aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-11ipv6 mcast: Do not join device multicast for interface-local multicasts.YOSHIFUJI Hideaki / 吉藤英明
RFC4291 (IPv6 addressing architecture) says that interface-Local scope spans only a single interface on a node. We should not join L2 device multicast list for addresses in interface-local (or smaller) scope. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10veth: fix NULL dereference in veth_dellink()Eric Dumazet
commit d0e2c55e7c940 (veth: avoid a NULL deref in veth_stats_one) added another NULL deref in veth_dellink(). # ip link add name veth1 type veth peer name veth0 # rmmod veth We crash because veth_dellink() is called twice, so we must take care of NULL peer. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10Merge branch 'mvrp'David S. Miller
David Ward says: ==================== The Linux kernel currently implements the GARP VLAN Registration Protocol (GVRP) from IEEE 802.1Q-1998 (applicant-only participant). When the GVRP flag is set for a VLAN interface on a Linux host, the host advertises its membership in the VLAN to the attached bridge/ switch, so that it is not necessary to manually configure the bridge/ switch port to participate in the VLAN. GVRP has been superseded by the Multiple VLAN Registration Protocol (MVRP) in IEEE 802.1Q-2011, which addresses scalability concerns about the earlier protocol. The following patches add support for MVRP to the Linux kernel and iproute2 utility. They are based largely off of the existing implementation of GVRP, but have been modified for the new PDU structure and state machine. This implementation was tested with two Juniper EX4200 switches. ==================== Signed-off-by: David Ward <david.ward@ll.mit.edu> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10net/8021q: Implement Multiple VLAN Registration Protocol (MVRP)David Ward
Initial implementation of the Multiple VLAN Registration Protocol (MVRP) from IEEE 802.1Q-2011, based on the existing implementation of the GARP VLAN Registration Protocol (GVRP). Signed-off-by: David Ward <david.ward@ll.mit.edu> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10net/802: Implement Multiple Registration Protocol (MRP)David Ward
Initial implementation of the Multiple Registration Protocol (MRP) from IEEE 802.1Q-2011, based on the existing implementation of the Generic Attribute Registration Protocol (GARP). Signed-off-by: David Ward <david.ward@ll.mit.edu> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10Merge branch 'vsock'David S. Miller
Andy King says: ==================== In an effort to improve the out-of-the-box experience with Linux kernels for VMware users, VMware is working on readying the VM Sockets (VSOCK, formerly VMCI Sockets) (vsock) kernel module for inclusion in the Linux kernel. The purpose of this post is to acquire feedback on the vsock kernel module. Unlike previous submissions, where the new socket family was entirely reliant on VMware's VMCI PCI device (and thus VMware's hypervisor), VM Sockets is now completely[1] separated out into two parts, each in its own module: o Core socket code, which is transport-neutral and invokes transport callbacks to communicate with the hypervisor. This is vsock.ko. o A VMCI transport, which communicates over VMCI with the VMware hypervisor. This is vmw_vsock_vmci_transport.ko, and it registers with the core module as a transport. This should provide a path to introducing additional transports, for example virtio, with the ultimate goal being to make this new socket family hypervisor-neutral. [1] If Gerd tries it and determines this to be false (still), I'll ship him a keg of beer. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-10VSOCK: Introduce VM SocketsAndy King
VM Sockets allows communication between virtual machines and the hypervisor. User level applications both in a virtual machine and on the host can use the VM Sockets API, which facilitates fast and efficient communication between guest virtual machines and their host. A socket address family, designed to be compatible with UDP and TCP at the interface level, is provided. Today, VM Sockets is used by various VMware Tools components inside the guest for zero-config, network-less access to VMware host services. In addition to this, VMware's users are using VM Sockets for various applications, where network access of the virtual machine is restricted or non-existent. Examples of this are VMs communicating with device proxies for proprietary hardware running as host applications and automated testing of applications running within virtual machines. The VMware VM Sockets are similar to other socket types, like Berkeley UNIX socket interface. The VM Sockets module supports both connection-oriented stream sockets like TCP, and connectionless datagram sockets like UDP. The VM Sockets protocol family is defined as "AF_VSOCK" and the socket operations split for SOCK_DGRAM and SOCK_STREAM. For additional information about the use of VM Sockets, please refer to the VM Sockets Programming Guide available at: https://www.vmware.com/support/developer/vmci-sdk/ Signed-off-by: George Zhang <georgezhang@vmware.com> Signed-off-by: Dmitry Torokhov <dtor@vmware.com> Signed-off-by: Andy king <acking@vmware.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller
Synchronize with 'net' in order to sort out some l2tp, wireless, and ipv6 GRE fixes that will be built on top of in 'net-next'. Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08cxgb4vf: Fix extraction of cpl_rx_pkt from the response queue descriptorVipul Pandya
This was preventing GRO and RxCheckSum offload to happen. Signed-off-by: Jay Hernandez <jay@chelsio.com> Signed-off-by: Vipul Pandya <vipul@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08net: sctp: sctp_auth_make_key_vector: use sctp_auth_create_keyDaniel Borkmann
In sctp_auth_make_key_vector, we allocate a temporary sctp_auth_bytes structure with kmalloc instead of the sctp_auth_create_key allocator. Change this to sctp_auth_create_key as it is the case everywhere else, so that we also can properly free it via sctp_auth_key_put. This makes it easier for future code changes in the structure and allocator itself, since a single API is consistently used for this purpose. Also, by using sctp_auth_create_key we're doing sanity checks over the arguments. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08macvlan: add a salt to mc_hash()Eric Dumazet
Some multicast addresses are common to all macvlans, so if a multicast message has a hash value collision, we have to deliver a copy to all macvlans, adding significant latency and possible packet drops if netdev_max_backlog limit is hit. Having a per macvlan hash function permits to reduce the impact of hash collisions. Suggested-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08macvlan: broadcast addr should be part of mc_filterEric Dumazet
commit cd431e738509e (macvlan: add multicast filter) forgot the broadcast case. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Maciej Żenczykowski <maze@google.com> SIgned-off-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08ipv6: fix a RCU warning in net/ipv6/ip6_flowlabel.cAmerigo Wang
This patch fixes the following RCU warning: [ 51.680236] =============================== [ 51.681914] [ INFO: suspicious RCU usage. ] [ 51.683610] 3.8.0-rc6-next-20130206-sasha-00028-g83214f7-dirty #276 Tainted: G W [ 51.686703] ------------------------------- [ 51.688281] net/ipv6/ip6_flowlabel.c:671 suspicious rcu_dereference_check() usage! we should use rcu_dereference_bh() when we hold rcu_read_lock_bh(). Reported-by: Sasha Levin <sasha.levin@oracle.com> Cc: David S. Miller <davem@davemloft.net> Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08drivers: net: Remove remaining alloc/OOM messagesJoe Perches
alloc failures already get standardized OOM messages and a dump_stack. For the affected mallocs around these OOM messages: Converted kmallocs with multiplies to kmalloc_array. Converted a kmalloc/memcpy to kmemdup. Removed now unused stack variables. Removed unnecessary parentheses. Neatened alignment. Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Arend van Spriel <arend@broadcom.com> Acked-by: Marc Kleine-Budde <mkl@pengutronix.de> Acked-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08bgmac: fix "cmdcfg" calls for promisc and loopback modesRafał Miłecki
The last (bool) parameter in bgmac_cmdcfg_maskset says if the write should be made, even if value didn't change. Currently driver doesn't match the specs about (not) forcing some changes. This makes it follow them. Reported-by: Nathan Hintz <nlhintz@hotmail.com> Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08bgmac: validate (and random if needed) MAC addrRafał Miłecki
This adds check for a valid Ethernet MAC address and in case it is not, it will generate a valid random one, such that the adapter is still usable. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08skbuff: Move definition of NETDEV_FRAG_PAGE_MAX_SIZEAlexander Duyck
In order to address the fact that some devices cannot support the full 32K frag size we need to have the value accessible somewhere so that we can use it to do comparisons against what the device can support. As such I am moving the values out of skbuff.c and into skbuff.h. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-09Linux 3.8-rc7v3.8-rc7Linus Torvalds
2013-02-09Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-armLinus Torvalds
Pull ARM fixes from Russell King: "I was going to hold these off until v3.8 was out, and send them with a stable tag, but as everyone else is pushing much bigger fixes which Linus is accepting, let's save people from the hastle of having to patch v3.8 back into working or use a stable kernel. Looking at the diffstat, this really is high value for its size; this is miniscule compared to how the -rc6 to tip diffstat currently looks. So, four patches in this set: - Punit Agrawal reports that the kernel no longer boots on MPCore due to a new assumption made in the GIC code which isn't true of earlier GIC designs. This is the biggest change in this set. - Punit's boot log also revealed a bunch of WARN_ON() dumps caused by the DT-ification of the GIC support without fixing up non-DT Realview - which now sees a greater number of interrupts than it did before. - A fix for the DMA coherent code from Marek which uses the wrong check for atomic allocations; this can result in spinlock lockups or other nasty effects. - A fix from Will, which will affect all Android based platforms if not applied (which use the 2G:2G VM split) - this causes particularly 'make' to misbehave unless this bug is fixed." * 'fixes' of git://git.linaro.org/people/rmk/linux-arm: ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is aligned ARM: DMA mapping: fix bad atomic test ARM: realview: ensure that we have sufficient IRQs available ARM: GIC: fix GIC cpumask initialization
2013-02-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: 1) Revert iwlwifi reclaimed packet tracking, it causes problems for a bunch of folks. From Emmanuel Grumbach. 2) Work limiting code in brcmsmac wifi driver can clear tx status without processing the event. From Arend van Spriel. 3) rtlwifi USB driver processes wrong SKB, fix from Larry Finger. 4) l2tp tunnel delete can race with close, fix from Tom Parkin. 5) pktgen_add_device() failures are not checked at all, fix from Cong Wang. 6) Fix unintentional removal of carrier off from tun_detach(), otherwise we confuse userspace, from Michael S. Tsirkin. 7) Don't leak socket reference counts and ubufs in vhost-net driver, from Jason Wang. 8) vmxnet3 driver gets it's initial carrier state wrong, fix from Neil Horman. 9) Protect against USB networking devices which spam the host with 0 length frames, from Bjørn Mork. 10) Prevent neighbour overflows in ipv6 for locally destined routes, from Marcelo Ricardo. This is the best short-term fix for this, a longer term fix has been implemented in net-next. 11) L2TP uses ipv4 datagram routines in it's ipv6 code, whoops. This mistake is largely because the ipv6 functions don't even have some kind of prefix in their names to suggest they are ipv6 specific. From Tom Parkin. 12) Check SYN packet drops properly in tcp_rcv_fastopen_synack(), from Yuchung Cheng. 13) Fix races and TX skb freeing bugs in via-rhine's NAPI support, from Francois Romieu and your's truly. 14) Fix infinite loops and divides by zero in TCP congestion window handling, from Eric Dumazet, Neal Cardwell, and Ilpo Järvinen. 15) AF_PACKET tx ring handling can leak kernel memory to userspace, fix from Phil Sutter. 16) Fix error handling in ipv6 GRE tunnel transmit, from Tommi Rantala. 17) Protect XEN netback driver against hostile frontend putting garbage into the rings, don't leak pages in TX GOP checking, and add proper resource releasing in error path of xen_netbk_get_requests(). From Ian Campbell. 18) SCTP authentication keys should be cleared out and released with kzfree(), from Daniel Borkmann. 19) L2TP is a bit too clever trying to maintain skb->truesize, and ends up corrupting socket memory accounting to the point where packet sending is halted indefinitely. Just remove the adjustments entirely, they aren't really needed. From Eric Dumazet. 20) ATM Iphase driver uses a data type with the same name as the S390 headers, rename to fix the build. From Heiko Carstens. 21) Fix a typo in copying the inner network header offset from one SKB to another, from Pravin B Shelar. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits) net: sctp: sctp_endpoint_free: zero out secret key data net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree atm/iphase: rename fregt_t -> ffreg_t net: usb: fix regression from FLAG_NOARP code l2tp: dont play with skb->truesize net: sctp: sctp_auth_key_put: use kzfree instead of kfree netback: correct netbk_tx_err to handle wrap around. xen/netback: free already allocated memory on failure in xen_netbk_get_requests xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. xen/netback: shutdown the ring if it contains garbage. net: qmi_wwan: add more Huawei devices, including E320 net: cdc_ncm: add another Huawei vendor specific device ipv6/ip6_gre: fix error case handling in ip6gre_tunnel_xmit() tcp: fix for zero packets_in_flight was too broad brcmsmac: rework of mac80211 .flush() callback operation ssb: unregister gpios before unloading ssb bcma: unregister gpios before unloading bcma rtlwifi: Fix scheduling while atomic bug net: usbnet: fix tx_dropped statistics tcp: ipv6: Update MIB counters for drops ...
2013-02-08Merge branch 'wireless'David S. Miller
John W. Linville says: ==================== Please accept this pull request intended for the 3.9 stream! Included are a mac80211 pull, an iwlwifi pull (actually two -- one was a fast-forward), a wl12xx pull, and a couple of Bluetooth pulls. On mac80211, Johannes says: "I've included * AKM definitions from Bing, * mesh fixes from Thomas, including a fix from him for me breaking his patch while applying, * channel check fix from Simon, * an old patch from Yoni Divinsky who doesn't even work for TI any more, to configure the WEP TX key for ARP offload etc. * MAC ACL API from Vasanth * a fix for the infamous chanctx_conf warning from Arnd * from myself, a fix for my previous aggregation changes, some cleanup and some improvements and fixes for WoWLAN" On iwlwifi, Johannes says: "Two small changes for iwlwifi-next, one to update all our Copyright notices and one to provide the RX page order." And also: "So what I have here is some cleanups, preparations and the new MVM (multi-virtual MAC) driver itself and (this is new) some work on the transport API as well as a message flooding fix." On wl12xx, Luca says: "Lots of bugfixes and improvements in our TI wireless drivers, including support for multi-channel. Intended for 3.9." On Bluetooth, Gustavo says: "This is my first pull request to 3.9. The biggest changes here are from Johan Hedberg who made a lot of fixes in the Management interface. The issues arose due to a new test tool we wrote and the usage of the Management interface as default in BlueZ 5. The rest of the patches are more clean ups and small fixes." And also: "Here goes another batch intended for 3.9, the majority of the patch here are from Johan who is fixing many issues in the management interface that have appeared lately. The rest of the patches are just small improvements, fixes and clean ups." Along with those are the usual variety of updates/enhancements to the mwl8k, mwifiex, ath9k, rtlwifi, and rt2x00 drivers as well as a few updates for the ssb and bcma busses. I don't think there are any big headliners there. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08Merge branch 'sctp_keys'David S. Miller
Daniel Borkmann says: ==================== Cryptographically used keys should be zeroed out when our session ends resp. memory is freed, thus do not leave them somewhere in the memory. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08net: sctp: sctp_endpoint_free: zero out secret key dataDaniel Borkmann
On sctp_endpoint_destroy, previously used sensitive keying material should be zeroed out before the memory is returned, as we already do with e.g. auth keys when released. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfreeDaniel Borkmann
In sctp_setsockopt_auth_key, we create a temporary copy of the user passed shared auth key for the endpoint or association and after internal setup, we free it right away. Since it's sensitive data, we should zero out the key before returning the memory back to the allocator. Thus, use kzfree instead of kfree, just as we do in sctp_auth_key_put(). Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08atm/iphase: rename fregt_t -> ffreg_tHeiko Carstens
We have conflicting type qualifiers for "freg_t" in s390's ptrace.h and the iphase atm device driver, which causes the compile error below. Unfortunately the s390 typedef can't be renamed, since it's a user visible api, nor can I change the include order in s390 code to avoid the conflict. So simply rename the iphase typedef to a new name. Fixes this compile error: In file included from drivers/atm/iphase.c:66:0: drivers/atm/iphase.h:639:25: error: conflicting type qualifiers for 'freg_t' In file included from next/arch/s390/include/asm/ptrace.h:9:0, from next/arch/s390/include/asm/lowcore.h:12, from next/arch/s390/include/asm/thread_info.h:30, from include/linux/thread_info.h:54, from include/linux/preempt.h:9, from include/linux/spinlock.h:50, from include/linux/seqlock.h:29, from include/linux/time.h:5, from include/linux/stat.h:18, from include/linux/module.h:10, from drivers/atm/iphase.c:43: next/arch/s390/include/uapi/asm/ptrace.h:197:3: note: previous declaration of 'freg_t' was here Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: chas williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
2013-02-08ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is alignedWill Deacon
We have received multiple reports of mmap failures when running with a 2:2 vm split. These manifest as either -EINVAL with a non page-aligned address (ending 0xaaa) or a SEGV, depending on the application. The issue is commonly observed in children of make, which appears to use bottom-up mmap (assumedly because it changes the stack rlimit). Further investigation reveals that this regression was triggered by 394ef6403abc ("mm: use vm_unmapped_area() on arm architecture"), whereby TASK_UNMAPPED_BASE is no longer page-aligned for bottom-up mmap, causing get_unmapped_area to choke on misaligned addressed. This patch fixes the problem by defining TASK_UNMAPPED_BASE in terms of TASK_SIZE and explicitly aligns the result to 16M, matching the other end of the heap. Acked-by: Nicolas Pitre <nico@linaro.org> Reported-by: Steve Capper <steve.capper@arm.com> Reported-by: Jean-Francois Moine <moinejf@free.fr> Reported-by: Christoffer Dall <cdall@cs.columbia.edu> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-02-08ARM: DMA mapping: fix bad atomic testRussell King
Realview fails to boot with this warning: BUG: spinlock lockup suspected on CPU#0, init/1 lock: 0xcf8bde10, .magic: dead4ead, .owner: init/1, .owner_cpu: 0 Backtrace: [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:cf8bde10 r5:cf83d1c0 r4:cf8bde10 r3:cf83d1c0 [<c03294d0>] (dump_stack+0x0/0x1c) from [<c018926c>] (spin_dump+0x84/0x98) [<c01891e8>] (spin_dump+0x0/0x98) from [<c0189460>] (do_raw_spin_lock+0x100/0x198) [<c0189360>] (do_raw_spin_lock+0x0/0x198) from [<c032cbac>] (_raw_spin_lock+0x3c/0x44) [<c032cb70>] (_raw_spin_lock+0x0/0x44) from [<c01c9224>] (pl011_console_write+0xe8/0x11c) [<c01c913c>] (pl011_console_write+0x0/0x11c) from [<c002aea8>] (call_console_drivers.clone.7+0xdc/0x104) [<c002adcc>] (call_console_drivers.clone.7+0x0/0x104) from [<c002b320>] (console_unlock+0x2e8/0x454) [<c002b038>] (console_unlock+0x0/0x454) from [<c002b8b4>] (vprintk_emit+0x2d8/0x594) [<c002b5dc>] (vprintk_emit+0x0/0x594) from [<c0329718>] (printk+0x3c/0x44) [<c03296dc>] (printk+0x0/0x44) from [<c002929c>] (warn_slowpath_common+0x28/0x6c) [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c) [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0070ab0>] (lockdep_trace_alloc+0xd8/0xf0) [<c00709d8>] (lockdep_trace_alloc+0x0/0xf0) from [<c00c0850>] (kmem_cache_alloc+0x24/0x11c) [<c00c082c>] (kmem_cache_alloc+0x0/0x11c) from [<c00bb044>] (__get_vm_area_node.clone.24+0x7c/0x16c) [<c00bafc8>] (__get_vm_area_node.clone.24+0x0/0x16c) from [<c00bb7b8>] (get_vm_area_caller+0x48/0x54) [<c00bb770>] (get_vm_area_caller+0x0/0x54) from [<c0020064>] (__alloc_remap_buffer.clone.15+0x38/0xb8) [<c002002c>] (__alloc_remap_buffer.clone.15+0x0/0xb8) from [<c0020244>] (__dma_alloc+0x160/0x2c8) [<c00200e4>] (__dma_alloc+0x0/0x2c8) from [<c00204d8>] (arm_dma_alloc+0x88/0xa0)[<c0020450>] (arm_dma_alloc+0x0/0xa0) from [<c00beb00>] (dma_pool_alloc+0xcc/0x1a8) [<c00bea34>] (dma_pool_alloc+0x0/0x1a8) from [<c01a9d14>] (pl08x_fill_llis_for_desc+0x28/0x568) [<c01a9cec>] (pl08x_fill_llis_for_desc+0x0/0x568) from [<c01aab8c>] (pl08x_prep_slave_sg+0x258/0x3b0) [<c01aa934>] (pl08x_prep_slave_sg+0x0/0x3b0) from [<c01c9f74>] (pl011_dma_tx_refill+0x140/0x288) [<c01c9e34>] (pl011_dma_tx_refill+0x0/0x288) from [<c01ca748>] (pl011_start_tx+0xe4/0x120) [<c01ca664>] (pl011_start_tx+0x0/0x120) from [<c01c54a4>] (__uart_start+0x48/0x4c) [<c01c545c>] (__uart_start+0x0/0x4c) from [<c01c632c>] (uart_start+0x2c/0x3c) [<c01c6300>] (uart_start+0x0/0x3c) from [<c01c795c>] (uart_write+0xcc/0xf4) [<c01c7890>] (uart_write+0x0/0xf4) from [<c01b0384>] (n_tty_write+0x1c0/0x3e4) [<c01b01c4>] (n_tty_write+0x0/0x3e4) from [<c01acfe8>] (tty_write+0x144/0x240) [<c01acea4>] (tty_write+0x0/0x240) from [<c01ad17c>] (redirected_tty_write+0x98/0xac) [<c01ad0e4>] (redirected_tty_write+0x0/0xac) from [<c00c371c>] (vfs_write+0xbc/0x150) [<c00c3660>] (vfs_write+0x0/0x150) from [<c00c39c0>] (sys_write+0x4c/0x78) [<c00c3974>] (sys_write+0x0/0x78) from [<c0014460>] (ret_fast_syscall+0x0/0x3c) This happens because the DMA allocation code is not respecting atomic allocations correctly. GFP flags should not be tested for GFP_ATOMIC to determine if an atomic allocation is being requested. GFP_ATOMIC is not a flag but a value. The GFP bitmask flags are all prefixed with __GFP_. The rest of the kernel tests for __GFP_WAIT not being set to indicate an atomic allocation. We need to do the same. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-02-08ARM: realview: ensure that we have sufficient IRQs availableRussell King
Realview EB with a rev B MPcore tile results in lots of warnings at boot because it can't allocate enough IRQs. Fix this by increasing the number of available IRQs. WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:757 gic_init_bases+0x12c/0x2ec() Cannot allocate irq_descs @ IRQ96, assuming pre-allocated Modules linked in: Backtrace: [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002f5 r5:c042c62c r4:c044ff40 r3:c045f240 [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c) [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029384>] (warn_slowpath_fmt+0x38/0x40) [<c002934c>] (warn_slowpath_fmt+0x0/0x40) from [<c042c62c>] (gic_init_bases+0x12c/0x2ec) [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8) [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24) [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300) [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070) ---[ end trace 1b75b31a2719ed1c ]--- ------------[ cut here ]------------ WARNING: at /home/rmk/git/linux-rmk/kernel/irq/irqdomain.c:234 irq_domain_add_legacy+0x80/0x140() Modules linked in: Backtrace: [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000000ea r5:c0081a38 r4:00000000 r3:c045f240 [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c) [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c) [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0081a38>] (irq_domain_add_legacy+0x80/0x140) [<c00819b8>] (irq_domain_add_legacy+0x0/0x140) from [<c042c64c>] (gic_init_bases+0x14c/0x2ec) [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8) [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24) [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300) [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070) ---[ end trace 1b75b31a2719ed1d ]--- ------------[ cut here ]------------ WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:762 gic_init_bases+0x170/0x2ec() Modules linked in: Backtrace: [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002fa r5:c042c670 r4:00000000 r3:c045f240 [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c) [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c) [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c042c670>] (gic_init_bases+0x170/0x2ec) [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8) [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24) [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300) [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070) ---[ end trace 1b75b31a2719ed1e ]--- Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-02-08ARM: GIC: fix GIC cpumask initializationRussell King
Punit Agrawal reports: > I was trying to boot 3.8-rc5 on Realview EB 11MPCore using > realview-smp_defconfig as a starting point but the kernel failed to > progress past the log below (config attached). > > Pawel suggested I try reverting 384a290283f - "ARM: gic: use a private > mapping for CPU target interfaces" that you've authored. With this > commit reverted the kernel boots. > > I am not quite sure why the commit breaks 11MPCore but Pawel (cc'd) > might be able to shed light on that. Some early GIC implementations return zero for the first distributor CPU routing register. This means we can't rely on that telling us which CPU interface we're connected to. We know that these platforms implement PPIs for IRQs 29-31 - but we shouldn't assume that these will always be populated. So, instead, scan for a non-zero CPU routing register in the first 32 IRQs and use that as our CPU mask. Reported-by: Punit Agrawal <punit.agrawal@arm.com> Reviewed-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2013-02-08Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull drm regression fix from Dave Airlie: "This one fixes a sleep while locked regression that was introduced earlier in 3.8." * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/ttm: fix fence locking in ttm_buffer_object_transfer, 2nd try
2013-02-08net: usb: fix regression from FLAG_NOARP codeLucas Stach
In commit 6509141f9c2ba74df6cc72ec35cd1865276ae3a4 ("usbnet: add new flag FLAG_NOARP for usb net devices"), the newly added flag NOARP was using an already defined value, which broke drivers using flag MULTI_PACKET. Signed-off-by: Lucas Stach <dev@lynxeye.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-08l2tp: dont play with skb->truesizeEric Dumazet
Andrew Savchenko reported a DNS failure and we diagnosed that some UDP sockets were unable to send more packets because their sk_wmem_alloc was corrupted after a while (tx_queue column in following trace) $ cat /proc/net/udp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode ref pointer drops ... 459: 00000000:0270 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 4507 2 ffff88003d612380 0 466: 00000000:0277 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 4802 2 ffff88003d613180 0 470: 076A070A:007B 00000000:0000 07 FFFF4600:00000000 00:00000000 00000000 123 0 5552 2 ffff880039974380 0 470: 010213AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 4986 2 ffff88003dbd3180 0 470: 010013AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 4985 2 ffff88003dbd2e00 0 470: 00FCA8C0:007B 00000000:0000 07 FFFFFB00:00000000 00:00000000 00000000 0 0 4984 2 ffff88003dbd2a80 0 ... Playing with skb->truesize is tricky, especially when skb is attached to a socket, as we can fool memory charging. Just remove this code, its not worth trying to be ultra precise in xmit path. Reported-by: Andrew Savchenko <bircoph@gmail.com> Tested-by: Andrew Savchenko <bircoph@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07Merge branch 'tg3'David S. Miller
Attention linux-next maintainer, you will hit a merge conflict between this merge and the mips tree, the resolution is to preserve the removal of uses of nvram_geenv() and nvram_parse_macaddr() from the net-next side. Hauke Mehrtens says: ==================== These patches are adding support for the Ethernet core found in the BCM4705/BCM4785 SoC. This is based on current master of davem/net-next.git. v4: * move setting of DMA_RWCTRL_ONE_DMA v3: * combined first two patches into one patch v2: * use of struct sprom in ssb_gige_get_macaddr() instead of accessing the nvram directly * add return value to ssb_gige_get_macaddr() * try to read the mac address from ssb core before accessing the own registers. * fix two checkpatch warnings ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07tg3: add support for Ethernet core in bcm4785Hauke Mehrtens
The BCM4785 or sometimes named BMC4705 is a Broadcom SoC which a Gigabit 5750 Ethernet core. The core is connected via PCI with the rest of the SoC, but it uses some extension. This core does not use a firmware or an eeprom. Some devices only have a switch which supports 100MBit/s, this currently does not work with this driver. This patch was original written by Michael Buesch <m@bues.ch> and is in OpenWrt for some years now. This was tested on a Linksys WRT610N V1 and older versions of this patch were tested by other people on different devices. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07tg3: make it possible to provide phy_id in ioctlHauke Mehrtens
In OpenWrt we currently use a switch driver which uses the ioctls to configure the switch in the phy. We have to provide the phy_id to do so, but without this patch this is not possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07ssb: get mac address from sprom struct for gige driverHauke Mehrtens
The mac address is already stored in the sprom structure by the platform code of the SoC this Ethernet core is found on, it just has to be fetched from this structure instead of accessing the nvram here. This patch also adds a return value to indicate if a mac address could be fetched from the sprom structure. When CONFIG_SSB_DRIVER_GIGE is not set the header file now also declares ssb_gige_get_macaddr(). Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Michael Buesch <m@bues.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07net: sctp: sctp_auth_make_key_vector: remove duplicate ntohs callsDaniel Borkmann
Instead of calling 3 times ntohs(random->param_hdr.length), 2 times ntohs(hmacs->param_hdr.length), and 3 times ntohs(chunks->param_hdr.length) within the same function, we only call each once and store it in a variable. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07net: sctp: sctp_auth_key_put: use kzfree instead of kfreeDaniel Borkmann
For sensitive data like keying material, it is common practice to zero out keys before returning the memory back to the allocator. Thus, use kzfree instead of kfree. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07Merge branch 'fixes' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch into openvswitch Jesse Gross says: ==================== One bug fix for net/3.8 for a long standing problem that was reported a few times recently. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07net: fec: fix spin_lock dead lockFrank Li
========================================================= [ INFO: possible irq lock inversion dependency detected ] 3.8.0-rc5+ #82 Not tainted --------------------------------------------------------- swapper/0/0 just changed the state of lock: (&(&fep->hw_lock)->rlock){..-...}, at: [<8034e2f8>] fec_enet_start_xmit+0x48/0x 2cc but this lock took another, SOFTIRQ-unsafe lock in the past: (prepare_lock){+.+.+.} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(prepare_lock); local_irq_disable() lock(&(&fep->hw_lock)->rlock); lock(prepare_lock); <Interrupt> lock(&(&fep->hw_lock)->rlock); *** DEADLOCK *** Signed-off-by: Frank Li <Frank.Li@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07net: fec: correct fix method about miss init spinlockFrank Li
Old method will cause init spinlock twice. New method will avoid init spinlock twice and fix miss init spinlock at fec_restart. BUG: spinlock bad magic on CPU#1, swapper/0/1 lock: 0xbfae0f8c, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 Backtrace: [<80011d54>] (dump_backtrace+0x0/0x10c) from [<804e7800>] (dump_stack+0x18/0x1c) r6:bfae0000 r5:bfae0f8c r4:00000000 r3:806c1310 [<804e77e8>] (dump_stack+0x0/0x1c) from [<804e9f20>] (spin_dump+0x80/0x94) [<804e9ea0>] (spin_dump+0x0/0x94) from [<804e9f60>] (spin_bug+0x2c/0x30) r5:805f6f8c r4:bfae0f8c [<804e9f34>] (spin_bug+0x0/0x30) from [<80257984>] (do_raw_spin_lock+0x170/0x1b0 ) r5:806b4950 r4:bfae0f8c [<80257814>] (do_raw_spin_lock+0x0/0x1b0) from [<804ed15c>] (_raw_spin_lock_irqs ave+0x18/0x20) [<804ed144>] (_raw_spin_lock_irqsave+0x0/0x20) from [<8033c694>] (fec_ptp_start_ cyclecounter+0x3c/0x120) r4:bfae0f8c r3:00000002 [<8033c658>] (fec_ptp_start_cyclecounter+0x0/0x120) from [<80339e08>] (fec_resta rt+0x56c/0x5f8) r8:00000000 r7:806e6f48 r6:00000112 r5:806b4950 r4:bfae0000 [<8033989c>] (fec_restart+0x0/0x5f8) from [<8033b9e4>] (fec_probe+0x508/0xa48) Signed-off-by: Frank Li <Frank.Li@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07mlx4_en: Fix BQL reset TX queue call pointTom Herbert
Fix issue in Mellanox driver related to BQL. netdev_tx_reset_queue was not being called in certain situations where the device was being start and stopped. Moved netdev_tx_reset_queue from the reset device path to mlx4_en_free_tx_buf which is where the rings are cleaned in a reset (specifically from device being stopped). Signed-off-by: Tom Herbert <therbert@google.com> Acked-By: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07Merge branch 'netback'David S. Miller
Ian Campbell says: ==================== The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. The following series contains the fixes for these issues, as previously included in Xen Security Advisory 39: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html Changes in v2: - Typo and block comment format fixes - Added stable Cc ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07netback: correct netbk_tx_err to handle wrap around.Ian Campbell
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07xen/netback: free already allocated memory on failure in xen_netbk_get_requestsIan Campbell
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop.Matthew Daley
Signed-off-by: Matthew Daley <mattjd@gmail.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07xen/netback: shutdown the ring if it contains garbage.Ian Campbell
A buggy or malicious frontend should not be able to confuse netback. If we spot anything which is not as it should be then shutdown the device and don't try to continue with the ring in a potentially hostile state. Well behaved and non-hostile frontends will not be penalised. As well as making the existing checks for such errors fatal also add a new check that ensures that there isn't an insane number of requests on the ring (i.e. more than would fit in the ring). If the ring contains garbage then previously is was possible to loop over this insane number, getting an error each time and therefore not generating any more pending requests and therefore not exiting the loop in xen_netbk_tx_build_gops for an externded period. Also turn various netdev_dbg calls which no precipitate a fatal error into netdev_err, they are rate limited because the device is shutdown afterwards. This fixes at least one known DoS/softlockup of the backend domain. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Jan Beulich <JBeulich@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07Merge branch 'mlx4'David S. Miller
Amir Vadai says: ==================== This series from Yan Burman adds support for unicast MAC address filtering and ndo FDB operations. It also includes some optimizations to loopback related decisions and checks in the TX/RX fast path and one cleanup, all in separate patches. Today, when adding macvlan devices, the NIC goes into promiscuous mode, since unicast MAC filtering is not supported. With these changes, macvlan devices can be added without the penalty of promiscuous mode. If for some reason adding a unicast address filter fails e.g as of missing space in the HW mac table, the device forces itself into promiscuous mode (and out of this forced state when enough space is available). Also, now it is possible to have bridge under multi-function configuration that include PF and VFs. In order to use bridge over PF/VFs, VM MAC fdb entries must be added e.g. using 'bridge fdb add' command. Changes from v1 - based on more comments from Eric Dumazet: * added failure handling when adding unicast address filter Changes from v0 - based on comments from Eric Dumazet: * Removed unneeded synchronize_rcu() * Use kfree_rcu() instead of synchronize_rcu() + kfree() ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-07net/mlx4_en: Implement ndo fdb functionalityYan Burman
Add support for setting embedded switch fdb in case of SRIOV, by implementing ndo_fdb_{add, del, dump}. This will allow to use bridged configuration with multi-function. In order to add VM MAC to the eSwitch fdb, the following command may be used over the relevant function interface: bridge fdb add <MAC> permanent self dev <IFACE> Signed-off-by: Yan Burman <yanb@mellanox.com> Signed-off-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>