openwrt/staging/blogic.git
12 years agonetfilter: nf_nat: Handle routing changes in MASQUERADE target
Jozsef Kadlecsik [Fri, 30 Nov 2012 12:37:26 +0000 (12:37 +0000)]
netfilter: nf_nat: Handle routing changes in MASQUERADE target

When the route changes (backup default route, VPNs) which affect a
masqueraded target, the packets were sent out with the outdated source
address. The patch addresses the issue by comparing the outgoing interface
directly with the masqueraded interface in the nat table.

Events are inefficient in this case, because it'd require adding route
events to the network core and then scanning the whole conntrack table
and re-checking the route for all entry.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ctnetlink: nla_policy updates
Florian Westphal [Thu, 22 Nov 2012 01:32:46 +0000 (01:32 +0000)]
netfilter: ctnetlink: nla_policy updates

Add stricter checking for a few attributes.
Note that these changes don't fix any bug in the current code base.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: kill support for per-af queue backends
Florian Westphal [Fri, 23 Nov 2012 06:22:21 +0000 (06:22 +0000)]
netfilter: kill support for per-af queue backends

We used to have several queueing backends, but nowadays only
nfnetlink_queue remains.

In light of this there doesn't seem to be a good reason to
support per-af registering -- just hook up nfnetlink_queue on module
load and remove it on unload.

This means that the userspace BIND/UNBIND_PF commands are now obsolete;
the kernel will ignore them.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ctnetlink: dump entries from the dying and unconfirmed lists
Pablo Neira Ayuso [Tue, 27 Nov 2012 13:49:42 +0000 (14:49 +0100)]
netfilter: ctnetlink: dump entries from the dying and unconfirmed lists

This patch adds a new operation to dump the content of the dying and
unconfirmed lists.

Under some situations, the global conntrack counter can be inconsistent
with the number of entries that we can dump from the conntrack table.
The way to resolve this is to allow dumping the content of the unconfirmed
and dying lists, so far it was not possible to look at its content.

This provides some extra instrumentation to resolve problematic situations
in which anyone suspects memory leaks.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_conntrack: improve nf_conn object traceability
Pablo Neira Ayuso [Tue, 27 Nov 2012 20:30:52 +0000 (21:30 +0100)]
netfilter: nf_conntrack: improve nf_conn object traceability

This patch modifies the conntrack subsystem so that all existing
allocated conntrack objects can be found in any of the following
places:

* the hash table, this is the typical place for alive conntrack objects.
* the unconfirmed list, this is the place for newly created conntrack objects
  that are still traversing the stack.
* the dying list, this is where you can find conntrack objects that are dying
  or that should die anytime soon (eg. once the destroy event is delivered to
  the conntrackd daemon).

Thus, we make sure that we follow the track for all existing conntrack
objects. This patch, together with some extension of the ctnetlink interface
to dump the content of the dying and unconfirmed lists, will help in case
to debug suspected nf_conn object leaks.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ipset: Increase the number of maximal sets automatically
Jozsef Kadlecsik [Tue, 27 Nov 2012 09:58:09 +0000 (09:58 +0000)]
netfilter: ipset: Increase the number of maximal sets automatically

The max number of sets was hardcoded at kernel cofiguration time and
could only be modified via a module parameter. The patch adds the support
of increasing the max number of sets automatically, as needed.

The array of sets is incremented by 64 new slots if we run out of
empty slots. The absolute limit for the maximal number of sets
is limited by 65534.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agobna: remove useless calls to memset().
Cyril Roelandt [Sat, 1 Dec 2012 16:40:17 +0000 (16:40 +0000)]
bna: remove useless calls to memset().

These calls are followed by calls to memcpy() on the same memory area, so they
can safely be removed.

Signed-off-by: Cyril Roelandt <tipecaml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agotcp: don't abort splice() after small transfers
Willy Tarreau [Sun, 2 Dec 2012 11:49:27 +0000 (11:49 +0000)]
tcp: don't abort splice() after small transfers

TCP coalescing added a regression in splice(socket->pipe) performance,
for some workloads because of the way tcp_read_sock() is implemented.

The reason for this is the break when (offset + 1 != skb->len).

As we released the socket lock, this condition is possible if TCP stack
added a fragment to the skb, which can happen with TCP coalescing.

So let's go back to the beginning of the loop when this happens,
to give a chance to splice more frags per system call.

Doing so fixes the issue and makes GRO 10% faster than LRO
on CPU-bound splice() workloads instead of the opposite.

Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: fix sparse endianness warnings on sock_common
Eric Dumazet [Sun, 2 Dec 2012 07:33:10 +0000 (07:33 +0000)]
net: fix sparse endianness warnings on sock_common

# make C=2 CF=-D__CHECK_ENDIAN__ net/ipv4/inet_hashtables.o
...
net/ipv4/inet_hashtables.c:242:7: warning: restricted __portpair degrades to integer
net/ipv4/inet_hashtables.c:242:7: warning: restricted __addrpair degrades to integer
...

Move __portpair/__addrpair from include/net/inet_hashtables.h
to include/net/sock.h where we need them in struct sock_common

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ling Ma <ling.ma.program@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Correct PFC disablement
Barak Witkowski [Sun, 2 Dec 2012 04:05:57 +0000 (04:05 +0000)]
bnx2x: Correct PFC disablement

bnx2x driver could only have enabled pfc via usage of dcbnl; now, it can
also correctly disable it.

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: fix 'Ethtool -A' when autoneg
Yuval Mintz [Sun, 2 Dec 2012 04:05:56 +0000 (04:05 +0000)]
bnx2x: fix 'Ethtool -A' when autoneg

When configuring pauses using 'ethtool -A', the requested values have
effect when used together with autoneg (up to this point, when configured
for autoneg, driver ignored requested pause configuration)

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: prevent DCB if disabled in nvram
Barak Witkowski [Sun, 2 Dec 2012 04:05:55 +0000 (04:05 +0000)]
bnx2x: prevent DCB if disabled in nvram

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Handle a rarely missed interrupt
Yaniv Rosner [Sun, 2 Dec 2012 04:05:54 +0000 (04:05 +0000)]
bnx2x: Handle a rarely missed interrupt

A rare case of no link due to a missed interrupt may occur due to a
race condition between acknowledging the IGU via the BAR and restoring the NIG
interrupt mask via the GRC.
To solve it, we wait for the IGU ack command to finish prior to restoring the
NIG interrupt mask.

Signed-off-by: Yaniv Rosner <yaniv.rosner@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: mask CPL_OF interrupt
Yuval Mintz [Sun, 2 Dec 2012 04:05:53 +0000 (04:05 +0000)]
bnx2x: mask CPL_OF interrupt

Unmasked interrupt caused "FATAL HW block attention set2 0x20" messages
to erroneously appear, as the associated interrupt is fully recoverable.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: IGU parse error cause probe failure
Barak Witkowski [Sun, 2 Dec 2012 04:05:52 +0000 (04:05 +0000)]
bnx2x: IGU parse error cause probe failure

If IGU parse error is encountered during the probing process, the error
propagates and the probe gracefully fails (until now, such errors were ignored,
later causing mischief).

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Ext. config accessed only on non-E1x.
Yuval Mintz [Sun, 2 Dec 2012 04:05:51 +0000 (04:05 +0000)]
bnx2x: Ext. config accessed only on non-E1x.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: nvram enables dropless flow control
Yuval Mintz [Sun, 2 Dec 2012 04:05:50 +0000 (04:05 +0000)]
bnx2x: nvram enables dropless flow control

It is now possible to enable dropless flow control via nvram.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Correct advertised speed/duplex
Yuval Mintz [Sun, 2 Dec 2012 04:05:49 +0000 (04:05 +0000)]
bnx2x: Correct advertised speed/duplex

If link is down due to management (and not due to actual phy link being lost),
driver should still behave as if the link is down; Querying via ethtool about
speed/duplex state should result in 'UNKNOWN' (same behaviour as when link is
actually down).

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Filter packets on FCoE rings
Dmitry Kravkov [Sun, 2 Dec 2012 04:05:48 +0000 (04:05 +0000)]
bnx2x: Filter packets on FCoE rings

Whenever bnx2x fails to transmit a packet due to a full Tx ring, if the
ring size is zero (indicating an FCoE ring) driver filters the packet out
and gracefully continues.
Driver also gathers statistics on such filtered packets.

Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: Management can control PFC/ETS
Barak Witkowski [Sun, 2 Dec 2012 04:05:47 +0000 (04:05 +0000)]
bnx2x: Management can control PFC/ETS

If configured for PFC/ETS by management, configure chip regardless of the
presence of a remote peer which supports DCBX.

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: parity recovery flow enhancement
Barak Witkowski [Sun, 2 Dec 2012 04:05:46 +0000 (04:05 +0000)]
bnx2x: parity recovery flow enhancement

Parity recovery was enhanced in order to handle a few more corner cases.

Signed-off-by: Barak Witkowski <barak@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobnx2x: revised and corrected SPIO access
Yuval Mintz [Sun, 2 Dec 2012 04:05:45 +0000 (04:05 +0000)]
bnx2x: revised and corrected SPIO access

Changed naming convention of SPIO macros, and prevented access to invalid SPIOs.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet/mlx4_en: Set number of rx/tx channels using ethtool
Amir Vadai [Sun, 2 Dec 2012 03:49:23 +0000 (03:49 +0000)]
net/mlx4_en: Set number of rx/tx channels using ethtool

Add support to changing number of rx/tx channels using
ethtool ('ethtool -[lL]'). Where the number of tx channels specified in ethtool
is the number of rings per user priority - not total number of tx rings.

Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet/mlx4_en: Fix TX moderation info loss after set_ringparam is called
Amir Vadai [Sun, 2 Dec 2012 03:49:22 +0000 (03:49 +0000)]
net/mlx4_en: Fix TX moderation info loss after set_ringparam is called

We need to re-set tx moderation information after calling set_ringparam
else default tx moderation will be used.
Also avoid related code duplication, by putting it in a utility function.

Signed-off-by: Amir Vadai <amirv@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMAINTAINERS: Add Mellanox ethernet driver - mlx4_en
Amir Vadai [Sun, 2 Dec 2012 03:49:21 +0000 (03:49 +0000)]
MAINTAINERS: Add Mellanox ethernet driver - mlx4_en

Set mlx4_en maintainer to Amir Vadai instead of Yevgeny Petrilin.

Signed-off-by: Amir Vadai <amirv@mellanox.com>
Cc: Yevgeny Petrilin <yevgenyp@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge git://git.infradead.org/users/dwmw2/atm
David S. Miller [Sun, 2 Dec 2012 01:45:24 +0000 (20:45 -0500)]
Merge git://git.infradead.org/users/dwmw2/atm

David Woodhouse says:

====================
This is the result of pulling on the thread started by Krzysztof Mazur's
original patch 'pppoatm: don't send frames to destroyed vcc'.

Various problems in the pppoatm and br2684 code are solved, some of which
were easily triggered and would panic the kernel.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosolos-pci: remove list_vccs() debugging function
David Woodhouse [Thu, 29 Nov 2012 23:28:30 +0000 (23:28 +0000)]
solos-pci: remove list_vccs() debugging function

No idea why we've gone so long dumping a list of VCCs with vci==0 on
every ->open() call...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agosolos-pci: use GFP_KERNEL where possible, not GFP_ATOMIC
David Woodhouse [Thu, 29 Nov 2012 23:27:20 +0000 (23:27 +0000)]
solos-pci: use GFP_KERNEL where possible, not GFP_ATOMIC

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agosolos-pci: clean up pclose() function
David Woodhouse [Thu, 29 Nov 2012 23:15:30 +0000 (23:15 +0000)]
solos-pci: clean up pclose() function

 - Flush pending TX skbs from the queue rather than waiting for them all to
   complete (suggested by Krzysztof Mazur <krzysiek@podlesie.net>).
 - Clear ATM_VF_ADDR only when the PKT_PCLOSE packet has been submitted.
 - Don't clear ATM_VF_READY at all — vcc_destroy_socket() does that for us.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agopppoatm: optimise PPP channel wakeups after sock_owned_by_user()
David Woodhouse [Wed, 28 Nov 2012 10:15:05 +0000 (10:15 +0000)]
pppoatm: optimise PPP channel wakeups after sock_owned_by_user()

We don't need to schedule the wakeup tasklet on *every* unlock; only if we
actually blocked the channel in the first place.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Krzysztof Mazur <krzysiek@podlesie.net>
12 years agobr2684: allow assign only on a connected socket
Krzysztof Mazur [Wed, 28 Nov 2012 08:08:04 +0000 (09:08 +0100)]
br2684: allow assign only on a connected socket

The br2684 does not check if used vcc is in connected state,
causing potential Oops in pppoatm_send() when vcc->send() is called
on not fully connected socket.

Now br2684 can be assigned only on connected sockets; otherwise
-EINVAL error is returned.

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agosolos-pci: Fix leak of skb received for unknown vcc
Nathan Williams [Tue, 27 Nov 2012 06:34:09 +0000 (17:34 +1100)]
solos-pci: Fix leak of skb received for unknown vcc

... and ensure that the next skb is set up for RX in the DMA case.

Signed-off-by: Nathan Williams <nathan@traverse.com.au>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agobr2684: fix module_put() race
David Woodhouse [Wed, 28 Nov 2012 00:46:45 +0000 (00:46 +0000)]
br2684: fix module_put() race

The br2684 code used module_put() during unassignment from vcc with
hope that we have BKL. This assumption is no longer true.

Now owner field in atmvcc is used to move this module_put()
to vcc_destroy_socket().

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Krzysztof Mazur <krzysiek@podlesie.net>
12 years agopppoatm: fix missing wakeup in pppoatm_send()
David Woodhouse [Wed, 28 Nov 2012 00:05:52 +0000 (00:05 +0000)]
pppoatm: fix missing wakeup in pppoatm_send()

Now that we can return zero from pppoatm_send() for reasons *other* than
the queue being full, that means we can't depend on a subsequent call to
pppoatm_pop() waking the queue, and we might leave it stalled
indefinitely.

Use the ->release_cb() callback to wake the queue after the sock is
unlocked.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Krzysztof Mazur <krzysiek@podlesie.net>
12 years agobr2684: don't send frames on not-ready vcc
David Woodhouse [Tue, 27 Nov 2012 23:28:36 +0000 (23:28 +0000)]
br2684: don't send frames on not-ready vcc

Avoid submitting packets to a vcc which is being closed. Things go badly
wrong when the ->pop method gets later called after everything's been
torn down.

Use the ATM socket lock for synchronisation with vcc_destroy_socket(),
which clears the ATM_VF_READY bit under the same lock. Otherwise, we
could end up submitting a packet to the device driver even after its
->ops->close method has been called. And it could call the vcc's ->pop
method after the protocol has been shut down. Which leads to a panic.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Krzysztof Mazur <krzysiek@podlesie.net>
12 years agoatm: add release_cb() callback to vcc
David Woodhouse [Wed, 28 Nov 2012 00:03:11 +0000 (00:03 +0000)]
atm: add release_cb() callback to vcc

The immediate use case for this is that it will allow us to ensure that a
pppoatm queue is woken after it has to drop a packet due to the sock being
locked.

Note that 'release_cb' is called when the socket is *unlocked*. This is
not to be confused with vcc_release() — which probably ought to be called
vcc_close().

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Krzysztof Mazur <krzysiek@podlesie.net>
12 years agosolos-pci: wait for pending TX to complete when releasing vcc
David Woodhouse [Tue, 27 Nov 2012 23:49:24 +0000 (23:49 +0000)]
solos-pci: wait for pending TX to complete when releasing vcc

We should no longer be calling the old pop routine for the vcc, after
vcc_release() has completed. Make sure we wait for any pending TX skbs
to complete, by waiting for our own PKT_PCLOSE control skb to be sent.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agoqlcnic: remove duplicated include from qlcnic_sysfs.c
Wei Yongjun [Fri, 30 Nov 2012 20:01:25 +0000 (20:01 +0000)]
qlcnic: remove duplicated include from qlcnic_sysfs.c

Remove duplicated include.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Sony Chacko <sony.chacko@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomyri10ge: fix incorrect use of ntohs()
Andrew Gallatin [Fri, 30 Nov 2012 12:31:26 +0000 (12:31 +0000)]
myri10ge: fix incorrect use of ntohs()

1b4c44e6369dbbafd113f1e00b406f1eda5ab5b2 incorrectly used
ntohs() rather than htons() in myri10ge_vlan_rx().

Thanks to Fengguang Wu, Yuanhan Liu's kernel-build tester
for pointing out this bug.

Signed-off-by: Andrew Gallatin <gallatin@myri.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: unify logic evaluating inet6_dev's accept_ra property
Shmulik Ladkani [Fri, 30 Nov 2012 10:25:59 +0000 (10:25 +0000)]
ipv6: unify logic evaluating inet6_dev's accept_ra property

As of 026359b [ipv6: Send ICMPv6 RSes only when RAs are accepted], the
logic determining whether to send Router Solicitations is identical
to the logic determining whether kernel accepts Router Advertisements.

However the condition itself is repeated in several code locations.

Unify it by introducing 'ipv6_accept_ra()' accessor.

Also, simplify the condition expression, making it more readable.
No semantic change.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agotcp: change default tcp hash size
Eric Dumazet [Fri, 30 Nov 2012 10:08:52 +0000 (10:08 +0000)]
tcp: change default tcp hash size

As time passed, available memory increased faster than number of
concurrent tcp sockets.

As a result, a machine with 4GB of ram gets a hash table
with 524288 slots, using 8388608 bytes of memory.

Lets change that by a 16x factor (one slot for 128 KB of ram)

Even if a small machine needs a _lot_ of sockets, tcp lookups are now
very efficient, using one cache line per socket.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc...
David S. Miller [Sat, 1 Dec 2012 16:30:10 +0000 (11:30 -0500)]
Merge branch 'for-davem' of git://git./linux/kernel/git/bwh/sfc-next

Ben Hutchings says:

====================
1. More workarounds for TX queue flush failures that can occur during
   interface reconfiguration.
2. Fix spurious failure of a firmware request running during a system
   clock change, e.g. ntpd started at the same time as driver load.
3. Fix inconsistent statistics after a firmware upgrade.
4. Fix a variable (non-)initialisation in offline self-test that can
   make it more disruptive than intended.
5. Fix a race that can (at least) cause an assertion failure.
6. Miscellaneous cleanup.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net...
David S. Miller [Sat, 1 Dec 2012 16:27:31 +0000 (11:27 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/jkirsher/net-next

Jeff Kirsher says:

====================
This series contains updates to ixgbe, igb and e1000e.  Majority of the
changes are against igb.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoixgbe: Do not parse past IP header on fragments beyond the first
Alexander Duyck [Tue, 13 Nov 2012 01:13:33 +0000 (01:13 +0000)]
ixgbe: Do not parse past IP header on fragments beyond the first

This change makes it so that only the first fragment in a series of fragments
will have the L4 header pulled.  Previously we were always pulling the L4
header as well and in the case of UDP this can harm performance since only the
first fragment will have the header, the rest just contain data which should
be left in the paged portion of the packet.

Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
Tested-by: Stephen Ko <stephen.s.ko@intel.com>
Tested-by: Marcus Dennis <marcusx.e.dennis@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoe1000e: cosmetic cleanup of comments
Bruce Allan [Wed, 28 Nov 2012 09:28:37 +0000 (09:28 +0000)]
e1000e: cosmetic cleanup of comments

Update comments to conform to the preferred style for networking code as
described in ./Documentation/CodingStyle and checked for in the recently
added checkpatch NETWORKING_BLOCK_COMMENT_STYLE test.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Fix SerDes autoneg flow control.
Carolyn Wyborny [Tue, 23 Oct 2012 12:54:33 +0000 (12:54 +0000)]
igb: Fix SerDes autoneg flow control.

This patch enables flow control to be set in SerDes autoneg mode.  This is
done the way it is done for copper, but relies on a different set of register/bit
checks since this is all done within the MAC registers.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Unset sigdetect for SERDES loopback on 82580 and i350
Carolyn Wyborny [Thu, 22 Nov 2012 02:49:22 +0000 (02:49 +0000)]
igb: Unset sigdetect for SERDES loopback on 82580 and i350

This patch unsets the sigdetect bit for SERDES loopback tests on 82580 and
i350 parts.  The loopback test can fail on these parts without this
setting.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Workaround for global device reset problem on 82580.
Carolyn Wyborny [Thu, 22 Nov 2012 01:24:08 +0000 (01:24 +0000)]
igb: Workaround for global device reset problem on 82580.

Due to a hw errata, the global device reset doesn't always work on 82580
devices.  This patch works around the problem not trying to do a global
device reset on these devices.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Refactoring of i210 file.
Carolyn Wyborny [Wed, 21 Nov 2012 04:44:10 +0000 (04:44 +0000)]
igb: Refactoring of i210 file.

This patch refactors the functions in e1000_i210.c in order to remove need
for prototypes.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Acquire, release semaphore for writing each EEPROM page
Akeem G. Abodunrin [Sat, 3 Nov 2012 03:08:41 +0000 (03:08 +0000)]
igb: Acquire, release semaphore for writing each EEPROM page

This patch allows software acquires and releases NVM resource for
writing each EEPROM page, instead of holding semaphore for the whole
data block which is too long and could trigger write fails on
unpredictable addresses.

Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoigb: Updates to read nvm function for i211 device
Carolyn Wyborny [Thu, 11 Oct 2012 02:15:45 +0000 (02:15 +0000)]
igb: Updates to read nvm function for i211 device

The i211 has an integrated secure space to store configuration information that is
usually stored in an EEPROM or flash type device. This patch updates the
read functions to return values or appropriate error codes to prevent
unnecessary init failures on some configuration schemes.

Signed-off-by: Carolyn Wyborny <carolyn.wyborny@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agoixgbe: eliminate Smatch warnings in ixgbe_debugfs.c
joshua.a.hay@intel.com [Wed, 28 Nov 2012 05:49:20 +0000 (05:49 +0000)]
ixgbe: eliminate Smatch warnings in ixgbe_debugfs.c

This patch replaces calls to copy_to_user, copy_from_user, and the associated
logic, with calls to simple_read_from_buffer and simple_write_to_buffer
respectively.  This was done to eliminate warnings generated by the Smatch
static analysis tool.

v2- Fix return values based community feedback

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
CC: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Josh Hay <joshua.a.hay@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
12 years agosfc: Make module parameters really boolean
Ben Hutchings [Wed, 28 Nov 2012 04:12:41 +0000 (04:12 +0000)]
sfc: Make module parameters really boolean

Most of the module parameters treated as boolean are currently exposed
as type int or uint.  Defining them with the proper type is useful
documentation for both users and developers.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Fix timekeeping in efx_mcdi_poll()
Ben Hutchings [Sat, 1 Dec 2012 02:21:17 +0000 (02:21 +0000)]
sfc: Fix timekeeping in efx_mcdi_poll()

efx_mcdi_poll() uses get_seconds() to read the current time and to
implement a polling timeout.  The use of this function was chosen
partly because it could easily be replaced in a co-sim environment
with a macro that read the simulated time.

Unfortunately the real get_seconds() returns the system time (real
time) which is subject to adjustment by e.g. ntpd.  If the system time
is adjusted forward during a polled MCDI operation, the effective
timeout can be shorter than the intended 10 seconds, resulting in a
spurious failure.  It is also possible for a backward adjustment to
delay detection of a areal failure.

Use jiffies instead, and change MCDI_RPC_TIMEOUT to be denominated in
jiffies.  Also correct rounding of the timeout: check time > finish
(or rather time_after(time, finish)) and not time >= finish.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: lock TX queues when calling netif_device_detach()
Daniel Pieczko [Wed, 17 Oct 2012 12:21:23 +0000 (13:21 +0100)]
sfc: lock TX queues when calling netif_device_detach()

The assertion of netif_device_present() at the top of
efx_hard_start_xmit() may fail if we don't do this.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Work-around flush timeout when flushes have completed
Daniel Pieczko [Tue, 2 Oct 2012 12:36:18 +0000 (13:36 +0100)]
sfc: Work-around flush timeout when flushes have completed

We sometimes hit a "failed to flush" timeout on some TX queues, but the
flushes have completed and the flush completion events seem to go missing.
In this case, we can check the TX_DESC_PTR_TBL register and drain the
queues if the flushes had finished.

[bwh: Minor fixes to coding style]
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Reset driver's MAC stats after MC reboot seen
Ben Hutchings [Mon, 1 Oct 2012 19:58:35 +0000 (20:58 +0100)]
sfc: Reset driver's MAC stats after MC reboot seen

If the MC reboots then the stats it reports to us will have been
reset.  We need to reset ours to get efx_update_diff_stat() working
properly.

(Ideally we would maintain stats across the reboot, but as this should
only happen immediately after a firmware upgrade it's not really worth
the trouble.)

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Do not initialise buffer in efx_alloc_special_buffer()
Ben Hutchings [Tue, 18 Sep 2012 23:31:18 +0000 (00:31 +0100)]
sfc: Do not initialise buffer in efx_alloc_special_buffer()

Currently we initialise the newly allocated buffer to all-1s, which is
important for event queues but not for descriptor queues.  And since
we also do that in efx_nic_init_eventq(), it is completely pointless
to do it here.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Correctly initialise reset_method in siena_test_chip()
Ben Hutchings [Sat, 1 Dec 2012 01:55:27 +0000 (01:55 +0000)]
sfc: Correctly initialise reset_method in siena_test_chip()

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Remove confusing MMIO functions
Ben Hutchings [Tue, 18 Sep 2012 00:56:50 +0000 (01:56 +0100)]
sfc: Remove confusing MMIO functions

efx_writed_table() uses a step of 16 bytes but efx_readd_table() uses
a step of 4 bytes.  Why are they different?

Firstly, register access is asymmetric:

- The EVQ_RPTR table and RX_INDIRECTION_TBL can (or must?) be written
  as dwords even though they have a step size of 16 bytes, unlike
  most other CSRs.
- In general, a read of any width is valid for registers, so long as
  it does not cross register boundaries.  There is also no latching
  behaviour in the BIU, contrary to rumour.

We write to the EVQ_RPTR table with efx_writed_table() but never read
it back as it's write-only.  We write to the RX_INDIRECTION_TBL with
efx_writed_table(), but only read it back for the register dump, where
we use efx_reado_table() as for any other table with step size of 16.

We read MC_TREG_SMEM with efx_readd_table() for the register dump, but
normally read and write it with efx_readd() and efx_writed() using
offsets calculated in bytes.

Since these functions are trivial and have few callers, it's clearer
to open-code them at the call sites.  While we're at it, update the
comments on the BIU behaviour again.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Fix check for failure of MC_CMD_FLUSH_RX_QUEUES
Ben Hutchings [Tue, 11 Sep 2012 17:25:13 +0000 (18:25 +0100)]
sfc: Fix check for failure of MC_CMD_FLUSH_RX_QUEUES

efx_mcdi_rpc_start() returns a negative value on error or zero on
success.  However one caller that can't properly handle failure then
does WARN_ON(rc > 0).  Change it to WARN_ON(rc < 0).

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Delete redundant page_addr variable from efx_init_rx_buffers_page()
Ben Hutchings [Thu, 6 Sep 2012 22:54:15 +0000 (23:54 +0100)]
sfc: Delete redundant page_addr variable from efx_init_rx_buffers_page()

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Really disable flow control while flushing
Ben Hutchings [Thu, 6 Sep 2012 15:52:31 +0000 (16:52 +0100)]
sfc: Really disable flow control while flushing

Receiving pause frames can block TX queue flushes.  Earlier changes
work around this by reconfiguring the MAC during flushes for VFs, but
during flushes for the PF we would only change the fc_disable counter.
Unless the MAC is reconfigured for some other reason during the flush
(which I would not expect to happen) this had no effect at all.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Fix byte order warning in self-test
Ben Hutchings [Thu, 6 Sep 2012 01:11:06 +0000 (02:11 +0100)]
sfc: Fix byte order warning in self-test

Add necessary cast when setting a bogus checksum.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agosfc: Fix byte order warnings for ethtool RX filter interface
Ben Hutchings [Thu, 6 Sep 2012 01:11:04 +0000 (02:11 +0100)]
sfc: Fix byte order warnings for ethtool RX filter interface

sparse has got a bit more picky since I last ran it over this.  Add
forced casts for use of ~0 as a big-endian value.  Undo the pointless
optimisation of parameter validation with '|'; using '||' avoids these
warnings.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
12 years agonet: move inet_dport/inet_num in sock_common
Eric Dumazet [Fri, 30 Nov 2012 09:49:27 +0000 (09:49 +0000)]
net: move inet_dport/inet_num in sock_common

commit 68835aba4d9b (net: optimize INET input path further)
moved some fields used for tcp/udp sockets lookup in the first cache
line of struct sock_common.

This patch moves inet_dport/inet_num as well, filling a 32bit hole
on 64 bit arches and reducing number of cache line misses in lookups.

Also change INET_MATCH()/INET_TW_MATCH() to perform the ports match
before addresses match, as this check is more discriminant.

Remove the hash check from MATCH() macros because we dont need to
re validate the hash value after taking a refcount on socket, and
use likely/unlikely compiler hints, as the sk_hash/hash check
makes the following conditional tests 100% predicted by cpu.

Introduce skc_addrpair/skc_portpair pair values to better
document the alignment requirements of the port/addr pairs
used in the various MATCH() macros, and remove some casts.

The namespace check can also be done at last.

This slightly improves TCP/UDP lookup times.

IP/TCP early demux needs inet->rx_dst_ifindex and
TCP needs inet->min_ttl, lets group them together in same cache line.

With help from Ben Hutchings & Joe Perches.

Idea of this patch came after Ling Ma proposal to move skc_hash
to the beginning of struct sock_common, and should allow him
to submit a final version of his patch. My tests show an improvement
doing so.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Cc: Joe Perches <joe@perches.com>
Cc: Ling Ma <ling.ma.program@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agohyperv: Add an error message to rndis_filter_set_device_mac()
Haiyang Zhang [Fri, 30 Nov 2012 09:23:41 +0000 (09:23 +0000)]
hyperv: Add an error message to rndis_filter_set_device_mac()

This message indicates an error returned from the host when changing MAC address.

Reported-by: Michal Kubecek <mkubecek@suse.com>
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomyri10ge: Add vlan rx for better GRO perf.
Andrew Gallatin [Fri, 30 Nov 2012 08:31:59 +0000 (08:31 +0000)]
myri10ge: Add vlan rx for better GRO perf.

Unlike LRO, GRO requires that vlan tags be removed before
aggregation can occur.  Since the myri10ge NIC does not support
hardware vlan tag offload, we must remove the tag in the driver
to achieve performance comparable to LRO for vlan tagged frames.

Thanks to Eric Duzamet for his help simplifying the original patch.

Signed-off-by: Andrew Gallatin <gallatin@myri.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomyri10ge: Convert from LRO to GRO
Andrew Gallatin [Fri, 30 Nov 2012 08:31:58 +0000 (08:31 +0000)]
myri10ge: Convert from LRO to GRO

Convert myri10ge from LRO to GRO, and simplify the driver by removing
various LRO-related code which is no longer needed including
ndo_fix_features op, custom skb building from frags, and LRO
header parsing.

Signed-off-by: Andrew Gallatin <gallatin@myri.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMAINTAINERS: fix bouncing tun/tap entries
Jiri Slaby [Fri, 30 Nov 2012 07:05:40 +0000 (07:05 +0000)]
MAINTAINERS: fix bouncing tun/tap entries

Delivery to the following recipient failed permanently:

     vtun@office.satix.net

Technical details of permanent failure:
DNS Error: Domain name not found

Of course:
$ host office.satix.net
Host office.satix.net not found: 3(NXDOMAIN)

===========

And "Change of Email Address Notification":
Old Address        New Address           Email Subject
------------------------------------------------------
maxk@qualcomm.com  maxk@qti.qualcomm.com "tuntap: multiqueue...

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Maxim Krasnyansky <maxk@qti.qualcomm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc95xx: expand check_ macros
Steve Glendinning [Fri, 30 Nov 2012 05:55:52 +0000 (05:55 +0000)]
smsc95xx: expand check_ macros

These macros, while reducing the amount of code, hide flow control
and make the code more confusing to follow and review.  This patch
expands them.  It should have no functional effect on the driver.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc95xx: fix smsc_crc return type
Steve Glendinning [Fri, 30 Nov 2012 05:55:51 +0000 (05:55 +0000)]
smsc95xx: fix smsc_crc return type

This patch fixes a bug introduced in bbd9f9e which could prevent
some wakeups from working correctly if multiple wol options were
selected.

This helper function calculates a 16-bit crc and shifts it into
either the high or low 16 bits of a u32 so the caller can or it
directly into place.  The function previously had a u16 return
type so would always have returned zero when filter was odd.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Reported-by: Bjorn Mork <bjorn@mork.no>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc95xx: don't enable remote wakeup directly
Steve Glendinning [Fri, 30 Nov 2012 05:55:50 +0000 (05:55 +0000)]
smsc95xx: don't enable remote wakeup directly

As pointed out by Bjorn Mork, the generic "usb" driver sets this
for us so no need to directly set it in this driver.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Cc: Bjorn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc95xx: fix error handling in suspend failure case
Steve Glendinning [Fri, 30 Nov 2012 05:55:49 +0000 (05:55 +0000)]
smsc95xx: fix error handling in suspend failure case

This patch ensures that if we fail to suspend the LAN9500 device
we call usbnet_resume before returning failure, instead of
leaving the usbnet driver in an unusable state.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc95xx: fix suspend buffer overflow
Steve Glendinning [Fri, 30 Nov 2012 05:55:48 +0000 (05:55 +0000)]
smsc95xx: fix suspend buffer overflow

This patch fixes a buffer overflow introduced by bbd9f9e, where
the filter_mask array is accessed beyond its bounds.

Updated to also add a check for kzalloc failure, as reported by
Bjorn Mork and Joe Perches.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Cc: Bjorn Mork <bjorn@mork.no>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc75xx: expand check_ macros
Steve Glendinning [Fri, 30 Nov 2012 04:52:44 +0000 (04:52 +0000)]
smsc75xx: expand check_ macros

These macros, while reducing the amount of code, hide flow control
and make the code more confusing to follow and review.  This patch
expands them.  It should have no functional effect on the driver.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosmsc75xx: don't call usbnet_resume if usbnet_suspend fails
Steve Glendinning [Fri, 30 Nov 2012 04:52:43 +0000 (04:52 +0000)]
smsc75xx: don't call usbnet_resume if usbnet_suspend fails

If usbnet_suspend returns an error we don't want to call
usbnet_resume to clean up, but instead just return the error.

If usbnet_suspend *does* succeed, and we have a problem further
on, the desired behaviour is still to call usbnet_resume
to clean up before returning.

Signed-off-by: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosctp: verify length provided in heartbeat information parameter
Thomas Graf [Fri, 30 Nov 2012 02:16:27 +0000 (02:16 +0000)]
sctp: verify length provided in heartbeat information parameter

If the variable parameter length provided in the mandatory
heartbeat information parameter exceeds the calculated payload
length the packet has been corrupted. Reply with a parameter
length protocol violation message.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agortnelink: remove unused parameter from rtnl_create_link().
Rami Rosen [Fri, 30 Nov 2012 01:08:47 +0000 (01:08 +0000)]
rtnelink: remove unused parameter from rtnl_create_link().

This patch removes an unused parameter (src_net) from rtnl_create_link()
method and from the method single invocation, in veth.
This parameter was used in the past when calling
ops->get_tx_queues(src_net, tb) in rtnl_create_link().
The get_tx_queues() member of rtnl_link_ops was replaced by two methods,
get_num_tx_queues() and get_num_rx_queues(), which do not get any
parameter. This was done in commit d40156aa5ecbd51fed932ed4813df82b56e5ff4d by
Jiri Pirko ("rtnl: allow to specify different num for rx and tx queue count").

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Fri, 30 Nov 2012 17:22:04 +0000 (12:22 -0500)]
Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge

Included changes:
- Use the new ETH_P_BATMAN define instead of the private BATADV_ETH_P_BATMAN

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosctp: fix CONFIG_SCTP_DBG_MSG=y null pointer dereference in sctp_v6_get_dst()
Tommi Rantala [Thu, 29 Nov 2012 23:17:42 +0000 (23:17 +0000)]
sctp: fix CONFIG_SCTP_DBG_MSG=y null pointer dereference in sctp_v6_get_dst()

Trinity (the syscall fuzzer) triggered the following BUG, reproducible
only when the kernel is configured with CONFIG_SCTP_DBG_MSG=y.

When CONFIG_SCTP_DBG_MSG is not set, the null pointer is never
dereferenced.

---[ end trace a4de0bfcb38a3642 ]---
BUG: unable to handle kernel NULL pointer dereference at 0000000000000100
IP: [<ffffffff8136796e>] ip6_string+0x1e/0xa0
PGD 4eead067 PUD 4e472067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in:
CPU 3
Pid: 21324, comm: trinity-child11 Tainted: G        W    3.7.0-rc7+ #61 ASUSTeK Computer INC. EB1012/EB1012
RIP: 0010:[<ffffffff8136796e>]  [<ffffffff8136796e>] ip6_string+0x1e/0xa0
RSP: 0018:ffff88004e4637a0  EFLAGS: 00010046
RAX: ffff88004e4637da RBX: ffff88004e4637da RCX: 0000000000000000
RDX: ffffffff8246e92a RSI: 0000000000000100 RDI: ffff88004e4637da
RBP: ffff88004e4637a8 R08: 000000000000ffff R09: 000000000000ffff
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8289d600
R13: ffffffff8289d230 R14: ffffffff8246e928 R15: ffffffff8289d600
FS:  00007fed95153700(0000) GS:ffff88005fd80000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000100 CR3: 000000004eeac000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process trinity-child11 (pid: 21324, threadinfo ffff88004e462000, task ffff8800524b0000)
Stack:
 ffff88004e4637da ffff88004e463828 ffffffff81368eee 000000004e4637d8
 ffffffff0000ffff ffff88000000ffff 0000000000000000 000000004e4637f8
 ffffffff826285d8 ffff88004e4637f8 0000000000000000 ffff8800524b06b0
Call Trace:
 [<ffffffff81368eee>] ip6_addr_string.isra.11+0x3e/0xa0
 [<ffffffff81369183>] pointer.isra.12+0x233/0x2d0
 [<ffffffff810a413a>] ? vprintk_emit+0x1ba/0x450
 [<ffffffff8110953d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
 [<ffffffff81369757>] vsnprintf+0x187/0x5d0
 [<ffffffff81369c62>] vscnprintf+0x12/0x30
 [<ffffffff810a4028>] vprintk_emit+0xa8/0x450
 [<ffffffff81e5cb00>] printk+0x49/0x4b
 [<ffffffff81d17221>] sctp_v6_get_dst+0x731/0x780
 [<ffffffff81d16e15>] ? sctp_v6_get_dst+0x325/0x780
 [<ffffffff81d00a96>] sctp_transport_route+0x46/0x120
 [<ffffffff81cff0f1>] sctp_assoc_add_peer+0x161/0x350
 [<ffffffff81d0fd8d>] sctp_sendmsg+0x6cd/0xcb0
 [<ffffffff81b55bf0>] ? inet_create+0x670/0x670
 [<ffffffff81b55cfb>] inet_sendmsg+0x10b/0x220
 [<ffffffff81b55bf0>] ? inet_create+0x670/0x670
 [<ffffffff81a72a64>] ? sock_update_classid+0xa4/0x2b0
 [<ffffffff81a72ab0>] ? sock_update_classid+0xf0/0x2b0
 [<ffffffff81a6ac1c>] sock_sendmsg+0xdc/0xf0
 [<ffffffff8118e9e5>] ? might_fault+0x85/0x90
 [<ffffffff8118e99c>] ? might_fault+0x3c/0x90
 [<ffffffff81a6e12a>] sys_sendto+0xfa/0x130
 [<ffffffff810a9887>] ? do_setitimer+0x197/0x380
 [<ffffffff81e960d5>] ? sysret_check+0x22/0x5d
 [<ffffffff81e960a9>] system_call_fastpath+0x16/0x1b
Code: 01 eb 89 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 f8 31 c9 48 89 e5 53 eb 12 0f 1f 40 00 48 83 c1 01 48 83 c0 04 48 83 f9 08 74 70 <0f> b6 3c 4e 89 fb 83 e7 0f c0 eb 04 41 89 d8 41 83 e0 0f 0f b6
RIP  [<ffffffff8136796e>] ip6_string+0x1e/0xa0
 RSP <ffff88004e4637a0>
CR2: 0000000000000100
---[ end trace a4de0bfcb38a3643 ]---

Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomac802154: use kfree_skb() instead of dev_kfree_skb()
Alan Ott [Thu, 29 Nov 2012 18:25:11 +0000 (18:25 +0000)]
mac802154: use kfree_skb() instead of dev_kfree_skb()

kfree_skb() indicates failure, which is where this is being used.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomac802154: fix memory leaks
Alan Ott [Thu, 29 Nov 2012 18:25:10 +0000 (18:25 +0000)]
mac802154: fix memory leaks

kfree_skb() was not getting called in the case of some failures.
This was pointed out by Eric Dumazet.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years ago6lowpan: consider checksum bytes in fragmentation threshold
Alan Ott [Thu, 29 Nov 2012 15:55:44 +0000 (15:55 +0000)]
6lowpan: consider checksum bytes in fragmentation threshold

Change the threshold for framentation of a lowpan packet from
using the MTU size to now use the MTU size minus the checksum length,
which is added by the hardware. For IEEE 802.15.4, this effectively
changes it from 127 bytes to 125 bytes.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'for-davem' of git://gitorious.org/linux-can/linux-can-next
David S. Miller [Fri, 30 Nov 2012 17:12:05 +0000 (12:12 -0500)]
Merge branch 'for-davem' of git://gitorious.org/linux-can/linux-can-next

Marc Kleine-Budde says:

====================
this pull request is for net-next/master. There is a patch by Alexander
Stein fixing a reference counter problem which can make driver
unloading impossible (stable Cc'ed). And several patches by me which
remove an obsolete mechanism from several drivers, which is already
handled at the infrastructure level.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomISDN: improve bitops usage
Akinobu Mita [Thu, 29 Nov 2012 01:27:45 +0000 (01:27 +0000)]
mISDN: improve bitops usage

This improves bitops usages in several points:

- Convert u64 to a proper bitmap declaration.  This enables to remove
  superfluous typecasting from 'u64' to 'unsigned long *'.

- Convert superfluous atomic bitops to non atomic bitops.  The bitmap
  is allocated on the stack and it is not accessed by any other threads,
  so using atomic bitops is not necessary.

- Use find_next_zero_bit and find_next_zero_bit instead of calling
  test_bit() for each bit.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years ago8021q: fix vlan device to inherit the unicast filtering capability flag
Yi Zou [Wed, 28 Nov 2012 13:45:24 +0000 (13:45 +0000)]
8021q: fix vlan device to inherit the unicast filtering capability flag

This bug is observed on running FCoE over a VLAN device associated w/
a real device that has IFF_UNICAST_FLT set since FCoE would add unicast
address such as FLOGI MAC to the VLAN interface that FCoE is on. Since
currently, VLAN device is not inheriting the IFF_UNICAST_FLT flag from the
parent real device even though the real device is capable of doing unicast
filtering. This forces the VLAN device and its real device go to promiscuous
mode unnecessarily even the added address is actually being added to the
available unicast filter table in real device.

Signed-off-by: Yi Zou <yi.zou@intel.com>
Cc: devel@open-fcoe.org
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobonding: delete migrated IP addresses from the rlb hash table
Jiri Bohac [Wed, 28 Nov 2012 04:42:14 +0000 (04:42 +0000)]
bonding: delete migrated IP addresses from the rlb hash table

Bonding in balance-alb mode records information from ARP packets
passing through the bond in a hash table (rx_hashtbl).

At certain situations (e.g. link change of a slave),
rlb_update_rx_clients() will send out ARP packets to update ARP
caches of other hosts on the network to achieve RX load
balancing.

The problem is that once an IP address is recorded in the hash
table, it stays there indefinitely. If this IP address is
migrated to a different host in the network, bonding still sends
out ARP packets that poison other systems' ARP caches with
invalid information.

This patch solves this by looking at all incoming ARP packets,
and checking if the source IP address is one of the source
addresses stored in the rx_hashtbl. If it is, but the MAC
addresses differ, the corresponding hash table entries are
removed. Thus, when an IP address is migrated, the first ARP
broadcast by its new owner will purge the offending entries of
rx_hashtbl.

The hash table is hashed by ip_dst. To be able to do the above
check efficiently (not walking the whole hash table), we need a
reverse mapping (by ip_src).

I added three new members in struct rlb_client_info:
   rx_hashtbl[x].src_first will point to the start of a list of
      entries for which hash(ip_src) == x.
   The list is linked with src_next and src_prev.

When an incoming ARP packet arrives at rlb_arp_recv()
rlb_purge_src_ip() can quickly walk only the entries on the
corresponding lists, i.e. the entries that are likely to contain
the offending IP address.

To avoid confusion, I renamed these existing fields of struct
rlb_client_info:
next -> used_next
prev -> used_prev
rx_hashtbl_head -> rx_hashtbl_used_head

(The current linked list is _not_ a list of hash table
entries with colliding ip_dst. It's a list of entries that are
being used; its purpose is to avoid walking the whole hash table
when looking for used entries.)

Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobonding: rlb mode of bond should not alter ARP originating via bridge
zheng.li [Tue, 27 Nov 2012 23:57:04 +0000 (23:57 +0000)]
bonding: rlb mode of bond should not alter ARP originating via bridge

Do not modify or load balance ARP packets passing through balance-alb
mode (wherein the ARP did not originate locally, and arrived via a bridge).

Modifying pass-through ARP replies causes an incorrect MAC address
to be placed into the ARP packet, rendering peers unable to communicate
with the actual destination from which the ARP reply originated.

Load balancing pass-through ARP requests causes an entry to be
created for the peer in the rlb table, and bond_alb_monitor will
occasionally issue ARP updates to all peers in the table instrucing them
as to which MAC address they should communicate with; this occurs when
some event sets rx_ntt.  In the bridged case, however, the MAC address
used for the update would be the MAC of the slave, not the actual source
MAC of the originating destination.  This would render peers unable to
communicate with the destinations beyond the bridge.

Signed-off-by: Zheng Li <zheng.x.li@oracle.com>
Cc: Jay Vosburgh <fubar@us.ibm.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch
David S. Miller [Fri, 30 Nov 2012 17:01:30 +0000 (12:01 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/jesse/openvswitch

Conflicts:
net/ipv6/exthdrs_core.c

Jesse Gross says:

====================
This series of improvements for 3.8/net-next contains four components:
 * Support for modifying IPv6 headers
 * Support for matching and setting skb->mark for better integration with
   things like iptables
 * Ability to recognize the EtherType for RARP packets
 * Two small performance enhancements

The movement of ipv6_find_hdr() into exthdrs_core.c causes two small merge
conflicts.  I left it as is but can do the merge if you want.  The conflicts
are:
 * ipv6_find_hdr() and ipv6_find_tlv() were both moved to the bottom of
   exthdrs_core.c.  Both should stay.
 * A new use of ipv6_find_hdr() was added to net/netfilter/ipvs/ip_vs_core.c
   after this patch.  The IPVS user has two instances of the old constant
   name IP6T_FH_F_FRAG which has been renamed to IP6_FH_F_FRAG.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agopppoatm: do not inline pppoatm_may_send()
Krzysztof Mazur [Tue, 6 Nov 2012 22:17:02 +0000 (23:17 +0100)]
pppoatm: do not inline pppoatm_may_send()

The pppoatm_may_send() is quite heavy and it's called three times
in pppoatm_send() and inlining costs more than 200 bytes of code
(more than 10% of total pppoatm driver code size).

add/remove: 1/0 grow/shrink: 0/1 up/down: 132/-367 (-235)
function                                     old     new   delta
pppoatm_may_send                               -     132    +132
pppoatm_send                                 900     533    -367

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agopppoatm: drop frames to not-ready vcc
Krzysztof Mazur [Sat, 10 Nov 2012 22:33:19 +0000 (23:33 +0100)]
pppoatm: drop frames to not-ready vcc

The vcc_destroy_socket() closes vcc before the protocol is detached
from vcc by calling vcc->push() with NULL skb. This leaves some time
window, where the protocol may call vcc->send() on closed vcc
and crash.

Now pppoatm_send(), like vcc_sendmsg(), checks for vcc flags that
indicate that vcc is not ready. If the vcc is not ready we just
drop frame. Queueing frames is much more complicated because we
don't have callbacks that inform us about vcc flags changes.

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
12 years agobatman-adv: use ETH_P_BATMAN
Antonio Quartulli [Sun, 25 Nov 2012 23:38:50 +0000 (00:38 +0100)]
batman-adv: use ETH_P_BATMAN

The ETH_P_BATMAN ethertype is now defined kernel-wide. Use it instead
of the private BATADV_ETH_P_BATMAN define.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
12 years agocore: make GRO methods static.
Rami Rosen [Wed, 28 Nov 2012 21:55:25 +0000 (21:55 +0000)]
core: make GRO methods static.

This patch changes three methods to be static and removes their
EXPORT_SYMBOLs in core/dev.c and their external declaration in
netdevice.h. The methods, dev_gro_receive(), napi_frags_finish() and
napi_skb_finish(), which are in the GRO rx path, are not used
outside core/dev.c.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agodoc: make the description of how tcp_ecn works more explicit and clear
Rick Jones [Wed, 28 Nov 2012 09:53:10 +0000 (09:53 +0000)]
doc: make the description of how tcp_ecn works more explicit and clear

Make the description of how tcp_ecn works a bit more explicit and clear.

Signed-off-by: Rick Jones <rick.jones2@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Thu, 29 Nov 2012 17:51:17 +0000 (12:51 -0500)]
Merge git://git./linux/kernel/git/davem/net

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agocan: pcan_usb_core: remove obsolete variable open_time
Marc Kleine-Budde [Fri, 20 Jul 2012 20:30:40 +0000 (22:30 +0200)]
can: pcan_usb_core: remove obsolete variable open_time

The variable open_time in the struct peak_usb_device was used to protect
peak_usb_set_mode() only to be called, if the interface is up. Now the CAN
device infrastructure takes care of this.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocan: esd_usb2: remove obsolete variable open_time
Marc Kleine-Budde [Fri, 20 Jul 2012 20:30:40 +0000 (22:30 +0200)]
can: esd_usb2: remove obsolete variable open_time

The variable open_time in the struct esd_usb2_net_priv was used to protect
esd_usb2_set_mode() only to be called, if the interface is up. Now the CAN
device infrastructure takes care of this.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocan: ems_usb: remove obsolete variable open_time
Marc Kleine-Budde [Fri, 20 Jul 2012 20:30:40 +0000 (22:30 +0200)]
can: ems_usb: remove obsolete variable open_time

The variable open_time in the struct ems_usb was used to protect
ems_usb_set_mode() only to be called, if the interface is up. Now the CAN
device infrastructure takes care of this.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
12 years agocan: sja1000: remove obsolete variable open_time
Marc Kleine-Budde [Fri, 20 Jul 2012 20:30:40 +0000 (22:30 +0200)]
can: sja1000: remove obsolete variable open_time

The variable open_time in the struct sja1000_priv was used to protect
sja1000_set_mode() only to be called, if the interface is up. Now the CAN
device infrastructure takes care of this.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>