This project is mirrored from https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git.
Pull mirroring updated .
- Nov 03, 2011
-
-
Olof Johansson authored
This popped some compiler errors due to mismatched prototypes. Just remove most manual inlines, the compiler should be able to figure out what makes sense to inline and not. net/packet/af_packet.c:252: warning: 'prb_curr_blk_in_use' declared inline after being called net/packet/af_packet.c:252: warning: previous declaration of 'prb_curr_blk_in_use' was here net/packet/af_packet.c:258: warning: 'prb_queue_frozen' declared inline after being called net/packet/af_packet.c:258: warning: previous declaration of 'prb_queue_frozen' was here net/packet/af_packet.c:248: warning: 'packet_previous_frame' declared inline after being called net/packet/af_packet.c:248: warning: previous declaration of 'packet_previous_frame' was here net/packet/af_packet.c:251: warning: 'packet_increment_head' declared inline after being called net/packet/af_packet.c:251: warning: previous declaration of 'packet_increment_head' was here Signed-off-by:
Olof Johansson <olof@lixom.net> Cc: Chetan Loke <loke.chetan@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Tony Lindgren authored
Commit 87fb4b7b (net: more accurate skb truesize) changed the alignment of size. This can cause problems at least on some machines with NFS root: Unhandled fault: alignment exception (0x801) at 0xc183a43a Internal error: : 801 [#1] PREEMPT Modules linked in: CPU: 0 Not tainted (3.1.0-08784-g5eeee4a #733) pc : [<c02fbba0>] lr : [<c02fbb9c>] psr: 60000013 sp : c180fef8 ip : 00000000 fp : c181f580 r10: 00000000 r9 : c044b28c r8 : 00000001 r7 : c183a3a0 r6 : c1835be0 r5 : c183a412 r4 : 000001f2 r3 : 00000000 r2 : 00000000 r1 : ffffffe6 r0 : c183a43a Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 0005317f Table: 10004000 DAC: 00000017 Process swapper (pid: 1, stack limit = 0xc180e270) Stack: (0xc180fef8 to 0xc1810000) fee0: 00000024 00000000 ff00: 00000000 c183b9c0 c183b8e0 c044b28c c0507ccc c019dfc4 c180ff2c c0503cf8 ff20: c180ff4c c180ff4c 00000000 c1835420 c182c740 c18349c0 c05233c0 00000000 ff40: 00000000 c00e6bb8 c180e000 00000000 c04dd82c c0507e7c c050cc18 c183b9c0 ff60: c05233c0 00000000 00000000 c01f34f4 c0430d70 c019d364 c04dd898 c04dd898 ff80: c04dd82c c0507e7c c180e000 00000000 c04c584c c01f4918 c04dd898 c04dd82c ffa0: c04ddd28 c180e000 00000000 c0008758 c181fa60 3231d82c 00000037 00000000 ffc0: 00000000 c04dd898 c04dd82c c04ddd28 00000013 00000000 00000000 00000000 ffe0: 00000000 c04b2224 00000000 c04b21a0 c001056c c001056c 00000000 00000000 Function entered at [<c02fbba0>] from [<c019dfc4>] Function entered at [<c019dfc4>] from [<c01f34f4>] Function entered at [<c01f34f4>] from [<c01f4918>] Function entered at [<c01f4918>] from [<c0008758>] Function entered at [<c0008758>] from [<c04b2224>] Function entered at [<c04b2224>] from [<c001056c>] Code: e1a00005 e3a01028 ebfa7cb0 e35a0000 (e5858028) Here PC is at __alloc_skb and &shinfo->dataref is unaligned because skb->end can be unaligned without this patch. As explained by Eric Dumazet <eric.dumazet@gmail.com>, this happens only with SLOB, and not with SLAB or SLUB: * Eric Dumazet <eric.dumazet@gmail.com> [111102 15:56]: > > Your patch is absolutely needed, I completely forgot about SLOB :( > > since, kmalloc(386) on SLOB gives exactly ksize=386 bytes, not nearest > power of two. > > [ 60.305763] malloc(size=385)->ffff880112c11e38 ksize=386 -> nsize=2 > [ 60.305921] malloc(size=385)->ffff88007c92ce28 ksize=386 -> nsize=2 > [ 60.306898] malloc(size=656)->ffff88007c44ad28 ksize=656 -> nsize=272 > [ 60.325385] malloc(size=656)->ffff88007c575868 ksize=656 -> nsize=272 > [ 60.325531] malloc(size=656)->ffff88011c777230 ksize=656 -> nsize=272 > [ 60.325701] malloc(size=656)->ffff880114011008 ksize=656 -> nsize=272 > [ 60.346716] malloc(size=385)->ffff880114142008 ksize=386 -> nsize=2 > [ 60.346900] malloc(size=385)->ffff88011c777690 ksize=386 -> nsize=2 Signed-off-by:
Tony Lindgren <tony@atomide.com> Acked-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
-
Eric Dumazet authored
Simon Kirby reported lockdep warnings and following messages : [104661.897577] huh, entered softirq 3 NET_RX ffffffff81613740 preempt_count 00000101, exited with 00000102? [104661.923653] huh, entered softirq 3 NET_RX ffffffff81613740 preempt_count 00000101, exited with 00000102? Problem comes from commit 0e734419 (ipv4: Use inet_csk_route_child_sock() in DCCP and TCP.) If inet_csk_route_child_sock() returns NULL, we should release socket lock before freeing it. Another lock imbalance exists if __inet_inherit_port() returns an error since commit 093d2823 ( tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()) a backport is also needed for >= 2.6.37 kernels. Reported-by:
Simon Kirby <sim@hostway.ca> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Tested-by:
-
Eric Dumazet authored
Misha Labjuk reported panics occurring in l2tp_recv_dequeue() If we release reorder_q.lock, we must not keep a dangling pointer (tmp), since another thread could manipulate reorder_q. Instead we must restart the scan at beginning of list. Reported-by:
Misha Labjuk <spiked.yar@gmail.com> Tested-by:
-
- Nov 02, 2011
-
-
Johannes Berg authored
Only AID values 1-2007 are valid, but some APs have been found to send random bogus values, in the reported case an AP that was sending the AID field value 0xffff, an AID of 0x3fff (16383). There isn't much we can do but disable powersave since there's no way it can work properly in this case. Cc: stable@vger.kernel.org Reported-by:
Bill C Riemers <briemers@redhat.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Jouni Malinen authored
We need to verify whether the command is successful before allocating the station entry to avoid extra processing. This also fixes a memory leak on the error path. Signed-off-by:
Jouni Malinen <j@w1.fi> Signed-off-by:
-
Eliad Peller authored
When going back on-channel, we should reconfigure the hw iff the hardware is not already configured to the operational channel. Signed-off-by:
Eliad Peller <eliad@wizery.com> Cc: stable@kernel.org # 2.6.39+ Signed-off-by:
-
Eliad Peller authored
The offchannel code is currently broken - we should remain_off_channel if the work was started, and the work's channel and channel_type are the same as local->tmp_channel and local->tmp_channel_type. However, if wk->chan_type and local->tmp_channel_type coexist (e.g. have the same channel type), we won't remain_off_channel. This behavior was introduced by commit da2fd1f0 ("mac80211: Allow work items to use existing channel type.") Tested-by:
Ben Greear <greearb@candelatech.com> Signed-off-by:
-
Eric Dumazet authored
udp_queue_rcv_skb() has a possible race in encap_rcv handling, since this pointer can be changed anytime. We should use ACCESS_ONCE() to close the race. Signed-off-by:
-
Dave Jones authored
commit cb101ed2 in 3.0 introduced a bug in x25_recvmsg() When passed bogus junk from userspace, x25->neighbour can be NULL, as shown in this oops.. BUG: unable to handle kernel NULL pointer dereference at 000000000000001c IP: [<ffffffffa05482bd>] x25_recvmsg+0x4d/0x280 [x25] PGD 1015f3067 PUD 105072067 PMD 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Pid: 27928, comm: iknowthis Not tainted 3.1.0+ #2 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H RIP: 0010:[<ffffffffa05482bd>] [<ffffffffa05482bd>] x25_recvmsg+0x4d/0x280 [x25] RSP: 0018:ffff88010c0b7cc8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88010c0b7d78 RCX: 0000000000000c02 RDX: ffff88010c0b7d78 RSI: ffff88011c93dc00 RDI: ffff880103f667b0 RBP: ffff88010c0b7d18 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880103f667b0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f479ce7f700(0000) GS:ffff88012a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000000001c CR3: 000000010529e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process iknowthis (pid: 27928, threadinfo ffff88010c0b6000, task ffff880103faa4f0) Stack: 0000000000000c02 0000000000000c02 ffff88010c0b7d18 ffffff958153cb37 ffffffff8153cb60 0000000000000c02 ffff88011c93dc00 0000000000000000 0000000000000c02 ffff88010c0b7e10 ffff88010c0b7de8 ffffffff815372c2 Call Trace: [<ffffffff8153cb60>] ? sock_update_classid+0xb0/0x180 [<ffffffff815372c2>] sock_aio_read.part.10+0x142/0x150 [<ffffffff812d6752>] ? inode_has_perm+0x62/0xa0 [<ffffffff815372fd>] sock_aio_read+0x2d/0x40 [<ffffffff811b05e2>] do_sync_read+0xd2/0x110 [<ffffffff812d3796>] ? security_file_permission+0x96/0xb0 [<ffffffff811b0a91>] ? rw_verify_area+0x61/0x100 [<ffffffff811b103d>] vfs_read+0x16d/0x180 [<ffffffff811b109d>] sys_read+0x4d/0x90 [<ffffffff81657282>] system_call_fastpath+0x16/0x1b Code: 8b 66 20 4c 8b 32 48 89 d3 48 89 4d b8 45 89 c7 c7 45 cc 95 ff ff ff 4d 85 e4 0f 84 ed 01 00 00 49 8b 84 24 18 05 00 00 4c 89 e7 78 1c 01 45 19 ed 31 f6 e8 d5 37 ff e0 41 0f b6 44 24 0e 41 Signed-off-by:
Dave Jones <davej@redhat.com> Acked-by:
-
- Nov 01, 2011
-
-
Arjan van de Ven authored
the tcp and udp code creates a set of struct file_operations at runtime while it can also be done at compile time, with the added benefit of then having these file operations be const. the trickiest part was to get the "THIS_MODULE" reference right; the naive method of declaring a struct in the place of registration would not work for this reason. Signed-off-by:
Arjan van de Ven <arjan@linux.intel.com> Signed-off-by:
-
Matthijs Kooijman authored
When (de)configuring a vlan interface, the IFF_ALLMULTI ans IFF_PROMISC flags are cleared or set on the underlying interface. So, if these flags are changed on a vlan interface that is not up, the flags underlying interface might be set or cleared twice. Only propagating flag changes when a device is up makes sure this does not happen. It also makes sure that an underlying device is not set to promiscuous or allmulti mode for a vlan device that is down. Signed-off-by:
Matthijs Kooijman <matthijs@stdin.nl> Signed-off-by:
-
David S. Miller authored
Whatever situations make this state legitimate when SMP also would be legitimate when !SMP and f.e. preemption is enabled. This is dubious enough that we should just delete it entirely. If we want to add debugging for neigh timer races, better more thorough mechanisms are needed. Signed-off-by: -
Florian Westphal authored
commit f1585086 (netfilter: nfnetlink_queue: return error number to caller) erronously assigns the return value of nf_queue() to the "ret" value. This can cause bogus return values if we encounter QUEUE verdict when bypassing is enabled, the listener does not exist and the next hook returns NF_STOLEN. In this case nf_hook_slow returned -ESRCH instead of 0. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
Several callers (h323 conntrack, xt_addrtype) assume that the returned **dst only needs to be released if the function returns 0. This is true for the ipv4 implementation, but not for the ipv6 one. Instead of changing the users, change the ipv6 implementation to behave like the ipv4 version by only providing the dst_entry result in the success case. Signed-off-by:
-
Krzysztof Wilczynski authored
This is to address the following warning during compilation time: net/netfilter/ipvs/ip_vs_core.c: In function ‘ip_vs_leave’: net/netfilter/ipvs/ip_vs_core.c:532: warning: unused variable ‘cs’ This variable is indeed no longer in use. Signed-off-by:
Krzysztof Wilczynski <krzysztof.wilczynski@linux.com> Signed-off-by:
Simon Horman <horms@verge.net.au>
-
Joe Perches authored
Site specific OOM messages are duplications of a generic MM out of memory message and aren't really useful, so just delete them. Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Simon Horman authored
ipvs is not used in ip_vs_genl_set_cmd() or ip_vs_genl_get_cmd() Acked-by:
Julian Anastasov <ja@ssi.bg> Acked-by Hans Schillstrom <hans@schillstrom.com> Signed-off-by:
-
Simon Horman authored
Acked-by:
-
Simon Horman authored
Acked-by:
-
Krzysztof Wilczynski authored
This is to expose "ports" parameter via sysfs so it can be read at any time in order to determine what port or ports were passed to the module at the point when it was loaded. Signed-off-by:
-
Joe Perches authored
Standardize the style for compiler based printf format verification. Standardized the location of __printf too. Done via script and a little typing. $ grep -rPl --include=*.[ch] -w "__attribute__" * | \ grep -vP "^(tools|scripts|include/linux/compiler-gcc.h)" | \ xargs perl -n -i -e 'local $/; while (<>) { s/\b__attribute__\s*\(\s*\(\s*format\s*\(\s*printf\s*,\s*(.+)\s*,\s*(.+)\s*\)\s*\)\s*\)/__printf($1, $2)/g ; print; }' [akpm@linux-foundation.org: revert arch bits] Signed-off-by:Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- Oct 31, 2011
-
-
Johan Hedberg authored
The HCI_MGMT flag should only be set when user space requests the full controller information. This way we avoid potential issues with setting change events ariving before the actual read_controller_info command finishes. Signed-off-by:
Johan Hedberg <johan.hedberg@intel.com> Signed-off-by:
Gustavo F. Padovan <padovan@profusion.mobi>
-
Szymon Janc authored
I've noticed that my CSR usb dongle was not working if it was plugged in when PC was booting. It looks like I get two HCI reset command complete events (see hcidump logs below). The root cause is reset called from off_timer. Timeout for this reset to complete is set to 250ms and my bt dongle requires more time for replying with command complete event. After that, chip seems to reply with reset command complete event for next non-reset command. Attached patch increase mentioned timeout to HCI_INIT_TIMEOUT, this value is already used for timeouting hci_reset_req in hci_dev_reset(). This might also be related to BT not working after suspend that was reported here some time ago. Hcidump log: 2011-09-12 23:13:27.379465 < HCI Command: Reset (0x03|0x0003) plen 0 2011-09-12 23:13:27.380797 > HCI Event: Command Complete (0x0e) plen 4 Reset (0x03|0x0003) ncmd 1 status 0x00 2011-09-12 23:13:27.380859 < HCI Command: Read Local Supported Features (0x04|0x000 3) plen 0 2011-09-12 23:13:27.760789 > HCI Event: Command Complete (0x0e) plen 4 Reset (0x03|0x0003) ncmd 1 status 0x00 2011-09-12 23:13:27.760831 < HCI Command: Read Local Version Information (0x04|0x00 01) plen 0 2011-09-12 23:13:27.764780 > HCI Event: Command Complete (0x0e) plen 12 Read Local Version Information (0x04|0x0001) ncmd 1 status 0x00 HCI Version: 1.1 (0x1) HCI Revision: 0x36f LMP Version: 1.1 (0x1) LMP Subversion: 0x36f Manufacturer: Cambridge Silicon Radio (10) Signed-off-by:Szymon Janc <szymon@janc.net.pl> Signed-off-by:
-
- Oct 30, 2011
-
-
Eric Dumazet authored
commit 2425717b (net: allow vlan traffic to be received under bond) broke ARP processing on vlan on top of bonding. +-------+ eth0 --| bond0 |---bond0.103 eth1 --| | +-------+ 52870.115435: skb_gro_reset_offset <-napi_gro_receive 52870.115435: dev_gro_receive <-napi_gro_receive 52870.115435: napi_skb_finish <-napi_gro_receive 52870.115435: netif_receive_skb <-napi_skb_finish 52870.115435: get_rps_cpu <-netif_receive_skb 52870.115435: __netif_receive_skb <-netif_receive_skb 52870.115436: vlan_do_receive <-__netif_receive_skb 52870.115436: bond_handle_frame <-__netif_receive_skb 52870.115436: vlan_do_receive <-__netif_receive_skb 52870.115436: arp_rcv <-__netif_receive_skb 52870.115436: kfree_skb <-arp_rcv Packet is dropped in arp_rcv() because its pkt_type was set to PACKET_OTHERHOST in the first vlan_do_receive() call, since no eth0.103 exists. We really need to change pkt_type only if no more rx_handler is about to be called for the packet. Signed-off-by:
Jiri Pirko <jpirko@redhat.com> Signed-off-by:
-
Andreas Hofmeister authored
The route lookup to find a previously auto-configured route for a prefixes used to use rt6_lookup(), with the prefix from the RA used as an address. However, that kind of lookup ignores routing tables, the prefix length and route flags, so when there were other matching routes, even in different tables and/or with a different prefix length, the wrong route would be manipulated. Now, a new function "addrconf_get_prefix_route()" is used for the route lookup, which searches in RT6_TABLE_PREFIX and takes the prefix-length and route flags into account. Signed-off-by:
Andreas Hofmeister <andi@collax.com> Signed-off-by:
-
- Oct 28, 2011
-
-
Gao feng authored
in func icmp6_dst_alloc,dst_metric_set call ipv6_cow_metrics to set metric. ipv6_cow_metrics may will call rt6_bind_peer to set rt6_info->rt6i_peer. So,we should move ipv6_addr_copy before dst_metric_set to make sure rt6_bind_peer success. Signed-off-by:
Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by:
-
Zheng Yan authored
We should return errcode from sock_alloc_send_skb() Signed-off-by:
Zheng Yan <zheng.z.yan@intel.com> Signed-off-by:
-
- Oct 27, 2011
-
-
Eric Dumazet authored
commit 66b13d99 (ipv4: tcp: fix TOS value in ACK messages sent from TIME_WAIT) fixed IPv4 only. This part is for the IPv6 side, adding a tclass param to ip6_xmit() We alias tw_tclass and tw_tos, if socket family is INET6. [ if sockets is ipv4-mapped, only IP_TOS socket option is used to fill TOS field, TCLASS is not taken into account ] Signed-off-by:
-
- Oct 25, 2011
-
-
David Woodhouse authored
The caif code will register its own pernet_operations, and then register a netdevice_notifier. Each time the netdevice_notifier is triggered, it'll do some stuff... including a lookup of its own pernet stuff with net_generic(). If the net_generic() call ever returns NULL, the caif code will BUG(). That doesn't seem *so* unreasonable, I suppose — it does seem like it should never happen. However, it *does* happen. When we clone a network namespace, setup_net() runs through all the pernet_operations one at a time. It gets to loopback before it gets to caif. And loopback_net_init() registers a netdevice... while caif hasn't been initialised. So the caif netdevice notifier triggers, and immediately goes BUG(). We could imagine a complex and overengineered solution to this generic class of problems, but this patch takes the simple approach. It just makes caif_device_notify() *not* go looking for its pernet data structures if the device it's being notified about isn't a caif device in the first place. Cc: stable@kernel.org Signed-off-by:
David Woodhouse <David.Woodhouse@intel.com> Acked-by:
Sjur Brændeland <sjur.brandeland@stericsson.com> Signed-off-by:
-
Thomas Gleixner authored
Signed-off-by:
-
Sage Weil authored
If we skip over one or more map epochs, we need to resend all osd requests because it is possible they remapped to other servers and then back. Signed-off-by:Sage Weil <sage@newdream.net>
-
Noah Watkins authored
Change ceph_parse_ips to take either names given as IP addresses or standard hostnames (e.g. localhost). The DNS lookup is done using the dns_resolver facility similar to its use in AFS, NFS, and CIFS. This patch defines CONFIG_CEPH_LIB_USE_DNS_RESOLVER that controls if this feature is on or off. Signed-off-by:
Noah Watkins <noahwatkins@gmail.com> Signed-off-by:
-
Noah Watkins authored
failure clean up does not consider ceph_auth_init. Signed-off-by:
-
Sage Weil authored
Any non-masked msg allocation failure should generate a warning and stack trace to the console. All of these need to eventually be replaced by safe preallocation or msgpools. Signed-off-by: -
Sage Weil authored
The pool allocation failures are masked by the pool; there is no need to spam the console about them. (That's the whole point of having the pool in the first place.) Mark msg allocations whose failure is safely handled as such. Signed-off-by: -
Sage Weil authored
Allocate the mon connection on init. We already reuse it across reconnects. Remove now unnecessary (and incomplete) NULL checks. Signed-off-by: -
Sage Weil authored
This simplifies the init/shutdown paths, and makes client->msgr available during the rest of the setup process. Signed-off-by: -
Antonio Quartulli authored
Function tt_response_fill_table() actually uses a tt_local_entry pointer to iterate either over the local or the global table entries (it depends on the what hash table is passed as argument). To iterate over such entries the hlist_for_each_entry_rcu() macro has to access their "hash_entry" field which MUST be at the same position in both the tt_global/local_entry structures. Reported-by:
Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by:
Antonio Quartulli <ordex@autistici.org> Signed-off-by:
Marek Lindner <lindner_marek@yahoo.de>
-
Simon Wunderlich authored
After removing the batman-adv module, the hash may be already gone when tt_global_del_orig() tries to clean the hash. This patch adds a sanity check to avoid this. Signed-off-by:
Alexey Fisher <bug-track@fisher-privat.net> Signed-off-by:
-
