1. 02 Dec, 2016 23 commits
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.9-20161201' of... · f0d21e89
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.9-20161201' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2016-12-02
      
      this is a pull request for net/master.
      
      There are two patches by Stephane Grosjean, who adds support for the new
      PCAN-USB X6 USB interface to the pcan_usb driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f0d21e89
    • Dan Carpenter's avatar
      net: renesas: ravb: unintialized return value · 50d5aa4c
      Dan Carpenter authored
      We want to set the other "err" variable here so that we can return it
      later.  My version of GCC misses this issue but I caught it with a
      static checker.
      
      Fixes: 9f70eb33 ("net: ethernet: renesas: ravb: fix fixed-link phydev leaks")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Reviewed-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50d5aa4c
    • Chris Brandt's avatar
      sh_eth: remove unchecked interrupts for RZ/A1 · 33d446db
      Chris Brandt authored
      When streaming a lot of data and the RZ/A1 can't keep up, some status bits
      will get set that are not being checked or cleared which cause the
      following messages and the Ethernet driver to stop working. This
      patch fixes that issue.
      
      irq 21: nobody cared (try booting with the "irqpoll" option)
      handlers:
      [<c036b71c>] sh_eth_interrupt
      Disabling IRQ #21
      
      Fixes: db893473 ("sh_eth: Add support for r7s72100")
      Signed-off-by: default avatarChris Brandt <chris.brandt@renesas.com>
      Acked-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      33d446db
    • Florian Fainelli's avatar
      net: bcmgenet: Utilize correct struct device for all DMA operations · 8c4799ac
      Florian Fainelli authored
      __bcmgenet_tx_reclaim() and bcmgenet_free_rx_buffers() are not using the
      same struct device during unmap that was used for the map operation,
      which makes DMA-API debugging warn about it. Fix this by always using
      &priv->pdev->dev throughout the driver, using an identical device
      reference for all map/unmap calls.
      
      Fixes: 1c1008c7 ("net: bcmgenet: add main driver file")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c4799ac
    • Daniele Palmas's avatar
      NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040 · 9bd813da
      Daniele Palmas authored
      This patch adds support for PID 0x1040 of Telit LE922A.
      
      The qmi adapter requires to have DTR set for proper working,
      so QMI_WWAN_QUIRK_DTR has been enabled.
      Signed-off-by: default avatarDaniele Palmas <dnlplm@gmail.com>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9bd813da
    • Kristian Evensen's avatar
      cdc_ether: Fix handling connection notification · d5c83d0d
      Kristian Evensen authored
      Commit bfe9b9d2 ("cdc_ether: Improve ZTE MF823/831/910 handling")
      introduced a work-around in usbnet_cdc_status() for devices that exported
      cdc carrier on twice on connect. Before the commit, this behavior caused
      the link state to be incorrect. It was assumed that all CDC Ethernet
      devices would either export this behavior, or send one off and then one on
      notification (which seems to be the default behavior).
      
      Unfortunately, it turns out multiple devices sends a connection
      notification multiple times per second (via an interrupt), even when
      connection state does not change. This has been observed with several
      different USB LAN dongles (at least), for example 13b1:0041 (Linksys).
      After bfe9b9d2, the link state has been set as down and then up for
      each notification. This has caused a flood of Netlink NEWLINK messages and
      syslog to be flooded with messages similar to:
      
      cdc_ether 2-1:2.0 eth1: kevent 12 may have been dropped
      
      This commit fixes the behavior by reverting usbnet_cdc_status() to how it
      was before bfe9b9d2. The work-around has been moved to a separate
      status-function which is only called when a known, affect device is
      detected.
      
      v1->v2:
      
      * Do not open-code netif_carrier_ok() (thanks Henning Schild).
      * Call netif_carrier_off() instead of usb_link_change(). This prevents
      calling schedule_work() twice without giving the work queue a chance to be
      processed (thanks Bjørn Mork).
      
      Fixes: bfe9b9d2 ("cdc_ether: Improve ZTE MF823/831/910 handling")
      Reported-by: default avatarHenning Schild <henning.schild@siemens.com>
      Signed-off-by: default avatarKristian Evensen <kristian.evensen@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5c83d0d
    • Artem Savkov's avatar
      ip6_offload: check segs for NULL in ipv6_gso_segment. · 6b6ebb6b
      Artem Savkov authored
      segs needs to be checked for being NULL in ipv6_gso_segment() before calling
      skb_shinfo(segs), otherwise kernel can run into a NULL-pointer dereference:
      
      [   97.811262] BUG: unable to handle kernel NULL pointer dereference at 00000000000000cc
      [   97.819112] IP: [<ffffffff816e52f9>] ipv6_gso_segment+0x119/0x2f0
      [   97.825214] PGD 0 [   97.827047]
      [   97.828540] Oops: 0000 [#1] SMP
      [   97.831678] Modules linked in: vhost_net vhost macvtap macvlan nfsv3 rpcsec_gss_krb5
      nfsv4 dns_resolver nfs fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4
      iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack
      ipt_REJECT nf_reject_ipv4 tun ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter
      bridge stp llc snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel
      snd_hda_codec edac_mce_amd snd_hda_core edac_core snd_hwdep kvm_amd snd_seq kvm snd_seq_device
      snd_pcm irqbypass snd_timer ppdev parport_serial snd parport_pc k10temp pcspkr soundcore parport
      sp5100_tco shpchp sg wmi i2c_piix4 acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc
      ip_tables xfs libcrc32c sr_mod cdrom sd_mod ata_generic pata_acpi amdkfd amd_iommu_v2 radeon
      broadcom bcm_phy_lib i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops
      ttm ahci serio_raw tg3 firewire_ohci libahci pata_atiixp drm ptp libata firewire_core pps_core
      i2c_core crc_itu_t fjes dm_mirror dm_region_hash dm_log dm_mod
      [   97.927721] CPU: 1 PID: 3504 Comm: vhost-3495 Not tainted 4.9.0-7.el7.test.x86_64 #1
      [   97.935457] Hardware name: AMD Snook/Snook, BIOS ESK0726A 07/26/2010
      [   97.941806] task: ffff880129a1c080 task.stack: ffffc90001bcc000
      [   97.947720] RIP: 0010:[<ffffffff816e52f9>]  [<ffffffff816e52f9>] ipv6_gso_segment+0x119/0x2f0
      [   97.956251] RSP: 0018:ffff88012fc43a10  EFLAGS: 00010207
      [   97.961557] RAX: 0000000000000000 RBX: ffff8801292c8700 RCX: 0000000000000594
      [   97.968687] RDX: 0000000000000593 RSI: ffff880129a846c0 RDI: 0000000000240000
      [   97.975814] RBP: ffff88012fc43a68 R08: ffff880129a8404e R09: 0000000000000000
      [   97.982942] R10: 0000000000000000 R11: ffff880129a84076 R12: 00000020002949b3
      [   97.990070] R13: ffff88012a580000 R14: 0000000000000000 R15: ffff88012a580000
      [   97.997198] FS:  0000000000000000(0000) GS:ffff88012fc40000(0000) knlGS:0000000000000000
      [   98.005280] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   98.011021] CR2: 00000000000000cc CR3: 0000000126c5d000 CR4: 00000000000006e0
      [   98.018149] Stack:
      [   98.020157]  00000000ffffffff ffff88012fc43ac8 ffffffffa017ad0a 000000000000000e
      [   98.027584]  0000001300000000 0000000077d59998 ffff8801292c8700 00000020002949b3
      [   98.035010]  ffff88012a580000 0000000000000000 ffff88012a580000 ffff88012fc43a98
      [   98.042437] Call Trace:
      [   98.044879]  <IRQ> [   98.046803]  [<ffffffffa017ad0a>] ? tg3_start_xmit+0x84a/0xd60 [tg3]
      [   98.053156]  [<ffffffff815eeee0>] skb_mac_gso_segment+0xb0/0x130
      [   98.059158]  [<ffffffff815eefd3>] __skb_gso_segment+0x73/0x110
      [   98.064985]  [<ffffffff815ef40d>] validate_xmit_skb+0x12d/0x2b0
      [   98.070899]  [<ffffffff815ef5d2>] validate_xmit_skb_list+0x42/0x70
      [   98.077073]  [<ffffffff81618560>] sch_direct_xmit+0xd0/0x1b0
      [   98.082726]  [<ffffffff815efd86>] __dev_queue_xmit+0x486/0x690
      [   98.088554]  [<ffffffff8135c135>] ? cpumask_next_and+0x35/0x50
      [   98.094380]  [<ffffffff815effa0>] dev_queue_xmit+0x10/0x20
      [   98.099863]  [<ffffffffa09ce057>] br_dev_queue_push_xmit+0xa7/0x170 [bridge]
      [   98.106907]  [<ffffffffa09ce161>] br_forward_finish+0x41/0xc0 [bridge]
      [   98.113430]  [<ffffffff81627cf2>] ? nf_iterate+0x52/0x60
      [   98.118735]  [<ffffffff81627d6b>] ? nf_hook_slow+0x6b/0xc0
      [   98.124216]  [<ffffffffa09ce32c>] __br_forward+0x14c/0x1e0 [bridge]
      [   98.130480]  [<ffffffffa09ce120>] ? br_dev_queue_push_xmit+0x170/0x170 [bridge]
      [   98.137785]  [<ffffffffa09ce4bd>] br_forward+0x9d/0xb0 [bridge]
      [   98.143701]  [<ffffffffa09cfbb7>] br_handle_frame_finish+0x267/0x560 [bridge]
      [   98.150834]  [<ffffffffa09d0064>] br_handle_frame+0x174/0x2f0 [bridge]
      [   98.157355]  [<ffffffff8102fb89>] ? sched_clock+0x9/0x10
      [   98.162662]  [<ffffffff810b63b2>] ? sched_clock_cpu+0x72/0xa0
      [   98.168403]  [<ffffffff815eccf5>] __netif_receive_skb_core+0x1e5/0xa20
      [   98.174926]  [<ffffffff813659f9>] ? timerqueue_add+0x59/0xb0
      [   98.180580]  [<ffffffff815ed548>] __netif_receive_skb+0x18/0x60
      [   98.186494]  [<ffffffff815ee625>] process_backlog+0x95/0x140
      [   98.192145]  [<ffffffff815edccd>] net_rx_action+0x16d/0x380
      [   98.197713]  [<ffffffff8170cff1>] __do_softirq+0xd1/0x283
      [   98.203106]  [<ffffffff8170b2bc>] do_softirq_own_stack+0x1c/0x30
      [   98.209107]  <EOI> [   98.211029]  [<ffffffff8108a5c0>] do_softirq+0x50/0x60
      [   98.216166]  [<ffffffff815ec853>] netif_rx_ni+0x33/0x80
      [   98.221386]  [<ffffffffa09eeff7>] tun_get_user+0x487/0x7f0 [tun]
      [   98.227388]  [<ffffffffa09ef3ab>] tun_sendmsg+0x4b/0x60 [tun]
      [   98.233129]  [<ffffffffa0b68932>] handle_tx+0x282/0x540 [vhost_net]
      [   98.239392]  [<ffffffffa0b68c25>] handle_tx_kick+0x15/0x20 [vhost_net]
      [   98.245916]  [<ffffffffa0abacfe>] vhost_worker+0x9e/0xf0 [vhost]
      [   98.251919]  [<ffffffffa0abac60>] ? vhost_umem_alloc+0x40/0x40 [vhost]
      [   98.258440]  [<ffffffff81003a47>] ? do_syscall_64+0x67/0x180
      [   98.264094]  [<ffffffff810a44d9>] kthread+0xd9/0xf0
      [   98.268965]  [<ffffffff810a4400>] ? kthread_park+0x60/0x60
      [   98.274444]  [<ffffffff8170a4d5>] ret_from_fork+0x25/0x30
      [   98.279836] Code: 8b 93 d8 00 00 00 48 2b 93 d0 00 00 00 4c 89 e6 48 89 df 66 89 93 c2 00 00 00 ff 10 48 3d 00 f0 ff ff 49 89 c2 0f 87 52 01 00 00 <41> 8b 92 cc 00 00 00 48 8b 80 d0 00 00 00 44 0f b7 74 10 06 66
      [   98.299425] RIP  [<ffffffff816e52f9>] ipv6_gso_segment+0x119/0x2f0
      [   98.305612]  RSP <ffff88012fc43a10>
      [   98.309094] CR2: 00000000000000cc
      [   98.312406] ---[ end trace 726a2c7a2d2d78d0 ]---
      Signed-off-by: default avatarArtem Savkov <asavkov@redhat.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b6ebb6b
    • Sowmini Varadhan's avatar
      RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net · 721c7443
      Sowmini Varadhan authored
      If some error is encountered in rds_tcp_init_net, make sure to
      unregister_netdevice_notifier(), else we could trigger a panic
      later on, when the modprobe from a netns fails.
      Signed-off-by: default avatarSowmini Varadhan <sowmini.varadhan@oracle.com>
      Acked-by: default avatarSantosh Shilimkar <santosh.shilimkar@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      721c7443
    • Eli Cooper's avatar
      Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()" · 80d1106a
      Eli Cooper authored
      This reverts commit ae148b08
      ("ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()").
      
      skb->protocol is now set in __ip_local_out() and __ip6_local_out() before
      dst_output() is called. It is no longer necessary to do it for each tunnel.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEli Cooper <elicooper@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      80d1106a
    • Eli Cooper's avatar
      ipv6: Set skb->protocol properly for local output · b4e479a9
      Eli Cooper authored
      When xfrm is applied to TSO/GSO packets, it follows this path:
      
          xfrm_output() -> xfrm_output_gso() -> skb_gso_segment()
      
      where skb_gso_segment() relies on skb->protocol to function properly.
      
      This patch sets skb->protocol to ETH_P_IPV6 before dst_output() is called,
      fixing a bug where GSO packets sent through an ipip6 tunnel are dropped
      when xfrm is involved.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEli Cooper <elicooper@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b4e479a9
    • Eli Cooper's avatar
      ipv4: Set skb->protocol properly for local output · f4180439
      Eli Cooper authored
      When xfrm is applied to TSO/GSO packets, it follows this path:
      
          xfrm_output() -> xfrm_output_gso() -> skb_gso_segment()
      
      where skb_gso_segment() relies on skb->protocol to function properly.
      
      This patch sets skb->protocol to ETH_P_IP before dst_output() is called,
      fixing a bug where GSO packets sent through a sit tunnel are dropped
      when xfrm is involved.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEli Cooper <elicooper@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4180439
    • Philip Pettersson's avatar
      packet: fix race condition in packet_set_ring · 84ac7260
      Philip Pettersson authored
      When packet_set_ring creates a ring buffer it will initialize a
      struct timer_list if the packet version is TPACKET_V3. This value
      can then be raced by a different thread calling setsockopt to
      set the version to TPACKET_V1 before packet_set_ring has finished.
      
      This leads to a use-after-free on a function pointer in the
      struct timer_list when the socket is closed as the previously
      initialized timer will not be deleted.
      
      The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
      changing the packet version while also taking the lock at the start
      of packet_set_ring.
      
      Fixes: f6fb8f10 ("af-packet: TPACKET_V3 flexible buffer implementation.")
      Signed-off-by: default avatarPhilip Pettersson <philip.pettersson@gmail.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84ac7260
    • Lino Sanfilippo's avatar
      net: ethernet: altera: TSE: do not use tx queue lock in tx completion handler · 2219d5ed
      Lino Sanfilippo authored
      The driver already uses its private lock for synchronization between xmit
      and xmit completion handler making the additional use of the xmit_lock
      unnecessary.
      Furthermore the driver does not set NETIF_F_LLTX resulting in xmit to be
      called with the xmit_lock held and then taking the private lock while xmit
      completion handler does the reverse, first take the private lock, then the
      xmit_lock.
      Fix these issues by not taking the xmit_lock in the tx completion handler.
      Signed-off-by: default avatarLino Sanfilippo <LinoSanfilippo@gmx.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2219d5ed
    • Lino Sanfilippo's avatar
      net: ethernet: altera: TSE: Remove unneeded dma sync for tx buffers · 151a14db
      Lino Sanfilippo authored
      An explicit dma sync for device directly after mapping as well as an
      explicit dma sync for cpu directly before unmapping is unnecessary and
      costly on the hotpath. So remove these calls.
      Signed-off-by: default avatarLino Sanfilippo <LinoSanfilippo@gmx.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      151a14db
    • David S. Miller's avatar
      Merge branch 'stmmac-probe-error-handling-and-phydev-leaks' · d262fd12
      David S. Miller authored
      Johan Hovold says:
      
      ====================
      net: stmmac: fix probe error handling and phydev leaks
      
      This series fixes a number of issues with the stmmac-driver probe error
      handling, which for example left clocks enabled after probe failures.
      
      The final patch fixes a failure to deregister and free any fixed-link
      PHYs that were registered during probe on probe errors and on driver
      unbind. It also fixes a related of-node leak on late probe errors.
      
      This series depends on the of_phy_deregister_fixed_link() helper that
      was just merged to net.
      
      As mentioned earlier, one staging driver also suffers from a similar
      leak and can be fixed up once the above mentioned helper hits mainline.
      
      Note that these patches have only been compile tested.
      ====================
      Acked-by: default avatarGiuseppe Cavallaro <peppe.cavallaro@st.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d262fd12
    • Johan Hovold's avatar
      net: ethernet: stmmac: fix of-node and fixed-link-phydev leaks · d2ed0a77
      Johan Hovold authored
      Make sure to deregister and free any fixed-link phy registered during
      probe on probe errors and on driver unbind by adding a new glue helper
      function.
      
      Drop the of-node reference taken in the same path also on late probe
      errors (and not just on driver unbind) by moving the put from
      stmmac_dvr_remove() to the new helper.
      
      Fixes: 27732381 ("stmmac: add fixed-link device-tree support")
      Fixes: 4613b279 ("ethernet: stmicro: stmmac: add missing of_node_put
      after calling of_parse_phandle")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarMaxime Ripard <maxime.ripard@free-electrons.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2ed0a77
    • Johan Hovold's avatar
      net: ethernet: stmmac: platform: fix outdated function header · 661f049b
      Johan Hovold authored
      Fix the OF-helper function header to reflect that the function no longer
      has a platform-data parameter.
      
      Fixes: b0003ead ("stmmac: make stmmac_probe_config_dt return the
      platform data struct")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      661f049b
    • Johan Hovold's avatar
      net: ethernet: stmmac: dwmac-meson8b: fix probe error path · 5cc70bbc
      Johan Hovold authored
      Make sure to disable clocks before returning on late probe errors.
      
      Fixes: 566e8251 ("net: stmmac: add a glue driver for the Amlogic
      Meson 8b / GXBB DWMAC")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarKevin Hilman <khilman@baylibre.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5cc70bbc
    • Johan Hovold's avatar
      net: ethernet: stmmac: dwmac-generic: fix probe error path · 939b2002
      Johan Hovold authored
      Make sure to call any exit() callback to undo the effect of init()
      before returning on late probe errors.
      
      Fixes: cf3f047b ("stmmac: move hw init in the probe (v2)")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      939b2002
    • Johan Hovold's avatar
      net: ethernet: stmmac: dwmac-rk: fix probe error path · 2d222656
      Johan Hovold authored
      Make sure to disable runtime PM, power down the PHY, and disable clocks
      before returning on late probe errors.
      
      Fixes: 27ffefd2 ("stmmac: dwmac-rk: create a new probe function")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d222656
    • Johan Hovold's avatar
      net: ethernet: stmmac: dwmac-sti: fix probe error path · 0a9e2271
      Johan Hovold authored
      Make sure to disable clocks before returning on late probe errors.
      
      Fixes: 8387ee21 ("stmmac: dwmac-sti: turn setup callback into a
      probe function")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0a9e2271
    • Johan Hovold's avatar
      net: ethernet: stmmac: dwmac-socfpga: fix use-after-free on probe errors · 50ac64cf
      Johan Hovold authored
      Make sure to call stmmac_dvr_remove() before returning on late probe
      errors so that memory is freed, clocks are disabled, and the netdev is
      deregistered before its resources go away.
      
      Fixes: 3c201b5a ("net: stmmac: socfpga: Remove re-registration of
      reset controller")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50ac64cf
    • Tobias Klauser's avatar
      net/rtnetlink: fix attribute name in nlmsg_size() comments · 6919756c
      Tobias Klauser authored
      Use the correct attribute constant names IFLA_GSO_MAX_{SEGS,SIZE}
      instead of IFLA_MAX_GSO_{SEGS,SIZE} for the comments int nlmsg_size().
      
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarTobias Klauser <tklauser@distanz.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6919756c
  2. 01 Dec, 2016 7 commits
    • Alexander Duyck's avatar
      ixgbe/ixgbevf: Don't use lco_csum to compute IPv4 checksum · c54cdc31
      Alexander Duyck authored
      In the case of IPIP and SIT tunnel frames the outer transport header
      offset is actually set to the same offset as the inner transport header.
      This results in the lco_csum call not doing any checksum computation over
      the inner IPv4/v6 header data.
      
      In order to account for that I am updating the code so that we determine
      the location to start the checksum ourselves based on the location of the
      IPv4 header and the length.
      
      Fixes: b83e3010 ("ixgbe/ixgbevf: Add support for GSO partial")
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c54cdc31
    • Alexander Duyck's avatar
      igb/igbvf: Don't use lco_csum to compute IPv4 checksum · 516165a1
      Alexander Duyck authored
      In the case of IPIP and SIT tunnel frames the outer transport header
      offset is actually set to the same offset as the inner transport header.
      This results in the lco_csum call not doing any checksum computation over
      the inner IPv4/v6 header data.
      
      In order to account for that I am updating the code so that we determine
      the location to start the checksum ourselves based on the location of the
      IPv4 header and the length.
      
      Fixes: e10715d3 ("igb/igbvf: Add support for GSO partial")
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      516165a1
    • allan's avatar
      net: asix: Fix AX88772_suspend() USB vendor commands failure issues · fadf3a28
      allan authored
      The change fixes AX88772_suspend() USB vendor commands failure issues.
      Signed-off-by: default avatarAllan Chou <allan@asix.com.tw>
      Tested-by: default avatarAllan Chou <allan@asix.com.tw>
      Tested-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fadf3a28
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 7bbf91ce
      David S. Miller authored
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2016-12-01
      
      1) Change the error value when someone tries to run 32bit
         userspace on a 64bit host from -ENOTSUPP to the userspace
         exported -EOPNOTSUPP. Fix from Yi Zhao.
      
      2) On inbound, ESN sequence numbers are already in network
         byte order. So don't try to convert it again, this fixes
         integrity verification for ESN. Fixes from Tobias Brunner.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bbf91ce
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 3d2dd617
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      This is a large batch of Netfilter fixes for net, they are:
      
      1) Three patches to fix NAT conversion to rhashtable: Switch to rhlist
         structure that allows to have several objects with the same key.
         Moreover, fix wrong comparison logic in nf_nat_bysource_cmp() as this is
         expecting a return value similar to memcmp(). Change location of
         the nat_bysource field in the nf_conn structure to avoid zeroing
         this as it breaks interaction with SLAB_DESTROY_BY_RCU and lead us
         to crashes. From Florian Westphal.
      
      2) Don't allow malformed fragments go through in IPv6, drop them,
         otherwise we hit GPF, patch from Florian Westphal.
      
      3) Fix crash if attributes are missing in nft_range, from Liping Zhang.
      
      4) Fix arptables 32-bits userspace 64-bits kernel compat, from Hongxu Jia.
      
      5) Two patches from David Ahern to fix netfilter interaction with vrf.
         From David Ahern.
      
      6) Fix element timeout calculation in nf_tables, we take milliseconds
         from userspace, but we use jiffies from kernelspace. Patch from
         Anders K.  Pedersen.
      
      7) Missing validation length netlink attribute for nft_hash, from
         Laura Garcia.
      
      8) Fix nf_conntrack_helper documentation, we don't default to off
         anymore for a bit of time so let's get this in sync with the code.
      
      I know is late but I think these are important, specifically the NAT
      bits, as they are mostly addressing fallout from recent changes. I also
      read there are chances to have -rc8, if that is the case, that would
      also give us a bit more time to test this.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3d2dd617
    • Stephane Grosjean's avatar
      can: peak: Add support for PCAN-USB X6 USB interface · f00b534d
      Stephane Grosjean authored
      This adds support for PEAK-System PCAN-USB X6 USB to CAN interface.
      
      The CAN FD adapter PCAN-USB X6 allows the connection of up to 6 CAN FD
      or CAN networks to a computer via USB. The interface is installed in an
      aluminum profile casing and is shipped in versions with D-Sub connectors
      or M12 circular connectors.
      
      The PCAN-USB X6 registers in the USB sub-system as if 3x PCAN-USB-Pro FD
      adapters were plugged. So, this patch:
      
      - updates the PEAK_USB entry of the corresponding Kconfig file
      - defines and adds the device id. of the PCAN-USB X6 (0x0014) into the
        table of supported device ids
      - defines and adds the new software structure implementing the PCAN-USB X6,
        which is obviously a clone of the software structure implementing the
        PCAN-USB Pro FD.
      Signed-off-by: default avatarStephane Grosjean <s.grosjean@peak-system.com>
      Tested-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      f00b534d
    • Stephane Grosjean's avatar
      can: peak: Fix bittiming fields size in bits · fe5b4064
      Stephane Grosjean authored
      This fixes the bitimings fields ranges supported by all the CAN-FD USB
      interfaces of the PEAK-System CAN-FD adapters.
      
      Very first development versions of the IP core API defined smaller TSGEx
      and SJW fields for both nominal and data bittimings records than the
      production versions. This patch fixes them by enlarging their sizes to
      the actual values:
      
      field:           old size:    fixed size:
      nominal TSGEG1   6            8
      nominal TSGEG2   4            7
      nominal SJW      4            7
      data TSGEG1      4            5
      data TSGEG2      3            4
      data SJW         2            4
      
      Note that this has no other consequences than offering larger choice to
      bitrate encoding.
      Signed-off-by: default avatarStephane Grosjean <s.grosjean@peak-system.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      fe5b4064
  3. 30 Nov, 2016 10 commits
    • Jason Wang's avatar
      macvtap: handle ubuf refcount correctly when meet errors · aa196eed
      Jason Wang authored
      We trigger uarg->callback() immediately after we decide do datacopy
      even if caller want to do zerocopy. This will cause the callback
      (vhost_net_zerocopy_callback) decrease the refcount. But when we meet
      an error afterwards, the error handling in vhost handle_tx() will try
      to decrease it again. This is wrong and fix this by delay the
      uarg->callback() until we're sure there's no errors.
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aa196eed
    • Jason Wang's avatar
      tun: handle ubuf refcount correctly when meet errors · af1cc7a2
      Jason Wang authored
      We trigger uarg->callback() immediately after we decide do datacopy
      even if caller want to do zerocopy. This will cause the callback
      (vhost_net_zerocopy_callback) decrease the refcount. But when we meet
      an error afterwards, the error handling in vhost handle_tx() will try
      to decrease it again. This is wrong and fix this by delay the
      uarg->callback() until we're sure there's no errors.
      Reported-by: default avatarwangyunjian <wangyunjian@huawei.com>
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      af1cc7a2
    • Grygorii Strashko's avatar
      net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during resume · 4ccfd638
      Grygorii Strashko authored
      netif_set_real_num_tx/rx_queues() are required to be called with rtnl_lock
      taken, otherwise ASSERT_RTNL() warning will be triggered - which happens
      now during System resume from suspend:
      cpsw_resume()
      |- cpsw_ndo_open()
        |- netif_set_real_num_tx/rx_queues()
           |- ASSERT_RTNL();
      
      Hence, fix it by surrounding cpsw_ndo_open() by rtnl_lock/unlock() calls.
      
      Cc: Dave Gerlach <d-gerlach@ti.com>
      Cc: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
      Fixes: commit e05107e6 ("net: ethernet: ti: cpsw: add multi queue support")
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarIvan Khoronzhuk <ivan.khoronzhuk@linaro.org>
      Tested-by: default avatarDave Gerlach <d-gerlach@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4ccfd638
    • Josef Bacik's avatar
      bpf: fix states equal logic for varlen access · e2d2afe1
      Josef Bacik authored
      If we have a branch that looks something like this
      
      int foo = map->value;
      if (condition) {
        foo += blah;
      } else {
        foo = bar;
      }
      map->array[foo] = baz;
      
      We will incorrectly assume that the !condition branch is equal to the condition
      branch as the register for foo will be UNKNOWN_VALUE in both cases.  We need to
      adjust this logic to only do this if we didn't do a varlen access after we
      processed the !condition branch, otherwise we have different ranges and need to
      check the other branch as well.
      
      Fixes: 48461135 ("bpf: allow access into map value arrays")
      Reported-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e2d2afe1
    • Hongxu Jia's avatar
      netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel · 17a49cd5
      Hongxu Jia authored
      Since 09d96860 ("netfilter: x_tables: do compat validation via
      translate_table"), it used compatr structure to assign newinfo
      structure.  In translate_compat_table of ip_tables.c and ip6_tables.c,
      it used compatr->hook_entry to replace info->hook_entry and
      compatr->underflow to replace info->underflow, but not do the same
      replacement in arp_tables.c.
      
      It caused invoking 32-bit "arptbale -P INPUT ACCEPT" failed in 64bit
      kernel.
      --------------------------------------
      root@qemux86-64:~# arptables -P INPUT ACCEPT
      root@qemux86-64:~# arptables -P INPUT ACCEPT
      ERROR: Policy for `INPUT' offset 448 != underflow 0
      arptables: Incompatible with this kernel
      --------------------------------------
      
      Fixes: 09d96860 ("netfilter: x_tables: do compat validation via translate_table")
      Signed-off-by: default avatarHongxu Jia <hongxu.jia@windriver.com>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      17a49cd5
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2016-11-29' of... · 0fcba289
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2016-11-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.9
      
      mwifiex
      
      * properly terminate SSIDs so that uninitalised memory is not printed
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0fcba289
    • David S. Miller's avatar
      Merge branch 'l2tp-fixes' · 7752f727
      David S. Miller authored
      Guillaume Nault says:
      
      ====================
      l2tp: fixes for l2tp_ip and l2tp_ip6 socket handling
      
      This series addresses problems found while working on commit 32c23116
      ("l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()").
      
      The first three patches fix races in socket's connect, recv and bind
      operations. The last two ones fix scenarios where l2tp fails to
      correctly lookup its userspace sockets.
      
      Apart from the last patch, which is l2tp_ip6 specific, every patch
      fixes the same problem in the L2TP IPv4 and IPv6 code.
      
      All problems fixed by this series exist since the creation of the
      l2tp_ip and l2tp_ip6 modules.
      
      Changes since v1:
        * Patch #3: fix possible uninitialised use of 'ret' in l2tp_ip_bind().
      ====================
      Acked-by: default avatarJames Chapman <jchapman@katalix.com>
      7752f727
    • Guillaume Nault's avatar
      l2tp: fix address test in __l2tp_ip6_bind_lookup() · 31e2f21f
      Guillaume Nault authored
      The '!(addr && ipv6_addr_equal(addr, laddr))' part of the conditional
      matches if addr is NULL or if addr != laddr.
      But the intend of __l2tp_ip6_bind_lookup() is to find a sockets with
      the same address, so the ipv6_addr_equal() condition needs to be
      inverted.
      
      For better clarity and consistency with the rest of the expression, the
      (!X || X == Y) notation is used instead of !(X && X != Y).
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31e2f21f
    • Guillaume Nault's avatar
      l2tp: fix lookup for sockets not bound to a device in l2tp_ip · df90e688
      Guillaume Nault authored
      When looking up an l2tp socket, we must consider a null netdevice id as
      wild card. There are currently two problems caused by
      __l2tp_ip_bind_lookup() not considering 'dif' as wild card when set to 0:
      
        * A socket bound to a device (i.e. with sk->sk_bound_dev_if != 0)
          never receives any packet. Since __l2tp_ip_bind_lookup() is called
          with dif == 0 in l2tp_ip_recv(), sk->sk_bound_dev_if is always
          different from 'dif' so the socket doesn't match.
      
        * Two sockets, one bound to a device but not the other, can be bound
          to the same address. If the first socket binding to the address is
          the one that is also bound to a device, the second socket can bind
          to the same address without __l2tp_ip_bind_lookup() noticing the
          overlap.
      
      To fix this issue, we need to consider that any null device index, be
      it 'sk->sk_bound_dev_if' or 'dif', matches with any other value.
      We also need to pass the input device index to __l2tp_ip_bind_lookup()
      on reception so that sockets bound to a device never receive packets
      from other devices.
      
      This patch fixes l2tp_ip6 in the same way.
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      df90e688
    • Guillaume Nault's avatar
      l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() · d5e3a190
      Guillaume Nault authored
      It's not enough to check for sockets bound to same address at the
      beginning of l2tp_ip{,6}_bind(): even if no socket is found at that
      time, a socket with the same address could be bound before we take
      the l2tp lock again.
      
      This patch moves the lookup right before inserting the new socket, so
      that no change can ever happen to the list between address lookup and
      socket insertion.
      
      Care is taken to avoid side effects on the socket in case of failure.
      That is, modifications of the socket are done after the lookup, when
      binding is guaranteed to succeed, and before releasing the l2tp lock,
      so that concurrent lookups will always see fully initialised sockets.
      
      For l2tp_ip, 'ret' is set to -EINVAL before checking the SOCK_ZAPPED
      bit. Error code was mistakenly set to -EADDRINUSE on error by commit
      32c23116 ("l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()").
      Using -EINVAL restores original behaviour.
      
      For l2tp_ip6, the lookup is now always done with the correct bound
      device. Before this patch, when binding to a link-local address, the
      lookup was done with the original sk->sk_bound_dev_if, which was later
      overwritten with addr->l2tp_scope_id. Lookup is now performed with the
      final sk->sk_bound_dev_if value.
      
      Finally, the (addr_len >= sizeof(struct sockaddr_in6)) check has been
      dropped: addr is a sockaddr_l2tpip6 not sockaddr_in6 and addr_len has
      already been checked at this point (this part of the code seems to have
      been copy-pasted from net/ipv6/raw.c).
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5e3a190