When a slab cache uses SLAB_DESTROY_BY_RCU, we must be careful when allocating
objects, since slab allocator could give a freed object still used by lockless
readers.
In particular, nf_conntrack RCU lookups rely on ct->tuplehash[xxx].hnnode.next
being always valid (ie containing a valid 'nulls' value, or a valid pointer to next
object in hash chain.)
kmem_cache_zalloc() setups object with NULL values, but a NULL value is not valid
for ct->tuplehash[xxx].hnnode.next.
Fix is to call kmem_cache_alloc() and do the zeroing ourself.
As spotted by Patrick, we also need to make sure lookup keys are committed to
memory before setting refcount to 1, or a lockless reader could get a reference
on the old version of the object. Its key re-check could then pass the barrier.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Check that the result of kmalloc is not NULL before passing it to other
functions.
In the first two cases, the new code returns -ENOMEM, which seems
compatible with what is done for similar functions for other architectures.
In the last two cases, the new code fails silently, ie just returns,
because the function has void return type.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression *x;
identifier f;
constant char *C;
@@
x = \(kmalloc\|kcalloc\|kzalloc\)(...);
... when != x == NULL
when != x != NULL
when != (x || ...)
(
kfree(x)
|
f(...,C,...,x,...)
|
*f(...,x,...)
|
*x->f
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The Blackfin SMP port was missing CPLB entries for Core B on-chip L1 SRAM
regions. Any code that attempted to use these would wrongly crash due to
a CPLB miss.
Signed-off-by: Graf Yang <graf.yang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Similar to anomaly 05000281 but not as bad, we cannot return to the
instruction causing a fault otherwise we'll trigger a second false
exception. The system can still recover, but it isn't correct.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
On Blackfin SMP, a per-cpu loops_per_jiffy is pointless since both cores
always run at the same CCLK. In addition, the current implementation has
flaws since the main consumer for loops_per_jiffy (asm/delay.h) uses the
global kernel loops_per_jiffy and not the per_cpu one. So punt all of the
per-cpu handling and go back to the global shared one.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Change the bfin_gpio_pm_hibernate_restore() function to:
1) AND restored DATA with DIR (not OR) to get correct final state
2) Restore DATA before setting DIR to avoid glitches
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The AD7142 add-on card hooks the IRQ line up to PG5, not PF5.
Signed-off-by: Barry Song <barry.song@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The interrupt context save logic incorrectly stored the address of the
IPEND register rather than its value due to a missing dereference. While
we're here, also enable this code for all kernel debugging scenarios and
not just when KGDB is enabled.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
We already catch this anomaly at compile time, and the runtime version is
such that it ends up checking on all parts rather than just the ones that
might actually have it.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The sed used to rename the bfin-twi-lcd only replaced the first instance
rather than all which led to the resources not being enabled when the
driver was built as a module.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The Blackfin serial headers were inverting the CTS value leading to wrong
handling of the CTS line which broke CTS/RTS handling completely.
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This anomaly only applies to the BF527-0.1, not the BF526-0.1, and not any
other revision of the BF527. So make sure we don't go returning 0xffff
for other cases.
Signed-off-by: Graf Yang <graf.yang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The early logic to locate a free DMA channel and then set it up was broken
in a few ways that only manifested itself when we needed to set up more
than 2 on chip SRAM regions (most board defaults setup 1 or 2). First, we
checked the wrong status register (the destination gets updated, not the
source) and second, we did the ssync before rather than after resetting a
DMA config register.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Rather than assume Core B is always run with caches turned on, let people
load into any of the on-chip memory regions. It is their business how the
SRAM/Cache regions are utilized, so don't prevent them from being able to
load into them.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The code used in the Blackfin lshrdi3 utilizes gcc constructs. However,
the structures declared don't line up with the code gcc generates, so
under certain optimizations, we get bad code and things crap out in fun
random ways. So rather than trying to maintain different gcc definitions
ourselves, just use the ones available in gcclib.h.
URL: http://blackfin.uclinux.org/gf/tracker/5286
Signed-off-by: Jie Zhang <jie.zhang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Since we need to relocate the attached filesystem with the uClinux MTD map
(to handle some anomalies), we need to know its real filesize. If we boot
a kernel without a filesystem actually attached, we end up blindly reading
and copying garbage (since there is no magic value to detect validity).
Often times this results in an early crash and no output. So add a few
basic sanity checks before operating on things to catch the majority of
cases.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Previous unification code put the exception banner behind the "is oops"
logic when it should have been printed all the time.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Add missing anomaly workaround for anomaly 05000281 - we can't return to
instructions which cause hardware errors otherwise we trigger the error
again which means we go into an infinite loop of handling, returning, and
retriggering. This work around confuses gdb when the error occurs as the
PC will seemed to have moved, so a better long term fix will need to be
figured out, but for now this is better than an infinite crash loop.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Graf Yang <graf.yang@analog.com>
Signed-off-by: Cliff Cai <cliff.cai@analog.com>
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
There are no CONFIG_{BLK,CHR}_DEV_FLASH Kconfig options, and there is no
flash_probe() function, so not really sure what this code is all about.
Seems to be dead code that stretches way back to the start of the Blackfin
port.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Improve the assembly with a few explanatory comments and use symbolic
defines rather than numeric values for bit positions.
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Add appropriate MODULE_ALIAS() to facilitate autoloading of can protocol drivers
Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix a use after free bug in can protocol drivers
The release functions of the can protocol drivers lack a call to
sock_orphan() which leads to referencing freed memory under certain
circumstances.
This patch fixes a bug reported here:
https://lists.berlios.de/pipermail/socketcan-users/2009-July/000985.html
Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
ahci: add device ID for 82801JI sata controller
drivers/ata: Move a dereference below a NULL test
libata: implement and use HORKAGE_NOSETXFER, take#2
libata: fix follow-up SRST failure path
We need to check returning error for pci_register_driver(&joystick_driver)
On failure, we should unregister formerly registered audio drivers
This also fixed the compiler warning :
CC [M] sound/pci/riptide/riptide.o
sound/pci/riptide/riptide.c: In function ‘alsa_card_riptide_init’:
sound/pci/riptide/riptide.c:2200: warning: ignoring return value of ‘__pci_register_driver’, declared with attribute warn_unused_result
Signed-off-by: Jaswinder Singh Rajput <jaswinderrajput@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Blue Microphones USB devices have an alternate setting that sends two
channels of data to the computer. Unfortunately, the descriptors of
that altsetting have a wrong channel setting, which means that any
recorded data from such a device has twice the sample rate from what
would be expected.
This patch adds a workaround to ignore that altsetting. Since these
devices have only one actual channel, no data is lost.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This patch fixes a bug in the image seq. number handling in the
scanning level. The assignment of the image_seq was incorrect.
Signed-off-by: Holger Brunck <holger.brunck@keymile.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Do not forget to initialize 'gluebi->ubi_num' because otherwise
it will stay 0 even for ubi1 device, and gluebi will open
wrong UBI device when 'gluebi_get_device()' is called.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
When moving load_up_altivec to vector.S a typo in a comment caused a
thinko setting the wrong variable.
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
On booke processors, gdb is seeing spurious SIGTRAPs when setting a
watchpoint.
user_disable_single_step() simply quits when the DAC is non-zero. It should
be clearing the DBCR0_IC and DBCR0_BT bits from the dbcr0 register and
TIF_SINGLESTEP from the thread flag.
Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
If the NULL test is necessary, then the dereference should be moved below
the NULL test.
The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Users get confused by this driver. It's really a special purpose
embedded driver, and causes a lot of problems if enabled. So hide it
under EMBEDDED by default, and make sure it doesn't get enabled with
the i915 DRM driver.
Dave, I'm hoping you can feed this to Linus through your tree. It's
appropriate for 2.6.31 I think.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Dave Airlie <airlied@linux.ie>
via_enable_vblank wasn't setting the VBlank enable bit - instead, it
was masking out the rest of the register.
At the same time, fix via_disable_vblank to clear the VBlank enable
bit.
Signed-off-by: Dave Airlie <airlied@linux.ie>
Check kzalloc retval against NULL in drm_gem_object_alloc and bail out
appropriately.
While at it merge the fail paths and jump to them by gotos at the end
of the function.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Check kmalloc return value in drm_debugfs_create_files and bail out
appropriately if the pointer is NULL.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Add device ID for Intel 82801JI SATA AHCI controller.
Signed-off-by: David Milburn <dmilburn@redhat.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
If the NULL test is necessary, then the dereference should be moved below
the NULL test.
The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
type T;
expression E;
identifier i,fld;
statement S;
@@
- T i = E->fld;
+ T i;
... when != E
when != i
if (E == NULL) S
+ i = E->fld;
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
PIONEER DVD-RW DVRTD08 times out SETXFER if no media is present. The
device is SATA and simply skipping SETXFER works around the problem.
Implement ATA_HORKAGE_NOSETXFER and apply it to the device.
Reported by Moritz Rigler in the following thread.
http://thread.gmane.org/gmane.linux.ide/36790
and by Lars in bko#9540.
Updated to whine and ignore NOSETXFER if PATA component is detected as
suggested by Alan Cox.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Moritz Rigler <linux-ide@momail.e4ward.com>
Reported-by: Lars <lars21ce@gmx.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
ata_eh_reset() was missing error return handling after follow-up SRST
allowing EH to continue the normal probing path after reset failure.
This was discovered while testing new WD 2TB drives which take longer
than 10 secs to spin up and cause the first follow-up SRST to time
out.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
We should use Z2MINOR_COUNT as range argument in blk_unregister_region()
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
* 'i2c-for-2631-rc3' of git://aeryn.fluff.org.uk/bjdooks/linux:
i2c: Use resource_size
i2c-davinci: behave with i2cdetect
i2c-davinci: convert clock usage after clkdev conversion