1. 11 Jun, 2015 6 commits
    • Govindarajulu Varadarajan's avatar
      enic: fix memory leak in rq_clean · 8b13b4e0
      Govindarajulu Varadarajan authored
      When incoming packet qualifies for rx_copybreak, we copy the data to newly
      allocated skb. We do not free/unmap the original buffer. At this point driver
      assumes this buffer is unallocated. When enic_rq_alloc_buf() is called for
      buffer allocation, it checks if buf->os_buf is NULL. If its not NULL that means
      buffer can be re-used.
      
      When vnic_rq_clean() is called for freeing all rq buffers, and if the
      rx_copybreak reused buffer falls outside the used desc, we do not free the
      buffer. The following trace is observer when dma-debug is enabled.
      
      Fix is to walk through complete ring and clean if buffer is present.
      
      [   40.555386] ------------[ cut here ]------------
      [   40.555396] WARNING: CPU: 0 PID: 491 at lib/dma-debug.c:971 dma_debug_device_change+0x188/0x1f0()
      [   40.555400] pci 0000:06:00.0: DMA-API: device driver has pending DMA allocations while released from device [count=4]
                     One of leaked entries details: [device address=0x00000000ff4cc040] [size=9018 bytes] [mapped with DMA_FROM_DEVICE] [mapped as single]
      [   40.555402] Modules linked in: nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw joydev mousedev gf128mul hid_generic glue_helper mgag200 usbhid ttm hid drm_kms_helper drm ablk_helper syscopyarea sysfillrect sysimgblt i2c_algo_bit i2c_core iTCO_wdt cryptd mac_hid evdev pcspkr sb_edac edac_core tpm_tis iTCO_vendor_support ipmi_si wmi tpm ipmi_msghandler shpchp lpc_ich processor acpi_power_meter hwmon button ac sch_fq_codel nfs lockd grace sunrpc fscache sd_mod ehci_pci ehci_hcd megaraid_sas usbcore scsi_mod usb_common enic(-) crc32c_generic crc32c_intel btrfs xor raid6_pq ext4 crc16 mbcache jbd2
      [   40.555467] CPU: 0 PID: 491 Comm: rmmod Not tainted 4.1.0-rc7-ARCH-01305-gf59b71f #118
      [   40.555469] Hardware name: Cisco Systems Inc UCSB-B200-M4/UCSB-B200-M4, BIOS B200M4.2.2.2.23.061220140128 06/12/2014
      [   40.555471]  0000000000000000 00000000e2f8a5b7 ffff880275f8bc48 ffffffff8158d6f0
      [   40.555474]  0000000000000000 ffff880275f8bca0 ffff880275f8bc88 ffffffff8107b04a
      [   40.555477]  ffff8802734e0000 0000000000000004 ffff8804763fb3c0 ffff88027600b650
      [   40.555480] Call Trace:
      [   40.555488]  [<ffffffff8158d6f0>] dump_stack+0x4f/0x7b
      [   40.555492]  [<ffffffff8107b04a>] warn_slowpath_common+0x8a/0xc0
      [   40.555494]  [<ffffffff8107b0d5>] warn_slowpath_fmt+0x55/0x70
      [   40.555498]  [<ffffffff812fa408>] dma_debug_device_change+0x188/0x1f0
      [   40.555503]  [<ffffffff8109aaef>] notifier_call_chain+0x4f/0x80
      [   40.555506]  [<ffffffff8109aecb>] __blocking_notifier_call_chain+0x4b/0x70
      [   40.555510]  [<ffffffff8109af06>] blocking_notifier_call_chain+0x16/0x20
      [   40.555514]  [<ffffffff813f8066>] __device_release_driver+0xf6/0x120
      [   40.555518]  [<ffffffff813f8b08>] driver_detach+0xc8/0xd0
      [   40.555523]  [<ffffffff813f7c59>] bus_remove_driver+0x59/0xe0
      [   40.555527]  [<ffffffff813f93a0>] driver_unregister+0x30/0x70
      [   40.555534]  [<ffffffff8131532d>] pci_unregister_driver+0x2d/0xa0
      [   40.555542]  [<ffffffffa0200ec2>] enic_cleanup_module+0x10/0x14e [enic]
      [   40.555547]  [<ffffffff8110158f>] SyS_delete_module+0x1cf/0x280
      [   40.555551]  [<ffffffff811e284e>] ? ____fput+0xe/0x10
      [   40.555554]  [<ffffffff810980ec>] ? task_work_run+0xbc/0xf0
      [   40.555558]  [<ffffffff815930ee>] system_call_fastpath+0x12/0x71
      [   40.555561] ---[ end trace 4988cadc77c2b236 ]---
      [   40.555562] Mapped at:
      [   40.555563]  [<ffffffff812fa865>] debug_dma_map_page+0x95/0x150
      [   40.555566]  [<ffffffffa01f4a88>] enic_rq_alloc_buf+0x1b8/0x360 [enic]
      [   40.555570]  [<ffffffffa01f7658>] enic_open+0xf8/0x820 [enic]
      [   40.555574]  [<ffffffff8148d50e>] __dev_open+0xce/0x150
      [   40.555579]  [<ffffffff8148d851>] __dev_change_flags+0xa1/0x170
      Signed-off-by: default avatarGovindarajulu Varadarajan <_govind@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b13b4e0
    • Govindarajulu Varadarajan's avatar
      enic: check return value for stat dump · 19b596bd
      Govindarajulu Varadarajan authored
      We do not check the return value of enic_dev_stats_dump(). If allocation
      fails, we will hit NULL pointer reference.
      
      Return only if memory allocation fails. For other failures, we return the
      previously recorded values.
      Signed-off-by: default avatarGovindarajulu Varadarajan <_govind@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      19b596bd
    • Govindarajulu Varadarajan's avatar
      enic: unlock napi busy poll before unmasking intr · 6286e828
      Govindarajulu Varadarajan authored
      There is a small window between vnic_intr_unmask() and enic_poll_unlock_napi().
      In this window if an irq occurs and napi is scheduled on different cpu, it tries
      to acquire enic_poll_lock_napi() and hits the following WARN_ON message.
      
      Fix is to unlock napi_poll before unmasking the interrupt.
      
      [  781.121746] ------------[ cut here ]------------
      [  781.121789] WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/cisco/enic/vnic_rq.h:228 enic_poll_msix_rq+0x36a/0x3c0 [enic]()
      [  781.121834] Modules linked in: nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 dns_resolver coretemp intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel mgag200 ttm drm_kms_helper joydev aes_x86_64 lrw drm gf128mul mousedev glue_helper sb_edac ablk_helper iTCO_wdt iTCO_vendor_support evdev ipmi_si syscopyarea sysfillrect sysimgblt i2c_algo_bit i2c_core edac_core lpc_ich mac_hid cryptd pcspkr ipmi_msghandler shpchp tpm_tis acpi_power_meter tpm wmi processor hwmon button ac sch_fq_codel nfs lockd grace sunrpc fscache hid_generic usbhid hid ehci_pci ehci_hcd sd_mod megaraid_sas usbcore scsi_mod usb_common enic crc32c_generic crc32c_intel btrfs xor raid6_pq ext4 crc16 mbcache jbd2
      [  781.122176] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.1.0-rc6-ARCH-00040-gc46a024e-dirty #106
      [  781.122210] Hardware name: Cisco Systems Inc UCSB-B200-M4/UCSB-B200-M4, BIOS B200M4.2.2.2.23.061220140128 06/12/2014
      [  781.122252]  0000000000000000 bddbbc9d655ec96e ffff880277e43da8 ffffffff81583fe8
      [  781.122286]  0000000000000000 0000000000000000 ffff880277e43de8 ffffffff8107acfa
      [  781.122319]  ffff880272c01000 ffff880273f18000 ffff880273f1a100 0000000000000000
      [  781.122352] Call Trace:
      [  781.122364]  <IRQ>  [<ffffffff81583fe8>] dump_stack+0x4f/0x7b
      [  781.122399]  [<ffffffff8107acfa>] warn_slowpath_common+0x8a/0xc0
      [  781.122425]  [<ffffffff8107ae2a>] warn_slowpath_null+0x1a/0x20
      [  781.122455]  [<ffffffffa01fa9ca>] enic_poll_msix_rq+0x36a/0x3c0 [enic]
      [  781.122487]  [<ffffffff8148525a>] net_rx_action+0x22a/0x370
      [  781.122512]  [<ffffffff8107ed3d>] __do_softirq+0xed/0x2d0
      [  781.122537]  [<ffffffff8107f06e>] irq_exit+0x7e/0xa0
      [  781.122560]  [<ffffffff8158c424>] do_IRQ+0x64/0x100
      [  781.122582]  [<ffffffff8158a42e>] common_interrupt+0x6e/0x6e
      [  781.122605]  <EOI>  [<ffffffff810bd331>] ? cpu_startup_entry+0x121/0x480
      [  781.122638]  [<ffffffff810bd2fc>] ? cpu_startup_entry+0xec/0x480
      [  781.122667]  [<ffffffff810f2ed3>] ? clockevents_register_device+0x113/0x1f0
      [  781.122698]  [<ffffffff81050ab6>] start_secondary+0x196/0x1e0
      [  781.122723] ---[ end trace cec2e9dd3af7b9db ]---
      Signed-off-by: default avatarGovindarajulu Varadarajan <_govind@gmx.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6286e828
    • Mel Gorman's avatar
      net, swap: Remove a warning and clarify why sk_mem_reclaim is required when deactivating swap · 5d753610
      Mel Gorman authored
      Jeff Layton reported the following;
      
       [   74.232485] ------------[ cut here ]------------
       [   74.233354] WARNING: CPU: 2 PID: 754 at net/core/sock.c:364 sk_clear_memalloc+0x51/0x80()
       [   74.234790] Modules linked in: cts rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache xfs libcrc32c snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device nfsd snd_pcm snd_timer snd e1000 ppdev parport_pc joydev parport pvpanic soundcore floppy serio_raw i2c_piix4 pcspkr nfs_acl lockd virtio_balloon acpi_cpufreq auth_rpcgss grace sunrpc qxl drm_kms_helper ttm drm virtio_console virtio_blk virtio_pci ata_generic virtio_ring pata_acpi virtio
       [   74.243599] CPU: 2 PID: 754 Comm: swapoff Not tainted 4.1.0-rc6+ #5
       [   74.244635] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
       [   74.245546]  0000000000000000 0000000079e69e31 ffff8800d066bde8 ffffffff8179263d
       [   74.246786]  0000000000000000 0000000000000000 ffff8800d066be28 ffffffff8109e6fa
       [   74.248175]  0000000000000000 ffff880118d48000 ffff8800d58f5c08 ffff880036e380a8
       [   74.249483] Call Trace:
       [   74.249872]  [<ffffffff8179263d>] dump_stack+0x45/0x57
       [   74.250703]  [<ffffffff8109e6fa>] warn_slowpath_common+0x8a/0xc0
       [   74.251655]  [<ffffffff8109e82a>] warn_slowpath_null+0x1a/0x20
       [   74.252585]  [<ffffffff81661241>] sk_clear_memalloc+0x51/0x80
       [   74.253519]  [<ffffffffa0116c72>] xs_disable_swap+0x42/0x80 [sunrpc]
       [   74.254537]  [<ffffffffa01109de>] rpc_clnt_swap_deactivate+0x7e/0xc0 [sunrpc]
       [   74.255610]  [<ffffffffa03e4fd7>] nfs_swap_deactivate+0x27/0x30 [nfs]
       [   74.256582]  [<ffffffff811e99d4>] destroy_swap_extents+0x74/0x80
       [   74.257496]  [<ffffffff811ecb52>] SyS_swapoff+0x222/0x5c0
       [   74.258318]  [<ffffffff81023f27>] ? syscall_trace_leave+0xc7/0x140
       [   74.259253]  [<ffffffff81798dae>] system_call_fastpath+0x12/0x71
       [   74.260158] ---[ end trace 2530722966429f10 ]---
      
      The warning in question was unnecessary but with Jeff's series the rules
      are also clearer.  This patch removes the warning and updates the comment
      to explain why sk_mem_reclaim() may still be called.
      
      [jlayton: remove if (sk->sk_forward_alloc) conditional. As Leon
                points out that it's not needed.]
      
      Cc: Leon Romanovsky <leon@leon.nu>
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Signed-off-by: default avatarJeff Layton <jeff.layton@primarydata.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5d753610
    • Nikolay Aleksandrov's avatar
      bridge: fix multicast router rlist endless loop · 1a040eac
      Nikolay Aleksandrov authored
      Since the addition of sysfs multicast router support if one set
      multicast_router to "2" more than once, then the port would be added to
      the hlist every time and could end up linking to itself and thus causing an
      endless loop for rlist walkers.
      So to reproduce just do:
      echo 2 > multicast_router; echo 2 > multicast_router;
      in a bridge port and let some igmp traffic flow, for me it hangs up
      in br_multicast_flood().
      Fix this by adding a check in br_multicast_add_router() if the port is
      already linked.
      The reason this didn't happen before the addition of multicast_router
      sysfs entries is because there's a !hlist_unhashed check that prevents
      it.
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Fixes: 0909e117 ("bridge: Add multicast_router sysfs entries")
      Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a040eac
    • Erik Hugne's avatar
      tipc: disconnect socket directly after probe failure · b3be5e3e
      Erik Hugne authored
      If the TIPC connection timer expires in a probing state, a
      self abort message is supposed to be generated and delivered
      to the local socket. This is currently broken, and the abort
      message is actually sent out to the peer node with invalid
      addressing information. This will cause the link to enter
      a constant retransmission state and eventually reset.
      We fix this by removing the self-abort message creation and
      tear down connection immediately instead.
      Signed-off-by: default avatarErik Hugne <erik.hugne@ericsson.com>
      Reviewed-by: default avatarYing Xue <ying.xue@windriver.com>
      Reviewed-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b3be5e3e
  2. 10 Jun, 2015 1 commit
  3. 09 Jun, 2015 2 commits
    • Johannes Berg's avatar
      cfg80211: wext: clear sinfo struct before calling driver · 9c5a18a3
      Johannes Berg authored
      Until recently, mac80211 overwrote all the statistics it could
      provide when getting called, but it now relies on the struct
      having been zeroed by the caller. This was always the case in
      nl80211, but wext used a static struct which could even cause
      values from one device leak to another.
      
      Using a static struct is OK (as even documented in a comment)
      since the whole usage of this function and its return value is
      always locked under RTNL. Not clearing the struct for calling
      the driver has always been wrong though, since drivers were
      free to only fill values they could report, so calling this
      for one device and then for another would always have leaked
      values from one to the other.
      
      Fix this by initializing the structure in question before the
      driver method call.
      
      This fixes https://bugzilla.kernel.org/show_bug.cgi?id=99691
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarGerrit Renker <gerrit@erg.abdn.ac.uk>
      Reported-by: default avatarAlexander Kaltsas <alexkaltsas@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c5a18a3
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 5879ae5f
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix stack allocation in s390 BPF JIT, from Michael Holzheu.
      
       2) Disable LRO on openvswitch paths, from Jiri Benc.
      
       3) UDP early demux doesn't handle multicast group membership properly,
          fix from Shawn Bohrer.
      
       4) Fix TX queue hang due to incorrect handling of mixed sized fragments
          and linearlization in i40e driver, from Anjali Singhai Jain.
      
       5) Cannot use disable_irq() in timer handler of AMD xgbe driver, from
          Thomas Lendacky.
      
       6) b2net driver improperly assumes pci_alloc_consistent() gives zero'd
          out memory, use dma_zalloc_coherent().  From Sriharsha Basavapatna.
      
       7) Fix use-after-free in MPLS and ipv6, from Robert Shearman.
      
       8) Missing neif_napi_del() calls in cleanup paths of b44 driver, from
          Hauke Mehrtens.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        net: replace last open coded skb_orphan_frags with function call
        net: bcmgenet: power on MII block for all MII modes
        ipv6: Fix protocol resubmission
        ipv6: fix possible use after free of dev stats
        b44: call netif_napi_del()
        bridge: disable softirqs around br_fdb_update to avoid lockup
        Revert "bridge: use _bh spinlock variant for br_fdb_update to avoid lockup"
        mpls: fix possible use after free of device
        be2net: Replace dma/pci_alloc_coherent() calls with dma_zalloc_coherent()
        bridge: use _bh spinlock variant for br_fdb_update to avoid lockup
        amd-xgbe: Use disable_irq_nosync from within timer function
        rhashtable: add missing import <linux/export.h>
        i40e: Make sure to be in VEB mode if SRIOV is enabled at probe
        i40e: start up in VEPA mode by default
        i40e/i40evf: Fix mixed size frags and linearization
        ipv4/udp: Verify multicast group is ours in upd_v4_early_demux()
        openvswitch: disable LRO
        s390/bpf: fix bpf frame pointer setup
        s390/bpf: fix stack allocation
      5879ae5f
  4. 08 Jun, 2015 15 commits
  5. 07 Jun, 2015 10 commits
  6. 06 Jun, 2015 6 commits