-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sync up with Linus #27
Commits on Dec 1, 2014
-
drm: tda998x: Protect the page register
As the HDMI registers of the TDA998x chips are accessed by pages, the page register must be protected. Signed-off-by: Jean-Francois Moine <[email protected]> Signed-off-by: Russell King <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ed9a842 - Browse repository at this point
Copy the full SHA ed9a842View commit details -
drm: tda998x: Fix EDID read timeout on HDMI connect
When the HDMI cable is disconnected and reconnected, EDID reading is called too early raising a EDID read timeout. This patch uses the system work queue to delay the notification of the HDMI connect/disconnect event. Signed-off-by: Jean-Francois Moine <[email protected]> Signed-off-by: Russell King <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6833d26 - Browse repository at this point
Copy the full SHA 6833d26View commit details
Commits on Dec 8, 2014
-
xfrm6: Fix transport header offset in _decode_session6.
skb->transport_header might not be valid when we do a reverse decode because the ipv6 tunnel error handlers don't update it to the inner transport header. This leads to a wrong offset calculation and to wrong layer 4 informations. We fix this by using the size of the ipv6 header as the first offset. Signed-off-by: Steffen Klassert <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for de3b7a0 - Browse repository at this point
Copy the full SHA de3b7a0View commit details -
xfrm6: Fix the nexthdr offset in _decode_session6.
xfrm_decode_session() was originally designed for the usage in the receive path where the correct nexthdr offset is stored in IP6CB(skb)->nhoff. Over time this function spread to code that is used in the output path (netfilter, vti) where IP6CB(skb)->nhoff is not set. As a result, we get a wrong nexthdr and the upper layer flow informations are wrong. This can leed to incorrect policy lookups. Signed-off-by: Steffen Klassert <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f855691 - Browse repository at this point
Copy the full SHA f855691View commit details
Commits on Jan 12, 2015
-
iwlwifi: mvm: fix EBS on single scan
EBS error detection isn't supported by all FWs, so turn it on only if the FW advertises such support. Signed-off-by: David Spinadel <[email protected]> Reviewed-by: Johannes Berg <[email protected]> Signed-off-by: Emmanuel Grumbach <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1f9c418 - Browse repository at this point
Copy the full SHA 1f9c418View commit details -
iwlwifi: mvm: drop non VO frames when flushing
This change has already been implemented in iwldvm: commit a260e7b3f0307878b99d57ed1406cf2d497923b8 Author: Emmanuel Grumbach <[email protected]> Date: Sun Oct 5 09:11:14 2014 +0300 iwlwifi: dvm: drop non VO frames when flushing Since I added the flush() callback implementation in mvm, we got reports that the queues are stuck while roaming or suspending. This commit above helped much for iwldvm, implement the same behavior for iwlmvm. CC: <[email protected]> [3.16+] Fixes: c5b0e7c ("iwlwifi: mvm: implement mac80211's flush callback") Signed-off-by: Emmanuel Grumbach <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4e6c48e - Browse repository at this point
Copy the full SHA 4e6c48eView commit details
Commits on Jan 13, 2015
-
iwlwifi: mvm: set the tx cmd tid for BAR frame correctly
BAR tx cmd tid was set to non qos (8). This is wrong as BAR should be sent with the tid of the BA session. This led to a corruption in the firmware. The visible effect of this from the driver side is the BA notification that comes back after the BAR. It was botched and led to the WARNING below. ------------[ cut here ]------------ WARNING: CPU: 2 PID: 17707 at /home/tester/workspace_hostap/iwlwifi/drivers/net/wireless/iwlwifi/mvm/tx.c:976 iwl_mvm_rx_ba_notif+0x4ba/0x4d0 [iwlmvm]() Q 4500, tid 8, flow 65535 Modules linked in: iwlmvm(O) mac80211(O) iwlwifi(O) cfg80211(O) compat(O) netconsole configfs ctr ccm arc4 autofs4 microcode bnep rfcomm snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_codec_generic snd_hda_intel joydev snd_hda_codec uvcvideo videobuf2_core snd_hwdep videodev snd_pcm videobuf2_vmalloc videobuf2_memops i915 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device drm_kms_helper dell_wmi dell_laptop drm btusb bluetooth snd psmouse i2c_algo_bit sparse_keymap wmi soundcore 6lowpan_iphc dcdbas serio_raw video lpc_ich ppdev mac_hid parport_pc nfsd nfs_acl auth_rpcgss nfs fscache binfmt_misc lockd sunrpc lp parport msdos sdhci_pci sdhci mmc_core ahci libahci e1000e ptp pps_core [last unloaded: compat] CPU: 2 PID: 17707 Comm: irq/46-iwlwifi Tainted: G W O 3.14.17-patched #4 Hardware name: Dell Inc. Latitude E6430/0CPWYR, BIOS A09 12/13/2012 00000000 00000000 ebd49d6c c1616221 f985dbdc ebd49d9c c1044e44 f9861df4 ebd49dc8 0000452b f985dbdc 000003d0 f98395da f98395da ebd49f10 eaf3d8a4 0000ffff ebd49db4 c1044f03 00000009 ebd49dac f9861df4 ebd49dc8 ebd49e64 Call Trace: [<c1616221>] dump_stack+0x41/0x52 [<c1044e44>] warn_slowpath_common+0x84/0xa0 [<f98395da>] ? iwl_mvm_rx_ba_notif+0x4ba/0x4d0 [iwlmvm] [<f98395da>] ? iwl_mvm_rx_ba_notif+0x4ba/0x4d0 [iwlmvm] [<c1044f03>] warn_slowpath_fmt+0x33/0x40 [<f98395da>] iwl_mvm_rx_ba_notif+0x4ba/0x4d0 [iwlmvm] [<c10e3952>] ? ring_buffer_unlock_commit+0xa2/0xd0 [<c10e9767>] ? trace_buffer_unlock_commit+0x37/0x50 [<f98568a3>] ? iwl_tm_mvm_send_rx+0x53/0x90 [iwlmvm] [<f98327a8>] iwl_mvm_rx_dispatch+0x108/0x130 [iwlmvm] [<f9eac7e7>] iwl_pcie_irq_handler+0xf17/0x15b0 [iwlwifi] [<c10994c1>] irq_thread_fn+0x21/0x50 [<c109926c>] irq_thread+0xec/0x110 [<c10994a0>] ? irq_thread_dtor+0xb0/0xb0 [<c10993f0>] ? irq_finalize_oneshot.part.34+0xc0/0xc0 [<c1099180>] ? wake_threads_waitq+0x40/0x40 [<c1062fdb>] kthread+0x9b/0xb0 [<c1627137>] ret_from_kernel_thread+0x1b/0x28 [<c1062f40>] ? flush_kthread_worker+0x90/0x90 ---[ end trace 5e0f67374816db17 ]--- Signed-off-by: Eyal Shapira <[email protected]> Reviewed-by: Johannes Berg <[email protected]> Signed-off-by: Emmanuel Grumbach <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9b3b43d - Browse repository at this point
Copy the full SHA 9b3b43dView commit details
Commits on Jan 15, 2015
-
Merge tag 'iwlwifi-for-kalle-2015-01-13' of https://git.kernel.org/pu…
…b/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * A fix for scan that fixes a firmware assertion * A fix that improves roaming behavior. Same fix has been tested for a while in iwldvm. This is a bit of a work around, but the real fix should be in mac80211 and will come later. * A fix for BARs that avoids a WARNING.
Kalle Valo committedJan 15, 2015 Configuration menu - View commit details
-
Copy full SHA for 781f51d - Browse repository at this point
Copy the full SHA 781f51dView commit details -
drm/amdkfd: PQM handle queue creation fault
If the first queue created was failed on DQM then PQM should unregister the process from DQM. Signed-off-by: Ben Goz <[email protected]> Signed-off-by: Oded Gabbay <[email protected]>
Ben Goz authored and Oded Gabbay committedJan 15, 2015 Configuration menu - View commit details
-
Copy full SHA for f046bfd - Browse repository at this point
Copy the full SHA f046bfdView commit details
Commits on Jan 18, 2015
-
drm/amdkfd: Allow user to limit only queues per device
This patch replaces the two current amdkfd module parameters with a new one. The current parameters that are being replaced are: - Maximum number of HSA processes - Maximum number of queues per process The new parameter that replaces them is called "Maximum queues per device" This replacement achieves two goals: - Allows the user to have as many HSA processes as it wants (until a maximum of 512 HSA processes in Kaveri). - Removes the limitation the user had on maximum number of queues per HSA process. E.g. the user can now have processes which only have one queue and other processes which have hundreds of queues, while before the user couldn't have more than 128 queues per process (as default). The default value of the new parameter is 4096 (32 * 128, which were the defaults of the old parameters). There is almost no additional GART memory required for the default case. As a reminder, this amount of queues requires a little bit below 4MB of GART memory. v2: In addition, This patch defines a new counter for queues accounting in the DQM structure. This is done because the current counter only counts active queues which allows the user to create more queues than the max_num_of_queues_per_device module parameter allows. However, we need the current counter for the runlist packet build process, so the solution is to have a dedicated counter for this accounting. Signed-off-by: Oded Gabbay <[email protected]> Reviewed-by: Ben Goz <[email protected]>
Oded Gabbay committedJan 18, 2015 Configuration menu - View commit details
-
Copy full SHA for b8cbab0 - Browse repository at this point
Copy the full SHA b8cbab0View commit details -
iwlwifi: mvm: abort scheduled scan upon RFKILL
When we have an active scheduled scan, and the RFKILL interrupt kicks in, the stack will cancel the scheduled scan as part of the down flow. But cancelling scheduled scan usually implies sending a command to the firwmare which has been killed as part of the RFKILL interrupt handling. Because of that, we returned an error to mac80211 when it asked to stop the scheduled scan and didn't notify the end of the scheduled scan. Besides a fat warning, this led to a situation in which cfg80211 would refuse any new scan request. To disentangle this, fake that the scheduled scan has been stopped without sending the command to the firwmare, return 0 after having properly let cfg80211 know that the scan has been cancelled. This is basically the same as: commit 9b520d8 Author: Emmanuel Grumbach <[email protected]> Date: Tue Nov 4 15:54:11 2014 +0200 iwlwifi: mvm: abort scan upon RFKILL This code existed but not for all the different FW APIs we support. Fix this. but for the scheduled scan case. Link: http://permalink.gmane.org/gmane.linux.kernel.wireless.general/133232 Reported-by: Linus Torvalds <[email protected]> Signed-off-by: Emmanuel Grumbach <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 90ea15c - Browse repository at this point
Copy the full SHA 90ea15cView commit details -
powerpc/xmon: Fix another endiannes issue in RTAS call from xmon
The commit 3b8a3c0 ("powerpc/pseries: Fix endiannes issue in RTAS call from xmon") was fixing an endianness issue in the call made from xmon to RTAS. However, as Michael Ellerman noticed, this fix was not complete, the token value was not byte swapped. This lead to call an unexpected and most of the time unexisting RTAS function, which is silently ignored by RTAS. This fix addresses this hole. Reported-by: Michael Ellerman <[email protected]> Cc: [email protected] Signed-off-by: Laurent Dufour <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e6eb2eb - Browse repository at this point
Copy the full SHA e6eb2ebView commit details
Commits on Jan 19, 2015
-
Merge tag 'iwlwifi-for-kalle-2015-01-15' of https://git.kernel.org/pu…
…b/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * one fix for rfkill while scheduled scan is running. Linus's system hit this issue. WiFi would be unavailable after this has happpened because of bad state in cfg80211.
Kalle Valo committedJan 19, 2015 Configuration menu - View commit details
-
Copy full SHA for 7b05520 - Browse repository at this point
Copy the full SHA 7b05520View commit details -
drm/vmwgfx: Replace the hw mutex with a hw spinlock
Fixes a case where we call vmw_fifo_idle() from within a wait function with task state !TASK_RUNNING, which is illegal. In addition, make the locking fine-grained, so that it is performed once for every read- and write operation. This is of course more costly, but we don't perform much register access in the timing critical paths anyway. Instead we have the extra benefit of being sure that we don't forget the hw lock around register accesses. I think currently the kms code was quite buggy w r t this. This fixes Red Hat Bugzilla Bug 1180796 Cc: [email protected] Signed-off-by: Thomas Hellstrom <[email protected]> Reviewed-by: Jakob Bornecrantz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 496eb6f - Browse repository at this point
Copy the full SHA 496eb6fView commit details -
ath9k: fix race condition in irq processing during hardware reset
To fix invalid hardware accesses, the commit 872b5d8 ("ath9k: do not access hardware on IRQs during reset") made the irq handler ignore interrupts emitted after queueing a hardware reset (which disables the IRQ). This left a small time window for the IRQ to get re-enabled by the tasklet, which caused IRQ storms. Instead of returning IRQ_NONE when ATH_OP_HW_RESET is set, disable the IRQ entirely for the duration of the reset. Signed-off-by: Felix Fietkau <[email protected]> Signed-off-by: Kalle Valo <[email protected]>
Felix Fietkau authored and Kalle Valo committedJan 19, 2015 Configuration menu - View commit details
-
Copy full SHA for e3f3117 - Browse repository at this point
Copy the full SHA e3f3117View commit details
Commits on Jan 21, 2015
-
drm/i2c: tda998x: set the CEC I2C address based on the slave I2C address
The I2C address for the TDA9989 and TDA19989 is fixed at 0x34 but the two LSBs of the TDA19988's address are set by two configuration pins on the chip. Irrespective of the chip, the associated CEC peripheral's I2C address is based upon the main I2C address. This patch avoids any special handling required to support systems that contain multiple TDA19988 devices on the same I2C bus. Signed-off-by: Andrew Jackson <[email protected]> Signed-off-by: Liviu Dudau <[email protected]> Signed-off-by: Russell King <[email protected]>
Andrew Jackson authored and Russell King committedJan 21, 2015 Configuration menu - View commit details
-
Copy full SHA for cfe3875 - Browse repository at this point
Copy the full SHA cfe3875View commit details -
can: c_can: end pending transmission on network stop (ifdown)
Put controller into init mode in network stop to end pending transmissions. The issue is observed in cases when transmitted frame is not acked. Signed-off-by: Viktor Babrian <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7ffd7b4 - Browse repository at this point
Copy the full SHA 7ffd7b4View commit details
Commits on Jan 22, 2015
-
Merge branch 'vmwgfx-fixes-3.19' of git://people.freedesktop.org/~tho…
…mash/linux into drm-fixes fix a vmwgfx regression sleeping wrong task state. * 'vmwgfx-fixes-3.19' of git://people.freedesktop.org/~thomash/linux: drm/vmwgfx: Replace the hw mutex with a hw spinlock
Configuration menu - View commit details
-
Copy full SHA for c366321 - Browse repository at this point
Copy the full SHA c366321View commit details -
powerpc/powernv: Restore LPCR with LPCR_PECE1 cleared
LPCR_PECE1 bit controls whether decrementer interrupts are allowed to cause exit from power-saving mode. While waking up from winkle, restoring LPCR with LPCR_PECE1 set (i.e Decrementer interrupts allowed) can cause issue in the following scenario: - All the threads in a core are offlined. The core enters deep winkle. - Spurious interrupt wakes up a thread in the core. Here LPCR is restored with LPCR_PECE1 bit set. - Since it was a spurious interrupt on a offline thread, the thread clears the interrupt and goes back to winkle. - Here before the thread executes winkle and puts the core into deep winkle, if a decrementer interrupt occurs on any of the sibling threads in the core that thread wakes up. - Since in offline loop we are flushing interrupt only in case of external interrupt, the decrementer interrupt does not get flushed. So at this stage the thread is stuck in this is loop of waking up at 0x100 due to decrementer interrupt, not flushing the interrupt as only external interrupts get flushed, entering winkle, waking up at 0x100 again. Fix this by programming PORE to restore LPCR with LPCR_PECE1 bit cleared when waking up from winkle. Signed-off-by: Shreyas B. Prabhu <[email protected]> Cc: Paul Mackerras <[email protected]> Cc: Benjamin Herrenschmidt <[email protected]> Signed-off-by: Michael Ellerman <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0eb1320 - Browse repository at this point
Copy the full SHA 0eb1320View commit details -
drm/radeon: Don't increment pipe_id in kgd_init_pipeline
This patch fixes the behavior of kgd_init_pipeline in that this function shouldn't automatically increase the pipe_id argument by 1 right at the start of the function. This is because the first_pipe value might not be always 1, and because a proper interface function should not hide this info inside its implementation. In other words, the calling function should provide the real pipe_id and not count on kgd_init_pipeline to "fix" it. Signed-off-by: Oded Gabbay <[email protected]> Reviewed-by: Alex Deucher <[email protected]> Reviewed-by: Jammy Zhou <[email protected]>
Oded Gabbay committedJan 22, 2015 Configuration menu - View commit details
-
Copy full SHA for 5a8888a - Browse repository at this point
Copy the full SHA 5a8888aView commit details -
drm/amdkfd: Fix bug in pipelines initialization
This patch fixes a bug when calling to init_pipeline() interface. The index that was passed to that function didn't take into account the first_pipe value, which represents the first pipe index that is under amdkfd's responsibility. Signed-off-by: Oded Gabbay <[email protected]> Reviewed-by: Alex Deucher <[email protected]> Reviewed-by: Jammy Zhou <[email protected]>
Oded Gabbay committedJan 22, 2015 Configuration menu - View commit details
-
Copy full SHA for 749042b - Browse repository at this point
Copy the full SHA 749042bView commit details -
drm/amdkfd: Fix bug in call to init_pipelines()
This patch fixes a bug where the first_pipe index passed into init_pipelines() was a #define instead of the value that is passed into amdkfd by radeon Signed-off-by: Oded Gabbay <[email protected]> Reviewed-by: Alex Deucher <[email protected]> Reviewed-by: Jammy Zhou <[email protected]>
Oded Gabbay committedJan 22, 2015 Configuration menu - View commit details
-
Copy full SHA for 9fa843e - Browse repository at this point
Copy the full SHA 9fa843eView commit details -
drm/radeon: Split off gart_get_page_entry ASIC hook from set_page_entry
get_page_entry calculates the GART page table entry, which is just written to the GART page table by set_page_entry. This is a prerequisite for the following fix. Reviewed-by: Christian König <[email protected]> Cc: [email protected] Signed-off-by: Michel Dänzer <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cb65890 - Browse repository at this point
Copy the full SHA cb65890View commit details -
drm/radeon: Restore GART table contents after pinning it in VRAM v3
The GART table BO has to be moved out of VRAM for suspend/resume. Any updates to the GART table during that time were silently dropped without this change. This caused GPU lockups on resume in some cases, see the bug reports referenced below. This might also make GPU reset more robust in some cases, as we no longer rely on the GART table in VRAM being preserved across the GPU lockup/reset. v2: Add logic to radeon_gart_table_vram_pin directly instead of reinstating radeon_gart_restore v3: Move code after assignment of rdev->gart.table_addr so that the GART TLB flush can work as intended, add code comment explaining why we're doing this Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=85204 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=86267 Reviewed-by: Christian König <[email protected]> Cc: [email protected] Signed-off-by: Michel Dänzer <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5636d2f - Browse repository at this point
Copy the full SHA 5636d2fView commit details -
drm/radeon: Remove rdev->gart.pages_addr array
radeon_vm_map_gart can use rdev->gart.pages_entry instead. Also move the masking of the page address to radeon_vm_map_gart from its callers. Reviewed-by: Christian König <[email protected]> Signed-off-by: Michel Dänzer <[email protected]> Signed-off-by: Alex Deucher <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 16653db - Browse repository at this point
Copy the full SHA 16653dbView commit details
Commits on Jan 23, 2015
-
scsi: always increment reference count
James reported: > After e513cc1 module: Remove stop_machine from module unloading, > module_refcount() is returning (unsigned long)-1 when called from within > a routine that runs in module_exit. This is confusing the scsi device > put code which is coded to detect a module_refcount() of zero for > running within a module exit routine and not try to do another > module_put. The fix is to restore the original behaviour of > module_refcount() and return zero if we're running inside an exit > routine. The correct fix is to turn try_module_get() into __module_get(), and always do the module_put(). Acked-by: James Bottomley <[email protected]> Signed-off-by: Rusty Russell <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc4515e - Browse repository at this point
Copy the full SHA dc4515eView commit details -
mac80211: only roll back station states for WDS when suspending
In normal cases (i.e. when we are fully associated), cfg80211 takes care of removing all the stations before calling suspend in mac80211. But in the corner case when we suspend during authentication or association, mac80211 needs to roll back the station states. But we shouldn't roll back the station states in the suspend function, because this is taken care of in other parts of the code, except for WDS interfaces. For AP types of interfaces, cfg80211 takes care of disconnecting all stations before calling the driver's suspend code. For station interfaces, this is done in the quiesce code. For WDS interfaces we still need to do it here, so move the code into a new switch case for WDS. Cc: [email protected] [3.15+] Signed-off-by: Luciano Coelho <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2af81d6 - Browse repository at this point
Copy the full SHA 2af81d6View commit details -
mac80211: correct header length calculation
HT Control field may also be present in management frames, as defined in 8.2.4.1.10 of 802.11-2012. Account for this in calculation of header length. Signed-off-by: Fred Chou <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fb142f4 - Browse repository at this point
Copy the full SHA fb142f4View commit details -
mac80211: properly set CCK flag in radiotap
Fix a regression introduced by commit a5e7069 ("mac80211: add radiotap flag and handling for 5/10 MHz") where the IEEE80211_CHAN_CCK channel type flag was incorrectly replaced by the IEEE80211_CHAN_OFDM flag. This commit fixes that by using the CCK flag again. Cc: [email protected] Fixes: a5e7069 ("mac80211: add radiotap flag and handling for 5/10 MHz") Signed-off-by: Mathy Vanhoef <[email protected]> Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3a5c5e8 - Browse repository at this point
Copy the full SHA 3a5c5e8View commit details -
nl80211: fix per-station group key get/del and memory leak
In case userspace attempts to obtain key information for or delete a unicast key, this is currently erroneously rejected unless the driver sets the WIPHY_FLAG_IBSS_RSN flag. Apparently enough drivers do so it was never noticed. Fix that, and while at it fix a potential memory leak: the error path in the get_key() function was placed after allocating a message but didn't free it - move it to a better place. Luckily admin permissions are needed to call this operation. Cc: [email protected] Fixes: e31b821 ("cfg80211/mac80211: allow per-station GTKs") Signed-off-by: Johannes Berg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0fa7b39 - Browse repository at this point
Copy the full SHA 0fa7b39View commit details
Commits on Jan 24, 2015
-
amd-xgbe: Use proper Rx flow control register
Updated hardware documention shows the Rx flow control settings were moved from the Rx queue operation mode register to a new Rx queue flow control register. The old flow control settings are now reserved areas of the Rx queue operation mode register. Update the code to use the new register. Signed-off-by: Tom Lendacky <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e2a2729 - Browse repository at this point
Copy the full SHA e2a2729View commit details
Commits on Jan 25, 2015
-
ARM: dts: imx6sx: correct i.MX6sx sdb board enet phy address
The commit (3d125f9) cause i.MX6SX sdb enet cannot work. The cause is the commit add mdio node with un-correct phy address. The patch just correct i.MX6sx sdb board enet phy address. V2: * As Shawn's suggestion that unit-address should match 'reg' property, so update ethernet-phy unit-address. Acked-by: Stefan Agner <[email protected]> Signed-off-by: Fugang Duan <[email protected]> Acked-by: Shawn Guo <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9143e39 - Browse repository at this point
Copy the full SHA 9143e39View commit details -
Merge tag 'wireless-drivers-for-davem-2015-01-20' of git://git.kernel…
….org/pub/scm/linux/kernel/git/kvalo/wireless-drivers ath9k: * fix an IRQ storm caused by commit 872b5d8 iwlwifi: * A fix for scan that fixes a firmware assertion * A fix that improves roaming behavior. Same fix has been tested for a while in iwldvm. This is a bit of a work around, but the real fix should be in mac80211 and will come later. * A fix for BARs that avoids a WARNING. * one fix for rfkill while scheduled scan is running. Linus's system hit this issue. WiFi would be unavailable after this has happpened because of bad state in cfg80211. Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5d7b045 - Browse repository at this point
Copy the full SHA 5d7b045View commit details -
enic: fix rx napi poll return value
With the commit d75b1ad ("net: less interrupt masking in NAPI") napi repoll is done only when work_done == budget. When we are in busy_poll we return 0 in napi_poll. We should return budget. Signed-off-by: Govindarajulu Varadarajan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f104fed - Browse repository at this point
Copy the full SHA f104fedView commit details -
netxen: fix netxen_nic_poll() logic
NAPI poll logic now enforces that a poller returns exactly the budget when it wants to be called again. If a driver limits TX completion, it has to return budget as well when the limit is hit, not the number of received packets. Reported-and-tested-by: Mike Galbraith <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Fixes: d75b1ad ("net: less interrupt masking in NAPI") Cc: Manish Chopra <[email protected]> Acked-by: Manish Chopra <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6088bee - Browse repository at this point
Copy the full SHA 6088beeView commit details -
net: llc: use correct size for sysctl timeout entries
The timeout entries are sizeof(int) rather than sizeof(long), which means that when they were getting read we'd also leak kernel memory to userspace along with the timeout values. Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6b8d911 - Browse repository at this point
Copy the full SHA 6b8d911View commit details -
ipvlan: fix incorrect usage of IS_ERR() macro in IPv6 code path.
The ip6_route_output() always returns a valid dst pointer unlike in IPv4 case. So the validation has to be different from the IPv4 path. Correcting that error in this patch. This was picked up by a static checker with a following warning - drivers/net/ipvlan/ipvlan_core.c:380 ipvlan_process_v6_outbound() warn: 'dst' isn't an ERR_PTR Signed-off-by: Mahesh Bandewar <[email protected]> Reported-by: Dan Carpenter <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2aab952 - Browse repository at this point
Copy the full SHA 2aab952View commit details
Commits on Jan 26, 2015
-
net: dsa: set slave MII bus PHY mask
When registering a mdio bus, Linux assumes than every port has a PHY and tries to scan it. If a switch port has no PHY registered, DSA will fail to register the slave MII bus. To fix this, set the slave MII bus PHY mask to the switch PHYs mask. As an example, if we use a Marvell MV88E6352 (which is a 7-port switch with no registered PHYs for port 5 and port 6), with the following declared names: static struct dsa_chip_data switch_cdata = { [...] .port_names[0] = "sw0", .port_names[1] = "sw1", .port_names[2] = "sw2", .port_names[3] = "sw3", .port_names[4] = "sw4", .port_names[5] = "cpu", }; DSA will fail to create the switch instance. With the PHY mask set for the slave MII bus, only the PHY for ports 0-4 will be scanned and the instance will be successfully created. Signed-off-by: Vivien Didelot <[email protected]> Tested-by: Florian Fainelli <[email protected]> Acked-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 24df898 - Browse repository at this point
Copy the full SHA 24df898View commit details -
ipv6: Fix __ip6_route_redirect
In my last commit (a3c00e4: ipv6: Remove BACKTRACK macro), the changes in __ip6_route_redirect is incorrect. The following case is missed: 1. The for loop tries to find a valid gateway rt. If it fails to find one, rt will be NULL. 2. When rt is NULL, it is set to the ip6_null_entry. 3. The newly added 'else if', from a3c00e4, will stop the backtrack from happening. Signed-off-by: Martin KaFai Lau <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b0a1ba5 - Browse repository at this point
Copy the full SHA b0a1ba5View commit details -
In the functions that are registering and unregistering MAC addresses in the qeth-handled hardware, remove callback functions that are unnesessary, as only the return code is analyzed. Translate hardware response codes to semi-standard 'errno'-like codes for readability. Add kernel-doc description to the internal API function qeth_send_control_data(). Signed-off-by: Eugene Crosser <[email protected]> Signed-off-by: Ursula Braun <[email protected]> Reviewed-by: Thomas-Mich Richter <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for efbbc1d - Browse repository at this point
Copy the full SHA efbbc1dView commit details -
390/qeth: Fix locking warning during qeth device setup
Do not wait for channel command buffers in IPA commands. The potential wait could be done while holding a spin lock and causes in recent kernels such a bug if kernel lock debugging is enabled: kernel: BUG: sleeping function called from invalid context at drivers/s390/net/qeth_core_main.c: 794 kernel: in_atomic(): 1, irqs_disabled(): 0, pid: 2031, name: NetworkManager kernel: 2 locks held by NetworkManager/2031: kernel: #0: (rtnl_mutex){+.+.+.}, at: [<00000000006e0d7a>] rtnetlink_rcv+0x32/0x50 kernel: #1: (_xmit_ETHER){+.....}, at: [<00000000006cfe90>] dev_set_rx_mode+0x30/0x50 kernel: CPU: 0 PID: 2031 Comm: NetworkManager Not tainted 3.18.0-rc5-next-20141124 #1 kernel: 00000000275fb1f0 00000000275fb280 0000000000000002 0000000000000000 00000000275fb320 00000000275fb298 00000000275fb298 00000000007e326a 0000000000000000 000000000099ce2c 00000000009b4988 000000000000000b 00000000275fb2e0 00000000275fb280 0000000000000000 0000000000000000 0000000000000000 00000000001129c8 00000000275fb280 00000000275fb2e0 kernel: Call Trace: kernel: ([<00000000001128b0>] show_trace+0xf8/0x158) kernel: [<000000000011297a>] show_stack+0x6a/0xe8 kernel: [<00000000007e995a>] dump_stack+0x82/0xb0 kernel: [<000000000017d668>] ___might_sleep+0x170/0x228 kernel: [<000003ff80026f0e>] qeth_wait_for_buffer+0x36/0xd0 [qeth] kernel: [<000003ff80026fe2>] qeth_get_ipacmd_buffer+0x3a/0xc0 [qeth] kernel: [<000003ff80105078>] qeth_l3_send_setdelmc+0x58/0xf8 [qeth_l3] kernel: [<000003ff8010b1fe>] qeth_l3_set_ip_addr_list+0x2c6/0x848 [qeth_l3] kernel: [<000003ff8010bbb4>] qeth_l3_set_multicast_list+0x434/0xc48 [qeth_l3] kernel: [<00000000006cfe9a>] dev_set_rx_mode+0x3a/0x50 kernel: [<00000000006cff90>] __dev_open+0xe0/0x140 kernel: [<00000000006d02a0>] __dev_change_flags+0xa0/0x178 kernel: [<00000000006d03a8>] dev_change_flags+0x30/0x70 kernel: [<00000000006e14ee>] do_setlink+0x346/0x9a0 ... The device driver has plenty of command buffers available per channel for channel command communication. In the extremely rare case when there is no command buffer available, return a NULL pointer and issue a warning in the kernel log. The caller handles the case when a NULL pointer is encountered and returns an error. In the case the wait for command buffer is possible (because no lock is held as in the OSN case), still wait until a channel command buffer is available. Signed-off-by: Thomas Richter <[email protected]> Signed-off-by: Ursula Braun <[email protected]> Reviewed-by: Eugene Crosser <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1aec42b - Browse repository at this point
Copy the full SHA 1aec42bView commit details -
Ursula Braun says: ==================== s390/qeth patches for net here are two s390/qeth patches built for net. One patch is quite large, but we would like to fix the locking warning seen in recent kernels as soon as possible. But if you want me to submit these patches for net-next, I will do. Or Gerlitz says: ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 03a6058 - Browse repository at this point
Copy the full SHA 03a6058View commit details -
Merge branch 'drm-tda998x-fixes' of git://ftp.arm.linux.org.uk/~rmk/l…
…inux-arm into drm-fixes 3 fixes for the tda998x. * 'drm-tda998x-fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: drm/i2c: tda998x: set the CEC I2C address based on the slave I2C address drm: tda998x: Fix EDID read timeout on HDMI connect drm: tda998x: Protect the page register
Configuration menu - View commit details
-
Copy full SHA for 104b615 - Browse repository at this point
Copy the full SHA 104b615View commit details -
Merge tag 'linux-can-fixes-for-3.19-20150121' of git://git.kernel.org…
…/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2015-01-21 this is a pull request for v3.19, net/master, which consists of a single patch. Viktor Babrian fixes the issue in the c_can dirver, that the CAN interface might continue to send frames after the interface has been shut down. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e79ce6 - Browse repository at this point
Copy the full SHA 9e79ce6View commit details -
Merge tag 'v3.19-rc6' into drm-fixes
Linux 3.19-rc6 pull in rc6 as the amdkfd fixes are based on it, and I'd rather be doing the merges separately
Configuration menu - View commit details
-
Copy full SHA for 22cbbce - Browse repository at this point
Copy the full SHA 22cbbceView commit details -
Merge tag 'drm-amdkfd-fixes-2015-01-26' of git://people.freedesktop.o…
…rg/~gabbayo/linux into drm-fixes A couple of fixes for -rc7 in amdkfd: - Forgot to free resources when creation of queue has failed - Initialization of pipelines was incorrect (3 patches) In addition, The patch "drm/amdkfd: Allow user to limit only queues per device" is not a fix, but I would like to push it for 3.19 as it changes the ABI between amdkfd and userspace (by changing the module parameters). I would prefer *not* to support the two deprecated module parameters if I don't have too, as amdkfd hasn't been released yet. * tag 'drm-amdkfd-fixes-2015-01-26' of git://people.freedesktop.org/~gabbayo/linux: drm/amdkfd: Fix bug in call to init_pipelines() drm/amdkfd: Fix bug in pipelines initialization drm/radeon: Don't increment pipe_id in kgd_init_pipeline drm/amdkfd: Allow user to limit only queues per device drm/amdkfd: PQM handle queue creation fault
Configuration menu - View commit details
-
Copy full SHA for db9098b - Browse repository at this point
Copy the full SHA db9098bView commit details -
net: cls_bpf: fix size mismatch on filter preparation
In cls_bpf_modify_existing(), we read out the number of filter blocks, do some sanity checks, allocate a block on that size, and copy over the BPF instruction blob from user space, then pass everything through the classic BPF checker prior to installation of the classifier. We should reject mismatches here, there are 2 scenarios: the number of filter blocks could be smaller than the provided instruction blob, so we do a partial copy of the BPF program, and thus the instructions will either be rejected from the verifier or a valid BPF program will be run; in the other case, we'll end up copying more than we're supposed to, and most likely the trailing garbage will be rejected by the verifier as well (i.e. we need to fit instruction pattern, ret {A,K} needs to be last instruction, load/stores must be correct, etc); in case not, we would leak memory when dumping back instruction patterns. The code should have only used nla_len() as Dave noted to avoid this from the beginning. Anyway, lets fix it by rejecting such load attempts. Fixes: 7d1d65c ("net: sched: cls_bpf: add BPF-based classifier") Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7913ecf - Browse repository at this point
Copy the full SHA 7913ecfView commit details -
net: cls_bpf: fix auto generation of per list handles
When creating a bpf classifier in tc with priority collisions and invoking automatic unique handle assignment, cls_bpf_grab_new_handle() will return a wrong handle id which in fact is non-unique. Usually altering of specific filters is being addressed over major id, but in case of collisions we result in a filter chain, where handle ids address individual cls_bpf_progs inside the classifier. Issue is, in cls_bpf_grab_new_handle() we probe for head->hgen handle in cls_bpf_get() and in case we found a free handle, we're supposed to use exactly head->hgen. In case of insufficient numbers of handles, we bail out later as handle id 0 is not allowed. Fixes: 7d1d65c ("net: sched: cls_bpf: add BPF-based classifier") Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Jiri Pirko <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3f2ab13 - Browse repository at this point
Copy the full SHA 3f2ab13View commit details -
Daniel Borkmann says: ==================== Two cls_bpf fixes Found them while doing a review on act_bpf and going over the cls_bpf code again. Will also address the first issue in act_bpf as it needs to be fixed there, too. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b6663ad - Browse repository at this point
Copy the full SHA b6663adView commit details -
Merge branch 'drm-fixes-3.19' of git://people.freedesktop.org/~agd5f/…
…linux into drm-fixes Suspend/resume regression fix for 3.19. * 'drm-fixes-3.19' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: Remove rdev->gart.pages_addr array drm/radeon: Restore GART table contents after pinning it in VRAM v3 drm/radeon: Split off gart_get_page_entry ASIC hook from set_page_entry
Configuration menu - View commit details
-
Copy full SHA for 5159571 - Browse repository at this point
Copy the full SHA 5159571View commit details
Commits on Jan 27, 2015
-
drivers: net: cpsw: discard dual emac default vlan configuration
In Dual EMAC, the default VLANs are used to segregate Rx packets between the ports, so adding the same default VLAN to the switch will affect the normal packet transfers. So returning error on addition of dual EMAC default VLANs. Even if EMAC 0 default port VLAN is added to EMAC 1, it will lead to break dual EMAC port separations. Fixes: d9ba8f9 (driver: net: ethernet: cpsw: dual emac interface implementation) Cc: <[email protected]> # v3.9+ Reported-by: Felipe Balbi <[email protected]> Signed-off-by: Mugunthan V N <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 02a5416 - Browse repository at this point
Copy the full SHA 02a5416View commit details -
sh_eth: Fix padding of short frames on TX
If an skb to be transmitted is shorter than the minimum Ethernet frame length, we currently set the DMA descriptor length to the minimum but do not add zero-padding. This could result in leaking sensitive data. We also pass different lengths to dma_map_single() and dma_unmap_single(). Use skb_padto() to pad properly, before calling dma_map_single(). Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for eebfb64 - Browse repository at this point
Copy the full SHA eebfb64View commit details -
sh_eth: Detach net device when stopping queue to resize DMA rings
We must only ever stop TX queues when they are full or the net device is not 'ready' so far as the net core, and specifically the watchdog, is concerned. Otherwise, the watchdog may fire *immediately* if no packets have been added to the queue in the last 5 seconds. What's more, sh_eth_tx_timeout() will likely crash if called while we're resizing the TX ring. I could easily trigger this by running the loop: while ethtool -G eth0 rx 128 && ethtool -G eth0 rx 64; do echo -n .; done Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bd88891 - Browse repository at this point
Copy the full SHA bd88891View commit details -
sh_eth: Fix crash or memory leak when resizing rings on device that i…
…s down If the device is down then no packet buffers should be allocated. We also must not touch its registers as it may be powered off. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 084236d - Browse repository at this point
Copy the full SHA 084236dView commit details -
sh_eth: Fix serialisation of interrupt disable with interrupt & NAPI …
…handlers In order to stop the RX path accessing the RX ring while it's being stopped or resized, we clear the interrupt mask (EESIPR) and then call free_irq() or synchronise_irq(). This is insufficient because the interrupt handler or NAPI poller may set EESIPR again after we clear it. Also, in sh_eth_set_ringparam() we currently don't disable NAPI polling at all. I could easily trigger a crash by running the loop: while ethtool -G eth0 rx 128 && ethtool -G eth0 rx 64; do echo -n .; done and 'ping -f' toward the sh_eth port from another machine. To fix this: - Add a software flag (irq_enabled) to signal whether interrupts should be enabled - In the interrupt handler, if the flag is clear then clear EESIPR and return - In the NAPI poller, if the flag is clear then don't set EESIPR - Set the flag before enabling interrupts in sh_eth_dev_init() and sh_eth_set_ringparam() - Clear the flag and serialise with the interrupt and NAPI handlers before clearing EESIPR in sh_eth_close() and sh_eth_set_ringparam() After this, I could run the loop for 100,000 iterations successfully. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 283e38d - Browse repository at this point
Copy the full SHA 283e38dView commit details -
Ben Hutchings says: ==================== Fixes for sh_eth #2 I'm continuing review and testing of Ethernet support on the R-Car H2 chip. This series fixes more of the issues I've found, but it won't be the last set. These are not tested on any of the other supported chips. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9d08da9 - Browse repository at this point
Copy the full SHA 9d08da9View commit details -
net: mv643xx_eth: Fix highmem support in non-TSO egress path
Commit 69ad0dd Author: Ezequiel Garcia <[email protected]> Date: Mon May 19 13:59:59 2014 -0300 net: mv643xx_eth: Use dma_map_single() to map the skb fragments caused a nasty regression by removing the support for highmem skb fragments. By using page_address() to get the address of a fragment's page, we are assuming a lowmem page. However, such assumption is incorrect, as fragments can be in highmem pages, resulting in very nasty issues. This commit fixes this by using the skb_frag_dma_map() helper, which takes care of mapping the skb fragment properly. Additionally, the type of mapping is now tracked, so it can be unmapped using dma_unmap_page or dma_unmap_single when appropriate. This commit also fixes the error path in txq_init() to release the resources properly. Fixes: 69ad0dd ("net: mv643xx_eth: Use dma_map_single() to map the skb fragments") Reported-by: Russell King <[email protected]> Signed-off-by: Ezequiel Garcia <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9e91141 - Browse repository at this point
Copy the full SHA 9e91141View commit details -
net: sctp: fix slab corruption from use after free on INIT collisions
When hitting an INIT collision case during the 4WHS with AUTH enabled, as already described in detail in commit 1be9a95 ("net: sctp: inherit auth_capable on INIT collisions"), it can happen that we occasionally still remotely trigger the following panic on server side which seems to have been uncovered after the fix from commit 1be9a95 ... [ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff [ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230 [ 533.940559] PGD 5030f2067 PUD 0 [ 533.957104] Oops: 0000 [#1] SMP [ 533.974283] Modules linked in: sctp mlx4_en [...] [ 534.939704] Call Trace: [ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0 [ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0 [ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170 [ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0 [ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50 [ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp] [ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0 [ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b ... or depending on the the application, for example this one: [ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff [ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0 [ 1370.054568] PGD 633c94067 PUD 0 [ 1370.070446] Oops: 0000 [#1] SMP [ 1370.085010] Modules linked in: sctp kvm_amd kvm [...] [ 1370.963431] Call Trace: [ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960 [ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960 [ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170 [ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130 [ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b With slab debugging enabled, we can see that the poison has been overwritten: [ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten [ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b [ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494 [ 669.826424] __slab_alloc+0x4bf/0x566 [ 669.826433] __kmalloc+0x280/0x310 [ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp] [ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp] [ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp] [ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...] [ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494 [ 669.826635] __slab_free+0x39/0x2a8 [ 669.826643] kfree+0x1d6/0x230 [ 669.826650] kzfree+0x31/0x40 [ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp] [ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp] [ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp] Since this only triggers in some collision-cases with AUTH, the problem at heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice when having refcnt 1, once directly in sctp_assoc_update() and yet again from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on the already kzfree'd memory, which is also consistent with the observation of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected at a later point in time when poison is checked on new allocation). Reference counting of auth keys revisited: Shared keys for AUTH chunks are being stored in endpoints and associations in endpoint_shared_keys list. On endpoint creation, a null key is being added; on association creation, all endpoint shared keys are being cached and thus cloned over to the association. struct sctp_shared_key only holds a pointer to the actual key bytes, that is, struct sctp_auth_bytes which keeps track of users internally through refcounting. Naturally, on assoc or enpoint destruction, sctp_shared_key are being destroyed directly and the reference on sctp_auth_bytes dropped. User space can add keys to either list via setsockopt(2) through struct sctp_authkey and by passing that to sctp_auth_set_key() which replaces or adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes with refcount 1 and in case of replacement drops the reference on the old sctp_auth_bytes. A key can be set active from user space through setsockopt() on the id via sctp_auth_set_active_key(), which iterates through either endpoint_shared_keys and in case of an assoc, invokes (one of various places) sctp_auth_asoc_init_active_key(). sctp_auth_asoc_init_active_key() computes the actual secret from local's and peer's random, hmac and shared key parameters and returns a new key directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops the reference if there was a previous one. The secret, which where we eventually double drop the ref comes from sctp_auth_asoc_set_secret() with intitial refcount of 1, which also stays unchanged eventually in sctp_assoc_update(). This key is later being used for crypto layer to set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac(). To close the loop: asoc->asoc_shared_key is freshly allocated secret material and independant of the sctp_shared_key management keeping track of only shared keys in endpoints and assocs. Hence, also commit 4184b2a ("net: sctp: fix memory leak in auth key management") is independant of this bug here since it concerns a different layer (though same structures being used eventually). asoc->asoc_shared_key is reference dropped correctly on assoc destruction in sctp_association_free() and when active keys are being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is to remove that sctp_auth_key_put() from there which fixes these panics. Fixes: 730fc3d ("[SCTP]: Implete SCTP-AUTH parameter processing") Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Vlad Yasevich <[email protected]> Acked-by: Neil Horman <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 600ddd6 - Browse repository at this point
Copy the full SHA 600ddd6View commit details -
bpf: rcu lock must not be held when calling copy_to_user()
BUG: sleeping function called from invalid context at mm/memory.c:3732 in_atomic(): 0, irqs_disabled(): 0, pid: 671, name: test_maps 1 lock held by test_maps/671: #0: (rcu_read_lock){......}, at: [<0000000000264190>] map_lookup_elem+0xe8/0x260 Call Trace: ([<0000000000115b7e>] show_trace+0x12e/0x150) [<0000000000115c40>] show_stack+0xa0/0x100 [<00000000009b163c>] dump_stack+0x74/0xc8 [<000000000017424a>] ___might_sleep+0x23a/0x248 [<00000000002b58e8>] might_fault+0x70/0xe8 [<0000000000264230>] map_lookup_elem+0x188/0x260 [<0000000000264716>] SyS_bpf+0x20e/0x840 Fix it by allocating temporary buffer to store map element value. Fixes: db20fd2 ("bpf: add lookup/update/delete/iterate methods to BPF maps") Reported-by: Michael Holzheu <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Daniel Borkmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8ebe667 - Browse repository at this point
Copy the full SHA 8ebe667View commit details -
samples: bpf: relax test_maps check
hash map is unordered, so get_next_key() iterator shouldn't rely on particular order of elements. So relax this test. Fixes: ffb65f2 ("bpf: add a testsuite for eBPF maps") Reported-by: Michael Holzheu <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Daniel Borkmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ba1a68b - Browse repository at this point
Copy the full SHA ba1a68bView commit details -
Alexei Starovoitov says: ==================== bpf: fix two bugs Michael Holzheu caught two issues (in bpf syscall and in the test). Fix them. Details in corresponding patches. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 412d290 - Browse repository at this point
Copy the full SHA 412d290View commit details -
ipv4: try to cache dst_entries which would cause a redirect
Not caching dst_entries which cause redirects could be exploited by hosts on the same subnet, causing a severe DoS attack. This effect aggravated since commit f886497 ("ipv4: fix dst race in sk_dst_get()"). Lookups causing redirects will be allocated with DST_NOCACHE set which will force dst_release to free them via RCU. Unfortunately waiting for RCU grace period just takes too long, we can end up with >1M dst_entries waiting to be released and the system will run OOM. rcuos threads cannot catch up under high softirq load. Attaching the flag to emit a redirect later on to the specific skb allows us to cache those dst_entries thus reducing the pressure on allocation and deallocation. This issue was discovered by Marcelo Leitner. Cc: Julian Anastasov <[email protected]> Signed-off-by: Marcelo Leitner <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Hannes Frederic Sowa <[email protected]> Signed-off-by: Julian Anastasov <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for df4d925 - Browse repository at this point
Copy the full SHA df4d925View commit details -
Merge tag 'mac80211-for-davem-2015-01-23' of git://git.kernel.org/pub…
…/scm/linux/kernel/git/jberg/mac80211 Another set of last-minute fixes: * fix station double-removal when suspending while associating * fix the HT (802.11n) header length calculation * fix the CCK radiotap flag used for monitoring, a pretty old regression but a simple one-liner * fix per-station group-key handling Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7d63585 - Browse repository at this point
Copy the full SHA 7d63585View commit details -
can: kvaser_usb: Do not sleep in atomic context
Upon receiving a hardware event with the BUS_RESET flag set, the driver kills all of its anchored URBs and resets all of its transmit URB contexts. Unfortunately it does so under the context of URB completion handler `kvaser_usb_read_bulk_callback()', which is often called in an atomic context. While the device is flooded with many received error packets, usb_kill_urb() typically sleeps/reschedules till the transfer request of each killed URB in question completes, leading to the sleep in atomic bug. [3] In v2 submission of the original driver patch [1], it was stated that the URBs kill and tx contexts reset was needed since we don't receive any tx acknowledgments later and thus such resources will be locked down forever. Fortunately this is no longer needed since an earlier bugfix in this patch series is now applied: all tx URB contexts are reset upon CAN channel close. [2] Moreover, a BUS_RESET is now treated _exactly_ like a BUS_OFF event, which is the recommended handling method advised by the device manufacturer. [1] http://article.gmane.org/gmane.linux.network/239442 http://www.webcitation.org/6Vr2yagAQ [2] can: kvaser_usb: Reset all URB tx contexts upon channel close 889b77f [3] Stacktrace: <IRQ> [<ffffffff8158de87>] dump_stack+0x45/0x57 [<ffffffff8158b60c>] __schedule_bug+0x41/0x4f [<ffffffff815904b1>] __schedule+0x5f1/0x700 [<ffffffff8159360a>] ? _raw_spin_unlock_irqrestore+0xa/0x10 [<ffffffff81590684>] schedule+0x24/0x70 [<ffffffff8147d0a5>] usb_kill_urb+0x65/0xa0 [<ffffffff81077970>] ? prepare_to_wait_event+0x110/0x110 [<ffffffff8147d7d8>] usb_kill_anchored_urbs+0x48/0x80 [<ffffffffa01f4028>] kvaser_usb_unlink_tx_urbs+0x18/0x50 [kvaser_usb] [<ffffffffa01f45d0>] kvaser_usb_rx_error+0xc0/0x400 [kvaser_usb] [<ffffffff8108b14a>] ? vprintk_default+0x1a/0x20 [<ffffffffa01f5241>] kvaser_usb_read_bulk_callback+0x4c1/0x5f0 [kvaser_usb] [<ffffffff8147a73e>] __usb_hcd_giveback_urb+0x5e/0xc0 [<ffffffff8147a8a1>] usb_hcd_giveback_urb+0x41/0x110 [<ffffffffa0008748>] finish_urb+0x98/0x180 [ohci_hcd] [<ffffffff810cd1a7>] ? acct_account_cputime+0x17/0x20 [<ffffffff81069f65>] ? local_clock+0x15/0x30 [<ffffffffa000a36b>] ohci_work+0x1fb/0x5a0 [ohci_hcd] [<ffffffff814fbb31>] ? process_backlog+0xb1/0x130 [<ffffffffa000cd5b>] ohci_irq+0xeb/0x270 [ohci_hcd] [<ffffffff81479fc1>] usb_hcd_irq+0x21/0x30 [<ffffffff8108bfd3>] handle_irq_event_percpu+0x43/0x120 [<ffffffff8108c0ed>] handle_irq_event+0x3d/0x60 [<ffffffff8108ec84>] handle_fasteoi_irq+0x74/0x110 [<ffffffff81004dfd>] handle_irq+0x1d/0x30 [<ffffffff81004727>] do_IRQ+0x57/0x100 [<ffffffff8159482a>] common_interrupt+0x6a/0x6a Signed-off-by: Ahmed S. Darwish <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ded5006 - Browse repository at this point
Copy the full SHA ded5006View commit details -
can: kvaser_usb: Send correct context to URB completion
Send expected argument to the URB completion hander: a CAN netdevice instead of the network interface private context `kvaser_usb_net_priv'. This was discovered by having some garbage in the kernel log in place of the netdevice names: can0 and can1. Signed-off-by: Ahmed S. Darwish <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3803fa6 - Browse repository at this point
Copy the full SHA 3803fa6View commit details -
can: kvaser_usb: Retry the first bulk transfer on -ETIMEDOUT
On some x86 laptops, plugging a Kvaser device again after an unplug makes the firmware always ignore the very first command. For such a case, provide some room for retries instead of completely exiting the driver init code. Signed-off-by: Ahmed S. Darwish <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 14c10c2 - Browse repository at this point
Copy the full SHA 14c10c2View commit details -
can: kvaser_usb: Fix state handling upon BUS_ERROR events
While being in an ERROR_WARNING state, and receiving further bus error events with error counters still in the ERROR_WARNING range of 97-127 inclusive, the state handling code erroneously reverts back to ERROR_ACTIVE. Per the CAN standard, only revert to ERROR_ACTIVE when the error counters are less than 96. Moreover, in certain Kvaser models, the BUS_ERROR flag is always set along with undefined bits in the M16C status register. Thus use bitwise operators instead of full equality for checking that register against bus errors. Signed-off-by: Ahmed S. Darwish <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e638642 - Browse repository at this point
Copy the full SHA e638642View commit details -
udp_diag: Fix socket skipping within chain
While working on rhashtable walking I noticed that the UDP diag dumping code is buggy. In particular, the socket skipping within a chain never happens, even though we record the number of sockets that should be skipped. As this code was supposedly copied from TCP, this patch does what TCP does and resets num before we walk a chain. Signed-off-by: Herbert Xu <[email protected]> Acked-by: Pavel Emelyanov <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 86f3cdd - Browse repository at this point
Copy the full SHA 86f3cddView commit details -
ping: Fix race in free in receive path
An exception is seen in ICMP ping receive path where the skb destructor sock_rfree() tries to access a freed socket. This happens because ping_rcv() releases socket reference with sock_put() and this internally frees up the socket. Later icmp_rcv() will try to free the skb and as part of this, skb destructor is called and which leads to a kernel panic as the socket is freed already in ping_rcv(). -->|exception -007|sk_mem_uncharge -007|sock_rfree -008|skb_release_head_state -009|skb_release_all -009|__kfree_skb -010|kfree_skb -011|icmp_rcv -012|ip_local_deliver_finish Fix this incorrect free by cloning this skb and processing this cloned skb instead. This patch was suggested by Eric Dumazet Signed-off-by: Subash Abhinov Kasiviswanathan <[email protected]> Cc: Eric Dumazet <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fc752f1 - Browse repository at this point
Copy the full SHA fc752f1View commit details -
Merge tag 'linux-can-fixes-for-3.19-20150127' of git://git.kernel.org…
…/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2015-01-27 this is another pull request for net/master which consists of 4 patches. All 4 patches are contributed by Ahmed S. Darwish, he fixes more problems in the kvaser_usb driver. David, please merge net/master to net-next/master, as we have more kvaser_usb patches in the queue, that target net-next. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8d8d67f - Browse repository at this point
Copy the full SHA 8d8d67fView commit details -
sh_eth: Remove RX overflow log messages
If RX traffic is overflowing the FIFO or DMA ring, logging every time this happens just makes things worse. These errors are visible in the statistics anyway. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dc1d0e6 - Browse repository at this point
Copy the full SHA dc1d0e6View commit details -
sh_eth: Ensure DMA engines are stopped before freeing buffers
Currently we try to clear EDRRR and EDTRR and immediately continue to free buffers. This is unsafe because: - In general, register writes are not serialised with DMA, so we still have to wait for DMA to complete somehow - The R8A7790 (R-Car H2) manual states that the TX running flag cannot be cleared by writing to EDTRR - The same manual states that clearing the RX running flag only stops RX DMA at the next packet boundary I applied this patch to the driver to detect DMA writes to freed buffers: > --- a/drivers/net/ethernet/renesas/sh_eth.c > +++ b/drivers/net/ethernet/renesas/sh_eth.c > @@ -1098,7 +1098,14 @@ static void sh_eth_ring_free(struct net_device *ndev) > /* Free Rx skb ringbuffer */ > if (mdp->rx_skbuff) { > for (i = 0; i < mdp->num_rx_ring; i++) > + memcpy(mdp->rx_skbuff[i]->data, > + "Hello, world", 12); > + msleep(100); > + for (i = 0; i < mdp->num_rx_ring; i++) { > + WARN_ON(memcmp(mdp->rx_skbuff[i]->data, > + "Hello, world", 12)); > dev_kfree_skb(mdp->rx_skbuff[i]); > + } > } > kfree(mdp->rx_skbuff); > mdp->rx_skbuff = NULL; then ran the loop: while ethtool -G eth0 rx 128 ; ethtool -G eth0 rx 64; do echo -n .; done and 'ping -f' toward the sh_eth port from another machine. The warning fired several times a minute. To fix these issues: - Deactivate all TX descriptors rather than writing to EDTRR - As there seems to be no way of telling when RX DMA is stopped, perform a soft reset to ensure that both DMA enginess are stopped - To reduce the possibility of the reset truncating a transmitted frame, disable egress and wait a reasonable time to reach a packet boundary before resetting - Update statistics before resetting (The 'reasonable time' does not allow for CS/CD in half-duplex mode, but half-duplex no longer seems reasonable!) Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 740c7f3 - Browse repository at this point
Copy the full SHA 740c7f3View commit details -
sh_eth: Check for DMA mapping errors on transmit
dma_map_single() may fail if an IOMMU or swiotlb is in use, so we need to check for this. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aa3933b - Browse repository at this point
Copy the full SHA aa3933bView commit details -
sh_eth: Fix DMA-API usage for RX buffers
- Use the return value of dma_map_single(), rather than calling virt_to_page() separately - Check for mapping failue - Call dma_unmap_single() rather than dma_sync_single_for_cpu() Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 52b9fa3 - Browse repository at this point
Copy the full SHA 52b9fa3View commit details -
Ben Hutchings says: ==================== Fixes for sh_eth #3 I'm continuing review and testing of Ethernet support on the R-Car H2 chip. This series fixes the last of the more serious issues I've found. These are not tested on any of the other supported chips. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2257760 - Browse repository at this point
Copy the full SHA 2257760View commit details -
ipv6: replacing a rt6_info needs to purge possible propagated rt6_inf…
…os too Lubomir Rintel reported that during replacing a route the interface reference counter isn't correctly decremented. To quote bug <https://bugzilla.kernel.org/show_bug.cgi?id=91941>: | [root@rhel7-5 lkundrak]# sh -x lal | + ip link add dev0 type dummy | + ip link set dev0 up | + ip link add dev1 type dummy | + ip link set dev1 up | + ip addr add 2001:db8:8086::2/64 dev dev0 | + ip route add 2001:db8:8086::/48 dev dev0 proto static metric 20 | + ip route add 2001:db8:8088::/48 dev dev1 proto static metric 10 | + ip route replace 2001:db8:8086::/48 dev dev1 proto static metric 20 | + ip link del dev0 type dummy | Message from syslogd@rhel7-5 at Jan 23 10:54:41 ... | kernel:unregister_netdevice: waiting for dev0 to become free. Usage count = 2 | | Message from syslogd@rhel7-5 at Jan 23 10:54:51 ... | kernel:unregister_netdevice: waiting for dev0 to become free. Usage count = 2 During replacement of a rt6_info we must walk all parent nodes and check if the to be replaced rt6_info got propagated. If so, replace it with an alive one. Fixes: 4a287eb ("IPv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag") Reported-by: Lubomir Rintel <[email protected]> Signed-off-by: Hannes Frederic Sowa <[email protected]> Tested-by: Lubomir Rintel <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e9e16e - Browse repository at this point
Copy the full SHA 6e9e16eView commit details -
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/gi…
…t/klassert/ipsec Steffen Klassert says: ==================== ipsec 2015-01-26 Just two small fixes for _decode_session6() where we might decode to wrong header information in some rare situations. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bf693f7 - Browse repository at this point
Copy the full SHA bf693f7View commit details -
bnx2x: fix napi poll return value for repoll
With the commit d75b1ad ("net: less interrupt masking in NAPI") napi repoll is done only when work_done == budget. When in busy_poll is we return 0 in napi_poll. We should return budget. Signed-off-by: Govindarajulu Varadarajan <[email protected]> Acked-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 24e579c - Browse repository at this point
Copy the full SHA 24e579cView commit details -
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/ker…
…nel/git/rusty/linux Pull one more module fix from Rusty Russell: "SCSI was using module_refcount() to figure out when the module was unloading: this broke with new atomic refcounting. The code is still suspicious, but this solves the WARN_ON()" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: scsi: always increment reference count
Configuration menu - View commit details
-
Copy full SHA for 41592e2 - Browse repository at this point
Copy the full SHA 41592e2View commit details -
Merge tag 'powerpc-3.19-5' of git://git.kernel.org/pub/scm/linux/kern…
…el/git/mpe/linux Pull powerpc fixes from Michael Ellerman: "Two powerpc fixes" * tag 'powerpc-3.19-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux: powerpc/powernv: Restore LPCR with LPCR_PECE1 cleared powerpc/xmon: Fix another endiannes issue in RTAS call from xmon
Configuration menu - View commit details
-
Copy full SHA for 7da323b - Browse repository at this point
Copy the full SHA 7da323bView commit details -
stmmac: prevent probe drivers to crash kernel
In the case when alloc_netdev fails we return NULL to a caller. But there is no check for NULL in the probe drivers. This patch changes NULL to an error pointer. The function description is amended to reflect what we may get returned. Signed-off-by: Andy Shevchenko <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9afec6e - Browse repository at this point
Copy the full SHA 9afec6eView commit details -
Signed-off-by: Christoph Hellwig <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 06539d3 - Browse repository at this point
Copy the full SHA 06539d3View commit details -
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Don't OOPS on socket AIO, from Christoph Hellwig. 2) Scheduled scans should be aborted upon RFKILL, from Emmanuel Grumbach. 3) Fix sleep in atomic context in kvaser_usb, from Ahmed S Darwish. 4) Fix RCU locking across copy_to_user() in bpf code, from Alexei Starovoitov. 5) Lots of crash, memory leak, short TX packet et al bug fixes in sh_eth from Ben Hutchings. 6) Fix memory corruption in SCTP wrt. INIT collitions, from Daniel Borkmann. 7) Fix return value logic for poll handlers in netxen, enic, and bnx2x. From Eric Dumazet and Govindarajulu Varadarajan. 8) Header length calculation fix in mac80211 from Fred Chou. 9) mv643xx_eth doesn't handle highmem correctly in non-TSO code paths. From Ezequiel Garcia. 10) udp_diag has bogus logic in it's hash chain skipping, copy same fix tcp diag used. From Herbert Xu. 11) amd-xgbe programs wrong rx flow control register, from Thomas Lendacky. 12) Fix race leading to use after free in ping receive path, from Subash Abhinov Kasiviswanathan. 13) Cache redirect routes otherwise we can get a heavy backlog of rcu jobs liberating DST_NOCACHE entries. From Hannes Frederic Sowa. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (48 commits) net: don't OOPS on socket aio stmmac: prevent probe drivers to crash kernel bnx2x: fix napi poll return value for repoll ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too sh_eth: Fix DMA-API usage for RX buffers sh_eth: Check for DMA mapping errors on transmit sh_eth: Ensure DMA engines are stopped before freeing buffers sh_eth: Remove RX overflow log messages ping: Fix race in free in receive path udp_diag: Fix socket skipping within chain can: kvaser_usb: Fix state handling upon BUS_ERROR events can: kvaser_usb: Retry the first bulk transfer on -ETIMEDOUT can: kvaser_usb: Send correct context to URB completion can: kvaser_usb: Do not sleep in atomic context ipv4: try to cache dst_entries which would cause a redirect samples: bpf: relax test_maps check bpf: rcu lock must not be held when calling copy_to_user() net: sctp: fix slab corruption from use after free on INIT collisions net: mv643xx_eth: Fix highmem support in non-TSO egress path sh_eth: Fix serialisation of interrupt disable with interrupt & NAPI handlers ...
Configuration menu - View commit details
-
Copy full SHA for 59343cd - Browse repository at this point
Copy the full SHA 59343cdView commit details
Commits on Jan 28, 2015
-
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie: "This feels larger than I'd like but its for three reasons. a) amdkfd finalising the API more, this is a new feature introduced last merge window, and I'd prefer to make the tweaks to the API before it first gets into a stable release. b) radeon regression required splitting an internal API to fix properly, so it just changed a few more lines c) vmwgfx fix changes a lock from a mutex->spin lock, this is fallout from the new sleep checking. Otherwise there is just some tda998x fixes" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: Remove rdev->gart.pages_addr array drm/radeon: Restore GART table contents after pinning it in VRAM v3 drm/radeon: Split off gart_get_page_entry ASIC hook from set_page_entry drm/amdkfd: Fix bug in call to init_pipelines() drm/amdkfd: Fix bug in pipelines initialization drm/radeon: Don't increment pipe_id in kgd_init_pipeline drm/i2c: tda998x: set the CEC I2C address based on the slave I2C address drm/vmwgfx: Replace the hw mutex with a hw spinlock drm/amdkfd: Allow user to limit only queues per device drm/amdkfd: PQM handle queue creation fault drm: tda998x: Fix EDID read timeout on HDMI connect drm: tda998x: Protect the page register
Configuration menu - View commit details
-
Copy full SHA for c59c961 - Browse repository at this point
Copy the full SHA c59c961View commit details