12 Oct, 2013
1 commit
-
fnic doesn't use any of the create/destroy/enable/disable interfaces
either from the (legacy) module paramaters or the (new) fcoe_sysfs
interfaces. When fcoe_sysfs was introduced fnic wasn't changed since
it wasn't using the interfaces. libfcoe incorrectly assumed that that
all of its users were using fcoe_sysfs and when adding and deleting
FCFs would assume the existance of a fcoe_ctlr_device. fnic was not
allocating this structure because it doesn't care about the standard
user interfaces (fnic starts on link only). If/When libfcoe tried to use
the fcoe_ctlr_device's lock for the first time a NULL pointer exception
would be triggered.Since fnic doesn't care about sysfs or user interfaces, the solution
is to drop libfcoe's assumption that all drivers are using fcoe_sysfs.This patch accomplishes this by changing some of the structure
relationships.We need a way to determine when a LLD is using fcoe_sysfs or not and
we can do that by checking for the existance of the fcoe_ctlr_device.
Prior to this patch, it was assumed that the fcoe_ctlr structure was
allocated with the fcoe_ctlr_device and immediately followed it in
memory. To reach the fcoe_ctlr_device we would simply go back in memory
from the fcoe_ctlr to get the fcoe_ctlr_device.Since fnic doesn't allocate the fcoe_ctlr_device, we cannot keep that
assumption. This patch adds a pointer from the fcoe_ctlr to the
fcoe_ctlr_device. For bnx2fc and fcoe we will continue to allocate the
two structures together, but then we'll set the ctlr->cdev pointer
to point at the fcoe_ctlr_device. fnic will not change and will continue
to allocate the fcoe_ctlr itself, and ctlr->cdev will remain NULL.When libfcoe adds fcoe_fcf's to the fcoe_ctlr it will check if ctlr->cdev
is set and only if so will it continue to interact with fcoe_sysfs.Signed-off-by: Robert Love
Acked-by: Neil Horman
Tested-by: Hiral Patel
05 Sep, 2013
16 commits
-
This patch fixes the following compiler warning:
drivers/scsi/fcoe/fcoe_ctlr.c: In function fcoe_sysfs_fcf_add:
drivers/scsi/fcoe/fcoe_ctlr.c:211:1: warning: the frame size of 1480 bytes is larger than 1024 bytes [-Wframe-larger-than=]Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
FCoE debug statements must end in a newline. Add one where it is missing.
Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
The function fcoe_ctlr_mode_set() is local, hence declare it static.
Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
This patch avoids that the FCoE initiator sends a REC message after
having received a SCSI response with non-zero status and non-zero
DATA IN buffer length.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
While the FCoE initiator driver invokes fc_exch_done() from inside
the libfc response handler, FCoE target drivers typically invoke
fc_exch_done() from outside the libfc response handler. The object
fc_exch.arg points at may disappear as soon as fc_exch_done() has
finished. So it's important not to invoke the response handler
function after fc_exch_done() has finished. Modify libfc such that
this guarantee is provided if fc_exch_done() is invoked from
outside a response handler. This patch fixes a sporadic crash in
FCoE target implementations after a command has been aborted.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
Reduce the time during which the exchange lock is held by allocating
a frame before obtaining the exchange lock.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
Calling fc_seq_send() after an ABTS message has been received triggers
a kernel warning (WARN_ON(!(ep->esb_stat & ESB_ST_SEQ_INIT))). Avoid
this by returning -ENXIO to the caller if fc_seq_send() is invoked after
an ABTS message has been received.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
This patch avoids that the WARN_ON(!(ep->esb_stat & ESB_ST_SEQ_INIT))
statement in fc_seq_send_locked() gets triggered sporadically when
running FCoE target code due to concurrent ep->esb_stat modifications.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
It is allowed to pass a zero timeout value to fc_seq_exch_abort().
Avoid that this can cause the timeout function to drop the exchange
reference before it has been increased by fc_exch_timer_set_locked().
This patch fixes a crash when running FCoE target code with poisoning
enabled in the memory allocator.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
The condition ep != NULL && ep->xid != xid can never be met. Make
this explicit.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
Convert a loop into an ilog2() call. Although this code is not performance
sensitive this conversion makes this code easier to read.Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
The second argument of fc_lport_error() may be a valid frame pointer.
Hence only print it as an error code if it really is an error code.Debug statements must end in a newline. Add one where it is missing.
Signed-off-by: Bart Van Assche
Cc: Neil Horman
Signed-off-by: Robert Love -
Change 'initiaive' into 'initiative', 'remainig' into 'remaining'
and change 'exected' into 'expected'.Signed-off-by: Bart Van Assche
Signed-off-by: Robert Love -
the return codes from fcoe_rcv should be NET_RX_*, not 0 or -1.
Signed-off-by: Neil Horman
Signed-off-by: Robert Love -
Based on my last patch I noticed that fcoe_rcv has a simmilar problem, in that
it manipulates the passed in skb without checking to see if it has other users.
Making manipulations to a shared skb can result in various corruptions.Easy fix, just make sure the skb is unshared prior to doing anything with it.
Signed-off-by: Neil Horman
Signed-off-by: Robert Love -
Recently had this Oops reported to me on the 3.10 kernel:
[ 807.554955] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 807.562799] IP: [] skb_dequeue+0x47/0x70
[ 807.568296] PGD 20c889067 PUD 20c8b8067 PMD 0
[ 807.572769] Oops: 0002 [#1] SMP
[ 807.655597] Hardware name: Dell Inc. PowerEdge R415/0DDT2D, BIOS 1.8.6 12/06/2011
[ 807.663079] Workqueue: events fcoe_ctlr_recv_work [libfcoe]
[ 807.668656] task: ffff88020b42a160 ti: ffff88020ae6c000 task.ti: ffff88020ae6c000
[ 807.676126] RIP: 0010:[] [] skb_dequeue+0x47/0x70
[ 807.684046] RSP: 0000:ffff88020ae6dd70 EFLAGS: 00010097
[ 807.689349] RAX: 0000000000000246 RBX: ffff8801d04d6700 RCX: 0000000000000000
[ 807.696474] RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff88020df26434
[ 807.703598] RBP: ffff88020ae6dd88 R08: 00000000000173e0 R09: ffff880216e173e0
[ 807.710723] R10: ffffffff814e5897 R11: ffffea0007413580 R12: ffff88020df26420
[ 807.717847] R13: ffff88020df26434 R14: 0000000000000004 R15: ffff8801d04c42ce
[ 807.724972] FS: 00007fdaab6048c0(0000) GS:ffff880216e00000(0000) knlGS:0000000000000000
[ 807.733049] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 807.738785] CR2: 0000000000000008 CR3: 000000020cbc9000 CR4: 00000000000006f0
[ 807.745910] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 807.753033] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 807.760156] Stack:
[ 807.762162] ffff8801d04d6700 0000000000000001 ffff88020df26400 ffff88020ae6de20
[ 807.769586] ffffffffa0444409 ffff88020b046a00 ffff88020ae6dde8 ffffffff810105be
[ 807.777008] ffff88020b42a868 0000000000000000 ffff88020df264a8 ffff88020df26348
[ 807.784431] Call Trace:
[ 807.786885] [] fcoe_ctlr_recv_work+0x59/0x9a0 [libfcoe]
[ 807.793755] [] ? __switch_to+0x13e/0x4a0
[ 807.799324] [] process_one_work+0x176/0x420
[ 807.805151] [] worker_thread+0x11b/0x3a0
[ 807.810717] [] ? rescuer_thread+0x350/0x350
[ 807.816545] [] kthread+0xc0/0xd0
[ 807.821416] [] ? insert_kthread_work+0x40/0x40
[ 807.827503] [] ret_from_fork+0x7c/0xb0
[ 807.832897] [] ? insert_kthread_work+0x40/0x40
[ 807.858500] RIP [] skb_dequeue+0x47/0x70
[ 807.864076] RSP
[ 807.867558] CR2: 0000000000000008Looks like the root cause is the fact that the packet recieve function
fcoe_ctlr_recv enqueues the skb to a sk_buff_head_list prior to ensuring that
the skb is unshared. This can happen when multiple packet listeners recieve an
skb, as the deliver_skb function just increments skb->users for each handler.
As a result, having multiple users of a single skb results in multiple
manipulators of its methods, implying list corruption, and the oops recorded
above.The fix is pretty easy, just make sure that we clone the skb if its got multiple
users with the skb_share_check function, like other protocols do.Signed-off-by: Neil Horman
Signed-off-by: Robert Love
03 Sep, 2013
4 commits
-
Pull SCSI fix from James Bottomley:
"This is a bug fix for the pm80xx driver. It turns out that when the
new hardware support was added in 3.10 the IO command size was kept at
the old hard coded value. This means that the driver attaches to some
new cards and then simply hangs the system"* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] pm80xx: fix Adaptec 71605H hang -
Pull x86 boot fix from Peter Anvin:
"A single very small boot fix for very large memory systems (> 0.5T)"* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mm: Fix boot crash with DEBUG_PAGE_ALLOC=y and more than 512G RAM -
Pull slave-dma fix from Vinod Koul:
"A fix for resolving TI_EDMA driver's build error in allmodconfig to
have filter function built in""* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dma/Kconfig: TI_EDMA needs to be boolean
31 Aug, 2013
15 commits
-
Pull networking fixes from David Miller:
1) There was a simplification in the ipv6 ndisc packet sending
attempted here, which avoided using memory accounting on the
per-netns ndisc socket for sending NDISC packets. It did fix some
important issues, but it causes regressions so it gets reverted here
too. Specifically, the problem with this change is that the IPV6
output path really depends upon there being a valid skb->sk
attached.The reason we want to do this change in some form when we figure out
how to do it right, is that if a device goes down the ndisc_sk
socket send queue will fill up and block NDISC packets that we want
to send to other devices too. That's really bad behavior.Hopefully Thomas can come up with a better version of this change.
2) Fix a severe TCP performance regression by reverting a change made
to dev_pick_tx() quite some time ago. From Eric Dumazet.3) TIPC returns wrongly signed error codes, fix from Erik Hugne.
4) Fix OOPS when doing IPSEC over ipv4 tunnels due to orphaning the
skb->sk too early. Fix from Li Hongjun.5) RAW ipv4 sockets can use the wrong routing key during lookup, from
Chris Clark.6) Similar to #1 revert an older change that tried to use plain
alloc_skb() for SYN/ACK TCP packets, this broke the netfilter owner
mark which needs to see the skb->sk for such frames. From Phil
Oester.7) BNX2x driver bug fixes from Ariel Elior and Yuval Mintz,
specifically in the handling of virtual functions.8) IPSEC path error propagations to sockets is not done properly when
we have v4 in v6, and v6 in v4 type rules. Fix from Hannes Frederic
Sowa.9) Fix missing channel context release in mac80211, from Johannes Berg.
10) Fix network namespace handing wrt. SCM_RIGHTS, from Andy
Lutomirski.11) Fix usage of bogus NAPI weight in jme, netxen, and ps3_gelic
drivers. From Michal Schmidt.12) Hopefully a complete and correct fix for the genetlink dump locking
and module reference counting. From Pravin B Shelar.13) sk_busy_loop() must do a cpu_relax(), from Eliezer Tamir.
14) Fix handling of timestamp offset when restoring a snapshotted TCP
socket. From Andrew Vagin.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
net: fec: fix time stamping logic after napi conversion
net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for max_delay
mISDN: return -EINVAL on error in dsp_control_req()
net: revert 8728c544a9c ("net: dev_pick_tx() fix")
Revert "ipv6: Don't depend on per socket memory for neighbour discovery messages"
ipv4 tunnels: fix an oops when using ipip/sit with IPsec
tipc: set sk_err correctly when connection fails
tcp: tcp_make_synack() should use sock_wmalloc
bridge: separate querier and query timer into IGMP/IPv4 and MLD/IPv6 ones
ipv6: Don't depend on per socket memory for neighbour discovery messages
ipv4: sendto/hdrincl: don't use destination address found in header
tcp: don't apply tsoffset if rcv_tsecr is zero
tcp: initialize rcv_tstamp for restored sockets
net: xilinx: fix memleak
net: usb: Add HP hs2434 device to ZLP exception table
net: add cpu_relax to busy poll loop
net: stmmac: fixed the pbl setting with DT
genl: Hold reference on correct module while netlink-dump.
genl: Fix genl dumpit() locking.
xfrm: Fix potential null pointer dereference in xdst_queue_output
... -
Filtering capabilities on my work email are pretty much non-existent and this
has turned out to be something of a firehose...Cc: Stephen Warren
Cc: Rob Herring
Cc: Olof Johansson
Cc: Linus Walleij
Signed-off-by: Ian Campbell
Acked-by: Pawel Moll
Acked-by: Mark Rutland
Signed-off-by: Linus Torvalds -
Pull sound fixes from Takashi Iwai:
"This contains two Oops fixes (opti9xx and HD-audio) and a simple fixup
for an Acer laptop. All marked as stable patches"* tag 'sound-3.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: opti9xx: Fix conflicting driver object name
ALSA: hda - Fix NULL dereference with CONFIG_SND_DYNAMIC_MINORS=n
ALSA: hda - Add inverted digital mic fixup for Acer Aspire One -
Pull ARM SoC fixes from Olof Johansson:
"Two straggling fixes that I had missed as they were posted a couple of
weeks ago, causing problems with interrupts (breaking them completely)
on the CSR SiRF platforms"* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
arm: prima2: drop nr_irqs in mach as we moved to linear irqdomain
irqchip: sirf: move from legacy mode to linear irqdomain -
Pull drm fixes from Dave Airlie:
"Since we are getting to the pointy end, one i915 black screen on some
machines, and one vmwgfx stop userspace ability to nuke the VM,There might be one or two ati or nouveau fixes trickle in before
final, but I think this should pretty much be it"* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/vmwgfx: Split GMR2_REMAP commands if they are to large
drm/i915: ivb: fix edp voltage swing reg val -
Pull input layer updates from Dmitry Torokhov:
"Just a couple of new IDs in Wacom and xpad drivers, i8042 is now
disabled on ARC, and data checks in Elantech driver that were overly
relaxed by the previous patch are now tightened"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: i8042 - disable the driver on ARC platforms
Input: xpad - add signature for Razer Onza Classic Edition
Input: elantech - fix packet check for v3 and v4 hardware
Input: wacom - add support for 0x300 and 0x301 -
Commit dc975382 "net: fec: add napi support to improve proformance"
converted the fec driver to the napi model. However, that commit
forgot to remove the call to skb_defer_rx_timestamp which is only
needed in non-napi drivers.(The function napi_gro_receive eventually calls netif_receive_skb,
which in turn calls skb_defer_rx_timestamp.)This patch should also be applied to the 3.9 and 3.10 kernels.
Signed-off-by: Richard Cochran
Signed-off-by: David S. Miller -
While looking into MLDv1/v2 code, I noticed that bridging code does
not convert it's max delay into jiffies for MLDv2 messages as we do
in core IPv6' multicast code.RFC3810, 5.1.3. Maximum Response Code says:
The Maximum Response Code field specifies the maximum time allowed
before sending a responding Report. The actual time allowed, called
the Maximum Response Delay, is represented in units of milliseconds,
and is derived from the Maximum Response Code as follows: [...]As we update timers that work with jiffies, we need to convert it.
Signed-off-by: Daniel Borkmann
Cc: Linus Lüssing
Cc: Hannes Frederic Sowa
Signed-off-by: David S. Miller -
If skb->len is too short then we should return an error. Otherwise we
read beyond the end of skb->data for several bytes.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller -
commit 8728c544a9cbdc ("net: dev_pick_tx() fix") and commit
b6fe83e9525a ("bonding: refine IFF_XMIT_DST_RELEASE capability")
are quite incompatible : Queue selection is disabled because skb
dst was dropped before entering bonding device.This causes major performance regression, mainly because TCP packets
for a given flow can be sent to multiple queues.This is particularly visible when using the new FQ packet scheduler
with MQ + FQ setup on the slaves.We can safely revert the first commit now that 416186fbf8c5b
("net: Split core bits of netdev_pick_tx into __netdev_pick_tx")
properly caps the queue_index.Reported-by: Xi Wang
Diagnosed-by: Xi Wang
Signed-off-by: Eric Dumazet
Cc: Tom Herbert
Cc: Alexander Duyck
Cc: Denys Fedorysychenko
Signed-off-by: David S. Miller -
This reverts commit 1f324e38870cc09659cf23bc626f1b8869e201f2.
It seems to cause regressions, and in particular the output path
really depends upon there being a socket attached to skb->sk for
checks such as sk_mc_loop(skb->sk) for example. See ip6_output_finish2().Reported-by: Stephen Warren
Reported-by: Fabio Estevam
Signed-off-by: David S. Miller -
Since commit 3d7b46cd20e3 (ip_tunnel: push generic protocol handling to
ip_tunnel module.), an Oops is triggered when an xfrm policy is configured on
an IPv4 over IPv4 tunnel.xfrm4_policy_check() calls __xfrm_policy_check2(), which uses skb_dst(skb). But
this field is NULL because iptunnel_pull_header() calls skb_dst_drop(skb).Signed-off-by: Li Hongjun
Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller -
Should a connect fail, if the publication/server is unavailable or
due to some other error, a positive value will be returned and errno
is never set. If the application code checks for an explicit zero
return from connect (success) or a negative return (failure), it
will not catch the error and subsequent send() calls will fail as
shown from the strace snippet below.socket(0x1e /* PF_??? */, SOCK_SEQPACKET, 0) = 3
connect(3, {sa_family=0x1e /* AF_??? */, sa_data="\2\1\322\4\0\0\322\4\0\0\0\0\0\0"}, 16) = 111
sendto(3, "test", 4, 0, NULL, 0) = -1 EPIPE (Broken pipe)The reason for this behaviour is that TIPC wrongly inverts error
codes set in sk_err.Signed-off-by: Erik Hugne
Signed-off-by: David S. Miller -
In commit 90ba9b19 (tcp: tcp_make_synack() can use alloc_skb()), Eric changed
the call to sock_wmalloc in tcp_make_synack to alloc_skb. In doing so,
the netfilter owner match lost its ability to block the SYNACK packet on
outbound listening sockets. Revert the change, restoring the owner match
functionality.This closes netfilter bugzilla #847.
Signed-off-by: Phil Oester
Signed-off-by: David S. Miller -
Currently we would still potentially suffer multicast packet loss if there
is just either an IGMP or an MLD querier: For the former case, we would
possibly drop IPv6 multicast packets, for the latter IPv4 ones. This is
because we are currently assuming that if either an IGMP or MLD querier
is present that the other one is present, too.This patch makes the behaviour and fix added in
"bridge: disable snooping if there is no querier" (b00589af3b04)
to also work if there is either just an IGMP or an MLD querier on the
link: It refines the deactivation of the snooping to be protocol
specific by using separate timers for the snooped IGMP and MLD queries
as well as separate timers for our internal IGMP and MLD queriers.Signed-off-by: Linus Lüssing
Signed-off-by: David S. Miller
30 Aug, 2013
4 commits
-
Pull cgroup fix from Tejun Heo:
"During the percpu reference counting update which was merged during
v3.11-rc1, the cgroup destruction path was updated so that a cgroup in
the process of dying may linger on the children list, which was
necessary as the cgroup should still be included in child/descendant
iteration while percpu ref is being killed.Unfortunately, I forgot to update cgroup destruction path accordingly
and cgroup destruction may fail spuriously with -EBUSY due to
lingering dying children even when there's no live child left - e.g.
"rmdir parent/child parent" will usually fail.This can be easily fixed by iterating through the children list to
verify that there's no live child left. While this is very late in
the release cycle, this bug is very visible to userland and I believe
the fix is relatively safe.Thanks Hugh for spotting and providing fix for the issue"
* 'for-3.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: fix rmdir EBUSY regression in 3.11 -
Pull workqueue fix from Tejun Heo:
"This contains one fix which could lead to system-wide lockup on
!PREEMPT kernels. It's very late in the cycle but this definitely is
a -stable material.The problem is that workqueue worker tasks may process unlimited
number of work items back-to-back without every yielding inbetween.
This usually isn't noticeable but a work item which re-queues itself
waiting for someone else to do something can deadlock with
stop_machine. stop_machine will ensure nothing else happens on all
other cpus and the requeueing work item will reqeueue itself
indefinitely without ever yielding and thus preventing the CPU from
entering stop_machine.Kudos to Jamie Liu for spotting and diagnosing the problem. This can
be trivially fixed by adding cond_resched() after processing each work
item"* 'for-3.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: cond_resched() after processing each work item -
Pull NFS client bugfix from Trond Myklebust:
"Stable patch to fix a highmem-related data corruption issue on 32-bit
ARM platforms"* tag 'nfs-for-3.11-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
SUNRPC: Fix memory corruption issue on 32-bit highmem systems -
This fixes the piglit test texturing/max-texture-size
causing the VM to die due to a too large SVGA command.Signed-off-by: Jakob Bornecrantz
Reviewed-by: Biran Paul
Reviewed-by: Zack Rusin
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie
