- 11 Jun, 2015 6 commits
-
-
Govindarajulu Varadarajan authored
When incoming packet qualifies for rx_copybreak, we copy the data to newly allocated skb. We do not free/unmap the original buffer. At this point driver assumes this buffer is unallocated. When enic_rq_alloc_buf() is called for buffer allocation, it checks if buf->os_buf is NULL. If its not NULL that means buffer can be re-used. When vnic_rq_clean() is called for freeing all rq buffers, and if the rx_copybreak reused buffer falls outside the used desc, we do not free the buffer. The following trace is observer when dma-debug is enabled. Fix is to walk through complete ring and clean if buffer is present. [ 40.555386] ------------[ cut here ]------------ [ 40.555396] WARNING: CPU: 0 PID: 491 at lib/dma-debug.c:971 dma_debug_device_change+0x188/0x1f0() [ 40.555400] pci 0000:06:00.0: DMA-API: device driver has pending DMA allocations while released from device [count=4] One of leaked entries details: [device address=0x00000000ff4cc040] [size=9018 bytes] [mapped with DMA_FROM_DEVICE] [mapped as single] [ 40.555402] Modules linked in: nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw joydev mousedev gf128mul hid_generic glue_helper mgag200 usbhid ttm hid drm_kms_helper drm ablk_helper syscopyarea sysfillrect sysimgblt i2c_algo_bit i2c_core iTCO_wdt cryptd mac_hid evdev pcspkr sb_edac edac_core tpm_tis iTCO_vendor_support ipmi_si wmi tpm ipmi_msghandler shpchp lpc_ich processor acpi_power_meter hwmon button ac sch_fq_codel nfs lockd grace sunrpc fscache sd_mod ehci_pci ehci_hcd megaraid_sas usbcore scsi_mod usb_common enic(-) crc32c_generic crc32c_intel btrfs xor raid6_pq ext4 crc16 mbcache jbd2 [ 40.555467] CPU: 0 PID: 491 Comm: rmmod Not tainted 4.1.0-rc7-ARCH-01305-gf59b71f #118 [ 40.555469] Hardware name: Cisco Systems Inc UCSB-B200-M4/UCSB-B200-M4, BIOS B200M4.2.2.2.23.061220140128 06/12/2014 [ 40.555471] 0000000000000000 00000000e2f8a5b7 ffff880275f8bc48 ffffffff8158d6f0 [ 40.555474] 0000000000000000 ffff880275f8bca0 ffff880275f8bc88 ffffffff8107b04a [ 40.555477] ffff8802734e0000 0000000000000004 ffff8804763fb3c0 ffff88027600b650 [ 40.555480] Call Trace: [ 40.555488] [<ffffffff8158d6f0>] dump_stack+0x4f/0x7b [ 40.555492] [<ffffffff8107b04a>] warn_slowpath_common+0x8a/0xc0 [ 40.555494] [<ffffffff8107b0d5>] warn_slowpath_fmt+0x55/0x70 [ 40.555498] [<ffffffff812fa408>] dma_debug_device_change+0x188/0x1f0 [ 40.555503] [<ffffffff8109aaef>] notifier_call_chain+0x4f/0x80 [ 40.555506] [<ffffffff8109aecb>] __blocking_notifier_call_chain+0x4b/0x70 [ 40.555510] [<ffffffff8109af06>] blocking_notifier_call_chain+0x16/0x20 [ 40.555514] [<ffffffff813f8066>] __device_release_driver+0xf6/0x120 [ 40.555518] [<ffffffff813f8b08>] driver_detach+0xc8/0xd0 [ 40.555523] [<ffffffff813f7c59>] bus_remove_driver+0x59/0xe0 [ 40.555527] [<ffffffff813f93a0>] driver_unregister+0x30/0x70 [ 40.555534] [<ffffffff8131532d>] pci_unregister_driver+0x2d/0xa0 [ 40.555542] [<ffffffffa0200ec2>] enic_cleanup_module+0x10/0x14e [enic] [ 40.555547] [<ffffffff8110158f>] SyS_delete_module+0x1cf/0x280 [ 40.555551] [<ffffffff811e284e>] ? ____fput+0xe/0x10 [ 40.555554] [<ffffffff810980ec>] ? task_work_run+0xbc/0xf0 [ 40.555558] [<ffffffff815930ee>] system_call_fastpath+0x12/0x71 [ 40.555561] ---[ end trace 4988cadc77c2b236 ]--- [ 40.555562] Mapped at: [ 40.555563] [<ffffffff812fa865>] debug_dma_map_page+0x95/0x150 [ 40.555566] [<ffffffffa01f4a88>] enic_rq_alloc_buf+0x1b8/0x360 [enic] [ 40.555570] [<ffffffffa01f7658>] enic_open+0xf8/0x820 [enic] [ 40.555574] [<ffffffff8148d50e>] __dev_open+0xce/0x150 [ 40.555579] [<ffffffff8148d851>] __dev_change_flags+0xa1/0x170 Signed-off-by: Govindarajulu Varadarajan <_govind@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Govindarajulu Varadarajan authored
We do not check the return value of enic_dev_stats_dump(). If allocation fails, we will hit NULL pointer reference. Return only if memory allocation fails. For other failures, we return the previously recorded values. Signed-off-by: Govindarajulu Varadarajan <_govind@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Govindarajulu Varadarajan authored
There is a small window between vnic_intr_unmask() and enic_poll_unlock_napi(). In this window if an irq occurs and napi is scheduled on different cpu, it tries to acquire enic_poll_lock_napi() and hits the following WARN_ON message. Fix is to unlock napi_poll before unmasking the interrupt. [ 781.121746] ------------[ cut here ]------------ [ 781.121789] WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/cisco/enic/vnic_rq.h:228 enic_poll_msix_rq+0x36a/0x3c0 [enic]() [ 781.121834] Modules linked in: nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel mgag200 ttm drm_kms_helper joydev aes_x86_64 lrw drm gf128mul mousedev glue_helper sb_edac ablk_helper iTCO_wdt iTCO_vendor_support evdev ipmi_si syscopyarea sysfillrect sysimgblt i2c_algo_bit i2c_core edac_core lpc_ich mac_hid cryptd pcspkr ipmi_msghandler shpchp tpm_tis acpi_power_meter tpm wmi processor hwmon button ac sch_fq_codel nfs lockd grace sunrpc fscache hid_generic usbhid hid ehci_pci ehci_hcd sd_mod megaraid_sas usbcore scsi_mod usb_common enic crc32c_generic crc32c_intel btrfs xor raid6_pq ext4 crc16 mbcache jbd2 [ 781.122176] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.1.0-rc6-ARCH-00040-gc46a024e-dirty #106 [ 781.122210] Hardware name: Cisco Systems Inc UCSB-B200-M4/UCSB-B200-M4, BIOS B200M4.2.2.2.23.061220140128 06/12/2014 [ 781.122252] 0000000000000000 bddbbc9d655ec96e ffff880277e43da8 ffffffff81583fe8 [ 781.122286] 0000000000000000 0000000000000000 ffff880277e43de8 ffffffff8107acfa [ 781.122319] ffff880272c01000 ffff880273f18000 ffff880273f1a100 0000000000000000 [ 781.122352] Call Trace: [ 781.122364] <IRQ> [<ffffffff81583fe8>] dump_stack+0x4f/0x7b [ 781.122399] [<ffffffff8107acfa>] warn_slowpath_common+0x8a/0xc0 [ 781.122425] [<ffffffff8107ae2a>] warn_slowpath_null+0x1a/0x20 [ 781.122455] [<ffffffffa01fa9ca>] enic_poll_msix_rq+0x36a/0x3c0 [enic] [ 781.122487] [<ffffffff8148525a>] net_rx_action+0x22a/0x370 [ 781.122512] [<ffffffff8107ed3d>] __do_softirq+0xed/0x2d0 [ 781.122537] [<ffffffff8107f06e>] irq_exit+0x7e/0xa0 [ 781.122560] [<ffffffff8158c424>] do_IRQ+0x64/0x100 [ 781.122582] [<ffffffff8158a42e>] common_interrupt+0x6e/0x6e [ 781.122605] <EOI> [<ffffffff810bd331>] ? cpu_startup_entry+0x121/0x480 [ 781.122638] [<ffffffff810bd2fc>] ? cpu_startup_entry+0xec/0x480 [ 781.122667] [<ffffffff810f2ed3>] ? clockevents_register_device+0x113/0x1f0 [ 781.122698] [<ffffffff81050ab6>] start_secondary+0x196/0x1e0 [ 781.122723] ---[ end trace cec2e9dd3af7b9db ]--- Signed-off-by: Govindarajulu Varadarajan <_govind@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mel Gorman authored
Jeff Layton reported the following; [ 74.232485] ------------[ cut here ]------------ [ 74.233354] WARNING: CPU: 2 PID: 754 at net/core/sock.c:364 sk_clear_memalloc+0x51/0x80() [ 74.234790] Modules linked in: cts rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache xfs libcrc32c snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device nfsd snd_pcm snd_timer snd e1000 ppdev parport_pc joydev parport pvpanic soundcore floppy serio_raw i2c_piix4 pcspkr nfs_acl lockd virtio_balloon acpi_cpufreq auth_rpcgss grace sunrpc qxl drm_kms_helper ttm drm virtio_console virtio_blk virtio_pci ata_generic virtio_ring pata_acpi virtio [ 74.243599] CPU: 2 PID: 754 Comm: swapoff Not tainted 4.1.0-rc6+ #5 [ 74.244635] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 74.245546] 0000000000000000 0000000079e69e31 ffff8800d066bde8 ffffffff8179263d [ 74.246786] 0000000000000000 0000000000000000 ffff8800d066be28 ffffffff8109e6fa [ 74.248175] 0000000000000000 ffff880118d48000 ffff8800d58f5c08 ffff880036e380a8 [ 74.249483] Call Trace: [ 74.249872] [<ffffffff8179263d>] dump_stack+0x45/0x57 [ 74.250703] [<ffffffff8109e6fa>] warn_slowpath_common+0x8a/0xc0 [ 74.251655] [<ffffffff8109e82a>] warn_slowpath_null+0x1a/0x20 [ 74.252585] [<ffffffff81661241>] sk_clear_memalloc+0x51/0x80 [ 74.253519] [<ffffffffa0116c72>] xs_disable_swap+0x42/0x80 [sunrpc] [ 74.254537] [<ffffffffa01109de>] rpc_clnt_swap_deactivate+0x7e/0xc0 [sunrpc] [ 74.255610] [<ffffffffa03e4fd7>] nfs_swap_deactivate+0x27/0x30 [nfs] [ 74.256582] [<ffffffff811e99d4>] destroy_swap_extents+0x74/0x80 [ 74.257496] [<ffffffff811ecb52>] SyS_swapoff+0x222/0x5c0 [ 74.258318] [<ffffffff81023f27>] ? syscall_trace_leave+0xc7/0x140 [ 74.259253] [<ffffffff81798dae>] system_call_fastpath+0x12/0x71 [ 74.260158] ---[ end trace 2530722966429f10 ]--- The warning in question was unnecessary but with Jeff's series the rules are also clearer. This patch removes the warning and updates the comment to explain why sk_mem_reclaim() may still be called. [jlayton: remove if (sk->sk_forward_alloc) conditional. As Leon points out that it's not needed.] Cc: Leon Romanovsky <leon@leon.nu> Signed-off-by: Mel Gorman <mgorman@suse.de> Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nikolay Aleksandrov authored
Since the addition of sysfs multicast router support if one set multicast_router to "2" more than once, then the port would be added to the hlist every time and could end up linking to itself and thus causing an endless loop for rlist walkers. So to reproduce just do: echo 2 > multicast_router; echo 2 > multicast_router; in a bridge port and let some igmp traffic flow, for me it hangs up in br_multicast_flood(). Fix this by adding a check in br_multicast_add_router() if the port is already linked. The reason this didn't happen before the addition of multicast_router sysfs entries is because there's a !hlist_unhashed check that prevents it. Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org> Fixes: 0909e117 ("bridge: Add multicast_router sysfs entries") Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Erik Hugne authored
If the TIPC connection timer expires in a probing state, a self abort message is supposed to be generated and delivered to the local socket. This is currently broken, and the abort message is actually sent out to the peer node with invalid addressing information. This will cause the link to enter a constant retransmission state and eventually reset. We fix this by removing the self-abort message creation and tear down connection immediately instead. Signed-off-by: Erik Hugne <erik.hugne@ericsson.com> Reviewed-by: Ying Xue <ying.xue@windriver.com> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 10 Jun, 2015 1 commit
-
-
David S. Miller authored
This reverts commit 0243508e. It introduces new regressions. Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 09 Jun, 2015 2 commits
-
-
Johannes Berg authored
Until recently, mac80211 overwrote all the statistics it could provide when getting called, but it now relies on the struct having been zeroed by the caller. This was always the case in nl80211, but wext used a static struct which could even cause values from one device leak to another. Using a static struct is OK (as even documented in a comment) since the whole usage of this function and its return value is always locked under RTNL. Not clearing the struct for calling the driver has always been wrong though, since drivers were free to only fill values they could report, so calling this for one device and then for another would always have leaked values from one to the other. Fix this by initializing the structure in question before the driver method call. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=99691 Cc: stable@vger.kernel.org Reported-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Reported-by: Alexander Kaltsas <alexkaltsas@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix stack allocation in s390 BPF JIT, from Michael Holzheu. 2) Disable LRO on openvswitch paths, from Jiri Benc. 3) UDP early demux doesn't handle multicast group membership properly, fix from Shawn Bohrer. 4) Fix TX queue hang due to incorrect handling of mixed sized fragments and linearlization in i40e driver, from Anjali Singhai Jain. 5) Cannot use disable_irq() in timer handler of AMD xgbe driver, from Thomas Lendacky. 6) b2net driver improperly assumes pci_alloc_consistent() gives zero'd out memory, use dma_zalloc_coherent(). From Sriharsha Basavapatna. 7) Fix use-after-free in MPLS and ipv6, from Robert Shearman. 8) Missing neif_napi_del() calls in cleanup paths of b44 driver, from Hauke Mehrtens. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: net: replace last open coded skb_orphan_frags with function call net: bcmgenet: power on MII block for all MII modes ipv6: Fix protocol resubmission ipv6: fix possible use after free of dev stats b44: call netif_napi_del() bridge: disable softirqs around br_fdb_update to avoid lockup Revert "bridge: use _bh spinlock variant for br_fdb_update to avoid lockup" mpls: fix possible use after free of device be2net: Replace dma/pci_alloc_coherent() calls with dma_zalloc_coherent() bridge: use _bh spinlock variant for br_fdb_update to avoid lockup amd-xgbe: Use disable_irq_nosync from within timer function rhashtable: add missing import <linux/export.h> i40e: Make sure to be in VEB mode if SRIOV is enabled at probe i40e: start up in VEPA mode by default i40e/i40evf: Fix mixed size frags and linearization ipv4/udp: Verify multicast group is ours in upd_v4_early_demux() openvswitch: disable LRO s390/bpf: fix bpf frame pointer setup s390/bpf: fix stack allocation
-
- 08 Jun, 2015 15 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhostLinus Torvalds authored
Pull last-minute virtio fix from Michael Tsirkin: "This fixes a minor issue affecting multiqueue virtio net when user keeps changing the number of active queues and CPUs are added and removed by hotplug" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio_pci: Clear stale cpumask when setting irq affinity
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Kevin Hilman: "About 10 days worth of small bug fixes, and the (hopefully) final round fixes for from arm-soc land for the -rc cycle. Nothing special to note, but here's a brief summary of fixes by SoC type: - OMAP: small set of misc DT fixes; boot fix for THUMB2 kernel - mediatek: PMIC fixes; DT fix for model name - exynos: wakeup interupt fixes for 3250 - mvebu: revert mbus patch which broke DMA masters * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: dts: am335x-boneblack: disable RTC-only sleep to avoid hardware damage ARM: dts: AM35xx: fix system control module clocks arm64: dts: mt8173-evb: fix model name ARM: exynos: Fix wake-up interrupts for Exynos3250 ARM: dts: Fix n900 dts file to work around 4.1 touchscreen regression on n900 ARM: dts: Fix dm816x to use right compatible flag for MUSB ARM: OMAP3: Fix booting with thumb2 kernel Revert "bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window" bus: mvebu-mbus: do not set WIN_CTRL_SYNCBARRIER on non io-coherent platforms. ARM: mvebu: armada-xp-linksys-mamba: Disable internal RTC soc: mediatek: Add compile dependency to pmic-wrapper soc: mediatek: PMIC wrap: Fix register state machine handling soc: mediatek: PMIC wrap: Fix clock rate handling
-
Willem de Bruijn authored
Commit 70008aa5 ("skbuff: convert to skb_orphan_frags") replaced open coded tests of SKBTX_DEV_ZEROCOPY and skb_copy_ubufs with calls to helper function skb_orphan_frags. Apply that to the last remaining open coded site. Signed-off-by: Willem de Bruijn <willemb@google.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
The RGMII block is currently only powered on when using RGMII or RGMII_NO_ID, which is not correct when using the GENET interface in MII or Reverse MII modes. We always need to power on the RGMII interface for this block to properly work, regardless of the MII mode in which we operate. Fixes: aa09677c ("net: bcmgenet: add MDIO routines") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Josh Hunt authored
UDP encapsulation is broken on IPv6. This is because the logic to resubmit the nexthdr is inverted, checking for a ret value > 0 instead of < 0. Also, the resubmit label is in the wrong position since we already get the nexthdr value when performing decapsulation. In addition the skb pull is no longer necessary either. This changes the return value check to look for < 0, using it for the nexthdr on the next iteration, and moves the resubmit label to the proper location. With these changes the v6 code now matches what we do in the v4 ip input code wrt resubmitting when decapsulating. Signed-off-by: Josh Hunt <johunt@akamai.com> Acked-by: "Tom Herbert" <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Robert Shearman authored
The memory pointed to by idev->stats.icmpv6msgdev, idev->stats.icmpv6dev and idev->stats.ipv6 can each be used in an RCU read context without taking a reference on idev. For example, through IP6_*_STATS_* calls in ip6_rcv. These memory blocks are freed without waiting for an RCU grace period to elapse. This could lead to the memory being written to after it has been freed. Fix this by using call_rcu to free the memory used for stats, as well as idev after an RCU grace period has elapsed. Signed-off-by: Robert Shearman <rshearma@brocade.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Kevin Hilman authored
Merge tag 'omap-for-v4.1/fixes-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Merge omap fixes for v4.1, urgent fix to avoid potential hardware damage From Tony Lindgren: Omap fixes for the -rc cycle, including a fix for potential hardware breakage on BeagleBones: - BeagleBones don't support RTC-only mode, it can cause hardware damage if system-power-controller is specified without ti,pmic-shutdown-controller - Fix a recent regression to am3517 SoCs caused by the recent clock move that was not noticed until now despite automated boot testing - Fix a regression for n900 touchscreen triggered by recent recent input changes - Fix compatible property for dm816x USB to avoid errors with USB Ethernet - Fix oops for omap3 when built with CONFIG_THUMB2_KERNEL * tag 'omap-for-v4.1/fixes-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: am335x-boneblack: disable RTC-only sleep to avoid hardware damage ARM: dts: AM35xx: fix system control module clocks ARM: dts: Fix n900 dts file to work around 4.1 touchscreen regression on n900 ARM: dts: Fix dm816x to use right compatible flag for MUSB ARM: OMAP3: Fix booting with thumb2 kernel
-
git://git.infradead.org/intel-iommuLinus Torvalds authored
Pull Intel IOMMU fix from David Woodhouse: "This fixes an oops when attempting to enable 1:1 passthrough mode for devices on which VT-d translation was disabled anyway. It's actually a long-standing bug but recent changes (commit 18436afd: "iommu/vt-d: Allow RMRR on graphics devices too") have made it much easier to trigger with 'iommu=pt intel_iommu=igfx_off' on the command line" * git://git.infradead.org/intel-iommu: iommu/vt-d: Fix passthrough mode with translation-disabled devices
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/libataLinus Torvalds authored
Pull libata fixes from Tejun Heo: "Two driver fixes. One is for an ahci_mvebu controller config bug and the other fixes pata_octeon_cf build issue" * 'for-4.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: pata_octeon_cf: fix broken build ata: ahci_mvebu: Fix wrongly set base address for the MBus window setting
-
Aaro Koskinen authored
MODULE_DEVICE_TABLE is referring to wrong driver's table and breaks the build. Fix that. Cc: stable@vger.kernel.org Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com> Signed-off-by: Tejun Heo <tj@kernel.org>
-
Linus Torvalds authored
-
Hauke Mehrtens authored
When the driver gets unregistered a call to netif_napi_del() was missing, this all was also missing in the error paths of b44_init_one(). Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nikolay Aleksandrov authored
br_fdb_update() can be called in process context in the following way: br_fdb_add() -> __br_fdb_add() -> br_fdb_update() (if NTF_USE flag is set) so we need to disable softirqs because there are softirq users of the hash_lock. One easy way to reproduce this is to modify the bridge utility to set NTF_USE, enable stp and then set maxageing to a low value so br_fdb_cleanup() is called frequently and then just add new entries in a loop. This happens because br_fdb_cleanup() is called from timer/softirq context. The spin locks in br_fdb_update were _bh before commit f8ae737d ("[BRIDGE]: forwarding remove unneeded preempt and bh diasables") and at the time that commit was correct because br_fdb_update() couldn't be called from process context, but that changed after commit: 292d1398 ("bridge: add NTF_USE support") Using local_bh_disable/enable around br_fdb_update() allows us to keep using the spin_lock/unlock in br_fdb_update for the fast-path. Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Fixes: 292d1398 ("bridge: add NTF_USE support") Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This reverts commit 1d7c4903. Nikolay Aleksandrov has a better version of this fix. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Robert Shearman authored
The mpls device is used in an RCU read context without a lock being held. As the memory is freed without waiting for the RCU grace period to elapse, the freed memory could still be in use. Address this by using kfree_rcu to free the memory for the mpls device after the RCU grace period has elapsed. Fixes: 03c57747 ("mpls: Per-device MPLS state") Signed-off-by: Robert Shearman <rshearma@brocade.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 07 Jun, 2015 10 commits
-
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds authored
Pull MIPS updates from Ralf Baechle: "Eight fixes across arch/mips. Nothing stands particuarly out nor is complicated but fixes keep coming in at a higher than comfortable rate" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: KVM: Do not sign extend on unsigned MMIO load MIPS: BPF: Fix stack pointer allocation MIPS: Loongson-3: Fix a cpu-hotplug issue in loongson3_ipi_interrupt() MIPS: Fix enabling of DEBUG_STACKOVERFLOW MIPS: c-r4k: Fix typo in probe_scache() MIPS: Avoid an FPE exception in FCSR mask probing MIPS: ath79: Add a missing new line in log message MIPS: ralink: Fix clearing the illegal access interrupt
-
Sriharsha Basavapatna authored
There are several places in the driver (all in control paths) where coherent dma memory is being allocated using either dma_alloc_coherent() or the deprecated pci_alloc_consistent(). All these calls should be changed to use dma_zalloc_coherent() to avoid uninitialized fields in data structures backed by this memory. Reported-by: Joerg Roedel <jroedel@suse.de> Tested-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Sriharsha Basavapatna <sriharsha.basavapatna@avagotech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wilson Kok authored
br_fdb_update() can be called in process context in the following way: br_fdb_add() -> __br_fdb_add() -> br_fdb_update() (if NTF_USE flag is set) so we need to use spin_lock_bh because there are softirq users of the hash_lock. One easy way to reproduce this is to modify the bridge utility to set NTF_USE, enable stp and then set maxageing to a low value so br_fdb_cleanup() is called frequently and then just add new entries in a loop. This happens because br_fdb_cleanup() is called from timer/softirq context. These locks were _bh before commit f8ae737d ("[BRIDGE]: forwarding remove unneeded preempt and bh diasables") and at the time that commit was correct because br_fdb_update() couldn't be called from process context, but that changed after commit: 292d1398 ("bridge: add NTF_USE support") Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Fixes: 292d1398 ("bridge: add NTF_USE support") Signed-off-by: David S. Miller <davem@davemloft.net>
-
Lendacky, Thomas authored
Since the Tx timer function runs in softirq context the driver needs to call disable_irq_nosync instead of a disable_irq. Reported-by: Josh Stone <jistone@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hauke Mehrtens authored
rhashtable uses EXPORT_SYMBOL_GPL() without importing linux/export.h directly it is only imported indirectly through some other includes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-coreLinus Torvalds authored
Pull driver core fixes from Greg KH: "Here are two fixes for the driver core that resolve some reported issues. One is a regression from 4.0, the other a fixes a reported oops that has been there since 3.19. Both have been in linux-next for a while with no problems" * tag 'driver-core-4.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: drivers/base: cacheinfo: handle absence of caches drivers: of/base: move of_init to driver_init
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull staging / IIO fixes from Greg KH: "Here are some IIO driver fixes to resolve reported issues, some ozwpan fixes for some reported CVE problems, and a rtl8712 driver fix for a reported regression. All have been in linux-next successfully" * tag 'staging-4.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: rtl8712: fix stack dump ozwpan: unchecked signed subtraction leads to DoS ozwpan: divide-by-zero leading to panic ozwpan: Use unsigned ints to prevent heap overflow ozwpan: Use proper check to prevent heap overflow iio: adc: twl6030-gpadc: Fix modalias iio: adis16400: Fix burst transfer for adis16448 iio: adis16400: Fix burst mode iio: adis16400: Compute the scan mask from channel indices iio: adis16400: Use != channel indices for the two voltage channels iio: adis16400: Report pressure channel scale
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty/serial driver fixes from Greg KH: "Here are a few TTY and Serial driver fixes for reported regressions and crashes. All of these have been in linux-next with no reported problems" * tag 'tty-4.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: n_tty: Fix auditing support for cannonical mode serial: 8250_omap: provide complete custom startup & shutdown callbacks n_tty: Fix calculation of size in canon_copy_from_read_buf serial: imx: Fix DMA handling for IDLE condition aborts serial/amba-pl011: Unconditionally poll for FIFO space before each TX char
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB and PHY driver fixes from Greg KH: "Here are some USB and PHY driver fixes that resolve some reported regressions. Also in here are some new device ids. All of the details are in the shortlog and these patches have been in linux-next with no problems" * tag 'usb-4.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits) USB: cp210x: add ID for HubZ dual ZigBee and Z-Wave dongle usb: renesas_usbhs: Don't disable the pipe if Control write status stage usb: renesas_usbhs: Fix fifo unclear in usbhsf_prepare_pop usb: gadget: f_fs: fix check in read operation usb: musb: fix order of conditions for assigning end point operations usb: gadget: f_uac1: check return code from config_ep_by_speed usb: gadget: ffs: fix: Always call ffs_closed() in ffs_data_clear() usb: gadget: g_ffs: Fix counting of missing_functions usb: s3c2410_udc: correct reversed pullup logic usb: dwc3: gadget: Fix incorrect DEPCMD and DGCMD status macros usb: phy: tahvo: Pass the IRQF_ONESHOT flag usb: phy: ab8500-usb: Pass the IRQF_ONESHOT flag usb: renesas_usbhs: Revise the binding document about the dma-names usb: host: xhci: add mutex for non-thread-safe data usb: make module xhci_hcd removable USB: serial: ftdi_sio: Add support for a Motion Tracker Development Board usb: gadget: f_midi: fix segfault when reading empty id phy: phy-rcar-gen2: Fix USBHS_UGSTS_LOCK value phy: omap-usb2: invoke pm_runtime_disable on error path phy: fix Kconfig dependencies ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linuxLinus Torvalds authored
Pull devicetree fix from Grant Likely: "Stupid typo fix for v4.1. One of the IS_ENABLED() macro calls forgot the CONFIG_ prefix. Only affects a tiny number of platforms, but still..." * tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/glikely/linux: of/dynamic: Fix test for PPC_PSERIES
-
- 06 Jun, 2015 6 commits
-
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "i915 has a bunch of fixes, and Russell found a bug in sysfs writing handling that results in userspace getting stuck" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm: fix writing to /sys/class/drm/*/status drm/i915: Move WaBarrierPerformanceFixDisable:skl to skl code from chv code drm/i915: Include G4X/VLV/CHV in self refresh status drm/i915: Initialize HWS page address after GPU reset drm/i915: Don't skip request retirement if the active list is empty drm/i915/hsw: Fix workaround for server AUX channel clock divisor
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input subsystem fixes from Dmitry Torokhov: "Just a couple touchpad drivers fixups" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: alps - do not reduce trackpoint speed by half Input: elantech - add new icbody type Input: elantech - fix detection of touchpads where the revision matches a known rate
-
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlbLinus Torvalds authored
Pull swiotlb fix from Konrad Rzeszutek Wilk: "Tiny little fix which just converts an function to be static. Really tiny" * 'stable/for-linus-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb: do not export map_single function
-
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibftLinus Torvalds authored
Pull iBFT fix from Konrad Rzeszutek Wilk: "One single fix from Chris to workaround UEFI platforms failing with iSCSI IBFT" * 'stable/for-linus-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft: iscsi_ibft: filter null v4-mapped v6 addresses
-
Nicholas Mc Guire authored
Fix possible unintended sign extension in unsigned MMIO loads by casting to uint16_t in the case of mmio_needed != 2. Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org> Reviewed-by: James Hogan <james.hogan@imgtec.com> Tested-by: James Hogan <james.hogan@imgtec.com> Cc: Gleb Natapov <gleb@kernel.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/9985/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Markos Chandras authored
Fix stack pointer offset which could potentially corrupt argument registers in the previous frame. The calculated offset reflects the size of all the registers we need to preserve so there is no need for this erroneous subtraction. [ralf@linux-mips.org: Fixed conflict due to only applying this fix part of the entire series as part of 4.1 fixes.] Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: netdev@vger.kernel.org Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexei Starovoitov <ast@plumgrid.com> Cc: Daniel Borkmann <dborkman@redhat.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: linux-kernel@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/10527/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-