<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net/wireless, branch v3.18.53</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>brcmfmac: Make skb header writable before use</title>
<updated>2017-05-15T07:19:08+00:00</updated>
<author>
<name>James Hughes</name>
<email>james.hughes@raspberrypi.org</email>
</author>
<published>2017-04-25T09:15:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d26b791edf3b3e45c5add6798dab5152d37f68a0'/>
<id>d26b791edf3b3e45c5add6798dab5152d37f68a0</id>
<content type='text'>
commit 9cc4b7cb86cbcc6330a3faa8cd65268cd2d3c227 upstream.

The driver was making changes to the skb_header without
ensuring it was writable (i.e. uncloned).
This patch also removes some boiler plate header size
checking/adjustment code as that is also handled by the
skb_cow_header function used to make header writable.

Signed-off-by: James Hughes &lt;james.hughes@raspberrypi.org&gt;
Acked-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9cc4b7cb86cbcc6330a3faa8cd65268cd2d3c227 upstream.

The driver was making changes to the skb_header without
ensuring it was writable (i.e. uncloned).
This patch also removes some boiler plate header size
checking/adjustment code as that is also handled by the
skb_cow_header function used to make header writable.

Signed-off-by: James Hughes &lt;james.hughes@raspberrypi.org&gt;
Acked-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>brcmfmac: Ensure pointer correctly set if skb data location changes</title>
<updated>2017-05-15T07:19:08+00:00</updated>
<author>
<name>James Hughes</name>
<email>james.hughes@raspberrypi.org</email>
</author>
<published>2017-04-24T11:40:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b8ebb5f3b1c23cf92da042cfcbdcfe265fbc6341'/>
<id>b8ebb5f3b1c23cf92da042cfcbdcfe265fbc6341</id>
<content type='text'>
commit 455a1eb4654c24560eb9dfc634f29cba3d87601e upstream.

The incoming skb header may be resized if header space is
insufficient, which might change the data adddress in the skb.
Ensure that a cached pointer to that data is correctly set by
moving assignment to after any possible changes.

Signed-off-by: James Hughes &lt;james.hughes@raspberrypi.org&gt;
Acked-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 455a1eb4654c24560eb9dfc634f29cba3d87601e upstream.

The incoming skb header may be resized if header space is
insufficient, which might change the data adddress in the skb.
Ensure that a cached pointer to that data is correctly set by
moving assignment to after any possible changes.

Signed-off-by: James Hughes &lt;james.hughes@raspberrypi.org&gt;
Acked-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Arend van Spriel &lt;arend.vanspriel@broadcom.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>mwifiex: Avoid skipping WEP key deletion for AP</title>
<updated>2017-05-15T07:19:04+00:00</updated>
<author>
<name>Ganapathi Bhat</name>
<email>gbhat@marvell.com</email>
</author>
<published>2017-02-03T13:00:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=22fe982c76243e9e099dc01dbed9730d7787a796'/>
<id>22fe982c76243e9e099dc01dbed9730d7787a796</id>
<content type='text'>
commit a5b60de6972decc6b50a39abb376077c3c3621c8 upstream.

This patch fixes the issue specific to AP. AP is started with WEP
security and external station is connected to it. Data path works
in this case. Now if AP is restarted with WPA/WPA2 security,
station is able to connect but ping fails.

Driver skips the deletion of WEP keys if interface type is AP.
Removing that redundant check resolves the issue.

Fixes: e57f1734d87a ("mwifiex: add key material v2 support")
Signed-off-by: Ganapathi Bhat &lt;gbhat@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit a5b60de6972decc6b50a39abb376077c3c3621c8 upstream.

This patch fixes the issue specific to AP. AP is started with WEP
security and external station is connected to it. Data path works
in this case. Now if AP is restarted with WPA/WPA2 security,
station is able to connect but ping fails.

Driver skips the deletion of WEP keys if interface type is AP.
Removing that redundant check resolves the issue.

Fixes: e57f1734d87a ("mwifiex: add key material v2 support")
Signed-off-by: Ganapathi Bhat &lt;gbhat@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print</title>
<updated>2017-05-15T07:19:04+00:00</updated>
<author>
<name>Brian Norris</name>
<email>briannorris@chromium.org</email>
</author>
<published>2017-01-09T23:33:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=902e9c6036d381bc294377614879e3c56985e0bd'/>
<id>902e9c6036d381bc294377614879e3c56985e0bd</id>
<content type='text'>
commit 6183468a23fc6b6903f8597982017ad2c7fdefcf upstream.

Similar to commit fcd2042e8d36 ("mwifiex: printk() overflow with 32-byte
SSIDs"), we failed to account for the existence of 32-char SSIDs in our
debugfs code. Unlike in that case though, we zeroed out the containing
struct first, and I'm pretty sure we're guaranteed to have some padding
after the 'ssid.ssid' and 'ssid.ssid_len' fields (the struct is 33 bytes
long).

So, this is the difference between:

  # cat /sys/kernel/debug/mwifiex/mlan0/info
  ...
  essid="0123456789abcdef0123456789abcdef "
  ...

and the correct output:

  # cat /sys/kernel/debug/mwifiex/mlan0/info
  ...
  essid="0123456789abcdef0123456789abcdef"
  ...

Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Brian Norris &lt;briannorris@chromium.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6183468a23fc6b6903f8597982017ad2c7fdefcf upstream.

Similar to commit fcd2042e8d36 ("mwifiex: printk() overflow with 32-byte
SSIDs"), we failed to account for the existence of 32-char SSIDs in our
debugfs code. Unlike in that case though, we zeroed out the containing
struct first, and I'm pretty sure we're guaranteed to have some padding
after the 'ssid.ssid' and 'ssid.ssid_len' fields (the struct is 33 bytes
long).

So, this is the difference between:

  # cat /sys/kernel/debug/mwifiex/mlan0/info
  ...
  essid="0123456789abcdef0123456789abcdef "
  ...

and the correct output:

  # cat /sys/kernel/debug/mwifiex/mlan0/info
  ...
  essid="0123456789abcdef0123456789abcdef"
  ...

Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Brian Norris &lt;briannorris@chromium.org&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>hostap: avoid uninitialized variable use in hfa384x_get_rid</title>
<updated>2017-04-30T03:49:16+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-01-28T21:58:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=83b7c38b1a3d06439a39f081e299fe98d7aa4014'/>
<id>83b7c38b1a3d06439a39f081e299fe98d7aa4014</id>
<content type='text'>
commit 48dc5fb3ba53b20418de8514700f63d88c5de3a3 upstream.

The driver reads a value from hfa384x_from_bap(), which may fail,
and then assigns the value to a local variable. gcc detects that
in in the failure case, the 'rlen' variable now contains
uninitialized data:

In file included from ../drivers/net/wireless/intersil/hostap/hostap_pci.c:220:0:
drivers/net/wireless/intersil/hostap/hostap_hw.c: In function 'hfa384x_get_rid':
drivers/net/wireless/intersil/hostap/hostap_hw.c:842:5: warning: 'rec' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (le16_to_cpu(rec.len) == 0) {

This restructures the function as suggested by Russell King, to
make it more readable and get more reliable error handling, by
handling each failure mode using a goto.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 48dc5fb3ba53b20418de8514700f63d88c5de3a3 upstream.

The driver reads a value from hfa384x_from_bap(), which may fail,
and then assigns the value to a local variable. gcc detects that
in in the failure case, the 'rlen' variable now contains
uninitialized data:

In file included from ../drivers/net/wireless/intersil/hostap/hostap_pci.c:220:0:
drivers/net/wireless/intersil/hostap/hostap_hw.c: In function 'hfa384x_get_rid':
drivers/net/wireless/intersil/hostap/hostap_hw.c:842:5: warning: 'rec' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (le16_to_cpu(rec.len) == 0) {

This restructures the function as suggested by Russell King, to
make it more readable and get more reliable error handling, by
handling each failure mode using a goto.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>brcmfmac: avoid gcc-5.1 warning</title>
<updated>2017-04-30T03:49:16+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2015-05-12T21:54:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b342040bee93f1aa89b0ed06d3e97ad37c00d823'/>
<id>b342040bee93f1aa89b0ed06d3e97ad37c00d823</id>
<content type='text'>
commit 22f44150aad7a1d6b074ab6cf59abee61c7187c6 upstream.

gcc-5.0 gained a new warning in the fwsignal portion of the brcmfmac
driver:

drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c: In function 'brcmf_fws_txs_process':
drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c:1478:8: warning: 'skb' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is a false positive, and marking the brcmf_fws_hanger_poppkt function
as 'static inline' makes the warning go away. I have checked the object
file output and while a little code gets moved around, the size of
the binary remains identical.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 22f44150aad7a1d6b074ab6cf59abee61c7187c6 upstream.

gcc-5.0 gained a new warning in the fwsignal portion of the brcmfmac
driver:

drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c: In function 'brcmf_fws_txs_process':
drivers/net/wireless/brcm80211/brcmfmac/fwsignal.c:1478:8: warning: 'skb' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is a false positive, and marking the brcmf_fws_hanger_poppkt function
as 'static inline' makes the warning go away. I have checked the object
file output and while a little code gets moved around, the size of
the binary remains identical.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>iwlegacy: avoid warning about missing braces</title>
<updated>2017-02-08T08:43:04+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-05-19T07:58:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f513703e2366c0e2f9a0e29926eabdfb55aecfc6'/>
<id>f513703e2366c0e2f9a0e29926eabdfb55aecfc6</id>
<content type='text'>
commit 2cce76c3fab410520610a7d2f52faebc3cfcf843 upstream.

gcc-6 warns about code in il3945_hw_txq_ctx_free() being
somewhat ambiguous:

drivers/net/wireless/intel/iwlegacy/3945.c:1022:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses]

This adds a set of curly braces to avoid the warning.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Acked-by: Stanislaw Gruszka &lt;sgruszka@redhat.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 2cce76c3fab410520610a7d2f52faebc3cfcf843 upstream.

gcc-6 warns about code in il3945_hw_txq_ctx_free() being
somewhat ambiguous:

drivers/net/wireless/intel/iwlegacy/3945.c:1022:5: warning: suggest explicit braces to avoid ambiguous 'else' [-Wparentheses]

This adds a set of curly braces to avoid the warning.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Acked-by: Stanislaw Gruszka &lt;sgruszka@redhat.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix buffer overrun for ar9287</title>
<updated>2016-07-12T12:47:38+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-03-14T14:18:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=247bbbca631f2c98770374d8671d277b3cf2a6fb'/>
<id>247bbbca631f2c98770374d8671d277b3cf2a6fb</id>
<content type='text'>
[ Upstream commit 83d6f1f15f8cce844b0a131cbc63e444620e48b5 ]

Code that was added back in 2.6.38 has an obvious overflow
when accessing a static array, and at the time it was added
only a code comment was put in front of it as a reminder
to have it reviewed properly.

This has not happened, but gcc-6 now points to the specific
overflow:

drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
     maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
                   ~~~~~~~~~~~~~~~~~~~~~~~~~^~~

It turns out that the correct array length exists in the local
'intercepts' variable of this function, so we can just use that
instead of hardcoding '4', so this patch changes all three
instances to use that variable. The other two instances were
already correct, but it's more consistent this way.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 83d6f1f15f8cce844b0a131cbc63e444620e48b5 ]

Code that was added back in 2.6.38 has an obvious overflow
when accessing a static array, and at the time it was added
only a code comment was put in front of it as a reminder
to have it reviewed properly.

This has not happened, but gcc-6 now points to the specific
overflow:

drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
     maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
                   ~~~~~~~~~~~~~~~~~~~~~~~~~^~~

It turns out that the correct array length exists in the local
'intercepts' variable of this function, so we can just use that
instead of hardcoding '4', so this patch changes all three
instances to use that variable. The other two instances were
already correct, but it's more consistent this way.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL</title>
<updated>2016-06-20T03:47:40+00:00</updated>
<author>
<name>Martin Willi</name>
<email>martin@strongswan.org</email>
</author>
<published>2016-05-13T10:41:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=46c57e776799e952d01bf9b25c7630ec18647202'/>
<id>46c57e776799e952d01bf9b25c7630ec18647202</id>
<content type='text'>
[ Upstream commit 62397da50bb20a6b812c949ef465d7e69fe54bb6 ]

A wmediumd that does not send this attribute causes a NULL pointer
dereference, as the attribute is accessed even if it does not exist.

The attribute was required but never checked ever since userspace frame
forwarding has been introduced. The issue gets more problematic once we
allow wmediumd registration from user namespaces.

Cc: stable@vger.kernel.org
Fixes: 7882513bacb1 ("mac80211_hwsim driver support userspace frame tx/rx")
Signed-off-by: Martin Willi &lt;martin@strongswan.org&gt;
Signed-off-by: Johannes Berg &lt;johannes.berg@intel.com&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 62397da50bb20a6b812c949ef465d7e69fe54bb6 ]

A wmediumd that does not send this attribute causes a NULL pointer
dereference, as the attribute is accessed even if it does not exist.

The attribute was required but never checked ever since userspace frame
forwarding has been introduced. The issue gets more problematic once we
allow wmediumd registration from user namespaces.

Cc: stable@vger.kernel.org
Fixes: 7882513bacb1 ("mac80211_hwsim driver support userspace frame tx/rx")
Signed-off-by: Martin Willi &lt;martin@strongswan.org&gt;
Signed-off-by: Johannes Berg &lt;johannes.berg@intel.com&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in rtl_pci_reset_trx_ring</title>
<updated>2016-06-06T23:11:03+00:00</updated>
<author>
<name>Sasha Levin</name>
<email>sasha.levin@oracle.com</email>
</author>
<published>2016-06-01T01:07:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=23b229af85ee9dceef67760cd1724203015c16a6'/>
<id>23b229af85ee9dceef67760cd1724203015c16a6</id>
<content type='text'>
[ Upstream commit cf968937d27751296920e6b82ffa89735e3a0023 ]

We can't use kfree_skb in irq disable context, because spin_lock_irqsave
make sure we are always in irq disable context, use dev_kfree_skb_irq
instead of kfree_skb is better than dev_kfree_skb_any.

This patch fix below kernel warning:
[ 7612.095528] ------------[ cut here ]------------
[ 7612.095546] WARNING: CPU: 3 PID: 4460 at kernel/softirq.c:150 __local_bh_enable_ip+0x58/0x80()
[ 7612.095550] Modules linked in: rtl8723be x86_pkg_temp_thermal btcoexist rtl_pci rtlwifi rtl8723_common
[ 7612.095567] CPU: 3 PID: 4460 Comm: ifconfig Tainted: G        W       4.4.0+ #4
[ 7612.095570] Hardware name: LENOVO 20DFA04FCD/20DFA04FCD, BIOS J5ET48WW (1.19 ) 08/27/2015
[ 7612.095574]  00000000 00000000 da37fc70 c12ce7c5 00000000 da37fca0 c104cc59 c19d4454
[ 7612.095584]  00000003 0000116c c19d4784 00000096 c10508a8 c10508a8 00000200 c1b42400
[ 7612.095594]  f29be780 da37fcb0 c104ccad 00000009 00000000 da37fcbc c10508a8 f21f08b8
[ 7612.095604] Call Trace:
[ 7612.095614]  [&lt;c12ce7c5&gt;] dump_stack+0x41/0x5c
[ 7612.095620]  [&lt;c104cc59&gt;] warn_slowpath_common+0x89/0xc0
[ 7612.095628]  [&lt;c10508a8&gt;] ? __local_bh_enable_ip+0x58/0x80
[ 7612.095634]  [&lt;c10508a8&gt;] ? __local_bh_enable_ip+0x58/0x80
[ 7612.095640]  [&lt;c104ccad&gt;] warn_slowpath_null+0x1d/0x20
[ 7612.095646]  [&lt;c10508a8&gt;] __local_bh_enable_ip+0x58/0x80
[ 7612.095653]  [&lt;c16b7d34&gt;] destroy_conntrack+0x64/0xa0
[ 7612.095660]  [&lt;c16b300f&gt;] nf_conntrack_destroy+0xf/0x20
[ 7612.095665]  [&lt;c1677565&gt;] skb_release_head_state+0x55/0xa0
[ 7612.095670]  [&lt;c16775bb&gt;] skb_release_all+0xb/0x20
[ 7612.095674]  [&lt;c167760b&gt;] __kfree_skb+0xb/0x60
[ 7612.095679]  [&lt;c16776f0&gt;] kfree_skb+0x30/0x70
[ 7612.095686]  [&lt;f81b869d&gt;] ? rtl_pci_reset_trx_ring+0x22d/0x370 [rtl_pci]
[ 7612.095692]  [&lt;f81b869d&gt;] rtl_pci_reset_trx_ring+0x22d/0x370 [rtl_pci]
[ 7612.095698]  [&lt;f81b87f9&gt;] rtl_pci_start+0x19/0x190 [rtl_pci]
[ 7612.095705]  [&lt;f81970e6&gt;] rtl_op_start+0x56/0x90 [rtlwifi]
[ 7612.095712]  [&lt;c17e3f16&gt;] drv_start+0x36/0xc0
[ 7612.095717]  [&lt;c17f5ab3&gt;] ieee80211_do_open+0x2d3/0x890
[ 7612.095725]  [&lt;c16820fe&gt;] ? call_netdevice_notifiers_info+0x2e/0x60
[ 7612.095730]  [&lt;c17f60bd&gt;] ieee80211_open+0x4d/0x50
[ 7612.095736]  [&lt;c16891b3&gt;] __dev_open+0xa3/0x130
[ 7612.095742]  [&lt;c183fa53&gt;] ? _raw_spin_unlock_bh+0x13/0x20
[ 7612.095748]  [&lt;c1689499&gt;] __dev_change_flags+0x89/0x140
[ 7612.095753]  [&lt;c127c70d&gt;] ? selinux_capable+0xd/0x10
[ 7612.095759]  [&lt;c1689589&gt;] dev_change_flags+0x29/0x60
[ 7612.095765]  [&lt;c1700b93&gt;] devinet_ioctl+0x553/0x670
[ 7612.095772]  [&lt;c12db758&gt;] ? _copy_to_user+0x28/0x40
[ 7612.095777]  [&lt;c17018b5&gt;] inet_ioctl+0x85/0xb0
[ 7612.095783]  [&lt;c166e647&gt;] sock_ioctl+0x67/0x260
[ 7612.095788]  [&lt;c166e5e0&gt;] ? sock_fasync+0x80/0x80
[ 7612.095795]  [&lt;c115c99b&gt;] do_vfs_ioctl+0x6b/0x550
[ 7612.095800]  [&lt;c127c812&gt;] ? selinux_file_ioctl+0x102/0x1e0
[ 7612.095807]  [&lt;c10a8914&gt;] ? timekeeping_suspend+0x294/0x320
[ 7612.095813]  [&lt;c10a256a&gt;] ? __hrtimer_run_queues+0x14a/0x210
[ 7612.095820]  [&lt;c1276e24&gt;] ? security_file_ioctl+0x34/0x50
[ 7612.095827]  [&lt;c115cef0&gt;] SyS_ioctl+0x70/0x80
[ 7612.095832]  [&lt;c1001804&gt;] do_fast_syscall_32+0x84/0x120
[ 7612.095839]  [&lt;c183ff91&gt;] sysenter_past_esp+0x36/0x55
[ 7612.095844] ---[ end trace 97e9c637a20e8348 ]---

Signed-off-by: Wang YanQing &lt;udknight@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Acked-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit cf968937d27751296920e6b82ffa89735e3a0023 ]

We can't use kfree_skb in irq disable context, because spin_lock_irqsave
make sure we are always in irq disable context, use dev_kfree_skb_irq
instead of kfree_skb is better than dev_kfree_skb_any.

This patch fix below kernel warning:
[ 7612.095528] ------------[ cut here ]------------
[ 7612.095546] WARNING: CPU: 3 PID: 4460 at kernel/softirq.c:150 __local_bh_enable_ip+0x58/0x80()
[ 7612.095550] Modules linked in: rtl8723be x86_pkg_temp_thermal btcoexist rtl_pci rtlwifi rtl8723_common
[ 7612.095567] CPU: 3 PID: 4460 Comm: ifconfig Tainted: G        W       4.4.0+ #4
[ 7612.095570] Hardware name: LENOVO 20DFA04FCD/20DFA04FCD, BIOS J5ET48WW (1.19 ) 08/27/2015
[ 7612.095574]  00000000 00000000 da37fc70 c12ce7c5 00000000 da37fca0 c104cc59 c19d4454
[ 7612.095584]  00000003 0000116c c19d4784 00000096 c10508a8 c10508a8 00000200 c1b42400
[ 7612.095594]  f29be780 da37fcb0 c104ccad 00000009 00000000 da37fcbc c10508a8 f21f08b8
[ 7612.095604] Call Trace:
[ 7612.095614]  [&lt;c12ce7c5&gt;] dump_stack+0x41/0x5c
[ 7612.095620]  [&lt;c104cc59&gt;] warn_slowpath_common+0x89/0xc0
[ 7612.095628]  [&lt;c10508a8&gt;] ? __local_bh_enable_ip+0x58/0x80
[ 7612.095634]  [&lt;c10508a8&gt;] ? __local_bh_enable_ip+0x58/0x80
[ 7612.095640]  [&lt;c104ccad&gt;] warn_slowpath_null+0x1d/0x20
[ 7612.095646]  [&lt;c10508a8&gt;] __local_bh_enable_ip+0x58/0x80
[ 7612.095653]  [&lt;c16b7d34&gt;] destroy_conntrack+0x64/0xa0
[ 7612.095660]  [&lt;c16b300f&gt;] nf_conntrack_destroy+0xf/0x20
[ 7612.095665]  [&lt;c1677565&gt;] skb_release_head_state+0x55/0xa0
[ 7612.095670]  [&lt;c16775bb&gt;] skb_release_all+0xb/0x20
[ 7612.095674]  [&lt;c167760b&gt;] __kfree_skb+0xb/0x60
[ 7612.095679]  [&lt;c16776f0&gt;] kfree_skb+0x30/0x70
[ 7612.095686]  [&lt;f81b869d&gt;] ? rtl_pci_reset_trx_ring+0x22d/0x370 [rtl_pci]
[ 7612.095692]  [&lt;f81b869d&gt;] rtl_pci_reset_trx_ring+0x22d/0x370 [rtl_pci]
[ 7612.095698]  [&lt;f81b87f9&gt;] rtl_pci_start+0x19/0x190 [rtl_pci]
[ 7612.095705]  [&lt;f81970e6&gt;] rtl_op_start+0x56/0x90 [rtlwifi]
[ 7612.095712]  [&lt;c17e3f16&gt;] drv_start+0x36/0xc0
[ 7612.095717]  [&lt;c17f5ab3&gt;] ieee80211_do_open+0x2d3/0x890
[ 7612.095725]  [&lt;c16820fe&gt;] ? call_netdevice_notifiers_info+0x2e/0x60
[ 7612.095730]  [&lt;c17f60bd&gt;] ieee80211_open+0x4d/0x50
[ 7612.095736]  [&lt;c16891b3&gt;] __dev_open+0xa3/0x130
[ 7612.095742]  [&lt;c183fa53&gt;] ? _raw_spin_unlock_bh+0x13/0x20
[ 7612.095748]  [&lt;c1689499&gt;] __dev_change_flags+0x89/0x140
[ 7612.095753]  [&lt;c127c70d&gt;] ? selinux_capable+0xd/0x10
[ 7612.095759]  [&lt;c1689589&gt;] dev_change_flags+0x29/0x60
[ 7612.095765]  [&lt;c1700b93&gt;] devinet_ioctl+0x553/0x670
[ 7612.095772]  [&lt;c12db758&gt;] ? _copy_to_user+0x28/0x40
[ 7612.095777]  [&lt;c17018b5&gt;] inet_ioctl+0x85/0xb0
[ 7612.095783]  [&lt;c166e647&gt;] sock_ioctl+0x67/0x260
[ 7612.095788]  [&lt;c166e5e0&gt;] ? sock_fasync+0x80/0x80
[ 7612.095795]  [&lt;c115c99b&gt;] do_vfs_ioctl+0x6b/0x550
[ 7612.095800]  [&lt;c127c812&gt;] ? selinux_file_ioctl+0x102/0x1e0
[ 7612.095807]  [&lt;c10a8914&gt;] ? timekeeping_suspend+0x294/0x320
[ 7612.095813]  [&lt;c10a256a&gt;] ? __hrtimer_run_queues+0x14a/0x210
[ 7612.095820]  [&lt;c1276e24&gt;] ? security_file_ioctl+0x34/0x50
[ 7612.095827]  [&lt;c115cef0&gt;] SyS_ioctl+0x70/0x80
[ 7612.095832]  [&lt;c1001804&gt;] do_fast_syscall_32+0x84/0x120
[ 7612.095839]  [&lt;c183ff91&gt;] sysenter_past_esp+0x36/0x55
[ 7612.095844] ---[ end trace 97e9c637a20e8348 ]---

Signed-off-by: Wang YanQing &lt;udknight@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Acked-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
