- 14 Feb, 2013 3 commits
-
-
David Vrabel authored
netbk_count_requests() could detect an error, call netbk_fatal_tx_error() but return 0. The vif may then be used afterwards (e.g., in a call to netbk_tx_error(). Since netbk_fatal_tx_error() could set vif->refcnt to 1, the vif may be freed immediately after the call to netbk_fatal_tx_error() (e.g., if the vif is also removed). Netback thread Xenwatch thread ------------------------------------------- netbk_fatal_tx_err() netback_remove() xenvif_disconnect() ... free_netdev() netbk_tx_err() Oops! Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reported-by: Christopher S. Aker <caker@theshore.net> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://1984.lsi.us.es/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains three Netfilter fixes, they are: * Fix conntrack helper re-assignment after NAT mangling if only if the same helper is attached to the conntrack again, from Florian Westphal. * Don't allow the creation of conntrack entries via ctnetlink if the original and reply tuples are missing, from Florian Westphal. * Fix broken sysctl interface in nf_ct_reasm while adding netns support to it, from Michal Kubecek. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bjørn Mork authored
commit bd329e12 ("net: cdc_ncm: do not bind to NCM compatible MBIM devices") added a test for a CDC MBIM altsetting, implementing the cdc_ncm part of MBIM backward compatibility support. This intentionally made the driver behave differently for CDC NCM devices with 2 alternate settings for the Communication interface, depending on whether or not CONFIG_USB_NET_CDC_MBIM was enabled. This is correct iff alternate setting #1 really *is* a MBIM setting. If not, then NCM probing will use a different altsetting than before, possibly causing probing failures depending on CONFIG_USB_NET_CDC_MBIM. Fix by setting the altsetting back to default after the test, restoring the previous behaviour for non MBIM devices. This bug causes probing of Huawei E3276 devices to fail when the MBIM driver is enabled, because these devices have a second alternate setting with no CDC functional descriptors. Cc: Greg Suarez <gsuarez@smithmicro.com> Cc: Alexey Orishko <alexey.orishko@stericsson.com> Reported-and-tested-by: Jonathan A. <yo.natan@hotmail.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 13 Feb, 2013 12 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: "This is primarily to get those r8169 reverts sorted, but other fixes have accumulated meanwhile. 1) Revert two r8169 changes to fix suspend/resume for some users, from Francois Romieu. 2) PCI dma mapping errors in atl1c are not checked for and this cause hard crashes for some users, from Xiong Huang. 3) In 3.8.x we merged the removal of the EXPERIMENTAL dependency for 'dlm' but the same patch for 'sctp' got lost somewhere, resulting in the potential for build errors since there are cross dependencies. From Kees Cook. 4) SCTP's ipv6 socket route validation makes boolean tests incorrectly, fix from Daniel Borkmann. 5) mac80211 does sizeof(ptr) instead of (sizeof(ptr) * nelem), from Cong Ding. 6) arp_rcv() can crash on shared non-linear packets, from Eric Dumazet. 7) Avoid crashes in macvtap by setting ->gso_type consistently in ixgbe, qlcnic, and bnx2x drivers. From Michael S Tsirkin and Alexander Duyck. 8) Trinity fuzzer spots infinite loop in __skb_recv_datagram(), fix from Eric Dumazet. 9) STP protocol frames should use high packet priority, otherwise an overloaded bridge can get stuck. From Stephen Hemminger. 10) The HTB packet scheduler was converted some time ago to store internal timestamps in nanoseconds, but we don't convert back into psched ticks for the user during dumps. Fix from Jiri Pirko. 11) mwl8k channel table doesn't set the .band field properly, resulting in NULL pointer derefs. Fix from Jonas Gorski. 12) mac80211 doesn't accumulate channels properly during a scan so we can downgrade heavily to a much less desirable connection speed. Fix from Johannes Berg. 13) PHY probe failure in stmmac can result in resource leaks and double MDIO registery later, from Giuseppe CAVALLARO. 14) Correct ipv6 checksumming in ip6t_NPT netfilter module, also fix address prefix mangling, from YOSHIFUJI Hideaki." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits) net, sctp: remove CONFIG_EXPERIMENTAL net: sctp: sctp_v6_get_dst: fix boolean test in dst cache batman-adv: Fix NULL pointer dereference in DAT hash collision avoidance net/macb: fix race with RX interrupt while doing NAPI atl1c: add error checking for pci_map_single functions htb: fix values in opt dump ixgbe: Only set gso_type to SKB_GSO_TCPV4 as RSC does not support IPv6 net: fix infinite loop in __skb_recv_datagram() net: qmi_wwan: add Yota / Megafon M100-1 4g modem mwl8k: fix band for supported channels bridge: set priority of STP packets mac80211: fix channel selection bug arp: fix possible crash in arp_rcv() bnx2x: set gso_type qlcnic: set gso_type ixgbe: fix gso type stmmac: mdio register has to fail if the phy is not found stmmac: fix macro used for debugging the xmit Revert "r8169: enable internal ASPM and clock request settings". Revert "r8169: enable ALDPS for power saving". ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Peter Anvin: "One (hopefully) last batch of x86 fixes. You asked for the patch by patch justifications, so here they are: x86, MCE: Retract most UAPI exports This one unexports from userspace a bunch of definitions which should never have been exported. We really don't want to create an accidental legacy here. x86, doc: Add a bootloader ID for OVMF This is a documentation-only patch, just recording the official assignment of a boot loader ID. x86: Do not leak kernel page mapping locations Security: avoid making it needlessly easy for user space to probe the kernel memory layout. x86/mm: Check if PUD is large when validating a kernel address Prevent failures using /proc/kcore when using 1G pages. x86/apic: Work around boot failure on HP ProLiant DL980 G7 Server systems Works around a BIOS problem causing boot failures on affected hardware." * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Check if PUD is large when validating a kernel address x86/apic: Work around boot failure on HP ProLiant DL980 G7 Server systems x86, doc: Add a bootloader ID for OVMF x86: Do not leak kernel page mapping locations x86, MCE: Retract most UAPI exports
-
Michal Kubeček authored
Adjusting of data pointers in net/netfilter/nf_conntrack_frag6_* sysctl table for other namespaces points to wrong netns_frags structure and has reversed order of entries. Problem introduced by commit c038a767 in 3.7-rc1 Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Kees Cook authored
This config item has not carried much meaning for a while now and is almost always enabled by default. As agreed during the Linux kernel summit, remove it. Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Steven Whitehouse <swhiteho@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Rientjes <rientjes@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Daniel Borkmann authored
We walk through the bind address list and try to get the best source address for a given destination. However, currently, we take the 'continue' path of the loop when an entry is invalid (!laddr->valid) *and* the entry state does not equal SCTP_ADDR_SRC (laddr->state != SCTP_ADDR_SRC). Thus, still, invalid entries with SCTP_ADDR_SRC might not 'continue' as well as valid entries with SCTP_ADDR_{NEW, SRC, DEL}, with a possible false baddr and matchlen as a result, causing in worst case dst route to be false or possibly NULL. This test should actually be a '||' instead of '&&'. But lets fix it and make this a bit easier to read by having the condition the same way as similarly done in sctp_v4_get_dst. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pau Koning authored
An entry in DAT with the hashed position of 0 can cause a NULL pointer dereference when the first entry is checked by batadv_choose_next_candidate. This first candidate automatically has the max value of 0 and the max_orig_node of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible will lead to a NULL pointer dereference when checking for the lowest address. This problem was added in 785ea114 ("batman-adv: Distributed ARP Table - create DHT helper functions"). Signed-off-by: Pau Koning <paukoning@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nicolas Ferre authored
When interrupts are disabled, an RX condition can occur but it is not reported when enabling interrupts again. We need to check RSR and use napi_reschedule() if condition is met. Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Huang, Xiong authored
it is reported that code hit DMA-API errors on 3.8-rc6+, (see https://bugzilla.redhat.com/show_bug.cgi?id=908436, and https://bugzilla.redhat.com/show_bug.cgi?id=908550) this patch just adds error handler for pci_map_single and skb_frag_dma_map. Signed-off-by: xiong <xiong@qca.qualcomm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mel Gorman authored
A user reported the following oops when a backup process reads /proc/kcore: BUG: unable to handle kernel paging request at ffffbb00ff33b000 IP: [<ffffffff8103157e>] kern_addr_valid+0xbe/0x110 [...] Call Trace: [<ffffffff811b8aaa>] read_kcore+0x17a/0x370 [<ffffffff811ad847>] proc_reg_read+0x77/0xc0 [<ffffffff81151687>] vfs_read+0xc7/0x130 [<ffffffff811517f3>] sys_read+0x53/0xa0 [<ffffffff81449692>] system_call_fastpath+0x16/0x1b Investigation determined that the bug triggered when reading system RAM at the 4G mark. On this system, that was the first address using 1G pages for the virt->phys direct mapping so the PUD is pointing to a physical address, not a PMD page. The problem is that the page table walker in kern_addr_valid() is not checking pud_large() and treats the physical address as if it was a PMD. If it happens to look like pmd_none then it'll silently fail, probably returning zeros instead of real data. If the data happens to look like a present PMD though, it will be walked resulting in the oops above. This patch adds the necessary pud_large() check. Unfortunately the problem was not readily reproducible and now they are running the backup program without accessing /proc/kcore so the patch has not been validated but I think it makes sense. Signed-off-by: Mel Gorman <mgorman@suse.de> Reviewed-by: Rik van Riel <riel@redhat.coM> Reviewed-by: Michal Hocko <mhocko@suse.cz> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: stable@vger.kernel.org Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/20130211145236.GX21389@suse.deSigned-off-by: Ingo Molnar <mingo@kernel.org>
-
Linus Torvalds authored
Merge branch 'autofs-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux into akpm Pull hp parisc automounter fix from Helge Deller: "This unbreaks automounter support for the parisc architecture (and probably aarch64 as well)."" * 'autofs-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: unbreak automounter support on 64-bit kernel with 32-bit userspace (v2)
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 regression fix from Martin Schwidefsky: "The recent fix for the s390 sched_clock() function uncovered yet another bug in s390_next_ktime which causes an endless loop in KVM. This regression should be fixed before v3.8. I keep the fingers crossed that this is the last one for v3.8." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/timer: avoid overflow when programming clock comparator
-
git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommuLinus Torvalds authored
Pull m68knommu fix from Greg Ungerer: "This contains a single critical fix for the non-MMU m68k platforms. The change of the kernel exec code path has revealed a problem in the start thread code that causes crashing on boot. This is the fix for it." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68knommu: fix trap on execing /bin/init
-
- 12 Feb, 2013 17 commits
-
-
Jiri Pirko authored
in htb_change_class() cl->buffer and cl->buffer are stored in ns. So in dump, convert them back to psched ticks. Note this was introduced by: commit 56b765b7 htb: improved accuracy at high rates Please consider this for -net/-stable. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile into akpm Pull tile bugfixes from Chris Metcalf: "This includes a variety of minor bug fixes, mostly to do with testing "make allyesconfig", "make allmodconfig", "make allnoconfig", inspired to Tejun Heo's observation about Kconfig.freezer not being included. The largest changes are just syntax changes removing the tile-specific use of a macro named INT_MASK, which is way too commonly redefined throughout driver code" * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: tag some code with #ifdef CONFIG_COMPAT tile: fix memcpy_*io functions for allnoconfig tile: export a handful of symbols appropriately drm: fix compile failure by including <linux/swiotlb.h> tile: avoid defining INT_MASK macro in <arch/interrupts.h> tile: provide "screen_info" when enabling VT drivers/input/joystick/analog.c: enable precise timer tile: include kernel/Kconfig.freezer in tile Kconfig tile: remove an unused variable in copy_thread()
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "We had a number of fixes queued up, but taking a strict pass-through and weeding out any that either have been broken for a while, or are for platforms that need out-of-tree code to be useful anyway, or other fixes for problems that few users are likely to see in real life, only this short branch of patches remains. The three patches here are to make SMP boot work on the Calxeda platforms again. Some of the rework for cpuids on 3.8 broke it (and it was discovered late, unfortunately)." * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: highbank: mask cluster id from cpu_logical_map ARM: scu: mask cluster id from cpu_logical_map ARM: scu: add empty scu_enable for !CONFIG_SMP
-
Marek Szyprowski authored
The total number of low memory pages is determined as totalram_pages - totalhigh_pages, so without this patch all CMA pageblocks placed in highmem were accounted to low memory. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Acked-by: Kyungmin Park <kyungmin.park@samsung.com> Cc: Minchan Kim <minchan.kim@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Eric W. Biederman authored
We're forgetting to reenable local interrupts on an error path. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Reported-by: Josh Boyer <jwboyer@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Glauber Costa authored
The designed workflow for the caches in kmemcg is: register it with memcg_register_cache() if kmemcg is already available or later on when a new kmemcg appears at memcg_update_cache_sizes() which will handle all caches in the system. The caches created at boot time will be handled by the later, and the memcg-caches as well as any system caches that are registered later on by the former. There is a bug, however, in memcg_register_cache: we correctly set up the array size, but do not mark the cache as a root cache. This means that allocations for any cache appearing late in the game will see memcg->memcg_params->is_root_cache == false, and in particular, trigger VM_BUG_ON(!cachep->memcg_params->is_root_cache) in __memcg_kmem_cache_get. The obvious fix is to include the missing assignment. Signed-off-by: Glauber Costa <glommer@parallels.com> Cc: Michal Hocko <mhocko@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Gerald Schaefer authored
With commit 8e72033f ("thp: make MADV_HUGEPAGE check for mm->def_flags") the VM_NOHUGEPAGE flag may be set on s390 in mm->def_flags for certain processes, to prevent future thp mappings. This would be overwritten by do_mlockall(), which sets it back to 0 with an optional VM_LOCKED flag set. To fix this, instead of overwriting mm->def_flags in do_mlockall(), only the VM_LOCKED flag should be set or cleared. Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Reported-by: Vivek Goyal <vgoyal@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Walleij authored
Commit e7e034e1 ("drivers/rtc/rtc-pl031.c: fix the missing operation on enable") accidentally broke the ST variants of PL031. The bit that is being poked as "clockwatch" enable bit for the ST variants does the work of bit 0 on this variant. Bit 0 is used for a clock divider on the ST variants, and setting it to 1 will affect timekeeping in a very bad way. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Acked-by: Haojian Zhuang <haojian.zhuang@gmail.com> Cc: Mian Yousaf KAUKAB <mian.yousaf.kaukab@stericsson.com> Cc: Srinidhi Kasagar <srinidhi.kasagar@stericsson.com> Cc: Alessandro Zummo <a.zummo@towertech.it> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Florian Westphal authored
commit (32f53760 netfilter: nf_ct_helper: disable automatic helper re-assignment of different type) broke transparent proxy scenarios. For example, initial helper lookup might yield "ftp" (dport 21), while re-lookup after REDIRECT yields "ftp-2121". This causes the autoassign code to toss the ftp helper, even though these are just different instances of the same helper. Change the test to check for the helper function address instead of the helper address, as suggested by Pablo. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
-
Florian Westphal authored
Userspace can cause kernel panic by not specifying orig/reply tuple: kernel will create a tuple with random stack values. Problem is that tuple.dst.dir will be random, too, which causes nf_ct_tuplehash_to_ctrack() to return garbage. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirelessDavid S. Miller authored
John W. Linville says: ==================== Here is another handful of late-breaking fixes intended for the 3.8 stream... Hopefully the will still make it! :-) There are three mac80211 fixes pulled from Johannes: "Here are three fixes still for the 3.8 stream, the fix from Cong Ding for the bad sizeof (Stephen Hemminger had pointed it out before but I'd promptly forgotten), a mac80211 managed-mode channel context usage fix where a downgrade would never stop until reaching non-HT and a bug in the channel determination that could cause invalid channels like HT40+ on channel 11 to be used." Also included is a mwl8k fix that avoids an oops when using mwl8k devices that only support the 5 GHz band. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexander Duyck authored
The original fix that was applied for setting gso_type required more change than necessary because it was assumed ixgbe does RSC on IPv6 frames and this is not correct. RSC is only supported with IPv4/TCP frames only. As such we can simplify the fix and avoid the unnecessary move of eth_type_trans. The previous patch "ixgbe: fix gso type" and this patch reduce the entire fix to one line that sets gso_type to TCPV4 if the frame is RSC. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Tommi was fuzzing with trinity and reported the following problem : commit 3f518bf7 (datagram: Add offset argument to __skb_recv_datagram) missed that a raw socket receive queue can contain skbs with no payload. We can loop in __skb_recv_datagram() with MSG_PEEK mode, because wait_for_packet() is not prepared to skip these skbs. [ 83.541011] INFO: rcu_sched detected stalls on CPUs/tasks: {} (detected by 0, t=26002 jiffies, g=27673, c=27672, q=75) [ 83.541011] INFO: Stall ended before state dump start [ 108.067010] BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child31:2847] ... [ 108.067010] Call Trace: [ 108.067010] [<ffffffff818cc103>] __skb_recv_datagram+0x1a3/0x3b0 [ 108.067010] [<ffffffff818cc33d>] skb_recv_datagram+0x2d/0x30 [ 108.067010] [<ffffffff819ed43d>] rawv6_recvmsg+0xad/0x240 [ 108.067010] [<ffffffff818c4b04>] sock_common_recvmsg+0x34/0x50 [ 108.067010] [<ffffffff818bc8ec>] sock_recvmsg+0xbc/0xf0 [ 108.067010] [<ffffffff818bf31e>] sys_recvfrom+0xde/0x150 [ 108.067010] [<ffffffff81ca4329>] system_call_fastpath+0x16/0x1b Reported-by: Tommi Rantala <tt.rantala@gmail.com> Tested-by: Tommi Rantala <tt.rantala@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Pavel Emelyanov <xemul@parallels.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bjørn Mork authored
Interface layout: 00 CD-ROM 01 debug COM port 02 AP control port 03 modem 04 usb-ethernet Bus=01 Lev=02 Prnt=02 Port=01 Cnt=02 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=0408 ProdID=ea42 Rev= 0.00 S: Manufacturer=Qualcomm, Incorporated S: Product=Qualcomm CDMA Technologies MSM S: SerialNumber=353568051xxxxxx C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Three nouveau fixes, all user visible issues, and one radeon regression fix" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: enforce use of radeon_get_ib_value when reading user cmd drm/nouveau: add lockdep annotations drm/nv50/fb: Fix nullptr-deref on IGPs drm/nouveau: use different register to wait for secret scrubber
-
John W. Linville authored
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
-
Jerome Glisse authored
When ever parsing cmd buffer supplied by userspace we need to use radeon_get_ib_value rather than directly accessing the ib as the user cmd might not yet be copied into the ib thus the parser might read value that does not correspond to what user is sending and possibly allowing user to send malicious command undected. Signed-off-by: Jerome Glisse <jglisse@redhat.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
-
- 11 Feb, 2013 8 commits
-
-
Jonas Gorski authored
The band field for the supported channels were left unpopulated, making them default to 0 == IEEE80211_BAND_2GHZ, even for the 5GHz channels. This resulted in null pointer accesses if anything tries to access wiphy->bands[channel->band] of a 5GHz channel on 5GHz only cards, since wiphy->bands[2GHZ] is NULL for them (e.g. cfg80211_chandef_usable does). Example kernel OOPS: [ 665.669993] Unable to handle kernel NULL pointer dereference at virtual address 00000016 [ 665.678194] pgd = c6d58000 [ 665.680941] [00000016] *pgd=06f8a831, *pte=00000000, *ppte=00000000 [ 665.687303] Internal error: Oops: 17 [#1] (...) [ 666.116373] Backtrace: [ 666.118866] [<bf0368dc>] (cfg80211_chandef_usable+0x0/0x1bc [cfg80211]) from [<bf025e64>] (nl80211_leave_mesh+0x244/0x264 [cfg80211]) [ 666.130919] r7:c6d12100 r6:0000143c r5:c0611c48 r4:c0611b98 [ 666.136668] [<bf025d84>] (nl80211_leave_mesh+0x164/0x264 [cfg80211]) from [<bf02634c>] (nl80211_remain_on_channel+0x2a0/0x358 [cfg80211]) [ 666.149074] r7:c6d12000 r6:c6d12000 r5:c6f4f368 r4:00000003 [ 666.154814] [<bf0262ec>] (nl80211_remain_on_channel+0x240/0x358 [cfg80211]) from [<bf02ddb0>] (nl80211_set_wiphy+0x264/0x560 [cfg80211]) [ 666.167150] [<bf02db4c>] (nl80211_set_wiphy+0x0/0x560 [cfg80211]) from [<c01f94e0>] (genl_rcv_msg+0x1b8/0x1f8) [ 666.177205] [<c01f9328>] (genl_rcv_msg+0x0/0x1f8) from [<c01f89a0>] (netlink_rcv_skb+0x58/0xb4) [ 666.185949] [<c01f8948>] (netlink_rcv_skb+0x0/0xb4) from [<c01f931c>] (genl_rcv+0x20/0x2c) [ 666.194251] r6:c6f70780 r5:0000002c r4:c6f70780 r3:00000001 [ 666.199973] [<c01f92fc>] (genl_rcv+0x0/0x2c) from [<c01f8418>] (netlink_unicast+0x154/0x1f4) [ 666.208449] r4:c785ea00 r3:c01f92fc [ 666.212057] [<c01f82c4>] (netlink_unicast+0x0/0x1f4) from [<c01f8790>] (netlink_sendmsg+0x230/0x2b0) [ 666.221240] [<c01f8560>] (netlink_sendmsg+0x0/0x2b0) from [<c01cccf8>] (sock_sendmsg+0x90/0xa4) [ 666.229986] [<c01ccc68>] (sock_sendmsg+0x0/0xa4) from [<c01cdcb0>] (__sys_sendmsg+0x290/0x298) [ 666.238637] r9:00000000 r8:c0611ec8 r6:0000002c r5:c0610000 r4:c0611f64 [ 666.245411] [<c01cda20>] (__sys_sendmsg+0x0/0x298) from [<c01cf52c>] (sys_sendmsg+0x44/0x6c) [ 666.253897] [<c01cf4e8>] (sys_sendmsg+0x0/0x6c) from [<c00090a0>] (ret_fast_syscall+0x0/0x2c) [ 666.262460] r6:00000000 r5:beeff96c r4:00000005 Signed-off-by: Jonas Gorski <jogo@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
-
Stephen Hemminger authored
Spanning Tree Protocol packets should have always been marked as control packets, this causes them to get queued in the high prirority FIFO. As Radia Perlman mentioned in her LCA talk, STP dies if bridge gets overloaded and can't communicate. This is a long-standing bug back to the first versions of Linux bridge. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stoney Wang authored
When a HP ProLiant DL980 G7 Server boots a regular kernel, there will be intermittent lost interrupts which could result in a hang or (in extreme cases) data loss. The reason is that this system only supports x2apic physical mode, while the kernel boots with a logical-cluster default setting. This bug can be worked around by specifying the "x2apic_phys" or "nox2apic" boot option, but we want to handle this system without requiring manual workarounds. The BIOS sets ACPI_FADT_APIC_PHYSICAL in FADT table. As all apicids are smaller than 255, BIOS need to pass the control to the OS with xapic mode, according to x2apic-spec, chapter 2.9. Current code handle x2apic when BIOS pass with xapic mode enabled: When user specifies x2apic_phys, or FADT indicates PHYSICAL: 1. During madt oem check, apic driver is set with xapic logical or xapic phys driver at first. 2. enable_IR_x2apic() will enable x2apic_mode. 3. if user specifies x2apic_phys on the boot line, x2apic_phys_probe() will install the correct x2apic phys driver and use x2apic phys mode. Otherwise it will skip the driver will let x2apic_cluster_probe to take over to install x2apic cluster driver (wrong one) even though FADT indicates PHYSICAL, because x2apic_phys_probe does not check FADT PHYSICAL. Add checking x2apic_fadt_phys in x2apic_phys_probe() to fix the problem. Signed-off-by: Stoney Wang <song-bo.wang@hp.com> [ updated the changelog and simplified the code ] Signed-off-by: Yinghai Lu <yinghai@kernel.org> Cc: stable@kernel.org Link: http://lkml.kernel.org/r/1360263182-16226-1-git-send-email-yinghai@kernel.orgSigned-off-by: Ingo Molnar <mingo@kernel.org>
-
Johannes Berg authored
When trying to connect to an AP that advertises HT but not VHT, the mac80211 code erroneously uses the configuration from the AP as is instead of checking it against regulatory and local capabilities. This can lead to using an invalid or even inexistent channel (like 11/HT40+). Additionally, the return flags from downgrading must be ORed together, to collect them from all of the downgrades. Also clarify the message. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
git://1984.lsi.us.es/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter/IPVS fixes for 3.8-rc7, they are: * Fix oops in IPVS state-sync due to releasing a random memory area due to unitialized pointer, from Dan Carpenter. * Fix SCTP flow establishment due to bad checksumming mangling in IPVS, from Daniel Borkmann. * Three fixes for the recently added IPv6 NPT, all from YOSHIFUJI Hideaki, with an amendment collapsed into those patches from Ulrich Weber. They fiix adjustment calculation, fix prefix mangling and ensure LSB of prefixes are zeroes (as required by RFC). Specifically, it took me a while to validate the 1's complement arithmetics/ checksumming approach in the IPv6 NPT code. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
We should call skb_share_check() before pskb_may_pull(), or we can crash in pskb_expand_head() Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Michael S. Tsirkin says: ==================== At the moment, macvtap crashes are observed if macvtap is attached to an interface with LRO enabled. The crash in question is BUG() in macvtap_skb_to_vnet_hdr. This happens because several drivers set gso_size but not gso_type in incoming skbs. This didn't use to be the case: with intel cards on 3.2 and older kernels, with qlogic - on 3.4 and older kernels, so it's a regression if not a recent one. The following patches fix this for qlogic, broadcom and intel drivers. I tested that the patch fixes the crash for ixgbe but don't have qlogic/broadcom hardware to test. I also only tested TCPv4. Please review, and consider for 3.8. Changes from v1: - added missing htons as suggested by Eric - backported the relevant bits from cbf1de72 for bnx2x ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-