1. 27 5月, 2015 3 次提交
    • I
      x86/fpu: Optimize fpu__activate_fpstate_read() · 9ba6b791
      Ingo Molnar 提交于
      fpu__activate_fpstate_read() is used before FPU registers are
      read from the fpstate by ptrace and core dumping.
      
      It's not necessary to unlazy non-current child tasks in this case,
      since the reading of registers is non-destructive.
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Bobby Powers <bobbypowers@gmail.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      9ba6b791
    • I
      x86/fpu: Split out the fpu__activate_fpstate_read() method · 05602812
      Ingo Molnar 提交于
      Currently fpu__activate_fpstate() is used for two distinct purposes:
      
        - read access by ptrace and core dumping, where in the core dumping
          case the current task's FPU state may be examined as well.
      
        - write access by ptrace, which modifies FPU registers and expects
          the modified registers to be reloaded on the next context switch.
      
      Split out the reading side into fpu__activate_fpstate_read().
      
      ( Note that this is just a pure duplication of fpu__activate_fpstate()
        for the time being, we'll optimize the new function in the next patch. )
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Bobby Powers <bobbypowers@gmail.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      05602812
    • I
      x86/fpu: Fix FPU register read access to the current task · 47f01e8c
      Ingo Molnar 提交于
      Bobby Powers reported the following FPU warning during ELF coredumping:
      
         WARNING: CPU: 0 PID: 27452 at arch/x86/kernel/fpu/core.c:324 fpu__activate_stopped+0x8a/0xa0()
      
      This warning unearthed an invalid assumption about fpu__activate_stopped()
      that I added in:
      
        67e97fc2 ("x86/fpu: Rename init_fpu() to fpu__unlazy_stopped() and add debugging check")
      
      the old init_fpu() function had an (intentional but obscure) side effect:
      when FPU registers are accessed for the current task, for reading, then
      it synchronized live in-register FPU state with the fpstate by saving it.
      
      So fix this bug by saving the FPU if we are the current task. We'll
      still warn in fpu__save() if this is called for not yet stopped
      child tasks, so the debugging check is still preserved.
      
      Also rename the function to fpu__activate_fpstate(), because it's not
      exclusively used for stopped tasks, but for the current task as well.
      
      ( Note that this bug calls for a cleaner separation of access-for-read
        and access-for-modification FPU methods, but we'll do that in separate
        patches. )
      Reported-by: NBobby Powers <bobbypowers@gmail.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      47f01e8c
  2. 25 5月, 2015 10 次提交
    • I
      x86/fpu: Micro-optimize the copy_xregs_to_kernel*() and copy_kernel_to_xregs*() functions · 8c05f05e
      Ingo Molnar 提交于
      The copy_xregs_to_kernel*() and copy_kernel_to_xregs*() functions are used
      to copy FPU registers to kernel memory and vice versa.
      
      They are never expected to fail, yet they have a return code, mostly because
      that way they can share the assembly macros with the copy*user*() functions.
      
      This error code is then silently ignored by the context switching
      and other code - which made the bug in:
      
        b8c1b8ea ("x86/fpu: Fix FPU state save area alignment bug")
      
      harder to fix than necessary.
      
      So remove the return values and check for no faults when FPU debugging
      is enabled in the .config.
      
      This improves the eagerfpu context switching fast path by a couple of
      instructions, when FPU debugging is disabled:
      
         ffffffff810407fa:      89 c2                   mov    %eax,%edx
         ffffffff810407fc:      48 0f ae 2f             xrstor64 (%rdi)
         ffffffff81040800:      31 c0                   xor    %eax,%eax
        -ffffffff81040802:      eb 0a                   jmp    ffffffff8104080e <__switch_to+0x321>
        +ffffffff81040802:      eb 16                   jmp    ffffffff8104081a <__switch_to+0x32d>
         ffffffff81040804:      31 c0                   xor    %eax,%eax
         ffffffff81040806:      48 0f ae 8b c0 05 00    fxrstor64 0x5c0(%rbx)
         ffffffff8104080d:      00
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      8c05f05e
    • I
      x86/fpu: Improve the initialization logic of 'err' around xstate_fault() constraints · 685c9616
      Ingo Molnar 提交于
      There's a confusing aspect of how xstate_fault() constraints are
      handled by the FPU register/memory copying functions in
      fpu/internal.h: they use "0" (0) to signal that the asm code
      will not always set 'err' to a valid value.
      
      But 'err' is already initialized to 0 in C code, which is duplicated
      by the asm() constraint. Should the initialization value ever be
      changed, it might become subtly inconsistent with the not too clear
      asm() constraint.
      
      Use 'err' as the value of the input variable instead, to clarify
      this all.
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      685c9616
    • I
      x86/fpu: Improve xstate_fault() handling · 87b6559d
      Ingo Molnar 提交于
      There are two problems with xstate_fault handling:
      
       - The xstate_fault() macro takes an argument, but that's
         propagated into the assembly named label as well. This
         is technically correct currently but might result in
         failures if anytime a more complex argument is used.
         So use a separate '_err' name instead for the label.
      
       - All the xstate_fault() using functions have an error
         variable named 'err', which is an output variable to
         the asm() they are using. The problem is, it's not always
         set by the asm(), in which case the compiler might
         optimize out its initialization, so that the C variable
         'err' might become corrupted after the asm() - confusing
         anyone who tries to take advantage of this variable
         after the asm(). Mark it an input variable as well.
      
         This is a latent bug currently, but an upcoming debug
         patch will make use of 'err'.
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      87b6559d
    • I
      x86/fpu: Rename xstate related 'fx' references to 'xstate' · 87dafd41
      Ingo Molnar 提交于
      So the xstate code was probably first copied from the fxregs code,
      hence it carried over the 'fx' naming for the state pointer variable.
      
      But this is slightly confusing, as we usually on call the (legacy)
      MMX/SSE state 'fx', both in data structures and in the functions
      build around FXSAVE/FXRSTOR.
      
      So rename it to 'xstate' to make it more apparent what it is related to.
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      87dafd41
    • I
      x86/fpu: Fix fpu__init_system_xstate() comments · 6e553594
      Ingo Molnar 提交于
      Remove obsolete comment about __init limitations: in the new code there aren't any.
      
      Also standardize the comment style in the function while at it.
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      6e553594
    • I
      x86/fpu: Move the xstate copying functions into fpu/internal.h · fd169b05
      Ingo Molnar 提交于
      All the other register<-> memory copying functions are defined
      in fpu/internal.h, so move the xstate variants there too.
      
      Beyond being more consistent, this also allows FPU debugging
      checks to be added to them. (Because they can now use the
      macros defined in fpu/internal.h.)
      
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      fd169b05
    • I
      Merge branch 'linus' into x86/fpu · 3152657f
      Ingo Molnar 提交于
      Resolve semantic conflict in arch/x86/kvm/cpuid.c with:
      
        c447e76b ("kvm/fpu: Enable eager restore kvm FPU for MPX")
      
      By removing the FPU internal include files.
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      3152657f
    • I
      x86/fpu: Fix FPU state save area alignment bug · b8c1b8ea
      Ingo Molnar 提交于
      On most configs task-struct is cache line aligned, which makes
      the XSAVE area's 64-byte required alignment work out fine.
      
      But on some .config's task_struct is aligned only to 16 bytes
      (enforced by ARCH_MIN_TASKALIGN), which makes things like
      fpu__copy() (that XSAVEOPT uses) not work so well.
      
      I broke this in:
      
        7366ed77 ("x86/fpu: Simplify FPU handling by embedding the fpstate in task_struct (again)")
      
      which embedded the fpstate in the task_struct.
      
      The alignment requirements of the FPU code were originally present
      in ARCH_MIN_TASKALIGN, which still has a value of 16, which was the
      alignment requirement of the FPU state area prior XSAVE. But this
      link was not documented (and not required) and the link got lost
      when the FPU state area was made dynamic years ago.
      
      With XSAVEOPT the minimum alignment requirment went up to 64 bytes,
      and the embedding of the FPU state area in task_struct exposed it
      again - and '16' was not increased to '64'.
      
      So fix this bug, but also try to address the underlying lost link
      of information that made it easier to happen:
      
        - document ARCH_MIN_TASKALIGN a bit better
      
        - use alignof() to recover the current alignment requirements.
          This would work in the future as well, should the alignment
          requirements go up to 128 bytes with things like AVX512.
      
      ( We should probably also use the vSMP alignment rules for all
        of x86, but that's for another patch. )
      Reported-by: NPeter Zijlstra <peterz@infradead.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      b8c1b8ea
    • L
      Linux 4.1-rc5 · ba155e2d
      Linus Torvalds 提交于
      ba155e2d
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 5b139666
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "This is a set of five fixes: Two MAINTAINER email updates (urgent
        because the non-avagotech emails will start bouncing) an lpfc big
        endian oops fix, a 256 byte sector hang fix (to eliminate 256 byte
        sectors) and a storvsc fix which could cause test unit ready failures
        on bringup"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        MAINTAINERS: Revise lpfc maintainers for Avago Technologies ownership of Emulex
        MAINTAINERS, be2iscsi: change email domain
        sd: Disable support for 256 byte/sector disks
        lpfc: Fix breakage on big endian kernels
        storvsc: Set the SRB flags correctly when no data transfer is needed
      5b139666
  3. 24 5月, 2015 4 次提交
  4. 23 5月, 2015 17 次提交
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · cf539cbd
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Radeon has two displayport fixes, one for a regression.
      
        i915 regression flicker fix needed so 4.0 can get fixed.
      
        A bunch of msm fixes and a bunch of exynos fixes, these two are
        probably a bit larger than I'd like, but most of them seems pretty
        good"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (29 commits)
        drm/radeon: fix error flag checking in native aux path
        drm/radeon: retry dcpd fetch
        drm/msm/mdp5: fix incorrect parameter for msm_framebuffer_iova()
        drm/exynos: dp: Lower level of EDID read success message
        drm/exynos: cleanup exynos_drm_plane
        drm/exynos: 'win' is always unsigned
        drm/exynos: mixer: don't dump registers under spinlock
        drm/exynos: Consolidate return statements in fimd_bind()
        drm/exynos: Constify exynos_drm_crtc_ops
        drm/exynos: Fix build breakage on !DRM_EXYNOS_FIMD
        drm/exynos: mixer: Constify platform_device_id
        drm/exynos: mixer: cleanup pixelformat handling
        drm/exynos: mixer: also allow NV21 for the video processor
        drm/exynos: mixer: remove buffer count handling in vp_video_buffer()
        drm/exynos: plane: honor buffer offset for dma_addr
        drm/exynos: fb: use drm_format_num_planes to get buffer count
        drm/i915: fix screen flickering
        drm/msm: fix locking inconsistencies in gpu->destroy()
        drm/msm/dsi: Simplify the code to get the number of read byte
        drm/msm: Attach assigned encoder to eDP and DSI connectors
        ...
      cf539cbd
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0b6280c6
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Don't leak ipvs->sysctl_tbl, from Tommi Rentala.
      
       2) Fix neighbour table entry leak in rocker driver, from Ying Xue.
      
       3) Do not emit bonding notifications for unregistered interfaces, from
          Nicolas Dichtel.
      
       4) Set ipv6 flow label properly when in TIME_WAIT state, from Florent
          Fourcot.
      
       5) Fix regression in ipv6 multicast filter test, from Henning Rogge.
      
       6) do_replace() in various footables netfilter modules is missing a
          check for 0 counters in the datastructure provided by the user.  Fix
          from Dave Jones, and found with trinity.
      
       7) Fix RCU bug in packet scheduler classifier module unloads, from
          Daniel Borkmann.
      
       8) Avoid deadlock in tcp_get_info() by using u64_sync.  From Eric
          Dumzaet.
      
       9) Input packet processing can race with inetdev_destroy() teardown,
          fix potential OOPS in ip_error() by explicitly testing whether the
          inetdev is still attached.  From Eric W Biederman.
      
      10) MLDv2 parser in bridge multicast code breaks too early while
          parsing.  Fix from Thadeu Lima de Souza Cascardo.
      
      11) Asking for settings on non-zero PHYID doesn't work because we do not
          import the command structure from the user and use the PHYID
          provided there.  Fix from Arun Parameswaran.
      
      12) Fix UDP checksums with IPV6 RAW sockets, from Vlad Yasevich.
      
      13) Missing NF_TABLES depends for TPROXY etc can cause build failures,
          fix from Florian Westphal.
      
      14) Fix netfilter conntrack to handle RFC5961 challenge ACKs properly,
          from Jesper Dangaard Brouer.
      
      15) If netlink autobind retry fails, we have to reset the sockets portid
          back to zero.  From Herbert Xu.
      
      16) VXLAN netns exit code unregisters using wrong device, from John W
          Linville.
      
      17) Add some USB device IDs to ath3k and btusb bluetooth drivers, from
          Dmitry Tunin and Wen-chien Jesse Sung.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
        bridge: fix lockdep splat
        net: core: 'ethtool' issue with querying phy settings
        bridge: fix parsing of MLDv2 reports
        ARM: zynq: DT: Use the zynq binding with macb
        net: macb: Disable half duplex gigabit on Zynq
        net: macb: Document zynq gem dt binding
        ipv4: fill in table id when replacing a route
        cdc_ncm: Fix tx_bytes statistics
        ipv4: Avoid crashing in ip_error
        tcp: fix a potential deadlock in tcp_get_info()
        net: sched: fix call_rcu() race on classifier module unloads
        net: phy: Make sure phy_start() always re-enables the phy interrupts
        ipv6: fix ECMP route replacement
        ipv6: do not delete previously existing ECMP routes if add fails
        Revert "netfilter: bridge: query conntrack about skb dnat"
        netfilter: ensure number of counters is >0 in do_replace()
        netfilter: nfnetlink_{log,queue}: Register pernet in first place
        tcp: don't over-send F-RTO probes
        tcp: only undo on partial ACKs in CA_Loss
        net/ipv6/udp: Fix ipv6 multicast socket filter regression
        ...
      0b6280c6
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 1c8df7bd
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
       "Three small fixes that have been picked up the last few weeks.
        Specifically:
      
         - Fix a memory corruption issue in NVMe with malignant user
           constructed request.  From Christoph.
      
         - Kill (now) unused blk_queue_bio(), dm was changed to not need this
           anymore.  From Mike Snitzer.
      
         - Always use blk_schedule_flush_plug() from the io_schedule() path
           when flushing a plug, fixing a !TASK_RUNNING warning with md.  From
           Shaohua"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        sched: always use blk_schedule_flush_plug in io_schedule_out
        nvme: fix kernel memory corruption with short INQUIRY buffers
        block: remove export for blk_queue_bio
      1c8df7bd
    • L
      Merge tag 'md/4.1-rc4-fixes' of git://neil.brown.name/md · a30ec4b3
      Linus Torvalds 提交于
      Pull md bugfixes from Neil Brown:
       "I have a few more raid5 bugfixes pending, but I want them to get a bit
        more review first.  In the meantime:
      
         - one serious RAID0 data corruption - caused by recent bugfix that
           wasn't reviewed properly.
      
         - one raid5 fix in new code (a couple more of those to come).
      
         - one little fix to stop static analysis complaining about silly rcu
           annotation"
      
      * tag 'md/4.1-rc4-fixes' of git://neil.brown.name/md:
        md/bitmap: remove rcu annotation from pointer arithmetic.
        md/raid0: fix restore to sector variable in raid0_make_request
        raid5: fix broken async operation chain
      a30ec4b3
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 1d82b0ba
      Linus Torvalds 提交于
      Pull input fixes from Dmitry Torokhov:
       "Updates for the input subsystem.
      
        The main change is that we tell joydev not to touch "absolute mice",
        such as VMware virtual mouse, as that produced bad result (cursor
        stuck in upper right corner) with games"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: smtpe-ts - wait 50mS until polling for pen-up
        Input: smtpe-ts - use msecs_to_jiffies() instead of HZ
        Input: joydev - don't classify the vmmouse as a joystick
        Input: vmmouse - do not reference non-existing version of X driver
        Input: alps - fix finger jumps on lifting 2 fingers on v7 touchpad
        Input: elantech - fix semi-mt protocol for v3 HW
        Input: sx8654 - fix memory allocation check
      1d82b0ba
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2a058f38
      Linus Torvalds 提交于
      Pull another crypto fix from Herbert Xu:
       "Fix ICV corruption in s390/ghash when the same tfm is used by more
        than one thread"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: s390/ghash - Fix incorrect ghash icv buffer handling.
      2a058f38
    • E
      bridge: fix lockdep splat · 93a33a58
      Eric Dumazet 提交于
      Following lockdep splat was reported :
      
      [   29.382286] ===============================
      [   29.382315] [ INFO: suspicious RCU usage. ]
      [   29.382344] 4.1.0-0.rc0.git11.1.fc23.x86_64 #1 Not tainted
      [   29.382380] -------------------------------
      [   29.382409] net/bridge/br_private.h:626 suspicious
      rcu_dereference_check() usage!
      [   29.382455]
                     other info that might help us debug this:
      
      [   29.382507]
                     rcu_scheduler_active = 1, debug_locks = 0
      [   29.382549] 2 locks held by swapper/0/0:
      [   29.382576]  #0:  (((&p->forward_delay_timer))){+.-...}, at:
      [<ffffffff81139f75>] call_timer_fn+0x5/0x4f0
      [   29.382660]  #1:  (&(&br->lock)->rlock){+.-...}, at:
      [<ffffffffa0450dc1>] br_forward_delay_timer_expired+0x31/0x140
      [bridge]
      [   29.382754]
                     stack backtrace:
      [   29.382787] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
      4.1.0-0.rc0.git11.1.fc23.x86_64 #1
      [   29.382838] Hardware name: LENOVO 422916G/LENOVO, BIOS A1KT53AUS 04/07/2015
      [   29.382882]  0000000000000000 3ebfc20364115825 ffff880666603c48
      ffffffff81892d4b
      [   29.382943]  0000000000000000 ffffffff81e124e0 ffff880666603c78
      ffffffff8110bcd7
      [   29.383004]  ffff8800785c9d00 ffff88065485ac58 ffff880c62002800
      ffff880c5fc88ac0
      [   29.383065] Call Trace:
      [   29.383084]  <IRQ>  [<ffffffff81892d4b>] dump_stack+0x4c/0x65
      [   29.383130]  [<ffffffff8110bcd7>] lockdep_rcu_suspicious+0xe7/0x120
      [   29.383178]  [<ffffffffa04520f9>] br_fill_ifinfo+0x4a9/0x6a0 [bridge]
      [   29.383225]  [<ffffffffa045266b>] br_ifinfo_notify+0x11b/0x4b0 [bridge]
      [   29.383271]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383320]  [<ffffffffa0450de8>]
      br_forward_delay_timer_expired+0x58/0x140 [bridge]
      [   29.383371]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383416]  [<ffffffff8113a033>] call_timer_fn+0xc3/0x4f0
      [   29.383454]  [<ffffffff81139f75>] ? call_timer_fn+0x5/0x4f0
      [   29.383493]  [<ffffffff8110a90f>] ? lock_release_holdtime.part.29+0xf/0x200
      [   29.383541]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383587]  [<ffffffff8113a6a4>] run_timer_softirq+0x244/0x490
      [   29.383629]  [<ffffffff810b68cc>] __do_softirq+0xec/0x670
      [   29.383666]  [<ffffffff810b70d5>] irq_exit+0x145/0x150
      [   29.383703]  [<ffffffff8189f506>] smp_apic_timer_interrupt+0x46/0x60
      [   29.383744]  [<ffffffff8189d523>] apic_timer_interrupt+0x73/0x80
      [   29.383782]  <EOI>  [<ffffffff816f131f>] ? cpuidle_enter_state+0x5f/0x2f0
      [   29.383832]  [<ffffffff816f131b>] ? cpuidle_enter_state+0x5b/0x2f0
      
      Problem here is that br_forward_delay_timer_expired() is a timer
      handler, calling br_ifinfo_notify() which assumes either rcu_read_lock()
      or RTNL are held.
      
      Simplest fix seems to add rcu read lock section.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NJosh Boyer <jwboyer@fedoraproject.org>
      Reported-by: NDominick Grift <dac.override@gmail.com>
      Cc: Vlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      93a33a58
    • A
      net: core: 'ethtool' issue with querying phy settings · f96dee13
      Arun Parameswaran 提交于
      When trying to configure the settings for PHY1, using commands
      like 'ethtool -s eth0 phyad 1 speed 100', the 'ethtool' seems to
      modify other settings apart from the speed of the PHY1, in the
      above case.
      
      The ethtool seems to query the settings for PHY0, and use this
      as the base to apply the new settings to the PHY1. This is
      causing the other settings of the PHY 1 to be wrongly
      configured.
      
      The issue is caused by the '_ethtool_get_settings()' API, which
      gets called because of the 'ETHTOOL_GSET' command, is clearing
      the 'cmd' pointer (of type 'struct ethtool_cmd') by calling
      memset. This clears all the parameters (if any) passed for the
      'ETHTOOL_GSET' cmd. So the driver's callback is always invoked
      with 'cmd->phy_address' as '0'.
      
      The '_ethtool_get_settings()' is called from other files in the
      'net/core'. So the fix is applied to the 'ethtool_get_settings()'
      which is only called in the context of the 'ethtool'.
      Signed-off-by: NArun Parameswaran <aparames@broadcom.com>
      Reviewed-by: NRay Jui <rjui@broadcom.com>
      Reviewed-by: NScott Branden <sbranden@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f96dee13
    • T
      bridge: fix parsing of MLDv2 reports · 47cc84ce
      Thadeu Lima de Souza Cascardo 提交于
      When more than a multicast address is present in a MLDv2 report, all but
      the first address is ignored, because the code breaks out of the loop if
      there has not been an error adding that address.
      
      This has caused failures when two guests connected through the bridge
      tried to communicate using IPv6. Neighbor discoveries would not be
      transmitted to the other guest when both used a link-local address and a
      static address.
      
      This only happens when there is a MLDv2 querier in the network.
      
      The fix will only break out of the loop when there is a failure adding a
      multicast address.
      
      The mdb before the patch:
      
      dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
      dev ovirtmgmt port bond0.86 grp ff02::2 temp
      
      After the patch:
      
      dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
      dev ovirtmgmt port bond0.86 grp ff02::fb temp
      dev ovirtmgmt port bond0.86 grp ff02::2 temp
      dev ovirtmgmt port bond0.86 grp ff02::d temp
      dev ovirtmgmt port vnet0 grp ff02::1:ff00:76 temp
      dev ovirtmgmt port bond0.86 grp ff02::16 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff00:77 temp
      dev ovirtmgmt port bond0.86 grp ff02::1:ff00:def temp
      dev ovirtmgmt port bond0.86 grp ff02::1:ffa1:40bf temp
      
      Fixes: 08b202b6 ("bridge br_multicast: IPv6 MLD support.")
      Reported-by: NRik Theys <Rik.Theys@esat.kuleuven.be>
      Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@redhat.com>
      Tested-by: NRik Theys <Rik.Theys@esat.kuleuven.be>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      47cc84ce
    • N
      ARM: zynq: DT: Use the zynq binding with macb · 9eeb5161
      Nathan Sullivan 提交于
      Use the new zynq binding for macb ethernet, since it will disable half
      duplex gigabit like the Zynq TRM says to do.
      Signed-off-by: NNathan Sullivan <nathan.sullivan@ni.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9eeb5161
    • N
      net: macb: Disable half duplex gigabit on Zynq · 222ca8e0
      Nathan Sullivan 提交于
      According to the Zynq TRM, gigabit half duplex is not supported.  Add a
      new cap and compatible string so Zynq can avoid advertising that mode.
      Signed-off-by: NNathan Sullivan <nathan.sullivan@ni.com>
      Acked-by: NNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      222ca8e0
    • N
    • M
      ipv4: fill in table id when replacing a route · d4e64c29
      Michal Kubeček 提交于
      When replacing an IPv4 route, tb_id member of the new fib_alias
      structure is not set in the replace code path so that the new route is
      ignored.
      
      Fixes: 0ddcf43d ("ipv4: FIB Local/MAIN table collapse")
      Signed-off-by: NMichal Kubecek <mkubecek@suse.cz>
      Acked-by: NAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d4e64c29
    • B
      cdc_ncm: Fix tx_bytes statistics · 44f6731d
      Bjørn Mork 提交于
      The tx_curr_frame_payload field is u32. When we try to calculate a
      small negative delta based on it, we end up with a positive integer
      close to 2^32 instead.  So the tx_bytes pointer increases by about
      2^32 for every transmitted frame.
      
      Fix by calculating the delta as a signed long.
      
      Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
      Reported-by: NFlorian Bruhin <me@the-compiler.org>
      Fixes: 7a1e890e ("usbnet: Fix tx_bytes statistic running backward in cdc_ncm")
      Signed-off-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      44f6731d
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 572152ad
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contain Netfilter fixes for your net tree, they are:
      
      1) Fix a race in nfnetlink_log and nfnetlink_queue that can lead to a crash.
         This problem is due to wrong order in the per-net registration and netlink
         socket events. Patch from Francesco Ruggeri.
      
      2) Make sure that counters that userspace pass us are higher than 0 in all the
         x_tables frontends. Discovered via Trinity, patch from Dave Jones.
      
      3) Revert a patch for br_netfilter to rely on the conntrack status bits. This
         breaks stateless IPv6 NAT transformations. Patch from Florian Westphal.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      572152ad
    • E
      ipv4: Avoid crashing in ip_error · 381c759d
      Eric W. Biederman 提交于
      ip_error does not check if in_dev is NULL before dereferencing it.
      
      IThe following sequence of calls is possible:
      CPU A                          CPU B
      ip_rcv_finish
          ip_route_input_noref()
              ip_route_input_slow()
                                     inetdev_destroy()
          dst_input()
      
      With the result that a network device can be destroyed while processing
      an input packet.
      
      A crash was triggered with only unicast packets in flight, and
      forwarding enabled on the only network device.   The error condition
      was created by the removal of the network device.
      
      As such it is likely the that error code was -EHOSTUNREACH, and the
      action taken by ip_error (if in_dev had been accessible) would have
      been to not increment any counters and to have tried and likely failed
      to send an icmp error as the network device is going away.
      
      Therefore handle this weird case by just dropping the packet if
      !in_dev.  It will result in dropping the packet sooner, and will not
      result in an actual change of behavior.
      
      Fixes: 251da413 ("ipv4: Cache ip_error() routes even when not forwarding.")
      Reported-by: NVittorio Gambaletta <linuxbugs@vittgam.net>
      Tested-by: NVittorio Gambaletta <linuxbugs@vittgam.net>
      Signed-off-by: NVittorio Gambaletta <linuxbugs@vittgam.net>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      381c759d
    • E
      tcp: fix a potential deadlock in tcp_get_info() · d654976c
      Eric Dumazet 提交于
      Taking socket spinlock in tcp_get_info() can deadlock, as
      inet_diag_dump_icsk() holds the &hashinfo->ehash_locks[i],
      while packet processing can use the reverse locking order.
      
      We could avoid this locking for TCP_LISTEN states, but lockdep would
      certainly get confused as all TCP sockets share same lockdep classes.
      
      [  523.722504] ======================================================
      [  523.728706] [ INFO: possible circular locking dependency detected ]
      [  523.734990] 4.1.0-dbg-DEV #1676 Not tainted
      [  523.739202] -------------------------------------------------------
      [  523.745474] ss/18032 is trying to acquire lock:
      [  523.750002]  (slock-AF_INET){+.-...}, at: [<ffffffff81669d44>] tcp_get_info+0x2c4/0x360
      [  523.758129]
      [  523.758129] but task is already holding lock:
      [  523.763968]  (&(&hashinfo->ehash_locks[i])->rlock){+.-...}, at: [<ffffffff816bcb75>] inet_diag_dump_icsk+0x1d5/0x6c0
      [  523.774661]
      [  523.774661] which lock already depends on the new lock.
      [  523.774661]
      [  523.782850]
      [  523.782850] the existing dependency chain (in reverse order) is:
      [  523.790326]
      -> #1 (&(&hashinfo->ehash_locks[i])->rlock){+.-...}:
      [  523.796599]        [<ffffffff811126bb>] lock_acquire+0xbb/0x270
      [  523.802565]        [<ffffffff816f5868>] _raw_spin_lock+0x38/0x50
      [  523.808628]        [<ffffffff81665af8>] __inet_hash_nolisten+0x78/0x110
      [  523.815273]        [<ffffffff816819db>] tcp_v4_syn_recv_sock+0x24b/0x350
      [  523.822067]        [<ffffffff81684d41>] tcp_check_req+0x3c1/0x500
      [  523.828199]        [<ffffffff81682d09>] tcp_v4_do_rcv+0x239/0x3d0
      [  523.834331]        [<ffffffff816842fe>] tcp_v4_rcv+0xa8e/0xc10
      [  523.840202]        [<ffffffff81658fa3>] ip_local_deliver_finish+0x133/0x3e0
      [  523.847214]        [<ffffffff81659a9a>] ip_local_deliver+0xaa/0xc0
      [  523.853440]        [<ffffffff816593b8>] ip_rcv_finish+0x168/0x5c0
      [  523.859624]        [<ffffffff81659db7>] ip_rcv+0x307/0x420
      
      Lets use u64_sync infrastructure instead. As a bonus, 64bit
      arches get optimized, as these are nop for them.
      
      Fixes: 0df48c26 ("tcp: add tcpi_bytes_acked to tcp_info")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d654976c
  5. 22 5月, 2015 6 次提交