- 02 Mar, 2016 11 commits
-
-
Chunhao Lin authored
For RTL8168G/RTL8168H/RTL8411B/RTL8107E, enable this flag to eliminate message "AMD-Vi: Event logged [IO_PAGE_FAULT device=01:00.0 domain=0x0002 address=0x0000000000003000 flags=0x0050] in dmesg. Signed-off-by: Chunhao Lin <hau@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge tag 'mac80211-for-davem-2016-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Here are a few more fixes for the current cycle: * check GCMP encryption vs. fragmentation properly; we'd found this problem quite a while ago but waited for the 802.11 spec to be updated * fix RTS/CTS logic in minstrel_ht * fix RX of certain public action frames in AP mode * add mac80211_hwsim to MAC80211 in MAINTAINERS, this helps the kbuild robot pick up the right tree for it ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Michal Schmidt says: ==================== bnx2x: endianness fixes this fixes a VLAN crash and some SRIOV bugs in bnx2x observed on ppc64. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
Fix a case of misleading code indentation. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
For consistency with other event data structs and to lessen the chance of a mistake should one of the reserved fields become used in the future, define the reserved fields as little-endian. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
There were no missing endianness conversions in this case, but the fields of struct cfc_del_event_data should be defined as little-endian to get rid of the ugly (__force __le32) casts. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
It's not really a bug, but it was odd that bnx2x_eq_int() read the message data as if it were a cfc_del_event regardless of the event type. It's cleaner to access only the appropriate member of union event_data after checking the event opcode. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
On ppc64 the PF did not receive messages from VFs correctly. Fields of struct vf_pf_event_data are little-endian. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
When a VF is sending a message to the PF, it needs to trigger the PF to tell it the message is ready. The trigger did not work on ppc64. No interrupt appeared in the PF. The bug is due to confusion about the layout of struct trigger_vf_zone. In bnx2x_send_msg2pf() the trigger is written using writeb(), not writel(), so the attempt to define the struct with a reversed layout on big-endian is counter-productive. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michal Schmidt authored
bnx2x crashes during the initialization of the 8021q module on ppc64. The bug is a missing conversion from le32 in bnx2x_handle_classification_eqe() when obtaining the cid value from struct eth_event_data. The fields in struct eth_event_data should all be declared as little-endian and conversions added where missing. Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Johannes Berg authored
Since I maintain this driver as part of mac80211, add it to the file list for mac80211; this helps submitters send it to me instead of Kalle and also makes the build robot apply the patches for it on the right tree for build attempts. Acked-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 01 Mar, 2016 12 commits
-
-
Sergei Shtylyov authored
The 'flags' parameter of the of_phy_connect() function wasn't described in the kernel-doc comment... Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Xin Long authored
Now in sctp_remaddr_seq_show(), we use variable *tsp to get the param *v. but *tsp is also used to traversal transport_addr_list, which will cover the previous value, and make sctp_transport_put work on the wrong transport. So fix it by adding a new variable to get the param *v. Fixes: fba4c330 ("sctp: hold transport before we access t->asoc in sctp proc") Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Xin Long authored
As the member .cmp_addr of sctp_af_inet6, sctp_v6_cmp_addr should also check the port of addresses, just like sctp_v4_cmp_addr, cause it's invoked by sctp_cmp_addr_exact(). Now sctp_v6_cmp_addr just check the port when two addresses have different family, and lack the port check for two ipv6 addresses. that will make sctp_hash_cmp() cannot work well. so fix it by adding ports comparison in sctp_v6_cmp_addr(). Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Alexandre Belloni says: ==================== phy: micrel: fix issues with interrupt on atmel boards Since the phy is not polled anymore, there were issues getting a link on the sama5d* xplained boards. I'm not too sure about were those fixes should go and I'm wondering whether the first one shoud be made generic. For the second one, I found the PHY_HAS_MAGICANEG flag that is not used and I wondering whether this is related to that kind of issue. I had a quick look at the history and could'nt find its use. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexandre Belloni authored
Disable auto negotiation on init to properly detect an already plugged cable at boot. At boot, when the phy is started, it is in the PHY_UP state. However, if a cable is plugged at boot, because auto negociation is already enabled at the time we get the first interrupt, the phy is already running. But the state machine then switches from PHY_UP to PHY_AN and calls phy_start_aneg(). phy_start_aneg() will not do anything because aneg is already enabled on the phy. It will then wait for a interrupt before going further. This interrupt will never happen unless the cable is unplugged and then replugged. It was working properly before 321beec5 (net: phy: Use interrupts when available in NOLINK state) because switching to NOLINK meant starting polling the phy, even if IRQ were enabled. Fixes: 321beec5 (net: phy: Use interrupts when available in NOLINK state) Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexandre Belloni authored
At least on ksz8081, when getting back from power down, interrupts are disabled. ensure they are reenabled if they were previously enabled. This fixes resuming which is failing on the xplained boards from atmel since 321beec5 (net: phy: Use interrupts when available in NOLINK state) Fixes: 321beec5 (net: phy: Use interrupts when available in NOLINK state) Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Guillaume Nault authored
ppp_read() and ppp_poll() can be called concurrently with ppp_ioctl(). In this case, ppp_ioctl() might call ppp_ccp_closed(), which may update ppp->flags while ppp_read() or ppp_poll() is reading it. The update done by ppp_ccp_closed() isn't atomic due to the bit mask operation ('ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP)'), so concurrent readers might get transient values. Reading incorrect ppp->flags may disturb the 'ppp->flags & SC_LOOP_TRAFFIC' test in ppp_read() and ppp_poll(), which in turn can lead to improper decision on whether the PPP unit file is ready for reading or not. Since ppp_ccp_closed() is protected by the Rx and Tx locks (with ppp_lock()), taking the Rx lock is enough for ppp_read() and ppp_poll() to guarantee that ppp_ccp_closed() won't update ppp->flags concurrently. The same reasoning applies to ppp->n_channels. The 'n_channels' field can also be written to concurrently by ppp_ioctl() (through ppp_connect_channel() or ppp_disconnect_channel()). These writes aren't atomic (simple increment/decrement), but are protected by both the Rx and Tx locks (like in the ppp->flags case). So holding the Rx lock before reading ppp->n_channels also prevents concurrent writes. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ivan Vecera authored
Use list_move_tail() to move MAC address entry from list of pending to list of active entries. Simple list_add_tail() leaves the entry also in the first list, this leads to list corruption. Cc: Rasesh Mody <rasesh.mody@qlogic.com> Signed-off-by: Ivan Vecera <ivecera@redhat.com> Acked-by: Rasesh Mody <rasesh.mody@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge tag 'linux-can-fixes-for-4.5-20160226' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-02-26 this is a pull request of one patch for net. The patch by Maximilain Schneider fixes a kfree() problem during disconnect in the gs_usb driver. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Felix Fietkau authored
RTS/CTS needs to be enabled if the rate is a fallback rate *or* if it's a dual-stream rate and the sta is in dynamic SMPS mode. Cc: stable@vger.kernel.org Fixes: a3ebb4e1 ("mac80211: minstrel_ht: handle peers in dynamic SMPS") Reported-by: Matías Richart <mrichart@fing.edu.uy> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Jouni Malinen authored
Public Action frames use special rules for how the BSSID field (Address 3) is set. A wildcard BSSID is used in cases where the transmitter and recipient are not members of the same BSS. As such, we need to accept Public Action frames with wildcard BSSID. Commit db8e1732 ("mac80211: ignore frames between TDLS peers when operating as AP") added a rule that drops Action frames to TDLS-peers based on an Action frame having different DA (Address 1) and BSSID (Address 3) values. This is not correct since it misses the possibility of BSSID being a wildcard BSSID in which case the Address 1 would not necessarily match. Fix this by allowing mac80211 to accept wildcard BSSID in an Action frame when in AP mode. Fixes: db8e1732 ("mac80211: ignore frames between TDLS peers when operating as AP") Cc: stable@vger.kernel.org Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Just like for CCMP we need to check that for GCMP the fragments have PNs that increment by one; the spec was updated to fix this security issue and now has the following text: The receiver shall discard MSDUs and MMPDUs whose constituent MPDU PN values are not incrementing in steps of 1. Adapt the code for CCMP to work for GCMP as well, luckily the relevant fields already alias each other so no code duplication is needed (just check the aliasing with BUILD_BUG_ON.) Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
- 29 Feb, 2016 1 commit
-
-
Neil Horman authored
Recently, I fixed a bug in 3c59x: commit 6e144419 Author: Neil Horman <nhorman@tuxdriver.com> Date: Wed Jan 13 12:43:54 2016 -0500 3c59x: fix another page map/single unmap imbalance Which correctly rebalanced dma mapping and unmapping types. Unfortunately it introduced a new bug which causes oopses on older systems. When mapping dma regions, the last entry for a packet in the 3c59x tx ring encodes a LAST_FRAG bit, which is encoded as the high order bit of the buffers length field. When it is unmapped the LAST_FRAG bit is cleared prior to being passed to the unmap function. Unfortunately the commit above fails to do that masking. It was missed in testing because the system on which I tested it had an intel iommu, the driver for which ignores the size field, using only the DMA address as the token to identify the mapping to be released. However, on older systems that rely on swiotlb (or other dma drivers that key off that length field), not masking off that LAST_FRAG high order bit results in parsing a huge size to be release, leading to all sorts of odd corruptions and the like. Fix is easy, just mask the length with 0xFFF. It should really be &(LAST_FRAG-1), but 0xFFF is the style of the file, and I'd like to make this fix minimal and correct before making it prettier. Appies to the net tree cleanly. All testing on both iommu and swiommu based systems produce good results Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: Steffen Klassert <klassert@mathematik.tu-chemnitz.de> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 26 Feb, 2016 2 commits
-
-
MINOURA Makoto / 箕浦 真 authored
When the send skbuff reaches the end, nlmsg_put and friends returns -EMSGSIZE but it is silently thrown away in ndo_fdb_dump. It is called within a for_each_netdev loop and the first fdb entry of a following netdev could fit in the remaining skbuff. This breaks the mechanism of cb->args[0] and idx to keep track of the entries that are already dumped, which results missing entries in bridge fdb show command. Signed-off-by: Minoura Makoto <minoura@valinux.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Maximilain Schneider authored
gs_destroy_candev() erroneously calls kfree() on a struct gs_can *, which is allocated through alloc_candev() and should instead be freed using free_candev() alone. The inappropriate use of kfree() causes the kernel to hang when gs_destroy_candev() is called. Only the struct gs_usb * which is allocated through kzalloc() should be freed using kfree() when the device is disconnected. Signed-off-by: Maximilian Schneider <max@schneidersoft.net> Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
-
- 25 Feb, 2016 7 commits
-
-
Sunil Goutham authored
On Thunderx pass 1.x and pass2 due to a HW errata default CQ DROP_LEVEL of 0x80 is not sufficient to avoid CQ_WR_FULL Qset error when packets are being received at >20Mpps resulting in complete stall of packet reception. This patch will configure it to 0x100 which is what is expected by HW on Thunderx. On future passes of thunderx and other chips HW default/reset value will be 0x100 or higher hence not overwritten. Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com> Signed-off-by: Sunil Goutham <sgoutham@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Chun-Hao Lin authored
There will be a log spam when there is no cable plugged. Please refer to following links. https://bugzilla.kernel.org/show_bug.cgi?id=104351 https://bugzilla.kernel.org/show_bug.cgi?id=107421 This issue is caused by runtime power management. When there is no cable plugged, the driver will be suspend (runtime suspend) by OS and NIC will be put into the D3 state. During this time, if OS call rtl8169_get_stats64() to dump tally counter, because NIC is in D3 state, the register value read by driver will return all 0xff. This will let driver think tally counter flag is not toggled and then sends the warning message "rtl_counters_cond == 1 (loop: 1000, delay: 10)" to kernel log. For fixing this issue, 1.add checking driver's pm runtime status in rtl8169_get_stats64(). 2.dump tally counter before going runtime suspend for counter accuracy in runtime suspend. Signed-off-by: Chunhao Lin <hau@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Lüssing authored
We need to update the skb->csum after pulling the skb, otherwise an unnecessary checksum (re)computation can ocure for IGMP/MLD packets in the bridge code. Additionally this fixes the following splats for network devices / bridge ports with support for and enabled RX checksum offloading: [...] [ 43.986968] eth0: hw csum failure [ 43.990344] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.4.0 #2 [ 43.996193] Hardware name: BCM2709 [ 43.999647] [<800204e0>] (unwind_backtrace) from [<8001cf14>] (show_stack+0x10/0x14) [ 44.007432] [<8001cf14>] (show_stack) from [<801ab614>] (dump_stack+0x80/0x90) [ 44.014695] [<801ab614>] (dump_stack) from [<802e4548>] (__skb_checksum_complete+0x6c/0xac) [ 44.023090] [<802e4548>] (__skb_checksum_complete) from [<803a055c>] (ipv6_mc_validate_checksum+0x104/0x178) [ 44.032959] [<803a055c>] (ipv6_mc_validate_checksum) from [<802e111c>] (skb_checksum_trimmed+0x130/0x188) [ 44.042565] [<802e111c>] (skb_checksum_trimmed) from [<803a06e8>] (ipv6_mc_check_mld+0x118/0x338) [ 44.051501] [<803a06e8>] (ipv6_mc_check_mld) from [<803b2c98>] (br_multicast_rcv+0x5dc/0xd00) [ 44.060077] [<803b2c98>] (br_multicast_rcv) from [<803aa510>] (br_handle_frame_finish+0xac/0x51c) [...] Fixes: 9afd85c9 ("net: Export IGMP/MLD message validation code") Reported-by: Álvaro Fernández Rojas <noltari@gmail.com> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stefan Wahren authored
ether_setup sets IFF_TX_SKB_SHARING but this is not supported by qca_spi as it modifies the skb on xmit. Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com> Fixes: 291ab06e (net: qualcomm: new Ethernet over SPI driver for QCA7000) Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stefan Wahren authored
Currently qcaspi_netdev_setup accidentally clears IFF_BROADCAST. So fix this by keeping the flags from ether_setup. Reported-by: Michael Heimpold <michael.heimpold@i2se.com> Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com> Fixes: 291ab06e (net: qualcomm: new Ethernet over SPI driver for QCA7000) Signed-off-by: David S. Miller <davem@davemloft.net>
-
David Ahern authored
Nik pointed that the VRF driver should be using skb_header_pointer instead of accessing skb->data and bits beyond directly which can be garbage. Fixes: 35402e31 ("net: Add IPv6 support to VRF device") Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Diego Viola authored
The JMC260 network card fails to suspend/resume because the call to jme_start_irq() was too early, moving the call to jme_start_irq() after the call to jme_reset_link() makes it work. Prior this change suspend/resume would fail unless /sys/power/pm_async=0 was explicitly specified. Relevant bug report: https://bugzilla.kernel.org/show_bug.cgi?id=112351Signed-off-by: Diego Viola <diego.viola@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 24 Feb, 2016 6 commits
-
-
David S. Miller authored
Merge tag 'mac80211-for-davem-2016-02-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Another small set of fixes: * stop critical protocol session on disconnect to avoid it getting stuck * wext: fix two RTNL message ordering issues * fix an uninitialized value (found by KASAN) * fix an out-of-bounds access (also found by KASAN) * clear connection keys when freeing them in all cases (IBSS, all other places already did so) * fix expected throughput unit to get consistent values * set default TX aggregation timeout to 0 in minstrel to avoid (really just hide) issues and perform better ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Daniel Borkmann authored
The fix in 35e2d115 ("tunnels: Allow IPv6 UDP checksums to be correctly controlled.") changed behavior for bpf_set_tunnel_key() when in use with IPv6 and thus uncovered a bug that TUNNEL_CSUM needed to be set but wasn't. As a result, the stack dropped ingress vxlan IPv6 packets, that have been sent via eBPF through collect meta data mode due to checksum now being zero. Since after LCO, we enable IPv4 checksum by default, so make that analogous and only provide a flag BPF_F_ZERO_CSUM_TX for the user to turn it off in IPv4 case. Fixes: 35e2d115 ("tunnels: Allow IPv6 UDP checksums to be correctly controlled.") Fixes: c6c33454 ("bpf: support ipv6 for bpf_skb_{set,get}_tunnel_key") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hannes Frederic Sowa authored
Otherwise we break the contract with GSO to only pass CHECKSUM_PARTIAL skbs down. This can easily happen with UDP+IPv4 sockets with the first MSG_MORE write smaller than the MTU, second write is a sendfile. Returning -EOPNOTSUPP lets the callers fall back into normal sendmsg path, were we calculate the checksum manually during copying. Commit d749c9cb ("ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets") started to exposes this bug. Fixes: d749c9cb ("ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets") Reported-by: Jiri Benc <jbenc@redhat.com> Cc: Jiri Benc <jbenc@redhat.com> Reported-by: Wakko Warner <wakko@animx.eu.org> Cc: Wakko Warner <wakko@animx.eu.org> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sebastian Frias authored
Under some circumstances, e.g. when connecting to a switch, the ethernet port will not be connected to a PHY. In that case a "fixed-link" DT node can be used to replace it. https://stackoverflow.com/questions/31046172/device-tree-for-phy-less-connection-to-a-dsa-switch This patch adds support for the "fixed-link" node to the nb8800 driver. Signed-off-by: Sebastian Frias <sf84@laposte.net> Acked-by: Mans Rullgard <mans@mansr.com> Cc: Mason <slash.tmp@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
The arithmetic to zero pad the last 64-bit word in the push buffer is not correct. 1. It should be pdata + length to get to the end. 2. 'pdata' is void pointer and passing it to PTR_ALIGN() will cast the aligned pointer to void. Pass 'end' which is u64 pointer to PTR_ALIGN() instead so that the aligned pointer - 1 is the last 64-bit pointer to data. Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bernie Harris authored
IPCB may contain data from previous layers (in the observed case the qdisc layer). In the observed scenario, the data was misinterpreted as ip header options, which later caused the ihl to be set to an invalid value (<5). This resulted in an infinite loop in the mips implementation of ip_fast_csum. This patch clears IPCB(skb)->opt before dst_link_failure can be called for various types of tunnels. This change only applies to encapsulated ipv4 packets. The code introduced in 11c21a30 which clears all of IPCB has been removed to be consistent with these changes, and instead the opt field is cleared unconditionally in ip_tunnel_xmit. The change in ip_tunnel_xmit applies to SIT, GRE, and IPIP tunnels. The relevant vti, l2tp, and pptp functions already contain similar code for clearing the IPCB. Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 23 Feb, 2016 1 commit
-
-
Konstantin Khlebnikov authored
Currently it's converted into msecs, thus HZ=1000 intact. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Fixes: 740b0f18 ("tcp: switch rtt estimations to usec resolution") Signed-off-by: David S. Miller <davem@davemloft.net>
-