1. 10 12月, 2016 2 次提交
  2. 09 12月, 2016 3 次提交
    • L
      Merge branch 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · a37102dc
      Linus Torvalds 提交于
      Pull parisc fixes from Helge Deller:
       "Three important fixes for the parisc architecture.
      
        Dave provided two patches: One which purges the TLB before setting a
        PTE entry and a second one which drops unnecessary TLB flushes. Both
        patches have been tested for one week on the debian buildd servers and
        prevent random segmentation faults.
      
        The patch from me fixes a crash at boot inside the TLB measuring code
        on SMP machines with PA8000-PA8700 CPUs (specifically A500-44 and
        J5000 servers)"
      
      * 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix TLB related boot crash on SMP machines
        parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm
        parisc: Purge TLB before setting PTE
      a37102dc
    • H
      parisc: Fix TLB related boot crash on SMP machines · 24d0492b
      Helge Deller 提交于
      At bootup we run measurements to calculate the best threshold for when we
      should be using full TLB flushes instead of just flushing a specific amount of
      TLB entries.  This performance test is run over the kernel text segment.
      
      But running this TLB performance test on the kernel text segment turned out to
      crash some SMP machines when the kernel text pages were mapped as huge pages.
      
      To avoid those crashes this patch simply skips this test on some SMP machines
      and calculates an optimal threshold based on the maximum number of available
      TLB entries and number of online CPUs.
      
      On a technical side, this seems to happen:
      The TLB measurement code uses flush_tlb_kernel_range() to flush specific TLB
      entries with a page size of 4k (pdtlb 0(sr1,addr)). On UP systems this purge
      instruction seems to work without problems even if the pages were mapped as
      huge pages.  But on SMP systems the TLB purge instruction is broadcasted to
      other CPUs. Those CPUs then crash the machine because the page size is not as
      expected.  C8000 machines with PA8800/PA8900 CPUs were not affected by this
      problem, because the required cache coherency prohibits to use huge pages at
      all.  Sadly I didn't found any documentation about this behaviour, so this
      finding is purely based on testing with phyiscal SMP machines (A500-44 and
      J5000, both were 2-way boxes).
      
      Cc: <stable@vger.kernel.org> # v3.18+
      Signed-off-by: NHelge Deller <deller@gmx.de>
      24d0492b
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · b4aafe77
      Linus Torvalds 提交于
      Pull SCSI fix from James Bottomley:
       "One small fix for a regression in a prior fix (again).
      
        This time the condition in the prior fix BUG_ON proved to be wrong
        under certain circumstances causing a BUG to trigger where it
        shouldn't in the lpfc driver"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put()
      b4aafe77
  3. 08 12月, 2016 14 次提交
  4. 07 12月, 2016 17 次提交
    • J
      parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm · febe4296
      John David Anglin 提交于
      We have four routines in pacache.S that use temporary alias pages:
      copy_user_page_asm(), clear_user_page_asm(), flush_dcache_page_asm() and
      flush_icache_page_asm().  copy_user_page_asm() and clear_user_page_asm()
      don't purge the TLB entry used for the operation.
      flush_dcache_page_asm() and flush_icache_page_asm do purge the entry.
      
      Presumably, this was thought to optimize TLB use.  However, the
      operation is quite heavy weight on PA 1.X processors as we need to take
      the TLB lock and a TLB broadcast is sent to all processors.
      
      This patch removes the purges from flush_dcache_page_asm() and
      flush_icache_page_asm.
      Signed-off-by: NJohn David Anglin  <dave.anglin@bell.net>
      Cc: <stable@vger.kernel.org> # v3.16+
      Signed-off-by: NHelge Deller <deller@gmx.de>
      febe4296
    • J
      parisc: Purge TLB before setting PTE · c78e710c
      John David Anglin 提交于
      The attached change interchanges the order of purging the TLB and
      setting the corresponding page table entry.  TLB purges are strongly
      ordered.  It occurred to me one night that setting the PTE first might
      have subtle ordering issues on SMP machines and cause random memory
      corruption.
      
      A TLB lock guards the insertion of user TLB entries.  So after the TLB
      is purged, a new entry can't be inserted until the lock is released.
      This ensures that the new PTE value is used when the lock is released.
      
      Since making this change, no random segmentation faults have been
      observed on the Debian hppa buildd servers.
      Signed-off-by: NJohn David Anglin  <dave.anglin@bell.net>
      Cc: <stable@vger.kernel.org> # v3.16+
      Signed-off-by: NHelge Deller <deller@gmx.de>
      c78e710c
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · bc3913a5
      Linus Torvalds 提交于
      Pull sparc fix from David Miller:
       "A use-before-NULL-check from Dan Carpenter"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        dbri: move dereference after check for NULL
      bc3913a5
    • D
      dbri: move dereference after check for NULL · 163117e8
      Dan Carpenter 提交于
      We accidentally introduced a dereference before the NULL check in
      xmit_descs() as part of silencing a GCC warning.
      
      Fixes: 16f46050 ("dbri: Fix compiler warning")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      163117e8
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · da1b466f
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) When dcbnl_cee_fill() fails to be able to push a new netlink
          attribute, it return 0 instead of an error code. From Pan Bian.
      
       2) Two suffix handling fixes to FIB trie code, from Alexander Duyck.
      
       3) bnxt_hwrm_stat_ctx_alloc() goes through all the trouble of setting
          and maintaining a return code 'rc' but fails to actually return it.
          Also from Pan Bian.
      
       4) ping socket ICMP handler needs to validate ICMP header length, from
          Kees Cook.
      
       5) caif_sktinit_module() has this interesting logic:
      
              int err = sock_register(...);
              if (!err)
                      return err;
              return 0;
      
          Just return sock_register()'s return value directly which is the
          only possible correct thing to do.
      
       6) Two bnx2x driver fixes from Yuval Mintz, return a reasonable
          estimate from get_ringparam() ethtool op when interface is down and
          avoid trying to use UDP port based tunneling on 577xx chips.
      
       7) Fix ep93xx_eth crash on module unload from Florian Fainelli.
      
       8) Missing uapi exports, from Stephen Hemminger.
      
       9) Don't schedule work from sk_destruct(), because the socket will be
          freed upon return from that function. From Herbert Xu.
      
      10) Buggy drivers, of which we know there is at least one, can send a
          huge packet into the TCP stack but forget to set the gso_size in the
          SKB, which causes all kinds of problems.
      
          Correct this when it happens, and emit a one-time warning with the
          device name included so that it can be diagnosed more easily.
      
          From Marcelo Ricardo Leitner.
      
      11) virtio-net does DMA off the stack causes hiccups with VMAP_STACK,
          fix from Andy Lutomirski.
      
      12) Fix fec driver compilation with CONFIG_M5272, from Nikita
          Yushchenko.
      
      13) mlx5 fixes from Kamal Heib, Saeed Mahameed, and Mohamad Haj Yahia.
          (erroneously flushing queues on error, module parameter validation,
          etc)
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        net/mlx5e: Change the SQ/RQ operational state to positive logic
        net/mlx5e: Don't flush SQ on error
        net/mlx5e: Don't notify HW when filling the edge of ICO SQ
        net/mlx5: Fix query ISSI flow
        net/mlx5: Remove duplicate pci dev name print
        net/mlx5: Verify module parameters
        net: fec: fix compile with CONFIG_M5272
        be2net: Add DEVSEC privilege to SET_HSW_CONFIG command.
        virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address()
        tcp: warn on bogus MSS and try to amend it
        uapi glibc compat: fix outer guard of net device flags enum
        net: stmmac: clear reset value of snps, wr_osr_lmt/snps, rd_osr_lmt before writing
        netlink: Do not schedule work from sk_destruct
        uapi: export nf_log.h
        uapi: export tc_skbmod.h
        net: ep93xx_eth: Do not crash unloading module
        bnx2x: Prevent tunnel config for 577xx
        bnx2x: Correct ringparam estimate when DOWN
        isdn: hisax: set error code on failure
        net: bnx2x: fix improper return value
        ...
      da1b466f
    • L
      shmem: fix shm fallocate() list corruption · 10d20bd2
      Linus Torvalds 提交于
      The shmem hole punching with fallocate(FALLOC_FL_PUNCH_HOLE) does not
      want to race with generating new pages by faulting them in.
      
      However, the wait-queue used to delay the page faulting has a serious
      problem: the wait queue head (in shmem_fallocate()) is allocated on the
      stack, and the code expects that "wake_up_all()" will make sure that all
      the queue entries are gone before the stack frame is de-allocated.
      
      And that is not at all necessarily the case.
      
      Yes, a normal wake-up sequence will remove the wait-queue entry that
      caused the wakeup (see "autoremove_wake_function()"), but the key
      wording there is "that caused the wakeup".  When there are multiple
      possible wakeup sources, the wait queue entry may well stay around.
      
      And _particularly_ in a page fault path, we may be faulting in new pages
      from user space while we also have other things going on, and there may
      well be other pending wakeups.
      
      So despite the "wake_up_all()", it's not at all guaranteed that all list
      entries are removed from the wait queue head on the stack.
      
      Fix this by introducing a new wakeup function that removes the list
      entry unconditionally, even if the target process had already woken up
      for other reasons.  Use that "synchronous" function to set up the
      waiters in shmem_fault().
      
      This problem has never been seen in the wild afaik, but Dave Jones has
      reported it on and off while running trinity.  We thought we fixed the
      stack corruption with the blk-mq rq_list locking fix (commit
      7fe31130: "blk-mq: update hardware and software queues for sleeping
      alloc"), but it turns out there was _another_ stack corruptor hiding
      in the trinity runs.
      
      Vegard Nossum (also running trinity) was able to trigger this one fairly
      consistently, and made us look once again at the shmem code due to the
      faults often being in that area.
      
      Reported-and-tested-by: Vegard Nossum <vegard.nossum@oracle.com>.
      Reported-by: NDave Jones <davej@codemonkey.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      10d20bd2
    • D
      Merge branch 'mlx5-fixes' · 32f16e14
      David S. Miller 提交于
      Saeed Mahameed says:
      
      ====================
      Mellanox 100G mlx5 fixes 2016-12-04
      
      Some bug fixes for mlx5 core and mlx5e driver.
      
      v1->v2:
       - replace "uint" with "unsigned int"
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32f16e14
    • M
      net/mlx5e: Change the SQ/RQ operational state to positive logic · c0f1147d
      Mohamad Haj Yahia 提交于
      When using the negative logic (i.e. FLUSH state), after the RQ/SQ reopen
      we will have a time interval that the RQ/SQ is not really ready and the
      state indicates that its not in FLUSH state because the initial SQ/RQ struct
      memory starts as zeros.
      Now we changed the state to indicate if the SQ/RQ is opened and we will
      set the READY state after finishing preparing all the SQ/RQ resources.
      
      Fixes: 6e8dd6d6 ("net/mlx5e: Don't wait for SQ completions on close")
      Fixes: f2fde18c ("net/mlx5e: Don't wait for RQ completions on close")
      Signed-off-by: NMohamad Haj Yahia <mohamad@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0f1147d
    • S
      net/mlx5e: Don't flush SQ on error · 3c8591d5
      Saeed Mahameed 提交于
      We are doing SQ descriptors cleanup in driver.
      
      Fixes: 6e8dd6d6 ("net/mlx5e: Don't wait for SQ completions on close")
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3c8591d5
    • S
      net/mlx5e: Don't notify HW when filling the edge of ICO SQ · b8335d91
      Saeed Mahameed 提交于
      We are going to do this a couple of steps ahead anyway.
      
      Fixes: d3c9bc27 ("net/mlx5e: Added ICO SQs")
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b8335d91
    • K
      net/mlx5: Fix query ISSI flow · f9c14e46
      Kamal Heib 提交于
      In old FWs query ISSI command is not supported and for some of those FWs
      it might fail with status other than "MLX5_CMD_STAT_BAD_OP_ERR".
      
      In such case instead of failing the driver load, we will treat any FW
      status other than 0 for Query ISSI FW command as ISSI not supported and
      assume ISSI=0 (most basic driver/FW interface).
      
      In case of driver syndrom (query ISSI failure by driver) we will fail
      driver load.
      
      Fixes: f62b8bb8 ('net/mlx5: Extend mlx5_core to support ConnectX-4
      Ethernet functionality')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9c14e46
    • K
      net/mlx5: Remove duplicate pci dev name print · 9e5b2fc1
      Kamal Heib 提交于
      Remove duplicate pci dev name printing from mlx5_core_warn/dbg.
      
      Fixes: 5a788398 ('net/mlx5_core: Improve mlx5 messages')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e5b2fc1
    • K
      net/mlx5: Verify module parameters · f663ad98
      Kamal Heib 提交于
      Verify the mlx5_core module parameters by making sure that they are in
      the expected range and if they aren't restore them to their default
      values.
      
      Fixes: 9603b61d ('mlx5: Move pci device handling from mlx5_ib to mlx5_core')
      Signed-off-by: NKamal Heib <kamalh@mellanox.com>
      Signed-off-by: NSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f663ad98
    • N
      net: fec: fix compile with CONFIG_M5272 · f85de666
      Nikita Yushchenko 提交于
      Commit 80cca775 ("net: fec: cache statistics while device is down")
      introduced unconditional statistics-related actions.
      
      However, when driver is compiled with CONFIG_M5272, staticsics-related
      definitions do not exist, which results into build errors.
      
      Fix that by adding explicit handling of !defined(CONFIG_M5272) case.
      
      Fixes: 80cca775 ("net: fec: cache statistics while device is down")
      Signed-off-by: NNikita Yushchenko <nikita.yoush@cogentembedded.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f85de666
    • V
      be2net: Add DEVSEC privilege to SET_HSW_CONFIG command. · d14584d9
      Venkat Duvvuru 提交于
      OPCODE_COMMON_GET_FN_PRIVILEGES is returning only DEVSEC
      privilege (Unrestricted Administrative Privilege) for Lancer NIC functions.
      So, driver is failing SET_HSW_CONFIG command, as DEVSEC privilege was not
      set in the privilege bitmap. This patch fixes the problem by setting DEVSEC
      privilege in SET_HSW_CONFIG’s privilege bitmap.
      Signed-off-by: NVenkat Duvvuru <venkatkumar.duvvuru@broadcom.com>
      Signed-off-by: NSuresh Reddy <suresh.reddy@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d14584d9
    • A
      virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address() · e37e2ff3
      Andy Lutomirski 提交于
      With CONFIG_VMAP_STACK=y, virtnet_set_mac_address() can be passed a
      pointer to the stack and it will OOPS.  Copy the address to the heap
      to prevent the crash.
      
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Jason Wang <jasowang@redhat.com>
      Cc: Laura Abbott <labbott@redhat.com>
      Reported-by: zbyszek@in.waw.pl
      Signed-off-by: NAndy Lutomirski <luto@kernel.org>
      Acked-by: NJason Wang <jasowang@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e37e2ff3
    • M
      tcp: warn on bogus MSS and try to amend it · dcb17d22
      Marcelo Ricardo Leitner 提交于
      There have been some reports lately about TCP connection stalls caused
      by NIC drivers that aren't setting gso_size on aggregated packets on rx
      path. This causes TCP to assume that the MSS is actually the size of the
      aggregated packet, which is invalid.
      
      Although the proper fix is to be done at each driver, it's often hard
      and cumbersome for one to debug, come to such root cause and report/fix
      it.
      
      This patch amends this situation in two ways. First, it adds a warning
      on when this situation occurs, so it gives a hint to those trying to
      debug this. It also limit the maximum probed MSS to the adverised MSS,
      as it should never be any higher than that.
      
      The result is that the connection may not have the best performance ever
      but it shouldn't stall, and the admin will have a hint on what to look
      for.
      
      Tested with virtio by forcing gso_size to 0.
      
      v2: updated msg per David's suggestion
      v3: use skb_iif to find the interface and also log its name, per Eric
          Dumazet's suggestion. As the skb may be backlogged and the interface
          gone by then, we need to check if the number still has a meaning.
      v4: use helper tcp_gro_dev_warn() and avoid pr_warn_once inside __once, per
          David's suggestion
      
      Cc: Jonathan Maxwell <jmaxwell37@gmail.com>
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dcb17d22
  5. 06 12月, 2016 4 次提交
    • J
      uapi glibc compat: fix outer guard of net device flags enum · efc45154
      Jonas Gorski 提交于
      Fix a wrong condition preventing the higher net device flags
      IFF_LOWER_UP etc to be defined if net/if.h is included before
      linux/if.h.
      
      The comment makes it clear the intention was to allow partial
      definition with either parts.
      
      This fixes compilation of userspace programs trying to use
      IFF_LOWER_UP, IFF_DORMANT or IFF_ECHO.
      
      Fixes: 4a91cb61 ("uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h")
      Signed-off-by: NJonas Gorski <jonas.gorski@gmail.com>
      Reviewed-by: NMikko Rapeli <mikko.rapeli@iki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      efc45154
    • N
      net: stmmac: clear reset value of snps, wr_osr_lmt/snps, rd_osr_lmt before writing · 6b3374cb
      Niklas Cassel 提交于
      WR_OSR_LMT and RD_OSR_LMT have a reset value of 1.
      Since the reset value wasn't cleared before writing, the value in the
      register would be incorrect if specifying an uneven value for
      snps,wr_osr_lmt/snps,rd_osr_lmt.
      
      Zero is a valid value for the properties, since the databook specifies:
      maximum outstanding requests = WR_OSR_LMT + 1.
      
      We do not want to change the behavior for existing users when the
      property is missing. Therefore, default to 1 if the property is missing,
      since that is the same as the reset value.
      Signed-off-by: NNiklas Cassel <niklas.cassel@axis.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6b3374cb
    • M
      fuse: fix clearing suid, sgid for chown() · c01638f5
      Miklos Szeredi 提交于
      Basically, the pjdfstests set the ownership of a file to 06555, and then
      chowns it (as root) to a new uid/gid. Prior to commit a09f99ed ("fuse:
      fix killing s[ug]id in setattr"), fuse would send down a setattr with both
      the uid/gid change and a new mode.  Now, it just sends down the uid/gid
      change.
      
      Technically this is NOTABUG, since POSIX doesn't _require_ that we clear
      these bits for a privileged process, but Linux (wisely) has done that and I
      think we don't want to change that behavior here.
      
      This is caused by the use of should_remove_suid(), which will always return
      0 when the process has CAP_FSETID.
      
      In fact we really don't need to be calling should_remove_suid() at all,
      since we've already been indicated that we should remove the suid, we just
      don't want to use a (very) stale mode for that.
      
      This patch should fix the above as well as simplify the logic.
      
      Reported-by: Jeff Layton <jlayton@redhat.com> 
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Fixes: a09f99ed ("fuse: fix killing s[ug]id in setattr")
      Cc: <stable@vger.kernel.org>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      c01638f5
    • D
      lockdep: Fix report formatting · f943fe0f
      Dmitry Vyukov 提交于
      Since commit:
      
        4bcc595c ("printk: reinstate KERN_CONT for printing continuation lines")
      
      printk() requires KERN_CONT to continue log messages. Lots of printk()
      in lockdep.c and print_ip_sym() don't have it. As the result lockdep
      reports are completely messed up.
      
      Add missing KERN_CONT and inline print_ip_sym() where necessary.
      
      Example of a messed up report:
      
        0-rc5+ #41 Not tainted
        -------------------------------------------------------
        syz-executor0/5036 is trying to acquire lock:
         (
        rtnl_mutex
        ){+.+.+.}
        , at:
        [<ffffffff86b3d6ac>] rtnl_lock+0x1c/0x20
        but task is already holding lock:
         (
        &net->packet.sklist_lock
        ){+.+...}
        , at:
        [<ffffffff873541a6>] packet_diag_dump+0x1a6/0x1920
        which lock already depends on the new lock.
        the existing dependency chain (in reverse order) is:
        -> #3
         (
        &net->packet.sklist_lock
        +.+...}
        ...
      
      Without this patch all scripts that parse kernel bug reports are broken.
      Signed-off-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: andreyknvl@google.com
      Cc: aryabinin@virtuozzo.com
      Cc: joe@perches.com
      Cc: syzkaller@googlegroups.com
      Link: http://lkml.kernel.org/r/1480343083-48731-1-git-send-email-dvyukov@google.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
      f943fe0f