Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4

2018-05-25 Thread Jiri Slaby 
On 05/16/2018, 03:36 PM, Jiri Slaby wrote:
> So I assume it must be a problem of making usb->disconnect without prior
> ndo->close (or alike).

So according to my debug messages, I think this should workaround the
problem:
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -3962,7 +3962,8 @@ static int rtl8152_close(struct net_device *netdev)
 #ifdef CONFIG_PM_SLEEP
unregister_pm_notifier(>pm_notifier);
 #endif
-   napi_disable(>napi);
+   if (!test_bit(RTL8152_UNPLUG, >flags))
+   napi_disable(>napi);
clear_bit(WORK_ENABLE, >flags);
usb_kill_urb(tp->intr_urb);
cancel_delayed_work_sync(>schedule);


napi is deleted in usb->disconnect, then unregister_netdev is called
which invokes netdev->ndo_stop, i.e. rtl8152_close above. And
rtl8152_close tries to napi_disable, but that is already deleted.

The patch does not solve the race between disconnect and ndo_stop
AFAICS. It needs locking, IMO. I am not familiar enough with the code,
but it looks like ->disconnect can happen any time while ->stop is in
progress.

thanks,
-- 
js
suse labs

Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4

2018-05-16 Thread Jiri Slaby 
On 05/16/2018, 03:29 PM, Jiri Slaby wrote:
> On 05/16/2018, 02:07 PM, Hayes Wang wrote:
>> Oliver Neukum [mailto:oneu...@suse.com]
>>> Sent: Wednesday, May 16, 2018 6:10 PM
>> [...]
>>>> Besides, I find a similar issue as following.
>>>> https://www.spinics.net/lists/netdev/msg493512.html
>>>
>>> Well, if we have an imbalance in NAPI it should strike whereever
>>> it is used, not just in suspend(). Is there debugging for NAPI
>>> we could activate?
>>
>> No. The driver doesn't embed such debugging about it.
> 
> Despite of that, Oliver, I have a kernel with a debug patch (attached)
> at (suse-only link):
> https://build.suse.de/project/show/home:jirislaby:stable-drm
> 
>> And I don't find an imbalance between napi_disable() and napi_enable().
> 
> There is none, apparently (the warns never triggered). BUt still the
> driver sucks wrt both power mgmt and dock plug/unplug. Since I am using
> the patch (it upper-bounds the napi_disable loop count) and the udev
> rule below, I can really use the nic.

BTW the added warning to napi_disable indeed triggers:

> xzgrep -a -B 2 kernel:.*WARNING.*napi messages-20180*
> messages-20180503.xz:2018-04-27T09:57:00.048922+02:00 anemoi2 kernel: 
> [158616.363052] [ cut here ]
> messages-20180503.xz:2018-04-27T09:57:00.048979+02:00 anemoi2 kernel: 
> [158616.363070] NAPI_STATE_SCHED never cleared
> messages-20180503.xz:2018-04-27T09:57:00.048988+02:00 anemoi2 kernel: 
> [158616.363120] WARNING: CPU: 1 PID: 14365 at ../net/core/dev.c:5665 
> napi_disable+0x3d/0x80

And since I do 'ip l set dev ethX down' before unplugging the dock with
the NIC, I have not seen a single occurrence.

So I assume it must be a problem of making usb->disconnect without prior
ndo->close (or alike).

thanks,
-- 
js
suse labs

Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4

2018-05-16 Thread Jiri Slaby 
On 05/16/2018, 02:07 PM, Hayes Wang wrote:
> Oliver Neukum [mailto:oneu...@suse.com]
>> Sent: Wednesday, May 16, 2018 6:10 PM
> [...]
>>> Besides, I find a similar issue as following.
>>> https://www.spinics.net/lists/netdev/msg493512.html
>>
>> Well, if we have an imbalance in NAPI it should strike whereever
>> it is used, not just in suspend(). Is there debugging for NAPI
>> we could activate?
> 
> No. The driver doesn't embed such debugging about it.

Despite of that, Oliver, I have a kernel with a debug patch (attached)
at (suse-only link):
https://build.suse.de/project/show/home:jirislaby:stable-drm

> And I don't find an imbalance between napi_disable() and napi_enable().

There is none, apparently (the warns never triggered). BUt still the
driver sucks wrt both power mgmt and dock plug/unplug. Since I am using
the patch (it upper-bounds the napi_disable loop count) and the udev
rule below, I can really use the nic.

$ cat /etc/udev/rules.d/10-disable-r8152-pm.rules
ACTION=="add", SUBSYSTEM=="usb", ATTR{idProduct}=="8153",
ATTR{idVendor}=="0bda", TEST=="power/control", ATTR{power/control}="on"

thanks,
-- 
js
suse labs
---
 drivers/net/usb/r8152.c |   62 +++-
 net/core/dev.c  |   14 +-
 2 files changed, 53 insertions(+), 23 deletions(-)

--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -704,6 +704,8 @@ struct r8152 {
 	unsigned long flags;
 	struct usb_device *udev;
 	struct napi_struct napi;
+	int napi_stat;
+	void *napi_last_en, *napi_last_dis;
 	struct usb_interface *intf;
 	struct net_device *netdev;
 	struct urb *intr_urb;
@@ -775,6 +777,31 @@ static unsigned int agg_buf_sz = 16384;
 #define RTL_LIMITED_TSO_SIZE	(agg_buf_sz - sizeof(struct tx_desc) - \
  VLAN_ETH_HLEN - ETH_FCS_LEN)
 
+static void my_napi_enable(struct r8152 *tp)
+{
+	if (tp->napi_stat == 0) {
+		napi_enable(>napi);
+		tp->napi_stat++;
+		tp->napi_last_en = (void *)_RET_IP_;
+		return;
+	}
+
+	WARN(1, "napi_stat=%d\n", tp->napi_stat);
+}
+
+static void my_napi_disable(struct r8152 *tp)
+{
+	if (tp->napi_stat == 1) {
+		napi_disable(>napi);
+		tp->napi_stat--;
+		tp->napi_last_dis = (void *)_RET_IP_;
+		return;
+	}
+
+	WARN(1, "napi_stat=%d last_dis=%pF last_en=%pF\n",
+			tp->napi_stat, tp->napi_last_en, tp->napi_last_dis);
+}
+
 static
 int get_registers(struct r8152 *tp, u16 value, u16 index, u16 size, void *data)
 {
@@ -3787,7 +3814,6 @@ static bool rtl8153_in_nway(struct r8152
 static void set_carrier(struct r8152 *tp)
 {
 	struct net_device *netdev = tp->netdev;
-	struct napi_struct *napi = >napi;
 	u8 speed;
 
 	speed = rtl8152_get_speed(tp);
@@ -3796,12 +3822,12 @@ static void set_carrier(struct r8152 *tp
 		if (!netif_carrier_ok(netdev)) {
 			tp->rtl_ops.enable(tp);
 			netif_stop_queue(netdev);
-			napi_disable(napi);
+			my_napi_disable(tp);
 			netif_carrier_on(netdev);
 			rtl_start_rx(tp);
 			clear_bit(RTL8152_SET_RX_MODE, >flags);
 			_rtl8152_set_rx_mode(netdev);
-			napi_enable(>napi);
+			my_napi_enable(tp);
 			netif_wake_queue(netdev);
 			netif_info(tp, link, netdev, "carrier on\n");
 		} else if (netif_queue_stopped(netdev) &&
@@ -3811,9 +3837,9 @@ static void set_carrier(struct r8152 *tp
 	} else {
 		if (netif_carrier_ok(netdev)) {
 			netif_carrier_off(netdev);
-			napi_disable(napi);
+			my_napi_disable(tp);
 			tp->rtl_ops.disable(tp);
-			napi_enable(napi);
+			my_napi_enable(tp);
 			netif_info(tp, link, netdev, "carrier off\n");
 		}
 	}
@@ -3934,7 +3960,7 @@ static int rtl8152_open(struct net_devic
 			   res);
 		goto out_unlock;
 	}
-	napi_enable(>napi);
+	my_napi_enable(tp);
 
 	mutex_unlock(>control);
 
@@ -3962,7 +3988,7 @@ static int rtl8152_close(struct net_devi
 #ifdef CONFIG_PM_SLEEP
 	unregister_pm_notifier(>pm_notifier);
 #endif
-	napi_disable(>napi);
+	my_napi_disable(tp);
 	clear_bit(WORK_ENABLE, >flags);
 	usb_kill_urb(tp->intr_urb);
 	cancel_delayed_work_sync(>schedule);
@@ -4230,7 +4256,7 @@ static int rtl8152_pre_reset(struct usb_
 		return 0;
 
 	netif_stop_queue(netdev);
-	napi_disable(>napi);
+	my_napi_disable(tp);
 	clear_bit(WORK_ENABLE, >flags);
 	usb_kill_urb(tp->intr_urb);
 	cancel_delayed_work_sync(>schedule);
@@ -4264,7 +4290,7 @@ static int rtl8152_post_reset(struct usb
 		mutex_unlock(>control);
 	}
 
-	napi_enable(>napi);
+	my_napi_enable(tp);
 	netif_wake_queue(netdev);
 	usb_submit_urb(tp->intr_urb, GFP_KERNEL);
 
@@ -4302,10 +4328,8 @@ static int rtl8152_runtime_resume(struct
 	struct net_device *netdev = tp->netdev;
 
 	if (netif_running(netdev) && netdev->flags & IFF_UP) {
-		struct napi_struct *napi = >napi;
-
 		tp->rtl_ops.autosuspend_en(tp, false);
-		napi_disable(napi);
+		my_napi_disable(tp);
 		set_bit(WORK_ENABLE, >flags);
 
 		if (netif_carrier_ok(netdev)) {
@@ -4318,7 +4342,7 @@ static int rtl8152_runtime_resume(struct
 			}
 		}
 
-		napi_enable(napi);
+		my_napi_enable(tp);
 		clear_bit(SELECTIVE_SUSPEND, >flags);
 		smp_mb__after_atomic();
 
@@ -4388,13 +4412,11 @@ static

Bluetooth/lock_sock: false positive "WARNING: possible recursive locking detected"

2018-04-22 Thread Jiri Slaby 
Hi,

I have just got this lockdep warning during suspend:
> [ 2891.586061] 
> [ 2891.586063] WARNING: possible recursive locking detected
> [ 2891.586065] 4.16.2-10.ge881e16-default #1 Not tainted
> [ 2891.586067] 
> [ 2891.586068] kworker/u9:3/873 is trying to acquire lock:
> [ 2891.586070]  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: 
> [<7b85e829>] bt_accept_enqueue+0x29/0x90 [bluetooth]
> [ 2891.586086]
>but task is already holding lock:
> [ 2891.586088]  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: 
> [<42f0b4a5>] l2cap_sock_new_connection_cb+0x18/0xa0 [bluetooth]
> [ 2891.586109]
>other info that might help us debug this:
> [ 2891.586111]  Possible unsafe locking scenario:
> 
> [ 2891.586115]CPU0
> [ 2891.586116]
> [ 2891.586117]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
> [ 2891.586120]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
> [ 2891.586122]
> *** DEADLOCK ***
> 
> [ 2891.586125]  May be due to missing lock nesting notation
> 
> [ 2891.586127] 5 locks held by kworker/u9:3/873:
> [ 2891.586128]  #0:  ((wq_completion)"%s"hdev->name#2){+.+.}, at: 
> [<4aa1a273>] process_one_work+0x1e3/0x6a0
> [ 2891.586135]  #1:  ((work_completion)(>rx_work)){+.+.}, at: 
> [<4aa1a273>] process_one_work+0x1e3/0x6a0
> [ 2891.586140]  #2:  (>chan_lock){+.+.}, at: [] 
> l2cap_connect+0x88/0x540 [bluetooth]
> [ 2891.586155]  #3:  (>lock/2){+.+.}, at: [<7c38e27e>] 
> l2cap_connect+0xa0/0x540 [bluetooth]
> [ 2891.586170]  #4:  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: 
> [<42f0b4a5>] l2cap_sock_new_connection_cb+0x18/0xa0 [bluetooth]
> [ 2891.586183]
>stack backtrace:
> [ 2891.586187] CPU: 2 PID: 873 Comm: kworker/u9:3 Not tainted 
> 4.16.2-10.ge881e16-default #1 openSUSE Tumbleweed (unreleased)
> [ 2891.586189] Hardware name: Dell Inc. Latitude 7280/0KK5D1, BIOS 1.9.3 
> 03/09/2018
> [ 2891.586200] Workqueue: hci0 hci_rx_work [bluetooth]
> [ 2891.586202] Call Trace:
> [ 2891.586207]  dump_stack+0x85/0xc5
> [ 2891.586211]  __lock_acquire+0x6b4/0x1370
> [ 2891.586221]  lock_acquire+0x9f/0x210
> [ 2891.586237]  lock_sock_nested+0x5a/0x80
> [ 2891.586256]  bt_accept_enqueue+0x29/0x90 [bluetooth]
> [ 2891.586268]  l2cap_sock_new_connection_cb+0x5d/0xa0 [bluetooth]
> [ 2891.586280]  l2cap_connect+0x126/0x540 [bluetooth]
> [ 2891.586315]  l2cap_sig_channel+0x443/0x13b0 [bluetooth]
> [ 2891.586330]  l2cap_recv_frame+0x1a4/0x300 [bluetooth]
> [ 2891.586341]  hci_rx_work+0x1c8/0x5c0 [bluetooth]
> [ 2891.586345]  process_one_work+0x269/0x6a0
> [ 2891.586350]  worker_thread+0x2b/0x3d0
> [ 2891.586356]  kthread+0x113/0x130
> [ 2891.586363]  ret_from_fork+0x24/0x50
> [ 4954.622809] e1000e: eth0 NIC Link is Down
> [ 4955.299532] PM: suspend entry (deep)
> [ 4955.299538] PM: Syncing filesystems ... done.

This is:
  lock_sock(sk);   in bt_accept_enqueue
nested in
  lock_sock(parent);   in l2cap_sock_new_connection_cb

So this looks like a false positive to me. So I believe this is a fix:

--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1232,7 +1232,7 @@ static struct l2cap_chan
*l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
 {
struct sock *sk, *parent = chan->data;

-   lock_sock(parent);
+   lock_sock_nested(parent, L2CAP_NESTING_PARENT);

/* Check for backlog size */
if (sk_acceptq_is_full(parent)) {


?

thanks,
-- 
js
suse labs

Re: r8152 livelocks during pm_runtime_suspend

2018-03-30 Thread Jiri Slaby 
On 03/30/2018, 03:17 PM, Jiri Slaby wrote:
> Hi,
> 
> I have seen r8152 from my docking station to kill my box several times
> in the last few days. The notebook is new, so I don't know if this is a
> regression.

Forgot to add, I am seeing this in dmesg:
[   13.353239] r8152 4-1.2:1.0 (unnamed net_device) (uninitialized):
Using pass-thru MAC addr d8:9e:f3:f6:6d:0c
[   13.365082] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[   13.390990] r8152 4-1.2:1.0 eth1: v1.09.9
[   13.399314] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   13.552529] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   13.561268] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   13.736582] nf_conntrack version 0.5.0 (65536 buckets, 262144 max)
[   14.198646] bridge: filtering via arp/ip/ip6tables is no longer
available by default. Update your scripts to load br_netfilter if you
need this.
[   14.537233] Netfilter messages via NETLINK v0.30.
[   14.544740] ip_set: protocol 6
[   16.697657] r8152 4-1.2:1.0 eth1: carrier on
[   16.697724] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   16.847718] NET: Registered protocol family 17
[   20.629344] fuse init (API version 7.26)
[   21.371334] Bluetooth: RFCOMM TTY layer initialized
[   21.371343] Bluetooth: RFCOMM socket layer initialized
[   21.371353] Bluetooth: RFCOMM ver 1.11
[   21.753577] tun: Universal TUN/TAP device driver, 1.6
[   25.992820] retire_capture_urb: 2491 callbacks suppressed
[  118.054869] NOHZ: local_softirq_pending 08
[  118.056988] NOHZ: local_softirq_pending 08
[  185.562659] NOHZ: local_softirq_pending 08

08 seems to be NET_RX_SOFTIRQ. So is this related?

Kernel version: 4.15.14

> I have the NIC connected all the time. And when I return to the notebook
> after a while, the networking is dead. Looking at the stack traces, it
> is clear, that r8152 was attempted to be autosuspended and waits in
> napi_disable for NAPI_STATE_SCHED bit to be cleared:
> [22001.018437] kworker/2:0 D0 16267  2 0x8000
> [22001.018441] Workqueue: pm pm_runtime_work
> [22001.018443] Call Trace:
> [22001.018453]  schedule+0x2f/0x90
> [22001.018455]  schedule_timeout+0x1ce/0x540
> [22001.018474]  msleep+0x29/0x30
> [22001.018477]  napi_disable+0x25/0x60
> [22001.018483]  rtl8152_suspend+0x20a/0x2d0 [r8152]
> [22001.018493]  usb_suspend_both+0x8d/0x200 [usbcore]
> [22001.018510]  usb_runtime_suspend+0x2a/0x70 [usbcore]
> [22001.018514]  __rpm_callback+0xbc/0x1f0
> [22001.018519]  rpm_callback+0x4f/0x70
> [22001.018526]  rpm_suspend+0x11d/0x6d0
> [22001.018532]  pm_runtime_work+0x73/0xb0
> [22001.018535]  process_one_work+0x269/0x6c0
> [22001.018541]  worker_thread+0x2b/0x3d0
> [22001.018547]  kthread+0x113/0x130
> [22001.018556]  ret_from_fork+0x24/0x50
> 
> The assembly:
>> 81716730 :
>> 81716730:   e8 eb b7 2e 00  callq  81a01f20 
>> <__fentry__>
>> 81716735:   55  push   %rbp
>> 81716736:   48 89 fdmov%rdi,%rbp
>> 81716739:   53  push   %rbx
>> 8171673a:   48 8d 5f 10 lea0x10(%rdi),%rbx
>> 8171673e:   f0 80 4f 10 04  lock orb $0x4,0x10(%rdi)
>> 81716743:   f0 0f ba 6f 10 00   lock btsl $0x0,0x10(%rdi)
>> 81716749:   73 11   jae8171675c 
>> <napi_disable+0x2c>
>> 8171674b:   bf 01 00 00 00  mov$0x1,%edi
>> 81716750:   e8 ab ac a0 ff  callq  81121400 
>> 
>> 81716755:   f0 0f ba 2b 00  lock btsl $0x0,(%rbx)
>> 8171675a:   72 ef   jb 8171674b 
>> <napi_disable+0x1b>
> 
> 
> 
> 
> 
> There are other tasks in D state, of course, like these, waiting for the
> device to become pm-up:
> [22001.018749] kworker/3:1 D0 16798  2 0x8000
> [22001.018753] Workqueue: events rtl_work_func_t [r8152]
> [22001.018755] Call Trace:
> [22001.018767]  schedule+0x2f/0x90
> [22001.018769]  rpm_resume+0xf9/0x860
> [22001.018777]  rpm_resume+0x592/0x860
> [22001.018783]  __pm_runtime_resume+0x3a/0x50
> [22001.018789]  usb_autopm_get_interface+0x1d/0x50 [usbcore]
> [22001.018793]  rtl_work_func_t+0x3e/0x405 [r8152]
> [22001.018801]  process_one_work+0x269/0x6c0
> [22001.018807]  worker_thread+0x2b/0x3d0
> [22001.018813]  kthread+0x113/0x130
> [22001.018822]  ret_from_fork+0x24/0x50
> [22001.019713] tcpdump D0 17119   4265 0x0004
> [22001.019716] Call Trace:
> [22001.019728]  schedule+0x2f/0x90
> [22001.019730]  rpm_resume+0xf9/0x860
> [22001.019738]  rpm_resume+0x592/0x860
> [22001.019744]  __pm_runtime_resume+0x

r8152 livelocks during pm_runtime_suspend

2018-03-30 Thread Jiri Slaby 
Hi,

I have seen r8152 from my docking station to kill my box several times
in the last few days. The notebook is new, so I don't know if this is a
regression.

I have the NIC connected all the time. And when I return to the notebook
after a while, the networking is dead. Looking at the stack traces, it
is clear, that r8152 was attempted to be autosuspended and waits in
napi_disable for NAPI_STATE_SCHED bit to be cleared:
[22001.018437] kworker/2:0 D0 16267  2 0x8000
[22001.018441] Workqueue: pm pm_runtime_work
[22001.018443] Call Trace:
[22001.018453]  schedule+0x2f/0x90
[22001.018455]  schedule_timeout+0x1ce/0x540
[22001.018474]  msleep+0x29/0x30
[22001.018477]  napi_disable+0x25/0x60
[22001.018483]  rtl8152_suspend+0x20a/0x2d0 [r8152]
[22001.018493]  usb_suspend_both+0x8d/0x200 [usbcore]
[22001.018510]  usb_runtime_suspend+0x2a/0x70 [usbcore]
[22001.018514]  __rpm_callback+0xbc/0x1f0
[22001.018519]  rpm_callback+0x4f/0x70
[22001.018526]  rpm_suspend+0x11d/0x6d0
[22001.018532]  pm_runtime_work+0x73/0xb0
[22001.018535]  process_one_work+0x269/0x6c0
[22001.018541]  worker_thread+0x2b/0x3d0
[22001.018547]  kthread+0x113/0x130
[22001.018556]  ret_from_fork+0x24/0x50

The assembly:
> 81716730 :
> 81716730:   e8 eb b7 2e 00  callq  81a01f20 
> <__fentry__>
> 81716735:   55  push   %rbp
> 81716736:   48 89 fdmov%rdi,%rbp
> 81716739:   53  push   %rbx
> 8171673a:   48 8d 5f 10 lea0x10(%rdi),%rbx
> 8171673e:   f0 80 4f 10 04  lock orb $0x4,0x10(%rdi)
> 81716743:   f0 0f ba 6f 10 00   lock btsl $0x0,0x10(%rdi)
> 81716749:   73 11   jae8171675c 
> 
> 8171674b:   bf 01 00 00 00  mov$0x1,%edi
> 81716750:   e8 ab ac a0 ff  callq  81121400 
> 
> 81716755:   f0 0f ba 2b 00  lock btsl $0x0,(%rbx)
> 8171675a:   72 ef   jb 8171674b 
> 





There are other tasks in D state, of course, like these, waiting for the
device to become pm-up:
[22001.018749] kworker/3:1 D0 16798  2 0x8000
[22001.018753] Workqueue: events rtl_work_func_t [r8152]
[22001.018755] Call Trace:
[22001.018767]  schedule+0x2f/0x90
[22001.018769]  rpm_resume+0xf9/0x860
[22001.018777]  rpm_resume+0x592/0x860
[22001.018783]  __pm_runtime_resume+0x3a/0x50
[22001.018789]  usb_autopm_get_interface+0x1d/0x50 [usbcore]
[22001.018793]  rtl_work_func_t+0x3e/0x405 [r8152]
[22001.018801]  process_one_work+0x269/0x6c0
[22001.018807]  worker_thread+0x2b/0x3d0
[22001.018813]  kthread+0x113/0x130
[22001.018822]  ret_from_fork+0x24/0x50
[22001.019713] tcpdump D0 17119   4265 0x0004
[22001.019716] Call Trace:
[22001.019728]  schedule+0x2f/0x90
[22001.019730]  rpm_resume+0xf9/0x860
[22001.019738]  rpm_resume+0x592/0x860
[22001.019744]  __pm_runtime_resume+0x3a/0x50
[22001.019750]  usb_autopm_get_interface+0x1d/0x50 [usbcore]
[22001.019754]  rtl8152_ioctl+0x30/0x140 [r8152]
[22001.019758]  dev_ifsioc+0x115/0x3f0
[22001.019763]  dev_ioctl+0x14b/0x680
[22001.019775]  sock_do_ioctl+0x41/0x50
[22001.019778]  sock_ioctl+0x1c2/0x2f0
[22001.019781]  do_vfs_ioctl+0x91/0x680
[22001.019789]  SyS_ioctl+0x74/0x80
[22001.019794]  do_syscall_64+0x76/0x1c0

...

> Showing all locks held in the system: 
> 1 lock held by in:imklog/1371:
>  #0:  (>f_pos_lock){+.+.}, at: [] __fdget_pos+0x3f/0x50
> 1 lock held by Qt bearer threa/3003:
>  #0:  (rtnl_mutex){+.+.}, at: [<21e0bca0>] 
> __netlink_dump_start+0x4c/0x1b0
> 1 lock held by Qt bearer threa/2825:
>  #0:  (rtnl_mutex){+.+.}, at: [<21e0bca0>] 
> __netlink_dump_start+0x4c/0x1b0
> 1 lock held by DNS Res~ver #40/17041:
>  #0:  (rtnl_mutex){+.+.}, at: [<21e0bca0>] 
> __netlink_dump_start+0x4c/0x1b0
> 1 lock held by Qt bearer threa/3110:
>  #0:  (rtnl_mutex){+.+.}, at: [<21e0bca0>] 
> __netlink_dump_start+0x4c/0x1b0
> 1 lock held by DNS Res~ver #16/17044:
>  #0:  (rtnl_mutex){+.+.}, at: [<21e0bca0>] 
> __netlink_dump_start+0x4c/0x1b0
> 2 locks held by bash/4561:
>  #0:  (>ldisc_sem){}, at: [] 
> tty_ldisc_ref_wait+0x24/0x50
>  #1:  (>atomic_read_lock){+.+.}, at: [<91462d05>] 
> n_tty_read+0xc3/0x850
> 3 locks held by kworker/2:0/16267:
>  #0:  ((wq_completion)"pm"){+.+.}, at: [] 
> process_one_work+0x1e3/0x6c0
>  #1:  ((work_completion)(>power.work)){+.+.}, at: [] 
> process_one_work+0x1e3/0x6c0
>  #2:  (>control){+.+.}, at: [] 
> rtl8152_suspend+0x2b/0x2d0 [r8152]
> 2 locks held by kworker/3:1/16798:
>  #0:  ((wq_completion)"events"){+.+.}, at: [] 
> process_one_work+0x1e3/0x6c0
>  #1:  ((work_completion)(&(>schedule)->work)){+.+.}, at: 
> []

[PATCH 4.4-stable 7/7] bpf, array: fix overflow in max_entries and undefined behavior in index_mask

2018-01-12 Thread Jiri Slaby 
From: Daniel Borkmann <dan...@iogearbox.net>

commit bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 upstream.

syzkaller tried to alloc a map with 0xfffd entries out of a userns,
and thus unprivileged. With the recently added logic in b2157399cc98
("bpf: prevent out-of-bounds speculation") we round this up to the next
power of two value for max_entries for unprivileged such that we can
apply proper masking into potentially zeroed out map slots.

However, this will generate an index_mask of 0x, and therefore
a + 1 will let this overflow into new max_entries of 0. This will pass
allocation, etc, and later on map access we still enforce on the original
attr->max_entries value which was 0xfffd, therefore triggering GPF
all over the place. Thus bail out on overflow in such case.

Moreover, on 32 bit archs roundup_pow_of_two() can also not be used,
since fls_long(max_entries - 1) can result in 32 and 1UL << 32 in 32 bit
space is undefined. Therefore, do this by hand in a 64 bit variable.

This fixes all the issues triggered by syzkaller's reproducers.

Fixes: b2157399cc98 ("bpf: prevent out-of-bounds speculation")
Reported-by: syzbot+b0efb8e572d01bce1...@syzkaller.appspotmail.com
Reported-by: syzbot+6c15e9744f75f2364...@syzkaller.appspotmail.com
Reported-by: syzbot+d2f5524fb46fd3b31...@syzkaller.appspotmail.com
Reported-by: syzbot+61d23c95395cc90db...@syzkaller.appspotmail.com
Reported-by: syzbot+0d363c942452cca68...@syzkaller.appspotmail.com
Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 kernel/bpf/arraymap.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 56f8a8306a49..3608fa1aec8a 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -23,6 +23,7 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
u32 elem_size, array_size, index_mask, max_entries;
bool unpriv = !capable(CAP_SYS_ADMIN);
struct bpf_array *array;
+   u64 mask64;
 
/* check sanity of attributes */
if (attr->max_entries == 0 || attr->key_size != 4 ||
@@ -38,13 +39,25 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
elem_size = round_up(attr->value_size, 8);
 
max_entries = attr->max_entries;
-   index_mask = roundup_pow_of_two(max_entries) - 1;
 
-   if (unpriv)
+   /* On 32 bit archs roundup_pow_of_two() with max_entries that has
+* upper most bit set in u32 space is undefined behavior due to
+* resulting 1U << 32, so do it manually here in u64 space.
+*/
+   mask64 = fls_long(max_entries - 1);
+   mask64 = 1ULL << mask64;
+   mask64 -= 1;
+
+   index_mask = mask64;
+   if (unpriv) {
/* round up array size to nearest power of 2,
 * since cpu will speculate within index_mask limits
 */
max_entries = index_mask + 1;
+   /* Check for overflows. */
+   if (max_entries < attr->max_entries)
+   return ERR_PTR(-E2BIG);
+   }
 
/* check round_up into zero and u32 overflow */
if (elem_size == 0 ||
-- 
2.15.1

[PATCH 4.4-stable 2/6] bpf: don't (ab)use instructions to store state

2018-01-12 Thread Jiri Slaby 
From: Jakub Kicinski <jakub.kicin...@netronome.com>

commit 3df126f35f88dc76eea33769f85a3c3bb8ce6c6b upstream.

Storing state in reserved fields of instructions makes
it impossible to run verifier on programs already
marked as read-only. Allocate and use an array of
per-instruction state instead.

While touching the error path rename and move existing
jump target.

Suggested-by: Alexei Starovoitov <a...@kernel.org>
Signed-off-by: Jakub Kicinski <jakub.kicin...@netronome.com>
Acked-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 kernel/bpf/verifier.c | 67 ++-
 1 file changed, 39 insertions(+), 28 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 261c90233dcd..769d2ec44802 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -186,6 +186,10 @@ struct verifier_stack_elem {
struct verifier_stack_elem *next;
 };
 
+struct bpf_insn_aux_data {
+   enum bpf_reg_type ptr_type; /* pointer type for load/store insns */
+};
+
 #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
 
 /* single container for all structs
@@ -200,6 +204,7 @@ struct verifier_env {
struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by 
eBPF program */
u32 used_map_cnt;   /* number of used maps */
bool allow_ptr_leaks;
+   struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */
 };
 
 /* verbose verifier prints what it's seeing
@@ -1784,7 +1789,7 @@ static int do_check(struct verifier_env *env)
return err;
 
} else if (class == BPF_LDX) {
-   enum bpf_reg_type src_reg_type;
+   enum bpf_reg_type *prev_src_type, src_reg_type;
 
/* check for reserved fields is already done */
 
@@ -1813,16 +1818,18 @@ static int do_check(struct verifier_env *env)
continue;
}
 
-   if (insn->imm == 0) {
+   prev_src_type = >insn_aux_data[insn_idx].ptr_type;
+
+   if (*prev_src_type == NOT_INIT) {
/* saw a valid insn
 * dst_reg = *(u32 *)(src_reg + off)
-* use reserved 'imm' field to mark this insn
+* save type to validate intersecting paths
 */
-   insn->imm = src_reg_type;
+   *prev_src_type = src_reg_type;
 
-   } else if (src_reg_type != insn->imm &&
+   } else if (src_reg_type != *prev_src_type &&
   (src_reg_type == PTR_TO_CTX ||
-   insn->imm == PTR_TO_CTX)) {
+   *prev_src_type == PTR_TO_CTX)) {
/* ABuser program is trying to use the same insn
 * dst_reg = *(u32*) (src_reg + off)
 * with different pointer types:
@@ -1835,7 +1842,7 @@ static int do_check(struct verifier_env *env)
}
 
} else if (class == BPF_STX) {
-   enum bpf_reg_type dst_reg_type;
+   enum bpf_reg_type *prev_dst_type, dst_reg_type;
 
if (BPF_MODE(insn->code) == BPF_XADD) {
err = check_xadd(env, insn);
@@ -1863,11 +1870,13 @@ static int do_check(struct verifier_env *env)
if (err)
return err;
 
-   if (insn->imm == 0) {
-   insn->imm = dst_reg_type;
-   } else if (dst_reg_type != insn->imm &&
+   prev_dst_type = >insn_aux_data[insn_idx].ptr_type;
+
+   if (*prev_dst_type == NOT_INIT) {
+   *prev_dst_type = dst_reg_type;
+   } else if (dst_reg_type != *prev_dst_type &&
   (dst_reg_type == PTR_TO_CTX ||
-   insn->imm == PTR_TO_CTX)) {
+   *prev_dst_type == PTR_TO_CTX)) {
verbose("same insn cannot be used with 
different pointers\n");
return -EINVAL;
}
@@ -2104,17 +2113,17 @@ static void convert_pseudo_ld_imm64(struct verifier_env 
*env)
 static int convert_ctx_accesses(struct verifier_env *env)
 {
struct bpf_insn *insn = env->prog->insn

[PATCH 4.4-stable 0/6] bpf: prevent out-of-bounds speculation

2018-01-12 Thread Jiri Slaby 
Hi,

this is a backport of these patches which I did for our kernels:
c237ee5eb33b bpf: add bpf_patch_insn_single helper
3df126f35f88 bpf: don't (ab)use instructions to store state
e245c5c6a565 bpf: move fixup_bpf_calls() function
79741b3bdec0 bpf: refactor fixup_bpf_calls()
8041902dae52 bpf: adjust insn_aux_data when patching insns
b2157399cc98 bpf: prevent out-of-bounds speculation

I offer it here for use in stable 4.4, if there is no better/simpler
backport available yet.

Alexei Starovoitov (4):
  bpf: move fixup_bpf_calls() function
  bpf: refactor fixup_bpf_calls()
  bpf: adjust insn_aux_data when patching insns
  bpf: prevent out-of-bounds speculation

Daniel Borkmann (1):
  bpf: add bpf_patch_insn_single helper

Jakub Kicinski (1):
  bpf: don't (ab)use instructions to store state

 include/linux/bpf.h|   2 +
 include/linux/filter.h |   3 +
 kernel/bpf/arraymap.c  |  24 --
 kernel/bpf/core.c  |  71 
 kernel/bpf/syscall.c   |  54 
 kernel/bpf/verifier.c  | 217 +++--
 6 files changed, 252 insertions(+), 119 deletions(-)

-- 
2.15.1

[PATCH 4.4-stable 1/6] bpf: add bpf_patch_insn_single helper

2018-01-12 Thread Jiri Slaby 
From: Daniel Borkmann <dan...@iogearbox.net>

commit c237ee5eb33bf19fe0591c04ff8db19da7323a83 upstream.

Move the functionality to patch instructions out of the verifier
code and into the core as the new bpf_patch_insn_single() helper
will be needed later on for blinding as well. No changes in
functionality.

Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Acked-by: Alexei Starovoitov <a...@kernel.org>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 include/linux/filter.h |  3 +++
 kernel/bpf/core.c  | 71 ++
 kernel/bpf/verifier.c  | 53 +++--
 3 files changed, 83 insertions(+), 44 deletions(-)

diff --git a/include/linux/filter.h b/include/linux/filter.h
index ccb98b459c59..677fa3b42194 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -466,6 +466,9 @@ u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
 void bpf_int_jit_compile(struct bpf_prog *fp);
 bool bpf_helper_changes_skb_data(void *func);
 
+struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
+  const struct bpf_insn *patch, u32 len);
+
 #ifdef CONFIG_BPF_JIT
 typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);
 
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 334b1bdd572c..3fd76cf0c21e 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -137,6 +137,77 @@ void __bpf_prog_free(struct bpf_prog *fp)
 }
 EXPORT_SYMBOL_GPL(__bpf_prog_free);
 
+static bool bpf_is_jmp_and_has_target(const struct bpf_insn *insn)
+{
+   return BPF_CLASS(insn->code) == BPF_JMP  &&
+  /* Call and Exit are both special jumps with no
+   * target inside the BPF instruction image.
+   */
+  BPF_OP(insn->code) != BPF_CALL &&
+  BPF_OP(insn->code) != BPF_EXIT;
+}
+
+static void bpf_adj_branches(struct bpf_prog *prog, u32 pos, u32 delta)
+{
+   struct bpf_insn *insn = prog->insnsi;
+   u32 i, insn_cnt = prog->len;
+
+   for (i = 0; i < insn_cnt; i++, insn++) {
+   if (!bpf_is_jmp_and_has_target(insn))
+   continue;
+
+   /* Adjust offset of jmps if we cross boundaries. */
+   if (i < pos && i + insn->off + 1 > pos)
+   insn->off += delta;
+   else if (i > pos + delta && i + insn->off + 1 <= pos + delta)
+   insn->off -= delta;
+   }
+}
+
+struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
+  const struct bpf_insn *patch, u32 len)
+{
+   u32 insn_adj_cnt, insn_rest, insn_delta = len - 1;
+   struct bpf_prog *prog_adj;
+
+   /* Since our patchlet doesn't expand the image, we're done. */
+   if (insn_delta == 0) {
+   memcpy(prog->insnsi + off, patch, sizeof(*patch));
+   return prog;
+   }
+
+   insn_adj_cnt = prog->len + insn_delta;
+
+   /* Several new instructions need to be inserted. Make room
+* for them. Likely, there's no need for a new allocation as
+* last page could have large enough tailroom.
+*/
+   prog_adj = bpf_prog_realloc(prog, bpf_prog_size(insn_adj_cnt),
+   GFP_USER);
+   if (!prog_adj)
+   return NULL;
+
+   prog_adj->len = insn_adj_cnt;
+
+   /* Patching happens in 3 steps:
+*
+* 1) Move over tail of insnsi from next instruction onwards,
+*so we can patch the single target insn with one or more
+*new ones (patching is always from 1 to n insns, n > 0).
+* 2) Inject new instructions at the target location.
+* 3) Adjust branch offsets if necessary.
+*/
+   insn_rest = insn_adj_cnt - off - len;
+
+   memmove(prog_adj->insnsi + off + len, prog_adj->insnsi + off + 1,
+   sizeof(*patch) * insn_rest);
+   memcpy(prog_adj->insnsi + off, patch, sizeof(*patch) * len);
+
+   bpf_adj_branches(prog_adj, off, insn_delta);
+
+   return prog_adj;
+}
+
 #ifdef CONFIG_BPF_JIT
 struct bpf_binary_header *
 bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index eb759f5008b8..261c90233dcd 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2098,26 +2098,6 @@ static void convert_pseudo_ld_imm64(struct verifier_env 
*env)
insn->src_reg = 0;
 }
 
-static void adjust_branches(struct bpf_prog *prog, int pos, int delta)
-{
-   struct bpf_insn *insn = prog->insnsi;
-   int insn_cnt = prog->len;
-   int i;
-
-   for (i = 0; i < insn_cnt; i++, insn++) {
-   if (BPF_CLASS(insn->code) != BPF_JMP |

[PATCH 4.4-stable 6/6] bpf: prevent out-of-bounds speculation

2018-01-12 Thread Jiri Slaby 
From: Alexei Starovoitov <a...@kernel.org>

commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 upstream.

Under speculation, CPUs may mis-predict branches in bounds checks. Thus,
memory accesses under a bounds check may be speculated even if the
bounds check fails, providing a primitive for building a side channel.

To avoid leaking kernel data round up array-based maps and mask the index
after bounds check, so speculated load with out of bounds index will load
either valid value from the array or zero from the padded area.

Unconditionally mask index for all array types even when max_entries
are not rounded to power of 2 for root user.
When map is created by unpriv user generate a sequence of bpf insns
that includes AND operation to make sure that JITed code includes
the same 'index & index_mask' operation.

If prog_array map is created by unpriv user replace
  bpf_tail_call(ctx, map, index);
with
  if (index >= max_entries) {
index &= map->index_mask;
bpf_tail_call(ctx, map, index);
  }
(along with roundup to power 2) to prevent out-of-bounds speculation.
There is secondary redundant 'if (index >= max_entries)' in the interpreter
and in all JITs, but they can be optimized later if necessary.

Other array-like maps (cpumap, devmap, sockmap, perf_event_array, cgroup_array)
cannot be used by unpriv, so no changes there.

That fixes bpf side of "Variant 1: bounds check bypass (CVE-2017-5753)" on
all architectures with and without JIT.

v2->v3:
Daniel noticed that attack potentially can be crafted via syscall commands
without loading the program, so add masking to those paths as well.

[js] backport -- no percpu arrays etc.; idx in check_call; map_ptr in struct
 bpf_insn_aux_data

Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: John Fastabend <john.fastab...@gmail.com>
Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 include/linux/bpf.h   |  2 ++
 kernel/bpf/arraymap.c | 24 +++-
 kernel/bpf/verifier.c | 46 ++
 3 files changed, 63 insertions(+), 9 deletions(-)

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 4f6d29c8e3d8..f2157159b26f 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -37,6 +37,7 @@ struct bpf_map {
u32 value_size;
u32 max_entries;
u32 pages;
+   bool unpriv_array;
struct user_struct *user;
const struct bpf_map_ops *ops;
struct work_struct work;
@@ -141,6 +142,7 @@ struct bpf_prog_aux {
 struct bpf_array {
struct bpf_map map;
u32 elem_size;
+   u32 index_mask;
/* 'ownership' of prog_array is claimed by the first program that
 * is going to use this map or by the first program which FD is stored
 * in the map to make sure that all callers and callees have the same
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index b0799bced518..56f8a8306a49 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -20,8 +20,9 @@
 /* Called from syscall */
 static struct bpf_map *array_map_alloc(union bpf_attr *attr)
 {
+   u32 elem_size, array_size, index_mask, max_entries;
+   bool unpriv = !capable(CAP_SYS_ADMIN);
struct bpf_array *array;
-   u32 elem_size, array_size;
 
/* check sanity of attributes */
if (attr->max_entries == 0 || attr->key_size != 4 ||
@@ -36,12 +37,21 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
 
elem_size = round_up(attr->value_size, 8);
 
+   max_entries = attr->max_entries;
+   index_mask = roundup_pow_of_two(max_entries) - 1;
+
+   if (unpriv)
+   /* round up array size to nearest power of 2,
+* since cpu will speculate within index_mask limits
+*/
+   max_entries = index_mask + 1;
+
/* check round_up into zero and u32 overflow */
if (elem_size == 0 ||
-   attr->max_entries > (U32_MAX - PAGE_SIZE - sizeof(*array)) / 
elem_size)
+   max_entries > (U32_MAX - PAGE_SIZE - sizeof(*array)) / elem_size)
return ERR_PTR(-ENOMEM);
 
-   array_size = sizeof(*array) + attr->max_entries * elem_size;
+   array_size = sizeof(*array) + max_entries * elem_size;
 
/* allocate all map elements and zero-initialize them */
array = kzalloc(array_size, GFP_USER | __GFP_NOWARN);
@@ -50,6 +60,8 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr)
if (!array)
return ERR_PTR(-ENOMEM);
}
+   array->index_mask = index_mask;
+   array->map.unpriv_array = unpriv;
 
/* copy mandatory map attributes */
array->map.key_size = attr->key_size;
@@ -70,7 +82,7 @@ static void *array_map_lookup_elem(struct bpf_map *map, void 
*key)
if (index >= array->

[PATCH 4.4-stable 5/6] bpf: adjust insn_aux_data when patching insns

2018-01-12 Thread Jiri Slaby 
From: Alexei Starovoitov <a...@fb.com>

commit 8041902dae5299c1f194ba42d14383f734631009 upstream.

convert_ctx_accesses() replaces single bpf instruction with a set of
instructions. Adjust corresponding insn_aux_data while patching.
It's needed to make sure subsequent 'for(all insn)' loops
have matching insn and insn_aux_data.

Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 kernel/bpf/verifier.c | 40 +---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 47bb3eee950c..bb4b5405d1a5 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2107,6 +2107,41 @@ static void convert_pseudo_ld_imm64(struct verifier_env 
*env)
insn->src_reg = 0;
 }
 
+/* single env->prog->insni[off] instruction was replaced with the range
+ * insni[off, off + cnt).  Adjust corresponding insn_aux_data by copying
+ * [0, off) and [off, end) to new locations, so the patched range stays zero
+ */
+static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len,
+   u32 off, u32 cnt)
+{
+   struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
+
+   if (cnt == 1)
+   return 0;
+   new_data = vzalloc(sizeof(struct bpf_insn_aux_data) * prog_len);
+   if (!new_data)
+   return -ENOMEM;
+   memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
+   memcpy(new_data + off + cnt - 1, old_data + off,
+  sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+   env->insn_aux_data = new_data;
+   vfree(old_data);
+   return 0;
+}
+
+static struct bpf_prog *bpf_patch_insn_data(struct verifier_env *env, u32 off,
+   const struct bpf_insn *patch, u32 
len)
+{
+   struct bpf_prog *new_prog;
+
+   new_prog = bpf_patch_insn_single(env->prog, off, patch, len);
+   if (!new_prog)
+   return NULL;
+   if (adjust_insn_aux_data(env, new_prog->len, off, len))
+   return NULL;
+   return new_prog;
+}
+
 /* convert load instructions that access fields of 'struct __sk_buff'
  * into sequence of instructions that access fields of 'struct sk_buff'
  */
@@ -2132,7 +2167,7 @@ static int convert_ctx_accesses(struct verifier_env *env)
else
continue;
 
-   if (env->insn_aux_data[i].ptr_type != PTR_TO_CTX)
+   if (env->insn_aux_data[i + delta].ptr_type != PTR_TO_CTX)
continue;
 
cnt = env->prog->aux->ops->
@@ -2143,8 +2178,7 @@ static int convert_ctx_accesses(struct verifier_env *env)
return -EINVAL;
}
 
-   new_prog = bpf_patch_insn_single(env->prog, i + delta, insn_buf,
-cnt);
+   new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
if (!new_prog)
return -ENOMEM;
 
-- 
2.15.1

[PATCH 4.4-stable 3/6] bpf: move fixup_bpf_calls() function

2018-01-12 Thread Jiri Slaby 
From: Alexei Starovoitov <a...@fb.com>

commit e245c5c6a5656e4d61aa7bb08e9694fd6e5b2b9d upstream.

no functional change.
move fixup_bpf_calls() to verifier.c
it's being refactored in the next patch

Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 kernel/bpf/syscall.c  | 54 --
 kernel/bpf/verifier.c | 55 +++
 2 files changed, 55 insertions(+), 54 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 4e32cc94edd9..424accd20c2d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -447,57 +447,6 @@ void bpf_register_prog_type(struct bpf_prog_type_list *tl)
list_add(>list_node, _prog_types);
 }
 
-/* fixup insn->imm field of bpf_call instructions:
- * if (insn->imm == BPF_FUNC_map_lookup_elem)
- *  insn->imm = bpf_map_lookup_elem - __bpf_call_base;
- * else if (insn->imm == BPF_FUNC_map_update_elem)
- *  insn->imm = bpf_map_update_elem - __bpf_call_base;
- * else ...
- *
- * this function is called after eBPF program passed verification
- */
-static void fixup_bpf_calls(struct bpf_prog *prog)
-{
-   const struct bpf_func_proto *fn;
-   int i;
-
-   for (i = 0; i < prog->len; i++) {
-   struct bpf_insn *insn = >insnsi[i];
-
-   if (insn->code == (BPF_JMP | BPF_CALL)) {
-   /* we reach here when program has bpf_call instructions
-* and it passed bpf_check(), means that
-* ops->get_func_proto must have been supplied, check it
-*/
-   BUG_ON(!prog->aux->ops->get_func_proto);
-
-   if (insn->imm == BPF_FUNC_get_route_realm)
-   prog->dst_needed = 1;
-   if (insn->imm == BPF_FUNC_get_prandom_u32)
-   bpf_user_rnd_init_once();
-   if (insn->imm == BPF_FUNC_tail_call) {
-   /* mark bpf_tail_call as different opcode
-* to avoid conditional branch in
-* interpeter for every normal call
-* and to prevent accidental JITing by
-* JIT compiler that doesn't support
-* bpf_tail_call yet
-*/
-   insn->imm = 0;
-   insn->code |= BPF_X;
-   continue;
-   }
-
-   fn = prog->aux->ops->get_func_proto(insn->imm);
-   /* all functions that have prototype and verifier 
allowed
-* programs to call them, must be real in-kernel 
functions
-*/
-   BUG_ON(!fn->func);
-   insn->imm = fn->func - __bpf_call_base;
-   }
-   }
-}
-
 /* drop refcnt on maps used by eBPF program and free auxilary data */
 static void free_used_maps(struct bpf_prog_aux *aux)
 {
@@ -680,9 +629,6 @@ static int bpf_prog_load(union bpf_attr *attr)
if (err < 0)
goto free_used_maps;
 
-   /* fixup BPF_CALL->imm field */
-   fixup_bpf_calls(prog);
-
/* eBPF program is ready to be JITed */
err = bpf_prog_select_runtime(prog);
if (err < 0)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 769d2ec44802..198737d36754 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2158,6 +2158,58 @@ static int convert_ctx_accesses(struct verifier_env *env)
return 0;
 }
 
+/* fixup insn->imm field of bpf_call instructions:
+ * if (insn->imm == BPF_FUNC_map_lookup_elem)
+ *  insn->imm = bpf_map_lookup_elem - __bpf_call_base;
+ * else if (insn->imm == BPF_FUNC_map_update_elem)
+ *  insn->imm = bpf_map_update_elem - __bpf_call_base;
+ * else ...
+ *
+ * this function is called after eBPF program passed verification
+ */
+static void fixup_bpf_calls(struct bpf_prog *prog)
+{
+   const struct bpf_func_proto *fn;
+   int i;
+
+   for (i = 0; i < prog->len; i++) {
+   struct bpf_insn *insn = >insnsi[i];
+
+   if (insn->code == (BPF_JMP | BPF_CALL)) {
+   /* we reach here when program has bpf_call instructions
+* and it passed bpf_check(), means that
+* ops->get_func_proto must have been supplied, check it
+*/
+   BUG_ON(!prog->aux->ops->get_func_proto);
+
+   if

[PATCH 4.4-stable 4/6] bpf: refactor fixup_bpf_calls()

2018-01-12 Thread Jiri Slaby 
From: Alexei Starovoitov <a...@fb.com>

commit 79741b3bdec01a8628368fbcfccc7d189ed606cb upstream.

reduce indent and make it iterate over instructions similar to
convert_ctx_accesses(). Also convert hard BUG_ON into soft verifier error.

Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 kernel/bpf/verifier.c | 72 +++
 1 file changed, 33 insertions(+), 39 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 198737d36754..47bb3eee950c 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2158,57 +2158,51 @@ static int convert_ctx_accesses(struct verifier_env 
*env)
return 0;
 }
 
-/* fixup insn->imm field of bpf_call instructions:
- * if (insn->imm == BPF_FUNC_map_lookup_elem)
- *  insn->imm = bpf_map_lookup_elem - __bpf_call_base;
- * else if (insn->imm == BPF_FUNC_map_update_elem)
- *  insn->imm = bpf_map_update_elem - __bpf_call_base;
- * else ...
+/* fixup insn->imm field of bpf_call instructions
  *
  * this function is called after eBPF program passed verification
  */
-static void fixup_bpf_calls(struct bpf_prog *prog)
+static int fixup_bpf_calls(struct verifier_env *env)
 {
+   struct bpf_prog *prog = env->prog;
+   struct bpf_insn *insn = prog->insnsi;
const struct bpf_func_proto *fn;
+   const int insn_cnt = prog->len;
int i;
 
-   for (i = 0; i < prog->len; i++) {
-   struct bpf_insn *insn = >insnsi[i];
+   for (i = 0; i < insn_cnt; i++, insn++) {
+   if (insn->code != (BPF_JMP | BPF_CALL))
+   continue;
 
-   if (insn->code == (BPF_JMP | BPF_CALL)) {
-   /* we reach here when program has bpf_call instructions
-* and it passed bpf_check(), means that
-* ops->get_func_proto must have been supplied, check it
+   if (insn->imm == BPF_FUNC_get_route_realm)
+   prog->dst_needed = 1;
+   if (insn->imm == BPF_FUNC_get_prandom_u32)
+   bpf_user_rnd_init_once();
+   if (insn->imm == BPF_FUNC_tail_call) {
+   /* mark bpf_tail_call as different opcode to avoid
+* conditional branch in the interpeter for every normal
+* call and to prevent accidental JITing by JIT compiler
+* that doesn't support bpf_tail_call yet
 */
-   BUG_ON(!prog->aux->ops->get_func_proto);
-
-   if (insn->imm == BPF_FUNC_get_route_realm)
-   prog->dst_needed = 1;
-   if (insn->imm == BPF_FUNC_get_prandom_u32)
-   bpf_user_rnd_init_once();
-   if (insn->imm == BPF_FUNC_tail_call) {
-   /* mark bpf_tail_call as different opcode
-* to avoid conditional branch in
-* interpeter for every normal call
-* and to prevent accidental JITing by
-* JIT compiler that doesn't support
-* bpf_tail_call yet
-*/
-   insn->imm = 0;
-   insn->code |= BPF_X;
-   continue;
-   }
+   insn->imm = 0;
+   insn->code |= BPF_X;
+   continue;
+   }
 
-   fn = prog->aux->ops->get_func_proto(insn->imm);
-   /* all functions that have prototype and verifier 
allowed
-* programs to call them, must be real in-kernel 
functions
-*/
-   BUG_ON(!fn->func);
-   insn->imm = fn->func - __bpf_call_base;
+   fn = prog->aux->ops->get_func_proto(insn->imm);
+   /* all functions that have prototype and verifier allowed
+* programs to call them, must be real in-kernel functions
+*/
+   if (!fn->func) {
+   verbose("kernel subsystem misconfigured func %d\n",
+   insn->imm);
+   return -EFAULT;
}
+   insn->imm = fn->func - __bpf_call_base;
}
-}
 
+   return 0;
+}
 
 static void free_states(struct verifier_env *env)
 {
@@ -2309,7 +2303,7 @@ skip_full_check:
ret = convert_ctx

[PATCH 1/1] l2tp: cleanup l2tp_tunnel_delete calls

2017-10-25 Thread Jiri Slaby 
l2tp_tunnel_delete does not return anything since commit 62b982eeb458
("l2tp: fix race condition in l2tp_tunnel_delete").  But call sites of
l2tp_tunnel_delete still do casts to void to avoid unused return value
warnings.

Kill these now useless casts.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Sabrina Dubroca <s...@queasysnail.net>
Cc: Guillaume Nault <g.na...@alphalink.fr>
Cc: David S. Miller <da...@davemloft.net>
Cc: netdev@vger.kernel.org
---
 net/l2tp/l2tp_core.c| 2 +-
 net/l2tp/l2tp_netlink.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 02d61101b108..af22aa8ae35b 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1891,7 +1891,7 @@ static __net_exit void l2tp_exit_net(struct net *net)
 
rcu_read_lock_bh();
list_for_each_entry_rcu(tunnel, >l2tp_tunnel_list, list) {
-   (void)l2tp_tunnel_delete(tunnel);
+   l2tp_tunnel_delete(tunnel);
}
rcu_read_unlock_bh();
 
diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
index 7135f4645d3a..c28223d8092b 100644
--- a/net/l2tp/l2tp_netlink.c
+++ b/net/l2tp/l2tp_netlink.c
@@ -282,7 +282,7 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, 
struct genl_info *info
l2tp_tunnel_notify(_nl_family, info,
   tunnel, L2TP_CMD_TUNNEL_DELETE);
 
-   (void) l2tp_tunnel_delete(tunnel);
+   l2tp_tunnel_delete(tunnel);
 
l2tp_tunnel_dec_refcount(tunnel);
 
-- 
2.14.3

Stable apply request [was: Bluetooth: bnep: fix possible might sleep error in bnep_session]

2017-08-23 Thread Jiri Slaby 
On 06/27/2017, 07:32 PM, Marcel Holtmann wrote:
>> It looks like bnep_session has same pattern as the issue reported in
>> old rfcomm:
>>
>>  while (1) {
>>  set_current_state(TASK_INTERRUPTIBLE);
>>  if (condition)
>>  break;
>>  // may call might_sleep here
>>  schedule();
>>  }
>>  __set_current_state(TASK_RUNNING);
>>
>> Which fixed at:
>>  dfb2fae Bluetooth: Fix nested sleeps
>>
>> So let's fix it at the same way, also follow the suggestion of:
>> https://lwn.net/Articles/628628/

...

> all 3 patches have been applied to bluetooth-next tree.

Hi,

given users are hitting it in at least 4.4 and 4.12, can we have all
three in all stables where this applies?

5da8e47d849d Bluetooth: hidp: fix possible might sleep error in
hidp_session_thread
f06d977309d0 Bluetooth: cmtp: fix possible might sleep error in cmtp_session
25717382c1dd Bluetooth: bnep: fix possible might sleep error in bnep_session

I am not sure: to stable directly or via net stable?

thanks,
-- 
js
suse labs

[UBSAN] iwlmvm's iwl_mvm_enable_txq accesses IEEE80211_INVAL_HW_QUEUE

2017-06-23 Thread Jiri Slaby 
Hi,

we have got an UBSAN report from opensuse's user who booten
UBSAN-enabled kernel by mistake:
UBSAN: Undefined behaviour in
drivers/net/wireless/intel/iwlwifi/mvm/utils.c:667:49
shift exponent 255 is too large for 64-bit type 'long unsigned int'
CPU: 2 PID: 1590 Comm: wpa_supplicant Not tainted 4.11.2-1-syzkaller #1
Hardware name: Dell Inc. Precision 5510/0N8J4R, BIOS 01.02.00 04/07/2016
Call Trace:
...
 iwl_mvm_enable_txq+0xc6d/0x1080 [iwlmvm]
 iwl_mvm_send_add_bcast_sta+0x275/0x850 [iwlmvm]
 iwl_mvm_add_bcast_sta+0x11b/0x280 [iwlmvm]
 iwl_mvm_mac_add_interface+0x51f/0x8b0 [iwlmvm]
 drv_add_interface+0x1a7/0x8c0 [mac80211]
 ieee80211_do_open+0xdff/0x2790 [mac80211]
 ieee80211_start_p2p_device+0xac/0xf0 [mac80211]
 nl80211_start_p2p_device+0x25d/0xab0 [cfg80211]
 genl_family_rcv_msg+0x835/0xf10
 genl_rcv_msg+0xd0/0x1c0
 netlink_rcv_skb+0x226/0x310
 genl_rcv+0x2d/0x40
 netlink_unicast+0x631/0x9d0
 netlink_sendmsg+0xa2e/0xf60
 sock_sendmsg+0xf7/0x180
 ___sys_sendmsg+0x777/0xa60
 __sys_sendmsg+0xd6/0x170
 SyS_sendmsg+0x32/0x50
 entry_SYSCALL_64_fastpath+0x23/0xc6



mac80211_queue is 255 which is IEEE80211_INVAL_HW_QUEUE, so it should
not be worked with at all.


The invalid queue is hopefully handled in ieee80211_check_queues after
drv_add_interface in ieee80211_do_open:

res = drv_add_interface(local, sdata);
if (res)
goto err_stop;
res = ieee80211_check_queues(sdata,
ieee80211_vif_type_p2p(>vif));


But the mvm driver still should not blindly shift 1 by 255 in
iwl_mvm_enable_txq. Should the check for the invalid queue be before
adding the interface in mac80211? Or should drivers check it in their
add_interface?

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-25 Thread Jiri Slaby 
On 04/24/2017, 08:24 PM, David Miller wrote:
> From: Jiri Slaby <jsl...@suse.cz>
> Date: Mon, 24 Apr 2017 19:51:54 +0200
> 
>> For example what's the point of making the sk_load_word_positive_offset
>> label a global, callable function? Note that this is exactly the reason
>> why this particular two hunks look weird to you even though the
>> annotations only mechanically paraphrase what is in the current code.
> 
> So that it can be referenced by the eBPF JIT, because these are
> helpers for eBPF JIT generated code.  Every architecture implementing
> an eBPF JIT has this "mess".

I completely understand the needs for this, but I am complaining about
the way it is written. That is not the best -- unbalanced annotations, C
macros in lowercase (apart from that, C macros in .S need semicolons &
backslashes), FUNC macro, etc.

> You can't even put a tracepoint or kprobe on these things and expect
> to see "arguments" or "return PC" values in the usual spots.  This
> code has special calling conventions and register usage as Alexei
> explained.

Yes, I can see that.

> I would suggest that you read and understand how this assembler is
> designed, how it is called from the generated JIT code, and what it's
> semantics and register usage are, before trying to annotating it.

Of course I studied the code. I only missed macro CHOOSE_LOAD_FUNC which
I see now. So that answers why sk_load_word_positive_offset & similar
are marked as .globl.


But the original question I asked still remains: why do you mind calling
them BPF_FUNC_START & *_END, given:

1) the functions are marked by "FUNC" already:
$ git grep FUNC linus/master arch/x86/net/bpf_jit.S
linus/master:arch/x86/net/bpf_jit.S:#define FUNC(name) \
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word_positive_offset)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half_positive_offset)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte_positive_offset)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word_negative_offset)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half_negative_offset)
linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte_negative_offset)

2) they _are_ all callable from within the JIT code:
EMIT1_off32(0xE8, jmp_offset);

Yes, I fucked up the ENDs. They should be on different locations. But
the pieces are still functions from my POV and should be annotated
accordingly.

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/24/2017, 06:47 PM, Alexei Starovoitov wrote:
> On Mon, Apr 24, 2017 at 06:02:51PM +0200, Jiri Slaby wrote:
>> On 04/24/2017, 05:55 PM, Ingo Molnar wrote:
>>> * Jiri Slaby <jsl...@suse.cz> wrote:
>>>
>>>> On 04/24/2017, 05:08 PM, David Miller wrote:
>>>>> If you align the entry points, then the code sequence as a whole is
>>>>> are no longer densely packed.
>>>>
>>>> Sure.
>>>>
>>>>> Or do I misunderstand how your macros work?
>>>>
>>>> Perhaps. So the suggested macros for the code are:
>>>> #define BPF_FUNC_START_LOCAL(name) \
>>>>SYM_START(name, SYM_V_LOCAL, SYM_A_NONE)
>>>> #define BPF_FUNC_START(name) \
>>>>SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE)
>>>>
>>>> and they differ from the standard ones:
>>>> #define SYM_FUNC_START_LOCAL(name)  \
>>>> SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN)
>>>> #define SYM_FUNC_START(name)\
>>>> SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN)
>>>>
>>>>
>>>> The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means:
>>>> #define SYM_A_ALIGN ALIGN
>>>> #define SYM_A_NONE  /* nothing */
>>>>
>>>> Does it look OK now?
>>>
>>> No, the patch changes alignment which is undesirable, it needs to preserve 
>>> the 
>>> existing (non-)alignment of the symbols!
>>
>> OK, so I am not expressing myself explicitly enough, it seems.
>>
>> So, correct, the patch v3 adds alignments. I suggested in the discussion
>> the macros above. They do not add alignments. If everybody is OK with
>> that, v4 of the patch won't add alignments. OK?
> 
> can we go back to what problem this patch set is trying to solve?
> Sounds like you want to add _function_ start/end marks to aid debugging?
> Debugging with what? What tool will recognize this stuff?

objtool will generate DWARF debuginfo between every ENTRY and ENDPROC
(dubbed differently at the end of the series). DWARF is understood by
everything, including the kernel proper (we have DWARF unwinder in
SUSE's kernels available for decades).

> Take a look at what your patch does:
> +ENTRY(sk_load_word)
> test%esi,%esi
> js  bpf_slow_path_word_neg
> +ENDPROC(sk_load_word)
> 
> Does above two assembler instructions look like a function?

Yes, you are right, the code is complete mess.

For example what's the point of making the sk_load_word_positive_offset
label a global, callable function? Note that this is exactly the reason
why this particular two hunks look weird to you even though the
annotations only mechanically paraphrase what is in the current code.

> or this:
> +ENTRY(sk_load_byte_positive_offset)
> cmp %esi,%r9d   /* if (offset >= hlen) goto bpf_slow_path_byte */
> jle bpf_slow_path_byte
> movzbl  (SKBDATA,%rsi),%eax
> ret
> +ENDPROC(sk_load_byte_positive_offset)
> 
> This assembler code doesn't represent functions. There is no prologue/epilogue
> and no stack frame. JITed code uses 'call' insn to jump into them, but they're
> not your typical C functions.

I am not looking for C functions everywhere in assembly, actually. (In
the ideal assembly, I would and in most cases I really am.) But you are
right the annotations of the current code aren't right. It results in my
annotations being wrong too -- based on invalid assumptions.

> Take a look at bpf_slow_path_common() macro that creates the frame before
> calling into C code with 'call skb_copy_bits;'
> 
> I still think that this code should be left alone.
> Even macro names you're proposing:
>  #define BPF_FUNC_START_LOCAL
> don't sound right. These are not functions.

Well, what is the reason to call them FUNC in the current code then?

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/24/2017, 05:55 PM, Ingo Molnar wrote:
> * Jiri Slaby <jsl...@suse.cz> wrote:
> 
>> On 04/24/2017, 05:08 PM, David Miller wrote:
>>> If you align the entry points, then the code sequence as a whole is
>>> are no longer densely packed.
>>
>> Sure.
>>
>>> Or do I misunderstand how your macros work?
>>
>> Perhaps. So the suggested macros for the code are:
>> #define BPF_FUNC_START_LOCAL(name) \
>>  SYM_START(name, SYM_V_LOCAL, SYM_A_NONE)
>> #define BPF_FUNC_START(name) \
>>  SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE)
>>
>> and they differ from the standard ones:
>> #define SYM_FUNC_START_LOCAL(name)  \
>> SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN)
>> #define SYM_FUNC_START(name)\
>> SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN)
>>
>>
>> The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means:
>> #define SYM_A_ALIGN ALIGN
>> #define SYM_A_NONE  /* nothing */
>>
>> Does it look OK now?
> 
> No, the patch changes alignment which is undesirable, it needs to preserve 
> the 
> existing (non-)alignment of the symbols!

OK, so I am not expressing myself explicitly enough, it seems.

So, correct, the patch v3 adds alignments. I suggested in the discussion
the macros above. They do not add alignments. If everybody is OK with
that, v4 of the patch won't add alignments. OK?

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/24/2017, 05:51 PM, David Miller wrote:
> I said I'm not OK with the alignment

So in short, the suggested macros add no alignment.

-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/24/2017, 05:08 PM, David Miller wrote:
> If you align the entry points, then the code sequence as a whole is
> are no longer densely packed.

Sure.

> Or do I misunderstand how your macros work?

Perhaps. So the suggested macros for the code are:
#define BPF_FUNC_START_LOCAL(name) \
SYM_START(name, SYM_V_LOCAL, SYM_A_NONE)
#define BPF_FUNC_START(name) \
SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE)

and they differ from the standard ones:
#define SYM_FUNC_START_LOCAL(name)  \
SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN)
#define SYM_FUNC_START(name)\
SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN)


The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means:
#define SYM_A_ALIGN ALIGN
#define SYM_A_NONE  /* nothing */

Does it look OK now?

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/24/2017, 04:41 PM, David Miller wrote:
>> It cannot stay as-is simply because we want to know where the functions
>> end to inject debuginfo properly. The code above does not warrant for
>> any exception.
> 
> I totally and completely disagree.

You can disagree as you wish but there is really nothing special on the
bpf code with respect to annotations.

>> Executing a nop takes a little and having externally-callable functions
>> aligned can actually help performance (no, I haven't measured nor tested
>> the code). But sure, the tool is generic, so I can introduce a local
>> macros to avoid alignments in the functions:
> 
> Not for this case, it's a bunch of entry points all packed together
> intentionally so that SKB accesses of different access sizes (which is
> almost always the case) from BPF programs use the smallest amount of
> I-cache as possible.

And for that reason I suggested the special macros for the code (see the
macros in the e-mail you replied to again). So what problem do you
actually have with the suggested solution?

thanks,
-- 
js
suse labs

Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-24 Thread Jiri Slaby 
On 04/21/2017, 09:32 PM, Alexei Starovoitov wrote:
> On Fri, Apr 21, 2017 at 04:12:43PM +0200, Jiri Slaby wrote:
>> Do not use a custom macro FUNC for starts of the global functions, use
>> ENTRY instead.
>>
>> And while at it, annotate also ends of the functions by ENDPROC.
>>
>> Signed-off-by: Jiri Slaby <jsl...@suse.cz>
>> Cc: "David S. Miller" <da...@davemloft.net>
>> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
>> Cc: James Morris <jmor...@namei.org>
>> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org>
>> Cc: Patrick McHardy <ka...@trash.net>
>> Cc: Thomas Gleixner <t...@linutronix.de>
>> Cc: Ingo Molnar <mi...@redhat.com>
>> Cc: "H. Peter Anvin" <h...@zytor.com>
>> Cc: x...@kernel.org
>> Cc: netdev@vger.kernel.org
>> ---
>>  arch/x86/net/bpf_jit.S | 32 ++--
>>  1 file changed, 18 insertions(+), 14 deletions(-)
>>
>> diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
>> index f2a7faf4706e..762c29fb8832 100644
>> --- a/arch/x86/net/bpf_jit.S
>> +++ b/arch/x86/net/bpf_jit.S
>> @@ -23,16 +23,12 @@
>>  32 /* space for rbx,r13,r14,r15 */ + \
>>  8 /* space for skb_copy_bits */)
>>  
>> -#define FUNC(name) \
>> -.globl name; \
>> -.type name, @function; \
>> -name:
>> -
>> -FUNC(sk_load_word)
>> +ENTRY(sk_load_word)
>>  test%esi,%esi
>>  js  bpf_slow_path_word_neg
>> +ENDPROC(sk_load_word)
> 
> this doens't look right.
> It will add alignment nops in critical paths of these pseudo functions.
> I'm also not sure whether it will still work afterwards.
> Was it tested?
> I'd prefer if this code kept as-is.

It cannot stay as-is simply because we want to know where the functions
end to inject debuginfo properly. The code above does not warrant for
any exception.

Executing a nop takes a little and having externally-callable functions
aligned can actually help performance (no, I haven't measured nor tested
the code). But sure, the tool is generic, so I can introduce a local
macros to avoid alignments in the functions:

#define BPF_FUNC_START_LOCAL(name) \
SYM_START(name, SYM_V_LOCAL, SYM_A_NONE)
#define BPF_FUNC_START(name) \
SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE)

#define BPF_FUNC_END(name) SYM_FUNC_END(name)

thanks,
-- 
js
suse labs

[PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC

2017-04-21 Thread Jiri Slaby 
Do not use a custom macro FUNC for starts of the global functions, use
ENTRY instead.

And while at it, annotate also ends of the functions by ENDPROC.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
Cc: James Morris <jmor...@namei.org>
Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org>
Cc: Patrick McHardy <ka...@trash.net>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: x...@kernel.org
Cc: netdev@vger.kernel.org
---
 arch/x86/net/bpf_jit.S | 32 ++--
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
index f2a7faf4706e..762c29fb8832 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
@@ -23,16 +23,12 @@
32 /* space for rbx,r13,r14,r15 */ + \
8 /* space for skb_copy_bits */)
 
-#define FUNC(name) \
-   .globl name; \
-   .type name, @function; \
-   name:
-
-FUNC(sk_load_word)
+ENTRY(sk_load_word)
test%esi,%esi
js  bpf_slow_path_word_neg
+ENDPROC(sk_load_word)
 
-FUNC(sk_load_word_positive_offset)
+ENTRY(sk_load_word_positive_offset)
mov %r9d,%eax   # hlen
sub %esi,%eax   # hlen - offset
cmp $3,%eax
@@ -40,12 +36,14 @@ FUNC(sk_load_word_positive_offset)
mov (SKBDATA,%rsi),%eax
bswap   %eax/* ntohl() */
ret
+ENDPROC(sk_load_word_positive_offset)
 
-FUNC(sk_load_half)
+ENTRY(sk_load_half)
test%esi,%esi
js  bpf_slow_path_half_neg
+ENDPROC(sk_load_half)
 
-FUNC(sk_load_half_positive_offset)
+ENTRY(sk_load_half_positive_offset)
mov %r9d,%eax
sub %esi,%eax   #   hlen - offset
cmp $1,%eax
@@ -53,16 +51,19 @@ FUNC(sk_load_half_positive_offset)
movzwl  (SKBDATA,%rsi),%eax
rol $8,%ax  # ntohs()
ret
+ENDPROC(sk_load_half_positive_offset)
 
-FUNC(sk_load_byte)
+ENTRY(sk_load_byte)
test%esi,%esi
js  bpf_slow_path_byte_neg
+ENDPROC(sk_load_byte)
 
-FUNC(sk_load_byte_positive_offset)
+ENTRY(sk_load_byte_positive_offset)
cmp %esi,%r9d   /* if (offset >= hlen) goto bpf_slow_path_byte */
jle bpf_slow_path_byte
movzbl  (SKBDATA,%rsi),%eax
ret
+ENDPROC(sk_load_byte_positive_offset)
 
 /* rsi contains offset and can be scratched */
 #define bpf_slow_path_common(LEN)  \
@@ -119,31 +120,34 @@ bpf_slow_path_word_neg:
cmp SKF_MAX_NEG_OFF, %esi   /* test range */
jl  bpf_error   /* offset lower -> error  */
 
-FUNC(sk_load_word_negative_offset)
+ENTRY(sk_load_word_negative_offset)
sk_negative_common(4)
mov (%rax), %eax
bswap   %eax
ret
+ENDPROC(sk_load_word_negative_offset)
 
 bpf_slow_path_half_neg:
cmp SKF_MAX_NEG_OFF, %esi
jl  bpf_error
 
-FUNC(sk_load_half_negative_offset)
+ENTRY(sk_load_half_negative_offset)
sk_negative_common(2)
mov (%rax),%ax
rol $8,%ax
movzwl  %ax,%eax
ret
+ENDPROC(sk_load_half_negative_offset)
 
 bpf_slow_path_byte_neg:
cmp SKF_MAX_NEG_OFF, %esi
jl  bpf_error
 
-FUNC(sk_load_byte_negative_offset)
+ENTRY(sk_load_byte_negative_offset)
sk_negative_common(1)
movzbl  (%rax), %eax
ret
+ENDPROC(sk_load_byte_negative_offset)
 
 bpf_error:
 # force a return 0 from jit handler
-- 
2.12.2

[PATCH v3 26/29] x86_64: assembly, change all ENTRY to SYM_FUNC_START

2017-04-21 Thread Jiri Slaby 
These are all functions which are invoked from elsewhere, so we annotate
them as global using the new SYM_FUNC_START (and their ENDPROC's by
SYM_FUNC_END.)

And make sure ENTRY/ENDPROC is not defined on X86_64.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: x...@kernel.org
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: "Rafael J. Wysocki" <r...@rjwysocki.net>
Cc: Len Brown <len.br...@intel.com>
Cc: Pavel Machek <pa...@ucw.cz>
Cc: Bill Metzenthen <bi...@melbpc.org.au>
Cc: Matt Fleming <m...@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Juergen Gross <jgr...@suse.com>
Cc: linux-cry...@vger.kernel.org
Cc: linux...@vger.kernel.org
Cc: linux-...@vger.kernel.org
Cc: xen-de...@lists.xenproject.org
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
Cc: James Morris <jmor...@namei.org>
Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org>
Cc: Patrick McHardy <ka...@trash.net>
Cc: netdev@vger.kernel.org
---
 arch/x86/boot/compressed/efi_thunk_64.S|  4 +-
 arch/x86/boot/compressed/head_64.S | 20 
 arch/x86/boot/copy.S   | 16 +++---
 arch/x86/boot/pmjump.S |  4 +-
 arch/x86/crypto/aes-i586-asm_32.S  |  8 +--
 arch/x86/crypto/aes-x86_64-asm_64.S|  4 +-
 arch/x86/crypto/aes_ctrby8_avx-x86_64.S| 12 ++---
 arch/x86/crypto/aesni-intel_asm.S  | 44 
 arch/x86/crypto/aesni-intel_avx-x86_64.S   | 24 -
 arch/x86/crypto/blowfish-x86_64-asm_64.S   | 16 +++---
 arch/x86/crypto/camellia-aesni-avx-asm_64.S| 24 -
 arch/x86/crypto/camellia-aesni-avx2-asm_64.S   | 24 -
 arch/x86/crypto/camellia-x86_64-asm_64.S   | 16 +++---
 arch/x86/crypto/cast5-avx-x86_64-asm_64.S  | 16 +++---
 arch/x86/crypto/cast6-avx-x86_64-asm_64.S  | 24 -
 arch/x86/crypto/chacha20-avx2-x86_64.S |  4 +-
 arch/x86/crypto/chacha20-ssse3-x86_64.S|  8 +--
 arch/x86/crypto/crc32-pclmul_asm.S |  4 +-
 arch/x86/crypto/crc32c-pcl-intel-asm_64.S  |  4 +-
 arch/x86/crypto/crct10dif-pcl-asm_64.S |  4 +-
 arch/x86/crypto/des3_ede-asm_64.S  |  8 +--
 arch/x86/crypto/ghash-clmulni-intel_asm.S  |  8 +--
 arch/x86/crypto/poly1305-avx2-x86_64.S |  4 +-
 arch/x86/crypto/poly1305-sse2-x86_64.S |  8 +--
 arch/x86/crypto/salsa20-x86_64-asm_64.S| 12 ++---
 arch/x86/crypto/serpent-avx-x86_64-asm_64.S| 24 -
 arch/x86/crypto/serpent-avx2-asm_64.S  | 24 -
 arch/x86/crypto/serpent-sse2-x86_64-asm_64.S   |  8 +--
 arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S   |  8 +--
 arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S  |  4 +-
 arch/x86/crypto/sha1-mb/sha1_x8_avx2.S |  4 +-
 arch/x86/crypto/sha1_avx2_x86_64_asm.S |  4 +-
 arch/x86/crypto/sha1_ni_asm.S  |  4 +-
 arch/x86/crypto/sha1_ssse3_asm.S   |  4 +-
 arch/x86/crypto/sha256-avx-asm.S   |  4 +-
 arch/x86/crypto/sha256-avx2-asm.S  |  4 +-
 .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S|  8 +--
 .../crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S   |  4 +-
 arch/x86/crypto/sha256-mb/sha256_x8_avx2.S |  4 +-
 arch/x86/crypto/sha256-ssse3-asm.S |  4 +-
 arch/x86/crypto/sha256_ni_asm.S|  4 +-
 arch/x86/crypto/sha512-avx-asm.S   |  4 +-
 arch/x86/crypto/sha512-avx2-asm.S  |  4 +-
 .../crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S|  8 +--
 .../crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S   |  4 +-
 arch/x86/crypto/sha512-mb/sha512_x4_avx2.S |  4 +-
 arch/x86/crypto/sha512-ssse3-asm.S |  4 +-
 arch/x86/crypto/twofish-avx-x86_64-asm_64.S| 24 -
 arch/x86/crypto/twofish-x86_64-asm_64-3way.S   |  8 +--
 arch/x86/crypto/twofish-x86_64-asm_64.S|  8 +--
 arch/x86/entry/entry_64.S  | 58 +++---
 arch/x86/entry/entry_64_compat.S   | 16 +++---
 arch/x86/kernel/acpi/wakeup_64.S   |  8 +--
 arch/x86/kernel/ftrace_64.S| 24 -
 arch/x86/kernel/head_64.S  | 16 +++---
 arch/x86/lib/checksum_32.S |  8 +--
 arch/x86/lib/clear_page_64.S   | 12 ++---
 arch/x86/lib/cmpxchg16b_emu.S  |  4 +-
 arch/x86/lib/cmpxchg8b_emu.S

Re: [PATCH] mac80211: Use setup_timer instead of init_timer

2017-03-06 Thread Jiri Slaby 
On 03/06/2017, 01:25 PM, Johannes Berg wrote:
> On Fri, 2017-03-03 at 13:45 +0100, Jiri Slaby wrote:
>> From: Ondřej Lysoněk <ondrej.lyso...@seznam.cz>
>>
>> Use setup_timer() and setup_deferrable_timer() to set the data and
>> function timer fields. It makes the code cleaner and will allow for
>> easier change of the timer struct internals.
> 
> Btw, I suspect you generated this with coccinelle and didn't put enough
> "..." there, because you missed one in mesh_path_new() :)

Not really. This is one of assignments for students I lead, so this is
done by hand every end of winter semester (Note the From line.)

> Care to send a patch for that one too?

I am just a forwarder, he received this request too, so you can try to
persuade him :).

thanks,
-- 
js
suse labs

[PATCH] mac80211: Use setup_timer instead of init_timer

2017-03-03 Thread Jiri Slaby 
From: Ondřej Lysoněk <ondrej.lyso...@seznam.cz>

Use setup_timer() and setup_deferrable_timer() to set the data and
function timer fields. It makes the code cleaner and will allow for
easier change of the timer struct internals.

Signed-off-by: Ondřej Lysoněk <ondrej.lyso...@seznam.cz>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Johannes Berg <johan...@sipsolutions.net>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: <linux-wirel...@vger.kernel.org>
Cc: <netdev@vger.kernel.org>
---
 net/mac80211/agg-rx.c | 12 ++--
 net/mac80211/agg-tx.c | 12 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 4456559cb056..1b7a4daf283c 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -357,14 +357,14 @@ void __ieee80211_start_rx_ba_session(struct sta_info *sta,
spin_lock_init(_agg_rx->reorder_lock);
 
/* rx timer */
-   tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
-   tid_agg_rx->session_timer.data = (unsigned long)>timer_to_tid[tid];
-   init_timer_deferrable(_agg_rx->session_timer);
+   setup_deferrable_timer(_agg_rx->session_timer,
+  sta_rx_agg_session_timer_expired,
+  (unsigned long)>timer_to_tid[tid]);
 
/* rx reorder timer */
-   tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
-   tid_agg_rx->reorder_timer.data = (unsigned long)>timer_to_tid[tid];
-   init_timer(_agg_rx->reorder_timer);
+   setup_timer(_agg_rx->reorder_timer,
+   sta_rx_agg_reorder_timer_expired,
+   (unsigned long)>timer_to_tid[tid]);
 
/* prepare reordering buffer */
tid_agg_rx->reorder_buf =
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 45319cc01121..60e2a62f7bef 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -670,14 +670,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta 
*pubsta, u16 tid,
tid_tx->timeout = timeout;
 
/* response timer */
-   tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired;
-   tid_tx->addba_resp_timer.data = (unsigned long)>timer_to_tid[tid];
-   init_timer(_tx->addba_resp_timer);
+   setup_timer(_tx->addba_resp_timer,
+   sta_addba_resp_timer_expired,
+   (unsigned long)>timer_to_tid[tid]);
 
/* tx timer */
-   tid_tx->session_timer.function = sta_tx_agg_session_timer_expired;
-   tid_tx->session_timer.data = (unsigned long)>timer_to_tid[tid];
-   init_timer_deferrable(_tx->session_timer);
+   setup_deferrable_timer(_tx->session_timer,
+  sta_tx_agg_session_timer_expired,
+  (unsigned long)>timer_to_tid[tid]);
 
/* assign a dialog token */
sta->ampdu_mlme.dialog_token_allocator++;
-- 
2.12.0

[PATCH] atm: idt77252, use setup_timer and mod_timer

2017-02-15 Thread Jiri Slaby 
From: Jan Koniarik <jan.konia...@trustica.cz>

Stop accessing timer struct members directly and use setup_timer and
mod_timer helpers intended for that use. It makes the code cleaner and
will allow for easier change of the timer struct internals.

Signed-off-by: Jan Koniarik <jan.konia...@trustica.cz>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Chas Williams <3ch...@gmail.com>
Cc: <linux-atm-gene...@lists.sourceforge.net>
Cc: <netdev@vger.kernel.org>
---
 drivers/atm/idt77252.c | 12 +++-
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
index 471ddfd93ea8..5ec109533bb9 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -2132,12 +2132,8 @@ idt77252_init_est(struct vc_map *vc, int pcr)
 
est->interval = 2;  /* XXX: make this configurable */
est->ewma_log = 2;  /* XXX: make this configurable */
-   init_timer(>timer);
-   est->timer.data = (unsigned long)vc;
-   est->timer.function = idt77252_est_timer;
-
-   est->timer.expires = jiffies + ((HZ / 4) << est->interval);
-   add_timer(>timer);
+   setup_timer(>timer, idt77252_est_timer, (unsigned long)vc);
+   mod_timer(>timer, jiffies + ((HZ / 4) << est->interval));
 
return est;
 }
@@ -3638,9 +3634,7 @@ static int idt77252_init_one(struct pci_dev *pcidev,
spin_lock_init(>cmd_lock);
spin_lock_init(>tst_lock);
 
-   init_timer(>tst_timer);
-   card->tst_timer.data = (unsigned long)card;
-   card->tst_timer.function = tst_timer;
+   setup_timer(>tst_timer, tst_timer, (unsigned long)card);
 
/* Do the I/O remapping... */
card->membase = ioremap(membase, 1024);
-- 
2.11.1

[PATCH 3.12 093/127] net: sctp, forbid negative length

2016-11-25 Thread Jiri Slaby 
3.12-stable review patch.  If anyone has any objections, please let me know.

===

[ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ]

Most of getsockopt handlers in net/sctp/socket.c check len against
sizeof some structure like:
if (len < sizeof(int))
return -EINVAL;

On the first look, the check seems to be correct. But since len is int
and sizeof returns size_t, int gets promoted to unsigned size_t too. So
the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is
false.

Fix this in sctp by explicitly checking len < 0 before any getsockopt
handler is called.

Note that sctp_getsockopt_events already handled the negative case.
Since we added the < 0 check elsewhere, this one can be removed.

If not checked, this is the result:
UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19
shift exponent 52 is too large for 32-bit type 'int'
CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
  88006d99f2a8 b2f7bdea 41b58ab3
 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270
   0034 b5096422
Call Trace:
 [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300
...
 [] ? kmalloc_order+0x24/0x90
 [] ? kmalloc_order_trace+0x24/0x220
 [] ? __kmalloc+0x330/0x540
 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp]
 [] ? sctp_getsockopt+0x10d/0x1b0 [sctp]
 [] ? sock_common_getsockopt+0xb9/0x150
 [] ? SyS_getsockopt+0x1a5/0x270

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Vlad Yasevich <vyasev...@gmail.com>
Cc: Neil Horman <nhor...@tuxdriver.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: linux-s...@vger.kernel.org
Cc: netdev@vger.kernel.org
Acked-by: Neil Horman <nhor...@tuxdriver.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 net/sctp/socket.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index ead3a8adca08..98cd6606f4a4 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4247,7 +4247,7 @@ static int sctp_getsockopt_disable_fragments(struct sock 
*sk, int len,
 static int sctp_getsockopt_events(struct sock *sk, int len, char __user 
*optval,
  int __user *optlen)
 {
-   if (len <= 0)
+   if (len == 0)
return -EINVAL;
if (len > sizeof(struct sctp_event_subscribe))
len = sizeof(struct sctp_event_subscribe);
@@ -5758,6 +5758,9 @@ static int sctp_getsockopt(struct sock *sk, int level, 
int optname,
if (get_user(len, optlen))
return -EFAULT;
 
+   if (len < 0)
+   return -EINVAL;
+
sctp_lock_sock(sk);
 
switch (optname) {
-- 
2.10.2

[patch added to 3.12-stable] net: sctp, forbid negative length

2016-11-24 Thread Jiri Slaby 
This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===

[ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ]

Most of getsockopt handlers in net/sctp/socket.c check len against
sizeof some structure like:
if (len < sizeof(int))
return -EINVAL;

On the first look, the check seems to be correct. But since len is int
and sizeof returns size_t, int gets promoted to unsigned size_t too. So
the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is
false.

Fix this in sctp by explicitly checking len < 0 before any getsockopt
handler is called.

Note that sctp_getsockopt_events already handled the negative case.
Since we added the < 0 check elsewhere, this one can be removed.

If not checked, this is the result:
UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19
shift exponent 52 is too large for 32-bit type 'int'
CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
  88006d99f2a8 b2f7bdea 41b58ab3
 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270
   0034 b5096422
Call Trace:
 [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300
...
 [] ? kmalloc_order+0x24/0x90
 [] ? kmalloc_order_trace+0x24/0x220
 [] ? __kmalloc+0x330/0x540
 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp]
 [] ? sctp_getsockopt+0x10d/0x1b0 [sctp]
 [] ? sock_common_getsockopt+0xb9/0x150
 [] ? SyS_getsockopt+0x1a5/0x270

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Vlad Yasevich <vyasev...@gmail.com>
Cc: Neil Horman <nhor...@tuxdriver.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: linux-s...@vger.kernel.org
Cc: netdev@vger.kernel.org
Acked-by: Neil Horman <nhor...@tuxdriver.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 net/sctp/socket.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index ead3a8adca08..98cd6606f4a4 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4247,7 +4247,7 @@ static int sctp_getsockopt_disable_fragments(struct sock 
*sk, int len,
 static int sctp_getsockopt_events(struct sock *sk, int len, char __user 
*optval,
  int __user *optlen)
 {
-   if (len <= 0)
+   if (len == 0)
return -EINVAL;
if (len > sizeof(struct sctp_event_subscribe))
len = sizeof(struct sctp_event_subscribe);
@@ -5758,6 +5758,9 @@ static int sctp_getsockopt(struct sock *sk, int level, 
int optname,
if (get_user(len, optlen))
return -EFAULT;
 
+   if (len < 0)
+   return -EINVAL;
+
sctp_lock_sock(sk);
 
switch (optname) {
-- 
2.10.2

Re: UDP does not autobind on recv

2016-10-24 Thread Jiri Slaby 
On 10/24/2016, 03:03 PM, Eric Dumazet wrote:
> On Mon, 2016-10-24 at 14:54 +0200, Jiri Slaby wrote:
>> Hello,
>>
>> as per man 7 udp:
>>   In order to receive packets, the socket can be bound to
>>   a local  address first  by using bind(2).  Otherwise,
>>   the socket layer will automatically assign a free local
>>   port out of the range defined by /proc/sys/net/ipv4
>>   /ip_local_port_range and bind the socket to INADDR_ANY.
>>
>> I did not know that bind is unneeded, so I tried that. But it does not
>> work with this piece of code:
>> int main()
>> {
>> char buf[128];
>> int fd = socket(AF_INET, SOCK_DGRAM, 0);
>> recv(fd, buf, sizeof(buf), 0);
>> }
> 
> autobind makes little sense at recv() time really.
> 
> How an application could expect to receive a frame to 'some socket'
> without even knowing its port ?

For example
struct sockaddr_storage sa;
socklen_t slen = sizeof(sa);
recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
getsockname(fd, (struct sockaddr *), );
recv(fd, buf, sizeof(buf), 0);
works.

> How useful would that be exactly ?

No need for finding a free port and checking, for example.

> How TCP behaves ?

TCP is a completely different story. bind is documented to be required
there. (And listen and accept.)

> I would say, fix the documentation if it is not correct.

I don't have a problem with either. I have only found, that the
implementation differs from the documentation :). Is there some
supervisor documentation (like POSIX) which should we be in conformance to?

thanks,
-- 
js
suse labs

UDP does not autobind on recv

2016-10-24 Thread Jiri Slaby 
Hello,

as per man 7 udp:
  In order to receive packets, the socket can be bound to
  a local  address first  by using bind(2).  Otherwise,
  the socket layer will automatically assign a free local
  port out of the range defined by /proc/sys/net/ipv4
  /ip_local_port_range and bind the socket to INADDR_ANY.

I did not know that bind is unneeded, so I tried that. But it does not
work with this piece of code:
int main()
{
char buf[128];
int fd = socket(AF_INET, SOCK_DGRAM, 0);
recv(fd, buf, sizeof(buf), 0);
}

The recv above never returns (even if I bomb all ports from the range).
ss -ulpan is silent too. As a workaround, I can stick a dummy write/send
before recv:
write(fd, "", 0);

And it starts working. ss suddenly displays a port which the program
listens on.

I think the UDP recv path should do inet_autobind as I have done in the
attached patch. But my knowledge is very limited in that area, so I have
no idea whether that is correct at all.

thanks,
-- 
js
suse labs
>From 57c320998feb2e1e705a4ab6d3bbcb74c6ae65f0 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jsl...@suse.cz>
Date: Sat, 22 Oct 2016 12:10:53 +0200
Subject: [PATCH] net: autobind UDP on recv

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 include/net/inet_common.h | 1 +
 net/ipv4/af_inet.c| 3 ++-
 net/ipv4/udp.c| 5 +
 net/ipv6/udp.c| 5 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/include/net/inet_common.h b/include/net/inet_common.h
index 5d683428fced..ba224ed3dd36 100644
--- a/include/net/inet_common.h
+++ b/include/net/inet_common.h
@@ -27,6 +27,7 @@ ssize_t inet_sendpage(struct socket *sock, struct page *page, int offset,
 int inet_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
 		 int flags);
 int inet_shutdown(struct socket *sock, int how);
+int inet_autobind(struct sock *sk);
 int inet_listen(struct socket *sock, int backlog);
 void inet_sock_destruct(struct sock *sk);
 int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len);
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 9648c97e541f..d23acb11cdb0 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -171,7 +171,7 @@ EXPORT_SYMBOL(inet_sock_destruct);
  *	Automatically bind an unbound socket.
  */
 
-static int inet_autobind(struct sock *sk)
+int inet_autobind(struct sock *sk)
 {
 	struct inet_sock *inet;
 	/* We may need to bind the socket. */
@@ -187,6 +187,7 @@ static int inet_autobind(struct sock *sk)
 	release_sock(sk);
 	return 0;
 }
+EXPORT_SYMBOL_GPL(inet_autobind);
 
 /*
  *	Move a socket into listening state.
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 82fb78265f4b..ceb07c83af17 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1360,6 +1360,11 @@ int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock,
 	if (flags & MSG_ERRQUEUE)
 		return ip_recv_error(sk, msg, len, addr_len);
 
+	/* We may need to bind the socket. */
+	if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind &&
+	inet_autobind(sk))
+		return -EAGAIN;
+
 try_again:
 	peeking = off = sk_peek_offset(sk, flags);
 	skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0),
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 71963b23d5a5..1c3dafc3d91e 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -341,6 +341,11 @@ int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 	if (np->rxpmtu && np->rxopt.bits.rxpmtu)
 		return ipv6_recv_rxpmtu(sk, msg, len, addr_len);
 
+	/* We may need to bind the socket. */
+	if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind &&
+	inet_autobind(sk))
+		return -EAGAIN;
+
 try_again:
 	peeking = off = sk_peek_offset(sk, flags);
 	skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0),
-- 
2.10.1

[PATCH] net: sctp, forbid negative length

2016-10-21 Thread Jiri Slaby 
Most of getsockopt handlers in net/sctp/socket.c check len against
sizeof some structure like:
if (len < sizeof(int))
return -EINVAL;

On the first look, the check seems to be correct. But since len is int
and sizeof returns size_t, int gets promoted to unsigned size_t too. So
the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is
false.

Fix this in sctp by explicitly checking len < 0 before any getsockopt
handler is called.

Note that sctp_getsockopt_events already handled the negative case.
Since we added the < 0 check elsewhere, this one can be removed.

If not checked, this is the result:
UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19
shift exponent 52 is too large for 32-bit type 'int'
CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014
  88006d99f2a8 b2f7bdea 41b58ab3
 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270
   0034 b5096422
Call Trace:
 [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300
...
 [] ? kmalloc_order+0x24/0x90
 [] ? kmalloc_order_trace+0x24/0x220
 [] ? __kmalloc+0x330/0x540
 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp]
 [] ? sctp_getsockopt+0x10d/0x1b0 [sctp]
 [] ? sock_common_getsockopt+0xb9/0x150
 [] ? SyS_getsockopt+0x1a5/0x270

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Vlad Yasevich <vyasev...@gmail.com>
Cc: Neil Horman <nhor...@tuxdriver.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: linux-s...@vger.kernel.org
Cc: netdev@vger.kernel.org
---
 net/sctp/socket.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index fb02c7033307..9fbb6feb8c27 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4687,7 +4687,7 @@ static int sctp_getsockopt_disable_fragments(struct sock 
*sk, int len,
 static int sctp_getsockopt_events(struct sock *sk, int len, char __user 
*optval,
  int __user *optlen)
 {
-   if (len <= 0)
+   if (len == 0)
return -EINVAL;
if (len > sizeof(struct sctp_event_subscribe))
len = sizeof(struct sctp_event_subscribe);
@@ -6430,6 +6430,9 @@ static int sctp_getsockopt(struct sock *sk, int level, 
int optname,
if (get_user(len, optlen))
return -EFAULT;
 
+   if (len < 0)
+   return -EINVAL;
+
lock_sock(sk);
 
switch (optname) {
-- 
2.10.1

[PATCH] p54: memset(0) whole array

2016-10-14 Thread Jiri Slaby 
gcc 7 complains:
drivers/net/wireless/intersil/p54/fwio.c: In function 'p54_scan':
drivers/net/wireless/intersil/p54/fwio.c:491:4: warning: 'memset' used with 
length equal to number of elements without multiplication by element size 
[-Wmemset-elt-size]

Fix that by passing the correct size to memset.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Christian Lamparter <chunk...@googlemail.com>
Cc: Kalle Valo <kv...@codeaurora.org>
Cc: linux-wirel...@vger.kernel.org
Cc: netdev@vger.kernel.org
---
 drivers/net/wireless/intersil/p54/fwio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intersil/p54/fwio.c 
b/drivers/net/wireless/intersil/p54/fwio.c
index 257a9eadd595..4ac6764f4897 100644
--- a/drivers/net/wireless/intersil/p54/fwio.c
+++ b/drivers/net/wireless/intersil/p54/fwio.c
@@ -488,7 +488,7 @@ int p54_scan(struct p54_common *priv, u16 mode, u16 dwell)
 
entry += sizeof(__le16);
chan->pa_points_per_curve = 8;
-   memset(chan->curve_data, 0, sizeof(*chan->curve_data));
+   memset(chan->curve_data, 0, sizeof(chan->curve_data));
memcpy(chan->curve_data, entry,
   sizeof(struct p54_pa_curve_data_sample) *
   min((u8)8, curve_data->points_per_channel));
-- 
2.10.1

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-09-13 Thread Jiri Slaby 
On 09/13/2016, 05:35 PM, Tejun Heo wrote:
> Hello,
> 
> On Sat, Sep 10, 2016 at 11:33:48AM +0200, Dmitry Vyukov wrote:
>> Hit the WARNING with the patch. It showed "Showing busy workqueues and
>> worker pools:" after the WARNING, but then no queue info. Was it
>> already destroyed and removed from the list?...
> 
> Hmm...  It either means that the work item which was in flight when
> WARN_ON() ran finished by the time the debug printout got to it or
> that it's something unrelated to busy work items.
> 
>> [ 198.113838] WARNING: CPU: 2 PID: 26691 at kernel/workqueue.c:4042
>> destroy_workqueue+0x17b/0x630
> 
> I don't seem to have the same source code that you have.  Which exact
> WARN_ON() is this?

I assume Dmitry sees the same what I am still seeing, so I reported this
some time ago:
https://lkml.org/lkml/2016/3/21/492

This warning is trigerred there and still occurs with "HEAD":
  (pwq != wq->dfl_pwq) && (pwq->refcnt > 1)
and the state dump is in the log empty too:
destroy_workqueue: name='hci0' pwq=88006b5c8f00
wq->dfl_pwq=88006b5c9b00 pwq->refcnt=2 pwq->nr_active=0 delayed_works:
  pwq 13:
 cpus=2-3 node=1 flags=0x4 nice=-20 active=0/1
in-flight: 2669:wq_barrier_func

thanks,
-- 
js
suse labs

[PATCH] kcm: fix /proc memory leak

2016-06-20 Thread Jiri Slaby 
Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by
kmemleak:
unreferenced object 0x88059c0e3458 (size 192):
  comm "cat", pid 1401, jiffies 4294935742 (age 310.720s)
  hex dump (first 32 bytes):
28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00  (Eq.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  backtrace:
[] kmem_cache_alloc_trace+0x16e/0x230
[] seq_open+0x79/0x1d0
[] kcm_seq_open+0x0/0x30 [kcm]
[] seq_open+0x79/0x1d0
[] __seq_open_private+0x2f/0xa0
[] seq_open_net+0x38/0xa0
...

It is caused by a missing free in the ->release path. So fix it by
providing seq_release_net as the ->release method.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Fixes: cd6e111bf5 (kcm: Add statistics and proc interfaces)
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Tom Herbert <t...@herbertland.com>
Cc: netdev@vger.kernel.org
---
 net/kcm/kcmproc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/kcm/kcmproc.c b/net/kcm/kcmproc.c
index 738008726cc6..fda7f4715c58 100644
--- a/net/kcm/kcmproc.c
+++ b/net/kcm/kcmproc.c
@@ -241,6 +241,7 @@ static const struct file_operations kcm_seq_fops = {
.open   = kcm_seq_open,
.read   = seq_read,
.llseek = seq_lseek,
+   .release= seq_release_net,
 };
 
 static struct kcm_seq_muxinfo kcm_seq_muxinfo = {
-- 
2.9.0

[PATCH 3.12 30/76] cpuset: Fix potential deadlock w/ set_mems_allowed

2016-05-19 Thread Jiri Slaby 
From: John Stultz <john.stu...@linaro.org>

3.12-stable review patch.  If anyone has any objections, please let me know.

===

commit db751fe3ea6880ff5ac5abe60cb7b80deb5a4140 upstream.

After adding lockdep support to seqlock/seqcount structures,
I started seeing the following warning:

[1.070907] ==
[1.072015] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
[1.073181] 3.11.0+ #67 Not tainted
[1.073801] --
[1.074882] kworker/u4:2/708 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[1.076088]  (>mems_allowed_seq){+.+...}, at: [] 
new_slab+0x5f/0x280
[1.077572]
[1.077572] and this task is already holding:
[1.078593]  (&(>__queue_lock)->rlock){..-...}, at: [] 
blk_execute_rq_nowait+0x53/0xf0
[1.080042] which would create a new lock dependency:
[1.080042]  (&(>__queue_lock)->rlock){..-...} -> 
(>mems_allowed_seq){+.+...}
[1.080042]
[1.080042] but this new dependency connects a SOFTIRQ-irq-safe lock:
[1.080042]  (&(>__queue_lock)->rlock){..-...}
[1.080042] ... which became SOFTIRQ-irq-safe at:
[1.080042]   [] __lock_acquire+0x5b9/0x1db0
[1.080042]   [] lock_acquire+0x95/0x130
[1.080042]   [] _raw_spin_lock+0x41/0x80
[1.080042]   [] scsi_device_unbusy+0x7e/0xd0
[1.080042]   [] scsi_finish_command+0x32/0xf0
[1.080042]   [] scsi_softirq_done+0xa1/0x130
[1.080042]   [] blk_done_softirq+0x73/0x90
[1.080042]   [] __do_softirq+0x110/0x2f0
[1.080042]   [] run_ksoftirqd+0x2d/0x60
[1.080042]   [] smpboot_thread_fn+0x156/0x1e0
[1.080042]   [] kthread+0xd6/0xe0
[1.080042]   [] ret_from_fork+0x7c/0xb0
[1.080042]
[1.080042] to a SOFTIRQ-irq-unsafe lock:
[1.080042]  (>mems_allowed_seq){+.+...}
[1.080042] ... which became SOFTIRQ-irq-unsafe at:
[1.080042] ...  [] __lock_acquire+0x613/0x1db0
[1.080042]   [] lock_acquire+0x95/0x130
[1.080042]   [] kthreadd+0x82/0x180
[1.080042]   [] ret_from_fork+0x7c/0xb0
[1.080042]
[1.080042] other info that might help us debug this:
[1.080042]
[1.080042]  Possible interrupt unsafe locking scenario:
[1.080042]
[1.080042]CPU0CPU1
[1.080042]
[1.080042]   lock(>mems_allowed_seq);
[1.080042]local_irq_disable();
[1.080042]lock(&(>__queue_lock)->rlock);
[1.080042]lock(>mems_allowed_seq);
[1.080042]   
[1.080042] lock(&(>__queue_lock)->rlock);
[1.080042]
[1.080042]  *** DEADLOCK ***

The issue stems from the kthreadd() function calling set_mems_allowed
with irqs enabled. While its possibly unlikely for the actual deadlock
to trigger, a fix is fairly simple: disable irqs before taking the
mems_allowed_seq lock.

Signed-off-by: John Stultz <john.stu...@linaro.org>
Signed-off-by: Peter Zijlstra <pet...@infradead.org>
Acked-by: Li Zefan <lize...@huawei.com>
Cc: Mathieu Desnoyers <mathieu.desnoy...@efficios.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: netdev@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1381186321-4906-4-git-send-email-john.stu...@linaro.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 include/linux/cpuset.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/linux/cpuset.h b/include/linux/cpuset.h
index a7ebb89ae9fb..ade2390ffe92 100644
--- a/include/linux/cpuset.h
+++ b/include/linux/cpuset.h
@@ -132,10 +132,14 @@ static inline bool read_mems_allowed_retry(unsigned int 
seq)
 
 static inline void set_mems_allowed(nodemask_t nodemask)
 {
+   unsigned long flags;
+
task_lock(current);
+   local_irq_save(flags);
write_seqcount_begin(>mems_allowed_seq);
current->mems_allowed = nodemask;
write_seqcount_end(>mems_allowed_seq);
+   local_irq_restore(flags);
task_unlock(current);
 }
 
-- 
2.8.2

[PATCH 3.12 70/76] VSOCK: do not disconnect socket when peer has shutdown SEND only

2016-05-19 Thread Jiri Slaby 
From: Ian Campbell <ian.campb...@docker.com>

3.12-stable review patch.  If anyone has any objections, please let me know.

===

[ Upstream commit dedc58e067d8c379a15a8a183c5db318201295bb ]

The peer may be expecting a reply having sent a request and then done a
shutdown(SHUT_WR), so tearing down the whole socket at this point seems
wrong and breaks for me with a client which does a SHUT_WR.

Looking at other socket family's stream_recvmsg callbacks doing a shutdown
here does not seem to be the norm and removing it does not seem to have
had any adverse effects that I can see.

I'm using Stefan's RFC virtio transport patches, I'm unsure of the impact
on the vmci transport.

Signed-off-by: Ian Campbell <ian.campb...@docker.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Stefan Hajnoczi <stefa...@redhat.com>
Cc: Claudio Imbrenda <imbre...@linux.vnet.ibm.com>
Cc: Andy King <ack...@vmware.com>
Cc: Dmitry Torokhov <d...@vmware.com>
Cc: Jorgen Hansen <jhan...@vmware.com>
Cc: Adit Ranadive <ad...@vmware.com>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 net/vmw_vsock/af_vsock.c | 21 +
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 85d232bed87d..e8d3313ea2c9 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1796,27 +1796,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
else if (sk->sk_shutdown & RCV_SHUTDOWN)
err = 0;
 
-   if (copied > 0) {
-   /* We only do these additional bookkeeping/notification steps
-* if we actually copied something out of the queue pair
-* instead of just peeking ahead.
-*/
-
-   if (!(flags & MSG_PEEK)) {
-   /* If the other side has shutdown for sending and there
-* is nothing more to read, then modify the socket
-* state.
-*/
-   if (vsk->peer_shutdown & SEND_SHUTDOWN) {
-   if (vsock_stream_has_data(vsk) <= 0) {
-   sk->sk_state = SS_UNCONNECTED;
-   sock_set_flag(sk, SOCK_DONE);
-   sk->sk_state_change(sk);
-   }
-   }
-   }
+   if (copied > 0)
err = copied;
-   }
 
 out_wait:
finish_wait(sk_sleep(sk), );
-- 
2.8.2

[patch added to 3.12-stable] VSOCK: do not disconnect socket when peer has shutdown SEND only

2016-05-18 Thread Jiri Slaby 
From: Ian Campbell <ian.campb...@docker.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===

[ Upstream commit dedc58e067d8c379a15a8a183c5db318201295bb ]

The peer may be expecting a reply having sent a request and then done a
shutdown(SHUT_WR), so tearing down the whole socket at this point seems
wrong and breaks for me with a client which does a SHUT_WR.

Looking at other socket family's stream_recvmsg callbacks doing a shutdown
here does not seem to be the norm and removing it does not seem to have
had any adverse effects that I can see.

I'm using Stefan's RFC virtio transport patches, I'm unsure of the impact
on the vmci transport.

Signed-off-by: Ian Campbell <ian.campb...@docker.com>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: Stefan Hajnoczi <stefa...@redhat.com>
Cc: Claudio Imbrenda <imbre...@linux.vnet.ibm.com>
Cc: Andy King <ack...@vmware.com>
Cc: Dmitry Torokhov <d...@vmware.com>
Cc: Jorgen Hansen <jhan...@vmware.com>
Cc: Adit Ranadive <ad...@vmware.com>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 net/vmw_vsock/af_vsock.c | 21 +
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 85d232bed87d..e8d3313ea2c9 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1796,27 +1796,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
else if (sk->sk_shutdown & RCV_SHUTDOWN)
err = 0;
 
-   if (copied > 0) {
-   /* We only do these additional bookkeeping/notification steps
-* if we actually copied something out of the queue pair
-* instead of just peeking ahead.
-*/
-
-   if (!(flags & MSG_PEEK)) {
-   /* If the other side has shutdown for sending and there
-* is nothing more to read, then modify the socket
-* state.
-*/
-   if (vsk->peer_shutdown & SEND_SHUTDOWN) {
-   if (vsock_stream_has_data(vsk) <= 0) {
-   sk->sk_state = SS_UNCONNECTED;
-   sock_set_flag(sk, SOCK_DONE);
-   sk->sk_state_change(sk);
-   }
-   }
-   }
+   if (copied > 0)
err = copied;
-   }
 
 out_wait:
finish_wait(sk_sleep(sk), );
-- 
2.8.2

[PATCH 2/7] net: ircomm, cleanup TIOCGSERIAL

2016-05-09 Thread Jiri Slaby 
In ircomm_tty_get_serial_info, struct serial_struct is memset to 0 and
then some members set to 0 explicitly.

Remove the latter as it is obviously superfluous.

And remove the retinfo check against NULL. copy_to_user will take care
of that.

Part of hub6 cleanup series.

Signed-off-by: Jiri Slaby <jsl...@suse.cz>
Cc: Samuel Ortiz <sam...@sortiz.org>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: netdev@vger.kernel.org
---
 net/irda/ircomm/ircomm_tty_ioctl.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/net/irda/ircomm/ircomm_tty_ioctl.c 
b/net/irda/ircomm/ircomm_tty_ioctl.c
index 17c49bf26313..0985588c9dec 100644
--- a/net/irda/ircomm/ircomm_tty_ioctl.c
+++ b/net/irda/ircomm/ircomm_tty_ioctl.c
@@ -246,9 +246,6 @@ static int ircomm_tty_get_serial_info(struct ircomm_tty_cb 
*self,
 {
struct serial_struct info;
 
-   if (!retinfo)
-   return -EFAULT;
-
memset(, 0, sizeof(info));
info.line = self->line;
info.flags = self->port.flags;
@@ -258,11 +255,6 @@ static int ircomm_tty_get_serial_info(struct ircomm_tty_cb 
*self,
 
/* For compatibility  */
info.type = PORT_16550A;
-   info.port = 0;
-   info.irq = 0;
-   info.xmit_fifo_size = 0;
-   info.hub6 = 0;
-   info.custom_divisor = 0;
 
if (copy_to_user(retinfo, , sizeof(*retinfo)))
return -EFAULT;
-- 
2.8.2

[patch added to 3.12-stable] cpuset: Fix potential deadlock w/ set_mems_allowed

2016-05-03 Thread Jiri Slaby 
From: John Stultz <john.stu...@linaro.org>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===

commit db751fe3ea6880ff5ac5abe60cb7b80deb5a4140 upstream.

After adding lockdep support to seqlock/seqcount structures,
I started seeing the following warning:

[1.070907] ==
[1.072015] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
[1.073181] 3.11.0+ #67 Not tainted
[1.073801] --
[1.074882] kworker/u4:2/708 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[1.076088]  (>mems_allowed_seq){+.+...}, at: [] 
new_slab+0x5f/0x280
[1.077572]
[1.077572] and this task is already holding:
[1.078593]  (&(>__queue_lock)->rlock){..-...}, at: [] 
blk_execute_rq_nowait+0x53/0xf0
[1.080042] which would create a new lock dependency:
[1.080042]  (&(>__queue_lock)->rlock){..-...} -> 
(>mems_allowed_seq){+.+...}
[1.080042]
[1.080042] but this new dependency connects a SOFTIRQ-irq-safe lock:
[1.080042]  (&(>__queue_lock)->rlock){..-...}
[1.080042] ... which became SOFTIRQ-irq-safe at:
[1.080042]   [] __lock_acquire+0x5b9/0x1db0
[1.080042]   [] lock_acquire+0x95/0x130
[1.080042]   [] _raw_spin_lock+0x41/0x80
[1.080042]   [] scsi_device_unbusy+0x7e/0xd0
[1.080042]   [] scsi_finish_command+0x32/0xf0
[1.080042]   [] scsi_softirq_done+0xa1/0x130
[1.080042]   [] blk_done_softirq+0x73/0x90
[1.080042]   [] __do_softirq+0x110/0x2f0
[1.080042]   [] run_ksoftirqd+0x2d/0x60
[1.080042]   [] smpboot_thread_fn+0x156/0x1e0
[1.080042]   [] kthread+0xd6/0xe0
[1.080042]   [] ret_from_fork+0x7c/0xb0
[1.080042]
[1.080042] to a SOFTIRQ-irq-unsafe lock:
[1.080042]  (>mems_allowed_seq){+.+...}
[1.080042] ... which became SOFTIRQ-irq-unsafe at:
[1.080042] ...  [] __lock_acquire+0x613/0x1db0
[1.080042]   [] lock_acquire+0x95/0x130
[1.080042]   [] kthreadd+0x82/0x180
[1.080042]   [] ret_from_fork+0x7c/0xb0
[1.080042]
[1.080042] other info that might help us debug this:
[1.080042]
[1.080042]  Possible interrupt unsafe locking scenario:
[1.080042]
[1.080042]CPU0CPU1
[1.080042]
[1.080042]   lock(>mems_allowed_seq);
[1.080042]local_irq_disable();
[1.080042]lock(&(>__queue_lock)->rlock);
[1.080042]lock(>mems_allowed_seq);
[1.080042]   
[1.080042] lock(&(>__queue_lock)->rlock);
[1.080042]
[1.080042]  *** DEADLOCK ***

The issue stems from the kthreadd() function calling set_mems_allowed
with irqs enabled. While its possibly unlikely for the actual deadlock
to trigger, a fix is fairly simple: disable irqs before taking the
mems_allowed_seq lock.

Signed-off-by: John Stultz <john.stu...@linaro.org>
Signed-off-by: Peter Zijlstra <pet...@infradead.org>
Acked-by: Li Zefan <lize...@huawei.com>
Cc: Mathieu Desnoyers <mathieu.desnoy...@efficios.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: "David S. Miller" <da...@davemloft.net>
Cc: netdev@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1381186321-4906-4-git-send-email-john.stu...@linaro.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 include/linux/cpuset.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/linux/cpuset.h b/include/linux/cpuset.h
index a7ebb89ae9fb..ade2390ffe92 100644
--- a/include/linux/cpuset.h
+++ b/include/linux/cpuset.h
@@ -132,10 +132,14 @@ static inline bool read_mems_allowed_retry(unsigned int 
seq)
 
 static inline void set_mems_allowed(nodemask_t nodemask)
 {
+   unsigned long flags;
+
task_lock(current);
+   local_irq_save(flags);
write_seqcount_begin(>mems_allowed_seq);
current->mems_allowed = nodemask;
write_seqcount_end(>mems_allowed_seq);
+   local_irq_restore(flags);
task_unlock(current);
 }
 
-- 
2.8.2

Re: [PATCH net] tun, bpf: fix suspicious RCU usage in tun_{attach,detach}_filter

2016-03-31 Thread Jiri Slaby 
On 03/31/2016, 02:13 AM, Daniel Borkmann wrote:
> Sasha Levin reported a suspicious rcu_dereference_protected() warning
> found while fuzzing with trinity that is similar to this one:
> 
>   [   52.765684] net/core/filter.c:2262 suspicious 
> rcu_dereference_protected() usage!
>   [   52.765688] other info that might help us debug this:
>   [   52.765695] rcu_scheduler_active = 1, debug_locks = 1
>   [   52.765701] 1 lock held by a.out/1525:
>   [   52.765704]  #0:  (rtnl_mutex){+.+.+.}, at: [] 
> rtnl_lock+0x17/0x20
>   [   52.765721] stack backtrace:
>   [   52.765728] CPU: 1 PID: 1525 Comm: a.out Not tainted 4.5.0+ #264
>   [...]
>   [   52.765768] Call Trace:
>   [   52.765775]  [] dump_stack+0x85/0xc8
>   [   52.765784]  [] lockdep_rcu_suspicious+0xd5/0x110
>   [   52.765792]  [] sk_detach_filter+0x82/0x90
>   [   52.765801]  [] tun_detach_filter+0x35/0x90 [tun]
>   [   52.765810]  [] __tun_chr_ioctl+0x354/0x1130 [tun]
>   [   52.765818]  [] ? selinux_file_ioctl+0x130/0x210
>   [   52.765827]  [] tun_chr_ioctl+0x13/0x20 [tun]
>   [   52.765834]  [] do_vfs_ioctl+0x96/0x690
>   [   52.765843]  [] ? security_file_ioctl+0x43/0x60
>   [   52.765850]  [] SyS_ioctl+0x79/0x90
>   [   52.765858]  [] do_syscall_64+0x62/0x140
>   [   52.765866]  [] entry_SYSCALL64_slow_path+0x25/0x25
> 
> Same can be triggered with PROVE_RCU (+ PROVE_RCU_REPEATEDLY) enabled
> from tun_attach_filter() when user space calls ioctl(tun_fd, TUN{ATTACH,
> DETACH}FILTER, ...) for adding/removing a BPF filter on tap devices.
> 
> Since the fix in f91ff5b9ff52 ("net: sk_{detach|attach}_filter() rcu
> fixes") sk_attach_filter()/sk_detach_filter() now dereferences the
> filter with rcu_dereference_protected(), checking whether socket lock
> is held in control path.
> 
> Since its introduction in 994051625981 ("tun: socket filter support"),
> tap filters are managed under RTNL lock from __tun_chr_ioctl(). Thus the
> sock_owned_by_user(sk) doesn't apply in this specific case and therefore
> triggers the false positive.
> 
> Extend the BPF API with __sk_attach_filter()/__sk_detach_filter() pair
> that is used by tap filters and pass in lockdep_rtnl_is_held() for the
> rcu_dereference_protected() checks instead.

It seems to be gone with this patch here.

thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-03-22 Thread Jiri Slaby 
On 03/21/2016, 04:58 PM, Jiri Slaby wrote:
> Hello,
> 
> On 03/18/2016, 09:52 PM, Tejun Heo wrote:
>> On Thu, Mar 17, 2016 at 01:00:13PM +0100, Jiri Slaby wrote:
>>>>> I have not done that yet, but today, I see:
>>>>> destroy_workqueue: name='req_hci0' pwq=88002f590300
>>>>> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works:
>>>>>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1
>>>>>  in-flight: 18568:wq_barrier_func
>>>>
>>>> So, this means that there's flush_work() racing against workqueue
>>>> destruction, which can't be safe. :(
>>>
>>> But I cannot trigger the WARN_ONs in the attached patch, so I am
>>> confused how this can happen :(. (While I am still seeing the destroy
>>> WARNINGs.)
>>
>> So, no operations should be in progress when destroy_workqueue() is
>> called.  If somebody was flushing a work item, the flush call must
>> have returned before destroy_workqueue() was invoked, which doesn't
>> seem to be the case here.  Can you trigger BUG_ON() or sysrq-t when
>> the above triggers?  There must be a task which is flushing a work
>> item there and it shouldn't be difficult to pinpoint what's going on
>> from it.
> 
> The output of sysrq-t is here (> 200k), but I cannot see anything
> suspicious in it:
> http://www.fi.muni.cz/~xslaby/sklad/panics/jctl.txt

Hmm, so I seem I cannot reproduce with this hunk:
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -3139,10 +3139,10 @@ void hci_unregister_dev(struct hci_dev *hdev)
list_del(>list);
write_unlock(_dev_list_lock);

-   hci_dev_do_close(hdev);
-
cancel_work_sync(>power_on);

+   hci_dev_do_close(hdev);
+
if (!test_bit(HCI_INIT, >flags) &&
!hci_dev_test_flag(hdev, HCI_SETUP) &&
!hci_dev_test_flag(hdev, HCI_CONFIG)) {



I cannot explain why though. I do not see how it matters in this
particular case...

Dmitry, could you apply it too? But I don't know how often you see the
warning.

PS. next on the table is the gsm tty warning.

thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-03-21 Thread Jiri Slaby 
Hello,

On 03/18/2016, 09:52 PM, Tejun Heo wrote:
> On Thu, Mar 17, 2016 at 01:00:13PM +0100, Jiri Slaby wrote:
>>>> I have not done that yet, but today, I see:
>>>> destroy_workqueue: name='req_hci0' pwq=88002f590300
>>>> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works:
>>>>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1
>>>>  in-flight: 18568:wq_barrier_func
>>>
>>> So, this means that there's flush_work() racing against workqueue
>>> destruction, which can't be safe. :(
>>
>> But I cannot trigger the WARN_ONs in the attached patch, so I am
>> confused how this can happen :(. (While I am still seeing the destroy
>> WARNINGs.)
> 
> So, no operations should be in progress when destroy_workqueue() is
> called.  If somebody was flushing a work item, the flush call must
> have returned before destroy_workqueue() was invoked, which doesn't
> seem to be the case here.  Can you trigger BUG_ON() or sysrq-t when
> the above triggers?  There must be a task which is flushing a work
> item there and it shouldn't be difficult to pinpoint what's going on
> from it.

The output of sysrq-t is here (> 200k), but I cannot see anything
suspicious in it:
http://www.fi.muni.cz/~xslaby/sklad/panics/jctl.txt

This is what the code does now:
+   if ((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) {
+   pr_info("%s: name='%s' pwq=%p wq->dfl_pwq=%p
pwq->refcnt=%d pwq->nr_active=%d delayed_works:",
+   __func__, wq->name, pwq,
wq->dfl_pwq,
+   pwq->refcnt, pwq->nr_active);
+
+   show_pwq(pwq);
+
+   mutex_unlock(>mutex);
+   show_state();
+   show_workqueue_state();
+   WARN_ON(1);
+   return;
+   }

thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-03-19 Thread Jiri Slaby 
Hello,

On 03/11/2016, 06:12 PM, Tejun Heo wrote:
> On Thu, Mar 03, 2016 at 10:12:01AM +0100, Jiri Slaby wrote:
>> On 03/02/2016, 04:45 PM, Tejun Heo wrote:
>>> On Fri, Feb 19, 2016 at 01:10:00PM +0100, Jiri Slaby wrote:
>>>>> 1. didn't help, the problem persists. So I haven't applied the patch from 
>>>>> 2.
>>>>
>>>> FWIW I dumped more info about the wq:
>>>> wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200
>>>> pwq->refcnt=2 pwq->nr_active=0 delayed_works: 
>>>
>>> Can you please print out the same info for all pwq's during shutdown?
>>> It looks like we're leaking pwq refcnt but I can't spot a place where
>>> that could happen on an empty pwq.
>>
>> I have not done that yet, but today, I see:
>> destroy_workqueue: name='req_hci0' pwq=88002f590300
>> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works:
>>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1
>>  in-flight: 18568:wq_barrier_func
> 
> So, this means that there's flush_work() racing against workqueue
> destruction, which can't be safe. :(

But I cannot trigger the WARN_ONs in the attached patch, so I am
confused how this can happen :(. (While I am still seeing the destroy
WARNINGs.)

BTW. what did you mean by dumping the states at shutdown? Is it still
relevant?

thanks,
-- 
js
suse labs
---
 include/linux/workqueue.h|1 +
 include/net/bluetooth/hci_core.h |5 +
 kernel/reboot.c  |1 +
 kernel/workqueue.c   |   34 +++---
 net/bluetooth/hci_core.c |   39 +++
 5 files changed, 73 insertions(+), 7 deletions(-)

--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -312,6 +312,7 @@ enum {
 	__WQ_DRAINING		= 1 << 16, /* internal: workqueue is draining */
 	__WQ_ORDERED		= 1 << 17, /* internal: workqueue is ordered */
 	__WQ_LEGACY		= 1 << 18, /* internal: create*_workqueue() */
+	__WQ_DESTROYING		= 1 << 19,
 
 	WQ_MAX_ACTIVE		= 512,	  /* I like 512, better ideas? */
 	WQ_MAX_UNBOUND_PER_CPU	= 4,	  /* 4 * #cpus for unbound wq */
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -312,6 +312,11 @@ struct hci_dev {
 
 	struct workqueue_struct	*workqueue;
 	struct workqueue_struct	*req_workqueue;
+#define HCI_WQ_A	0
+#define HCI_WQ_D	1
+#define HCI_WQR_A	8
+#define HCI_WQR_D	9
+	unsigned long		wq_status;
 
 	struct work_struct	power_on;
 	struct delayed_work	power_off;
--- a/kernel/reboot.c
+++ b/kernel/reboot.c
@@ -231,6 +231,7 @@ static void kernel_shutdown_prepare(enum
 		(state == SYSTEM_HALT) ? SYS_HALT : SYS_POWER_OFF, NULL);
 	system_state = state;
 	usermodehelper_disable();
+	show_workqueue_state();
 	device_shutdown();
 }
 /**
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -1366,6 +1366,9 @@ static void __queue_work(int cpu, struct
 	unsigned int work_flags;
 	unsigned int req_cpu = cpu;
 
+	if (WARN_ON(wq->flags & __WQ_DESTROYING))
+		return;
+
 	/*
 	 * While a work item is PENDING && off queue, a task trying to
 	 * steal the PENDING will busy-loop waiting for it to either get
@@ -2804,6 +2807,9 @@ static bool start_flush_work(struct work
 		pwq = worker->current_pwq;
 	}
 
+	if (WARN_ON(pwq->wq->flags & __WQ_DESTROYING))
+		return false;
+
 	check_flush_dependency(pwq->wq, work);
 
 	insert_wq_barrier(pwq, barr, work, worker);
@@ -2821,6 +2827,8 @@ static bool start_flush_work(struct work
 		lock_map_acquire_read(>wq->lockdep_map);
 	lock_map_release(>wq->lockdep_map);
 
+	WARN_ON(pwq->wq->flags & __WQ_DESTROYING);
+
 	return true;
 already_gone:
 	spin_unlock_irq(>lock);
@@ -3998,6 +4006,8 @@ err_destroy:
 }
 EXPORT_SYMBOL_GPL(__alloc_workqueue_key);
 
+static void show_pwq(struct pool_workqueue *pwq);
+
 /**
  * destroy_workqueue - safely terminate a workqueue
  * @wq: target workqueue
@@ -4010,6 +4020,7 @@ void destroy_workqueue(struct workqueue_
 	int node;
 
 	/* drain it before proceeding with destruction */
+	wq->flags |= __WQ_DESTROYING;
 	drain_workqueue(wq);
 
 	/* sanity checks */
@@ -4024,9 +4035,26 @@ void destroy_workqueue(struct workqueue_
 			}
 		}
 
-		if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) ||
-		WARN_ON(pwq->nr_active) ||
-		WARN_ON(!list_empty(>delayed_works))) {
+		if ((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) {
+			pr_info("%s: name='%s' pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d pwq->nr_active=%d delayed_works:",
+	__func__, wq->name, pwq, wq->dfl_pwq,
+	pwq->refcnt, pwq->nr_active);
+
+			show_pwq(pwq);
+
+			mutex_unlock(>mutex);
+			WARN_ON(1);
+			return;
+		}
+
+		if (WARN_ON(pwq->nr_active)) {
+			pr_inf

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-03-03 Thread Jiri Slaby 
Hi,

On 03/02/2016, 04:45 PM, Tejun Heo wrote:
> On Fri, Feb 19, 2016 at 01:10:00PM +0100, Jiri Slaby wrote:
>>> 1. didn't help, the problem persists. So I haven't applied the patch from 2.
>>
>> FWIW I dumped more info about the wq:
>> wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200
>> pwq->refcnt=2 pwq->nr_active=0 delayed_works: 
> 
> Can you please print out the same info for all pwq's during shutdown?
> It looks like we're leaking pwq refcnt but I can't spot a place where
> that could happen on an empty pwq.

I have not done that yet, but today, I see:
destroy_workqueue: name='req_hci0' pwq=88002f590300
wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works:
   pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1
 in-flight: 18568:wq_barrier_func

thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-02-19 Thread Jiri Slaby 
On 02/19/2016, 11:20 AM, Jiri Slaby wrote:
> On 02/18/2016, 06:44 PM, Tejun Heo wrote:
>> Hello,
>>
>> Can you please do the followings?
>>
>> 1. Remove WQ_MEM_RECLAIM from the affected workqueue and see whether
>>the problem is reproducible.  WQ_MEM_RECLAIM on anything bluetooth
>>doesn't make sense btw.  Why is it there?
>>
>> 2. If WQ_MEM_RECLAIM makes the issue go away, see whether the attached
>>patch works too.
> 
> Hello,
> 
> 1. didn't help, the problem persists. So I haven't applied the patch from 2.

FWIW I dumped more info about the wq:
wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200
pwq->refcnt=2 pwq->nr_active=0 delayed_works: 

> thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-02-19 Thread Jiri Slaby 
On 02/18/2016, 06:44 PM, Tejun Heo wrote:
> Hello,
> 
> Can you please do the followings?
> 
> 1. Remove WQ_MEM_RECLAIM from the affected workqueue and see whether
>the problem is reproducible.  WQ_MEM_RECLAIM on anything bluetooth
>doesn't make sense btw.  Why is it there?
> 
> 2. If WQ_MEM_RECLAIM makes the issue go away, see whether the attached
>patch works too.

Hello,

1. didn't help, the problem persists. So I haven't applied the patch from 2.

thanks,
-- 
js
suse labs

Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev

2016-02-18 Thread Jiri Slaby 
Cc Tejun (workqueues), Takashi (debug patch)

On 01/26/2016, 12:53 PM, Dmitry Vyukov wrote:
> Hello,
> 
> I've hit the following warning while running syzkaller fuzzer:

Hi,

I am hitting it over and over again using syzkaller.

> WARNING: CPU: 2 PID: 17409 at kernel/workqueue.c:3968
> destroy_workqueue+0x172/0x550()

Which of the warnings is it in your case?

I hit "(pwq != wq->dfl_pwq) && (pwq->refcnt > 1)". So I have this in the
code:
if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1))) {
pr_info("%s: pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d\n",
__func__, pwq, wq->dfl_pwq,
pwq->refcnt);
mutex_unlock(>mutex);
return;
}

if (WARN_ON(pwq->nr_active)) {
...

And the values are:
pwq=88006e271500 wq->dfl_pwq=88006e272400 pwq->refcnt=2
pwq=88002ec48300 wq->dfl_pwq=88002ec4bc00 pwq->refcnt=2
pwq=880020f76400 wq->dfl_pwq=880020f75500 pwq->refcnt=2
pwq=88002a908f00 wq->dfl_pwq=88002a90bc00 pwq->refcnt=1
pwq=8800348e0300 wq->dfl_pwq=8800348e pwq->refcnt=2
pwq=88006e276400 wq->dfl_pwq=88006e275800 pwq->refcnt=2


Note the single "pwq->refcnt=1" in there. So this is perhaps a race?

Takashi also provided me with a debug patch included in the attached
patch. It did not trigger though.

> CPU: 2 PID: 17409 Comm: syz-executor Not tainted 4.5.0-rc1+ #283
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>   88003665f8a0 8299a06d 
>  88003599c740 8643f0c0 88003665f8e0 8134fcf9
>  8139d4c2 8643f0c0 0f80 8800630c5ae8
> Call Trace:
>  [< inline >] __dump_stack lib/dump_stack.c:15
>  [] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
>  [] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
>  [] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
>  [] destroy_workqueue+0x172/0x550 kernel/workqueue.c:3968
>  [] hci_unregister_dev+0x264/0x700
> net/bluetooth/hci_core.c:3162
>  [] vhci_release+0x76/0xe0 drivers/bluetooth/hci_vhci.c:341
>  [] __fput+0x236/0x780 fs/file_table.c:208
>  [] fput+0x15/0x20 fs/file_table.c:244
>  [] task_work_run+0x170/0x210 kernel/task_work.c:115
>  [< inline >] exit_task_work include/linux/task_work.h:21
>  [] do_exit+0x8b5/0x2c60 kernel/exit.c:748
>  [] do_group_exit+0x108/0x330 kernel/exit.c:878
>  [] get_signal+0x5e4/0x14f0 kernel/signal.c:2307
>  [] do_signal+0x83/0x1c90 arch/x86/kernel/signal.c:712
>  [] exit_to_usermode_loop+0x1a5/0x210
> arch/x86/entry/common.c:247
>  [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:282
>  [] syscall_return_slowpath+0x2ba/0x340
> arch/x86/entry/common.c:344
>  [] int_ret_from_sys_call+0x25/0x9f
> arch/x86/entry/entry_64.S:281
> ---[ end trace f627386faee7426f ]---
> 
> Unfortunately I cannot reproduce it in a controlled environment, but
> I've hit it twice in different VMs. So maybe if you see something
> obvious there. Is it possible that something is submitted into the
> workqueue between it is drained and destroyed in hci_unregister_dev?
> 
> On commit 92e963f50fc74041b5e9e744c330dca48e04f08d (Jan 24).
> 

thanks,
-- 
js
suse labs
---
 include/linux/workqueue.h |1 +
 kernel/workqueue.c|   23 ---
 net/bluetooth/hci_core.c  |   19 +++
 3 files changed, 40 insertions(+), 3 deletions(-)

--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -312,6 +312,7 @@ enum {
 	__WQ_DRAINING		= 1 << 16, /* internal: workqueue is draining */
 	__WQ_ORDERED		= 1 << 17, /* internal: workqueue is ordered */
 	__WQ_LEGACY		= 1 << 18, /* internal: create*_workqueue() */
+	__WQ_DESTROYING		= 1 << 19,
 
 	WQ_MAX_ACTIVE		= 512,	  /* I like 512, better ideas? */
 	WQ_MAX_UNBOUND_PER_CPU	= 4,	  /* 4 * #cpus for unbound wq */
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -1366,6 +1366,9 @@ static void __queue_work(int cpu, struct
 	unsigned int work_flags;
 	unsigned int req_cpu = cpu;
 
+	if (WARN_ON(wq->flags & __WQ_DESTROYING))
+		return;
+
 	/*
 	 * While a work item is PENDING && off queue, a task trying to
 	 * steal the PENDING will busy-loop waiting for it to either get
@@ -4010,6 +4013,7 @@ void destroy_workqueue(struct workqueue_
 	int node;
 
 	/* drain it before proceeding with destruction */
+	wq->flags |= __WQ_DESTROYING;
 	drain_workqueue(wq);
 
 	/* sanity checks */
@@ -4024,9 +4028,22 @@ void destroy_workqueue(struct workqueue_
 			}
 		}
 
-		if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) ||
-		WARN_ON(pwq->nr_active) ||
-		WARN_ON(!list_empty(>delayed_works))) {
+		if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1))) {
+			pr_info("%s: pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d\n",
+	__func__, pwq, wq->dfl_pwq,
+	pwq->refcnt);
+			mutex_unlock(>mutex);
+			return;
+		}
+
+		if (WARN_ON(pwq->nr_active)) {
+			pr_info("%s: %ps\n", __func__, wq);
+			mutex_unlock(>mutex);
+			return;
+		}
+
+		if

Re: [PATCH 00/33] Compile-time stack metadata validation

2016-02-12 Thread Jiri Slaby 
On 01/21/2016, 11:49 PM, Josh Poimboeuf wrote:
> This is v16 of the compile-time stack metadata validation patch set,
> along with proposed fixes for most of the warnings it found.  It's based
> on the tip/master branch.

Hi,

with this config:
https://github.com/openSUSE/kernel-source/blob/master/config/x86_64/vanilla

I am seeing a lot of functions in C which do not have frame pointer 
setup/cleanup:
stacktool: drivers/scsi/hpsa.o: hpsa_scsi_do_simple_cmd.constprop.106()+0x79: 
call without frame pointer save/setup
stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: 
cfs_cdebug_show.part.5.constprop.35()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: 
cfs_cdebug_show.part.5.constprop.35()+0x8: duplicate frame pointer save
stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: 
cfs_cdebug_show.part.5.constprop.35()+0x9: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: 
ksocknal_connsock_decref()+0x0: duplicate frame pointer save
stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: 
ksocknal_connsock_decref()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: 
ksocknal_connsock_decref()+0x1: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: .text: 
unexpected end of section
stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: 
cfs_cdebug_show.part.1.constprop.16()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: 
cfs_cdebug_show.part.1.constprop.16()+0x8: duplicate frame pointer save
stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: 
cfs_cdebug_show.part.1.constprop.16()+0x9: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: .text: unexpected end 
of section
stacktool: drivers/staging/lustre/lnet/lnet/lo.o: .text: unexpected end of 
section
stacktool: drivers/staging/lustre/lnet/lnet/nidstrings.o: 
cfs_print_nidlist()+0x220: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/lnet/peer.o: .text: unexpected end of 
section
stacktool: drivers/staging/lustre/lnet/lnet/router.o: 
cfs_cdebug_show.part.0.constprop.16()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/lnet/router.o: 
cfs_cdebug_show.part.0.constprop.16()+0x8: duplicate frame pointer save
stacktool: drivers/staging/lustre/lnet/lnet/router.o: 
cfs_cdebug_show.part.0.constprop.16()+0x9: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lnet/lnet/router.o: 
lnet_find_net_locked()+0x8a: frame pointer state mismatch
stacktool: drivers/staging/lustre/lnet/lnet/router.o: 
lnet_find_net_locked()+0x8a: return without frame pointer restore
stacktool: drivers/staging/lustre/lustre/fid/fid_request.o: .text: unexpected 
end of section
stacktool: drivers/staging/lustre/lustre/fld/lproc_fld.o: .text: unexpected end 
of section
stacktool: drivers/staging/lustre/lustre/libcfs/libcfs_lock.o: .text: 
unexpected end of section
stacktool: drivers/staging/lustre/lustre/libcfs/libcfs_mem.o: .text: unexpected 
end of section
stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x0: 
duplicate frame pointer save
stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x0: frame 
pointer state mismatch
stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x4: 
duplicate frame pointer setup
stacktool: drivers/staging/lustre/lustre/llite/file.o: 
md_intent_lock.part.28()+0x0: duplicate frame pointer save
stacktool: drivers/staging/lustre/lustre/llite/file.o: 
md_intent_lock.part.28()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lustre/llite/file.o: 
md_intent_lock.part.28()+0x24: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: 
cl_io_get()+0x0: frame pointer state mismatch
stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: 
cl_io_get()+0x1a: duplicate frame pointer save
stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: 
cl_io_get()+0x1b: duplicate frame pointer setup
stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: 
cl_io_get()+0x19: return without frame pointer restore
stacktool: drivers/staging/lustre/lustre/llite/../lclient/lcommon_misc.o: 
.text: unexpected end of section
stacktool: drivers/staging/lustre/lustre/llite/llite_mmap.o: .text: unexpected 
end of section
stacktool: drivers/staging/lustre/lustre/llite/lproc_llite.o: 
checksum_pages_store()+0x19e: frame pointer state mismatch
stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x0: 
frame pointer state mismatch
stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x5: 
duplicate frame pointer save
stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x9: 
duplicate frame pointer setup
stacktool:

Re: [PATCH 00/33] Compile-time stack metadata validation

2016-02-12 Thread Jiri Slaby 
On 02/12/2016, 11:36 AM, Jiri Slaby wrote:
> It there some compilation flag missing? -f flags when compiling that file are:
> -falign-jumps=1
> -falign-loops=1
> -fconserve-stack
> -fno-asynchronous-unwind-tables
> -fno-common
> -fno-delete-null-pointer-checks
> -fno-inline-functions-called-once
> -fno-omit-frame-pointer
> -fno-optimize-sibling-calls
> -fno-strict-aliasing
> -fno-strict-overflow
> -fno-var-tracking-assignments
> -fstack-protector
> -funit-at-a-time

Happens with:
gcc (SUSE Linux) 5.3.1 20151207 [gcc-5-branch revision 231355]
gcc-6 (SUSE Linux) 6.0.0 20160202 (experimental) [trunk revision 233076]

> thanks,
-- 
js
suse labs

[PATCH 3.12 28/64] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.

2016-02-11 Thread Jiri Slaby 
From: Vijay Pandurangan <vij...@vijayp.ca>

3.12-stable review patch.  If anyone has any objections, please let me know.

===

[ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ]

Packets that arrive from real hardware devices have ip_summed ==
CHECKSUM_UNNECESSARY if the hardware verified the checksums, or
CHECKSUM_NONE if the packet is bad or it was unable to verify it. The
current version of veth will replace CHECKSUM_NONE with
CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to
a veth device to be delivered to the application. This caused applications
at Twitter to receive corrupt data when network hardware was corrupting
packets.

We believe this was added as an optimization to skip computing and
verifying checksums for communication between containers. However, locally
generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as
written does nothing for them. As far as we can tell, after removing this
code, these packets are transmitted from one stack to another unmodified
(tcpdump shows invalid checksums on both sides, as expected), and they are
delivered correctly to applications. We didn’t test every possible network
configuration, but we tried a few common ones such as bridging containers,
using NAT between the host and a container, and routing from hardware
devices to containers. We have effectively deployed this in production at
Twitter (by disabling RX checksum offloading on veth devices).

This code dates back to the first version of the driver, commit
 ("[NET]: Virtual ethernet device driver"), so I
suspect this bug occurred mostly because the driver API has evolved
significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
packet checksumming") (in December 2010) fixed this for packets that get
created locally and sent to hardware devices, by not changing
CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming
in from hardware devices.

Co-authored-by: Evan Jones <e...@evanjones.ca>
Signed-off-by: Evan Jones <e...@evanjones.ca>
Cc: Nicolas Dichtel <nicolas.dich...@6wind.com>
Cc: Phil Sutter <p...@nwl.cc>
Cc: Toshiaki Makita <makita.toshi...@lab.ntt.co.jp>
Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Vijay Pandurangan <vij...@vijayp.ca>
Acked-by: Cong Wang <cw...@twopensource.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 drivers/net/veth.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 61c4044f644e..917abeae77ad 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -116,12 +116,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct 
net_device *dev)
kfree_skb(skb);
goto drop;
}
-   /* don't change ip_summed == CHECKSUM_PARTIAL, as that
-* will cause bad checksum on forwarded packets
-*/
-   if (skb->ip_summed == CHECKSUM_NONE &&
-   rcv->features & NETIF_F_RXCSUM)
-   skb->ip_summed = CHECKSUM_UNNECESSARY;
 
if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
-- 
2.7.1

[patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.

2016-01-28 Thread Jiri Slaby 
From: Vijay Pandurangan <vij...@vijayp.ca>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===

[ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ]

Packets that arrive from real hardware devices have ip_summed ==
CHECKSUM_UNNECESSARY if the hardware verified the checksums, or
CHECKSUM_NONE if the packet is bad or it was unable to verify it. The
current version of veth will replace CHECKSUM_NONE with
CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to
a veth device to be delivered to the application. This caused applications
at Twitter to receive corrupt data when network hardware was corrupting
packets.

We believe this was added as an optimization to skip computing and
verifying checksums for communication between containers. However, locally
generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as
written does nothing for them. As far as we can tell, after removing this
code, these packets are transmitted from one stack to another unmodified
(tcpdump shows invalid checksums on both sides, as expected), and they are
delivered correctly to applications. We didn’t test every possible network
configuration, but we tried a few common ones such as bridging containers,
using NAT between the host and a container, and routing from hardware
devices to containers. We have effectively deployed this in production at
Twitter (by disabling RX checksum offloading on veth devices).

This code dates back to the first version of the driver, commit
 ("[NET]: Virtual ethernet device driver"), so I
suspect this bug occurred mostly because the driver API has evolved
significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
packet checksumming") (in December 2010) fixed this for packets that get
created locally and sent to hardware devices, by not changing
CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming
in from hardware devices.

Co-authored-by: Evan Jones <e...@evanjones.ca>
Signed-off-by: Evan Jones <e...@evanjones.ca>
Cc: Nicolas Dichtel <nicolas.dich...@6wind.com>
Cc: Phil Sutter <p...@nwl.cc>
Cc: Toshiaki Makita <makita.toshi...@lab.ntt.co.jp>
Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Vijay Pandurangan <vij...@vijayp.ca>
Acked-by: Cong Wang <cw...@twopensource.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
---
 drivers/net/veth.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 61c4044f644e..917abeae77ad 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -116,12 +116,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct 
net_device *dev)
kfree_skb(skb);
goto drop;
}
-   /* don't change ip_summed == CHECKSUM_PARTIAL, as that
-* will cause bad checksum on forwarded packets
-*/
-   if (skb->ip_summed == CHECKSUM_NONE &&
-   rcv->features & NETIF_F_RXCSUM)
-   skb->ip_summed = CHECKSUM_UNNECESSARY;
 
if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
-- 
2.7.0

Re: [PATCH stable-3.2 stable-3.12] net: fix checksum check in skb_copy_and_csum_datagram_iovec()

2016-01-05 Thread Jiri Slaby 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/05/2016, 05:40 PM, Ben Hutchings wrote:
> On Tue, 2016-01-05 at 17:36 +0100, Jiri Slaby wrote:
>> On 12/28/2015, 03:01 PM, Michal Kubecek wrote:
>>> Recent fix "net: add length argument to 
>>> skb_copy_and_csum_datagram_iovec" added to some pre-3.19
>>> stable branches, namely
>>> 
>>> stable-3.2.y: commit 127500d724f8 stable-3.12.y: commit
>>> 3e1ac3aafbd0
>> 
>> Applied this fix to 3.12. Thanks!
> [...]
> 
> You don't want this, you want Eric's fix (commit 197c949e7, "udp: 
> properly support MSG_PEEK with truncated buffers") although that's
> not upstream yet.

Dropped then. Thanks!


- -- 
js
suse labs
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWi/IlAAoJEL0lsQQGtHBJ+HkP/RSxEleW2xhvRXBVz9S5iTgR
U5dDY3gdpajVuouc8S8ZC8o6/BT+rx0LwzrCcb8RDkIOPad3dFVrcPn5uwZvCZ+b
JSNKvNLTLgtn/jvSu5ZhjlL0F4zXu2Pl37KZpaimwEgGAEmfKAvLL52mdHWURGRq
AD7qD5UJxybejt8VNpExX6Oo+Q6nsRJtbrXXSRbalpeCwUhMxu+A/0vWFQ+bFR4M
GPMw6GqhCoCTy1fcpI4csyvEJImg91PAnNc2+37vOUqxrpr4hqBtNnVerampaI1N
u6QGl5WxfqvX+sDeYv7JDCR+2D750EixcfI6PYFdINSgTBn/7veKTsN1buj9JzlU
LBVFKXLILX3pOj16rIiwVtmqapinyJB9c3vCUDP19opn7LtkR16a5wDOTD3T59zs
KX6FZ0mO3uRacJNpVqeAcYQ8MVFIN6JRCCokJoTgFmia19rSpxV3Th1MoFy/bafX
yc5T+n0CYguTVirME2hn2vt2JHvUzUCcabktT0chY8EhXTc6XMBefRGWnhL3raBe
zRCn8tnGUbawr46ZbwMggpavfzUg3lGE6Y5/g5l5dNmdrLfU5SnNmid769Uvlrad
MFf56DMfMFHmojcqOukcN1v97jvmaK9eY2xXRvuoGnzYexL2JCiPEKfB21NQfZhW
NZSya8PXfCtyAnUS+56r
=hGxr
-END PGP SIGNATURE-
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH stable-3.2 stable-3.12] net: fix checksum check in skb_copy_and_csum_datagram_iovec()

2016-01-05 Thread Jiri Slaby 
On 12/28/2015, 03:01 PM, Michal Kubecek wrote:
> Recent fix "net: add length argument to
> skb_copy_and_csum_datagram_iovec" added to some pre-3.19 stable
> branches, namely
> 
>   stable-3.2.y: commit 127500d724f8
>   stable-3.12.y: commit 3e1ac3aafbd0

Applied this fix to 3.12. Thanks!

> doesn't handle truncated reads correctly. If read length is shorter than
> incoming datagram (but non-zero) and first segment of target iovec is
> sufficient for read length, skb_copy_and_csum_datagram() is used to copy
> checksum the data while copying it. For truncated reads this means only
> the copied part is checksummed (rather than the whole datagram) so that
> the check almost always fails.
> 
> Add checksum of the remaining part so that the proper checksum of the
> whole datagram is computed and checked. Special care must be taken if
> the copied length is odd.
> 
> For zero read length, we don't have to copy anything but we still should
> check the checksum so that a peek doesn't return with a datagram which
> is invalid and wouldn't be returned by an actual read.
> 
> Signed-off-by: Michal Kubecek 
> ---
>  net/core/datagram.c | 26 +-
>  1 file changed, 21 insertions(+), 5 deletions(-)
> 
> diff --git a/net/core/datagram.c b/net/core/datagram.c
> index f22f120771ef..af4bf368257c 100644
> --- a/net/core/datagram.c
> +++ b/net/core/datagram.c
> @@ -809,13 +809,14 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff 
> *skb,
>int hlen, struct iovec *iov, int len)
>  {
>   __wsum csum;
> - int chunk = skb->len - hlen;
> + int full_chunk = skb->len - hlen;
> + int chunk = min_t(int, full_chunk, len);
>  
> - if (chunk > len)
> - chunk = len;
> -
> - if (!chunk)
> + if (!chunk) {
> + if (__skb_checksum_complete(skb))
> + goto csum_error;
>   return 0;
> + }
>  
>   /* Skip filled elements.
>* Pretty silly, look at memcpy_toiovec, though 8)
> @@ -833,6 +834,21 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
>   if (skb_copy_and_csum_datagram(skb, hlen, iov->iov_base,
>  chunk, ))
>   goto fault;
> + if (full_chunk > chunk) {
> + if (chunk % 2) {
> + __be16 odd = 0;
> +
> + if (skb_copy_bits(skb, hlen + chunk,
> +   (char *) + 1, 1))
> + goto fault;
> + csum = add32_with_carry(odd, csum);
> + csum = skb_checksum(skb, hlen + chunk + 1,
> + full_chunk - chunk - 1,
> + csum);
> + } else
> + csum = skb_checksum(skb, hlen + chunk,
> + full_chunk - chunk, csum);
> + }
>   if (csum_fold(csum))
>   goto csum_error;
>   if (unlikely(skb->ip_summed == CHECKSUM_COMPLETE))
> 


-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 01/15] net: wireless: ath: use | instead of + for summing bitmasks

2015-10-21 Thread Jiri Slaby 
On 10/21/2015, 04:55 PM, Punit Vara wrote:
> This patch is to the ath10k/pci.h file that fixes following warning
>  reported by coccicheck:
> 
> WARNING: sum of probable bitmasks, consider |
> 
> I have replaced + with OR operator | for summing bitmasks
> 
> Signed-off-by: Punit Vara 
> ---
>  drivers/net/wireless/ath/ath10k/pci.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/net/wireless/ath/ath10k/pci.c 
> b/drivers/net/wireless/ath/ath10k/pci.c
> index 1046ab6..165a318 100644
> --- a/drivers/net/wireless/ath/ath10k/pci.c
> +++ b/drivers/net/wireless/ath/ath10k/pci.c
> @@ -775,7 +775,7 @@ static u32 ath10k_pci_targ_cpu_to_ce_addr(struct ath10k 
> *ar, u32 addr)
>   switch (ar->hw_rev) {
>   case ATH10K_HW_QCA988X:
>   case ATH10K_HW_QCA6174:
> - val = (ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
> + val = (ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS |
> CORE_CTRL_ADDRESS) &

Could you explain where exactly are 2 bitmasks here?

thanks,
-- 
js
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 08/15] net: wireless: simplify return flow for usb_control_msg

2015-10-21 Thread Jiri Slaby 
On 10/21/2015, 04:55 PM, Punit Vara wrote:
> @@ -544,13 +544,10 @@ static void at76_ledtrig_tx_activity(void)
>  static int at76_remap(struct usb_device *udev)
>  {
>   int ret;
> - ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x0a,
> + return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x0a,
> USB_TYPE_VENDOR | USB_DIR_OUT |
> USB_RECIP_INTERFACE, 0, 0, NULL, 0,
> USB_CTRL_GET_TIMEOUT);
> - if (ret < 0)
> - return ret;
> - return 0;

ret is now unused, right?

-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3.19 and earlier] fib_rules: Fix dump_rules() not to exit early

2015-10-05 Thread Jiri Slaby 
On 10/05/2015, 07:29 PM, Roland Dreier wrote:
> From: Roland Dreier 
> 
> Backports of 41fc014332d9 ("fib_rules: fix fib rule dumps across
> multiple skbs") introduced a regression in "ip rule show" - it ends up
> dumping the first rule over and over and never exiting, because 3.19
> and earlier are missing commit 053c095a82cf ("netlink: make
> nlmsg_end() and genlmsg_end() void"), so fib_nl_fill_rule() ends up
> returning skb->len (i.e. > 0) in the success case.
> 
> Fix this by checking the return code for < 0 instead of != 0.
> 
> Signed-off-by: Roland Dreier 
> ---
> Hi, this is needed for all stable trees earlier than 4.0 that have
> picked up 41fc014332d9; so far looks like at least 3.10.y and 3.14.y
> have made such releases.
> 
>  net/core/fib_rules.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
> index 627e517077e4..84340a2605ed 100644
> --- a/net/core/fib_rules.c
> +++ b/net/core/fib_rules.c
> @@ -606,7 +606,7 @@ static int dump_rules(struct sk_buff *skb, struct 
> netlink_callback *cb,
>   err = fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).portid,
>  cb->nlh->nlmsg_seq, RTM_NEWRULE,
>  NLM_F_MULTI, ops);
> - if (err)
> + if (err < 0)

I integrated the fix into the backport of 41fc014332d9 in 3.12 and made
a note in there. Thanks!

-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: please queue commit ac37e2515c1a for stable 3.12 - 3.18

2015-06-26 Thread Jiri Slaby 
On 06/04/2015, 10:54 PM, Michal Kubecek wrote:
 Hello,
 
 please queue mainline commit
 
   ac37e2515c1a (xfrm: release dst_orig in case of error in xfrm_lookup())
 
 for stable branches 3.12, 3.14 and 3.18. It fixes a dst_entry reference
 leak introduced by commit
 
   f92ee61982d6 (xfrm: Generate blackhole routes only from route lookup 
 functions)
 
 present in these branches (3.12 and 3.14 as a backport, 3.18 from
 mainline). The patch applies cleanly to all three and I tested that it
 fixes the issue in 3.12.

David, do you have any plans on taking the commit or should we apply it
directly?

thanks,
-- 
js
suse labs
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/1] bna: remove obsolete use of EXTRA_CFLAGS

2015-06-09 Thread Jiri Slaby 
EXTRA_CFLAGS should be used on the command line only.

Since EXTRA_CFLAGS here add only a non-existant path to compiler
include paths (by -I), remove EXTRA_CFLAGS completely.

Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 drivers/net/ethernet/brocade/bna/Makefile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/net/ethernet/brocade/bna/Makefile 
b/drivers/net/ethernet/brocade/bna/Makefile
index 6e10b99733a2..8584abcf5366 100644
--- a/drivers/net/ethernet/brocade/bna/Makefile
+++ b/drivers/net/ethernet/brocade/bna/Makefile
@@ -9,5 +9,3 @@ obj-$(CONFIG_BNA) += bna.o
 bna-objs := bnad.o bnad_ethtool.o bnad_debugfs.o bna_enet.o bna_tx_rx.o
 bna-objs += bfa_msgq.o bfa_ioc.o bfa_ioc_ct.o bfa_cee.o
 bna-objs += cna_fwimg.o
-
-EXTRA_CFLAGS := -Idrivers/net/bna
-- 
2.4.2

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: v3.12-stable-queue build errors

2015-04-27 Thread Jiri Slaby 
On 04/25/2015, 04:16 PM, Guenter Roeck wrote:
 Several powerpc build fail with:
 
 drivers/net/ethernet/freescale/gianfar.c: In function 'gfar_start_xmit':
 drivers/net/ethernet/freescale/gianfar.c:2146:3: error: implicit declaration 
 of
 function 'dev_consume_skb_any' [-Werror=implicit-function-declaration]
dev_consume_skb_any(skb);
 
 dev_consume_skb_any() does not exist in 3.12.
 
 Introduced by 'gianfar: Carefully free skbs in functions called by netpoll'.

Eric, David,

what action should I take here?

1) take also:
commit e6247027e5173c00efb2084d688d06ff835bc3b0
Author: Eric Dumazet eduma...@google.com
Date:   Thu Dec 5 04:45:08 2013 -0800

net: introduce dev_consume_skb_any()


2) drop 'gianfar: Carefully free skbs in functions called by netpoll'
from stable-3.12

3) any other idea?

thanks,
-- 
js
suse labs
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3.12 04/83] net: ethernet: pcnet32: Setup the SRAM and NOUFLO on Am79C97{3, 5}

2015-04-27 Thread Jiri Slaby 
From: Markos Chandras markos.chand...@imgtec.com

3.12-stable review patch.  If anyone has any objections, please let me know.

===

commit 87f966d97b89774162df04d2106c6350c8fe4cb3 upstream.

On a MIPS Malta board, tons of fifo underflow errors have been observed
when using u-boot as bootloader instead of YAMON. The reason for that
is that YAMON used to set the pcnet device to SRAM mode but u-boot does
not. As a result, the default Tx threshold (64 bytes) is now too small to
keep the fifo relatively used and it can result to Tx fifo underflow errors.
As a result of which, it's best to setup the SRAM on supported controllers
so we can always use the NOUFLO bit.

Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: Don Fry pcne...@frontier.com
Signed-off-by: Markos Chandras markos.chand...@imgtec.com
Signed-off-by: David S. Miller da...@davemloft.net
Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 drivers/net/ethernet/amd/pcnet32.c | 31 +--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/amd/pcnet32.c 
b/drivers/net/ethernet/amd/pcnet32.c
index 2d8e28819779..048743573230 100644
--- a/drivers/net/ethernet/amd/pcnet32.c
+++ b/drivers/net/ethernet/amd/pcnet32.c
@@ -1516,7 +1516,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
 {
struct pcnet32_private *lp;
int i, media;
-   int fdx, mii, fset, dxsuflo;
+   int fdx, mii, fset, dxsuflo, sram;
int chip_version;
char *chipname;
struct net_device *dev;
@@ -1553,7 +1553,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
}
 
/* initialize variables */
-   fdx = mii = fset = dxsuflo = 0;
+   fdx = mii = fset = dxsuflo = sram = 0;
chip_version = (chip_version  12)  0x;
 
switch (chip_version) {
@@ -1586,6 +1586,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
chipname = PCnet/FAST III 79C973; /* PCI */
fdx = 1;
mii = 1;
+   sram = 1;
break;
case 0x2626:
chipname = PCnet/Home 79C978; /* PCI */
@@ -1609,6 +1610,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
chipname = PCnet/FAST III 79C975; /* PCI */
fdx = 1;
mii = 1;
+   sram = 1;
break;
case 0x2628:
chipname = PCnet/PRO 79C976;
@@ -1637,6 +1639,31 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
dxsuflo = 1;
}
 
+   /*
+* The Am79C973/Am79C975 controllers come with 12K of SRAM
+* which we can use for the Tx/Rx buffers but most importantly,
+* the use of SRAM allow us to use the BCR18:NOUFLO bit to avoid
+* Tx fifo underflows.
+*/
+   if (sram) {
+   /*
+* The SRAM is being configured in two steps. First we
+* set the SRAM size in the BCR25:SRAM_SIZE bits. According
+* to the datasheet, each bit corresponds to a 512-byte
+* page so we can have at most 24 pages. The SRAM_SIZE
+* holds the value of the upper 8 bits of the 16-bit SRAM size.
+* The low 8-bits start at 0x00 and end at 0xff. So the
+* address range is from 0x up to 0x17ff. Therefore,
+* the SRAM_SIZE is set to 0x17. The next step is to set
+* the BCR26:SRAM_BND midway through so the Tx and Rx
+* buffers can share the SRAM equally.
+*/
+   a-write_bcr(ioaddr, 25, 0x17);
+   a-write_bcr(ioaddr, 26, 0xc);
+   /* And finally enable the NOUFLO bit */
+   a-write_bcr(ioaddr, 18, a-read_bcr(ioaddr, 18) | (1  11));
+   }
+
dev = alloc_etherdev(sizeof(*lp));
if (!dev) {
ret = -ENOMEM;
-- 
2.3.5

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: v3.12-stable-queue build errors

2015-04-27 Thread Jiri Slaby 
On 04/27/2015, 06:25 PM, David Miller wrote:
 From: ebied...@xmission.com (Eric W. Biederman)
 Date: Mon, 27 Apr 2015 10:35:51 -0500
 
 Jiri Slaby jsl...@suse.cz writes:

 On 04/25/2015, 04:16 PM, Guenter Roeck wrote:
 Several powerpc build fail with:

 drivers/net/ethernet/freescale/gianfar.c: In function 'gfar_start_xmit':
 drivers/net/ethernet/freescale/gianfar.c:2146:3: error: implicit 
 declaration of
 function 'dev_consume_skb_any' [-Werror=implicit-function-declaration]
dev_consume_skb_any(skb);

 dev_consume_skb_any() does not exist in 3.12.

 Introduced by 'gianfar: Carefully free skbs in functions called by 
 netpoll'.

 Eric, David,

 what action should I take here?

 1) take also:
 commit e6247027e5173c00efb2084d688d06ff835bc3b0
 Author: Eric Dumazet eduma...@google.com
 Date:   Thu Dec 5 04:45:08 2013 -0800

 net: introduce dev_consume_skb_any()


 2) drop 'gianfar: Carefully free skbs in functions called by netpoll'
 from stable-3.12

 This is probably the most reasonable.   KISS.
 
 Yeah just drop the patch.
 
 I didn't even want to submit this series in the first place but
 people kept poking me endlessly about it.

Now dropped. Thanks.

-- 
js
suse labs
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[patch added to the 3.12 stable tree] net: ethernet: pcnet32: Setup the SRAM and NOUFLO on Am79C97{3, 5}

2015-04-23 Thread Jiri Slaby 
From: Markos Chandras markos.chand...@imgtec.com

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===

commit 87f966d97b89774162df04d2106c6350c8fe4cb3 upstream.

On a MIPS Malta board, tons of fifo underflow errors have been observed
when using u-boot as bootloader instead of YAMON. The reason for that
is that YAMON used to set the pcnet device to SRAM mode but u-boot does
not. As a result, the default Tx threshold (64 bytes) is now too small to
keep the fifo relatively used and it can result to Tx fifo underflow errors.
As a result of which, it's best to setup the SRAM on supported controllers
so we can always use the NOUFLO bit.

Cc: netdev@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: Don Fry pcne...@frontier.com
Signed-off-by: Markos Chandras markos.chand...@imgtec.com
Signed-off-by: David S. Miller da...@davemloft.net
Signed-off-by: Jiri Slaby jsl...@suse.cz
---
 drivers/net/ethernet/amd/pcnet32.c | 31 +--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/amd/pcnet32.c 
b/drivers/net/ethernet/amd/pcnet32.c
index 2d8e28819779..048743573230 100644
--- a/drivers/net/ethernet/amd/pcnet32.c
+++ b/drivers/net/ethernet/amd/pcnet32.c
@@ -1516,7 +1516,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
 {
struct pcnet32_private *lp;
int i, media;
-   int fdx, mii, fset, dxsuflo;
+   int fdx, mii, fset, dxsuflo, sram;
int chip_version;
char *chipname;
struct net_device *dev;
@@ -1553,7 +1553,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
}
 
/* initialize variables */
-   fdx = mii = fset = dxsuflo = 0;
+   fdx = mii = fset = dxsuflo = sram = 0;
chip_version = (chip_version  12)  0x;
 
switch (chip_version) {
@@ -1586,6 +1586,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
chipname = PCnet/FAST III 79C973; /* PCI */
fdx = 1;
mii = 1;
+   sram = 1;
break;
case 0x2626:
chipname = PCnet/Home 79C978; /* PCI */
@@ -1609,6 +1610,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
chipname = PCnet/FAST III 79C975; /* PCI */
fdx = 1;
mii = 1;
+   sram = 1;
break;
case 0x2628:
chipname = PCnet/PRO 79C976;
@@ -1637,6 +1639,31 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct 
pci_dev *pdev)
dxsuflo = 1;
}
 
+   /*
+* The Am79C973/Am79C975 controllers come with 12K of SRAM
+* which we can use for the Tx/Rx buffers but most importantly,
+* the use of SRAM allow us to use the BCR18:NOUFLO bit to avoid
+* Tx fifo underflows.
+*/
+   if (sram) {
+   /*
+* The SRAM is being configured in two steps. First we
+* set the SRAM size in the BCR25:SRAM_SIZE bits. According
+* to the datasheet, each bit corresponds to a 512-byte
+* page so we can have at most 24 pages. The SRAM_SIZE
+* holds the value of the upper 8 bits of the 16-bit SRAM size.
+* The low 8-bits start at 0x00 and end at 0xff. So the
+* address range is from 0x up to 0x17ff. Therefore,
+* the SRAM_SIZE is set to 0x17. The next step is to set
+* the BCR26:SRAM_BND midway through so the Tx and Rx
+* buffers can share the SRAM equally.
+*/
+   a-write_bcr(ioaddr, 25, 0x17);
+   a-write_bcr(ioaddr, 26, 0xc);
+   /* And finally enable the NOUFLO bit */
+   a-write_bcr(ioaddr, 18, a-read_bcr(ioaddr, 18) | (1  11));
+   }
+
dev = alloc_etherdev(sizeof(*lp));
if (!dev) {
ret = -ENOMEM;
-- 
2.3.5

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [BUG] bad address in twothirdsMD4Transform

2008-02-11 Thread Jiri Slaby 

On 02/11/2008 08:42 PM, Matt Mackall wrote:

BUG: unable to handle kernel paging request at 8102366213f8
IP: [803558f4] twothirdsMD4Transform+0xc4/0x3b0


You should mention what kernel you're using. 


Kernel version is in the bug below modules and above registers.


This bug is only in -mm
(you didn't cc: Andrew), and it's fixed here:

http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.24/2.6.24-mm1/hot-fixes/random-clean-up-checkpatch-complaints-fix.patch


I need to ask google first! Sorry.
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[BUG] bad address in twothirdsMD4Transform

2008-02-11 Thread Jiri Slaby 

Hi,

I get this with 32 bit Firefox 3b2 and java 1.6.0_03 on 64 bit:

BUG: unable to handle kernel paging request at 8102366213f8
IP: [803558f4] twothirdsMD4Transform+0xc4/0x3b0
PGD 8063 PUD 0
Oops:  [1] SMP
last sysfs file: /sys/devices/virtual/net/tun0/statistics/collisions
CPU 1
Modules linked in: szetest szedata2 v4l2_extension videodev v4l2_common 
v4l1_compat isofs tun bitrev ipv6 arc4 ecb crypto_blkcipher cryptomgr 
crypto_algapi ath5k mac80211 cfg80211 rtc_cmos sr_mod rtc_core ehci_hcd floppy 
rtc_lib cdrom crc32 [last unloaded: szedata2]

Pid: 3512, comm: java_vm Not tainted 2.6.24-mm1_64 #380
RIP: 0010:[803558f4]  [803558f4] 
twothirdsMD4Transform+0xc4/0x3b0

RSP: :810042721c68  EFLAGS: 00010286
RAX: 4000 RBX:  RCX: 3ffc
RDX: 7cfbfdc8 RSI: 810042721cd8 RDI: 8100435893d0
RBP: 810042721cc8 R08: 8000 R09: 
R10: 8101ac7c033c R11:  R12: 67f18b72
R13:  R14: 8100435893b0 R15: c42802a9
FS:  () GS:81007d008500(0063) knlGS:f492ab90
CS:  0010 DS: 002b ES: 002b CR0: 80050033
CR2: 8102366213f8 CR3: 426e6000 CR4: 06e0
DR0:  DR1:  DR2: 
DR3:  DR6: 0ff0 DR7: 0400
Process java_vm (pid: 3512, threadinfo 81004272, task 81002211b6b0)
Stack:  81007c0c62d0 7cfbfdc8 2dc63fea 0100
    
 8100435893b0 810043588d80 8100435893b0 810042721e88
Call Trace:
 [80356cce] secure_tcpv6_sequence_number+0x6e/0xa0
 [880b24ff] :ipv6:tcp_v6_connect+0x4bf/0x650
 [80466a89] ? lock_sock_nested+0xc9/0xe0
 [804b68d1] inet_stream_connect+0x231/0x2c0
 [804a5efe] ? tcp_init_xmit_timers+0x1e/0x20
 [802b96aa] ? inotify_d_instantiate+0x1a/0x50
 [80464171] sys_connect+0x71/0xa0
 [8046449a] ? sock_map_fd+0x4a/0x70
 [80480f56] compat_sys_socketcall+0x86/0x1b0
 [80224302] ia32_sysret+0x0/0xa


Code: 56 10 c1 c8 0d 48 89 55 b0 03 0c 96 44 89 ca 44 31 c2 21 c2 44 31 c2 01 d1 
8b 56 14 c1 c9 1d 48 89 55 a8 44 8b 7e 18 44 8b 66 1c 44 03 04 96 89 c2 44 31 
ca 21 ca 44 31 ca 46 03 0c be 41 01 d0

RIP  [803558f4] twothirdsMD4Transform+0xc4/0x3b0
 RSP 810042721c68
CR2: 8102366213f8
---[ end trace 057610ccf9ee39f0 ]---

Reproducible, going to
https://www.mojebanka.cz/InternetBanking/JSPLogin.jsp?L=CS
triggers it.
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150

2008-02-05 Thread Jiri Slaby 

On 02/04/2008 10:40 PM, Oliver Pinter wrote:

On 2/4/08, Oliver Pinter [EMAIL PROTECTED] wrote:

On 2/4/08, Jiri Slaby [EMAIL PROTECTED] wrote:

On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote:

[  413.118874] wpa_supplicant[4388]: segfault at 30 ip 080697ca sp
bfc9cab0 error 4 in wpa_supplicant[8048000+4c000]

Seems like wpa_supplicant is broken. Is this a regression?

yes, but with madwifi is all ok


And this... madwifi goes through ported bsd net80211. So which latest git you 
tried worked for you when this is a regression, please?

--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150

2008-02-04 Thread Jiri Slaby 

On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote:

git top: 9135f1901ee6449dfe338adf6e40e9c2025b8150

[  399.582185] wpa_supplicant[4383]: segfault at 30 ip 080697ca sp
bf87a690 error 4 in wpa_supplicant[8048000+4c000]
[  406.277199] wpa_supplicant[4384]: segfault at 30 ip 080697ca sp
bfc13a30 error 4 in wpa_supplicant[8048000+4c000]
[  407.586375] wpa_supplicant[4385]: segfault at 30 ip 080697ca sp
bf9ed000 error 4 in wpa_supplicant[8048000+4c000]
[  411.671037] wpa_supplicant[4386]: segfault at 30 ip 080697ca sp
bf8f3710 error 4 in wpa_supplicant[8048000+4c000]
[  412.569843] wpa_supplicant[4387]: segfault at 30 ip 080697ca sp
bfc19a30 error 4 in wpa_supplicant[8048000+4c000]
[  413.118874] wpa_supplicant[4388]: segfault at 30 ip 080697ca sp
bfc9cab0 error 4 in wpa_supplicant[8048000+4c000]


Seems like wpa_supplicant is broken. Is this a regression?


home:~# wpa_supplicant -Dwext -iath0 -c /etc/wpa_supplicant/wpa_supplicant.conf


ath0? udev renamed it?


ioctl[SIOCSIWAUTH]: Operation not supported
WEXT auth param 4 value 0x0 - bind(PF_UNIX): Address already in use


4 - 0x0 is TKIP, nothing we should worry about.


ctrl_iface exists and seems to be in use - cannot override it
Delete '/var/run/wpa_supplicant/ath0' manually if it is not used anymore
Failed to initialize control interface '/var/run/wpa_supplicant'.
You may have another wpa_supplicant process already running or the file was
left by an unclean termination of wpa_supplicant in which case you will need
to manually remove this file before starting wpa_supplicant again.


Have you?

I guess ltrace would help here. And maybe strace...
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150

2008-02-04 Thread Jiri Slaby 

On 02/04/2008 10:52 PM, Dan Williams wrote:

On Mon, 2008-02-04 at 22:34 +0100, Oliver Pinter wrote:

On 2/4/08, Jiri Slaby [EMAIL PROTECTED] wrote:

On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote:

ioctl[SIOCSIWAUTH]: Operation not supported
WEXT auth param 4 value 0x0 - bind(PF_UNIX): Address already in use

4 - 0x0 is TKIP, nothing we should worry about.


ctrl_iface exists and seems to be in use - cannot override it
Delete '/var/run/wpa_supplicant/ath0' manually if it is not used anymore
Failed to initialize control interface '/var/run/wpa_supplicant'.
You may have another wpa_supplicant process already running or the file

was

left by an unclean termination of wpa_supplicant in which case you will

need

to manually remove this file before starting wpa_supplicant again.

Have you?

yes


Ok, on one log it can't be bound and connected to, on the others it can be 
bound. I think you have 2 wpa/NM/whatever processes there which try to assign.



Note that the specific behavior of the process requesting scan results
can sometimes interact badly with the driver.  The driver most likely
needs to cope with this (by caching the BSS list internally for example)
and handle whatever behavior userspace programs throw at it.


The driver doesn't cope with scanning at all. It doesn't support passive scans. 
It's a mac layer who scans (sends probe request for each channel and listens for 
probe response for a while) here.


The scan results as Dan mentioned will be appreciated.
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: namespace support requires network modules to say GPL

2007-12-01 Thread Jiri Slaby 
On 12/02/2007 12:13 AM, Eric W. Biederman wrote:
 Mark Lord [EMAIL PROTECTED] writes:
 Fine.  But all of them want to call sk_alloc(),
 
 network drivers should be calling sk_alloc less then they should
 call dev_get_by_.  Only protocols call sk_alloc.
 
 and many want to do register_netdev().
 
 I haven't even touched register_netdev.
 
 So what should they be using there ?
 
 What are you having problems with?
 
 It is hard to answer specific questions without a context.

VMware vmnet.
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

sock_valbool_flag is required by VMware

2007-11-30 Thread Jiri Slaby 
Hi,

this commit:
[NET]: Move sock_valbool_flag to socket.c

The sock_valbool_flag() helper is used in setsockopt to
set or reset some flag on the sock. This helper is required
in the net/socket.c only, so move it there.

Besides, patch two places in sys_setsockopt() that repeat
this helper functionality manually.

Since this is not a bugfix, but a trivial cleanup, I
prepared this patch against net-2.6.25, but it also
applies (with a single offset) to the latest net-2.6.

breaks vmware module compilation, since it uses sock_valbool_flag(). Is this
their business (and they should use sock_set_flag/sock_reset_flag) or should
this be reverted?

thanks,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/5] Net: ibm_newemac, remove SPIN_LOCK_UNLOCKED

2007-11-09 Thread Jiri Slaby 
ibm_newemac, remove SPIN_LOCK_UNLOCKED

SPIN_LOCK_UNLOCKED is deprecated, use DEFINE_SPINLOCK instead

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]
Cc: Jeff Garzik [EMAIL PROTECTED]

---
commit aefcf0f6b6ab925184e7cebff8b609e4da1f5c0d
tree 9e1e6240f26c759826959e8812885726c520019d
parent f87566db6dd9613dde8de59380cd2f423166511e
author Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 11:54:41 +0200
committer Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 11:54:41 +0200

 drivers/net/ibm_newemac/debug.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/net/ibm_newemac/debug.c b/drivers/net/ibm_newemac/debug.c
index 170524e..ada13cd 100644
--- a/drivers/net/ibm_newemac/debug.c
+++ b/drivers/net/ibm_newemac/debug.c
@@ -21,7 +21,7 @@
 
 #include core.h
 
-static spinlock_t emac_dbg_lock = SPIN_LOCK_UNLOCKED;
+static DEFINE_SPINLOCK(emac_dbg_lock);
 
 static void emac_desc_dump(struct emac_instance *p)
 {
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 5/5] Net: sunrpc, remove SPIN_LOCK_UNLOCKED

2007-11-09 Thread Jiri Slaby 
sunrpc, remove SPIN_LOCK_UNLOCKED

SPIN_LOCK_UNLOCKED is deprecated, use DEFINE_SPINLOCK instead

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit d5e782e62a4fe2663a012571c345d9887b02
tree b993038b020d8c619f6ffdad412fbb992c073513
parent 828042d12cc0aa515e049889aa76d4066df100c0
author Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 12:00:13 +0200
committer Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 12:00:13 +0200

 net/sunrpc/xprt.c |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 282a9a2..cd641c8 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -62,7 +62,7 @@ static inline voiddo_xprt_reserve(struct rpc_task *);
 static voidxprt_connect_status(struct rpc_task *task);
 static int  __xprt_get_cong(struct rpc_xprt *, struct rpc_task *);
 
-static spinlock_t xprt_list_lock = SPIN_LOCK_UNLOCKED;
+static DEFINE_SPINLOCK(xprt_list_lock);
 static LIST_HEAD(xprt_list);
 
 /*
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

/proc/net/ bad hard links count [Was: 2.6.23-rc8-mm2]

2007-09-28 Thread Jiri Slaby 
On 09/27/2007 11:22 AM, Andrew Morton wrote:
 ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc8/2.6.23-rc8-mm2/

# find /proc /dev/null
find: WARNING: Hard link count is wrong for /proc/net: this may be a bug in your
filesystem driver.  Automatically turning on find's -noleaf option.  Earlier
results may have failed to include directories that should have been searched.
# stat net
  File: `net'
  Size: 0   Blocks: 0  IO Block: 1024   directory
Device: 3h/3d   Inode: 4026531864  Links: 2
Access: (0555/dr-xr-xr-x)  Uid: (0/root)   Gid: (0/root)
Access: 2007-09-28 18:21:24.651209759 +0200
Modify: 2007-09-28 18:21:24.651209759 +0200
Change: 2007-09-28 18:21:24.651209759 +0200
# stat net/
  File: `net/'
  Size: 0   Blocks: 0  IO Block: 1024   directory
Device: 3h/3d   Inode: 4026531909  Links: 4
Access: (0555/dr-xr-xr-x)  Uid: (0/root)   Gid: (0/root)
Access: 2007-09-28 18:26:48.813048220 +0200
Modify: 2007-09-28 18:26:48.813048220 +0200
Change: 2007-09-28 18:26:48.813048220 +0200

hmm, this is some kind of weirdness :)

regards,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University

-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [-MM, FIX V4] e1000e: incorporate napi_struct changes from net-2.6.24.git

2007-09-17 Thread Jiri Slaby 
  [8020eecd] do_softirq+0x3d/0x90
 [8023d932] ksoftirqd+0x72/0x100
 [8023d8c0] ksoftirqd+0x0/0x100
 [8024dbbd] kthread+0x4d/0x80
 [8020caf8] child_rip+0xa/0x12
 [8024db70] kthread+0x0/0x80
 [8020caee] child_rip+0x0/0x12

SysRq : Show Regs
CPU 0:
Modules linked in: floppy sr_mod ehci_hcd cdrom rtc_cmos rtc_core usbhid rtc_lib
Pid: 4, comm: ksoftirqd/0 Not tainted 2.6.23-rc4-mm1_64 #24
RIP: 0010:[804cd3f8]  [804cd3f8] _spin_trylock+0x8/0x20
RSP: :80703ea8  EFLAGS: 0246
RAX: 0001 RBX: 80703ea8 RCX: 80703f28
RDX: 8100032b0888 RSI: 0040 RDI: 8100032b0850
RBP: 80703e20 R08: 810002b85340 R09: 0002
R10: 0002 R11: 8100032b0700 R12: 8020c1f1
R13: 80703e20 R14: 0040 R15: 8100032b0700
FS:  () GS:806ad000() knlGS:
CS:  0010 DS: 0018 ES: 0018 CR0: 8005003b
CR2: 445d9978 CR3: 04c49000 CR4: 06e0
DR0:  DR1:  DR2: 
DR3:  DR6: 0ff0 DR7: 0400

Call Trace:
 IRQ  [803b302d] e1000_clean+0xdd/0x250
 [80250a43] hrtimer_run_queues+0x33/0x1b0
 [8046d777] net_rx_action+0xd7/0x190
 [8023dc54] __do_softirq+0x74/0xf0
 [8020ce6c] call_softirq+0x1c/0x30
 EOI  [8020eecd] do_softirq+0x3d/0x90
 [8023d932] ksoftirqd+0x72/0x100
 [8023d8c0] ksoftirqd+0x0/0x100
 [8024dbbd] kthread+0x4d/0x80
 [8020caf8] child_rip+0xa/0x12
 [8024db70] kthread+0x0/0x80
 [8020caee] child_rip+0x0/0x12

regards,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] [-MM, FIX V4] e1000e: incorporate napi_struct changes from net-2.6.24.git

2007-09-17 Thread Jiri Slaby 
On 09/17/2007 06:29 PM, Kok, Auke wrote:
 Jiri Slaby wrote:
 On 12/23/-28158 08:59 PM, Auke Kok wrote:
 This incorporates the new napi_struct changes into e1000e. Included
 bugfix for ifdown hang from Krishna Kumar for e1000.

 Disabling polling is no longer needed at init time, so remove
 napi_disable() call from _probe().

 This also fixes an endless polling loop where the driver signalled
 polling done improperly back to the stack.

 Signed-off-by: Auke Kok [EMAIL PROTECTED]

Tested-by: Jiri Slaby [EMAIL PROTECTED]

 ---

  drivers/net/e1000e/e1000.h  |2 ++
  drivers/net/e1000e/netdev.c |   40 
  2 files changed, 18 insertions(+), 24 deletions(-)
[...]
 I have no lockups here as well anymore, so I'm wondering if you accidentally 
 used
 V3 of the patch.

And so am I, it works, I ported one change to e1000 (non-e) driver and missed
the return 0; removal. Fixed both of them now, so one of them caused it.

thanks a lot,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 2.6.23-rc4-mm1: e1000e napi lockup

2007-09-10 Thread Jiri Slaby 
Kok, Auke napsal(a):
 Jiri Slaby wrote:
 I still have problems with the driver. When I do `ip link set eth0
 up', ksoftirq
 runs with 100 % cpu time, so I think you endlessly re-schedule some
 timer (or
 the new napi layer?)
 
 something changed in the logic and e1000e apparently does something
 wrong. I'll look into it on monday and resubmit a fixup patch (see
 robert olsson's mail as well discussing this issue)

he's posted me a patch, but no change on my side :(.

Anyway, I'm going away of the box on monday (today). will be back on fri to
test patches :).

thanks,
-- 
http://www.fi.muni.cz/~xslaby/Jiri Slaby
faculty of informatics, masaryk university, brno, cz
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 2.6.23-rc4-mm1: e1000e napi lockup

2007-09-09 Thread Jiri Slaby 
On 09/07/2007 09:19 AM, Jiri Slaby wrote:
 Hi,
 
 I found a regression in 2.6.23-rc4-mm1 (since -rc3-mm1) in e1000e driver.
 napi_disable(adapter-napi) in e1000_probe freezes the kernel on boot.

Ok, after these changes:
diff --git a/drivers/net/e1000e/netdev.c b/drivers/net/e1000e/netdev.c
index c1c64e2..f8ec537 100644
--- a/drivers/net/e1000e/netdev.c
+++ b/drivers/net/e1000e/netdev.c
@@ -1693,10 +1693,7 @@ quit_polling:
if (adapter-itr_setting  3)
e1000_set_itr(adapter);
netif_rx_complete(poll_dev, napi);
-   if (test_bit(__E1000_DOWN, adapter-state))
-   atomic_dec(adapter-irq_sem);
-   else
-   e1000_irq_enable(adapter);
+   e1000_irq_enable(adapter);
return 0;
}

@@ -4257,7 +4254,6 @@ static int __devinit e1000_probe(struct pci_dev *pdev,
/* tell the stack to leave us alone until e1000_open() is called */
netif_carrier_off(netdev);
netif_stop_queue(netdev);
-   napi_disable(adapter-napi);

strcpy(netdev-name, eth%d);
err = register_netdev(netdev);


I still have problems with the driver. When I do `ip link set eth0 up', ksoftirq
runs with 100 % cpu time, so I think you endlessly re-schedule some timer (or
the new napi layer?)

regards,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/2] remove asm/bitops.h includes

2007-09-08 Thread Jiri Slaby 
remove asm/bitops.h includes

including asm/bitops directly may cause compile errors. don't include it
and include linux/bitops instead. next patch will deny including asm header
directly.

Cc: Adrian Bunk [EMAIL PROTECTED]
Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 3c05eef3d0a98065323d7d6d9a78e0985eba4b10
tree cb9691832992f570b0363dd568f6fa3d2c81e3f5
parent 132bb039c741d00f066e7501e3613d2d20bf0595
author Jiri Slaby [EMAIL PROTECTED] Tue, 04 Sep 2007 21:01:35 +0200
committer Jiri Slaby [EMAIL PROTECTED] Tue, 04 Sep 2007 21:01:35 +0200

 arch/alpha/lib/fls.c|2 +-
 arch/frv/kernel/irq-mb93091.c   |2 +-
 arch/frv/kernel/irq-mb93093.c   |2 +-
 arch/frv/kernel/irq-mb93493.c   |2 +-
 arch/frv/kernel/irq.c   |2 +-
 arch/mips/au1000/pb1200/irqmap.c|2 +-
 arch/mips/basler/excite/excite_irq.c|2 +-
 arch/mips/gt64120/wrppmc/irq.c  |1 -
 arch/mips/tx4938/common/setup.c |2 +-
 arch/powerpc/platforms/maple/setup.c|2 +-
 drivers/char/esp.c  |2 +-
 drivers/char/mxser.c|2 +-
 drivers/char/mxser_new.c|2 +-
 drivers/ide/ide-io.c|2 +-
 drivers/media/dvb/ttpci/av7110_ir.c |2 +-
 drivers/net/bnx2.c  |2 +-
 drivers/net/cris/eth_v10.c  |2 +-
 drivers/net/cxgb3/adapter.h |2 +-
 drivers/net/hamradio/dmascc.c   |2 +-
 drivers/net/mac89x0.c   |2 +-
 drivers/net/spider_net.c|2 +-
 drivers/net/tulip/uli526x.c |2 +-
 drivers/net/wireless/bcm43xx/bcm43xx_leds.c |2 +-
 drivers/pcmcia/m32r_pcc.c   |2 +-
 drivers/pcmcia/m8xx_pcmcia.c|2 +-
 drivers/ps3/vuart.c |2 +-
 drivers/rtc/rtc-pl031.c |2 +-
 drivers/rtc/rtc-sa1100.c|2 +-
 drivers/s390/cio/idset.c|2 +-
 drivers/s390/net/claw.c |2 +-
 drivers/scsi/ide-scsi.c |2 +-
 drivers/serial/crisv10.c|2 +-
 drivers/watchdog/at91rm9200_wdt.c   |2 +-
 drivers/watchdog/ks8695_wdt.c   |2 +-
 drivers/watchdog/omap_wdt.c |2 +-
 drivers/watchdog/sa1100_wdt.c   |2 +-
 fs/reiser4/jnode.h  |2 +-
 fs/reiser4/plugin/space/bitmap.c|2 +-
 include/asm-cris/posix_types.h  |2 +-
 include/asm-i386/pgtable.h  |5 +
 include/asm-i386/smp.h  |2 +-
 include/asm-ia64/cacheflush.h   |2 +-
 include/asm-ia64/pgtable.h  |2 +-
 include/asm-ia64/smp.h  |2 +-
 include/asm-ia64/spinlock.h |2 +-
 include/asm-m32r/pgtable.h  |2 +-
 include/asm-mips/fpu.h  |2 +-
 include/asm-parisc/pgtable.h|2 +-
 include/asm-powerpc/iommu.h |2 +-
 include/asm-powerpc/mmu_context.h   |2 +-
 include/asm-ppc/mmu_context.h   |3 ++-
 include/asm-sparc64/smp.h   |2 +-
 include/asm-x86_64/pgtable.h|2 +-
 include/asm-x86_64/topology.h   |2 +-
 include/linux/of.h  |2 +-
 lib/hweight.c   |2 +-
 net/core/gen_estimator.c|2 +-
 net/core/pktgen.c   |2 +-
 net/ipv4/fib_trie.c |2 +-
 net/netfilter/xt_connbytes.c|2 +-
 60 files changed, 60 insertions(+), 63 deletions(-)

diff --git a/arch/alpha/lib/fls.c b/arch/alpha/lib/fls.c
index 7ad84ea..32afaa3 100644
--- a/arch/alpha/lib/fls.c
+++ b/arch/alpha/lib/fls.c
@@ -3,7 +3,7 @@
  */
 
 #include linux/module.h
-#include asm/bitops.h
+#include linux/bitops.h
 
 /* This is fls(x)-1, except zero is held to zero.  This allows most
efficent input into extbl, plus it allows easy handling of fls(0)=0.  */
diff --git a/arch/frv/kernel/irq-mb93091.c b/arch/frv/kernel/irq-mb93091.c
index ad753c1..9e38f99 100644
--- a/arch/frv/kernel/irq-mb93091.c
+++ b/arch/frv/kernel/irq-mb93091.c
@@ -17,10 +17,10 @@
 #include linux/interrupt.h
 #include linux/init.h
 #include linux/irq.h
+#include linux/bitops.h
 
 #include asm/io.h
 #include asm/system.h
-#include asm/bitops.h
 #include asm/delay.h
 #include asm/irq.h
 #include asm/irc-regs.h
diff --git a/arch/frv/kernel/irq-mb93093.c b/arch/frv/kernel/irq-mb93093.c
index e0983f6..3c2752c 100644
--- a/arch/frv/kernel/irq-mb93093.c
+++ b/arch/frv/kernel/irq-mb93093.c
@@ -17,10 +17,10 @@
 #include linux/interrupt.h
 #include linux/init.h
 #include linux/irq.h

2.6.23-rc4-mm1: e1000e napi lockup

2007-09-07 Thread Jiri Slaby 
Hi,

I found a regression in 2.6.23-rc4-mm1 (since -rc3-mm1) in e1000e driver.
napi_disable(adapter-napi) in e1000_probe freezes the kernel on boot.

regards,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 4/5] Net: ath5k, license is GPLv2

2007-08-29 Thread Jiri Slaby 
On 8/29/07, Johannes Berg [EMAIL PROTECTED] wrote:
 On Tue, 2007-08-28 at 12:00 -0400, Jiri Slaby wrote:

  The files are available only under GPLv2 since now.

 Since the BSD people are already getting upset about (for various
 reasons among which seem to be a clear non-understanding) I'd suggest
 changing it to:

yes, please. Can somebody do it, I'm away from my box.

 + * Parts of this file were originally licenced under the BSD licence:
 + *
   * Permission to use, copy, modify, and distribute this software for any
   * purpose with or without fee is hereby granted, provided that the above
   * copyright notice and this permission notice appear in all copies.
   *
   * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL
 WARRANTIES
   * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 + *
 + * Further changes to this file since the moment this notice was extended
 + * are now distributed under the terms of the GPL version two as published
 + * by the Free Software Foundation yaddaya

 johannes

-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 3/4] Net: ath5k, use short preamble for some rates

2007-08-28 Thread Jiri Slaby 
Johannes Berg napsal(a):
 On Sat, 2007-08-25 at 03:58 -0400, Jiri Slaby wrote:
 ath5k, use short preamble for some rates

 2, 5.5 and 11 in b/g are now in short preamble mode
 
 umm, mac80211 needs to be able to choose depending on the network.

Hmm, misleading log comment. It should be 'can now be in SP mode'.

thanks,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/5] Net: ath5k, switch to ioread/iowrite

2007-08-28 Thread Jiri Slaby 
ath5k, switch to ioread/iowrite

Do not use readl/writel, since iomap retval is platform dependent and
needn't be virtual address awaited by readl/writel.

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 64b9d0578668fe8c7a43eadace673bc3e57fc22b
tree 4990ed95e4112d79830d306ab6ae7afb2235f190
parent f65aa1c7d680d1bcde1ae20749eeda6d3ec02652
author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:06:28 +0200
committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:24:50 +0200

 drivers/net/wireless/ath5k.h |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h
index 0bb62dc..26f1229 100644
--- a/drivers/net/wireless/ath5k.h
+++ b/drivers/net/wireless/ath5k.h
@@ -1018,12 +1018,12 @@ extern int ath5k_hw_set_txpower_limit(struct ath_hw 
*hal, unsigned int power);
 
 static inline u32 ath5k_hw_reg_read(struct ath_hw *hal, u16 reg)
 {
-   return readl(hal-ah_sh + reg);
+   return ioread32(hal-ah_sh + reg);
 }
 
 static inline void ath5k_hw_reg_write(struct ath_hw *hal, u32 val, u16 reg)
 {
-   writel(val, hal-ah_sh + reg);
+   iowrite32(val, hal-ah_sh + reg);
 }
 
 #endif
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 3/5] Net: ath5k, use int as retval

2007-08-28 Thread Jiri Slaby 
ath5k, use int as retval

Convert some functions to return int and proper negative return value on
error as we are used to.

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit ceeaf6b9aac9daaa41ec38fbba3d2c1972af4470
tree 44cd0736147325e35c32274eb53bd543fb1510a9
parent 64b9d0578668fe8c7a43eadace673bc3e57fc22b
author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:10:36 +0200
committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:24:57 +0200

 drivers/net/wireless/ath5k.h  |   27 +++---
 drivers/net/wireless/ath5k_base.c |2 
 drivers/net/wireless/ath5k_hw.c   |  169 +
 3 files changed, 91 insertions(+), 107 deletions(-)

diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h
index 26f1229..0c6f3f5 100644
--- a/drivers/net/wireless/ath5k.h
+++ b/drivers/net/wireless/ath5k.h
@@ -919,10 +919,10 @@ extern int ath5k_hw_stop_rx_dma(struct ath_hw *hal);
 extern u32 ath5k_hw_get_rx_buf(struct ath_hw *hal);
 extern void ath5k_hw_put_rx_buf(struct ath_hw *hal, u32 phys_addr);
 extern int ath5k_hw_tx_start(struct ath_hw *hal, unsigned int queue);
-extern bool ath5k_hw_stop_tx_dma(struct ath_hw *hal, unsigned int queue);
+extern int ath5k_hw_stop_tx_dma(struct ath_hw *hal, unsigned int queue);
 extern u32 ath5k_hw_get_tx_buf(struct ath_hw *hal, unsigned int queue);
 extern int ath5k_hw_put_tx_buf(struct ath_hw *hal, unsigned int queue, u32 
phys_addr);
-extern bool ath5k_hw_update_tx_triglevel(struct ath_hw *hal, bool increase);
+extern int ath5k_hw_update_tx_triglevel(struct ath_hw *hal, bool increase);
 /* Interrupt handling */
 extern bool ath5k_hw_is_intr_pending(struct ath_hw *hal);
 extern int ath5k_hw_get_isr(struct ath_hw *hal, enum ath5k_int 
*interrupt_mask);
@@ -930,19 +930,19 @@ extern enum ath5k_int ath5k_hw_set_intr(struct ath_hw 
*hal, enum ath5k_int new_m
 /* EEPROM access functions */
 extern int ath5k_hw_set_regdomain(struct ath_hw *hal, u16 regdomain);
 /* Protocol Control Unit Functions */
-extern void ath5k_hw_set_opmode(struct ath_hw *hal);
+extern int ath5k_hw_set_opmode(struct ath_hw *hal);
 /* BSSID Functions */
 extern void ath5k_hw_get_lladdr(struct ath_hw *hal, u8 *mac);
-extern bool ath5k_hw_set_lladdr(struct ath_hw *hal, const u8 *mac);
+extern int ath5k_hw_set_lladdr(struct ath_hw *hal, const u8 *mac);
 extern void ath5k_hw_set_associd(struct ath_hw *hal, const u8 *bssid, u16 
assoc_id);
-extern bool ath5k_hw_set_bssid_mask(struct ath_hw *hal, const u8 *mask);
+extern int ath5k_hw_set_bssid_mask(struct ath_hw *hal, const u8 *mask);
 /* Receive start/stop functions */
 extern void ath5k_hw_start_rx_pcu(struct ath_hw *hal);
 extern void ath5k_hw_stop_pcu_recv(struct ath_hw *hal);
 /* RX Filter functions */
 extern void ath5k_hw_set_mcast_filter(struct ath_hw *hal, u32 filter0, u32 
filter1);
-extern bool ath5k_hw_set_mcast_filterindex(struct ath_hw *hal, u32 index);
-extern bool ath5k_hw_clear_mcast_filter_idx(struct ath_hw *hal, u32 index);
+extern int ath5k_hw_set_mcast_filterindex(struct ath_hw *hal, u32 index);
+extern int ath5k_hw_clear_mcast_filter_idx(struct ath_hw *hal, u32 index);
 extern u32 ath5k_hw_get_rx_filter(struct ath_hw *ah);
 extern void ath5k_hw_set_rx_filter(struct ath_hw *ah, u32 filter);
 /* Beacon related functions */
@@ -950,14 +950,14 @@ extern u32 ath5k_hw_get_tsf32(struct ath_hw *hal);
 extern u64 ath5k_hw_get_tsf64(struct ath_hw *hal);
 extern void ath5k_hw_reset_tsf(struct ath_hw *hal);
 extern void ath5k_hw_init_beacon(struct ath_hw *hal, u32 next_beacon, u32 
interval);
-extern void ath5k_hw_set_beacon_timers(struct ath_hw *hal, const struct 
ath5k_beacon_state *state);
+extern int ath5k_hw_set_beacon_timers(struct ath_hw *hal, const struct 
ath5k_beacon_state *state);
 extern void ath5k_hw_reset_beacon(struct ath_hw *hal);
-extern bool ath5k_hw_wait_for_beacon(struct ath_hw *hal, unsigned long 
phys_addr);
+extern int ath5k_hw_wait_for_beacon(struct ath_hw *hal, unsigned long 
phys_addr);
 extern void ath5k_hw_update_mib_counters(struct ath_hw *hal, struct 
ath5k_mib_stats *statistics);
 /* ACK/CTS Timeouts */
-extern bool ath5k_hw_set_ack_timeout(struct ath_hw *hal, unsigned int timeout);
+extern int ath5k_hw_set_ack_timeout(struct ath_hw *hal, unsigned int timeout);
 extern unsigned int ath5k_hw_get_ack_timeout(struct ath_hw *hal);
-extern bool ath5k_hw_set_cts_timeout(struct ath_hw *hal, unsigned int timeout);
+extern int ath5k_hw_set_cts_timeout(struct ath_hw *hal, unsigned int timeout);
 extern unsigned int ath5k_hw_get_cts_timeout(struct ath_hw *hal);
 /* Key table (WEP) functions */
 extern int ath5k_hw_reset_key(struct ath_hw *hal, u16 entry);
@@ -971,7 +971,7 @@ extern int ath5k_hw_get_tx_queueprops(struct ath_hw *hal, 
int queue, struct ath5
 extern void ath5k_hw_release_tx_queue(struct ath_hw *hal, unsigned int queue);
 extern int ath5k_hw_reset_tx_queue(struct ath_hw *hal, unsigned int queue);
 extern u32 ath5k_hw_num_tx_pending(struct ath_hw *hal, unsigned int queue

[PATCH 4/5] Net: ath5k, license is GPLv2

2007-08-28 Thread Jiri Slaby 
ath5k, license is GPLv2

The files are available only under GPLv2 since now.

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 330c2ab9a53ddce27003218bd546034e8eeeff17
tree b24cecd991fbe3046d5c5269c61e0090427e4fd3
parent ceeaf6b9aac9daaa41ec38fbba3d2c1972af4470
author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:27:51 +0200
committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:27:51 +0200

 drivers/net/wireless/ath5k.h|   12 +---
 drivers/net/wireless/ath5k_base.c   |   22 +++---
 drivers/net/wireless/ath5k_base.h   |   33 +
 drivers/net/wireless/ath5k_hw.c |   13 +
 drivers/net/wireless/ath5k_hw.h |   12 +---
 drivers/net/wireless/ath5k_reg.h|   31 +--
 drivers/net/wireless/ath5k_regdom.c |4 +---
 drivers/net/wireless/ath5k_regdom.h |4 +---
 8 files changed, 10 insertions(+), 121 deletions(-)

diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h
index 0c6f3f5..c76b97b 100644
--- a/drivers/net/wireless/ath5k.h
+++ b/drivers/net/wireless/ath5k.h
@@ -2,17 +2,7 @@
  * Copyright (c) 2004-2007 Reyk Floeter [EMAIL PROTECTED]
  * Copyright (c) 2006-2007 Nick Kossifidis [EMAIL PROTECTED]
  *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * This file is released under GPLv2
  */
 
 #ifndef _ATH5K_H
diff --git a/drivers/net/wireless/ath5k_base.c 
b/drivers/net/wireless/ath5k_base.c
index 5ee36b5..8703988 100644
--- a/drivers/net/wireless/ath5k_base.c
+++ b/drivers/net/wireless/ath5k_base.c
@@ -4,25 +4,9 @@
  * Copyright (c) 2007 Jiri Slaby [EMAIL PROTECTED]
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer,
- *without modification.
- * 2. Redistributions in binary form must reproduce at minimum a disclaimer
- *similar to the NO WARRANTY disclaimer below (Disclaimer) and any
- *redistribution must be conditioned upon including a substantially
- *similar Disclaimer requirement for further binary redistribution.
- * 3. Neither the names of the above-listed copyright holders nor the names
- *of any contributors may be used to endorse or promote products derived
- *from this software without specific prior written permission.
- *
- * Alternatively, this software may be distributed under the terms of the
- * GNU General Public License (GPL) version 2 as published by the Free
- * Software Foundation.
- *
+ * This file is released under GPLv2
  */
+
 #defineATH_PCI_VERSION 0.9.5.0-BSD
 
 #include linux/version.h
@@ -2530,5 +2514,5 @@ module_exit(exit_ath_pci);
 MODULE_AUTHOR(Jiri Slaby);
 MODULE_DESCRIPTION(Support for Atheros 802.11 wireless LAN cards.);
 MODULE_SUPPORTED_DEVICE(Atheros WLAN cards);
-MODULE_LICENSE(Dual BSD/GPL);
+MODULE_LICENSE(GPL v2);
 MODULE_VERSION(ATH_PCI_VERSION  (EXPERIMENTAL));
diff --git a/drivers/net/wireless/ath5k_base.h 
b/drivers/net/wireless/ath5k_base.h
index 15560ad..aa07dfb 100644
--- a/drivers/net/wireless/ath5k_base.h
+++ b/drivers/net/wireless/ath5k_base.h
@@ -2,38 +2,7 @@
  * Copyright (c) 2002-2007 Sam Leffler, Errno Consulting
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer,
- *without modification.
- * 2. Redistributions in binary form must reproduce at minimum a disclaimer
- *similar to the NO WARRANTY disclaimer below (Disclaimer) and any
- *redistribution must be conditioned upon including a substantially
- *similar Disclaimer requirement for further binary redistribution.
- * 3. Neither the names of the above-listed copyright holders nor the names
- *of any contributors may be used to endorse or promote products derived
- *from this software without specific prior written permission.
- *
- * Alternatively, this software may be distributed under

[PATCH 5/5] Net: ath5k, kconfig changes

2007-08-28 Thread Jiri Slaby 
ath5k, kconfig changes

- build 5120, 5111 and 5112 optionally
- alter Kconfig text

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 0902114e92b19bc080780f21f98807688244fc8f
tree d7b4a039e4d14ae73faf1b33907c38825d198461
parent 330c2ab9a53ddce27003218bd546034e8eeeff17
author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 17:39:44 +0200
committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 17:39:44 +0200

 drivers/net/wireless/Kconfig|   30 +++
 drivers/net/wireless/ath5k_hw_inivals.c |   35 ---
 drivers/net/wireless/ath5k_hw_phy.c |   24 +
 3 files changed, 77 insertions(+), 12 deletions(-)

diff --git a/drivers/net/wireless/Kconfig b/drivers/net/wireless/Kconfig
index 00b4fcd..a4608f9 100644
--- a/drivers/net/wireless/Kconfig
+++ b/drivers/net/wireless/Kconfig
@@ -856,18 +856,30 @@ config IWL3945
  will be called iwl3945.ko.
 
 config ATH5K
-   tristate Atheros 5xxx wireless cards support
-   depends on MAC80211
-   depends on PCI
-   default m
+   tristate Atheros 5xxx PCI/Cardbus wireless cards
+   depends on PCI  MAC80211  WLAN_80211  EXPERIMENTAL
---help---
- This module adds support for atheros 5xxx (e.g. 5212) wireless
- cards. If you have this card in your PC, select this to be build.
+ Say Y here if you intend to attach an Atheros 5xxx 
+ series Cardbus or PCI wireless Ethernet networking card to 
+ your computer. This driver uses mac80211 stack.
 
- This driver uses the kernel's mac80211 subsystem.
+ To compile this driver as a module, choose M here: the module will be
+ called ath5k.  If unsure, say M.
 
- If you choose to build a module, it'll be called ath5k. Say M if
- unsure.
+config ATH5K_AR5210
+   bool Support AR5210
+   depends on ATH5K
+   default y
+
+config ATH5K_AR5211
+   bool Support AR5211
+   depends on ATH5K
+   default y
+
+config ATH5K_AR5212
+   bool Support AR5212
+   depends on ATH5K
+   default y
 
 source drivers/net/wireless/hostap/Kconfig
 source drivers/net/wireless/bcm43xx/Kconfig
diff --git a/drivers/net/wireless/ath5k_hw_inivals.c 
b/drivers/net/wireless/ath5k_hw_inivals.c
index 062e03d..0531ad3 100644
--- a/drivers/net/wireless/ath5k_hw_inivals.c
+++ b/drivers/net/wireless/ath5k_hw_inivals.c
@@ -38,6 +38,7 @@ struct ath5k_ini_mode {
u32 mode_value[5];
 };
 
+#ifdef CONFIG_ATH5K_AR5210
 /* Initial register settings for AR5210 */
 static const struct ath5k_ini ar5210_ini[] = {
/* PCU and MAC registers */
@@ -249,7 +250,9 @@ static const struct ath5k_ini ar5210_ini[] = {
{ AR5K_PHY(52), 0x0014 },
{ AR5K_PHY_ACT, AR5K_PHY_ACT_ENABLE },
 };
+#endif
 
+#ifdef CONFIG_ATH5K_AR5211
 /* Initial register settings for AR5211 */
 static const struct ath5k_ini ar5211_ini[] = {
{ AR5K_RXDP,0x },
@@ -448,7 +451,9 @@ static const struct ath5k_ini_mode ar5211_ini_mode[] = {
{ AR5K_RF_BUFFER_CONTROL_4,
{ 0x0010, 0x0014, 0x0010, 0x0010, 0x0010 } 
},
 };
+#endif
 
+#ifdef CONFIG_ATH5K_AR5212
 /* Initial register settings for AR5212 */
 static const struct ath5k_ini ar5212_ini[] = {
{ AR5K_RXDP,0x },
@@ -842,12 +847,14 @@ static const struct ath5k_ini_mode 
ar5212_rf5112_ini_mode[] = {
{ AR5K_PHY_GAIN_2GHZ,
{ 0x642c0140, 0x642c0140, 0x6442c160, 0x6442c160, 0x6442c160 } 
},
 };
+#endif
 
 /*
  * Initial BaseBand Gain settings for RF5111/5112 (only AR5210 comes with
  * RF5110 so initial BB Gain settings are included in AR5K_AR5210_INI)
  */
 
+#if defined(CONFIG_ATH5K_AR5211) || defined (CONFIG_ATH5K_AR5212)
 /* RF5111 Initial BaseBand Gain settings */
 static const struct ath5k_ini rf5111_ini_bbgain[] = {
{ AR5K_BB_GAIN(0), 0x },
@@ -915,7 +922,9 @@ static const struct ath5k_ini rf5111_ini_bbgain[] = {
{ AR5K_BB_GAIN(62), 0x0002 },
{ AR5K_BB_GAIN(63), 0x0016 },
 };
+#endif
 
+#ifdef CONFIG_ATH5K_AR5212
 /* RF 5112 Initial BaseBand Gain settings */
 static const struct ath5k_ini rf5112_ini_bbgain[] = {
{ AR5K_BB_GAIN(0), 0x },
@@ -983,7 +992,10 @@ static const struct ath5k_ini rf5112_ini_bbgain[] = {
{ AR5K_BB_GAIN(62), 0x0010 },
{ AR5K_BB_GAIN(63), 0x001a },
 };
+#endif
 
+#if defined(CONFIG_ATH5K_AR5210) || defined(CONFIG_ATH5K_AR5211) \
+   || defined(CONFIG_ATH5K_AR5212)
 /*
  * Write initial register dump
  */
@@ -1014,7 +1026,12 @@ static void ath5k_hw_ini_registers(struct ath_hw *hal, 
unsigned int size,
}
}
 }
+#endif
 
+#if defined(CONFIG_ATH5K_AR5211) || defined(CONFIG_ATH5K_AR5212)
+/*
+ * Write initial mode-specific register dump
+ */
 static void ath5k_hw_ini_mode_registers(struct ath_hw *hal,
unsigned int size, const struct ath5k_ini_mode

[PATCH 3/4] Net: ath5k, use short preamble for some rates

2007-08-25 Thread Jiri Slaby 
ath5k, use short preamble for some rates

2, 5.5 and 11 in b/g are now in short preamble mode

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]

---
commit 0a11d301ccb5caf1c9738a7307002a5295aecd58
tree f812c3fb91651437c7b434afbd4f8dc8435611f0
parent 0aebc8bb5574b6b0cc8f9f0d73672c1bee5cbfbb
author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:24:05 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:24:05 +0200

 drivers/net/wireless/ath5k.h |   12 ++--
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h
index c70cd30..ad5e196 100644
--- a/drivers/net/wireless/ath5k.h
+++ b/drivers/net/wireless/ath5k.h
@@ -613,9 +613,9 @@ struct ath5k_rate_table {
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \
3, 2, 1, 0, 255, 255, 255, 255 }, { \
{ 1, MODULATION_CCK, 1000, 27, 130, 0 },\
-   { 1, MODULATION_CCK, 2000, 26, 132, 1 },\
-   { 1, MODULATION_CCK, 5500, 25, 139, 1 },\
-   { 1, MODULATION_CCK, 11000, 24, 150, 1 } }  \
+   { 1, MODULATION_CCK_SP, 2000, 26, 132, 1 }, \
+   { 1, MODULATION_CCK_SP, 5500, 25, 139, 1 }, \
+   { 1, MODULATION_CCK_SP, 11000, 24, 150, 1 } }   \
 }
 
 #define AR5K_RATES_11G { 12, { \
@@ -623,9 +623,9 @@ struct ath5k_rate_table {
11, 9, 7, 5, 255, 255, 255, 255, 255, 255, 255, 255,\
3, 2, 1, 0, 255, 255, 255, 255 }, { \
{ 1, MODULATION_CCK, 1000, 27, 2, 0 },  \
-   { 1, MODULATION_CCK, 2000, 26, 4, 1 },  \
-   { 1, MODULATION_CCK, 5500, 25, 11, 1 }, \
-   { 1, MODULATION_CCK, 11000, 24, 22, 1 },\
+   { 1, MODULATION_CCK_SP, 2000, 26, 4, 1 },   \
+   { 1, MODULATION_CCK_SP, 5500, 25, 11, 1 },  \
+   { 1, MODULATION_CCK_SP, 11000, 24, 22, 1 }, \
{ 0, MODULATION_OFDM, 6000, 11, 12, 4 },\
{ 0, MODULATION_OFDM, 9000, 15, 18, 4 },\
{ 1, MODULATION_OFDM, 12000, 10, 24, 6 },   \
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 4/4] Net: ath5k, remove some ieee80211 re-defines

2007-08-25 Thread Jiri Slaby 
ath5k, remove some ieee80211 re-defines

use mac80211 defines directly instead. this means MODULATION_* to
IEEE80211_RATE_* switch.

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]

---
commit c858c1b27bfb4c58c9ebfa24de0d6442e364db97
tree 1add137b1e95ca1b4905441b5e30c779f8801c36
parent 0a11d301ccb5caf1c9738a7307002a5295aecd58
author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:25:32 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:25:32 +0200

 drivers/net/wireless/ath5k.h  |   92 ++---
 drivers/net/wireless/ath5k_base.c |2 -
 drivers/net/wireless/ath5k_hw.c   |9 ++--
 3 files changed, 50 insertions(+), 53 deletions(-)

diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h
index ad5e196..78d7cb2 100644
--- a/drivers/net/wireless/ath5k.h
+++ b/drivers/net/wireless/ath5k.h
@@ -82,7 +82,7 @@
 #define AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF  0
 #define AR5K_TUNE_RADAR_ALERT  false
 #define AR5K_TUNE_MIN_TX_FIFO_THRES1
-#define AR5K_TUNE_MAX_TX_FIFO_THRES((MAX_PDU_LENGTH / 64) + 1)
+#define AR5K_TUNE_MAX_TX_FIFO_THRES((IEEE80211_MAX_LEN / 64) + 1)
 #define AR5K_TUNE_RSSI_THRES   1792
 #define AR5K_TUNE_REGISTER_TIMEOUT 2
 #define AR5K_TUNE_REGISTER_DWELL_TIME  2
@@ -187,18 +187,14 @@ struct ath5k_srev_name {
 
 #define IEEE80211_MAX_LEN   2500
 
-#define MAX_PDU_LENGTH IEEE80211_MAX_LEN
-#define MODULATION_CCK IEEE80211_RATE_CCK
-#define MODULATION_OFDMIEEE80211_RATE_OFDM
-#define MODULATION_TURBO   IEEE80211_RATE_TURBO
+/* TODO Merge this to mac80211 */
 #define MODULATION_XR  0x0200 /*XR thingie*/
-#define MODULATION_CCK_SP  IEEE80211_RATE_CCK_2 /*CCK + Shortpreamble*/
 
 #define AR5K_SET_SHORT_PREAMBLE 0x04 /* adding this flag to rate_code
enables short preamble, see
ar5212_reg.h */
-#define HAS_SHPREAMBLE(_ix) (rt-rates[_ix].modulation == MODULATION_CCK_SP)
-#define SHPREAMBLE_FLAG(_ix) HAS_SHPREAMBLE(_ix)?AR5K_SET_SHORT_PREAMBLE:0
+#define HAS_SHPREAMBLE(_ix) (rt-rates[_ix].modulation == IEEE80211_RATE_CCK_2)
+#define SHPREAMBLE_FLAG(_ix) (HAS_SHPREAMBLE(_ix) ? AR5K_SET_SHORT_PREAMBLE : 
0)
 
 /\
   TX DEFINITIONS
@@ -598,56 +594,56 @@ struct ath5k_rate_table {
255, 255, 255, 255, 255, 255, 255, 255, 6, 4, 2, 0, \
7, 5, 3, 1, 255, 255, 255, 255, 255, 255, 255, 255, \
255, 255, 255, 255, 255, 255, 255, 255 }, { \
-   { 1, MODULATION_OFDM, 6000, 11, 140, 0 },   \
-   { 1, MODULATION_OFDM, 9000, 15, 18, 0 },\
-   { 1, MODULATION_OFDM, 12000, 10, 152, 2 },  \
-   { 1, MODULATION_OFDM, 18000, 14, 36, 2 },   \
-   { 1, MODULATION_OFDM, 24000, 9, 176, 4 },   \
-   { 1, MODULATION_OFDM, 36000, 13, 72, 4 },   \
-   { 1, MODULATION_OFDM, 48000, 8, 96, 4 },\
-   { 1, MODULATION_OFDM, 54000, 12, 108, 4 } } \
+   { 1, IEEE80211_RATE_OFDM, 6000, 11, 140, 0 },   \
+   { 1, IEEE80211_RATE_OFDM, 9000, 15, 18, 0 },\
+   { 1, IEEE80211_RATE_OFDM, 12000, 10, 152, 2 },  \
+   { 1, IEEE80211_RATE_OFDM, 18000, 14, 36, 2 },   \
+   { 1, IEEE80211_RATE_OFDM, 24000, 9, 176, 4 },   \
+   { 1, IEEE80211_RATE_OFDM, 36000, 13, 72, 4 },   \
+   { 1, IEEE80211_RATE_OFDM, 48000, 8, 96, 4 },\
+   { 1, IEEE80211_RATE_OFDM, 54000, 12, 108, 4 } } \
 }
 
 #define AR5K_RATES_11B { 4, {  \
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \
255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \
3, 2, 1, 0, 255, 255, 255, 255 }, { \
-   { 1, MODULATION_CCK, 1000, 27, 130, 0 },\
-   { 1, MODULATION_CCK_SP, 2000, 26, 132, 1 }, \
-   { 1, MODULATION_CCK_SP, 5500, 25, 139, 1 }, \
-   { 1, MODULATION_CCK_SP, 11000, 24, 150, 1 } }   \
+   { 1, IEEE80211_RATE_CCK, 1000, 27, 130, 0 },\
+   { 1, IEEE80211_RATE_CCK_2, 2000, 26, 132, 1 },  \
+   { 1, IEEE80211_RATE_CCK_2, 5500, 25, 139, 1 },  \
+   { 1, IEEE80211_RATE_CCK_2, 11000, 24, 150, 1 } }\
 }
 
 #define AR5K_RATES_11G { 12, { \
255, 255, 255, 255, 255, 255, 255, 255, 10, 8, 6, 4,\
11, 9, 7, 5, 255, 255, 255, 255, 255, 255, 255, 255,\
3, 2, 1, 0, 255, 255, 255, 255 }, { \
-   { 1, MODULATION_CCK, 1000, 27, 2, 0 },  \
-   { 1, MODULATION_CCK_SP, 2000, 26, 4, 1 },   \
-   { 1, MODULATION_CCK_SP, 5500, 25, 11, 1 },  \
-   { 1, MODULATION_CCK_SP, 11000, 24, 22, 1

[PATCH 1/1] MAINTAINERS, order NETERION alphabetically

2007-08-25 Thread Jiri Slaby 
MAINTAINERS, order NETERION alphabetically

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit f5f10b061961546a77300f3ebe92abd9cb5b9b48
tree 90ad6e22504aeaadb17309d01996eb6cd7eb5a93
parent c858c1b27bfb4c58c9ebfa24de0d6442e364db97
author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:39:05 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:39:05 +0200

 MAINTAINERS |   26 +-
 1 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 16a8abd..c986d11 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2654,6 +2654,19 @@ M:   [EMAIL PROTECTED]
 L: [EMAIL PROTECTED]
 S: Maintained
 
+NETERION (S2IO) Xframe 10GbE DRIVER
+P: Ramkrishna Vepa
+M: [EMAIL PROTECTED]
+P: Rastapur Santosh
+M: [EMAIL PROTECTED]
+P: Sivakumar Subramani
+M: [EMAIL PROTECTED]
+P: Sreenivasa Honnur
+M: [EMAIL PROTECTED]
+L: netdev@vger.kernel.org
+W: http://trac.neterion.com/cgi-bin/trac.cgi/wiki/TitleIndex?anonymous
+S: Supported
+
 NETFILTER/IPTABLES/IPCHAINS
 P: Rusty Russell
 P: Marc Boucher
@@ -2788,19 +2801,6 @@ M:   [EMAIL PROTECTED]
 L: [EMAIL PROTECTED] (subscribers-only)
 S: Maintained
 
-NETERION (S2IO) Xframe 10GbE DRIVER
-P: Ramkrishna Vepa
-M: [EMAIL PROTECTED]
-P: Rastapur Santosh
-M: [EMAIL PROTECTED]
-P: Sivakumar Subramani
-M: [EMAIL PROTECTED]
-P: Sreenivasa Honnur
-M: [EMAIL PROTECTED]
-L: netdev@vger.kernel.org
-W: http://trac.neterion.com/cgi-bin/trac.cgi/wiki/TitleIndex?anonymous
-S: Supported
-
 OPENCORES I2C BUS DRIVER
 P: Peter Korsgaard
 M: [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH -mm] ath5k: remove sysctl(2) support

2007-08-23 Thread Jiri Slaby 
Alexey Dobriyan napsal(a):
 sysctl(2) is supported but frozen.

I've posted similar patch yesterday:
http://marc.info/?l=linux-mm-commitsm=118782442602108w=2

 Signed-off-by: Alexey Dobriyan [EMAIL PROTECTED]
 ---
 
  drivers/net/wireless/ath5k_base.c |   21 ++---
  1 file changed, 6 insertions(+), 15 deletions(-)
 
 --- a/drivers/net/wireless/ath5k_base.c
 +++ b/drivers/net/wireless/ath5k_base.c
 @@ -2438,21 +2438,12 @@ static struct pci_driver ath_pci_drv_id = {
   .resume = ath_pci_resume,
  };
  
 -/*
 - * Static (i.e. global) sysctls.  Note that the hal sysctls
 - * are located under ours by sharing the setting for DEV_ATH.
 - */
 -enum {
 - DEV_ATH = 9,/* XXX known by hal */
 -};
 -
  static int mincalibrate = 1;
  static int maxcalibrate = INT_MAX / 1000;
 -#define  CTL_AUTO-2  /* cannot be CTL_ANY or CTL_NONE */
  
  static ctl_table ath_static_sysctls[] = {
  #if AR_DEBUG
 - { .ctl_name = CTL_AUTO,
 + {
 .procname = debug,
 .mode = 0644,
 .data = ath_debug,
 @@ -2460,28 +2451,28 @@ static ctl_table ath_static_sysctls[] = {
 .proc_handler = proc_dointvec
   },
  #endif
 - { .ctl_name = CTL_AUTO,
 + {
 .procname = countrycode,
 .mode = 0444,
 .data = countrycode,
 .maxlen   = sizeof(countrycode),
 .proc_handler = proc_dointvec
   },
 - { .ctl_name = CTL_AUTO,
 + {
 .procname = outdoor,
 .mode = 0444,
 .data = outdoor,
 .maxlen   = sizeof(outdoor),
 .proc_handler = proc_dointvec
   },
 - { .ctl_name = CTL_AUTO,
 + {
 .procname = xchanmode,
 .mode = 0444,
 .data = xchanmode,
 .maxlen   = sizeof(xchanmode),
 .proc_handler = proc_dointvec
   },
 - { .ctl_name = CTL_AUTO,
 + {
 .procname = calibrate,
 .mode = 0644,
 .data = ath_calinterval,
 @@ -2493,7 +2484,7 @@ static ctl_table ath_static_sysctls[] = {
   { 0 }
  };
  static ctl_table ath_ath_table[] = {
 - { .ctl_name = DEV_ATH,
 + {
 .procname = ath,
 .mode = 0555,
 .child= ath_static_sysctls

Anyway thanks!

-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 2/2] Net: ath5k, remove sysctls

2007-08-22 Thread Jiri Slaby 
ath5k, remove sysctls

Syscalls were buggy and defunct in later kernels (due to sysctl check).

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 069bfbe93facb3468f579568434d18f1268a487c
tree 87c19ebf2c91d9fb07f1847adcb6098f2235eaaa
parent b01c0e9a02b248c3e2f2923da9728ba2c3961dee
author Jiri Slaby [EMAIL PROTECTED] Wed, 22 Aug 2007 22:48:41 +0200
committer Jiri Slaby [EMAIL PROTECTED] Wed, 22 Aug 2007 22:48:41 +0200

 drivers/net/wireless/ath5k_base.c |   23 ---
 1 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/drivers/net/wireless/ath5k_base.c 
b/drivers/net/wireless/ath5k_base.c
index 2ce82ed..7f938c4 100644
--- a/drivers/net/wireless/ath5k_base.c
+++ b/drivers/net/wireless/ath5k_base.c
@@ -2440,21 +2440,13 @@ static struct pci_driver ath_pci_drv_id = {
.resume = ath_pci_resume,
 };
 
-/*
- * Static (i.e. global) sysctls.  Note that the hal sysctls
- * are located under ours by sharing the setting for DEV_ATH.
- */
-enum {
-   DEV_ATH = 9,/* XXX known by hal */
-};
-
 static int mincalibrate = 1;
 static int maxcalibrate = INT_MAX / 1000;
 #defineCTL_AUTO-2  /* cannot be CTL_ANY or CTL_NONE */
 
 static ctl_table ath_static_sysctls[] = {
 #if AR_DEBUG
-   { .ctl_name = CTL_AUTO,
+   {
  .procname = debug,
  .mode = 0644,
  .data = ath_debug,
@@ -2462,28 +2454,28 @@ static ctl_table ath_static_sysctls[] = {
  .proc_handler = proc_dointvec
},
 #endif
-   { .ctl_name = CTL_AUTO,
+   {
  .procname = countrycode,
  .mode = 0444,
  .data = countrycode,
  .maxlen   = sizeof(countrycode),
  .proc_handler = proc_dointvec
},
-   { .ctl_name = CTL_AUTO,
+   {
  .procname = outdoor,
  .mode = 0444,
  .data = outdoor,
  .maxlen   = sizeof(outdoor),
  .proc_handler = proc_dointvec
},
-   { .ctl_name = CTL_AUTO,
+   {
  .procname = xchanmode,
  .mode = 0444,
  .data = xchanmode,
  .maxlen   = sizeof(xchanmode),
  .proc_handler = proc_dointvec
},
-   { .ctl_name = CTL_AUTO,
+   {
  .procname = calibrate,
  .mode = 0644,
  .data = ath_calinterval,
@@ -2495,14 +2487,15 @@ static ctl_table ath_static_sysctls[] = {
{ 0 }
 };
 static ctl_table ath_ath_table[] = {
-   { .ctl_name = DEV_ATH,
+   {
  .procname = ath,
  .mode = 0555,
  .child= ath_static_sysctls
}, { 0 }
 };
 static ctl_table ath_root_table[] = {
-   { .ctl_name = CTL_DEV,
+   {
+ .ctl_name = CTL_DEV,
  .procname = dev,
  .mode = 0555,
  .child= ath_ath_table
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/4 #2] Net: mac80211, remove bitfields from struct ieee80211_tx_packet_data

2007-08-18 Thread Jiri Slaby 
mac80211, remove bitfields from struct ieee80211_tx_packet_data

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit b7844000ba006531bd2133e8097fa27724efe3c2
tree ba74c93d4c8f1ef7d7c4a3f45af9a24cf3a6d329
parent a050b807aede7f9c6bee0bef1c07cd9c5fc4
author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:23:58 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:23:58 +0200

 net/mac80211/ieee80211.c |   15 +++
 net/mac80211/ieee80211_i.h   |   12 +++-
 net/mac80211/ieee80211_sta.c |6 --
 net/mac80211/rx.c|4 ++--
 net/mac80211/tx.c|   23 ---
 net/mac80211/wme.c   |4 ++--
 6 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index 9ff86ee..0952237 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -933,10 +933,17 @@ static void ieee80211_remove_tx_extra(struct 
ieee80211_local *local,
 
pkt_data = (struct ieee80211_tx_packet_data *)skb-cb;
pkt_data-ifindex = control-ifindex;
-   pkt_data-mgmt_iface = (control-type == IEEE80211_IF_TYPE_MGMT);
-   pkt_data-req_tx_status = !!(control-flags  
IEEE80211_TXCTL_REQ_TX_STATUS);
-   pkt_data-do_not_encrypt = !!(control-flags  
IEEE80211_TXCTL_DO_NOT_ENCRYPT);
-   pkt_data-requeue = !!(control-flags  IEEE80211_TXCTL_REQUEUE);
+   pkt_data-flags = ~(IEEE80211_TXPD_REQ_TX_STATUS |
+   IEEE80211_TXPD_DO_NOT_ENCRYPT | IEEE80211_TXPD_REQUEUE |
+   IEEE80211_TXPD_MGMT_IFACE);
+   if (control-flags  IEEE80211_TXCTL_REQ_TX_STATUS)
+   pkt_data-flags |= IEEE80211_TXPD_REQ_TX_STATUS;
+   if (control-flags  IEEE80211_TXCTL_DO_NOT_ENCRYPT)
+   pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
+   if (control-flags  IEEE80211_TXCTL_REQUEUE)
+   pkt_data-flags |= IEEE80211_TXPD_REQUEUE;
+   if (control-type == IEEE80211_IF_TYPE_MGMT)
+   pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE;
pkt_data-queue = control-queue;
 
hdrlen = ieee80211_get_hdrlen_from_skb(skb);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 4599d55..8163a5a 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -166,15 +166,17 @@ struct ieee80211_txrx_data {
 #endif /* CONFIG_HOSTAPD_WPA_TESTING */
 };
 
+/* flags used in struct ieee80211_tx_packet_data.flags */
+#define IEEE80211_TXPD_REQ_TX_STATUS   BIT(0)
+#define IEEE80211_TXPD_DO_NOT_ENCRYPT  BIT(1)
+#define IEEE80211_TXPD_REQUEUE BIT(2)
+#define IEEE80211_TXPD_MGMT_IFACE  BIT(3)
 /* Stored in sk_buff-cb */
 struct ieee80211_tx_packet_data {
int ifindex;
unsigned long jiffies;
-   unsigned int req_tx_status:1;
-   unsigned int do_not_encrypt:1;
-   unsigned int requeue:1;
-   unsigned int mgmt_iface:1;
-   unsigned int queue:4;
+   unsigned int flags;
+   u8 queue;
 };
 
 struct ieee80211_tx_stored_packet {
diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index b996332..75521ae 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -506,8 +506,10 @@ static void ieee80211_sta_tx(struct net_device *dev, 
struct sk_buff *skb,
pkt_data = (struct ieee80211_tx_packet_data *) skb-cb;
memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
pkt_data-ifindex = sdata-dev-ifindex;
-   pkt_data-mgmt_iface = (sdata-type == IEEE80211_IF_TYPE_MGMT);
-   pkt_data-do_not_encrypt = !encrypt;
+   if (sdata-type == IEEE80211_IF_TYPE_MGMT)
+   pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE;
+   if (!encrypt)
+   pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
 
dev_queue_xmit(skb);
 }
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0a10720..948eb2f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -415,7 +415,7 @@ static int ap_sta_ps_end(struct net_device *dev, struct 
sta_info *sta)
while ((skb = skb_dequeue(sta-tx_filtered)) != NULL) {
pkt_data = (struct ieee80211_tx_packet_data *) skb-cb;
sent++;
-   pkt_data-requeue = 1;
+   pkt_data-flags |= IEEE80211_TXPD_REQUEUE;
dev_queue_xmit(skb);
}
while ((skb = skb_dequeue(sta-ps_tx_buf)) != NULL) {
@@ -427,7 +427,7 @@ static int ap_sta_ps_end(struct net_device *dev, struct 
sta_info *sta)
   since STA not sleeping anymore\n, dev-name,
   MAC_ARG(sta-addr), sta-aid);
 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
-   pkt_data-requeue = 1;
+   pkt_data-flags |= IEEE80211_TXPD_REQUEUE;
dev_queue_xmit(skb);
}
 
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index b57a592..3d05f8f 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1248,11 +1248,11 @@ int

[PATCH 2/4 #2] Net: mac80211, remove bitfields from struct ieee80211_txrx_data

2007-08-18 Thread Jiri Slaby 
mac80211, remove bitfields from struct ieee80211_txrx_data

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit bb1e8d28c269abe10378d39c2050ad2653c4f1a9
tree a44c0c27ffaeb917f9e4753019d4cbc17e4c341a
parent b7844000ba006531bd2133e8097fa27724efe3c2
author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:25:56 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:25:56 +0200

 net/mac80211/ieee80211_i.h |   22 ---
 net/mac80211/rx.c  |   64 +---
 net/mac80211/tx.c  |   61 +-
 net/mac80211/wpa.c |   14 +-
 4 files changed, 91 insertions(+), 70 deletions(-)

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 8163a5a..0c4b73c 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -119,6 +119,16 @@ typedef enum {
TXRX_CONTINUE, TXRX_DROP, TXRX_QUEUED
 } ieee80211_txrx_result;
 
+/* flags used in struct ieee80211_txrx_data.flags */
+/* whether the MSDU was fragmented */
+#define IEEE80211_TXRXD_FRAGMENTED BIT(0)
+#define IEEE80211_TXRXD_TXUNICAST  BIT(1)
+#define IEEE80211_TXRXD_TXPS_BUFFERED  BIT(2)
+#define IEEE80211_TXRXD_TXPROBE_LAST_FRAG  BIT(3)
+#define IEEE80211_TXRXD_RXIN_SCAN  BIT(4)
+/* frame is destined to interface currently processed (incl. multicast frames) 
*/
+#define IEEE80211_TXRXD_RXRA_MATCH BIT(5)
+#define IEEE80211_TXRXD_RXIS_AGG_FRAME BIT(6)
 struct ieee80211_txrx_data {
struct sk_buff *skb;
struct net_device *dev;
@@ -127,13 +137,10 @@ struct ieee80211_txrx_data {
struct sta_info *sta;
u16 fc, ethertype;
struct ieee80211_key *key;
-   unsigned int fragmented:1; /* whether the MSDU was fragmented */
+   unsigned int flags;
union {
struct {
struct ieee80211_tx_control *control;
-   unsigned int unicast:1;
-   unsigned int ps_buffered:1;
-   unsigned int probe_last_frag:1;
struct ieee80211_hw_mode *mode;
struct ieee80211_rate *rate;
/* use this rate (if set) for last fragment; rate can
@@ -154,11 +161,6 @@ struct ieee80211_txrx_data {
int queue;
int load;
u16 qos_control;
-   unsigned int in_scan:1;
-   /* frame is destined to interface currently processed
-* (including multicast frames) */
-   unsigned int ra_match:1;
-   unsigned int is_agg_frame:1;
} rx;
} u;
 #ifdef CONFIG_HOSTAPD_WPA_TESTING
@@ -187,7 +189,7 @@ struct ieee80211_tx_stored_packet {
int last_frag_rateidx;
int last_frag_hwrate;
struct ieee80211_rate *last_frag_rate;
-   unsigned int last_frag_rate_ctrl_probe:1;
+   unsigned int last_frag_rate_ctrl_probe;
 };
 
 struct sta_ts_data {
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 948eb2f..8dd7488 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -65,7 +65,10 @@ ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx)
I802_DEBUG_INC(rx-sta-wme_rx_queue[tid]);
 
rx-u.rx.queue = tid;
-   rx-u.rx.is_agg_frame = is_agg_frame;
+   if (is_agg_frame)
+   rx-flags |= IEEE80211_TXRXD_RXIS_AGG_FRAME;
+   else
+   rx-flags = ~IEEE80211_TXRXD_RXIS_AGG_FRAME;
/* Set skb-priority to 1d tag if highest order bit of TID is not set.
 * For now, set skb-priority to 0 for other cases. */
rx-skb-priority = (tid  7) ? 0 : tid;
@@ -229,7 +232,7 @@ ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx)
return TXRX_QUEUED;
}
 
-   if (unlikely(rx-u.rx.in_scan)) {
+   if (unlikely(rx-flags  IEEE80211_TXRXD_RXIN_SCAN)) {
/* scanning finished during invoking of handlers */
I802_DEBUG_INC(local-rx_handlers_drop_passive_scan);
return TXRX_DROP;
@@ -249,7 +252,7 @@ ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
if (unlikely(rx-fc  IEEE80211_FCTL_RETRY 
 rx-sta-last_seq_ctrl[rx-u.rx.queue] ==
 hdr-seq_ctrl)) {
-   if (rx-u.rx.ra_match) {
+   if (rx-flags  IEEE80211_TXRXD_RXRA_MATCH) {
rx-local-dot11FrameDuplicateCount++;
rx-sta-num_duplicates++;
}
@@ -267,7 +270,7 @@ ieee80211_rx_h_check(struct ieee80211_txrx_data *rx)
return TXRX_DROP;
}
 
-   if (!rx-u.rx.ra_match)
+   if (!(rx-flags  IEEE80211_TXRXD_RXRA_MATCH))
rx-skb-pkt_type = PACKET_OTHERHOST;
else

[PATCH 3/4 #2] Net: mac80211, remove bitfields from struct ieee80211_if_sta

2007-08-18 Thread Jiri Slaby 
mac80211, remove bitfields from struct ieee80211_if_sta

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 5d3b17704c1cb1d8c8ff45f72282918f89e1d5c0
tree 41c8b637c79728517d647edc8f0e41f544ccefbc
parent bb1e8d28c269abe10378d39c2050ad2653c4f1a9
author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:39:52 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:39:52 +0200

 net/mac80211/debugfs_netdev.c  |   14 +++--
 net/mac80211/ieee80211.c   |2 -
 net/mac80211/ieee80211_i.h |   28 ++-
 net/mac80211/ieee80211_iface.c |9 ++-
 net/mac80211/ieee80211_ioctl.c |   57 +++---
 net/mac80211/ieee80211_sta.c   |  104 ++--
 6 files changed, 123 insertions(+), 91 deletions(-)

diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 806c5bd..fa3b153 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -373,13 +373,13 @@ static ssize_t ieee80211_if_fmt_flags(
const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
 {
return scnprintf(buf, buflen, %s%s%s%s%s%s%s\n,
-sdata-u.sta.ssid_set ? SSID\n : ,
-sdata-u.sta.bssid_set ? BSSID\n : ,
-sdata-u.sta.prev_bssid_set ? prev BSSID\n : ,
-sdata-u.sta.authenticated ? AUTH\n : ,
-sdata-u.sta.associated ? ASSOC\n : ,
-sdata-u.sta.probereq_poll ? PROBEREQ POLL\n : ,
-sdata-use_protection ? CTS prot\n : );
+sdata-u.sta.flags  IEEE80211_STA_SSID_SET ? SSID\n : ,
+sdata-u.sta.flags  IEEE80211_STA_BSSID_SET ? BSSID\n : ,
+sdata-u.sta.flags  IEEE80211_STA_PREV_BSSID_SET ? prev 
BSSID\n : ,
+sdata-u.sta.flags  IEEE80211_STA_AUTHENTICATED ? AUTH\n : 
,
+sdata-u.sta.flags  IEEE80211_STA_ASSOCIATED ? ASSOC\n : ,
+sdata-u.sta.flags  IEEE80211_STA_PROBEREQ_POLL ? PROBEREQ 
POLL\n : ,
+sdata-use_protection ? CTS prot\n : );
 }
 __IEEE80211_IF_FILE(flags);
 
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index 0952237..8a6e66f 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -382,7 +382,7 @@ static void ieee80211_if_open(struct net_device *dev)
switch (sdata-type) {
case IEEE80211_IF_TYPE_STA:
case IEEE80211_IF_TYPE_IBSS:
-   sdata-u.sta.prev_bssid_set = 0;
+   sdata-u.sta.flags = ~IEEE80211_STA_PREV_BSSID_SET;
break;
}
 }
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 0c4b73c..de429d1 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -241,6 +241,20 @@ struct ieee80211_if_vlan {
u8 id;
 };
 
+/* flags used in struct ieee80211_if_sta.flags */
+#define IEEE80211_STA_SSID_SET BIT(0)
+#define IEEE80211_STA_BSSID_SETBIT(1)
+#define IEEE80211_STA_PREV_BSSID_SET   BIT(2)
+#define IEEE80211_STA_AUTHENTICATEDBIT(3)
+#define IEEE80211_STA_ASSOCIATED   BIT(4)
+#define IEEE80211_STA_PROBEREQ_POLLBIT(5)
+#define IEEE80211_STA_CREATE_IBSS  BIT(6)
+#define IEEE80211_STA_MIXED_CELL   BIT(7)
+#define IEEE80211_STA_WMM_ENABLED  BIT(8)
+#define IEEE80211_STA_HT_ENABLED   BIT(9)
+#define IEEE80211_STA_AUTO_SSID_SELBIT(10)
+#define IEEE80211_STA_AUTO_BSSID_SEL   BIT(11)
+#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
 struct ieee80211_if_sta {
enum {
IEEE80211_DISABLED, IEEE80211_AUTHENTICATE,
@@ -264,19 +278,7 @@ struct ieee80211_if_sta {
 
int auth_tries, assoc_tries;
 
-   unsigned int ssid_set:1;
-   unsigned int bssid_set:1;
-   unsigned int prev_bssid_set:1;
-   unsigned int authenticated:1;
-   unsigned int associated:1;
-   unsigned int probereq_poll:1;
-   unsigned int create_ibss:1;
-   unsigned int mixed_cell:1;
-   unsigned int wmm_enabled:1;
-   unsigned int ht_enabled:1;
-   unsigned int auto_ssid_sel:1;
-   unsigned int auto_bssid_sel:1;
-   unsigned int auto_channel_sel:1;
+   unsigned int flags;
 #define IEEE80211_STA_REQ_SCAN 0
 #define IEEE80211_STA_REQ_AUTH 1
 #define IEEE80211_STA_REQ_RUN  2
diff --git a/net/mac80211/ieee80211_iface.c b/net/mac80211/ieee80211_iface.c
index edd1535..c5e0288 100644
--- a/net/mac80211/ieee80211_iface.c
+++ b/net/mac80211/ieee80211_iface.c
@@ -191,11 +191,10 @@ void ieee80211_if_set_type(struct net_device *dev, int 
type)
ifsta-capab = WLAN_CAPABILITY_ESS;
ifsta-auth_algs = IEEE80211_AUTH_ALG_OPEN |
IEEE80211_AUTH_ALG_SHARED_KEY;
-   ifsta-create_ibss = 1;
-   ifsta-wmm_enabled = 1;
-   ifsta-ht_enabled = 1;
-   ifsta-auto_channel_sel = 1;
-   ifsta-auto_bssid_sel = 1;
+   ifsta

[PATCH 4/4 #2] Net: mac80211, remove bitfields from struct ieee80211_sub_if_data

2007-08-18 Thread Jiri Slaby 
mac80211, remove bitfields from struct ieee80211_sub_if_data

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 44b3d1f3d0bd6a9a02d2a1383a4d9c91ce897c68
tree f5566b0211375a426080487d32eeab228b264b0e
parent 5d3b17704c1cb1d8c8ff45f72282918f89e1d5c0
author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:46:51 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:46:51 +0200

 net/mac80211/debugfs_netdev.c  |2 +-
 net/mac80211/ieee80211.c   |   30 ++
 net/mac80211/ieee80211_i.h |   18 ++
 net/mac80211/ieee80211_ioctl.c |   20 ++--
 net/mac80211/ieee80211_sta.c   |   19 +--
 net/mac80211/rx.c  |4 ++--
 net/mac80211/tx.c  |   18 ++
 net/mac80211/util.c|6 +++---
 8 files changed, 67 insertions(+), 50 deletions(-)

diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index fa3b153..588f71b 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -379,7 +379,7 @@ static ssize_t ieee80211_if_fmt_flags(
 sdata-u.sta.flags  IEEE80211_STA_AUTHENTICATED ? AUTH\n : 
,
 sdata-u.sta.flags  IEEE80211_STA_ASSOCIATED ? ASSOC\n : ,
 sdata-u.sta.flags  IEEE80211_STA_PROBEREQ_POLL ? PROBEREQ 
POLL\n : ,
-sdata-use_protection ? CTS prot\n : );
+sdata-flags  IEEE80211_SDATA_USE_PROTECTION ? CTS prot\n : 
);
 }
 __IEEE80211_IF_FILE(flags);
 
diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c
index 8a6e66f..136410c 100644
--- a/net/mac80211/ieee80211.c
+++ b/net/mac80211/ieee80211.c
@@ -575,23 +575,21 @@ static void ieee80211_set_multicast_list(struct 
net_device *dev)
unsigned short flags;
 
netif_tx_lock_nested(local-mdev, TX_LOCK_MASTER);
-   if (((dev-flags  IFF_ALLMULTI) != 0) ^ (sdata-allmulti != 0)) {
-   if (sdata-allmulti) {
-   sdata-allmulti = 0;
+   if (((dev-flags  IFF_ALLMULTI) != 0) ^
+   ((sdata-flags  IEEE80211_SDATA_ALLMULTI) != 0)) {
+   if (sdata-flags  IEEE80211_SDATA_ALLMULTI)
local-iff_allmultis--;
-   } else {
-   sdata-allmulti = 1;
+   else
local-iff_allmultis++;
-   }
+   sdata-flags ^= IEEE80211_SDATA_ALLMULTI;
}
-   if (((dev-flags  IFF_PROMISC) != 0) ^ (sdata-promisc != 0)) {
-   if (sdata-promisc) {
-   sdata-promisc = 0;
+   if (((dev-flags  IFF_PROMISC) != 0) ^
+   ((sdata-flags  IEEE80211_SDATA_PROMISC) != 0)) {
+   if (sdata-flags  IEEE80211_SDATA_PROMISC)
local-iff_promiscs--;
-   } else {
-   sdata-promisc = 1;
+   else
local-iff_promiscs++;
-   }
+   sdata-flags ^= IEEE80211_SDATA_PROMISC;
}
if (dev-mc_count != sdata-mc_count) {
local-mc_count = local-mc_count - sdata-mc_count +
@@ -761,16 +759,16 @@ void ieee80211_erp_info_change_notify(struct net_device 
*dev, u8 changes)
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
if (local-ops-erp_ie_changed)
local-ops-erp_ie_changed(local_to_hw(local), changes,
-  sdata-use_protection,
-  !sdata-short_preamble);
+   !!(sdata-flags  IEEE80211_SDATA_USE_PROTECTION),
+   !(sdata-flags  IEEE80211_SDATA_SHORT_PREAMBLE));
 }
 
 void ieee80211_reset_erp_info(struct net_device *dev)
 {
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 
-   sdata-short_preamble = 0;
-   sdata-use_protection = 0;
+   sdata-flags = ~(IEEE80211_SDATA_USE_PROTECTION |
+   IEEE80211_SDATA_SHORT_PREAMBLE);
ieee80211_erp_info_change_notify(dev,
 IEEE80211_ERP_CHANGE_PROTECTION |
 IEEE80211_ERP_CHANGE_PREAMBLE);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index de429d1..81179c0 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -314,6 +314,14 @@ struct ieee80211_if_sta {
 };
 
 
+/* flags used in struct ieee80211_sub_if_data.flags */
+#define IEEE80211_SDATA_ALLMULTI   BIT(0)
+#define IEEE80211_SDATA_PROMISCBIT(1)
+#define IEEE80211_SDATA_USE_PROTECTION BIT(2) /* CTS protect ERP frames */
+/* use short preamble with IEEE 802.11b: this flag is set when the AP or beacon
+ * generator reports that there are no present stations that cannot support 
short
+ * preambles */
+#define IEEE80211_SDATA_SHORT_PREAMBLE BIT(3)
 struct ieee80211_sub_if_data {
struct list_head list;
unsigned int type

[PATCH 4/9] s2io, rename BIT macro

2007-08-18 Thread Jiri Slaby 
s2io, rename BIT macro

BIT macro will be global definiton of (1x)

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 0d66c4337fec02f0b9bd1c1fd783b60fbab5438b
tree c2027e1c366255dbec6ae061aed2c5cf809232b0
parent 6aec5d2e526e319488e6cdd627ca370086d458df
author Jiri Slaby [EMAIL PROTECTED] Wed, 15 Aug 2007 14:32:44 +0200
committer Jiri Slaby [EMAIL PROTECTED] Wed, 15 Aug 2007 14:32:44 +0200

 drivers/net/s2io-regs.h |  484 ---
 drivers/net/s2io.c  |   16 +-
 drivers/net/s2io.h  |   84 
 3 files changed, 292 insertions(+), 292 deletions(-)

diff --git a/drivers/net/s2io-regs.h b/drivers/net/s2io-regs.h
index cfa2679..0bebfd3 100644
--- a/drivers/net/s2io-regs.h
+++ b/drivers/net/s2io-regs.h
@@ -20,17 +20,17 @@ struct XENA_dev_config {
 
 /* General Control-Status Registers */
u64 general_int_status;
-#define GEN_INTR_TXPIC BIT(0)
-#define GEN_INTR_TXDMA BIT(1)
-#define GEN_INTR_TXMAC BIT(2)
-#define GEN_INTR_TXXGXSBIT(3)
-#define GEN_INTR_TXTRAFFIC BIT(8)
-#define GEN_INTR_RXPIC BIT(32)
-#define GEN_INTR_RXDMA BIT(33)
-#define GEN_INTR_RXMAC BIT(34)
-#define GEN_INTR_MCBIT(35)
-#define GEN_INTR_RXXGXSBIT(36)
-#define GEN_INTR_RXTRAFFIC BIT(40)
+#define GEN_INTR_TXPIC s2BIT(0)
+#define GEN_INTR_TXDMA s2BIT(1)
+#define GEN_INTR_TXMAC s2BIT(2)
+#define GEN_INTR_TXXGXSs2BIT(3)
+#define GEN_INTR_TXTRAFFIC s2BIT(8)
+#define GEN_INTR_RXPIC s2BIT(32)
+#define GEN_INTR_RXDMA s2BIT(33)
+#define GEN_INTR_RXMAC s2BIT(34)
+#define GEN_INTR_MCs2BIT(35)
+#define GEN_INTR_RXXGXSs2BIT(36)
+#define GEN_INTR_RXTRAFFIC s2BIT(40)
 #define GEN_ERROR_INTR GEN_INTR_TXPIC | GEN_INTR_RXPIC | \
GEN_INTR_TXDMA | GEN_INTR_RXDMA | \
GEN_INTR_TXMAC | GEN_INTR_RXMAC | \
@@ -54,36 +54,36 @@ struct XENA_dev_config {
 
 
u64 adapter_status;
-#define ADAPTER_STATUS_TDMA_READY  BIT(0)
-#define ADAPTER_STATUS_RDMA_READY  BIT(1)
-#define ADAPTER_STATUS_PFC_READY   BIT(2)
-#define ADAPTER_STATUS_TMAC_BUF_EMPTY  BIT(3)
-#define ADAPTER_STATUS_PIC_QUIESCENT   BIT(5)
-#define ADAPTER_STATUS_RMAC_REMOTE_FAULT   BIT(6)
-#define ADAPTER_STATUS_RMAC_LOCAL_FAULTBIT(7)
+#define ADAPTER_STATUS_TDMA_READY  s2BIT(0)
+#define ADAPTER_STATUS_RDMA_READY  s2BIT(1)
+#define ADAPTER_STATUS_PFC_READY   s2BIT(2)
+#define ADAPTER_STATUS_TMAC_BUF_EMPTY  s2BIT(3)
+#define ADAPTER_STATUS_PIC_QUIESCENT   s2BIT(5)
+#define ADAPTER_STATUS_RMAC_REMOTE_FAULT   s2BIT(6)
+#define ADAPTER_STATUS_RMAC_LOCAL_FAULTs2BIT(7)
 #define ADAPTER_STATUS_RMAC_PCC_IDLE   vBIT(0xFF,8,8)
 #define ADAPTER_STATUS_RMAC_PCC_FOUR_IDLE  vBIT(0x0F,8,8)
 #define ADAPTER_STATUS_RC_PRC_QUIESCENTvBIT(0xFF,16,8)
-#define ADAPTER_STATUS_MC_DRAM_READY   BIT(24)
-#define ADAPTER_STATUS_MC_QUEUES_READY BIT(25)
-#define ADAPTER_STATUS_M_PLL_LOCK  BIT(30)
-#define ADAPTER_STATUS_P_PLL_LOCK  BIT(31)
+#define ADAPTER_STATUS_MC_DRAM_READY   s2BIT(24)
+#define ADAPTER_STATUS_MC_QUEUES_READY s2BIT(25)
+#define ADAPTER_STATUS_M_PLL_LOCK  s2BIT(30)
+#define ADAPTER_STATUS_P_PLL_LOCK  s2BIT(31)
 
u64 adapter_control;
-#define ADAPTER_CNTL_ENBIT(7)
-#define ADAPTER_EOI_TX_ON  BIT(15)
-#define ADAPTER_LED_ON BIT(23)
+#define ADAPTER_CNTL_ENs2BIT(7)
+#define ADAPTER_EOI_TX_ON  s2BIT(15)
+#define ADAPTER_LED_ON s2BIT(23)
 #define ADAPTER_UDPI(val)  vBIT(val,36,4)
-#define ADAPTER_WAIT_INT   BIT(48)
-#define ADAPTER_ECC_EN BIT(55)
+#define ADAPTER_WAIT_INT   s2BIT(48)
+#define ADAPTER_ECC_EN s2BIT(55)
 
u64 serr_source;
-#define SERR_SOURCE_PICBIT(0)
-#define SERR_SOURCE_TXDMA  BIT(1)
-#define SERR_SOURCE_RXDMA  BIT(2)
-#define SERR_SOURCE_MAC BIT(3)
-#define SERR_SOURCE_MC  BIT(4)
-#define SERR_SOURCE_XGXSBIT(5)
+#define SERR_SOURCE_PICs2BIT(0)
+#define SERR_SOURCE_TXDMA  s2BIT(1)
+#define SERR_SOURCE_RXDMA  s2BIT(2)
+#define SERR_SOURCE_MAC s2BIT(3)
+#define SERR_SOURCE_MC  s2BIT(4)
+#define SERR_SOURCE_XGXSs2BIT(5)
 #defineSERR_SOURCE_ANY (SERR_SOURCE_PIC| \
SERR_SOURCE_TXDMA   | \
SERR_SOURCE_RXDMA   | \
@@ -101,41 +101,41 @@ struct XENA_dev_config {
 #define

[PATCH 8/9] define global BIT macro

2007-08-18 Thread Jiri Slaby 
define global BIT macro

move all local BIT defines to the new globally define macro.

Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

---
commit 19b14b967521eda7011bd70891bbe5044882d739
tree cd49de4f9f8d991ee7af22037a86978ea227abb8
parent fef5bcc8e5a7bfd66920df6d02c3448314dfe4b2
author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 11:16:36 +0200
committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 11:16:36 +0200

 arch/ppc/platforms/chestnut.c   |1 -
 drivers/edac/edac_core.h|2 --
 drivers/firmware/dcdbas.h   |2 --
 drivers/input/serio/maceps2.c   |2 --
 drivers/net/eth16i.c|1 -
 drivers/net/meth.h  |3 ---
 drivers/net/wireless/hostap/hostap_common.h |2 --
 drivers/scsi/FlashPoint.c   |1 -
 drivers/scsi/nsp32.h|5 -
 drivers/scsi/pcmcia/nsp_cs.h|1 -
 drivers/video/pnx4008/sdum.h|3 ---
 include/asm-arm/arch-ixp4xx/io.h|3 ---
 include/asm-mips/ip32/crime.h   |3 ---
 include/asm-mips/ip32/mace.h|3 ---
 include/linux/bitops.h  |1 +
 include/video/sstfb.h   |1 -
 include/video/tdfx.h|2 --
 net/mac80211/ieee80211_i.h  |2 --
 18 files changed, 1 insertions(+), 37 deletions(-)

diff --git a/arch/ppc/platforms/chestnut.c b/arch/ppc/platforms/chestnut.c
index 4696849..ccd2faa 100644
--- a/arch/ppc/platforms/chestnut.c
+++ b/arch/ppc/platforms/chestnut.c
@@ -49,7 +49,6 @@ extern void gen550_progress(char *, unsigned short);
 extern void gen550_init(int, struct uart_port *);
 extern void mv64360_pcibios_fixup(mv64x60_handle_t *bh);
 
-#define BIT(x) (1x)
 #define CHESTNUT_PRESERVE_MASK (BIT(MV64x60_CPU2DEV_0_WIN) | \
BIT(MV64x60_CPU2DEV_1_WIN) | \
BIT(MV64x60_CPU2DEV_2_WIN) | \
diff --git a/drivers/edac/edac_core.h b/drivers/edac/edac_core.h
index 4e6bad1..309a1a5 100644
--- a/drivers/edac/edac_core.h
+++ b/drivers/edac/edac_core.h
@@ -94,8 +94,6 @@ extern int edac_debug_level;
 
 #endif /* !CONFIG_EDAC_DEBUG */
 
-#define BIT(x) (1  (x))
-
 #define PCI_VEND_DEV(vend, dev) PCI_VENDOR_ID_ ## vend, \
PCI_DEVICE_ID_ ## vend ## _ ## dev
 
diff --git a/drivers/firmware/dcdbas.h b/drivers/firmware/dcdbas.h
index 8960cad..87bc341 100644
--- a/drivers/firmware/dcdbas.h
+++ b/drivers/firmware/dcdbas.h
@@ -20,8 +20,6 @@
 #include linux/sysfs.h
 #include linux/types.h
 
-#define BIT(x) (1UL  x)
-
 #define MAX_SMI_DATA_BUF_SIZE  (256 * 1024)
 
 #define HC_ACTION_NONE (0)
diff --git a/drivers/input/serio/maceps2.c b/drivers/input/serio/maceps2.c
index 5a41b8f..558200e 100644
--- a/drivers/input/serio/maceps2.c
+++ b/drivers/input/serio/maceps2.c
@@ -31,8 +31,6 @@ MODULE_LICENSE(GPL);
 
 #define MACE_PS2_TIMEOUT 1 /* in 50us unit */
 
-#define BIT(x) (1UL  (x))
-
 #define PS2_STATUS_CLOCK_SIGNAL  BIT(0) /* external clock signal */
 #define PS2_STATUS_CLOCK_INHIBIT BIT(1) /* clken output signal */
 #define PS2_STATUS_TX_INPROGRESS BIT(2) /* transmission in progress */
diff --git a/drivers/net/eth16i.c b/drivers/net/eth16i.c
index 04abf59..f613dae 100644
--- a/drivers/net/eth16i.c
+++ b/drivers/net/eth16i.c
@@ -170,7 +170,6 @@ static char *version =
 
 
 /* Few macros */
-#define BIT(a)( (1  (a)) )
 #define BITSET(ioaddr, bnum)   ((outb(((inb(ioaddr)) | (bnum)), ioaddr)))
 #define BITCLR(ioaddr, bnum)   ((outb(((inb(ioaddr))  (~(bnum))), ioaddr)))
 
diff --git a/drivers/net/meth.h b/drivers/net/meth.h
index ea3b8fc..a78dc1c 100644
--- a/drivers/net/meth.h
+++ b/drivers/net/meth.h
@@ -28,9 +28,6 @@
 #define RX_BUFFER_OFFSET (sizeof(rx_status_vector)+2) /* staus vector + 2 
bytes of padding */
 #define RX_BUCKET_SIZE 256
 
-#undef BIT
-#define BIT(x) (1UL  (x))
-
 /* For more detailed explanations of what each field menas,
see Nick's great comments to #defines below (or docs, if
you are lucky enough toget hold of them :)*/
diff --git a/drivers/net/wireless/hostap/hostap_common.h 
b/drivers/net/wireless/hostap/hostap_common.h
index b31e6a0..f3930f9 100644
--- a/drivers/net/wireless/hostap/hostap_common.h
+++ b/drivers/net/wireless/hostap/hostap_common.h
@@ -4,8 +4,6 @@
 #include linux/types.h
 #include linux/if_ether.h
 
-#define BIT(x) (1  (x))
-
 #define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5]
 #define MACSTR %02x:%02x:%02x:%02x:%02x:%02x
 
diff --git a/drivers/scsi/FlashPoint.c b/drivers/scsi/FlashPoint.c
index a7f916c..cf549ff 100644
--- a/drivers/scsi/FlashPoint.c
+++ b/drivers/scsi/FlashPoint.c
@@ -25,7 +25,6 @@
 
 #define FAILURE 0xL
 
-#define BIT(x)  ((unsigned char)(1(x)))  /* single-bit mask in 
bit position x

Re: [PATCH 8/9] define global BIT macro

2007-08-18 Thread Jiri Slaby 
Randy Dunlap napsal(a):
 On Sat, 18 Aug 2007 11:44:12 +0200 (CEST) Jiri Slaby wrote:
 
 define global BIT macro

 move all local BIT defines to the new globally define macro.

 Signed-off-by: Jiri Slaby [EMAIL PROTECTED]

 ---

  include/linux/bitops.h  |1 +
  include/video/sstfb.h   |1 -
  include/video/tdfx.h|2 --
  net/mac80211/ieee80211_i.h  |2 --
  18 files changed, 1 insertions(+), 37 deletions(-)

 diff --git a/include/linux/bitops.h b/include/linux/bitops.h
 index 3255b06..a57b81f 100644
 --- a/include/linux/bitops.h
 +++ b/include/linux/bitops.h
 @@ -3,6 +3,7 @@
  #include asm/types.h
  
  #ifdef  __KERNEL__
 +#define BIT(nr) (1UL  (nr))
  #define BIT_MASK(nr)(1UL  ((nr) % BITS_PER_LONG))
  #define BIT_WORD(nr)((nr) / BITS_PER_LONG)
  #define BITS_TO_TYPE(nr, t) (((nr)+(t)-1)/(t))
 
 
 So users of the BIT() macro in include/linux/input.h can be
 changed to use the global BIT_MASK() macro...
 and the former can be removed.

I'm afraid I don't understand you. Maybe, you are writing about changes done in
patch no. 7 [1], which didn't go through to the lkml?

[1]
http://www.fi.muni.cz/~xslaby/sklad/07-get-rid-of-input-bit-duplicate-defines.patch

thanks,
-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/4] Net: mac80211, remove bitfields from struct ieee80211_tx_packet_data

2007-08-13 Thread Jiri Slaby 
Johannes Berg napsal(a):
 On Sun, 2007-08-12 at 15:08 +0200, Jiri Slaby wrote:
 
 +if (control-flags  IEEE80211_TXCTL_REQ_TX_STATUS)
 +pkt_data-flags |= IEEE80211_TXPD_REQ_TX_STATUS;
 +if (control-flags  IEEE80211_TXCTL_DO_NOT_ENCRYPT)
 +pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT;
 +if (control-flags  IEEE80211_TXCTL_REQUEUE)
 +pkt_data-flags |= IEEE80211_TXPD_REQUEUE;
 +if (control-type == IEEE80211_IF_TYPE_MGMT)
 +pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE;
 
 This looks weird. Can't we just use the same flags?

I don't think, that it must be subset one of each another in the future. (This
is why I created yet another bits defined).

Do we still want the same flags?

-- 
Jiri Slaby ([EMAIL PROTECTED])
Faculty of Informatics, Masaryk University
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  1   2   >