- 01 Nov, 2010 6 commits
-
-
Yaniv Rosner authored
Enabling CL37 BAM on BCM8073 by default may lead to link issues since not all switches support it. So enable CL37 BAM only if explicitly selected. Signed-off-by:
Yaniv Rosner <yanivr@broadcom.com> Signed-off-by:
Eilon Greenstein <eilong@broadcom.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yaniv Rosner authored
On BCM8726 based designs, the ports are swapped, hence the reset needs to be asserted through port0 and not port1. Signed-off-by:
-
Yaniv Rosner authored
When using latch indication for link change notification, need to clear it when port is unloaded, otherwise it might generate false indication on next load. Signed-off-by:
-
Yaniv Rosner authored
On E2 flavor, dual-port mode, the port argument used for some functions is needed as the global port number rather than the port per path. Signed-off-by:
-
Yaniv Rosner authored
BCM848x3 requires additional of 50ms after reset done indication, instead of fixed time of 200ms Signed-off-by:
-
Yaniv Rosner authored
Fix delay during BMAC reset from 10usec to 1ms. Signed-off-by:
-
- 31 Oct, 2010 3 commits
-
-
Thomas Graf authored
While validating the configuration em_ops is already set, thus the individual destroy functions are called, but the ematch data has not been allocated and associated with the ematch yet. Signed-off-by:
Thomas Graf <tgraf@infradead.org> Signed-off-by:
-
Eric Dumazet authored
Its now illegal to call netif_stop_queue() before register_netdev() Signed-off-by:
Eric Dumazet <eric.dumazet@gmail.com> Cc: Amit Kumar Salecha <amit.salecha@qlogic.com> Signed-off-by:
-
Eric Dumazet authored
Its now illegal to call netif_stop_queue() before register_netdev() Signed-off-by:
-
- 30 Oct, 2010 16 commits
-
-
Kulikov Vasiliy authored
Structure mISDN_devinfo is copied to userland with the field "name" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by:
Vasiliy Kulikov <segooon@gmail.com> Signed-off-by:
-
Hans J. Koch authored
My old mail address doesn't exist anymore. This changes all occurrences to my new address. Signed-off-by:
Hans J. Koch <hjk@hansjkoch.de> Signed-off-by:
-
Ken Kawasaki authored
pcnet_cs: add new_id: "corega Ether CF-TD" 10Base-T PCMCIA card. Signed-off-by:Ken Kawasaki <ken_kawasaki@spring.nifty.jp> Signed-off-by:
-
Linus Torvalds authored
Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
Andy Grover authored
Even with the previous fix, we still are reading the iovecs once to determine SGs needed, and then again later on. Preallocating space for sg lists as part of rds_message seemed like a good idea but it might be better to not do this. While working to redo that code, this patch attempts to protect against userspace rewriting the rds_iovec array between the first and second accesses. The consequences of this would be either a too-small or too-large sg list array. Too large is not an issue. This patch changes all callers of message_alloc_sgs to handle running out of preallocated sgs, and fail gracefully. Signed-off-by:
Andy Grover <andy.grover@oracle.com> Signed-off-by:
-
Andy Grover authored
Change rds_rdma_pages to take a passed-in rds_iovec array instead of doing copy_from_user itself. Change rds_cmsg_rdma_args to copy rds_iovec array once only. This eliminates the possibility of userspace changing it after our sanity checks. Implement stack-based storage for small numbers of iovecs, based on net/socket.c, to save an alloc in the extremely common case. Although this patch reduces iovec copies in cmsg_rdma_args to 1, we still do another one in rds_rdma_extra_size. Getting rid of that one will be trickier, so it'll be a separate patch. Signed-off-by:
-
Andy Grover authored
We don't need to set ret = 0 at the end -- it's initialized to 0. Also, don't increment s_send_rdma stat if we're exiting with an error. Signed-off-by:
-
Andy Grover authored
rds_cmsg_rdma_args would still return success even if rds_rdma_pages returned an error (or overflowed). Signed-off-by:
-
Linus Torvalds authored
As reported by Thomas Pollet, the rdma page counting can overflow. We get the rdma sizes in 64-bit unsigned entities, but then limit it to UINT_MAX bytes and shift them down to pages (so with a possible "+1" for an unaligned address). So each individual page count fits comfortably in an 'unsigned int' (not even close to overflowing into signed), but as they are added up, they might end up resulting in a signed return value. Which would be wrong. Catch the case of tot_pages turning negative, and return the appropriate error code. Reported-by:
Thomas Pollet <thomas.pollet@gmail.com> Signed-off-by:
-
Marc Kleine-Budde authored
This patch fixes the following section mismatch warning: WARNING: drivers/net/can/pch_can.o(.data+0x18): Section mismatch in reference from the variable pch_can_pcidev to the variable .devinit.rodata:pch_pci_tbl The variable pch_can_pcidev references the variable __devinitconst pch_pci_tbl This is actually a false positive which is fixed by giving the offending variable a whitelisted name, it's renamed to "pch_can_pci_driver". This makes sense because the variable is of the type "struct pci_driver". Signed-off-by:
Marc Kleine-Budde <mkl@pengutronix.de> Acked-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by:
-
Marc Kleine-Budde authored
This patch fixes the following sparse warning: drivers/net/can/pch_can.c:231:26: warning: incorrect type in argument 1 (different address spaces) drivers/net/can/pch_can.c:231:26: expected unsigned int [usertype] *addr drivers/net/can/pch_can.c:231:26: got unsigned int [noderef] <asn:2>*<noident> Let pch_can_bit_{set,clear} first parameter be a void __iomem pointer. Signed-off-by: -
Denis Kirjanov authored
We should not stop the egress queue during probe because it is wrong. Signed-off-by:
Denis Kirjanov <dkirjanov@kernel.org> Signed-off-by:
-
Eric Dumazet authored
Before making the fallback tunnel visible to lookups, we should make sure it is completely setup, once ipgre_tunnel_init() had been called and tstats per_cpu pointer allocated. move rcu_assign_pointer(ign->tunnels_wc[0], tunnel); from ipgre_fb_tunnel_init() to ipgre_init_net() Based on a patch from Pavel Emelyanov Reported-by:
Pavel Emelyanov <xemul@openvz.org> Signed-off-by:
-
Harvey Harrison authored
Noticed by sparse: drivers/net/vmxnet3/vmxnet3_drv.c:876:38: warning: cast from restricted __be16 drivers/net/vmxnet3/vmxnet3_drv.c:876:38: warning: cast from restricted __be16 drivers/net/vmxnet3/vmxnet3_drv.c:876:24: warning: restricted __be16 degrades to integer Signed-off-by:
Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by:
-
Harvey Harrison authored
readl/writel swap to little-endian internally. Signed-off-by:
-
Eric Dumazet authored
commit a18135eb (Add UDP_MIB_{SND,RCV}BUFERRORS handling.) forgot to make the necessary changes in net/ipv6/proc.c to report additional counters in /proc/net/snmp6 Signed-off-by:
-
- 29 Oct, 2010 6 commits
-
-
Cyril Chemparathy authored
The marvell 88ec048's official part number is 88e1318s. This patch renames definitions in the driver to reflect this. In addition, a minor bug fix has been added to write back the MSCR1 register value properly. Signed-off-by:
Cyril Chemparathy <cyril@ti.com> Signed-off-by:
-
-
Larry Finger authored
On module removal, the sdio version of b43 generates the following warning: [ 851.560519] ------------[ cut here ]------------ [ 851.560531] WARNING: at drivers/mmc/core/core.c:237 mmc_wait_for_cmd+0x88/0x90() [ 851.560534] Hardware name: 20552PG [ 851.560536] Modules linked in: b43(-) ssb mmc_block binfmt_misc rfcomm sco bnep ppdev l2cap ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp kvm_intel kvm arc4 iwlagn snd_hda_codec_conexant snd_hda_intel snd_hda_codec iwlcore snd_hwdep snd_pcm thinkpad_acpi mac80211 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq r852 joydev snd_timer sm_common pcmcia nand snd_seq_device cfg80211 sdhci_pci btusb psmouse tpm_tis yenta_socket nand_ids lp snd pcmcia_rsrc nand_ecc bluetooth sdhci tpm pcmcia_core parport mtd snd_page_alloc serio_raw tpm_bios soundcore nvram led_class sha256_generic aes_i586 aes_generic dm_crypt i915 drm_kms_helper drm ahci intel_agp i2c_algo_bit intel_gtt e1000e libahci video agpgart output [ 851.560620] Pid: 2504, comm: rmmod Not tainted 2.6.36-titan0+ #1 [ 851.560622] Call Trace: [ 851.560631] [<c014a102>] warn_slowpath_common+0x72/0xa0 [ 851.560636] [<c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90 [ 851.560641] [<c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90 [ 851.560645] [<c014a152>] warn_slowpath_null+0x22/0x30 [ 851.560649] [<c04d94c8>] mmc_wait_for_cmd+0x88/0x90 [ 851.560655] [<c0401585>] ? device_release+0x25/0x80 [ 851.560660] [<c04df210>] mmc_io_rw_direct_host+0xa0/0x150 [ 851.560665] [<c04df370>] mmc_io_rw_direct+0x30/0x40 [ 851.560669] [<c04e06e7>] sdio_disable_func+0x37/0xa0 [ 851.560683] [<f8dfcb80>] b43_sdio_remove+0x30/0x50 [b43] [ 851.560687] [<c04df8cc>] sdio_bus_remove+0x1c/0x60 [ 851.560692] [<c016d39f>] ? blocking_notifier_call_chain+0x1f/0x30 [ 851.560697] [<c0404991>] __device_release_driver+0x51/0xb0 [ 851.560701] [<c0404a7f>] driver_detach+0x8f/0xa0 [ 851.560705] [<c0403c83>] bus_remove_driver+0x63/0xa0 [ 851.560709] [<c0405039>] driver_unregister+0x49/0x80 [ 851.560713] [<c0405039>] ? driver_unregister+0x49/0x80 [ 851.560718] [<c04dfad7>] sdio_unregister_driver+0x17/0x20 [ 851.560727] [<f8dfcb42>] b43_sdio_exit+0x12/0x20 [b43] [ 851.560734] [<f8dfe76f>] b43_exit+0x17/0x3c [b43] [ 851.560740] [<c017fb8d>] sys_delete_module+0x13d/0x200 [ 851.560747] [<c01fd7d2>] ? do_munmap+0x212/0x300 [ 851.560752] [<c010311f>] sysenter_do_call+0x12/0x28 [ 851.560757] ---[ end trace 31e14488072d2f7d ]--- [ 851.560759] ------------[ cut here ]------------ The warning is caused by b43 not claiming the device before calling sdio_disable_func(). Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Reported-by:
Arnd Hannemann <arnd@arndnet.de> Tested-by:
John W. Linville <linville@tuxdriver.com>
-
Jesper Juhl authored
I noticed two small issues in mac80211/debugfs_key.c::key_key_read while reading through the code. Patch below. The key_key_read() function returns ssize_t and the value that's actually returned is the return value of simple_read_from_buffer() which also returns ssize_t, so let's hold the return value in a ssize_t local variable rather than a int one. Also, memory is allocated dynamically with kmalloc() which can fail, but the return value of kmalloc() is not checked, so we may end up operating on a null pointer further on. So check for a NULL return and bail out with -ENOMEM in that case. Signed-off-by:
Jesper Juhl <jj@chaosbits.net> Signed-off-by:
-
Paul Fox authored
For the SD8686, we cannot rely on the scratch register to read the firmware load status, because the same register is used for storing RX packet length. Broaden the check to account for this. The module can now be unloaded/reloaded successfully. Based on the implementation from libertas_tf. Signed-off-by:
Daniel Drake <dsd@laptop.org> Acked-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
Steve deRosier <steve@cozybit.com> Signed-off-by:
-
Mohammed Shafi Shajakhan authored
The index variable to access the rate flags should be obtained from the inner loop counter which corresponds to the rate table structure.This fixes the invalid rate selection i.e when the supported basic rate is invalid on a particular band and also the following warning message. Thanks to Raj for finding this out. Call Trace: [<ffffffff8104ee4a>] warn_slowpath_common+0x7a/0xb0 [<ffffffff8104ee95>] warn_slowpath_null+0x15/0x20 [<ffffffffa0583c45>] ath_get_rate+0x595/0x5b0 [ath9k] [<ffffffff811a0636>] ? cpumask_next_and+0x36/0x50 [<ffffffffa0405186>] rate_control_get_rate+0x86/0x160 [mac80211] [<ffffffffa040dfac>] invoke_tx_handlers+0x81c/0x12d0 [mac80211] [<ffffffffa040eae9>] ieee80211_tx+0x89/0x2b0 [mac80211] [<ffffffff812891bc>] ? pskb_expand_head+0x1cc/0x1f0 [<ffffffffa040edc5>] ieee80211_xmit+0xb5/0x1c0 [mac80211] [<ffffffffa041026f>] ieee80211_tx_skb+0x4f/0x60 [mac80211] [<ffffffffa03fe016>] ieee80211_send_nullfunc+0x46/0x60 [mac80211] [<ffffffffa03f91d7>] ieee80211_offchannel_stop_station+0x107/0x150 [mac80211] [<ffffffff812891bc>] ? pskb_expand_head+0x1cc/0x1f0 [<ffffffffa040edc5>] ieee80211_xmit+0xb5/0x1c0 [mac80211] [<ffffffffa041026f>] ieee80211_tx_skb+0x4f/0x60 [mac80211] [<ffffffffa03fe016>] ieee80211_send_nullfunc+0x46/0x60 [mac80211] [<ffffffffa03f91d7>] ieee80211_offchannel_stop_station+0x107/0x150 [mac80211] [<ffffffffa03f8896>] ieee80211_scan_work+0x146/0x600 [mac80211] [<ffffffff8133a375>] ? schedule+0x2f5/0x8e0 [<ffffffffa03f8750>] ? ieee80211_scan_work+0x0/0x600 [mac80211] [<ffffffff81064fcf>] process_one_work+0x10f/0x380 [<ffffffff81066bc2>] worker_thread+0x162/0x340 [<ffffffff81066a60>] ? worker_thread+0x0/0x340 Cc: stable@kernel.org Signed-off-by:
Mohammed Shafi Shajakhan <mshajakhan@atheros.com> Signed-off-by:
-
- 28 Oct, 2010 9 commits
-
-
David S. Miller authored
Otherwise error indications from ipv6_find_hdr() won't be noticed. This required making the protocol argument to extract_icmp6_fields() signed too. Reported-by:
Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by:
-
avisconti authored
This patch enables and disables the rx and tx bits in the MAC control reg by using a single write operation. This also solves a possible problem (spotted on SPEAr platforms) at 10Mbps where two consecutive writes to a MAC control register can take more than 4 phy_clk cycles. Signed-off-by:
Armando Visconti <armando.visconti@st.com> Acked-by:
Giuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by:
-
Geert Uytterhoeven authored
drivers/net/atarilance.c: In function ‘addr_accessible’: drivers/net/atarilance.c:413: warning: comparison of distinct pointer types lacks a cast drivers/net/atarilance.c:450: warning: comparison of distinct pointer types lacks a cast Signed-off-by:
-
Rajesh Borundia authored
Reset the whole hw instead of freeing hw resources consumed by each pci function. Signed-off-by:
Rajesh Borundia <rajesh.borundia@qlogic.com> Signed-off-by:
Amit Kumar Salecha <amit.salecha@qlogic.com> Signed-off-by:
-
Nelson Elhage authored
A program that accidentally writes too much data to the pktgen file can overflow the kernel stack and oops the machine. This is only triggerable by root, so there's no security issue, but it's still an unfortunate bug. printk() won't print more than 1024 bytes in a single call, anyways, so let's just never copy more than that much data. We're on a fairly shallow stack, so that should be safe even with CONFIG_4KSTACKS. Signed-off-by:
Nelson Elhage <nelhage@ksplice.com> Signed-off-by:
-
David S. Miller authored
This helps protect us from overflow issues down in the individual protocol sendmsg/recvmsg handlers. Once we hit INT_MAX we truncate out the rest of the iovec by setting the iov_len members to zero. This works because: 1) For SOCK_STREAM and SOCK_SEQPACKET sockets, partial writes are allowed and the application will just continue with another write to send the rest of the data. 2) For datagram oriented sockets, where there must be a one-to-one correspondance between write() calls and packets on the wire, INT_MAX is going to be far larger than the packet size limit the protocol is going to check for and signal with -EMSGSIZE. Based upon a patch by Linus Torvalds. Signed-off-by: -
Dmitry Artamonow authored
Crash is triggered by commit e6484930 ("net: allocate tx queues in register_netdevice"), which moved tx netqueue creation into register_netdev. So now calling netif_stop_queue() before register_netdev causes an oops. Move netif_stop_queue() after net device registration to fix crash. Signed-off-by:
Dmitry Artamonow <mad_soft@inbox.ru> Signed-off-by:
-
Pavel Emelyanov authored
When we stop a namespace we flush the table and free one, but the added fn_zone-s (and their hashes if grown) are leaked. Need to free. Tries releases all its stuff in the flushing code. Shame on us - this bug exists since the very first make-fib-per-net patches in 2.6.27 :( Signed-off-by:
-
Krishna Kumar authored
I got a few of these panics (on 2.6.36-rc7) when running high number of netperf sessions: BUG: unable to handle kernel paging request at 0000100000000000 IP: [<ffffffff813125f0>] skb_release_data+0xa0/0xd0 Oops: 0000 [#1] SMP Pid: 2155, comm: vhost-2115 Not tainted 2.6.36-rc7-ORG #1 49Y6512 /System x3650 M2 -[7947AC1]- RIP: 0010:[<ffffffff813125f0>] [<ffffffff813125f0>] skb_release_data+0xa0/0xd0 RSP: 0018:ffff880001803738 EFLAGS: 00010206 RAX: ffff880179b0fc00 RBX: ffff880178b441c0 RCX: 0000000000000000 RSP: 0018:ffff880001803738 EFLAGS: 00010206 RAX: ffff880179b0fc00 RBX: ffff880178b441c0 RCX: 0000000000000000 RDX: ffff880179b0fd40 RSI: 0000000000000000 RDI: 0000100000000000 RBP: ffff880001803748 R08: 0000000000000001 R09: ffff88017f117000 R10: ffff88017b990608 R11: ffff88017f117090 R12: ffff880178b441c0 R13: ffff88017f117090 R14: 0000000000000000 R15: ffff880178b441c0 FS: 0000000000000000(0000) GS:ffff880001800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000100000000000 CR3: 000000017ea64000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process vhost-2115 (pid: 2155, threadinfo ffff88017d872000, task ffff88017e954680) Stack: ffff880178b441c0 0000000000000007 ffff880001803768 ffffffff81312119 <0> 0000000000000000 0000000000000002 ffff880001803778 ffffffff813121f9 <0> ffff880001803818 ffffffffa012d14c ffffffffa02de076 ffff880001803700 Call Trace: <IRQ> [<ffffffff81312119>] __kfree_skb+0x19/0xa0 [<ffffffff813121f9>] kfree_skb+0x19/0x40 [<ffffffffa012d14c>] free_tx_desc+0x2fc/0x350 [cxgb3] [<ffffffffa02de076>] ? vhost_poll_wakeup+0x16/0x20 [vhost_net] [<ffffffffa01323db>] t3_eth_xmit+0x28b/0x380 [cxgb3] [<ffffffff8131ce47>] dev_hard_start_xmit+0x377/0x5a0 [<ffffffff81335a4a>] sch_direct_xmit+0xfa/0x1d0 [<ffffffff8131d1a9>] dev_queue_xmit+0x139/0x450 [<ffffffff81326225>] neigh_resolve_output+0x125/0x340 [<ffffffff8135a77c>] ip_finish_output+0x14c/0x320 [<ffffffff8135a9fe>] ip_output+0xae/0xc0 [<ffffffff8135620f>] ip_forward_finish+0x3f/0x50 [<ffffffff8135641f>] ip_forward+0x1ff/0x400 [<ffffffff81354789>] ip_rcv_finish+0x119/0x3e0 [<ffffffff81354c7d>] ip_rcv+0x22d/0x300 [<ffffffff8131a95b>] __netif_receive_skb+0x29b/0x570 [<ffffffff8131ba70>] ? netif_receive_skb+0x0/0x80 [<ffffffff8131bae8>] netif_receive_skb+0x78/0x80 [<ffffffffa02a96d8>] br_handle_frame_finish+0x198/0x260 [bridge] [<ffffffffa02aebc8>] br_nf_pre_routing_finish+0x238/0x380 [bridge] [<ffffffff813424bc>] ? nf_hook_slow+0x6c/0x100 [<ffffffffa02ae990>] ? br_nf_pre_routing_finish+0x0/0x380 [bridge] [<ffffffffa02afb08>] br_nf_pre_routing+0x698/0x7a0 [bridge] [<ffffffff81342414>] nf_iterate+0x64/0xa0 [<ffffffffa02a9540>] ? br_handle_frame_finish+0x0/0x260 [bridge] [<ffffffff813424bc>] nf_hook_slow+0x6c/0x100 [<ffffffffa02a9540>] ? br_handle_frame_finish+0x0/0x260 [bridge] [<ffffffffa02a9931>] br_handle_frame+0x191/0x240 [bridge] [<ffffffffa02a97a0>] ? br_handle_frame+0x0/0x240 [bridge] [<ffffffff8131a863>] __netif_receive_skb+0x1a3/0x570 [<ffffffff812ef3f6>] ? dma_issue_pending_all+0x76/0xa0 [<ffffffff8131ad32>] process_backlog+0x102/0x200 [<ffffffff8131c2d0>] net_rx_action+0x100/0x220 [<ffffffff810548ef>] __do_softirq+0xaf/0x140 [<ffffffff8100bcdc>] call_softirq+0x1c/0x30 [<ffffffff8100dfc5>] ? do_softirq+0x65/0xa0 [<ffffffff8131c6b8>] netif_rx_ni+0x28/0x30 [<ffffffffa02c305d>] tun_sendmsg+0x2cd/0x4b0 [tun] [<ffffffffa02e01af>] handle_tx+0x1df/0x340 [vhost_net] [<ffffffffa02e0340>] handle_tx_kick+0x10/0x20 [vhost_net] [<ffffffffa02de29b>] vhost_worker+0xbb/0x130 [vhost_net] [<ffffffffa02de1e0>] ? vhost_worker+0x0/0x130 [vhost_net] [<ffffffffa02de1e0>] ? vhost_worker+0x0/0x130 [vhost_net] [<ffffffff81069686>] kthread+0x96/0xa0 [<ffffffff8100bbe4>] kernel_thread_helper+0x4/0x10 [<ffffffff810695f0>] ? kthread+0x0/0xa0 [<ffffffff8100bbe0>] ? kernel_thread_helper+0x0/0x10 Code: 8b 94 24 d0 00 00 00 49 8b 84 24 d8 00 00 00 48 8d 14 10 0f b7 0a 39 d9 7f d1 48 8b 7a 10 48 85 ff 74 20 48 c7 42 10 00 00 00 00 <48> 8b 1f e8 e8 fb ff ff 48 85 db 48 89 df 75 f0 49 8b 84 24 d8 Patch below fixes the panic. cxgb4 and cxgb4vf already have this fix. Signed-off-by:
Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by:
-
