1. 19 Nov, 2014 5 commits
    • Anish Bhatt's avatar
      cxgb4i : Don't block unload/cxgb4 unload when remote closes TCP connection · ee7255ad
      Anish Bhatt authored
      cxgb4i was returning wrong error and not releasing module reference if remote
      end abruptly closed TCP connection. This prevents the cxgb4 network module from
      being unloaded, further affecting other network drivers dependent on cxgb4
      
      Sending to net as this affects all cxgb4 based network drivers.
      Signed-off-by: default avatarAnish Bhatt <anish@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ee7255ad
    • Duan Jiong's avatar
      ipv6: delete protocol and unregister rtnetlink when cleanup · ffb1388a
      Duan Jiong authored
      pim6_protocol was added when initiation, but it not deleted.
      Similarly, unregister RTNL_FAMILY_IP6MR rtnetlink.
      Signed-off-by: default avatarDuan Jiong <duanj.fnst@cn.fujitsu.com>
      Reviewed-by: default avatarCong Wang <cwang@twopensource.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ffb1388a
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-3.18-20141118' of git://gitorious.org/linux-can/linux-can · ddecab1a
      David S. Miller authored
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2014-11-18
      
      this is a pull request of 17 patches for net/master for the v3.18 release
      cycle.
      
      The last patch of this pull request ("can: m_can: update to support CAN FD
      features") adds, as the description says, a new feature to the m_can driver. As
      the m_can driver has been added in v3.18 there is no risk of causing a
      regression. Give me a note if this is not okay and I'll create a new pull
      request without it.
      
      There is a patch for the CAN infrastructure by Thomas Körper which fixes
      calling kfree_skb() from interrupt context. Roman Fietze fixes a typo also in
      the infrastructure. A patch by Dong Aisheng adds a generic helper function to
      tell if a skb is normal CAN or CAN-FD frame. Alexey Khoroshilov of the Linux
      Driver Verification project fixes a memory leak in the esd_usb2 driver. Two
      patches by Sudip Mukherjee remove unused variables and fixe the signess of a
      variable. Three patches by me add the missing .ndo_change_mtu callback to the
      xilinx_can, rcar_can and gs_usb driver.
      
      The remaining patches improve the m_can driver: David Cohen adds the missing
      CONFIG_HAS_IOMEM dependency. Dong Aisheng provides 6 bugfix patches (most
      important: missing RAM init, sleep in NAPI poll, dlc in RTR). While the last of
      his patches adds CAN FD support to the driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ddecab1a
    • Or Gerlitz's avatar
      net/mlx4_en: Add VXLAN ndo calls to the PF net device ops too · 9737c6ab
      Or Gerlitz authored
      This is currently missing, which results in a crash when one attempts
      to set VXLAN tunnel over the mlx4_en when acting as PF.
      
      	[ 2408.785472] BUG: unable to handle kernel NULL pointer dereference at (null)
      	[...]
      	[ 2408.994104] Call Trace:
      	[ 2408.996584]  [<ffffffffa021f7f5>] ? vxlan_get_rx_port+0xd6/0x103 [vxlan]
      	[ 2409.003316]  [<ffffffffa021f71f>] ? vxlan_lowerdev_event+0xf2/0xf2 [vxlan]
      	[ 2409.010225]  [<ffffffffa0630358>] mlx4_en_start_port+0x862/0x96a [mlx4_en]
      	[ 2409.017132]  [<ffffffffa063070f>] mlx4_en_open+0x17f/0x1b8 [mlx4_en]
      
      While here, make sure to invoke vxlan_get_rx_port() only when VXLAN
      offloads are actually enabled and not when they are only supported.
      Reported-by: default avatarIdo Shamay <idos@mellanox.com>
      Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9737c6ab
    • Nikolay Aleksandrov's avatar
      bonding: fix curr_active_slave/carrier with loadbalance arp monitoring · b8e4500f
      Nikolay Aleksandrov authored
      Since commit 6fde8f03 ("bonding: fix locking in
      bond_loadbalance_arp_mon()") we can have a stale bond carrier state and
      stale curr_active_slave when using arp monitoring in loadbalance modes. The
      reason is that in bond_loadbalance_arp_mon() we can't have
      do_failover == true but slave_state_changed == false, whenever do_failover
      is true then slave_state_changed is also true. Then the following piece
      from bond_loadbalance_arp_mon():
                      if (slave_state_changed) {
                              bond_slave_state_change(bond);
                              if (BOND_MODE(bond) == BOND_MODE_XOR)
                                      bond_update_slave_arr(bond, NULL);
                      } else if (do_failover) {
                              block_netpoll_tx();
                              bond_select_active_slave(bond);
                              unblock_netpoll_tx();
                      }
      
      will execute only the first branch, always and regardless of do_failover.
      Since these two events aren't related in such way, we need to decouple and
      consider them separately.
      
      For example this issue could lead to the following result:
      Bonding Mode: load balancing (round-robin)
      *MII Status: down*
      MII Polling Interval (ms): 0
      Up Delay (ms): 0
      Down Delay (ms): 0
      ARP Polling Interval (ms): 100
      ARP IP target/s (n.n.n.n form): 192.168.9.2
      
      Slave Interface: ens12
      *MII Status: up*
      Speed: 10000 Mbps
      Duplex: full
      Link Failure Count: 2
      Permanent HW addr: 00:0f:53:01:42:2c
      Slave queue ID: 0
      
      Slave Interface: eth1
      *MII Status: up*
      Speed: Unknown
      Duplex: Unknown
      Link Failure Count: 70
      Permanent HW addr: 52:54:00:2f:0f:8e
      Slave queue ID: 0
      
      Since some interfaces are up, then the status of the bond should also be
      up, but it will never change unless something invokes bond_set_carrier()
      (i.e. enslave, bond_select_active_slave etc). Now, if I force the
      calling of bond_select_active_slave via for example changing
      primary_reselect (it can change in any mode), then the MII status goes to
      "up" because it calls bond_select_active_slave() which should've been done
      from bond_loadbalance_arp_mon() itself.
      
      CC: Veaceslav Falico <vfalico@gmail.com>
      CC: Jay Vosburgh <j.vosburgh@gmail.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      CC: Ding Tianhong <dingtianhong@huawei.com>
      
      Fixes: 6fde8f03 ("bonding: fix locking in bond_loadbalance_arp_mon()")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Acked-by: default avatarVeaceslav Falico <vfalico@gmail.com>
      Acked-by: default avatarAndy Gospodarek <gospo@cumulusnetworks.com>
      Acked-by: default avatarDing Tianhong <dingtianhong@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b8e4500f
  2. 18 Nov, 2014 18 commits
  3. 16 Nov, 2014 9 commits
    • Daniel Borkmann's avatar
      ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs · feb91a02
      Daniel Borkmann authored
      It has been reported that generating an MLD listener report on
      devices with large MTUs (e.g. 9000) and a high number of IPv6
      addresses can trigger a skb_over_panic():
      
      skbuff: skb_over_panic: text:ffffffff80612a5d len:3776 put:20
      head:ffff88046d751000 data:ffff88046d751010 tail:0xed0 end:0xec0
      dev:port1
       ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:100!
      invalid opcode: 0000 [#1] SMP
      Modules linked in: ixgbe(O)
      CPU: 3 PID: 0 Comm: swapper/3 Tainted: G O 3.14.23+ #4
      [...]
      Call Trace:
       <IRQ>
       [<ffffffff80578226>] ? skb_put+0x3a/0x3b
       [<ffffffff80612a5d>] ? add_grhead+0x45/0x8e
       [<ffffffff80612e3a>] ? add_grec+0x394/0x3d4
       [<ffffffff80613222>] ? mld_ifc_timer_expire+0x195/0x20d
       [<ffffffff8061308d>] ? mld_dad_timer_expire+0x45/0x45
       [<ffffffff80255b5d>] ? call_timer_fn.isra.29+0x12/0x68
       [<ffffffff80255d16>] ? run_timer_softirq+0x163/0x182
       [<ffffffff80250e6f>] ? __do_softirq+0xe0/0x21d
       [<ffffffff8025112b>] ? irq_exit+0x4e/0xd3
       [<ffffffff802214bb>] ? smp_apic_timer_interrupt+0x3b/0x46
       [<ffffffff8063f10a>] ? apic_timer_interrupt+0x6a/0x70
      
      mld_newpack() skb allocations are usually requested with dev->mtu
      in size, since commit 72e09ad1 ("ipv6: avoid high order allocations")
      we have changed the limit in order to be less likely to fail.
      
      However, in MLD/IGMP code, we have some rather ugly AVAILABLE(skb)
      macros, which determine if we may end up doing an skb_put() for
      adding another record. To avoid possible fragmentation, we check
      the skb's tailroom as skb->dev->mtu - skb->len, which is a wrong
      assumption as the actual max allocation size can be much smaller.
      
      The IGMP case doesn't have this issue as commit 57e1ab6e
      ("igmp: refine skb allocations") stores the allocation size in
      the cb[].
      
      Set a reserved_tailroom to make it fit into the MTU and use
      skb_availroom() helper instead. This also allows to get rid of
      igmp_skb_size().
      Reported-by: default avatarWei Liu <lw1a2.jing@gmail.com>
      Fixes: 72e09ad1 ("ipv6: avoid high order allocations")
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Cc: David L Stevens <david.stevens@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      feb91a02
    • Martin Hauke's avatar
      qmi_wwan: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem · bb2bdeb8
      Martin Hauke authored
      Added the USB VID/PID for the HP lt4112 LTE/HSPA+ Gobi 4G Modem (Huawei me906e)
      Signed-off-by: default avatarMartin Hauke <mardnh@gmx.de>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb2bdeb8
    • David S. Miller's avatar
      Merge branch 'net_ovs' of git://git.kernel.org/pub/scm/linux/kernel/git/pshelar/openvswitch · c6ab766e
      David S. Miller authored
      Pravin B Shelar says:
      
      ====================
      Open vSwitch
      
      Following fixes are accumulated in ovs-repo.
      Three of them are related to protocol processing, one is
      related to memory leak in case of error and one is to
      fix race.
      Patch "Validate IPv6 flow key and mask values" has conflicts
      with net-next, Let me know if you want me to send the patch
      for net-next.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6ab766e
    • Anish Bhatt's avatar
      dcbnl : Disable software interrupts before taking dcb_lock · 52cff74e
      Anish Bhatt authored
      Solves possible lockup issues that can be seen from firmware DCB agents calling
      into the DCB app api.
      
      DCB firmware event queues can be tied in with NAPI so that dcb events are
      generated in softIRQ context. This can results in calls to dcb_*app()
      functions which try to take the dcb_lock.
      
      If the the event triggers while we also have the dcb_lock because lldpad or
      some other agent happened to be issuing a  get/set command we could see a cpu
      lockup.
      
      This code was not originally written with firmware agents in mind, hence
      grabbing dcb_lock from softIRQ context was not considered.
      Signed-off-by: default avatarAnish Bhatt <anish@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52cff74e
    • Alexey Khoroshilov's avatar
      ieee802154: fix error handling in ieee802154fake_probe() · 8c2dd544
      Alexey Khoroshilov authored
      In case of any failure ieee802154fake_probe() just calls unregister_netdev().
      But it does not look safe to unregister netdevice before it was registered.
      
      The patch implements straightforward resource deallocation in case of
      failure in ieee802154fake_probe().
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c2dd544
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · f1227c5c
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS fixes for net
      
      The following patchset contains Netfilter updates for your net tree,
      they are:
      
      1) Fix missing initialization of the range structure (allocated in the
         stack) in nft_masq_{ipv4, ipv6}_eval, from Daniel Borkmann.
      
      2) Make sure the data we receive from userspace contains the req_version
         structure, otherwise return an error incomplete on truncated input.
         From Dan Carpenter.
      
      3) Fix handling og skb->sk which may cause incorrect handling
         of connections from a local process. Via Simon Horman, patch from
         Calvin Owens.
      
      4) Fix wrong netns in nft_compat when setting target and match params
         structure.
      
      5) Relax chain type validation in nft_compat that was recently included,
         this broke the matches that need to be run from the route chain type.
         Now iptables-test.py automated regression tests report success again
         and we avoid the only possible problematic case, which is the use of
         nat targets out of nat chain type.
      
      6) Use match->table to validate the tablename, instead of the match->name.
         Again patch for nft_compat.
      
      7) Restore the synchronous release of objects from the commit and abort
         path in nf_tables. This is causing two major problems: splats when using
         nft_compat, given that matches and targets may sleep and call_rcu is
         invoked from softirq context. Moreover Patrick reported possible event
         notification reordering when rules refer to anonymous sets.
      
      8) Fix race condition in between packets that are being confirmed by
         conntrack and the ctnetlink flush operation. This happens since the
         removal of the central spinlock. Thanks to Jesper D. Brouer to looking
         into this.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1227c5c
    • John Ogness's avatar
      drivers: net: cpsw: Fix TX_IN_SEL offset · 35717d8d
      John Ogness authored
      The TX_IN_SEL offset for the CPSW_PORT/TX_IN_CTL register was
      incorrect. This caused the Dual MAC mode to never get set when
      it should. It also caused possible unintentional setting of a
      bit in the CPSW_PORT/TX_BLKS_REM register.
      
      The purpose of setting the Dual MAC mode for this register is to:
      
          "... allow packets from both ethernet ports to be written into
           the FIFO without one port starving the other port."
      					- AM335x ARM TRM
      Signed-off-by: default avatarJohn Ogness <john.ogness@linutronix.de>
      Reviewed-by: default avatarMugunthan V N <mugunthanvnm@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35717d8d
    • Hannes Frederic Sowa's avatar
      reciprocal_div: objects with exported symbols should be obj-y rather than lib-y · 9f458945
      Hannes Frederic Sowa authored
      Otherwise the exported symbols might be discarded because of no users
      in vmlinux.
      Reported-by: default avatarJim Davis <jim.epost@gmail.com>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f458945
    • Panu Matilainen's avatar
      ipv4: Fix incorrect error code when adding an unreachable route · 49dd18ba
      Panu Matilainen authored
      Trying to add an unreachable route incorrectly returns -ESRCH if
      if custom FIB rules are present:
      
      [root@localhost ~]# ip route add 74.125.31.199 dev eth0 via 1.2.3.4
      RTNETLINK answers: Network is unreachable
      [root@localhost ~]# ip rule add to 55.66.77.88 table 200
      [root@localhost ~]# ip route add 74.125.31.199 dev eth0 via 1.2.3.4
      RTNETLINK answers: No such process
      [root@localhost ~]#
      
      Commit 83886b6b ("[NET]: Change "not found"
      return value for rule lookup") changed fib_rules_lookup()
      to use -ESRCH as a "not found" code internally, but for user space it
      should be translated into -ENETUNREACH. Handle the translation centrally in
      ipv4-specific fib_lookup(), leaving the DECnet case alone.
      
      On a related note, commit b7a71b51
      ("ipv4: removed redundant conditional") removed a similar translation from
      ip_route_input_slow() prematurely AIUI.
      
      Fixes: b7a71b51 ("ipv4: removed redundant conditional")
      Signed-off-by: default avatarPanu Matilainen <pmatilai@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      49dd18ba
  4. 14 Nov, 2014 8 commits