- 05 Mar, 2015 1 commit
-
-
Emmanuel Grumbach authored
The commit below introduced an unsafe dereference of mvmvif->phy_ctxt. It can be NULL even if we hold the mutex. We can be handling a BT Coex notification while the vif has already been unassigned. This can happen since the BT Coex notification is hanled asynchronuously: we can have started to handle the BT Coex notification trying to acquire the mutex while the unassign flow already got it. The BT Coex notification handling will wait for the mutext. I'll get it later, but then mvmvif->phy_ctxt will be NULL. Panic log: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<f985180d>] iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm] *pdpt = 0000000000000000 *pde = f000eef300000007 Oops: 0000 [#1] SMP Workqueue: events iwl_mvm_async_handlers_wk [iwlmvm] task: ed719b20 ti: ec03e000 task.ti: ec03e000 EIP: 0060:[<f985180d>] EFLAGS: 00010202 CPU: 2 EIP is at iwl_mvm_bt_notif_iterator+0x9d/0x340 [iwlmvm] EAX: 00000000 EBX: f6d3cb70 ECX: f6d3cb70 EDX: 00000000 ESI: ec03fe40 EDI: efeb8810 EBP: ec03fdf0 ESP: ec03fdac DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 80050033 CR2: 00000000 CR3: 01a1a000 CR4: 001407f0 Stack: f743ca80 f744a404 ec03fdcc c10e3952 00003aba f743ca80 00000246 f743ca80 00000246 00000000 00000001 00000000 ebd45ff6 ebd458a4 f6d3c500 ebd45578 ebd44b01 ec03fe18 f99e1bc2 00000002 ebd44bc0 f9851770 00000000 f6d3c500 Call Trace: [<c10e3952>] ? ring_buffer_unlock_commit+0xa2/0xd0 [<f99e1bc2>] __iterate_interfaces+0x82/0x110 [mac80211] [<f9851770>] ? iwl_mvm_bt_coex_reduced_txp+0x140/0x140 [iwlmvm] [<f99e1c6a>] ieee80211_iterate_active_interfaces_atomic+0x1a/0x20 [mac80211] [<f9851427>] iwl_mvm_bt_coex_notif_handle+0x77/0x280 [iwlmvm] [<f9852161>] iwl_mvm_rx_bt_coex_notif_old+0x211/0x220 [iwlmvm] [<f9850b8b>] iwl_mvm_rx_bt_coex_notif+0x19b/0x1b0 [iwlmvm] [<f983944f>] iwl_mvm_async_handlers_wk+0x7f/0xe0 [iwlmvm] CC: <stable@vger.kernel.org> [3.19+] Fixes: 123f5156 ("iwlwifi: mvm: BT Coex - add support for TTC / RRC") Signed-off-by:
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-
- 25 Feb, 2015 1 commit
-
-
Emmanuel Grumbach authored
The commit below didn't update the max_ht_ampdu_exponent for the devices listed in iwl-[1-6]000.c which, in result, became 0 instead of 8K. This reduced the size of the Rx AMPDU from 64K to 8K which had an impact in the Rx throughput. One user reported that because of this, his downstream throughput droppped by a half. CC: <stable@vger.kernel.org> [3.19] Fixes: c064ddf3 ("iwlwifi: change max HT and VHT A-MPDU exponent") Reported-and-tested-by:
Valentin Manea <linux-wireless@mrs.ro> Signed-off-by:
-
- 23 Feb, 2015 5 commits
-
-
Eyal Shapira authored
Current FW is declaring support for BFER in ucode_capa.capa but it doesn't really support it unless the new LQ_SS_PARAMS API is supported as well. Avoid publishing BFER in our VHT caps if FW doesn't support. Signed-off-by:
Eyal Shapira <eyalx.shapira@intel.com> Signed-off-by:
-
Andrei Otcheretianski authored
iwl_mvm_stop_roc removes TE only if running flag is set. This is not correct since this flag is only set when the TE is started. This resulted in a TE not being removed, when mac80211 believes that there are no active ROCs. Fixes: bf5da87f ("iwlwifi: mvm: add remove flow for AUX ROC time events") Signed-off-by:
Andrei Otcheretianski <andrei.otcheretianski@intel.com> Reviewed-by:
Matti Gottlieb <matti.gottlieb@intel.com> Signed-off-by:
-
Luciano Coelho authored
In certain conditions, mac80211 may ask us to stop a scan (scheduled or normal) that is not running anymore. This can also happen when we are doing a different type of scan, for instance, mac80211 can ask us to stop a scheduled scan when we are running a normal scan, due to some race conditions. In this case, we would stop the wrong type of scan and leave everything everything in a wrong state. To fix this, simply ignore scan stop requests for scans types that are not running. Signed-off-by:
Luciano Coelho <luciano.coelho@intel.com> Reviewed-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Eyal Shapira authored
The check to avoid the shared antenna was passed the wrong antenna parameter. It should have checked whether the antenna of the next column we're considering is allowed and instead it was passed the current antenna. This could lead to a wrong choice of the next column in the rs algorithm and non optimal performance. Fixes: commit 219fb66b ("iwlwifi: mvm: rs - don't use the shared antenna when BT load is high") CC: <stable@vger.kernel.org> [3.19] Signed-off-by:
-
Luciano Coelho authored
A scan abort command failure is not that unusual, since we may try to send it after the scan has actually completed but before we received the completed notification from the firmware. The scan abort can also fail for other reasons, such as a timeout. In such cases, we should clear things up so the next scans will work again. To do so, don't return immediately in case of failures, but call ieee80211_scan_completed() and clear the scan_status flags. Signed-off-by:
-
- 18 Feb, 2015 7 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking updates from David Miller: 1) Missing netlink attribute validation in nft_lookup, from Patrick McHardy. 2) Restrict ipv6 partial checksum handling to UDP, since that's the only case it works for. From Vlad Yasevich. 3) Clear out silly device table sentinal macros used by SSB and BCMA drivers. From Joe Perches. 4) Make sure the remote checksum code never creates a situation where the remote checksum is applied yet the tunneling metadata describing the remote checksum transformation is still present. Otherwise an external entity might see this and apply the checksum again. From Tom Herbert. 5) Use msecs_to_jiffies() where applicable, from Nicholas Mc Guire. 6) Don't explicitly initialize timer struct fields, use setup_timer() and mod_timer() instead. From Vaishali Thakkar. 7) Don't invoke tg3_halt() without the tp->lock held, from Jun'ichi Nomura. 8) Missing __percpu annotation in ipvlan driver, from Eric Dumazet. 9) Don't potentially perform skb_get() on shared skbs, also from Eric Dumazet. 10) Fix COW'ing of metrics for non-DST_HOST routes in ipv6, from Martin KaFai Lau. 11) Fix merge resolution error between the iov_iter changes in vhost and some bug fixes that occurred at the same time. From Jason Wang. 12) If rtnl_configure_link() fails we have to perform a call to ->dellink() before unregistering the device. From WANG Cong. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (39 commits) net: dsa: Set valid phy interface type rtnetlink: call ->dellink on failure when ->newlink exists com20020-pci: add support for eae single card vhost_net: fix wrong iter offset when setting number of buffers net: spelling fixes net/core: Fix warning while make xmldocs caused by dev.c net: phy: micrel: disable NAND-tree for KSZ8021, KSZ8031, KSZ8051, KSZ8081 ipv6: fix ipv6_cow_metrics for non DST_HOST case openvswitch: Fix key serialization. r8152: restore hw settings hso: fix rx parsing logic when skb allocation fails tcp: make sure skb is not shared before using skb_get() bridge: netfilter: Move sysctl-specific error code inside #ifdef ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc ipvlan: add a missing __percpu pcpu_stats tg3: Hold tp->lock before calling tg3_halt() from tg3_init_one() bgmac: fix device initialization on Northstar SoCs (condition typo) qlcnic: Delete existing multicast MAC list before adding new net/mlx5_core: Fix configuration of log_uar_page_sz sunvnet: don't change gso data on clones ... -
git://neil.brown.name/mdLinus Torvalds authored
Pull md bugfixes from Neil Brown: "Three bug md fixes for 3.20 yet-another-livelock in raid5, and a problem with write errors to 4K-block devices" * tag 'md/3.20-fixes' of git://neil.brown.name/md: md/raid5: Fix livelock when array is both resyncing and degraded. md/raid10: round up to bdev_logical_block_size in narrow_write_error. md/raid1: round up to bdev_logical_block_size in narrow_write_error
-
git://git.kernel.org/pub/scm/linux/kernel/git/ras/rasLinus Torvalds authored
Pull mcelog regression fix from Tony Luck: "Fix regression - functions on the mce notifier chain should not be able to decide that an event should not be logged" * tag 'please-pull-fixmcelog' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras: x86/mce: Fix regression. All error records should report via /dev/mcelog
-
git://git.lwn.net/linux-2.6Linus Torvalds authored
Pull DocBook build fix from Jonathan Corbet: "Fix the DocBook build failure caused by the move of the i2o subsystem to the staging tree" * tag 'docs-fix' of git://git.lwn.net/linux-2.6: Fix docs build failure caused by i2o removal
-
git://linux-nfs.org/~bfields/linuxLinus Torvalds authored
Pull nfsd bugfixes from Bruce Fields: "These are fixes for two bugs introduced during the merge window" * 'for-3.20' of git://linux-nfs.org/~bfields/linux: nfsd4: fix v3-less build nfsd: fix comparison in fh_fsid_match()
-
NeilBrown authored
Commit a7854487: md: When RAID5 is dirty, force reconstruct-write instead of read-modify-write. Causes an RCW cycle to be forced even when the array is degraded. A degraded array cannot support RCW as that requires reading all data blocks, and one may be missing. Forcing an RCW when it is not possible causes a live-lock and the code spins, repeatedly deciding to do something that cannot succeed. So change the condition to only force RCW on non-degraded arrays. Reported-by:
Manibalan P <pmanibalan@amiindia.co.in> Bisected-by:
Jes Sorensen <Jes.Sorensen@redhat.com> Tested-by:
NeilBrown <neilb@suse.de> Fixes: a7854487 Cc: stable@vger.kernel.org (v3.7+)
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull lazytime mount option support from Al Viro: "Lazytime stuff from tytso" * 'lazytime' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: ext4: add optimization for the lazytime mount option vfs: add find_inode_nowait() function vfs: add support for a lazytime mount option
-
- 17 Feb, 2015 26 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull iov_iter updates from Al Viro: "More iov_iter work - missing counterpart of iov_iter_init() for bvec-backed ones and vfs_read_iter()/vfs_write_iter() - wrappers for sync calls of ->read_iter()/->write_iter()" * 'iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs: add vfs_iter_{read,write} helpers new helper: iov_iter_bvec()
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull getname/putname updates from Al Viro: "Rework of getname/getname_kernel/etc., mostly from Paul Moore. Gets rid of quite a pile of kludges between namei and audit..." * 'getname2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: audit: replace getname()/putname() hacks with reference counters audit: fix filename matching in __audit_inode() and __audit_inode_child() audit: enable filename recording via getname_kernel() simpler calling conventions for filename_mountpoint() fs: create proper filename objects using getname_kernel() fs: rework getname_kernel to handle up to PATH_MAX sized filenames cut down the number of do_path_lookup() callers
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull debugfs patches from Al Viro: "debugfs patches, mostly to make it possible for something like tracefs to be transparently automounted on given directory in debugfs. New primitive in there is debugfs_create_automount(name, parent, func, arg), which creates a directory and makes its ->d_automount() return func(arg). Another missing primitive was debugfs_create_file_size() - open-coded in quite a few places. Dave's patch adds it and converts the open-code instances to calling it" * 'debugfs_automount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: debugfs: Provide a file creation function that also takes an initial size new primitive: debugfs_create_automount() debugfs: split end_creating() into success and failure cases debugfs: take mode-dependent parts of debugfs_get_inode() into callers fold debugfs_mknod() into callers fold debugfs_create() into caller fold debugfs_mkdir() into caller debugfs_mknod(): get rid useless arguments fold debugfs_link() into caller debugfs: kill __create_file() debugfs: split the beginning and the end of __create_file() off debugfs_{mkdir,create,link}(): get rid of redundant argument
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull misc VFS updates from Al Viro: "This cycle a lot of stuff sits on topical branches, so I'll be sending more or less one pull request per branch. This is the first pile; more to follow in a few. In this one are several misc commits from early in the cycle (before I went for separate branches), plus the rework of mntput/dput ordering on umount, switching to use of fs_pin instead of convoluted games in namespace_unlock()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: switch the IO-triggering parts of umount to fs_pin new fs_pin killing logics allow attaching fs_pin to a group not associated with some superblock get rid of the second argument of acct_kill() take count and rcu_head out of fs_pin dcache: let the dentry count go down to zero without taking d_lock pull bumping refcount into ->kill() kill pin_put() mode_t whack-a-mole: chelsio file->f_path.dentry is pinned down for as long as the file is open... get rid of lustre_dump_dentry() gut proc_register() a bit kill d_validate() ncpfs: get rid of d_validate() nonsense selinuxfs: don't open-code d_genocide()
-
Linus Torvalds authored
Merge yet more updates from Andrew Morton: - a pile of minor fs fixes and cleanups - kexec updates - random misc fixes in various places: vmcore, rbtree, eventfd, ipc, seccomp. - a series of python-based kgdb helper scripts * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (58 commits) seccomp: cap SECCOMP_RET_ERRNO data to MAX_ERRNO samples/seccomp: improve label helper ipc,sem: use current->state helpers scripts/gdb: disable pagination while printing from breakpoint handler scripts/gdb: define maintainer scripts/gdb: convert CpuList to generator function scripts/gdb: convert ModuleList to generator function scripts/gdb: use a generator instead of iterator for task list scripts/gdb: ignore byte-compiled python files scripts/gdb: port to python3 / gdb7.7 scripts/gdb: add basic documentation scripts/gdb: add lx-lsmod command scripts/gdb: add class to iterate over CPU masks scripts/gdb: add lx_current convenience function scripts/gdb: add internal helper and convenience function for per-cpu lookup scripts/gdb: add get_gdbserver_type helper scripts/gdb: add internal helper and convenience function to retrieve thread_info scripts/gdb: add is_target_arch helper scripts/gdb: add helper and convenience function to look up tasks scripts/gdb: add task iteration class ...
-
Kees Cook authored
The value resulting from the SECCOMP_RET_DATA mask could exceed MAX_ERRNO when setting errno during a SECCOMP_RET_ERRNO filter action. This makes sure we have a reliable value being set, so that an invalid errno will not be ignored by userspace. Signed-off-by:
Kees Cook <keescook@chromium.org> Reported-by:
Dmitry V. Levin <ldv@altlinux.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Will Drewry <wad@chromium.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Kees Cook authored
Fixes a potential corruption with uninitialized stack memory in the seccomp BPF sample program. [akpm@linux-foundation.org: coding-style fixlet] Signed-off-by:
Robert Swiecki <swiecki@google.com> Tested-by:
-
Davidlohr Bueso authored
Call __set_current_state() instead of assigning the new state directly. These interfaces also aid CONFIG_DEBUG_ATOMIC_SLEEP environments, keeping track of who changed the state. Signed-off-by:
Davidlohr Bueso <dbueso@suse.de> Signed-off-by:
-
Jan Kiszka authored
While reporting the (refreshed) list of modules on automatic updates we may hit the page boundary of the output console and cause a stop if pagination is enabled. However, gdb does not accept user input while running over the breakpoint handler. So we get stuck, and the user is forced to interrupt gdb. Resolve this by disabling pagination during automatic symbol updates. We restore the user's configuration once done. Signed-off-by:
Jan Kiszka <jan.kiszka@siemens.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Jason Wessel <jason.wessel@windriver.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Ben Widawsky <ben@bwidawsk.net> Cc: Borislav Petkov <bp@suse.de> Signed-off-by:
-
Jan Kiszka authored
I'm proposing myself for keeping an eye on these scripts and integrating contributions. Signed-off-by:
-
Jan Kiszka authored
Yet another code simplification. Signed-off-by:
-
Jan Kiszka authored
Analogously to the task list, convert the module list to a generator function. It noticeably simplifies the code. Signed-off-by:
-
Daniel Wagner authored
The iterator does not return any task_struct from the thread_group list because the first condition in the 'if not t or ...' will only be the first time None. Instead of keeping track of the state ourself in the next() function, we fall back using Python's generator. Signed-off-by:
Daniel Wagner <daniel.wagner@bmw-carit.de> Signed-off-by:
-
Daniel Thompson authored
Using the gdb scripts leaves byte-compiled python files in the scripts/ directory. These should be ignored by git. [jan.kiszka@siemens.com: drop redundant mrproper rule as suggested by Michal] Signed-off-by:
Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by:
-
Pantelis Koukousoulas authored
I tried to use these scripts in an ubuntu 14.04 host (gdb 7.7 compiled against python 3.3) but there were several errors. I believe this patch fixes these issues so that the commands now work (I tested lx-symbols, lx-dmesg, lx-lsmod). Main issues that needed to be resolved: * In python 2 iterators have a "next()" method. In python 3 it is __next__() instead (so let's just add both). * In older python versions there was an implicit conversion in object.__format__() (used when an object is in string.format()) where it was converting the object to str first and then calling str's __format__(). This has now been removed so we must explicitly convert to str the objects for which we need to keep this behavior. * In dmesg.py: in python 3 log_buf is now a "memoryview" object which needs to be converted to a string in order to use string methods like "splitlines()". Luckily memoryview exists in python 2.7.6 as well, so we can convert log_buf to memoryview and use the same code in both python 2 and python 3. This version of the patch has now been tested with gdb 7.7 and both python 3.4 and python 2.7.6 (I think asking for at least python 2.7.6 is a reasonable requirement instead of complicating the code with version checks etc). Signed-off-by:Pantelis Koukousoulas <pktoss@gmail.com> Signed-off-by:
-
Jan Kiszka authored
Signed-off-by:
-
Jan Kiszka authored
This adds a lsmod-like command to list all currently loaded modules of the target. Signed-off-by:
-
Jan Kiszka authored
Will be used first to count module references. It is optimized to read the mask only once per stop. Signed-off-by:
-
Jan Kiszka authored
This is a shorthand for *$lx_per_cpu("current_task"), i.e. a convenience function to retrieve the currently running task of the active context. Signed-off-by: -
Jan Kiszka authored
This function allows to obtain a per-cpu variable, either of the current or an explicitly specified CPU. Note: sparc64 version is untested. Signed-off-by:
-
Jan Kiszka authored
This helper probes the type of the gdb server. Supported are QEMU and KGDB so far. Knowledge about the gdb server is required e.g. to retrieve the current CPU or current task. Signed-off-by:
-
Jan Kiszka authored
Add the internal helper get_thread_info that calculates the thread_info from a given task variable. Also export this service as a convenience function. Note: ia64 version is untested. Signed-off-by:
-
Jan Kiszka authored
This helper caches to result of "show architecture" and matches the provided arch (sub-)string against that output. Signed-off-by:
-
Jan Kiszka authored
Add the helper task_by_pid that can look up a task by its PID. Also export it as a convenience function. Signed-off-by:
-
Jan Kiszka authored
This class allows to iterate over all tasks of the target. Signed-off-by:
-
Jan Kiszka authored
This pokes into the log buffer of the debugged kernel, dumping it to the gdb console. Helping in case the target should or can no longer execute dmesg itself. Signed-off-by:
-
