Commit Graph

248761 Commits

Author SHA1 Message Date
Eliad Peller
333ba73252 cfg80211: don't drop p2p probe responses
Commit 0a35d36 ("cfg80211: Use capability info to detect mesh beacons")
assumed that probe response with both ESS and IBSS bits cleared
means that the frame was sent by a mesh sta.

However, these capabilities are also being used in the p2p_find phase,
and the mesh-validation broke it.

Rename the WLAN_CAPABILITY_IS_MBSS macro, and verify that mesh ies
exist before assuming this frame was sent by a mesh sta.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-06-01 14:34:01 -04:00
Wey-Yi Guy
1144181c1b iwlagn: fix incorrect PCI subsystem id for 6150 devices
For 6150 devices, modify the supported PCI subsystem ID.

Cc: stable@kernel.org
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:51:53 -04:00
Jussi Kivilinna
59342f6a6b zd1211rw: fix to work on OHCI
zd1211 devices register 'EP 4 OUT' endpoint as Interrupt type on USB 2.0:

      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1

However on USB 1.1 endpoint becomes Bulk:

      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x04  EP 4 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0

Commit 37939810b9 assumed that endpoint is
always interrupt type and changed usb_bulk_msg() calls to usb_interrupt_msg().

Problem here is that usb_bulk_msg() on interrupt endpoint selfcorrects the
call and changes requested pipe to interrupt type (see usb_bulk_msg).
However with usb_interrupt_msg() on bulk endpoint does not correct the
pipe type to bulk, but instead URB is submitted with interrupt type pipe.

So pre-2.6.39 used usb_bulk_msg() and therefore worked with both endpoint
types, however in 2.6.39 usb_interrupt_msg() with bulk endpoint causes
ohci_hcd to fail submitted URB instantly with -ENOSPC and preventing zd1211rw
from working with OHCI.

Fix this by detecting endpoint type and using correct endpoint/pipe types
for URB. Also fix asynchronous zd_usb_iowrite16v_async() to use right
URB type on 'EP 4 OUT'.

Cc: stable@kernel.org
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:26 -04:00
Luciano Coelho
66870b1ccd wl12xx: fix oops in sched_scan when forcing a passive scan
Fix kernel oops when trying to use passive scheduled scans.  The
reason was that in passive scans there are no SSIDs, so there was a
NULL pointer dereference.

To solve the problem, we now check the number of SSIDs provided in the
sched_scan request and only access the list if there's one or more
(ie. passive scan is not forced).  We also force all the channels to
be passive by adding the IEEE80211_CHAN_PASSIVE_SCAN flag locally
before the checks in the wl1271_scan_get_sched_scan_channels()
function.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:26 -04:00
Luciano Coelho
50a66d7f04 wl12xx: add separate config value for DFS dwell time on sched scan
Use a different value for DFS dwell time when performing a scheduled
scan.  Previously we were using the same value as for normal passive
scans.  This adds some flexibility between these two different types
of passive scan.

For now we use 150 TUs for DFS channel dwell time.  This may need to
be fine-tuned in the future.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:25 -04:00
Luciano Coelho
2497a246e8 wl12xx: fix DFS channels handling in scheduled scan
DFS channels were never getting included in the scheduled scans,
because they always contain the passive flag as well and the call was
asking for DFS and active channels.

Fix this by ignoring the passive flag when collecting DFS channels.
Also, move the DFS channels in the channel list before the 5GHz active
channels (this was implemented in the FW differently than specified).

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:25 -04:00
Luciano Coelho
dd08682150 wl12xx: fix passive and radar channel generation for scheduled scan
We were comparing bitwise AND results with a boolean, so when the
boolean was set to true, it was not matching as it should.

Fix this by booleanizing the bitwise AND results with !!.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:24 -04:00
Daniel Drake
71005be40a libertas: Set command sequence number later to ensure consistency
Before this patch, the command sequence number is being set before
lbs_queue_cmd() adds the command to the queue. However, lbs_queue_cmd()
sometimes forces commands to queue-jump (e.g. CMD_802_11_WAKEUP_CONFIRM).
It currently does this without considering that sequence numbers might need
adjusting to keep things running in order.

Fix this by setting the sequence number at a later stage, just before
we're actually submitting the command to the hardware. Also fixes a
possible race where seqnum was being modified outside of the driver
lock.

Signed-off-by: Daniel Drake <dsd@laptop.org>
Acked-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-31 14:47:23 -04:00
John W. Linville
11ad2f5282 Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-05-27 15:18:35 -04:00
David S. Miller
c5c177b4ac net: Kill ratelimit.h dependency in linux/net.h
Ingo Molnar noticed that we have this unnecessary ratelimit.h
dependency in linux/net.h, which hid compilation problems from
people doing builds only with CONFIG_NET enabled.

Move this stuff out to a seperate net/net_ratelimit.h file and
include that in the only two places where this thing is needed.

Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Ingo Molnar <mingo@elte.hu>
2011-05-27 13:41:33 -04:00
David S. Miller
bee95250f0 net: Add linux/sysctl.h includes where needed.
Several networking headers were depending upon the implicit
linux/sysctl.h include they get when including linux/net.h

Add explicit includes.

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-27 13:40:58 -04:00
David S. Miller
9d931dd2ed net: Kill ether_table[] declaration.
This got missed back in 2006 when Jes Sorensen deleted
net/ethernet/sysctl_net_ether.c

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-27 13:40:54 -04:00
Eric Dumazet
686a7e32ca inetpeer: fix race in unused_list manipulations
Several crashes in cleanup_once() were reported in recent kernels.

Commit d6cc1d642d (inetpeer: various changes) added a race in
unlink_from_unused().

One way to avoid taking unused_peers.lock before doing the list_empty()
test is to catch 0->1 refcnt transitions, using full barrier atomic
operations variants (atomic_cmpxchg() and atomic_inc_return()) instead
of previous atomic_inc() and atomic_add_unless() variants.

We then call unlink_from_unused() only for the owner of the 0->1
transition.

Add a new atomic_add_unless_return() static helper

With help from Arun Sharma.

Refs: https://bugzilla.kernel.org/show_bug.cgi?id=32772

Reported-by: Arun Sharma <asharma@fb.com>
Reported-by: Maximilian Engelhardt <maxi@daemonizer.de>
Reported-by: Yann Dupont <Yann.Dupont@univ-nantes.fr>
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-27 13:39:11 -04:00
Dan Williams
e7a46b4d08 atm: expose ATM device index in sysfs
It's currently exposed only through /proc which, besides requiring
screen-scraping, doesn't allow userspace to distinguish between two
identical ATM adapters with different ATM indexes.  The ATM device index
is required when using PPPoATM on a system with multiple ATM adapters.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: David Woodhouse <dwmw2@infradead.org>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-27 13:07:21 -04:00
David S. Miller
58bf2dbccc Merge branch 'pablo/nf-2.6-updates' of git://1984.lsi.us.es/net-2.6 2011-05-27 13:04:40 -04:00
Adrian Chadd
1df85ecec3 ath9k: Fix AR9287 calibration
The AR9287 calibration code was not being called because of an
incorrect MAC revision check.
This forced the AR9287 to use the AR9285 initial calibration code and
bypass the AR9287 code entirely.

Signed-off-by: Adrian Chadd <adrian@freebsd.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-27 12:53:48 -04:00
Jesper Juhl
64c754ed3b mac80211: Remove duplicate linux/slab.h include from net/mac80211/scan.c
Commit 79f460ca49 add a duplicate
linux/slab.h include to net/mac80211/scan.c - remove it.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-27 12:53:47 -04:00
Eliad Peller
a331400bf0 mac80211: clear local->ps_data on disassoc
local->ps_data wasn't cleared on disassociation, which
(in some corner cases) caused reconnections to enter
psm before association completed.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-27 12:53:46 -04:00
Tao Ma
64bd0821a3 wireless: Default to 'n' for 2 new added devices in Kconfig.
We make oldconfig every time when a new kernel arrives, but
if we don't have such a device(I guess this is the most common
case for a new device), the default value should be 'n' so
that the kernel size we build doesn't grow up too much quickly.
For anyone who has the device, it is OK for them to turn it on
by themselves.

Cc: "John W. Linville" <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Tao Ma <boyu.mt@taobao.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-27 12:53:46 -04:00
Stanislaw Gruszka
aac11c1b35 iwl4965: fix 5GHz operation
rx_status.band is used uninitialized, what disallow to work on 5GHz .

Cc: stable@kernel.org # 2.6.39+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-27 12:53:45 -04:00
Hans Schillstrom
c74c0bfe0b IPVS: bug in ip_vs_ftp, same list heaad used in all netns.
When ip_vs was adapted to netns the ftp application was not adapted
in a correct way.
However this is a fix to avoid kernel errors. In the long term another solution
might be chosen.  I.e the ports that the ftp appl, uses should be per netns.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-05-27 13:37:46 +02:00
Rajkumar Manoharan
1d38c16ce4 mac80211: stop queues before rate control updation
Stop tx queues before updating rate control to ensure
proper rate selection. Otherwise packets can be transmitted
in 40 Mhz whereas hw is configured in HT20.

Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:33 -04:00
Rajkumar Manoharan
41e2b05b95 ath9k: set 40 Mhz rate only if hw is configured in ht40
Whenever there is a channel width change from 40 Mhz to 20 Mhz,
the hardware is reconfigured to ht20. Meantime before doing
the rate control updation, the packets are being transmitted are
selected rate with IEEE80211_TX_RC_40_MHZ_WIDTH.

While transmitting ht40 rate packets in ht20 mode is causing
baseband panic with AR9003 based chips.

==== BB update: BB status=0x02001109 ====
ath: ** BB state: wd=1 det=1 rdar=0 rOFDM=1 rCCK=1 tOFDM=0 tCCK=0 agc=2
src=0 **
ath: ** BB WD cntl: cntl1=0xffff0085 cntl2=0x00000004 **
ath: ** BB mode: BB_gen_controls=0x000033c0 **
ath: ** BB busy times: rx_clear=99%, rx_frame=0%, tx_frame=0% **
ath: ==== BB update: done ====

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:32 -04:00
Rajkumar Manoharan
51ac8cbb21 ath9k_hw: disable phy restart on baseband panic caused by RXSM
While receiving unsupported rate frame rx state machine
gets into a state 0xb and if phy_restart happens in that
state, BB would go hang. If RXSM is in 0xb state after
first bb panic, ensure to disable the phy_restart.

Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:31 -04:00
Rajkumar Manoharan
a4d86d953b ath9k: Reset chip on baseband hang
Resetting hardware helps to recover from baseband
hang/panic for AR9003 based chips.

Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:31 -04:00
Rafał Miłecki
fb23d86382 b43: N-PHY: initialize last var in calibration function
Reported-by: Larry Finger <larry.finger@lwfinger.net>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:30 -04:00
Larry Finger
0019a2c927 rtlwifi: Use order 2 RX buffer allocation only if necessary
Although a previous fix handles the kernel panics that result from
failure to allocate a new RX buffer, memory fragmentation can be
reduced if the amsdu_8k capability is disabled as new buffers need only
be of O(0), not O(2).

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:30 -04:00
Larry Finger
a9e1286975 rtlwifi: Fix kernel panic resulting from RX buffer allocation failure
To handle amsdu_8k capability, the PCI routine of this driver must
allocate receive buffers of order 2. Under heavy load, this causes
fragmentation of memory. The present code releases the current buffer
before checking to see if a new one is availble. Recovery from
allocation failures is not possible, which results in kernel panics.

The fix is to reorder the code to check that a new buffer can be
allocated before the old one is released. If not possible, the
received frame is dropped and the old one is reused. Without this
change, it is impossible to transfer a 2 GB file without a kernel panic.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>              [2.6.{37,38,39}]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:29 -04:00
Luciano Coelho
208c72f4fe nl80211: fix check for valid SSID size in scan operations
In both trigger_scan and sched_scan operations, we were checking for
the SSID length before assigning the value correctly.  Since the
memory was just kzalloc'ed, the check was always failing and SSID with
over 32 characters were allowed to go through.

This was causing a buffer overflow when copying the actual SSID to the
proper place.

This bug has been there since 2.6.29-rc4.

Cc: stable@kernel.org
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:28 -04:00
Yogesh Ashok Powar
21bc7af6e5 mwifiex: correct event header length
While decoding received event packet from firmware, 4 bytes
of interface header are already removed unconditionally.
So for handling event only 4 more bytes needs to be pulled.
This is achieved by changing event header length to 4.

Almost all the events, except BA stream related and AMSDU
aggregation control events, do not have the payload in their
event skb. Such events handling depends only on the event ID.
This event ID is the first four bytes of the event skb, which
is copied to a separate variable before pulling the skb header.
Hence event handling worked only for those events that didn't
have payload in event skb.

This patch fixes the broken event path of the events with
payload in their event skb without harming existing working
event path for the events without payload.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Kiran Divekar <dkiran@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-05-26 15:43:27 -04:00
David S. Miller
86e4ca66e8 bug.h: Move ratelimit warn interfaces to ratelimit.h
As reported by Ingo Molnar, we still have configuration combinations
where use of the WARN_RATELIMIT interfaces break the build because
dependencies don't get met.

Instead of going down the long road of trying to make it so that
ratelimit.h can get included by kernel.h or asm-generic/bug.h,
just move the interface into ratelimit.h and make users have
to include that.

Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
2011-05-26 15:00:31 -04:00
Andy Gospodarek
90e62474fd bonding: cleanup module option descriptions
Weiping Pan noticed that the module option description for
xmit_hash_policy was incorrect and was nice enough to post a patch to
fix it.  The text was correct, but created a line over 80 characters and
I would rather not add those.  I realized I could take a few minutes and
clean up all the descriptions and things would look much better.  This
is the result.

Based on patch from Weiping Pan <panweiping3@gmail.com>.

Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
CC: Weiping Pan <panweiping3@gmail.com>
Reviewed-by: Weiping Pan <panweiping3@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-26 14:57:17 -04:00
Justin Mattock
da7c06c4a7 net:8021q:vlan.c Fix pr_info to just give the vlan fullname and version.
The below patch removes vlan_buggyright and vlan_copyright from vlan_proto_init,
so that it prints out just the fullname of vlan and the version number.

before:

[   30.438203] 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
[   30.441542] All bugs added by David S. Miller <davem@redhat.com>

after:

[   31.513910] 802.1Q VLAN Support v1.8

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
CC: Joe Perches <joe@perches.com>
CC: David S. Miller <davem@davemloft.net>
CC: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-26 14:55:51 -04:00
Johan Hovold
240b26284a net: davinci_emac: fix dev_err use at probe
Use platform device rather than net device in dev_err calls before net
device has been registered to avoid messages such as

	(null): DaVinci EMAC: Failed to get EMAC clock

Also replace remaining printks in probe with dev_{err,warn}.

Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-26 14:30:51 -04:00
Oliver Hartkopp
12e6c419b4 can: convert to %pK for kptr_restrict support
As these pointers have been printed without using %p they were missed in the
big network kptr_restrict conversion patch %p -> %pK from Dan Rosenberg.

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-26 14:23:35 -04:00
Michał Mirosław
fd0daf9d58 net: fix ETHTOOL_SFEATURES compatibility with old ethtool_ops.set_flags
Current code squashes flags to bool - this makes set_flags fail whenever
some ETH_FLAG_* equivalent features are set. Fix this.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-26 14:13:59 -04:00
David Miller
97242c85a2 netfilter: Fix several warnings in compat_mtw_from_user().
Kill set but not used 'entry_offset'.

Add a default case to the switch statement so the compiler
can see that we always initialize off and size_kern before
using them.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-05-26 19:09:07 +02:00
Jozsef Kadlecsik
9184a9cba6 netfilter: ipset: fix ip_set_flush return code
ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixed

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-05-26 19:08:11 +02:00
Jozsef Kadlecsik
b141c242ff netfilter: ipset: remove unused variable from type_pf_tdel()
Variable 'ret' is set in type_pf_tdel() but not used, remove.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-05-26 19:08:05 +02:00
Jozsef Kadlecsik
249ddc79a3 netfilter: ipset: Use proper timeout value to jiffies conversion
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-05-26 19:07:32 +02:00
Flavio Leitner
94265cf5f7 bonding: documentation and code cleanup for resend_igmp
Improves the documentation about how IGMP resend parameter
works, fix two missing checks and coding style issues.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Acked-by: Rick Jones <rick.jones2@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:33 -04:00
Neil Horman
9fe0617d9b bonding: prevent deadlock on slave store with alb mode (v3)
This soft lockup was recently reported:

[root@dell-per715-01 ~]# echo +bond5 > /sys/class/net/bonding_masters
[root@dell-per715-01 ~]# echo +eth1 > /sys/class/net/bond5/bonding/slaves
bonding: bond5: doing slave updates when interface is down.
bonding bond5: master_dev is not up in bond_enslave
[root@dell-per715-01 ~]# echo -eth1 > /sys/class/net/bond5/bonding/slaves
bonding: bond5: doing slave updates when interface is down.

BUG: soft lockup - CPU#12 stuck for 60s! [bash:6444]
CPU 12:
Modules linked in: bonding autofs4 hidp rfcomm l2cap bluetooth lockd sunrpc
be2d
Pid: 6444, comm: bash Not tainted 2.6.18-262.el5 #1
RIP: 0010:[<ffffffff80064bf0>]  [<ffffffff80064bf0>]
.text.lock.spinlock+0x26/00
RSP: 0018:ffff810113167da8  EFLAGS: 00000286
RAX: ffff810113167fd8 RBX: ffff810123a47800 RCX: 0000000000ff1025
RDX: 0000000000000000 RSI: ffff810123a47800 RDI: ffff81021b57f6f8
RBP: ffff81021b57f500 R08: 0000000000000000 R09: 000000000000000c
R10: 00000000ffffffff R11: ffff81011d41c000 R12: ffff81021b57f000
R13: 0000000000000000 R14: 0000000000000282 R15: 0000000000000282
FS:  00002b3b41ef3f50(0000) GS:ffff810123b27940(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00002b3b456dd000 CR3: 000000031fc60000 CR4: 00000000000006e0

Call Trace:
 [<ffffffff80064af9>] _spin_lock_bh+0x9/0x14
 [<ffffffff886937d7>] :bonding:tlb_clear_slave+0x22/0xa1
 [<ffffffff8869423c>] :bonding:bond_alb_deinit_slave+0xba/0xf0
 [<ffffffff8868dda6>] :bonding:bond_release+0x1b4/0x450
 [<ffffffff8006457b>] __down_write_nested+0x12/0x92
 [<ffffffff88696ae4>] :bonding:bonding_store_slaves+0x25c/0x2f7
 [<ffffffff801106f7>] sysfs_write_file+0xb9/0xe8
 [<ffffffff80016b87>] vfs_write+0xce/0x174
 [<ffffffff80017450>] sys_write+0x45/0x6e
 [<ffffffff8005d28d>] tracesys+0xd5/0xe0

It occurs because we are able to change the slave configuarion of a bond while
the bond interface is down.  The bonding driver initializes some data structures
only after its ndo_open routine is called.  Among them is the initalization of
the alb tx and rx hash locks.  So if we add or remove a slave without first
opening the bond master device, we run the risk of trying to lock/unlock a
spinlock that has garbage for data in it, which results in our above softlock.

Note that sometimes this works, because in many cases an unlocked spinlock has
the raw_lock parameter initialized to zero (meaning that the kzalloc of the
net_device private data is equivalent to calling spin_lock_init), but thats not
true in all cases, and we aren't guaranteed that condition, so we need to pass
the relevant spinlocks through the spin_lock_init function.

Fix it by moving the spin_lock_init calls for the tx and rx hashtable locks to
the ndo_init path, so they are ready for use by the bond_store_slaves path.

Change notes:
v2) Based on conversation with Jay and Nicolas it seems that the ability to
enslave devices while the bond master is down should be safe to do.  As such
this is an outlier bug, and so instead we'll just initalize the errant spinlocks
in the init path rather than the open path, solving the problem.  We'll also
remove the warnings about the bond being down during enslave operations, since
it should be safe

v3) Fix spelling error

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: jtluka@redhat.com
CC: Jay Vosburgh <fubar@us.ibm.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: nicolas.2p.debian@gmail.com
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:33 -04:00
Eric Dumazet
2907c35ff6 net: hold rtnl again in dump callbacks
Commit e67f88dd12 (dont hold rtnl mutex during netlink dump callbacks)
missed fact that rtnl_fill_ifinfo() must be called with rtnl held.

Because of possible deadlocks between two mutexes (cb_mutex and rtnl),
its not easy to solve this problem, so revert this part of the patch.

It also forgot one rcu_read_unlock() in FIB dump_rules()

Add one ASSERT_RTNL() in rtnl_fill_ifinfo() to remind us the rule.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
CC: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Meelis Roos
1dcb14d9e8 Add Fujitsu 1000base-SX PCI ID to tg3
This patch adds the PCI ID of Fujitsu 1000base-SX NIC to tg3 driver.
Tested to detect the card, MAC and serdes, not tested with link at the
moment since I have no fiber switch here. I did not add new constants to
the pci_ids.h header file since these constants are used only here.

Signed-off-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Dmitry Kravkov
a5971d43ef bnx2x: protect sequence increment with mutex
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Eric Dumazet
07bd8df5df sch_sfq: fix peek() implementation
Since commit eeaeb068f1 (sch_sfq: allow big packets and be fair),
sfq_peek() can return a different skb that would be normally dequeued by
sfq_dequeue() [ if current slot->allot is negative ]

Use generic qdisc_peek_dequeued() instead of custom implementation, to
get consistent result.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Jarek Poplawski <jarkao2@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
CC: Jesper Dangaard Brouer <hawk@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Prarit Bhargava
367bbf2aa1 isdn: netjet - blacklist Digium TDM400P
[2nd try ... 1st attempt didn't make it to netdev mailing list]

A quick google search reveals that people with this card are blacklisting it
in the initramfs and in the module blacklist based on a statement that it
is unsupported. Since the older Digium is also unsupported I'm pretty
confident that this newer card is also not supported.

lspci -xxx -vv shows

04:07.0 Communication controller: Tiger Jet Network Inc. Tiger3XX Modem/ISDN interface
        Subsystem: Device b100:0003
P.

----8<----
The Asterisk Voice Card, DIGIUM TDM400P is unsupported by the netjet driver.
Blacklist it like the Digium X100P/X101P card.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Ulrich Hecht
d10358de8d via-velocity: don't annotate MAC registers as packed
On ARM, memory accesses through packed pointers behave in unexpected
ways in GCC releases 4.3 and higher; see https://lkml.org/lkml/2011/2/2/163
for discussion.

In this particular case, 32-bit I/O registers are accessed bytewise,
causing incorrect setting of the DMA address registers which in turn
leads to an error interrupt storm that brings the system to a halt.

Since the mac_regs structure does not need any packing anyway, this patch
simply removes the attribute to fix the issue.

Signed-off-by: Ulrich Hecht <uli@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Ian Campbell
1ba37c518f xen: netfront: hold RTNL when updating features.
Konrad reports:
[    0.930811] RTNL: assertion failed at /home/konrad/ssd/linux/net/core/dev.c (5258)
[    0.930821] Pid: 22, comm: xenwatch Not tainted 2.6.39-05193-gd762f43 #1
[    0.930825] Call Trace:
[    0.930834]  [<ffffffff8143bd0e>] __netdev_update_features+0xae/0xe0
[    0.930840]  [<ffffffff8143dd41>] netdev_update_features+0x11/0x30
[    0.930847]  [<ffffffffa0037105>] netback_changed+0x4e5/0x800 [xen_netfront]
[    0.930854]  [<ffffffff8132a838>] xenbus_otherend_changed+0xa8/0xb0
[    0.930860]  [<ffffffff8157ca99>] ? _raw_spin_unlock_irqrestore+0x19/0x20
[    0.930866]  [<ffffffff8132adfe>] backend_changed+0xe/0x10
[    0.930871]  [<ffffffff8132875a>] xenwatch_thread+0xba/0x180
[    0.930876]  [<ffffffff810a8ba0>] ? wake_up_bit+0x40/0x40
[    0.930881]  [<ffffffff813286a0>] ? split+0xf0/0xf0
[    0.930886]  [<ffffffff810a8646>] kthread+0x96/0xa0
[    0.930891]  [<ffffffff815855a4>] kernel_thread_helper+0x4/0x10
[    0.930896]  [<ffffffff815846b3>] ? int_ret_from_sys_call+0x7/0x1b
[    0.930901]  [<ffffffff8157cf61>] ? retint_restore_args+0x5/0x6
[    0.930906]  [<ffffffff815855a0>] ? gs_change+0x13/0x13

This update happens in xenbus watch callback context and hence does not already
hold the rtnl. Take the lock as necessary.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00
Wei Yongjun
8b4472cc13 sctp: fix memory leak of the ASCONF queue when free asoc
If an ASCONF chunk is outstanding, then the following ASCONF
chunk will be queued for later transmission. But when we free
the asoc, we forget to free the ASCONF queue at the same time,
this will cause memory leak.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-25 17:55:32 -04:00