- 29 Jul, 2008 33 commits
-
-
Harvey Harrison authored
drivers/net/wireless/mac80211_hwsim.c:503:20: warning: Using plain integer as NULL pointer Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Andrew Morton authored
ia64: drivers/net/wireless/iwlwifi/iwl-led.c: In function `iwl_get_blink_rate': drivers/net/wireless/iwlwifi/iwl-led.c:271: warning: long long int format, s64 arg (arg 6) drivers/net/wireless/iwlwifi/iwl-led.c:271: warning: long long int format, u64 arg (arg 7) We do not know what type the architecture uses to impement u64 and s64, hence we must cast the variables for printing. Cc: Tomas Winkler <tomas.winkler@intel.com> Cc: John W. Linville <linville@tuxdriver.com> Cc: Zhu Yi <yi.zhu@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jeremy Fitzhardinge authored
Return the proper error code rather than a hard-coded ENOMEM from ieee80211_wep_init. Also, print the error code on failure. Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
Use dev_kfree_skb_any(); instead of dev_kfree_skb();, since ieee80211_beacon_get function might be called from atomic. (It's in a fail path.) Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
When the queues are being initialized the entry flags fields must be reset to 0. When this does not happen some entries might still be marked as "occupied" after an ifdown & ifup cycle which would trigger errors when the entry is being accessed: phy0 -> rt2x00queue_write_tx_frame: Error - Arrived at non-free entry in the non-full queue 0. Please file bug report to http://rt2x00.serialmonkey.com. This also fixes the mac80211 warning: ------------[ cut here ]------------ WARNING: at net/mac80211/tx.c:1238 ieee80211_master_start_xmit+0x30a/0x350 [mac80211]() which was triggered by the queue error. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
rt2x00 will only perform configuration changes from mac80211 when the configuration option has changed. This means it keeps track of the current active configuration and will check these values when the config() callback function is used. However this causes breakage when the interface has been brought down and up again, since all stored active values aren't reset while the registers might have. This is for example the case with rt61pci antenna registers which will jump to invalid values when the interface has been started. To make sure a full configuration takes place after the start() callback function, a new flag is added which will be checked during config() and skips the "what's changed" phase. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Julia Lawall authored
The mutex is released on a successful return, so it would seem that it should be released on an error return as well. The semantic patch finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression l; @@ mutex_lock(l); ... when != mutex_unlock(l) when any when strict ( if (...) { ... when != mutex_unlock(l) + mutex_unlock(l); return ...; } | mutex_unlock(l); ) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: stable <stable@kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Julia Lawall authored
The mutex is released on a successful return, so it would seem that it should be released on an error return as well. The semantic patch finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression l; @@ mutex_lock(l); ... when != mutex_unlock(l) when any when strict ( if (...) { ... when != mutex_unlock(l) + mutex_unlock(l); return ...; } | mutex_unlock(l); ) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
When sending the RTS/CTS frame fails, we should free the skb buffer which was created. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
When IEEE80211_TX_CTL_ASSIGN_SEQ is not set, the driver should disable hardware sequence counting to make sure the mac80211 provided counter is used. This fixes QOS sequence counting, since that is one of the cases where mac80211 provides a seperate sequence counter. By moving the sequence counting code to rt2x00queue we make sure that _all_ frames get the sequence counter, including RTS/CTS and Beacon frames. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Iwo Mergler authored
When setting up a beacon template, the length of the beacon is calculated with the assumption that the SKB already contains the Tx descriptor. In the case of beacons it doesn't. This patch undoes the damage by adding the Tx descriptor length to the beacon length. This is safe, because the shortest possible beacon is longer than the Tx header. Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Iwo Mergler authored
Switches rt73usb to use large vendor requests for firmware and beacons. This also fixes the garbled beacon bug. Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Iwo Mergler authored
Adds an extra rt2x00 vendor request function to support register transfers beyond the CSR_CACHE_SIZE / USB packet size limit. This is useful for firmware uploads, beacon templates and keys, all of which are to large to do with a single USB request. Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
Olivier reported a difference between the EIFS values used in the legacy driver and the one in the rt2x00 drivers. In rt2x00 the value was ( SIFS + (8 * (IEEE80211_HEADER + ACK_SIZE)) ) which comes down to 314us while the legacy driver uses the value 364us This was caused because EIFS is: SIFS + DIFS + AckTime This patch will fix this by adding the DIFS by the above value, and creating a SHORT_EIFS define which uses the SHORT_DIFS. Reported-by: Olivier Cornu <o.cornu@gmail.com> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Ivo van Doorn authored
rt2x00queue_free_skb() was declared twice. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Pavel Roskin authored
MSI is a nice thing, but we cannot enable it without changing the interrupt handler. If we do it, we break MSI capable hardware, specifically AR5006 chipset. Signed-off-by: Pavel Roskin <proski@gnu.org> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bob Copeland authored
ath5k_beacon_update takes sc->lock upon entry. However, it is only called from within ath5k_config_interface, which already holds the lock. Remove the unnecessary locking from ath5k_beacon_update. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Denis V. Lunev authored
CC [M] drivers/net/wireless/iwlwifi/iwl-scan.o drivers/net/wireless/iwlwifi/iwl-scan.c: In function 'iwl_rx_scan_complete_notif': drivers/net/wireless/iwlwifi/iwl-scan.c:274: warning: unused variable 'scan_notif' Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Tomas Winkler <tomasw@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Denis V. Lunev authored
CC [M] drivers/net/wireless/iwlwifi/iwl-rfkill.o drivers/net/wireless/iwlwifi/iwl-led.c: In function 'iwl_led_brightness_set': drivers/net/wireless/iwlwifi/iwl-led.c:198: error: 'led_type_str' undeclared (first use in this function) drivers/net/wireless/iwlwifi/iwl-led.c:198: error: (Each undeclared identifier is reported only once drivers/net/wireless/iwlwifi/iwl-led.c:198: error: for each function it appears in.) The problem is that led_type_str is defined under CONFIG_IWLWIFI_DEBUG while IWL_DEBUG is a static inline function in this case. Replace it with macro. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Brian Cavagnolo authored
Some persistent settings were using hex and others decimal. In some cases, values were set in hex but reported in decimal. Confusing. Signed-off-by: Brian Cavagnolo <brian@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Rami Rosen authored
When building the wireless-next-2.6 tree with CONFIG_IWL3945 (for building iwl-3945 driver) and where CONFIG_IWL3945_LEDS is not set, we get this warning: drivers/net/wireless/iwlwifi/iwl-3945.c: In function 'iwl3945_pass_packet_to_mac80211': drivers/net/wireless/iwlwifi/iwl-3945.c:633: warning: unused variable 'hdr' This patch adds #ifdef to iwl3945_pass_packet_to_mac80211() to avoid this warning. (The variable 'hdr' is used only if CONFIG_IWL3945_LEDS is set) Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Henrique de Moraes Holschuh authored
For some stupid reason, I sent and old version of the patch minor kernel doc-fix patch, and it got merged before I noticed the problem. This is an incremental fix on top. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Henrique de Moraes Holschuh authored
There are two mutexes in rfkill: rfkill->mutex, which protects some of the fields of a rfkill struct, and is also used for callback serialization. rfkill_mutex, which protects the global state, the list of registered rfkill structs and rfkill->claim. Make sure to use the correct mutex, and to not miss locking rfkill->mutex even when we already took rfkill_mutex. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Henrique de Moraes Holschuh authored
Reorder fields in struct rfkill and add comments to make it clear which fields are protected by rfkill->mutex. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Henrique de Moraes Holschuh authored
rfkill needs to unregister the led trigger AFTER a call to rfkill_remove_switch(), otherwise it will not update the LED state, possibly leaving it ON when it should be OFF. To make led-trigger unregistering safer, guard against unregistering a trigger twice, and also against issuing trigger events to a led trigger that was unregistered. This makes the error unwind paths more resilient. Refer to "rfkill: Register LED triggers before registering switch". Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Cc: Michael Buesch <mb@bu3sch.de> Cc: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Henrique de Moraes Holschuh authored
While the rfkill class does work with just get_state(), it doesn't work well on devices that are subject to external events that cause rfkill state changes. Document that rfkill_force_state() is required in those cases. Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Bob Copeland authored
Helge Deller reports that HP laptops (NC4010 and NC6000) use active- high signals to turn on the LEDs. Previous code used active-low for all devices. Signed-off-by: Bob Copeland <me@bobcopeland.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
- free and re-request irq since it might have changed during suspend - disable and enable msi - don't set D0 state of the device, it's already done by the PCI layer - do restore_state before enable_device, it's safer - check ath5k_init return value Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
Don't sync - coherent mapping (descriptors) - before unmap, it's useless - (wrongly anyway -- for_cpu) beacon skb, it's just mapped, so by the device yet Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
Make sure that the irq is not in progress after stop. This means two things: - ensure the intr setting register is set by flushing posted values - call synchronize_irq() after that Also flush stop tx write, inform callers of the tx stop about still pending transfers (unsuccessful stop) and finally don't wait another 3ms in ath5k_rx_stop, since ath5k_hw_stop_rx_dma ensures transfer to be finished. Make sure all writes will be ordered in respect to locks by mmiowb(). Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
Don't forget to kill tasklets on stop to not panic if they fire after freeing some structures. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Jiri Slaby authored
When signal is noisy, hardware can use all RX buffers and since the last entry in the list is self-linked, it overwrites the entry until we link new buffers. Ensure that we don't free this last one until we are 100% sure that it is not used by the hardware anymore to not cause memory curruption as can be seen below. This is done by checking next buffer in the list. Even after that we know that the hardware refetched the new link and proceeded further (the next buffer is ready) we can finally free the overwritten buffer. We discard it since the status in its descriptor is overwritten (OR-ed by new status) too. ============================================================================= BUG kmalloc-4096: Poison overwritten ----------------------------------------------------------------------------- INFO: 0xffff810067419060-0xffff810067419667. First byte 0x8 instead of 0x6b INFO: Allocated in dev_alloc_skb+0x18/0x30 age=1118 cpu=1 pid=0 INFO: Freed in skb_release_data+0x85/0xd0 age=1105 cpu=1 pid=3718 INFO: Slab 0xffffe200019d0600 objects=7 used=0 fp=0xffff810067419048 flags=0x40000000000020c3 INFO: Object 0xffff810067419048 @offset=4168 fp=0xffff81006741c120 Bytes b4 0xffff810067419038: 4f 0b 02 00 01 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a O.......ZZZZZZZZ Object 0xffff810067419048: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0xffff810067419058: 6b 6b 6b 6b 6b 6b 6b 6b 08 42 30 00 00 0b 6b 80 kkkkkkkk.B0...k. Object 0xffff810067419068: f0 5d 00 4f 62 08 a3 64 00 0c 42 16 52 e4 f0 5a 360].Ob.243d..B.R344360Z Object 0xffff810067419078: 68 81 00 00 7b a5 b4 be 7d 3b 8f 53 cd d5 de 12 h...{245264276};.S315325336. Object 0xffff810067419088: 96 10 0b 89 48 54 23 41 0f 4e 2d b9 37 c3 cb 29 ....HT#A.N-2717303313) Object 0xffff810067419098: d1 e0 de 14 8a 57 2a cc 3b 44 0d 78 7a 19 12 15 321340336..W*314;D.xz... Object 0xffff8100674190a8: a9 ec d4 35 a8 10 ec 8c 40 a7 06 0a 51 a7 48 bb 2513543245250.354.@247..Q247H273 Object 0xffff8100674190b8: 3e cf a1 c7 38 60 63 3f 51 15 c7 20 eb ba 65 30 >ϡ3078`c?Q.307.353272e0 Redzone 0xffff81006741a048: bb bb bb bb bb bb bb bb 273273273273273273273273 Padding 0xffff81006741a088: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Pid: 3297, comm: ath5k_pci Not tainted 2.6.26-rc8-mm1_64 #427 Call Trace: [<ffffffff802a7306>] print_trailer+0xf6/0x150 [<ffffffff802a7485>] check_bytes_and_report+0x125/0x180 [<ffffffff802a75dc>] check_object+0xac/0x260 [<ffffffff802a9308>] __slab_alloc+0x368/0x6d0 [<ffffffff80544f82>] ? wireless_send_event+0x142/0x310 [<ffffffff804b1bd4>] ? __alloc_skb+0x44/0x150 [<ffffffff80544f82>] ? wireless_send_event+0x142/0x310 [<ffffffff802aa853>] __kmalloc_track_caller+0xc3/0xf0 [<ffffffff804b1bfe>] __alloc_skb+0x6e/0x150 [... stack snipped] FIX kmalloc-4096: Restoring 0xffff810067419060-0xffff810067419667=0x6b FIX kmalloc-4096: Marking all objects used Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
I forgot this in the previous patch that made it unused. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 27 Jul, 2008 7 commits
-
-
David S. Miller authored
-
git://git.linux-nfs.org/projects/trondmy/nfs-2.6Linus Torvalds authored
* 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: NFS: Ensure we call nfs_sb_deactive() after releasing the directory inode nfs_remount oops when rebooting + possible fix
-
git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tipLinus Torvalds authored
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip: x86: fix cpu hotplug on 32bit
-
Linus Torvalds authored
* master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] Fix shared mmap when more than two maps of the same file exist [ARM] fix VIPT/VIVT macro optimisations, add comments [ARM] 5179/1: Replace obsolete IRQT_* and __IRQT_* values with IRQ_TYPE_* [ARM] update defconfig for eseries. [ARM] PXA: squash warning in pxafb [ARM] pxa: PXA25x UDC - Fix warning during build [ARM] fix nwflash.c: 6ee8928d [ARM] fix IOP32x, IOP33x, MXC and Samsung builds [ARM] pci: provide dummy pci_get_legacy_ide_irq() [ARM] fix fls() for 64-bit arguments [ARM] fix mode for board-yl-9200.c [ARM] 5176/1: arm/Makefile: fix: ARM946T -> ARM946E
-
Andrea Righi authored
Simplify the code of include/linux/task_io_accounting.h. It is also more reasonable to have all the task i/o-related statistics in a single struct (task_io_accounting). Signed-off-by: Andrea Righi <righi.andrea@gmail.com> Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Trond Myklebust authored
In order to avoid the "Busy inodes after unmount" error message, we need to ensure that nfs_async_unlink_release() releases the super block after the call to nfs_free_unlinkdata(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Marc Zyngier authored
Jeff, Trond, The commit 48b605f8 (NFS: implement option checking when remounting NFS filesystems (resend)) generate an Oops on my platform when rebooting while its root FS on an NFS share (NFSv3, TCP) : Unmounting local filesystems...done. Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c3d00000 [00000000] *pgd=a3d72031, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core CPU: 0 Not tainted (2.6.26-03414-g33af79d1-dirty #15) PC is at nfs_remount+0x40/0x264 LR is at do_remount_sb+0x158/0x194 pc : [<c00bbf54>] lr : [<c0076c40>] psr: 60000013 sp : c2dd1e70 ip : c2dd1e98 fp : c2dd1e94 r10: 00000040 r9 : c3d17000 r8 : c3c3fc40 r7 : 00000000 r6 : 00000000 r5 : c3d2b200 r4 : 00000000 r3 : 00000003 r2 : 00000000 r1 : c2dd1e9c r0 : c3c3fc00 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 0000397f Table: a3d00000 DAC: 00000015 Process mount (pid: 1462, stack limit = 0xc2dd0270) Stack: (0xc2dd1e70 to 0xc2dd2000) 1e60: 00000000 c3c3fc00 00000000 00000000 1e80: c3c3fc40 c3d17000 c2dd1ebc c2dd1e98 c0076c40 c00bbf20 c01c61e4 00000001 1ea0: c2dd1ebc 00000001 c3c3fc00 c2dd1ef0 c2dd1ee4 c2dd1ec0 c008c6d8 c0076af4 1ec0: 00000021 00000040 c2dd1ef0 c3d77000 c3eaa000 00000000 c2dd1f6c c2dd1ee8 1ee0: c008d1bc c008c5f8 00000000 c2dd0000 c3c0c320 c3805b38 c002064c 0001f820 1f00: 0001f810 00000001 00000001 00000000 c2dd0000 00000000 c2dd1f34 c2dd1f28 1f20: c005ead8 c005e6f8 c2dd1f44 c2dd1f38 c005eaf8 c005ead0 c2dd1f6c c2dd1f48 1f40: c008ae3c 00000000 c3d77000 0001f810 c0ed0021 c0020ca8 c2dd0000 00000000 1f60: c2dd1fa4 c2dd1f70 c008d2d4 c008d0bc 00000000 0001f810 c2dd1f9c c3eaa000 1f80: c3d17000 00000000 00000000 be8b6aa8 be8b6ad0 00000015 00000000 c2dd1fa8 1fa0: c0020b00 c008d254 00000000 be8b6aa8 0001f810 0001f820 0001f830 c0ed0021 1fc0: 00000000 be8b6aa8 be8b6ad0 00000015 00000000 be8b6ad0 0001f810 be8b6aa8 1fe0: 0001f810 be8b6964 0000aab8 40125124 60000010 0001f810 00000000 00000000 Backtrace: [<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194) r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00 r4:00000000 [<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118) r6:c2dd1ef0 r5:c3c3fc00 r4:00000001 [<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198) [<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4) [<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c) r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000 Code: 0a000086 ea000006 e3530003 8a000004 (e5923000) ---[ end trace 55e1b689cf8c8a6a ]--- ------------[ cut here ]------------ WARNING: at kernel/exit.c:966 do_exit+0x3c/0x628() Modules linked in: cpufreq_powersave cpufreq_ondemand cpufreq_userspace cpufreq_conservative ext3 jbd sd_mod pata_pcmcia libata scsi_mod pcmcia loop firmware_class pxafb cfbcopyarea cfbimgblt cfbfillrect pxa2xx_cs pxa2xx_core pcmcia_core snd_pxa2xx_ac97 snd_ac97_codec ac97_bus snd_pxa2xx_pcm snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd isp116x_hcd soundcore rtc_sa1100 snd_page_alloc pxa25x_udc usbcore rtc_ds1307 rtc_core [<c0025168>] (dump_stack+0x0/0x14) from [<c0032154>] (warn_on_slowpath+0x4c/0x68) [<c0032108>] (warn_on_slowpath+0x0/0x68) from [<c003531c>] (do_exit+0x3c/0x628) r6:0000000b r5:c3c3dc80 r4:c2dd0000 [<c00352e0>] (do_exit+0x0/0x628) from [<c0025004>] (die+0x2b0/0x30c) [<c0024d54>] (die+0x0/0x30c) from [<c00270bc>] (__do_kernel_fault+0x6c/0x80) [<c0027050>] (__do_kernel_fault+0x0/0x80) from [<c00272e0>] (do_page_fault+0x210/0x230) r7:c3fa7118 r6:c3c3dc80 r5:c3d166a8 r4:00010000 [<c00270d0>] (do_page_fault+0x0/0x230) from [<c00201ec>] (do_DataAbort+0x3c/0xa0) [<c00201b0>] (do_DataAbort+0x0/0xa0) from [<c002064c>] (__dabt_svc+0x4c/0x60) Exception stack(0xc2dd1e28 to 0xc2dd1e70) 1e20: c3c3fc00 c2dd1e9c 00000000 00000003 00000000 c3d2b200 1e40: 00000000 00000000 c3c3fc40 c3d17000 00000040 c2dd1e94 c2dd1e98 c2dd1e70 1e60: c0076c40 c00bbf54 60000013 ffffffff r8:c3c3fc40 r7:00000000 r6:00000000 r5:c2dd1e5c r4:ffffffff [<c00bbf14>] (nfs_remount+0x0/0x264) from [<c0076c40>] (do_remount_sb+0x158/0x194) r9:c3d17000 r8:c3c3fc40 r7:00000000 r6:00000000 r5:c3c3fc00 r4:00000000 [<c0076ae8>] (do_remount_sb+0x0/0x194) from [<c008c6d8>] (do_remount+0xec/0x118) r6:c2dd1ef0 r5:c3c3fc00 r4:00000001 [<c008c5ec>] (do_remount+0x0/0x118) from [<c008d1bc>] (do_mount+0x10c/0x198) [<c008d0b0>] (do_mount+0x0/0x198) from [<c008d2d4>] (sys_mount+0x8c/0xd4) [<c008d248>] (sys_mount+0x0/0xd4) from [<c0020b00>] (ret_fast_syscall+0x0/0x2c) r7:00000015 r6:be8b6ad0 r5:be8b6aa8 r4:00000000 ---[ end trace 55e1b689cf8c8a6a ]--- /etc/rc6.d/S60umountroot: line 17: 1462 Segmentation fault mount $MOUNT_FORCE_OPT -n -o remount,ro -t dummytype dummydev / 2> /dev/null The new super.c:nfs_remount function doesn't check the validity of the options/options4 pointers. Unfortunately, this seems to happend. The obvious patch seems to check the pointers, and not to do anything if the happend to be NULL. Tested on an XScale PXA255 system, latest git. Regards, M. Signed-off-by: Marc Zyngier <marc.zyngier@altran.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-