In commit 1e052be69d ("net_sched: destroy proto tp when all filters are gone")
I added a check in u32_destroy() to see if all real filters are gone
for each tp, however, that is only done for root_ht, same is needed
for others.
This can be reproduced by the following tc commands:
tc filter add dev eth0 parent 1:0 prio 5 handle 15: protocol ip u32 divisor 256
tc filter add dev eth0 protocol ip parent 1: prio 5 handle 15:2:2 u32
ht 15:2: match ip src 10.0.0.2 flowid 1:10
tc filter add dev eth0 protocol ip parent 1: prio 5 handle 15:2:3 u32
ht 15:2: match ip src 10.0.0.3 flowid 1:10
Fixes: 1e052be69d ("net_sched: destroy proto tp when all filters are gone")
Reported-by: Akshat Kakkar <akshat.1984@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Rather than re-initialising the entire completion on every mdio access,
use reinit_completion() which only resets the completion count. This
avoids possible reinitialisation of the contained spinlock and waitqueue
while they may be in use (eg, mid-completion.)
Such an event could occur if there's a long delay in interrupt handling
causing the mdio accessor to time out, then a second access comes in
while the interrupt handler on a different CPU has called complete().
Another scenario where this has been observed is while locking has
been missing at the phy layer, allowing concurrent attempts to access
the MDIO bus.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
The phy layer is missing locking for the above two functions - it
has been observed that two threads (userspace and the phy worker
thread) can race, entering the bus ->write or ->read functions
simultaneously.
This causes the FEC driver to initialise a completion while another
thread is waiting on it or while the interrupt is calling complete()
on it, which causes spinlock unlock-without-lock, spinlock lockups,
and completion timeouts.
Fixes: a59a4d192 ("phy: add the EEE support and the way to access to the MMD registers.")
Fixes: 0c1d77dfb ("net: libphy: Add phy specific function to access mmd phy registers")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Before 56ef9c909b40[1] it used to ignore all errors from igmp_join().
That commit enhanced that and made it error out whatever error happened
with igmp_join(), but that's not good because when using multicast
groups vxlan will try to join it multiple times if the socket is reused
and then the 2nd and further attempts will fail with EADDRINUSE.
As we don't track to which groups the socket is already subscribed, it's
okay to just ignore that error.
Fixes: 56ef9c909b ("vxlan: Move socket initialization to within rtnl scope")
Reported-by: John Nielsen <lists@jnielsen.net>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQEcBAABCgAGBQJV3BEJAAoJEP5prqPJtc/Hb2wH/RFxO+rBh16yZBJjFlPbn2ZQ
VbcngZtowJle9kjTBINCN/8KsjOhdpn9oT8iOxVcrwyxPa/gWcqnz7cip9regabu
6fOnIlmCnomJ9E/9Gt4joqsB14Zlbubn4xU+VJacZRDjXktJSeHGexxYHnAsROC6
V4W2yIySd5T1UvlzSCbbugRLa9c0ROtLj2RxdHrTicbmcyQrA/bvErACFGtlInso
PV6YLFk+ESk3RH0vl2FxUkNC2g7QiKp7zhX9eAuDkEg2CIYCL1sNQt6eAQMPaRbc
o9u60JLbqiXrKbvlmOGBnIPqkBWxbYX3Jo9Qc4bEyS93Gzdn73kMwnFbMgd8Oek=
=JbLo
-----END PGP SIGNATURE-----
Merge tag 'linux-can-fixes-for-4.2-20150825' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Marc Kleine-Budde says:
====================
this is the updated pull request of one patch by me for the peak_usb
driver. It fixes the driver, so that non FD adapters don't provide CAN
FD bittimings.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the renesas ethernet driver directory is compiled if SH_ETH is
configured rather than NET_VENDOR_RENESAS. Although incorrect that was
quite harmless as until recently as SH_ETH configured the only driver in
the renesas directory. However, as of c156633f13 ("Renesas Ethernet AVB
driver proper") the renesas directory includes another driver, configured
by RAVB, and it makes little sense for it to have a hidden dependency on
SH_ETH.
Signed-off-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
[horms: rewrote changelog]
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
When a tunnel is deleted, the cached dst entry should be released.
This problem may prevent the removal of a netns (seen with a x-netns IPv6
gre tunnel):
unregister_netdevice: waiting for lo to become free. Usage count = 3
CC: Dmitry Kozlov <xeb@mail.ru>
Fixes: c12b395a46 ("gre: Support GRE over IPv6")
Signed-off-by: huaibin Wang <huaibin.wang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 18ee49ddb0 ("phylib: rename mii_bus::dev to mii_bus::parent")
changed the parent of PHY devices from the bus to the bus parent.
Then, commit 4dea547fef ("phylib: rework to prepare for OF
registration of PHYs") moved the code into phy_device.c
At this point, it is somewhat unclear why the change was seen as
necessary. But, when we look at the device model tree in
/sys/devices, it is clearly incorrect. The PHYs should be children of
their MDIO bus.
Change the PHY's parent device to be the MDIO bus device.
Cc: Lennert Buytenhek <buytenh@wantstofly.org>
Cc: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: David Daney <david.daney@cavium.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The CAN FD data bittiming constants are provided via netlink only when there
are valid CAN FD constants available in priv->data_bittiming_const.
Due to the indirection of pointer assignments in the peak_usb driver the
priv->data_bittiming_const never becomes NULL - not even for non-FD adapters.
The data_bittiming_const points to zero'ed data which leads to this result
when running 'ip -details link show can0':
35: can0: <NOARP,ECHO> mtu 16 qdisc noop state DOWN mode DEFAULT group default qlen 10
link/can promiscuity 0
can state STOPPED restart-ms 0
pcan_usb: tseg1 1..16 tseg2 1..8 sjw 1..4 brp 1..64 brp-inc 1
: dtseg1 0..0 dtseg2 0..0 dsjw 1..0 dbrp 0..0 dbrp-inc 0 <== BROKEN!
clock 8000000
This patch changes the struct peak_usb_adapter::bittiming_const and struct
peak_usb_adapter::data_bittiming_const to pointers to fix the assignemnt
problems.
Cc: linux-stable <stable@vger.kernel.org> # >= 4.0
Reported-by: Oliver Hartkopp <socketcan@hartkopp.net>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Clean the dma flags of multiq ring buffer int the interface stop
process. This patch fixes that the genet is not running while the
interface is re-enabled.
$ ifup eth0 - running after booting
$ ifdown eth0
$ ifup eth0 - not running and occur tx_timeout
The bcmgenet_dma_disable() in bcmgenet_open() do clean ring16 dma flag
only. If the genet has multiq, the dma register is not cleaned. and
bcmgenet_init_dma() is not done correctly. in case
GENET_V2(tx_queues=4), tdma_ctrl has 0x1e after running
bcmgenet_dma_disable().
Signed-off-by: Jaedon Shin <jaedon.shin@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
bcmgenet_timeout() executes in atomic context, yet we will invoke
napi_disable() which does sleep. Looking back at the changes, disabling
TX napi and re-enabling it is completely useless, since we reclaim all
TX buffers and re-enable interrupts, and wake up the TX queues.
Fixes: 13ea657806 ("net: bcmgenet: improve TX timeout")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I can't send netlink message via mmaped netlink socket since
commit: a8866ff6a5
netlink: make the check for "send from tx_ring" deterministic
msg->msg_iter.type is set to WRITE (1) at
SYSCALL_DEFINE6(sendto, ...
import_single_range(WRITE, ...
iov_iter_init(1, WRITE, ...
call path, so that we need to check the type by iter_is_iovec()
to accept the WRITE.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Fix a recently introduced issue in the ACPI backlight code which
causes lockdep to complain about a circular lock dependency during
initialization (Hans de Goede).
- Fix a possible memory during initialization in the Exynos cpufreq
driver (Shailendra Verma).
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJV1lUAAAoJEILEb/54YlRxLcsQAK/pVtaXe07xY0WnknKQp5cr
HqOKZKQ5Eq+1eAI8CoT27F5/DMBTCOga04arSlQo+NG+uWA+vEAXdLN0JtgqTwmU
0C9KaTCI7vs0estYeHhz3h1+CNkP2iEG78JxlnZRuZo0plBbYtv8VPh0/gfseC/g
BlTMM3KuSfIbUK1pWAVz8gTOJqJ/kPTTaTRjzy9/+HnQWcomz1kQnlqEjxxNK/BS
moFi5ka+LiLvzfSc4OLjxHAL3O3pUVIKEOUv8Pkomx+Js4+9TYzLmBqjUCUN0kSJ
y6VKqjDq4MeujPfW35PVkb3eFwILVik+8IUwQoymKobenb1lQyeGPrNvr9cCswAd
WtBUvD/LIOdplrlFDQCeWEfb53SIr+5pOBDY4Pb+wrplg/HukmBLfORYYqtNWftM
6Dx7mjxUoz7BddRciqTYiEgBzTE+oDgUPrQkX3ot2xXv6jbBPazzzc1EEh/25rZ1
SYezK1JxS8xa5ctGUEy4ppgXqqNjXNotb4sQnhYSsuFjMNzs4eIj5Pp204Ohkd/S
TJfzTD45FE6CQwkp0Yvh3/VRScUiC1xxLy/1uJvv9ZKZNpVQEJcaoPeF+DOMKFjf
gFNToHr7SlhJq4Ad2dTzwFd64BA0c3Dg4MX1/jUSkZMRPRaIjINNQ4ftJ/yLfMsA
rnYsGj+7Xntbfm9X/bu6
=s0Ql
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-4.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
"These fix a recent regression in the ACPI backlight code and a memory
leak in the Exynos cpufreq driver.
Specifics:
- Fix a recently introduced issue in the ACPI backlight code which
causes lockdep to complain about a circular lock dependency during
initialization (Hans de Goede).
- Fix a possible memory during initialization in the Exynos cpufreq
driver (Shailendra Verma)"
* tag 'pm+acpi-4.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: exynos: Fix for memory leak in case SoC name does not match
ACPI / video: Fix circular lock dependency issue in the video-detect code
* acpi-video:
ACPI / video: Fix circular lock dependency issue in the video-detect code
* cpufreq-fixes:
cpufreq: exynos: Fix for memory leak in case SoC name does not match
Pull networking fixes from David Miller:
1) Out of bounds array access in 802.11 minstrel code, from Adrien
Schildknecht.
2) Don't use skb_get() in IGMP/MLD code paths, as this makes
pskb_may_pull() BUG. From Linus Luessing.
3) Fix off by one in ipv4 route dumping code, from Andy Whitcroft.
4) Fix deadlock in reqsk_queue_unlink(), from Eric Dumazet.
5) Fix ppp device deregistration wrt. netns deletion, from Guillaume
Nault.
6) Fix deadlock when creating per-cpu ipv6 routes, from Martin KaFai
Lau.
7) Fix memory leak in batman-adv code, from Sven Eckelmann.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
batman-adv: Fix memory leak on tt add with invalid vlan
net: phy: fix semicolon.cocci warnings
net: qmi_wwan: add HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module
be2net: avoid vxlan offloading on multichannel configs
ipv6: Fix a potential deadlock when creating pcpu rt
ipv6: Add rt6_make_pcpu_route()
ipv6: Remove un-used argument from ip6_dst_alloc()
net: phy: workaround for buggy cable detection by LAN8700 after cable plugging
net: ethernet: micrel: fix an error code
ppp: fix device unregistration upon netns deletion
net: phy: fix PHY_RUNNING in phy_state_machine
Revert "net: limit tcp/udp rmem/wmem to SOCK_{RCV,SND}BUF_MIN"
inet: fix potential deadlock in reqsk_queue_unlink()
gianfar: Restore link state settings after MAC reset
ipv4: off-by-one in continuation handling in /proc/net/route
net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code
mac80211: fix invalid read in minstrel_sort_best_tp_rates()
- Fix i386 build with an (uncommon) configuration
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJV1bZtAAoJEFxbo/MsZsTR3sYH/2Q+wabqeFZotSZsJjYjSh+q
6hCRB/tD+LbmReYuFBsqStHUDEL0Ljh9kw6YQvUrEVLv6CIH/pCVhj2U+/INlUur
aScKQe1ttKaMzEAB2opLQnYMw5Q/C/pHAtq88MYMWnYBb9fM/puMyI0iXu8FhoOP
+QYdaDt7+hRfID3PWZ7JxLGu+AqVgis5OAh/rt/Y4aC/WaNF7ifrE4qIJlgaR9x4
IDglRBc4cPhLjwb2yhykiRHREhydVvRqEPsgji20T7pXVduj5DEqqVpU1XMqKBNU
0EmZ5wLnELvWxPWv3zCScAtvmH30+i4QQcGB/3igJCeYN0gBxzeoGbTKWf4P0HM=
=lRue
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.2-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen build fix from David Vrabel:
"Fix i386 build with an (uncommon) configuration"
* tag 'for-linus-4.2-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/xen: make CONFIG_XEN depend on CONFIG_X86_LOCAL_APIC
Here are a small collecton of sound fix patches. The most significant
one is the disablement of newly introduced topology API. Its ABI
couldn't be stabilized enough, so we decided to delay for 4.3 in the
end. Other than that, all oneliner fixes: a USB-audio runtime PM fix
and a couple of HD-audio quirks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJV1WX/AAoJEGwxgFQ9KSmkrJwQALdpqWsGXRELI/YC9BXNj1fM
m+IlVl+/zi4U3PYbWR28vPPn4FTLSkobiAj7M/dD8UyAxvB+KJsZ8Kz0ZXu77M29
2HO1Ho3l7c2xb2+jKoNKziANVe1Hogo/GEhsnnoVhcATZloc+lRWkIbMYJzJ+VDY
JVLIjC8PSZoS3OOUgQzmd9Ah+FNPrO2KB0gTZY0hT3DhELm77CWci3ZKxP58Qab0
OlOc2n8xvOCwHD+2FG2XF6eJIjc6L9fJG4m7NTToHyuOmqZqCo8aotkpD2ANNpVd
PL5afoUpB74ZnJ7uXw/+LL4fWxlPAszBTKeMcZYBf1nwqhwaJTY2POcxAgRMd8/m
6Zo+3XeaGFzVLH+0EwLbBCnGV6KToIfLR5yGR2cuwe7F+XmCCrRLbkOj7oNdJiW1
hbTmbanwZv0NkFfzDMgJPBvW9KlMO9Bk2VDl3jIIC+1qTGl8lWFAWwWPWub2hiAP
Cuz6LPpQvCvaGov9xcTFpUSpvZs/8OZwpmgEfdAxxY4vN0HAB6k+tRe+R+y+e5Oe
hia6HG/U6lYOXjxN0L1PcT6I2ujuqzCqdbDQ28lRH9AtQacPkMYZTxLB7fd1keFA
oaI2k0GfRLqcngTNjeyABIi4Xk1C1XEMtDXvX2vlQglAfsSFyJ1DAg6DtbhulrRk
t/UQdHWblX/XhPinPSSe
=c+1+
-----END PGP SIGNATURE-----
Merge tag 'sound-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Here are a small collecton of sound fix patches.
The most significant one is the disablement of newly introduced
topology API. Its ABI couldn't be stabilized enough, so we decided to
delay for 4.3 in the end. Other than that, all oneliner fixes: a
USB-audio runtime PM fix and a couple of HD-audio quirks"
* tag 'sound-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Add dock support for Thinkpad W541 (17aa:2211)
ALSA: usb-audio: Fix runtime PM unbalance
ASoC: topology: Disable use from userspace
ASoC: topology: Add Kconfig option for topology
ALSA: hda - Fix the white noise on Dell laptop
Pull SCSI target fixes from Nicholas Bellinger:
"This contains a v4.2-rc specific RCU module unload regression bug-fix,
a long-standing iscsi-target bug-fix for duplicate target_xfer_tags
during NOP processing from Alexei, and two more small REPORT_LUNs
emulation related patches to make Solaris FC host LUN scanning happy
from Roland.
There is also one patch not included that allows target-core to limit
the number of fabric driver SGLs per I/O request using residuals, that
is currently required as a work-around for FC hosts which don't honor
EVPD block-limits settings. At this point, it will most likely become
for-next material"
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
target: Fix handling of small allocation lengths in REPORT LUNS
target: REPORT LUNS should return LUN 0 even for dynamic ACLs
target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
target: Perform RCU callback barrier before backend/fabric unload
Pull thermal fixes from Eduardo Valentin:
"Last minute fixes on the thermal-soc tree. There is a fix of a long
lasting bug in cpu cooling device, thanks for RMK for being pushing
this"
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal:
thermal/cpu_cooling: update policy limits if clipped_freq < policy->max
thermal/cpu_cooling: rename max_freq as clipped_freq in notifier
thermal/cpu_cooling: rename cpufreq_val as clipped_freq
thermal/cpu_cooling: convert 'switch' block to 'if' block in notifier
thermal/cpu_cooling: quit early after updating policy
thermal/cpu_cooling: No need to initialize max_freq to 0
thermal: cpu_cooling: fix lockdep problems in cpu_cooling
thermal: power_allocator: do not use devm* interfaces
Since commit feb44f1f7a (x86/xen:
Provide a "Xen PV" APIC driver to support >255 VCPUs) Xen guests need
a full APIC driver and thus should depend on X86_LOCAL_APIC.
This fixes an i386 build failure with !SMP && !CONFIG_X86_UP_APIC by
disabling Xen support in this configuration.
Users needing Xen support in a non-SMP i386 kernel will need to enable
CONFIG_X86_UP_APIC.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Cc: <stable@vger.kernel.org>
The topology code merged in the v4.2 merge window introduced a new ABI
which was believed to be suitable for use but subsequently additional
work by the developers of this feature have revealed some problems that
need to be addressed. In order to allow this to be done without having
to support the initial ABI add Kconfig to disable the build and also add
some #error statements to the UAPI header so users can't use them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJV1K6xAAoJECTWi3JdVIfQl60H/Aiq3smUvb+npgLI402pdzZ8
eaGVSw1oGO7NFylBDu8FeiJLBvl4ZQmSfMbaLBJ50JPKqY1nFjOXFk0nWatQ8TPY
0aB1NKCIGNNCWXTO3ABZ8zeT5AH218n3t8tTUxWzOS1RhpZMwePVuS83+cdwfxAZ
He29rX2xfKFaGo92NMB707vU6aobYC0jc4pIaVoYLN7E49leTSzgGKKNVW2JyEog
d44Zd7jEXPY1lj166sEEF4axAzGc2ZkwsbmOmymbszEBkYtDVs1Q1omFf+CNi31Y
16bLwOVzTXVM7PeheRF2Tp6qtcyDpQhLicfBjakkJ1X5MtW3OzoutGli/isIh2g=
=Gj9l
-----END PGP SIGNATURE-----
Merge tag 'asoc-v4.2-disable-topology' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Disable topology support for v4.2
The topology code merged in the v4.2 merge window introduced a new ABI
which was believed to be suitable for use but subsequently additional
work by the developers of this feature have revealed some problems that
need to be addressed. In order to allow this to be done without having
to support the initial ABI add Kconfig to disable the build and also add
some #error statements to the UAPI header so users can't use them.
The fix for deadlock in PM in commit [1ee23fe07e: ALSA: usb-audio:
Fix deadlocks at resuming] introduced a new check of in_pm flag.
However, the brainless patch author evaluated it in a wrong way
(logical AND instead of logical OR), thus usb_autopm_get_interface()
is wrongly called at probing, leading to unbalance of runtime PM
refcount.
This patch fixes it by correcting the logic.
Reported-by: Hans Yang <hansy@nvidia.com>
Fixes: 1ee23fe07e ('ALSA: usb-audio: Fix deadlocks at resuming')
Cc: <stable@vger.kernel.org> [v3.15+]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
REPORT LUNS should not fail just because the allocation length is less
than 16. The relevant section of SPC-4 is:
4.2.5.6 Allocation length
The ALLOCATION LENGTH field specifies the maximum number of bytes or
blocks that an application client has allocated in the Data-In
Buffer. The ALLOCATION LENGTH field specifies bytes unless a
different requirement is stated in the command definition.
An allocation length of zero specifies that no data shall be
transferred. This condition shall not be considered an error.
So we should just truncate our response rather than return an error.
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Spencer Baugh <sbaugh@catern.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
The object tt_local is allocated with kmalloc and not initialized when the
function batadv_tt_local_add checks for the vlan. But this function can
only cleanup the object when the (not yet initialized) reference counter of
the object is 1. This is unlikely and thus the object would leak when the
vlan could not be found.
Instead the uninitialized object tt_local has to be freed manually and the
pointer has to set to NULL to avoid calling the function which would try to
decrement the reference counter of the not existing object.
CID: 1316518
Fixes: 354136bcc3 ("batman-adv: fix kernel crash due to missing NULL checks")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
We recently found issue with dma_request_slave_channel() API causing
privatecnt value to go bad. This is fixed by balancing the privatecnt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJV02dfAAoJEHwUBw8lI4NHcDgQAMM4q0cQkLiPiL1RFFwg8sfm
LkTP+beefke/lEpqpOvvTNkyfc3JwYbmDiVFl0dNJ4iI3VjWR9Xfg4ZPsG54RQcc
hrvUamiPuotBNFX9ohRoyq7VLaqy/fd0PksPaXNDh1Gy9zXpt3bFC8w/1mRtVyE8
hFKWO+ZLr1KayGDpoQ4JjtVCNoR6oO/j9eCJ12+27n/IEnxPtuoUtBr5lqIC2cRZ
y0YSPokrTB/uVGzdDTeS5S0uM0YtSHmiVcd5msI8k5FioN/1HpKf6u2ls/1AvC8R
IPwHwbj92M33LtdI18SrUaTt0boKW6vcgd5jFnPD9EA68crEbfONjGigSx6/CJNY
tlCMTJ3oIHw/jbT39Yq00F/Tds3wk3BlFM87xRCyzlCE3vN6d42xyjuHJmqOp5xt
PKpTtiIVBjVEMsstyV5pnior3SN5uWuFnldYzQR7op0RkAdWuhzOVCJiEeFLCDWy
J2ra6JdM2uRYBMzIOsiL7cy0btg401mYAzNOezqaDT1D5Aifi4J2r8LKQO+FRqnU
gmtynMUuBB7xKJMwl4iR9fWAvEN0pXQ/OlZOrkXM9LJ0gdTmOp4kBRm2h7AjrcBi
/VKmMmoQ82Bv4IgzbrlkLKWN/rba8kotzRB0gszDSaU9fH01+LmKs2ygOVQQRI24
K9xLshDvIJheh4mDRlia
=nKrX
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-4.2-rc8' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fix from Vinod Koul:
"We recently found issue with dma_request_slave_channel() API causing
privatecnt value to go bad. This is fixed by balancing the privatecnt"
* tag 'dmaengine-fix-4.2-rc8' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: fix balance of privatecnt inc/dec operations
Since the topology API is still in sufficient flux for changes to be
identified disable the use of the userspace ABI by adding #error
statements to the code, ensuring that nobody relies on the headers as
currently defined. It is expected that this change will be reverted for
v4.3.
Signed-off-by: Mark Brown <broonie@kernel.org>
Pull drm fixes from Dave Airlie:
"These came in late last week, I wanted to look over the mst one before
forwarding, but it seems good.
Just three i915 and one MST fix"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/i915: Commit planes on each crtc separately.
drm/i915: calculate primary visibility changes instead of calling from set_config
drm/i915: Only dither on 6bpc panels
drm/dp/mst: Remove port after removing connector.
Allow the topology code to be compiled out so that users who don't need
topology don't need to havve the code compiled in, saving them some
memory.
Some more configuration could be added to remove some of the hooks into
the core data structures but that is probably best done with some
refactoring to use functions to do the updates of the data structures
rather than ifdefing in the code as we'd need to do at the minute.
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
Pull libata fixes from Tejun Heo:
"Three minor device-specific fixes and revert of NCQ autosense added
during this -rc1.
It turned out that NCQ autosense as currently implemented interferes
with the usual error handling behavior. It will be revisited in the
near future"
* 'for-4.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ata: ahci_brcmstb: Fix misuse of IS_ENABLED
sata_sx4: Check return code from pdc20621_i2c_read()
Revert "libata: Implement NCQ autosense"
Revert "libata: Implement support for sense data reporting"
Revert "libata-eh: Set 'information' field for autosense"
ata: ahci_brcmstb: Fix warnings with CONFIG_PM_SLEEP=n
Pull cgroup fix from Tejun Heo:
"A fix for a subtle bug introduced back during 3.17 cycle which
interferes with setting configurations under specific conditions"
* 'for-4.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cpuset: use trialcs->mems_allowed as a temp variable
VxLAN offloading is not functional if the NIC is running in multichannel
mode (UMC, FLEX-10, VNIC...). Enabling this additionally kills whole
connectivity through the NIC and the device needs to be down and up to
restore it. The firmware should take care about it and does not allow
the conversion of interface to tunnel type (be_cmd_manage_iface) or should
support VxLAN offloading if multichannel config is enabled.
I have tested this on the latest available firmware (10.6.144.21).
Result:
[root@sm-04 ~]# ip link set enp5s0f0 up[root@sm-04 ~]# ip addr add 172.30.10.50/24 dev enp5s0f0
[root@sm-04 ~]# ping -c 3 172.30.10.254PING 172.30.10.254 (172.30.10.254) 56(84) bytes of data.
64 bytes from 172.30.10.254: icmp_seq=1 ttl=64 time=0.317 ms
64 bytes from 172.30.10.254: icmp_seq=2 ttl=64 time=0.187 ms
64 bytes from 172.30.10.254: icmp_seq=3 ttl=64 time=0.188 ms
--- 172.30.10.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.187/0.230/0.317/0.063 ms
[root@sm-04 ~]# ip link add link enp5s0f0 vxlan10 type vxlan id 10 remote 172.30.10.60 dstport 4789
[root@sm-04 ~]# ip link set vxlan10 up
[ 7900.442811] be2net 0000:05:00.0: Enabled VxLAN offloads for UDP port 4789
[ 7900.455722] be2net 0000:05:00.1: Enabled VxLAN offloads for UDP port 4789
[ 7900.468635] be2net 0000:05:00.2: Enabled VxLAN offloads for UDP port 4789
[ 7900.481553] be2net 0000:05:00.3: Enabled VxLAN offloads for UDP port 4789
[root@sm-04 ~]# ping -c 3 172.30.10.254
PING 172.30.10.254 (172.30.10.254) 56(84) bytes of data.
--- 172.30.10.254 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
[root@sm-04 ~]# ip link set vxlan10 down
[ 7959.434093] be2net 0000:05:00.0: Disabled VxLAN offloads for UDP port 4789
[ 7959.444792] be2net 0000:05:00.1: Disabled VxLAN offloads for UDP port 4789
[ 7959.455592] be2net 0000:05:00.2: Disabled VxLAN offloads for UDP port 4789
[ 7959.466416] be2net 0000:05:00.3: Disabled VxLAN offloads for UDP port 4789
[root@sm-04 ~]# ip link del vxlan10
[root@sm-04 ~]# ping -c 3 172.30.10.254
PING 172.30.10.254 (172.30.10.254) 56(84) bytes of data.
--- 172.30.10.254 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
[root@sm-04 ~]# ip link set enp5s0f0 down
[root@sm-04 ~]# ip link set enp5s0f0 up
[ 8071.019003] be2net 0000:05:00.0 enp5s0f0: Link is Up
[root@sm-04 ~]# ping -c 3 172.30.10.254
PING 172.30.10.254 (172.30.10.254) 56(84) bytes of data.
64 bytes from 172.30.10.254: icmp_seq=1 ttl=64 time=0.318 ms
64 bytes from 172.30.10.254: icmp_seq=2 ttl=64 time=0.196 ms
64 bytes from 172.30.10.254: icmp_seq=3 ttl=64 time=0.194 ms
--- 172.30.10.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.194/0.236/0.318/0.057 ms
Cc: Sathya Perla <sathya.perla@avagotech.com>
Cc: Ajit Khaparde <ajit.khaparde@avagotech.com>
Cc: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com>
Cc: Sriharsha Basavapatna <sriharsha.basavapatna@avagotech.com>
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Acked-by: Ajit Khaparde <ajit.khaparde@avagotech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Martin KaFai Lau says:
====================
ipv6: Fix a potential deadlock when creating pcpu rt
v1 -> v2:
A minor change in the commit message of patch 2.
This patch series fixes a potential deadlock when creating a pcpu rt.
It happens when dst_alloc() decided to run gc. Something like this:
read_lock(&table->tb6_lock);
ip6_rt_pcpu_alloc()
=> dst_alloc()
=> ip6_dst_gc()
=> write_lock(&table->tb6_lock); /* oops */
Patch 1 and 2 are some prep works.
Patch 3 is the fix.
Original report: https://bugzilla.kernel.org/show_bug.cgi?id=102291
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
It is a prep work for fixing a potential deadlock when creating
a pcpu rt.
The current rt6_get_pcpu_route() will also create a pcpu rt if one does not
exist. This patch moves the pcpu rt creation logic into another function,
rt6_make_pcpu_route().
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
CC: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
After 4b32b5ad31 ("ipv6: Stop rt6_info from using inet_peer's metrics"),
ip6_dst_alloc() does not need the 'table' argument. This patch
cleans it up.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
CC: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
* Due to HW bug, LAN8700 sometimes does not detect presence of energy in the
Ethernet cable in Energy Detect Power-Down mode (e.g while EDPWRDOWN bit is
set, the ENERGYON bit does not asserted sometimes). This is a common bug of
LAN87xx family of PHY chips.
* The lan87xx_read_status() was improved to acquire ENERGYON bit. Its previous
algorythm still not reliable on 100 % and sometimes skip cable plugging.
Signed-off-by: Igor Plyatov <plyatov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
iQIcBAABCAAGBQJVzc58AAoJEDBSmw7B7bqrhkQP/1bgnJHOtAthUygVCUDN3p6J
rbmyfmszcWqPgYWMh4sfBRJQPWBpq4Q4ZPlVNCU8VkFoJRXemqWsOjnpMro0Vi8Y
omTMPf1ph5WAUhCTjR6d+J7M5uHVzp1ougeaDEHY6QPTQ0rNTQ4W9gR+TFRSSTG2
gVIuledUXQgkBW6nm3mT3bxSwMkK6PnPy6Dpkzm4VFt3JtO0ZpSV+RzMLifmNf1r
25lYiUUyimWbJGvZCMV9O2qKWwb+9AIYrItW74yUV2dRqqBZmP+IqJQ2p2mTWcjE
YBToZA5Yrd6iSfuKC/wd2kt3NkmsGdNGwFSy4tI6WjBkKKLygOKBvcpBzcNDgv06
ZB4mcyfac+KPiDA1QFvwV+OrU1u63wWDyfjkGCVkoq6WJkUxUZ4JVOq/7LolrxK8
d0mJojOMjTlr2Q+7KMINl9HDw0MhkYqY/fJv+AHOlcIGc2bVrJF0n9fWsc9gKdPu
c+2lIJLxzuojapXJXj+XpF6iPjh92F83W6iPbXZfu6AzvYQwGwve87CckurwElYY
bCDV0nXzmn5DYwEOuKtiflbmLW0qlXbjhX27B4yHmXsS3/Q7M/pMUy3mj4pchmxn
Iwr8pVoCgn8Z1hDJvyYPb4l0ERjY/MZghBJg+Yp4Q7CEWGOmyIPdi0visA9FN/xk
ekOYrjW9Jz3AlgMDPVCC
=uehl
-----END PGP SIGNATURE-----
Merge tag 'mac80211-for-davem-2015-08-14' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
Johannes Berg says:
====================
We have a single bugfix for an invalid memory read.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The dma_mapping_error() function returns true or false. We should
return -ENOMEM if it there is a dma mapping error.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
PPP devices may get automatically unregistered when their network
namespace is getting removed. This happens if the ppp control plane
daemon (e.g. pppd) exits while it is the last user of this namespace.
This leads to several races:
* ppp_exit_net() may destroy the per namespace idr (pn->units_idr)
before all file descriptors were released. Successive ppp_release()
calls may then cleanup PPP devices with ppp_shutdown_interface() and
try to use the already destroyed idr.
* Automatic device unregistration may also happen before the
ppp_release() call for that device gets executed. Once called on
the file owning the device, ppp_release() will then clean it up and
try to unregister it a second time.
To fix these issues, operations defined in ppp_shutdown_interface() are
moved to the PPP device's ndo_uninit() callback. This allows PPP
devices to be properly cleaned up by unregister_netdev() and friends.
So checking for ppp->owner is now an accurate test to decide if a PPP
device should be unregistered.
Setting ppp->owner is done in ppp_create_interface(), before device
registration, in order to avoid unprotected modification of this field.
Finally, ppp_exit_net() now starts by unregistering all remaining PPP
devices to ensure that none will get unregistered after the call to
idr_destroy().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, if phy state is PHY_RUNNING, we always register a CHANGE
when phy works in polling or interrupt ignored, this will make the
adjust_link being called even the phy link did Not changed.
checking the phy link to make sure the link did changed before we
register a CHANGE, if link did not changed, we do nothing.
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 8133534c76 ("net: limit tcp/udp rmem/wmem to
SOCK_{RCV,SND}BUF_MIN") modified four sysctls to enforce that the values
written to them are not less than SOCK_MIN_{RCV,SND}BUF.
That change causes 4096 to no longer be accepted as a valid value for
'min' in tcp_wmem and udp_wmem_min. 4096 has been the default for both
of those sysctls for a long time, and unfortunately seems to be an
extremely popular setting. This change breaks a large number of sysctl
configurations at Facebook.
That commit referred to b1cb59cf2e ("net: sysctl_net_core: check
SNDBUF and RCVBUF for min length"), which choose to use the SOCK_MIN
constants as the lower limits to avoid nasty bugs. But AFAICS, a limit
of SOCK_MIN_SNDBUF isn't necessary to do that: the BUG_ON cited in the
commit message seems to have happened because unix_stream_sendmsg()
expects a minimum of a full page (ie SK_MEM_QUANTUM) and the math broke,
not because it had less than SOCK_MIN_SNDBUF allocated.
This particular issue doesn't seem to affect TCP however: using a
setting of "1 1 1" for tcp_{r,w}mem works, although it's obviously
suboptimal. SK_MEM_QUANTUM would be a nice minimum, but it's 64K on
some archs, so there would still be breakage.
Since a value of one doesn't seem to cause any problems, we can drop the
minimum 8133534c added to fix this.
This reverts commit 8133534c76.
Fixes: 8133534c76 ("net: limit tcp/udp rmem/wmem to SOCK_MIN...")
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Sorin Dumitru <sorin@returnze.ro>
Signed-off-by: Calvin Owens <calvinowens@fb.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch increments privatecnt value and set DMA_PRIVATE in device
caps in dma_request_slave_channel() function. This is needed to keep
privatecnt increment/decrement balance.
As function dma_release_channel() decrements privatecnt counter, we need
to increment it when channel is requested. Otherwise privatecnt drops
into negatives after few dma_release_channel() calls.
Reported-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Pull crypto fixes from Herbert Xu:
"This fixes the following issues:
- a regression caused by the conversion of IPsec ESP to the new AEAD
interface: ESN with authencesn no longer works because it relied on
the AD input SG list having a specific layout which is no longer
the case. In linux-next authencesn is fixed properly and no longer
assumes anything about the SG list format. While for this release
a minimal fix is applied to authencesn so that it works with the
new linear layout.
- fix memory corruption caused by bogus index in the caam hash code.
- fix powerpc nx SHA hashing which could cause module load failures
if module signature verification is enabled"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: caam - fix memory corruption in ahash_final_ctx
crypto: nx - respect sg limit bounds when building sg lists for SHA
crypto: authencesn - Fix breakage with new ESP code
