The following race is possible when one cpu unregisters the handler
while other one is trying to receive a message and call this one:
CPU1: CPU2:
inet_diag_rcv() inet_diag_unregister()
mutex_lock(&inet_diag_mutex);
netlink_rcv_skb(skb, &inet_diag_rcv_msg);
if (inet_diag_table[nlh->nlmsg_type] ==
NULL) /* false handler is still registered */
...
netlink_dump_start(idiagnl, skb, nlh,
inet_diag_dump, NULL);
cb = kzalloc(sizeof(*cb), GFP_KERNEL);
/* sleep here freeing memory
* or preempt
* or sleep later on nlk->cb_mutex
*/
spin_lock(&inet_diag_register_lock);
inet_diag_table[type] = NULL;
... spin_unlock(&inet_diag_register_lock);
synchronize_rcu();
/* CPU1 is sleeping - RCU quiescent
* state is passed
*/
return;
/* inet_diag_dump is finally called: */
inet_diag_dump()
handler = inet_diag_table[cb->nlh->nlmsg_type];
BUG_ON(handler == NULL);
/* OOPS! While we slept the unregister has set
* handler to NULL :(
*/
Grep showed, that the register/unregister functions are called
from init/fini module callbacks for tcp_/dccp_diag, so it's OK
to use the inet_diag_mutex to synchronize manipulations with the
inet_diag_table and the access to it.
Besides, as Herbert pointed out, asynchronous dumps should hold
this mutex as well, and thus, we provide the mutex as cb_mutex one.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This hook is protected with the RCU, so simple
if (br_should_route_hook)
br_should_route_hook(...)
is not enough on some architectures.
Use the rcu_dereference/rcu_assign_pointer in this case.
Fixed Stephen's comment concerning using the typeof().
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
In case the br_netfilter_init() (or any subsequent call)
fails, the br_fdb_fini() must be called to free the allocated
in br_fdb_init() br_fdb_cache kmem cache.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
I am not absolutely sure whether this actually is a bug (as in: I've got
no clue what the standards say or what other implementations do), but at
least I was pretty surprised when I noticed that a recv() on a
non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
oriented, after all) where the remote end has closed the connection
returned -1 (EAGAIN) rather than 0 to indicate end of file.
This is a test case:
| #include <sys/types.h>
| #include <unistd.h>
| #include <sys/socket.h>
| #include <sys/un.h>
| #include <fcntl.h>
| #include <string.h>
| #include <stdlib.h>
|
| int main(){
| int sock;
| struct sockaddr_un addr;
| char buf[4096];
| int pfds[2];
|
| pipe(pfds);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| addr.sun_family=AF_UNIX;
| strcpy(addr.sun_path,"/tmp/foobar_testsock");
| bind(sock,(struct sockaddr *)&addr,sizeof(addr));
| listen(sock,1);
| if(fork()){
| close(sock);
| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
| connect(sock,(struct sockaddr *)&addr,sizeof(addr));
| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
| close(pfds[1]);
| read(pfds[0],buf,sizeof(buf));
| recv(sock,buf,sizeof(buf),0); // <-- this one
| }else accept(sock,NULL,NULL);
| exit(0);
| }
If you try it, make sure /tmp/foobar_testsock doesn't exist.
The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
patch that fixes that.
Signed-off-by: Florian Zumbiehl <florz@florz.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fix misbehavior of vlan_dev_hard_start_xmit() for recursive encapsulations.
Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
sungem's gem_reset_task() will unconditionally try to disable NAPI even
when it's called while the interface is not operating and hence the NAPI
struct isn't enabled. Make napi_disable() depend on gp->running.
Also removes a superfluous test of gp->running in the same function.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
In order to work around old LILO versions providing an invalid ss
register, the current setup code always sets up a new stack,
immediately following .bss and the heap. But this breaks LOADLIN.
This rewrite of the workaround checks for an invalid stack (ss!=ds)
first, and leaves ss:sp alone otherwise (apart from aligning esp).
[hpa note: LOADLIN has a number of arbitrary hard-coded limits that
are being pushed up against. Without some major revision of LOADLIN
itself it will not be sustainable keeping it alive. This gives it
another brief lease on life, however. This patch also helps the
cmdline truncation problem with old versions of SYSLINUX.]
Signed-off-by: Jens Rottmann <JRottmann at LiPPERT-AT. de>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6:
sysfs: fix off-by-one error in fill_read_buffer()
kobject: two typo fixes
UIO: add UIO documentation target to DocBook Makefile
UIO: fix up the UIO documentation
create /sys/.../power when CONFIG_PM is set
allow LEGACY_PTYS to be set to 0
There should be a pci_dev_put when breaking out of a loop that iterates
over calls to pci_get_device and similar functions.
This was fixed using the following semantic patch.
// <smpl>
@@
identifier d;
type T;
expression e;
iterator for_each_pci_dev;
@@
T *d;
...
for_each_pci_dev(d)
{... when != pci_dev_put(d)
when != e = d
(
return d;
|
+ pci_dev_put(d);
? return ...;
)
...}
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The pcie protdrv status can be returned uninitialized,
if there are no children under a device. This leads to
bad responses downstream. Fix this.
Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Some CPUs in the S3C24XX series do not support readback of the
value of a pin when the pin has been configured to an IRQ.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If another driver wants to claim the vbus pin, say
to notify the user of an connect/disconnect then allow
the IRQ to be shared by specifiying IRQ_SHARED in the
flags.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fixup the fallout from the arch moves earlier in the kernel
series.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
This patch (as1018) adds an unusual_devs entry for the JetFlash
TS1GJF2A. This device doesn't like read requests for more than 188
sectors. Setting max_sectors down to 64 is overkill, but at least
it will work without errors.
For the torturous debugging history, see this thread:
http://marc.info/?t=118745764700005&r=1&w=2
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
A recent patch added software synchronization during EHCI startup,
so ports aren't switched away from the companion controllers after
resets have started. This patch adds a short delay letting hardware
finish that port switching before any new resets begin ... so both
ends of that hardware race window are closed.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Dave Miller <davem@davemloft.net>
Cc: Dely Sy <dely.l.sy@intel.com>
Cc: stable <stable@kernel.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
to make HAL like the microtek driver's devices the parent must be
correctly set.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1010) was written by both Kay Sievers and me. It solves
the problem of duplicated keys in USB uevent structures by refactoring
the uevent subroutines, taking advantage of the way the hotplug core
calls uevent handlers for the device's bus and for the device's type.
Keys needed for both USB-device and USB-interface events are added in
usb_uevent(), which is the bus handler. Keys appropriate only for
USB-device or USB-interface events are added in usb_dev_uevent() or
usb_if_uevent() respectively, the type handlers.
In addition, unnecessary tests for NULL pointers are removed as are
duplicated debugging log statements.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1009) solves the problem of multiple registrations for
USB sysfs files in a more satisfying way than the existing code. It
simply adds a flag to keep track of whether or not the files have been
created; that way the files can be created or removed as needed.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Per the maintainer of the usbserial/sierra.c driver, the patch below adds
a new id to the list of supported cards for the sierra driver. Tested and
working for me on Fedora 8, kernel 2.6.23 and on the more recent sierra.c
available in
http://www.sierrawireless.com/resources/support/Software/Linux/v.1.2.6b(kernel2.6.21).zip
Hardware is a MiniPCI card in a Lenovo T61p.
Signed-off-by: Andrew Gilmore <agilmore@wirelessbeehive.com>
Cc: Kevin Lloyd <linux@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Arnd Bergmann wrote:
usb_hcd_flush_endpoint() has a retry loop that starts with a spin_lock_irq(),
but only gives up the spinlock, not the irq_disable before jumping to the
rescan label.
Alan Stern:
I agree with your sentiment, but it would be better to solve this
problem without using local_irq_disable().
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Digging through old mail, I found a note about needing to remove the
separate entry for the USB HUB driver. It's not been separable from
usbcore (host side!) since quite early in the 2.4 kernel series.
And Johanness certainly isn't involved with it any more.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Another one in the "ok, this is trivial to fix" list... :-)
[PATCH] fix directory references in usb/README
Signed-off-by: Dirk Hohndel <hohndel@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Two main issues fixed here are:
- An improper use of in-struct lock to protect an open count
- Use of urb status for -EINPROGRESS
Also, along the way:
- Change usb_unlink_urb to usb_kill_urb. Apparently there's no need
to use usb_unlink_urb whatsoever in this driver, and the old use of
usb_kill_urb was outright racy (it unlinked and immediately freed).
- Fix indentation in adu_write. Looks like it was damaged by a script.
- Vitaly wants -EBUSY on multiply opens.
- bInterval was taken from a wrong endpoint.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Vitaliy Ivanov <vitalivanov@gmail.com>
Tested-by: Vitaliy Ivanov <vitalivanov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1014) was partly written by Tilman Schmidt. It
clarifies the USB power-management documentation by explaining that
when a disconnect occurs, a suspend method call might not be followed
by either a resume or a reset_resume call.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This trivial documentation patch corrects a comment in usbdevice_fs.h; it
previously suggested that the signal would only be sent on error, but I am
told that it is sent on both successful and unsuccessful completion, and
that zero indicates that no signal should be sent.
Signed-off-by: Phil Endecott <spam_from_usb_devel@chezphil.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In commit acd2a847e7 usb_serial_generic_write()
disables interrupts when taking &port->lock which is also taken in
usb_serial_generic_read_bulk_callback() resulting in an inconsistent lock state
due to the latter not disabling interrupts on the local cpu. Fix that by
disabling interrupts in the latter call site also.
Signed-off-by: Borislav Petkov <bbpetkov@yahoo.de>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
usbled has a race where show methods for attributes in sysfs can
follow a NULL pointer during disconnect. The correct ordering fixes
it.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1000) sets the SCSI allow_restart flag for USB disk
devices. In theory this should never hurt, and there definitely are
devices out there (such as the Seagate 250-GB external drive) which
need the flag to be set.
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
pl2303: add support for Corega CG-USBRS232R
This patch adds support for Corega CG-USBRS232R Serial Adapters.
Signed-off-by: Magnus Damm <damm@igel.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes some build errors ... unclear how this got past earlier tests.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a bug introduced by
commit b22817b3c8.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
I found that there is a off-by-one problem in the following code.
Version: 2.6.24-rc2
File: fs/sysfs/file.c:118-122
Function: fill_read_buffer
--------------------------------------------------------------------
count = ops->show(kobj, attr_sd->s_attr.attr, buffer->page);
sysfs_put_active_two(attr_sd);
BUG_ON(count > (ssize_t)PAGE_SIZE);
--------------------------------------------------------------------
Because according to the specification of the sysfs and the implement of
the show methods, the show methods return the number of bytes which would
be generated for the given input, excluding the trailing null.So if the
return value of the show methods equals PAGE_SIZE - 1, the buffer is full
in fact. And if the return value equals PAGE_SIZE, the resulting string
was already truncated,or buffer overflow occurred.
This patch fixes an off-by-one error in fill_read_buffer.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Tejun Heo <teheo@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes two typos from commit
34358c26a2.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Add the DocBook documentation for the Userspace I/O framework
to the Makefile.
Signed-off-by: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com>
Signed-off-by: Hans J Koch <hjk@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Remove references to the old uio_dummy demo module from UIO documentation.
Add a small paragraph to make it clearer that UIO is not a universal driver
interface.
Signed-off-by: Hans J Koch <hjk@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The CONFIG_SUSPEND changes in 2.6.23 caused a regression under certain
configuration conditions (SUSPEND=n, USB_AUTOSUSPEND=y) where all USB
device attributes in sysfs (idVendor, idProduct, ...) silently disappeared,
causing udev breakage and more.
The cause of this is that the /sys/.../power subdirectory is now only
created when CONFIG_PM_SLEEP is set, however, it should be created whenever
CONFIG_PM is set to handle the above situation. The following patch fixes
the regression.
Signed-off-by: Daniel Drake <dsd@gentoo.org>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The count of legacy pty devices can be set by a kernel commandline
parameter. For the distro kernel, we would like to disable all pty's
by default, but keep the opportunity to request devices on the kernel
commandline.
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Acked-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2.6.11 gave __GFP_ZERO's prep_zero_page a bogus "highmem may have to wait"
assertion. Presumably added under the misconception that clear_highpage
uses nonatomic kmap; but then and now it uses kmap_atomic, so no problem.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
which shmem_getpage receives the page from its caller instead of allocating.
We must cover this case by clear_highpage before SetPageUptodate, as before.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
sched: clean up kernel/sched_stat.h
sched: clean up overlong line in kernel/sched_debug.c
sched: clean up, move __sched_text_start/end to sched.h
sched: clean up sd_alloc_ctl_cpu_table() definition
softlockup: fix false positives on CONFIG_NOHZ
fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
only allow coredumping to the same uid that the coredumping
task runs under.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Alan Cox <alan@redhat.com>
Acked-by: Christoph Hellwig <hch@lst.de>
Acked-by: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>