Граф коммитов

722688 Коммитов

Автор SHA1 Сообщение Дата
Wei Wang 9ee11bd03c tcp: fix potential underestimation on rcv_rtt
When ms timestamp is used, current logic uses 1us in
tcp_rcv_rtt_update() when the real rcv_rtt is within 1 - 999us.
This could cause rcv_rtt underestimation.
Fix it by always using a min value of 1ms if ms timestamp is used.

Fixes: 645f4c6f2e ("tcp: switch rcv_rtt_est and rcvq_space to high resolution timestamps")
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 16:01:17 -05:00
Stephen Hemminger c009cb842f skge: remove redundunt free_irq under spinlock
The code to handle multi-port SKGE boards was freeing IRQ
twice. The first one was under lock and might sleep.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 15:47:00 -05:00
Colin Ian King 3b3397e203 net: phy: meson-gxl: make function meson_gxl_read_status static
The function meson_gxl_read_status is local to the source and does
not need to be in global scope, so make it static.

Cleans up sparse warning:
symbol 'meson_gxl_read_status' was not declared. Should it be static?

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 15:04:40 -05:00
Russell King 94a5ef1b77 of_mdio / mdiobus: ensure mdio devices have fwnode correctly populated
Ensure that all mdio devices populate the struct device fwnode pointer
as well as the of_node pointer to allow drivers that wish to use
fwnode APIs to work.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Rob Herring <robh@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 15:01:47 -05:00
Russell King f5e64032a7 net: phy: fix resume handling
When a PHY has the BMCR_PDOWN bit set, it may decide to ignore writes
to other registers, or reset the registers to power-on defaults.
Micrel PHYs do this for their interrupt registers.

The current structure of phylib tries to enable interrupts before
resuming (and releasing) the BMCR_PDOWN bit.  This fails, causing
Micrel PHYs to stop working after a suspend/resume sequence if they
are using interrupts.

Fix this by ensuring that the PHY driver resume methods do not take
the phydev->lock mutex themselves, but the callers of phy_resume()
take that lock.  This then allows us to move the call to phy_resume()
before we enable interrupts in phy_start().

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 15:00:10 -05:00
Russell King cd8165c3d5 ARM: dts: vf610-zii-dev: use XAUI for DSA link ports
Use XAUI rather than XGMII for DSA link ports, as this is the interface
mode that the switches actually use. XAUI is the 4 lane bus with clock
per direction, whereas XGMII is a 32 bit bus with clock.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 14:59:15 -05:00
Russell King 2e51a8dc7f net: dsa: allow XAUI phy interface mode
XGMII is a 32-bit bus plus two clock signals per direction.  XAUI is
four serial lanes per direction.  The 88e6190 supports XAUI but not
XGMII as it doesn't have enough pins.  The same is true of 88e6176.

Match on PHY_INTERFACE_MODE_XAUI for the XAUI port type, but keep
accepting XGMII for backwards compatibility.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 14:59:15 -05:00
Jia-Ju Bai 6e266610eb hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
The driver may sleep under a spinlock.
The function call path is:
rr_close (acquire the spinlock)
  free_irq --> may sleep

To fix it, free_irq is moved to the place without holding the spinlock.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 14:52:57 -05:00
David S. Miller d6da83813f Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The follow patchset contains Netfilter fixes for your net tree,
they are:

1) Fix compilation warning in x_tables with clang due to useless
   redundant reassignment, from Colin Ian King.

2) Add bugtrap to net_exit to catch uninitialized lists, patch
   from Vasily Averin.

3) Fix out of bounds memory reads in H323 conntrack helper, this
   comes with an initial patch to remove replace the obscure
   CHECK_BOUND macro as a dependency. From Eric Sesterhenn.

4) Reduce retransmission timeout when window is 0 in TCP conntrack,
   from Florian Westphal.

6) ctnetlink clamp timeout to INT_MAX if timeout is too large,
   otherwise timeout wraps around and it results in killing the
   entry that is being added immediately.

7) Missing CAP_NET_ADMIN checks in cthelper and xt_osf, due to
   no netns support. From Kevin Cernekee.

8) Missing maximum number of instructions checks in xt_bpf, patch
   from Jann Horn.

9) With no CONFIG_PROC_FS ipt_CLUSTERIP compilation breaks,
   patch from Arnd Bergmann.

10) Missing netlink attribute policy in nftables exthdr, from
    Florian Westphal.

11) Enable conntrack with IPv6 MASQUERADE rules, as a357b3f80b
    should have done in first place, from Konstantin Khlebnikov.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 14:12:20 -05:00
Branislav Radocaj 2a9ee696c7 net: ethernet: arc: fix error handling in emac_rockchip_probe
If clk_set_rate() fails, we should disable clk before return.
Found by Linux Driver Verification project (linuxtesting.org).

Changes since v2 [1]:
* Merged with latest code changes

Changes since v1:
Update made thanks to David's review, much appreciated David.
* Improved inconsistent failure handling of clock rate setting
* For completeness of usecase, added arc_emac_probe error handling

Signed-off-by: Branislav Radocaj <branislav@radocaj.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:57:06 -05:00
Sebastian Sjoholm aceef61ee5 net: qmi_wwan: add Sierra EM7565 1199:9091
Sierra Wireless EM7565 is an Qualcomm MDM9x50 based M.2 modem.
The USB id is added to qmi_wwan.c to allow QMI communication
with the EM7565.

Signed-off-by: Sebastian Sjoholm <ssjoholm@mac.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:55:09 -05:00
Kevin Cernekee a46182b002 net: igmp: Use correct source address on IGMPv3 reports
Closing a multicast socket after the final IPv4 address is deleted
from an interface can generate a membership report that uses the
source IP from a different interface.  The following test script, run
from an isolated netns, reproduces the issue:

    #!/bin/bash

    ip link add dummy0 type dummy
    ip link add dummy1 type dummy
    ip link set dummy0 up
    ip link set dummy1 up
    ip addr add 10.1.1.1/24 dev dummy0
    ip addr add 192.168.99.99/24 dev dummy1

    tcpdump -U -i dummy0 &
    socat EXEC:"sleep 2" \
        UDP4-DATAGRAM:239.101.1.68:8889,ip-add-membership=239.0.1.68:10.1.1.1 &

    sleep 1
    ip addr del 10.1.1.1/24 dev dummy0
    sleep 5
    kill %tcpdump

RFC 3376 specifies that the report must be sent with a valid IP source
address from the destination subnet, or from address 0.0.0.0.  Add an
extra check to make sure this is the case.

Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:51:27 -05:00
Jon Maloy c545a945d0 tipc: eliminate potential memory leak
In the function tipc_sk_mcast_rcv() we call refcount_dec(&skb->users)
on received sk_buffers. Since the reference counter might hit zero at
this point, we have a potential memory leak.

We fix this by replacing refcount_dec() with kfree_skb().

Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:44:36 -05:00
Pravin Shedge 83593010d3 net: remove duplicate includes
These duplicate includes have been found with scripts/checkincludes.pl but
they have been removed manually to avoid removing false positives.

Signed-off-by: Pravin Shedge <pravin.shedge4linux@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:18:46 -05:00
Eric Dumazet b5476022bb ipv4: igmp: guard against silly MTU values
IPv4 stack reacts to changes to small MTU, by disabling itself under
RTNL.

But there is a window where threads not using RTNL can see a wrong
device mtu. This can lead to surprises, in igmp code where it is
assumed the mtu is suitable.

Fix this by reading device mtu once and checking IPv4 minimal MTU.

This patch adds missing IPV4_MIN_MTU define, to not abuse
ETH_MIN_MTU anymore.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:13:58 -05:00
Eric Dumazet b9b312a7a4 ipv6: mcast: better catch silly mtu values
syzkaller reported crashes in IPv6 stack [1]

Xin Long found that lo MTU was set to silly values.

IPv6 stack reacts to changes to small MTU, by disabling itself under
RTNL.

But there is a window where threads not using RTNL can see a wrong
device mtu. This can lead to surprises, in mld code where it is assumed
the mtu is suitable.

Fix this by reading device mtu once and checking IPv6 minimal MTU.

[1]
 skbuff: skb_over_panic: text:0000000010b86b8d len:196 put:20
 head:000000003b477e60 data:000000000e85441e tail:0xd4 end:0xc0 dev:lo
 ------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:104!
 invalid opcode: 0000 [#1] SMP KASAN
 Dumping ftrace buffer:
    (ftrace buffer empty)
 Modules linked in:
 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.15.0-rc2-mm1+ #39
 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
 Google 01/01/2011
 RIP: 0010:skb_panic+0x15c/0x1f0 net/core/skbuff.c:100
 RSP: 0018:ffff8801db307508 EFLAGS: 00010286
 RAX: 0000000000000082 RBX: ffff8801c517e840 RCX: 0000000000000000
 RDX: 0000000000000082 RSI: 1ffff1003b660e61 RDI: ffffed003b660e95
 RBP: ffff8801db307570 R08: 1ffff1003b660e23 R09: 0000000000000000
 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85bd4020
 R13: ffffffff84754ed2 R14: 0000000000000014 R15: ffff8801c4e26540
 FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000463610 CR3: 00000001c6698000 CR4: 00000000001406e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  <IRQ>
  skb_over_panic net/core/skbuff.c:109 [inline]
  skb_put+0x181/0x1c0 net/core/skbuff.c:1694
  add_grhead.isra.24+0x42/0x3b0 net/ipv6/mcast.c:1695
  add_grec+0xa55/0x1060 net/ipv6/mcast.c:1817
  mld_send_cr net/ipv6/mcast.c:1903 [inline]
  mld_ifc_timer_expire+0x4d2/0x770 net/ipv6/mcast.c:2448
  call_timer_fn+0x23b/0x840 kernel/time/timer.c:1320
  expire_timers kernel/time/timer.c:1357 [inline]
  __run_timers+0x7e1/0xb60 kernel/time/timer.c:1660
  run_timer_softirq+0x4c/0xb0 kernel/time/timer.c:1686
  __do_softirq+0x29d/0xbb2 kernel/softirq.c:285
  invoke_softirq kernel/softirq.c:365 [inline]
  irq_exit+0x1d3/0x210 kernel/softirq.c:405
  exiting_irq arch/x86/include/asm/apic.h:540 [inline]
  smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052
  apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:920

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Tested-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 13:13:15 -05:00
Geert Uytterhoeven 6b782f43d3 Revert "ravb: add workaround for clock when resuming with WoL enabled"
This reverts commit fbf3d034f2.

As of commit 560869100b ("clk: renesas: cpg-mssr: Restore module
clocks during resume"), the workaround is no longer needed.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Acked-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-13 11:18:40 -05:00
Christoph Paasch 30791ac419 tcp md5sig: Use skb's saddr when replying to an incoming segment
The MD5-key that belongs to a connection is identified by the peer's
IP-address. When we are in tcp_v4(6)_reqsk_send_ack(), we are replying
to an incoming segment from tcp_check_req() that failed the seq-number
checks.

Thus, to find the correct key, we need to use the skb's saddr and not
the daddr.

This bug seems to have been there since quite a while, but probably got
unnoticed because the consequences are not catastrophic. We will call
tcp_v4_reqsk_send_ack only to send a challenge-ACK back to the peer,
thus the connection doesn't really fail.

Fixes: 9501f97229 ("tcp md5sig: Let the caller pass appropriate key for tcp_v{4,6}_do_calc_md5_hash().")
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-12 11:15:42 -05:00
Xin Long 200809716a fou: fix some member types in guehdr
guehdr struct is used to build or parse gue packets, which
are always in big endian. It's better to define all guehdr
members as __beXX types.

Also, in validate_gue_flags it's not good to use a __be32
variable for both Standard flags(__be16) and Private flags
(__be32), and pass it to other funcions.

This patch could fix a bunch of sparse warnings from fou.

Fixes: 5024c33ac3 ("gue: Add infrastructure for flags and options")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 14:10:06 -05:00
Xin Long 2342b8d95b sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
Now in sctp_setsockopt_reset_streams, it only does the check
optlen < sizeof(*params) for optlen. But it's not enough, as
params->srs_number_streams should also match optlen.

If the streams in params->srs_stream_list are less than stream
nums in params->srs_number_streams, later when dereferencing
the stream list, it could cause a slab-out-of-bounds crash, as
reported by syzbot.

This patch is to fix it by also checking the stream numbers in
sctp_setsockopt_reset_streams to make sure at least it's not
greater than the streams in the list.

Fixes: 7f9d68ac94 ("sctp: implement sender-side procedures for SSN Reset Request Parameter")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 14:08:21 -05:00
Mohamed Ghannam 8f659a03a0 net: ipv4: fix for a race condition in raw_sendmsg
inet->hdrincl is racy, and could lead to uninitialized stack pointer
usage, so its value should be read only once.

Fixes: c008ba5bdc ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 14:05:31 -05:00
Kevin Cernekee 93c647643b netlink: Add netns check on taps
Currently, a nlmon link inside a child namespace can observe systemwide
netlink activity.  Filter the traffic so that nlmon can only sniff
netlink messages from its own netns.

Test case:

    vpnns -- bash -c "ip link add nlmon0 type nlmon; \
                      ip link set nlmon0 up; \
                      tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
    sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
        spi 0x1 mode transport \
        auth sha1 0x6162633132330000000000000000000000000000 \
        enc aes 0x00000000000000000000000000000000
    grep --binary abc123 /tmp/nlmon.pcap

Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 11:58:18 -05:00
Thomas Petazzoni 2aab6b40b0 net: sh_eth: do not advertise Gigabit capabilities when not available
Not all variants of the sh_eth hardware have Gigabit
support. Unfortunately, the current driver doesn't tell the PHY about
the limited MAC capabilities. Due to this, if you have a Gigabit
capable PHY, the PHY will advertise its Gigabit capability and
establish a link at 1Gbit/s, even though the MAC doesn't support it.

In order to avoid this, we use the recently introduced
phy_set_max_speed() to tell the PHY to not advertise speed higher than
100 MBit/s.

Tested on a SH7786 platform, with a Gigabit PHY.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 11:53:55 -05:00
Jerome Brunet f1e2400a80 net: phy: meson-gxl: detect LPA corruption
The purpose of this change is to fix the incorrect detection of the link
partner (LP) advertised capabilities which sometimes happens with this PHY
(roughly 1 time in a dozen)

This issue may cause the link to be negotiated at 10Mbps/Full or
10Mbps/Half when 100MBps/Full is actually possible. In some case, the link
is even completely broken and no communication is possible.

To detect the corruption, we must look for a magic undocumented bit in the
WOL bank (hint given by the SoC vendor kernel) but this is not enough to
cover all cases. We also have to look at the LPA ack. If the LP supports
Aneg but did not ack our base code when aneg is completed, we assume
something went wrong.

The detection of a corrupted LPA triggers a restart of the aneg process.
This solves the problem but may take up to 6 retries to complete.

Fixes: 7334b3e47a ("net: phy: Add Meson GXL Internal PHY driver")
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 11:18:33 -05:00
Konstantin Khlebnikov 23715275e4 netfilter: ip6t_MASQUERADE: add dependency on conntrack module
After commit 4d3a57f23d ("netfilter: conntrack: do not enable connection
tracking unless needed") conntrack is disabled by default unless some
module explicitly declares dependency in particular network namespace.

Fixes: a357b3f80b ("netfilter: nat: add dependencies on conntrack module")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-12-11 17:04:50 +01:00
Michael S. Tsirkin a8ceb5dbfd ptr_ring: add barriers
Users of ptr_ring expect that it's safe to give the
data structure a pointer and have it be available
to consumers, but that actually requires an smb_wmb
or a stronger barrier.

In absence of such barriers and on architectures that reorder writes,
consumer might read an un=initialized value from an skb pointer stored
in the skb array.  This was observed causing crashes.

To fix, add memory barriers.  The barrier we use is a wmb, the
assumption being that producers do not need to read the value so we do
not need to order these reads.

Reported-by: George Cherian <george.cherian@cavium.com>
Suggested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 10:52:23 -05:00
David S. Miller f0f1d0166b Three fixes:
* for certificate C file generation, don't use hexdump as it's
    not always installed by default, use pure posix instead (od/sed)
  * for certificate C file generation, don't write the file if
    anything fails, so the build abort will not cause a bad build
    upon a second attempt
  * fix locking in ieee80211_sta_tear_down_BA_sessions() which had
    been causing lots of locking warnings
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAlouVRAACgkQB8qZga/f
 l8RRdg/+J6dq+Y5WmdRVniKh+XR+6wu1nMLh5LcTKhhh3e1yv2No8T3V8CxT4eGC
 YEsqjoJT4MF8WMN/qx6DqqKi8jRPuUEUIoFsM0Joz8EBXkkS3lC0Rnzp1ZlMXHwD
 aJ+aY5SrQL9isVN50traO6DPbr0fXiy4af8XLty49lmFdAO0OdxwMFu6WhkS24ej
 g7bMMW8MqHgytolhWrpaiAEcj1wa2kTyzGXmAvv0IztxLrJyRNljnJwnme3vN1b7
 E5niCdTbnHkifxHIZqgX2u5Vhn26c+kkhom6WJGv3TTsVQGeERbT3qQHksCN2sNf
 /mgiLgEQp9XW8PejYgTrGlalIX5dr2E5mU0kXYIiG1xf8Q0BwZzDRiSqZD9p5dYW
 NSbnK+ZmHc+5WyvdNZqv09rTKRFeq8QUwy53MOFeD2MMHqjn1KfUaqm+d2AGbPn0
 Trm1Vpk0NFvBvEhpfZrauye7iZkXWYdasaZDRdmRkkiWTW9tgtSH3BTUQIaRbbxh
 sgE+oY1yZxle/1atLQV70Kku7yFChjPc6qEfFEobygWzl+wbyu0ipBvCD7gyEJKy
 yPQ4kEJLqY4Vh4A/riprrjyD/06QTVUF5PgBeTfLgTI5NJ1Z4Dfw51Y65fr3stb6
 QvUj+eJiVebBRNP4C4CjLA4n65QlYFTJWQnNyreLqkjlB8tob64=
 =Mgd9
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2017-12-11' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
Three fixes:
 * for certificate C file generation, don't use hexdump as it's
   not always installed by default, use pure posix instead (od/sed)
 * for certificate C file generation, don't write the file if
   anything fails, so the build abort will not cause a bad build
   upon a second attempt
 * fix locking in ieee80211_sta_tear_down_BA_sessions() which had
   been causing lots of locking warnings
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-11 09:39:14 -05:00
Florian Westphal f5b5702ac5 netfilter: exthdr: add missign attributes to policy
Add missing netlink attribute policy.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-12-11 13:46:04 +01:00
Johannes Berg 0afe9d4ab9 mac80211: fix locking in ieee80211_sta_tear_down_BA_sessions
Due to overlap between
commit 1281103770 ("mac80211: Simplify locking in ieee80211_sta_tear_down_BA_sessions()")
and the way that Luca modified
commit 72e2c3438b ("mac80211: tear down RX aggregations first")
when sending it upstream from Intel's internal tree, we get
the following warning:

WARNING: CPU: 0 PID: 5472 at net/mac80211/agg-tx.c:315 ___ieee80211_stop_tx_ba_session+0x158/0x1f0

since there's no appropriate locking around the call to
___ieee80211_stop_tx_ba_session; Sara's original just had
a call to the locked __ieee80211_stop_tx_ba_session (one
less underscore) but it looks like Luca modified both of
the calls when fixing it up for upstream, leading to the
problem at hand.

Move the locking appropriately to fix this problem.

Reported-by: Kalle Valo <kvalo@codeaurora.org>
Reported-by: Pavel Machek <pavel@ucw.cz>
Tested-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-12-11 10:50:00 +01:00
Michal Hocko f335195adf kmemcheck: rip it out for real
Commit 4675ff05de ("kmemcheck: rip it out") has removed the code but
for some reason SPDX header stayed in place.  This looks like a rebase
mistake in the mmotm tree or the merge mistake.  Let's drop those
leftovers as well.

Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-12-08 13:40:17 -08:00
Linus Torvalds e9ef1fe312 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) CAN fixes from Martin Kelly (cancel URBs properly in all the CAN usb
    drivers).

 2) Revert returning -EEXIST from __dev_alloc_name() as this propagates
    to userspace and broke some apps. From Johannes Berg.

 3) Fix conn memory leaks and crashes in TIPC, from Jon Malloc and Cong
    Wang.

 4) Gianfar MAC can't do EEE so don't advertise it by default, from
    Claudiu Manoil.

 5) Relax strict netlink attribute validation, but emit a warning. From
    David Ahern.

 6) Fix regression in checksum offload of thunderx driver, from Florian
    Westphal.

 7) Fix UAPI bpf issues on s390, from Hendrik Brueckner.

 8) New card support in iwlwifi, from Ihab Zhaika.

 9) BBR congestion control bug fixes from Neal Cardwell.

10) Fix port stats in nfp driver, from Pieter Jansen van Vuuren.

11) Fix leaks in qualcomm rmnet, from Subash Abhinov Kasiviswanathan.

12) Fix DMA API handling in sh_eth driver, from Thomas Petazzoni.

13) Fix spurious netpoll warnings in bnxt_en, from Calvin Owens.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (67 commits)
  net: mvpp2: fix the RSS table entry offset
  tcp: evaluate packet losses upon RTT change
  tcp: fix off-by-one bug in RACK
  tcp: always evaluate losses in RACK upon undo
  tcp: correctly test congestion state in RACK
  bnxt_en: Fix sources of spurious netpoll warnings
  tcp_bbr: reset long-term bandwidth sampling on loss recovery undo
  tcp_bbr: reset full pipe detection on loss recovery undo
  tcp_bbr: record "full bw reached" decision in new full_bw_reached bit
  sfc: pass valid pointers from efx_enqueue_unwind
  gianfar: Disable EEE autoneg by default
  tcp: invalidate rate samples during SACK reneging
  can: peak/pcie_fd: fix potential bug in restarting tx queue
  can: usb_8dev: cancel urb on -EPIPE and -EPROTO
  can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
  can: esd_usb2: cancel urb on -EPIPE and -EPROTO
  can: ems_usb: cancel urb on -EPIPE and -EPROTO
  can: mcba_usb: cancel urb on -EPROTO
  usbnet: fix alignment for frames with no ethernet header
  tcp: use current time in tcp_rcv_space_adjust()
  ...
2017-12-08 13:32:44 -08:00
Linus Torvalds 77071bc6c4 media fixes for v4.15-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaKrOpAAoJEAhfPr2O5OEVK5sP/iHWDJtRw/WWBYOqF9cGFl0o
 ssh1iXJAsOmLjaARMOkxQBPLwTvVMreux2fHow/mukrXB8BIR7OmflBaQRLM3lbW
 xm9G4yarXf7xgkxngisemQrJiweNyaNDX9P0BqJLV55Xhp+rO2Q6rutspho3xzoo
 Pmz7bgnt0FjBKz+0LWnKnzozdNinj2uhTdBOTgm9rUuUUGiAVTAQSNUq2e5Gzw3m
 DhO4UPOJDRmnZ6Rqldq2pD2wzmRfbVonirz7IEh7j2opcAoCM2TnmM+Z9C5zjlUj
 XVFagiR+XG8lsh2zvHdweter4X9DqLBlMbBDVAQ+vH+xhBuz63Yqq1pSIvXA342U
 rs1X182FSyE+pOxipuae94csHkyzlb9tmzoiUoItU+QXi8Wlg8pLH6GFQe/72t/g
 HpcXMBq2lflc2KDstx+QGs/G+1EYtz64vUXZ4pvuIitrhdbd5ulLh7Y7nb7qfEym
 WEHpaJwxh4MZh6RzB2tq+Tvy0/sD1krNjPTXtf2CuTdFNUuvk8QenRW1q2YVA06L
 UOTxRpfPYUPwhGKOoKb2IJ5g1xoztoqMaafdsUJ16H7fcuVtE9xQayVCVhaBuo08
 4g7SFCb7MhNLFG1Su291u9PKYlvGhCJaDPKE/6E+IM6szxt7h/kveYsdb05yWOoB
 di+cIWZkCRUzbO7fxz4J
 =xoHW
 -----END PGP SIGNATURE-----

Merge tag 'media/v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:

 "A series of fixes for the media subsytem:

   - The largest amount of fixes in this series is with regards to
     comments that aren't kernel-doc, but start with "/**".

     A new check added for 4.15 makes it to produce a *huge* amount of
     new warnings (I'm compiling here with W=1). Most of the patches in
     this series fix those.

     No code changes - just comment changes at the source files

   - rc: some fixed in order to better handle RC repetition codes

   - v4l-async: use the v4l2_dev from the root notifier when matching
     sub-devices

   - v4l2-fwnode: Check subdev count after checking port

   - ov 13858 and et8ek8: compilation fix with randconfigs

   - usbtv: a trivial new USB ID addition

   - dibusb-common: don't do DMA on stack on firmware load

   - imx274: Fix error handling, add MAINTAINERS entry

   - sir_ir: detect presence of port"

* tag 'media/v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (50 commits)
  media: imx274: Fix error handling, add MAINTAINERS entry
  media: v4l: async: use the v4l2_dev from the root notifier when matching sub-devices
  media: v4l2-fwnode: Check subdev count after checking port
  media: et8ek8: select V4L2_FWNODE
  media: ov13858: Select V4L2_FWNODE
  media: rc: partial revert of "media: rc: per-protocol repeat period"
  media: dvb: i2c transfers over usb cannot be done from stack
  media: dvb-frontends: complete kernel-doc markups
  media: docs: add documentation for frontend attach info
  media: dvb_frontends: fix kernel-doc macros
  media: drivers: remove "/**" from non-kernel-doc comments
  media: lm3560: add a missing kernel-doc parameter
  media: rcar_jpu: fix two kernel-doc markups
  media: vsp1: add a missing kernel-doc parameter
  media: soc_camera: fix a kernel-doc markup
  media: mt2063: fix some kernel-doc warnings
  media: radio-wl1273: fix a parameter name at kernel-doc macro
  media: s3c-camif: add missing description at s3c_camif_find_format()
  media: mtk-vpu: add description for wdt fields at struct mtk_vpu
  media: vdec: fix some kernel-doc warnings
  ...
2017-12-08 13:18:47 -08:00
Linus Torvalds 4066aa72f9 i915, amdgpu + misc fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJaKedrAAoJEAx081l5xIa+CLkP/AkLTMW17WT/aktLfq4/+NQV
 WGcLxQw+SB9iYMffFUNdQdMqv3pKsDzeatifxNuoRnjvK6rNZDUFK11SoTEFCdA+
 opI3zBPiyMVv71LtLF/r2kj3Vw5rnARdCg24FIzptGg/4j+G0EOb9uzd9qjmjof1
 r2XD1f0mjIG6SREMYCZPJj/Q/ZGfWFKXxcatmf87sAoq4o2nfoQ1Sl0T4cnMV7yp
 FzzFKA/j6OaiVa0Tb1KiJOl8VnW5f9STanUynFcPtKd2mhDcVaEP4lAfBhHgccd8
 ufmsyPJDadGQDT0iQY5E8n+ht124wg4gW8TKGqyxDfxuzTFj2k62WOUMH4eSjGSt
 x7SHEewTQLoV5kIPp0y00T2NWuA4/jmjjgllQZgqSFwnsv8fQ9/GwLNPWrUGM0+z
 6sqzj7QRyn8GGuYblqVghVYj0bX3ovmYlLzOaKZ+pNSM34hLBFRenZQ5mKJ6WrcE
 SIKzuQm3HEC8KwNw72zZ6+zz5fc7x9KuURztwEPt6vOMnxz1PtjWSdHzfvja4cH2
 6D2t0lZSqkM244FFG4ImFP6CDF+8vaY7i9YybjYteycWH7o9haVa869vCxUdNUWo
 DDghWKPRjbl7LJLJ14BxMrg0+sk+XWYcoZXjUAM0rYFFOWoFkVAlF8Sy3kgb5Pky
 wMLalQohWFbkZY60q02h
 =2f34
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "This pull is a bit larger than I'd like but a large bunch of it is
  license fixes, AMD wanted to fix the licenses for a bunch of files
  that were missing them,

 Otherwise a bunch of TTM regression fix since the hugepage support,
 some i915 and gvt fixes, a core connector free in a safe context fix,
 and one bridge fix"

* tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux: (26 commits)
  drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback
  Revert "drm/i915: Display WA #1133 WaFbcSkipSegments:cnl, glk"
  drm/vc4: Fix false positive WARN() backtrace on refcount_inc() usage
  drm/i915: Call i915_gem_init_userptr() before taking struct_mutex
  drm/exynos: remove unnecessary function declaration
  drm/exynos: remove unnecessary descrptions
  drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
  drm/exynos: Fix dma-buf import
  drm/ttm: swap consecutive allocated pooled pages v4
  drm: safely free connectors from connector_iter
  drm/i915/gvt: set max priority for gvt context
  drm/i915/gvt: Don't mark vgpu context as inactive when preempted
  drm/i915/gvt: Limit read hw reg to active vgpu
  drm/i915/gvt: Export intel_gvt_render_mmio_to_ring_id()
  drm/i915/gvt: Emulate PCI expansion ROM base address register
  drm/ttm: swap consecutive allocated cached pages v3
  drm/ttm: roundup the shrink request to prevent skip huge pool
  drm/ttm: add page order support in ttm_pages_put
  drm/ttm: add set_pages_wb for handling page order more than zero
  drm/ttm: add page order in page pool
  ...
2017-12-08 13:11:57 -08:00
Linus Torvalds 7267212c80 Merge tag 'md/4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md
Pull md fixes from Shaohua Li:
 "Some MD fixes.

  The notable one is a raid5-cache deadlock bug with dm-raid, others are
  not significant"

* tag 'md/4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md:
  md/raid1/10: add missed blk plug
  md: limit mdstat resync progress to max_sectors
  md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
  md/raid5: correct degraded calculation in raid5_error
2017-12-08 13:03:02 -08:00
Linus Torvalds 78d9b04844 DeviceTree fixes for v4.15 (part2):
- Fixes from overlay code rework. A trifecta of fixes to the locking,
   an out of bounds access, and a memory leak in of_overlay_apply().
 
 - Clean-up at25 eeprom binding document
 
 - Remove leading '0x' in unit-addresses from binding docs
 -----BEGIN PGP SIGNATURE-----
 
 iQItBAABCAAXBQJaKrC8EBxyb2JoQGtlcm5lbC5vcmcACgkQ+vtdtY28YcPY7Q/9
 GOZDOhajewVoYo+LkKl8+1wtdih7QHOvziKY8Jn1Nd/o6ASXU5ltOxvk5iF/q4tz
 x7JFKMkUo8eyOy5p5XnkqAzOnQ+rP+aRvHxjeAiMtQZRtMcDJ6bv4FRMI4/hq610
 QocAcxzblXJayy/Ad2sbuMr34O6QBkvnicMiLHZNb2IhCgk0nxBbyiNJDr868XE6
 CwlkKgo+y0fFJKkW3y4v4jaMdMlmcxTPTY+4jOJoGnnD1LgNwNRgkTFCzRQLebBk
 E5D6XweMS7G0IOO8wLYEn70JYsNk4wRGjIvlZGR1e5REQNgT9H+1J8rXLxlWc5rk
 l2o4V3+nrBj3BpVCG5oQWBrwVsMZS8ExdnRnrGmZJ25C1EFzlRHGYtsvo6fvXsLs
 T2VfYPEDhN5IHZiUU/rcHfz1VpHjuBrtFStPQkFTSTfO52n22Q5KWBxHUqUjXbBZ
 phcPoHcDm+FfO4swkLuIP0wDAiNj8SJpJJNnHLrgIuy52UvXe/VD5BlY5RgXIZbg
 XhxAcsNKrqfH8ggfbM7ndXkUoFrDyl/dOupfwbtwzNqDQiPGvpjkr9hmE7XIL2aJ
 tyGahgkpZ3n49oGJPe5rTHKJacZBkl6rNI2CFQfERXyGYUmQSEU6AViSSyRG6ljK
 kXLmIzNPgJJF/I9YC3q8Wr6FUoOAapE7Zww/Cc83xJ8=
 =vBBN
 -----END PGP SIGNATURE-----

Merge tag 'devicetree-fixes-for-4.15-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull DeviceTree fixes from Rob Herring:
 "Another set of DT fixes:

   - Fixes from overlay code rework. A trifecta of fixes to the locking,
     an out of bounds access, and a memory leak in of_overlay_apply()

   - Clean-up at25 eeprom binding document

   - Remove leading '0x' in unit-addresses from binding docs"

* tag 'devicetree-fixes-for-4.15-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
  of: overlay: Make node skipping in init_overlay_changeset() clearer
  of: overlay: Fix out-of-bounds write in init_overlay_changeset()
  of: overlay: Fix (un)locking in of_overlay_apply()
  of: overlay: Fix memory leak in of_overlay_apply() error path
  dt-bindings: eeprom: at25: Document device-specific compatible values
  dt-bindings: eeprom: at25: Grammar s/are can/can/
  dt-bindings: Remove leading 0x from bindings notation
  of: overlay: Remove else after goto
  of: Spelling s/changset/changeset/
  of: unittest: Remove bogus overlay mutex release from overlay_data_add()
2017-12-08 13:00:51 -08:00
Linus Torvalds 900add27f5 virtio: bugfixes
A couple of minor bugfixes.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJaKW26AAoJECgfDbjSjVRpDwIH/1tq1vcjd5i00nh+gQD7jWm2
 qWrpcKbsS0ANTvhm9UNFY24BVoPuNpNrApQpuBxmgxE/XGqx7A+8xXhwPAM5lLiG
 uDSPB2nsfjvEUOde7bgeR+t6ay+Ki2UWKzY46lSoCTcIN7BSVFWQZonsGu2xLDzz
 kKpCtlobXRnXzeWm+fh1oOZu/cn/TuAF0mbb+6TUQqSsHAt6PQ3Hwsly2EmQV5xR
 of6Si/TnxFOkhZUKpezbuTU/g/20ZkHUSzgfrOuZLGonaIvZIE6BUm8m21/IgCbw
 WnwSqe66WsWF2vd0RDLFq4L3qaRyGn+W7iYo3KPbwIPEEotSRFMUgixBWBB3IgU=
 =Pf4w
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio bugfixes from Michael Tsirkin:
 "A couple of minor bugfixes"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio_net: fix return value check in receive_mergeable()
  virtio_mmio: add cleanup for virtio_mmio_remove
  virtio_mmio: add cleanup for virtio_mmio_probe
2017-12-08 12:58:51 -08:00
Linus Torvalds 32abeb09ab xen: fixes for 4.15-rc3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABAgAGBQJaKlu/AAoJELDendYovxMvaqoH/i7gN9xry7QkUM6RkwddGwYY
 v0rqaUo4WCW27yFOE7Bzej9Y+W92/eFPJnVUhc/quTVfV+uEjbs4PiAwuxSr+lIU
 X+BhBNbEi9C5RlRL1z75J0ZySyu6WXL2hsmPbc0wrrqdQikfiZ7bnRjdGAHh5C5C
 TijKQKGZTt6ccjIPUEZTIqeajOt/p7uxkCXPWhHQA1mudf9PVhsKyYnGdYp5gp8X
 KID+8XmKtAcSwPUz+eG9vGlGwmP28mH0BfCT0suC2uUI4o+PJFPqBTlfsco2kfHO
 NqVCgnMZs31Js8mdEVz8h2ZO8m2T5m1oml1zOeyDbgTJ8yjqgADy8K6Lm38clko=
 =ZHtb
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "Just two small fixes for the new pvcalls frontend driver"

* tag 'for-linus-4.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/pvcalls: Fix a check in pvcalls_front_remove()
  xen/pvcalls: check for xenbus_read() errors
2017-12-08 12:53:43 -08:00
Linus Torvalds d90696ed61 powerpc fixes for 4.15 #4
One notable fix for kexec on Power9, where we were not clearing MMU PID properly
 which sometimes leads to hangs. Finally debugged to a root cause by Nick.
 
 A revert of a patch which tried to rework our panic handling to get more output
 on the console, but inadvertently broke reporting the panic to the hypervisor,
 which apparently people care about.
 
 Then a fix for an oops in the PMU code, and finally some s/%p/%px/ in xmon.
 
 Thanks to:
   David Gibson, Nicholas Piggin, Ravi Bangoria.
 -----BEGIN PGP SIGNATURE-----
 
 iQIwBAABCAAaBQJaKoWXExxtcGVAZWxsZXJtYW4uaWQuYXUACgkQUevqPMjhpYAp
 Rw/+KRvwt1jt3vFKrWlcXQ4Mx4UTseSaBO7FsGwyANqNGUNvkIEIAZYu6M9x0LLh
 tfVowZdJ2vQrgdZy4Rd5zhIjzVaybyENMAMZFmGCxQUidORdibP2qT+3612FmQl0
 rczQB4Ra1Jymw+42iwe4WQfyta9cvVgfk7D+1KVWaCXQ0lx8DynZ75yK+U0fensz
 FPQNdtkfC2D37IFrqtgGBS5YLkeQpfftm8C/eBG0n2tv8PO1KM5xwVU8Ovf5LoIm
 8NbWL//H+zUOoU2jCGHDMfg1qLv9owScTMRtquQSmrE1i21mE2lLOSDSM105+AP2
 7CVRMMkth8V9w/nauPq0a5OGyzJWtClI9qj2ZPWS2wPF331g58GUNJsEy7OQAJgO
 QZoqcCkpT5qarmxkcKJlYZGF6AZ/4mIBL9mucfQc/afEgRUqksaUKck0qD5SW28j
 fm3pPjlMyf2vMRKGgaE9/+by5N/Bmxy2VCoFSuhm1ZrQsIpZXtp/Mfylqz0msdhU
 VCt4T229S7rdCQTn2TyMNW+iVmjlgvR4OUXvba/eBz67gzGk4huLNB4EnEwHA/SK
 qhkTJqYbP9B/MBD9GrNLFzG5yZTTv+3OA/aehL0PEGouV7cgMEqyGtYw2afwggRC
 sf+veK/2apPMnlA5WItEa7JPWaTLsxljZ65acskb7S/4W8g=
 =wU60
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.15-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 "One notable fix for kexec on Power9, where we were not clearing MMU
  PID properly which sometimes leads to hangs. Finally debugged to a
  root cause by Nick.

  A revert of a patch which tried to rework our panic handling to get
  more output on the console, but inadvertently broke reporting the
  panic to the hypervisor, which apparently people care about.

  Then a fix for an oops in the PMU code, and finally some s/%p/%px/ in
  xmon.

  Thanks to: David Gibson, Nicholas Piggin, Ravi Bangoria"

* tag 'powerpc-4.15-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/xmon: Don't print hashed pointers in xmon
  powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
  Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier"
  powerpc/perf: Fix oops when grouping different pmu events
2017-12-08 12:52:09 -08:00
David S. Miller fd29117aeb linux-can-fixes-for-4.15-20171208
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEE4bay/IylYqM/npjQHv7KIOw4HPYFAloqeVYTHG1rbEBwZW5n
 dXRyb25peC5kZQAKCRAe/sog7Dgc9tiqCADK4f/QYW5q5jC93A6JZSItI8vAK2+h
 0s4MRTj9x+thBIGIhJ59uYBSTd374bvsWmrGdV7CBoGX4TnEJfGiMV77lpGnGRVG
 jpzk9cSFoAnE5UW2qZlF+JM8SNEFlU18MCQQlnMzKbSGerUAlveK+mcF5sJrqrQh
 CGZ9MH1Bp4Fz3WMRQ9hHzKWjTOhhM54qjPceCVTZM6I0RJam6I2lpVZPQeom9uVa
 r+F5Lv2ZOpNZc+8Pbu+L95YyivKKaQOPzeP4btFLNEHUyFDygHcv2iKRIn9MdEu2
 2XfaDVKk2Ey/qWc782SLBxLOihnhWltwC7Kg1ZnrLhNZ6V5UbYQ5FzF4
 =OMZE
 -----END PGP SIGNATURE-----

Merge tag 'linux-can-fixes-for-4.15-20171208' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2017-12-08

this is a pull request of 6 patches for net/master.

Martin Kelly provides 5 patches for various USB based CAN drivers, that
properly cancel the URBs on adapter unplug, so that the driver doesn't
end up in an endless loop. Stephane Grosjean provides a patch to restart
the tx queue if zero length packages are transmitted.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:53:54 -05:00
David S. Miller 03afb6e43a wireless-drivers fixes for 4.15
Second set of fixes for 4.15. This time a lot of iwlwifi patches and
 two brcmfmac patches. Most important here are the MIC and IVC fixes
 for iwlwifi to unbreak 9000 series.
 
 iwlwifi
 
 * fix rate-scaling to not start lowest possible rate
 
 * fix the TX queue hang detection for AP/GO modes
 
 * fix the TX queue hang timeout in monitor interfaces
 
 * fix packet injection
 
 * remove a wrong error message when dumping PCI registers
 
 * fix race condition with RF-kill
 
 * tell mac80211 when the MIC has been stripped (9000 series)
 
 * tell mac80211 when the IVC has been stripped (9000 series)
 
 * add 2 new PCI IDs, one for 9000 and one for 22000
 
 * fix a queue hang due during a P2P Remain-on-Channel operation
 
 brcmfmac
 
 * fix a race which sometimes caused a crash during sdio unbind
 
 * fix a kernel-doc related build error
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJaKp9UAAoJEG4XJFUm622bhXgH+wTtTVEH0lAOTtK+PyBkxkRH
 Q+55Yf1XZ9lNYxmfXhYgObusSbmeL8tClMuISCcQS9gX0um1Vuuud4CLemgO2V7R
 V1xuWTKjanaKf8PouKx9SUt1Fx6CsFdwlivJX+eZTfKlKYtwNbNX4onWl9GN2jVZ
 5/2l+m3MJbTMMzarZTGLkBJqpTk8DGTNINtKeRd+VF+717SlbqpRlw1TTlbVJcR2
 nHcJ3p5JGbU/+hOTroOWUr7kGdpdYlWLfcyOL8iT3rZXtAzH/POjPAmQv9VVRaC+
 anm5zn+gZ5GH9XF+pc3nrGOEZ2Ei4LtszMQjdo4Zo9V3ngCj/0OoEnkto6VLbkw=
 =lzG8
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2017-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
wireless-drivers fixes for 4.15

Second set of fixes for 4.15. This time a lot of iwlwifi patches and
two brcmfmac patches. Most important here are the MIC and IVC fixes
for iwlwifi to unbreak 9000 series.

iwlwifi

* fix rate-scaling to not start lowest possible rate

* fix the TX queue hang detection for AP/GO modes

* fix the TX queue hang timeout in monitor interfaces

* fix packet injection

* remove a wrong error message when dumping PCI registers

* fix race condition with RF-kill

* tell mac80211 when the MIC has been stripped (9000 series)

* tell mac80211 when the IVC has been stripped (9000 series)

* add 2 new PCI IDs, one for 9000 and one for 22000

* fix a queue hang due during a P2P Remain-on-Channel operation

brcmfmac

* fix a race which sometimes caused a crash during sdio unbind

* fix a kernel-doc related build error
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:48:49 -05:00
Antoine Tenart 8a7b741e76 net: mvpp2: fix the RSS table entry offset
The macro used to access or set an RSS table entry was using an offset
of 8, while it should use an offset of 0. This lead to wrongly configure
the RSS table, not accessing the right entries.

Fixes: 1d7d15d79f ("net: mvpp2: initialize the RSS tables")
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:35:15 -05:00
David S. Miller b7e445a1c8 Merge branch 'tcp-RACK-loss-recovery-bug-fixes'
Yuchung Cheng says:

====================
tcp: RACK loss recovery bug fixes

This patch set has four minor bug fixes in TCP RACK loss recovery.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:14:12 -05:00
Yuchung Cheng 6065fd0d17 tcp: evaluate packet losses upon RTT change
RACK skips an ACK unless it advances the most recently delivered
TX timestamp (rack.mstamp). Since RACK also uses the most recent
RTT to decide if a packet is lost, RACK should still run the
loss detection whenever the most recent RTT changes. For example,
an ACK that does not advance the timestamp but triggers the cwnd
undo due to reordering, would then use the most recent (higher)
RTT measurement to detect further losses.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Priyaranjan Jha <priyarjha@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:14:11 -05:00
Yuchung Cheng 428aec5e69 tcp: fix off-by-one bug in RACK
RACK should mark a packet lost when remaining wait time is zero.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Priyaranjan Jha <priyarjha@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:14:11 -05:00
Yuchung Cheng cd1fc85b43 tcp: always evaluate losses in RACK upon undo
When sender detects spurious retransmission, all packets
marked lost are remarked to be in-flight. However some may
be considered lost based on its timestamps in RACK. This patch
forces RACK to re-evaluate, which may be skipped previously if
the ACK does not advance RACK timestamp.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Priyaranjan Jha <priyarjha@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:14:11 -05:00
Yuchung Cheng 0ce294d884 tcp: correctly test congestion state in RACK
RACK does not test the loss recovery state correctly to compute
the reordering window. It assumes if lost_out is zero then TCP is
not in loss recovery. But it can be zero during recovery before
calling tcp_rack_detect_loss(): when an ACK acknowledges all
packets marked lost before receiving this ACK, but has not yet
to discover new ones by tcp_rack_detect_loss(). The fix is to
simply test the congestion state directly.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Priyaranjan Jha <priyarjha@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:14:11 -05:00
Calvin Owens 2edbdb3159 bnxt_en: Fix sources of spurious netpoll warnings
After applying 2270bc5da3 ("bnxt_en: Fix netpoll handling") and
903649e718 ("bnxt_en: Improve -ENOMEM logic in NAPI poll loop."),
we still see the following WARN fire:

  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 1875170 at net/core/netpoll.c:165 netpoll_poll_dev+0x15a/0x160
  bnxt_poll+0x0/0xd0 exceeded budget in poll
  <snip>
  Call Trace:
   [<ffffffff814be5cd>] dump_stack+0x4d/0x70
   [<ffffffff8107e013>] __warn+0xd3/0xf0
   [<ffffffff8107e07f>] warn_slowpath_fmt+0x4f/0x60
   [<ffffffff8179519a>] netpoll_poll_dev+0x15a/0x160
   [<ffffffff81795f38>] netpoll_send_skb_on_dev+0x168/0x250
   [<ffffffff817962fc>] netpoll_send_udp+0x2dc/0x440
   [<ffffffff815fa9be>] write_ext_msg+0x20e/0x250
   [<ffffffff810c8125>] call_console_drivers.constprop.23+0xa5/0x110
   [<ffffffff810c9549>] console_unlock+0x339/0x5b0
   [<ffffffff810c9a88>] vprintk_emit+0x2c8/0x450
   [<ffffffff810c9d5f>] vprintk_default+0x1f/0x30
   [<ffffffff81173df5>] printk+0x48/0x50
   [<ffffffffa0197713>] edac_raw_mc_handle_error+0x563/0x5c0 [edac_core]
   [<ffffffffa0197b9b>] edac_mc_handle_error+0x42b/0x6e0 [edac_core]
   [<ffffffffa01c3a60>] sbridge_mce_output_error+0x410/0x10d0 [sb_edac]
   [<ffffffffa01c47cc>] sbridge_check_error+0xac/0x130 [sb_edac]
   [<ffffffffa0197f3c>] edac_mc_workq_function+0x3c/0x90 [edac_core]
   [<ffffffff81095f8b>] process_one_work+0x19b/0x480
   [<ffffffff810967ca>] worker_thread+0x6a/0x520
   [<ffffffff8109c7c4>] kthread+0xe4/0x100
   [<ffffffff81884c52>] ret_from_fork+0x22/0x40

This happens because we increment rx_pkts on -ENOMEM and -EIO, resulting
in rx_pkts > 0. Fix this by only bumping rx_pkts if we were actually
given a non-zero budget.

Signed-off-by: Calvin Owens <calvinowens@fb.com>
Acked-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 14:07:19 -05:00
David S. Miller b25b3e2fd9 Merge branch 'tcp-bbr-sampling-fixes'
Neal Cardwell says:

====================
TCP BBR sampling fixes for loss recovery undo

This patch series has a few minor bug fixes for cases where spurious
loss recoveries can trick BBR estimators into estimating that the
available bandwidth is much lower than the true available bandwidth.
In both cases the fix here is to just reset the estimator upon loss
recovery undo.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 13:27:44 -05:00
Neal Cardwell 600647d467 tcp_bbr: reset long-term bandwidth sampling on loss recovery undo
Fix BBR so that upon notification of a loss recovery undo BBR resets
long-term bandwidth sampling.

Under high reordering, reordering events can be interpreted as loss.
If the reordering and spurious loss estimates are high enough, this
can cause BBR to spuriously estimate that we are seeing loss rates
high enough to trigger long-term bandwidth estimation. To avoid that
problem, this commit resets long-term bandwidth sampling on loss
recovery undo events.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 13:27:43 -05:00
Neal Cardwell 2f6c498e4f tcp_bbr: reset full pipe detection on loss recovery undo
Fix BBR so that upon notification of a loss recovery undo BBR resets
the full pipe detection (STARTUP exit) state machine.

Under high reordering, reordering events can be interpreted as loss.
If the reordering and spurious loss estimates are high enough, this
could previously cause BBR to spuriously estimate that the pipe is
full.

Since spurious loss recovery means that our overall sending will have
slowed down spuriously, this commit gives a flow more time to probe
robustly for bandwidth and decide the pipe is really full.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-12-08 13:27:43 -05:00