1. 16 Aug, 2012 2 commits
  2. 15 Aug, 2012 6 commits
    • Steve Hodgson's avatar
      vmxnet3: Fix race between dev_open() and register_netdev() · e3bc4ffb
      Steve Hodgson authored
      dev_open() can complete before register_netdev() returns.
      Fix vmxnet3_probe_device() to support this.
      Signed-off-by: default avatarSteve Hodgson <steve@purestorage.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3bc4ffb
    • Stephen Hemminger's avatar
      bridge: fix rcu dereference outside of rcu_read_lock · c03307ea
      Stephen Hemminger authored
      Alternative solution for problem found by Linux Driver Verification
      project (linuxtesting.org).
      
      As it noted in the comment before the br_handle_frame_finish
      function, this function should be called under rcu_read_lock.
      
      The problem callgraph:
      br_dev_xmit -> br_nf_pre_routing_finish_bridge_slow ->
       -> br_handle_frame_finish -> br_port_get_rcu -> rcu_dereference
      
      And in this case there is no read-lock section.
      Reported-by: default avatarDenis Efremov <yefremov.denis@gmail.com>
      Signed-off-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c03307ea
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 7bab3ae7
      David S. Miller authored
      John W. Linville says:
      
      ====================
      Alexey Khoroshilov provides a potential memory leak in rndis_wlan.
      
      Bob Copeland gives us an ath5k fix for a lockdep problem.
      
      Dan Carpenter fixes a signedness mismatch in at76c50x.
      
      Felix Fietkau corrects a regression caused by an earlier commit that can
      lead to an IRQ storm.
      
      Lorenzo Bianconi offers a fix for a bad variable initialization in ath9k
      that can cause it to improperly mark decrypted frames.
      
      Rajkumar Manoharan fixes ath9k to prevent the btcoex time from running
      when the hardware is asleep.
      
      The remainder are Bluetooth fixes, about which Gustavo says:
      
      	"Here goes some fixes for 3.6-rc1, there are a few fix to
      	thte inquiry code by Ram Malovany, support for 2 new devices,
      	and few others fixes for NULL dereference, possible deadlock
      	and a memory leak."
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bab3ae7
    • Ben Hutchings's avatar
      ipv6: addrconf: Avoid calling netdevice notifiers with RCU read-side lock · 4acd4945
      Ben Hutchings authored
      Cong Wang reports that lockdep detected suspicious RCU usage while
      enabling IPV6 forwarding:
      
       [ 1123.310275] ===============================
       [ 1123.442202] [ INFO: suspicious RCU usage. ]
       [ 1123.558207] 3.6.0-rc1+ #109 Not tainted
       [ 1123.665204] -------------------------------
       [ 1123.768254] include/linux/rcupdate.h:430 Illegal context switch in RCU read-side critical section!
       [ 1123.992320]
       [ 1123.992320] other info that might help us debug this:
       [ 1123.992320]
       [ 1124.307382]
       [ 1124.307382] rcu_scheduler_active = 1, debug_locks = 0
       [ 1124.522220] 2 locks held by sysctl/5710:
       [ 1124.648364]  #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff81768498>] rtnl_trylock+0x15/0x17
       [ 1124.882211]  #1:  (rcu_read_lock){.+.+.+}, at: [<ffffffff81871df8>] rcu_lock_acquire+0x0/0x29
       [ 1125.085209]
       [ 1125.085209] stack backtrace:
       [ 1125.332213] Pid: 5710, comm: sysctl Not tainted 3.6.0-rc1+ #109
       [ 1125.441291] Call Trace:
       [ 1125.545281]  [<ffffffff8109d915>] lockdep_rcu_suspicious+0x109/0x112
       [ 1125.667212]  [<ffffffff8107c240>] rcu_preempt_sleep_check+0x45/0x47
       [ 1125.781838]  [<ffffffff8107c260>] __might_sleep+0x1e/0x19b
      [...]
       [ 1127.445223]  [<ffffffff81757ac5>] call_netdevice_notifiers+0x4a/0x4f
      [...]
       [ 1127.772188]  [<ffffffff8175e125>] dev_disable_lro+0x32/0x6b
       [ 1127.885174]  [<ffffffff81872d26>] dev_forward_change+0x30/0xcb
       [ 1128.013214]  [<ffffffff818738c4>] addrconf_forward_change+0x85/0xc5
      [...]
      
      addrconf_forward_change() uses RCU iteration over the netdev list,
      which is unnecessary since it already holds the RTNL lock.  We also
      cannot reasonably require netdevice notifier functions not to sleep.
      Reported-by: default avatarCong Wang <amwang@redhat.com>
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4acd4945
    • Julia Lawall's avatar
      drivers/net/ethernet/mellanox/mlx4/mcg.c: fix error return code · 499b95f6
      Julia Lawall authored
      Convert a 0 error return code to a negative one, as returned elsewhere in the
      function.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      identifier ret;
      expression e,e1,e2,e3,e4,x;
      @@
      
      (
      if (\(ret != 0\|ret < 0\) || ...) { ... return ...; }
      |
      ret = 0
      )
      ... when != ret = e1
      *x = \(kmalloc\|kzalloc\|kcalloc\|devm_kzalloc\|ioremap\|ioremap_nocache\|devm_ioremap\|devm_ioremap_nocache\)(...);
      ... when != x = e2
          when != ret = e3
      *if (x == NULL || ...)
      {
        ... when != ret = e4
      *  return ret;
      }
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      499b95f6
    • Julia Lawall's avatar
      drivers/net/ethernet/freescale/fs_enet: fix error return code · 137bc99f
      Julia Lawall authored
      Convert a 0 error return code to a negative one, as returned elsewhere in the
      function.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      identifier ret;
      expression e,e1,e2,e3,e4,x;
      @@
      
      (
      if (\(ret != 0\|ret < 0\) || ...) { ... return ...; }
      |
      ret = 0
      )
      ... when != ret = e1
      *x = \(kmalloc\|kzalloc\|kcalloc\|devm_kzalloc\|ioremap\|ioremap_nocache\|devm_ioremap\|devm_ioremap_nocache\)(...);
      ... when != x = e2
          when != ret = e3
      *if (x == NULL || ...)
      {
        ... when != ret = e4
      *  return ret;
      }
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      137bc99f
  3. 14 Aug, 2012 29 commits
  4. 13 Aug, 2012 3 commits
    • Dave Airlie's avatar
      Merge branch 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux into drm-fixes · 7bac6b46
      Dave Airlie authored
      Alex Deucher writes:
      This is the current set of radeon fixes for 3.6.  Nothing too major.
      
      Highlights:
      - various display fixes
      - some SI fixes
      - new SI pci ids
      - major VM fix
      - CS checker support for MSAA
      
      I've tested on a number of cards across generations and noticed no problems.
      
      * 'drm-fixes-3.6' of git://people.freedesktop.org/~agd5f/linux:
        drm/radeon: fix typo in function header comment
        drm/radeon/kms: implement timestamp userspace query (v2)
        drm/radeon/kms: add MSAA texture support for r600-evergreen
        drm/radeon/kms: reorder code in r600_check_texture_resource
        drm/radeon: fence virtual address and free it once idle v4
        drm/radeon: fix some missing parens in asic macros
        drm/radeon: add some new SI pci ids
        drm/radeon: fix ordering in pll picking on dce4+
        drm/radeon: do not reenable crtc after moving vram start address
        drm/radeon: fix bank tiling parameters on cayman
        drm/radeon: fix bank tiling parameters on evergreen
        drm/radeon: fix bank tiling parameters on SI
        drm/radeon: properly handle crtc powergating
        drm/radeon: properly handle SS overrides on TN (v2)
        drm/radeon/dce4+: set a more reasonable cursor watermark
        drm/radeon: fix handling for ddc type 5 on combios
      7bac6b46
    • Bob Copeland's avatar
      ath5k: fix spin_lock_irqsave/spin_lock_bh nesting in mesh · 7dd6753f
      Bob Copeland authored
      Lockdep found an inconsistent lock state when joining a mesh with
      ath5k.  The problem is that ath5k takes the lock for its beacon state,
      ah->block, with spin_lock_irqsave(), while mesh internally takes the
      sync_offset_lock with spin_lock_bh() in mesh_sync_offset_adjust_tbtt(),
      which in turn is called under ah->block.
      
      This could deadlock if the beacon tasklet was run on the processor
      that held the beacon lock during the do_softirq() in spin_unlock_bh().
      
      We probably shouldn't hold the lock around the callbacks, but the
      easiest fix is to switch to spin_lock_bh for ah->block: it doesn't
      need interrupts disabled anyway as the data in question is only accessed
      in softirq or process context.
      
      Fixes the following lockdep warning:
      
      [  446.892304] WARNING: at kernel/softirq.c:159 _local_bh_enable_ip+0x38/0xa6()
      [  446.892306] Hardware name: MacBook1,1
      [  446.892309] Modules linked in: tcp_lp fuse sunrpc cpufreq_ondemand acpi_cpufreq mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 ip6table_filter nf_defrag_ipv4 xt_state nf_conntrack ip6_tables ext2 arc4 btusb bluetooth snd_hda_codec_idt snd_hda_intel carl9170 snd_hda_codec coretemp joydev ath5k snd_hwdep snd_seq isight_firmware ath snd_seq_device snd_pcm applesmc appletouch mac80211 input_polldev snd_timer microcode cfg80211 snd lpc_ich pcspkr i2c_i801 mfd_core soundcore rfkill snd_page_alloc sky2 tpm_infineon virtio_net kvm_intel kvm i915 drm_kms_helper drm i2c_algo_bit i2c_core video
      [  446.892385] Pid: 1892, comm: iw Not tainted 3.6.0-rc1-wl+ #296
      [  446.892387] Call Trace:
      [  446.892394]  [<c0432958>] warn_slowpath_common+0x7c/0x91
      [  446.892398]  [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
      [  446.892403]  [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
      [  446.892459]  [<f7f9ae3b>] ? mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  446.892464]  [<c043298f>] warn_slowpath_null+0x22/0x24
      [  446.892468]  [<c04399d7>] _local_bh_enable_ip+0x38/0xa6
      [  446.892473]  [<c0439a52>] local_bh_enable_ip+0xd/0xf
      [  446.892479]  [<c088004f>] _raw_spin_unlock_bh+0x34/0x37
      [  446.892527]  [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  446.892569]  [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
      [  446.892575]  [<c047ceeb>] ? trace_hardirqs_on_caller+0x10e/0x13f
      [  446.892591]  [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
      [  446.892597]  [<c047ad67>] ? lock_acquired+0x1f5/0x21e
      [  446.892612]  [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
      [  446.892617]  [<c087f9ea>] ? _raw_spin_lock_irqsave+0x78/0x82
      [  446.892632]  [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
      [  446.892647]  [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
      [  446.892651]  [<c0479dd4>] ? lock_is_held+0x73/0x7b
      [  446.892662]  [<c0458fd5>] ? __might_sleep+0xa7/0x17a
      [  446.892698]  [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
      [  446.892703]  [<c0449875>] ? queue_work+0x24/0x32
      [  446.892718]  [<f7fdf894>] ? ath5k_configure_filter+0x163/0x163 [ath5k]
      [  446.892766]  [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
      [  446.892806]  [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
      [  446.892834]  [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
      [  446.892855]  [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
      [  446.892875]  [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
      [  446.892908]  [<f7a8db99>] ? nl80211_set_wiphy+0x4cf/0x4cf [cfg80211]
      [  446.892919]  [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
      [  446.892940]  [<c07cf861>] ? genl_rcv+0x25/0x25
      [  446.892946]  [<c07cf009>] netlink_rcv_skb+0x37/0x78
      [  446.892950]  [<c07cf85a>] genl_rcv+0x1e/0x25
      [  446.892955]  [<c07cebf3>] netlink_unicast+0xc3/0x12d
      [  446.892959]  [<c07cee46>] netlink_sendmsg+0x1e9/0x213
      [  446.892966]  [<c079f282>] sock_sendmsg+0x79/0x96
      [  446.892972]  [<c04eb90d>] ? might_fault+0x9d/0xa3
      [  446.892978]  [<c07a81d8>] ? copy_from_user+0x8/0xa
      [  446.892983]  [<c07a852c>] ? verify_iovec+0x43/0x77
      [  446.892987]  [<c079f4d8>] __sys_sendmsg+0x180/0x215
      [  446.892993]  [<c045f107>] ? sched_clock_cpu+0x134/0x144
      [  446.892997]  [<c047992f>] ? trace_hardirqs_off+0xb/0xd
      [  446.893002]  [<c047bf88>] ? __lock_acquire+0x46b/0xb6e
      [  446.893006]  [<c047992f>] ? trace_hardirqs_off+0xb/0xd
      [  446.893010]  [<c045f149>] ? local_clock+0x32/0x49
      [  446.893015]  [<c0479ec1>] ? lock_release_holdtime.part.9+0x4b/0x51
      [  446.893020]  [<c0479dd4>] ? lock_is_held+0x73/0x7b
      [  446.893025]  [<c050d127>] ? fcheck_files+0x97/0xcd
      [  446.893029]  [<c050d4df>] ? fget_light+0x2d/0x81
      [  446.893034]  [<c07a01f3>] sys_sendmsg+0x3b/0x52
      [  446.893038]  [<c07a07b4>] sys_socketcall+0x238/0x2a2
      [  446.893044]  [<c0885edf>] sysenter_do_call+0x12/0x38
      [  446.893047] ---[ end trace a9af5998f929270f ]---
      [  447.627222]
      [  447.627232] =================================
      [  447.627237] [ INFO: inconsistent lock state ]
      [  447.627244] 3.6.0-rc1-wl+ #296 Tainted: G        W
      [  447.627248] ---------------------------------
      [  447.627253] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
      [  447.627260] swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
      [  447.627264]  (&(&ah->block)->rlock){+.?...}, at: [<f7fdd2d1>] ath5k_tasklet_beacon+0x91/0xa7 [ath5k]
      [  447.627299] {SOFTIRQ-ON-W} state was registered at:
      [  447.627304]   [<c047cdbf>] mark_held_locks+0x59/0x77
      [  447.627316]   [<c047ceeb>] trace_hardirqs_on_caller+0x10e/0x13f
      [  447.627324]   [<c047cf27>] trace_hardirqs_on+0xb/0xd
      [  447.627332]   [<c0439a3d>] _local_bh_enable_ip+0x9e/0xa6
      [  447.627342]   [<c0439a52>] local_bh_enable_ip+0xd/0xf
      [  447.627349]   [<c088004f>] _raw_spin_unlock_bh+0x34/0x37
      [  447.627359]   [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  447.627451]   [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
      [  447.627526]   [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
      [  447.627547]   [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
      [  447.627569]   [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
      [  447.627628]   [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
      [  447.627712]   [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
      [  447.627782]   [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
      [  447.627816]   [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
      [  447.627845]   [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
      [  447.627872]   [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
      [  447.627881]   [<c07cf009>] netlink_rcv_skb+0x37/0x78
      [  447.627891]   [<c07cf85a>] genl_rcv+0x1e/0x25
      [  447.627898]   [<c07cebf3>] netlink_unicast+0xc3/0x12d
      [  447.627907]   [<c07cee46>] netlink_sendmsg+0x1e9/0x213
      [  447.627915]   [<c079f282>] sock_sendmsg+0x79/0x96
      [  447.627926]   [<c079f4d8>] __sys_sendmsg+0x180/0x215
      [  447.627934]   [<c07a01f3>] sys_sendmsg+0x3b/0x52
      [  447.627941]   [<c07a07b4>] sys_socketcall+0x238/0x2a2
      [  447.627949]   [<c0885edf>] sysenter_do_call+0x12/0x38
      [  447.627959] irq event stamp: 1929200
      [  447.627963] hardirqs last  enabled at (1929200): [<c043a0e9>] tasklet_hi_action+0x3e/0xbf
      [  447.627972] hardirqs last disabled at (1929199): [<c043a0c0>] tasklet_hi_action+0x15/0xbf
      [  447.627981] softirqs last  enabled at (1929196): [<c043999d>] _local_bh_enable+0x12/0x14
      [  447.627989] softirqs last disabled at (1929197): [<c040443b>] do_softirq+0x63/0xb8
      [  447.627999]
      [  447.627999] other info that might help us debug this:
      [  447.628004]  Possible unsafe locking scenario:
      [  447.628004]
      [  447.628009]        CPU0
      [  447.628012]        ----
      [  447.628016]   lock(&(&ah->block)->rlock);
      [  447.628023]   <Interrupt>
      [  447.628027]     lock(&(&ah->block)->rlock);
      [  447.628034]
      [  447.628034]  *** DEADLOCK ***
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7dd6753f
    • Lorenzo Bianconi's avatar
      ath9k: fix decrypt_error initialization in ath_rx_tasklet() · e1352fde
      Lorenzo Bianconi authored
      ath_rx_tasklet() calls ath9k_rx_skb_preprocess() and ath9k_rx_skb_postprocess()
      in a loop over the received frames. The decrypt_error flag is
      initialized to false
      just outside ath_rx_tasklet() loop. ath9k_rx_accept(), called by
      ath9k_rx_skb_preprocess(),
      only sets decrypt_error to true and never to false.
      Then ath_rx_tasklet() calls ath9k_rx_skb_postprocess() and passes
      decrypt_error to it.
      So, after a decryption error, in ath9k_rx_skb_postprocess(), we can
      have a leftover value
      from another processed frame. In that case, the frame will not be marked with
      RX_FLAG_DECRYPTED even if it is decrypted correctly.
      When using CCMP encryption this issue can lead to connection stuck
      because of CCMP
      PN corruption and a waste of CPU time since mac80211 tries to decrypt an already
      deciphered frame with ieee80211_aes_ccm_decrypt.
      Fix the issue initializing decrypt_error flag at the begging of the
      ath_rx_tasklet() loop.
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo.bianconi83@gmail.com>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      e1352fde