Bjørn Mork [Fri, 25 Jan 2013 23:36:59 +0000 (23:36 +0000)]
net: cdc_ncm: use IAD provided by the USB core
commit 9992c2e (net: cdc_ncm: workaround for missing CDC Union)
added code to lookup an IAD for the interface we are probing.
This is redundant. The USB core has already done the lookup
and saved the result in the USB interface struct. Use that
instead.
Cc: Greg Suarez <gsuarez@smithmicro.com> Cc: Alexey Orishko <alexey.orishko@stericsson.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 28 Jan 2013 00:10:36 +0000 (19:10 -0500)]
Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge
Included changes ares:
- fix an skb memleak in DAT
- fix the ARP filtering routine in DAT by preventing bogus entries to overwrite
already existing ones in the local cache.
- fix the ARP filtering routine in DAT by preventing it to parse and add to the
cache bogus entries
Signed-off-by: David S. Miller <davem@davemloft.net>
batman-adv: filter ARP packets with invalid MAC addresses in DAT
We never want multicast MAC addresses in the Distributed ARP Table, so it's
best to completely ignore ARP packets containing them where we expect unicast
addresses.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
batman-adv: check for more types of invalid IP addresses in DAT
There are more types of IP addresses that may appear in ARP packets that we
don't want to process. While some of these should never appear in sane ARP
packets, a 0.0.0.0 source is used for duplicate address detection and thus seen
quite often.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
freed when it returns true; fix this by calling kfree_skb before returning as
it is done in batadv_dat_snoop_incoming_arp_request().
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
David S. Miller [Sun, 27 Jan 2013 06:37:22 +0000 (01:37 -0500)]
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:
====================
This is a batch of fixes intende for the 3.8 stream.
Regarding the iwlwifi bits, Johannes says this:
"Please pull to get a single fix from Emmanuel for a bug I introduced due
to misunderstanding the code."
Regarding the mac80211 bits, Johannes says this:
"I have a few small fixes for you:
* some mesh frames would cause encryption warnings -- fixes from Bob
* scanning would pretty much break an association if we transmitted
anything to the AP while scanning -- fix from Stanislaw
* mode injection was broken by channel contexts -- fix from Felix
* FT roaming was broken: hardware crypto would get disabled by it"
Along with that, a handful of other fixes confined to specific drivers.
Avinash Patil fixes a typo in a NULL check in mwifiex.
Larry Finger fixes a build warning in rtlwifi. Seems safe...
Stanislaw Gruszka fixes iwlegacy to prevent microcode errors when
switching from IBSS mode to STA mode.
Felix Fietkau provides a trio of ath9k fixes related to proper tuning.
Please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Fri, 25 Jan 2013 07:44:41 +0000 (07:44 +0000)]
net: loopback: fix a dst refcounting issue
Ben Greear reported crashes in ip_rcv_finish() on a stress
test involving many macvlans.
We tracked the bug to a dst use after free. ip_rcv_finish()
was calling dst->input() and got garbage for dst->input value.
It appears the bug is in loopback driver, lacking
a skb_dst_force() before calling netif_rx().
As a result, a non refcounted dst, normally protected by a
RCU read_lock section, was escaping this section and could
be freed before the packet being processed.
This bug was introduced in linux-2.6.35, in commit 7fee226ad2397b (net: add a noref bit on skb dst)
skb_dst_force() is enforced in dev_queue_xmit() for devices having a
qdisc.
Reported-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wanlong Gao [Thu, 24 Jan 2013 23:51:31 +0000 (23:51 +0000)]
virtio-net: reset virtqueue affinity when doing cpu hotplug
Add a cpu notifier to virtio-net, so that we can reset the
virtqueue affinity if the cpu hotplug happens. It improve
the performance through enabling or disabling the virtqueue
affinity after doing cpu hotplug.
Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wanlong Gao [Thu, 24 Jan 2013 23:51:30 +0000 (23:51 +0000)]
virtio-net: split out clean affinity function
Split out the clean affinity function to virtnet_clean_affinity().
Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wanlong Gao [Thu, 24 Jan 2013 23:51:29 +0000 (23:51 +0000)]
virtio-net: fix the set affinity bug when CPU IDs are not consecutive
As Michael mentioned, set affinity and select queue will not work very
well when CPU IDs are not consecutive, this can happen with hot unplug.
Fix this bug by traversal the online CPUs, and create a per cpu variable
to find the mapping from CPU to the preferable virtual-queue.
Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Timo Teräs [Mon, 21 Jan 2013 22:30:35 +0000 (22:30 +0000)]
r8169: remove the obsolete and incorrect AMD workaround
This was introduced in commit 6dccd16 "r8169: merge with version
6.001.00 of Realtek's r8169 driver". I did not find the version
6.001.00 online, but in 6.002.00 or any later r8169 from Realtek
this hunk is no longer present.
Also commit 05af214 "r8169: fix Ethernet Hangup for RTL8110SC
rev d" claims to have fixed this issue otherwise.
The magic compare mask of 0xfffe000 is dubious as it masks
parts of the Reserved part, and parts of the VLAN tag. But this
does not make much sense as the VLAN tag parts are perfectly
valid there. In matter of fact this seems to be triggered with
any VLAN tagged packet as RxVlanTag bit is matched. I would
suspect 0xfffe0000 was intended to test reserved part only.
Finally, this hunk is evil as it can cause more packets to be
handled than what was NAPI quota causing net/core/dev.c:
net_rx_action(): WARN_ON_ONCE(work > weight) to trigger, and
mess up the NAPI state causing device to hang.
As result, any system using VLANs and having high receive
traffic (so that NAPI poll budget limits rtl_rx) would result
in device hang.
Signed-off-by: Timo Teräs <timo.teras@iki.fi> Acked-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Wed, 23 Jan 2013 03:59:13 +0000 (03:59 +0000)]
tuntap: limit the number of flow caches
We create new flow caches when a new flow is identified by tuntap, This may lead
some issues:
- userspace may produce a huge amount of short live flows to exhaust host memory
- the unlimited number of flow caches may produce a long list which increase the
time in the linear searching
Solve this by introducing a limit of total number of flow caches.
Cc: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Wed, 23 Jan 2013 03:59:12 +0000 (03:59 +0000)]
tuntap: reduce memory using of queues
A MAX_TAP_QUEUES(1024) queues of tuntap device is always allocated
unconditionally even userspace only requires a single queue device. This is
unnecessary and will lead a very high order of page allocation when has a high
possibility to fail. Solving this by creating a one queue net device when
userspace only use one queue and also reduce MAX_TAP_QUEUES to
DEFAULT_MAX_NUM_RSS_QUEUES which can guarantee the success of
the allocation.
Reported-by: Dirk Hohndel <dirk@hohndel.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Wed, 23 Jan 2013 00:57:02 +0000 (00:57 +0000)]
net: cdc_mbim: send ZLP only for the specific buggy device
Reverting 328d7b8 and instead adding an exception for the
Sierra Wireless MC7710.
commit 328d7b8 (net: cdc_mbim: send ZLP after max sized NTBs)
added a workaround for an issue observed on one specific device.
Concerns were raised that this workaround adds a performance
penalty to all devices based on questionable, if not buggy,
behaviour of a single device:
"If you add ZLP for NTBs of dwNtbOutMaxSize, you are heavily affecting CPU
load, increasing interrupt load by factor of 2 in high load traffic
scenario and possibly decreasing throughput for all other devices
which behaves correctly."
"The idea of NCM was to avoid extra ZLPs. If your transfer is exactly
dwNtbOutMaxSize, it's known, you can submit such request on the receiver
side and you do not need any EOT indicatation, so the frametime can be
used for useful data."
Adding a device specific exception to prevent the workaround from
affecting well behaved devices.
The assumption here is that needing a ZLP is truly an *exception*.
We do not yet have enough data to verify this. The generic
workaround in commit 328d7b8 should be considered acceptable despite
the performance penalty if the exception list becomes a maintainance
hassle.
Cc: Alexey ORISHKO <alexey.orishko@stericsson.com> Cc: Yauheni Kaliuta <y.kaliuta@gmail.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
Larry Finger [Sat, 19 Jan 2013 18:36:49 +0000 (12:36 -0600)]
rtlwifi: Fix build warning introduced by commit a290593
The kbuild test robot reports the following warning with x86_64-randconfig-x955:
warning: (RTL8192CE && RTL8192SE && RTL8192DE && RTL8723AE && RTL8192CU) selects
RTLWIFI which has unmet direct dependencies (NETDEVICES && WLAN &&
(RTL8192CE || RTL8192CU || RTL8192SE || RTL8192DE))
This warning was introduced in commit a290593, "rtlwifi: Modify files for addition
of rtl8723ae", and is d ue to a missing dependence of RTLWIFI on RTL8723AE.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: kbuild test robot <fengguang.wu@intel.com> Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reported-by: Jaroslav Skarvada <jskarvad@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Steffen Klassert [Tue, 22 Jan 2013 00:01:28 +0000 (00:01 +0000)]
ipv4: Fix route refcount on pmtu discovery
git commit 9cb3a50c (ipv4: Invalidate the socket cached route on
pmtu events if possible) introduced a refcount problem. We don't
get a refcount on the route if we get it from__sk_dst_get(), but
we need one if we want to reuse this route because __sk_dst_set()
releases the refcount of the old route. This patch adds proper
refcount handling for that case. We introduce a 'new' flag to
indicate that we are going to use a new route and we release the
old route only if we replace it by a new one.
Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 22 Jan 2013 19:20:28 +0000 (14:20 -0500)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
1) The transport header did not point to the right place after
esp/ah processing on tunnel mode in the receive path. As a
result, the ECN field of the inner header was not set correctly,
fixes from Li RongQing.
2) We did a null check too late in one of the xfrm_replay advance
functions. This can lead to a division by zero, fix from
Nickolai Zeldovich.
3) The size calculation of the hash table missed the muiltplication
with the actual struct size when the hash table is freed.
We might call the wrong free function, fix from Michal Kubecek.
4) On IPsec pmtu events we can't access the transport headers of
the original packet, so force a relookup for all routes
to notify about the pmtu event.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Wagner [Mon, 21 Jan 2013 21:09:00 +0000 (21:09 +0000)]
net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly
Commit 6a328d8c6f03501657ad580f6f98bf9a42583ff7 changed the update
logic for the socket but it does not update the SCM_RIGHTS update
as well. This patch is based on the net_prio fix commit
net: netprio: fd passed in SCM_RIGHTS datagram not set correctly
A socket fd passed in a SCM_RIGHTS datagram was not getting
updated with the new tasks cgrp prioidx. This leaves IO on
the socket tagged with the old tasks priority.
To fix this add a check in the scm recvmsg path to update the
sock cgrp prioidx with the new tasks value.
Let's apply the same fix for net_cls.
Signed-off-by: Daniel Wagner <daniel.wagner@bmw-carit.de> Reported-by: Li Zefan <lizefan@huawei.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Fastabend <john.r.fastabend@intel.com> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: netdev@vger.kernel.org Cc: cgroups@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Tue, 22 Jan 2013 06:33:05 +0000 (06:33 +0000)]
netxen: fix off by one bug in netxen_release_tx_buffer()
Christoph Paasch found netxen could trigger a BUG in its dismantle
phase, in netxen_release_tx_buffer(), using full size TSO packets.
cmd_buf->frag_count includes the skb->data part, so the loop must
start at index 1 instead of 0, or else we can make an out
of bound access to cmd_buff->frag_array[MAX_SKB_FRAGS + 2]
Christoph provided the fixes in netxen_map_tx_skb() function.
In case of a dma mapping error, its better to clear the dma fields
so that we don't try to unmap them again in netxen_release_tx_buffer()
Reported-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Christoph Paasch <christoph.paasch@uclouvain.be> Cc: Sony Chacko <sony.chacko@qlogic.com> Cc: Rajesh Borundia <rajesh.borundia@qlogic.com> Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
Tilman Schmidt [Mon, 21 Jan 2013 11:57:21 +0000 (11:57 +0000)]
isdn/gigaset: fix zero size border case in debug dump
If subtracting 12 from l leaves zero we'd do a zero size allocation,
leading to an oops later when we try to set the NUL terminator.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>
Wei Shuai [Mon, 21 Jan 2013 06:00:32 +0000 (06:00 +0000)]
cdc_ncm: add support FLAG_NOARP for Infineon modem platform
Infineon(now Intel) HSPA Modem platform NCM cannot support ARP.
we can define a new common structure wwan_noarp_info.
Then more similiar NO ARP devices can be handled easily
Signed-off-by: Wei Shuai <cpuwolf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wei Shuai [Mon, 21 Jan 2013 06:00:31 +0000 (06:00 +0000)]
usbnet: add new flag FLAG_NOARP for usb net devices
We do have some USB net devices, which cannot do ARP.
so we can introduce a new flag FLAG_NOARP, then client drivers
can easily handle this kind of devices
Signed-off-by: Wei Shuai <cpuwolf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 21 Jan 2013 19:22:17 +0000 (14:22 -0500)]
Merge branch 'usb_cdc_fixes'
Bjørn Mork says:
====================
The 2 first patches in this series are required to make the Sierra
Wireless MC7710 card work in MBIM mode. They may also be
required for other Qualcomm firmware based MBIM devices.
Patch #1 was previously posted as a standalone patch. This version
is a replacement, removing a theoretical NULL pointer exception.
Patch #3 fixes a bug I introduced in v3.7
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Mon, 21 Jan 2013 05:50:40 +0000 (05:50 +0000)]
net: cdc_ncm: fix error path for single interface probing
commit bbc8d92 (net: cdc_ncm: add Huawei devices) implemented
support for devices with a single combined control and data
interface. Fix up the error path so that we do not double
release such interfaces in case of probing failures.
Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Mon, 21 Jan 2013 05:50:39 +0000 (05:50 +0000)]
net: cdc_mbim: send ZLP after max sized NTBs
We normally avoid sending ZLPs by padding NTBs with a zero byte
if the NTB is shorter than dwNtbOutMaxSize, resulting in a short
USB packet instead of a ZLP. But in the case where the NTB length
is exactly dwNtbOutMaxSize and this is an exact multiplum of
wMaxPacketSize, then we must send a ZLP.
This fixes an issue seen on a Sierra Wireless MC7710 device
where the transmission would fail whenever we ended up padding
the NTBs to max size.
Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Mon, 21 Jan 2013 05:50:38 +0000 (05:50 +0000)]
net: cdc_ncm: workaround for missing CDC Union
Adding support for the MBIM mode in some Sierra Wireless devices.
Some Sierra Wireless firmwares support CDC MBIM but have no CDC
Union funtional descriptor. This violates the MBIM specification,
but we can easily work around the bug by looking at the Interface
Association Descriptor instead. This is most likely what
Windows uses too, which explains how the firmware bug has gone
unnoticed until now.
This change will not affect any currently supported device
conforming to the NCM or MBIM specifications, as they must have
the CDC Union descriptor.
Cc: Greg Suarez <gsuarez@smithmicro.com> Cc: Alexey Orishko <alexey.orishko@stericsson.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 21 Jan 2013 02:00:03 +0000 (02:00 +0000)]
ipv4: Add a socket release callback for datagram sockets
This implements a socket release callback function to check
if the socket cached route got invalid during the time
we owned the socket. The function is used from udp, raw
and ping sockets.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Mon, 21 Jan 2013 01:59:11 +0000 (01:59 +0000)]
ipv4: Invalidate the socket cached route on pmtu events if possible
The route lookup in ipv4_sk_update_pmtu() might return a route
different from the route we cached at the socket. This is because
standart routes are per cpu, so each cpu has it's own struct rtable.
This means that we do not invalidate the socket cached route if the
NET_RX_SOFTIRQ is not served by the same cpu that the sending socket
uses. As a result, the cached route reused until we disconnect.
With this patch we invalidate the socket cached route if possible.
If the socket is owened by the user, we can't update the cached
route directly. A followup patch will implement socket release
callback functions for datagram sockets to handle this case.
Reported-by: Yurij M. Plotnikov <Yurij.Plotnikov@oktetlabs.ru> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Tue, 15 Jan 2013 12:38:53 +0000 (13:38 +0100)]
xfrm4: Invalidate all ipv4 routes on IPsec pmtu events
On IPsec pmtu events we can't access the transport headers of
the original packet, so we can't find the socket that sent
the packet. The only chance to notify the socket about the
pmtu change is to force a relookup for all routes. This
patch implenents this for the IPsec protocols.
Michal Kubecek [Fri, 18 Jan 2013 15:03:48 +0000 (16:03 +0100)]
xfrm: fix freed block size calculation in xfrm_policy_fini()
Missing multiplication of block size by sizeof(struct hlist_head)
can cause xfrm_hash_free() to be called with wrong second argument
so that kfree() is called on a block allocated with vzalloc() or
__get_free_pages() or free_pages() is called with wrong order when
a namespace with enough policies is removed.
Bug introduced by commit a35f6c5d, i.e. versions >= 2.6.29 are
affected.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Eric Dumazet [Sat, 5 Jan 2013 21:31:18 +0000 (21:31 +0000)]
net: splice: avoid high order page splitting
splice() can handle pages of any order, but network code tries hard to
split them in PAGE_SIZE units. Not quite successfully anyway, as
__splice_segment() assumed poff < PAGE_SIZE. This is true for
the skb->data part, not necessarily for the fragments.
This patch removes this logic to give the pages as they are in the skb.
Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sat, 19 Jan 2013 16:10:37 +0000 (16:10 +0000)]
tcp: fix incorrect LOCKDROPPEDICMPS counter
commit 563d34d057 (tcp: dont drop MTU reduction indications)
added an error leading to incorrect accounting of
LINUX_MIB_LOCKDROPPEDICMPS
If socket is owned by the user, we want to increment
this SNMP counter, unless the message is a
(ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED) one.
Reported-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Signed-off-by: Maciej Żenczykowski <maze@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Or Gerlitz [Thu, 17 Jan 2013 05:30:43 +0000 (05:30 +0000)]
net/mlx4_core: Set number of msix vectors under SRIOV mode to firmware defaults
The lines
if (mlx4_is_mfunc(dev)) {
nreq = 2;
} else {
which hard code the number of requested msi-x vectors under multi-function
mode to two can be removed completely, since the firmware sets num_eqs and
reserved_eqs appropriately Thus, the code line:
is by itself sufficient and correct for all cases. Currently, for mfunc
mode num_eqs = 32 and reserved_eqs = 28, hence four vectors will be enabled.
This triples (one vector is used for the async events and commands EQ) the
horse power provided for processing of incoming packets on netdev RSS scheme,
IO initiators/targets commands processing flows, etc.
Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il> Signed-off-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Yan Burman [Thu, 17 Jan 2013 05:30:42 +0000 (05:30 +0000)]
net/mlx4_en: Fix bridged vSwitch configuration for non SRIOV mode
Commit 5b4c4d36860e "mlx4_en: Allow communication between functions on
same host" introduced a regression under which a bridge acting as vSwitch
whose uplink is an mlx4 Ethernet device become non-operative in native
(non sriov) mode. This happens since broadcast ARP requests sent by VMs
were loopback-ed by the HW and hence the bridge learned VM source MACs
on both the VM and the uplink ports.
The fix is to place the DMAC in the send WQE only under SRIOV/eSwitch
configuration or when the device is in selftest.
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Yan Burman <yanb@mellanox.com> Signed-off-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Wed, 16 Jan 2013 22:09:49 +0000 (22:09 +0000)]
ipv6: Add an error handler for icmp6
pmtu and redirect events are now handled in the protocols error handler,
so add an error handler for icmp6 to do this. It is needed in the case
when we have no socket context. Based on a patch by Duan Jiong.
Reported-by: Duan Jiong <djduanjiong@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Rob Herring [Wed, 16 Jan 2013 13:36:37 +0000 (13:36 +0000)]
net: calxedaxgmac: throw away overrun frames
The xgmac driver assumes 1 frame per descriptor. If a frame larger than
the descriptor's buffer size is received, the frame will spill over into
the next descriptor. So check for received frames that span more than one
descriptor and discard them. This prevents a crash if we receive erroneous
large packets.
Signed-off-by: Rob Herring <rob.herring@calxeda.com> Cc: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
All of the xfrm_replay->advance functions in xfrm_replay.c check if
x->replay_esn->replay_window is zero (and return if so). However,
one of them, xfrm_replay_advance_bmp(), divides by that value (in the
'%' operator) before doing the check, which can potentially trigger
a divide-by-zero exception. Some compilers will also assume that the
earlier division means the value cannot be zero later, and thus will
eliminate the subsequent zero check as dead code.
Neil Horman [Thu, 17 Jan 2013 11:15:08 +0000 (11:15 +0000)]
sctp: refactor sctp_outq_teardown to insure proper re-initalization
Jamie Parsons reported a problem recently, in which the re-initalization of an
association (The duplicate init case), resulted in a loss of receive window
space. He tracked down the root cause to sctp_outq_teardown, which discarded
all the data on an outq during a re-initalization of the corresponding
association, but never reset the outq->outstanding_data field to zero. I wrote,
and he tested this fix, which does a proper full re-initalization of the outq,
fixing this problem, and hopefully future proofing us from simmilar issues down
the road.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Jamie Parsons <Jamie.Parsons@metaswitch.com> Tested-by: Jamie Parsons <Jamie.Parsons@metaswitch.com> CC: Jamie Parsons <Jamie.Parsons@metaswitch.com> CC: Vlad Yasevich <vyasevich@gmail.com> CC: "David S. Miller" <davem@davemloft.net> CC: netdev@vger.kernel.org Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Stef van Os [Thu, 17 Jan 2013 15:36:18 +0000 (16:36 +0100)]
phy/marvell: remove fiber/copper autoselect on 88e1111
Remove the code that always enables copper/fiber autoselect,
ignoring the DIS_FC strapping pin. The default value for this
register is autoselect on anyway, and if you explicitly disable
autoselect via strapping you probably really don't want
autoselect.
Signed-off-by: Stef van Os <stef.van.os@prodrive.nl> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 17 Jan 2013 19:50:12 +0000 (14:50 -0500)]
Merge branch 'wireless'
John W. Linville says:
====================
This batch of fixes is intended for 3.8...
Included is a Bluetooth pull. Gustavo says:
"A few fixes for 3.8. Five of them are just new devices ids addition.
Apart from the that there is fix to a kernel memory leak to userspace from
Anderson Lizardo, two interoperability fixes from Jaganath Kanakkassery and
Szymon Janc. And a crash fix by me."
Along with that, Amitkumar Karwar brings a pair of mwifiex fixes for
problems related to handling of band information within the driver.
These problems can lead to association failures.
Sujith Manoharan fixes a memory leak in the ath9k_htc code (originally
reported by Larry Finger).
The big hero this round is Felix Fietkau. Felix gives us seven
ath9k fixes, including a fix for a race condition, the removal of a
double-free, and a fix for a deadlock, among others.
These have all been in linux-next for at least a couple of days,
with no complaints so far. Please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Wed, 16 Jan 2013 20:58:10 +0000 (20:58 +0000)]
ipv4: Don't update the pmtu on mtu locked routes
Routes with locked mtu should not use learned pmtu informations,
so do not update the pmtu on these routes.
Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert [Wed, 16 Jan 2013 20:55:01 +0000 (20:55 +0000)]
ipv4: Remove output route check in ipv4_mtu
The output route check was introduced with git commit 261663b0
(ipv4: Don't use the cached pmtu informations for input routes)
during times when we cached the pmtu informations on the
inetpeer. Now the pmtu informations are back in the routes,
so this check is obsolete. It also had some unwanted side effects,
as reported by Timo Teras and Lukas Tribus.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Romain KUNTZ [Wed, 16 Jan 2013 12:47:40 +0000 (12:47 +0000)]
ipv6: fix header length calculation in ip6_append_data()
Commit 299b0767 (ipv6: Fix IPsec slowpath fragmentation problem)
has introduced a error in the header length calculation that
provokes corrupted packets when non-fragmentable extensions
headers (Destination Option or Routing Header Type 2) are used.
rt->rt6i_nfheader_len is the length of the non-fragmentable
extension header, and it should be substracted to
rt->dst.header_len, and not to exthdrlen, as it was done before
commit 299b0767.
This patch reverts to the original and correct behavior. It has
been successfully tested with and without IPsec on packets
that include non-fragmentable extensions headers.
Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Bob Copeland [Wed, 9 Jan 2013 17:34:56 +0000 (12:34 -0500)]
mac80211: add encrypt headroom to PERR frames
Mesh PERR action frames are robust and thus may be encrypted, so add
proper head/tailroom to allow this. Fixes this warning when operating
a Mesh STA on ath5k:
Bob Copeland [Wed, 9 Jan 2013 17:34:55 +0000 (12:34 -0500)]
mac80211: set NEED_TXPROCESSING for PERR frames
A user reported warnings in ath5k due to transmitting frames with no
rates set up. The frames were Mesh PERR frames, and some debugging
showed an empty control block with just the vif pointer:
Tushar Behera [Mon, 14 Jan 2013 19:39:01 +0000 (19:39 +0000)]
usbnet: dm9601: Fix incorrect command
commit 24b1042c4eb2 ("usbnet: dm9601: apply introduced usb command
APIs") removes the distiction between DM_WRITE_REG and DM_WRITE_REGS
command. The distiction is reintroduced to the driver so that the
functionality of the driver remains same.
CC: Ming Lei <ming.lei@canonical.com> Signed-off-by: Tushar Behera <tushar.behera@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
The coalesce parameters was set only on the first queue, which caused
interrupt rates to be larger on all the other queues.
This patch allows interrupt rates to be reduced for certain workloads
and colaesce parameters by 41%.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Cc: steved@us.ibm.com Cc: toml@us.ibm.com Signed-off-by: David S. Miller <davem@davemloft.net>
I changed my email because the vyatta.com mail server is now
redirected to brocade.com; and the Brocade mail system
is not friendly to Linux desktop users.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
mac80211: Optimize scans on current operating channel.
we do not disable PS while going back to operational channel (on
ieee80211_scan_state_suspend) and deffer that until scan finish.
But since we are allowed to send frames, we can send a frame to AP
without PM bit set, so disable PS on AP side. Then when we switch
to off-channel (in ieee80211_scan_state_resume) we do not enable PS.
Hence we are off-channel with PS disabled, frames are not buffered
by AP.
To fix remove offchannel_ps_disable argument and always enable PS when
going off-channel and disable it when going on-channel, like it was
before.
Johannes Berg [Fri, 11 Jan 2013 13:34:25 +0000 (14:34 +0100)]
mac80211: fix FT roaming
During FT roaming, wpa_supplicant attempts to set the
key before association. This used to be rejected, but
as a side effect of my commit 66e67e418908442389d3a9e
("mac80211: redesign auth/assoc") the key was accepted
causing hardware crypto to not be used for it as the
station isn't added to the driver yet.
It would be possible to accept the key and then add it
to the driver when the station has been added. However,
this may run into issues with drivers using the state-
based station adding if they accept the key only after
association like it used to be.
For now, revert to the behaviour from before the auth
and assoc change.
The rate scaling won't treat the information in a frame
with IEEE80211_TX_CTL_AMPDU set if IEEE80211_TX_STAT_AMPDU
is cleared. But all the frames coming from an AGG tx queue
have IEEE80211_TX_CTL_AMPDU set, and IEEE80211_TX_STAT_AMPDU
is set only if the frame was sent in an AMPDU.
This means that all the data in frames in AGG tx queues that
aren't sent as an AMPDU is thrown away.
This is even more harmful when in bad link conditions, the
frames are sent in an AMPDU and then finally sent as single
frame. So a lot of failures weren't reported and the rate
scaling got stuck in high rates leading to very poor
connectivity.
Fix that by clearing IEEE80211_TX_CTL_AMPDU when the frame
isn't part of an AMPDU.
Jacob Keller [Wed, 5 Dec 2012 07:53:38 +0000 (07:53 +0000)]
ixgbe: Fix overwriting of rx_mtrl in ixgbe_ptp_hwtstamp_ioctl
This patch corrects a bug introduced by commit f3444d8b. The rxmtrl value for
the UDP port to timestamp on was moved above the switch statement, but was
overwritten to 0 if the ioctl selected one of the V1 filters.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Jacob Keller [Sat, 8 Dec 2012 09:04:25 +0000 (09:04 +0000)]
ixgbe: only compile ixgbe_debugfs.o when enabled
This patch modifies ixgbe_debugfs.c and the Makefile for the ixgbe
driver to only compile the file when the config is enabled. This means
we can remove the #ifdef inside the ixgbe_debugfs.c file.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy
auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting
in intermittent crc errors on jumbo frames with some link partners. Change
the code to do a read/modify/write.
Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
When netconsole is enabled, logging messages generated during tg3_open
can result in a null pointer dereference for the uninitialized tg3
status block. Use the irq_sync flag to disable polling in the early
stages. irq_sync is cleared when the driver is enabling interrupts after
all initialization is completed.
Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Mon, 14 Jan 2013 07:12:19 +0000 (07:12 +0000)]
tun: fix LSM/SELinux labeling of tun/tap devices
This patch corrects some problems with LSM/SELinux that were introduced
with the multiqueue patchset. The problem stems from the fact that the
multiqueue work changed the relationship between the tun device and its
associated socket; before the socket persisted for the life of the
device, however after the multiqueue changes the socket only persisted
for the life of the userspace connection (fd open). For non-persistent
devices this is not an issue, but for persistent devices this can cause
the tun device to lose its SELinux label.
We correct this problem by adding an opaque LSM security blob to the
tun device struct which allows us to have the LSM security state, e.g.
SELinux labeling information, persist for the lifetime of the tun
device. In the process we tweak the LSM hooks to work with this new
approach to TUN device/socket labeling and introduce a new LSM hook,
security_tun_dev_attach_queue(), to approve requests to attach to a
TUN queue via TUNSETQUEUE.
The SELinux code has been adjusted to match the new LSM hooks, the
other LSMs do not make use of the LSM TUN controls. This patch makes
use of the recently added "tun_socket:attach_queue" permission to
restrict access to the TUNSETQUEUE operation. On older SELinux
policies which do not define the "tun_socket:attach_queue" permission
the access control decision for TUNSETQUEUE will be handled according
to the SELinux policy's unknown permission setting.
Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Mon, 14 Jan 2013 07:12:13 +0000 (07:12 +0000)]
selinux: add the "attach_queue" permission to the "tun_socket" class
Add a new permission to align with the new TUN multiqueue support,
"tun_socket:attach_queue".
The corresponding SELinux reference policy patch is show below:
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 28802c5..a0664a1 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -827,6 +827,9 @@ class kernel_service
class tun_socket
inherits socket
+{
+ attach_queue
+}
class x_pointer
inherits x_device
Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Sun, 13 Jan 2013 18:21:51 +0000 (18:21 +0000)]
tcp: fix a panic on UP machines in reqsk_fastopen_remove
spin_is_locked() on a non !SMP build is kind of useless.
BUG_ON(!spin_is_locked(xx)) is guaranteed to crash.
Just remove this check in reqsk_fastopen_remove() as
the callers do hold the socket lock.
Reported-by: Ketan Kulkarni <ketkulka@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jerry Chu <hkchu@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Dave Taht <dave.taht@gmail.com> Acked-by: H.K. Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Mon, 14 Jan 2013 21:19:08 +0000 (13:19 -0800)]
Merge tag 'dt-fixes-for-3.8' of git://sources.calxeda.com/kernel/linux
Pull devicetree fixes from Rob Herring:
"Two fixes to prevent unconditional re-compile of dts files on arm and
arm64."
* tag 'dt-fixes-for-3.8' of git://sources.calxeda.com/kernel/linux:
ARM: dts: prevent *.dtb from always being rebuilt
arm64: dts: prevent *.dtb from always being rebuilt
Linus Torvalds [Mon, 14 Jan 2013 21:17:50 +0000 (13:17 -0800)]
vfs: add missing virtual cache flush after editing partial pages
Andrew Morton pointed this out a month ago, and then I completely forgot
about it.
If we read a partial last page of a block device, we will zero out the
end of the page, but since that page can then be mapped into user space,
we should also make sure to flush the cache on architectures that have
virtual caches. We have the flush_dcache_page() function for this, so
use it.
Now, in practice this really never matters, because nobody sane uses
virtual caches to begin with, and they largely exist on old broken RISC
arhitectures.
And even if you did run on one of those obsolete CPU's, the whole "mmap
and access the last partial page of a block device" behavior probably
doesn't actually exist. The normal IO functions (read/write) will never
see the zeroed-out part of the page that migth not be coherent in the
cache, because they honor the size of the device.
So I'm marking this for stable (3.7 only), but I'm not sure anybody will
ever care.
Felix Fietkau [Mon, 14 Jan 2013 15:56:46 +0000 (16:56 +0100)]
ath9k: disable the tasklet before taking the PCU lock
Fixes a reported CPU soft lockup where the tasklet tries to acquire the
lock and blocks while ath_prepare_reset (holding the lock) waits for it
to complete.
Cc: stable@vger.kernel.org Reported-by: Robert Shade <robert.shade@gmail.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Felix Fietkau [Mon, 14 Jan 2013 09:50:15 +0000 (10:50 +0100)]
ath9k: remove sc->rx.rxbuflock to fix a deadlock
The commit "ath9k: fix rx flush handling" added a deadlock that happens
because ath_rx_tasklet is called in a section that has already taken the
rx buffer lock.
It seems that the only purpose of the rxbuflock was a band-aid fix to the
reset vs rx tasklet race, which has been properly fixed in the commit
"ath9k: add a better fix for the rx tasklet vs rx flush race".
Now that the fix is in, we can safely remove the lock to avoid such issues.
Cc: stable@vger.kernel.org Reported-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Linus Torvalds [Mon, 14 Jan 2013 18:56:05 +0000 (10:56 -0800)]
Merge tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Most of commits found here are for ASoC device specific fixes,
arizona, cs4271, wm5102, wm2200, etc, in addition to a couple of
memory leak fixes in ASoC core.
Other than that, regression fixes in HD-audio and USB-audio, and a fix
for new Realtek codecs."
* tag 'sound-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (30 commits)
ALSA: usb-audio: Fix NULL dereference by access to non-existing substream
ALSA: hda - Add support of new codec ALC284
ALSA: usb-audio: Make ebox44_table static
ALSA: hdspm - Fix wordclock status on AES32
Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat codecs"
ALSA: hda - Disable runtime D3 for Intel CPT & co
ALSA: pxa27x: fix ac97 warm reset
ALSA: pxa27x: fix ac97 cold reset
ASoC: wm_adsp: Ensure that block writes are from DMA aligned addresses
ASoC: wm2000: Fix sense of speech clarity enable
ASoC: wm5100: Remove DSP B and left justified formats
ASoC: arizona: Remove DSP B and left justified AIF modes
ASoC: wm2200: Remove DSP B and left justified AIF modes
ASoC: wm5102: Improve speaker enable performance
ASoC: core: fix the memory leak in case of remove_aux_dev()
ASoC: core: fix the memory leak in case of device_add() failure
ASoC: cs42l52: Catch no-match case in cs42l52_get_clk
ASoC: lm49453: Update lm49453_reg_defs values as per LM49453 HW revision-B
ASoC: lm49453: Fix adc, mic and sidetone volume ranges
ASoC: arizona: Correct FLL source definitions
...
Linus Torvalds [Mon, 14 Jan 2013 17:08:38 +0000 (09:08 -0800)]
Merge tag 'staging-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging fixes from Greg Kroah-Hartman:
"Here are a number of small fixes to staging drivers for your 3.8-rc3
tree.
Well, the omapdrm fixes aren't really "small" but they were waiting on
a number of other drm patches to go in through the drm tree, and got
delayed by my vacation over the holidays. They are totally
self-contained, everyone involved have acked them, and they fix issues
that people have been having with the driver.
Other than that one, it's a bunch of tiny bugfixes for a number of
reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'staging-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (36 commits)
staging: zram: fix invalid memory references during disk write
staging: tidspbridge: use prepare/unprepare on dsp clocks
staging: tidspbridge: Fix build breakage due to splitting CM functions.
staging: comedi: comedi_test: fix race when cancelling command
staging: comedi: Kconfig: COMEDI_NI_AT_A2150 should select COMEDI_FC
staging: comedi: prevent auto-unconfig of manually configured devices
staging: comedi: fix minimum AO period for NI 625x and NI 628x
staging: vme_pio2: fix oops on module unloading
staging: speakup: avoid out-of-range access in synth_add()
staging: speakup: avoid out-of-range access in synth_init()
staging: rtl8192e: Fix failure to check pci_map_single()
staging: rtl8187se: Fix failure to check pci_map_single()
staging: drm/imx: fix double free bug in error path
staging: drm/imx: several bug fixes
staging: drm/imx: check return value of ipu_reset()
staging: drm/omap: fix flags in dma buf exporting
staging: drm/omap: use omapdss low level API
staging/fwserial: Update TODO file per reviewer comments
staging/fwserial: Limit tx/rx to 1394-2008 spec maximum
staging/fwserial: Refine Kconfig help text
...
Linus Torvalds [Mon, 14 Jan 2013 17:07:57 +0000 (09:07 -0800)]
Merge tag 'usb-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB fixes from Greg Kroah-Hartman:
"Here are a bunch of USB fixes for your 3.8-rc3 tree. They all either
fix problems that have been reported (like the xhci/hub changes) or
add new device ids to existing drivers.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'usb-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (39 commits)
usb: ftdi_sio: Crucible Technologies COMET Caller ID - pid added
usb: host: ohci-tmio: fix compile warning
USB: Add device quirk for Microsoft VX700 webcam
USB: ehci-fsl: fix regression on mpc5121e
usb: chipidea: Allow disabling streaming not only in udc mode
USB: fsl-mph-dr-of: fix regression on mpc5121e
USB: select USB_ARCH_HAS_EHCI for MXS
USB: hub: handle claim of enabled remote wakeup after reset
USB: cdc-acm: Add support for "PSC Scanning, Magellan 800i"
USB: option: add Nexpring NP10T terminal id
USB: option: add Telekom Speedstick LTE II
USB: option: blacklist network interface on ZTE MF880
usb: imx21-hcd: Include missing linux/module.h
USB: option: Add new MEDIATEK PID support
USB: ehci: make debug port in-use detection functional again
USB: usbtest: fix test number in log message
xhci: Avoid "dead ports", add roothub port polling.
USB: Handle warm reset failure on empty port.
USB: Ignore port state until reset completes.
USB: Increase reset timeout.
...
Linus Torvalds [Mon, 14 Jan 2013 17:07:11 +0000 (09:07 -0800)]
Merge tag 'driver-core-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg Kroah-Hartman:
"Here are two patches for 3.8-rc3.
One removes the __dev* defines from init.h now that all usages of it
are gone from your tree. The other fix is for debugfs's paramater
that was using the wrong base for the option.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'driver-core-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
debugfs: convert gid= argument from decimal, not octal
Remove __dev* markings from init.h
Linus Torvalds [Mon, 14 Jan 2013 17:06:24 +0000 (09:06 -0800)]
Merge tag 'char-misc-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc fix from Greg Kroah-Hartman:
"Here is a single fix for the mei driver that resolves a reported
issue.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'char-misc-3.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
mei: fix mismatch in mutex unlock-lock in mei_amthif_read()
Linus Torvalds [Mon, 14 Jan 2013 16:56:31 +0000 (08:56 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Nothing too astounding
- nouveau: bunch of regression fixes and oops fixes
- radeon: UMS fixes, rn50 fix, dma fix
- udl: fix EDID retrieval for large EDIDs."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
udldrmfb: udl_get_edid: drop unneeded i--
udldrmfb: udl_get_edid: usb_control_msg buffer must not be on the stack
udldrmfb: Fix EDID not working with monitors with EDID extension blocks
drm/nvc0/fb: fix crash when different mutex is used to protect same list
drm/nouveau/clock: fix support for more than 2 monitors on nve0
drm/nv50/disp: fix selection of bios script for analog outputs
drm/nv17-50: restore fence buffer on resume
drm/nouveau: fix blank LVDS screen regression on pre-nv50 cards
drm/nouveau: fix nouveau_client allocation failure path
drm/nouveau: don't return freed object from nouveau_handle_create
drm/nouveau/vm: fix memory corruption when pgt allocation fails
drm/nouveau: add locking around instobj list operations
drm/nouveau: do not forcibly power on lvds panels
drm/nouveau/devinit: ensure legacy vga control is enabled during post
radeon/kms: fix dma relocation checking
radeon/kms: force rn50 chip to always report connected on analog output
drm/radeon: fix error path in kpage allocation
drm/radeon: fix a bogus kfree
drm/radeon: fix NULL pointer dereference in UMS mode
1) Fix regression allowing IP_TTL setting of zero, fix from Cong Wang.
2) Fix leak regressions in tunap, from Jason Wang.
3) be2net driver always returns IRQ_HANDLED in INTx handler, fix from
Sathya Perla.
4) qlge doesn't really support NETIF_F_TSO6, don't set that flag. Fix
from Amerigo Wang.
5) Add 802.11ad Atheros wil6210 driver, from Vladimir Kondratiev.
6) Fix MTU calculations in mac80211 layer, from T Krishna Chaitanya.
7) Station info layer of mac80211 needs to use del_timer_sync(), from
Johannes Berg.
8) tcp_read_sock() can loop forever, because we don't immediately stop
when recv_actor() returns zero. Fix from Eric Dumazet.
9) Fix WARN_ON() in tcp_cleanup_rbuf(). We have to use sk_eat_skb() in
tcp_recv_skb() to handle the case where a large GRO packet is split
up while it is use by a splice() operation. Fix also from Eric
Dumazet.
10) addrconf_get_prefix_route() in ipv6 tests flags incorrectly, it
does:
if (X && (p->flags & Y) != 0)
when it really meant to go:
if (X && (p->flags & X) != 0)
fix from Romain Kuntz.
11) Fix lost Kconfig dependency for bfin_mac driver hardware
timestamping. From Lars-Peter Clausen.
12) Fix regression in handling of RST without ACK in TCP, from Eric
Dumazet.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (37 commits)
be2net: fix unconditionally returning IRQ_HANDLED in INTx
tuntap: fix leaking reference count
tuntap: forbid calling TUNSETIFF when detached
tuntap: switch to use rtnl_dereference()
net, wireless: overwrite default_ethtool_ops
qlge: remove NETIF_F_TSO6 flag
tcp: accept RST without ACK flag
net: ethernet: xilinx: Do not use NO_IRQ in axienet
net: ethernet: xilinx: Do not use axienet on PPC
bnx2x: Allow management traffic after boot from SAN
bnx2x: Fix fastpath structures when memory allocation fails
bfin_mac: Restore hardware time-stamping dependency on BF518
tun: avoid owner checks on IFF_ATTACH_QUEUE
bnx2x: move debugging code before the return
tuntap: refuse to re-attach to different tun_struct
ipv6: use addrconf_get_prefix_route for prefix route lookup [v2]
ipv6: fix the noflags test in addrconf_get_prefix_route
tcp: fix splice() and tcp collapsing interaction
tcp: splice: fix an infinite loop in tcp_read_sock()
net: prevent setting ttl=0 via IP_TTL
...
Stephen Warren [Sat, 29 Dec 2012 00:42:46 +0000 (17:42 -0700)]
ARM: dts: prevent *.dtb from always being rebuilt
if_changed (used by the *.dts->*.dtc rule) rebuilds files if they aren't
contained in $(targets). (make V=2 indicates this). Add $(dtb-y) to
$(targets) to prevent *.dtb from always being rebuilt.
This fixes a regression introduced by the .dtb rule rework in 499cd82
"ARM: dt: change .dtb build rules to build in dts directory".
Reported-by: Shawn Guo <shawn.guo@linaro.org> Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Stephen Warren [Sat, 29 Dec 2012 00:42:47 +0000 (17:42 -0700)]
arm64: dts: prevent *.dtb from always being rebuilt
if_changed (used by the *.dts->*.dtc rule) rebuilds files if they aren't
contained in $(targets). (make V=2 indicates this). Add $(dtb-y) to
$(targets) to prevent *.dtb from always being rebuilt. Note
This fixes a regression introduced by the .dtb rule rework in da4cbc6
"arm64: use new common dtc rule", although since arm64 doesn't actually
have any *.dts yet, this isn't a critical issue.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Nitin Gupta [Wed, 2 Jan 2013 16:53:41 +0000 (08:53 -0800)]
staging: zram: fix invalid memory references during disk write
Fixes a bug introduced by commit c8f2f0db1 ("zram: Fix handling
of incompressible pages") which caused invalid memory references
during disk write. Invalid references could occur in two cases:
- Incoming data expands on compression: In this case, reference was
made to kunmap()'ed bio page.
- Partial (non PAGE_SIZE) write with incompressible data: In this
case, reference was made to a kfree()'ed buffer.
Hans de Goede [Fri, 11 Jan 2013 11:08:57 +0000 (12:08 +0100)]
udldrmfb: udl_get_edid: usb_control_msg buffer must not be on the stack
The buffer passed to usb_control_msg may end up in scatter-gather list, and
may thus not be on the stack. Having it on the stack usually works on x86, but
not on other archs.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
Hans de Goede [Fri, 11 Jan 2013 11:08:56 +0000 (12:08 +0100)]
udldrmfb: Fix EDID not working with monitors with EDID extension blocks
udldrmfb only reads the main EDID block, and if that advertises extensions
the drm_edid code expects them to be present, and starts reading beyond the
buffer udldrmfb passes it.
Although it may be possible to read more EDID info with the udl we simpy don't
know how, and even if trial and error gets it working on one device, that is
no guarantee it will work on other revisions. So this patch does a simple fix
in the form of patching the EDID info to report 0 extension blocks, this
fixes udldrmfb only doing 1024x768 on monitors with EDID extension blocks.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
Dave Airlie [Sun, 13 Jan 2013 22:16:54 +0000 (08:16 +1000)]
Merge branch 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux into drm-next
Fixes for UMS mode which has been broken for a while plus an rn50 fix
and a dma fix.
* 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux:
radeon/kms: fix dma relocation checking
radeon/kms: force rn50 chip to always report connected on analog output
drm/radeon: fix error path in kpage allocation
drm/radeon: fix a bogus kfree
drm/radeon: fix NULL pointer dereference in UMS mode
Dave Airlie [Sun, 13 Jan 2013 22:15:36 +0000 (08:15 +1000)]
Merge branch 'drm-nouveau-fixes' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next
Regression fixes since rework mostly.
* 'drm-nouveau-fixes' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
drm/nvc0/fb: fix crash when different mutex is used to protect same list
drm/nouveau/clock: fix support for more than 2 monitors on nve0
drm/nv50/disp: fix selection of bios script for analog outputs
drm/nv17-50: restore fence buffer on resume
drm/nouveau: fix blank LVDS screen regression on pre-nv50 cards
drm/nouveau: fix nouveau_client allocation failure path
drm/nouveau: don't return freed object from nouveau_handle_create
drm/nouveau/vm: fix memory corruption when pgt allocation fails
drm/nouveau: add locking around instobj list operations
drm/nouveau: do not forcibly power on lvds panels
drm/nouveau/devinit: ensure legacy vga control is enabled during post
usb: ftdi_sio: Crucible Technologies COMET Caller ID - pid added
Simple fix to add support for Crucible Technologies COMET Caller ID
USB decoder - a device containing FTDI USB/Serial converter chip,
handling 1200bps CallerID messages decoded from the phone line -
adding correct USB PID is sufficient.
Tested to apply cleanly and work flawlessly against 3.6.9, 3.7.0-rc8
and 3.8.0-rc3 on both amd64 and x86 arches.
Jan Engelhardt [Thu, 10 Jan 2013 12:30:05 +0000 (12:30 +0000)]
netfilter: x_tables: print correct hook names for ARP
arptables 0.0.4 (released on 10th Jan 2013) supports calling the
CLASSIFY target, but on adding a rule to the wrong chain, the
diagnostic is as follows:
# arptables -A INPUT -j CLASSIFY --set-class 0:0
arptables: Invalid argument
# dmesg | tail -n1
x_tables: arp_tables: CLASSIFY target: used from hooks
PREROUTING, but only usable from INPUT/FORWARD
This is incorrect, since xt_CLASSIFY.c does specify
(1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD).
This patch corrects the x_tables diagnostic message to print the
proper hook names for the NFPROTO_ARP case.
Affects all kernels down to and including v2.6.31.
Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>