1. 06 Jul, 2016 6 commits
  2. 30 Jun, 2016 8 commits
    • Michal Kazior's avatar
      mac80211: fix fq lockdep warnings · 59a7c828
      Michal Kazior authored
      Some lockdep assertions were not fulfilled and
      resulted in a kernel warning/call trace if driver
      used intermediate software queues (e.g. ath10k).
      
      Existing code sequences should've guaranteed safety
      but it's always good to be extra careful.
      
      The call trace could look like this:
      
       [ 237.335805] ------------[ cut here ]------------
       [ 237.335852] WARNING: CPU: 3 PID: 1921 at include/net/fq_impl.h:22 fq_flow_dequeue+0xed/0x140 [mac80211]
       [ 237.335855] Modules linked in: ath10k_pci(E-) ath10k_core(E) ath(E) mac80211(E) cfg80211(E)
       [ 237.335913] CPU: 3 PID: 1921 Comm: rmmod Tainted: G        W   E   4.7.0-rc4-wt-ath+ #1377
       [ 237.335916] Hardware name: Hewlett-Packard HP ProBook 6540b/1722, BIOS 68CDD Ver. F.04 01/27/2010
       [ 237.335918]  00200286 00200286 eff85dac c14151e2 f901574e 00000000 eff85de0 c1081075
       [ 237.335928]  c1ab91f0 00000003 00000781 f901574e 00000016 f8fbabad f8fbabad 00000016
       [ 237.335938]  eb24ff60 00000000 ef3886c0 eff85df4 c10810ba 00000009 00000000 00000000
       [ 237.335948] Call Trace:
       [ 237.335953]  [<c14151e2>] dump_stack+0x76/0xb4
       [ 237.335957]  [<c1081075>] __warn+0xe5/0x100
       [ 237.336002]  [<f8fbabad>] ? fq_flow_dequeue+0xed/0x140 [mac80211]
       [ 237.336046]  [<f8fbabad>] ? fq_flow_dequeue+0xed/0x140 [mac80211]
       [ 237.336053]  [<c10810ba>] warn_slowpath_null+0x2a/0x30
       [ 237.336095]  [<f8fbabad>] fq_flow_dequeue+0xed/0x140 [mac80211]
       [ 237.336137]  [<f8fbc67a>] fq_flow_reset.constprop.56+0x2a/0x90 [mac80211]
       [ 237.336180]  [<f8fbc79a>] fq_reset.constprop.59+0x2a/0x50 [mac80211]
       [ 237.336222]  [<f8fc04e8>] ieee80211_txq_teardown_flows+0x38/0x40 [mac80211]
       [ 237.336258]  [<f8f7c1a4>] ieee80211_unregister_hw+0xe4/0x120 [mac80211]
       [ 237.336275]  [<f933f536>] ath10k_mac_unregister+0x16/0x50 [ath10k_core]
       [ 237.336292]  [<f934592d>] ath10k_core_unregister+0x3d/0x90 [ath10k_core]
       [ 237.336301]  [<f85f8836>] ath10k_pci_remove+0x36/0xa0 [ath10k_pci]
       [ 237.336307]  [<c1470388>] pci_device_remove+0x38/0xb0
       ...
      
      Fixes: 5caa328e ("mac80211: implement codel on fair queuing flows")
      Fixes: fa962b92 ("mac80211: implement fair queueing per txq")
      Tested-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      Reported-by: default avatarKalle Valo <kvalo@qca.qualcomm.com>
      Signed-off-by: default avatarMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      59a7c828
    • Bob Copeland's avatar
      mac80211: use common cleanup for user/!user_mpm · efc401f4
      Bob Copeland authored
      We've accumulated a couple of different fixes now to mesh_sta_cleanup()
      due to the different paths that user_mpm and !user_mpm cases take -- one
      fix to flush nexthop paths and one to fix the counting.
      
      The only caller of mesh_plink_deactivate() is mesh_sta_cleanup(), so we
      can push the user_mpm checks down into there in order to share more
      code.
      
      In doing so, we can remove an extra call to mesh_path_flush_by_nexthop()
      and the (unnecessary) call to mesh_accept_plinks_update().  This will
      also ensure the powersaving state code gets called in the user_mpm case.
      
      The only cleanup tasks we need to avoid when MPM is in user-space
      are sending the peering frames and stopping the plink timer, so wrap
      those in the appropriate check.
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      efc401f4
    • Masashi Honma's avatar
      mac80211: Encrypt "Group addressed privacy" action frames · 46f6b060
      Masashi Honma authored
      Previously, the action frames to group address was not encrypted. But
      [1] "Table 8-38 Category values" indicates "Mesh" and "Multihop" category
      action frames should be encrypted (Group addressed privacy == yes). And the
      encyption key should be MGTK ([1] 10.13 Group addressed robust management frame
      procedures). So this patch modifies the code to make it suitable for spec.
      
      [1] IEEE Std 802.11-2012
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      46f6b060
    • Dan Carpenter's avatar
      mac80211: silence an uninitialized variable warning · 49708e37
      Dan Carpenter authored
      We normally return an uninitialized value, but no one checks it so it
      doesn't matter.  Anyway, let's silence the static checker warning.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      49708e37
    • Masashi Honma's avatar
      wireless: Use macro instead of number · e98e915e
      Masashi Honma authored
      Use IEEE80211_MIN_ACTION_SIZE macro for robust management frame check.
      Signed-off-by: default avatarMasashi Honma <masashi.honma@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      e98e915e
    • Arnd Bergmann's avatar
      nl80211: improve nl80211_parse_mesh_config type checking · f151d9db
      Arnd Bergmann authored
      When building a kernel with W=1, the nl80211.c file causes a number of
      warnings, all about the same problem:
      
      net/wireless/nl80211.c: In function 'nl80211_parse_mesh_config':
      net/wireless/nl80211.c:5287:103: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      net/wireless/nl80211.c:5290:96: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      net/wireless/nl80211.c:5293:124: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      net/wireless/nl80211.c:5295:148: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      net/wireless/nl80211.c:5298:106: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      net/wireless/nl80211.c:5305:116: error: comparison is always false due to limited range of data type [-Werror=type-limits]
      
      The problem is that gcc does not notice that the check is generate
      by a macro, so it complains about comparing an unsigned type against 0.
      
      I've tried to come up with a way to rephrase that code in a way that
      avoids the warnings and otherwise improves the code as well.
      
      This uses a set of new helper functions that perform the range checking,
      and should provide slightly better type safety than the older patch,
      at the expense of adding 44 lines to the code. Binary code size is
      basically unchanged though (20 bytes added to 126561 bytes .text).
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      f151d9db
    • Martin Willi's avatar
      mac80211_hwsim: Allow wmediumd to attach to radios created in its netns · f21e4d8e
      Martin Willi authored
      Registering wmediumd is currently limited to the initial network
      namespace. This patch enables wmediumd to attach from non-initial
      network namespaces using a user namespace having CAP_NET_ADMIN. A
      registered wmediumd can forward frames on radios that have been created
      in the same network namespace, even if they have been moved to other
      network namespaces.
      
      The wmediumd Netlink portid is tracked per net namespace. Additionally,
      the portid is stored on all radios created in that net namespace to
      simplify the portid lookup in the data path.
      Signed-off-by: default avatarMartin Willi <martin@strongswan.org>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f21e4d8e
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · ee58b571
      David S. Miller authored
      Several cases of overlapping changes, except the packet scheduler
      conflicts which deal with the addition of the free list parameter
      to qdisc_enqueue().
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ee58b571
  3. 29 Jun, 2016 26 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · e7bdea77
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Stable bugfixes:
         - Fix _cancel_empty_pagelist
         - Fix a double page unlock
         - Make nfs_atomic_open() call d_drop() on all ->open_context() errors.
         - Fix another OPEN_DOWNGRADE bug
      
        Other bugfixes:
         - Ensure we handle delegation errors in nfs4_proc_layoutget()
         - Layout stateids start out as being invalid
         - Add sparse lock annotations for pnfs_find_alloc_layout
         - Handle bad delegation stateids in nfs4_layoutget_handle_exception
         - Fix up O_DIRECT results
         - Fix potential use after free of state in nfs4_do_reclaim.
         - Mark the layout stateid invalid when all segments are removed
         - Don't let readdirplus revalidate an inode that was marked as stale
         - Fix potential race in nfs_fhget()
         - Fix an unused variable warning"
      
      * tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: Fix another OPEN_DOWNGRADE bug
        make nfs_atomic_open() call d_drop() on all ->open_context() errors.
        NFS: Fix an unused variable warning
        NFS: Fix potential race in nfs_fhget()
        NFS: Don't let readdirplus revalidate an inode that was marked as stale
        NFSv4.1/pnfs: Mark the layout stateid invalid when all segments are removed
        NFS: Fix a double page unlock
        pnfs_nfs: fix _cancel_empty_pagelist
        nfs4: Fix potential use after free of state in nfs4_do_reclaim.
        NFS: Fix up O_DIRECT results
        NFS/pnfs: handle bad delegation stateids in nfs4_layoutget_handle_exception
        NFSv4.1/pnfs: Add sparse lock annotations for pnfs_find_alloc_layout
        NFSv4.1/pnfs: Layout stateids start out as being invalid
        NFSv4.1/pnfs: Ensure we handle delegation errors in nfs4_proc_layoutget()
      e7bdea77
    • Linus Torvalds's avatar
      Merge branch 'stable-4.7' of git://git.infradead.org/users/pcmoore/audit · 89a82a92
      Linus Torvalds authored
      Pull audit fixes from Paul Moore:
       "Two small patches to fix audit problems in 4.7-rcX: the first fixes a
        potential kref leak, the second removes some header file noise.
      
        The first is an important bug fix that really should go in before 4.7
        is released, the second is not critical, but falls into the very-nice-
        to-have category so I'm including in the pull request.
      
        Both patches are straightforward, self-contained, and pass our
        testsuite without problem"
      
      * 'stable-4.7' of git://git.infradead.org/users/pcmoore/audit:
        audit: move audit_get_tty to reduce scope and kabi changes
        audit: move calcs after alloc and check when logging set loginuid
      89a82a92
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 32826ac4
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "I've been traveling so this accumulates more than week or so of bug
        fixing.  It perhaps looks a little worse than it really is.
      
         1) Fix deadlock in ath10k driver, from Ben Greear.
      
         2) Increase scan timeout in iwlwifi, from Luca Coelho.
      
         3) Unbreak STP by properly reinjecting STP packets back into the
            stack.  Regression fix from Ido Schimmel.
      
         4) Mediatek driver fixes (missing malloc failure checks, leaking of
            scratch memory, wrong indexing when mapping TX buffers, etc.) from
            John Crispin.
      
         5) Fix endianness bug in icmpv6_err() handler, from Hannes Frederic
            Sowa.
      
         6) Fix hashing of flows in UDP in the ruseport case, from Xuemin Su.
      
         7) Fix netlink notifications in ovs for tunnels, delete link messages
            are never emitted because of how the device registry state is
            handled.  From Nicolas Dichtel.
      
         8) Conntrack module leaks kmemcache on unload, from Florian Westphal.
      
         9) Prevent endless jump loops in nft rules, from Liping Zhang and
            Pablo Neira Ayuso.
      
        10) Not early enough spinlock initialization in mlx4, from Eric
            Dumazet.
      
        11) Bind refcount leak in act_ipt, from Cong WANG.
      
        12) Missing RCU locking in HTB scheduler, from Florian Westphal.
      
        13) Several small MACSEC bug fixes from Sabrina Dubroca (missing RCU
            barrier, using heap for SG and IV, and erroneous use of async flag
            when allocating AEAD conext.)
      
        14) RCU handling fix in TIPC, from Ying Xue.
      
        15) Pass correct protocol down into ipv4_{update_pmtu,redirect}() in
            SIT driver, from Simon Horman.
      
        16) Socket timer deadlock fix in TIPC from Jon Paul Maloy.
      
        17) Fix potential deadlock in team enslave, from Ido Schimmel.
      
        18) Memory leak in KCM procfs handling, from Jiri Slaby.
      
        19) ESN generation fix in ipv4 ESP, from Herbert Xu.
      
        20) Fix GFP_KERNEL allocations with locks held in act_ife, from Cong
            WANG.
      
        21) Use after free in netem, from Eric Dumazet.
      
        22) Uninitialized last assert time in multicast router code, from Tom
            Goff.
      
        23) Skip raw sockets in sock_diag destruction broadcast, from Willem
            de Bruijn.
      
        24) Fix link status reporting in thunderx, from Sunil Goutham.
      
        25) Limit resegmentation of retransmit queue so that we do not
            retransmit too large GSO frames.  From Eric Dumazet.
      
        26) Delay bpf program release after grace period, from Daniel
            Borkmann"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (141 commits)
        openvswitch: fix conntrack netlink event delivery
        qed: Protect the doorbell BAR with the write barriers.
        neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit()
        e1000e: keep VLAN interfaces functional after rxvlan off
        cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header
        qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
        bpf, perf: delay release of BPF prog after grace period
        net: bridge: fix vlan stats continue counter
        tcp: do not send too big packets at retransmit time
        ibmvnic: fix to use list_for_each_safe() when delete items
        net: thunderx: Fix TL4 configuration for secondary Qsets
        net: thunderx: Fix link status reporting
        net/mlx5e: Reorganize ethtool statistics
        net/mlx5e: Fix number of PFC counters reported to ethtool
        net/mlx5e: Prevent adding the same vxlan port
        net/mlx5e: Check for BlueFlame capability before allocating SQ uar
        net/mlx5e: Change enum to better reflect usage
        net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices
        net/mlx5: Update command strings
        net: marvell: Add separate config ANEG function for Marvell 88E1111
        ...
      32826ac4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 653c574a
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Another two bug fixes for 4.7:
      
         - The revert of patch which removed boot information for systems
           using an intermediate boot kernel, e.g. the SLES12 grub setup.
      
         - A fix for an incorrect inline assembly constraint that causes
           broken code to be generated with gcc 4.8.5"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: fix test_fp_ctl inline assembly contraints
        Revert "s390/kdump: Clear subchannel ID to signal non-CCW/SCSI IPL"
      653c574a
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v4.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 00bf377d
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Here are a bunch of fixes for pin control.  Just drivers and a
        MAINTAINERS fixup:
      
         - Driver fixes for i.MX, single register, Tegra and BayTrail.
      
         - MAINTAINERS entry for the documentation"
      
      * tag 'pinctrl-v4.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: baytrail: Fix mingled clock pins
        MAINTAINERS: belong Documentation/pinctrl.txt properly
        pinctrl: tegra: Fix build dependency
        gpio: tegra: Make lockdep class file-scoped
        pinctrl: single: Fix missing flush of posted write for a wakeirq
        pinctrl: imx: Do not treat a PIN without MUX register as an error
      00bf377d
    • Linus Torvalds's avatar
      Merge branch 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 52827f38
      Linus Torvalds authored
      Pull cgroup fixes from Tejun Heo:
       "Three fix patches.  Two are for cgroup / css init failure path.  The
        last one makes css_set_lock irq-safe as the deadline scheduler ends up
        calling put_css_set() from irq context"
      
      * 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: Disable IRQs while holding css_set_lock
        cgroup: set css->id to -1 during init
        cgroup: remove redundant cleanup in css_create
      52827f38
    • David S. Miller's avatar
      Merge tag 'mac80211-for-davem-2016-06-29-v2' of... · 751ad819
      David S. Miller authored
      Merge tag 'mac80211-for-davem-2016-06-29-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      Just two small fixes
       * fix mesh peer link counter, decrement wasn't always done at all
       * fix ethertype (length) for packets without RFC 1042 or bridge
         tunnel header
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      751ad819
    • David S. Miller's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · 6f30e8b0
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      40GbE Intel Wired LAN Driver Updates 2016-06-27
      
      This series contains updates to i40e and i40evf only.
      
      Mitch provides several changes, first adds functions to enable and disable
      VSI on a VEB, which allows for configuration of limited promiscuous mode
      specifically for bridging purposes.  Sets the RSS Hash Enable registers by
      default now that VF RSS is configured by the PF driver.  Fixed a issue
      where we could overflow the buffer, by checking the address count and bail
      out of the loop at the appropriate time.  Removed the need for a reset
      when the device enters limited promiscuous mode, since this was causing
      heartburn for people who were using VFs and bridging.
      
      Catherine adds a call to set the client interface down when we put the VSI
      down.  Fixed an issue where RSS queues was being limited to the number
      of CPUs, so if a user wants to use more queues than CPUs, we want to
      trust they know what they are doing and let them.
      
      Greg cleans up the driver suspend routine to ensure we are calling
      synchronize_irq() before freeing IRQ vectors and explicitly free the other
      causes interrupt resources and shut down the MSIX interrupt.
      
      Serey fixes i40e_set_settings() to not fail when a Direct Attach (DA)
      cable is used.
      
      Avinash fixes a supported link bug by removing code which was not allowing
      100BaseT to show up in the supported link modes for 10GBaseT PHYs.
      
      Shannon adds a bit of information to the error messages to help determine
      the source of error by adding VSI info to macaddr messages.
      
      Tushar Dave fixes error received when turning off TSO on some systems,
      which was caused by enabling FD_SB without checking availability of
      MSIx vectors, so add the check.
      
      Neerav fixes a possible panic when LLDP/DCBX change happens and the
      driver tried to notify the client(s) for each of the PF VSIs, which would
      panic when it reached a VSI that did not have any netdev associated with
      it.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f30e8b0
    • Philippe Reynes's avatar
      net: ethernet: lpc_eth: use phy_ethtool_{get|set}_link_ksettings · cb90d3e1
      Philippe Reynes authored
      There are two generics functions phy_ethtool_{get|set}_link_ksettings,
      so we can use them instead of defining the same code in the driver.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cb90d3e1
    • Philippe Reynes's avatar
      net: ethernet: lpc_eth: use phydev from struct net_device · f786f356
      Philippe Reynes authored
      The private structure contain a pointer to phydev, but the structure
      net_device already contain such pointer. So we can remove the pointer
      phydev in the private structure, and update the driver to use the
      one contained in struct net_device.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f786f356
    • Samuel Gauthier's avatar
      openvswitch: fix conntrack netlink event delivery · d913d3a7
      Samuel Gauthier authored
      Only the first and last netlink message for a particular conntrack are
      actually sent. The first message is sent through nf_conntrack_confirm when
      the conntrack is committed. The last one is sent when the conntrack is
      destroyed on timeout. The other conntrack state change messages are not
      advertised.
      
      When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
      is called for each packet, from the postrouting hook, which in turn calls
      nf_ct_deliver_cached_events to send the state change netlink messages.
      
      This commit fixes the problem by calling nf_ct_deliver_cached_events in the
      non-commit case as well.
      
      Fixes: 7f8a436e ("openvswitch: Add conntrack action")
      CC: Joe Stringer <joestringer@nicira.com>
      CC: Justin Pettit <jpettit@nicira.com>
      CC: Andy Zhou <azhou@nicira.com>
      CC: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: default avatarSamuel Gauthier <samuel.gauthier@6wind.com>
      Acked-by: default avatarJoe Stringer <joe@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d913d3a7
    • Sudarsana Reddy Kalluru's avatar
      qed: Protect the doorbell BAR with the write barriers. · 34c7bb47
      Sudarsana Reddy Kalluru authored
      SPQ doorbell is currently protected with the compilation barrier. Under the
      stress scenarios, we may get into a state where (due to the weak ordering)
      several ramrod doorbells were written to the BAR with an out-of-order
      producer values. Need to change the barrier type to a write barrier to make
      sure that the write buffer is flushed after each doorbell.
      Signed-off-by: default avatarSudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      34c7bb47
    • Eric Dumazet's avatar
      net_sched: netem: do not call qdisc_drop() with a NULL skb · 8a6e9c67
      Eric Dumazet authored
      If skb_unshare() fails, we call qdisc_drop() with a NULL skb, which
      is no longer supported.
      
      Fixes: 520ac30f ("net_sched: drop packets after root qdisc lock is released")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a6e9c67
    • David Barroso's avatar
      neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() · b560f03d
      David Barroso authored
      neigh_xmit() expects to be called inside an RCU-bh read side critical
      section, and while one of its two current callers gets this right, the
      other one doesn't.
      
      More specifically, neigh_xmit() has two callers, mpls_forward() and
      mpls_output(), and while both callers call neigh_xmit() under
      rcu_read_lock(), this provides sufficient protection for neigh_xmit()
      only in the case of mpls_forward(), as that is always called from
      softirq context and therefore doesn't need explicit BH protection,
      while mpls_output() can be called from process context with softirqs
      enabled.
      
      When mpls_output() is called from process context, with softirqs
      enabled, we can be preempted by a softirq at any time, and RCU-bh
      considers the completion of a softirq as signaling the end of any
      pending read-side critical sections, so if we do get a softirq
      while we are in the part of neigh_xmit() that expects to be run inside
      an RCU-bh read side critical section, we can end up with an unexpected
      RCU grace period running right in the middle of that critical section,
      making things go boom.
      
      This patch fixes this impedance mismatch in the callee, by making
      neigh_xmit() always take rcu_read_{,un}lock_bh() around the code that
      expects to be treated as an RCU-bh read side critical section, as this
      seems a safer option than fixing it in the callers.
      
      Fixes: 4fd3d7d9 ("neigh: Add helper function neigh_xmit")
      Signed-off-by: default avatarDavid Barroso <dbarroso@fastly.com>
      Signed-off-by: default avatarLennert Buytenhek <lbuytenhek@fastly.com>
      Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Acked-by: default avatarRobert Shearman <rshearma@brocade.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b560f03d
    • David S. Miller's avatar
      Merge branch 'qed-static-checker' · c973f24d
      David S. Miller authored
      Sudarsana Reddy Kalluru says:
      
      ====================
      qed*: Fix the static checker warnings.
      
      The patch series addresses the static checker warnings introduced by the
      earlier patches related to qed/qede coalesce configuration support.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c973f24d
    • Sudarsana Reddy Kalluru's avatar
      qede: Fix the static checker warnings. · d2890dea
      Sudarsana Reddy Kalluru authored
      Static checker warnings:
      drivers/net/ethernet/qlogic/qede/qede_ethtool.c:435 qede_get_coalesce()
      warn: passing casted pointer '&coal->rx_coalesce_usecs' to
      'edev->ops->common->get_coalesce()' 32 vs 16.
      
      The u32 pointer is being typecasted to u16 which may fail for big-endian
      platforms.
      
      Fixes: d552fa84 ("qede: Add support for coalescing config read/update.")
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarSudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2890dea
    • Sudarsana Reddy Kalluru's avatar
      qed: Fix static checker warnings. · 51d99880
      Sudarsana Reddy Kalluru authored
      Static checker warnings:
      drivers/net/ethernet/qlogic/qed/qed_int.c:2450 qed_init_cau_sb_entry()
      warn: always true condition '(cdev->rx_coalesce_usecs <= 255) =>
      (0-255 <= 255)'
      drivers/net/ethernet/qlogic/qed/qed_int.c:2511 qed_int_cau_conf_sb()
      warn: always true condition '(p_hwfn->cdev->rx_coalesce_usecs <= 255)
      => (0-255 <= 255)'
      ..
      
      The data types for rx/tx_coalesce_usecs should be u16.
      
      Fixes: commit 722003ac ("qed: Add support for coalescing config read/update.")
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarSudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      51d99880
    • Jarod Wilson's avatar
      e1000e: keep VLAN interfaces functional after rxvlan off · 889ad456
      Jarod Wilson authored
      I've got a bug report about an e1000e interface, where a VLAN interface is
      set up on top of it:
      
      $ ip link add link ens1f0 name ens1f0.99 type vlan id 99
      $ ip link set ens1f0 up
      $ ip link set ens1f0.99 up
      $ ip addr add 192.168.99.92 dev ens1f0.99
      
      At this point, I can ping another host on vlan 99, ip 192.168.99.91.
      However, if I do the following:
      
      $ ethtool -K ens1f0 rxvlan off
      
      Then no traffic passes on ens1f0.99. It comes back if I toggle rxvlan on
      again. I'm not sure if this is actually intended behavior, or if there's a
      lack of software VLAN stripping fallback, or what, but things continue to
      work if I simply don't call e1000e_vlan_strip_disable() if there are
      active VLANs (plagiarizing a function from the e1000 driver here) on the
      interface.
      
      Also slipped a related-ish fix to the kerneldoc text for
      e1000e_vlan_strip_disable here...
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      889ad456
    • Philippe Reynes's avatar
      net: ethernet: mvpp2: use phy_ethtool_{get|set}_link_ksettings · fb773e97
      Philippe Reynes authored
      There are two generics functions phy_ethtool_{get|set}_link_ksettings,
      so we can use them instead of defining the same code in the driver.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fb773e97
    • Philippe Reynes's avatar
      net: ethernet: mvpp2: use phydev from struct net_device · 8e07269d
      Philippe Reynes authored
      The private structure contain a pointer to phydev, but the structure
      net_device already contain such pointer. So we can remove the pointer
      phydev in the private structure, and update the driver to use the
      one contained in struct net_device.
      Signed-off-by: default avatarPhilippe Reynes <tremyfr@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8e07269d
    • Felix Fietkau's avatar
      cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header · c041778c
      Felix Fietkau authored
      The PDU length of incoming LLC frames is set to the total skb payload size
      in __ieee80211_data_to_8023() of net/wireless/util.c which incorrectly
      includes the length of the IEEE 802.11 header.
      
      The resulting LLC frame header has a too large PDU length, causing the
      llc_fixup_skb() function of net/llc/llc_input.c to reject the incoming
      skb, effectively breaking STP.
      
      Solve the problem by properly substracting the IEEE 802.11 frame header size
      from the PDU length, allowing the LLC processor to pick up the incoming
      control messages.
      
      Special thanks to Gerry Rozema for tracking down the regression and proposing
      a suitable patch.
      
      Fixes: 2d1c304c ("cfg80211: add function for 802.3 conversion with separate output buffer")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarGerry Rozema <gerryr@rozeware.com>
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      c041778c
    • Dan Carpenter's avatar
      qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() · 5b4d10f5
      Dan Carpenter authored
      There is a static checker warning here "warn: mask and shift to zero"
      and the code sets "ring" to zero every time.  From looking at how
      QLCNIC_FETCH_RING_ID() is used in qlcnic_83xx_process_rcv_ring() the
      qlcnic_83xx_hndl() should be removed.
      
      Fixes: 4be41e92 ('qlcnic: 83xx data path routines')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b4d10f5
    • Daniel Borkmann's avatar
      bpf, perf: delay release of BPF prog after grace period · ceb56070
      Daniel Borkmann authored
      Commit dead9f29 ("perf: Fix race in BPF program unregister") moved
      destruction of BPF program from free_event_rcu() callback to __free_event(),
      which is problematic if used with tail calls: if prog A is attached as
      trace event directly, but at the same time present in a tail call map used
      by another trace event program elsewhere, then we need to delay destruction
      via RCU grace period since it can still be in use by the program doing the
      tail call (the prog first needs to be dropped from the tail call map, then
      trace event with prog A attached destroyed, so we get immediate destruction).
      
      Fixes: dead9f29 ("perf: Fix race in BPF program unregister")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Cc: Jann Horn <jann@thejh.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ceb56070
    • Nikolay Aleksandrov's avatar
      net: bridge: fix vlan stats continue counter · 565ce8f3
      Nikolay Aleksandrov authored
      I made a dumb off-by-one mistake when I added the vlan stats counter
      dumping code. The increment should happen before the check, not after
      otherwise we miss one entry when we continue dumping.
      
      Fixes: a60c0903 ("bridge: netlink: export per-vlan stats")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      565ce8f3
    • Eric Dumazet's avatar
      tcp: do not send too big packets at retransmit time · a3d2e9f8
      Eric Dumazet authored
      Arjun reported a bug in TCP stack and bisected it to a recent commit.
      
      In case where we process SACK, we can coalesce multiple skbs
      into fat ones (tcp_shift_skb_data()), to lower write queue
      overhead, because we do not expect to retransmit these packets.
      
      However, SACK reneging can happen, forcing the sender to retransmit
      all these packets. If skb->len is above 64KB, we then send buggy
      IP packets that could hang TSO engine on cxgb4.
      
      Neal suggested to use tcp_tso_autosize() instead of tp->gso_segs
      so that we cook packets of optimal size vs TCP/pacing.
      
      Thanks to Arjun for reporting the bug and running the tests !
      
      Fixes: 10d3be56 ("tcp-tso: do not split TSO packets at retransmit time")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarArjun V <arjun@chelsio.com>
      Tested-by: default avatarArjun V <arjun@chelsio.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3d2e9f8
    • Wei Yongjun's avatar
      ibmvnic: fix to use list_for_each_safe() when delete items · 96183182
      Wei Yongjun authored
      Since we will remove items off the list using list_del() we need
      to use a safe version of the list_for_each() macro aptly named
      list_for_each_safe().
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96183182