Looks like this might be causing problems, at least for me on ppc. This
happened during a normal boot, right around first interface config/dhcp
run..
cpu 0x0: Vector: 300 (Data Access) at [c00000000147b820]
pc: c000000000435e5c: .sk_filter_delayed_uncharge+0x1c/0x60
lr: c0000000004360d0: .sk_attach_filter+0x170/0x180
sp: c00000000147baa0
msr: 9000000000009032
dar: 4
dsisr: 40000000
current = 0xc000000004780fa0
paca = 0xc000000000650480
pid = 1295, comm = dhclient3
0:mon> t
[c00000000147bb20] c0000000004360d0 .sk_attach_filter+0x170/0x180
[c00000000147bbd0] c000000000418988 .sock_setsockopt+0x788/0x7f0
[c00000000147bcb0] c000000000438a74 .compat_sys_setsockopt+0x4e4/0x5a0
[c00000000147bd90] c00000000043955c .compat_sys_socketcall+0x25c/0x2b0
[c00000000147be30] c000000000007508 syscall_exit+0x0/0x40
--- Exception: c01 (System Call) at 000000000ff618d8
SP (fffdf040) is in userspace
0:mon>
I.e. null pointer deref at sk_filter_delayed_uncharge+0x1c:
0:mon> di $.sk_filter_delayed_uncharge
c000000000435e40 7c0802a6 mflr r0
c000000000435e44 fbc1fff0 std r30,-16(r1)
c000000000435e48 7c8b2378 mr r11,r4
c000000000435e4c ebc2cdd0 ld r30,-12848(r2)
c000000000435e50 f8010010 std r0,16(r1)
c000000000435e54 f821ff81 stdu r1,-128(r1)
c000000000435e58 380300a4 addi r0,r3,164
c000000000435e5c 81240004 lwz r9,4(r4)
That's the deref of fp:
static void sk_filter_delayed_uncharge(struct sock *sk, struct sk_filter *fp)
{
unsigned int size = sk_filter_len(fp);
...
That is called from sk_attach_filter():
...
rcu_read_lock_bh();
old_fp = rcu_dereference(sk->sk_filter);
rcu_assign_pointer(sk->sk_filter, fp);
rcu_read_unlock_bh();
sk_filter_delayed_uncharge(sk, old_fp);
return 0;
...
So, looks like rcu_dereference() returned NULL. I don't know the
filter code at all, but it seems like it might be a valid case?
sk_detach_filter() seems to handle a NULL sk_filter, at least.
So, this needs review by someone who knows the filter, but it fixes the
problem for me:
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Majority of host drivers using IDE PCI layer set drive->autotune, the only
exceptions are:
generic.c
ns87415.c
rz1000.c
trm290.c
* no ->set_pio_mode method
it821x.c:
* if memory allocation fails drive->autotune won't be set
(but there also won't be ->set_pio_mode method in such case)
piix.c:
* MPIIX controller (no ->init_hwif method so also no ->set_pio_mode method)
However if there is no ->set_pio_mode method there are no changes in behavior
w.r.t. PIO tuning so always set drive->autotune in ide_pci_setup_ports().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Since cs5520 uses VDMA best PIO mode was tuned anyway by ide_dma_check()
but only if DMA was successfully initialized.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_LEGACY_IRQS host flag to tell ide_pci_setup_ports() to set
hwif->irq to legacy IRQ 14/15 (iff hwif->irq is not already set) and convert
atiixp, piix, serverworks, sis5513 and slc90e66 host drivers to use it.
While at it:
* In piix.c add IDE_HFLAGS_PIIX define and don't use ->init_hwif for MPIIX.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_SERIALIZE host flag to tell ide_pci_setup_ports() to set
hwif/mate->serialized and convert aec62xx, cs5530 and sc1200 host drivers
to use it.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_ERROR_STOPS_FIFO host flag and use it instead
of hwif->err_stops_fifo. As a side-effect this change fixes
hwif->err_stops_fifo not being restored by ide_hwif_restore().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add DECLARE_ICH_DEV() macro.
While at it:
* Add init_hwif_ich() (->init_hwif method) for ICH controllers.
* Rename init_chipset_piix() to init_chipset_ich() and use it only for
ICH controllers.
* Remove no longer needed piix_is_ichx() helper.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* No need to disable UDMA in ->init_hwif method for ATP850UF (and since we
now always tune PIO it will be disabled by ->set_pio_mode calls anyway).
* Bump driver version.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Merge init_setup_{svwks,csb6}() into svwks_init_one().
While at it:
* Remove redundant dev->device checks.
* Operate on a local copy of serverworks_chipsets[] entry.
* Use pci_resource_start().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Split off pdc20270_get_dev2() helper from init_setup_pdc20270().
* Merge init_setup_{pdcnew,pdc20270,pdc20276}() into pdc202new_init_one().
While at it:
* Change KERN_ level of interrupt fixup message from KERN_WARNING to KERN_INFO.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Split off hpt{374,371,366}_init() helper from init_setup_hpt{374,371,366}().
* Merge init_setup_{374,372n,371,372a,302,366}() into hpt366_init_one().
While at it:
* Use "HPT36x" name for HPT366/HPT368 chipsets.
* Add .chip_name to struct hpt_info and use it to set set d->name.
* Convert .max_ultra in struct hpt_info to .udma_mask and use it to set
d->udma_mask.
* Fix hpt302 to use HPT302_ALLOW_ATA133_6 define.
* Change HPT366/HPT374 interrupt fixup message from KERN_WARNING to KERN_INFO.
* Use the second hpt366_chipsets[] entry for HPT37x chipsets using HPT36x PCI
device ID and fix .enablebits/.host_flags for HPT36x hpt366_chipsets[] entry.
* Bump driver version.
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Merge init_setup_{aec62xx,aec6x80}() into aec62xx_init_one().
While at it:
* Use id->driver_data instead of dev->device.
* Use ATA_UDMA6 define.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Some places were using PCI_CLASS_REVISION instead of PCI_REVISION_ID so
they were not converted by commit 44c10138fd.
Cc: Auke Kok <auke-jan.h.kok@intel.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add ->mwdma_mask and ->swdma_mask to ide_pci_device_t.
* Set ide_hwif_t DMA masks using DMA masks from ide_pci_device_t in
setup-pci.c::ide_pci_setup_ports() (iff DMA base is valid and ->init_hwif
method may still override them).
* Convert IDE PCI host drivers to use ide_pci_device_t DMA masks.
While at it:
* Use ATA_{UDMA,MWDMA,SWDMA}* defines.
* hpt34x.c: add separate ide_pci_device_t instances for HPT343 and HPT345.
* serverworks.c: fix DMA masks being set before checking DMA base.
v2:
* Add missing masks to DECLARE_GENERIC_PCI_DEV() macro.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Documentation doesn't mention SWDMA and moreover all timings used
for SWDMA modes were over-clocked when compared to ATA spec.
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_NO_LBA48[_DMA] host flags, use it instead of hwif->no_lba48[_dma]
and then remove no longer needed hwif->no_lba48[_dma]. As a side-effect
this change fixes hwif->no_lba48_dma not being restored by ide_hwif_restore().
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Make ide_pci_device_t.host_flags u32 and add IDE_HFLAG_CS5520 host flag.
* Pass ide_pci_device_t *d to setup-pci.c::ide_get_or_set_dma_base()
and use d->name instead of hwif->cds->name.
* Set IDE_HFLAG_CS5520 host flag in cs5520 host driver and use it in
ide_get_or_set_dma_base() to find out which PCI BAR to use, remove no longer
needed cs5520.c::cs5520_init_setup_dma() and ide_pci_device_t.init_setup_dma.
This fixes PCI bus-mastering not being checked for CS5510/CS5520 hosts.
v2:
* It is wrong to check simplex bits on CS5510/CS5520 as v1 did.
(Noticed by Alan).
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_NO_{DMA,AUTODMA} host flags. Convert all host drivers using
ide_pci_device_t to use these flags instead of d->autodma and then remove no
longer needed d->autodma.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_BOOTABLE host flag and IDE_HFLAG_OFF_BOARD define. Convert
all host drivers using ide_pci_device_t to use IDE_HFLAG_{BOOTABLE,OFF_BOARD}
instead of d->bootable and then remove no longer needed d->bootable.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Add IDE_HFLAG_NO_ATAPI_DMA host flag and set it in host drivers which
don't support ATAPI DMA. Then remove no longer needed hwif->atapi_dma.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* Add DECLARE_GENERIC_PCI_DEV() macro to generic IDE PCI host driver
and use it to cleanup generic_chipsets[].
* Remove dead/obsolete code while at it.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
The cs5535 uses an incorrect construct to access the other drive of a pair,
causing it to access beyond an array boundary on the secondary interface.
This fixes it by using the new ide_get_paired_drive() helper instead.
Bart: patch description fixes
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andrew Morton <akpm@osdl.org>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
The siimage uses an incorrect construct to access the other drive of a pair,
causing it to access beyond an array boundary on the secondary interface.
This fixes it by using the new ide_get_paired_drive() helper instead.
Bart: patch description fixes
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andrew Morton <akpm@osdl.org>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
This adds a helper to get to the "other" drive on a pair connected
to a given hwif.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Andrew Morton <akpm@osdl.org>
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* ssh://master.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt:
hrtimer: hook compat_sys_nanosleep up to high res timer code
hrtimer: Rework hrtimer_nanosleep to make sys_compat_nanosleep easier
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[libata] kill ata_sg_is_last()
Update libata driver for bf548 atapi controller against the 2.6.24 tree.
libata-sff: Correct use of check_status()
drivers/ata: add support to Freescale 3.0Gbps SATA Controller
pata_acpi: fix build breakage if !CONFIG_PM
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] time: Move R4000 clockevent device code to separate configurable file
[MIPS] time: Delete dead cycles_per_jiffy, mips_timer_ack and null_timer_ack
[MIPS] IP32: Retire use of plat_timer_setup.
[MIPS] Jazz: Retire use of plat_timer_setup.
[MIPS] IP27: Convert to clock_event_device.
[MIPS] JMR3927: Convert to clock_event_device.
[MIPS] Always do the ARC64_TWIDDLE_PC thing.
It gets it indirectly from blkdev.h when CONFIG_BLOCK is enabled, but it
needs it unconditionally for the definition of mapping_cap_writeback_dirty.
Noticed and bisected down to 4af3c9cc4f
("Drop some headers from mm.h") by Avuton Olrich.
Cc: Avuton Olrich <avuton@gmail.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Also returns more accurate errors to mount for the cases of
account expired and password expired
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (51 commits)
[IPV6]: Fix again the fl6_sock_lookup() fixed locking
[NETFILTER]: nf_conntrack_tcp: fix connection reopening fix
[IPV6]: Fix race in ipv6_flowlabel_opt() when inserting two labels
[IPV6]: Lost locking in fl6_sock_lookup
[IPV6]: Lost locking when inserting a flowlabel in ipv6_fl_list
[NETFILTER]: xt_sctp: fix mistake to pass a pointer where array is required
[NET]: Fix OOPS due to missing check in dev_parse_header().
[TCP]: Remove lost_retrans zero seqno special cases
[NET]: fix carrier-on bug?
[NET]: Fix uninitialised variable in ip_frag_reasm()
[IPSEC]: Rename mode to outer_mode and add inner_mode
[IPSEC]: Disallow combinations of RO and AH/ESP/IPCOMP
[IPSEC]: Use the top IPv4 route's peer instead of the bottom
[IPSEC]: Store afinfo pointer in xfrm_mode
[IPSEC]: Add missing BEET checks
[IPSEC]: Move type and mode map into xfrm_state.c
[IPSEC]: Fix length check in xfrm_parse_spi
[IPSEC]: Move ip_summed zapping out of xfrm6_rcv_spi
[IPSEC]: Get nexthdr from caller in xfrm6_rcv_spi
[IPSEC]: Move tunnel parsing for IPv4 out of xfrm4_input
...
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC/64]: Consolidate of_register_driver
[SPARC] Videopix Frame Grabber: Convert device_lock_sem to mutex
[SPARC]: Support for new termios.
[SPARC64]: Check of_get_property() return in pci_determine_mem_io_space().
[SPARC64]: Fix boot failures due to bootmem.
[SPARC64]: Implement atomic backoff.
The async_tx interface includes a completion callback. This adds support
for using that callback, including using interrupts on completion.
[akpm@linux-foundation.org: various fixes]
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>