1. 11 Feb, 2013 2 commits
    • David S. Miller's avatar
      Merge branch 'vsock' · 5b815b52
      David S. Miller authored
      Andy King says:
      
      ====================
      In an effort to improve the out-of-the-box experience with Linux kernels for
      VMware users, VMware is working on readying the VM Sockets (VSOCK, formerly
      VMCI Sockets) (vsock) kernel module for inclusion in the Linux kernel. The
      purpose of this post is to acquire feedback on the vsock kernel module.
      
      Unlike previous submissions, where the new socket family was entirely reliant
      on VMware's VMCI PCI device (and thus VMware's hypervisor), VM Sockets is now
      completely[1] separated out into two parts, each in its own module:
      
      o Core socket code, which is transport-neutral and invokes transport
        callbacks to communicate with the hypervisor.  This is vsock.ko.
      o A VMCI transport, which communicates over VMCI with the VMware hypervisor.
        This is vmw_vsock_vmci_transport.ko, and it registers with the core module
        as a transport.
      
      This should provide a path to introducing additional transports, for example
      virtio, with the ultimate goal being to make this new socket family
      hypervisor-neutral.
      
      [1] If Gerd tries it and determines this to be false (still), I'll ship him
          a keg of beer.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b815b52
    • Andy King's avatar
      VSOCK: Introduce VM Sockets · d021c344
      Andy King authored
      VM Sockets allows communication between virtual machines and the hypervisor.
      User level applications both in a virtual machine and on the host can use the
      VM Sockets API, which facilitates fast and efficient communication between
      guest virtual machines and their host.  A socket address family, designed to be
      compatible with UDP and TCP at the interface level, is provided.
      
      Today, VM Sockets is used by various VMware Tools components inside the guest
      for zero-config, network-less access to VMware host services.  In addition to
      this, VMware's users are using VM Sockets for various applications, where
      network access of the virtual machine is restricted or non-existent.  Examples
      of this are VMs communicating with device proxies for proprietary hardware
      running as host applications and automated testing of applications running
      within virtual machines.
      
      The VMware VM Sockets are similar to other socket types, like Berkeley UNIX
      socket interface.  The VM Sockets module supports both connection-oriented
      stream sockets like TCP, and connectionless datagram sockets like UDP. The VM
      Sockets protocol family is defined as "AF_VSOCK" and the socket operations
      split for SOCK_DGRAM and SOCK_STREAM.
      
      For additional information about the use of VM Sockets, please refer to the
      VM Sockets Programming Guide available at:
      
      https://www.vmware.com/support/developer/vmci-sdk/Signed-off-by: default avatarGeorge Zhang <georgezhang@vmware.com>
      Signed-off-by: default avatarDmitry Torokhov <dtor@vmware.com>
      Signed-off-by: default avatarAndy king <acking@vmware.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d021c344
  2. 08 Feb, 2013 38 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · fd502311
      David S. Miller authored
      Synchronize with 'net' in order to sort out some l2tp, wireless, and
      ipv6 GRE fixes that will be built on top of in 'net-next'.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd502311
    • Vipul Pandya's avatar
      cxgb4vf: Fix extraction of cpl_rx_pkt from the response queue descriptor · 8b9a4d56
      Vipul Pandya authored
      This was preventing GRO and RxCheckSum offload to happen.
      Signed-off-by: default avatarJay Hernandez <jay@chelsio.com>
      Signed-off-by: default avatarVipul Pandya <vipul@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b9a4d56
    • Daniel Borkmann's avatar
      net: sctp: sctp_auth_make_key_vector: use sctp_auth_create_key · 03536e23
      Daniel Borkmann authored
      In sctp_auth_make_key_vector, we allocate a temporary sctp_auth_bytes
      structure with kmalloc instead of the sctp_auth_create_key allocator.
      Change this to sctp_auth_create_key as it is the case everywhere else,
      so that we also can properly free it via sctp_auth_key_put. This makes
      it easier for future code changes in the structure and allocator itself,
      since a single API is consistently used for this purpose. Also, by
      using sctp_auth_create_key we're doing sanity checks over the arguments.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      03536e23
    • Eric Dumazet's avatar
      macvlan: add a salt to mc_hash() · 3807ff58
      Eric Dumazet authored
      Some multicast addresses are common to all macvlans,
      so if a multicast message has a hash value collision, we
      have to deliver a copy to all macvlans, adding significant
      latency and possible packet drops if netdev_max_backlog
      limit is hit.
      
      Having a per macvlan hash function permits to reduce the
      impact of hash collisions.
      Suggested-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3807ff58
    • Eric Dumazet's avatar
      macvlan: broadcast addr should be part of mc_filter · d5270430
      Eric Dumazet authored
      commit cd431e73 (macvlan: add multicast filter) forgot
      the broadcast case.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarMaciej Żenczykowski <maze@google.com>
      SIgned-off-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5270430
    • Amerigo Wang's avatar
      ipv6: fix a RCU warning in net/ipv6/ip6_flowlabel.c · 6a98dcf0
      Amerigo Wang authored
      This patch fixes the following RCU warning:
      
      [   51.680236] ===============================
      [   51.681914] [ INFO: suspicious RCU usage. ]
      [   51.683610] 3.8.0-rc6-next-20130206-sasha-00028-g83214f7-dirty #276 Tainted: G        W
      [   51.686703] -------------------------------
      [   51.688281] net/ipv6/ip6_flowlabel.c:671 suspicious rcu_dereference_check() usage!
      
      we should use rcu_dereference_bh() when we hold rcu_read_lock_bh().
      Reported-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: default avatarCong Wang <amwang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a98dcf0
    • Joe Perches's avatar
      drivers: net: Remove remaining alloc/OOM messages · 14f8dc49
      Joe Perches authored
      alloc failures already get standardized OOM
      messages and a dump_stack.
      
      For the affected mallocs around these OOM messages:
      
      Converted kmallocs with multiplies to kmalloc_array.
      Converted a kmalloc/memcpy to kmemdup.
      Removed now unused stack variables.
      Removed unnecessary parentheses.
      Neatened alignment.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Acked-by: default avatarArend van Spriel <arend@broadcom.com>
      Acked-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      Acked-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      14f8dc49
    • Rafał Miłecki's avatar
      bgmac: fix "cmdcfg" calls for promisc and loopback modes · e9ba1039
      Rafał Miłecki authored
      The last (bool) parameter in bgmac_cmdcfg_maskset says if the write
      should be made, even if value didn't change. Currently driver doesn't
      match the specs about (not) forcing some changes. This makes it follow
      them.
      Reported-by: default avatarNathan Hintz <nlhintz@hotmail.com>
      Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e9ba1039
    • Rafał Miłecki's avatar
      bgmac: validate (and random if needed) MAC addr · d166f218
      Rafał Miłecki authored
      This adds check for a valid Ethernet MAC address and in case it is not,
      it will generate a valid random one, such that the adapter is still
      usable.
      Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d166f218
    • Alexander Duyck's avatar
      skbuff: Move definition of NETDEV_FRAG_PAGE_MAX_SIZE · e5e67305
      Alexander Duyck authored
      In order to address the fact that some devices cannot support the full 32K
      frag size we need to have the value accessible somewhere so that we can use it
      to do comparisons against what the device can support.  As such I am moving
      the values out of skbuff.c and into skbuff.h.
      Signed-off-by: default avatarAlexander Duyck <alexander.h.duyck@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5e67305
    • Linus Torvalds's avatar
      Linux 3.8-rc7 · 836dc9e3
      Linus Torvalds authored
      836dc9e3
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 39923134
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "I was going to hold these off until v3.8 was out, and send them with a
        stable tag, but as everyone else is pushing much bigger fixes which
        Linus is accepting, let's save people from the hastle of having to
        patch v3.8 back into working or use a stable kernel.
      
        Looking at the diffstat, this really is high value for its size; this
        is miniscule compared to how the -rc6 to tip diffstat currently looks.
      
        So, four patches in this set:
         - Punit Agrawal reports that the kernel no longer boots on MPCore due
           to a new assumption made in the GIC code which isn't true of
           earlier GIC designs.  This is the biggest change in this set.
         - Punit's boot log also revealed a bunch of WARN_ON() dumps caused by
           the DT-ification of the GIC support without fixing up non-DT
           Realview - which now sees a greater number of interrupts than it
           did before.
         - A fix for the DMA coherent code from Marek which uses the wrong
           check for atomic allocations; this can result in spinlock lockups
           or other nasty effects.
         - A fix from Will, which will affect all Android based platforms if
           not applied (which use the 2G:2G VM split) - this causes
           particularly 'make' to misbehave unless this bug is fixed."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is aligned
        ARM: DMA mapping: fix bad atomic test
        ARM: realview: ensure that we have sufficient IRQs available
        ARM: GIC: fix GIC cpumask initialization
      39923134
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · e06b8405
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Revert iwlwifi reclaimed packet tracking, it causes problems for a
          bunch of folks.  From Emmanuel Grumbach.
      
       2) Work limiting code in brcmsmac wifi driver can clear tx status
          without processing the event.  From Arend van Spriel.
      
       3) rtlwifi USB driver processes wrong SKB, fix from Larry Finger.
      
       4) l2tp tunnel delete can race with close, fix from Tom Parkin.
      
       5) pktgen_add_device() failures are not checked at all, fix from Cong
          Wang.
      
       6) Fix unintentional removal of carrier off from tun_detach(),
          otherwise we confuse userspace, from Michael S.  Tsirkin.
      
       7) Don't leak socket reference counts and ubufs in vhost-net driver,
          from Jason Wang.
      
       8) vmxnet3 driver gets it's initial carrier state wrong, fix from Neil
          Horman.
      
       9) Protect against USB networking devices which spam the host with 0
          length frames, from Bjørn Mork.
      
      10) Prevent neighbour overflows in ipv6 for locally destined routes,
          from Marcelo Ricardo.  This is the best short-term fix for this, a
          longer term fix has been implemented in net-next.
      
      11) L2TP uses ipv4 datagram routines in it's ipv6 code, whoops.  This
          mistake is largely because the ipv6 functions don't even have some
          kind of prefix in their names to suggest they are ipv6 specific.
          From Tom Parkin.
      
      12) Check SYN packet drops properly in tcp_rcv_fastopen_synack(), from
          Yuchung Cheng.
      
      13) Fix races and TX skb freeing bugs in via-rhine's NAPI support, from
          Francois Romieu and your's truly.
      
      14) Fix infinite loops and divides by zero in TCP congestion window
          handling, from Eric Dumazet, Neal Cardwell, and Ilpo Järvinen.
      
      15) AF_PACKET tx ring handling can leak kernel memory to userspace, fix
          from Phil Sutter.
      
      16) Fix error handling in ipv6 GRE tunnel transmit, from Tommi Rantala.
      
      17) Protect XEN netback driver against hostile frontend putting garbage
          into the rings, don't leak pages in TX GOP checking, and add proper
          resource releasing in error path of xen_netbk_get_requests().  From
          Ian Campbell.
      
      18) SCTP authentication keys should be cleared out and released with
          kzfree(), from Daniel Borkmann.
      
      19) L2TP is a bit too clever trying to maintain skb->truesize, and ends
          up corrupting socket memory accounting to the point where packet
          sending is halted indefinitely.  Just remove the adjustments
          entirely, they aren't really needed.  From Eric Dumazet.
      
      20) ATM Iphase driver uses a data type with the same name as the S390
          headers, rename to fix the build.  From Heiko Carstens.
      
      21) Fix a typo in copying the inner network header offset from one SKB
          to another, from Pravin B Shelar.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits)
        net: sctp: sctp_endpoint_free: zero out secret key data
        net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
        atm/iphase: rename fregt_t -> ffreg_t
        net: usb: fix regression from FLAG_NOARP code
        l2tp: dont play with skb->truesize
        net: sctp: sctp_auth_key_put: use kzfree instead of kfree
        netback: correct netbk_tx_err to handle wrap around.
        xen/netback: free already allocated memory on failure in xen_netbk_get_requests
        xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop.
        xen/netback: shutdown the ring if it contains garbage.
        net: qmi_wwan: add more Huawei devices, including E320
        net: cdc_ncm: add another Huawei vendor specific device
        ipv6/ip6_gre: fix error case handling in ip6gre_tunnel_xmit()
        tcp: fix for zero packets_in_flight was too broad
        brcmsmac: rework of mac80211 .flush() callback operation
        ssb: unregister gpios before unloading ssb
        bcma: unregister gpios before unloading bcma
        rtlwifi: Fix scheduling while atomic bug
        net: usbnet: fix tx_dropped statistics
        tcp: ipv6: Update MIB counters for drops
        ...
      e06b8405
    • David S. Miller's avatar
      Merge branch 'wireless' · bfb235d7
      David S. Miller authored
      John W. Linville says:
      
      ====================
      Please accept this pull request intended for the 3.9 stream!
      
      Included are a mac80211 pull, an iwlwifi pull (actually two -- one
      was a fast-forward), a wl12xx pull, and a couple of Bluetooth pulls.
      
      On mac80211, Johannes says:
      
      "I've included
       * AKM definitions from Bing,
       * mesh fixes from Thomas, including a fix from him for me breaking his
         patch while applying,
       * channel check fix from Simon,
       * an old patch from Yoni Divinsky who doesn't even work for TI any
         more, to configure the WEP TX key for ARP offload etc.
       * MAC ACL API from Vasanth
       * a fix for the infamous chanctx_conf warning from Arnd
       * from myself, a fix for my previous aggregation changes, some cleanup
         and some improvements and fixes for WoWLAN"
      
      On iwlwifi, Johannes says:
      
      "Two small changes for iwlwifi-next, one to update all our Copyright
      notices and one to provide the RX page order."
      
      And also:
      
      "So what I have here is some cleanups, preparations and the new MVM
      (multi-virtual MAC) driver itself and (this is new) some work on the
      transport API as well as a message flooding fix."
      
      On wl12xx, Luca says:
      
      "Lots of bugfixes and improvements in our TI wireless drivers,
      including support for multi-channel.  Intended for 3.9."
      
      On Bluetooth, Gustavo says:
      
      "This is my first pull request to 3.9. The biggest changes here are from Johan
      Hedberg who made a lot of fixes in the Management interface. The issues arose
      due to a new test tool we wrote and the usage of the Management interface as
      default in BlueZ 5. The rest of the patches are more clean ups and small
      fixes."
      
      And also:
      
      "Here goes another batch intended for 3.9, the majority of the patch here are
      from Johan who is fixing many issues in the management interface that have
      appeared lately. The rest of the patches are just small improvements, fixes
      and clean ups."
      
      Along with those are the usual variety of updates/enhancements to
      the mwl8k, mwifiex, ath9k, rtlwifi, and rt2x00 drivers as well as
      a few updates for the ssb and bcma busses.  I don't think there are
      any big headliners there.
      
      Please let me know if there are problems!
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bfb235d7
    • David S. Miller's avatar
      Merge branch 'sctp_keys' · a1c83b05
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      Cryptographically used keys should be zeroed out when our session
      ends resp. memory is freed, thus do not leave them somewhere in the
      memory.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1c83b05
    • Daniel Borkmann's avatar
      net: sctp: sctp_endpoint_free: zero out secret key data · b5c37fe6
      Daniel Borkmann authored
      On sctp_endpoint_destroy, previously used sensitive keying material
      should be zeroed out before the memory is returned, as we already do
      with e.g. auth keys when released.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b5c37fe6
    • Daniel Borkmann's avatar
      net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree · 6ba542a2
      Daniel Borkmann authored
      In sctp_setsockopt_auth_key, we create a temporary copy of the user
      passed shared auth key for the endpoint or association and after
      internal setup, we free it right away. Since it's sensitive data, we
      should zero out the key before returning the memory back to the
      allocator. Thus, use kzfree instead of kfree, just as we do in
      sctp_auth_key_put().
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ba542a2
    • Heiko Carstens's avatar
      atm/iphase: rename fregt_t -> ffreg_t · ab54ee80
      Heiko Carstens authored
      We have conflicting type qualifiers for "freg_t" in s390's ptrace.h and the
      iphase atm device driver, which causes the compile error below.
      Unfortunately the s390 typedef can't be renamed, since it's a user visible api,
      nor can I change the include order in s390 code to avoid the conflict.
      
      So simply rename the iphase typedef to a new name. Fixes this compile error:
      
      In file included from drivers/atm/iphase.c:66:0:
      drivers/atm/iphase.h:639:25: error: conflicting type qualifiers for 'freg_t'
      In file included from next/arch/s390/include/asm/ptrace.h:9:0,
                       from next/arch/s390/include/asm/lowcore.h:12,
                       from next/arch/s390/include/asm/thread_info.h:30,
                       from include/linux/thread_info.h:54,
                       from include/linux/preempt.h:9,
                       from include/linux/spinlock.h:50,
                       from include/linux/seqlock.h:29,
                       from include/linux/time.h:5,
                       from include/linux/stat.h:18,
                       from include/linux/module.h:10,
                       from drivers/atm/iphase.c:43:
      next/arch/s390/include/uapi/asm/ptrace.h:197:3: note: previous declaration of 'freg_t' was here
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Acked-by: default avatarchas williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab54ee80
    • John W. Linville's avatar
      Merge branch 'master' of... · f5237f27
      John W. Linville authored
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
      f5237f27
    • Will Deacon's avatar
      ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is aligned · 79d1f5c9
      Will Deacon authored
      We have received multiple reports of mmap failures when running with a
      2:2 vm split. These manifest as either -EINVAL with a non page-aligned
      address (ending 0xaaa) or a SEGV, depending on the application. The
      issue is commonly observed in children of make, which appears to use
      bottom-up mmap (assumedly because it changes the stack rlimit).
      
      Further investigation reveals that this regression was triggered by
      394ef640 ("mm: use vm_unmapped_area() on arm architecture"), whereby
      TASK_UNMAPPED_BASE is no longer page-aligned for bottom-up mmap, causing
      get_unmapped_area to choke on misaligned addressed.
      
      This patch fixes the problem by defining TASK_UNMAPPED_BASE in terms of
      TASK_SIZE and explicitly aligns the result to 16M, matching the other
      end of the heap.
      Acked-by: default avatarNicolas Pitre <nico@linaro.org>
      Reported-by: default avatarSteve Capper <steve.capper@arm.com>
      Reported-by: default avatarJean-Francois Moine <moinejf@free.fr>
      Reported-by: default avatarChristoffer Dall <cdall@cs.columbia.edu>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      79d1f5c9
    • Russell King's avatar
      ARM: DMA mapping: fix bad atomic test · 633dc92a
      Russell King authored
      Realview fails to boot with this warning:
      BUG: spinlock lockup suspected on CPU#0, init/1
       lock: 0xcf8bde10, .magic: dead4ead, .owner: init/1, .owner_cpu: 0
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:cf8bde10 r5:cf83d1c0 r4:cf8bde10 r3:cf83d1c0
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c018926c>] (spin_dump+0x84/0x98)
      [<c01891e8>] (spin_dump+0x0/0x98) from [<c0189460>] (do_raw_spin_lock+0x100/0x198)
      [<c0189360>] (do_raw_spin_lock+0x0/0x198) from [<c032cbac>] (_raw_spin_lock+0x3c/0x44)
      [<c032cb70>] (_raw_spin_lock+0x0/0x44) from [<c01c9224>] (pl011_console_write+0xe8/0x11c)
      [<c01c913c>] (pl011_console_write+0x0/0x11c) from [<c002aea8>] (call_console_drivers.clone.7+0xdc/0x104)
      [<c002adcc>] (call_console_drivers.clone.7+0x0/0x104) from [<c002b320>] (console_unlock+0x2e8/0x454)
      [<c002b038>] (console_unlock+0x0/0x454) from [<c002b8b4>] (vprintk_emit+0x2d8/0x594)
      [<c002b5dc>] (vprintk_emit+0x0/0x594) from [<c0329718>] (printk+0x3c/0x44)
      [<c03296dc>] (printk+0x0/0x44) from [<c002929c>] (warn_slowpath_common+0x28/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0070ab0>] (lockdep_trace_alloc+0xd8/0xf0)
      [<c00709d8>] (lockdep_trace_alloc+0x0/0xf0) from [<c00c0850>] (kmem_cache_alloc+0x24/0x11c)
      [<c00c082c>] (kmem_cache_alloc+0x0/0x11c) from [<c00bb044>] (__get_vm_area_node.clone.24+0x7c/0x16c)
      [<c00bafc8>] (__get_vm_area_node.clone.24+0x0/0x16c) from [<c00bb7b8>] (get_vm_area_caller+0x48/0x54)
      [<c00bb770>] (get_vm_area_caller+0x0/0x54) from [<c0020064>] (__alloc_remap_buffer.clone.15+0x38/0xb8)
      [<c002002c>] (__alloc_remap_buffer.clone.15+0x0/0xb8) from [<c0020244>] (__dma_alloc+0x160/0x2c8)
      [<c00200e4>] (__dma_alloc+0x0/0x2c8) from [<c00204d8>] (arm_dma_alloc+0x88/0xa0)[<c0020450>] (arm_dma_alloc+0x0/0xa0) from [<c00beb00>] (dma_pool_alloc+0xcc/0x1a8)
      [<c00bea34>] (dma_pool_alloc+0x0/0x1a8) from [<c01a9d14>] (pl08x_fill_llis_for_desc+0x28/0x568)
      [<c01a9cec>] (pl08x_fill_llis_for_desc+0x0/0x568) from [<c01aab8c>] (pl08x_prep_slave_sg+0x258/0x3b0)
      [<c01aa934>] (pl08x_prep_slave_sg+0x0/0x3b0) from [<c01c9f74>] (pl011_dma_tx_refill+0x140/0x288)
      [<c01c9e34>] (pl011_dma_tx_refill+0x0/0x288) from [<c01ca748>] (pl011_start_tx+0xe4/0x120)
      [<c01ca664>] (pl011_start_tx+0x0/0x120) from [<c01c54a4>] (__uart_start+0x48/0x4c)
      [<c01c545c>] (__uart_start+0x0/0x4c) from [<c01c632c>] (uart_start+0x2c/0x3c)
      [<c01c6300>] (uart_start+0x0/0x3c) from [<c01c795c>] (uart_write+0xcc/0xf4)
      [<c01c7890>] (uart_write+0x0/0xf4) from [<c01b0384>] (n_tty_write+0x1c0/0x3e4)
      [<c01b01c4>] (n_tty_write+0x0/0x3e4) from [<c01acfe8>] (tty_write+0x144/0x240)
      [<c01acea4>] (tty_write+0x0/0x240) from [<c01ad17c>] (redirected_tty_write+0x98/0xac)
      [<c01ad0e4>] (redirected_tty_write+0x0/0xac) from [<c00c371c>] (vfs_write+0xbc/0x150)
      [<c00c3660>] (vfs_write+0x0/0x150) from [<c00c39c0>] (sys_write+0x4c/0x78)
      [<c00c3974>] (sys_write+0x0/0x78) from [<c0014460>] (ret_fast_syscall+0x0/0x3c)
      
      This happens because the DMA allocation code is not respecting atomic
      allocations correctly.
      
      GFP flags should not be tested for GFP_ATOMIC to determine if an
      atomic allocation is being requested.  GFP_ATOMIC is not a flag but
      a value.  The GFP bitmask flags are all prefixed with __GFP_.
      
      The rest of the kernel tests for __GFP_WAIT not being set to indicate
      an atomic allocation.  We need to do the same.
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      633dc92a
    • Russell King's avatar
      ARM: realview: ensure that we have sufficient IRQs available · e210101d
      Russell King authored
      Realview EB with a rev B MPcore tile results in lots of warnings at
      boot because it can't allocate enough IRQs.  Fix this by increasing
      the number of available IRQs.
      
      WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:757 gic_init_bases+0x12c/0x2ec()
      Cannot allocate irq_descs @ IRQ96, assuming pre-allocated
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002f5 r5:c042c62c r4:c044ff40 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029384>] (warn_slowpath_fmt+0x38/0x40)
      [<c002934c>] (warn_slowpath_fmt+0x0/0x40) from [<c042c62c>] (gic_init_bases+0x12c/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1c ]---
      ------------[ cut here ]------------
      WARNING: at /home/rmk/git/linux-rmk/kernel/irq/irqdomain.c:234 irq_domain_add_legacy+0x80/0x140()
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000000ea r5:c0081a38 r4:00000000 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0081a38>] (irq_domain_add_legacy+0x80/0x140)
      [<c00819b8>] (irq_domain_add_legacy+0x0/0x140) from [<c042c64c>] (gic_init_bases+0x14c/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1d ]---
      ------------[ cut here ]------------
      WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:762 gic_init_bases+0x170/0x2ec()
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002fa r5:c042c670 r4:00000000 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c042c670>] (gic_init_bases+0x170/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1e ]---
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      e210101d
    • Russell King's avatar
      ARM: GIC: fix GIC cpumask initialization · 2bb31351
      Russell King authored
      Punit Agrawal reports:
      > I was trying to boot 3.8-rc5 on Realview EB 11MPCore using
      > realview-smp_defconfig as a starting point but the kernel failed to
      > progress past the log below (config attached).
      >
      > Pawel suggested I try reverting 384a2902 - "ARM: gic: use a private
      > mapping for CPU target interfaces" that you've authored. With this
      > commit reverted the kernel boots.
      >
      > I am not quite sure why the commit breaks 11MPCore but Pawel (cc'd)
      > might be able to shed light on that.
      
      Some early GIC implementations return zero for the first distributor
      CPU routing register.  This means we can't rely on that telling us
      which CPU interface we're connected to.  We know that these platforms
      implement PPIs for IRQs 29-31 - but we shouldn't assume that these
      will always be populated.
      
      So, instead, scan for a non-zero CPU routing register in the first
      32 IRQs and use that as our CPU mask.
      Reported-by: default avatarPunit Agrawal <punit.agrawal@arm.com>
      Reviewed-by: default avatarNicolas Pitre <nico@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      2bb31351
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 2a1a6e7a
      Linus Torvalds authored
      Pull drm regression fix from Dave Airlie:
       "This one fixes a sleep while locked regression that was introduced
        earlier in 3.8."
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/ttm: fix fence locking in ttm_buffer_object_transfer, 2nd try
      2a1a6e7a
    • Lucas Stach's avatar
      net: usb: fix regression from FLAG_NOARP code · 9c79330d
      Lucas Stach authored
      In commit 6509141f ("usbnet: add new
      flag FLAG_NOARP for usb net devices"), the newly added flag NOARP was
      using an already defined value, which broke drivers using flag
      MULTI_PACKET.
      Signed-off-by: default avatarLucas Stach <dev@lynxeye.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c79330d
    • Eric Dumazet's avatar
      l2tp: dont play with skb->truesize · 87c084a9
      Eric Dumazet authored
      Andrew Savchenko reported a DNS failure and we diagnosed that
      some UDP sockets were unable to send more packets because their
      sk_wmem_alloc was corrupted after a while (tx_queue column in
      following trace)
      
      $ cat /proc/net/udp
        sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
      ...
        459: 00000000:0270 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4507 2 ffff88003d612380 0
        466: 00000000:0277 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4802 2 ffff88003d613180 0
        470: 076A070A:007B 00000000:0000 07 FFFF4600:00000000 00:00000000 00000000   123        0 5552 2 ffff880039974380 0
        470: 010213AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4986 2 ffff88003dbd3180 0
        470: 010013AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4985 2 ffff88003dbd2e00 0
        470: 00FCA8C0:007B 00000000:0000 07 FFFFFB00:00000000 00:00000000 00000000     0        0 4984 2 ffff88003dbd2a80 0
      ...
      
      Playing with skb->truesize is tricky, especially when
      skb is attached to a socket, as we can fool memory charging.
      
      Just remove this code, its not worth trying to be ultra
      precise in xmit path.
      Reported-by: default avatarAndrew Savchenko <bircoph@gmail.com>
      Tested-by: default avatarAndrew Savchenko <bircoph@gmail.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: James Chapman <jchapman@katalix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      87c084a9
    • David S. Miller's avatar
      Merge branch 'tg3' · b285109d
      David S. Miller authored
      Attention linux-next maintainer, you will hit a merge conflict between
      this merge and the mips tree, the resolution is to preserve the removal
      of uses of nvram_geenv() and nvram_parse_macaddr() from the net-next
      side.
      
      Hauke Mehrtens says:
      
      ====================
      These patches are adding support for the Ethernet core found in the
      BCM4705/BCM4785 SoC.
      
      This is based on current master of davem/net-next.git.
      
      v4:
       * move setting of DMA_RWCTRL_ONE_DMA
      
      v3:
       * combined first two patches into one patch
      
      v2:
       * use of struct sprom in ssb_gige_get_macaddr() instead of accessing
         the nvram directly
       * add return value to ssb_gige_get_macaddr()
       * try to read the mac address from ssb core before accessing the own
         registers.
       * fix two checkpatch warnings
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b285109d
    • Hauke Mehrtens's avatar
      tg3: add support for Ethernet core in bcm4785 · 7e6c63f0
      Hauke Mehrtens authored
      The BCM4785 or sometimes named BMC4705 is a Broadcom SoC which a
      Gigabit 5750 Ethernet core. The core is connected via PCI with the rest
      of the SoC, but it uses some extension.
      
      This core does not use a firmware or an eeprom.
      
      Some devices only have a switch which supports 100MBit/s, this
      currently does not work with this driver.
      
      This patch was original written by Michael Buesch <m@bues.ch> and is in
      OpenWrt for some years now.
      
      This was tested on a Linksys WRT610N V1 and older versions of this patch
      were tested by other people on different devices.
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Acked-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e6c63f0
    • Hauke Mehrtens's avatar
      tg3: make it possible to provide phy_id in ioctl · 5c358045
      Hauke Mehrtens authored
      In OpenWrt we currently use a switch driver which uses the ioctls to
      configure the switch in the phy. We have to provide the phy_id to do
      so, but without this patch this is not possible.
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Acked-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c358045
    • Hauke Mehrtens's avatar
      ssb: get mac address from sprom struct for gige driver · 180996c3
      Hauke Mehrtens authored
      The mac address is already stored in the sprom structure by the
      platform code of the SoC this Ethernet core is found on, it just has to
      be fetched from this structure instead of accessing the nvram here.
      This patch also adds a return value to indicate if a mac address could
      be fetched from the sprom structure.
      When CONFIG_SSB_DRIVER_GIGE is not set the header file now also declares
      ssb_gige_get_macaddr().
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Acked-by: default avatarMichael Buesch <m@bues.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      180996c3
    • Daniel Borkmann's avatar
      net: sctp: sctp_auth_make_key_vector: remove duplicate ntohs calls · 241448c2
      Daniel Borkmann authored
      Instead of calling 3 times ntohs(random->param_hdr.length), 2 times
      ntohs(hmacs->param_hdr.length), and 3 times ntohs(chunks->param_hdr.length)
      within the same function, we only call each once and store it in a
      variable.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      241448c2
    • Daniel Borkmann's avatar
      net: sctp: sctp_auth_key_put: use kzfree instead of kfree · 586c31f3
      Daniel Borkmann authored
      For sensitive data like keying material, it is common practice to zero
      out keys before returning the memory back to the allocator. Thus, use
      kzfree instead of kfree.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      586c31f3
    • David S. Miller's avatar
      Merge branch 'fixes' of... · 6cddded4
      David S. Miller authored
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch into openvswitch
      
      Jesse Gross says:
      
      ====================
      One bug fix for net/3.8 for a long standing problem that was reported a few
      times recently.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6cddded4
    • Frank Li's avatar
      net: fec: fix spin_lock dead lock · 85bd1798
      Frank Li authored
      =========================================================
      [ INFO: possible irq lock inversion dependency detected ]
      3.8.0-rc5+ #82 Not tainted
      ---------------------------------------------------------
      swapper/0/0 just changed the state of lock:
       (&(&fep->hw_lock)->rlock){..-...}, at: [<8034e2f8>] fec_enet_start_xmit+0x48/0x                      2cc
      but this lock took another, SOFTIRQ-unsafe lock in the past:
      (prepare_lock){+.+.+.}
      
      and interrupts could create inverse lock ordering between them.
      other info that might help us debug this:
      Possible interrupt unsafe locking scenario:
      
      CPU0				CPU1
      ----				----
      lock(prepare_lock);
      				local_irq_disable()
      				lock(&(&fep->hw_lock)->rlock);
      				lock(prepare_lock);
      <Interrupt>
      lock(&(&fep->hw_lock)->rlock);
      
      *** DEADLOCK ***
      Signed-off-by: default avatarFrank Li <Frank.Li@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      85bd1798
    • Frank Li's avatar
      net: fec: correct fix method about miss init spinlock · 365cc174
      Frank Li authored
      Old method will cause init spinlock twice.
      New method will avoid init spinlock twice and fix miss init spinlock
      at fec_restart.
      
      BUG: spinlock bad magic on CPU#1, swapper/0/1
      lock: 0xbfae0f8c, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
      Backtrace:
       [<80011d54>] (dump_backtrace+0x0/0x10c) from [<804e7800>] (dump_stack+0x18/0x1c)
       r6:bfae0000 r5:bfae0f8c r4:00000000 r3:806c1310
       [<804e77e8>] (dump_stack+0x0/0x1c) from [<804e9f20>] (spin_dump+0x80/0x94)
       [<804e9ea0>] (spin_dump+0x0/0x94) from [<804e9f60>] (spin_bug+0x2c/0x30)
       r5:805f6f8c r4:bfae0f8c
       [<804e9f34>] (spin_bug+0x0/0x30) from [<80257984>] (do_raw_spin_lock+0x170/0x1b0                                         )
       r5:806b4950 r4:bfae0f8c
       [<80257814>] (do_raw_spin_lock+0x0/0x1b0) from [<804ed15c>] (_raw_spin_lock_irqs                                         ave+0x18/0x20)
       [<804ed144>] (_raw_spin_lock_irqsave+0x0/0x20) from [<8033c694>] (fec_ptp_start_                                         cyclecounter+0x3c/0x120)
       r4:bfae0f8c r3:00000002
       [<8033c658>] (fec_ptp_start_cyclecounter+0x0/0x120) from [<80339e08>] (fec_resta                                         rt+0x56c/0x5f8)
       r8:00000000 r7:806e6f48 r6:00000112 r5:806b4950 r4:bfae0000
       [<8033989c>] (fec_restart+0x0/0x5f8) from [<8033b9e4>] (fec_probe+0x508/0xa48)
      Signed-off-by: default avatarFrank Li <Frank.Li@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      365cc174
    • Tom Herbert's avatar
      mlx4_en: Fix BQL reset TX queue call point · 41b74920
      Tom Herbert authored
      Fix issue in Mellanox driver related to BQL.  netdev_tx_reset_queue
      was not being called in certain situations where the device was
      being start and stopped.  Moved netdev_tx_reset_queue from the reset
      device path to mlx4_en_free_tx_buf which is where the rings are
      cleaned in a reset (specifically from device being stopped).
      Signed-off-by: default avatarTom Herbert <therbert@google.com>
      Acked-By: default avatarAmir Vadai <amirv@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      41b74920
    • David S. Miller's avatar
      Merge branch 'netback' · 0c35565b
      David S. Miller authored
      Ian Campbell says:
      
      ====================
      The Xen netback implementation contains a couple of flaws which can
      allow a guest to cause a DoS in the backend domain, potentially
      affecting other domains in the system.
      
      CVE-2013-0216 is a failure to sanity check the ring producer/consumer
      pointers which can allow a guest to cause netback to loop for an
      extended period preventing other work from occurring.
      
      CVE-2013-0217 is a memory leak on an error path which is guest
      triggerable.
      
      The following series contains the fixes for these issues, as previously
      included in Xen Security Advisory 39:
      http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
      
      Changes in v2:
       - Typo and block comment format fixes
       - Added stable Cc
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c35565b
    • Ian Campbell's avatar