Jason Wang [Fri, 1 Nov 2013 07:01:10 +0000 (15:01 +0800)]
net: flow_dissector: fail on evil iph->ihl
We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).
This issue were introduced by commit
ec5efe7946280d1e84603389a1030ccec0a767ae
(rps: support IPIP encapsulation).
Cc: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 2 Nov 2013 05:22:39 +0000 (01:22 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
1) Fix a possible race on ipcomp scratch buffers because
of too early enabled siftirqs. From Michal Kubecek.
2) The current xfrm garbage collector threshold is too small
for some workloads, resulting in bad performance on these
workloads. Increase the threshold from 1024 to 32768.
3) Some codepaths might not have a dst_entry attached to the
skb when calling xfrm_decode_session(). So add a check
to prevent a null pointer dereference in this case.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Wed, 30 Oct 2013 10:16:28 +0000 (11:16 +0100)]
xfrm: Fix null pointer dereference when decoding sessions
On some codepaths the skb does not have a dst entry
when xfrm_decode_session() is called. So check for
a valid skb_dst() before dereferencing the device
interface index. We use 0 as the device index if
there is no valid skb_dst(), or at reverse decoding
we use skb_iif as device interface index.
Bug was introduced with git commit
bafd4bd4dc
("xfrm: Decode sessions with output interface.").
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Masanari Iida [Wed, 30 Oct 2013 07:46:15 +0000 (16:46 +0900)]
doc:net: Fix typo in Documentation/networking
Correct spelling typo in Documentation/networking
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nathan Hintz [Wed, 30 Oct 2013 02:32:01 +0000 (19:32 -0700)]
bgmac: don't update slot on skb alloc/dma mapping error
Don't update the slot in "bgmac_dma_rx_skb_for_slot" unless both the
skb alloc and dma mapping are successful; and free the newly allocated
skb if a dma mapping error occurs. This relieves the caller of the need
to deduce/execute the appropriate cleanup action required when an error
occurs.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
Acked-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alistair Popple [Tue, 29 Oct 2013 23:50:38 +0000 (10:50 +1100)]
ibm emac: Fix locking for enable/disable eob irq
Calls to mal_enable_eob_irq perform a read-write-modify of a dcr to
enable device irqs which is protected by a spin lock. However calls to
mal_disable_eob_irq do not take the corresponding lock.
This patch resolves the problem by ensuring that calls to
mal_disable_eob_irq also take the lock.
Signed-off-by: Alistair Popple <alistair@popple.id.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alistair Popple [Tue, 29 Oct 2013 23:50:37 +0000 (10:50 +1100)]
ibm emac: Don't call napi_complete if napi_reschedule failed
This patch fixes a bug which would trigger the BUG_ON() at
net/core/dev.c:4156. It was found that this was due to continuing
processing in the current poll call even when the call to
napi_reschedule failed, indicating the device was already on the
polling list. This resulted in an extra call to napi_complete which
triggered the BUG_ON().
This patch ensures that we only contine processing rotting packets in
the current mal_poll call if we are not already on the polling list.
Signed-off-by: Alistair Popple <alistair@popple.id.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Tue, 29 Oct 2013 07:11:07 +0000 (15:11 +0800)]
virtio-net: correctly handle cpu hotplug notifier during resuming
commit
3ab098df35f8b98b6553edc2e40234af512ba877 (virtio-net: don't respond to
cpu hotplug notifier if we're not ready) tries to bypass the cpu hotplug
notifier by checking the config_enable and does nothing is it was false. So it
need to try to hold the config_lock mutex which may happen in atomic
environment which leads the following warnings:
[ 622.944441] CPU0 attaching NULL sched-domain.
[ 622.944446] CPU1 attaching NULL sched-domain.
[ 622.944485] CPU0 attaching NULL sched-domain.
[ 622.950795] BUG: sleeping function called from invalid context at kernel/mutex.c:616
[ 622.950796] in_atomic(): 1, irqs_disabled(): 1, pid: 10, name: migration/1
[ 622.950796] no locks held by migration/1/10.
[ 622.950798] CPU: 1 PID: 10 Comm: migration/1 Not tainted
3.12.0-rc5-wl-01249-gb91e82d #317
[ 622.950799] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 622.950802]
0000000000000000 ffff88001d42dba0 ffffffff81a32f22 ffff88001bfb9c70
[ 622.950803]
ffff88001d42dbb0 ffffffff810edb02 ffff88001d42dc38 ffffffff81a396ed
[ 622.950805]
0000000000000046 ffff88001d42dbe8 ffffffff810e861d 0000000000000000
[ 622.950805] Call Trace:
[ 622.950810] [<
ffffffff81a32f22>] dump_stack+0x54/0x74
[ 622.950815] [<
ffffffff810edb02>] __might_sleep+0x112/0x114
[ 622.950817] [<
ffffffff81a396ed>] mutex_lock_nested+0x3c/0x3c6
[ 622.950818] [<
ffffffff810e861d>] ? up+0x39/0x3e
[ 622.950821] [<
ffffffff8153ea7c>] ? acpi_os_signal_semaphore+0x21/0x2d
[ 622.950824] [<
ffffffff81565ed1>] ? acpi_ut_release_mutex+0x5e/0x62
[ 622.950828] [<
ffffffff816d04ec>] virtnet_cpu_callback+0x33/0x87
[ 622.950830] [<
ffffffff81a42576>] notifier_call_chain+0x3c/0x5e
[ 622.950832] [<
ffffffff810e86a8>] __raw_notifier_call_chain+0xe/0x10
[ 622.950835] [<
ffffffff810c5556>] __cpu_notify+0x20/0x37
[ 622.950836] [<
ffffffff810c5580>] cpu_notify+0x13/0x15
[ 622.950838] [<
ffffffff81a237cd>] take_cpu_down+0x27/0x3a
[ 622.950841] [<
ffffffff81136289>] stop_machine_cpu_stop+0x93/0xf1
[ 622.950842] [<
ffffffff81136167>] cpu_stopper_thread+0xa0/0x12f
[ 622.950844] [<
ffffffff811361f6>] ? cpu_stopper_thread+0x12f/0x12f
[ 622.950847] [<
ffffffff81119710>] ? lock_release_holdtime.part.7+0xa3/0xa8
[ 622.950848] [<
ffffffff81135e4b>] ? cpu_stop_should_run+0x3f/0x47
[ 622.950850] [<
ffffffff810ea9b0>] smpboot_thread_fn+0x1c5/0x1e3
[ 622.950852] [<
ffffffff810ea7eb>] ? lg_global_unlock+0x67/0x67
[ 622.950854] [<
ffffffff810e36b7>] kthread+0xd8/0xe0
[ 622.950857] [<
ffffffff81a3bfad>] ? wait_for_common+0x12f/0x164
[ 622.950859] [<
ffffffff810e35df>] ? kthread_create_on_node+0x124/0x124
[ 622.950861] [<
ffffffff81a45ffc>] ret_from_fork+0x7c/0xb0
[ 622.950862] [<
ffffffff810e35df>] ? kthread_create_on_node+0x124/0x124
[ 622.950876] smpboot: CPU 1 is now offline
[ 623.194556] SMP alternatives: lockdep: fixing up alternatives
[ 623.194559] smpboot: Booting Node 0 Processor 1 APIC 0x1
...
A correct fix is to unregister the hotcpu notifier during restore and register a
new one in resume.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Tested-by: Fengguang Wu <fengguang.wu@intel.com>
Cc: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Mon, 28 Oct 2013 19:45:07 +0000 (15:45 -0400)]
bridge: pass correct vlan id to multicast code
Currently multicast code attempts to extrace the vlan id from
the skb even when vlan filtering is disabled. This can lead
to mdb entries being created with the wrong vlan id.
Pass the already extracted vlan id to the multicast
filtering code to make the correct id is used in
creation as well as lookup.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Acked-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 29 Oct 2013 21:36:39 +0000 (17:36 -0400)]
Merge branch 'fixes' of git://git./linux/kernel/git/jesse/openvswitch
Jesse Gross says:
====================
One patch for net/3.12 fixing an issue where devices could be in an
invalid state they are removed while still attached to OVS.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Drüing [Mon, 28 Oct 2013 17:33:12 +0000 (18:33 +0100)]
net: x25: Fix dead URLs in Kconfig
Update the URLs in the Kconfig file to the new pages at sangoma.com and cisco.com
Signed-off-by: Michael Drüing <michael@drueing.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 29 Oct 2013 20:53:44 +0000 (16:53 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
This pull request contains the following netfilter fix:
* fix --queue-bypass in xt_NFQUEUE revision 3. While adding the
revision 3 of this target, the bypass flags were not correctly
handled anymore, thus, breaking packet bypassing if no application
is listening from userspace, patch from Holger Eitzenberger,
reported by Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Holger Eitzenberger [Mon, 28 Oct 2013 13:42:33 +0000 (14:42 +0100)]
netfilter: xt_NFQUEUE: fix --queue-bypass regression
V3 of the NFQUEUE target ignores the --queue-bypass flag,
causing packets to be dropped when the userspace listener
isn't running.
Regression is in since
8746ddcf12bb26 ("netfilter: xt_NFQUEUE:
introduce CPU fanout").
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Wei Liu [Mon, 28 Oct 2013 12:07:57 +0000 (12:07 +0000)]
xen-netback: use jiffies_64 value to calculate credit timeout
time_after_eq() only works if the delta is < MAX_ULONG/2.
For a 32bit Dom0, if netfront sends packets at a very low rate, the time
between subsequent calls to tx_credit_exceeded() may exceed MAX_ULONG/2
and the test for timer_after_eq() will be incorrect. Credit will not be
replenished and the guest may become unable to send packets (e.g., if
prior to the long gap, all credit was exhausted).
Use jiffies_64 variant to mitigate this problem for 32bit Dom0.
Suggested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Jason Luan <jianhai.luan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Sun, 27 Oct 2013 21:02:39 +0000 (21:02 +0000)]
cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures
The length calculation here is now invalid on 32-bit architectures,
since sk_buff::tail is a pointer and sk_buff::transport_header is
an integer offset:
drivers/net/ethernet/chelsio/cxgb3/sge.c: In function 'write_ofld_wr':
drivers/net/ethernet/chelsio/cxgb3/sge.c:1603:9: warning: passing argument 4 of 'make_sgl' makes integer from pointer without a cast [enabled by default]
adap->pdev);
^
drivers/net/ethernet/chelsio/cxgb3/sge.c:964:28: note: expected 'unsigned int' but argument is of type 'sk_buff_data_t'
static inline unsigned int make_sgl(const struct sk_buff *skb,
^
Use the appropriate skb accessor functions.
Compile-tested only.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 1a37e412a022 ('net: Use 16bits for *_headers fields of struct skbuff')
Signed-off-by: David S. Miller <davem@davemloft.net>
Ariel Elior [Sun, 27 Oct 2013 11:07:01 +0000 (13:07 +0200)]
bnx2x: Disable VF access on PF removal
When the bnx2x driver is rmmoded, if VFs of a given PF will be assigned
to a VM then that PF will be unable to call `pci_disable_sriov()'.
If for that same PF there would also exist unassigned VFs in the hypervisor,
the result will be that after the removal there will still be virtual PCI
functions on the hypervisor.
If the bnx2x module were to be re-inserted, the result will be that the VFs
on the hypervisor will be re-probed directly following the PF's probe, even
though that in regular loading flow sriov is only enabled once PF is loaded.
The probed VF will then try to access its bar, causing a PCI error as the HW
is not in a state enabling such a request.
This patch adds a missing disablement procedure to the PF's removal, one that
sets registers viewable to the VF to indicate that the VFs have no permission
to access the bar, thus resulting in probe errors instead of PCI errors.
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Sun, 27 Oct 2013 11:07:00 +0000 (13:07 +0200)]
bnx2x: prevent FW assert on low mem during unload
Buffers for FW statistics were allocated at an inappropriate time; In a machine
where the driver encounters problems allocating all of its queues, the driver
would still create FW requests for the statistics of the non-existing queues.
The wrong order of memory allocation could lead to zeroed statistics messages
being sent, leading to fw assert in case function 0 was down.
This changes the order of allocations, guaranteeing that statistic requests will
only be generated for actual queues.
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sat, 26 Oct 2013 00:26:17 +0000 (17:26 -0700)]
tcp: gso: fix truesize tracking
commit
6ff50cd55545 ("tcp: gso: do not generate out of order packets")
had an heuristic that can trigger a warning in skb_try_coalesce(),
because skb->truesize of the gso segments were exactly set to mss.
This breaks the requirement that
skb->truesize >= skb->len + truesizeof(struct sk_buff);
It can trivially be reproduced by :
ifconfig lo mtu 1500
ethtool -K lo tso off
netperf
As the skbs are looped into the TCP networking stack, skb_try_coalesce()
warns us of these skb under-estimating their truesize.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Fri, 25 Oct 2013 08:21:32 +0000 (10:21 +0200)]
xfrm: Increase the garbage collector threshold
With the removal of the routing cache, we lost the
option to tweak the garbage collector threshold
along with the maximum routing cache size. So git
commit
703fb94ec ("xfrm: Fix the gc threshold value
for ipv4") moved back to a static threshold.
It turned out that the current threshold before we
start garbage collecting is much to small for some
workloads, so increase it from 1024 to 32768. This
means that we start the garbage collector if we have
more than 32768 dst entries in the system and refuse
new allocations if we are above 65536.
Reported-by: Wolfgang Walter <linux@stwm.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Eric Dumazet [Sun, 27 Oct 2013 23:26:43 +0000 (16:26 -0700)]
pkt_sched: fq: clear time_next_packet for reused flows
When a socket is freed/reallocated, we need to clear time_next_packet
or else we can inherit a prior value and delay first packets of the
new flow.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Randy Dunlap [Fri, 25 Oct 2013 01:56:57 +0000 (18:56 -0700)]
Documentation/networking: netdev-FAQ typo corrections
Various typo fixes to netdev-FAQ.txt:
- capitalize Linux
- hyphenate dual-word adjectives
- minor punctuation fixes
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Acked-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuchung Cheng [Thu, 24 Oct 2013 15:59:27 +0000 (08:59 -0700)]
tcp: do not rearm RTO when future data are sacked
Patch
ed08495c3 "tcp: use RTT from SACK for RTO" always re-arms RTO upon
obtaining a RTT sample from newly sacked data.
But technically RTO should only be re-armed when the data sent before
the last (re)transmission of write queue head are (s)acked. Otherwise
the RTO may continue to extend during loss recovery on data sent
in the future.
Note that RTTs from ACK or timestamps do not have this problem, as the RTT
source must be from data sent before.
The new RTO re-arm policy is
1) Always re-arm RTO if SND.UNA is advanced
2) Re-arm RTO if sack RTT is available, provided the sacked data was
sent before the last time write_queue_head was sent.
Signed-off-by: Larry Brakmo <brakmo@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuchung Cheng [Thu, 24 Oct 2013 15:55:25 +0000 (08:55 -0700)]
tcp: only take RTT from timestamps if new data is acked
Patch
ed08495c3 "tcp: use RTT from SACK for RTO" has a bug that
it does not check if the ACK acknowledge new data before taking
the RTT sample from TCP timestamps. This patch adds the check
back as required by the RFC.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuchung Cheng [Thu, 24 Oct 2013 15:44:25 +0000 (08:44 -0700)]
tcp: fix SYNACK RTT estimation in Fast Open
tp->lsndtime may not always be the SYNACK timestamp if a passive
Fast Open socket sends data before handshake completes. And if the
remote acknowledges both the data and the SYNACK, the RTT sample
is already taken in tcp_ack(), so no need to call
tcp_update_ack_rtt() in tcp_synack_rtt_meas() aagain.
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Somnath Kotur [Thu, 24 Oct 2013 09:07:53 +0000 (14:37 +0530)]
be2net: Warn users of possible broken functionality on BE2 cards with very old FW versions with latest driver
On very old FW versions < 4.0, the mailbox command to set interrupts
on the card succeeds even though it is not supported and should have
failed, leading to a scenario where interrupts do not work.
Hence warn users to upgrade to a suitable FW version to avoid seeing
broken functionality.
Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sat, 26 Oct 2013 04:05:26 +0000 (00:05 -0400)]
Merge branch 'qlcnic'
Shahed Shaikh says:
====================
qlcnic: Bug fixes
This patch series contains following fixes-
* Performace drop because driver was forcing adapter not to check
destination IP for LRO.
* driver was not issuing qlcnic_fw_cmd_set_drv_version() to 83xx adapter
becasue of improper handling of QLCNIC_FW_CAPABILITY_MORE_CAPS bit.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Shahed Shaikh [Fri, 25 Oct 2013 14:38:37 +0000 (10:38 -0400)]
qlcnic: Do not read QLCNIC_FW_CAPABILITY_MORE_CAPS bit for 83xx adapter
Only 82xx adapter advertises QLCNIC_FW_CAPABILITY_MORE_CAPS bit.
Reading this bit from 83xx adapter causes the driver to skip
extra capabilities registers.
Because of this, driver was not issuing qlcnic_fw_cmd_set_drv_version()
for 83xx adapter.
This bug was introduced in commit
8af3f33db05c6d0146ad14905145a5c923770856
("qlcnic: Add support for 'set driver version' in 83XX").
Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Shahed Shaikh [Fri, 25 Oct 2013 14:38:36 +0000 (10:38 -0400)]
qlcnic: Do not force adapter to perform LRO without destination IP check
Forcing adapter to perform LRO without destination IP check
degrades the performance.
Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Freddy Xin [Thu, 24 Oct 2013 06:58:25 +0000 (14:58 +0800)]
ax88179_178a: Remove AX_MEDIUM_ALWAYS_ONE bit in AX_MEDIUM_STATUS_MODE register to avoid TX throttling
Remove AX_MEDIUM_ALWAYS_ONE in AX_MEDIUM_STATUS_MODE register.
Setting this bit may cause TX throttling in Half-Duplex mode.
Signed-off-by: Freddy Xin <freddy@asix.com.tw>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Thu, 24 Oct 2013 05:48:24 +0000 (07:48 +0200)]
ipv6: ip6_dst_check needs to check for expired dst_entries
On receiving a packet too big icmp error we check if our current cached
dst_entry in the socket is still valid. This validation check did not
care about the expiration of the (cached) route.
The error path I traced down:
The socket receives a packet too big mtu notification. It still has a
valid dst_entry and thus issues the ip6_rt_pmtu_update on this dst_entry,
setting RTF_EXPIRE and updates the dst.expiration value (which could
fail because of not up-to-date expiration values, see previous patch).
In some seldom cases we race with a) the ip6_fib gc or b) another routing
lookup which would result in a recreation of the cached rt6_info from its
parent non-cached rt6_info. While copying the rt6_info we reinitialize the
metrics store by copying it over from the parent thus invalidating the
just installed pmtu update (both dsts use the same key to the inetpeer
storage). The dst_entry with the just invalidated metrics data would
just get its RTF_EXPIRES flag cleared and would continue to stay valid
for the socket.
We should have not issued the pmtu update on the already expired dst_entry
in the first placed. By checking the expiration on the dst entry and
doing a relookup in case it is out of date we close the race because
we would install a new rt6_info into the fib before we issue the pmtu
update, thus closing this race.
Not reliably updating the dst.expire value was fixed by the patch "ipv6:
reset dst.expires value when clearing expire flag".
Reported-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Reported-by: Valentijn Sessink <valentyn@blub.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Tested-by: Valentijn Sessink <valentyn@blub.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Thu, 24 Oct 2013 08:14:27 +0000 (10:14 +0200)]
ipv6: reset dst.expires value when clearing expire flag
On receiving a packet too big icmp error we update the expire value by
calling rt6_update_expires. This function uses dst_set_expires which is
implemented that it can only reduce the expiration value of the dst entry.
If we insert new routing non-expiry information into the ipv6 fib where
we already have a matching rt6_info we only clear the RTF_EXPIRES flag
in rt6i_flags and leave the dst.expires value as is.
When new mtu information arrives for that cached dst_entry we again
call dst_set_expires. This time it won't update the dst.expire value
because we left the dst.expire value intact from the last update. So
dst_set_expires won't touch dst.expires.
Fix this by resetting dst.expires when clearing the RTF_EXPIRE flag.
dst_set_expires checks for a zero expiration and updates the
dst.expires.
In the past this (not updating dst.expires) was necessary because
dst.expire was placed in a union with the dst_entry *from reference
and rt6_clean_expires did assign NULL to it. This split happend in
ecd9883724b78cc72ed92c98bcb1a46c764fff21 ("ipv6: fix race condition
regarding dst->expires and dst->from").
Reported-by: Steinar H. Gunderson <sgunderson@bigfoot.com>
Reported-by: Valentijn Sessink <valentyn@blub.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Tested-by: Valentijn Sessink <valentyn@blub.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Antonio Quartulli [Wed, 23 Oct 2013 21:36:30 +0000 (23:36 +0200)]
netpoll: fix rx_hook() interface by passing the skb
Right now skb->data is passed to rx_hook() even if the skb
has not been linearised and without giving rx_hook() a way
to linearise it.
Change the rx_hook() interface and make it accept the skb
and the offset to the UDP payload as arguments. rx_hook() is
also renamed to rx_skb_hook() to ensure that out of the tree
users notice the API change.
In this way any rx_skb_hook() implementation can perform all
the needed operations to properly (and safely) access the
skb data.
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nikolay Aleksandrov [Thu, 24 Oct 2013 10:09:24 +0000 (12:09 +0200)]
netconsole: fix multiple race conditions
In every netconsole option that can be set through configfs there's a
race when checking for nt->enabled since it can be modified at the same
time. Probably the most damage can be done by store_enabled when racing
with another instance of itself. Fix all the races with one stone by
moving the mutex lock around the ->store call for all options.
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nikolay Aleksandrov [Wed, 23 Oct 2013 13:04:49 +0000 (15:04 +0200)]
netconsole: fix NULL pointer dereference
We need to disable the netconsole (enabled = 0) before setting nt->np.dev
to NULL because otherwise we might still have users after the
netpoll_cleanup() since nt->enabled is set afterwards and we can
have a message which will result in a NULL pointer dereference.
It is very easy to hit dereferences all over the netpoll_send_udp function
by running the following two loops in parallel:
while [ 1 ]; do echo 1 > enabled; echo 0 > enabled; done;
while [ 1 ]; do echo 00:11:22:33:44:55 > remote_mac; done;
(the second loop is to generate messages, it can be done by anything)
We're safe to set nt->np.dev = NULL and nt->enabled = 0 with the spinlock
since it's required in the write_msg() function.
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Reviewed-by: Veacelsav Falico <vfalico@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sebastian Siewior [Tue, 22 Oct 2013 18:36:25 +0000 (20:36 +0200)]
net: wan: sbni: remove assembly crc32 code
There is also a C function doing the same thing. Unless the asm code is
110% faster we could stick to the C function.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Tue, 22 Oct 2013 16:34:56 +0000 (18:34 +0200)]
net: sctp: fix ASCONF to allow non SCTP_ADDR_SRC addresses in ipv6
Commit
8a07eb0a50 ("sctp: Add ASCONF operation on the single-homed host")
implemented possible use of IPv4 addresses with non SCTP_ADDR_SRC state
as source address when sending ASCONF (ADD) packets, but IPv6 part for
that was not implemented in
8a07eb0a50. Therefore, as this is not restricted
to IPv4-only, fix this up to allow the same for IPv6 addresses in SCTP.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Michio Honda <micchie@sfc.wide.ad.jp>
Acked-by: Michio Honda <micchie@sfc.wide.ad.jp>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 23 Oct 2013 20:55:04 +0000 (16:55 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
The following patchset contains three netfilter fixes for your net
tree, they are:
* A couple of fixes to resolve info leak to userspace due to uninitialized
memory area in ulogd, from Mathias Krause.
* Fix instruction ordering issues that may lead to the access of
uninitialized data in x_tables. The problem involves the table update
(producer) and the main packet matching (consumer) routines. Detected in
SMP ARMv7, from Will Deacon.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 23 Oct 2013 07:10:25 +0000 (08:10 +0100)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
"Several last minute bug fixes.
Two of them are on the larger side for rc7, the dasd format patch for
older storage devices and the store-clock-fast patch where we have
been to optimistic with an optimization"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/time: correct use of store clock fast
s390/vmlogrdr: fix array access in vmlogrdr_open()
s390/compat,signal: fix return value of copy_siginfo_(to|from)_user32()
s390/dasd: check for availability of prefix command during format
s390/mm,kvm: fix software dirty bits vs. kvm for old machines
Linus Torvalds [Wed, 23 Oct 2013 06:58:22 +0000 (07:58 +0100)]
Merge branch 'for-rc' of git://git./linux/kernel/git/rzhang/linux
Pull thermal management fixes from Zhang Rui:
"These includes several commits that are necessary to properly fix
regression for TMU test MUX address setting after reset, for exynos
thermal driver.
Specifics:
- fix a regression that the removal of setting a certain field at TMU
configuration setting results in immediately shutdown after reset
on Exynos4412 SoC.
- revert a patch which tries to link the thermal_zone device and its
hwmon node but breaks libsensors.
- fix a deadlock/lockdep warning issue in x86_pkg_temp thermal
driver, which can be reproduced on a buggy platform only.
- fix ti-soc-thermal driver to fall back on bandgap reading when
reading from PCB temperature sensor fails"
* 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
Revert "drivers: thermal: parent virtual hwmon with thermal zone"
drivers: thermal: allow ti-soc-thermal run without pcb zone
thermal: exynos: Provide initial setting for TMU's test MUX address at Exynos4412
thermal: exynos: Provide separate TMU data for Exynos4412
thermal: exynos: Remove check for thermal device pointer at exynos_report_trigger()
Thermal: x86_pkg_temp: change spin lock
Randy Dunlap [Mon, 16 Sep 2013 18:10:51 +0000 (11:10 -0700)]
platform/x86: fix asus-wmi build error
Fix build error in asus_wmi.c when ASUS_WMI=y and ACPI_VIDEO=m
by preventing that combination.
drivers/built-in.o: In function `asus_wmi_probe':
asus-wmi.c:(.text+0x65ddb4): undefined reference to `acpi_video_unregister'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kent Overstreet [Tue, 22 Oct 2013 22:35:50 +0000 (15:35 -0700)]
bcache: Fixed incorrect order of arguments to bio_alloc_bioset()
Signed-off-by: Kent Overstreet <kmo@daterainc.com>
Cc: linux-stable <stable@vger.kernel.org> # >= v3.10
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 23 Oct 2013 06:52:36 +0000 (07:52 +0100)]
Merge branch 'v4l_for_linus' of git://git./linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
- Compilation fixes for GCC < 4.4.6
- one Kbuild dependency select fix (selecting videobuf on msi3101)
- driver fixes on tda10071, e4000, msi3101, soc_camera, s5p-jpeg,
saa7134 and adv7511
- some device quirks needed to make them work properly
- some videobuf2 core regression fixes for some features used only on
embedded drivers
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
[media] saa7134: Fix crash when device is closed before streamoff
[media] adv7511: fix error return code in adv7511_probe()
[media] ths8200: fix compilation with GCC < 4.4.6
[media]
ad9389b: fix compilation with GCC < 4.4.6
[media] adv7511: fix compilation with GCC < 4.4.6
[media] adv7842: fix compilation with GCC < 4.4.6
[media] s5p-jpeg: Initialize vfd_decoder->vfl_dir field
[media] videobuf2-dc: Fix support for mappings without struct page in userptr mode
[media] vb2: Allow queuing OUTPUT buffers with zeroed 'bytesused'
[media] mx3-camera: locking cleanup in mx3_videobuf_queue()
[media] sh_vou: almost forever loop in sh_vou_try_fmt_vid_out()
[media] tda10071: change firmware download condition
[media] msi3101: correct max videobuf2 alloc
[media] Add HCL T12Rg-H to STK webcam upside-down table
[media] msi3101: Kconfig select VIDEOBUF2_VMALLOC
[media] msi3101: msi3101_ioctl_ops can be static
[media] e4000: fix PLL calc bug on 32-bit arch
[media] uvcvideo: quirk PROBE_DEF for Microsoft Lifecam NX-3000
[media] uvcvideo: quirk PROBE_DEF for Dell SP2008WFP monitor
Linus Torvalds [Wed, 23 Oct 2013 06:51:25 +0000 (07:51 +0100)]
Merge tag 'rdma-for-linus' of git://git./linux/kernel/git/roland/infiniband
Pull infiniband bugfix from Roland Dreier:
"Disable not-quite-ready userspace ABI for IB flow steering"
* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/core: Temporarily disable create_flow/destroy_flow uverbs
Linus Torvalds [Wed, 23 Oct 2013 06:47:42 +0000 (07:47 +0100)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Sorry I let so much accumulate, I was in Buffalo and wanted a few
things to cook in my tree for a while before sending to you. Anyways,
it's a lot of little things as usual at this stage in the game"
1) Make bonding MAINTAINERS entry reflect reality, from Andy
Gospodarek.
2) Fix accidental sock_put() on timewait mini sockets, from Eric
Dumazet.
3) Fix crashes in l2tp due to mis-handling of ipv4 mapped ipv6
addresses, from François CACHEREUL.
4) Fix heap overflow in __audit_sockaddr(), from the eagle eyed Dan
Carpenter.
5) tcp_shifted_skb() doesn't take handle FINs properly, from Eric
Dumazet.
6) SFC driver bug fixes from Ben Hutchings.
7) Fix TX packet scheduling wedge after channel change in ath9k driver,
from Felix Fietkau.
8) Fix user after free in BPF JIT code, from Alexei Starovoitov.
9) Source address selection test is reversed in
__ip_route_output_key(), fix from Jiri Benc.
10) VLAN and CAN layer mis-size netlink attributes, from Marc
Kleine-Budde.
11) Fix permission checks in sysctls to use current_euid() instead of
current_uid(). From Eric W Biederman.
12) IPSEC policies can go away while a timer is still pending for them,
add appropriate ref-counting to fix, from Steffen Klassert.
13) Fix mis-programming of FDR and RMCR registers on R8A7740 sh_eth
chips, from Nguyen Hong Ky and Simon Horman.
14) MLX4 forgets to DMA unmap pages on RX, fix from Amir Vadai.
15) IPV6 GRE tunnel MTU upper limit is miscalculated, from Oussama
Ghorbel.
16) Fix typo in fq_change(), we were assigning "initial quantum" to
"quantum". From Eric Dumazet.
17) Set a more appropriate sk_pacing_rate for non-TCP sockets, otherwise
FQ packet scheduler does not pace those flows properly. Also from
Eric Dumazet.
18) rtlwifi miscalculates packet pointers, from Mark Cave-Ayland.
19) l2tp_xmit_skb() can be called from process context, not just softirq
context, so we must always make sure to BH disable around it. From
Eric Dumazet.
20) On qdisc reset, we forget to purge the RB tree of SKBs in netem
packet scheduler. From Stephen Hemminger.
21) Fix info leak in farsync WAN driver ioctl() handler, from Dan
Carpenter and Salva Peiró.
22) Fix PHY reset and other issues in dm9000 driver, from Nikita
Kiryanov and Michael Abbott.
23) When hardware can do SCTP crc32 checksums, we accidently don't
disable the csum offload when IPSEC transformations have been
applied. From Fan Du and Vlad Yasevich.
24) Tail loss probing in TCP leaves the socket in the wrong congestion
avoidance state. From Yuchung Cheng.
25) In CPSW driver, enable NAPI before interrupts are turned on, from
Markus Pargmann.
26) Integer underflow and dual-assignment in YAM hamradio driver, from
Dan Carpenter.
27) If we are going to mangle a packet in tcp_set_skb_tso_segs() we must
unclone it. This fixes various hard to track down crashes in
drivers where the SKBs ->gso_segs was changing right from underneath
the driver during TX queueing. From Eric Dumazet.
28) Fix the handling of VLAN IDs, and in particular the special IDs 0
and 4095, in the bridging layer. From Toshiaki Makita.
29) Another info leak, this time in wanxl WAN driver, from Salva Peiró.
30) Fix race in socket credential passing, from Daniel Borkmann.
31) WHen NETLABEL is disabled, we don't validate CIPSO packets properly,
from Seif Mazareeb.
32) Fix identification of fragmented frames in ipv4/ipv6 UDP
Fragmentation Offload output paths, from Jiri Pirko.
33) Virtual Function fixes in bnx2x driver from Yuval Mintz and Ariel
Elior.
34) When we removed the explicit neighbour pointer from ipv6 routes a
slight regression was introduced for users such as IPVS, xt_TEE, and
raw sockets. We mix up the users requested destination address with
the routes assigned nexthop/gateway. From Julian Anastasov and
Simon Horman.
35) Fix stack overruns in rt6_probe(), the issue is that can end up
doing two full packet xmit paths at the same time when emitting
neighbour discovery messages. From Hannes Frederic Sowa.
36) davinci_emac driver doesn't handle IFF_ALLMULTI correctly, from
Mariusz Ceier.
37) Make sure to set TCP sk_pacing_rate after the first legitimate RTT
sample, from Neal Cardwell.
38) Wrong netlink attribute passed to xfrm_replay_verify_len(), from
Steffen Klassert.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (152 commits)
ax88179_178a: Add VID:DID for Samsung USB Ethernet Adapter
ax88179_178a: Correct the RX error definition in RX header
Revert "bridge: only expire the mdb entry when query is received"
tcp: initialize passive-side sk_pacing_rate after 3WHS
davinci_emac.c: Fix IFF_ALLMULTI setup
mac802154: correct a typo in ieee802154_alloc_device() prototype
ipv6: probe routes asynchronous in rt6_probe
netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper
ipv6: fill rt6i_gateway with nexthop address
ipv6: always prefer rt6i_gateway if present
bnx2x: Set NETIF_F_HIGHDMA unconditionally
bnx2x: Don't pretend during register dump
bnx2x: Lock DMAE when used by statistic flow
bnx2x: Prevent null pointer dereference on error flow
bnx2x: Fix config when SR-IOV and iSCSI are enabled
bnx2x: Fix Coalescing configuration
bnx2x: Unlock VF-PF channel on MAC/VLAN config error
bnx2x: Prevent an illegal pointer dereference during panic
bnx2x: Fix Maximum CoS estimation for VFs
drivers: net: cpsw: fix kernel warn during iperf test with interrupt pacing
...
Freddy Xin [Tue, 22 Oct 2013 07:32:11 +0000 (15:32 +0800)]
ax88179_178a: Add VID:DID for Samsung USB Ethernet Adapter
Add VID:DID for Samsung USB Ethernet Adapter.
Signed-off-by: Freddy Xin <freddy@asix.com.tw>
Signed-off-by: David S. Miller <davem@davemloft.net>
Freddy Xin [Tue, 22 Oct 2013 07:32:10 +0000 (15:32 +0800)]
ax88179_178a: Correct the RX error definition in RX header
Correct the definition of AX_RXHDR_CRC_ERR and
AX_RXHDR_DROP_ERR. They are BIT29 and BIT31 in pkt_hdr
seperately.
Signed-off-by: Freddy Xin <freddy@asix.com.tw>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing [Sat, 19 Oct 2013 22:58:57 +0000 (00:58 +0200)]
Revert "bridge: only expire the mdb entry when query is received"
While this commit was a good attempt to fix issues occuring when no
multicast querier is present, this commit still has two more issues:
1) There are cases where mdb entries do not expire even if there is a
querier present. The bridge will unnecessarily continue flooding
multicast packets on the according ports.
2) Never removing an mdb entry could be exploited for a Denial of
Service by an attacker on the local link, slowly, but steadily eating up
all memory.
Actually, this commit became obsolete with
"bridge: disable snooping if there is no querier" (
b00589af3b)
which included fixes for a few more cases.
Therefore reverting the following commits (the commit stated in the
commit message plus three of its follow up fixes):
====================
Revert "bridge: update mdb expiration timer upon reports."
This reverts commit
f144febd93d5ee534fdf23505ab091b2b9088edc.
Revert "bridge: do not call setup_timer() multiple times"
This reverts commit
1faabf2aab1fdaa1ace4e8c829d1b9cf7bfec2f1.
Revert "bridge: fix some kernel warning in multicast timer"
This reverts commit
c7e8e8a8f7a70b343ca1e0f90a31e35ab2d16de1.
Revert "bridge: only expire the mdb entry when query is received"
This reverts commit
9f00b2e7cf241fa389733d41b615efdaa2cb0f5b.
====================
CC: Cong Wang <amwang@redhat.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Reviewed-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mattia Dongili [Sun, 18 Aug 2013 10:33:19 +0000 (19:33 +0900)]
sony-laptop: don't change keyboard backlight settings
Do not touch keyboard backlight unless explicitly passed a module
parameter. In this way we won't make wrong assumptions about what are
good default values since they actually are different from model to
model.
The only side effect is that we won't know what is the current value
until set via the sysfs attributes.
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Sat, 19 Oct 2013 21:57:07 +0000 (14:57 -0700)]
vfs: fix new kernel-doc warnings
Move kernel-doc notation to immediately before its function to eliminate
kernel-doc warnings introduced by commit
db14fc3abcd5 ("vfs: add
d_walk()")
Warning(fs/dcache.c:1343): No description found for parameter 'data'
Warning(fs/dcache.c:1343): No description found for parameter 'dentry'
Warning(fs/dcache.c:1343): Excess function parameter 'parent' description in 'check_mount'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Miklos Szeredi <mszeredi@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Sat, 19 Oct 2013 21:56:55 +0000 (14:56 -0700)]
fs/namei.c: fix new kernel-doc warning
Add @path parameter to fix kernel-doc warning.
Also fix a spello/typo.
Warning(fs/namei.c:2304): No description found for parameter 'path'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 22 Oct 2013 09:24:29 +0000 (10:24 +0100)]
Merge tag 'sound-3.12' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"The pending last-minute ASoC fixes, all of which are driver-local
(tlv320aic3x, rcar, pcm1681, pcm1792a, omap, fsl) and should be pretty
safe to apply"
* tag 'sound-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: Add MAINTAINERS entry for dmaengine helpers
ASoC: pcm1792a: Fix max_register setting
ASoC: pcm1681: Fix max_register setting
ASoC: pcm1681: Fix max_register setting
ASoC: rcar: fixup generation checker
ASoC: tlv320aic3x: Connect 'Left Line1R Mux' and 'Right Line1L Mux'
ASoC: fsl: imx-ssi: fix probe on imx31
ASoC: omap: Fix incorrect ARM dependency
ASoC: fsl: Fix sound on mx31moboard
ASoC: fsl_ssi: Fix irq_of_parse_and_map() return value check
Will Deacon [Mon, 21 Oct 2013 12:14:53 +0000 (13:14 +0100)]
netfilter: x_tables: fix ordering of jumpstack allocation and table update
During kernel stability testing on an SMP ARMv7 system, Yalin Wang
reported the following panic from the netfilter code:
1fe0:
0000001c 5e2d3b10 4007e779 4009e110 60000010 00000032 ff565656 ff545454
[<
c06c48dc>] (ipt_do_table+0x448/0x584) from [<
c0655ef0>] (nf_iterate+0x48/0x7c)
[<
c0655ef0>] (nf_iterate+0x48/0x7c) from [<
c0655f7c>] (nf_hook_slow+0x58/0x104)
[<
c0655f7c>] (nf_hook_slow+0x58/0x104) from [<
c0683bbc>] (ip_local_deliver+0x88/0xa8)
[<
c0683bbc>] (ip_local_deliver+0x88/0xa8) from [<
c0683718>] (ip_rcv_finish+0x418/0x43c)
[<
c0683718>] (ip_rcv_finish+0x418/0x43c) from [<
c062b1c4>] (__netif_receive_skb+0x4cc/0x598)
[<
c062b1c4>] (__netif_receive_skb+0x4cc/0x598) from [<
c062b314>] (process_backlog+0x84/0x158)
[<
c062b314>] (process_backlog+0x84/0x158) from [<
c062de84>] (net_rx_action+0x70/0x1dc)
[<
c062de84>] (net_rx_action+0x70/0x1dc) from [<
c0088230>] (__do_softirq+0x11c/0x27c)
[<
c0088230>] (__do_softirq+0x11c/0x27c) from [<
c008857c>] (do_softirq+0x44/0x50)
[<
c008857c>] (do_softirq+0x44/0x50) from [<
c0088614>] (local_bh_enable_ip+0x8c/0xd0)
[<
c0088614>] (local_bh_enable_ip+0x8c/0xd0) from [<
c06b0330>] (inet_stream_connect+0x164/0x298)
[<
c06b0330>] (inet_stream_connect+0x164/0x298) from [<
c061d68c>] (sys_connect+0x88/0xc8)
[<
c061d68c>] (sys_connect+0x88/0xc8) from [<
c000e340>] (ret_fast_syscall+0x0/0x30)
Code:
2a000021 e59d2028 e59de01c e59f011c (
e7824103)
---[ end trace
da227214a82491bd ]---
Kernel panic - not syncing: Fatal exception in interrupt
This comes about because CPU1 is executing xt_replace_table in response
to a setsockopt syscall, resulting in:
ret = xt_jumpstack_alloc(newinfo);
--> newinfo->jumpstack = kzalloc(size, GFP_KERNEL);
[...]
table->private = newinfo;
newinfo->initial_entries = private->initial_entries;
Meanwhile, CPU0 is handling the network receive path and ends up in
ipt_do_table, resulting in:
private = table->private;
[...]
jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
On weakly ordered memory architectures, the writes to table->private
and newinfo->jumpstack from CPU1 can be observed out of order by CPU0.
Furthermore, on architectures which don't respect ordering of address
dependencies (i.e. Alpha), the reads from CPU0 can also be re-ordered.
This patch adds an smp_wmb() before the assignment to table->private
(which is essentially publishing newinfo) to ensure that all writes to
newinfo will be observed before plugging it into the table structure.
A dependent-read barrier is also added on the consumer sides, to ensure
the same ordering requirements are also respected there.
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reported-by: Wang, Yalin <Yalin.Wang@sonymobile.com>
Tested-by: Wang, Yalin <Yalin.Wang@sonymobile.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Linus Torvalds [Tue, 22 Oct 2013 08:01:11 +0000 (09:01 +0100)]
Merge tag 'jfs-3.12' of git://github.com/kleikamp/linux-shaggy
Pull jfs bugfix from David Kleikamp:
"Just a patch to fix an oops in an error path"
* tag 'jfs-3.12' of git://github.com/kleikamp/linux-shaggy:
jfs: fix error path in ialloc
Linus Torvalds [Tue, 22 Oct 2013 07:23:41 +0000 (08:23 +0100)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Travelling slowed down getting these out.
Two vmwgfx fixes, a radeon revert to avoid a regression, i915 fixes,
and some ioctl sizing issues fixed with 32 on 64"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/audio: don't set speaker allocation on DCE4+
drm/radeon: rework audio option
drm/radeon/audio: don't set speaker allocation on DCE3.2
drm/radeon: make missing smc ucode non-fatal (CI)
drm/radeon: make missing smc ucode non-fatal (r7xx-SI)
drm/radeon/uvd: revert lower msg&fb buffer requirements on UVD3
drm/radeon: stop the leaks in cik_ib_test
drm/radeon/atom: workaround vbios bug in transmitter table on rs780
drm/i915: Disable GGTT PTEs on GEN6+ suspend
drm/i915: Make PTE valid encoding optional
drm: Pad drm_mode_get_connector to 64-bit boundary
drm: Prevent overwriting from userspace underallocating core ioctl structs
drm/vmwgfx: Don't kill clients on VT switch
drm/vmwgfx: Don't put resources with invalid id's on lru list
drm/i915: disable LVDS clock gating on CPT v2
Linus Torvalds [Tue, 22 Oct 2013 07:22:40 +0000 (08:22 +0100)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jikos/hid
Pull HID fixes from Jiri Kosina:
- a partial revert of exponent parsing changes to make "Unit" exponent
item work properly again, by Nikolai Kondrashov
- a few new device IDs additions piggy-backing, by AceLan Kao and David
Herrmann
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: wiimote: add LEGO-wiimote VID
HID: Fix unit exponent parsing again
HID: usbhid: quirk for SiS Touchscreen
HID: usbhid: quirk for Synaptics Large Touchccreen
Linus Torvalds [Tue, 22 Oct 2013 07:21:34 +0000 (08:21 +0100)]
Merge branch 'for-3.12-fixes' of git://git./linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
"The only interesting bit is ata_eh_qc_retry() update which fixes a
problem where a SG_IO command may fail across suspend/resume cycle
without the command actually being at fault.
Other changes are low level driver specific and fairly low impact"
* 'for-3.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
libahci: fix turning on LEDs in ahci_start_port()
libata: make ata_eh_qc_retry() bump scmd->allowed on bogus failures
ahci_platform: use dev_info() instead of printk()
ahci: use dev_info() instead of printk()
pata_isapnp: Don't use invalid I/O ports
Linus Torvalds [Tue, 22 Oct 2013 07:20:34 +0000 (08:20 +0100)]
Merge branch 'for-3.12-fixes' of git://git./linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
"Two late fixes for cgroup.
One fixes descendant walk introduced during this rc1 cycle. The other
fixes a post 3.9 bug during task attach which can lead to hang. Both
fixes are critical and the fixes are relatively straight-forward"
* 'for-3.12-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: fix to break the while loop in cgroup_attach_task() correctly
cgroup: fix cgroup post-order descendant walk of empty subtree
Martin Schwidefsky [Thu, 17 Oct 2013 10:38:17 +0000 (12:38 +0200)]
s390/time: correct use of store clock fast
The result of the store-clock-fast (STCKF) instruction is a bit fuzzy.
It can happen that the value stored on one CPU is smaller than the value
stored on another CPU, although the order of the stores is the other
way around. This can cause deltas of get_tod_clock() values to become
negative when they should not be.
We need to be more careful with store-clock-fast, this patch partially
reverts git commit
e4b7b4238e666682555461fa52eecd74652f36bb "time:
always use stckf instead of stck if available". The get_tod_clock()
function now uses the store-clock-extended (STCKE) instruction.
get_tod_clock_fast() can be used if the fuzziness of store-clock-fast
is acceptable e.g. for wait loops local to a CPU.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Dave Airlie [Tue, 22 Oct 2013 06:35:17 +0000 (07:35 +0100)]
Merge branch 'drm-fixes-3.12' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Most just regression fixes for audio, dpm, and uvd, plus
a resource leak fix for cik.
* 'drm-fixes-3.12' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon/audio: don't set speaker allocation on DCE4+
drm/radeon: rework audio option
drm/radeon/audio: don't set speaker allocation on DCE3.2
drm/radeon: make missing smc ucode non-fatal (CI)
drm/radeon: make missing smc ucode non-fatal (r7xx-SI)
drm/radeon/uvd: revert lower msg&fb buffer requirements on UVD3
drm/radeon: stop the leaks in cik_ib_test
drm/radeon/atom: workaround vbios bug in transmitter table on rs780
Dave Airlie [Tue, 22 Oct 2013 06:32:40 +0000 (07:32 +0100)]
Merge tag 'drm-intel-fixes-2013-10-21' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes
Just an lvds clock gating fix and a pte clearing hack for hsw to avoid
memory corruption when hibernating - something doesn't seem to switch off
properly, we're still investigating.
* tag 'drm-intel-fixes-2013-10-21' of git://people.freedesktop.org/~danvet/drm-intel: (96 commits)
drm/i915: Disable GGTT PTEs on GEN6+ suspend
drm/i915: Make PTE valid encoding optional
drm/i915: disable LVDS clock gating on CPT v2
Neal Cardwell [Mon, 21 Oct 2013 19:40:19 +0000 (15:40 -0400)]
tcp: initialize passive-side sk_pacing_rate after 3WHS
For passive TCP connections, upon receiving the ACK that completes the
3WHS, make sure we set our pacing rate after we get our first RTT
sample.
On passive TCP connections, when we receive the ACK completing the
3WHS we do not take an RTT sample in tcp_ack(), but rather in
tcp_synack_rtt_meas(). So upon receiving the ACK that completes the
3WHS, tcp_ack() leaves sk_pacing_rate at its initial value.
Originally the initial sk_pacing_rate value was 0, so passive-side
connections defaulted to sysctl_tcp_min_tso_segs (2 segs) in skbuffs
made in the first RTT. With a default initial cwnd of 10 packets, this
happened to be correct for RTTs 5ms or bigger, so it was hard to
see problems in WAN or emulated WAN testing.
Since
7eec4174ff ("pkt_sched: fq: fix non TCP flows pacing"), the
initial sk_pacing_rate is 0xffffffff. So after that change, passive
TCP connections were keeping this value (and using large numbers of
segments per skbuff) until receiving an ACK for data.
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mariusz Ceier [Mon, 21 Oct 2013 17:45:04 +0000 (19:45 +0200)]
davinci_emac.c: Fix IFF_ALLMULTI setup
When IFF_ALLMULTI flag is set on interface and IFF_PROMISC isn't,
emac_dev_mcast_set should only enable RX of multicasts and reset
MACHASH registers.
It does this, but afterwards it either sets up multicast MACs
filtering or disables RX of multicasts and resets MACHASH registers
again, rendering IFF_ALLMULTI flag useless.
This patch fixes emac_dev_mcast_set, so that multicast MACs filtering and
disabling of RX of multicasts are skipped when IFF_ALLMULTI flag is set.
Tested with kernel 2.6.37.
Signed-off-by: Mariusz Ceier <mceier+kernel@gmail.com>
Acked-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexandre Belloni [Mon, 21 Oct 2013 17:09:58 +0000 (19:09 +0200)]
mac802154: correct a typo in ieee802154_alloc_device() prototype
This has no other impact than a cosmetic one.
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Mon, 21 Oct 2013 04:17:15 +0000 (06:17 +0200)]
ipv6: probe routes asynchronous in rt6_probe
Routes need to be probed asynchronous otherwise the call stack gets
exhausted when the kernel attemps to deliver another skb inline, like
e.g. xt_TEE does, and we probe at the same time.
We update neigh->updated still at once, otherwise we would send to
many probes.
Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 21 Oct 2013 22:39:36 +0000 (18:39 -0400)]
Merge branch 'rt6i_gateway'
Julian Anastasov says:
====================
ipv6: use rt6i_gateway as nexthop
The following patchset makes sure that rt6i_gateway
contains valid nexthop information in all cases, so that
we can use different nexthop for sending.
The first patch is a simple fix that makes IPVS, TEE,
RAW(hdrincl) and RTF_DYNAMIC(without RTF_GATEWAY) work as
before 3.9. There is a single corner case not solved by
this patch: RAW(hdrincl) or TEE using local address for
nexthop, a silly feature, I guess. In this case we
see zeroes in rt6i_gateway because we get route that is not
cloned. This is solved only with patch 2.
The second patch is an optimization that makes sure
all resulting routes have rt6i_gateway filled, so that we
can avoid the complex ipv6_addr_any() call added to rt6_nexthop()
by patch 1. And it sets rt6i_gateway for local routes, a case
not handled by patch 1.
The third patch uses the new rt6_nexthop() function to fix
the matching of gateways in the same way as commit
bbb5823cf742a7
("netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper")
fixes nf_conntrack_h323_main.c for IPv4. Currently, it depends on
the new definition of rt6_nexthop() in patch 2. Actually, if
patch 2 is applied, patch 3 becomes a cosmetic change.
I see the following two alternatives for applying these
patches:
1. Linger patch 2 in net-next to avoid surprises in the upcoming
release. In this case patch 3 can be reworked not to depend on
the new rt6_nexthop() definition in patch 2. I guess this is a
better option, so that patch 2 can be reviewed and tested for
longer time.
2. Include all 3 patches in net tree - more risky because this
is my first attempt to change IPv6.
Here is the situation as handled by patch 2:
In IPv6 the resolved routes are always host routes (/128
with DST_HOST), mostly cloned ones. We allow routes in FIB
to contain rt6i_gateway with zeroes (eg. for local subnets) but
on cloning we can fill the rt6i_gateway field in result.
This works even without this patchset.
There is a single special case where dst is provided as
skb_dst directly without a routing call: icmp6_dst_alloc(). It is a
private dst allocated just for the particular ICMP packet. Patch 2
fills rt6i_gateway in this case, needed for the new rt6_nexthop()
simplification.
The last case is addrconf_dst_alloc(), it can put in
FIB local/anycast routes when addresses are added. Patch 2
needs to fill rt6i_gateway in this case because such routes
are returned without cloning.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Anastasov [Sun, 20 Oct 2013 12:43:05 +0000 (15:43 +0300)]
netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper
Now when rt6_nexthop() can return nexthop address we can use it
for proper nexthop comparison of directly connected destinations.
For more information refer to commit
bbb5823cf742a7
("netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper").
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Anastasov [Sun, 20 Oct 2013 12:43:04 +0000 (15:43 +0300)]
ipv6: fill rt6i_gateway with nexthop address
Make sure rt6i_gateway contains nexthop information in
all routes returned from lookup or when routes are directly
attached to skb for generated ICMP packets.
The effect of this patch should be a faster version of
rt6_nexthop() and the consideration of local addresses as
nexthop.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Julian Anastasov [Sun, 20 Oct 2013 12:43:03 +0000 (15:43 +0300)]
ipv6: always prefer rt6i_gateway if present
In v3.9
6fd6ce2056de2709 ("ipv6: Do not depend on rt->n in
ip6_finish_output2()." changed the behaviour of ip6_finish_output2()
such that the recently introduced rt6_nexthop() is used
instead of an assigned neighbor.
As rt6_nexthop() prefers rt6i_gateway only for gatewayed
routes this causes a problem for users like IPVS, xt_TEE and
RAW(hdrincl) if they want to use different address for routing
compared to the destination address.
Another case is when redirect can create RTF_DYNAMIC
route without RTF_GATEWAY flag, we ignore the rt6i_gateway
in rt6_nexthop().
Fix the above problems by considering the rt6i_gateway if
present, so that traffic routed to address on local subnet is
not wrongly diverted to the destination address.
Thanks to Simon Horman and Phil Oester for spotting the
problematic commit.
Thanks to Hannes Frederic Sowa for his review and help in testing.
Reported-by: Phil Oester <kernel@linuxace.com>
Reported-by: Mark Brooks <mark@loadbalancer.org>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 21 Oct 2013 22:31:53 +0000 (18:31 -0400)]
Merge branch 'bnx2x'
Yuval Mintz says:
====================
bnx2x: Bug fixes patch series
This patch series contains fixes for various flows - several SR-IOV issues
are fixed, ethtool callbacks (coalescing and register dump) are corrected,
null pointer dereference on error flows is prevented, etc.
Changes from V1
---------------
- Patch 2 "bnx2x: Prevent an illegal pointer dereference during panic"
is revised, with improved handling of edge cases.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Merav Sicron [Sun, 20 Oct 2013 14:51:34 +0000 (16:51 +0200)]
bnx2x: Set NETIF_F_HIGHDMA unconditionally
Current driver implementation incorrectly sets the flag only if 64-bit
DMA mask succeeded.
Signed-off-by: Merav Sicron <meravs@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Sun, 20 Oct 2013 14:51:33 +0000 (16:51 +0200)]
bnx2x: Don't pretend during register dump
As part of a register dump, the interface pretends to have the identity
of other interfaces of the same physical device in order to perform
HW configuration for them - specifically, it needs to prevent attentions
from generating on those functions as the register dump accesses registers
in common blocks which whose reading might generate an attention.
However, such pretension is unsafe - unlike other flows in which the driver
uses pretend, during register dump there is no guarantee no other HW access
will take place (by other flows). If such access will take place, the HW will
be accessed by the wrong interface, and leave both functions in an incorrect
state.
This patch removes all pretensions from the register dump flow. Instead, it
changes initial configuration of attentions such that no fatal attention will
be generated for other functions as a result of the register dump
(notice however, a debug print claiming an attention from other functions IS
possible during the register dump)
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ariel Elior [Sun, 20 Oct 2013 14:51:32 +0000 (16:51 +0200)]
bnx2x: Lock DMAE when used by statistic flow
bnx2x has several clients to its DMAE machines - all of them with the exception
of the statistics flow used the same locking mechanisms to synchronize the DMAE
machines' usage.
Since statistics (which are periodically entered) use DMAE without taking the
locks, they may erase the commands which were previously set -
e.g., it may cause a VF to timeout while waiting for a PF answer on the VF-PF
channel as that command header would have been overwritten by the statistics'
header.
This patch makes certain that all flows utilizing DMAE will use the same
API, assuring that the locking scheme will be kept by all said flows.
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Sun, 20 Oct 2013 14:51:31 +0000 (16:51 +0200)]
bnx2x: Prevent null pointer dereference on error flow
If debug message is open and bnx2x_vfop_qdtor_cmd() were to fail,
the resulting print would have caused a null pointer dereference.
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ariel Elior [Sun, 20 Oct 2013 14:51:30 +0000 (16:51 +0200)]
bnx2x: Fix config when SR-IOV and iSCSI are enabled
Starting with commit
b9871bc "bnx2x: VF RSS support - PF side", if a PF will
have SR-IOV supported in its PCI configuration space, storage drivers will not
work for that interface.
This patch fixes the resource calculation to allow such a configuration to
properly work.
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Sun, 20 Oct 2013 14:51:29 +0000 (16:51 +0200)]
bnx2x: Fix Coalescing configuration
bnx2x drivers configure coalescing incorrectly (e.g., as a result of a call
to 'ethtool -c'). Although this is almost invisible to the user (due to NAPI)
designated tests will show the configuration is incorrect.
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ariel Elior [Sun, 20 Oct 2013 14:51:28 +0000 (16:51 +0200)]
bnx2x: Unlock VF-PF channel on MAC/VLAN config error
Current code returns upon failure, leaving the VF-PF in an unusable state;
This patch adds the missing release so further commands could pass between
PF and VF.
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Sun, 20 Oct 2013 14:51:27 +0000 (16:51 +0200)]
bnx2x: Prevent an illegal pointer dereference during panic
During a panic, the driver tries to print the Management FW buffer of recent
commands. To do so, the driver reads the address of that buffer from a known
address. If the buffer is unavailable (e.g., PCI reads don't work, MCP is
failing, etc.), the driver will try to access the address it has read, possibly
causing a kernel panic.
This check 'sanitizes' the access, validating the read value is indeed a valid
address inside the management FW's buffers.
The patch also removes a read outside the scope of the buffer, which resulted
in some unrelated chraracters appearing in the log.
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuval Mintz [Sun, 20 Oct 2013 14:51:26 +0000 (16:51 +0200)]
bnx2x: Fix Maximum CoS estimation for VFs
bnx2x VFs do not support Multi-CoS; Current implementation
erroneously sets the VFs maximal number of CoS to be > 1.
This will cause the driver to call alloc_etherdev_mqs() with
a number of queues it cannot possibly support and reflects
in 'odd' driver prints.
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mugunthan V N [Sun, 20 Oct 2013 07:02:26 +0000 (12:32 +0530)]
drivers: net: cpsw: fix kernel warn during iperf test with interrupt pacing
When interrupt pacing is enabled, receive/transmit statistics are not
updated properly by hardware which leads to ISR return with IRQ_NONE
and inturn kernel disables the interrupt. This patch removed the checking
of receive/transmit statistics from ISR.
This patch is verified with AM335x Beagle Bone Black and below is the
kernel warn when interrupt pacing is enabled.
[ 104.298254] irq 58: nobody cared (try booting with the "irqpoll" option)
[ 104.305356] CPU: 0 PID: 1073 Comm: iperf Not tainted
3.12.0-rc3-00342-g77d4015 #3
[ 104.313284] [<
c001bb84>] (unwind_backtrace+0x0/0xf0) from [<
c0017db0>] (show_stack+0x10/0x14)
[ 104.322282] [<
c0017db0>] (show_stack+0x10/0x14) from [<
c0507920>] (dump_stack+0x78/0x94)
[ 104.330816] [<
c0507920>] (dump_stack+0x78/0x94) from [<
c0088c1c>] (__report_bad_irq+0x20/0xc0)
[ 104.339889] [<
c0088c1c>] (__report_bad_irq+0x20/0xc0) from [<
c008912c>] (note_interrupt+0x1dc/0x23c)
[ 104.349505] [<
c008912c>] (note_interrupt+0x1dc/0x23c) from [<
c0086d74>] (handle_irq_event_percpu+0xc4/0x238)
[ 104.359851] [<
c0086d74>] (handle_irq_event_percpu+0xc4/0x238) from [<
c0086f24>] (handle_irq_event+0x3c/0x5c)
[ 104.370198] [<
c0086f24>] (handle_irq_event+0x3c/0x5c) from [<
c008991c>] (handle_level_irq+0xac/0x10c)
[ 104.379907] [<
c008991c>] (handle_level_irq+0xac/0x10c) from [<
c00866d8>] (generic_handle_irq+0x20/0x30)
[ 104.389812] [<
c00866d8>] (generic_handle_irq+0x20/0x30) from [<
c0014ce8>] (handle_IRQ+0x4c/0xb0)
[ 104.399066] [<
c0014ce8>] (handle_IRQ+0x4c/0xb0) from [<
c000856c>] (omap3_intc_handle_irq+0x60/0x74)
[ 104.408598] [<
c000856c>] (omap3_intc_handle_irq+0x60/0x74) from [<
c050d8e4>] (__irq_svc+0x44/0x5c)
[ 104.418021] Exception stack(0xde4f7c00 to 0xde4f7c48)
[ 104.423345] 7c00:
00000001 00000000 00000000 dd002140 60000013 de006e54 00000002 00000000
[ 104.431952] 7c20:
de345748 00000040 c11c8588 00018ee0 00000000 de4f7c48 c009dfc8 c050d300
[ 104.440553] 7c40:
60000013 ffffffff
[ 104.444237] [<
c050d8e4>] (__irq_svc+0x44/0x5c) from [<
c050d300>] (_raw_spin_unlock_irqrestore+0x34/0x44)
[ 104.454220] [<
c050d300>] (_raw_spin_unlock_irqrestore+0x34/0x44) from [<
c00868c0>] (__irq_put_desc_unlock+0x14/0x38)
[ 104.465295] [<
c00868c0>] (__irq_put_desc_unlock+0x14/0x38) from [<
c0088068>] (enable_irq+0x4c/0x74)
[ 104.474829] [<
c0088068>] (enable_irq+0x4c/0x74) from [<
c03abd24>] (cpsw_poll+0xb8/0xdc)
[ 104.483276] [<
c03abd24>] (cpsw_poll+0xb8/0xdc) from [<
c044ef68>] (net_rx_action+0xc0/0x1e8)
[ 104.492085] [<
c044ef68>] (net_rx_action+0xc0/0x1e8) from [<
c0048a90>] (__do_softirq+0x100/0x27c)
[ 104.501338] [<
c0048a90>] (__do_softirq+0x100/0x27c) from [<
c0048cd0>] (do_softirq+0x68/0x70)
[ 104.510224] [<
c0048cd0>] (do_softirq+0x68/0x70) from [<
c0048e8c>] (local_bh_enable+0xd0/0xe4)
[ 104.519211] [<
c0048e8c>] (local_bh_enable+0xd0/0xe4) from [<
c048c774>] (tcp_rcv_established+0x450/0x648)
[ 104.529201] [<
c048c774>] (tcp_rcv_established+0x450/0x648) from [<
c0494904>] (tcp_v4_do_rcv+0x154/0x474)
[ 104.539195] [<
c0494904>] (tcp_v4_do_rcv+0x154/0x474) from [<
c043d750>] (release_sock+0xac/0x1ac)
[ 104.548448] [<
c043d750>] (release_sock+0xac/0x1ac) from [<
c04844e8>] (tcp_recvmsg+0x4d0/0xa8c)
[ 104.557528] [<
c04844e8>] (tcp_recvmsg+0x4d0/0xa8c) from [<
c04a8720>] (inet_recvmsg+0xcc/0xf0)
[ 104.566507] [<
c04a8720>] (inet_recvmsg+0xcc/0xf0) from [<
c0439744>] (sock_recvmsg+0x90/0xb0)
[ 104.575394] [<
c0439744>] (sock_recvmsg+0x90/0xb0) from [<
c043b778>] (SyS_recvfrom+0x88/0xd8)
[ 104.584280] [<
c043b778>] (SyS_recvfrom+0x88/0xd8) from [<
c043b7e0>] (sys_recv+0x18/0x20)
[ 104.592805] [<
c043b7e0>] (sys_recv+0x18/0x20) from [<
c0013da0>] (ret_fast_syscall+0x0/0x48)
[ 104.601587] handlers:
[ 104.603992] [<
c03acd94>] cpsw_interrupt
[ 104.608040] Disabling IRQ #58
Cc: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yann Droneaud [Thu, 10 Oct 2013 09:10:55 +0000 (11:10 +0200)]
IB/core: Temporarily disable create_flow/destroy_flow uverbs
The create_flow/destroy_flow uverbs and the associated extensions to
the user-kernel verbs ABI are under review and are too experimental to
freeze at this point.
So userspace is not exposed to experimental features and an uinstable
ABI, temporarily disable this for v3.12 (with a Kconfig option behind
staging to reenable it if desired).
The feature will be enabled after proper cleanup for v3.13.
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Link: http://marc.info/?i=cover.1381351016.git.ydroneaud@opteya.com
Link: http://marc.info/?i=cover.1381177342.git.ydroneaud@opteya.com
[ Add a Kconfig option to reenable these verbs. - Roland ]
Signed-off-by: Roland Dreier <roland@purestorage.com>
David Herrmann [Fri, 18 Oct 2013 14:26:22 +0000 (16:26 +0200)]
HID: wiimote: add LEGO-wiimote VID
The LEGO-wiimote uses a different VID than the Nintendo ID. The device is
technically the same so add the ID.
Cc: <stable@vger.kernel.org> # 3.11+
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Zhang Rui [Mon, 21 Oct 2013 03:26:45 +0000 (11:26 +0800)]
Merge branch 'x86_pkg_temp' of .git into for-rc
Zhang Rui [Mon, 21 Oct 2013 02:28:34 +0000 (10:28 +0800)]
Revert "drivers: thermal: parent virtual hwmon with thermal zone"
Commit
b82715fdd4a5407f56853b24d387d484dd9c3b5b introduces
a 'device' subdirectory under /sys/class/hwmon/hwmonX/ directory,
for the thermal_zone hwmon devices. And this results in different
handling by libsensors.
The problem is reported and discussed in this thread
http://marc.info/?l=linux-pm&m=
138229306109596&w=2
This patch reverts commit
b82715fdd4a5407f56853b24d387d484dd9c3b5b.
Reported-by: Arnaud Ebalard <arno@natisbad.org>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Linus Torvalds [Sun, 20 Oct 2013 22:20:45 +0000 (23:20 +0100)]
Merge branch 'parisc-3.12' of git://git./linux/kernel/git/deller/parisc-linux
Pull parsic fixes from Helge Deller:
"There are just two small fixes in here:
- Revert a commit which exported the flush_cache_page function. This
was noticed by Christoph Hellwig.
- Enable the DEVTMPFS, DEVTMPFS_MOUNT and BLK_DEV_INITRD config
options in the parisc defconfigs so that latest udev/initrd finds
the root disk at boot"
* 'parisc-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: enable DEVTMPFS, DEVTMPFS_MOUNT and BLK_DEV_INITRD in defconfigs
Revert "parisc: Export flush_cache_page() (needed by lustre)"
David S. Miller [Sat, 19 Oct 2013 23:21:24 +0000 (19:21 -0400)]
Merge branch 'ufo_fixes'
Jiri Pirko says:
====================
UFO fixes
Couple of patches fixing UFO functionality in different situations.
v1->v2:
- minor if{}else{} coding style adjustment suggested by Sergei Shtylyov
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Sat, 19 Oct 2013 10:29:17 +0000 (12:29 +0200)]
ip_output: do skb ufo init for peeked non ufo skb as well
Now, if user application does:
sendto len<mtu flag MSG_MORE
sendto len>mtu flag 0
The skb is not treated as fragmented one because it is not initialized
that way. So move the initialization to fix this.
introduced by:
commit
e89e9cf539a28df7d0eb1d0a545368e9920b34ac "[IPv4/IPv6]: UFO Scatter-gather approach"
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Sat, 19 Oct 2013 10:29:16 +0000 (12:29 +0200)]
ip6_output: do skb ufo init for peeked non ufo skb as well
Now, if user application does:
sendto len<mtu flag MSG_MORE
sendto len>mtu flag 0
The skb is not treated as fragmented one because it is not initialized
that way. So move the initialization to fix this.
introduced by:
commit
e89e9cf539a28df7d0eb1d0a545368e9920b34ac "[IPv4/IPv6]: UFO Scatter-gather approach"
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Sat, 19 Oct 2013 10:29:15 +0000 (12:29 +0200)]
udp6: respect IPV6_DONTFRAG sockopt in case there are pending frames
if up->pending != 0 dontfrag is left with default value -1. That
causes that application that do:
sendto len>mtu flag MSG_MORE
sendto len>mtu flag 0
will receive EMSGSIZE errno as the result of the second sendto.
This patch fixes it by respecting IPV6_DONTFRAG socket option.
introduced by:
commit
4b340ae20d0e2366792abe70f46629e576adaf5e "IPv6: Complete IPV6_DONTFRAG support"
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Seif Mazareeb [Fri, 18 Oct 2013 03:33:21 +0000 (20:33 -0700)]
net: fix cipso packet validation when !NETLABEL
When CONFIG_NETLABEL is disabled, the cipso_v4_validate() function could loop
forever in the main loop if opt[opt_iter +1] == 0, this will causing a kernel
crash in an SMP system, since the CPU executing this function will
stall /not respond to IPIs.
This problem can be reproduced by running the IP Stack Integrity Checker
(http://isic.sourceforge.net) using the following command on a Linux machine
connected to DUT:
"icmpsic -s rand -d <DUT IP address> -r 123456"
wait (1-2 min)
Signed-off-by: Seif Mazareeb <seif@marvell.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Thu, 17 Oct 2013 20:51:31 +0000 (22:51 +0200)]
net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race
In the case of credentials passing in unix stream sockets (dgram
sockets seem not affected), we get a rather sparse race after
commit
16e5726 ("af_unix: dont send SCM_CREDENTIALS by default").
We have a stream server on receiver side that requests credential
passing from senders (e.g. nc -U). Since we need to set SO_PASSCRED
on each spawned/accepted socket on server side to 1 first (as it's
not inherited), it can happen that in the time between accept() and
setsockopt() we get interrupted, the sender is being scheduled and
continues with passing data to our receiver. At that time SO_PASSCRED
is neither set on sender nor receiver side, hence in cmsg's
SCM_CREDENTIALS we get eventually pid:0, uid:65534, gid:65534
(== overflow{u,g}id) instead of what we actually would like to see.
On the sender side, here nc -U, the tests in maybe_add_creds()
invoked through unix_stream_sendmsg() would fail, as at that exact
time, as mentioned, the sender has neither SO_PASSCRED on his side
nor sees it on the server side, and we have a valid 'other' socket
in place. Thus, sender believes it would just look like a normal
connection, not needing/requesting SO_PASSCRED at that time.
As reverting
16e5726 would not be an option due to the significant
performance regression reported when having creds always passed,
one way/trade-off to prevent that would be to set SO_PASSCRED on
the listener socket and allow inheriting these flags to the spawned
socket on server side in accept(). It seems also logical to do so
if we'd tell the listener socket to pass those flags onwards, and
would fix the race.
Before, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=0, uid=65534, gid=65534}},
msg_flags=0}, 0) = 5
After, strace:
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
cmsg_type=SCM_CREDENTIALS{pid=11580, uid=1000, gid=1000}},
msg_flags=0}, 0) = 5
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mark Brown [Sat, 19 Oct 2013 13:33:54 +0000 (14:33 +0100)]
ALSA: Add MAINTAINERS entry for dmaengine helpers
Help ensure that Lars-Peter gets CCed on dmaengine related patches by
adding a MAINTAINERS entry for the helpers.
Signed-off-by: Mark Brown <broonie@kernel.org>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Takashi Iwai [Sat, 19 Oct 2013 20:31:14 +0000 (22:31 +0200)]
Merge tag 'asoc-v3.12-rc5' of git://git./linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v3.12
A number of small, fairly unexciting, fixes for drivers - nothing stand
out.
Helge Deller [Mon, 14 Oct 2013 20:55:36 +0000 (22:55 +0200)]
parisc: enable DEVTMPFS, DEVTMPFS_MOUNT and BLK_DEV_INITRD in defconfigs
Latest udev requires that DEVTMPFS and DEVTMPFS_MOUNT are enabled, else
initrd will fail to find root filesystem. Enable missing BLK_DEV_INITRD
for B180 and C3000 machines.
Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Mon, 14 Oct 2013 19:35:44 +0000 (21:35 +0200)]
Revert "parisc: Export flush_cache_page() (needed by lustre)"
This reverts commit
320c90be7ba1c371e882edff57272a89b213d136.
Christoph Hellwig <hch@infradead.org> commented:
This one shouldn't go in - Geert sent it a bit prematurely, as Lustre
shouldn't use it just to reimplement core VM functionality (which it
shouldn't use either, but that's a separate story).
Signed-off-by: Helge Deller <deller@gmx.de>
Linus Torvalds [Sat, 19 Oct 2013 19:28:15 +0000 (12:28 -0700)]
Linux 3.12-rc6
Alex Deucher [Sat, 19 Oct 2013 00:00:09 +0000 (20:00 -0400)]
drm/radeon/audio: don't set speaker allocation on DCE4+
It causes hangs on some asics. Disable on DCE6+ as well
just to be on the safe side.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Linus Torvalds [Fri, 18 Oct 2013 23:46:21 +0000 (16:46 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mason/linux-btrfs
Pull btrfs fix from Chris Mason:
"Sage hit a deadlock with ceph on btrfs, and Josef tracked it down to a
regression in our initial rc1 pull. When doing nocow writes we were
sometimes starting a transaction with locks held"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: release path before starting transaction in can_nocow_extent
Linus Torvalds [Fri, 18 Oct 2013 21:26:51 +0000 (14:26 -0700)]
Merge tag 'pm+acpi-3.12-rc6' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
- intel_pstate fix for misbehavior after system resume if sysfs
attributes are set in a specific way before the corresponding suspend
from Dirk Brandewie.
- A recent intel_pstate fix has no effect if unsigned long is 32-bit,
so fix it up to cover that case as well.
- The s3c64xx cpufreq driver was not updated when the index field of
struct cpufreq_frequency_table was replaced with driver_data, so
update it now. From Charles Keepax.
- The Kconfig help text for ACPI_BUTTON still refers to
/proc/acpi/event that has been dropped recently, so modify it to
remove that reference. From Krzysztof Mazur.
- A Lan Tianyu's change adds a missing mutex unlock to an error code
path in acpi_resume_power_resources().
- Some code related to ACPI power resources, whose very purpose is
questionable to put it lightly, turns out to cause problems to happen
during testing on real systems, so remove it completely (we may
revisit that in the future if there's a compelling enough reason).
From Rafael J Wysocki and Aaron Lu.
* tag 'pm+acpi-3.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / PM: Drop two functions that are not used any more
ATA / ACPI: remove power dependent device handling
cpufreq: s3c64xx: Rename index to driver_data
ACPI / power: Drop automaitc resume of power resource dependent devices
intel_pstate: Fix type mismatch warning
cpufreq / intel_pstate: Fix max_perf_pct on resume
ACPI: remove /proc/acpi/event from ACPI_BUTTON help
ACPI / power: Release resource_lock after acpi_power_get_state() return error
Himanshu Madhani [Thu, 17 Oct 2013 22:26:38 +0000 (18:26 -0400)]
qlcnic: Validate Tx queue only for 82xx adapters.
o validate Tx queue only in case of adapters which supports
multi Tx queue.
This patch is to fix regression introduced in commit
aa4a1f7df7cbb98797c9f4edfde3c726e2b3841f
"qlcnic: Enable Tx queue changes using ethtool for 82xx Series adapter"
Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vasundhara Volam [Thu, 17 Oct 2013 06:17:14 +0000 (11:47 +0530)]
be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd
It is a required field for all TX_CREATE cmd versions > 0.
This fixes a driver initialization failure, caused by recent SH-R Firmwares
(versions > 10.0.639.0) failing the TX_CREATE cmd when if_id field is
not passed.
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>