Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jun 18, 2012
  1. sunxi: clean the remaining license problem

    Tom Cubie authored
Commits on May 13, 2012
  1. @amery

    bt: rfkill: add sunxi rfkill driver

    yemao authored amery committed
Commits on May 10, 2012
  1. ipv6: check return value for dst_alloc

    Madalin Bucur authored JP Abgrall committed
    return value of dst_alloc must be checked before use
    
    Signed-off-by: Madalin Bucur <madalin.bucur@freescale.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  2. net: check return value for dst_alloc

    Madalin Bucur authored JP Abgrall committed
    return value of dst_alloc must be checked before use
    
    Signed-off-by: Madalin Bucur <madalin.bucur@freescale.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Commits on May 8, 2012
  1. @toddpoynor
Commits on May 7, 2012
  1. @nbd168 @gregkh

    mac80211: fix AP mode EAP tx for VLAN stations

    nbd168 authored gregkh committed
    commit 66f2c99 upstream.
    
    EAP frames for stations in an AP VLAN are sent on the main AP interface
    to avoid race conditions wrt. moving stations.
    For that to work properly, sta_info_get_bss must be used instead of
    sta_info_get when sending EAP packets.
    Previously this was only done for cooked monitor injected packets, so
    this patch adds a check for tx->skb->protocol to the same place.
    
    Signed-off-by: Felix Fietkau <nbd@openwrt.org>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  2. @jmberg @gregkh

    nl80211: ensure interface is up in various APIs

    jmberg authored gregkh committed
    commit 2b5f8b0 upstream.
    [backported by Ben Greear]
    
    The nl80211 handling code should ensure as much as
    it can that the interface is in a valid state, it
    can certainly ensure the interface is running.
    
    Not doing so can cause calls through mac80211 into
    the driver that result in warnings and unspecified
    behaviour in the driver.
    
    Reported-by: Ben Greear <greearb@candelatech.com>
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Ben Greear <greearb@candelatech.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commits on May 4, 2012
  1. netfilter: xt_qtaguid: start tracking iface rx/tx at low level

    JP Abgrall authored
    qtaguid tracks the device stats by monitoring when it goes up and down,
    then it gets the dev_stats().
    But devs don't correctly report stats (either they don't count headers
    symmetrically between rx/tx, or they count internal control messages).
    
    Now qtaguid counts the rx/tx bytes/packets during raw:prerouting and
    mangle:postrouting (nat is not available in ipv6).
    
    The results are in
      /proc/net/xt_qtaguid/iface_stat_fmt
    which outputs a format line (bash expansion):
      ifname  total_skb_{rx,tx}_{bytes,packets}
    
    Added event counters for pre/post handling.
    Added extra ctrl_*() pid/uid debugging.
    
    Change-Id: Id84345d544ad1dd5f63e3842cab229e71d339297
    Signed-off-by: JP Abgrall <jpa@google.com>
  2. netfilter: xt_IDLETIMER: Use uevent instead of new netlink msg type

    JP Abgrall authored
    Send netlink message notifications using a uevent with
      subsystem=xt_idletimer
      INTERFACE=...
      STATE={active,inactive}
    instead of needing a new netlink message type.
    Revert the netlink.h change added by commit
      beb914e
    
    Change-Id: I6881936bf754f3367ff3c8f6c1e9661cec0357d4
    Signed-off-by: JP Abgrall <jpa@google.com>
Commits on Apr 30, 2012
  1. @toddpoynor
Commits on Apr 27, 2012
  1. @gregkh

    tcp: fix TCP_MAXSEG for established IPv6 passive sockets

    Neal Cardwell authored gregkh committed
    [ Upstream commit d135c52 ]
    
    Commit f5fff5d forgot to fix TCP_MAXSEG behavior IPv6 sockets, so IPv6
    TCP server sockets that used TCP_MAXSEG would find that the advmss of
    child sockets would be incorrect. This commit mirrors the advmss logic
    from tcp_v4_syn_recv_sock in tcp_v6_syn_recv_sock. Eventually this
    logic should probably be shared between IPv4 and IPv6, but this at
    least fixes this issue.
    
    Signed-off-by: Neal Cardwell <ncardwell@google.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  2. @ebiederm @gregkh

    net ax25: Reorder ax25_exit to remove races.

    ebiederm authored gregkh committed
    [ Upstream commit 3adadc0 ]
    
    While reviewing the sysctl code in ax25 I spotted races in ax25_exit
    where it is possible to receive notifications and packets after already
    freeing up some of the data structures needed to process those
    notifications and updates.
    
    Call unregister_netdevice_notifier early so that the rest of the cleanup
    code does not need to deal with network devices.  This takes advantage
    of my recent enhancement to unregister_netdevice_notifier to send
    unregister notifications of all network devices that are current
    registered.
    
    Move the unregistration for packet types, socket types and protocol
    types before we cleanup any of the ax25 data structures to remove the
    possibilities of other races.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @gregkh

    netns: do not leak net_generic data on failed init

    Julian Anastasov authored gregkh committed
    [ Upstream commit b922934 ]
    
    ops_init should free the net_generic data on
    init failure and __register_pernet_operations should not
    call ops_free when NET_NS is not enabled.
    
    Signed-off-by: Julian Anastasov <ja@ssi.bg>
    Reviewed-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  4. @gregkh

    tcp: fix tcp_grow_window() for large incoming frames

    Eric Dumazet authored gregkh committed
    [ Upstream commit 4d846f0 ]
    
    tcp_grow_window() has to grow rcv_ssthresh up to window_clamp, allowing
    sender to increase its window.
    
    tcp_grow_window() still assumes a tcp frame is under MSS, but its no
    longer true with LRO/GRO.
    
    This patch fixes one of the performance issue we noticed with GRO on.
    
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Cc: Neal Cardwell <ncardwell@google.com>
    Cc: Tom Herbert <therbert@google.com>
    Acked-by: Neal Cardwell <ncardwell@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. @dpward @gregkh

    net_sched: gred: Fix oops in gred_dump() in WRED mode

    dpward authored gregkh committed
    [ Upstream commit 244b65d ]
    
    A parameter set exists for WRED mode, called wred_set, to hold the same
    values for qavg and qidlestart across all VQs. The WRED mode values had
    been previously held in the VQ for the default DP. After these values
    were moved to wred_set, the VQ for the default DP was no longer created
    automatically (so that it could be omitted on purpose, to have packets
    in the default DP enqueued directly to the device without using RED).
    
    However, gred_dump() was overlooked during that change; in WRED mode it
    still reads qavg/qidlestart from the VQ for the default DP, which might
    not even exist. As a result, this command sequence will cause an oops:
    
    tc qdisc add dev $DEV handle $HANDLE parent $PARENT gred setup \
        DPs 3 default 2 grio
    tc qdisc change dev $DEV handle $HANDLE gred DP 0 prio 8 $RED_OPTIONS
    tc qdisc change dev $DEV handle $HANDLE gred DP 1 prio 8 $RED_OPTIONS
    
    This fixes gred_dump() in WRED mode to use the values held in wred_set.
    
    Signed-off-by: David Ward <david.ward@ll.mit.edu>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  6. @gregkh

    tcp: fix tcp_rcv_rtt_update() use of an unscaled RTT sample

    Neal Cardwell authored gregkh committed
    [ Upstream commit 18a223e ]
    
    Fix a code path in tcp_rcv_rtt_update() that was comparing scaled and
    unscaled RTT samples.
    
    The intent in the code was to only use the 'm' measurement if it was a
    new minimum.  However, since 'm' had not yet been shifted left 3 bits
    but 'new_sample' had, this comparison would nearly always succeed,
    leading us to erroneously set our receive-side RTT estimate to the 'm'
    sample when that sample could be nearly 8x too high to use.
    
    The overall effect is to often cause the receive-side RTT estimate to
    be significantly too large (up to 40% too large for brief periods in
    my tests).
    
    Signed-off-by: Neal Cardwell <ncardwell@google.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  7. @gregkh

    net: fix a race in sock_queue_err_skb()

    Eric Dumazet authored gregkh committed
    [ Upstream commit 110c433 ]
    
    As soon as an skb is queued into socket error queue, another thread
    can consume it, so we are not allowed to reference skb anymore, or risk
    use after free.
    
    Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  8. @gregkh

    netlink: fix races after skb queueing

    Eric Dumazet authored gregkh committed
    [ Upstream commit 4a7e7c2 ]
    
    As soon as an skb is queued into socket receive_queue, another thread
    can consume it, so we are not allowed to reference skb anymore, or risk
    use after free.
    
    Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  9. @sashalevin @gregkh

    phonet: Check input from user before allocating

    sashalevin authored gregkh committed
    [ Upstream commit bcf1b70 ]
    
    A phonet packet is limited to USHRT_MAX bytes, this is never checked during
    tx which means that the user can specify any size he wishes, and the kernel
    will attempt to allocate that size.
    
    In the good case, it'll lead to the following warning, but it may also cause
    the kernel to kick in the OOM and kill a random task on the server.
    
    [ 8921.744094] WARNING: at mm/page_alloc.c:2255 __alloc_pages_slowpath+0x65/0x730()
    [ 8921.749770] Pid: 5081, comm: trinity Tainted: G        W    3.4.0-rc1-next-20120402-sasha #46
    [ 8921.756672] Call Trace:
    [ 8921.758185]  [<ffffffff810b2ba7>] warn_slowpath_common+0x87/0xb0
    [ 8921.762868]  [<ffffffff810b2be5>] warn_slowpath_null+0x15/0x20
    [ 8921.765399]  [<ffffffff8117eae5>] __alloc_pages_slowpath+0x65/0x730
    [ 8921.769226]  [<ffffffff81179c8a>] ? zone_watermark_ok+0x1a/0x20
    [ 8921.771686]  [<ffffffff8117d045>] ? get_page_from_freelist+0x625/0x660
    [ 8921.773919]  [<ffffffff8117f3a8>] __alloc_pages_nodemask+0x1f8/0x240
    [ 8921.776248]  [<ffffffff811c03e0>] kmalloc_large_node+0x70/0xc0
    [ 8921.778294]  [<ffffffff811c4bd4>] __kmalloc_node_track_caller+0x34/0x1c0
    [ 8921.780847]  [<ffffffff821b0e3c>] ? sock_alloc_send_pskb+0xbc/0x260
    [ 8921.783179]  [<ffffffff821b3c65>] __alloc_skb+0x75/0x170
    [ 8921.784971]  [<ffffffff821b0e3c>] sock_alloc_send_pskb+0xbc/0x260
    [ 8921.787111]  [<ffffffff821b002e>] ? release_sock+0x7e/0x90
    [ 8921.788973]  [<ffffffff821b0ff0>] sock_alloc_send_skb+0x10/0x20
    [ 8921.791052]  [<ffffffff824cfc20>] pep_sendmsg+0x60/0x380
    [ 8921.792931]  [<ffffffff824cb4a6>] ? pn_socket_bind+0x156/0x180
    [ 8921.794917]  [<ffffffff824cb50f>] ? pn_socket_autobind+0x3f/0x90
    [ 8921.797053]  [<ffffffff824cb63f>] pn_socket_sendmsg+0x4f/0x70
    [ 8921.798992]  [<ffffffff821ab8e7>] sock_aio_write+0x187/0x1b0
    [ 8921.801395]  [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
    [ 8921.803501]  [<ffffffff8111842c>] ? __lock_acquire+0x42c/0x4b0
    [ 8921.805505]  [<ffffffff821ab760>] ? __sock_recv_ts_and_drops+0x140/0x140
    [ 8921.807860]  [<ffffffff811e07cc>] do_sync_readv_writev+0xbc/0x110
    [ 8921.809986]  [<ffffffff811958e7>] ? might_fault+0x97/0xa0
    [ 8921.811998]  [<ffffffff817bd99e>] ? security_file_permission+0x1e/0x90
    [ 8921.814595]  [<ffffffff811e17e2>] do_readv_writev+0xe2/0x1e0
    [ 8921.816702]  [<ffffffff810b8dac>] ? do_setitimer+0x1ac/0x200
    [ 8921.818819]  [<ffffffff810e2ec1>] ? get_parent_ip+0x11/0x50
    [ 8921.820863]  [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
    [ 8921.823318]  [<ffffffff811e1926>] vfs_writev+0x46/0x60
    [ 8921.825219]  [<ffffffff811e1a3f>] sys_writev+0x4f/0xb0
    [ 8921.827127]  [<ffffffff82658039>] system_call_fastpath+0x16/0x1b
    [ 8921.829384] ---[ end trace dffe390f30db9eb7 ]---
    
    Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
    Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  10. @gregkh

    ipv6: fix array index in ip6_mc_add_src()

    RongQing.Li authored gregkh committed
    [ Upstream commit 78d5021 ]
    
    Convert array index from the loop bound to the loop index.
    
    And remove the void type conversion to ip6_mc_del1_src() return
    code, seem it is unnecessary, since ip6_mc_del1_src() does not
    use __must_check similar attribute, no compiler will report the
    warning when it is removed.
    
    v2: enrich the commit header
    
    Signed-off-by: RongQing.Li <roy.qing.li@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  11. @herbertx @gregkh

    bridge: Do not send queries on multicast group leaves

    herbertx authored gregkh committed
    [ Upstream commit 996304b ]
    
    As it stands the bridge IGMP snooping system will respond to
    group leave messages with queries for remaining membership.
    This is both unnecessary and undesirable.  First of all any
    multicast routers present should be doing this rather than us.
    What's more the queries that we send may end up upsetting other
    multicast snooping swithces in the system that are buggy.
    
    In fact, we can simply remove the code that send these queries
    because the existing membership expiry mechanism doesn't rely
    on them anyway.
    
    So this patch simply removes all code associated with group
    queries in response to group leave messages.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  12. @gregkh

    sctp: Allow struct sctp_event_subscribe to grow without breaking bina…

    Thomas Graf authored gregkh committed
    …ries
    
    [ Upstream commit acdd598 ]
    
    getsockopt(..., SCTP_EVENTS, ...) performs a length check and returns
    an error if the user provides less bytes than the size of struct
    sctp_event_subscribe.
    
    Struct sctp_event_subscribe needs to be extended by an u8 for every
    new event or notification type that is added.
    
    This obviously makes getsockopt fail for binaries that are compiled
    against an older versions of <net/sctp/user.h> which do not contain
    all event types.
    
    This patch changes getsockopt behaviour to no longer return an error
    if not enough bytes are being provided by the user. Instead, it
    returns as much of sctp_event_subscribe as fits into the provided buffer.
    
    This leads to the new behavior that users see what they have been aware
    of at compile time.
    
    The setsockopt(..., SCTP_EVENTS, ...) API is already behaving like this.
    
    Signed-off-by: Thomas Graf <tgraf@suug.ch>
    Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  13. @gregkh

    tcp: allow splice() to build full TSO packets

    Eric Dumazet authored gregkh committed
    [ This combines upstream commit
      2f53384 and the follow-on bug fix
      commit 35f9c09 ]
    
    vmsplice()/splice(pipe, socket) call do_tcp_sendpages() one page at a
    time, adding at most 4096 bytes to an skb. (assuming PAGE_SIZE=4096)
    
    The call to tcp_push() at the end of do_tcp_sendpages() forces an
    immediate xmit when pipe is not already filled, and tso_fragment() try
    to split these skb to MSS multiples.
    
    4096 bytes are usually split in a skb with 2 MSS, and a remaining
    sub-mss skb (assuming MTU=1500)
    
    This makes slow start suboptimal because many small frames are sent to
    qdisc/driver layers instead of big ones (constrained by cwnd and packets
    in flight of course)
    
    In fact, applications using sendmsg() (adding an additional memory copy)
    instead of vmsplice()/splice()/sendfile() are a bit faster because of
    this anomaly, especially if serving small files in environments with
    large initial [c]wnd.
    
    Call tcp_push() only if MSG_MORE is not set in the flags parameter.
    
    This bit is automatically provided by splice() internals but for the
    last page, or on all pages if user specified SPLICE_F_MORE splice()
    flag.
    
    In some workloads, this can reduce number of sent logical packets by an
    order of magnitude, making zero-copy TCP actually faster than
    one-copy :)
    
    Reported-by: Tom Herbert <therbert@google.com>
    Cc: Nandita Dukkipati <nanditad@google.com>
    Cc: Neal Cardwell <ncardwell@google.com>
    Cc: Tom Herbert <therbert@google.com>
    Cc: Yuchung Cheng <ycheng@google.com>
    Cc: H.K. Jerry Chu <hkchu@google.com>
    Cc: Maciej Żenczykowski <maze@google.com>
    Cc: Mahesh Bandewar <maheshb@google.com>
    Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
    Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  14. @gregkh

    cfg80211: fix interface combinations check.

    Lukasz Kucharczyk authored gregkh committed
    commit e55a404 upstream.
    
    Signed-off-by: Lukasz Kucharczyk <lukasz.kucharczyk@tieto.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commits on Apr 22, 2012
  1. @jhovold @gregkh

    Bluetooth: hci_core: fix NULL-pointer dereference at unregister

    jhovold authored gregkh committed
    commit 9432496 upstream.
    
    Make sure hci_dev_open returns immediately if hci_dev_unregister has
    been called.
    
    This fixes a race between hci_dev_open and hci_dev_unregister which can
    lead to a NULL-pointer dereference.
    
    Bug is 100% reproducible using hciattach and a disconnected serial port:
    
    0. # hciattach -n /dev/ttyO1 any noflow
    
    1. hci_dev_open called from hci_power_on grabs req lock
    2. hci_init_req executes but device fails to initialise (times out
       eventually)
    3. hci_dev_open is called from hci_sock_ioctl and sleeps on req lock
    4. hci_uart_tty_close calls hci_dev_unregister and sleeps on req lock in
       hci_dev_do_close
    5. hci_dev_open (1) releases req lock
    6. hci_dev_do_close grabs req lock and returns as device is not up
    7. hci_dev_unregister sleeps in destroy_workqueue
    8. hci_dev_open (3) grabs req lock, calls hci_init_req and eventually sleeps
    9. hci_dev_unregister finishes, while hci_dev_open is still running...
    
    [   79.627136] INFO: trying to register non-static key.
    [   79.632354] the code is fine but needs lockdep annotation.
    [   79.638122] turning off the locking correctness validator.
    [   79.643920] [<c00188bc>] (unwind_backtrace+0x0/0xf8) from [<c00729c4>] (__lock_acquire+0x1590/0x1ab0)
    [   79.653594] [<c00729c4>] (__lock_acquire+0x1590/0x1ab0) from [<c00733f8>] (lock_acquire+0x9c/0x128)
    [   79.663085] [<c00733f8>] (lock_acquire+0x9c/0x128) from [<c0040a88>] (run_timer_softirq+0x150/0x3ac)
    [   79.672668] [<c0040a88>] (run_timer_softirq+0x150/0x3ac) from [<c003a3b8>] (__do_softirq+0xd4/0x22c)
    [   79.682281] [<c003a3b8>] (__do_softirq+0xd4/0x22c) from [<c003a924>] (irq_exit+0x8c/0x94)
    [   79.690856] [<c003a924>] (irq_exit+0x8c/0x94) from [<c0013a50>] (handle_IRQ+0x34/0x84)
    [   79.699157] [<c0013a50>] (handle_IRQ+0x34/0x84) from [<c0008530>] (omap3_intc_handle_irq+0x48/0x4c)
    [   79.708648] [<c0008530>] (omap3_intc_handle_irq+0x48/0x4c) from [<c037499c>] (__irq_usr+0x3c/0x60)
    [   79.718048] Exception stack(0xcf281fb0 to 0xcf281ff8)
    [   79.723358] 1fa0:                                     0001e6a0 be8dab00 0001e698 00036698
    [   79.731933] 1fc0: 0002df98 0002df38 0000001f 00000000 b6f234d0 00000000 00000004 00000000
    [   79.740509] 1fe0: 0001e6f8 be8d6aa0 be8dac50 0000aab8 80000010 ffffffff
    [   79.747497] Unable to handle kernel NULL pointer dereference at virtual address 00000000
    [   79.756011] pgd = cf3b4000
    [   79.758850] [00000000] *pgd=8f0c7831, *pte=00000000, *ppte=00000000
    [   79.765502] Internal error: Oops: 80000007 [#1]
    [   79.770294] Modules linked in:
    [   79.773529] CPU: 0    Tainted: G        W     (3.3.0-rc6-00002-gb5d5c87 #421)
    [   79.781066] PC is at 0x0
    [   79.783721] LR is at run_timer_softirq+0x16c/0x3ac
    [   79.788787] pc : [<00000000>]    lr : [<c0040aa4>]    psr: 60000113
    [   79.788787] sp : cf281ee0  ip : 00000000  fp : cf280000
    [   79.800903] r10: 00000004  r9 : 00000100  r8 : b6f234d0
    [   79.806427] r7 : c0519c28  r6 : cf093488  r5 : c0561a00  r4 : 00000000
    [   79.813323] r3 : 00000000  r2 : c054eee0  r1 : 00000001  r0 : 00000000
    [   79.820190] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
    [   79.827728] Control: 10c5387d  Table: 8f3b4019  DAC: 00000015
    [   79.833801] Process gpsd (pid: 1265, stack limit = 0xcf2802e8)
    [   79.839965] Stack: (0xcf281ee0 to 0xcf282000)
    [   79.844573] 1ee0: 00000002 00000000 c0040a24 00000000 00000002 cf281f08 00200200 00000000
    [   79.853210] 1f00: 00000000 cf281f18 cf281f08 00000000 00000000 00000000 cf281f18 cf281f18
    [   79.861816] 1f20: 00000000 00000001 c056184c 00000000 00000001 b6f234d0 c0561848 00000004
    [   79.870452] 1f40: cf280000 c003a3b8 c051e79c 00000001 00000000 00000100 3fa9e7b8 0000000a
    [   79.879089] 1f60: 00000025 cf280000 00000025 00000000 00000000 b6f234d0 00000000 00000004
    [   79.887756] 1f80: 00000000 c003a924 c053ad38 c0013a50 fa200000 cf281fb0 ffffffff c0008530
    [   79.896362] 1fa0: 0001e6a0 0000aab8 80000010 c037499c 0001e6a0 be8dab00 0001e698 00036698
    [   79.904998] 1fc0: 0002df98 0002df38 0000001f 00000000 b6f234d0 00000000 00000004 00000000
    [   79.913665] 1fe0: 0001e6f8 be8d6aa0 be8dac50 0000aab8 80000010 ffffffff 00fbf700 04ffff00
    [   79.922302] [<c0040aa4>] (run_timer_softirq+0x16c/0x3ac) from [<c003a3b8>] (__do_softirq+0xd4/0x22c)
    [   79.931945] [<c003a3b8>] (__do_softirq+0xd4/0x22c) from [<c003a924>] (irq_exit+0x8c/0x94)
    [   79.940582] [<c003a924>] (irq_exit+0x8c/0x94) from [<c0013a50>] (handle_IRQ+0x34/0x84)
    [   79.948913] [<c0013a50>] (handle_IRQ+0x34/0x84) from [<c0008530>] (omap3_intc_handle_irq+0x48/0x4c)
    [   79.958404] [<c0008530>] (omap3_intc_handle_irq+0x48/0x4c) from [<c037499c>] (__irq_usr+0x3c/0x60)
    [   79.967773] Exception stack(0xcf281fb0 to 0xcf281ff8)
    [   79.973083] 1fa0:                                     0001e6a0 be8dab00 0001e698 00036698
    [   79.981658] 1fc0: 0002df98 0002df38 0000001f 00000000 b6f234d0 00000000 00000004 00000000
    [   79.990234] 1fe0: 0001e6f8 be8d6aa0 be8dac50 0000aab8 80000010 ffffffff
    [   79.997161] Code: bad PC value
    [   80.000396] ---[ end trace 6f6739840475f9ee ]---
    [   80.005279] Kernel panic - not syncing: Fatal exception in interrupt
    
    Signed-off-by: Johan Hovold <jhovold@gmail.com>
    Acked-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commits on Apr 19, 2012
  1. @toddpoynor

    Merge linux-stable 3.0.28 into android-3.0

    toddpoynor authored
    Change-Id: Iee820738e53627f5d0447a87ceff34443aa72786
    Signed-off-by: Todd Poynor <toddpoynor@google.com>
Commits on Apr 17, 2012
  1. netfilter: xt_qtaguid: fix ipv6 protocol lookup

    JP Abgrall authored
    When updating the stats for a given uid it would incorrectly assume
    IPV4 and pick up the wrong protocol when IPV6.
    
    Change-Id: Iea4a635012b4123bf7aa93809011b7b2040bb3d5
    Signed-off-by: JP Abgrall <jpa@google.com>
  2. netfilter: qtaguid: initialize a local var to keep compiler happy.

    JP Abgrall authored
    There was a case that might have seemed like new_tag_stat was not
    initialized and actually used.
    Added comment explaining why it was impossible, and a BUG()
    in case the logic gets changed.
    
    Change-Id: I1eddd1b6f754c08a3bf89f7e9427e5dce1dfb081
    Signed-off-by: JP Abgrall <jpa@google.com>
Commits on Apr 13, 2012
  1. @peterhurley @gregkh

    Bluetooth: Fix l2cap conn failures for ssp devices

    peterhurley authored gregkh committed
    commit 18daf16 upstream
    
    Commit 3306054 fixed l2cap conn establishment for non-ssp remote
    devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
    is tested (which was always returning failure on any subsequent
    security checks).
    
    However, this broke l2cap conn establishment for ssp remote devices
    when an ACL link was already established at SDP-level security. This
    fix ensures that encryption must be pending whenever authentication
    is also pending.
    
    Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
    Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
    Acked-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
  2. @sgruszka @gregkh

    mac80211: fix possible tid_rx->reorder_timer use after free

    sgruszka authored gregkh committed
    commit d72308b upstream.
    
    Is possible that we will arm the tid_rx->reorder_timer after
    del_timer_sync() in ___ieee80211_stop_rx_ba_session(). We need to stop
    timer after RCU grace period finish, so move it to
    ieee80211_free_tid_rx(). Timer will not be armed again, as
    rcu_dereference(sta->ampdu_mlme.tid_rx[tid]) will return NULL.
    
    Debug object detected problem with the following warning:
    ODEBUG: free active (active state 0) object type: timer_list hint: sta_rx_agg_reorder_timer_expired+0x0/0xf0 [mac80211]
    
    Bug report (with all warning messages):
    https://bugzilla.redhat.com/show_bug.cgi?id=804007
    
    Reported-by: "jan p. springer" <jsd@igroup.org>
    Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @borkmann @gregkh

    rose_dev: fix memcpy-bug in rose_set_mac_address

    borkmann authored gregkh committed
    [ Upstream commit 81213b5 ]
    
    If both addresses equal, nothing needs to be done. If the device is down,
    then we simply copy the new address to dev->dev_addr. If the device is up,
    then we add another loopback device with the new address, and if that does
    not fail, we remove the loopback device with the old address. And only
    then, we update the dev->dev_addr.
    
    Signed-off-by: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commits on Apr 6, 2012
  1. xt_IDLETIMER:

    Ashish Sharma authored JP Abgrall committed
    Add new netlink msg type for IDLETIMER.
    
    Send notifications when the label becomes active after an idle period.
    Send netlink message notifications in addition to sysfs notifications.
    
    Change-Id: I31677ef00c94b5f82c8457e5bf9e5e584c23c523
    Signed-off-by: Ashish Sharma <ashishsharma@google.com>
Commits on Apr 2, 2012
  1. @gregkh

    nfsd: don't allow zero length strings in cache_parse()

    Dan Carpenter authored gregkh committed
    commit 6d8d174 upstream.
    
    There is no point in passing a zero length string here and quite a
    few of that cache_parse() implementations will Oops if count is
    zero.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: J. Bruce Fields <bfields@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  2. @gregkh

    xfrm: Access the replay notify functions via the registered callbacks

    Steffen Klassert authored gregkh committed
    [ Upstream commit 1265fd6 ]
    
    We call the wrong replay notify function when we use ESN replay
    handling. This leads to the fact that we don't send notifications
    if we use ESN. Fix this by calling the registered callbacks instead
    of xfrm_replay_notify().
    
    Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @kernelslacker @gregkh

    Remove printk from rds_sendmsg

    kernelslacker authored gregkh committed
    [ Upstream commit a6506e1 ]
    
    no socket layer outputs a message for this error and neither should rds.
    
    Signed-off-by: Dave Jones <davej@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Something went wrong with that request. Please try again.