1. 05 Aug, 2014 8 commits
    • Eric Dumazet's avatar
      sctp: fix possible seqlock seadlock in sctp_packet_transmit() · 757efd32
      Eric Dumazet authored
      Dave reported following splat, caused by improper use of
      IP_INC_STATS_BH() in process context.
      
      BUG: using __this_cpu_add() in preemptible [00000000] code: trinity-c117/14551
      caller is __this_cpu_preempt_check+0x13/0x20
      CPU: 3 PID: 14551 Comm: trinity-c117 Not tainted 3.16.0+ #33
       ffffffff9ec898f0 0000000047ea7e23 ffff88022d32f7f0 ffffffff9e7ee207
       0000000000000003 ffff88022d32f818 ffffffff9e397eaa ffff88023ee70b40
       ffff88022d32f970 ffff8801c026d580 ffff88022d32f828 ffffffff9e397ee3
      Call Trace:
       [<ffffffff9e7ee207>] dump_stack+0x4e/0x7a
       [<ffffffff9e397eaa>] check_preemption_disabled+0xfa/0x100
       [<ffffffff9e397ee3>] __this_cpu_preempt_check+0x13/0x20
       [<ffffffffc0839872>] sctp_packet_transmit+0x692/0x710 [sctp]
       [<ffffffffc082a7f2>] sctp_outq_flush+0x2a2/0xc30 [sctp]
       [<ffffffff9e0d985c>] ? mark_held_locks+0x7c/0xb0
       [<ffffffff9e7f8c6d>] ? _raw_spin_unlock_irqrestore+0x5d/0x80
       [<ffffffffc082b99a>] sctp_outq_uncork+0x1a/0x20 [sctp]
       [<ffffffffc081e112>] sctp_cmd_interpreter.isra.23+0x1142/0x13f0 [sctp]
       [<ffffffffc081c86b>] sctp_do_sm+0xdb/0x330 [sctp]
       [<ffffffff9e0b8f1b>] ? preempt_count_sub+0xab/0x100
       [<ffffffffc083b350>] ? sctp_cname+0x70/0x70 [sctp]
       [<ffffffffc08389ca>] sctp_primitive_ASSOCIATE+0x3a/0x50 [sctp]
       [<ffffffffc083358f>] sctp_sendmsg+0x88f/0xe30 [sctp]
       [<ffffffff9e0d673a>] ? lock_release_holdtime.part.28+0x9a/0x160
       [<ffffffff9e0d62ce>] ? put_lock_stats.isra.27+0xe/0x30
       [<ffffffff9e73b624>] inet_sendmsg+0x104/0x220
       [<ffffffff9e73b525>] ? inet_sendmsg+0x5/0x220
       [<ffffffff9e68ac4e>] sock_sendmsg+0x9e/0xe0
       [<ffffffff9e1c0c09>] ? might_fault+0xb9/0xc0
       [<ffffffff9e1c0bae>] ? might_fault+0x5e/0xc0
       [<ffffffff9e68b234>] SYSC_sendto+0x124/0x1c0
       [<ffffffff9e0136b0>] ? syscall_trace_enter+0x250/0x330
       [<ffffffff9e68c3ce>] SyS_sendto+0xe/0x10
       [<ffffffff9e7f9be4>] tracesys+0xdd/0xe2
      
      This is a followup of commits f1d8cba6 ("inet: fix possible
      seqlock deadlocks") and 7f88c6b2 ("ipv6: fix possible seqlock
      deadlock in ip6_finish_output2")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      757efd32
    • Fabio Estevam's avatar
      Revert "net: phy: Set the driver when registering an MDIO bus device" · ce7991e8
      Fabio Estevam authored
      Commit a71e3c37 ("net: phy: Set the driver when registering an MDIO bus
      device") caused the following regression on the fec driver:
      
      root@imx6qsabresd:~# echo mem > /sys/power/state
      PM: Syncing filesystems ... done.
      Freezing user space processes ... (elapsed 0.003 seconds) done.
      Freezing remaining freezable tasks ... (elapsed 0.002 seconds) done.
      Unable to handle kernel NULL pointer dereference at virtual address 0000002c
      pgd = bcd14000
      [0000002c] *pgd=4d9e0831, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] SMP ARM
      Modules linked in:
      CPU: 0 PID: 617 Comm: sh Not tainted 3.16.0 #17
      task: bc0c4e00 ti: bceb6000 task.ti: bceb6000
      PC is at fec_suspend+0x10/0x70
      LR is at dpm_run_callback.isra.7+0x34/0x6c
      pc : [<803f8a98>]    lr : [<80361f44>]    psr: 600f0013
      sp : bceb7d70  ip : bceb7d88  fp : bceb7d84
      r10: 8091523c  r9 : 00000000  r8 : bd88f478
      r7 : 803f8a88  r6 : 81165988  r5 : 00000000  r4 : 00000000
      r3 : 00000000  r2 : 00000000  r1 : bd88f478  r0 : bd88f478
      Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      Control: 10c5387d  Table: 4cd1404a  DAC: 00000015
      Process sh (pid: 617, stack limit = 0xbceb6240)
      Stack: (0xbceb7d70 to 0xbceb8000)
      ....
      
      The problem with the original commit is explained by Russell King:
      
      "It has the effect (as can be seen from the oops) of attaching the MDIO bus
      device (itself is a bus-less device) to the platform driver, which means
      that if the platform driver supports power management, it will be called
      to power manage the MDIO bus device.
      
      Moreover, drivers do not expect to be called for power management
      operations for devices which they haven't probed, and certainly not for
      devices which aren't part of the same bus that the driver is registered
      against."
      
      This reverts commit a71e3c37.
      
      Cc: <stable@vger.kernel.org> #3.16
      Signed-off-by: default avatarFabio Estevam <fabio.estevam@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce7991e8
    • David S. Miller's avatar
      Merge branch 'qlcnic' · ff91a550
      David S. Miller authored
      Rajesh Borundia says:
      
      ====================
      qlcnic: Bug fixes
      
      The patch series contains following bug fixes.
      
      * Aggregating tx stats in adapter variable was resulting
        in increase of stats when user runs ifconfig command
        and no traffic is running. Instead aggregate tx stats
        in local variable and then assign it to adapter struct
        variable.
      * Set_driver_version was called after registering netdev
        which was resulting in a race between FLR in open
        handler and set_driver_version command as open handler
        can be called simulatneously on another cpu even if probe
        is not complete. So call this command before registering
        netdev.
      * dcbnl_ops should be initialized before registering netdev
        as they are referenced in open handler.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff91a550
    • Rajesh Borundia's avatar
      qlcnic: Initialize dcbnl_ops before register_netdev · cd1560e2
      Rajesh Borundia authored
      o Initialization of dcbnl_ops after register netdev may result in
        dcbnl_ops not getting set before it is being accessed from open.
        So, moving it before register_netdev.
      Signed-off-by: default avatarRajesh Borundia <rajesh.borundia@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cd1560e2
    • Rajesh Borundia's avatar
      qlcnic: Set driver version before registering netdev · bf63014f
      Rajesh Borundia authored
      o Earlier, set_drv_version was getting called after register_netdev.
        This was resulting in a race between set_drv_version and FLR called
        from open(). Moving set_drv_version before register_netdev avoids
        the race.
      
      o Log response code in error message on CDRP failure.
      Signed-off-by: default avatarRajesh Borundia <rajesh.borundia@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bf63014f
    • Rajesh Borundia's avatar
      qlcnic: Fix update of ethtool stats. · a0eaf75c
      Rajesh Borundia authored
      o Aggregating tx stats in adapter variable was resulting in
        an increase in stats even after no traffic was run and
        user runs ifconfig/ethtool command.
      o qlcnic_update_stats used to accumulate stats in adapter
        struct at each function call, instead accumulate tx stats
        in local variable and then assign it to adapter structure.
      Reported-by: default avatarHolger Kiehl <holger.kiehl@dwd.de>
      Signed-off-by: default avatarRajesh Borundia <rajesh.borundia@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0eaf75c
    • David S. Miller's avatar
      Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge · f2294eb5
      David S. Miller authored
      Antonio Quartulli says:
      
      ====================
      pull request net: batman-adv 2014-08-04
      
      this is a pull request intended for net.
      
      It just contains a patch by Sven Eckelmann that fixes the
      reception of out-of-order fragments. As explained in the
      commit message, the issue was due to a wrong assumption
      about hlist_for_each_entry() in batadv_frag_insert_packet().
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f2294eb5
    • Sven Eckelmann's avatar
      batman-adv: Fix out-of-order fragmentation support · d9124268
      Sven Eckelmann authored
      batadv_frag_insert_packet was unable to handle out-of-order packets because it
      dropped them directly. This is caused by the way the fragmentation lists is
      checked for the correct place to insert a fragmentation entry.
      
      The fragmentation code keeps the fragments in lists. The fragmentation entries
      are kept in descending order of sequence number. The list is traversed and each
      entry is compared with the new fragment. If the current entry has a smaller
      sequence number than the new fragment then the new one has to be inserted
      before the current entry. This ensures that the list is still in descending
      order.
      
      An out-of-order packet with a smaller sequence number than all entries in the
      list still has to be added to the end of the list. The used hlist has no
      information about the last entry in the list inside hlist_head and thus the
      last entry has to be calculated differently. Currently the code assumes that
      the iterator variable of hlist_for_each_entry can be used for this purpose
      after the hlist_for_each_entry finished. This is obviously wrong because the
      iterator variable is always NULL when the list was completely traversed.
      
      Instead the information about the last entry has to be stored in a different
      variable.
      
      This problem was introduced in 610bfc6b
      ("batman-adv: Receive fragmented packets and merge").
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarAntonio Quartulli <antonio@meshcoding.com>
      d9124268
  2. 03 Aug, 2014 1 commit
    • JF Le Fillatre's avatar
      r8152: add missing Makefile rule · 4f933f41
      JF Le Fillatre authored
      Add missing Makefile rule for r8152 driver
      
      In the current kernel the r8152 driver is *never* built because of a missing rule in drivers/net/Makefile, despite being selected as built-in or module in the .config file. There is no error message or warning to indicate that the driver isn't built. This change adds the rule and lets the driver build.
      
      Tested as built-in and module for 3.15.8.
      
      Signed-off by: JF Le Fillatre <jflf-kernel@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f933f41
  3. 02 Aug, 2014 4 commits
  4. 01 Aug, 2014 7 commits
    • Thomas Graf's avatar
      netfilter: nf_tables: Avoid duplicate call to nft_data_uninit() for same key · 0dc13625
      Thomas Graf authored
      nft_del_setelem() currently calls nft_data_uninit() twice on the same
      key. Once to release the key which is guaranteed to be NFT_DATA_VALUE
      and a second time in the error path to which it falls through.
      
      The second call has been harmless so far though because the type
      passed is always NFT_DATA_VALUE which is currently a no-op.
      Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0dc13625
    • Vlad Yasevich's avatar
      net: Correctly set segment mac_len in skb_segment(). · fcdfe3a7
      Vlad Yasevich authored
      When performing segmentation, the mac_len value is copied right
      out of the original skb.  However, this value is not always set correctly
      (like when the packet is VLAN-tagged) and we'll end up copying a bad
      value.
      
      One way to demonstrate this is to configure a VM which tags
      packets internally and turn off VLAN acceleration on the forwarding
      bridge port.  The packets show up corrupt like this:
      16:18:24.985548 52:54:00:ab:be:25 > 52:54:00:26:ce:a3, ethertype 802.1Q
      (0x8100), length 1518: vlan 100, p 0, ethertype 0x05e0,
              0x0000:  8cdb 1c7c 8cdb 0064 4006 b59d 0a00 6402 ...|...d@.....d.
              0x0010:  0a00 6401 9e0d b441 0a5e 64ec 0330 14fa ..d....A.^d..0..
              0x0020:  29e3 01c9 f871 0000 0101 080a 000a e833)....q.........3
              0x0030:  000f 8c75 6e65 7470 6572 6600 6e65 7470 ...unetperf.netp
              0x0040:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              0x0050:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              0x0060:  6572 6600 6e65 7470 6572 6600 6e65 7470 erf.netperf.netp
              ...
      
      This also leads to awful throughput as GSO packets are dropped and
      cause retransmissions.
      
      The solution is to set the mac_len using the values already available
      in then new skb.  We've already adjusted all of the header offset, so we
      might as well correctly figure out the mac_len using skb_reset_mac_len().
      After this change, packets are segmented correctly and performance
      is restored.
      
      CC: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fcdfe3a7
    • David S. Miller's avatar
      Merge branch 'xen-netfront' · 92b85671
      David S. Miller authored
      David Vrabel says:
      
      ====================
      xen-netfront: more multiqueue fixes
      
      A few more xen-netfront fixes for the multiqueue support added in
      3.16-rc1.  It would be great if these could make it into 3.16 but I
      suspect it's a little late for that now.
      
      The second patch fixes a significant resource leak that prevents
      guests from migrating more than a handful of times.
      
      These have been tested by repeatedly migrating a guest over 250 times
      (it would previously fail with this guest after only 8 iterations).
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      92b85671
    • David Vrabel's avatar
      xen-netfront: print correct number of queues · 69cb8524
      David Vrabel authored
      When less than the requested number of queues could be created, include
      the actual number in the warning (instead of the requested number).
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      69cb8524
    • David Vrabel's avatar
      xen-netfront: release per-queue Tx and Rx resource when disconnecting · a5b5dc3c
      David Vrabel authored
      Since netfront may reconnect to a backend with a different number of
      queues, all per-queue Rx and Tx resources (skbs and grant references)
      should be freed when disconnecting.
      
      Without this fix, the Tx and Rx grant refs are not released and
      netfront will exhaust them after only a few reconnections.  netfront
      will fail to connect when no free grant references are available.
      
      Since all Rx bufs are freed and reallocated instead of reused this
      will add some additional delay to the reconnection but this is
      expected to be small compared to the time taken by any backend hotplug
      scripts etc.
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a5b5dc3c
    • David Vrabel's avatar
      xen-netfront: fix locking in connect error path · db8c8ab6
      David Vrabel authored
      If no queues could be created when connecting to the backend, one of the
      error paths would deadlock.
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      db8c8ab6
    • Vlad Yasevich's avatar
      macvlan: Initialize vlan_features to turn on offload support. · 081e83a7
      Vlad Yasevich authored
      Macvlan devices do not initialize vlan_features.  As a result,
      any vlan devices configured on top of macvlans perform very poorly.
      Initialize vlan_features based on the vlan features of the lower-level
      device.
      Signed-off-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      081e83a7
  5. 31 Jul, 2014 5 commits
  6. 30 Jul, 2014 12 commits
    • Dmitry Popov's avatar
      ip_tunnel(ipv4): fix tunnels with "local any remote $remote_ip" · 95cb5745
      Dmitry Popov authored
      Ipv4 tunnels created with "local any remote $ip" didn't work properly since
      7d442fab (ipv4: Cache dst in tunnels). 99% of packets sent via those tunnels
      had src addr = 0.0.0.0. That was because only dst_entry was cached, although
      fl4.saddr has to be cached too. Every time ip_tunnel_xmit used cached dst_entry
      (tunnel_rtable_get returned non-NULL), fl4.saddr was initialized with
      tnl_params->saddr (= 0 in our case), and wasn't changed until iptunnel_xmit().
      
      This patch adds saddr to ip_tunnel->dst_cache, fixing this issue.
      Reported-by: default avatarSergey Popov <pinkbyte@gentoo.org>
      Signed-off-by: default avatarDmitry Popov <ixaphire@qrator.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      95cb5745
    • Ivan Vecera's avatar
      bna: fill the magic in bnad_get_eeprom() instead of validating · dabf24d1
      Ivan Vecera authored
      A driver should fill magic field of ethtool_eeprom struct in .get_eeprom
      and validate it in .set_eeprom. The bna incorrectly validates it in both
      and this makes its .get_eeprom interface unusable.
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dabf24d1
    • Linus Torvalds's avatar
      Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux · 26bcd8b7
      Linus Torvalds authored
      Pull Exynos platform DT fix from Grant Likely:
       "Device tree Exynos bug fix for v3.16-rc7
      
        This bug fix has been brewing for a while.  I hate sending it to you
        so late, but I only got confirmation that it solves the problem this
        past weekend.  The diff looks big for a bug fix, but the majority of
        it is only executed in the Exynos quirk case.  Unfortunately it
        required splitting early_init_dt_scan() in two and adding quirk
        handling in the middle of it on ARM.
      
        Exynos has buggy firmware that puts bad data into the memory node.
        Commit 1c2f87c2 ("ARM: Get rid of meminfo") exposed the bug by
        dropping the artificial upper bound on the number of memory banks that
        can be added.  Exynos fails to boot after that commit.  This branch
        fixes it by splitting the early DT parse function and inserting a
        fixup hook.  Exynos uses the hook to correct the DT before parsing
        memory regions"
      
      * tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
        arm: Add devicetree fixup machine function
        of: Add memory limiting function for flattened devicetrees
        of: Split early_init_dt_scan into two parts
      26bcd8b7
    • Linus Torvalds's avatar
      Merge tag 'stable/for-linus-3.16-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · acba648d
      Linus Torvalds authored
      Pull Xen fix from David Vrabel:
       "Fix BUG when trying to expand the grant table.  This seems to occur
        often during boot with Ubuntu 14.04 PV guests"
      
      * tag 'stable/for-linus-3.16-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        x86/xen: safely map and unmap grant frames when in atomic context
      acba648d
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d8772157
      Linus Torvalds authored
      Pull KVM fix from Paolo Bonzini:
       "Fix a bug which allows KVM guests to bring down the entire system on
        some 64K enabled ARM64 hosts"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: arm64: vgic: fix hyp panic with 64k pages on juno platform
      d8772157
    • Linus Torvalds's avatar
      Revert "cdc_subset: deal with a device that needs reset for timeout" · 1d8fcba1
      Linus Torvalds authored
      This reverts commit 20fbe3ae.
      
      As reported by Stephen Rothwell, it causes compile failures in certain
      configurations:
      
        drivers/net/usb/cdc_subset.c:360:15: error: 'dummy_prereset' undeclared here (not in a function)
          .pre_reset = dummy_prereset,
                       ^
        drivers/net/usb/cdc_subset.c:361:16: error: 'dummy_postreset' undeclared here (not in a function)
          .post_reset = dummy_postreset,
                        ^
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Acked-by: default avatarDavid Miller <davem@davemloft.net>
      Cc: Oliver Neukum <oneukum@suse.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1d8fcba1
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · b527caee
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Make fragmentation IDs less predictable, from Eric Dumazet.
      
       2) TSO tunneling can crash in bnx2x driver, fix from Dmitry Kravkov.
      
       3) Don't allow NULL msg->msg_name just because msg->msg_namelen is
          non-zero, from Andrey Ryabinin.
      
       4) ndm->ndm_type set using wrong macros, from Jun Zhao.
      
       5) cdc-ether devices can come up with entries in their address filter,
          so explicitly clear the filter after the device initializes.  From
          Oliver Neukum.
      
       6) Forgotten refcount bump in xfrm_lookup(), from Steffen Klassert.
      
       7) Short packets not padded properly, exposing random data, in bcmgenet
          driver.  Fix from Florian Fainelli.
      
       8) xgbe_probe() doesn't return an error code, but rather zero, when
          netif_set_real_num_tx_queues() fails.  Fix from Wei Yongjun.
      
       9) USB speed not probed properly in r8152 driver, from Hayes Wang.
      
      10) Transmit logic choosing the outgoing port in the sunvnet driver
          needs to consider a) is the port actually up and b) whether it is a
          switch port.  Fix from David L Stevens.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits)
        net: phy: re-apply PHY fixups during phy_register_device
        cdc-ether: clean packet filter upon probe
        cdc_subset: deal with a device that needs reset for timeout
        net: sendmsg: fix NULL pointer dereference
        isdn/bas_gigaset: fix a leak on failure path in gigaset_probe()
        ip: make IP identifiers less predictable
        neighbour : fix ndm_type type error issue
        sunvnet: only use connected ports when sending
        can: c_can_platform: Fix raminit, use devm_ioremap() instead of devm_ioremap_resource()
        bnx2x: fix crash during TSO tunneling
        r8152: fix the checking of the usb speed
        net: phy: Ensure the MDIO bus module is held
        net: phy: Set the driver when registering an MDIO bus device
        bnx2x: fix set_setting for some PHYs
        hyperv: Fix error return code in netvsc_init_buf()
        amd-xgbe: Fix error return code in xgbe_probe()
        ath9k: fix aggregation session lockup
        net: bcmgenet: correctly pad short packets
        net: sctp: inherit auth_capable on INIT collisions
        mac80211: fix crash on getting sta info with uninitialized rate control
        ...
      b527caee
    • David Vrabel's avatar
      x86/xen: safely map and unmap grant frames when in atomic context · b7dd0e35
      David Vrabel authored
      arch_gnttab_map_frames() and arch_gnttab_unmap_frames() are called in
      atomic context but were calling alloc_vm_area() which might sleep.
      
      Also, if a driver attempts to allocate a grant ref from an interrupt
      and the table needs expanding, then the CPU may already by in lazy MMU
      mode and apply_to_page_range() will BUG when it tries to re-enable
      lazy MMU mode.
      
      These two functions are only used in PV guests.
      
      Introduce arch_gnttab_init() to allocates the virtual address space in
      advance.
      
      Avoid the use of apply_to_page_range() by using saving and using the
      array of PTE addresses from the alloc_vm_area() call (which ensures
      that the required page tables are pre-allocated).
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      b7dd0e35
    • Will Deacon's avatar
      kvm: arm64: vgic: fix hyp panic with 64k pages on juno platform · 63afbe7a
      Will Deacon authored
      If the physical address of GICV isn't page-aligned, then we end up
      creating a stage-2 mapping of the page containing it, which causes us to
      map neighbouring memory locations directly into the guest.
      
      As an example, consider a platform with GICV at physical 0x2c02f000
      running a 64k-page host kernel. If qemu maps this into the guest at
      0x80010000, then guest physical addresses 0x80010000 - 0x8001efff will
      map host physical region 0x2c020000 - 0x2c02efff. Accesses to these
      physical regions may cause UNPREDICTABLE behaviour, for example, on the
      Juno platform this will cause an SError exception to EL3, which brings
      down the entire physical CPU resulting in RCU stalls / HYP panics / host
      crashing / wasted weeks of debugging.
      
      SBSA recommends that systems alias the 4k GICV across the bounding 64k
      region, in which case GICV physical could be described as 0x2c020000 in
      the above scenario.
      
      This patch fixes the problem by failing the vgic probe if the physical
      base address or the size of GICV aren't page-aligned. Note that this
      generated a warning in dmesg about freeing enabled IRQs, so I had to
      move the IRQ enabling later in the probe.
      
      Cc: Christoffer Dall <christoffer.dall@linaro.org>
      Cc: Marc Zyngier <marc.zyngier@arm.com>
      Cc: Gleb Natapov <gleb@kernel.org>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Joel Schopp <joel.schopp@amd.com>
      Cc: Don Dutile <ddutile@redhat.com>
      Acked-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      Acked-by: default avatarJoel Schopp <joel.schopp@amd.com>
      Acked-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      63afbe7a
    • Laura Abbott's avatar
      arm: Add devicetree fixup machine function · 5a12a597
      Laura Abbott authored
      Commit 1c2f87c2
      (ARM: 8025/1: Get rid of meminfo) dropped the upper bound on
      the number of memory banks that can be added as there was no
      technical need in the kernel. It turns out though, some bootloaders
      (specifically the arndale-octa exynos boards) may pass invalid memory
      information and rely on the kernel to not parse this data. This is a
      bug in the bootloader but we still need to work around this.
      Work around this by introducing a dt_fixup function. This function
      gets called before the flattened devicetree is scanned for memory
      and the like. In this fixup function for exynos, limit the maximum
      number of memory regions in the devicetree.
      Signed-off-by: default avatarLaura Abbott <lauraa@codeaurora.org>
      Tested-by: default avatarAndreas Färber <afaerber@suse.de>
      [glikely: Added a comment and fixed up function name]
      Signed-off-by: default avatarGrant Likely <grant.likely@linaro.org>
      5a12a597
    • Laura Abbott's avatar
      of: Add memory limiting function for flattened devicetrees · 704033ce
      Laura Abbott authored
      Buggy bootloaders may pass bogus memory entries in the devicetree.
      Add of_fdt_limit_memory to add an upper bound on the number of
      entries that can be present in the devicetree.
      Signed-off-by: default avatarLaura Abbott <lauraa@codeaurora.org>
      Tested-by: default avatarAndreas Färber <afaerber@suse.de>
      Signed-off-by: default avatarGrant Likely <grant.likely@linaro.org>
      704033ce
    • Laura Abbott's avatar
      of: Split early_init_dt_scan into two parts · 4972a74b
      Laura Abbott authored
      Currently, early_init_dt_scan validates the header, sets the
      boot params, and scans for chosen/memory all in one function.
      Split this up into two separate functions (validation/setting
      boot params in one, scanning in another) to allow for
      additional setup between boot params and scanning the memory.
      Signed-off-by: default avatarLaura Abbott <lauraa@codeaurora.org>
      Tested-by: default avatarAndreas Färber <afaerber@suse.de>
      [glikely: s/early_init_dt_scan_all/early_init_dt_scan_nodes/]
      Signed-off-by: default avatarGrant Likely <grant.likely@linaro.org>
      4972a74b
  7. 29 Jul, 2014 3 commits