Commit Graph

721232 Commits

Author SHA1 Message Date
Willem de Bruijn
0c19f846d5 net: accept UFO datagrams from tuntap and packet
Tuntap and similar devices can inject GSO packets. Accept type
VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively.

Processes are expected to use feature negotiation such as TUNSETOFFLOAD
to detect supported offload types and refrain from injecting other
packets. This process breaks down with live migration: guest kernels
do not renegotiate flags, so destination hosts need to expose all
features that the source host does.

Partially revert the UFO removal from 182e0b6b5846~1..d9d30adf5677.
This patch introduces nearly(*) no new code to simplify verification.
It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP
insertion and software UFO segmentation.

It does not reinstate protocol stack support, hardware offload
(NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception
of VIRTIO_NET_HDR_GSO_UDP packets in tuntap.

To support SKB_GSO_UDP reappearing in the stack, also reinstate
logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD
by squashing in commit 939912216f ("net: skb_needs_check() removes
CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee643
("net: avoid skb_warn_bad_offload false positives on UFO").

(*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id,
ipv6_proxy_select_ident is changed to return a __be32 and this is
assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted
at the end of the enum to minimize code churn.

Tested
  Booted a v4.13 guest kernel with QEMU. On a host kernel before this
  patch `ethtool -k eth0` shows UFO disabled. After the patch, it is
  enabled, same as on a v4.13 host kernel.

  A UFO packet sent from the guest appears on the tap device:
    host:
      nc -l -p -u 8000 &
      tcpdump -n -i tap0

    guest:
      dd if=/dev/zero of=payload.txt bs=1 count=2000
      nc -u 192.16.1.1 8000 < payload.txt

  Direct tap to tap transmission of VIRTIO_NET_HDR_GSO_UDP succeeds,
  packets arriving fragmented:

    ./with_tap_pair.sh ./tap_send_ufo tap0 tap1
    (from https://github.com/wdebruij/kerneltools/tree/master/tests)

Changes
  v1 -> v2
    - simplified set_offload change (review comment)
    - documented test procedure

Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@mail.gmail.com>
Fixes: fb652fdfe8 ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.")
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:37:35 +09:00
Tobias Jakobi
9e77d7a554 net: realtek: r8169: implement set_link_ksettings()
Commit 6fa1ba6152 partially
implemented the new ethtool API, by replacing get_settings()
with get_link_ksettings(). This breaks ethtool, since the
userspace tool (according to the new API specs) never tries
the legacy set() call, when the new get() call succeeds.

All attempts to chance some setting from userspace result in:
> Cannot set new settings: Operation not supported

Implement the missing set() call.

Signed-off-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de>
Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:36:31 +09:00
David Ahern
98d11291d1 net: ipv6: Fixup device for anycast routes during copy
Florian reported a breakage with anycast routes due to commit
4832c30d54 ("net: ipv6: put host and anycast routes on device with
address"). Prior to this commit anycast routes were added against the
loopback device causing repetitive route entries with no insight into
why they existed. e.g.:
  $ ip -6 ro ls  table local type anycast
  anycast 2001:db8:1:: dev lo proto kernel metric 0 pref medium
  anycast 2001:db8:2:: dev lo proto kernel metric 0 pref medium
  anycast fe80:: dev lo proto kernel metric 0 pref medium
  anycast fe80:: dev lo proto kernel metric 0 pref medium

The point of commit 4832c30d54 is to add the routes using the device
with the address which is causing the route to be added. e.g.,:
  $ ip -6 ro ls  table local type anycast
  anycast 2001:db8:1:: dev eth1 proto kernel metric 0 pref medium
  anycast 2001:db8:2:: dev eth2 proto kernel metric 0 pref medium
  anycast fe80:: dev eth2 proto kernel metric 0 pref medium
  anycast fe80:: dev eth1 proto kernel metric 0 pref medium

For traffic to work as it did before, the dst device needs to be switched
to the loopback when the copy is created similar to local routes.

Fixes: 4832c30d54 ("net: ipv6: put host and anycast routes on device with address")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:34:52 +09:00
David S. Miller
9477fef4b6 Merge branch 'smc-fixes-for-smc-buffer-handling'
Ursula Braun says:

====================
net/smc: fixes for smc buffer handling

here are 2 cleanup patches for smc buffer handling.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:33:34 +09:00
Geert Uytterhoeven
6887037025 net/smc: Fix preinitialization of buf_desc in __smc_buf_create()
With gcc-4.1.2:

    net/smc/smc_core.c: In function ‘__smc_buf_create’:
    net/smc/smc_core.c:567: warning: ‘bufsize’ may be used uninitialized in this function

Indeed, if the for-loop is never executed, bufsize is used
uninitialized.  In addition, buf_desc is stored for later use, while it
is still a NULL pointer.

Before, error handling was done by checking if buf_desc is non-NULL.
The cleanup changed this to an error check, but forgot to update the
preinitialization of buf_desc to an error pointer.

Update the preinitializatin of buf_desc to fix this.

Fixes: b33982c3a6 ("net/smc: cleanup function __smc_buf_create()")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:33:34 +09:00
Ursula Braun
4e1061f4a2 net/smc: use sk_rcvbuf as start for rmb creation
Commit 3e034725c0 ("net/smc: common functions for RMBs and send buffers")
merged handling of SMC receive and send buffers. It introduced sk_buf_size
as merged start value for size determination. But since sk_buf_size is not
used at all, sk_sndbuf is erroneously used as start for rmb creation.
This patch makes sure, sk_buf_size is really used as intended, and
sk_rcvbuf is used as start value for rmb creation.

Fixes: 3e034725c0 ("net/smc: common functions for RMBs and send buffers")
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Reviewed-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:33:34 +09:00
Ido Schimmel
bbfcd77631 ipv6: Do not consider linkdown nexthops during multipath
When the 'ignore_routes_with_linkdown' sysctl is set, we should not
consider linkdown nexthops during route lookup.

While the code correctly verifies that the initially selected route
('match') has a carrier, it does not perform the same check in the
subsequent multipath selection, resulting in a potential packet loss.

In case the chosen route does not have a carrier and the sysctl is set,
choose the initially selected route.

Fixes: 35103d1117 ("net: ipv6 sysctl option to ignore routes when nexthop link is down")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: David Ahern <dsahern@gmail.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:26:47 +09:00
Roman Kapl
d7aa04a5e8 net: sched: fix crash when deleting secondary chains
If you flush (delete) a filter chain other than chain 0 (such as when
deleting the device), the kernel may run into a use-after-free. The
chain refcount must not be decremented unless we are sure we are done
with the chain.

To reproduce the bug, run:
    ip link add dtest type dummy
    tc qdisc add dev dtest ingress
    tc filter add dev dtest chain 1  parent ffff: flower
    ip link del dtest

Introduced in: commit f93e1cdcf4 ("net/sched: fix filter flushing"),
but unless you have KAsan or luck, you won't notice it until
commit 0dadc117ac ("cls_flower: use tcf_exts_get_net() before call_rcu()")

Fixes: f93e1cdcf4 ("net/sched: fix filter flushing")
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Roman Kapl <code@rkapl.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:25:37 +09:00
Jesse Chan
0cc03504c9 net: phy: cortina: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
This change resolves a new compile-time warning
when built as a loadable module:

WARNING: modpost: missing MODULE_LICENSE() in drivers/net/phy/cortina.o
see include/linux/module.h for more information

This adds the license as "GPL", which matches the header of the file.

MODULE_DESCRIPTION and MODULE_AUTHOR are also added.

Signed-off-by: Jesse Chan <jc@linux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24 01:23:49 +09:00
Linus Torvalds
0c86a6bd85 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix a reference to a module parameter which was lost during the
    GREv6 receive path rewrite, from Alexey Kodanev.

 2) Fix deref before NULL check in ipheth, from Gustavo A. R. Silva.

 3) RCU read lock imbalance in tun_build_skb(), from Xin Long.

 4) Some stragglers from the mac80211 folks:

      a) Timer conversions from Kees Cook

      b) Fix some sequencing issue when cfg80211 is built statically,
         from Johannes Berg

      c) Memory leak in mac80211_hwsim, from Ben Hutchings.

 5) Add new qmi_wwan device ID, from Sebastian Sjoholm.

 6) Fix use after free in tipc, from Jon Maloy.

 7) Missing kdoc in nfp driver, from Jakub Kicinski.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  nfp: flower: add missing kdoc
  tipc: fix access of released memory
  net: qmi_wwan: add Quectel BG96 2c7c:0296
  mlxsw: spectrum: Do not try to create non-existing ports during unsplit
  mac80211: properly free requested-but-not-started TX agg sessions
  mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
  cfg80211: initialize regulatory keys/database later
  mac80211: aggregation: Convert timers to use timer_setup()
  nl80211: don't expose wdev->ssid for most interfaces
  mac80211: Convert timers to use timer_setup()
  net: vxge: Fix some indentation issues
  net: ena: fix race condition between device reset and link up setup
  r8169: use same RTL8111EVL green settings as in vendor driver
  r8169: fix RTL8111EVL EEE and green settings
  tun: fix rcu_read_lock imbalance in tun_build_skb
  tcp: when scheduling TLP, time of RTO should account for current ACK
  usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
  gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
2017-11-21 05:56:12 -10:00
Linus Torvalds
b620fd2df2 3 Cleanups: remove initialization of i_version - Jeff Layton
use ARRAY_SIZE - Jérémy Lefaure
             call op_release sooner when creating inodes - Martin Brandenburg
 
 1 Patch: stop setting atime on inode dirty - Martin Brandenburg
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaEyiIAAoJEM9EDqnrzg2+LvEP+QGkMxX7i0Y4KSbIIWPkE3Ec
 y5OrEV8NjBg3u9eINNIfym65blGiOKK++dltSm7UAM//QoctMpG+HAhUMsFQsf3H
 XBvosvdRwxd9n/vxkcA9KsICdRKDi//vBoAS9EiyQYZfn1spE4LZBs+uZxtkQpIY
 ofUOdGYDOsXE5Jb8oBz2PRS3nQWPsflIOs2y1oTiwAfjP6WIBq11tu7wdamUJ02A
 F7vvFTA5wbxuuZq9cLA52Ho7IVR09GiymSaDTbilPK3d73eaacVl/zlfYcdMVRJA
 YmsyXcgdpgLhgiKl4B969dWU5p2X7a3cbkexTbIU+iFXcq685OohLj/SacFYH1eA
 /eZibdz9UhO6rLGwR5YDQ50lMIzwPYxMM98f8E/jjfxdRFrG3Pu4A2yLjDtaJYZc
 ATJDVk491xnGOhYDARQ6Wt/Dy3Yj0TtPsJeXggR6NiXH4AgsjZxToD2QgHXBhynb
 2+dFadBb0erFMT1rB295thBGJWeD6kArIXwZS9alz83z/VH7O5rpjIx0I4Qj5NeP
 fZEYHf3E2+jFVQzqdw31fK6nTVsCN6/YhSwSYOGo+MAdvurCVxuFp0ulUM6FOCGR
 cfNYle/KrP3q1A3zzR4lpSDLXbXGKYbmImEYw4pobYH/vnjAtNVOpcEAMaxGyogm
 NUbQyGgcP9JIglkLSlQ5
 =nqnT
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux

Pull orangefs updates from Mike Marshall:
 "Fix:

   - stop setting atime on inode dirty (Martin Brandenburg)

  Cleanups:

   - remove initialization of i_version (Jeff Layton)

   - use ARRAY_SIZE (Jérémy Lefaure)

   - call op_release sooner when creating inodes (Mike MarshallMartin
     Brandenburg)"

* tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
  orangefs: call op_release sooner when creating inodes
  orangefs: stop setting atime on inode dirty
  orangefs: use ARRAY_SIZE
  orangefs: remove initialization of i_version
2017-11-21 05:40:48 -10:00
Linus Torvalds
adb072d3cd We have a set of file locking improvements from Zheng, rbd rw/ro
state handling code cleanup from myself and some assorted CephFS fixes
 from Jeff.
 
 rbd now defaults to single-major=Y, lifting the limit of ~240 rbd
 images per host for everyone.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJaEwyIAAoJEEp/3jgCEfOLjgYH/jKJbQ1yJFPyTVTTv/U9/xH2
 kpHykEbzvvTT2TwNspbM9ZK4vSJPjYoHjL2qTRKxybuXYWYPxD2q6x+Z1iRP5G5N
 4Py3RUZaagCSSgbUhfNl3VCbdki6cIKHHz1tHWBuO75kFEg03yZroozzc3SCKH8T
 wHIa7UFxncDRroHMDiF5viF2tz4SfYSB0fd/Kev9qLJOiVr/lUTELfejlsu89ANT
 6UvXPiTd9iifxQxjLV+2eQM4x5JImiDJUhMvcqfDlY2l85LzVCVTPXFnN4ZoEPlt
 4NJj2SnnSQxSZLl1LwJC/gFYepdzW6qSxVqlpkAr0PvazZPushLpMA4AsKxWgVM=
 =qsu2
 -----END PGP SIGNATURE-----

Merge tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client

Pull ceph updates from Ilya Dryomov:
 "We have a set of file locking improvements from Zheng, rbd rw/ro state
  handling code cleanup from myself and some assorted CephFS fixes from
  Jeff.

  rbd now defaults to single-major=Y, lifting the limit of ~240 rbd
  images per host for everyone"

* tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client:
  rbd: default to single-major device number scheme
  libceph: don't WARN() if user tries to add invalid key
  rbd: set discard_alignment to zero
  ceph: silence sparse endianness warning in encode_caps_cb
  ceph: remove the bump of i_version
  ceph: present consistent fsid, regardless of arch endianness
  ceph: clean up spinlocking and list handling around cleanup_cap_releases()
  rbd: get rid of rbd_mapping::read_only
  rbd: fix and simplify rbd_ioctl_set_ro()
  ceph: remove unused and redundant variable dropping
  ceph: mark expected switch fall-throughs
  ceph: -EINVAL on decoding failure in ceph_mdsc_handle_fsmap()
  ceph: disable cached readdir after dropping positive dentry
  ceph: fix bool initialization/comparison
  ceph: handle 'session get evicted while there are file locks'
  ceph: optimize flock encoding during reconnect
  ceph: make lock_to_ceph_filelock() static
  ceph: keep auth cap when inode has flocks or posix locks
2017-11-21 05:38:32 -10:00
Linus Torvalds
11ca75d2d6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:

 - print the warning about dropped messages on consoles on a separate
   line.   It makes it more legible.

 - one typo fix and small code clean up.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
  added new line symbol after warning about dropped messages
  printk: fix typo in printk_safe.c
  printk: simplify no_printk()
2017-11-21 05:28:13 -10:00
David S. Miller
a13e8d418f A few things:
* straggler timer conversions from Kees
  * memory leak fix in hwsim
  * fix some fallout from regdb changes if wireless is built-in
  * also free aggregation sessions in startup state when station
    goes away, to avoid crashing the timer
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAloS/PAACgkQB8qZga/f
 l8SiZQ/+N64u2l8+2MHlAmWPCIsrCVL/jLqNPAmG45ep7mlqYsxnoghXQKw5yKxt
 QodxGE8ixpih39gv3K2coPlRc+3W/C8RXlovGwoU78CCpW5EGcuzqQyh2zNCCY60
 WdKjML7+KF4M3V1hQWvuunpYK97x4UN5wgf5p/e8us/kA/CR9okaIEiG0OzZ9Sb9
 OItQfsWv4zwa+fYnqRHvQ1f2c+niqye9lrygo7HM639l384k4GWToFnZ0Bj4r5mO
 Nmiv9l1aYXcnCIRBTJoYHm9ifL2JwokYpEEAKuhgliOhRA+CyoJCClLDpEvK2NQk
 MWMcegEWDQ10kRiQOyytdO2H2XCX8Qzh8NdNLLggiG4nQgUovqrBcdnUbc9stX3P
 KSZCBcvUdw3aTzs4UFU8HwG0YDnMTXZ+li/pPSad8CUvnRMr6LS/VZ/FIlPuRfLb
 Ha+UraziPoSl0YMFvCCZYZ6wQ1oqWdc+0+67oczMi4KBmUumlN10qg5rEeEi2Ael
 71NO2rOvMv/WYPfztQz8zuiB+g35yXAMOOY0SLFt+vfl0loWB6rRgxFjoo4dhrNv
 5LtVgZiGwvedrgTIvq2CCjJN52PT51RFDzOhIR1NSOoDx3AdyeBKnulYUIED14f3
 xHyOlnDbpW6B4+c0h1Hs5f4d0BMwU/dhLrUD8k4UU+qcdA4/EG8=
 =jcSa
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2017-11-20' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
A few things:
 * straggler timer conversions from Kees
 * memory leak fix in hwsim
 * fix some fallout from regdb changes if wireless is built-in
 * also free aggregation sessions in startup state when station
   goes away, to avoid crashing the timer
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-21 20:30:57 +09:00
Jakub Kicinski
b48b1f7ac7 nfp: flower: add missing kdoc
Commit 0115552eac ("nfp: remove false positive offloads
in flower vxlan") missed adding kdoc for a new parameter
of nfp_flower_add_offload().

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-21 20:24:37 +09:00
Jon Maloy
e0e853ac03 tipc: fix access of released memory
When the function tipc_group_filter_msg() finds that a member event
indicates that the member is leaving the group, it first deletes the
member instance, and then purges the message queue being handled
by the call. But the message queue is an aggregated field in the
just deleted item, leading the purge call to access freed memory.

We fix this by swapping the order of the two actions.

Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-21 20:22:03 +09:00
Sebastian Sjoholm
f9409e7f08 net: qmi_wwan: add Quectel BG96 2c7c:0296
Quectel BG96 is an Qualcomm MDM9206 based IoT modem, supporting both
CAT-M and NB-IoT. Tested hardware is BG96 mounted on Quectel development
board (EVB). The USB id is added to qmi_wwan.c to allow QMI
communication with the BG96.

Signed-off-by: Sebastian Sjoholm <ssjoholm@mac.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-21 20:17:47 +09:00
Ido Schimmel
bf4e9f24a8 mlxsw: spectrum: Do not try to create non-existing ports during unsplit
On some systems, when we unsplit a port we need to re-create two ports
instead. On other systems, only one needs to be re-created.

Do not try to create a port if during driver initialization it was
assigned a negative module number, which is invalid.

This avoids the following error during unsplit:
[  941.012478] mlxsw_spectrum 0000:01:00.0: Port 43: Failed to map module

The error is harmless and caused by the fact that a local port is
already mapped to module 0.

Fixes: be94535f95 ("mlxsw: spectrum: Make split flow match firmware requirements")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-21 20:15:22 +09:00
Linus Torvalds
e1d1ea549b fbdev changes for v4.15:
- convert timers to use timer_setup() (Kees Cook, Thierry Reding)
 
 - fix panels support on iMX boards in mxsfb driver (Stefan Agner)
 
 - fix timeout on EDID read in udlfb driver (Ladislav Michl)
 
 - add missing modes to fix out of bounds access in controlfb driver
   (Geert Uytterhoeven)
 
 - update initialisation paths in sa1100fb driver to be more robust
   (Russell King)
 
 - fix error handling path of ->probe method in au1200fb driver
   (Christophe JAILLET)
 
 - fix handling of cases when either panel or crt is defined in sm501fb
   driver (Sudip Mukherjee, Colin Ian King)
 
 - add ability to the Goldfish FB driver to be recognized by OS via DT
   (Aleksandar Markovic)
 
 - structures constifications (Bhumika Goyal)
 
 - misc fixes (Allen Pais, Gustavo A. R. Silva, Dan Carpenter)
 
 - misc cleanups (Colin Ian King, Himanshu Jha, Markus Elfring)
 
 - remove dead igafb driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJaEto8AAoJEH4ztj+gR8ILrLkP+wcGcsZHGqte7bpwnEpQa/D8
 x0nlP3qNdx9pGDhZRZahexSmnLYajwg22iO3HdbuCy7k/WWtv6R+BREKQ1yEIHUP
 kmH5QMgKunWs36PITuxVRQ9GDwZK1pk+XAR0M3XBUOw8OKoqwiiX8z+5c3YxWQ4X
 0VgEBEijnZs9exZgTY0UNVBKzy4GC9HXRjDW7cicOSVX7TW7yURU2wL79ANqW+Ba
 eelbaPCDD3aPIFRWWKI/BH467Jyqnrol0u08ZZcqzMo92TQHmoYOctVuYlp3WM1j
 HOi/N/fdhKUPoadkr1av1VUQAIN+Cx+8lFAaihilaAbaIcd515UWu4Jqrt8SjTZ2
 xVfitJ58EaR++EJjfrwxyOkSIWlG6mH5y3IYwvV3N6WGiqhy5srue6MzI/ofX+Iz
 h2HNVXcIlMJmtCmOVUkk2zECyCFPN0S4+eTrRUUdPVQBCWNfqKm6mS2/p39P6mrE
 HfE4Jav/EXn7p2UBVRt8EYbWcdLCuIPdGc+buA+7z0Nu4AsPUMtkiuLpuKtE0sXs
 bq0Vv7ac07ZFxTjfnsPPrgBE9aBL5jtC8jnez2IRVMppfTIgah9xm32wQh43WzIM
 JgH4JxKaQgirmMHE3GGZASh4f9rj5M/Ia0ybQOVbwtxykKaFG8oIYyotJVP7MwDK
 +fl/CPKXfbpijliE5mDz
 =afFm
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-v4.15' of git://github.com/bzolnier/linux

Pull fbdev updates from Bartlomiej Zolnierkiewicz:
 "There is nothing really major here (though removal of the dead igafb
  driver stands out in diffstat).

  Summary:

   - convert timers to use timer_setup() (Kees Cook, Thierry Reding)

   - fix panels support on iMX boards in mxsfb driver (Stefan Agner)

   - fix timeout on EDID read in udlfb driver (Ladislav Michl)

   - add missing modes to fix out of bounds access in controlfb driver
     (Geert Uytterhoeven)

   - update initialisation paths in sa1100fb driver to be more robust
     (Russell King)

   - fix error handling path of ->probe method in au1200fb driver
     (Christophe JAILLET)

   - fix handling of cases when either panel or crt is defined in
     sm501fb driver (Sudip Mukherjee, Colin Ian King)

   - add ability to the Goldfish FB driver to be recognized by OS via DT
     (Aleksandar Markovic)

   - structures constifications (Bhumika Goyal)

   - misc fixes (Allen Pais, Gustavo A. R. Silva, Dan Carpenter)

   - misc cleanups (Colin Ian King, Himanshu Jha, Markus Elfring)

   - remove dead igafb driver"

* tag 'fbdev-v4.15' of git://github.com/bzolnier/linux: (42 commits)
  OMAPFB: prevent buffer underflow in omapfb_parse_vram_param()
  video: fbdev: sm501fb: fix potential null pointer dereference on fbi
  fbcon: Initialize ops->info early
  video: fbdev: Convert timers to use timer_setup()
  video: fbdev: pxa3xx_gcu: Convert timers to use timer_setup()
  fbdev: controlfb: Add missing modes to fix out of bounds access
  video: fbdev: sis_main: mark expected switch fall-throughs
  video: fbdev: cirrusfb: mark expected switch fall-throughs
  video: fbdev: aty: radeon_pm: mark expected switch fall-throughs
  video: fbdev: sm501fb: mark expected switch fall-through in sm501fb_blank_crt
  video: fbdev: intelfb: remove redundant variables
  video/fbdev/dnfb: Use common error handling code in dnfb_probe()
  sm501fb: suspend and resume fb if it exists
  sm501fb: unregister framebuffer only if registered
  sm501fb: deallocate colormap only if allocated
  video: goldfishfb: Add support for device tree bindings
  Documentation: Add device tree binding for Goldfish FB driver
  video: udlfb: Fix read EDID timeout
  video: fbdev: remove dead igafb driver
  video: fbdev: mxsfb: fix pixelclock polarity
  ...
2017-11-20 21:50:24 -10:00
Linus Torvalds
c633e898bd DeviceTree fixes for 4.15:
- Remove mc13892 as a trivial device
 
 - Improve of_find_node_by_name() documentation
 
 - Fix unit test dtc warnings
 
 - Clean-ups of USB binding documentation
 
 - Fix potential NULL deref in of_pci_map_rid
 -----BEGIN PGP SIGNATURE-----
 
 iQItBAABCAAXBQJaEx6REBxyb2JoQGtlcm5lbC5vcmcACgkQ+vtdtY28YcOnnRAA
 kP/o4X2Zo2VCZMHkLunDIwXXmNAn+Eh6WzbzWROn/J8A3sBH2jMJWzQrfBQqdUTC
 KXtJkDxmIFqtaUI6aD5ZekLZ/dE/iDAwzYtHMwmcw73g2An1+mxeLnv7GGTD3V9Y
 kiAeLqD3d1dS1ee+d/+g4t8Lj5W+8ClFyZk/CJ5oBRtWfyh/53vZsw/PuCSooXFY
 gFn/5YRctQyk5x/F/ELGRSuN54Lz9+wHG2pJc83+hRSbpvPJWiisXdGH/dhGO+V8
 YhbSldtjfUZBNgFwdJJQISYw/6jA7iETwIy69cIHkJ674/dkyyw4IzgvjVocQN5e
 Q7egpeh/3YXNSSZe+gSqj6LjERrX8RIlHFhS28qgliA3UrtnPgw3RbhEaO2CSBHz
 /MoYK/ZjTwXYgDjjSP05WQ+MsnogiAYUhMx4GNcAq092BDOd9f0pzIiapLwrzje3
 rWHixC4lMsU97X5jJhu+Er6d8AKl2mDoI2J3UCOsxlM0sIsTTk10qCpXwIes2TKk
 qMSCUZfwTO239w2DUG/TokXi8Q1v28TiKT1JE6yaQe6VDXHPRfxnGrJ57b4HZYPr
 139jXxJ6Zs+qOpfKI8c11VpYHxxR4uSMIXECyCUEpdASNP5TmcRnMj9c3RtxsK3o
 CB4/Pjk5BA4svnzi2Aec/49ubkoSl0YKrmFyG7xDY+w=
 =pnqr
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull DeviceTree fixes from Rob Herring:

 - Remove mc13892 as a trivial device

 - Improve of_find_node_by_name() documentation

 - Fix unit test dtc warnings

 - Clean-ups of USB binding documentation

 - Fix potential NULL deref in of_pci_map_rid

* tag 'devicetree-fixes-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  dt-bindings: trivial-devices: Remove fsl,mc13892
  of: Document exactly what of_find_node_by_name() puts
  of: unittest: disable interrupts_property warning
  of: unittest: let dtc generate __local_fixups__
  dt-bindings: usb: document hub and host-controller properties
  dt-bindings: usb: clean up compatible property
  dt-bindings: usb: fix reg-property port-number range
  dt-bindings: usb: fix example hub node name
  of/pci: Fix theoretical NULL dereference
2017-11-20 21:38:41 -10:00
Linus Torvalds
bf8973fc76 Update jfs git tree in MAINTAINERS
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEIodevzQLVs53l6BhNqiEXrVAjGQFAloTHl4ACgkQNqiEXrVA
 jGQ3hA/+MR6ZqpWXDy6w29jBjowodEaCmzHXMJWlyiU/UdRHj9DEVFAaaKV3Zfil
 NJ/i2OKgrP755c5nXC7BxcFSo5DZNHkK71f44gQDos3QW6opzOYKkxq79parEu+g
 OPLfsX0lNo3ofYyWpHHnL2WYXZ1Vm/n3/xT10xswcfTGIjA9YyZqcuTanGxIvjO6
 j4D10UWIOLL2C3IMeyz3TUPF2+oOrsCiOpr08Yf69Jj+76VOUJa4gws9J7VkKFll
 wYC8CvYGEnGtKwD3eAFUvtd+ZKyFBLIHilmDIF6FEYMld4mpu5vHCORc6N9Y+FBs
 9ZyfVlUjCifPsEk0yHeW7mA6q85NpYxHVrukqjh9jb4nn7uIqF/iXK2mi1+WzlaS
 /K9/RR5yYaP9bv9Fe5hF664dxCRzu22mRfg2KA8yKZMFifgC/4qXF1G1NDW3fLIt
 6too7Cs5BhE4kCWjlM2rN0If1BazUNLo5goYvc45nXrXqDhX0zfRol9Cgvuc9Lws
 aaJTH/s1qLtnEdZSuYaJBr6mlTIhwX2cT+Wcu3oL91kUBeIKyDMPhq1+45pJarKb
 Qfa3pTedUzXjBiqQevV3lhyenokIoUye5NtkU5fzCce1r5BhjFukW2Gox6nN3Z0R
 ChZHFzrMiN5O1USZFXkG5LkWlsl8R+GBWPdXGj3tG2XqGMaO7hk=
 =r1N3
 -----END PGP SIGNATURE-----

Merge tag 'jfs-4.15-2' of git://github.com/kleikamp/linux-shaggy

Pull jfs fixlet from Dave Kleikamp:
 "Update jfs git tree in MAINTAINERS"

* tag 'jfs-4.15-2' of git://github.com/kleikamp/linux-shaggy:
  MAINTAINERS: fix jfs tree location
2017-11-20 21:35:25 -10:00
Jonathan Neuschäfer
def4db33e6 dt-bindings: trivial-devices: Remove fsl,mc13892
This device's bindings are not trivial: Additional properties are
documented in in Documentation/devicetree/bindings/mfd/mc13xxx.txt.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Rob Herring <robh@kernel.org>
2017-11-20 12:26:23 -06:00
Stephen Boyd
02a876b504 of: Document exactly what of_find_node_by_name() puts
It isn't clear if this function of_node_put()s the 'from'
argument, or the node it searches. Clearly indicate which
variable is touched. Fold in some more fixes from Randy too
because we're in the area.

Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Rob Herring <robh@kernel.org>
2017-11-20 12:15:44 -06:00
Tom Saeger
8631390343 MAINTAINERS: fix jfs tree location
JFS tree has been moved to github.

Signed-off-by: Tom Saeger <tom.saeger@oracle.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
2017-11-20 12:13:28 -06:00
Johannes Berg
33ddd81e2b mac80211: properly free requested-but-not-started TX agg sessions
When deleting a station or otherwise tearing down all aggregation
sessions, make sure to delete requested but not yet started ones,
to avoid the following scenario:

 * session is requested, added to tid_start_tx[]
 * ieee80211_ba_session_work() runs, gets past BLOCK_BA check
 * ieee80211_sta_tear_down_BA_sessions() runs, locks &sta->ampdu_mlme.mtx,
   e.g. while deleting the station - deleting all active sessions
 * ieee80211_ba_session_work() continues since tear down flushes it, and
   calls ieee80211_tx_ba_session_handle_start() for the new session, arms
   the timer for it
 * station deletion continues to __cleanup_single_sta() and frees the
   session struct, while the timer is armed

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 17:01:31 +01:00
Ben Hutchings
67bd523861 mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
hwsim_new_radio_nl() now copies the name attribute in order to add a
null-terminator.  mac80211_hwsim_new_radio() (indirectly) copies it
again into the net_device structure, so the first copy is not used or
freed later.  Free the first copy before returning.

Fixes: ff4dd73dd2 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 16:57:15 +01:00
Johannes Berg
d7be102f29 cfg80211: initialize regulatory keys/database later
When cfg80211 is built as a module, everything is fine, and we
can keep the code as is; in fact, we have to, because there can
only be a single module_init().

When cfg80211 is built-in, however, it needs to initialize
before drivers (device_initcall/module_init), and thus used to
be at subsys_initcall(). I'd moved it to fs_initcall() earlier,
where it can remain. However, this is still too early because at
that point the key infrastructure hasn't been initialized yet,
so X.509 certificates can't be parsed yet.

To work around this problem, load the regdb keys only later in
a late_initcall(), at which point the necessary infrastructure
has been initialized.

Fixes: 90a53e4432 ("cfg80211: implement regdb signature checking")
Reported-by: Xiaolong Ye <xiaolong.ye@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 16:55:29 +01:00
Kees Cook
7cca2acdff mac80211: aggregation: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.

This removes the tid mapping array and expands the tid structures to
add a pointer back to the station, along with the tid index itself.

Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
[switch tid variables to u8, the valid range is 0-15 at most,
 initialize tid_tx->sta/tid properly]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 16:55:23 +01:00
Johannes Berg
44905265bc nl80211: don't expose wdev->ssid for most interfaces
For mesh, this is simply wrong - there's no SSID, only the
mesh ID, so don't expose it at all.
For (P2P) client, it's wrong, because it exposes an internal
value that's only used when certain APIs are used.
For AP, it's actually the only correct case, so leave that.
All other interface types shouldn't be setting this anyway,
so there it won't change anything.

Fixes: b84e7a05f6 ("nl80211: send the NL80211_ATTR_SSID in nl80211_send_iface()")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 16:55:17 +01:00
Kees Cook
34f11cd329 mac80211: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.

Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-11-20 16:55:11 +01:00
Linus Torvalds
c8a0739b18 Support for the switchtec ntb and related changes. Also, a couple of
bug fixes.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaEObnAAoJEG5mS6x6i9IjJD0P/jaJixjXVVPsA6pK31iykVad
 7GIe0GHWDo/f9kHgR9sJQ27RvX/xLmr4IgQwZCWMT3YM2WPKk1i6eUwGycLRzgIq
 E4S3ehtqqryD/p1tvYXc8JXjaO2E99BjA9BtIT2TzXV8clUjl64K8D6XW0F2ilzM
 x1Ctmgf+c7z4In+gf/lazQOSIPE0qTAEVcQRwASg3GSQIuI6T3Iy40j3kCEys5IX
 MVdHTidUK92YUSyp7tCmAzj2Ffts60+b7gZhzv92eBtrZof8BZ/58UIJOR2CMcAp
 M4b/DxJLHGwvAajX+RyIHSJhXocMf2Wc1EuctVFOmBZt2lZuo4Y0ddVhggQKAOjc
 g26Lou4pPlZrAvcslzK1y2mzWpKRWB6HkUS9j8Tar1mj5oWyokCNSPYsZQhuUDJx
 nFIIbQsbVqkhZ5tAdBz/Fs4afkA0EWDLepXdBNT0Z4BnhFI/vWNDwsKksHV++T4W
 fg+H/xcKtqbzpxPdu75/rcXjnzhDtGvyFAp+2Z7CFTBK8Di/cB4y+FewGVfqa8wm
 GPN/cTEOP6siJawow5sviE4fEbWHGHxHvji07QsYHZa1BEH78cPi4svGmJLmpHgA
 UcCB3UqwudOOCALNbXz1nHlzwgBarXLeHZuHiRhOEaYRZUbLkJ9K56dn7RCxV1Ws
 /EntY8CCBNRAKl79y1kJ
 =svG8
 -----END PGP SIGNATURE-----

Merge tag 'ntb-4.15' of git://github.com/jonmason/ntb

Pull ntb updates from Jon Mason:
 "Support for the switchtec ntb and related changes. Also, a couple of
  bug fixes"

[ The timing isn't great. I had asked people to send me pull requests
  before my family vacation, and this code has not even been in
  linux-next as far as I can tell. But Logan Gunthorpe pleaded for its
  inclusion because the Switchtec driver has apparently been around for
  a while, just never in linux-next - Linus ]

* tag 'ntb-4.15' of git://github.com/jonmason/ntb:
  ntb: intel: remove b2b memory window workaround for Skylake NTB
  NTB: make idt_89hpes_cfg const
  NTB: switchtec_ntb: Update switchtec documentation with notes for NTB
  NTB: switchtec_ntb: Add memory window support
  NTB: switchtec_ntb: Implement scratchpad registers
  NTB: switchtec_ntb: Implement doorbell registers
  NTB: switchtec_ntb: Add link management
  NTB: switchtec_ntb: Add skeleton NTB driver
  NTB: switchtec_ntb: Initialize hardware for doorbells and messages
  NTB: switchtec_ntb: Initialize hardware for memory windows
  NTB: switchtec_ntb: Introduce initial NTB driver
  NTB: Add check and comment for link up to mw_count() and mw_get_align()
  NTB: Ensure ntb_mw_get_align() is only called when the link is up
  NTB: switchtec: Add link event notifier callback
  NTB: switchtec: Add NTB hardware register definitions
  NTB: switchtec: Export class symbol for use in upper layer driver
  NTB: switchtec: Move structure definitions into a common header
  ntb: update maintainer list for Intel NTB driver
2017-11-19 20:41:53 -10:00
Christophe JAILLET
32a72bbd5d net: vxge: Fix some indentation issues
Some statements are not enough or too much indented.
Fix it to improve readalbility.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-20 11:36:30 +09:00
Netanel Belgazal
d18e4f6834 net: ena: fix race condition between device reset and link up setup
In rare cases, ena driver would reset and re-start the device,
for example, in case of misbehaving application that causes
transmit timeout

The first step in the reset procedure is to stop the Tx traffic by
calling ena_carrier_off().

After the driver have just started the device reset procedure, device
happens to send an asynchronous notification (via AENQ) to the driver
than there was a link change (to link-up state).
This link change is mapped to a call to netif_carrier_on() which
re-activates the Tx queues, violating the assumption of no tx traffic
until device reset is completed, as the reset task might still be in
the process of queues initialization, leading to an access to
uninitialized memory.

Signed-off-by: Netanel Belgazal <netanel@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-20 11:35:16 +09:00
Roberto Sassu
020aae3ee5 ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
Commit b65a9cfc2c ("Untangling ima mess, part 2: deal with counters")
moved the call of ima_file_check() from may_open() to do_filp_open() at a
point where the file descriptor is already opened.

This breaks the assumption made by IMA that file descriptors being closed
belong to files whose access was granted by ima_file_check(). The
consequence is that security.ima and security.evm are updated with good
values, regardless of the current appraisal status.

For example, if a file does not have security.ima, IMA will create it after
opening the file for writing, even if access is denied. Access to the file
will be allowed afterwards.

Avoid this issue by checking the appraisal status before updating
security.ima.

Cc: stable@vger.kernel.org
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-11-20 08:23:10 +11:00
Linus Torvalds
ed30b147e1 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
Pull small IDE cleanup from David Miller.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
  PNP: ide: constify pnp_device_id
2017-11-19 08:04:41 -10:00
Heiner Kallweit
b399a3944d r8169: use same RTL8111EVL green settings as in vendor driver
Adjust the code to use the same green settings as in the latest
vendor driver.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 21:27:49 +09:00
Heiner Kallweit
1814d6a8c4 r8169: fix RTL8111EVL EEE and green settings
Name of functions rtl_w0w1_eri and rtl_w0w1_phy is somewhat misleading
regarding order of arguments. One could assume that w0w1 means
argument with bits to be reset comes before argument with bits to set.
However this is not the case.
So fix the order of arguments in several statements.

In addition fix EEE advertisement. The current code resets the bits
for 100BaseT and 1000BaseT EEE advertisement what is not what we want.

I have a little of a hard time to find a proper "Fixes" line as the
issue seems to have been there forever (at least it existed already
when the driver was moved to the current place in 2011).

The patch was tested on a Zotac Mini-PC with a RTL8111E-VL chip.
Before the patch EEE was disabled, now it's properly advertised and
works fine.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 21:27:49 +09:00
Xin Long
654d573845 tun: fix rcu_read_lock imbalance in tun_build_skb
rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog
safely, rcu_read_unlock should be done in every return path.

Now I could see one place missing it, where it returns NULL in switch-case
XDP_REDIRECT,  another palce using rcu_read_lock wrongly, where it returns
NULL in if (xdp_xmit) chunk.

So fix both in this patch.

Fixes: 761876c857 ("tap: XDP support")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 21:22:31 +09:00
Neal Cardwell
ed66dfaf23 tcp: when scheduling TLP, time of RTO should account for current ACK
Fix the TLP scheduling logic so that when scheduling a TLP probe, we
ensure that the estimated time at which an RTO would fire accounts for
the fact that ACKs indicating forward progress should push back RTO
times.

After the following fix:

df92c8394e ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")

we had an unintentional behavior change in the following kind of
scenario: suppose the RTT variance has been very low recently. Then
suppose we send out a flight of N packets and our RTT is 100ms:

t=0: send a flight of N packets
t=100ms: receive an ACK for N-1 packets

The response before df92c8394e that was:
  -> schedule a TLP for now + RTO_interval

The response after df92c8394e is:
  -> schedule a TLP for t=0 + RTO_interval

Since RTO_interval = srtt + RTT_variance, this means that we have
scheduled a TLP timer at a point in the future that only accounts for
RTT_variance. If the RTT_variance term is small, this means that the
timer fires soon.

Before df92c8394e this would not happen, because in that code, when
we receive an ACK for a prefix of flight, we did:

    1) Near the top of tcp_ack(), switch from TLP timer to RTO
       at write_queue_head->paket_tx_time + RTO_interval:
            if (icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
                   tcp_rearm_rto(sk);

    2) In tcp_clean_rtx_queue(), update the RTO to now + RTO_interval:
            if (flag & FLAG_ACKED) {
                   tcp_rearm_rto(sk);

    3) In tcp_ack() after tcp_fastretrans_alert() switch from RTO
       to TLP at now + RTO_interval:
            if (icsk->icsk_pending == ICSK_TIME_RETRANS)
                   tcp_schedule_loss_probe(sk);

In df92c8394e we removed that 3-phase dance, and instead directly
set the TLP timer once: we set the TLP timer in cases like this to
write_queue_head->packet_tx_time + RTO_interval. So if the RTT
variance is small, then this means that this is setting the TLP timer
to fire quite soon. This means if the ACK for the tail of the flight
takes longer than an RTT to arrive (often due to delayed ACKs), then
the TLP timer fires too quickly.

Fixes: df92c8394e ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 12:25:26 +09:00
Gustavo A. R. Silva
61c59355e0 usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
_dev_ is being dereferenced before it is null checked, hence there
is a potential null pointer dereference.

Fix this by moving the pointer dereference after _dev_ has been null
checked.

Addresses-Coverity-ID: 1462020
Fixes: bb1b40c7cb ("usbnet: ipheth: prevent TX queue timeouts when device not ready")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 12:23:57 +09:00
Alexey Kodanev
981542c526 gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
After commit 308edfdf15 ("gre6: Cleanup GREv6 receive path, call
common GRE functions") it's not used anywhere in the module, but
previously was used in ip6gre_rcv().

Fixes: 308edfdf15 ("gre6: Cleanup GREv6 receive path, call common GRE functions")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-19 12:22:19 +09:00
Dave Jiang
4201a9918c ntb: intel: remove b2b memory window workaround for Skylake NTB
The workaround code is never used because Skylake NTB does not need it.

Reported-by: Allen Hubbe <allen.hubbe@dell.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:54:47 -05:00
Bhumika Goyal
3a814a04e6 NTB: make idt_89hpes_cfg const
Make these const as they are only used during a copy operation.
Done using Coccinelle.

Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:13 -05:00
Logan Gunthorpe
d0450244a4 NTB: switchtec_ntb: Update switchtec documentation with notes for NTB
The switchtec_ntb driver has a couple requirements on the switchec's
hardware configuration so we add these notes to the documentation.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:13 -05:00
Logan Gunthorpe
87d11e645e NTB: switchtec_ntb: Add memory window support
The Switchtec hardware has two types of memory windows: LUTs and Direct.
The first area in each BAR is for LUT windows and the remaining area is
for the direct region. The total number of LUT entries is set by a
configuration setting in hardware and they all must be the same
size. (This is fixed by switchtec_ntb to be 64K.)

switchtec_ntb enables the LUTs only for the first BAR and enables the
highest power of two possible. Seeing the LUTs are at the beginning of
the BAR, the direct memory window's alignment is affected. Therefore,
the maximum direct memory window size can not be greater than the number
of LUTs times 64K. The direct window in other BARs will not have this
restriction as the LUTs will not be enabled there. LUTs will only be
exposed through the NTB API if the use_lut_mw parameter is set.

Seeing the Switchtec hardware, by default, configures BARs to be 4G a
module parameter is given to limit the size of the advertised memory
windows. Higher layers tend to allocate the maximum BAR size and this
has a tendency to fail when they try to allocate 4GB of contiguous
memory.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00
Logan Gunthorpe
b9a4acac28 NTB: switchtec_ntb: Implement scratchpad registers
Seeing there is no dedicated hardware for this, we simply add
these as entries in the shared memory window. Thus, we could support
any number of them but 128 seems like enough, for now.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00
Logan Gunthorpe
6619bf9549 NTB: switchtec_ntb: Implement doorbell registers
Pretty straightforward implementation of doorbell registers.
The shift and mask were setup in an earlier patch and this just hooks
up the appropriate portion of the IDB register as the local doorbells
and the opposite portion of ODB as the peer doorbells. The DB mask is
protected by a spinlock to avoid concurrent read-modify-write accesses.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00
Logan Gunthorpe
0ee28f26f3 NTB: switchtec_ntb: Add link management
switchtec_ntb checks for a link by looking at the shared memory
window. If the magic number is correct and the other side indicates
their link is enabled then we take the link to be up.

Whenever we change our local link status we send a msg to the
other side to check whether it's up and change their status.

The current status is maintained in a flag so ntb_is_link_up
can return quickly.

We utilize Switchtec's link status notifier to also check link changes
when the switch notices a port changes state.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00
Logan Gunthorpe
e099b45b7c NTB: switchtec_ntb: Add skeleton NTB driver
Add a skeleton NTB driver which will be filled out in subsequent patches.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00
Logan Gunthorpe
3dd4db475c NTB: switchtec_ntb: Initialize hardware for doorbells and messages
Set up some hardware registers and creates interrupt service routines
for the doorbells and messages.

There are 64 doorbells in the switch that are shared between all
partitions. The upper 4 doorbells are also shared with the messages
and are therefore not used. Thus, this provides 28 doorbells for each
partition.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Stephen Bates <sbates@raithlin.com>
Reviewed-by: Kurt Schwemmer <kurt.schwemmer@microsemi.com>
Acked-by: Allen Hubbe <Allen.Hubbe@dell.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
2017-11-18 20:37:12 -05:00