Commit Graph

90970 Commits

Author SHA1 Message Date
Tom Quetchenbach
8d390efd90 tcp: tcp_probe buffer overflow and incorrect return value
tcp_probe has a bounds-checking bug that causes many programs (less,
python) to crash reading /proc/net/tcp_probe. When it outputs a log
line to the reader, it only checks if that line alone will fit in the
reader's buffer, rather than that line and all the previous lines it
has already written.

tcpprobe_read also returns the wrong value if copy_to_user fails--it
just passes on the return value of copy_to_user (number of bytes not
copied), which makes a failure look like a success.

This patch fixes the buffer overflow and sets the return value to
-EFAULT if copy_to_user fails.

Patch is against latest net-2.6; tested briefly and seems to fix the
crashes in less and python.

Signed-off-by: Tom Quetchenbach <virtualphtn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 21:11:58 -07:00
Matheos Worku
a5d6ab56da niu: Add support for Neptune FEM/NEM cards for C10 server blades
[ Minor coding style and whitespace corrections, also bump
  driver version and release date. -DaveM ]

Signed-off-by: Matheos Worku <matheos.worku@sun.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 21:09:20 -07:00
Matheos Worku
7f7c4072ea niu: Determine the # of ports from the card's VPD data
[ Fix minor whitespace and coding style stuff... -DaveM ]

Signed-off-by: Matheos Worku <matheos.worku@sun.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 21:02:37 -07:00
Mandeep Singh Baines
c5835df971 ethtool: EEPROM dump no longer works for tg3 and natsemi
In the ethtool user-space application, tg3 and natsemi over-ride the
default implementation of dump_eeprom(). In both tg3_dump_eeprom() and
natsemi_dump_eeprom(), there is a magic number check which is not
present in the default implementation.

Commit b131dd5d ("[ETHTOOL]: Add support for large eeproms") snipped
the code which copied the ethtool_eeprom structure back to
user-space. tg3 and natsemi are over-writing the magic number field
and then checking it in user-space. With the ethtool_eeprom copy
removed, the check is failing.

The fix is simple. Add the ethtool_eeprom copy back.

Signed-off-by: Mandeep Singh Baines <msb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 20:55:56 -07:00
Brian Haley
2db3e47e70 af_key: Fix af_key.c compiler warning
net/key/af_key.c: In function ‘pfkey_spddelete’:
net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in 
this function

When CONFIG_SECURITY_NETWORK_XFRM isn't set, 
security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so 
this seemed like the easiest fix short of using *uninitialized_var(pol_ctx).

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 20:38:31 -07:00
David S. Miller
9edb74cc6c tun: Multicast handling in tun_chr_ioctl() needs proper locking.
Since these operations don't go through the normal
device calls, we have to ensure we synchronize with
those paths.

Noticed by Alan Cox.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 03:44:43 -07:00
Pavel Emelyanov
5e659e4cb0 [NET]: Fix heavy stack usage in seq_file output routines.
Plan C: we can follow the Al Viro's proposal about %n like in this patch.
The same applies to udp, fib (the /proc/net/route file), rt_cache and 
sctp debug. This is minus ~150-200 bytes for each.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 01:02:16 -07:00
David Woodhouse
3d36696024 [AF_UNIX] Initialise UNIX sockets before general device initcalls
When drivers call request_module(), it tries to do something with UNIX
sockets and triggers a 'runaway loop modprobe net-pf-1' warning. Avoid
this by initialising AF_UNIX support earlier.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24 00:59:25 -07:00
Patrick McHardy
c9c1014b2b [RTNETLINK]: Fix bogus ASSERT_RTNL warning
ASSERT_RTNL uses mutex_trylock to test whether the rtnl_mutex is
held. This bogus warnings when running in atomic context, which
f.e. happens when adding secondary unicast addresses through
macvlan or vlan or when synchronizing multicast addresses from
wireless devices.

Mid-term we might want to consider moving all address updates
to process context since the locking seems overly complicated,
for now just fix the bogus warning by changing ASSERT_RTNL to
use mutex_is_locked().

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 22:10:48 -07:00
David S. Miller
6440be177f Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6 2008-04-23 19:44:58 -07:00
Zhu Yi
49186b4a08 iwlwifi: Fix built-in compilation of iwlcore (part 2)
On Wed, 2008-04-23 at 13:38 +0300, Tomas Winkler wrote:
> This patch fixes problem in Makefile that prevented
> built-in compilation of iwlcore

Here is the second part. Without this,
drivers/net/wireless/iwlwifi/build-in.o will not be linked into vmlinux.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 19:44:13 -07:00
David S. Miller
48abfe05cd tun: Fix minor race in TUNSETLINK ioctl handling.
Noticed by Alan Cox.

The IFF_UP test is a bit racey, because other entities
outside of this driver's ioctl handler can modify that
state, even though this ioctl handler runs under
lock_kernel().

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 19:37:58 -07:00
Paulius Zaleckas
8c0469cdd0 ppp_generic: use stats from net_device structure
Use stats which now is in the net_device instead of one declared in
ppp structure.
Kill ppp_net_stats function, because by default it is used identical
internal_stats function from net/core/dev.c

Signed-of-by: Paulius Zaleckas <paulius.zaleckas@teltonika.lt>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 18:54:01 -07:00
Roland Dreier
099714934d iwlwifi: Don't unlock priv->mutex if it isn't locked
Commit b716bb91 ("iwlwifi: Cancel scanning upon association") moved the
test of priv->vif in iwl{3945,4964}_mac_config_interface() outside of
where priv->mutex is held, but still tries to do mutex_unlock() on
return.  This is clearly wrong and triggers a nasty lockdep warning when
this codepath is triggered.  Fix this by removing the mutex_unlock().

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:36 -04:00
Roel Kluin
4d381ffb02 wireless: rndis_wlan: modparam_workaround_interval is never below 0.
priv->param_workaround_interval is unsigned, modparam_workaround_interval not.
the former is never < 0.

Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:36 -04:00
Roel Kluin
8ba82e969f prism54: prism54_get_encode() test below 0 on unsigned index
previously in this function:

u32 index = (dwrq->flags & IW_ENCODE_INDEX) - 1;

index is unsigned, so if -1, the original test (below) didn't work.

Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:36 -04:00
Luis Carlos Cobo
d619ee0849 mac80211: update mesh EID values
This patch updates mesh EID values, some of which where conflicting with
already-approved 11h EIDs (pointed out by Tomas Winkler). I wanted to use the
values suggested in the last available 802.11 draft (2.0) but it assigns 50 to
MESH_CONFIG, the same value than EXT_SUPP_RATES. Using the values proposed in
the draft incremented by one.

Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:36 -04:00
Michael Buesch
1033b3ea11 b43: Workaround DMA quirks
Some mainboards/CPUs don't allow DMA masks bigger than a certain limit.
Some VIA crap^h^h^h^hdevices have an upper limit of 0xFFFFFFFF. So in this
case a 64-bit b43 device would always fail to acquire the mask.
Implement a workaround to fallback to lower DMA mask, as we can always
also support a lower mask.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:36 -04:00
Ron Rindjunsky
0da926f057 mac80211: fix use before check of Qdisc length
This patch fixes use of Qdisc length in requeue function, before we checked
the reference is valid. (Adrian Bunk's catch)

Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:35 -04:00
Adrian Bunk
13d8fd2d15 net/mac80211/rx.c: fix off-by-one
This patch fixes an off-by-one in net/mac80211/rx.c introduced by
commit 8318d78a44
(cfg80211 API for channels/bitrates, mac80211 and driver conversion)
and spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:35 -04:00
Pavel Emelyanov
1ebebea8e8 mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.
The put routine first decrements the users counter and then
(if it is zero) locks the sta_bss_lock and removes one from
the list and the hash.

Thus, any of ieee80211_sta_config_auth, ieee80211_rx_bss_get
or ieee80211_rx_mesh_bss_get can race with it by finding a
bss that is about to get kfree-ed.

Using atomic_dec_and_lock in ieee80211_rx_bss_put takes care
of this race.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:35 -04:00
Nick Kossifidis
d1d8f44a4e ath5k: Fix radio identification on AR5424/2424
*Fix radio chip identification on AR5424/2424 during ath5k_hw_attach
 *Try to assign an RF2413 radio on AR2424 for testing

 Changes-licensed-under: ISC

 Signed-off-by: Nick Kossifidis <mickflemm@gmail.com>

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:35 -04:00
Larry Finger
4503183aa3 ssb: Fix all-ones boardflags
In the SSB SPROM a field set to all ones means the value
is not defined in the SPROM.
In case of the boardflags, we need to set them to zero
to avoid confusing drivers. Drivers will only check the
flags by ANDing.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Gabor Stefanik <netrolller.3d@gmail.com>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:35 -04:00
Michael Buesch
9fc3845835 b43: Add more btcoexist workarounds
This adds more workarounds for devices with broken BT bits.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:34 -04:00
Michael Buesch
a259d6a45b b43: Fix HostFlags data types
The HostFlags are a bitmask of 48bit. So we must use an u64 datatype
to hold all bits.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:34 -04:00
Michael Buesch
1855ba7812 b43: Workaround invalid bluetooth settings
This adds a workaround for invalid bluetooth SPROM settings
on ASUS PCI cards.
This will stop the microcode from poking with the BT GPIO line.
This fixes data transmission on this device, as the BT GPIO line
is used for something TX related on this device
(probably the power amplifier or the radio).
This also adds a modparam knob to help debugging this in the future,
as more devices with this bug may show up.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:34 -04:00
Johannes Berg
0f48d7e1cf mac80211: MAINTAINERS update
This updates the mac80211 maintainers entry to
 1) remove Jiri
 2) put me first

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: Michael Wu <flamingice@sourmilk.net>
Cc: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:34 -04:00
Abhijeet Kolekar
a46f025d05 mac80211: Fix n-band association problem
There are two structures named wmm_info and wmm_param, they are used while
parsing the beacon frame. (Check the function ieee802_11_parse_elems).
Certain APs like D-link does not set the fifth bit in WMM IE.
While sending the association request to n-only ap it checks for wmm_ie.
If it is set then only ieee80211_ht_cap is sent during association request.
So n-only association fails.
And this patch fixes this problem by copying the wmm_info to wmm_ie,
which enables the "wmm" flag in iee80211_send_assoc.

Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Acked-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23 21:25:34 -04:00
Tomas Winkler
d7d313000b iwlwifi: Fix built-in compilation of iwlcore
This patch fixes problem in Makefile that prevented
built-in compilation of iwlcore

Commit that caused this problem: eadd3c4b ("iwlwifi: make Makefile
more concise")

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Yi Zhu <yi.zhu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 03:48:57 -07:00
Adrian Bunk
cd58f2a96b net: Unexport move_addr_to_{kernel,user}
After the removal of the Solaris binary emulation the exports of 
move_addr_to_{kernel,user} are no longer used.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 03:37:49 -07:00
David S. Miller
201410ce85 rt2x00: Select LEDS_CLASS.
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 03:34:50 -07:00
David S. Miller
e82404ad61 iwlwifi: Select LEDS_CLASS.
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 03:34:31 -07:00
David S. Miller
00713e224e leds: Do not guard NEW_LEDS with HAS_IOMEM
The LEDS infrastructure itself does not require anything
that a platform dependant upon HAS_IOMEM.

The individual drivers do, but they are properly guarded
with the necessary platform dependencies.

One can even imagine a hypervisor based LED driver that
a platform without HAS_IOMEM might have.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23 03:33:32 -07:00
Herbert Xu
c5d18e984a [IPSEC]: Fix catch-22 with algorithm IDs above 31
As it stands it's impossible to use any authentication algorithms
with an ID above 31 portably.  It just happens to work on x86 but
fails miserably on ppc64.

The reason is that we're using a bit mask to check the algorithm
ID but the mask is only 32 bits wide.

After looking at how this is used in the field, I have concluded
that in the long term we should phase out state matching by IDs
because this is made superfluous by the reqid feature.  For current
applications, the best solution IMHO is to allow all algorithms when
the bit masks are all ~0.

The following patch does exactly that.

This bug was identified by IBM when testing on the ppc64 platform
using the NULL authentication algorithm which has an ID of 251.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-22 00:46:42 -07:00
YOSHIFUJI Hideaki
7c3f944e29 time: Export set_normalized_timespec.
Sorry I have just realized set_normalized_timespec() (used in
timespec_sub()) is not exported, and link will fail because of it...

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 19:45:12 -07:00
Arnd Hannemann
d7ee147d4f tcp: Make use of before macro in tcp_input.c
Make use of tcp before macro.

Signed-off-by: Arnd Hannemann <hannemann@nets.rwth-aachen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:46:22 -07:00
Mark Asselstine
02651d20a3 hamradio: Remove unneeded and deprecated cli()/sti() calls in dmascc.c
These cli()/sti() calls are made in start_timer() and are therefor
redundant since the register_lock is now used to protect register
io from within scc_isr() and write_scc() (where all calls to
start_timer() originate).

Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:44:16 -07:00
Pavel Emelyanov
92998dd495 [NETNS]: Remove empty ->init callback.
The netns start-stop engine can happily live with any of
init or exit callbacks set to NULL.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:33:16 -07:00
YOSHIFUJI Hideaki
cdd04d98f6 [DCCP]: Convert do_gettimeofday() to getnstimeofday().
What do_gettimeofday() does is to call getnstimeofday() and
to convert the result from timespec{} to timeval{}.
We do not always need timeval{} and we can convert timespec{}
when we really need (to print).

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:28:45 -07:00
Pavel Emelyanov
633d424bf3 [NETNS]: Don't initialize err variable twice.
The ip6_route_net_init() performs some unneeded actions.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:25:23 -07:00
Pavel Emelyanov
2aed2827df [NETNS]: The ip6_fib_timer can work with garbage on net namespace stop.
The del_timer() function doesn't guarantee, that the timer callback
is not active by the time it exits.

Thus, the fib6_net_exit() may kfree() all the data, that is required
by the fib6_run_gc(). The race window is tiny, but slab poisoning can
trigger this bug.

Using del_timer_sync() will cure this.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 14:23:03 -07:00
YOSHIFUJI Hideaki
f25c3d613b [IPV4]: Convert do_gettimeofday() to getnstimeofday().
What do_gettimeofday() does is to call getnstimeofday() and
to convert the result from timespec{} to timeval{}.
After that, these callers convert the result again to msec.
Use getnstimeofday() and convert the units at once.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 02:34:08 -07:00
Adrian Bunk
263173af5b [IPV4]: Make icmp_sk_init() static.
This patch makes the needlessly global icmp_sk_init() static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 02:31:23 -07:00
Adrian Bunk
280a34c87f [IPV6]: Make struct ip6_prohibit_entry_template static.
This patch makes the needlessly global struct
ip6_prohibit_entry_template static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 02:29:32 -07:00
Satoru SATOH
1f29b0584d tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.c
This is a trivial fix to correct function name in a comment in
net/ipv4/tcp.c.

Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21 02:27:58 -07:00
David Woodhouse
9d29672c64 [NET]: Expose netdevice dev_id through sysfs
Expose dev_id to userspace, because it helps to disambiguate between
interfaces where the MAC address is unique.

This should allow us to simplify the handling of persistent naming for
S390 network devices in udev -- because it can depend on a simple
attribute of the device like the other match criteria, rather than
having a special case for SUBSYSTEMS=="ccwgroup".

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-20 16:07:43 -07:00
Randy Dunlap
f7d0e5a506 skbuff: fix missing kernel-doc notation
Add kernel-doc notation for ndisc_nodetype:

Warning(linux-2.6.25-git2//include/linux/skbuff.h:340): No description found for parameter 'ndisc_nodetype'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-20 16:06:22 -07:00
Bernard Pidoux
047f7617eb [ROSE]: Fix soft lockup wrt. rose_node_list_lock
[ INFO: possible recursive locking detected ]
2.6.25 #3
---------------------------------------------
ax25ipd/3811 is trying to acquire lock:
  (rose_node_list_lock){-+..}, at: [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 
[rose]

but task is already holding lock:
  (rose_node_list_lock){-+..}, at: [<f8d31fed>] 
rose_route_frame+0x4d/0x620 [rose]

other info that might help us debug this:
6 locks held by ax25ipd/3811:
  #0:  (&tty->atomic_write_lock){--..}, at: [<c0259a1c>] 
tty_write_lock+0x1c/0x50
  #1:  (rcu_read_lock){..--}, at: [<c02aea36>] net_rx_action+0x96/0x230
  #2:  (rcu_read_lock){..--}, at: [<c02ac5c0>] netif_receive_skb+0x100/0x2f0
  #3:  (rose_node_list_lock){-+..}, at: [<f8d31fed>] 
rose_route_frame+0x4d/0x620 [rose]
  #4:  (rose_neigh_list_lock){-+..}, at: [<f8d31ff7>] 
rose_route_frame+0x57/0x620 [rose]
  #5:  (rose_route_list_lock){-+..}, at: [<f8d32001>] 
rose_route_frame+0x61/0x620 [rose]

stack backtrace:
Pid: 3811, comm: ax25ipd Not tainted 2.6.25 #3
  [<c0147e27>] print_deadlock_bug+0xc7/0xd0
  [<c0147eca>] check_deadlock+0x9a/0xb0
  [<c0149cd2>] validate_chain+0x1e2/0x310
  [<c0149b95>] ? validate_chain+0xa5/0x310
  [<c010a7d8>] ? native_sched_clock+0x88/0xc0
  [<c0149fa1>] __lock_acquire+0x1a1/0x750
  [<c014a5d1>] lock_acquire+0x81/0xa0
  [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose]
  [<c03201a3>] _spin_lock_bh+0x33/0x60
  [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose]
  [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose]
  [<f8d32404>] rose_route_frame+0x464/0x620 [rose]
  [<c031ffdd>] ? _read_unlock+0x1d/0x20
  [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose]
  [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25]
  [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25]
  [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25]
  [<c0320005>] ? _spin_unlock_bh+0x25/0x30
  [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25]
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c014a8a7>] ? __lock_release+0x47/0x70
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c031ffdd>] ? _read_unlock+0x1d/0x20
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0
  [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0
  [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25]
  [<c02ac715>] netif_receive_skb+0x255/0x2f0
  [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0
  [<c02af05c>] process_backlog+0x7c/0xf0
  [<c02aeb0c>] net_rx_action+0x16c/0x230
  [<c02aea36>] ? net_rx_action+0x96/0x230
  [<c012bd53>] __do_softirq+0x93/0x120
  [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss]
  [<c012be37>] do_softirq+0x57/0x60
  [<c012c265>] local_bh_enable_ip+0xa5/0xe0
  [<c0320005>] _spin_unlock_bh+0x25/0x30
  [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss]
  [<c025ea37>] pty_write+0x47/0x60
  [<c025c620>] write_chan+0x1b0/0x220
  [<c0259a1c>] ? tty_write_lock+0x1c/0x50
  [<c011fec0>] ? default_wake_function+0x0/0x10
  [<c0259bea>] tty_write+0x12a/0x1c0
  [<c025c470>] ? write_chan+0x0/0x220
  [<c018bbc6>] vfs_write+0x96/0x130
  [<c0259ac0>] ? tty_write+0x0/0x1c0
  [<c018c24d>] sys_write+0x3d/0x70
  [<c0104d1e>] sysenter_past_esp+0x5f/0xa5
  =======================
BUG: soft lockup - CPU#0 stuck for 61s! [ax25ipd:3811]

Pid: 3811, comm: ax25ipd Not tainted (2.6.25 #3)
EIP: 0060:[<c010a9db>] EFLAGS: 00000246 CPU: 0
EIP is at native_read_tsc+0xb/0x20
EAX: b404aa2c EBX: b404a9c9 ECX: 017f1000 EDX: 0000076b
ESI: 00000001 EDI: 00000000 EBP: ecc83afc ESP: ecc83afc
  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
CR0: 8005003b CR2: b7f5f000 CR3: 2cd8e000 CR4: 000006f0
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: ffff0ff0 DR7: 00000400
  [<c0204937>] delay_tsc+0x17/0x30
  [<c02048e9>] __delay+0x9/0x10
  [<c02127f6>] __spin_lock_debug+0x76/0xf0
  [<c0212618>] ? spin_bug+0x18/0x100
  [<c0147923>] ? __lock_contended+0xa3/0x110
  [<c0212998>] _raw_spin_lock+0x68/0x90
  [<c03201bf>] _spin_lock_bh+0x4f/0x60
  [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose]
  [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose]
  [<f8d32404>] rose_route_frame+0x464/0x620 [rose]
  [<c031ffdd>] ? _read_unlock+0x1d/0x20
  [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose]
  [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25]
  [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25]
  [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25]
  [<c0320005>] ? _spin_unlock_bh+0x25/0x30
  [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25]
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c014a8a7>] ? __lock_release+0x47/0x70
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c031ffdd>] ? _read_unlock+0x1d/0x20
  [<c02a4769>] ? sock_def_readable+0x59/0x80
  [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0
  [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0
  [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25]
  [<c02ac715>] netif_receive_skb+0x255/0x2f0
  [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0
  [<c02af05c>] process_backlog+0x7c/0xf0
  [<c02aeb0c>] net_rx_action+0x16c/0x230
  [<c02aea36>] ? net_rx_action+0x96/0x230
  [<c012bd53>] __do_softirq+0x93/0x120
  [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss]
  [<c012be37>] do_softirq+0x57/0x60
  [<c012c265>] local_bh_enable_ip+0xa5/0xe0
  [<c0320005>] _spin_unlock_bh+0x25/0x30
  [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss]
  [<c025ea37>] pty_write+0x47/0x60
  [<c025c620>] write_chan+0x1b0/0x220
  [<c0259a1c>] ? tty_write_lock+0x1c/0x50
  [<c011fec0>] ? default_wake_function+0x0/0x10
  [<c0259bea>] tty_write+0x12a/0x1c0
  [<c025c470>] ? write_chan+0x0/0x220
  [<c018bbc6>] vfs_write+0x96/0x130
  [<c0259ac0>] ? tty_write+0x0/0x1c0
  [<c018c24d>] sys_write+0x3d/0x70
  [<c0104d1e>] sysenter_past_esp+0x5f/0xa5
  =======================

Since rose_route_frame() does not use rose_node_list we can safely
remove rose_node_list_lock spin lock here and let it be free for
rose_get_neigh().

Signed-off-by: Bernard Pidoux <f6bvp@amsat.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-20 15:58:07 -07:00
Bernard Pidoux
43837b1e6c rose: Socket lock was not released before returning to user space
================================================
[ BUG: lock held when returning to user space! ]
------------------------------------------------
xfbbd/3683 is leaving the kernel with locks still held!
1 lock held by xfbbd/3683:
  #0:  (sk_lock-AF_ROSE){--..}, at: [<c8cd1eb3>] rose_connect+0x73/0x420 [rose]

INFO: task xfbbd:3683 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
xfbbd         D 00000246     0  3683   3669
        c6965ee0 00000092 c02c5c40 00000246 c0f6b5f0 c0f6b5c0 c0f6b5f0 c0f6b5c0
        c0f6b614 c6965f18 c024b74b ffffffff c06ba070 00000000 00000000 00000001
        c6ab07c0 c012d450 c0f6b634 c0f6b634 c7b5bf10 c0d6004c c7b5bf10 c6965f40
Call Trace:
  [<c024b74b>] lock_sock_nested+0x6b/0xd0
  [<c012d450>] ? autoremove_wake_function+0x0/0x40
  [<c02488f1>] sock_fasync+0x41/0x150
  [<c0249e69>] sock_close+0x19/0x40
  [<c0175d54>] __fput+0xb4/0x170
  [<c0176018>] fput+0x18/0x20
  [<c017300e>] filp_close+0x3e/0x70
  [<c01744e9>] sys_close+0x69/0xb0
  [<c0103bda>] sysenter_past_esp+0x5f/0xa5
  =======================
INFO: lockdep is turned off.

Signed-off-by: Bernard Pidoux <f6bvp@amsat.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-19 18:41:51 -07:00
Pavel Machek
d129f188ab hci_usb: remove code obfuscation
_urb_free is an alias for kfree... making code longer & harder to
read. Remove it.

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-19 18:17:26 -07:00