1. 07 12月, 2016 16 次提交
    • M
      can: raw: raw_setsockopt: limit number of can_filter that can be set · 332b05ca
      Marc Kleine-Budde 提交于
      This patch adds a check to limit the number of can_filters that can be
      set via setsockopt on CAN_RAW sockets. Otherwise allocations > MAX_ORDER
      are not prevented resulting in a warning.
      
      Reference: https://lkml.org/lkml/2016/12/2/230Reported-by: NAndrey Konovalov <andreyknvl@google.com>
      Tested-by: NAndrey Konovalov <andreyknvl@google.com>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      332b05ca
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · bc3913a5
      Linus Torvalds 提交于
      Pull sparc fix from David Miller:
       "A use-before-NULL-check from Dan Carpenter"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        dbri: move dereference after check for NULL
      bc3913a5
    • D
      dbri: move dereference after check for NULL · 163117e8
      Dan Carpenter 提交于
      We accidentally introduced a dereference before the NULL check in
      xmit_descs() as part of silencing a GCC warning.
      
      Fixes: 16f46050 ("dbri: Fix compiler warning")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      163117e8
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · da1b466f
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) When dcbnl_cee_fill() fails to be able to push a new netlink
          attribute, it return 0 instead of an error code. From Pan Bian.
      
       2) Two suffix handling fixes to FIB trie code, from Alexander Duyck.
      
       3) bnxt_hwrm_stat_ctx_alloc() goes through all the trouble of setting
          and maintaining a return code 'rc' but fails to actually return it.
          Also from Pan Bian.
      
       4) ping socket ICMP handler needs to validate ICMP header length, from
          Kees Cook.
      
       5) caif_sktinit_module() has this interesting logic:
      
              int err = sock_register(...);
              if (!err)
                      return err;
              return 0;
      
          Just return sock_register()'s return value directly which is the
          only possible correct thing to do.
      
       6) Two bnx2x driver fixes from Yuval Mintz, return a reasonable
          estimate from get_ringparam() ethtool op when interface is down and
          avoid trying to use UDP port based tunneling on 577xx chips.
      
       7) Fix ep93xx_eth crash on module unload from Florian Fainelli.
      
       8) Missing uapi exports, from Stephen Hemminger.
      
       9) Don't schedule work from sk_destruct(), because the socket will be
          freed upon return from that function. From Herbert Xu.
      
      10) Buggy drivers, of which we know there is at least one, can send a
          huge packet into the TCP stack but forget to set the gso_size in the
          SKB, which causes all kinds of problems.
      
          Correct this when it happens, and emit a one-time warning with the
          device name included so that it can be diagnosed more easily.
      
          From Marcelo Ricardo Leitner.
      
      11) virtio-net does DMA off the stack causes hiccups with VMAP_STACK,
          fix from Andy Lutomirski.
      
      12) Fix fec driver compilation with CONFIG_M5272, from Nikita
          Yushchenko.
      
      13) mlx5 fixes from Kamal Heib, Saeed Mahameed, and Mohamad Haj Yahia.
          (erroneously flushing queues on error, module parameter validation,
          etc)
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        net/mlx5e: Change the SQ/RQ operational state to positive logic
        net/mlx5e: Don't flush SQ on error
        net/mlx5e: Don't notify HW when filling the edge of ICO SQ
        net/mlx5: Fix query ISSI flow
        net/mlx5: Remove duplicate pci dev name print
        net/mlx5: Verify module parameters
        net: fec: fix compile with CONFIG_M5272
        be2net: Add DEVSEC privilege to SET_HSW_CONFIG command.
        virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address()
        tcp: warn on bogus MSS and try to amend it
        uapi glibc compat: fix outer guard of net device flags enum
        net: stmmac: clear reset value of snps, wr_osr_lmt/snps, rd_osr_lmt before writing
        netlink: Do not schedule work from sk_destruct
        uapi: export nf_log.h
        uapi: export tc_skbmod.h
        net: ep93xx_eth: Do not crash unloading module
        bnx2x: Prevent tunnel config for 577xx
        bnx2x: Correct ringparam estimate when DOWN
        isdn: hisax: set error code on failure
        net: bnx2x: fix improper return value
        ...
      da1b466f
    • L
      shmem: fix shm fallocate() list corruption · 10d20bd2
      Linus Torvalds 提交于
      The shmem hole punching with fallocate(FALLOC_FL_PUNCH_HOLE) does not
      want to race with generating new pages by faulting them in.
      
      However, the wait-queue used to delay the page faulting has a serious
      problem: the wait queue head (in shmem_fallocate()) is allocated on the
      stack, and the code expects that "wake_up_all()" will make sure that all
      the queue entries are gone before the stack frame is de-allocated.
      
      And that is not at all necessarily the case.
      
      Yes, a normal wake-up sequence will remove the wait-queue entry that
      caused the wakeup (see "autoremove_wake_function()"), but the key
      wording there is "that caused the wakeup".  When there are multiple
      possible wakeup sources, the wait queue entry may well stay around.
      
      And _particularly_ in a page fault path, we may be faulting in new pages
      from user space while we also have other things going on, and there may
      well be other pending wakeups.
      
      So despite the "wake_up_all()", it's not at all guaranteed that all list
      entries are removed from the wait queue head on the stack.
      
      Fix this by introducing a new wakeup function that removes the list
      entry unconditionally, even if the target process had already woken up
      for other reasons.  Use that "synchronous" function to set up the
      waiters in shmem_fault().
      
      This problem has never been seen in the wild afaik, but Dave Jones has
      reported it on and off while running trinity.  We thought we fixed the
      stack corruption with the blk-mq rq_list locking fix (commit
      7fe31130: "blk-mq: update hardware and software queues for sleeping
      alloc"), but it turns out there was _another_ stack corruptor hiding
      in the trinity runs.
      
      Vegard Nossum (also running trinity) was able to trigger this one fairly
      consistently, and made us look once again at the shmem code due to the
      faults often being in that area.
      
      Reported-and-tested-by: Vegard Nossum <vegard.nossum@oracle.com>.
      Reported-by: NDave Jones <davej@codemonkey.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      10d20bd2
    • D
      Merge branch 'mlx5-fixes' · 32f16e14
      David S. Miller 提交于
      Saeed Mahameed says:
      
      ====================
      Mellanox 100G mlx5 fixes 2016-12-04
      
      Some bug fixes for mlx5 core and mlx5e driver.
      
      v1->v2:
       - replace "uint" with "unsigned int"
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32f16e14
    • M
      net/mlx5e: Change the SQ/RQ operational state to positive logic · c0f1147d
      Mohamad Haj Yahia 提交于
      When using the negative logic (i.e. FLUSH state), after the RQ/SQ reopen
      we will have a time interval that the RQ/SQ is not really ready and the
      state indicates that its not in FLUSH state because the initial SQ/RQ struct
      memory starts as zeros.
      Now we changed the state to indicate if the SQ/RQ is opened and we will
      set the READY state after finishing preparing all the SQ/RQ resources.
      
      Fixes: 6e8dd6d6 ("net/mlx5e: Don't wait for SQ completions on close")
      Fixes: f2fde18c ("net/mlx5e: Don't wait for RQ completions on close")
      Signed-off-by: NMohamad Haj Yahia <mohamad@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0f1147d
    • S
      net/mlx5e: Don't flush SQ on error · 3c8591d5
      Saeed Mahameed 提交于
      We are doing SQ descriptors cleanup in driver.
      
      Fixes: 6e8dd6d6 ("net/mlx5e: Don't wait for SQ completions on close")
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3c8591d5
    • S
      net/mlx5e: Don't notify HW when filling the edge of ICO SQ · b8335d91
      Saeed Mahameed 提交于
      We are going to do this a couple of steps ahead anyway.
      
      Fixes: d3c9bc27 ("net/mlx5e: Added ICO SQs")
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b8335d91
    • K
      net/mlx5: Fix query ISSI flow · f9c14e46
      Kamal Heib 提交于
      In old FWs query ISSI command is not supported and for some of those FWs
      it might fail with status other than "MLX5_CMD_STAT_BAD_OP_ERR".
      
      In such case instead of failing the driver load, we will treat any FW
      status other than 0 for Query ISSI FW command as ISSI not supported and
      assume ISSI=0 (most basic driver/FW interface).
      
      In case of driver syndrom (query ISSI failure by driver) we will fail
      driver load.
      
      Fixes: f62b8bb8 ('net/mlx5: Extend mlx5_core to support ConnectX-4
      Ethernet functionality')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9c14e46
    • K
      net/mlx5: Remove duplicate pci dev name print · 9e5b2fc1
      Kamal Heib 提交于
      Remove duplicate pci dev name printing from mlx5_core_warn/dbg.
      
      Fixes: 5a788398 ('net/mlx5_core: Improve mlx5 messages')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e5b2fc1
    • K
      net/mlx5: Verify module parameters · f663ad98
      Kamal Heib 提交于
      Verify the mlx5_core module parameters by making sure that they are in
      the expected range and if they aren't restore them to their default
      values.
      
      Fixes: 9603b61d ('mlx5: Move pci device handling from mlx5_ib to mlx5_core')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f663ad98
    • N
      net: fec: fix compile with CONFIG_M5272 · f85de666
      Nikita Yushchenko 提交于
      Commit 80cca775 ("net: fec: cache statistics while device is down")
      introduced unconditional statistics-related actions.
      
      However, when driver is compiled with CONFIG_M5272, staticsics-related
      definitions do not exist, which results into build errors.
      
      Fix that by adding explicit handling of !defined(CONFIG_M5272) case.
      
      Fixes: 80cca775 ("net: fec: cache statistics while device is down")
      Signed-off-by: NNikita Yushchenko <nikita.yoush@cogentembedded.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f85de666
    • V
      be2net: Add DEVSEC privilege to SET_HSW_CONFIG command. · d14584d9
      Venkat Duvvuru 提交于
      OPCODE_COMMON_GET_FN_PRIVILEGES is returning only DEVSEC
      privilege (Unrestricted Administrative Privilege) for Lancer NIC functions.
      So, driver is failing SET_HSW_CONFIG command, as DEVSEC privilege was not
      set in the privilege bitmap. This patch fixes the problem by setting DEVSEC
      privilege in SET_HSW_CONFIG’s privilege bitmap.
      Signed-off-by: NVenkat Duvvuru <venkatkumar.duvvuru@broadcom.com>
      Signed-off-by: NSuresh Reddy <suresh.reddy@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d14584d9
    • A
      virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() · e37e2ff3
      Andy Lutomirski 提交于
      With CONFIG_VMAP_STACK=y, virtnet_set_mac_address() can be passed a
      pointer to the stack and it will OOPS.  Copy the address to the heap
      to prevent the crash.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Jason Wang <jasowang@redhat.com>
      Cc: Laura Abbott <labbott@redhat.com>
      Reported-by: zbyszek@in.waw.pl
      Signed-off-by: NAndy Lutomirski <luto@kernel.org>
      Acked-by: NJason Wang <jasowang@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e37e2ff3
    • M
      tcp: warn on bogus MSS and try to amend it · dcb17d22
      Marcelo Ricardo Leitner 提交于
      There have been some reports lately about TCP connection stalls caused
      by NIC drivers that aren't setting gso_size on aggregated packets on rx
      path. This causes TCP to assume that the MSS is actually the size of the
      aggregated packet, which is invalid.
      
      Although the proper fix is to be done at each driver, it's often hard
      and cumbersome for one to debug, come to such root cause and report/fix
      it.
      
      This patch amends this situation in two ways. First, it adds a warning
      on when this situation occurs, so it gives a hint to those trying to
      debug this. It also limit the maximum probed MSS to the adverised MSS,
      as it should never be any higher than that.
      
      The result is that the connection may not have the best performance ever
      but it shouldn't stall, and the admin will have a hint on what to look
      for.
      
      Tested with virtio by forcing gso_size to 0.
      
      v2: updated msg per David's suggestion
      v3: use skb_iif to find the interface and also log its name, per Eric
          Dumazet's suggestion. As the skb may be backlogged and the interface
          gone by then, we need to check if the number still has a meaning.
      v4: use helper tcp_gro_dev_warn() and avoid pr_warn_once inside __once, per
          David's suggestion
      
      Cc: Jonathan Maxwell <jmaxwell37@gmail.com>
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dcb17d22
  2. 06 12月, 2016 24 次提交