Commit Graph

574923 Commits

Author SHA1 Message Date
Michal Schmidt
8d1c6bcb0f bnx2x: define event data reserved fields as little-endian
For consistency with other event data structs and to lessen
the chance of a mistake should one of the reserved fields become
used in the future, define the reserved fields as little-endian.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:57 -05:00
Michal Schmidt
da472731d8 bnx2x: define fields of struct cfc_del_event_data as little-endian
There were no missing endianness conversions in this case, but the
fields of struct cfc_del_event_data should be defined as little-endian
to get rid of the ugly (__force __le32) casts.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:56 -05:00
Michal Schmidt
ca4f2d5036 bnx2x: access cfc_del_event only if the opcode is CFC_DEL
It's not really a bug, but it was odd that bnx2x_eq_int() read the
message data as if it were a cfc_del_event regardless of the event type.
It's cleaner to access only the appropriate member of union event_data
after checking the event opcode.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:56 -05:00
Michal Schmidt
a524ef77d5 bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian
On ppc64 the PF did not receive messages from VFs correctly.

Fields of struct vf_pf_event_data are little-endian.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:56 -05:00
Michal Schmidt
5cc5c2d2e5 bnx2x: fix sending VF->PF messages on big-endian
When a VF is sending a message to the PF, it needs to trigger the PF
to tell it the message is ready.
The trigger did not work on ppc64. No interrupt appeared in the PF.

The bug is due to confusion about the layout of struct trigger_vf_zone.
In bnx2x_send_msg2pf() the trigger is written using writeb(), not
writel(), so the attempt to define the struct with a reversed layout on
big-endian is counter-productive.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:55 -05:00
Michal Schmidt
9cd753a1f4 bnx2x: fix crash on big-endian when adding VLAN
bnx2x crashes during the initialization of the 8021q module on ppc64.
The bug is a missing conversion from le32 in
bnx2x_handle_classification_eqe() when obtaining the cid value from
struct eth_event_data.

The fields in struct eth_event_data should all be declared as
little-endian and conversions added where missing.

Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-02 13:31:55 -05:00
Sergei Shtylyov
735c1e2511 of_mdio: fix kernel-doc for of_phy_connect()
The 'flags' parameter of the of_phy_connect() function wasn't described
in  the kernel-doc comment...

Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 17:41:40 -05:00
Xin Long
3d73e8fac8 sctp: sctp_remaddr_seq_show use the wrong variable to dump transport info
Now in sctp_remaddr_seq_show(), we use variable *tsp to get the param *v.
but *tsp is also used to traversal transport_addr_list, which will cover
the previous value, and make sctp_transport_put work on the wrong transport.

So fix it by adding a new variable to get the param *v.

Fixes: fba4c330c5 ("sctp: hold transport before we access t->asoc in sctp proc")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 17:35:44 -05:00
Xin Long
40b4f0fd74 sctp: lack the check for ports in sctp_v6_cmp_addr
As the member .cmp_addr of sctp_af_inet6, sctp_v6_cmp_addr should also check
the port of addresses, just like sctp_v4_cmp_addr, cause it's invoked by
sctp_cmp_addr_exact().

Now sctp_v6_cmp_addr just check the port when two addresses have different
family, and lack the port check for two ipv6 addresses. that will make
sctp_hash_cmp() cannot work well.

so fix it by adding ports comparison in sctp_v6_cmp_addr().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 17:25:12 -05:00
David S. Miller
f0da74bc81 Merge branch 'phy-micrel-fixes'
Alexandre Belloni says:

====================
phy: micrel: fix issues with interrupt on atmel boards

Since the phy is not polled anymore, there were issues getting a link on the
sama5d* xplained boards.

I'm not too sure about were those fixes should go and I'm wondering whether the
first one shoud be made generic.

For the second one, I found the PHY_HAS_MAGICANEG flag that is not used and I
wondering whether this is related to that kind of issue. I had a quick look at
the history and could'nt find its use.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 16:52:09 -05:00
Alexandre Belloni
99f81afc13 phy: micrel: Disable auto negotiation on startup
Disable auto negotiation on init to properly detect an already plugged
cable at boot.

At boot, when the phy is started, it is in the PHY_UP state.
However, if a cable is plugged at boot, because auto negociation is already
enabled at the time we get the first interrupt, the phy is already running.
But the state machine then switches from PHY_UP to PHY_AN and calls
phy_start_aneg(). phy_start_aneg() will not do anything because aneg is
already enabled on the phy. It will then wait for a interrupt before going
further. This interrupt will never happen unless the cable is unplugged and
then replugged.

It was working properly before 321beec504 (net: phy: Use interrupts when
available in NOLINK state) because switching to NOLINK meant starting
polling the phy, even if IRQ were enabled.

Fixes: 321beec504 (net: phy: Use interrupts when available in NOLINK state)
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 16:52:09 -05:00
Alexandre Belloni
f5aba91d7f phy: micrel: Ensure interrupts are reenabled on resume
At least on ksz8081, when getting back from power down, interrupts are
disabled. ensure they are reenabled if they were previously enabled.

This fixes resuming which is failing on the xplained boards from atmel
since 321beec504 (net: phy: Use interrupts when available in NOLINK
state)

Fixes: 321beec504 (net: phy: Use interrupts when available in NOLINK state)
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 16:52:08 -05:00
Guillaume Nault
edffc2178d ppp: lock ppp->flags in ppp_read() and ppp_poll()
ppp_read() and ppp_poll() can be called concurrently with ppp_ioctl().
In this case, ppp_ioctl() might call ppp_ccp_closed(), which may update
ppp->flags while ppp_read() or ppp_poll() is reading it.
The update done by ppp_ccp_closed() isn't atomic due to the bit mask
operation ('ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP)'), so concurrent
readers might get transient values.
Reading incorrect ppp->flags may disturb the 'ppp->flags & SC_LOOP_TRAFFIC'
test in ppp_read() and ppp_poll(), which in turn can lead to improper
decision on whether the PPP unit file is ready for reading or not.

Since ppp_ccp_closed() is protected by the Rx and Tx locks (with
ppp_lock()), taking the Rx lock is enough for ppp_read() and ppp_poll()
to guarantee that ppp_ccp_closed() won't update ppp->flags
concurrently.

The same reasoning applies to ppp->n_channels. The 'n_channels' field
can also be written to concurrently by ppp_ioctl() (through
ppp_connect_channel() or ppp_disconnect_channel()). These writes aren't
atomic (simple increment/decrement), but are protected by both the Rx
and Tx locks (like in the ppp->flags case). So holding the Rx lock
before reading ppp->n_channels also prevents concurrent writes.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 16:15:07 -05:00
Ivan Vecera
a7f4b98896 bna: fix list corruption
Use list_move_tail() to move MAC address entry from list of pending
to list of active entries. Simple list_add_tail() leaves the entry
also in the first list, this leads to list corruption.

Cc: Rasesh Mody <rasesh.mody@qlogic.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Rasesh Mody <rasesh.mody@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 15:19:43 -05:00
David S. Miller
c44a72a5e8 linux-can-fixes-for-4.5-20160226
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCgAGBQJW0ACIAAoJED07qiWsqSVqraYIALM+0BeB5V2g2kyjvsQS2Zah
 1139UfEwVvb3djUhEvq68+zsXwPVrBdf2Kk8KgQxOzB3ctKRp8JtN7HPLWLXrgLw
 WSFRhye/xUuPrUgiuwZ8cGR1QiBAuA/xRgFR8re7+pQ2nEzlx53neWolnjuesuWo
 5MKoyPK7LSIgkZD7VteJklpScDQDqGcbc6w6pe1yg8gwQZoDycD1+Hqj4JKehqJN
 J0W6puBL6urs9KtCzZRzMzEk09rH5BanQsAlCf4NkE0zvnPmtjptmsgRAo4rpAz3
 6L6C+B1gph04eb+dXKsIRAVdN+kCHt1Sa7PlmfxXrY2hgVLvb+pXwJ6p3O6DRXE=
 =L95V
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-4.5-20160226' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2016-02-26

this is a pull request of one patch for net.

The patch by Maximilain Schneider fixes a kfree() problem during disconnect in
the gs_usb driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-01 15:10:38 -05:00
Neil Horman
a6522c0898 3c59x: mask LAST_FRAG bit from length field in ring
Recently, I fixed a bug in 3c59x:

commit 6e144419e4
Author: Neil Horman <nhorman@tuxdriver.com>
Date:   Wed Jan 13 12:43:54 2016 -0500

    3c59x: fix another page map/single unmap imbalance

Which correctly rebalanced dma mapping and unmapping types.  Unfortunately it
introduced a new bug which causes oopses on older systems.

When mapping dma regions, the last entry for a packet in the 3c59x tx ring
encodes a LAST_FRAG bit, which is encoded as the high order bit of the buffers
length field.  When it is unmapped the LAST_FRAG bit is cleared prior to being
passed to the unmap function.  Unfortunately the commit above fails to do that
masking.  It was missed in testing because the system on which I tested it had
an intel iommu, the driver for which ignores the size field, using only the DMA
address as the token to identify the mapping to be released.  However, on older
systems that rely on swiotlb (or other dma drivers that key off that length
field), not masking off that LAST_FRAG high order bit results in parsing a huge
size to be release, leading to all sorts of odd corruptions and the like.

Fix is easy, just mask the length with 0xFFF.  It should really be
&(LAST_FRAG-1), but 0xFFF is the style of the file, and I'd like to make this
fix minimal and correct before making it prettier.

Appies to the net tree cleanly.  All testing on both iommu and swiommu based
systems produce good results

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Steffen Klassert <klassert@mathematik.tu-chemnitz.de>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-29 17:03:35 -05:00
MINOURA Makoto / 箕浦 真
472681d57a net: ndo_fdb_dump should report -EMSGSIZE to rtnl_fdb_dump.
When the send skbuff reaches the end, nlmsg_put and friends returns
-EMSGSIZE but it is silently thrown away in ndo_fdb_dump. It is called
within a for_each_netdev loop and the first fdb entry of a following
netdev could fit in the remaining skbuff.  This breaks the mechanism
of cb->args[0] and idx to keep track of the entries that are already
dumped, which results missing entries in bridge fdb show command.

Signed-off-by: Minoura Makoto <minoura@valinux.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-26 15:04:02 -05:00
Maximilain Schneider
e9a2d81b17 can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
gs_destroy_candev() erroneously calls kfree() on a struct gs_can *, which is
allocated through alloc_candev() and should instead be freed using
free_candev() alone.

The inappropriate use of kfree() causes the kernel to hang when
gs_destroy_candev() is called.

Only the struct gs_usb * which is allocated through kzalloc() should be freed
using kfree() when the device is disconnected.

Signed-off-by: Maximilian Schneider <max@schneidersoft.net>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2016-02-26 08:36:33 +01:00
Sunil Goutham
4c0b6eaf37 net: thunderx: Fix for Qset error due to CQ full
On Thunderx pass 1.x and pass2 due to a HW errata default CQ
DROP_LEVEL of 0x80 is not sufficient to avoid CQ_WR_FULL Qset
error when packets are being received at >20Mpps resulting in
complete stall of packet reception.

This patch will configure it to 0x100 which is what is expected
by HW on Thunderx. On future passes of thunderx and other chips
HW default/reset value will be 0x100 or higher hence not overwritten.

Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Signed-off-by: Sunil Goutham <sgoutham@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 16:25:34 -05:00
Chun-Hao Lin
f09cf4b783 r8169:fix "rtl_counters_cond == 1 (loop: 1000, delay: 10)" log spam.
There will be a log spam when there is no cable plugged. Please refer to
following links. https://bugzilla.kernel.org/show_bug.cgi?id=104351
https://bugzilla.kernel.org/show_bug.cgi?id=107421

This issue is caused by runtime power management. When there is no cable
plugged, the driver will be suspend (runtime suspend) by OS and NIC will be
put into the D3 state. During this time, if OS call rtl8169_get_stats64()
to dump tally counter, because NIC is in D3 state, the register value read
by driver will return all 0xff. This will let driver think tally counter
flag is not toggled and then sends the warning message "rtl_counters_cond
== 1 (loop: 1000, delay: 10)" to kernel log.

For fixing this issue, 1.add checking driver's pm runtime status in
rtl8169_get_stats64(). 2.dump tally counter before going runtime suspend
for counter accuracy in runtime suspend.

Signed-off-by: Chunhao Lin <hau@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 16:17:45 -05:00
Linus Lüssing
9b368814b3 net: fix bridge multicast packet checksum validation
We need to update the skb->csum after pulling the skb, otherwise
an unnecessary checksum (re)computation can ocure for IGMP/MLD packets
in the bridge code. Additionally this fixes the following splats for
network devices / bridge ports with support for and enabled RX checksum
offloading:

[...]
[   43.986968] eth0: hw csum failure
[   43.990344] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.4.0 #2
[   43.996193] Hardware name: BCM2709
[   43.999647] [<800204e0>] (unwind_backtrace) from [<8001cf14>] (show_stack+0x10/0x14)
[   44.007432] [<8001cf14>] (show_stack) from [<801ab614>] (dump_stack+0x80/0x90)
[   44.014695] [<801ab614>] (dump_stack) from [<802e4548>] (__skb_checksum_complete+0x6c/0xac)
[   44.023090] [<802e4548>] (__skb_checksum_complete) from [<803a055c>] (ipv6_mc_validate_checksum+0x104/0x178)
[   44.032959] [<803a055c>] (ipv6_mc_validate_checksum) from [<802e111c>] (skb_checksum_trimmed+0x130/0x188)
[   44.042565] [<802e111c>] (skb_checksum_trimmed) from [<803a06e8>] (ipv6_mc_check_mld+0x118/0x338)
[   44.051501] [<803a06e8>] (ipv6_mc_check_mld) from [<803b2c98>] (br_multicast_rcv+0x5dc/0xd00)
[   44.060077] [<803b2c98>] (br_multicast_rcv) from [<803aa510>] (br_handle_frame_finish+0xac/0x51c)
[...]

Fixes: 9afd85c9e4 ("net: Export IGMP/MLD message validation code")
Reported-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 16:16:38 -05:00
Stefan Wahren
a4690afeb0 net: qca_spi: clear IFF_TX_SKB_SHARING
ether_setup sets IFF_TX_SKB_SHARING but this is not supported by
qca_spi as it modifies the skb on xmit.

Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Fixes: 291ab06ecf (net: qualcomm: new Ethernet over SPI driver for QCA7000)
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 16:12:15 -05:00
Stefan Wahren
2b70bad23c net: qca_spi: Don't clear IFF_BROADCAST
Currently qcaspi_netdev_setup accidentally clears IFF_BROADCAST.
So fix this by keeping the flags from ether_setup.

Reported-by: Michael Heimpold <michael.heimpold@i2se.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Fixes: 291ab06ecf (net: qualcomm: new Ethernet over SPI driver for QCA7000)
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 16:12:15 -05:00
David Ahern
65c38aa653 net: vrf: Remove direct access to skb->data
Nik pointed that the VRF driver should be using skb_header_pointer
instead of accessing skb->data and bits beyond directly which can
be garbage.

Fixes: 35402e3136 ("net: Add IPv6 support to VRF device")
Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-25 15:34:26 -05:00
Diego Viola
ee50c130c8 net: jme: fix suspend/resume on JMC260
The JMC260 network card fails to suspend/resume because the call to
jme_start_irq() was too early, moving the call to jme_start_irq() after
the call to jme_reset_link() makes it work.

Prior this change suspend/resume would fail unless /sys/power/pm_async=0
was explicitly specified.

Relevant bug report: https://bugzilla.kernel.org/show_bug.cgi?id=112351

Signed-off-by: Diego Viola <diego.viola@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-24 23:58:21 -05:00
David S. Miller
25ac3417b7 Another small set of fixes:
* stop critical protocol session on disconnect to avoid
    it getting stuck
  * wext: fix two RTNL message ordering issues
  * fix an uninitialized value (found by KASAN)
  * fix an out-of-bounds access (also found by KASAN)
  * clear connection keys when freeing them in all cases
    (IBSS, all other places already did so)
  * fix expected throughput unit to get consistent values
  * set default TX aggregation timeout to 0 in minstrel
    to avoid (really just hide) issues and perform better
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJWzCthAAoJEGt7eEactAAdLjEP/38ujypJkVlwZzm9L8MbSVPk
 qPMmRBshVX89xOXtwJLJHOGCRY6/pfe1LKThodOp+hj+NH7OLLuAGFDScjr7eEjG
 bAQrXZ8dDIo54uri4EF4jBfkqUsePs+d4VpLgdJ2Gdh2UgIdDlUcggiEyOSicc27
 ZP3gRQzad8tP0O+MuqiAjwJE4C3AUzzj+8TXJJXjrT3RvDpvZfA3MClfiQVhRM+4
 3qtFhqFFGfIjTSHCoGr+0RYhLJwfjalIyoENR/kYizjHXU4YtZcu7ihdixKmG3Qb
 SUIlNl60WSyoh2+PXx3wp0gfTc0BrOVIpB+TQPouRu5D+tLRiPwlieVrlfJyIUJ5
 ccU1RWoTZn+3OVSjNF+9IGbpL43cjaJpZUMU/mQES7+z+uEwlzdcnwDScG7sMMC+
 KIyKZ4v+2sBPKYYKAzGxHb2lfTMyp9sCs25U30yqLX3RSNtuxJbDwuKrwbKa1CMx
 WEjImI+iSApjTch0THAxV8/sO/ZneuRZP76PXmSDm7Mzf9qob8fnpCjFsHTypDpx
 eWy8AHPhIhb3ni6Cm3TfsGLjGE4KGwD/lEwmAles2Cj48N4b2UwRjMrJ5GRxuV00
 9kh2MvFEmSYBU4dw6LQmemjxNNIa792+JiS4AKJXBqkPK1H1YFvq7i8Hl9a1tQ0P
 SDgbH5x6AYvmTRcD97Ph
 =01n9
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2016-02-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
Another small set of fixes:
 * stop critical protocol session on disconnect to avoid
   it getting stuck
 * wext: fix two RTNL message ordering issues
 * fix an uninitialized value (found by KASAN)
 * fix an out-of-bounds access (also found by KASAN)
 * clear connection keys when freeing them in all cases
   (IBSS, all other places already did so)
 * fix expected throughput unit to get consistent values
 * set default TX aggregation timeout to 0 in minstrel
   to avoid (really just hide) issues and perform better
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-24 16:58:12 -05:00
Daniel Borkmann
2da897e51d bpf: fix csum setting for bpf_set_tunnel_key
The fix in 35e2d1152b ("tunnels: Allow IPv6 UDP checksums to be correctly
controlled.") changed behavior for bpf_set_tunnel_key() when in use with
IPv6 and thus uncovered a bug that TUNNEL_CSUM needed to be set but wasn't.
As a result, the stack dropped ingress vxlan IPv6 packets, that have been
sent via eBPF through collect meta data mode due to checksum now being zero.

Since after LCO, we enable IPv4 checksum by default, so make that analogous
and only provide a flag BPF_F_ZERO_CSUM_TX for the user to turn it off in
IPv4 case.

Fixes: 35e2d1152b ("tunnels: Allow IPv6 UDP checksums to be correctly controlled.")
Fixes: c6c3345407 ("bpf: support ipv6 for bpf_skb_{set,get}_tunnel_key")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-24 16:23:47 -05:00
Hannes Frederic Sowa
a8c4a2522a ipv4: only create late gso-skb if skb is already set up with CHECKSUM_PARTIAL
Otherwise we break the contract with GSO to only pass CHECKSUM_PARTIAL
skbs down. This can easily happen with UDP+IPv4 sockets with the first
MSG_MORE write smaller than the MTU, second write is a sendfile.

Returning -EOPNOTSUPP lets the callers fall back into normal sendmsg path,
were we calculate the checksum manually during copying.

Commit d749c9cbff ("ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked
sockets") started to exposes this bug.

Fixes: d749c9cbff ("ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets")
Reported-by: Jiri Benc <jbenc@redhat.com>
Cc: Jiri Benc <jbenc@redhat.com>
Reported-by: Wakko Warner <wakko@animx.eu.org>
Cc: Wakko Warner <wakko@animx.eu.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-24 14:11:34 -05:00
Sebastian Frias
c7dfe3abf4 net: ethernet: nb8800: support fixed-link DT node
Under some circumstances, e.g. when connecting to a switch, the ethernet
port will not be connected to a PHY. In that case a "fixed-link" DT node
can be used to replace it.

https://stackoverflow.com/questions/31046172/device-tree-for-phy-less-connection-to-a-dsa-switch

This patch adds support for the "fixed-link" node to the nb8800 driver.

Signed-off-by: Sebastian Frias <sf84@laposte.net>
Acked-by: Mans Rullgard <mans@mansr.com>
Cc: Mason <slash.tmp@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-24 11:32:11 -05:00
Michael Chan
fbb0fa8b48 bnxt_en: Fix zero padding of tx push data.
The arithmetic to zero pad the last 64-bit word in the push buffer is not
correct.

1. It should be pdata + length to get to the end.
2. 'pdata' is void pointer and passing it to PTR_ALIGN() will cast the
aligned pointer to void.  Pass 'end' which is u64 pointer to PTR_ALIGN()
instead so that the aligned pointer - 1 is the last 64-bit pointer to data.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-23 19:12:51 -05:00
Bernie Harris
5146d1f151 tunnel: Clear IPCB(skb)->opt before dst_link_failure called
IPCB may contain data from previous layers (in the observed case the
qdisc layer). In the observed scenario, the data was misinterpreted as
ip header options, which later caused the ihl to be set to an invalid
value (<5). This resulted in an infinite loop in the mips implementation
of ip_fast_csum.

This patch clears IPCB(skb)->opt before dst_link_failure can be called for
various types of tunnels. This change only applies to encapsulated ipv4
packets.

The code introduced in 11c21a30 which clears all of IPCB has been removed
to be consistent with these changes, and instead the opt field is cleared
unconditionally in ip_tunnel_xmit. The change in ip_tunnel_xmit applies to
SIT, GRE, and IPIP tunnels.

The relevant vti, l2tp, and pptp functions already contain similar code for
clearing the IPCB.

Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-23 19:11:56 -05:00
Konstantin Khlebnikov
9bdfb3b79e tcp: convert cached rtt from usec to jiffies when feeding initial rto
Currently it's converted into msecs, thus HZ=1000 intact.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Fixes: 740b0f1841 ("tcp: switch rtt estimations to usec resolution")
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-23 18:28:46 -05:00
Patrik Halfar
fb5eb24cdd Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to qmi_wwan
New revison of Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card has new idProduct

Bus 002 Device 006: ID 413c:81b3 Dell Computer Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x413c Dell Computer Corp.
  idProduct          0x81b3
  bcdDevice            0.06
  iManufacturer           1 Sierra Wireless, Incorporated
  iProduct                2 Dell Wireless 5809e Gobi™ 4G HSPA+ Mobile Broadband Card
  iSerial                 3
  bNumConfigurations      2

Signed-off-by: Patrik Halfar <patrik_halfar@halfarit.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-23 15:42:32 -05:00
Arend van Spriel
b86071528f cfg80211: stop critical protocol session upon disconnect event
When user-space has started a critical protocol session and a disconnect
event occurs, the rdev::crit_prot_nlportid remains set. This caused a
subsequent NL80211_CMD_CRIT_PROTO_START to fail (-EBUSY). Fix this by
clearing the rdev attribute and call .crit_proto_stop() callback upon
disconnect event.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-02-23 10:41:24 +01:00
Ola Olsson
5e950a78bf nl80211: Zero out the connection keys memory when freeing them.
The connection keys are zeroed out in all other cases except this
one. Let's fix the last one as well.

Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-02-23 10:40:36 +01:00
Felix Fietkau
7a36b930e6 mac80211: minstrel_ht: set default tx aggregation timeout to 0
The value 5000 was put here with the addition of the timeout field to
ieee80211_start_tx_ba_session. It was originally added in mac80211 to
save resources for drivers like iwlwifi, which only supports a limited
number of concurrent aggregation sessions.

Since iwlwifi does not use minstrel_ht and other drivers don't need
this, 0 is a better default - especially since there have been
recent reports of aggregation setup related issues reproduced with
ath9k. This should improve stability without causing any adverse
effects.

Cc: stable@vger.kernel.org
Acked-by: Avery Pennarun <apenwarr@gmail.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-02-23 10:39:24 +01:00
Linus Torvalds
dea08e6044 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "Looks like a lot, but mostly driver fixes scattered all over as usual.

  Of note:

   1) Add conditional sched in nf conntrack in cleanup to avoid NMI
      watchdogs.  From Florian Westphal.

   2) Fix deadlock in nfnetlink cttimeout, also from Floarian.

   3) Fix handling of slaves in bonding ARP monitor validation, from Jay
      Vosburgh.

   4) Callers of ip_cmsg_send() are responsible for freeing IP options,
      some were not doing so.  Fix from Eric Dumazet.

   5) Fix per-cpu bugs in mvneta driver, from Gregory CLEMENT.

   6) Fix vlan handling in mv88e6xxx DSA driver, from Vivien Didelot.

   7) bcm7xxx PHY driver bug fixes from Florian Fainelli.

   8) Avoid unaligned accesses to protocol headers wrt.  GRE, from
      Alexander Duyck.

   9) SKB leaks and other problems in arc_emac driver, from Alexander
      Kochetkov.

  10) tcp_v4_inbound_md5_hash() releases listener socket instead of
      request socket on error path, oops.  Fix from Eric Dumazet.

  11) Missing socket release in pppoe_rcv_core() that seems to have
      existed basically forever.  From Guillaume Nault.

  12) Missing slave_dev unregister in dsa_slave_create() error path,
      from Florian Fainelli.

  13) crypto_alloc_hash() never returns NULL, fix return value check in
      __tcp_alloc_md5sig_pool.  From Insu Yun.

  14) Properly expire exception route entries in ipv4, from Xin Long.

  15) Fix races in tcp/dccp listener socket dismantle, from Eric
      Dumazet.

  16) Don't set IFF_TX_SKB_SHARING in vxlan, geneve, or GRE, it's not
      legal.  These drivers modify the SKB on transmit.  From Jiri Benc.

  17) Fix regression in the initialziation of netdev->tx_queue_len.
      From Phil Sutter.

  18) Missing unlock in tipc_nl_add_bc_link() error path, from Insu Yun.

  19) SCTP port hash sizing does not properly ensure that table is a
      power of two in size.  From Neil Horman.

  20) Fix initializing of software copy of MAC address in fmvj18x_cs
      driver, from Ken Kawasaki"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (129 commits)
  bnx2x: Fix 84833 phy command handler
  bnx2x: Fix led setting for 84858 phy.
  bnx2x: Correct 84858 PHY fw version
  bnx2x: Fix 84833 RX CRC
  bnx2x: Fix link-forcing for KR2
  net: ethernet: davicom: fix devicetree irq resource
  fmvj18x_cs: fix incorrect indexing of dev->dev_addr[] when copying the MAC address
  Driver: Vmxnet3: Update Rx ring 2 max size
  net: netcp: rework the code for get/set sw_data in dma desc
  soc: ti: knav_dma: rename pad in struct knav_dma_desc to sw_data
  net: ti: netcp: restore get/set_pad_info() functionality
  MAINTAINERS: Drop myself as xen netback maintainer
  sctp: Fix port hash table size computation
  can: ems_usb: Fix possible tx overflow
  Bluetooth: hci_core: Avoid mixing up req_complete and req_complete_skb
  net: bcmgenet: Fix internal PHY link state
  af_unix: Don't use continue to re-execute unix_stream_read_generic loop
  unix_diag: fix incorrect sign extension in unix_lookup_by_ino
  bnxt_en: Failure to update PHY is not fatal condition.
  bnxt_en: Remove unnecessary call to update PHY settings.
  ...
2016-02-22 12:18:07 -08:00
Linus Torvalds
5c102d0eca Two fixes headed for stable:
Remove an un-necessary speed_index lookup for thermal hook in the gpio-fan
 driver. The unnecessary speed lookup can hog the system.
 
 Handle negative conversion values correctly in the ads1015 driver.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWydseAAoJEMsfJm/On5mBhxgP/iVNIDIusNLBHD7VG2vtpWim
 +nAmcdllLdtuT459zGX5z5HE3b7oj8v5JYW9TUH0x+N4WhvFZ9TWgH8OXt2cuUZ3
 vgbgt9QJLTzP6PHFdhhF2rLrL1Ur5eyeV0fIlRVHj2KqZixILcutLn3+TDKE1Buc
 o2Y5+CXI/XJZ2y5U8SOK5xYC1EmYkijc5rTmDdF1/5DhNzupO4S6bW/MdY9Qo5X6
 0qkyLQ01eH1GqnvUA9VNhDjlU7NZWVFpd/StL8IQk313E+79m3vwAlSNK6a33eC2
 w4nuFLA4zPfJwRYI7dN8jePCs+Y10ucfmX+EKFU7JzC4WTvyv1P76Ilrd6/ZuDJx
 YQ8ClT9ZscT9xqr+0MnhkBeE1Mu6YZoDLVaSCymcIp1E7mTAMY8yMBknFcWEZIX7
 cJuqMskvBHn7o1WCzzYOqFgOv4csm3fcazeEzp+R25Ds4NE715ClUfFZI6gLc9lg
 vYlLtU2mQGI3IsdD/a1/WOefOPGsFrGwVIAcgsi5zlCYFY/BSa9PLu/dWoLtomnP
 GEUUDIEyKsZ7om9B4B9229izL9jRT5MsYbh7vJb/1XULpXMBg1ESqhamxmtxV+oU
 J5fIlpw0g1/83mul8rq9FIeAxTcgAXsrGtJUWpatd/rHrQOgP/w5w9N3MkX7LDLE
 ccP+uEEP2z/i+PgOmr0L
 =luAI
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:
 "Two fixes headed for stable:

   - Remove an unnecessary speed_index lookup for thermal hook in the
     gpio-fan driver.  The unnecessary speed lookup can hog the system.

   - Handle negative conversion values correctly in the ads1015 driver"

* tag 'hwmon-for-linus-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook
  hwmon: (ads1015) Handle negative conversion values correctly
2016-02-22 12:12:46 -08:00
Linus Torvalds
a16152c897 Additional 4.5-rc5 fixes
- One fix ocrdma - The new CQ API support was added to ocrdma, but they
   got the arming logic wrong, so without this, transfers eventually fail
   when they fail to arm the interrupt properly under load
 - Two related fixes for mlx4 - When we added the 64bit extended counters
   support to the core IB code, they forgot to update the RoCE side of the
   mlx4 driver (the IB side they properly updated).  I debated whether or
   not to include these patches as they could be considered feature
   enablement patches, but the existing code will blindy copy the 32bit
   counters, whether any counters were requested at all (a bug).  These
   two patches make it A) check to see that counters were requested and
   B) copy the right counters (the 64bit support is new, the 32bit is
   not).  For that reason I went ahead and took them.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWxI9xAAoJELgmozMOVy/dqRgP/3JbB5MMcqqrxCXGE7874YOO
 ZXldH2nJ+uIffWn1IUDJd01vWKDbxBD5joD+HgH1XLjmSQZf7I6APmayTMx43k/k
 Ps4fg4iDU2HY35w4s8hCgIj1WmKtYWPA2wHFB1VUO8nhLQD0fxCInw3feDhOXu23
 VYSBOypHIMHZfldOog/RXQ4/cCStTmhyDlPtcldWTpMm/SmBEs/iGoUXe5gLHZfk
 aKEK2OOC/Yk/iK4flnYsNcgDhFfTcFlpbUtBfLYvFd9UxBCkPsB7WE5BT06zvEHe
 Cp5IN7093Nhh66uKyDHyzBJFMrZB3crcqmEGsauE6iBF6iQItlvVMch7DHP4FEWP
 2VlYKbhINH7yfl/bXq9CyljA2wcPS5MDtQgrEwa/qMeA8sqEQWnyPgS4xGKnufoQ
 SbvPY9pdzhU2G6weoRSiVfpMXh2dl/kbOcsn/rywfyrJ4Ne1lE60Di75WEpwxD+I
 4cRktAZp5W2gnv9NJRA/iYMQCVxJ9Sd7aj+dFfWOzJf3uuOlvMALTPuWF4zyeT1U
 VKpptmAmq0l3zVtpnmuVNO4BqC+00L+sojrkeGX9ZhLBaJZfUkj10sjPAWGHNU28
 liQ3Wnqb7q5Z7ROBs5bbMub7Q4+hWiEINPQtFm4f43bmievI9QgPjoNQXjXea7vI
 W9WXEhYS1fjI9z3w4Oqg
 =QD36
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma

Pull rdma fixes from Doug Ledford:
 "One ocrdma fix:

   - The new CQ API support was added to ocrdma, but they got the arming
     logic wrong, so without this, transfers eventually fail when they
     fail to arm the interrupt properly under load

  Two related fixes for mlx4:

   - When we added the 64bit extended counters support to the core IB
     code, they forgot to update the RoCE side of the mlx4 driver (the
     IB side they properly updated).

     I debated whether or not to include these patches as they could be
     considered feature enablement patches, but the existing code will
     blindy copy the 32bit counters, whether any counters were requested
     at all (a bug).

     These two patches make it (a) check to see that counters were
     requested and (b) copy the right counters (the 64bit support is
     new, the 32bit is not).  For that reason I went ahead and took
     them"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
  IB/mlx4: Add support for the port info class for RoCE ports
  IB/mlx4: Add support for extended counters over RoCE ports
  RDMA/ocrdma: Fix arm logic to align with new cq API
2016-02-22 12:04:11 -08:00
Linus Torvalds
7ee302f6f7 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
 "Some bugfixes from I2C for you:

  A fix for a RuntimePM regression with OMAP, a fix to enable TCO for
  Lewisburg platforms, and a typo fix while we are here"

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: i801: Adding Intel Lewisburg support for iTCO
  i2c: uniphier: fix typos in error messages
  i2c: omap: Fix PM regression with deferred probe for pm_runtime_reinit
2016-02-22 11:55:18 -08:00
David S. Miller
d856626d3b linux-can-fixes-for-4.5-20160221
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCgAGBQJWycVaAAoJED07qiWsqSVqhoIIAKNVMLApOlvduZ2JQYSUJ+tC
 IWjRSuB3sOwCIMKx4DXWhovkTU6j00jxQiEHF5phSOA9n5n+wwJMhgZQeOehAYoS
 smwkKMjJhgvEd4lZ7+OBWj6Xi1mStU3ddYYubE7MkTE/4E6vsnJ6/iVbCyIv4d0F
 7zGnWaq/bca+ccZyrVO9hk3mg8ZD+2L6hGR47E5vWerR4mupifMK0LvmfgIPBsMk
 FVMKhddDek2xUTZxdUesXCvAoOewSfhFbNG3uMH6AFKVjEhFoEC8c0Wn7zLrJ5Zn
 FCec9e4qXRHwQo1MgobLn6SXgrwEoPqXUFTQfNVG8rYkX/vXScXX9V7JZCCuC8U=
 =0Qdk
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-4.5-20160221' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2016-02-21

this is a pull reqeust of one patch for net/master.

The patch is by Gerhard Uttenthaler and fixes a potential tx overflow in the
ems_usb driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:51:55 -05:00
David S. Miller
dd78dac893 Merge branch 'bnx2x-848xx-phy-fixes'
Yuval Mintz says:

====================
bnx2x: Fix 848xx phys

This series contains link-related fixes, mostly for the 848xx phys
[2 patches are for 84833, and 2 patches are for 84858].
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:55 -05:00
Yuval Mintz
4ec0b6d506 bnx2x: Fix 84833 phy command handler
Current initialization sequence is lacking, causing some configurations
to fail.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:55 -05:00
Yuval Mintz
bb1187af65 bnx2x: Fix led setting for 84858 phy.
Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:55 -05:00
Yuval Mintz
27ba2d2df0 bnx2x: Correct 84858 PHY fw version
The phy's firmware version isn't being parsed properly as it's
currently parsed like the rest of the 848xx phys.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:54 -05:00
Yuval Mintz
512ab9a001 bnx2x: Fix 84833 RX CRC
There's a problem in current 84833 phy configuration -
in case 1Gb link is configured and jumbo-sized packets are being
used, device will experience RX crc errors.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:54 -05:00
Yuval Mintz
1e411f0138 bnx2x: Fix link-forcing for KR2
Currently, when link is using KR2 it cannot be forced to any speed other
than 20g.

Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.om>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:50:54 -05:00
David S. Miller
9ca69b7054 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:

====================
pull request: bluetooth 2016-02-20

Here's an important patch for 4.5 which fixes potential invalid pointer
access when processing completed Bluetooth HCI commands.

Please let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:46:26 -05:00
Robert Jarzmik
b5a099c67a net: ethernet: davicom: fix devicetree irq resource
The dm9000 driver doesn't work in at least one device-tree
configuration, spitting an error message on irq resource :
[    1.062495] dm9000 8000000.ethernet: insufficient resources
[    1.068439] dm9000 8000000.ethernet: not found (-2).
[    1.073451] dm9000: probe of 8000000.ethernet failed with error -2

The reason behind is that the interrupt might be provided by a gpio
controller, not probed when dm9000 is probed, and needing the probe
deferral mechanism to apply.

Currently, the interrupt is directly taken from resources. This patch
changes this to use the more generic platform_get_irq(), which handles
the deferral.

Moreover, since commit Fixes: 7085a7401b ("drivers: platform: parse
IRQ flags from resources"), the interrupt trigger flags are honored in
platform_get_irq(), so remove the needless code in dm9000.

Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Acked-by: Marcel Ziswiler <marcel@ziswiler.com>
Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Tested-by: Sergei Ianovich <ynvich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:40:49 -05:00
Ken Kawasaki
1ad5466812 fmvj18x_cs: fix incorrect indexing of dev->dev_addr[] when copying the MAC address
fix incorrect indexing of dev->dev_addr[] when copying the MAC address
of FMV-J182 at buf[5].

Signed-off-by: Ken Kawasaki <ken_kawasaki@nifty.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-21 22:08:43 -05:00