1. 24 Mar, 2020 7 commits
  2. 22 Mar, 2020 11 commits
    • Grygorii Strashko's avatar
      net: phy: dp83867: w/a for fld detect threshold bootstrapping issue · 749f6f68
      Grygorii Strashko authored
      When the DP83867 PHY is strapped to enable Fast Link Drop (FLD) feature
      STRAP_STS2.STRAP_ FLD (reg 0x006F bit 10), the Energy Lost Threshold for
      FLD Energy Lost Mode FLD_THR_CFG.ENERGY_LOST_FLD_THR (reg 0x002e bits 2:0)
      will be defaulted to 0x2. This may cause the phy link to be unstable. The
      new DP83867 DM recommends to always restore ENERGY_LOST_FLD_THR to 0x1.
      
      Hence, restore default value of FLD_THR_CFG.ENERGY_LOST_FLD_THR to 0x1 when
      FLD is enabled by bootstrapping as recommended by DM.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      749f6f68
    • Emil Renner Berthing's avatar
      net: stmmac: dwmac-rk: fix error path in rk_gmac_probe · 9de9aa48
      Emil Renner Berthing authored
      Make sure we clean up devicetree related configuration
      also when clock init fails.
      
      Fixes: fecd4d7e ("net: stmmac: dwmac-rk: Add integrated PHY support")
      Signed-off-by: default avatarEmil Renner Berthing <kernel@esmil.dk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9de9aa48
    • Oliver Hartkopp's avatar
      slcan: not call free_netdev before rtnl_unlock in slcan_open · 2091a3d4
      Oliver Hartkopp authored
      As the description before netdev_run_todo, we cannot call free_netdev
      before rtnl_unlock, fix it by reorder the code.
      
      This patch is a 1:1 copy of upstream slip.c commit f596c870
      ("slip: not call free_netdev before rtnl_unlock in slip_open").
      Reported-by: default avataryangerkun <yangerkun@huawei.com>
      Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2091a3d4
    • Lukas Bulwahn's avatar
      ionic: make spdxcheck.py happy · 06e9bfc1
      Lukas Bulwahn authored
      Headers ionic_if.h and ionic_regs.h are licensed under three alternative
      licenses and the used SPDX-License-Identifier expression makes
      ./scripts/spdxcheck.py complain:
      
      drivers/net/ethernet/pensando/ionic/ionic_if.h: 1:52 Syntax error: OR
      drivers/net/ethernet/pensando/ionic/ionic_regs.h: 1:52 Syntax error: OR
      
      As OR is associative, it is irrelevant if the parentheses are put around
      the first or the second OR-expression.
      
      Simply add parentheses to make spdxcheck.py happy.
      Signed-off-by: default avatarLukas Bulwahn <lukas.bulwahn@gmail.com>
      Acked-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06e9bfc1
    • Taehee Yoo's avatar
      hsr: fix general protection fault in hsr_addr_is_self() · 3a303cfd
      Taehee Yoo authored
      The port->hsr is used in the hsr_handle_frame(), which is a
      callback of rx_handler.
      hsr master and slaves are initialized in hsr_add_port().
      This function initializes several pointers, which includes port->hsr after
      registering rx_handler.
      So, in the rx_handler routine, un-initialized pointer would be used.
      In order to fix this, pointers should be initialized before
      registering rx_handler.
      
      Test commands:
          ip netns del left
          ip netns del right
          modprobe -rv veth
          modprobe -rv hsr
          killall ping
          modprobe hsr
          ip netns add left
          ip netns add right
          ip link add veth0 type veth peer name veth1
          ip link add veth2 type veth peer name veth3
          ip link add veth4 type veth peer name veth5
          ip link set veth1 netns left
          ip link set veth3 netns right
          ip link set veth4 netns left
          ip link set veth5 netns right
          ip link set veth0 up
          ip link set veth2 up
          ip link set veth0 address fc:00:00:00:00:01
          ip link set veth2 address fc:00:00:00:00:02
          ip netns exec left ip link set veth1 up
          ip netns exec left ip link set veth4 up
          ip netns exec right ip link set veth3 up
          ip netns exec right ip link set veth5 up
          ip link add hsr0 type hsr slave1 veth0 slave2 veth2
          ip a a 192.168.100.1/24 dev hsr0
          ip link set hsr0 up
          ip netns exec left ip link add hsr1 type hsr slave1 veth1 slave2 veth4
          ip netns exec left ip a a 192.168.100.2/24 dev hsr1
          ip netns exec left ip link set hsr1 up
          ip netns exec left ip n a 192.168.100.1 dev hsr1 lladdr \
      	    fc:00:00:00:00:01 nud permanent
          ip netns exec left ip n r 192.168.100.1 dev hsr1 lladdr \
      	    fc:00:00:00:00:01 nud permanent
          for i in {1..100}
          do
              ip netns exec left ping 192.168.100.1 &
          done
          ip netns exec left hping3 192.168.100.1 -2 --flood &
          ip netns exec right ip link add hsr2 type hsr slave1 veth3 slave2 veth5
          ip netns exec right ip a a 192.168.100.3/24 dev hsr2
          ip netns exec right ip link set hsr2 up
          ip netns exec right ip n a 192.168.100.1 dev hsr2 lladdr \
      	    fc:00:00:00:00:02 nud permanent
          ip netns exec right ip n r 192.168.100.1 dev hsr2 lladdr \
      	    fc:00:00:00:00:02 nud permanent
          for i in {1..100}
          do
              ip netns exec right ping 192.168.100.1 &
          done
          ip netns exec right hping3 192.168.100.1 -2 --flood &
          while :
          do
              ip link add hsr0 type hsr slave1 veth0 slave2 veth2
      	ip a a 192.168.100.1/24 dev hsr0
      	ip link set hsr0 up
      	ip link del hsr0
          done
      
      Splat looks like:
      [  120.954938][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1]I
      [  120.957761][    C0] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
      [  120.959064][    C0] CPU: 0 PID: 1511 Comm: hping3 Not tainted 5.6.0-rc5+ #460
      [  120.960054][    C0] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
      [  120.962261][    C0] RIP: 0010:hsr_addr_is_self+0x65/0x2a0 [hsr]
      [  120.963149][    C0] Code: 44 24 18 70 73 2f c0 48 c1 eb 03 48 8d 04 13 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 4
      [  120.966277][    C0] RSP: 0018:ffff8880d9c09af0 EFLAGS: 00010206
      [  120.967293][    C0] RAX: 0000000000000006 RBX: 1ffff1101b38135f RCX: 0000000000000000
      [  120.968516][    C0] RDX: dffffc0000000000 RSI: ffff8880d17cb208 RDI: 0000000000000000
      [  120.969718][    C0] RBP: 0000000000000030 R08: ffffed101b3c0e3c R09: 0000000000000001
      [  120.972203][    C0] R10: 0000000000000001 R11: ffffed101b3c0e3b R12: 0000000000000000
      [  120.973379][    C0] R13: ffff8880aaf80100 R14: ffff8880aaf800f2 R15: ffff8880aaf80040
      [  120.974410][    C0] FS:  00007f58e693f740(0000) GS:ffff8880d9c00000(0000) knlGS:0000000000000000
      [  120.979794][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  120.980773][    C0] CR2: 00007ffcb8b38f29 CR3: 00000000afe8e001 CR4: 00000000000606f0
      [  120.981945][    C0] Call Trace:
      [  120.982411][    C0]  <IRQ>
      [  120.982848][    C0]  ? hsr_add_node+0x8c0/0x8c0 [hsr]
      [  120.983522][    C0]  ? rcu_read_lock_held+0x90/0xa0
      [  120.984159][    C0]  ? rcu_read_lock_sched_held+0xc0/0xc0
      [  120.984944][    C0]  hsr_handle_frame+0x1db/0x4e0 [hsr]
      [  120.985597][    C0]  ? hsr_nl_nodedown+0x2b0/0x2b0 [hsr]
      [  120.986289][    C0]  __netif_receive_skb_core+0x6bf/0x3170
      [  120.992513][    C0]  ? check_chain_key+0x236/0x5d0
      [  120.993223][    C0]  ? do_xdp_generic+0x1460/0x1460
      [  120.993875][    C0]  ? register_lock_class+0x14d0/0x14d0
      [  120.994609][    C0]  ? __netif_receive_skb_one_core+0x8d/0x160
      [  120.995377][    C0]  __netif_receive_skb_one_core+0x8d/0x160
      [  120.996204][    C0]  ? __netif_receive_skb_core+0x3170/0x3170
      [ ... ]
      
      Reported-by: syzbot+fcf5dd39282ceb27108d@syzkaller.appspotmail.com
      Fixes: c5a75911 ("net/hsr: Use list_head (and rcu) instead of array for slave devices.")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3a303cfd
    • David S. Miller's avatar
      Merge branch 'hinic-BugFixes' · 4abe5a1b
      David S. Miller authored
      Luo bin says:
      
      ====================
      hinic: BugFixes
      
      Fix a number of bugs which have been present since the first commit.
      
      The bugs fixed in these patchs are hardly exposed unless given
      very specific conditions.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4abe5a1b
    • Luo bin's avatar
      hinic: fix wrong value of MIN_SKB_LEN · 7296695f
      Luo bin authored
      the minimum value of skb len that hw supports is 32 rather than 17
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7296695f
    • Luo bin's avatar
      hinic: fix wrong para of wait_for_completion_timeout · 0da7c322
      Luo bin authored
      the second input parameter of wait_for_completion_timeout should
      be jiffies instead of millisecond
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0da7c322
    • Luo bin's avatar
      hinic: fix out-of-order excution in arm cpu · 33f15da2
      Luo bin authored
      add read barrier in driver code to keep from reading other fileds
      in dma memory which is writable for hw until we have verified the
      memory is valid for driver
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      33f15da2
    • Luo bin's avatar
      hinic: fix the bug of clearing event queue · 614eaa94
      Luo bin authored
      should disable eq irq before freeing it, must clear event queue
      depth in hw before freeing relevant memory to avoid illegal
      memory access and update consumer idx to avoid invalid interrupt
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      614eaa94
    • Luo bin's avatar
      hinic: fix a bug of waitting for IO stopped · 96758117
      Luo bin authored
      it's unreliable for fw to check whether IO is stopped, so driver
      wait for enough time to ensure IO process is done in hw before
      freeing resources
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96758117
  3. 21 Mar, 2020 2 commits
  4. 20 Mar, 2020 6 commits
    • Eric Dumazet's avatar
      tcp: ensure skb->dev is NULL before leaving TCP stack · b738a185
      Eric Dumazet authored
      skb->rbnode is sharing three skb fields : next, prev, dev
      
      When a packet is sent, TCP keeps the original skb (master)
      in a rtx queue, which was converted to rbtree a while back.
      
      __tcp_transmit_skb() is responsible to clone the master skb,
      and add the TCP header to the clone before sending it
      to network layer.
      
      skb_clone() already clears skb->next and skb->prev, but copies
      the master oskb->dev into the clone.
      
      We need to clear skb->dev, otherwise lower layers could interpret
      the value as a pointer to a netdev.
      
      This old bug surfaced recently when commit 28f8bfd1
      ("netfilter: Support iif matches in POSTROUTING") was merged.
      
      Before this netfilter commit, skb->dev value was ignored and
      changed before reaching dev_queue_xmit()
      
      Fixes: 75c119af ("tcp: implement rb-tree based retransmit queue")
      Fixes: 28f8bfd1 ("netfilter: Support iif matches in POSTROUTING")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarMartin Zaharinov <micron10@gmail.com>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b738a185
    • Rahul Lakkireddy's avatar
      cxgb4: fix Txq restart check during backpressure · f1f20a86
      Rahul Lakkireddy authored
      Driver reclaims descriptors in much smaller batches, even if hardware
      indicates more to reclaim, during backpressure. So, fix the check to
      restart the Txq during backpressure, by looking at how many
      descriptors hardware had indicated to reclaim, and not on how many
      descriptors that driver had actually reclaimed. Once the Txq is
      restarted, driver will reclaim even more descriptors when Tx path
      is entered again.
      
      Fixes: d429005f ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1f20a86
    • Rahul Lakkireddy's avatar
      cxgb4: fix throughput drop during Tx backpressure · 7affd808
      Rahul Lakkireddy authored
      commit 7c3bebc3 ("cxgb4: request the TX CIDX updates to status page")
      reverted back to getting Tx CIDX updates via DMA, instead of interrupts,
      introduced by commit d429005f ("cxgb4/cxgb4vf: Add support for SGE
      doorbell queue timer")
      
      However, it missed reverting back several code changes where Tx CIDX
      updates are not explicitly requested during backpressure when using
      interrupt mode. These missed changes cause slow recovery during
      backpressure because the corresponding interrupt no longer comes and
      hence results in Tx throughput drop.
      
      So, revert back these missed code changes, as well, which will allow
      explicitly requesting Tx CIDX updates when backpressure happens.
      This enables the corresponding interrupt with Tx CIDX update message
      to get generated and hence speed up recovery and restore back
      throughput.
      
      Fixes: 7c3bebc3 ("cxgb4: request the TX CIDX updates to status page")
      Fixes: d429005f ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7affd808
    • René van Dorst's avatar
      net: dsa: mt7530: Change the LINK bit to reflect the link status · 22259471
      René van Dorst authored
      Andrew reported:
      
      After a number of network port link up/down changes, sometimes the switch
      port gets stuck in a state where it thinks it is still transmitting packets
      but the cpu port is not actually transmitting anymore. In this state you
      will see a message on the console
      "mtk_soc_eth 1e100000.ethernet eth0: transmit timed out" and the Tx counter
      in ifconfig will be incrementing on virtual port, but not incrementing on
      cpu port.
      
      The issue is that MAC TX/RX status has no impact on the link status or
      queue manager of the switch. So the queue manager just queues up packets
      of a disabled port and sends out pause frames when the queue is full.
      
      Change the LINK bit to reflect the link status.
      
      Fixes: b8f126a8 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
      Reported-by: default avatarAndrew Smith <andrew.smith@digi.com>
      Signed-off-by: default avatarRené van Dorst <opensource@vdorst.com>
      Reviewed-by: default avatarVivien Didelot <vivien.didelot@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      22259471
    • David S. Miller's avatar
      Merge tag 'rxrpc-fixes-20200319' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · 3ac9eb42
      David S. Miller authored
      David Howells says:
      
      ====================
      rxrpc, afs: Interruptibility fixes
      
      Here are a number of fixes for AF_RXRPC and AFS that make AFS system calls
      less interruptible and so less likely to leave the filesystem in an
      uncertain state.  There's also a miscellaneous patch to make tracing
      consistent.
      
       (1) Firstly, abstract out the Tx space calculation in sendmsg.  Much the
           same code is replicated in a number of places that subsequent patches
           are going to alter, including adding another copy.
      
       (2) Fix Tx interruptibility by allowing a kernel service, such as AFS, to
           request that a call be interruptible only when waiting for a call slot
           to become available (ie. the call has not taken place yet) or that a
           call be not interruptible at all (e.g. when we want to do writeback
           and don't want a signal interrupting a VM-induced writeback).
      
       (3) Increase the minimum delay on MSG_WAITALL for userspace sendmsg() when
           waiting for Tx buffer space as a 2*RTT delay is really small over 10G
           ethernet and a 1 jiffy timeout might be essentially 0 if at the end of
           the jiffy period.
      
       (4) Fix some tracing output in AFS to make it consistent with rxrpc.
      
       (5) Make sure aborted asynchronous AFS operations are tidied up properly
           so we don't end up with stuck rxrpc calls.
      
       (6) Make AFS client calls uninterruptible in the Rx phase.  If we don't
           wait for the reply to be fully gathered, we can't update the local VFS
           state and we end up in an indeterminate state with respect to the
           server.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ac9eb42
    • Ido Schimmel's avatar
      mlxsw: pci: Only issue reset when system is ready · 6002059d
      Ido Schimmel authored
      During initialization the driver issues a software reset command and
      then waits for the system status to change back to "ready" state.
      
      However, before issuing the reset command the driver does not check that
      the system is actually in "ready" state. On Spectrum-{1,2} systems this
      was always the case as the hardware initialization time is very short.
      On Spectrum-3 systems this is no longer the case. This results in the
      software reset command timing-out and the driver failing to load:
      
      [ 6.347591] mlxsw_spectrum3 0000:06:00.0: Cmd exec timed-out (opcode=40(ACCESS_REG),opcode_mod=0,in_mod=0)
      [ 6.358382] mlxsw_spectrum3 0000:06:00.0: Reg cmd access failed (reg_id=9023(mrsr),type=write)
      [ 6.368028] mlxsw_spectrum3 0000:06:00.0: cannot register bus device
      [ 6.375274] mlxsw_spectrum3: probe of 0000:06:00.0 failed with error -110
      
      Fix this by waiting for the system to become ready both before issuing
      the reset command and afterwards. In case of failure, print the last
      system status to aid in debugging.
      
      Fixes: da382875 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6002059d
  5. 19 Mar, 2020 10 commits
  6. 18 Mar, 2020 4 commits