1. 22 Aug, 2014 4 commits
    • Iyappan Subramanian's avatar
      net: xgene: fix possible NULL dereference in xgene_enet_free_desc_rings() · c10e4caf
      Iyappan Subramanian authored
      
      
      A NULL pointer dereference is possible for the argument ring->buf_pool
      which is passed to xgene_enet_free_desc_ring(), as ring could be NULL.
      
      And now since NULL pointers are being checked for before the calls to
      xgene_enet_free_desc_ring(), might as well take advantage of them and
      not call the function if the argument would be NULL.
      
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarIyappan Subramanian <isubramanian@apm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c10e4caf
    • Jiri Benc's avatar
      openvswitch: fix panic with multiple vlan headers · 2ba5af42
      Jiri Benc authored
      
      
      When there are multiple vlan headers present in a received frame, the first
      one is put into vlan_tci and protocol is set to ETH_P_8021Q. Anything in the
      skb beyond the VLAN TPID may be still non-linear, including the inner TCI
      and ethertype. While ovs_flow_extract takes care of IP and IPv6 headers, it
      does nothing with ETH_P_8021Q. Later, if OVS_ACTION_ATTR_POP_VLAN is
      executed, __pop_vlan_tci pulls the next vlan header into vlan_tci.
      
      This leads to two things:
      
      1. Part of the resulting ethernet header is in the non-linear part of the
         skb. When eth_type_trans is called later as the result of
         OVS_ACTION_ATTR_OUTPUT, kernel BUGs in __skb_pull. Also, __pop_vlan_tci
         is in fact accessing random data when it reads past the TPID.
      
      2. network_header points into the ethernet header instead of behind it.
         mac_len is set to a wrong value (10), too.
      
      Reported-by: default avatarYulong Pei <ypei@redhat.com>
      Signed-off-by: default avatarJiri Benc <jbenc@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2ba5af42
    • Benjamin Block's avatar
      net: ipv6: fib: don't sleep inside atomic lock · 793c3b40
      Benjamin Block authored
      
      
      The function fib6_commit_metrics() allocates a piece of memory in mode
      GFP_KERNEL while holding an atomic lock from higher up in the stack, in
      the function __ip6_ins_rt(). This produces the following BUG:
      
      > BUG: sleeping function called from invalid context at mm/slub.c:1250
      > in_atomic(): 1, irqs_disabled(): 0, pid: 2909, name: dhcpcd
      > 2 locks held by dhcpcd/2909:
      >  #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff81978e67>] rtnl_lock+0x17/0x20
      >  #1:  (&tb->tb6_lock){++--+.}, at: [<ffffffff81a6951a>] ip6_route_add+0x65a/0x800
      > CPU: 1 PID: 2909 Comm: dhcpcd Not tainted 3.17.0-rc1 #1
      > Hardware name: ASUS All Series/Q87T, BIOS 0216 10/16/2013
      >  0000000000000008 ffff8800c8f13858 ffffffff81af135a 0000000000000000
      >  ffff880212202430 ffff8800c8f13878 ffffffff810f8d3a ffff880212202c98
      >  0000000000000010 ffff8800c8f138c8 ffffffff8121ad0e 0000000000000001
      > Call Trace:
      >  [<ffffffff81af135a>] dump_stack+0x4e/0x68
      >  [<ffffffff810f8d3a>] __might_sleep+0x10a/0x120
      >  [<ffffffff8121ad0e>] kmem_cache_alloc_trace+0x4e/0x190
      >  [<ffffffff81a6bcd6>] ? fib6_commit_metrics+0x66/0x110
      >  [<ffffffff81a6bcd6>] fib6_commit_metrics+0x66/0x110
      >  [<ffffffff81a6cbf3>] fib6_add+0x883/0xa80
      >  [<ffffffff81a6951a>] ? ip6_route_add+0x65a/0x800
      >  [<ffffffff81a69535>] ip6_route_add+0x675/0x800
      >  [<ffffffff81a68f2a>] ? ip6_route_add+0x6a/0x800
      >  [<ffffffff81a6990c>] inet6_rtm_newroute+0x5c/0x80
      >  [<ffffffff8197cf01>] rtnetlink_rcv_msg+0x211/0x260
      >  [<ffffffff81978e67>] ? rtnl_lock+0x17/0x20
      >  [<ffffffff81119708>] ? lock_release_holdtime+0x28/0x180
      >  [<ffffffff81978e67>] ? rtnl_lock+0x17/0x20
      >  [<ffffffff8197ccf0>] ? __rtnl_unlock+0x20/0x20
      >  [<ffffffff819a989e>] netlink_rcv_skb+0x6e/0xd0
      >  [<ffffffff81978ee5>] rtnetlink_rcv+0x25/0x40
      >  [<ffffffff819a8e59>] netlink_unicast+0xd9/0x180
      >  [<ffffffff819a9600>] netlink_sendmsg+0x700/0x770
      >  [<ffffffff81103735>] ? local_clock+0x25/0x30
      >  [<ffffffff8194e83c>] sock_sendmsg+0x6c/0x90
      >  [<ffffffff811f98e3>] ? might_fault+0xa3/0xb0
      >  [<ffffffff8195ca6d>] ? verify_iovec+0x7d/0xf0
      >  [<ffffffff8194ec3e>] ___sys_sendmsg+0x37e/0x3b0
      >  [<ffffffff8111ef15>] ? trace_hardirqs_on_caller+0x185/0x220
      >  [<ffffffff81af979e>] ? mutex_unlock+0xe/0x10
      >  [<ffffffff819a55ec>] ? netlink_insert+0xbc/0xe0
      >  [<ffffffff819a65e5>] ? netlink_autobind.isra.30+0x125/0x150
      >  [<ffffffff819a6520>] ? netlink_autobind.isra.30+0x60/0x150
      >  [<ffffffff819a84f9>] ? netlink_bind+0x159/0x230
      >  [<ffffffff811f989a>] ? might_fault+0x5a/0xb0
      >  [<ffffffff8194f25e>] ? SYSC_bind+0x7e/0xd0
      >  [<ffffffff8194f8cd>] __sys_sendmsg+0x4d/0x80
      >  [<ffffffff8194f912>] SyS_sendmsg+0x12/0x20
      >  [<ffffffff81afc692>] system_call_fastpath+0x16/0x1b
      
      Fixing this by replacing the mode GFP_KERNEL with GFP_ATOMIC.
      
      Signed-off-by: default avatarBenjamin Block <bebl@mageta.org>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      793c3b40
    • Nimrod Andy's avatar
      net: fec: ptp: avoid register access when ipg clock is disabled · 91c0d987
      Nimrod Andy authored
      
      
      The current kernel hang on i.MX6SX with rootfs mount from MMC.
      The root cause is that ptp uses a periodic timer to access enet register
      even if ipg clock is disabled.
      
      FEC ptp driver start one period timer to read 1588 counter register in the
      ptp init function that is called after FEC driver is probed.
      
      To save power, after FEC probe finish, FEC driver disable all clocks including
      ipg clock that is needed for register access.
      
      i.MX5x, i.MX6q/dl/sl FEC register access don't cause system hang when ipg clock
      is disabled, just return zero value. But for i.MX6sx SOC, it cause system hang.
      
      To avoid the issue, we need to check ptp clock status before ptp timer count access.
      
      Signed-off-by: default avatarFugang Duan <B38611@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      91c0d987
  2. 21 Aug, 2014 18 commits
  3. 19 Aug, 2014 4 commits
    • David S. Miller's avatar
      tipc: Fix build. · 02784f1b
      David S. Miller authored
      
      
      Missing semicolon in range check fix.
      
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      02784f1b
    • David S. Miller's avatar
      Merge branch 'cbq-fixes' · d3b6f9ff
      David S. Miller authored
      Vasily Averin says:
      
      ====================
      cbq: incorrectly low bandwidth blocks limited traffic
      
      v2: patch description changes
      Fixes: f0f6ee1f ("cbq: incorrect processing of high limits")
      
      Mainstream commit f0f6ee1f ("cbq: incorrect processing of high limits")
      have side effect: if cbq bandwidth setting is less than real interface
      throughput non-limited traffic can delay limited traffic for a very long time.
      
      This happen because of q->now changes incorrectly in cbq_dequeue():
      in described scenario L2T is much greater than real time delay,
      and q->now gets an extra boost for each transmitted packet.
      
      Accumulated boost prevents update q->now, and blocked class can wait
      very long time until (q->now >= cl->undertime) will be true again.
      
      More detailed problem description can be found here:
      http://www.spinics.net/lists/netdev/msg292493.html
      
      
      
      Following patches should fix the problem.
      ====================
      
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3b6f9ff
    • Vasily Averin's avatar
      cbq: now_rt removal · 7201c1dd
      Vasily Averin authored
      
      
      Now q->now_rt is identical to q->now and is not required anymore.
      
      Signed-off-by: default avatarVasily Averin <vvs@openvz.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7201c1dd
    • Vasily Averin's avatar
      cbq: incorrectly low bandwidth setting blocks limited traffic · 73d0f37a
      Vasily Averin authored
      Mainstream commit f0f6ee1f ("cbq: incorrect processing of high limits")
      have side effect: if cbq bandwidth setting is less than real interface
      throughput non-limited traffic can delay limited traffic for a very long time.
      
      This happen because of q->now changes incorrectly in cbq_dequeue():
      in described scenario L2T is much greater than real time delay,
      and q->now gets an extra boost for each transmitted packet.
      
      Accumulated boost prevents update q->now, and blocked class can wait
      very long time until (q->now >= cl->undertime) will be true again.
      
      To fix the problem the patch updates q->now on each cbq_update() call.
      L2T-related pre-modification q->now was moved to cbq_update().
      
      My testing confirmed that it fixes the problem and did not discover
      any side-effects
      
      Fixes: f0f6ee1f
      
       ("cbq: incorrect processing of high limits")
      
      Signed-off-by: default avatarVasily Averin <vvs@openvz.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      73d0f37a
  4. 16 Aug, 2014 8 commits
  5. 15 Aug, 2014 3 commits
  6. 14 Aug, 2014 3 commits
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.17-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · c9d26423
      Linus Torvalds authored
      Pull more ACPI and power management updates from Rafael Wysocki:
       "These are a couple of regression fixes, cpuidle menu governor
        optimizations, fixes for ACPI proccessor and battery drivers,
        hibernation fix to avoid problems related to the e820 memory map,
        fixes for a few cpufreq drivers and a new version of the suspend
        profiling tool analyze_suspend.py.
      
        Specifics:
      
         - Fix for an ACPI-based device hotplug regression introduced in 3.14
           that causes a kernel panic to trigger when memory hot-remove is
           attempted with CONFIG_ACPI_HOTPLUG_MEMORY unset from Tang Chen
      
         - Fix for a cpufreq regression introduced in 3.16 that triggers a
           "sleeping function called from invalid context" bug in
           dev_pm_opp_init_cpufreq_table() from Stephen Boyd
      
         - ACPI battery driver fix for a warning message added in 3.16 that
           prints silly stuff sometimes from Mariusz Ceier
      
         - Hibernation fix for safer handling of mismatches in the 820 memory
           map between the configurations during image creation and during the
           subsequent restore from Chun-Yi Lee
      
         - ACPI processor driver fix to handle CPU hotplug notifications
           correctly during system suspend/resume from Lan Tianyu
      
         - Series of four cpuidle menu governor cleanups that also should
           speed it up a bit from Mel Gorman
      
         - Fixes for the speedstep-smi, integrator, cpu0 and arm_big_little
           cpufreq drivers from Hans Wennborg, Himangi Saraogi, Markus
           Pargmann and Uwe Kleine-König
      
         - Version 3.0 of the analyze_suspend.py suspend profiling tool from
           Todd E Brandt"
      
      * tag 'pm+acpi-3.17-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI / battery: Fix warning message in acpi_battery_get_state()
        PM / tools: analyze_suspend.py: update to v3.0
        cpufreq: arm_big_little: fix module license spec
        cpufreq: speedstep-smi: fix decimal printf specifiers
        ACPI / hotplug: Check scan handlers in acpi_scan_hot_remove()
        cpufreq: OPP: Avoid sleeping while atomic
        cpufreq: cpu0: Do not print error message when deferring
        cpufreq: integrator: Use set_cpus_allowed_ptr
        PM / hibernate: avoid unsafe pages in e820 reserved regions
        ACPI / processor: Make acpi_cpu_soft_notify() process CPU FROZEN events
        cpuidle: menu: Lookup CPU runqueues less
        cpuidle: menu: Call nr_iowait_cpu less times
        cpuidle: menu: Use ktime_to_us instead of reinventing the wheel
        cpuidle: menu: Use shifts when calculating averages where possible
      c9d26423
    • Linus Torvalds's avatar
      Merge tag 'pci-v3.17-changes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · a11c5c9e
      Linus Torvalds authored
      Pull DEFINE_PCI_DEVICE_TABLE removal from Bjorn Helgaas:
       "Part two of the PCI changes for v3.17:
      
          - Remove DEFINE_PCI_DEVICE_TABLE macro use (Benoit Taine)
      
        It's a mechanical change that removes uses of the
        DEFINE_PCI_DEVICE_TABLE macro.  I waited until later in the merge
        window to reduce conflicts, but it's possible you'll still see a few"
      
      * tag 'pci-v3.17-changes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: Remove DEFINE_PCI_DEVICE_TABLE macro use
      a11c5c9e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 179c0ac6
      Linus Torvalds authored
      Pull Sparc fixes from David Miller:
       "Hook up the memfd syscall, and properly claim all PCI resources
        discovered when building the PCI device tree"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc: Hook up memfd_create system call.
        sparc64: Properly claim resources as each PCI bus is probed.
        sparc64: Skip bogus PCI bridge ranges.
        sparc64: Expand PCI bridge probing debug logging.
      179c0ac6