1. 01 Aug, 2016 19 commits
  2. 31 Jul, 2016 21 commits
    • Florian Fainelli's avatar
      net: dsa: bcm_sf2: Unwind errors in correct order · bb9c0fa3
      Florian Fainelli authored
      In case we cannot complete bcm_sf2_sw_setup() for any reason, and we
      go to the out_unmap label, but the MDIO bus has not been registered yet,
      we will hit the BUG condition in drivers/net/phy/mdio_bus.c about the
      bus not being registered. Fix this by dedicating a specific lable for
      when we fail after the MDIO bus has been successfully registered.
      
      Fixes: 461cd1b0 ("net: dsa: bcm_sf2: Register our slave MDIO bus")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarVivien Didelot <vivien.didelot@savoirfairelinux.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb9c0fa3
    • Colin Ian King's avatar
      net: tulip: fix spelling mistake: "attemping" -> "attempting" · 33c77efb
      Colin Ian King authored
      trivial fix to spelling mistake in printk message
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      33c77efb
    • Xin Long's avatar
      sctp: allow receiving msg when TCP-style sk is in CLOSED state · e0878694
      Xin Long authored
      Commit 141ddefc ("sctp: change sk state to CLOSED instead of
      CLOSING in sctp_sock_migrate") changed sk state to CLOSED if the
      assoc is closed when sctp_accept clones a new sk.
      
      If there is still data in sk receive queue, users will not be able
      to read it any more, as sctp_recvmsg returns directly if sk state
      is CLOSED.
      
      This patch is to add CLOSED state check in sctp_recvmsg to allow
      reading data from TCP-style sk with CLOSED state as what TCP does.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0878694
    • Xin Long's avatar
      sctp: allow delivering notifications after receiving SHUTDOWN · a0fc6843
      Xin Long authored
      Prior to this patch, once sctp received SHUTDOWN or shutdown with RD,
      sk->sk_shutdown would be set with RCV_SHUTDOWN, and all events would
      be dropped in sctp_ulpq_tail_event(). It would cause:
      
      1. some notifications couldn't be received by users. like
         SCTP_SHUTDOWN_COMP generated by sctp_sf_do_4_C().
      
      2. sctp would also never trigger sk_data_ready when the association
         was closed, making it harder to identify the end of the association
         by calling recvmsg() and getting an EOF. It was not convenient for
         kernel users.
      
      The check here should be stopping delivering DATA chunks after receiving
      SHUTDOWN, and stopping delivering ANY chunks after sctp_close().
      
      So this patch is to allow notifications to enqueue into receive queue
      even if sk->sk_shutdown is set to RCV_SHUTDOWN in sctp_ulpq_tail_event,
      but if sk->sk_shutdown == RCV_SHUTDOWN | SEND_SHUTDOWN, it drops all
      events.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0fc6843
    • Xin Long's avatar
      sctp: fix the issue sctp requeue auth chunk incorrectly · 1aa25ec2
      Xin Long authored
      sctp needs to queue auth chunk back when we know that we are going
      to generate another segment. But commit f1533cce ("sctp: fix
      panic when sending auth chunks") requeues the last chunk processed
      which is probably not the auth chunk.
      
      It causes panic when calculating the MAC in sctp_auth_calculate_hmac(),
      as the incorrect offset of the auth chunk in skb->data.
      
      This fix is to requeue it by using packet->auth.
      
      Fixes: f1533cce ("sctp: fix panic when sending auth chunks")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1aa25ec2
    • Soheil Hassas Yeganeh's avatar
      tcp: consider recv buf for the initial window scale · f626300a
      Soheil Hassas Yeganeh authored
      tcp_select_initial_window() intends to advertise a window
      scaling for the maximum possible window size. To do so,
      it considers the maximum of net.ipv4.tcp_rmem[2] and
      net.core.rmem_max as the only possible upper-bounds.
      However, users with CAP_NET_ADMIN can use SO_RCVBUFFORCE
      to set the socket's receive buffer size to values
      larger than net.ipv4.tcp_rmem[2] and net.core.rmem_max.
      Thus, SO_RCVBUFFORCE is effectively ignored by
      tcp_select_initial_window().
      
      To fix this, consider the maximum of net.ipv4.tcp_rmem[2],
      net.core.rmem_max and socket's initial buffer space.
      
      Fixes: b0573dea ("[NET]: Introduce SO_{SND,RCV}BUFFORCE socket options")
      Signed-off-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Suggested-by: default avatarNeal Cardwell <ncardwell@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f626300a
    • David S. Miller's avatar
      Merge branch 'macsec-fixes' · c27bdce2
      David S. Miller authored
      Sabrina Dubroca says:
      
      ====================
      macsec: reference counting fixes
      
      Patch 1 adds explicit reference counting on RXSCs, instead of the
      current implicit reference counting using the RXSA's refcount.
      
      Patch 2 fixes possible kernel panics during module unload caused by an
      RCU callback that schedules another RCU callback, which the
      rcu_barrier() added in b196c22a ("macsec: add rcu_barrier() on
      module exit") didn't protect against.
      
      Patch 3 fixes a refcounting issue with the underlying device for a
      macsec device when link creation fails.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c27bdce2
    • Sabrina Dubroca's avatar
      macsec: fix negative refcnt on parent link · 0759e552
      Sabrina Dubroca authored
      When creation of a macsec device fails because an identical device
      already exists on this link, the current code decrements the refcnt on
      the parent link (in ->destructor for the macsec device), but it had not
      been incremented yet.
      
      Move the dev_hold(parent_link) call earlier during macsec device
      creation.
      
      Fixes: c09440f7 ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0759e552
    • Sabrina Dubroca's avatar
      macsec: RXSAs don't need to hold a reference on RXSCs · 36b232c8
      Sabrina Dubroca authored
      Following the previous patch, RXSCs are held and properly refcounted in
      the RX path (instead of being implicitly held by their SA), so the SA
      doesn't need to hold a reference on its parent RXSC.
      
      This also avoids panics on module unload caused by the double layer of
      RCU callbacks (call_rcu frees the RXSA, which puts the final reference
      on the RXSC and allows to free it in its own call_rcu) that commit
      b196c22a ("macsec: add rcu_barrier() on module exit") didn't
      protect against.
      There were also some refcounting bugs in macsec_add_rxsa where I didn't
      put the reference on the RXSC on the error paths, which would lead to
      memory leaks.
      
      Fixes: c09440f7 ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      36b232c8
    • Sabrina Dubroca's avatar
      macsec: fix reference counting on RXSC in macsec_handle_frame · c78ebe1d
      Sabrina Dubroca authored
      Currently, we lookup the RXSC without taking a reference on it.  The
      RXSA holds a reference on the RXSC, but the SA and SC could still both
      disappear before we take a reference on the SA.
      
      Take a reference on the RXSC in macsec_handle_frame.
      
      Fixes: c09440f7 ("macsec: introduce IEEE 802.1AE driver")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c78ebe1d
    • David S. Miller's avatar
      Merge branch 'cpsw-fixes' · 122e9b71
      David S. Miller authored
      Grygorii Strashko says:
      
      ====================
      drivers: net: cpsw: fix driver loading/unloading
      
      This series fixes set of isssues observed when CPSW driver module is unloaded/loaded:
      1) rmmod: deadlock in cpdma_ctlr_destroy
      2) rmmod: L3 back-trace and crash if all net interfaces are down, because CPSW
      can be powerred down by PM runtime in this case.
      3) insmod: mdio device is not recreated on next insmod
       - need to use of_platform_depopulate() in cpsw_remove().
      4) rmmod: system crash on omap_device removal
      
      Tested on: am437x-idk, am57xx-beagle-x15
      
      Changes in v2:
      - build warning fixed
      - added fix for correct omap_device removal
      
      Link on v1:
       https://lkml.org/lkml/2016/7/22/240
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      122e9b71
    • Grygorii Strashko's avatar
      ARM: OMAP2+: omap_device: fix crash on omap_device removal · 213fa10d
      Grygorii Strashko authored
      Below call chain causes system crash when OMAP device is
      removed by calling of_platform_depopulate()/device_del():
      
      device_del()
      - blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
       			     BUS_NOTIFY_DEL_DEVICE, dev);
        - _omap_device_notifier_call()
          - omap_device_delete()
            - od->pdev->archdata.od = NULL;
      	kfree(od->hwmods);
      	kfree(od);
        - bus_remove_device()
          - device_release_driver()
            - __device_release_driver()
      	- pm_runtime_get_sync()
      	   - _od_runtime_resume()
      	     - omap_hwmod_enable() <- OOPS od's delted already
      
      Backtrace:
      Unable to handle kernel NULL pointer dereference at virtual address 0000000d
      pgd = eb100000
      [0000000d] *pgd=ad6e1831, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] PREEMPT SMP ARM
      CPU: 1 PID: 1273 Comm: modprobe Not tainted 4.4.15-rt19-00115-ge4d3cd3-dirty #68
      Hardware name: Generic DRA74X (Flattened Device Tree)
      task: eb1ee800 ti: ec962000 task.ti: ec962000
      PC is at omap_device_enable+0x10/0x90
      LR is at _od_runtime_resume+0x10/0x24
      [...]
      [<c00299dc>] (omap_device_enable) from [<c0029a6c>] (_od_runtime_resume+0x10/0x24)
      [<c0029a6c>] (_od_runtime_resume) from [<c04ad404>] (__rpm_callback+0x20/0x34)
      [<c04ad404>] (__rpm_callback) from [<c04ad438>] (rpm_callback+0x20/0x80)
      [<c04ad438>] (rpm_callback) from [<c04aee28>] (rpm_resume+0x48c/0x964)
      [<c04aee28>] (rpm_resume) from [<c04af360>] (__pm_runtime_resume+0x60/0x88)
      [<c04af360>] (__pm_runtime_resume) from [<c04a4974>] (__device_release_driver+0x30/0x100)
      [<c04a4974>] (__device_release_driver) from [<c04a4a60>] (device_release_driver+0x1c/0x28)
      [<c04a4a60>] (device_release_driver) from [<c04a38c0>] (bus_remove_device+0xec/0x144)
      [<c04a38c0>] (bus_remove_device) from [<c04a0764>] (device_del+0x10c/0x210)
      [<c04a0764>] (device_del) from [<c04a67b0>] (platform_device_del+0x18/0x84)
      [<c04a67b0>] (platform_device_del) from [<c04a6828>] (platform_device_unregister+0xc/0x20)
      [<c04a6828>] (platform_device_unregister) from [<c05adcfc>] (of_platform_device_destroy+0x8c/0x90)
      [<c05adcfc>] (of_platform_device_destroy) from [<c04a02f0>] (device_for_each_child+0x4c/0x78)
      [<c04a02f0>] (device_for_each_child) from [<c05adc5c>] (of_platform_depopulate+0x30/0x44)
      [<c05adc5c>] (of_platform_depopulate) from [<bf123920>] (cpsw_remove+0x68/0xf4 [ti_cpsw])
      [<bf123920>] (cpsw_remove [ti_cpsw]) from [<c04a68d8>] (platform_drv_remove+0x24/0x3c)
      [<c04a68d8>] (platform_drv_remove) from [<c04a49c8>] (__device_release_driver+0x84/0x100)
      [<c04a49c8>] (__device_release_driver) from [<c04a4b20>] (driver_detach+0xac/0xb0)
      [<c04a4b20>] (driver_detach) from [<c04a3be8>] (bus_remove_driver+0x60/0xd4)
      [<c04a3be8>] (bus_remove_driver) from [<c00d9870>] (SyS_delete_module+0x184/0x20c)
      [<c00d9870>] (SyS_delete_module) from [<c0010540>] (ret_fast_syscall+0x0/0x1c)
      Code: e3500000 e92d4070 1590630c 01a06000 (e5d6300d)
      
      Hence, fix it by using BUS_NOTIFY_REMOVED_DEVICE event for OMAP device
      deletion which is sent when DD has finished processing of device
      deletion.
      
      Cc: Tony Lindgren <tony@atomide.com>
      Cc: Tero Kristo <t-kristo@ti.com>
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      213fa10d
    • Grygorii Strashko's avatar
      drivers: net: cpsw: use of_platform_depopulate() · 3bf2cb3a
      Grygorii Strashko authored
      Use of_platform_depopulate() in cpsw_remove() instead of
      of_device_unregister(), because CSPW child devices will not be
      recreated otherwise on next insmod. of_platform_depopulate() is
      correct way now as it will ensure that all steps done in
      of_platform_populate() are reverted, including cleaning up of
      OF_POPULATED flag.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3bf2cb3a
    • Grygorii Strashko's avatar
      drivers: net: cpsw: fix wrong regs access in cpsw_remove · 8a0b6dc9
      Grygorii Strashko authored
      The L3 error will be generated and system will crash during unloading
      of CPSW driver if CPSW is used as module and ethX devices are down.
      This happens because CPSW can be power off by PM runtime now when ethX
      devices are down.
      
      Hence, ensure that CPSW powered up by PM runtime before performing any
      deinitialization actions which require CPSW registers access. In case
      of PM runtime error just leave cpsw_remove() as we can't do anything
      anymore.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a0b6dc9
    • Grygorii Strashko's avatar
      net: ethernet: ti: cpdma: fix lockup in cpdma_ctlr_destroy() · fccd5bad
      Grygorii Strashko authored
      Fix deadlock in cpdma_ctlr_destroy() which is triggered now on
      cpsw module removal:
       cpsw_remove()
       - cpdma_ctlr_destroy()
         - spin_lock_irqsave(&ctlr->lock, flags)
         - cpdma_ctlr_stop()
           - spin_lock_irqsave(&ctlr->lock, flags);
         - cpdma_chan_destroy()
           - spin_lock_irqsave(&ctlr->lock, flags);
      
      The issue has not been observed before because CPDMA channels have
      been destroyed manually by CPSW until commit d941ebe8 ("net:
      ethernet: ti: cpsw: use destroy ctlr to destroy channels") was merged.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fccd5bad
    • Wei Yongjun's avatar
      net: ipv6: use list_move instead of list_del/list_add · c882219a
      Wei Yongjun authored
      Using list_move() instead of list_del() + list_add().
      Signed-off-by: default avatarWei Yongjun <weiyj.lk@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c882219a
    • Hariprasad Shenai's avatar
      cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled · 8d09e6b8
      Hariprasad Shenai authored
      The commit 637d3e99 ("cxgb4: Discard the packet if the length is
      greater than mtu") introduced a regression in the VLAN interface
      performance when Tx VLAN offload is disabled.
      
      Check if skb is tagged, regardless of whether it is hardware accelerated
      or not. Presently we were checking only for hardware acclereated one,
      which caused performance to drop to ~0.17Mbps on a 10GbE adapter for
      VLAN interface, when tx vlan offload is turned off using ethtool.
      The ethernet head length calculation was going wrong in this case, and
      driver ended up dropping packets.
      
      Fixes: 637d3e99 ("cxgb4: Discard the packet if the length is greater than mtu")
      Signed-off-by: default avatarHariprasad Shenai <hariprasad@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d09e6b8
    • Wei Yongjun's avatar
      drivers: net: phy: xgene: Remove redundant dev_err call in xgene_mdio_probe() · b2df430b
      Wei Yongjun authored
      There is a error message within devm_ioremap_resource
      already, so remove the dev_err call to avoid redundant
      error message.
      Signed-off-by: default avatarWei Yongjun <weiyj.lk@gmail.com>
      Acked-By: default avatarIyappan Subramanian <isubramanian@apm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b2df430b
    • Wei Yongjun's avatar
      tipc: fix imbalance read_unlock_bh in __tipc_nl_add_monitor() · 6b65bc29
      Wei Yongjun authored
      In the error handling case of nla_nest_start() failed read_unlock_bh()
      is called  to unlock a lock that had not been taken yet. sparse warns
      about the context imbalance as the following:
      
      net/tipc/monitor.c:799:23: warning:
       context imbalance in '__tipc_nl_add_monitor' - different lock contexts for basic block
      
      Fixes: cf6f7e1d ('tipc: dump monitor attributes')
      Signed-off-by: default avatarWei Yongjun <weiyj.lk@gmail.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b65bc29
    • David S. Miller's avatar
      Merge branch 'qed-fixes' · 9d594b39
      David S. Miller authored
      Yuval Mintz says:
      
      ====================
      qed*: Small fixes series
      
      This contains several small [and straight-forward] fixes to qed*
      drivers.
      
      Please consider applying this to `net'.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d594b39
    • Yuval Mintz's avatar
      qed: Prevent over-usage of vlan credits by PF · 25eb8d46
      Yuval Mintz authored
      Each PF/VF has a limited number of vlan filters for
      configuration purposes; This information is passed to qede
      and is used to prevent over-usage - once a vlan is to be
      configured and no filter credit is available, the driver
      would switch into working in vlan-promisc mode.
      
      Problem is the credit pool is shared by both PFs and VFs,
      and currently PFs aren't deducting the filters that are
      reserved for their VFs from their quota, which may lead
      to some vlan filters failing unknowingly due to lack of credit.
      Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      25eb8d46