1. 26 4月, 2013 9 次提交
    • N
      powerpc/pseries: Use ARRAY_SIZE to iterate over firmware_features_table array · 43c0ea60
      Nathan Fontenot 提交于
      When iterating over the entries in firmware_features_table we only need
      to go over the actual number of entries in the array instead of declaring
      it to be bigger and checking to make sure there is a valid entry in every
      slot.
      
      This patch removes the FIRMWARE_MAX_FEATURES #define and replaces the
      array looping with the use of ARRAY_SIZE().
      Signed-off-by: NNathan Fontenot <nfont@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      43c0ea60
    • N
      powerpc/pseries: Move architecture vector definitions to prom.h · 530b5e14
      Nathan Fontenot 提交于
      As part of handling of PRRN events we need to check vector 5 of the
      architecture vector bits reported in the device tree to ensure PRRN event
      handling is enabled. To do this firmware_has_feature() is updated (in a
      subsequent patch) to make this check vector 5 bits. To avoid having to
      re-define bits in the architecture vector the bit definitions are moved
      to prom.h.
      Signed-off-by: NNathan Fontenot <nfont@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      530b5e14
    • J
      powerpc/pseries: Add PRRN RTAS event handler · 49c68a85
      Jesse Larrew 提交于
      A PRRN event is signaled via the RTAS event-scan mechanism, which
      returns a Hot Plug Event message "fixed part" indicating "Platform
      Resource Reassignment". In response to the Hot Plug Event message,
      we must call ibm,update-nodes to determine which resources were
      reassigned and then ibm,update-properties to obtain the new affinity
      information about those resources.
      
      The PRRN event-scan RTAS message contains only the "fixed part" with
      the "Type" field set to the value 160 and no Extended Event Log. The
      four-byte Extended Event Log Length field is re-purposed (since no
      Extended Event Log message is included) to pass the "scope" parameter
      that causes the ibm,update-nodes to return the nodes affected by the
      specific resource reassignment.
      
      This patch adds a handler for RTAS events. The function
      pseries_devicetree_update() (from mobility.c) is used to make the
      ibm,update-nodes/ibm,update-properties RTAS calls. Updating the NUMA maps
      (handled by a subsequent patch) will require significant processing,
      so pseries_devicetree_update() is called from an asynchronous workqueue
      to allow event processing to continue.
      
      PRRN RTAS events on pseries systems are rare events that have to be
      initiated from the HMC console for the system by an IBM tech. This allows
      us to assume that these events are widely spaced. Additionally, all work
      on the queue is flushed before handling any new work to ensure we only have
      one event in flight being handled at a time.
      Signed-off-by: NNathan Fontenot <nfont@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      49c68a85
    • N
      powerpc/pseries: Correct buffer parsing in update_dt_node() · 2e9b7b02
      Nathan Fontenot 提交于
      Correct parsing of the buffer returned from ibm,update-properties. The first
      element is a length and the path to the property which is slightly different
      from the list of properties in the buffer so we need to specifically
      handle this.
      Signed-off-by: NNathan Fontenot <nfont@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      2e9b7b02
    • N
      powerpc/pseries: Expose pseries devicetree_update() · 762ec157
      Nathan Fontenot 提交于
      Newer firmware on Power systems can transparently reassign platform resources
      (CPU and Memory) in use. For instance, if a processor or memory unit is
      predicted to fail, the platform may transparently move the processing to an
      equivalent unused processor or the memory state to an equivalent unused
      memory unit. However, reassigning resources across NUMA boundaries may alter
      the performance of the partition. When such reassignment is necessary, the
      Platform Resource Reassignment Notification (PRRN) option provides a
      mechanism to inform the Linux kernel of changes to the NUMA affinity of
      its platform resources.
      
      When rtasd receives a PRRN event, it needs to make a series of RTAS
      calls (ibm,update-nodes and ibm,update-properties) to retrieve the
      updated device tree information. These calls are already handled in the
      pseries_devicetree_update() routine used in partition migration.
      
      This patch exposes pseries_devicetree_update() to make it accessible
      to other pseries routines, this patch also updates pseries_devicetree_update()
      to take a 32-bit scope parameter. The scope value, which was previously hard
      coded to 1 for partition migration, is used for the RTAS calls
      ibm,update-nodes/properties to update the device tree.
      Signed-off-by: NNathan Fontenot <nfont@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      762ec157
    • M
      powerpc: Fix hardware IRQs with MMU on exceptions when HV=0 · 3e96ca7f
      Michael Neuling 提交于
      POWER8 allows us to take interrupts with the MMU on.  This gives us a
      second set of vectors offset at 0x4000.
      
      Unfortunately when coping these vectors we missed checking for MSR HV
      for hardware interrupts (0x500).  This results in us trying to use
      HSRR0/1 when HV=0, rather than SRR0/1 on HW IRQs
      
      The below fixes this to check CPU_FTR_HVMODE when patching the code at
      0x4500.
      
      Also we remove the check for CPU_FTR_ARCH_206 since relocation on IRQs
      are only available in arch 2.07 and beyond.
      
      Thanks to benh for helping find this.
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      CC: <stable@vger.kernel.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      3e96ca7f
    • M
      powerpc/power8: Fix secondary CPUs hanging on boot for HV=0 · 8c2a3817
      Michael Neuling 提交于
      In __restore_cpu_power8 we determine if we are HV and if not, we return
      before setting HV only resources.
      
      Unfortunately we forgot to restore the link register from r11 before
      returning.
      
      This will happen on boot and with secondary CPUs not coming online.
      
      This adds the missing link register restore.
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      CC: <stable@vger.kernel.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      8c2a3817
    • M
      powerpc: Add isync to copy_and_flush · 29ce3c50
      Michael Neuling 提交于
      In __after_prom_start we copy the kernel down to zero in two calls to
      copy_and_flush.  After the first call (copy from 0 to copy_to_here:)
      we jump to the newly copied code soon after.
      
      Unfortunately there's no isync between the copy of this code and the
      jump to it.  Hence it's possible that stale instructions could still be
      in the icache or pipeline before we branch to it.
      
      We've seen this on real machines and it's results in no console output
      after:
        calling quiesce...
        returning from prom_init
      
      The below adds an isync to ensure that the copy and flushing has
      completed before any branching to the new instructions occurs.
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      CC: <stable@vger.kernel.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      29ce3c50
    • M
      powerpc: Add HWCAP2 aux entry · 2171364d
      Michael Neuling 提交于
      We are currently out of free bits in AT_HWCAP. With POWER8, we have
      several hardware features that we need to advertise.
      
      Tested on POWER and x86.
      Signed-off-by: NMichael Neuling <michael@neuling.org>
      Signed-off-by: NNishanth Aravamudan <nacc@linux.vnet.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      2171364d
  2. 24 4月, 2013 7 次提交
  3. 23 4月, 2013 4 次提交
  4. 22 4月, 2013 3 次提交
  5. 21 4月, 2013 6 次提交
    • L
      Merge branch 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 830ac852
      Linus Torvalds 提交于
      Pull kdump fixes from Peter Anvin:
       "The kexec/kdump people have found several problems with the support
        for loading over 4 GiB that was introduced in this merge cycle.  This
        is partly due to a number of design problems inherent in the way the
        various pieces of kdump fit together (it is pretty horrifically manual
        in many places.)
      
        After a *lot* of iterations this is the patchset that was agreed upon,
        but of course it is now very late in the cycle.  However, because it
        changes both the syntax and semantics of the crashkernel option, it
        would be desirable to avoid a stable release with the broken
        interfaces."
      
      I'm not happy with the timing, since originally the plan was to release
      the final 3.9 tomorrow.  But apparently I'm doing an -rc8 instead...
      
      * 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kexec: use Crash kernel for Crash kernel low
        x86, kdump: Change crashkernel_high/low= to crashkernel=,high/low
        x86, kdump: Retore crashkernel= to allocate under 896M
        x86, kdump: Set crashkernel_low automatically
      830ac852
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · db93f8b4
      Linus Torvalds 提交于
      Pull x86 fixes from Peter Anvin:
       "Three groups of fixes:
      
         1. Make sure we don't execute the early microcode patching if family
            < 6, since it would touch MSRs which don't exist on those
            families, causing crashes.
      
         2. The Xen partial emulation of HyperV can be dealt with more
            gracefully than just disabling the driver.
      
         3. More EFI variable space magic.  In particular, variables hidden
            from runtime code need to be taken into account too."
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, microcode: Verify the family before dispatching microcode patching
        x86, hyperv: Handle Xen emulation of Hyper-V more gracefully
        x86,efi: Implement efi_no_storage_paranoia parameter
        efi: Export efi_query_variable_store() for efivars.ko
        x86/Kconfig: Make EFI select UCS2_STRING
        efi: Distinguish between "remaining space" and actually used space
        efi: Pass boot services variable info to runtime code
        Move utf16 functions to kernel core and rename
        x86,efi: Check max_size only if it is non-zero.
        x86, efivars: firmware bug workarounds should be in platform code
      db93f8b4
    • L
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 8c3a13c8
      Linus Torvalds 提交于
      Pull ARM fixes from Russell King:
       "A set of fixes from various people - Will Deacon gets a prize for
        removing code this time around.  The biggest fix in this lot is
        sorting out the ARM740T mess.  The rest are relatively small fixes."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7699/1: sched_clock: Add more notrace to prevent recursion
        ARM: 7698/1: perf: fix group validation when using enable_on_exec
        ARM: 7697/1: hw_breakpoint: do not use __cpuinitdata for dbg_cpu_pm_nb
        ARM: 7696/1: Fix kexec by setting outer_cache.inv_all for Feroceon
        ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch()
        ARM: 7692/1: iop3xx: move IOP3XX_PERIPHERAL_VIRT_BASE
        ARM: modules: don't export cpu_set_pte_ext when !MMU
        ARM: mm: remove broken condition check for v4 flushing
        ARM: mm: fix numerous hideous errors in proc-arm740.S
        ARM: cache: remove ARMv3 support code
        ARM: tlbflush: remove ARMv3 support
      8c3a13c8
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 851b3f32
      Linus Torvalds 提交于
      Pull sparc fixes from David Miller:
      
       1) Fix race in sparc64 TLB shootdowns, we have to synchronize with the
          sibling cpus completing if we are passing them a reference via
          pointer to a data structure.
      
       2) Fix cleaning of bitmaps in sparc32, from Akinobu Mita.
      
       3) Fix various sparc header mistakes, some of which resulted in
          userland build breakage.  From Sam Ravnborg.
      
       4) Kill ghost declarations and defines missed when several bits of code
          got deleted recently.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix race in TLB batch processing.
        sparc: use asm-generic version of types.h
        bbc_i2c: fix section mismatch warning
        sparc: use generic headers
        sparc:cleanup unused code in smp_32.h
        sparc/iommu: fix typo s/265KB/256KB/
        sparc/srmmu: clear trailing edge of bitmap properly
        sparc:remove unused declaration smp_boot_cpus()
      851b3f32
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c437d888
      Linus Torvalds 提交于
      Pull networking updates from David Miller:
      
       1) ax88796 does 64-bit divides which causes link errors on ARM, fix
          from Arnd Bergmann.
      
       2) Once an improper offload setting is detected on an SKB we don't rate
          limit the log message so we can very easily live lock.  From Ben
          Greear.
      
       3) Openvswitch cannot report vport configuration changes reliably
          because it didn't preallocate the netlink notification message
          before changing state.  From Jesse Gross.
      
       4) The effective UID/GID SCM credentials fix, from Linus.
      
       5) When a user explicitly asks for wireless authentication, cfg80211
          isn't told about the AP detachment leaving inconsistent state.  Fix
          from Johannes Berg.
      
       6) Fix self-MAC checks in batman-adv on multi-mesh nodes, from Antonio
          Quartulli.
      
       7) Revert build_skb() change sin IGB driver, can result in memory
          corruption.  From Alexander Duyck.
      
       8) Fix setting VLANs on virtual functions in IXGBE, from Greg Rose.
      
       9) Fix TSO races in qlcnic driver, from Sritej Velaga.
      
      10) In bnx2x the kernel driver and UNDI firmware can try to program the
          chip at the same time, resulting in corruption.  Add proper
          synchronization.  From Dmitry Kravkov.
      
      11) Fix corruption of status block in firmware ram in bxn2x, from Ariel
          Elior.
      
      12) Fix load balancing hash regression of bonding driver in forwarding
          configurations, from Eric Dumazet.
      
      13) Fix TS ECR regression in TCP by calling tcp_replace_ts_recent() in
          all the right spots, from Eric Dumazet.
      
      14) Fix several bonding bugs having to do with address manintainence,
          including not removing address when configuration operations
          encounter errors, missed locking on the address lists, missing
          refcounting on VLAN objects, etc.  All from Nikolay Aleksandrov.
      
      15) Add workarounds for firmware bugs in LTE qmi_wwan devices, wherein
          the devices fail to add a proper ethernet header while on LTE
          networks but otherwise properly do so on 2G and 3G ones.  From Bjørn
          Mork.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits)
        net: fix incorrect credentials passing
        net: rate-limit warn-bad-offload splats.
        net: ax88796: avoid 64 bit arithmetic
        qlge: Update version to 1.00.00.32.
        qlge: Fix ethtool autoneg advertising.
        qlge: Fix receive path to drop error frames
        net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround)
        net: qmi_wwan: fixup destination address (firmware bug workaround)
        net: qmi_wwan: fixup missing ethernet header (firmware bug workaround)
        bonding: in bond_mc_swap() bond's mc addr list is walked without lock
        bonding: disable netpoll on enslave failure
        bonding: primary_slave & curr_active_slave are not cleaned on enslave failure
        bonding: vlans don't get deleted on enslave failure
        bonding: mc addresses don't get deleted on enslave failure
        pkt_sched: fix error return code in fw_change_attrs()
        irda: small read past the end of array in debug code
        tcp: call tcp_replace_ts_recent() from tcp_ack()
        netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
        netfilter: ipset: bitmap:ip,mac: fix listing with timeout
        bonding: fix l23 and l34 load balancing in forwarding path
        ...
      c437d888
    • L
      net: fix incorrect credentials passing · 83f1b4ba
      Linus Torvalds 提交于
      Commit 257b5358 ("scm: Capture the full credentials of the scm
      sender") changed the credentials passing code to pass in the effective
      uid/gid instead of the real uid/gid.
      
      Obviously this doesn't matter most of the time (since normally they are
      the same), but it results in differences for suid binaries when the wrong
      uid/gid ends up being used.
      
      This just undoes that (presumably unintentional) part of the commit.
      Reported-by: NAndy Lutomirski <luto@amacapital.net>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Serge E. Hallyn <serge@hallyn.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: stable@vger.kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Acked-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      83f1b4ba
  6. 20 4月, 2013 11 次提交
    • H
      Merge remote-tracking branch 'efi/urgent' into x86/urgent · c0a9f451
      H. Peter Anvin 提交于
      Matt Fleming (1):
            x86, efivars: firmware bug workarounds should be in platform
            code
      
      Matthew Garrett (3):
            Move utf16 functions to kernel core and rename
            efi: Pass boot services variable info to runtime code
            efi: Distinguish between "remaining space" and actually used
            space
      
      Richard Weinberger (2):
            x86,efi: Check max_size only if it is non-zero.
            x86,efi: Implement efi_no_storage_paranoia parameter
      
      Sergey Vlasov (2):
            x86/Kconfig: Make EFI select UCS2_STRING
            efi: Export efi_query_variable_store() for efivars.ko
      Signed-off-by: NH. Peter Anvin <hpa@linux.intel.com>
      c0a9f451
    • H
      x86, microcode: Verify the family before dispatching microcode patching · 74c3e3fc
      H. Peter Anvin 提交于
      For each CPU vendor that implements CPU microcode patching, there will
      be a minimum family for which this is implemented.  Verify this
      minimum level of support.
      
      This can be done in the dispatch function or early in the application
      functions.  Doing the latter turned out to be somewhat awkward because
      of the ineviable split between the BSP and the AP paths, and rather
      than pushing deep into the application functions, do this in
      the dispatch function.
      Reported-by: N"Bryan O'Donoghue" <bryan.odonoghue.lkml@nexus-software.ie>
      Suggested-by: NBorislav Petkov <bp@alien8.de>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Link: http://lkml.kernel.org/r/1366392183-4149-1-git-send-email-bryan.odonoghue.lkml@nexus-software.ie
      74c3e3fc
    • B
      net: rate-limit warn-bad-offload splats. · c846ad9b
      Ben Greear 提交于
      If one does do something unfortunate and allow a
      bad offload bug into the kernel, this the
      skb_warn_bad_offload can effectively live-lock the
      system, filling the logs with the same error over
      and over.
      
      Add rate limitation to this so that box remains otherwise
      functional in this case.
      Signed-off-by: NBen Greear <greearb@candelatech.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c846ad9b
    • A
      net: ax88796: avoid 64 bit arithmetic · b261c20f
      Arnd Bergmann 提交于
      When building ax88796 on an ARM platform with 64-bit resource_size_t,
      we currently get
      
      drivers/net/ethernet/8390/ax88796.c:875: undefined reference to `__aeabi_uldivmod'
      
      because we do a division on the length of the MMIO resource.
      Since we know that this resource is very short, using an
      "unsigned long" instead of "resource_size_t" is entirely
      sufficient, and avoids this link-time error.
      
      Cc: Ben Dooks <ben-linux@fluff.org>
      Cc: netdev@vger.kernel.org
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b261c20f
    • J
      e393ce57
    • J
      qlge: Fix ethtool autoneg advertising. · c5e991af
      Jitendra Kalsaria 提交于
      Autoneg is supported on specific port types only. Fix the driver to advertise
      autoneg based on the port type.
      Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c5e991af
    • S
      qlge: Fix receive path to drop error frames · ae721f3a
      Sritej Velaga 提交于
      o Fix the driver to drop error frames in the receive path
      o Update error counter which was not getting incremented
      Signed-off-by: NSritej Velaga <sritej.velaga@qlogic.com>
      Signed-off-by: NJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ae721f3a
    • D
      Merge branch 'qmi_wwan' · b79d4a8d
      David S. Miller 提交于
      Bjørn Mork says:
      
      ====================
      This series adds workarounds for 3 different firmware bugs, each
      preventing the affected devices from working at all. I therefore
      humbly request that these fixes go to stable-3.8 (if still
      maintained) and 3.9 (either via net if still possible, or via
      stable if not).
      
      All 3 workarounds are applied to all devices supported by the driver.
      Adding quirks for specific devices was considered as an alternative,
      but was rejected because we have too little information about the
      exact distribution of the buggy firmwares. All we know is that the
      same bug shows up in devices from at least 3 different, and presumably
      independent, vendors.
      
      The workarounds have instead been designed to automatically apply
      when necessary, and to have as little impact as possible on unaffected
      devices.  The series has been tested on a number of devices both with
      and without these bugs.
      
      The series should apply cleanly to net/master, net-next/master and
      stable/linux-3.8.y
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b79d4a8d
    • B
      net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround) · cc6ba5fd
      Bjørn Mork 提交于
      We normally trust and use the CDC functional descriptors provided by a
      number of devices.  But some of these will erroneously list the address
      reserved for the device end of the link.  Attempting to use this on
      both the device and host side will naturally not work.
      
      Work around this bug by ignoring the functional descriptor and assign a
      random address instead in this case.
      Signed-off-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cc6ba5fd
    • B
      net: qmi_wwan: fixup destination address (firmware bug workaround) · 6483bdc9
      Bjørn Mork 提交于
      Received packets are sometimes addressed to 00:a0:c6:00:00:00
      instead of the address the device firmware should have learned
      from the host:
      
      321.224126 77.16.85.204 -> 148.122.171.134 ICMP 98 Echo (ping) request  id=0x4025, seq=64/16384, ttl=64
      
      0000  82 c0 82 c9 f1 67 82 c0 82 c9 f1 67 08 00 45 00   .....g.....g..E.
      0010  00 54 00 00 40 00 40 01 57 cc 4d 10 55 cc 94 7a   .T..@.@.W.M.U..z
      0020  ab 86 08 00 62 fc 40 25 00 40 b2 bc 6e 51 00 00   ....b.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      321.240607 148.122.171.134 -> 77.16.85.204 ICMP 98 Echo (ping) reply    id=0x4025, seq=64/16384, ttl=55
      
      0000  00 a0 c6 00 00 00 02 50 f3 00 00 00 08 00 45 00   .......P......E.
      0010  00 54 00 56 00 00 37 01 a0 76 94 7a ab 86 4d 10   .T.V..7..v.z..M.
      0020  55 cc 00 00 6a fc 40 25 00 40 b2 bc 6e 51 00 00   U...j.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      The bogus address is always the same, and matches the address
      suggested by many devices as a default address.  It is likely a
      hardcoded firmware default.
      
      The circumstances where this bug has been observed indicates that
      the trigger is related to timing or some other factor the host
      cannot control. Repeating the exact same configuration sequence
      that caused it to trigger once, will not necessarily cause it to
      trigger the next time. Reproducing the bug is therefore difficult.
      This opens up a possibility that the bug is more common than we can
      confirm, because affected devices often will work properly again
      after a reset.  A procedure most users are likely to try out before
      reporting a bug.
      
      Unconditionally rewriting the destination address if the first digit
      of the received packet is 0, is considered an acceptable compromise
      since we already have to inspect this digit.  The simplification will
      cause unnecessary rewrites if the real address starts with 0, but this
      is still better than adding additional tests for this particular case.
      Signed-off-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6483bdc9
    • B
      net: qmi_wwan: fixup missing ethernet header (firmware bug workaround) · 6ff509af
      Bjørn Mork 提交于
      A number of LTE devices from different vendors all suffer from the
      same firmware bug: Most of the packets received from the device while
      it is attached to a LTE network will not have an ethernet header. The
      devices work as expected when attached to 2G or 3G networks, sending
      an ethernet header with all packets.
      
      This driver is not aware of which network the modem attached to, and
      even if it were there are still some packet types which are always
      received with the header intact.
      
      All devices supported by this driver have severely limited
      networking capabilities:
       - can only transmit IPv4, IPv6 and possibly ARP
       - can only support a single host hardware address at any time
       - will only do point-to-point communcation with the host
      
      Because of this, we are able to reliably identify any bogus raw IP
      packets by simply looking at the 4 IP version bits.  All we need to
      do is to avoid 4 or 6 in the first digit of the mac address.  This
      workaround ensures this, and fix up the received packets as necessary.
      
      Given the distribution of the bug, it is believed that the source is
      the chipset vendor.  The devices which are verified to be affected are:
       Huawei E392u-12 (Qualcomm MDM9200)
       Pantech UML290  (Qualcomm MDM9600)
       Novatel USB551L (Qualcomm MDM9600)
       Novatel E362    (Qualcomm MDM9600)
      
      It is believed that the bug depend on firmware revision, which means
      that possibly all devices based on the above mentioned chipset may be
      affected if we consider all available firmware revisions.
      
      The information about affected devices and versions is likely
      incomplete.  As the additional overhead for packets not needing this
      fixup is very small, it is considered acceptable to apply the
      workaround to all devices handled by this driver.
      Reported-by: NDan Williams <dcbw@redhat.com>
      Signed-off-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6ff509af