1. 29 Jun, 2016 9 commits
    • Eli Cohen's avatar
      net/mlx5: Update command strings · 5be1ea89
      Eli Cohen authored
      Add command string for MODIFY_FLOW_TABLE which is used by the driver.
      Signed-off-by: default avatarEli Cohen <eli@mellanox.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5be1ea89
    • Harini Katakam's avatar
      net: marvell: Add separate config ANEG function for Marvell 88E1111 · 3ec0a0f1
      Harini Katakam authored
      Marvell 88E1111 currently uses the generic marvell config ANEG function.
      This function has a sequence accessing Page 5 and Register 31,
      both of which are not defined or reserved for this PHY.
      Hence this patch adds a new config ANEG function for Marvell 88E1111
      without these erroneous accesses.
      Signed-off-by: default avatarHarini Katakam <harinik@xilinx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ec0a0f1
    • David S. Miller's avatar
      Merge branch 'batman-adv-fixes' · d10f0b31
      David S. Miller authored
      Sven Eckelmann says:
      
      ====================
      batman-adv: Fixes for Linux 4.7
      
      Antonio currently seems to be occupied. This is currently rather unfortunate
      because there are patches waiting in the batman-adv development repository
      maint(enance) branch [1] since up to 6 weeks. I am now getting asked when
      these patches will hit the distribution kernels and therefore decided to
      submit these patches directly to netdev.
      
      The patch from Simon works around the problem that warnings could be triggered
      in the translation table code via packets using a VLAN not configured on the
      target host. This warning was replaced with a rate limited info message.
      
      Ben Hutchings found an superfluous batadv_softif_vlan_put in the error
      handling code of the translation table while he backported the "batman-adv:
      Fix reference counting of vlan object for tt_local_entry" patch to the stable
      kernels. He noticed correctly that this batadv_softif_vlan_put should also
      have been removed by the said patch.
      
      The most requested fix at the moment is related to a double free in the
      translation table code. It is a race condition which mostly happens on systems
      with multiple cores and multiple network interface attached to batman-adv. Two
      Freifunk communities which were haunted by weird crashes (with backtraces
      reporting problems in other parts of the kernel) were kind enough to test this
      patch. They reported that there systems are now running stable after applying
      this patch.
      
      An invalid memory access was detected in the batadv_icmp_packet_rr handling
      code when receiving a skbuff with fragments. The last patch is fixing a memory
      leak when the interface is removed via .dellink. The code to fix it was copied
      from the code handling the legacy sysfs interface to remove netdevices from a
      batman-adv netdevice.
      
      There are still 28 patches in the development tree for v4.8 but I will leave
      them to Antonio because these are cleanups and features and therefore for net-
      next.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d10f0b31
    • Sven Eckelmann's avatar
      batman-adv: Clean up untagged vlan when destroying via rtnl-link · 420cb1b7
      Sven Eckelmann authored
      The untagged vlan object is only destroyed when the interface is removed
      via the legacy sysfs interface. But it also has to be destroyed when the
      standard rtnl-link interface is used.
      
      Fixes: 5d2c05b2 ("batman-adv: add per VLAN interface attribute framework")
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Acked-by: default avatarAntonio Quartulli <a@unstable.cc>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      420cb1b7
    • Sven Eckelmann's avatar
      batman-adv: Fix ICMP RR ethernet access after skb_linearize · 3b55e442
      Sven Eckelmann authored
      The skb_linearize may reallocate the skb. This makes the calculated pointer
      for ethhdr invalid. But it the pointer is used later to fill in the RR
      field of the batadv_icmp_packet_rr packet.
      
      Instead re-evaluate eth_hdr after the skb_linearize+skb_cow to fix the
      pointer and avoid the invalid read.
      
      Fixes: da6b8c20 ("batman-adv: generalize batman-adv icmp packet handling")
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3b55e442
    • Ben Hutchings's avatar
      batman-adv: Fix double-put of vlan object · baceced9
      Ben Hutchings authored
      Each batadv_tt_local_entry hold a single reference to a
      batadv_softif_vlan.  In case a new entry cannot be added to the hash
      table, the error path puts the reference, but the reference will also
      now be dropped by batadv_tt_local_entry_release().
      
      Fixes: a33d970d ("batman-adv: Fix reference counting of vlan object for tt_local_entry")
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      baceced9
    • Sven Eckelmann's avatar
      batman-adv: Fix use-after-free/double-free of tt_req_node · 9c4604a2
      Sven Eckelmann authored
      The tt_req_node is added and removed from a list inside a spinlock. But the
      locking is sometimes removed even when the object is still referenced and
      will be used later via this reference. For example batadv_send_tt_request
      can create a new tt_req_node (including add to a list) and later
      re-acquires the lock to remove it from the list and to free it. But at this
      time another context could have already removed this tt_req_node from the
      list and freed it.
      
      CPU#0
      
          batadv_batman_skb_recv from net_device 0
          -> batadv_iv_ogm_receive
            -> batadv_iv_ogm_process
              -> batadv_iv_ogm_process_per_outif
                -> batadv_tvlv_ogm_receive
                  -> batadv_tvlv_ogm_receive
                    -> batadv_tvlv_containers_process
                      -> batadv_tvlv_call_handler
                        -> batadv_tt_tvlv_ogm_handler_v1
                          -> batadv_tt_update_orig
                            -> batadv_send_tt_request
                              -> batadv_tt_req_node_new
                                 spin_lock(...)
                                 allocates new tt_req_node and adds it to list
                                 spin_unlock(...)
                                 return tt_req_node
      
      CPU#1
      
          batadv_batman_skb_recv from net_device 1
          -> batadv_recv_unicast_tvlv
            -> batadv_tvlv_containers_process
              -> batadv_tvlv_call_handler
                -> batadv_tt_tvlv_unicast_handler_v1
                  -> batadv_handle_tt_response
                     spin_lock(...)
                     tt_req_node gets removed from list and is freed
                     spin_unlock(...)
      
      CPU#0
      
                            <- returned to batadv_send_tt_request
                               spin_lock(...)
                               tt_req_node gets removed from list and is freed
                               MEMORY CORRUPTION/SEGFAULT/...
                               spin_unlock(...)
      
      This can only be solved via reference counting to allow multiple contexts
      to handle the list manipulation while making sure that only the last
      context holding a reference will free the object.
      
      Fixes: a73105b8 ("batman-adv: improved client announcement mechanism")
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Tested-by: default avatarMartin Weinelt <martin@darmstadt.freifunk.net>
      Tested-by: default avatarAmadeus Alfa <amadeus@chemnitz.freifunk.net>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c4604a2
    • Simon Wunderlich's avatar
      batman-adv: replace WARN with rate limited output on non-existing VLAN · 0b3dd7df
      Simon Wunderlich authored
      If a VLAN tagged frame is received and the corresponding VLAN is not
      configured on the soft interface, it will splat a WARN on every packet
      received. This is a quite annoying behaviour for some scenarios, e.g. if
      bat0 is bridged with eth0, and there are arbitrary VLAN tagged frames
      from Ethernet coming in without having any VLAN configuration on bat0.
      
      The code should probably create vlan objects on the fly and
      transparently transport these VLAN-tagged Ethernet frames, but until
      this is done, at least the WARN splat should be replaced by a rate
      limited output.
      
      Fixes: 354136bc ("batman-adv: fix kernel crash due to missing NULL checks")
      Signed-off-by: default avatarSimon Wunderlich <sw@simonwunderlich.de>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b3dd7df
    • Florian Fainelli's avatar
      net: phy: Manage fixed PHY address space using IDA · 69fc58a5
      Florian Fainelli authored
      If we have a system which uses fixed PHY devices and calls
      fixed_phy_register() then fixed_phy_unregister() we can exhaust the
      number of fixed PHYs available after a while, since we keep incrementing
      the variable phy_fixed_addr, but we never decrement it.
      
      This patch fixes that by converting the fixed PHY allocation to using
      IDA, which takes care of the allocation/dealloaction of the PHY
      addresses for us.
      
      Fixes: a7595121 ("net: phy: extend fixed driver with fixed_phy_register()")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      69fc58a5
  2. 28 Jun, 2016 10 commits
    • Willem de Bruijn's avatar
      sock_diag: do not broadcast raw socket destruction · 9a0fee2b
      Willem de Bruijn authored
      Diag intends to broadcast tcp_sk and udp_sk socket destruction.
      Testing sk->sk_protocol for IPPROTO_TCP/IPPROTO_UDP alone is not
      sufficient for this. Raw sockets can have the same type.
      
      Add a test for sk->sk_type.
      
      Fixes: eb4cb008 ("sock_diag: define destruction multicast groups")
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9a0fee2b
    • Aaron Campbell's avatar
      connector: fix out-of-order cn_proc netlink message delivery · ab8ed951
      Aaron Campbell authored
      The proc connector messages include a sequence number, allowing userspace
      programs to detect lost messages.  However, performing this detection is
      currently more difficult than necessary, since netlink messages can be
      delivered to the application out-of-order.  To fix this, leave pre-emption
      disabled during cn_netlink_send(), and use GFP_NOWAIT.
      
      The following was written as a test case.  Building the kernel w/ make -j32
      proved a reliable way to generate out-of-order cn_proc messages.
      
      int
      main(int argc, char *argv[])
      {
      	static uint32_t last_seq[CPU_SETSIZE], seq;
      	int cpu, fd;
      	struct sockaddr_nl sa;
      	struct __attribute__((aligned(NLMSG_ALIGNTO))) {
      		struct nlmsghdr nl_hdr;
      		struct __attribute__((__packed__)) {
      			struct cn_msg cn_msg;
      			struct proc_event cn_proc;
      		};
      	} rmsg;
      	struct __attribute__((aligned(NLMSG_ALIGNTO))) {
      		struct nlmsghdr nl_hdr;
      		struct __attribute__((__packed__)) {
      			struct cn_msg cn_msg;
      			enum proc_cn_mcast_op cn_mcast;
      		};
      	} smsg;
      
      	fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
      	if (fd < 0) {
      		perror("socket");
      	}
      
      	sa.nl_family = AF_NETLINK;
      	sa.nl_groups = CN_IDX_PROC;
      	sa.nl_pid = getpid();
      	if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
      		perror("bind");
      	}
      
      	memset(&smsg, 0, sizeof(smsg));
      	smsg.nl_hdr.nlmsg_len = sizeof(smsg);
      	smsg.nl_hdr.nlmsg_pid = getpid();
      	smsg.nl_hdr.nlmsg_type = NLMSG_DONE;
      	smsg.cn_msg.id.idx = CN_IDX_PROC;
      	smsg.cn_msg.id.val = CN_VAL_PROC;
      	smsg.cn_msg.len = sizeof(enum proc_cn_mcast_op);
      	smsg.cn_mcast = PROC_CN_MCAST_LISTEN;
      	if (send(fd, &smsg, sizeof(smsg), 0) != sizeof(smsg)) {
      		perror("send");
      	}
      
      	while (recv(fd, &rmsg, sizeof(rmsg), 0) == sizeof(rmsg)) {
      		cpu = rmsg.cn_proc.cpu;
      		if (cpu < 0) {
      			continue;
      		}
      		seq = rmsg.cn_msg.seq;
      		if ((last_seq[cpu] != 0) && (seq != last_seq[cpu] + 1)) {
      			printf("out-of-order seq=%d on cpu=%d\n", seq, cpu);
      		}
      		last_seq[cpu] = seq;
      	}
      
      	/* NOTREACHED */
      
      	perror("recv");
      
      	return -1;
      }
      Signed-off-by: default avatarAaron Campbell <aaron@monkey.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab8ed951
    • daniel's avatar
      Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address · 0888d5f3
      daniel authored
      The bridge is falsly dropping ipv6 mulitcast packets if there is:
       1. No ipv6 address assigned on the brigde.
       2. No external mld querier present.
       3. The internal querier enabled.
      
      When the bridge fails to build mld queries, because it has no
      ipv6 address, it slilently returns, but keeps the local querier enabled.
      This specific case causes confusing packet loss.
      
      Ipv6 multicast snooping can only work if:
       a) An external querier is present
       OR
       b) The bridge has an ipv6 address an is capable of sending own queries
      
      Otherwise it has to forward/flood the ipv6 multicast traffic,
      because snooping cannot work.
      
      This patch fixes the issue by adding a flag to the bridge struct that
      indicates that there is currently no ipv6 address assinged to the bridge
      and returns a false state for the local querier in
      __br_multicast_querier_exists().
      
      Special thanks to Linus Lüssing.
      
      Fixes: d1d81d4c ("bridge: check return value of ipv6_dev_get_saddr()")
      Signed-off-by: default avatarDaniel Danzberger <daniel@dd-wrt.com>
      Acked-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0888d5f3
    • Wang Sheng-Hui's avatar
      net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create · f299a02d
      Wang Sheng-Hui authored
      Commit 311c7c71 ("net/mlx5e: Allocate DMA coherent memory on
      reader NUMA node") introduced mlx5_*_alloc_node() but missed changing
      some calling and warn messages. This patch introduces 2 changes:
      	* Use mlx5_buf_alloc_node() instead of mlx5_buf_alloc() in
      	  mlx5_wq_ll_create()
      	* Update the failure warn messages with _node postfix for
      	  mlx5_*_alloc function names
      
      Fixes: 311c7c71 ("net/mlx5e: Allocate DMA coherent memory on reader NUMA node")
      Signed-off-by: default avatarWang Sheng-Hui <shhuiw@foxmail.com>
      Acked-By: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f299a02d
    • David S. Miller's avatar
      Merge branch 'bgmac-fixes' · d1b5a8da
      David S. Miller authored
      Florian Fainelli says:
      
      ====================
      net: bgmac: Random fixes
      
      This patch series fixes a few issues spotted by code inspection and
      actual testing.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1b5a8da
    • Florian Fainelli's avatar
      net: bgmac: Remove superflous netif_carrier_on() · 3894396e
      Florian Fainelli authored
      bgmac_open() calls phy_start() to initialize the PHY state machine,
      which will set the interface's carrier state accordingly, no need to
      force that as this could be conflicting with the PHY state determined by
      PHYLIB.
      
      Fixes: dd4544f0 ("bgmac: driver for GBit MAC core on BCMA bus")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3894396e
    • Florian Fainelli's avatar
      net: bgmac: Start transmit queue in bgmac_open · c3897f2a
      Florian Fainelli authored
      The driver does not start the transmit queue in bgmac_open(). If the
      queue was stopped prior to closing then re-opening the interface, we
      would never be able to wake-up again.
      
      Fixes: dd4544f0 ("bgmac: driver for GBit MAC core on BCMA bus")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c3897f2a
    • Florian Fainelli's avatar
      net: bgmac: Fix SOF bit checking · d2b13233
      Florian Fainelli authored
      We are checking for the Start of Frame bit in the ctl1 word, while this
      bit is set in the ctl0 word instead. Read the ctl0 word and update the
      check to verify that.
      
      Fixes: 9cde9450 ("bgmac: implement scatter/gather support")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2b13233
    • Jay Vosburgh's avatar
      bonding: fix 802.3ad aggregator reselection · 0622cab0
      Jay Vosburgh authored
      Since commit 7bb11dc9 ("bonding: unify all places where
      actor-oper key needs to be updated."), the logic in bonding to handle
      selection between multiple aggregators has not functioned.
      
      	This affects only configurations wherein the bonding slaves
      connect to two discrete aggregators (e.g., two independent switches, each
      with LACP enabled), thus creating two separate aggregation groups within a
      single bond.
      
      	The cause is a change in 7bb11dc9 to no longer set
      AD_PORT_BEGIN on a port after a link state change, which would cause the
      port to be reselected for attachment to an aggregator as if were newly
      added to the bond.  We cannot restore the prior behavior, as it
      contradicts IEEE 802.1AX 5.4.12, which requires ports that "become
      inoperable" (lose carrier, setting port_enabled=false as per 802.1AX
      5.4.7) to remain selected (i.e., assigned to the aggregator).  As the port
      now remains selected, the aggregator selection logic is not invoked.
      
      	A side effect of this change is that aggregators in bonding will
      now contain ports that are link down.  The aggregator selection logic
      does not currently handle this situation correctly, causing incorrect
      aggregator selection.
      
      	This patch makes two changes to repair the aggregator selection
      logic in bonding to function as documented and within the confines of the
      standard:
      
      	First, the aggregator selection and related logic now utilizes the
      number of active ports per aggregator, not the number of selected ports
      (as some selected ports may be down).  The ad_select "bandwidth" and
      "count" options only consider ports that are link up.
      
      	Second, on any carrier state change of any slave, the aggregator
      selection logic is explicitly called to insure the correct aggregator is
      active.
      Reported-by: default avatarVeli-Matti Lintu <veli-matti.lintu@opinsys.fi>
      Fixes: 7bb11dc9 ("bonding: unify all places where actor-oper key needs to be updated.")
      Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0622cab0
    • Tom Goff's avatar
      ipmr/ip6mr: Initialize the last assert time of mfc entries. · 70a0dec4
      Tom Goff authored
      This fixes wrong-interface signaling on 32-bit platforms for entries
      created when jiffies > 2^31 + MFC_ASSERT_THRESH.
      Signed-off-by: default avatarTom Goff <thomas.goff@ll.mit.edu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      70a0dec4
  3. 27 Jun, 2016 4 commits
  4. 23 Jun, 2016 11 commits
  5. 22 Jun, 2016 6 commits
    • David S. Miller's avatar
      Merge branch 'mlx4-fixes' · acd43fe8
      David S. Miller authored
      Tariq Toukan says:
      
      ====================
      mlx4_en fixes for 4.7-rc
      
      This small patchset includes two small fixes for mlx4_en driver.
      
      One allows a clean shutdown even when clients do not release their
      netdev reference.
      The other adds error return values to the VLAN VID add/kill functions.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      acd43fe8
    • Eran Ben Elisha's avatar
      net/mlx4_en: Avoid unregister_netdev at shutdown flow · 9d769311
      Eran Ben Elisha authored
      This allows a clean shutdown, even if some netdev clients do not
      release their reference from this netdev. It is enough to release
      the HW resources only as the kernel is shutting down.
      
      Fixes: 2ba5fbd6 ('net/mlx4_core: Handle AER flow properly')
      Signed-off-by: default avatarEran Ben Elisha <eranbe@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d769311
    • Kamal Heib's avatar
      net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill · 93c098af
      Kamal Heib authored
      Modify mlx4_en_vlan_rx_[add/kill]_vid to return error value in case of
      failure.
      
      Fixes: 8e586137 ('net: make vlan ndo_vlan_rx_[add/kill]_vid return error value')
      Signed-off-by: default avatarKamal Heib <kamalh@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93c098af
    • Jon Paul Maloy's avatar
      tipc: unclone unbundled buffers before forwarding · 27777daa
      Jon Paul Maloy authored
      When extracting an individual message from a received "bundle" buffer,
      we just create a clone of the base buffer, and adjust it to point into
      the right position of the linearized data area of the latter. This works
      well for regular message reception, but during periods of extremely high
      load it may happen that an extracted buffer, e.g, a connection probe, is
      reversed and forwarded through an external interface while the preceding
      extracted message is still unhandled. When this happens, the header or
      data area of the preceding message will be partially overwritten by a
      MAC header, leading to unpredicatable consequences, such as a link
      reset.
      
      We now fix this by ensuring that the msg_reverse() function never
      returns a cloned buffer, and that the returned buffer always contains
      sufficient valid head and tail room to be forwarded.
      Reported-by: default avatarErik Hugne <erik.hugne@gmail.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27777daa
    • Jiri Slaby's avatar
      kcm: fix /proc memory leak · d19af0a7
      Jiri Slaby authored
      Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by
      kmemleak:
      unreferenced object 0xffff88059c0e3458 (size 192):
        comm "cat", pid 1401, jiffies 4294935742 (age 310.720s)
        hex dump (first 32 bytes):
          28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00  (Eq.............
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<ffffffff8156a2de>] kmem_cache_alloc_trace+0x16e/0x230
          [<ffffffff8162a479>] seq_open+0x79/0x1d0
          [<ffffffffa0578510>] kcm_seq_open+0x0/0x30 [kcm]
          [<ffffffff8162a479>] seq_open+0x79/0x1d0
          [<ffffffff8162a8cf>] __seq_open_private+0x2f/0xa0
          [<ffffffff81712548>] seq_open_net+0x38/0xa0
      ...
      
      It is caused by a missing free in the ->release path. So fix it by
      providing seq_release_net as the ->release method.
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Fixes: cd6e111b (kcm: Add statistics and proc interfaces)
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Tom Herbert <tom@herbertland.com>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d19af0a7
    • Ido Schimmel's avatar
      team: Fix possible deadlock during team enslave · 942f64c4
      Ido Schimmel authored
      Both dev_uc_sync_multiple() and dev_mc_sync_multiple() require the
      source device to be locked by netif_addr_lock_bh(), but this is missing
      in team's enslave function, so add it.
      
      This fixes the following lockdep warning:
      
      Possible interrupt unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(_xmit_ETHER/1);
                                      local_irq_disable();
                                      lock(&(&mc->mca_lock)->rlock);
                                      lock(&team_netdev_addr_lock_key);
         <Interrupt>
           lock(&(&mc->mca_lock)->rlock);
      
        *** DEADLOCK ***
      
      Fixes: cb41c997 ("team: team should sync the port's uc/mc addrs when add a port")
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      942f64c4