1. 02 Mar, 2016 21 commits
  2. 01 Mar, 2016 12 commits
    • Sergei Shtylyov's avatar
      of_mdio: fix kernel-doc for of_phy_connect() · 735c1e25
      Sergei Shtylyov authored
      The 'flags' parameter of the of_phy_connect() function wasn't described
      in  the kernel-doc comment...
      Signed-off-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      735c1e25
    • Xin Long's avatar
      sctp: sctp_remaddr_seq_show use the wrong variable to dump transport info · 3d73e8fa
      Xin Long authored
      Now in sctp_remaddr_seq_show(), we use variable *tsp to get the param *v.
      but *tsp is also used to traversal transport_addr_list, which will cover
      the previous value, and make sctp_transport_put work on the wrong transport.
      
      So fix it by adding a new variable to get the param *v.
      
      Fixes: fba4c330 ("sctp: hold transport before we access t->asoc in sctp proc")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3d73e8fa
    • Xin Long's avatar
      sctp: lack the check for ports in sctp_v6_cmp_addr · 40b4f0fd
      Xin Long authored
      As the member .cmp_addr of sctp_af_inet6, sctp_v6_cmp_addr should also check
      the port of addresses, just like sctp_v4_cmp_addr, cause it's invoked by
      sctp_cmp_addr_exact().
      
      Now sctp_v6_cmp_addr just check the port when two addresses have different
      family, and lack the port check for two ipv6 addresses. that will make
      sctp_hash_cmp() cannot work well.
      
      so fix it by adding ports comparison in sctp_v6_cmp_addr().
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40b4f0fd
    • David S. Miller's avatar
      Merge branch 'phy-micrel-fixes' · f0da74bc
      David S. Miller authored
      Alexandre Belloni says:
      
      ====================
      phy: micrel: fix issues with interrupt on atmel boards
      
      Since the phy is not polled anymore, there were issues getting a link on the
      sama5d* xplained boards.
      
      I'm not too sure about were those fixes should go and I'm wondering whether the
      first one shoud be made generic.
      
      For the second one, I found the PHY_HAS_MAGICANEG flag that is not used and I
      wondering whether this is related to that kind of issue. I had a quick look at
      the history and could'nt find its use.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f0da74bc
    • Alexandre Belloni's avatar
      phy: micrel: Disable auto negotiation on startup · 99f81afc
      Alexandre Belloni authored
      Disable auto negotiation on init to properly detect an already plugged
      cable at boot.
      
      At boot, when the phy is started, it is in the PHY_UP state.
      However, if a cable is plugged at boot, because auto negociation is already
      enabled at the time we get the first interrupt, the phy is already running.
      But the state machine then switches from PHY_UP to PHY_AN and calls
      phy_start_aneg(). phy_start_aneg() will not do anything because aneg is
      already enabled on the phy. It will then wait for a interrupt before going
      further. This interrupt will never happen unless the cable is unplugged and
      then replugged.
      
      It was working properly before 321beec5 (net: phy: Use interrupts when
      available in NOLINK state) because switching to NOLINK meant starting
      polling the phy, even if IRQ were enabled.
      
      Fixes: 321beec5 (net: phy: Use interrupts when available in NOLINK state)
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      99f81afc
    • Alexandre Belloni's avatar
      phy: micrel: Ensure interrupts are reenabled on resume · f5aba91d
      Alexandre Belloni authored
      At least on ksz8081, when getting back from power down, interrupts are
      disabled. ensure they are reenabled if they were previously enabled.
      
      This fixes resuming which is failing on the xplained boards from atmel
      since 321beec5 (net: phy: Use interrupts when available in NOLINK
      state)
      
      Fixes: 321beec5 (net: phy: Use interrupts when available in NOLINK state)
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5aba91d
    • Guillaume Nault's avatar
      ppp: lock ppp->flags in ppp_read() and ppp_poll() · edffc217
      Guillaume Nault authored
      ppp_read() and ppp_poll() can be called concurrently with ppp_ioctl().
      In this case, ppp_ioctl() might call ppp_ccp_closed(), which may update
      ppp->flags while ppp_read() or ppp_poll() is reading it.
      The update done by ppp_ccp_closed() isn't atomic due to the bit mask
      operation ('ppp->flags &= ~(SC_CCP_OPEN | SC_CCP_UP)'), so concurrent
      readers might get transient values.
      Reading incorrect ppp->flags may disturb the 'ppp->flags & SC_LOOP_TRAFFIC'
      test in ppp_read() and ppp_poll(), which in turn can lead to improper
      decision on whether the PPP unit file is ready for reading or not.
      
      Since ppp_ccp_closed() is protected by the Rx and Tx locks (with
      ppp_lock()), taking the Rx lock is enough for ppp_read() and ppp_poll()
      to guarantee that ppp_ccp_closed() won't update ppp->flags
      concurrently.
      
      The same reasoning applies to ppp->n_channels. The 'n_channels' field
      can also be written to concurrently by ppp_ioctl() (through
      ppp_connect_channel() or ppp_disconnect_channel()). These writes aren't
      atomic (simple increment/decrement), but are protected by both the Rx
      and Tx locks (like in the ppp->flags case). So holding the Rx lock
      before reading ppp->n_channels also prevents concurrent writes.
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      edffc217
    • Ivan Vecera's avatar
      bna: fix list corruption · a7f4b988
      Ivan Vecera authored
      Use list_move_tail() to move MAC address entry from list of pending
      to list of active entries. Simple list_add_tail() leaves the entry
      also in the first list, this leads to list corruption.
      
      Cc: Rasesh Mody <rasesh.mody@qlogic.com>
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Acked-by: default avatarRasesh Mody <rasesh.mody@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7f4b988
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.5-20160226' of... · c44a72a5
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.5-20160226' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2016-02-26
      
      this is a pull request of one patch for net.
      
      The patch by Maximilain Schneider fixes a kfree() problem during disconnect in
      the gs_usb driver.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c44a72a5
    • Felix Fietkau's avatar
      mac80211: minstrel_ht: fix a logic error in RTS/CTS handling · c36dd3ea
      Felix Fietkau authored
      RTS/CTS needs to be enabled if the rate is a fallback rate *or* if it's
      a dual-stream rate and the sta is in dynamic SMPS mode.
      
      Cc: stable@vger.kernel.org
      Fixes: a3ebb4e1 ("mac80211: minstrel_ht: handle peers in dynamic SMPS")
      Reported-by: default avatarMatías Richart <mrichart@fing.edu.uy>
      Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c36dd3ea
    • Jouni Malinen's avatar
      mac80211: Fix Public Action frame RX in AP mode · 1ec7bae8
      Jouni Malinen authored
      Public Action frames use special rules for how the BSSID field (Address
      3) is set. A wildcard BSSID is used in cases where the transmitter and
      recipient are not members of the same BSS. As such, we need to accept
      Public Action frames with wildcard BSSID.
      
      Commit db8e1732 ("mac80211: ignore frames between TDLS peers when
      operating as AP") added a rule that drops Action frames to TDLS-peers
      based on an Action frame having different DA (Address 1) and BSSID
      (Address 3) values. This is not correct since it misses the possibility
      of BSSID being a wildcard BSSID in which case the Address 1 would not
      necessarily match.
      
      Fix this by allowing mac80211 to accept wildcard BSSID in an Action
      frame when in AP mode.
      
      Fixes: db8e1732 ("mac80211: ignore frames between TDLS peers when operating as AP")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      1ec7bae8
    • Johannes Berg's avatar
      mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs · 9acc54be
      Johannes Berg authored
      Just like for CCMP we need to check that for GCMP the fragments
      have PNs that increment by one; the spec was updated to fix this
      security issue and now has the following text:
      
      	The receiver shall discard MSDUs and MMPDUs whose constituent
      	MPDU PN values are not incrementing in steps of 1.
      
      Adapt the code for CCMP to work for GCMP as well, luckily the
      relevant fields already alias each other so no code duplication
      is needed (just check the aliasing with BUILD_BUG_ON.)
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      9acc54be
  3. 29 Feb, 2016 1 commit
    • Neil Horman's avatar
      3c59x: mask LAST_FRAG bit from length field in ring · a6522c08
      Neil Horman authored
      Recently, I fixed a bug in 3c59x:
      
      commit 6e144419
      Author: Neil Horman <nhorman@tuxdriver.com>
      Date:   Wed Jan 13 12:43:54 2016 -0500
      
          3c59x: fix another page map/single unmap imbalance
      
      Which correctly rebalanced dma mapping and unmapping types.  Unfortunately it
      introduced a new bug which causes oopses on older systems.
      
      When mapping dma regions, the last entry for a packet in the 3c59x tx ring
      encodes a LAST_FRAG bit, which is encoded as the high order bit of the buffers
      length field.  When it is unmapped the LAST_FRAG bit is cleared prior to being
      passed to the unmap function.  Unfortunately the commit above fails to do that
      masking.  It was missed in testing because the system on which I tested it had
      an intel iommu, the driver for which ignores the size field, using only the DMA
      address as the token to identify the mapping to be released.  However, on older
      systems that rely on swiotlb (or other dma drivers that key off that length
      field), not masking off that LAST_FRAG high order bit results in parsing a huge
      size to be release, leading to all sorts of odd corruptions and the like.
      
      Fix is easy, just mask the length with 0xFFF.  It should really be
      &(LAST_FRAG-1), but 0xFFF is the style of the file, and I'd like to make this
      fix minimal and correct before making it prettier.
      
      Appies to the net tree cleanly.  All testing on both iommu and swiommu based
      systems produce good results
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      CC: Steffen Klassert <klassert@mathematik.tu-chemnitz.de>
      CC: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a6522c08
  4. 26 Feb, 2016 2 commits
  5. 25 Feb, 2016 4 commits
    • Sunil Goutham's avatar
      net: thunderx: Fix for Qset error due to CQ full · 4c0b6eaf
      Sunil Goutham authored
      On Thunderx pass 1.x and pass2 due to a HW errata default CQ
      DROP_LEVEL of 0x80 is not sufficient to avoid CQ_WR_FULL Qset
      error when packets are being received at >20Mpps resulting in
      complete stall of packet reception.
      
      This patch will configure it to 0x100 which is what is expected
      by HW on Thunderx. On future passes of thunderx and other chips
      HW default/reset value will be 0x100 or higher hence not overwritten.
      Signed-off-by: default avatarJerin Jacob <jerin.jacob@caviumnetworks.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c0b6eaf
    • Chun-Hao Lin's avatar
      r8169:fix "rtl_counters_cond == 1 (loop: 1000, delay: 10)" log spam. · f09cf4b7
      Chun-Hao Lin authored
      There will be a log spam when there is no cable plugged. Please refer to
      following links. https://bugzilla.kernel.org/show_bug.cgi?id=104351
      https://bugzilla.kernel.org/show_bug.cgi?id=107421
      
      This issue is caused by runtime power management. When there is no cable
      plugged, the driver will be suspend (runtime suspend) by OS and NIC will be
      put into the D3 state. During this time, if OS call rtl8169_get_stats64()
      to dump tally counter, because NIC is in D3 state, the register value read
      by driver will return all 0xff. This will let driver think tally counter
      flag is not toggled and then sends the warning message "rtl_counters_cond
      == 1 (loop: 1000, delay: 10)" to kernel log.
      
      For fixing this issue, 1.add checking driver's pm runtime status in
      rtl8169_get_stats64(). 2.dump tally counter before going runtime suspend
      for counter accuracy in runtime suspend.
      Signed-off-by: default avatarChunhao Lin <hau@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f09cf4b7
    • Linus Lüssing's avatar
      net: fix bridge multicast packet checksum validation · 9b368814
      Linus Lüssing authored
      We need to update the skb->csum after pulling the skb, otherwise
      an unnecessary checksum (re)computation can ocure for IGMP/MLD packets
      in the bridge code. Additionally this fixes the following splats for
      network devices / bridge ports with support for and enabled RX checksum
      offloading:
      
      [...]
      [   43.986968] eth0: hw csum failure
      [   43.990344] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.4.0 #2
      [   43.996193] Hardware name: BCM2709
      [   43.999647] [<800204e0>] (unwind_backtrace) from [<8001cf14>] (show_stack+0x10/0x14)
      [   44.007432] [<8001cf14>] (show_stack) from [<801ab614>] (dump_stack+0x80/0x90)
      [   44.014695] [<801ab614>] (dump_stack) from [<802e4548>] (__skb_checksum_complete+0x6c/0xac)
      [   44.023090] [<802e4548>] (__skb_checksum_complete) from [<803a055c>] (ipv6_mc_validate_checksum+0x104/0x178)
      [   44.032959] [<803a055c>] (ipv6_mc_validate_checksum) from [<802e111c>] (skb_checksum_trimmed+0x130/0x188)
      [   44.042565] [<802e111c>] (skb_checksum_trimmed) from [<803a06e8>] (ipv6_mc_check_mld+0x118/0x338)
      [   44.051501] [<803a06e8>] (ipv6_mc_check_mld) from [<803b2c98>] (br_multicast_rcv+0x5dc/0xd00)
      [   44.060077] [<803b2c98>] (br_multicast_rcv) from [<803aa510>] (br_handle_frame_finish+0xac/0x51c)
      [...]
      
      Fixes: 9afd85c9 ("net: Export IGMP/MLD message validation code")
      Reported-by: default avatarÁlvaro Fernández Rojas <noltari@gmail.com>
      Signed-off-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9b368814
    • Stefan Wahren's avatar
      net: qca_spi: clear IFF_TX_SKB_SHARING · a4690afe
      Stefan Wahren authored
      ether_setup sets IFF_TX_SKB_SHARING but this is not supported by
      qca_spi as it modifies the skb on xmit.
      Signed-off-by: default avatarStefan Wahren <stefan.wahren@i2se.com>
      Fixes: 291ab06e (net: qualcomm: new Ethernet over SPI driver for QCA7000)
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4690afe