1. 19 Sep, 2018 14 commits
    • Karsten Graul's avatar
      net/smc: no urgent data check for listen sockets · 71d117f5
      Karsten Graul authored
      Don't check a listen socket for pending urgent data in smc_poll().
      Signed-off-by: default avatarKarsten Graul <kgraul@linux.ibm.com>
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      71d117f5
    • Ursula Braun's avatar
      net/smc: enable fallback for connection abort in state INIT · dd65d87a
      Ursula Braun authored
      If a linkgroup is terminated abnormally already due to failing
      LLC CONFIRM LINK or LLC ADD LINK, fallback to TCP is still possible.
      In this case do not switch to state SMC_PEERABORTWAIT and do not set
      sk_err.
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dd65d87a
    • Ursula Braun's avatar
      net/smc: remove duplicate mutex_unlock · 1ca52fcf
      Ursula Braun authored
      For a failing smc_listen_rdma_finish() smc_listen_decline() is
      called. If fallback is possible, the new socket is already enqueued
      to be accepted in smc_listen_decline(). Avoid enqueuing a second time
      afterwards in this case, otherwise the smc_create_lgr_pending lock
      is released twice:
      [  373.463976] WARNING: bad unlock balance detected!
      [  373.463978] 4.18.0-rc7+ #123 Tainted: G           O
      [  373.463979] -------------------------------------
      [  373.463980] kworker/1:1/30 is trying to release lock (smc_create_lgr_pending) at:
      [  373.463990] [<000003ff801205fc>] smc_listen_work+0x22c/0x5d0 [smc]
      [  373.463991] but there are no more locks to release!
      [  373.463991]
      other info that might help us debug this:
      [  373.463993] 2 locks held by kworker/1:1/30:
      [  373.463994]  #0: 00000000772cbaed ((wq_completion)"events"){+.+.}, at: process_one_work+0x1ec/0x6b0
      [  373.464000]  #1: 000000003ad0894a ((work_completion)(&new_smc->smc_listen_work)){+.+.}, at: process_one_work+0x1ec/0x6b0
      [  373.464003]
      stack backtrace:
      [  373.464005] CPU: 1 PID: 30 Comm: kworker/1:1 Kdump: loaded Tainted: G           O      4.18.0-rc7uschi+ #123
      [  373.464007] Hardware name: IBM 2827 H43 738 (LPAR)
      [  373.464010] Workqueue: events smc_listen_work [smc]
      [  373.464011] Call Trace:
      [  373.464015] ([<0000000000114100>] show_stack+0x60/0xd8)
      [  373.464019]  [<0000000000a8c9bc>] dump_stack+0x9c/0xd8
      [  373.464021]  [<00000000001dcaf8>] print_unlock_imbalance_bug+0xf8/0x108
      [  373.464022]  [<00000000001e045c>] lock_release+0x114/0x4f8
      [  373.464025]  [<0000000000aa87fa>] __mutex_unlock_slowpath+0x4a/0x300
      [  373.464027]  [<000003ff801205fc>] smc_listen_work+0x22c/0x5d0 [smc]
      [  373.464029]  [<0000000000197a68>] process_one_work+0x2a8/0x6b0
      [  373.464030]  [<0000000000197ec2>] worker_thread+0x52/0x410
      [  373.464033]  [<000000000019fd0e>] kthread+0x15e/0x178
      [  373.464035]  [<0000000000aaf58a>] kernel_thread_starter+0x6/0xc
      [  373.464052]  [<0000000000aaf584>] kernel_thread_starter+0x0/0xc
      [  373.464054] INFO: lockdep is turned off.
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ca52fcf
    • Ursula Braun's avatar
      net/smc: fix non-blocking connect problem · 648a5a7a
      Ursula Braun authored
      In state SMC_INIT smc_poll() delegates polling to the internal
      CLC socket. This means, once the connect worker has finished
      its kernel_connect() step, the poll wake-up may occur. This is not
      intended. The wake-up should occur from the wake up call in
      smc_connect_work() after __smc_connect() has finished.
      Thus in state SMC_INIT this patch now calls sock_poll_wait() on the
      main SMC socket.
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      648a5a7a
    • Kazuya Mizuguchi's avatar
      ravb: do not write 1 to reserved bits · 2fe397a3
      Kazuya Mizuguchi authored
      EtherAVB hardware requires 0 to be written to status register bits in
      order to clear them, however, care must be taken not to:
      
      1. Clear other bits, by writing zero to them
      2. Write one to reserved bits
      
      This patch corrects the ravb driver with respect to the second point above.
      This is done by defining reserved bit masks for the affected registers and,
      after auditing the code, ensure all sites that may write a one to a
      reserved bit use are suitably masked.
      Signed-off-by: default avatarKazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
      Signed-off-by: default avatarSimon Horman <horms+renesas@verge.net.au>
      Reviewed-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2fe397a3
    • zhong jiang's avatar
      net: bnxt: Fix a uninitialized variable warning. · 65fac4fe
      zhong jiang authored
      Fix the following compile warning:
      
      drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c:49:5: warning: ‘nvm_param.dir_type’ may be used uninitialized in this function [-Wmaybe-uninitialized]
        if (nvm_param.dir_type == BNXT_NVM_PORT_CFG)
      Signed-off-by: default avatarzhong jiang <zhongjiang@huawei.com>
      Acked-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65fac4fe
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2018-09-17' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 6344244c
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      Mellanox, mlx5 fixes 2018-09-17
      
      Sorry about the previous submission of this series which was mistakenly
      marked for net-next, here I am resending with 'net' mark.
      
      This series provides three fixes to mlx5 core and mlx5e netdevice
      driver.
      
      Please pull and let me know if there's any problem.
      
      For -stable v4.16:
      ('net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ')
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6344244c
    • Christian Lamparter's avatar
      net: emac: fix fixed-link setup for the RTL8363SB switch · 08e39982
      Christian Lamparter authored
      On the Netgear WNDAP620, the emac ethernet isn't receiving nor
      xmitting any frames from/to the RTL8363SB (identifies itself
      as a RTL8367RB).
      
      This is caused by the emac hardware not knowing the forced link
      parameters for speed, duplex, pause, etc.
      
      This begs the question, how this was working on the original
      driver code, when it was necessary to set the phy_address and
      phy_map to 0xffffffff. But I guess without access to the old
      PPC405/440/460 hardware, it's not possible to know.
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      08e39982
    • Suren Baghdasaryan's avatar
      NFC: Fix the number of pipes · e285d5bf
      Suren Baghdasaryan authored
      According to ETSI TS 102 622 specification chapter 4.4 pipe identifier
      is 7 bits long which allows for 128 unique pipe IDs. Because
      NFC_HCI_MAX_PIPES is used as the number of pipes supported and not
      as the max pipe ID, its value should be 128 instead of 127.
      
      nfc_hci_recv_from_llc extracts pipe ID from packet header using
      NFC_HCI_FRAGMENT(0x7F) mask which allows for pipe ID value of 127.
      Same happens when NCI_HCP_MSG_GET_PIPE() is being used. With
      pipes array having only 127 elements and pipe ID of 127 the OOB memory
      access will result.
      
      Cc: Samuel Ortiz <sameo@linux.intel.com>
      Cc: Allen Pais <allen.pais@oracle.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Suggested-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarSuren Baghdasaryan <surenb@google.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e285d5bf
    • Suren Baghdasaryan's avatar
      NFC: Fix possible memory corruption when handling SHDLC I-Frame commands · 674d9de0
      Suren Baghdasaryan authored
      When handling SHDLC I-Frame commands "pipe" field used for indexing
      into an array should be checked before usage. If left unchecked it
      might access memory outside of the array of size NFC_HCI_MAX_PIPES(127).
      
      Malformed NFC HCI frames could be injected by a malicious NFC device
      communicating with the device being attacked (remote attack vector),
      or even by an attacker with physical access to the I2C bus such that
      they could influence the data transfers on that bus (local attack vector).
      skb->data is controlled by the attacker and has only been sanitized in
      the most trivial ways (CRC check), therefore we can consider the
      create_info struct and all of its members to tainted. 'create_info->pipe'
      with max value of 255 (uint8) is used to take an offset of the
      hdev->pipes array of 127 elements which can lead to OOB write.
      
      Cc: Samuel Ortiz <sameo@linux.intel.com>
      Cc: Allen Pais <allen.pais@oracle.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Suggested-by: default avatarKevin Deus <kdeus@google.com>
      Signed-off-by: default avatarSuren Baghdasaryan <surenb@google.com>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      674d9de0
    • Sabrina Dubroca's avatar
      selftests: pmtu: properly redirect stderr to /dev/null · 0a286afe
      Sabrina Dubroca authored
      The cleanup function uses "$CMD 2 > /dev/null", which doesn't actually
      send stderr to /dev/null, so when the netns doesn't exist, the error
      message is shown. Use "2> /dev/null" instead, so that those messages
      disappear, as was intended.
      
      Fixes: d1f1b9cb ("selftests: net: Introduce first PMTU test")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Acked-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a286afe
    • David S. Miller's avatar
      Merge branch 'stmmac-Coalesce-and-tail-addr-fixes' · 87ebcffd
      David S. Miller authored
      Jose Abreu says:
      
      ====================
      net: stmmac: Coalesce and tail addr fixes
      
      The fix for coalesce timer and a fix in tail address setting that impacts
      XGMAC2 operation.
      
      The series is:
      Tested-by: default avatarJerome Brunet <jbrunet@baylibre.com>
      	on a113 s400 board (single queue)
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      87ebcffd
    • Jose Abreu's avatar
      net: stmmac: Fixup the tail addr setting in xmit path · 0431100b
      Jose Abreu authored
      Currently we are always setting the tail address of descriptor list to
      the end of the pre-allocated list.
      
      According to databook this is not correct. Tail address should point to
      the last available descriptor + 1, which means we have to update the
      tail address everytime we call the xmit function.
      
      This should make no impact in older versions of MAC but in newer
      versions there are some DMA features which allows the IP to fetch
      descriptors in advance and in a non sequential order so its critical
      that we set the tail address correctly.
      Signed-off-by: default avatarJose Abreu <joabreu@synopsys.com>
      Fixes: f748be53 ("stmmac: support new GMAC4")
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Joao Pinto <jpinto@synopsys.com>
      Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
      Cc: Alexandre Torgue <alexandre.torgue@st.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0431100b
    • Jose Abreu's avatar
      net: stmmac: Rework coalesce timer and fix multi-queue races · 8fce3331
      Jose Abreu authored
      This follows David Miller advice and tries to fix coalesce timer in
      multi-queue scenarios.
      
      We are now using per-queue coalesce values and per-queue TX timer.
      
      Coalesce timer default values was changed to 1ms and the coalesce frames
      to 25.
      
      Tested in B2B setup between XGMAC2 and GMAC5.
      Signed-off-by: default avatarJose Abreu <joabreu@synopsys.com>
      Fixes: 	ce736788 ("net: stmmac: adding multiple buffers for TX")
      Cc: Florian Fainelli <f.fainelli@gmail.com>
      Cc: Neil Armstrong <narmstrong@baylibre.com>
      Cc: Jerome Brunet <jbrunet@baylibre.com>
      Cc: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Joao Pinto <jpinto@synopsys.com>
      Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
      Cc: Alexandre Torgue <alexandre.torgue@st.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8fce3331
  2. 18 Sep, 2018 11 commits
    • Greg Kroah-Hartman's avatar
      Merge gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net · 5211da9c
      Greg Kroah-Hartman authored
      Dave writes:
        "Various fixes, all over the place:
      
         1) OOB data generation fix in bluetooth, from Matias Karhumaa.
      
         2) BPF BTF boundary calculation fix, from Martin KaFai Lau.
      
         3) Don't bug on excessive frags, to be compatible in situations mixing
            older and newer kernels on each end.  From Juergen Gross.
      
         4) Scheduling in RCU fix in hv_netvsc, from Stephen Hemminger.
      
         5) Zero keying information in TLS layer before freeing copies
            of them, from Sabrina Dubroca.
      
         6) Fix NULL deref in act_sample, from Davide Caratti.
      
         7) Orphan SKB before GRO in veth to prevent crashes with XDP,
            from Toshiaki Makita.
      
         8) Fix use after free in ip6_xmit, from Eric Dumazet.
      
         9) Fix VF mac address regression in bnxt_en, from Micahel Chan.
      
         10) Fix MSG_PEEK behavior in TLS layer, from Daniel Borkmann.
      
         11) Programming adjustments to r8169 which fix not being to enter deep
             sleep states on some machines, from Kai-Heng Feng and Hans de
             Goede.
      
         12) Fix DST_NOCOUNT flag handling for ipv6 routes, from Peter
             Oskolkov."
      
      * gitolite.kernel.org:/pub/scm/linux/kernel/git/davem/net: (45 commits)
        net/ipv6: do not copy dst flags on rt init
        qmi_wwan: set DTR for modems in forced USB2 mode
        clk: x86: Stop marking clocks as CLK_IS_CRITICAL
        r8169: Get and enable optional ether_clk clock
        clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
        r8169: enable ASPM on RTL8106E
        r8169: Align ASPM/CLKREQ setting function with vendor driver
        Revert "kcm: remove any offset before parsing messages"
        kcm: remove any offset before parsing messages
        net: ethernet: Fix a unused function warning.
        net: dsa: mv88e6xxx: Fix ATU Miss Violation
        tls: fix currently broken MSG_PEEK behavior
        hv_netvsc: pair VF based on serial number
        PCI: hv: support reporting serial number as slot information
        bnxt_en: Fix VF mac address regression.
        ipv6: fix possible use-after-free in ip6_xmit()
        net: hp100: fix always-true check for link up state
        ARM: dts: at91: add new compatibility string for macb on sama5d3
        net: macb: disable scatter-gather for macb on sama5d3
        net: mvpp2: let phylink manage the carrier state
        ...
      5211da9c
    • Peter Oskolkov's avatar
      net/ipv6: do not copy dst flags on rt init · 30bfd930
      Peter Oskolkov authored
      DST_NOCOUNT in dst_entry::flags tracks whether the entry counts
      toward route cache size (net->ipv6.sysctl.ip6_rt_max_size).
      
      If the flag is NOT set, dst_ops::pcpuc_entries counter is incremented
      in dist_init() and decremented in dst_destroy().
      
      This flag is tied to allocation/deallocation of dst_entry and
      should not be copied from another dst/route. Otherwise it can happen
      that dst_ops::pcpuc_entries counter grows until no new routes can
      be allocated because the counter reached ip6_rt_max_size due to
      DST_NOCOUNT not set and thus no counter decrements on gc-ed routes.
      
      Fixes: 3b6761d1 ("net/ipv6: Move dst flags to booleans in fib entries")
      Cc: David Ahern <dsahern@gmail.com>
      Acked-by: default avatarWei Wang <weiwan@google.com>
      Signed-off-by: default avatarPeter Oskolkov <posk@google.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      30bfd930
    • Bjørn Mork's avatar
      qmi_wwan: set DTR for modems in forced USB2 mode · 922005c7
      Bjørn Mork authored
      Recent firmware revisions have added the ability to force
      these modems to USB2 mode, hiding their SuperSpeed
      capabilities from the host.  The driver has been using the
      SuperSpeed capability, as shown by the bcdUSB field of the
      device descriptor, to detect the need to enable the DTR
      quirk.  This method fails when the modems are forced to
      USB2 mode by the modem firmware.
      
      Fix by unconditionally enabling the DTR quirk for the
      affected device IDs.
      Reported-by: default avatarFred Veldini <fred.veldini@gmail.com>
      Reported-by: default avatarDeshu Wen <dwen@sierrawireless.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Reported-by: default avatarFred Veldini <fred.veldini@gmail.com>
      Reported-by: default avatarDeshu Wen <dwen@sierrawireless.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      922005c7
    • David S. Miller's avatar
      Merge branch 'r8169-clk-fixes' · 89bfd48d
      David S. Miller authored
      Hans de Goede says:
      
      ====================
      r8169 (x86) clk fixes to fix S0ix not being reached
      
      This series adds code to the r8169 ethernet driver to get and enable an
      external clock if present, avoiding the need for a hack in the
      clk-pmc-atom driver where that clock was left on continuesly causing x86
      some devices to not reach deep power saving states (S0ix) when suspended
      causing to them to quickly drain their battery while suspended.
      
      The 3 commits in this series need to be merged in order to avoid
      regressions while bisecting. The clk-pmc-atom driver does not see much
      changes (it was last touched over a year ago). So the clk maintainers
      have agreed with merging all 3 patches through the net tree.
      All 3 patches have Stephen Boyd's Acked-by for this purpose.
      
      This v2 of the series only had some minor tweaks done to the commit
      messages and is ready for merging through the net tree now.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      89bfd48d
    • Hans de Goede's avatar
      clk: x86: Stop marking clocks as CLK_IS_CRITICAL · 648e9218
      Hans de Goede authored
      Commit d31fd43c ("clk: x86: Do not gate clocks enabled by the
      firmware"), which added the code to mark clocks as CLK_IS_CRITICAL, causes
      all unclaimed PMC clocks on Cherry Trail devices to be on all the time,
      resulting on the device not being able to reach S0i3 when suspended.
      
      The reason for this commit is that on some Bay Trail / Cherry Trail devices
      the r8169 ethernet controller uses pmc_plt_clk_4. Now that the clk-pmc-atom
      driver exports an "ether_clk" alias for pmc_plt_clk_4 and the r8169 driver
      has been modified to get and enable this clock (if present) the marking of
      the clocks as CLK_IS_CRITICAL is no longer necessary.
      
      This commit removes the CLK_IS_CRITICAL marking, fixing Cherry Trail
      devices not being able to reach S0i3 greatly decreasing their battery
      drain when suspended.
      
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861
      Cc: Johannes Stezenbach <js@sig21.net>
      Cc: Carlo Caione <carlo@endlessm.com>
      Reported-by: default avatarJohannes Stezenbach <js@sig21.net>
      Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Acked-by: default avatarStephen Boyd <sboyd@kernel.org>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      648e9218
    • Hans de Goede's avatar
      r8169: Get and enable optional ether_clk clock · c2f6f3ee
      Hans de Goede authored
      On some boards a platform clock is used as clock for the r8169 chip,
      this commit adds support for getting and enabling this clock (assuming
      it has an "ether_clk" alias set on it).
      
      This is related to commit d31fd43c ("clk: x86: Do not gate clocks
      enabled by the firmware") which is a previous attempt to fix this for some
      x86 boards, but this causes all Cherry Trail SoC using boards to not reach
      there lowest power states when suspending.
      
      This commit (together with an atom-pmc-clk driver commit adding the alias)
      fixes things properly by making the r8169 get the clock and enable it when
      it needs it.
      
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861
      Cc: Johannes Stezenbach <js@sig21.net>
      Cc: Carlo Caione <carlo@endlessm.com>
      Reported-by: default avatarJohannes Stezenbach <js@sig21.net>
      Acked-by: default avatarStephen Boyd <sboyd@kernel.org>
      Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2f6f3ee
    • Hans de Goede's avatar
      clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail · b1e3454d
      Hans de Goede authored
      Commit d31fd43c ("clk: x86: Do not gate clocks enabled by the
      firmware") causes all unclaimed PMC clocks on Cherry Trail devices to be on
      all the time, resulting on the device not being able to reach S0i2 or S0i3
      when suspended.
      
      The reason for this commit is that on some Bay Trail / Cherry Trail devices
      the ethernet controller uses pmc_plt_clk_4. This commit adds an "ether_clk"
      alias, so that the relevant ethernet drivers can try to (optionally) use
      this, without needing X86 specific code / hacks, thus fixing ethernet on
      these devices without breaking S0i3 support.
      
      This commit uses clkdev_hw_create() to create the alias, mirroring the code
      for the already existing "mclk" alias for pmc_plt_clk_3.
      
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=193891#c102
      Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=196861
      Cc: Johannes Stezenbach <js@sig21.net>
      Cc: Carlo Caione <carlo@endlessm.com>
      Reported-by: default avatarJohannes Stezenbach <js@sig21.net>
      Acked-by: default avatarStephen Boyd <sboyd@kernel.org>
      Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b1e3454d
    • Kai-Heng Feng's avatar
      r8169: enable ASPM on RTL8106E · 0866cd15
      Kai-Heng Feng authored
      The Intel SoC was prevented from entering lower idle state because
      of RTL8106E's ASPM was not enabled.
      
      So enable ASPM on RTL8106E (chip version 39).
      Now the Intel SoC can enter lower idle state, power consumption and
      temperature are much lower.
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0866cd15
    • Kai-Heng Feng's avatar
      r8169: Align ASPM/CLKREQ setting function with vendor driver · 94235460
      Kai-Heng Feng authored
      There's a small delay after setting ASPM in vendor drivers, r8101 and
      r8168.
      In addition, those drivers enable ASPM before ClkReq, also change that
      to align with vendor driver.
      
      I haven't seen anything bad becasue of this, but I think it's better to
      keep in sync with vendor driver.
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      94235460
    • David S. Miller's avatar
      Revert "kcm: remove any offset before parsing messages" · 3275b4df
      David S. Miller authored
      This reverts commit 072222b4.
      
      I just read that this causes regressions.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3275b4df
    • Dominique Martinet's avatar
      kcm: remove any offset before parsing messages · 072222b4
      Dominique Martinet authored
      The current code assumes kcm users know they need to look for the
      strparser offset within their bpf program, which is not documented
      anywhere and examples laying around do not do.
      
      The actual recv function does handle the offset well, so we can create a
      temporary clone of the skb and pull that one up as required for parsing.
      
      The pull itself has a cost if we are pulling beyond the head data,
      measured to 2-3% latency in a noisy VM with a local client stressing
      that path. The clone's impact seemed too small to measure.
      
      This bug can be exhibited easily by implementing a "trivial" kcm parser
      taking the first bytes as size, and on the client sending at least two
      such packets in a single write().
      
      Note that bpf sockmap has the same problem, both for parse and for recv,
      so it would pulling twice or a real pull within the strparser logic if
      anyone cares about that.
      Signed-off-by: default avatarDominique Martinet <asmadeus@codewreck.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      072222b4
  3. 17 Sep, 2018 15 commits
    • Saeed Mahameed's avatar
      net/mlx5e: TLS, Read capabilities only when it is safe · 8f92e35a
      Saeed Mahameed authored
      Read TLS caps from the core driver only when TLS is supported, i.e
      mlx5_accel_is_tls_device returns true.
      
      Fixes: 790af90c ("net/mlx5e: TLS, build TLS netdev from capabilities")
      Change-Id: I5f21ff4d684901af487e366a7e0cf032b54ee9cf
      Reported-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Reviewed-by: default avatarBoris Pismenny <borisp@mellanox.com>
      Reviewed-by: default avatarTariq Toukan <tariqt@mellanox.com>
      8f92e35a
    • Alaa Hleihel's avatar
      net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ · 6b359d55
      Alaa Hleihel authored
      When modifying hairpin SQ, instead of checking if the next state equals
      to MLX5_SQC_STATE_RDY, we compare it against the MLX5_RQC_STATE_RDY enum
      value.
      
      The code worked since both of MLX5_RQC_STATE_RDY and MLX5_SQC_STATE_RDY
      have the same value today.
      
      This patch fixes this issue.
      
      Fixes: 18e568c3 ("net/mlx5: Hairpin pair core object setup")
      Change-Id: I6758aa7b4bd137966ae28206b70648c5bc223b46
      Signed-off-by: default avatarAlaa Hleihel <alaa@mellanox.com>
      Reviewed-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      6b359d55
    • Eli Cohen's avatar
      net/mlx5: Fix read from coherent memory · 250ae0d4
      Eli Cohen authored
      Use accessor function READ_ONCE to read from coherent memory modified
      by the device and read by the driver. This becomes most important in
      preemptive kernels where cond_resched implementation does not have the
      side effect which guaranteed the updated value.
      
      Fixes: 269d26f4 ("net/mlx5: Reduce command polling interval")
      Change-Id: Ie6deeb565ffaf76777b07448c7fbcce3510bbb8a
      Signed-off-by: default avatarEli Cohen <eli@mellanox.com>
      Reported-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      250ae0d4
    • Greg Kroah-Hartman's avatar
      Merge tag 'spi-fix-v4.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 3918c21e
      Greg Kroah-Hartman authored
      Mark writes:
        "spi: Fixes for v4.19
      
        As well as one driver fix there's a couple of fixes here which address
        issues with the use of IDRs for allocation of dynamic bus numbers,
        ensuring that dynamic bus numbers interact well with static bus numbers
        assigned via DT and otherwise."
      
      * tag 'spi-fix-v4.19-rc4' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE
        spi: Fix double IDR allocation with DT aliases
        spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
      3918c21e
    • zhong jiang's avatar
      net: ethernet: Fix a unused function warning. · c7348091
      zhong jiang authored
      Fix the following compile warning:
      
      drivers/net/ethernet/microchip/lan743x_main.c:2964:12: warning: ‘lan743x_pm_suspend’ defined but not used [-Wunused-function]
       static int lan743x_pm_suspend(struct device *dev)
      drivers/net/ethernet/microchip/lan743x_main.c:2987:12: warning: ‘lan743x_pm_resume’ defined but not used [-Wunused-function]
       static int lan743x_pm_resume(struct device *dev)
      Signed-off-by: default avatarzhong jiang <zhongjiang@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c7348091
    • Andrew Lunn's avatar
      net: dsa: mv88e6xxx: Fix ATU Miss Violation · ddca24df
      Andrew Lunn authored
      Fix a cut/paste error and a typo which results in ATU miss violations
      not being reported.
      
      Fixes: 0977644c ("net: dsa: mv88e6xxx: Decode ATU problem interrupt")
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ddca24df
    • Daniel Borkmann's avatar
      tls: fix currently broken MSG_PEEK behavior · 50c6b58a
      Daniel Borkmann authored
      In kTLS MSG_PEEK behavior is currently failing, strace example:
      
        [pid  2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
        [pid  2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4
        [pid  2430] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
        [pid  2430] listen(4, 10)               = 0
        [pid  2430] getsockname(4, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0
        [pid  2430] connect(3, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
        [pid  2430] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0
        [pid  2430] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
        [pid  2430] accept(4, {sa_family=AF_INET, sin_port=htons(49636), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
        [pid  2430] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0
        [pid  2430] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
        [pid  2430] close(4)                    = 0
        [pid  2430] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14
        [pid  2430] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11
        [pid  2430] recvfrom(5, "test_read_peektest_read_peektest"..., 64, MSG_PEEK, NULL, NULL) = 64
      
      As can be seen from strace, there are two TLS records sent,
      i) 'test_read_peek' and ii) '_mult_recs\0' where we end up
      peeking 'test_read_peektest_read_peektest'. This is clearly
      wrong, and what happens is that given peek cannot call into
      tls_sw_advance_skb() to unpause strparser and proceed with
      the next skb, we end up looping over the current one, copying
      the 'test_read_peek' over and over into the user provided
      buffer.
      
      Here, we can only peek into the currently held skb (current,
      full TLS record) as otherwise we would end up having to hold
      all the original skb(s) (depending on the peek depth) in a
      separate queue when unpausing strparser to process next
      records, minimally intrusive is to return only up to the
      current record's size (which likely was what c46234eb
      ("tls: RX path for ktls") originally intended as well). Thus,
      after patch we properly peek the first record:
      
        [pid  2046] wait4(2075,  <unfinished ...>
        [pid  2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
        [pid  2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4
        [pid  2075] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
        [pid  2075] listen(4, 10)               = 0
        [pid  2075] getsockname(4, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0
        [pid  2075] connect(3, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
        [pid  2075] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0
        [pid  2075] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
        [pid  2075] accept(4, {sa_family=AF_INET, sin_port=htons(45732), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5
        [pid  2075] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0
        [pid  2075] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
        [pid  2075] close(4)                    = 0
        [pid  2075] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14
        [pid  2075] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11
        [pid  2075] recvfrom(5, "test_read_peek", 64, MSG_PEEK, NULL, NULL) = 14
      
      Fixes: c46234eb ("tls: RX path for ktls")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50c6b58a
    • David S. Miller's avatar
      Merge branch 'hv_netvsc-associate-VF-and-PV-device-by-serial-number' · aa079bd0
      David S. Miller authored
      Stephen Hemminger says:
      
      ====================
      hv_netvsc: associate VF and PV device by serial number
      
      The Hyper-V implementation of PCI controller has concept of 32 bit serial number
      (not to be confused with PCI-E serial number).  This value is sent in the protocol
      from the host to indicate SR-IOV VF device is attached to a synthetic NIC.
      
      Using the serial number (instead of MAC address) to associate the two devices
      avoids lots of potential problems when there are duplicate MAC addresses from
      tunnels or layered devices.
      
      The patch set is broken into two parts, one is for the PCI controller
      and the other is for the netvsc device. Normally, these go through different
      trees but sending them together here for better review. The PCI changes
      were submitted previously, but the main review comment was "why do you
      need this?". This is why.
      
      v2 - slot name can be shorter.
           remove locking when creating pci_slots; see comment for explaination
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aa079bd0
    • Stephen Hemminger's avatar
      hv_netvsc: pair VF based on serial number · 00d7ddba
      Stephen Hemminger authored
      Matching network device based on MAC address is problematic
      since a non VF network device can be creted with a duplicate MAC
      address causing confusion and problems.  The VMBus API does provide
      a serial number that is a better matching method.
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00d7ddba
    • Stephen Hemminger's avatar
      PCI: hv: support reporting serial number as slot information · a15f2c08
      Stephen Hemminger authored
      The Hyper-V host API for PCI provides a unique "serial number" which
      can be used as basis for sysfs PCI slot table. This can be useful
      for cases where userspace wants to find the PCI device based on
      serial number.
      
      When an SR-IOV NIC is added, the host sends an attach message
      with serial number. The kernel doesn't use the serial number, but
      it is useful when doing the same thing in a userspace driver such
      as the DPDK. By having /sys/bus/pci/slots/N it provides a direct
      way to find the matching PCI device.
      
      There maybe some cases where serial number is not unique such
      as when using GPU's. But the PCI slot infrastructure will handle
      that.
      
      This has a side effect which may also be useful. The common udev
      network device naming policy uses the slot information (rather
      than PCI address).
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a15f2c08
    • Michael Chan's avatar
      bnxt_en: Fix VF mac address regression. · 28ea334b
      Michael Chan authored
      The recent commit to always forward the VF MAC address to the PF for
      approval may not work if the PF driver or the firmware is older.  This
      will cause the VF driver to fail during probe:
      
        bnxt_en 0000:00:03.0 (unnamed net_device) (uninitialized): hwrm req_type 0xf seq id 0x5 error 0xffff
        bnxt_en 0000:00:03.0 (unnamed net_device) (uninitialized): VF MAC address 00:00:17:02:05:d0 not approved by the PF
        bnxt_en 0000:00:03.0: Unable to initialize mac address.
        bnxt_en: probe of 0000:00:03.0 failed with error -99
      
      We fix it by treating the error as fatal only if the VF MAC address is
      locally generated by the VF.
      
      Fixes: 707e7e96 ("bnxt_en: Always forward VF MAC address to the PF.")
      Reported-by: default avatarSeth Forshee <seth.forshee@canonical.com>
      Reported-by: default avatarSiwei Liu <loseweigh@gmail.com>
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28ea334b
    • Eric Dumazet's avatar
      ipv6: fix possible use-after-free in ip6_xmit() · bbd6528d
      Eric Dumazet authored
      In the unlikely case ip6_xmit() has to call skb_realloc_headroom(),
      we need to call skb_set_owner_w() before consuming original skb,
      otherwise we risk a use-after-free.
      
      Bring IPv6 in line with what we do in IPv4 to fix this.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bbd6528d
    • Colin Ian King's avatar
      net: hp100: fix always-true check for link up state · a7f38002
      Colin Ian King authored
      The operation ~(p100_inb(VG_LAN_CFG_1) & HP100_LINK_UP) returns a value
      that is always non-zero and hence the wait for the link to drop always
      terminates prematurely.  Fix this by using a logical not operator instead
      of a bitwise complement.  This issue has been in the driver since
      pre-2.6.12-rc2.
      
      Detected by CoverityScan, CID#114157 ("Logical vs. bitwise operator")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7f38002
    • Nicolas Ferre's avatar
      ARM: dts: at91: add new compatibility string for macb on sama5d3 · 321cc359
      Nicolas Ferre authored
      We need this new compatibility string as we experienced different behavior
      for this 10/100Mbits/s macb interface on this particular SoC.
      Backward compatibility is preserved as we keep the alternative strings.
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      321cc359
    • Nicolas Ferre's avatar
      net: macb: disable scatter-gather for macb on sama5d3 · eb4ed8e2
      Nicolas Ferre authored
      Create a new configuration for the sama5d3-macb new compatibility string.
      This configuration disables scatter-gather because we experienced lock down
      of the macb interface of this particular SoC under very high load.
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eb4ed8e2