1. 01 Jun, 2016 3 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6b15d665
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix negative error code usage in ATM layer, from Stefan Hajnoczi.
      
       2) If CONFIG_SYSCTL is disabled, the default TTL is not initialized
          properly.  From Ezequiel Garcia.
      
       3) Missing spinlock init in mvneta driver, from Gregory CLEMENT.
      
       4) Missing unlocks in hwmb error paths, also from Gregory CLEMENT.
      
       5) Fix deadlock on team->lock when propagating features, from Ivan
          Vecera.
      
       6) Work around buffer offset hw bug in alx chips, from Feng Tang.
      
       7) Fix double listing of SCTP entries in sctp_diag dumps, from Xin
          Long.
      
       8) Various statistics bug fixes in mlx4 from Eric Dumazet.
      
       9) Fix some randconfig build errors wrt fou ipv6 from Arnd Bergmann.
      
      10) All of l2tp was namespace aware, but the ipv6 support code was not
          doing so.  From Shmulik Ladkani.
      
      11) Handle on-stack hrtimers properly in pktgen, from Guenter Roeck.
      
      12) Propagate MAC changes properly through VLAN devices, from Mike
          Manning.
      
      13) Fix memory leak in bnx2x_init_one(), from Vitaly Kuznetsov.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (62 commits)
        sfc: Track RPS flow IDs per channel instead of per function
        usbnet: smsc95xx: fix link detection for disabled autonegotiation
        virtio_net: fix virtnet_open and virtnet_probe competing for try_fill_recv
        bnx2x: avoid leaking memory on bnx2x_init_one() failures
        fou: fix IPv6 Kconfig options
        openvswitch: update checksum in {push,pop}_mpls
        sctp: sctp_diag should dump sctp socket type
        net: fec: update dirty_tx even if no skb
        vlan: Propagate MAC address to VLANs
        atm: iphase: off by one in rx_pkt()
        atm: firestream: add more reserved strings
        vxlan: Accept user specified MTU value when create new vxlan link
        net: pktgen: Call destroy_hrtimer_on_stack()
        timer: Export destroy_hrtimer_on_stack()
        net: l2tp: Make l2tp_ip6 namespace aware
        Documentation: ip-sysctl.txt: clarify secure_redirects
        sfc: use flow dissector helpers for aRFS
        ieee802154: fix logic error in ieee802154_llsec_parse_dev_addr
        net: nps_enet: Disable interrupts before napi reschedule
        net/lapb: tuse %*ph to dump buffers
        ...
      6b15d665
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 58c1f995
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
       "sparc64 mmu context allocation and trap return bug fixes"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix return from trap window fill crashes.
        sparc: Harden signal return frame checks.
        sparc64: Take ctx_alloc_lock properly in hugetlb_setup().
      58c1f995
    • Jon Cooper's avatar
      sfc: Track RPS flow IDs per channel instead of per function · faf8dcc1
      Jon Cooper authored
      Otherwise we get confused when two flows on different channels get the
       same flow ID.
      Signed-off-by: default avatarEdward Cree <ecree@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      faf8dcc1
  2. 31 May, 2016 15 commits
  3. 30 May, 2016 19 commits
    • Linus Torvalds's avatar
      Merge branch 'uuid' (lib/uuid fixes from Andy) · 852f42a6
      Linus Torvalds authored
      Merge lib/uuid fixes from Andy Shevchenko.
      
      * emailed patches from Andy Shevchenko <andriy.shevchenko@linux.intel.com>:
        lib/uuid.c: use correct offset in uuid parser
        lib/uuid: add a test module
      852f42a6
    • Bjørn Mork's avatar
      lib/uuid.c: use correct offset in uuid parser · bc9dc9d5
      Bjørn Mork authored
      Use '+ 0' and '+ 1' as offsets, like they were intended, instead of
      adding to the result.
      
      Fixes: 2b1b0d66 ("lib/uuid.c: introduce a few more generic helpers")
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bc9dc9d5
    • Andy Shevchenko's avatar
      lib/uuid: add a test module · cfaff0e5
      Andy Shevchenko authored
      It appears that somehow I missed a test of the latest UUID rework which
      landed in the kernel.  Present a small test module to avoid such cases
      in the future.
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cfaff0e5
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 44698542
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the following issues:
      
         - missing selection in public_key that may result in a build failure
      
         - Potential crash in error path in omap-sham
      
         - ccp AES XTS bug that affects requests larger than 4096"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ccp - Fix AES XTS error for request sizes above 4096
        crypto: public_key: select CRYPTO_AKCIPHER
        crypto: omap-sham - potential Oops on error in probe
      44698542
    • Linus Walleij's avatar
      gpio: drop lock before reading GPIO direction · 545ebd9a
      Linus Walleij authored
      When adding the gpiochip, the GPIO HW drivers' callback get_direction()
      could get called in atomic context. Some of the GPIO HW drivers may
      sleep when accessing the register.
      
      Move the lock before initializing the descriptors.
      Reported-by: default avatarLaxman Dewangan <ldewangan@nvidia.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      545ebd9a
    • Linus Walleij's avatar
      gpio: bail out silently on NULL descriptors · 54d77198
      Linus Walleij authored
      In fdeb8e15
      ("gpio: reflect base and ngpio into gpio_device")
      assumed that GPIO descriptors are either valid or error
      pointers, but gpiod_get_[index_]optional() actually return
      NULL descriptors and then all subsequent calls should just
      bail out.
      
      Cc: stable@vger.kernel.org
      Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Cc: Florian Fainelli <f.fainelli@gmail.com>
      Cc: Andrew Lunn <andrew@lunn.ch>
      Fixes: fdeb8e15 ("gpio: reflect base and ngpio into gpio_device")
      Reported-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      54d77198
    • Linus Walleij's avatar
      gpio: handle compatible ioctl() pointers · 8b92e17e
      Linus Walleij authored
      If we're using the compatible ioctl() we need to handle the
      argument pointer in a special way or there will be trouble.
      
      Fixes: 3c702e99 ("gpio: add a userspace chardev ABI for GPIOs")
      Reported-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Reviewed-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      8b92e17e
    • Linus Walleij's avatar
      gpio: flush direction status in gpiochip_lock_as_irq() · 9c10280d
      Linus Walleij authored
      As irqchip and gpiochip functions are orthogonal, the IRQ
      set-up or something else can have changed the direction of
      the GPIO line from what the GPIO descriptor knows when we
      get into gpiochip_lock_as_irq(). Make sure to re-read the
      direction setting if we have the .get_direction() callback
      enabled for the chip.
      
      Else we get problems like this:
      
      iio iio:device2: interrupts on the rising edge
      gpio gpiochip2: (8012e080.gpio): gpiochip_lock_as_irq:
        tried to flag a GPIO set as output for IRQ
      gpio gpiochip2: (8012e080.gpio): unable to lock HW IRQ 0 for IRQ
      genirq: Failed to request resources for l3g4200d-trigger
        (irq 111) on irqchip nmk1-32-63
      iio iio:device2: failed to request trigger IRQ.
      st-gyro-i2c: probe of 2-0068 failed with error -22
      
      Fixes: 72d32000 ("gpio: set up initial state from .get_direction()")
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      9c10280d
    • Sylvain Lemieux's avatar
      gpio: lpc32xx: disable broken to_irq support · 320a6480
      Sylvain Lemieux authored
      The "to_irq" functionality is broken inside this driver since commit
      76ba59f8 ("genirq: Add irq_domain-aware core IRQ handler").
      
      The addition of the new lpc32xx irqchip driver in 4.7, fixed the
      lpc32xx platform interrupt issue.
      
      When switching to the new lpc32xx irqchip driver, a warning appear
      in the lpc32xx gpio driver: warning: "NR_IRQS" redefined.
      
      To remove this warning (temporary solution), this patch
      disables the broken "to_irq" mapping functionality support.
      Signed-off-by: default avatarSylvain Lemieux <slemieux@tycoint.com>
      Acked-by: default avatarVladimir Zapolskiy <vz@mleia.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      320a6480
    • Shmulik Ladkani's avatar
      net: l2tp: Make l2tp_ip6 namespace aware · 0e6b5259
      Shmulik Ladkani authored
      l2tp_ip6 tunnel and session lookups were still using init_net, although
      the l2tp core infrastructure already supports lookups keyed by 'net'.
      
      As a result, l2tp_ip6_recv discarded packets for tunnels/sessions
      created in namespaces other than the init_net.
      
      Fix, by using dev_net(skb->dev) or sock_net(sk) where appropriate.
      Signed-off-by: default avatarShmulik Ladkani <shmulik.ladkani@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e6b5259
    • Eric Garver's avatar
      Documentation: ip-sysctl.txt: clarify secure_redirects · 176b346b
      Eric Garver authored
      Clarify how secure_redirects works. Mention that RFC1122 always applies.
      Signed-off-by: default avatarEric Garver <e@erig.me>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      176b346b
    • Edward Cree's avatar
      68bb399e
    • Baozeng Ding's avatar
      ieee802154: fix logic error in ieee802154_llsec_parse_dev_addr · 421eeea1
      Baozeng Ding authored
      Fix a logic error to avoid potential null pointer dereference.
      Signed-off-by: default avatarBaozeng Ding <sploving1@gmail.com>
      Reviewed-by: Stefan Schmidt<stefan@osg.samsung.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      421eeea1
    • Elad Kanfi's avatar
      net: nps_enet: Disable interrupts before napi reschedule · 86651650
      Elad Kanfi authored
      Since NAPI works by shutting down event interrupts when theres
      work and turning them on when theres none, the net driver must
      make sure that interrupts are disabled when it reschedules polling.
      By calling napi_reschedule, the driver switches to polling mode,
      therefor there should be no interrupt interference.
      Any received packets will be handled in nps_enet_poll by polling the HW
      indication of received packet until all packets are handled.
      Signed-off-by: default avatarElad Kanfi <eladkan@mellanox.com>
      Acked-by: default avatarNoam Camus <noamca@mellanox.com>
      Tested-by: default avatarAlexey Brodkin <abrodkin@synopsys.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86651650
    • Andy Shevchenko's avatar
      net/lapb: tuse %*ph to dump buffers · 0d08df6c
      Andy Shevchenko authored
      Use %*ph specifier to dump small buffers in hex format instead doing this
      byte-by-byte.
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0d08df6c
    • Dan Carpenter's avatar
      ptp: oops in ptp_ioctl() · 6756325a
      Dan Carpenter authored
      If we pass ERR_PTR(-EFAULT) to kfree() then it's going to oops.
      
      Fixes: 2ece068e ('ptp: use memdup_user().')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6756325a
    • Arnd Bergmann's avatar
      fou: add Kconfig options for IPv6 support · fabb13db
      Arnd Bergmann authored
      A previous patch added the fou6.ko module, but that failed to link
      in a couple of configurations:
      
      net/built-in.o: In function `ip6_tnl_encap_add_fou_ops':
      net/ipv6/fou6.c:88: undefined reference to `ip6_tnl_encap_add_ops'
      net/ipv6/fou6.c:94: undefined reference to `ip6_tnl_encap_add_ops'
      net/ipv6/fou6.c:97: undefined reference to `ip6_tnl_encap_del_ops'
      net/built-in.o: In function `ip6_tnl_encap_del_fou_ops':
      net/ipv6/fou6.c:106: undefined reference to `ip6_tnl_encap_del_ops'
      net/ipv6/fou6.c:107: undefined reference to `ip6_tnl_encap_del_ops'
      
      If CONFIG_IPV6=m, ip6_tnl_encap_add_ops/ip6_tnl_encap_del_ops
      are in a module, but fou6.c can still be built-in, and that
      obviously fails to link.
      
      Also, if CONFIG_IPV6=y, but CONFIG_IPV6_TUNNEL=m or
      CONFIG_IPV6_TUNNEL=n, the same problem happens for a different
      reason.
      
      This adds two new silent Kconfig symbols to work around both
      problems:
      
      - CONFIG_IPV6_FOU is now always set to 'm' if either CONFIG_NET_FOU=m
        or CONFIG_IPV6=m
      - CONFIG_IPV6_FOU_TUNNEL is set implicitly when IPV6_FOU is enabled
        and NET_FOU_IP_TUNNELS is also turned out, and it will ensure
        that CONFIG_IPV6_TUNNEL is also available.
      
      The options could be made user-visible as well, to give additional
      room for configuration, but it seems easier not to bother users
      with more choice here.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: aa3463d6 ("fou: Add encap ops for IPv6 tunnels")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fabb13db
    • Arnd Bergmann's avatar
      ipv6: hide ip6_encap_hlen/ip6_tnl_encap definitions · 9791d8e7
      Arnd Bergmann authored
      A recent cleanup moved MAX_IPTUN_ENCAP_OPS along with some other
      definitions, but it is now invisible when CONFIG_INET is
      not defined, but still referenced from ip6_tunnel.h:
      
      In file included from net/xfrm/xfrm_input.c:17:0:
      include/net/ip6_tunnel.h:67:17: error: 'MAX_IPTUN_ENCAP_OPS' undeclared here (not in a function)
         ip6tun_encaps[MAX_IPTUN_ENCAP_OPS];
                       ^~~~~~~~~~~~~~~~~~~
      
      This hides the ip6_encap_hlen and ip6_tnl_encap functions inside
      of CONFIG_INET so we don't run into the the problem.
      
      Alternatively we could move the macro out of the #ifdef again to
      restore the previous behavior
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 55c2bc14 ("net: Cleanup encap items in ip_tunnels.h")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9791d8e7
    • David S. Miller's avatar
      sparc64: Fix return from trap window fill crashes. · 7cafc0b8
      David S. Miller authored
      We must handle data access exception as well as memory address unaligned
      exceptions from return from trap window fill faults, not just normal
      TLB misses.
      
      Otherwise we can get an OOPS that looks like this:
      
      ld-linux.so.2(36808): Kernel bad sw trap 5 [#1]
      CPU: 1 PID: 36808 Comm: ld-linux.so.2 Not tainted 4.6.0 #34
      task: fff8000303be5c60 ti: fff8000301344000 task.ti: fff8000301344000
      TSTATE: 0000004410001601 TPC: 0000000000a1a784 TNPC: 0000000000a1a788 Y: 00000002    Not tainted
      TPC: <do_sparc64_fault+0x5c4/0x700>
      g0: fff8000024fc8248 g1: 0000000000db04dc g2: 0000000000000000 g3: 0000000000000001
      g4: fff8000303be5c60 g5: fff800030e672000 g6: fff8000301344000 g7: 0000000000000001
      o0: 0000000000b95ee8 o1: 000000000000012b o2: 0000000000000000 o3: 0000000200b9b358
      o4: 0000000000000000 o5: fff8000301344040 sp: fff80003013475c1 ret_pc: 0000000000a1a77c
      RPC: <do_sparc64_fault+0x5bc/0x700>
      l0: 00000000000007ff l1: 0000000000000000 l2: 000000000000005f l3: 0000000000000000
      l4: fff8000301347e98 l5: fff8000024ff3060 l6: 0000000000000000 l7: 0000000000000000
      i0: fff8000301347f60 i1: 0000000000102400 i2: 0000000000000000 i3: 0000000000000000
      i4: 0000000000000000 i5: 0000000000000000 i6: fff80003013476a1 i7: 0000000000404d4c
      I7: <user_rtt_fill_fixup+0x6c/0x7c>
      Call Trace:
       [0000000000404d4c] user_rtt_fill_fixup+0x6c/0x7c
      
      The window trap handlers are slightly clever, the trap table entries for them are
      composed of two pieces of code.  First comes the code that actually performs
      the window fill or spill trap handling, and then there are three instructions at
      the end which are for exception processing.
      
      The userland register window fill handler is:
      
      	add	%sp, STACK_BIAS + 0x00, %g1;		\
      	ldxa	[%g1 + %g0] ASI, %l0;			\
      	mov	0x08, %g2;				\
      	mov	0x10, %g3;				\
      	ldxa	[%g1 + %g2] ASI, %l1;			\
      	mov	0x18, %g5;				\
      	ldxa	[%g1 + %g3] ASI, %l2;			\
      	ldxa	[%g1 + %g5] ASI, %l3;			\
      	add	%g1, 0x20, %g1;				\
      	ldxa	[%g1 + %g0] ASI, %l4;			\
      	ldxa	[%g1 + %g2] ASI, %l5;			\
      	ldxa	[%g1 + %g3] ASI, %l6;			\
      	ldxa	[%g1 + %g5] ASI, %l7;			\
      	add	%g1, 0x20, %g1;				\
      	ldxa	[%g1 + %g0] ASI, %i0;			\
      	ldxa	[%g1 + %g2] ASI, %i1;			\
      	ldxa	[%g1 + %g3] ASI, %i2;			\
      	ldxa	[%g1 + %g5] ASI, %i3;			\
      	add	%g1, 0x20, %g1;				\
      	ldxa	[%g1 + %g0] ASI, %i4;			\
      	ldxa	[%g1 + %g2] ASI, %i5;			\
      	ldxa	[%g1 + %g3] ASI, %i6;			\
      	ldxa	[%g1 + %g5] ASI, %i7;			\
      	restored;					\
      	retry; nop; nop; nop; nop;			\
      	b,a,pt	%xcc, fill_fixup_dax;			\
      	b,a,pt	%xcc, fill_fixup_mna;			\
      	b,a,pt	%xcc, fill_fixup;
      
      And the way this works is that if any of those memory accesses
      generate an exception, the exception handler can revector to one of
      those final three branch instructions depending upon which kind of
      exception the memory access took.  In this way, the fault handler
      doesn't have to know if it was a spill or a fill that it's handling
      the fault for.  It just always branches to the last instruction in
      the parent trap's handler.
      
      For example, for a regular fault, the code goes:
      
      winfix_trampoline:
      	rdpr	%tpc, %g3
      	or	%g3, 0x7c, %g3
      	wrpr	%g3, %tnpc
      	done
      
      All window trap handlers are 0x80 aligned, so if we "or" 0x7c into the
      trap time program counter, we'll get that final instruction in the
      trap handler.
      
      On return from trap, we have to pull the register window in but we do
      this by hand instead of just executing a "restore" instruction for
      several reasons.  The largest being that from Niagara and onward we
      simply don't have enough levels in the trap stack to fully resolve all
      possible exception cases of a window fault when we are already at
      trap level 1 (which we enter to get ready to return from the original
      trap).
      
      This is executed inline via the FILL_*_RTRAP handlers.  rtrap_64.S's
      code branches directly to these to do the window fill by hand if
      necessary.  Now if you look at them, we'll see at the end:
      
      	    ba,a,pt    %xcc, user_rtt_fill_fixup;
      	    ba,a,pt    %xcc, user_rtt_fill_fixup;
      	    ba,a,pt    %xcc, user_rtt_fill_fixup;
      
      And oops, all three cases are handled like a fault.
      
      This doesn't work because each of these trap types (data access
      exception, memory address unaligned, and faults) store their auxiliary
      info in different registers to pass on to the C handler which does the
      real work.
      
      So in the case where the stack was unaligned, the unaligned trap
      handler sets up the arg registers one way, and then we branched to
      the fault handler which expects them setup another way.
      
      So the FAULT_TYPE_* value ends up basically being garbage, and
      randomly would generate the backtrace seen above.
      Reported-by: default avatarNick Alcock <nix@esperi.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7cafc0b8
  4. 29 May, 2016 3 commits