1. 05 Sep, 2014 23 commits
  2. 14 Aug, 2014 17 commits
    • Greg Kroah-Hartman's avatar
      Linux 3.16.1 · 9a35988d
      Greg Kroah-Hartman authored
      9a35988d
    • Andrey Utkin's avatar
      arch/sparc/math-emu/math_32.c: drop stray break operator · d922ad11
      Andrey Utkin authored
      [ Upstream commit 093758e3 ]
      
      This commit is a guesswork, but it seems to make sense to drop this
      break, as otherwise the following line is never executed and becomes
      dead code. And that following line actually saves the result of
      local calculation by the pointer given in function argument. So the
      proposed change makes sense if this code in the whole makes sense (but I
      am unable to analyze it in the whole).
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=81641Reported-by: default avatarDavid Binderman <dcb314@hotmail.com>
      Signed-off-by: default avatarAndrey Utkin <andrey.krieger.utkin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d922ad11
    • Sowmini Varadhan's avatar
      sparc64: ldc_connect() should not return EINVAL when handshake is in progress. · e27d22dc
      Sowmini Varadhan authored
      [ Upstream commit 4ec1b010 ]
      
      The LDC handshake could have been asynchronously triggered
      after ldc_bind() enables the ldc_rx() receive interrupt-handler
      (and thus intercepts incoming control packets)
      and before vio_port_up() calls ldc_connect(). If that is the case,
      ldc_connect() should return 0 and let the state-machine
      progress.
      Signed-off-by: default avatarSowmini Varadhan <sowmini.varadhan@oracle.com>
      Acked-by: default avatarKarl Volz <karl.volz@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e27d22dc
    • Christopher Alexander Tobias Schulze's avatar
      sunsab: Fix detection of BREAK on sunsab serial console · b843176f
      Christopher Alexander Tobias Schulze authored
      [ Upstream commit fe418231 ]
      
      Fix detection of BREAK on sunsab serial console: BREAK detection was only
      performed when there were also serial characters received simultaneously.
      To handle all BREAKs correctly, the check for BREAK and the corresponding
      call to uart_handle_break() must also be done if count == 0, therefore
      duplicate this code fragment and pull it out of the loop over the received
      characters.
      
      Patch applies to 3.16-rc6.
      Signed-off-by: default avatarChristopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b843176f
    • Christopher Alexander Tobias Schulze's avatar
      bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 · aeb9bb5c
      Christopher Alexander Tobias Schulze authored
      [ Upstream commit 5cdceab3 ]
      
      Fix regression in bbc i2c temperature and fan control on some Sun systems
      that causes the driver to refuse to load due to the bbc_i2c_bussel resource not
      being present on the (second) i2c bus where the temperature sensors and fan
      control are located. (The check for the number of resources was removed when
      the driver was ported to a pure OF driver in mid 2008.)
      Signed-off-by: default avatarChristopher Alexander Tobias Schulze <cat.schulze@alice-dsl.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aeb9bb5c
    • David S. Miller's avatar
      sparc64: Guard against flushing openfirmware mappings. · 9483b6bd
      David S. Miller authored
      [ Upstream commit 4ca9a237 ]
      
      Based almost entirely upon a patch by Christopher Alexander Tobias
      Schulze.
      
      In commit db64fe02 ("mm: rewrite vmap
      layer") lazy VMAP tlb flushing was added to the vmalloc layer.  This
      causes problems on sparc64.
      
      Sparc64 has two VMAP mapped regions and they are not contiguous with
      eachother.  First we have the malloc mapping area, then another
      unrelated region, then the vmalloc region.
      
      This "another unrelated region" is where the firmware is mapped.
      
      If the lazy TLB flushing logic in the vmalloc code triggers after
      we've had both a module unload and a vfree or similar, it will pass an
      address range that goes from somewhere inside the malloc region to
      somewhere inside the vmalloc region, and thus covering the
      openfirmware area entirely.
      
      The sparc64 kernel learns about openfirmware's dynamic mappings in
      this region early in the boot, and then services TLB misses in this
      area.  But openfirmware has some locked TLB entries which are not
      mentioned in those dynamic mappings and we should thus not disturb
      them.
      
      These huge lazy TLB flush ranges causes those openfirmware locked TLB
      entries to be removed, resulting in all kinds of problems including
      hard hangs and crashes during reboot/reset.
      
      Besides causing problems like this, such huge TLB flush ranges are
      also incredibly inefficient.  A plea has been made with the author of
      the VMAP lazy TLB flushing code, but for now we'll put a safety guard
      into our flush_tlb_kernel_range() implementation.
      
      Since the implementation has become non-trivial, stop defining it as a
      macro and instead make it a function in a C source file.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9483b6bd
    • David S. Miller's avatar
      sparc64: Do not insert non-valid PTEs into the TSB hash table. · ea9b59f8
      David S. Miller authored
      [ Upstream commit 18f38132 ]
      
      The assumption was that update_mmu_cache() (and the equivalent for PMDs) would
      only be called when the PTE being installed will be accessible by the user.
      
      This is not true for code paths originating from remove_migration_pte().
      
      There are dire consequences for placing a non-valid PTE into the TSB.  The TLB
      miss frramework assumes thatwhen a TSB entry matches we can just load it into
      the TLB and return from the TLB miss trap.
      
      So if a non-valid PTE is in there, we will deadlock taking the TLB miss over
      and over, never satisfying the miss.
      
      Just exit early from update_mmu_cache() and friends in this situation.
      
      Based upon a report and patch from Christopher Alexander Tobias Schulze.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ea9b59f8
    • Prashant Sreedharan's avatar
      tg3: Modify tg3_tso_bug() to handle multiple TX rings · 16959221
      Prashant Sreedharan authored
      [ Upstream commit 4d8fdc95 ]
      
      tg3_tso_bug() was originally designed to handle only HW TX ring 0, Commit
      d3f6f3a1 ("tg3: Prevent page allocation failure
      during TSO workaround") changed the driver logic to use tg3_tso_bug() for all
      HW TX rings that are enabled. This patch fixes the regression by modifying
      tg3_tso_bug() to handle multiple HW TX rings.
      Signed-off-by: default avatarPrashant Sreedharan <prashant@broadcom.com>
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      16959221
    • Eric Dumazet's avatar
      sctp: fix possible seqlock seadlock in sctp_packet_transmit() · c5d05276
      Eric Dumazet authored
      [ Upstream commit 757efd32 ]
      
      Dave reported following splat, caused by improper use of
      IP_INC_STATS_BH() in process context.
      
      BUG: using __this_cpu_add() in preemptible [00000000] code: trinity-c117/14551
      caller is __this_cpu_preempt_check+0x13/0x20
      CPU: 3 PID: 14551 Comm: trinity-c117 Not tainted 3.16.0+ #33
       ffffffff9ec898f0 0000000047ea7e23 ffff88022d32f7f0 ffffffff9e7ee207
       0000000000000003 ffff88022d32f818 ffffffff9e397eaa ffff88023ee70b40
       ffff88022d32f970 ffff8801c026d580 ffff88022d32f828 ffffffff9e397ee3
      Call Trace:
       [<ffffffff9e7ee207>] dump_stack+0x4e/0x7a
       [<ffffffff9e397eaa>] check_preemption_disabled+0xfa/0x100
       [<ffffffff9e397ee3>] __this_cpu_preempt_check+0x13/0x20
       [<ffffffffc0839872>] sctp_packet_transmit+0x692/0x710 [sctp]
       [<ffffffffc082a7f2>] sctp_outq_flush+0x2a2/0xc30 [sctp]
       [<ffffffff9e0d985c>] ? mark_held_locks+0x7c/0xb0
       [<ffffffff9e7f8c6d>] ? _raw_spin_unlock_irqrestore+0x5d/0x80
       [<ffffffffc082b99a>] sctp_outq_uncork+0x1a/0x20 [sctp]
       [<ffffffffc081e112>] sctp_cmd_interpreter.isra.23+0x1142/0x13f0 [sctp]
       [<ffffffffc081c86b>] sctp_do_sm+0xdb/0x330 [sctp]
       [<ffffffff9e0b8f1b>] ? preempt_count_sub+0xab/0x100
       [<ffffffffc083b350>] ? sctp_cname+0x70/0x70 [sctp]
       [<ffffffffc08389ca>] sctp_primitive_ASSOCIATE+0x3a/0x50 [sctp]
       [<ffffffffc083358f>] sctp_sendmsg+0x88f/0xe30 [sctp]
       [<ffffffff9e0d673a>] ? lock_release_holdtime.part.28+0x9a/0x160
       [<ffffffff9e0d62ce>] ? put_lock_stats.isra.27+0xe/0x30
       [<ffffffff9e73b624>] inet_sendmsg+0x104/0x220
       [<ffffffff9e73b525>] ? inet_sendmsg+0x5/0x220
       [<ffffffff9e68ac4e>] sock_sendmsg+0x9e/0xe0
       [<ffffffff9e1c0c09>] ? might_fault+0xb9/0xc0
       [<ffffffff9e1c0bae>] ? might_fault+0x5e/0xc0
       [<ffffffff9e68b234>] SYSC_sendto+0x124/0x1c0
       [<ffffffff9e0136b0>] ? syscall_trace_enter+0x250/0x330
       [<ffffffff9e68c3ce>] SyS_sendto+0xe/0x10
       [<ffffffff9e7f9be4>] tracesys+0xdd/0xe2
      
      This is a followup of commits f1d8cba6 ("inet: fix possible
      seqlock deadlocks") and 7f88c6b2 ("ipv6: fix possible seqlock
      deadlock in ip6_finish_output2")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c5d05276
    • Fabio Estevam's avatar
      Revert "net: phy: Set the driver when registering an MDIO bus device" · 45eece37
      Fabio Estevam authored
      [ Upstream commit ce7991e8 ]
      
      Commit a71e3c37 ("net: phy: Set the driver when registering an MDIO bus
      device") caused the following regression on the fec driver:
      
      root@imx6qsabresd:~# echo mem > /sys/power/state
      PM: Syncing filesystems ... done.
      Freezing user space processes ... (elapsed 0.003 seconds) done.
      Freezing remaining freezable tasks ... (elapsed 0.002 seconds) done.
      Unable to handle kernel NULL pointer dereference at virtual address 0000002c
      pgd = bcd14000
      [0000002c] *pgd=4d9e0831, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] SMP ARM
      Modules linked in:
      CPU: 0 PID: 617 Comm: sh Not tainted 3.16.0 #17
      task: bc0c4e00 ti: bceb6000 task.ti: bceb6000
      PC is at fec_suspend+0x10/0x70
      LR is at dpm_run_callback.isra.7+0x34/0x6c
      pc : [<803f8a98>]    lr : [<80361f44>]    psr: 600f0013
      sp : bceb7d70  ip : bceb7d88  fp : bceb7d84
      r10: 8091523c  r9 : 00000000  r8 : bd88f478
      r7 : 803f8a88  r6 : 81165988  r5 : 00000000  r4 : 00000000
      r3 : 00000000  r2 : 00000000  r1 : bd88f478  r0 : bd88f478
      Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      Control: 10c5387d  Table: 4cd1404a  DAC: 00000015
      Process sh (pid: 617, stack limit = 0xbceb6240)
      Stack: (0xbceb7d70 to 0xbceb8000)
      ....
      
      The problem with the original commit is explained by Russell King:
      
      "It has the effect (as can be seen from the oops) of attaching the MDIO bus
      device (itself is a bus-less device) to the platform driver, which means
      that if the platform driver supports power management, it will be called
      to power manage the MDIO bus device.
      
      Moreover, drivers do not expect to be called for power management
      operations for devices which they haven't probed, and certainly not for
      devices which aren't part of the same bus that the driver is registered
      against."
      
      This reverts commit a71e3c37.
      
      Cc: <stable@vger.kernel.org> #3.16
      Signed-off-by: default avatarFabio Estevam <fabio.estevam@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      45eece37
    • Sven Eckelmann's avatar
      batman-adv: Fix out-of-order fragmentation support · 61a869b1
      Sven Eckelmann authored
      [ Upstream commit d9124268 ]
      
      batadv_frag_insert_packet was unable to handle out-of-order packets because it
      dropped them directly. This is caused by the way the fragmentation lists is
      checked for the correct place to insert a fragmentation entry.
      
      The fragmentation code keeps the fragments in lists. The fragmentation entries
      are kept in descending order of sequence number. The list is traversed and each
      entry is compared with the new fragment. If the current entry has a smaller
      sequence number than the new fragment then the new one has to be inserted
      before the current entry. This ensures that the list is still in descending
      order.
      
      An out-of-order packet with a smaller sequence number than all entries in the
      list still has to be added to the end of the list. The used hlist has no
      information about the last entry in the list inside hlist_head and thus the
      last entry has to be calculated differently. Currently the code assumes that
      the iterator variable of hlist_for_each_entry can be used for this purpose
      after the hlist_for_each_entry finished. This is obviously wrong because the
      iterator variable is always NULL when the list was completely traversed.
      
      Instead the information about the last entry has to be stored in a different
      variable.
      
      This problem was introduced in 610bfc6b
      ("batman-adv: Receive fragmented packets and merge").
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarAntonio Quartulli <antonio@meshcoding.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      61a869b1
    • Sasha Levin's avatar
      iovec: make sure the caller actually wants anything in memcpy_fromiovecend · 874c613a
      Sasha Levin authored
      [ Upstream commit 06ebb06d ]
      
      Check for cases when the caller requests 0 bytes instead of running off
      and dereferencing potentially invalid iovecs.
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      874c613a
    • Vlad Yasevich's avatar
      net: Correctly set segment mac_len in skb_segment(). · d2b999ac
      Vlad Yasevich authored
      [ Upstream commit fcdfe3a7 ]
      
      When performing segmentation, the mac_len value is copied right
      out of the original skb.  However, this value is not always set correctly
      (like when the packet is VLAN-tagged) and we'll end up copying a bad
      value.
      
      One way to demonstrate this is to configure a VM which tags
      packets internally and turn off VLAN acceleration on the forwarding
      bridge port.  The packets show up corrupt like this:
      16:18:24.985548 52:54:00:ab:be:25 > 52:54:00:26:ce:a3, ethertype 802.1Q
      (0x8100), length 1518: vlan 100, p 0, ethertype 0x05e0,
              0x0000:  8cdb 1c7c 8cdb 0064 4006 b59d 0a00 6402 ...|...d@.....d.
              0x0010:  0a00 6401 9e0d b441 0a5e 64ec 0330 14fa ..d....A.^d..0..
              0x0020:  29e3 01c9 f871 0000 0101 080a 000a e833)....q.........3
              0x0030:  000f 8c75 6e65 7470 6572 6600 6e65 7470 ...unetperf.netp
              0x0040:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              0x0050:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              0x0060:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              ...
      
      This also leads to awful throughput as GSO packets are dropped and
      cause retransmissions.
      
      The solution is to set the mac_len using the values already available
      in then new skb.  We've already adjusted all of the header offset, so we
      might as well correctly figure out the mac_len using skb_reset_mac_len().
      After this change, packets are segmented correctly and performance
      is restored.
      
      CC: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d2b999ac
    • Vlad Yasevich's avatar
      macvlan: Initialize vlan_features to turn on offload support. · c8d1a6e2
      Vlad Yasevich authored
      [ Upstream commit 081e83a7 ]
      
      Macvlan devices do not initialize vlan_features.  As a result,
      any vlan devices configured on top of macvlans perform very poorly.
      Initialize vlan_features based on the vlan features of the lower-level
      device.
      Signed-off-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c8d1a6e2
    • Ivan Vecera's avatar
      bna: fix performance regression · 22a998c5
      Ivan Vecera authored
      [ Upstream commit c36c9d50 ]
      
      The recent commit "e29aa339 bna: Enable Multi Buffer RX" is causing
      a performance regression. It does not properly update 'cmpl' pointer
      at the end of the loop in NAPI handler bnad_cq_process(). The result is
      only one packet / per NAPI-schedule is processed.
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      22a998c5
    • Christoph Paasch's avatar
      tcp: Fix integer-overflow in TCP vegas · e5d3a2b8
      Christoph Paasch authored
      [ Upstream commit 1f74e613 ]
      
      In vegas we do a multiplication of the cwnd and the rtt. This
      may overflow and thus their result is stored in a u64. However, we first
      need to cast the cwnd so that actually 64-bit arithmetic is done.
      
      Then, we need to do do_div to allow this to be used on 32-bit arches.
      
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: David Laight <David.Laight@ACULAB.COM>
      Cc: Doug Leith <doug.leith@nuim.ie>
      Fixes: 8d3a564d (tcp: tcp_vegas cong avoid fix)
      Signed-off-by: default avatarChristoph Paasch <christoph.paasch@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e5d3a2b8
    • Christoph Paasch's avatar
      tcp: Fix integer-overflows in TCP veno · 5f8c2f96
      Christoph Paasch authored
      [ Upstream commit 45a07695 ]
      
      In veno we do a multiplication of the cwnd and the rtt. This
      may overflow and thus their result is stored in a u64. However, we first
      need to cast the cwnd so that actually 64-bit arithmetic is done.
      
      A first attempt at fixing 76f10177 ([TCP]: TCP Veno congestion
      control) was made by 15913114 (tcp: Overflow bug in Vegas), but it
      failed to add the required cast in tcp_veno_cong_avoid().
      
      Fixes: 76f10177 ([TCP]: TCP Veno congestion control)
      Signed-off-by: default avatarChristoph Paasch <christoph.paasch@uclouvain.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5f8c2f96