1. 09 Jul, 2016 8 commits
    • Marcelo Ricardo Leitner's avatar
      sctp: fix panic when sending auth chunks · f1533cce
      Marcelo Ricardo Leitner authored
      When we introduced GSO support, if using auth the auth chunk was being
      left queued on the packet even after the final segment was generated.
      Later on sctp_transmit_packet it calls sctp_packet_reset, which zeroed
      the packet len while not accounting for this left-over. This caused more
      space to be used the next packet due to the chunk still being queued,
      but space which wasn't allocated as its size wasn't accounted.
      
      The fix is to only queue it back when we know that we are going to
      generate another segment.
      
      Fixes: 90017acc ("sctp: Add GSO support")
      Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1533cce
    • Dan Carpenter's avatar
      bnxt: fix a condition · 09a7636a
      Dan Carpenter authored
      This code generates as static checker warning because htons(ETH_P_IPV6)
      is always true.  From the context it looks like the && was intended to
      be !=.
      
      Fixes: 94758f8d ('bnxt_en: Add GRO logic for BCM5731X chips.')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      09a7636a
    • Alexei Starovoitov's avatar
      bpf: introduce bpf_get_current_task() helper · 606274c5
      Alexei Starovoitov authored
      over time there were multiple requests to access different data
      structures and fields of task_struct current, so finally add
      the helper to access 'current' as-is. Tracing bpf programs will do
      the rest of walking the pointers via bpf_probe_read().
      Note that current can be null and bpf program has to deal it with,
      but even dumb passing null into bpf_probe_read() is still safe.
      Suggested-by: default avatarBrendan Gregg <brendan.d.gregg@gmail.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      606274c5
    • Vivien Didelot's avatar
      net: dsa: initialize the routing table · d390238c
      Vivien Didelot authored
      The routing table of every switch in a tree is currently initialized to
      all zeros. This is an issue since 0 is a valid port number.
      
      Add a DSA_RTABLE_NONE=-1 constant to initialize the signed values of the
      routing table pointing to other switches.
      
      This fixes the device mapping of the mv88e6xxx driver where the port
      pointing to the switch itself and to non-existent switches was wrongly
      configured to be 0. It is now set to the expected 0xf value.
      Signed-off-by: default avatarVivien Didelot <vivien.didelot@savoirfairelinux.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d390238c
    • Craig Gallek's avatar
      tun: Don't assume type tun in tun_device_event · 86dfb4ac
      Craig Gallek authored
      The referenced change added a netlink notifier for processing
      device queue size events.  These events are fired for all devices
      but the registered callback assumed they only occurred for tun
      devices.  This fix adds a check (borrowed from macvtap.c) to discard
      non-tun device events.
      
      For reference, this fixes the following splat:
      [   71.505935] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
      [   71.513870] IP: [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
      [   71.519906] PGD 3f41f56067 PUD 3f264b7067 PMD 0
      [   71.524497] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
      [   71.529374] gsmi: Log Shutdown Reason 0x03
      [   71.533417] Modules linked in:[   71.533826] mlx4_en: eth1: Link Up
      
      [   71.539616]  bonding w1_therm wire cdc_acm ehci_pci ehci_hcd mlx4_en ib_uverbs mlx4_ib ib_core mlx4_core
      [   71.549282] CPU: 12 PID: 7915 Comm: set.ixion-haswe Not tainted 4.7.0-dbx-DEV #8
      [   71.556586] Hardware name: Intel Grantley,Wellsburg/Ixion_IT_15, BIOS 2.58.0 05/03/2016
      [   71.564495] task: ffff887f00bb20c0 ti: ffff887f00798000 task.ti: ffff887f00798000
      [   71.571894] RIP: 0010:[<ffffffff8153c1a0>]  [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
      [   71.580327] RSP: 0018:ffff887f0079bbd8  EFLAGS: 00010202
      [   71.585576] RAX: fffffffffffffae8 RBX: ffff887ef6d03378 RCX: 0000000000000000
      [   71.592624] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000000000
      [   71.599675] RBP: ffff887f0079bc48 R08: 0000000000000000 R09: 0000000000000001
      [   71.606730] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000010
      [   71.613780] R13: 0000000000000000 R14: 0000000000000001 R15: ffff887f0079bd00
      [   71.620832] FS:  00007f5cdc581700(0000) GS:ffff883f7f700000(0000) knlGS:0000000000000000
      [   71.628826] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   71.634500] CR2: 0000000000000010 CR3: 0000003f3eb62000 CR4: 00000000001406e0
      [   71.641549] Stack:
      [   71.643533]  ffff887f0079bc08 0000000000000246 000000000000001e ffff887ef6d00000
      [   71.650871]  ffff887f0079bd00 0000000000000000 0000000000000000 ffffffff00000000
      [   71.658210]  ffff887f0079bc48 ffffffff81d24070 00000000fffffff9 ffffffff81cec7a0
      [   71.665549] Call Trace:
      [   71.667975]  [<ffffffff810eeb0d>] notifier_call_chain+0x5d/0x80
      [   71.673823]  [<ffffffff816365d0>] ? show_tx_maxrate+0x30/0x30
      [   71.679502]  [<ffffffff810eeb3e>] __raw_notifier_call_chain+0xe/0x10
      [   71.685778]  [<ffffffff810eeb56>] raw_notifier_call_chain+0x16/0x20
      [   71.691976]  [<ffffffff8160eb30>] call_netdevice_notifiers_info+0x40/0x70
      [   71.698681]  [<ffffffff8160ec36>] call_netdevice_notifiers+0x16/0x20
      [   71.704956]  [<ffffffff81636636>] change_tx_queue_len+0x66/0x90
      [   71.710807]  [<ffffffff816381ef>] netdev_store.isra.5+0xbf/0xd0
      [   71.716658]  [<ffffffff81638350>] tx_queue_len_store+0x50/0x60
      [   71.722431]  [<ffffffff814a6798>] dev_attr_store+0x18/0x30
      [   71.727857]  [<ffffffff812ea3ff>] sysfs_kf_write+0x4f/0x70
      [   71.733274]  [<ffffffff812e9507>] kernfs_fop_write+0x147/0x1d0
      [   71.739045]  [<ffffffff81134a4f>] ? rcu_read_lock_sched_held+0x8f/0xa0
      [   71.745499]  [<ffffffff8125a108>] __vfs_write+0x28/0x120
      [   71.750748]  [<ffffffff8111b137>] ? percpu_down_read+0x57/0x90
      [   71.756516]  [<ffffffff8125d7d8>] ? __sb_start_write+0xc8/0xe0
      [   71.762278]  [<ffffffff8125d7d8>] ? __sb_start_write+0xc8/0xe0
      [   71.768038]  [<ffffffff8125bd5e>] vfs_write+0xbe/0x1b0
      [   71.773113]  [<ffffffff8125c092>] SyS_write+0x52/0xa0
      [   71.778110]  [<ffffffff817528e5>] entry_SYSCALL_64_fastpath+0x18/0xa8
      [   71.784472] Code: 45 31 f6 48 8b 93 78 33 00 00 48 81 c3 78 33 00 00 48 39 d3 48 8d 82 e8 fa ff ff 74 25 48 8d b0 40 05 00 00 49 63 d6 41 83 c6 01 <49> 89 34 d4 48 8b 90 18 05 00 00 48 39 d3 48 8d 82 e8 fa ff ff
      [   71.803655] RIP  [<ffffffff8153c1a0>] tun_device_event+0x110/0x340
      [   71.809769]  RSP <ffff887f0079bbd8>
      [   71.813213] CR2: 0000000000000010
      [   71.816512] ---[ end trace 4db6449606319f73 ]---
      
      Fixes: 1576d986 ("tun: switch to use skb array for tx")
      Signed-off-by: default avatarCraig Gallek <kraig@google.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86dfb4ac
    • David S. Miller's avatar
      Merge tag 'rxrpc-rewrite-20160706' of... · cc3baecb
      David S. Miller authored
      Merge tag 'rxrpc-rewrite-20160706' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
      
      David Howells says:
      
      ====================
      rxrpc: Improve conn/call lookup and fix call number generation [ver #3]
      
      I've fixed a couple of patch descriptions and excised the patch that
      duplicated the connections list for reconsideration at a later date.
      
      For reference, the excised patch is sitting on the rxrpc-experimental
      branch of my git tree, based on top of the rxrpc-rewrite branch.  Diffing
      it against yesterday's tag shows no differences.
      
      Would you prefer the patch set to be emailed afresh instead of a git-pull
      request?
      
      David
      ---
      Here's the next part of the AF_RXRPC rewrite.  The two main purposes of
      this set are to fix the call number handling and to make use of RCU when
      looking up the connection or call to pass a received packet to.
      
      Important changes in this set include:
      
       (1) Avoidance of placing stack data into SG lists in rxkad so that kernel
           stacks can become vmalloc'd (Herbert Xu).
      
       (2) Calls cease pinning the connection they used as soon as possible,
           which allows the connection to be discarded sooner and allows the call
           channel on that connection to be reused earlier.
      
       (3) Make each call channel on a connection have a separate and independent
           call number space rather than having a shared number space for the
           connection.  Call numbers should increment monotonically per channel
           on the client, and the server should ignore a call with a lower call
           number for that channel than the latest it has seen.  The RESPONSE
           packet sets the minimum values of each call ID counter on a
           connection.
      
       (4) Look up calls by indexing the channel array on a connection rather
           than by keeping calls in an rbtree on that connection.  Also look up
           calls using the channel array rather than using a hashtable.
      
           The call hashtable can then be removed.
      
       (5) Call terminal statuses are cached in the channel array for the last
           call.  It is assumed that if we the server have seen call N, then the
           client no longer cares about call N-1 on the same channel.
      
           This will allow retransmission of the terminal status in future
           without the need to keep the rxrpc_call struct around.
      
       (6) Peer lookups are moved out of common connection handling code and into
           service connection handling code as client connections (a) must point
           to a peer before they can be used and (b) are looked up by a
           machine-unique connection ID directly, so we only need to look up the
           peer first if we're going to deal with a service call.
      
       (7) The reference count on a connection is held elevated by 1 whilst it is
           alive (ie. idle unused connections have a refcount of 1).  The reaper
           will attempt to change the refcount from 1->0 and skip if this cannot
           be done, whilst look ups only increment the refcount if it's non-zero.
      
           This makes the implementation of RCU lookups easier as we don't have
           to get a ref on the connection or a lock on the connection list to
           prevent a connection being reaped whilst we're contemplating queueing
           a packet that initiates a new service call upon it.
      
           If we need to get a connection, but there's a dead connection in the
           tree, we use rb_replace_node() to replace the dead one with a new one.
      
       (8) Use a seqlock to validate the walk over the service connection rbtree
           attached to a peer when it's being walked in RCU mode.
      
       (9) Make the incoming call/connection packet handling code use RCU mode
           and locks and make it only take a reference if the call/connection
           gets queued on a workqueue.
      
      The intention is that the next set will introduce the connection lifetime
      management and capacity limits to prevent clients from overloading the
      server.
      
      There are some fixes too:
      
       (1) Verifying that a packet coming in to a client connection came from the
           expected source.
      
       (2) Fix handling of connection failure in client call creation where we
           don't reinitialise the list linkage block and a second attempt to
           unlink the failed connection oopses and also we don't set the state
           correctly, which causes an assertion failure.
      
       (3) New service calls were being added to the socket's accept queue under
           the wrong lock.
      
      Changes:
      
       (V2) In rxrpc_find_service_conn_rcu() initialised the sequence number to 0.
      
            Fixed the RCU handling in conn_service.c by introducing and using
            rb_replace_node_rcu() as an RCU-safe alternative in
            rxrpc_publish_service_conn().
      
            Modified and used rcu_dereference_raw() to avoid RCU sparse warnings
            in rxrpc_find_service_conn_rcu().
      
            Added in some missing RCU dereference wrappers.  It seems to be
            necessary to turn on CONFIG_PROVE_RCU_REPEATEDLY as well as
            CONFIG_SPARSE_RCU_POINTER to get the static __rcu annotation checking
            to happen.
      
            Fixed some other sparse warnings, including a missing ntohs() in
            jumbo packet processing.
      
       (V3) Fixed some commit descriptions.
      
            Excised the patch that duplicated the connection list to separate out
            the procfs list for reconsideration at a later date.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc3baecb
    • K. Y. Srinivasan's avatar
      netvsc: Use the new in-place consumption APIs in the rx path · 99a50bb1
      K. Y. Srinivasan authored
      Use the new APIs for eliminating a copy on the receive path. These new APIs also
      help in minimizing the number of memory barriers we end up issuing (in the
      ringbuffer code) since we can better control when we want to expose the ring
      state to the host.
      
      The patch is being resent to address earlier email issues.
      Signed-off-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      99a50bb1
    • Florian Westphal's avatar
      hfsc: reduce hfsc_sched to 14 cachelines · bba7eb5d
      Florian Westphal authored
      hfsc_sched is huge (size: 920, cachelines: 15), but we can get it to 14
      cachelines by placing level after filter_cnt (covering 4 byte hole) and
      reducing period/nactive/flags to u32 (period is just a counter,
      incremented when class becomes active -- 2**32 is plenty for this
      purpose, also, long is only 32bit wide on 32bit platforms anyway).
      
      cl_vtperiod is exported to userspace via tc_hfsc_stats, but its period
      member is already u32, so no precision is lost there either.
      
      Cc: Michal Soltys <soltys@ziu.info>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bba7eb5d
  2. 07 Jul, 2016 2 commits
  3. 06 Jul, 2016 30 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 30d0844b
      David S. Miller authored
      Conflicts:
      	drivers/net/ethernet/mellanox/mlx5/core/en.h
      	drivers/net/ethernet/mellanox/mlx5/core/en_main.c
      	drivers/net/usb/r8152.c
      
      All three conflicts were overlapping changes.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      30d0844b
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · bc867651
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) All users of AF_PACKET's fanout feature want a symmetric packet
          header hash for load balancing purposes, so give it to them.
      
       2) Fix vlan state synchronization in e1000e, from Jarod Wilson.
      
       3) Use correct socket pointer in ip_skb_dst_mtu(), from Shmulik
          Ladkani.
      
       4) mlx5 bug fixes from Mohamad Haj Yahia, Daniel Jurgens, Matthew
          Finlay, Rana Shahout, and Shaker Daibes.  Mostly to do with
          operation timeouts and PCI error handling.
      
       5) Fix checksum handling in mirred packet action, from WANG Cong.
      
       6) Set skb->dev correctly when transmitting in !protect_frames case of
          macsec driver, from Daniel Borkmann.
      
       7) Fix MTU calculation in geneve driver, from Haishuang Yan.
      
       8) Missing netif_napi_del() in unregister path of qeth driver, from
          Ursula Braun.
      
       9) Handle malformed route netlink messages in decnet properly, from
          Vergard Nossum.
      
      10) Memory leak of percpu data in ipv6 routing code, from Martin KaFai
          Lau.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
        ipv6: Fix mem leak in rt6i_pcpu
        net: fix decnet rtnexthop parsing
        cxgb4: update latest firmware version supported
        net/mlx5: Avoid setting unused var when modifying vport node GUID
        bonding: fix enslavement slave link notifications
        r8152: fix runtime function for RTL8152
        qeth: delete napi struct when removing a qeth device
        Revert "fsl/fman: fix error handling"
        fsl/fman: fix error handling
        cdc_ncm: workaround for EM7455 "silent" data interface
        RDS: fix rds_tcp_init() error path
        geneve: fix max_mtu setting
        net: phy: dp83867: Fix initialization of PHYCR register
        enc28j60: Fix race condition in enc28j60 driver
        net: stmmac: Fix null-function call in ISR on stmmac1000
        tipc: fix nl compat regression for link statistics
        net: bcmsysport: Device stats are unsigned long
        macsec: set actual real device for xmit when !protect_frames
        net_sched: fix mirrored packets checksum
        packet: Use symmetric hash for PACKET_FANOUT_HASH.
        ...
      bc867651
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · ae3e4562
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for net-next,
      they are:
      
      1) Don't use userspace datatypes in bridge netfilter code, from
         Tobin Harding.
      
      2) Iterate only once over the expectation table when removing the
         helper module, instead of once per-netns, from Florian Westphal.
      
      3) Extra sanitization in xt_hook_ops_alloc() to return error in case
         we ever pass zero hooks, xt_hook_ops_alloc():
      
      4) Handle NFPROTO_INET from the logging core infrastructure, from
         Liping Zhang.
      
      5) Autoload loggers when TRACE target is used from rules, this doesn't
         change the behaviour in case the user already selected nfnetlink_log
         as preferred way to print tracing logs, also from Liping Zhang.
      
      6) Conntrack slabs with SLAB_HWCACHE_ALIGN to allow rearranging fields
         by cache lines, increases the size of entries in 11% per entry.
         From Florian Westphal.
      
      7) Skip zone comparison if CONFIG_NF_CONNTRACK_ZONES=n, from Florian.
      
      8) Remove useless defensive check in nf_logger_find_get() from Shivani
         Bhardwaj.
      
      9) Remove zone extension as place it in the conntrack object, this is
         always include in the hashing and we expect more intensive use of
         zones since containers are in place. Also from Florian Westphal.
      
      10) Owner match now works from any namespace, from Eric Bierdeman.
      
      11) Make sure we only reply with TCP reset to TCP traffic from
          nf_reject_ipv4, patch from Liping Zhang.
      
      12) Introduce --nflog-size to indicate amount of network packet bytes
          that are copied to userspace via log message, from Vishwanath Pai.
          This obsoletes --nflog-range that has never worked, it was designed
          to achieve this but it has never worked.
      
      13) Introduce generic macros for nf_tables object generation masks.
      
      14) Use generation mask in table, chain and set objects in nf_tables.
          This allows fixes interferences with ongoing preparation phase of
          the commit protocol and object listings going on at the same time.
          This update is introduced in three patches, one per object.
      
      15) Check if the object is active in the next generation for element
          deactivation in the rbtree implementation, given that deactivation
          happens from the commit phase path we have to observe the future
          status of the object.
      
      16) Support for deletion of just added elements in the hash set type.
      
      17) Allow to resize hashtable from /proc entry, not only from the
          obscure /sys entry that maps to the module parameter, from Florian
          Westphal.
      
      18) Get rid of NFT_BASECHAIN_DISABLED, this code is not exercised
          anymore since we tear down the ruleset whenever the netdevice
          goes away.
      
      19) Support for matching inverted set lookups, from Arturo Borrero.
      
      20) Simplify the iptables_mangle_hook() by removing a superfluous
          extra branch.
      
      21) Introduce ether_addr_equal_masked() and use it from the netfilter
          codebase, from Joe Perches.
      
      22) Remove references to "Use netfilter MARK value as routing key"
          from the Netfilter Kconfig description given that this toggle
          doesn't exists already for 10 years, from Moritz Sichert.
      
      23) Introduce generic NF_INVF() and use it from the xtables codebase,
          from Joe Perches.
      
      24) Setting logger to NONE via /proc was not working unless explicit
          nul-termination was included in the string. This fixes seems to
          leave the former behaviour there, so we don't break backward.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae3e4562
    • Linus Torvalds's avatar
      Merge tag 'sound-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 4cdbbbd1
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Here are a collection of small fixes: at this time, we've got a
        slightly high amount, but all small and trivial fixes, and nothing
        scary can be seen there"
      
      * tag 'sound-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits)
        ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup
        ALSA: timer: Fix negative queue usage by racy accesses
        ASoC: rt5645: fix reg-2f default value.
        ASoC: fsl_ssi: Fix number of words per frame for I2S-slave mode
        ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
        ALSA: hda - Add PCI ID for Kabylake-H
        ALSA: echoaudio: Fix memory allocation
        ASoC: Intel: atom: fix missing breaks that would cause the wrong operation to execute
        ALSA: hda - fix read before array start
        ASoC: cx20442: set tty->receiver_room in v253_open
        ASoC: ak4613: Enable cache usage to fix crashes on resume
        ASoC: wm8940: Enable cache usage to fix crashes on resume
        ASoC: Intel: Skylake: Initialize module list for Broxton
        ASoC: wm5102: Correct supported channels on trace compressed DAI
        ASoC: wm5110: Add missing route from OUT3R to SYSCLK
        ASoC: rt5670: fix HP Playback Volume control
        ASoC: hdmi-codec: select CONFIG_HDMI
        ASoC: davinci-mcasp: Fix dra7 DMA offset when using CFG port
        ASoC: hdac_hdmi: Fix potential NULL dereference
        ASoC: ak4613: Remove owner assignment from platform_driver
        ...
      4cdbbbd1
    • Linus Torvalds's avatar
      Merge tag 'chrome-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform · 4d0a279c
      Linus Torvalds authored
      Pull chrome platform fix from Olof Johansson:
       "A single fix this time, closing a window where ioctl args are fetched
        twice"
      
      * tag 'chrome-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform:
        platform/chrome: cros_ec_dev - double fetch bug in ioctl
      4d0a279c
    • Masashi Honma's avatar
      cfg80211: Add mesh peer AID setting API · 7d27a0ba
      Masashi Honma authored
      Previously, mesh power management functionality works only with kernel
      MPM. Because user space MPM did not report mesh peer AID to kernel,
      the kernel could not identify the bit in TIM element. So this patch
      adds mesh peer AID setting API.
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      7d27a0ba
    • Johannes Berg's avatar
      mac80211: parse wide bandwidth channel switch IE with workaround · 92b3a28a
      Johannes Berg authored
      Continuing the workaround implemented in commit 23665aaf
      ("mac80211: Interoperability workaround for 80+80 and 160 MHz channels")
      use the same code to parse the Wide Bandwidth Channel Switch element
      by converting to VHT Operation element since the spec also just refers
      to that for parsing semantics, particularly with the workaround.
      
      While at it, remove some dead code - the IEEE80211_STA_DISABLE_40MHZ
      flag can never be set at this point since it's checked earlier and the
      wide_bw_chansw_ie pointer is set to NULL if it's set.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      92b3a28a
    • Johannes Berg's avatar
      mac80211: report failure to start (partial) scan as scan abort · 7d10f6b1
      Johannes Berg authored
      Rather than reporting the scan as having completed, report it as
      being aborted.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      7d10f6b1
    • Avraham Stern's avatar
      mac80211: Add support for beacon report radio measurement · 7947d3e0
      Avraham Stern authored
      Add the following to support beacon report radio measurement
      with the measurement mode field set to passive or active:
      1. Propagate the required scan duration to the device
      2. Report the scan start time (in terms of TSF)
      3. Report each BSS's detection time (also in terms of TSF)
      
      TSF times refer to the BSS that the interface that requested the
      scan is connected to.
      Signed-off-by: default avatarAssaf Krauss <assaf.krauss@intel.com>
      Signed-off-by: default avatarAvraham Stern <avraham.stern@intel.com>
      [changed ath9k/10k, at76c59x-usb, iwlegacy, wl1251 and wlcore to match
      the new API]
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      7947d3e0
    • Avraham Stern's avatar
      nl80211: support beacon report scanning · 1d76250b
      Avraham Stern authored
      Beacon report radio measurement requires reporting observed BSSs
      on the channels specified in the beacon request. If the measurement
      mode is set to passive or active, it requires actually performing a
      scan (passive or active, accordingly), and reporting the time that
      the scan was started and the time each beacon/probe was received
      (both in terms of TSF of the BSS of the requesting AP). If the
      request mode is table, this information is optional.
      In addition, the radio measurement request specifies the channel
      dwell time for the measurement.
      
      In order to use scan for beacon report when the mode is active or
      passive, add a parameter to scan request that specifies the
      channel dwell time, and add scan start time and beacon received time
      to scan results information.
      
      Supporting beacon report is required for Multi Band Operation (MBO).
      Signed-off-by: default avatarAssaf Krauss <assaf.krauss@intel.com>
      Signed-off-by: default avatarDavid Spinadel <david.spinadel@intel.com>
      Signed-off-by: default avatarAvraham Stern <avraham.stern@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      1d76250b
    • Johannes Berg's avatar
      mac80211_hwsim: use signed net namespace ID · f1724b02
      Johannes Berg authored
      The API expects a pointer to a signed int so we should not use an
      unsigned int for it.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f1724b02
    • Ilan Peer's avatar
      mac80211_hwsim: Add radar bandwidths to the P2P Device combination · f7736f50
      Ilan Peer authored
      Add radar_detect_widths to the interface combination that allows
      concurrent P2P Device dedicated interface and AP interfaces, to enable
      testing of radar detection when P2P Device interface is used.
      
      Clear the radar_detect_widths in case of multi channel contexts
      as this is not currently supported.
      
      As radar_detect_widths are now supported in all combinations,
      remove the hwsim_if_dfs_limits definition since it is no longer
      needed.
      Signed-off-by: default avatarIlan Peer <ilan.peer@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f7736f50
    • Aviya Erenfeld's avatar
      nl80211: Add API to support VHT MU-MIMO air sniffer · c6e6a0c8
      Aviya Erenfeld authored
      add API to support VHT MU-MIMO air sniffer.
      in MU-MIMO there are parallel frames on the air while the HW
      has only one RX.
      add the capability to sniff one of the MU-MIMO parallel frames by
      giving the sniffer additional information so it'll know which
      of the parallel frames it shall follow.
      
      Add attribute - NL80211_ATTR_MU_MIMO_GROUP_DATA - for getting
      a MU-MIMO groupID in order to monitor packets from that group
      using VHT MU-MIMO.
      And add attribute -NL80211_ATTR_MU_MIMO_FOLLOW_ADDR - for passing
      MAC address to monitor mode.
      that option will be used by VHT MU-MIMO air sniffer to follow a
      station according to it's MAC address using VHT MU-MIMO.
      Signed-off-by: default avatarAviya Erenfeld <aviya.erenfeld@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c6e6a0c8
    • Johannes Berg's avatar
      mac80211: agg-rx: refuse ADDBA Request with timeout update · f89e07d4
      Johannes Berg authored
      The current implementation of handling ADDBA Request while a session
      is already active with the peer is wrong - in case the peer is using
      the existing session's dialog token this should be treated as update
      to the session, which can update the timeout value.
      
      We don't really have a good way of supporting that, so reject, but
      implement the required behaviour in the spec of "Even if the updated
      ADDBA Request frame is not accepted, the original Block ACK setup
      remains active." (802.11-2012 10.5.4)
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f89e07d4
    • David Howells's avatar
      rxrpc: Kill off the call hash table · d440a1ce
      David Howells authored
      The call hash table is now no longer used as calls are looked up directly
      by channel slot on the connection, so kill it off.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d440a1ce
    • David Howells's avatar
      rxrpc: Use RCU to access a peer's service connection tree · 8496af50
      David Howells authored
      Move to using RCU access to a peer's service connection tree when routing
      an incoming packet.  This is done using a seqlock to trigger retrying of
      the tree walk if a change happened.
      
      Further, we no longer get a ref on the connection looked up in the
      data_ready handler unless we queue the connection's work item - and then
      only if the refcount > 0.
      
      
      Note that I'm avoiding the use of a hash table for service connections
      because each service connection is addressed by a 62-bit number
      (constructed from epoch and connection ID >> 2) that would allow the client
      to engage in bucket stuffing, given knowledge of the hash algorithm.
      Peers, however, are hashed as the network address is less controllable by
      the client.  The total number of peers will also be limited in a future
      commit.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      8496af50
    • Paul E. McKenney's avatar
      rcu: Suppress sparse warnings for rcu_dereference_raw() · 995f1405
      Paul E. McKenney authored
      Data structures that are used both with and without RCU protection
      are difficult to write in a sparse-clean manner.  If you mark the
      relevant pointers with __rcu, sparse will complain about all non-RCU
      uses, but if you don't mark those pointers, sparse will complain about
      all RCU uses.
      
      This commit therefore suppresses sparse warnings for rcu_dereference_raw(),
      allowing mixed-protection data structures to avoid these warnings.
      Reported-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      995f1405
    • David Howells's avatar
      Introduce rb_replace_node_rcu() · c1adf200
      David Howells authored
      Implement an RCU-safe variant of rb_replace_node() and rearrange
      rb_replace_node() to do things in the same order.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      c1adf200
    • David Howells's avatar
      rxrpc: Move data_ready peer lookup into rxrpc_find_connection() · 1291e9d1
      David Howells authored
      Move the peer lookup done in input.c by data_ready into
      rxrpc_find_connection().
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      1291e9d1
    • David Howells's avatar
      rxrpc: Prune the contents of the rxrpc_conn_proto struct · e8d70ce1
      David Howells authored
      Prune the contents of the rxrpc_conn_proto struct.  Most of the fields aren't
      used anymore.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e8d70ce1
    • David Howells's avatar
      rxrpc: Maintain an extra ref on a conn for the cache list · 001c1122
      David Howells authored
      Overhaul the usage count accounting for the rxrpc_connection struct to make
      it easier to implement RCU access from the data_ready handler.
      
      The problem is that currently we're using a lock to prevent the garbage
      collector from trying to clean up a connection that we're contemplating
      unidling.  We could just stick incoming packets on the connection we find,
      but we've then got a problem that we may race when dispatching a work item
      to process it as we need to give that a ref to prevent the rxrpc_connection
      struct from disappearing in the meantime.
      
      Further, incoming packets may get discarded if attached to an
      rxrpc_connection struct that is going away.  Whilst this is not a total
      disaster - the client will presumably resend - it would delay processing of
      the call.  This would affect the AFS client filesystem's service manager
      operation.
      
      To this end:
      
       (1) We now maintain an extra count on the connection usage count whilst it
           is on the connection list.  This mean it is not in use when its
           refcount is 1.
      
       (2) When trying to reuse an old connection, we only increment the refcount
           if it is greater than 0.  If it is 0, we replace it in the tree with a
           new candidate connection.
      
       (3) Two connection flags are added to indicate whether or not a connection
           is in the local's client connection tree (used by sendmsg) or the
           peer's service connection tree (used by data_ready).  This makes sure
           that we don't try and remove a connection if it got replaced.
      
           The flags are tested under lock with the removal operation to prevent
           the reaper from killing the rxrpc_connection struct whilst someone
           else is trying to effect a replacement.
      
           This could probably be alleviated by using memory barriers between the
           flag set/test and the rb_tree ops.  The rb_tree op would still need to
           be under the lock, however.
      
       (4) When trying to reap an old connection, we try to flip the usage count
           from 1 to 0.  If it's not 1 at that point, then it must've come back
           to life temporarily and we ignore it.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      001c1122
    • David Howells's avatar
      rxrpc: Move peer lookup from call-accept to new-incoming-conn · d991b4a3
      David Howells authored
      Move the lookup of a peer from a call that's being accepted into the
      function that creates a new incoming connection.  This will allow us to
      avoid incrementing the peer's usage count in some cases in future.
      
      Note that I haven't bother to integrate rxrpc_get_addr_from_skb() with
      rxrpc_extract_addr_from_skb() as I'm going to delete the former in the very
      near future.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d991b4a3
    • David Howells's avatar
      rxrpc: Split service connection code out into its own file · 7877a4a4
      David Howells authored
      Split the service-specific connection code out into into its own file.  The
      client-specific code has already been split out.  This will leave just the
      common code in the original file.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      7877a4a4
    • David Howells's avatar
      rxrpc: Split client connection code out into its own file · c6d2b8d7
      David Howells authored
      Split the client-specific connection code out into its own file.  It will
      behave somewhat differently from the service-specific connection code, so
      it makes sense to separate them.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      c6d2b8d7
    • David Howells's avatar
      rxrpc: Call channels should have separate call number spaces · a1399f8b
      David Howells authored
      Each channel on a connection has a separate, independent number space from
      which to allocate callNumber values.  It is entirely possible, for example,
      to have a connection with four active calls, each with call number 1.
      
      Note that the callNumber values for any particular channel don't have to
      start at 1, but they are supposed to increment monotonically for that
      channel from a client's perspective and may not be reused once the call
      number is transmitted (until the epoch cycles all the way back round).
      
      Currently, however, call numbers are allocated on a per-connection basis
      and, further, are held in an rb-tree.  The rb-tree is redundant as the four
      channel pointers in the rxrpc_connection struct are entirely capable of
      pointing to all the calls currently in progress on a connection.
      
      To this end, make the following changes:
      
       (1) Handle call number allocation independently per channel.
      
       (2) Get rid of the conn->calls rb-tree.  This is overkill as a connection
           may have a maximum of four calls in progress at any one time.  Use the
           pointers in the channels[] array instead, indexed by the channel
           number from the packet.
      
       (3) For each channel, save the result of the last call that was in
           progress on that channel in conn->channels[] so that the final ACK or
           ABORT packet can be replayed if necessary.  Any call earlier than that
           is just ignored.  If we've seen the next call number in a packet, the
           last one is most definitely defunct.
      
       (4) When generating a RESPONSE packet for a connection, the call number
           counter for each channel must be included in it.
      
       (5) When parsing a RESPONSE packet for a connection, the call number
           counters contained therein should be used to set the minimum expected
           call numbers on each channel.
      
      To do in future commits:
      
       (1) Replay terminal packets based on the last call stored in
           conn->channels[].
      
       (2) Connections should be retired before the callNumber space on any
           channel runs out.
      
       (3) A server is expected to disregard or reject any new incoming call that
           has a call number less than the current call number counter.  The call
           number counter for that channel must be advanced to the new call
           number.
      
           Note that the server cannot just require that the next call that it
           sees on a channel be exactly the call number counter + 1 because then
           there's a scenario that could cause a problem: The client transmits a
           packet to initiate a connection, the network goes out, the server
           sends an ACK (which gets lost), the client sends an ABORT (which also
           gets lost); the network then reconnects, the client then reuses the
           call number for the next call (it doesn't know the server already saw
           the call number), but the server thinks it already has the first
           packet of this call (it doesn't know that the client doesn't know that
           it saw the call number the first time).
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      a1399f8b
    • David Howells's avatar
      rxrpc: Access socket accept queue under right lock · 30b515f4
      David Howells authored
      The socket's accept queue (socket->acceptq) should be accessed under
      socket->call_lock, not under the connection lock.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      30b515f4
    • David Howells's avatar
      rxrpc: Add RCU destruction for connections and calls · dee46364
      David Howells authored
      Add RCU destruction for connections and calls as the RCU lookup from the
      transport socket data_ready handler is going to come along shortly.
      
      Whilst we're at it, move the cleanup workqueue flushing and RCU barrierage
      into the destruction code for the objects that need it (locals and
      connections) and add the extra RCU barrier required for connection cleanup.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      dee46364
    • David Howells's avatar
      rxrpc: Release a call's connection ref on call disconnection · e653cfe4
      David Howells authored
      When a call is disconnected, clear the call's pointer to the connection and
      release the associated ref on that connection.  This means that the call no
      longer pins the connection and the connection can be discarded even before
      the call is.
      
      As the code currently stands, the call struct is effectively pinned by
      userspace until userspace has enacted a recvmsg() to retrieve the final
      call state as sk_buffs on the receive queue pin the call to which they're
      related because:
      
       (1) The rxrpc_call struct contains the userspace ID that recvmsg() has to
           include in the control message buffer to indicate which call is being
           referred to.  This ID must remain valid until the terminal packet is
           completely read and must be invalidated immediately at that point as
           userspace is entitled to immediately reuse it.
      
       (2) The final ACK to the reply to a client call isn't sent until the last
           data packet is entirely read (it's probably worth altering this in
           future to be send the ACK as soon as all the data has been received).
      
      
      This change requires a bit of rearrangement to make sure that the call
      isn't going to try and access the connection again after protocol
      completion:
      
       (1) Delete the error link earlier when we're releasing the call.  Possibly
           network errors should be distributed via connections at the cost of
           adding in an access to the rxrpc_connection struct.
      
       (2) Remove the call from the connection's call tree before disconnecting
           the call.  The call tree needs to be removed anyway and incoming
           packets delivered by channel pointer instead.
      
       (3) The release call event should be considered last after all other
           events have been processed so that we don't need access to the
           connection again.
      
       (4) Move the channel_lock taking from rxrpc_release_call() to
           rxrpc_disconnect_call() where it will be required in future.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e653cfe4
    • David Howells's avatar
      rxrpc: Fix handling of connection failure in client call creation · d1e858c5
      David Howells authored
      If rxrpc_connect_call() fails during the creation of a client connection,
      there are two bugs that we can hit that need fixing:
      
       (1) The call state should be moved to RXRPC_CALL_DEAD before the call
           cleanup phase is invoked.  If not, this can cause an assertion failure
           later.
      
       (2) call->link should be reinitialised after being deleted in
           rxrpc_new_client_call() - which otherwise leads to a failure later
           when the call cleanup attempts to delete the link again.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d1e858c5
    • David Howells's avatar
      rxrpc: Move usage count getting into rxrpc_queue_conn() · 2c4579e4
      David Howells authored
      Rather than calling rxrpc_get_connection() manually before calling
      rxrpc_queue_conn(), do it inside the queue wrapper.
      
      This allows us to do some important fixes:
      
       (1) If the usage count is 0, do nothing.  This prevents connections from
           being reanimated once they're dead.
      
       (2) If rxrpc_queue_work() fails because the work item is already queued,
           retract the usage count increment which would otherwise be lost.
      
       (3) Don't take a ref on the connection in the work function.  By passing
           the ref through the work item, this is unnecessary.  Doing it in the
           work function is too late anyway.  Previously, connection-directed
           packets held a ref on the connection, but that's not really the best
           idea.
      
      And another useful changes:
      
       (*) Don't need to take a refcount on the connection in the data_ready
           handler unless we invoke the connection's work item.  We're using RCU
           there so that's otherwise redundant.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      2c4579e4