1. 20 Aug, 2012 8 commits
  2. 16 Aug, 2012 18 commits
  3. 15 Aug, 2012 6 commits
    • Steve Hodgson's avatar
      vmxnet3: Fix race between dev_open() and register_netdev() · e3bc4ffb
      Steve Hodgson authored
      dev_open() can complete before register_netdev() returns.
      Fix vmxnet3_probe_device() to support this.
      Signed-off-by: default avatarSteve Hodgson <steve@purestorage.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3bc4ffb
    • Stephen Hemminger's avatar
      bridge: fix rcu dereference outside of rcu_read_lock · c03307ea
      Stephen Hemminger authored
      Alternative solution for problem found by Linux Driver Verification
      project (linuxtesting.org).
      
      As it noted in the comment before the br_handle_frame_finish
      function, this function should be called under rcu_read_lock.
      
      The problem callgraph:
      br_dev_xmit -> br_nf_pre_routing_finish_bridge_slow ->
       -> br_handle_frame_finish -> br_port_get_rcu -> rcu_dereference
      
      And in this case there is no read-lock section.
      Reported-by: default avatarDenis Efremov <yefremov.denis@gmail.com>
      Signed-off-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c03307ea
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 7bab3ae7
      David S. Miller authored
      John W. Linville says:
      
      ====================
      Alexey Khoroshilov provides a potential memory leak in rndis_wlan.
      
      Bob Copeland gives us an ath5k fix for a lockdep problem.
      
      Dan Carpenter fixes a signedness mismatch in at76c50x.
      
      Felix Fietkau corrects a regression caused by an earlier commit that can
      lead to an IRQ storm.
      
      Lorenzo Bianconi offers a fix for a bad variable initialization in ath9k
      that can cause it to improperly mark decrypted frames.
      
      Rajkumar Manoharan fixes ath9k to prevent the btcoex time from running
      when the hardware is asleep.
      
      The remainder are Bluetooth fixes, about which Gustavo says:
      
      	"Here goes some fixes for 3.6-rc1, there are a few fix to
      	thte inquiry code by Ram Malovany, support for 2 new devices,
      	and few others fixes for NULL dereference, possible deadlock
      	and a memory leak."
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bab3ae7
    • Ben Hutchings's avatar
      ipv6: addrconf: Avoid calling netdevice notifiers with RCU read-side lock · 4acd4945
      Ben Hutchings authored
      Cong Wang reports that lockdep detected suspicious RCU usage while
      enabling IPV6 forwarding:
      
       [ 1123.310275] ===============================
       [ 1123.442202] [ INFO: suspicious RCU usage. ]
       [ 1123.558207] 3.6.0-rc1+ #109 Not tainted
       [ 1123.665204] -------------------------------
       [ 1123.768254] include/linux/rcupdate.h:430 Illegal context switch in RCU read-side critical section!
       [ 1123.992320]
       [ 1123.992320] other info that might help us debug this:
       [ 1123.992320]
       [ 1124.307382]
       [ 1124.307382] rcu_scheduler_active = 1, debug_locks = 0
       [ 1124.522220] 2 locks held by sysctl/5710:
       [ 1124.648364]  #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff81768498>] rtnl_trylock+0x15/0x17
       [ 1124.882211]  #1:  (rcu_read_lock){.+.+.+}, at: [<ffffffff81871df8>] rcu_lock_acquire+0x0/0x29
       [ 1125.085209]
       [ 1125.085209] stack backtrace:
       [ 1125.332213] Pid: 5710, comm: sysctl Not tainted 3.6.0-rc1+ #109
       [ 1125.441291] Call Trace:
       [ 1125.545281]  [<ffffffff8109d915>] lockdep_rcu_suspicious+0x109/0x112
       [ 1125.667212]  [<ffffffff8107c240>] rcu_preempt_sleep_check+0x45/0x47
       [ 1125.781838]  [<ffffffff8107c260>] __might_sleep+0x1e/0x19b
      [...]
       [ 1127.445223]  [<ffffffff81757ac5>] call_netdevice_notifiers+0x4a/0x4f
      [...]
       [ 1127.772188]  [<ffffffff8175e125>] dev_disable_lro+0x32/0x6b
       [ 1127.885174]  [<ffffffff81872d26>] dev_forward_change+0x30/0xcb
       [ 1128.013214]  [<ffffffff818738c4>] addrconf_forward_change+0x85/0xc5
      [...]
      
      addrconf_forward_change() uses RCU iteration over the netdev list,
      which is unnecessary since it already holds the RTNL lock.  We also
      cannot reasonably require netdevice notifier functions not to sleep.
      Reported-by: default avatarCong Wang <amwang@redhat.com>
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4acd4945
    • Julia Lawall's avatar
      drivers/net/ethernet/mellanox/mlx4/mcg.c: fix error return code · 499b95f6
      Julia Lawall authored
      Convert a 0 error return code to a negative one, as returned elsewhere in the
      function.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      identifier ret;
      expression e,e1,e2,e3,e4,x;
      @@
      
      (
      if (\(ret != 0\|ret < 0\) || ...) { ... return ...; }
      |
      ret = 0
      )
      ... when != ret = e1
      *x = \(kmalloc\|kzalloc\|kcalloc\|devm_kzalloc\|ioremap\|ioremap_nocache\|devm_ioremap\|devm_ioremap_nocache\)(...);
      ... when != x = e2
          when != ret = e3
      *if (x == NULL || ...)
      {
        ... when != ret = e4
      *  return ret;
      }
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      499b95f6
    • Julia Lawall's avatar
      drivers/net/ethernet/freescale/fs_enet: fix error return code · 137bc99f
      Julia Lawall authored
      Convert a 0 error return code to a negative one, as returned elsewhere in the
      function.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      identifier ret;
      expression e,e1,e2,e3,e4,x;
      @@
      
      (
      if (\(ret != 0\|ret < 0\) || ...) { ... return ...; }
      |
      ret = 0
      )
      ... when != ret = e1
      *x = \(kmalloc\|kzalloc\|kcalloc\|devm_kzalloc\|ioremap\|ioremap_nocache\|devm_ioremap\|devm_ioremap_nocache\)(...);
      ... when != x = e2
          when != ret = e3
      *if (x == NULL || ...)
      {
        ... when != ret = e4
      *  return ret;
      }
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      137bc99f
  4. 14 Aug, 2012 8 commits