1. 11 Mar, 2015 3 commits
    • Marc Zyngier's avatar
      arm64: KVM: Fix outdated comment about VTCR_EL2.PS · 84ed7412
      Marc Zyngier authored
      Commit 87366d8c ("arm64: Add boot time configuration of
      Intermediate Physical Address size") removed the hardcoded setting
      of VTCR_EL2.PS to use ID_AA64MMFR0_EL1.PARange instead, but didn't
      remove the (now rather misleading) comment.
      
      Fix the comments to match reality (at least for the next few minutes).
      Acked-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      84ed7412
    • Marc Zyngier's avatar
      arm64: KVM: Do not use pgd_index to index stage-2 pgd · 04b8dc85
      Marc Zyngier authored
      The kernel's pgd_index macro is designed to index a normal, page
      sized array. KVM is a bit diffferent, as we can use concatenated
      pages to have a bigger address space (for example 40bit IPA with
      4kB pages gives us an 8kB PGD.
      
      In the above case, the use of pgd_index will always return an index
      inside the first 4kB, which makes a guest that has memory above
      0x8000000000 rather unhappy, as it spins forever in a page fault,
      whist the host happilly corrupts the lower pgd.
      
      The obvious fix is to get our own kvm_pgd_index that does the right
      thing(tm).
      
      Tested on X-Gene with a hacked kvmtool that put memory at a stupidly
      high address.
      Reviewed-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      04b8dc85
    • Marc Zyngier's avatar
      arm64: KVM: Fix stage-2 PGD allocation to have per-page refcounting · a987370f
      Marc Zyngier authored
      We're using __get_free_pages with to allocate the guest's stage-2
      PGD. The standard behaviour of this function is to return a set of
      pages where only the head page has a valid refcount.
      
      This behaviour gets us into trouble when we're trying to increment
      the refcount on a non-head page:
      
      page:ffff7c00cfb693c0 count:0 mapcount:0 mapping:          (null) index:0x0
      flags: 0x4000000000000000()
      page dumped because: VM_BUG_ON_PAGE((*({ __attribute__((unused)) typeof((&page->_count)->counter) __var = ( typeof((&page->_count)->counter)) 0; (volatile typeof((&page->_count)->counter) *)&((&page->_count)->counter); })) <= 0)
      BUG: failure at include/linux/mm.h:548/get_page()!
      Kernel panic - not syncing: BUG!
      CPU: 1 PID: 1695 Comm: kvm-vcpu-0 Not tainted 4.0.0-rc1+ #3825
      Hardware name: APM X-Gene Mustang board (DT)
      Call trace:
      [<ffff80000008a09c>] dump_backtrace+0x0/0x13c
      [<ffff80000008a1e8>] show_stack+0x10/0x1c
      [<ffff800000691da8>] dump_stack+0x74/0x94
      [<ffff800000690d78>] panic+0x100/0x240
      [<ffff8000000a0bc4>] stage2_get_pmd+0x17c/0x2bc
      [<ffff8000000a1dc4>] kvm_handle_guest_abort+0x4b4/0x6b0
      [<ffff8000000a420c>] handle_exit+0x58/0x180
      [<ffff80000009e7a4>] kvm_arch_vcpu_ioctl_run+0x114/0x45c
      [<ffff800000099df4>] kvm_vcpu_ioctl+0x2e0/0x754
      [<ffff8000001c0a18>] do_vfs_ioctl+0x424/0x5c8
      [<ffff8000001c0bfc>] SyS_ioctl+0x40/0x78
      CPU0: stopping
      
      A possible approach for this is to split the compound page using
      split_page() at allocation time, and change the teardown path to
      free one page at a time.  It turns out that alloc_pages_exact() and
      free_pages_exact() does exactly that.
      
      While we're at it, the PGD allocation code is reworked to reduce
      duplication.
      
      This has been tested on an X-Gene platform with a 4kB/48bit-VA host
      kernel, and kvmtool hacked to place memory in the second page of
      the hardware PGD (PUD for the host kernel). Also regression-tested
      on a Cubietruck (Cortex-A7).
      
       [ Reworked to use alloc_pages_exact() and free_pages_exact() and to
         return pointers directly instead of by reference as arguments
          - Christoffer ]
      Reported-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarChristoffer Dall <christoffer.dall@linaro.org>
      a987370f
  2. 05 Mar, 2015 1 commit
  3. 04 Mar, 2015 10 commits
  4. 03 Mar, 2015 15 commits
    • Linus Torvalds's avatar
      Merge branch 'for-4.0' of git://linux-nfs.org/~bfields/linux · a6c5170d
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "Three miscellaneous bugfixes, most importantly the clp->cl_revoked
        bug, which we've seen several reports of people hitting"
      
      * 'for-4.0' of git://linux-nfs.org/~bfields/linux:
        sunrpc: integer underflow in rsc_parse()
        nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd
        svcrpc: fix memory leak in gssp_accept_sec_context_upcall
      a6c5170d
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 789d7f60
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) If an IPVS tunnel is created with a mixed-family destination
          address, it cannot be removed.  Fix from Alexey Andriyanov.
      
       2) Fix module refcount underflow in netfilter's nft_compat, from Pablo
          Neira Ayuso.
      
       3) Generic statistics infrastructure can reference variables sitting on
          a released function stack, therefore use dynamic allocation always.
          Fix from Ignacy Gawędzki.
      
       4) skb_copy_bits() return value test is inverted in ip_check_defrag().
      
       5) Fix network namespace exit in openvswitch, we have to release all of
          the per-net vports.  From Pravin B Shelar.
      
       6) Fix signedness bug in CAIF's cfpkt_iterate(), from Dan Carpenter.
      
       7) Fix rhashtable grow/shrink behavior, only expand during inserts and
          shrink during deletes.  From Daniel Borkmann.
      
       8) Netdevice names with semicolons should never be allowed, because
          they serve as a separator.  From Matthew Thode.
      
       9) Use {,__}set_current_state() where appropriate, from Fabian
          Frederick.
      
      10) Revert byte queue limits support in r8169 driver, it's causing
          regressions we can't figure out.
      
      11) tcp_should_expand_sndbuf() erroneously uses tp->packets_out to
          measure packets in flight, properly use tcp_packets_in_flight()
          instead.  From Neal Cardwell.
      
      12) Fix accidental removal of support for bluetooth in CSR based Intel
          wireless cards.  From Marcel Holtmann.
      
      13) We accidently added a behavioral change between native and compat
          tasks, wrt testing the MSG_CMSG_COMPAT bit.  Just ignore it if the
          user happened to set it in a native binary as that was always the
          behavior we had.  From Catalin Marinas.
      
      14) Check genlmsg_unicast() return valud in hwsim netlink tx frame
          handling, from Bob Copeland.
      
      15) Fix stale ->radar_required setting in mac80211 that can prevent
          starting new scans, from Eliad Peller.
      
      16) Fix memory leak in nl80211 monitor, from Johannes Berg.
      
      17) Fix race in TX index handling in xen-netback, from David Vrabel.
      
      18) Don't enable interrupts in amx-xgbe driver until all software et al.
          state is ready for the interrupt handler to run.  From Thomas
          Lendacky.
      
      19) Add missing netlink_ns_capable() checks to rtnl_newlink(), from Eric
          W Biederman.
      
      20) The amount of header space needed in macvtap was not calculated
          properly, fix it otherwise we splat past the beginning of the
          packet.  From Eric Dumazet.
      
      21) Fix bcmgenet TCP TX perf regression, from Jaedon Shin.
      
      22) Don't raw initialize or mod timers, use setup_timer() and
          mod_timer() instead.  From Vaishali Thakkar.
      
      23) Fix software maintained statistics in bcmgenet and systemport
          drivers, from Florian Fainelli.
      
      24) DMA descriptor updates in sh_eth need proper memory barriers, from
          Ben Hutchings.
      
      25) Don't do UDP Fragmentation Offload on RAW sockets, from Michal
          Kubecek.
      
      26) Openvswitch's non-masked set actions aren't constructed properly
          into netlink messages, fix from Joe Stringer.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
        openvswitch: Fix serialization of non-masked set actions.
        gianfar: Reduce logging noise seen due to phy polling if link is down
        ibmveth: Add function to enable live MAC address changes
        net: bridge: add compile-time assert for cb struct size
        udp: only allow UFO for packets from SOCK_DGRAM sockets
        sh_eth: Really fix padding of short frames on TX
        Revert "sh_eth: Enable Rx descriptor word 0 shift for r8a7790"
        sh_eth: Fix RX recovery on R-Car in case of RX ring underrun
        sh_eth: Ensure proper ordering of descriptor active bit write/read
        net/mlx4_en: Disbale GRO for incoming loopback/selftest packets
        net/mlx4_core: Fix wrong mask and error flow for the update-qp command
        net: systemport: fix software maintained statistics
        net: bcmgenet: fix software maintained statistics
        rxrpc: don't multiply with HZ twice
        rxrpc: terminate retrans loop when sending of skb fails
        net/hsr: Fix NULL pointer dereference and refcnt bugs when deleting a HSR interface.
        net: pasemi: Use setup_timer and mod_timer
        net: stmmac: Use setup_timer and mod_timer
        net: 8390: axnet_cs: Use setup_timer and mod_timer
        net: 8390: pcnet_cs: Use setup_timer and mod_timer
        ...
      789d7f60
    • Joe Stringer's avatar
      openvswitch: Fix serialization of non-masked set actions. · f4f8e738
      Joe Stringer authored
      Set actions consist of a regular OVS_KEY_ATTR_* attribute nested inside
      of a OVS_ACTION_ATTR_SET action attribute. When converting masked actions
      back to regular set actions, the inner attribute length was not changed,
      ie, double the length being serialized. This patch fixes the bug.
      
      Fixes: 83d2b9ba ("net: openvswitch: Support masked set actions.")
      Signed-off-by: default avatarJoe Stringer <joestringer@nicira.com>
      Acked-by: default avatarJarno Rajahalme <jrajahalme@nicira.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4f8e738
    • Guenter Roeck's avatar
      gianfar: Reduce logging noise seen due to phy polling if link is down · 0ae93b2c
      Guenter Roeck authored
      Commit 6ce29b0e ("gianfar: Avoid unnecessary reg accesses in adjust_link()")
      eliminates unnecessary calls to adjust_link for phy devices which don't support
      interrupts and need polling. As part of that work, the 'new_state' local flag,
      which was used to reduce logging noise on the console, was eliminated.
      
      Unfortunately, that means that a 'Link is Down' log message will now be
      issued continuously if a link is configured as UP, the link state is down,
      and the associated phy requires polling. This occurs because priv->oldduplex
      is -1 in this case, which always differs from phydev->duplex. In addition,
      phydev->speed may also differ from priv->oldspeed.  gfar_update_link_state()
      is therefore called each time a phy is polled, even if the link state did not
      change.
      
      Cc: Claudiu Manoil <claudiu.manoil@freescale.com>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarClaudiu Manoil <claudiu.manoil@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0ae93b2c
    • Thomas Falcon's avatar
      ibmveth: Add function to enable live MAC address changes · c77c761f
      Thomas Falcon authored
      Add a function that will enable changing the MAC address
      of an ibmveth interface while it is still running.
      Signed-off-by: default avatarThomas Falcon <tlfalcon@linux.vnet.ibm.com>
      Reviewed-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c77c761f
    • Florian Westphal's avatar
      net: bridge: add compile-time assert for cb struct size · 71e168b1
      Florian Westphal authored
      make build fail if structure no longer fits into ->cb storage.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      71e168b1
    • Linus Torvalds's avatar
      Linux 4.0-rc2 · 13a7a6ac
      Linus Torvalds authored
      13a7a6ac
    • Daniel Vetter's avatar
      drm/i915: Fix modeset state confusion in the load detect code · 9128b040
      Daniel Vetter authored
      This is a tricky story of the new atomic state handling and the legacy
      code fighting over each another. The bug at hand is an underrun of the
      framebuffer reference with subsequent hilarity caused by the load
      detect code. Which is peculiar since the the exact same code works
      fine as the implementation of the legacy setcrtc ioctl.
      
      Let's look at the ingredients:
      
      - Currently our code is a crazy mix of legacy modeset interfaces to
        set the parameters and half-baked atomic state tracking underneath.
        While this transition is going we're using the transitional plane
        helpers to update the atomic side (drm_plane_helper_disable/update
        and friends), i.e. plane->state->fb. Since the state structure owns
        the fb those functions take care of that themselves.
      
        The legacy state (specifically crtc->primary->fb) is still managed
        by the old code (and mostly by the drm core), with the fb reference
        counting done by callers (core drm for the ioctl or the i915 load
        detect code). The relevant commit is
      
        commit ea2c67bb
        Author: Matt Roper <matthew.d.roper@intel.com>
        Date:   Tue Dec 23 10:41:52 2014 -0800
      
            drm/i915: Move to atomic plane helpers (v9)
      
      - drm_plane_helper_disable has special code to handle multiple calls
        in a row - it checks plane->crtc == NULL and bails out. This is to
        match the proper atomic implementation which needs the crtc to get
        at the implied locking context atomic updates always need. See
      
        commit acf24a39
        Author: Daniel Vetter <daniel.vetter@ffwll.ch>
        Date:   Tue Jul 29 15:33:05 2014 +0200
      
            drm/plane-helper: transitional atomic plane helpers
      
      - The universal plane code split out the implicit primary plane from
        the CRTC into it's own full-blown drm_plane object. As part of that
        the setcrtc ioctl (which updated both the crtc mode and primary
        plane) learned to set crtc->primary->crtc on modeset to make sure
        the plane->crtc assignments statate up to date in
      
        commit e13161af
        Author: Matt Roper <matthew.d.roper@intel.com>
        Date:   Tue Apr 1 15:22:38 2014 -0700
      
            drm: Add drm_crtc_init_with_planes() (v2)
      
        Unfortunately we've forgotten to update the load detect code. Which
        wasn't a problem since the load detect modeset is temporary and
        always undone before we drop the locks.
      
      - Finally there is a organically grown history (i.e. don't ask) around
        who sets the legacy plane->fb for the various driver entry points.
        Originally updating that was the drivers duty, but for almost all
        places we've moved that (plus updating the refcounts) into the core.
        Again the exception is the load detect code.
      
      Taking all together the following happens:
      - The load detect code doesn't set crtc->primary->crtc. This is only
        really an issue on crtcs never before used or when userspace
        explicitly disabled the primary plane.
      
      - The plane helper glue code short-circuits because of that and leaves
        a non-NULL fb behind in plane->state->fb and plane->fb. The state
        fb isn't a real problem (it's properly refcounted on its own), it's
        just the canary.
      
      - Load detect code drops the reference for that fb, but doesn't set
        plane->fb = NULL. This is ok since it's still living in that old
        world where drivers had to clear the pointer but the core/callers
        handled the refcounting.
      
      - On the next modeset the drm core notices plane->fb and takes care of
        refcounting it properly by doing another unref. This drops the
        refcount to zero, leaving state->plane now pointing at freed memory.
      
      - intel_plane_duplicate_state still assume it owns a reference to that
        very state->fb and bad things start to happen.
      
      Fix this all by applying the same duct-tape as for the legacy setcrtc
      ioctl code and set crtc->primary->crtc properly.
      
      Cc: Matt Roper <matthew.d.roper@intel.com>
      Cc: Paul Bolle <pebolle@tiscali.nl>
      Cc: Rob Clark <robdclark@gmail.com>
      Cc: Paulo Zanoni <przanoni@gmail.com>
      Cc: Sean Paul <seanpaul@chromium.org>
      Cc: Matt Roper <matthew.d.roper@intel.com>
      Reported-and-tested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Reported-by: default avatarPaul Bolle <pebolle@tiscali.nl>
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9128b040
    • Tony Krowiak's avatar
      KVM: s390/cpacf: Enable key wrapping by default · ed6f76b4
      Tony Krowiak authored
      z/VM and LPAR enable key wrapping by default, lets do the same on KVM.
      Signed-off-by: default avatarTony Krowiak <akrowiak@linux.vnet.ibm.com>
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      ed6f76b4
    • Michal Kubeček's avatar
      udp: only allow UFO for packets from SOCK_DGRAM sockets · acf8dd0a
      Michal Kubeček authored
      If an over-MTU UDP datagram is sent through a SOCK_RAW socket to a
      UFO-capable device, ip_ufo_append_data() sets skb->ip_summed to
      CHECKSUM_PARTIAL unconditionally as all GSO code assumes transport layer
      checksum is to be computed on segmentation. However, in this case,
      skb->csum_start and skb->csum_offset are never set as raw socket
      transmit path bypasses udp_send_skb() where they are usually set. As a
      result, driver may access invalid memory when trying to calculate the
      checksum and store the result (as observed in virtio_net driver).
      
      Moreover, the very idea of modifying the userspace provided UDP header
      is IMHO against raw socket semantics (I wasn't able to find a document
      clearly stating this or the opposite, though). And while allowing
      CHECKSUM_NONE in the UFO case would be more efficient, it would be a bit
      too intrusive change just to handle a corner case like this. Therefore
      disallowing UFO for packets from SOCK_DGRAM seems to be the best option.
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      acf8dd0a
    • David S. Miller's avatar
      Merge branch 'sh_eth' · 096b1c17
      David S. Miller authored
      Ben Hutchings says:
      
      ====================
      Fixes for sh_eth #4 v2
      
      I'm continuing review and testing of Ethernet support on the R-Car H2
      chip, with help from a colleague.  This series fixes a few more issues.
      
      These are not tested on any of the other supported chips.
      
      v2: Add note that the revert is not a pure revert.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      096b1c17
    • Ben Hutchings's avatar
      sh_eth: Really fix padding of short frames on TX · dacc73e0
      Ben Hutchings authored
      My previous fix to clear padding of short frames used skb->len as the
      DMA length, assuming that skb_padto() extended skb->len to include the
      padding.  That isn't the case; we need to use skb_put_padto() instead.
      
      (This wasn't immediately obvious because software padding isn't
      actually needed on the R-Car H2.  We could make it conditional on
      which chip is being driven, but it's probably not worth the effort.)
      Reported-by: default avatar"Violeta Menéndez González" <violeta.menendez@codethink.co.uk>
      Fixes: 612a17a54b50 ("sh_eth: Fix padding of short frames on TX")
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dacc73e0
    • Ben Hutchings's avatar
      Revert "sh_eth: Enable Rx descriptor word 0 shift for r8a7790" · 9b4a6364
      Ben Hutchings authored
      This reverts commit fd9af07c.
      
      The hardware manual states that the frame error and multicast bits are
      copied to bits 9:0 of RD0, not bits 25:16.  I've tested that this is
      true for RFS1 (CRC error), RFS3 (frame too short), RFS4 (frame too
      long) and RFS8 (multicast).
      
      Also adjust a comment to agree with this.
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9b4a6364
    • Ben Hutchings's avatar
      sh_eth: Fix RX recovery on R-Car in case of RX ring underrun · 6ded2865
      Ben Hutchings authored
      In case of RX ring underrun (RDE), we attempt to reset the software
      descriptor pointers (dirty_rx and cur_rx) to match where the hardware
      will read the next descriptor from, as that might not be the first
      dirty descriptor.  This relies on reading RDFAR, but that register
      doesn't exist on all supported chips - specifically, not on the R-Car
      chips.  This will result in unpredictable behaviour on those chips
      after an RDE.
      
      Make this pointer reset conditional and assume that it isn't needed on
      the R-Car chips.  This fix also assumes that RDFAR is never exposed at
      offset 0 in the memory map - this is currently true, and a subsequent
      commit will fix the ambiguity between offset 0 and no-offset in the
      register offset maps.
      
      Fixes: 79fba9f5 ("net: sh_eth: fix the rxdesc pointer when rx ...")
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ded2865
    • Ben Hutchings's avatar
      sh_eth: Ensure proper ordering of descriptor active bit write/read · 7d7355f5
      Ben Hutchings authored
      When submitting a DMA descriptor, the active bit must be written last.
      When reading a completed DMA descriptor, the active bit must be read
      first.
      
      Add memory barriers to ensure that this ordering is maintained.
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7d7355f5
  5. 02 Mar, 2015 10 commits
  6. 01 Mar, 2015 1 commit