29 Jun
2016
29 Jun
'16
3:28 p.m.
The branch, base/net has been created
at 5b4d10f5e0369ed79434593b7cd8e85eebbe473f (commit)
- Shortlog ------------------------------------------------------------
commit 5b4d10f5e0369ed79434593b7cd8e85eebbe473f
Author: Dan Carpenter <dan.carpenter(a)oracle.com>
Date: Mon Jun 27 23:50:29 2016 +0300
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
There is a static checker warning here "warn: mask and shift to zero"
and the code sets "ring" to zero every time. From looking at how
QLCNIC_FETCH_RING_ID() is used in qlcnic_83xx_process_rcv_ring() the
qlcnic_83xx_hndl() should be removed.
Fixes: 4be41e92f7c6 ('qlcnic: 83xx data path routines')
Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ceb56070359b7329b5678b5d95a376fcb24767be
Author: Daniel Borkmann <daniel(a)iogearbox.net>
Date: Mon Jun 27 21:38:11 2016 +0200
bpf, perf: delay release of BPF prog after grace period
Commit dead9f29ddcc ("perf: Fix race in BPF program unregister") moved
destruction of BPF program from free_event_rcu() callback to __free_event(),
which is problematic if used with tail calls: if prog A is attached as
trace event directly, but at the same time present in a tail call map used
by another trace event program elsewhere, then we need to delay destruction
via RCU grace period since it can still be in use by the program doing the
tail call (the prog first needs to be dropped from the tail call map, then
trace event with prog A attached destroyed, so we get immediate destruction).
Fixes: dead9f29ddcc ("perf: Fix race in BPF program unregister")
Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net>
Acked-by: Alexei Starovoitov <ast(a)kernel.org>
Cc: Jann Horn <jann(a)thejh.net>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 565ce8f32ac4a233b474f401e1d3e7e1de0a31fd
Author: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com>
Date: Mon Jun 27 18:34:42 2016 +0200
net: bridge: fix vlan stats continue counter
I made a dumb off-by-one mistake when I added the vlan stats counter
dumping code. The increment should happen before the check, not after
otherwise we miss one entry when we continue dumping.
Fixes: a60c090361ea ("bridge: netlink: export per-vlan stats")
Signed-off-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a3d2e9f8eb1487f4191ff08ce2d3d63702c65a90
Author: Eric Dumazet <edumazet(a)google.com>
Date: Mon Jun 27 17:38:50 2016 +0200
tcp: do not send too big packets at retransmit time
Arjun reported a bug in TCP stack and bisected it to a recent commit.
In case where we process SACK, we can coalesce multiple skbs
into fat ones (tcp_shift_skb_data()), to lower write queue
overhead, because we do not expect to retransmit these packets.
However, SACK reneging can happen, forcing the sender to retransmit
all these packets. If skb->len is above 64KB, we then send buggy
IP packets that could hang TSO engine on cxgb4.
Neal suggested to use tcp_tso_autosize() instead of tp->gso_segs
so that we cook packets of optimal size vs TCP/pacing.
Thanks to Arjun for reporting the bug and running the tests !
Fixes: 10d3be569243 ("tcp-tso: do not split TSO packets at retransmit
time")
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Reported-by: Arjun V <arjun(a)chelsio.com>
Tested-by: Arjun V <arjun(a)chelsio.com>
Acked-by: Neal Cardwell <ncardwell(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 96183182ad05d1ce31b9048921c12bf4ad621eaf
Author: Wei Yongjun <yongjun_wei(a)trendmicro.com.cn>
Date: Mon Jun 27 20:48:53 2016 +0800
ibmvnic: fix to use list_for_each_safe() when delete items
Since we will remove items off the list using list_del() we need
to use a safe version of the list_for_each() macro aptly named
list_for_each_safe().
Signed-off-by: Wei Yongjun <yongjun_wei(a)trendmicro.com.cn>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit b2c1b30e3e6dea37d5a7176bd09cf5967fb43665
Merge: f5074d0 3e29adb
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 29 05:14:19 2016 -0400
Merge branch 'thunderx-fixes'
Sunil Goutham says:
====================
net: thunderx: Miscellaneous fixes
This 2 patch series fixes issues w.r.t physical link status
reporting and transmit datapath configuration for
secondary qsets.
Changes from v1:
Fixed lmac disable sequence for interfaces of type SGMII.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3e29adba567306504e99b8363edf2d47c19dbe1b
Author: Sunil Goutham <sgoutham(a)cavium.com>
Date: Mon Jun 27 15:30:03 2016 +0530
net: thunderx: Fix TL4 configuration for secondary Qsets
TL4 calculation for a given SQ of secondary Qsets is incorrect
and goes out of bounds and also for some SQ's TL4 chosen will
transmit data via a different BGX interface and not same as
primary Qset's interface.
This patch fixes this issue.
Signed-off-by: Sunil Goutham <sgoutham(a)cavium.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3f4c68cfde30caa1f6d8368fd19590671411ade2
Author: Sunil Goutham <sgoutham(a)cavium.com>
Date: Mon Jun 27 15:30:02 2016 +0530
net: thunderx: Fix link status reporting
Check for SMU RX local/remote faults along with SPU LINK
status. Otherwise at times link is UP at our end but DOWN
at link partner's side. Also due to an issue in BGX it's
rarely seen that initialization doesn't happen properly
and SMU RX reports faults with everything fine at SPU.
This patch tries to reinitialize LMAC to fix it.
Also fixed LMAC disable sequence to properly bring down link.
Signed-off-by: Sunil Goutham <sgoutham(a)cavium.com>
Signed-off-by: Tao Wang <tao.wang(a)cavium.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit f5074d0ce2f8b45b3d5998a280edd2066c0cfcda
Merge: 3ec0a0f bfe6d8d
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 29 04:28:59 2016 -0400
Merge branch 'mlx5-100G-fixes'
Saeed Mahameed says:
====================
Mellanox 100G mlx5 fixes#2 for 4.7-rc
The following series provides one-liners fixes for mlx5 driver plus one
medium patch to reorganize ethtool counters reporting.
Highlights:
- Added MODIFY_FLOW_TABLE to command strings table
- Add ConnectX-5 PCIe 4.0 to list of supported devices
- Rename ASYNC_EVENTS enum
- Enable BlueFlame only when supported by device
- Avoid adding same vxlan port twice
- Report the correct number of PFC counters
- Reorganize ethtool reported counters and remove duplications
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit bfe6d8d1d433cbd5513a93132695e6dbdd79e6f2
Author: Gal Pressman <galp(a)mellanox.com>
Date: Mon Jun 27 12:08:38 2016 +0300
net/mlx5e: Reorganize ethtool statistics
Categorize and reorganize ethtool statistics counters by renaming to
"rx_*" and "tx_*" and removing redundant and duplicated counters,
this
way they are easier to grasp and more user friendly.
Signed-off-by: Gal Pressman <galp(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ed80ec4c179d1f44cc1b36c7a102353ae6103793
Author: Gal Pressman <galp(a)mellanox.com>
Date: Mon Jun 27 12:08:37 2016 +0300
net/mlx5e: Fix number of PFC counters reported to ethtool
Number of PFC counters used to count only number of priorities with PFC
enabled, but each priority has more than one counter, hence the need to
multiply it by the number of PFC counters per priority.
Fixes: cf678570d5a1 ('net/mlx5e: Add per priority group to PPort counters')
Signed-off-by: Gal Pressman <galp(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 9ceec359e4ebdbbfd35375203c5bd06d602225f7
Author: Matthew Finlay <matt(a)mellanox.com>
Date: Mon Jun 27 12:08:36 2016 +0300
net/mlx5e: Prevent adding the same vxlan port
Do not allow the same vxlan udp port to be added to the device more than
once.
Fixes: b3f63c3d5e2c ("net/mlx5e: Add netdev support for VXLAN tunneling")
Signed-off-by: Matthew Finlay <matt(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit fd4782c21359cfd52af4c3180a2bb6bad55c1eba
Author: Gal Pressman <galp(a)mellanox.com>
Date: Mon Jun 27 12:08:35 2016 +0300
net/mlx5e: Check for BlueFlame capability before allocating SQ uar
Previous to this patch mapping was always set to write combining without
checking whether BlueFlame is supported in the device.
Fixes: 0ba422410bbf ('net/mlx5: Fix global UAR mapping')
Signed-off-by: Gal Pressman <galp(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit e0f46eb9f64ca2e97d242b6e02b8ae2c7fe6dc56
Author: Eli Cohen <eli(a)mellanox.com>
Date: Mon Jun 27 12:08:34 2016 +0300
net/mlx5e: Change enum to better reflect usage
Change MLX5E_STATE_ASYNC_EVENTS_ENABLE to
MLX5E_STATE_ASYNC_EVENTS_ENABLED since it represent a state and not an
operation.
Fixes: acff797cd1874 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet
functionality')
Signed-off-by: Eli Cohen <eli(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 7092fe866907f4f243122ab388cbf0e77305afaa
Author: Majd Dibbiny <majd(a)mellanox.com>
Date: Mon Jun 27 12:08:33 2016 +0300
net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices
Add the upcoming ConnectX-5 PCIe 4.0 device to the list of
supported devices by the mlx5 driver.
Signed-off-by: Majd Dibbiny <majd(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 5be1ea899da4f11de92897d2ea706e0820609b9e
Author: Eli Cohen <eli(a)mellanox.com>
Date: Mon Jun 27 12:08:32 2016 +0300
net/mlx5: Update command strings
Add command string for MODIFY_FLOW_TABLE which is used by the driver.
Signed-off-by: Eli Cohen <eli(a)mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3ec0a0f10ceb77c78f540ded1d13bf0cf7f89a07
Author: Harini Katakam <harini.katakam(a)xilinx.com>
Date: Mon Jun 27 13:09:59 2016 +0530
net: marvell: Add separate config ANEG function for Marvell 88E1111
Marvell 88E1111 currently uses the generic marvell config ANEG function.
This function has a sequence accessing Page 5 and Register 31,
both of which are not defined or reserved for this PHY.
Hence this patch adds a new config ANEG function for Marvell 88E1111
without these erroneous accesses.
Signed-off-by: Harini Katakam <harinik(a)xilinx.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d10f0b312adc21b9b78e36cf695e6157989ce041
Merge: 69fc58a 420cb1b
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 29 04:01:53 2016 -0400
Merge branch 'batman-adv-fixes'
Sven Eckelmann says:
====================
batman-adv: Fixes for Linux 4.7
Antonio currently seems to be occupied. This is currently rather unfortunate
because there are patches waiting in the batman-adv development repository
maint(enance) branch [1] since up to 6 weeks. I am now getting asked when
these patches will hit the distribution kernels and therefore decided to
submit these patches directly to netdev.
The patch from Simon works around the problem that warnings could be triggered
in the translation table code via packets using a VLAN not configured on the
target host. This warning was replaced with a rate limited info message.
Ben Hutchings found an superfluous batadv_softif_vlan_put in the error
handling code of the translation table while he backported the "batman-adv:
Fix reference counting of vlan object for tt_local_entry" patch to the stable
kernels. He noticed correctly that this batadv_softif_vlan_put should also
have been removed by the said patch.
The most requested fix at the moment is related to a double free in the
translation table code. It is a race condition which mostly happens on systems
with multiple cores and multiple network interface attached to batman-adv. Two
Freifunk communities which were haunted by weird crashes (with backtraces
reporting problems in other parts of the kernel) were kind enough to test this
patch. They reported that there systems are now running stable after applying
this patch.
An invalid memory access was detected in the batadv_icmp_packet_rr handling
code when receiving a skbuff with fragments. The last patch is fixing a memory
leak when the interface is removed via .dellink. The code to fix it was copied
from the code handling the legacy sysfs interface to remove netdevices from a
batman-adv netdevice.
There are still 28 patches in the development tree for v4.8 but I will leave
them to Antonio because these are cleanups and features and therefore for net-
next.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 420cb1b764f9169c5d2601b4af90e4a1702345ee
Author: Sven Eckelmann <sven(a)narfation.org>
Date: Sun Jun 26 11:16:13 2016 +0200
batman-adv: Clean up untagged vlan when destroying via rtnl-link
The untagged vlan object is only destroyed when the interface is removed
via the legacy sysfs interface. But it also has to be destroyed when the
standard rtnl-link interface is used.
Fixes: 5d2c05b21337 ("batman-adv: add per VLAN interface attribute
framework")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Acked-by: Antonio Quartulli <a(a)unstable.cc>
Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3b55e4422087f9f7b241031d758a0c65584e4297
Author: Sven Eckelmann <sven(a)narfation.org>
Date: Sun Jun 26 11:16:12 2016 +0200
batman-adv: Fix ICMP RR ethernet access after skb_linearize
The skb_linearize may reallocate the skb. This makes the calculated pointer
for ethhdr invalid. But it the pointer is used later to fill in the RR
field of the batadv_icmp_packet_rr packet.
Instead re-evaluate eth_hdr after the skb_linearize+skb_cow to fix the
pointer and avoid the invalid read.
Fixes: da6b8c20a5b8 ("batman-adv: generalize batman-adv icmp packet
handling")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit baceced93274ff2f846eae991664f9094425ffa8
Author: Ben Hutchings <ben(a)decadent.org.uk>
Date: Sun Jun 26 11:16:11 2016 +0200
batman-adv: Fix double-put of vlan object
Each batadv_tt_local_entry hold a single reference to a
batadv_softif_vlan. In case a new entry cannot be added to the hash
table, the error path puts the reference, but the reference will also
now be dropped by batadv_tt_local_entry_release().
Fixes: a33d970d0b54 ("batman-adv: Fix reference counting of vlan object for
tt_local_entry")
Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk>
Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 9c4604a298e0a9807eaf2cd912d1ebf24d98fbeb
Author: Sven Eckelmann <sven(a)narfation.org>
Date: Sun Jun 26 11:16:10 2016 +0200
batman-adv: Fix use-after-free/double-free of tt_req_node
The tt_req_node is added and removed from a list inside a spinlock. But the
locking is sometimes removed even when the object is still referenced and
will be used later via this reference. For example batadv_send_tt_request
can create a new tt_req_node (including add to a list) and later
re-acquires the lock to remove it from the list and to free it. But at this
time another context could have already removed this tt_req_node from the
list and freed it.
CPU#0
batadv_batman_skb_recv from net_device 0
-> batadv_iv_ogm_receive
-> batadv_iv_ogm_process
-> batadv_iv_ogm_process_per_outif
-> batadv_tvlv_ogm_receive
-> batadv_tvlv_ogm_receive
-> batadv_tvlv_containers_process
-> batadv_tvlv_call_handler
-> batadv_tt_tvlv_ogm_handler_v1
-> batadv_tt_update_orig
-> batadv_send_tt_request
-> batadv_tt_req_node_new
spin_lock(...)
allocates new tt_req_node and adds it to list
spin_unlock(...)
return tt_req_node
CPU#1
batadv_batman_skb_recv from net_device 1
-> batadv_recv_unicast_tvlv
-> batadv_tvlv_containers_process
-> batadv_tvlv_call_handler
-> batadv_tt_tvlv_unicast_handler_v1
-> batadv_handle_tt_response
spin_lock(...)
tt_req_node gets removed from list and is freed
spin_unlock(...)
CPU#0
<- returned to batadv_send_tt_request
spin_lock(...)
tt_req_node gets removed from list and is freed
MEMORY CORRUPTION/SEGFAULT/...
spin_unlock(...)
This can only be solved via reference counting to allow multiple contexts
to handle the list manipulation while making sure that only the last
context holding a reference will free the object.
Fixes: a73105b8d4c7 ("batman-adv: improved client announcement mechanism")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Tested-by: Martin Weinelt <martin(a)darmstadt.freifunk.net>
Tested-by: Amadeus Alfa <amadeus(a)chemnitz.freifunk.net>
Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0b3dd7dfb81ad8af53791ea2bb64b83bac1b7d32
Author: Simon Wunderlich <sw(a)simonwunderlich.de>
Date: Sun Jun 26 11:16:09 2016 +0200
batman-adv: replace WARN with rate limited output on non-existing VLAN
If a VLAN tagged frame is received and the corresponding VLAN is not
configured on the soft interface, it will splat a WARN on every packet
received. This is a quite annoying behaviour for some scenarios, e.g. if
bat0 is bridged with eth0, and there are arbitrary VLAN tagged frames
from Ethernet coming in without having any VLAN configuration on bat0.
The code should probably create vlan objects on the fly and
transparently transport these VLAN-tagged Ethernet frames, but until
this is done, at least the WARN splat should be replaced by a rate
limited output.
Fixes: 354136bcc3c4 ("batman-adv: fix kernel crash due to missing NULL
checks")
Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de>
Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 69fc58a57e56bf5e39b48809aefffdaa1b04c945
Author: Florian Fainelli <f.fainelli(a)gmail.com>
Date: Fri Jun 24 16:25:24 2016 -0700
net: phy: Manage fixed PHY address space using IDA
If we have a system which uses fixed PHY devices and calls
fixed_phy_register() then fixed_phy_unregister() we can exhaust the
number of fixed PHYs available after a while, since we keep incrementing
the variable phy_fixed_addr, but we never decrement it.
This patch fixes that by converting the fixed PHY allocation to using
IDA, which takes care of the allocation/dealloaction of the PHY
addresses for us.
Fixes: a75951217472 ("net: phy: extend fixed driver with
fixed_phy_register()")
Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 9a0fee2b552b1235fb1706ae1fc664ae74573be8
Author: Willem de Bruijn <willemb(a)google.com>
Date: Fri Jun 24 16:02:35 2016 -0400
sock_diag: do not broadcast raw socket destruction
Diag intends to broadcast tcp_sk and udp_sk socket destruction.
Testing sk->sk_protocol for IPPROTO_TCP/IPPROTO_UDP alone is not
sufficient for this. Raw sockets can have the same type.
Add a test for sk->sk_type.
Fixes: eb4cb008529c ("sock_diag: define destruction multicast groups")
Signed-off-by: Willem de Bruijn <willemb(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ab8ed951080e8f59b1da4ea10ac7c05ba24a3cbd
Author: Aaron Campbell <aaron(a)monkey.org>
Date: Fri Jun 24 10:05:32 2016 -0300
connector: fix out-of-order cn_proc netlink message delivery
The proc connector messages include a sequence number, allowing userspace
programs to detect lost messages. However, performing this detection is
currently more difficult than necessary, since netlink messages can be
delivered to the application out-of-order. To fix this, leave pre-emption
disabled during cn_netlink_send(), and use GFP_NOWAIT.
The following was written as a test case. Building the kernel w/ make -j32
proved a reliable way to generate out-of-order cn_proc messages.
int
main(int argc, char *argv[])
{
static uint32_t last_seq[CPU_SETSIZE], seq;
int cpu, fd;
struct sockaddr_nl sa;
struct __attribute__((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__((__packed__)) {
struct cn_msg cn_msg;
struct proc_event cn_proc;
};
} rmsg;
struct __attribute__((aligned(NLMSG_ALIGNTO))) {
struct nlmsghdr nl_hdr;
struct __attribute__((__packed__)) {
struct cn_msg cn_msg;
enum proc_cn_mcast_op cn_mcast;
};
} smsg;
fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
if (fd < 0) {
perror("socket");
}
sa.nl_family = AF_NETLINK;
sa.nl_groups = CN_IDX_PROC;
sa.nl_pid = getpid();
if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
perror("bind");
}
memset(&smsg, 0, sizeof(smsg));
smsg.nl_hdr.nlmsg_len = sizeof(smsg);
smsg.nl_hdr.nlmsg_pid = getpid();
smsg.nl_hdr.nlmsg_type = NLMSG_DONE;
smsg.cn_msg.id.idx = CN_IDX_PROC;
smsg.cn_msg.id.val = CN_VAL_PROC;
smsg.cn_msg.len = sizeof(enum proc_cn_mcast_op);
smsg.cn_mcast = PROC_CN_MCAST_LISTEN;
if (send(fd, &smsg, sizeof(smsg), 0) != sizeof(smsg)) {
perror("send");
}
while (recv(fd, &rmsg, sizeof(rmsg), 0) == sizeof(rmsg)) {
cpu = rmsg.cn_proc.cpu;
if (cpu < 0) {
continue;
}
seq = rmsg.cn_msg.seq;
if ((last_seq[cpu] != 0) && (seq != last_seq[cpu] + 1)) {
printf("out-of-order seq=%d on cpu=%d\n", seq, cpu);
}
last_seq[cpu] = seq;
}
/* NOTREACHED */
perror("recv");
return -1;
}
Signed-off-by: Aaron Campbell <aaron(a)monkey.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0888d5f3c0f183ea6177355752ada433d370ac89
Author: daniel <daniel(a)dd-wrt.com>
Date: Fri Jun 24 12:35:18 2016 +0200
Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
The bridge is falsly dropping ipv6 mulitcast packets if there is:
1. No ipv6 address assigned on the brigde.
2. No external mld querier present.
3. The internal querier enabled.
When the bridge fails to build mld queries, because it has no
ipv6 address, it slilently returns, but keeps the local querier enabled.
This specific case causes confusing packet loss.
Ipv6 multicast snooping can only work if:
a) An external querier is present
OR
b) The bridge has an ipv6 address an is capable of sending own queries
Otherwise it has to forward/flood the ipv6 multicast traffic,
because snooping cannot work.
This patch fixes the issue by adding a flag to the bridge struct that
indicates that there is currently no ipv6 address assinged to the bridge
and returns a false state for the local querier in
__br_multicast_querier_exists().
Special thanks to Linus Lüssing.
Fixes: d1d81d4c3dd8 ("bridge: check return value of ipv6_dev_get_saddr()")
Signed-off-by: Daniel Danzberger <daniel(a)dd-wrt.com>
Acked-by: Linus Lüssing <linus.luessing(a)c0d3.blue>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit f299a02d5f13c4deb52c1a7ddf2b42630fe6294a
Author: Wang Sheng-Hui <shhuiw(a)foxmail.com>
Date: Fri Jun 24 08:52:11 2016 +0800
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
Commit 311c7c71c9bb ("net/mlx5e: Allocate DMA coherent memory on
reader NUMA node") introduced mlx5_*_alloc_node() but missed changing
some calling and warn messages. This patch introduces 2 changes:
* Use mlx5_buf_alloc_node() instead of mlx5_buf_alloc() in
mlx5_wq_ll_create()
* Update the failure warn messages with _node postfix for
mlx5_*_alloc function names
Fixes: 311c7c71c9bb ("net/mlx5e: Allocate DMA coherent memory on reader NUMA
node")
Signed-off-by: Wang Sheng-Hui <shhuiw(a)foxmail.com>
Acked-By: Saeed Mahameed <saeedm(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d1b5a8da298bc15f67e16f18aa0812c35fe639a2
Merge: 0622cab 3894396
Author: David S. Miller <davem(a)davemloft.net>
Date: Tue Jun 28 04:22:25 2016 -0400
Merge branch 'bgmac-fixes'
Florian Fainelli says:
====================
net: bgmac: Random fixes
This patch series fixes a few issues spotted by code inspection and
actual testing.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3894396e64994f31c3ef5c7e6f63dded0593e567
Author: Florian Fainelli <f.fainelli(a)gmail.com>
Date: Thu Jun 23 14:25:33 2016 -0700
net: bgmac: Remove superflous netif_carrier_on()
bgmac_open() calls phy_start() to initialize the PHY state machine,
which will set the interface's carrier state accordingly, no need to
force that as this could be conflicting with the PHY state determined by
PHYLIB.
Fixes: dd4544f05469 ("bgmac: driver for GBit MAC core on BCMA bus")
Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit c3897f2a69e54dd113fc9abd2daf872e5b495798
Author: Florian Fainelli <f.fainelli(a)gmail.com>
Date: Thu Jun 23 14:25:32 2016 -0700
net: bgmac: Start transmit queue in bgmac_open
The driver does not start the transmit queue in bgmac_open(). If the
queue was stopped prior to closing then re-opening the interface, we
would never be able to wake-up again.
Fixes: dd4544f05469 ("bgmac: driver for GBit MAC core on BCMA bus")
Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d2b13233879ca1268a1c027d4573109e5a777811
Author: Florian Fainelli <f.fainelli(a)gmail.com>
Date: Thu Jun 23 14:23:12 2016 -0700
net: bgmac: Fix SOF bit checking
We are checking for the Start of Frame bit in the ctl1 word, while this
bit is set in the ctl0 word instead. Read the ctl0 word and update the
check to verify that.
Fixes: 9cde94506eac ("bgmac: implement scatter/gather support")
Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0622cab0341cac6b30da177b0faa39fae0680e71
Author: Jay Vosburgh <jay.vosburgh(a)canonical.com>
Date: Thu Jun 23 14:20:51 2016 -0700
bonding: fix 802.3ad aggregator reselection
Since commit 7bb11dc9f59d ("bonding: unify all places where
actor-oper key needs to be updated."), the logic in bonding to handle
selection between multiple aggregators has not functioned.
This affects only configurations wherein the bonding slaves
connect to two discrete aggregators (e.g., two independent switches, each
with LACP enabled), thus creating two separate aggregation groups within a
single bond.
The cause is a change in 7bb11dc9f59d to no longer set
AD_PORT_BEGIN on a port after a link state change, which would cause the
port to be reselected for attachment to an aggregator as if were newly
added to the bond. We cannot restore the prior behavior, as it
contradicts IEEE 802.1AX 5.4.12, which requires ports that "become
inoperable" (lose carrier, setting port_enabled=false as per 802.1AX
5.4.7) to remain selected (i.e., assigned to the aggregator). As the port
now remains selected, the aggregator selection logic is not invoked.
A side effect of this change is that aggregators in bonding will
now contain ports that are link down. The aggregator selection logic
does not currently handle this situation correctly, causing incorrect
aggregator selection.
This patch makes two changes to repair the aggregator selection
logic in bonding to function as documented and within the confines of the
standard:
First, the aggregator selection and related logic now utilizes the
number of active ports per aggregator, not the number of selected ports
(as some selected ports may be down). The ad_select "bandwidth" and
"count" options only consider ports that are link up.
Second, on any carrier state change of any slave, the aggregator
selection logic is explicitly called to insure the correct aggregator is
active.
Reported-by: Veli-Matti Lintu <veli-matti.lintu(a)opinsys.fi>
Fixes: 7bb11dc9f59d ("bonding: unify all places where actor-oper key needs to be
updated.")
Signed-off-by: Jay Vosburgh <jay.vosburgh(a)canonical.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 70a0dec45174c976c64b4c8c1d0898581f759948
Author: Tom Goff <thomas.goff(a)ll.mit.edu>
Date: Thu Jun 23 16:11:57 2016 -0400
ipmr/ip6mr: Initialize the last assert time of mfc entries.
This fixes wrong-interface signaling on 32-bit platforms for entries
created when jiffies > 2^31 + MFC_ASSERT_THRESH.
Signed-off-by: Tom Goff <thomas.goff(a)ll.mit.edu>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 4192f672fae559f32d82de72a677701853cc98a7
Author: Stefan Hajnoczi <stefanha(a)redhat.com>
Date: Thu Jun 23 16:28:58 2016 +0100
vsock: make listener child lock ordering explicit
There are several places where the listener and pending or accept queue
child sockets are accessed at the same time. Lockdep is unhappy that
two locks from the same class are held.
Tell lockdep that it is safe and document the lock ordering.
Originally Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> sent a similar
patch asking whether this is safe. I have audited the code and also
covered the vsock_pending_work() function.
Suggested-by: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha(a)redhat.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 48f1dcb55a7d29aeb8965c567660c14d0dfd1a42
Author: Paolo Abeni <pabeni(a)redhat.com>
Date: Thu Jun 23 15:25:09 2016 +0200
ipv6: enforce egress device match in per table nexthop lookups
with the commit 8c14586fc320 ("net: ipv6: Use passed in table for
nexthop lookups"), net hop lookup is first performed on route creation
in the passed-in table.
However device match is not enforced in table lookup, so the found
route can be later discarded due to egress device mismatch and no
global lookup will be performed.
This cause the following to fail:
ip link add dummy1 type dummy
ip link add dummy2 type dummy
ip link set dummy1 up
ip link set dummy2 up
ip route add 2001:db8:8086::/48 dev dummy1 metric 20
ip route add 2001:db8:d34d::/64 via 2001:db8:8086::2 dev dummy1 metric 20
ip route add 2001:db8:8086::/48 dev dummy2 metric 21
ip route add 2001:db8:d34d::/64 via 2001:db8:8086::2 dev dummy2 metric 21
RTNETLINK answers: No route to host
This change fixes the issue enforcing device lookup in
ip6_nh_lookup_table()
v1->v2: updated commit message title
Fixes: 8c14586fc320 ("net: ipv6: Use passed in table for nexthop lookups")
Reported-and-tested-by: Beniamino Galvani <bgalvani(a)redhat.com>
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
Acked-by: David Ahern <dsa(a)cumulusnetworks.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 5aa3e24928bb95ddb159c5949f1c09493e9e8505
Merge: a37503b 71873a9
Author: David S. Miller <davem(a)davemloft.net>
Date: Mon Jun 27 10:05:55 2016 -0400
Merge tag 'linux-can-fixes-for-4.7-20160623' of
git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
====================
pull-request: can 2016-06-23
this is a pull request of 3 patches for the upcoming linux-4.7 release.
The first two patches are by Oliver Hartkopp fixing oopes in the generic CAN
device netlink handling. Jimmy Assarsson's patch for the kvaser_usb driver adds
support for more devices by adding their USB product ids.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a37503bc387ce2434106d4bf4870bd73081c7355
Author: Jeremy Linton <jeremy.linton(a)arm.com>
Date: Wed Jun 22 12:40:50 2016 -0500
net: smsc911x: Fix bug where PHY interrupts are overwritten by 0
By default, mdiobus_alloc() sets the PHYs to polling mode, but a
pointer size memcpy means that a couple IRQs end up being overwritten
with a value of 0. This means that PHY_POLL is disabled and results
in unpredictable behavior depending on the PHY's location on the
MDIO bus. Remove that memcpy and the now unused phy_irq member to
force the SMSC911x PHYs into polling mode 100% of the time.
Fixes: e7f4dc3536a4 ("mdio: Move allocation of interrupts into core")
Signed-off-by: Jeremy Linton <jeremy.linton(a)arm.com>
Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>
Acked-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit c40e4096bf0a12a76c349cbc4d1b2aa40a3d68cd
Author: Or Gerlitz <ogerlitz(a)mellanox.com>
Date: Tue Jun 21 16:36:06 2016 +0300
MAINTAINERS: Update Mellanox's mlx4 Eth NIC driver entry
Tariq Toukan is replacing Eugenia (Jenny) Emantayev as the mlx4
Ethernet driver maintainer, thanks to Jenny and good luck to him.
Signed-off-by: Or Gerlitz <ogerlitz(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 00e8cb00bc72f5279fde9d014b47f36dc4805dd8
Merge: efeb226 034fdd4
Author: David S. Miller <davem(a)davemloft.net>
Date: Thu Jun 23 15:22:31 2016 -0400
Merge tag 'wireless-drivers-for-davem-2016-06-21' of
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
wireless-drivers fixes for 4.7
iwlwifi
* fix the scan timeout for long scans
* fix an RCU splat caused when updating the TKIP key
* fix a potential NULL-derefence introduced recently
* fix a IGTK key bug that has existed since the MVM driver was introduced
* fix some fw capabilities checks that got accidentally inverted
rtl8xxxu
* fix typo on variable name
ath10k
* fix deadlock when peer cannot be created
* fix crash related to printing features
* fix deadlock while processing rx_in_ord_ind
ath9k
* fix GPIO mask regression for AR9462 and AR9565
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit efeb2267bba8aa893afdadfc9bae4790777c600c
Author: Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com>
Date: Tue Jun 21 16:26:49 2016 +0800
geneve: fix tx_errors statistics
Tx errors present summation of errors encountered while transmitting
packets.
Signed-off-by: Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 52fe705b493d40b472b9e7220a71bdca8537c6b2
Author: Chris Packham <chris.packham(a)alliedtelesis.co.nz>
Date: Tue Jun 21 15:39:43 2016 +1200
net: vrf: replace hard tab with space in assignment
The assignment of rth->dst.output in vrf_rt6_create() and
vrf_rtable_create() used a hard tab before the '='. The neighboring
assignments did not. Make the assignment of rth->dst.output consistent
with the surrounding code.
Signed-off-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz>
Acked-by: David Ahern <dsa(a)cumulusnetworks.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 21de12ee5568fd1aec47890c72967abf791ac80a
Author: Eric Dumazet <edumazet(a)google.com>
Date: Mon Jun 20 15:00:43 2016 -0700
netem: fix a use after free
If the packet was dropped by lower qdisc, then we must not
access it later.
Save qdisc_pkt_len(skb) in a temp variable.
Fixes: 2ccccf5fb43f ("net_sched: update hierarchical backlog too")
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Cc: WANG Cong <xiyou.wangcong(a)gmail.com>
Cc: Jamal Hadi Salim <jhs(a)mojatatu.com>
Cc: Stephen Hemminger <stephen(a)networkplumber.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 817e9f2c5c262b2716f5d77020d118ad53315f3e
Author: WANG Cong <xiyou.wangcong(a)gmail.com>
Date: Mon Jun 20 13:37:19 2016 -0700
act_ife: acquire ife_mod_lock before reading ifeoplist
Cc: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 067a7cd06f7bf860f2e3415394b065b9a0983802
Author: WANG Cong <xiyou.wangcong(a)gmail.com>
Date: Mon Jun 20 13:37:18 2016 -0700
act_ife: only acquire tcf_lock for existing actions
Alexey reported that we have GFP_KERNEL allocation when
holding the spinlock tcf_lock. Actually we don't have
to take that spinlock for all the cases, especially
for the new one we just create. To modify the existing
actions, we still need this spinlock to make sure
the whole update is atomic.
For net-next, we can get rid of this spinlock because
we already hold the RTNL lock on slow path, and on fast
path we can use RCU to protect the metalist.
Joint work with Jamal.
Reported-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru>
Cc: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 962fcef33b03395051367181a0549d29d109d9a4
Author: Herbert Xu <herbert(a)gondor.apana.org.au>
Date: Sat Jun 18 13:03:36 2016 +0800
esp: Fix ESN generation under UDP encapsulation
Blair Steven noticed that ESN in conjunction with UDP encapsulation
is broken because we set the temporary ESP header to the wrong spot.
This patch fixes this by first of all using the right spot, i.e.,
4 bytes off the real ESP header, and then saving this information
so that after encryption we can restore it properly.
Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
Reported-by: Blair Steven <Blair.Steven(a)alliedtelesis.co.nz>
Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au>
Acked-by: Steffen Klassert <steffen.klassert(a)secunet.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 71873a9b38d1cc6c93e2962149a7bb7272a7cb66
Author: Jimmy Assarsson <jimmyassarsson(a)gmail.com>
Date: Thu Jun 23 07:57:21 2016 +0200
can: kvaser_usb: Add support for more Kvaser Leaf v2 devices
This patch adds support for Kvaser Leaf Light HS v2 OEM, Mini PCI
Express 2xHS and USBcan Light 2xHS.
Signed-off-by: Jimmy Assarsson <jimmyassarsson(a)gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit 25e1ed6e64f52a692ba3191c4fde650aab3ecc07
Author: Oliver Hartkopp <socketcan(a)hartkopp.net>
Date: Tue Jun 21 15:45:47 2016 +0200
can: fix oops caused by wrong rtnl dellink usage
For 'real' hardware CAN devices the netlink interface is used to set CAN
specific communication parameters. Real CAN hardware can not be created nor
removed with the ip tool ...
This patch adds a private dellink function for the CAN device driver interface
that does just nothing.
It's a follow up to commit 993e6f2fd ("can: fix oops caused by wrong rtnl
newlink usage") but for dellink.
Reported-by: ajneu <ajneu1(a)gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit bce271f255dae8335dc4d2ee2c4531e09cc67f5a
Author: Oliver Hartkopp <socketcan(a)hartkopp.net>
Date: Tue Jun 21 12:14:07 2016 +0200
can: fix handling of unmodifiable configuration options fix
With upstream commit bb208f144cf3f59 (can: fix handling of unmodifiable
configuration options) a new can_validate() function was introduced.
When invoking 'ip link set can0 type can' without any configuration data
can_validate() tries to validate the content without taking into account that
there's totally no content. This patch adds a check for missing content.
Reported-by: ajneu <ajneu1(a)gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit acd43fe85b2d1dbad55ce211b8817e6d6687246f
Merge: 27777da 9d76931
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 22 16:38:17 2016 -0400
Merge branch 'mlx4-fixes'
Tariq Toukan says:
====================
mlx4_en fixes for 4.7-rc
This small patchset includes two small fixes for mlx4_en driver.
One allows a clean shutdown even when clients do not release their
netdev reference.
The other adds error return values to the VLAN VID add/kill functions.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 9d76931180557270796f9631e2c79b9c7bb3c9fb
Author: Eran Ben Elisha <eranbe(a)mellanox.com>
Date: Tue Jun 21 14:20:03 2016 +0300
net/mlx4_en: Avoid unregister_netdev at shutdown flow
This allows a clean shutdown, even if some netdev clients do not
release their reference from this netdev. It is enough to release
the HW resources only as the kernel is shutting down.
Fixes: 2ba5fbd62b25 ('net/mlx4_core: Handle AER flow properly')
Signed-off-by: Eran Ben Elisha <eranbe(a)mellanox.com>
Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 93c098af09455ea7bdc6f0f6b08f6ac14fa06cf4
Author: Kamal Heib <kamalh(a)mellanox.com>
Date: Tue Jun 21 14:20:02 2016 +0300
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
Modify mlx4_en_vlan_rx_[add/kill]_vid to return error value in case of
failure.
Fixes: 8e586137e6b6 ('net: make vlan ndo_vlan_rx_[add/kill]_vid return error
value')
Signed-off-by: Kamal Heib <kamalh(a)mellanox.com>
Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 27777daa8b6df0c19aaf591d1536a586b3eb5e36
Author: Jon Paul Maloy <jon.maloy(a)ericsson.com>
Date: Mon Jun 20 09:20:46 2016 -0400
tipc: unclone unbundled buffers before forwarding
When extracting an individual message from a received "bundle" buffer,
we just create a clone of the base buffer, and adjust it to point into
the right position of the linearized data area of the latter. This works
well for regular message reception, but during periods of extremely high
load it may happen that an extracted buffer, e.g, a connection probe, is
reversed and forwarded through an external interface while the preceding
extracted message is still unhandled. When this happens, the header or
data area of the preceding message will be partially overwritten by a
MAC header, leading to unpredicatable consequences, such as a link
reset.
We now fix this by ensuring that the msg_reverse() function never
returns a cloned buffer, and that the returned buffer always contains
sufficient valid head and tail room to be forwarded.
Reported-by: Erik Hugne <erik.hugne(a)gmail.com>
Acked-by: Ying Xue <ying.xue(a)windriver.com>
Signed-off-by: Jon Maloy <jon.maloy(a)ericsson.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d19af0a76444fde629667ecb823c0ee28f9f67d8
Author: Jiri Slaby <jslaby(a)suse.cz>
Date: Mon Jun 20 11:36:28 2016 +0200
kcm: fix /proc memory leak
Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by
kmemleak:
unreferenced object 0xffff88059c0e3458 (size 192):
comm "cat", pid 1401, jiffies 4294935742 (age 310.720s)
hex dump (first 32 bytes):
28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00 (Eq.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8156a2de>] kmem_cache_alloc_trace+0x16e/0x230
[<ffffffff8162a479>] seq_open+0x79/0x1d0
[<ffffffffa0578510>] kcm_seq_open+0x0/0x30 [kcm]
[<ffffffff8162a479>] seq_open+0x79/0x1d0
[<ffffffff8162a8cf>] __seq_open_private+0x2f/0xa0
[<ffffffff81712548>] seq_open_net+0x38/0xa0
...
It is caused by a missing free in the ->release path. So fix it by
providing seq_release_net as the ->release method.
Signed-off-by: Jiri Slaby <jslaby(a)suse.cz>
Fixes: cd6e111bf5 (kcm: Add statistics and proc interfaces)
Cc: "David S. Miller" <davem(a)davemloft.net>
Cc: Tom Herbert <tom(a)herbertland.com>
Cc: netdev(a)vger.kernel.org
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 942f64c4c2be19a1b4a0c4295182b42d153899bf
Author: Ido Schimmel <idosch(a)mellanox.com>
Date: Mon Jun 20 11:53:20 2016 +0300
team: Fix possible deadlock during team enslave
Both dev_uc_sync_multiple() and dev_mc_sync_multiple() require the
source device to be locked by netif_addr_lock_bh(), but this is missing
in team's enslave function, so add it.
This fixes the following lockdep warning:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(_xmit_ETHER/1);
local_irq_disable();
lock(&(&mc->mca_lock)->rlock);
lock(&team_netdev_addr_lock_key);
<Interrupt>
lock(&(&mc->mca_lock)->rlock);
*** DEADLOCK ***
Fixes: cb41c997d444 ("team: team should sync the port's uc/mc addrs when add
a port")
Signed-off-by: Jiri Pirko <jiri(a)mellanox.com>
Signed-off-by: Ido Schimmel <idosch(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 6b65ca06e1af38ea90074a47fcb5748ee9309b94
Merge: ab522fd f155d9c
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 22 16:29:17 2016 -0400
Merge tag 'linux-can-fixes-for-4.7-20160620' of
git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
====================
pull-request: can 2016-06-20
this is a pull request of 3 patches for the upcoming linux-4.7 release.
The first patch is by Thor Thayer for the c_can/d_can driver. It fixes the
registar access on Altera Cyclone devices, which caused CAN frames to have 0x0
in the first two bytes incorrectly. Wolfgang Grandegger's patch for the at91
driver fixes a hanging driver under high bus load situations. A patch for the
gs_usb driver by Maximilian Schneider adds support for the bytewerk.org
candleLight interface.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit f155d9c0a138463c3c9380d35e54e433c1477336
Author: Maximilian Schneider <max(a)schneidersoft.net>
Date: Wed Jun 8 18:00:26 2016 +0000
can: gs_usb: Add Basic support for the bytewerk.org candleLight interface
This patchs adds basic support for the bytewerk.org candleLight interface,
a open hardware (CERN OHL) USB CAN adapter.
Signed-off-by: Hubert Denkmair <hubert(a)denkmair.de>
Signed-off-by: Maximilian Schneider <max(a)schneidersoft.net>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit 43200a4480cbbe660309621817f54cbb93907108
Author: Wolfgang Grandegger <wg(a)grandegger.com>
Date: Mon Jun 13 15:44:19 2016 +0200
can: at91_can: RX queue could get stuck at high bus load
At high bus load it could happen that "at91_poll()" enters with all RX
message boxes filled up. If then at the end the "quota" is exceeded as
well, "rx_next" will not be reset to the first RX mailbox and hence the
interrupts remain disabled.
Signed-off-by: Wolfgang Grandegger <wg(a)grandegger.com>
Tested-by: Amr Bekhit <amrbekhit(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit 427460c83cdf55069eee49799a0caef7dde8df69
Author: Thor Thayer <tthayer(a)opensource.altera.com>
Date: Thu Jun 16 11:10:19 2016 -0500
can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone access
When testing CAN write floods on Altera's CycloneV, the first 2 bytes
are sometimes 0x00, 0x00 or corrupted instead of the values sent. Also
observed bytes 4 & 5 were corrupted in some cases.
The D_CAN Data registers are 32 bits and changing from 16 bit writes to
32 bit writes fixes the problem.
Testing performed on Altera CycloneV (D_CAN). Requesting tests on other
C_CAN & D_CAN platforms.
Reported-by: Richard Andrysek <richard.andrysek(a)gomtec.de>
Signed-off-by: Thor Thayer <tthayer(a)opensource.altera.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de>
commit ab522fd68bc78f3f81f6c553f785dae3462859fa
Merge: 5c3da57 b639f19
Author: David S. Miller <davem(a)davemloft.net>
Date: Sun Jun 19 10:47:33 2016 -0700
Merge branch 'qed-fixes'
Yuval Mintz says:
====================
qed*: Fixes series
This series contains several small fixes to driver behavior
[4th patch is the only one containing a 'fatal' fix, but the error
is only theoretical for qede; if would require another protocol
driver yet unsubmitted to reach it].
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit b639f197210d37905a6018ae4297659eb3f48f8f
Author: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Date: Sun Jun 19 15:18:15 2016 +0300
qed: Add missing port-mode
The 'MODULE_FIBER' value replaced several other FIBER values
in newer management firmware images, so existing code would
fail to properly reflect its mode.
Signed-off-by: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit db511c37d4eb2b4e7312791eb8f9b34ed867445e
Author: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Date: Sun Jun 19 15:18:14 2016 +0300
qed: Fix returning unlimited SPQ entries
Driver has 2 sets of entries for handling ramrod configurations
toward firmware - a regular pre-allocated set of entires and a
possible 'unlimited' list of additional pending entries.
In most scenarios the 'unlimited' list would not be used, but
when it does the handling of the ramrod completion doesn't
properly handle the release of the entry.
Signed-off-by: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a0d26d5a4fc8e13993279f788deeb08069e73b69
Author: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Date: Sun Jun 19 15:18:13 2016 +0300
qed*: Don't reset statistics on inner reload
Several user APIs can cause driver to perform an inner-reload.
Currently, doing this would cause the HW/FW statistics of the
adapter to reset, which isn't the expected behavior [statistics
should only reset on explicit unloads].
Signed-off-by: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 326439883e17fca029f4ed05307480bdb6369877
Author: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Date: Sun Jun 19 15:18:12 2016 +0300
qed: Prevent VF from Tx-switching 'promisc'
Internal loopback in driver is based on two things - first
is the willingness of transmitter to use it [in case of VFs,
this can be forced based on VEPA/VEB] and secondly on another
vport classification configuration which should match the
packet's destination.
Current code allows non-linux VFs to configure a 'promisc'
mode on Tx, meaning all traffic sent by VF would be loopbacked
internally by firmware; This isn't considered a valid mode and
as such should be prevented by PF.
Signed-off-by: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit e6bd89232b4a4c9282da1ac8bdd798c2a30d9a46
Author: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Date: Sun Jun 19 15:18:11 2016 +0300
qed: Correct default vlan behavior
When no vlan filter is configured, firmware has a configurable
default on whether to pass only untagged packets or all packets
regardless of their tagging. Driver currently doesn't set this
field in the necessary ramrod, causing the default to always be
'receive all'.
Signed-off-by: Yuval Mintz <Yuval.Mintz(a)qlogic.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 5c3da57d70f1ef1d9b60900b84a74d77a9cf0774
Author: Joshua Houghton <josh(a)awful.name>
Date: Sat Jun 18 15:46:31 2016 +0000
net: rds: fix coding style issues
Fix coding style issues in the following files:
ib_cm.c: add space
loop.c: convert spaces to tabs
sysctl.c: add space
tcp.h: convert spaces to tabs
tcp_connect.c:remove extra indentation in switch statement
tcp_recv.c: convert spaces to tabs
tcp_send.c: convert spaces to tabs
transport.c: move brace up one line on for statement
Signed-off-by: Joshua Houghton <josh(a)awful.name>
Acked-by: Santosh Shilimkar <santosh.shilimkar(a)oracle.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 4a7d99ea1b27734558feb6833f180cd38a159940
Author: Basil Gunn <basil(a)pacabunga.com>
Date: Thu Jun 16 09:42:30 2016 -0700
AX.25: Close socket connection on session completion
A socket connection made in ax.25 is not closed when session is
completed. The heartbeat timer is stopped prematurely and this is
where the socket gets closed. Allow heatbeat timer to run to close
socket. Symptom occurs in kernels >= 4.2.0
Originally sent 6/15/2016. Resend with distribution list matching
scripts/maintainer.pl output.
Signed-off-by: Basil Gunn <basil(a)pacabunga.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3bb549ae4c51028c1930528ae9fcd6eca0474724
Author: Sowmini Varadhan <sowmini.varadhan(a)oracle.com>
Date: Fri Jun 17 16:12:12 2016 -0400
RDS: TCP: rds_tcp_accept_one() should transition socket from RESETTING to UP
The state of the rds_connection after rds_tcp_reset_callbacks() would
be RDS_CONN_RESETTING and this is the value that should be passed
by rds_tcp_accept_one() to rds_connect_path_complete() to transition
the socket to RDS_CONN_UP.
Fixes: b5c21c0947c1 ("RDS: TCP: fix race windows in send-path quiescence
by rds_tcp_accept_one()")
Signed-off-by: Sowmini Varadhan <sowmini.varadhan(a)oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar(a)oracle.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a9836cbb5fc885d3b8f3b91b2d47525f7269dec1
Author: Arnd Bergmann <arnd(a)arndb.de>
Date: Fri Jun 17 18:15:30 2016 +0200
net: tilegx: use correct timespec64 type
The conversion to the 64-bit time based ptp methods left two instances
of 'struct timespec' in place. This is harmless because 64-bit
architectures define timespec64 as timespec, and this driver is
not used on 32-bit machines.
However, using 'struct timespec64' directly is obviously the right
thing to do, and will help us remove 'struct timespec' in the future.
Signed-off-by: Arnd Bergmann <arnd(a)arndb.de>
Fixes: b9acf24f779c ("ptp: tilegx: convert to the 64 bit get/set time
methods.")
Acked-by: Richard Cochran <richardcochran(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit b47ac27a1dbebc559156f92a0807dc957bb12731
Merge: f1d048f 4e239fa
Author: David S. Miller <davem(a)davemloft.net>
Date: Fri Jun 17 21:57:54 2016 -0700
Merge branch 'mlxsw-fixes'
Jiri Pirko says:
====================
mlxsw: couple of fixes
Couple of slowpath tx stats fixes for Spectrum and SwitchX-2.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 4e239fac7c6b9d703e83c81b52ec9fec00c50129
Author: Nogah Frankel <nogahf(a)mellanox.com>
Date: Fri Jun 17 15:09:06 2016 +0200
mlxsw: switchx2: Don't count internal TX header bytes to stats
Stop the SW TX counter from counting the TX header bytes
since they are not being sent out.
Fixes: e577516b9db3 ("mlxsw: Fix use-after-free bug in mlxsw_sx_port_xmit")
Signed-off-by: Nogah Frankel <nogahf(a)mellanox.com>
Reviewed-by: Ido Schimmel <idosch(a)mellanox.com>
Signed-off-by: Jiri Pirko <jiri(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 63dcdd35c1552ca0c911e98ba3389a0729a457f4
Author: Nogah Frankel <nogahf(a)mellanox.com>
Date: Fri Jun 17 15:09:05 2016 +0200
mlxsw: spectrum: Don't count internal TX header bytes to stats
Stop the SW TX counter from counting the TX header bytes
since they are not being sent out.
Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum
ASIC")
Reviewed-by: Ido Schimmel <idosch(a)mellanox.com>
Signed-off-by: Nogah Frankel <nogahf(a)mellanox.com>
Signed-off-by: Jiri Pirko <jiri(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit f1d048f24e66ba85d3dabf3d076cefa5f2b546b0
Author: Jon Paul Maloy <jon.maloy(a)ericsson.com>
Date: Fri Jun 17 06:35:57 2016 -0400
tipc: fix socket timer deadlock
We sometimes observe a 'deadly embrace' type deadlock occurring
between mutually connected sockets on the same node. This happens
when the one-hour peer supervision timers happen to expire
simultaneously in both sockets.
The scenario is as follows:
CPU 1: CPU 2:
-------- --------
tipc_sk_timeout(sk1) tipc_sk_timeout(sk2)
lock(sk1.slock) lock(sk2.slock)
msg_create(probe) msg_create(probe)
unlock(sk1.slock) unlock(sk2.slock)
tipc_node_xmit_skb() tipc_node_xmit_skb()
tipc_node_xmit() tipc_node_xmit()
tipc_sk_rcv(sk2) tipc_sk_rcv(sk1)
lock(sk2.slock) lock((sk1.slock)
filter_rcv() filter_rcv()
tipc_sk_proto_rcv() tipc_sk_proto_rcv()
msg_create(probe_rsp) msg_create(probe_rsp)
tipc_sk_respond() tipc_sk_respond()
tipc_node_xmit_skb() tipc_node_xmit_skb()
tipc_node_xmit() tipc_node_xmit()
tipc_sk_rcv(sk1) tipc_sk_rcv(sk2)
lock((sk1.slock) lock((sk2.slock)
===> DEADLOCK ===> DEADLOCK
Further analysis reveals that there are three different locations in the
socket code where tipc_sk_respond() is called within the context of the
socket lock, with ensuing risk of similar deadlocks.
We now solve this by passing a buffer queue along with all upcalls where
sk_lock.slock may potentially be held. Response or rejected message
buffers are accumulated into this queue instead of being sent out
directly, and only sent once we know we are safely outside the slock
context.
Reported-by: GUNA <gbalasun(a)gmail.com>
Acked-by: Ying Xue <ying.xue(a)windriver.com>
Signed-off-by: Jon Maloy <jon.maloy(a)ericsson.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 695ef16cd0510f3bc963967fd73a360989fe4ebf
Merge: ce449ba 1463847
Author: David S. Miller <davem(a)davemloft.net>
Date: Fri Jun 17 19:50:04 2016 -0700
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are rather small patches but fixing several outstanding bugs in
nf_conntrack and nf_tables, as well as minor problems with missing
SYNPROXY header uapi installation:
1) Oneliner not to leak conntrack kmemcache on module removal, this
problem was introduced in the previous merge window, patch from
Florian Westphal.
2) Two fixes for insufficient ruleset loop validation, one due to
incorrect flag check in nf_tables_bind_set() and another related to
silly wrong generation mask logic from the walk path, from Liping
Zhang.
3) Fix double-free of anonymous sets on error, this fix simplifies the
code to let the abort path take care of releasing the set object,
also from Liping Zhang.
4) The introduction of helper function for transactions broke the skip
inactive rules logic from the nft_do_chain(), again from Liping
Zhang.
5) Two patches to install uapi xt_SYNPROXY.h header and calm down
kbuild robot due to missing #include <linux/types.h>.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 1463847e93fe693e89c52b03ab4ede6800d717c1
Author: Pablo Neira Ayuso <pablo(a)netfilter.org>
Date: Fri Jun 17 12:54:18 2016 +0200
netfilter: xt_SYNPROXY: include missing <linux/types.h>
./usr/include/linux/netfilter/xt_SYNPROXY.h:11: found __[us]{8,16,32,64} type without
#include <linux/types.h>
Reported-by: kbuild test robot <lkp(a)intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit 8f45927c3cae4db85887700e5415286f766cbaf9
Author: Pablo Neira Ayuso <pablo(a)netfilter.org>
Date: Fri Jun 17 12:54:18 2016 +0200
netfilter: xt_SYNPROXY: add missing header to Kbuild
Matt Whitlock says:
Without this line, the file xt_SYNPROXY.h does not get installed in
/usr/include/linux/netfilter/, and thus user-space programs cannot make
use of it.
Reported-by: Matt Whitlock <kernel(a)mattwhitlock.name>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit ce449ba77a2271dce9771fb1f3eb37e4be6a8b81
Author: Jakub Kicinski <jakub.kicinski(a)netronome.com>
Date: Thu Jun 16 14:42:50 2016 +0100
nfp: use correct index to mask link state irq
We were using an incorrect define to get the irq vector number.
NFP_NET_CFG_LSC is a control BAR offset, LSC interrupt vector
index is called NFP_NET_IRQ_LSC_IDX. For machines with less
than 30 CPUs this meant that we were disabling/enabling IRQ 0.
For bigger hosts we were just playing with the 31st RX/TX
interrupt.
Fixes: 0ba40af963f0 ("nfp: move link state interrupt request/free calls")
Signed-off-by: Jakub Kicinski <jakub.kicinski(a)netronome.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d5d8760b78d0cfafe292f965f599988138b06a70
Author: Simon Horman <simon.horman(a)netronome.com>
Date: Thu Jun 16 17:06:19 2016 +0900
sit: correct IP protocol used in ipip6_err
Since 32b8a8e59c9c ("sit: add IPv4 over IPv4 support")
ipip6_err() may be called for packets whose IP protocol is
IPPROTO_IPIP as well as those whose IP protocol is IPPROTO_IPV6.
In the case of IPPROTO_IPIP packets the correct protocol value is not
passed to ipv4_update_pmtu() or ipv4_redirect().
This patch resolves this problem by using the IP protocol of the packet
rather than a hard-coded value. This appears to be consistent
with the usage of the protocol of a packet by icmp_socket_deliver()
the caller of ipip6_err().
I was able to exercise the redirect case by using a setup where an ICMP
redirect was received for the destination of the encapsulated packet.
However, it appears that although incorrect the protocol field is not used
in this case and thus no problem manifests. On inspection it does not
appear that a problem will manifest in the fragmentation needed/update pmtu
case either.
In short I believe this is a cosmetic fix. None the less, the use of
IPPROTO_IPV6 seems wrong and confusing.
Reviewed-by: Dinan Gunawardena <dinan.gunawardena(a)netronome.com>
Signed-off-by: Simon Horman <simon.horman(a)netronome.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji(a)linux-ipv6.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a547224dceed4645139f7eff72ff51adb9938bcb
Author: Alexander Duyck <aduyck(a)mirantis.com>
Date: Wed Jun 15 14:42:11 2016 -0700
mlx4e: Do not attempt to offload VXLAN ports that are unrecognized
The mlx4e driver does not support more than one port for VXLAN offload. As
such expecting the hardware to offload other ports is invalid since it
appears the parsing logic is used to perform Tx checksum and segmentation
offloads. Use the vxlan_port number to determine in which cases we can
apply the offload and in which cases we can not.
Signed-off-by: Alexander Duyck <aduyck(a)mirantis.com>
Reviewed-by: Tariq Toukan <tariqt(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 17471c7ba5115ed724d624577b21c166d2194272
Author: Arnd Bergmann <arnd(a)arndb.de>
Date: Wed Jun 15 22:31:10 2016 +0200
net: sfc: avoid -Wtype-limits warning
When building with -Wextra, we get a harmless warning from the
EFX_EXTRACT_OWORD32 macro:
ethernet/sfc/farch.c: In function 'efx_farch_test_registers':
ethernet/sfc/farch.c:119:30: error: comparison of unsigned expression < 0 is always
false [-Werror=type-limits]
ethernet/sfc/farch.c:124:144: error: comparison of unsigned expression < 0 is
always false [-Werror=type-limits]
ethernet/sfc/farch.c:124:392: error: comparison of unsigned expression < 0 is
always false [-Werror=type-limits]
ethernet/sfc/farch.c:124:731: error: comparison of unsigned expression < 0 is
always false [-Werror=type-limits]
The macro and the caller are both correct, but we can avoid the
warning by changing the index variable to a signed type.
Signed-off-by: Arnd Bergmann <arnd(a)arndb.de>
Acked-by: Bert Kenward <bkenward(a)solarflare.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 034fdd4a17ff089c2428ece18efa65c5396810d2
Merge: c70410c e024111
Author: Kalle Valo <kvalo(a)codeaurora.org>
Date: Thu Jun 16 17:55:19 2016 +0300
Merge ath-current from ath.git
ath.git fixes for 4.7. Major changes:
ath9k
* fix GPIO mask regression with AR9462 and AR9565
ath10k
* fix deadlock while processing rx_in_ord_ind
* fix crash related to printing firmware features in debug mode
* fix deadlock when peer cannot be created
commit c70410cb91de70707a507ee7beef7021a5a89f0d
Author: Colin Ian King <colin.king(a)canonical.com>
Date: Thu Jun 9 14:38:50 2016 -0400
rtl8xxxu: fix typo on variable name, compare against correct variable
path_b_ok is being assigned but immediately after path_a_ok is being
compared to the value 0x03. This appears to be a typo on the
variable name, compare path_b_ok instead.
Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen(a)redhat.com>
Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org>
commit 13eab83f9b3566ab425a43bb65b2ba22cb0abbba
Merge: 8c08c732 a59e6d8
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 15 23:39:18 2016 -0700
Merge branch 'r8152-fixes'
Hayes Wang says:
====================
r8152: fix known issues
These patches fix some known issues.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a59e6d815226b70780427648e359da9bbee07171
Author: hayeswang <hayeswang(a)realtek.com>
Date: Thu Jun 16 10:55:19 2016 +0800
r8152: correct the rx early size
The rx early size should be
(agg_buf_sz - packet size) / 8
Signed-off-by: Hayes Wang <hayeswang(a)realtek.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 93fe9b1838404fcc3bea320b704bfa461d8e57a6
Author: hayeswang <hayeswang(a)realtek.com>
Date: Thu Jun 16 10:55:18 2016 +0800
r8152: reset the bmu
Reset the BMU to clear the rx/tx fifo. This avoids that the unexpected
data remains in the hw.
Signed-off-by: Hayes Wang <hayeswang(a)realtek.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 4e384ac19b5be6ad084b215d298b82b3a91ad24b
Author: hayeswang <hayeswang(a)realtek.com>
Date: Thu Jun 16 10:55:17 2016 +0800
r8152: disable MAC clock speed down
Disable MAC clock speed down. It may casue the first control
transfer to contain the wrong data, when the power state change
from U1 to U0.
Signed-off-by: Hayes Wang <hayeswang(a)realtek.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 8c08c7325ec36c9d338cedebc4570b567fa9a740
Merge: e582615 ad572d1
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 15 23:37:55 2016 -0700
Merge branch 'bpf-fixes'
Alexei Starovoitov says:
====================
bpf fixes
Fixes for two bpf bugs:
1st bug reported by Sasha Goldshtein here:
https://github.com/iovisor/bcc/issues/570
2nd discovered by Daniel Borkmann by manual code analysis.
See patches for details.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ad572d174787daa59e24b8b5c83028c09cdb5ddb
Author: Alexei Starovoitov <ast(a)fb.com>
Date: Wed Jun 15 18:25:39 2016 -0700
bpf, trace: check event type in bpf_perf_event_read
similar to bpf_perf_event_output() the bpf_perf_event_read() helper
needs to check the type of the perf_event before reading the counter.
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
Reported-by: Daniel Borkmann <daniel(a)iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Acked-by: Daniel Borkmann <daniel(a)iogearbox.net>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 19de99f70b87fcc3338da52a89c439b088cbff71
Author: Alexei Starovoitov <ast(a)fb.com>
Date: Wed Jun 15 18:25:38 2016 -0700
bpf: fix matching of data/data_end in verifier
The ctx structure passed into bpf programs is different depending on bpf
program type. The verifier incorrectly marked ctx->data and ctx->data_end
access based on ctx offset only. That caused loads in tracing programs
int bpf_prog(struct pt_regs *ctx) { .. ctx->ax .. }
to be incorrectly marked as PTR_TO_PACKET which later caused verifier
to reject the program that was actually valid in tracing context.
Fix this by doing program type specific matching of ctx offsets.
Fixes: 969bf05eb3ce ("bpf: direct packet access")
Reported-by: Sasha Goldshtein <goldshtn(a)gmail.com>
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Acked-by: Daniel Borkmann <daniel(a)iogearbox.net>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit e582615ad33dbd39623084a02e95567b116e1eea
Author: Eric Dumazet <edumazet(a)google.com>
Date: Wed Jun 15 06:24:00 2016 -0700
gre: fix error handler
1) gre_parse_header() can be called from gre_err()
At this point transport header points to ICMP header, not the inner
header.
2) We can not really change transport header as ipgre_err() will later
assume transport header still points to ICMP header (using icmp_hdr())
3) pskb_may_pull() logic in gre_parse_header() really works
if we are interested at zone pointed by skb->data
4) As Jiri explained in commit b7f8fe251e46 ("gre: do not pull header in
ICMP error processing") we should not pull headers in error handler.
So this fix :
A) changes gre_parse_header() to use skb->data instead of
skb_transport_header()
B) Adds a nhs parameter to gre_parse_header() so that we can skip the
not pulled IP header from error path.
This offset is 0 for normal receive path.
C) remove obsolete IPV6 includes
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Cc: Tom Herbert <tom(a)herbertland.com>
Cc: Maciej Żenczykowski <maze(a)google.com>
Cc: Jiri Benc <jbenc(a)redhat.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit daddef76c3deaaa7922f9d7b18edbf0a061215c3
Author: Jason A. Donenfeld <Jason(a)zx2c4.com>
Date: Wed Jun 15 11:14:53 2016 +0200
net: Don't forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG
The implementation of net_dbg_ratelimited in the CONFIG_DYNAMIC_DEBUG
case was added with 2c94b5373 ("net: Implement net_dbg_ratelimited() for
CONFIG_DYNAMIC_DEBUG case"). The implementation strategy was to take the
usual definition of the dynamic_pr_debug macro, but alter it by adding a
call to "net_ratelimit()" in the if statement. This is, in fact, the
correct approach.
However, while doing this, the author of the commit forgot to surround
fmt by pr_fmt, resulting in unprefixed log messages appearing in the
console. So, this commit adds back the pr_fmt(fmt) invocation, making
net_dbg_ratelimited properly consistent across DEBUG, no DEBUG, and
DYNAMIC_DEBUG cases, and bringing parity with the behavior of
dynamic_pr_debug as well.
Fixes: 2c94b5373 ("net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG
case")
Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
Cc: Tim Bingham <tbingham(a)akamai.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 4a1836701fd59476ee1331379e00a9ab51ba4f61
Author: Arnd Bergmann <arnd(a)arndb.de>
Date: Wed Jun 15 17:45:51 2016 +0200
net: skfb: remove obsolete -I cflag
The skfp driver has been moved to drivers/net/fddi/skfp a long time
ago, but we still attempt to include headers from the old location,
which causes a warning when building with W=1:
cc1: error: /git/arm-soc/drivers/net/skfp: No such file or directory
[-Werror=missing-include-dirs]
cc1: error: drivers/net/skfp: No such file or directory
[-Werror=missing-include-dirs]
Clearly this include directive is not needed any more, so we can
just remove it now.
Signed-off-by: Arnd Bergmann <arnd(a)arndb.de>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit c91522f860bb9dd4178c8280bbebd4f4321b7199
Author: Ying Xue <ying.xue(a)windriver.com>
Date: Wed Jun 15 14:11:31 2016 +0800
tipc: eliminate uninitialized variable warning
net/tipc/link.c: In function ‘tipc_link_timeout’:
net/tipc/link.c:744:28: warning: ‘mtyp’ may be used uninitialized in this function
[-Wuninitialized]
Fixes: 42b18f605fea ("tipc: refactor function tipc_link_timeout()")
Acked-by: Jon Maloy <jon.maloy(a)ericsson.com>
Signed-off-by: Ying Xue <ying.xue(a)windriver.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 66d95b6705a6347f7b2645e042874ec0bb03b726
Author: Ying Xue <ying.xue(a)windriver.com>
Date: Wed Jun 15 14:10:57 2016 +0800
tipc: fix suspicious RCU usage
When run tipcTS&tipcTC test suite, the following complaint appears:
[ 56.926168] ===============================
[ 56.926169] [ INFO: suspicious RCU usage. ]
[ 56.926171] 4.7.0-rc1+ #160 Not tainted
[ 56.926173] -------------------------------
[ 56.926174] net/tipc/bearer.c:408 suspicious rcu_dereference_protected() usage!
[ 56.926175]
[ 56.926175] other info that might help us debug this:
[ 56.926175]
[ 56.926177]
[ 56.926177] rcu_scheduler_active = 1, debug_locks = 1
[ 56.926179] 3 locks held by swapper/4/0:
[ 56.926180] #0: (((&req->timer))){+.-...}, at: [<ffffffff810e79b5>]
call_timer_fn+0x5/0x340
[ 56.926203] #1: (&(&req->lock)->rlock){+.-...}, at:
[<ffffffffa000c29b>] disc_timeout+0x1b/0xd0 [tipc]
[ 56.926212] #2: (rcu_read_lock){......}, at: [<ffffffffa00055e0>]
tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc]
[ 56.926218]
[ 56.926218] stack backtrace:
[ 56.926221] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 4.7.0-rc1+ #160
[ 56.926222] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 56.926224] 0000000000000000 ffff880016803d28 ffffffff813c4423 ffff8800154252c0
[ 56.926227] 0000000000000001 ffff880016803d58 ffffffff810b7512 ffff8800124d8120
[ 56.926230] ffff880013f8a160 ffff8800132b5ccc ffff8800124d8120 ffff880016803d88
[ 56.926234] Call Trace:
[ 56.926235] <IRQ> [<ffffffff813c4423>] dump_stack+0x67/0x94
[ 56.926250] [<ffffffff810b7512>] lockdep_rcu_suspicious+0xe2/0x120
[ 56.926256] [<ffffffffa00051f1>] tipc_l2_send_msg+0x131/0x1c0 [tipc]
[ 56.926261] [<ffffffffa000567c>] tipc_bearer_xmit_skb+0x14c/0x2e0 [tipc]
[ 56.926266] [<ffffffffa00055e0>] ? tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc]
[ 56.926273] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
[ 56.926278] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
[ 56.926283] [<ffffffffa000c2d6>] disc_timeout+0x56/0xd0 [tipc]
[ 56.926288] [<ffffffff810e7a68>] call_timer_fn+0xb8/0x340
[ 56.926291] [<ffffffff810e79b5>] ? call_timer_fn+0x5/0x340
[ 56.926296] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
[ 56.926300] [<ffffffff810e8f4a>] run_timer_softirq+0x23a/0x390
[ 56.926306] [<ffffffff810f89ff>] ? clockevents_program_event+0x7f/0x130
[ 56.926316] [<ffffffff819727c3>] __do_softirq+0xc3/0x4a2
[ 56.926323] [<ffffffff8106ba5a>] irq_exit+0x8a/0xb0
[ 56.926327] [<ffffffff81972456>] smp_apic_timer_interrupt+0x46/0x60
[ 56.926331] [<ffffffff81970a49>] apic_timer_interrupt+0x89/0x90
[ 56.926333] <EOI> [<ffffffff81027fda>] ? default_idle+0x2a/0x1a0
[ 56.926340] [<ffffffff81027fd8>] ? default_idle+0x28/0x1a0
[ 56.926342] [<ffffffff810289cf>] arch_cpu_idle+0xf/0x20
[ 56.926345] [<ffffffff810adf0f>] default_idle_call+0x2f/0x50
[ 56.926347] [<ffffffff810ae145>] cpu_startup_entry+0x215/0x3e0
[ 56.926353] [<ffffffff81040ad9>] start_secondary+0xf9/0x100
The warning appears as rtnl_dereference() is wrongly used in
tipc_l2_send_msg() under RCU read lock protection. Instead the proper
usage should be that rcu_dereference_rtnl() is called here.
Fixes: 5b7066c3dd24 ("tipc: stricter filtering of packets in bearer layer")
Acked-by: Jon Maloy <jon.maloy(a)ericsson.com>
Signed-off-by: Ying Xue <ying.xue(a)windriver.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit e4587ea1d748953e17ddee8f30994899ae73b677
Merge: 0ee1362 6052f7f
Author: David S. Miller <davem(a)davemloft.net>
Date: Wed Jun 15 14:47:46 2016 -0700
Merge branch 'macsec-fixes'
Sabrina Dubroca says:
====================
macsec fixes
Patch 1 adds rcu_barrier() during module unload to prevent possible
panics.
Patch 2 allocates memory for scattergather lists and the IV on the
heap, since they can escape the current function's context during
crypto callbacks.
Patch 3 fixes a failure to create secure associations.
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 6052f7fbce857e327218a9d8a040e210ea7cc718
Author: Sabrina Dubroca <sd(a)queasysnail.net>
Date: Tue Jun 14 15:25:16 2016 +0200
macsec: fix SA initialization
The ASYNC flag prevents initialization on some physical machines.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Sabrina Dubroca <sd(a)queasysnail.net>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 5d9649b3a524df9ccd15ac25ad6591089260fdbd
Author: Sabrina Dubroca <sd(a)queasysnail.net>
Date: Tue Jun 14 15:25:15 2016 +0200
macsec: allocate sg and iv on the heap
For the crypto callbacks to work properly, we cannot have sg and iv on
the stack. Use kmalloc instead, with a single allocation for
aead_request + scatterlist + iv.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Sabrina Dubroca <sd(a)queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit b196c22af5c3ff784c472c80f6fb4e5fad67b2ac
Author: Sabrina Dubroca <sd(a)queasysnail.net>
Date: Tue Jun 14 15:25:14 2016 +0200
macsec: add rcu_barrier() on module exit
Without this, the various uses of call_rcu could cause a kernel panic.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Signed-off-by: Sabrina Dubroca <sd(a)queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0ee13627f963f9c5c9544ed19d82854836d5e676
Author: Florian Westphal <fw(a)strlen.de>
Date: Tue Jun 14 06:16:27 2016 +0200
htb: call qdisc_root with rcu read lock held
saw a debug splat:
net/include/net/sch_generic.h:287 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
2 locks held by kworker/2:1/710:
#0: ("events"){.+.+.+}, at: [<ffffffff8106ca1d>]
#1: ((&q->work)){+.+...}, at: [<ffffffff8106ca1d>]
process_one_work+0x14d/0x690
Workqueue: events htb_work_func
Call Trace:
[<ffffffff812dc763>] dump_stack+0x85/0xc2
[<ffffffff8109fee7>] lockdep_rcu_suspicious+0xe7/0x120
[<ffffffff814ced47>] htb_work_func+0x67/0x70
Signed-off-by: Florian Westphal <fw(a)strlen.de>
Acked-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ebecaa6662b0a9c3590bd644a4cec6f9d96818b7
Author: Jamal Hadi Salim <jhs(a)mojatatu.com>
Date: Mon Jun 13 18:08:42 2016 -0400
net sched actions: bug fix dumping actions directly didnt produce NLMSG_DONE
This refers to commands to direct action access as follows:
sudo tc actions add action drop index 12
sudo tc actions add action pipe index 10
And then dumping them like so:
sudo tc actions ls action gact
iproute2 worked because it depended on absence of TCA_ACT_TAB TLV
as end of message.
This fix has been tested with iproute2 and is backward compatible.
Signed-off-by: Jamal Hadi Salim <jhs(a)mojatatu.com>
Acked-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d15eccea69b96a5116169688dcc9baf6d1ce2751
Author: WANG Cong <xiyou.wangcong(a)gmail.com>
Date: Mon Jun 13 13:44:14 2016 -0700
act_ipt: fix a bind refcnt leak
And avoid calling tcf_hash_check() twice.
Fixes: a57f19d30b2d ("net sched: ipt action fix late binding")
Cc: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 3d7c8257d999bdf8fa77ffd9be775c7b58cc7b69
Author: Eric Dumazet <edumazet(a)google.com>
Date: Mon Jun 13 11:33:32 2016 -0700
net_sched: prio: insure proper transactional behavior
Now prio_init() can return -ENOMEM, it also has to make sure
any allocated qdiscs are freed, since the caller (qdisc_create()) wont
call ->destroy() handler for us.
More generally, we want a transactional behavior for "tc qdisc
change ...", so prio_tune() should not make modifications if
any error is returned.
It means that we must validate parameters and allocate missing qdisc(s)
before taking root qdisc lock exactly once, to not leave the prio qdisc
in an intermediate state.
Fixes: cbdf45116478 ("net_sched: prio: properly report out of memory
errors")
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Reported-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Acked-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0c5ddb51e8f7be7170600f95a4ea92e5a32afad8
Author: Eric Dumazet <edumazet(a)google.com>
Date: Mon Jun 13 07:50:25 2016 -0700
net/mlx4_en: initialize cmd.context_lock spinlock earlier
Maciej Żenczykowski reported lockdep warning a spinlock
was not registered before being held in mlx4_cmd_wake_completions()
cmd.context_lock initialization is not at the right place.
1) mlx4_cmd_use_events() can be called multiple times.
Calling spin_lock_init() on a live spinlock can lead
to hangs.
2) mlx4_cmd_wake_completions() can be called while lock
has not been initialized.
Lockdep complains, and current logic is not race prone.
It seems better to move the initialization earlier in
mlx4_load_one()
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Reported-by: Maciej Żenczykowski <maze(a)google.com>
Cc: Eugenia Emantayev <eugenia(a)mellanox.com>
Cc: Tariq Toukan <tariqt(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 8fff1722f705ce5023a0d6d77a31a9d013be2a34
Author: Liping Zhang <liping.zhang(a)spreadtrum.com>
Date: Tue Jun 14 20:13:04 2016 +0800
netfilter: nf_tables: fix a wrong check to skip the inactive rules
nft_genmask_cur has already done left-shift operator on the gencursor,
so there's no need to do left-shift operator on it again.
Fixes: ea4bd995b0f2 ("netfilter: nf_tables: add transaction helper
functions")
Cc: Patrick McHardy <kaber(a)trash.net>
Signed-off-by: Liping Zhang <liping.zhang(a)spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit a02f424863610a0a7abd80c468839e59cfa4d0d8
Author: Liping Zhang <liping.zhang(a)spreadtrum.com>
Date: Sat Jun 11 12:20:28 2016 +0800
netfilter: nf_tables: fix wrong destroy anonymous sets if binding fails
When we add a nft rule like follows:
# nft add rule filter test tcp dport vmap {1: jump test}
-ELOOP error will be returned, and the anonymous set will be
destroyed.
But after that, nf_tables_abort will also try to remove the
element and destroy the set, which was already destroyed and
freed.
If we add a nft wrong rule, nft_tables_abort will do the cleanup
work rightly, so nf_tables_set_destroy call here is redundant and
wrong, remove it.
Signed-off-by: Liping Zhang <liping.zhang(a)spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit 8588ac097b49ce8802f11541d9cd6f6667badb34
Author: Pablo Neira Ayuso <pablo(a)netfilter.org>
Date: Sat Jun 11 12:20:27 2016 +0800
netfilter: nf_tables: reject loops from set element jump to chain
Liping Zhang says:
"Users may add such a wrong nft rules successfully, which will cause an
endless jump loop:
# nft add rule filter test tcp dport vmap {1: jump test}
This is because before we commit, the element in the current anonymous
set is inactive, so osp->walk will skip this element and miss the
validate check."
To resolve this problem, this patch passes the generation mask to the
walk function through the iter container structure depending on the code
path:
1) If we're dumping the elements, then we have to check if the element
is active in the current generation. Thus, we check for the current
bit in the genmask.
2) If we're checking for loops, then we have to check if the element is
active in the next generation, as we're in the middle of a
transaction. Thus, we check for the next bit in the genmask.
Based on original patch from Liping Zhang.
Reported-by: Liping Zhang <liping.zhang(a)spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
Tested-by: Liping Zhang <liping.zhang(a)spreadtrum.com>
commit a46844021f6182cca7b575295ba33a4734b1b9d9
Author: Liping Zhang <liping.zhang(a)spreadtrum.com>
Date: Sat Jun 11 12:20:26 2016 +0800
netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set
We should check "i" is used as a dictionary or not, "binding" is
already
checked before.
Signed-off-by: Liping Zhang <liping.zhang(a)spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit 775711497202fe376368c25b0c7296ed8803e0ba
Author: Florian Westphal <fw(a)strlen.de>
Date: Fri Jun 10 17:25:19 2016 +0200
netfilter: conntrack: destroy kmemcache on module removal
I forgot to move the kmem_cache_destroy into the exit path.
Fixes: 0c5366b3a8c7 ("netfilter: conntrack: use single slab cache)
Signed-off-by: Florian Westphal <fw(a)strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
commit 61e0979a497b07f5a82f3050e37ecc7093e2971d
Merge: d1e3728 4100948
Author: David S. Miller <davem(a)davemloft.net>
Date: Tue Jun 14 22:21:45 2016 -0700
Merge branch 'ovs-notifications'
Nicolas Dichtel says:
====================
ovs: fix rtnl notifications on interface deletion
There was no rtnl notifications for interfaces (gre, vxlan, geneve) created
by ovs. This problem is fixed by adjusting the creation path.
v1 -> v2:
- add patch #1 and #4
- rework error handling in patch #2
====================
Acked-by: Pravin B Shelar <pshelar(a)ovn.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 41009481b690493c169ce85f591b9d32c6fd9422
Author: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Date: Mon Jun 13 10:31:07 2016 +0200
ovs/geneve: fix rtnl notifications on iface deletion
The function geneve_dev_create_fb() (only used by ovs) never calls
rtnl_configure_link(). The consequence is that dev->rtnl_link_state is
never set to RTNL_LINK_INITIALIZED.
During the deletion phase, the function rollback_registered_many() sends
a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Fixes: e305ac6cf5a1 ("geneve: Add support to collect tunnel metadata.")
CC: Pravin B Shelar <pshelar(a)nicira.com>
CC: Jesse Gross <jesse(a)nicira.com>
CC: Thomas Graf <tgraf(a)suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit da6f1da819d4b9c081a477dec74dc468a0b44290
Author: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Date: Mon Jun 13 10:31:06 2016 +0200
ovs/gre: fix rtnl notifications on iface deletion
The function gretap_fb_dev_create() (only used by ovs) never calls
rtnl_configure_link(). The consequence is that dev->rtnl_link_state is
never set to RTNL_LINK_INITIALIZED.
During the deletion phase, the function rollback_registered_many() sends
a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Fixes: b2acd1dc3949 ("openvswitch: Use regular GRE net_device instead of
vport")
CC: Thomas Graf <tgraf(a)suug.ch>
CC: Pravin B Shelar <pshelar(a)nicira.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit cf5da330bbdd0c06b05c525a3d1d58ccd82c87a6
Author: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Date: Mon Jun 13 10:31:05 2016 +0200
ovs/vxlan: fix rtnl notifications on iface deletion
The function vxlan_dev_create() (only used by ovs) never calls
rtnl_configure_link(). The consequence is that dev->rtnl_link_state is
never set to RTNL_LINK_INITIALIZED.
During the deletion phase, the function rollback_registered_many() sends
a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Note that the function vxlan_dev_create() is moved after the rtnl stuff so
that vxlan_dellink() can be called in this function.
Fixes: dcc38c033b32 ("openvswitch: Re-add CONFIG_OPENVSWITCH_VXLAN")
CC: Thomas Graf <tgraf(a)suug.ch>
CC: Pravin B Shelar <pshelar(a)nicira.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 106da663ff495e0aea3ac15b8317aa410754fcac
Author: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Date: Mon Jun 13 10:31:04 2016 +0200
ovs/gre,geneve: fix error path when creating an iface
After ipgre_newlink()/geneve_configure() call, the netdev is registered.
Fixes: 7e059158d57b ("vxlan, gre, geneve: Set a large MTU on ovs-created tunnel
devices")
CC: David Wragg <david(a)weave.works>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit d1e37288c9146dccff830e3253e403af8705b51f
Author: Su, Xuemin <suxm(a)chinanetcenter.com>
Date: Mon Jun 13 11:02:50 2016 +0800
udp reuseport: fix packet of same flow hashed to different socket
There is a corner case in which udp packets belonging to a same
flow are hashed to different socket when hslot->count changes from 10
to 11:
1) When hslot->count <= 10, __udp_lib_lookup() searches udp_table->hash,
and always passes 'daddr' to udp_ehashfn().
2) When hslot->count > 10, __udp_lib_lookup() searches udp_table->hash2,
but may pass 'INADDR_ANY' to udp_ehashfn() if the sockets are bound to
INADDR_ANY instead of some specific addr.
That means when hslot->count changes from 10 to 11, the hash calculated by
udp_ehashfn() is also changed, and the udp packets belonging to a same
flow will be hashed to different socket.
This is easily reproduced:
1) Create 10 udp sockets and bind all of them to 0.0.0.0:40000.
2) From the same host send udp packets to 127.0.0.1:40000, record the
socket index which receives the packets.
3) Create 1 more udp socket and bind it to 0.0.0.0:44096. The number 44096
is 40000 + UDP_HASH_SIZE(4096), this makes the new socket put into the
same hslot as the aformentioned 10 sockets, and makes the hslot->count
change from 10 to 11.
4) From the same host send udp packets to 127.0.0.1:40000, and the socket
index which receives the packets will be different from the one received
in step 2.
This should not happen as the socket bound to 0.0.0.0:44096 should not
change the behavior of the sockets bound to 0.0.0.0:40000.
It's the same case for IPv6, and this patch also fixes that.
Signed-off-by: Su, Xuemin <suxm(a)chinanetcenter.com>
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 6c0d54f1897d229748d4f41ef919078db6db2123
Author: Eric Dumazet <edumazet(a)google.com>
Date: Sun Jun 12 20:01:25 2016 -0700
net_sched: fix pfifo_head_drop behavior vs backlog
When the qdisc is full, we drop a packet at the head of the queue,
queue the current skb and return NET_XMIT_CN
Now we track backlog on upper qdiscs, we need to call
qdisc_tree_reduce_backlog(), even if the qlen did not change.
Fixes: 2ccccf5fb43f ("net_sched: update hierarchical backlog too")
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Cc: WANG Cong <xiyou.wangcong(a)gmail.com>
Cc: Jamal Hadi Salim <jhs(a)mojatatu.com>
Acked-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 881d0327db37ad917a367c77aff1afa1ee41e0a9
Author: Feng Tang <feng.tang(a)intel.com>
Date: Sun Jun 12 17:36:37 2016 +0800
net: alx: Work around the DMA RX overflow issue
Commit 26c5f03 uses a new skb allocator to avoid the RFD overflow
issue.
But from debugging without datasheet, we found the error always
happen when the DMA RX address is set to 0x....fc0, which is very
likely to be a HW/silicon problem.
So one idea is instead of adding a new allocator, why not just
hitting the right target by avaiding the error-prone DMA address?
This patch will actually
* Remove the commit 26c5f03
* Apply rx skb with 64 bytes longer space, and if the allocated skb
has a 0x...fc0 address, it will use skb_resever(skb, 64) to
advance the address, so that the RX overflow can be avoided.
In theory this method should also apply to atl1c driver, which
I can't find anyone who can help to test on real devices.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70761
Signed-off-by: Feng Tang <feng.tang(a)intel.com>
Suggested-by: Eric Dumazet <edumazet(a)google.com>
Tested-by: Ole Lukoie <olelukoie(a)mail.ru>
Acked-by: Eric Dumazet <edumazet(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit b46d9f625b07f843c706c2c7d0210a90ccdf143b
Author: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Date: Sun Jun 12 12:02:46 2016 +0200
ipv4: fix checksum annotation in udp4_csum_init
Reported-by: Cong Wang <xiyou.wangcong(a)gmail.com>
Cc: Cong Wang <xiyou.wangcong(a)gmail.com>
Cc: Tom Herbert <tom(a)herbertland.com>
Fixes: 4068579e1e098fa ("net: Implmement RFC 6936 (zero RX csums for
UDP/IPv6")
Signed-off-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit c148d16369ff0095eca950d17968ba1d56a47b53
Author: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Date: Sat Jun 11 21:15:37 2016 +0200
ipv6: fix checksum annotation in udp6_csum_init
Cc: Tom Herbert <tom(a)herbertland.com>
Fixes: 4068579e1e098fa ("net: Implmement RFC 6936 (zero RX csums for
UDP/IPv6")
Signed-off-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 5119bd16815d3f0364390a1369392dcc036790e7
Author: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Date: Sat Jun 11 20:41:38 2016 +0200
ipv6: tcp: fix endianness annotation in tcp_v6_send_response
Cc: Florent Fourcot <florent.fourcot(a)enst-bretagne.fr>
Fixes: 1d13a96c74fc ("ipv6: tcp: fix flowlabel value in ACK messages send from
TIME_WAIT")
Signed-off-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit dcb94b88c09ce82a80e188d49bcffdc83ba215a6
Author: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Date: Sat Jun 11 20:32:06 2016 +0200
ipv6: fix endianness error in icmpv6_err
IPv6 ping socket error handler doesn't correctly convert the new 32 bit
mtu to host endianness before using.
Cc: Lorenzo Colitti <lorenzo(a)google.com>
Fixes: 6d0bfe22611602f ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org>
Acked-by: Lorenzo Colitti <lorenzo(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit fdecf36fcefa9f48c2f2de21c8176f1a8ce2c960
Author: Clemens Gruber <clemens.gruber(a)pqgruber.com>
Date: Sat Jun 11 17:21:26 2016 +0200
phy: marvell: fix LED configuration via marvell,reg-init
Configuring the PHY LED registers for the Marvell 88E1510 and others is
not possible, because regardless of the values in marvell,reg-init, it
is later overridden in m88e1121_config_aneg with a non-standard default.
This patch moves that default configuration to .config_init to allow
setting the LED configuration through marvell,reg-init in the device
tree, which should override said default if it exists.
Signed-off-by: Clemens Gruber <clemens.gruber(a)pqgruber.com>
Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit bba42c7877d3efce86ca331ad1a7e37046627c72
Merge: 182fd9e 280a3ef
Author: Kalle Valo <kvalo(a)codeaurora.org>
Date: Tue Jun 14 17:07:38 2016 +0300
Merge tag 'iwlwifi-for-kalle-2016-06-10' of
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
* fix the scan timeout for long scans
* fix an RCU splat caused when updating the TKIP key
* fix a potential NULL-derefence introduced recently
* fix a IGTK key bug that has existed since the MVM driver was introduced
* fix some fw capabilities checks that got accidentally inverted
commit e024111f6946f45cf1559a8c6fd48d2d0f696d07
Author: Miaoqing Pan <miaoqing(a)codeaurora.org>
Date: Tue Jun 7 15:47:07 2016 +0300
ath9k: fix GPIO mask for AR9462 and AR9565
The incorrect GPIO mask cause kernel warning, when AR9462 access GPIO11.
Also fix the mask for AR9565.
WARNING: CPU: 1 PID: 199 at ../drivers/net/wireless/ath/ath9k/hw.c:2778
ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw]
CPU: 1 PID: 199 Comm: kworker/u16:9 Not tainted 4.7.0-rc1-next-20160530+ #5
Hardware name: Acer TravelMate P243/BA40_HC, BIOS V1.01 04/20/2012
Workqueue: events_power_efficient rfkill_poll
0000000000000000 ffff88002cf73d28 ffffffff813b8ddc 0000000000000000
0000000000000000 ffff88002cf73d68 ffffffff8107a331 00000ada00000086
ffff880148d9c018 000000000000000b ffff880147e68720 0000000000000200
Call Trace:
[<ffffffff813b8ddc>] dump_stack+0x63/0x87
[<ffffffff8107a331>] __warn+0xd1/0xf0
[<ffffffff8107a41d>] warn_slowpath_null+0x1d/0x20
[<ffffffffc0775b19>] ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw]
[<ffffffffc047f3e4>] ath9k_rfkill_poll_state+0x34/0x60 [ath9k]
[<ffffffffc06dbb53>] ieee80211_rfkill_poll+0x33/0x40 [mac80211]
[<ffffffffc03ad65a>] cfg80211_rfkill_poll+0x2a/0xc0 [cfg80211]
[<ffffffff817c5514>] rfkill_poll+0x24/0x50
[<ffffffff81093183>] process_one_work+0x153/0x3f0
[<ffffffff8109393b>] worker_thread+0x12b/0x4b0
[<ffffffff81093810>] ? rescuer_thread+0x340/0x340
[<ffffffff81099129>] kthread+0xc9/0xe0
[<ffffffff817d8f1f>] ret_from_fork+0x1f/0x40
[<ffffffff81099060>] ? kthread_park+0x60/0x60
Fixes: a01ab81b09c5 ("ath9k: define correct GPIO numbers and bits mask")
Reported-by: Sudip Mukherjee <sudip.mukherjee(a)codethink.co.uk>
Tested-by: Sudip Mukherjee <sudip.mukherjee(a)codethink.co.uk>
Signed-off-by: Miaoqing Pan <miaoqing(a)codeaurora.org>
Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com>
commit e50525bef593c3dd0564df676c567d77f7c20322
Author: Rajkumar Manoharan <rmanohar(a)qti.qualcomm.com>
Date: Thu Jun 9 11:33:55 2016 +0530
ath10k: fix deadlock while processing rx_in_ord_ind
commit 5c86d97bcc1d ("ath10k: combine txrx and replenish task")
introduced deadlock while processing rx in order indication message
for qca6174 based devices. While merging replenish and txrx tasklets,
replenish task should be called out of htt rx ring locking since it
is also try to acquire the same lock.
Unfortunately this issue is not exposed by other solutions (qca988x,
qca99x0 & qca4019), as rx_in_ord_ind message is specific to qca6174
based devices. This patch fixes
=============================================
[ INFO: possible recursive locking detected ]
4.7.0-rc2-wt-ath+ #1353 Tainted: G E
---------------------------------------------
swapper/3/0 is trying to acquire lock:
(&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d7ef19>]
ath10k_htt_rx_msdu_buff_replenish+0x29/0x90 [ath10k_core]
but task is already holding lock:
(&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(&htt->rx_ring.lock)->rlock);
lock(&(&htt->rx_ring.lock)->rlock);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by swapper/3/0:
#0: (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>]
ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=119151
Fixes: 5c86d97bcc1d ("ath10k: combine txrx and replenish task")
Reported-by: Mike Lothian <mike(a)fireburn.co.uk>
Signed-off-by: Rajkumar Manoharan <rmanohar(a)qti.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com>
commit d941ebe88a411aa281cc80477a93feb931a1b50b
Author: Ivan Khoronzhuk <ivan.khoronzhuk(a)linaro.org>
Date: Sat Jun 11 01:11:54 2016 +0300
net: ethernet: ti: cpsw: use destroy ctlr to destroy channels
There is no reason to destroy channels that are destroyed while
cpdma_ctlr destroy. In this case no need to remember how much
channels where created and destroy them by one, as cpdma_ctlr
destroys all of them.
Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk(a)linaro.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit cbdf451164785c9cf5acd5d2983c1e7c778df4c1
Author: Eric Dumazet <edumazet(a)google.com>
Date: Sun Jun 12 16:21:47 2016 -0700
net_sched: prio: properly report out of memory errors
At Qdisc creation or change time, prio_tune() creates missing
pfifo qdiscs but does not return an error code if one
qdisc could not be allocated.
Leaving a qdisc in non operational state without telling user
anything about this problem is not good.
Also, testing if we replace something different than noop_qdisc
a second time makes no sense so I removed useless code.
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 86ef7f9cbfd564377028098cf20cc1c3ec2c776d
Author: David S. Miller <davem(a)davemloft.net>
Date: Sat Jun 11 20:40:24 2016 -0700
ipconfig: Protect ic_addrservaddr with IPCONFIG_DYNAMIC.
> net/ipv4/ipconfig.c:130:15: warning:
'ic_addrservaddr' defined but not used [-Wunused-variable]
static
__be32 ic_addrservaddr = NONE; /* IP Address of the IP addresses'server */
Reported-by: kbuild test robot <fengguang.wu(a)intel.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 92ca8241533009e4e05a9f3999a75389678af094
Author: Manuel Lauss <manuel.lauss(a)gmail.com>
Date: Sat Jun 11 00:13:04 2016 +0200
net: au1000_eth: fix PHY detection
Commit 7f854420fbfe9d49afe2ffb1df052cfe8e215541
("phy: Add API for {un}registering an mdio device to a bus.")
broke PHY detection on this driver with a copy-paste bug:
The code is looking 32 times for a PHY at address 0.
Fixes ethernet on AMD DB1100/DB1500/DB1550 boards which have
their (autodetected) PHYs at address 31.
Cc: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: Manuel Lauss <manuel.lauss(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 86c5fe4c932a8ef2d32f8b3d32cc9f0476fc54f3
Author: David S. Miller <davem(a)davemloft.net>
Date: Fri Jun 10 23:34:24 2016 -0700
Revert "net: au1000_eth: fix PHY detection"
This reverts commit a2f27217e4e60e663b5b971b0ccb287a9548b04e.
I applied the wrong version of this.
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a2f27217e4e60e663b5b971b0ccb287a9548b04e
Author: Manuel Lauss <manuel.lauss(a)gmail.com>
Date: Fri Jun 10 16:53:05 2016 +0200
net: au1000_eth: fix PHY detection
Commit 7f854420fbfe9d49afe2ffb1df052cfe8e215541
("phy: Add API for {un}registering an mdio device to a bus.")
broke PHY detection on this driver with a copy-paste bug:
The code is looking 32 times for a PHY at address 0.
Fixes ethernet on AMD DB1100/DB1500/DB1550 boards which have
their (autodetected) PHYs at address 31.
Cc: Andrew Lunn <andrew(a)lunn.ch>
Signed-off-by: Manuel Lauss <manuel.lauss(a)gmail.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit a4b42ab3205a28b24eb0d480935cf9fd1051a7f2
Merge: 0b392be 82c6544
Author: David S. Miller <davem(a)davemloft.net>
Date: Fri Jun 10 23:29:30 2016 -0700
Merge branch 'mediatek-fixes'
John Crispin says:
====================
net: mediatek: various small fixes
This series contains various small fixes that we stumbled across while
doing thorough testing and code level reviewing of the driver.
Changes in V2:
* drop the DQL patch from the list until a better solution is found
====================
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 82c6544dddc6c4bd940917af2f987dee6be0fc17
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:08 2016 +0200
net: mediatek: remove superfluous queue wake up call
The code checks if the queue should be stopped because we are below the
threshold of free descriptors only to check if it should be started again.
If we do end up in a state where we are at the threshold limit, it makes
more sense to just stop the queue and wait for the next IRQ to trigger the
TX housekeeping again. There is no rush in enqueuing the next packet, it
needs to wait for all the others in the queue to be dispatched first
anyway.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit ad3cba989e8b1bbefe078eece29f0e8d8aaea1d6
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:07 2016 +0200
net: mediatek: only wake the queue if it is stopped
The current code unconditionally wakes up the queue at the end of each
tx_poll action. Change the code to only wake up the queues if any of
them have actually been stopped before.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 12c97c13ea7174db5b5dc4a1ef91d4e9245bb569
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:06 2016 +0200
net: mediatek: fix off by one in the TX ring allocation
The TX ring setup has an off by one error causing it to not utilise all
descriptors. This has the side effect that we need to reset the next
pointer at runtime to make it work. Fix the off by one and remove the
code fixing the ring at runtime.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit eaadf9fd3f6390f6ecbd0dfbd5997a0486fc9d5e
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:05 2016 +0200
net: mediatek: increase watchdog_timeo
During stress testing, after reducing the threshold value, we have seen
TX timeouts that were caused by the watchdog_timeo value being too low.
Increase the value to 5 * HZ which is a value commonly used by many other
drivers.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 04698cccb1de54d5d97fda2e4a1c6ca365da0f70
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:04 2016 +0200
net: mediatek: fix threshold value
The logic to calculate the threshold value for stopping the TX queue is
bad. Currently it will always use 1/2 of the rings size, which is way too
much. Set the threshold to MAX_SKB_FRAGS. This makes sure that the queue
is stopped when there is not enough room to accept an additional segment.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 2ff0bb61646f286fa97db2904491974302a14f1f
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:03 2016 +0200
net: mediatek: disable all interrupts during probe
The current code only disables those IRQs that we will later use. To
ensure that we have a predefined state, we really want to disable all IRQs.
Change the code to disable all IRQs to achieve this.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 6675086d04e7c0748cd5884f7c8611b5f0836250
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:02 2016 +0200
net: mediatek: add next data pointer coherency protection
The QDMA engine can fail to update the register pointing to the next TX
descriptor if this bit does not get set in the QDMA configuration register.
Not setting this bit can result in invalid values inside the TX rings
registers which will causes TX stalls.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 94321a9fc9f5b6c6e949cc7c69741538f556ab74
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:01 2016 +0200
net: mediatek: dropped rx packets are not being counted properly
There are two places inside mtk_poll_rx where rx_dropped is not being
incremented properly. Fix this by adding the missing code to increment
the counter.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 2fae723cefb8bfe712371978288aa0a70b54802e
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:28:00 2016 +0200
net: mediatek: invalid buffer lookup in mtk_tx_map()
The lookup of the tx_buffer in the error path inside mtk_tx_map() uses the
wrong descriptor pointer. This looks like a copy & paste error. Change the
code to use the correct pointer.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 605e4fe476956c67ced8518247e6c9601a31b868
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:27:59 2016 +0200
net: mediatek: fix missing free of scratch memory
Scratch memory gets allocated in mtk_init_fq_dma() but the corresponding
code to free it is missing inside mtk_dma_free() causing a memory leak.
With this patch applied, we can run ifconfig up/down several thousand
times without any problems.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 562c5a70400c75f50d99de631666ac7cc2f03958
Author: John Crispin <john(a)phrozen.org>
Date: Fri Jun 10 13:27:58 2016 +0200
net: mediatek: add missing return code check
The code fails to check if the scratch memory was properly allocated. Add
this check and return with an error if the allocation failed.
Signed-off-by: John Crispin <john(a)phrozen.org>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 0b392be9a86560dae3af2e7528f226ff465ab549
Author: Ben Dooks <ben.dooks(a)codethink.co.uk>
Date: Fri Jun 10 12:11:06 2016 +0100
net: ipconfig: avoid warning by making ic_addrservaddr static
The symbol ic_addrservaddr is not static, but has no declaration
to match so make it static to fix the following warning:
net/ipv4/ipconfig.c:130:8: warning: symbol 'ic_addrservaddr' was not declared.
Should it be static?
Signed-off-by: Ben Dooks <ben.dooks(a)codethink.co.uk>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit c3ec5e5ce9cea1f369a5a8ad69d6471680796bc6
Author: Ben Dooks <ben.dooks(a)codethink.co.uk>
Date: Thu Jun 9 18:05:09 2016 +0100
net: diag: add missing declarations
The functions inet_diag_msg_common_fill and inet_diag_msg_attrs_fill
seem to have been missed from the include/linux/inet_diag.h header
file. Add them to fix the following warnings:
net/ipv4/inet_diag.c:69:6: warning: symbol 'inet_diag_msg_common_fill' was not
declared. Should it be static?
net/ipv4/inet_diag.c:108:5: warning: symbol 'inet_diag_msg_attrs_fill' was not
declared. Should it be static?
Signed-off-by: Ben Dooks <ben.dooks(a)codethink.co.uk>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 56fae404fb2c306db0a35dad0d16fa24c65678f3
Author: Ido Schimmel <idosch(a)mellanox.com>
Date: Tue Jun 7 12:06:58 2016 +0300
bridge: Fix incorrect re-injection of STP packets
Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook
returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's
return value by consuming packets in okfn via br_pass_frame_up().
However, this function re-injects packets to the Rx path with skb->dev
set to the bridge device, which breaks kernel's STP, as all STP packets
appear to originate from the bridge device itself.
Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn
packet's SMAC and inject it back to the Rx path for further processing
by the packet handlers.
The patch also makes netfilter's behavior consistent with regards to
packets destined to the Bridge Group Address, as no hook registered at
LOCAL_IN will ever be called, regardless if STP is enabled or not.
Cc: Florian Westphal <fw(a)strlen.de>
Cc: Shmulik Ladkani <shmulik.ladkani(a)gmail.com>
Cc: Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp>
Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns
QUEUE or STOLEN verdict")
Signed-off-by: Jiri Pirko <jiri(a)mellanox.com>
Signed-off-by: Ido Schimmel <idosch(a)mellanox.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit fc0f7e3317c5f406e6d5520209b4689a4ffecfdf
Author: Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com>
Date: Mon Jun 6 10:47:47 2016 +0200
net: phy: smsc: reintroduced unconditional soft reset
We detected some problems using the smsc lan8720a in combination with
i.MX28 and tracked this down to commit 21009686662f ("net: phy: smsc: move
smsc_phy_config_init reset part in a soft_reset function")
With 2100968666 the generic soft reset is replaced by a specific function
which handles power down state correctly. But additionally the soft reset
itself got conditional and is therefore also only performed if the phy is
in power down state.
This patch keeps the conditional wake up from power down, but
re-introduces the unconditional soft reset using the generic soft reset
function.
It was tested on linux-4.1.25 and linux-4.7.0-rc2.
Signed-off-by: Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
commit 280a3efa82fccc9532c968a77e5162cb9f0af497
Author: Johannes Berg <johannes.berg(a)intel.com>
Date: Tue Jun 7 14:46:37 2016 +0200
iwlwifi: mvm: fix a few firmware capability checks
My cleanup in "iwlwifi: prepare for higher API/CAPA bits" accidentally
inverted a few tests - fix them.
Fixes: 859d914c8f5c ("iwlwifi: prepare for higher API/CAPA bits")
Reported-by: Sara Sharon <sara.sharon(a)intel.com>
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
commit aa950524d501afa28869b7f56e539fd9e744dd9f
Author: Ayala Beker <ayala.beker(a)intel.com>
Date: Wed Jun 1 00:28:09 2016 +0300
iwlwifi: mvm: set the encryption type of an IGTK key
The FW expect the driver to set the encryption algorithm type when
installing the IGTK key in the HW.
Currently when installing CMAC IGTK key we don't set the algorithm type
and as a result the FW fails to calculate the MIC of multicast management
frames.
Fix it.
Signed-off-by: Ayala Beker <ayala.beker(a)intel.com>
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
commit 1f9788f335d7c3145bcb59bd570c5b9ef7203ef4
Author: Luca Coelho <luciano.coelho(a)intel.com>
Date: Mon May 16 14:34:20 2016 +0300
iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder()
We try to access sta before we check for IS_ERR_OR_NULL(), so we may
end up accessing a NULL pointer. To prevent that, move the conversion
from sta to mvm_sta below the check.
Fixes: b915c10174fb ("iwlwifi: mvm: add reorder buffer per queue")
Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com>
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
commit 7d6a1ab6a2db180122dee8db6c201f2dcf677813
Author: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
Date: Sun May 15 10:20:29 2016 +0300
iwlwifi: mvm: fix RCU splat in TKIP's update_key
The commit below mistakenly changed an rcu_dereference_check
to a rcu_dereference_protected which introduced the
following RCU warning:
[ INFO: suspicious RCU usage. ]
4.6.0-rc7-next-20160513-dbg-00004-g8de8b92-dirty #655 Not tainted
-------------------------------
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h:1069 suspicious
rcu_dereference_protected() usage!
Call Trace:
[<ffffffff8106b836>] lockdep_rcu_suspicious+0xf7/0x100
[<ffffffffa03b2321>] iwl_mvm_get_key_sta.part.0+0x5d/0x80 [iwlmvm]
[<ffffffffa03b4acb>] iwl_mvm_update_tkip_key+0xd3/0x162 [iwlmvm]
[<ffffffffa03a2b60>] iwl_mvm_mac_update_tkip_key+0x17/0x19 [iwlmvm]
[<ffffffffa0329646>] ieee80211_tkip_decrypt_data+0x22c/0x24b [mac80211]
[<ffffffffa0318bb1>] ieee80211_crypto_tkip_decrypt+0xc5/0x110 [mac80211]
[<ffffffffa033102e>] ieee80211_rx_handlers+0x9bb/0x1fe1 [mac80211]
Fixes: 13303c0fb148 ("iwlwifi: mvm: use helpers to get iwl_mvm_sta")
Reported-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
commit 06a84db74c3572cde79eb1b04f301399eafb8226
Author: Luca Coelho <luciano.coelho(a)intel.com>
Date: Mon May 2 15:27:34 2016 +0300
iwlwifi: mvm: increase scan timeout to 20 seconds
The 16 seconds timeout we were using turned out to be too short.
Recalculations by system show that the total time in both bands should
be < 18.5 seconds, even in the slowest cases (e.g. DCM P2P with
DTIM=2). Rounding it up to 20 seconds for a bit more safety.
Fixes: 728e825f81b1 ("iwlwifi: mvm: add a scan timeout for regular scans")
Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com>
commit 8d0a0710ea0d22881fdb40eb79d346a98cc64ae6
Author: Ben Greear <greearb(a)candelatech.com>
Date: Thu Jun 2 17:59:54 2016 +0300
ath10k: fix crash related to printing features
This looks like a regression from commit c4cdf753ed42 ("ath10k: move
fw_features to struct ath10k_fw_file"), we were printing the features from a
wrong struct.
Fixes: c4cdf753ed42 ("ath10k: move fw_features to struct ath10k_fw_file")
Signed-off-by: Ben Greear <greearb(a)candelatech.com>
[kvalo(a)qca.qualcomm.com: improve commit log]
Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com>
commit fee48cf8374569a3888fd8c8536283e6067f0cfb
Author: Ben Greear <greearb(a)candelatech.com>
Date: Fri Apr 1 14:12:12 2016 -0700
ath10k: fix deadlock when peer cannot be created
We must not attempt to send WMI packets while holding the data-lock,
as it may deadlock:
BUG: sleeping function called from invalid context at
drivers/net/wireless/ath/ath10k/wmi.c:1824
in_atomic(): 1, irqs_disabled(): 0, pid: 2878, name: wpa_supplicant
=============================================
[ INFO: possible recursive locking detected ]
4.4.6+ #21 Tainted: G W O
---------------------------------------------
wpa_supplicant/2878 is trying to acquire lock:
(&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa0721511>]
ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
but task is already holding lock:
(&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>]
ath10k_peer_create+0x122/0x1ae [ath10k_core]
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(&ar->data_lock)->rlock);
lock(&(&ar->data_lock)->rlock);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by wpa_supplicant/2878:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff816493ca>] rtnl_lock+0x12/0x14
#1: (&ar->conf_mutex){+.+.+.}, at: [<ffffffffa0706932>]
ath10k_add_interface+0x3b/0xbda [ath10k_core]
#2: (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>]
ath10k_peer_create+0x122/0x1ae [ath10k_core]
#3: (rcu_read_lock){......}, at: [<ffffffffa062f304>] rcu_read_lock+0x0/0x66
[mac80211]
stack backtrace:
CPU: 3 PID: 2878 Comm: wpa_supplicant Tainted: G W O 4.4.6+ #21
Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5
06/07/2013
0000000000000000 ffff8801fcadf8f0 ffffffff8137086d ffffffff82681720
ffffffff82681720 ffff8801fcadf9b0 ffffffff8112e3be ffff8801fcadf920
0000000100000000 ffffffff82681720 ffffffffa0721500 ffff8801fcb8d348
Call Trace:
[<ffffffff8137086d>] dump_stack+0x81/0xb6
[<ffffffff8112e3be>] __lock_acquire+0xc5b/0xde7
[<ffffffffa0721500>] ? ath10k_wmi_tx_beacons_iter+0x15/0x11a [ath10k_core]
[<ffffffff8112d0d0>] ? mark_lock+0x24/0x201
[<ffffffff8112e908>] lock_acquire+0x132/0x1cb
[<ffffffff8112e908>] ? lock_acquire+0x132/0x1cb
[<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
[<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
[<ffffffff816f9e2b>] _raw_spin_lock_bh+0x31/0x40
[<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
[<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
[<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
[<ffffffffa062eb18>] __iterate_interfaces+0x9d/0x13d [mac80211]
[<ffffffffa062f609>] ieee80211_iterate_active_interfaces_atomic+0x32/0x3e
[mac80211]
[<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core]
[<ffffffffa071fa9f>] ath10k_wmi_tx_beacons_nowait.isra.13+0x14/0x16
[ath10k_core]
[<ffffffffa0721676>] ath10k_wmi_cmd_send+0x71/0x242 [ath10k_core]
[<ffffffffa07023f6>] ath10k_wmi_peer_delete+0x3f/0x42 [ath10k_core]
[<ffffffffa0702557>] ath10k_peer_create+0x15e/0x1ae [ath10k_core]
[<ffffffffa0707004>] ath10k_add_interface+0x70d/0xbda [ath10k_core]
[<ffffffffa05fffcc>] drv_add_interface+0x123/0x1a5 [mac80211]
[<ffffffffa061554b>] ieee80211_do_open+0x351/0x667 [mac80211]
[<ffffffffa06158aa>] ieee80211_open+0x49/0x4c [mac80211]
[<ffffffff8163ecf9>] __dev_open+0x88/0xde
[<ffffffff8163ef6e>] __dev_change_flags+0xa4/0x13a
[<ffffffff8163f023>] dev_change_flags+0x1f/0x54
[<ffffffff816a5532>] devinet_ioctl+0x2b9/0x5c9
[<ffffffff816514dd>] ? copy_to_user+0x32/0x38
[<ffffffff816a6115>] inet_ioctl+0x81/0x9d
[<ffffffff816a6115>] ? inet_ioctl+0x81/0x9d
[<ffffffff81621cf8>] sock_do_ioctl+0x20/0x3d
[<ffffffff816223c4>] sock_ioctl+0x222/0x22e
[<ffffffff8121cf95>] do_vfs_ioctl+0x453/0x4d7
[<ffffffff81625603>] ? __sys_recvmsg+0x4c/0x5b
[<ffffffff81225af1>] ? __fget_light+0x48/0x6c
[<ffffffff8121d06b>] SyS_ioctl+0x52/0x74
[<ffffffff816fa736>] entry_SYSCALL_64_fastpath+0x16/0x7a
Signed-off-by: Ben Greear <greearb(a)candelatech.com>
Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com>
-----------------------------------------------------------------------
--
linux integration
2524
days inactive
2524
days old
0 comments
1 participants
participants (1)
-
postmaster@open-mesh.org