- 01 Apr, 2015 11 commits
-
-
David S. Miller authored
Merge tag 'wireless-drivers-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== iwlwifi: * fix a memory leak, we leaked memory each time the module was loaded. ==================== Signed-off-by:
David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Hariprasad Shenai says: ==================== cxgb4 FW macro changes for new FW Fix to dump device log even in the case of firmware crash. Also incorporates changes for new FW. This patch series has been created against net tree and includes patches on cxgb4 driver. We have included all the maintainers of respective drivers. Kindly review the change and let us know in case of any review comments. ==================== Signed-off-by: -
Hariprasad Shenai authored
Add new Common Code routines to retrieve Firmware Device Log parameters from PCIE_FW_PF[7]. The firmware initializes its Device Log very early on and stores the parameters for its location/size in that register. Using the parameters from the register allows us to access the Firmware Device Log even when the firmware crashes very early on or we're not attached to the firmware Based on original work by Casey Leedom <leedom@chelsio.com> Signed-off-by:
Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by:
-
Hariprasad Shenai authored
Adds new macro and few macro changes for fw version 1.13.32.0 also changes version string in driver to match 1.13.32.0 Signed-off-by:
-
David S. Miller authored
Merge tag 'mac80211-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== This contains just a single fix for a crash I happened to randomly run into today during testing. It's clearly been around for a while, but is pretty hard to trigger, even when I tried explicitly (and modified the code to make it more likely) it rarely did. ==================== Signed-off-by:
-
David S. Miller authored
Yuval Mintz says: ==================== bnx2x: kdump related fixes This patch series aims to fix bnx2x driver issues when loading in kdump kernel. Both issues fixed here would be fatal to the device, requiring full reset of the system in order to recover, preventing the device from serving its purpose in the kdump environment. ==================== Signed-off-by: -
Yuval Mintz authored
When IOMM-vtd is active, once main kernel crashes unfinished DMAE transactions will be blocked, putting the HW in an error state which will cause further transactions to timeout. Current employed logic uses wrong macros, causing the first function to be the only function that cleanups that error state during its probe/load. This patch allows all the functions to successfully re-load in kdump kernel. Signed-off-by:
Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by:
Ariel Elior <Ariel.Elior@qlogic.com> Signed-off-by:
-
Yuval Mintz authored
When running in a kdump kernel, it's very likely that due to sync. loss with management firmware the first PCI function to probe and reach the previous unload flow would decide it can reset the chip and continue onward. While doing so, it will only close its own Rx port. On a 4-port device where 2nd port on engine is a 1g-port, the 2nd port would allow ingress traffic after the chip is reset [assuming it was active on the first kernel]. This would later cause a HW attention. This changes driver flow to close both ports' 1g capabilities during the previous driver unload flow prior to the chip reset. Signed-off-by:
-
Johannes Berg authored
There's an issue with the way the RX A-MPDU reorder timer is deleted that can cause a kernel crash like this: * tid_rx is removed - call_rcu(ieee80211_free_tid_rx) * station is destroyed * reorder timer fires before ieee80211_free_tid_rx() runs, accessing the station, thus potentially crashing due to the use-after-free The station deletion is protected by synchronize_net(), but that isn't enough -- ieee80211_free_tid_rx() need not have run when that returns (it deletes the timer.) We could use rcu_barrier() instead of synchronize_net(), but that's much more expensive. Instead, to fix this, add a field tracking that the session is being deleted. In this case, the only re-arming of the timer happens with the reorder spinlock held, so make that code not rearm it if the session is being deleted and also delete the timer after setting that field. This ensures the timer cannot fire after ___ieee80211_stop_rx_ba_session() returns, which fixes the problem. Cc: stable@vger.kernel.org Signed-off-by:Johannes Berg <johannes.berg@intel.com>
-
Jeff Kirsher authored
Update the git tree info with a recent change in tree names. Also add our new mailing list created solely for Linux kernel patches and kernel development, as well as the new patchwork project for tracking patches. Lastly update the list of "reviewers" since a couple of developers have moved on to different projects. Made an update to the section header so that it is more manageable going forward as we add new drivers. Signed-off-by:Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Ying Xue authored
When remove TIPC module, there is a warning to remind us that a slab object is leaked like: root@localhost:~# rmmod tipc [ 19.056226] ============================================================================= [ 19.057549] BUG TIPC (Not tainted): Objects remaining in TIPC on kmem_cache_close() [ 19.058736] ----------------------------------------------------------------------------- [ 19.058736] [ 19.060287] INFO: Slab 0xffffea0000519a00 objects=23 used=1 fp=0xffff880014668b00 flags=0x100000000004080 [ 19.061915] INFO: Object 0xffff880014668000 @offset=0 [ 19.062717] kmem_cache_destroy TIPC: Slab cache still has objects This is because the listening socket of TIPC topology server is not closed before TIPC proto handler is unregistered with proto_unregister(). However, as the socket is closed in tipc_exit_net() which is called by unregister_pernet_subsys() during unregistering TIPC namespace operation, the warning can be eliminated if calling unregister_pernet_subsys() is moved before calling proto_unregister(). Fixes: e05b31f4 ("tipc: make tipc socket support net namespace") Reviewed-by:
Erik Hugne <erik.hugne@ericsson.com> Signed-off-by:
Ying Xue <ying.xue@windriver.com> Signed-off-by:
-
- 31 Mar, 2015 10 commits
-
-
Christian Hesse authored
This device is sold as 'Lenovo Tinkpad USB 3.0 Ethernet 4X90E51405'. Chipset is RTL8153 and works with r8152. Signed-off-by:
Christian Hesse <mail@eworm.de> Signed-off-by:
-
Eugene Crosser authored
When sending over AF_IUCV socket, errno was incorrectly set to ENOMEM even when other values where appropriate, notably EAGAIN. With this patch, error indicator returned by sock_alloc_send_skb() is passed to the caller, rather than being overwritten with ENOMEM. Signed-off-by:
Eugene Crosser <Eugene.Crosser@ru.ibm.com> Signed-off-by:
Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by:
-
Thomas Graf authored
Return module reference before invoking the respective vport ->destroy() function. This is needed as ovs_vport_del() is not invoked inside an RCU read side critical section so the kfree can occur immediately before returning to ovs_vport_del(). Returning the module reference before ->destroy() is safe because the module unregistration is blocked on ovs_lock which we hold while destroying the datapath. Fixes: 62b9c8d0 ("ovs: Turn vports with dependencies into separate modules") Reported-by:
Pravin Shelar <pshelar@nicira.com> Signed-off-by:
Thomas Graf <tgraf@suug.ch> Acked-by:
-
Jiri Benc authored
This is especially important in cases where the kernel allocs a new structure and expects a field to be set from a netlink attribute. If such attribute is shorter than expected, the rest of the field is left containing previous data. When such field is read back by the user space, kernel memory content is leaked. Signed-off-by:
Jiri Benc <jbenc@redhat.com> Acked-by:
-
Anton Nayshtut authored
Before commit 3900f290 ("bonding: slight optimizztion for bond_slave_override()") the override logic was to send packets with non-zero queue_id through the slave with corresponding queue_id, under two conditions only - if the slave can transmit and it's up. The above mentioned commit changed this logic by introducing an additional condition - whether the bond is active (indirectly, using the slave_can_tx and later - bond_is_active_slave), that prevents the user from implementing more complex policies according to the Documentation/networking/bonding.txt. Signed-off-by:
Anton Nayshtut <anton@swortex.com> Signed-off-by:
Alexey Bogoslavsky <alexey@swortex.com> Signed-off-by:
Andy Gospodarek <gospo@cumulusnetworks.com> Signed-off-by:
-
David S. Miller authored
Jiri Benc says: ==================== ipvlan: list corruption and rcu fixes This patch set fixes different issues leading to corrupted lists and incorrect rcu usage. ==================== Signed-off-by: -
Jiri Benc authored
When an ipvlan interface is down, its addresses are not on the hash list. Fix checks for existence of addresses not to depend on the hash list, walk through all interface addresses instead. Signed-off-by:
Mahesh Bandewar <maheshb@google.com> Signed-off-by:
-
Jiri Benc authored
All accesses to ipvlan->addrs are under rtnl. Signed-off-by:
-
Jiri Benc authored
Adding and removing to the 'ipvlans' list is already done using _rcu list operations. Signed-off-by:
-
Jiri Benc authored
When ipvlan interface with IP addresses attached is brought down and then deleted, the assigned addresses are deleted twice from the address hash list, first on the interface down and second on the link deletion. Similarly, when an address is added while the interface is down, it is added second time once the interface is brought up. When the interface is down, the addresses should be kept off the hash list for performance reasons. Ensure this is true, which also fixes the double add problem. To fix the double free, check whether the address is hashed before removing it. Reported-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
-
- 30 Mar, 2015 1 commit
-
-
Kalle Valo authored
Merge tag 'iwlwifi-for-kalle-2015-03-30' of https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * fix a memory leak: we leaked memory each time the module was loaded.
-
- 29 Mar, 2015 10 commits
-
-
Uwe Kleine-König authored
The FEC modules used on i.MX28 and newer have a register to tune the MDIO output hold time that should be at least 10 ns. Up to now this value was not explicitly set and so resulted in less hold time if the fec clock was faster than 100 MHz. This was noticed on an i.MX28 machine that uses an input clock of ~150 Mhz which resulted in unreliable communication with a Marvell switch. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by:
-
Alexey Kodanev authored
tcp_v6_fill_cb() will be called twice if socket's state changes from TCP_TIME_WAIT to TCP_LISTEN. That can result in control buffer data corruption because in the second tcp_v6_fill_cb() call it's not copying IP6CB(skb) anymore, but 'seq', 'end_seq', etc., so we can get weird and unpredictable results. Performance loss of up to 1200% has been observed in LTP/vxlan03 test. This can be fixed by copying inet6_skb_parm to the beginning of 'cb' only if xfrm6_policy_check() and tcp_v6_fill_cb() are going to be called again. Fixes: 2dc49d16 ("tcp6: don't move IP6CB before xfrm6_policy_check()") Signed-off-by:
Alexey Kodanev <alexey.kodanev@oracle.com> Acked-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
Hariprasad Shenai authored
Fixes sparse warnings introduced in commit e85c9a7a ("cxgb4/cxgb4vf: Add code to calculate T5 BAR2 Offsets for SGE Queue Registers") and df64e4d3 ("cxgb4/cxgb4vf: Use new interfaces to calculate BAR2 SGE Queue Register addresses") and few old ones sparse warnings: >> drivers/net/ethernet/chelsio/cxgb4vf/sge.c:1006:48: sparse: cast removes >> address space of expression >> drivers/net/ethernet/chelsio/cxgb4vf/sge.c:1006:48: sparse: incorrect type in >> initializer (different address space) >> drivers/net/ethernet/chelsio/cxgb4vf/sge.c:1020:40: sparse: incorrect type in >> argument 1 (different base types) Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Reported-by:
kbuild test robot <fengguang.wu@intel.com> Signed-off-by:
-
Nicolas Dichtel authored
With the current code, ids are removed too early. Suppose you have an ipip interface that stands in the netns foo and its link part in the netns bar (so the netns bar has an nsid into the netns foo). Now, you remove the netns bar: - the bar nsid into the netns foo is removed - the netns exit method of ipip is called, thus our ipip iface is removed: => a netlink message is sent in the netns foo to advertise this deletion => this netlink message requests an nsid for bar, thus a new nsid is allocated for bar and never removed. We must remove nsids when we are sure that nobody will refer to netns currently cleaned. Fixes: 0c7aecd4 ("netns: add rtnl cmd to add and get peer netns ids") Signed-off-by:Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by:
-
David S. Miller authored
Hariprasad Shenai says: ==================== cxgb4: Fixes ingress queue mapping and other fixes The below series fixes ingress queue mapping by allocating them dynamically to prevent stack overflow. Disable napi and interrupts before unregistering netdev to avoid crash while unloading driver when traffic is flowing. The patches series is created against 'net' tree. And includes patches on cxgb4 driver. We have included all the maintainers of respective drivers. Kindly review the change and let us know in case of any review comments. ==================== Signed-off-by: -
Hariprasad Shenai authored
Disable interrupts and quiesce rx before unregistering net device to avoid crash while unloading driver when traffic is flowing through. Based on original work by Shameem Khalid <shameem@chelsio.com> Signed-off-by:
-
Hariprasad Shenai authored
QIDs (egress/ingress) from firmware in FW_*_CMD.alloc command can be anywhere in the range from EQ(IQFLINT)_START to EQ(IQFLINT)_END. For eg, in the first load eqid can be from 100 to 300. In the next load it can be from 301 to 500 (assume eq_start is 100 and eq_end is 1000). The driver was assuming them to always start from EQ(IQFLINT)_START till MAX_EGRQ(INGQ). This was causing stack overflow and subsequent crash. Fixed it by dynamically allocating memory (of qsize (x_END - x_START + 1)) for these structures. Based on original work by Santosh Rastapur <santosh@chelsio.com> Signed-off-by:
-
WANG Cong authored
Signed-off-by:
Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by:
-
Ben Hutchings authored
cdc_ncm disagrees with usbnet about how much framing overhead should be counted in the tx_bytes statistics, and tries 'fix' this by decrementing tx_bytes on the transmit path. But statistics must never be decremented except due to roll-over; this will thoroughly confuse user-space. Also, tx_bytes is only incremented by usbnet in the completion path. Fix this by requiring drivers that set FLAG_MULTI_FRAME to set a tx_bytes delta along with the tx_packets count. Fixes: beeecd42 ("net: cdc_ncm/cdc_mbim: adding NCM protocol statistics") Signed-off-by:
Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by:
Bjørn Mork <bjorn@mork.no>
-
Ben Hutchings authored
Currently the usbnet core does not update the tx_packets statistic for drivers with FLAG_MULTI_PACKET and there is no hook in the TX completion path where they could do this. cdc_ncm and dependent drivers are bumping tx_packets stat on the transmit path while asix and sr9800 aren't updating it at all. Add a packet count in struct skb_data so these drivers can fill it in, initialise it to 1 for other drivers, and add the packet count to the tx_packets statistic on completion. Signed-off-by:
-
- 25 Mar, 2015 2 commits
-
-
Hariprasad Shenai authored
Fixes below warning by dynamically allocating memory All warnings: drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c: In function 'cctrl_tbl_show': >> drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c:689:1: warning: the >> frame >> size of 1028 bytes is larger than 1024 bytes [-Wframe-larger-than=] Reported-by:
-
D.S. Ljungmark authored
A local route may have a lower hop_limit set than global routes do. RFC 3756, Section 4.2.7, "Parameter Spoofing" > 1. The attacker includes a Current Hop Limit of one or another small > number which the attacker knows will cause legitimate packets to > be dropped before they reach their destination. > As an example, one possible approach to mitigate this threat is to > ignore very small hop limits. The nodes could implement a > configurable minimum hop limit, and ignore attempts to set it below > said limit. Signed-off-by:
D.S. Ljungmark <ljungmark@modio.se> Acked-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by:
-
- 24 Mar, 2015 6 commits
-
-
Cliff Clark authored
ucc_geth was indicating link up after a port is administratively enabled even when nothing is plugged in. This causes user-space tools to see a spurious link up the first time after boot. Signed-off-by:
Cliff Clark <cliff_clark@selinc.com> Signed-off-by:
-
David S. Miller authored
Or Gerlitz says: ==================== mlx4 driver RC fixes Ido's patch should go to -stable of >= 3.14 too, the issue is older but it hits us with VXLAN for which driver support dates there. As for Jack's fix, for the time being, picking it to 4.0 is OK. ==================== Signed-off-by: -
Jack Morgenstein authored
We occasionally see in procedure mlx4_GEN_EQE that the driver tries to grab an uninitialized mutex. This can occur in only one of two ways: 1. We are trying to generate an async event on an uninitialized slave. 2. We are trying to generate an async event on an illegal slave number ( < 0 or > persist->num_vfs) or an inactive slave. To deal with #1: move the mutex initialization from specific slave init sequence in procedure mlx_master_do_cmd to mlx4_multi_func_init() (so that the mutex is always initialized for all slaves). To deal with #2: check in procedure mlx4_GEN_EQE that the slave number provided is in the proper range and that the slave is active. Signed-off-by:
Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by:
Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
-
Ido Shamay authored
Netdevice registration should be performed a the end of the driver initialization flow. If we don't do that, after calling register_netdevice, device callbacks may be issued by higher layers of the stack before final configuration of the device is done. For example (VXLAN configuration race), mlx4_SET_PORT_VXLAN was issued after the register_netdev command. System network scripts may configure the interface (UP) right after the registration, which also attach unicast VXLAN steering rule, before mlx4_SET_PORT_VXLAN was called, causing the firmware to fail the rule attachment. Fixes: 837052d0 ("net/mlx4_en: Add netdev support for TCP/IP offloads of vxlan tunneling") Signed-off-by:
Ido Shamay <idos@mellanox.com> Signed-off-by:
-
David S. Miller authored
Merge tag 'wireless-drivers-for-davem-2015-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers iwlwifi: * avoid panic with lots of IBSS stations * Fix dvm's behavior after suspend resume * Allow to keep connection after CSA failure * Remove a noisy by harmless WARN_ON * New device IDs rtlwifi: * fix IOMMU mapping leak in AP mode brcmfmac: * disable MBSS feature for BCM43362 to get AP mode working again ath9k: * disable Transmit Power Control (TPC) again due to regressions * fix beaconing issue with AP+STA setup Signed-off-by:
-
Simon Horman authored
Master change notifications may occur other than when joining or leaving a bridge, for example when being added to or removed from a bond or Open vSwitch. Previously in those cases rocker_port_bridge_leave() was called which results in a null-pointer dereference as rocker_port->bridge_dev is NULL because there is no bridge device. This patch makes provision for doing nothing in such cases. Fixes: 6c707945 ("rocker: implement L2 bridge offloading") Acked-by:
Jiri Pirko <jiri@resnulli.us> Acked-by:
Scott Feldman <sfeldma@gmail.com> Signed-off-by:
Simon Horman <simon.horman@netronome.com> Signed-off-by:
-
