1. 28 Jun, 2016 9 commits
    • Aaron Campbell's avatar
      connector: fix out-of-order cn_proc netlink message delivery · ab8ed951
      Aaron Campbell authored
      The proc connector messages include a sequence number, allowing userspace
      programs to detect lost messages.  However, performing this detection is
      currently more difficult than necessary, since netlink messages can be
      delivered to the application out-of-order.  To fix this, leave pre-emption
      disabled during cn_netlink_send(), and use GFP_NOWAIT.
      
      The following was written as a test case.  Building the kernel w/ make -j32
      proved a reliable way to generate out-of-order cn_proc messages.
      
      int
      main(int argc, char *argv[])
      {
      	static uint32_t last_seq[CPU_SETSIZE], seq;
      	int cpu, fd;
      	struct sockaddr_nl sa;
      	struct __attribute__((aligned(NLMSG_ALIGNTO))) {
      		struct nlmsghdr nl_hdr;
      		struct __attribute__((__packed__)) {
      			struct cn_msg cn_msg;
      			struct proc_event cn_proc;
      		};
      	} rmsg;
      	struct __attribute__((aligned(NLMSG_ALIGNTO))) {
      		struct nlmsghdr nl_hdr;
      		struct __attribute__((__packed__)) {
      			struct cn_msg cn_msg;
      			enum proc_cn_mcast_op cn_mcast;
      		};
      	} smsg;
      
      	fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
      	if (fd < 0) {
      		perror("socket");
      	}
      
      	sa.nl_family = AF_NETLINK;
      	sa.nl_groups = CN_IDX_PROC;
      	sa.nl_pid = getpid();
      	if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
      		perror("bind");
      	}
      
      	memset(&smsg, 0, sizeof(smsg));
      	smsg.nl_hdr.nlmsg_len = sizeof(smsg);
      	smsg.nl_hdr.nlmsg_pid = getpid();
      	smsg.nl_hdr.nlmsg_type = NLMSG_DONE;
      	smsg.cn_msg.id.idx = CN_IDX_PROC;
      	smsg.cn_msg.id.val = CN_VAL_PROC;
      	smsg.cn_msg.len = sizeof(enum proc_cn_mcast_op);
      	smsg.cn_mcast = PROC_CN_MCAST_LISTEN;
      	if (send(fd, &smsg, sizeof(smsg), 0) != sizeof(smsg)) {
      		perror("send");
      	}
      
      	while (recv(fd, &rmsg, sizeof(rmsg), 0) == sizeof(rmsg)) {
      		cpu = rmsg.cn_proc.cpu;
      		if (cpu < 0) {
      			continue;
      		}
      		seq = rmsg.cn_msg.seq;
      		if ((last_seq[cpu] != 0) && (seq != last_seq[cpu] + 1)) {
      			printf("out-of-order seq=%d on cpu=%d\n", seq, cpu);
      		}
      		last_seq[cpu] = seq;
      	}
      
      	/* NOTREACHED */
      
      	perror("recv");
      
      	return -1;
      }
      Signed-off-by: default avatarAaron Campbell <aaron@monkey.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab8ed951
    • daniel's avatar
      Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address · 0888d5f3
      daniel authored
      The bridge is falsly dropping ipv6 mulitcast packets if there is:
       1. No ipv6 address assigned on the brigde.
       2. No external mld querier present.
       3. The internal querier enabled.
      
      When the bridge fails to build mld queries, because it has no
      ipv6 address, it slilently returns, but keeps the local querier enabled.
      This specific case causes confusing packet loss.
      
      Ipv6 multicast snooping can only work if:
       a) An external querier is present
       OR
       b) The bridge has an ipv6 address an is capable of sending own queries
      
      Otherwise it has to forward/flood the ipv6 multicast traffic,
      because snooping cannot work.
      
      This patch fixes the issue by adding a flag to the bridge struct that
      indicates that there is currently no ipv6 address assinged to the bridge
      and returns a false state for the local querier in
      __br_multicast_querier_exists().
      
      Special thanks to Linus Lüssing.
      
      Fixes: d1d81d4c ("bridge: check return value of ipv6_dev_get_saddr()")
      Signed-off-by: default avatarDaniel Danzberger <daniel@dd-wrt.com>
      Acked-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0888d5f3
    • Wang Sheng-Hui's avatar
      net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create · f299a02d
      Wang Sheng-Hui authored
      Commit 311c7c71 ("net/mlx5e: Allocate DMA coherent memory on
      reader NUMA node") introduced mlx5_*_alloc_node() but missed changing
      some calling and warn messages. This patch introduces 2 changes:
      	* Use mlx5_buf_alloc_node() instead of mlx5_buf_alloc() in
      	  mlx5_wq_ll_create()
      	* Update the failure warn messages with _node postfix for
      	  mlx5_*_alloc function names
      
      Fixes: 311c7c71 ("net/mlx5e: Allocate DMA coherent memory on reader NUMA node")
      Signed-off-by: default avatarWang Sheng-Hui <shhuiw@foxmail.com>
      Acked-By: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f299a02d
    • David S. Miller's avatar
      Merge branch 'bgmac-fixes' · d1b5a8da
      David S. Miller authored
      Florian Fainelli says:
      
      ====================
      net: bgmac: Random fixes
      
      This patch series fixes a few issues spotted by code inspection and
      actual testing.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1b5a8da
    • Florian Fainelli's avatar
      net: bgmac: Remove superflous netif_carrier_on() · 3894396e
      Florian Fainelli authored
      bgmac_open() calls phy_start() to initialize the PHY state machine,
      which will set the interface's carrier state accordingly, no need to
      force that as this could be conflicting with the PHY state determined by
      PHYLIB.
      
      Fixes: dd4544f0 ("bgmac: driver for GBit MAC core on BCMA bus")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3894396e
    • Florian Fainelli's avatar
      net: bgmac: Start transmit queue in bgmac_open · c3897f2a
      Florian Fainelli authored
      The driver does not start the transmit queue in bgmac_open(). If the
      queue was stopped prior to closing then re-opening the interface, we
      would never be able to wake-up again.
      
      Fixes: dd4544f0 ("bgmac: driver for GBit MAC core on BCMA bus")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c3897f2a
    • Florian Fainelli's avatar
      net: bgmac: Fix SOF bit checking · d2b13233
      Florian Fainelli authored
      We are checking for the Start of Frame bit in the ctl1 word, while this
      bit is set in the ctl0 word instead. Read the ctl0 word and update the
      check to verify that.
      
      Fixes: 9cde9450 ("bgmac: implement scatter/gather support")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2b13233
    • Jay Vosburgh's avatar
      bonding: fix 802.3ad aggregator reselection · 0622cab0
      Jay Vosburgh authored
      Since commit 7bb11dc9 ("bonding: unify all places where
      actor-oper key needs to be updated."), the logic in bonding to handle
      selection between multiple aggregators has not functioned.
      
      	This affects only configurations wherein the bonding slaves
      connect to two discrete aggregators (e.g., two independent switches, each
      with LACP enabled), thus creating two separate aggregation groups within a
      single bond.
      
      	The cause is a change in 7bb11dc9 to no longer set
      AD_PORT_BEGIN on a port after a link state change, which would cause the
      port to be reselected for attachment to an aggregator as if were newly
      added to the bond.  We cannot restore the prior behavior, as it
      contradicts IEEE 802.1AX 5.4.12, which requires ports that "become
      inoperable" (lose carrier, setting port_enabled=false as per 802.1AX
      5.4.7) to remain selected (i.e., assigned to the aggregator).  As the port
      now remains selected, the aggregator selection logic is not invoked.
      
      	A side effect of this change is that aggregators in bonding will
      now contain ports that are link down.  The aggregator selection logic
      does not currently handle this situation correctly, causing incorrect
      aggregator selection.
      
      	This patch makes two changes to repair the aggregator selection
      logic in bonding to function as documented and within the confines of the
      standard:
      
      	First, the aggregator selection and related logic now utilizes the
      number of active ports per aggregator, not the number of selected ports
      (as some selected ports may be down).  The ad_select "bandwidth" and
      "count" options only consider ports that are link up.
      
      	Second, on any carrier state change of any slave, the aggregator
      selection logic is explicitly called to insure the correct aggregator is
      active.
      Reported-by: default avatarVeli-Matti Lintu <veli-matti.lintu@opinsys.fi>
      Fixes: 7bb11dc9 ("bonding: unify all places where actor-oper key needs to be updated.")
      Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0622cab0
    • Tom Goff's avatar
      ipmr/ip6mr: Initialize the last assert time of mfc entries. · 70a0dec4
      Tom Goff authored
      This fixes wrong-interface signaling on 32-bit platforms for entries
      created when jiffies > 2^31 + MFC_ASSERT_THRESH.
      Signed-off-by: default avatarTom Goff <thomas.goff@ll.mit.edu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      70a0dec4
  2. 27 Jun, 2016 4 commits
  3. 23 Jun, 2016 11 commits
  4. 22 Jun, 2016 7 commits
    • David S. Miller's avatar
      Merge branch 'mlx4-fixes' · acd43fe8
      David S. Miller authored
      Tariq Toukan says:
      
      ====================
      mlx4_en fixes for 4.7-rc
      
      This small patchset includes two small fixes for mlx4_en driver.
      
      One allows a clean shutdown even when clients do not release their
      netdev reference.
      The other adds error return values to the VLAN VID add/kill functions.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      acd43fe8
    • Eran Ben Elisha's avatar
      net/mlx4_en: Avoid unregister_netdev at shutdown flow · 9d769311
      Eran Ben Elisha authored
      This allows a clean shutdown, even if some netdev clients do not
      release their reference from this netdev. It is enough to release
      the HW resources only as the kernel is shutting down.
      
      Fixes: 2ba5fbd6 ('net/mlx4_core: Handle AER flow properly')
      Signed-off-by: default avatarEran Ben Elisha <eranbe@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d769311
    • Kamal Heib's avatar
      net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill · 93c098af
      Kamal Heib authored
      Modify mlx4_en_vlan_rx_[add/kill]_vid to return error value in case of
      failure.
      
      Fixes: 8e586137 ('net: make vlan ndo_vlan_rx_[add/kill]_vid return error value')
      Signed-off-by: default avatarKamal Heib <kamalh@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93c098af
    • Jon Paul Maloy's avatar
      tipc: unclone unbundled buffers before forwarding · 27777daa
      Jon Paul Maloy authored
      When extracting an individual message from a received "bundle" buffer,
      we just create a clone of the base buffer, and adjust it to point into
      the right position of the linearized data area of the latter. This works
      well for regular message reception, but during periods of extremely high
      load it may happen that an extracted buffer, e.g, a connection probe, is
      reversed and forwarded through an external interface while the preceding
      extracted message is still unhandled. When this happens, the header or
      data area of the preceding message will be partially overwritten by a
      MAC header, leading to unpredicatable consequences, such as a link
      reset.
      
      We now fix this by ensuring that the msg_reverse() function never
      returns a cloned buffer, and that the returned buffer always contains
      sufficient valid head and tail room to be forwarded.
      Reported-by: default avatarErik Hugne <erik.hugne@gmail.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27777daa
    • Jiri Slaby's avatar
      kcm: fix /proc memory leak · d19af0a7
      Jiri Slaby authored
      Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by
      kmemleak:
      unreferenced object 0xffff88059c0e3458 (size 192):
        comm "cat", pid 1401, jiffies 4294935742 (age 310.720s)
        hex dump (first 32 bytes):
          28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00  (Eq.............
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<ffffffff8156a2de>] kmem_cache_alloc_trace+0x16e/0x230
          [<ffffffff8162a479>] seq_open+0x79/0x1d0
          [<ffffffffa0578510>] kcm_seq_open+0x0/0x30 [kcm]
          [<ffffffff8162a479>] seq_open+0x79/0x1d0
          [<ffffffff8162a8cf>] __seq_open_private+0x2f/0xa0
          [<ffffffff81712548>] seq_open_net+0x38/0xa0
      ...
      
      It is caused by a missing free in the ->release path. So fix it by
      providing seq_release_net as the ->release method.
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Fixes: cd6e111b (kcm: Add statistics and proc interfaces)
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Tom Herbert <tom@herbertland.com>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d19af0a7
    • Ido Schimmel's avatar
      team: Fix possible deadlock during team enslave · 942f64c4
      Ido Schimmel authored
      Both dev_uc_sync_multiple() and dev_mc_sync_multiple() require the
      source device to be locked by netif_addr_lock_bh(), but this is missing
      in team's enslave function, so add it.
      
      This fixes the following lockdep warning:
      
      Possible interrupt unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(_xmit_ETHER/1);
                                      local_irq_disable();
                                      lock(&(&mc->mca_lock)->rlock);
                                      lock(&team_netdev_addr_lock_key);
         <Interrupt>
           lock(&(&mc->mca_lock)->rlock);
      
        *** DEADLOCK ***
      
      Fixes: cb41c997 ("team: team should sync the port's uc/mc addrs when add a port")
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      942f64c4
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.7-20160620' of... · 6b65ca06
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.7-20160620' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2016-06-20
      
      this is a pull request of 3 patches for the upcoming linux-4.7 release.
      
      The first patch is by Thor Thayer for the c_can/d_can driver. It fixes the
      registar access on Altera Cyclone devices, which caused CAN frames to have 0x0
      in the first two bytes incorrectly. Wolfgang Grandegger's patch for the at91
      driver fixes a hanging driver under high bus load situations. A patch for the
      gs_usb driver by Maximilian Schneider adds support for the bytewerk.org
      candleLight interface.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6b65ca06
  5. 20 Jun, 2016 3 commits
  6. 19 Jun, 2016 6 commits