Eric Lee / smarc-fsl-linux-kernel

22 Jul, 2018

1 commit

  • f93d65939   atm: Preserve value of skb->truesize when accounting to vcc ... Browse Code »

    [ Upstream commit 9bbe60a67be5a1c6f79b3c9be5003481a50529ff ]

    ATM accounts for in-flight TX packets in sk_wmem_alloc of the VCC on
    which they are to be sent. But it doesn't take ownership of those
    packets from the sock (if any) which originally owned them. They should
    remain owned by their actual sender until they've left the box.

    There's a hack in pskb_expand_head() to avoid adjusting skb->truesize
    for certain skbs, precisely to avoid messing up sk_wmem_alloc
    accounting. Ideally that hack would cover the ATM use case too, but it
    doesn't — skbs which aren't owned by any sock, for example PPP control
    frames, still get their truesize adjusted when the low-level ATM driver
    adds headroom.

    This has always been an issue, it seems. The truesize of a packet
    increases, and sk_wmem_alloc on the VCC goes negative. But this wasn't
    for normal traffic, only for control frames. So I think we just got away
    with it, and we probably needed to send 2GiB of LCP echo frames before
    the misaccounting would ever have caused a problem and caused
    atm_may_send() to start refusing packets.

    Commit 14afee4b609 ("net: convert sock.sk_wmem_alloc from atomic_t to
    refcount_t") did exactly what it was intended to do, and turned this
    mostly-theoretical problem into a real one, causing PPPoATM to fail
    immediately as sk_wmem_alloc underflows and atm_may_send() *immediately*
    starts refusing to allow new packets.

    The least intrusive solution to this problem is to stash the value of
    skb->truesize that was accounted to the VCC, in a new member of the
    ATM_SKB(skb) structure. Then in atm_pop_raw() subtract precisely that
    value instead of the then-current value of skb->truesize.

    Fixes: 158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()")
    Signed-off-by: David Woodhouse
    Tested-by: Kevin Darbyshire-Bryant
    Signed-off-by: David S. Miller
    Signed-off-by: Greg Kroah-Hartman

    David Woodhouse
     

01 Jul, 2017

1 commit

  • 14afee4b6   net: convert sock.sk_wmem_alloc from atomic_t to refcount_t ... Browse Code »

    refcount_t type and corresponding API should be
    used instead of atomic_t when the variable is used as
    a reference counter. This allows to avoid accidental
    refcounter overflows that might lead to use-after-free
    situations.

    Signed-off-by: Elena Reshetova
    Signed-off-by: Hans Liljestrand
    Signed-off-by: Kees Cook
    Signed-off-by: David Windsor
    Signed-off-by: David S. Miller

    Reshetova, Elena
     

22 Oct, 2016

1 commit

  • 8b1efc0f8   net: remove MTU limits on a few ether_setup callers ... Browse Code »

    These few drivers call ether_setup(), but have no ndo_change_mtu, and thus
    were overlooked for changes to MTU range checking behavior. They
    previously had no range checks, so for feature-parity, set their min_mtu
    to 0 and max_mtu to ETH_MAX_MTU (65535), instead of the 68 and 1500
    inherited from the ether_setup() changes. Fine-tuning can come after we get
    back to full feature-parity here.

    CC: netdev@vger.kernel.org
    Reported-by: Asbjoern Sloth Toennesen
    CC: Asbjoern Sloth Toennesen
    CC: R Parameswaran
    Signed-off-by: Jarod Wilson
    Signed-off-by: David S. Miller

    Jarod Wilson
     

13 Oct, 2016

1 commit

  • a52ad514f   net: deprecate eth_change_mtu, remove usage ... Browse Code »

    With centralized MTU checking, there's nothing productive done by
    eth_change_mtu that isn't already done in dev_set_mtu, so mark it as
    deprecated and remove all usage of it in the kernel. All callers have been
    audited for calls to alloc_etherdev* or ether_setup directly, which means
    they all have a valid dev->min_mtu and dev->max_mtu. Now eth_change_mtu
    prints out a netdev_warn about being deprecated, for the benefit of
    out-of-tree drivers that might be utilizing it.

    Of note, dvb_net.c actually had dev->mtu = 4096, while using
    eth_change_mtu, meaning that if you ever tried changing it's mtu, you
    couldn't set it above 1500 anymore. It's now getting dev->max_mtu also set
    to 4096 to remedy that.

    v2: fix up lantiq_etop, missed breakage due to drive not compiling on x86

    CC: netdev@vger.kernel.org
    Signed-off-by: Jarod Wilson
    Signed-off-by: David S. Miller

    Jarod Wilson
     

01 Aug, 2015

1 commit

16 Jul, 2014

1 commit

  • c835a6773   net: set name_assign_type in alloc_netdev() ... Browse Code »

    Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
    all users to pass NET_NAME_UNKNOWN.

    Coccinelle patch:

    @@
    expression sizeof_priv, name, setup, txqs, rxqs, count;
    @@

    (
    -alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
    +alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
    |
    -alloc_netdev_mq(sizeof_priv, name, setup, count)
    +alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
    |
    -alloc_netdev(sizeof_priv, name, setup)
    +alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
    )

    v9: move comments here from the wrong commit

    Signed-off-by: Tom Gundersen
    Reviewed-by: David Herrmann
    Signed-off-by: David S. Miller

    Tom Gundersen
     

02 Dec, 2012

3 commits

  • 9eba25268   br2684: allow assign only on a connected socket ... Browse Code »

    The br2684 does not check if used vcc is in connected state,
    causing potential Oops in pppoatm_send() when vcc->send() is called
    on not fully connected socket.

    Now br2684 can be assigned only on connected sockets; otherwise
    -EINVAL error is returned.

    Signed-off-by: Krzysztof Mazur
    Signed-off-by: David Woodhouse

    Krzysztof Mazur
     
  • d71ffeb12   br2684: fix module_put() race ... Browse Code »

    The br2684 code used module_put() during unassignment from vcc with
    hope that we have BKL. This assumption is no longer true.

    Now owner field in atmvcc is used to move this module_put()
    to vcc_destroy_socket().

    Signed-off-by: David Woodhouse
    Acked-by: Krzysztof Mazur

    David Woodhouse
     
  • b89588531   br2684: don't send frames on not-ready vcc ... Browse Code »

    Avoid submitting packets to a vcc which is being closed. Things go badly
    wrong when the ->pop method gets later called after everything's been
    torn down.

    Use the ATM socket lock for synchronisation with vcc_destroy_socket(),
    which clears the ATM_VF_READY bit under the same lock. Otherwise, we
    could end up submitting a packet to the device driver even after its
    ->ops->close method has been called. And it could call the vcc's ->pop
    method after the protocol has been shut down. Which leads to a panic.

    Signed-off-by: David Woodhouse
    Acked-by: Krzysztof Mazur

    David Woodhouse
     

27 Nov, 2012

1 commit

  • ae088d663   atm: br2684: Fix excessive queue bloat ... Browse Code »

    There's really no excuse for an additional wmem_default of buffering
    between the netdev queue and the ATM device. Two packets (one in-flight,
    and one ready to send) ought to be fine. It's not as if it should take
    long to get another from the netdev queue when we need it.

    If necessary we can make the queue space configurable later, but I don't
    think it's likely to be necessary.

    cf. commit 9d02daf754238adac48fa075ee79e7edd3d79ed3 (pppoatm: Fix
    excessive queue bloat) which did something very similar for PPPoATM.

    Note that there is a tremendously unlikely race condition which may
    result in qspace temporarily going negative. If a CPU running the
    br2684_pop() function goes off into the weeds for a long period of time
    after incrementing qspace to 1, but before calling netdev_wake_queue()...
    and another CPU ends up calling br2684_start_xmit() and *stopping* the
    queue again before the first CPU comes back, the netdev queue could
    end up being woken when qspace has already reached zero.

    An alternative approach to coping with this race would be to check in
    br2684_start_xmit() for qspace==0 and return NETDEV_TX_BUSY, but just
    using '> 0' and '< 1' for comparison instead of '== 0' and '!= 0' is
    simpler. It just warranted a mention of *why* we do it that way...

    Move the call to atmvcc->send() to happen *after* the accounting and
    potentially stopping the netdev queue, in br2684_xmit_vcc(). This matters
    if the ->send() call suffers an immediate failure, because it'll call
    br2684_pop() with the offending skb before returning. We want that to
    happen *after* we've done the initial accounting for the packet in
    question. Also make it return an appropriate success/failure indication
    while we're at it.

    Tested by running 'ping -l 1000 bottomless.aaisp.net.uk' from within my
    network, with only a single PPPoE-over-BR2684 link running. And after
    setting txqueuelen on the nas0 interface to something low (5, in fact).
    Before the patch, we'd see about 15 packets being queued and a resulting
    latency of ~56ms being reached. After the patch, we see only about 8,
    which is fairly much what we expect. And a max latency of ~36ms. On this
    OpenWRT box, wmem_default is 163840.

    Signed-off-by: David Woodhouse
    Reviewed-by: Krzysztof Mazur
    Signed-off-by: David S. Miller

    David Woodhouse
     

16 Apr, 2012

1 commit

29 Nov, 2011

2 commits

23 Nov, 2011

2 commits

21 Aug, 2011

1 commit

  • fbe5e29ec   atm: br2684: Fix oops due to skb->dev being NULL ... Browse Code »
    1

    This oops have been already fixed with commit

    27141666b69f535a4d63d7bc6d9e84ee5032f82a

    atm: [br2684] Fix oops due to skb->dev being NULL

    It happens that if a packet arrives in a VC between the call to open it on
    the hardware and the call to change the backend to br2684, br2684_regvcc
    processes the packet and oopses dereferencing skb->dev because it is
    NULL before the call to br2684_push().

    but have been introduced again with commit

    b6211ae7f2e56837c6a4849316396d1535606e90

    atm: Use SKB queue and list helpers instead of doing it by-hand.

    Signed-off-by: Daniel Schwierzeck
    Signed-off-by: David S. Miller

    Daniel Schwierzeck
     

02 Aug, 2011

1 commit

31 Mar, 2011

1 commit

18 Nov, 2010

1 commit

27 Sep, 2010

1 commit

  • a3d6713fb   br2684: fix scheduling while atomic ... Browse Code »

    You can't call atomic_notifier_chain_unregister() while in atomic context.

    Fix, call un/register_atmdevice_notifier in module __init and __exit.

    Bug report:
    http://comments.gmane.org/gmane.linux.network/172603

    Reported-by: Mikko Vinni
    Tested-by: Mikko Vinni
    Signed-off-by: Karl Hiramoto
    Signed-off-by: David S. Miller

    Karl Hiramoto
     

09 Jul, 2010

1 commit

18 May, 2010

1 commit

  • 3fa21e07e   net: Remove unnecessary returns from void function()s ... Browse Code »

    This patch removes from net/ (but not any netfilter files)
    all the unnecessary return; statements that precede the
    last closing brace of void functions.

    It does not remove the returns that are immediately
    preceded by a label as gcc doesn't like that.

    Done via:
    $ grep -rP --include=*.[ch] -l "return;\n}" net/ | \
    xargs perl -i -e 'local $/ ; while (<>) { s/\n[ \t\n]+return;\n}/\n}/g; print; }'

    Signed-off-by: Joe Perches
    Signed-off-by: David S. Miller

    Joe Perches
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

27 Jan, 2010

2 commits

09 Dec, 2009

1 commit

03 Sep, 2009

1 commit

  • 137742cf9   atm/br2684: netif_stop_queue() when atm device busy and netif_wake_queue() when … ... Browse Code »

    …we can send packets again.

    This patch removes the call to dev_kfree_skb() when the atm device is busy.
    Calling dev_kfree_skb() causes heavy packet loss then the device is under
    heavy load, the more correct behavior should be to stop the upper layers,
    then when the lower device can queue packets again wake the upper layers.

    Signed-off-by: Karl Hiramoto <karl@hiramoto.org>
    Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil>
    Signed-off-by: David S. Miller <davem@davemloft.net>

    Karl Hiramoto
     

01 Sep, 2009

1 commit

06 Jul, 2009

1 commit

03 Jun, 2009

1 commit

  • adf30907d   net: skb->dst accessors ... Browse Code »

    Define three accessors to get/set dst attached to a skb

    struct dst_entry *skb_dst(const struct sk_buff *skb)

    void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst)

    void skb_dst_drop(struct sk_buff *skb)
    This one should replace occurrences of :
    dst_release(skb->dst)
    skb->dst = NULL;

    Delete skb->dst field

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

29 May, 2009

1 commit

03 May, 2009

1 commit

  • 902e5ea15   Subject: [PATCH] br2684: restore net_dev initialization ... Browse Code »

    Commit 0ba25ff4c669e5395110ba6ab4958a97a9f96922 ("br2684: convert to
    net_device_ops") inadvertently deleted the initialization of the net_dev
    pointer in the br2684_dev structure, leading to crashes. This patch
    adds it back.

    Reported-by: Mikko Vinni
    Tested-by: Mikko Vinni
    Signed-off-by: Rabin Vincent
    Signed-off-by: David S. Miller

    Rabin Vincent
     

22 Jan, 2009

2 commits

13 Nov, 2008

1 commit

  • 524ad0a79   netdevice: safe convert to netdev_priv() #part-4 ... Browse Code »

    We have some reasons to kill netdev->priv:
    1. netdev->priv is equal to netdev_priv().
    2. netdev_priv() wraps the calculation of netdev->priv's offset, obviously
    netdev_priv() is more flexible than netdev->priv.
    But we cann't kill netdev->priv, because so many drivers reference to it
    directly.

    This patch is a safe convert for netdev->priv to netdev_priv(netdev).
    Since all of the netdev->priv is only for read.
    But it is too big to be sent in one mail.
    I split it to 4 parts and make every part smaller than 100,000 bytes,
    which is max size allowed by vger.

    Signed-off-by: Wang Chen
    Signed-off-by: David S. Miller

    Wang Chen
     

28 Oct, 2008

1 commit

  • e174961ca   net: convert print_mac to %pM ... Browse Code »

    This converts pretty much everything to print_mac. There were
    a few things that had conflicts which I have just dropped for
    now, no harm done.

    I've built an allyesconfig with this and looked at the files
    that weren't built very carefully, but it's a huge patch.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     

21 Sep, 2008

1 commit

18 Jun, 2008

1 commit

17 Jun, 2008

2 commits