1. 25 Jan, 2017 7 commits
    • David S. Miller's avatar
      Merge branch 'bnxt_en-rtnl-fixes' · c0d9665f
      David S. Miller authored
      Michael Chan says:
      
      ====================
      bnxt_en: Fix RTNL lock usage in bnxt_sp_task().
      
      There are 2 function calls from bnxt_sp_task() that have buggy RTNL
      usage.  These 2 functions take RTNL lock under some conditions, but
      some callers (such as open, ethtool) have already taken RTNL.  These
      3 patches fix the issue by making it clear that callers must take
      RTNL.  If the caller is bnxt_sp_task() which does not automatically
      take RTNL, we add a common scheme for bnxt_sp_task() to call these
      functions properly under RTNL.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0d9665f
    • Michael Chan's avatar
      bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status(). · 90c694bb
      Michael Chan authored
      bnxt_get_port_module_status() calls bnxt_update_link() which expects
      RTNL to be held.  In bnxt_sp_task() that does not hold RTNL, we need to
      call it with a prior call to bnxt_rtnl_lock_sp() and the call needs to
      be moved to the end of bnxt_sp_task().
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      90c694bb
    • Michael Chan's avatar
      bnxt_en: Fix RTNL lock usage on bnxt_update_link(). · 0eaa24b9
      Michael Chan authored
      bnxt_update_link() is called from multiple code paths.  Most callers,
      such as open, ethtool, already hold RTNL.  Only the caller bnxt_sp_task()
      does not.  So it is a bug to take RTNL inside bnxt_update_link().
      
      Fix it by removing the RTNL inside bnxt_update_link().  The function
      now expects the caller to always hold RTNL.
      
      In bnxt_sp_task(), call bnxt_rtnl_lock_sp() before calling
      bnxt_update_link().  We also need to move the call to the end of
      bnxt_sp_task() since it will be clearing the BNXT_STATE_IN_SP_TASK bit.
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0eaa24b9
    • Michael Chan's avatar
      bnxt_en: Fix bnxt_reset() in the slow path task. · a551ee94
      Michael Chan authored
      In bnxt_sp_task(), we set a bit BNXT_STATE_IN_SP_TASK so that bnxt_close()
      will synchronize and wait for bnxt_sp_task() to finish.  Some functions
      in bnxt_sp_task() require us to clear BNXT_STATE_IN_SP_TASK and then
      acquire rtnl_lock() to prevent race conditions.
      
      There are some bugs related to this logic. This patch refactors the code
      to have common bnxt_rtnl_lock_sp() and bnxt_rtnl_unlock_sp() to handle
      the RTNL and the clearing/setting of the bit.  Multiple functions will
      need the same logic.  We also need to move bnxt_reset() to the end of
      bnxt_sp_task().  Functions that clear BNXT_STATE_IN_SP_TASK must be the
      last functions to be called in bnxt_sp_task().  The common scheme will
      handle the condition properly.
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a551ee94
    • Jason Baron's avatar
      tcp: correct memory barrier usage in tcp_check_space() · 56d80622
      Jason Baron authored
      sock_reset_flag() maps to __clear_bit() not the atomic version clear_bit().
      Thus, we need smp_mb(), smp_mb__after_atomic() is not sufficient.
      
      Fixes: 3c715127 ("tcp: add memory barriers to write space paths")
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Signed-off-by: default avatarJason Baron <jbaron@akamai.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarOleg Nesterov <oleg@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      56d80622
    • Xin Long's avatar
      sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment · 5207f399
      Xin Long authored
      Now sctp gso puts segments into skb's frag_list, then processes these
      segments in skb_segment. But skb_segment handles them only when gs is
      enabled, as it's in the same branch with skb's frags.
      
      Although almost all the NICs support sg other than some old ones, but
      since commit 1e16aa3d ("net: gso: use feature flag argument in all
      protocol gso handlers"), features &= skb->dev->hw_enc_features, and
      xfrm_output_gso call skb_segment with features = 0, which means sctp
      gso would call skb_segment with sg = 0, and skb_segment would not work
      as expected.
      
      This patch is to fix it by setting features param with NETIF_F_SG when
      calling skb_segment so that it can go the right branch to process the
      skb's frag_list.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5207f399
    • Xin Long's avatar
      sctp: sctp_addr_id2transport should verify the addr before looking up assoc · 6f29a130
      Xin Long authored
      sctp_addr_id2transport is a function for sockopt to look up assoc by
      address. As the address is from userspace, it can be a v4-mapped v6
      address. But in sctp protocol stack, it always handles a v4-mapped
      v6 address as a v4 address. So it's necessary to convert it to a v4
      address before looking up assoc by address.
      
      This patch is to fix it by calling sctp_verify_addr in which it can do
      this conversion before calling sctp_endpoint_lookup_assoc, just like
      what sctp_sendmsg and __sctp_connect do for the address from users.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f29a130
  2. 24 Jan, 2017 30 commits
  3. 23 Jan, 2017 3 commits
    • Florian Fainelli's avatar
      net: dsa: Check return value of phy_connect_direct() · 4078b76c
      Florian Fainelli authored
      We need to check the return value of phy_connect_direct() in
      dsa_slave_phy_connect() otherwise we may be continuing the
      initialization of a slave network device with a PHY that already
      attached somewhere else and which will soon be in error because the PHY
      device is in error.
      
      The conditions for such an error to occur are that we have a port of our
      switch that is not disabled, and has the same port number as a PHY
      address (say both 5) that can be probed using the DSA slave MII bus. We
      end-up having this slave network device find a PHY at the same address
      as our port number, and we try to attach to it.
      
      A slave network (e.g: port 0) has already attached to our PHY device,
      and we try to re-attach it with a different network device, but since we
      ignore the error we would end-up initializating incorrect device
      references by the time the slave network interface is opened.
      
      The code has been (re)organized several times, making it hard to provide
      an exact Fixes tag, this is a bugfix nonetheless.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4078b76c
    • Florian Fainelli's avatar
      net: phy: Avoid deadlock during phy_error() · eab12771
      Florian Fainelli authored
      phy_error() is called in the PHY state machine workqueue context, and
      calls phy_trigger_machine() which does a cancel_delayed_work_sync() of
      the workqueue we execute from, causing a deadlock situation.
      
      Augment phy_trigger_machine() machine with a sync boolean indicating
      whether we should use cancel_*_sync() or just cancel_*_work().
      
      Fixes: 3c293f4e ("net: phy: Trigger state machine on state change and not polling.")
      Reported-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eab12771
    • David Ahern's avatar
      net: mpls: Fix multipath selection for LSR use case · 9f427a0e
      David Ahern authored
      MPLS multipath for LSR is broken -- always selecting the first nexthop
      in the one label case. For example:
      
          $ ip -f mpls ro ls
          100
                  nexthop as to 200 via inet 172.16.2.2  dev virt12
                  nexthop as to 300 via inet 172.16.3.2  dev virt13
          101
                  nexthop as to 201 via inet6 2000:2::2  dev virt12
                  nexthop as to 301 via inet6 2000:3::2  dev virt13
      
      In this example incoming packets have a single MPLS labels which means
      BOS bit is set. The BOS bit is passed from mpls_forward down to
      mpls_multipath_hash which never processes the hash loop because BOS is 1.
      
      Update mpls_multipath_hash to process the entire label stack. mpls_hdr_len
      tracks the total mpls header length on each pass (on pass N mpls_hdr_len
      is N * sizeof(mpls_shim_hdr)). When the label is found with the BOS set
      it verifies the skb has sufficient header for ipv4 or ipv6, and find the
      IPv4 and IPv6 header by using the last mpls_hdr pointer and adding 1 to
      advance past it.
      
      With these changes I have verified the code correctly sees the label,
      BOS, IPv4 and IPv6 addresses in the network header and icmp/tcp/udp
      traffic for ipv4 and ipv6 are distributed across the nexthops.
      
      Fixes: 1c78efa8 ("mpls: flow-based multipath selection")
      Acked-by: default avatarRobert Shearman <rshearma@brocade.com>
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f427a0e