aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-10-03make PACKET_STATISTICS getsockopt report consistently between ring and non-ringWillem de Bruijn
This is a minor change. Up until kernel 2.6.32, getsockopt(fd, SOL_PACKET, PACKET_STATISTICS, ...) would return total and dropped packets since its last invocation. The introduction of socket queue overflow reporting [1] changed drop rate calculation in the normal packet socket path, but not when using a packet ring. As a result, the getsockopt now returns different statistics depending on the reception method used. With a ring, it still returns the count since the last call, as counts are incremented in tpacket_rcv and reset in getsockopt. Without a ring, it returns 0 if no drops occurred since the last getsockopt and the total drops over the lifespan of the socket otherwise. The culprit is this line in packet_rcv, executed on a drop: drop_n_acct: po->stats.tp_drops = atomic_inc_return(&sk->sk_drops); As it shows, the new drop number it taken from the socket drop counter, which is not reset at getsockopt. I put together a small example that demonstrates the issue [2]. It runs for 10 seconds and overflows the queue/ring on every odd second. The reported drop rates are: ring: 16, 0, 16, 0, 16, ... non-ring: 0, 15, 0, 30, 0, 46, 0, 60, 0 , 74. Note how the even ring counts monotonically increase. Because the getsockopt adds tp_drops to tp_packets, total counts are similarly reported cumulatively. Long story short, reinstating the original code, as the below patch does, fixes the issue at the cost of additional per-packet cycles. Another solution that does not introduce per-packet overhead is be to keep the current data path, record the value of sk_drops at getsockopt() at call N in a new field in struct packetsock and subtract that when reporting at call N+1. I'll be happy to code that, instead, it's just more messy. [1] http://patchwork.ozlabs.org/patch/35665/ [2] http://kernel.googlecode.com/files/test-packetsock-getstatistics.c Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-10-03net: xen-netback: correctly restart Tx after a VM restore/migrateDavid Vrabel
If a VM is saved and restored (or migrated) the netback driver will no longer process any Tx packets from the frontend. xenvif_up() does not schedule the processing of any pending Tx requests from the front end because the carrier is off. Without this initial kick the frontend just adds Tx requests to the ring without raising an event (until the ring is full). This was caused by 47103041e91794acdbc6165da0ae288d844c820b (net: xen-netback: convert to hw_features) which reordered the calls to xenvif_up() and netif_carrier_on() in xenvif_connect(). Signed-off-by: David Vrabel <david.vrabel@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-10-03bonding: properly stop queuing work when requestedAndy Gospodarek
During a test where a pair of bonding interfaces using ARP monitoring were both brought up and torn down (with an rmmod) repeatedly, a panic in the timer code was noticed. I tracked this down and determined that any of the bonding functions that ran as workqueue handlers and requeued more work might not properly exit when the module was removed. There was a flag protected by the bond lock called kill_timers that is set when the interface goes down or the module is removed, but many of the functions that monitor link status now unlock the bond lock to take rtnl first. There is a chance that another CPU running the rmmod could get the lock and set kill_timers after the first check has passed. This patch does not allow any function to queue work that will make itself run unless kill_timers is not set. I also noticed while doing this work that bond_resend_igmp_join_requests did not have a check for kill_timers, so I added the needed call there as well. Signed-off-by: Andy Gospodarek <andy@greyhouse.net> Reported-by: Liang Zheng <lzheng@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29can bcm: fix incomplete tx_setup fixOliver Hartkopp
The commit aabdcb0b553b9c9547b1a506b34d55a764745870 ("can bcm: fix tx_setup off-by-one errors") fixed only a part of the original problem reported by Andre Naujoks. It turned out that the original code needed to be re-ordered to reduce complexity and to finally fix the reported frame counting issues. Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29RDSRDMA: Fix cleanup of rds_iw_mr_poolJonathan Lallinger
In the rds_iw_mr_pool struct the free_pinned field keeps track of memory pinned by free MRs. While this field is incremented properly upon allocation, it is never decremented upon unmapping. This would cause the rds_rdma module to crash the kernel upon unloading, by triggering the BUG_ON in the rds_iw_destroy_mr_pool function. This change keeps track of the MRs that become unpinned, so that free_pinned can be decremented appropriately. Signed-off-by: Jonathan Lallinger <jonathan@ogc.us> Signed-off-by: Steve Wise <swise@ogc.us> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29net: Documentation: Fix type of variablesRoy.Li
Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29ibmveth: Fix oops on request_irq failureBrian King
If request_irq fails, the ibmveth driver will overwrite the rc and end up returning a successful rc on its open function, resulting in an oops later when a packet gets sent and buffers are not allocated due to the failed open. Signed-off-by: Brian King <brking@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socketYan, Zheng
ipv6_ac_list and ipv6_fl_list from listening socket are inadvertently shared with new socket created for connection. Signed-off-by: Zheng Yan <zheng.z.yan@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29cxgb4: Fix EEH on IBM P7IOCDivy Le Ray
Fix EEH recovery on new P Series platform by requesting fundamental reset. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29can bcm: fix tx_setup off-by-one errorsOliver Hartkopp
This patch fixes two off-by-one errors that canceled each other out. Checking for the same condition two times in bcm_tx_timeout_tsklet() reduced the count of frames to be sent by one. This did not show up the first time tx_setup is invoked as an additional frame is sent due to TX_ANNONCE. Invoking a second tx_setup on the same item led to a reduced (by 1) number of sent frames. Reported-by: Andre Naujoks <nautsch@gmail.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29MAINTAINERS: tehuti: Alexander Indenbaum's address bouncesIan Campbell
I got: Generating server: Tehuti.onmicrosoft.com baum@tehutinetworks.net #< #5.1.1 smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found> #SMTP# Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Alexander Indenbaum <baum@tehutinetworks.net> Cc: Andy Gospodarek <andy@greyhouse.net> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29dp83640: reduce driver noiseRichard Cochran
The driver has two warning messages that might be triggered by normal use cases. When they appear, the messages give the impression of a never ending series of errors. This commit changes them to debug messages instead. Signed-off-by: Richard Cochran <richard.cochran@omicron.at> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-29ptp: fix L2 event message recognitionRichard Cochran
The IEEE 1588 standard defines two kinds of messages, event and general messages. Event messages require time stamping, and general do not. When using UDP transport, two separate ports are used for the two message types. The BPF designed to recognize event messages incorrectly classifies L2 general messages as event messages. This commit fixes the issue by extending the filter to check the message type field for L2 PTP packets. Event messages are be distinguished from general messages by testing the "general" bit. Signed-off-by: Richard Cochran <richard.cochran@omicron.at> Cc: <stable@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-28bootup: move 'usermodehelper_enable()' to the end of do_basic_setup()Linus Torvalds
Doing it just before starting to call into cpu_idle() made a sick kind of sense only because the original bug we fixed (see commit 288d5abec831: "Boot up with usermodehelper disabled") was about problems with some scheduler data structures not being initialized, and they had better be initialized at that point. But it really didn't make any other conceptual sense, and doing it after the initial "schedule()" call for the idle thread actually opened up a race: what if the main initialization thread did everything without needing to sleep, and got all the way into user land too? Without actually having scheduled back to the idle thread? Now, in normal circumstances that doesn't ever happen, but it looks like Richard Cochran triggered exactly that on his ARM IXP4xx machines: "I have some ARM IXP4xx based machines that use the two on chip MAC ports (aka NPEs). The NPE needs a firmware in order to function. Ever since the following commit [that 288d5abec831 one], it is no longer possible to bring up the interfaces during the init scripts." with a call trace showing an ioctl coming from user space. Richard says: "The init is busybox, and the startup script does mount, syslogd, and then ifup, so that all can go by quickly." The fix is to move the usermodehelper_enable() into the main 'init' thread, and just put it after we've done all our initcalls. By then, everything really should be up, but we've obviously not actually started the user-mode portion of init yet. Reported-and-tested-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-09-28Merge git://github.com/davem330/netLinus Torvalds
* git://github.com/davem330/net: ipv6-multicast: Fix memory leak in IPv6 multicast. ipv6: check return value for dst_alloc net: check return value for dst_alloc ipv6-multicast: Fix memory leak in input path. bnx2x: add missing break in bnx2x_dcbnl_get_cap bnx2x: fix WOL by enablement PME in config space bnx2x: fix hw attention handling net: fix a typo in Documentation/networking/scaling.txt ath9k: Fix a dma warning/memory leak rtlwifi: rtl8192cu: Fix unitialized struct iwlagn: fix dangling scan request batman-adv: do_bcast has to be true for broadcast packets only cfg80211: Fix validation of AKM suites iwlegacy: do not use interruptible waits iwlegacy: fix command queue timeout ath9k_hw: Fix Rx DMA stuck for AR9003 chips
2011-09-28Merge git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6Linus Torvalds
* git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6: [SCSI] 3w-9xxx: fix iommu_iova leak [SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereference [SCSI] scsi: qla4xxx needs libiscsi.o [SCSI] libsas: fix failure to revalidate domain for anything but the first expander child. [SCSI] aacraid: reset should disable MSI interrupt
2011-09-28Merge branch 'for-linus' of git://git.kernel.dk/linux-blockLinus Torvalds
* 'for-linus' of git://git.kernel.dk/linux-block: block: Free queue resources at blk_release_queue()
2011-09-28Merge branch 'writeback-for-linus' of git://github.com/fengguang/linuxLinus Torvalds
* 'writeback-for-linus' of git://github.com/fengguang/linux: writeback: show raw dirtied_when in trace writeback_single_inode
2011-09-28block: Free queue resources at blk_release_queue()Hannes Reinecke
A kernel crash is observed when a mounted ext3/ext4 filesystem is physically removed. The problem is that blk_cleanup_queue() frees up some resources eg by calling elevator_exit(), which are not checked for in normal operation. So we should rather move these calls to the destructor function blk_release_queue() as at that point all remaining references are gone. However, in doing so we have to ensure that any externally supplied queue_lock is disconnected as the driver might free up the lock after the call of blk_cleanup_queue(), Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
2011-09-27Merge branch 'for-davem' of git://git.infradead.org/users/linville/wirelessDavid S. Miller
2011-09-27Linux 3.1-rc8Linus Torvalds
2011-09-27Merge branch 'for-linus' of git://github.com/tiwai/soundLinus Torvalds
* 'for-linus' of git://github.com/tiwai/sound: ASoC: ssm2602: Re-enable oscillator after suspend ALSA: usb-audio: Check for possible chip NULL pointer before clearing probing flag ALSA: hda/realtek - Don't detect LO jack when identical with HP ALSA: hda/realtek - Avoid bogus HP-pin assignment ALSA: HDA: No power nids on 92HD93 ASoC: omap-mcbsp: Do not attempt to change DAI sysclk if stream is active
2011-09-27Merge branch 'pm-fixes' of git://github.com/rjwysocki/linux-pmLinus Torvalds
* 'pm-fixes' of git://github.com/rjwysocki/linux-pm: PM / Clocks: Do not acquire a mutex under a spinlock
2011-09-27Merge branch 'master' of git://git.infradead.org/users/linville/wireless ↵John W. Linville
into for-davem
2011-09-27ipv6-multicast: Fix memory leak in IPv6 multicast.Ben Greear
If reg_vif_xmit cannot find a routing entry, be sure to free the skb before returning the error. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27ipv6: check return value for dst_allocMadalin Bucur
return value of dst_alloc must be checked before use Signed-off-by: Madalin Bucur <madalin.bucur@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27net: check return value for dst_allocMadalin Bucur
return value of dst_alloc must be checked before use Signed-off-by: Madalin Bucur <madalin.bucur@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27ipv6-multicast: Fix memory leak in input path.Ben Greear
Have to free the skb before returning if we fail the fib lookup. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27Merge branch 'batman-adv/maint' of git://git.open-mesh.org/linux-mergeDavid S. Miller
2011-09-27bnx2x: add missing break in bnx2x_dcbnl_get_capShmulik Ravid
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27bnx2x: fix WOL by enablement PME in config spaceDmitry Kravkov
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27bnx2x: fix hw attention handlingDmitry Kravkov
Use register name to initialize attention mask Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27net: fix a typo in Documentation/networking/scaling.txtJason Wang
Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-27Merge branch 'fix/asoc' into for-linusTakashi Iwai
2011-09-27vfs: remove LOOKUP_NO_AUTOMOUNT flagLinus Torvalds
That flag no longer makes sense, since we don't look up automount points as eagerly any more. Additionally, it turns out that the NO_AUTOMOUNT handling was buggy to begin with: it would avoid automounting even for cases where we really *needed* to do the automount handling, and could return ENOENT for autofs entries that hadn't been instantiated yet. With our new non-eager automount semantics, one discussion has been about adding a AT_AUTOMOUNT flag to vfs_fstatat (and thus the newfstatat() and fstatat64() system calls), but it's probably not worth it: you can always force at least directory automounting by simply adding the final '/' to the filename, which works for *all* of the stat family system calls, old and new. So AT_NO_AUTOMOUNT (and thus LOOKUP_NO_AUTOMOUNT) really were just a result of our bad default behavior. Acked-by: Ian Kent <raven@themaw.net> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-09-27ASoC: ssm2602: Re-enable oscillator after suspendLars-Peter Clausen
Currently the the internal oscillator is powered down when entering BIAS_OFF state, but not re-enabled when going back to BIAS_STANDBY. As a result the CODEC will stop working after suspend if the internal oscillator is used to generate the sysclock signal. This patch fixes it by clearing the appropriate bit in the power down register when the CODEC is re-enabled. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Cc: stable@kernel.org
2011-09-26VFS: Fix the remaining automounter semantics regressionsTrond Myklebust
The concensus seems to be that system calls such as stat() etc should not trigger an automount. Neither should the l* versions. This patch therefore adds a LOOKUP_AUTOMOUNT flag to tag those lookups that _should_ trigger an automount on the last path element. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> [ Edited to leave out the cases that are already covered by LOOKUP_OPEN, LOOKUP_DIRECTORY and LOOKUP_CREATE - all of which also fundamentally force automounting for their own reasons - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-09-26vfs pathname lookup: Add LOOKUP_AUTOMOUNT flagLinus Torvalds
Since we've now turned around and made LOOKUP_FOLLOW *not* force an automount, we want to add the ability to force an automount event on lookup even if we don't happen to have one of the other flags that force it implicitly (LOOKUP_OPEN, LOOKUP_DIRECTORY, LOOKUP_PARENT..) Most cases will never want to use this, since you'd normally want to delay automounting as long as possible, which usually implies LOOKUP_OPEN (when we open a file or directory, we really cannot avoid the automount any more). But Trond argued sufficiently forcefully that at a minimum bind mounting a file and quotactl will want to force the automount lookup. Some other cases (like nfs_follow_remote_path()) could use it too, although LOOKUP_DIRECTORY would work there as well. This commit just adds the flag and logic, no users yet, though. It also doesn't actually touch the LOOKUP_NO_AUTOMOUNT flag that is related, and was made irrelevant by the same change that made us not follow on LOOKUP_FOLLOW. Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Ian Kent <raven@themaw.net> Cc: Jeff Layton <jlayton@redhat.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Greg KH <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-09-26Merge branch 'samsung-fixes-3' of git://github.com/kgene/linux-samsungLinus Torvalds
* 'samsung-fixes-3' of git://github.com/kgene/linux-samsung: ARM: EXYNOS4: Rename sclk_cam clocks for FIMC driver ARM: S5PV210: Rename sclk_cam clocks for FIMC media driver ARM: S5P: fix incorrect loop iterator usage on gpio-interrupt ARM: S3C2443: Fix bit-reset in setrate of clk_armdiv
2011-09-27ARM: EXYNOS4: Rename sclk_cam clocks for FIMC driverSylwester Nawrocki
The sclk_cam clocks are now controlled by the top level FIMC media device driver bound to "s5p-fimc-md" platform device. Rename sclk_cam clocks so they accessible by the corresponding driver. Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2011-09-27ARM: S5PV210: Rename sclk_cam clocks for FIMC media driverSylwester Nawrocki
The sclk_cam clocks are now controlled by the top level FIMC media device driver bound to "s5p-fimc-md" platform device. Rename sclk_cam clocks so they accessible by the corresponding driver. Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2011-09-26Merge branch 'hwmon-for-linus' of git://github.com/groeck/linuxLinus Torvalds
* 'hwmon-for-linus' of git://github.com/groeck/linux: hwmon: (coretemp) remove struct platform_data * parameter from create_core_data() hwmon: (coretemp) constify static data hwmon: (coretemp) don't use kernel assigned CPU number as platform device ID hwmon: (ds620) Fix handling of negative temperatures hwmon: (w83791d) rename prototype parameter from 'register' to 'reg' hwmon: (coretemp) Don't use threshold registers for tempX_max hwmon: (coretemp) Let the user force TjMax hwmon: (coretemp) Drop duplicate function get_pkg_tjmax
2011-09-26Merge branch 'kvm-updates/3.1' of git://github.com/avikivity/kvmLinus Torvalds
* 'kvm-updates/3.1' of git://github.com/avikivity/kvm: KVM: x86 emulator: fix Src2CL decode KVM: MMU: fix incorrect return of spte
2011-09-26Merge branch 'fixes' of ↵Linus Torvalds
http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm * 'fixes' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm: ARM: 7099/1: futex: preserve oldval in SMP __futex_atomic_op ARM: dma-mapping: free allocated page if unable to map ARM: fix vmlinux.lds.S discarding sections ARM: nommu: fix warning with checksyscalls.sh ARM: 7091/1: errata: D-cache line maintenance operation by MVA may not succeed
2011-09-26ath9k: Fix a dma warning/memory leakMohammed Shafi Shajakhan
proper dma_unmapping and freeing of skb's has to be done in the rx cleanup for EDMA chipsets when the device is unloaded and this also seems to address the following warning which shows up occasionally when the device is unloaded Call Trace: [<c0148cd2>] warn_slowpath_common+0x72/0xa0 [<c03b669c>] ? dma_debug_device_change+0x19c/0x200 [<c03b669c>] ? dma_debug_device_change+0x19c/0x200 [<c0148da3>] warn_slowpath_fmt+0x33/0x40 [<c03b669c>] dma_debug_device_change+0x19c/0x200 [<c0657f12>] notifier_call_chain+0x82/0xb0 [<c0171370>] __blocking_notifier_call_chain+0x60/0x90 [<c01713bf>] blocking_notifier_call_chain+0x1f/0x30 [<c044f594>] __device_release_driver+0xa4/0xc0 [<c044f647>] driver_detach+0x97/0xa0 [<c044e65c>] bus_remove_driver+0x6c/0xe0 [<c029af0b>] ? sysfs_addrm_finish+0x4b/0x60 [<c0450109>] driver_unregister+0x49/0x80 [<c0299f54>] ? sysfs_remove_file+0x14/0x20 [<c03c3ab2>] pci_unregister_driver+0x32/0x80 [<f92c2162>] ath_pci_exit+0x12/0x20 [ath9k] [<f92c8467>] ath9k_exit+0x17/0x36 [ath9k] [<c06523cd>] ? mutex_unlock+0xd/0x10 [<c018e27f>] sys_delete_module+0x13f/0x200 [<c02139bb>] ? sys_munmap+0x4b/0x60 [<c06547c5>] ? restore_all+0xf/0xf [<c0657a20>] ? spurious_fault+0xe0/0xe0 [<c01832f4>] ? trace_hardirqs_on_caller+0xf4/0x180 [<c065b863>] sysenter_do_call+0x12/0x38 ---[ end trace 16e1c1521c06bcf9 ]--- Mapped at: [<c03b7938>] debug_dma_map_page+0x48/0x120 [<f92ba3e8>] ath_rx_init+0x3f8/0x4b0 [ath9k] [<f92b5ae4>] ath9k_init_device+0x4c4/0x7b0 [ath9k] [<f92c2813>] ath_pci_probe+0x263/0x330 [ath9k] Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-26rtlwifi: rtl8192cu: Fix unitialized structLarry Finger
Driver rtl8192cu assigns a new struct rtl_tcb_desc object, but fails to clear it. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@kernel.org> [2.6.39+] Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-26iwlagn: fix dangling scan requestJohannes Berg
If iwl_scan_initiate() fails for any reason, priv->scan_request and priv->scan_vif are left dangling. This can lead to a crash later when iwl_bg_scan_completed() tries to run a pending scan request. In practice, this seems to be very rare due to the STATUS_SCANNING check earlier. That check, however, is wrong -- it should allow a scan to be queued when a reset/roc scan is going on. When a normal scan is already going on, a new one can't be issued by mac80211, so that code can be removed completely. I introduced this bug when adding off-channel support in commit 266af4c745952e9bebf687dd68af58df553cb59d. Cc: stable@kernel.org [3.0] Reported-by: Peng Yan <peng.yan@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-09-26PM / Clocks: Do not acquire a mutex under a spinlockRafael J. Wysocki
Commit b7ab83e (PM: Use spinlock instead of mutex in clock management functions) introduced a regression causing clocks_mutex to be acquired under a spinlock. This happens because pm_clk_suspend() and pm_clk_resume() call pm_clk_acquire() under pcd->lock, but pm_clk_acquire() executes clk_get() which causes clocks_mutex to be acquired. Similarly, __pm_clk_remove(), executed under pcd->lock, calls clk_put(), which also causes clocks_mutex to be acquired. To fix those problems make pm_clk_add() call pm_clk_acquire(), so that pm_clk_suspend() and pm_clk_resume() don't have to do that. Change pm_clk_remove() and pm_clk_destroy() to separate modifications of the pcd->clock_list list from the actual removal of PM clock entry objects done by __pm_clk_remove(). Reported-and-tested-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
2011-09-26[SCSI] 3w-9xxx: fix iommu_iova leakJames Bottomley
Following reports on the list, it looks like the 3e-9xxx driver will leak dma mappings every time we get a transient queueing error back from the card. This is because it maps the sg list in the routine that sends the command, but doesn't unmap again in the transient failure path (even though the command is sent back to the block layer). Fix by unmapping before returning the status. Reported-by: Chris Boot <bootc@bootc.net> Tested-by: Chris Boot <bootc@bootc.net> Acked-by: Adam Radford <aradford@gmail.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2011-09-26[SCSI] cxgb3i: convert cdev->l2opt to use rcu to prevent NULL dereferenceNeil Horman
This oops was reported recently: d:mon> e cpu 0xd: Vector: 300 (Data Access) at [c0000000fd4c7120] pc: d00000000076f194: .t3_l2t_get+0x44/0x524 [cxgb3] lr: d000000000b02108: .init_act_open+0x150/0x3d4 [cxgb3i] sp: c0000000fd4c73a0 msr: 8000000000009032 dar: 0 dsisr: 40000000 current = 0xc0000000fd640d40 paca = 0xc00000000054ff80 pid = 5085, comm = iscsid d:mon> t [c0000000fd4c7450] d000000000b02108 .init_act_open+0x150/0x3d4 [cxgb3i] [c0000000fd4c7500] d000000000e45378 .cxgbi_ep_connect+0x784/0x8e8 [libcxgbi] [c0000000fd4c7650] d000000000db33f0 .iscsi_if_rx+0x71c/0xb18 [scsi_transport_iscsi2] [c0000000fd4c7740] c000000000370c9c .netlink_data_ready+0x40/0xa4 [c0000000fd4c77c0] c00000000036f010 .netlink_sendskb+0x4c/0x9c [c0000000fd4c7850] c000000000370c18 .netlink_sendmsg+0x358/0x39c [c0000000fd4c7950] c00000000033be24 .sock_sendmsg+0x114/0x1b8 [c0000000fd4c7b50] c00000000033d208 .sys_sendmsg+0x218/0x2ac [c0000000fd4c7d70] c00000000033f55c .sys_socketcall+0x228/0x27c [c0000000fd4c7e30] c0000000000086a4 syscall_exit+0x0/0x40 --- Exception: c01 (System Call) at 00000080da560cfc The root cause was an EEH error, which sent us down the offload_close path in the cxgb3 driver, which in turn sets cdev->l2opt to NULL, without regard for upper layer driver (like the cxgbi drivers) which might have execution contexts in the middle of its use. The result is the oops above, when t3_l2t_get attempts to dereference L2DATA(cdev)->nentries in arp_hash right after the EEH error handler sets it to NULL. The fix is to prevent the setting of the NULL pointer until after there are no further users of it. The t3cdev->l2opt pointer is now converted to be an rcu pointer and the L2DATA macro is now called under the protection of the rcu_read_lock(). When the EEH error path: t3_adapter_error->offload_close->cxgb3_offload_deactivate Is exectured, setting of that l2opt pointer to NULL, is now gated on an rcu quiescence point, preventing, allowing L2DATA callers to safely check for a NULL pointer without concern that the underlying data will be freeded before the pointer is dereferenced. This has been tested by the reporter and shown to fix the reproted oops [nhorman: fix up unitinialised variable reported by Dan Carpenter] Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reviewed-by: Karen Xie <kxie@chelsio.com> Cc: stable@kernel.org Signed-off-by: James Bottomley <JBottomley@Parallels.com>