If we get IW_CM_EVENT_CONNECT_REQUEST message and encounter an error
(not in the LISTEN state, cannot create an id, cannot alloc
work_entry, etc), then the memory allocated by cm_event_handler() in
the event->private_data gets leaked. Since cm_work_handler has already
put the event on the work_free_list, this allocated memory is
leaked. High backlog value can allow DoS attacks.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Possible memory corruption scenario: after putting the work entry back
on the work_free_list, we call process_event() which dereferences
work->event, which could have been modified to another value
meanwhile.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
The amso1100 driver was missing a couple of __devinit/__devexit
annotations for init/cleanup functions that are called from
__devinit/__devexit functions.
Reported by Randy Dunlap <randy.dunlap@oracle.com>.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Commit b3b30f5e ("IB/mthca: Recover from catastrophic errors")
introduced some section mismatch breakage, because the error recovery
code tears down and reinitializes the device, which calls into lots of
code originally marked __devinit and __devexit from regular .text.
Fix this by getting rid of these now-incorrect section markers.
Reported by Randy Dunlap <randy.dunlap@oracle.com>.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Set the Scsi_Host's max_cmd_len from 12 (default) to 16 for
SRP. Otherwise scsi_dispatch_cmd() won't pass down certain commands
such as READ CAPACITY 16, required for supporting disks > 2TB.
Signed-off-by: Arne Redlich <arne.redlich@xiranet.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
The qp_access_flags are for remote access permissions only, so
IB_ACCESS_LOCAL_WRITE is an invalid value. Remove it from the values
set by cm_init_qp_init_attr() and cma_init_ib_qp().
Signed-off-by: Dotan Barak <dotanb@mellanox.co.il>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Replace open coded kmemdup() to save some screen space, and allow
inlining/not inlining to be triggered by gcc.
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Rewrite cma_req_handler error handling case to encapsulate
common code.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
In queue_req(), use time_after_eq() instead of time_after()
for following reasons :
- Improves insert time if multiple entries with same time are
present.
- set_timeout need not be called if entry with same time
is added to the list (and that happens to be the entry
with the smallest time), saving atomic/locking operations.
- Earlier entries with same time are deleted first (fifo).
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Remove redundant check of node_guid in cma_add_one().
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Optimize to test for an empty list first. This ends up simplifying
the code too.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Acked-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
This changes the type of variable "i" in rtl8169_init_one()
from "unsigned int" to "int". "i" is checked for < 0 later,
which can never happen for "unsigned". This results in broken
error handling.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[PATCH] libata: Fixup ata_sas_queuecmd to handle __ata_scsi_queuecmd failure
[PATCH] ahci: AHCI mode SATA patch for Intel ICH9
[PATCH] libata: don't schedule EH on wcache on/off if old EH
When we sleep and wait for a suspended operation to be resumed, go
back and check until it's ready -- don't just continue after the first
time we're woken. This can cause file system corruption.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fixes ata_sas_queuecmd to properly handle a failure from
__ata_scsi_queuecmd.
Signed-off-by: Brian King <brking@us.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
This patch adds the Intel ICH9 AHCI controller DID's for SATA support.
Signed-off-by: Jason Gaston <jason.d.gaston@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Do not schedule EH for revalidation on wcache on/off if old EH. Old
EH cannot handle it and will result in WARN_ON()'s and oops.
This closes bug #7412.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
[NET]: Re-fix of doc-comment in sock.h
[6PACK]: Masking bug in 6pack driver.
[NET]: Fix kfifo_alloc() error check.
[UDP]: Make udp_encap_rcv use pskb_may_pull
[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT
The tda10086 causes an oops (divide by zero) if a zero symbol rate is used;
this prevents this.
Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
The old code would accept any device on the same i2c address as the
saa711x chips as an saa711x. However, this fails with saa717x chips,
which use that same address and so are misdetected as a saa7111. Now
check whether the chip is really a saa711x model.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Sparse noticed a lock imbalance in read_from_buf(). Further inspection shows
that the lock should not be held when the function exits.
This adds a spin_unlock_irqrestore(), so that every exit path of the
read_from_buf() function is consistent. The unlock was missing on an error
path.
Signed-off-by: Ira W. Snyder <devel@irasnyder.com>
Signed-off-by: Hans J. Koch <koch@hjk-az.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
New module parameter diseqc_method for cards with subsystem-id 13c2:1003.
- 0: unreliable method, can be used by all board revisions (default)
- 1: reliable method, works for newer board layouts only
The parameter has no effect for cards with other subsystem-ids.
Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Fixes to DISEQC on these cards inadvertently broke normal tone/voltage
signalling. This restores the necessary function.
Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Looks like a broken masking to me, binary not is used where bitwise
not was intended.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is a bug. When checking for ati_remote->outbuf we free freeing
ati_remote->inbuf so we end up freeing ati_remote->inbuf twice.
Also the checks for 'ati_remote->inbuf != NULL' and 'ati_remote->outbuf !=
NULL' are redundant as usb_buffer_free() does this.
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The return value of platform_device_register_simple() should be checked by
IS_ERR().
This patch also fix misc_register() error case. Because misc_register()
returns error code.
Cc: Sebastien Bouchard <sebastien.bouchard@ca.kontron.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch removes a module_exit function that sgiioc4 should not have had.
It seems that the IDE layer doesn't support submodule unloading. sgiioc4 was
the only driver in drivers/ide/pci that had an exit function. After an
unload, the devices would stay around and the next attempt to reference would
crash...
Signed-off-by: Jeremy Higdon <jeremy@sgi.com>
Acked-by: "Bartlomiej Zolnierkiewicz" <bzolnier@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
dev->devt_attr is allocated in device_add() but it is never freed in
device_del() in the drivers/base/core.c file (reported by kmemleak).
Signed-off-by: Catalin Marinas <catalin.marinas@gmail.com>
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The correct order is: NULL check before dereference
This was a guaranteed NULL dereference with debugging enabled since
rs5c372_sysfs_show_osc() does actually pass NULL...
Spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I got a lockdep warning when running "rtctest" so I though it'd be good
to see what was up.
- The warning was for rtc->irq_task_lock, gotten from rtc_update_irq()
by irq handlerss ... but in a handful of other cases, grabbed without
blocking IRQs.
- Some callers to rtc_update_irq() were not ensuring IRQs were blocked,
yet the routine expects that; make sure all callers block IRQs.
It would appear that RTC API tests haven't been part of anyone's kernel
regression test suite recently, at least not with lockdep running.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The RTC framework has an irq_set_freq() method that should be used to manage
the periodic IRQ frequency, but the current ioctl logic doesn't know how to do
that. This patch teaches it how.
This means that drivers implementing irq_set_freq() will automatically support
RTC_IRQP_{READ,SET} ioctls; that logic doesn't need duplication within the
driver.
[akpm@osdl.org: export rtc_irq_set_freq]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
processor_perflib.c::acpi_processor_ppc_notifier() check if the value
returned by the processor's _PPC method is 0 and return failed if so.
This is wrong since 0 indicate that the bios think the processor can go
to the highest frequency. This patch for example fix the HP NX 6125 to
allow its highest frequency to be available.
Signed-off-by: Bruno Ducrot <ducrot@poupinou.org>
Cc: "Pallipadi, Venkatesh" <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Not all graphic page remappers support physical addresses over the 4GB
mark for remapping, so while some do (the AMD64 GART always did, and I
just fixed the i965 to do so properly), we're safest off just forcing
GFP_DMA32 allocations to make sure graphics pages get allocated in the
low 32-bit address space by default.
AGP sub-drivers that really care, and can do better, could just choose
to implement their own allocator (or we could add another "64-bit safe"
default allocator for their use), but quite frankly, you're not likely
to care in practice.
So for now, this trivial change means that we won't be allocating pages
that we can't map correctly by mistake on x86-64.
[ On traditional 32-bit x86, this could never happen, because GFP_KERNEL
would never allocate any highmem memory anyway ]
Acked-by: Andi Kleen <ak@suse.de>
Acked-by: Dave Jones <davej@redhat.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This introduces a i965-specific "mask_memory()" function that knows
about the extended physical addresses that the i965 supports. This
allows us to correctly map in physical memory in the >4GB range into the
GTT.
Also simplify/clean-up the i965 case for the aperture sizing by just
returning the fixed 512kB size from "fetch_size()". We don't really
care that not all of the aperture may be visible - the only thing that
cares about the aperture size is the Intel "stolen memory" calculation,
which depends on the fixed size.
Cc: Keith Packard <keithp@keithp.com>
Cc: Eric Anholt <eric@anholt.net>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[TG3]: Add missing unlock in tg3_open() error path.
[IPV6]: Fix address/interface handling in UDP and DCCP, according to the scoping architecture.
[IRDA]: Lockdep fix.
[BLUETOOTH]: Fix unaligned access in hci_send_to_sock.
[XFRM]: nlmsg length not computed correctly in the presence of subpolicies
[XFRM]: Sub-policies broke policy events
[IGMP]: Fix IGMPV3_EXP() normalization bit shift value.
[Bluetooth] Ignore L2CAP config requests on disconnect
[Bluetooth] Always include MTU in L2CAP config responses
[Bluetooth] Check if RFCOMM session is still attached to the TTY
[Bluetooth] Handling pending connect attempts after inquiry
[Bluetooth] Attach low-level connections to the Bluetooth bus
[IPV6] IP6TUNNEL: Add missing nf_reset() on input path.
[IPV6] IP6TUNNEL: Delete all tunnel device when unloading module.
[IPV6] ROUTE: Do not enable router reachability probing in router mode.
[IPV6] ROUTE: Prefer reachable nexthop only if the caller requests.
[IPV6] ROUTE: Try to use router which is not known unreachable.
Sparse noticed a locking imbalance in tg3_open(). This patch adds an
unlock to one of the error paths, so that tg3_open() always exits
without the lock held.
Signed-off-by: Ira W. Snyder <kernel@irasnyder.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipath uses skb functions and won't build without CONFIG_NET.
Spotted by Randy Dunlap.
Signed-off-by: Bryan O'Sullivan <bryan.osullivan@qlogic.com>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
This is a quick hack to overcome the fact that SRCU currently does not
allow static initializers, and we need to sometimes initialize those
things before any other initializers (even "core" ones) can do so.
Currently we don't allow this at all for modules, and the only user that
needs is right now is cpufreq. As reported by Thomas Gleixner:
"Commit b4dfdbb3c7 ("[PATCH] cpufreq:
make the transition_notifier chain use SRCU breaks cpu frequency
notification users, which register the callback > on core_init
level."
Cc: Thomas Gleixner <tglx@timesys.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Andrew Morton <akpm@osdl.org>,
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix printk format warnings:
drivers/char/ftape/zftape/zftape-buffers.c:87: warning: format '%d' expects type
'int', but argument 3 has type 'size_t'
drivers/char/ftape/zftape/zftape-buffers.c:104: warning: format '%d' expects type
'int', but argument 3 has type 'size_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>