1. 29 Jan, 2014 11 commits
  2. 28 Jan, 2014 13 commits
    • David S. Miller's avatar
      Merge branch 'qlcnic' · 77c14e51
      David S. Miller authored
      Rajesh Borundia says:
      
      ====================
      qlcnic: bug fixes
      
      The patch series contains following bug fixes
      
      o Bound checks for number of receive descriptors and number of recieve rings.
        Both of these have off-by-one errors.
      o Vlan list was getting re-initialized in case of adapter reset.
      o Tx queue was timing out because of missing start queue for a corresponding
        netif_tx_disable.
      o Loopback test failed because driver was not setting linkup variable
        while handling link events.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      77c14e51
    • Shahed Shaikh's avatar
      qlcnic: Fix loopback test failure · 092dfcf3
      Shahed Shaikh authored
      Driver was returning from link event handler without
      setting linkup variable
      Signed-off-by: default avatarShahed Shaikh <shahed.shaikh@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      092dfcf3
    • Rajesh Borundia's avatar
      qlcnic: Fix tx timeout. · 060d0564
      Rajesh Borundia authored
      o __qlcnic_down call's netif_tx_disable which in turn stops
        all the TX queues, corresponding start queue was missing in
        __qlcnic_up which was leading to tx timeout.
      o The commit b84caae4
        (qlcnic: Fix usage of netif_tx_{wake, stop} api during link change.)
        exposed this issue.
      Signed-off-by: default avatarRajesh Borundia <rajesh.borundia@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      060d0564
    • Rajesh Borundia's avatar
      qlcnic: Fix initialization of vlan list. · bcf6cb1a
      Rajesh Borundia authored
      o Do not re-initialize vlan list in case of adapter reset.
      Signed-off-by: default avatarRajesh Borundia <rajesh.borundia@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bcf6cb1a
    • Manish Chopra's avatar
      qlcnic: Correct off-by-one errors in bounds checks · 462bed48
      Manish Chopra authored
      o Bound checks should be >= instead of > for number of receive descriptors
        and number of receive rings.
      Signed-off-by: default avatarManish Chopra <manish.chopra@qlogic.com>
      Signed-off-by: default avatarJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      462bed48
    • Martin Schwenke's avatar
      net: Document promote_secondaries · d922e1cb
      Martin Schwenke authored
      From 038a821667f62c496f2bbae27081b1b612122a97 Mon Sep 17 00:00:00 2001
      From: Martin Schwenke <martin@meltin.net>
      Date: Tue, 28 Jan 2014 15:16:49 +1100
      Subject: [PATCH] net: Document promote_secondaries
      
      This option was added a long time ago...
      
        commit 8f937c60
        Author: Harald Welte <laforge@gnumonks.org>
        Date:   Sun May 29 20:23:46 2005 -0700
      
          [IPV4]: Primary and secondary addresses
      Signed-off-by: default avatarMartin Schwenke <martin@meltin.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d922e1cb
    • Duan Jiong's avatar
      net: gre: use icmp_hdr() to get inner ip header · c0c0c50f
      Duan Jiong authored
      When dealing with icmp messages, the skb->data points the
      ip header that triggered the sending of the icmp message.
      
      In gre_cisco_err(), the parse_gre_header() is called, and the
      iptunnel_pull_header() is called to pull the skb at the end of
      the parse_gre_header(), so the skb->data doesn't point the
      inner ip header.
      
      Unfortunately, the ipgre_err still needs those ip addresses in
      inner ip header to look up tunnel by ip_tunnel_lookup().
      
      So just use icmp_hdr() to get inner ip header instead of skb->data.
      Signed-off-by: default avatarDuan Jiong <duanj.fnst@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0c0c50f
    • Dave Jones's avatar
      i40e: Add missing braces to i40e_dcb_need_reconfig() · 3d9667a9
      Dave Jones authored
      Indentation mismatch spotted with Coverity.
      Introduced in 4e3b35b0 ("i40e: add DCB and DCBNL support")
      Signed-off-by: default avatarDave Jones <davej@fedoraproject.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3d9667a9
    • Annie Li's avatar
      xen-netfront: fix resource leak in netfront · cefe0078
      Annie Li authored
      This patch removes grant transfer releasing code from netfront, and uses
      gnttab_end_foreign_access to end grant access since
      gnttab_end_foreign_access_ref may fail when the grant entry is
      currently used for reading or writing.
      
      * clean up grant transfer code kept from old netfront(2.6.18) which grants
      pages for access/map and transfer. But grant transfer is deprecated in current
      netfront, so remove corresponding release code for transfer.
      
      * fix resource leak, release grant access (through gnttab_end_foreign_access)
      and skb for tx/rx path, use get_page to ensure page is released when grant
      access is completed successfully.
      
      Xen-blkfront/xen-tpmfront/xen-pcifront also have similar issue, but patches
      for them will be created separately.
      
      V6: Correct subject line and commit message.
      
      V5: Remove unecessary change in xennet_end_access.
      
      V4: Revert put_page in gnttab_end_foreign_access, and keep netfront change in
      single patch.
      
      V3: Changes as suggestion from David Vrabel, ensure pages are not freed untill
      grant acess is ended.
      
      V2: Improve patch comments.
      Signed-off-by: default avatarAnnie Li <annie.li@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cefe0078
    • Stephen Rothwell's avatar
      ce60e0c4
    • Haiyang Zhang's avatar
      hyperv: Add support for physically discontinuous receive buffer · b679ef73
      Haiyang Zhang authored
      This will allow us to use bigger receive buffer, and prevent allocation failure
      due to fragmented memory.
      Signed-off-by: default avatarHaiyang Zhang <haiyangz@microsoft.com>
      Reviewed-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b679ef73
    • Stanislaw Gruszka's avatar
      sky2: initialize napi before registering device · 731073b9
      Stanislaw Gruszka authored
      There is race condition when call netif_napi_add() after
      register_netdevice(), as ->open() can be called without napi initialized
      and trigger BUG_ON() on napi_enable(), like on below messages:
      
      [    9.699863] sky2: driver version 1.30
      [    9.699960] sky2 0000:02:00.0: Yukon-2 EC Ultra chip revision 2
      [    9.700020] sky2 0000:02:00.0: irq 45 for MSI/MSI-X
      [    9.700498] ------------[ cut here ]------------
      [    9.703391] kernel BUG at include/linux/netdevice.h:501!
      [    9.703391] invalid opcode: 0000 [#1] PREEMPT SMP
      <snip>
      [    9.830018] Call Trace:
      [    9.830018]  [<fa996169>] sky2_open+0x309/0x360 [sky2]
      [    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
      [    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
      [    9.830018]  [<c135ed4b>] __dev_open+0x9b/0x120
      [    9.830018]  [<c1431cbe>] ? _raw_spin_unlock_bh+0x1e/0x20
      [    9.830018]  [<c135efd9>] __dev_change_flags+0x89/0x150
      [    9.830018]  [<c135f148>] dev_change_flags+0x18/0x50
      [    9.830018]  [<c13bb8e0>] devinet_ioctl+0x5d0/0x6e0
      [    9.830018]  [<c13bcced>] inet_ioctl+0x6d/0xa0
      
      To fix the problem patch changes the order of initialization.
      
      Bug report:
      https://bugzilla.kernel.org/show_bug.cgi?id=67151
      
      Reported-and-tested-by: ebrahim.azarisooreh@gmail.com
      Signed-off-by: default avatarStanislaw Gruszka <stf_xl@wp.pl>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      731073b9
    • Holger Eitzenberger's avatar
      net: Fix memory leak if TPROXY used with TCP early demux · a452ce34
      Holger Eitzenberger authored
      I see a memory leak when using a transparent HTTP proxy using TPROXY
      together with TCP early demux and Kernel v3.8.13.15 (Ubuntu stable):
      
      unreferenced object 0xffff88008cba4a40 (size 1696):
        comm "softirq", pid 0, jiffies 4294944115 (age 8907.520s)
        hex dump (first 32 bytes):
          0a e0 20 6a 40 04 1b 37 92 be 32 e2 e8 b4 00 00  .. j@..7..2.....
          02 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<ffffffff810b710a>] kmem_cache_alloc+0xad/0xb9
          [<ffffffff81270185>] sk_prot_alloc+0x29/0xc5
          [<ffffffff812702cf>] sk_clone_lock+0x14/0x283
          [<ffffffff812aaf3a>] inet_csk_clone_lock+0xf/0x7b
          [<ffffffff8129a893>] netlink_broadcast+0x14/0x16
          [<ffffffff812c1573>] tcp_create_openreq_child+0x1b/0x4c3
          [<ffffffff812c033e>] tcp_v4_syn_recv_sock+0x38/0x25d
          [<ffffffff812c13e4>] tcp_check_req+0x25c/0x3d0
          [<ffffffff812bf87a>] tcp_v4_do_rcv+0x287/0x40e
          [<ffffffff812a08a7>] ip_route_input_noref+0x843/0xa55
          [<ffffffff812bfeca>] tcp_v4_rcv+0x4c9/0x725
          [<ffffffff812a26f4>] ip_local_deliver_finish+0xe9/0x154
          [<ffffffff8127a927>] __netif_receive_skb+0x4b2/0x514
          [<ffffffff8127aa77>] process_backlog+0xee/0x1c5
          [<ffffffff8127c949>] net_rx_action+0xa7/0x200
          [<ffffffff81209d86>] add_interrupt_randomness+0x39/0x157
      
      But there are many more, resulting in the machine going OOM after some
      days.
      
      From looking at the TPROXY code, and with help from Florian, I see
      that the memory leak is introduced in tcp_v4_early_demux():
      
        void tcp_v4_early_demux(struct sk_buff *skb)
        {
          /* ... */
      
          iph = ip_hdr(skb);
          th = tcp_hdr(skb);
      
          if (th->doff < sizeof(struct tcphdr) / 4)
              return;
      
          sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
                             iph->saddr, th->source,
                             iph->daddr, ntohs(th->dest),
                             skb->skb_iif);
          if (sk) {
              skb->sk = sk;
      
      where the socket is assigned unconditionally to skb->sk, also bumping
      the refcnt on it.  This is problematic, because in our case the skb
      has already a socket assigned in the TPROXY target.  This then results
      in the leak I see.
      
      The very same issue seems to be with IPv6, but haven't tested.
      Reviewed-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarHolger Eitzenberger <holger@eitzenberger.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a452ce34
  3. 27 Jan, 2014 10 commits
  4. 26 Jan, 2014 6 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml · 77d143de
      Linus Torvalds authored
      Pull UML changes from Richard Weinberger:
       "This time only various cleanups and housekeeping patches"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
        um: hostfs: make functions static
        um: Include generic barrier.h
        um: Removed unused attributes from thread_struct
      77d143de
    • Linus Torvalds's avatar
      Merge tag 'mmc-updates-for-3.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc · ccc039d6
      Linus Torvalds authored
      Pull MMC updates from Chris Ball:
       "MMC highlights for 3.14:
      
        Core:
         - Avoid get_cd() on cards marked nonremovable
      
        Drivers:
         - arasan: New driver for controllers found in e.g. Xilinx Zynq SoC
         - dwmmc: Support Hisilicon K3 SoC controllers
         - esdhc-imx: Support for HS200 mode, DDR modes on MX6, runtime PM
         - sdhci-pci: Support O2Micro/BayHubTech controllers used in laptops
           like Lenovo ThinkPad W540, Dell Latitude E5440, Dell Latitude E6540
         - tegra: Support Tegra124 SoCs"
      
      * tag 'mmc-updates-for-3.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (55 commits)
        mmc: sdhci-pci: Fix possibility of chip->fixes being null
        mmc: sdhci-pci: Fix BYT sd card getting stuck in runtime suspend
        mmc: sdhci: Allow for long command timeouts
        mmc: sdio: add a quirk for broken SDIO_CCCR_INTx polling
        mmc: sdhci: fix lockdep error in tuning routine
        mmc: dw_mmc: k3: remove clk_table
        mmc: dw_mmc: fix dw_mci_get_cd
        mmc: dw_mmc: fix sparse non static symbol warning
        mmc: sdhci-esdhc-imx: fix warning during module remove function
        mmc: sdhci-esdhc-imx: fix access hardirq-unsafe lock in atomic context
        mmc: core: sd: implement proper support for sd3.0 au sizes
        mmc: atmel-mci: add vmmc-supply support
        mmc: sdhci-pci: add broken HS200 quirk for Intel Merrifield
        mmc: sdhci: add quirk for broken HS200 support
        mmc: arasan: Add driver for Arasan SDHCI
        mmc: dw_mmc: add dw_mmc-k3 for k3 platform
        mmc: dw_mmc: use slot-gpio to handle cd pin
        mmc: sdhci-pci: add support of O2Micro/BayHubTech SD hosts
        mmc: sdhci-pci: break out definitions to header file
        mmc: tmio: fixup compile error
        ...
      
      Conflicts:
      	MAINTAINERS
      ccc039d6
    • Linus Torvalds's avatar
      Merge tag 'for-3.14-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs · 1c294838
      Linus Torvalds authored
      Pull 9p changes from Eric Van Hensbergen:
       "Included are a new cache model for support of mmap, and several
        cleanups across the filesystem and networking portions of the code"
      
      * tag 'for-3.14-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
        9p: update documentation
        9P: introduction of a new cache=mmap model.
        net/9p: remove virtio default hack and set appropriate bits instead
        9p: remove useless 'name' variable and assignment
        9p: fix return value in case in v9fs_fid_xattr_set()
        9p: remove useless variable and assignment
        9p: remove useless assignment
        9p: remove unused 'super_block' struct pointer
        9p: remove never used return variable
        9p: remove unused 'p9_fid' struct pointer
        9p: remove unused 'p9_client' struct pointer
      1c294838
    • Tim Smith's avatar
      af_rxrpc: Handle frames delivered from another VM · 1ea42735
      Tim Smith authored
      On input, CHECKSUM_PARTIAL should be treated the same way as
      CHECKSUM_UNNECESSARY. See include/linux/skbuff.h
      Signed-off-by: default avatarTim Smith <tim@electronghost.co.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      1ea42735
    • Tim Smith's avatar
      af_rxrpc: Avoid setting up double-free on checksum error · 24a9981e
      Tim Smith authored
      skb_kill_datagram() does not dequeue the skb when MSG_PEEK is unset.
      This leaves a free'd skb on the queue, resulting a double-free later.
      
      Without this, the following oops can occur:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
      IP: [<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
      PGD 0
      Oops: 0002 [#1] SMP
      Modules linked in: af_rxrpc ...
      CPU: 0 PID: 1191 Comm: listen Not tainted 3.12.0+ #4
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      task: ffff8801183536b0 ti: ffff880035c92000 task.ti: ffff880035c92000
      RIP: 0010:[<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
      RSP: 0018:ffff880035c93db8  EFLAGS: 00010097
      RAX: 0000000000000246 RBX: ffff8800d2754b00 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff8800d254c084
      RBP: ffff880035c93dd0 R08: ffff880035c93cf0 R09: ffff8800d968f270
      R10: 0000000000000000 R11: 0000000000000293 R12: ffff8800d254c070
      R13: ffff8800d254c084 R14: ffff8800cd861240 R15: ffff880119b39720
      FS:  00007f37a969d740(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 0000000000000008 CR3: 00000000d4413000 CR4: 00000000000006f0
      Stack:
       ffff8800d254c000 ffff8800d254c070 ffff8800d254c2c0 ffff880035c93df8
       ffffffffa041a5b8 ffff8800cd844c80 ffffffffa04385a0 ffff8800cd844cb0
       ffff880035c93e18 ffffffff81546cef ffff8800d45fea00 0000000000000008
      Call Trace:
       [<ffffffffa041a5b8>] rxrpc_release+0x128/0x2e0 [af_rxrpc]
       [<ffffffff81546cef>] sock_release+0x1f/0x80
       [<ffffffff81546d62>] sock_close+0x12/0x20
       [<ffffffff811aaba1>] __fput+0xe1/0x230
       [<ffffffff811aad3e>] ____fput+0xe/0x10
       [<ffffffff810862cc>] task_work_run+0xbc/0xe0
       [<ffffffff8106a3be>] do_exit+0x2be/0xa10
       [<ffffffff8116dc47>] ? do_munmap+0x297/0x3b0
       [<ffffffff8106ab8f>] do_group_exit+0x3f/0xa0
       [<ffffffff8106ac04>] SyS_exit_group+0x14/0x20
       [<ffffffff8166b069>] system_call_fastpath+0x16/0x1b
      Signed-off-by: default avatarTim Smith <tim@electronghost.co.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      24a9981e
    • Alexey Khoroshilov's avatar
      RxRPC: do not unlock unheld spinlock in rxrpc_connect_exclusive() · 8f22ba61
      Alexey Khoroshilov authored
      If rx->conn is not NULL, rxrpc_connect_exclusive() does not
      acquire the transport's client lock, but it still releases it.
      
      The patch adds locking of the spinlock to this path.
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      8f22ba61