In the original code, if rtnl_create_link() returned an ERR_PTR then that
would get passed to rtnl_configure_link() which dereferences it.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Annotate dynamic sysfs attribute in atk_create_files(). This gets
rid of the following lockdep warning:
BUG: key ffff8800379ca670 not in .data!
------------[ cut here ]------------
WARNING: at kernel/lockdep.c:2696 lockdep_init_map+0xd2/0x108()
Hardware name: P5K PRO
Modules linked in: asus_atk0110(+) pata_acpi firewire_ohci ata_generic
dm_multipath firewire_core crc_itu_t pata_marvell floppy
Pid: 599, comm: modprobe Not tainted 2.6.34-rc4 #27
Call Trace:
[<ffffffff8104cdb0>] warn_slowpath_common+0x7c/0x94
[<ffffffff8104cddc>] warn_slowpath_null+0x14/0x16
[<ffffffff81077c4d>] lockdep_init_map+0xd2/0x108
[<ffffffff81165873>] sysfs_add_file_mode+0x66/0xa2
[<ffffffff811658c0>] sysfs_add_file+0x11/0x13
[<ffffffff8116594b>] sysfs_create_file+0x2a/0x2c
[<ffffffff812c1f9c>] device_create_file+0x19/0x1b
[<ffffffffa005b4fd>] atk_add+0x58b/0x72e [asus_atk0110]
[<ffffffff812572a1>] acpi_device_probe+0x50/0x122
[<ffffffff812c46af>] driver_probe_device+0xa2/0x127
[<ffffffff812c4783>] __driver_attach+0x4f/0x6b
[<ffffffff812c4734>] ? __driver_attach+0x0/0x6b
[<ffffffff812c3c94>] bus_for_each_dev+0x59/0x8e
[<ffffffff812c4519>] driver_attach+0x1e/0x20
[<ffffffff812c4152>] bus_add_driver+0xb9/0x207
[<ffffffff812c4a5f>] driver_register+0x9d/0x10e
[<ffffffffa005f000>] ? atk0110_init+0x0/0x31 [asus_atk0110]
[<ffffffff81257c7c>] acpi_bus_register_driver+0x43/0x45
[<ffffffffa005f015>] atk0110_init+0x15/0x31 [asus_atk0110]
[<ffffffffa005f000>] ? atk0110_init+0x0/0x31 [asus_atk0110]
[<ffffffff81002069>] do_one_initcall+0x5e/0x15e
[<ffffffff81085075>] sys_init_module+0xd8/0x239
[<ffffffff81009cf2>] system_call_fastpath+0x16/0x1b
---[ end trace 4d0c84007055efb9 ]---
BUG: key ffff8800379ca638 not in .data!
BUG: key ffff8800379ca6a8 not in .data!
BUG: key ffff8800379ca6e0 not in .data!
BUG: key ffff880036f73670 not in .data!
BUG: key ffff880036f73638 not in .data!
BUG: key ffff880036f736a8 not in .data!
BUG: key ffff880036f736e0 not in .data!
BUG: key ffff880036f76c70 not in .data!
BUG: key ffff880036f76c38 not in .data!
BUG: key ffff880036f76ca8 not in .data!
BUG: key ffff880036f76ce0 not in .data!
BUG: key ffff8800368e7670 not in .data!
BUG: key ffff8800368e7638 not in .data!
BUG: key ffff8800368e76a8 not in .data!
BUG: key ffff8800368e76e0 not in .data!
BUG: key ffff880036ef7670 not in .data!
BUG: key ffff880036ef7638 not in .data!
BUG: key ffff880036ef76a8 not in .data!
BUG: key ffff880036ef76e0 not in .data!
BUG: key ffff8800373ccc70 not in .data!
BUG: key ffff8800373ccc38 not in .data!
BUG: key ffff8800373ccca8 not in .data!
BUG: key ffff8800373ccce0 not in .data!
BUG: key ffff880037a60870 not in .data!
BUG: key ffff880037a60838 not in .data!
BUG: key ffff880037a608a8 not in .data!
BUG: key ffff880037a608e0 not in .data!
BUG: key ffff880037355070 not in .data!
BUG: key ffff880037355038 not in .data!
BUG: key ffff8800373550a8 not in .data!
BUG: key ffff8800373550e0 not in .data!
BUG: key ffff8800378c2670 not in .data!
BUG: key ffff8800378c2638 not in .data!
BUG: key ffff8800378c26a8 not in .data!
BUG: key ffff8800378c26e0 not in .data!
BUG: key ffff880036ef7e70 not in .data!
BUG: key ffff880036ef7e38 not in .data!
BUG: key ffff880036ef7ea8 not in .data!
BUG: key ffff880036ef7ee0 not in .data!
Cc: Eric W. Biederman <ebiederm@xmission.com>
Reported-by: Dhaval Giani <dhaval.giani@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Tested-by: Dhaval Giani <dhaval.giani@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
It is a hard requirement to include the upstream commit ID in the
changelog of a -stable submission, not just a courtesy to the stable
team. This concerns only mail submission though, which is no longer
the only way into stable. (Also, fix a double "the".)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
It seems that for USB IP on Freescale MX5x processors, it needs >750
usec for the reset to complete. This change should not hurt any other
EHCI hardware.
Signed-off-by: Dinh Nguyen <Dinh.Nguyen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1370) fixes a bug in the USB runtime power management
code. When a driver claims an interface, it doesn't expect to need to
call usb_autopm_get_interface() or usb_autopm_put_interface() for
runtime PM to work. Runtime PM can be controlled by the driver's
primary interface; the additional interfaces it claims shouldn't
interfere. As things stand, the claimed interfaces will prevent the
device from autosuspending.
To fix this problem, the patch sets interfaces to the suspended state
when they are claimed.
Also, although in theory this shouldn't matter, the patch changes the
suspend code so that interfaces are suspended in reverse order from
detection and resuming. This is how the PM core works, and we ought
to use the same approach.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Debugged-and-tested-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1369) fixes a problem in ehci-hcd. Some controllers
occasionally run into trouble when the driver reclaims siTDs too
quickly. This can happen while streaming audio; it causes the
controller to crash.
The patch changes siTD reclamation to work the same way as iTD
reclamation: Completed siTDs are stored on a list and not reused until
at least one frame has passed.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Nate Case <ncase@xes-inc.com>
CC: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1363) changes the way USB remote wakeup is handled
during system sleeps. It won't be enabled unless an interface driver
specifically needs it. Also, it won't be enabled during the FREEZE or
QUIESCE phases of hibernation, when the system doesn't respond to
wakeup events anyway. Finally, if the device is already
runtime-suspended with remote wakeup enabled, but wakeup is supposed
to be disabled for the system sleep, the device gets woken up so that
it can be suspended again with the proper wakeup setting.
This will fix problems people have reported with certain USB webcams
that generate wakeup requests when they shouldn't, and as a result
cause system suspends to fail. See
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/515109
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Erik Andrén <erik.andren@gmail.com>
CC: <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
I read a rumor that the AdLink ND6530 USB RS232, RS422 and RS485
isolated adapter is actually a PL2303 based usb serial adapter. I
tried it out, and as far as I can tell it works.
Signed-off-by: Manuel Jander <manuel.jander@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
It appears that the DA8xx/OMAP-L1x glue layer went into the kernel uncompilable:
commit 1960e693ac (davinci: da8xx/omapl1: add
support for the second sysconfig module) has renamed DA8XX_SYSCFG_* macros to
DA8XX_SYSCFG0_* and it's been committed before the glue layer...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
These phones also have the familiar ttyACM0/ttyUSB0 schizophrenia when
placed into "Dial-up Networking" mode after connecting a USB cable.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Keep Alive IE only has space for WUIE_ELT_MAX (== 4) device addresses.
Signed-off-by: David Vrabel <david.vrabel@csr.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sets the regulator values to NULL if they are not defined. This
is required to fix the kernel panic in exit path when EHCI module
is removed on the platforms where EHCI regulator are not set.
Signed-off-by: Ajay Kumar Gupta <ajay.gupta@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a bug with the usbsevseg driver which assumed that USB
autosuspend will always be used.
Signed-off-by: Harrison Metzger <harrisonmetz@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The following patch adds support for Multitech Systems' MT9234MU and
MT9234ZBA usb dialup fax modems. It is based on a patch and firmware
provided to me by Multitech Systems' support, after I reported to them
that my MT9234MU modem was not working with recent linux kernels.
Signed-off-by: Alex Manoussakis <alex@juniper.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Since 965, the hardware has supported the PIPE_CONTROL command, which
provides fine grained GPU cache flushing control. On recent chipsets,
this instruction is required for reliable interrupt and sequence number
reporting in the driver.
So add support for this instruction, including workarounds, on Ironlake
and Sandy Bridge hardware.
https://bugs.freedesktop.org/show_bug.cgi?id=27108
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Tested-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Eric Anholt <eric@anholt.net>
Previous patch changes stripe and chunk_number to sector_t but
mistakenly did not update all of the divisions to use sector_dev().
This patch changes all the those divisions (actually the '%' operator)
to sector_div.
Signed-off-by: NeilBrown <neilb@suse.de>
Cc: stable@kernel.org
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
This keeps the memory manager from complaining when we take it down.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: ohci: wait for local CSR lock access to finish
firewire: ohci: prevent aliasing of locally handled register addresses
firewire: core: fw_iso_resource_manage: return -EBUSY when out of resources
firewire: core: fix retries calculation in iso manage_channel()
firewire: cdev: fix cut+paste mistake in disclaimer
I posted to dri-devel@lists.sourceforge.net, and got a bounce back:
The dri-devel list has moved to freedesktop.org (see
http://lists.freedesktop.org/mailman/listinfo/dri-devel). If you were
subscribed to the list here, the subscription should have been
transferred to the new location.
Please only post to the new list.
Fix MAINTAINERS to correspond.
Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix operator precedence warning (from sparse), which results in the
data value always being 0:
drivers/scsi/qla4xxx/ql4_mbx.c:470:66: warning: right shift by bigger than source value
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Ravi Anand <ravi.anand@qlogic.com>
Cc: David C Somayajulu <david.somayajulu@qlogic.com>
Cc: Karen Higgins <karen.higgins@qlogic.com>
Cc: Vikas Chaudhary <vikas.chaudhary@qlogic.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The reipl device information is passed from the kernel to zfcpdump
using a pointer in the lowcore (0xe00) that points to the reipl
information Currently if that pointer is not zero, we copy the reipl
information. If the pointer is not initialized and points outside
the accessible memory, it can happen that the memory copy fails.
In that case we currently stop the initialization of zcore which leads
to a failing kernel dump. The correct behavior is to disable the reipl
after dump and continue with zcore intialization.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Commit "timekeeping: Fix clock_gettime vsyscall time warp" (0696b711e)
introduced the new parameter "mult" to update_vsyscall(). This parameter
contains the internal NTP adjusted clock multiplier.
The s390x vdso did not use this adjusted multiplier. Instead, it used
the constant clock multiplier for gettimeofday() and clock_gettime()
variants. This may result in observable time warps as explained in
commit 0696b711e.
Make the NTP adjusted clock multiplier available to the s390x vdso
implementation and use it for time calculations.
Cc: <stable@kernel.org>
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Using stsch on schids with ssid != 0 can lead to an operand
exception. Use stsch_err to handle potential exceptions
if we fail to reenable mss after hibernation.
Cc: <stable@kernel.org>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Reenable multiple subchannel sets after hibernation,
prior to the device callbacks.
Cc: <stable@kernel.org>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Prepare chsc_enable_facility to be used from outside init functions.
Use static memory for the chsc call and protect its access by a
spinlock (although there is no concurrent usage).
Cc: <stable@kernel.org>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If not enough memory is available to build a new erp request it ended
up in an endless loop trying to build erp requests. Fixed the loop to
proceed the next request instead.
Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Ignore spurious HV interrupts during suspend / resume, this avoids
mistaking them for a mute button press. This is not very pretty but
it seems the only way to fix the master volume control gets muted
after suspend issue I'm seeing. Note that the es1968 driver is doing
exactly the same.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Without this quirk sound stops working after suspend resume. With this quirk,
one still needs to manually unmute the master volume control after a suspend /
/ resume cycle. That is fixed in another patch in this set.
Note that this patch was submitted to the alsa bug tracker a long time ago:
https://bugtrack.alsa-project.org/alsa-bug/view.php?id=4319
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
CC: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] bnx2i: Bug fixes related to MTU change issue when there are active iscsi sessions
[SCSI] ibmvscsi: fix DMA API misuse
[SCSI] wd7000: fix reset handler typo spin_unlock_irq() => spin_lock_irq()
[SCSI] zfcp: Fix tracing of requests with error status
[SCSI] zfcp: Update MAINTAINERS entry
[SCSI] iscsi_tcp: fix relogin/shutdown hang
[SCSI] qla2xxx: fix lock imbalance
[SCSI] lpfc: fix lock imbalances
[SCSI] be2iscsi: fix lock imbalance
[SCSI] dpt_i2o: several use after free issues
The virtio balloon driver can dig into the reservation pools of the OS
to satisfy a balloon request. This is not advisable and other balloon
drivers (drivers/xen/balloon.c) avoid this as well.
The patch also adds changes to avoid printing a warning if allocation
fails, since we retry after sometime anyway.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: kvm <kvm@vger.kernel.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus/i2c' of git://git.fluff.org/bjdooks/linux:
i2c-stu300: off by one issue
i2c-pnx: Add stop conditions for end of transfer
i2c-pnx: Limit maximum divider to 1023
i2c-omap: fix OOPS in omap_i2c_unidle() during probe
i2c-imx: fix error handling
When the dt3155 driver is built-in (not as a loadable module),
these build errors happen:
drivers/staging/dt3155/dt3155_drv.c:1047: error: implicit declaration of function 'request_irq'
drivers/staging/dt3155/dt3155_drv.c:1048: error: 'IRQF_SHARED' undeclared (first use in this function)
drivers/staging/dt3155/dt3155_drv.c:1048: error: 'IRQF_DISABLED' undeclared (first use in this function)
drivers/staging/dt3155/dt3155_drv.c:1091: error: implicit declaration of function 'free_irq'
so remove the #ifdef MODULE check since it's not needed. Also remove
the CONFIG_PCI check since the Kconfig file already requires that.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Scott Smedley <ss@aao.gov.au>
Tested-by: Jan III Sobieski <jan3sobi3ski@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: testing the wrong variable in create_by_name()
CRED: Fix a race in creds_are_invalid() in credentials debugging
CRED: Fix double free in prepare_usermodehelper_creds() error handling
BugLink: https://launchpad.net/bugs/567494
The OR has verified that the existing model quirk, ALC880_UNIWILL,
is insufficient for audible playback and capture by default. Instead,
the ALC880_F1734 model quirk needs to be used.
This change is necessary for both 2.6.32.11 and 2.6.33.2.
Reported-by: Arnaud Malpeyre <amalpeyre@gmail.com>
Tested-by: Arnaud Malpeyre <amalpeyre@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
There is a typo here. We should be testing "*dentry" instead of
"dentry". If "*dentry" is an ERR_PTR, it gets dereferenced in either
mkdir() or create() which would cause an OOPs.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: James Morris <jmorris@namei.org>
BugLink: https://launchpad.net/bugs/553002
The OR has verified that the dell-m6 model quirk is necessary for audio
to be audible by default on the Dell Studio XPS 1645.
This change is necessary for 2.6.32.11 and 2.6.33.2 alike.
Reported-by: Robert Chambers
Tested-by: Robert Chambers
Cc: <stable@kernel.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The issue raises when having 2 NICs both assigned the same
IPv6 global address.
If a sender binds to a particular NIC (SO_BINDTODEVICE),
the outgoing traffic is being sent via the first found.
The bonded device is thus not taken into an account during the
routing.
From the ip6_route_output function:
If the binding address is multicast, linklocal or loopback,
the RT6_LOOKUP_F_IFACE bit is set, but not for global address.
So binding global address will neglect SO_BINDTODEVICE-binded device,
because the fib6_rule_lookup function path won't check for the
flowi::oif field and take first route that fits.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Scott Otto <scott.otto@alcatel-lucent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
According to RFC2460, PMTU is set to the IPv6 Minimum Link
MTU (1280) and a fragment header should always be included
after a node receiving Too Big message reporting PMTU is
less than the IPv6 Minimum Link MTU.
After receiving a ICMPv6 Too Big message reporting PMTU is
less than the IPv6 Minimum Link MTU, sctp *can't* send any
data/control chunk that total length including IPv6 head
and IPv6 extend head is less than IPV6_MIN_MTU(1280 bytes).
The failure occured in p6_fragment(), about reason
see following(take SHUTDOWN chunk for example):
sctp_packet_transmit (SHUTDOWN chunk, len=16 byte)
|------sctp_v6_xmit (local_df=0)
|------ip6_xmit
|------ip6_output (dst_allfrag is ture)
|------ip6_fragment
In ip6_fragment(), for local_df=0, drops the the packet
and returns EMSGSIZE.
The patch fixes it with adding check length of skb->len.
In this case, Ipv6 not to fragment upper protocol data,
just only add a fragment header before it.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add new driver to use tethering with an iPhone device. After initial submission,
apply fixes to fit the new driver into the kernel standards.
There are still a couple of minor (almost cosmetic-level) issues, but the driver
is fully functional right now.
Signed-off-by: L. Alberto Giménez <agimenez@sysvalve.es>
Signed-off-by: Diego Giagio <diego@giagio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I encountered an issue that not to link up on cxgb3 fabric.
I bisected and found that this regression was introduced by
0f07c4ee8c.
Correct to pass phy_addr to cphy_init() at t3_xaui_direct_phy_prep().
Signed-off-by: Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com>
Acked-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1, An X25 program binds and listens
2, calls arrive waiting to be accepted
3, Program exits without accepting
4, Sockets time out but don't get correctly cleaned up
5, cat /proc/net/x25/socket shows the dead sockets with bad inode fields.
This line borrowed from AX25 sets the dying socket so the timers clean up later.
Signed-off-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix NULL pointer dereference in ks8851_tx_work by checking if dequeued
list is already empty before writing the packet to TX FIFO
Unable to handle kernel NULL pointer dereference at virtual address 00000050
PC is at ks8851_tx_work+0xdc/0x1b0
LR is at wait_for_common+0x148/0x164
pc : [<c01c0df4>] lr : [<c025a980>] psr: 20000013
Backtrace:
ks8851_tx_work+0x0/0x1b0
worker_thread+0x0/0x190
kthread+0x0/0x90
Signed-off-by: Abraham Arce <x0066660@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Update the stats counter calculation in 3c574_cs, similar
to the method used in 3c589_cs. This corrects the contents
of the counter on tests using a "Megahertz 574B" card.
[linux@dominikbrodowski.net: clean up commit message]
Signed-off-by: Alexander Kurz <linux@kbdbabel.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When building a bundle, we set dst.dev and rt6.rt6i_idev.
We must ensure to set the same device for both fields.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In ems_usb_probe(), a pointer is dereferenced after making sure it is NULL...
This patch replaces netdev->dev.parent with &intf->dev in dev_err() calls to
avoid this.
Signed-off-by: "Hans J. Koch" <hjk@linutronix.de>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
creds_are_invalid() reads both cred->usage and cred->subscribers and then
compares them to make sure the number of processes subscribed to a cred struct
never exceeds the refcount of that cred struct.
The problem is that this can cause a race with both copy_creds() and
exit_creds() as the two counters, whilst they are of atomic_t type, are only
atomic with respect to themselves, and not atomic with respect to each other.
This means that if creds_are_invalid() can read the values on one CPU whilst
they're being modified on another CPU, and so can observe an evolving state in
which the subscribers count now is greater than the usage count a moment
before.
Switching the order in which the counts are read cannot help, so the thing to
do is to remove that particular check.
I had considered rechecking the values to see if they're in flux if the test
fails, but I can't guarantee they won't appear the same, even if they've
changed several times in the meantime.
Note that this can only happen if CONFIG_DEBUG_CREDENTIALS is enabled.
The problem is only likely to occur with multithreaded programs, and can be
tested by the tst-eintr1 program from glibc's "make check". The symptoms look
like:
CRED: Invalid credentials
CRED: At include/linux/cred.h:240
CRED: Specified credentials: ffff88003dda5878 [real][eff]
CRED: ->magic=43736564, put_addr=(null)
CRED: ->usage=766, subscr=766
CRED: ->*uid = { 0,0,0,0 }
CRED: ->*gid = { 0,0,0,0 }
CRED: ->security is ffff88003d72f538
CRED: ->security {359, 359}
------------[ cut here ]------------
kernel BUG at kernel/cred.c:850!
...
RIP: 0010:[<ffffffff81049889>] [<ffffffff81049889>] __invalid_creds+0x4e/0x52
...
Call Trace:
[<ffffffff8104a37b>] copy_creds+0x6b/0x23f
Note the ->usage=766 and subscr=766. The values appear the same because
they've been re-read since the check was made.
Reported-by: Roland McGrath <roland@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>