The branch, base/net has been created at 5b4d10f5e0369ed79434593b7cd8e85eebbe473f (commit)
- Shortlog ------------------------------------------------------------ commit 5b4d10f5e0369ed79434593b7cd8e85eebbe473f Author: Dan Carpenter dan.carpenter@oracle.com Date: Mon Jun 27 23:50:29 2016 +0300
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
There is a static checker warning here "warn: mask and shift to zero" and the code sets "ring" to zero every time. From looking at how QLCNIC_FETCH_RING_ID() is used in qlcnic_83xx_process_rcv_ring() the qlcnic_83xx_hndl() should be removed.
Fixes: 4be41e92f7c6 ('qlcnic: 83xx data path routines') Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: David S. Miller davem@davemloft.net
commit ceb56070359b7329b5678b5d95a376fcb24767be Author: Daniel Borkmann daniel@iogearbox.net Date: Mon Jun 27 21:38:11 2016 +0200
bpf, perf: delay release of BPF prog after grace period
Commit dead9f29ddcc ("perf: Fix race in BPF program unregister") moved destruction of BPF program from free_event_rcu() callback to __free_event(), which is problematic if used with tail calls: if prog A is attached as trace event directly, but at the same time present in a tail call map used by another trace event program elsewhere, then we need to delay destruction via RCU grace period since it can still be in use by the program doing the tail call (the prog first needs to be dropped from the tail call map, then trace event with prog A attached destroyed, so we get immediate destruction).
Fixes: dead9f29ddcc ("perf: Fix race in BPF program unregister") Signed-off-by: Daniel Borkmann daniel@iogearbox.net Acked-by: Alexei Starovoitov ast@kernel.org Cc: Jann Horn jann@thejh.net Signed-off-by: David S. Miller davem@davemloft.net
commit 565ce8f32ac4a233b474f401e1d3e7e1de0a31fd Author: Nikolay Aleksandrov nikolay@cumulusnetworks.com Date: Mon Jun 27 18:34:42 2016 +0200
net: bridge: fix vlan stats continue counter
I made a dumb off-by-one mistake when I added the vlan stats counter dumping code. The increment should happen before the check, not after otherwise we miss one entry when we continue dumping.
Fixes: a60c090361ea ("bridge: netlink: export per-vlan stats") Signed-off-by: Nikolay Aleksandrov nikolay@cumulusnetworks.com Signed-off-by: David S. Miller davem@davemloft.net
commit a3d2e9f8eb1487f4191ff08ce2d3d63702c65a90 Author: Eric Dumazet edumazet@google.com Date: Mon Jun 27 17:38:50 2016 +0200
tcp: do not send too big packets at retransmit time
Arjun reported a bug in TCP stack and bisected it to a recent commit.
In case where we process SACK, we can coalesce multiple skbs into fat ones (tcp_shift_skb_data()), to lower write queue overhead, because we do not expect to retransmit these packets.
However, SACK reneging can happen, forcing the sender to retransmit all these packets. If skb->len is above 64KB, we then send buggy IP packets that could hang TSO engine on cxgb4.
Neal suggested to use tcp_tso_autosize() instead of tp->gso_segs so that we cook packets of optimal size vs TCP/pacing.
Thanks to Arjun for reporting the bug and running the tests !
Fixes: 10d3be569243 ("tcp-tso: do not split TSO packets at retransmit time") Signed-off-by: Eric Dumazet edumazet@google.com Reported-by: Arjun V arjun@chelsio.com Tested-by: Arjun V arjun@chelsio.com Acked-by: Neal Cardwell ncardwell@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit 96183182ad05d1ce31b9048921c12bf4ad621eaf Author: Wei Yongjun yongjun_wei@trendmicro.com.cn Date: Mon Jun 27 20:48:53 2016 +0800
ibmvnic: fix to use list_for_each_safe() when delete items
Since we will remove items off the list using list_del() we need to use a safe version of the list_for_each() macro aptly named list_for_each_safe().
Signed-off-by: Wei Yongjun yongjun_wei@trendmicro.com.cn Signed-off-by: David S. Miller davem@davemloft.net
commit b2c1b30e3e6dea37d5a7176bd09cf5967fb43665 Merge: f5074d0 3e29adb Author: David S. Miller davem@davemloft.net Date: Wed Jun 29 05:14:19 2016 -0400
Merge branch 'thunderx-fixes'
Sunil Goutham says:
==================== net: thunderx: Miscellaneous fixes
This 2 patch series fixes issues w.r.t physical link status reporting and transmit datapath configuration for secondary qsets.
Changes from v1: Fixed lmac disable sequence for interfaces of type SGMII. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 3e29adba567306504e99b8363edf2d47c19dbe1b Author: Sunil Goutham sgoutham@cavium.com Date: Mon Jun 27 15:30:03 2016 +0530
net: thunderx: Fix TL4 configuration for secondary Qsets
TL4 calculation for a given SQ of secondary Qsets is incorrect and goes out of bounds and also for some SQ's TL4 chosen will transmit data via a different BGX interface and not same as primary Qset's interface.
This patch fixes this issue.
Signed-off-by: Sunil Goutham sgoutham@cavium.com Signed-off-by: David S. Miller davem@davemloft.net
commit 3f4c68cfde30caa1f6d8368fd19590671411ade2 Author: Sunil Goutham sgoutham@cavium.com Date: Mon Jun 27 15:30:02 2016 +0530
net: thunderx: Fix link status reporting
Check for SMU RX local/remote faults along with SPU LINK status. Otherwise at times link is UP at our end but DOWN at link partner's side. Also due to an issue in BGX it's rarely seen that initialization doesn't happen properly and SMU RX reports faults with everything fine at SPU. This patch tries to reinitialize LMAC to fix it.
Also fixed LMAC disable sequence to properly bring down link.
Signed-off-by: Sunil Goutham sgoutham@cavium.com Signed-off-by: Tao Wang tao.wang@cavium.com Signed-off-by: David S. Miller davem@davemloft.net
commit f5074d0ce2f8b45b3d5998a280edd2066c0cfcda Merge: 3ec0a0f bfe6d8d Author: David S. Miller davem@davemloft.net Date: Wed Jun 29 04:28:59 2016 -0400
Merge branch 'mlx5-100G-fixes'
Saeed Mahameed says:
==================== Mellanox 100G mlx5 fixes#2 for 4.7-rc
The following series provides one-liners fixes for mlx5 driver plus one medium patch to reorganize ethtool counters reporting.
Highlights: - Added MODIFY_FLOW_TABLE to command strings table - Add ConnectX-5 PCIe 4.0 to list of supported devices - Rename ASYNC_EVENTS enum - Enable BlueFlame only when supported by device - Avoid adding same vxlan port twice - Report the correct number of PFC counters - Reorganize ethtool reported counters and remove duplications ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit bfe6d8d1d433cbd5513a93132695e6dbdd79e6f2 Author: Gal Pressman galp@mellanox.com Date: Mon Jun 27 12:08:38 2016 +0300
net/mlx5e: Reorganize ethtool statistics
Categorize and reorganize ethtool statistics counters by renaming to "rx_*" and "tx_*" and removing redundant and duplicated counters, this way they are easier to grasp and more user friendly.
Signed-off-by: Gal Pressman galp@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit ed80ec4c179d1f44cc1b36c7a102353ae6103793 Author: Gal Pressman galp@mellanox.com Date: Mon Jun 27 12:08:37 2016 +0300
net/mlx5e: Fix number of PFC counters reported to ethtool
Number of PFC counters used to count only number of priorities with PFC enabled, but each priority has more than one counter, hence the need to multiply it by the number of PFC counters per priority.
Fixes: cf678570d5a1 ('net/mlx5e: Add per priority group to PPort counters') Signed-off-by: Gal Pressman galp@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 9ceec359e4ebdbbfd35375203c5bd06d602225f7 Author: Matthew Finlay matt@mellanox.com Date: Mon Jun 27 12:08:36 2016 +0300
net/mlx5e: Prevent adding the same vxlan port
Do not allow the same vxlan udp port to be added to the device more than once.
Fixes: b3f63c3d5e2c ("net/mlx5e: Add netdev support for VXLAN tunneling") Signed-off-by: Matthew Finlay matt@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit fd4782c21359cfd52af4c3180a2bb6bad55c1eba Author: Gal Pressman galp@mellanox.com Date: Mon Jun 27 12:08:35 2016 +0300
net/mlx5e: Check for BlueFlame capability before allocating SQ uar
Previous to this patch mapping was always set to write combining without checking whether BlueFlame is supported in the device.
Fixes: 0ba422410bbf ('net/mlx5: Fix global UAR mapping') Signed-off-by: Gal Pressman galp@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit e0f46eb9f64ca2e97d242b6e02b8ae2c7fe6dc56 Author: Eli Cohen eli@mellanox.com Date: Mon Jun 27 12:08:34 2016 +0300
net/mlx5e: Change enum to better reflect usage
Change MLX5E_STATE_ASYNC_EVENTS_ENABLE to MLX5E_STATE_ASYNC_EVENTS_ENABLED since it represent a state and not an operation.
Fixes: acff797cd1874 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality') Signed-off-by: Eli Cohen eli@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 7092fe866907f4f243122ab388cbf0e77305afaa Author: Majd Dibbiny majd@mellanox.com Date: Mon Jun 27 12:08:33 2016 +0300
net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices
Add the upcoming ConnectX-5 PCIe 4.0 device to the list of supported devices by the mlx5 driver.
Signed-off-by: Majd Dibbiny majd@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 5be1ea899da4f11de92897d2ea706e0820609b9e Author: Eli Cohen eli@mellanox.com Date: Mon Jun 27 12:08:32 2016 +0300
net/mlx5: Update command strings
Add command string for MODIFY_FLOW_TABLE which is used by the driver.
Signed-off-by: Eli Cohen eli@mellanox.com Signed-off-by: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 3ec0a0f10ceb77c78f540ded1d13bf0cf7f89a07 Author: Harini Katakam harini.katakam@xilinx.com Date: Mon Jun 27 13:09:59 2016 +0530
net: marvell: Add separate config ANEG function for Marvell 88E1111
Marvell 88E1111 currently uses the generic marvell config ANEG function. This function has a sequence accessing Page 5 and Register 31, both of which are not defined or reserved for this PHY. Hence this patch adds a new config ANEG function for Marvell 88E1111 without these erroneous accesses.
Signed-off-by: Harini Katakam harinik@xilinx.com Signed-off-by: David S. Miller davem@davemloft.net
commit d10f0b312adc21b9b78e36cf695e6157989ce041 Merge: 69fc58a 420cb1b Author: David S. Miller davem@davemloft.net Date: Wed Jun 29 04:01:53 2016 -0400
Merge branch 'batman-adv-fixes'
Sven Eckelmann says:
==================== batman-adv: Fixes for Linux 4.7
Antonio currently seems to be occupied. This is currently rather unfortunate because there are patches waiting in the batman-adv development repository maint(enance) branch [1] since up to 6 weeks. I am now getting asked when these patches will hit the distribution kernels and therefore decided to submit these patches directly to netdev.
The patch from Simon works around the problem that warnings could be triggered in the translation table code via packets using a VLAN not configured on the target host. This warning was replaced with a rate limited info message.
Ben Hutchings found an superfluous batadv_softif_vlan_put in the error handling code of the translation table while he backported the "batman-adv: Fix reference counting of vlan object for tt_local_entry" patch to the stable kernels. He noticed correctly that this batadv_softif_vlan_put should also have been removed by the said patch.
The most requested fix at the moment is related to a double free in the translation table code. It is a race condition which mostly happens on systems with multiple cores and multiple network interface attached to batman-adv. Two Freifunk communities which were haunted by weird crashes (with backtraces reporting problems in other parts of the kernel) were kind enough to test this patch. They reported that there systems are now running stable after applying this patch.
An invalid memory access was detected in the batadv_icmp_packet_rr handling code when receiving a skbuff with fragments. The last patch is fixing a memory leak when the interface is removed via .dellink. The code to fix it was copied from the code handling the legacy sysfs interface to remove netdevices from a batman-adv netdevice.
There are still 28 patches in the development tree for v4.8 but I will leave them to Antonio because these are cleanups and features and therefore for net- next. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 420cb1b764f9169c5d2601b4af90e4a1702345ee Author: Sven Eckelmann sven@narfation.org Date: Sun Jun 26 11:16:13 2016 +0200
batman-adv: Clean up untagged vlan when destroying via rtnl-link
The untagged vlan object is only destroyed when the interface is removed via the legacy sysfs interface. But it also has to be destroyed when the standard rtnl-link interface is used.
Fixes: 5d2c05b21337 ("batman-adv: add per VLAN interface attribute framework") Signed-off-by: Sven Eckelmann sven@narfation.org Acked-by: Antonio Quartulli a@unstable.cc Signed-off-by: Marek Lindner mareklindner@neomailbox.ch Signed-off-by: David S. Miller davem@davemloft.net
commit 3b55e4422087f9f7b241031d758a0c65584e4297 Author: Sven Eckelmann sven@narfation.org Date: Sun Jun 26 11:16:12 2016 +0200
batman-adv: Fix ICMP RR ethernet access after skb_linearize
The skb_linearize may reallocate the skb. This makes the calculated pointer for ethhdr invalid. But it the pointer is used later to fill in the RR field of the batadv_icmp_packet_rr packet.
Instead re-evaluate eth_hdr after the skb_linearize+skb_cow to fix the pointer and avoid the invalid read.
Fixes: da6b8c20a5b8 ("batman-adv: generalize batman-adv icmp packet handling") Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Marek Lindner mareklindner@neomailbox.ch Signed-off-by: David S. Miller davem@davemloft.net
commit baceced93274ff2f846eae991664f9094425ffa8 Author: Ben Hutchings ben@decadent.org.uk Date: Sun Jun 26 11:16:11 2016 +0200
batman-adv: Fix double-put of vlan object
Each batadv_tt_local_entry hold a single reference to a batadv_softif_vlan. In case a new entry cannot be added to the hash table, the error path puts the reference, but the reference will also now be dropped by batadv_tt_local_entry_release().
Fixes: a33d970d0b54 ("batman-adv: Fix reference counting of vlan object for tt_local_entry") Signed-off-by: Ben Hutchings ben@decadent.org.uk Signed-off-by: Marek Lindner mareklindner@neomailbox.ch Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: David S. Miller davem@davemloft.net
commit 9c4604a298e0a9807eaf2cd912d1ebf24d98fbeb Author: Sven Eckelmann sven@narfation.org Date: Sun Jun 26 11:16:10 2016 +0200
batman-adv: Fix use-after-free/double-free of tt_req_node
The tt_req_node is added and removed from a list inside a spinlock. But the locking is sometimes removed even when the object is still referenced and will be used later via this reference. For example batadv_send_tt_request can create a new tt_req_node (including add to a list) and later re-acquires the lock to remove it from the list and to free it. But at this time another context could have already removed this tt_req_node from the list and freed it.
CPU#0
batadv_batman_skb_recv from net_device 0 -> batadv_iv_ogm_receive -> batadv_iv_ogm_process -> batadv_iv_ogm_process_per_outif -> batadv_tvlv_ogm_receive -> batadv_tvlv_ogm_receive -> batadv_tvlv_containers_process -> batadv_tvlv_call_handler -> batadv_tt_tvlv_ogm_handler_v1 -> batadv_tt_update_orig -> batadv_send_tt_request -> batadv_tt_req_node_new spin_lock(...) allocates new tt_req_node and adds it to list spin_unlock(...) return tt_req_node
CPU#1
batadv_batman_skb_recv from net_device 1 -> batadv_recv_unicast_tvlv -> batadv_tvlv_containers_process -> batadv_tvlv_call_handler -> batadv_tt_tvlv_unicast_handler_v1 -> batadv_handle_tt_response spin_lock(...) tt_req_node gets removed from list and is freed spin_unlock(...)
CPU#0
<- returned to batadv_send_tt_request spin_lock(...) tt_req_node gets removed from list and is freed MEMORY CORRUPTION/SEGFAULT/... spin_unlock(...)
This can only be solved via reference counting to allow multiple contexts to handle the list manipulation while making sure that only the last context holding a reference will free the object.
Fixes: a73105b8d4c7 ("batman-adv: improved client announcement mechanism") Signed-off-by: Sven Eckelmann sven@narfation.org Tested-by: Martin Weinelt martin@darmstadt.freifunk.net Tested-by: Amadeus Alfa amadeus@chemnitz.freifunk.net Signed-off-by: Marek Lindner mareklindner@neomailbox.ch Signed-off-by: David S. Miller davem@davemloft.net
commit 0b3dd7dfb81ad8af53791ea2bb64b83bac1b7d32 Author: Simon Wunderlich sw@simonwunderlich.de Date: Sun Jun 26 11:16:09 2016 +0200
batman-adv: replace WARN with rate limited output on non-existing VLAN
If a VLAN tagged frame is received and the corresponding VLAN is not configured on the soft interface, it will splat a WARN on every packet received. This is a quite annoying behaviour for some scenarios, e.g. if bat0 is bridged with eth0, and there are arbitrary VLAN tagged frames from Ethernet coming in without having any VLAN configuration on bat0.
The code should probably create vlan objects on the fly and transparently transport these VLAN-tagged Ethernet frames, but until this is done, at least the WARN splat should be replaced by a rate limited output.
Fixes: 354136bcc3c4 ("batman-adv: fix kernel crash due to missing NULL checks") Signed-off-by: Simon Wunderlich sw@simonwunderlich.de Signed-off-by: Marek Lindner mareklindner@neomailbox.ch Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: David S. Miller davem@davemloft.net
commit 69fc58a57e56bf5e39b48809aefffdaa1b04c945 Author: Florian Fainelli f.fainelli@gmail.com Date: Fri Jun 24 16:25:24 2016 -0700
net: phy: Manage fixed PHY address space using IDA
If we have a system which uses fixed PHY devices and calls fixed_phy_register() then fixed_phy_unregister() we can exhaust the number of fixed PHYs available after a while, since we keep incrementing the variable phy_fixed_addr, but we never decrement it.
This patch fixes that by converting the fixed PHY allocation to using IDA, which takes care of the allocation/dealloaction of the PHY addresses for us.
Fixes: a75951217472 ("net: phy: extend fixed driver with fixed_phy_register()") Signed-off-by: Florian Fainelli f.fainelli@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit 9a0fee2b552b1235fb1706ae1fc664ae74573be8 Author: Willem de Bruijn willemb@google.com Date: Fri Jun 24 16:02:35 2016 -0400
sock_diag: do not broadcast raw socket destruction
Diag intends to broadcast tcp_sk and udp_sk socket destruction. Testing sk->sk_protocol for IPPROTO_TCP/IPPROTO_UDP alone is not sufficient for this. Raw sockets can have the same type.
Add a test for sk->sk_type.
Fixes: eb4cb008529c ("sock_diag: define destruction multicast groups") Signed-off-by: Willem de Bruijn willemb@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit ab8ed951080e8f59b1da4ea10ac7c05ba24a3cbd Author: Aaron Campbell aaron@monkey.org Date: Fri Jun 24 10:05:32 2016 -0300
connector: fix out-of-order cn_proc netlink message delivery
The proc connector messages include a sequence number, allowing userspace programs to detect lost messages. However, performing this detection is currently more difficult than necessary, since netlink messages can be delivered to the application out-of-order. To fix this, leave pre-emption disabled during cn_netlink_send(), and use GFP_NOWAIT.
The following was written as a test case. Building the kernel w/ make -j32 proved a reliable way to generate out-of-order cn_proc messages.
int main(int argc, char *argv[]) { static uint32_t last_seq[CPU_SETSIZE], seq; int cpu, fd; struct sockaddr_nl sa; struct __attribute__((aligned(NLMSG_ALIGNTO))) { struct nlmsghdr nl_hdr; struct __attribute__((__packed__)) { struct cn_msg cn_msg; struct proc_event cn_proc; }; } rmsg; struct __attribute__((aligned(NLMSG_ALIGNTO))) { struct nlmsghdr nl_hdr; struct __attribute__((__packed__)) { struct cn_msg cn_msg; enum proc_cn_mcast_op cn_mcast; }; } smsg;
fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); if (fd < 0) { perror("socket"); }
sa.nl_family = AF_NETLINK; sa.nl_groups = CN_IDX_PROC; sa.nl_pid = getpid(); if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { perror("bind"); }
memset(&smsg, 0, sizeof(smsg)); smsg.nl_hdr.nlmsg_len = sizeof(smsg); smsg.nl_hdr.nlmsg_pid = getpid(); smsg.nl_hdr.nlmsg_type = NLMSG_DONE; smsg.cn_msg.id.idx = CN_IDX_PROC; smsg.cn_msg.id.val = CN_VAL_PROC; smsg.cn_msg.len = sizeof(enum proc_cn_mcast_op); smsg.cn_mcast = PROC_CN_MCAST_LISTEN; if (send(fd, &smsg, sizeof(smsg), 0) != sizeof(smsg)) { perror("send"); }
while (recv(fd, &rmsg, sizeof(rmsg), 0) == sizeof(rmsg)) { cpu = rmsg.cn_proc.cpu; if (cpu < 0) { continue; } seq = rmsg.cn_msg.seq; if ((last_seq[cpu] != 0) && (seq != last_seq[cpu] + 1)) { printf("out-of-order seq=%d on cpu=%d\n", seq, cpu); } last_seq[cpu] = seq; }
/* NOTREACHED */
perror("recv");
return -1; }
Signed-off-by: Aaron Campbell aaron@monkey.org Signed-off-by: David S. Miller davem@davemloft.net
commit 0888d5f3c0f183ea6177355752ada433d370ac89 Author: daniel daniel@dd-wrt.com Date: Fri Jun 24 12:35:18 2016 +0200
Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
The bridge is falsly dropping ipv6 mulitcast packets if there is: 1. No ipv6 address assigned on the brigde. 2. No external mld querier present. 3. The internal querier enabled.
When the bridge fails to build mld queries, because it has no ipv6 address, it slilently returns, but keeps the local querier enabled. This specific case causes confusing packet loss.
Ipv6 multicast snooping can only work if: a) An external querier is present OR b) The bridge has an ipv6 address an is capable of sending own queries
Otherwise it has to forward/flood the ipv6 multicast traffic, because snooping cannot work.
This patch fixes the issue by adding a flag to the bridge struct that indicates that there is currently no ipv6 address assinged to the bridge and returns a false state for the local querier in __br_multicast_querier_exists().
Special thanks to Linus Lüssing.
Fixes: d1d81d4c3dd8 ("bridge: check return value of ipv6_dev_get_saddr()") Signed-off-by: Daniel Danzberger daniel@dd-wrt.com Acked-by: Linus Lüssing linus.luessing@c0d3.blue Signed-off-by: David S. Miller davem@davemloft.net
commit f299a02d5f13c4deb52c1a7ddf2b42630fe6294a Author: Wang Sheng-Hui shhuiw@foxmail.com Date: Fri Jun 24 08:52:11 2016 +0800
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
Commit 311c7c71c9bb ("net/mlx5e: Allocate DMA coherent memory on reader NUMA node") introduced mlx5_*_alloc_node() but missed changing some calling and warn messages. This patch introduces 2 changes: * Use mlx5_buf_alloc_node() instead of mlx5_buf_alloc() in mlx5_wq_ll_create() * Update the failure warn messages with _node postfix for mlx5_*_alloc function names
Fixes: 311c7c71c9bb ("net/mlx5e: Allocate DMA coherent memory on reader NUMA node") Signed-off-by: Wang Sheng-Hui shhuiw@foxmail.com Acked-By: Saeed Mahameed saeedm@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit d1b5a8da298bc15f67e16f18aa0812c35fe639a2 Merge: 0622cab 3894396 Author: David S. Miller davem@davemloft.net Date: Tue Jun 28 04:22:25 2016 -0400
Merge branch 'bgmac-fixes'
Florian Fainelli says:
==================== net: bgmac: Random fixes
This patch series fixes a few issues spotted by code inspection and actual testing. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 3894396e64994f31c3ef5c7e6f63dded0593e567 Author: Florian Fainelli f.fainelli@gmail.com Date: Thu Jun 23 14:25:33 2016 -0700
net: bgmac: Remove superflous netif_carrier_on()
bgmac_open() calls phy_start() to initialize the PHY state machine, which will set the interface's carrier state accordingly, no need to force that as this could be conflicting with the PHY state determined by PHYLIB.
Fixes: dd4544f05469 ("bgmac: driver for GBit MAC core on BCMA bus") Signed-off-by: Florian Fainelli f.fainelli@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit c3897f2a69e54dd113fc9abd2daf872e5b495798 Author: Florian Fainelli f.fainelli@gmail.com Date: Thu Jun 23 14:25:32 2016 -0700
net: bgmac: Start transmit queue in bgmac_open
The driver does not start the transmit queue in bgmac_open(). If the queue was stopped prior to closing then re-opening the interface, we would never be able to wake-up again.
Fixes: dd4544f05469 ("bgmac: driver for GBit MAC core on BCMA bus") Signed-off-by: Florian Fainelli f.fainelli@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit d2b13233879ca1268a1c027d4573109e5a777811 Author: Florian Fainelli f.fainelli@gmail.com Date: Thu Jun 23 14:23:12 2016 -0700
net: bgmac: Fix SOF bit checking
We are checking for the Start of Frame bit in the ctl1 word, while this bit is set in the ctl0 word instead. Read the ctl0 word and update the check to verify that.
Fixes: 9cde94506eac ("bgmac: implement scatter/gather support") Signed-off-by: Florian Fainelli f.fainelli@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit 0622cab0341cac6b30da177b0faa39fae0680e71 Author: Jay Vosburgh jay.vosburgh@canonical.com Date: Thu Jun 23 14:20:51 2016 -0700
bonding: fix 802.3ad aggregator reselection
Since commit 7bb11dc9f59d ("bonding: unify all places where actor-oper key needs to be updated."), the logic in bonding to handle selection between multiple aggregators has not functioned.
This affects only configurations wherein the bonding slaves connect to two discrete aggregators (e.g., two independent switches, each with LACP enabled), thus creating two separate aggregation groups within a single bond.
The cause is a change in 7bb11dc9f59d to no longer set AD_PORT_BEGIN on a port after a link state change, which would cause the port to be reselected for attachment to an aggregator as if were newly added to the bond. We cannot restore the prior behavior, as it contradicts IEEE 802.1AX 5.4.12, which requires ports that "become inoperable" (lose carrier, setting port_enabled=false as per 802.1AX 5.4.7) to remain selected (i.e., assigned to the aggregator). As the port now remains selected, the aggregator selection logic is not invoked.
A side effect of this change is that aggregators in bonding will now contain ports that are link down. The aggregator selection logic does not currently handle this situation correctly, causing incorrect aggregator selection.
This patch makes two changes to repair the aggregator selection logic in bonding to function as documented and within the confines of the standard:
First, the aggregator selection and related logic now utilizes the number of active ports per aggregator, not the number of selected ports (as some selected ports may be down). The ad_select "bandwidth" and "count" options only consider ports that are link up.
Second, on any carrier state change of any slave, the aggregator selection logic is explicitly called to insure the correct aggregator is active.
Reported-by: Veli-Matti Lintu veli-matti.lintu@opinsys.fi Fixes: 7bb11dc9f59d ("bonding: unify all places where actor-oper key needs to be updated.") Signed-off-by: Jay Vosburgh jay.vosburgh@canonical.com Signed-off-by: David S. Miller davem@davemloft.net
commit 70a0dec45174c976c64b4c8c1d0898581f759948 Author: Tom Goff thomas.goff@ll.mit.edu Date: Thu Jun 23 16:11:57 2016 -0400
ipmr/ip6mr: Initialize the last assert time of mfc entries.
This fixes wrong-interface signaling on 32-bit platforms for entries created when jiffies > 2^31 + MFC_ASSERT_THRESH.
Signed-off-by: Tom Goff thomas.goff@ll.mit.edu Signed-off-by: David S. Miller davem@davemloft.net
commit 4192f672fae559f32d82de72a677701853cc98a7 Author: Stefan Hajnoczi stefanha@redhat.com Date: Thu Jun 23 16:28:58 2016 +0100
vsock: make listener child lock ordering explicit
There are several places where the listener and pending or accept queue child sockets are accessed at the same time. Lockdep is unhappy that two locks from the same class are held.
Tell lockdep that it is safe and document the lock ordering.
Originally Claudio Imbrenda imbrenda@linux.vnet.ibm.com sent a similar patch asking whether this is safe. I have audited the code and also covered the vsock_pending_work() function.
Suggested-by: Claudio Imbrenda imbrenda@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi stefanha@redhat.com Signed-off-by: David S. Miller davem@davemloft.net
commit 48f1dcb55a7d29aeb8965c567660c14d0dfd1a42 Author: Paolo Abeni pabeni@redhat.com Date: Thu Jun 23 15:25:09 2016 +0200
ipv6: enforce egress device match in per table nexthop lookups
with the commit 8c14586fc320 ("net: ipv6: Use passed in table for nexthop lookups"), net hop lookup is first performed on route creation in the passed-in table. However device match is not enforced in table lookup, so the found route can be later discarded due to egress device mismatch and no global lookup will be performed. This cause the following to fail:
ip link add dummy1 type dummy ip link add dummy2 type dummy ip link set dummy1 up ip link set dummy2 up ip route add 2001:db8:8086::/48 dev dummy1 metric 20 ip route add 2001:db8:d34d::/64 via 2001:db8:8086::2 dev dummy1 metric 20 ip route add 2001:db8:8086::/48 dev dummy2 metric 21 ip route add 2001:db8:d34d::/64 via 2001:db8:8086::2 dev dummy2 metric 21 RTNETLINK answers: No route to host
This change fixes the issue enforcing device lookup in ip6_nh_lookup_table()
v1->v2: updated commit message title
Fixes: 8c14586fc320 ("net: ipv6: Use passed in table for nexthop lookups") Reported-and-tested-by: Beniamino Galvani bgalvani@redhat.com Signed-off-by: Paolo Abeni pabeni@redhat.com Acked-by: David Ahern dsa@cumulusnetworks.com Signed-off-by: David S. Miller davem@davemloft.net
commit 5aa3e24928bb95ddb159c5949f1c09493e9e8505 Merge: a37503b 71873a9 Author: David S. Miller davem@davemloft.net Date: Mon Jun 27 10:05:55 2016 -0400
Merge tag 'linux-can-fixes-for-4.7-20160623' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
==================== pull-request: can 2016-06-23
this is a pull request of 3 patches for the upcoming linux-4.7 release.
The first two patches are by Oliver Hartkopp fixing oopes in the generic CAN device netlink handling. Jimmy Assarsson's patch for the kvaser_usb driver adds support for more devices by adding their USB product ids. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit a37503bc387ce2434106d4bf4870bd73081c7355 Author: Jeremy Linton jeremy.linton@arm.com Date: Wed Jun 22 12:40:50 2016 -0500
net: smsc911x: Fix bug where PHY interrupts are overwritten by 0
By default, mdiobus_alloc() sets the PHYs to polling mode, but a pointer size memcpy means that a couple IRQs end up being overwritten with a value of 0. This means that PHY_POLL is disabled and results in unpredictable behavior depending on the PHY's location on the MDIO bus. Remove that memcpy and the now unused phy_irq member to force the SMSC911x PHYs into polling mode 100% of the time.
Fixes: e7f4dc3536a4 ("mdio: Move allocation of interrupts into core") Signed-off-by: Jeremy Linton jeremy.linton@arm.com Reviewed-by: Andrew Lunn andrew@lunn.ch Acked-by: Sergei Shtylyov sergei.shtylyov@cogentembedded.com Signed-off-by: David S. Miller davem@davemloft.net
commit c40e4096bf0a12a76c349cbc4d1b2aa40a3d68cd Author: Or Gerlitz ogerlitz@mellanox.com Date: Tue Jun 21 16:36:06 2016 +0300
MAINTAINERS: Update Mellanox's mlx4 Eth NIC driver entry
Tariq Toukan is replacing Eugenia (Jenny) Emantayev as the mlx4 Ethernet driver maintainer, thanks to Jenny and good luck to him.
Signed-off-by: Or Gerlitz ogerlitz@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 00e8cb00bc72f5279fde9d014b47f36dc4805dd8 Merge: efeb226 034fdd4 Author: David S. Miller davem@davemloft.net Date: Thu Jun 23 15:22:31 2016 -0400
Merge tag 'wireless-drivers-for-davem-2016-06-21' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
==================== wireless-drivers fixes for 4.7
iwlwifi
* fix the scan timeout for long scans * fix an RCU splat caused when updating the TKIP key * fix a potential NULL-derefence introduced recently * fix a IGTK key bug that has existed since the MVM driver was introduced * fix some fw capabilities checks that got accidentally inverted
rtl8xxxu
* fix typo on variable name
ath10k
* fix deadlock when peer cannot be created * fix crash related to printing features * fix deadlock while processing rx_in_ord_ind
ath9k
* fix GPIO mask regression for AR9462 and AR9565 ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit efeb2267bba8aa893afdadfc9bae4790777c600c Author: Haishuang Yan yanhaishuang@cmss.chinamobile.com Date: Tue Jun 21 16:26:49 2016 +0800
geneve: fix tx_errors statistics
Tx errors present summation of errors encountered while transmitting packets.
Signed-off-by: Haishuang Yan yanhaishuang@cmss.chinamobile.com Signed-off-by: David S. Miller davem@davemloft.net
commit 52fe705b493d40b472b9e7220a71bdca8537c6b2 Author: Chris Packham chris.packham@alliedtelesis.co.nz Date: Tue Jun 21 15:39:43 2016 +1200
net: vrf: replace hard tab with space in assignment
The assignment of rth->dst.output in vrf_rt6_create() and vrf_rtable_create() used a hard tab before the '='. The neighboring assignments did not. Make the assignment of rth->dst.output consistent with the surrounding code.
Signed-off-by: Chris Packham chris.packham@alliedtelesis.co.nz Acked-by: David Ahern dsa@cumulusnetworks.com Signed-off-by: David S. Miller davem@davemloft.net
commit 21de12ee5568fd1aec47890c72967abf791ac80a Author: Eric Dumazet edumazet@google.com Date: Mon Jun 20 15:00:43 2016 -0700
netem: fix a use after free
If the packet was dropped by lower qdisc, then we must not access it later.
Save qdisc_pkt_len(skb) in a temp variable.
Fixes: 2ccccf5fb43f ("net_sched: update hierarchical backlog too") Signed-off-by: Eric Dumazet edumazet@google.com Cc: WANG Cong xiyou.wangcong@gmail.com Cc: Jamal Hadi Salim jhs@mojatatu.com Cc: Stephen Hemminger stephen@networkplumber.org Signed-off-by: David S. Miller davem@davemloft.net
commit 817e9f2c5c262b2716f5d77020d118ad53315f3e Author: WANG Cong xiyou.wangcong@gmail.com Date: Mon Jun 20 13:37:19 2016 -0700
act_ife: acquire ife_mod_lock before reading ifeoplist
Cc: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: Cong Wang xiyou.wangcong@gmail.com Acked-by: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: David S. Miller davem@davemloft.net
commit 067a7cd06f7bf860f2e3415394b065b9a0983802 Author: WANG Cong xiyou.wangcong@gmail.com Date: Mon Jun 20 13:37:18 2016 -0700
act_ife: only acquire tcf_lock for existing actions
Alexey reported that we have GFP_KERNEL allocation when holding the spinlock tcf_lock. Actually we don't have to take that spinlock for all the cases, especially for the new one we just create. To modify the existing actions, we still need this spinlock to make sure the whole update is atomic.
For net-next, we can get rid of this spinlock because we already hold the RTNL lock on slow path, and on fast path we can use RCU to protect the metalist.
Joint work with Jamal.
Reported-by: Alexey Khoroshilov khoroshilov@ispras.ru Cc: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: Cong Wang xiyou.wangcong@gmail.com Acked-by: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: David S. Miller davem@davemloft.net
commit 962fcef33b03395051367181a0549d29d109d9a4 Author: Herbert Xu herbert@gondor.apana.org.au Date: Sat Jun 18 13:03:36 2016 +0800
esp: Fix ESN generation under UDP encapsulation
Blair Steven noticed that ESN in conjunction with UDP encapsulation is broken because we set the temporary ESP header to the wrong spot.
This patch fixes this by first of all using the right spot, i.e., 4 bytes off the real ESP header, and then saving this information so that after encryption we can restore it properly.
Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface") Reported-by: Blair Steven Blair.Steven@alliedtelesis.co.nz Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Acked-by: Steffen Klassert steffen.klassert@secunet.com Signed-off-by: David S. Miller davem@davemloft.net
commit 71873a9b38d1cc6c93e2962149a7bb7272a7cb66 Author: Jimmy Assarsson jimmyassarsson@gmail.com Date: Thu Jun 23 07:57:21 2016 +0200
can: kvaser_usb: Add support for more Kvaser Leaf v2 devices
This patch adds support for Kvaser Leaf Light HS v2 OEM, Mini PCI Express 2xHS and USBcan Light 2xHS.
Signed-off-by: Jimmy Assarsson jimmyassarsson@gmail.com Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit 25e1ed6e64f52a692ba3191c4fde650aab3ecc07 Author: Oliver Hartkopp socketcan@hartkopp.net Date: Tue Jun 21 15:45:47 2016 +0200
can: fix oops caused by wrong rtnl dellink usage
For 'real' hardware CAN devices the netlink interface is used to set CAN specific communication parameters. Real CAN hardware can not be created nor removed with the ip tool ...
This patch adds a private dellink function for the CAN device driver interface that does just nothing.
It's a follow up to commit 993e6f2fd ("can: fix oops caused by wrong rtnl newlink usage") but for dellink.
Reported-by: ajneu ajneu1@gmail.com Signed-off-by: Oliver Hartkopp socketcan@hartkopp.net Cc: stable@vger.kernel.org Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit bce271f255dae8335dc4d2ee2c4531e09cc67f5a Author: Oliver Hartkopp socketcan@hartkopp.net Date: Tue Jun 21 12:14:07 2016 +0200
can: fix handling of unmodifiable configuration options fix
With upstream commit bb208f144cf3f59 (can: fix handling of unmodifiable configuration options) a new can_validate() function was introduced.
When invoking 'ip link set can0 type can' without any configuration data can_validate() tries to validate the content without taking into account that there's totally no content. This patch adds a check for missing content.
Reported-by: ajneu ajneu1@gmail.com Signed-off-by: Oliver Hartkopp socketcan@hartkopp.net Cc: stable@vger.kernel.org Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit acd43fe85b2d1dbad55ce211b8817e6d6687246f Merge: 27777da 9d76931 Author: David S. Miller davem@davemloft.net Date: Wed Jun 22 16:38:17 2016 -0400
Merge branch 'mlx4-fixes'
Tariq Toukan says:
==================== mlx4_en fixes for 4.7-rc
This small patchset includes two small fixes for mlx4_en driver.
One allows a clean shutdown even when clients do not release their netdev reference. The other adds error return values to the VLAN VID add/kill functions. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 9d76931180557270796f9631e2c79b9c7bb3c9fb Author: Eran Ben Elisha eranbe@mellanox.com Date: Tue Jun 21 14:20:03 2016 +0300
net/mlx4_en: Avoid unregister_netdev at shutdown flow
This allows a clean shutdown, even if some netdev clients do not release their reference from this netdev. It is enough to release the HW resources only as the kernel is shutting down.
Fixes: 2ba5fbd62b25 ('net/mlx4_core: Handle AER flow properly') Signed-off-by: Eran Ben Elisha eranbe@mellanox.com Signed-off-by: Tariq Toukan tariqt@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 93c098af09455ea7bdc6f0f6b08f6ac14fa06cf4 Author: Kamal Heib kamalh@mellanox.com Date: Tue Jun 21 14:20:02 2016 +0300
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
Modify mlx4_en_vlan_rx_[add/kill]_vid to return error value in case of failure.
Fixes: 8e586137e6b6 ('net: make vlan ndo_vlan_rx_[add/kill]_vid return error value') Signed-off-by: Kamal Heib kamalh@mellanox.com Signed-off-by: Tariq Toukan tariqt@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 27777daa8b6df0c19aaf591d1536a586b3eb5e36 Author: Jon Paul Maloy jon.maloy@ericsson.com Date: Mon Jun 20 09:20:46 2016 -0400
tipc: unclone unbundled buffers before forwarding
When extracting an individual message from a received "bundle" buffer, we just create a clone of the base buffer, and adjust it to point into the right position of the linearized data area of the latter. This works well for regular message reception, but during periods of extremely high load it may happen that an extracted buffer, e.g, a connection probe, is reversed and forwarded through an external interface while the preceding extracted message is still unhandled. When this happens, the header or data area of the preceding message will be partially overwritten by a MAC header, leading to unpredicatable consequences, such as a link reset.
We now fix this by ensuring that the msg_reverse() function never returns a cloned buffer, and that the returned buffer always contains sufficient valid head and tail room to be forwarded.
Reported-by: Erik Hugne erik.hugne@gmail.com Acked-by: Ying Xue ying.xue@windriver.com Signed-off-by: Jon Maloy jon.maloy@ericsson.com Signed-off-by: David S. Miller davem@davemloft.net
commit d19af0a76444fde629667ecb823c0ee28f9f67d8 Author: Jiri Slaby jslaby@suse.cz Date: Mon Jun 20 11:36:28 2016 +0200
kcm: fix /proc memory leak
Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by kmemleak: unreferenced object 0xffff88059c0e3458 (size 192): comm "cat", pid 1401, jiffies 4294935742 (age 310.720s) hex dump (first 32 bytes): 28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00 (Eq............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8156a2de>] kmem_cache_alloc_trace+0x16e/0x230 [<ffffffff8162a479>] seq_open+0x79/0x1d0 [<ffffffffa0578510>] kcm_seq_open+0x0/0x30 [kcm] [<ffffffff8162a479>] seq_open+0x79/0x1d0 [<ffffffff8162a8cf>] __seq_open_private+0x2f/0xa0 [<ffffffff81712548>] seq_open_net+0x38/0xa0 ...
It is caused by a missing free in the ->release path. So fix it by providing seq_release_net as the ->release method.
Signed-off-by: Jiri Slaby jslaby@suse.cz Fixes: cd6e111bf5 (kcm: Add statistics and proc interfaces) Cc: "David S. Miller" davem@davemloft.net Cc: Tom Herbert tom@herbertland.com Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller davem@davemloft.net
commit 942f64c4c2be19a1b4a0c4295182b42d153899bf Author: Ido Schimmel idosch@mellanox.com Date: Mon Jun 20 11:53:20 2016 +0300
team: Fix possible deadlock during team enslave
Both dev_uc_sync_multiple() and dev_mc_sync_multiple() require the source device to be locked by netif_addr_lock_bh(), but this is missing in team's enslave function, so add it.
This fixes the following lockdep warning:
Possible interrupt unsafe locking scenario:
CPU0 CPU1 ---- ---- lock(_xmit_ETHER/1); local_irq_disable(); lock(&(&mc->mca_lock)->rlock); lock(&team_netdev_addr_lock_key); <Interrupt> lock(&(&mc->mca_lock)->rlock);
*** DEADLOCK ***
Fixes: cb41c997d444 ("team: team should sync the port's uc/mc addrs when add a port") Signed-off-by: Jiri Pirko jiri@mellanox.com Signed-off-by: Ido Schimmel idosch@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 6b65ca06e1af38ea90074a47fcb5748ee9309b94 Merge: ab522fd f155d9c Author: David S. Miller davem@davemloft.net Date: Wed Jun 22 16:29:17 2016 -0400
Merge tag 'linux-can-fixes-for-4.7-20160620' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
==================== pull-request: can 2016-06-20
this is a pull request of 3 patches for the upcoming linux-4.7 release.
The first patch is by Thor Thayer for the c_can/d_can driver. It fixes the registar access on Altera Cyclone devices, which caused CAN frames to have 0x0 in the first two bytes incorrectly. Wolfgang Grandegger's patch for the at91 driver fixes a hanging driver under high bus load situations. A patch for the gs_usb driver by Maximilian Schneider adds support for the bytewerk.org candleLight interface. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit f155d9c0a138463c3c9380d35e54e433c1477336 Author: Maximilian Schneider max@schneidersoft.net Date: Wed Jun 8 18:00:26 2016 +0000
can: gs_usb: Add Basic support for the bytewerk.org candleLight interface
This patchs adds basic support for the bytewerk.org candleLight interface, a open hardware (CERN OHL) USB CAN adapter.
Signed-off-by: Hubert Denkmair hubert@denkmair.de Signed-off-by: Maximilian Schneider max@schneidersoft.net Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit 43200a4480cbbe660309621817f54cbb93907108 Author: Wolfgang Grandegger wg@grandegger.com Date: Mon Jun 13 15:44:19 2016 +0200
can: at91_can: RX queue could get stuck at high bus load
At high bus load it could happen that "at91_poll()" enters with all RX message boxes filled up. If then at the end the "quota" is exceeded as well, "rx_next" will not be reset to the first RX mailbox and hence the interrupts remain disabled.
Signed-off-by: Wolfgang Grandegger wg@grandegger.com Tested-by: Amr Bekhit amrbekhit@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit 427460c83cdf55069eee49799a0caef7dde8df69 Author: Thor Thayer tthayer@opensource.altera.com Date: Thu Jun 16 11:10:19 2016 -0500
can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone access
When testing CAN write floods on Altera's CycloneV, the first 2 bytes are sometimes 0x00, 0x00 or corrupted instead of the values sent. Also observed bytes 4 & 5 were corrupted in some cases.
The D_CAN Data registers are 32 bits and changing from 16 bit writes to 32 bit writes fixes the problem.
Testing performed on Altera CycloneV (D_CAN). Requesting tests on other C_CAN & D_CAN platforms.
Reported-by: Richard Andrysek richard.andrysek@gomtec.de Signed-off-by: Thor Thayer tthayer@opensource.altera.com Cc: stable@vger.kernel.org Signed-off-by: Marc Kleine-Budde mkl@pengutronix.de
commit ab522fd68bc78f3f81f6c553f785dae3462859fa Merge: 5c3da57 b639f19 Author: David S. Miller davem@davemloft.net Date: Sun Jun 19 10:47:33 2016 -0700
Merge branch 'qed-fixes'
Yuval Mintz says:
==================== qed*: Fixes series
This series contains several small fixes to driver behavior [4th patch is the only one containing a 'fatal' fix, but the error is only theoretical for qede; if would require another protocol driver yet unsubmitted to reach it]. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit b639f197210d37905a6018ae4297659eb3f48f8f Author: Yuval Mintz Yuval.Mintz@qlogic.com Date: Sun Jun 19 15:18:15 2016 +0300
qed: Add missing port-mode
The 'MODULE_FIBER' value replaced several other FIBER values in newer management firmware images, so existing code would fail to properly reflect its mode.
Signed-off-by: Yuval Mintz Yuval.Mintz@qlogic.com Signed-off-by: David S. Miller davem@davemloft.net
commit db511c37d4eb2b4e7312791eb8f9b34ed867445e Author: Yuval Mintz Yuval.Mintz@qlogic.com Date: Sun Jun 19 15:18:14 2016 +0300
qed: Fix returning unlimited SPQ entries
Driver has 2 sets of entries for handling ramrod configurations toward firmware - a regular pre-allocated set of entires and a possible 'unlimited' list of additional pending entries.
In most scenarios the 'unlimited' list would not be used, but when it does the handling of the ramrod completion doesn't properly handle the release of the entry.
Signed-off-by: Yuval Mintz Yuval.Mintz@qlogic.com Signed-off-by: David S. Miller davem@davemloft.net
commit a0d26d5a4fc8e13993279f788deeb08069e73b69 Author: Yuval Mintz Yuval.Mintz@qlogic.com Date: Sun Jun 19 15:18:13 2016 +0300
qed*: Don't reset statistics on inner reload
Several user APIs can cause driver to perform an inner-reload. Currently, doing this would cause the HW/FW statistics of the adapter to reset, which isn't the expected behavior [statistics should only reset on explicit unloads].
Signed-off-by: Yuval Mintz Yuval.Mintz@qlogic.com Signed-off-by: David S. Miller davem@davemloft.net
commit 326439883e17fca029f4ed05307480bdb6369877 Author: Yuval Mintz Yuval.Mintz@qlogic.com Date: Sun Jun 19 15:18:12 2016 +0300
qed: Prevent VF from Tx-switching 'promisc'
Internal loopback in driver is based on two things - first is the willingness of transmitter to use it [in case of VFs, this can be forced based on VEPA/VEB] and secondly on another vport classification configuration which should match the packet's destination.
Current code allows non-linux VFs to configure a 'promisc' mode on Tx, meaning all traffic sent by VF would be loopbacked internally by firmware; This isn't considered a valid mode and as such should be prevented by PF.
Signed-off-by: Yuval Mintz Yuval.Mintz@qlogic.com Signed-off-by: David S. Miller davem@davemloft.net
commit e6bd89232b4a4c9282da1ac8bdd798c2a30d9a46 Author: Yuval Mintz Yuval.Mintz@qlogic.com Date: Sun Jun 19 15:18:11 2016 +0300
qed: Correct default vlan behavior
When no vlan filter is configured, firmware has a configurable default on whether to pass only untagged packets or all packets regardless of their tagging. Driver currently doesn't set this field in the necessary ramrod, causing the default to always be 'receive all'.
Signed-off-by: Yuval Mintz Yuval.Mintz@qlogic.com Signed-off-by: David S. Miller davem@davemloft.net
commit 5c3da57d70f1ef1d9b60900b84a74d77a9cf0774 Author: Joshua Houghton josh@awful.name Date: Sat Jun 18 15:46:31 2016 +0000
net: rds: fix coding style issues
Fix coding style issues in the following files:
ib_cm.c: add space loop.c: convert spaces to tabs sysctl.c: add space tcp.h: convert spaces to tabs tcp_connect.c:remove extra indentation in switch statement tcp_recv.c: convert spaces to tabs tcp_send.c: convert spaces to tabs transport.c: move brace up one line on for statement
Signed-off-by: Joshua Houghton josh@awful.name Acked-by: Santosh Shilimkar santosh.shilimkar@oracle.com Signed-off-by: David S. Miller davem@davemloft.net
commit 4a7d99ea1b27734558feb6833f180cd38a159940 Author: Basil Gunn basil@pacabunga.com Date: Thu Jun 16 09:42:30 2016 -0700
AX.25: Close socket connection on session completion
A socket connection made in ax.25 is not closed when session is completed. The heartbeat timer is stopped prematurely and this is where the socket gets closed. Allow heatbeat timer to run to close socket. Symptom occurs in kernels >= 4.2.0
Originally sent 6/15/2016. Resend with distribution list matching scripts/maintainer.pl output.
Signed-off-by: Basil Gunn basil@pacabunga.com Signed-off-by: David S. Miller davem@davemloft.net
commit 3bb549ae4c51028c1930528ae9fcd6eca0474724 Author: Sowmini Varadhan sowmini.varadhan@oracle.com Date: Fri Jun 17 16:12:12 2016 -0400
RDS: TCP: rds_tcp_accept_one() should transition socket from RESETTING to UP
The state of the rds_connection after rds_tcp_reset_callbacks() would be RDS_CONN_RESETTING and this is the value that should be passed by rds_tcp_accept_one() to rds_connect_path_complete() to transition the socket to RDS_CONN_UP.
Fixes: b5c21c0947c1 ("RDS: TCP: fix race windows in send-path quiescence by rds_tcp_accept_one()") Signed-off-by: Sowmini Varadhan sowmini.varadhan@oracle.com Acked-by: Santosh Shilimkar santosh.shilimkar@oracle.com Signed-off-by: David S. Miller davem@davemloft.net
commit a9836cbb5fc885d3b8f3b91b2d47525f7269dec1 Author: Arnd Bergmann arnd@arndb.de Date: Fri Jun 17 18:15:30 2016 +0200
net: tilegx: use correct timespec64 type
The conversion to the 64-bit time based ptp methods left two instances of 'struct timespec' in place. This is harmless because 64-bit architectures define timespec64 as timespec, and this driver is not used on 32-bit machines.
However, using 'struct timespec64' directly is obviously the right thing to do, and will help us remove 'struct timespec' in the future.
Signed-off-by: Arnd Bergmann arnd@arndb.de Fixes: b9acf24f779c ("ptp: tilegx: convert to the 64 bit get/set time methods.") Acked-by: Richard Cochran richardcochran@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit b47ac27a1dbebc559156f92a0807dc957bb12731 Merge: f1d048f 4e239fa Author: David S. Miller davem@davemloft.net Date: Fri Jun 17 21:57:54 2016 -0700
Merge branch 'mlxsw-fixes'
Jiri Pirko says:
==================== mlxsw: couple of fixes
Couple of slowpath tx stats fixes for Spectrum and SwitchX-2. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 4e239fac7c6b9d703e83c81b52ec9fec00c50129 Author: Nogah Frankel nogahf@mellanox.com Date: Fri Jun 17 15:09:06 2016 +0200
mlxsw: switchx2: Don't count internal TX header bytes to stats
Stop the SW TX counter from counting the TX header bytes since they are not being sent out.
Fixes: e577516b9db3 ("mlxsw: Fix use-after-free bug in mlxsw_sx_port_xmit") Signed-off-by: Nogah Frankel nogahf@mellanox.com Reviewed-by: Ido Schimmel idosch@mellanox.com Signed-off-by: Jiri Pirko jiri@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 63dcdd35c1552ca0c911e98ba3389a0729a457f4 Author: Nogah Frankel nogahf@mellanox.com Date: Fri Jun 17 15:09:05 2016 +0200
mlxsw: spectrum: Don't count internal TX header bytes to stats
Stop the SW TX counter from counting the TX header bytes since they are not being sent out.
Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC") Reviewed-by: Ido Schimmel idosch@mellanox.com Signed-off-by: Nogah Frankel nogahf@mellanox.com Signed-off-by: Jiri Pirko jiri@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit f1d048f24e66ba85d3dabf3d076cefa5f2b546b0 Author: Jon Paul Maloy jon.maloy@ericsson.com Date: Fri Jun 17 06:35:57 2016 -0400
tipc: fix socket timer deadlock
We sometimes observe a 'deadly embrace' type deadlock occurring between mutually connected sockets on the same node. This happens when the one-hour peer supervision timers happen to expire simultaneously in both sockets.
The scenario is as follows:
CPU 1: CPU 2: -------- -------- tipc_sk_timeout(sk1) tipc_sk_timeout(sk2) lock(sk1.slock) lock(sk2.slock) msg_create(probe) msg_create(probe) unlock(sk1.slock) unlock(sk2.slock) tipc_node_xmit_skb() tipc_node_xmit_skb() tipc_node_xmit() tipc_node_xmit() tipc_sk_rcv(sk2) tipc_sk_rcv(sk1) lock(sk2.slock) lock((sk1.slock) filter_rcv() filter_rcv() tipc_sk_proto_rcv() tipc_sk_proto_rcv() msg_create(probe_rsp) msg_create(probe_rsp) tipc_sk_respond() tipc_sk_respond() tipc_node_xmit_skb() tipc_node_xmit_skb() tipc_node_xmit() tipc_node_xmit() tipc_sk_rcv(sk1) tipc_sk_rcv(sk2) lock((sk1.slock) lock((sk2.slock) ===> DEADLOCK ===> DEADLOCK
Further analysis reveals that there are three different locations in the socket code where tipc_sk_respond() is called within the context of the socket lock, with ensuing risk of similar deadlocks.
We now solve this by passing a buffer queue along with all upcalls where sk_lock.slock may potentially be held. Response or rejected message buffers are accumulated into this queue instead of being sent out directly, and only sent once we know we are safely outside the slock context.
Reported-by: GUNA gbalasun@gmail.com Acked-by: Ying Xue ying.xue@windriver.com Signed-off-by: Jon Maloy jon.maloy@ericsson.com Signed-off-by: David S. Miller davem@davemloft.net
commit 695ef16cd0510f3bc963967fd73a360989fe4ebf Merge: ce449ba 1463847 Author: David S. Miller davem@davemloft.net Date: Fri Jun 17 19:50:04 2016 -0700
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
==================== Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree, they are rather small patches but fixing several outstanding bugs in nf_conntrack and nf_tables, as well as minor problems with missing SYNPROXY header uapi installation:
1) Oneliner not to leak conntrack kmemcache on module removal, this problem was introduced in the previous merge window, patch from Florian Westphal.
2) Two fixes for insufficient ruleset loop validation, one due to incorrect flag check in nf_tables_bind_set() and another related to silly wrong generation mask logic from the walk path, from Liping Zhang.
3) Fix double-free of anonymous sets on error, this fix simplifies the code to let the abort path take care of releasing the set object, also from Liping Zhang.
4) The introduction of helper function for transactions broke the skip inactive rules logic from the nft_do_chain(), again from Liping Zhang.
5) Two patches to install uapi xt_SYNPROXY.h header and calm down kbuild robot due to missing #include <linux/types.h>. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 1463847e93fe693e89c52b03ab4ede6800d717c1 Author: Pablo Neira Ayuso pablo@netfilter.org Date: Fri Jun 17 12:54:18 2016 +0200
netfilter: xt_SYNPROXY: include missing <linux/types.h>
./usr/include/linux/netfilter/xt_SYNPROXY.h:11: found __[us]{8,16,32,64} type without #include <linux/types.h>
Reported-by: kbuild test robot lkp@intel.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit 8f45927c3cae4db85887700e5415286f766cbaf9 Author: Pablo Neira Ayuso pablo@netfilter.org Date: Fri Jun 17 12:54:18 2016 +0200
netfilter: xt_SYNPROXY: add missing header to Kbuild
Matt Whitlock says:
Without this line, the file xt_SYNPROXY.h does not get installed in /usr/include/linux/netfilter/, and thus user-space programs cannot make use of it.
Reported-by: Matt Whitlock kernel@mattwhitlock.name Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit ce449ba77a2271dce9771fb1f3eb37e4be6a8b81 Author: Jakub Kicinski jakub.kicinski@netronome.com Date: Thu Jun 16 14:42:50 2016 +0100
nfp: use correct index to mask link state irq
We were using an incorrect define to get the irq vector number. NFP_NET_CFG_LSC is a control BAR offset, LSC interrupt vector index is called NFP_NET_IRQ_LSC_IDX. For machines with less than 30 CPUs this meant that we were disabling/enabling IRQ 0. For bigger hosts we were just playing with the 31st RX/TX interrupt.
Fixes: 0ba40af963f0 ("nfp: move link state interrupt request/free calls") Signed-off-by: Jakub Kicinski jakub.kicinski@netronome.com Signed-off-by: David S. Miller davem@davemloft.net
commit d5d8760b78d0cfafe292f965f599988138b06a70 Author: Simon Horman simon.horman@netronome.com Date: Thu Jun 16 17:06:19 2016 +0900
sit: correct IP protocol used in ipip6_err
Since 32b8a8e59c9c ("sit: add IPv4 over IPv4 support") ipip6_err() may be called for packets whose IP protocol is IPPROTO_IPIP as well as those whose IP protocol is IPPROTO_IPV6.
In the case of IPPROTO_IPIP packets the correct protocol value is not passed to ipv4_update_pmtu() or ipv4_redirect().
This patch resolves this problem by using the IP protocol of the packet rather than a hard-coded value. This appears to be consistent with the usage of the protocol of a packet by icmp_socket_deliver() the caller of ipip6_err().
I was able to exercise the redirect case by using a setup where an ICMP redirect was received for the destination of the encapsulated packet. However, it appears that although incorrect the protocol field is not used in this case and thus no problem manifests. On inspection it does not appear that a problem will manifest in the fragmentation needed/update pmtu case either.
In short I believe this is a cosmetic fix. None the less, the use of IPPROTO_IPV6 seems wrong and confusing.
Reviewed-by: Dinan Gunawardena dinan.gunawardena@netronome.com Signed-off-by: Simon Horman simon.horman@netronome.com Acked-by: YOSHIFUJI Hideaki yoshfuji@linux-ipv6.org Signed-off-by: David S. Miller davem@davemloft.net
commit a547224dceed4645139f7eff72ff51adb9938bcb Author: Alexander Duyck aduyck@mirantis.com Date: Wed Jun 15 14:42:11 2016 -0700
mlx4e: Do not attempt to offload VXLAN ports that are unrecognized
The mlx4e driver does not support more than one port for VXLAN offload. As such expecting the hardware to offload other ports is invalid since it appears the parsing logic is used to perform Tx checksum and segmentation offloads. Use the vxlan_port number to determine in which cases we can apply the offload and in which cases we can not.
Signed-off-by: Alexander Duyck aduyck@mirantis.com Reviewed-by: Tariq Toukan tariqt@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 17471c7ba5115ed724d624577b21c166d2194272 Author: Arnd Bergmann arnd@arndb.de Date: Wed Jun 15 22:31:10 2016 +0200
net: sfc: avoid -Wtype-limits warning
When building with -Wextra, we get a harmless warning from the EFX_EXTRACT_OWORD32 macro:
ethernet/sfc/farch.c: In function 'efx_farch_test_registers': ethernet/sfc/farch.c:119:30: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits] ethernet/sfc/farch.c:124:144: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits] ethernet/sfc/farch.c:124:392: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits] ethernet/sfc/farch.c:124:731: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
The macro and the caller are both correct, but we can avoid the warning by changing the index variable to a signed type.
Signed-off-by: Arnd Bergmann arnd@arndb.de Acked-by: Bert Kenward bkenward@solarflare.com Signed-off-by: David S. Miller davem@davemloft.net
commit 034fdd4a17ff089c2428ece18efa65c5396810d2 Merge: c70410c e024111 Author: Kalle Valo kvalo@codeaurora.org Date: Thu Jun 16 17:55:19 2016 +0300
Merge ath-current from ath.git
ath.git fixes for 4.7. Major changes:
ath9k
* fix GPIO mask regression with AR9462 and AR9565
ath10k
* fix deadlock while processing rx_in_ord_ind * fix crash related to printing firmware features in debug mode * fix deadlock when peer cannot be created
commit c70410cb91de70707a507ee7beef7021a5a89f0d Author: Colin Ian King colin.king@canonical.com Date: Thu Jun 9 14:38:50 2016 -0400
rtl8xxxu: fix typo on variable name, compare against correct variable
path_b_ok is being assigned but immediately after path_a_ok is being compared to the value 0x03. This appears to be a typo on the variable name, compare path_b_ok instead.
Signed-off-by: Colin Ian King colin.king@canonical.com Signed-off-by: Jes Sorensen Jes.Sorensen@redhat.com Signed-off-by: Kalle Valo kvalo@codeaurora.org
commit 13eab83f9b3566ab425a43bb65b2ba22cb0abbba Merge: 8c08c732 a59e6d8 Author: David S. Miller davem@davemloft.net Date: Wed Jun 15 23:39:18 2016 -0700
Merge branch 'r8152-fixes'
Hayes Wang says:
==================== r8152: fix known issues
These patches fix some known issues. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit a59e6d815226b70780427648e359da9bbee07171 Author: hayeswang hayeswang@realtek.com Date: Thu Jun 16 10:55:19 2016 +0800
r8152: correct the rx early size
The rx early size should be
(agg_buf_sz - packet size) / 8
Signed-off-by: Hayes Wang hayeswang@realtek.com Signed-off-by: David S. Miller davem@davemloft.net
commit 93fe9b1838404fcc3bea320b704bfa461d8e57a6 Author: hayeswang hayeswang@realtek.com Date: Thu Jun 16 10:55:18 2016 +0800
r8152: reset the bmu
Reset the BMU to clear the rx/tx fifo. This avoids that the unexpected data remains in the hw.
Signed-off-by: Hayes Wang hayeswang@realtek.com Signed-off-by: David S. Miller davem@davemloft.net
commit 4e384ac19b5be6ad084b215d298b82b3a91ad24b Author: hayeswang hayeswang@realtek.com Date: Thu Jun 16 10:55:17 2016 +0800
r8152: disable MAC clock speed down
Disable MAC clock speed down. It may casue the first control transfer to contain the wrong data, when the power state change from U1 to U0.
Signed-off-by: Hayes Wang hayeswang@realtek.com Signed-off-by: David S. Miller davem@davemloft.net
commit 8c08c7325ec36c9d338cedebc4570b567fa9a740 Merge: e582615 ad572d1 Author: David S. Miller davem@davemloft.net Date: Wed Jun 15 23:37:55 2016 -0700
Merge branch 'bpf-fixes'
Alexei Starovoitov says:
==================== bpf fixes
Fixes for two bpf bugs: 1st bug reported by Sasha Goldshtein here: https://github.com/iovisor/bcc/issues/570 2nd discovered by Daniel Borkmann by manual code analysis. See patches for details. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit ad572d174787daa59e24b8b5c83028c09cdb5ddb Author: Alexei Starovoitov ast@fb.com Date: Wed Jun 15 18:25:39 2016 -0700
bpf, trace: check event type in bpf_perf_event_read
similar to bpf_perf_event_output() the bpf_perf_event_read() helper needs to check the type of the perf_event before reading the counter.
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper") Reported-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: Alexei Starovoitov ast@kernel.org Acked-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: David S. Miller davem@davemloft.net
commit 19de99f70b87fcc3338da52a89c439b088cbff71 Author: Alexei Starovoitov ast@fb.com Date: Wed Jun 15 18:25:38 2016 -0700
bpf: fix matching of data/data_end in verifier
The ctx structure passed into bpf programs is different depending on bpf program type. The verifier incorrectly marked ctx->data and ctx->data_end access based on ctx offset only. That caused loads in tracing programs int bpf_prog(struct pt_regs *ctx) { .. ctx->ax .. } to be incorrectly marked as PTR_TO_PACKET which later caused verifier to reject the program that was actually valid in tracing context. Fix this by doing program type specific matching of ctx offsets.
Fixes: 969bf05eb3ce ("bpf: direct packet access") Reported-by: Sasha Goldshtein goldshtn@gmail.com Signed-off-by: Alexei Starovoitov ast@kernel.org Acked-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: David S. Miller davem@davemloft.net
commit e582615ad33dbd39623084a02e95567b116e1eea Author: Eric Dumazet edumazet@google.com Date: Wed Jun 15 06:24:00 2016 -0700
gre: fix error handler
1) gre_parse_header() can be called from gre_err()
At this point transport header points to ICMP header, not the inner header.
2) We can not really change transport header as ipgre_err() will later assume transport header still points to ICMP header (using icmp_hdr())
3) pskb_may_pull() logic in gre_parse_header() really works if we are interested at zone pointed by skb->data
4) As Jiri explained in commit b7f8fe251e46 ("gre: do not pull header in ICMP error processing") we should not pull headers in error handler.
So this fix :
A) changes gre_parse_header() to use skb->data instead of skb_transport_header()
B) Adds a nhs parameter to gre_parse_header() so that we can skip the not pulled IP header from error path. This offset is 0 for normal receive path.
C) remove obsolete IPV6 includes
Signed-off-by: Eric Dumazet edumazet@google.com Cc: Tom Herbert tom@herbertland.com Cc: Maciej Żenczykowski maze@google.com Cc: Jiri Benc jbenc@redhat.com Signed-off-by: David S. Miller davem@davemloft.net
commit daddef76c3deaaa7922f9d7b18edbf0a061215c3 Author: Jason A. Donenfeld Jason@zx2c4.com Date: Wed Jun 15 11:14:53 2016 +0200
net: Don't forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG
The implementation of net_dbg_ratelimited in the CONFIG_DYNAMIC_DEBUG case was added with 2c94b5373 ("net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case"). The implementation strategy was to take the usual definition of the dynamic_pr_debug macro, but alter it by adding a call to "net_ratelimit()" in the if statement. This is, in fact, the correct approach.
However, while doing this, the author of the commit forgot to surround fmt by pr_fmt, resulting in unprefixed log messages appearing in the console. So, this commit adds back the pr_fmt(fmt) invocation, making net_dbg_ratelimited properly consistent across DEBUG, no DEBUG, and DYNAMIC_DEBUG cases, and bringing parity with the behavior of dynamic_pr_debug as well.
Fixes: 2c94b5373 ("net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case") Signed-off-by: Jason A. Donenfeld Jason@zx2c4.com Cc: Tim Bingham tbingham@akamai.com Signed-off-by: David S. Miller davem@davemloft.net
commit 4a1836701fd59476ee1331379e00a9ab51ba4f61 Author: Arnd Bergmann arnd@arndb.de Date: Wed Jun 15 17:45:51 2016 +0200
net: skfb: remove obsolete -I cflag
The skfp driver has been moved to drivers/net/fddi/skfp a long time ago, but we still attempt to include headers from the old location, which causes a warning when building with W=1:
cc1: error: /git/arm-soc/drivers/net/skfp: No such file or directory [-Werror=missing-include-dirs] cc1: error: drivers/net/skfp: No such file or directory [-Werror=missing-include-dirs]
Clearly this include directive is not needed any more, so we can just remove it now.
Signed-off-by: Arnd Bergmann arnd@arndb.de Signed-off-by: David S. Miller davem@davemloft.net
commit c91522f860bb9dd4178c8280bbebd4f4321b7199 Author: Ying Xue ying.xue@windriver.com Date: Wed Jun 15 14:11:31 2016 +0800
tipc: eliminate uninitialized variable warning
net/tipc/link.c: In function ‘tipc_link_timeout’: net/tipc/link.c:744:28: warning: ‘mtyp’ may be used uninitialized in this function [-Wuninitialized]
Fixes: 42b18f605fea ("tipc: refactor function tipc_link_timeout()") Acked-by: Jon Maloy jon.maloy@ericsson.com Signed-off-by: Ying Xue ying.xue@windriver.com Signed-off-by: David S. Miller davem@davemloft.net
commit 66d95b6705a6347f7b2645e042874ec0bb03b726 Author: Ying Xue ying.xue@windriver.com Date: Wed Jun 15 14:10:57 2016 +0800
tipc: fix suspicious RCU usage
When run tipcTS&tipcTC test suite, the following complaint appears:
[ 56.926168] =============================== [ 56.926169] [ INFO: suspicious RCU usage. ] [ 56.926171] 4.7.0-rc1+ #160 Not tainted [ 56.926173] ------------------------------- [ 56.926174] net/tipc/bearer.c:408 suspicious rcu_dereference_protected() usage! [ 56.926175] [ 56.926175] other info that might help us debug this: [ 56.926175] [ 56.926177] [ 56.926177] rcu_scheduler_active = 1, debug_locks = 1 [ 56.926179] 3 locks held by swapper/4/0: [ 56.926180] #0: (((&req->timer))){+.-...}, at: [<ffffffff810e79b5>] call_timer_fn+0x5/0x340 [ 56.926203] #1: (&(&req->lock)->rlock){+.-...}, at: [<ffffffffa000c29b>] disc_timeout+0x1b/0xd0 [tipc] [ 56.926212] #2: (rcu_read_lock){......}, at: [<ffffffffa00055e0>] tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc] [ 56.926218] [ 56.926218] stack backtrace: [ 56.926221] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 4.7.0-rc1+ #160 [ 56.926222] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 56.926224] 0000000000000000 ffff880016803d28 ffffffff813c4423 ffff8800154252c0 [ 56.926227] 0000000000000001 ffff880016803d58 ffffffff810b7512 ffff8800124d8120 [ 56.926230] ffff880013f8a160 ffff8800132b5ccc ffff8800124d8120 ffff880016803d88 [ 56.926234] Call Trace: [ 56.926235] <IRQ> [<ffffffff813c4423>] dump_stack+0x67/0x94 [ 56.926250] [<ffffffff810b7512>] lockdep_rcu_suspicious+0xe2/0x120 [ 56.926256] [<ffffffffa00051f1>] tipc_l2_send_msg+0x131/0x1c0 [tipc] [ 56.926261] [<ffffffffa000567c>] tipc_bearer_xmit_skb+0x14c/0x2e0 [tipc] [ 56.926266] [<ffffffffa00055e0>] ? tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc] [ 56.926273] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc] [ 56.926278] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc] [ 56.926283] [<ffffffffa000c2d6>] disc_timeout+0x56/0xd0 [tipc] [ 56.926288] [<ffffffff810e7a68>] call_timer_fn+0xb8/0x340 [ 56.926291] [<ffffffff810e79b5>] ? call_timer_fn+0x5/0x340 [ 56.926296] [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc] [ 56.926300] [<ffffffff810e8f4a>] run_timer_softirq+0x23a/0x390 [ 56.926306] [<ffffffff810f89ff>] ? clockevents_program_event+0x7f/0x130 [ 56.926316] [<ffffffff819727c3>] __do_softirq+0xc3/0x4a2 [ 56.926323] [<ffffffff8106ba5a>] irq_exit+0x8a/0xb0 [ 56.926327] [<ffffffff81972456>] smp_apic_timer_interrupt+0x46/0x60 [ 56.926331] [<ffffffff81970a49>] apic_timer_interrupt+0x89/0x90 [ 56.926333] <EOI> [<ffffffff81027fda>] ? default_idle+0x2a/0x1a0 [ 56.926340] [<ffffffff81027fd8>] ? default_idle+0x28/0x1a0 [ 56.926342] [<ffffffff810289cf>] arch_cpu_idle+0xf/0x20 [ 56.926345] [<ffffffff810adf0f>] default_idle_call+0x2f/0x50 [ 56.926347] [<ffffffff810ae145>] cpu_startup_entry+0x215/0x3e0 [ 56.926353] [<ffffffff81040ad9>] start_secondary+0xf9/0x100
The warning appears as rtnl_dereference() is wrongly used in tipc_l2_send_msg() under RCU read lock protection. Instead the proper usage should be that rcu_dereference_rtnl() is called here.
Fixes: 5b7066c3dd24 ("tipc: stricter filtering of packets in bearer layer") Acked-by: Jon Maloy jon.maloy@ericsson.com Signed-off-by: Ying Xue ying.xue@windriver.com Signed-off-by: David S. Miller davem@davemloft.net
commit e4587ea1d748953e17ddee8f30994899ae73b677 Merge: 0ee1362 6052f7f Author: David S. Miller davem@davemloft.net Date: Wed Jun 15 14:47:46 2016 -0700
Merge branch 'macsec-fixes'
Sabrina Dubroca says:
==================== macsec fixes
Patch 1 adds rcu_barrier() during module unload to prevent possible panics.
Patch 2 allocates memory for scattergather lists and the IV on the heap, since they can escape the current function's context during crypto callbacks.
Patch 3 fixes a failure to create secure associations. ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 6052f7fbce857e327218a9d8a040e210ea7cc718 Author: Sabrina Dubroca sd@queasysnail.net Date: Tue Jun 14 15:25:16 2016 +0200
macsec: fix SA initialization
The ASYNC flag prevents initialization on some physical machines.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: David S. Miller davem@davemloft.net
commit 5d9649b3a524df9ccd15ac25ad6591089260fdbd Author: Sabrina Dubroca sd@queasysnail.net Date: Tue Jun 14 15:25:15 2016 +0200
macsec: allocate sg and iv on the heap
For the crypto callbacks to work properly, we cannot have sg and iv on the stack. Use kmalloc instead, with a single allocation for aead_request + scatterlist + iv.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Sabrina Dubroca sd@queasysnail.net Acked-by: Hannes Frederic Sowa hannes@stressinduktion.org Signed-off-by: David S. Miller davem@davemloft.net
commit b196c22af5c3ff784c472c80f6fb4e5fad67b2ac Author: Sabrina Dubroca sd@queasysnail.net Date: Tue Jun 14 15:25:14 2016 +0200
macsec: add rcu_barrier() on module exit
Without this, the various uses of call_rcu could cause a kernel panic.
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Sabrina Dubroca sd@queasysnail.net Acked-by: Hannes Frederic Sowa hannes@stressinduktion.org Signed-off-by: David S. Miller davem@davemloft.net
commit 0ee13627f963f9c5c9544ed19d82854836d5e676 Author: Florian Westphal fw@strlen.de Date: Tue Jun 14 06:16:27 2016 +0200
htb: call qdisc_root with rcu read lock held
saw a debug splat: net/include/net/sch_generic.h:287 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 2 locks held by kworker/2:1/710: #0: ("events"){.+.+.+}, at: [<ffffffff8106ca1d>] #1: ((&q->work)){+.+...}, at: [<ffffffff8106ca1d>] process_one_work+0x14d/0x690 Workqueue: events htb_work_func Call Trace: [<ffffffff812dc763>] dump_stack+0x85/0xc2 [<ffffffff8109fee7>] lockdep_rcu_suspicious+0xe7/0x120 [<ffffffff814ced47>] htb_work_func+0x67/0x70
Signed-off-by: Florian Westphal fw@strlen.de Acked-by: Cong Wang xiyou.wangcong@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit ebecaa6662b0a9c3590bd644a4cec6f9d96818b7 Author: Jamal Hadi Salim jhs@mojatatu.com Date: Mon Jun 13 18:08:42 2016 -0400
net sched actions: bug fix dumping actions directly didnt produce NLMSG_DONE
This refers to commands to direct action access as follows:
sudo tc actions add action drop index 12 sudo tc actions add action pipe index 10
And then dumping them like so: sudo tc actions ls action gact
iproute2 worked because it depended on absence of TCA_ACT_TAB TLV as end of message. This fix has been tested with iproute2 and is backward compatible.
Signed-off-by: Jamal Hadi Salim jhs@mojatatu.com Acked-by: Cong Wang xiyou.wangcong@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit d15eccea69b96a5116169688dcc9baf6d1ce2751 Author: WANG Cong xiyou.wangcong@gmail.com Date: Mon Jun 13 13:44:14 2016 -0700
act_ipt: fix a bind refcnt leak
And avoid calling tcf_hash_check() twice.
Fixes: a57f19d30b2d ("net sched: ipt action fix late binding") Cc: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: Cong Wang xiyou.wangcong@gmail.com Acked-by: Jamal Hadi Salim jhs@mojatatu.com Signed-off-by: David S. Miller davem@davemloft.net
commit 3d7c8257d999bdf8fa77ffd9be775c7b58cc7b69 Author: Eric Dumazet edumazet@google.com Date: Mon Jun 13 11:33:32 2016 -0700
net_sched: prio: insure proper transactional behavior
Now prio_init() can return -ENOMEM, it also has to make sure any allocated qdiscs are freed, since the caller (qdisc_create()) wont call ->destroy() handler for us.
More generally, we want a transactional behavior for "tc qdisc change ...", so prio_tune() should not make modifications if any error is returned.
It means that we must validate parameters and allocate missing qdisc(s) before taking root qdisc lock exactly once, to not leave the prio qdisc in an intermediate state.
Fixes: cbdf45116478 ("net_sched: prio: properly report out of memory errors") Signed-off-by: Eric Dumazet edumazet@google.com Reported-by: Cong Wang xiyou.wangcong@gmail.com Acked-by: Cong Wang xiyou.wangcong@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit 0c5ddb51e8f7be7170600f95a4ea92e5a32afad8 Author: Eric Dumazet edumazet@google.com Date: Mon Jun 13 07:50:25 2016 -0700
net/mlx4_en: initialize cmd.context_lock spinlock earlier
Maciej Żenczykowski reported lockdep warning a spinlock was not registered before being held in mlx4_cmd_wake_completions()
cmd.context_lock initialization is not at the right place.
1) mlx4_cmd_use_events() can be called multiple times. Calling spin_lock_init() on a live spinlock can lead to hangs.
2) mlx4_cmd_wake_completions() can be called while lock has not been initialized. Lockdep complains, and current logic is not race prone.
It seems better to move the initialization earlier in mlx4_load_one()
Signed-off-by: Eric Dumazet edumazet@google.com Reported-by: Maciej Żenczykowski maze@google.com Cc: Eugenia Emantayev eugenia@mellanox.com Cc: Tariq Toukan tariqt@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit 8fff1722f705ce5023a0d6d77a31a9d013be2a34 Author: Liping Zhang liping.zhang@spreadtrum.com Date: Tue Jun 14 20:13:04 2016 +0800
netfilter: nf_tables: fix a wrong check to skip the inactive rules
nft_genmask_cur has already done left-shift operator on the gencursor, so there's no need to do left-shift operator on it again.
Fixes: ea4bd995b0f2 ("netfilter: nf_tables: add transaction helper functions") Cc: Patrick McHardy kaber@trash.net Signed-off-by: Liping Zhang liping.zhang@spreadtrum.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit a02f424863610a0a7abd80c468839e59cfa4d0d8 Author: Liping Zhang liping.zhang@spreadtrum.com Date: Sat Jun 11 12:20:28 2016 +0800
netfilter: nf_tables: fix wrong destroy anonymous sets if binding fails
When we add a nft rule like follows: # nft add rule filter test tcp dport vmap {1: jump test} -ELOOP error will be returned, and the anonymous set will be destroyed.
But after that, nf_tables_abort will also try to remove the element and destroy the set, which was already destroyed and freed.
If we add a nft wrong rule, nft_tables_abort will do the cleanup work rightly, so nf_tables_set_destroy call here is redundant and wrong, remove it.
Signed-off-by: Liping Zhang liping.zhang@spreadtrum.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit 8588ac097b49ce8802f11541d9cd6f6667badb34 Author: Pablo Neira Ayuso pablo@netfilter.org Date: Sat Jun 11 12:20:27 2016 +0800
netfilter: nf_tables: reject loops from set element jump to chain
Liping Zhang says:
"Users may add such a wrong nft rules successfully, which will cause an endless jump loop:
# nft add rule filter test tcp dport vmap {1: jump test}
This is because before we commit, the element in the current anonymous set is inactive, so osp->walk will skip this element and miss the validate check."
To resolve this problem, this patch passes the generation mask to the walk function through the iter container structure depending on the code path:
1) If we're dumping the elements, then we have to check if the element is active in the current generation. Thus, we check for the current bit in the genmask.
2) If we're checking for loops, then we have to check if the element is active in the next generation, as we're in the middle of a transaction. Thus, we check for the next bit in the genmask.
Based on original patch from Liping Zhang.
Reported-by: Liping Zhang liping.zhang@spreadtrum.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org Tested-by: Liping Zhang liping.zhang@spreadtrum.com
commit a46844021f6182cca7b575295ba33a4734b1b9d9 Author: Liping Zhang liping.zhang@spreadtrum.com Date: Sat Jun 11 12:20:26 2016 +0800
netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set
We should check "i" is used as a dictionary or not, "binding" is already checked before.
Signed-off-by: Liping Zhang liping.zhang@spreadtrum.com Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit 775711497202fe376368c25b0c7296ed8803e0ba Author: Florian Westphal fw@strlen.de Date: Fri Jun 10 17:25:19 2016 +0200
netfilter: conntrack: destroy kmemcache on module removal
I forgot to move the kmem_cache_destroy into the exit path.
Fixes: 0c5366b3a8c7 ("netfilter: conntrack: use single slab cache) Signed-off-by: Florian Westphal fw@strlen.de Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
commit 61e0979a497b07f5a82f3050e37ecc7093e2971d Merge: d1e3728 4100948 Author: David S. Miller davem@davemloft.net Date: Tue Jun 14 22:21:45 2016 -0700
Merge branch 'ovs-notifications'
Nicolas Dichtel says:
==================== ovs: fix rtnl notifications on interface deletion
There was no rtnl notifications for interfaces (gre, vxlan, geneve) created by ovs. This problem is fixed by adjusting the creation path.
v1 -> v2: - add patch #1 and #4 - rework error handling in patch #2 ====================
Acked-by: Pravin B Shelar pshelar@ovn.org Signed-off-by: David S. Miller davem@davemloft.net
commit 41009481b690493c169ce85f591b9d32c6fd9422 Author: Nicolas Dichtel nicolas.dichtel@6wind.com Date: Mon Jun 13 10:31:07 2016 +0200
ovs/geneve: fix rtnl notifications on iface deletion
The function geneve_dev_create_fb() (only used by ovs) never calls rtnl_configure_link(). The consequence is that dev->rtnl_link_state is never set to RTNL_LINK_INITIALIZED. During the deletion phase, the function rollback_registered_many() sends a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Fixes: e305ac6cf5a1 ("geneve: Add support to collect tunnel metadata.") CC: Pravin B Shelar pshelar@nicira.com CC: Jesse Gross jesse@nicira.com CC: Thomas Graf tgraf@suug.ch Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com Signed-off-by: David S. Miller davem@davemloft.net
commit da6f1da819d4b9c081a477dec74dc468a0b44290 Author: Nicolas Dichtel nicolas.dichtel@6wind.com Date: Mon Jun 13 10:31:06 2016 +0200
ovs/gre: fix rtnl notifications on iface deletion
The function gretap_fb_dev_create() (only used by ovs) never calls rtnl_configure_link(). The consequence is that dev->rtnl_link_state is never set to RTNL_LINK_INITIALIZED. During the deletion phase, the function rollback_registered_many() sends a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Fixes: b2acd1dc3949 ("openvswitch: Use regular GRE net_device instead of vport") CC: Thomas Graf tgraf@suug.ch CC: Pravin B Shelar pshelar@nicira.com Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com Signed-off-by: David S. Miller davem@davemloft.net
commit cf5da330bbdd0c06b05c525a3d1d58ccd82c87a6 Author: Nicolas Dichtel nicolas.dichtel@6wind.com Date: Mon Jun 13 10:31:05 2016 +0200
ovs/vxlan: fix rtnl notifications on iface deletion
The function vxlan_dev_create() (only used by ovs) never calls rtnl_configure_link(). The consequence is that dev->rtnl_link_state is never set to RTNL_LINK_INITIALIZED. During the deletion phase, the function rollback_registered_many() sends a RTM_DELLINK only if dev->rtnl_link_state is set to RTNL_LINK_INITIALIZED.
Note that the function vxlan_dev_create() is moved after the rtnl stuff so that vxlan_dellink() can be called in this function.
Fixes: dcc38c033b32 ("openvswitch: Re-add CONFIG_OPENVSWITCH_VXLAN") CC: Thomas Graf tgraf@suug.ch CC: Pravin B Shelar pshelar@nicira.com Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com Signed-off-by: David S. Miller davem@davemloft.net
commit 106da663ff495e0aea3ac15b8317aa410754fcac Author: Nicolas Dichtel nicolas.dichtel@6wind.com Date: Mon Jun 13 10:31:04 2016 +0200
ovs/gre,geneve: fix error path when creating an iface
After ipgre_newlink()/geneve_configure() call, the netdev is registered.
Fixes: 7e059158d57b ("vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices") CC: David Wragg david@weave.works Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com Signed-off-by: David S. Miller davem@davemloft.net
commit d1e37288c9146dccff830e3253e403af8705b51f Author: Su, Xuemin suxm@chinanetcenter.com Date: Mon Jun 13 11:02:50 2016 +0800
udp reuseport: fix packet of same flow hashed to different socket
There is a corner case in which udp packets belonging to a same flow are hashed to different socket when hslot->count changes from 10 to 11:
1) When hslot->count <= 10, __udp_lib_lookup() searches udp_table->hash, and always passes 'daddr' to udp_ehashfn().
2) When hslot->count > 10, __udp_lib_lookup() searches udp_table->hash2, but may pass 'INADDR_ANY' to udp_ehashfn() if the sockets are bound to INADDR_ANY instead of some specific addr.
That means when hslot->count changes from 10 to 11, the hash calculated by udp_ehashfn() is also changed, and the udp packets belonging to a same flow will be hashed to different socket.
This is easily reproduced: 1) Create 10 udp sockets and bind all of them to 0.0.0.0:40000. 2) From the same host send udp packets to 127.0.0.1:40000, record the socket index which receives the packets. 3) Create 1 more udp socket and bind it to 0.0.0.0:44096. The number 44096 is 40000 + UDP_HASH_SIZE(4096), this makes the new socket put into the same hslot as the aformentioned 10 sockets, and makes the hslot->count change from 10 to 11. 4) From the same host send udp packets to 127.0.0.1:40000, and the socket index which receives the packets will be different from the one received in step 2. This should not happen as the socket bound to 0.0.0.0:44096 should not change the behavior of the sockets bound to 0.0.0.0:40000.
It's the same case for IPv6, and this patch also fixes that.
Signed-off-by: Su, Xuemin suxm@chinanetcenter.com Signed-off-by: Eric Dumazet edumazet@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit 6c0d54f1897d229748d4f41ef919078db6db2123 Author: Eric Dumazet edumazet@google.com Date: Sun Jun 12 20:01:25 2016 -0700
net_sched: fix pfifo_head_drop behavior vs backlog
When the qdisc is full, we drop a packet at the head of the queue, queue the current skb and return NET_XMIT_CN
Now we track backlog on upper qdiscs, we need to call qdisc_tree_reduce_backlog(), even if the qlen did not change.
Fixes: 2ccccf5fb43f ("net_sched: update hierarchical backlog too") Signed-off-by: Eric Dumazet edumazet@google.com Cc: WANG Cong xiyou.wangcong@gmail.com Cc: Jamal Hadi Salim jhs@mojatatu.com Acked-by: Cong Wang xiyou.wangcong@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit 881d0327db37ad917a367c77aff1afa1ee41e0a9 Author: Feng Tang feng.tang@intel.com Date: Sun Jun 12 17:36:37 2016 +0800
net: alx: Work around the DMA RX overflow issue
Commit 26c5f03 uses a new skb allocator to avoid the RFD overflow issue.
But from debugging without datasheet, we found the error always happen when the DMA RX address is set to 0x....fc0, which is very likely to be a HW/silicon problem.
So one idea is instead of adding a new allocator, why not just hitting the right target by avaiding the error-prone DMA address?
This patch will actually * Remove the commit 26c5f03 * Apply rx skb with 64 bytes longer space, and if the allocated skb has a 0x...fc0 address, it will use skb_resever(skb, 64) to advance the address, so that the RX overflow can be avoided.
In theory this method should also apply to atl1c driver, which I can't find anyone who can help to test on real devices.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70761 Signed-off-by: Feng Tang feng.tang@intel.com Suggested-by: Eric Dumazet edumazet@google.com Tested-by: Ole Lukoie olelukoie@mail.ru Acked-by: Eric Dumazet edumazet@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit b46d9f625b07f843c706c2c7d0210a90ccdf143b Author: Hannes Frederic Sowa hannes@stressinduktion.org Date: Sun Jun 12 12:02:46 2016 +0200
ipv4: fix checksum annotation in udp4_csum_init
Reported-by: Cong Wang xiyou.wangcong@gmail.com Cc: Cong Wang xiyou.wangcong@gmail.com Cc: Tom Herbert tom@herbertland.com Fixes: 4068579e1e098fa ("net: Implmement RFC 6936 (zero RX csums for UDP/IPv6") Signed-off-by: Hannes Frederic Sowa hannes@stressinduktion.org Signed-off-by: David S. Miller davem@davemloft.net
commit c148d16369ff0095eca950d17968ba1d56a47b53 Author: Hannes Frederic Sowa hannes@stressinduktion.org Date: Sat Jun 11 21:15:37 2016 +0200
ipv6: fix checksum annotation in udp6_csum_init
Cc: Tom Herbert tom@herbertland.com Fixes: 4068579e1e098fa ("net: Implmement RFC 6936 (zero RX csums for UDP/IPv6") Signed-off-by: Hannes Frederic Sowa hannes@stressinduktion.org Signed-off-by: David S. Miller davem@davemloft.net
commit 5119bd16815d3f0364390a1369392dcc036790e7 Author: Hannes Frederic Sowa hannes@stressinduktion.org Date: Sat Jun 11 20:41:38 2016 +0200
ipv6: tcp: fix endianness annotation in tcp_v6_send_response
Cc: Florent Fourcot florent.fourcot@enst-bretagne.fr Fixes: 1d13a96c74fc ("ipv6: tcp: fix flowlabel value in ACK messages send from TIME_WAIT") Signed-off-by: Hannes Frederic Sowa hannes@stressinduktion.org Signed-off-by: David S. Miller davem@davemloft.net
commit dcb94b88c09ce82a80e188d49bcffdc83ba215a6 Author: Hannes Frederic Sowa hannes@stressinduktion.org Date: Sat Jun 11 20:32:06 2016 +0200
ipv6: fix endianness error in icmpv6_err
IPv6 ping socket error handler doesn't correctly convert the new 32 bit mtu to host endianness before using.
Cc: Lorenzo Colitti lorenzo@google.com Fixes: 6d0bfe22611602f ("net: ipv6: Add IPv6 support to the ping socket.") Signed-off-by: Hannes Frederic Sowa hannes@stressinduktion.org Acked-by: Lorenzo Colitti lorenzo@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit fdecf36fcefa9f48c2f2de21c8176f1a8ce2c960 Author: Clemens Gruber clemens.gruber@pqgruber.com Date: Sat Jun 11 17:21:26 2016 +0200
phy: marvell: fix LED configuration via marvell,reg-init
Configuring the PHY LED registers for the Marvell 88E1510 and others is not possible, because regardless of the values in marvell,reg-init, it is later overridden in m88e1121_config_aneg with a non-standard default.
This patch moves that default configuration to .config_init to allow setting the LED configuration through marvell,reg-init in the device tree, which should override said default if it exists.
Signed-off-by: Clemens Gruber clemens.gruber@pqgruber.com Reviewed-by: Andrew Lunn andrew@lunn.ch Signed-off-by: David S. Miller davem@davemloft.net
commit bba42c7877d3efce86ca331ad1a7e37046627c72 Merge: 182fd9e 280a3ef Author: Kalle Valo kvalo@codeaurora.org Date: Tue Jun 14 17:07:38 2016 +0300
Merge tag 'iwlwifi-for-kalle-2016-06-10' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
* fix the scan timeout for long scans * fix an RCU splat caused when updating the TKIP key * fix a potential NULL-derefence introduced recently * fix a IGTK key bug that has existed since the MVM driver was introduced * fix some fw capabilities checks that got accidentally inverted
commit e024111f6946f45cf1559a8c6fd48d2d0f696d07 Author: Miaoqing Pan miaoqing@codeaurora.org Date: Tue Jun 7 15:47:07 2016 +0300
ath9k: fix GPIO mask for AR9462 and AR9565
The incorrect GPIO mask cause kernel warning, when AR9462 access GPIO11. Also fix the mask for AR9565.
WARNING: CPU: 1 PID: 199 at ../drivers/net/wireless/ath/ath9k/hw.c:2778 ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw] CPU: 1 PID: 199 Comm: kworker/u16:9 Not tainted 4.7.0-rc1-next-20160530+ #5 Hardware name: Acer TravelMate P243/BA40_HC, BIOS V1.01 04/20/2012 Workqueue: events_power_efficient rfkill_poll 0000000000000000 ffff88002cf73d28 ffffffff813b8ddc 0000000000000000 0000000000000000 ffff88002cf73d68 ffffffff8107a331 00000ada00000086 ffff880148d9c018 000000000000000b ffff880147e68720 0000000000000200 Call Trace: [<ffffffff813b8ddc>] dump_stack+0x63/0x87 [<ffffffff8107a331>] __warn+0xd1/0xf0 [<ffffffff8107a41d>] warn_slowpath_null+0x1d/0x20 [<ffffffffc0775b19>] ath9k_hw_gpio_get+0x1a9/0x1b0 [ath9k_hw] [<ffffffffc047f3e4>] ath9k_rfkill_poll_state+0x34/0x60 [ath9k] [<ffffffffc06dbb53>] ieee80211_rfkill_poll+0x33/0x40 [mac80211] [<ffffffffc03ad65a>] cfg80211_rfkill_poll+0x2a/0xc0 [cfg80211] [<ffffffff817c5514>] rfkill_poll+0x24/0x50 [<ffffffff81093183>] process_one_work+0x153/0x3f0 [<ffffffff8109393b>] worker_thread+0x12b/0x4b0 [<ffffffff81093810>] ? rescuer_thread+0x340/0x340 [<ffffffff81099129>] kthread+0xc9/0xe0 [<ffffffff817d8f1f>] ret_from_fork+0x1f/0x40 [<ffffffff81099060>] ? kthread_park+0x60/0x60
Fixes: a01ab81b09c5 ("ath9k: define correct GPIO numbers and bits mask") Reported-by: Sudip Mukherjee sudip.mukherjee@codethink.co.uk Tested-by: Sudip Mukherjee sudip.mukherjee@codethink.co.uk Signed-off-by: Miaoqing Pan miaoqing@codeaurora.org Signed-off-by: Kalle Valo kvalo@qca.qualcomm.com
commit e50525bef593c3dd0564df676c567d77f7c20322 Author: Rajkumar Manoharan rmanohar@qti.qualcomm.com Date: Thu Jun 9 11:33:55 2016 +0530
ath10k: fix deadlock while processing rx_in_ord_ind
commit 5c86d97bcc1d ("ath10k: combine txrx and replenish task") introduced deadlock while processing rx in order indication message for qca6174 based devices. While merging replenish and txrx tasklets, replenish task should be called out of htt rx ring locking since it is also try to acquire the same lock.
Unfortunately this issue is not exposed by other solutions (qca988x, qca99x0 & qca4019), as rx_in_ord_ind message is specific to qca6174 based devices. This patch fixes
============================================= [ INFO: possible recursive locking detected ] 4.7.0-rc2-wt-ath+ #1353 Tainted: G E --------------------------------------------- swapper/3/0 is trying to acquire lock: (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d7ef19>] ath10k_htt_rx_msdu_buff_replenish+0x29/0x90 [ath10k_core]
but task is already holding lock: (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>] ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
other info that might help us debug this: Possible unsafe locking scenario:
CPU0 ---- lock(&(&htt->rx_ring.lock)->rlock); lock(&(&htt->rx_ring.lock)->rlock);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by swapper/3/0: #0: (&(&htt->rx_ring.lock)->rlock){+.-...}, at: [<f8d82cab>] ath10k_htt_txrx_compl_task+0x21b/0x250 [ath10k_core]
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=119151 Fixes: 5c86d97bcc1d ("ath10k: combine txrx and replenish task") Reported-by: Mike Lothian mike@fireburn.co.uk Signed-off-by: Rajkumar Manoharan rmanohar@qti.qualcomm.com Signed-off-by: Kalle Valo kvalo@qca.qualcomm.com
commit d941ebe88a411aa281cc80477a93feb931a1b50b Author: Ivan Khoronzhuk ivan.khoronzhuk@linaro.org Date: Sat Jun 11 01:11:54 2016 +0300
net: ethernet: ti: cpsw: use destroy ctlr to destroy channels
There is no reason to destroy channels that are destroyed while cpdma_ctlr destroy. In this case no need to remember how much channels where created and destroy them by one, as cpdma_ctlr destroys all of them.
Signed-off-by: Ivan Khoronzhuk ivan.khoronzhuk@linaro.org Signed-off-by: David S. Miller davem@davemloft.net
commit cbdf451164785c9cf5acd5d2983c1e7c778df4c1 Author: Eric Dumazet edumazet@google.com Date: Sun Jun 12 16:21:47 2016 -0700
net_sched: prio: properly report out of memory errors
At Qdisc creation or change time, prio_tune() creates missing pfifo qdiscs but does not return an error code if one qdisc could not be allocated.
Leaving a qdisc in non operational state without telling user anything about this problem is not good.
Also, testing if we replace something different than noop_qdisc a second time makes no sense so I removed useless code.
Signed-off-by: Eric Dumazet edumazet@google.com Signed-off-by: David S. Miller davem@davemloft.net
commit 86ef7f9cbfd564377028098cf20cc1c3ec2c776d Author: David S. Miller davem@davemloft.net Date: Sat Jun 11 20:40:24 2016 -0700
ipconfig: Protect ic_addrservaddr with IPCONFIG_DYNAMIC.
>> net/ipv4/ipconfig.c:130:15: warning: 'ic_addrservaddr' defined but not used [-Wunused-variable] static __be32 ic_addrservaddr = NONE; /* IP Address of the IP addresses'server */
Reported-by: kbuild test robot fengguang.wu@intel.com Signed-off-by: David S. Miller davem@davemloft.net
commit 92ca8241533009e4e05a9f3999a75389678af094 Author: Manuel Lauss manuel.lauss@gmail.com Date: Sat Jun 11 00:13:04 2016 +0200
net: au1000_eth: fix PHY detection
Commit 7f854420fbfe9d49afe2ffb1df052cfe8e215541 ("phy: Add API for {un}registering an mdio device to a bus.") broke PHY detection on this driver with a copy-paste bug: The code is looking 32 times for a PHY at address 0.
Fixes ethernet on AMD DB1100/DB1500/DB1550 boards which have their (autodetected) PHYs at address 31.
Cc: Andrew Lunn andrew@lunn.ch Signed-off-by: Manuel Lauss manuel.lauss@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit 86c5fe4c932a8ef2d32f8b3d32cc9f0476fc54f3 Author: David S. Miller davem@davemloft.net Date: Fri Jun 10 23:34:24 2016 -0700
Revert "net: au1000_eth: fix PHY detection"
This reverts commit a2f27217e4e60e663b5b971b0ccb287a9548b04e.
I applied the wrong version of this.
Signed-off-by: David S. Miller davem@davemloft.net
commit a2f27217e4e60e663b5b971b0ccb287a9548b04e Author: Manuel Lauss manuel.lauss@gmail.com Date: Fri Jun 10 16:53:05 2016 +0200
net: au1000_eth: fix PHY detection
Commit 7f854420fbfe9d49afe2ffb1df052cfe8e215541 ("phy: Add API for {un}registering an mdio device to a bus.") broke PHY detection on this driver with a copy-paste bug: The code is looking 32 times for a PHY at address 0.
Fixes ethernet on AMD DB1100/DB1500/DB1550 boards which have their (autodetected) PHYs at address 31.
Cc: Andrew Lunn andrew@lunn.ch Signed-off-by: Manuel Lauss manuel.lauss@gmail.com Signed-off-by: David S. Miller davem@davemloft.net
commit a4b42ab3205a28b24eb0d480935cf9fd1051a7f2 Merge: 0b392be 82c6544 Author: David S. Miller davem@davemloft.net Date: Fri Jun 10 23:29:30 2016 -0700
Merge branch 'mediatek-fixes'
John Crispin says:
==================== net: mediatek: various small fixes
This series contains various small fixes that we stumbled across while doing thorough testing and code level reviewing of the driver.
Changes in V2: * drop the DQL patch from the list until a better solution is found ====================
Signed-off-by: David S. Miller davem@davemloft.net
commit 82c6544dddc6c4bd940917af2f987dee6be0fc17 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:08 2016 +0200
net: mediatek: remove superfluous queue wake up call
The code checks if the queue should be stopped because we are below the threshold of free descriptors only to check if it should be started again. If we do end up in a state where we are at the threshold limit, it makes more sense to just stop the queue and wait for the next IRQ to trigger the TX housekeeping again. There is no rush in enqueuing the next packet, it needs to wait for all the others in the queue to be dispatched first anyway.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit ad3cba989e8b1bbefe078eece29f0e8d8aaea1d6 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:07 2016 +0200
net: mediatek: only wake the queue if it is stopped
The current code unconditionally wakes up the queue at the end of each tx_poll action. Change the code to only wake up the queues if any of them have actually been stopped before.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 12c97c13ea7174db5b5dc4a1ef91d4e9245bb569 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:06 2016 +0200
net: mediatek: fix off by one in the TX ring allocation
The TX ring setup has an off by one error causing it to not utilise all descriptors. This has the side effect that we need to reset the next pointer at runtime to make it work. Fix the off by one and remove the code fixing the ring at runtime.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit eaadf9fd3f6390f6ecbd0dfbd5997a0486fc9d5e Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:05 2016 +0200
net: mediatek: increase watchdog_timeo
During stress testing, after reducing the threshold value, we have seen TX timeouts that were caused by the watchdog_timeo value being too low. Increase the value to 5 * HZ which is a value commonly used by many other drivers.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 04698cccb1de54d5d97fda2e4a1c6ca365da0f70 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:04 2016 +0200
net: mediatek: fix threshold value
The logic to calculate the threshold value for stopping the TX queue is bad. Currently it will always use 1/2 of the rings size, which is way too much. Set the threshold to MAX_SKB_FRAGS. This makes sure that the queue is stopped when there is not enough room to accept an additional segment.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 2ff0bb61646f286fa97db2904491974302a14f1f Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:03 2016 +0200
net: mediatek: disable all interrupts during probe
The current code only disables those IRQs that we will later use. To ensure that we have a predefined state, we really want to disable all IRQs. Change the code to disable all IRQs to achieve this.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 6675086d04e7c0748cd5884f7c8611b5f0836250 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:02 2016 +0200
net: mediatek: add next data pointer coherency protection
The QDMA engine can fail to update the register pointing to the next TX descriptor if this bit does not get set in the QDMA configuration register. Not setting this bit can result in invalid values inside the TX rings registers which will causes TX stalls.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 94321a9fc9f5b6c6e949cc7c69741538f556ab74 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:01 2016 +0200
net: mediatek: dropped rx packets are not being counted properly
There are two places inside mtk_poll_rx where rx_dropped is not being incremented properly. Fix this by adding the missing code to increment the counter.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 2fae723cefb8bfe712371978288aa0a70b54802e Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:28:00 2016 +0200
net: mediatek: invalid buffer lookup in mtk_tx_map()
The lookup of the tx_buffer in the error path inside mtk_tx_map() uses the wrong descriptor pointer. This looks like a copy & paste error. Change the code to use the correct pointer.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 605e4fe476956c67ced8518247e6c9601a31b868 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:27:59 2016 +0200
net: mediatek: fix missing free of scratch memory
Scratch memory gets allocated in mtk_init_fq_dma() but the corresponding code to free it is missing inside mtk_dma_free() causing a memory leak. With this patch applied, we can run ifconfig up/down several thousand times without any problems.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 562c5a70400c75f50d99de631666ac7cc2f03958 Author: John Crispin john@phrozen.org Date: Fri Jun 10 13:27:58 2016 +0200
net: mediatek: add missing return code check
The code fails to check if the scratch memory was properly allocated. Add this check and return with an error if the allocation failed.
Signed-off-by: John Crispin john@phrozen.org Signed-off-by: David S. Miller davem@davemloft.net
commit 0b392be9a86560dae3af2e7528f226ff465ab549 Author: Ben Dooks ben.dooks@codethink.co.uk Date: Fri Jun 10 12:11:06 2016 +0100
net: ipconfig: avoid warning by making ic_addrservaddr static
The symbol ic_addrservaddr is not static, but has no declaration to match so make it static to fix the following warning:
net/ipv4/ipconfig.c:130:8: warning: symbol 'ic_addrservaddr' was not declared. Should it be static?
Signed-off-by: Ben Dooks ben.dooks@codethink.co.uk Signed-off-by: David S. Miller davem@davemloft.net
commit c3ec5e5ce9cea1f369a5a8ad69d6471680796bc6 Author: Ben Dooks ben.dooks@codethink.co.uk Date: Thu Jun 9 18:05:09 2016 +0100
net: diag: add missing declarations
The functions inet_diag_msg_common_fill and inet_diag_msg_attrs_fill seem to have been missed from the include/linux/inet_diag.h header file. Add them to fix the following warnings:
net/ipv4/inet_diag.c:69:6: warning: symbol 'inet_diag_msg_common_fill' was not declared. Should it be static? net/ipv4/inet_diag.c:108:5: warning: symbol 'inet_diag_msg_attrs_fill' was not declared. Should it be static?
Signed-off-by: Ben Dooks ben.dooks@codethink.co.uk Signed-off-by: David S. Miller davem@davemloft.net
commit 56fae404fb2c306db0a35dad0d16fa24c65678f3 Author: Ido Schimmel idosch@mellanox.com Date: Tue Jun 7 12:06:58 2016 +0300
bridge: Fix incorrect re-injection of STP packets
Commit 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's return value by consuming packets in okfn via br_pass_frame_up().
However, this function re-injects packets to the Rx path with skb->dev set to the bridge device, which breaks kernel's STP, as all STP packets appear to originate from the bridge device itself.
Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn packet's SMAC and inject it back to the Rx path for further processing by the packet handlers.
The patch also makes netfilter's behavior consistent with regards to packets destined to the Bridge Group Address, as no hook registered at LOCAL_IN will ever be called, regardless if STP is enabled or not.
Cc: Florian Westphal fw@strlen.de Cc: Shmulik Ladkani shmulik.ladkani@gmail.com Cc: Toshiaki Makita makita.toshiaki@lab.ntt.co.jp Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") Signed-off-by: Jiri Pirko jiri@mellanox.com Signed-off-by: Ido Schimmel idosch@mellanox.com Signed-off-by: David S. Miller davem@davemloft.net
commit fc0f7e3317c5f406e6d5520209b4689a4ffecfdf Author: Manfred Schlaegl manfred.schlaegl@ginzinger.com Date: Mon Jun 6 10:47:47 2016 +0200
net: phy: smsc: reintroduced unconditional soft reset
We detected some problems using the smsc lan8720a in combination with i.MX28 and tracked this down to commit 21009686662f ("net: phy: smsc: move smsc_phy_config_init reset part in a soft_reset function") With 2100968666 the generic soft reset is replaced by a specific function which handles power down state correctly. But additionally the soft reset itself got conditional and is therefore also only performed if the phy is in power down state.
This patch keeps the conditional wake up from power down, but re-introduces the unconditional soft reset using the generic soft reset function. It was tested on linux-4.1.25 and linux-4.7.0-rc2.
Signed-off-by: Manfred Schlaegl manfred.schlaegl@ginzinger.com Signed-off-by: David S. Miller davem@davemloft.net
commit 280a3efa82fccc9532c968a77e5162cb9f0af497 Author: Johannes Berg johannes.berg@intel.com Date: Tue Jun 7 14:46:37 2016 +0200
iwlwifi: mvm: fix a few firmware capability checks
My cleanup in "iwlwifi: prepare for higher API/CAPA bits" accidentally inverted a few tests - fix them.
Fixes: 859d914c8f5c ("iwlwifi: prepare for higher API/CAPA bits") Reported-by: Sara Sharon sara.sharon@intel.com Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Luca Coelho luciano.coelho@intel.com
commit aa950524d501afa28869b7f56e539fd9e744dd9f Author: Ayala Beker ayala.beker@intel.com Date: Wed Jun 1 00:28:09 2016 +0300
iwlwifi: mvm: set the encryption type of an IGTK key
The FW expect the driver to set the encryption algorithm type when installing the IGTK key in the HW. Currently when installing CMAC IGTK key we don't set the algorithm type and as a result the FW fails to calculate the MIC of multicast management frames. Fix it.
Signed-off-by: Ayala Beker ayala.beker@intel.com Signed-off-by: Luca Coelho luciano.coelho@intel.com
commit 1f9788f335d7c3145bcb59bd570c5b9ef7203ef4 Author: Luca Coelho luciano.coelho@intel.com Date: Mon May 16 14:34:20 2016 +0300
iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder()
We try to access sta before we check for IS_ERR_OR_NULL(), so we may end up accessing a NULL pointer. To prevent that, move the conversion from sta to mvm_sta below the check.
Fixes: b915c10174fb ("iwlwifi: mvm: add reorder buffer per queue") Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Luca Coelho luciano.coelho@intel.com
commit 7d6a1ab6a2db180122dee8db6c201f2dcf677813 Author: Emmanuel Grumbach emmanuel.grumbach@intel.com Date: Sun May 15 10:20:29 2016 +0300
iwlwifi: mvm: fix RCU splat in TKIP's update_key
The commit below mistakenly changed an rcu_dereference_check to a rcu_dereference_protected which introduced the following RCU warning:
[ INFO: suspicious RCU usage. ] 4.6.0-rc7-next-20160513-dbg-00004-g8de8b92-dirty #655 Not tainted ------------------------------- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h:1069 suspicious rcu_dereference_protected() usage! Call Trace: [<ffffffff8106b836>] lockdep_rcu_suspicious+0xf7/0x100 [<ffffffffa03b2321>] iwl_mvm_get_key_sta.part.0+0x5d/0x80 [iwlmvm] [<ffffffffa03b4acb>] iwl_mvm_update_tkip_key+0xd3/0x162 [iwlmvm] [<ffffffffa03a2b60>] iwl_mvm_mac_update_tkip_key+0x17/0x19 [iwlmvm] [<ffffffffa0329646>] ieee80211_tkip_decrypt_data+0x22c/0x24b [mac80211] [<ffffffffa0318bb1>] ieee80211_crypto_tkip_decrypt+0xc5/0x110 [mac80211] [<ffffffffa033102e>] ieee80211_rx_handlers+0x9bb/0x1fe1 [mac80211]
Fixes: 13303c0fb148 ("iwlwifi: mvm: use helpers to get iwl_mvm_sta") Reported-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Signed-off-by: Emmanuel Grumbach emmanuel.grumbach@intel.com Signed-off-by: Luca Coelho luciano.coelho@intel.com
commit 06a84db74c3572cde79eb1b04f301399eafb8226 Author: Luca Coelho luciano.coelho@intel.com Date: Mon May 2 15:27:34 2016 +0300
iwlwifi: mvm: increase scan timeout to 20 seconds
The 16 seconds timeout we were using turned out to be too short. Recalculations by system show that the total time in both bands should be < 18.5 seconds, even in the slowest cases (e.g. DCM P2P with DTIM=2). Rounding it up to 20 seconds for a bit more safety.
Fixes: 728e825f81b1 ("iwlwifi: mvm: add a scan timeout for regular scans") Signed-off-by: Luca Coelho luciano.coelho@intel.com
commit 8d0a0710ea0d22881fdb40eb79d346a98cc64ae6 Author: Ben Greear greearb@candelatech.com Date: Thu Jun 2 17:59:54 2016 +0300
ath10k: fix crash related to printing features
This looks like a regression from commit c4cdf753ed42 ("ath10k: move fw_features to struct ath10k_fw_file"), we were printing the features from a wrong struct.
Fixes: c4cdf753ed42 ("ath10k: move fw_features to struct ath10k_fw_file") Signed-off-by: Ben Greear greearb@candelatech.com [kvalo@qca.qualcomm.com: improve commit log] Signed-off-by: Kalle Valo kvalo@qca.qualcomm.com
commit fee48cf8374569a3888fd8c8536283e6067f0cfb Author: Ben Greear greearb@candelatech.com Date: Fri Apr 1 14:12:12 2016 -0700
ath10k: fix deadlock when peer cannot be created
We must not attempt to send WMI packets while holding the data-lock, as it may deadlock:
BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath10k/wmi.c:1824 in_atomic(): 1, irqs_disabled(): 0, pid: 2878, name: wpa_supplicant
============================================= [ INFO: possible recursive locking detected ] 4.4.6+ #21 Tainted: G W O --------------------------------------------- wpa_supplicant/2878 is trying to acquire lock: (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core]
but task is already holding lock: (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core]
other info that might help us debug this: Possible unsafe locking scenario:
CPU0 ---- lock(&(&ar->data_lock)->rlock); lock(&(&ar->data_lock)->rlock);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by wpa_supplicant/2878: #0: (rtnl_mutex){+.+.+.}, at: [<ffffffff816493ca>] rtnl_lock+0x12/0x14 #1: (&ar->conf_mutex){+.+.+.}, at: [<ffffffffa0706932>] ath10k_add_interface+0x3b/0xbda [ath10k_core] #2: (&(&ar->data_lock)->rlock){+.-...}, at: [<ffffffffa070251b>] ath10k_peer_create+0x122/0x1ae [ath10k_core] #3: (rcu_read_lock){......}, at: [<ffffffffa062f304>] rcu_read_lock+0x0/0x66 [mac80211]
stack backtrace: CPU: 3 PID: 2878 Comm: wpa_supplicant Tainted: G W O 4.4.6+ #21 Hardware name: To be filled by O.E.M. To be filled by O.E.M./ChiefRiver, BIOS 4.6.5 06/07/2013 0000000000000000 ffff8801fcadf8f0 ffffffff8137086d ffffffff82681720 ffffffff82681720 ffff8801fcadf9b0 ffffffff8112e3be ffff8801fcadf920 0000000100000000 ffffffff82681720 ffffffffa0721500 ffff8801fcb8d348 Call Trace: [<ffffffff8137086d>] dump_stack+0x81/0xb6 [<ffffffff8112e3be>] __lock_acquire+0xc5b/0xde7 [<ffffffffa0721500>] ? ath10k_wmi_tx_beacons_iter+0x15/0x11a [ath10k_core] [<ffffffff8112d0d0>] ? mark_lock+0x24/0x201 [<ffffffff8112e908>] lock_acquire+0x132/0x1cb [<ffffffff8112e908>] ? lock_acquire+0x132/0x1cb [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core] [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core] [<ffffffff816f9e2b>] _raw_spin_lock_bh+0x31/0x40 [<ffffffffa0721511>] ? ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core] [<ffffffffa0721511>] ath10k_wmi_tx_beacons_iter+0x26/0x11a [ath10k_core] [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core] [<ffffffffa062eb18>] __iterate_interfaces+0x9d/0x13d [mac80211] [<ffffffffa062f609>] ieee80211_iterate_active_interfaces_atomic+0x32/0x3e [mac80211] [<ffffffffa07214eb>] ? ath10k_wmi_cmd_send_nowait+0x1ce/0x1ce [ath10k_core] [<ffffffffa071fa9f>] ath10k_wmi_tx_beacons_nowait.isra.13+0x14/0x16 [ath10k_core] [<ffffffffa0721676>] ath10k_wmi_cmd_send+0x71/0x242 [ath10k_core] [<ffffffffa07023f6>] ath10k_wmi_peer_delete+0x3f/0x42 [ath10k_core] [<ffffffffa0702557>] ath10k_peer_create+0x15e/0x1ae [ath10k_core] [<ffffffffa0707004>] ath10k_add_interface+0x70d/0xbda [ath10k_core] [<ffffffffa05fffcc>] drv_add_interface+0x123/0x1a5 [mac80211] [<ffffffffa061554b>] ieee80211_do_open+0x351/0x667 [mac80211] [<ffffffffa06158aa>] ieee80211_open+0x49/0x4c [mac80211] [<ffffffff8163ecf9>] __dev_open+0x88/0xde [<ffffffff8163ef6e>] __dev_change_flags+0xa4/0x13a [<ffffffff8163f023>] dev_change_flags+0x1f/0x54 [<ffffffff816a5532>] devinet_ioctl+0x2b9/0x5c9 [<ffffffff816514dd>] ? copy_to_user+0x32/0x38 [<ffffffff816a6115>] inet_ioctl+0x81/0x9d [<ffffffff816a6115>] ? inet_ioctl+0x81/0x9d [<ffffffff81621cf8>] sock_do_ioctl+0x20/0x3d [<ffffffff816223c4>] sock_ioctl+0x222/0x22e [<ffffffff8121cf95>] do_vfs_ioctl+0x453/0x4d7 [<ffffffff81625603>] ? __sys_recvmsg+0x4c/0x5b [<ffffffff81225af1>] ? __fget_light+0x48/0x6c [<ffffffff8121d06b>] SyS_ioctl+0x52/0x74 [<ffffffff816fa736>] entry_SYSCALL_64_fastpath+0x16/0x7a
Signed-off-by: Ben Greear greearb@candelatech.com Signed-off-by: Kalle Valo kvalo@qca.qualcomm.com
-----------------------------------------------------------------------
-
postmaster@open-mesh.org