]> err.no Git - linux-2.6/log
linux-2.6
16 years agoiwlwifi: W/A for the TSF correction in IBSS
Assaf Krauss [Wed, 3 Sep 2008 03:18:42 +0000 (11:18 +0800)]
iwlwifi: W/A for the TSF correction in IBSS

This patch is a W/A for the TSF sync issue in IBSS merging. HW is not
capable to sync TSF (it's constantly little behind). This creates
constant IBSS merging upon reception of each beacon, adding and removing
station which in turn creates above 50% packet loss and thus dramatically
degrade the throughput. The W/A simply stops the driver from declaring it
has a reliable TSF value and thus eliminates IBSS merging.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoipsec: Fix deadlock in xfrm_state management.
David S. Miller [Wed, 3 Sep 2008 03:14:15 +0000 (20:14 -0700)]
ipsec: Fix deadlock in xfrm_state management.

Ever since commit 4c563f7669c10a12354b72b518c2287ffc6ebfb3
("[XFRM]: Speed up xfrm_policy and xfrm_state walking") it is
illegal to call __xfrm_state_destroy (and thus xfrm_state_put())
with xfrm_state_lock held.  If we do, we'll deadlock since we
have the lock already and __xfrm_state_destroy() tries to take
it again.

Fix this by pushing the xfrm_state_put() calls after the lock
is dropped.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv: Re-enable IP when MTU > 68
Breno Leitao [Wed, 3 Sep 2008 00:28:58 +0000 (17:28 -0700)]
ipv: Re-enable IP when MTU > 68

Re-enable IP when the MTU gets back to a valid size.

This patch just checks if the in_dev is NULL on a NETDEV_CHANGEMTU event
and if MTU is valid (bigger than 68), then re-enable in_dev.

Also a function that checks valid MTU size was created.

Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet/xfrm: Use an IS_ERR test rather than a NULL test
Julien Brunel [Wed, 3 Sep 2008 00:24:28 +0000 (17:24 -0700)]
net/xfrm: Use an IS_ERR test rather than a NULL test

In case of error, the function xfrm_bundle_create returns an ERR
pointer, but never returns a NULL pointer. So a NULL test that comes
after an IS_ERR test should be deleted.

The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@match_bad_null_test@
expression x, E;
statement S1,S2;
@@
x =  xfrm_bundle_create(...)
... when != x = E
*  if (x != NULL)
S1 else S2
// </smpl>

Signed-off-by: Julien Brunel <brunel@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoath9: Fix ath_rx_flush_tid() for IRQs disabled kernel warning message.
Senthil Balasubramanian [Mon, 1 Sep 2008 14:28:20 +0000 (19:58 +0530)]
ath9: Fix ath_rx_flush_tid() for IRQs disabled kernel warning message.

This patch addresses an issue with the locking order. ath_rx_flush_tid()
uses spin_lock/unlock_bh when IRQs are disabled in sta_notify by mac80211.

As node clean up is still pending with ath9k and this problematic portion
of the code is expected to change anyway, thinking of a proper fix may not
be worthwhile. So having this interim fix helps the users to get rid of the
kernel warning message.

Pasted the kernel warning message for reference.

kernel: ath0: No ProbeResp from current AP 00:1b:11:60:7a:3d - assume out of range
kernel: ------------[ cut here ]------------
kernel: WARNING: at kernel/softirq.c:136 local_bh_enable+0x3c/0xab()
kernel: Pid: 1029, comm: ath9k Not tainted 2.6.27-rc4-wt-w1fi-wl
kernel:
kernel: Call Trace:
kernel:  [<ffffffff802278d8>] warn_on_slowpath+0x51/0x77
kernel:  [<ffffffff80224c51>] check_preempt_wakeup+0xf3/0x123
kernel:  [<ffffffff80239658>] autoremove_wake_function+0x9/0x2e
kernel:  [<ffffffff8022c281>] local_bh_enable+0x3c/0xab
kernel:  [<ffffffffa01ab75a>] ath_rx_node_cleanup+0x38/0x6e [ath9k]
kernel:  [<ffffffffa01b2280>] ath_node_detach+0x3b/0xb6 [ath9k]
kernel:  [<ffffffffa01ab09f>] ath9k_sta_notify+0x12b/0x165 [ath9k]
kernel:  [<ffffffff802366cf>] queue_work+0x1d/0x49
kernel:  [<ffffffffa018c3fc>] add_todo+0x70/0x99 [mac80211]
kernel:  [<ffffffffa017de76>] __sta_info_unlink+0x16b/0x19e [mac80211]
kernel:  [<ffffffffa017e6ed>] sta_info_unlink+0x18/0x43 [mac80211]
kernel:  [<ffffffffa0182732>] ieee80211_associated+0xaa/0x16d [mac80211]
kernel:  [<ffffffffa0184a1a>] ieee80211_sta_work+0x4fb/0x6b4 [mac80211]
kernel:  [<ffffffff80469c58>] thread_return+0x30/0xa9
kernel:  [<ffffffffa018451f>] ieee80211_sta_work+0x0/0x6b4 [mac80211]
kernel:  [<ffffffff802362c2>] run_workqueue+0xb1/0x17a
kernel:  [<ffffffff80236be9>] worker_thread+0xd0/0xdb
kernel:  [<ffffffff8023964f>] autoremove_wake_function+0x0/0x2e
kernel:  [<ffffffff80236b19>] worker_thread+0x0/0xdb
kernel:  [<ffffffff8023954a>] kthread+0x47/0x75
kernel:  [<ffffffff80223121>] schedule_tail+0x18/0x50
kernel:  [<ffffffff8020bc49>] child_rip+0xa/0x11
kernel:  [<ffffffff80239503>] kthread+0x0/0x75
kernel:  [<ffffffff8020bc3f>] child_rip+0x0/0x11
kernel:
kernel: ---[ end trace e9bb5da661055827 ]---

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoath9k: Incorrect key used when group and pairwise ciphers are different.
Senthil Balasubramanian [Mon, 1 Sep 2008 14:15:21 +0000 (19:45 +0530)]
ath9k: Incorrect key used when group and pairwise ciphers are different.

Updating sc_keytype multiple times when groupwise and pairwise
ciphers are different results in incorrect pairwise key type
assumed for TX control and normal ping fails. This works fine
for cases where both groupwise and pairwise ciphers are same.

Also use mac80211 provided enums for key length calculation.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agort2x00: Compiler warning unmasked by fix of BUILD_BUG_ON
Boaz Harrosh [Mon, 1 Sep 2008 11:47:19 +0000 (14:47 +0300)]
rt2x00: Compiler warning unmasked by fix of BUILD_BUG_ON

A "Set" to a sign-bit in an "&" operation causes a compiler warning.
Make calculations unsigned.

[ The warning was masked by the old definition of BUILD_BUG_ON() ]

Also remove __builtin_constant_p from FIELD_CHECK since BUILD_BUG_ON
no longer permits non-const values.

Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
CC: Ingo Molnar <mingo@elte.hu>
CC: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agomac80211: Fix debugfs union misuse and pointer corruption
Jouni Malinen [Thu, 28 Aug 2008 12:12:06 +0000 (15:12 +0300)]
mac80211: Fix debugfs union misuse and pointer corruption

debugfs union in struct ieee80211_sub_if_data is misused by including a
common default_key dentry as a union member. This ends occupying the same
memory area with the first dentry in other union members (structures;
usually drop_unencrypted). Consequently, debugfs operations on
default_key symlinks and drop_unencrypted entry are using the same
dentry pointer even though they are supposed to be separate ones. This
can lead to removing entries incorrectly or potentially leaving
something behind since one of the dentry pointers gets lost.

Fix this by moving the default_key dentry to a new struct
(common_debugfs) that contains dentries (more to be added in future)
that are shared by all vif types. The debugfs union must only be used
for vif type-specific entries to avoid this type of pointer corruption.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agowireless/libertas/if_cs.c: fix memory leaks
Adrian Bunk [Wed, 27 Aug 2008 22:05:08 +0000 (01:05 +0300)]
wireless/libertas/if_cs.c: fix memory leaks

The leak in if_cs_prog_helper() is obvious.

It looks a bit as if not freeing "fw" in if_cs_prog_real() was done
intentionally, but I'm not seeing why it shouldn't be freed.

Reported-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoorinoco: Multicast to the specified addresses
David Kilroy [Sat, 23 Aug 2008 18:03:34 +0000 (19:03 +0100)]
orinoco: Multicast to the specified addresses

When multicasting the driver sets the number of group addresses using
the count from the previous set multicast command. In general this means
you have to set the multicast addresses twice to get the behaviour you
want.

If we were multicasting, and reduce the number of addresses we are
multicasting to, then the driver would write uninitialised data from the
stack into the group addresses to multicast to.

Only write the multicast addresses we have specifically set.

Signed-off-by: David Kilroy <kilroyd@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: fix 64bit platform firmware loading
Tomas Winkler [Thu, 28 Aug 2008 09:25:10 +0000 (17:25 +0800)]
iwlwifi: fix 64bit platform firmware loading

This patch fixes loading firmware from memory above 32bit.

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Acked-by: Marcel Holtmann <holtmann@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: fix apm_stop (wrong bit polarity for FLAG_INIT_DONE)
Mohamed Abbas [Thu, 28 Aug 2008 09:25:05 +0000 (17:25 +0800)]
iwlwifi: fix apm_stop (wrong bit polarity for FLAG_INIT_DONE)

The patch fixes CSR_GP_CNTRL_REG_FLAG_INIT_DONE was set instead of
cleared which disabled moving device to D0U state.

Signed-off-by: Mohamed Abbas <mohamed.abbas@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: workaround interrupt handling no some platforms
Tomas Winkler [Thu, 28 Aug 2008 09:25:04 +0000 (17:25 +0800)]
iwlwifi: workaround interrupt handling no some platforms

This patch adds workaround for an interrupt related hardware bug on
some platforms.  (Apparently these platforms boot-up w/ INTX_DISABLED
set. -- JWL)

Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: do not use GFP_DMA in iwl_tx_queue_init
John W. Linville [Tue, 2 Sep 2008 19:07:18 +0000 (15:07 -0400)]
iwlwifi: do not use GFP_DMA in iwl_tx_queue_init

GFP_DMA is not necessary for the iwlwifi hardware and it can cause
allocation failures and/or invoke the OOM killer on lots of systems.

For reference:

https://bugzilla.redhat.com/show_bug.cgi?id=459709

Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agonet/wireless/Kconfig: clarify the description for CONFIG_WIRELESS_EXT_SYSFS
Florian Mickler [Tue, 2 Sep 2008 13:26:34 +0000 (15:26 +0200)]
net/wireless/Kconfig: clarify the description for CONFIG_WIRELESS_EXT_SYSFS

Current setup with hal and NetworkManager will fail to work
without newest hal version with this config option disabled.

Although this will solve itself by time, at the moment it is
dishonest to say that we don't know any software that uses it,
if there are many many people relying on old hal versions.

Signed-off-by: Florian Mickler <florian@mickler.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agonet: Unbreak userspace usage of linux/mroute.h
David S. Miller [Fri, 29 Aug 2008 21:37:23 +0000 (14:37 -0700)]
net: Unbreak userspace usage of linux/mroute.h

Nothing in linux/pim.h should be exported to userspace.

This should fix the XORP build failure reported by
Jose Calhariz, the debain package maintainer.

Nothing originally in linux/mroute.h was exported to userspace
ever, but some of this stuff started to be when it was moved into
this new linux/pim.h, and that was wrong.  If we didn't provide these
definitions for 10 years we can reasonably expect that applications
defined this stuff locally or used GLIBC headers providing the
protocol definitions.  And as such the only result of this can
be conflict and userland build breakage.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Fix locking of qdisc_root with qdisc_root_sleeping_lock()
Jarek Poplawski [Fri, 29 Aug 2008 21:21:52 +0000 (14:21 -0700)]
pkt_sched: Fix locking of qdisc_root with qdisc_root_sleeping_lock()

Use qdisc_root_sleeping_lock() instead of qdisc_root_lock() where
appropriate. The only difference is while dev is deactivated, when
currently we can use a sleeping qdisc with the lock of noop_qdisc.
This shouldn't be dangerous since after deactivation root lock could
be used only by gen_estimator code, but looks wrong anyway.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: When we droped a packet, we should return NET_RX_DROP instead of 0
Yang Hongyang [Fri, 29 Aug 2008 21:06:51 +0000 (14:06 -0700)]
ipv6: When we droped a packet, we should return NET_RX_DROP instead of 0

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosctp: fix random memory dereference with SCTP_HMAC_IDENT option.
Vlad Yasevich [Wed, 27 Aug 2008 23:09:49 +0000 (16:09 -0700)]
sctp: fix random memory dereference with SCTP_HMAC_IDENT option.

The number of identifiers needs to be checked against the option
length.  Also, the identifier index provided needs to be verified
to make sure that it doesn't exceed the bounds of the array.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosctp: correct bounds check in sctp_setsockopt_auth_key
Vlad Yasevich [Wed, 27 Aug 2008 23:08:54 +0000 (16:08 -0700)]
sctp: correct bounds check in sctp_setsockopt_auth_key

The bonds check to prevent buffer overlflow was not exactly
right.  It still allowed overflow of up to 8 bytes which is
sizeof(struct sctp_authkey).

Since optlen is already checked against the size of that struct,
we are guaranteed not to cause interger overflow either.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agowan: Missing capability checks in sbni_ioctl()
Eugene Teo [Wed, 27 Aug 2008 11:50:30 +0000 (04:50 -0700)]
wan: Missing capability checks in sbni_ioctl()

There are missing capability checks in the following code:

1300 static int
1301 sbni_ioctl( struct net_device  *dev,  struct ifreq  *ifr,  int  cmd)
1302 {
[...]
1319     case  SIOCDEVRESINSTATS :
1320         if( current->euid != 0 )    /* root only */
1321             return  -EPERM;
[...]
1336     case  SIOCDEVSHWSTATE :
1337         if( current->euid != 0 )    /* root only */
1338             return  -EPERM;
[...]
1357     case  SIOCDEVENSLAVE :
1358         if( current->euid != 0 )    /* root only */
1359             return  -EPERM;
[...]
1372     case  SIOCDEVEMANSIPATE :
1373         if( current->euid != 0 )    /* root only */
1374             return  -EPERM;

Here's my proposed fix:

Missing capability checks.

Signed-off-by: Eugene Teo <eugeneteo@kernel.sg>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'no-iwlwifi' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...
David S. Miller [Wed, 27 Aug 2008 11:29:50 +0000 (04:29 -0700)]
Merge branch 'no-iwlwifi' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6

16 years agoMerge branch 'davem-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
David S. Miller [Wed, 27 Aug 2008 10:54:45 +0000 (03:54 -0700)]
Merge branch 'davem-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6

16 years agoe100, fix iomap read
Jiri Slaby [Thu, 14 Aug 2008 16:27:23 +0000 (18:27 +0200)]
e100, fix iomap read

There were 2 omitted readb's used on an iomap space. eliminate them
by using ioread8 instead.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Bruce Allan <bruce.w.allan@intel.com>
Cc: PJ Waskiewicz <peter.p.waskiewicz.jr@intel.com>
Cc: John Ronciak <john.ronciak@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoqeth: preallocated header account offset
Frank Blaschka [Fri, 15 Aug 2008 06:03:00 +0000 (08:03 +0200)]
qeth: preallocated header account offset

When a preallocated header qdio buffer is filled we have to account
the offset for the data length.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoqeth: l2 write unicast list to hardware
Frank Blaschka [Fri, 15 Aug 2008 06:02:59 +0000 (08:02 +0200)]
qeth: l2 write unicast list to hardware

In case the netdev unicast list contains additional entries we have
to register/deregister them.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoqeth: use -EOPNOTSUPP instead of -ENOTSUPP.
Ursula Braun [Fri, 15 Aug 2008 06:02:58 +0000 (08:02 +0200)]
qeth: use -EOPNOTSUPP instead of -ENOTSUPP.

return value -ENOTSUPP is not valid in userspace context, use
-EOPNOTSUPP instead.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoibm_newemac: Don't call dev_mc_add() before device is registered
Benjamin Herrenschmidt [Sun, 17 Aug 2008 21:29:23 +0000 (07:29 +1000)]
ibm_newemac: Don't call dev_mc_add() before device is registered

We must not call dev_mc_add() from within our HW configure which happens
before we initialize and register the netdev. Do it in open() instead.

Thanks to Sebastian Siewior for tracking it down.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agonet: don't grab a mutex within a timer context in gianfar
Sebastian Siewior [Tue, 19 Aug 2008 19:12:45 +0000 (21:12 +0200)]
net: don't grab a mutex within a timer context in gianfar

I got the following backtrace while network was unavailble:

|NETDEV WATCHDOG: eth0: transmit timed out
|BUG: sleeping function called from invalid context at /home/bigeasy/git/linux-2.6-powerpc/kernel/mutex.c:87
|in_atomic():1, irqs_disabled():0
|Call Trace:
|[c0383d90] [c0006dd8] show_stack+0x48/0x184 (unreliable)
|[c0383db0] [c001e938] __might_sleep+0xe0/0xf4
|[c0383dc0] [c025a43c] mutex_lock+0x24/0x3c
|[c0383de0] [c019005c] phy_stop+0x20/0x70
|[c0383df0] [c018d4ec] stop_gfar+0x28/0xf4
|[c0383e10] [c018e8c4] gfar_timeout+0x30/0x60
|[c0383e20] [c01fe7c0] dev_watchdog+0xa8/0x144
|[c0383e30] [c002f93c] run_timer_softirq+0x148/0x1c8
|[c0383e60] [c002b084] __do_softirq+0x5c/0xc4
|[c0383e80] [c00046fc] do_softirq+0x3c/0x54
|[c0383e90] [c002ac60] irq_exit+0x3c/0x5c
|[c0383ea0] [c000b378] timer_interrupt+0xe0/0xf8
|[c0383ec0] [c000e5ac] ret_from_except+0x0/0x18
|[c0383f80] [c000804c] cpu_idle+0xcc/0xdc
|[c0383fa0] [c025c07c] etext+0x7c/0x90
|[c0383fc0] [c0338960] start_kernel+0x294/0x2a8
|[c0383ff0] [c00003dc] skpinv+0x304/0x340
|------------[ cut here ]------------

The phylock was once a spinlock but got changed into a mutex via
commit 35b5f6b1a aka [PHYLIB: Locking fixes for PHY I/O potentially sleeping]

Signed-off-by: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoforcedeth: fix checksum flag
Ayaz Abdulla [Wed, 20 Aug 2008 23:34:37 +0000 (16:34 -0700)]
forcedeth: fix checksum flag

Fix the checksum feature advertised in device flags.  The hardware support
TCP/UDP over IPv4 and TCP/UDP over IPv6 (without IPv6 extension headers).
However, the kernel feature flags do not distinguish IPv6 with/without
extension headers.

Therefore, the driver needs to use NETIF_F_IP_CSUM instead of
NETIF_F_HW_CSUM since the latter includes all IPv6 packets.

A future patch can be created to check for extension headers and perform
software checksum calculation.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Cc: Jeff Garzik <jgarzik@pobox.com>
Cc: Manfred Spraul <manfred@colorfullife.com
Cc: <stable@kernel.org> [2.6.25.x, 2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agonet/usb/mcs7830: add set_mac_address
Oliver Martin [Sat, 23 Aug 2008 20:08:47 +0000 (22:08 +0200)]
net/usb/mcs7830: add set_mac_address

Implement set_mac_address for mcs7830. This enables me to use it with my
cable modem.

Signed-off-by: Oliver Martin <oliver.martin@student.tuwien.ac.at>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agonet/usb/mcs7830: new device IDs
Arnd Bergmann [Sat, 23 Aug 2008 20:02:23 +0000 (22:02 +0200)]
net/usb/mcs7830: new device IDs

This adds USB device IDs for MosChip 7730 and Sitecom LN030
to the mcs7830 driver. The IDs have been reported to work without
further modifications.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: David Brownell <david-b@pacbell.net>
Cc: Viktor Horvath <ViktorHorvath@gmx.net>
Cc: Robbert Wethmar <robbert@wethmar.nl>
Cc: Bart van der Klip <bklip@xs4all.nl>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years ago[netdrvr] smc91x: fix resource removal (null ptr deref)
Jeff Garzik [Wed, 27 Aug 2008 09:54:30 +0000 (05:54 -0400)]
[netdrvr] smc91x: fix resource removal (null ptr deref)

Properly handle resource cleanup on unplug/exit.

Spotted by Jonathan Cameron

Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoibmveth: fix bad UDP checksums
Santiago Leon [Wed, 20 Aug 2008 19:09:19 +0000 (13:09 -0600)]
ibmveth: fix bad UDP checksums

This patch fixes a ibmveth bug where bad UDP checksums are being transmitted
when checksum offloading is enabled.
The hypervisor does checksum offloading only on TCP packets, so ibmveth calls
skb_checksum_help() for any other protocol.  The bug happens because
the packet is being modified after the DMA map, so we would need a memory
barrier before making the hypervisor call.  Reordering the code so that the
DMA map happens after skb_checksum_help() has the additional advantage of
fixing a DMA map leak if skb_checksum_help() where to fail.

Signed-off-by: Santiago Leon <santil@us.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years ago[netdrvr] hso: dev_kfree_skb crash fix
Denis Joseph Barrow [Wed, 20 Aug 2008 01:07:55 +0000 (18:07 -0700)]
[netdrvr] hso: dev_kfree_skb crash fix

Fixes dev_kfree_skb happening too many times when hso_start_net_device
is called from hso_resume.

Signed-off-by: Denis Joseph Barrow <D.Barow@option.com>
Cc: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years ago[netdrvr] hso: icon 322 detection fix
Denis Joseph Barrow [Wed, 20 Aug 2008 01:07:52 +0000 (18:07 -0700)]
[netdrvr] hso: icon 322 detection fix

Fixes Icon-322 detection.

Signed-off-by: Denis Joseph Barrow <D.Barow@option.com>
Cc: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoatl1: disable TSO by default
Jay Cliburn [Tue, 19 Aug 2008 00:28:13 +0000 (19:28 -0500)]
atl1: disable TSO by default

The atl1 driver is causing stalled connections and file corruption
whenever TSO is enabled.  Two examples are here:

http://lkml.org/lkml/2008/7/15/325
http://lkml.org/lkml/2008/8/18/543

Disable TSO by default until we can determine the source of the
problem.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
cc: stable@kernel.org
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoatl1e: multistatement if missing braces
Ilpo Järvinen [Tue, 19 Aug 2008 07:32:06 +0000 (10:32 +0300)]
atl1e: multistatement if missing braces

Doesn't cause problems (yet) because err gets zeroed earlier.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoigb: remove 82576 quad adapter
Alexander Duyck [Fri, 8 Aug 2008 23:51:26 +0000 (16:51 -0700)]
igb: remove 82576 quad adapter

Disable support for device 8086:10E8.  Currently the result of loading the
driver with the device present causes system instability.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agodrivers/net/skfp/ess.c: fix compile warnings
Takashi Iwai [Wed, 20 Aug 2008 23:34:35 +0000 (16:34 -0700)]
drivers/net/skfp/ess.c: fix compile warnings

  CC [M]  drivers/net/skfp/ess.o
drivers/net/skfp/ess.c: In function 'ess_send_response':
drivers/net/skfp/ess.c:513: warning: cast from pointer to integer of different size
drivers/net/skfp/ess.c: In function 'ess_send_alc_req':
drivers/net/skfp/ess.c:609: warning: cast from pointer to integer of different size
drivers/net/skfp/ess.c:639: warning: cast from pointer to integer of different size

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoipv4: mode 0555 in ipv4_skeleton
Hugh Dickins [Wed, 27 Aug 2008 09:35:18 +0000 (02:35 -0700)]
ipv4: mode 0555 in ipv4_skeleton

vpnc on today's kernel says Cannot open "/proc/sys/net/ipv4/route/flush":
d--------- 0 root root 0 2008-08-26 11:32 /proc/sys/net/ipv4/route
d--------- 0 root root 0 2008-08-26 19:16 /proc/sys/net/ipv4/neigh

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agotcp: fix tcp header size miscalculation when window scale is unused
Philip Love [Wed, 27 Aug 2008 09:33:50 +0000 (02:33 -0700)]
tcp: fix tcp header size miscalculation when window scale is unused

The size of the TCP header is miscalculated when the window scale ends
up being 0. Additionally, this can be induced by sending a SYN to a
passive open port with a window scale option with value 0.

Signed-off-by: Philip Love <love_phil@emc.com>
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Fix sch_tree_lock()
Jarek Poplawski [Wed, 27 Aug 2008 09:27:10 +0000 (02:27 -0700)]
pkt_sched: Fix sch_tree_lock()

Use new qdisc_root_sleeping_lock() instead of qdisc_root_lock() as
sch_tree_lock() because this lock could be used while dev is
deactivated, but we never need to use this with noop_qdisc as a root.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Fix gen_estimator locks
Jarek Poplawski [Wed, 27 Aug 2008 09:25:17 +0000 (02:25 -0700)]
pkt_sched: Fix gen_estimator locks

While passing a qdisc root lock to gen_new_estimator() and
gen_replace_estimator() dev could be deactivated or even before
grafting proper root qdisc as qdisc_sleeping (e.g. qdisc_create), so
using qdisc_root_lock() is not enough. This patch adds
qdisc_root_sleeping_lock() for this, plus additional checks, where
necessary.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Use rcu_assign_pointer() to change dev_queue->qdisc
Jarek Poplawski [Wed, 27 Aug 2008 09:22:07 +0000 (02:22 -0700)]
pkt_sched: Use rcu_assign_pointer() to change dev_queue->qdisc

These pointers are RCU protected, so proper primitives should be used.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoLCS recovery dumps when cable reconnect
Klaus-D. Wacker [Thu, 21 Aug 2008 15:10:25 +0000 (17:10 +0200)]
LCS recovery dumps when cable reconnect

LCS recovery dumps in irq routine when CCW address in
Subchannel Status Word (SCSW) is zero. This occurs
when recovery is driven after cable reconnect.

Signed-off-by: Klaus-D. Wacker <kdwacker@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoctcm: netdev->priv vs. netdev->ml_priv
Peter Tiedemann [Thu, 21 Aug 2008 15:10:24 +0000 (17:10 +0200)]
ctcm: netdev->priv vs. netdev->ml_priv

Use netdev->ml_priv instead of netdev->priv

Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoclaw: netdev->priv vs. netdev->ml_priv
Peter Tiedemann [Thu, 21 Aug 2008 15:10:23 +0000 (17:10 +0200)]
claw: netdev->priv vs. netdev->ml_priv

Use netdev->ml_priv instead of netdev->priv

Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoclaw: fix memory leak in claw_probe.
Martin Schwidefsky [Thu, 21 Aug 2008 15:10:22 +0000 (17:10 +0200)]
claw: fix memory leak in claw_probe.

probe_error() frees memory only, if cgdev->dev.driver_data refers
to the claw_privbk structure. Move forward its setting in claw_probe()
to ensure proper freeing of claw_privbk allocations.

Cc: Daniel <danielm77@spray.se>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years ago[netdrvr] fix build issue: undefined reference to `NS8390p_init'
Alan Cox [Fri, 22 Aug 2008 18:24:15 +0000 (19:24 +0100)]
[netdrvr] fix build issue: undefined reference to `NS8390p_init'

Signed-off-by: Alan 'pass the paper bags' Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agofs_enet: Fix SCC Ethernet on CPM2, and crash in fs_enet_rx_napi()
Heiko Schocher [Tue, 26 Aug 2008 01:20:53 +0000 (20:20 -0500)]
fs_enet: Fix SCC Ethernet on CPM2, and crash in fs_enet_rx_napi()

Signed-off-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Vitaly Bordug <vitb@kernel.crashing.org>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoigb: fix setting the number of tx queues
Alexander Duyck [Tue, 26 Aug 2008 11:25:13 +0000 (04:25 -0700)]
igb: fix setting the number of tx queues

The real_num_tx_queues was not being set when in MSI-X only mode.  This patch
corrects that path so all interrupt types are correctly configured.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoigb: ethtool -d reads EICR which is incorrect as it is read on clear
Alexander Duyck [Tue, 26 Aug 2008 11:25:05 +0000 (04:25 -0700)]
igb: ethtool -d reads EICR which is incorrect as it is read on clear

Ethtool -d is reading the EICR and ICR registers which is currently
clearing these registers and masking off interrupts.  To prevent this we
read the EICS and ICS equivilents as they can be read without clearing or
masking.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoigb: force all queues to interrupt once every 2 seconds
Alexander Duyck [Tue, 26 Aug 2008 11:25:03 +0000 (04:25 -0700)]
igb: force all queues to interrupt once every 2 seconds

Set the EICS bit for each of the RX queues at least once every 2 seconds to
prevent the rx queues from stalling.

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agor8169: balance pci_map / pci_unmap pair
Francois Romieu [Tue, 26 Aug 2008 19:56:06 +0000 (21:56 +0200)]
r8169: balance pci_map / pci_unmap pair

The leak hurts with swiotlb and jumbo frames.

Fix http://bugzilla.kernel.org/show_bug.cgi?id=9468.

Heavily hinted by Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Alistair John Strachan <alistair@devzero.co.uk>
Tested-by: Timothy J Fontaine <tjfontaine@atxconsulting.com>
Cc: Edward Hsu <edward_hsu@realtek.com.tw>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agopkt_sched: Fix dev_graft_qdisc() locking
Jarek Poplawski [Wed, 27 Aug 2008 09:12:52 +0000 (02:12 -0700)]
pkt_sched: Fix dev_graft_qdisc() locking

During dev_graft_qdisc() dev is deactivated, so qdisc_root_lock()
returns wrong lock of noop_qdisc instead of qdisc_sleeping.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomyri10ge: update version string to 1.4.3-1.358
Brice Goglin [Tue, 26 Aug 2008 21:29:12 +0000 (23:29 +0200)]
myri10ge: update version string to 1.4.3-1.358

Update myri10ge version string to 1.4.3-1.358.

Signed-off-by: Brice Goglin <brice@myri.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoixgbe: fix vlan filtering
Alexander Duyck [Wed, 27 Aug 2008 01:30:04 +0000 (18:30 -0700)]
ixgbe: fix vlan filtering

VLAN filtering is broken, due to reading the incorrect register for
the VLAN filtering settings.  Fixed by reading/writing the correct
register.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoBlackfin EMAC Driver: the BF526 also supports the MAC,
Mike Frysinger [Wed, 27 Aug 2008 03:47:57 +0000 (11:47 +0800)]
Blackfin EMAC Driver: the BF526 also supports the MAC,
so update things accordingly

Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
16 years agoMerge branch 'for-2.6.27' of git://git.marvell.com/mv643xx_eth into upstream-fixes
Jeff Garzik [Wed, 27 Aug 2008 09:10:25 +0000 (05:10 -0400)]
Merge branch 'for-2.6.27' of git://git.marvell.com/mv643xx_eth into upstream-fixes

16 years agomac80211: quiet chatty IBSS merge message
John W. Linville [Wed, 27 Aug 2008 00:33:34 +0000 (20:33 -0400)]
mac80211: quiet chatty IBSS merge message

It seems obvious that this #ifndef should be the opposite polarity...

Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agomac80211: don't send empty extended rates IE
Jan-Espen Pettersen [Mon, 25 Aug 2008 18:29:22 +0000 (20:29 +0200)]
mac80211: don't send empty extended rates IE

The association request includes a list of supported data rates.

802.11b: 4 supported rates.
802.11g: 12 (8 + 4) supported rates.
802.11a: 8 supported rates.

The rates tag of the assoc request has room for only 8 rates. In case of
802.11g an extended rate tag is appended. However in net/wireless/mlme.c
an extended (empty) rate tag is also appended if the number of rates is
exact 8. This empty (length=0) extended rates tag causes some APs to
deny association with code 18 (unsupported rates). These APs include my
ZyXEL G-570U, and according to Tomas Winkler som Cisco APs.

'If count == 8' has been used to check for the need for an extended rates
tag. But count would also be equal to 8 if the for loop exited because of
no more supported rates. Therefore a check for count being less than
rates_len would seem more correct.

Thanks to:
 * Dan Williams for newbie guidance
 * Tomas Winkler for confirming the problem

Signed-off-by: Jan-Espen Pettersen <sigsegv@radiotube.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agomac80211: Fix debugfs file add/del for netdev
Jouni Malinen [Mon, 25 Aug 2008 08:57:06 +0000 (11:57 +0300)]
mac80211: Fix debugfs file add/del for netdev

Previous version was using incorrect union structures for non-AP
interfaces when adding and removing max_ratectrl_rateidx and
force_unicast_rateidx entries. Depending on the vif type, this ended
up in corrupting debugfs entries since the dentries inside different
union structures ended up going being on top of eachother.. As the
end result, debugfs files were being left behind with references to
freed data (instant kernel oops on access) and directories were not
removed properly when unloading mac80211 drivers. This patch fixes
those issues by using only a single union structure based on the vif
type.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agonet/mac80211/mesh.c: correct the argument to __mesh_table_free
Julia Lawall [Sat, 23 Aug 2008 16:27:38 +0000 (18:27 +0200)]
net/mac80211/mesh.c: correct the argument to __mesh_table_free

In the function mesh_table_grow, it is the new table not the argument table
that should be freed if the function fails (cf commit
bd9b448f4c0a514559bdae4ca18ca3e8cd999c6d)

The semantic match that detects this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@r exists@
local idexpression x;
expression E,f;
position p1,p2,p3;
identifier l;
statement S;
@@

x = mesh_table_alloc@p1(...)
...
if (x == NULL) S
... when != E = x
    when != mesh_table_free(x)
goto@p2 l;
... when != E = x
    when != f(...,x,...)
    when any
(
return \(0\|x\);
|
return@p3 ...;
)

@script:python@
p1 << r.p1;
p2 << r.p2;
p3 << r.p3;
@@

print "%s: call on line %s not freed or saved before return on line %s via line %s" % (p1[0].file,p1[0].line,p3[0].line,p2[0].line)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agomac80211: Use IWEVASSOCREQIE instead of IWEVCUSTOM
Jouni Malinen [Tue, 19 Aug 2008 07:54:32 +0000 (10:54 +0300)]
mac80211: Use IWEVASSOCREQIE instead of IWEVCUSTOM

The previous code was using IWEVCUSTOM to report IEs from AssocReq and
AssocResp frames into user space. This can easily hit the 256 byte
limit (IW_CUSTOM_MAX) with APs that include number of vendor IEs in
AssocResp. This results in the event message not being sent and dmesg
showing "wlan0 (WE) : Wireless Event too big (366)" type of errors.

Convert mac80211 to use IWEVASSOCREQIE/IWEVASSOCRESPIE to avoid the
issue of being unable to send association IEs as wireless events. These
newer event types use binary encoding and larger maximum size
(IW_GENERIC_IE_MAX = 1024), so the likelyhood of not being able to send
the IEs is much smaller than with IWEVCUSTOM. As an extra benefit, the
code is also quite a bit simpler since there is no need to allocate an
extra buffer for hex encoding.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agonet: rfkill: add missing line break
Felipe Balbi [Mon, 18 Aug 2008 19:56:53 +0000 (22:56 +0300)]
net: rfkill: add missing line break

Trivial patch adding a missing line break on
rfkill_claim_show().

Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.co>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoAth5k: fix bintval setup
Jiri Slaby [Mon, 18 Aug 2008 19:45:28 +0000 (21:45 +0200)]
Ath5k: fix bintval setup

bintval is set to the initial value at .config_interface which is too
late, since it overwrites previously set value from .config. Move the
initialization to the .add_interface.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoAth5k: lock beacons
Jiri Slaby [Mon, 18 Aug 2008 19:45:27 +0000 (21:45 +0200)]
Ath5k: lock beacons

Beacons setup and config was racy with beacon send. Ensure that
ISR and reset functions see consistent state of bbuf.

Use also dev_kfree_skb_any in ath5k_txbuf_free since we call it
from atomic now.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Nick Kossifidis <mickflemm@gmail.com>
Cc: Luis R. Rodriguez <mcgrof@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoatmel: try open system authentication too
Dan Williams [Mon, 18 Aug 2008 19:32:41 +0000 (15:32 -0400)]
atmel: try open system authentication too

When the AP rejects a Shared Key authentication request, try Open System
auth too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoatmel: return ENOENT on request_firmware failure
Dan Williams [Mon, 18 Aug 2008 19:40:02 +0000 (15:40 -0400)]
atmel: return ENOENT on request_firmware failure

Return errors from request_firmware() (like other drivers that do
firmware load on device open) and make up plausible codes for other
error conditions. Gives userspace tools like NetworkManager a clue that
firmware may be missing when the result of setting IFF_UP is ENOENT.

Signed-off-by: Dan Williams <dcbw@redhat.com>
v2: fix reversed check of atmel_wakeup_firmware() in probe_atmel_card()
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agobnx2x: Version update
Eilon Greenstein [Mon, 25 Aug 2008 22:30:39 +0000 (15:30 -0700)]
bnx2x: Version update

Version update

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: Multi Queue
Yitchak Gertner [Mon, 25 Aug 2008 22:27:06 +0000 (15:27 -0700)]
bnx2x: Multi Queue

The multi queue support is still disabled by default for the bnx2x
(needs some more testing and validation), but there are 2 obvious bug in
it which are fixed in this patch

Signed-off-by: Yitchak Gertner <gertner@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: NAPI and interrupts enable/disable
Yitchak Gertner [Mon, 25 Aug 2008 22:26:24 +0000 (15:26 -0700)]
bnx2x: NAPI and interrupts enable/disable

Fixing the order of enabling and disabling NAPI and the interrupts

Signed-off-by: Yitchak Gertner <gertner@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: NIC load failure cleanup
Yitchak Gertner [Mon, 25 Aug 2008 22:25:45 +0000 (15:25 -0700)]
bnx2x: NIC load failure cleanup

Load failures were not handled correctly

Signed-off-by: Yitchak Gertner <gertner@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: Initialization structure
Yitchak Gertner [Mon, 25 Aug 2008 22:24:21 +0000 (15:24 -0700)]
bnx2x: Initialization structure

The TPA initialization is part of the FW internal memory initialization
and so it is moved to the appropriate function

Signed-off-by: Yitchak Gertner <gertner@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: HW lock timeout
Eilon Greenstein [Mon, 25 Aug 2008 22:23:30 +0000 (15:23 -0700)]
bnx2x: HW lock timeout

Increasing the lock timeout to 5 seconds instead of 1 second to minimize
the chance of failures due to timeout

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: Minimize lock time
Eilon Greenstein [Mon, 25 Aug 2008 22:22:46 +0000 (15:22 -0700)]
bnx2x: Minimize lock time

After iSCSI boot, the HW lock should only protect the flag so only the
first function will reset the chip and not then entire chip reset
process

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: Fan failure mechanism on additional design
Eilon Greenstein [Mon, 25 Aug 2008 22:20:48 +0000 (15:20 -0700)]
bnx2x: Fan failure mechanism on additional design

The A1021G board is also using the fan failure mechanism in the same way
the A1022G board does

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobnx2x: Rx work check
Eilon Greenstein [Mon, 25 Aug 2008 22:19:17 +0000 (15:19 -0700)]
bnx2x: Rx work check

The has Rx work check was wrong: when the FW was at the end of the page,
the driver was already at the beginning of the next page. Since the
check only validated that both driver and FW are pointing to the same
place, it concluded that there is still work to be done. This caused
some serious issues including long latency results on ping-pong test and
lockups while unloading the driver in that condition.

Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv6: sysctl fixes
Al Viro [Mon, 25 Aug 2008 22:18:15 +0000 (15:18 -0700)]
ipv6: sysctl fixes

Braino: net.ipv6 in ipv6 skeleton has no business in rotable
class

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv4: sysctl fixes
Al Viro [Mon, 25 Aug 2008 22:17:44 +0000 (15:17 -0700)]
ipv4: sysctl fixes

net.ipv4.neigh should be a part of skeleton to avoid ordering problems

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosctp: add verification checks to SCTP_AUTH_KEY option
Vlad Yasevich [Mon, 25 Aug 2008 22:16:19 +0000 (15:16 -0700)]
sctp: add verification checks to SCTP_AUTH_KEY option

The structure used for SCTP_AUTH_KEY option contains a
length that needs to be verfied to prevent buffer overflow
conditions.  Spoted by Eugene Teo <eteo@redhat.com>.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agomv643xx_eth: bump version to 1.3
Lennert Buytenhek [Sun, 24 Aug 2008 05:33:05 +0000 (07:33 +0200)]
mv643xx_eth: bump version to 1.3

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agomv643xx_eth: enforce multiple-of-8-bytes receive buffer size restriction
Lennert Buytenhek [Sun, 24 Aug 2008 01:00:20 +0000 (03:00 +0200)]
mv643xx_eth: enforce multiple-of-8-bytes receive buffer size restriction

The mv643xx_eth hardware ignores the lower three bits of the buffer
size field in receive descriptors, causing the reception of full-sized
packets to fail at some MTUs.  Fix this by rounding the size of
allocated receive buffers up to a multiple of eight bytes.

While we are at it, add a bit of extra space to each receive buffer so
that we can handle multiple vlan tags on ingress.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agomv643xx_eth: fix NULL pointer dereference in rxq_process()
Lennert Buytenhek [Sun, 24 Aug 2008 00:33:47 +0000 (02:33 +0200)]
mv643xx_eth: fix NULL pointer dereference in rxq_process()

When we are low on memory, the assumption that every descriptor in the
receive ring will have an skbuff associated with it does not hold.

rxq_process() was assuming that if the receive descriptor it is working
on is not owned by the hardware, it can safely be processed and handed
to the networking stack.  But a descriptor in the receive ring not being
owned by the hardware can also happen when we are low on memory and did
not manage to refill the receive ring fully.

This patch changes rxq_process()'s bailout condition from "the first
receive descriptor to be processed is owned by the hardware" to "the
first receive descriptor to be processed is owned by the hardware OR
the number of valid receive descriptors in the ring is zero".

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agomv643xx_eth: fix inconsistent lock semantics
Lennert Buytenhek [Sun, 24 Aug 2008 00:30:42 +0000 (02:30 +0200)]
mv643xx_eth: fix inconsistent lock semantics

Nicolas Pitre noted that mv643xx_eth_poll was incorrectly using
non-IRQ-safe locks while checking whether to wake up the netdevice's
transmit queue.  Convert the locking to *_irq() variants, since we
are running from softirq context where interrupts are enabled.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agomv643xx_eth: fix double add_timer() on the receive oom timer
Lennert Buytenhek [Sat, 23 Aug 2008 23:59:05 +0000 (01:59 +0200)]
mv643xx_eth: fix double add_timer() on the receive oom timer

Commit 12e4ab79cd828563dc090d2117dc8626b344bc8f ("mv643xx_eth: be
more agressive about RX refill") changed the condition for the receive
out-of-memory timer to be scheduled from "the receive ring is empty"
to "the receive ring is not full".

This can lead to a situation where the receive out-of-memory timer is
pending because a previous rxq_refill() didn't manage to refill the
receive ring entirely as a result of being out of memory, and
rxq_refill() is then called again as a side effect of a packet receive
interrupt, and that rxq_refill() call then again does not succeed to
refill the entire receive ring with fresh empty skbuffs because we are
still out of memory, and then tries to call add_timer() on the already
scheduled out-of-memory timer.

This patch fixes this issue by changing the add_timer() call in
rxq_refill() to a mod_timer() call.  If the OOM timer was not already
scheduled, this will behave as before, whereas if it was already
scheduled, this patch will push back its firing time a bit, which is
safe because we've (unsuccessfully) attempted to refill the receive
ring just before we do this.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agomv643xx_eth: fix NAPI 'rotting packet' issue
Lennert Buytenhek [Sun, 24 Aug 2008 00:45:32 +0000 (02:45 +0200)]
mv643xx_eth: fix NAPI 'rotting packet' issue

When a receive interrupt occurs, mv643xx_eth would first process the
receive descriptors and then ACK the receive interrupt, instead of the
other way round.

This would leave a small race window between processing the last
receive descriptor and clearing the receive interrupt status in which
a new packet could come in, which would then 'rot' in the receive
ring until the next receive interrupt would come in.

Fix this by ACKing (clearing) the receive interrupt condition before
processing the receive descriptors.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
16 years agoipv6: protocol for address routes
Stephen Hemminger [Sat, 23 Aug 2008 12:16:46 +0000 (05:16 -0700)]
ipv6: protocol for address routes

This fixes a problem spotted with zebra, but not sure if it is
necessary a kernel problem.  With IPV6 when an address is added to an
interface, Zebra creates a duplicate RIB entry, one as a connected
route, and other as a kernel route.

When an address is added to an interface the RTN_NEWADDR message
causes Zebra to create a connected route. In IPV4 when an address is
added to an interface a RTN_NEWROUTE message is set to user space with
the protocol RTPROT_KERNEL. Zebra ignores these messages, because it
already has the connected route.

The problem is that route created in IPV6 has route protocol ==
RTPROT_BOOT.  Was this a design decision or a bug? This fixes it. Same
patch applies to both net-2.6 and stable.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoicmp: icmp_sk() should not use smp_processor_id() in preemptible code
Denis V. Lunev [Sat, 23 Aug 2008 11:43:33 +0000 (04:43 -0700)]
icmp: icmp_sk() should not use smp_processor_id() in preemptible code

Pass namespace into icmp_xmit_lock, obtain socket inside and return
it as a result for caller.

Thanks Alexey Dobryan for this report:

Steps to reproduce:

CONFIG_PREEMPT=y
CONFIG_DEBUG_PREEMPT=y
tracepath <something>

BUG: using smp_processor_id() in preemptible [00000000] code: tracepath/3205
caller is icmp_sk+0x15/0x30
Pid: 3205, comm: tracepath Not tainted 2.6.27-rc4 #1

Call Trace:
 [<ffffffff8031af14>] debug_smp_processor_id+0xe4/0xf0
 [<ffffffff80409405>] icmp_sk+0x15/0x30
 [<ffffffff8040a17b>] icmp_send+0x4b/0x3f0
 [<ffffffff8025a415>] ? trace_hardirqs_on_caller+0xd5/0x160
 [<ffffffff8025a4ad>] ? trace_hardirqs_on+0xd/0x10
 [<ffffffff8023a475>] ? local_bh_enable_ip+0x95/0x110
 [<ffffffff804285b9>] ? _spin_unlock_bh+0x39/0x40
 [<ffffffff8025a26c>] ? mark_held_locks+0x4c/0x90
 [<ffffffff8025a4ad>] ? trace_hardirqs_on+0xd/0x10
 [<ffffffff8025a415>] ? trace_hardirqs_on_caller+0xd5/0x160
 [<ffffffff803e91b4>] ip_fragment+0x8d4/0x900
 [<ffffffff803e7030>] ? ip_finish_output2+0x0/0x290
 [<ffffffff803e91e0>] ? ip_finish_output+0x0/0x60
 [<ffffffff803e6650>] ? dst_output+0x0/0x10
 [<ffffffff803e922c>] ip_finish_output+0x4c/0x60
 [<ffffffff803e92e3>] ip_output+0xa3/0xf0
 [<ffffffff803e68d0>] ip_local_out+0x20/0x30
 [<ffffffff803e753f>] ip_push_pending_frames+0x27f/0x400
 [<ffffffff80406313>] udp_push_pending_frames+0x233/0x3d0
 [<ffffffff804067d1>] udp_sendmsg+0x321/0x6f0
 [<ffffffff8040d155>] inet_sendmsg+0x45/0x80
 [<ffffffff803b967f>] sock_sendmsg+0xdf/0x110
 [<ffffffff8024a100>] ? autoremove_wake_function+0x0/0x40
 [<ffffffff80257ce5>] ? validate_chain+0x415/0x1010
 [<ffffffff8027dc10>] ? __do_fault+0x140/0x450
 [<ffffffff802597d0>] ? __lock_acquire+0x260/0x590
 [<ffffffff803b9e55>] ? sockfd_lookup_light+0x45/0x80
 [<ffffffff803ba50a>] sys_sendto+0xea/0x120
 [<ffffffff80428e42>] ? _spin_unlock_irqrestore+0x42/0x80
 [<ffffffff803134bc>] ? __up_read+0x4c/0xb0
 [<ffffffff8024e0c6>] ? up_read+0x26/0x30
 [<ffffffff8020b8bb>] system_call_fastpath+0x16/0x1b

icmp6_sk() is similar.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Fix qdisc list locking
Jarek Poplawski [Fri, 22 Aug 2008 10:24:05 +0000 (03:24 -0700)]
pkt_sched: Fix qdisc list locking

Since some qdiscs call qdisc_tree_decrease_qlen() (so qdisc_lookup())
without rtnl_lock(), adding and deleting from a qdisc list needs
additional locking. This patch adds global spinlock qdisc_list_lock
and wrapper functions for modifying the list. It is considered as a
temporary solution until hfsc_dequeue(), netem_dequeue() and
tbf_dequeue() (or qdisc_tree_decrease_qlen()) are redone.

With feedback from Herbert Xu and David S. Miller.

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agopkt_sched: Fix qdisc_watchdog() vs. dev_deactivate() race
Jarek Poplawski [Thu, 21 Aug 2008 12:11:14 +0000 (05:11 -0700)]
pkt_sched: Fix qdisc_watchdog() vs. dev_deactivate() race

dev_deactivate() can skip rescheduling of a qdisc by qdisc_watchdog()
or other timer calling netif_schedule() after dev_queue_deactivate().
We prevent this checking aliveness before scheduling the timer. Since
during deactivation the root qdisc is available only as qdisc_sleeping
additional accessor qdisc_root_sleeping() is created.

With feedback from Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agosctp: fix potential panics in the SCTP-AUTH API.
Vlad Yasevich [Thu, 21 Aug 2008 10:34:25 +0000 (03:34 -0700)]
sctp: fix potential panics in the SCTP-AUTH API.

All of the SCTP-AUTH socket options could cause a panic
if the extension is disabled and the API is envoked.

Additionally, there were some additional assumptions that
certain pointers would always be valid which may not
always be the case.

This patch hardens the API and address all of the crash
scenarios.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoLinux v2.6.27-rc4 v2.6.27-rc4
Linus Torvalds [Thu, 21 Aug 2008 02:35:56 +0000 (19:35 -0700)]
Linux v2.6.27-rc4

16 years agocramfs: fix named-pipe handling
Al Viro [Wed, 20 Aug 2008 21:09:24 +0000 (14:09 -0700)]
cramfs: fix named-pipe handling

After commit a97c9bf33f4612e2aed6f000f6b1d268b6814f3c (fix cramfs
making duplicate entries in inode cache) in kernel 2.6.14, named-pipe
on cramfs does not work properly.

It seems the commit make all named-pipe on cramfs share their inode
(and named-pipe buffer).

Make ..._test() refuse to merge inodes with ->i_ino == 1, take inode setup
back to get_cramfs_inode() and make ->drop_inode() evict ones with ->i_ino
== 1 immediately.

Reported-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@kernel.org> [2.6.14 and later]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agofbdefio: add set_page_dirty handler to deferred IO FB
Ian Campbell [Wed, 20 Aug 2008 21:09:23 +0000 (14:09 -0700)]
fbdefio: add set_page_dirty handler to deferred IO FB

Fixes kernel BUG at lib/radix-tree.c:473.

Previously the handler was incidentally provided by tmpfs but this was
removed with:

  commit 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
  Author: Hugh Dickins <hugh@veritas.com>
  Date:   Mon Jul 28 15:46:19 2008 -0700

    tmpfs: fix kernel BUG in shmem_delete_inode

relying on this behaviour was incorrect in any case and the BUG also
appeared when the device node was on an ext3 filesystem.

v2: override a_ops at open() time rather than mmap() time to minimise
races per AKPM's concerns.

Signed-off-by: Ian Campbell <ijc@hellion.org.uk>
Cc: Jaya Kumar <jayakumar.lkml@gmail.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Johannes Weiner <hannes@saeurebad.de>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Kel Modderman <kel@otaku42.de>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Cc: <stable@kernel.org> [14fcc23fd is in 2.6.25.14 and 2.6.26.1]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agortc: rtc-ds1374: fix 'no irq' case handling
Anton Vorontsov [Wed, 20 Aug 2008 21:09:21 +0000 (14:09 -0700)]
rtc: rtc-ds1374: fix 'no irq' case handling

On a PowerPC board with ds1374 RTC I'm getting this error while RTC tries
to probe:

rtc-ds1374 0-0068: unable to request IRQ

This happens because I2C probing code (drivers/of/of_i2c.c) is specifying
IRQ0 for 'no irq' case, which is correct.

The driver handles this incorrectly, though. This patch fixes it.

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Cc: David Brownell <david-b@pacbell.net>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Acked-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agomm: xip/ext2 fix block allocation race
Nick Piggin [Wed, 20 Aug 2008 21:09:20 +0000 (14:09 -0700)]
mm: xip/ext2 fix block allocation race

XIP can call into get_xip_mem concurrently with the same file,offset with
create=1.  This usually maps down to get_block, which expects the page
lock to prevent such a situation.  This causes ext2 to explode for one
reason or another.

Serialise those calls for the moment.  For common usages today, I suspect
get_xip_mem rarely is called to create new blocks.  In future as XIP
technologies evolve we might need to look at which operations require
scalability, and rework the locking to suit.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Jared Hulbert <jaredeh@gmail.com>
Acked-by: Carsten Otte <cotte@freenet.de>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agomm: xip fix fault vs sparse page invalidate race
Nick Piggin [Wed, 20 Aug 2008 21:09:20 +0000 (14:09 -0700)]
mm: xip fix fault vs sparse page invalidate race

XIP has a race between sparse pages being inserted into page tables, and
sparse pages being zapped when its time to put a non-sparse page in.

What can happen is that a process can be left with a dangling sparse page
in a MAP_SHARED mapping, while the rest of the world sees the non-sparse
version.  Ie.  data corruption.

Guard these operations with a seqlock, making fault-in-sparse-pages the
slowpath, and try-to-unmap-sparse-pages the fastpath.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Jared Hulbert <jaredeh@gmail.com>
Acked-by: Carsten Otte <cotte@freenet.de>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agomm: dirty page tracking race fix
Nick Piggin [Wed, 20 Aug 2008 21:09:18 +0000 (14:09 -0700)]
mm: dirty page tracking race fix

There is a race with dirty page accounting where a page may not properly
be accounted for.

clear_page_dirty_for_io() calls page_mkclean; then TestClearPageDirty.

page_mkclean walks the rmaps for that page, and for each one it cleans and
write protects the pte if it was dirty.  It uses page_check_address to
find the pte.  That function has a shortcut to avoid the ptl if the pte is
not present.  Unfortunately, the pte can be switched to not-present then
back to present by other code while holding the page table lock -- this
should not be a signal for page_mkclean to ignore that pte, because it may
be dirty.

For example, powerpc64's set_pte_at will clear a previously present pte
before setting it to the desired value.  There may also be other code in
core mm or in arch which do similar things.

The consequence of the bug is loss of data integrity due to msync, and
loss of dirty page accounting accuracy.  XIP's __xip_unmap could easily
also be unreliable (depending on the exact XIP locking scheme), which can
lead to data corruption.

Fix this by having an option to always take ptl to check the pte in
page_check_address.

It's possible to retain this optimization for page_referenced and
try_to_unmap.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Jared Hulbert <jaredeh@gmail.com>
Cc: Carsten Otte <cotte@freenet.de>
Cc: Hugh Dickins <hugh@veritas.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>