- 20 May, 2013 8 commits
-
-
Dan Carpenter authored
In get_capi_ctr_by_nr() and get_capi_appl_by_nr() the parameter comes from skb->data. The current code can underflow to one space before the start of the array. The sanity check isn't needed in __get_capi_appl_by_nr() but I changed it to match the others. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
Starting with commit 91226790 `bnx2x: use FW 7.8.17', the bnx2x driver no longer requests the FW to perform IP checksums for IPv4 packets. This behaviour needs to be revised for 57710/57711 chips - when using GSO, if the driver will not set the IP checksum flag then packets will be transmitted by the chip without a valid IP checksum, resulting in a drop of all such packets on the receiver-side. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Another fix needed in ipgre_err(), as parse_gre_header() might change skb->head. Bug added in commit c5441932 (GRE: Refactor GRE tunneling code.) Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
françois romieu authored
8168evl offloaded checksums are wrong since commit e5195c1f ("r8169: fix 8168evl frame padding.") pads small packets to 60 bytes (without ethernet checksum). Typical symptoms appear as UDP checksums which are wrong by the count of added bytes. It isn't worth compensating. Let the driver checksum. Due to the skb length changes, TSO code is moved before the Tx descriptor gets written. Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Tested-by: Holger Hoffstätte <holger.hoffstaette@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
nikolay@redhat.com authored
When bond_3ad_get_active_agg_info() is used in all show_ad_ functions it is not protected against slave manipulation and since it walks over the slaves and uses them, this can easily result in NULL pointer dereference or use of freed memory. Both the new wrapper and the internal function are exported to the bonding as they're needed in different places. Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
nikolay@redhat.com authored
When getting arp_ip_targets if we encounter a bad IP, arp_ip_count still gets increased and all the targets after the wrong one will not be probed if arp_interval is enabled after that (unless a new IP target is added through sysfs) because of the zero entry, in this case reading arp_ip_target through sysfs will show valid targets even if there's a zero entry. Example: 1.2.3.4,4.5.6.7,blah,5.6.7.8 When retrieving the list from arp_ip_target the output would be: 1.2.3.4,4.5.6.7,5.6.7.8 but there will be a 0 entry between 4.5.6.7 and 5.6.7.8. If arp_interval is enabled after that 5.6.7.8 will never be checked because of that. Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
nikolay@redhat.com authored
There're few pr_debug() places that can provide the IPv4 address in dotted decimal format instead which is more helpful. Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
nikolay@redhat.com authored
Changing the mode without any locking can result in multiple races (e.g. upping a bond, enslaving/releasing). Depending on which race is hit the impact can vary from incosistent bond state to kernel crash. Use RTNL to synchronize the mode setting with the dangerous races. Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 19 May, 2013 2 commits
-
-
Chen Gang authored
'discovery->data.info' length is 22, NICKNAME_MAX_LEN is 21, so the strncpy() will always left the last byte of 'discovery->data.info' uninitialized. When 'text' length is longer than 21 (NICKNAME_MAX_LEN), if still left the last byte of 'discovery->data.info' uninitialized, the next strlen() will cause issue. Also 'discovery->data' is 'struct irda_device_info' which defined in "include/uapi/...", it may copy to user mode, so need whole initialized. All together, need use kzalloc() instead of kmalloc() to initialize all members firstly. Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Paul Moore authored
The net/netlabel/netlabel_domainhash.c:netlbl_domhsh_add() function does not properly validate new domain hash entries resulting in potential problems when an administrator attempts to add an invalid entry. One such problem, as reported by Vlad Halilov, is a kernel BUG (found in netlabel_domainhash.c:netlbl_domhsh_audit_add()) when adding an IPv6 outbound mapping with a CIPSO configuration. This patch corrects this problem by adding the necessary validation code to netlbl_domhsh_add() via the newly created netlbl_domhsh_validate() function. Ideally this patch should also be pushed to the currently active -stable trees. Reported-by: Vlad Halilov <vlad.halilov@gmail.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 May, 2013 3 commits
-
-
Eric Dumazet authored
commit 0178b695 ("ipv6: Copy cork options in ip6_append_data") added some code duplication and bad error recovery, leading to potential crash in ip6_cork_release() as kfree() could be called with garbage. use kzalloc() to make sure this wont happen. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Neal Cardwell <ncardwell@google.com>
-
Sridhar Samudrala authored
Fix some instances where vxlan fdb 'used' field is not updated after the entry is used. v2: rename vxlan_find_mac() as __vxlan_find_mac() and create a new vxlan_find_mac() that also updates ->used field. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
Add the missing iounmap() before return from gianfar_ptp_probe() in the error handling case. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 17 May, 2013 2 commits
-
-
git://git.open-mesh.org/linux-mergeDavid S. Miller authored
Included changes: - fix global protection fault by avoiding double call_rcu Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Lüssing authored
rcu_barrier() only waits for the currently scheduled rcu functions to finish - it won't wait for any function scheduled via another call_rcu() within an rcu scheduled function. Unfortunately our batadv_tt_orig_list_entry_free_ref() does just that, via a batadv_orig_node_free_ref() call, leading to our rcu_barrier() call potentially missing such a batadv_orig_node_free_ref(). This patch fixes this issue by calling the batadv_orig_node_free_rcu() directly from the rcu callback, removing the unnecessary, additional call_rcu() layer here. Signed-off-by: Linus Lüssing <linus.luessing@web.de> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Acked-by: Antonio Quartulli <ordex@autistici.org>
-
- 16 May, 2013 5 commits
-
-
Eric Dumazet authored
In some situations, we need to disable TSO on bonding slaves. bonding device automatically unset TSO in bond_fix_features(), and performance is not good because : 1) We consume more cpu cycles. 2) GSO segmentation has some bugs leading to out of order TCP packets if this segmentation is done before virtual device. This particular problem will be addressed in a separate patch. This patch allows TSO being set/unset on the bonding master, so that GSO segmentation is done after bonding layer. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Michał Mirosław <mirqus@gmail.com> Cc: Jay Vosburgh <fubar@us.ibm.com> Cc: Andy Gospodarek <andy@greyhouse.net> Cc: Maciej Żenczykowski <maze@google.com> Cc: Tom Herbert <therbert@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King authored
When the interface is shutdown, the mv643xx_eth driver hits the following lockdep dump: ================================= [ INFO: inconsistent lock state ] 3.8.0+ #303 Not tainted --------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. NetworkManager/3449 [HC0[0]:SC0[0]:HE1:SE1] takes: (_xmit_ETHER#2){+.?...}, at: [<c02828e4>] txq_reclaim+0x60/0x230 {IN-SOFTIRQ-W} state was registered at: [<c007e93c>] mark_irqflags+0xf8/0x1c4 [<c007ee60>] __lock_acquire+0x458/0x9a4 [<c007f8b0>] lock_acquire+0x60/0x74 [<c03ea914>] _raw_spin_lock+0x40/0x50 [<c0334040>] sch_direct_xmit+0xa4/0x2e4 [<c0320880>] dev_queue_xmit+0x174/0x508 [<c03953b0>] ip6_finish_output2+0xd0/0x3c4 [<c03b15bc>] mld_sendpack+0x190/0x368 [<c03b3204>] mld_ifc_timer_expire+0xc/0x58 [<c005133c>] call_timer_fn+0x6c/0xe0 [<c0051588>] run_timer_softirq+0x1d8/0x210 [<c004c004>] __do_softirq+0xe0/0x1b4 [<c004c448>] irq_exit+0x64/0x6c [<c000f1e0>] handle_IRQ+0x34/0x84 [<c000e0d0>] __irq_usr+0x30/0x80 irq event stamp: 160603 hardirqs last enabled at (160603): [<c00c736c>] kfree+0xa8/0xe8 hardirqs last disabled at (160602): [<c00c72e0>] kfree+0x1c/0xe8 softirqs last enabled at (160304): [<c028260c>] mib_counters_update+0x5ec/0x60c softirqs last disabled at (160302): [<c03eab8c>] _raw_spin_lock_bh+0x14/0x54 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(_xmit_ETHER#2); <Interrupt> lock(_xmit_ETHER#2); *** DEADLOCK *** 1 lock held by NetworkManager/3449: #0: (rtnl_mutex){+.+.+.}, at: [<c032e664>] rtnetlink_rcv+0xc/0x24 stack backtrace: [<c0013e34>] (unwind_backtrace+0x0/0xf8) from [<c007e12c>] (print_usage_bug+0x150/0x1d4) [<c007e12c>] (print_usage_bug+0x150/0x1d4) from [<c007e3f8>] (mark_lock_irq+0x248/0x290) [<c007e3f8>] (mark_lock_irq+0x248/0x290) from [<c007e598>] (mark_lock+0x158/0x404) [<c007e598>] (mark_lock+0x158/0x404) from [<c007e97c>] (mark_irqflags+0x138/0x1c4) [<c007e97c>] (mark_irqflags+0x138/0x1c4) from [<c007ee60>] (__lock_acquire+0x458/0x9a4) [<c007ee60>] (__lock_acquire+0x458/0x9a4) from [<c007f8b0>] (lock_acquire+0x60/0x74) [<c007f8b0>] (lock_acquire+0x60/0x74) from [<c03ea914>] (_raw_spin_lock+0x40/0x50) [<c03ea914>] (_raw_spin_lock+0x40/0x50) from [<c02828e4>] (txq_reclaim+0x60/0x230) [<c02828e4>] (txq_reclaim+0x60/0x230) from [<c0282ad8>] (txq_deinit+0x24/0xcc) [<c0282ad8>] (txq_deinit+0x24/0xcc) from [<c0282d28>] (mv643xx_eth_stop+0x1a8/0x1bc) [<c0282d28>] (mv643xx_eth_stop+0x1a8/0x1bc) from [<c031e314>] (__dev_close_many+0x88/0xcc) [<c031e314>] (__dev_close_many+0x88/0xcc) from [<c031e380>] (__dev_close+0x28/0x3c) [<c031e380>] (__dev_close+0x28/0x3c) from [<c0320fa0>] (__dev_change_flags+0x7c/0x134) [<c0320fa0>] (__dev_change_flags+0x7c/0x134) from [<c03210e0>] (dev_change_flags+0x10/0x48) [<c03210e0>] (dev_change_flags+0x10/0x48) from [<c032da1c>] (do_setlink+0x1a0/0x730) [<c032da1c>] (do_setlink+0x1a0/0x730) from [<c032f524>] (rtnl_newlink+0x304/0x4b0) [<c032f524>] (rtnl_newlink+0x304/0x4b0) from [<c032ef8c>] (rtnetlink_rcv_msg+0x25c/0x2a0) [<c032ef8c>] (rtnetlink_rcv_msg+0x25c/0x2a0) from [<c03383a0>] (netlink_rcv_skb+0xbc/0xd8) [<c03383a0>] (netlink_rcv_skb+0xbc/0xd8) from [<c032e674>] (rtnetlink_rcv+0x1c/0x24) [<c032e674>] (rtnetlink_rcv+0x1c/0x24) from [<c03361d8>] (netlink_unicast_kernel+0x88/0xd4) [<c03361d8>] (netlink_unicast_kernel+0x88/0xd4) from [<c0337dd0>] (netlink_unicast+0x138/0x180) [<c0337dd0>] (netlink_unicast+0x138/0x180) from [<c0338020>] (netlink_sendmsg+0x208/0x32c) [<c0338020>] (netlink_sendmsg+0x208/0x32c) from [<c030ab48>] (sock_sendmsg+0x84/0xa4) [<c030ab48>] (sock_sendmsg+0x84/0xa4) from [<c030aef4>] (__sys_sendmsg+0x2ac/0x2c4) [<c030aef4>] (__sys_sendmsg+0x2ac/0x2c4) from [<c030c8ec>] (sys_sendmsg+0x3c/0x68) [<c030c8ec>] (sys_sendmsg+0x3c/0x68) from [<c000e2e0>] (ret_fast_syscall+0x0/0x3c) It seems that txq_reclaim() takes the netif tx lock: __netif_tx_lock(nq, smp_processor_id()); in a context outside of softirq context, and thus is susceptible to deadlock should an interrupt occur. Use __netif_tx_lock_bh()/__netif_tx_unlock_bh() instead. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
GSO TCP handler has following issues : 1) ooo_okay from original GSO packet is duplicated to all segments 2) segments (but the last one) are orphaned, so transmit path can not get transmit queue number from the socket. This happens if GSO segmentation is done before stacked device for example. Result is we can send packets from a given TCP flow to different TX queues (if using multiqueue NICS). This generates OOO problems and spurious SACK & retransmits. Fix this by keeping socket pointer set for all segments. This means that every segment must also have a destructor, and the original gso skb truesize must be split on all segments, to keep precise sk->sk_wmem_alloc accounting. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Maciej Żenczykowski <maze@google.com> Cc: Tom Herbert <therbert@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains three Netfilter fixes and update for the MAINTAINER file for your net tree, they are: * Fix crash if nf_log_packet is called from conntrack, in that case both interfaces are NULL, from Hans Schillstrom. This bug introduced with the logging netns support in the previous merge window. * Fix compilation of nf_log and nf_queue without CONFIG_PROC_FS, from myself. This bug was introduced in the previous merge window with the new netns support for the netfilter logging infrastructure. * Fix possible crash in xt_TCPOPTSTRIP due to missing sanity checkings to validate that the TCP header is well-formed, from myself. I can find this bug in 2.6.25, probably it's been there since the beginning. I'll pass this to -stable. * Update MAINTAINER file to point to new nf trees at git.kernel.org, remove Harald and use M: instead of P: (now obsolete tag) to keep Jozsef in the list of people. Please, consider pulling this. Thanks! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pablo Neira Ayuso authored
This target assumes that tcph->doff is well-formed, that may be well not the case. Add extra sanity checkings to avoid possible crash due to read/write out of the real packet boundary. After this patch, the default action on malformed TCP packets is to drop them. Moreover, fragments are skipped. Reported-by: Rafal Kupka <rkupka@telemetry.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 15 May, 2013 5 commits
-
-
Florian Fainelli authored
include/linux/brcmphy.h is currently not protected against double inclusion, add ifdefs guard to fix that. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabio Estevam authored
commit 54309fa6 ("net: fec: fix kernel oops when plug/unplug cable many times") introduced the following 'if' block in the beginning of fec_start(): if (netif_running(ndev)) { netif_device_detach(ndev); napi_disable(&fep->napi); netif_stop_queue(ndev); netif_tx_lock_bh(ndev); } Then later in the end of fec_restart() there is another block that calls the opposite of each one of these functions. The correct approach would be to also call them with in the reverse order, so that we have as result: if (netif_running(ndev)) { netif_tx_unlock_bh(ndev); netif_wake_queue(ndev); napi_enable(&fep->napi); netif_device_attach(ndev); } Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabio Estevam authored
fec_restart() runs in softirq context and we should use the netif_tx_lock_bh/netif_tx_unlock_bh() variants to avoid the following warning that happens since commit 54309fa6 ("net: fec: fix kernel oops when plug/unplug cable many times"): [ 9.753168] ================================= [ 9.757540] [ INFO: inconsistent lock state ] [ 9.761921] 3.10.0-rc1-next-20130514 #13 Not tainted [ 9.766897] --------------------------------- [ 9.771264] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 9.777288] swapper/0 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 9.782261] (_xmit_ETHER#2){+.?...}, at: [<c03c24a4>] sch_direct_xmit+0xa0/0x2d4 [ 9.789879] {SOFTIRQ-ON-W} state was registered at: [ 9.794769] [<c0059c60>] __lock_acquire+0x528/0x1bc0 [ 9.799953] [<c005b838>] lock_acquire+0xa0/0x108 [ 9.804780] [<c0441320>] _raw_spin_lock+0x28/0x38 [ 9.809702] [<c02f9fc8>] fec_restart+0x5d0/0x664 [ 9.814542] [<c02fa738>] fec_enet_adjust_link+0xa8/0xc0 [ 9.819978] [<c02f7a28>] phy_state_machine+0x2fc/0x370 [ 9.825323] [<c0035ee0>] process_one_work+0x1c0/0x4a0 [ 9.830589] [<c0036594>] worker_thread+0x138/0x394 [ 9.835587] [<c003c620>] kthread+0xa4/0xb0 [ 9.839890] [<c000e820>] ret_from_fork+0x14/0x34 [ 9.844728] irq event stamp: 185984 [ 9.848226] hardirqs last enabled at (185984): [<c00232b0>] local_bh_enable_ip+0x84/0xf0 [ 9.856450] hardirqs last disabled at (185983): [<c0023270>] local_bh_enable_ip+0x44/0xf0 [ 9.864667] softirqs last enabled at (185966): [<c0023470>] irq_enter+0x64/0x68 [ 9.872099] softirqs last disabled at (185967): [<c0023510>] irq_exit+0x9c/0xd8 [ 9.879440] [ 9.879440] other info that might help us debug this: [ 9.885981] Possible unsafe locking scenario: [ 9.885981] [ 9.891912] CPU0 [ 9.894364] ---- [ 9.896814] lock(_xmit_ETHER#2); [ 9.900259] <Interrupt> [ 9.902884] lock(_xmit_ETHER#2); [ 9.906500] [ 9.906500] *** DEADLOCK *** Reported-by: Shawn Guo <shawn.guo@linaro.org> Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dan Carpenter authored
The bug here is this code from ipg_nic_hard_start_xmit(): txfd->tfc &= cpu_to_le64(~IPG_TFC_TFDDONE); IPG_TFC_TFDDONE is 0x0000000080000000 so it's an unsigned int. The negated value is 0x7fffffff but 0xffffffff7fffffff was intended. The other values in this file don't need to be changed but I did it for consistency. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hans Schillstrom authored
Since (69b34fb9 netfilter: xt_LOG: add net namespace support for xt_LOG), we hit this: [ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388 [ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270 when callling log functions from conntrack both in and out are NULL i.e. the net pointer is invalid. Adding struct net *net in call to nf_logfn() will secure that there always is a vaild net ptr. Reported as netfilter's bugzilla bug 818: https://bugzilla.netfilter.org/show_bug.cgi?id=818Reported-by: Ronald <ronald645@gmail.com> Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 14 May, 2013 9 commits
-
-
Nicolas Ferre authored
Commit 749a2b66 (net/macb: clear tx/rx completion flags in ISR) introduces clear-on-write on ISR register. This behavior is not always implemented when using Cadence MACB/GEM and is breaking other platforms. We are using the Design Configuration Register 1 information and a capability property to actually activate this clear-on-write behavior on ISR. Reported-by: Hein Tibosch <hein_tibosch@yahoo.es> Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Tested-by: Hein Tibosch <hein_tibosch@yahoo.es> Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
commit fb745e9a ("net/802/mrp: fix possible race condition when calling mrp_pdu_queue()") introduced a lockdep splat. [ 19.735147] ================================= [ 19.735235] [ INFO: inconsistent lock state ] [ 19.735324] 3.9.2-build-0063 #4 Not tainted [ 19.735412] --------------------------------- [ 19.735500] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. [ 19.735592] rmmod/1840 [HC0[0]:SC0[0]:HE1:SE1] takes: [ 19.735682] (&(&app->lock)->rlock#2){+.?...}, at: [<f862bb5b>] mrp_uninit_applicant+0x69/0xba [mrp] app->lock is normally taken under softirq context, so disable BH to avoid the splat. Reported-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: David Ward <david.ward@ll.mit.edu> Cc: Cong Wang <amwang@redhat.com> Tested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andrew Lunn authored
3.10-rc1 issues the following warning: netif_napi_add() called with weight 128 on device eth%d This patch reduce the weight to 64, using NAPI_POLL_WEIGHT. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
TCP md5 communications fail [1] for some devices, because sg/crypto code assume page offsets are below PAGE_SIZE. This was discovered using mlx4 driver [2], but I suspect loopback might trigger the same bug now we use order-3 pages in tcp_sendmsg() [1] Failure is giving following messages. huh, entered softirq 3 NET_RX ffffffff806ad230 preempt_count 00000100, exited with 00000101? [2] mlx4 driver uses order-2 pages to allocate RX frags Reported-by: Matt Schnall <mischnal@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Bernhard Beck <bbeck@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sarveshwar Bandi authored
Fix to avoid double insertion of vlan tags into the packet while handling an asic workaroud (issue introduced by net next Commit bc0c3405) Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ben Hutchings authored
efx_start_datapath() asserts that we can fit 2 RX scatter buffers plus a software structure, each appropriately aligned, into a single page. Where L1_CACHE_BYTES == 256 and PAGE_SIZE == 4096, which is the case on s390, this assertion fails. The current scatter buffer size is also not a multiple of 64 or 128, which are more common cache line sizes. If we can make both the start and end of a scatter buffer cache-aligned, this will reduce the need for read-modify-write operations on inter- processor links. Fix the alignment by reducing EFX_RX_USR_BUF_SIZE to 2048 - 256 == 1792. (We could use 2048 - L1_CACHE_BYTES, but EFX_RX_USR_BUF_SIZE also affects user-level networking where a larger amount of housekeeping data may be needed. Although this version of the driver does not support user-level networking, I prefer to keep scattering behaviour consistent with the out-of-tree version.) This still doesn't fix the s390 build because like most architectures it has NET_IP_ALIGN == 2. When NET_IP_ALIGN != 0 we cannot achieve cache line alignment at either the start or end of a scatter buffer, so there is actually no point in padding the buffers to a multiple of the cache line size. All we need is 4-byte alignment of the network header, so do that. Adjust the assertions accordingly. Reported-by: Geert Uytterhoeven <geert@linux-m68k.org> Reported-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ben Hutchings authored
The two architectures that define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS (powerpc and x86) now both define NET_IP_ALIGN as 0, so there is no need for this optimisation any more. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
The 5725 family of devices (asic rev 5762), corrupts TSO packets where the buffer is within MSS bytes of a 4G boundary (4G, 8G etc.). Detect this condition and trigger the workaround path. Cc: <stable@vger.kernel.org> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nithin Sujir authored
On the 5718, 5719 and 5720 serdes devices, powering down function 0 results in all the other ports being powered down. Add code to skip function 0 power down. v2: - Modify tg3_phy_power_bug() function to use a switch instead of a complicated if statement. Suggested by Joe Perches. Cc: <stable@vger.kernel.org> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 13 May, 2013 6 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: "Several small bug fixes all over: 1) be2net driver uses wrong payload length when submitting MAC list get requests to the chip. From Sathya Perla. 2) Fix mwifiex memory leak on driver unload, from Amitkumar Karwar. 3) Prevent random memory access in batman-adv, from Marek Lindner. 4) batman-adv doesn't check for pskb_trim_rcsum() errors, also from Marek Lindner. 5) Fix fec crashes on rapid link up/down, from Frank Li. 6) Fix inner protocol grovelling in GSO, from Pravin B Shelar. 7) Link event validation fix in qlcnic from Rajesh Borundia. 8) Not all FEC chips can support checksum offload, fix from Shawn Guo. 9) EXPORT_SYMBOL + inline doesn't make any sense, from Denis Efremov. 10) Fix race in passthru mode during device removal in macvlan, from Jiri Pirko. 11) Fix RCU hash table lookup socket state race in ipv6, leading to NULL pointer derefs, from Eric Dumazet. 12) Add several missing HAS_DMA kconfig dependencies, from Geert Uyttterhoeven. 13) Fix bogus PCI resource management in 3c59x driver, from Sergei Shtylyov. 14) Fix info leak in ipv6 GRE tunnel driver, from Amerigo Wang. 15) Fix device leak in ipv6 IPSEC policy layer, from Cong Wang. 16) DMA mapping leak fix in qlge from Thadeu Lima de Souza Cascardo. 17) Missing iounmap on probe failure in bna driver, from Wei Yongjun." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (40 commits) bna: add missing iounmap() on error in bnad_init() qlge: fix dma map leak when the last chunk is not allocated xfrm6: release dev before returning error ipv6,gre: do not leak info to user-space virtio_net: use default napi weight by default emac: Fix EMAC soft reset on 460EX/GT 3c59x: fix PCI resource management caif: CAIF_VIRTIO should depend on HAS_DMA net/ethernet: MACB should depend on HAS_DMA net/ethernet: ARM_AT91_ETHER should depend on HAS_DMA net/wireless: ATH9K should depend on HAS_DMA net/ethernet: STMMAC_ETH should depend on HAS_DMA net/ethernet: NET_CALXEDA_XGMAC should depend on HAS_DMA ipv6: do not clear pinet6 field macvlan: fix passthru mode race between dev removal and rx path ipv4: ip_output: remove inline marking of EXPORT_SYMBOL functions net/mlx4: Strengthen VLAN tags/priorities enforcement in VST mode net/mlx4_core: Add missing report on VST and spoof-checking dev caps net: fec: enable hardware checksum only on imx6q-fec qlcnic: Fix validation of link event command. ...
-
Wei Yongjun authored
Add the missing iounmap() before return from bnad_init() in the error handling case. Introduced by commit 01b54b14 (bna: tx rx cleanup fix). Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thadeu Lima de Souza Cascardo authored
qlge allocates chunks from a page that it maps and unmaps that page when the last chunk is released. When the driver is unloaded or the card is removed, all chunks are released and the page is unmapped for the last chunk. However, when the last chunk of a page is not allocated and the device is removed, that page is not unmapped. In fact, its last reference is not put and there's also a page leak. This bug prevents a device from being properly hotplugged. When the DMA API debug option is enabled, the following messages show the pending DMA allocation after we remove the driver. This patch fixes the bug by unmapping and putting the page from the ring if its last chunk has not been allocated. pci 0005:98:00.0: DMA-API: device driver has pending DMA allocations while released from device [count=1] One of leaked entries details: [device address=0x0000000060a80000] [size=65536 bytes] [mapped with DMA_FROM_DEVICE] [mapped as page] ------------[ cut here ]------------ WARNING: at lib/dma-debug.c:746 Modules linked in: qlge(-) rpadlpar_io rpaphp pci_hotplug fuse [last unloaded: qlge] NIP: c0000000003fc3ec LR: c0000000003fc3e8 CTR: c00000000054de60 REGS: c0000003ee9c74e0 TRAP: 0700 Tainted: G O (3.7.2) MSR: 8000000000029032 <SF,EE,ME,IR,DR,RI> CR: 28002424 XER: 00000001 SOFTE: 1 CFAR: c0000000007a39c8 TASK = c0000003ee8d5c90[8406] 'rmmod' THREAD: c0000003ee9c4000 CPU: 31 GPR00: c0000000003fc3e8 c0000003ee9c7760 c000000000c789f8 00000000000000ee GPR04: 0000000000000000 00000000000000ef 0000000000004000 0000000000010000 GPR08: 00000000000000be c000000000b22088 c000000000c4c218 00000000007c0000 GPR12: 0000000028002422 c00000000ff26c80 0000000000000000 000001001b0f1b40 GPR16: 00000000100cb9d8 0000000010093088 c000000000cdf910 0000000000000001 GPR20: 0000000000000000 c000000000dbfc00 0000000000000000 c000000000dbfb80 GPR24: c0000003fafc9d80 0000000000000001 000000000001ff80 c0000003f38f7888 GPR28: c000000000ddfc00 0000000000000400 c000000000bd7790 c000000000ddfb80 NIP [c0000000003fc3ec] .dma_debug_device_change+0x22c/0x2b0 LR [c0000000003fc3e8] .dma_debug_device_change+0x228/0x2b0 Call Trace: [c0000003ee9c7760] [c0000000003fc3e8] .dma_debug_device_change+0x228/0x2b0 (unreliable) [c0000003ee9c7840] [c00000000079a098] .notifier_call_chain+0x78/0xf0 [c0000003ee9c78e0] [c0000000000acc20] .__blocking_notifier_call_chain+0x70/0xb0 [c0000003ee9c7990] [c0000000004a9580] .__device_release_driver+0x100/0x140 [c0000003ee9c7a20] [c0000000004a9708] .driver_detach+0x148/0x150 [c0000003ee9c7ac0] [c0000000004a8144] .bus_remove_driver+0xc4/0x150 [c0000003ee9c7b60] [c0000000004aa58c] .driver_unregister+0x8c/0xe0 [c0000003ee9c7bf0] [c0000000004090b4] .pci_unregister_driver+0x34/0xf0 [c0000003ee9c7ca0] [d000000002231194] .qlge_exit+0x1c/0x34 [qlge] [c0000003ee9c7d20] [c0000000000e36d8] .SyS_delete_module+0x1e8/0x290 [c0000003ee9c7e30] [c0000000000098d4] syscall_exit+0x0/0x94 Instruction dump: 7f26cb78 e818003a e87e81a0 e8f80028 e9180030 796b1f24 78001f24 7d6a5a14 7d2a002a e94b0020 483a7595 60000000 <0fe00000> 2fb80000 40de0048 80120050 ---[ end trace 4294f9abdb01031d ]--- Mapped at: [<d000000002222f54>] .ql_update_lbq+0x384/0x580 [qlge] [<d000000002227bd0>] .ql_clean_inbound_rx_ring+0x300/0xc60 [qlge] [<d0000000022288cc>] .ql_napi_poll_msix+0x39c/0x5a0 [qlge] [<c0000000006b3c50>] .net_rx_action+0x170/0x300 [<c000000000081840>] .__do_softirq+0x170/0x300 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Acked-by: Jitendra Kalsaria <Jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spiLinus Torvalds authored
Pull spi updates from Mark Brown: "A few driver specific fixes plus improved error handling in the generic DT GPIO chipselect handling - not exciting but useful." * tag 'spi-v3.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi/spi-atmel: BUG: fix doesn' support 16 bits transfers using PIO spi/davinci: fix module build error spi: Return error from of_spi_register_master on bad "cs-gpios" property spi: Initialize cs_gpio and cs_gpios with -ENOENT spi/atmel: fix speed_hz check in atmel_spi_transfer()
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Just a few straggling fixes I hoovered up, and an intel fixes pull from Daniel which fixes some regressions, and some mgag200 fixes from Matrox." * 'drm-next' of git://people.freedesktop.org/~airlied/linux: drm/mgag200: Fix framebuffer base address programming drm/mgag200: Convert counter delays to jiffies drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register drm/mgag200: Don't change unrelated registers during modeset drm: Only print a debug message when the polled connector has changed drm: Make the HPD status updates debug logs more readable drm: Use names of ioctls in debug traces drm: Remove pointless '-' characters from drm_fb_helper documentation drm: Add kernel-doc for drm_fb_helper_funcs->initial_config drm: refactor call to request_module drm: Don't prune modes loudly when a connector is disconnected drm: Add missing break in the command line mode parsing code drm/i915: clear the stolen fb before resuming Revert "drm/i915: Calculate correct stolen size for GEN7+" drm/i915: hsw: fix link training for eDP on port-A Revert "drm/i915: revert eDP bpp clamping code changes" drm: don't check modeset locks in panic handler drm/i915: Fix pipe enabled mask for pipe C in WM calculations drm/mm: fix dump table BUG drm/i915: Always normalize return timeout for wait_timeout_ioctl
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linuxLinus Torvalds authored
Pull virtio/lguest fixes from Rusty Russell: "Missing license tag and some fallout from the lguest pagetable rework" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: lguest: clear cached last cpu when guest_set_pgd() called. Add missing module license tag to vring helpers.
-