1. 07 Aug, 2013 3 commits
  2. 04 Aug, 2013 1 commit
  3. 03 Aug, 2013 17 commits
  4. 02 Aug, 2013 16 commits
    • Paul Moore's avatar
      netlabel: use domain based selectors when address based selectors are not available · 6a8b7f0c
      Paul Moore authored
      NetLabel has the ability to selectively assign network security labels
      to outbound traffic based on either the LSM's "domain" (different for
      each LSM), the network destination, or a combination of both.  Depending
      on the type of traffic, local or forwarded, and the type of traffic
      selector, domain or address based, different hooks are used to label the
      traffic; the goal being minimal overhead.
      
      Unfortunately, there is a bug such that a system using NetLabel domain
      based traffic selectors does not correctly label outbound local traffic
      that is not assigned to a socket.  The issue is that in these cases
      the associated NetLabel hook only looks at the address based selectors
      and not the domain based selectors.  This patch corrects this by
      checking both the domain and address based selectors so that the correct
      labeling is applied, regardless of the configuration type.
      
      In order to acomplish this fix, this patch also simplifies some of the
      NetLabel domainhash structures to use a more common outbound traffic
      mapping type: struct netlbl_dommap_def.  This simplifies some of the code
      in this patch and paves the way for further simplifications in the
      future.
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a8b7f0c
    • Roman Gushchin's avatar
      net: check net.core.somaxconn sysctl values · 5f671d6b
      Roman Gushchin authored
      It's possible to assign an invalid value to the net.core.somaxconn
      sysctl variable, because there is no checks at all.
      
      The sk_max_ack_backlog field of the sock structure is defined as
      unsigned short. Therefore, the backlog argument in inet_listen()
      shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
      is truncated to the somaxconn value. So, the somaxconn value shouldn't
      exceed 65535 (USHRT_MAX).
      Also, negative values of somaxconn are meaningless.
      
      before:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      net.core.somaxconn = 65536
      $ sysctl -w net.core.somaxconn=-100
      net.core.somaxconn = -100
      
      after:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      error: "Invalid argument" setting key "net.core.somaxconn"
      $ sysctl -w net.core.somaxconn=-100
      error: "Invalid argument" setting key "net.core.somaxconn"
      
      Based on a prior patch from Changli Gao.
      Signed-off-by: default avatarRoman Gushchin <klamm@yandex-team.ru>
      Reported-by: default avatarChangli Gao <xiaosuo@gmail.com>
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f671d6b
    • Denis Kirjanov's avatar
      sis900: Fix the tx queue timeout issue · 3508ea33
      Denis Kirjanov authored
      [  198.720048] ------------[ cut here ]------------
      [  198.720108] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:255 dev_watchdog+0x229/0x240()
      [  198.720118] NETDEV WATCHDOG: eth0 (sis900): transmit queue 0 timed out
      [  198.720125] Modules linked in: bridge stp llc dmfe sundance 3c59x sis900 mii
      [  198.720159] CPU: 0 PID: 0 Comm: swapper Not tainted 3.11.0-rc3+ #12
      [  198.720167] Hardware name: System Manufacturer System Name/TUSI-M, BIOS ASUS TUSI-M ACPI BIOS
      Revision 1013 Beta 001 12/14/2001
      [  198.720175]  000000ff c13fa6b9 c169ddcc c12208d6 c169ddf8 c1031e4d c1664a84 c169de24
      [  198.720197]  00000000 c165f5ea 000000ff c13fa6b9 00000001 000000ff c1664a84 c169de10
      [  198.720217]  c1031f13 00000009 c169de08 c1664a84 c169de24 c169de50 c13fa6b9 c165f5ea
      [  198.720240] Call Trace:
      [  198.720257]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720274]  [<c12208d6>] dump_stack+0x16/0x20
      [  198.720306]  [<c1031e4d>] warn_slowpath_common+0x7d/0xa0
      [  198.720318]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720330]  [<c1031f13>] warn_slowpath_fmt+0x33/0x40
      [  198.720342]  [<c13fa6b9>] dev_watchdog+0x229/0x240
      [  198.720357]  [<c103f158>] call_timer_fn+0x78/0x150
      [  198.720369]  [<c103f0e0>] ? internal_add_timer+0x40/0x40
      [  198.720381]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720392]  [<c103f33f>] run_timer_softirq+0x10f/0x200
      [  198.720412]  [<c103954f>] ? __do_softirq+0x6f/0x210
      [  198.720424]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720435]  [<c1039598>] __do_softirq+0xb8/0x210
      [  198.720467]  [<c14b54d2>] ? _raw_spin_unlock+0x22/0x30
      [  198.720484]  [<c1003245>] ? handle_irq+0x25/0xd0
      [  198.720496]  [<c1039c0c>] irq_exit+0x9c/0xb0
      [  198.720508]  [<c14bc9d7>] do_IRQ+0x47/0x94
      [  198.720534]  [<c1056078>] ? hrtimer_start+0x28/0x30
      [  198.720564]  [<c14bc8b1>] common_interrupt+0x31/0x38
      [  198.720589]  [<c1008692>] ? default_idle+0x22/0xa0
      [  198.720600]  [<c10083c7>] arch_cpu_idle+0x17/0x30
      [  198.720631]  [<c106d23d>] cpu_startup_entry+0xcd/0x180
      [  198.720643]  [<c14ae30a>] rest_init+0xaa/0xb0
      [  198.720654]  [<c14ae260>] ? reciprocal_value+0x50/0x50
      [  198.720668]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720679]  [<c1704bda>] start_kernel+0x29a/0x350
      [  198.720690]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720721]  [<c1704269>] i386_start_kernel+0x39/0xa0
      [  198.720729] ---[ end trace 81e0a6266f5c73a8 ]---
      [  198.720740] eth0: Transmit timeout, status 00000204 00000000
      
      timer routine checks the link status and if it's up calls
      netif_carrier_on() allowing upper layer to start the tx queue
      even if the auto-negotiation process is not finished.
      
      Also remove ugly auto-negotiation check from the sis900_start_xmit()
      
      CC: Duan Fugang <B38611@freescale.com>
      CC: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDenis Kirjanov <kda@linux-powerpc.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3508ea33
    • Linus Torvalds's avatar
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · abe03080
      Linus Torvalds authored
      Pull infiniband/rdma fixes from Roland Dreier:
       - Fixes for the newly merged mlx5 hardware driver
       - Stack info leak fixes from Dan Carpenter
       - Fixes for pkey table handling with SR-IOV
       - A few other small things
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        IPoIB: Fix pkey change flow for virtualization environments
        IPoIB: Make sure child devices use valid/proper pkeys
        IB/core: Create QP1 using the pkey index which contains the default pkey
        mlx5_core: Variable may be used uninitialized
        mlx5_core: Implement new initialization sequence
        mlx5_core: Fix use after free in mlx5_cmd_comp_handler()
        IB/mlx5: Fix stack info leak in mlx5_ib_alloc_ucontext()
        IB/mlx5: Fix error return code in init_one()
        IB/mlx4: Use default pkey when creating tunnel QPs
        RDMA/cma: Only call cma_save_ib_info() for CM REQs
        RDMA/cma: Fix accessing invalid private data for UD
        RDMA/cma: Fix gcc warning
        Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"
        IB/qib: Add err_decode() call for ring dump
        RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
        RDMA/nes: Fix info leaks in nes_create_qp() and nes_create_cq()
        RDMA/ocrdma: Fix several stack info leaks
        RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()
        RDMA/ocrdma: Remove unused include
      abe03080
    • Linus Torvalds's avatar
      Merge tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 1cb39a6c
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Yet another GPIO pull request, fixing the fix from the last one.  It
        turns out that fixing the boot path for device tree boots on OMAP
        breaks out antique systems (such as OMAP1) and we need to find a
        better way.  So we're reverting that "fix" for the moment and thinking
        about something better.
      
        Also fixing a build issue on the MSM driver"
      
      * tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio_msm: Fix build error due to missing err.h
        Revert "gpio/omap: don't create an IRQ mapping for every GPIO on DT"
        Revert "gpio/omap: auto request GPIO as input if used as IRQ via DT"
        Revert "gpio/omap: fix build error when OF_GPIO is not defined."
      1cb39a6c
    • Daniel Borkmann's avatar
      net: rtm_to_ifaddr: free ifa if ifa_cacheinfo processing fails · 446266b0
      Daniel Borkmann authored
      Commit 5c766d64 ("ipv4: introduce address lifetime") leaves the ifa
      resource that was allocated via inet_alloc_ifa() unfreed when returning
      the function with -EINVAL. Thus, free it first via inet_free_ifa().
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Reviewed-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      446266b0
    • Lekensteyn's avatar
      r8169: remove "PHY reset until link up" log spam · 9bb8eeb5
      Lekensteyn authored
      This message was added in commit a7154cb8 (June 2004, [PATCH] r8169:
      link handling and phy reset rework) and is printed every ten seconds
      when no cable is connected and runtime power management is disabled.
      (Before that commit, "Reset RTL8169s PHY" would be printed instead.)
      Signed-off-by: default avatarPeter Wu <lekensteyn@gmail.com>
      Acked-by: default avatarFrancois Romieu <romieu@fr.zoreil.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9bb8eeb5
    • Felipe Balbi's avatar
      net: ethernet: cpsw: drop IRQF_DISABLED · 7069f982
      Felipe Balbi authored
      IRQF_DISABLED is a no-op by now and should be
      removed.
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Acked-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7069f982
    • stephen hemminger's avatar
      htb: fix sign extension bug · cbd37556
      stephen hemminger authored
      When userspace passes a large priority value
      the assignment of the unsigned value hopt->prio
      to  signed int cl->prio causes cl->prio to become negative and the
      comparison is with TC_HTB_NUMPRIO is always false.
      
      The result is that HTB crashes by referencing outside
      the array when processing packets. With this patch the large value
      wraps around like other values outside the normal range.
      
      See: https://bugzilla.kernel.org/show_bug.cgi?id=60669Signed-off-by: default avatarStephen Hemminger <stephen@networkplumber.org>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cbd37556
    • Linus Torvalds's avatar
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · e7e2e511
      Linus Torvalds authored
      Pull powerpc fixes from Ben Herrenschmidt:
       "Here is not quite a handful of powerpc fixes for rc3.
      
        The windfarm fix is a regression fix (though not a new one), the PMU
        interrupt rename is not a fix per-se but has been submitted a long
        time ago and I kept forgetting to put it in (it puts us back in sync
        with x86), the other perf bit is just about putting an API/ABI bit
        definition in the right place for userspace to consume, and finally,
        we have a fix for the VPHN (Virtual Partition Home Node) feature
        (notification that the hypervisor is moving nodes around) which could
        cause lockups so we may as well fix it now"
      
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        powerpc/windfarm: Fix noisy slots-fan on Xserve (rm31)
        powerpc: VPHN topology change updates all siblings
        powerpc/perf: Export PERF_EVENT_CONFIG_EBB_SHIFT to userspace
        powerpc: Rename PMU interrupts from CNT to PMI
      e7e2e511
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 6d039f8f
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "I've thought long and hard about what to say for this pull request,
        and I really can't work out anything sane to say to summarise much of
        these commits.  The problem is, for most of these are, yet again, lots
        of small bits scattered around the place without any real overall
        theme to them"
      
      Most notable is probably the kuser page helper improvements.
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm: (22 commits)
        ARM: Add .text annotations where required after __CPUINIT removal
        ARM: 7803/1: Fix deadlock scenario with smp_send_stop()
        ARM: make vectors page inaccessible from userspace
        ARM: move signal handlers into a vdso-like page
        ARM: allow kuser helpers to be removed from the vector page
        ARM: update FIQ support for relocation of vectors
        ARM: use linker magic for vectors and vector stubs
        ARM: move vector stubs
        ARM: poison memory between kuser helpers
        ARM: poison the vectors page
        ARM: 7801/1: v6: prevent gcc 4.5 from reordering extended CP15 reads above is_smp() test
        ARM: 7800/1: ARMv7-M: Fix name of NVIC handler function
        ARM: Fix sorting of machine- initializers
        ARM: 7791/1: a.out: remove partial a.out support
        ARM: 7790/1: Fix deferred mm switch on VIVT processors
        ARM: 7789/1: Do not run dummy_flush_tlb_a15_erratum() on non-Cortex-A15
        ARM: 7787/1: virt: ensure visibility of __boot_cpu_mode
        ARM: 7788/1: elf: fix lpae hwcap feature reporting in proc/cpuinfo
        ARM: 7786/1: hyp: fix macro parameterisation
        ARM: 7785/1: mm: restrict early_alloc to section-aligned memory
        ...
      6d039f8f
    • Linus Torvalds's avatar
      Merge branch 'parisc-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · efc68164
      Linus Torvalds authored
      Pull parisc updates from Helge Deller:
       "The majority of lines changed are due the addition of a defconfig for
        the C8000 machine.  Even the fix in parisc/kernel/cache.c file is
        actually ony a 10-line fix, but the change became bigger (and much
        nicer) to avoid errors of the checkpatch script.
      
        Here is the short-changelog:
      
        This round of parisc updates includes mostly fixes for the C8000
        workstation.  We have a new defconfig file for this machine, as well
        as fixes for it's serial port, the AGP driver and the cache routines
        to cope with the vmas of the FireGL card in a C8000.  The sys32.h
        header file was not used and as such it's now gone"
      
      * 'parisc-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix interrupt routing for C8000 serial ports
        parisc: Remove arch/parisc/kernel/sys32.h header
        parisc: add defconfig for c8000 machine
        parisc: agp/parisc-agp: allow binding of user memory to the AGP GART
        parisc: Fix cache routines to ignore vma's with an invalid pfn
      efc68164
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · f9ed432c
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
       - fix hid-sony PS3 sixaxxis breakage from Benjamin Tissories
       - fix hidraw race condition from Yonghua Zheng
       - fix/bandaid for rare device enumeration problems of Logitech Unifying
         receivers from Nestor Lopez Casado
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: hidraw: fix improper mutex release
        HID: sony: fix HID mapping for PS3 sixaxis controller
        HID: hid-logitech-dj: querying_devices was never set
        HID: Revert "Revert "HID: Fix logitech-dj: missing Unifying device issue""
      f9ed432c
    • Linus Torvalds's avatar
      Merge tag 'please-pull-fix-mce-regression' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras · 940e84fc
      Linus Torvalds authored
      Pull MCE fix from Tony Luck:
       "Fix a regression in mce-severity.c"
      
      * tag 'please-pull-fix-mce-regression' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
        x86/mce: Fix mce regression from recent cleanup
      940e84fc
    • Linus Torvalds's avatar
      Merge tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · aa8032b6
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
       "Yinghai fixed a couple regressions: one resource assignment problem
        introduced in v3.10 that showed up with SR-IOV on powerpc, and another
        SR-IOV hot-remove issue related to refcounting changes we merged for
        v3.11.
      
        Yinghai is still working on another SR-IOV-related fix or two, which
        will be simpler if pciehp is non-modular, so I included the Kconfig
        changes now to get them in earlier.
      
        Finally, a minor fix for the ARM Marvell EBU host bridge driver that
        was merged for v3.11
      
        Hotplug:
            PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
            PCI: hotplug: Convert to be builtin only, not modular
            PCI: pciehp: Convert pciehp to be builtin only, not modular
      
        Resource allocation:
            PCI: Retry allocation of only the resource type that failed
      
        ARM:
            PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge"
      
      * tag 'pci-v3.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: mvebu: Disable prefetchable memory support in PCI-to-PCI bridge
        PCI: Retry allocation of only the resource type that failed
        PCI: pciehp: Convert pciehp to be builtin only, not modular
        PCI: hotplug: Convert to be builtin only, not modular
        PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device
      aa8032b6
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1fe0135b
      Linus Torvalds authored
      Pull ACPI and power management fixes from Rafael Wysocki:
      
       - Revert two cpuidle commits added during the 3.8 development cycle
         that turn out to have introduced a significant performance regression
         as requested by Jeremy Eder.
      
       - The recent patches that made the freezer less heavy-weight introduced
         a regression causing user-space-driven hibernation using the ioctl()
         interface to block indefinitely when the hibernate process executes
         try_to_freeze().  Fix from Colin Cross addresses this by adding a
         process flag to mark the hibernate/suspend process to inform the
         freezer that that process should be ignored.
      
       - One of the recent cpufreq reverts uncovered a problem in the core
         causing the cpufreq driver module refcount to become negative after a
         system suspend-resume cycle.  Fix from Rafael J Wysocki.
      
       - The evaluation of the ACPI battery _BIX method has never worked
         correctly, because the commit that added support for it forgot to
         take the "Revision" field in the return package into account.  As a
         result, the reading of battery info doesn't work at all on some
         systems, which is addressed by a fix from Lan Tianyu.
      
      * tag 'pm+acpi-3.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        freezer: set PF_SUSPEND_TASK flag on tasks that call freeze_processes
        ACPI / battery: Fix parsing _BIX return value
        cpufreq: Fix cpufreq driver module refcount balance after suspend/resume
        Revert "cpuidle: Quickly notice prediction failure for repeat mode"
        Revert "cpuidle: Quickly notice prediction failure in general case"
      1fe0135b
  5. 01 Aug, 2013 3 commits
    • Michael S. Tsirkin's avatar
      macvlan: handle set_promiscuity failures · 78738141
      Michael S. Tsirkin authored
      It's quite unlikely that dev_set_promiscuity will fail,
      but worth checking just in case.
      
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      78738141
    • Michael S. Tsirkin's avatar
      macvlan: better mode validation · 266e8347
      Michael S. Tsirkin authored
      macvlan passthrough mode is special: it's not possible to switch to or
      from it through a netlink command.
      
      But if you try, the command will succeed, which is
      confusing.
      
      Validate input and return error to user.
      
      Cc:  Sridhar Samudrala <sri@us.ibm.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      266e8347
    • Ying Xue's avatar
      tipc: fix oops when creating server socket fails · c756891a
      Ying Xue authored
      When creation of TIPC internal server socket fails,
      we get an oops with the following dump:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
      IP: [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
      PGD 13719067 PUD 12008067 PMD 0
      Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
      Modules linked in: tipc(+)
      CPU: 4 PID: 4340 Comm: insmod Not tainted 3.10.0+ #1
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
      task: ffff880014360000 ti: ffff88001374c000 task.ti: ffff88001374c000
      RIP: 0010:[<ffffffffa0011f49>]  [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
      RSP: 0018:ffff88001374dc98  EFLAGS: 00010292
      RAX: 0000000000000000 RBX: ffff880012ac09d8 RCX: 0000000000000000
      RDX: 0000000000000046 RSI: 0000000000000001 RDI: ffff880014360000
      RBP: ffff88001374dcb8 R08: 0000000000000001 R09: 0000000000000001
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0016fa0
      R13: ffffffffa0017010 R14: ffffffffa0017010 R15: ffff880012ac09d8
      FS:  0000000000000000(0000) GS:ffff880016600000(0063) knlGS:00000000f76668d0
      CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
      CR2: 0000000000000020 CR3: 0000000012227000 CR4: 00000000000006e0
      Stack:
      ffff88001374dcb8 ffffffffa0016fa0 0000000000000000 0000000000000001
      ffff88001374dcf8 ffffffffa0012922 ffff88001374dce8 00000000ffffffea
      ffffffffa0017100 0000000000000000 ffff8800134241a8 ffffffffa0017150
      Call Trace:
      [<ffffffffa0012922>] tipc_server_stop+0xa2/0x1b0 [tipc]
      [<ffffffffa0009995>] tipc_subscr_stop+0x15/0x20 [tipc]
      [<ffffffffa00130f5>] tipc_core_stop+0x1d/0x33 [tipc]
      [<ffffffffa001f0d4>] tipc_init+0xd4/0xf8 [tipc]
      [<ffffffffa001f000>] ? 0xffffffffa001efff
      [<ffffffff8100023f>] do_one_initcall+0x3f/0x150
      [<ffffffff81082f4d>] ? __blocking_notifier_call_chain+0x7d/0xd0
      [<ffffffff810cc58a>] load_module+0x11aa/0x19c0
      [<ffffffff810c8d60>] ? show_initstate+0x50/0x50
      [<ffffffff8190311c>] ? retint_restore_args+0xe/0xe
      [<ffffffff810cce79>] SyS_init_module+0xd9/0x110
      [<ffffffff8190dc65>] sysenter_dispatch+0x7/0x1f
      Code: 6c 24 70 4c 89 ef e8 b7 04 8f e1 8b 73 04 4c 89 e7 e8 7c 9e 32 e1 41 83 ac 24
      b8 00 00 00 01 4c 89 ef e8 eb 0a 8f e1 48 8b 43 08 <4c> 8b 68 20 4d 8d a5 48 03 00
      00 4c 89 e7 e8 04 05 8f e1 4c 89
      RIP  [<ffffffffa0011f49>] tipc_close_conn+0x59/0xb0 [tipc]
      RSP <ffff88001374dc98>
      CR2: 0000000000000020
      ---[ end trace b02321f40e4269a3 ]---
      
      We have the following call chain:
      
      tipc_core_start()
          ret = tipc_subscr_start()
              ret = tipc_server_start(){
                        server->enabled = 1;
                        ret = tipc_open_listening_sock()
                    }
      
      I.e., the server->enabled flag is unconditionally set to 1, whatever
      the return value of tipc_open_listening_sock().
      
      This causes a crash when tipc_core_start() tries to clean up
      resources after a failed initialization:
      
          if (ret == failed)
              tipc_subscr_stop()
                  tipc_server_stop(){
                      if (server->enabled)
                          tipc_close_conn(){
                              NULL reference of con->sock-sk
                              OOPS!
                      }
                  }
      
      To avoid this, tipc_server_start() should only set server->enabled
      to 1 in case of a succesful socket creation. In case of failure, it
      should release all allocated resources before returning.
      
      Problem introduced in commit c5fa7b3c
      ("tipc: introduce new TIPC server infrastructure") in v3.11-rc1.
      Note that it won't be seen often; it takes a module load under memory
      constrained conditions in order to trigger the failure condition.
      Signed-off-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c756891a