This bug was always here, but before my commit 6fa02839bf
("recheck for secure ports in fh_verify"), it could only be triggered by
failure of a kmalloc(). After that commit it could be triggered by a
client making a request from a non-reserved port for access to an export
marked "secure". (Exports are "secure" by default.)
The result is a struct svc_export with a reference count one too low,
resulting in likely oopses next time the export is accessed.
The reference counting here is not straightforward; a later patch will
clean up fh_verify().
Thanks to Lukas Hejtmanek for the bug report and followup.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Lukas Hejtmanek <xhejtman@ics.muni.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The comments in the definition of struct export_operations don't match the
current members.
Add a comment for the 2 new functions and remove 2 comments for unused ones.
Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Acked-by: David Howells <dhowells@redhat.com>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Shut up "may be used uninitialised in this function" warnings due to
PPC32's implementation of dma_alloc_coherent().
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Currently, we do nothing to guarantee we have a consistent DMA buffer for
asynchronous receive packets. Rather than doing several sync's following a
dma_map_single() to get consistent buffers, just switch to using
dma_alloc_coherent().
Resolves constant buffer failures on my own x86_64 laptop w/4GB of RAM and
likely to fix a number of other failures witnessed on x86_64 systems with
4GB of RAM or more.
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Fix I/O errors due to SYM13FW500's inability to handle larger request
sizes. Reported by Piergiorgio Sartor <piergiorgio.sartor@nexgo.de> for
firewire-sbp2 in https://bugzilla.redhat.com/show_bug.cgi?id=436879
This fix is necessary because sbp2's default request size limit has been
lifted since 2.6.25-rc1.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Fix I/O errors due to SYM13FW500's inability to handle larger request
sizes. Reported by Piergiorgio Sartor <piergiorgio.sartor@nexgo.de> in
https://bugzilla.redhat.com/show_bug.cgi?id=436879
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Remove some less necessary information, point out that video1394 and
dv1394 should be blacklisted along with ohci1394.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Per the SBP-2 specification, all SBP-2 target devices must have a BUSY_TIMEOUT
register. Per the 1394-1995 specification, the retry_limt portion of the
register should be set to 0x0 initially, and set on the target by a logged in
initiator (i.e., a Linux host w/firewire controller(s)).
Well, as it turns out, lots of devices these days have actually moved on to
starting to implement SBP-3 compliance, which says that retry_limit should
default to 0xf instead (yes, SBP-3 stomps directly on 1394-1995, oops).
Prior to this change, the firewire driver stack didn't touch retry_limit, and
any SBP-3 compliant device worked fine, while SBP-2 compliant ones were unable
to retransmit when the host returned an ack_busy_X, which resulted in stalled
out I/O, eventually causing the SCSI layer to give up and offline the device.
The simple fix is for us to set retry_limit to 0xf in the register for all
devices (which actually matches what the old ieee1394 stack did).
Prior to this change, a hard disk behind an SBP-2 Prolific PL-3507 bridge chip
would routinely encounter buffer I/O errors and wind up offlined by the SCSI
layer. With this change, I've encountered zero I/O failures moving tens of GB
of data around.
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Mostly copied from ohci1394.c. Necessary for some older Macs, e.g.
PowerBook G3 Pismo and early PowerBook G4 Titanium.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Copied from ohci1394.c. This code is necessary to prevent machine check
exceptions when reloading or resuming the driver.
Tested on a 1st generation PowerBook G4 Titanium, which also needs the
pci_probe() hunk.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
I was able to reproduce the system exception on resume with a 3rd-gen
Titanium PowerBook G4 667, and this patch does let the system resume
successfully now.
Not quite clear if there was possibly an updated version coming using
pci_enable_device() instead of the pair of pmac_call_feature() calls,
but either way, this is a definite must-have, at least for older ppc
macs -- my Aluminum PowerBook G4/1.67 suspends and resumes without this
patch just fine.
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Kills warnings from 'make C=1 CHECKFLAGS="-D__CHECK_ENDIAN__" modules':
drivers/firewire/fw-transaction.c:771:10: warning: incorrect type in assignment (different base types)
drivers/firewire/fw-transaction.c:771:10: expected unsigned int [unsigned] [usertype] <noident>
drivers/firewire/fw-transaction.c:771:10: got restricted unsigned int [usertype] <noident>
drivers/firewire/fw-transaction.h:93:10: warning: incorrect type in assignment (different base types)
drivers/firewire/fw-transaction.h:93:10: expected unsigned int [unsigned] [usertype] <noident>
drivers/firewire/fw-transaction.h:93:10: got restricted unsigned int [usertype] <noident>
drivers/firewire/fw-ohci.c:1490:8: warning: restricted degrades to integer
drivers/firewire/fw-ohci.c:1490:35: warning: restricted degrades to integer
drivers/firewire/fw-ohci.c:1516:5: warning: cast to restricted type
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
The generation of incoming requests was filled in in wrong byte order on
machines with big endian CPU.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
Indirect scanning ('iwlist scan') should report information about
hidden APs. When an AP is hidden it does not respond to active scanning,
we thus have to use passive scanning to locate these APs.
This fixes http://bughost.org/bugzilla/show_bug.cgi?id=1499
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Tested-by: Bill Moss <bmoss@clemson.edu>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch moves a number to an understandable define
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fix debug print out endianity issue for bitmap
Since u64 and le64 variables are casted to unsigned long long,
after patch 'wireless: correct warnings from using '%llx' for type 'u64'
also bitmaps need to be converted to native endianity
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch puts in use eeprom from iwlcore module
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Also fix a copy and paste error in header of iwl-core.c. This file
is not dual licensed.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch removes iwlYYY_BROADCAST_ID from run time usage.
hw_setting.sta_bcast_id is used instead.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This adds support for reading/writing the SPROM invariants
for PCMCIA based devices.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Only rt2400pci can have the preamble bit set in the PLCP value,
for all other drivers it should not be cleared since that will
conflict with the plcp values for OFDM rates.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
After sampling hundreds of RX frame descriptors,
the results were conclusive:
- The Ralink documentation regarding the SIGNAL and RSSI are wrong.
It turns out that of the 5 BBR registers, we should not use BBR0 and BBR1
for SIGNAL and RSSI respectively, but actually BBR1 and BBR2.
BBR0 does show values, but the exact meaning remains unclear,
but they cannot be translated into a SIGNAL or RSSI field.
BBR3, BBR4 and BBR5 are always 0, so their meaning is unknown.
As it turns out, the reported SIGNAL is the PLCP value, this
in contradiction to what was expected looking at rt2500pci which
only reported the PLCP values for OFDM rates and bitrate values
for CCK rates.
This means we should let the driver raise the flag about the contents
of the SIGNAL field so rt2x00lib can always do the right thing based
on what the driver reports.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Due to a terrible typo the RX DMA base address
was initialized to the beacon base address.
Obviously bad things happen with bugs like that....
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The basic rate which is configured in the register
should not match all supported rates, but only the _basic_ rates.
Fix this by adding a new flag to the rt2x00_rate structure
and whenever the mode is changed, loop over all available rates
for that band to get the basic rate mask.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Whatever mode we are in, according to the legacy drivers
we should always enable TSF ticking/counting.
We should also always enable the TBCN/TBTT field,
this field is only disabled during beacon regeneration.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00dev isn't interested in the rt2x00leds_register() value
anyway. So lets make it return void to even prevent people from
assuming there is anybody interested in the returnvalue.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IPoIB: Allocate priv->tx_ring with vmalloc()
IPoIB/cm: Set tx_wr.num_sge in connected mode post_send()
IPoIB: Don't drop multicast sends when they can be queued
IB/ipath: Reset the retry counter for RDMA_READ_RESPONSE_MIDDLE packets
IB/ipath: Fix error completion put on send CQ instead of recv CQ
IB/ipath: Fix RC QP initialization
IB/ipath: Fix potentially wrong RNR retry counter returned in ipath_query_qp()
IB/ipath: Fix IB compliance problems with link state vs physical state
Commit 681cc5cd3e ("iommu sg merging:
swiotlb: respect the segment boundary limits") introduced two
possibilities for entering an endless loop in lib/swiotlb.c:
- if max_slots is zero (possible if mask is ~0UL)
- if the number of slots requested fits into a swiotlb segment, but is
too large for the part of a segment which remains after considering
offset_slots
This fixes them
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (32 commits)
ACPI: thermal: show temperature in millidegree Celsius
thermal: fix generic thermal I/F for hwmon
acer-wmi: build depends on i8042
documentation: Move power-related files to Documentation/power/
ACPI: buffer array too short in drivers/acpi/system.c
acer-wmi: Add DMI quirk for mail LED support on Acer Aspire 3610/ 5610
acer-wmi: Fix DSDT path in documentation
acer-wmi: Make device detection error messages more descriptive
laptops: move laptop-mode.txt to Documentation/laptops/
ACPICA: Warn if packages with invalid references are evaluated
ACPI: add _PRT quirks to work around broken firmware
Hibernation: Fix mark_nosave_pages()
ACPI: Ignore _BQC object when registering backlight device
ACPI: WMI: Clean up handling of spec violating data blocks
acer-wmi: Don't warn if mail LED cannot be detected
acer-wmi: Rename mail LED correctly & remove hardcoded colour
ACPI: use ACPI_DEBUG_PRINT instead of printk in acpi_processor_hotplug_notify()
ACPI: button: make real parent for input devices in device tree
toshiba_acpi: Enable autoloading
ACPI: EC: Handle IRQ storm on Acer laptops
...
Floppy rmmod locks up when no such hardware was initialized, since there is
nobody to wake the remove code up. Remove the completion, because release is
called during platform_unregister anyway.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Honor the environment variable "KBUILD_VERBOSE=1" (as set by make V=1) to
enable verbose mode in scripts/kernel-doc. Useful for getting more info and
warnings from kernel-doc.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
iommu_is_span_boundary in lib/iommu-helper.c was exported for PARISC IOMMUs
(commit 3715863aa1). Alpha's IOMMU can use it.
This removes the check on the boundary size alignment because
iommu_is_span_boundary does.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Richard Henderson <rth@twiddle.net>
Acked-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In riscom8_init_module, rc_board should be indexed by i, not by 0, otherwise
the loop is useless.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
SPI controller drivers return number of bytes actually transfered from
bitbang->txrx_bufs() method. This updates handling of short transfers (where
the transfer size is less than requested):
- Even zero byte short transfers should report errors;
- Include short transfers in the total of transferred bytes;
- Use EREMOTEIO (like USB) not EMSGSIZE to report short transfers
Short transfers don't normally mean invalid message sizes, but if the
underlying controller driver needs to use EMSGSIZE it can still do so.
[db: fix two more minor issues]
Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Remove struct pt_regs *regs from prototype of au1550_spi_irq handler to avoid
warning in request_irq(). Also fix comment type leadin.
Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com>
Signed-off-by: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro wrote:
>
> After that commit in asm-h8300/uaccess.h we have
>
> #define get_user(x, ptr) \
> ({ \
> int __gu_err = 0; \
> uint32_t __gu_val = 0; \
> ^^^^^^^^^^^^^^^^^
> switch (sizeof(*(ptr))) { \
> case 1: \
> case 2: \
> case 4: \
> __gu_val = *(ptr); \
> break; \
> case 8: \
> memcpy(&__gu_val, ptr, sizeof (*(ptr))); \
> ^^^^^^^^^^^^^^^^
>
> which, of course, is FUBAR whenever we actually hit that case - memcpy of
> 8 bytes into uint32_t is obviously wrong. Why don't we simply do
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Smackfs write() implementation does not put a higher bound on the number of
bytes to copy from user-space. This may lead to a DOS attack if a malicious
`count' field is given.
Assure that given `count' is exactly the length needed for a /smack/load rule.
In case of /smack/cipso where the length is relative, assure that `count'
does not exceed the size needed for a buffer representing maximum possible
number of CIPSO 2.2 categories.
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rename config_preamble() to config_erp() and cleanup argument
list by putting it all into a single structure.
This will make the function more meaningful and easier to
expand later. This second option is mostly intended to make
the patch "mac80211: proper short-slot handling" from Johannes Berg
easier to apply for rt2x00.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When mac sets the IEEE80211_TXCTL_SEND_AFTER_DTIM flag, we should
check if the ATIM queue is available in the driver and put the
frame in that queue for proper behavior (send frame after beacon interval).
Unfortunately not all drivers have this ATIM queue, and will lack
this feature for now.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00lib should filter SW diversity out before sending any configuration
changes to the driver. When rt2x00lib fails to do this, it is important
that such events are reported because it _must_ be fixed.
So upgrading the error level to a BUG_ON() which will make sure
this bug gets noticed whenever it happens.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
rt2x00lib depended on 2 crc algorithms because rt61/rt73
use a different algorithm then rt2800. This means that
even when only 1 algorithm was needed, the dependency was
still present for both.
By moving the checksum generation to the driver we can clean
up 2 annoying flags (which indicated which checksum was required)
and move the dependency to where it belongs: the driver.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The queue->lock could be grabbed from interrupt context,
which could lead to lockdep panic like this:
kernel: ======================================================
kernel: [ INFO: soft-safe -> soft-unsafe lock order detected ]
kernel: 2.6.25-0.95.rc4.fc9 #1
kernel: ------------------------------------------------------
kernel: rt2500pci/1251 [HC0[0]:SC0[1]:HE1:SE0] is trying to acquire:
kernel: (&queue->lock){--..}, at: [<ffffffff88213339>] rt2x00queue_get_entry+0x5a/0x81 [rt2x00lib]
kernel:
kernel: and this task is already holding:
kernel: (_xmit_IEEE80211){-...}, at: [<ffffffff8122e9a3>] __qdisc_run+0x84/0x1a9
kernel: which would create a new lock dependency:
kernel: (_xmit_IEEE80211){-...} -> (&queue->lock){--..}
kernel:
kernel: but this new dependency connects a soft-irq-safe lock:
kernel: (_xmit_ETHER){-+..}
kernel: ... which became soft-irq-safe at:
kernel: [<ffffffffffffffff>] 0xffffffffffffffff
kernel:
kernel: to a soft-irq-unsafe lock:
kernel: (&queue->lock){--..}
kernel: ... which became soft-irq-unsafe at:
kernel: ... [<ffffffff810545a2>] __lock_acquire+0x62d/0xd63
kernel: [<ffffffff81054d36>] lock_acquire+0x5e/0x78
kernel: [<ffffffff812a1497>] _spin_lock+0x26/0x53
kernel: [<ffffffff88212f98>] rt2x00queue_reset+0x16/0x40 [rt2x00lib]
kernel: [<ffffffff88212fd4>] rt2x00queue_alloc_entries+0x12/0xab [rt2x00lib]
kernel: [<ffffffff88213091>] rt2x00queue_initialize+0x24/0xf2 [rt2x00lib]
kernel: [<ffffffff88212036>] rt2x00lib_start+0x3b/0xd4 [rt2x00lib]
kernel: [<ffffffff88212609>] rt2x00mac_start+0x18/0x1a [rt2x00lib]
kernel: [<ffffffff881b9a4b>] ieee80211_open+0x1f3/0x46d [mac80211]
kernel: [<ffffffff8121d980>] dev_open+0x4d/0x8b
kernel: [<ffffffff8121d41e>] dev_change_flags+0xaf/0x172
kernel: [<ffffffff81224fc2>] do_setlink+0x276/0x338
kernel: [<ffffffff81225198>] rtnl_setlink+0x114/0x116
kernel: [<ffffffff812262fc>] rtnetlink_rcv_msg+0x1d8/0x1f9
kernel: [<ffffffff8123649a>] netlink_rcv_skb+0x3e/0xac
kernel: [<ffffffff8122611a>] rtnetlink_rcv+0x29/0x33
kernel: [<ffffffff81235eed>] netlink_unicast+0x1fe/0x26b
kernel: [<ffffffff81236224>] netlink_sendmsg+0x2ca/0x2dd
kernel: [<ffffffff812103b3>] sock_sendmsg+0xfd/0x120
kernel: [<ffffffff812105a8>] sys_sendmsg+0x1d2/0x23c
kernel: [<ffffffff8100c1c7>] tracesys+0xdc/0xe1
kernel: [<ffffffffffffffff>] 0xffffffffffffffff
This can be fixed by using the irqsave/irqrestore versions
during the queue->lock handling.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix trivial log message.
Signed-off-by: Luis Correia <luis.f.correia@gmail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When fixing up the packet alignment, if we had to add 2 bytes to the front of
the skb we need to remember to take them off the end afterwards. This fixes
reception of encrypted packets which were otherwise failing with an invalid
ICV.
Signed-off-by: Adam Baker <linux@baker-net.org.uk>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
