Vladimir Davydov [Sat, 23 Nov 2013 07:18:01 +0000 (07:18 +0000)]
e1000: fix possible reset_task running after adapter down
On e1000_down(), we should ensure every asynchronous work is canceled
before proceeding. Since the watchdog_task can schedule other works
apart from itself, it should be stopped first, but currently it is
stopped after the reset_task. This can result in the following race
leading to the reset_task running after the module unload:
e1000_down_and_stop(): e1000_watchdog():
---------------------- -----------------
cancel_work_sync(reset_task)
schedule_work(reset_task)
cancel_delayed_work_sync(watchdog_task)
The patch moves cancel_delayed_work_sync(watchdog_task) at the beginning
of e1000_down_and_stop() thus ensuring the race is impossible.
Cc: Tushar Dave <tushar.n.dave@intel.com>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Vladimir Davydov [Sat, 23 Nov 2013 07:17:56 +0000 (07:17 +0000)]
e1000: fix lockdep warning in e1000_reset_task
The patch fixes the following lockdep warning, which is 100%
reproducible on network restart:
======================================================
[ INFO: possible circular locking dependency detected ]
3.12.0+ #47 Tainted: GF
-------------------------------------------------------
kworker/1:1/27 is trying to acquire lock:
((&(&adapter->watchdog_task)->work)){+.+...}, at: [<
ffffffff8108a5b0>] flush_work+0x0/0x70
but task is already holding lock:
(&adapter->mutex){+.+...}, at: [<
ffffffffa0177c0a>] e1000_reset_task+0x4a/0xa0 [e1000]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&adapter->mutex){+.+...}:
[<
ffffffff810bdb5d>] lock_acquire+0x9d/0x120
[<
ffffffff816b8cbc>] mutex_lock_nested+0x4c/0x390
[<
ffffffffa017233d>] e1000_watchdog+0x7d/0x5b0 [e1000]
[<
ffffffff8108b972>] process_one_work+0x1d2/0x510
[<
ffffffff8108ca80>] worker_thread+0x120/0x3a0
[<
ffffffff81092c1e>] kthread+0xee/0x110
[<
ffffffff816c3d7c>] ret_from_fork+0x7c/0xb0
-> #0 ((&(&adapter->watchdog_task)->work)){+.+...}:
[<
ffffffff810bd9c0>] __lock_acquire+0x1710/0x1810
[<
ffffffff810bdb5d>] lock_acquire+0x9d/0x120
[<
ffffffff8108a5eb>] flush_work+0x3b/0x70
[<
ffffffff8108b5d8>] __cancel_work_timer+0x98/0x140
[<
ffffffff8108b693>] cancel_delayed_work_sync+0x13/0x20
[<
ffffffffa0170cec>] e1000_down_and_stop+0x3c/0x60 [e1000]
[<
ffffffffa01775b1>] e1000_down+0x131/0x220 [e1000]
[<
ffffffffa0177c12>] e1000_reset_task+0x52/0xa0 [e1000]
[<
ffffffff8108b972>] process_one_work+0x1d2/0x510
[<
ffffffff8108ca80>] worker_thread+0x120/0x3a0
[<
ffffffff81092c1e>] kthread+0xee/0x110
[<
ffffffff816c3d7c>] ret_from_fork+0x7c/0xb0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&adapter->mutex);
lock((&(&adapter->watchdog_task)->work));
lock(&adapter->mutex);
lock((&(&adapter->watchdog_task)->work));
*** DEADLOCK ***
3 locks held by kworker/1:1/27:
#0: (events){.+.+.+}, at: [<
ffffffff8108b906>] process_one_work+0x166/0x510
#1: ((&adapter->reset_task)){+.+...}, at: [<
ffffffff8108b906>] process_one_work+0x166/0x510
#2: (&adapter->mutex){+.+...}, at: [<
ffffffffa0177c0a>] e1000_reset_task+0x4a/0xa0 [e1000]
stack backtrace:
CPU: 1 PID: 27 Comm: kworker/1:1 Tainted: GF 3.12.0+ #47
Hardware name: System manufacturer System Product Name/P5B-VM SE, BIOS 0501 05/31/2007
Workqueue: events e1000_reset_task [e1000]
ffffffff820f6000 ffff88007b9dba98 ffffffff816b54a2 0000000000000002
ffffffff820f5e50 ffff88007b9dbae8 ffffffff810ba936 ffff88007b9dbac8
ffff88007b9dbb48 ffff88007b9d8f00 ffff88007b9d8780 ffff88007b9d8f00
Call Trace:
[<
ffffffff816b54a2>] dump_stack+0x49/0x5f
[<
ffffffff810ba936>] print_circular_bug+0x216/0x310
[<
ffffffff810bd9c0>] __lock_acquire+0x1710/0x1810
[<
ffffffff8108a5b0>] ? __flush_work+0x250/0x250
[<
ffffffff810bdb5d>] lock_acquire+0x9d/0x120
[<
ffffffff8108a5b0>] ? __flush_work+0x250/0x250
[<
ffffffff8108a5eb>] flush_work+0x3b/0x70
[<
ffffffff8108a5b0>] ? __flush_work+0x250/0x250
[<
ffffffff8108b5d8>] __cancel_work_timer+0x98/0x140
[<
ffffffff8108b693>] cancel_delayed_work_sync+0x13/0x20
[<
ffffffffa0170cec>] e1000_down_and_stop+0x3c/0x60 [e1000]
[<
ffffffffa01775b1>] e1000_down+0x131/0x220 [e1000]
[<
ffffffffa0177c12>] e1000_reset_task+0x52/0xa0 [e1000]
[<
ffffffff8108b972>] process_one_work+0x1d2/0x510
[<
ffffffff8108b906>] ? process_one_work+0x166/0x510
[<
ffffffff8108ca80>] worker_thread+0x120/0x3a0
[<
ffffffff8108c960>] ? manage_workers+0x2c0/0x2c0
[<
ffffffff81092c1e>] kthread+0xee/0x110
[<
ffffffff81092b30>] ? __init_kthread_worker+0x70/0x70
[<
ffffffff816c3d7c>] ret_from_fork+0x7c/0xb0
[<
ffffffff81092b30>] ? __init_kthread_worker+0x70/0x70
== The issue background ==
The problem occurs, because e1000_down(), which is called under
adapter->mutex by e1000_reset_task(), tries to synchronously cancel
e1000 auxiliary works (reset_task, watchdog_task, phy_info_task,
fifo_stall_task), which take adapter->mutex in their handlers. So the
question is what does adapter->mutex protect there?
The adapter->mutex was introduced by commit 0ef4ee ("e1000: convert to
private mutex from rtnl") as a replacement for rtnl_lock() taken in the
asynchronous handlers. It targeted on fixing a similar lockdep warning
issued when e1000_down() was called under rtnl_lock(), and it fixed it,
but unfortunately it introduced the lockdep warning described above.
Anyway, that said the source of this bug is that the asynchronous works
were made to take rtnl_lock() some time ago, so let's look deeper and
find why it was added there.
The rtnl_lock() was added to asynchronous handlers by commit 338c15
("e1000: fix occasional panic on unload") in order to prevent
asynchronous handlers from execution after the module is unloaded
(e1000_down() is called) as it follows from the comment to the commit:
> Net drivers in general have an issue where timers fired
> by mod_timer or work threads with schedule_work are running
> outside of the rtnl_lock.
>
> With no other lock protection these routines are vulnerable
> to races with driver unload or reset paths.
>
> The longer term solution to this might be a redesign with
> safer locks being taken in the driver to guarantee no
> reentrance, but for now a safe and effective fix is
> to take the rtnl_lock in these routines.
I'm not sure if this locking scheme fixed the problem or just made it
unlikely, although I incline to the latter. Anyway, this was long time
ago when e1000 auxiliary works were implemented as timers scheduling
real work handlers in their routines. The e1000_down() function only
canceled the timers, but left the real handlers running if they were
running, which could result in work execution after module unload.
Today, the e1000 driver uses sane delayed works instead of the pair
timer+work to implement its delayed asynchronous handlers, and the
e1000_down() synchronously cancels all the works so that the problem
that commit 338c15 tried to cope with disappeared, and we don't need any
locks in the handlers any more. Moreover, any locking there can
potentially result in a deadlock.
So, this patch reverts commits 0ef4ee and 338c15.
Fixes: 0ef4eedc2e98 ("e1000: convert to private mutex from rtnl")
Fixes: 338c15e470d8 ("e1000: fix occasional panic on unload")
Cc: Tushar Dave <tushar.n.dave@intel.com>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
yzhu1 [Sat, 23 Nov 2013 07:07:40 +0000 (07:07 +0000)]
e1000: prevent oops when adapter is being closed and reset simultaneously
This change is based on a similar change made to e1000e support in
commit
bb9e44d0d0f4 ("e1000e: prevent oops when adapter is being closed
and reset simultaneously"). The same issue has also been observed
on the older e1000 cards.
Here, we have increased the RESET_COUNT value to 50 because there are too
many accesses to e1000 nic on stress tests to e1000 nic, it is not enough
to set RESET_COUT 25. Experimentation has shown that it is enough to set
RESET_COUNT 50.
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Akeem G Abodunrin [Fri, 8 Nov 2013 01:54:07 +0000 (01:54 +0000)]
igb: Fixed Wake On LAN support
This patch fixes Wake on LAN being reported as supported on some Ethernet
ports, in contrary to Hardware capability.
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Eric Dumazet [Thu, 28 Nov 2013 17:51:22 +0000 (09:51 -0800)]
inet: fix possible seqlock deadlocks
In commit
c9e9042994d3 ("ipv4: fix possible seqlock deadlock") I left
another places where IP_INC_STATS_BH() were improperly used.
udp_sendmsg(), ping_v4_sendmsg() and tcp_v4_connect() are called from
process context, not from softirq context.
This was detected by lockdep seqlock support.
Reported-by: jongman heo <jongman.heo@samsung.com>
Fixes: 584bdf8cbdf6 ("[IPV4]: Fix "ipOutNoRoutes" counter error for TCP and UDP")
Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jiri Pirko [Thu, 28 Nov 2013 17:01:38 +0000 (18:01 +0100)]
team: fix master carrier set when user linkup is enabled
When user linkup is enabled and user sets linkup of individual port,
we need to recompute linkup (carrier) of master interface so the change
is reflected. Fix this by calling __team_carrier_check() which does the
needed work.
Please apply to all stable kernels as well. Thanks.
Reported-by: Jan Tluka <jtluka@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Shawn Landden [Mon, 25 Nov 2013 06:36:28 +0000 (22:36 -0800)]
net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
Commit
35f9c09fe (tcp: tcp_sendpages() should call tcp_push() once)
added an internal flag MSG_SENDPAGE_NOTLAST, similar to
MSG_MORE.
algif_hash, algif_skcipher, and udp used MSG_MORE from tcp_sendpages()
and need to see the new flag as identical to MSG_MORE.
This fixes sendfile() on AF_ALG.
v3: also fix udp
Cc: Tom Herbert <therbert@google.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: <stable@vger.kernel.org> # 3.4.x + 3.2.x
Reported-and-tested-by: Shawn Landden <shawnlandden@gmail.com>
Original-patch: Richard Weinberger <richard@nod.at>
Signed-off-by: Shawn Landden <shawn@churchofgit.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Guenter Roeck [Thu, 28 Nov 2013 02:54:31 +0000 (18:54 -0800)]
sfc: Convert to use hwmon_device_register_with_groups
Simplify the code. Avoid race conditions caused by attributes
being created after hwmon device registration. Implicitly
(through hwmon API) add mandatory 'name' sysfs attribute.
Reviewed-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Walleij [Thu, 28 Nov 2013 13:33:52 +0000 (14:33 +0100)]
net: smc91: fix crash regression on the versatile
After commit
e9e4ea74f06635f2ffc1dffe5ef40c854faa0a90
"net: smc91x: dont't use SMC_outw for fixing up halfword-aligned data"
The Versatile SMSC LAN91C111 is crashing like this:
------------[ cut here ]------------
kernel BUG at /home/linus/linux/drivers/net/ethernet/smsc/smc91x.c:599!
Internal error: Oops - BUG: 0 [#1] ARM
Modules linked in:
CPU: 0 PID: 43 Comm: udhcpc Not tainted 3.13.0-rc1+ #24
task:
c6ccfaa0 ti:
c6cd0000 task.ti:
c6cd0000
PC is at smc_hardware_send_pkt+0x198/0x22c
LR is at smc_hardware_send_pkt+0x24/0x22c
pc : [<
c01be324>] lr : [<
c01be1b0>] psr:
20000013
sp :
c6cd1d08 ip :
00000001 fp :
00000000
r10:
c02adb08 r9 :
00000000 r8 :
c6ced802
r7 :
c786fba0 r6 :
00000146 r5 :
c8800000 r4 :
c78d6000
r3 :
0000000f r2 :
00000146 r1 :
00000000 r0 :
00000031
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control:
0005317f Table:
06cf4000 DAC:
00000015
Process udhcpc (pid: 43, stack limit = 0xc6cd01c0)
Stack: (0xc6cd1d08 to 0xc6cd2000)
1d00:
00000010 c8800000 c78d6000 c786fba0 c78d6000 c01be868
1d20:
c01be7a4 00004000 00000000 c786fba0 c6c12b80 c0208554 000004d0 c780fc60
1d40:
00000220 c01fb734 00000000 00000000 00000000 c6c9a440 c6c12b80 c78d6000
1d60:
c786fba0 c6c9a440 00000000 c021d1d8 00000000 00000000 c6c12b80 c78d6000
1d80:
c786fba0 00000001 c6c9a440 c02087f8 c6c9a4a0 00080008 00000000 00000000
1da0:
c78d6000 c786fba0 c78d6000 00000138 00000000 00000000 00000000 00000000
1dc0:
00000000 c027ba74 00000138 00000138 00000001 00000010 c6cedc00 00000000
1de0:
00000008 c7404400 c6cd1eec c6cd1f14 c067a73c c065c0b8 00000000 c067a740
1e00:
01ffffff 002040d0 00000000 00000000 00000000 00000000 00000000 ffffffff
1e20:
43004400 00110022 c6cdef20 c027ae8c c6ccfaa0 be82d65c 00000014 be82d3cc
1e40:
00000000 00000000 00000000 c01f2870 00000000 00000000 00000000 c6cd1e88
1e60:
c6ccfaa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1e80:
00000000 00000000 00000031 c7802310 c7802300 00000138 c7404400 c0771da0
1ea0:
00000000 c6cd1eec c7800340 00000138 be82d65c 00000014 be82d3cc c6cd1f08
1ec0:
00000014 00000000 c7404400 c7404400 00000138 c01f4628 c78d6000 00000000
1ee0:
00000000 be82d3cc 00000138 c6cd1f08 00000014 c6cd1ee4 00000001 00000000
1f00:
00000000 00000000 00080011 00000002 06000000 ffffffff 0000ffff 00000002
1f20:
06000000 ffffffff 0000ffff c00928c8 c065c520 c6cd1f58 00000003 c009299c
1f40:
00000003 c065c520 c7404400 00000000 c7404400 c01f2218 c78106b0 c7441cb0
1f60:
00000000 00000006 c06799fc 00000000 00000000 00000006 00000000 c01f3ee0
1f80:
00000000 00000000 be82d678 be82d65c 00000014 00000001 00000122 c00139c8
1fa0:
c6cd0000 c0013840 be82d65c 00000014 00000006 be82d3cc 00000138 00000000
1fc0:
be82d65c 00000014 00000001 00000122 00000000 00000000 00018cb1 00000000
1fe0:
00003801 be82d3a8 0003a0c7 b6e9af08 60000010 00000006 00000000 00000000
[<
c01be324>] (smc_hardware_send_pkt+0x198/0x22c) from [<
c01be868>] (smc_hard_start_xmit+0xc4/0x1e8)
[<
c01be868>] (smc_hard_start_xmit+0xc4/0x1e8) from [<
c0208554>] (dev_hard_start_xmit+0x460/0x4cc)
[<
c0208554>] (dev_hard_start_xmit+0x460/0x4cc) from [<
c021d1d8>] (sch_direct_xmit+0x94/0x18c)
[<
c021d1d8>] (sch_direct_xmit+0x94/0x18c) from [<
c02087f8>] (dev_queue_xmit+0x238/0x42c)
[<
c02087f8>] (dev_queue_xmit+0x238/0x42c) from [<
c027ba74>] (packet_sendmsg+0xbe8/0xd28)
[<
c027ba74>] (packet_sendmsg+0xbe8/0xd28) from [<
c01f2870>] (sock_sendmsg+0x84/0xa8)
[<
c01f2870>] (sock_sendmsg+0x84/0xa8) from [<
c01f4628>] (SyS_sendto+0xb8/0xdc)
[<
c01f4628>] (SyS_sendto+0xb8/0xdc) from [<
c0013840>] (ret_fast_syscall+0x0/0x2c)
Code:
e3130002 1a000001 e3130001 0affffcd (
e7f001f2)
---[ end trace
81104fe70e8da7fe ]---
Kernel panic - not syncing: Fatal exception in interrupt
This is because the macro operations in smc91x.h defined
for Versatile are missing SMC_outsw() as used in this
commit.
The Versatile needs and uses the same accessors as the other
platforms in the first if(...) clause, just switch it to using
that and we have one problem less to worry about.
This includes a hunk of a patch from Will Deacon fixin
the other 32bit platforms as well: Innokom, Ramses, PXA,
PCM027.
Checkpatch complains about spacing, but I have opted to
follow the style of this .h-file.
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Nicolas Pitre <nico@fluxnic.net>
Cc: Eric Miao <eric.y.miao@gmail.com>
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 29 Nov 2013 21:23:14 +0000 (16:23 -0500)]
Revert "net: smc91: fix crash regression on the versatile"
This reverts commit
b268daffdcb9762ad9aa3898096570a9dd92aa9b.
I applied the wrong version of this patch, the proper version
is coming up next.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Walleij [Wed, 27 Nov 2013 12:33:21 +0000 (13:33 +0100)]
net: smc91: fix crash regression on the versatile
After commit
e9e4ea74f06635f2ffc1dffe5ef40c854faa0a90
"net: smc91x: dont't use SMC_outw for fixing up halfword-aligned data"
The Versatile SMSC LAN91C111 is crashing like this:
------------[ cut here ]------------
kernel BUG at /home/linus/linux/drivers/net/ethernet/smsc/smc91x.c:599!
Internal error: Oops - BUG: 0 [#1] ARM
Modules linked in:
CPU: 0 PID: 43 Comm: udhcpc Not tainted 3.13.0-rc1+ #24
task:
c6ccfaa0 ti:
c6cd0000 task.ti:
c6cd0000
PC is at smc_hardware_send_pkt+0x198/0x22c
LR is at smc_hardware_send_pkt+0x24/0x22c
pc : [<
c01be324>] lr : [<
c01be1b0>] psr:
20000013
sp :
c6cd1d08 ip :
00000001 fp :
00000000
r10:
c02adb08 r9 :
00000000 r8 :
c6ced802
r7 :
c786fba0 r6 :
00000146 r5 :
c8800000 r4 :
c78d6000
r3 :
0000000f r2 :
00000146 r1 :
00000000 r0 :
00000031
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control:
0005317f Table:
06cf4000 DAC:
00000015
Process udhcpc (pid: 43, stack limit = 0xc6cd01c0)
Stack: (0xc6cd1d08 to 0xc6cd2000)
1d00:
00000010 c8800000 c78d6000 c786fba0 c78d6000 c01be868
1d20:
c01be7a4 00004000 00000000 c786fba0 c6c12b80 c0208554 000004d0 c780fc60
1d40:
00000220 c01fb734 00000000 00000000 00000000 c6c9a440 c6c12b80 c78d6000
1d60:
c786fba0 c6c9a440 00000000 c021d1d8 00000000 00000000 c6c12b80 c78d6000
1d80:
c786fba0 00000001 c6c9a440 c02087f8 c6c9a4a0 00080008 00000000 00000000
1da0:
c78d6000 c786fba0 c78d6000 00000138 00000000 00000000 00000000 00000000
1dc0:
00000000 c027ba74 00000138 00000138 00000001 00000010 c6cedc00 00000000
1de0:
00000008 c7404400 c6cd1eec c6cd1f14 c067a73c c065c0b8 00000000 c067a740
1e00:
01ffffff 002040d0 00000000 00000000 00000000 00000000 00000000 ffffffff
1e20:
43004400 00110022 c6cdef20 c027ae8c c6ccfaa0 be82d65c 00000014 be82d3cc
1e40:
00000000 00000000 00000000 c01f2870 00000000 00000000 00000000 c6cd1e88
1e60:
c6ccfaa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1e80:
00000000 00000000 00000031 c7802310 c7802300 00000138 c7404400 c0771da0
1ea0:
00000000 c6cd1eec c7800340 00000138 be82d65c 00000014 be82d3cc c6cd1f08
1ec0:
00000014 00000000 c7404400 c7404400 00000138 c01f4628 c78d6000 00000000
1ee0:
00000000 be82d3cc 00000138 c6cd1f08 00000014 c6cd1ee4 00000001 00000000
1f00:
00000000 00000000 00080011 00000002 06000000 ffffffff 0000ffff 00000002
1f20:
06000000 ffffffff 0000ffff c00928c8 c065c520 c6cd1f58 00000003 c009299c
1f40:
00000003 c065c520 c7404400 00000000 c7404400 c01f2218 c78106b0 c7441cb0
1f60:
00000000 00000006 c06799fc 00000000 00000000 00000006 00000000 c01f3ee0
1f80:
00000000 00000000 be82d678 be82d65c 00000014 00000001 00000122 c00139c8
1fa0:
c6cd0000 c0013840 be82d65c 00000014 00000006 be82d3cc 00000138 00000000
1fc0:
be82d65c 00000014 00000001 00000122 00000000 00000000 00018cb1 00000000
1fe0:
00003801 be82d3a8 0003a0c7 b6e9af08 60000010 00000006 00000000 00000000
[<
c01be324>] (smc_hardware_send_pkt+0x198/0x22c) from [<
c01be868>] (smc_hard_start_xmit+0xc4/0x1e8)
[<
c01be868>] (smc_hard_start_xmit+0xc4/0x1e8) from [<
c0208554>] (dev_hard_start_xmit+0x460/0x4cc)
[<
c0208554>] (dev_hard_start_xmit+0x460/0x4cc) from [<
c021d1d8>] (sch_direct_xmit+0x94/0x18c)
[<
c021d1d8>] (sch_direct_xmit+0x94/0x18c) from [<
c02087f8>] (dev_queue_xmit+0x238/0x42c)
[<
c02087f8>] (dev_queue_xmit+0x238/0x42c) from [<
c027ba74>] (packet_sendmsg+0xbe8/0xd28)
[<
c027ba74>] (packet_sendmsg+0xbe8/0xd28) from [<
c01f2870>] (sock_sendmsg+0x84/0xa8)
[<
c01f2870>] (sock_sendmsg+0x84/0xa8) from [<
c01f4628>] (SyS_sendto+0xb8/0xdc)
[<
c01f4628>] (SyS_sendto+0xb8/0xdc) from [<
c0013840>] (ret_fast_syscall+0x0/0x2c)
Code:
e3130002 1a000001 e3130001 0affffcd (
e7f001f2)
---[ end trace
81104fe70e8da7fe ]---
Kernel panic - not syncing: Fatal exception in interrupt
This is because the macro operations in smc91x.h defined
for Versatile are missing SMC_outsw() as used in this
commit.
The Versatile needs and uses the same accessors as the other
platforms in the first if(...) clause, just switch it to using
that and we have one problem less to worry about.
Checkpatch complains about spacing, but I have opted to
follow the style of this .h-file.
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Nicolas Pitre <nico@fluxnic.net>
Cc: Eric Miao <eric.y.miao@gmail.com>
Cc: Jonathan Cameron <jic23@cam.ac.uk>
Cc: Will Deacon <will.deacon@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yang Yingliang [Wed, 27 Nov 2013 06:32:52 +0000 (14:32 +0800)]
net: 8139cp: fix a BUG_ON triggered by wrong bytes_compl
Using iperf to send packets(GSO mode is on), a bug is triggered:
[ 212.672781] kernel BUG at lib/dynamic_queue_limits.c:26!
[ 212.673396] invalid opcode: 0000 [#1] SMP
[ 212.673882] Modules linked in: 8139cp(O) nls_utf8 edd fuse loop dm_mod ipv6 i2c_piix4 8139too i2c_core intel_agp joydev pcspkr hid_generic intel_gtt floppy sr_mod mii button sg cdrom ext3 jbd mbcache usbhid hid uhci_hcd ehci_hcd usbcore sd_mod usb_common crc_t10dif crct10dif_common processor thermal_sys hwmon scsi_dh_emc scsi_dh_rdac scsi_dh_hp_sw scsi_dh ata_generic ata_piix libata scsi_mod [last unloaded: 8139cp]
[ 212.676084] CPU: 0 PID: 4124 Comm: iperf Tainted: G O 3.12.0-0.7-default+ #16
[ 212.676084] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 212.676084] task:
ffff8800d83966c0 ti:
ffff8800db4c8000 task.ti:
ffff8800db4c8000
[ 212.676084] RIP: 0010:[<
ffffffff8122e23f>] [<
ffffffff8122e23f>] dql_completed+0x17f/0x190
[ 212.676084] RSP: 0018:
ffff880116e03e30 EFLAGS:
00010083
[ 212.676084] RAX:
00000000000005ea RBX:
0000000000000f7c RCX:
0000000000000002
[ 212.676084] RDX:
ffff880111dd0dc0 RSI:
0000000000000bd4 RDI:
ffff8800db6ffcc0
[ 212.676084] RBP:
ffff880116e03e48 R08:
0000000000000992 R09:
0000000000000000
[ 212.676084] R10:
ffffffff8181e400 R11:
0000000000000004 R12:
000000000000000f
[ 212.676084] R13:
ffff8800d94ec840 R14:
ffff8800db440c80 R15:
000000000000000e
[ 212.676084] FS:
00007f6685a3c700(0000) GS:
ffff880116e00000(0000) knlGS:
0000000000000000
[ 212.676084] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 212.676084] CR2:
00007f6685ad6460 CR3:
00000000db714000 CR4:
00000000000006f0
[ 212.676084] Stack:
[ 212.676084]
ffff8800db6ffc00 000000000000000f ffff8800d94ec840 ffff880116e03eb8
[ 212.676084]
ffffffffa041509f ffff880116e03e88 0000000f16e03e88 ffff8800d94ec000
[ 212.676084]
00000bd400059858 000000050000000f ffffffff81094c36 ffff880116e03eb8
[ 212.676084] Call Trace:
[ 212.676084] <IRQ>
[ 212.676084] [<
ffffffffa041509f>] cp_interrupt+0x4ef/0x590 [8139cp]
[ 212.676084] [<
ffffffff81094c36>] ? ktime_get+0x56/0xd0
[ 212.676084] [<
ffffffff8108cf73>] handle_irq_event_percpu+0x53/0x170
[ 212.676084] [<
ffffffff8108d0cc>] handle_irq_event+0x3c/0x60
[ 212.676084] [<
ffffffff8108fdb5>] handle_fasteoi_irq+0x55/0xf0
[ 212.676084] [<
ffffffff810045df>] handle_irq+0x1f/0x30
[ 212.676084] [<
ffffffff81003c8b>] do_IRQ+0x5b/0xe0
[ 212.676084] [<
ffffffff8142beaa>] common_interrupt+0x6a/0x6a
[ 212.676084] <EOI>
[ 212.676084] [<
ffffffffa0416a21>] ? cp_start_xmit+0x621/0x97c [8139cp]
[ 212.676084] [<
ffffffffa0416a09>] ? cp_start_xmit+0x609/0x97c [8139cp]
[ 212.676084] [<
ffffffff81378ed9>] dev_hard_start_xmit+0x2c9/0x550
[ 212.676084] [<
ffffffff813960a9>] sch_direct_xmit+0x179/0x1d0
[ 212.676084] [<
ffffffff813793f3>] dev_queue_xmit+0x293/0x440
[ 212.676084] [<
ffffffff813b0e46>] ip_finish_output+0x236/0x450
[ 212.676084] [<
ffffffff810e59e7>] ? __alloc_pages_nodemask+0x187/0xb10
[ 212.676084] [<
ffffffff813b10e8>] ip_output+0x88/0x90
[ 212.676084] [<
ffffffff813afa64>] ip_local_out+0x24/0x30
[ 212.676084] [<
ffffffff813aff0d>] ip_queue_xmit+0x14d/0x3e0
[ 212.676084] [<
ffffffff813c6fd1>] tcp_transmit_skb+0x501/0x840
[ 212.676084] [<
ffffffff813c8323>] tcp_write_xmit+0x1e3/0xb20
[ 212.676084] [<
ffffffff81363237>] ? skb_page_frag_refill+0x87/0xd0
[ 212.676084] [<
ffffffff813c8c8b>] tcp_push_one+0x2b/0x40
[ 212.676084] [<
ffffffff813bb7e6>] tcp_sendmsg+0x926/0xc90
[ 212.676084] [<
ffffffff813e1d21>] inet_sendmsg+0x61/0xc0
[ 212.676084] [<
ffffffff8135e861>] sock_aio_write+0x101/0x120
[ 212.676084] [<
ffffffff81107cf1>] ? vma_adjust+0x2e1/0x5d0
[ 212.676084] [<
ffffffff812163e0>] ? timerqueue_add+0x60/0xb0
[ 212.676084] [<
ffffffff81130b60>] do_sync_write+0x60/0x90
[ 212.676084] [<
ffffffff81130d44>] ? rw_verify_area+0x54/0xf0
[ 212.676084] [<
ffffffff81130f66>] vfs_write+0x186/0x190
[ 212.676084] [<
ffffffff811317fd>] SyS_write+0x5d/0xa0
[ 212.676084] [<
ffffffff814321e2>] system_call_fastpath+0x16/0x1b
[ 212.676084] Code: ca 41 89 dc 41 29 cc 45 31 db 29 c2 41 89 c5 89 d0 45 29 c5 f7 d0 c1 e8 1f e9 43 ff ff ff 66 0f 1f 44 00 00 31 c0 e9 7b ff ff ff <0f> 0b eb fe 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 c7 47 40 00
[ 212.676084] RIP [<
ffffffff8122e23f>] dql_completed+0x17f/0x190
------------[ cut here ]------------
When a skb has frags, bytes_compl plus skb->len nr_frags times in cp_tx().
It's not the correct value(actually, it should plus skb->len once) and it
will trigger the BUG_ON(bytes_compl > num_queued - dql->num_completed).
So only increase bytes_compl when finish sending all frags. pkts_compl also
has a wrong value, fix it too.
It's introduced by commit
871f0d4c ("8139cp: enable bql").
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Chang [Wed, 27 Nov 2013 07:48:36 +0000 (15:48 +0800)]
r8169: check ALDPS bit and disable it if enabled for the 8168g
Windows driver will enable ALDPS function, but linux driver and firmware
do not have any configuration related to ALDPS function for 8168g.
So restart system to linux and remove the NIC cable, LAN enter ALDPS,
then LAN RX will be disabled.
This issue can be easily reproduced on dual boot windows and linux
system with RTL_GIGA_MAC_VER_40 chip.
Realtek said, ALDPS function can be disabled by configuring to PHY,
switch to page 0x0A43, reg0x10 bit2=0.
Signed-off-by: David Chang <dchang@suse.com>
Acked-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Wed, 27 Nov 2013 12:40:21 +0000 (15:40 +0300)]
net: clamp ->msg_namelen instead of returning an error
If kmsg->msg_namelen > sizeof(struct sockaddr_storage) then in the
original code that would lead to memory corruption in the kernel if you
had audit configured. If you didn't have audit configured it was
harmless.
There are some programs such as beta versions of Ruby which use too
large of a buffer and returning an error code breaks them. We should
clamp the ->msg_namelen value instead.
Fixes: 1661bf364ae9 ("net: heap overflow in __audit_sockaddr()")
Reported-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Tested-by: Eric Wong <normalperson@yhbt.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Veaceslav Falico [Fri, 29 Nov 2013 08:53:23 +0000 (09:53 +0100)]
af_packet: block BH in prb_shutdown_retire_blk_timer()
Currently we're using plain spin_lock() in prb_shutdown_retire_blk_timer(),
however the timer might fire right in the middle and thus try to re-aquire
the same spinlock, leaving us in a endless loop.
To fix that, use the spin_lock_bh() to block it.
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
CC: "David S. Miller" <davem@davemloft.net>
CC: Daniel Borkmann <dborkman@redhat.com>
CC: Willem de Bruijn <willemb@google.com>
CC: Phil Sutter <phil@nwl.cc>
CC: Eric Dumazet <edumazet@google.com>
Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 26 Nov 2013 17:37:12 +0000 (12:37 -0500)]
macvtap: Do not double-count received packets
Currently macvlan will count received packets after calling each
vlans receive handler. Macvtap attempts to count the packet
yet again when the user reads the packet from the tap socket.
This code doesn't do this consistently either. Remove the
counting from macvtap and let only macvlan count received
packets.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ivan Vecera [Wed, 27 Nov 2013 07:59:32 +0000 (08:59 +0100)]
be2net: call napi_disable() for all event queues
The recent be2net commit
6384a4d (adds a support for busy polling)
introduces a regression that results in kernel crash. It incorrectly
modified be_close() so napi_disable() is called only for the first queue.
This breaks a correct pairing of napi_enable/_disable for the rest
of event queues and causes a crash in subsequent be_open() call.
v2: Applied suggestions from Sathya
Fixes: 6384a4d ("be2net: add support for ndo_busy_poll")
Cc: Sathya Perla <sathya.perla@emulex.com>
Cc: Subbu Seetharaman <subbu.seetharaman@emulex.com>
Cc: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 28 Nov 2013 23:53:36 +0000 (18:53 -0500)]
Revert "be2net: call napi_disable() for all event queues"
This reverts commit
55485e7b417b640870b14eceec4cfbcb2b3e7a92.
I applied the wrong version of this patch, the right one is coming up
next.
Signed-off-by: David S. Miller <davem@davemloft.net>
Ivan Vecera [Tue, 26 Nov 2013 16:54:41 +0000 (17:54 +0100)]
be2net: call napi_disable() for all event queues
The recent be2net commit
6384a4d (adds a support for busy polling)
introduces a regression that results in kernel crash. It incorrectly
modified be_close() so napi_disable() is called only for the first queue.
This breaks a correct pairing of napi_enable/_disable for the rest
of event queues and causes a crash in subsequent be_open() call.
Cc: Sathya Perla <sathya.perla@emulex.com>
Cc: Subbu Seetharaman <subbu.seetharaman@emulex.com>
Cc: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Baker Zhang [Tue, 26 Nov 2013 01:29:15 +0000 (09:29 +0800)]
net: remove outdated comment for ipv4 and ipv6 protocol handler
since
f9242b6b28d61295f2bf7e8adfb1060b382e5381
inet: Sanitize inet{,6} protocol demux.
there are not pretended hash tables for ipv4 or
ipv6 protocol handler.
Signed-off-by: Baker Zhang <Baker.kernel@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
françois romieu [Mon, 25 Nov 2013 23:40:58 +0000 (00:40 +0100)]
via-velocity: fix netif_receive_skb use in irq disabled section.
2fdac010bdcf10a30711b6924612dfc40daf19b8 ("via-velocity.c: update napi
implementation") overlooked an irq disabling spinlock when the Rx part
of the NAPI poll handler was converted from netif_rx to netif_receive_skb.
NAPI Rx processing can be taken out of the locked section with a pair of
napi_{disable / enable} since it only races with the MTU change function.
An heavier rework of the NAPI locking would be able to perform NAPI Tx
before Rx where I simply removed one of velocity_tx_srv calls.
References: https://bugzilla.redhat.com/show_bug.cgi?id=
1022733
Fixes: 2fdac010bdcf (via-velocity.c: update napi implementation)
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Alex A. Schmidt <aaschmidt1@gmail.com>
Cc: Jamie Heilman <jamie@audible.transient.net>
Cc: Michele Baldessari <michele@acksyn.org>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 28 Nov 2013 23:40:10 +0000 (18:40 -0500)]
Merge branch 'fixes-for-3.13-
20131127' of git://gitorious.org/linux-can/linux-can
Marc Kleine-Budde says:
====================
here's a pull request for v3.13, i.e. net/master. It consists of a patch by
Oliver Hartkopp which fixes some corner cases in the interrupt handler of the
sja1000 driver. Then there are two patches for the c_can dirver. One by me,
which fixes a runtime pm related "scheduling while atomic" error and patch by
Holger Bechtold that fixes the calculation of the transmitted bytes.
The fourth patch is by me, it corrects the clock usage in the flexcan
driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Andy Whitcroft [Mon, 25 Nov 2013 16:52:34 +0000 (16:52 +0000)]
xen-netback: include definition of csum_ipv6_magic
We are now using csum_ipv6_magic, include the appropriate header.
Avoids the following error:
drivers/net/xen-netback/netback.c:1313:4: error: implicit declaration of function 'csum_ipv6_magic' [-Werror=implicit-function-declaration]
tcph->check = ~csum_ipv6_magic(&ipv6h->saddr,
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gao feng [Mon, 25 Nov 2013 09:21:24 +0000 (17:21 +0800)]
sit: use kfree_skb to replace dev_kfree_skb
In failure case, we should use kfree_skb not
dev_kfree_skb to free skbuff, dev_kfree_skb
is defined as consume_skb.
Trace takes advantage of this point.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Mon, 25 Nov 2013 09:19:04 +0000 (17:19 +0800)]
macvtap: fix tx_dropped counting error
After commit
8ffab51b3dfc54876f145f15b351c41f3f703195
(macvlan: lockless tx path), tx stat counter were converted to percpu stat
structure. So we need use to this also for tx_dropped in macvtap. Otherwise, the
management won't notice the dropping packet in macvtap tx path.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Vlad Yasevich <vyasevic@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Shaohui Xie [Mon, 25 Nov 2013 04:40:49 +0000 (12:40 +0800)]
phy: Add Vitesse 8514 phy ID
Phy is compatible with Vitesse 82xx
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Xufeng Zhang [Mon, 25 Nov 2013 03:26:57 +0000 (11:26 +0800)]
sctp: Restore 'resent' bit to avoid retransmitted chunks for RTT measurements
Currently retransmitted DATA chunks could also be used for
RTT measurements since there are no flag to identify whether
the transmitted DATA chunk is a new one or a retransmitted one.
This problem is introduced by commit
ae19c5486 ("sctp: remove
'resent' bit from the chunk") which inappropriately removed the
'resent' bit completely, instead of doing this, we should set
the resent bit only for the retransmitted DATA chunks.
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Sun, 24 Nov 2013 20:09:26 +0000 (21:09 +0100)]
genetlink/pmcraid: use proper genetlink multicast API
The pmcraid driver is abusing the genetlink API and is using its
family ID as the multicast group ID, which is invalid and may
belong to somebody else (and likely will.)
Make it use the correct API, but since this may already be used
as-is by userspace, reserve a family ID for this code and also
reserve that group ID to not break userspace assumptions.
My previous patch broke event delivery in the driver as I missed
that it wasn't using the right API and forgot to update it later
in my series.
While changing this, I noticed that the genetlink code could use
the static group ID instead of a strcmp(), so also do that for
the VFS_DQUOT family.
Cc: Anil Ravindranath <anil_ravindranath@pmc-sierra.com>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Geert Uytterhoeven [Sat, 23 Nov 2013 12:01:50 +0000 (13:01 +0100)]
genetlink: Fix uninitialized variable in genl_validate_assign_mc_groups()
net/netlink/genetlink.c: In function ‘genl_validate_assign_mc_groups’:
net/netlink/genetlink.c:217: warning: ‘err’ may be used uninitialized in this
function
Commit
2a94fe48f32ccf7321450a2cc07f2b724a444e5b ("genetlink: make multicast
groups const, prevent abuse") split genl_register_mc_group() in multiple
functions, but dropped the initialization of err.
Initialize err to zero to fix this.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Guenter Roeck [Sat, 23 Nov 2013 06:07:57 +0000 (22:07 -0800)]
tg3: Convert to use hwmon_device_register_with_groups
Use new hwmon API to simplify code, provide missing mandatory 'name'
sysfs attribute, and attach hwmon attributes to hwmon device instead
of pci device.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dingtianhong [Fri, 22 Nov 2013 14:28:43 +0000 (22:28 +0800)]
bonding: disable arp and enable mii monitoring when bond change to no uses arp mode
Because the ARP monitoring is not support for 802.3ad, but I still
could change the mode to 802.3ad from ab mode while ARP monitoring
is running, it is incorrect.
So add a check for 802.3ad in bonding_store_mode to fix the problem,
and make a new macro BOND_NO_USES_ARP() to simplify the code.
v2: according to the Dan Williams's suggestion, bond mode is the most
important bond option, it should override any of the other sub-options.
So when the mode is changed, the conficting values should be cleared
or reset, otherwise the user has to duplicate more operations to modify
the logic. I disable the arp and enable mii monitoring when the bond mode
is changed to AB, TB and 8023AD if the arp interval is true.
v3: according to the Nik's suggestion, the default value of miimon should need
a name, there is several place to use it, and the bond_store_arp_interval()
could use micro BOND_NO_USES_ARP to make the code more simpify.
Suggested-by: Dan Williams <dcbw@redhat.com>
Suggested-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Thu, 28 Nov 2013 17:31:05 +0000 (18:31 +0100)]
diag: warn about missing first netlink attribute
The first netlink attribute (value 0) must always be defined as none/unspec.
This is correctly done in inet_diag.h, but other diag interfaces are wrong.
Because we cannot change an existing API, I add a comment to point the mistake
and avoid to propagate it in a new diag API in the future.
CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Marc Kleine-Budde [Mon, 25 Nov 2013 21:15:20 +0000 (22:15 +0100)]
can: flexcan: use correct clock as base for bit rate calculation
The flexcan IP core uses the peripheral clock ("per") as basic clock for the
bit timing calculation. However the driver uses the the wrong clock ("ipg").
This leads to wrong bit rates if the rates on both clock are different.
This patch fixes the problem by using the correct clock for the bit rate
calculation.
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Holger Bechtold [Mon, 25 Nov 2013 14:48:19 +0000 (15:48 +0100)]
can: c_can: fix calculation of transmitted bytes on tx complete
The number of bytes transmitted was not updated correctly, if several CAN
messages (with different length) were transmitted in one 'bunch'. Thus
programs like 'ifconfig' showed wrong transmit byte counts. Reason was, that
the message object whose DLC is to be read was not necessarily the active one
at the time when
priv->read_reg(priv, C_CAN_IFACE(MSGCTRL_REG, 0)) & IF_MCONT_DLC_MASK;
was executed.
Signed-off-by: Holger Bechtold <Holger.Bechtold@gmx.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Marc Kleine-Budde [Sun, 24 Nov 2013 22:31:24 +0000 (23:31 +0100)]
can: c_can: don't call pm_runtime_get_sync() from interrupt context
The c_can driver contians a callpath (c_can_poll -> c_can_state_change ->
c_can_get_berr_counter) which may call pm_runtime_get_sync() from the IRQ
handler, which is not allowed and results in "BUG: scheduling while atomic".
This problem is fixed by introducing __c_can_get_berr_counter, which will not
call pm_runtime_get_sync().
Reported-by: Andrew Glen <AGlen@bepmarine.com>
Tested-by: Andrew Glen <AGlen@bepmarine.com>
Signed-off-by: Andrew Glen <AGlen@bepmarine.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oliver Hartkopp [Thu, 21 Nov 2013 17:03:07 +0000 (18:03 +0100)]
can: sja1000: fix {pre,post}_irq() handling and IRQ handler return value
This patch fixes the issue that the sja1000_interrupt() function may have
returned IRQ_NONE without processing the optional pre_irq() and post_irq()
function before. Further the irq processing counter 'n' is moved to the end of
the while statement to return correct IRQ_[NONE|HANDLED] values at error
conditions.
Reported-by: Wolfgang Grandegger <wg@grandegger.com>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Ajit Khaparde [Fri, 22 Nov 2013 18:51:28 +0000 (12:51 -0600)]
be2net: Avoid programming permenant MAC by BE3-R VFs
On BE3-R, the PF programs the initial MAC address for its VFs. Doing it again
in VF probe, causes a FW error which although harmless generates
an unnecessary error log message.
Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ajit Khaparde [Fri, 22 Nov 2013 18:51:20 +0000 (12:51 -0600)]
be2net: set coalesce-wm in CQ_CREATE_V2 cmd
It is not being set currently. (This field is not applicable for Lancer)
Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com>
Signed-off-by: Sathya Perla <sathya.perla@emulex.com>
Signed-off-by: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ajit Khaparde [Fri, 22 Nov 2013 18:51:09 +0000 (12:51 -0600)]
be2net: Disabling and enabling interrupts in suspend and resume
Interrupts need to be enabled in be_resume, when adapter boots back up from D3cold.
disabling interrupts in be_suspend() just to be symmetric to be_resume().
Signed-off-by: Ravikumar Nelavelli <ravikumar.nelavelli@emulex.com>
Signed-off-by: Ajit Khaparde <ajit.khaparde@emulex.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sat, 23 Nov 2013 20:59:20 +0000 (12:59 -0800)]
sch_tbf: handle too small burst
If a too small burst is inadvertently set on TBF, we might trigger
a bug in tbf_segment(), as 'skb' instead of 'segs' was used in a
qdisc_reshape_fail() call.
tc qdisc add dev eth0 root handle 1: tbf latency 50ms burst 1KB rate
50mbit
Fix the bug, and add a warning, as such configuration is not
going to work anyway for non GSO packets.
(For some reason, one has to use a burst >= 1520 to get a working
configuration, even with old kernels. This is a probable iproute2/tc
bug)
Based on a report and initial patch from Yang Yingliang
Fixes: e43ac79a4bc6 ("sch_tbf: segment too big GSO packets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Sat, 23 Nov 2013 06:22:33 +0000 (07:22 +0100)]
ipv6: fix leaking uninitialized port number of offender sockaddr
Offenders don't have port numbers, so set it to 0.
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Fri, 22 Nov 2013 23:46:12 +0000 (00:46 +0100)]
inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
Commit
bceaa90240b6019ed73b49965eac7d167610be69 ("inet: prevent leakage
of uninitialized memory to user in recv syscalls") conditionally updated
addr_len if the msg_name is written to. The recv_error and rxpmtu
functions relied on the recvmsg functions to set up addr_len before.
As this does not happen any more we have to pass addr_len to those
functions as well and set it to the size of the corresponding sockaddr
length.
This broke traceroute and such.
Fixes: bceaa90240b6 ("inet: prevent leakage of uninitialized memory to user in recv syscalls")
Reported-by: Brad Spengler <spender@grsecurity.net>
Reported-by: Tom Labanowski
Cc: mpb <mpb.mail@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Oussama Ghorbel [Fri, 22 Nov 2013 15:23:20 +0000 (16:23 +0100)]
sit: generate icmpv6 error when receiving icmpv4 error
Send icmpv6 error with type "destination unreachable" and code
"address unreachable" when receiving icmpv4 error and sufficient
data bytes are available
This patch enhances the compliance of sit tunnel with section 3.4 of
rfc 4213
Signed-off-by: Oussama Ghorbel <ghorbel@pivasoftware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gao feng [Fri, 22 Nov 2013 06:48:40 +0000 (14:48 +0800)]
tcp_memcg: remove useless var old_lim
nobody needs it. remove.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Fri, 22 Nov 2013 02:32:11 +0000 (10:32 +0800)]
gro: Clean up tcpX_gro_receive checksum verification
This patch simplifies the checksum verification in tcpX_gro_receive
by reusing the CHECKSUM_COMPLETE code for CHECKSUM_NONE. All it
does for CHECKSUM_NONE is compute the partial checksum and then
treat it as if it came from the hardware (CHECKSUM_COMPLETE).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Fri, 22 Nov 2013 02:31:29 +0000 (10:31 +0800)]
gro: Only verify TCP checksums for candidates
In some cases we may receive IP packets that are longer than
their stated lengths. Such packets are never merged in GRO.
However, we may end up computing their checksums incorrectly
and end up allowing packets with a bogus checksum enter our
stack with the checksum status set as verified.
Since such packets are rare and not performance-critical, this
patch simply skips the checksum verification for them.
Reported-by: Alexander Duyck <alexander.h.duyck@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Alexander Duyck <alexander.h.duyck@intel.com>
Thanks,
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Chang Xiangzhong [Thu, 21 Nov 2013 21:56:28 +0000 (22:56 +0100)]
net: sctp: find the correct highest_new_tsn in sack
Function sctp_check_transmitted(transport t, ...) would iterate all of
transport->transmitted queue and looking for the highest __newly__ acked tsn.
The original algorithm would depend on the order of the assoc->transport_list
(in function sctp_outq_sack line 1215 - 1226). The result might not be the
expected due to the order of the tranport_list.
Solution: checking if the exising is smaller than the new one before assigning
Signed-off-by: Chang Xiangzhong <changxiangzhong@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 21 Nov 2013 19:10:04 +0000 (11:10 -0800)]
gso: handle new frag_list of frags GRO packets
Recently GRO started generating packets with frag_lists of frags.
This was not handled by GSO, thus leading to a crash.
Thankfully these packets are of a regular form and are easy to
handle. This patch handles them in two ways. For completely
non-linear frag_list entries, we simply continue to iterate over
the frag_list frags once we exhaust the normal frags. For frag_list
entries with linear parts, we call pskb_trim on the first part
of the frag_list skb, and then process the rest of the frags in
the usual way.
This patch also kills a chunk of dead frag_list code that has
obviously never ever been run since it ends up generating a bogus
GSO-segmented packet with a frag_list entry.
Future work is planned to split super big packets into TSO
ones.
Fixes: 8a29111c7ca6 ("net: gro: allow to build full sized skb")
Reported-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Reported-by: Jerry Chu <hkchu@google.com>
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Tested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Thu, 21 Nov 2013 17:20:28 +0000 (18:20 +0100)]
genetlink: fix genl_set_err() group ID
Fix another really stupid bug - I introduced genl_set_err()
precisely to be able to adjust the group and reject invalid
ones, but then forgot to do so.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Thu, 21 Nov 2013 17:17:04 +0000 (18:17 +0100)]
genetlink: fix genlmsg_multicast() bug
Unfortunately, I introduced a tremendously stupid bug into
genlmsg_multicast() when doing all those multicast group
changes: it adjusts the group number, but then passes it
to genlmsg_multicast_netns() which does that again.
Somehow, my tests failed to catch this, so add a warning
into genlmsg_multicast_netns() and remove the offending
group ID adjustment.
Also add a warning to the similar code in other functions
so people who misuse them are more loudly warned.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Thu, 21 Nov 2013 15:50:58 +0000 (16:50 +0100)]
packet: fix use after free race in send path when dev is released
Salam reported a use after free bug in PF_PACKET that occurs when
we're sending out frames on a socket bound device and suddenly the
net device is being unregistered. It appears that commit
827d9780
introduced a possible race condition between {t,}packet_snd() and
packet_notifier(). In the case of a bound socket, packet_notifier()
can drop the last reference to the net_device and {t,}packet_snd()
might end up suddenly sending a packet over a freed net_device.
To avoid reverting
827d9780 and thus introducing a performance
regression compared to the current state of things, we decided to
hold a cached RCU protected pointer to the net device and maintain
it on write side via bind spin_lock protected register_prot_hook()
and __unregister_prot_hook() calls.
In {t,}packet_snd() path, we access this pointer under rcu_read_lock
through packet_cached_dev_get() that holds reference to the device
to prevent it from being freed through packet_notifier() while
we're in send path. This is okay to do as dev_put()/dev_hold() are
per-cpu counters, so this should not be a performance issue. Also,
the code simplifies a bit as we don't need need_rls_dev anymore.
Fixes: 827d978037d7 ("af-packet: Use existing netdev reference for bound sockets.")
Reported-by: Salam Noureddine <noureddine@aristanetworks.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Salam Noureddine <noureddine@aristanetworks.com>
Cc: Ben Greear <greearb@candelatech.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Vrabel [Thu, 21 Nov 2013 15:26:09 +0000 (15:26 +0000)]
xen-netback: stop the VIF thread before unbinding IRQs
If the VIF thread is still running after unbinding the Tx and Rx IRQs
in xenvif_disconnect(), the thread may attempt to raise an event which
will BUG (as the irq is unbound).
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Opdenacker [Thu, 21 Nov 2013 03:43:11 +0000 (04:43 +0100)]
wimax: remove dead code
This removes a code line that is between a "return 0;" and an error label.
This code line can never be reached.
Found by Coverity (CID:
1130529)
Signed-off-by: Michael Opdenacker <michael.opdenacker@free-electrons.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 21 Nov 2013 17:58:51 +0000 (12:58 -0500)]
Merge branch 'for-davem' of git://git./linux/kernel/git/linville/wireless
John W. Linville says:
====================
pull request: wireless 2013-11-21
Please pull this batch of fixes intended for the 3.13 stream!
For the Bluetooth bits, Gustavo says:
"A few fixes for 3.13. There is 3 fixes to the RFCOMM protocol. One
crash fix to L2CAP. A simple fix to a bad behaviour in the SMP
protocol."
On top of that...
Amitkumar Karwar sends a quintet of mwifiex fixes -- two fixes related
to failure handling, two memory leak fixes, and a NULL pointer fix.
Felix Fietkau corrects and earlier rt2x00 HT descriptor handling fix
to address a crash.
Geyslan G. Bem fixes a memory leak in brcmfmac.
Larry Finger address more pointer arithmetic errors in rtlwifi.
Luis R. Rodriguez provides a regulatory fix in the shared ath code.
Sujith Manoharan brings a couple ath9k initialization fixes.
Ujjal Roy offers one more mwifiex fix to avoid invalid memory accesses
when unloading the USB driver.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 21 Nov 2013 17:44:15 +0000 (12:44 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
netfilter fixes for net
The following patchset contains fixes for your net tree, they are:
* Remove extra quote from connlimit configuration in Kconfig, from
Randy Dunlap.
* Fix missing mss option in syn packets sent to the backend in our
new synproxy target, from Martin Topholm.
* Use window scale announced by client when sending the forged
syn to the backend, from Martin Topholm.
* Fix IPv6 address comparison in ebtables, from Luís Fernando
Cornachioni Estrozi.
* Fix wrong endianess in sequence adjustment which breaks helpers
in NAT configurations, from Phil Oester.
* Fix the error path handling of nft_compat, from me.
* Make sure the global conntrack counter is decremented after the
object has been released, also from me.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville [Thu, 21 Nov 2013 15:26:17 +0000 (10:26 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem
Madalin Bucur [Wed, 20 Nov 2013 22:38:19 +0000 (16:38 -0600)]
net/phy: Add the autocross feature for forced links on VSC82x4
Add auto-MDI/MDI-X capability for forced (autonegotiation disabled)
10/100 Mbps speeds on Vitesse VSC82x4 PHYs. Exported previously static
function genphy_setup_forced() required by the new config_aneg handler
in the Vitesse PHY module.
Signed-off-by: Madalin Bucur <madalin.bucur@freescale.com>
Signed-off-by: Shruti Kanetkar <Shruti@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sandeep Singh [Wed, 20 Nov 2013 22:38:18 +0000 (16:38 -0600)]
net/phy: Add VSC8662 support
Vitesse VSC8662 is Dual Port 10/100/1000Base-T Phy
Its register set and features are similar to other Vitesse Phys.
Signed-off-by: Sandeep Singh <Sandeep@freescale.com>
Signed-off-by: Andy Fleming <afleming@gmail.com>
Signed-off-by: Shruti Kanetkar <Shruti@Freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
shaohui xie [Wed, 20 Nov 2013 22:38:17 +0000 (16:38 -0600)]
net/phy: Add VSC8574 support
The VSC8574 is a quad-port Gigabit Ethernet transceiver with four SerDes
interfaces for quad-port dual media capability.
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Andy Fleming <afleming@gmail.com>
Signed-off-by: Shruti Kanetkar <Shruti@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andy Fleming [Wed, 20 Nov 2013 22:38:16 +0000 (16:38 -0600)]
net/phy: Add VSC8234 support
Vitesse VSC8234 is quad port 10/100/1000BASE-T PHY
with SGMII and SERDES MAC interfaces.
Signed-off-by: Andy Fleming <afleming@gmail.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Shruti Kanetkar <Shruti@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Thu, 21 Nov 2013 02:14:34 +0000 (03:14 +0100)]
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
In that case it is probable that kernel code overwrote part of the
stack. So we should bail out loudly here.
The BUG_ON may be removed in future if we are sure all protocols are
conformant.
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hannes Frederic Sowa [Thu, 21 Nov 2013 02:14:22 +0000 (03:14 +0100)]
net: rework recvmsg handler msg_name and msg_namelen logic
This patch now always passes msg->msg_namelen as 0. recvmsg handlers must
set msg_namelen to the proper size <= sizeof(struct sockaddr_storage)
to return msg_name to the user.
This prevents numerous uninitialized memory leaks we had in the
recvmsg handlers and makes it harder for new code to accidentally leak
uninitialized memory.
Optimize for the case recvfrom is called with NULL as address. We don't
need to copy the address at all, so set it to NULL before invoking the
recvmsg handler. We can do so, because all the recvmsg handlers must
cope with the case a plain read() is called on them. read() also sets
msg_name to NULL.
Also document these changes in include/linux/net.h as suggested by David
Miller.
Changes since RFC:
Set msg->msg_name = NULL if user specified a NULL in msg_name but had a
non-null msg_namelen in verify_iovec/verify_compat_iovec. This doesn't
affect sendto as it would bail out earlier while trying to copy-in the
address. It also more naturally reflects the logic by the callers of
verify_iovec.
With this change in place I could remove "
if (!uaddr || msg_sys->msg_namelen == 0)
msg->msg_name = NULL
".
This change does not alter the user visible error logic as we ignore
msg_namelen as long as msg_name is NULL.
Also remove two unnecessary curly brackets in ___sys_recvmsg and change
comments to netdev style.
Cc: David Miller <davem@davemloft.net>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ding Tianhong [Sat, 7 Dec 2013 14:12:05 +0000 (22:12 +0800)]
bridge: flush br's address entry in fdb when remove the
bridge dev
When the following commands are executed:
brctl addbr br0
ifconfig br0 hw ether <addr>
rmmod bridge
The calltrace will occur:
[ 563.312114] device eth1 left promiscuous mode
[ 563.312188] br0: port 1(eth1) entered disabled state
[ 563.468190] kmem_cache_destroy bridge_fdb_cache: Slab cache still has objects
[ 563.468197] CPU: 6 PID: 6982 Comm: rmmod Tainted: G O 3.12.0-0.7-default+ #9
[ 563.468199] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 563.468200]
0000000000000880 ffff88010f111e98 ffffffff814d1c92 ffff88010f111eb8
[ 563.468204]
ffffffff81148efd ffff88010f111eb8 0000000000000000 ffff88010f111ec8
[ 563.468206]
ffffffffa062a270 ffff88010f111ed8 ffffffffa063ac76 ffff88010f111f78
[ 563.468209] Call Trace:
[ 563.468218] [<
ffffffff814d1c92>] dump_stack+0x6a/0x78
[ 563.468234] [<
ffffffff81148efd>] kmem_cache_destroy+0xfd/0x100
[ 563.468242] [<
ffffffffa062a270>] br_fdb_fini+0x10/0x20 [bridge]
[ 563.468247] [<
ffffffffa063ac76>] br_deinit+0x4e/0x50 [bridge]
[ 563.468254] [<
ffffffff810c7dc9>] SyS_delete_module+0x199/0x2b0
[ 563.468259] [<
ffffffff814e0922>] system_call_fastpath+0x16/0x1b
[ 570.377958] Bridge firewalling registered
--------------------------- cut here -------------------------------
The reason is that when the bridge dev's address is changed, the
br_fdb_change_mac_address() will add new address in fdb, but when
the bridge was removed, the address entry in the fdb did not free,
the bridge_fdb_cache still has objects when destroy the cache, Fix
this by flushing the bridge address entry when removing the bridge.
v2: according to the Toshiaki Makita and Vlad's suggestion, I only
delete the vlan0 entry, it still have a leak here if the vlan id
is other number, so I need to call fdb_delete_by_port(br, NULL, 1)
to flush all entries whose dst is NULL for the bridge.
Suggested-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Suggested-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Wed, 20 Nov 2013 01:47:15 +0000 (20:47 -0500)]
net: core: Always propagate flag changes to interfaces
The following commit:
b6c40d68ff6498b7f63ddf97cf0aa818d748dee7
net: only invoke dev->change_rx_flags when device is UP
tried to fix a problem with VLAN devices and promiscuouse flag setting.
The issue was that VLAN device was setting a flag on an interface that
was down, thus resulting in bad promiscuity count.
This commit blocked flag propagation to any device that is currently
down.
A later commit:
deede2fabe24e00bd7e246eb81cd5767dc6fcfc7
vlan: Don't propagate flag changes on down interfaces
fixed VLAN code to only propagate flags when the VLAN interface is up,
thus fixing the same issue as above, only localized to VLAN.
The problem we have now is that if we have create a complex stack
involving multiple software devices like bridges, bonds, and vlans,
then it is possible that the flags would not propagate properly to
the physical devices. A simple examle of the scenario is the
following:
eth0----> bond0 ----> bridge0 ---> vlan50
If bond0 or eth0 happen to be down at the time bond0 is added to
the bridge, then eth0 will never have promisc mode set which is
currently required for operation as part of the bridge. As a
result, packets with vlan50 will be dropped by the interface.
The only 2 devices that implement the special flag handling are
VLAN and DSA and they both have required code to prevent incorrect
flag propagation. As a result we can remove the generic solution
introduced in
b6c40d68ff6498b7f63ddf97cf0aa818d748dee7 and leave
it to the individual devices to decide whether they will block
flag propagation or not.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Suggested-by: Veaceslav Falico <vfalico@redhat.com>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Alexei Starovoitov [Wed, 20 Nov 2013 03:12:34 +0000 (19:12 -0800)]
ipv4: fix race in concurrent ip_route_input_slow()
CPUs can ask for local route via ip_route_input_noref() concurrently.
if nh_rth_input is not cached yet, CPUs will proceed to allocate
equivalent DSTs on 'lo' and then will try to cache them in nh_rth_input
via rt_cache_route()
Most of the time they succeed, but on occasion the following two lines:
orig = *p;
prev = cmpxchg(p, orig, rt);
in rt_cache_route() do race and one of the cpus fails to complete cmpxchg.
But ip_route_input_slow() doesn't check the return code of rt_cache_route(),
so dst is leaking. dst_destroy() is never called and 'lo' device
refcnt doesn't go to zero, which can be seen in the logs as:
unregister_netdevice: waiting for lo to become free. Usage count = 1
Adding mdelay() between above two lines makes it easily reproducible.
Fix it similar to nh_pcpu_rth_output case.
Fixes: d2d68ba9fe8b ("ipv4: Cache input routes in fib_info nexthops.")
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 20 Nov 2013 20:10:24 +0000 (15:10 -0500)]
Merge branch 'r8152'
Hayes Wang says:
====================
r8152 bug fixes
For the patch #3, I add netif_tx_lock() before checking the
netif_queue_stopped(). Besides, I add checking the skb queue
length before waking the tx queue.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 20 Nov 2013 09:30:57 +0000 (17:30 +0800)]
r8152: fix incorrect type in assignment
The data from the hardware should be little endian. Correct the
declaration.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 20 Nov 2013 09:30:56 +0000 (17:30 +0800)]
r8152: support stopping/waking tx queue
The maximum packet number which a tx aggregation buffer could contain
is the tx_qlen.
tx_qlen = buffer size / (packet size + descriptor size).
If the tx buffer is empty and the queued packets are more than the
maximum value which is defined above, stop the tx queue. Wake the
tx queue if tx queue is stopped and the queued packets are less than
tx_qlen.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 20 Nov 2013 09:30:55 +0000 (17:30 +0800)]
r8152: modify the tx flow
Remove the code for sending the packet in the rtl8152_start_xmit().
Let rtl8152_start_xmit() to queue the packet only, and schedule a
tasklet to send the queued packets. This simplify the code and make
sure all the packet would be sent by the original order.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 20 Nov 2013 09:30:54 +0000 (17:30 +0800)]
r8152: fix tx/rx memory overflow
The tx/rx would access the memory which is out of the desired range.
Modify the method of checking the end of the memory to avoid it.
For r8152_tx_agg_fill(), the variable remain may become negative.
However, the declaration is unsigned, so the while loop wouldn't
break when reaching the end of the desied memory. Although to change
the declaration from unsigned to signed is enough to fix it, I also
modify the checking method for safe. Replace
remain = rx_buf_sz - sizeof(*tx_desc) -
(u32)((void *)tx_data - agg->head);
with
remain = rx_buf_sz - (int)(tx_agg_align(tx_data) - agg->head);
to make sure the variable remain is always positive. Then, the
overflow wouldn't happen.
For rx_bottom(), the rx_desc should not be used to calculate the
packet length before making sure the rx_desc is in the desired range.
Change the checking to two parts. First, check the descriptor is in
the memory. The other, using the descriptor to find out the packet
length and check if the packet is in the memory.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Mahesh Rajashekhara [Thu, 31 Oct 2013 08:31:02 +0000 (14:01 +0530)]
aacraid: prevent invalid pointer dereference
It appears that driver runs into a problem here if fibsize is too small
because we allocate user_srbcmd with fibsize size only but later we
access it until user_srbcmd->sg.count to copy it over to srbcmd.
It is not correct to test (fibsize < sizeof(*user_srbcmd)) because this
structure already includes one sg element and this is not needed for
commands without data. So, we would recommend to add the following
(instead of test for fibsize == 0).
Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@pmcs.com>
Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 19 Nov 2013 23:50:47 +0000 (15:50 -0800)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Mostly these are fixes for fallout due to merge window changes, as
well as cures for problems that have been with us for a much longer
period of time"
1) Johannes Berg noticed two major deficiencies in our genetlink
registration. Some genetlink protocols we passing in constant
counts for their ops array rather than something like
ARRAY_SIZE(ops) or similar. Also, some genetlink protocols were
using fixed IDs for their multicast groups.
We have to retain these fixed IDs to keep existing userland tools
working, but reserve them so that other multicast groups used by
other protocols can not possibly conflict.
In dealing with these two problems, we actually now use less state
management for genetlink operations and multicast groups.
2) When configuring interface hardware timestamping, fix several
drivers that simply do not validate that the hwtstamp_config value
is one the driver actually supports. From Ben Hutchings.
3) Invalid memory references in mwifiex driver, from Amitkumar Karwar.
4) In dev_forward_skb(), set the skb->protocol in the right order
relative to skb_scrub_packet(). From Alexei Starovoitov.
5) Bridge erroneously fails to use the proper wrapper functions to make
calls to netdev_ops->ndo_vlan_rx_{add,kill}_vid. Fix from Toshiaki
Makita.
6) When detaching a bridge port, make sure to flush all VLAN IDs to
prevent them from leaking, also from Toshiaki Makita.
7) Put in a compromise for TCP Small Queues so that deep queued devices
that delay TX reclaim non-trivially don't have such a performance
decrease. One particularly problematic area is 802.11 AMPDU in
wireless. From Eric Dumazet.
8) Fix crashes in tcp_fastopen_cache_get(), we can see NULL socket dsts
here. Fix from Eric Dumzaet, reported by Dave Jones.
9) Fix use after free in ipv6 SIT driver, from Willem de Bruijn.
10) When computing mergeable buffer sizes, virtio-net fails to take the
virtio-net header into account. From Michael Dalton.
11) Fix seqlock deadlock in ip4_datagram_connect() wrt. statistic
bumping, this one has been with us for a while. From Eric Dumazet.
12) Fix NULL deref in the new TIPC fragmentation handling, from Erik
Hugne.
13) 6lowpan bit used for traffic classification was wrong, from Jukka
Rissanen.
14) macvlan has the same issue as normal vlans did wrt. propagating LRO
disabling down to the real device, fix it the same way. From Michal
Kubecek.
15) CPSW driver needs to soft reset all slaves during suspend, from
Daniel Mack.
16) Fix small frame pacing in FQ packet scheduler, from Eric Dumazet.
17) The xen-netfront RX buffer refill timer isn't properly scheduled on
partial RX allocation success, from Ma JieYue.
18) When ipv6 ping protocol support was added, the AF_INET6 protocol
initialization cleanup path on failure was borked a little. Fix
from Vlad Yasevich.
19) If a socket disconnects during a read/recvmsg/recvfrom/etc that
blocks we can do the wrong thing with the msg_name we write back to
userspace. From Hannes Frederic Sowa. There is another fix in the
works from Hannes which will prevent future problems of this nature.
20) Fix route leak in VTI tunnel transmit, from Fan Du.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (106 commits)
genetlink: make multicast groups const, prevent abuse
genetlink: pass family to functions using groups
genetlink: add and use genl_set_err()
genetlink: remove family pointer from genl_multicast_group
genetlink: remove genl_unregister_mc_group()
hsr: don't call genl_unregister_mc_group()
quota/genetlink: use proper genetlink multicast APIs
drop_monitor/genetlink: use proper genetlink multicast APIs
genetlink: only pass array to genl_register_family_with_ops()
tcp: don't update snd_nxt, when a socket is switched from repair mode
atm: idt77252: fix dev refcnt leak
xfrm: Release dst if this dst is improper for vti tunnel
netlink: fix documentation typo in netlink_set_err()
be2net: Delete secondary unicast MAC addresses during be_close
be2net: Fix unconditional enabling of Rx interface options
net, virtio_net: replace the magic value
ping: prevent NULL pointer dereference on write to msg_name
bnx2x: Prevent "timeout waiting for state X"
bnx2x: prevent CFC attention
bnx2x: Prevent panic during DMAE timeout
...
Linus Torvalds [Tue, 19 Nov 2013 23:50:03 +0000 (15:50 -0800)]
Merge git://git./linux/kernel/git/davem/sparc
Pull sparc fixes from David Miller:
"Two merge window fallout build fixes"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: merge fix
sparc64: fix build regession
Linus Torvalds [Tue, 19 Nov 2013 23:49:31 +0000 (15:49 -0800)]
Merge tag 'please-pull-fixia64' of git://git./linux/kernel/git/aegl/linux
Pull ia64 fix from Tony Luck:
"Unbreak ia64 build by avoiding circular dependency"
* tag 'please-pull-fixia64' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
kernel/bounds: avoid circular dependencies in generated headers
Kirill A. Shutemov [Mon, 18 Nov 2013 08:47:27 +0000 (10:47 +0200)]
kernel/bounds: avoid circular dependencies in generated headers
<linux/spinlock.h> has heavy dependencies on other header files.
It triggers circular dependencies in generated headers on IA64, at
least:
CC kernel/bounds.s
In file included from /home/space/kas/git/public/linux/arch/ia64/include/asm/thread_info.h:9:0,
from include/linux/thread_info.h:54,
from include/asm-generic/preempt.h:4,
from arch/ia64/include/generated/asm/preempt.h:1,
from include/linux/preempt.h:18,
from include/linux/spinlock.h:50,
from kernel/bounds.c:14:
/home/space/kas/git/public/linux/arch/ia64/include/asm/asm-offsets.h:1:35: fatal error: generated/asm-offsets.h: No such file or directory
compilation terminated.
Let's replace <linux/spinlock.h> with <linux/spinlock_types.h>, it's
enough to find out size of spinlock_t.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-and-Tested-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
David S. Miller [Tue, 19 Nov 2013 21:39:42 +0000 (16:39 -0500)]
Merge branch 'genetlink_mcast'
Johannes Berg says:
====================
genetlink: clean up multicast group APIs
The generic netlink multicast group registration doesn't have to
be dynamic, and can thus be simplified just like I did with the
ops. This removes some complexity in registration code.
Additionally, two users of generic netlink already use multicast
groups in a wrong way, add workarounds for those two to keep the
userspace API working, but at the same time make them not clash
with other users of multicast groups as might happen now.
While making it all a bit easier, also prevent such abuse by adding
checks to the APIs so each family can only use the groups it owns.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:39 +0000 (15:19 +0100)]
genetlink: make multicast groups const, prevent abuse
Register generic netlink multicast groups as an array with
the family and give them contiguous group IDs. Then instead
of passing the global group ID to the various functions that
send messages, pass the ID relative to the family - for most
families that's just 0 because the only have one group.
This avoids the list_head and ID in each group, adding a new
field for the mcast group ID offset to the family.
At the same time, this allows us to prevent abusing groups
again like the quota and dropmon code did, since we can now
check that a family only uses a group it owns.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:38 +0000 (15:19 +0100)]
genetlink: pass family to functions using groups
This doesn't really change anything, but prepares for the
next patch that will change the APIs to pass the group ID
within the family, rather than the global group ID.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:37 +0000 (15:19 +0100)]
genetlink: add and use genl_set_err()
Add a static inline to generic netlink to wrap netlink_set_err()
to make it easier to use here - use it in openvswitch (the only
generic netlink user of netlink_set_err()).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:36 +0000 (15:19 +0100)]
genetlink: remove family pointer from genl_multicast_group
There's no reason to have the family pointer there since it
can just be passed internally where needed, so remove it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:35 +0000 (15:19 +0100)]
genetlink: remove genl_unregister_mc_group()
There are no users of this API remaining, and we'll soon
change group registration to be static (like ops are now)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:34 +0000 (15:19 +0100)]
hsr: don't call genl_unregister_mc_group()
There's no need to unregister the multicast group if the
generic netlink family is registered immediately after.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:33 +0000 (15:19 +0100)]
quota/genetlink: use proper genetlink multicast APIs
The quota code is abusing the genetlink API and is using
its family ID as the multicast group ID, which is invalid
and may belong to somebody else (and likely will.)
Make the quota code use the correct API, but since this
is already used as-is by userspace, reserve a family ID
for this code and also reserve that group ID to not break
userspace assumptions.
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:32 +0000 (15:19 +0100)]
drop_monitor/genetlink: use proper genetlink multicast APIs
The drop monitor code is abusing the genetlink API and is
statically using the generic netlink multicast group 1, even
if that group belongs to somebody else (which it invariably
will, since it's not reserved.)
Make the drop monitor code use the proper APIs to reserve a
group ID, but also reserve the group id 1 in generic netlink
code to preserve the userspace API. Since drop monitor can
be a module, don't clear the bit for it on unregistration.
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 14:19:31 +0000 (15:19 +0100)]
genetlink: only pass array to genl_register_family_with_ops()
As suggested by David Miller, make genl_register_family_with_ops()
a macro and pass only the array, evaluating ARRAY_SIZE() in the
macro, this is a little safer.
The openvswitch has some indirection, assing ops/n_ops directly in
that code. This might ultimately just assign the pointers in the
family initializations, saving the struct genl_family_and_ops and
code (once mcast groups are handled differently.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andrey Vagin [Tue, 19 Nov 2013 18:10:06 +0000 (22:10 +0400)]
tcp: don't update snd_nxt, when a socket is switched from repair mode
snd_nxt must be updated synchronously with sk_send_head. Otherwise
tp->packets_out may be updated incorrectly, what may bring a kernel panic.
Here is a kernel panic from my host.
[ 103.043194] BUG: unable to handle kernel NULL pointer dereference at
0000000000000048
[ 103.044025] IP: [<
ffffffff815aaaaf>] tcp_rearm_rto+0xcf/0x150
...
[ 146.301158] Call Trace:
[ 146.301158] [<
ffffffff815ab7f0>] tcp_ack+0xcc0/0x12c0
Before this panic a tcp socket was restored. This socket had sent and
unsent data in the write queue. Sent data was restored in repair mode,
then the socket was switched from reapair mode and unsent data was
restored. After that the socket was switched back into repair mode.
In that moment we had a socket where write queue looks like this:
snd_una snd_nxt write_seq
|_________|________|
|
sk_send_head
After a second switching from repair mode the state of socket was
changed:
snd_una snd_nxt, write_seq
|_________ ________|
|
sk_send_head
This state is inconsistent, because snd_nxt and sk_send_head are not
synchronized.
Bellow you can find a call trace, how packets_out can be incremented
twice for one skb, if snd_nxt and sk_send_head are not synchronized.
In this case packets_out will be always positive, even when
sk_write_queue is empty.
tcp_write_wakeup
skb = tcp_send_head(sk);
tcp_fragment
if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq))
tcp_adjust_pcount(sk, skb, diff);
tcp_event_new_data_sent
tp->packets_out += tcp_skb_pcount(skb);
I think update of snd_nxt isn't required, when a socket is switched from
repair mode. Because it's initialized in tcp_connect_init. Then when a
write queue is restored, snd_nxt is incremented in tcp_event_new_data_sent,
so it's always is in consistent state.
I have checked, that the bug is not reproduced with this patch and
all tests about restoring tcp connections work fine.
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ying Xue [Tue, 19 Nov 2013 10:09:27 +0000 (18:09 +0800)]
atm: idt77252: fix dev refcnt leak
init_card() calls dev_get_by_name() to get a network deceive. But it
doesn't decrease network device reference count after the device is
used.
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
fan.du [Tue, 19 Nov 2013 08:53:28 +0000 (16:53 +0800)]
xfrm: Release dst if this dst is improper for vti tunnel
After searching rt by the vti tunnel dst/src parameter,
if this rt has neither attached to any transformation
nor the transformation is not tunnel oriented, this rt
should be released back to ip layer.
otherwise causing dst memory leakage.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 19 Nov 2013 09:35:40 +0000 (10:35 +0100)]
netlink: fix documentation typo in netlink_set_err()
The parameter is just 'group', not 'groups', fix the documentation typo.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 19 Nov 2013 19:44:15 +0000 (11:44 -0800)]
Merge tag 'arc-v3.13-rc1-part2' of git://git./linux/kernel/git/vgupta/arc
Pull second set of ARC changes from Vineet Gupta:
- Support for Perf from Mischa
- Enabling GPIO/Pinctrl drivers for Abilis TB10x platform
- New defconfig for buildroot
* tag 'arc-v3.13-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: [plat-arcfpga] Add defconfig without initramfs location
ARC: perf: ARC 700 PMU doesn't support sampling events
ARC: Add documentation on DT binding for ARC700 PMU
ARC: Add perf support for ARC700 cores
ARC: [TB10x] Updates for GPIO and pinctrl
Linus Torvalds [Tue, 19 Nov 2013 19:43:21 +0000 (11:43 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull second set of s390 patches from Martin Schwidefsky:
"The handling of the PCI hotplug notifications has been improved, the
zfcp dumper can now detect the HSA size dynamically and the default
install kernel has been changed to the compressed bzImage. And two
bug-fixes for scm and 3720"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/pci: implement hotplug notifications
s390/scm_block: do not hide eadm subchannel dependency
s390/sclp: Consolidate early sclp init calls to sclp_early_detect()
s390/sclp: Move early code from sclp_cmd.c to sclp_early.c
s390/sclp: Determine HSA size dynamically for zfcpdump
s390/sclp: Move declarations for sclp_sdias into separate header file
s390/pci: implement pcibios_remove_bus
s390/pci: improve handling of bus resources
s390/3270: fix missing device_destroy() call
s390/boot: Install bzImage as default kernel image
Linus Torvalds [Tue, 19 Nov 2013 19:42:32 +0000 (11:42 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/rw/uml
Pull UML changes from Richard Weinberger:
"This pile contains a nice defconfig cleanup, a rewritten stack
unwinder and various cleanups"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: Remove unused declarations from <as-layout.h>
um: remove used STDIO_CONSOLE Kconfig param
um/vdso: add .gitignore for a couple of targets
arch/um: make it work with defconfig and x86_64
um: Make kstack_depth_to_print conform to arch/x86
um: Get rid of thread_struct->saved_task
um: Make stack trace reliable against kernel mode faults
um: Rewrite show_stack()
Linus Torvalds [Tue, 19 Nov 2013 18:48:19 +0000 (10:48 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fix from Ingo Molnar:
"A modular build fix for certain .config's"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86: Export 'boot_cpu_physical_apicid' to modules
Linus Torvalds [Tue, 19 Nov 2013 18:40:00 +0000 (10:40 -0800)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq cleanups from Ingo Molnar:
"This is a multi-arch cleanup series from Thomas Gleixner, which we
kept to near the end of the merge window, to not interfere with
architecture updates.
This series (motivated by the -rt kernel) unifies more aspects of IRQ
handling and generalizes PREEMPT_ACTIVE"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
preempt: Make PREEMPT_ACTIVE generic
sparc: Use preempt_schedule_irq
ia64: Use preempt_schedule_irq
m32r: Use preempt_schedule_irq
hardirq: Make hardirq bits generic
m68k: Simplify low level interrupt handling code
genirq: Prevent spurious detection for unconditionally polled interrupts
Luís Fernando Cornachioni Estrozi [Wed, 6 Nov 2013 21:39:32 +0000 (21:39 +0000)]
netfilter: ebt_ip6: fix source and destination matching
This bug was introduced on commit
0898f99a2. This just recovers two
checks that existed before as suggested by Bart De Schuymer.
Signed-off-by: Luís Fernando Cornachioni Estrozi <lestrozi@uolinc.com>
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Al Viro [Tue, 19 Nov 2013 01:20:43 +0000 (01:20 +0000)]
seq_file: always clear m->count when we free m->buf
Once we'd freed m->buf, m->count should become zero - we have no valid
contents reachable via m->buf.
Reported-by: Charley (Hao Chuan) Chu <charley.chu@broadcom.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 18 Nov 2013 23:56:13 +0000 (15:56 -0800)]
Merge git://www.linux-watchdog.org/linux-watchdog
Pull watchdog changes from Wim Van Sebroeck:
- addition of MOXA ART watchdog driver (moxart_wdt)
- addition of CSR SiRFprimaII and SiRFatlasVI watchdog driver
(sirfsoc_wdt)
- addition of ralink watchdog driver (rt2880_wdt)
- various fixes and cleanups (__user annotation, ioctl return codes,
removal of redundant of_match_ptr, removal of unnecessary
amba_set_drvdata(), use allocated buffer for usb_control_msg, ...)
- removal of MODULE_ALIAS_MISCDEV statements
- watchdog related DT bindings
- first set of improvements on the w83627hf_wdt driver
* git://www.linux-watchdog.org/linux-watchdog: (26 commits)
watchdog: w83627hf: Use helper functions to access superio registers
watchdog: w83627hf: Enable watchdog device only if not already enabled
watchdog: w83627hf: Enable watchdog only once
watchdog: w83627hf: Convert to watchdog infrastructure
watchdog: omap_wdt: raw read and write endian fix
watchdog: sirf: don't depend on dummy value of CLOCK_TICK_RATE
watchdog: pcwd_usb: overflow in usb_pcwd_send_command()
watchdog: rt2880_wdt: fix return value check in rt288x_wdt_probe()
watchdog: watchdog_core: Fix a trivial typo
watchdog: dw: Enable OF support for DW watchdog timer
watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
watchdog: ts72xx_wdt: Propagate return value from timeout_to_regval
watchdog: pcwd_usb: Use allocated buffer for usb_control_msg
watchdog: sp805_wdt: Remove unnecessary amba_set_drvdata()
watchdog: sirf: add watchdog driver of CSR SiRFprimaII and SiRFatlasVI
watchdog: Remove redundant of_match_ptr
watchdog: ts72xx_wdt: cleanup return codes in ioctl
documentation/devicetree: Move DT bindings from gpio to watchdog
watchdog: add ralink watchdog driver
watchdog: Add MOXA ART watchdog driver
...
Linus Torvalds [Mon, 18 Nov 2013 23:50:07 +0000 (15:50 -0800)]
Merge branch 'i2c/for-next' of git://git./linux/kernel/git/wsa/linux
Pull i2c changes from Wolfram Sang:
- new drivers for exynos5, bcm kona, and st micro
- bigger overhauls for drivers mxs and rcar
- typical driver bugfixes, cleanups, improvements
- got rid of the superfluous 'driver' member in i2c_client struct This
touches a few drivers in other subsystems. All acked.
* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (38 commits)
i2c: bcm-kona: fix error return code in bcm_kona_i2c_probe()
i2c: i2c-eg20t: do not print error message in syslog if no ACK received
i2c: bcm-kona: Introduce Broadcom I2C Driver
i2c: cbus-gpio: Fix device tree binding
i2c: wmt: add missing clk_disable_unprepare() on error
i2c: designware: add new ACPI IDs
i2c: i801: Add Device IDs for Intel Wildcat Point-LP PCH
i2c: exynos5: Remove incorrect clk_disable_unprepare
i2c: i2c-st: Add ST I2C controller
i2c: exynos5: add High Speed I2C controller driver
i2c: rcar: fixup rcar type naming
i2c: scmi: remove some bogus NULL checks
i2c: sh_mobile & rcar: Enable the driver on all ARM platforms
i2c: sh_mobile: Convert to clk_prepare/unprepare
i2c: mux: gpio: use reg value for i2c_add_mux_adapter
i2c: mux: gpio: use gpio_set_value_cansleep()
i2c: Include linux/of.h header
i2c: mxs: Fix PIO mode on i.MX23
i2c: mxs: Rework the PIO mode operation
i2c: mxs: distinguish i.MX23 and i.MX28 based I2C controller
...
Linus Torvalds [Mon, 18 Nov 2013 23:36:04 +0000 (15:36 -0800)]
Merge tag 'rdma-for-linus' of git://git./linux/kernel/git/roland/infiniband
Pull infiniband/rdma updates from Roland Dreier:
- Re-enable flow steering verbs with new improved userspace ABI
- Fixes for slow connection due to GID lookup scalability
- IPoIB fixes
- Many fixes to HW drivers including mlx4, mlx5, ocrdma and qib
- Further improvements to SRP error handling
- Add new transport type for Cisco usNIC
* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: (66 commits)
IB/core: Re-enable create_flow/destroy_flow uverbs
IB/core: extended command: an improved infrastructure for uverbs commands
IB/core: Remove ib_uverbs_flow_spec structure from userspace
IB/core: Use a common header for uverbs flow_specs
IB/core: Make uverbs flow structure use names like verbs ones
IB/core: Rename 'flow' structs to match other uverbs structs
IB/core: clarify overflow/underflow checks on ib_create/destroy_flow
IB/ucma: Convert use of typedef ctl_table to struct ctl_table
IB/cm: Convert to using idr_alloc_cyclic()
IB/mlx5: Fix page shift in create CQ for userspace
IB/mlx4: Fix device max capabilities check
IB/mlx5: Fix list_del of empty list
IB/mlx5: Remove dead code
IB/core: Encorce MR access rights rules on kernel consumers
IB/mlx4: Fix endless loop in resize CQ
RDMA/cma: Remove unused argument and minor dead code
RDMA/ucma: Discard events for IDs not yet claimed by user space
IB/core: Add Cisco usNIC rdma node and transport types
RDMA/nes: Remove self-assignment from nes_query_qp()
IB/srp: Report receive errors correctly
...
Linus Torvalds [Mon, 18 Nov 2013 23:35:09 +0000 (15:35 -0800)]
Merge tag 'for-v3.13' of git://git.infradead.org/battery-2.6
Pull battery updates from Anton Vorontsov:
"Highlights:
- A new driver for TI BQ24735 Battery Chargers, courtesy of NVidia.
- Device tree bindings for TWL4030 chips.
- Random fixes and cleanups"
* tag 'for-v3.13' of git://git.infradead.org/battery-2.6:
pm2301-charger: Remove unneeded NULL checks
twl4030_charger: Add devicetree support
power_supply: Fix documentation for TEMP_*ALERT* properties
max17042_battery: Support regmap to access device's registers
max17042_battery: Use SIMPLE_DEV_PM_OPS
charger-manager : Replace kzalloc to devm_kzalloc and remove uneccessary code
bq2415x_charger: Fix max battery regulation voltage
tps65090-charger: Use "IS_ENABLED(CONFIG_OF)" for DT code
tps65090-charger: Drop devm_free_irq of devm_ allocated irq
power_supply: Add support for bq24735 charger
pm2301-charger: Staticize pm2xxx_charger_die_therm_mngt
pm2301-charger: Check return value of regulator_enable
ab8500-charger: Remove redundant break
ab8500-charger: Check return value of regulator_enable
isp1704_charger: Fix driver to work with changes introduced in v3.5