summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-22Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller
Conflicts: drivers/net/ethernet/emulex/benet/be_main.c drivers/net/ethernet/intel/igb/igb_main.c drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c include/net/scm.h net/batman-adv/routing.c net/ipv4/tcp_input.c The e{uid,gid} --> {uid,gid} credentials fix conflicted with the cleanup in net-next to now pass cred structs around. The be2net driver had a bug fix in 'net' that overlapped with the VLAN interface changes by Patrick McHardy in net-next. An IGB conflict existed because in 'net' the build_skb() support was reverted, and in 'net-next' there was a comment style fix within that code. Several batman-adv conflicts were resolved by making sure that all calls to batadv_is_my_mac() are changed to have a new bat_priv first argument. Eric Dumazet's TS ECR fix in TCP in 'net' conflicted with the F-RTO rewrite in 'net-next', mostly overlapping changes. Thanks to Stephen Rothwell and Antonio Quartulli for help with several of these merge resolutions. Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22net: Fix vlan bitmask changes in EHEA driver.David S. Miller
This driver uses the crummy "| foo" style, putting the logical operation at the beginning of lines. Then when the VLAN tag flag bits got changed the operator ended up at both the end and the beginning of some lines. Fix the build error by having it uniformly use the operator at the end of the line. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22net: Fix some __vlan_hwaccel_put_tag() callers.David S. Miller
Several call sites were missed when the protocol argument was added to __vlan_hwaccel_put_tag() in commit 86a9bad3ab6b6f858fd4443b48738cabbb6d094c ("net: vlan: add protocol argument to packet tagging functions"). Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22net: sctp: minor: remove dead code from sctp_packetDaniel Borkmann
struct sctp_packet is currently embedded into sctp_transport or sits on the stack as 'singleton' in sctp_outq_flush(). Therefore, its member 'malloced' is always 0, thus a kfree() is never called. Because of that, we can just remove this code. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22VXLAN: Allow L2 redirection with L3 switchingDavid Stevens
Allow L2 redirection when VXLAN L3 switching is enabled This patch restricts L3 switching to destination MAC addresses that are marked as routers in order to allow virtual IP appliances that do L2 redirection to function with VXLAN L3 switching enabled. We use L3 switching on VXLAN networks to avoid extra hops when the nominal router for cross-subnet traffic for a VM is remote and the ultimate destination may be local, or closer to the local node. Currently, the destination IP address takes precedence over the MAC address in all cases. Some network appliances receive packets for a virtualized IP address and redirect by changing the destination MAC address (only) to be the final destination for packet processing. VXLAN tunnel endpoints with L3 switching enabled may then overwrite this destination MAC address based on the packet IP address, resulting in potential loops and, at least, breaking L2 redirections that travel through tunnel endpoints. This patch limits L3 switching to the intended case where the original destination MAC address is a next-hop router and relies on the destination MAC address for all other cases, thus allowing L2 redirection and L3 switching to coexist peacefully. Signed-Off-By: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22net: Remove return value from list_netdevice()dingtianhong
The return value from list_netdevice() is not used and no need, so remove it. Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22net: remove a stale comment for dl_nextEric Dumazet
dl_next member in struct request_sock doesn't need to be first. We expect to insert a "struct common_sock" or a subset of it, so this claim had to be verified. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22qeth: Fix missing pointer updateStefan Raspl
qeth_hdr_chk_and_bounce() can possibly shift the skb->data pointer. However, the existing code didn't update the hdr pointer, which should point to skb->data, accordingly. Symptoms of this issue are sporadic recoveries. Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22qeth: remove unused variableStefan Raspl
remove unused variable Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22qeth: remove cast for kzalloc return valueZhang Yanfei
remove cast for kzalloc return value. Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22xen-netback: don't disconnect frontend when seeing oversize packetWei Liu
Some frontend drivers are sending packets > 64 KiB in length. This length overflows the length field in the first slot making the following slots have an invalid length. Turn this error back into a non-fatal error by dropping the packet. To avoid having the following slots having fatal errors, consume all slots in the packet. This does not reopen the security hole in XSA-39 as if the packet as an invalid number of slots it will still hit fatal error case. Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22xen-netback: coalesce slots in TX path and fix regressionsWei Liu
This patch tries to coalesce tx requests when constructing grant copy structures. It enables netback to deal with situation when frontend's MAX_SKB_FRAGS is larger than backend's MAX_SKB_FRAGS. With the help of coalescing, this patch tries to address two regressions avoid reopening the security hole in XSA-39. Regression 1. The reduction of the number of supported ring entries (slots) per packet (from 18 to 17). This regression has been around for some time but remains unnoticed until XSA-39 security fix. This is fixed by coalescing slots. Regression 2. The XSA-39 security fix turning "too many frags" errors from just dropping the packet to a fatal error and disabling the VIF. This is fixed by coalescing slots (handling 18 slots when backend's MAX_SKB_FRAGS is 17) which rules out false positive (using 18 slots is legit) and dropping packets using 19 to `max_skb_slots` slots. To avoid reopening security hole in XSA-39, frontend sending packet using more than max_skb_slots is considered malicious. The behavior of netback for packet is thus: 1-18 slots: valid 19-max_skb_slots slots: drop and respond with an error max_skb_slots+ slots: fatal error max_skb_slots is configurable by admin, default value is 20. Also change variable name from "frags" to "slots" in netbk_count_requests. Please note that RX path still has dependency on MAX_SKB_FRAGS. This will be fixed with separate patch. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22xen-netfront: reduce gso_max_size to account for max TCP headerWei Liu
The maximum packet including header that can be handled by netfront / netback wire format is 65535. Reduce gso_max_size accordingly. Drop skb and print warning when skb->len > 65535. This can 1) save the effort to send malformed packet to netback, 2) help spotting misconfiguration of netfront in the future. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22xen-netfront: frags -> slots in log messageWei Liu
Also fix a typo in comment. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22be2net: enable IOMMU pass through for be2netCraig Hada
This patch sets the coherent DMA mask to 64-bit after the be2net driver has been acknowledged that the system is 64-bit DMA capable. The coherent DMA mask is examined by the Intel IOMMU driver to determine whether to allow pass through context mapping for all devices. With this patch, the be2net driver combined with be2net compatible hardware provides comparable performance to the case where vt-d is disabled. The main use-case for this change is to decrease the time necessary to copy virtual machine memory during KVM live migration instantiations. This patch was tested on a system that enables the IOMMU in non-coherent mode. Two DMA remapper issues were encountered in the previous version and both patches have been committed. commit ea2447f700cab264019b52e2b417d689e052dcfd commit 2e12bc29fc5a12242d68e11875db3dd58efad9ff Signed-off-by: Craig Hada <craig.hada@hp.com> Signed-off-by: Sathya Perla <sathya.perla@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22be2net: Use GET_PROFILE_CONFIG V1 cmd for BE3-RVasundhara Volam
Use GET_PROFILE_CONFIG_V1 cmd for BE3-R, to query the maximum number of TX rings available per function. On SH-R the same is queried via the GET_FUNCTION_CONFIG cmd. Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com> Signed-off-by: Sathya Perla <sathya.perla@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22be2net: Avoid flashing BE3 UFI on BE3-R chip.Vasundhara Volam
Avoid flashing BE3 UFI on BE3-R chip by verifying asic_revision number of the chip. Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com> Signed-off-by: Sathya Perla <sathya.perla@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22be2net: Don't log "Out of MCCQ wrbs" errorVasundhara Volam
Don't log "Out of MCCQ wrbs" msg. When the driver doesn't receive any response from the FW it already logs a "FW not responding" message. The driver runs out of MCCQ wrbs much later. Also, this message can swamp the kernel log in HW/FW error scenarios. Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com> Signed-off-by: Sathya Perla <sathya.perla@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22be2net: Use TXQ_CREATE_V2 cmdVasundhara Volam
Skyhawk-R and BE3-R (SuperNIC profile) require V2 version of TXQ_CREATE cmd to be used. Signed-off-by: Vasundhara Volam <vasundhara.volam@emulex.com> Signed-off-by: Sathya Perla <sathya.perla@emulex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: update version to 1.78.17-0Dmitry Kravkov
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: allow nvram test to run when device is downDmitry Kravkov
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: add additional regions for CRC memory testDmitry Kravkov
a. Common tree of `dir` structures. b. Multi-port devices structures. CC: Francious Romieu <romieu@fz.zoreil.com> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: remove non-necessary assignmentDmitry Kravkov
CC: Francious Romieu <romieu@fz.zoreil.com> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: fix byte-by-byte nvram write for BE machinesDmitry Kravkov
CC: Francious Romieu <romieu@fz.zoreil.com> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-22bnx2x: refactor nvram read procedureDmitry Kravkov
introduce a procedure to read in u32 granularity. CC: Francious Romieu <romieu@fz.zoreil.com> Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-21Linux 3.9-rc8v3.9-rc8Linus Torvalds
2013-04-21qeth: fix VLAN related compilation errorsPatrick McHardy
drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_add_vlan_mc': >> drivers/s390/net/qeth_l3_main.c:1662:3: error: too few arguments to function '__vlan_find_dev_deep' include/linux/if_vlan.h:88:27: note: declared here drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_add_vlan_mc6': >> drivers/s390/net/qeth_l3_main.c:1723:3: error: too few arguments to function '__vlan_find_dev_deep' include/linux/if_vlan.h:88:27: note: declared here drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_free_vlan_addresses4': >> drivers/s390/net/qeth_l3_main.c:1767:2: error: too few arguments to function '__vlan_find_dev_deep' include/linux/if_vlan.h:88:27: note: declared here drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_free_vlan_addresses6': >> drivers/s390/net/qeth_l3_main.c:1797:2: error: too few arguments to function '__vlan_find_dev_deep' include/linux/if_vlan.h:88:27: note: declared here drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_process_inbound_buffer': >> drivers/s390/net/qeth_l3_main.c:1980:6: error: too few arguments to function '__vlan_hwaccel_put_tag' include/linux/if_vlan.h:234:31: note: declared here drivers/s390/net/qeth_l3_main.c: In function 'qeth_l3_verify_vlan_dev': >> drivers/s390/net/qeth_l3_main.c:2089:3: error: too few arguments to function '__vlan_find_dev_deep' include/linux/if_vlan.h:88:27: note: declared here Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-21net: vlan: fix up vlan_proto_idx() for CONFIG_BUG=nPatrick McHardy
Add missing return statement for CONFIG_BUG=n. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-21net: vlan: fix dummy function signatures for CONFIG_VLAN=nPatrick McHardy
Fix up some function signatures for CONFIG_VLAN=n that were missed during the 802.1ad support patches. Found by the kbuild robot. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-21net: vlan: fix memory leak in vlan_info_rcu_free()Patrick McHardy
The following leak is reported by kmemleak: [ 86.812073] kmemleak: Found object by alias at 0xffff88006ecc76f0 [ 86.816019] Pid: 739, comm: kworker/u:1 Not tainted 3.9.0-rc5+ #842 [ 86.816019] Call Trace: [ 86.816019] <IRQ> [<ffffffff81151c58>] find_and_get_object+0x8c/0xdf [ 86.816019] [<ffffffff8190e90d>] ? vlan_info_rcu_free+0x33/0x49 [ 86.816019] [<ffffffff81151cbe>] delete_object_full+0x13/0x2f [ 86.816019] [<ffffffff8194bbb6>] kmemleak_free+0x26/0x45 [ 86.816019] [<ffffffff8113e8c7>] slab_free_hook+0x1e/0x7b [ 86.816019] [<ffffffff81141c05>] kfree+0xce/0x14b [ 86.816019] [<ffffffff8190e90d>] vlan_info_rcu_free+0x33/0x49 [ 86.816019] [<ffffffff810d0b0b>] rcu_do_batch+0x261/0x4e7 The reason is that in vlan_info_rcu_free() we don't take the VLAN protocol into account when iterating over the vlan_devices_array. Reported-by: Cong Wang <amwang@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Tested-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-21Merge branch 'perf-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix offcore_rsp valid mask for SNB/IVB perf: Treat attr.config as u64 in perf_swevent_init()
2013-04-21Merge branch 'vm_ioremap_memory-examples'Linus Torvalds
I'm going to do an -rc8, so I'm just going to do this rather than delay it any further. They are arguably stable material anyway. * vm_ioremap_memory-examples: mtdchar: remove no-longer-used vma helpers vm: convert snd_pcm_lib_mmap_iomem() to vm_iomap_memory() helper vm: convert fb_mmap to vm_iomap_memory() helper vm: convert mtdchar mmap to vm_iomap_memory() helper vm: convert HPET mmap to vm_iomap_memory() helper
2013-04-20Merge branch 'x86-kdump-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull kdump fixes from Peter Anvin: "The kexec/kdump people have found several problems with the support for loading over 4 GiB that was introduced in this merge cycle. This is partly due to a number of design problems inherent in the way the various pieces of kdump fit together (it is pretty horrifically manual in many places.) After a *lot* of iterations this is the patchset that was agreed upon, but of course it is now very late in the cycle. However, because it changes both the syntax and semantics of the crashkernel option, it would be desirable to avoid a stable release with the broken interfaces." I'm not happy with the timing, since originally the plan was to release the final 3.9 tomorrow. But apparently I'm doing an -rc8 instead... * 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: kexec: use Crash kernel for Crash kernel low x86, kdump: Change crashkernel_high/low= to crashkernel=,high/low x86, kdump: Retore crashkernel= to allocate under 896M x86, kdump: Set crashkernel_low automatically
2013-04-20Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Peter Anvin: "Three groups of fixes: 1. Make sure we don't execute the early microcode patching if family < 6, since it would touch MSRs which don't exist on those families, causing crashes. 2. The Xen partial emulation of HyperV can be dealt with more gracefully than just disabling the driver. 3. More EFI variable space magic. In particular, variables hidden from runtime code need to be taken into account too." * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, microcode: Verify the family before dispatching microcode patching x86, hyperv: Handle Xen emulation of Hyper-V more gracefully x86,efi: Implement efi_no_storage_paranoia parameter efi: Export efi_query_variable_store() for efivars.ko x86/Kconfig: Make EFI select UCS2_STRING efi: Distinguish between "remaining space" and actually used space efi: Pass boot services variable info to runtime code Move utf16 functions to kernel core and rename x86,efi: Check max_size only if it is non-zero. x86, efivars: firmware bug workarounds should be in platform code
2013-04-20Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-armLinus Torvalds
Pull ARM fixes from Russell King: "A set of fixes from various people - Will Deacon gets a prize for removing code this time around. The biggest fix in this lot is sorting out the ARM740T mess. The rest are relatively small fixes." * 'fixes' of git://git.linaro.org/people/rmk/linux-arm: ARM: 7699/1: sched_clock: Add more notrace to prevent recursion ARM: 7698/1: perf: fix group validation when using enable_on_exec ARM: 7697/1: hw_breakpoint: do not use __cpuinitdata for dbg_cpu_pm_nb ARM: 7696/1: Fix kexec by setting outer_cache.inv_all for Feroceon ARM: 7694/1: ARM, TCM: initialize TCM in paging_init(), instead of setup_arch() ARM: 7692/1: iop3xx: move IOP3XX_PERIPHERAL_VIRT_BASE ARM: modules: don't export cpu_set_pte_ext when !MMU ARM: mm: remove broken condition check for v4 flushing ARM: mm: fix numerous hideous errors in proc-arm740.S ARM: cache: remove ARMv3 support code ARM: tlbflush: remove ARMv3 support
2013-04-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds
Pull sparc fixes from David Miller: 1) Fix race in sparc64 TLB shootdowns, we have to synchronize with the sibling cpus completing if we are passing them a reference via pointer to a data structure. 2) Fix cleaning of bitmaps in sparc32, from Akinobu Mita. 3) Fix various sparc header mistakes, some of which resulted in userland build breakage. From Sam Ravnborg. 4) Kill ghost declarations and defines missed when several bits of code got deleted recently. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix race in TLB batch processing. sparc: use asm-generic version of types.h bbc_i2c: fix section mismatch warning sparc: use generic headers sparc:cleanup unused code in smp_32.h sparc/iommu: fix typo s/265KB/256KB/ sparc/srmmu: clear trailing edge of bitmap properly sparc:remove unused declaration smp_boot_cpus()
2013-04-20Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking updates from David Miller: 1) ax88796 does 64-bit divides which causes link errors on ARM, fix from Arnd Bergmann. 2) Once an improper offload setting is detected on an SKB we don't rate limit the log message so we can very easily live lock. From Ben Greear. 3) Openvswitch cannot report vport configuration changes reliably because it didn't preallocate the netlink notification message before changing state. From Jesse Gross. 4) The effective UID/GID SCM credentials fix, from Linus. 5) When a user explicitly asks for wireless authentication, cfg80211 isn't told about the AP detachment leaving inconsistent state. Fix from Johannes Berg. 6) Fix self-MAC checks in batman-adv on multi-mesh nodes, from Antonio Quartulli. 7) Revert build_skb() change sin IGB driver, can result in memory corruption. From Alexander Duyck. 8) Fix setting VLANs on virtual functions in IXGBE, from Greg Rose. 9) Fix TSO races in qlcnic driver, from Sritej Velaga. 10) In bnx2x the kernel driver and UNDI firmware can try to program the chip at the same time, resulting in corruption. Add proper synchronization. From Dmitry Kravkov. 11) Fix corruption of status block in firmware ram in bxn2x, from Ariel Elior. 12) Fix load balancing hash regression of bonding driver in forwarding configurations, from Eric Dumazet. 13) Fix TS ECR regression in TCP by calling tcp_replace_ts_recent() in all the right spots, from Eric Dumazet. 14) Fix several bonding bugs having to do with address manintainence, including not removing address when configuration operations encounter errors, missed locking on the address lists, missing refcounting on VLAN objects, etc. All from Nikolay Aleksandrov. 15) Add workarounds for firmware bugs in LTE qmi_wwan devices, wherein the devices fail to add a proper ethernet header while on LTE networks but otherwise properly do so on 2G and 3G ones. From Bjørn Mork. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits) net: fix incorrect credentials passing net: rate-limit warn-bad-offload splats. net: ax88796: avoid 64 bit arithmetic qlge: Update version to 1.00.00.32. qlge: Fix ethtool autoneg advertising. qlge: Fix receive path to drop error frames net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround) net: qmi_wwan: fixup destination address (firmware bug workaround) net: qmi_wwan: fixup missing ethernet header (firmware bug workaround) bonding: in bond_mc_swap() bond's mc addr list is walked without lock bonding: disable netpoll on enslave failure bonding: primary_slave & curr_active_slave are not cleaned on enslave failure bonding: vlans don't get deleted on enslave failure bonding: mc addresses don't get deleted on enslave failure pkt_sched: fix error return code in fw_change_attrs() irda: small read past the end of array in debug code tcp: call tcp_replace_ts_recent() from tcp_ack() netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too netfilter: ipset: bitmap:ip,mac: fix listing with timeout bonding: fix l23 and l34 load balancing in forwarding path ...
2013-04-20net: fix incorrect credentials passingLinus Torvalds
Commit 257b5358b32f ("scm: Capture the full credentials of the scm sender") changed the credentials passing code to pass in the effective uid/gid instead of the real uid/gid. Obviously this doesn't matter most of the time (since normally they are the same), but it results in differences for suid binaries when the wrong uid/gid ends up being used. This just undoes that (presumably unintentional) part of the commit. Reported-by: Andy Lutomirski <luto@amacapital.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: David S. Miller <davem@davemloft.net> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19Merge remote-tracking branch 'efi/urgent' into x86/urgentH. Peter Anvin
Matt Fleming (1): x86, efivars: firmware bug workarounds should be in platform code Matthew Garrett (3): Move utf16 functions to kernel core and rename efi: Pass boot services variable info to runtime code efi: Distinguish between "remaining space" and actually used space Richard Weinberger (2): x86,efi: Check max_size only if it is non-zero. x86,efi: Implement efi_no_storage_paranoia parameter Sergey Vlasov (2): x86/Kconfig: Make EFI select UCS2_STRING efi: Export efi_query_variable_store() for efivars.ko Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2013-04-19x86, microcode: Verify the family before dispatching microcode patchingH. Peter Anvin
For each CPU vendor that implements CPU microcode patching, there will be a minimum family for which this is implemented. Verify this minimum level of support. This can be done in the dispatch function or early in the application functions. Doing the latter turned out to be somewhat awkward because of the ineviable split between the BSP and the AP paths, and rather than pushing deep into the application functions, do this in the dispatch function. Reported-by: "Bryan O'Donoghue" <bryan.odonoghue.lkml@nexus-software.ie> Suggested-by: Borislav Petkov <bp@alien8.de> Cc: Fenghua Yu <fenghua.yu@intel.com> Link: http://lkml.kernel.org/r/1366392183-4149-1-git-send-email-bryan.odonoghue.lkml@nexus-software.ie
2013-04-19net: rate-limit warn-bad-offload splats.Ben Greear
If one does do something unfortunate and allow a bad offload bug into the kernel, this the skb_warn_bad_offload can effectively live-lock the system, filling the logs with the same error over and over. Add rate limitation to this so that box remains otherwise functional in this case. Signed-off-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19net: ax88796: avoid 64 bit arithmeticArnd Bergmann
When building ax88796 on an ARM platform with 64-bit resource_size_t, we currently get drivers/net/ethernet/8390/ax88796.c:875: undefined reference to `__aeabi_uldivmod' because we do a division on the length of the MMIO resource. Since we know that this resource is very short, using an "unsigned long" instead of "resource_size_t" is entirely sufficient, and avoids this link-time error. Cc: Ben Dooks <ben-linux@fluff.org> Cc: netdev@vger.kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next Pablo Neira Ayuso says: ==================== The following patchset contains a small batch of Netfilter updates for your net-next tree, they are: * Three patches that provide more accurate error reporting to user-space, instead of -EPERM, in IPv4/IPv6 netfilter re-routing code and NAT, from Patrick McHardy. * Update copyright statements in Netfilter filters of Patrick McHardy, from himself. * Add Kconfig dependency on the raw/mangle tables to the rpfilter, from Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19qlge: Update version to 1.00.00.32.Jitendra Kalsaria
Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19qlge: Fix ethtool autoneg advertising.Jitendra Kalsaria
Autoneg is supported on specific port types only. Fix the driver to advertise autoneg based on the port type. Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19qlge: Fix receive path to drop error framesSritej Velaga
o Fix the driver to drop error frames in the receive path o Update error counter which was not getting incremented Signed-off-by: Sritej Velaga <sritej.velaga@qlogic.com> Signed-off-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19Merge branch 'qmi_wwan'David S. Miller
Bjørn Mork says: ==================== This series adds workarounds for 3 different firmware bugs, each preventing the affected devices from working at all. I therefore humbly request that these fixes go to stable-3.8 (if still maintained) and 3.9 (either via net if still possible, or via stable if not). All 3 workarounds are applied to all devices supported by the driver. Adding quirks for specific devices was considered as an alternative, but was rejected because we have too little information about the exact distribution of the buggy firmwares. All we know is that the same bug shows up in devices from at least 3 different, and presumably independent, vendors. The workarounds have instead been designed to automatically apply when necessary, and to have as little impact as possible on unaffected devices. The series has been tested on a number of devices both with and without these bugs. The series should apply cleanly to net/master, net-next/master and stable/linux-3.8.y ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround)Bjørn Mork
We normally trust and use the CDC functional descriptors provided by a number of devices. But some of these will erroneously list the address reserved for the device end of the link. Attempting to use this on both the device and host side will naturally not work. Work around this bug by ignoring the functional descriptor and assign a random address instead in this case. Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19net: qmi_wwan: fixup destination address (firmware bug workaround)Bjørn Mork
Received packets are sometimes addressed to 00:a0:c6:00:00:00 instead of the address the device firmware should have learned from the host: 321.224126 77.16.85.204 -> 148.122.171.134 ICMP 98 Echo (ping) request id=0x4025, seq=64/16384, ttl=64 0000 82 c0 82 c9 f1 67 82 c0 82 c9 f1 67 08 00 45 00 .....g.....g..E. 0010 00 54 00 00 40 00 40 01 57 cc 4d 10 55 cc 94 7a .T..@.@.W.M.U..z 0020 ab 86 08 00 62 fc 40 25 00 40 b2 bc 6e 51 00 00 ....b.@%.@..nQ.. 0030 00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15 ..k............. 0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$% 0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345 0060 36 37 67 321.240607 148.122.171.134 -> 77.16.85.204 ICMP 98 Echo (ping) reply id=0x4025, seq=64/16384, ttl=55 0000 00 a0 c6 00 00 00 02 50 f3 00 00 00 08 00 45 00 .......P......E. 0010 00 54 00 56 00 00 37 01 a0 76 94 7a ab 86 4d 10 .T.V..7..v.z..M. 0020 55 cc 00 00 6a fc 40 25 00 40 b2 bc 6e 51 00 00 U...j.@%.@..nQ.. 0030 00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15 ..k............. 0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$% 0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345 0060 36 37 67 The bogus address is always the same, and matches the address suggested by many devices as a default address. It is likely a hardcoded firmware default. The circumstances where this bug has been observed indicates that the trigger is related to timing or some other factor the host cannot control. Repeating the exact same configuration sequence that caused it to trigger once, will not necessarily cause it to trigger the next time. Reproducing the bug is therefore difficult. This opens up a possibility that the bug is more common than we can confirm, because affected devices often will work properly again after a reset. A procedure most users are likely to try out before reporting a bug. Unconditionally rewriting the destination address if the first digit of the received packet is 0, is considered an acceptable compromise since we already have to inspect this digit. The simplification will cause unnecessary rewrites if the real address starts with 0, but this is still better than adding additional tests for this particular case. Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-19net: qmi_wwan: fixup missing ethernet header (firmware bug workaround)Bjørn Mork
A number of LTE devices from different vendors all suffer from the same firmware bug: Most of the packets received from the device while it is attached to a LTE network will not have an ethernet header. The devices work as expected when attached to 2G or 3G networks, sending an ethernet header with all packets. This driver is not aware of which network the modem attached to, and even if it were there are still some packet types which are always received with the header intact. All devices supported by this driver have severely limited networking capabilities: - can only transmit IPv4, IPv6 and possibly ARP - can only support a single host hardware address at any time - will only do point-to-point communcation with the host Because of this, we are able to reliably identify any bogus raw IP packets by simply looking at the 4 IP version bits. All we need to do is to avoid 4 or 6 in the first digit of the mac address. This workaround ensures this, and fix up the received packets as necessary. Given the distribution of the bug, it is believed that the source is the chipset vendor. The devices which are verified to be affected are: Huawei E392u-12 (Qualcomm MDM9200) Pantech UML290 (Qualcomm MDM9600) Novatel USB551L (Qualcomm MDM9600) Novatel E362 (Qualcomm MDM9600) It is believed that the bug depend on firmware revision, which means that possibly all devices based on the above mentioned chipset may be affected if we consider all available firmware revisions. The information about affected devices and versions is likely incomplete. As the additional overhead for packets not needing this fixup is very small, it is considered acceptable to apply the workaround to all devices handled by this driver. Reported-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>