper compliance with the above clause. Since
we only add a SLAAC address after we've received a RA which may or may not
contain a source link layer address option, we can pass a pointer to that option
to addrconf_prefix_rcv (which may be null if the option is not present), and
only set the optimistic flag if the option was found in the RA.Change notes:
(v2) modified the new parameter to addrconf_prefix_rcv to be a bool rather than
a pointer to make its use more clear as per request from davem.Signed-off-by: Neil Horman
CC: "David S. Miller"
CC: Hideaki YOSHIFUJI
Signed-off-by: David S. Miller -
SFQ q->perturbation is used in sfq_hash() as an input to Jenkins hash.
We currently randomize this 32bit value only if a perturbation timer is
setup.Its much better to always initialize it to defeat attackers, or else
they can predict very well what kind of packets they have to forge to
hit a particular flow.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Since commit 817fb15dfd98 (net_sched: sfq: allow divisor to be a
parameter), we can leave perturbation timer armed if a memory allocation
error aborts sfq_init().Memory containing active struct timer_list is freed and kernel can
crash.Call sfq_destroy() from sfq_init() to properly dismantle qdisc.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
All implementations have been converted to implement set_rxnfc
instead.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
These new functions will support an implementation of the ethtool
RX NFC rules API.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Filter IDs are u32 (but never very large) so an ID/error return
value should have type s32.Filter indices and search depths are never negative, so should
have type unsigned int.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Also add note that the efx_filter_spec::priority field has nothing
to do with priority between multiple matching filters.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Define special location values for RX NFC that request the driver to
select the actual rule location. This allows for implementation on
devices that use hash-based filter lookup, whereas currently the API is
more suited to devices with TCAM lookup or linear search.In ethtool_set_rxnfc() and the compat wrapper ethtool_ioctl(), copy
the structure back to user-space after insertion so that the actual
location is returned.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Currently the driver only uses location values to maintain an ordered
list of filters. Make it reject location values >= MAX_FILER_IDX
passed to the ETHTOOL_SRXCLSRLINS command, consistent with the range
it reports for the ETHTOOL_GRXCLSRLALL command.Signed-off-by: Ben Hutchings
Acked-by: Sebastian Pöhn
Signed-off-by: David S. Miller -
…wireless into for-davem
04 Jan, 2012
13 commits
-
This reverts commit 93b2ec0128c431148b216b8f7337c1a52131ef03.
The call to "schedule_work()" in rtc_initialize_alarm() happens too
early, and can cause oopses at bootupNeil Brown explains why we do it:
"If you set an alarm in the future, then shutdown and boot again after
that time, then you will end up with a timer_queue node which is in
the past.When this happens the queue gets stuck. That entry-in-the-past won't
get removed until and interrupt happens and an interrupt won't happen
because the RTC only triggers an interrupt when the alarm is "now".So you'll find that e.g. "hwclock" will always tell you that
'select' timed out.So we force the interrupt work to happen at the start just in case."
and has a patch that convert it to do things in-process rather than with
the worker thread, but right now it's too late to play around with this,
so we just revert the patch that caused problems for now.Reported-by: Sander Eikelenboom
Requested-by: Konrad Rzeszutek Wilk
Requested-by: John Stultz
Cc: Neil Brown
Signed-off-by: Linus Torvalds -
Turned out the ntlmv2 (default security authentication)
upgrade was harder to test than expected, and we ran
out of time to test against Apple and a few other servers
that we wanted to. Delay upgrade of default security
from ntlm to ntlmv2 (on mount) to 3.3. Still works
fine to specify it explicitly via "sec=ntlmv2" so this
should be fine.Acked-by: Jeff Layton
Signed-off-by: Steve French -
The current check looks to see if the RFC1002 length is larger than
CIFSMaxBufSize, and fails if it is. The buffer is actually larger than
that by MAX_CIFS_HDR_SIZE.This bug has been around for a long time, but the fact that we used to
cap the clients MaxBufferSize at the same level as the server tended
to paper over it. Commit c974befa changed that however and caused this
bug to bite in more cases.Reported-and-Tested-by: Konstantinos Skarlatos
Tested-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
Signed-off-by: Steve French -
This reverts commit c0afabd3d553c521e003779c127143ffde55a16f.
It causes failures on Toshiba laptops - instead of disabling the alarm,
it actually seems to enable it on the affected laptops, resulting in
(for example) the laptop powering on automatically five minutes after
shutdown.There's a patch for it that appears to work for at least some people,
but it's too late to play around with this, so revert for now and try
again in the next merge window.See for example
http://bugs.debian.org/652869
Reported-and-bisected-by: Andreas Friedrich (Toshiba Tecra)
Reported-by: Antonio-M. Corbi Bellot (Toshiba Portege R500)
Reported-by: Marco Santos (Toshiba Portege Z830)
Reported-by: Christophe Vu-Brugier (Toshiba Portege R830)
Cc: Jonathan Nieder
Requested-by: John Stultz
Cc: stable@kernel.org # for the versions that applied this
Signed-off-by: Linus Torvalds -
SMSC LAN generation 4 chips integrate an IEEE 802.3 ethernet physical layer.
The PHY driver for this integrated chip enable an energy detect power-down mode.
When the PHY is in a power-down mode, it prevents the MAC portion chip to be
software reseted.That means that if we compile the kernel with the configuration option SMSC_PHY
enabled and try to bring the network interface up without an cable plug-ed the
PHY will be in a low power mode and the software reset will fail returning -EIO
to user-space:root@igep00x0:~# ifconfig eth0 up
ifconfig: SIOCSIFFLAGS: Input/output errorThis patch disable the energy detect power-down mode before trying to software
reset the LAN chip and re-enables after it was reseted successfully.Signed-off-by: Javier Martinez Canillas
Signed-off-by: David S. Miller -
SMSC generation 4 LAN chips integrate an IEEE 802.3 ethernet physical layer.
The ethernet driver for this family of devices needs to access the SMSC PHY
registers and bit-fields.So, this patch moves these constants to a place where it can be used for both
the PHY and LAN drivers.Signed-off-by: Javier Martinez Canillas
Signed-off-by: David S. Miller -
vfork parent uninterruptibly and unkillably waits for its child to
exec/exit. This wait is of unbounded length. Ignore such waits
in the hung_task detector.Signed-off-by: Mandeep Singh Baines
Reported-by: Sasha Levin
LKML-Reference:
Cc: Linus Torvalds
Cc: Ingo Molnar
Cc: Peter Zijlstra
Cc: Andrew Morton
Cc: John Kacur
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds -
Commit 1e39f384bb01 ("evm: fix build problems") makes the stub version
of security_old_inode_init_security() return 0 when CONFIG_SECURITY is
not set.But that makes callers such as reiserfs_security_init() assume that
security_old_inode_init_security() has set name, value, and len
arguments properly - but security_old_inode_init_security() left them
uninitialized which then results in interesting failures.Revert security_old_inode_init_security() to the old behavior of
returning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this
just fine.[ Also fixed the S_PRIVATE(inode) case of the actual non-stub
security_old_inode_init_security() function to return EOPNOTSUPP
for the same reason, as pointed out by Mimi Zohar.It got incorrectly changed to match the new function in commit
fb88c2b6cbb1: "evm: fix security/security_old_init_security return
code". - Linus ]Reported-by: Jorge Bastos
Acked-by: James Morris
Acked-by: Mimi Zohar
Signed-off-by: Jan Kara
Signed-off-by: Linus Torvalds -
…wireless-next into for-davem
Conflicts:
drivers/net/wireless/b43/dma.c
drivers/net/wireless/brcm80211/brcmfmac/dhd_linux.c -
As pointed out by Joe Perches the SCM tree type was missing in my patch.
Signed-off-by: Oliver Hartkopp
CC: Oliver Hartkopp
CC: Urs Thuermann
CC: Wolfgang Grandegger
CC: Marc Kleine-Budde
CC: linux-can@vger.kernel.org -
If 'iw connect' command is fired when driver is already busy in
serving 'iw scan' command, ssid specific scan operation for connect
is skipped. In this case cmd wait queue handler gets called with no
command in queue (i.e. adapter->cmd_queued = NULL).This patch adds a NULL check in mwifiex_wait_queue_complete()
routine to fix crash observed during simultaneous scan and assoc
operations.Signed-off-by: Amitkumar Karwar
Signed-off-by: Bing Zhao
Signed-off-by: John W. Linville -
This patch fixes the regression, introduced by
commit 17030f48e31adde5b043741c91ba143f5f7db0fd
From: Rafał Miłecki
Date: Thu, 11 Aug 2011 17:16:27 +0200
Subject: [PATCH] b43: support new RX header, noticed to be used in 598.314+ fwin PIO case.
Signed-off-by: Guennadi Liakhovetski
Signed-off-by: John W. Linville -
don't do aggregation related stuff for 'AP mode client power save
handling' if aggregation is not enabled in the driver, otherwise it
will lead to panic because those data structures won't be never
intialized in 'ath_tx_node_init' if aggregation is disabledEIP is at ath_tx_aggr_wakeup+0x37/0x80 [ath9k]
EAX: e8c09a20 EBX: f2a304e8 ECX: 00000001 EDX: 00000000
ESI: e8c085e0 EDI: f2a304ac EBP: f40e1ca4 ESP: f40e1c8c
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper/1 (pid: 0, ti=f40e0000 task=f408e860
task.ti=f40dc000)
Stack:
0001e966 e8c09a20 00000000 f2a304ac e8c085e0 f2a304ac
f40e1cb0 f8186741
f8186700 f40e1d2c f922988d f2a304ac 00000202 00000001
c0b4ba43 00000000
0000000f e8eb75c0 e8c085e0 205b0001 34383220 f2a304ac
f2a30000 00010020
Call Trace:
[] ath9k_sta_notify+0x41/0x50 [ath9k]
[] ? ath9k_get_survey+0x110/0x110 [ath9k]
[] ieee80211_sta_ps_deliver_wakeup+0x9d/0x350
[mac80211]
[] ? __module_address+0x95/0xb0
[] ap_sta_ps_end+0x63/0xa0 [mac80211]
[] ieee80211_rx_h_sta_process+0x156/0x2b0
[mac80211]
[] ieee80211_rx_handlers+0xce/0x510 [mac80211]
[] ? trace_hardirqs_on+0xb/0x10
[] ? skb_queue_tail+0x3e/0x50
[] ieee80211_prepare_and_rx_handle+0x111/0x750
[mac80211]
[] ieee80211_rx+0x349/0xb20 [mac80211]
[] ? ieee80211_rx+0x99/0xb20 [mac80211]
[] ath_rx_tasklet+0x818/0x1d00 [ath9k]
[] ? ath9k_tasklet+0x35/0x1c0 [ath9k]
[] ? ath9k_tasklet+0x35/0x1c0 [ath9k]
[] ath9k_tasklet+0xf3/0x1c0 [ath9k]
[] tasklet_action+0xbe/0x180Cc: stable@kernel.org
Cc: Senthil Balasubramanian
Cc: Rajkumar Manoharan
Reported-by: Ashwin Mendonca
Tested-by: Ashwin Mendonca
Signed-off-by: Mohammed Shafi Shajakhan
Signed-off-by: John W. Linville