John W. Linville [Thu, 28 Jun 2012 17:47:53 +0000 (13:47 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
David S. Miller [Wed, 27 Jun 2012 22:27:24 +0000 (15:27 -0700)]
Merge branch 'for-davem' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
here's a patch intended for v3.5, targeting net/master. Hui Wang has
found and fixed an endianness problem in the device tree handling in
the flexcan driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Tue, 26 Jun 2012 23:01:41 +0000 (23:01 +0000)]
9p: fix min_t() casting in p9pdu_vwritef()
I don't think we're actually likely to hit this limit but if we do
then the comparison should be done as size_t. The original code
is equivalent to:
len = strlen(sptr) % USHRT_MAX;
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Avinash Patil [Wed, 27 Jun 2012 19:46:24 +0000 (12:46 -0700)]
mwifiex: fix memory leak associated with IE manamgement
Free ap_custom_ie before return from function.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tom Hughes [Wed, 27 Jun 2012 17:21:15 +0000 (18:21 +0100)]
ath9k: fix panic caused by returning a descriptor we have queued for reuse
Commit
3a2923e83c introduced a bug when a corrupt descriptor
is encountered - although the following descriptor is discarded
and returned to the queue for reuse the associated frame is
also returned for processing. This leads to a panic:
BUG: unable to handle kernel NULL pointer dereference at
000000000000003a
IP: [<
ffffffffa02599a5>] ath_rx_tasklet+0x165/0x1b00 [ath9k]
Call Trace:
<IRQ>
[<
ffffffff812d7fa0>] ? map_single+0x60/0x60
[<
ffffffffa028f044>] ? ath9k_ioread32+0x34/0x90 [ath9k]
[<
ffffffffa0292eec>] athk9k_tasklet+0xdc/0x160 [ath9k]
[<
ffffffff8105e133>] tasklet_action+0x63/0xd0
[<
ffffffff8105dbc0>] __do_softirq+0xc0/0x1e0
[<
ffffffff8101a873>] ? native_sched_clock+0x13/0x80
[<
ffffffff815f9d5c>] call_softirq+0x1c/0x30
[<
ffffffff810151f5>] do_softirq+0x75/0xb0
[<
ffffffff8105df95>] irq_exit+0xb5/0xc0
[<
ffffffff815fa5b3>] do_IRQ+0x63/0xe0
[<
ffffffff815f0cea>] common_interrupt+0x6a/0x6a
<EOI>
[<
ffffffff8131840a>] ? intel_idle+0xea/0x150
[<
ffffffff813183eb>] ? intel_idle+0xcb/0x150
[<
ffffffff814a1db9>] cpuidle_enter+0x19/0x20
[<
ffffffff814a23d9>] cpuidle_idle_call+0xa9/0x240
[<
ffffffff8101c4bf>] cpu_idle+0xaf/0x120
[<
ffffffff815cda8e>] rest_init+0x72/0x74
[<
ffffffff81cf4c1a>] start_kernel+0x3b7/0x3c4
[<
ffffffff81cf4662>] ? repair_env_string+0x5e/0x5e
[<
ffffffff81cf4346>] x86_64_start_reservations+0x131/0x135
[<
ffffffff81cf444a>] x86_64_start_kernel+0x100/0x10f
Making sure bf is cleared to NULL in this case restores the
old behaviour.
Signed-off-by: Tom Hughes <tom@compton.nu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 27 Jun 2012 13:38:56 +0000 (15:38 +0200)]
mac80211: correct behaviour on unrecognised action frames
When receiving an "individually addressed" action frame, the
receiver is required to return it to the sender. mac80211
gets this wrong as it also returns group addressed (mcast)
frames to the sender. Fix this and update the reference to
the new 802.11 standards version since things were shuffled
around significantly.
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Panayiotis Karabassis [Tue, 26 Jun 2012 20:37:17 +0000 (23:37 +0300)]
ath9k: enable serialize_regmode for non-PCIE AR9287
https://bugzilla.kernel.org/show_bug.cgi?id=42903
Based on the work of <fynivx@gmail.com>
Signed-off-by: Panayiotis Karabassis <panayk@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Mon, 25 Jun 2012 23:01:12 +0000 (18:01 -0500)]
rtlwifi: rtl8192cu: New USB IDs
The latest Realtek driver for the RTL8188CU and RTL8192CU chips adds three
new USB IDs.
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Hui Wang [Wed, 27 Jun 2012 08:19:18 +0000 (16:19 +0800)]
can: flexcan: use be32_to_cpup to handle the value of dt entry
The freescale arm i.MX series platform can support this driver, and
usually the arm cpu works in the little endian mode by default, while
device tree entry value is stored in big endian format, we should use
be32_to_cpup() to handle them, after modification, it can work well
both on the le cpu and be cpu.
Cc: stable <stable@vger.kernel.org> # v3.2+
Cc: Shawn Guo <shawn.guo@linaro.org>
Signed-off-by: Hui Wang <jason77.wang@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Ian Campbell [Mon, 25 Jun 2012 22:48:41 +0000 (22:48 +0000)]
xen/netfront: teardown the device before unregistering it.
Fixes:
[ 15.470311] WARNING: at /local/scratch/ianc/devel/kernels/linux/fs/sysfs/file.c:498 sysfs_attr_ns+0x95/0xa0()
[ 15.470326] sysfs: kobject eth0 without dirent
[ 15.470333] Modules linked in:
[ 15.470342] Pid: 12, comm: xenwatch Not tainted 3.4.0-x86_32p-xenU #93
and
[ 9.150554] BUG: unable to handle kernel paging request at
2b359000
[ 9.150577] IP: [<
c1279561>] linkwatch_do_dev+0x81/0xc0
[ 9.150592] *pdpt =
000000002c3c9027 *pde =
0000000000000000
[ 9.150604] Oops: 0002 [#1] SMP
[ 9.150613] Modules linked in:
This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675190
Reported-by: George Shuklin <george.shuklin@gmail.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: William Dauchy <wdauchy@gmail.com>
Cc: stable@kernel.org
Cc: 675190@bugs.debian.org
Signed-off-by: David S. Miller <davem@davemloft.net>
stephen hemminger [Tue, 26 Jun 2012 05:48:45 +0000 (05:48 +0000)]
bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2)
This ensures that bridges created with brctl(8) or ioctl(2) directly
also carry IFLA_LINKINFO when dumped over netlink. This also allows
to create a bridge with ioctl(2) and delete it with RTM_DELLINK.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jens Freimann [Tue, 26 Jun 2012 00:59:58 +0000 (00:59 +0000)]
vhost: use USER_DS in vhost_worker thread
On some architectures address spaces are set up in a way that this is
not necessary to work properly but on some others (like s390) it is.
Make sure we operate on the user address space to allow copy_xxx_user()
from the vhost_worker() thread by setting it explicitly before calling
use_mm() and revert it after unuse_mm().
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexander Duyck [Mon, 25 Jun 2012 21:54:46 +0000 (21:54 +0000)]
ixgbe: Do not pad FCoE frames as this can cause issues with FCoE DDP
FCoE target mode was experiencing issues due to the fact that we were
sending up data frames that were padded to 60 bytes after the DDP logic had
already stripped the frame down to 52 or 56 depending on the use of VLANs.
This was resulting in the FCoE DDP logic having issues since it thought the
frame still had data in it due to the padding.
To resolve this, adding code so that we do not pad FCoE frames prior to
handling them to the stack.
CC: <stable@vger.kernel.org>
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 25 Jun 2012 05:35:45 +0000 (05:35 +0000)]
net: l2tp_eth: use LLTX to avoid LOCKDEP splats
Denys Fedoryshchenko reported a LOCKDEP issue with l2tp code.
[ 8683.927442] ======================================================
[ 8683.927555] [ INFO: possible circular locking dependency detected ]
[ 8683.927672] 3.4.1-build-0061 #14 Not tainted
[ 8683.927782] -------------------------------------------------------
[ 8683.927895] swapper/0/0 is trying to acquire lock:
[ 8683.928007] (slock-AF_INET){+.-...}, at: [<
e0fc73ec>]
l2tp_xmit_skb+0x173/0x47e [l2tp_core]
[ 8683.928121]
[ 8683.928121] but task is already holding lock:
[ 8683.928121] (_xmit_ETHER#2){+.-...}, at: [<
c02f062d>]
sch_direct_xmit+0x36/0x119
[ 8683.928121]
[ 8683.928121] which lock already depends on the new lock.
[ 8683.928121]
[ 8683.928121]
[ 8683.928121] the existing dependency chain (in reverse order) is:
[ 8683.928121]
[ 8683.928121] -> #1 (_xmit_ETHER#2){+.-...}:
[ 8683.928121] [<
c015a561>] lock_acquire+0x71/0x85
[ 8683.928121] [<
c034da2d>] _raw_spin_lock+0x33/0x40
[ 8683.928121] [<
c0304e0c>] ip_send_reply+0xf2/0x1ce
[ 8683.928121] [<
c0317dbc>] tcp_v4_send_reset+0x153/0x16f
[ 8683.928121] [<
c0317f4a>] tcp_v4_do_rcv+0x172/0x194
[ 8683.928121] [<
c031929b>] tcp_v4_rcv+0x387/0x5a0
[ 8683.928121] [<
c03001d0>] ip_local_deliver_finish+0x13a/0x1e9
[ 8683.928121] [<
c0300645>] NF_HOOK.clone.11+0x46/0x4d
[ 8683.928121] [<
c030075b>] ip_local_deliver+0x41/0x45
[ 8683.928121] [<
c03005dd>] ip_rcv_finish+0x31a/0x33c
[ 8683.928121] [<
c0300645>] NF_HOOK.clone.11+0x46/0x4d
[ 8683.928121] [<
c0300960>] ip_rcv+0x201/0x23d
[ 8683.928121] [<
c02de91b>] __netif_receive_skb+0x329/0x378
[ 8683.928121] [<
c02deae8>] netif_receive_skb+0x4e/0x7d
[ 8683.928121] [<
e08d5ef3>] rtl8139_poll+0x243/0x33d [8139too]
[ 8683.928121] [<
c02df103>] net_rx_action+0x90/0x15d
[ 8683.928121] [<
c012b2b5>] __do_softirq+0x7b/0x118
[ 8683.928121]
[ 8683.928121] -> #0 (slock-AF_INET){+.-...}:
[ 8683.928121] [<
c0159f1b>] __lock_acquire+0x9a3/0xc27
[ 8683.928121] [<
c015a561>] lock_acquire+0x71/0x85
[ 8683.928121] [<
c034da2d>] _raw_spin_lock+0x33/0x40
[ 8683.928121] [<
e0fc73ec>] l2tp_xmit_skb+0x173/0x47e
[l2tp_core]
[ 8683.928121] [<
e0fe31fb>] l2tp_eth_dev_xmit+0x1a/0x2f
[l2tp_eth]
[ 8683.928121] [<
c02e01e7>] dev_hard_start_xmit+0x333/0x3f2
[ 8683.928121] [<
c02f064c>] sch_direct_xmit+0x55/0x119
[ 8683.928121] [<
c02e0528>] dev_queue_xmit+0x282/0x418
[ 8683.928121] [<
c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
[ 8683.928121] [<
c031f524>] arp_xmit+0x22/0x24
[ 8683.928121] [<
c031f567>] arp_send+0x41/0x48
[ 8683.928121] [<
c031fa7d>] arp_process+0x289/0x491
[ 8683.928121] [<
c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
[ 8683.928121] [<
c031f7a0>] arp_rcv+0xb1/0xc3
[ 8683.928121] [<
c02de91b>] __netif_receive_skb+0x329/0x378
[ 8683.928121] [<
c02de9d3>] process_backlog+0x69/0x130
[ 8683.928121] [<
c02df103>] net_rx_action+0x90/0x15d
[ 8683.928121] [<
c012b2b5>] __do_softirq+0x7b/0x118
[ 8683.928121]
[ 8683.928121] other info that might help us debug this:
[ 8683.928121]
[ 8683.928121] Possible unsafe locking scenario:
[ 8683.928121]
[ 8683.928121] CPU0 CPU1
[ 8683.928121] ---- ----
[ 8683.928121] lock(_xmit_ETHER#2);
[ 8683.928121] lock(slock-AF_INET);
[ 8683.928121] lock(_xmit_ETHER#2);
[ 8683.928121] lock(slock-AF_INET);
[ 8683.928121]
[ 8683.928121] *** DEADLOCK ***
[ 8683.928121]
[ 8683.928121] 3 locks held by swapper/0/0:
[ 8683.928121] #0: (rcu_read_lock){.+.+..}, at: [<
c02dbc10>]
rcu_lock_acquire+0x0/0x30
[ 8683.928121] #1: (rcu_read_lock_bh){.+....}, at: [<
c02dbc10>]
rcu_lock_acquire+0x0/0x30
[ 8683.928121] #2: (_xmit_ETHER#2){+.-...}, at: [<
c02f062d>]
sch_direct_xmit+0x36/0x119
[ 8683.928121]
[ 8683.928121] stack backtrace:
[ 8683.928121] Pid: 0, comm: swapper/0 Not tainted 3.4.1-build-0061 #14
[ 8683.928121] Call Trace:
[ 8683.928121] [<
c034bdd2>] ? printk+0x18/0x1a
[ 8683.928121] [<
c0158904>] print_circular_bug+0x1ac/0x1b6
[ 8683.928121] [<
c0159f1b>] __lock_acquire+0x9a3/0xc27
[ 8683.928121] [<
c015a561>] lock_acquire+0x71/0x85
[ 8683.928121] [<
e0fc73ec>] ? l2tp_xmit_skb+0x173/0x47e [l2tp_core]
[ 8683.928121] [<
c034da2d>] _raw_spin_lock+0x33/0x40
[ 8683.928121] [<
e0fc73ec>] ? l2tp_xmit_skb+0x173/0x47e [l2tp_core]
[ 8683.928121] [<
e0fc73ec>] l2tp_xmit_skb+0x173/0x47e [l2tp_core]
[ 8683.928121] [<
e0fe31fb>] l2tp_eth_dev_xmit+0x1a/0x2f [l2tp_eth]
[ 8683.928121] [<
c02e01e7>] dev_hard_start_xmit+0x333/0x3f2
[ 8683.928121] [<
c02f064c>] sch_direct_xmit+0x55/0x119
[ 8683.928121] [<
c02e0528>] dev_queue_xmit+0x282/0x418
[ 8683.928121] [<
c02e02a6>] ? dev_hard_start_xmit+0x3f2/0x3f2
[ 8683.928121] [<
c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
[ 8683.928121] [<
c031f524>] arp_xmit+0x22/0x24
[ 8683.928121] [<
c02e02a6>] ? dev_hard_start_xmit+0x3f2/0x3f2
[ 8683.928121] [<
c031f567>] arp_send+0x41/0x48
[ 8683.928121] [<
c031fa7d>] arp_process+0x289/0x491
[ 8683.928121] [<
c031f7f4>] ? __neigh_lookup.clone.20+0x42/0x42
[ 8683.928121] [<
c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
[ 8683.928121] [<
c031f7a0>] arp_rcv+0xb1/0xc3
[ 8683.928121] [<
c031f7f4>] ? __neigh_lookup.clone.20+0x42/0x42
[ 8683.928121] [<
c02de91b>] __netif_receive_skb+0x329/0x378
[ 8683.928121] [<
c02de9d3>] process_backlog+0x69/0x130
[ 8683.928121] [<
c02df103>] net_rx_action+0x90/0x15d
[ 8683.928121] [<
c012b2b5>] __do_softirq+0x7b/0x118
[ 8683.928121] [<
c012b23a>] ? local_bh_enable+0xd/0xd
[ 8683.928121] <IRQ> [<
c012b4d0>] ? irq_exit+0x41/0x91
[ 8683.928121] [<
c0103c6f>] ? do_IRQ+0x79/0x8d
[ 8683.928121] [<
c0157ea1>] ? trace_hardirqs_off_caller+0x2e/0x86
[ 8683.928121] [<
c034ef6e>] ? common_interrupt+0x2e/0x34
[ 8683.928121] [<
c0108a33>] ? default_idle+0x23/0x38
[ 8683.928121] [<
c01091a8>] ? cpu_idle+0x55/0x6f
[ 8683.928121] [<
c033df25>] ? rest_init+0xa1/0xa7
[ 8683.928121] [<
c033de84>] ? __read_lock_failed+0x14/0x14
[ 8683.928121] [<
c0498745>] ? start_kernel+0x303/0x30a
[ 8683.928121] [<
c0498209>] ? repair_env_string+0x51/0x51
[ 8683.928121] [<
c04980a8>] ? i386_start_kernel+0xa8/0xaf
It appears that like most virtual devices, l2tp should be converted to
LLTX mode.
This patch takes care of statistics using atomic_long in both RX and TX
paths, and fix a bug in l2tp_eth_dev_recv(), which was caching skb->data
before a pskb_may_pull() call.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Cc: James Chapman <jchapman@katalix.com>
Cc: Hong zhi guo <honkiko@gmail.com>
Cc: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Tue, 26 Jun 2012 18:23:41 +0000 (14:23 -0400)]
Merge branch 'for-wireless' of git://git./linux/kernel/git/sameo/nfc-3.0
alex.bluesman.smirnov@gmail.com [Mon, 25 Jun 2012 03:30:13 +0000 (03:30 +0000)]
mac802154: add missed braces
Add missed braces after 'if' operator.
Signed-off-by: Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 11 Jun 2012 22:47:58 +0000 (00:47 +0200)]
NFC: Return from rawsock_release when sk is NULL
Sasha Levin reported following panic :
[ 2136.383310] BUG: unable to handle kernel NULL pointer dereference at
00000000000003b0
[ 2136.384022] IP: [<
ffffffff8114e400>] __lock_acquire+0xc0/0x4b0
[ 2136.384022] PGD
131c4067 PUD
11c0c067 PMD 0
[ 2136.388106] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 2136.388106] CPU 1
[ 2136.388106] Pid: 24855, comm: trinity-child1 Tainted: G W
3.5.0-rc2-sasha-00015-g7b268f7 #374
[ 2136.388106] RIP: 0010:[<
ffffffff8114e400>] [<
ffffffff8114e400>]
__lock_acquire+0xc0/0x4b0
[ 2136.388106] RSP: 0018:
ffff8800130b3ca8 EFLAGS:
00010046
[ 2136.388106] RAX:
0000000000000086 RBX:
ffff88001186b000 RCX:
0000000000000000
[ 2136.388106] RDX:
0000000000000000 RSI:
0000000000000000 RDI:
0000000000000000
[ 2136.388106] RBP:
ffff8800130b3d08 R08:
0000000000000001 R09:
0000000000000000
[ 2136.388106] R10:
0000000000000000 R11:
0000000000000001 R12:
0000000000000002
[ 2136.388106] R13:
00000000000003b0 R14:
0000000000000000 R15:
0000000000000000
[ 2136.388106] FS:
00007fa5b1bd4700(0000) GS:
ffff88001b800000(0000)
knlGS:
0000000000000000
[ 2136.388106] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 2136.388106] CR2:
00000000000003b0 CR3:
0000000011d1f000 CR4:
00000000000406e0
[ 2136.388106] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[ 2136.388106] DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
[ 2136.388106] Process trinity-child1 (pid: 24855, threadinfo
ffff8800130b2000, task
ffff88001186b000)
[ 2136.388106] Stack:
[ 2136.388106]
ffff8800130b3cd8 ffffffff81121785 ffffffff81236774
000080d000000001
[ 2136.388106]
ffff88001b9d6c00 00000000001d6c00 ffffffff130b3d08
ffff88001186b000
[ 2136.388106]
0000000000000000 0000000000000002 0000000000000000
0000000000000000
[ 2136.388106] Call Trace:
[ 2136.388106] [<
ffffffff81121785>] ? sched_clock_local+0x25/0x90
[ 2136.388106] [<
ffffffff81236774>] ? get_empty_filp+0x74/0x220
[ 2136.388106] [<
ffffffff8114e97a>] lock_acquire+0x18a/0x1e0
[ 2136.388106] [<
ffffffff836b37df>] ? rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff837c0ef0>] _raw_write_lock_bh+0x40/0x80
[ 2136.388106] [<
ffffffff836b37df>] ? rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff836b37df>] rawsock_release+0x4f/0xa0
[ 2136.388106] [<
ffffffff8321cfe8>] sock_release+0x18/0x70
[ 2136.388106] [<
ffffffff8321d069>] sock_close+0x29/0x30
[ 2136.388106] [<
ffffffff81236bca>] __fput+0x11a/0x2c0
[ 2136.388106] [<
ffffffff81236d85>] fput+0x15/0x20
[ 2136.388106] [<
ffffffff8321de34>] sys_accept4+0x1b4/0x200
[ 2136.388106] [<
ffffffff837c165c>] ? _raw_spin_unlock_irq+0x4c/0x80
[ 2136.388106] [<
ffffffff837c1669>] ? _raw_spin_unlock_irq+0x59/0x80
[ 2136.388106] [<
ffffffff837c2565>] ? sysret_check+0x22/0x5d
[ 2136.388106] [<
ffffffff8321de8b>] sys_accept+0xb/0x10
[ 2136.388106] [<
ffffffff837c2539>] system_call_fastpath+0x16/0x1b
[ 2136.388106] Code: ec 04 00 0f 85 ea 03 00 00 be d5 0b 00 00 48 c7 c7
8a c1 40 84 e8 b1 a5 f8 ff 31 c0 e9 d4 03 00 00 66 2e 0f 1f 84 00 00 00
00 00 <49> 81 7d 00 60 73 5e 85 b8 01 00 00 00 44 0f 44 e0 83 fe 01 77
[ 2136.388106] RIP [<
ffffffff8114e400>] __lock_acquire+0xc0/0x4b0
[ 2136.388106] RSP <
ffff8800130b3ca8>
[ 2136.388106] CR2:
00000000000003b0
[ 2136.388106] ---[ end trace
6d450e935ee18982 ]---
[ 2136.388106] Kernel panic - not syncing: Fatal exception in interrupt
rawsock_release() should test if sock->sk is NULL before calling
sock_orphan()/sock_put()
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Eric Dumazet [Mon, 25 Jun 2012 00:45:14 +0000 (00:45 +0000)]
net: l2tp_eth: fix l2tp_eth_dev_xmit race
Its illegal to dereference skb after giving it to l2tp_xmit_skb()
as it might be already freed/reused.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yevgeny Petrilin [Mon, 25 Jun 2012 00:24:13 +0000 (00:24 +0000)]
net/mlx4_en: Release QP range in free_resources
Add a missing resource release in ring cleanup.
Not doing this leaves a range of QPs that are being reserved,
and no one can use them.
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yevgeny Petrilin [Mon, 25 Jun 2012 00:24:12 +0000 (00:24 +0000)]
net/mlx4: Use single completion vector after NOP failure
Fix a crash at the error flow of NOP command which caused the driver to try and use
a completion vector which wasn't allocated.
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yevgeny Petrilin [Mon, 25 Jun 2012 00:24:11 +0000 (00:24 +0000)]
net/mlx4_en: Set correct port parameters during device initialization
Set valid port parameters: MTU and flow control configuration when
configuring the port during HW device initialization,
prior to the net device open() being called.
Using invalid parameters (such as all zeros)
could lead to bad firmware behavior.
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
Davide Gerhard [Mon, 25 Jun 2012 07:04:47 +0000 (09:04 +0200)]
ipheth: add support for iPad
This adds support for the iPad to the ipheth driver.
(product id = 0x129a)
Signed-off-by: Davide Gerhard <rainbow@irh.it>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sjur Brændeland [Sun, 24 Jun 2012 11:01:38 +0000 (11:01 +0000)]
caif-hsi: Add missing return in error path
Fix a missing return, causing access to freed memory.
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Per Ellefsen [Sun, 24 Jun 2012 11:01:37 +0000 (11:01 +0000)]
caif-hsi: Bugfix - Piggyback'ed embedded CAIF frame lost
When receiving a piggyback'ed descriptor containing an
embedded frame, but no payload, the embedded frame was
lost.
Signed-off-by: Per Ellefsen <per.ellefsen@stericsson.com>
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sjur Brændeland [Sun, 24 Jun 2012 11:01:36 +0000 (11:01 +0000)]
caif: Clear shutdown mask to zero at reconnect.
Clear caif sockets's shutdown mask at (re)connect.
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Neal Cardwell [Sat, 23 Jun 2012 19:22:00 +0000 (19:22 +0000)]
tcp: heed result of security_inet_conn_request() in tcp_v6_conn_request()
If security_inet_conn_request() returns non-zero then TCP/IPv6 should
drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6.
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 25 Jun 2012 22:37:19 +0000 (15:37 -0700)]
ipv6: fib: fix fib dump restart
Commit
2bec5a369ee79576a3 (ipv6: fib: fix crash when changing large fib
while dumping it) introduced ability to restart the dump at tree root,
but failed to skip correctly a count of already dumped entries. Code
didn't match Patrick intent.
We must skip exactly the number of already dumped entries.
Note that like other /proc/net files or netlink producers, we could
still dump some duplicates entries.
Reported-by: Debabrata Banerjee <dbavatar@gmail.com>
Reported-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Mon, 25 Jun 2012 07:36:41 +0000 (09:36 +0200)]
iwlwifi: fix activating inactive stations
When authentication/association timed out, the driver would
complain bitterly, printing the message
ACTIVATE a non DRIVER active station id ... addr ...
The cause turns out to be that when the AP station is added
but we don't associate, the IWL_STA_UCODE_INPROGRESS is set
but never cleared. This then causes iwl_restore_stations()
to attempt to resend it because it uses the flag internally
and uploads even if it didn't set it itself.
To fix this issue and not upload the station again when it
has already been removed by mac80211, clear the flag after
adding it in case we add it only for association.
Cc: stable@vger.kernel.org
Reviewed-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Randy Dunlap [Mon, 25 Jun 2012 02:17:00 +0000 (19:17 -0700)]
wlcore: drop INET dependency
Mainline build reports:
warning: (WL12XX) selects WLCORE which has unmet direct dependencies (NETDEVICES && WLAN && WL_TI && GENERIC_HARDIRQS && MAC80211 && INET)
The INET dependency was added in commit
3c6af5b54fe74b6e56efadc22927e4055d00e9fc:
wl1271_main.c:(.text+0x271052): undefined reference to `unregister_inetaddr_
notifier'
wl1271_main.c:(.text+0x2714d7): undefined reference to `register_inetaddr_no
tifier'
Driver is doing some filtering based on IP addresses...
but this driver no longer has that code and it builds fine even when
CONFIG_INET is not enabled, so drop that dependency and eliminate the
kconfig warning message.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Cc: Luciano Coelho <luciano.coelho@nokia.com>
Cc: John W. Linville <linville@tuxdriver.com>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Sat, 23 Jun 2012 17:23:31 +0000 (19:23 +0200)]
ath9k: fix dynamic WEP related regression
commit
7a532fe7131216a02c81a6c1b1f8632da1195a58
ath9k_hw: fix interpretation of the rx KeyMiss flag
This commit used the rx key miss indication to detect packets that were
passed from the hardware without being decrypted, however it seems that
this bit is not only undefined in the static WEP case, but also for
dynamically allocated WEP keys. This caused a regression when using
WEP-LEAP.
This patch fixes the regression by keeping track of which key indexes
refer to CCMP keys and only using the key miss indication for those.
Reported-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Rosenberg [Mon, 25 Jun 2012 14:05:27 +0000 (16:05 +0200)]
NFC: Prevent multiple buffer overflows in NCI
Fix multiple remotely-exploitable stack-based buffer overflows due to
the NCI code pulling length fields directly from incoming frames and
copying too much data into statically-sized arrays.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Cc: stable@kernel.org
Cc: security@kernel.org
Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Cc: David S. Miller <davem@davemloft.net>
Acked-by: Ilan Elias <ilane@ti.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Antonio Quartulli [Wed, 20 Jun 2012 12:12:56 +0000 (14:12 +0200)]
batman-adv: fix race condition in TT full-table replacement
bug introduced with
cea194d90b11aff7fc289149e4c7f305fad3535a
In the current TT code, when a TT_Response containing a full table is received
from an originator, first the node purges all the clients for that originator in
the global translation-table and then merges the newly received table.
During the purging phase each client deletion is done by means of a call_rcu()
invocation and at the end of this phase the global entry counter for that
originator is set to 0. However the invoked rcu function decreases the global
entry counter for that originator by one too and since the rcu invocation is
likely to be postponed, the node will end up in first setting the counter to 0
and then decreasing it one by one for each deleted client.
This bug leads to having a wrong global entry counter for the related node, say
X. Then when the node with the broken counter will answer to a TT_REQUEST on
behalf of node X, it will create faulty TT_RESPONSE that will generate an
unrecoverable situation on the node that asked for the full table recover.
The non-recoverability is given by the fact that the node with the broken
counter will keep answering on behalf of X because its knowledge about X's state
(ttvn + tt_crc) is correct.
To solve this problem the counter is not explicitly set to 0 anymore and the
counter decrement is performed right before the invocation of call_rcu().
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Marek Lindner [Wed, 20 Jun 2012 15:16:05 +0000 (17:16 +0200)]
batman-adv: only drop packets of known wifi clients
bug introduced with
59b699cdee039d75915c354da06937102d1f9a84
If the source or destination mac address of an ethernet packet
could not be found in the translation table the packet was
dropped if AP isolation was turned on. This behavior would
make it impossible to send broadcast packets over the mesh as
the broadcast address will never enter the translation table.
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Yoshihiro Shimoda [Wed, 20 Jun 2012 15:26:34 +0000 (15:26 +0000)]
net: sh_eth: fix the condition to fix the cur_tx/dirty_rx
The following commit couldn't work if the RMCR is not set to 1.
"net: sh_eth: fix the rxdesc pointer when rx descriptor empty happens"
commit id
79fba9f51755c704c0a7d7b7f0df10874dc0a744
If RMCR is not set, the controller will clear the EDRRR after it received
a frame. In this case, the driver doesn't need to fix the value of
cur_rx/dirty_rx. The driver only needs it when the controll detects
receive descriptors are empty.
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Tested-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
françois romieu [Wed, 20 Jun 2012 12:09:18 +0000 (12:09 +0000)]
r8169: RxConfig hack for the 8168evl.
The 8168evl (RTL_GIGA_MAC_VER_34) based Gigabyte GA-990FXA motherboards
are very prone to NETDEV watchdog problems without this change. See
https://bugzilla.kernel.org/show_bug.cgi?id=42899 for instance.
I don't know why it *works*. It's depressingly effective though.
For the record:
- the problem may go along IOMMU (AMD-Vi) errors but it really looks
like a red herring.
- the patch sets the RX_MULTI_EN bit. If the 8168c doc is any guide,
the chipset now fetches several Rx descriptors at a time.
- long ago the driver ignored the RX_MULTI_EN bit.
e542a2269f232d61270ceddd42b73a4348dee2bb changed the RxConfig
settings. Whatever the problem it's now labeled a regression.
- Realtek's own driver can identify two different 8168evl devices
(CFG_METHOD_16 and CFG_METHOD_17) where the r8169 driver only
sees one. It sucks.
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ming Lei [Tue, 19 Jun 2012 21:15:53 +0000 (21:15 +0000)]
usbnet: handle remote wakeup asap
If usbnet is resumed by remote wakeup, generally there are
some packets comming to be handled, so allocate and submit
rx URBs in usbnet_resume to avoid delays introduced by tasklet.
Otherwise, usbnet may have been runtime suspended before the
usbnet_bh is executed to schedule Rx URBs.
Without the patch, usbnet can't recieve any packets from peer
in runtime suspend state if runtime PM is enabled and
autosuspend_delay is set as zero.
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ming Lei [Tue, 19 Jun 2012 21:15:52 +0000 (21:15 +0000)]
usbnet: decrease suspend count if returning -EBUSY for runtime suspend
This patch decreases dev->suspend_count in the -EBUSY failure path
of usbnet_suspend. Without the change, the later runtime suspend
will do nothing except for increasing dev->suspend_count.
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ming Lei [Tue, 19 Jun 2012 21:15:51 +0000 (21:15 +0000)]
usbnet: clear OPEN flag in failure path
Without clearing OPEN flag in failure path, runtime or system resume
may submit interrupt/rx URB and start tx queue mistakenly on a
interface in DOWN state.
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Thu, 21 Jun 2012 02:45:58 +0000 (02:45 +0000)]
net: qmi_wwan: fix Gobi device probing
Ignoring interfaces with additional descriptors is not a reliable
method for locating the correct interface on Gobi devices. There
is at least one device where this method fails:
https://bbs.archlinux.org/viewtopic.php?id=143506
The result is that the AT command port (interface #2) is hidden
from qcserial, preventing traditional serial modem usage:
[ 15.562552] qmi_wwan 4-1.6:1.0: cdc-wdm0: USB WDM device
[ 15.562691] qmi_wwan 4-1.6:1.0: wwan0: register 'qmi_wwan' at usb-0000:00:1d.0-1.6, Qualcomm Gobi wwan/QMI device, 1e:df:3c:3a:4e:3b
[ 15.563383] qmi_wwan: probe of 4-1.6:1.1 failed with error -22
[ 15.564189] qmi_wwan 4-1.6:1.2: cdc-wdm1: USB WDM device
[ 15.564302] qmi_wwan 4-1.6:1.2: wwan1: register 'qmi_wwan' at usb-0000:00:1d.0-1.6, Qualcomm Gobi wwan/QMI device, 1e:df:3c:3a:4e:3b
[ 15.564328] qmi_wwan: probe of 4-1.6:1.3 failed with error -22
[ 15.569376] qcserial 4-1.6:1.1: Qualcomm USB modem converter detected
[ 15.569440] usb 4-1.6: Qualcomm USB modem converter now attached to ttyUSB0
[ 15.570372] qcserial 4-1.6:1.3: Qualcomm USB modem converter detected
[ 15.570430] usb 4-1.6: Qualcomm USB modem converter now attached to ttyUSB1
Use static interface numbers taken from the interface map in
qcserial for all Gobi devices instead:
Gobi 1K USB layout:
0: serial port (doesn't respond)
1: serial port (doesn't respond)
2: AT-capable modem port
3: QMI/net
Gobi 2K+ USB layout:
0: QMI/net
1: DM/DIAG (use libqcdm from ModemManager for communication)
2: AT-capable modem port
3: NMEA
This should be more reliable over all, and will also prevent the
noisy "probe failed" messages. The whitelisting logic is expected
to be replaced by direct interface number matching in 3.6.
Reported-by: Heinrich Siebmanns (Harvey) <H.Siebmanns@t-online.de>
Cc: <stable@vger.kernel.org> # v3.4: 0000188 USB: qmi_wwan: Make forced int 4 whitelist generic
Cc: <stable@vger.kernel.org> # v3.4: f7142e6 USB: qmi_wwan: Add ZTE (Vodafone) K3520-Z
Cc: <stable@vger.kernel.org> # v3.4
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Fri, 22 Jun 2012 18:36:10 +0000 (14:36 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
Amitkumar Karwar [Thu, 21 Jun 2012 03:21:13 +0000 (20:21 -0700)]
mwifiex: improve error path handling in usb.c
skb allocated during initialisation is reused for receiving
commands/events by USB interface. We miss to reset skb->data in
failure cases. This patch takes care of it.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Amitkumar Karwar [Thu, 21 Jun 2012 03:21:12 +0000 (20:21 -0700)]
mwifiex: fix bugs in event handling code
This patch ensures uniformity in event skb sent by interface code
(USB/PCIe/SDIO) which automatically fixes following bugs.
1) For USB interface, same buffer is reused for receiving cmd and
events from firmware. While handling events, we perform
skb_pull(skb, 4) to remove event header. Corresponding skb_push()
call is missing while submitting the buffer.
2) For PCIe interface, event skb is passed with event header.
Recently added uAP events EVENT_UAP_STA_ASSOC, EVENT_UAP_STA_DEAUTH
will not work for PCIe, as they assume event skb points to event body.
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Thu, 21 Jun 2012 03:21:11 +0000 (20:21 -0700)]
mwifiex: fix WPS eapol handshake failure
After association, STA will go through eapol handshake with WPS
enabled AP. It's observed that WPS handshake fails with some 11n
AP. The reason for the failure is that the eapol packet is sent
via 11n frame aggregation.
The eapol packet should be sent directly without 11n aggregation.
This patch fixes the problem by adding WPS session control while
dequeuing Tx packets for transmission.
Cc: "3.4.y" <stable@vger.kernel.org>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stone Piao [Thu, 21 Jun 2012 03:21:10 +0000 (20:21 -0700)]
mwifiex: fix 11n rx packet drop issue
Currently we check the sequence number of last packet received
against start_win. If a sequence hole is detected, start_win is
updated to next sequence number.
Since the rx sequence number is initialized to 0, a corner case
exists when BA setup happens immediately after association. As
0 is a valid sequence number, start_win gets increased to 1
incorrectly. This causes the first packet with sequence number 0
being dropped.
Initialize rx sequence number as 0xffff and skip adjusting
start_win if the sequence number remains 0xffff. The sequence
number will be updated once the first packet is received.
Cc: "3.0.y, 3.1.y, 3.2.y, 3.3.y, 3.4.y" <stable@vger.kernel.org>
Signed-off-by: Stone Piao <piaoyun@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Fri, 22 Jun 2012 17:56:34 +0000 (13:56 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Eliad Peller [Fri, 1 Jun 2012 08:14:03 +0000 (11:14 +0300)]
mac80211: clear ifmgd->bssid only after building DELBA
ieee80211_set_disassoc() clears ifmgd->bssid before
building DELBA frames, resulting in frames with invalid
bssid ("00:00:00:00:00:00").
Fix it by clearing ifmgd->bssid only after building
all the needed frames.
After this change, we no longer need to save the
bssid (before clearing it), so remove the local array.
Reported-by: Ido Yariv <ido@wizery.com>
Cc: stable@vger.kernel.org
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Rajkumar Manoharan [Wed, 20 Jun 2012 10:59:20 +0000 (16:29 +0530)]
ath9k_htc: configure bssid on ASSOC/IBSS change
After the change "mac80211: remove spurious BSSID change flag",
BSS_CHANGED_BSSID will not be passed on association or IBSS
status changes. So it could be better to program bssid on ASSOC
or IBSS change notification. Not doing so, is affecting the
packet transmission.
Cc: stable@vger.kernel.org [3.4+]
Reported-by: Michael Leun <lkml20120218@newton.leun.net>
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Wed, 20 Jun 2012 06:46:25 +0000 (08:46 +0200)]
iwlwifi: remove log_event debugfs file debugging is disabled
When debugging is disabled, the event log functions aren't
functional in the way that the debugfs file expects. This
leads to the debugfs access crashing. Since the event log
functions aren't functional then, remove the debugfs file
when CONFIG_IWLWIFI_DEBUG is not set.
Cc: stable@kernel.org
Reported-by: Lekensteyn <lekensteyn@gmail.com>
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mohammed Shafi Shajakhan [Mon, 18 Jun 2012 07:43:30 +0000 (13:13 +0530)]
ath9k_hw: avoid possible infinite loop in ar9003_get_pll_sqsum_dvc
"ath9k: Fix softlockup in AR9485" with commit id
64bc1239c790e051ff677e023435d770d2ffa174 fixed the reported
issue, yet its better to avoid the possible infinite loop
in ar9003_get_pll_sqsum_dvc by having a timeout as suggested
by ath9k maintainers.
http://www.spinics.net/lists/linux-wireless/msg92126.html.
Based on my testing PLL's locking measurement is done in
~200us (2 iterations).
Cc: stable@vger.kernel.org
Cc: Rolf Offermanns <rolf.offermanns@gmx.net>
Cc: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Cc: Senthil Balasubramanian <senthilb@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Grazvydas Ignotas [Sat, 16 Jun 2012 19:26:48 +0000 (22:26 +0300)]
wl1251: Fix memory leaks in SPI initialization
This patch fixes two memory leaks in the SPI initialization code.
Patch based on old maemo patch by:
Yuri Ershov <ext-yuri.ershov@nokia.com>
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Grazvydas Ignotas [Sat, 16 Jun 2012 19:26:47 +0000 (22:26 +0300)]
wl1251: always report beacon loss to the stack
Always report beacon loss to the stack, not only when in powersave
state. This is because there's possibility that the driver disables
PSM before it handles old BSS_LOSE_EVENT, so beacon loss has to be
reported.
Patch based on old maemo patch by:
Janne Ylalehto <janne.ylalehto@nokia.com>
Juuso Oikarinen <juuso.oikarinen@nokia.com>
Luciano Coelho <luciano.coelho@nokia.com>
Yuri Ershov <ext-yuri.ershov@nokia.com>
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Grazvydas Ignotas [Sat, 16 Jun 2012 19:26:46 +0000 (22:26 +0300)]
wl1251: fix TSF calculation
Cast MSB part of current TSF to u64 to prevent loss of most
significant bits. MSB should also be shifted by 32.
Patch based on old maemo patch by:
Yuri Kululin <ext-yuri.kululin@nokia.com>
Yuri Ershov <ext-yuri.ershov@nokia.com>
Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Alexander Duyck [Sat, 16 Jun 2012 07:31:19 +0000 (07:31 +0000)]
ixgbe: Fix memory leak in ixgbe when receiving traffic on DDP enabled rings
This patch fixes a memory leak that was introduced in the 3.4 kernel. The
leak occurred when FCoE was enabled and traffic was passed over the FCoE
rings reserved for FCoE. The memory leak was due to us not populating the
compound page information on the order 1 pages needed for FCoE.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Carolyn Wyborny [Fri, 18 May 2012 05:40:46 +0000 (05:40 +0000)]
Kconfig: Fix Kconfig for Intel ixgbe and igb PTP support.
Fix Kconfig file to make sure that PTP and IGB/IXGBE are both either
in-kernel or modules, not mixed. Having the build status mixed causes
compile errors.
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Carolyn Wyborny [Fri, 18 May 2012 02:07:53 +0000 (02:07 +0000)]
igb: Fix incorrect RAR address entries for i210/i211 device.
i210/i211 device has only 16 RAR address filters like 82575, instead of
32 like i350. This patch removes the entries for i210/i211 in the
get_invariants function which was setting them for 32. This ensures that
they will get the default value which is the correct one.
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Antonio Quartulli [Tue, 19 Jun 2012 09:26:39 +0000 (09:26 +0000)]
batman-adv: fix skb->data assignment
skb_linearize(skb) possibly rearranges the skb internal data and then changes
the skb->data pointer value. For this reason any other pointer in the code that
was assigned skb->data before invoking skb_linearise(skb) must be re-assigned.
In the current tt_query message handling code this is not done and therefore, in
case of skb linearization, the pointer used to handle the packet header ends up
in pointing to free'd memory.
This bug was introduced by
a73105b8d4c765d9ebfb664d0a66802127d8e4c7
(batman-adv: improved client announcement mechanism)
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Tue, 19 Jun 2012 20:00:11 +0000 (16:00 -0400)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth
Bing Zhao [Fri, 15 Jun 2012 22:49:54 +0000 (15:49 -0700)]
mwifiex: fix wrong return values in add_virtual_intf() error cases
add_virtual_intf() needs to return an ERR_PTR(), instead of NULL,
on errors, otherwise cfg80211 will crash.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Mon, 18 Jun 2012 07:48:14 +0000 (10:48 +0300)]
airo: copying wrong data in airo_get_aplist()
"qual" used to be declared on the stack, but then in
998a5a7d6a ("airo:
reduce stack memory footprint") we made it dynamically allocated.
Unfortunately the memcpy() here was missed and it's still copying stack
memory instead of the data that we want. In other words, "&qual" should
be "qual".
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Avinash Patil [Fri, 15 Jun 2012 23:21:53 +0000 (16:21 -0700)]
mwifiex: fix uAP TX packet timeout issue
When running heavy traffic we stop the tx queue if the pending
packet count reaches certain threshold. Later, the tx queue should
be woken up as soon as the packet count falls below the threshold.
Current code wakes TX queue up on STA interface only. Removing the
check for STA interface will allow both STA and AP interfaces to
resume transmit when tx_pending count becomes low.
Signed-off-by: Avinash Patil <patila@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bob Copeland [Fri, 15 Jun 2012 20:03:29 +0000 (16:03 -0400)]
ath5k: remove _bh from inner locks
spin_unlock_bh(&txq->lock) already disables softirqs so we don't want
to do it here. Fixes smatch warnings:
drivers/net/wireless/ath/ath5k/base.c:1048 ath5k_drain_tx_buffs() error: double lock 'bottom_half:'
drivers/net/wireless/ath/ath5k/base.c:1056 ath5k_drain_tx_buffs() error: double unlock 'bottom_half:'
Reported-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 15 Jun 2012 01:04:53 +0000 (03:04 +0200)]
ath9k: fix invalid pointer access in the tx path
After setup_frame_info has been called, only info->control.rates is still
valid, other control fields have been overwritten by the ath_frame_info
data. Move the access to info->control.vif for checking short preamble
to setup_frame_info before it gets overwritten.
This regression was introduced in commit
d47a61aa
"ath9k: Fix multi-VIF BSS handling"
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Thomas Hühn <thomas@net.t-labs.tu-berlin.de>
Acked-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Cc: stable@vger.kernel.org [3.4]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Fri, 15 Jun 2012 01:04:52 +0000 (03:04 +0200)]
ath9k: fix a tx rate duration calculation bug
The rate pointer variable for a rate series is used in a loop before it is
initialized. This went unnoticed because it was used earlier for the RTS/CTS
rate. This bug can lead to the wrong PHY type being passed to the
duration calculation function.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jason Wang [Sun, 17 Jun 2012 22:52:09 +0000 (22:52 +0000)]
phy/micrel: change phy_id_mask for KSZ9021 and KS8001
On a freescale imx6q platform, a hardware phy chip KSZ9021 is
recognized as a KS8001 chip by the current driver like this:
eth0: Freescale FEC PHY driver [Micrel KS8001 or KS8721]
KSZ9021 has phy_id 0x00221610, while KSZ8001 has phy_id
0x0022161a, the current phy_id_mask (0x00fffff0/0x00ffff10) can't
distinguish them. So change phy_id_mask to resolve this problem.
Although the micrel datasheet says that the 4 LSB of phyid2 register
contains the chip revision number and the current driver is designed
to follow this rule, in reality the chip implementation doesn't follow
it.
Cc: David J. Choi <david.choi@micrel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Signed-off-by: Hui Wang <jason77.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Halperin [Mon, 18 Jun 2012 11:04:55 +0000 (11:04 +0000)]
sctp: fix warning when compiling without IPv6
net/sctp/protocol.c: In function ‘sctp_addr_wq_timeout_handler’:
net/sctp/protocol.c:676: warning: label ‘free_next’ defined but not used
Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andrei Emeltchenko [Wed, 13 Jun 2012 10:35:44 +0000 (13:35 +0300)]
Bluetooth: btmrvl: Do not send vendor events to bluetooth stack
Vendor-specific events shall be processed in driver and not sent
to bluetooth stack where they screw up HCI command countings.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Thomas Graf [Mon, 18 Jun 2012 12:08:33 +0000 (12:08 +0000)]
ipv6: Move ipv6 proc file registration to end of init order
/proc/net/ipv6_route reflects the contents of fib_table_hash. The proc
handler is installed in ip6_route_net_init() whereas fib_table_hash is
allocated in fib6_net_init() _after_ the proc handler has been installed.
This opens up a short time frame to access fib_table_hash with its pants
down.
Move the registration of the proc files to a later point in the init
order to avoid the race.
Tested :-)
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Mon, 18 Jun 2012 19:13:27 +0000 (15:13 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
Rémi Denis-Courmont [Wed, 13 Jun 2012 22:29:03 +0000 (22:29 +0000)]
net: remove my future former mail address
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Cc: Sakari Ailus <sakari.ailus@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Amerigo Wang [Thu, 14 Jun 2012 22:39:27 +0000 (22:39 +0000)]
bonding: show all the link status of slaves
There are four link statuses of a bonding slave, the procfs
code shows a wrong status when using downdelay/updelay:
(slave->link == BOND_LINK_UP) ? "up" : "down"
It doesn't respect the rest two statuses. This patch fixes it.
Cc: Jay Vosburgh <fubar@us.ibm.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Phil Sutter [Thu, 14 Jun 2012 01:18:42 +0000 (01:18 +0000)]
usbnet: sanitise overlong driver information strings
As seen on smsc75xx, driver_info->description being longer than 32
characters messes up 'ethtool -i' output.
Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vasundhara Volam [Wed, 13 Jun 2012 19:51:45 +0000 (19:51 +0000)]
be2net: Increase statistics structure size for skyhawk.
Increasing the hardware statistics structure to accomodate statistics for skyhawk.
Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vasundhara Volam [Wed, 13 Jun 2012 19:51:44 +0000 (19:51 +0000)]
be2net: Modify error message to incorporate subsystem
Modify IOCTL error message to print subsystem also.
Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sarveshwar Bandi [Wed, 13 Jun 2012 19:51:43 +0000 (19:51 +0000)]
be2net: reduce gso_max_size setting to account for ethernet header.
The maximum size of packet that can be handled by controller including ethernet
header is 65535. Reducing gso_max_size accordingly.
Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jacob Keller [Sat, 16 Jun 2012 23:29:00 +0000 (23:29 +0000)]
ixgbe: Fix PHC loophole allowing misconfiguration of increment register
This patch fixes a potential hole when configuring the cycle counter used to
generate the nanosecond time clock. This clock is based off of the SYSTIME
registers along with the TIMINCA registers. The TIMINCA register determines
the increment to be added to the SYSTIME registers every DMA clock tick. This
register needs to be reconfigured whenever the link-speed changes. However,
the value calculated stays the same when link is down and when link is up.
Misconfiguration can occur if the link status changes due to a reset, which
causes the TIMINCA register to be reset. This reset puts the device in an
unstable state where the SYSTIME registers stop incrementing and the PTP
protocol does not function.
The solution is to double check the TIMINCA value and always reset the value
if the register is zero. This prevents a misconfiguration bug that halts the
PHC.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Acked-by: Don Skidmore <donald.c.skidmore@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Sat, 16 Jun 2012 20:27:15 +0000 (20:27 +0000)]
bnx2x: fix link for BCM57711 with 84823 phy
Signed-off-by: Yaniv Rosner <yaniv.rosner@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Sat, 16 Jun 2012 20:27:14 +0000 (20:27 +0000)]
bnx2x: fix I2C non-respondent issue
When I2C is not responding it's usually due to a previous
unexpected reset during I2C operation. We release it by
powering down and up the SFP+ module.
Signed-off-by: Yaniv Rosner <yaniv.rosner@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 16 Jun 2012 08:12:19 +0000 (01:12 -0700)]
Revert "ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route"
This reverts commit
2a0c451ade8e1783c5d453948289e4a978d417c9.
It causes crashes, because now ip6_null_entry is used before
it is initialized.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Thu, 14 Jun 2012 23:00:17 +0000 (23:00 +0000)]
ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
/proc/net/ipv6_route reflects the contents of fib_table_hash. The proc
handler is installed in ip6_route_net_init() whereas fib_table_hash is
allocated in fib6_net_init() _after_ the proc handler has been installed.
This opens up a short time frame to access fib_table_hash with its pants
down.
fib6_init() as a whole can't be moved to an earlier position as it also
registers the rtnetlink message handlers which should be registered at
the end. Therefore split it into fib6_init() which is run early and
fib6_init_late() to register the rtnetlink message handlers.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Thu, 14 Jun 2012 08:34:24 +0000 (08:34 +0000)]
qlcnic: off by one in qlcnic_init_pci_info()
The adapter->npars[] array has QLCNIC_MAX_PCI_FUNC elements. We
allocate it that way a few lines earlier in the function. So this test
is off by one.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Anirban Chakraborty <anirban.chakraborty@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 14 Jun 2012 06:42:44 +0000 (06:42 +0000)]
net: remove skb_orphan_try()
Orphaning skb in dev_hard_start_xmit() makes bonding behavior
unfriendly for applications sending big UDP bursts : Once packets
pass the bonding device and come to real device, they might hit a full
qdisc and be dropped. Without orphaning, the sender is automatically
throttled because sk->sk_wmemalloc reaches sk->sk_sndbuf (assuming
sk_sndbuf is not too big)
We could try to defer the orphaning adding another test in
dev_hard_start_xmit(), but all this seems of little gain,
now that BQL tends to make packets more likely to be parked
in Qdisc queues instead of NIC TX ring, in cases where performance
matters.
Reverts commits :
fc6055a5ba31 net: Introduce skb_orphan_try()
87fd308cfc6b net: skb_tx_hash() fix relative to skb_orphan_try()
and removes SKBTX_DRV_NEEDS_SK_REF flag
Reported-and-bisected-by: Jean-Michel Hautbois <jhautbois@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Wed, 13 Jun 2012 09:45:16 +0000 (09:45 +0000)]
bnx2x: fix panic when TX ring is full
There is a off by one error in the minimal number of BD in
bnx2x_start_xmit() and bnx2x_tx_int() before stopping/resuming tx queue.
A full size GSO packet, with data included in skb->head really needs
(MAX_SKB_FRAGS + 4) BDs, because of bnx2x_tx_split()
This error triggers if BQL is disabled and heavy TCP transmit traffic
occurs.
bnx2x_tx_split() definitely can be called, remove a wrong comment.
Reported-by: Tomas Hruby <thruby@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Fri, 15 Jun 2012 00:20:44 +0000 (00:20 +0000)]
can: c_can: precedence error in c_can_chip_config()
(CAN_CTRLMODE_LISTENONLY & CAN_CTRLMODE_LOOPBACK) is (0x02 & 0x01) which
is zero so the condition is never true. The intent here was to test
that both flags were set.
Cc: <stable@kernel.org> # 2.6.39+
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vishal Agarwal [Wed, 13 Jun 2012 00:02:43 +0000 (05:32 +0530)]
Bluetooth: Fix sending HCI_Disconnect only when connected
HCI_Disconnect should only be sent after connection is established.
If connection is not yet established and HCI_Disconnect is called
then disconnection complete will be received with a handle which
does not exist and hence this event will be ignored.
But as mgmt.c will not receive this event, its variable for pending
command is not cleared.This will result in future Disconnect commands
for that BD Address to be blocked with error busy.
Signed-off-by: Vishal Agarwal <vishal.agarwal@stericsson.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Linus Torvalds [Thu, 14 Jun 2012 12:46:59 +0000 (15:46 +0300)]
Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fix from Marcelo Tosatti:
"Fix a spurious warning on CPU offline path"
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
x86: kvmclock: remove check_and_clear_guest_paused warning
Linus Torvalds [Thu, 14 Jun 2012 12:43:32 +0000 (15:43 +0300)]
Merge tag 'pinctrl-fixes-for-v3.5' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pinctrl fixes from Linus Walleij:
- section markup fixes
- clk_prepare() fix to conform to the clk API
- memory leaks
- incorrect debug messages
- bad errorpaths
- typos
* tag 'pinctrl-fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: pinctrl-mxs: set platform driver data to NULL at errpath and at unregister
pinctrl: pinctrl-mxs: Take care of frees if the kzalloc fails
pinctrl: pinctrl-imx: fix incorrect debug message of maps
pinctrl: pinctrl-imx: free if of_get_parent fails to get the parent node
pinctrl: pinctrl-imx: free allocated pinctrl_map structure only once and use kernel facilities for IMX_PMX_DUMP
pinctrl: nomadik: fix up typo
pinctrl: nomadik: add clk_prepare() call
pinctrl: fix a minor harmless typo
pinctrl: sirf: mark of_device_id match table as __devinitconst
Linus Torvalds [Thu, 14 Jun 2012 12:38:48 +0000 (15:38 +0300)]
Merge tag 'sound-3.5' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
- Fix a regression of USB-audio PCM assignment since 3.4
- A few VGA-switcheroo-related fixes for proper HDMI audio enablement
- Fixed the missing initializations of HD-audio verbs, which may have
resulted in various breakage
- Some driver-specific ASoC updates
- A few fixes for the dynamic PCM code
- The addition of pinctrl support for the i.MX audmux which didn't make
it into -rc1 due to cross tree dependency issues
- A few minor fixes in compress API codes
* tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Don't forget to call init verbs added by fixup list
ALSA: HDA: Pin fixup for Zotac Z68 motherboard
ALSA: compress_core: cleanup pointers on stop
ALSA: compress_core: don't wake up on pause
ALSA: hda - Fix detection of Creative SoundCore3D controllers
vga_switcheroo: Enable/disable audio clients at the right time
ALSA: hda - HDMI Audio init all connectors when VGA-switcheroo is off
vga_switcheroo: Fix error without CONFIG_VGA_SWITCHEROO
ALSA: hda - Fix uninitialized HDMI controllers with VGA-switcheroo
vga_switcheroo: Add a helper function to get the client state
ALSA: usb-audio: Fix substream assignments
ASoC: tegra: add MODULE_DEVICE_TABLE to tegra30_ahub
ASoC: wm2000: Always use a 4s timeout for the firmware
ASoC: dapm: Fix input list to use source widgets
ASoC: dpcm: Fix dpcm_get_be() to check that DAI is BE
ASoC: wm8994: Apply volume updates with clocks enabled
ASoC: wm8994: Ensure all AIFnCLK events are run from the _late variants
ASoC: imx-audmux: add pinctrl support
ASoC: dapm: Fix connected widget capture path query.
Linus Torvalds [Thu, 14 Jun 2012 12:33:55 +0000 (15:33 +0300)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David S. Miller:
This has the fix for the wireless issues I ran into the other week as
well as:
1) Fix CAN c_can driver transmit handling resulting in BUG check
triggers, from AnilKumar Ch.
2) Fix packet drop monitor sleeping in atomic context, from Eric
Dumazet.
3) Fix mv643xx_eth driver build regression, from Andrew Lunn.
4) Inetpeer freeing needs an RCU grace period in order to avoid races
during tree invalidation. From Eric Dumazet.
5) Fix endianness bugs in xt_HMARK netfilter module, from Hans
Schillstrom.
6) Add proper module refcounting to l2tp_eth to avoid crash on module
unload, from Eric Dumazet.
7) Fix truncation of neighbour entry dumps due to logic errors in
neigh_dump_info() and friends, from Eric Dumazet.
8) The conversion of fib6_age() to dst_neigh_lookup() accidently
reversed the logic of a flags test, fix from Thomas Graf.
9) Fix checksum configuration in newer sky2 chips, from Stephen
Hemminger.
10) Revert BQL support in NIU driver, doesn't work.
11) l2tp_ip_sendmsg() illegally uses a route without a proper reference.
From Eric Dumazet.
12) be2net driver references an SKB after it's potentially been freed,
also from Eric Dumazet.
13) Fix RCU stalls in dummy net driver init. Also from Eric Dumazet.
14) lpc_eth has several bugs in it's transmit engine leading to packet
leaks and improper queue wakes, from Eric Dumazet.
15) Apply short DMA workaround to more tg3 chips, from Matt Carlson.
16) Add tilegx network driver.
17) Bonding queue mapping for a packet can get corrupted, fix from Eric
Dumazet.
18) Fix bug in netpoll_send_udp() SKB management that can leave garbage
in the payload in certain situations. From Eric Dumazet.
19) bnx2x driver interprets chip RX checksum offload incorrectly in
encapsulation situations. Fix from Eric Dumazet.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
bnx2x: fix checksum validation
netpoll: fix netpoll_send_udp() bugs
bonding: Fix corrupted queue_mapping
bonding:record primary when modify it via sysfs
tilegx network driver: initial support
tg3: Apply short DMA frag workaround to 5906
net: stmmac: Fix clock en-/disable calls
lpc_eth: fix tx completion
lpc_eth: add missing ndo_change_mtu()
dummy: fix rcu_sched self-detected stalls
net: Reorder initialization in ip_route_output to fix gcc warning
virtio-net: fix a race on 32bit arches
r8169: avoid NAPI scheduling delay.
net: Make linux/tcp.h C++ friendly (trivial)
netdev: fix drivers/net/phy/ kernel-doc warnings
net/core: fix kernel-doc warnings
be2net: fix a race in be_xmit()
l2tp: fix a race in l2tp_ip_sendmsg()
mac80211: add back channel change flag
NFC: Fix possible NULL ptr deref when getting the name of a socket
...
Eric Dumazet [Tue, 12 Jun 2012 23:50:04 +0000 (23:50 +0000)]
bnx2x: fix checksum validation
bnx2x driver incorrectly sets ip_summed to CHECKSUM_UNNECESSARY on
encapsulated segments. TCP stack happily accepts frames with bad
checksums, if they are inside a GRE or IPIP encapsulation.
Our understanding is that if no IP or L4 csum validation was done by the
hardware, we should leave ip_summed as is (CHECKSUM_NONE), since
hardware doesn't provide CHECKSUM_COMPLETE support in its cqe.
Then, if IP/L4 checksumming was done by the hardware, set
CHECKSUM_UNNECESSARY if no error was flagged.
Patch based on findings and analysis from Robert Evans
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Tue, 12 Jun 2012 19:30:21 +0000 (19:30 +0000)]
netpoll: fix netpoll_send_udp() bugs
Bogdan Hamciuc diagnosed and fixed following bug in netpoll_send_udp() :
"skb->len += len;" instead of "skb_put(skb, len);"
Meaning that _if_ a network driver needs to call skb_realloc_headroom(),
only packet headers would be copied, leaving garbage in the payload.
However the skb_realloc_headroom() must be avoided as much as possible
since it requires memory and netpoll tries hard to work even if memory
is exhausted (using a pool of preallocated skbs)
It appears netpoll_send_udp() reserved 16 bytes for the ethernet header,
which happens to work for typicall drivers but not all.
Right thing is to use LL_RESERVED_SPACE(dev)
(And also add dev->needed_tailroom of tailroom)
This patch combines both fixes.
Many thanks to Bogdan for raising this issue.
Reported-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 13 Jun 2012 20:19:34 +0000 (23:19 +0300)]
Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh
Pull SuperH fixes from Paul Mundt.
* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
sh: Kill off additional asm-generic wrappers.
sh: Setup CROSS_COMPILE at the top
sh: Fix up link time defsym warnings.
sh: use the new generic strnlen_user() function
sh: switch to generic strncpy_from_user().
sh: Kill off last dead UBC header
serial: sh-sci: Make probe fail for ports that exceed the maximum count
serial: sh-sci: Fix probe error paths
clocksource: sh_tmu: Use clockevents_config_and_register().
clocksource: sh_tmu: Convert timer lock to raw spinlock.
clocksource: sh_mtu2: Convert timer lock to raw spinlock.
clocksource: sh_cmt: Convert timer lock to raw spinlock.
bug.h: need linux/kernel.h for TAINT_WARN.
sh: convert to kbuild asm-generic support.
sh64: Fix up fallout from generic init_task conversion.
sh: arch/sh/kernel/process.c needs asm/fpu.h for unlazy_fpu().
Linus Torvalds [Wed, 13 Jun 2012 20:18:41 +0000 (23:18 +0300)]
Merge branch 'fixes-for-3.5' of git://git./linux/kernel/git/cooloney/linux-leds
Pull led fixes from Bryan Wu.
* 'fixes-for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
leds: Make LEDS_ASIC3 and LEDS_RENESAS_TPU depend on LEDS_CLASS=y
leds: fixed a coding style issue.
leds: don't disable blinking when writing the same value to delay_on or delay_off
Linus Torvalds [Wed, 13 Jun 2012 20:17:12 +0000 (23:17 +0300)]
Merge branch 'for-linus' of git://git./linux/kernel/git/geert/linux-m68k
Pull m68k update from Geert Uytterhoeven.
This makes m68k use the generic library functions for the user-space
strn[cpy|len] functions.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Use generic strncpy_from_user(), strlen_user(), and strnlen_user()
Mohammed Shafi Shajakhan [Wed, 13 Jun 2012 15:58:09 +0000 (21:28 +0530)]
ath9k: Fix softlockup in AR9485
steps to recreate:
load latest ath9k driver with AR9485
stop the network-manager and wpa_supplicant
bring the interface up
Call Trace:
[<
ffffffffa0517490>] ? ath_hw_check+0xe0/0xe0 [ath9k]
[<
ffffffff812cd1e8>] __const_udelay+0x28/0x30
[<
ffffffffa03bae7a>] ar9003_get_pll_sqsum_dvc+0x4a/0x80 [ath9k_hw]
[<
ffffffffa05174eb>] ath_hw_pll_work+0x5b/0xe0 [ath9k]
[<
ffffffff810744fe>] process_one_work+0x11e/0x470
[<
ffffffff8107530f>] worker_thread+0x15f/0x360
[<
ffffffff810751b0>] ? manage_workers+0x230/0x230
[<
ffffffff81079af3>] kthread+0x93/0xa0
[<
ffffffff815fd3a4>] kernel_thread_helper+0x4/0x10
[<
ffffffff81079a60>] ? kthread_freezable_should_stop+0x70/0x70
[<
ffffffff815fd3a0>] ? gs_change+0x13/0x13
ensure that the PLL-WAR for AR9485/AR9340 is executed only if the STA is
associated (or) IBSS/AP mode had started beaconing. Ideally this WAR
is needed to recover from some rare beacon stuck during stress testing.
Before the STA is associated/IBSS had started beaconing, PLL4(0x1618c)
always seem to have zero even though we had configured PLL3(0x16188) to
query about PLL's locking status. When we keep on polling infinitely PLL4's
8th bit(ie check for PLL locking measurements is done), machine hangs
due to softlockup.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=811142
Reported-by: Rolf Offermanns <rolf.offermanns@gmx.net>
Cc: stable@vger.kernel.org [3.0+]
Tested-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
John W. Linville [Wed, 13 Jun 2012 18:05:40 +0000 (14:05 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/jberg/mac80211
Linus Torvalds [Wed, 13 Jun 2012 14:57:30 +0000 (17:57 +0300)]
Merge tag 'omapdss-for-3.5-rc2' of git://gitorious.org/linux-omap-dss2/linux
Pull omapdss build problem fix from Tomi Valkeinen:
"Small fixes for omapdss driver. Most importantly, fixes a build
problem when debugfs or omapdss debug support is turned off, and fixes
a suspend related crash."
This has apparently been annoying rmk for a while..
* tag 'omapdss-for-3.5-rc2' of git://gitorious.org/linux-omap-dss2/linux:
OMAPDSS: fix registration of DPI and SDI devices
OMAPDSS: DSI: Fix bug when calculating LP command interleaving parameters
OMAPDSS: fix bogus WARN_ON in dss_runtime_put()
OMAPDSS: Taal: fix compilation warning
OMAPDSS: fix build when DEBUG_FS or DSS_DEBUG_SUPPORT disabled
Takashi Iwai [Wed, 13 Jun 2012 14:47:32 +0000 (16:47 +0200)]
ALSA: hda - Don't forget to call init verbs added by fixup list
During the split to the auto-parser helper functions, the actual call
of init verbs was lost.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=43366
Signed-off-by: Takashi Iwai <tiwai@suse.de>
David Spinadel [Tue, 12 Jun 2012 06:59:45 +0000 (09:59 +0300)]
mac80211: stop polling in disassociation
Stop connection monitor poll during disassociation.
This clears the polling flags and if a scan was
deferred it will be run.
Without this fix, if a scan was deferred due to
connection monitoring while disassociation happens,
this scan blocks further scan requests until interface
down/up which causes problems connecting to another AP.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eliad Peller [Tue, 12 Jun 2012 09:41:15 +0000 (12:41 +0300)]
mac80211: check sdata_running on ieee80211_set_bitrate_mask
Otherwise, we might call the driver callback before
the interface was uploaded.
Solves the following warning:
WARNING: at net/mac80211/driver-ops.h:12 ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]()
wlan0: Failed check-sdata-in-driver check, flags: 0x0
Modules linked in: wlcore_sdio wl12xx wl18xx wlcore mac80211 cfg80211 [last unloaded: cfg80211]
[<
c001b964>] (unwind_backtrace+0x0/0x12c) from [<
c0495550>] (dump_stack+0x20/0x24)
[<
c0495550>] (dump_stack+0x20/0x24) from [<
c003ee28>] (warn_slowpath_common+0x5c/0x74)
[<
c003ee28>] (warn_slowpath_common+0x5c/0x74) from [<
c003eefc>] (warn_slowpath_fmt+0x40/0x48)
[<
c003eefc>] (warn_slowpath_fmt+0x40/0x48) from [<
bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211])
[<
bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]) from [<
bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211])
[<
bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211]) from [<
c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8)
[<
c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8) from [<
c03e9164>] (netlink_rcv_skb+0x5c/0xc0)
[<
c03e9164>] (netlink_rcv_skb+0x5c/0xc0) from [<
c03e9ce0>] (genl_rcv+0x28/0x34)
[<
c03e9ce0>] (genl_rcv+0x28/0x34) from [<
c03e8e74>] (netlink_unicast+0x158/0x234)
[<
c03e8e74>] (netlink_unicast+0x158/0x234) from [<
c03e93e0>] (netlink_sendmsg+0x218/0x298)
[<
c03e93e0>] (netlink_sendmsg+0x218/0x298) from [<
c03b4e5c>] (sock_sendmsg+0xa4/0xc0)
[<
c03b4e5c>] (sock_sendmsg+0xa4/0xc0) from [<
c03b5af4>] (__sys_sendmsg+0x1d8/0x254)
[<
c03b5af4>] (__sys_sendmsg+0x1d8/0x254) from [<
c03b5ca8>] (sys_sendmsg+0x4c/0x70)
[<
c03b5ca8>] (sys_sendmsg+0x4c/0x70) from [<
c0013980>] (ret_fast_syscall+0x0/0x3c)
Note that calling the driver can also result
in undefined behaviour since it doesn't have
to deal with calls while down.
Signed-off-by: Eliad Peller <eliad@wizery.com>
[removed timestamps, added note - Johannes]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Eliad Peller [Tue, 12 Jun 2012 09:53:13 +0000 (12:53 +0300)]
cfg80211: fix potential deadlock in regulatory
reg_timeout_work() calls restore_regulatory_settings() which
takes cfg80211_mutex.
reg_set_request_processed() already holds cfg80211_mutex
before calling cancel_delayed_work_sync(reg_timeout),
so it might deadlock.
Call the async cancel_delayed_work instead, in order
to avoid the potential deadlock.
This is the relevant lockdep warning:
cfg80211: Calling CRDA for country: XX
======================================================
[ INFO: possible circular locking dependency detected ]
3.4.0-rc5-wl+ #26 Not tainted
-------------------------------------------------------
kworker/0:2/1391 is trying to acquire lock:
(cfg80211_mutex){+.+.+.}, at: [<
bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
but task is already holding lock:
((reg_timeout).work){+.+...}, at: [<
c0059e94>] process_one_work+0x1f0/0x480
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 ((reg_timeout).work){+.+...}:
[<
c008fd44>] validate_chain+0xb94/0x10f0
[<
c0090b68>] __lock_acquire+0x8c8/0x9b0
[<
c0090d40>] lock_acquire+0xf0/0x114
[<
c005b600>] wait_on_work+0x4c/0x154
[<
c005c000>] __cancel_work_timer+0xd4/0x11c
[<
c005c064>] cancel_delayed_work_sync+0x1c/0x20
[<
bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
[<
bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
[<
bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
[<
c03c7738>] genl_rcv_msg+0x1a8/0x1e8
[<
c03c6a00>] netlink_rcv_skb+0x5c/0xc0
[<
c03c7584>] genl_rcv+0x28/0x34
[<
c03c6720>] netlink_unicast+0x15c/0x228
[<
c03c6c7c>] netlink_sendmsg+0x218/0x298
[<
c03933c8>] sock_sendmsg+0xa4/0xc0
[<
c039406c>] __sys_sendmsg+0x1e4/0x268
[<
c0394228>] sys_sendmsg+0x4c/0x70
[<
c0013840>] ret_fast_syscall+0x0/0x3c
-> #1 (reg_mutex){+.+.+.}:
[<
c008fd44>] validate_chain+0xb94/0x10f0
[<
c0090b68>] __lock_acquire+0x8c8/0x9b0
[<
c0090d40>] lock_acquire+0xf0/0x114
[<
c04734dc>] mutex_lock_nested+0x48/0x320
[<
bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
[<
c0059f44>] process_one_work+0x2a0/0x480
[<
c005a4b4>] worker_thread+0x1bc/0x2bc
[<
c0061148>] kthread+0x98/0xa4
[<
c0014af4>] kernel_thread_exit+0x0/0x8
-> #0 (cfg80211_mutex){+.+.+.}:
[<
c008ed58>] print_circular_bug+0x68/0x2cc
[<
c008fb28>] validate_chain+0x978/0x10f0
[<
c0090b68>] __lock_acquire+0x8c8/0x9b0
[<
c0090d40>] lock_acquire+0xf0/0x114
[<
c04734dc>] mutex_lock_nested+0x48/0x320
[<
bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
[<
bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
[<
c0059f44>] process_one_work+0x2a0/0x480
[<
c005a4b4>] worker_thread+0x1bc/0x2bc
[<
c0061148>] kthread+0x98/0xa4
[<
c0014af4>] kernel_thread_exit+0x0/0x8
other info that might help us debug this:
Chain exists of:
cfg80211_mutex --> reg_mutex --> (reg_timeout).work
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((reg_timeout).work);
lock(reg_mutex);
lock((reg_timeout).work);
lock(cfg80211_mutex);
*** DEADLOCK ***
2 locks held by kworker/0:2/1391:
#0: (events){.+.+.+}, at: [<
c0059e94>] process_one_work+0x1f0/0x480
#1: ((reg_timeout).work){+.+...}, at: [<
c0059e94>] process_one_work+0x1f0/0x480
stack backtrace:
[<
c001b928>] (unwind_backtrace+0x0/0x12c) from [<
c0471d3c>] (dump_stack+0x20/0x24)
[<
c0471d3c>] (dump_stack+0x20/0x24) from [<
c008ef70>] (print_circular_bug+0x280/0x2cc)
[<
c008ef70>] (print_circular_bug+0x280/0x2cc) from [<
c008fb28>] (validate_chain+0x978/0x10f0)
[<
c008fb28>] (validate_chain+0x978/0x10f0) from [<
c0090b68>] (__lock_acquire+0x8c8/0x9b0)
[<
c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<
c0090d40>] (lock_acquire+0xf0/0x114)
[<
c0090d40>] (lock_acquire+0xf0/0x114) from [<
c04734dc>] (mutex_lock_nested+0x48/0x320)
[<
c04734dc>] (mutex_lock_nested+0x48/0x320) from [<
bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
[<
bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<
bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
[<
bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<
c0059f44>] (process_one_work+0x2a0/0x480)
[<
c0059f44>] (process_one_work+0x2a0/0x480) from [<
c005a4b4>] (worker_thread+0x1bc/0x2bc)
[<
c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<
c0061148>] (kthread+0x98/0xa4)
[<
c0061148>] (kthread+0x98/0xa4) from [<
c0014af4>] (kernel_thread_exit+0x0/0x8)
cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
cfg80211: (
2402000 KHz -
2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211: (
2457000 KHz -
2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211: (
2474000 KHz -
2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
cfg80211: (
5170000 KHz -
5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
cfg80211: (
5735000 KHz -
5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Cc: stable@kernel.org
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
projects / firefly-linux-kernel-4.4.55.git / log