|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [linux-linus bisection] complete test-amd64-i386-rumpuserxen-i386
branch xen-unstable xen branch xen-unstable job test-amd64-i386-rumpuserxen-i386 test guest-start Tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git Tree: linuxfirmware git://xenbits.xen.org/osstest/linux-firmware.git Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git Tree: rumpuserxen git://xenbits.xen.org/rumpuser-xen.git Tree: rumpuserxen_buildrumpsh https://github.com/rumpkernel/buildrump.sh.git Tree: rumpuserxen_netbsdsrc https://github.com/rumpkernel/src-netbsd Tree: xen git://xenbits.xen.org/xen.git *** Found and reproduced problem changeset *** Bug is in tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git Bug introduced: 89453379aaf0608253124057df6cd8ac63948135 Bug not present: 53429290a054b30e4683297409fc4627b2592315 commit 89453379aaf0608253124057df6cd8ac63948135 Merge: 5342929 99a49ce Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 15:04:58 2014 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "A bit has accumulated, but it's been a week or so since my last batch of post-merge-window fixes, so... 1) Missing module license in netfilter reject module, from Pablo. Lots of people ran into this. 2) Off by one in mac80211 baserate calculation, from Karl Beldan. 3) Fix incorrect return value from ax88179_178a driver's set_mac_addr op, which broke use of it with bonding. From Ian Morgan. 4) Checking of skb_gso_segment()'s return value was not all encompassing, it can return an SKB pointer, a pointer error, or NULL. Fix from Florian Westphal. This is crummy, and longer term will be fixed to just return error pointers or a real SKB. 6) Encapsulation offloads not being handled by skb_gso_transport_seglen(). From Florian Westphal. 7) Fix deadlock in TIPC stack, from Ying Xue. 8) Fix performance regression from using rhashtable for netlink sockets. The problem was the synchronize_net() invoked for every socket destroy. From Thomas Graf. 9) Fix bug in eBPF verifier, and remove the strong dependency of BPF on NET. From Alexei Starovoitov. 10) In qdisc_create(), use the correct interface to allocate ->cpu_bstats, otherwise the u64_stats_sync member isn't initialized properly. From Sabrina Dubroca. 11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter. 12) nf_tables_newchain() was erroneously expecting error pointers from netdev_alloc_pcpu_stats(). It only returna a valid pointer or NULL. From Sabrina Dubroca. 13) Fix use-after-free in _decode_session6(), from Li RongQing. 14) When we set the TX flow hash on a socket, we mistakenly do so before we've nailed down the final source port. Move the setting deeper to fix this. From Sathya Perla. 15) NAPI budget accounting in amd-xgbe driver was counting descriptors instead of full packets, fix from Thomas Lendacky. 16) Fix total_data_buflen calculation in hyperv driver, from Haiyang Zhang. 17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke Mehrtens. 18) Fix mis-use of per-cpu memory in TCP md5 code. The problem is that something that ends up being vmalloc memory can't be passed to the crypto hash routines via scatter-gather lists. From Eric Dumazet. 19) Fix regression in promiscuous mode enabling in cdc-ether, from Olivier Blin. 20) Bucket eviction and frag entry killing can race with eachother, causing an unlink of the object from the wrong list. Fix from Nikolay Aleksandrov. 21) Missing initialization of spinlock in cxgb4 driver, from Anish Bhatt. 22) Do not cache ipv4 routing failures, otherwise if the sysctl for forwarding is subsequently enabled this won't be seen. From Nicolas Cavallari" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits) drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode drivers: net: cpsw: Fix broken loop condition in switch mode net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0 stmmac: pci: set default of the filter bins net: smc91x: Fix gpios for device tree based booting mpls: Allow mpls_gso to be built as module mpls: Fix mpls_gso handler. r8152: stop submitting intr for -EPROTO netfilter: nft_reject_bridge: restrict reject to prerouting and input netfilter: nft_reject_bridge: don't use IP stack to reject traffic netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing drivers/net: macvtap and tun depend on INET drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets drivers/net: Disable UFO through virtio net: skb_fclone_busy() needs to detect orphaned skb gre: Use inner mac length when computing tunnel length mlx4: Avoid leaking steering rules on flow creation error flow net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN ... commit 99a49ce613057f1934e1c378808374fd683b1541 Merge: 1e5c4bc 75a916e Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Fri Oct 31 16:18:35 2014 -0400 Merge tag 'master-2014-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2014-10-31 Please pull this small batch of spooky fixes intended for the 3.18 stream...boo! Cyril Brulebois adds an rt2x00 device ID. Dan Carpenter provides a one-line masking fix for an ath9k debugfs entry. Larry Finger gives us a package of small rtlwifi fixes which add some bits that were left out of some feature updates that were included in the merge window. Hopefully this isn't a sign that the rtlwifi base is getting too big... Marc Yang brings a fix for a temporary mwifiex stall when doing 11n RX reordering. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e5c4bc497c0a96e1ad2974539d353870f2cb0b6 Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 13:38:52 2014 -0400 drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode The cpsw driver did not support the IFF_ALLMULTI flag which makes dynamic multicast routing not work. Related to this, when enabling IFF_PROMISC in switch mode, all registered multicast addresses are flushed, resulting in only broadcast and unicast traffic being received. A new cpsw_ale_set_allmulti function now scans through the ALE entry table and adds/removes the host port from the unregistered multicast port mask of each vlan entry depending on the state of IFF_ALLMULTI. In promiscious mode, cpsw_ale_set_allmulti is used to force reception of all multicast traffic in addition to the unicast and broadcast traffic. With this change dynamic multicast and promiscious mode both work in switch mode. Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 6f979eb3fcfb4c3f42f230d174db4bbad0080710 Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 13:28:54 2014 -0400 drivers: net: cpsw: Fix broken loop condition in switch mode 0d961b3b52f566f823070ce2366511a7f64b928c (drivers: net: cpsw: fix buggy loop condition) accidentally fixed a loop comparison in too many places while fixing a real bug. It was correct to fix the dual_emac mode section since there 'i' is used as an index into priv->slaves which is a 0 based array. However the other two changes (which are only used in switch mode) are wrong since there 'i' is actually the ALE port number, and port 0 is the host port, while port 1 and up are the slave ports. Putting the loop condition back in the switch mode section fixes it. A comment has been added to point out the intent clearly to avoid future confusion. Also a comment is fixed that said the opposite of what was actually happening. Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Acked-by: Heiko Schocher <hs@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e0fb6fb6d52686134b2ece144060219591d4f8d3 Author: Guenter Roeck <linux@xxxxxxxxxxxx> Date: Thu Oct 30 20:50:15 2014 -0700 net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0 If a driver supports reading EEPROM but no EEPROM is installed in the system, the driver's get_eeprom_len function returns 0. ethtool will subsequently try to read that zero-length EEPROM anyway. If the driver does not support EEPROM access at all, this operation will return -EOPNOTSUPP. If the driver does support EEPROM access but no EEPROM is installed, the operation will return -EINVAL. Return -EOPNOTSUPP in both cases for consistency. Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx> Tested-by: Andrew Lunn <andrew@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e19e084eae727654052339757ab7f1eaff58bad Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> Date: Fri Oct 31 18:28:03 2014 +0200 stmmac: pci: set default of the filter bins The commit 3b57de958e2a brought the support for a different amount of the filter bins, but didn't update the PCI driver accordingly. This patch appends the default values when the device is enumerated via PCI bus. Fixes: 3b57de958e2a (net: stmmac: Support devicetree configs for mcast and ucast filter entries) Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7d2911c4381555b31ef0bcae42a0dbf9ade7426e Author: Tony Lindgren <tony@xxxxxxxxxxx> Date: Thu Oct 30 09:59:27 2014 -0700 net: smc91x: Fix gpios for device tree based booting With legacy booting, the platform init code was taking care of the configuring of GPIOs. With device tree based booting, things may or may not work depending what bootloader has configured or if the legacy platform code gets called. Let's add support for the pwrdn and reset GPIOs to the smc91x driver to fix the issues of smc91x not working properly when booted in device tree mode. And let's change n900 to use these settings as some versions of the bootloader do not configure things properly causing errors. Reported-by: Kevin Hilman <khilman@xxxxxxxxxx> Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit de05c400f7dfa566f598140f8604a5de8067cd5f Author: Pravin B Shelar <pshelar@xxxxxxxxxx> Date: Thu Oct 30 00:50:04 2014 -0700 mpls: Allow mpls_gso to be built as module Kconfig already allows mpls to be built as module. Following patch fixes Makefile to do same. CC: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx> Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f7065f4bd3fe4ad6bf7e49ba7c68baa2c7046146 Author: Pravin B Shelar <pshelar@xxxxxxxxxx> Date: Thu Oct 30 00:49:57 2014 -0700 mpls: Fix mpls_gso handler. mpls gso handler needs to pull skb after segmenting skb. CC: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx> Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d59c876dd61f3c151db077f9d73774e605f2b35e Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Fri Oct 31 13:35:57 2014 +0800 r8152: stop submitting intr for -EPROTO For Renesas USB 3.0 host controller, when unplugging the usb hub which has the RTL8153 plugged, the driver would get -EPROTO for interrupt transfer. There is high probability to get the information of "HC died; cleaning up", if the driver continues to submit the interrupt transfer before the disconnect() is called. [ 1024.197678] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.213673] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.229668] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.245661] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.261653] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.277648] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.293642] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.309638] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.325633] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.341627] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.357621] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.373615] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.383097] usb 9-1: USB disconnect, device number 2 [ 1024.383103] usb 9-1.4: USB disconnect, device number 6 [ 1029.391010] xhci_hcd 0000:04:00.0: xHCI host not responding to stop endpoint command. [ 1029.391016] xhci_hcd 0000:04:00.0: Assuming host is dying, halting host. [ 1029.392551] xhci_hcd 0000:04:00.0: HC died; cleaning up [ 1029.421480] usb 8-1: USB disconnect, device number 2 Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e3a88f9c4f79a4d138a0ea464cfbac40ba46644c Merge: de11b0e 127917c Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Fri Oct 31 12:29:42 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== netfilter/ipvs fixes for net The following patchset contains fixes for netfilter/ipvs. This round of fixes is larger than usual at this stage, specifically because of the nf_tables bridge reject fixes that I would like to see in 3.18. The patches are: 1) Fix a null-pointer dereference that may occur when logging errors. This problem was introduced by 4a4739d56b0 ("ipvs: Pull out crosses_local_route_boundary logic") in v3.17-rc5. 2) Update hook mask in nft_reject_bridge so we can also filter out packets from there. This fixes 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting and postrouting"), which needs this chunk to work. 3) Two patches to refactor common code to forge the IPv4 and IPv6 reject packets from the bridge. These are required by the nf_tables reject bridge fix. 4) Fix nft_reject_bridge by avoiding the use of the IP stack to reject packets from the bridge. The idea is to forge the reject packets and inject them to the original port via br_deliver() which is now exported for that purpose. 5) Restrict nft_reject_bridge to bridge prerouting and input hooks. the original skbuff may cloned after prerouting when the bridge stack needs to flood it to several bridge ports, it is too late to reject the traffic. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 127917c29a432c3b798e014a1714e9c1af0f87fe Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Mon Oct 27 14:08:17 2014 +0100 netfilter: nft_reject_bridge: restrict reject to prerouting and input Restrict the reject expression to the prerouting and input bridge hooks. If we allow this to be used from forward or any other later bridge hook, if the frame is flooded to several ports, we'll end up sending several reject packets, one per cloned packet. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 523b929d5446c023e1219aa81455a8c766cac883 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 18:40:26 2014 +0200 netfilter: nft_reject_bridge: don't use IP stack to reject traffic If the packet is received via the bridge stack, this cannot reject packets from the IP stack. This adds functions to build the reject packet and send it from the bridge stack. Comments and assumptions on this patch: 1) Validate the IPv4 and IPv6 headers before further processing, given that the packet comes from the bridge stack, we cannot assume they are clean. Truncated packets are dropped, we follow similar approach in the existing iptables match/target extensions that need to inspect layer 4 headers that is not available. This also includes packets that are directed to multicast and broadcast ethernet addresses. 2) br_deliver() is exported to inject the reject packet via bridge localout -> postrouting. So the approach is similar to what we already do in the iptables reject target. The reject packet is sent to the bridge port from which we have received the original packet. 3) The reject packet is forged based on the original packet. The TTL is set based on sysctl_ip_default_ttl for IPv4 and per-net ipv6.devconf_all hoplimit for IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 8bfcdf6671b1c8006c52c3eaf9fd1b5dfcf41c3d Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sun Oct 26 12:35:54 2014 +0100 netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions That can be reused by the reject bridge expression to build the reject packet. The new functions are: * nf_reject_ip6_tcphdr_get(): to sanitize and to obtain the TCP header. * nf_reject_ip6hdr_put(): to build the IPv6 header. * nf_reject_ip6_tcphdr_put(): to build the TCP header. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 052b9498eea532deb5de75277a53f6e0623215dc Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 18:24:57 2014 +0200 netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions That can be reused by the reject bridge expression to build the reject packet. The new functions are: * nf_reject_ip_tcphdr_get(): to sanitize and to obtain the TCP header. * nf_reject_iphdr_put(): to build the IPv4 header. * nf_reject_ip_tcphdr_put(): to build the TCP header. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 4d87716cd057bde3f90e304289c1fec88d45a1cc Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 12:25:06 2014 +0200 netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing Fixes: 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting and postrouting") Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit de11b0e8c569b96c2cf6a811e3805b7aeef498a3 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Fri Oct 31 03:10:31 2014 +0000 drivers/net: macvtap and tun depend on INET These drivers now call ipv6_proxy_select_ident(), which is defined only if CONFIG_INET is enabled. However, they have really depended on CONFIG_INET for as long as they have allowed sending GSO packets from userland. Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") Fixes: b9fb9ee07e67 ("macvtap: add GSO/csum offload support") Fixes: 5188cd44c55d ("drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c1304b217c7cefa5718fab9d36c59ba0d0133c6e Merge: 39bb5e6 5188cd4 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 20:01:27 2014 -0400 Merge branch 'ufo-fix' Ben Hutchings says: ==================== drivers/net,ipv6: Fix IPv6 fragment ID selection for virtio The virtio net protocol supports UFO but does not provide for passing a fragment ID for fragmentation of IPv6 packets. We used to generate a fragment ID wherever such a packet was fragmented, but currently we always use ID=0! v2: Add blank lines after declarations ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Thu Oct 30 18:27:17 2014 +0000 drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets UFO is now disabled on all drivers that work with virtio net headers, but userland may try to send UFO/IPv6 packets anyway. Instead of sending with ID=0, we should select identifiers on their behalf (as we used to). Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Thu Oct 30 18:27:12 2014 +0000 drivers/net: Disable UFO through virtio IPv6 does not allow fragmentation by routers, so there is no fragmentation ID in the fixed header. UFO for IPv6 requires the ID to be passed separately, but there is no provision for this in the virtio net protocol. Until recently our software implementation of UFO/IPv6 generated a new ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet passed through a tap, which is even worse. Unfortunately there is no distinction between UFO/IPv4 and v6 features, so disable UFO on taps and virtio_net completely until we have a proper solution. We cannot depend on VM managers respecting the tap feature flags, so keep accepting UFO packets but log a warning the first time we do this. Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 39bb5e62867de82b269b07df900165029b928359 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 30 10:32:34 2014 -0700 net: skb_fclone_busy() needs to detect orphaned skb Some drivers are unable to perform TX completions in a bound time. They instead call skb_orphan() Problem is skb_fclone_busy() has to detect this case, otherwise we block TCP retransmits and can freeze unlucky tcp sessions on mostly idle hosts. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 1f3279ae0c13 ("tcp: avoid retransmits of TCP packets hanging in host queues") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 14051f0452a2c26a3f4791e6ad6a435e8f1945ff Author: Tom Herbert <therbert@xxxxxxxxxx> Date: Thu Oct 30 08:40:56 2014 -0700 gre: Use inner mac length when computing tunnel length Currently, skb_inner_network_header is used but this does not account for Ethernet header for ETH_P_TEB. Use skb_inner_mac_header which handles TEB and also should work with IP encapsulation in which case inner mac and inner network headers are the same. Tested: Ran TCP_STREAM over GRE, worked as expected. Signed-off-by: Tom Herbert <therbert@xxxxxxxxxx> Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 292dd6542f90126826fe87b302e6afa3b7ada6b8 Merge: 9cc233f 571e1b2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 19:49:20 2014 -0400 Merge branch 'mellanox-net' Or Gerlitz says: ==================== mlx4 driver encapsulation/steering fixes The 1st patch fixes a bug in the TX path that supports offloading the TX checksum of (VXLAN) encapsulated TCP packets. It turns out that the bug is revealed only when the receiver runs in non-offloaded mode, so we somehow missed it so far... please queue it for -stable >= 3.14 The 2nd patch makes sure not to leak steering entry on error flow, please queue it to 3.17-stable ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 571e1b2c7a4c2fd5faa1648462a6b65fa26530d7 Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Date: Thu Oct 30 15:59:28 2014 +0200 mlx4: Avoid leaking steering rules on flow creation error flow If mlx4_ib_create_flow() attempts to create > 1 rules with the firmware, and one of these registrations fail, we leaked the already created flow rules. One example of the leak is when the registration of the VXLAN ghost steering rule fails, we didn't unregister the original rule requested by the user, introduced in commit d2fce8a9060d "mlx4: Set user-space raw Ethernet QPs to properly handle VXLAN traffic". While here, add dump of the VXLAN portion of steering rules so it can actually be seen when flow creation fails. Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit a4f2dacbf2a5045e34b98a35d9a3857800f25a7b Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Date: Thu Oct 30 15:59:27 2014 +0200 net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN For VXLAN/NVGRE encapsulation, the current HW doesn't support offloading both the outer UDP TX checksum and the inner TCP/UDP TX checksum. The driver doesn't advertize SKB_GSO_UDP_TUNNEL_CSUM, however we are wrongly telling the HW to offload the outer UDP checksum for encapsulated packets, fix that. Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP offloads of vxlan tunneling') Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9cc233fb0f94b79d07cf141a625e237769d267a1 Merge: fa19c2b0 e3215f0 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 19:46:33 2014 -0400 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2014-10-30 This series contains updates to e1000, igb and ixgbe. Francesco Ruggeri fixes an issue with e1000 where in a VM the driver did not support unicast filtering. Roman Gushchin fixes an issue with igb where the driver was re-using mapped pages so that packets were still getting dropped even if all the memory issues are gone and there is free memory. Junwei Zhang found where in the ixgbe_clean_rx_ring() we were repeating the assignment of NULL to the receive buffer skb and fixes it. Emil fixes a race condition between setup_link and SFP detection routine in the watchdog when setting the advertised speed. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58 Author: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx> Date: Thu Oct 30 10:09:53 2014 +0100 ipv4: Do not cache routing failures due to disabled forwarding. If we cache them, the kernel will reuse them, independently of whether forwarding is enabled or not. Which means that if forwarding is disabled on the input interface where the first routing request comes from, then that unreachable result will be cached and reused for other interfaces, even if forwarding is enabled on them. The opposite is also true. This can be verified with two interfaces A and B and an output interface C, where B has forwarding enabled, but not A and trying ip route get $dst iif A from $src && ip route get $dst iif B from $src Signed-off-by: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx> Reviewed-by: Julian Anastasov <ja@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e327c225c911529898ec300cb96d2088893de3df Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Wed Oct 29 17:54:03 2014 -0700 cxgb4 : Fix missing initialization of win0_lock win0_lock was being used un-initialized, resulting in warning traces being seen when lock debugging is enabled (and just wrong) Fixes : fc5ab0209650 ('cxgb4: Replaced the backdoor mechanism to access the HW memory with PCIe Window method') Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: Casey Leedom <leedom@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 83810a9a6af310e413ce649c6ca2df2b4946e5a4 Merge: d70127e e3bd1a8 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 15:49:05 2014 -0400 Merge branch 'r8152-net' Hayes Wang says: ==================== r8152: patches for autosuspend There are unexpected processes when enabling autosuspend. These patches are used to fix them. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e3bd1a81cd1e3f8ed961e642e97206d715db06c4 Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:17 2014 +0800 r8152: check WORK_ENABLE in suspend function Avoid unnecessary behavior when autosuspend occurs during open(). The relative processes should only be run after finishing open(). Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f4c7476b041d200c3b347f019eebf05e6d0b47f9 Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:16 2014 +0800 r8152: reset tp->speed before autoresuming in open function If (tp->speed & LINK_STATUS) is not zero, the rtl8152_resume() would call rtl_start_rx() before enabling the tx/rx. Avoid this by resetting it to zero. Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 923e1ee3ff0b585cc4f56cf696c8455708537ffb Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:15 2014 +0800 r8152: clear SELECTIVE_SUSPEND when autoresuming The flag of SELECTIVE_SUSPEND should be cleared when autoresuming. Otherwise, when the system suspend and resume occur, it may have the wrong flow. Besides, because the flag of SELECTIVE_SUSPEND couldn't be used to check if the hw enables the relative feature, it should alwayes be disabled in close(). Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 75a916e1944fea8347d2245c62567187e4eff9dd Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:13 2014 -0500 rtlwifi: rtl8192se: Fix firmware loading An error in the code makes the allocated space for firmware to be too small. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 8ae3c16e41b02db8ffe4121468519d6352baedc1 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:11 2014 -0500 rtlwifi: rtl8192ce: Add missing section to read descriptor setting The new version of rtlwifi needs code in rtl92ce_get_desc() that returns the buffer address for read operations. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 30c5ccc6afee39754cff75ad8d775ad39a2ce989 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:10 2014 -0500 rtlwifi: rtl8192se: Add missing section to read descriptor setting The new version of rtlwifi needs code in rtl92se_get_desc() that returns the buffer address for read operations. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 501479699ff484ba8acc1d07022271f00cfc55a3 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:09 2014 -0500 rtlwifi: rtl8192se: Fix duplicate calls to ieee80211_register_hw() Driver rtlwifi has been modified to call ieee80211_register_hw() from the probe routine; however, the existing call in the callback routine for deferred firmware loading was not removed. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit c0386f1584127442d0f2aea41bc948056d6b1337 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:08 2014 -0500 rtlwifi: rtl8192ce: rtl8192de: rtl8192se: Fix handling for missing get_btc_status The recent changes in checking for Bluetooth status added some callbacks to code in rtlwifi. To make certain that all callbacks are defined, a dummy routine has been added to rtlwifi, and the drivers that need to use it are modified. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 3a8fede115f12f7b90524d1ba4e709ce398ce8c6 Author: Marc Yang <yangyang@xxxxxxxxxxx> Date: Wed Oct 29 22:44:34 2014 +0530 mwifiex: restart rxreorder timer correctly During 11n RX reordering, if there is a hole in RX table, driver will not send packets to kernel until the rxreorder timer expires or the table is full. However, currently driver always restarts rxreorder timer when receiving a packet, which causes the timer hardly to expire. So while connected with to 11n AP in a busy environment, ping packets may get blocked for about 30 seconds. This patch fixes this timer restarting by ensuring rxreorder timer would only be restarted either timer is not set or start_win has changed. Signed-off-by: Chin-Ran Lo <crlo@xxxxxxxxxxx> Signed-off-by: Plus Chen <pchen@xxxxxxxxxxx> Signed-off-by: Marc Yang <yangyang@xxxxxxxxxxx> Signed-off-by: Cathy Luo <cluo@xxxxxxxxxxx> Signed-off-by: Avinash Patil <patila@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit a017ff755e43de9a3221d4ff4f03184ea7b93733 Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Wed Oct 29 18:48:05 2014 +0300 ath9k: fix some debugfs output The right shift operation has higher precedence than the mask so we left shift by "(i * 3)" and then immediately right shift by "(i * 3)" then we mask. It should be left shift, mask, and then right shift. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 664d6a792785cc677c2091038ce10322c8d04ae1 Author: Cyril Brulebois <kibi@xxxxxxxxxx> Date: Tue Oct 28 16:42:41 2014 +0100 wireless: rt2x00: add new rt2800usb device 0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle References: https://bugs.debian.org/766802 Reported-by: Martin Mokrejs <mmokrejs@xxxxxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Cyril Brulebois <kibi@xxxxxxxxxx> Acked-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit e3215f0ac77ec23b052cb0bf511143038ac2ad7b Author: Emil Tantilov <emil.s.tantilov@xxxxxxxxx> Date: Tue Oct 28 05:50:03 2014 +0000 ixgbe: fix race when setting advertised speed Following commands: modprobe ixgbe ifconfig ethX up ethtool -s ethX advertise 0x020 can lead to "setup link failed with code -14" error due to the setup_link call racing with the SFP detection routine in the watchdog. This patch resolves this issue by protecting the setup_link call with check for __IXGBE_IN_SFP_INIT. Reported-by: Scott Harrison <scoharr2@xxxxxxxxx> Signed-off-by: Emil Tantilov <emil.s.tantilov@xxxxxxxxx> Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit 4d2fcfbcf8141cdf70245a0c0612b8076f4b7e32 Author: Junwei Zhang <linggao.zjw@xxxxxxxxxxxxxxx> Date: Wed Oct 22 15:29:03 2014 +0000 ixgbe: need not repeat init skb with NULL Signed-off-by: Martin Zhang <martinbj2008@xxxxxxxxx> Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit bc16e47f03a7dce9ad68029b21519265c334eb12 Author: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Date: Thu Oct 23 03:32:27 2014 +0000 igb: don't reuse pages with pfmemalloc flag Incoming packet is dropped silently by sk_filter(), if the skb was allocated from pfmemalloc reserves and the corresponding socket is not marked with the SOCK_MEMALLOC flag. Igb driver allocates pages for DMA with __skb_alloc_page(), which calls alloc_pages_node() with the __GFP_MEMALLOC flag. So, in case of OOM condition, igb can get pages with pfmemalloc flag set. If an incoming packet hits the pfmemalloc page and is large enough (small packets are copying into the memory, allocated with netdev_alloc_skb_ip_align(), so they are not affected), it will be dropped. This behavior is ok under high memory pressure, but the problem is that the igb driver reuses these mapped pages. So, packets are still dropping even if all memory issues are gone and there is a plenty of free memory. In my case, some TCP sessions hang on a small percentage (< 0.1%) of machines days after OOMs. Fix this by avoiding reuse of such pages. Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Tested-by: Aaron Brown "aaron.f.brown@xxxxxxxxx" Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit a22bb0b9b9b09b4cc711f6d577679773e074dde9 Author: Francesco Ruggeri <fruggeri@xxxxxxxxxxxxxxxxxx> Date: Wed Oct 22 15:29:24 2014 +0000 e1000: unset IFF_UNICAST_FLT on WMware 82545EM VMWare's e1000 implementation does not seem to support unicast filtering. This can be observed by configuring a macvlan interface on eth0 in a VM in VMWare Fusion 5.0.5, and trying to use that interface instead of eth0. Tested on 3.16. Signed-off-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx> Tested-by: Aaron Brown <aaron.f.brown@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit d70127e8a942364de8dd140fe73893efda363293 Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Date: Tue Oct 28 10:44:01 2014 +0100 inet: frags: remove the WARN_ON from inet_evict_bucket The WARN_ON in inet_evict_bucket can be triggered by a valid case: inet_frag_kill and inet_evict_bucket can be running in parallel on the same queue which means that there has been at least one more ref added by a previous inet_frag_find call, but inet_frag_kill can delete the timer before inet_evict_bucket which will cause the WARN_ON() there to trigger since we'll have refcnt!=1. Now, this case is valid because the queue is being "killed" for some reason (removed from the chain list and its timer deleted) so it will get destroyed in the end by one of the inet_frag_put() calls which reaches 0 i.e. refcnt is still valid. CC: Florian Westphal <fw@xxxxxxxxx> CC: Eric Dumazet <eric.dumazet@xxxxxxxxx> CC: Patrick McLean <chutzpah@xxxxxxxxxx> Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue") Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 65ba1f1ec0eff1c25933468e1d238201c0c2cb29 Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Date: Tue Oct 28 10:30:34 2014 +0100 inet: frags: fix a race between inet_evict_bucket and inet_frag_kill When the evictor is running it adds some chosen frags to a local list to be evicted once the chain lock has been released but at the same time the *frag_queue can be running for some of the same queues and it may call inet_frag_kill which will wait on the chain lock and will then delete the queue from the wrong list since it was added in the eviction one. The fix is simple - check if the queue has the evict flag set under the chain lock before deleting it, this is safe because the evict flag is set only under that lock and having the flag set also means that the queue has been detached from the chain list, so no need to delete it again. An important note to make is that we're safe w.r.t refcnt because inet_frag_kill and inet_evict_bucket will sync on the del_timer operation where only one of the two can succeed (or if the timer is executing - none of them), the cases are: 1. inet_frag_kill succeeds in del_timer - then the timer ref is removed, but inet_evict_bucket will not add this queue to its expire list but will restart eviction in that chain 2. inet_evict_bucket succeeds in del_timer - then the timer ref is kept until the evictor "expires" the queue, but inet_frag_kill will remove the initial ref and will set INET_FRAG_COMPLETE which will make the frag_expire fn just to remove its ref. In the end all of the queue users will do an inet_frag_put and the one that reaches 0 will free it. The refcount balance should be okay. CC: Florian Westphal <fw@xxxxxxxxx> CC: Eric Dumazet <eric.dumazet@xxxxxxxxx> CC: Patrick McLean <chutzpah@xxxxxxxxxx> Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue") Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx> Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx> Tested-by: Patrick McLean <chutzpah@xxxxxxxxxx> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Reviewed-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8f4eb70059ee834522ce90a6fce0aa3078c18620 Author: Tej Parkash <tej.parkash@xxxxxxxxxx> Date: Tue Oct 28 01:18:15 2014 -0400 cnic: Update the rcu_access_pointer() usages 1. Remove the rcu_read_lock/unlock around rcu_access_pointer 2. Replace the rcu_dereference with rcu_access_pointer Signed-off-by: Tej Parkash <tej.parkash@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit cd03cf0158449f9f4c19ecb54dfc97d9bd86eeeb Author: Hariprasad Shenai <hariprasad@xxxxxxxxxxx> Date: Mon Oct 27 23:22:10 2014 +0530 cxgb4vf: Replace repetitive pci device ID's with right ones Replaced repetive Device ID's which got added in commit b961f9a48844ecf3 ("cxgb4vf: Remove superfluous "idx" parameter of CH_DEVICE() macro") Signed-off-by: Hariprasad Shenai <hariprasad@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b2ed64a97430a26a63c6ea91c9b50e639a98dfbc Author: Lubomir Rintel <lkundrak@xxxxx> Date: Mon Oct 27 17:39:16 2014 +0100 ipv6: notify userspace when we added or changed an ipv6 token NetworkManager might want to know that it changed when the router advertisement arrives. Signed-off-by: Lubomir Rintel <lkundrak@xxxxx> Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Cc: Daniel Borkmann <dborkman@xxxxxxxxxx> Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d56109020d93337545dd257a790cb429a70acfad Author: WANG Cong <xiyou.wangcong@xxxxxxxxx> Date: Fri Oct 24 16:55:58 2014 -0700 sch_pie: schedule the timer after all init succeed Cc: Vijay Subramanian <vijaynsu@xxxxxxxxx> Cc: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx> Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> commit 068301f2be36a5c1ee9a2521c94b98e343612a88 Merge: 9ffa1fc b77e26d Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 17:26:24 2014 -0400 Merge branch 'cdc-ether' Olivier Blin says: ==================== cdc-ether: handle promiscuous mode Since kernel 3.16, my Lenovo USB network adapters (RTL8153) using cdc-ether are not working anymore in a bridge. This is due to commit c472ab68ad67db23c9907a27649b7dc0899b61f9, which resets the packet filter when the device is bound. The default packet filter set by cdc-ether does not include promiscuous, while the adapter seemed to have promiscuous enabled by default. This patch series allows to support promiscuous mode for cdc-ether, by hooking into set_rx_mode. Incidentally, maybe this device should be handled by the r8152 driver, but this patch series is still nice for other adapters. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Acked-by: Oliver Neukum <oneukum@xxxxxxx> commit b77e26d191590c73b4a982ea3b3b87194069a56a Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:02 2014 +0200 cdc-ether: handle promiscuous mode with a set_rx_mode callback Promiscuous mode was not supported anymore with my Lenovo adapters (RTL8153) since commit c472ab68ad67db23c9907a27649b7dc0899b61f9 (cdc-ether: clean packet filter upon probe). It was not possible to use them in a bridge anymore. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Also-analyzed-by: Loïc Yhuel <loic.yhuel@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d80c679bc1526183f1cf4adc54b0b72e8798555e Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:01 2014 +0200 cdc-ether: extract usbnet_cdc_update_filter function This will be used by the set_rx_mode callback. Also move a comment about multicast filtering in this new function. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1efed2d06c703489342ab6af2951683e07509c99 Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:00 2014 +0200 usbnet: add a callback for set_rx_mode To delegate promiscuous mode and multicast filtering to the subdriver. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9ffa1fcaef222026a8e031830f8db29d3f2cfc47 Merge: ebcf34f 704d33e Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 17:08:56 2014 -0400 Merge branch 'systemport-net' Florian Fainelli says: ==================== net: systemport: RX path and suspend fixes These two patches fix a race condition where we have our RX interrupts enabled, but not NAPI for the RX path, and the second patch fixes an issue for packets stuck in RX fifo during a suspend/resume cycle. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 Author: Florian Fainelli <f.fainelli@xxxxxxxxx> Date: Tue Oct 28 11:12:01 2014 -0700 net: systemport: reset UniMAC coming out of a suspend cycle bcm_sysport_resume() was missing an UniMAC reset which can lead to various receive FIFO corruptions coming out of a suspend cycle. If the RX FIFO is stuck, it will deliver corrupted/duplicate packets towards the host CPU interface. This could be reproduced on crowded network and when Wake-on-LAN is enabled for this particular interface because the switch still forwards packets towards the host CPU interface (SYSTEMPORT), and we had to leave the UniMAC RX enable bit on to allow matching MagicPackets. Once we re-enter the resume function, there is a small window during which the UniMAC receive is still enabled, and we start queueing packets, but the RDMA and RBUF engines are not ready, which leads to having packets stuck in the UniMAC RX FIFO, ultimately delivered towards the host CPU as corrupted. Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support") Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 Author: Florian Fainelli <f.fainelli@xxxxxxxxx> Date: Tue Oct 28 11:12:00 2014 -0700 net: systemport: enable RX interrupts after NAPI There is currently a small window during which the SYSTEMPORT adapter enables its RX interrupts without having enabled its NAPI handler, which can result in packets to be discarded during interface bringup. A similar but more serious window exists in bcm_sysport_resume() during which we can have the RDMA engine not fully prepared to receive packets and yet having RX interrupts enabled. Fix this my moving the RX interrupt enable down to bcm_sysport_netif_start() after napi_enable() for the RX path is called, which fixes both call sites: bcm_sysport_open() and bcm_sysport_resume(). Fixes: b02e6d9ba7ad ("net: systemport: add bcm_sysport_netif_{enable,stop}") Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ebcf34f3d4be11f994340aff629f3c17171a4f65 Author: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Date: Sun Oct 26 19:14:06 2014 -0700 skbuff.h: fix kernel-doc warning for headers_end Fix kernel-doc warning in <linux/skbuff.h> by making both headers_start and headers_end private fields. Warning(..//include/linux/skbuff.h:654): No description found for parameter 'headers_end[0]' Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 99d881f993f066c75059d24e44c74f7a3fc199bc Author: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx> Date: Sun Oct 26 14:22:24 2014 -0500 net: phy: Add SGMII Configuration for Marvell 88E1145 Initialization Marvell phy 88E1145 configuration & initialization was missing a case for initializing SGMII mode. This patch adds that case. Signed-off-by: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 47276fcc2d542e7b15e384c08b1709c1921b06c1 Author: Mugunthan V N <mugunthanvnm@xxxxxx> Date: Fri Oct 24 18:51:33 2014 +0530 drivers: net:cpsw: fix probe_dt when only slave 1 is pinned out when slave 0 has no phy and slave 1 connected to phy, driver probe will fail as there is no phy id present for slave 0 device tree, so continuing even though no phy-id found, also moving mac-id read later to ensure mac-id is read from device tree even when phy-id entry in not found. Signed-off-by: Mugunthan V N <mugunthanvnm@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 25946f20b775f5c630d4326dd7a7f1df0576eb57 Merge: 3923d68 99c8140 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 15:30:15 2014 -0400 Merge tag 'master-2014-10-27' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2014-10-28 Please pull this batch of fixes intended for the 3.18 stream! For the mac80211 bits, Johannes says: "Here are a few fixes for the wireless stack: one fixes the RTS rate, one for a debugfs file, one to return the correct channel to userspace, a sanity check for a userspace value and the remaining two are just documentation fixes." For the iwlwifi bits, Emmanuel says: "I revert here a patch that caused interoperability issues. dvm gets a fix for a bug that was reported by many users. Two minor fixes for BT Coex and platform power fix that helps reducing latency when the PCIe link goes to low power states." In addition... Felix Fietkau adds a couple of ath code fixes related to regulatory rule enforcement. Hauke Mehrtens fixes a build break with bcma when CONFIG_OF_ADDRESS is not set. Karsten Wiese provides a trio of minor fixes for rtl8192cu. Kees Cook prevents a potential information leak in rtlwifi. Larry Finger also brings a trio of minor fixes for rtlwifi. RafaÅ? MiÅ?ecki adds a device ID to the bcma bus driver. Rickard Strandqvist offers some strn* -> strl* changes in brcmfmac to eliminate non-terminated string issues. Sujith Manoharan avoids some ath9k stalls by enabling HW queue control only for MCC. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3923d68dc05033aa843b67d73110a6d402ac6e14 Merge: f89b775 c146b77 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 15:28:30 2014 -0400 Merge branch 'dsa-net' Andrew Lunn says: ==================== DSA tagging mismatches The second patch is a fix, which should be applied to -rc. It is possible to get a DSA configuration which does not work. The patch stops this happening. The first patch detects this situation, and errors out the probe of DSA, making it more obvious something is wrong. It is not required to apply it -rc. v2 fixes the use case pointed out by Florian, that a switch driver may use DSA_TAG_PROTO_NONE which the patch did not correctly handle. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c146b7788e5721ec15bc0197bedf75849508e7ea Author: Andrew Lunn <andrew@xxxxxxx> Date: Fri Oct 24 23:44:05 2014 +0200 dsa: mv88e6171: Fix tagging protocol/Kconfig The mv88e6171 can support two different tagging protocols, DSA and EDSA. The switch driver structure only allows one protocol to be enumerated, and DSA was chosen. However the Kconfig entry ensures the EDSA tagging code is built. With a minimal configuration, we then end up with a mismatch. The probe is successful, EDSA tagging is used, but the switch is configured for DSA, resulting in mangled packets. Change the switch driver structure to enumerate EDSA, fixing the mismatch. Signed-off-by: Andrew Lunn <andrew@xxxxxxx> Fixes: 42f272539487 ("net: DSA: Marvell mv88e6171 switch driver") Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ae439286a0dec99cc8029868243689b5b5f3ff75 Author: Andrew Lunn <andrew@xxxxxxx> Date: Fri Oct 24 23:44:04 2014 +0200 net: dsa: Error out on tagging protocol mismatches If there is a mismatch between enabled tagging protocols and the protocol the switch supports, error out, rather than continue with a situation which is unlikely to work. Signed-off-by: Andrew Lunn <andrew@xxxxxxx> cc: alexander.h.duyck@xxxxxxxxx Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3d53666b40007b55204ee8890618da79a20c9940 Author: Alex Gartrell <agartrell@xxxxxx> Date: Mon Oct 6 08:46:19 2014 -0700 ipvs: Avoid null-pointer deref in debug code Use daddr instead of reaching into dest. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Alex Gartrell <agartrell@xxxxxx> Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx> commit f89b7755f517cdbb755d7543eef986ee9d54e654 Author: Alexei Starovoitov <ast@xxxxxxxxxxxx> Date: Thu Oct 23 18:41:08 2014 -0700 bpf: split eBPF out of NET introduce two configs: - hidden CONFIG_BPF to select eBPF interpreter that classic socket filters depend on - visible CONFIG_BPF_SYSCALL (default off) that tracing and sockets can use that solves several problems: - tracing and others that wish to use eBPF don't need to depend on NET. They can use BPF_SYSCALL to allow loading from userspace or select BPF to use it directly from kernel in NET-less configs. - in 3.18 programs cannot be attached to events yet, so don't force it on - when the rest of eBPF infra is there in 3.19+, it's still useful to switch it off to minimize kernel size bloat-o-meter on x64 shows: add/remove: 0/60 grow/shrink: 0/2 up/down: 0/-15601 (-15601) tested with many different config combinations. Hopefully didn't miss anything. Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx> Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8ae3c911b9efcca653c552a9c74957a6cb04a87d Merge: 5d26b1f 3bb0626 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 27 19:00:16 2014 -0400 Merge branch 'cxgb4-net' Anish Bhatt says: ==================== cxgb4 : DCBx fixes for apps/host lldp agents This patchset contains some minor fixes for cxgb4 DCBx code. Chiefly, cxgb4 was not cleaning up any apps added to kernel app table when link was lost. Disabling DCBx in firmware would automatically set DCBx state to host-managed and enabled, we now wait for an explicit enable call from an lldp agent instead First patch was originally sent to net-next, but considering it applies to correcting behaviour of code already in net, I think it qualifies as a bug fix. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3bb062613b1ecbd0c388106f61344d699f7859ec Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Thu Oct 23 14:37:31 2014 -0700 cxgb4 : Handle dcb enable correctly Disabling DCBx in firmware automatically enables DCBx for control via host lldp agents. Wait for an explicit setstate call from an lldp agents to enable DCBx instead. Fixes: 76bcb31efc06 ("cxgb4 : Add DCBx support codebase and dcbnl_ops") Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 2376c879b80c83424a3013834be97fb9fe2d4180 Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Thu Oct 23 14:37:30 2014 -0700 cxgb4 : Improve handling of DCB negotiation or loss thereof Clear out any DCB apps we might have added to kernel table when we lose DCB sync (or IEEE equivalent event). These were previously left behind and not cleaned up correctly. IEEE allows individual components to work independently, so improve check for IEEE completion by specifying individual components. Fixes: 10b0046685ab ("cxgb4: IEEE fixes for DCBx state machine") Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5d26b1f50a610fb28700cdc3446590495a5f607c Merge: 93a35f5 7965ee9 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 27 18:47:40 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Allow to recycle a TCP port in conntrack when the change role from server to client, from Marcelo Leitner. 2) Fix possible off by one access in ip_set_nfnl_get_byindex(), patch from Dan Carpenter. 3) alloc_percpu returns NULL on error, no need for IS_ERR() in nf_tables chain statistic updates. From Sabrina Dubroca. 4) Don't compile ip options in bridge netfilter, this mangles the packet and bridge should not alter layer >= 3 headers when forwarding packets. Patch from Herbert Xu and tested by Florian Westphal. 5) Account the final NLMSG_DONE message when calculating the size of the nflog netlink batches. Patch from Florian Westphal. 6) Fix a possible netlink attribute length overflow with large packets. Again from Florian Westphal. 7) Release the skbuff if nfnetlink_log fails to put the final NLMSG_DONE message. This fixes a leak on error. This shouldn't ever happen though, otherwise this means we miscalculate the netlink batch size, so spot a warning if this ever happens so we can track down the problem. This patch from Houcheng Lin. 8) Look at the right list when recycling targets in the nft_compat, patch from Arturo Borrero. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7965ee93719921ea5978f331da653dfa2d7b99f5 Author: Arturo Borrero <arturo.borrero.glez@xxxxxxxxx> Date: Sun Oct 26 12:22:40 2014 +0100 netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops() The code looks for an already loaded target, and the correct list to search is nft_target_list, not nft_match_list. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 99c814066e75d09e6a38574c6c395f022a04b730 Merge: fad1dbc 11b2357 Author: John W. Linville <linville@xxxxxxxxxxxxx> Date: Mon Oct 27 13:38:15 2014 -0400 Merge tag 'mac80211-for-john-2014-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg <johannes@xxxxxxxxxxxxxxxx> says: "Here are a few fixes for the wireless stack: one fixes the RTS rate, one for a debugfs file, one to return the correct channel to userspace, a sanity check for a userspace value and the remaining two are just documentation fixes." Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit fad1dbc8efb4e51e121c745a99c0fb22b420a5c6 Merge: 0805420 7f2ac8f Author: John W. Linville <linville@xxxxxxxxxxxxx> Date: Mon Oct 27 13:35:59 2014 -0400 Merge tag 'iwlwifi-for-john-2014-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes Emmanuel Grumbach <egrumbach@xxxxxxxxx> says: "I revert here a patch that caused interoperability issues. dvm gets a fix for a bug that was reported by many users. Two minor fixes for BT Coex and platform power fix that helps reducing latency when the PCIe link goes to low power states." Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 93a35f59f1b13a02674877e3efdf07ae47e34052 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 23 06:30:30 2014 -0700 net: napi_reuse_skb() should check pfmemalloc Do not reuse skb if it was pfmemalloc tainted, otherwise future frame might be dropped anyway. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit aa9c5579153535fb317a9d34c7d8eaf02b7ef4cd Merge: b71e821 bf1bac5 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Sun Oct 26 22:46:08 2014 -0400 Merge branch 'mellanox' Eli Cohen says: ==================== irq sync fixes This two patch series fixes a race where an interrupt handler could access a freed memory. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit bf1bac5b7882daa41249f85fbc97828f0597de5c Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx> Date: Thu Oct 23 15:57:27 2014 +0300 net/mlx4_core: Call synchronize_irq() before freeing EQ buffer After moving the EQ ownership to software effectively destroying it, call synchronize_irq() to ensure that any handler routines running on other CPU cores finish execution. Only then free the EQ buffer. The same thing is done when we destroy a CQ which is one of the sources generating interrupts. In the case of CQ we want to avoid completion handlers on a CQ that was destroyed. In the case we do the same to avoid receiving asynchronous events after the EQ has been destroyed and its buffers freed. Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 96e4be06cbfcb8c9c2da7c77bacce0e56b581c0b Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx> Date: Thu Oct 23 15:57:26 2014 +0300 net/mlx5_core: Call synchronize_irq() before freeing EQ buffer After destroying the EQ, the object responsible for generating interrupts, call synchronize_irq() to ensure that any handler routines running on other CPU cores finish execution. Only then free the EQ buffer. This patch solves a very rare case when we get panic on driver unload. The same thing is done when we destroy a CQ which is one of the sources generating interrupts. In the case of CQ we want to avoid completion handlers on a CQ that was destroyed. In the case we do the same to avoid receiving asynchronous events after the EQ has been destroyed and its buffers freed. Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b71e821de50f0ff92f10f33064ee1713e9014158 Author: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Date: Thu Oct 23 10:25:53 2014 +0200 drivers: net: xgene: Rewrite buggy loop in xgene_enet_ecc_init() drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c: In function â??xgene_enet_ecc_initâ??: drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c:126: warning: â??dataâ?? may be used uninitialized in this function Depending on the arbitrary value on the stack, the loop may terminate too early, and cause a bogus -ENODEV failure. Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 013f6579c6e4f9517127a176bfc37bbac0b766cb Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Wed Oct 22 20:06:29 2014 -0700 i40e: _MASK vs _SHIFT typo in i40e_handle_mdd_event() We accidentally mask by the _SHIFT variable. It means that "event" is always zero. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Tested-by: Jim Young <jamesx.m.young@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit fe0ca7328d03d36aafecebb3af650e1bb2841c20 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Wed Oct 22 19:43:46 2014 -0700 macvlan: fix a race on port dismantle and possible skb leaks We need to cancel the work queue after rcu grace period, otherwise it can be rescheduled by incoming packets. We need to purge queue if some skbs are still in it. We can use __skb_queue_head_init() variant in macvlan_process_broadcast() Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 412ca1550cbec ("macvlan: Move broadcasts into a work queue") Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 349ce993ac706869d553a1816426d3a4bfda02b1 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 23 12:58:58 2014 -0700 tcp: md5: do not use alloc_percpu() percpu tcp_md5sig_pool contains memory blobs that ultimately go through sg_set_buf(). -> sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); This requires that whole area is in a physically contiguous portion of memory. And that @buf is not backed by vmalloc(). Given that alloc_percpu() can use vmalloc() areas, this does not fit the requirements. Replace alloc_percpu() by a static DEFINE_PER_CPU() as tcp_md5sig_pool is small anyway, there is no gain to dynamically allocate it. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 765cf9976e93 ("tcp: md5: remove one indirection level in tcp_md5sig_pool") Reported-by: Crestez Dan Leonard <cdleonard@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 4cc40af08032a513e2e68fa6d7818b77179a86af Merge: 5345c1d ecf08d2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Sat Oct 25 14:15:25 2014 -0400 Merge branch 'xen-netback' David Vrabel says: ==================== xen-netback: guest Rx queue drain and stall fixes This series fixes two critical xen-netback bugs. 1. Netback may consume all of host memory by queuing an unlimited number of skb on the internal guest Rx queue. This behaviour is guest triggerable. 2. Carrier flapping under high traffic rates which reduces performance. The first patch is a prerequite. Removing support for frontends with feature-rx-notify makes it easier to reason about the correctness of netback since it no longer has to support this outdated and broken mode. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ecf08d2dbb96d5a4b4bcc53a39e8d29cc8fef02e Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:55 2014 +0100 xen-netback: reintroduce guest Rx stall detection If a frontend not receiving packets it is useful to detect this and turn off the carrier so packets are dropped early instead of being queued and drained when they expire. A to-guest queue is stalled if it doesn't have enough free slots for a an extended period of time (default 60 s). If at least one queue is stalled, the carrier is turned off (in the expectation that the other queues will soon stall as well). The carrier is only turned on once all queues are ready. When the frontend connects, all the queues start in the stalled state and only become ready once the frontend queues enough Rx requests. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f48da8b14d04ca87ffcffe68829afd45f926ec6a Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:54 2014 +0100 xen-netback: fix unlimited guest Rx internal queue and carrier flapping Netback needs to discard old to-guest skb's (guest Rx queue drain) and it needs detect guest Rx stalls (to disable the carrier so packets are discarded earlier), but the current implementation is very broken. 1. The check in hard_start_xmit of the slot availability did not consider the number of packets that were already in the guest Rx queue. This could allow the queue to grow without bound. The guest stops consuming packets and the ring was allowed to fill leaving S slot free. Netback queues a packet requiring more than S slots (ensuring that the ring stays with S slots free). Netback queue indefinately packets provided that then require S or fewer slots. 2. The Rx stall detection is not triggered in this case since the (host) Tx queue is not stopped. 3. If the Tx queue is stopped and a guest Rx interrupt occurs, netback will consider this an Rx purge event which may result in it taking the carrier down unnecessarily. It also considers a queue with only 1 slot free as unstalled (even though the next packet might not fit in this). The internal guest Rx queue is limited by a byte length (to 512 Kib, enough for half the ring). The (host) Tx queue is stopped and started based on this limit. This sets an upper bound on the amount of memory used by packets on the internal queue. This allows the estimatation of the number of slots for an skb to be removed (it wasn't a very good estimate anyway). Instead, the guest Rx thread just waits for enough free slots for a maximum sized packet. skbs queued on the internal queue have an 'expires' time (set to the current time plus the drain timeout). The guest Rx thread will detect when the skb at the head of the queue has expired and discard expired skbs. This sets a clear upper bound on the length of time an skb can be queued for. For a guest being destroyed the maximum time needed to wait for all the packets it sent to be dropped is still the drain timeout (10 s) since it will not be sending new packets. Rx stall detection is reintroduced in a later commit. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit bc96f648df1bbc2729abbb84513cf4f64273a1f1 Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:53 2014 +0100 xen-netback: make feature-rx-notify mandatory Frontends that do not provide feature-rx-notify may stall because netback depends on the notification from frontend to wake the guest Rx thread (even if can_queue is false). This could be fixed but feature-rx-notify was introduced in 2006 and I am not aware of any frontends that do not implement this. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5345c1d417c1b0caf46fd2766d16bb4357a347d8 Author: Richard Cochran <richardcochran@xxxxxxxxx> Date: Wed Oct 22 21:35:15 2014 +0200 ptp: restore the makefile for building the test program. This patch brings back the makefile called testptp.mk which was removed in commit adb19fb66eee (Documentation: add makefiles for more targets). While the idea of that commit was to improve build coverage of the examples, the new Makefile is unable to cross compile the testptp program. In contrast, the deleted makefile was able to do this just fine. This patch fixes the regression by restoring the original makefile. Signed-off-by: Richard Cochran <richardcochran@xxxxxxxxx> Acked-by: Peter Foley <pefoley2@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b51d3fa364885a2c1e1668f88776c67c95291820 Author: Houcheng Lin <houcheng@xxxxxxxxx> Date: Thu Oct 23 10:36:08 2014 +0200 netfilter: nf_log: release skbuff on nlmsg put failure The kernel should reserve enough room in the skb so that the DONE message can always be appended. However, in case of e.g. new attribute erronously not being size-accounted for, __nfulnl_send() will still try to put next nlmsg into this full skbuf, causing the skb to be stuck forever and blocking delivery of further messages. Fix issue by releasing skb immediately after nlmsg_put error and WARN() so we can track down the cause of such size mismatch. [ fw@xxxxxxxxx: add tailroom/len info to WARN ] Signed-off-by: Houcheng Lin <houcheng@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Author: Florian Westphal <fw@xxxxxxxxx> Date: Thu Oct 23 10:36:07 2014 +0200 netfilter: nfnetlink_log: fix maximum packet length logged to userspace don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work. The nla length includes the size of the nla struct, so anything larger results in u16 integer overflow. This patch is similar to 9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage). Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Author: Florian Westphal <fw@xxxxxxxxx> Date: Thu Oct 23 10:36:06 2014 +0200 netfilter: nf_log: account for size of NLMSG_DONE attribute We currently neither account for the nlattr size, nor do we consider the size of the trailing NLMSG_DONE when allocating nlmsg skb. This can result in nflog to stop working, as __nfulnl_send() re-tries sending forever if it failed to append NLMSG_DONE (which will never work if buffer is not large enough). Reported-by: Houcheng Lin <houcheng@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7677e86843e2136a9b05549a9ca47d4f744565b6 Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Sat Oct 4 22:18:02 2014 +0800 bridge: Do not compile options in br_parse_ip_options Commit 462fb2af9788a82a534f8184abfde31574e1cfa0 bridge : Sanitize skb before it enters the IP stack broke when IP options are actually used because it mangles the skb as if it entered the IP stack which is wrong because the bridge is supposed to operate below the IP stack. Since nobody has actually requested for parsing of IP options this patch fixes it by simply reverting to the previous approach of ignoring all IP options, i.e., zeroing the IPCB. If and when somebody who uses IP options and actually needs them to be parsed by the bridge complains then we can revisit this. Reported-by: David Newall <davidn@xxxxxxxxxxxxxxx> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Tested-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7f2ac8fb31896c9fb70dbd2a2e6642b79996fc13 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Thu Oct 23 08:53:21 2014 +0300 iwlwifi: pcie: fix polling in various places iwl_poll_bit may return a strictly positive value when the poll doesn't match on the first try. This was caught when WoWLAN started failing upon resume even if the poll_bit actually succeeded. Also change a wrong print. If we reach the end of iwl_pcie_prepare_card_hw, it means that we couldn't get the devices. Reviewed-by: Johannes Berg <johannes.berg@xxxxxxxxx> Reviewed-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 1ffde699aae127e7abdb98dbdedc2cc6a973a1a1 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Oct 20 08:29:55 2014 +0300 Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" This reverts commit aa11bbf3df026d6b1c6b528bef634fd9de7c2619. This commit was causing connection issues and is not needed if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default. Regardless of the issues mentioned above, this patch added the following WARNING: WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]() Got an HT rate for a non data frame 0x8 CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G O 3.17.0+ #6 Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 07/02/2014 0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52 0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600 0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020 Call Trace: [<ffffffff814fa911>] ? dump_stack+0x41/0x51 [<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90 [<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50 [<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm] [<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm] [<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm] [<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211] [<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211] [<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211] [<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0 [<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0 [<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0 [<ffffffff8142f670>] ? ether_setup+0x70/0x70 [<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110 [<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40 [<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0 [<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60 [<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0 [<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180 [<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70 [<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f ---[ end trace cc19a150d311fc63 ]--- which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691 CC: <stable@xxxxxxxxxxxxxxx> [3.13+] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit a0855054e59b0c5b2b00237fdb5147f7bcc18efb Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Sun Oct 5 09:11:14 2014 +0300 iwlwifi: dvm: drop non VO frames when flushing When mac80211 wants to ensure that a frame is sent, it calls the flush() callback. Until now, iwldvm implemented this by waiting that all the frames are sent (ACKed or timeout). In case of weak signal, this can take a significant amount of time, delaying the next connection (in case of roaming). Many users have reported that the flush would take too long leading to the following error messages to be printed: iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2 iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201 iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00 [snip] iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000 [snip] iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 [9,9] [snip] Instead of waiting for these packets, simply drop them. This significantly improves the responsiveness of the network. Note that all the queues are flushed, but the VO one. This is not typically used by the applications and it likely contains management frames that are useful for connection or roaming. This bug is tracked here: https://bugzilla.kernel.org/show_bug.cgi?id=56581 But it is duplicated in distributions' trackers. A simple search in Ubuntu's database led to these bugs: https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809 Cc: <stable@xxxxxxxxxxxxxxx> Depends-on: 77be2c54c5bd ("mac80211: add vif to flush call") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit a6cc5163149532734b84c86cbffa4994e527074b Author: Matti Gottlieb <matti.gottlieb@xxxxxxxxx> Date: Mon Sep 29 11:46:04 2014 +0300 iwlwifi: mvm: ROC - bug fixes around time events and locking Don't add the time event to the list. We added it several times the same time event, which leads to an infinite loop when walking the list. Since we (currently) don't support more than one ROC for STA vif at a time, enforce this and don't add the time event to any list. We were also missing the locking of the mutex which led to a lockdep splat - fix that. Signed-off-by: Matti Gottlieb <matti.gottlieb@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 79b7a69d730180d8bf535e52fe2b4f3dd5904007 Author: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx> Date: Sun Sep 14 12:40:00 2014 +0300 iwlwifi: mvm: Add tx power condition to bss_info_changed_ap_ibss The tx power should be limited from many reasons. currently, setting the tx power is available by the mvm only for station interface. Adding the tx power condition to bss_info_changed_ap_ibss make it available also for AP. Signed-off-by: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 3856b78c1be32a2afe0618c7a84e05ff8c03cf10 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Sep 22 12:03:41 2014 +0300 iwlwifi: mvm: BT coex - fix BT prio for probe requests The probe requests sent during scan must get BT prio 3. Fix that. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit d14b28fd2c61af0bf310230472e342864d799c98 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Sep 22 16:12:24 2014 +0300 iwlwifi: mvm: BT Coex - update the MPLUT Boost register value Cc: <stable@xxxxxxxxxxxxxxx> [3.16+] Fixes: 2adc8949efab ("iwlwifi: mvm: BT Coex - fix boost register / LUT values") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 405b7338abc5ceac4a420ce7f49cc9b530d4e78b Author: Liad Kaufman <liad.kaufman@xxxxxxxxx> Date: Tue Sep 23 15:15:17 2014 +0300 iwlwifi: 8000: fix string given to MODULE_FIRMWARE I changed the string but forgot to update the fix also to MODULE_FIRMWARE(). Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 9180ac50716a097a407c6d7e7e4589754a922260 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Tue Sep 23 23:02:41 2014 +0300 iwlwifi: configure the LTR The LTR is the handshake between the device and the root complex about the latency allowed when the bus exits power save. This configuration was missing and this led to high latency in the link power up. The end user could experience high latency in the network because of this. Cc: <stable@xxxxxxxxxxxxxxx> [3.10+] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 08054200117a95afc14c3d2ed3a38bf4e345bf78 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Thu Oct 23 11:27:09 2014 -0500 rtlwifi: Add check for get_btc_status callback Drivers that do not use the get_btc_status() callback may not define a dummy routine. The caller needs to check before making the call. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Cc: Mike Galbraith <umgwanakikbuti@xxxxxxxxx> Cc: Thadeu Cascardo <cascardo@xxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 763254516187015cb5b391553af35c6ed1f4bb36 Author: Felix Fietkau <nbd@xxxxxxxxxxx> Date: Wed Oct 22 18:17:35 2014 +0200 ath9k_common: always update value in ath9k_cmn_update_txpow In some cases the limit may be the same as reg->power_limit, but the actual value that the hardware uses is not up to date. In that case, a wrong value for current tx power is tracked internally. Fix this by unconditionally updating it. Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 4f2b244c7d5b81ce4f0c6c0382f3a3b7c2dbec1c Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:34 2014 +0200 rtl8192cu: Prevent Ooops under rtl92c_set_fw_rsvdpagepkt rtl92c_set_fw_rsvdpagepkt is used by rtl8192cu and its pci sibling rtl8192ce. rtl_cmd_send_packet crashes when called inside rtl8192cu because it works on memory allocated only by rtl8192ce. Fix the crash by calling a dummy function when used in rtl8192cu. Comparision with the realtek vendor driver makes me think, something is missing in the dummy function. Short test as WPA2 station show good results connected to an 802.11g basestation. Traffic stops after few MBytes as WPA2 station connected to an 802.11n basestation. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit cefe3dfdb9f5f498cae9871f7e52800f5e22c614 Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:33 2014 +0200 rtl8192cu: Call ieee80211_register_hw from rtl_usb_probe In a previous patch the call to ieee80211_register_hw was moved from the load firmware callback to the rtl_pci_probe only. rt8192cu also uses this callback. Currently it doesnt create a wlan%d device. Fill in the call to ieee80211_register_hw in rtl_usb_probe. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit b2d624a5810203a1a8b7735e1ec5685109b22fc3 Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:32 2014 +0200 rtl8192cu: Fix for rtlwifi's bluetooth coexist functionality Initialize function pointer with a function indicating bt coexist is not there. Prevents Ooops. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 94e05900770c0abe31200881df93e41d296fe8bd Author: Felix Fietkau <nbd@xxxxxxxxxxx> Date: Wed Oct 22 15:27:53 2014 +0200 ath: use CTL region from cfg80211 if unset in EEPROM Many AP devices do not have the proper regulatory domain programmed in EEPROM. Instead they expect the software to set the appropriate region. For these devices, the country code defaults to US, and the driver uses the US CTL tables as well. On devices bought in Europe this can lead to tx power being set too high on the band edges, even if the cfg80211 regdomain is set correctly. Fix this issue by taking into account the DFS region, but only when the EEPROM regdomain is set to default. Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit d514aefb8ce89562ef2d7dcddc530e5de6287c4b Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Tue Oct 21 10:52:51 2014 -0500 rtlwifi: rtl8821ae: Fix possible array overrun The kbuild test robot reported a possible array overrun. The affected code checks for overruns, but fails to take the steps necessary to fix them. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 868caae3fe2e35e2353d86af95e03eeaa9439d97 Author: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx> Date: Tue Oct 21 19:23:02 2014 +0530 ath9k: Enable HW queue control only for MCC Enabling HW queue control for normal (non-mcc) mode causes problems with queue management, resulting in traffic stall. Since it is mainly required for fairness in MCC mode, disable it for the general case. Bug: https://dev.openwrt.org/ticket/18164 Cc: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 598a0df07fc6c4642f9b0497cef1233e41d4c987 Author: Kees Cook <keescook@xxxxxxxxxxxx> Date: Mon Oct 20 14:57:08 2014 -0700 rtlwifi: prevent format string usage from leaking Use "%s" in the workqueue allocation to make sure the rtl_hal_cfg name can never accidentally leak information via a format string. Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 34b6d4299923ec9101bbf364440cee36420b3fc0 Author: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx> Date: Wed Oct 15 07:51:44 2014 +0200 bcma: add another PCI ID of device with BCM43228 It was found attached to the BCM47081A0 SoC. Log: bcma: bus0: Found chip with id 43228, rev 0x00 and package 0x08 Signed-off-by: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 59dfdd92288e55bed374309a9944c3a95b4e13c9 Author: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> Date: Sun Oct 12 13:42:14 2014 +0200 brcmfmac: dhd_sdio.c: Cleaning up missing null-terminate in conjunction with strncpy Replacing strncpy with strlcpy to avoid strings that lacks null terminate. And changed from using strncat to strlcat to simplify code. Signed-off-by: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 47481d977cb2987ab363202c68a79ec1bccd357c Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Sat Oct 11 12:59:53 2014 -0500 rtlwifi: rtl8192ee: Prevent log spamming for switch statements The driver logs a message when the default branch of switch statements are taken. Such information is useful when debugging, but these log items should not be seen for standard usage. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 78afe83c3b008e25123bd1be36ee4b6595e595d1 Author: Hauke Mehrtens <hauke@xxxxxxxxxx> Date: Thu Oct 9 23:39:41 2014 +0200 bcma: fix build when CONFIG_OF_ADDRESS is not set Commit 2101e533f41a ("bcma: register bcma as device tree driver") introduces a hard dependency on OF_ADDRESS into the bcma driver. OF_ADDRESS is specifically disabled for the sparc architecture. This results in the following error when building sparc64:allmodconfig. drivers/bcma/main.c: In function 'bcma_of_find_child_device': drivers/bcma/main.c:150:3: error: implicit declaration of function 'of_translate_address' Fixes: 2101e533f41a ("bcma: register bcma as device tree driver") Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx> Signed-off-by: Hauke Mehrtens <hauke@xxxxxxxxxx> Reviewed-by: Guenter Roeck <linux@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 942396b01989d54977120f3625e5ba31afe7a75c Author: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Date: Wed Oct 22 13:47:18 2014 -0700 hyperv: Fix the total_data_buflen in send path total_data_buflen is used by netvsc_send() to decide if a packet can be put into send buffer. It should also include the size of RNDIS message before the Ethernet frame. Otherwise, a messge with total size bigger than send_section_size may be copied into the send buffer, and cause data corruption. [Request to include this patch to the Stable branches] Signed-off-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Reviewed-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f765678e325b4ae3e2fbdb304fc2d5ee018aa860 Merge: 81f35ff 55ca6bc Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Wed Oct 22 17:50:39 2014 -0400 Merge branch 'amd-xgbe' Tom Lendacky says: ==================== amd-xgbe: AMD XGBE driver fixes 2014-10-22 The following series of patches includes fixes to the driver. - Properly handle feature changes via ethtool by using correctly sized variables - Perform proper napi packet counting and budget checking This patch series is based on net. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 55ca6bcd733b739d5667d48d7591899f376dcfb8 Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx> Date: Wed Oct 22 11:26:17 2014 -0500 amd-xgbe: Fix napi Rx budget accounting Currently the amd-xgbe driver increments the packets processed counter each time a descriptor is processed. Since a packet can be represented by more than one descriptor incrementing the counter in this way is not appropriate. Also, since multiple descriptors cause the budget check to be short circuited, sometimes the returned value from the poll function would be larger than the budget value resulting in a WARN_ONCE being triggered. Update the polling logic to properly account for the number of packets processed and exit when the budget value is reached. Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 386f1c9650b7fe4849d2942bd42f41f0ca3aedfb Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx> Date: Wed Oct 22 11:26:11 2014 -0500 amd-xgbe: Properly handle feature changes via ethtool The ndo_set_features callback function was improperly using an unsigned int to save the current feature value for features such as NETIF_F_RXCSUM. Since that feature is in the upper 32 bits of a 64 bit variable the result was always 0 making it not possible to actually turn off the hardware RX checksum support. Change the unsigned int type to the netdev_features_t type in order to properly capture the current value and perform the proper operation. Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 81f35ffde0e95ee18de83646bbf93dda55d9cc8b Author: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> Date: Wed Oct 22 16:34:35 2014 +0200 net: fec: ptp: fix NULL pointer dereference if ptp_clock is not set Since commit 278d24047891 (net: fec: ptp: Enable PPS output based on ptp clock) fec_enet_interrupt calls fec_ptp_check_pps_event unconditionally, which calls into ptp_clock_event. If fep->ptp_clock is NULL, ptp_clock_event tries to dereference the NULL pointer. Since on i.MX53 fep->bufdesc_ex is not set, fec_ptp_init is never called, and fep->ptp_clock is NULL, which reliably causes a kernel panic. This patch adds a check for fep->ptp_clock == NULL in fec_enet_interrupt. Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9e7ceb060754f134231f68cb29d5db31419fe1ed Author: Sathya Perla <sathya.perla@xxxxxxxxxx> Date: Wed Oct 22 21:42:01 2014 +0530 net: fix saving TX flow hash in sock for outgoing connections The commit "net: Save TX flow hash in sock and set in skbuf on xmit" introduced the inet_set_txhash() and ip6_set_txhash() routines to calculate and record flow hash(sk_txhash) in the socket structure. sk_txhash is used to set skb->hash which is used to spread flows across multiple TXQs. But, the above routines are invoked before the source port of the connection is created. Because of this all outgoing connections that just differ in the source port get hashed into the same TXQ. This patch fixes this problem for IPv4/6 by invoking the the above routines after the source port is available for the socket. Fixes: b73c3d0e4("net: Save TX flow hash in sock and set in skbuf on xmit") Signed-off-by: Sathya Perla <sathya.perla@xxxxxxxxxx> Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 789f202326640814c52f82e80cef3584d8254623 Author: Li RongQing <roy.qing.li@xxxxxxxxx> Date: Wed Oct 22 17:09:53 2014 +0800 xfrm6: fix a potential use after free in xfrm6_policy.c pskb_may_pull() maybe change skb->data and make nh and exthdr pointer oboslete, so recompute the nd and exthdr Signed-off-by: Li RongQing <roy.qing.li@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8751b12cd93cc37337256f650e309b8364d40b35 Author: LEROY Christophe <christophe.leroy@xxxxxx> Date: Wed Oct 22 09:05:47 2014 +0200 net: fs_enet: set back promiscuity mode after restart After interface restart (eg: after link disconnection/reconnection), the bridge function doesn't work anymore. This is due to the promiscuous mode being cleared by the restart. The mac-fcc already includes code to set the promiscuous mode back during the restart. This patch adds the same handling to mac-fec and mac-scc. Tested with bridge function on MPC885 with FEC. Reported-by: Germain Montoies <germain.montoies@xxxxxx> Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit a63ba13eec092b70d4e5522d692eaeb2f9747387 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Tue Oct 21 16:06:05 2014 +0200 net: tso: fix unaligned access to crafted TCP header in helper API The crafted header start address is from a driver supplied buffer, which one can reasonably expect to be aligned on a 4-bytes boundary. However ATM the TSO helper API is only used by ethernet drivers and the tcp header will then be aligned to a 2-bytes only boundary from the header start address. Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Cc: Ezequiel Garcia <ezequiel.garcia@xxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8fc963515e893867330dec87464e9edc5204c024 Author: Jon Cooper <jcooper@xxxxxxxxxxxxxx> Date: Tue Oct 21 14:50:29 2014 +0100 sfc: remove incorrect EFX_BUG_ON_PARANOID check write_count and insert_count can wrap around, making > check invalid. Fixes: 70b33fb0ddec827cbbd14cdc664fc27b2ef4a6b6 ("sfc: add support for skb->xmit_more"). Signed-off-by: Edward Cree <ecree@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c123bb7163043bb8f33858cf8e45b01c17dbd171 Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Date: Tue Oct 21 11:08:21 2014 +0200 netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation alloc_percpu returns NULL on failure, not a negative error code. Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic routines") Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Tue Oct 21 11:28:12 2014 +0300 netfilter: ipset: off by one in ip_set_nfnl_get_byindex() The ->ip_set_list[] array is initialized in ip_set_net_init() and it has ->ip_set_max elements so this check should be >= instead of > otherwise we are off by one. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit e37ad9fd636071e45368d1d9cc3b7b421281ce7f Author: Marcelo Leitner <mleitner@xxxxxxxxxx> Date: Mon Oct 13 13:09:28 2014 -0300 netfilter: nf_conntrack: allow server to become a client in TW handling When a port that was used to listen for inbound connections gets closed and reused for outgoing connections (like rsh ends up doing for stderr flow), current we may reject the SYN/ACK packet for the new connection because tcp_conntracks states forbirds a port to become a client while there is still a TIME_WAIT entry in there for it. As TCP may expire the TIME_WAIT socket in 60s and conntrack's timeout for it is 120s, there is a ~60s window that the application can end up opening a port that conntrack will end up blocking. This patch fixes this by simply allowing such state transition: if we see a SYN, in TIME_WAIT state, on REPLY direction, move it to sSS. Note that the rest of the code already handles this situation, more specificly in tcp_packet(), first switch clause. Signed-off-by: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7c1c97d54f9bfc810908d3903cb8bcacf734df18 Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Date: Tue Oct 21 11:23:30 2014 +0200 net: sched: initialize bstats syncp Use netdev_alloc_pcpu_stats to allocate percpu stats and initialize syncp. Fixes: 22e0f8b9322c "net: sched: make bstats per cpu and estimator RCU safe" Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Acked-by: Cong Wang <cwang@xxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 32bf08a6257b9c7380dcd040af3c0858eee3ef05 Author: Alexei Starovoitov <ast@xxxxxxxxxxxx> Date: Mon Oct 20 14:54:57 2014 -0700 bpf: fix bug in eBPF verifier while comparing for verifier state equivalency the comparison was missing a check for uninitialized register. Make sure it does so and add a testcase. Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier") Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx> Acked-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 78fd1d0ab072d4d9b5f0b7c14a1516665170b565 Author: Thomas Graf <tgraf@xxxxxxx> Date: Tue Oct 21 22:05:38 2014 +0200 netlink: Re-add locking to netlink_lookup() and seq walker The synchronize_rcu() in netlink_release() introduces unacceptable latency. Reintroduce minimal lookup so we can drop the synchronize_rcu() until socket destruction has been RCUfied. Cc: David S. Miller <davem@xxxxxxxxxxxxx> Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx> Reported-by: Steinar H. Gunderson <sgunderson@xxxxxxxxxxx> Reported-and-tested-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx> Signed-off-by: Thomas Graf <tgraf@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1a194c2d59c55c37cb4c0c459d5418071a141341 Author: Ying Xue <ying.xue@xxxxxxxxxxxxx> Date: Mon Oct 20 14:46:35 2014 +0800 tipc: fix lockdep warning when intra-node messages are delivered When running tipcTC&tipcTS test suite, below lockdep unsafe locking scenario is reported: [ 1109.997854] [ 1109.997988] ================================= [ 1109.998290] [ INFO: inconsistent lock state ] [ 1109.998575] 3.17.0-rc1+ #113 Not tainted [ 1109.998762] --------------------------------- [ 1109.998762] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 1109.998762] swapper/7/0 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 1109.998762] (slock-AF_TIPC){+.?...}, at: [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] {SOFTIRQ-ON-W} state was registered at: [ 1109.998762] [<ffffffff810a4770>] __lock_acquire+0x6a0/0x1d80 [ 1109.998762] [<ffffffff810a6555>] lock_acquire+0x95/0x1e0 [ 1109.998762] [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80 [ 1109.998762] [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa0004fe8>] tipc_link_xmit+0xa8/0xc0 [tipc] [ 1109.998762] [<ffffffffa000ec6f>] tipc_sendmsg+0x15f/0x550 [tipc] [ 1109.998762] [<ffffffffa000f165>] tipc_connect+0x105/0x140 [tipc] [ 1109.998762] [<ffffffff817676ee>] SYSC_connect+0xae/0xc0 [ 1109.998762] [<ffffffff81767b7e>] SyS_connect+0xe/0x10 [ 1109.998762] [<ffffffff817a9788>] compat_SyS_socketcall+0xb8/0x200 [ 1109.998762] [<ffffffff81a306e5>] sysenter_dispatch+0x7/0x1f [ 1109.998762] irq event stamp: 241060 [ 1109.998762] hardirqs last enabled at (241060): [<ffffffff8105a4ad>] __local_bh_enable_ip+0x6d/0xd0 [ 1109.998762] hardirqs last disabled at (241059): [<ffffffff8105a46f>] __local_bh_enable_ip+0x2f/0xd0 [ 1109.998762] softirqs last enabled at (241020): [<ffffffff81059a52>] _local_bh_enable+0x22/0x50 [ 1109.998762] softirqs last disabled at (241021): [<ffffffff8105a626>] irq_exit+0x96/0xc0 [ 1109.998762] [ 1109.998762] other info that might help us debug this: [ 1109.998762] Possible unsafe locking scenario: [ 1109.998762] [ 1109.998762] CPU0 [ 1109.998762] ---- [ 1109.998762] lock(slock-AF_TIPC); [ 1109.998762] <Interrupt> [ 1109.998762] lock(slock-AF_TIPC); [ 1109.998762] [ 1109.998762] *** DEADLOCK *** [ 1109.998762] [ 1109.998762] 2 locks held by swapper/7/0: [ 1109.998762] #0: (rcu_read_lock){......}, at: [<ffffffff81782dc9>] __netif_receive_skb_core+0x69/0xb70 [ 1109.998762] #1: (rcu_read_lock){......}, at: [<ffffffffa0001c90>] tipc_l2_rcv_msg+0x40/0x260 [tipc] [ 1109.998762] [ 1109.998762] stack backtrace: [ 1109.998762] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.17.0-rc1+ #113 [ 1109.998762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 1109.998762] ffffffff82745830 ffff880016c03828 ffffffff81a209eb 0000000000000007 [ 1109.998762] ffff880017b3cac0 ffff880016c03888 ffffffff81a1c5ef 0000000000000001 [ 1109.998762] ffff880000000001 ffff880000000000 ffffffff81012d4f 0000000000000000 [ 1109.998762] Call Trace: [ 1109.998762] <IRQ> [<ffffffff81a209eb>] dump_stack+0x4e/0x68 [ 1109.998762] [<ffffffff81a1c5ef>] print_usage_bug+0x1f1/0x202 [ 1109.998762] [<ffffffff81012d4f>] ? save_stack_trace+0x2f/0x50 [ 1109.998762] [<ffffffff810a406c>] mark_lock+0x28c/0x2f0 [ 1109.998762] [<ffffffff810a3440>] ? print_irq_inversion_bug.part.46+0x1f0/0x1f0 [ 1109.998762] [<ffffffff810a467d>] __lock_acquire+0x5ad/0x1d80 [ 1109.998762] [<ffffffff810a70dd>] ? trace_hardirqs_on+0xd/0x10 [ 1109.998762] [<ffffffff8108ace8>] ? sched_clock_cpu+0x98/0xc0 [ 1109.998762] [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30 [ 1109.998762] [<ffffffff810a10dc>] ? lock_release_holdtime.part.29+0x1c/0x1a0 [ 1109.998762] [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90 [ 1109.998762] [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc] [ 1109.998762] [<ffffffff810a6555>] lock_acquire+0x95/0x1e0 [ 1109.998762] [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffff810a6fb6>] ? trace_hardirqs_on_caller+0xa6/0x1c0 [ 1109.998762] [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80 [ 1109.998762] [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc] [ 1109.998762] [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa00076bd>] tipc_rcv+0x5ed/0x960 [tipc] [ 1109.998762] [<ffffffffa0001d1c>] tipc_l2_rcv_msg+0xcc/0x260 [tipc] [ 1109.998762] [<ffffffffa0001c90>] ? tipc_l2_rcv_msg+0x40/0x260 [tipc] [ 1109.998762] [<ffffffff81783345>] __netif_receive_skb_core+0x5e5/0xb70 [ 1109.998762] [<ffffffff81782dc9>] ? __netif_receive_skb_core+0x69/0xb70 [ 1109.998762] [<ffffffff81784eb9>] ? dev_gro_receive+0x259/0x4e0 [ 1109.998762] [<ffffffff817838f6>] __netif_receive_skb+0x26/0x70 [ 1109.998762] [<ffffffff81783acd>] netif_receive_skb_internal+0x2d/0x1f0 [ 1109.998762] [<ffffffff81785518>] napi_gro_receive+0xd8/0x240 [ 1109.998762] [<ffffffff815bf854>] e1000_clean_rx_irq+0x2c4/0x530 [ 1109.998762] [<ffffffff815c1a46>] e1000_clean+0x266/0x9c0 [ 1109.998762] [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30 [ 1109.998762] [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90 [ 1109.998762] [<ffffffff817842b1>] net_rx_action+0x141/0x310 [ 1109.998762] [<ffffffff810bd710>] ? handle_fasteoi_irq+0xe0/0x150 [ 1109.998762] [<ffffffff81059fa6>] __do_softirq+0x116/0x4d0 [ 1109.998762] [<ffffffff8105a626>] irq_exit+0x96/0xc0 [ 1109.998762] [<ffffffff81a30d07>] do_IRQ+0x67/0x110 [ 1109.998762] [<ffffffff81a2ee2f>] common_interrupt+0x6f/0x6f [ 1109.998762] <EOI> [<ffffffff8100d2b7>] ? default_idle+0x37/0x250 [ 1109.998762] [<ffffffff8100d2b5>] ? default_idle+0x35/0x250 [ 1109.998762] [<ffffffff8100dd1f>] arch_cpu_idle+0xf/0x20 [ 1109.998762] [<ffffffff810999fd>] cpu_startup_entry+0x27d/0x4d0 [ 1109.998762] [<ffffffff81034c78>] start_secondary+0x188/0x1f0 When intra-node messages are delivered from one process to another process, tipc_link_xmit() doesn't disable BH before it directly calls tipc_sk_rcv() on process context to forward messages to destination socket. Meanwhile, if messages delivered by remote node arrive at the node and their destinations are also the same socket, tipc_sk_rcv() running on process context might be preempted by tipc_sk_rcv() running BH context. As a result, the latter cannot obtain the socket lock as the lock was obtained by the former, however, the former has no chance to be run as the latter is owning the CPU now, so headlock happens. To avoid it, BH should be always disabled in tipc_sk_rcv(). Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx> Reviewed-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7b8613e0a1502b43b3b36c93c66f835c891f63b3 Author: Ying Xue <ying.xue@xxxxxxxxxxxxx> Date: Mon Oct 20 14:44:25 2014 +0800 tipc: fix a potential deadlock Locking dependency detected below possible unsafe locking scenario: CPU0 CPU1 T0: tipc_named_rcv() tipc_rcv() T1: [grab nametble write lock]* [grab node lock]* T2: tipc_update_nametbl() tipc_node_link_up() T3: tipc_nodesub_subscribe() tipc_nametbl_publish() T4: [grab node lock]* [grab nametble write lock]* The opposite order of holding nametbl write lock and node lock on above two different paths may result in a deadlock. If we move the the updating of the name table after link state named out of node lock, the reverse order of holding locks will be eliminated, and as a result, the deadlock risk. Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx> Signed-off-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 73829bf6fec70703f10e360676d81d327f21ebf6 Merge: d10845f 39dc90c Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 21 15:24:30 2014 -0400 Merge branch 'enic' Govindarajulu Varadarajan says: ==================== enic: Bug fixes This series fixes the following problem. Please apply this to net. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 39dc90c159c1bcc0fdd42913a7d560b1a1cd3acf Author: Govindarajulu Varadarajan <_govind@xxxxxxx> Date: Sun Oct 19 14:20:28 2014 +0530 enic: Do not call napi_disable when preemption is disabled. In enic_stop, we disable preemption using local_bh_disable(). We disable preemption to wait for busy_poll to finish. napi_disable should not be called here as it might sleep. Moving napi_disable() call out side of local_bh_disable. BUG: sleeping function called from invalid context at include/linux/netdevice.h:477 in_atomic(): 1, irqs_disabled(): 0, pid: 443, name: ifconfig INFO: lockdep is turned off. Preemption disabled at:[<ffffffffa029c5c4>] enic_rfs_flw_tbl_free+0x34/0xd0 [enic] CPU: 31 PID: 443 Comm: ifconfig Not tainted 3.17.0-netnext-05504-g59f35b8 #268 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 ffff8800dac10000 ffff88020b8dfcb8 ffffffff8148a57c 0000000000000000 ffff88020b8dfcd0 ffffffff8107e253 ffff8800dac12a40 ffff88020b8dfd10 ffffffffa029305b ffff88020b8dfd48 ffff8800dac10000 ffff88020b8dfd48 Call Trace: [<ffffffff8148a57c>] dump_stack+0x4e/0x7a [<ffffffff8107e253>] __might_sleep+0x123/0x1a0 [<ffffffffa029305b>] enic_stop+0xdb/0x4d0 [enic] [<ffffffff8138ed7d>] __dev_close_many+0x9d/0xf0 [<ffffffff8138ef81>] __dev_close+0x31/0x50 [<ffffffff813974a8>] __dev_change_flags+0x98/0x160 [<ffffffff81397594>] dev_change_flags+0x24/0x60 [<ffffffff814085fd>] devinet_ioctl+0x63d/0x710 [<ffffffff81139c16>] ? might_fault+0x56/0xc0 [<ffffffff81409ef5>] inet_ioctl+0x65/0x90 [<ffffffff813768e0>] sock_do_ioctl+0x20/0x50 [<ffffffff81376ebb>] sock_ioctl+0x20b/0x2e0 [<ffffffff81197250>] do_vfs_ioctl+0x2e0/0x500 [<ffffffff81492619>] ? sysret_check+0x22/0x5d [<ffffffff81285f23>] ? __this_cpu_preempt_check+0x13/0x20 [<ffffffff8109fe19>] ? trace_hardirqs_on_caller+0x119/0x270 [<ffffffff811974ac>] SyS_ioctl+0x3c/0x80 [<ffffffff814925ed>] system_call_fastpath+0x1a/0x1f Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b6931c9ba728d60c542c39ff037fe6f595c074a2 Author: Govindarajulu Varadarajan <_govind@xxxxxxx> Date: Sun Oct 19 14:20:27 2014 +0530 enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free The following warning is shown when spinlock debug is enabled. This occurs when enic_flow_may_expire timer function is running and enic_stop is called on same CPU. Fix this by using spink_lock_bh(). ================================= [ INFO: inconsistent lock state ] 3.17.0-netnext-05504-g59f35b8 #268 Not tainted --------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. ifconfig/443 [HC0[0]:SC0[0]:HE1:SE1] takes: (&(&enic->rfs_h.lock)->rlock){+.?...}, at: enic_rfs_flw_tbl_free+0x34/0xd0 [enic] {IN-SOFTIRQ-W} state was registered at: [<ffffffff810a25af>] __lock_acquire+0x83f/0x21c0 [<ffffffff810a45f2>] lock_acquire+0xa2/0xd0 [<ffffffff814913fc>] _raw_spin_lock+0x3c/0x80 [<ffffffffa029c3d5>] enic_flow_may_expire+0x25/0x130[enic] [<ffffffff810bcd07>] call_timer_fn+0x77/0x100 [<ffffffff810bd8e3>] run_timer_softirq+0x1e3/0x270 [<ffffffff8105f9ae>] __do_softirq+0x14e/0x280 [<ffffffff8105fdae>] irq_exit+0x8e/0xb0 [<ffffffff8103da0f>] smp_apic_timer_interrupt+0x3f/0x50 [<ffffffff81493742>] apic_timer_interrupt+0x72/0x80 [<ffffffff81018143>] default_idle+0x13/0x20 [<ffffffff81018a6a>] arch_cpu_idle+0xa/0x10 [<ffffffff81097676>] cpu_startup_entry+0x2c6/0x330 [<ffffffff8103b7ad>] start_secondary+0x21d/0x290 irq event stamp: 2997 hardirqs last enabled at (2997): [<ffffffff81491865>] _raw_spin_unlock_irqrestore+0x65/0x90 hardirqs last disabled at (2996): [<ffffffff814915e6>] _raw_spin_lock_irqsave+0x26/0x90 softirqs last enabled at (2968): [<ffffffff813b57a3>] dev_deactivate_many+0x213/0x260 softirqs last disabled at (2966): [<ffffffff813b5783>] dev_deactivate_many+0x1f3/0x260 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&enic->rfs_h.lock)->rlock); <Interrupt> lock(&(&enic->rfs_h.lock)->rlock); *** DEADLOCK *** Reported-by: Jan Stancek <jstancek@xxxxxxxxxx> Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d10845fc85b2e690b5f6425c5ba4df33a073fbc9 Merge: ce8ec48 f993bc2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 20 12:38:19 2014 -0400 Merge branch 'gso_encap_fixes' Florian Westphal says: ==================== net: minor gso encapsulation fixes The following series fixes a minor bug in the gso segmentation handlers when encapsulation offload is used. Theoretically this could cause kernel panic when the stack tries to software-segment such a GRE offload packet, but it looks like there is only one affected call site (tbf scheduler) and it handles NULL return value. I've included a followup patch to add IS_ERR_OR_NULL checks where needed. While looking into this, I also found that size computation of the individual segments is incorrect if skb->encapsulation is set. Please see individual patches for delta vs. v1. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f993bc25e5196e60514c216d0bca0f600de64af8 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:18 2014 +0200 net: core: handle encapsulation offloads when computing segment lengths if ->encapsulation is set we have to use inner_tcp_hdrlen and add the size of the inner network headers too. This is 'mostly harmless'; tbf might send skb that is slightly over quota or drop skb even if it would have fit. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 330966e501ffe282d7184fde4518d5e0c24bc7f8 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:17 2014 +0200 net: make skb_gso_segment error handling more robust skb_gso_segment has three possible return values: 1. a pointer to the first segmented skb 2. an errno value (IS_ERR()) 3. NULL. This can happen when GSO is used for header verification. However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL and would oops when NULL is returned. Note that these call sites should never actually see such a NULL return value; all callers mask out the GSO bits in the feature argument. However, there have been issues with some protocol handlers erronously not respecting the specified feature mask in some cases. It is preferable to get 'have to turn off hw offloading, else slow' reports rather than 'kernel crashes'. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e16aa3ddf863c6b9f37eddf52503230a62dedb3 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:16 2014 +0200 net: gso: use feature flag argument in all protocol gso handlers skb_gso_segment() has a 'features' argument representing offload features available to the output path. A few handlers, e.g. GRE, instead re-fetch the features of skb->dev and use those instead of the provided ones when handing encapsulation/tunnels. Depending on dev->hw_enc_features of the output device skb_gso_segment() can then return NULL even when the caller has disabled all GSO feature bits, as segmentation of inner header thinks device will take care of segmentation. This e.g. affects the tbf scheduler, which will silently drop GRE-encap GSO skbs that did not fit the remaining token quota as the segmentation does not work when device supports corresponding hw offload capabilities. Cc: Pravin B Shelar <pshelar@xxxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ce8ec4896749783bd6cdc457e6012cfc18e09c8b Merge: 95ff886 1e2d56a Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 20 11:57:47 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== netfilter fixes for net The following patchset contains netfilter fixes for your net tree, they are: 1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules. 2) Restrict nat and masq expressions to the nat chain type. Otherwise, users may crash their kernel if they attach a nat/masq rule to a non nat chain. 3) Fix hook validation in nft_compat when non-base chains are used. Basically, initialize hook_mask to zero. 4) Make sure you use match/targets in nft_compat from the right chain type. The existing validation relies on the table name which can be avoided by 5) Better netlink attribute validation in nft_nat. This expression has to reject the configuration when no address and proto configurations are specified. 6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set. Yet another sanity check to reject incorrect configurations from userspace. 7) Conditional NAT attribute dumping depending on the existing configuration. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 11b2357d5dbce999803e9055f8c09829a8a87db4 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Mon Oct 20 10:54:36 2014 +0200 mac80211: minstrels: fix buffer overflow in HT debugfs rc_stats ATM an HT rc_stats line is 106 chars. Times 8(MCS_GROUP_RATES)*3(SS)*2(GI)*2(BW) + CCK(4), i.e. x100, this is well above the current 8192 - sizeof(*ms) currently allocated. Fix this by squeezing the output as follows (not that we're short on memory but this also improves readability and range, the new format adds one more digit to *ok/*cum and ok/cum): - Before (HT) (106 ch): type rate throughput ewma prob this prob retry this succ/attempt success attempts CCK/LP 5.5M 0.0 0.0 0.0 0 0( 0) 0 0 HT20/LGI ABCDP MCS0 0.0 0.0 0.0 1 0( 0) 0 0 - After (75 ch): type rate tpt eprob *prob ret *ok(*cum) ok( cum) CCK/LP 5.5M 0.0 0.0 0.0 0 0( 0) 0( 0) HT20/LGI ABCDP MCS0 0.0 0.0 0.0 1 0( 0) 0( 0) - Align non-HT format Before (non-HT) (83 ch): rate throughput ewma prob this prob this succ/attempt success attempts ABCDP 6 0.0 0.0 0.0 0( 0) 0 0 54 0.0 0.0 0.0 0( 0) 0 0 - After (61 ch): rate tpt eprob *prob *ok(*cum) ok( cum) ABCDP 1 0.0 0.0 0.0 0( 0) 0( 0) 54 0.0 0.0 0.0 0( 0) 0( 0) *This also adds dynamic checks for overflow, lowers the size of the non-HT request (allowing > 30 entries) and replaces the buddy-rounded allocations (s/sizeof(*ms) + 8192/8192). Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Acked-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 95ff88688781db2f64042e69bd499e518bbb36e5 Author: Ian Morgan <imorgan@xxxxxxxxxxxxx> Date: Sun Oct 19 08:05:13 2014 -0400 ax88179_178a: fix bonding failure The following patch fixes a bug which causes the ax88179_178a driver to be incapable of being added to a bond. When I brought up the issue with the bonding maintainers, they indicated that the real problem was with the NIC driver which must return zero for success (of setting the MAC address). I see that several other NIC drivers follow that pattern by either simply always returing zero, or by passing through a negative (error) result while rewriting any positive return code to zero. With that same philisophy applied to the ax88179_178a driver, it allows it to work correctly with the bonding driver. I believe this is suitable for queuing in -stable, as it's a small, simple, and obvious fix that corrects a defect with no other known workaround. This patch is against vanilla 3.17(.0). Signed-off-by: Ian Morgan <imorgan@xxxxxxxxxxxxx> drivers/net/usb/ax88179_178a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e2d56a5d33a7e1fcd21ed3859f52596d02708b0 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:24:14 2014 +0200 netfilter: nft_nat: dump attributes if they are set Dump NFTA_NAT_REG_ADDR_MIN if this is non-zero. Same thing with NFTA_NAT_REG_PROTO_MIN. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 61cfac6b42af98ab46bcb3a47e150e7b20d5015e Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:19:35 2014 +0200 netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present, otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 5c819a39753d6a3ae9c0092236f59730a369b619 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:16:57 2014 +0200 netfilter: nft_nat: insufficient attribute validation We have to validate that we at least get an NFTA_NAT_REG_ADDR_MIN or NFTA_NFT_REG_PROTO_MIN attribute. Reject the configuration if none of them are present. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit f3f5ddeddd6aeadcef523d55ea9288e3d5c1cbc3 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue Oct 14 10:13:48 2014 +0200 netfilter: nft_compat: validate chain type in match/target We have to validate the real chain type to ensure that matches/targets are not used out from their scope (eg. MASQUERADE in nat chain type). The existing validation relies on the table name, but this is not sufficient since userspace can fool us by using the appropriate table name with a different chain type. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 493618a92c6afdd3f6224ab586f169d6a259bb06 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue Oct 14 12:43:50 2014 +0200 netfilter: nft_compat: fix hook validation for non-base chains Set hook_mask to zero for non-base chains, otherwise people may hit bogus errors from the xt_check_target() and xt_check_match() when validating the uninitialized hook_mask. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit c7abf25af0f41be4b50d44c5b185d52eea360cb8 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Mon Oct 13 14:34:41 2014 +0200 mac80211: fix typo in starting baserate for rts_cts_rate_idx It affects non-(V)HT rates and can lead to selecting an rts_cts rate that is not a basic rate or way superior to the reference rate (ATM rates[0] used for the 1st attempt of the protected frame data). E.g, assuming drivers register growing (bitrate) sorted tables of ieee80211_rate-s, having : - rates[0].idx == d'2 and basic_rates == b'10100 will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise - rates[0].idx == d'2 and basic_rates == b'10001 will select rts_cts idx b'10000 The first is not a basic rate and the second is > rates[0]. Also, wrt severity of the addressed misbehavior, ATM we only have one rts_cts_rate_idx rather than one per rate table entry, so this idx might still point to bitrates > rates[1..MAX_RATES]. Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 7210e4e38f945dfa173c4a4e59ad827c9ecad541 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Mon Oct 13 19:50:22 2014 +0200 netfilter: nf_tables: restrict nat/masq expressions to nat chain type This adds the missing validation code to avoid the use of nat/masq from non-nat chains. The validation assumes two possible configuration scenarios: 1) Use of nat from base chain that is not of nat type. Reject this configuration from the nft_*_init() path of the expression. 2) Use of nat from non-base chain. In this case, we have to wait until the non-base chain is referenced by at least one base chain via jump/goto. This is resolved from the nft_*_validate() path which is called from nf_tables_check_loops(). The user gets an -EOPNOTSUPP in both cases. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit ab2d7251d666995740da17b2a51ca545ac5dd037 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Fri Oct 10 11:25:20 2014 +0200 netfilter: missing module license in the nf_reject_ipvX modules [ 23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel. Fixes: c8d7b98 ("netfilter: move nf_send_resetX() code to nf_reject_ipvX modules") Reported-by: Dave Young <dyoung@xxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 252e07ca5f64dd31fdfca8027287e7d75fefdab1 Author: Luciano Coelho <luciano.coelho@xxxxxxxxx> Date: Wed Oct 8 09:48:34 2014 +0300 nl80211: sanity check the channel switch counter value The nl80211 channel switch count attribute (NL80211_ATTR_CH_SWITCH_COUNT) is specified as u32, but the specification uses u8 for the counter. To make sure strange things don't happen without informing the user, sanity check the value and return -EINVAL if it doesn't fit in u8. Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit bc37b16870a382e8b71d881444c19a16de1c1a7f Author: Fabian Frederick <fabf@xxxxxxxxx> Date: Tue Oct 7 22:20:23 2014 +0200 net: rfkill: kernel-doc warning fixes Correct the kernel-doc, the parameter is called "blocked" not "state". Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit c12bc4885f4b3bab0ed779c69d5d7e3223fa5003 Author: Luciano Coelho <luciano.coelho@xxxxxxxxx> Date: Tue Sep 30 07:08:02 2014 +0300 mac80211: return the vif's chandef in ieee80211_cfg_get_channel() The chandef of the channel context a vif is using may be different than the chandef of the vif itself. For instance, the bandwidth used by the vif may be narrower than the one configured in the channel context. To avoid confusion, return the vif's chandef in ieee80211_cfg_get_channel() instead of the chandef of the channel context. Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 8975ae88e137ea02a71b7a86af2f8eb790c2f1e7 Author: Liad Kaufman <liad.kaufman@xxxxxxxxx> Date: Sun Sep 14 21:48:28 2014 +0300 mac80211: fix warning on htmldocs for last_tdls_pkt_time Forgot to add an entry to the struct description of sta_info. Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> For bisection revision-tuple graph see: http://www.chiark.greenend.org.uk/~xensrcts/results/bisect.linux-linus.test-amd64-i386-rumpuserxen-i386.guest-start.html Revision IDs in each graph node refer, respectively, to the Trees above. ---------------------------------------- Searching for failure / basis pass: 31352 fail [host=bush-cricket] / 31282 [host=worm-moth] 31266 ok. Failure / basis pass flights: 31352 / 31266 (tree with no url: seabios) Tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git Tree: linuxfirmware git://xenbits.xen.org/osstest/linux-firmware.git Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git Tree: rumpuserxen git://xenbits.xen.org/rumpuser-xen.git Tree: rumpuserxen_buildrumpsh https://github.com/rumpkernel/buildrump.sh.git Tree: rumpuserxen_netbsdsrc https://github.com/rumpkernel/src-netbsd Tree: xen git://xenbits.xen.org/xen.git Latest 0df1f2487d2f0d04703f142813d53615d62a1da4 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf Basis pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 94c092b906e348acd512744536d28e4f06e4c1ef 3687f55f417008a1fcdc04195644009232ae609d 6688825c240586708129df8887ad9b12a1708497 Generating revisions with ./adhoc-revtuple-generator git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git#a7ca10f263d7e673c74d8e0946d6b9993405cc9c-0df1f2487d2f0d04703f142813d53615d62a1da4 git://xenbits.xen.org/osstest/linux-firmware.git#c530a75c1e6a472b0eb9558310b518f0dfcd8860-c530a75c1e6a472b0eb9558310b518f0dfcd8860 git://xenbits.xen.org/staging/qemu-xen-unstable.git#b0d42741f8e9a00854c3b3faca1da84bfc69bf22-b0d42741f8e9a00854c3b3faca1da84bfc69bf22 git://xenbits.xen.org/staging/qemu-upstream-unstable.git#ca78cc83650b535d7e24baeaea32947be0141534-ca78cc83650b535d7e24baeaea32947be0141534 git://xenbits.xen.org/rumpuser-xen.git#2ee4e55123b64feb79d8c824668a86e717ba47f8-ccc8df17b7e7e785e28bee8ae90d0f00f93208ca https://github.com/rumpkernel/buildrump.sh.git#94c092b906e348acd512744536d28e4f06e4c1ef-e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b https://github.com/rumpkernel/src-netbsd#3687f55f417008a1fcdc04195644009232ae609d-3687f55f417008a1fcdc04195644009232ae609d git://xenbits.xen.org/xen.git#6688825c240586708129df8887ad9b12a1708497-0f2bde078ace619fe8e26730495b6ef2c3a2e9bf + exec + sh -xe + cd /export/home/osstest/repos/linux-2.6 + git remote set-url origin git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/rumpuser-xen + git remote set-url origin git://drall.uk.xensource.com:9419/git://xenbits.xen.org/rumpuser-xen.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/buildrump.sh + git remote set-url origin git://drall.uk.xensource.com:9419/https://github.com/rumpkernel/buildrump.sh.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/xen + git remote set-url origin git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* From git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen 816f5bb..5a430ec staging -> origin/staging + exec + sh -xe + cd /export/home/osstest/repos/linux-2.6 + git remote set-url origin git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/rumpuser-xen + git remote set-url origin git://drall.uk.xensource.com:9419/git://xenbits.xen.org/rumpuser-xen.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/buildrump.sh + git remote set-url origin git://drall.uk.xensource.com:9419/https://github.com/rumpkernel/buildrump.sh.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* + exec + sh -xe + cd /export/home/osstest/repos/xen + git remote set-url origin git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Use of uninitialized value $parents in array dereference at ./adhoc-revtuple-generator line 461. Use of uninitialized value in concatenation (.) or string at ./adhoc-revtuple-generator line 461. Loaded 123760 nodes in revision graph Searching for test results: 31266 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 94c092b906e348acd512744536d28e4f06e4c1ef 3687f55f417008a1fcdc04195644009232ae609d 6688825c240586708129df8887ad9b12a1708497 31282 [host=worm-moth] 31334 fail 12d7aacab56e9ef185c3a5512e867bfd3a9504e4 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31352 fail 0df1f2487d2f0d04703f142813d53615d62a1da4 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31416 pass 53429290a054b30e4683297409fc4627b2592315 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31401 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 94c092b906e348acd512744536d28e4f06e4c1ef 3687f55f417008a1fcdc04195644009232ae609d 6688825c240586708129df8887ad9b12a1708497 31418 fail 89453379aaf0608253124057df6cd8ac63948135 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31402 fail 0df1f2487d2f0d04703f142813d53615d62a1da4 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31420 pass 53429290a054b30e4683297409fc4627b2592315 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31404 pass 3a2f22b7d0cc64482a91529e23c2570aa0602fa6 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2d0d163ae7cdabe002fd8a4ba441d9e7eb731fcf e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31421 fail 89453379aaf0608253124057df6cd8ac63948135 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31405 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 06ca11260277a9099a5ebeb04669fa0abf694106 e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31407 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 af97653924fa6f230f517d2efa850fd3c366054f 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31408 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 05c06de524743a92d1d7b610dc9b4e23421f5e54 3687f55f417008a1fcdc04195644009232ae609d 912054bbbc5914174b6f90c6bcd0a5c4f370bdbe 31422 pass 53429290a054b30e4683297409fc4627b2592315 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31410 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 2ee4e55123b64feb79d8c824668a86e717ba47f8 a55697c828687a7ff09b1fc93a42b73685368717 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31412 pass f5fa363026c3508735c6ab2f1029110d2c4966a2 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31424 fail 89453379aaf0608253124057df6cd8ac63948135 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf 31414 fail 32e8fd2f8eac3262e7000d9a219d70ace10e0adf c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf Searching for interesting versions Result found: flight 31266 (pass), for basis pass Result found: flight 31352 (fail), for basis failure Repro found: flight 31401 (pass), for basis pass Repro found: flight 31402 (fail), for basis failure 0 revisions at 53429290a054b30e4683297409fc4627b2592315 c530a75c1e6a472b0eb9558310b518f0dfcd8860 b0d42741f8e9a00854c3b3faca1da84bfc69bf22 ca78cc83650b535d7e24baeaea32947be0141534 ccc8df17b7e7e785e28bee8ae90d0f00f93208ca e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 3687f55f417008a1fcdc04195644009232ae609d 0f2bde078ace619fe8e26730495b6ef2c3a2e9bf No revisions left to test, checking graph state. Result found: flight 31416 (pass), for last pass Result found: flight 31418 (fail), for first failure Repro found: flight 31420 (pass), for last pass Repro found: flight 31421 (fail), for first failure Repro found: flight 31422 (pass), for last pass Repro found: flight 31424 (fail), for first failure *** Found and reproduced problem changeset *** Bug is in tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git Bug introduced: 89453379aaf0608253124057df6cd8ac63948135 Bug not present: 53429290a054b30e4683297409fc4627b2592315 + exec + sh -xe + cd /export/home/osstest/repos/linux-2.6 + git remote set-url origin git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git + git fetch -p origin +refs/heads/*:refs/remotes/origin/* commit 89453379aaf0608253124057df6cd8ac63948135 Merge: 5342929 99a49ce Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 15:04:58 2014 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "A bit has accumulated, but it's been a week or so since my last batch of post-merge-window fixes, so... 1) Missing module license in netfilter reject module, from Pablo. Lots of people ran into this. 2) Off by one in mac80211 baserate calculation, from Karl Beldan. 3) Fix incorrect return value from ax88179_178a driver's set_mac_addr op, which broke use of it with bonding. From Ian Morgan. 4) Checking of skb_gso_segment()'s return value was not all encompassing, it can return an SKB pointer, a pointer error, or NULL. Fix from Florian Westphal. This is crummy, and longer term will be fixed to just return error pointers or a real SKB. 6) Encapsulation offloads not being handled by skb_gso_transport_seglen(). From Florian Westphal. 7) Fix deadlock in TIPC stack, from Ying Xue. 8) Fix performance regression from using rhashtable for netlink sockets. The problem was the synchronize_net() invoked for every socket destroy. From Thomas Graf. 9) Fix bug in eBPF verifier, and remove the strong dependency of BPF on NET. From Alexei Starovoitov. 10) In qdisc_create(), use the correct interface to allocate ->cpu_bstats, otherwise the u64_stats_sync member isn't initialized properly. From Sabrina Dubroca. 11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter. 12) nf_tables_newchain() was erroneously expecting error pointers from netdev_alloc_pcpu_stats(). It only returna a valid pointer or NULL. From Sabrina Dubroca. 13) Fix use-after-free in _decode_session6(), from Li RongQing. 14) When we set the TX flow hash on a socket, we mistakenly do so before we've nailed down the final source port. Move the setting deeper to fix this. From Sathya Perla. 15) NAPI budget accounting in amd-xgbe driver was counting descriptors instead of full packets, fix from Thomas Lendacky. 16) Fix total_data_buflen calculation in hyperv driver, from Haiyang Zhang. 17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke Mehrtens. 18) Fix mis-use of per-cpu memory in TCP md5 code. The problem is that something that ends up being vmalloc memory can't be passed to the crypto hash routines via scatter-gather lists. From Eric Dumazet. 19) Fix regression in promiscuous mode enabling in cdc-ether, from Olivier Blin. 20) Bucket eviction and frag entry killing can race with eachother, causing an unlink of the object from the wrong list. Fix from Nikolay Aleksandrov. 21) Missing initialization of spinlock in cxgb4 driver, from Anish Bhatt. 22) Do not cache ipv4 routing failures, otherwise if the sysctl for forwarding is subsequently enabled this won't be seen. From Nicolas Cavallari" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits) drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode drivers: net: cpsw: Fix broken loop condition in switch mode net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0 stmmac: pci: set default of the filter bins net: smc91x: Fix gpios for device tree based booting mpls: Allow mpls_gso to be built as module mpls: Fix mpls_gso handler. r8152: stop submitting intr for -EPROTO netfilter: nft_reject_bridge: restrict reject to prerouting and input netfilter: nft_reject_bridge: don't use IP stack to reject traffic netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing drivers/net: macvtap and tun depend on INET drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets drivers/net: Disable UFO through virtio net: skb_fclone_busy() needs to detect orphaned skb gre: Use inner mac length when computing tunnel length mlx4: Avoid leaking steering rules on flow creation error flow net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN ... commit 99a49ce613057f1934e1c378808374fd683b1541 Merge: 1e5c4bc 75a916e Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Fri Oct 31 16:18:35 2014 -0400 Merge tag 'master-2014-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2014-10-31 Please pull this small batch of spooky fixes intended for the 3.18 stream...boo! Cyril Brulebois adds an rt2x00 device ID. Dan Carpenter provides a one-line masking fix for an ath9k debugfs entry. Larry Finger gives us a package of small rtlwifi fixes which add some bits that were left out of some feature updates that were included in the merge window. Hopefully this isn't a sign that the rtlwifi base is getting too big... Marc Yang brings a fix for a temporary mwifiex stall when doing 11n RX reordering. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e5c4bc497c0a96e1ad2974539d353870f2cb0b6 Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 13:38:52 2014 -0400 drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode The cpsw driver did not support the IFF_ALLMULTI flag which makes dynamic multicast routing not work. Related to this, when enabling IFF_PROMISC in switch mode, all registered multicast addresses are flushed, resulting in only broadcast and unicast traffic being received. A new cpsw_ale_set_allmulti function now scans through the ALE entry table and adds/removes the host port from the unregistered multicast port mask of each vlan entry depending on the state of IFF_ALLMULTI. In promiscious mode, cpsw_ale_set_allmulti is used to force reception of all multicast traffic in addition to the unicast and broadcast traffic. With this change dynamic multicast and promiscious mode both work in switch mode. Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 6f979eb3fcfb4c3f42f230d174db4bbad0080710 Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Date: Fri Oct 31 13:28:54 2014 -0400 drivers: net: cpsw: Fix broken loop condition in switch mode 0d961b3b52f566f823070ce2366511a7f64b928c (drivers: net: cpsw: fix buggy loop condition) accidentally fixed a loop comparison in too many places while fixing a real bug. It was correct to fix the dual_emac mode section since there 'i' is used as an index into priv->slaves which is a 0 based array. However the other two changes (which are only used in switch mode) are wrong since there 'i' is actually the ALE port number, and port 0 is the host port, while port 1 and up are the slave ports. Putting the loop condition back in the switch mode section fixes it. A comment has been added to point out the intent clearly to avoid future confusion. Also a comment is fixed that said the opposite of what was actually happening. Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx> Acked-by: Heiko Schocher <hs@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e0fb6fb6d52686134b2ece144060219591d4f8d3 Author: Guenter Roeck <linux@xxxxxxxxxxxx> Date: Thu Oct 30 20:50:15 2014 -0700 net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0 If a driver supports reading EEPROM but no EEPROM is installed in the system, the driver's get_eeprom_len function returns 0. ethtool will subsequently try to read that zero-length EEPROM anyway. If the driver does not support EEPROM access at all, this operation will return -EOPNOTSUPP. If the driver does support EEPROM access but no EEPROM is installed, the operation will return -EINVAL. Return -EOPNOTSUPP in both cases for consistency. Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx> Tested-by: Andrew Lunn <andrew@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e19e084eae727654052339757ab7f1eaff58bad Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> Date: Fri Oct 31 18:28:03 2014 +0200 stmmac: pci: set default of the filter bins The commit 3b57de958e2a brought the support for a different amount of the filter bins, but didn't update the PCI driver accordingly. This patch appends the default values when the device is enumerated via PCI bus. Fixes: 3b57de958e2a (net: stmmac: Support devicetree configs for mcast and ucast filter entries) Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7d2911c4381555b31ef0bcae42a0dbf9ade7426e Author: Tony Lindgren <tony@xxxxxxxxxxx> Date: Thu Oct 30 09:59:27 2014 -0700 net: smc91x: Fix gpios for device tree based booting With legacy booting, the platform init code was taking care of the configuring of GPIOs. With device tree based booting, things may or may not work depending what bootloader has configured or if the legacy platform code gets called. Let's add support for the pwrdn and reset GPIOs to the smc91x driver to fix the issues of smc91x not working properly when booted in device tree mode. And let's change n900 to use these settings as some versions of the bootloader do not configure things properly causing errors. Reported-by: Kevin Hilman <khilman@xxxxxxxxxx> Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit de05c400f7dfa566f598140f8604a5de8067cd5f Author: Pravin B Shelar <pshelar@xxxxxxxxxx> Date: Thu Oct 30 00:50:04 2014 -0700 mpls: Allow mpls_gso to be built as module Kconfig already allows mpls to be built as module. Following patch fixes Makefile to do same. CC: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx> Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f7065f4bd3fe4ad6bf7e49ba7c68baa2c7046146 Author: Pravin B Shelar <pshelar@xxxxxxxxxx> Date: Thu Oct 30 00:49:57 2014 -0700 mpls: Fix mpls_gso handler. mpls gso handler needs to pull skb after segmenting skb. CC: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx> Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d59c876dd61f3c151db077f9d73774e605f2b35e Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Fri Oct 31 13:35:57 2014 +0800 r8152: stop submitting intr for -EPROTO For Renesas USB 3.0 host controller, when unplugging the usb hub which has the RTL8153 plugged, the driver would get -EPROTO for interrupt transfer. There is high probability to get the information of "HC died; cleaning up", if the driver continues to submit the interrupt transfer before the disconnect() is called. [ 1024.197678] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.213673] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.229668] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.245661] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.261653] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.277648] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.293642] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.309638] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.325633] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.341627] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.357621] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.373615] r8152 9-1.4:1.0 eth0: intr status -71 [ 1024.383097] usb 9-1: USB disconnect, device number 2 [ 1024.383103] usb 9-1.4: USB disconnect, device number 6 [ 1029.391010] xhci_hcd 0000:04:00.0: xHCI host not responding to stop endpoint command. [ 1029.391016] xhci_hcd 0000:04:00.0: Assuming host is dying, halting host. [ 1029.392551] xhci_hcd 0000:04:00.0: HC died; cleaning up [ 1029.421480] usb 8-1: USB disconnect, device number 2 Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e3a88f9c4f79a4d138a0ea464cfbac40ba46644c Merge: de11b0e 127917c Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Fri Oct 31 12:29:42 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== netfilter/ipvs fixes for net The following patchset contains fixes for netfilter/ipvs. This round of fixes is larger than usual at this stage, specifically because of the nf_tables bridge reject fixes that I would like to see in 3.18. The patches are: 1) Fix a null-pointer dereference that may occur when logging errors. This problem was introduced by 4a4739d56b0 ("ipvs: Pull out crosses_local_route_boundary logic") in v3.17-rc5. 2) Update hook mask in nft_reject_bridge so we can also filter out packets from there. This fixes 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting and postrouting"), which needs this chunk to work. 3) Two patches to refactor common code to forge the IPv4 and IPv6 reject packets from the bridge. These are required by the nf_tables reject bridge fix. 4) Fix nft_reject_bridge by avoiding the use of the IP stack to reject packets from the bridge. The idea is to forge the reject packets and inject them to the original port via br_deliver() which is now exported for that purpose. 5) Restrict nft_reject_bridge to bridge prerouting and input hooks. the original skbuff may cloned after prerouting when the bridge stack needs to flood it to several bridge ports, it is too late to reject the traffic. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 127917c29a432c3b798e014a1714e9c1af0f87fe Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Mon Oct 27 14:08:17 2014 +0100 netfilter: nft_reject_bridge: restrict reject to prerouting and input Restrict the reject expression to the prerouting and input bridge hooks. If we allow this to be used from forward or any other later bridge hook, if the frame is flooded to several ports, we'll end up sending several reject packets, one per cloned packet. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 523b929d5446c023e1219aa81455a8c766cac883 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 18:40:26 2014 +0200 netfilter: nft_reject_bridge: don't use IP stack to reject traffic If the packet is received via the bridge stack, this cannot reject packets from the IP stack. This adds functions to build the reject packet and send it from the bridge stack. Comments and assumptions on this patch: 1) Validate the IPv4 and IPv6 headers before further processing, given that the packet comes from the bridge stack, we cannot assume they are clean. Truncated packets are dropped, we follow similar approach in the existing iptables match/target extensions that need to inspect layer 4 headers that is not available. This also includes packets that are directed to multicast and broadcast ethernet addresses. 2) br_deliver() is exported to inject the reject packet via bridge localout -> postrouting. So the approach is similar to what we already do in the iptables reject target. The reject packet is sent to the bridge port from which we have received the original packet. 3) The reject packet is forged based on the original packet. The TTL is set based on sysctl_ip_default_ttl for IPv4 and per-net ipv6.devconf_all hoplimit for IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 8bfcdf6671b1c8006c52c3eaf9fd1b5dfcf41c3d Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sun Oct 26 12:35:54 2014 +0100 netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions That can be reused by the reject bridge expression to build the reject packet. The new functions are: * nf_reject_ip6_tcphdr_get(): to sanitize and to obtain the TCP header. * nf_reject_ip6hdr_put(): to build the IPv6 header. * nf_reject_ip6_tcphdr_put(): to build the TCP header. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 052b9498eea532deb5de75277a53f6e0623215dc Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 18:24:57 2014 +0200 netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions That can be reused by the reject bridge expression to build the reject packet. The new functions are: * nf_reject_ip_tcphdr_get(): to sanitize and to obtain the TCP header. * nf_reject_iphdr_put(): to build the IPv4 header. * nf_reject_ip_tcphdr_put(): to build the TCP header. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 4d87716cd057bde3f90e304289c1fec88d45a1cc Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat Oct 25 12:25:06 2014 +0200 netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing Fixes: 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting and postrouting") Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit de11b0e8c569b96c2cf6a811e3805b7aeef498a3 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Fri Oct 31 03:10:31 2014 +0000 drivers/net: macvtap and tun depend on INET These drivers now call ipv6_proxy_select_ident(), which is defined only if CONFIG_INET is enabled. However, they have really depended on CONFIG_INET for as long as they have allowed sending GSO packets from userland. Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx> Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") Fixes: b9fb9ee07e67 ("macvtap: add GSO/csum offload support") Fixes: 5188cd44c55d ("drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c1304b217c7cefa5718fab9d36c59ba0d0133c6e Merge: 39bb5e6 5188cd4 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 20:01:27 2014 -0400 Merge branch 'ufo-fix' Ben Hutchings says: ==================== drivers/net,ipv6: Fix IPv6 fragment ID selection for virtio The virtio net protocol supports UFO but does not provide for passing a fragment ID for fragmentation of IPv6 packets. We used to generate a fragment ID wherever such a packet was fragmented, but currently we always use ID=0! v2: Add blank lines after declarations ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Thu Oct 30 18:27:17 2014 +0000 drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets UFO is now disabled on all drivers that work with virtio net headers, but userland may try to send UFO/IPv6 packets anyway. Instead of sending with ID=0, we should select identifiers on their behalf (as we used to). Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Date: Thu Oct 30 18:27:12 2014 +0000 drivers/net: Disable UFO through virtio IPv6 does not allow fragmentation by routers, so there is no fragmentation ID in the fixed header. UFO for IPv6 requires the ID to be passed separately, but there is no provision for this in the virtio net protocol. Until recently our software implementation of UFO/IPv6 generated a new ID, but this was a bug. Now we will use ID=0 for any UFO/IPv6 packet passed through a tap, which is even worse. Unfortunately there is no distinction between UFO/IPv4 and v6 features, so disable UFO on taps and virtio_net completely until we have a proper solution. We cannot depend on VM managers respecting the tap feature flags, so keep accepting UFO packets but log a warning the first time we do this. Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 39bb5e62867de82b269b07df900165029b928359 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 30 10:32:34 2014 -0700 net: skb_fclone_busy() needs to detect orphaned skb Some drivers are unable to perform TX completions in a bound time. They instead call skb_orphan() Problem is skb_fclone_busy() has to detect this case, otherwise we block TCP retransmits and can freeze unlucky tcp sessions on mostly idle hosts. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 1f3279ae0c13 ("tcp: avoid retransmits of TCP packets hanging in host queues") Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 14051f0452a2c26a3f4791e6ad6a435e8f1945ff Author: Tom Herbert <therbert@xxxxxxxxxx> Date: Thu Oct 30 08:40:56 2014 -0700 gre: Use inner mac length when computing tunnel length Currently, skb_inner_network_header is used but this does not account for Ethernet header for ETH_P_TEB. Use skb_inner_mac_header which handles TEB and also should work with IP encapsulation in which case inner mac and inner network headers are the same. Tested: Ran TCP_STREAM over GRE, worked as expected. Signed-off-by: Tom Herbert <therbert@xxxxxxxxxx> Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 292dd6542f90126826fe87b302e6afa3b7ada6b8 Merge: 9cc233f 571e1b2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 19:49:20 2014 -0400 Merge branch 'mellanox-net' Or Gerlitz says: ==================== mlx4 driver encapsulation/steering fixes The 1st patch fixes a bug in the TX path that supports offloading the TX checksum of (VXLAN) encapsulated TCP packets. It turns out that the bug is revealed only when the receiver runs in non-offloaded mode, so we somehow missed it so far... please queue it for -stable >= 3.14 The 2nd patch makes sure not to leak steering entry on error flow, please queue it to 3.17-stable ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 571e1b2c7a4c2fd5faa1648462a6b65fa26530d7 Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Date: Thu Oct 30 15:59:28 2014 +0200 mlx4: Avoid leaking steering rules on flow creation error flow If mlx4_ib_create_flow() attempts to create > 1 rules with the firmware, and one of these registrations fail, we leaked the already created flow rules. One example of the leak is when the registration of the VXLAN ghost steering rule fails, we didn't unregister the original rule requested by the user, introduced in commit d2fce8a9060d "mlx4: Set user-space raw Ethernet QPs to properly handle VXLAN traffic". While here, add dump of the VXLAN portion of steering rules so it can actually be seen when flow creation fails. Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit a4f2dacbf2a5045e34b98a35d9a3857800f25a7b Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Date: Thu Oct 30 15:59:27 2014 +0200 net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN For VXLAN/NVGRE encapsulation, the current HW doesn't support offloading both the outer UDP TX checksum and the inner TCP/UDP TX checksum. The driver doesn't advertize SKB_GSO_UDP_TUNNEL_CSUM, however we are wrongly telling the HW to offload the outer UDP checksum for encapsulated packets, fix that. Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP offloads of vxlan tunneling') Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9cc233fb0f94b79d07cf141a625e237769d267a1 Merge: fa19c2b0 e3215f0 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 19:46:33 2014 -0400 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2014-10-30 This series contains updates to e1000, igb and ixgbe. Francesco Ruggeri fixes an issue with e1000 where in a VM the driver did not support unicast filtering. Roman Gushchin fixes an issue with igb where the driver was re-using mapped pages so that packets were still getting dropped even if all the memory issues are gone and there is free memory. Junwei Zhang found where in the ixgbe_clean_rx_ring() we were repeating the assignment of NULL to the receive buffer skb and fixes it. Emil fixes a race condition between setup_link and SFP detection routine in the watchdog when setting the advertised speed. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58 Author: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx> Date: Thu Oct 30 10:09:53 2014 +0100 ipv4: Do not cache routing failures due to disabled forwarding. If we cache them, the kernel will reuse them, independently of whether forwarding is enabled or not. Which means that if forwarding is disabled on the input interface where the first routing request comes from, then that unreachable result will be cached and reused for other interfaces, even if forwarding is enabled on them. The opposite is also true. This can be verified with two interfaces A and B and an output interface C, where B has forwarding enabled, but not A and trying ip route get $dst iif A from $src && ip route get $dst iif B from $src Signed-off-by: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx> Reviewed-by: Julian Anastasov <ja@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e327c225c911529898ec300cb96d2088893de3df Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Wed Oct 29 17:54:03 2014 -0700 cxgb4 : Fix missing initialization of win0_lock win0_lock was being used un-initialized, resulting in warning traces being seen when lock debugging is enabled (and just wrong) Fixes : fc5ab0209650 ('cxgb4: Replaced the backdoor mechanism to access the HW memory with PCIe Window method') Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: Casey Leedom <leedom@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 83810a9a6af310e413ce649c6ca2df2b4946e5a4 Merge: d70127e e3bd1a8 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Thu Oct 30 15:49:05 2014 -0400 Merge branch 'r8152-net' Hayes Wang says: ==================== r8152: patches for autosuspend There are unexpected processes when enabling autosuspend. These patches are used to fix them. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit e3bd1a81cd1e3f8ed961e642e97206d715db06c4 Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:17 2014 +0800 r8152: check WORK_ENABLE in suspend function Avoid unnecessary behavior when autosuspend occurs during open(). The relative processes should only be run after finishing open(). Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f4c7476b041d200c3b347f019eebf05e6d0b47f9 Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:16 2014 +0800 r8152: reset tp->speed before autoresuming in open function If (tp->speed & LINK_STATUS) is not zero, the rtl8152_resume() would call rtl_start_rx() before enabling the tx/rx. Avoid this by resetting it to zero. Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 923e1ee3ff0b585cc4f56cf696c8455708537ffb Author: hayeswang <hayeswang@xxxxxxxxxxx> Date: Wed Oct 29 11:12:15 2014 +0800 r8152: clear SELECTIVE_SUSPEND when autoresuming The flag of SELECTIVE_SUSPEND should be cleared when autoresuming. Otherwise, when the system suspend and resume occur, it may have the wrong flow. Besides, because the flag of SELECTIVE_SUSPEND couldn't be used to check if the hw enables the relative feature, it should alwayes be disabled in close(). Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 75a916e1944fea8347d2245c62567187e4eff9dd Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:13 2014 -0500 rtlwifi: rtl8192se: Fix firmware loading An error in the code makes the allocated space for firmware to be too small. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 8ae3c16e41b02db8ffe4121468519d6352baedc1 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:11 2014 -0500 rtlwifi: rtl8192ce: Add missing section to read descriptor setting The new version of rtlwifi needs code in rtl92ce_get_desc() that returns the buffer address for read operations. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 30c5ccc6afee39754cff75ad8d775ad39a2ce989 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:10 2014 -0500 rtlwifi: rtl8192se: Add missing section to read descriptor setting The new version of rtlwifi needs code in rtl92se_get_desc() that returns the buffer address for read operations. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 501479699ff484ba8acc1d07022271f00cfc55a3 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:09 2014 -0500 rtlwifi: rtl8192se: Fix duplicate calls to ieee80211_register_hw() Driver rtlwifi has been modified to call ieee80211_register_hw() from the probe routine; however, the existing call in the callback routine for deferred firmware loading was not removed. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit c0386f1584127442d0f2aea41bc948056d6b1337 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Wed Oct 29 23:17:08 2014 -0500 rtlwifi: rtl8192ce: rtl8192de: rtl8192se: Fix handling for missing get_btc_status The recent changes in checking for Bluetooth status added some callbacks to code in rtlwifi. To make certain that all callbacks are defined, a dummy routine has been added to rtlwifi, and the drivers that need to use it are modified. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 3a8fede115f12f7b90524d1ba4e709ce398ce8c6 Author: Marc Yang <yangyang@xxxxxxxxxxx> Date: Wed Oct 29 22:44:34 2014 +0530 mwifiex: restart rxreorder timer correctly During 11n RX reordering, if there is a hole in RX table, driver will not send packets to kernel until the rxreorder timer expires or the table is full. However, currently driver always restarts rxreorder timer when receiving a packet, which causes the timer hardly to expire. So while connected with to 11n AP in a busy environment, ping packets may get blocked for about 30 seconds. This patch fixes this timer restarting by ensuring rxreorder timer would only be restarted either timer is not set or start_win has changed. Signed-off-by: Chin-Ran Lo <crlo@xxxxxxxxxxx> Signed-off-by: Plus Chen <pchen@xxxxxxxxxxx> Signed-off-by: Marc Yang <yangyang@xxxxxxxxxxx> Signed-off-by: Cathy Luo <cluo@xxxxxxxxxxx> Signed-off-by: Avinash Patil <patila@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit a017ff755e43de9a3221d4ff4f03184ea7b93733 Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Wed Oct 29 18:48:05 2014 +0300 ath9k: fix some debugfs output The right shift operation has higher precedence than the mask so we left shift by "(i * 3)" and then immediately right shift by "(i * 3)" then we mask. It should be left shift, mask, and then right shift. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 664d6a792785cc677c2091038ce10322c8d04ae1 Author: Cyril Brulebois <kibi@xxxxxxxxxx> Date: Tue Oct 28 16:42:41 2014 +0100 wireless: rt2x00: add new rt2800usb device 0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle References: https://bugs.debian.org/766802 Reported-by: Martin Mokrejs <mmokrejs@xxxxxxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Cyril Brulebois <kibi@xxxxxxxxxx> Acked-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit e3215f0ac77ec23b052cb0bf511143038ac2ad7b Author: Emil Tantilov <emil.s.tantilov@xxxxxxxxx> Date: Tue Oct 28 05:50:03 2014 +0000 ixgbe: fix race when setting advertised speed Following commands: modprobe ixgbe ifconfig ethX up ethtool -s ethX advertise 0x020 can lead to "setup link failed with code -14" error due to the setup_link call racing with the SFP detection routine in the watchdog. This patch resolves this issue by protecting the setup_link call with check for __IXGBE_IN_SFP_INIT. Reported-by: Scott Harrison <scoharr2@xxxxxxxxx> Signed-off-by: Emil Tantilov <emil.s.tantilov@xxxxxxxxx> Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit 4d2fcfbcf8141cdf70245a0c0612b8076f4b7e32 Author: Junwei Zhang <linggao.zjw@xxxxxxxxxxxxxxx> Date: Wed Oct 22 15:29:03 2014 +0000 ixgbe: need not repeat init skb with NULL Signed-off-by: Martin Zhang <martinbj2008@xxxxxxxxx> Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit bc16e47f03a7dce9ad68029b21519265c334eb12 Author: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Date: Thu Oct 23 03:32:27 2014 +0000 igb: don't reuse pages with pfmemalloc flag Incoming packet is dropped silently by sk_filter(), if the skb was allocated from pfmemalloc reserves and the corresponding socket is not marked with the SOCK_MEMALLOC flag. Igb driver allocates pages for DMA with __skb_alloc_page(), which calls alloc_pages_node() with the __GFP_MEMALLOC flag. So, in case of OOM condition, igb can get pages with pfmemalloc flag set. If an incoming packet hits the pfmemalloc page and is large enough (small packets are copying into the memory, allocated with netdev_alloc_skb_ip_align(), so they are not affected), it will be dropped. This behavior is ok under high memory pressure, but the problem is that the igb driver reuses these mapped pages. So, packets are still dropping even if all memory issues are gone and there is a plenty of free memory. In my case, some TCP sessions hang on a small percentage (< 0.1%) of machines days after OOMs. Fix this by avoiding reuse of such pages. Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Tested-by: Aaron Brown "aaron.f.brown@xxxxxxxxx" Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit a22bb0b9b9b09b4cc711f6d577679773e074dde9 Author: Francesco Ruggeri <fruggeri@xxxxxxxxxxxxxxxxxx> Date: Wed Oct 22 15:29:24 2014 +0000 e1000: unset IFF_UNICAST_FLT on WMware 82545EM VMWare's e1000 implementation does not seem to support unicast filtering. This can be observed by configuring a macvlan interface on eth0 in a VM in VMWare Fusion 5.0.5, and trying to use that interface instead of eth0. Tested on 3.16. Signed-off-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx> Tested-by: Aaron Brown <aaron.f.brown@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> commit d70127e8a942364de8dd140fe73893efda363293 Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Date: Tue Oct 28 10:44:01 2014 +0100 inet: frags: remove the WARN_ON from inet_evict_bucket The WARN_ON in inet_evict_bucket can be triggered by a valid case: inet_frag_kill and inet_evict_bucket can be running in parallel on the same queue which means that there has been at least one more ref added by a previous inet_frag_find call, but inet_frag_kill can delete the timer before inet_evict_bucket which will cause the WARN_ON() there to trigger since we'll have refcnt!=1. Now, this case is valid because the queue is being "killed" for some reason (removed from the chain list and its timer deleted) so it will get destroyed in the end by one of the inet_frag_put() calls which reaches 0 i.e. refcnt is still valid. CC: Florian Westphal <fw@xxxxxxxxx> CC: Eric Dumazet <eric.dumazet@xxxxxxxxx> CC: Patrick McLean <chutzpah@xxxxxxxxxx> Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue") Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 65ba1f1ec0eff1c25933468e1d238201c0c2cb29 Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Date: Tue Oct 28 10:30:34 2014 +0100 inet: frags: fix a race between inet_evict_bucket and inet_frag_kill When the evictor is running it adds some chosen frags to a local list to be evicted once the chain lock has been released but at the same time the *frag_queue can be running for some of the same queues and it may call inet_frag_kill which will wait on the chain lock and will then delete the queue from the wrong list since it was added in the eviction one. The fix is simple - check if the queue has the evict flag set under the chain lock before deleting it, this is safe because the evict flag is set only under that lock and having the flag set also means that the queue has been detached from the chain list, so no need to delete it again. An important note to make is that we're safe w.r.t refcnt because inet_frag_kill and inet_evict_bucket will sync on the del_timer operation where only one of the two can succeed (or if the timer is executing - none of them), the cases are: 1. inet_frag_kill succeeds in del_timer - then the timer ref is removed, but inet_evict_bucket will not add this queue to its expire list but will restart eviction in that chain 2. inet_evict_bucket succeeds in del_timer - then the timer ref is kept until the evictor "expires" the queue, but inet_frag_kill will remove the initial ref and will set INET_FRAG_COMPLETE which will make the frag_expire fn just to remove its ref. In the end all of the queue users will do an inet_frag_put and the one that reaches 0 will free it. The refcount balance should be okay. CC: Florian Westphal <fw@xxxxxxxxx> CC: Eric Dumazet <eric.dumazet@xxxxxxxxx> CC: Patrick McLean <chutzpah@xxxxxxxxxx> Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue") Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx> Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx> Tested-by: Patrick McLean <chutzpah@xxxxxxxxxx> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx> Reviewed-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8f4eb70059ee834522ce90a6fce0aa3078c18620 Author: Tej Parkash <tej.parkash@xxxxxxxxxx> Date: Tue Oct 28 01:18:15 2014 -0400 cnic: Update the rcu_access_pointer() usages 1. Remove the rcu_read_lock/unlock around rcu_access_pointer 2. Replace the rcu_dereference with rcu_access_pointer Signed-off-by: Tej Parkash <tej.parkash@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit cd03cf0158449f9f4c19ecb54dfc97d9bd86eeeb Author: Hariprasad Shenai <hariprasad@xxxxxxxxxxx> Date: Mon Oct 27 23:22:10 2014 +0530 cxgb4vf: Replace repetitive pci device ID's with right ones Replaced repetive Device ID's which got added in commit b961f9a48844ecf3 ("cxgb4vf: Remove superfluous "idx" parameter of CH_DEVICE() macro") Signed-off-by: Hariprasad Shenai <hariprasad@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b2ed64a97430a26a63c6ea91c9b50e639a98dfbc Author: Lubomir Rintel <lkundrak@xxxxx> Date: Mon Oct 27 17:39:16 2014 +0100 ipv6: notify userspace when we added or changed an ipv6 token NetworkManager might want to know that it changed when the router advertisement arrives. Signed-off-by: Lubomir Rintel <lkundrak@xxxxx> Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Cc: Daniel Borkmann <dborkman@xxxxxxxxxx> Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d56109020d93337545dd257a790cb429a70acfad Author: WANG Cong <xiyou.wangcong@xxxxxxxxx> Date: Fri Oct 24 16:55:58 2014 -0700 sch_pie: schedule the timer after all init succeed Cc: Vijay Subramanian <vijaynsu@xxxxxxxxx> Cc: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx> Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> commit 068301f2be36a5c1ee9a2521c94b98e343612a88 Merge: 9ffa1fc b77e26d Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 17:26:24 2014 -0400 Merge branch 'cdc-ether' Olivier Blin says: ==================== cdc-ether: handle promiscuous mode Since kernel 3.16, my Lenovo USB network adapters (RTL8153) using cdc-ether are not working anymore in a bridge. This is due to commit c472ab68ad67db23c9907a27649b7dc0899b61f9, which resets the packet filter when the device is bound. The default packet filter set by cdc-ether does not include promiscuous, while the adapter seemed to have promiscuous enabled by default. This patch series allows to support promiscuous mode for cdc-ether, by hooking into set_rx_mode. Incidentally, maybe this device should be handled by the r8152 driver, but this patch series is still nice for other adapters. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Acked-by: Oliver Neukum <oneukum@xxxxxxx> commit b77e26d191590c73b4a982ea3b3b87194069a56a Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:02 2014 +0200 cdc-ether: handle promiscuous mode with a set_rx_mode callback Promiscuous mode was not supported anymore with my Lenovo adapters (RTL8153) since commit c472ab68ad67db23c9907a27649b7dc0899b61f9 (cdc-ether: clean packet filter upon probe). It was not possible to use them in a bridge anymore. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Also-analyzed-by: Loïc Yhuel <loic.yhuel@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d80c679bc1526183f1cf4adc54b0b72e8798555e Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:01 2014 +0200 cdc-ether: extract usbnet_cdc_update_filter function This will be used by the set_rx_mode callback. Also move a comment about multicast filtering in this new function. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1efed2d06c703489342ab6af2951683e07509c99 Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Date: Fri Oct 24 19:43:00 2014 +0200 usbnet: add a callback for set_rx_mode To delegate promiscuous mode and multicast filtering to the subdriver. Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9ffa1fcaef222026a8e031830f8db29d3f2cfc47 Merge: ebcf34f 704d33e Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 17:08:56 2014 -0400 Merge branch 'systemport-net' Florian Fainelli says: ==================== net: systemport: RX path and suspend fixes These two patches fix a race condition where we have our RX interrupts enabled, but not NAPI for the RX path, and the second patch fixes an issue for packets stuck in RX fifo during a suspend/resume cycle. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 Author: Florian Fainelli <f.fainelli@xxxxxxxxx> Date: Tue Oct 28 11:12:01 2014 -0700 net: systemport: reset UniMAC coming out of a suspend cycle bcm_sysport_resume() was missing an UniMAC reset which can lead to various receive FIFO corruptions coming out of a suspend cycle. If the RX FIFO is stuck, it will deliver corrupted/duplicate packets towards the host CPU interface. This could be reproduced on crowded network and when Wake-on-LAN is enabled for this particular interface because the switch still forwards packets towards the host CPU interface (SYSTEMPORT), and we had to leave the UniMAC RX enable bit on to allow matching MagicPackets. Once we re-enter the resume function, there is a small window during which the UniMAC receive is still enabled, and we start queueing packets, but the RDMA and RBUF engines are not ready, which leads to having packets stuck in the UniMAC RX FIFO, ultimately delivered towards the host CPU as corrupted. Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support") Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 Author: Florian Fainelli <f.fainelli@xxxxxxxxx> Date: Tue Oct 28 11:12:00 2014 -0700 net: systemport: enable RX interrupts after NAPI There is currently a small window during which the SYSTEMPORT adapter enables its RX interrupts without having enabled its NAPI handler, which can result in packets to be discarded during interface bringup. A similar but more serious window exists in bcm_sysport_resume() during which we can have the RDMA engine not fully prepared to receive packets and yet having RX interrupts enabled. Fix this my moving the RX interrupt enable down to bcm_sysport_netif_start() after napi_enable() for the RX path is called, which fixes both call sites: bcm_sysport_open() and bcm_sysport_resume(). Fixes: b02e6d9ba7ad ("net: systemport: add bcm_sysport_netif_{enable,stop}") Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ebcf34f3d4be11f994340aff629f3c17171a4f65 Author: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Date: Sun Oct 26 19:14:06 2014 -0700 skbuff.h: fix kernel-doc warning for headers_end Fix kernel-doc warning in <linux/skbuff.h> by making both headers_start and headers_end private fields. Warning(..//include/linux/skbuff.h:654): No description found for parameter 'headers_end[0]' Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 99d881f993f066c75059d24e44c74f7a3fc199bc Author: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx> Date: Sun Oct 26 14:22:24 2014 -0500 net: phy: Add SGMII Configuration for Marvell 88E1145 Initialization Marvell phy 88E1145 configuration & initialization was missing a case for initializing SGMII mode. This patch adds that case. Signed-off-by: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 47276fcc2d542e7b15e384c08b1709c1921b06c1 Author: Mugunthan V N <mugunthanvnm@xxxxxx> Date: Fri Oct 24 18:51:33 2014 +0530 drivers: net:cpsw: fix probe_dt when only slave 1 is pinned out when slave 0 has no phy and slave 1 connected to phy, driver probe will fail as there is no phy id present for slave 0 device tree, so continuing even though no phy-id found, also moving mac-id read later to ensure mac-id is read from device tree even when phy-id entry in not found. Signed-off-by: Mugunthan V N <mugunthanvnm@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 25946f20b775f5c630d4326dd7a7f1df0576eb57 Merge: 3923d68 99c8140 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 15:30:15 2014 -0400 Merge tag 'master-2014-10-27' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== pull request: wireless 2014-10-28 Please pull this batch of fixes intended for the 3.18 stream! For the mac80211 bits, Johannes says: "Here are a few fixes for the wireless stack: one fixes the RTS rate, one for a debugfs file, one to return the correct channel to userspace, a sanity check for a userspace value and the remaining two are just documentation fixes." For the iwlwifi bits, Emmanuel says: "I revert here a patch that caused interoperability issues. dvm gets a fix for a bug that was reported by many users. Two minor fixes for BT Coex and platform power fix that helps reducing latency when the PCIe link goes to low power states." In addition... Felix Fietkau adds a couple of ath code fixes related to regulatory rule enforcement. Hauke Mehrtens fixes a build break with bcma when CONFIG_OF_ADDRESS is not set. Karsten Wiese provides a trio of minor fixes for rtl8192cu. Kees Cook prevents a potential information leak in rtlwifi. Larry Finger also brings a trio of minor fixes for rtlwifi. RafaÅ? MiÅ?ecki adds a device ID to the bcma bus driver. Rickard Strandqvist offers some strn* -> strl* changes in brcmfmac to eliminate non-terminated string issues. Sujith Manoharan avoids some ath9k stalls by enabling HW queue control only for MCC. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3923d68dc05033aa843b67d73110a6d402ac6e14 Merge: f89b775 c146b77 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 28 15:28:30 2014 -0400 Merge branch 'dsa-net' Andrew Lunn says: ==================== DSA tagging mismatches The second patch is a fix, which should be applied to -rc. It is possible to get a DSA configuration which does not work. The patch stops this happening. The first patch detects this situation, and errors out the probe of DSA, making it more obvious something is wrong. It is not required to apply it -rc. v2 fixes the use case pointed out by Florian, that a switch driver may use DSA_TAG_PROTO_NONE which the patch did not correctly handle. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c146b7788e5721ec15bc0197bedf75849508e7ea Author: Andrew Lunn <andrew@xxxxxxx> Date: Fri Oct 24 23:44:05 2014 +0200 dsa: mv88e6171: Fix tagging protocol/Kconfig The mv88e6171 can support two different tagging protocols, DSA and EDSA. The switch driver structure only allows one protocol to be enumerated, and DSA was chosen. However the Kconfig entry ensures the EDSA tagging code is built. With a minimal configuration, we then end up with a mismatch. The probe is successful, EDSA tagging is used, but the switch is configured for DSA, resulting in mangled packets. Change the switch driver structure to enumerate EDSA, fixing the mismatch. Signed-off-by: Andrew Lunn <andrew@xxxxxxx> Fixes: 42f272539487 ("net: DSA: Marvell mv88e6171 switch driver") Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ae439286a0dec99cc8029868243689b5b5f3ff75 Author: Andrew Lunn <andrew@xxxxxxx> Date: Fri Oct 24 23:44:04 2014 +0200 net: dsa: Error out on tagging protocol mismatches If there is a mismatch between enabled tagging protocols and the protocol the switch supports, error out, rather than continue with a situation which is unlikely to work. Signed-off-by: Andrew Lunn <andrew@xxxxxxx> cc: alexander.h.duyck@xxxxxxxxx Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3d53666b40007b55204ee8890618da79a20c9940 Author: Alex Gartrell <agartrell@xxxxxx> Date: Mon Oct 6 08:46:19 2014 -0700 ipvs: Avoid null-pointer deref in debug code Use daddr instead of reaching into dest. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Alex Gartrell <agartrell@xxxxxx> Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx> commit f89b7755f517cdbb755d7543eef986ee9d54e654 Author: Alexei Starovoitov <ast@xxxxxxxxxxxx> Date: Thu Oct 23 18:41:08 2014 -0700 bpf: split eBPF out of NET introduce two configs: - hidden CONFIG_BPF to select eBPF interpreter that classic socket filters depend on - visible CONFIG_BPF_SYSCALL (default off) that tracing and sockets can use that solves several problems: - tracing and others that wish to use eBPF don't need to depend on NET. They can use BPF_SYSCALL to allow loading from userspace or select BPF to use it directly from kernel in NET-less configs. - in 3.18 programs cannot be attached to events yet, so don't force it on - when the rest of eBPF infra is there in 3.19+, it's still useful to switch it off to minimize kernel size bloat-o-meter on x64 shows: add/remove: 0/60 grow/shrink: 0/2 up/down: 0/-15601 (-15601) tested with many different config combinations. Hopefully didn't miss anything. Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx> Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8ae3c911b9efcca653c552a9c74957a6cb04a87d Merge: 5d26b1f 3bb0626 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 27 19:00:16 2014 -0400 Merge branch 'cxgb4-net' Anish Bhatt says: ==================== cxgb4 : DCBx fixes for apps/host lldp agents This patchset contains some minor fixes for cxgb4 DCBx code. Chiefly, cxgb4 was not cleaning up any apps added to kernel app table when link was lost. Disabling DCBx in firmware would automatically set DCBx state to host-managed and enabled, we now wait for an explicit enable call from an lldp agent instead First patch was originally sent to net-next, but considering it applies to correcting behaviour of code already in net, I think it qualifies as a bug fix. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 3bb062613b1ecbd0c388106f61344d699f7859ec Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Thu Oct 23 14:37:31 2014 -0700 cxgb4 : Handle dcb enable correctly Disabling DCBx in firmware automatically enables DCBx for control via host lldp agents. Wait for an explicit setstate call from an lldp agents to enable DCBx instead. Fixes: 76bcb31efc06 ("cxgb4 : Add DCBx support codebase and dcbnl_ops") Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 2376c879b80c83424a3013834be97fb9fe2d4180 Author: Anish Bhatt <anish@xxxxxxxxxxx> Date: Thu Oct 23 14:37:30 2014 -0700 cxgb4 : Improve handling of DCB negotiation or loss thereof Clear out any DCB apps we might have added to kernel table when we lose DCB sync (or IEEE equivalent event). These were previously left behind and not cleaned up correctly. IEEE allows individual components to work independently, so improve check for IEEE completion by specifying individual components. Fixes: 10b0046685ab ("cxgb4: IEEE fixes for DCBx state machine") Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5d26b1f50a610fb28700cdc3446590495a5f607c Merge: 93a35f5 7965ee9 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 27 18:47:40 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Allow to recycle a TCP port in conntrack when the change role from server to client, from Marcelo Leitner. 2) Fix possible off by one access in ip_set_nfnl_get_byindex(), patch from Dan Carpenter. 3) alloc_percpu returns NULL on error, no need for IS_ERR() in nf_tables chain statistic updates. From Sabrina Dubroca. 4) Don't compile ip options in bridge netfilter, this mangles the packet and bridge should not alter layer >= 3 headers when forwarding packets. Patch from Herbert Xu and tested by Florian Westphal. 5) Account the final NLMSG_DONE message when calculating the size of the nflog netlink batches. Patch from Florian Westphal. 6) Fix a possible netlink attribute length overflow with large packets. Again from Florian Westphal. 7) Release the skbuff if nfnetlink_log fails to put the final NLMSG_DONE message. This fixes a leak on error. This shouldn't ever happen though, otherwise this means we miscalculate the netlink batch size, so spot a warning if this ever happens so we can track down the problem. This patch from Houcheng Lin. 8) Look at the right list when recycling targets in the nft_compat, patch from Arturo Borrero. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7965ee93719921ea5978f331da653dfa2d7b99f5 Author: Arturo Borrero <arturo.borrero.glez@xxxxxxxxx> Date: Sun Oct 26 12:22:40 2014 +0100 netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops() The code looks for an already loaded target, and the correct list to search is nft_target_list, not nft_match_list. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 99c814066e75d09e6a38574c6c395f022a04b730 Merge: fad1dbc 11b2357 Author: John W. Linville <linville@xxxxxxxxxxxxx> Date: Mon Oct 27 13:38:15 2014 -0400 Merge tag 'mac80211-for-john-2014-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg <johannes@xxxxxxxxxxxxxxxx> says: "Here are a few fixes for the wireless stack: one fixes the RTS rate, one for a debugfs file, one to return the correct channel to userspace, a sanity check for a userspace value and the remaining two are just documentation fixes." Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit fad1dbc8efb4e51e121c745a99c0fb22b420a5c6 Merge: 0805420 7f2ac8f Author: John W. Linville <linville@xxxxxxxxxxxxx> Date: Mon Oct 27 13:35:59 2014 -0400 Merge tag 'iwlwifi-for-john-2014-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes Emmanuel Grumbach <egrumbach@xxxxxxxxx> says: "I revert here a patch that caused interoperability issues. dvm gets a fix for a bug that was reported by many users. Two minor fixes for BT Coex and platform power fix that helps reducing latency when the PCIe link goes to low power states." Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 93a35f59f1b13a02674877e3efdf07ae47e34052 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 23 06:30:30 2014 -0700 net: napi_reuse_skb() should check pfmemalloc Do not reuse skb if it was pfmemalloc tainted, otherwise future frame might be dropped anyway. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit aa9c5579153535fb317a9d34c7d8eaf02b7ef4cd Merge: b71e821 bf1bac5 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Sun Oct 26 22:46:08 2014 -0400 Merge branch 'mellanox' Eli Cohen says: ==================== irq sync fixes This two patch series fixes a race where an interrupt handler could access a freed memory. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit bf1bac5b7882daa41249f85fbc97828f0597de5c Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx> Date: Thu Oct 23 15:57:27 2014 +0300 net/mlx4_core: Call synchronize_irq() before freeing EQ buffer After moving the EQ ownership to software effectively destroying it, call synchronize_irq() to ensure that any handler routines running on other CPU cores finish execution. Only then free the EQ buffer. The same thing is done when we destroy a CQ which is one of the sources generating interrupts. In the case of CQ we want to avoid completion handlers on a CQ that was destroyed. In the case we do the same to avoid receiving asynchronous events after the EQ has been destroyed and its buffers freed. Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 96e4be06cbfcb8c9c2da7c77bacce0e56b581c0b Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx> Date: Thu Oct 23 15:57:26 2014 +0300 net/mlx5_core: Call synchronize_irq() before freeing EQ buffer After destroying the EQ, the object responsible for generating interrupts, call synchronize_irq() to ensure that any handler routines running on other CPU cores finish execution. Only then free the EQ buffer. This patch solves a very rare case when we get panic on driver unload. The same thing is done when we destroy a CQ which is one of the sources generating interrupts. In the case of CQ we want to avoid completion handlers on a CQ that was destroyed. In the case we do the same to avoid receiving asynchronous events after the EQ has been destroyed and its buffers freed. Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b71e821de50f0ff92f10f33064ee1713e9014158 Author: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Date: Thu Oct 23 10:25:53 2014 +0200 drivers: net: xgene: Rewrite buggy loop in xgene_enet_ecc_init() drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c: In function â??xgene_enet_ecc_initâ??: drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c:126: warning: â??dataâ?? may be used uninitialized in this function Depending on the arbitrary value on the stack, the loop may terminate too early, and cause a bogus -ENODEV failure. Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 013f6579c6e4f9517127a176bfc37bbac0b766cb Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Wed Oct 22 20:06:29 2014 -0700 i40e: _MASK vs _SHIFT typo in i40e_handle_mdd_event() We accidentally mask by the _SHIFT variable. It means that "event" is always zero. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Tested-by: Jim Young <jamesx.m.young@xxxxxxxxx> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit fe0ca7328d03d36aafecebb3af650e1bb2841c20 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Wed Oct 22 19:43:46 2014 -0700 macvlan: fix a race on port dismantle and possible skb leaks We need to cancel the work queue after rcu grace period, otherwise it can be rescheduled by incoming packets. We need to purge queue if some skbs are still in it. We can use __skb_queue_head_init() variant in macvlan_process_broadcast() Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 412ca1550cbec ("macvlan: Move broadcasts into a work queue") Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 349ce993ac706869d553a1816426d3a4bfda02b1 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Thu Oct 23 12:58:58 2014 -0700 tcp: md5: do not use alloc_percpu() percpu tcp_md5sig_pool contains memory blobs that ultimately go through sg_set_buf(). -> sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); This requires that whole area is in a physically contiguous portion of memory. And that @buf is not backed by vmalloc(). Given that alloc_percpu() can use vmalloc() areas, this does not fit the requirements. Replace alloc_percpu() by a static DEFINE_PER_CPU() as tcp_md5sig_pool is small anyway, there is no gain to dynamically allocate it. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Fixes: 765cf9976e93 ("tcp: md5: remove one indirection level in tcp_md5sig_pool") Reported-by: Crestez Dan Leonard <cdleonard@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 4cc40af08032a513e2e68fa6d7818b77179a86af Merge: 5345c1d ecf08d2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Sat Oct 25 14:15:25 2014 -0400 Merge branch 'xen-netback' David Vrabel says: ==================== xen-netback: guest Rx queue drain and stall fixes This series fixes two critical xen-netback bugs. 1. Netback may consume all of host memory by queuing an unlimited number of skb on the internal guest Rx queue. This behaviour is guest triggerable. 2. Carrier flapping under high traffic rates which reduces performance. The first patch is a prerequite. Removing support for frontends with feature-rx-notify makes it easier to reason about the correctness of netback since it no longer has to support this outdated and broken mode. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ecf08d2dbb96d5a4b4bcc53a39e8d29cc8fef02e Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:55 2014 +0100 xen-netback: reintroduce guest Rx stall detection If a frontend not receiving packets it is useful to detect this and turn off the carrier so packets are dropped early instead of being queued and drained when they expire. A to-guest queue is stalled if it doesn't have enough free slots for a an extended period of time (default 60 s). If at least one queue is stalled, the carrier is turned off (in the expectation that the other queues will soon stall as well). The carrier is only turned on once all queues are ready. When the frontend connects, all the queues start in the stalled state and only become ready once the frontend queues enough Rx requests. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f48da8b14d04ca87ffcffe68829afd45f926ec6a Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:54 2014 +0100 xen-netback: fix unlimited guest Rx internal queue and carrier flapping Netback needs to discard old to-guest skb's (guest Rx queue drain) and it needs detect guest Rx stalls (to disable the carrier so packets are discarded earlier), but the current implementation is very broken. 1. The check in hard_start_xmit of the slot availability did not consider the number of packets that were already in the guest Rx queue. This could allow the queue to grow without bound. The guest stops consuming packets and the ring was allowed to fill leaving S slot free. Netback queues a packet requiring more than S slots (ensuring that the ring stays with S slots free). Netback queue indefinately packets provided that then require S or fewer slots. 2. The Rx stall detection is not triggered in this case since the (host) Tx queue is not stopped. 3. If the Tx queue is stopped and a guest Rx interrupt occurs, netback will consider this an Rx purge event which may result in it taking the carrier down unnecessarily. It also considers a queue with only 1 slot free as unstalled (even though the next packet might not fit in this). The internal guest Rx queue is limited by a byte length (to 512 Kib, enough for half the ring). The (host) Tx queue is stopped and started based on this limit. This sets an upper bound on the amount of memory used by packets on the internal queue. This allows the estimatation of the number of slots for an skb to be removed (it wasn't a very good estimate anyway). Instead, the guest Rx thread just waits for enough free slots for a maximum sized packet. skbs queued on the internal queue have an 'expires' time (set to the current time plus the drain timeout). The guest Rx thread will detect when the skb at the head of the queue has expired and discard expired skbs. This sets a clear upper bound on the length of time an skb can be queued for. For a guest being destroyed the maximum time needed to wait for all the packets it sent to be dropped is still the drain timeout (10 s) since it will not be sending new packets. Rx stall detection is reintroduced in a later commit. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit bc96f648df1bbc2729abbb84513cf4f64273a1f1 Author: David Vrabel <david.vrabel@xxxxxxxxxx> Date: Wed Oct 22 14:08:53 2014 +0100 xen-netback: make feature-rx-notify mandatory Frontends that do not provide feature-rx-notify may stall because netback depends on the notification from frontend to wake the guest Rx thread (even if can_queue is false). This could be fixed but feature-rx-notify was introduced in 2006 and I am not aware of any frontends that do not implement this. Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 5345c1d417c1b0caf46fd2766d16bb4357a347d8 Author: Richard Cochran <richardcochran@xxxxxxxxx> Date: Wed Oct 22 21:35:15 2014 +0200 ptp: restore the makefile for building the test program. This patch brings back the makefile called testptp.mk which was removed in commit adb19fb66eee (Documentation: add makefiles for more targets). While the idea of that commit was to improve build coverage of the examples, the new Makefile is unable to cross compile the testptp program. In contrast, the deleted makefile was able to do this just fine. This patch fixes the regression by restoring the original makefile. Signed-off-by: Richard Cochran <richardcochran@xxxxxxxxx> Acked-by: Peter Foley <pefoley2@xxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b51d3fa364885a2c1e1668f88776c67c95291820 Author: Houcheng Lin <houcheng@xxxxxxxxx> Date: Thu Oct 23 10:36:08 2014 +0200 netfilter: nf_log: release skbuff on nlmsg put failure The kernel should reserve enough room in the skb so that the DONE message can always be appended. However, in case of e.g. new attribute erronously not being size-accounted for, __nfulnl_send() will still try to put next nlmsg into this full skbuf, causing the skb to be stuck forever and blocking delivery of further messages. Fix issue by releasing skb immediately after nlmsg_put error and WARN() so we can track down the cause of such size mismatch. [ fw@xxxxxxxxx: add tailroom/len info to WARN ] Signed-off-by: Houcheng Lin <houcheng@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Author: Florian Westphal <fw@xxxxxxxxx> Date: Thu Oct 23 10:36:07 2014 +0200 netfilter: nfnetlink_log: fix maximum packet length logged to userspace don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work. The nla length includes the size of the nla struct, so anything larger results in u16 integer overflow. This patch is similar to 9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage). Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Author: Florian Westphal <fw@xxxxxxxxx> Date: Thu Oct 23 10:36:06 2014 +0200 netfilter: nf_log: account for size of NLMSG_DONE attribute We currently neither account for the nlattr size, nor do we consider the size of the trailing NLMSG_DONE when allocating nlmsg skb. This can result in nflog to stop working, as __nfulnl_send() re-tries sending forever if it failed to append NLMSG_DONE (which will never work if buffer is not large enough). Reported-by: Houcheng Lin <houcheng@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7677e86843e2136a9b05549a9ca47d4f744565b6 Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Sat Oct 4 22:18:02 2014 +0800 bridge: Do not compile options in br_parse_ip_options Commit 462fb2af9788a82a534f8184abfde31574e1cfa0 bridge : Sanitize skb before it enters the IP stack broke when IP options are actually used because it mangles the skb as if it entered the IP stack which is wrong because the bridge is supposed to operate below the IP stack. Since nobody has actually requested for parsing of IP options this patch fixes it by simply reverting to the previous approach of ignoring all IP options, i.e., zeroing the IPCB. If and when somebody who uses IP options and actually needs them to be parsed by the bridge complains then we can revisit this. Reported-by: David Newall <davidn@xxxxxxxxxxxxxxx> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Tested-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7f2ac8fb31896c9fb70dbd2a2e6642b79996fc13 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Thu Oct 23 08:53:21 2014 +0300 iwlwifi: pcie: fix polling in various places iwl_poll_bit may return a strictly positive value when the poll doesn't match on the first try. This was caught when WoWLAN started failing upon resume even if the poll_bit actually succeeded. Also change a wrong print. If we reach the end of iwl_pcie_prepare_card_hw, it means that we couldn't get the devices. Reviewed-by: Johannes Berg <johannes.berg@xxxxxxxxx> Reviewed-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 1ffde699aae127e7abdb98dbdedc2cc6a973a1a1 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Oct 20 08:29:55 2014 +0300 Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" This reverts commit aa11bbf3df026d6b1c6b528bef634fd9de7c2619. This commit was causing connection issues and is not needed if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default. Regardless of the issues mentioned above, this patch added the following WARNING: WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]() Got an HT rate for a non data frame 0x8 CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G O 3.17.0+ #6 Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 07/02/2014 0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52 0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600 0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020 Call Trace: [<ffffffff814fa911>] ? dump_stack+0x41/0x51 [<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90 [<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50 [<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm] [<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm] [<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm] [<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211] [<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211] [<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211] [<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0 [<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0 [<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0 [<ffffffff8142f670>] ? ether_setup+0x70/0x70 [<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110 [<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40 [<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0 [<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60 [<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0 [<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180 [<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70 [<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f ---[ end trace cc19a150d311fc63 ]--- which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691 CC: <stable@xxxxxxxxxxxxxxx> [3.13+] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit a0855054e59b0c5b2b00237fdb5147f7bcc18efb Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Sun Oct 5 09:11:14 2014 +0300 iwlwifi: dvm: drop non VO frames when flushing When mac80211 wants to ensure that a frame is sent, it calls the flush() callback. Until now, iwldvm implemented this by waiting that all the frames are sent (ACKed or timeout). In case of weak signal, this can take a significant amount of time, delaying the next connection (in case of roaming). Many users have reported that the flush would take too long leading to the following error messages to be printed: iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2 iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201 iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00 [snip] iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000 [snip] iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 [9,9] [snip] Instead of waiting for these packets, simply drop them. This significantly improves the responsiveness of the network. Note that all the queues are flushed, but the VO one. This is not typically used by the applications and it likely contains management frames that are useful for connection or roaming. This bug is tracked here: https://bugzilla.kernel.org/show_bug.cgi?id=56581 But it is duplicated in distributions' trackers. A simple search in Ubuntu's database led to these bugs: https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809 Cc: <stable@xxxxxxxxxxxxxxx> Depends-on: 77be2c54c5bd ("mac80211: add vif to flush call") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit a6cc5163149532734b84c86cbffa4994e527074b Author: Matti Gottlieb <matti.gottlieb@xxxxxxxxx> Date: Mon Sep 29 11:46:04 2014 +0300 iwlwifi: mvm: ROC - bug fixes around time events and locking Don't add the time event to the list. We added it several times the same time event, which leads to an infinite loop when walking the list. Since we (currently) don't support more than one ROC for STA vif at a time, enforce this and don't add the time event to any list. We were also missing the locking of the mutex which led to a lockdep splat - fix that. Signed-off-by: Matti Gottlieb <matti.gottlieb@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 79b7a69d730180d8bf535e52fe2b4f3dd5904007 Author: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx> Date: Sun Sep 14 12:40:00 2014 +0300 iwlwifi: mvm: Add tx power condition to bss_info_changed_ap_ibss The tx power should be limited from many reasons. currently, setting the tx power is available by the mvm only for station interface. Adding the tx power condition to bss_info_changed_ap_ibss make it available also for AP. Signed-off-by: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 3856b78c1be32a2afe0618c7a84e05ff8c03cf10 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Sep 22 12:03:41 2014 +0300 iwlwifi: mvm: BT coex - fix BT prio for probe requests The probe requests sent during scan must get BT prio 3. Fix that. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit d14b28fd2c61af0bf310230472e342864d799c98 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Mon Sep 22 16:12:24 2014 +0300 iwlwifi: mvm: BT Coex - update the MPLUT Boost register value Cc: <stable@xxxxxxxxxxxxxxx> [3.16+] Fixes: 2adc8949efab ("iwlwifi: mvm: BT Coex - fix boost register / LUT values") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 405b7338abc5ceac4a420ce7f49cc9b530d4e78b Author: Liad Kaufman <liad.kaufman@xxxxxxxxx> Date: Tue Sep 23 15:15:17 2014 +0300 iwlwifi: 8000: fix string given to MODULE_FIRMWARE I changed the string but forgot to update the fix also to MODULE_FIRMWARE(). Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 9180ac50716a097a407c6d7e7e4589754a922260 Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Date: Tue Sep 23 23:02:41 2014 +0300 iwlwifi: configure the LTR The LTR is the handshake between the device and the root complex about the latency allowed when the bus exits power save. This configuration was missing and this led to high latency in the link power up. The end user could experience high latency in the network because of this. Cc: <stable@xxxxxxxxxxxxxxx> [3.10+] Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> commit 08054200117a95afc14c3d2ed3a38bf4e345bf78 Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Thu Oct 23 11:27:09 2014 -0500 rtlwifi: Add check for get_btc_status callback Drivers that do not use the get_btc_status() callback may not define a dummy routine. The caller needs to check before making the call. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx> Cc: Mike Galbraith <umgwanakikbuti@xxxxxxxxx> Cc: Thadeu Cascardo <cascardo@xxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 763254516187015cb5b391553af35c6ed1f4bb36 Author: Felix Fietkau <nbd@xxxxxxxxxxx> Date: Wed Oct 22 18:17:35 2014 +0200 ath9k_common: always update value in ath9k_cmn_update_txpow In some cases the limit may be the same as reg->power_limit, but the actual value that the hardware uses is not up to date. In that case, a wrong value for current tx power is tracked internally. Fix this by unconditionally updating it. Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 4f2b244c7d5b81ce4f0c6c0382f3a3b7c2dbec1c Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:34 2014 +0200 rtl8192cu: Prevent Ooops under rtl92c_set_fw_rsvdpagepkt rtl92c_set_fw_rsvdpagepkt is used by rtl8192cu and its pci sibling rtl8192ce. rtl_cmd_send_packet crashes when called inside rtl8192cu because it works on memory allocated only by rtl8192ce. Fix the crash by calling a dummy function when used in rtl8192cu. Comparision with the realtek vendor driver makes me think, something is missing in the dummy function. Short test as WPA2 station show good results connected to an 802.11g basestation. Traffic stops after few MBytes as WPA2 station connected to an 802.11n basestation. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit cefe3dfdb9f5f498cae9871f7e52800f5e22c614 Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:33 2014 +0200 rtl8192cu: Call ieee80211_register_hw from rtl_usb_probe In a previous patch the call to ieee80211_register_hw was moved from the load firmware callback to the rtl_pci_probe only. rt8192cu also uses this callback. Currently it doesnt create a wlan%d device. Fill in the call to ieee80211_register_hw in rtl_usb_probe. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit b2d624a5810203a1a8b7735e1ec5685109b22fc3 Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Date: Wed Oct 22 15:47:32 2014 +0200 rtl8192cu: Fix for rtlwifi's bluetooth coexist functionality Initialize function pointer with a function indicating bt coexist is not there. Prevents Ooops. Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx> Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 94e05900770c0abe31200881df93e41d296fe8bd Author: Felix Fietkau <nbd@xxxxxxxxxxx> Date: Wed Oct 22 15:27:53 2014 +0200 ath: use CTL region from cfg80211 if unset in EEPROM Many AP devices do not have the proper regulatory domain programmed in EEPROM. Instead they expect the software to set the appropriate region. For these devices, the country code defaults to US, and the driver uses the US CTL tables as well. On devices bought in Europe this can lead to tx power being set too high on the band edges, even if the cfg80211 regdomain is set correctly. Fix this issue by taking into account the DFS region, but only when the EEPROM regdomain is set to default. Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit d514aefb8ce89562ef2d7dcddc530e5de6287c4b Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Tue Oct 21 10:52:51 2014 -0500 rtlwifi: rtl8821ae: Fix possible array overrun The kbuild test robot reported a possible array overrun. The affected code checks for overruns, but fails to take the steps necessary to fix them. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 868caae3fe2e35e2353d86af95e03eeaa9439d97 Author: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx> Date: Tue Oct 21 19:23:02 2014 +0530 ath9k: Enable HW queue control only for MCC Enabling HW queue control for normal (non-mcc) mode causes problems with queue management, resulting in traffic stall. Since it is mainly required for fairness in MCC mode, disable it for the general case. Bug: https://dev.openwrt.org/ticket/18164 Cc: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 598a0df07fc6c4642f9b0497cef1233e41d4c987 Author: Kees Cook <keescook@xxxxxxxxxxxx> Date: Mon Oct 20 14:57:08 2014 -0700 rtlwifi: prevent format string usage from leaking Use "%s" in the workqueue allocation to make sure the rtl_hal_cfg name can never accidentally leak information via a format string. Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 34b6d4299923ec9101bbf364440cee36420b3fc0 Author: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx> Date: Wed Oct 15 07:51:44 2014 +0200 bcma: add another PCI ID of device with BCM43228 It was found attached to the BCM47081A0 SoC. Log: bcma: bus0: Found chip with id 43228, rev 0x00 and package 0x08 Signed-off-by: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 59dfdd92288e55bed374309a9944c3a95b4e13c9 Author: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> Date: Sun Oct 12 13:42:14 2014 +0200 brcmfmac: dhd_sdio.c: Cleaning up missing null-terminate in conjunction with strncpy Replacing strncpy with strlcpy to avoid strings that lacks null terminate. And changed from using strncat to strlcat to simplify code. Signed-off-by: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 47481d977cb2987ab363202c68a79ec1bccd357c Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Date: Sat Oct 11 12:59:53 2014 -0500 rtlwifi: rtl8192ee: Prevent log spamming for switch statements The driver logs a message when the default branch of switch statements are taken. Such information is useful when debugging, but these log items should not be seen for standard usage. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 78afe83c3b008e25123bd1be36ee4b6595e595d1 Author: Hauke Mehrtens <hauke@xxxxxxxxxx> Date: Thu Oct 9 23:39:41 2014 +0200 bcma: fix build when CONFIG_OF_ADDRESS is not set Commit 2101e533f41a ("bcma: register bcma as device tree driver") introduces a hard dependency on OF_ADDRESS into the bcma driver. OF_ADDRESS is specifically disabled for the sparc architecture. This results in the following error when building sparc64:allmodconfig. drivers/bcma/main.c: In function 'bcma_of_find_child_device': drivers/bcma/main.c:150:3: error: implicit declaration of function 'of_translate_address' Fixes: 2101e533f41a ("bcma: register bcma as device tree driver") Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx> Signed-off-by: Hauke Mehrtens <hauke@xxxxxxxxxx> Reviewed-by: Guenter Roeck <linux@xxxxxxxxxxxx> Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> commit 942396b01989d54977120f3625e5ba31afe7a75c Author: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Date: Wed Oct 22 13:47:18 2014 -0700 hyperv: Fix the total_data_buflen in send path total_data_buflen is used by netvsc_send() to decide if a packet can be put into send buffer. It should also include the size of RNDIS message before the Ethernet frame. Otherwise, a messge with total size bigger than send_section_size may be copied into the send buffer, and cause data corruption. [Request to include this patch to the Stable branches] Signed-off-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Reviewed-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f765678e325b4ae3e2fbdb304fc2d5ee018aa860 Merge: 81f35ff 55ca6bc Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Wed Oct 22 17:50:39 2014 -0400 Merge branch 'amd-xgbe' Tom Lendacky says: ==================== amd-xgbe: AMD XGBE driver fixes 2014-10-22 The following series of patches includes fixes to the driver. - Properly handle feature changes via ethtool by using correctly sized variables - Perform proper napi packet counting and budget checking This patch series is based on net. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 55ca6bcd733b739d5667d48d7591899f376dcfb8 Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx> Date: Wed Oct 22 11:26:17 2014 -0500 amd-xgbe: Fix napi Rx budget accounting Currently the amd-xgbe driver increments the packets processed counter each time a descriptor is processed. Since a packet can be represented by more than one descriptor incrementing the counter in this way is not appropriate. Also, since multiple descriptors cause the budget check to be short circuited, sometimes the returned value from the poll function would be larger than the budget value resulting in a WARN_ONCE being triggered. Update the polling logic to properly account for the number of packets processed and exit when the budget value is reached. Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 386f1c9650b7fe4849d2942bd42f41f0ca3aedfb Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx> Date: Wed Oct 22 11:26:11 2014 -0500 amd-xgbe: Properly handle feature changes via ethtool The ndo_set_features callback function was improperly using an unsigned int to save the current feature value for features such as NETIF_F_RXCSUM. Since that feature is in the upper 32 bits of a 64 bit variable the result was always 0 making it not possible to actually turn off the hardware RX checksum support. Change the unsigned int type to the netdev_features_t type in order to properly capture the current value and perform the proper operation. Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 81f35ffde0e95ee18de83646bbf93dda55d9cc8b Author: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> Date: Wed Oct 22 16:34:35 2014 +0200 net: fec: ptp: fix NULL pointer dereference if ptp_clock is not set Since commit 278d24047891 (net: fec: ptp: Enable PPS output based on ptp clock) fec_enet_interrupt calls fec_ptp_check_pps_event unconditionally, which calls into ptp_clock_event. If fep->ptp_clock is NULL, ptp_clock_event tries to dereference the NULL pointer. Since on i.MX53 fep->bufdesc_ex is not set, fec_ptp_init is never called, and fep->ptp_clock is NULL, which reliably causes a kernel panic. This patch adds a check for fep->ptp_clock == NULL in fec_enet_interrupt. Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 9e7ceb060754f134231f68cb29d5db31419fe1ed Author: Sathya Perla <sathya.perla@xxxxxxxxxx> Date: Wed Oct 22 21:42:01 2014 +0530 net: fix saving TX flow hash in sock for outgoing connections The commit "net: Save TX flow hash in sock and set in skbuf on xmit" introduced the inet_set_txhash() and ip6_set_txhash() routines to calculate and record flow hash(sk_txhash) in the socket structure. sk_txhash is used to set skb->hash which is used to spread flows across multiple TXQs. But, the above routines are invoked before the source port of the connection is created. Because of this all outgoing connections that just differ in the source port get hashed into the same TXQ. This patch fixes this problem for IPv4/6 by invoking the the above routines after the source port is available for the socket. Fixes: b73c3d0e4("net: Save TX flow hash in sock and set in skbuf on xmit") Signed-off-by: Sathya Perla <sathya.perla@xxxxxxxxxx> Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 789f202326640814c52f82e80cef3584d8254623 Author: Li RongQing <roy.qing.li@xxxxxxxxx> Date: Wed Oct 22 17:09:53 2014 +0800 xfrm6: fix a potential use after free in xfrm6_policy.c pskb_may_pull() maybe change skb->data and make nh and exthdr pointer oboslete, so recompute the nd and exthdr Signed-off-by: Li RongQing <roy.qing.li@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8751b12cd93cc37337256f650e309b8364d40b35 Author: LEROY Christophe <christophe.leroy@xxxxxx> Date: Wed Oct 22 09:05:47 2014 +0200 net: fs_enet: set back promiscuity mode after restart After interface restart (eg: after link disconnection/reconnection), the bridge function doesn't work anymore. This is due to the promiscuous mode being cleared by the restart. The mac-fcc already includes code to set the promiscuous mode back during the restart. This patch adds the same handling to mac-fec and mac-scc. Tested with bridge function on MPC885 with FEC. Reported-by: Germain Montoies <germain.montoies@xxxxxx> Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit a63ba13eec092b70d4e5522d692eaeb2f9747387 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Tue Oct 21 16:06:05 2014 +0200 net: tso: fix unaligned access to crafted TCP header in helper API The crafted header start address is from a driver supplied buffer, which one can reasonably expect to be aligned on a 4-bytes boundary. However ATM the TSO helper API is only used by ethernet drivers and the tcp header will then be aligned to a 2-bytes only boundary from the header start address. Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Cc: Ezequiel Garcia <ezequiel.garcia@xxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 8fc963515e893867330dec87464e9edc5204c024 Author: Jon Cooper <jcooper@xxxxxxxxxxxxxx> Date: Tue Oct 21 14:50:29 2014 +0100 sfc: remove incorrect EFX_BUG_ON_PARANOID check write_count and insert_count can wrap around, making > check invalid. Fixes: 70b33fb0ddec827cbbd14cdc664fc27b2ef4a6b6 ("sfc: add support for skb->xmit_more"). Signed-off-by: Edward Cree <ecree@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit c123bb7163043bb8f33858cf8e45b01c17dbd171 Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Date: Tue Oct 21 11:08:21 2014 +0200 netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation alloc_percpu returns NULL on failure, not a negative error code. Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic routines") Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Date: Tue Oct 21 11:28:12 2014 +0300 netfilter: ipset: off by one in ip_set_nfnl_get_byindex() The ->ip_set_list[] array is initialized in ip_set_net_init() and it has ->ip_set_max elements so this check should be >= instead of > otherwise we are off by one. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit e37ad9fd636071e45368d1d9cc3b7b421281ce7f Author: Marcelo Leitner <mleitner@xxxxxxxxxx> Date: Mon Oct 13 13:09:28 2014 -0300 netfilter: nf_conntrack: allow server to become a client in TW handling When a port that was used to listen for inbound connections gets closed and reused for outgoing connections (like rsh ends up doing for stderr flow), current we may reject the SYN/ACK packet for the new connection because tcp_conntracks states forbirds a port to become a client while there is still a TIME_WAIT entry in there for it. As TCP may expire the TIME_WAIT socket in 60s and conntrack's timeout for it is 120s, there is a ~60s window that the application can end up opening a port that conntrack will end up blocking. This patch fixes this by simply allowing such state transition: if we see a SYN, in TIME_WAIT state, on REPLY direction, move it to sSS. Note that the rest of the code already handles this situation, more specificly in tcp_packet(), first switch clause. Signed-off-by: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 7c1c97d54f9bfc810908d3903cb8bcacf734df18 Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Date: Tue Oct 21 11:23:30 2014 +0200 net: sched: initialize bstats syncp Use netdev_alloc_pcpu_stats to allocate percpu stats and initialize syncp. Fixes: 22e0f8b9322c "net: sched: make bstats per cpu and estimator RCU safe" Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx> Acked-by: Cong Wang <cwang@xxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 32bf08a6257b9c7380dcd040af3c0858eee3ef05 Author: Alexei Starovoitov <ast@xxxxxxxxxxxx> Date: Mon Oct 20 14:54:57 2014 -0700 bpf: fix bug in eBPF verifier while comparing for verifier state equivalency the comparison was missing a check for uninitialized register. Make sure it does so and add a testcase. Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier") Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx> Acked-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 78fd1d0ab072d4d9b5f0b7c14a1516665170b565 Author: Thomas Graf <tgraf@xxxxxxx> Date: Tue Oct 21 22:05:38 2014 +0200 netlink: Re-add locking to netlink_lookup() and seq walker The synchronize_rcu() in netlink_release() introduces unacceptable latency. Reintroduce minimal lookup so we can drop the synchronize_rcu() until socket destruction has been RCUfied. Cc: David S. Miller <davem@xxxxxxxxxxxxx> Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx> Reported-by: Steinar H. Gunderson <sgunderson@xxxxxxxxxxx> Reported-and-tested-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx> Signed-off-by: Thomas Graf <tgraf@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1a194c2d59c55c37cb4c0c459d5418071a141341 Author: Ying Xue <ying.xue@xxxxxxxxxxxxx> Date: Mon Oct 20 14:46:35 2014 +0800 tipc: fix lockdep warning when intra-node messages are delivered When running tipcTC&tipcTS test suite, below lockdep unsafe locking scenario is reported: [ 1109.997854] [ 1109.997988] ================================= [ 1109.998290] [ INFO: inconsistent lock state ] [ 1109.998575] 3.17.0-rc1+ #113 Not tainted [ 1109.998762] --------------------------------- [ 1109.998762] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 1109.998762] swapper/7/0 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 1109.998762] (slock-AF_TIPC){+.?...}, at: [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] {SOFTIRQ-ON-W} state was registered at: [ 1109.998762] [<ffffffff810a4770>] __lock_acquire+0x6a0/0x1d80 [ 1109.998762] [<ffffffff810a6555>] lock_acquire+0x95/0x1e0 [ 1109.998762] [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80 [ 1109.998762] [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa0004fe8>] tipc_link_xmit+0xa8/0xc0 [tipc] [ 1109.998762] [<ffffffffa000ec6f>] tipc_sendmsg+0x15f/0x550 [tipc] [ 1109.998762] [<ffffffffa000f165>] tipc_connect+0x105/0x140 [tipc] [ 1109.998762] [<ffffffff817676ee>] SYSC_connect+0xae/0xc0 [ 1109.998762] [<ffffffff81767b7e>] SyS_connect+0xe/0x10 [ 1109.998762] [<ffffffff817a9788>] compat_SyS_socketcall+0xb8/0x200 [ 1109.998762] [<ffffffff81a306e5>] sysenter_dispatch+0x7/0x1f [ 1109.998762] irq event stamp: 241060 [ 1109.998762] hardirqs last enabled at (241060): [<ffffffff8105a4ad>] __local_bh_enable_ip+0x6d/0xd0 [ 1109.998762] hardirqs last disabled at (241059): [<ffffffff8105a46f>] __local_bh_enable_ip+0x2f/0xd0 [ 1109.998762] softirqs last enabled at (241020): [<ffffffff81059a52>] _local_bh_enable+0x22/0x50 [ 1109.998762] softirqs last disabled at (241021): [<ffffffff8105a626>] irq_exit+0x96/0xc0 [ 1109.998762] [ 1109.998762] other info that might help us debug this: [ 1109.998762] Possible unsafe locking scenario: [ 1109.998762] [ 1109.998762] CPU0 [ 1109.998762] ---- [ 1109.998762] lock(slock-AF_TIPC); [ 1109.998762] <Interrupt> [ 1109.998762] lock(slock-AF_TIPC); [ 1109.998762] [ 1109.998762] *** DEADLOCK *** [ 1109.998762] [ 1109.998762] 2 locks held by swapper/7/0: [ 1109.998762] #0: (rcu_read_lock){......}, at: [<ffffffff81782dc9>] __netif_receive_skb_core+0x69/0xb70 [ 1109.998762] #1: (rcu_read_lock){......}, at: [<ffffffffa0001c90>] tipc_l2_rcv_msg+0x40/0x260 [tipc] [ 1109.998762] [ 1109.998762] stack backtrace: [ 1109.998762] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.17.0-rc1+ #113 [ 1109.998762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 1109.998762] ffffffff82745830 ffff880016c03828 ffffffff81a209eb 0000000000000007 [ 1109.998762] ffff880017b3cac0 ffff880016c03888 ffffffff81a1c5ef 0000000000000001 [ 1109.998762] ffff880000000001 ffff880000000000 ffffffff81012d4f 0000000000000000 [ 1109.998762] Call Trace: [ 1109.998762] <IRQ> [<ffffffff81a209eb>] dump_stack+0x4e/0x68 [ 1109.998762] [<ffffffff81a1c5ef>] print_usage_bug+0x1f1/0x202 [ 1109.998762] [<ffffffff81012d4f>] ? save_stack_trace+0x2f/0x50 [ 1109.998762] [<ffffffff810a406c>] mark_lock+0x28c/0x2f0 [ 1109.998762] [<ffffffff810a3440>] ? print_irq_inversion_bug.part.46+0x1f0/0x1f0 [ 1109.998762] [<ffffffff810a467d>] __lock_acquire+0x5ad/0x1d80 [ 1109.998762] [<ffffffff810a70dd>] ? trace_hardirqs_on+0xd/0x10 [ 1109.998762] [<ffffffff8108ace8>] ? sched_clock_cpu+0x98/0xc0 [ 1109.998762] [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30 [ 1109.998762] [<ffffffff810a10dc>] ? lock_release_holdtime.part.29+0x1c/0x1a0 [ 1109.998762] [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90 [ 1109.998762] [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc] [ 1109.998762] [<ffffffff810a6555>] lock_acquire+0x95/0x1e0 [ 1109.998762] [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffff810a6fb6>] ? trace_hardirqs_on_caller+0xa6/0x1c0 [ 1109.998762] [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80 [ 1109.998762] [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc] [ 1109.998762] [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc] [ 1109.998762] [<ffffffffa00076bd>] tipc_rcv+0x5ed/0x960 [tipc] [ 1109.998762] [<ffffffffa0001d1c>] tipc_l2_rcv_msg+0xcc/0x260 [tipc] [ 1109.998762] [<ffffffffa0001c90>] ? tipc_l2_rcv_msg+0x40/0x260 [tipc] [ 1109.998762] [<ffffffff81783345>] __netif_receive_skb_core+0x5e5/0xb70 [ 1109.998762] [<ffffffff81782dc9>] ? __netif_receive_skb_core+0x69/0xb70 [ 1109.998762] [<ffffffff81784eb9>] ? dev_gro_receive+0x259/0x4e0 [ 1109.998762] [<ffffffff817838f6>] __netif_receive_skb+0x26/0x70 [ 1109.998762] [<ffffffff81783acd>] netif_receive_skb_internal+0x2d/0x1f0 [ 1109.998762] [<ffffffff81785518>] napi_gro_receive+0xd8/0x240 [ 1109.998762] [<ffffffff815bf854>] e1000_clean_rx_irq+0x2c4/0x530 [ 1109.998762] [<ffffffff815c1a46>] e1000_clean+0x266/0x9c0 [ 1109.998762] [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30 [ 1109.998762] [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90 [ 1109.998762] [<ffffffff817842b1>] net_rx_action+0x141/0x310 [ 1109.998762] [<ffffffff810bd710>] ? handle_fasteoi_irq+0xe0/0x150 [ 1109.998762] [<ffffffff81059fa6>] __do_softirq+0x116/0x4d0 [ 1109.998762] [<ffffffff8105a626>] irq_exit+0x96/0xc0 [ 1109.998762] [<ffffffff81a30d07>] do_IRQ+0x67/0x110 [ 1109.998762] [<ffffffff81a2ee2f>] common_interrupt+0x6f/0x6f [ 1109.998762] <EOI> [<ffffffff8100d2b7>] ? default_idle+0x37/0x250 [ 1109.998762] [<ffffffff8100d2b5>] ? default_idle+0x35/0x250 [ 1109.998762] [<ffffffff8100dd1f>] arch_cpu_idle+0xf/0x20 [ 1109.998762] [<ffffffff810999fd>] cpu_startup_entry+0x27d/0x4d0 [ 1109.998762] [<ffffffff81034c78>] start_secondary+0x188/0x1f0 When intra-node messages are delivered from one process to another process, tipc_link_xmit() doesn't disable BH before it directly calls tipc_sk_rcv() on process context to forward messages to destination socket. Meanwhile, if messages delivered by remote node arrive at the node and their destinations are also the same socket, tipc_sk_rcv() running on process context might be preempted by tipc_sk_rcv() running BH context. As a result, the latter cannot obtain the socket lock as the lock was obtained by the former, however, the former has no chance to be run as the latter is owning the CPU now, so headlock happens. To avoid it, BH should be always disabled in tipc_sk_rcv(). Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx> Reviewed-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 7b8613e0a1502b43b3b36c93c66f835c891f63b3 Author: Ying Xue <ying.xue@xxxxxxxxxxxxx> Date: Mon Oct 20 14:44:25 2014 +0800 tipc: fix a potential deadlock Locking dependency detected below possible unsafe locking scenario: CPU0 CPU1 T0: tipc_named_rcv() tipc_rcv() T1: [grab nametble write lock]* [grab node lock]* T2: tipc_update_nametbl() tipc_node_link_up() T3: tipc_nodesub_subscribe() tipc_nametbl_publish() T4: [grab node lock]* [grab nametble write lock]* The opposite order of holding nametbl write lock and node lock on above two different paths may result in a deadlock. If we move the the updating of the name table after link state named out of node lock, the reverse order of holding locks will be eliminated, and as a result, the deadlock risk. Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx> Signed-off-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 73829bf6fec70703f10e360676d81d327f21ebf6 Merge: d10845f 39dc90c Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Tue Oct 21 15:24:30 2014 -0400 Merge branch 'enic' Govindarajulu Varadarajan says: ==================== enic: Bug fixes This series fixes the following problem. Please apply this to net. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 39dc90c159c1bcc0fdd42913a7d560b1a1cd3acf Author: Govindarajulu Varadarajan <_govind@xxxxxxx> Date: Sun Oct 19 14:20:28 2014 +0530 enic: Do not call napi_disable when preemption is disabled. In enic_stop, we disable preemption using local_bh_disable(). We disable preemption to wait for busy_poll to finish. napi_disable should not be called here as it might sleep. Moving napi_disable() call out side of local_bh_disable. BUG: sleeping function called from invalid context at include/linux/netdevice.h:477 in_atomic(): 1, irqs_disabled(): 0, pid: 443, name: ifconfig INFO: lockdep is turned off. Preemption disabled at:[<ffffffffa029c5c4>] enic_rfs_flw_tbl_free+0x34/0xd0 [enic] CPU: 31 PID: 443 Comm: ifconfig Not tainted 3.17.0-netnext-05504-g59f35b8 #268 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 ffff8800dac10000 ffff88020b8dfcb8 ffffffff8148a57c 0000000000000000 ffff88020b8dfcd0 ffffffff8107e253 ffff8800dac12a40 ffff88020b8dfd10 ffffffffa029305b ffff88020b8dfd48 ffff8800dac10000 ffff88020b8dfd48 Call Trace: [<ffffffff8148a57c>] dump_stack+0x4e/0x7a [<ffffffff8107e253>] __might_sleep+0x123/0x1a0 [<ffffffffa029305b>] enic_stop+0xdb/0x4d0 [enic] [<ffffffff8138ed7d>] __dev_close_many+0x9d/0xf0 [<ffffffff8138ef81>] __dev_close+0x31/0x50 [<ffffffff813974a8>] __dev_change_flags+0x98/0x160 [<ffffffff81397594>] dev_change_flags+0x24/0x60 [<ffffffff814085fd>] devinet_ioctl+0x63d/0x710 [<ffffffff81139c16>] ? might_fault+0x56/0xc0 [<ffffffff81409ef5>] inet_ioctl+0x65/0x90 [<ffffffff813768e0>] sock_do_ioctl+0x20/0x50 [<ffffffff81376ebb>] sock_ioctl+0x20b/0x2e0 [<ffffffff81197250>] do_vfs_ioctl+0x2e0/0x500 [<ffffffff81492619>] ? sysret_check+0x22/0x5d [<ffffffff81285f23>] ? __this_cpu_preempt_check+0x13/0x20 [<ffffffff8109fe19>] ? trace_hardirqs_on_caller+0x119/0x270 [<ffffffff811974ac>] SyS_ioctl+0x3c/0x80 [<ffffffff814925ed>] system_call_fastpath+0x1a/0x1f Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit b6931c9ba728d60c542c39ff037fe6f595c074a2 Author: Govindarajulu Varadarajan <_govind@xxxxxxx> Date: Sun Oct 19 14:20:27 2014 +0530 enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free The following warning is shown when spinlock debug is enabled. This occurs when enic_flow_may_expire timer function is running and enic_stop is called on same CPU. Fix this by using spink_lock_bh(). ================================= [ INFO: inconsistent lock state ] 3.17.0-netnext-05504-g59f35b8 #268 Not tainted --------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. ifconfig/443 [HC0[0]:SC0[0]:HE1:SE1] takes: (&(&enic->rfs_h.lock)->rlock){+.?...}, at: enic_rfs_flw_tbl_free+0x34/0xd0 [enic] {IN-SOFTIRQ-W} state was registered at: [<ffffffff810a25af>] __lock_acquire+0x83f/0x21c0 [<ffffffff810a45f2>] lock_acquire+0xa2/0xd0 [<ffffffff814913fc>] _raw_spin_lock+0x3c/0x80 [<ffffffffa029c3d5>] enic_flow_may_expire+0x25/0x130[enic] [<ffffffff810bcd07>] call_timer_fn+0x77/0x100 [<ffffffff810bd8e3>] run_timer_softirq+0x1e3/0x270 [<ffffffff8105f9ae>] __do_softirq+0x14e/0x280 [<ffffffff8105fdae>] irq_exit+0x8e/0xb0 [<ffffffff8103da0f>] smp_apic_timer_interrupt+0x3f/0x50 [<ffffffff81493742>] apic_timer_interrupt+0x72/0x80 [<ffffffff81018143>] default_idle+0x13/0x20 [<ffffffff81018a6a>] arch_cpu_idle+0xa/0x10 [<ffffffff81097676>] cpu_startup_entry+0x2c6/0x330 [<ffffffff8103b7ad>] start_secondary+0x21d/0x290 irq event stamp: 2997 hardirqs last enabled at (2997): [<ffffffff81491865>] _raw_spin_unlock_irqrestore+0x65/0x90 hardirqs last disabled at (2996): [<ffffffff814915e6>] _raw_spin_lock_irqsave+0x26/0x90 softirqs last enabled at (2968): [<ffffffff813b57a3>] dev_deactivate_many+0x213/0x260 softirqs last disabled at (2966): [<ffffffff813b5783>] dev_deactivate_many+0x1f3/0x260 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&enic->rfs_h.lock)->rlock); <Interrupt> lock(&(&enic->rfs_h.lock)->rlock); *** DEADLOCK *** Reported-by: Jan Stancek <jstancek@xxxxxxxxxx> Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit d10845fc85b2e690b5f6425c5ba4df33a073fbc9 Merge: ce8ec48 f993bc2 Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 20 12:38:19 2014 -0400 Merge branch 'gso_encap_fixes' Florian Westphal says: ==================== net: minor gso encapsulation fixes The following series fixes a minor bug in the gso segmentation handlers when encapsulation offload is used. Theoretically this could cause kernel panic when the stack tries to software-segment such a GRE offload packet, but it looks like there is only one affected call site (tbf scheduler) and it handles NULL return value. I've included a followup patch to add IS_ERR_OR_NULL checks where needed. While looking into this, I also found that size computation of the individual segments is incorrect if skb->encapsulation is set. Please see individual patches for delta vs. v1. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit f993bc25e5196e60514c216d0bca0f600de64af8 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:18 2014 +0200 net: core: handle encapsulation offloads when computing segment lengths if ->encapsulation is set we have to use inner_tcp_hdrlen and add the size of the inner network headers too. This is 'mostly harmless'; tbf might send skb that is slightly over quota or drop skb even if it would have fit. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 330966e501ffe282d7184fde4518d5e0c24bc7f8 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:17 2014 +0200 net: make skb_gso_segment error handling more robust skb_gso_segment has three possible return values: 1. a pointer to the first segmented skb 2. an errno value (IS_ERR()) 3. NULL. This can happen when GSO is used for header verification. However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL and would oops when NULL is returned. Note that these call sites should never actually see such a NULL return value; all callers mask out the GSO bits in the feature argument. However, there have been issues with some protocol handlers erronously not respecting the specified feature mask in some cases. It is preferable to get 'have to turn off hw offloading, else slow' reports rather than 'kernel crashes'. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e16aa3ddf863c6b9f37eddf52503230a62dedb3 Author: Florian Westphal <fw@xxxxxxxxx> Date: Mon Oct 20 13:49:16 2014 +0200 net: gso: use feature flag argument in all protocol gso handlers skb_gso_segment() has a 'features' argument representing offload features available to the output path. A few handlers, e.g. GRE, instead re-fetch the features of skb->dev and use those instead of the provided ones when handing encapsulation/tunnels. Depending on dev->hw_enc_features of the output device skb_gso_segment() can then return NULL even when the caller has disabled all GSO feature bits, as segmentation of inner header thinks device will take care of segmentation. This e.g. affects the tbf scheduler, which will silently drop GRE-encap GSO skbs that did not fit the remaining token quota as the segmentation does not work when device supports corresponding hw offload capabilities. Cc: Pravin B Shelar <pshelar@xxxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit ce8ec4896749783bd6cdc457e6012cfc18e09c8b Merge: 95ff886 1e2d56a Author: David S. Miller <davem@xxxxxxxxxxxxx> Date: Mon Oct 20 11:57:47 2014 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== netfilter fixes for net The following patchset contains netfilter fixes for your net tree, they are: 1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules. 2) Restrict nat and masq expressions to the nat chain type. Otherwise, users may crash their kernel if they attach a nat/masq rule to a non nat chain. 3) Fix hook validation in nft_compat when non-base chains are used. Basically, initialize hook_mask to zero. 4) Make sure you use match/targets in nft_compat from the right chain type. The existing validation relies on the table name which can be avoided by 5) Better netlink attribute validation in nft_nat. This expression has to reject the configuration when no address and proto configurations are specified. 6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set. Yet another sanity check to reject incorrect configurations from userspace. 7) Conditional NAT attribute dumping depending on the existing configuration. ==================== Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 11b2357d5dbce999803e9055f8c09829a8a87db4 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Mon Oct 20 10:54:36 2014 +0200 mac80211: minstrels: fix buffer overflow in HT debugfs rc_stats ATM an HT rc_stats line is 106 chars. Times 8(MCS_GROUP_RATES)*3(SS)*2(GI)*2(BW) + CCK(4), i.e. x100, this is well above the current 8192 - sizeof(*ms) currently allocated. Fix this by squeezing the output as follows (not that we're short on memory but this also improves readability and range, the new format adds one more digit to *ok/*cum and ok/cum): - Before (HT) (106 ch): type rate throughput ewma prob this prob retry this succ/attempt success attempts CCK/LP 5.5M 0.0 0.0 0.0 0 0( 0) 0 0 HT20/LGI ABCDP MCS0 0.0 0.0 0.0 1 0( 0) 0 0 - After (75 ch): type rate tpt eprob *prob ret *ok(*cum) ok( cum) CCK/LP 5.5M 0.0 0.0 0.0 0 0( 0) 0( 0) HT20/LGI ABCDP MCS0 0.0 0.0 0.0 1 0( 0) 0( 0) - Align non-HT format Before (non-HT) (83 ch): rate throughput ewma prob this prob this succ/attempt success attempts ABCDP 6 0.0 0.0 0.0 0( 0) 0 0 54 0.0 0.0 0.0 0( 0) 0 0 - After (61 ch): rate tpt eprob *prob *ok(*cum) ok( cum) ABCDP 1 0.0 0.0 0.0 0( 0) 0( 0) 54 0.0 0.0 0.0 0( 0) 0( 0) *This also adds dynamic checks for overflow, lowers the size of the non-HT request (allowing > 30 entries) and replaces the buddy-rounded allocations (s/sizeof(*ms) + 8192/8192). Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Acked-by: Felix Fietkau <nbd@xxxxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 95ff88688781db2f64042e69bd499e518bbb36e5 Author: Ian Morgan <imorgan@xxxxxxxxxxxxx> Date: Sun Oct 19 08:05:13 2014 -0400 ax88179_178a: fix bonding failure The following patch fixes a bug which causes the ax88179_178a driver to be incapable of being added to a bond. When I brought up the issue with the bonding maintainers, they indicated that the real problem was with the NIC driver which must return zero for success (of setting the MAC address). I see that several other NIC drivers follow that pattern by either simply always returing zero, or by passing through a negative (error) result while rewriting any positive return code to zero. With that same philisophy applied to the ax88179_178a driver, it allows it to work correctly with the bonding driver. I believe this is suitable for queuing in -stable, as it's a small, simple, and obvious fix that corrects a defect with no other known workaround. This patch is against vanilla 3.17(.0). Signed-off-by: Ian Morgan <imorgan@xxxxxxxxxxxxx> drivers/net/usb/ax88179_178a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> commit 1e2d56a5d33a7e1fcd21ed3859f52596d02708b0 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:24:14 2014 +0200 netfilter: nft_nat: dump attributes if they are set Dump NFTA_NAT_REG_ADDR_MIN if this is non-zero. Same thing with NFTA_NAT_REG_PROTO_MIN. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 61cfac6b42af98ab46bcb3a47e150e7b20d5015e Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:19:35 2014 +0200 netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present, otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 5c819a39753d6a3ae9c0092236f59730a369b619 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Thu Oct 16 00:16:57 2014 +0200 netfilter: nft_nat: insufficient attribute validation We have to validate that we at least get an NFTA_NAT_REG_ADDR_MIN or NFTA_NFT_REG_PROTO_MIN attribute. Reject the configuration if none of them are present. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit f3f5ddeddd6aeadcef523d55ea9288e3d5c1cbc3 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue Oct 14 10:13:48 2014 +0200 netfilter: nft_compat: validate chain type in match/target We have to validate the real chain type to ensure that matches/targets are not used out from their scope (eg. MASQUERADE in nat chain type). The existing validation relies on the table name, but this is not sufficient since userspace can fool us by using the appropriate table name with a different chain type. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 493618a92c6afdd3f6224ab586f169d6a259bb06 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue Oct 14 12:43:50 2014 +0200 netfilter: nft_compat: fix hook validation for non-base chains Set hook_mask to zero for non-base chains, otherwise people may hit bogus errors from the xt_check_target() and xt_check_match() when validating the uninitialized hook_mask. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit c7abf25af0f41be4b50d44c5b185d52eea360cb8 Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Date: Mon Oct 13 14:34:41 2014 +0200 mac80211: fix typo in starting baserate for rts_cts_rate_idx It affects non-(V)HT rates and can lead to selecting an rts_cts rate that is not a basic rate or way superior to the reference rate (ATM rates[0] used for the 1st attempt of the protected frame data). E.g, assuming drivers register growing (bitrate) sorted tables of ieee80211_rate-s, having : - rates[0].idx == d'2 and basic_rates == b'10100 will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise - rates[0].idx == d'2 and basic_rates == b'10001 will select rts_cts idx b'10000 The first is not a basic rate and the second is > rates[0]. Also, wrt severity of the addressed misbehavior, ATM we only have one rts_cts_rate_idx rather than one per rate table entry, so this idx might still point to bitrates > rates[1..MAX_RATES]. Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS for pre-HT rates") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 7210e4e38f945dfa173c4a4e59ad827c9ecad541 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Mon Oct 13 19:50:22 2014 +0200 netfilter: nf_tables: restrict nat/masq expressions to nat chain type This adds the missing validation code to avoid the use of nat/masq from non-nat chains. The validation assumes two possible configuration scenarios: 1) Use of nat from base chain that is not of nat type. Reject this configuration from the nft_*_init() path of the expression. 2) Use of nat from non-base chain. In this case, we have to wait until the non-base chain is referenced by at least one base chain via jump/goto. This is resolved from the nft_*_validate() path which is called from nf_tables_check_loops(). The user gets an -EOPNOTSUPP in both cases. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit ab2d7251d666995740da17b2a51ca545ac5dd037 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Fri Oct 10 11:25:20 2014 +0200 netfilter: missing module license in the nf_reject_ipvX modules [ 23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel. Fixes: c8d7b98 ("netfilter: move nf_send_resetX() code to nf_reject_ipvX modules") Reported-by: Dave Young <dyoung@xxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> commit 252e07ca5f64dd31fdfca8027287e7d75fefdab1 Author: Luciano Coelho <luciano.coelho@xxxxxxxxx> Date: Wed Oct 8 09:48:34 2014 +0300 nl80211: sanity check the channel switch counter value The nl80211 channel switch count attribute (NL80211_ATTR_CH_SWITCH_COUNT) is specified as u32, but the specification uses u8 for the counter. To make sure strange things don't happen without informing the user, sanity check the value and return -EINVAL if it doesn't fit in u8. Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit bc37b16870a382e8b71d881444c19a16de1c1a7f Author: Fabian Frederick <fabf@xxxxxxxxx> Date: Tue Oct 7 22:20:23 2014 +0200 net: rfkill: kernel-doc warning fixes Correct the kernel-doc, the parameter is called "blocked" not "state". Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit c12bc4885f4b3bab0ed779c69d5d7e3223fa5003 Author: Luciano Coelho <luciano.coelho@xxxxxxxxx> Date: Tue Sep 30 07:08:02 2014 +0300 mac80211: return the vif's chandef in ieee80211_cfg_get_channel() The chandef of the channel context a vif is using may be different than the chandef of the vif itself. For instance, the bandwidth used by the vif may be narrower than the one configured in the channel context. To avoid confusion, return the vif's chandef in ieee80211_cfg_get_channel() instead of the chandef of the channel context. Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> commit 8975ae88e137ea02a71b7a86af2f8eb790c2f1e7 Author: Liad Kaufman <liad.kaufman@xxxxxxxxx> Date: Sun Sep 14 21:48:28 2014 +0300 mac80211: fix warning on htmldocs for last_tdls_pkt_time Forgot to add an entry to the struct description of sta_info. Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> Revision graph left in /home/xc_osstest/results/bisect.linux-linus.test-amd64-i386-rumpuserxen-i386.guest-start.{dot,ps,png,html}. ---------------------------------------- 31424: tolerable FAIL flight 31424 linux-linus real-bisect [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/31424/ Failures :-/ but no regressions. Tests which did not succeed, including tests which could not be run: test-amd64-i386-rumpuserxen-i386 8 guest-start fail baseline untested jobs: build-i386-rumpuserxen pass test-amd64-i386-rumpuserxen-i386 fail ------------------------------------------------------------ sg-report-flight on osstest.cam.xci-test.com logs: /home/xc_osstest/logs images: /home/xc_osstest/images Logs, config files, etc. are available at http://www.chiark.greenend.org.uk/~xensrcts/logs Test harness code can be found at http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |