- 12 Sep, 2019 8 commits
-
-
Alexei Avshalom Lazar authored
cid value is not being verified in wmi_evt_delba(), verification is added. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org> Signed-off-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Dedy Lansky authored
Due to compiler optimization, it's possible that dr_bit (descriptor ready) is read last from the status message. Due to race condition between HW writing the status message and driver reading it, other fields that were read earlier (before dr_bit) could have invalid values. Fix this by explicitly reading the dr_bit first and then using rmb before reading the rest of the status message. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org> Signed-off-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Ahmad Masri authored
Fix a race between cfg80211 add_key call and transmitting of 4/4 EAP packet. In case the transmit is delayed until after the add key takes place, message 4/4 will be encrypted with the new key, and the receiver side (AP) will drop it due to MIC error. Wil6210 will monitor and look for the transmitted packet 4/4 eap key. In case add_key takes place before the transmission completed, then wil6210 will let the FW store the key and wil6210 will notify the FW to use the PTK key only after 4/4 eap packet transmission was completed. Signed-off-by: Ahmad Masri <amasri@codeaurora.org> Signed-off-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Dedy Lansky authored
PMC is a hardware debug mechanism which allows capturing real time debug data and stream it to host memory. The driver allocates memory buffers and set them inside PMC ring of descriptors. Add pmcring debugfs that application can use to read the binary content of descriptors inside the PMC ring (cat pmcring). Signed-off-by: Dedy Lansky <dlansky@codeaurora.org> Signed-off-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Dedy Lansky authored
Move common part of wil_netif_rx_any into new helper function and add support for non-gro receive using netif_rx_ni. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org> Signed-off-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Rakesh Pillai authored
The tlv targets such as WCN3990 send more data in the chan info event, which is not sent by the non tlv targets. There is a minimum size check in the wmi event for non-tlv targets and hence we cannot update the common channel info structure as it was done in commit 13104929 ("ath10k: fill the channel survey results for WCN3990 correctly"). This broke channel survey results on 10.x firmware versions. If the common channel info structure is updated, the size check for chan info event for non-tlv targets will fail and return -EPROTO and we see the below error messages ath10k_pci 0000:01:00.0: failed to parse chan info event: -71 Add tlv specific channel info structure and restore the original size of the common channel info structure to mitigate this issue. Tested HW: WCN3990 QCA9887 Tested FW: WLAN.HL.3.1-00784-QCAHLSWMTPLZ-1 10.2.4-1.0-00037 Fixes: 13104929 ("ath10k: fill the channel survey results for WCN3990 correctly") Cc: stable@vger.kernel.org # 5.0 Signed-off-by: Rakesh Pillai <pillair@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Nicolas Boichat authored
When the FW bundles multiple packets, pkt->act_len may be incorrect as it refers to the first packet only (however, the FW will only bundle packets that fit into the same pkt->alloc_len). Before this patch, the skb length would be set (incorrectly) to pkt->act_len in ath10k_sdio_mbox_rx_packet, and then later manually adjusted in ath10k_sdio_mbox_rx_process_packet. The first problem is that ath10k_sdio_mbox_rx_process_packet does not use proper skb_put commands to adjust the length (it directly changes skb->len), so we end up with a mismatch between skb->head + skb->tail and skb->data + skb->len. This is quite serious, and causes corruptions in the TCP stack, as the stack tries to coalesce packets, and relies on skb->tail being correct (that is, skb_tail_pointer must point to the first byte_after_ the data). Instead of re-adjusting the size in ath10k_sdio_mbox_rx_process_packet, this moves the code to ath10k_sdio_mbox_rx_packet, and also add a bounds check, as skb_put would crash the kernel if not enough space is available. Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00007-QCARMSWP-1. Fixes: 8530b4e7 ("ath10k: sdio: set skb len for all rx packets") Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Ben Greear authored
My wave-1 firmware often crashes when I am bringing down AP vdevs, and sometimes at least some machines lockup hard after spewing IOMMU errors. I don't see the same issue in STA mode, so I suspect beacons are the issue. Moving the beacon buf deletion to later in the vdev teardown logic appears to help this problem. Firmware still crashes often, but several iterations did not show IOMMU errors and machine didn't hang. Tested hardware: QCA9880 Tested firmware: ath10k-ct from beginning of 2019, exact version unknown Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
- 10 Sep, 2019 5 commits
-
-
Navid Emamdoost authored
In ath9k_wmi_cmd, the allocated network buffer needs to be released if timeout happens. Otherwise memory will be leaked. Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Navid Emamdoost authored
In htc_config_pipe_credits, htc_setup_complete, and htc_connect_service if time out happens, the allocated buffer needs to be released. Otherwise there will be memory leak. Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
zhong jiang authored
ath9k_reg_rmw_single do not need return value to cope with different cases. And change functon return type to void. Signed-off-by: zhong jiang <zhongjiang@huawei.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Wen Gong authored
For sdio chip, if the rssi is not good, then it have some retry, firmware will indicate the msdu list of a ppdu with a hole, it means it lost the hole msdu, after the msdu retry from AP, the hole msdu will indicate from firmware later. The hole msdu's PN check will fail and the hole msdu will be dropped. PN check fail example: Sequence number PN number PN check status 3814 6101 success 3815 6102 success 3816 6103 success 3818 6105 success 3819 6106 success 3820 6107 success 3817 6104 fail The correct logic is reorder the msdu list and then do PN check. ieee80211_rx_reorder_ampdu of mac80211 will do the reorer logic and then do PN check in ieee80211_rx_h_decrypt of mac80211. example after reorder: Sequence number PN number PN check status 3814 6101 success 3815 6102 success 3816 6103 success 3817 6104 success 3818 6105 success 3819 6106 success 3820 6107 success Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00017-QCARMSWP-1. Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Wen Gong authored
For PMF case, the action,deauth,disassoc management need to encrypt by hardware, it need to reserve 8 bytes for encryption, otherwise the packet will be sent out with error format, then PMF case will fail. After add the 8 bytes, it will pass the PMF case. Tested with QCA6174 SDIO with firmware WLAN.RMH.4.4.1-00005-QCARMSWP-1. Signed-off-by: Wen Gong <wgong@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
- 04 Sep, 2019 13 commits
-
-
Hui Peng authored
The `ar_usb` field of `ath6kl_usb_pipe_usb_pipe` objects are initialized to point to the containing `ath6kl_usb` object according to endpoint descriptors read from the device side, as shown below in `ath6kl_usb_setup_pipe_resources`: for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { endpoint = &iface_desc->endpoint[i].desc; // get the address from endpoint descriptor pipe_num = ath6kl_usb_get_logical_pipe_num(ar_usb, endpoint->bEndpointAddress, &urbcount); ...... // select the pipe object pipe = &ar_usb->pipes[pipe_num]; // initialize the ar_usb field pipe->ar_usb = ar_usb; } The driver assumes that the addresses reported in endpoint descriptors from device side to be complete. If a device is malicious and does not report complete addresses, it may trigger NULL-ptr-deref `ath6kl_usb_alloc_urb_from_pipe` and `ath6kl_usb_free_urb_to_pipe`. This patch fixes the bug by preventing potential NULL-ptr-deref (CVE-2019-15098). Signed-off-by: Hui Peng <benquike@gmail.com> Reported-by: Hui Peng <benquike@gmail.com> Reported-by: Mathias Payer <mathias.payer@nebelwelt.net> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Arnd Bergmann authored
clang triggers a warning about oversized stack frames that gcc does not notice because of slightly different inlining decisions: ath/wcn36xx/smd.c:1409:5: error: stack frame size of 1040 bytes in function 'wcn36xx_smd_config_bss' [-Werror,-Wframe-larger-than=] ath/wcn36xx/smd.c:640:5: error: stack frame size of 1032 bytes in function 'wcn36xx_smd_start_hw_scan' [-Werror,-Wframe-larger-than=] Basically the wcn36xx_hal_start_scan_offload_req_msg, wcn36xx_hal_config_bss_req_msg_v1, and wcn36xx_hal_config_bss_req_msg structures are too large to be put on the kernel stack, but small enough that gcc does not warn about them. Use kzalloc() to allocate them all. There are similar structures in other parts of this driver, but they are all smaller, with the next largest stack frame at 480 bytes for wcn36xx_smd_send_beacon. Fixes: 8e84c258 ("wcn36xx: mac80211 driver for Qualcomm WCN3660/WCN3680 hardware") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Jia-Ju Bai authored
In ath6kl_htc_mbox_create(), when kzalloc() on line 2855 fails, target->dev is assigned to NULL, and ath6kl_htc_mbox_cleanup(target) is called on line 2885. In ath6kl_htc_mbox_cleanup(), target->dev is used on line 2895: ath6kl_hif_cleanup_scatter(target->dev->ar); Thus, a null-pointer dereference may occur. To fix this bug, kfree(target) is called and NULL is returned when kzalloc() on line 2855 fails. This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Lorenzo Bianconi authored
Initialize acktimeout to the maximum configurable value in ath_dynack_reset in order to not disconnect long distance static links enabling dynack and even to take care of possible errors configuring a static timeout. Moreover initialize station timeout value to the current acktimeout value Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Lorenzo Bianconi authored
Compute maximum configurable ackimeout/ctstimeout according to channel width (clockrate) Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Lorenzo Bianconi authored
Add compute timeout to last computation timestamp in ath_dynack_reset in order to not run ath_dynack_compute_ackto immediately Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Lorenzo Bianconi authored
Introduce ath_dynack_set_timeout routine to configure slottime/ack/cts timeouts and remove duplicated code Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Lorenzo Bianconi authored
Fix following lockdep warning disabling bh in ath_dynack_node_init/ath_dynack_node_deinit [ 75.955878] -------------------------------- [ 75.955880] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 75.955884] swapper/0/0 [HC0[0]:SC1[3]:HE1:SE0] takes: [ 75.955888] 00000000792a7ee0 (&(&da->qlock)->rlock){+.?.}, at: ath_dynack_sample_ack_ts+0x4d/0xa0 [ath9k_hw] [ 75.955905] {SOFTIRQ-ON-W} state was registered at: [ 75.955912] lock_acquire+0x9a/0x160 [ 75.955917] _raw_spin_lock+0x2c/0x70 [ 75.955927] ath_dynack_node_init+0x2a/0x60 [ath9k_hw] [ 75.955934] ath9k_sta_state+0xec/0x160 [ath9k] [ 75.955976] drv_sta_state+0xb2/0x740 [mac80211] [ 75.956008] sta_info_insert_finish+0x21a/0x420 [mac80211] [ 75.956039] sta_info_insert_rcu+0x12b/0x2c0 [mac80211] [ 75.956069] sta_info_insert+0x7/0x70 [mac80211] [ 75.956093] ieee80211_prep_connection+0x42e/0x730 [mac80211] [ 75.956120] ieee80211_mgd_auth.cold+0xb9/0x15c [mac80211] [ 75.956152] cfg80211_mlme_auth+0x143/0x350 [cfg80211] [ 75.956169] nl80211_authenticate+0x25e/0x2b0 [cfg80211] [ 75.956172] genl_family_rcv_msg+0x198/0x400 [ 75.956174] genl_rcv_msg+0x42/0x90 [ 75.956176] netlink_rcv_skb+0x35/0xf0 [ 75.956178] genl_rcv+0x1f/0x30 [ 75.956180] netlink_unicast+0x154/0x200 [ 75.956182] netlink_sendmsg+0x1bf/0x3d0 [ 75.956186] ___sys_sendmsg+0x2c2/0x2f0 [ 75.956187] __sys_sendmsg+0x44/0x80 [ 75.956190] do_syscall_64+0x55/0x1a0 [ 75.956192] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.956194] irq event stamp: 2357092 [ 75.956196] hardirqs last enabled at (2357092): [<ffffffff818c62de>] _raw_spin_unlock_irqrestore+0x3e/0x50 [ 75.956199] hardirqs last disabled at (2357091): [<ffffffff818c60b1>] _raw_spin_lock_irqsave+0x11/0x80 [ 75.956202] softirqs last enabled at (2357072): [<ffffffff8106dc09>] irq_enter+0x59/0x60 [ 75.956204] softirqs last disabled at (2357073): [<ffffffff8106dcbe>] irq_exit+0xae/0xc0 [ 75.956206] other info that might help us debug this: [ 75.956207] Possible unsafe locking scenario: [ 75.956208] CPU0 [ 75.956209] ---- [ 75.956210] lock(&(&da->qlock)->rlock); [ 75.956213] <Interrupt> [ 75.956214] lock(&(&da->qlock)->rlock); [ 75.956216] *** DEADLOCK *** [ 75.956217] 1 lock held by swapper/0/0: [ 75.956219] #0: 000000003bb5675c (&(&sc->sc_pcu_lock)->rlock){+.-.}, at: ath9k_tasklet+0x55/0x240 [ath9k] [ 75.956225] stack backtrace: [ 75.956228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc1-wdn+ #13 [ 75.956229] Hardware name: Dell Inc. Studio XPS 1340/0K183D, BIOS A11 09/08/2009 [ 75.956231] Call Trace: [ 75.956233] <IRQ> [ 75.956236] dump_stack+0x67/0x90 [ 75.956239] mark_lock+0x4c1/0x640 [ 75.956242] ? check_usage_backwards+0x130/0x130 [ 75.956245] ? sched_clock_local+0x12/0x80 [ 75.956247] __lock_acquire+0x484/0x7a0 [ 75.956250] ? __lock_acquire+0x3b9/0x7a0 [ 75.956252] lock_acquire+0x9a/0x160 [ 75.956259] ? ath_dynack_sample_ack_ts+0x4d/0xa0 [ath9k_hw] [ 75.956262] _raw_spin_lock_bh+0x34/0x80 [ 75.956268] ? ath_dynack_sample_ack_ts+0x4d/0xa0 [ath9k_hw] [ 75.956275] ath_dynack_sample_ack_ts+0x4d/0xa0 [ath9k_hw] [ 75.956280] ath_rx_tasklet+0xd09/0xe90 [ath9k] [ 75.956286] ath9k_tasklet+0x102/0x240 [ath9k] [ 75.956288] tasklet_action_common.isra.0+0x6d/0x170 [ 75.956291] __do_softirq+0xcc/0x425 [ 75.956294] irq_exit+0xae/0xc0 [ 75.956296] do_IRQ+0x8a/0x110 [ 75.956298] common_interrupt+0xf/0xf [ 75.956300] </IRQ> [ 75.956303] RIP: 0010:cpuidle_enter_state+0xb2/0x400 [ 75.956308] RSP: 0018:ffffffff82203e70 EFLAGS: 00000202 ORIG_RAX: ffffffffffffffd7 [ 75.956310] RAX: ffffffff82219800 RBX: ffffffff822bd0a0 RCX: 0000000000000000 [ 75.956312] RDX: 0000000000000046 RSI: 0000000000000006 RDI: ffffffff82219800 [ 75.956314] RBP: ffff888155a01c00 R08: 00000011af51aabe R09: 0000000000000000 [ 75.956315] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 [ 75.956317] R13: 00000011af51aabe R14: 0000000000000003 R15: ffffffff82219800 [ 75.956321] cpuidle_enter+0x24/0x40 [ 75.956323] do_idle+0x1ac/0x220 [ 75.956326] cpu_startup_entry+0x14/0x20 [ 75.956329] start_kernel+0x482/0x489 [ 75.956332] secondary_startup_64+0xa4/0xb0 Fixes: c774d57f ("ath9k: add dynamic ACK timeout estimation") Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Christian Lamparter authored
Atheros cards with a AR92XX generation (and older) chip usually store their pci(e) initialization vectors on an external eeprom chip. However these chips technically don't need the eeprom chip attached, the AR9280 Datasheet in section "6.1.2 DEVICE_ID" describes that "... if the EEPROM content is not valid, a value of 0xFF1C returns when read from the register". So, they will show up on the system's pci bus. However in that state, ath9k can't load, since it relies on having the correct pci-id, otherwise it doesn't know what chip it actually is. This happens on many embedded devices like routers and accesspoint since they want to keep the BOM low and store the pci(e) initialization vectors together with the calibration data on the system's FLASH, which is out of reach of the ath9k chip. Furthermore, Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway) need to be able to initialize the PCIe wifi device. Normally, this should be done as a pci quirk during the early stages of booting linux. However, this isn't possible for devices which have the init code for the Atheros chip stored on NAND in an UBI volume. Hence, this module can be used to initialize the chip when the user-space is ready to extract the init code. Martin Blumenstingl prodived the following fixes: owl-loader: add support for OWL emulation PCI devices owl-loader: don't re-scan the bus when ath9k_pci_fixup failed owl-loader: use dev_* instead of pr_* logging functions owl-loader: auto-generate the eeprom filename as fallback owl-loader: add a debug message when swapping the eeprom data owl-loader: add missing newlines in log messages Reviewed-by: Julian Calaby <julian.calaby@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
YueHaibing authored
Fixes gcc '-Wunused-but-set-variable' warning: drivers/net/wireless/ath/carl9170/usb.c: In function carl9170_usb_disconnect: drivers/net/wireless/ath/carl9170/usb.c:1110:21: warning: variable udev set but not used [-Wunused-but-set-variable] It is not use since commit feb09b29 ("carl9170: fix misuse of device driver API") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Acked-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Markus Elfring authored
A null pointer would be passed to a call of the function “kfree” directly after a call of the function “kcalloc” failed at one place. Remove this superfluous function call. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Reviewed-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Alexei Avshalom Lazar authored
Add support for Enhanced Directional Multi-Gigabit (EDMG) channels 9-11. wil6210 reports it's EDMG capabilities (that are also based on FW capability) to cfg80211 by filling wiphy->bands[NL80211_BAND_60GHZ]->edmg_cap. wil6210 handles edmg.channels and edmg.bw_config requested in connect and start_ap operations. Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
Colin Ian King authored
There are several occasions where a negative cid value is passed into wil_cid_valid and this is converted into a u8 causing the range check of cid >= 0 to always succeed. Fix this by making the cid argument an int to handle any -ve error value of cid. An example of this behaviour is in wil_cfg80211_dump_station, where cid is assigned -ENOENT if the call to wil_find_cid_by_idx fails, and this -ve value is passed to wil_cid_valid. I believe that the conversion of -ENOENT to the u8 value 254 which is greater than wil->max_assoc_sta causes wil_find_cid_by_idx to currently work fine, but I think is by luck and not the intended behaviour. Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Maya Erez <merez@codeaurora.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-
- 02 Sep, 2019 10 commits
-
-
David S. Miller authored
Matteo Croce says: ==================== mvpp2: per-cpu buffers This patchset workarounds an PP2 HW limitation which prevents to use per-cpu rx buffers. The first patch is just a refactor to prepare for the second one. The second one allocates percpu buffers if the following conditions are met: - CPU number is less or equal 4 - no port is using jumbo frames If the following conditions are not met at load time, of jumbo frame is enabled later on, the shared allocation is reverted. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Matteo Croce authored
Every mvpp2 unit can use up to 8 buffers mapped by the BM (the HW buffer manager). The HW will place the frames in the buffer pool depending on the frame size: short (< 128 bytes), long (< 1664) or jumbo (up to 9856). As any unit can have up to 4 ports, the driver allocates only 2 pools, one for small and one long frames, and share them between ports. When the first port MTU is set higher than 1664 bytes, a third pool is allocated for jumbo frames. This shared allocation makes impossible to use percpu allocators, and creates contention between HW queues. If possible, i.e. if the number of possible CPU are less than 8 and jumbo frames are not used, switch to a new scheme: allocate 8 per-cpu pools for short and long frames and bind every pool to an RXQ. When the first port MTU is set higher than 1664 bytes, the allocation scheme is reverted to the old behaviour (3 shared pools), and when all ports MTU are lowered, the per-cpu buffers are allocated again. Signed-off-by: Matteo Croce <mcroce@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Matteo Croce authored
Refactor mvpp2_bm_pool_create(), mvpp2_bm_pool_destroy() and mvpp2_bm_pools_init() so that they accept a struct device instead of a struct platform_device, as they just need platform_device->dev. Removing such dependency makes the BM code more reusable in context where we don't have a pointer to the platform_device. Signed-off-by: Matteo Croce <mcroce@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vladimir Oltean authored
When a function such as dsa_slave_create fails, currently the following stack trace can be seen: [ 2.038342] sja1105 spi0.1: Probed switch chip: SJA1105T [ 2.054556] sja1105 spi0.1: Reset switch and programmed static config [ 2.063837] sja1105 spi0.1: Enabled switch tagging [ 2.068706] fsl-gianfar soc:ethernet@2d90000 eth2: error -19 setting up slave phy [ 2.076371] ------------[ cut here ]------------ [ 2.080973] WARNING: CPU: 1 PID: 21 at net/core/devlink.c:6184 devlink_free+0x1b4/0x1c0 [ 2.088954] Modules linked in: [ 2.092005] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.3.0-rc6-01360-g41b52e38d2b6-dirty #1746 [ 2.100912] Hardware name: Freescale LS1021A [ 2.105162] Workqueue: events deferred_probe_work_func [ 2.110287] [<c03133a4>] (unwind_backtrace) from [<c030d8cc>] (show_stack+0x10/0x14) [ 2.117992] [<c030d8cc>] (show_stack) from [<c10b08d8>] (dump_stack+0xb4/0xc8) [ 2.125180] [<c10b08d8>] (dump_stack) from [<c0349d04>] (__warn+0xe0/0xf8) [ 2.132018] [<c0349d04>] (__warn) from [<c0349e34>] (warn_slowpath_null+0x40/0x48) [ 2.139549] [<c0349e34>] (warn_slowpath_null) from [<c0f19d74>] (devlink_free+0x1b4/0x1c0) [ 2.147772] [<c0f19d74>] (devlink_free) from [<c1064fc0>] (dsa_switch_teardown+0x60/0x6c) [ 2.155907] [<c1064fc0>] (dsa_switch_teardown) from [<c1065950>] (dsa_register_switch+0x8e4/0xaa8) [ 2.164821] [<c1065950>] (dsa_register_switch) from [<c0ba7fe4>] (sja1105_probe+0x21c/0x2ec) [ 2.173216] [<c0ba7fe4>] (sja1105_probe) from [<c0b35948>] (spi_drv_probe+0x80/0xa4) [ 2.180920] [<c0b35948>] (spi_drv_probe) from [<c0a4c1cc>] (really_probe+0x108/0x400) [ 2.188711] [<c0a4c1cc>] (really_probe) from [<c0a4c694>] (driver_probe_device+0x78/0x1bc) [ 2.196933] [<c0a4c694>] (driver_probe_device) from [<c0a4a3dc>] (bus_for_each_drv+0x58/0xb8) [ 2.205414] [<c0a4a3dc>] (bus_for_each_drv) from [<c0a4c024>] (__device_attach+0xd0/0x168) [ 2.213637] [<c0a4c024>] (__device_attach) from [<c0a4b1d0>] (bus_probe_device+0x84/0x8c) [ 2.221772] [<c0a4b1d0>] (bus_probe_device) from [<c0a4b72c>] (deferred_probe_work_func+0x84/0xc4) [ 2.230686] [<c0a4b72c>] (deferred_probe_work_func) from [<c03650a4>] (process_one_work+0x218/0x510) [ 2.239772] [<c03650a4>] (process_one_work) from [<c03660d8>] (worker_thread+0x2a8/0x5c0) [ 2.247908] [<c03660d8>] (worker_thread) from [<c036b348>] (kthread+0x148/0x150) [ 2.255265] [<c036b348>] (kthread) from [<c03010e8>] (ret_from_fork+0x14/0x2c) [ 2.262444] Exception stack(0xea965fb0 to 0xea965ff8) [ 2.267466] 5fa0: 00000000 00000000 00000000 00000000 [ 2.275598] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 2.283729] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 2.290333] ---[ end trace ca5d506728a0581a ]--- devlink_free is complaining right here: WARN_ON(!list_empty(&devlink->port_list)); This happens because devlink_port_unregister is no longer done right away in dsa_port_setup when a DSA_PORT_TYPE_USER has failed. Vivien said about this change that: Also no need to call devlink_port_unregister from within dsa_port_setup as this step is inconditionally handled by dsa_port_teardown on error. which is not really true. The devlink_port_unregister function _is_ being called unconditionally from within dsa_port_setup, but not for this port that just failed, just for the previous ones which were set up. ports_teardown: for (i = 0; i < port; i++) dsa_port_teardown(&ds->ports[i]); Initially I was tempted to fix this by extending the "for" loop to also cover the port that failed during setup. But this could have potentially unforeseen consequences unrelated to devlink_port or even other types of ports than user ports, which I can't really test for. For example, if for some reason devlink_port_register itself would fail, then unconditionally unregistering it in dsa_port_teardown would not be a smart idea. The list might go on. So just make dsa_port_setup undo the setup it had done upon failure, and let the for loop undo the work of setting up the previous ports, which are guaranteed to be brought up to a consistent state. Fixes: 955222ca ("net: dsa: use a single switch statement for port setup") Signed-off-by: Vladimir Oltean <olteanv@gmail.com> Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiri Pirko authored
Take only FIB events that are happening in init_net into account. No other namespaces are supported. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Roi Dayan <roid@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netDavid S. Miller authored
r8152 conflicts are the NAPI fixes in 'net' overlapping with some tasklet stuff in net-next Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are some small char and misc driver fixes for reported issues for 5.3-rc7 Also included in here is the documentation for how we are handling hardware issues under embargo that everyone has finally agreed on, as well as a MAINTAINERS update for the suckers who agreed to handle the LICENSES/ files. All of these have been in linux-next last week with no reported issues" * tag 'char-misc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: fsi: scom: Don't abort operations for minor errors vmw_balloon: Fix offline page marking with compaction VMCI: Release resource if the work is already queued Documentation/process: Embargoed hardware security issues lkdtm/bugs: fix build error in lkdtm_EXHAUST_STACK mei: me: add Tiger Lake point LP device ID intel_th: pci: Add Tiger Lake support intel_th: pci: Add support for another Lewisburg PCH stm class: Fix a double free of stm_source_device MAINTAINERS: add entry for LICENSES and SPDX stuff fpga: altera-ps-spi: Fix getting of optional confd gpio
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB fixes from Greg KH: "Here are some small USB fixes that have been in linux-next this past week for 5.3-rc7 They fix the usual xhci, syzbot reports, and other small issues that have come up last week. All have been in linux-next with no reported issues" * tag 'usb-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: cdc-wdm: fix race between write and disconnect due to flag abuse usb: host: xhci: rcar: Fix typo in compatible string matching usb: host: xhci-tegra: Set DMA mask correctly USB: storage: ums-realtek: Whitelist auto-delink support USB: storage: ums-realtek: Update module parameter description for auto_delink_en usb: host: ohci: fix a race condition between shutdown and irq usb: hcd: use managed device resources typec: tcpm: fix a typo in the comparison of pdo_max_voltage usb-storage: Add new JMS567 revision to unusual_devs usb: chipidea: udc: don't do hardware access if gadget has stopped usbtmc: more sanity checking for packet size usb: udc: lpc32xx: silence fall-through warning
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix some length checks during OGM processing in batman-adv, from Sven Eckelmann. 2) Fix regression that caused netfilter conntrack sysctls to not be per-netns any more. From Florian Westphal. 3) Use after free in netpoll, from Feng Sun. 4) Guard destruction of pfifo_fast per-cpu qdisc stats with qdisc_is_percpu_stats(), from Davide Caratti. Similar bug is fixed in pfifo_fast_enqueue(). 5) Fix memory leak in mld_del_delrec(), from Eric Dumazet. 6) Handle neigh events on internal ports correctly in nfp, from John Hurley. 7) Clear SKB timestamp in NF flow table code so that it does not confuse fq scheduler. From Florian Westphal. 8) taprio destroy can crash if it is invoked in a failure path of taprio_init(), because the list head isn't setup properly yet and the list del is unconditional. Perform the list add earlier to address this. From Vladimir Oltean. 9) Make sure to reapply vlan filters on device up, in aquantia driver. From Dmitry Bogdanov. 10) sgiseeq driver releases DMA memory using free_page() instead of dma_free_attrs(). From Christophe JAILLET. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (58 commits) net: seeq: Fix the function used to release some memory in an error handling path enetc: Add missing call to 'pci_free_irq_vectors()' in probe and remove functions net: bcmgenet: use ethtool_op_get_ts_info() tc-testing: don't hardcode 'ip' in nsPlugin.py net: dsa: microchip: add KSZ8563 compatibility string dt-bindings: net: dsa: document additional Microchip KSZ8563 switch net: aquantia: fix out of memory condition on rx side net: aquantia: linkstate irq should be oneshot net: aquantia: reapply vlan filters on up net: aquantia: fix limit of vlan filters net: aquantia: fix removal of vlan 0 net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte taprio: Fix kernel panic in taprio_destroy net: dsa: microchip: fill regmap_config name rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] net: stmmac: dwmac-rk: Don't fail if phy regulator is absent amd-xgbe: Fix error path in xgbe_mod_init() netfilter: nft_meta_bridge: Fix get NFT_META_BRI_IIFVPROTO in network byteorder mac80211: Correctly set noencrypt for PAE frames ...
-
- 01 Sep, 2019 4 commits
-
-
David S. Miller authored
Vivien Didelot says: ==================== net: dsa: mv88e6xxx: centralize SERDES IRQ handling Following Marek's work on the abstraction of the SERDES lanes mapping, this series trades the .serdes_irq_setup and .serdes_irq_free callbacks for new .serdes_irq_mapping, .serdes_irq_enable and .serdes_irq_status operations. This has the benefit to limit the various SERDES implementations to simple register accesses only; centralize the IRQ handling and mutex locking logic; as well as reducing boilerplate in the driver. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vivien Didelot authored
The .serdes_irq_setup are all following the same steps: get the SERDES lane, get the IRQ mapping, request the IRQ, then enable it. So do the .serdes_irq_free implementations: get the SERDES lane, disable the IRQ, then free it. This patch removes these operations in favor of generic functions. Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vivien Didelot authored
Introduce a new .serdes_irq_status operation to prepare the abstraction of IRQ thread from the SERDES IRQ setup code. Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Vivien Didelot authored
Introduce a new .serdes_irq_enable operation to prepare the abstraction of IRQ enabling from the SERDES IRQ setup code. Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-