aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-08-15cnic: Fix locking in init/exit calls.Michael Chan
The slow path ulp_init and ulp_exit calls to the bnx2i driver are sleepable calls and therefore should not be protected using rcu_read_lock. Fix it by using mutex and refcount during these calls. cnic_unregister_driver() will now wait for the refcount to go to zero before completing the call. Signed-off-by: Michael Chan <mchan@broadcom.com> Reviewed-by: Benjamin Li <benli@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-15cnic: Fix locking in start/stop calls.Michael Chan
The slow path ulp_start and ulp_stop calls to the bnx2i driver are sleepable calls and therefore should not be protected using rcu_read_lock. Fix it by using mutex and setting a bit during these calls. cnic_unregister_device() will now wait for the bit to clear before completing the call. Signed-off-by: Michael Chan <mchan@broadcom.com> Reviewed-by: Benjamin Li <benli@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-15bnx2: Use mutex on slow path cnic calls.Michael Chan
The slow path calls to the cnic driver are sleepable calls so we cannot use rcu_read_lock(). Use mutex for these slow path calls instead. Signed-off-by: Michael Chan <mchan@broadcom.com> Reviewed-by: Benjamin Li <benli@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-15cnic: Refine registration with bnx2.Michael Chan
Register and unregister with bnx2 during NETDEV_UP and NETDEV_DOWN events. This simplifies the sequence of events and allows locking fixes in the next patch. Signed-off-by: Michael Chan <mchan@broadcom.com> Reviewed-by: Benjamin Li <benli@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-15cnic: Fix symbol_put_addr() panic on ia64.Michael Chan
When the cnic driver tries to grab a symbol from bnx2 when bnx2 is running init code, symbol_get() will succeed but symbol_put_addr() will hit BUG() a moment later. module_text_address() fails because bnx2 is still in init code. This is fixed by using symbol_put() instead which does the exact opposite of symbol_get(). Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-14gre: Fix MTU calculation for bound GRE tunnelsTom Goff
The GRE header length should be subtracted when the tunnel MTU is calculated. This just corrects for the associativity change introduced by commit 42aa916265d740d66ac1f17290366e9494c884c2 ("gre: Move MTU setting out of ipgre_tunnel_bind_dev"). Signed-off-by: Tom Goff <thomas.goff@boeing.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-14pegasus: Add new device ID.Petko Manolov
Add new definition to 'pegasus.h' for support Japanese IO DATA "ETX-US2" USB Ethernet Adapter. PEGASUS_DEV( $B!H(BIO DATA USB ETX-US2$B!I(B, VENDOR_IODATA, 0x092a, DEFAULT_GPIO_RESET | PEGASUS_II ) Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-14drivers/net: fixed drivers that support netpoll use ndo_start_xmit()Dongdong Deng
The NETPOLL API requires that interrupts remain disabled in netpoll_send_skb(). The use of spin_lock_irq() and spin_unlock_irq() in the NETPOLL API callbacks causes the interrupts to get enabled and can lead to kernel instability. The solution is to use spin_lock_irqsave() and spin_unlock_restore() to prevent the irqs from getting enabled while in netpoll_send_skb(). Call trace: netpoll_send_skb() { -> local_irq_save(flags) ---> dev->ndo_start_xmit(skb, dev) ---> spin_lock_irq() ---> spin_unlock_irq() *******here would enable the interrupt. ... -> local_irq_restore(flags) } Signed-off-by: Dongdong Deng <dongdong.deng@windriver.com> Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Acked-by: Bruce Ashfield <bruce.ashfield@windriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-14via-velocity: Fix test of mii_status bit VELOCITY_DUPLEX_FULLroel kluin
Test whether VELOCITY_DUPLEX_FULL bit is set in mii_status. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-14Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2009-08-14rt2x00: fix memory corruption in rf cache, add a sanity checkPavel Roskin
Change rt2x00_rf_read() and rt2x00_rf_write() to subtract 1 from the rf register number. This is needed because the rf registers are enumerated starting with one. The size of the rf register cache is just enough to hold all registers, so writing to the highest register was corrupting memory. Add a check to make sure that the rf register number is valid. Signed-off-by: Pavel Roskin <proski@gnu.org> Cc: stable@kernel.org Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-08-13ixgbe: Fix receive on real device when VLANs are configuredLucy Liu
Traffic received with a priority tag (VID = 0) and non-zero priority value was incorrectly handled by the VLAN packet code path due to a check on zero for the whole VLAN tag instead of just the VID. This patch masked out the priority field when checking the vlan tag for received VLAN packets. Signed-off-by: Lucy Liu <lucy.liu@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13ixgbe: Do not return 0 in ixgbe_fcoe_ddp() upon FCP_RSP in DDP completionYi Zou
We return the ddp->len in ixgbe_fcoe_ddp() to indicate the length of data that have been DDPed. However, it is possible that the length is 0, e.g., for SCSI READ, the FCP_RSP may come back w/ SCSI status 0x28 as Task Set Full with no FCP data for DDP. In ixgbe_fcoe_ddp(), we return 0 to indicate not passing DDPed packets to upper layer. Therefore in the case of ddp->len being 0 upon FCP_RSP, we do not want to return the 0 ddp->len as we want FCP_RSP to be always delivered to the upper layer. This patch fixes this bug by setting rc only if ddp->len is non-zero. Signed-off-by: Yi Zou <yi.zou@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13netxen: free napi resources during detachDhananjay Phadke
o Defer napi resouce allocation to device attach. o Free napi resources and delete napi during detach. This ensures right behavior across firmware reset. Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13netxen: remove netxen workqueueAmit Kumar Salecha
o Remove private workqueue in the driver, move all scheduled tasks to keventd workqueues. This makes ports (interfaces) of same / different NIC boards independent, in terms of their link watchdog and reset tasks. o Move quick checks for link status and temperature in timer callback, schedule watchdog task only if link status changed or temperature reached critical threshold. This also fixes deadlock when thermal panic occurs, watchdog work was flushing workqueue that it was sitting on. Signed-off-by: Amit Kumar Salecha <amit@qlogic.com> Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13ixgbe: fix issues setting rx-usecs with legacy interruptsDon Skidmore
Currently setting rx-usecs when the interface is in legacy interrupt mode it is not immediate. We were only setting EITR for each MSIx vector and since this count would be zero for legacy mode it wasn't set until after a reset. This patch corrects that by checking what mode we are in and then setting EITR accordingly. Signed-off-by: Don Skidmore <donald.skidmore@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13can: fix oops caused by wrong rtnl newlink usageOliver Hartkopp
For 'real' hardware CAN devices the netlink interface is used to set CAN specific communication parameters. Real CAN hardware can not be created with the ip tool ... The invocation of 'ip link add type can' lead to an oops as the standard rtnl newlink function was called: http://bugzilla.kernel.org/show_bug.cgi?id=13954 This patch adds a private newlink function for the CAN device driver interface that unconditionally returns -EOPNOTSUPP. Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Reported-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> CC: Patrick McHardy <kaber@trash.net> CC: Wolfgang Grandegger <wg@grandegger.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-13mac80211: fix panic when splicing unprepared TIDsLuis R. Rodriguez
We splice skbs from the pending queue for a TID onto the local pending queue when tearing down a block ack request. This is not necessary unless we actually have received a request to start a block ack request (rate control, for example). If we never received that request we should not be splicing the tid pending queue as it would be null, causing a panic. Not sure yet how exactly we allowed through a call when the tid state does not have at least HT_ADDBA_REQUESTED_MSK set, that will require some further review as it is not quite obvious. For more information see the bug report: http://bugzilla.kernel.org/show_bug.cgi?id=13922 This fixes this oops: BUG: unable to handle kernel NULL pointer dereference at 00000030 IP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] *pdpt = 0000000002d1e001 *pde = 0000000000000000 Thread overran stack, or stack corrupted Oops: 0000 [#1] SMP last sysfs file: /sys/module/aes_generic/initstate Modules linked in: <bleh> Pid: 0, comm: swapper Not tainted (2.6.31-rc5-wl #2) Dell DV051 EIP: 0060:[<f8806c70>] EFLAGS: 00010292 CPU: 0 EIP is at ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] EAX: 00000030 EBX: 0000004c ECX: 00000003 EDX: 00000000 ESI: c1c98000 EDI: f745a1c0 EBP: c076be58 ESP: c076be38 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process swapper (pid: 0, ti=c076a000 task=c0709160 task.ti=c076a000) Stack: <bleh2> Call Trace: [<f8806edb>] ? ieee80211_stop_tx_ba_cb+0xab/0x150 [mac80211] [<f8802f1e>] ? ieee80211_tasklet_handler+0xce/0x110 [mac80211] [<c04862ff>] ? net_rx_action+0xef/0x1d0 [<c0149378>] ? tasklet_action+0x58/0xc0 [<c014a0f2>] ? __do_softirq+0xc2/0x190 [<c018eb48>] ? handle_IRQ_event+0x58/0x140 [<c01205fe>] ? ack_apic_level+0x7e/0x270 [<c014a1fd>] ? do_softirq+0x3d/0x40 [<c014a345>] ? irq_exit+0x65/0x90 [<c010a6af>] ? do_IRQ+0x4f/0xc0 [<c014a35d>] ? irq_exit+0x7d/0x90 [<c011d547>] ? smp_apic_timer_interrupt+0x57/0x90 [<c01094a9>] ? common_interrupt+0x29/0x30 [<c010fd9e>] ? mwait_idle+0xbe/0x100 [<c0107e42>] ? cpu_idle+0x52/0x90 [<c054b1a5>] ? rest_init+0x55/0x60 [<c077492d>] ? start_kernel+0x315/0x37d [<c07743ce>] ? unknown_bootoption+0x0/0x1f9 [<c0774099>] ? i386_start_kernel+0x79/0x81 Code: <bleh3> EIP: [<f8806c70>] ieee80211_agg_splice_packets+0x40/0xc0 [mac80211] SS:ESP 0068:c076be38 CR2: 0000000000000030 Cc: stable@kernel.org Testedy-by: Jack Lau <jackelectronics@hotmail.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-08-128139cp: balance dma_map_single vs dma_unmap_single pairFrancois Romieu
The driver always: 1. allocate cp->rx_buf_sz + NET_IP_ALIGN 2. map cp->rx_buf_sz Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-12Revert "libertas: Read buffer overflow"David S. Miller
This reverts commit 57921c312e8cef72ba35a4cfe870b376da0b1b87. On request from John Linville: It has been shown to create a new problem. There is work towards a solution to that one, but it isn't a simple clean-up. Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-10ar9170: fix read & write outside array boundsDan Carpenter
queue == __AR9170_NUM_TXQ would cause a bug on the next line. found by Smatch ( http://repo.or.cz/w/smatch.git ). Cc: stable@kernel.org Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-08-10ar9170usb: fix spurious firmware related messageChristian Lamparter
When ar9170-2.fw was missing, the driver erroneously complained about missing the initialization values file ar9170-1.fw... Signed-off-by: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2009-08-09mlx4_en: Fix read buffer overflow in mlx4_en_complete_rx_desc()roel kluin
If the length is less or equal to frag_prefix_size in the first iteration we write skb_frags_rx[-1] and read from priv->frag_info[-1] Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09zorro8390: Fix read buffer overflow in zorro8390_init_one()roel kluin
Prevent read from cards[-1] when no card was found. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09pcnet32: Read buffer overflowroel kluin
An `options[cards_found]' that equals `sizeof(options_mapping)' is already beyond the array. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09sctp: fix missing destroy of percpu counter variable in sctp_proc_exit()Rafael Laufer
Commit 1748376b6626acf59c24e9592ac67b3fe2a0e026, net: Use a percpu_counter for sockets_allocated added percpu_counter function calls to sctp_proc_init code path, but forgot to add them to sctp_proc_exit(). This resulted in a following Ooops when performing this test # modprobe sctp # rmmod -f sctp # modprobe sctp [ 573.862512] BUG: unable to handle kernel paging request at f8214a24 [ 573.862518] IP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 [ 573.862530] *pde = 37010067 *pte = 00000000 [ 573.862534] Oops: 0002 [#1] SMP [ 573.862537] last sysfs file: /sys/module/libcrc32c/initstate [ 573.862540] Modules linked in: sctp(+) crc32c libcrc32c binfmt_misc bridge stp bnep lp snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss arc4 joydev snd_pcm ecb pcmcia snd_seq_dummy snd_seq_oss iwlagn iwlcore snd_seq_midi snd_rawmidi snd_seq_midi_event yenta_socket rsrc_nonstatic thinkpad_acpi snd_seq snd_timer snd_seq_device mac80211 psmouse sdhci_pci sdhci nvidia(P) ppdev video snd soundcore serio_raw pcspkr iTCO_wdt iTCO_vendor_support led_class ricoh_mmc pcmcia_core intel_agp nvram agpgart usbhid parport_pc parport output snd_page_alloc cfg80211 btusb ohci1394 ieee1394 e1000e [last unloaded: sctp] [ 573.862589] [ 573.862593] Pid: 5373, comm: modprobe Tainted: P R (2.6.31-rc3 #6) 7663B15 [ 573.862596] EIP: 0060:[<c0308b8f>] EFLAGS: 00010286 CPU: 1 [ 573.862599] EIP is at __percpu_counter_init+0x3f/0x70 [ 573.862602] EAX: f8214a20 EBX: f80faa14 ECX: c48c0000 EDX: f80faa20 [ 573.862604] ESI: f80a7000 EDI: 00000000 EBP: f69d5ef0 ESP: f69d5eec [ 573.862606] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 573.862610] Process modprobe (pid: 5373, ti=f69d4000 task=c2130c70 task.ti=f69d4000) [ 573.862612] Stack: [ 573.862613] 00000000 f69d5f18 f80a70a8 f80fa9fc 00000000 fffffffc f69d5f30 c018e2d4 [ 573.862619] <0> 00000000 f80a7000 00000000 f69d5f88 c010112b 00000000 c07029c0 fffffffb [ 573.862626] <0> 00000000 f69d5f38 c018f83f f69d5f54 c0557cad f80fa860 00000001 c07010c0 [ 573.862634] Call Trace: [ 573.862644] [<f80a70a8>] ? sctp_init+0xa8/0x7d4 [sctp] [ 573.862650] [<c018e2d4>] ? marker_update_probe_range+0x184/0x260 [ 573.862659] [<f80a7000>] ? sctp_init+0x0/0x7d4 [sctp] [ 573.862662] [<c010112b>] ? do_one_initcall+0x2b/0x160 [ 573.862666] [<c018f83f>] ? tracepoint_module_notify+0x2f/0x40 [ 573.862671] [<c0557cad>] ? notifier_call_chain+0x2d/0x70 [ 573.862678] [<c01588fd>] ? __blocking_notifier_call_chain+0x4d/0x60 [ 573.862682] [<c016b2f1>] ? sys_init_module+0xb1/0x1f0 [ 573.862686] [<c0102ffc>] ? sysenter_do_call+0x12/0x28 [ 573.862688] Code: 89 48 08 b8 04 00 00 00 e8 df aa ec ff ba f4 ff ff ff 85 c0 89 43 14 74 31 b8 b0 18 71 c0 e8 19 b9 24 00 a1 c4 18 71 c0 8d 53 0c <89> 50 04 89 43 0c b8 b0 18 71 c0 c7 43 10 c4 18 71 c0 89 15 c4 [ 573.862725] EIP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 SS:ESP 0068:f69d5eec [ 573.862730] CR2: 00000000f8214a24 [ 573.862734] ---[ end trace 39c4e0b55e7cf54d ]--- Signed-off-by: Rafael Laufer <rlaufer@cisco.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09MAINTAINERS: additional NETWORKING [GENERAL] and NETWORKING DRIVERS patternsJoe Perches
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09gianfar: keep vlan related state when restartYong Zhang
If vlan has been enabled. ifdown followed by ifup will lost hardware related state. Also remove duplicated operation in gfar_vlan_rx_register(). Signed-off-by: Yong Zhang <yong.zhang0@gmail.com> Acked-by: Dai Haruki <dai.haruki@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09e1000e: fix potential NVM corruption on ICH9 with 8K bank sizeBruce Allan
The bank offset was being incorrectly calculated on ICH9 parts with a bank size of 8K (instead of the more common 4K bank) which would cause any NVM writes to be done on the wrong address after switching from bank 1 to bank 0. Additionally, assume we are meant to use bank 0 if a valid bank is not detected, and remove the unnecessary acquisition of the SW/FW/HW semaphore when writing to the shadow ram version of the NVM image. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09e1000e: fix acquisition of SW/FW/HW semaphore for ICHx partsBruce Allan
For ICHx parts, write the EXTCNF_CTRL.SWFLAG bit once when trying to acquire the SW/FW/HW semaphore instead of multiple times to prevent the hardware from having problems (especially for systems with manageability enabled), and extend the timeout for the hardware to set the SWFLAG bit. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09ixgbe: Disable packet split only on FCoE queues in 82599Yi Zou
For 82599, packet split has to be disabled for FCoE direct data placement. However, this is only required on received queues allocated for FCoE. This patch adds a per ring flags to indicate if packet split is disabled on a per queue basis, particularly for FCoE, as packet split must be disabled for large receive using direct data placement (DDP). Signed-off-by: Yi Zou <yi.zou@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09ixgbe: Pass rx_ring directly in ixgbe_configure_srrctl()Yi Zou
Instead of passing the register index of the corresponding rx_ring and find the way back to get to corresponding rx_ring in ixgbe_configure_srrctl(), simplify the function ixgbe_configure_srrctl() by passing the rx_ring into it. Then the register index for that rx_ring is already available from rx_ring->reg_idx. Signed-off-by: Yi Zou <yi.zou@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09tun: Extend RTNL lock coverage over whole ioctlHerbert Xu
As it is, parts of the ioctl runs under the RTNL and parts of it do not. The unlocked section is still protected by the BKL, but there can be subtle races. For example, Eric Biederman and Paul Moore observed that if two threads tried to create two tun devices on the same file descriptor, then unexpected results may occur. As there isn't anything in the ioctl that is expected to sleep indefinitely, we can prevent this from occurring by extending the RTNL lock coverage. This also allows to get rid of the BKL. Finally, I changed tun_get_iff to take a tun device in order to avoid calling tun_put which would dead-lock as it also tries to take the RTNL lock. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09fec: fix FEC driver packet transmission breakageGreg Ungerer
Commit f0b3fbeae11a526c3d308b691684589ee37c359b ("FEC Buffer rework") breaks transmission of packets where the skb data buffer is not memory aligned according to FEC_ALIGNMENT. It incorrectly passes to dma_sync_single() the buffer address directly from the skb, instead of the address calculated for use (which may be the skb address or one of the bounce buffers). It seems there is no use converting the cpu address of the buffer to a physical either, since dma_map_single() expects the cpu address and will return the dma address to use in the descriptor. So remove the use of __pa() on the buffer address as well. This patch is against 2.6.30-rc5. This breakage is a regression over 2.6.30, which does not have this problem. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09can: Fix raw_getname() leakEric Dumazet
raw_getname() can leak 10 bytes of kernel memory to user (two bytes hole between can_family and can_ifindex, 8 bytes at the end of sockaddr_can structure) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09Fix xfrm hash collisions by changing __xfrm4_daddr_saddr_hash to hash ↵Jussi Mäki
addresses with addition This patch fixes hash collisions in cases where number of entries have incrementing IP source and destination addresses from single respective subnets (i.e. 192.168.0.1-172.16.0.1, 192.168.0.2-172.16.0.2, and so on.). Signed-off-by: Jussi Maki <joamaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09atlx: strncpy does not null terminate stringRoel Kluin
strlcpy() will always null terminate the string. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Chris Snook <csnook@redhat.com> Cc: Jie Yang <jie.yang@atheros.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09irda: fix read buffer overflowRoel Kluin
io[i] is read before the bounds check on i, order should be reversed. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09MAINTAINERS: update atlx contact infoChris Snook
Update MAINTAINERS to reflect my current (non-)affiliation. Anyone hiring? Signed-off-by: Chris Snook <chris.snook@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Jie Yang <jie.yang@atheros.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-09Merge branch 'master' of /home/davem/src/GIT/linux-2.6/David S. Miller
2009-08-09Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2009-08-09Merge branch 'for-linus' of git://git.infradead.org/ubi-2.6Linus Torvalds
* 'for-linus' of git://git.infradead.org/ubi-2.6: UBI: compatible fallback in absense of sequence numbers UBI: fix double free on error path
2009-08-09Merge branch 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
* 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Avoid redelivery of edge interrupt before next edge KVM: MMU: limit rmap chain length KVM: ia64: fix build failures due to ia64/unsigned long mismatches KVM: Make KVM_HPAGES_PER_HPAGE unsigned long to avoid build error on powerpc KVM: fix ack not being delivered when msi present KVM: s390: fix wait_queue handling KVM: VMX: Fix locking imbalance on emulation failure KVM: VMX: Fix locking order in handle_invalid_guest_state KVM: MMU: handle n_free_mmu_pages > n_alloc_mmu_pages in kvm_mmu_change_mmu_pages KVM: SVM: force new asid on vcpu migration KVM: x86: verify MTRR/PAT validity KVM: PIT: fix kpit_elapsed division by zero KVM: Fix KVM_GET_MSR_INDEX_LIST
2009-08-09Merge branch 'drm-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 * 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/i915: silence vblank warnings drm: silence pointless vblank warning. drm: When adding probed modes, preserve duplicate mode types
2009-08-09Merge branch 'timers-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: posix_cpu_timers_exit_group(): Do not use thread_group_cputimer()
2009-08-09Merge branch 'tracing-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: perf_counter: Fix/complete ftrace event records sampling perf_counter, ftrace: Fix perf_counter integration tracing/filters: Always free pred on filter_add_subsystem_pred() failure tracing/filters: Don't use pred on alloc failure ring-buffer: Fix memleak in ring_buffer_free() tracing: Fix recordmcount.pl to handle sections with only weak functions ring-buffer: Fix advance of reader in rb_buffer_peek() tracing: do not use functions starting with .L in recordmcount.pl ring-buffer: do not disable ring buffer on oops_in_progress ring-buffer: fix check of try_to_discard result
2009-08-09Merge branch 'x86-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: fix buffer overflow in efi_init() x86: Add quirk to make Apple MacBookPro5,1 use reboot=pci x86: Fix MSI-X initialization by using online_mask for x2apic target_cpus x86: Fix VMI && stack protector
2009-08-09Merge branch 'core-fixes-for-linus-2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'core-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: lockdep: Fix typos in documentation lockdep: Fix file mode of lock_stat rtmutex: Avoid deadlock in rt_mutex_start_proxy_lock()
2009-08-09perf_counter: Fix/complete ftrace event records samplingFrederic Weisbecker
This patch implements the kernel side support for ftrace event record sampling. A new counter sampling attribute is added: PERF_SAMPLE_TP_RECORD which requests ftrace events record sampling. In this case if a PERF_TYPE_TRACEPOINT counter is active and a tracepoint fires, we emit the tracepoint binary record to the perfcounter event buffer, as a sample. Result, after setting PERF_SAMPLE_TP_RECORD attribute from perf record: perf record -f -F 1 -a -e workqueue:workqueue_execution perf report -D 0x21e18 [0x48]: event: 9 . . ... raw event: size 72 bytes . 0000: 09 00 00 00 01 00 48 00 d0 c7 00 81 ff ff ff ff ......H........ . 0010: 0a 00 00 00 0a 00 00 00 21 00 00 00 00 00 00 00 ........!...... . 0020: 2b 00 01 02 0a 00 00 00 0a 00 00 00 65 76 65 6e +...........eve . 0030: 74 73 2f 31 00 00 00 00 00 00 00 00 0a 00 00 00 ts/1........... . 0040: e0 b1 31 81 ff ff ff ff ....... . 0x21e18 [0x48]: PERF_EVENT_SAMPLE (IP, 1): 10: 0xffffffff8100c7d0 period: 33 The raw ftrace binary record starts at offset 0020. Translation: struct trace_entry { type = 0x2b = 43; flags = 1; preempt_count = 2; pid = 0xa = 10; tgid = 0xa = 10; } thread_comm = "events/1" thread_pid = 0xa = 10; func = 0xffffffff8131b1e0 = flush_to_ldisc() What will come next? - Userspace support ('perf trace'), 'flight data recorder' mode for perf trace, etc. - The unconditional copy from the profiling callback brings some costs however if someone wants no such sampling to occur, and needs to be fixed in the future. For that we need to have an instant access to the perf counter attribute. This is a matter of a flag to add in the struct ftrace_event. - Take care of the events recursivity! Don't ever try to record a lock event for example, it seems some locking is used in the profiling fast path and lead to a tracing recursivity. That will be fixed using raw spinlock or recursivity protection. - [...] - Profit! :-) Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Li Zefan <lizf@cn.fujitsu.com> Cc: Tom Zanussi <tzanussi@gmail.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Mike Galbraith <efault@gmx.de> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Cc: Gabriel Munteanu <eduard.munteanu@linux360.ro> Cc: Lai Jiangshan <laijs@cn.fujitsu.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-08-09perf_counter, ftrace: Fix perf_counter integrationPeter Zijlstra
Adds possible second part to the assign argument of TP_EVENT(). TP_perf_assign( __perf_count(foo); __perf_addr(bar); ) Which, when specified make the swcounter increment with @foo instead of the usual 1, and report @bar for PERF_SAMPLE_ADDR (data address associated with the event) when this triggers a counter overflow. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Steven Rostedt <rostedt@goodmis.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Jason Baron <jbaron@redhat.com> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>