openwrt/staging/blogic.git
14 years agofib: Fix fib zone and its hash leak on namespace stop
Pavel Emelyanov [Thu, 28 Oct 2010 02:00:43 +0000 (02:00 +0000)]
fib: Fix fib zone and its hash leak on namespace stop

When we stop a namespace we flush the table and free one, but the
added fn_zone-s (and their hashes if grown) are leaked. Need to free.
Tries releases all its stuff in the flushing code.

Shame on us - this bug exists since the very first make-fib-per-net
patches in 2.6.27 :(

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxgb3: Fix panic in free_tx_desc()
Krishna Kumar [Wed, 27 Oct 2010 19:10:31 +0000 (19:10 +0000)]
cxgb3: Fix panic in free_tx_desc()

I got a few of these panics (on 2.6.36-rc7) when running high
number of netperf sessions:

BUG: unable to handle kernel paging request at 0000100000000000
IP: [<ffffffff813125f0>] skb_release_data+0xa0/0xd0
Oops: 0000 [#1] SMP
Pid: 2155, comm: vhost-2115 Not tainted 2.6.36-rc7-ORG #1 49Y6512     /System x3650 M2 -[7947AC1]-
RIP: 0010:[<ffffffff813125f0>]  [<ffffffff813125f0>] skb_release_data+0xa0/0xd0
RSP: 0018:ffff880001803738  EFLAGS: 00010206
RAX: ffff880179b0fc00 RBX: ffff880178b441c0 RCX: 0000000000000000
RSP: 0018:ffff880001803738  EFLAGS: 00010206
RAX: ffff880179b0fc00 RBX: ffff880178b441c0 RCX: 0000000000000000
RDX: ffff880179b0fd40 RSI: 0000000000000000 RDI: 0000100000000000
RBP: ffff880001803748 R08: 0000000000000001 R09: ffff88017f117000
R10: ffff88017b990608 R11: ffff88017f117090 R12: ffff880178b441c0
R13: ffff88017f117090 R14: 0000000000000000 R15: ffff880178b441c0
FS:  0000000000000000(0000) GS:ffff880001800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000100000000000 CR3: 000000017ea64000 CR4: 00000000000026e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process vhost-2115 (pid: 2155, threadinfo ffff88017d872000, task ffff88017e954680)
Stack:
ffff880178b441c0 0000000000000007 ffff880001803768 ffffffff81312119
<0> 0000000000000000 0000000000000002 ffff880001803778 ffffffff813121f9
<0> ffff880001803818 ffffffffa012d14c ffffffffa02de076 ffff880001803700
Call Trace:
<IRQ>
[<ffffffff81312119>] __kfree_skb+0x19/0xa0
[<ffffffff813121f9>] kfree_skb+0x19/0x40
[<ffffffffa012d14c>] free_tx_desc+0x2fc/0x350 [cxgb3]
[<ffffffffa02de076>] ? vhost_poll_wakeup+0x16/0x20 [vhost_net]
[<ffffffffa01323db>] t3_eth_xmit+0x28b/0x380 [cxgb3]
[<ffffffff8131ce47>] dev_hard_start_xmit+0x377/0x5a0
[<ffffffff81335a4a>] sch_direct_xmit+0xfa/0x1d0
[<ffffffff8131d1a9>] dev_queue_xmit+0x139/0x450
[<ffffffff81326225>] neigh_resolve_output+0x125/0x340
[<ffffffff8135a77c>] ip_finish_output+0x14c/0x320
[<ffffffff8135a9fe>] ip_output+0xae/0xc0
[<ffffffff8135620f>] ip_forward_finish+0x3f/0x50
[<ffffffff8135641f>] ip_forward+0x1ff/0x400
[<ffffffff81354789>] ip_rcv_finish+0x119/0x3e0
[<ffffffff81354c7d>] ip_rcv+0x22d/0x300
[<ffffffff8131a95b>] __netif_receive_skb+0x29b/0x570
[<ffffffff8131ba70>] ? netif_receive_skb+0x0/0x80
[<ffffffff8131bae8>] netif_receive_skb+0x78/0x80
[<ffffffffa02a96d8>] br_handle_frame_finish+0x198/0x260 [bridge]
[<ffffffffa02aebc8>] br_nf_pre_routing_finish+0x238/0x380 [bridge]
[<ffffffff813424bc>] ? nf_hook_slow+0x6c/0x100
[<ffffffffa02ae990>] ? br_nf_pre_routing_finish+0x0/0x380 [bridge]
[<ffffffffa02afb08>] br_nf_pre_routing+0x698/0x7a0 [bridge]
[<ffffffff81342414>] nf_iterate+0x64/0xa0
[<ffffffffa02a9540>] ? br_handle_frame_finish+0x0/0x260 [bridge]
[<ffffffff813424bc>] nf_hook_slow+0x6c/0x100
[<ffffffffa02a9540>] ? br_handle_frame_finish+0x0/0x260 [bridge]
[<ffffffffa02a9931>] br_handle_frame+0x191/0x240 [bridge]
[<ffffffffa02a97a0>] ? br_handle_frame+0x0/0x240 [bridge]
[<ffffffff8131a863>] __netif_receive_skb+0x1a3/0x570
[<ffffffff812ef3f6>] ? dma_issue_pending_all+0x76/0xa0
[<ffffffff8131ad32>] process_backlog+0x102/0x200
[<ffffffff8131c2d0>] net_rx_action+0x100/0x220
[<ffffffff810548ef>] __do_softirq+0xaf/0x140
[<ffffffff8100bcdc>] call_softirq+0x1c/0x30
[<ffffffff8100dfc5>] ? do_softirq+0x65/0xa0
[<ffffffff8131c6b8>] netif_rx_ni+0x28/0x30
[<ffffffffa02c305d>] tun_sendmsg+0x2cd/0x4b0 [tun]
[<ffffffffa02e01af>] handle_tx+0x1df/0x340 [vhost_net]
[<ffffffffa02e0340>] handle_tx_kick+0x10/0x20 [vhost_net]
[<ffffffffa02de29b>] vhost_worker+0xbb/0x130 [vhost_net]
[<ffffffffa02de1e0>] ? vhost_worker+0x0/0x130 [vhost_net]
[<ffffffffa02de1e0>] ? vhost_worker+0x0/0x130 [vhost_net]
[<ffffffff81069686>] kthread+0x96/0xa0
[<ffffffff8100bbe4>] kernel_thread_helper+0x4/0x10
[<ffffffff810695f0>] ? kthread+0x0/0xa0
[<ffffffff8100bbe0>] ? kernel_thread_helper+0x0/0x10
Code: 8b 94 24 d0 00 00 00 49 8b 84 24 d8 00 00 00 48 8d 14 10 0f b7 0a 39 d9 7f d1 48 8b 7a 10 48 85 ff 74 20 48 c7 42 10 00 00 00 00 <48> 8b 1f e8 e8 fb ff ff 48 85 db 48 89 df 75 f0 49 8b 84 24 d8

Patch below fixes the panic. cxgb4 and cxgb4vf already have this fix.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxgb3: fix crash due to manipulating queues before registration
Nishanth Aravamudan [Wed, 27 Oct 2010 19:06:30 +0000 (19:06 +0000)]
cxgb3: fix crash due to manipulating queues before registration

Along the same lines as "cxgb4: fix crash due to manipulating queues
before registration" (8f6d9f40476895571df039b6f1f5230ec7faebad), before
commit "net: allocate tx queues in register_netdevice"
netif_tx_stop_all_queues and related functions could be used between
device allocation and registration but now only after registration.
cxgb4 has such a call before registration and crashes now.  Move it
after register_netdev.

Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Cc: eric.dumazet@gmail.com
Cc: sonnyrao@us.ibm.com
Cc: Divy Le Ray <divy@chelsio.com>
Cc: Dimitris Michailidis <dm@chelsio.com>
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Tested-by: Nishanth Aravamudan <nacc@us.ibm.com>
Acked-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years ago8390: Don't oops on starting dev queue
Pavel Emelyanov [Wed, 27 Oct 2010 23:01:02 +0000 (23:01 +0000)]
8390: Don't oops on starting dev queue

The __NS8390_init tries to start the device queue before the
device is registered. This results in an oops (snipped):

[    2.865493] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[    2.866106] IP: [<ffffffffa000602a>] netif_start_queue+0xb/0x12 [8390]
[    2.881267] Call Trace:
[    2.881437]  [<ffffffffa000624d>] __NS8390_init+0x102/0x15a [8390]
[    2.881999]  [<ffffffffa00062ae>] NS8390_init+0x9/0xb [8390]
[    2.882237]  [<ffffffffa000d820>] ne2k_pci_init_one+0x297/0x354 [ne2k_pci]
[    2.882955]  [<ffffffff811c7a0e>] local_pci_probe+0x12/0x16
[    2.883308]  [<ffffffff811c85ad>] pci_device_probe+0xc3/0xef
[    2.884049]  [<ffffffff8129218d>] driver_probe_device+0xbe/0x14b
[    2.884937]  [<ffffffff81292260>] __driver_attach+0x46/0x62
[    2.885170]  [<ffffffff81291788>] bus_for_each_dev+0x49/0x78
[    2.885781]  [<ffffffff81291fbb>] driver_attach+0x1c/0x1e
[    2.886089]  [<ffffffff812912ab>] bus_add_driver+0xba/0x227
[    2.886330]  [<ffffffff8129259a>] driver_register+0x9e/0x115
[    2.886933]  [<ffffffff811c8815>] __pci_register_driver+0x50/0xac
[    2.887785]  [<ffffffffa001102c>] ne2k_pci_init+0x2c/0x2e [ne2k_pci]
[    2.888093]  [<ffffffff81000212>] do_one_initcall+0x7c/0x130
[    2.888693]  [<ffffffff8106d74f>] sys_init_module+0x99/0x1da
[    2.888946]  [<ffffffff81002a2b>] system_call_fastpath+0x16/0x1b

This happens because the netif_start_queue sets respective bit on the dev->_tx
array which is not yet allocated.

As far as I understand the code removing the netif_start_queue from __NS8390_init
is OK, since queue will be started later on device open. Plz, correct me if I'm wrong.

Found in the Dave's current tree, so he's in Cc.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodccp ccid-2: Stop polling
Gerrit Renker [Wed, 27 Oct 2010 19:16:28 +0000 (19:16 +0000)]
dccp ccid-2: Stop polling

This updates CCID-2 to use the CCID dequeuing mechanism, converting from
previous continuous-polling to a now event-driven mechanism.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodccp: Refine the wait-for-ccid mechanism
Gerrit Renker [Wed, 27 Oct 2010 19:16:27 +0000 (19:16 +0000)]
dccp: Refine the wait-for-ccid mechanism

This extends the existing wait-for-ccid routine so that it may be used with
different types of CCID, addressing the following problems:

 1) The queue-drain mechanism only works with rate-based CCIDs. If CCID-2 for
    example has a full TX queue and becomes network-limited just as the
    application wants to close, then waiting for CCID-2 to become unblocked
    could lead to an indefinite  delay (i.e., application "hangs").
 2) Since each TX CCID in turn uses a feedback mechanism, there may be changes
    in its sending policy while the queue is being drained. This can lead to
    further delays during which the application will not be able to terminate.
 3) The minimum wait time for CCID-3/4 can be expected to be the queue length
    times the current inter-packet delay. For example if tx_qlen=100 and a delay
    of 15 ms is used for each packet, then the application would have to wait
    for a minimum of 1.5 seconds before being allowed to exit.
 4) There is no way for the user/application to control this behaviour. It would
    be good to use the timeout argument of dccp_close() as an upper bound. Then
    the maximum time that an application is willing to wait for its CCIDs to can
    be set via the SO_LINGER option.

These problems are addressed by giving the CCID a grace period of up to the
`timeout' value.

The wait-for-ccid function is, as before, used when the application
 (a) has read all the data in its receive buffer and
 (b) if SO_LINGER was set with a non-zero linger time, or
 (c) the socket is either in the OPEN (active close) or in the PASSIVE_CLOSEREQ
     state (client application closes after receiving CloseReq).

In addition, there is a catch-all case of __skb_queue_purge() after waiting for
the CCID. This is necessary since the write queue may still have data when
 (a) the host has been passively-closed,
 (b) abnormal termination (unread data, zero linger time),
 (c) wait-for-ccid could not finish within the given time limit.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodccp: Extend CCID packet dequeueing interface
Gerrit Renker [Wed, 27 Oct 2010 19:16:26 +0000 (19:16 +0000)]
dccp: Extend CCID packet dequeueing interface

This extends the packet dequeuing interface of dccp_write_xmit() to allow
 1. CCIDs to take care of timing when the next packet may be sent;
 2. delayed sending (as before, with an inter-packet gap up to 65.535 seconds).

The main purpose is to take CCID-2 out of its polling mode (when it is network-
limited, it tries every millisecond to send, without interruption).

The mode of operation for (2) is as follows:
 * new packet is enqueued via dccp_sendmsg() => dccp_write_xmit(),
 * ccid_hc_tx_send_packet() detects that it may not send (e.g. window full),
 * it signals this condition via `CCID_PACKET_WILL_DEQUEUE_LATER',
 * dccp_write_xmit() returns without further action;
 * after some time the wait-condition for CCID becomes true,
 * that CCID schedules the tasklet,
 * tasklet function calls ccid_hc_tx_send_packet() via dccp_write_xmit(),
 * since the wait-condition is now true, ccid_hc_tx_packet() returns "send now",
 * packet is sent, and possibly more (since dccp_write_xmit() loops).

Code reuse: the taskled function calls dccp_write_xmit(), the timer function
            reduces to a wrapper around the same code.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodccp: Return-value convention of hc_tx_send_packet()
Gerrit Renker [Wed, 27 Oct 2010 19:16:25 +0000 (19:16 +0000)]
dccp: Return-value convention of hc_tx_send_packet()

This patch reorganises the return value convention of the CCID TX sending
function, to permit more flexible schemes, as required by subsequent patches.

Currently the convention is
 * values < 0     mean error,
 * a value == 0   means "send now", and
 * a value x > 0  means "send in x milliseconds".

The patch provides symbolic constants and a function to interpret return values.

In addition, it caps the maximum positive return value to 0xFFFF milliseconds,
corresponding to 65.535 seconds.  This is possible since in CCID-3/4 the
maximum possible inter-packet gap is fixed at t_mbi = 64 sec.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoigbvf: fix panic on load
Emil Tantilov [Thu, 28 Oct 2010 00:59:51 +0000 (00:59 +0000)]
igbvf: fix panic on load

Introduced by commit:e6484930d7c73d324bccda7d43d131088da697b9
net: allocate tx queues in register_netdevice

Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Acked-by: Greg Rose <greg.v.rose@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoixgb: call pci_disable_device in ixgb_remove
Emil Tantilov [Thu, 28 Oct 2010 00:59:49 +0000 (00:59 +0000)]
ixgb: call pci_disable_device in ixgb_remove

ixgb fails to work after reload on recent kernels:

rmmod ixgb (dev->current_state = PCI_UNKNOWN)
modprobe ixgb (pci_enable_device will bail leaving current_state to PCI_UNKNOWN)
ifup eth0
do_IRQ: 2.82 No irq handler for vector (irq -1)

The issue was exposed by commit fcd097f31a6ee207cc0c3da9cccd2a86d4334785
PCI: MSI: Remove unsafe and unnecessary hardware access

which avoids HW writes for power states != PCI_D0

CC: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoixgbe: DCB, fix TX hang occurring in stress condition with PFC
John Fastabend [Thu, 28 Oct 2010 00:59:57 +0000 (00:59 +0000)]
ixgbe: DCB, fix TX hang occurring in stress condition with PFC

The DCB credits refill quantum _must_ be greater than half the max
packet size. This is needed to guarantee that TX DMA operations
are not attempted during a pause state. Additionally, the min IFG
must be set correctly for DCB mode. If a DMA operation is
requested unexpectedly during the pause state the HW data
store may be corrupted leading to a DMA hang.  The DMA hang
requires a reset to correct. This fixes the HW configuration
to avoid this condition.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoe1000e: Add check for reset flags before displaying reset message
Carolyn Wyborny [Thu, 28 Oct 2010 00:59:55 +0000 (00:59 +0000)]
e1000e: Add check for reset flags before displaying reset message

Some parts need to execute resets during normal operation.  This flag
check ensures that those parts reset without needlessly alarming the
user.  Other unexpected resets by other parts will dump debug info
and message the reset action to the user, as originally intended.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Acked-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoe1000e: reset PHY after errors detected
Carolyn Wyborny [Thu, 28 Oct 2010 00:59:53 +0000 (00:59 +0000)]
e1000e: reset PHY after errors detected

Some errors can be induced in the PHY via environmental testing
(specifically extreme temperature changes and electro static
discharge testing), and in the case of the PHY hanging due to
this input, this detects the problem and resets to continue.
This issue only applies to 82574 silicon.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Emil Tantilov <emil.s.tantilov@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agopch_gbe: Select MII.
David S. Miller [Thu, 28 Oct 2010 17:15:43 +0000 (10:15 -0700)]
pch_gbe: Select MII.

Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoigb: Fix unused variable warning.
Jesse Gross [Tue, 26 Oct 2010 14:56:03 +0000 (14:56 +0000)]
igb: Fix unused variable warning.

Commit eab6d18d "vlan: Don't check for vlan group before
vlan_tx_tag_present" removed the need for the adapter variable
in igb_xmit_frame_ring_adv().  This removes the variable as well
to avoid the compiler warning.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoehea: Fixing statistics
Breno Leitao [Wed, 27 Oct 2010 08:45:14 +0000 (08:45 +0000)]
ehea: Fixing statistics

(Applied over Eric's "ehea: fix use after free" patch)

Currently ehea stats are broken. The bytes counters are got from
the hardware, while the packets counters are got from the device
driver. Also, the device driver counters are resetted during the
the down process, and the hardware aren't, causing some weird
numbers.

This patch just consolidates the packets and bytes on the device
driver.

Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobonding: Fix lockdep warning after bond_vlan_rx_register()
Jarek Poplawski [Wed, 27 Oct 2010 07:08:22 +0000 (07:08 +0000)]
bonding: Fix lockdep warning after bond_vlan_rx_register()

Fix lockdep warning:
[   52.991402] ======================================================
[   52.991511] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
[   52.991569] 2.6.36-04573-g4b60626-dirty #65
[   52.991622] ------------------------------------------------------
[   52.991696] ip/4842 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire:
[   52.991758]  (&bond->lock){++++..}, at: [<efe4d300>] bond_set_multicast_list+0x60/0x2c0 [bonding]
[   52.991966]
[   52.991967] and this task is already holding:
[   52.992008]  (&bonding_netdev_addr_lock_key){+.....}, at: [<c04e5530>] dev_mc_sync+0x50/0xa0
[   52.992008] which would create a new lock dependency:
[   52.992008]  (&bonding_netdev_addr_lock_key){+.....} -> (&bond->lock){++++..}
[   52.992008]
[   52.992008] but this new dependency connects a SOFTIRQ-irq-safe lock:
[   52.992008]  (&(&mc->mca_lock)->rlock){+.-...}
[   52.992008] ... which became SOFTIRQ-irq-safe at:
[   52.992008]   [<c0272beb>] __lock_acquire+0x96b/0x1960
[   52.992008]   [<c027415e>] lock_acquire+0x7e/0xf0
[   52.992008]   [<c05f356d>] _raw_spin_lock_bh+0x3d/0x50
[   52.992008]   [<c0584e40>] mld_ifc_timer_expire+0xf0/0x280
[   52.992008]   [<c024cee6>] run_timer_softirq+0x146/0x310
[   52.992008]   [<c024591d>] __do_softirq+0xad/0x1c0
[   52.992008]
[   52.992008] to a SOFTIRQ-irq-unsafe lock:
[   52.992008]  (&bond->lock){++++..}
[   52.992008] ... which became SOFTIRQ-irq-unsafe at:
[   52.992008] ...  [<c0272c3b>] __lock_acquire+0x9bb/0x1960
[   52.992008]   [<c027415e>] lock_acquire+0x7e/0xf0
[   52.992008]   [<c05f36b8>] _raw_write_lock+0x38/0x50
[   52.992008]   [<efe4cbe4>] bond_vlan_rx_register+0x24/0x70 [bonding]
[   52.992008]   [<c0598010>] register_vlan_dev+0xc0/0x280
[   52.992008]   [<c0599f3a>] vlan_newlink+0xaa/0xd0
[   52.992008]   [<c04ed4b4>] rtnl_newlink+0x404/0x490
[   52.992008]   [<c04ece35>] rtnetlink_rcv_msg+0x1e5/0x220
[   52.992008]   [<c050424e>] netlink_rcv_skb+0x8e/0xb0
[   52.992008]   [<c04ecbac>] rtnetlink_rcv+0x1c/0x30
[   52.992008]   [<c0503bfb>] netlink_unicast+0x24b/0x290
[   52.992008]   [<c0503e37>] netlink_sendmsg+0x1f7/0x310
[   52.992008]   [<c04cd41c>] sock_sendmsg+0xac/0xe0
[   52.992008]   [<c04ceb80>] sys_sendmsg+0x130/0x230
[   52.992008]   [<c04cf04e>] sys_socketcall+0xde/0x280
[   52.992008]   [<c0202d10>] sysenter_do_call+0x12/0x36
[   52.992008]
[   52.992008] other info that might help us debug this:
...
[ Full info at netdev: Wed, 27 Oct 2010 12:24:30 +0200
  Subject: [BUG net-2.6 vlan/bonding] lockdep splats ]

Use BH variant of write_lock(&bond->lock) (as elsewhere in bond_main)
to prevent this dependency.

Fixes commit f35188faa0fbabefac476536994f4b6f3677380f [v2.6.36]

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jay Vosburgh <fubar@us.ibm.com>
14 years agotunnels: Fix tunnels change rcu protection
Pavel Emelyanov [Wed, 27 Oct 2010 05:43:53 +0000 (05:43 +0000)]
tunnels: Fix tunnels change rcu protection

After making rcu protection for tunnels (ipip, gre, sit and ip6) a bug
was introduced into the SIOCCHGTUNNEL code.

The tunnel is first unlinked, then addresses change, then it is linked
back probably into another bucket. But while changing the parms, the
hash table is unlocked to readers and they can lookup the improper tunnel.

Respective commits are b7285b79 (ipip: get rid of ipip_lock), 1507850b
(gre: get rid of ipgre_lock), 3a43be3c (sit: get rid of ipip6_lock) and
94767632 (ip6tnl: get rid of ip6_tnl_lock).

The quick fix is to wait for quiescent state to pass after unlinking,
but if it is inappropriate I can invent something better, just let me
know.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocaif-u5500: Build config for CAIF shared mem driver
Amarnath Revanna [Wed, 27 Oct 2010 08:34:42 +0000 (08:34 +0000)]
caif-u5500: Build config for CAIF shared mem driver

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocaif-u5500: CAIF shared memory mailbox interface
Amarnath Revanna [Wed, 27 Oct 2010 08:34:41 +0000 (08:34 +0000)]
caif-u5500: CAIF shared memory mailbox interface

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocaif-u5500: CAIF shared memory transport protocol
sjur.brandeland@stericsson.com [Wed, 27 Oct 2010 08:34:40 +0000 (08:34 +0000)]
caif-u5500: CAIF shared memory transport protocol

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocaif-u5500: Adding shared memory include
Amarnath Revanna [Wed, 27 Oct 2010 08:34:39 +0000 (08:34 +0000)]
caif-u5500: Adding shared memory include

Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/isdn: delete double assignment
Julia Lawall [Tue, 26 Oct 2010 02:20:56 +0000 (02:20 +0000)]
drivers/isdn: delete double assignment

Delete successive assignments to the same location.  In the first case, the
hscx array has two elements, so change the assignment to initialize the
second one.  In the second case, the two assignments are simply identical.
Furthermore, neither is necessary, because the effect of the assignment is
only visible in the next line, in the assignment in the if test.  The patch
inlines the right hand side value in the latter assignment and pulls that
assignment out of the if test.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/net/typhoon.c: delete double assignment
Julia Lawall [Tue, 26 Oct 2010 00:25:36 +0000 (00:25 +0000)]
drivers/net/typhoon.c: delete double assignment

Delete successive assignments to the same location.  The current definition
does not initialize the respRing structure, which has the same type as the
cmdRing structure, so initialize that one instead.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: David Dillow <dave@thedillows.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/net/sb1000.c: delete double assignment
Julia Lawall [Tue, 26 Oct 2010 00:25:34 +0000 (00:25 +0000)]
drivers/net/sb1000.c: delete double assignment

The other code around these duplicated assignments initializes the 0 1 2
and 3 elements of an array, so change the initialization of the
rx_session_id array to do the same.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression i;
@@

*i = ...;
 i = ...;
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoqlcnic: define valid vlan id range
Sony Chacko [Tue, 26 Oct 2010 17:53:09 +0000 (17:53 +0000)]
qlcnic: define valid vlan id range

4095 vlan id is reserved and should not be use.

Signed-off-by: Sony Chacko <sony.chacko@qlogic.com>
Signed-off-by: Amit Kumar Salecha <amit.salecha@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoqlcnic: reduce rx ring size
Sony Chacko [Tue, 26 Oct 2010 17:53:08 +0000 (17:53 +0000)]
qlcnic: reduce rx ring size

If eswitch is enabled, rcv ring size can be reduce, as
physical port is partition-ed.

Signed-off-by: Sony Chacko <sony.chacko@qlogic.com>
Signed-off-by: Amit Kumar Salecha <amit.salecha@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoqlcnic: fix mac learning
amit salecha [Tue, 26 Oct 2010 17:53:07 +0000 (17:53 +0000)]
qlcnic: fix mac learning

In failover bonding case, same mac address can be programmed on other slave function.
Fw will delete old entry (original func) associated with that mac address.
Need to reporgram mac address, if failover again happen to original function.

Signed-off-by: Amit Kumar Salecha <amit.salecha@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoehea: fix use after free
Eric Dumazet [Tue, 26 Oct 2010 19:21:07 +0000 (19:21 +0000)]
ehea: fix use after free

ehea_start_xmit() dereferences skb after its freeing in ehea_xmit3() to
get vlan tags.

Move the offending block before the potential ehea_xmit3() call.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoinetpeer: __rcu annotations
Eric Dumazet [Mon, 25 Oct 2010 23:55:38 +0000 (23:55 +0000)]
inetpeer: __rcu annotations

Adds __rcu annotations to inetpeer
(struct inet_peer)->avl_left
(struct inet_peer)->avl_right

This is a tedious cleanup, but removes one smp_wmb() from link_to_pool()
since we now use more self documenting rcu_assign_pointer().

Note the use of RCU_INIT_POINTER() instead of rcu_assign_pointer() in
all cases we dont need a memory barrier.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agofib_rules: __rcu annotates ctarget
Eric Dumazet [Tue, 26 Oct 2010 09:24:55 +0000 (09:24 +0000)]
fib_rules: __rcu annotates ctarget

Adds __rcu annotation to (struct fib_rule)->ctarget

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotunnels: add __rcu annotations
Eric Dumazet [Mon, 25 Oct 2010 21:01:26 +0000 (21:01 +0000)]
tunnels: add __rcu annotations

Add __rcu annotations to :
        (struct ip_tunnel)->prl
        (struct ip_tunnel_prl_entry)->next
        (struct xfrm_tunnel)->next
struct xfrm_tunnel *tunnel4_handlers
struct xfrm_tunnel *tunnel64_handlers

And use appropriate rcu primitives to reduce sparse warnings if
CONFIG_SPARSE_RCU_POINTER=y

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: add __rcu annotations to protocol
Eric Dumazet [Mon, 25 Oct 2010 21:02:28 +0000 (21:02 +0000)]
net: add __rcu annotations to protocol

Add __rcu annotations to :
        struct net_protocol *inet_protos
        struct net_protocol *inet6_protos

And use appropriate casts to reduce sparse warnings if
CONFIG_SPARSE_RCU_POINTER=y

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoipv4: add __rcu annotations to routes.c
Eric Dumazet [Mon, 25 Oct 2010 21:02:07 +0000 (21:02 +0000)]
ipv4: add __rcu annotations to routes.c

Add __rcu annotations to :
        (struct dst_entry)->rt_next
        (struct rt_hash_bucket)->chain

And use appropriate rcu primitives to reduce sparse warnings if
CONFIG_SPARSE_RCU_POINTER=y

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoqlge: bugfix: Restoring the vlan setting.
Ron Mercer [Wed, 27 Oct 2010 04:58:12 +0000 (04:58 +0000)]
qlge: bugfix: Restoring the vlan setting.

Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com>
Signed-off-by: Ron Mercer <ron.mercer@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobe2net: Schedule/Destroy worker thread in probe()/remove() rather than open()/close()
Somnath Kotur [Mon, 25 Oct 2010 23:01:03 +0000 (23:01 +0000)]
be2net: Schedule/Destroy worker thread in probe()/remove() rather than open()/close()

When async mcc compls are rcvd on an i/f that is down (and so interrupts are disabled)
they just lie unprocessed in the compl queue.The compl queue can eventually get filled
up and cause the BE to lock up.The fix is to use be_worker to reap mcc compls when the
i/f is down.be_worker is now launched in be_probe() and canceled in be_remove().

Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoipv6: fix refcnt problem related to POSTDAD state
Ursula Braun [Sun, 24 Oct 2010 23:06:43 +0000 (23:06 +0000)]
ipv6: fix refcnt problem related to POSTDAD state

After running this bonding setup script
    modprobe bonding miimon=100 mode=0 max_bonds=1
    ifconfig bond0 10.1.1.1/16
    ifenslave bond0 eth1
    ifenslave bond0 eth3
on s390 with qeth-driven slaves, modprobe -r fails with this message
    unregister_netdevice: waiting for bond0 to become free. Usage count = 1
due to twice detection of duplicate address.
Problem is caused by a missing decrease of ifp->refcnt in addrconf_dad_failure.
An extra call of in6_ifa_put(ifp) solves it.
Problem has been introduced with commit f2344a131bccdbfc5338e17fa71a807dee7944fa.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: NETIF_F_HW_CSUM does not imply FCoE CRC offload
Ben Hutchings [Fri, 22 Oct 2010 04:38:26 +0000 (04:38 +0000)]
net: NETIF_F_HW_CSUM does not imply FCoE CRC offload

NETIF_F_HW_CSUM indicates the ability to update an TCP/IP-style 16-bit
checksum with the checksum of an arbitrary part of the packet data,
whereas the FCoE CRC is something entirely different.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Cc: stable@kernel.org [2.6.32+]
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: Fix some corner cases in dev_can_checksum()
Ben Hutchings [Fri, 22 Oct 2010 04:12:19 +0000 (04:12 +0000)]
net: Fix some corner cases in dev_can_checksum()

dev_can_checksum() incorrectly returns true in these cases:

1. The skb has both out-of-band and in-band VLAN tags and the device
   supports checksum offload for the encapsulated protocol but only with
   one layer of encapsulation.
2. The skb has a VLAN tag and the device supports generic checksumming
   but not in conjunction with VLAN encapsulation.

Rearrange the VLAN tag checks to avoid these.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agogianfar: Fix crashes on RX path (Was Re: [Bugme-new] [Bug 19692] New: linux-2.6.36...
Jarek Poplawski [Tue, 19 Oct 2010 00:06:36 +0000 (00:06 +0000)]
gianfar: Fix crashes on RX path (Was Re: [Bugme-new] [Bug 19692] New: linux-2.6.36-rc5 crash with gianfar ethernet at full line rate traffic)

The rx_recycle queue is global per device but can be accesed by many
napi handlers at the same time, so it needs full skb_queue primitives
(with locking). Otherwise, various crashes caused by broken skbs are
possible.

This patch resolves, at least partly, bugzilla bug 19692. (Because of
some doubts that there could be still something around which is hard
to reproduce my proposal is to leave this bug opened for a month.)

Fixes commit: 0fd56bb5be6455d0d42241e65aed057244665e5e ("gianfar: Add
support for skb recycling")

Reported-by: emin ak <eminak71@gmail.com>
Tested-by: emin ak <eminak71@gmail.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
CC: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoIPv6: Temp addresses are immediately deleted.
Glenn Wurster [Mon, 27 Sep 2010 07:10:10 +0000 (07:10 +0000)]
IPv6: Temp addresses are immediately deleted.

There is a bug in the interaction between ipv6_create_tempaddr and
addrconf_verify.  Because ipv6_create_tempaddr uses the cstamp and tstamp
from the public address in creating a private address, if we have not
received a router advertisement in a while, tstamp + temp_valid_lft might be
< now.  If this happens, the new address is created inside
ipv6_create_tempaddr, then the loop within addrconf_verify starts again and
the address is immediately deleted.  We are left with no temporary addresses
on the interface, and no more will be created until the public IP address is
updated.  To avoid this, set the expiry time to be the minimum of the time
left on the public address or the config option PLUS the current age of the
public interface.

Signed-off-by: Glenn Wurster <gwurster@scs.carleton.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoIPv6: Create temporary address if none exists.
Glenn Wurster [Mon, 27 Sep 2010 07:04:30 +0000 (07:04 +0000)]
IPv6: Create temporary address if none exists.

If privacy extentions are enabled, but no current temporary address exists,
then create one when we get a router advertisement.

Signed-off-by: Glenn Wurster <gwurster@scs.carleton.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agofib_hash: fix rcu sparse and logical errors
Eric Dumazet [Tue, 26 Oct 2010 03:24:16 +0000 (03:24 +0000)]
fib_hash: fix rcu sparse and logical errors

While fixing CONFIG_SPARSE_RCU_POINTER errors, I had to fix accesses to
fz->fz_hash for real.

- &fz->fz_hash[fn_hash(f->fn_key, fz)]
+ rcu_dereference(fz->fz_hash) + fn_hash(f->fn_key, fz)

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agofib: fix fib_nl_newrule()
Eric Dumazet [Sat, 23 Oct 2010 09:44:25 +0000 (09:44 +0000)]
fib: fix fib_nl_newrule()

Some panic reports in fib_rules_lookup() show a rule could have a NULL
pointer as a next pointer in the rules_list.

This can actually happen because of a bug in fib_nl_newrule() : It
checks if current rule is the destination of unresolved gotos. (Other
rules have gotos to this about to be inserted rule)

Problem is it does the resolution of the gotos before the rule is
inserted in the rules_list (and has a valid next pointer)

Fix this by moving the rules_list insertion before the changes on gotos.

A lockless reader can not any more follow a ctarget pointer, unless
destination is ready (has a valid next pointer)

Reported-by: Oleg A. Arkhangelsky <sysoleg@yandex.ru>
Reported-by: Joe Buehler <aspam@cox.net>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/atm/eni.c: Remove multiple uses of KERN_<level>
Joe Perches [Mon, 25 Oct 2010 16:44:20 +0000 (16:44 +0000)]
drivers/atm/eni.c: Remove multiple uses of KERN_<level>

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotg3: Do not call device_set_wakeup_enable() under spin_lock_bh
Rafael J. Wysocki [Mon, 25 Oct 2010 13:01:55 +0000 (13:01 +0000)]
tg3: Do not call device_set_wakeup_enable() under spin_lock_bh

The tg3 driver calls device_set_wakeup_enable() under spin_lock_bh,
which causes a problem to happen after the recent core power
management changes, because this function can sleep now.  Fix this
by moving the device_set_wakeup_enable() call out of the
spin_lock_bh-protected area.

Reported-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Tue, 26 Oct 2010 18:32:28 +0000 (11:32 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

14 years agocan: mcp251x: fix reception of standard RTR frames
Marc Kleine-Budde [Thu, 21 Oct 2010 06:37:10 +0000 (06:37 +0000)]
can: mcp251x: fix reception of standard RTR frames

This patch sets the missing CAN_RTR_FLAG if a standard RTR frame is
received.
(For extended frames the CAN_RTR_FLAG was already set correctly.)

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocan: flexcan: fix use after free of priv
Marc Kleine-Budde [Thu, 21 Oct 2010 05:07:58 +0000 (05:07 +0000)]
can: flexcan: fix use after free of priv

The priv is part of the memory allocated by alloc_candev().
This patch moved the free it after last usage of priv.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agodrivers/net: sgiseeq: fix return on error
Nicolas Kaiser [Tue, 26 Oct 2010 17:02:13 +0000 (10:02 -0700)]
drivers/net: sgiseeq: fix return on error

If we continue on error, we'd likely free the IRQ that we
didn't get, right?

Signed-off-by: Nicolas Kaiser <nikai@nikai.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonetfilter: Add missing CONFIG_SYSCTL checks in ipv6's nf_conntrack_reasm.c
David S. Miller [Tue, 26 Oct 2010 16:08:53 +0000 (09:08 -0700)]
netfilter: Add missing CONFIG_SYSCTL checks in ipv6's nf_conntrack_reasm.c

Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agopch_can: depends on PCI
Randy Dunlap [Mon, 25 Oct 2010 23:47:36 +0000 (16:47 -0700)]
pch_can: depends on PCI

Fix pch_can build when CONFIG_PCI is not enabled.  It uses pci interfaces
and data structures, so it should depend on PCI.

drivers/net/can/pch_can.c:1044: error: implicit declaration of function 'pci_enable_msi'
drivers/net/can/pch_can.c:1079: error: implicit declaration of function 'pci_disable_msi'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoipv4: add __rcu annotations to ip_ra_chain
Eric Dumazet [Mon, 25 Oct 2010 03:32:44 +0000 (03:32 +0000)]
ipv4: add __rcu annotations to ip_ra_chain

Add __rcu annotations to :
        (struct ip_ra_chain)->next
struct ip_ra_chain *ip_ra_chain;

And use appropriate rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: add __rcu annotation to sk_filter
Eric Dumazet [Mon, 25 Oct 2010 03:47:05 +0000 (03:47 +0000)]
net: add __rcu annotation to sk_filter

Add __rcu annotation to :
        (struct sock)->sk_filter

And use appropriate rcu primitives to reduce sparse warnings if
CONFIG_SPARSE_RCU_POINTER=y

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet_ns: add __rcu annotations
Eric Dumazet [Mon, 25 Oct 2010 03:20:11 +0000 (03:20 +0000)]
net_ns: add __rcu annotations

add __rcu annotation to (struct net)->gen, and use
rcu_dereference_protected() in net_assign_generic()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agorps: add __rcu annotations
Eric Dumazet [Mon, 25 Oct 2010 03:02:02 +0000 (03:02 +0000)]
rps: add __rcu annotations

Add __rcu annotations to :
(struct netdev_rx_queue)->rps_map
(struct netdev_rx_queue)->rps_flow_table
struct rps_sock_flow_table *rps_sock_flow_table;

And use appropriate rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonetfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and...
KOVACS Krisztian [Sun, 24 Oct 2010 23:38:32 +0000 (23:38 +0000)]
netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY

One of the previous tproxy related patches split IPv6 defragmentation and
connection tracking, but did not correctly add Kconfig stanzas to handle the
new dependencies correctly. This patch fixes that by making the config options
mirror the setup we have for IPv4: a distinct config option for defragmentation
that is automatically selected by both connection tracking and
xt_TPROXY/xt_socket.

The patch also changes the #ifdefs enclosing IPv6 specific code in xt_socket
and xt_TPROXY: we only compile these in case we have ip6tables support enabled.

Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotunnels: add _rcu annotations
Eric Dumazet [Sun, 24 Oct 2010 21:33:16 +0000 (21:33 +0000)]
tunnels: add _rcu annotations

(struct ip6_tnl)->next is rcu protected :
(struct ip_tunnel)->next is rcu protected :
(struct xfrm6_tunnel)->next is rcu protected :

add __rcu annotation and proper rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet/802: add __rcu annotations
Eric Dumazet [Sun, 24 Oct 2010 21:32:36 +0000 (21:32 +0000)]
net/802: add __rcu annotations

(struct net_device)->garp_port is rcu protected :
(struct garp_port)->applicants is rcu protected :

add __rcu annotation and proper rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoipv6: ip6_ptr rcu annotations
Eric Dumazet [Sun, 24 Oct 2010 21:32:05 +0000 (21:32 +0000)]
ipv6: ip6_ptr rcu annotations

(struct net_device)->ip6_ptr is rcu protected :

add __rcu annotation and proper rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agovlan: rcu annotations
Eric Dumazet [Sun, 24 Oct 2010 21:31:58 +0000 (21:31 +0000)]
vlan: rcu annotations

(struct net_device)->vlgrp is rcu protected :

add __rcu annotation and proper rcu primitives.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotms380tr: Use mdelay() in tms380tr_wait().
David S. Miller [Mon, 25 Oct 2010 20:04:48 +0000 (13:04 -0700)]
tms380tr: Use mdelay() in tms380tr_wait().

This driver tries to do up to half-second udelay()
calls, which overflows on x86-64.

Reported-by: Andi Kleen <andi@firstfloor.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonet: Increase xmit RECURSION_LIMIT to 10.
David S. Miller [Mon, 25 Oct 2010 19:51:55 +0000 (12:51 -0700)]
net: Increase xmit RECURSION_LIMIT to 10.

Three is definitely too low, and we know from reports that GRE tunnels
stacked as deeply as 37 levels cause stack overflows, so pick some
reasonable value between those two.

Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agomlx4_en: Fix out of bounds array access
Eli Cohen [Mon, 25 Oct 2010 02:56:47 +0000 (02:56 +0000)]
mlx4_en: Fix out of bounds array access

When searching for a free entry in either mlx4_register_vlan() or
mlx4_register_mac(), and there is no free entry, the loop terminates without
updating the local variable free thus causing out of array bounds access. Fix
this by adding a proper check outside the loop.

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agomacb: Don't re-enable interrupts while in polling mode
Joshua Hoke [Mon, 25 Oct 2010 01:44:22 +0000 (01:44 +0000)]
macb: Don't re-enable interrupts while in polling mode

On a busy network, the macb driver could get stuck in the interrupt
handler, quickly triggering the watchdog, due to a confluence of
factors:

 1. macb_poll re-enables interrupts unconditionally, even when it will
    be called again because it exhausted its rx budget

 2. macb_interrupt only disables interrupts after scheduling
    macb_poll, but scheduling fails when macb_poll is already scheduled
    because it didn't call napi_complete

 3. macb_interrupt loops until the interrupt status register is clear,
    which will never happen in this case if the driver doesn't disable
    the RX interrupt

Since macb_interrupt runs in interrupt context, this effectively locks
up the machine, triggering the hardware watchdog.

This issue was readily reproducible on a flooded network with a
modified 2.6.27.48 kernel. The same problem appears to still be in the
2.6.36-rc8 driver code, so I am submitting this patch against that
version. I have not tested this version of the patch except to make
sure the kernel compiles.

Signed-off-by: Joshua Hoke <joshua.hoke@sixnet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobe2net: Fix CSO for UDP packets
Somnath Kotur [Mon, 25 Oct 2010 01:11:58 +0000 (01:11 +0000)]
be2net: Fix CSO for UDP packets

We're setting skb->ip_summed to CHECKSUM_NONE for all non-TCP pkts, making the stack
recompute checksum.This is a bug for UDP pkts for which cso must be used.

Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agobe2net: Call netif_carier_off() after register_netdev()
Somnath Kotur [Mon, 25 Oct 2010 01:11:10 +0000 (01:11 +0000)]
be2net: Call netif_carier_off() after register_netdev()

Calling netif_carrier_off before register_netdev was causing the network interface
to miss a linkwatch pending event leading to  an inconsistent state if the link
is not up when interface is initialized.This is now invoked after register_netdev.

Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxgb3: fix device opening error path
Divy Le Ray [Mon, 25 Oct 2010 07:35:02 +0000 (07:35 +0000)]
cxgb3: fix device opening error path

Only negative return from bind_qsets() should be considered an error and
propagated.
It fixes an issue reported by IBM on P Series platform.

Signed-off-by: Divy Le Ray <divy@chelsio.com>
Tested-by: Nishanth Aravamudan <nacc@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoiwlwifi: quiet a noisy printk
Don Fry [Sat, 23 Oct 2010 16:02:50 +0000 (09:02 -0700)]
iwlwifi: quiet a noisy printk

Timing issues in microcode for some devices can cause a compressed BA to
be sent to the driver prior to returning any a-MPDU notification.
Traces show RTS-CTS is exchanged and then the timer fires which causes an
empty BA to be sent which acknowledges nothing.  This results in a noisy
printk. Only print the message if the bitmap is non-zero.

Signed-off-by: Don Fry <donald.h.fry@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k: resume aggregation immediately after a hardware reset
Felix Fietkau [Sat, 23 Oct 2010 15:45:38 +0000 (17:45 +0200)]
ath9k: resume aggregation immediately after a hardware reset

Since aggregation is usually triggered by tx completion, a hardware
reset (because of beacon stuck, tx hang or baseband hang) can
significantly delay the transmission of the next AMPDU (until the next
tx completion event).
Fix this by rescheduling aggregation after such a reset.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agocarl9170: fix scheduling while atomic
Christian Lamparter [Sat, 23 Oct 2010 13:02:02 +0000 (15:02 +0200)]
carl9170: fix scheduling while atomic

This patch fixes the following mishap:

BUG: scheduling while atomic: wpa_supplicant/4164/0x00000002
Modules linked in: carl9170 mac80211 [...]
Pid: 4164, comm: wpa_supplicant Not tainted 2.6.36-wl+ #119
Call Trace:
 [<c13779a9>] ? schedule+0x349/0x4c0
 [<c13780d6>] ? schedule_timeout+0x106/0x1e0
 [<c1037f50>] ? process_timeout+0x0/0x10
 [<c1377e8d>] ? wait_for_common+0x9d/0x140
 [<c1029110>] ? default_wake_function+0x0/0x10
 [<f80c6080>] ? carl9170_exec_cmd+0xf0/0x250 [carl9170]
 [<f80c695e>] ? carl9170_set_mac_reg+0x5e/0x70 [carl9170]
 [<f80c3f76>] ? carl9170_op_add_interface+0x176/0x310 [carl9170]
 [...]

rcu_read_unlock() call was erroneously placed after the
sync. function carl9170_mod_virtual_mac.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: Fix ibss station got expired immediately
Rajkumar Manoharan [Sat, 23 Oct 2010 05:29:57 +0000 (10:59 +0530)]
mac80211: Fix ibss station got expired immediately

Station addition in ieee80211_ibss_rx_queued_mgmt is not updating
sta->last_rx which is causing station expiry in ieee80211_ibss_work
path. So sta addition and deletion happens repeatedly.

CC: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agob43: N-PHY: fix infinite-loop-typo
Rafał Miłecki [Fri, 22 Oct 2010 15:43:45 +0000 (17:43 +0200)]
b43: N-PHY: fix infinite-loop-typo

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agowl1251: fix module names
Grazvydas Ignotas [Thu, 21 Oct 2010 23:23:08 +0000 (02:23 +0300)]
wl1251: fix module names

The wl1251 move accidently renamed wl1251_sdio and wl1251_spi
modules to just sdio and spi. Restore proper module names.

Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Acked-by: Kalle Valo <kvalo@adurom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k: fix handling of rate control probe frames
Felix Fietkau [Thu, 21 Oct 2010 00:47:24 +0000 (02:47 +0200)]
ath9k: fix handling of rate control probe frames

The ath9k aggregation code was already checking the rate control probe flag
to prevent starting an aggregate frame with a sampling rate. What was missing
was closing an aggregate before adding a probing frame to it.
Without that, rate control cannot have precise control over probing, which
delays using faster rates when the channel conditions improve.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k: fix crash in ath_update_survey_stats
Felix Fietkau [Wed, 20 Oct 2010 13:59:28 +0000 (15:59 +0200)]
ath9k: fix crash in ath_update_survey_stats

If ah->curchan is uninitialized, the channel index is bogus, which leads
to invalid memory access when the cycle counters are updated.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k_hw: Fix divide by zero cases in paprd.
Senthil Balasubramanian [Tue, 19 Oct 2010 14:31:41 +0000 (20:01 +0530)]
ath9k_hw: Fix divide by zero cases in paprd.

We are not handling all divide by zero cases in paprd.
Add additional checks for divide by zero cases in papard.

This patch has fixes intended for kernel 2.6.36.

Cc: stable@kernel.org
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2
Luis R. Rodriguez [Tue, 19 Oct 2010 05:47:54 +0000 (22:47 -0700)]
ath9k_hw: Fix TX carrier leakage for IEEE compliance on AR9003 2.2

This updates the initvals for the AR9003 2.2 chipsets. The initvals
are the initial register values we use for our registers upon hardware
reset. This synchs up the initvals to match what our latest recommendation
from our systems engineering team.

The description of changes in this update:

        Improves ability to support very strong Rx conditions.
        Enhances DFS support for AP-mode.
        Improves performance of Tx carrier leak calibration.
        Adds support for Japan channel 14 Tx filtering requirements.
        Improves Tx power accuracy.

Impact:

        Update required to address degraded throughput at very short range.
        Update required for AP-mode DFS certification.
        Update required to comply to IEEE Tx carrier leak specification.
        May not meet expected +/- 2 dB Tx power accuracy without update.

The most important fix here would be the TX carrier leakage required
to comply with IEEE 802.11 specifications. The group of changes have
been tested all together in one release.

References:

Osprey 2.2 header file ver #33

Checksums:

$ ./initvals -f ar9003-2p2
0x000000004a488fc7        ar9300_2p2_radio_postamble
0x0000000046cb1300        ar9300Modes_lowest_ob_db_tx_gain_table_2p2
0x00000000e912711f        ar9300Modes_fast_clock_2p2
0x0000000037ac0ee8        ar9300_2p2_radio_core
0x00000000047a7700        ar9300Common_rx_gain_table_merlin_2p2
0x0000000003f783bb        ar9300_2p2_mac_postamble
0x00000000301fc841        ar9300_2p2_soc_postamble
0x000000005ec8075f        ar9200_merlin_2p2_radio_core
0x0000000083372ffa        ar9300_2p2_baseband_postamble
0x00000000c4f59974        ar9300_2p2_baseband_core
0x00000000e20d2e72        ar9300Modes_high_power_tx_gain_table_2p2
0x000000007fd55c70        ar9300Modes_high_ob_db_tx_gain_table_2p2
0x0000000029495000        ar9300Common_rx_gain_table_2p2
0x0000000042cb1300        ar9300Modes_low_ob_db_tx_gain_table_2p2
0x00000000c4739cd6        ar9300_2p2_mac_core
0x000000003521a300        ar9300Common_wo_xlna_rx_gain_table_2p2
0x00000000a15ccf1b        ar9300_2p2_soc_preamble
0x0000000029734396        ar9300PciePhy_pll_on_clkreq_disable_L1_2p2
0x000000002d834396        ar9300PciePhy_clkreq_enable_L1_2p2
0x0000000029834396        ar9300PciePhy_clkreq_disable_L1_2p2

$ ./initvals -f ar9003-2p2 | sha1sum
0ceddb5cf66737610fb51f04cf3e9ff71870c7b4  -

Cc: stable@kernel.org
Cc: Yixiang Li <yixiang.li@atheros.com>
Cc: Don Breslin <don.breslin@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agocfg80211: fix regression on processing country IEs
Luis R. Rodriguez [Tue, 19 Oct 2010 00:44:51 +0000 (17:44 -0700)]
cfg80211: fix regression on processing country IEs

The patch 4f366c5:

wireless: only use alpha2 regulatory information from country IE

removed some complex intersection we were always doing between the AP's
country IE info and what we got from CRDA. When CRDA sent us back a
regulatory domain we would do some sanity checks on that regulatory
domain response we just got. Part of these sanity checks included
checking that we already had performed an intersection for the
request of NL80211_REGDOM_SET_BY_COUNTRY_IE type.

This mean that cfg80211 was only processing country IEs for cases
where we already had an intersection, but since we removed enforcing
this this is no longer required, we should just apply the country
IE country hint with the data received from CRDA.

This patch has fixes intended for kernels >= 2.6.36.

Cc: stable@kernel.org
Reported-by: Easwar Krishnan <easwar.krishnan@atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agocarl9170: fix memory leak issue in async cmd macro wrappers
Christian Lamparter [Sat, 16 Oct 2010 18:47:50 +0000 (20:47 +0200)]
carl9170: fix memory leak issue in async cmd macro wrappers

This patch continues where the previous commit:
"carl9170: fix async command buffer leak"
left off.

Similar to carl9170_reboot/carl9170_powersave, the
carl9170_async_regwrite* macros would leak the
temporary command buffer, if __carl9170_exec_cmd
fails to upload the command to the device.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: don't sanitize invalid rates
Christian Lamparter [Sat, 16 Oct 2010 16:49:15 +0000 (18:49 +0200)]
mac80211: don't sanitize invalid rates

I found this bug while poking around with a pure-gn AP.

Commit:
cfg80211/mac80211: Use more generic bitrate mask for rate control

Added some sanity checks to ensure that each tx rate index
is included in the configured mask and it would change any
rate indexes if it wasn't.

But, the current implementation doesn't take into account
that the invalid rate index "-1" has a special meaning
(= no further attempts) and it should not be "changed".

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agocarl9170: fix async command buffer leak
Christian Lamparter [Fri, 15 Oct 2010 23:38:46 +0000 (01:38 +0200)]
carl9170: fix async command buffer leak

If __carl9170_exec_cmd fails to upload an asynchronous
command to the device, the functions: carl9170_reboot
and carl9170_powersave will leak the temporary command
assembly buffer.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath5k: Properly initialize ath_common->cc_lock.
Ben Greear [Fri, 15 Oct 2010 22:51:32 +0000 (15:51 -0700)]
ath5k: Properly initialize ath_common->cc_lock.

Otherwise, lockdep splats, at the least:

INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
Pid: 0, comm: swapper Not tainted 2.6.36-rc8-wl+ #32
Call Trace:
 [<c075d940>] ? printk+0xf/0x17
 [<c045507a>] register_lock_class+0x5a/0x29e
 [<c0456af5>] __lock_acquire+0xa2/0xb8c
 [<c0455be2>] ? mark_lock+0x1e/0x1de
 [<c041a540>] ? acpi_get_override_irq+0x85/0x8c
 [<c0455536>] ? trace_hardirqs_off+0xb/0xd
 [<c0457639>] lock_acquire+0x5a/0x78
 [<f8126835>] ? ath5k_ani_calibration+0x24/0x52b [ath5k]
 [<c075f6ed>] _raw_spin_lock_bh+0x20/0x2f
 [<f8126835>] ? ath5k_ani_calibration+0x24/0x52b [ath5k]
 [<f8126835>] ath5k_ani_calibration+0x24/0x52b [ath5k]
 [<c0438f99>] ? tasklet_action+0x3b/0xc6
 [<f8123c2b>] ath5k_tasklet_ani+0x18/0x22 [ath5k]
 [<c0438fd1>] tasklet_action+0x73/0xc6
 [<c043945f>] __do_softirq+0x86/0x111
 [<c0439520>] do_softirq+0x36/0x5a
 [<c0439659>] irq_exit+0x35/0x69
 [<c0403fb9>] do_IRQ+0x86/0x9a
 [<c04034ee>] common_interrupt+0x2e/0x40
 [<c045007b>] ? do_adjtimex+0x223/0x55e
 [<c0408245>] ? mwait_idle+0x5c/0x6c
 [<c040227f>] cpu_idle+0x4e/0x6b
 [<c074b6e9>] rest_init+0x8d/0x92
 [<c09758ea>] start_kernel+0x320/0x325
 [<c09750d0>] i386_start_kernel+0xd0/0xd7

Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Bruno Randolf <br1@einfach.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agoath9k: Properly initialize ath_common->cc_lock.
Ben Greear [Fri, 15 Oct 2010 22:04:09 +0000 (15:04 -0700)]
ath9k: Properly initialize ath_common->cc_lock.

Otherwise, lockdep splats, at the least:

INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
Pid: 2240, comm: ip Not tainted 2.6.36-rc8-wl+ #32
Call Trace:
 [<c075d940>] ? printk+0xf/0x17
 [<c045507a>] register_lock_class+0x5a/0x29e
 [<c0455be2>] ? mark_lock+0x1e/0x1de
 [<c0456af5>] __lock_acquire+0xa2/0xb8c
 [<c0455be2>] ? mark_lock+0x1e/0x1de
 [<c0457639>] lock_acquire+0x5a/0x78
 [<f8c5115b>] ? ath9k_config+0x274/0x3d8 [ath9k]
 [<c075f602>] _raw_spin_lock_irqsave+0x2f/0x3f
 [<f8c5115b>] ? ath9k_config+0x274/0x3d8 [ath9k]
 [<f8c5115b>] ath9k_config+0x274/0x3d8 [ath9k]
 [<f8c0ba2e>] ieee80211_hw_config+0x11b/0x125 [mac80211]
 [<f8c17edf>] ieee80211_do_open+0x3c5/0x466 [mac80211]
 [<f8c171d6>] ? ieee80211_check_concurrent_iface+0x21/0x13a [mac80211]
 [<f8c17fdb>] ieee80211_open+0x5b/0x5e [mac80211]
 [<c06ce76b>] __dev_open+0x80/0xae
 [<c06cc99b>] __dev_change_flags+0xa0/0x115
 [<c06ce6bf>] dev_change_flags+0x13/0x3f
 [<c06d7e78>] do_setlink+0x23a/0x51b
 [<c0455037>] ? register_lock_class+0x17/0x29e
 [<c06d847c>] rtnl_newlink+0x269/0x431
 [<c06d8291>] ? rtnl_newlink+0x7e/0x431
 [<c0455be2>] ? mark_lock+0x1e/0x1de
 [<c0455de9>] ? mark_held_locks+0x47/0x5f
 [<c075ebcf>] ? __mutex_lock_common+0x2bb/0x2d6
 [<c0456045>] ? trace_hardirqs_on_caller+0x104/0x125
 [<c075ebe0>] ? __mutex_lock_common+0x2cc/0x2d6
 [<c06d8213>] ? rtnl_newlink+0x0/0x431
 [<c06d79e2>] rtnetlink_rcv_msg+0x182/0x198
 [<c06d7860>] ? rtnetlink_rcv_msg+0x0/0x198
 [<c06e503c>] netlink_rcv_skb+0x30/0x77
 [<c06d7859>] rtnetlink_rcv+0x1b/0x22
 [<c06e4e77>] netlink_unicast+0xbe/0x119
 [<c06e5a15>] netlink_sendmsg+0x234/0x24c
 [<c06bf93a>] __sock_sendmsg+0x51/0x5a
 [<c06bfba4>] sock_sendmsg+0x93/0xa7
 [<c04968cf>] ? might_fault+0x47/0x81
 [<c0496904>] ? might_fault+0x7c/0x81
 [<c06c7904>] ? copy_from_user+0x8/0xa
 [<c06c7c2d>] ? verify_iovec+0x3e/0x6d
 [<c06bfd8c>] sys_sendmsg+0x149/0x193
 [<c0455037>] ? register_lock_class+0x17/0x29e
 [<c0455be2>] ? mark_lock+0x1e/0x1de
 [<c0498d7a>] ? __do_fault+0x1fc/0x3a5
 [<c048690a>] ? unlock_page+0x40/0x43
 [<c0498ef7>] ? __do_fault+0x379/0x3a5
 [<c04576dd>] ? lock_release_non_nested+0x86/0x1d8
 [<c04968cf>] ? might_fault+0x47/0x81
 [<c04968cf>] ? might_fault+0x47/0x81
 [<c06c148b>] sys_socketcall+0x15e/0x1a5
 [<c0402f1c>] sysenter_do_call+0x12/0x38

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agomac80211: cancel restart_work explicitly instead of depending on flush_scheduled_work()
Tejun Heo [Fri, 15 Oct 2010 15:35:28 +0000 (17:35 +0200)]
mac80211: cancel restart_work explicitly instead of depending on flush_scheduled_work()

iee80211_hw->restart_work is the only work which uses the system
workqueue.  Instead of calling flush_scheduled_work() during
iee80211_exit(), cancel the work during unregistration.

This is to prepare for the deprecation and removal of
flush_scheduled_work().

Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
14 years agol2tp: static functions should not be exported
Stephen Rothwell [Mon, 25 Oct 2010 05:26:41 +0000 (22:26 -0700)]
l2tp: static functions should not be exported

Causes these build failures on PowerPC:

net/l2tp/l2tp_core.c:1228: error: __ksymtab_l2tp_tunnel_closeall causes a section type conflict
net/l2tp/l2tp_core.c:1228: error: __ksymtab_l2tp_tunnel_closeall causes a section type conflict
net/l2tp/l2tp_core.c:1006: error: __ksymtab_l2tp_xmit_core causes a section type conflict
net/l2tp/l2tp_core.c:1006: error: __ksymtab_l2tp_xmit_core causes a section type conflict
net/l2tp/l2tp_core.c:847: error: __ksymtab_l2tp_udp_recv_core causes a section type conflict
net/l2tp/l2tp_core.c:847: error: __ksymtab_l2tp_udp_recv_core causes a section type conflict

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotyphoon: update to new VLAN acceleration model
David Dillow [Sun, 24 Oct 2010 10:20:21 +0000 (10:20 +0000)]
typhoon: update to new VLAN acceleration model

Also correct the byteswapping as we keep the TCI in host order.

Signed-off-by: David Dillow <dave@thedillows.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotyphoon: wait for RX mode commands to finish
David Dillow [Sun, 24 Oct 2010 10:20:20 +0000 (10:20 +0000)]
typhoon: wait for RX mode commands to finish

When adding VLAN devices, we can get several calls to
typhoon_set_rx_mode() in quick succession. Because we didn't wait for
the commands to complete, we could run out of command descriptors and
fail to set the RX mode.

Signed-off-by: David Dillow <dave@thedillows.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agonetlink: fix netlink_change_ngroups()
Eric Dumazet [Sun, 24 Oct 2010 04:27:10 +0000 (04:27 +0000)]
netlink: fix netlink_change_ngroups()

commit 6c04bb18ddd633 (netlink: use call_rcu for netlink_change_ngroups)
used a somewhat convoluted and racy way to perform call_rcu().

The old block of memory is freed after a grace period, but the rcu_head
used to track it is located in new block.

This can clash if we call two times or more netlink_change_ngroups(),
and a block is freed before another. call_rcu() called on different cpus
makes no guarantee in order of callbacks.

Fix this using a more standard way of handling this : Each block of
memory contains its own rcu_head, so that no 'use after free' can
happens.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Johannes Berg <johannes@sipsolutions.net>
CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoslhc: Don't export symbols twice
Denis Kirjanov [Fri, 22 Oct 2010 05:41:14 +0000 (05:41 +0000)]
slhc: Don't export symbols twice

Don't export symbols twice.

Signed-off-by: Denis Kirjanov <dkirjanov@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agojme: Support WoL after shutdown
Guo-Fu Tseng [Sun, 24 Oct 2010 23:18:25 +0000 (16:18 -0700)]
jme: Support WoL after shutdown

Adding shutdown function that setup wake if wol is enabled.
Add jme_phy_on in jme_set_100m_half in case it is shutting down
or suspending when interface is down(phy_off by default).

v2 updates:
Removed CONFIG_PM ifdef for jme_set_100m_half and jme_wait_link.
It would be nice if it can be applied to net-2.6 along with other patches
sent few days ago. If it is not appropriate, please ignore the net-2.6
request, and apply it to net-next-2.6 as previous patch. :)

Reported-and-helped-by: Сtac <Taoga@yandex.ru>
Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agotproxy: Add missing CAP_NET_ADMIN check to ipv6 side
Balazs Scheidler [Sat, 23 Oct 2010 04:48:14 +0000 (04:48 +0000)]
tproxy: Add missing CAP_NET_ADMIN check to ipv6 side

IP_TRANSPARENT requires root (more precisely CAP_NET_ADMIN privielges)
for IPV6.

However as I see right now this check was missed from the IPv6
implementation.

Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agovmxnet3: fix typo setting confPA
Harvey Harrison [Thu, 21 Oct 2010 18:05:34 +0000 (18:05 +0000)]
vmxnet3: fix typo setting confPA

It's a le64, not a le32, typo in one place only.

Noticed by sparse:
drivers/net/vmxnet3/vmxnet3_drv.c:2668:52: warning: incorrect type in assignment (different base types)
drivers/net/vmxnet3/vmxnet3_drv.c:2668:52:    expected restricted __le64 [usertype] confPA
drivers/net/vmxnet3/vmxnet3_drv.c:2668:52:    got restricted __le32 [usertype] <noident>

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Shreyas Bhatewara <sbhatewara@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agovmxnet3: annotate hwaddr members as __iomem pointers
Harvey Harrison [Thu, 21 Oct 2010 18:05:33 +0000 (18:05 +0000)]
vmxnet3: annotate hwaddr members as __iomem pointers

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Shreyas Bhatewara <sbhatewara@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agovmxnet3: remove set_flag_le{16,64} helpers
Harvey Harrison [Thu, 21 Oct 2010 18:05:32 +0000 (18:05 +0000)]
vmxnet3: remove set_flag_le{16,64} helpers

It's easier to just annotate the constants as little endian types and set/clear
the flags directly.

Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Shreyas Bhatewara <sbhatewara@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxgb4: update to utilize the newer VLAN infrastructure
Dimitris Michailidis [Thu, 21 Oct 2010 11:29:56 +0000 (11:29 +0000)]
cxgb4: update to utilize the newer VLAN infrastructure

Signed-off-by: Dimitris Michailidis <dm@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocxgb4: fix crash due to manipulating queues before registration
Dimitris Michailidis [Thu, 21 Oct 2010 11:29:55 +0000 (11:29 +0000)]
cxgb4: fix crash due to manipulating queues before registration

Before commit "net: allocate tx queues in register_netdevice"
netif_tx_stop_all_queues and related functions could be used between
device allocation and registration but now only after registration.
cxgb4 has such a call before registration and crashes now.  Move it
after register_netdev.

Signed-off-by: Dimitris Michailidis <dm@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agocan: tscan1: add driver for TS-CAN1 boards
Andre B. Oliveira [Mon, 18 Oct 2010 21:47:27 +0000 (21:47 +0000)]
can: tscan1: add driver for TS-CAN1 boards

Add driver for Technologic Systems TS-CAN1 PC104 peripheral boards.

Signed-off-by: Andre B. Oliveira <anbadeol@gmail.com>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Reviewed-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agoip6_tunnel dont update the mtu on the route.
Anders Franzen [Tue, 19 Oct 2010 03:50:47 +0000 (03:50 +0000)]
ip6_tunnel dont update the mtu on the route.

The ip6_tunnel device did not unset the flag,
IFF_XMIT_DST_RELEASE. This will make the dev layer
to release the dst before calling the tunnel.
The tunnel will not update any mtu/pmtu info, since
it does not have a dst on the skb.
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
14 years agopktgen: clean up handling of local/transient counter vars
Paul Gortmaker [Mon, 18 Oct 2010 12:14:44 +0000 (12:14 +0000)]
pktgen: clean up handling of local/transient counter vars

The temporary variable "i" is needlessly initialized to zero
in two distinct cases in this file:

1) where it is set to zero and then used as an argument in an addition
before being assigned a non-zero value.

2) where it is only used in a standard/typical loop counter

For (1), simply delete assignment to zero and usages while still
zero; for (2) simply make the loop start at zero as per standard
practice as seen everywhere else in the same file.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>