20 Feb, 2016
13 commits
-
The value passed by unix_diag_get_exact to unix_lookup_by_ino has type
__u32, but unix_lookup_by_ino's argument ino has type int, which is not
a problem yet.
However, when ino is compared with sock_i_ino return value of type
unsigned long, ino is sign extended to signed long, and this results
to incorrect comparison on 64-bit architectures for inode numbers
greater than INT_MAX.This bug was found by strace test suite.
Fixes: 5d3cae8bc39d ("unix_diag: Dumping exact socket core")
Signed-off-by: Dmitry V. Levin
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
Michael Chan says:
====================
bnxt_en: Phy related fixes.3 small patches to fix PHY related code.
====================Signed-off-by: David S. Miller
-
If we fail to update the PHY, we should print a warning and continue.
The current code to exit is buggy as it has not freed up the NIC
resources yet.Signed-off-by: Michael Chan
Signed-off-by: David S. Miller -
Fix bnxt_update_phy_setting() to check the correct parameters when
determining whether to update the PHY. Requested line speed/duplex should
only be checked for forced speed mode. This avoids unnecessary link
interruptions when loading the driver.Signed-off-by: Michael Chan
Signed-off-by: David S. Miller -
When shutting down the NIC, we shutdown async event processing before
freeing all the rings. If there is a link change event during reset, the
driver may miss it and the link state may be incorrect after the NIC is
re-opened. Poll the link at the end of __bnxt_open_nic() to get the
correct link status.Signed-off-by Michael Chan
Signed-off-by: David S. Miller
-
The purpose of gigaset_device_release() is to kfree() the struct
ser_cardstate that contains our struct device. This is done via a bit of
a detour. First we make our struct device's driver_data point to the
container of our struct ser_cardstate (which is a struct cardstate). In
gigaset_device_release() we then retrieve that driver_data again. And
after that we finally kfree() the struct ser_cardstate that was saved in
the struct cardstate.All of this can be achieved much easier by using container_of() to get
from our struct device to its container, struct ser_cardstate. Do so.Note that at the time the detour was implemented commit b8b2c7d845d5
("base/platform: assert that dev_pm_domain callbacks are called
unconditionally") had just entered the tree. That commit disconnected
our platform_device and our platform_driver. These were reconnected
again in v4.5-rc2 through commit 25cad69f21f5 ("base/platform: Fix
platform drivers with no probe callback"). And one of the consequences
of that fix was that it broke the detour via driver_data. That's because
it made __device_release_driver() stop being a NOP for our struct device
and actually do stuff again. One of the things it now does, is setting
our driver_data to NULL. That, in turn, makes it impossible for
gigaset_device_release() to get to our struct cardstate. Which has the
net effect of leaking a struct ser_cardstate at every call of this
driver's tty close() operation. So using container_of() has the
additional benefit of actually working.Reported-by: Dmitry Vyukov
Tested-by: Dmitry Vyukov
Signed-off-by: Paul Bolle
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller -
…m/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
====================
rtlwifi* fix broken VHT (802.11ac) support, reported by Linus
wlcore
* fix firmware initialisation regression on wl1271
iwlwifi
* fix a race that users reported when we try to load the firmware
and the hardware rfkill interrupt triggers at the same time
* fix a very visible bug in scheduled scan: the firmware
doesn't support scheduled scan with no profile configured and
the supplicant sometimes requests such scheduled scans
* build system fix to be able to link iwlwifi statically into kernel
* firmware name update for 8265
* typo fix in return value
====================Signed-off-by: David S. Miller <davem@davemloft.net>
-
The vpd strings are left justified, in a fixed length array, with possible
trailing white space and no NUL. So fix them up before calling kstrto*().This is a recent regression which causes cxgb3 to fail to load.
Fixes: e72c932 ("cxgb3: Convert simple_strtoul to kstrtox")
Signed-off-by: Steve Wise
Signed-off-by: David S. Miller -
the commit 35e2d1152b22 ("tunnels: Allow IPv6 UDP checksums to be
correctly controlled.") changed the default xmit checksum setting
for lwt vxlan/geneve ipv6 tunnels, so that now the checksum is not
set into external UDP header.
This commit changes the rx checksum setting for both lwt vxlan/geneve
devices created by openvswitch accordingly, so that lwt over ipv6
tunnel pairs are again able to communicate with default values.Signed-off-by: Paolo Abeni
Acked-by: Jiri Benc
Acked-by: Jesse Gross
Signed-off-by: David S. Miller -
tipc_bcast_unlock need to be unlocked in error path.
Signed-off-by: Insu Yun
Signed-off-by: David S. Miller -
Antonio Quartulli says:
====================
Two of the fixes included in this patchset prevent wrong memory
access - it was triggered when removing an object from a list
after it was already free'd due to bad reference counting.
This misbehaviour existed for both the gw_node and the
orig_node_vlan object and has been fixed by Sven Eckelmann.The last patch fixes our interface feasibility check and prevents
it from looping indefinitely when two net_device objects
reference each other via iflink index (i.e. veth pair), by
Andrew Lunn
====================Signed-off-by: David S. Miller
-
An error response from a RTM_GETNETCONF request can return the positive
error value EINVAL in the struct nlmsgerr that can mislead userspace.Signed-off-by: Anton Protopopov
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
When I used netdev_for_each_lower_dev in commit bad531623253 ("vrf:
remove slave queue and private slave struct") I thought that it acts
like netdev_for_each_lower_private and can be used to remove the current
device from the list while walking, but unfortunately it acts more like
netdev_for_each_lower_private_rcu and doesn't allow it. The difference
is where the "iter" points to, right now it points to the current element
and that makes it impossible to remove it. Change the logic to be
similar to netdev_for_each_lower_private and make it point to the "next"
element so we can safely delete the current one. VRF is the only such
user right now, there's no change for the read-only users.Here's what can happen now:
[98423.249858] general protection fault: 0000 [#1] SMP
[98423.250175] Modules linked in: vrf bridge(O) stp llc nfsd auth_rpcgss
oid_registry nfs_acl nfs lockd grace sunrpc crct10dif_pclmul
crc32_pclmul crc32c_intel ghash_clmulni_intel jitterentropy_rng
sha256_generic hmac drbg ppdev aesni_intel aes_x86_64 glue_helper lrw
gf128mul ablk_helper cryptd evdev serio_raw pcspkr virtio_balloon
parport_pc parport i2c_piix4 i2c_core virtio_console acpi_cpufreq button
9pnet_virtio 9p 9pnet fscache ipv6 autofs4 ext4 crc16 mbcache jbd2 sg
virtio_blk virtio_net sr_mod cdrom e1000 ata_generic ehci_pci uhci_hcd
ehci_hcd usbcore usb_common virtio_pci ata_piix libata floppy
virtio_ring virtio scsi_mod [last unloaded: bridge]
[98423.255040] CPU: 1 PID: 14173 Comm: ip Tainted: G O
4.5.0-rc2+ #81
[98423.255386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.8.1-20150318_183358- 04/01/2014
[98423.255777] task: ffff8800547f5540 ti: ffff88003428c000 task.ti:
ffff88003428c000
[98423.256123] RIP: 0010:[] []
netdev_lower_get_next+0x1e/0x30
[98423.256534] RSP: 0018:ffff88003428f940 EFLAGS: 00010207
[98423.256766] RAX: 0002000100000004 RBX: ffff880054ff9000 RCX:
0000000000000000
[98423.257039] RDX: ffff88003428f8b8 RSI: ffff88003428f950 RDI:
ffff880054ff90c0
[98423.257287] RBP: ffff88003428f940 R08: 0000000000000000 R09:
0000000000000000
[98423.257537] R10: 0000000000000001 R11: 0000000000000000 R12:
ffff88003428f9e0
[98423.257802] R13: ffff880054a5fd00 R14: ffff88003428f970 R15:
0000000000000001
[98423.258055] FS: 00007f3d76881700(0000) GS:ffff88005d000000(0000)
knlGS:0000000000000000
[98423.258418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[98423.258650] CR2: 00007ffe5951ffa8 CR3: 0000000052077000 CR4:
00000000000406e0
[98423.258902] Stack:
[98423.259075] ffff88003428f960 ffffffffa0442636 0002000100000004
ffff880054ff9000
[98423.259647] ffff88003428f9b0 ffffffff81518205 ffff880054ff9000
ffff88003428f978
[98423.260208] ffff88003428f978 ffff88003428f9e0 ffff88003428f9e0
ffff880035b35f00
[98423.260739] Call Trace:
[98423.260920] [] vrf_dev_uninit+0x76/0xa0 [vrf]
[98423.261156] []
rollback_registered_many+0x205/0x390
[98423.261401] [] unregister_netdevice_many+0x1c/0x70
[98423.261641] [] rtnl_delete_link+0x3c/0x50
[98423.271557] [] rtnl_dellink+0xcb/0x1d0
[98423.271800] [] ? __inc_zone_state+0x4a/0x90
[98423.272049] [] rtnetlink_rcv_msg+0x84/0x200
[98423.272279] [] ? trace_hardirqs_on+0xd/0x10
[98423.272513] [] ? rtnetlink_rcv+0x1b/0x40
[98423.272755] [] ? rtnetlink_rcv+0x40/0x40
[98423.272983] [] netlink_rcv_skb+0x97/0xb0
[98423.273209] [] rtnetlink_rcv+0x2a/0x40
[98423.273476] [] netlink_unicast+0x11b/0x1a0
[98423.273710] [] netlink_sendmsg+0x3e1/0x610
[98423.273947] [] sock_sendmsg+0x38/0x70
[98423.274175] [] ___sys_sendmsg+0x2e3/0x2f0
[98423.274416] [] ? do_raw_spin_unlock+0xbe/0x140
[98423.274658] [] ? handle_mm_fault+0x26c/0x2210
[98423.274894] [] ? handle_mm_fault+0x4d/0x2210
[98423.275130] [] ? __fget_light+0x91/0xb0
[98423.275365] [] __sys_sendmsg+0x42/0x80
[98423.275595] [] SyS_sendmsg+0x12/0x20
[98423.275827] [] entry_SYSCALL_64_fastpath+0x16/0x7a
[98423.276073] Code: c3 31 c0 5d c3 0f 1f 84 00 00 00 00 00 66 66 66 66
90 48 8b 06 55 48 81 c7 c0 00 00 00 48 89 e5 48 8b 00 48 39 f8 74 09 48
89 06 8b 40 e8 5d c3 31 c0 5d c3 0f 1f 84 00 00 00 00 00 66 66 66
[98423.279639] RIP [] netdev_lower_get_next+0x1e/0x30
[98423.279920] RSPCC: David Ahern
CC: David S. Miller
CC: Roopa Prabhu
CC: Vlad Yasevich
Fixes: bad531623253 ("vrf: remove slave queue and private slave struct")
Signed-off-by: Nikolay Aleksandrov
Reviewed-by: David Ahern
Tested-by: David Ahern
Signed-off-by: David S. Miller
19 Feb, 2016
14 commits
-
This avoids a harmless randconfig warning I get when USB_NET_CDC_SUBSET
is enabled, but all of the more specific drivers are not:drivers/net/usb/cdc_subset.c:241:2: #warning You need to configure some hardware for this driver
The current behavior is clearly intentional, giving a warning when
a user picks a configuration that won't do anything good. The only
reason for even addressing this is that I'm getting close to
eliminating all 'randconfig' warnings on ARM, and this came up
a couple of times.My workaround is to not even build the module when none of the
configurations are enable.Alternatively we could simply remove the #warning (nothing wrong
for compile-testing), turn it into a runtime warning, or
change the Kconfig options into a menu to hide CONFIG_USB_NET_CDC_SUBSET.Signed-off-by: Arnd Bergmann
Signed-off-by: David S. Miller -
In metadata mode, the vxlan interface is not supposed to use the fdb control
plane but an external one (openvswitch or static routes). With the current
code, packets may leak into the fdb handling code which usually causes them
to be dropped anyway but may have strange side effects.Just drop the packets directly when in metadata mode if the destination data
are not correctly provided on egress.Signed-off-by: Jiri Benc
Signed-off-by: David S. Miller -
A return value of the bchannel_get_rxbuf() function is compared with the
positive ENOMEM value instead of the negative -ENOMEM value to detect a
memory allocation problem. Thus, after a possible memory allocation
failure the bc->bch.rx_skb will be NULL which will lead to a NULL
pointer dereference.Signed-off-by: Anton Protopopov
Signed-off-by: David S. Miller -
The cfrfml_receive() function might return positive value EPROTO
Signed-off-by: Anton Protopopov
Signed-off-by: David S. Miller -
The atalk_sendmsg() function might return wrong value ENETUNREACH
instead of -ENETUNREACH.Signed-off-by: Anton Protopopov
Signed-off-by: David S. Miller -
Failure of kzalloc should cause the enclosing function
to return -ENOMEM, not -ENODEV.Additionally, removed the following checkpatch warnings:
ERROR: spaces required around that '==' (ctx:VxV)
ERROR: space required before the open parenthesis '('
CHECK: Comparison to NULL could be written "!lp"Signed-off-by: Amitoj Kaur Chawla
Signed-off-by: David S. Miller -
My implementation around IFF_NO_QUEUE driver flag assumed that leaving
tx_queue_len untouched (specifically: not setting it to zero) by drivers
would make it possible to assign a regular qdisc to them without having
to worry about setting tx_queue_len to a useful value. This was only
partially true: I overlooked that some drivers don't call ether_setup()
and therefore not initialize tx_queue_len to the default value of 1000.
Consequently, removing the workarounds in place for that case in qdisc
implementations which cared about it (namely, pfifo, bfifo, gred, htb,
plug and sfb) leads to problems with these specific interface types and
qdiscs.Luckily, there's already a sanitization point for drivers setting
tx_queue_len to zero, which can be reused to assign the fallback value
most qdisc implementations used, which is 1.Fixes: 348e3435cbefa ("net: sched: drop all special handling of tx_queue_len == 0")
Tested-by: Mathieu Desnoyers
Signed-off-by: Phil Sutter
Signed-off-by: David S. Miller -
ether_setup sets IFF_TX_SKB_SHARING but this is not supported by gre
as it modifies the skb on xmit.Also, clean up whitespace in ipgre_tap_setup when we're already touching it.
Signed-off-by: Jiri Benc
Signed-off-by: David S. Miller -
ether_setup sets IFF_TX_SKB_SHARING but this is not supported by
geneve as it modifies the skb on xmit.Signed-off-by: Jiri Benc
Signed-off-by: David S. Miller -
ether_setup sets IFF_TX_SKB_SHARING but this is not supported by vxlan
as it modifies the skb on xmit.Signed-off-by: Jiri Benc
Signed-off-by: David S. Miller -
Calculate the maximum MTU taking into account the size of headers
involved in GENEVE encapsulation, as for other tunnel types.Changes in v3:
- Correct comment style
Changes in v2:
- Conform more closely to ip_tunnel_change_mtu
- Exclude GENEVE options from max MTU calculationSigned-off-by: David Wragg
Acked-by: Jesse Gross
Signed-off-by: David S. Miller -
Ilya reported following lockdep splat:
kernel: =========================
kernel: [ BUG: held lock freed! ]
kernel: 4.5.0-rc1-ceph-00026-g5e0a311 #1 Not tainted
kernel: -------------------------
kernel: swapper/5/0 is freeing memory
ffff880035c9d200-ffff880035c9dbff, with a lock still held there!
kernel: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[] inet_csk_reqsk_queue_add+0x28/0xa0
kernel: 4 locks held by swapper/5/0:
kernel: #0: (rcu_read_lock){......}, at: []
netif_receive_skb_internal+0x4b/0x1f0
kernel: #1: (rcu_read_lock){......}, at: []
ip_local_deliver_finish+0x3f/0x380
kernel: #2: (slock-AF_INET){+.-...}, at: []
sk_clone_lock+0x19b/0x440
kernel: #3: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[] inet_csk_reqsk_queue_add+0x28/0xa0To properly fix this issue, inet_csk_reqsk_queue_add() needs
to return to its callers if the child as been queued
into accept queue.We also need to make sure listener is still there before
calling sk->sk_data_ready(), by holding a reference on it,
since the reference carried by the child can disappear as
soon as the child is put on accept queue.Reported-by: Ilya Dryomov
Fixes: ebb516af60e1 ("tcp/dccp: fix race at listener dismantle phase")
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Since the gc of ipv4 route was removed, the route cached would has
no chance to be removed, and even it has been timeout, it still could
be used, cause no code to check it's expires.Fix this issue by checking and removing route cache when we get route.
Signed-off-by: Xin Long
Acked-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller -
actions could change the etherproto in particular with ethernet
tunnelled data. Typically such actions, after peeling the outer header,
will ask for the packet to be reclassified. We then need to restart
the classification with the new proto header.Example setup used to catch this:
sudo tc qdisc add dev $ETH ingress
sudo $TC filter add dev $ETH parent ffff: pref 1 protocol 802.1Q \
u32 match u32 0 0 flowid 1:1 \
action vlan pop reclassifyFixes: 3b3ae880266d ("net: sched: consolidate tc_classify{,_compat}")
Signed-off-by: Jamal Hadi Salim
Acked-by: Daniel Borkmann
Signed-off-by: David S. Miller
18 Feb, 2016
13 commits
-
Jiri Pirko says:
====================
mlxsw fixesAnother bulk of fixes from Ido.
====================Signed-off-by: David S. Miller
-
When PVID is toggled off on a port member in a VLAN filtering bridge or
the PVID VLAN is deleted, make the port drop untagged packets. Reverse
the operation when PVID is toggled back on.Set the PVID back to the default (1), when leaving the bridge so that
untagged traffic will be directed to the CPU.Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC")
Signed-off-by: Ido Schimmel
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
When VLAN filtering is enabled on a bridge and PVID is deleted from a
bridge port, then untagged frames are not allowed to ingress into the
bridge from this port.Add the Switch Port Acceptable Frame Types (SPAFT) register, which
configures the frame admittance of the port.Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC")
Signed-off-by: Ido Schimmel
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
For error handling, dma_alloc_coherent's return value
needs to be checked, not argument.Signed-off-by: Insu Yun
Signed-off-by: David S. Miller -
Sunil Goutham says:
====================
net: thunderx: Miscellaneous fixesThis patch series fixes couple of issues w.r.t multiqset mode
and receive packet statastics.
====================Signed-off-by: David S. Miller
-
Counting rx packets for every CQE_RX in CQ irq handler is incorrect.
Synchronization is missing when multiple queues are receiving packets
simultaneously. Like transmit packet stats use HW stats here.Also removed unused 'cqe_type' parameter in nicvf_rcv_pkt_handler().
Signed-off-by: Sunil Goutham
Signed-off-by: David S. Miller -
For secondary Qsets 'hw_tso' is not getting set as probe() returns
much earlier. Fixed it by moving silicon revision check.Signed-off-by: Sunil Goutham
Signed-off-by: David S. Miller -
When a interface is assigned morethan 8 queues and the logical interface
is toggled i.e down & up, additional queues or qsets are not initialized
as secondary qset count is being set to zero while tearing down.Signed-off-by: Sunil Goutham
Signed-off-by: David S. Miller -
crypto_alloc_hash never returns NULL
Signed-off-by: Insu Yun
Signed-off-by: David S. Miller -
With commit 0071f56e46da ("dsa: Register netdev before phy"), we are now trying
to free a network device that has been previously registered, and in case of
errors, this will make us hit the BUG_ON(dev->reg_state != NETREG_UNREGISTERED)
condition.Fix this by adding a missing unregister_netdev() before free_netdev().
Fixes: 0071f56e46da ("dsa: Register netdev before phy")
Signed-off-by: Florian Fainelli
Signed-off-by: David S. Miller -
For the Marvell 88E1510, marvell_of_reg_init was called too late, in the
config_aneg function.
Since commit 113c74d83eef ("net: phy: turn carrier off on phy attach"),
this lead to the link not coming up at boot anymore, due to the phy
state machine being stuck at waiting for interrupts (off by default on
the 88E1510).
For seven other Marvell PHYs, marvell_of_reg_init was not called at all.Add a generic marvell_config_init function, which in turn calls
marvell_of_reg_init.
PHYs, which already have a specific config_init function with a call to
marvell_of_reg_init, are left untouched. The generic marvell_config_init
function is called for all the others, to get consistent behavior across
all Marvell PHYs.Fixes: 113c74d83eef ("net: phy: turn carrier off on phy attach")
Signed-off-by: Clemens Gruber
Reviewed-by: Andrew Lunn
Reviewed-by: Florian Fainelli
Signed-off-by: David S. Miller -
Drop reference on the relay_po socket when __pppoe_xmit() succeeds.
This is already handled correctly in the error path.Signed-off-by: Guillaume Nault
Signed-off-by: David S. Miller -
The example in the DT binding documentation uses the preliminary DT
bindings for the r8a7795 MSTP clocks, which never went upstream.
Update the example to use the DT bindings for the upstream Clock Pulse
Generator / Module Standby and Software Reset hardware block.Signed-off-by: Geert Uytterhoeven
Reviewed-by: Simon Horman
Signed-off-by: David S. Miller