22 Sep, 2009
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
18 Sep, 2009
3 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (66 commits)
be2net: fix some cmds to use mccq instead of mbox
atl1e: fix 2.6.31-git4 -- ATL1E 0000:03:00.0: DMA-API: device driver frees DMA
pkt_sched: Fix qstats.qlen updating in dump_stats
ipv6: Log the affected address when DAD failure occurs
wl12xx: Fix print_mac() conversion.
af_iucv: fix race when queueing skbs on the backlog queue
af_iucv: do not call iucv_sock_kill() twice
af_iucv: handle non-accepted sockets after resuming from suspend
af_iucv: fix race in __iucv_sock_wait()
iucv: use correct output register in iucv_query_maxconn()
iucv: fix iucv_buffer_cpumask check when calling IUCV functions
iucv: suspend/resume error msg for left over pathes
wl12xx: switch to %pM to print the mac address
b44: the poll handler b44_poll must not enable IRQ unconditionally
ipv6: Ignore route option with ROUTER_PREF_INVALID
bonding: make ab_arp select active slaves as other modes
cfg80211: fix SME connect
rc80211_minstrel: fix contention window calculation
ssb/sdio: fix printk format warnings
p54usb: add Zcomax XG-705A usbid
... -
Some classful qdiscs miss qstats.qlen updating with q.qlen of their
child qdiscs in dump_stats methods.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
If an interface has multiple addresses, the current message for DAD
failure isn't really helpful, so this patch adds the address itself to
the printk.Signed-off-by: Jens Rosenboom
Signed-off-by: David S. Miller
17 Sep, 2009
12 commits
-
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.This results in the following kernel panic:
Unable to handle kernel pointer dereference at virtual kernel address (null)
Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
CPU: 0 Not tainted 2.6.30 #4
Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
0000000000000000 0000000000007800 0000000000000000 0000000000000000
00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
000000000043ebc2: 5930c23c c %r3,572(%r12)
000000000043ebc6: a724004c brc 2,43ec5e
>000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
000000000043ebd0: a7190000 lghi %r1,0
000000000043ebd4: e310b0200024 stg %r1,32(%r11)
000000000043ebda: c010ffffdce9 larl %r1,43a5ac
000000000043ebe0: e310b0800024 stg %r1,128(%r11)
Call Trace:
([] sock_queue_rcv_skb+0x58/0x138)
[] iucv_process_message+0x112/0x3cc [af_iucv]
[] iucv_callback_rx+0x1f0/0x274 [af_iucv]
[] iucv_message_pending+0xa2/0x120
[] iucv_tasklet_fn+0x176/0x1b8
[] tasklet_action+0xfe/0x1f4
[] __do_softirq+0x116/0x284
[] do_softirq+0xe4/0xe8
[] irq_exit+0xba/0xd8
[] do_extint+0x146/0x190
[] ext_no_vtime+0x1e/0x22
[] kfree+0x202/0x28c
([] kfree+0x1f8/0x28c)
[] __kfree_skb+0x32/0x124
[] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
[] sock_aio_read+0x136/0x160
[] do_sync_read+0xe4/0x13c
[] vfs_read+0x152/0x15c
[] SyS_read+0x54/0xac
[] sysc_noemu+0x10/0x16
[] 0x42ff8def3cSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
For non-accepted sockets on the accept queue, iucv_sock_kill()
is called twice (in iucv_sock_close() and iucv_sock_cleanup_listen()).
This typically results in a kernel oops as shown below.Remove the duplicate call to iucv_sock_kill() and set the SOCK_ZAPPED
flag in iucv_sock_close() only.The iucv_sock_kill() function frees a socket only if the socket is zapped
and orphaned (sk->sk_socket == NULL):
- Non-accepted sockets are always orphaned and, thus, iucv_sock_kill()
frees the socket twice.
- For accepted sockets or sockets created with iucv_sock_create(),
sk->sk_socket is initialized. This caused the first call to
iucv_sock_kill() to return immediately. To free these sockets,
iucv_sock_release() uses sock_orphan() before calling iucv_sock_kill().Unable to handle kernel pointer dereference at virtual kernel address 000000003edd3000
Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod qeth vmur ccwgroup
CPU: 0 Not tainted 2.6.30 #4
Process iucv_sock_close (pid: 2486, task: 000000003aea4340, ksp: 000000003b75bc68)
Krnl PSW : 0704200180000000 000003e00168e23a (iucv_sock_kill+0x2e/0xcc [af_iucv])
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
Krnl GPRS: 0000000000000000 000000003b75c000 000000003edd37f0 0000000000000001
000003e00168ec62 000000003988d960 0000000000000000 000003e0016b0608
000000003fe81b20 000000003839bb58 00000000399977f0 000000003edd37f0
000003e00168b000 000003e00168f138 000000003b75bcd0 000000003b75bc98
Krnl Code: 000003e00168e22a: c0c0ffffe6eb larl %r12,3e00168b000
000003e00168e230: b90400b2 lgr %r11,%r2
000003e00168e234: e3e0f0980024 stg %r14,152(%r15)
>000003e00168e23a: e310225e0090 llgc %r1,606(%r2)
000003e00168e240: a7110001 tmll %r1,1
000003e00168e244: a7840007 brc 8,3e00168e252
000003e00168e248: d507d00023c8 clc 0(8,%r13),968(%r2)
000003e00168e24e: a7840009 brc 8,3e00168e260
Call Trace:
([] afiucv_dbf+0x0/0xfffffffffffdea20 [af_iucv])
[] iucv_sock_close+0x130/0x368 [af_iucv]
[] iucv_sock_release+0x5e/0xe4 [af_iucv]
[] sock_release+0x44/0x104
[] sock_close+0x32/0x50
[] __fput+0xf4/0x250
[] filp_close+0x7a/0xa8
[] SyS_close+0xe2/0x148
[] sysc_noemu+0x10/0x16
[] 0x42ff8deeacSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
After resuming from suspend, all af_iucv sockets are disconnected.
Ensure that iucv_accept_dequeue() can handle disconnected sockets
which are not yet accepted.Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
Moving prepare_to_wait before the condition to avoid a race between
schedule_timeout and wake up.
The race can appear during iucv_sock_connect() and iucv_callback_connack().Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
The iucv_query_maxconn() function uses the wrong output register and
stores the size of the interrupt buffer instead of the maximum number
of connections.According to the QUERY IUCV function, general register 1 contains the
maximum number of connections.If the maximum number of connections is not set properly, the following
warning is displayed:Badness at /usr/src/kernel-source/2.6.30-39.x.20090806/net/iucv/iucv.c:1808
Modules linked in: netiucv fsm af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
CPU: 0 Tainted: G W 2.6.30 #4
Process seq (pid: 16925, task: 0000000030e24a40, ksp: 000000003033bd98)
Krnl PSW : 0404200180000000 000000000053b270 (iucv_external_interrupt+0x64/0x224)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
Krnl GPRS: 00000000011279c2 00000000014bdb70 0029000000000000 0000000000000029
000000000053b236 000000000001dba4 0000000000000000 0000000000859210
0000000000a67f68 00000000008a6100 000000003f83fb90 0000000000004000
000000003f8c7bc8 00000000005a2250 000000000053b236 000000003fc2fe08
Krnl Code: 000000000053b262: e33010000021 clg %r3,0(%r1)
000000000053b268: a7440010 brc 4,53b288
000000000053b26c: a7f40001 brc 15,53b26e
>000000000053b270: c03000184134 larl %r3,8434d8
000000000053b276: eb220030000c srlg %r2,%r2,48
000000000053b27c: eb6ff0a00004 lmg %r6,%r15,160(%r15)
000000000053b282: c0f4fffff6a7 brcl 15,539fd0
000000000053b288: 4310a003 ic %r1,3(%r10)
Call Trace:
([] iucv_external_interrupt+0x2a/0x224)
[] do_extint+0x132/0x190
[] ext_no_vtime+0x1e/0x22
[] _spin_unlock_irqrestore+0x96/0xa4
([] _spin_unlock_irqrestore+0x8c/0xa4)
[] pipe_write+0x3da/0x5bc
[] do_sync_write+0xe4/0x13c
[] vfs_write+0xae/0x15c
[] SyS_write+0x54/0xac
[] sysc_noemu+0x10/0x16
[] 0x42ff8defccSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
Prior to calling IUCV functions, the DECLARE BUFFER function must have been
called for at least one CPU to receive IUCV interrupts.With commit "iucv: establish reboot notifier" (6c005961), a check has been
introduced to avoid calling IUCV functions if the current CPU does not have
an interrupt buffer declared.
Because one interrupt buffer is sufficient, change the condition to ensure
that one interrupt buffer is available.In addition, checking the buffer on the current CPU creates a race with
CPU up/down notifications: before checking the buffer, the IUCV function
might be interrupted by an smp_call_function() that retrieves the interrupt
buffer for the current CPU.
When the IUCV function continues, the check fails and -EIO is returned. If a
buffer is available on any other CPU, the IUCV function call must be invoked
(instead of failing with -EIO).Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
During suspend IUCV exploiters have to close their IUCV connections.
When restoring an image, it can be checked if all IUCV pathes had
been closed before the Linux instance was suspended. If not, an
error message is issued to indicate a problem in one of the
used programs exploiting IUCV communication.Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
RFC4191 says that "If the Reserved (10) value is received, the Route
Information Option MUST be ignored.", so this patch makes us conform
to the RFC. This is different to the usage of the Default Router
Preference, where an invalid value must indeed be treated as
PREF_MEDIUM.Signed-off-by: Jens Rosenboom
Signed-off-by: David S. Miller -
There's a check saying
/* we're good if we have both BSSID and channel */
if (wdev->conn->params.bssid && wdev->conn->params.channel) {but that isn't true -- we need the BSS struct. This leads
to errors such asTrying to associate with 00:1b:53:11:dc:40 (SSID='TEST' freq=2412 MHz)
ioctl[SIOCSIWFREQ]: No such file or directory
ioctl[SIOCSIWESSID]: No such file or directory
Association request to the driver failed
Associated with 00:1b:53:11:dc:40in wpa_supplicant, as reported by Holger.
Instead, we really need to have the BSS struct, and if we
don't, then we need to initiate a scan for it. But we may
already have the BSS struct here, so hang on to it if we
do and scan if we don't.Signed-off-by: Johannes Berg
Tested-by: Holger Schurig
Signed-off-by: John W. Linville -
The contention window is supposed to be a power of two minus one, i.e.
15, 31, 63, 127... minstrel_rate_init() forgets to subtract 1, so the
sequence becomes 15, 32, 66, 134...Bug reported by Dan Halperin
Signed-off-by: Pavel Roskin
Signed-off-by: John W. Linville
16 Sep, 2009
6 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
Driver Core: devtmpfs - kernel-maintained tmpfs-based /dev
debugfs: Modify default debugfs directory for debugging pktcdvd.
debugfs: Modified default dir of debugfs for debugging UHCI.
debugfs: Change debugfs directory of IWMC3200
debugfs: Change debuhgfs directory of trace-events-sample.h
debugfs: Fix mount directory of debugfs by default in events.txt
hpilo: add poll f_op
hpilo: add interrupt handler
hpilo: staging for interrupt handling
driver core: platform_device_add_data(): use kmemdup()
Driver core: Add support for compatibility classes
uio: add generic driver for PCI 2.3 devices
driver-core: move dma-coherent.c from kernel to driver/base
mem_class: fix bug
mem_class: use minor as index instead of searching the array
driver model: constify attribute groups
UIO: remove 'default n' from Kconfig
Driver core: Add accessor for device platform data
Driver core: move dev_get/set_drvdata to drivers/base/dd.c
Driver core: add new device to bus's list before probing -
Use uX rather than uintX_t types for consistency.
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
I have recently came across a preemption imbalance detected by:
huh, entered ffffffff80644630 with preempt_count 00000102, exited with 00000101?
------------[ cut here ]------------
kernel BUG at /usr/src/linux/kernel/timer.c:664!
invalid opcode: 0000 [1] PREEMPT SMPwith ffffffff80644630 being inet_twdr_hangman().
This appeared after I enabled CONFIG_TCP_MD5SIG and played with it a
bit, so I looked at what might have caused it.One thing that struck me as strange is tcp_twsk_destructor(), as it
calls tcp_put_md5sig_pool() -- which entails a put_cpu(), causing the
detected imbalance. Found on 2.6.23.9, but 2.6.31 is affected as well,
as far as I can tell.Signed-off-by: Robert Varga
Signed-off-by: David S. Miller -
If qdisc_get_stab returns error in qdisc_create there is skipped qdisc
ops->destroy, which is necessary because it's after ops->init at the
moment, so memory leaks are quite probable.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
Let attribute group vectors be declared "const". We'd
like to let most attribute metadata live in read-only
sections... this is a start.Signed-off-by: David Brownell
Signed-off-by: Greg Kroah-Hartman -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: (46 commits)
powerpc64: convert to dynamic percpu allocator
sparc64: use embedding percpu first chunk allocator
percpu: kill lpage first chunk allocator
x86,percpu: use embedding for 64bit NUMA and page for 32bit NUMA
percpu: update embedding first chunk allocator to handle sparse units
percpu: use group information to allocate vmap areas sparsely
vmalloc: implement pcpu_get_vm_areas()
vmalloc: separate out insert_vmalloc_vm()
percpu: add chunk->base_addr
percpu: add pcpu_unit_offsets[]
percpu: introduce pcpu_alloc_info and pcpu_group_info
percpu: move pcpu_lpage_build_unit_map() and pcpul_lpage_dump_cfg() upward
percpu: add @align to pcpu_fc_alloc_fn_t
percpu: make @dyn_size mandatory for pcpu_setup_first_chunk()
percpu: drop @static_size from first chunk allocators
percpu: generalize first chunk allocator selection
percpu: build first chunk allocators selectively
percpu: rename 4k first chunk allocator to page
percpu: improve boot messages
percpu: fix pcpu_reclaim() locking
...Fix trivial conflict as by Tejun Heo in kernel/sched.c
15 Sep, 2009
18 commits
-
Signed-off-by: Dmitry Eremin-Solenikov
-
Remove __user annotation from optlen arg as it's bogus.
Signed-off-by: Dmitry Eremin-Solenikov
-
After the recent mq change there is the new select_queue qdisc class
method used in tc_modify_qdisc, but it works OK only for direct child
qdiscs of mq qdisc. Grandchildren always get the first tx queue, which
would give wrong qdisc_root etc. results (e.g. for sch_htb as child of
sch_prio). This patch fixes it by using parent's dev_queue for such
grandchildren qdiscs. The select_queue method's return type is changed
BTW.With feedback from: Patrick McHardy
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
Parse RxRPC security index 5 type keys (Kerberos 5 tokens).
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Allow RxRPC keys to be read. This is to allow pioctl() to be implemented in
userspace. RxRPC keys are read out in XDR format.Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as
described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of
passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and
allows for future expansion.Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Declare the security index constants symbolically rather than just referring
to them numerically.Signed-off-by: David Howells
Signed-off-by: David S. Miller -
struct socket has a 16 bit hole that triggers kmemcheck warnings.
As suggested by Ingo, use kmemcheck annotations
Signed-off-by: Eric Dumazet
Acked-by: Ingo Molnar
Signed-off-by: David S. Miller -
This patch fixes commit e36b9d16c6a6d0f59803b3ef04ff3c22c3844c10. The approach
there is to call dev_close()/dev_open() whenever the device type is changed in
order to remap the device IP multicast addresses to HW multicast addresses.
This approach suffers from 2 drawbacks:*. It assumes tha the device is UP when calling dev_close(), or otherwise
dev_close() has no affect. It is worth to mention that initscripts (Redhat)
and sysconfig (Suse) doesn't act the same in this matter.
*. dev_close() has other side affects, like deleting entries from the routing
table, which might be unnecessary.The fix here is to directly remap the IP multicast addresses to HW multicast
addresses for a bonding device that changes its type, and nothing else.Reported-by: Jason Gunthorpe
Signed-off-by: Moni Shoua
Signed-off-by: David S. Miller -
When using nanosleep() in an userspace application we get a ratelimit warning
NOHZ: local_softirq_pending 08
for 10 times.
The echo of CAN frames is done from process context and softirq context only.
Therefore the usage of netif_rx() was wrong (for years).This patch replaces netif_rx() with netif_rx_ni() which has to be used from
process/softirq context. It also adds a missing comment that can_send() must
no be used from hardirq context.Signed-off-by: Oliver Hartkopp
Signed-off-by: Urs Thuermann
Signed-off-by: David S. Miller -
It was once upon time so that snd_sthresh was a 16-bit quantity.
...That has not been true for long period of time. I run across
some ancient compares which still seem to trust such legacy.
Put all that magic into a single place, I hopefully found all
of them.Compile tested, though linking of allyesconfig is ridiculous
nowadays it seems.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
After the recent mq change using ingress qdisc overwrites dev->qdisc;
there is also a wrong old qdisc pointer passed to notify_and_destroy.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
From: Rémi Denis-Courmont
Signed-off-by: Rémi Denis-Courmont
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
Remove long removed "inet_protocol_base" declaration.
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
No code change, cosmetical changes only:
* whitespace cleanup via scripts/cleanfile,
* remove self-references to filename at top of files,
* fix coding style (extraneous brackets),
* fix documentation style (kernel-doc-nano-HOWTO).Thanks are due to Ivo Augusto Calado who raised these issues by
submitting good-quality patches.Signed-off-by: Gerrit Renker
Signed-off-by: David S. Miller -
Since my commits introducing netns awareness into
genetlink we can get this problem:BUG: scheduling while atomic: modprobe/1178/0x00000002
2 locks held by modprobe/1178:
#0: (genl_mutex){+.+.+.}, at: [] genl_register_mc_grou
#1: (rcu_read_lock){.+.+..}, at: [] genl_register_mc_g
Pid: 1178, comm: modprobe Not tainted 2.6.31-rc8-wl-34789-g95cb731-dirty #
Call Trace:
[] __schedule_bug+0x85/0x90
[] schedule+0x108/0x588
[] netlink_table_grab+0xa1/0xf0
[] netlink_change_ngroups+0x47/0x100
[] genl_register_mc_group+0x12f/0x290because I overlooked that netlink_table_grab() will
schedule, thinking it was just the rwlock. However,
in the contention case, that isn't actually true.Fix this by letting the code grab the netlink table
lock first and then the RCU for netns protection.Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller
