- 01 Apr, 2014 3 commits
-
-
Daniel Borkmann authored
This minor patch fixes the following warning when doing a `make htmldocs`: DOCPROC Documentation/DocBook/networking.xml Warning(.../net/core/filter.c:135): No description found for parameter 'insn' Warning(.../net/core/filter.c:135): Excess function parameter 'fentry' description in '__sk_run_filter' HTML Documentation/DocBook/networking.html Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pablo Neira authored
nla_strcmp compares the string length plus one, so it's implicitly including the nul-termination in the comparison. int nla_strcmp(const struct nlattr *nla, const char *str) { int len = strlen(str) + 1; ... d = memcmp(nla_data(nla), str, len); However, if NLA_STRING is used, userspace can send us a string without the nul-termination. This is a problem since the string comparison will not match as the last byte may be not the nul-termination. Fix this by skipping the comparison of the nul-termination if the attribute data is nul-terminated. Suggested by Thomas Graf. Cc: Florian Westphal <fw@strlen.de> Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-nextDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains fixes to e1000e, igb, ixgbe, ixgebvf, i40e and i40evf. David provides a fix for e1000e to resolve an issue where the device is capable of transmitting packets but is unable to receive packets until a previously introduced workaround is called. Jakub Kicinski provides PTP fixes for ixgbe, which include removing a redundant if clause and make sure we are not generating both a software and hardware timestamp. As well as fix a race condition and leaking skbs when multiple transmit rings try to claim time stamping. Jean Sacren fixes a function declaration in ixgbe which was introduced in commit c97506ab ("ixgbe: Add check for FW veto bit"). In addition fixes a function header comment in i40e and fixes the error checking by binding the check to the pertinent DMA bit mask. Mark provides several fixes for ixgbe and ixgbevf. Most notably are fixes to resolve namespace issues and fix ECU warnings induced by LER for ixgbe and ixgbevf. Joe Perches fixes up unnecessary casts in i40e and i40evf. Peter Senna Tschudin fixes igb to use pci_iounmap when the virtual mapping was done with pci_iomap. ====================# Please enter a commit message to explain why this merge is necessary,
-
- 31 Mar, 2014 37 commits
-
-
Mark Rustad authored
Resolve some rcu warnings produced when LER actions take place. This appears to be due to not holding the rtnl lock when calling ixgbe_down, so hold the lock. Also avoid disabling the device when it is already disabled. This check is necessary because the callback can be called more than once in some cases. Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Mark Rustad authored
Resolve some rcu warnings produced when LER actions take place. This appears to be due to not holding the rtnl lock when calling ixgbe_down, so hold the lock. Also avoid disabling the device when it is already disabled. This check is necessary because the callback can be called more than once in some cases. Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Peter Senna Tschudin authored
Use pci_iounmap instead of iounmap when the virtual mapping was done with pci_iomap. A simplified version of the semantic patch that finds this issue is as follows: (http://coccinelle.lip6.fr/) // <smpl> @r@ expression addr; @@ addr = pci_iomap(...) @rr@ expression r.addr; @@ * iounmap(addr) // </smpl> Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Joe Perches authored
Casting a pointer to a pointer of the same type is pointless, so remove these unnecessary casts. Done via coccinelle script: $ cat typecast_2.cocci @@ type T; T *foo; @@ - (T *)foo + foo Signed-off-by: Joe Perches <joe@perches.com> Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Joe Perches authored
Using addressof then casting to the original type is pointless, so remove these unnecessary casts. Done via coccinelle script: $ cat typecast.cocci @@ type T; T foo; @@ - (T *)&foo + &foo Signed-off-by: Joe Perches <joe@perches.com> Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jean Sacren authored
The commit 6494294f ("i40e/i40evf: Use dma_set_mask_and_coherent") uses dma_set_mask_and_coherent() to replace dma_set_coherent_mask() for the benefit of return error. The conversion brings some confusion in error checking as whether against DMA_BIT_MASK(64) or DMA_BIT_MASK(32). For one, if error is zero, the check will be against DMA_BIT_MASK(64) twice. Fix this error checking by binding the check to the pertinent one. Cc: Mitch Williams <mitch.a.williams@intel.com> Signed-off-by: Jean Sacren <sakiwit@gmail.com> Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jean Sacren authored
The commit c7d05ca8 ("i40e: driver ethtool core") introduced the new function i40e_add_del_fdir_sctpv4() with the kernel doc description a little bit off. The trivial error was copied over to a different file by the commit 17a73f6b ("i40e: Flow Director sideband accounting") most recently. Fix the kernel doc with the correct description for clarity. Cc: Jesse Brandeburg <jesse.brandeburg@intel.com> Cc: Joseph Gasparakis <joseph.gasparakis@intel.com> Signed-off-by: Jean Sacren <sakiwit@gmail.com> Tested-by: Kavindya Deegala <kavindya.s.deegala@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Mark Rustad authored
Change the ixgbe_read_reg function name to ixgbevf_read_reg to avoid a namespace clash with the ixgbe driver. This will allow ixgbe to take its register read function out-of-line to reduce memory footprint. Signed-off-by: Mark Rustad <mark.d.rustad@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jean Sacren authored
The commit c97506ab ("ixgbe: Add check for FW veto bit") introduced the new function ixgbe_check_reset_blocked() with a minor issue in declaration. Fix the declaration by changing the type specifier to bool as the definition returns a boolean value. Additionally all ixgbe_check_reset_blocked() callers are expected to return a boolean value. Signed-off-by: Jean Sacren <sakiwit@gmail.com> Acked-by: Don Skidmore <donald.c.skidmore@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jakub Kicinski authored
ixgbe has a single set of TX time stamping resources per NIC. Use a simple bit lock to avoid race conditions and leaking skbs when multiple TX rings try to claim time stamping. Signed-off-by: Jakub Kicinski <kubakici@wp.pl> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jakub Kicinski authored
skb_tx_timestamp() does not report software time stamp if SKBTX_IN_PROGRESS is set. According to timestamping.txt software time stamps are a fallback and should not be generated if hardware time stamp is provided. Move call to skb_tx_timestamp() after setting SKBTX_IN_PROGRESS. Signed-off-by: Jakub Kicinski <kubakici@wp.pl> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jakub Kicinski authored
ptp_tx_skb is always set before work is scheduled, work is cancelled before ptp_tx_skb is set to NULL. PTP work cannot ever see ptp_tx_skb set to NULL. Signed-off-by: Jakub Kicinski <kubakici@wp.pl> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
David Ertman authored
In commit da1e2046, the flow for enabling/disabling an Si errata workaround (e1000_lv_jumbo_workaround_ich8lan) was changed to fix a problem with iAMT connections dropping on interface down with jumbo frames set. Part of this change was to move the function call disabling the workaround to e1000e_down() from the e1000_setup_rctl() function. The mechanic for disabling of this workaround involves writing several MAC and PHY registers back to hardware defaults. After this commit, when the driver is loaded with the cable out, the PHY registers are not programmed with the correct default values. This causes the device to be capable of transmitting packets, but is unable to recieve them until this workaround is called. The flow of e1000e's open code relies upon calling the above workaround to expicitly program these registers either with jumbo frame appropriate settings or h/w defaults on 82579 and newer hardware. Fix this issue by adding logic to e1000_setup_rctl() that not only calls e1000_lv_jumbo_workaround_ich8lan() when jumbo frames are set, to enable the workaround, but also calls this function to explicitly disable the workaround in the case that jumbo frames are not set. Signed-off-by: Dave Ertman <davidx.m.ertman@intel.com> Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: drivers/net/xen-netback/netback.c A bug fix overlapped with changing how the netback SKB control block is implemented. Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-nextDavid S. Miller authored
John W. Linville says: ==================== pull request: wireless-next 2014-03-31 Please accept this one last round of general wireless updates for the 3.15 merge window! For the Bluetooth bits, Gustavo says: "Here follow another set of patches to 3.15. This is mostly a bug fix pull request with the exception of one commit from Marcel which adds tracking to the current configured LE scan type parameter." Beyond that, notable bits include some final refactoring of rtl8180 and the addition of the rtl8187se driver, fixes for a number of problems identified by Dan Carpenter and his static analysis tools, and a handful of other bits here and there. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexander Aring authored
While transmit over a at86rf231 device and unloading the module I got: [ 29.643073] WARNING: CPU: 0 PID: 3 at kernel/workqueue.c:1335 __queue_work+0xb4/0x224() [ 29.651457] Modules linked in: at86rf230(-) autofs4 [ 29.656612] CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G W 3.14.0-rc6-01602-g902659e-dirty #294 [ 29.666490] [<c00124f0>] (unwind_backtrace) from [<c0010ad0>] (show_stack+0x10/0x14) [ 29.674628] [<c0010ad0>] (show_stack) from [<c0032c80>] (warn_slowpath_common+0x60/0x80) [ 29.683116] [<c0032c80>] (warn_slowpath_common) from [<c0032d30>] (warn_slowpath_null+0x18/0x20) [ 29.692329] [<c0032d30>] (warn_slowpath_null) from [<c0045b08>] (__queue_work+0xb4/0x224) [ 29.700906] [<c0045b08>] (__queue_work) from [<c0045cc8>] (queue_work_on+0x50/0x78) [ 29.708944] [<c0045cc8>] (queue_work_on) from [<c05669cc>] (mac802154_tx+0x1e4/0x240) [ 29.717164] [<c05669cc>] (mac802154_tx) from [<c0471814>] (dev_hard_start_xmit+0x2f0/0x43c) [ 29.725926] [<c0471814>] (dev_hard_start_xmit) from [<c04878d0>] (sch_direct_xmit+0x64/0x2a0) [ 29.734867] [<c04878d0>] (sch_direct_xmit) from [<c0487c38>] (__qdisc_run+0x12c/0x18c) [ 29.743169] [<c0487c38>] (__qdisc_run) from [<c046e1b0>] (net_tx_action+0xe0/0x178) [ 29.751205] [<c046e1b0>] (net_tx_action) from [<c0036690>] (__do_softirq+0x100/0x264) [ 29.759420] [<c0036690>] (__do_softirq) from [<c0036818>] (run_ksoftirqd+0x24/0x4c) [ 29.767453] [<c0036818>] (run_ksoftirqd) from [<c005232c>] (smpboot_thread_fn+0x128/0x13c) [ 29.776121] [<c005232c>] (smpboot_thread_fn) from [<c004c3fc>] (kthread+0xd0/0xe4) [ 29.784061] [<c004c3fc>] (kthread) from [<c000da88>] (ret_from_fork+0x14/0x2c) [ 29.791628] ---[ end trace 3406ff24bd973834 ]--- The problem is there are still interrupts after deregister ieee802154 device. This patch mask all interrupts in the at86rf2xx chips before deregister the device. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hannes Frederic Sowa authored
After commit c15b1cca ("ipv6: move DAD and addrconf_verify processing to workqueue") some counters are now updated in process context and thus need to disable bh before doing so, otherwise deadlocks can happen on 32-bit archs. Fabio Estevam noticed this while while mounting a NFS volume on an ARM board. As a compensation for missing this I looked after the other *_STATS_BH and found three other calls which need updating: 1) icmp6_send: ip6_fragment -> icmpv6_send -> icmp6_send (error handling) 2) ip6_push_pending_frames: rawv6_sendmsg -> rawv6_push_pending_frames -> ... (only in case of icmp protocol with raw sockets in error handling) 3) ping6_v6_sendmsg (error handling) Fixes: c15b1cca ("ipv6: move DAD and addrconf_verify processing to workqueue") Reported-by: Fabio Estevam <festevam@gmail.com> Tested-by: Fabio Estevam <fabio.estevam@freescale.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Lucas Stach authored
Though we made sure to acquire a valid MAC for the netdevice we never actually programmed it into the hardware. So if the bootloader did not set the MAC, network operation would only work if userspace explicitly asked to transfer the MAC to hardware. Signed-off-by: Lucas Stach <l.stach@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hannes Frederic Sowa authored
First off, we don't need to check for non-NULL rt any more, as we are guaranteed to always get a valid rt6_info. Drop the check. In case we couldn't allocate an inet_peer for fragmentation information we currently generate strictly incrementing fragmentation ids for all destination. This is done to maximize the cycle and avoid collisions. Those fragmentation ids are very predictable. At least we should try to mix in the destination address. While it should make no difference to simply use a PRNG at this point, secure_ipv6_id ensures that we don't leak information from prandom, so its internal state could be recoverable. This fallback function should normally not get used thus this should not affect performance at all. It is just meant as a safety net. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Main difference between napi_frags_skb() and napi_gro_receive() is that the later is called while ethernet header was already pulled by the NIC driver (eth_type_trans() was called before napi_gro_receive()) Jerry Chu in commit 299603e8 ("net-gro: Prepare GRO stack for the upcoming tunneling support") tried to remove this difference by calling eth_type_trans() from napi_frags_skb() instead of doing this later from napi_frags_finish() Goal was that napi_gro_complete() could call ptype->callbacks.gro_complete(skb, 0) (offset of first network header = 0) Also, xxx_gro_receive() handlers all use off = skb_gro_offset(skb) to point to their own header, for the current skb and ones held in gro_list Problem is this cleanup work defeated the frag0 optimization: It turns out the consecutive pskb_may_pull() calls are too expensive. This patch brings back the frag0 stuff in napi_frags_skb(). As all skb have their mac header in skb head, we no longer need skb_gro_mac_header() Reported-by: Michal Schmidt <mschmidt@redhat.com> Fixes: 299603e8 ("net-gro: Prepare GRO stack for the upcoming tunneling support") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sasha Levin authored
Binding might result in a NULL device which is later dereferenced without checking. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
david decotigny authored
This allows to monitor carrier on/off transitions and detect link flapping issues: - new /sys/class/net/X/carrier_changes - new rtnetlink IFLA_CARRIER_CHANGES (getlink) Tested: - grep . /sys/class/net/*/carrier_changes + ip link set dev X down/up + plug/unplug cable - updated iproute2: prints IFLA_CARRIER_CHANGES - iproute2 20121211-2 (debian): unchanged behavior Signed-off-by: David Decotigny <decot@googlers.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wang Yufen authored
The issue raises when adding policy route, specify a particular NIC as oif, the policy route did not take effect. The reason is that fl6.oif is not set and route map failed. From the tcp_v6_send_response function, if the binding address is linklocal, fl6.oif is set, but not for global address. Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Wang Yufen <wangyufen@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wang Yufen authored
Move the whole rt6_need_strict as static inline into ip6_route.h, so that it can be reused Signed-off-by: Wang Yufen <wangyufen@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wang Yufen authored
Signed-off-by: Wang Yufen <wangyufen@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Florian Fainelli says: ==================== net: document sysfs entries This patchset attempts to document the basic set of sysfs entries that are exposed by netdevices in /sys/class/net/<iface>/ I did not go before the pre-git era, so the oldest entries are marked with the 2.6.12 kernel version and dated of April 2005. Future patches will document the queues/ and statistics/ directories as well. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
NET_ADDR_* values are exported in the /sys/class/net/<iface>/addr_assign_type sysfs attributes, and as such constitutes an user-space ABI. Move the NET_ADDR_* definitions from include/linux/netdevice.h to include/uapi/linux/netdevice.h Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
Add sysfs attributes Documentation entries for the basic set of attributes that are exposed by a network device in /sys/class/net/<iface>/ Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yegor Yefremov authored
This device provides QMI and ethernet functionality via a standard CDC ethernet descriptor. But when driven by cdc_ether, the QMI functionality is unavailable because only cdc_ether can claim the USB interface. Thus blacklist the device in cdc_ether and add its IDs to qmi_wwan, which enables both QMI and ethernet simultaneously. Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Vlad Yasevich says: ==================== bridge: Fix forwarding of 8021AD frames Bridge has its own way to deterine if the packet is forwardable and it doesn't support 8021ad tags correctly. Instead just allow bridge to use an existing is_skb_forwardable() function. v2: Fix missing hunk in patch 2/2 to make it build. v3: Fix indent for is_skb_forwardable ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vlad Yasevich authored
Use existing function instead of trying to use our own. Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vlad Yasevich authored
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John W. Linville authored
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
-
Alexey Khoroshilov authored
If allocation of io_dmabuf fails, rtl8187_probe() calls usb_put_dev(udev) while usb_get_dev(udev) is not called yet. As a result refcnt is decremented incorrectly and usb_dev can be used after memory deallocation. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Andrea Merello authored
In rtl8180/rtl8185/rtl8187se the register space is represented using packed structure type. Register are thus accessed using a pointer of this type. All registers are packed toghether, and only small gaps are present. However Rtl8187se has also some "sparse" registers, very far from the "main register block". It could be possible to access them by simply declare huge reserved blocks inside the register struct (and this causes NO memory waste). However, for various reasons, access to those "far" registers is done with special dedicated macros, without declaring them in the register struct. This is done in an intricate manner, that makes code less readable and caused static analisys tool to produce warnings. This patch keeps the "macro" mechanism, but it changes its implementation in a simplier and more straightforward way. Signed-off-by: Andrea Merello <andrea.merello@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Dan Carpenter authored
There is a missing set of curly braces here so the debug output says "Probe confirm received" unintentionally. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Amitkumar Karwar authored
[ 6630.450908] BUG: spinlock bad magic on CPU#1, ksdioirqd/mmc1/355 [ 6630.450914] Unable to handle kernel NULL pointer dereference at virtual address 0000004f [ 6630.450919] pgd = ecbd8000 [ 6630.450926] [0000004f] *pgd=00000000 [ 6630.450936] lock: 0xeea4ab08, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 [ 6630.450939] Backtrace: [ 6630.450956] [<c010d354>] (unwind_backtrace+0x0/0x118) from [<c060c238>] (dump_stack+0x28/0x30) [ 6630.450960] Internal error: Oops: 5 [#1] SMP ARM [ 6630.450964] Modules linked in: uvcvideo videobuf2_vmalloc [ 6630.450980] [<c060c238>] (dump_stack+0x28/0x30) from [<c0315ab4>] (spin_dump+0x80/0x94) [ 6630.450988] [<c0315ab4>] (spin_dump+0x80/0x94) from [<c0315af4>] (spin_bug+0x2c/0x30) [ 6630.450996] [<c0315af4>] (spin_bug+0x2c/0x30) from [<c0315b80>] (do_raw_spin_lock+0x28/0x15c) [ 6630.451004] [<c0315b80>] (do_raw_spin_lock+0x28/0x15c) from [<c0610c24>] (_raw_spin_lock_irqsave+0x20/0x28) [ 6630.451016] [<c0610c24>] (_raw_spin_lock_irqsave+0x20/0x28) from [<bf07a7f4>] (mwifiex_exec_next_cmd +0x6c/0x45c [mwifiex]) [ 6630.451030] [<bf07a7f4>] (mwifiex_exec_next_cmd+0x6c/0x45c [mwifiex]) from [<bf07834c>] (mwifiex_main_process+0x2c8/0x464 [mwifiex]) [ 6630.451047] [<bf07834c>] (mwifiex_main_process+0x2c8/0x464 [mwifiex]) from [<bf0a093c>] (mwifiex_sdio_interrupt+0xc8/0x1cc [mwifiex_sdio] [ 6630.451064] [<bf0a093c>] (mwifiex_sdio_interrupt+0xc8/0x1cc [mwifiex_sdio]) from [<c04bbde0>] (sdio_irq_thread+0x178/0x31c) [ 6630.451079] [<c04bbde0>] (sdio_irq_thread+0x178/0x31c) from [<c0145514>] (kthread+0xc8/0xd8) [ 6630.451095] [<c0145514>] (kthread+0xc8/0xd8) from [<c0106118>] (ret_from_fork+0x14/0x20) This bug has introduced/exposed due to recent patch in which we cancel pending commands before suspend (using hs_enabling flag). The NULL pointer is dereferenced when both mwifiex_cancel_all_pending_cmd() and mwifiex_exec_next_cmd() try to access cmd pending queue simultaneously. Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-