1. 13 Jun, 2013 2 commits
    • Alex Lyakas's avatar
      md/raid1: consider WRITE as successful only if at least one non-Faulty and... · 3056e3ae
      Alex Lyakas authored
      md/raid1: consider WRITE as successful only if at least one non-Faulty and non-rebuilding drive completed it.
      
      Without that fix, the following scenario could happen:
      
      - RAID1 with drives A and B; drive B was freshly-added and is rebuilding
      - Drive A fails
      - WRITE request arrives to the array. It is failed by drive A, so
      r1_bio is marked as R1BIO_WriteError, but the rebuilding drive B
      succeeds in writing it, so the same r1_bio is marked as
      R1BIO_Uptodate.
      - r1_bio arrives to handle_write_finished, badblocks are disabled,
      md_error()->error() does nothing because we don't fail the last drive
      of raid1
      - raid_end_bio_io()  calls call_bio_endio()
      - As a result, in call_bio_endio():
              if (!test_bit(R1BIO_Uptodate, &r1_bio->state))
                      clear_bit(BIO_UPTODATE, &bio->bi_flags);
      this code doesn't clear the BIO_UPTODATE flag, and the whole master
      WRITE succeeds, back to the upper layer.
      
      So we returned success to the upper layer, even though we had written
      the data onto the rebuilding drive only. But when we want to read the
      data back, we would not read from the rebuilding drive, so this data
      is lost.
      
      [neilb - applied identical change to raid10 as well]
      
      This bug can result in lost data, so it is suitable for any
      -stable kernel.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAlex Lyakas <alex@zadarastorage.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      3056e3ae
    • NeilBrown's avatar
      md: md_stop_writes() should always freeze recovery. · 6b6204ee
      NeilBrown authored
      __md_stop_writes() will currently sometimes freeze recovery.
      So any caller must be ready for that to happen, and indeed they are.
      
      However if __md_stop_writes() doesn't freeze_recovery, then
      a recovery could start before mddev_suspend() is called, which
      could be awkward.  This can particularly cause problems or dm-raid.
      
      So change __md_stop_writes() to always freeze recovery.  This is safe
      and more predicatable.
      Reported-by: default avatarBrassow Jonathan <jbrassow@redhat.com>
      Tested-by: default avatarBrassow Jonathan <jbrassow@redhat.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      6b6204ee
  2. 30 Apr, 2013 3 commits
  3. 24 Apr, 2013 12 commits
    • Jonathan Brassow's avatar
      DM RAID: Add message/status support for changing sync action · be83651f
      Jonathan Brassow authored
      DM RAID:  Add message/status support for changing sync action
      
      This patch adds a message interface to dm-raid to allow the user to more
      finely control the sync actions being performed by the MD driver.  This
      gives the user the ability to initiate "check" and "repair" (i.e. scrubbing).
      Two additional fields have been appended to the status output to provide more
      information about the type of sync action occurring and the results of those
      actions, specifically: <sync_action> and <mismatch_cnt>.  These new fields
      will always be populated.  This is essentially the device-mapper way of doing
      what MD controls through the 'sync_action' sysfs file and shows through the
      'mismatch_cnt' sysfs file.
      Signed-off-by: default avatarJonathan Brassow <jbrassow@redhat.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      be83651f
    • Jonathan Brassow's avatar
      MD: Export 'md_reap_sync_thread' function · a91d5ac0
      Jonathan Brassow authored
      MD: Export 'md_reap_sync_thread' function
      
      Make 'md_reap_sync_thread' available to other files, specifically dm-raid.c.
      - rename reap_sync_thread to md_reap_sync_thread
      - move the fn after md_check_recovery to match md.h declaration placement
      - export md_reap_sync_thread
      Signed-off-by: default avatarJonathan Brassow <jbrassow@redhat.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      a91d5ac0
    • NeilBrown's avatar
      md: don't update metadata when stopping a read-only array. · b6d428c6
      NeilBrown authored
      read-only arrays should stay that way as much as possible.
      Updating the metadata - which could be triggered by a re-add
      while assembling the array metadata - should be avoided.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      b6d428c6
    • NeilBrown's avatar
      md: Allow devices to be re-added to a read-only array. · 7ceb17e8
      NeilBrown authored
      When assembling an array incrementally we might want to make
      it device available when "enough" devices are present, but maybe
      not "all" devices are present.
      If the remaining devices appear before the array is actually used,
      they should be added transparently.
      
      We do this by using the "read-auto" mode where the array acts like
      it is read-only until a write request arrives.
      
      Current an add-device request switches a read-auto array to active.
      This means that only one device can be added after the array is first
      made read-auto.  This isn't a problem for RAID5, but is not ideal for
      RAID6 or RAID10.
      Also we don't really want to switch the array to read-auto at all
      when re-adding a device as this doesn't really imply any change.
      
      So:
       - remove the "md_update_sb()" call from add_new_disk().  This isn't
         really needed as just adding a disk doesn't require a metadata
         update.  Instead, just set MD_CHANGE_DEVS.  This will effect a
         metadata update soon enough, once the array is not read-only.
      
       - Allow the ADD_NEW_DISK ioctl to succeed without activating a
         read-auto array, providing the MD_DISK_SYNC flag is set.
         In this case, the device will be rejected if it cannot be added
         with the correct device number, or has an incorrect event count.
      
       - Teach remove_and_add_spares() to be careful about adding spares
         when the array is read-only (or read-mostly) - only add devices
         that are thought to be in-sync, and only do it if the array is
         in-sync itself.
      
       - In md_check_recovery, use remove_and_add_spares in the read-only
         case, rather than open coding just the 'remove' part of it.
      Reported-by: default avatarMartin Wilck <mwilck@arcor.de>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      7ceb17e8
    • Martin Wilck's avatar
      md/raid10: Allow skipping recovery when clean arrays are assembled · 7e83ccbe
      Martin Wilck authored
      When an array is assembled incrementally with mdadm -I -R
      and the array switches to "active" mode, md starts a recovery.
      
      If the array was clean, the "fullsync" flag will be 0. Skip
      the full recovery in this case, as RAID1 does (the code was
      actually copied from the sync_request() method of RAID1).
      Signed-off-by: default avatarMartin Wilck <mwilck@arcor.de>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      7e83ccbe
    • Jonathan Brassow's avatar
      MD: Fix typos in MD documentation · b6fec069
      Jonathan Brassow authored
      MD:  Fix some typos/grammer in MD documentation
      Reviewed-by: default avatarPaul Menzel <paulepanter@users.sourceforge.net>
      Signed-off-by: default avatarJonathan Brassow <jbrassow@redhat.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      b6fec069
    • NeilBrown's avatar
      md/raid5: avoid an extra write when writing to a known-bad-block. · c0b32972
      NeilBrown authored
      If we write to a known-bad-block it will be flags as having
      a ReadError by analyse_stripe, but the write will proceed anyway
      (as it should).  Then the read-error handling will kick in an
      write again, then re-read.
      
      We don't need that 'write-again', so set R5_ReWrite so it looks like
      it has already been done.  Then we will just get the re-read, which we
      want.
      Reported-by: default avatarmajianpeng <majianpeng@gmail.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      c0b32972
    • majianpeng's avatar
      md/raid5: Change or of some order to improve efficiency. · 6f608040
      majianpeng authored
      As the function call is the most expensive of these tests it should be
      done later in the chain so that it can be avoided in some cases.
      Signed-off-by: default avatarJianpeng Ma <majianpeng@gmail.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      6f608040
    • Akinobu Mita's avatar
      md: use set_bit_le and clear_bit_le · 3f810b6c
      Akinobu Mita authored
      The value returned by test_and_set_bit_le() drivers/md/bitmap.c is not used.
      So just use set_bit_le(). The same goes for test_and_clear_bit_le().
      Signed-off-by: default avatarAkinobu Mita <akinobu.mita@gmail.com>
      Cc: Neil Brown <neilb@suse.de>
      Cc: linux-raid@vger.kernel.org
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      3f810b6c
    • NeilBrown's avatar
      md: HOT_DISK_REMOVE shouldn't make a read-auto device active. · 3ea8929d
      NeilBrown authored
      If a fail device or a spare is removed from an array, there is
      not need to make the array 'active'.  If/when the array does become
      active for some other reason the metadata will be update to reflect
      the removal.
      If that never happens and the array is stopped while still read-auto,
      then there is no loss in forgetting the that the device had 'failed'.
      
      A read-only array will leave failed devices attached to
      the array personality, so we need to explicitly call
      remove_and_add_spares() to free it (clearing Blocked just
      like we do in store_slot()).
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      3ea8929d
    • NeilBrown's avatar
      md: use common code for all calls to ->hot_remove_disk() · 746d3207
      NeilBrown authored
      slot_store and remove_and_add_spares both call ->hot_remove_disk(),
      but with slightly different tests and consequences, which is
      at least untidy and might be buggy.
      
      So modify remove_and_add_spaces() so that it can be asked
      to remove a specific device, and call it from slot_store().
      
      We also clear the Blocked flag to ensure that doesn't prevent
      removal.  The purpose of Blocked is to prevent automatic removal
      by the kernel before an error is acknowledged.
      If the array is read/write then user-space would have not reason
      to remove a device unless it was known to be 'spare' or 'faulty' in
      which it would have already cleared the Blocked flag.
      If the array is read-only, the flag might still be blocked, but
      there is no harm in clearing the flag for read-only arrays.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      746d3207
    • NeilBrown's avatar
      md: never update metadata when array is read-only. · d87f064f
      NeilBrown authored
      Normally we don't even try to update the metadata if
      the array is read-only.  However future patches
      will increase the number of things that can happen on a read-only
      array, so it is safest to explicitly disable this.
      
      Every time that mddev->ro is set to 0, either
       - md_update_sb will be called again (at least if MD_CHANGE_DEVS
         is set) or
       - the mddev->thread is scheduled, which will also run
         md_update_sb if needed.
      
      So this is safe: if the array ever become read-write the
      metadata will be updated.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      d87f064f
  4. 22 Apr, 2013 4 commits
  5. 21 Apr, 2013 8 commits
    • Linus Torvalds's avatar
      Linux 3.9-rc8 · 60d509fa
      Linus Torvalds authored
      60d509fa
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 31259294
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Misc fixes"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86: Fix offcore_rsp valid mask for SNB/IVB
        perf: Treat attr.config as u64 in perf_swevent_init()
      31259294
    • Linus Torvalds's avatar
      Merge branch 'vm_ioremap_memory-examples' · 12c71c4b
      Linus Torvalds authored
      I'm going to do an -rc8, so I'm just going to do this rather than delay
      it any further. They are arguably stable material anyway.
      
      * vm_ioremap_memory-examples:
        mtdchar: remove no-longer-used vma helpers
        vm: convert snd_pcm_lib_mmap_iomem() to vm_iomap_memory() helper
        vm: convert fb_mmap to vm_iomap_memory() helper
        vm: convert mtdchar mmap to vm_iomap_memory() helper
        vm: convert HPET mmap to vm_iomap_memory() helper
      12c71c4b
    • Linus Torvalds's avatar
      Merge branch 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 830ac852
      Linus Torvalds authored
      Pull kdump fixes from Peter Anvin:
       "The kexec/kdump people have found several problems with the support
        for loading over 4 GiB that was introduced in this merge cycle.  This
        is partly due to a number of design problems inherent in the way the
        various pieces of kdump fit together (it is pretty horrifically manual
        in many places.)
      
        After a *lot* of iterations this is the patchset that was agreed upon,
        but of course it is now very late in the cycle.  However, because it
        changes both the syntax and semantics of the crashkernel option, it
        would be desirable to avoid a stable release with the broken
        interfaces."
      
      I'm not happy with the timing, since originally the plan was to release
      the final 3.9 tomorrow.  But apparently I'm doing an -rc8 instead...
      
      * 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kexec: use Crash kernel for Crash kernel low
        x86, kdump: Change crashkernel_high/low= to crashkernel=,high/low
        x86, kdump: Retore crashkernel= to allocate under 896M
        x86, kdump: Set crashkernel_low automatically
      830ac852
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · db93f8b4
      Linus Torvalds authored
      Pull x86 fixes from Peter Anvin:
       "Three groups of fixes:
      
         1. Make sure we don't execute the early microcode patching if family
            < 6, since it would touch MSRs which don't exist on those
            families, causing crashes.
      
         2. The Xen partial emulation of HyperV can be dealt with more
            gracefully than just disabling the driver.
      
         3. More EFI variable space magic.  In particular, variables hidden
            from runtime code need to be taken into account too."
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, microcode: Verify the family before dispatching microcode patching
        x86, hyperv: Handle Xen emulation of Hyper-V more gracefully
        x86,efi: Implement efi_no_storage_paranoia parameter
        efi: Export efi_query_variable_store() for efivars.ko
        x86/Kconfig: Make EFI select UCS2_STRING
        efi: Distinguish between "remaining space" and actually used space
        efi: Pass boot services variable info to runtime code
        Move utf16 functions to kernel core and rename
        x86,efi: Check max_size only if it is non-zero.
        x86, efivars: firmware bug workarounds should be in platform code
      db93f8b4
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 8c3a13c8
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "A set of fixes from various people - Will Deacon gets a prize for
        removing code this time around.  The biggest fix in this lot is
        sorting out the ARM740T mess.  The rest are relatively small fixes."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7699/1: sched_clock: Add more notrace to prevent recursion
        ARM: 7698/1: perf: fix group validation when using enable_on_exec
        ARM: 7697/1: hw_breakpoint: do not use __cpuinitdata for dbg_cpu_pm_nb
        ARM: 7696/1: Fix kexec by setting outer_cache.inv_all for Feroceon
        ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch()
        ARM: 7692/1: iop3xx: move IOP3XX_PERIPHERAL_VIRT_BASE
        ARM: modules: don't export cpu_set_pte_ext when !MMU
        ARM: mm: remove broken condition check for v4 flushing
        ARM: mm: fix numerous hideous errors in proc-arm740.S
        ARM: cache: remove ARMv3 support code
        ARM: tlbflush: remove ARMv3 support
      8c3a13c8
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 851b3f32
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
      
       1) Fix race in sparc64 TLB shootdowns, we have to synchronize with the
          sibling cpus completing if we are passing them a reference via
          pointer to a data structure.
      
       2) Fix cleaning of bitmaps in sparc32, from Akinobu Mita.
      
       3) Fix various sparc header mistakes, some of which resulted in
          userland build breakage.  From Sam Ravnborg.
      
       4) Kill ghost declarations and defines missed when several bits of code
          got deleted recently.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix race in TLB batch processing.
        sparc: use asm-generic version of types.h
        bbc_i2c: fix section mismatch warning
        sparc: use generic headers
        sparc:cleanup unused code in smp_32.h
        sparc/iommu: fix typo s/265KB/256KB/
        sparc/srmmu: clear trailing edge of bitmap properly
        sparc:remove unused declaration smp_boot_cpus()
      851b3f32
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c437d888
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) ax88796 does 64-bit divides which causes link errors on ARM, fix
          from Arnd Bergmann.
      
       2) Once an improper offload setting is detected on an SKB we don't rate
          limit the log message so we can very easily live lock.  From Ben
          Greear.
      
       3) Openvswitch cannot report vport configuration changes reliably
          because it didn't preallocate the netlink notification message
          before changing state.  From Jesse Gross.
      
       4) The effective UID/GID SCM credentials fix, from Linus.
      
       5) When a user explicitly asks for wireless authentication, cfg80211
          isn't told about the AP detachment leaving inconsistent state.  Fix
          from Johannes Berg.
      
       6) Fix self-MAC checks in batman-adv on multi-mesh nodes, from Antonio
          Quartulli.
      
       7) Revert build_skb() change sin IGB driver, can result in memory
          corruption.  From Alexander Duyck.
      
       8) Fix setting VLANs on virtual functions in IXGBE, from Greg Rose.
      
       9) Fix TSO races in qlcnic driver, from Sritej Velaga.
      
      10) In bnx2x the kernel driver and UNDI firmware can try to program the
          chip at the same time, resulting in corruption.  Add proper
          synchronization.  From Dmitry Kravkov.
      
      11) Fix corruption of status block in firmware ram in bxn2x, from Ariel
          Elior.
      
      12) Fix load balancing hash regression of bonding driver in forwarding
          configurations, from Eric Dumazet.
      
      13) Fix TS ECR regression in TCP by calling tcp_replace_ts_recent() in
          all the right spots, from Eric Dumazet.
      
      14) Fix several bonding bugs having to do with address manintainence,
          including not removing address when configuration operations
          encounter errors, missed locking on the address lists, missing
          refcounting on VLAN objects, etc.  All from Nikolay Aleksandrov.
      
      15) Add workarounds for firmware bugs in LTE qmi_wwan devices, wherein
          the devices fail to add a proper ethernet header while on LTE
          networks but otherwise properly do so on 2G and 3G ones.  From Bjørn
          Mork.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits)
        net: fix incorrect credentials passing
        net: rate-limit warn-bad-offload splats.
        net: ax88796: avoid 64 bit arithmetic
        qlge: Update version to 1.00.00.32.
        qlge: Fix ethtool autoneg advertising.
        qlge: Fix receive path to drop error frames
        net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround)
        net: qmi_wwan: fixup destination address (firmware bug workaround)
        net: qmi_wwan: fixup missing ethernet header (firmware bug workaround)
        bonding: in bond_mc_swap() bond's mc addr list is walked without lock
        bonding: disable netpoll on enslave failure
        bonding: primary_slave & curr_active_slave are not cleaned on enslave failure
        bonding: vlans don't get deleted on enslave failure
        bonding: mc addresses don't get deleted on enslave failure
        pkt_sched: fix error return code in fw_change_attrs()
        irda: small read past the end of array in debug code
        tcp: call tcp_replace_ts_recent() from tcp_ack()
        netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
        netfilter: ipset: bitmap:ip,mac: fix listing with timeout
        bonding: fix l23 and l34 load balancing in forwarding path
        ...
      c437d888
  6. 20 Apr, 2013 2 commits
  7. 19 Apr, 2013 9 commits
    • H. Peter Anvin's avatar
      x86, microcode: Verify the family before dispatching microcode patching · 74c3e3fc
      H. Peter Anvin authored
      For each CPU vendor that implements CPU microcode patching, there will
      be a minimum family for which this is implemented.  Verify this
      minimum level of support.
      
      This can be done in the dispatch function or early in the application
      functions.  Doing the latter turned out to be somewhat awkward because
      of the ineviable split between the BSP and the AP paths, and rather
      than pushing deep into the application functions, do this in
      the dispatch function.
      Reported-by: default avatar"Bryan O'Donoghue" <bryan.odonoghue.lkml@nexus-software.ie>
      Suggested-by: default avatarBorislav Petkov <bp@alien8.de>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Link: http://lkml.kernel.org/r/1366392183-4149-1-git-send-email-bryan.odonoghue.lkml@nexus-software.ie
      74c3e3fc
    • Ben Greear's avatar
      net: rate-limit warn-bad-offload splats. · c846ad9b
      Ben Greear authored
      If one does do something unfortunate and allow a
      bad offload bug into the kernel, this the
      skb_warn_bad_offload can effectively live-lock the
      system, filling the logs with the same error over
      and over.
      
      Add rate limitation to this so that box remains otherwise
      functional in this case.
      Signed-off-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c846ad9b
    • Arnd Bergmann's avatar
      net: ax88796: avoid 64 bit arithmetic · b261c20f
      Arnd Bergmann authored
      When building ax88796 on an ARM platform with 64-bit resource_size_t,
      we currently get
      
      drivers/net/ethernet/8390/ax88796.c:875: undefined reference to `__aeabi_uldivmod'
      
      because we do a division on the length of the MMIO resource.
      Since we know that this resource is very short, using an
      "unsigned long" instead of "resource_size_t" is entirely
      sufficient, and avoids this link-time error.
      
      Cc: Ben Dooks <ben-linux@fluff.org>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b261c20f
    • Jitendra Kalsaria's avatar
    • Jitendra Kalsaria's avatar
      qlge: Fix ethtool autoneg advertising. · c5e991af
      Jitendra Kalsaria authored
      Autoneg is supported on specific port types only. Fix the driver to advertise
      autoneg based on the port type.
      Signed-off-by: default avatarJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5e991af
    • Sritej Velaga's avatar
      qlge: Fix receive path to drop error frames · ae721f3a
      Sritej Velaga authored
      o Fix the driver to drop error frames in the receive path
      o Update error counter which was not getting incremented
      Signed-off-by: default avatarSritej Velaga <sritej.velaga@qlogic.com>
      Signed-off-by: default avatarJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae721f3a
    • David S. Miller's avatar
      Merge branch 'qmi_wwan' · b79d4a8d
      David S. Miller authored
      Bjørn Mork says:
      
      ====================
      This series adds workarounds for 3 different firmware bugs, each
      preventing the affected devices from working at all. I therefore
      humbly request that these fixes go to stable-3.8 (if still
      maintained) and 3.9 (either via net if still possible, or via
      stable if not).
      
      All 3 workarounds are applied to all devices supported by the driver.
      Adding quirks for specific devices was considered as an alternative,
      but was rejected because we have too little information about the
      exact distribution of the buggy firmwares. All we know is that the
      same bug shows up in devices from at least 3 different, and presumably
      independent, vendors.
      
      The workarounds have instead been designed to automatically apply
      when necessary, and to have as little impact as possible on unaffected
      devices.  The series has been tested on a number of devices both with
      and without these bugs.
      
      The series should apply cleanly to net/master, net-next/master and
      stable/linux-3.8.y
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b79d4a8d
    • Bjørn Mork's avatar
      net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround) · cc6ba5fd
      Bjørn Mork authored
      We normally trust and use the CDC functional descriptors provided by a
      number of devices.  But some of these will erroneously list the address
      reserved for the device end of the link.  Attempting to use this on
      both the device and host side will naturally not work.
      
      Work around this bug by ignoring the functional descriptor and assign a
      random address instead in this case.
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc6ba5fd
    • Bjørn Mork's avatar
      net: qmi_wwan: fixup destination address (firmware bug workaround) · 6483bdc9
      Bjørn Mork authored
      Received packets are sometimes addressed to 00:a0:c6:00:00:00
      instead of the address the device firmware should have learned
      from the host:
      
      321.224126 77.16.85.204 -> 148.122.171.134 ICMP 98 Echo (ping) request  id=0x4025, seq=64/16384, ttl=64
      
      0000  82 c0 82 c9 f1 67 82 c0 82 c9 f1 67 08 00 45 00   .....g.....g..E.
      0010  00 54 00 00 40 00 40 01 57 cc 4d 10 55 cc 94 7a   .T..@.@.W.M.U..z
      0020  ab 86 08 00 62 fc 40 25 00 40 b2 bc 6e 51 00 00   ....b.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      321.240607 148.122.171.134 -> 77.16.85.204 ICMP 98 Echo (ping) reply    id=0x4025, seq=64/16384, ttl=55
      
      0000  00 a0 c6 00 00 00 02 50 f3 00 00 00 08 00 45 00   .......P......E.
      0010  00 54 00 56 00 00 37 01 a0 76 94 7a ab 86 4d 10   .T.V..7..v.z..M.
      0020  55 cc 00 00 6a fc 40 25 00 40 b2 bc 6e 51 00 00   U...j.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      The bogus address is always the same, and matches the address
      suggested by many devices as a default address.  It is likely a
      hardcoded firmware default.
      
      The circumstances where this bug has been observed indicates that
      the trigger is related to timing or some other factor the host
      cannot control. Repeating the exact same configuration sequence
      that caused it to trigger once, will not necessarily cause it to
      trigger the next time. Reproducing the bug is therefore difficult.
      This opens up a possibility that the bug is more common than we can
      confirm, because affected devices often will work properly again
      after a reset.  A procedure most users are likely to try out before
      reporting a bug.
      
      Unconditionally rewriting the destination address if the first digit
      of the received packet is 0, is considered an acceptable compromise
      since we already have to inspect this digit.  The simplification will
      cause unnecessary rewrites if the real address starts with 0, but this
      is still better than adding additional tests for this particular case.
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6483bdc9