Commit Graph

56812 Commits

Author SHA1 Message Date
Nicolas Dichtel 07b9b37c22 vxlan: fix test which detect duplicate vxlan iface
When a vxlan interface is created, the driver checks that there is not
another vxlan interface with the same properties. To do this, it checks
the existing vxlan udp socket. Since commit 1c51a9159d, the creation of
the vxlan socket is done only when the interface is set up, thus it breaks
that test.

Example:
$ ip l a vxlan10 type vxlan id 10 group 239.0.0.10 dev eth0 dstport 0
$ ip l a vxlan11 type vxlan id 10 group 239.0.0.10 dev eth0 dstport 0
$ ip -br l | grep vxlan
vxlan10          DOWN           f2:55:1c:6a:fb:00 <BROADCAST,MULTICAST>
vxlan11          DOWN           7a:cb:b9:38:59:0d <BROADCAST,MULTICAST>

Instead of checking sockets, let's loop over the vxlan iface list.

Fixes: 1c51a9159d ("vxlan: fix race caused by dropping rtnl_unlock")
Reported-by: Thomas Faivre <thomas.faivre@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-09 21:04:20 -05:00
Oliver Neukum 29c6dd591b cdc-acm: fix NULL pointer reference
The union descriptor must be checked. Its usage was conditional
before the parser was introduced. This is important, because
many RNDIS device, which also use the common parser, have
bogus extra descriptors.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Tested-by: Vasily Galkin <galkin-vv@yandex.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-09 21:00:24 -05:00
hayeswang 5ee3c60c8d r8152: fix the wake event
When the autosuspend is enabled and occurs before system suspend, we should
wake the device before running system syspend. Then, we could change the wake
event for system suspend. Otherwise, the device would resume the system when
receiving any packet.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-08 21:50:18 -05:00
Roosen Henri b4c19f7125 phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
Commit 651df21835 ("phy: micrel: Fix finding PHY properties in MAC
 node.") only fixes finding PHY properties in MAC node for KSZ9021. This
commit applies the same fix for KSZ9031.

Fixes: 8b63ec1837 ("phylib: Make PHYs children of their MDIO bus, not the bus' parent.")
Acked-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Henri Roosen <henri.roosen@ginzinger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-08 21:48:34 -05:00
Dan Carpenter 6757e6f5f4 irda: toim3232-sir: delete some dead code
I noticed this code because it has a typo in the module_param(),
the "trs" at the end of "toim3232fliptrs" should be "rts".  But it's
dead code so instead of fixing it, I just deleted it.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-08 13:25:33 -05:00
Woojung.Huh@microchip.com 9fb6066d0d net: lan78xx: Fix to write to OTP(One Time Programmable) per magic number.
This patch fixes a bug writing to EEPROM in lan78xx_ethtool_set_eeprom()
when asked to write to OTP.

Signed-off-by: Woojung Huh <woojung.huh@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-07 16:39:34 -05:00
Shrikrishna Khare 58caf63736 Driver: Vmxnet3: Fix regression caused by 5738a09
Reported-by: Bingkuo Liu <bingkuol@vmware.com>
Signed-off-by: Shrikrishna Khare <skhare@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-06 16:20:13 -05:00
Kristian Evensen e439bd4a4f net: qmi_wwan: Add WeTelecom-WPD600N
The WeTelecom-WPD600N is an LTE module that, in addition to supporting most
"normal" bands, also supports LTE over 450MHz. Manual testing showed that
only interface number three replies to QMI messages.

Cc: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-06 15:50:00 -05:00
Alan fde55c45d2 mkiss: fix scribble on freed memory
commit d79f16c046 fixed a user triggerable
scribble on free memory but added a new one which allows the user to
scribble even more and user controlled data into freed space.

As with 6pack we need to halt the queue before we free the buffers, because
the transmit logic is not protected by the semaphore.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-06 15:06:27 -05:00
One Thousand Gnomes 60aa3b080a 6pack: fix free memory scribbles
commit acf673a318 fixed a user triggerable free
memory scribble but in doing so replaced it with a different one that allows
the user to control the data and scribble even more.

sixpack_close is called by the tty layer in tty context. The tty context is
protected by sp_get() and sp_put(). However network layer activity via
sp_xmit() is not protected this way. We must therefore stop the queue
otherwise the user gets to dump a buffer mostly of their choice into freed
kernel pages.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-06 01:25:01 -05:00
David Ahern b5bdacf3bb net: Propagate lookup failure in l3mdev_get_saddr to caller
Commands run in a vrf context are not failing as expected on a route lookup:
    root@kenny:~# ip ro ls table vrf-red
    unreachable default

    root@kenny:~# ping -I vrf-red -c1 -w1 10.100.1.254
    ping: Warning: source address might be selected on device other than vrf-red.
    PING 10.100.1.254 (10.100.1.254) from 0.0.0.0 vrf-red: 56(84) bytes of data.

    --- 10.100.1.254 ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 999ms

Since the vrf table does not have a route for 10.100.1.254 the ping
should have failed. The saddr lookup causes a full VRF table lookup.
Propogating a lookup failure to the user allows the command to fail as
expected:

    root@kenny:~# ping -I vrf-red -c1 -w1 10.100.1.254
    connect: No route to host

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 22:58:30 -05:00
hayeswang 7ec2541aa7 r8152: add reset_resume function
When the reset_resume() is called, the flag of SELECTIVE_SUSPEND should be
cleared and reinitialize the device, whether the SELECTIVE_SUSPEND is set
or not. If reset_resume() is called, it means the power supply is cut or the
device is reset. That is, the device wouldn't be in runtime suspend state and
the reinitialization is necessary.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 22:02:08 -05:00
Insu Yun 3934aa4c1f cxgb4: correctly handling failed allocation
Since t4_alloc_mem can be failed in memory pressure,
if not properly handled, NULL dereference could be happened.

Signed-off-by: Insu Yun <wuninsu@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 17:18:42 -05:00
Insu Yun b77357b692 qlcnic: correctly handle qlcnic_alloc_mbx_args
Since qlcnic_alloc_mbx_args can be failed,
return value should be checked.

Signed-off-by: Insu Yun <wuninsu@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-04 17:14:30 -05:00
Linus Torvalds 8f5daf2a49 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Prevent XFRM per-cpu counter updates for one namespace from being
    applied to another namespace.  Fix from DanS treetman.

 2) Fix RCU de-reference in iwl_mvm_get_key_sta_id(), from Johannes
    Berg.

 3) Remove ethernet header assumption in nft_do_chain_netdev(), from
    Pablo Neira Ayuso.

 4) Fix cpsw PHY ident with multiple slaves and fixed-phy, from Pascal
    Speck.

 5) Fix use after free in sixpack_close and mkiss_close.

 6) Fix VXLAN fw assertion on bnx2x, from Yuval Mintz.

 7) natsemi doesn't check for DMA mapping errors, from Alexey
    Khoroshilov.

 8) Fix inverted test in ip6addrlbl_get(), from ANdrey Ryabinin.

 9) Missing initialization of needed_headroom in geneve tunnel driver,
    from Paolo Abeni.

10) Fix conntrack template leak in openvswitch, from Joe Stringer.

11) Mission initialization of wq->flags in sock_alloc_inode(), from
    Nicolai Stange.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (35 commits)
  sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close
  net, socket, socket_wq: fix missing initialization of flags
  drivers: net: cpsw: fix error return code
  openvswitch: Fix template leak in error cases.
  sctp: label accepted/peeled off sockets
  sctp: use GFP_USER for user-controlled kmalloc
  qlcnic: fix a loop exit condition better
  net: cdc_ncm: avoid changing RX/TX buffers on MTU changes
  geneve: initialize needed_headroom
  ipv6: honor ifindex in case we receive ll addresses in router advertisements
  addrconf: always initialize sysctl table data
  ipv6/addrlabel: fix ip6addrlbl_get()
  switchdev: bridge: Pass ageing time as clock_t instead of jiffies
  sh_eth: fix 16-bit descriptor field access endianness too
  veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
  net: usb: cdc_ncm: Adding Dell DW5813 LTE AT&T Mobile Broadband Card
  net: usb: cdc_ncm: Adding Dell DW5812 LTE Verizon Mobile Broadband Card
  natsemi: add checks for dma mapping errors
  rhashtable: Kill harmless RCU warning in rhashtable_walk_init
  openvswitch: correct encoding of set tunnel action attributes
  ...
2015-12-31 14:40:43 -08:00
David S. Miller a0ccc3f277 iwlwifi
* don't load firmware that won't exist for 7260
 * fix RCU splat
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEcBAABAgAGBQJWgRwtAAoJEG4XJFUm622bds8H/0FTIXrzKiW8QfdHcBoiRctE
 HmZEOXg6QLJIAYndqu67I+HPg/GYhlGsChyJYcDSBKsOoAl0J5+URFZW9d5wCaaC
 qkUjljYa9SYQem9w65YcC4QpOWhxT6Zhj/3PEegTLvs0tDR8mfVNK8czXj5kKx9e
 XOaBf8nqQqVCmLlazp/HAzEwugryUA2NkTNQhoxtxHcUe4nflyKjUltPupuyD/tA
 VzWUxPzsvgAuoV9IIdJrvQY1EXBDGV/ZoY3x73TNDlU5uweRxaYr5ncLY08NUMQM
 rGgY7EvFXkCtYyzPyUVLE6hEOf5+XHAOeISbjuCvaiksZeHNxO6tuDwjJQRsxUY=
 =r3Py
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2015-12-28' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
iwlwifi

* don't load firmware that won't exist for 7260
* fix RCU splat
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-30 16:42:31 -05:00
Julia Lawall c1e3334fa4 drivers: net: cpsw: fix error return code
Propagate the return value of platform_get_irq on failure.

A simplified version of the semantic match that finds the two cases where
no error code is returned at all is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
identifier ret; expression e1,e2;
@@
(
if (\(ret < 0\|ret != 0\))
 { ... return ret; }
|
ret = 0
)
... when != ret = e1
    when != &ret
*if(...)
{
  ... when != ret = e2
      when forall
 return ret;
}
// </smpl>

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-29 15:31:10 -05:00
Linus Torvalds 1e60508c3f Three late 4.4-rc fixes
- A previous patch updated the mlx4 driver to use vmalloc when there was
   not enough memory to get a contiguous region large enough for our needs,
   so we need kvfree() whenever we free that item.  We missed one place,
   so fix that now.
 - A previous patch added code to match incoming packets against a specific
   device, but failed to compensate for devices that have both InfiniBand
   and Ethernet ports.  Fix that.
 - Under certain vlan conditions, the ocrdma driver would fail to bring up
   any vlan interfaces and would print out a circular locking failure.  Fix
   that.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWgWd5AAoJELgmozMOVy/dxzwP/3cfSifjE7Wp8QxgCw78gov3
 Gt2zWDKNQqgAogrykCpivgDm4/CRoNBu3TnWEHl2DwoZhIT71h0H6H0bZr2cUtrv
 ywWYiMX1WuR+oRG0gOCkpEuFr5fdGC3ngSNqQXSp+8BkcOCkN7andnU5JE/TXRTp
 9g274kogZzYhH7LSxc29y8UFocXvfSywAsJlvpAS370j4OmxxD4EspXm6YJgVp4x
 Q8s9xfyQD5sroY8VOH36IY1CvdeDBqplQI6yvr6IJ5AyJy7jt++HywTgfFWTIbgz
 KktKC/7KHTPVXzwzOAexn0Ot+e42Yns7zmHaullX+liAyxPljJ844R98IBNlc2Ji
 95AWP3YAsT0QOr/C5dchbbRdrPV8nq47sSrUO+mJ5Xb3pKpgMAMPlh/UK/BP40dg
 6HsTqpBtNlYl4oILWo6xyxvpsk1w4m/Lad25LNwPc4Jp4BnlXbT/E1UO9FJiN3B3
 E62Vo/IBBinhORmnUzUCTEePJ07izX406OZ/mh+6UqkYkiXvZjEDblcptqGQZaC7
 Ng/mV3FfrilDm//W5b6/B3pTmwB496YjbALHev9nRS1XDg/gCQsVHpCjp6c5uPEW
 qQ8uft4ZITgPX+dhoc4ur0jAygVx1w0dmbMwbCD5/LXpqxMF7BSeb/EslcFmeyzS
 YwQq2tw8eZbhNaickM6e
 =ePss
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma

Pull rdma fixes from Doug Ledford:
 "Three late 4.4-rc fixes.

  The first two were very small in terms of number of lines, the third
  is more lines of change than I like this late in the cycle, but there
  are positive test results from Avagotech and from my own test setup
  with the target hardware, and given the problem was a 100% failure
  case, I sent it through.

   - A previous patch updated the mlx4 driver to use vmalloc when there
     was not enough memory to get a contiguous region large enough for
     our needs, so we need kvfree() whenever we free that item.  We
     missed one place, so fix that now.

   - A previous patch added code to match incoming packets against a
     specific device, but failed to compensate for devices that have
     both InfiniBand and Ethernet ports.  Fix that.

   - Under certain vlan conditions, the ocrdma driver would fail to
     bring up any vlan interfaces and would print out a circular locking
     failure.  Fix that"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
  RDMA/be2net: Remove open and close entry points
  RDMA/ocrdma: Depend on async link events from CNA
  RDMA/ocrdma: Dispatch only port event when port state changes
  RDMA/ocrdma: Fix vlan-id assignment in qp parameters
  IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq
  IB/cma: cma_match_net_dev needs to take into account port_num
2015-12-28 16:45:14 -08:00
Devesh Sharma f41647ef06 RDMA/be2net: Remove open and close entry points
Recently Dough Ledford reported a deadlock happening
between ocrdma-load sequence and NetworkManager service
issueing "open" on be2net interface.

The deadlock happens when any be2net hook (e.g. open/close) is called
in parallel to insmod ocrdma.ko.

A. be2net is sending administrative open/close event to ocrdma holding
   device_list_mutex. It does this from ndo_open/ndo_stop hooks of be2net.
   So sequence of locks is rtnl_lock---> device_list lock

B.  When new ocrdma roce device gets registered, infiniband stack now
    takes rtnl_lock in ib_register_device() in GID initialization routines.
    So sequence of locks in this path is device_list lock ---> rtnl_lock.

This improper locking sequence causes deadlock.

In order to resolve the above deadlock condition, ocrdma intorduced a
patch to stop listening to administrative open/close events generated from
be2net driver. It now depends on link-state-change async-event generated from
CNA. This change leaves behind dead code which used to generate administrative
open/close events. This patch cleans-up all that dead code from be2net.

Reported-by: Doug Ledford <dledford@redhat.com>
CC: Sathya Perla <sathya.perla@avagotech.com>
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com>
Signed-off-by: Selvin Xavier <selvin.xavier@avagotech.com>
Signed-off-by: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2015-12-28 11:45:55 -05:00
Dan Carpenter 3358a5c0c1 qlcnic: fix a loop exit condition better
In the original code, if we succeeded on the last iteration through the
loop then we still returned failure.

Fixes: 389e4e04ad ('qlcnic: fix a timeout loop')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-24 11:02:35 -05:00
Bjørn Mork 1dfddff5fc net: cdc_ncm: avoid changing RX/TX buffers on MTU changes
NCM buffer sizes are negotiated with the device independently of
the network device MTU.  The RX buffers are allocated by the
usbnet framework based on the rx_urb_size value set by cdc_ncm. A
single RX buffer can hold a number of MTU sized packets.

The default usbnet change_mtu ndo only modifies rx_urb_size if it
is equal to hard_mtu.  And the cdc_ncm driver will set rx_urb_size
and hard_mtu independently of each other, based on dwNtbInMaxSize
and dwNtbOutMaxSize respectively. It was therefore assumed that
usbnet_change_mtu() would never touch rx_urb_size.  This failed to
consider the case where dwNtbInMaxSize and dwNtbOutMaxSize happens
to be equal.

Fix by implementing an NCM specific change_mtu ndo, modifying the
netdev MTU without touching the buffer size settings.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23 22:52:08 -05:00
Paolo Abeni 184fc8b5ee geneve: initialize needed_headroom
Currently the needed_headroom field for the geneve device is left
to the default value.

This patch set it to space required for basic geneve encapsulation,
so that we can avoid the skb head re-allocation on xmit.

This give a 6% speedup for unsegment traffic on geneve tunnel.

v1 -> v2:
  - add ETH_HLEN for the lower device to the needed headroom

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-23 22:28:29 -05:00
Sergei Shtylyov 5cbf20c747 sh_eth: fix 16-bit descriptor field access endianness too
Commit 1299653aff ("sh_eth: fix descriptor access endianness") only
addressed the 32-bit buffer address field byte-swapping  but the driver
still accesses 16-bit frame/buffer length descriptor fields without the
necessary byte-swapping -- which should affect the big-endian kernels.
In order to be able to use {cpu|edmac}_to_{edmac|cpu}(), we need to declare
the RX/TX descriptor word 1 as a 32-bit field and use shifts/masking to
access the 16-bit subfields (which gets rid of the ugly #ifdef'ery too)...

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22 15:23:47 -05:00
Vijay Pandurangan ce8c839b74 veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
Packets that arrive from real hardware devices have ip_summed ==
CHECKSUM_UNNECESSARY if the hardware verified the checksums, or
CHECKSUM_NONE if the packet is bad or it was unable to verify it. The
current version of veth will replace CHECKSUM_NONE with
CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to
a veth device to be delivered to the application. This caused applications
at Twitter to receive corrupt data when network hardware was corrupting
packets.

We believe this was added as an optimization to skip computing and
verifying checksums for communication between containers. However, locally
generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as
written does nothing for them. As far as we can tell, after removing this
code, these packets are transmitted from one stack to another unmodified
(tcpdump shows invalid checksums on both sides, as expected), and they are
delivered correctly to applications. We didn’t test every possible network
configuration, but we tried a few common ones such as bridging containers,
using NAT between the host and a container, and routing from hardware
devices to containers. We have effectively deployed this in production at
Twitter (by disabling RX checksum offloading on veth devices).

This code dates back to the first version of the driver, commit
<e314dbdc1c0dc6a548ecf> ("[NET]: Virtual ethernet device driver"), so I
suspect this bug occurred mostly because the driver API has evolved
significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
packet checksumming") (in December 2010) fixed this for packets that get
created locally and sent to hardware devices, by not changing
CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming
in from hardware devices.

Co-authored-by: Evan Jones <ej@evanjones.ca>
Signed-off-by: Evan Jones <ej@evanjones.ca>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Phil Sutter <phil@nwl.cc>
Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Vijay Pandurangan <vijayp@vijayp.ca>
Acked-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-22 15:15:34 -05:00
Daniele Palmas fb83d5f283 net: usb: cdc_ncm: Adding Dell DW5813 LTE AT&T Mobile Broadband Card
Unlike DW5550, Dell DW5813 is a mobile broadband card with no ARP
capabilities: the patch makes this device to use wwan_noarp_info struct

Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-21 14:51:14 -05:00
Daniele Palmas 670c0d62ea net: usb: cdc_ncm: Adding Dell DW5812 LTE Verizon Mobile Broadband Card
Unlike DW5550, Dell DW5812 is a mobile broadband card with no ARP
capabilities: the patch makes this device to use wwan_noarp_info struct

Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-21 14:51:14 -05:00
Alexey Khoroshilov 45af55006c natsemi: add checks for dma mapping errors
refill_rx() and start_tx() do not check if mapping dma memory succeed.
The patch adds the checks and failure handling.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-19 12:58:46 -05:00
Yuval Mintz ea2465af3b bnx2x: Prevent FW assertion when using Vxlan
FW has a rare corner case in which a fragmented packet using lots
of frags would not be linearized, causing the FW to assert while trying
to transmit the packet.

To prevent this, we need to make sure the window of fragements containing
MSS worth of data contains 1 BD less than for regular packets due to
the additional parsing BD.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 16:34:32 -05:00
David Miller d79f16c046 mkiss: Fix use after free in mkiss_close().
Need to do the unregister_device() after all references to the driver
private have been done.

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 16:03:03 -05:00
David Miller acf673a318 6pack: Fix use after free in sixpack_close().
Need to do the unregister_device() after all references to the driver
private have been done.

Also we need to use del_timer_sync() for the timers so that we don't
have any asynchronous references after the unregister.

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 15:57:33 -05:00
Venkat Duvvuru 6e3cd5fa65 be2net: Avoid accessing eq object in be_msix_register routine, when i < 0.
When the first request_irq fails in be_msix_register, i value
would be zero. The current code decrements the i value and
accesses the eq object without validating the decremented
"i" value. This can cause an "invalid memory address access"
violation.

This patch fixes the problem by accessing the eq object after
validating the "i" value.

Signed-off-by: Venkat Duvvuru <venkatkumar.duvvuru@avagotech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 15:50:52 -05:00
Linus Torvalds 3273cba195 xen: bug fixes for 4.4-rc5
- XSA-155 security fixes to backend drivers.
 - XSA-157 security fixes to pciback.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWdDrXAAoJEFxbo/MsZsTR3N0H/0Lvz6MWBARCje7livbz7nqE
 PS0Bea+2yAfNhCDDiDlpV0lor8qlyfWDF6lGhLjItldAzahag3ZDKDf1Z/lcQvhf
 3MwFOcOVZE8lLtvLT6LGnPuehi1Mfdi1Qk1/zQhPhsq6+FLPLT2y+whmBihp8mMh
 C12f7KRg5r3U7eZXNB6MEtGA0RFrOp0lBdvsiZx3qyVLpezj9mIe0NueQqwY3QCS
 xQ0fILp/x2EnZNZuzgghFTPRxMAx5ReOezgn9Rzvq4aThD+irz1y6ghkYN4rG2s2
 tyYOTqBnjJEJEQ+wmYMhnfCwVvDffztG+uI9hqN31QFJiNB0xsjSWFCkDAWchiU=
 =Argz
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.4-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen bug fixes from David Vrabel:
 - XSA-155 security fixes to backend drivers.
 - XSA-157 security fixes to pciback.

* tag 'for-linus-4.4-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen-pciback: fix up cleanup path when alloc fails
  xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
  xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
  xen/pciback: Do not install an IRQ handler for MSI interrupts.
  xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
  xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
  xen/pciback: Save xen_pci_op commands before processing it
  xen-scsiback: safely copy requests
  xen-blkback: read from indirect descriptors only once
  xen-blkback: only read request operation from shared ring once
  xen-netback: use RING_COPY_REQUEST() throughout
  xen-netback: don't use last request to determine minimum Tx credit
  xen: Add RING_COPY_REQUEST()
  xen/x86/pvh: Use HVM's flush_tlb_others op
  xen: Resume PMU from non-atomic context
  xen/events/fifo: Consume unprocessed events when a CPU dies
2015-12-18 12:24:52 -08:00
Eugenia Emantayev 90683061dd net/mlx4_en: Fix HW timestamp init issue upon system startup
mlx4_en_init_timestamp was called before creation of netdev and port
init, thus used uninitialized values.  Specifically - NIC frequency was
incorrect causing wrong calculations and later wrong HW timestamps.

Fixes: 1ec4864b10 ('net/mlx4_en: Fixed crash when port type is changed')
Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Marina Varshaver <marinav@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 14:48:04 -05:00
Eugenia Emantayev fc9f5ea9b4 net/mlx4_en: Remove dependency between timestamping capability and service_task
Service task is responsible for other tasks in addition to timestamping
overflow check. Launch it even if timestamping is not supported by device.

Fixes: 07841f9d94 ('net/mlx4_en: Schedule napi when RX buffers allocation fails')
Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 14:48:03 -05:00
David Rivshin dfc0a6d39a drivers: net: cpsw: increment reference count on fixed-link PHY node
When a fixed-link sub-node exists in a slave node, the slave node
is also the PHY node. Since this is a separate use of the slave node,
of_node_get() should be used to increment the reference count.

Fixes: 1f71e8c96f ("drivers: net: cpsw: Add support for fixed-link PHY")
Signed-off-by: David Rivshin <drivshin@allworx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 14:46:06 -05:00
David Rivshin f1eea5c15a drivers: net: cpsw: fix RMII/RGMII mode when used with fixed-link PHY
Commit 1f71e8c96f ("drivers: net: cpsw: Add
support for fixed-link PHY") did not parse the "phy-mode" property in
the case of a fixed-link PHY, leaving slave_data->phy_if with its default
of PHY_INTERFACE_MODE_NA(0). This later gets passed to phy_connect() in
cpsw_slave_open(), and eventually to cpsw_phy_sel() where it hits a default
case that configures the MAC for MII mode.

The user visible symptom is that while kernel log messages seem to indicate
that the interface is set up, there is no network communication. Eventually
a watchdog error occurs:
    NETDEV WATCHDOG: eth0 (cpsw): transmit queue 0 timed out

Fixes: 1f71e8c96f ("drivers: net: cpsw: Add support for fixed-link PHY")
Signed-off-by: David Rivshin <drivshin@allworx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 14:46:05 -05:00
Pascal Speck (Iktek) 1873c58d4a ethernet:ti:cpsw: fix phy identification with multiple slaves on fixed-phy
When using more than one slave with ti cpsw and fixed phy the pd->phy_id
will be always zero, but slave_data->phy_id must be unique. pd->phy_id
means a "phy hardware id" whereas slave_data->phy_id means an "unique id",
so we should use pd->addr which has the same unique meaning.

Fixes: 1f71e8c96f ("drivers: net: cpsw: Add support for fixed-link PHY")
Signed-off-by: Pascal Speck <kernel@iktek.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-18 14:46:05 -05:00
David Vrabel 68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout
Instead of open-coding memcpy()s and directly accessing Tx and Rx
requests, use the new RING_COPY_REQUEST() that ensures the local copy
is correct.

This is more than is strictly necessary for guest Rx requests since
only the id and gref fields are used and it is harmless if the
frontend modifies these.

This is part of XSA155.

CC: stable@vger.kernel.org
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2015-12-18 10:00:28 -05:00
David Vrabel 0f589967a7 xen-netback: don't use last request to determine minimum Tx credit
The last from guest transmitted request gives no indication about the
minimum amount of credit that the guest might need to send a packet
since the last packet might have been a small one.

Instead allow for the worst case 128 KiB packet.

This is part of XSA155.

CC: stable@vger.kernel.org
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2015-12-18 10:00:23 -05:00
Kalle Valo 01d85b9b2b * don't load firmware that won't exist for 7260
* fix RCU splat
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWcRtgAAoJEC0Llv5uNjIB8SsP/jgsZT5J8xxLpMThe0Pw7C9d
 zZ9Hk1GGBtw9bqMxb7ZjXiGufJQoCf4ckYIEd8OVTOj/3UNE+ZS1StLYmOgie1Ah
 XEgGH9mCuhBAPHGjjsi/YgxNKiwVQ4XOTuV5V9QVUotcTlZGTmtx6UBIxPtnbhWr
 9/uthiDTzgR6c/3sHLSYv66qkrBRMLWbqAdfyJdv4fRW9jwJKTkjexNXuDLMN/Vz
 vgOoSgl62+ixZ211RdLSpO5CasO/FwYabDfcO2UK/h81MetZIn09BQAxBy6p0D1E
 CbMfH1C1Y8TBScRwVEdHgaZ36M+waOfQ0QOcBZOzWveH3xagajNspLaz8yUPO08w
 DCJykrIRkh8C4g1lxK3X5VXh1nyMAuXxAJ9XSr2Rt6ihxi4bA7sFs88xzSCNXyNM
 5QbDjDrJAxb8amprG7F7Ge2N1vO5NQ2dsbluSiMtU43KxhwOvIBjqVbaZmDhYF6m
 in7AndtM1xkSY32KWDVMJYhycwm/ZOQL1kN2WRLEOgnnCW0JQ84kLIBkyFkBMYPs
 Go42+BnOr3qPEfnTd7xufjXK/1hJ+lZt58UM6qlhMsGY48ZXw+vrPe1/vWlq61rT
 ZP+V1LaBAg5nk6jGuA67mN7Wbof0oCaHqljNe9eX/GewahKS0Rn8TpHpw0z05rvI
 CcitRAsPwMQNGW3WdmIo
 =OIVH
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-for-kalle-2015-12-16' of https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

* don't load firmware that won't exist for 7260
* fix RCU splat
2015-12-18 14:57:02 +02:00
Linus Torvalds 73796d8bf2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix uninitialized variable warnings in nfnetlink_queue, a lot of
    people reported this...  From Arnd Bergmann.

 2) Don't init mutex twice in i40e driver, from Jesse Brandeburg.

 3) Fix spurious EBUSY in rhashtable, from Herbert Xu.

 4) Missing DMA unmaps in mvpp2 driver, from Marcin Wojtas.

 5) Fix race with work structure access in pppoe driver causing
    corruptions, from Guillaume Nault.

 6) Fix OOPS due to sh_eth_rx() not checking whether netdev_alloc_skb()
    actually succeeded or not, from Sergei Shtylyov.

 7) Don't lose flags when settifn IFA_F_OPTIMISTIC in ipv6 code, from
    Bjørn Mork.

 8) VXLAN_HD_RCO defined incorrectly, fix from Jiri Benc.

 9) Fix clock source used for cookies in SCTP, from Marcelo Ricardo
    Leitner.

10) aurora driver needs HAS_DMA dependency, from Geert Uytterhoeven.

11) ndo_fill_metadata_dst op of vxlan has to handle ipv6 tunneling
    properly as well, from Jiri Benc.

12) Handle request sockets properly in xfrm layer, from Eric Dumazet.

13) Double stats update in ipv6 geneve transmit path, fix from Pravin B
    Shelar.

14) sk->sk_policy[] needs RCU protection, and as a result
    xfrm_policy_destroy() needs to free policies using an RCU grace
    period, from Eric Dumazet.

15) SCTP needs to clone ipv6 tx options in order to avoid use after
    free, from Eric Dumazet.

16) Missing kbuild export if ila.h, from Stephen Hemminger.

17) Missing mdiobus_alloc() return value checking in mdio-mux.c, from
    Tobias Klauser.

18) Validate protocol value range in ->create() methods, from Hannes
    Frederic Sowa.

19) Fix early socket demux races that result in illegal dst reuse, from
    Eric Dumazet.

20) Validate socket address length in pptp code, from WANG Cong.

21) skb_reorder_vlan_header() uses incorrect offset and can corrupt
    packets, from Vlad Yasevich.

22) Fix memory leaks in nl80211 registry code, from Ola Olsson.

23) Timeout loop count handing fixes in mISDN, xgbe, qlge, sfc, and
    qlcnic.  From Dan Carpenter.

24) msg.msg_iocb needs to be cleared in recvfrom() otherwise, for
    example, AF_ALG will interpret it as an async call.  From Tadeusz
    Struk.

25) inetpeer_set_addr_v4 forgets to initialize the 'vif' field, from
    Eric Dumazet.

26) rhashtable enforces the minimum table size not early enough,
    breaking how we calculate the per-cpu lock allocations.  From
    Herbert Xu.

27) Fix FCC port lockup in 82xx driver, from Martin Roth.

28) FOU sockets need to be freed using RCU, from Hannes Frederic Sowa.

29) Fix out-of-bounds access in __skb_complete_tx_timestamp() and
    sock_setsockopt() wrt.  timestamp handling.  From WANG Cong.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (117 commits)
  net: check both type and procotol for tcp sockets
  drivers: net: xgene: fix Tx flow control
  tcp: restore fastopen with no data in SYN packet
  af_unix: Revert 'lock_interruptible' in stream receive code
  fou: clean up socket with kfree_rcu
  82xx: FCC: Fixing a bug causing to FCC port lock-up
  gianfar: Don't enable RX Filer if not supported
  net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
  rhashtable: Fix walker list corruption
  rhashtable: Enforce minimum size on initial hash table
  inet: tcp: fix inetpeer_set_addr_v4()
  ipv6: automatically enable stable privacy mode if stable_secret set
  net: fix uninitialized variable issue
  bluetooth: Validate socket address length in sco_sock_bind().
  net_sched: make qdisc_tree_decrease_qlen() work for non mq
  ser_gigaset: remove unnecessary kfree() calls from release method
  ser_gigaset: fix deallocation of platform device structure
  ser_gigaset: turn nonsense checks into WARN_ON
  ser_gigaset: fix up NULL checks
  qlcnic: fix a timeout loop
  ...
2015-12-17 14:05:22 -08:00
Iyappan Subramanian 67894eec3e drivers: net: xgene: fix Tx flow control
Currently the Tx flow control is based on reading the hardware state,
which is not accurate since it may not reflect the descriptors that
are not yet reached the memory.

To accurately control the Tx flow, changing it to be software based.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-17 15:45:53 -05:00
Martin Roth 79aa05a24f 82xx: FCC: Fixing a bug causing to FCC port lock-up
The patch fixes FCC port lock-up, which occurs as a result of a bug
during underrun/collision handling. Within the tx_startup() function
in mac-fcc.c, the address of last BD is not calculated correctly.
As a result of wrong calculation of the last BD address, the next
transmitted BD may be set to an area out of the transmit BD ring.
This actually causes to port lock-up and it is not recoverable.

Signed-off-by: Martin Roth <martin.roth@motorolasolutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 18:32:35 -05:00
Hamish Martin 7bff47da1e gianfar: Don't enable RX Filer if not supported
After commit 15bf176db1 ("gianfar: Don't enable the Filer w/o the
Parser"), 'TSEC' model controllers (for example as seen on MPC8541E)
always have 8 bytes stripped from the front of received frames.
Only 'eTSEC' gianfar controllers have the RX Filer capability (amongst
other enhancements). Previously this was treated as always enabled
for both 'TSEC' and 'eTSEC' controllers.
In commit 15bf176db1 ("gianfar: Don't enable the Filer w/o the Parser")
a subtle change was made to the setting of 'uses_rxfcb' to effectively
always set it (since 'rx_filer_enable' was always true). This had the
side-effect of always stripping 8 bytes from the front of received frames
on 'TSEC' type controllers.

We now only enable the RX Filer capability on controller types that
support it, thereby avoiding the issue for 'TSEC' type controllers.

Reviewed-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Reviewed-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Reviewed-by: Claudiu Manoil <claudiu.manoil@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 18:31:00 -05:00
Dan Carpenter 389e4e04ad qlcnic: fix a timeout loop
The problem here is that at the end of the loop we test for if
idc->vnic_wait_limit is zero, but since idc->vnic_wait_limit-- is a
post-op, it actually ends up set to (u8)-1.  I have fixed this by
moving the decrement inside the loop.

Fixes: 486a5bc77a ('qlcnic: Add support for 83xx suspend and resume.')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:11:05 -05:00
Dan Carpenter fe0be35e2c sfc: fix a timeout loop
We test for if "tries" is zero at the end but "tries--" is a post-op so
it will end with "tries" set to -1.  I have changed it to a pre-op
instead.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:46:26 -05:00
Dan Carpenter 351434c6ba qlge: fix a timeout loop in ql_change_rx_buffers()
The problem here is that after the loop we test for "if (!i) " but
because "i--" is a post-op we exit with i set to -1.  I have fixed this
by changing it to a pre-op instead.  I had to change the starting value
from 3 to 4 so that we still iterate 3 times.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:46:03 -05:00
Dan Carpenter c7557e6a56 amd-xgbe: fix a couple timeout loops
At the end of the loop we test "if (!count)" but because "count--" is
a post-op then the loop will end with count set to -1.  I have fixed
this by changing it to --count.

Fixes: c5aa9e3b81 ('amd-xgbe: Initial AMD 10GbE platform driver')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:43:01 -05:00
Andrzej Hajda 2b2b31c845 net/mlx4_core: fix handling return value of mlx4_slave_convert_port
The function can return negative values, so its result should
be assigned to signed variable.

The problem has been detected using proposed semantic patch
scripts/coccinelle/tests/assign_signed_to_unsigned.cocci [1].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2046107

Fixes: fc48866f7 ('net/mlx4: Adapt code for N-Port VF')
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Acked-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 11:54:43 -05:00
WANG Cong 09ccfd238e pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 00:29:34 -05:00