Commit Graph

507119 Commits

Author SHA1 Message Date
Pavel Nakonechny
303038135a net: dsa: fix filling routing table from OF description
According to description in 'include/net/dsa.h', in cascade switches
configurations where there are more than one interconnected devices,
'rtable' array in 'dsa_chip_data' structure is used to indicate which
port on this switch should be used to send packets to that are destined
for corresponding switch.

However, dsa_of_setup_routing_table() fills 'rtable' with port numbers
of the _target_ switch, but not current one.

This commit removes redundant devicetree parsing and adds needed port
number as a function argument. So dsa_of_setup_routing_table() now just
looks for target switch number by parsing parent of 'link' device node.

To remove possible misunderstandings with the way of determining target
switch number, a corresponding comment was added to the source code and
to the DSA device tree bindings documentation file.

This was tested on a custom board with two Marvell 88E6095 switches with
following corresponding routing tables: { -1, 10 } and { 8, -1 }.

Signed-off-by: Pavel Nakonechny <pavel.nakonechny@skitlab.ru>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-06 17:31:37 -04:00
WANG Cong
67e04c29ec l2tp: unregister l2tp_net_ops on failure path
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-06 16:53:02 -04:00
Stas Sergeev
ecf7b361a6 mvneta: dont call mvneta_adjust_link() manually
mvneta_adjust_link() is a callback for of_phy_connect() and should
not be called directly. The result of calling it directly is as below:

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-06 16:35:40 -04:00
hannes@stressinduktion.org
f60e5990d9 ipv6: protect skb->sk accesses from recursive dereference inside the stack
We should not consult skb->sk for output decisions in xmit recursion
levels > 0 in the stack. Otherwise local socket settings could influence
the result of e.g. tunnel encapsulation process.

ipv6 does not conform with this in three places:

1) ip6_fragment: we do consult ipv6_npinfo for frag_size

2) sk_mc_loop in ipv6 uses skb->sk and checks if we should
   loop the packet back to the local socket

3) ip6_skb_dst_mtu could query the settings from the user socket and
   force a wrong MTU

Furthermore:
In sk_mc_loop we could potentially land in WARN_ON(1) if we use a
PF_PACKET socket ontop of an IPv6-backed vxlan device.

Reuse xmit_recursion as we are currently only interested in protecting
tunnel devices.

Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-06 16:12:49 -04:00
Nicolas Dichtel
576b7cd2f6 netns: don't allocate an id for dead netns
First, let's explain the problem.
Suppose you have an ipip interface that stands in the netns foo and its link
part in the netns bar (so the netns bar has an nsid into the netns foo).
Now, you remove the netns bar:
 - the bar nsid into the netns foo is removed
 - the netns exit method of ipip is called, thus our ipip iface is removed:
   => a netlink message is built in the netns foo to advertise this deletion
   => this netlink message requests an nsid for bar, thus a new nsid is
      allocated for bar and never removed.

This patch adds a check in peernet2id() so that an id cannot be allocated for
a netns which is currently destroyed.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-03 12:36:31 -04:00
Nicolas Dichtel
6d458f5b4e Revert "netns: don't clear nsid too early on removal"
This reverts
commit 4217291e59 ("netns: don't clear nsid too early on removal").

This is not the right fix, it introduces races.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-03 12:36:31 -04:00
WANG Cong
7ba0c47c34 ip6mr: call del_timer_sync() in ip6mr_free_table()
We need to wait for the flying timers, since we
are going to free the mrtable right after it.

Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-02 20:52:35 -04:00
WANG Cong
419df12fb5 net: move fib_rules_unregister() under rtnl lock
We have to hold rtnl lock for fib_rules_unregister()
otherwise the following race could happen:

fib_rules_unregister():	fib_nl_delrule():
...				...
...				ops = lookup_rules_ops();
list_del_rcu(&ops->list);
				list_for_each_entry(ops->rules) {
fib_rules_cleanup_ops(ops);	  ...
  list_del_rcu();		  list_del_rcu();
				}

Note, net->rules_mod_lock is actually not needed at all,
either upper layer netns code or rtnl lock guarantees
we are safe.

Cc: Alexander Duyck <alexander.h.duyck@redhat.com>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-02 20:52:34 -04:00
WANG Cong
ed785309c9 ipv4: take rtnl_lock and mark mrt table as freed on namespace cleanup
This is the IPv4 part for commit 905a6f96a1
(ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup).

Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-02 20:52:34 -04:00
Neal Cardwell
666b805150 tcp: fix FRTO undo on cumulative ACK of SACKed range
On processing cumulative ACKs, the FRTO code was not checking the
SACKed bit, meaning that there could be a spurious FRTO undo on a
cumulative ACK of a previously SACKed skb.

The FRTO code should only consider a cumulative ACK to indicate that
an original/unretransmitted skb is newly ACKed if the skb was not yet
SACKed.

The effect of the spurious FRTO undo would typically be to make the
connection think that all previously-sent packets were in flight when
they really weren't, leading to a stall and an RTO.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Fixes: e33099f96d ("tcp: implement RFC5682 F-RTO")
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-02 16:35:58 -04:00
Jonathan Davies
0c36820e2a xen-netfront: transmit fully GSO-sized packets
xen-netfront limits transmitted skbs to be at most 44 segments in size. However,
GSO permits up to 65536 bytes, which means a maximum of 45 segments of 1448
bytes each. This slight reduction in the size of packets means a slight loss in
efficiency.

Since c/s 9ecd1a75d, xen-netfront sets gso_max_size to
    XEN_NETIF_MAX_TX_SIZE - MAX_TCP_HEADER,
where XEN_NETIF_MAX_TX_SIZE is 65535 bytes.

The calculation used by tcp_tso_autosize (and also tcp_xmit_size_goal since c/s
6c09fa09d) in determining when to split an skb into two is
    sk->sk_gso_max_size - 1 - MAX_TCP_HEADER.

So the maximum permitted size of an skb is calculated to be
    (XEN_NETIF_MAX_TX_SIZE - MAX_TCP_HEADER) - 1 - MAX_TCP_HEADER.

Intuitively, this looks like the wrong formula -- we don't need two TCP headers.
Instead, there is no need to deviate from the default gso_max_size of 65536 as
this already accommodates the size of the header.

Currently, the largest skb transmitted by netfront is 63712 bytes (44 segments
of 1448 bytes each), as observed via tcpdump. This patch makes netfront send
skbs of up to 65160 bytes (45 segments of 1448 bytes each).

Similarly, the maximum allowable mtu does not need to subtract MAX_TCP_HEADER as
it relates to the size of the whole packet, including the header.

Fixes: 9ecd1a75d9 ("xen-netfront: reduce gso_max_size to account for max TCP header")
Signed-off-by: Jonathan Davies <jonathan.davies@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-02 16:18:58 -04:00
Linus Torvalds
0a4812798f Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
 "This time we have addition of caps for jz4740 which fixes intentional
  warning at boot.  Then we have memory leak issues in drivers using
  virt-dma by Peter on few drive"

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: moxart-dma: Fix memory leak when stopping a running transfer
  dmaengine: bcm2835-dma: Fix memory leak when stopping a running transfer
  dmaengine: omap-dma: Fix memory leak when terminating running transfer
  dmaengine: edma: fix memory leak when terminating running transfers
  dmaengine: jz4740: Define capabilities
2015-04-02 11:30:36 -07:00
Linus Torvalds
8172ba51e2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix use-after-free with mac80211 RX A-MPDU reorder timer, from
    Johannes Berg.

 2) iwlwifi leaks memory every module load/unload cycles, fix from Larry
    Finger.

 3) Need to use for_each_netdev_safe() in rtnl_group_changelink()
    otherwise we can crash, from WANG Cong.

 4) mlx4 driver does register_netdev() too early in the probe sequence,
    from Ido Shamay.

 5) Don't allow router discovery hop limit to decrease the interface's
    hop limit, from D.S. Ljungmark.

 6) tx_packets and tx_bytes improperly accounted for certain classes of
    USB network devices, fix from Ben Hutchings.

 7) ip{6}mr_rules_init() mistakenly use plain kfree to release the ipmr
    tables in the error path, they must instead use ip{6}mr_free_table().
    Fix from WANG Cong.

 8) cxgb4 doesn't properly quiesce all RX activity before unregistering
    the netdevice.  Fix from Hariprasad Shenai.

 9) Fix hash corruptions in ipvlan driver, from Jiri Benc.

10) nla_memcpy(), like a real memcpy, should fully initialize the
    destination buffer, even if the source attribute is smaller.  Fix
    from Jiri Benc.

11) Fix wrong error code returned from iucv_sock_sendmsg().  We should
    use whatever sock_alloc_send_skb() put into 'err'.  From Eugene
    Crosser.

12) Fix slab object leak on module unload in TIPC, from Ying Xue.

13) Need a READ_ONCE() when reading the cached RX socket route in
    tcp_v{4,6}_early_demux().  From Michal Kubecek.

14) Still too many problems with TPC support in the ath9k driver, so
    disable it for now.  From Felix Fietkau.

15) When in AP mode the rtlwifi driver can leak DMA mappings, fix from
    Larry Finger.

16) Missing kzalloc() failure check in gs_usb CAN driver, from Colin Ian
    King.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits)
  cxgb4: Fix to dump devlog, even if FW is crashed
  cxgb4: Firmware macro changes for fw verison 1.13.32.0
  bnx2x: Fix kdump when iommu=on
  bnx2x: Fix kdump on 4-port device
  mac80211: fix RX A-MPDU session reorder timer deletion
  MAINTAINERS: Update Intel Wired Ethernet Driver info
  tipc: fix a slab object leak
  net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet
  af_iucv: fix AF_IUCV sendmsg() errno
  openvswitch: Return vport module ref before destruction
  netlink: pad nla_memcpy dest buffer with zeroes
  bonding: Bonding Overriding Configuration logic restored.
  ipvlan: fix check for IP addresses in control path
  ipvlan: do not use rcu operations for address list
  ipvlan: protect against concurrent link removal
  ipvlan: fix addr hash list corruption
  net: fec: setup right value for mdio hold time
  net: tcp6: fix double call of tcp_v6_fill_cb()
  cxgb4vf: Fix sparse warnings
  netns: don't clear nsid too early on removal
  ...
2015-04-02 11:09:41 -07:00
David S. Miller
f5f321c431 iwlwifi:
* fix a memory leak, we leaked memory each time the module
   was loaded.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQEcBAABAgAGBQJVHB3DAAoJEG4XJFUm622bLYkH+gMnmUgVD/MQLqhActOwGg/f
 YM+gAmHyHW3arwLStkx8MfYrXf2a+Q3A/+Mj61s9fMKdxtH143JwL3Gu/y76S9vH
 7bbhoiajwCg83IhrN+lIOpAHjHo/bxodXmjojnZFHTQ0MBT6ftXmLUZ7HBDwaL6A
 ct79Yh/k2lhaL8Vk242dIXWjoVmG9HtazVnK7jYB4fX+dIuqZ/53Z4acqTLeKUez
 UMRs/R0MYMtjHXhpnNHegiZ/umf4FfhrtVZ4yW2C3PqPR7wor/XkegnbwEXH3TNq
 zGACPN5YdFjDPacPslBsMT9FkOQPOwvz9Djzn7GEW6fv7AvGTC0lIXQ2E2I2phQ=
 =E1Gh
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
iwlwifi:

* fix a memory leak, we leaked memory each time the module
  was loaded.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:48:50 -04:00
David S. Miller
877e45d60c Merge branch 'cxgb4-net'
Hariprasad Shenai says:

====================
cxgb4 FW macro changes for new FW

Fix to dump device log even in the case of firmware crash. Also
incorporates changes for new FW.

This patch series has been created against net tree and includes patches on
cxgb4 driver.

We have included all the maintainers of respective drivers. Kindly review the
change and let us know in case of any review comments.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:21 -04:00
Hariprasad Shenai
ae469b68a5 cxgb4: Fix to dump devlog, even if FW is crashed
Add new Common Code routines to retrieve Firmware Device Log
parameters from PCIE_FW_PF[7]. The firmware initializes its Device Log very
early on and stores the parameters for its location/size in that register.
Using the parameters from the register allows us to access the Firmware
Device Log even when the firmware crashes very early on or we're not
attached to the firmware

Based on original work by Casey Leedom <leedom@chelsio.com>

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:20 -04:00
Hariprasad Shenai
7ef65a4211 cxgb4: Firmware macro changes for fw verison 1.13.32.0
Adds new macro and few macro changes for fw version 1.13.32.0 also
changes version string in driver to match 1.13.32.0

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:47:20 -04:00
David S. Miller
af3e09e666 This contains just a single fix for a crash I happened to randomly
run into today during testing. It's clearly been around for a while,
 but is pretty hard to trigger, even when I tried explicitly (and
 modified the code to make it more likely) it rarely did.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJVG/WSAAoJEDBSmw7B7bqrzmgQALygsyo0GrmHHorg0wkO+PBK
 l6kVknRwlsMil+vmB6mPTnwgUaGnEWJeRXl4zPJeA4Z+Xr58K1lyTFcMC0nu2MVb
 MNcTJycRmF4Lqyycd52zFaA+1vMsgG7AZb6vXLYppchUFTmbLVNX/IWhJGNOAsKZ
 HjYdvLr2kbJunIRofc/0PCC/8J4qFQj2ZphF5WfMckhNrh8+SQjIqmscFdRIqcgj
 R+LtyxscyKWspQ97J6OdoTsKpxTKSZ8mi9IvohdJhkJVnzBEkJx+Krf6PNs+Xnh1
 Z4x1Dkn1RoM8+7cakq2tTwwxokEw7de/3v/s90W+yVuZWNKsaiKHcnU+KGHu6t0J
 2766PXv6hC3KSWN6XrfTxYP7CBsT46Vf5+7FSlDsck1tUbn3W55c2kPFMBKk79yi
 CHjz1O82wzx4bAVNdaKMpR8rz6bSyhZijmduMuYxxrvnKkl5BSHype9IAUo+etVz
 KxPnwGq9yJjf0RYdr9tttxiwXJaADD6/R/bO21SIi1JeKa5sCyoAA5nLDyJfXwyt
 KtlrzzM9NWqoQUi2SGmurHHEIBBmgg9RBBWvq+MNM0Ik7d9kIawCBlvPerVc4IH4
 bUvIXEnrQNOEwxmY/9nsUShQvkzuQbkwR3rpEYA3XemO0qW1t0Tkdp/3UY3TY6Sq
 EOTi9LkOquZnKd9GB7yl
 =Imm5
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2015-04-01' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
This contains just a single fix for a crash I happened to randomly
run into today during testing. It's clearly been around for a while,
but is pretty hard to trigger, even when I tried explicitly (and
modified the code to make it more likely) it rarely did.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 14:19:22 -04:00
Linus Torvalds
d4039314d0 IOMMU Fixes for Linux v4.0-rc6
This contains fixes for:
 
 	* A VT-d issue where hardware domain-ids might be freed while
 	  still in use.
 
 	* An ipmmu-vmsa issue where where the device-table was not zero
 	  terminated
 
 	* Unchecked register access issue in the arm-smmu driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVG+1oAAoJECvwRC2XARrjWB0P/i52bboZSEmU2oP8mMPTtJZa
 DUNUZeN2TspTmVjzQpKDLmeRKw4A0TDV6QJPceO7/AKKiMaovLdyeFXCsLIaIWWF
 i9n7pPCewE9Y/OE/Scxw+Urscf8t9PAp0YWWac0xjm0KzZMyVfU4JSev0Swn6wxq
 fP6xkAf24VcDldMwEP4vA3nMWs2RU6+ahF1M1EEUgAOXeXZRciZFh3sS+eNfl7Zo
 JijioP1X0/XLlKUJ6AUxm2tOkUCQ6XwEwmBA/V4NaCQMDe+8qXqgzSXtPbWcvCeK
 5bpS0tuiyegXalR90vm0VAoTn1oFFGdjBxqbQx1T8ew5by+3j7M18DbtCSfE6jUG
 W4IEabqSMe8Q3KLWrT/kbri0Kyb9WI8BnIqvNCwaDU6M+1iJrXFRMgEKzSl8I+yP
 aCMyKPBXbrZOopwX3drgbSYINDCDG3wQB2N0NbIuiZBrDeyX2wxOVPqWTsnqT766
 kTbZsMAr5aurs7lW3aiyuYbkyWV4prjDDpIIBwGrWyBdpcR2GFlD3+lo9cMjtGkE
 PF6M7W4AIaAoq4yD6N4ruUBfDBjY9jVwq06xQZVje5CbEdJ7NVxx9bO8Tz1NSPkV
 /Wo8tI+7b4tOuqks6vEb/uZqH4wXSLHyk5c+cy5uhR9StW+/IoIaEm6xYYHulG8i
 RGirVFSz4qgy1NGJrOqt
 =P6CS
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:
 "This contains fixes for:

   - a VT-d issue where hardware domain-ids might be freed while still
     in use.

   - an ipmmu-vmsa issue where where the device-table was not zero
     terminated

   - unchecked register access issue in the arm-smmu driver"

* tag 'iommu-fixes-v4.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Remove unused variable
  iommu: ipmmu-vmsa: Add terminating entry for ipmmu_of_ids
  iommu/vt-d: Detach domain *only* from attached iommus
  iommu/arm-smmu: fix ARM_SMMU_FEAT_TRANS_OPS condition
2015-04-01 10:29:55 -07:00
Rusty Russell
e1b7c029a3 lguest: now needs PCI_DIRECT.
Since commit 8e70946943 ("lguest: add a dummy PCI host bridge.")
lguest uses PCI, but it needs you to frob the ports directly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-04-01 10:29:05 -07:00
Linus Torvalds
b6c3a5946c This fixes a problem in the lazy time patches, which can cause
frequently updated inods to never have their timestamps updated.
 These changes guarantee that no timestamp on disk will be stale by
 more than 24 hours.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVGx6pAAoJEPL5WVaVDYGjh5cIAKQAyGST92IbTkxRZsxMgqnH
 7LQI+fbNn6oHGEjSSnsWLxl6CpwT4WrCmj8WhVmpAoTLU958nBbF7iZAaaeQCGeS
 3EqaNOlKvuOK9M5PKK7a5AWO04uJuj+t6s536OqHyB1zRb1yYMsywllPzu63eigA
 jxu2yZxkFIKjo2ohSaTDRONVCsQGlqgZ2Aq/Ho5vy5QffVJKTN1G/3Kf33xukUyr
 SAnndaax23jMqcFJE3gePYXc3W8EuGoloehKyo04qFeNNVMmSoytXAwMzcTmHn+H
 biOTN5ezSKbYzv1aevRg7UuSPv17/yIo3aEberfLBgsn5O4wJGDdS+LajaI5/x8=
 =0k0d
 -----END PGP SIGNATURE-----

Merge tag 'lazytime_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull lazytime fixes from Ted Ts'o:
 "This fixes a problem in the lazy time patches, which can cause
  frequently updated inods to never have their timestamps updated.

  These changes guarantee that no timestamp on disk will be stale by
  more than 24 hours"

* tag 'lazytime_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  fs: add dirtytime_expire_seconds sysctl
  fs: make sure the timestamps for lazytime inodes eventually get written
2015-04-01 10:05:42 -07:00
Linus Torvalds
1e848913f0 Merge branch 'for-4.0' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields:
 "Two main issues:

   - We found that turning on pNFS by default (when it's configured at
     build time) was too aggressive, so we want to switch the default
     before the 4.0 release.

   - Recent client changes to increase open parallelism uncovered a
     serious bug lurking in the server's open code.

  Also fix a krb5/selinux regression.

  The rest is mainly smaller pNFS fixes"

* 'for-4.0' of git://linux-nfs.org/~bfields/linux:
  sunrpc: make debugfs file creation failure non-fatal
  nfsd: require an explicit option to enable pNFS
  NFSD: Fix bad update of layout in nfsd4_return_file_layout
  NFSD: Take care the return value from nfsd4_encode_stateid
  NFSD: Printk blocklayout length and offset as format 0x%llx
  nfsd: return correct lockowner when there is a race on hash insert
  nfsd: return correct openowner when there is a race to put one in the hash
  NFSD: Put exports after nfsd4_layout_verify fail
  NFSD: Error out when register_shrinker() fail
  NFSD: Take care the return value from nfsd4_decode_stateid
  NFSD: Check layout type when returning client layouts
  NFSD: restore trace event lost in mismerge
2015-04-01 09:45:47 -07:00
David S. Miller
9c026424db Merge branch 'bnx2'
Yuval Mintz says:

====================
bnx2x: kdump related fixes

This patch series aims to fix bnx2x driver issues when loading in kdump kernel.
Both issues fixed here would be fatal to the device, requiring full reset of
the system in order to recover, preventing the device from serving its purpose
in the kdump environment.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:39 -04:00
Yuval Mintz
da254fbc63 bnx2x: Fix kdump when iommu=on
When IOMM-vtd is active, once main kernel crashes unfinished DMAE transactions
will be blocked, putting the HW in an error state which will cause further
transactions to timeout.

Current employed logic uses wrong macros, causing the first function to be the
only function that cleanups that error state during its probe/load.

This patch allows all the functions to successfully re-load in kdump kernel.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:39 -04:00
Yuval Mintz
3d6b72534a bnx2x: Fix kdump on 4-port device
When running in a kdump kernel, it's very likely that due to sync. loss with
management firmware the first PCI function to probe and reach the previous
unload flow would decide it can reset the chip and continue onward. While doing
so, it will only close its own Rx port.

On a 4-port device where 2nd port on engine is a 1g-port, the 2nd port would
allow ingress traffic after the chip is reset [assuming it was active on the
first kernel]. This would later cause a HW attention.

This changes driver flow to close both ports' 1g capabilities during the
previous driver unload flow prior to the chip reset.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: Ariel Elior <Ariel.Elior@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-01 12:30:38 -04:00
Johannes Berg
788211d81b mac80211: fix RX A-MPDU session reorder timer deletion
There's an issue with the way the RX A-MPDU reorder timer is
deleted that can cause a kernel crash like this:

 * tid_rx is removed - call_rcu(ieee80211_free_tid_rx)
 * station is destroyed
 * reorder timer fires before ieee80211_free_tid_rx() runs,
   accessing the station, thus potentially crashing due to
   the use-after-free

The station deletion is protected by synchronize_net(), but
that isn't enough -- ieee80211_free_tid_rx() need not have
run when that returns (it deletes the timer.) We could use
rcu_barrier() instead of synchronize_net(), but that's much
more expensive.

Instead, to fix this, add a field tracking that the session
is being deleted. In this case, the only re-arming of the
timer happens with the reorder spinlock held, so make that
code not rearm it if the session is being deleted and also
delete the timer after setting that field. This ensures the
timer cannot fire after ___ieee80211_stop_rx_ba_session()
returns, which fixes the problem.

Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-04-01 14:35:01 +02:00
Jeff Kirsher
2f30232481 MAINTAINERS: Update Intel Wired Ethernet Driver info
Update the git tree info with a recent change in tree names.  Also
add our new mailing list created solely for Linux kernel patches
and kernel development, as well as the new patchwork project for
tracking patches.  Lastly update the list of "reviewers" since a
couple of developers have moved on to different projects.

Made an update to the section header so that it is more manageable
going forward as we add new drivers.

Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2015-03-31 21:26:36 -07:00
Ying Xue
7e43690578 tipc: fix a slab object leak
When remove TIPC module, there is a warning to remind us that a slab
object is leaked like:

root@localhost:~# rmmod tipc
[   19.056226] =============================================================================
[   19.057549] BUG TIPC (Not tainted): Objects remaining in TIPC on kmem_cache_close()
[   19.058736] -----------------------------------------------------------------------------
[   19.058736]
[   19.060287] INFO: Slab 0xffffea0000519a00 objects=23 used=1 fp=0xffff880014668b00 flags=0x100000000004080
[   19.061915] INFO: Object 0xffff880014668000 @offset=0
[   19.062717] kmem_cache_destroy TIPC: Slab cache still has objects

This is because the listening socket of TIPC topology server is not
closed before TIPC proto handler is unregistered with proto_unregister().
However, as the socket is closed in tipc_exit_net() which is called by
unregister_pernet_subsys() during unregistering TIPC namespace operation,
the warning can be eliminated if calling unregister_pernet_subsys() is
moved before calling proto_unregister().

Fixes: e05b31f4bf ("tipc: make tipc socket support net namespace")
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 23:10:08 -04:00
Christian Hesse
347eec348a net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet
This device is sold as 'Lenovo Tinkpad USB 3.0 Ethernet 4X90E51405'.
Chipset is RTL8153 and works with r8152.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 17:15:37 -04:00
Eugene Crosser
ed4ac42217 af_iucv: fix AF_IUCV sendmsg() errno
When sending over AF_IUCV socket, errno was incorrectly set to
ENOMEM even when other values where appropriate, notably EAGAIN.
With this patch, error indicator returned by sock_alloc_send_skb()
is passed to the caller, rather than being overwritten with ENOMEM.

Signed-off-by: Eugene Crosser <Eugene.Crosser@ru.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 16:06:50 -04:00
Thomas Graf
fa2d8ff4e3 openvswitch: Return vport module ref before destruction
Return module reference before invoking the respective vport
->destroy() function. This is needed as ovs_vport_del() is not
invoked inside an RCU read side critical section so the kfree
can occur immediately before returning to ovs_vport_del().

Returning the module reference before ->destroy() is safe because
the module unregistration is blocked on ovs_lock which we hold
while destroying the datapath.

Fixes: 62b9c8d037 ("ovs: Turn vports with dependencies into separate modules")
Reported-by: Pravin Shelar <pshelar@nicira.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 15:59:50 -04:00
Jeff Layton
f9c72d10d6 sunrpc: make debugfs file creation failure non-fatal
We currently have a problem that SELinux policy is being enforced when
creating debugfs files. If a debugfs file is created as a side effect of
doing some syscall, then that creation can fail if the SELinux policy
for that process prevents it.

This seems wrong. We don't do that for files under /proc, for instance,
so Bruce has proposed a patch to fix that.

While discussing that patch however, Greg K.H. stated:

    "No kernel code should care / fail if a debugfs function fails, so
     please fix up the sunrpc code first."

This patch converts all of the sunrpc debugfs setup code to be void
return functins, and the callers to not look for errors from those
functions.

This should allow rpc_clnt and rpc_xprt creation to work, even if the
kernel fails to create debugfs files for some reason.

Symptoms were failing krb5 mounts on systems using gss-proxy and
selinux.

Fixes: 388f0c7767 "sunrpc: add a debugfs rpc_xprt directory..."
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-03-31 14:15:08 -04:00
Jiri Benc
5899f04785 netlink: pad nla_memcpy dest buffer with zeroes
This is especially important in cases where the kernel allocs a new
structure and expects a field to be set from a netlink attribute. If such
attribute is shorter than expected, the rest of the field is left containing
previous data. When such field is read back by the user space, kernel memory
content is leaked.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 14:07:24 -04:00
Anton Nayshtut
f5e2dc5d7f bonding: Bonding Overriding Configuration logic restored.
Before commit 3900f29021 ("bonding: slight
optimizztion for bond_slave_override()") the override logic was to send packets
with non-zero queue_id through the slave with corresponding queue_id, under two
conditions only - if the slave can transmit and it's up.

The above mentioned commit changed this logic by introducing an additional
condition - whether the bond is active (indirectly, using the slave_can_tx and
later - bond_is_active_slave), that prevents the user from implementing more
complex policies according to the Documentation/networking/bonding.txt.

Signed-off-by: Anton Nayshtut <anton@swortex.com>
Signed-off-by: Alexey Bogoslavsky <alexey@swortex.com>
Signed-off-by: Andy Gospodarek <gospo@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:49:45 -04:00
David S. Miller
d91e9015c7 Merge branch 'ipvlan-corruptions'
Jiri Benc says:

====================
ipvlan: list corruption and rcu fixes

This patch set fixes different issues leading to corrupted lists and
incorrect rcu usage.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:38 -04:00
Jiri Benc
e9997c2938 ipvlan: fix check for IP addresses in control path
When an ipvlan interface is down, its addresses are not on the hash list.
Fix checks for existence of addresses not to depend on the hash list, walk
through all interface addresses instead.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Acked-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc
40891e8ad6 ipvlan: do not use rcu operations for address list
All accesses to ipvlan->addrs are under rtnl.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc
2afa650ce2 ipvlan: protect against concurrent link removal
Adding and removing to the 'ipvlans' list is already done using _rcu list
operations.

Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Jiri Benc
27705f7085 ipvlan: fix addr hash list corruption
When ipvlan interface with IP addresses attached is brought down and then
deleted, the assigned addresses are deleted twice from the address hash
list, first on the interface down and second on the link deletion.
Similarly, when an address is added while the interface is down, it is added
second time once the interface is brought up.

When the interface is down, the addresses should be kept off the hash list
for performance reasons. Ensure this is true, which also fixes the double add
problem. To fix the double free, check whether the address is hashed before
removing it.

Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-31 13:28:33 -04:00
Linus Torvalds
6c310bc1ac File locking related fix for v4.0 (#5)
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVGaCRAAoJEAAOaEEZVoIVGrIQANdWqVT2cUApF/jwct5mgr+L
 63+sbhGq1qSIfI+OzK/3JeUQY+nl60KmHqWFbUays7Lfdc1Olu5WB/57e5o5ryne
 02xg0JqaUTvVTAncZihbyYwUJwIfO4Bwpylf0BmMVWRtV5TGyRDuB0pGuFFnM+jp
 ftQv5tJiXfiG0J9PActKVXs4vIvpJ7ZJYIdGYj96TXz9ZFaZWZ1VtfJKcafCK7OI
 4VHhoAkNQDUEKkwa5guIALS8M4hBfOeQUSqVTXrZ182JxRWOvEJKlPCsh1cj5sEe
 GowPG5Ci1LIEwLriME5H/eIe3jxR3bEGNMLgWfMEmuR5a8jc6yDisO025PO5lrfA
 bLFlaQQX28kq8oSfEgCpHW4rZX93JrhUViXdatLRlSsxMSirsIhwFMrdAPbmw996
 YmErsWF2rgFx5bU5Z7FPThygbeDs+8HFfJEhCJtIkv8CRjJZXfpjKJuJBMprIp8o
 x/PHJPMBkHQfFfeiQPKhVeNsO/7pYFpsw1HEJdkviNq8MS3lprwIcs8pzgdv+RGn
 bb8Pw+cCO7VQBbfUvj1qC74V5D3dvH3yNg8hpkQOWyReeqoavQVR4KIkC7p111lo
 Tm5wTEiG0gId3Z22FjzrzCeN/zfUsz43JGcwDqb5DMobQzs55IPz2/xSdmG48kmv
 Vh6s3/oPKlMYDrGQ9p1f
 =3opM
 -----END PGP SIGNATURE-----

Merge tag 'locks-v4.0-5' of git://git.samba.org/jlayton/linux

Pull file locking fix from Jeff Layton:
 "Another small fix for the lease overhaul"

* tag 'locks-v4.0-5' of git://git.samba.org/jlayton/linux:
  locks: fix file_lock deletion inside loop
2015-03-30 15:13:04 -07:00
Christoph Hellwig
f3f03330de nfsd: require an explicit option to enable pNFS
Turns out sending out layouts to any client is a bad idea if they
can't get at the storage device, so require explicit admin action
to enable pNFS.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-03-30 16:05:26 -04:00
Linus Torvalds
32374ea8fe Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
 "Nothing exciting.  Two patches to update queued trim blacklist"

* 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  libata: Blacklist queued TRIM on Samsung SSD 850 Pro
  libata: Update Crucial/Micron blacklist
2015-03-30 11:08:37 -07:00
Peter Ujfalusi
fbef403aa7 dmaengine: moxart-dma: Fix memory leak when stopping a running transfer
The vd->node is removed from the lists when the transfer started so the
vchan_get_all_descriptors() will not find it. This results memory leak.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:17:08 +05:30
Peter Ujfalusi
f931782917 dmaengine: bcm2835-dma: Fix memory leak when stopping a running transfer
The vd->node is removed from the lists when the transfer started so the
vchan_get_all_descriptors() will not find it. This results memory leak.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Acked-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:17:08 +05:30
Peter Ujfalusi
02d88b735f dmaengine: omap-dma: Fix memory leak when terminating running transfer
In omap_dma_start_desc the vdesc->node is removed from the virt-dma
framework managed lists (to be precise from the desc_issued list).
If a terminate_all comes before the transfer finishes the omap_desc will
not be freed up because it is not in any of the lists and we stopped the
DMA channel so the transfer will not going to complete.
There is no special sequence for leaking memory when using cyclic (audio)
transfer: with every start and stop of a cyclic transfer the driver leaks
struct omap_desc worth of memory.

Free up the allocated memory directly in omap_dma_terminate_all() since the
framework will not going to do that for us.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: <stable@vger.kernel.org>
CC: <linux-omap@vger.kernel.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:17:08 +05:30
Petr Kulhavy
5ca9e7ce6e dmaengine: edma: fix memory leak when terminating running transfers
If edma_terminate_all() was called while a transfer was running (i.e. after
edma_execute() but before edma_callback()) the echan->edesc was not freed.

This was due to the fact that a running transfer is on none of the
vchan lists: desc_submitted, desc_issued, desc_completed (edma_execute()
removes it from the desc_issued list), so the vchan_dma_desc_free_list()
called at the end of edma_terminate_all() didn't find it and didn't free it.

This bug was found on an AM1808 based hardware (very similar to da850evm,
however using the second MMC/SD controller), where intense operations on the SD
card wasted the device 128MB RAM within a couple of days.

Peter Ujfalusi:
The issue is even more severe since it affects cyclic (audio) transfers as
well. In this case starting/stopping audio will results memory leak.

Signed-off-by: Petr Kulhavy <petr@barix.com>
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: <stable@vger.kernel.org>
CC: <linux-omap@vger.kernel.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:17:08 +05:30
Lars-Peter Clausen
ca76683930 dmaengine: jz4740: Define capabilities
Setup the capabilities of the device/driver, so that users of the DMAengine API
can query them.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-30 23:00:23 +05:30
Linus Torvalds
29059af3f2 Late GPIO fixes:
- Syscon GPIO fix for Keystone DSP GPIOs
 - Pin number translation fix for ACPI GPIO
 - A smallish compiler warning fix on the mpc8xxx driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVGQHEAAoJEEEQszewGV1zFUwQAMofHNFAtoP80OYsJMktOsaO
 u5e+YYaLXgrFc5kE3V5gI8DBDRZRkw4SeNsBosIP3tUU8dmY/z5A8cvlwdeD5nsy
 StAWXcBHNlbAZA2AVHI04Q8+A05NMAOPR1Qq5HVmcsm9fFvTIbvfJgxICxPHbRN5
 6UNhdSwbdynLH8SUUdDx0/9Yq7xIXVReZX+pS5ksC1TC5nYSGU3txOSEODyHnsRL
 S3SNtCKBMTqp7twbpsMf15xff6xtM0I+c7bga+XoY+qydDD0fXkUaiLAAVW/zfUh
 ep/8kJiqzL0SgquP7/XunB9b4QejonqzYo2GUxKOw7B+gHmmICFrEMozQ1/w2vTc
 jjMAvRkI4jm209KragBK/vI23cMXNfphzW/WTJ39j9TKy25uQ2G/ZvD9c+Q2/RWN
 IuN5MFJm/OcVWPWv1GafheMFBQilRRKkl9PTVKScm4hFCbysnikj4++VdkZF9qZz
 CAc+waZld2yEX45Xu7zEyMRQPGoUVNJm321WMO9YC5WkYZTZbYPtt9VNgYiBQ2ZR
 LK0aQDlaviduujRqPxFv0bA6E6MmlJEWhQfIdFCPFkXfalUIpxgge3JBvuSG09w/
 pwVDMr2eGkeDqIHMcyC+upHMZvuJD6+Sw+0c+T4smTtlOt4JOQO74ysyqfzM/795
 25xx9hYMSlOzWvsq5WqW
 =02eY
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull late GPIO fixes from Linus Walleij:
 "Here are the (hopefully) last GPIO fixes for v4.0.  Nothing
  controversial whatsoever, just fixes:

   - syscon GPIO fix for Keystone DSP GPIOs

   - pin number translation fix for ACPI GPIO

   - a smallish compiler warning fix on the mpc8xxx driver"

* tag 'gpio-v4.0-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: syscon: reduce message level when direction reg offset not in dt
  gpiolib: translate pin number in GPIO ACPI callbacks
  gpio: mpc8xxx: remove __initdata annotation for mpc8xxx_gpio_ids[]
2015-03-30 09:14:41 -07:00
Kalle Valo
69628cd065 * fix a memory leak: we leaked memory each time the module
was loaded.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJVGOp+AAoJEC0Llv5uNjIBtnUQALBt98Uf5dWzzb1Kzw0EMB6k
 FMR5sY85BZz9EwvTIm5ZE0ZyLjZF2p8qvxw1mc2OWmaS5HIGOCKWXRRn9LqYmD4P
 kUcYotBpbxvTQI7rNa7ENjo2yXwEC7MPWRJcgjQdUD0NxdIc00SPe/Y5upyOreDn
 NmToXwl3f4SAoe4e7/QtjbG3tj2hlsFmkfDjW0bdlJBfcl+ug69aHEFOlEv/LYfS
 WLlWdBcFWBUjnn90AFtw9vm1zoqPCw9ogKp8RPjuTdKcOEdt9t5jTQk4BJ5v4Zoz
 KE1E1LB97cc7RUxeSBzlC023Getd2nypVQJdFw18PD23vJVvHVQxqqWS8GTVmKZ5
 ybnuSJLLUlZ7s2QjI6vY6y42OTP4q4g/q6dpm1Hcl+WUl7mKdDFmnOnzSnhV6E1O
 yqj3inetRwYXHRCc4hCLXQz1CH5c4/qwJfXvonHHz3Xp/L214u1KVoRyPXlYQo05
 KdjjdAOIdMxApT2Qv+lOGd8U9KtPT8SJcbkM17rwoabD9mXYg5/3g1Db3e0uk3wj
 zmFpAbSSsUb0YNGSNbWk1Ya6kvuenXQdgQSphtK+zvlJ6A3FAnwAxlYOFaKvXQ/i
 0wrSsRbEDySIAcwwnxR2tCc4P0O4pl1OCJ2SmqBIxmiUJ6nzNtUptOd2H8FyCAF1
 ocv0i4LEKEPuRizSc0+Y
 =wIgU
 -----END PGP SIGNATURE-----

Merge tag 'iwlwifi-for-kalle-2015-03-30' of https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes

* fix a memory leak: we leaked memory each time the module
was loaded.
2015-03-30 09:39:12 +03:00
Linus Torvalds
e42391cd04 Linux 4.0-rc6 2015-03-29 15:26:31 -07:00