1. 18 Nov, 2014 13 commits
    • Dong Aisheng's avatar
      can: m_can: fix possible sleep in napi poll · f6a99649
      Dong Aisheng authored
      The m_can_get_berr_counter function can sleep and it may be called in napi poll
      function. Rework it to fix the following warning.
      
      root@imx6qdlsolo:~# cangen can0 -f -L 12 -D 112233445566778899001122
      [ 1846.017565] m_can 20e8000.can can0: entered error warning state
      [ 1846.023551] ------------[ cut here ]------------
      [ 1846.028216] WARNING: CPU: 0 PID: 560 at kernel/locking/mutex.c:867 mutex_trylock+0x218/0x23c()
      [ 1846.036889] DEBUG_LOCKS_WARN_ON(in_interrupt())
      [ 1846.041263] Modules linked in:
      [ 1846.044594] CPU: 0 PID: 560 Comm: cangen Not tainted 3.17.0-rc4-next-20140915-00010-g032d018-dirty #477
      [ 1846.054033] Backtrace:
      [ 1846.056557] [<80012448>] (dump_backtrace) from [<80012728>] (show_stack+0x18/0x1c)
      [ 1846.064180]  r6:809a07ec r5:809a07ec r4:00000000 r3:00000000
      [ 1846.069966] [<80012710>] (show_stack) from [<806c9ee0>] (dump_stack+0x8c/0xa4)
      [ 1846.077264] [<806c9e54>] (dump_stack) from [<8002aa78>] (warn_slowpath_common+0x70/0x94)
      [ 1846.085403]  r6:806cd1b0 r5:00000009 r4:be1d5c20 r3:be07b0c0
      [ 1846.091204] [<8002aa08>] (warn_slowpath_common) from [<8002aad4>] (warn_slowpath_fmt+0x38/0x40)
      [ 1846.099951]  r8:8119106c r7:80515aa4 r6:be027000 r5:00000001 r4:809d1df4
      [ 1846.106830] [<8002aaa0>] (warn_slowpath_fmt) from [<806cd1b0>] (mutex_trylock+0x218/0x23c)
      [ 1846.115141]  r3:80851c88 r2:8084fb74
      [ 1846.118804] [<806ccf98>] (mutex_trylock) from [<80515aa4>] (clk_prepare_lock+0x14/0xf4)
      [ 1846.126859]  r8:00000040 r7:be1d5cec r6:be027000 r5:be255800 r4:be027000
      [ 1846.133737] [<80515a90>] (clk_prepare_lock) from [<80517660>] (clk_prepare+0x14/0x2c)
      [ 1846.141583]  r5:be255800 r4:be027000
      [ 1846.145272] [<8051764c>] (clk_prepare) from [<8041ff14>] (m_can_get_berr_counter+0x20/0xd4)
      [ 1846.153672]  r4:be255800 r3:be07b0c0
      [ 1846.157325] [<8041fef4>] (m_can_get_berr_counter) from [<80420428>] (m_can_poll+0x310/0x8fc)
      [ 1846.165809]  r7:bd4dc540 r6:00000744 r5:11300000 r4:be255800
      [ 1846.171590] [<80420118>] (m_can_poll) from [<8056a468>] (net_rx_action+0xcc/0x1b4)
      [ 1846.179204]  r10:00000101 r9:be255ebc r8:00000040 r7:be7c3208 r6:8097c100 r5:be7c3200
      [ 1846.187192]  r4:0000012c
      [ 1846.189779] [<8056a39c>] (net_rx_action) from [<8002deec>] (__do_softirq+0xfc/0x2c4)
      [ 1846.197568]  r10:00000101 r9:8097c088 r8:00000003 r7:8097c080 r6:40000001 r5:8097c08c
      [ 1846.205559]  r4:00000020
      [ 1846.208144] [<8002ddf0>] (__do_softirq) from [<8002e194>] (do_softirq+0x7c/0x88)
      [ 1846.215588]  r10:00000000 r9:bd516a60 r8:be18ce00 r7:00000000 r6:be255800 r5:8056c0ec
      [ 1846.223578]  r4:60000093
      [ 1846.226163] [<8002e118>] (do_softirq) from [<8002e288>] (__local_bh_enable_ip+0xe8/0x10c)
      [ 1846.234386]  r4:00000200 r3:be1d4000
      [ 1846.238036] [<8002e1a0>] (__local_bh_enable_ip) from [<8056c108>] (__dev_queue_xmit+0x314/0x6b0)
      [ 1846.246868]  r6:be255800 r5:bd516a00 r4:00000000 r3:be07b0c0
      [ 1846.252645] [<8056bdf4>] (__dev_queue_xmit) from [<8056c4b8>] (dev_queue_xmit+0x14/0x18)
      Signed-off-by: default avatarDong Aisheng <b29396@freescale.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      f6a99649
    • Dong Aisheng's avatar
      can: m_can: add missing message RAM initialization · 962845da
      Dong Aisheng authored
      The M_CAN message RAM is usually equipped with a parity or ECC functionality.
      But RAM cells suffer a hardware reset and can therefore hold arbitrary content
      at startup - including parity and/or ECC bits.
      
      To prevent the M_CAN controller detecting checksum errors when reading
      potentially uninitialized TX message RAM content to transmit CAN frames the TX
      message RAM has to be written with (any kind of) initial data.
      Signed-off-by: default avatarDong Aisheng <b29396@freescale.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      962845da
    • David Cohen's avatar
      can: m_can: add CONFIG_HAS_IOMEM dependence · efe22286
      David Cohen authored
      m_can uses io memory which makes it not compilable on architectures
      without HAS_IOMEM such as UML:
      
      drivers/built-in.o: In function `m_can_plat_probe':
      m_can.c:(.text+0x218cc5): undefined reference to `devm_ioremap_resource'
      m_can.c:(.text+0x218df9): undefined reference to `devm_ioremap'
      Signed-off-by: default avatarDavid Cohen <david.a.cohen@linux.intel.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      efe22286
    • Dong Aisheng's avatar
      can: m_can: add .ndo_change_mtu function · d6fdb38b
      Dong Aisheng authored
      Use common can_change_mtu function.
      Signed-off-by: default avatarDong Aisheng <b29396@freescale.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d6fdb38b
    • Marc Kleine-Budde's avatar
      can: gs_usb: add .ndo_change_mtu function · 50212b42
      Marc Kleine-Budde authored
      Use common can_change_mtu function.
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      50212b42
    • Marc Kleine-Budde's avatar
      can: rcar_can: add .ndo_change_mtu function · ca976d6a
      Marc Kleine-Budde authored
      Use common can_change_mtu function.
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      ca976d6a
    • Marc Kleine-Budde's avatar
      can: xilinx_can: add .ndo_change_mtu function · 92593a03
      Marc Kleine-Budde authored
      Use common can_change_mtu function.
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      92593a03
    • Sudip Mukherjee's avatar
      can: xilinx_can: fix comparison of unsigned variable · fb3ec7ba
      Sudip Mukherjee authored
      The variable err was of the type u32. It was being compared with < 0, and being
      an unsigned variable the comparison would have been always false.
      
      Moreover, err was getting the return value from set_reset_mode() and
      xcan_set_bittiming(), and both are returning int.
      Signed-off-by: default avatarSudip Mukherjee <sudip@vectorindia.org>
      Reviewed-by: default avatarMichal Simek <michal.simek@xilinx.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      fb3ec7ba
    • Sudip Mukherjee's avatar
      can: remove unused variable · 4e2061b1
      Sudip Mukherjee authored
      these variable were only assigned some values, but then never
      reused again.
      so they are safe to be removed.
      Signed-off-by: default avatarSudip Mukherjee <sudip@vectorindia.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      4e2061b1
    • Alexey Khoroshilov's avatar
      can: esd_usb2: fix memory leak on disconnect · efbd50d2
      Alexey Khoroshilov authored
      It seems struct esd_usb2 dev is not deallocated on disconnect. The patch adds
      the missing deallocation.
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Acked-by: default avatarMatthias Fuchs <matthias.fuchs@esd.eu>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      efbd50d2
    • Dong Aisheng's avatar
      can: dev: add can_is_canfd_skb() API · 98e69016
      Dong Aisheng authored
      The CAN device drivers can use can_is_canfd_skb() to check if the frame to send
      is on CAN FD mode or normal CAN mode.
      Acked-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: default avatarDong Aisheng <b29396@freescale.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      98e69016
    • Roman Fietze's avatar
      can: dev: fix typo CIA -> CiA, CAN in Automation · 67b5909e
      Roman Fietze authored
      This patch fixes a typo in CAN's dev.c:
      
          CIA -> CiA
      
      which stands for CAN in Automation.
      Signed-off-by: default avatarRoman Fietze <roman.fietze@telemotive.de>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      67b5909e
    • Thomas Körper's avatar
      can: dev: avoid calling kfree_skb() from interrupt context · 5247a589
      Thomas Körper authored
      ikfree_skb() is Called in can_free_echo_skb(), which might be called from (TX
      Error) interrupt, which triggers the folloing warning:
      
      [ 1153.360705] ------------[ cut here ]------------
      [ 1153.360715] WARNING: CPU: 0 PID: 31 at net/core/skbuff.c:563 skb_release_head_state+0xb9/0xd0()
      [ 1153.360772] Call Trace:
      [ 1153.360778]  [<c167906f>] dump_stack+0x41/0x52
      [ 1153.360782]  [<c105bb7e>] warn_slowpath_common+0x7e/0xa0
      [ 1153.360784]  [<c158b909>] ? skb_release_head_state+0xb9/0xd0
      [ 1153.360786]  [<c158b909>] ? skb_release_head_state+0xb9/0xd0
      [ 1153.360788]  [<c105bc42>] warn_slowpath_null+0x22/0x30
      [ 1153.360791]  [<c158b909>] skb_release_head_state+0xb9/0xd0
      [ 1153.360793]  [<c158be90>] skb_release_all+0x10/0x30
      [ 1153.360795]  [<c158bf06>] kfree_skb+0x36/0x80
      [ 1153.360799]  [<f8486938>] ? can_free_echo_skb+0x28/0x40 [can_dev]
      [ 1153.360802]  [<f8486938>] can_free_echo_skb+0x28/0x40 [can_dev]
      [ 1153.360805]  [<f849a12c>] esd_pci402_interrupt+0x34c/0x57a [esd402]
      [ 1153.360809]  [<c10a75b5>] handle_irq_event_percpu+0x35/0x180
      [ 1153.360811]  [<c10a7623>] ? handle_irq_event_percpu+0xa3/0x180
      [ 1153.360813]  [<c10a7731>] handle_irq_event+0x31/0x50
      [ 1153.360816]  [<c10a9c7f>] handle_fasteoi_irq+0x6f/0x120
      [ 1153.360818]  [<c10a9c10>] ? handle_edge_irq+0x110/0x110
      [ 1153.360822]  [<c1011b61>] handle_irq+0x71/0x90
      [ 1153.360823]  <IRQ>  [<c168152c>] do_IRQ+0x3c/0xd0
      [ 1153.360829]  [<c1680b6c>] common_interrupt+0x2c/0x34
      [ 1153.360834]  [<c107d277>] ? finish_task_switch+0x47/0xf0
      [ 1153.360836]  [<c167c27b>] __schedule+0x35b/0x7e0
      [ 1153.360839]  [<c10a5334>] ? console_unlock+0x2c4/0x4d0
      [ 1153.360842]  [<c13df500>] ? n_tty_receive_buf_common+0x890/0x890
      [ 1153.360845]  [<c10707b6>] ? process_one_work+0x196/0x370
      [ 1153.360847]  [<c167c723>] schedule+0x23/0x60
      [ 1153.360849]  [<c1070de1>] worker_thread+0x161/0x460
      [ 1153.360852]  [<c1090fcf>] ? __wake_up_locked+0x1f/0x30
      [ 1153.360854]  [<c1070c80>] ? rescuer_thread+0x2f0/0x2f0
      [ 1153.360856]  [<c1074f01>] kthread+0xa1/0xc0
      [ 1153.360859]  [<c1680401>] ret_from_kernel_thread+0x21/0x30
      [ 1153.360861]  [<c1074e60>] ? kthread_create_on_node+0x110/0x110
      [ 1153.360863] ---[ end trace 5ff83639cbb74b35 ]---
      
      This patch replaces the kfree_skb() by dev_kfree_skb_any().
      Signed-off-by: default avatarThomas Körper <thomas.koerper@esd.eu>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      5247a589
  2. 16 Nov, 2014 9 commits
    • Daniel Borkmann's avatar
      ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs · feb91a02
      Daniel Borkmann authored
      It has been reported that generating an MLD listener report on
      devices with large MTUs (e.g. 9000) and a high number of IPv6
      addresses can trigger a skb_over_panic():
      
      skbuff: skb_over_panic: text:ffffffff80612a5d len:3776 put:20
      head:ffff88046d751000 data:ffff88046d751010 tail:0xed0 end:0xec0
      dev:port1
       ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:100!
      invalid opcode: 0000 [#1] SMP
      Modules linked in: ixgbe(O)
      CPU: 3 PID: 0 Comm: swapper/3 Tainted: G O 3.14.23+ #4
      [...]
      Call Trace:
       <IRQ>
       [<ffffffff80578226>] ? skb_put+0x3a/0x3b
       [<ffffffff80612a5d>] ? add_grhead+0x45/0x8e
       [<ffffffff80612e3a>] ? add_grec+0x394/0x3d4
       [<ffffffff80613222>] ? mld_ifc_timer_expire+0x195/0x20d
       [<ffffffff8061308d>] ? mld_dad_timer_expire+0x45/0x45
       [<ffffffff80255b5d>] ? call_timer_fn.isra.29+0x12/0x68
       [<ffffffff80255d16>] ? run_timer_softirq+0x163/0x182
       [<ffffffff80250e6f>] ? __do_softirq+0xe0/0x21d
       [<ffffffff8025112b>] ? irq_exit+0x4e/0xd3
       [<ffffffff802214bb>] ? smp_apic_timer_interrupt+0x3b/0x46
       [<ffffffff8063f10a>] ? apic_timer_interrupt+0x6a/0x70
      
      mld_newpack() skb allocations are usually requested with dev->mtu
      in size, since commit 72e09ad1 ("ipv6: avoid high order allocations")
      we have changed the limit in order to be less likely to fail.
      
      However, in MLD/IGMP code, we have some rather ugly AVAILABLE(skb)
      macros, which determine if we may end up doing an skb_put() for
      adding another record. To avoid possible fragmentation, we check
      the skb's tailroom as skb->dev->mtu - skb->len, which is a wrong
      assumption as the actual max allocation size can be much smaller.
      
      The IGMP case doesn't have this issue as commit 57e1ab6e
      ("igmp: refine skb allocations") stores the allocation size in
      the cb[].
      
      Set a reserved_tailroom to make it fit into the MTU and use
      skb_availroom() helper instead. This also allows to get rid of
      igmp_skb_size().
      Reported-by: default avatarWei Liu <lw1a2.jing@gmail.com>
      Fixes: 72e09ad1 ("ipv6: avoid high order allocations")
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Cc: David L Stevens <david.stevens@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      feb91a02
    • Martin Hauke's avatar
      qmi_wwan: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem · bb2bdeb8
      Martin Hauke authored
      Added the USB VID/PID for the HP lt4112 LTE/HSPA+ Gobi 4G Modem (Huawei me906e)
      Signed-off-by: default avatarMartin Hauke <mardnh@gmx.de>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb2bdeb8
    • David S. Miller's avatar
      Merge branch 'net_ovs' of git://git.kernel.org/pub/scm/linux/kernel/git/pshelar/openvswitch · c6ab766e
      David S. Miller authored
      Pravin B Shelar says:
      
      ====================
      Open vSwitch
      
      Following fixes are accumulated in ovs-repo.
      Three of them are related to protocol processing, one is
      related to memory leak in case of error and one is to
      fix race.
      Patch "Validate IPv6 flow key and mask values" has conflicts
      with net-next, Let me know if you want me to send the patch
      for net-next.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6ab766e
    • Anish Bhatt's avatar
      dcbnl : Disable software interrupts before taking dcb_lock · 52cff74e
      Anish Bhatt authored
      Solves possible lockup issues that can be seen from firmware DCB agents calling
      into the DCB app api.
      
      DCB firmware event queues can be tied in with NAPI so that dcb events are
      generated in softIRQ context. This can results in calls to dcb_*app()
      functions which try to take the dcb_lock.
      
      If the the event triggers while we also have the dcb_lock because lldpad or
      some other agent happened to be issuing a  get/set command we could see a cpu
      lockup.
      
      This code was not originally written with firmware agents in mind, hence
      grabbing dcb_lock from softIRQ context was not considered.
      Signed-off-by: default avatarAnish Bhatt <anish@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52cff74e
    • Alexey Khoroshilov's avatar
      ieee802154: fix error handling in ieee802154fake_probe() · 8c2dd544
      Alexey Khoroshilov authored
      In case of any failure ieee802154fake_probe() just calls unregister_netdev().
      But it does not look safe to unregister netdevice before it was registered.
      
      The patch implements straightforward resource deallocation in case of
      failure in ieee802154fake_probe().
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c2dd544
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · f1227c5c
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS fixes for net
      
      The following patchset contains Netfilter updates for your net tree,
      they are:
      
      1) Fix missing initialization of the range structure (allocated in the
         stack) in nft_masq_{ipv4, ipv6}_eval, from Daniel Borkmann.
      
      2) Make sure the data we receive from userspace contains the req_version
         structure, otherwise return an error incomplete on truncated input.
         From Dan Carpenter.
      
      3) Fix handling og skb->sk which may cause incorrect handling
         of connections from a local process. Via Simon Horman, patch from
         Calvin Owens.
      
      4) Fix wrong netns in nft_compat when setting target and match params
         structure.
      
      5) Relax chain type validation in nft_compat that was recently included,
         this broke the matches that need to be run from the route chain type.
         Now iptables-test.py automated regression tests report success again
         and we avoid the only possible problematic case, which is the use of
         nat targets out of nat chain type.
      
      6) Use match->table to validate the tablename, instead of the match->name.
         Again patch for nft_compat.
      
      7) Restore the synchronous release of objects from the commit and abort
         path in nf_tables. This is causing two major problems: splats when using
         nft_compat, given that matches and targets may sleep and call_rcu is
         invoked from softirq context. Moreover Patrick reported possible event
         notification reordering when rules refer to anonymous sets.
      
      8) Fix race condition in between packets that are being confirmed by
         conntrack and the ctnetlink flush operation. This happens since the
         removal of the central spinlock. Thanks to Jesper D. Brouer to looking
         into this.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1227c5c
    • John Ogness's avatar
      drivers: net: cpsw: Fix TX_IN_SEL offset · 35717d8d
      John Ogness authored
      The TX_IN_SEL offset for the CPSW_PORT/TX_IN_CTL register was
      incorrect. This caused the Dual MAC mode to never get set when
      it should. It also caused possible unintentional setting of a
      bit in the CPSW_PORT/TX_BLKS_REM register.
      
      The purpose of setting the Dual MAC mode for this register is to:
      
          "... allow packets from both ethernet ports to be written into
           the FIFO without one port starving the other port."
      					- AM335x ARM TRM
      Signed-off-by: default avatarJohn Ogness <john.ogness@linutronix.de>
      Reviewed-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35717d8d
    • Hannes Frederic Sowa's avatar
      reciprocal_div: objects with exported symbols should be obj-y rather than lib-y · 9f458945
      Hannes Frederic Sowa authored
      Otherwise the exported symbols might be discarded because of no users
      in vmlinux.
      Reported-by: default avatarJim Davis <jim.epost@gmail.com>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f458945
    • Panu Matilainen's avatar
      ipv4: Fix incorrect error code when adding an unreachable route · 49dd18ba
      Panu Matilainen authored
      Trying to add an unreachable route incorrectly returns -ESRCH if
      if custom FIB rules are present:
      
      [root@localhost ~]# ip route add 74.125.31.199 dev eth0 via 1.2.3.4
      RTNETLINK answers: Network is unreachable
      [root@localhost ~]# ip rule add to 55.66.77.88 table 200
      [root@localhost ~]# ip route add 74.125.31.199 dev eth0 via 1.2.3.4
      RTNETLINK answers: No such process
      [root@localhost ~]#
      
      Commit 83886b6b ("[NET]: Change "not found"
      return value for rule lookup") changed fib_rules_lookup()
      to use -ESRCH as a "not found" code internally, but for user space it
      should be translated into -ENETUNREACH. Handle the translation centrally in
      ipv4-specific fib_lookup(), leaving the DECnet case alone.
      
      On a related note, commit b7a71b51
      ("ipv4: removed redundant conditional") removed a similar translation from
      ip_route_input_slow() prematurely AIUI.
      
      Fixes: b7a71b51 ("ipv4: removed redundant conditional")
      Signed-off-by: default avatarPanu Matilainen <pmatilai@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      49dd18ba
  3. 14 Nov, 2014 18 commits
    • Jarno Rajahalme's avatar
      openvswitch: Validate IPv6 flow key and mask values. · fecaef85
      Jarno Rajahalme authored
      Reject flow label key and mask values with invalid bits set.
      Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set'
      action").
      Signed-off-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
      Acked-by: default avatarJesse Gross <jesse@nicira.com>
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      fecaef85
    • Pravin B Shelar's avatar
      openvswitch: Convert dp rcu read operation to locked operations · 8ec609d8
      Pravin B Shelar authored
      dp read operations depends on ovs_dp_cmd_fill_info(). This API
      needs to looup vport to find dp name, but vport lookup can
      fail. Therefore to keep vport reference alive we need to
      take ovs lock.
      
      Introduced by commit 6093ae9a ("openvswitch: Minimize
      dp and vport critical sections").
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      Acked-by: default avatarAndy Zhou <azhou@nicira.com>
      8ec609d8
    • Daniele Di Proietto's avatar
      openvswitch: Fix NDP flow mask validation · 19e7a3df
      Daniele Di Proietto authored
      match_validate() enforce that a mask matching on NDP attributes has also an
      exact match on ICMPv6 type.
      The ICMPv6 type, which is 8-bit wide, is stored in the 'tp.src' field of
      'struct sw_flow_key', which is 16-bit wide.
      Therefore, an exact match on ICMPv6 type should only check the first 8 bits.
      
      This commit fixes a bug that prevented flows with an exact match on NDP field
      from being installed
      Introduced by commit 03f0d916 ("openvswitch: Mega flow implementation").
      Signed-off-by: default avatarDaniele Di Proietto <ddiproietto@vmware.com>
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      19e7a3df
    • Jesse Gross's avatar
      openvswitch: Fix checksum calculation when modifying ICMPv6 packets. · 856447d0
      Jesse Gross authored
      The checksum of ICMPv6 packets uses the IP pseudoheader as part of
      the calculation, unlike ICMP in IPv4. This was not implemented,
      which means that modifying the IP addresses of an ICMPv6 packet
      would cause the checksum to no longer be correct as the psuedoheader
      did not match.
      Introduced by commit 3fdbd1ce ("openvswitch: add ipv6 'set' action").
      Reported-by: default avatarNeal Shrader <icosahedral@gmail.com>
      Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      856447d0
    • Pravin B Shelar's avatar
      openvswitch: Fix memory leak. · ab64f16f
      Pravin B Shelar authored
      Need to free memory in case of sample action error.
      
      Introduced by commit 651887b0 ("openvswitch: Sample
      action without side effects").
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      ab64f16f
    • David S. Miller's avatar
      Merge branch 'vxlan_gso_check' · b7f4c0ba
      David S. Miller authored
      Joe Stringer says:
      
      ====================
      Implement ndo_gso_check() for vxlan nics
      
      Most NICs that report NETIF_F_GSO_UDP_TUNNEL support VXLAN, and not other
      UDP-based encapsulation protocols where the format and size of the header may
      differ. This patch series implements a generic ndo_gso_check() for detecting
      VXLAN, then reuses it for these NICs.
      
      Implementation shamelessly stolen from Tom Herbert (with minor fixups):
      http://thread.gmane.org/gmane.linux.network/332428/focus=333111
      
      v2: Drop i40e/fm10k patches (code diverged; handling separately).
          Refactor common code into vxlan_gso_check() helper.
          Minor style fixes.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b7f4c0ba
    • Joe Stringer's avatar
      qlcnic: Implement ndo_gso_check() · 795a05c1
      Joe Stringer authored
      Use vxlan_gso_check() to advertise offload support for this NIC.
      Signed-off-by: default avatarJoe Stringer <joestringer@nicira.com>
      Acked-by: default avatarShahed Shaikh <shahed.shaikh@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      795a05c1
    • Joe Stringer's avatar
      net/mlx4_en: Implement ndo_gso_check() · 956bdab2
      Joe Stringer authored
      Use vxlan_gso_check() to advertise offload support for this NIC.
      Signed-off-by: default avatarJoe Stringer <joestringer@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      956bdab2
    • Joe Stringer's avatar
      be2net: Implement ndo_gso_check() · 725d548f
      Joe Stringer authored
      Use vxlan_gso_check() to advertise offload support for this NIC.
      Signed-off-by: default avatarJoe Stringer <joestringer@nicira.com>
      Acked-by: default avatarSathya Perla <sperla@emulex.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      725d548f
    • Joe Stringer's avatar
      net: Add vxlan_gso_check() helper · 23e62de3
      Joe Stringer authored
      Most NICs that report NETIF_F_GSO_UDP_TUNNEL support VXLAN, and not
      other UDP-based encapsulation protocols where the format and size of the
      header differs. This patch implements a generic ndo_gso_check() for
      VXLAN which will only advertise GSO support when the skb looks like it
      contains VXLAN (or no UDP tunnelling at all).
      
      Implementation shamelessly stolen from Tom Herbert:
      http://thread.gmane.org/gmane.linux.network/332428/focus=333111Signed-off-by: default avatarJoe Stringer <joestringer@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      23e62de3
    • David S. Miller's avatar
      Merge tag 'master-2014-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 8a5809e0
      David S. Miller authored
      John W. Linville says:
      
      ====================
      pull request: wireless 2014-11-13
      
      Please pull this set of a few more wireless fixes intended for the
      3.18 stream...
      
      For the mac80211 bits, Johannes says:
      
      "This has just one fix, for an issue with the CCMP decryption
      that can cause a kernel crash. I'm not sure it's remotely
      exploitable, but it's an important fix nonetheless."
      
      For the iwlwifi bits, Emmanuel says:
      
      "Two fixes here - we weren't updating mac80211 if a scan
      was cut short by RFKILL which confused cfg80211. As a
      result, the latter wouldn't allow to run another scan.
      Liad fixes a small bug in the firmware dump."
      
      On top of that...
      
      Arend van Spriel corrects a channel width conversion that caused a
      WARNING in brcmfmac.
      
      Hauke Mehrtens avoids a NULL pointer dereference in b43.
      
      Larry Finger hits a trio of rtlwifi bugs left over from recent
      backporting from the Realtek vendor driver.
      
      Miaoqing Pan fixes a clocking problem in ath9k that could affect
      packet timestamps and such.
      
      Stanislaw Gruszka addresses an payload alignment issue that has been
      plaguing rt2x00.
      
      Please let me know if there are problems!
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a5809e0
    • Vincent BENAYOUN's avatar
      inetdevice: fixed signed integer overflow · 84bc8868
      Vincent BENAYOUN authored
      There could be a signed overflow in the following code.
      
      The expression, (32-logmask) is comprised between 0 and 31 included.
      It may be equal to 31.
      In such a case the left shift will produce a signed integer overflow.
      According to the C99 Standard, this is an undefined behavior.
      A simple fix is to replace the signed int 1 with the unsigned int 1U.
      Signed-off-by: default avatarVincent BENAYOUN <vincent.benayoun@trust-in-soft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84bc8868
    • bill bonaparte's avatar
      netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse · 5195c14c
      bill bonaparte authored
      After removal of the central spinlock nf_conntrack_lock, in
      commit 93bb0ceb ("netfilter: conntrack: remove central
      spinlock nf_conntrack_lock"), it is possible to race against
      get_next_corpse().
      
      The race is against the get_next_corpse() cleanup on
      the "unconfirmed" list (a per-cpu list with seperate locking),
      which set the DYING bit.
      
      Fix this race, in __nf_conntrack_confirm(), by removing the CT
      from unconfirmed list before checking the DYING bit.  In case
      race occured, re-add the CT to the dying list.
      
      While at this, fix coding style of the comment that has been
      updated.
      
      Fixes: 93bb0ceb ("netfilter: conntrack: remove central spinlock nf_conntrack_lock")
      Reported-by: default avatarbill bonaparte <programme110@gmail.com>
      Signed-off-by: default avatarbill bonaparte <programme110@gmail.com>
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      5195c14c
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · b23dc5a7
      Linus Torvalds authored
      Pull virtio bugfix from Michael S Tsirkin:
       "This fixes a crash in virtio console multi-channel mode that got
        introduced in -rc1"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_console: move early VQ enablement
      b23dc5a7
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 5cf52037
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) sunhme driver lacks DMA mapping error checks, based upon a report by
          Meelis Roos.
      
       2) Fix memory leak in mvpp2 driver, from Sudip Mukherjee.
      
       3) DMA memory allocation sizes are wrong in systemport ethernet driver,
          fix from Florian Fainelli.
      
       4) Fix use after free in mac80211 defragmentation code, from Johannes
          Berg.
      
       5) Some networking uapi headers missing from Kbuild file, from Stephen
          Hemminger.
      
       6) TUN driver gets csum_start offset wrong when VLAN accel is enabled,
          and macvtap has a similar bug, from Herbert Xu.
      
       7) Adjust several tunneling drivers to set dev->iflink after registry,
          because registry sets that to -1 overwriting whatever we did.  From
          Steffen Klassert.
      
       8) Geneve forgets to set inner tunneling type, causing GSO segmentation
          to fail on some NICs.  From Jesse Gross.
      
       9) Fix several locking bugs in stmmac driver, from Fabrice Gasnier and
          Giuseppe CAVALLARO.
      
      10) Fix spurious timeouts with NewReno on low traffic connections, from
          Marcelo Leitner.
      
      11) Fix descriptor updates in enic driver, from Govindarajulu
          Varadarajan.
      
      12) PPP calls bpf_prog_create() with locks held, which isn't kosher.
          Fix from Takashi Iwai.
      
      13) Fix NULL deref in SCTP with malformed INIT packets, from Daniel
          Borkmann.
      
      14) psock_fanout selftest accesses past the end of the mmap ring, fix
          from Shuah Khan.
      
      15) Fix PTP timestamping for VLAN packets, from Richard Cochran.
      
      16) netlink_unbind() calls in netlink pass wrong initial argument, from
          Hiroaki SHIMODA.
      
      17) vxlan socket reuse accidently reuses a socket when the address
          family is different, so we have to explicitly check this, from
          Marcelo Lietner.
      
      18) Fix missing include in nft_reject_bridge.c breaking the build on ppc
          and other architectures, from Guenter Roeck.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
        vxlan: Do not reuse sockets for a different address family
        smsc911x: power-up phydev before doing a software reset.
        lib: rhashtable - Remove weird non-ASCII characters from comments
        net/smsc911x: Fix delays in the PHY enable/disable routines
        net/smsc911x: Fix rare soft reset timeout issue due to PHY power-down mode
        netlink: Properly unbind in error conditions.
        net: ptp: fix time stamp matching logic for VLAN packets.
        cxgb4 : dcb open-lldp interop fixes
        selftests/net: psock_fanout seg faults in sock_fanout_read_ring()
        net: bcmgenet: apply MII configuration in bcmgenet_open()
        net: bcmgenet: connect and disconnect from the PHY state machine
        net: qualcomm: Fix dependency
        ixgbe: phy: fix uninitialized status in ixgbe_setup_phy_link_tnx
        net: phy: Correctly handle MII ioctl which changes autonegotiation.
        ipv6: fix IPV6_PKTINFO with v4 mapped
        net: sctp: fix memory leak in auth key management
        net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet
        net: ppp: Don't call bpf_prog_create() in ppp_lock
        net/mlx4_en: Advertize encapsulation offloads features only when VXLAN tunnel is set
        cxgb4 : Fix bug in DCB app deletion
        ...
      5cf52037
    • Linus Torvalds's avatar
      Merge branch 'akpm' (fixes from Andrew Morton) · 971ad4e4
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "15 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        MAINTAINERS: add IIO include files
        kernel/panic.c: update comments for print_tainted
        mem-hotplug: reset node present pages when hot-adding a new pgdat
        mem-hotplug: reset node managed pages when hot-adding a new pgdat
        mm/debug-pagealloc: correct freepage accounting and order resetting
        fanotify: fix notification of groups with inode & mount marks
        mm, compaction: prevent infinite loop in compact_zone
        mm: alloc_contig_range: demote pages busy message from warn to info
        mm/slab: fix unalignment problem on Malta with EVA due to slab merge
        mm/page_alloc: restrict max order of merging on isolated pageblock
        mm/page_alloc: move freepage counting logic to __free_one_page()
        mm/page_alloc: add freepage on isolate pageblock to correct buddy list
        mm/page_alloc: fix incorrect isolation behavior by rechecking migratetype
        mm/compaction: skip the range until proper target pageblock is met
        zram: avoid kunmap_atomic() of a NULL pointer
      971ad4e4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · b0ab3f19
      Linus Torvalds authored
      Pull Ceph fixes from Sage Weil:
       "There is an overflow bug fix for cephfs from Zheng, a fix for handling
        large authentication ticket buffers in libceph from Ilya, and a few
        fixes for the request handling code from Ilya that affect RBD volumes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        libceph: change from BUG to WARN for __remove_osd() asserts
        libceph: clear r_req_lru_item in __unregister_linger_request()
        libceph: unlink from o_linger_requests when clearing r_osd
        libceph: do not crash on large auth tickets
        ceph: fix flush tid comparision
      b0ab3f19
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 6b07974a
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - fix for an oops in HID core upon repeated subdriver insertion/removal
         under certain circumstances, by Benjamin Tissoires
      
       - quirk for another Elan Touchscreen device, by Adel Gadllah
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: core: cleanup .claimed field on disconnect
        HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103
      6b07974a