- 06 Mar, 2013 2 commits
-
-
Ben Hutchings authored
RX DMA buffers start at an offset of EFX_PAGE_IP_ALIGN bytes from the start of a cache line. This offset obviously needs to be included in the virtual address, but this was missed in commit b590ace0 ('sfc: Fix efx_rx_buf_offset() in the presence of swiotlb') since EFX_PAGE_IP_ALIGN is equal to 0 on both x86 and powerpc. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
-
Ben Hutchings authored
efx_device_detach_sync() locks all TX queues before marking the device detached and thus disabling further TX scheduling. But it can still be interrupted by TX completions which then result in TX scheduling in soft interrupt context. This will deadlock when it tries to acquire a TX queue lock that efx_device_detach_sync() already acquired. To avoid deadlock, we must use netif_tx_{,un}lock_bh(). Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
-
- 26 Feb, 2013 3 commits
-
-
Ben Hutchings authored
We must only ever stop TX queues when they are full or the net device is not 'ready' so far as the net core, and specifically the watchdog, is concerned. Otherwise, the watchdog may fire *immediately* if no packets have been added to the queue in the last 5 seconds. The device is ready if all the following are true: (a) It has a qdisc (b) It is marked present (c) It is running (d) The link is reported up (a) and (c) are normally true, and must not be changed by a driver. (d) is under our control, but fake link changes may disturb userland. This leaves (b). We already mark the device absent during reset and self-test, but we need to do the same during MTU changes and ring reallocation. We don't need to do this when the device is brought down because then (c) is already false. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
-
Ben Hutchings authored
We assume that the mapping between DMA and virtual addresses is done on whole pages, so we can find the page offset of an RX buffer using the lower bits of the DMA address. However, swiotlb maps in units of 2K, breaking this assumption. Add an explicit page_offset field to struct efx_rx_buffer. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
-
Ben Hutchings authored
We may currently allocate two RX DMA buffers to a page, and only unmap the page when the second is completed. We do not sync the first RX buffer to be completed; this can result in packet loss or corruption if the last RX buffer completed in a NAPI poll is the first in a page and is not DMA-coherent. (In the middle of a NAPI poll, we will handle the following RX completion and unmap the page *before* looking at the content of the first buffer.) Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
-
- 25 Feb, 2013 15 commits
-
-
Ming Lei authored
The name of FEATURE_AUTOSUSPEND is very misleading and the actual meaning is remote wakeup, but a device incapable of remote wakeup still can support USB autosuspend under some situations, so rename it to avoid misunderstanding. Cc: Steve Glendinning <steve.glendinning@shawell.net> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ming Lei authored
Commit b2d4b150(smsc95xx: enable dynamic autosuspend) implements autosuspend, but breaks current runtime suspend, such as: when the interface becomes down, the usb device can't be put into runtime suspend any more. This patch fixes the broken runtime suspend. Cc: Steve Glendinning <steve.glendinning@shawell.net> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ming Lei authored
The three below functions: smsc95xx_enter_suspend0() smsc95xx_enter_suspend1() smsc95xx_enter_suspend2() return > 0 in case of success, so they will cause smsc95xx_suspend() to return > 0 and cause suspend failure. The bug is introduced in commit 3b9f7d(smsc95xx: fix error handling in suspend failure case). Cc: <stable@vger.kernel.org> [3.8] Cc: Steve Glendinning <steve.glendinning@shawell.net> Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Rafał Miłecki authored
We were using the same variable for iterating two nested loops. Reported-by: Tijs Van Buggenhout <tvb@able.be> Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Larry Finger authored
On unload, b43 produces a lockdep warning that can be summarized in the following way: ====================================================== [ INFO: possible circular locking dependency detected ] 3.8.0-wl+ #117 Not tainted ------------------------------------------------------- modprobe/5557 is trying to acquire lock: ((&wl->firmware_load)){+.+.+.}, at: [<ffffffff81062160>] flush_work+0x0/0x2a0 but task is already holding lock: (rtnl_mutex){+.+.+.}, at: [<ffffffff813bd7d2>] rtnl_lock+0x12/0x20 which lock already depends on the new lock. [ INFO: possible circular locking dependency detected ] ====================================================== The full output is available at http://lkml.indiana.edu/hypermail/linux/kernel/1302.3/00060.html. To summarize, commit 6b6fa586 added a 'cancel_work_sync(&wl->firmware_load)' call in the wrong place. The fix is to move the cancel_work_sync() call to b43_bcma_remove() and b43_ssb_remove(). Thanks to Johannes Berg and Michael Buesch for help in diagnosing the log output. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Stable <stable@vger.kernel.org> [V3.5+] Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pravin B Shelar authored
This reverts commit eb6b9a8c. Above commit limits GSO capability of gre device to just TSO, but software GRE-GSO is capable of handling all GSO capabilities. This patch also fixes following panic which reverted commit introduced:- BUG: unable to handle kernel NULL pointer dereference at 00000000000000a2 IP: [<ffffffffa0680fd1>] ipgre_tunnel_bind_dev+0x161/0x1f0 [ip_gre] PGD 42bc19067 PUD 42bca9067 PMD 0 Oops: 0000 [#1] SMP Pid: 2636, comm: ip Tainted: GF 3.8.0+ #83 Dell Inc. PowerEdge R620/0KCKR5 RIP: 0010:[<ffffffffa0680fd1>] [<ffffffffa0680fd1>] ipgre_tunnel_bind_dev+0x161/0x1f0 [ip_gre] RSP: 0018:ffff88042bfcb708 EFLAGS: 00010246 RAX: 00000000000005b6 RBX: ffff88042d2fa000 RCX: 0000000000000044 RDX: 0000000000000018 RSI: 0000000000000078 RDI: 0000000000000060 RBP: ffff88042bfcb748 R08: 0000000000000018 R09: 000000000000000c R10: 0000000000000020 R11: 000000000101010a R12: ffff88042d2fa800 R13: 0000000000000000 R14: ffff88042d2fa800 R15: ffff88042cd7f650 FS: 00007fa784f55700(0000) GS:ffff88043fd20000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000a2 CR3: 000000042d8b9000 CR4: 00000000000407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process ip (pid: 2636, threadinfo ffff88042bfca000, task ffff88042d142a80) Stack: 0000000100000000 002f000000000000 0a01010100000000 000000000b010101 ffff88042d2fa800 ffff88042d2fa000 ffff88042bfcb858 ffff88042f418c00 ffff88042bfcb798 ffffffffa068199a ffff88042bfcb798 ffff88042d2fa830 Call Trace: [<ffffffffa068199a>] ipgre_newlink+0xca/0x160 [ip_gre] [<ffffffff8143b692>] rtnl_newlink+0x532/0x5f0 [<ffffffff8143b2fc>] ? rtnl_newlink+0x19c/0x5f0 [<ffffffff81438978>] rtnetlink_rcv_msg+0x2c8/0x340 [<ffffffff814386b0>] ? rtnetlink_rcv+0x40/0x40 [<ffffffff814560f9>] netlink_rcv_skb+0xa9/0xd0 [<ffffffff81438695>] rtnetlink_rcv+0x25/0x40 [<ffffffff81455ddc>] netlink_unicast+0x1ac/0x230 [<ffffffff81456a45>] netlink_sendmsg+0x265/0x380 [<ffffffff814138c0>] sock_sendmsg+0xb0/0xe0 [<ffffffff8141141e>] ? move_addr_to_kernel+0x4e/0x90 [<ffffffff81420445>] ? verify_iovec+0x85/0xf0 [<ffffffff81414ffd>] __sys_sendmsg+0x3fd/0x420 [<ffffffff8114b701>] ? handle_mm_fault+0x251/0x3b0 [<ffffffff8114f39f>] ? vma_link+0xcf/0xe0 [<ffffffff81415239>] sys_sendmsg+0x49/0x90 [<ffffffff814ffd19>] system_call_fastpath+0x16/0x1b CC: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pravin B Shelar authored
commit "ip_gre: allow CSUM capable devices to handle packets" aa0e51cd, broke GRE_CSUM case. GRE_CSUM needs checksum computed for inner packet. Therefore csum-calculation can not be offloaded if tunnel device requires GRE_CSUM. Following patch fixes it by computing inner packet checksum for GRE_CSUM type, for all other type of GRE devices csum is offloaded. CC: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pravin B Shelar authored
tunnel_ip_select_ident() is more efficient when generating ip-header id given inner packet is of ipv4 type. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pravin B Shelar authored
GRE-GSO generates ip fragments with id 0,2,3,4... for every GSO packet, which is not correct. Following patch fixes it by setting ip-header id unique id of fragments are allowed. As Eric Dumazet suggested it is optimized by using inner ip-header whenever inner packet is ipv4. Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
John W. Linville says: ==================== This is a batch of fixes intended for the 3.9 stream... Avinash Patil gives us a mwifiex fix to prevent a system freeze when that driver is unloaded. Daniel Drake brings a patch to avoid dropping the carrier flag across a suspend. This prevents improper packet drops. Wei Yongjun delivers a brcmfmac for a lock leak on an error path. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
John W. Linville authored
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
-
Syam Sidhardhan authored
Fix missing () & { } Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Neil Horman authored
Noticed that vmxnet3's get_ringparam function was returning the summation of all ring buffers on a NIC, rather than just the size of any one ring. This causes problems when a vmxnet3 instance has multiple queues, as ethtool, when setting ring parameters, first gets the current ring parameters to set the existing values in the set_ringparm commannd. The result is, that unless both rx and tx ring sizes are set in a single operation, which ever ring is not set will silently have its ring count multiplied by the number of queues on the NIC until it reaches a driver defined maxiumum value. Fix it by not multiplying the rx and tx ring sizes by the number of queues in the system, like every other driver. Tested by myself successfully. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: Shreyas Bhatewara <sbhatewara@vmware.com> CC: "VMware, Inc." <pv-drivers@vmware.com> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
stephen hemminger authored
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
stephen hemminger authored
Sparse warned about several functions that were unnecessarily global. After making them static, discovered that several functions were actually never used. Compile tested only. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Acked-by: Eilon Greenstein <eilong@broadcomo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 24 Feb, 2013 2 commits
-
-
Paul Gortmaker authored
Commit ee873fda ("gianfar: Pack struct gfar_priv_grp into three cachelines") moved the irq number and names off into a separate struct and created accessors for them. However it was never tested with NET_POLL enabled, and so some conversions that were simply overlooked went undetected until now. Make the netpoll ones also use the gfar_irq() accessors. Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Claudiu Manoil <claudiu.manoil@freescale.com> Cc: Jianhua Xie <jianhua.xie@freescale.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Cong Wang authored
There are two places to call vlan_set_encap_proto(): vlan_untag() and __pop_vlan_tci(). vlan_untag() assumes skb->data points after mac addr, otherwise the following code vhdr = (struct vlan_hdr *) skb->data; vlan_tci = ntohs(vhdr->h_vlan_TCI); __vlan_hwaccel_put_tag(skb, vlan_tci); skb_pull_rcsum(skb, VLAN_HLEN); won't be correct. But __pop_vlan_tci() assumes points _before_ mac addr. In vlan_set_encap_proto(), it looks for some magic L2 value after mac addr: rawp = skb->data; if (*(unsigned short *) rawp == 0xFFFF) ... Therefore __pop_vlan_tci() is obviously wrong. A quick fix is avoiding using skb->data in vlan_set_encap_proto(), use 'vhdr+1' is always correct in both cases. Cc: David S. Miller <davem@davemloft.net> Cc: Jesse Gross <jesse@nicira.com> Signed-off-by: Cong Wang <amwang@redhat.com> Acked-by: Jesse Gross <jesse@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 23 Feb, 2013 5 commits
-
-
Mathias Krause authored
The sock_diag_lock_handler() and sock_diag_unlock_handler() actually make the code less readable. Get rid of them and make the lock usage and access to sock_diag_handlers[] clear on the first sight. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mathias Krause authored
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY with a family greater or equal then AF_MAX -- the array size of sock_diag_handlers[]. The current code does not test for this condition therefore is vulnerable to an out-of-bound access opening doors for a privilege escalation. Signed-off-by: Mathias Krause <minipli@googlemail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Kees Cook authored
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a while now and is almost always enabled by default. As agreed during the Linux kernel summit, remove it from any "depends on" lines in Kconfigs. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Kleber Sacilotto de Souza authored
The mlx4_en driver allocates the number of objects for the CPU affinity reverse-map based on the number of rx rings of the device. However, mlx4_assign_eq() calls irq_cpu_rmap_add() as many times as IRQ's are assigned to EQ's, which can be as large as mlx4_dev->caps.comp_pool. If caps.comp_pool is larger than rx_ring_num we will eventually hit the BUG_ON() in cpu_rmap_add(). Fix this problem by allocating space for the maximum number of CPU affinity reverse-map objects we might want to add. Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com> Acked-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Kleber Sacilotto de Souza authored
The memory to hold the network device tx_cq is not being allocated with the correct size in mlx4_en_init_netdev(). It should use MAX_TX_RINGS instead of MAX_RX_RINGS. This can cause problems if the number of tx rings being used is greater than MAX_RX_RINGS. Signed-off-by: Kleber Sacilotto de Souza <klebers@linux.vnet.ibm.com> Acked-by: Amir Vadai <amirv@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 22 Feb, 2013 9 commits
-
-
Yuchung Cheng authored
In fast open the sender unncessarily reduces the space available for data in SYN by 12 bytes. This is because in the sender incorrectly reserves space for TS option twice in tcp_send_syn_data(): tcp_mtu_to_mss() already accounts for TS option space. But it further reserves MAX_TCP_OPTION_SPACE when computing the payload space. Signed-off-by: Yuchung Cheng <ycheng@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
stephen hemminger authored
The mem cgroup socket limit is only used if the config option is enabled. Found with sparse Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Dave Jones reported a lockdep splat occurring in IP defrag code. commit 6d7b857d (net: use lib/percpu_counter API for fragmentation mem accounting) added a possible deadlock. Because percpu_counter_sum_positive() needs to acquire a lock that can be used from softirq, we need to disable BH in sum_frag_mem_limit() Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Fabio Estevam authored
commit 7f7d6c28 (net: fec: Ensure that initialization is done prior to request_irq()) placed fec_ptp_init() into a point that ptp clock was not available, which causes a division by zero in fec_ptp_start_cyclecounter(): [ 17.895723] Division by zero in kernel. [ 17.899571] Backtrace: [ 17.902094] [<80012564>] (dump_backtrace+0x0/0x10c) from [<8056deec>] (dump_stack+0x18/0x1c) [ 17.910539] r6:bfba8500 r5:8075c950 r4:bfba8000 r3:bfbd0000 [ 17.916284] [<8056ded4>] (dump_stack+0x0/0x1c) from [<80012688>] (__div0+0x18/0x20) [ 17.923968] [<80012670>] (__div0+0x0/0x20) from [<802829c4>] (Ldiv0+0x8/0x10) [ 17.931140] [<80398534>] (fec_ptp_start_cyclecounter+0x0/0x110) from [<80394f64>] (fec_restart+0x6c8/0x754) [ 17.940898] [<8039489c>] (fec_restart+0x0/0x754) from [<803969a0>] (fec_enet_adjust_link+0xdc/0x108) [ 17.950046] [<803968c4>] (fec_enet_adjust_link+0x0/0x108) from [<80390bc4>] (phy_state_machine+0x178/0x534) ... Fix this by rearraging the code so that fec_ptp_init() is called only after the clocks have been properly acquired. Tested on both mx53 and mx6 platforms. Reported-by: Jim Baxter <jim_baxter@mentor.com> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexander Duyck authored
Smatch found a locking bug in netif_set_xps_queue in which we were not releasing the lock in the case of an allocation failure. This change corrects that so that we release the xps_map_mutex before returning -ENOMEM in the case of an allocation failure. Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Li Wei authored
Now we handle icmp errors in each transport protocol's err_handler, for icmp protocols, that is ping_err. Since this handler only care of those icmp errors triggered by echo request, errors triggered by echo reply(which sent by kernel) are sliently ignored. So wrap ping_err() with icmp_err() to deal with those icmp errors. Signed-off-by: Li Wei <lw@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
Add the missing unlock before return from function brcmf_notify_vif_event() in the error handling case. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Arend van Spriel <arend@broadcom.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Avinash Patil authored
Unload sequence for mwifiex PCIE driver is as follows: 1. Invoking cleanup module from kernel results into pci_unregister_driver 2. Kernel invokes PCIE remove() handler which disconnects all interfaces. 3. One step during disconnect is to clean PCIE TX rings. During this we read txbd_rdptr from FW. While loading driver next time, we see pci_enable_device() results into system freeze. This may have happened because we accessed PCI device after unregistering from bus driver. Removing this ioread() operation resolves this bug. Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Daniel Drake authored
If the system suspends with mwifiex wifi powered on, and is then woken by an ICMP ping packet, the ping response is discarded by the kernel because the kernel incorrectly thinks there is no carrier. I can't see any valid reason to want to report loss of carrier here, so remove the offending code. Fixes http://dev.laptop.org/ticket/12554Signed-off-by: Daniel Drake <dsd@laptop.org> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 21 Feb, 2013 4 commits
-
-
Eric Dumazet authored
It looks like its possible to open thousands of TCP IPv6 sessions on a server, all landing in a single slot of TCP hash table. Incoming packets have to lookup sockets in a very long list. We should hash all bits from foreign IPv6 addresses, using a salt and hash mix, not a simple XOR. inet6_ehashfn() can also separately use the ports, instead of xoring them. Reported-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jitendra Kalsaria authored
Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manish Chopra authored
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com> Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Shahed Shaikh authored
o Use correct function to clear loopback mode. Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com> Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-