Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4
On 05/16/2018, 03:36 PM, Jiri Slaby wrote: > So I assume it must be a problem of making usb->disconnect without prior > ndo->close (or alike). So according to my debug messages, I think this should workaround the problem: --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -3962,7 +3962,8 @@ static int rtl8152_close(struct net_device *netdev) #ifdef CONFIG_PM_SLEEP unregister_pm_notifier(>pm_notifier); #endif - napi_disable(>napi); + if (!test_bit(RTL8152_UNPLUG, >flags)) + napi_disable(>napi); clear_bit(WORK_ENABLE, >flags); usb_kill_urb(tp->intr_urb); cancel_delayed_work_sync(>schedule); napi is deleted in usb->disconnect, then unregister_netdev is called which invokes netdev->ndo_stop, i.e. rtl8152_close above. And rtl8152_close tries to napi_disable, but that is already deleted. The patch does not solve the race between disconnect and ndo_stop AFAICS. It needs locking, IMO. I am not familiar enough with the code, but it looks like ->disconnect can happen any time while ->stop is in progress. thanks, -- js suse labs
Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4
On 05/16/2018, 03:29 PM, Jiri Slaby wrote: > On 05/16/2018, 02:07 PM, Hayes Wang wrote: >> Oliver Neukum [mailto:oneu...@suse.com] >>> Sent: Wednesday, May 16, 2018 6:10 PM >> [...] >>>> Besides, I find a similar issue as following. >>>> https://www.spinics.net/lists/netdev/msg493512.html >>> >>> Well, if we have an imbalance in NAPI it should strike whereever >>> it is used, not just in suspend(). Is there debugging for NAPI >>> we could activate? >> >> No. The driver doesn't embed such debugging about it. > > Despite of that, Oliver, I have a kernel with a debug patch (attached) > at (suse-only link): > https://build.suse.de/project/show/home:jirislaby:stable-drm > >> And I don't find an imbalance between napi_disable() and napi_enable(). > > There is none, apparently (the warns never triggered). BUt still the > driver sucks wrt both power mgmt and dock plug/unplug. Since I am using > the patch (it upper-bounds the napi_disable loop count) and the udev > rule below, I can really use the nic. BTW the added warning to napi_disable indeed triggers: > xzgrep -a -B 2 kernel:.*WARNING.*napi messages-20180* > messages-20180503.xz:2018-04-27T09:57:00.048922+02:00 anemoi2 kernel: > [158616.363052] [ cut here ] > messages-20180503.xz:2018-04-27T09:57:00.048979+02:00 anemoi2 kernel: > [158616.363070] NAPI_STATE_SCHED never cleared > messages-20180503.xz:2018-04-27T09:57:00.048988+02:00 anemoi2 kernel: > [158616.363120] WARNING: CPU: 1 PID: 14365 at ../net/core/dev.c:5665 > napi_disable+0x3d/0x80 And since I do 'ip l set dev ethX down' before unplugging the dock with the NIC, I have not seen a single occurrence. So I assume it must be a problem of making usb->disconnect without prior ndo->close (or alike). thanks, -- js suse labs
Re: Hangs in r8152 connected to power management in kernels at least up v4.17-rc4
On 05/16/2018, 02:07 PM, Hayes Wang wrote: > Oliver Neukum [mailto:oneu...@suse.com] >> Sent: Wednesday, May 16, 2018 6:10 PM > [...] >>> Besides, I find a similar issue as following. >>> https://www.spinics.net/lists/netdev/msg493512.html >> >> Well, if we have an imbalance in NAPI it should strike whereever >> it is used, not just in suspend(). Is there debugging for NAPI >> we could activate? > > No. The driver doesn't embed such debugging about it. Despite of that, Oliver, I have a kernel with a debug patch (attached) at (suse-only link): https://build.suse.de/project/show/home:jirislaby:stable-drm > And I don't find an imbalance between napi_disable() and napi_enable(). There is none, apparently (the warns never triggered). BUt still the driver sucks wrt both power mgmt and dock plug/unplug. Since I am using the patch (it upper-bounds the napi_disable loop count) and the udev rule below, I can really use the nic. $ cat /etc/udev/rules.d/10-disable-r8152-pm.rules ACTION=="add", SUBSYSTEM=="usb", ATTR{idProduct}=="8153", ATTR{idVendor}=="0bda", TEST=="power/control", ATTR{power/control}="on" thanks, -- js suse labs --- drivers/net/usb/r8152.c | 62 +++- net/core/dev.c | 14 +- 2 files changed, 53 insertions(+), 23 deletions(-) --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -704,6 +704,8 @@ struct r8152 { unsigned long flags; struct usb_device *udev; struct napi_struct napi; + int napi_stat; + void *napi_last_en, *napi_last_dis; struct usb_interface *intf; struct net_device *netdev; struct urb *intr_urb; @@ -775,6 +777,31 @@ static unsigned int agg_buf_sz = 16384; #define RTL_LIMITED_TSO_SIZE (agg_buf_sz - sizeof(struct tx_desc) - \ VLAN_ETH_HLEN - ETH_FCS_LEN) +static void my_napi_enable(struct r8152 *tp) +{ + if (tp->napi_stat == 0) { + napi_enable(>napi); + tp->napi_stat++; + tp->napi_last_en = (void *)_RET_IP_; + return; + } + + WARN(1, "napi_stat=%d\n", tp->napi_stat); +} + +static void my_napi_disable(struct r8152 *tp) +{ + if (tp->napi_stat == 1) { + napi_disable(>napi); + tp->napi_stat--; + tp->napi_last_dis = (void *)_RET_IP_; + return; + } + + WARN(1, "napi_stat=%d last_dis=%pF last_en=%pF\n", + tp->napi_stat, tp->napi_last_en, tp->napi_last_dis); +} + static int get_registers(struct r8152 *tp, u16 value, u16 index, u16 size, void *data) { @@ -3787,7 +3814,6 @@ static bool rtl8153_in_nway(struct r8152 static void set_carrier(struct r8152 *tp) { struct net_device *netdev = tp->netdev; - struct napi_struct *napi = >napi; u8 speed; speed = rtl8152_get_speed(tp); @@ -3796,12 +3822,12 @@ static void set_carrier(struct r8152 *tp if (!netif_carrier_ok(netdev)) { tp->rtl_ops.enable(tp); netif_stop_queue(netdev); - napi_disable(napi); + my_napi_disable(tp); netif_carrier_on(netdev); rtl_start_rx(tp); clear_bit(RTL8152_SET_RX_MODE, >flags); _rtl8152_set_rx_mode(netdev); - napi_enable(>napi); + my_napi_enable(tp); netif_wake_queue(netdev); netif_info(tp, link, netdev, "carrier on\n"); } else if (netif_queue_stopped(netdev) && @@ -3811,9 +3837,9 @@ static void set_carrier(struct r8152 *tp } else { if (netif_carrier_ok(netdev)) { netif_carrier_off(netdev); - napi_disable(napi); + my_napi_disable(tp); tp->rtl_ops.disable(tp); - napi_enable(napi); + my_napi_enable(tp); netif_info(tp, link, netdev, "carrier off\n"); } } @@ -3934,7 +3960,7 @@ static int rtl8152_open(struct net_devic res); goto out_unlock; } - napi_enable(>napi); + my_napi_enable(tp); mutex_unlock(>control); @@ -3962,7 +3988,7 @@ static int rtl8152_close(struct net_devi #ifdef CONFIG_PM_SLEEP unregister_pm_notifier(>pm_notifier); #endif - napi_disable(>napi); + my_napi_disable(tp); clear_bit(WORK_ENABLE, >flags); usb_kill_urb(tp->intr_urb); cancel_delayed_work_sync(>schedule); @@ -4230,7 +4256,7 @@ static int rtl8152_pre_reset(struct usb_ return 0; netif_stop_queue(netdev); - napi_disable(>napi); + my_napi_disable(tp); clear_bit(WORK_ENABLE, >flags); usb_kill_urb(tp->intr_urb); cancel_delayed_work_sync(>schedule); @@ -4264,7 +4290,7 @@ static int rtl8152_post_reset(struct usb mutex_unlock(>control); } - napi_enable(>napi); + my_napi_enable(tp); netif_wake_queue(netdev); usb_submit_urb(tp->intr_urb, GFP_KERNEL); @@ -4302,10 +4328,8 @@ static int rtl8152_runtime_resume(struct struct net_device *netdev = tp->netdev; if (netif_running(netdev) && netdev->flags & IFF_UP) { - struct napi_struct *napi = >napi; - tp->rtl_ops.autosuspend_en(tp, false); - napi_disable(napi); + my_napi_disable(tp); set_bit(WORK_ENABLE, >flags); if (netif_carrier_ok(netdev)) { @@ -4318,7 +4342,7 @@ static int rtl8152_runtime_resume(struct } } - napi_enable(napi); + my_napi_enable(tp); clear_bit(SELECTIVE_SUSPEND, >flags); smp_mb__after_atomic(); @@ -4388,13 +4412,11 @@ static
Bluetooth/lock_sock: false positive "WARNING: possible recursive locking detected"
Hi, I have just got this lockdep warning during suspend: > [ 2891.586061] > [ 2891.586063] WARNING: possible recursive locking detected > [ 2891.586065] 4.16.2-10.ge881e16-default #1 Not tainted > [ 2891.586067] > [ 2891.586068] kworker/u9:3/873 is trying to acquire lock: > [ 2891.586070] (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: > [<7b85e829>] bt_accept_enqueue+0x29/0x90 [bluetooth] > [ 2891.586086] >but task is already holding lock: > [ 2891.586088] (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: > [<42f0b4a5>] l2cap_sock_new_connection_cb+0x18/0xa0 [bluetooth] > [ 2891.586109] >other info that might help us debug this: > [ 2891.586111] Possible unsafe locking scenario: > > [ 2891.586115]CPU0 > [ 2891.586116] > [ 2891.586117] lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); > [ 2891.586120] lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); > [ 2891.586122] > *** DEADLOCK *** > > [ 2891.586125] May be due to missing lock nesting notation > > [ 2891.586127] 5 locks held by kworker/u9:3/873: > [ 2891.586128] #0: ((wq_completion)"%s"hdev->name#2){+.+.}, at: > [<4aa1a273>] process_one_work+0x1e3/0x6a0 > [ 2891.586135] #1: ((work_completion)(>rx_work)){+.+.}, at: > [<4aa1a273>] process_one_work+0x1e3/0x6a0 > [ 2891.586140] #2: (>chan_lock){+.+.}, at: [] > l2cap_connect+0x88/0x540 [bluetooth] > [ 2891.586155] #3: (>lock/2){+.+.}, at: [<7c38e27e>] > l2cap_connect+0xa0/0x540 [bluetooth] > [ 2891.586170] #4: (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}, at: > [<42f0b4a5>] l2cap_sock_new_connection_cb+0x18/0xa0 [bluetooth] > [ 2891.586183] >stack backtrace: > [ 2891.586187] CPU: 2 PID: 873 Comm: kworker/u9:3 Not tainted > 4.16.2-10.ge881e16-default #1 openSUSE Tumbleweed (unreleased) > [ 2891.586189] Hardware name: Dell Inc. Latitude 7280/0KK5D1, BIOS 1.9.3 > 03/09/2018 > [ 2891.586200] Workqueue: hci0 hci_rx_work [bluetooth] > [ 2891.586202] Call Trace: > [ 2891.586207] dump_stack+0x85/0xc5 > [ 2891.586211] __lock_acquire+0x6b4/0x1370 > [ 2891.586221] lock_acquire+0x9f/0x210 > [ 2891.586237] lock_sock_nested+0x5a/0x80 > [ 2891.586256] bt_accept_enqueue+0x29/0x90 [bluetooth] > [ 2891.586268] l2cap_sock_new_connection_cb+0x5d/0xa0 [bluetooth] > [ 2891.586280] l2cap_connect+0x126/0x540 [bluetooth] > [ 2891.586315] l2cap_sig_channel+0x443/0x13b0 [bluetooth] > [ 2891.586330] l2cap_recv_frame+0x1a4/0x300 [bluetooth] > [ 2891.586341] hci_rx_work+0x1c8/0x5c0 [bluetooth] > [ 2891.586345] process_one_work+0x269/0x6a0 > [ 2891.586350] worker_thread+0x2b/0x3d0 > [ 2891.586356] kthread+0x113/0x130 > [ 2891.586363] ret_from_fork+0x24/0x50 > [ 4954.622809] e1000e: eth0 NIC Link is Down > [ 4955.299532] PM: suspend entry (deep) > [ 4955.299538] PM: Syncing filesystems ... done. This is: lock_sock(sk); in bt_accept_enqueue nested in lock_sock(parent); in l2cap_sock_new_connection_cb So this looks like a false positive to me. So I believe this is a fix: --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -1232,7 +1232,7 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan) { struct sock *sk, *parent = chan->data; - lock_sock(parent); + lock_sock_nested(parent, L2CAP_NESTING_PARENT); /* Check for backlog size */ if (sk_acceptq_is_full(parent)) { ? thanks, -- js suse labs
Re: r8152 livelocks during pm_runtime_suspend
On 03/30/2018, 03:17 PM, Jiri Slaby wrote: > Hi, > > I have seen r8152 from my docking station to kill my box several times > in the last few days. The notebook is new, so I don't know if this is a > regression. Forgot to add, I am seeing this in dmesg: [ 13.353239] r8152 4-1.2:1.0 (unnamed net_device) (uninitialized): Using pass-thru MAC addr d8:9e:f3:f6:6d:0c [ 13.365082] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 13.390990] r8152 4-1.2:1.0 eth1: v1.09.9 [ 13.399314] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 13.552529] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 13.561268] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 13.736582] nf_conntrack version 0.5.0 (65536 buckets, 262144 max) [ 14.198646] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. [ 14.537233] Netfilter messages via NETLINK v0.30. [ 14.544740] ip_set: protocol 6 [ 16.697657] r8152 4-1.2:1.0 eth1: carrier on [ 16.697724] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready [ 16.847718] NET: Registered protocol family 17 [ 20.629344] fuse init (API version 7.26) [ 21.371334] Bluetooth: RFCOMM TTY layer initialized [ 21.371343] Bluetooth: RFCOMM socket layer initialized [ 21.371353] Bluetooth: RFCOMM ver 1.11 [ 21.753577] tun: Universal TUN/TAP device driver, 1.6 [ 25.992820] retire_capture_urb: 2491 callbacks suppressed [ 118.054869] NOHZ: local_softirq_pending 08 [ 118.056988] NOHZ: local_softirq_pending 08 [ 185.562659] NOHZ: local_softirq_pending 08 08 seems to be NET_RX_SOFTIRQ. So is this related? Kernel version: 4.15.14 > I have the NIC connected all the time. And when I return to the notebook > after a while, the networking is dead. Looking at the stack traces, it > is clear, that r8152 was attempted to be autosuspended and waits in > napi_disable for NAPI_STATE_SCHED bit to be cleared: > [22001.018437] kworker/2:0 D0 16267 2 0x8000 > [22001.018441] Workqueue: pm pm_runtime_work > [22001.018443] Call Trace: > [22001.018453] schedule+0x2f/0x90 > [22001.018455] schedule_timeout+0x1ce/0x540 > [22001.018474] msleep+0x29/0x30 > [22001.018477] napi_disable+0x25/0x60 > [22001.018483] rtl8152_suspend+0x20a/0x2d0 [r8152] > [22001.018493] usb_suspend_both+0x8d/0x200 [usbcore] > [22001.018510] usb_runtime_suspend+0x2a/0x70 [usbcore] > [22001.018514] __rpm_callback+0xbc/0x1f0 > [22001.018519] rpm_callback+0x4f/0x70 > [22001.018526] rpm_suspend+0x11d/0x6d0 > [22001.018532] pm_runtime_work+0x73/0xb0 > [22001.018535] process_one_work+0x269/0x6c0 > [22001.018541] worker_thread+0x2b/0x3d0 > [22001.018547] kthread+0x113/0x130 > [22001.018556] ret_from_fork+0x24/0x50 > > The assembly: >> 81716730 : >> 81716730: e8 eb b7 2e 00 callq 81a01f20 >> <__fentry__> >> 81716735: 55 push %rbp >> 81716736: 48 89 fdmov%rdi,%rbp >> 81716739: 53 push %rbx >> 8171673a: 48 8d 5f 10 lea0x10(%rdi),%rbx >> 8171673e: f0 80 4f 10 04 lock orb $0x4,0x10(%rdi) >> 81716743: f0 0f ba 6f 10 00 lock btsl $0x0,0x10(%rdi) >> 81716749: 73 11 jae8171675c >> <napi_disable+0x2c> >> 8171674b: bf 01 00 00 00 mov$0x1,%edi >> 81716750: e8 ab ac a0 ff callq 81121400 >> >> 81716755: f0 0f ba 2b 00 lock btsl $0x0,(%rbx) >> 8171675a: 72 ef jb 8171674b >> <napi_disable+0x1b> > > > > > > There are other tasks in D state, of course, like these, waiting for the > device to become pm-up: > [22001.018749] kworker/3:1 D0 16798 2 0x8000 > [22001.018753] Workqueue: events rtl_work_func_t [r8152] > [22001.018755] Call Trace: > [22001.018767] schedule+0x2f/0x90 > [22001.018769] rpm_resume+0xf9/0x860 > [22001.018777] rpm_resume+0x592/0x860 > [22001.018783] __pm_runtime_resume+0x3a/0x50 > [22001.018789] usb_autopm_get_interface+0x1d/0x50 [usbcore] > [22001.018793] rtl_work_func_t+0x3e/0x405 [r8152] > [22001.018801] process_one_work+0x269/0x6c0 > [22001.018807] worker_thread+0x2b/0x3d0 > [22001.018813] kthread+0x113/0x130 > [22001.018822] ret_from_fork+0x24/0x50 > [22001.019713] tcpdump D0 17119 4265 0x0004 > [22001.019716] Call Trace: > [22001.019728] schedule+0x2f/0x90 > [22001.019730] rpm_resume+0xf9/0x860 > [22001.019738] rpm_resume+0x592/0x860 > [22001.019744] __pm_runtime_resume+0x
r8152 livelocks during pm_runtime_suspend
Hi, I have seen r8152 from my docking station to kill my box several times in the last few days. The notebook is new, so I don't know if this is a regression. I have the NIC connected all the time. And when I return to the notebook after a while, the networking is dead. Looking at the stack traces, it is clear, that r8152 was attempted to be autosuspended and waits in napi_disable for NAPI_STATE_SCHED bit to be cleared: [22001.018437] kworker/2:0 D0 16267 2 0x8000 [22001.018441] Workqueue: pm pm_runtime_work [22001.018443] Call Trace: [22001.018453] schedule+0x2f/0x90 [22001.018455] schedule_timeout+0x1ce/0x540 [22001.018474] msleep+0x29/0x30 [22001.018477] napi_disable+0x25/0x60 [22001.018483] rtl8152_suspend+0x20a/0x2d0 [r8152] [22001.018493] usb_suspend_both+0x8d/0x200 [usbcore] [22001.018510] usb_runtime_suspend+0x2a/0x70 [usbcore] [22001.018514] __rpm_callback+0xbc/0x1f0 [22001.018519] rpm_callback+0x4f/0x70 [22001.018526] rpm_suspend+0x11d/0x6d0 [22001.018532] pm_runtime_work+0x73/0xb0 [22001.018535] process_one_work+0x269/0x6c0 [22001.018541] worker_thread+0x2b/0x3d0 [22001.018547] kthread+0x113/0x130 [22001.018556] ret_from_fork+0x24/0x50 The assembly: > 81716730 : > 81716730: e8 eb b7 2e 00 callq 81a01f20 > <__fentry__> > 81716735: 55 push %rbp > 81716736: 48 89 fdmov%rdi,%rbp > 81716739: 53 push %rbx > 8171673a: 48 8d 5f 10 lea0x10(%rdi),%rbx > 8171673e: f0 80 4f 10 04 lock orb $0x4,0x10(%rdi) > 81716743: f0 0f ba 6f 10 00 lock btsl $0x0,0x10(%rdi) > 81716749: 73 11 jae8171675c >> 8171674b: bf 01 00 00 00 mov$0x1,%edi > 81716750: e8 ab ac a0 ff callq 81121400 > > 81716755: f0 0f ba 2b 00 lock btsl $0x0,(%rbx) > 8171675a: 72 ef jb 8171674b > There are other tasks in D state, of course, like these, waiting for the device to become pm-up: [22001.018749] kworker/3:1 D0 16798 2 0x8000 [22001.018753] Workqueue: events rtl_work_func_t [r8152] [22001.018755] Call Trace: [22001.018767] schedule+0x2f/0x90 [22001.018769] rpm_resume+0xf9/0x860 [22001.018777] rpm_resume+0x592/0x860 [22001.018783] __pm_runtime_resume+0x3a/0x50 [22001.018789] usb_autopm_get_interface+0x1d/0x50 [usbcore] [22001.018793] rtl_work_func_t+0x3e/0x405 [r8152] [22001.018801] process_one_work+0x269/0x6c0 [22001.018807] worker_thread+0x2b/0x3d0 [22001.018813] kthread+0x113/0x130 [22001.018822] ret_from_fork+0x24/0x50 [22001.019713] tcpdump D0 17119 4265 0x0004 [22001.019716] Call Trace: [22001.019728] schedule+0x2f/0x90 [22001.019730] rpm_resume+0xf9/0x860 [22001.019738] rpm_resume+0x592/0x860 [22001.019744] __pm_runtime_resume+0x3a/0x50 [22001.019750] usb_autopm_get_interface+0x1d/0x50 [usbcore] [22001.019754] rtl8152_ioctl+0x30/0x140 [r8152] [22001.019758] dev_ifsioc+0x115/0x3f0 [22001.019763] dev_ioctl+0x14b/0x680 [22001.019775] sock_do_ioctl+0x41/0x50 [22001.019778] sock_ioctl+0x1c2/0x2f0 [22001.019781] do_vfs_ioctl+0x91/0x680 [22001.019789] SyS_ioctl+0x74/0x80 [22001.019794] do_syscall_64+0x76/0x1c0 ... > Showing all locks held in the system: > 1 lock held by in:imklog/1371: > #0: (>f_pos_lock){+.+.}, at: [ ] __fdget_pos+0x3f/0x50 > 1 lock held by Qt bearer threa/3003: > #0: (rtnl_mutex){+.+.}, at: [<21e0bca0>] > __netlink_dump_start+0x4c/0x1b0 > 1 lock held by Qt bearer threa/2825: > #0: (rtnl_mutex){+.+.}, at: [<21e0bca0>] > __netlink_dump_start+0x4c/0x1b0 > 1 lock held by DNS Res~ver #40/17041: > #0: (rtnl_mutex){+.+.}, at: [<21e0bca0>] > __netlink_dump_start+0x4c/0x1b0 > 1 lock held by Qt bearer threa/3110: > #0: (rtnl_mutex){+.+.}, at: [<21e0bca0>] > __netlink_dump_start+0x4c/0x1b0 > 1 lock held by DNS Res~ver #16/17044: > #0: (rtnl_mutex){+.+.}, at: [<21e0bca0>] > __netlink_dump_start+0x4c/0x1b0 > 2 locks held by bash/4561: > #0: (>ldisc_sem){}, at: [ ] > tty_ldisc_ref_wait+0x24/0x50 > #1: (>atomic_read_lock){+.+.}, at: [<91462d05>] > n_tty_read+0xc3/0x850 > 3 locks held by kworker/2:0/16267: > #0: ((wq_completion)"pm"){+.+.}, at: [ ] > process_one_work+0x1e3/0x6c0 > #1: ((work_completion)(>power.work)){+.+.}, at: [ ] > process_one_work+0x1e3/0x6c0 > #2: (>control){+.+.}, at: [ ] > rtl8152_suspend+0x2b/0x2d0 [r8152] > 2 locks held by kworker/3:1/16798: > #0: ((wq_completion)"events"){+.+.}, at: [ ] > process_one_work+0x1e3/0x6c0 > #1: ((work_completion)(&(>schedule)->work)){+.+.}, at: > [ ]
[PATCH 4.4-stable 7/7] bpf, array: fix overflow in max_entries and undefined behavior in index_mask
From: Daniel Borkmann <dan...@iogearbox.net> commit bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 upstream. syzkaller tried to alloc a map with 0xfffd entries out of a userns, and thus unprivileged. With the recently added logic in b2157399cc98 ("bpf: prevent out-of-bounds speculation") we round this up to the next power of two value for max_entries for unprivileged such that we can apply proper masking into potentially zeroed out map slots. However, this will generate an index_mask of 0x, and therefore a + 1 will let this overflow into new max_entries of 0. This will pass allocation, etc, and later on map access we still enforce on the original attr->max_entries value which was 0xfffd, therefore triggering GPF all over the place. Thus bail out on overflow in such case. Moreover, on 32 bit archs roundup_pow_of_two() can also not be used, since fls_long(max_entries - 1) can result in 32 and 1UL << 32 in 32 bit space is undefined. Therefore, do this by hand in a 64 bit variable. This fixes all the issues triggered by syzkaller's reproducers. Fixes: b2157399cc98 ("bpf: prevent out-of-bounds speculation") Reported-by: syzbot+b0efb8e572d01bce1...@syzkaller.appspotmail.com Reported-by: syzbot+6c15e9744f75f2364...@syzkaller.appspotmail.com Reported-by: syzbot+d2f5524fb46fd3b31...@syzkaller.appspotmail.com Reported-by: syzbot+61d23c95395cc90db...@syzkaller.appspotmail.com Reported-by: syzbot+0d363c942452cca68...@syzkaller.appspotmail.com Signed-off-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: Alexei Starovoitov <a...@kernel.org> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- kernel/bpf/arraymap.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 56f8a8306a49..3608fa1aec8a 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -23,6 +23,7 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) u32 elem_size, array_size, index_mask, max_entries; bool unpriv = !capable(CAP_SYS_ADMIN); struct bpf_array *array; + u64 mask64; /* check sanity of attributes */ if (attr->max_entries == 0 || attr->key_size != 4 || @@ -38,13 +39,25 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) elem_size = round_up(attr->value_size, 8); max_entries = attr->max_entries; - index_mask = roundup_pow_of_two(max_entries) - 1; - if (unpriv) + /* On 32 bit archs roundup_pow_of_two() with max_entries that has +* upper most bit set in u32 space is undefined behavior due to +* resulting 1U << 32, so do it manually here in u64 space. +*/ + mask64 = fls_long(max_entries - 1); + mask64 = 1ULL << mask64; + mask64 -= 1; + + index_mask = mask64; + if (unpriv) { /* round up array size to nearest power of 2, * since cpu will speculate within index_mask limits */ max_entries = index_mask + 1; + /* Check for overflows. */ + if (max_entries < attr->max_entries) + return ERR_PTR(-E2BIG); + } /* check round_up into zero and u32 overflow */ if (elem_size == 0 || -- 2.15.1
[PATCH 4.4-stable 2/6] bpf: don't (ab)use instructions to store state
From: Jakub Kicinski <jakub.kicin...@netronome.com> commit 3df126f35f88dc76eea33769f85a3c3bb8ce6c6b upstream. Storing state in reserved fields of instructions makes it impossible to run verifier on programs already marked as read-only. Allocate and use an array of per-instruction state instead. While touching the error path rename and move existing jump target. Suggested-by: Alexei Starovoitov <a...@kernel.org> Signed-off-by: Jakub Kicinski <jakub.kicin...@netronome.com> Acked-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- kernel/bpf/verifier.c | 67 ++- 1 file changed, 39 insertions(+), 28 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 261c90233dcd..769d2ec44802 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -186,6 +186,10 @@ struct verifier_stack_elem { struct verifier_stack_elem *next; }; +struct bpf_insn_aux_data { + enum bpf_reg_type ptr_type; /* pointer type for load/store insns */ +}; + #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */ /* single container for all structs @@ -200,6 +204,7 @@ struct verifier_env { struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by eBPF program */ u32 used_map_cnt; /* number of used maps */ bool allow_ptr_leaks; + struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ }; /* verbose verifier prints what it's seeing @@ -1784,7 +1789,7 @@ static int do_check(struct verifier_env *env) return err; } else if (class == BPF_LDX) { - enum bpf_reg_type src_reg_type; + enum bpf_reg_type *prev_src_type, src_reg_type; /* check for reserved fields is already done */ @@ -1813,16 +1818,18 @@ static int do_check(struct verifier_env *env) continue; } - if (insn->imm == 0) { + prev_src_type = >insn_aux_data[insn_idx].ptr_type; + + if (*prev_src_type == NOT_INIT) { /* saw a valid insn * dst_reg = *(u32 *)(src_reg + off) -* use reserved 'imm' field to mark this insn +* save type to validate intersecting paths */ - insn->imm = src_reg_type; + *prev_src_type = src_reg_type; - } else if (src_reg_type != insn->imm && + } else if (src_reg_type != *prev_src_type && (src_reg_type == PTR_TO_CTX || - insn->imm == PTR_TO_CTX)) { + *prev_src_type == PTR_TO_CTX)) { /* ABuser program is trying to use the same insn * dst_reg = *(u32*) (src_reg + off) * with different pointer types: @@ -1835,7 +1842,7 @@ static int do_check(struct verifier_env *env) } } else if (class == BPF_STX) { - enum bpf_reg_type dst_reg_type; + enum bpf_reg_type *prev_dst_type, dst_reg_type; if (BPF_MODE(insn->code) == BPF_XADD) { err = check_xadd(env, insn); @@ -1863,11 +1870,13 @@ static int do_check(struct verifier_env *env) if (err) return err; - if (insn->imm == 0) { - insn->imm = dst_reg_type; - } else if (dst_reg_type != insn->imm && + prev_dst_type = >insn_aux_data[insn_idx].ptr_type; + + if (*prev_dst_type == NOT_INIT) { + *prev_dst_type = dst_reg_type; + } else if (dst_reg_type != *prev_dst_type && (dst_reg_type == PTR_TO_CTX || - insn->imm == PTR_TO_CTX)) { + *prev_dst_type == PTR_TO_CTX)) { verbose("same insn cannot be used with different pointers\n"); return -EINVAL; } @@ -2104,17 +2113,17 @@ static void convert_pseudo_ld_imm64(struct verifier_env *env) static int convert_ctx_accesses(struct verifier_env *env) { struct bpf_insn *insn = env->prog->insn
[PATCH 4.4-stable 0/6] bpf: prevent out-of-bounds speculation
Hi, this is a backport of these patches which I did for our kernels: c237ee5eb33b bpf: add bpf_patch_insn_single helper 3df126f35f88 bpf: don't (ab)use instructions to store state e245c5c6a565 bpf: move fixup_bpf_calls() function 79741b3bdec0 bpf: refactor fixup_bpf_calls() 8041902dae52 bpf: adjust insn_aux_data when patching insns b2157399cc98 bpf: prevent out-of-bounds speculation I offer it here for use in stable 4.4, if there is no better/simpler backport available yet. Alexei Starovoitov (4): bpf: move fixup_bpf_calls() function bpf: refactor fixup_bpf_calls() bpf: adjust insn_aux_data when patching insns bpf: prevent out-of-bounds speculation Daniel Borkmann (1): bpf: add bpf_patch_insn_single helper Jakub Kicinski (1): bpf: don't (ab)use instructions to store state include/linux/bpf.h| 2 + include/linux/filter.h | 3 + kernel/bpf/arraymap.c | 24 -- kernel/bpf/core.c | 71 kernel/bpf/syscall.c | 54 kernel/bpf/verifier.c | 217 +++-- 6 files changed, 252 insertions(+), 119 deletions(-) -- 2.15.1
[PATCH 4.4-stable 1/6] bpf: add bpf_patch_insn_single helper
From: Daniel Borkmann <dan...@iogearbox.net> commit c237ee5eb33bf19fe0591c04ff8db19da7323a83 upstream. Move the functionality to patch instructions out of the verifier code and into the core as the new bpf_patch_insn_single() helper will be needed later on for blinding as well. No changes in functionality. Signed-off-by: Daniel Borkmann <dan...@iogearbox.net> Acked-by: Alexei Starovoitov <a...@kernel.org> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- include/linux/filter.h | 3 +++ kernel/bpf/core.c | 71 ++ kernel/bpf/verifier.c | 53 +++-- 3 files changed, 83 insertions(+), 44 deletions(-) diff --git a/include/linux/filter.h b/include/linux/filter.h index ccb98b459c59..677fa3b42194 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -466,6 +466,9 @@ u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); void bpf_int_jit_compile(struct bpf_prog *fp); bool bpf_helper_changes_skb_data(void *func); +struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, + const struct bpf_insn *patch, u32 len); + #ifdef CONFIG_BPF_JIT typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size); diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 334b1bdd572c..3fd76cf0c21e 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -137,6 +137,77 @@ void __bpf_prog_free(struct bpf_prog *fp) } EXPORT_SYMBOL_GPL(__bpf_prog_free); +static bool bpf_is_jmp_and_has_target(const struct bpf_insn *insn) +{ + return BPF_CLASS(insn->code) == BPF_JMP && + /* Call and Exit are both special jumps with no + * target inside the BPF instruction image. + */ + BPF_OP(insn->code) != BPF_CALL && + BPF_OP(insn->code) != BPF_EXIT; +} + +static void bpf_adj_branches(struct bpf_prog *prog, u32 pos, u32 delta) +{ + struct bpf_insn *insn = prog->insnsi; + u32 i, insn_cnt = prog->len; + + for (i = 0; i < insn_cnt; i++, insn++) { + if (!bpf_is_jmp_and_has_target(insn)) + continue; + + /* Adjust offset of jmps if we cross boundaries. */ + if (i < pos && i + insn->off + 1 > pos) + insn->off += delta; + else if (i > pos + delta && i + insn->off + 1 <= pos + delta) + insn->off -= delta; + } +} + +struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, + const struct bpf_insn *patch, u32 len) +{ + u32 insn_adj_cnt, insn_rest, insn_delta = len - 1; + struct bpf_prog *prog_adj; + + /* Since our patchlet doesn't expand the image, we're done. */ + if (insn_delta == 0) { + memcpy(prog->insnsi + off, patch, sizeof(*patch)); + return prog; + } + + insn_adj_cnt = prog->len + insn_delta; + + /* Several new instructions need to be inserted. Make room +* for them. Likely, there's no need for a new allocation as +* last page could have large enough tailroom. +*/ + prog_adj = bpf_prog_realloc(prog, bpf_prog_size(insn_adj_cnt), + GFP_USER); + if (!prog_adj) + return NULL; + + prog_adj->len = insn_adj_cnt; + + /* Patching happens in 3 steps: +* +* 1) Move over tail of insnsi from next instruction onwards, +*so we can patch the single target insn with one or more +*new ones (patching is always from 1 to n insns, n > 0). +* 2) Inject new instructions at the target location. +* 3) Adjust branch offsets if necessary. +*/ + insn_rest = insn_adj_cnt - off - len; + + memmove(prog_adj->insnsi + off + len, prog_adj->insnsi + off + 1, + sizeof(*patch) * insn_rest); + memcpy(prog_adj->insnsi + off, patch, sizeof(*patch) * len); + + bpf_adj_branches(prog_adj, off, insn_delta); + + return prog_adj; +} + #ifdef CONFIG_BPF_JIT struct bpf_binary_header * bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index eb759f5008b8..261c90233dcd 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2098,26 +2098,6 @@ static void convert_pseudo_ld_imm64(struct verifier_env *env) insn->src_reg = 0; } -static void adjust_branches(struct bpf_prog *prog, int pos, int delta) -{ - struct bpf_insn *insn = prog->insnsi; - int insn_cnt = prog->len; - int i; - - for (i = 0; i < insn_cnt; i++, insn++) { - if (BPF_CLASS(insn->code) != BPF_JMP |
[PATCH 4.4-stable 6/6] bpf: prevent out-of-bounds speculation
From: Alexei Starovoitov <a...@kernel.org> commit b2157399cc9898260d6031c5bfe45fe137c1fbe7 upstream. Under speculation, CPUs may mis-predict branches in bounds checks. Thus, memory accesses under a bounds check may be speculated even if the bounds check fails, providing a primitive for building a side channel. To avoid leaking kernel data round up array-based maps and mask the index after bounds check, so speculated load with out of bounds index will load either valid value from the array or zero from the padded area. Unconditionally mask index for all array types even when max_entries are not rounded to power of 2 for root user. When map is created by unpriv user generate a sequence of bpf insns that includes AND operation to make sure that JITed code includes the same 'index & index_mask' operation. If prog_array map is created by unpriv user replace bpf_tail_call(ctx, map, index); with if (index >= max_entries) { index &= map->index_mask; bpf_tail_call(ctx, map, index); } (along with roundup to power 2) to prevent out-of-bounds speculation. There is secondary redundant 'if (index >= max_entries)' in the interpreter and in all JITs, but they can be optimized later if necessary. Other array-like maps (cpumap, devmap, sockmap, perf_event_array, cgroup_array) cannot be used by unpriv, so no changes there. That fixes bpf side of "Variant 1: bounds check bypass (CVE-2017-5753)" on all architectures with and without JIT. v2->v3: Daniel noticed that attack potentially can be crafted via syscall commands without loading the program, so add masking to those paths as well. [js] backport -- no percpu arrays etc.; idx in check_call; map_ptr in struct bpf_insn_aux_data Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: John Fastabend <john.fastab...@gmail.com> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- include/linux/bpf.h | 2 ++ kernel/bpf/arraymap.c | 24 +++- kernel/bpf/verifier.c | 46 ++ 3 files changed, 63 insertions(+), 9 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 4f6d29c8e3d8..f2157159b26f 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -37,6 +37,7 @@ struct bpf_map { u32 value_size; u32 max_entries; u32 pages; + bool unpriv_array; struct user_struct *user; const struct bpf_map_ops *ops; struct work_struct work; @@ -141,6 +142,7 @@ struct bpf_prog_aux { struct bpf_array { struct bpf_map map; u32 elem_size; + u32 index_mask; /* 'ownership' of prog_array is claimed by the first program that * is going to use this map or by the first program which FD is stored * in the map to make sure that all callers and callees have the same diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index b0799bced518..56f8a8306a49 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -20,8 +20,9 @@ /* Called from syscall */ static struct bpf_map *array_map_alloc(union bpf_attr *attr) { + u32 elem_size, array_size, index_mask, max_entries; + bool unpriv = !capable(CAP_SYS_ADMIN); struct bpf_array *array; - u32 elem_size, array_size; /* check sanity of attributes */ if (attr->max_entries == 0 || attr->key_size != 4 || @@ -36,12 +37,21 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) elem_size = round_up(attr->value_size, 8); + max_entries = attr->max_entries; + index_mask = roundup_pow_of_two(max_entries) - 1; + + if (unpriv) + /* round up array size to nearest power of 2, +* since cpu will speculate within index_mask limits +*/ + max_entries = index_mask + 1; + /* check round_up into zero and u32 overflow */ if (elem_size == 0 || - attr->max_entries > (U32_MAX - PAGE_SIZE - sizeof(*array)) / elem_size) + max_entries > (U32_MAX - PAGE_SIZE - sizeof(*array)) / elem_size) return ERR_PTR(-ENOMEM); - array_size = sizeof(*array) + attr->max_entries * elem_size; + array_size = sizeof(*array) + max_entries * elem_size; /* allocate all map elements and zero-initialize them */ array = kzalloc(array_size, GFP_USER | __GFP_NOWARN); @@ -50,6 +60,8 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) if (!array) return ERR_PTR(-ENOMEM); } + array->index_mask = index_mask; + array->map.unpriv_array = unpriv; /* copy mandatory map attributes */ array->map.key_size = attr->key_size; @@ -70,7 +82,7 @@ static void *array_map_lookup_elem(struct bpf_map *map, void *key) if (index >= array->
[PATCH 4.4-stable 5/6] bpf: adjust insn_aux_data when patching insns
From: Alexei Starovoitov <a...@fb.com> commit 8041902dae5299c1f194ba42d14383f734631009 upstream. convert_ctx_accesses() replaces single bpf instruction with a set of instructions. Adjust corresponding insn_aux_data while patching. It's needed to make sure subsequent 'for(all insn)' loops have matching insn and insn_aux_data. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- kernel/bpf/verifier.c | 40 +--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 47bb3eee950c..bb4b5405d1a5 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2107,6 +2107,41 @@ static void convert_pseudo_ld_imm64(struct verifier_env *env) insn->src_reg = 0; } +/* single env->prog->insni[off] instruction was replaced with the range + * insni[off, off + cnt). Adjust corresponding insn_aux_data by copying + * [0, off) and [off, end) to new locations, so the patched range stays zero + */ +static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len, + u32 off, u32 cnt) +{ + struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data; + + if (cnt == 1) + return 0; + new_data = vzalloc(sizeof(struct bpf_insn_aux_data) * prog_len); + if (!new_data) + return -ENOMEM; + memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off); + memcpy(new_data + off + cnt - 1, old_data + off, + sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1)); + env->insn_aux_data = new_data; + vfree(old_data); + return 0; +} + +static struct bpf_prog *bpf_patch_insn_data(struct verifier_env *env, u32 off, + const struct bpf_insn *patch, u32 len) +{ + struct bpf_prog *new_prog; + + new_prog = bpf_patch_insn_single(env->prog, off, patch, len); + if (!new_prog) + return NULL; + if (adjust_insn_aux_data(env, new_prog->len, off, len)) + return NULL; + return new_prog; +} + /* convert load instructions that access fields of 'struct __sk_buff' * into sequence of instructions that access fields of 'struct sk_buff' */ @@ -2132,7 +2167,7 @@ static int convert_ctx_accesses(struct verifier_env *env) else continue; - if (env->insn_aux_data[i].ptr_type != PTR_TO_CTX) + if (env->insn_aux_data[i + delta].ptr_type != PTR_TO_CTX) continue; cnt = env->prog->aux->ops-> @@ -2143,8 +2178,7 @@ static int convert_ctx_accesses(struct verifier_env *env) return -EINVAL; } - new_prog = bpf_patch_insn_single(env->prog, i + delta, insn_buf, -cnt); + new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; -- 2.15.1
[PATCH 4.4-stable 3/6] bpf: move fixup_bpf_calls() function
From: Alexei Starovoitov <a...@fb.com> commit e245c5c6a5656e4d61aa7bb08e9694fd6e5b2b9d upstream. no functional change. move fixup_bpf_calls() to verifier.c it's being refactored in the next patch Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- kernel/bpf/syscall.c | 54 -- kernel/bpf/verifier.c | 55 +++ 2 files changed, 55 insertions(+), 54 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 4e32cc94edd9..424accd20c2d 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -447,57 +447,6 @@ void bpf_register_prog_type(struct bpf_prog_type_list *tl) list_add(>list_node, _prog_types); } -/* fixup insn->imm field of bpf_call instructions: - * if (insn->imm == BPF_FUNC_map_lookup_elem) - * insn->imm = bpf_map_lookup_elem - __bpf_call_base; - * else if (insn->imm == BPF_FUNC_map_update_elem) - * insn->imm = bpf_map_update_elem - __bpf_call_base; - * else ... - * - * this function is called after eBPF program passed verification - */ -static void fixup_bpf_calls(struct bpf_prog *prog) -{ - const struct bpf_func_proto *fn; - int i; - - for (i = 0; i < prog->len; i++) { - struct bpf_insn *insn = >insnsi[i]; - - if (insn->code == (BPF_JMP | BPF_CALL)) { - /* we reach here when program has bpf_call instructions -* and it passed bpf_check(), means that -* ops->get_func_proto must have been supplied, check it -*/ - BUG_ON(!prog->aux->ops->get_func_proto); - - if (insn->imm == BPF_FUNC_get_route_realm) - prog->dst_needed = 1; - if (insn->imm == BPF_FUNC_get_prandom_u32) - bpf_user_rnd_init_once(); - if (insn->imm == BPF_FUNC_tail_call) { - /* mark bpf_tail_call as different opcode -* to avoid conditional branch in -* interpeter for every normal call -* and to prevent accidental JITing by -* JIT compiler that doesn't support -* bpf_tail_call yet -*/ - insn->imm = 0; - insn->code |= BPF_X; - continue; - } - - fn = prog->aux->ops->get_func_proto(insn->imm); - /* all functions that have prototype and verifier allowed -* programs to call them, must be real in-kernel functions -*/ - BUG_ON(!fn->func); - insn->imm = fn->func - __bpf_call_base; - } - } -} - /* drop refcnt on maps used by eBPF program and free auxilary data */ static void free_used_maps(struct bpf_prog_aux *aux) { @@ -680,9 +629,6 @@ static int bpf_prog_load(union bpf_attr *attr) if (err < 0) goto free_used_maps; - /* fixup BPF_CALL->imm field */ - fixup_bpf_calls(prog); - /* eBPF program is ready to be JITed */ err = bpf_prog_select_runtime(prog); if (err < 0) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 769d2ec44802..198737d36754 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2158,6 +2158,58 @@ static int convert_ctx_accesses(struct verifier_env *env) return 0; } +/* fixup insn->imm field of bpf_call instructions: + * if (insn->imm == BPF_FUNC_map_lookup_elem) + * insn->imm = bpf_map_lookup_elem - __bpf_call_base; + * else if (insn->imm == BPF_FUNC_map_update_elem) + * insn->imm = bpf_map_update_elem - __bpf_call_base; + * else ... + * + * this function is called after eBPF program passed verification + */ +static void fixup_bpf_calls(struct bpf_prog *prog) +{ + const struct bpf_func_proto *fn; + int i; + + for (i = 0; i < prog->len; i++) { + struct bpf_insn *insn = >insnsi[i]; + + if (insn->code == (BPF_JMP | BPF_CALL)) { + /* we reach here when program has bpf_call instructions +* and it passed bpf_check(), means that +* ops->get_func_proto must have been supplied, check it +*/ + BUG_ON(!prog->aux->ops->get_func_proto); + + if
[PATCH 4.4-stable 4/6] bpf: refactor fixup_bpf_calls()
From: Alexei Starovoitov <a...@fb.com> commit 79741b3bdec01a8628368fbcfccc7d189ed606cb upstream. reduce indent and make it iterate over instructions similar to convert_ctx_accesses(). Also convert hard BUG_ON into soft verifier error. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- kernel/bpf/verifier.c | 72 +++ 1 file changed, 33 insertions(+), 39 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 198737d36754..47bb3eee950c 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2158,57 +2158,51 @@ static int convert_ctx_accesses(struct verifier_env *env) return 0; } -/* fixup insn->imm field of bpf_call instructions: - * if (insn->imm == BPF_FUNC_map_lookup_elem) - * insn->imm = bpf_map_lookup_elem - __bpf_call_base; - * else if (insn->imm == BPF_FUNC_map_update_elem) - * insn->imm = bpf_map_update_elem - __bpf_call_base; - * else ... +/* fixup insn->imm field of bpf_call instructions * * this function is called after eBPF program passed verification */ -static void fixup_bpf_calls(struct bpf_prog *prog) +static int fixup_bpf_calls(struct verifier_env *env) { + struct bpf_prog *prog = env->prog; + struct bpf_insn *insn = prog->insnsi; const struct bpf_func_proto *fn; + const int insn_cnt = prog->len; int i; - for (i = 0; i < prog->len; i++) { - struct bpf_insn *insn = >insnsi[i]; + for (i = 0; i < insn_cnt; i++, insn++) { + if (insn->code != (BPF_JMP | BPF_CALL)) + continue; - if (insn->code == (BPF_JMP | BPF_CALL)) { - /* we reach here when program has bpf_call instructions -* and it passed bpf_check(), means that -* ops->get_func_proto must have been supplied, check it + if (insn->imm == BPF_FUNC_get_route_realm) + prog->dst_needed = 1; + if (insn->imm == BPF_FUNC_get_prandom_u32) + bpf_user_rnd_init_once(); + if (insn->imm == BPF_FUNC_tail_call) { + /* mark bpf_tail_call as different opcode to avoid +* conditional branch in the interpeter for every normal +* call and to prevent accidental JITing by JIT compiler +* that doesn't support bpf_tail_call yet */ - BUG_ON(!prog->aux->ops->get_func_proto); - - if (insn->imm == BPF_FUNC_get_route_realm) - prog->dst_needed = 1; - if (insn->imm == BPF_FUNC_get_prandom_u32) - bpf_user_rnd_init_once(); - if (insn->imm == BPF_FUNC_tail_call) { - /* mark bpf_tail_call as different opcode -* to avoid conditional branch in -* interpeter for every normal call -* and to prevent accidental JITing by -* JIT compiler that doesn't support -* bpf_tail_call yet -*/ - insn->imm = 0; - insn->code |= BPF_X; - continue; - } + insn->imm = 0; + insn->code |= BPF_X; + continue; + } - fn = prog->aux->ops->get_func_proto(insn->imm); - /* all functions that have prototype and verifier allowed -* programs to call them, must be real in-kernel functions -*/ - BUG_ON(!fn->func); - insn->imm = fn->func - __bpf_call_base; + fn = prog->aux->ops->get_func_proto(insn->imm); + /* all functions that have prototype and verifier allowed +* programs to call them, must be real in-kernel functions +*/ + if (!fn->func) { + verbose("kernel subsystem misconfigured func %d\n", + insn->imm); + return -EFAULT; } + insn->imm = fn->func - __bpf_call_base; } -} + return 0; +} static void free_states(struct verifier_env *env) { @@ -2309,7 +2303,7 @@ skip_full_check: ret = convert_ctx
[PATCH 1/1] l2tp: cleanup l2tp_tunnel_delete calls
l2tp_tunnel_delete does not return anything since commit 62b982eeb458 ("l2tp: fix race condition in l2tp_tunnel_delete"). But call sites of l2tp_tunnel_delete still do casts to void to avoid unused return value warnings. Kill these now useless casts. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Sabrina Dubroca <s...@queasysnail.net> Cc: Guillaume Nault <g.na...@alphalink.fr> Cc: David S. Miller <da...@davemloft.net> Cc: netdev@vger.kernel.org --- net/l2tp/l2tp_core.c| 2 +- net/l2tp/l2tp_netlink.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c index 02d61101b108..af22aa8ae35b 100644 --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -1891,7 +1891,7 @@ static __net_exit void l2tp_exit_net(struct net *net) rcu_read_lock_bh(); list_for_each_entry_rcu(tunnel, >l2tp_tunnel_list, list) { - (void)l2tp_tunnel_delete(tunnel); + l2tp_tunnel_delete(tunnel); } rcu_read_unlock_bh(); diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c index 7135f4645d3a..c28223d8092b 100644 --- a/net/l2tp/l2tp_netlink.c +++ b/net/l2tp/l2tp_netlink.c @@ -282,7 +282,7 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info l2tp_tunnel_notify(_nl_family, info, tunnel, L2TP_CMD_TUNNEL_DELETE); - (void) l2tp_tunnel_delete(tunnel); + l2tp_tunnel_delete(tunnel); l2tp_tunnel_dec_refcount(tunnel); -- 2.14.3
Stable apply request [was: Bluetooth: bnep: fix possible might sleep error in bnep_session]
On 06/27/2017, 07:32 PM, Marcel Holtmann wrote: >> It looks like bnep_session has same pattern as the issue reported in >> old rfcomm: >> >> while (1) { >> set_current_state(TASK_INTERRUPTIBLE); >> if (condition) >> break; >> // may call might_sleep here >> schedule(); >> } >> __set_current_state(TASK_RUNNING); >> >> Which fixed at: >> dfb2fae Bluetooth: Fix nested sleeps >> >> So let's fix it at the same way, also follow the suggestion of: >> https://lwn.net/Articles/628628/ ... > all 3 patches have been applied to bluetooth-next tree. Hi, given users are hitting it in at least 4.4 and 4.12, can we have all three in all stables where this applies? 5da8e47d849d Bluetooth: hidp: fix possible might sleep error in hidp_session_thread f06d977309d0 Bluetooth: cmtp: fix possible might sleep error in cmtp_session 25717382c1dd Bluetooth: bnep: fix possible might sleep error in bnep_session I am not sure: to stable directly or via net stable? thanks, -- js suse labs
[UBSAN] iwlmvm's iwl_mvm_enable_txq accesses IEEE80211_INVAL_HW_QUEUE
Hi, we have got an UBSAN report from opensuse's user who booten UBSAN-enabled kernel by mistake: UBSAN: Undefined behaviour in drivers/net/wireless/intel/iwlwifi/mvm/utils.c:667:49 shift exponent 255 is too large for 64-bit type 'long unsigned int' CPU: 2 PID: 1590 Comm: wpa_supplicant Not tainted 4.11.2-1-syzkaller #1 Hardware name: Dell Inc. Precision 5510/0N8J4R, BIOS 01.02.00 04/07/2016 Call Trace: ... iwl_mvm_enable_txq+0xc6d/0x1080 [iwlmvm] iwl_mvm_send_add_bcast_sta+0x275/0x850 [iwlmvm] iwl_mvm_add_bcast_sta+0x11b/0x280 [iwlmvm] iwl_mvm_mac_add_interface+0x51f/0x8b0 [iwlmvm] drv_add_interface+0x1a7/0x8c0 [mac80211] ieee80211_do_open+0xdff/0x2790 [mac80211] ieee80211_start_p2p_device+0xac/0xf0 [mac80211] nl80211_start_p2p_device+0x25d/0xab0 [cfg80211] genl_family_rcv_msg+0x835/0xf10 genl_rcv_msg+0xd0/0x1c0 netlink_rcv_skb+0x226/0x310 genl_rcv+0x2d/0x40 netlink_unicast+0x631/0x9d0 netlink_sendmsg+0xa2e/0xf60 sock_sendmsg+0xf7/0x180 ___sys_sendmsg+0x777/0xa60 __sys_sendmsg+0xd6/0x170 SyS_sendmsg+0x32/0x50 entry_SYSCALL_64_fastpath+0x23/0xc6 mac80211_queue is 255 which is IEEE80211_INVAL_HW_QUEUE, so it should not be worked with at all. The invalid queue is hopefully handled in ieee80211_check_queues after drv_add_interface in ieee80211_do_open: res = drv_add_interface(local, sdata); if (res) goto err_stop; res = ieee80211_check_queues(sdata, ieee80211_vif_type_p2p(>vif)); But the mvm driver still should not blindly shift 1 by 255 in iwl_mvm_enable_txq. Should the check for the invalid queue be before adding the interface in mac80211? Or should drivers check it in their add_interface? thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 08:24 PM, David Miller wrote: > From: Jiri Slaby <jsl...@suse.cz> > Date: Mon, 24 Apr 2017 19:51:54 +0200 > >> For example what's the point of making the sk_load_word_positive_offset >> label a global, callable function? Note that this is exactly the reason >> why this particular two hunks look weird to you even though the >> annotations only mechanically paraphrase what is in the current code. > > So that it can be referenced by the eBPF JIT, because these are > helpers for eBPF JIT generated code. Every architecture implementing > an eBPF JIT has this "mess". I completely understand the needs for this, but I am complaining about the way it is written. That is not the best -- unbalanced annotations, C macros in lowercase (apart from that, C macros in .S need semicolons & backslashes), FUNC macro, etc. > You can't even put a tracepoint or kprobe on these things and expect > to see "arguments" or "return PC" values in the usual spots. This > code has special calling conventions and register usage as Alexei > explained. Yes, I can see that. > I would suggest that you read and understand how this assembler is > designed, how it is called from the generated JIT code, and what it's > semantics and register usage are, before trying to annotating it. Of course I studied the code. I only missed macro CHOOSE_LOAD_FUNC which I see now. So that answers why sk_load_word_positive_offset & similar are marked as .globl. But the original question I asked still remains: why do you mind calling them BPF_FUNC_START & *_END, given: 1) the functions are marked by "FUNC" already: $ git grep FUNC linus/master arch/x86/net/bpf_jit.S linus/master:arch/x86/net/bpf_jit.S:#define FUNC(name) \ linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word_positive_offset) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half_positive_offset) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte_positive_offset) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_word_negative_offset) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_half_negative_offset) linus/master:arch/x86/net/bpf_jit.S:FUNC(sk_load_byte_negative_offset) 2) they _are_ all callable from within the JIT code: EMIT1_off32(0xE8, jmp_offset); Yes, I fucked up the ENDs. They should be on different locations. But the pieces are still functions from my POV and should be annotated accordingly. thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 06:47 PM, Alexei Starovoitov wrote: > On Mon, Apr 24, 2017 at 06:02:51PM +0200, Jiri Slaby wrote: >> On 04/24/2017, 05:55 PM, Ingo Molnar wrote: >>> * Jiri Slaby <jsl...@suse.cz> wrote: >>> >>>> On 04/24/2017, 05:08 PM, David Miller wrote: >>>>> If you align the entry points, then the code sequence as a whole is >>>>> are no longer densely packed. >>>> >>>> Sure. >>>> >>>>> Or do I misunderstand how your macros work? >>>> >>>> Perhaps. So the suggested macros for the code are: >>>> #define BPF_FUNC_START_LOCAL(name) \ >>>>SYM_START(name, SYM_V_LOCAL, SYM_A_NONE) >>>> #define BPF_FUNC_START(name) \ >>>>SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE) >>>> >>>> and they differ from the standard ones: >>>> #define SYM_FUNC_START_LOCAL(name) \ >>>> SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN) >>>> #define SYM_FUNC_START(name)\ >>>> SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN) >>>> >>>> >>>> The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means: >>>> #define SYM_A_ALIGN ALIGN >>>> #define SYM_A_NONE /* nothing */ >>>> >>>> Does it look OK now? >>> >>> No, the patch changes alignment which is undesirable, it needs to preserve >>> the >>> existing (non-)alignment of the symbols! >> >> OK, so I am not expressing myself explicitly enough, it seems. >> >> So, correct, the patch v3 adds alignments. I suggested in the discussion >> the macros above. They do not add alignments. If everybody is OK with >> that, v4 of the patch won't add alignments. OK? > > can we go back to what problem this patch set is trying to solve? > Sounds like you want to add _function_ start/end marks to aid debugging? > Debugging with what? What tool will recognize this stuff? objtool will generate DWARF debuginfo between every ENTRY and ENDPROC (dubbed differently at the end of the series). DWARF is understood by everything, including the kernel proper (we have DWARF unwinder in SUSE's kernels available for decades). > Take a look at what your patch does: > +ENTRY(sk_load_word) > test%esi,%esi > js bpf_slow_path_word_neg > +ENDPROC(sk_load_word) > > Does above two assembler instructions look like a function? Yes, you are right, the code is complete mess. For example what's the point of making the sk_load_word_positive_offset label a global, callable function? Note that this is exactly the reason why this particular two hunks look weird to you even though the annotations only mechanically paraphrase what is in the current code. > or this: > +ENTRY(sk_load_byte_positive_offset) > cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */ > jle bpf_slow_path_byte > movzbl (SKBDATA,%rsi),%eax > ret > +ENDPROC(sk_load_byte_positive_offset) > > This assembler code doesn't represent functions. There is no prologue/epilogue > and no stack frame. JITed code uses 'call' insn to jump into them, but they're > not your typical C functions. I am not looking for C functions everywhere in assembly, actually. (In the ideal assembly, I would and in most cases I really am.) But you are right the annotations of the current code aren't right. It results in my annotations being wrong too -- based on invalid assumptions. > Take a look at bpf_slow_path_common() macro that creates the frame before > calling into C code with 'call skb_copy_bits;' > > I still think that this code should be left alone. > Even macro names you're proposing: > #define BPF_FUNC_START_LOCAL > don't sound right. These are not functions. Well, what is the reason to call them FUNC in the current code then? thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 05:55 PM, Ingo Molnar wrote: > * Jiri Slaby <jsl...@suse.cz> wrote: > >> On 04/24/2017, 05:08 PM, David Miller wrote: >>> If you align the entry points, then the code sequence as a whole is >>> are no longer densely packed. >> >> Sure. >> >>> Or do I misunderstand how your macros work? >> >> Perhaps. So the suggested macros for the code are: >> #define BPF_FUNC_START_LOCAL(name) \ >> SYM_START(name, SYM_V_LOCAL, SYM_A_NONE) >> #define BPF_FUNC_START(name) \ >> SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE) >> >> and they differ from the standard ones: >> #define SYM_FUNC_START_LOCAL(name) \ >> SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN) >> #define SYM_FUNC_START(name)\ >> SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN) >> >> >> The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means: >> #define SYM_A_ALIGN ALIGN >> #define SYM_A_NONE /* nothing */ >> >> Does it look OK now? > > No, the patch changes alignment which is undesirable, it needs to preserve > the > existing (non-)alignment of the symbols! OK, so I am not expressing myself explicitly enough, it seems. So, correct, the patch v3 adds alignments. I suggested in the discussion the macros above. They do not add alignments. If everybody is OK with that, v4 of the patch won't add alignments. OK? thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 05:51 PM, David Miller wrote: > I said I'm not OK with the alignment So in short, the suggested macros add no alignment. -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 05:08 PM, David Miller wrote: > If you align the entry points, then the code sequence as a whole is > are no longer densely packed. Sure. > Or do I misunderstand how your macros work? Perhaps. So the suggested macros for the code are: #define BPF_FUNC_START_LOCAL(name) \ SYM_START(name, SYM_V_LOCAL, SYM_A_NONE) #define BPF_FUNC_START(name) \ SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE) and they differ from the standard ones: #define SYM_FUNC_START_LOCAL(name) \ SYM_START(name, SYM_V_LOCAL, SYM_A_ALIGN) #define SYM_FUNC_START(name)\ SYM_START(name, SYM_V_GLOBAL, SYM_A_ALIGN) The difference is SYM_A_NONE vs. SYM_A_ALIGN, which means: #define SYM_A_ALIGN ALIGN #define SYM_A_NONE /* nothing */ Does it look OK now? thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/24/2017, 04:41 PM, David Miller wrote: >> It cannot stay as-is simply because we want to know where the functions >> end to inject debuginfo properly. The code above does not warrant for >> any exception. > > I totally and completely disagree. You can disagree as you wish but there is really nothing special on the bpf code with respect to annotations. >> Executing a nop takes a little and having externally-callable functions >> aligned can actually help performance (no, I haven't measured nor tested >> the code). But sure, the tool is generic, so I can introduce a local >> macros to avoid alignments in the functions: > > Not for this case, it's a bunch of entry points all packed together > intentionally so that SKB accesses of different access sizes (which is > almost always the case) from BPF programs use the smallest amount of > I-cache as possible. And for that reason I suggested the special macros for the code (see the macros in the e-mail you replied to again). So what problem do you actually have with the suggested solution? thanks, -- js suse labs
Re: [PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
On 04/21/2017, 09:32 PM, Alexei Starovoitov wrote: > On Fri, Apr 21, 2017 at 04:12:43PM +0200, Jiri Slaby wrote: >> Do not use a custom macro FUNC for starts of the global functions, use >> ENTRY instead. >> >> And while at it, annotate also ends of the functions by ENDPROC. >> >> Signed-off-by: Jiri Slaby <jsl...@suse.cz> >> Cc: "David S. Miller" <da...@davemloft.net> >> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> >> Cc: James Morris <jmor...@namei.org> >> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> >> Cc: Patrick McHardy <ka...@trash.net> >> Cc: Thomas Gleixner <t...@linutronix.de> >> Cc: Ingo Molnar <mi...@redhat.com> >> Cc: "H. Peter Anvin" <h...@zytor.com> >> Cc: x...@kernel.org >> Cc: netdev@vger.kernel.org >> --- >> arch/x86/net/bpf_jit.S | 32 ++-- >> 1 file changed, 18 insertions(+), 14 deletions(-) >> >> diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S >> index f2a7faf4706e..762c29fb8832 100644 >> --- a/arch/x86/net/bpf_jit.S >> +++ b/arch/x86/net/bpf_jit.S >> @@ -23,16 +23,12 @@ >> 32 /* space for rbx,r13,r14,r15 */ + \ >> 8 /* space for skb_copy_bits */) >> >> -#define FUNC(name) \ >> -.globl name; \ >> -.type name, @function; \ >> -name: >> - >> -FUNC(sk_load_word) >> +ENTRY(sk_load_word) >> test%esi,%esi >> js bpf_slow_path_word_neg >> +ENDPROC(sk_load_word) > > this doens't look right. > It will add alignment nops in critical paths of these pseudo functions. > I'm also not sure whether it will still work afterwards. > Was it tested? > I'd prefer if this code kept as-is. It cannot stay as-is simply because we want to know where the functions end to inject debuginfo properly. The code above does not warrant for any exception. Executing a nop takes a little and having externally-callable functions aligned can actually help performance (no, I haven't measured nor tested the code). But sure, the tool is generic, so I can introduce a local macros to avoid alignments in the functions: #define BPF_FUNC_START_LOCAL(name) \ SYM_START(name, SYM_V_LOCAL, SYM_A_NONE) #define BPF_FUNC_START(name) \ SYM_START(name, SYM_V_GLOBAL, SYM_A_NONE) #define BPF_FUNC_END(name) SYM_FUNC_END(name) thanks, -- js suse labs
[PATCH v3 07/29] x86: bpf_jit, use ENTRY+ENDPROC
Do not use a custom macro FUNC for starts of the global functions, use ENTRY instead. And while at it, annotate also ends of the functions by ENDPROC. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: "David S. Miller" <da...@davemloft.net> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> Cc: James Morris <jmor...@namei.org> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> Cc: Patrick McHardy <ka...@trash.net> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: x...@kernel.org Cc: netdev@vger.kernel.org --- arch/x86/net/bpf_jit.S | 32 ++-- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S index f2a7faf4706e..762c29fb8832 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S @@ -23,16 +23,12 @@ 32 /* space for rbx,r13,r14,r15 */ + \ 8 /* space for skb_copy_bits */) -#define FUNC(name) \ - .globl name; \ - .type name, @function; \ - name: - -FUNC(sk_load_word) +ENTRY(sk_load_word) test%esi,%esi js bpf_slow_path_word_neg +ENDPROC(sk_load_word) -FUNC(sk_load_word_positive_offset) +ENTRY(sk_load_word_positive_offset) mov %r9d,%eax # hlen sub %esi,%eax # hlen - offset cmp $3,%eax @@ -40,12 +36,14 @@ FUNC(sk_load_word_positive_offset) mov (SKBDATA,%rsi),%eax bswap %eax/* ntohl() */ ret +ENDPROC(sk_load_word_positive_offset) -FUNC(sk_load_half) +ENTRY(sk_load_half) test%esi,%esi js bpf_slow_path_half_neg +ENDPROC(sk_load_half) -FUNC(sk_load_half_positive_offset) +ENTRY(sk_load_half_positive_offset) mov %r9d,%eax sub %esi,%eax # hlen - offset cmp $1,%eax @@ -53,16 +51,19 @@ FUNC(sk_load_half_positive_offset) movzwl (SKBDATA,%rsi),%eax rol $8,%ax # ntohs() ret +ENDPROC(sk_load_half_positive_offset) -FUNC(sk_load_byte) +ENTRY(sk_load_byte) test%esi,%esi js bpf_slow_path_byte_neg +ENDPROC(sk_load_byte) -FUNC(sk_load_byte_positive_offset) +ENTRY(sk_load_byte_positive_offset) cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */ jle bpf_slow_path_byte movzbl (SKBDATA,%rsi),%eax ret +ENDPROC(sk_load_byte_positive_offset) /* rsi contains offset and can be scratched */ #define bpf_slow_path_common(LEN) \ @@ -119,31 +120,34 @@ bpf_slow_path_word_neg: cmp SKF_MAX_NEG_OFF, %esi /* test range */ jl bpf_error /* offset lower -> error */ -FUNC(sk_load_word_negative_offset) +ENTRY(sk_load_word_negative_offset) sk_negative_common(4) mov (%rax), %eax bswap %eax ret +ENDPROC(sk_load_word_negative_offset) bpf_slow_path_half_neg: cmp SKF_MAX_NEG_OFF, %esi jl bpf_error -FUNC(sk_load_half_negative_offset) +ENTRY(sk_load_half_negative_offset) sk_negative_common(2) mov (%rax),%ax rol $8,%ax movzwl %ax,%eax ret +ENDPROC(sk_load_half_negative_offset) bpf_slow_path_byte_neg: cmp SKF_MAX_NEG_OFF, %esi jl bpf_error -FUNC(sk_load_byte_negative_offset) +ENTRY(sk_load_byte_negative_offset) sk_negative_common(1) movzbl (%rax), %eax ret +ENDPROC(sk_load_byte_negative_offset) bpf_error: # force a return 0 from jit handler -- 2.12.2
[PATCH v3 26/29] x86_64: assembly, change all ENTRY to SYM_FUNC_START
These are all functions which are invoked from elsewhere, so we annotate them as global using the new SYM_FUNC_START (and their ENDPROC's by SYM_FUNC_END.) And make sure ENTRY/ENDPROC is not defined on X86_64. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: x...@kernel.org Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: "David S. Miller" <da...@davemloft.net> Cc: "Rafael J. Wysocki" <r...@rjwysocki.net> Cc: Len Brown <len.br...@intel.com> Cc: Pavel Machek <pa...@ucw.cz> Cc: Bill Metzenthen <bi...@melbpc.org.au> Cc: Matt Fleming <m...@codeblueprint.co.uk> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: Boris Ostrovsky <boris.ostrov...@oracle.com> Cc: Juergen Gross <jgr...@suse.com> Cc: linux-cry...@vger.kernel.org Cc: linux...@vger.kernel.org Cc: linux-...@vger.kernel.org Cc: xen-de...@lists.xenproject.org Cc: "David S. Miller" <da...@davemloft.net> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> Cc: James Morris <jmor...@namei.org> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> Cc: Patrick McHardy <ka...@trash.net> Cc: netdev@vger.kernel.org --- arch/x86/boot/compressed/efi_thunk_64.S| 4 +- arch/x86/boot/compressed/head_64.S | 20 arch/x86/boot/copy.S | 16 +++--- arch/x86/boot/pmjump.S | 4 +- arch/x86/crypto/aes-i586-asm_32.S | 8 +-- arch/x86/crypto/aes-x86_64-asm_64.S| 4 +- arch/x86/crypto/aes_ctrby8_avx-x86_64.S| 12 ++--- arch/x86/crypto/aesni-intel_asm.S | 44 arch/x86/crypto/aesni-intel_avx-x86_64.S | 24 - arch/x86/crypto/blowfish-x86_64-asm_64.S | 16 +++--- arch/x86/crypto/camellia-aesni-avx-asm_64.S| 24 - arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 24 - arch/x86/crypto/camellia-x86_64-asm_64.S | 16 +++--- arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 16 +++--- arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 24 - arch/x86/crypto/chacha20-avx2-x86_64.S | 4 +- arch/x86/crypto/chacha20-ssse3-x86_64.S| 8 +-- arch/x86/crypto/crc32-pclmul_asm.S | 4 +- arch/x86/crypto/crc32c-pcl-intel-asm_64.S | 4 +- arch/x86/crypto/crct10dif-pcl-asm_64.S | 4 +- arch/x86/crypto/des3_ede-asm_64.S | 8 +-- arch/x86/crypto/ghash-clmulni-intel_asm.S | 8 +-- arch/x86/crypto/poly1305-avx2-x86_64.S | 4 +- arch/x86/crypto/poly1305-sse2-x86_64.S | 8 +-- arch/x86/crypto/salsa20-x86_64-asm_64.S| 12 ++--- arch/x86/crypto/serpent-avx-x86_64-asm_64.S| 24 - arch/x86/crypto/serpent-avx2-asm_64.S | 24 - arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 8 +-- arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S | 8 +-- arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S | 4 +- arch/x86/crypto/sha1-mb/sha1_x8_avx2.S | 4 +- arch/x86/crypto/sha1_avx2_x86_64_asm.S | 4 +- arch/x86/crypto/sha1_ni_asm.S | 4 +- arch/x86/crypto/sha1_ssse3_asm.S | 4 +- arch/x86/crypto/sha256-avx-asm.S | 4 +- arch/x86/crypto/sha256-avx2-asm.S | 4 +- .../crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S| 8 +-- .../crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S | 4 +- arch/x86/crypto/sha256-mb/sha256_x8_avx2.S | 4 +- arch/x86/crypto/sha256-ssse3-asm.S | 4 +- arch/x86/crypto/sha256_ni_asm.S| 4 +- arch/x86/crypto/sha512-avx-asm.S | 4 +- arch/x86/crypto/sha512-avx2-asm.S | 4 +- .../crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S| 8 +-- .../crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S | 4 +- arch/x86/crypto/sha512-mb/sha512_x4_avx2.S | 4 +- arch/x86/crypto/sha512-ssse3-asm.S | 4 +- arch/x86/crypto/twofish-avx-x86_64-asm_64.S| 24 - arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 8 +-- arch/x86/crypto/twofish-x86_64-asm_64.S| 8 +-- arch/x86/entry/entry_64.S | 58 +++--- arch/x86/entry/entry_64_compat.S | 16 +++--- arch/x86/kernel/acpi/wakeup_64.S | 8 +-- arch/x86/kernel/ftrace_64.S| 24 - arch/x86/kernel/head_64.S | 16 +++--- arch/x86/lib/checksum_32.S | 8 +-- arch/x86/lib/clear_page_64.S | 12 ++--- arch/x86/lib/cmpxchg16b_emu.S | 4 +- arch/x86/lib/cmpxchg8b_emu.S
Re: [PATCH] mac80211: Use setup_timer instead of init_timer
On 03/06/2017, 01:25 PM, Johannes Berg wrote: > On Fri, 2017-03-03 at 13:45 +0100, Jiri Slaby wrote: >> From: Ondřej Lysoněk <ondrej.lyso...@seznam.cz> >> >> Use setup_timer() and setup_deferrable_timer() to set the data and >> function timer fields. It makes the code cleaner and will allow for >> easier change of the timer struct internals. > > Btw, I suspect you generated this with coccinelle and didn't put enough > "..." there, because you missed one in mesh_path_new() :) Not really. This is one of assignments for students I lead, so this is done by hand every end of winter semester (Note the From line.) > Care to send a patch for that one too? I am just a forwarder, he received this request too, so you can try to persuade him :). thanks, -- js suse labs
[PATCH] mac80211: Use setup_timer instead of init_timer
From: Ondřej Lysoněk <ondrej.lyso...@seznam.cz> Use setup_timer() and setup_deferrable_timer() to set the data and function timer fields. It makes the code cleaner and will allow for easier change of the timer struct internals. Signed-off-by: Ondřej Lysoněk <ondrej.lyso...@seznam.cz> Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Johannes Berg <johan...@sipsolutions.net> Cc: "David S. Miller" <da...@davemloft.net> Cc: <linux-wirel...@vger.kernel.org> Cc: <netdev@vger.kernel.org> --- net/mac80211/agg-rx.c | 12 ++-- net/mac80211/agg-tx.c | 12 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c index 4456559cb056..1b7a4daf283c 100644 --- a/net/mac80211/agg-rx.c +++ b/net/mac80211/agg-rx.c @@ -357,14 +357,14 @@ void __ieee80211_start_rx_ba_session(struct sta_info *sta, spin_lock_init(_agg_rx->reorder_lock); /* rx timer */ - tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired; - tid_agg_rx->session_timer.data = (unsigned long)>timer_to_tid[tid]; - init_timer_deferrable(_agg_rx->session_timer); + setup_deferrable_timer(_agg_rx->session_timer, + sta_rx_agg_session_timer_expired, + (unsigned long)>timer_to_tid[tid]); /* rx reorder timer */ - tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired; - tid_agg_rx->reorder_timer.data = (unsigned long)>timer_to_tid[tid]; - init_timer(_agg_rx->reorder_timer); + setup_timer(_agg_rx->reorder_timer, + sta_rx_agg_reorder_timer_expired, + (unsigned long)>timer_to_tid[tid]); /* prepare reordering buffer */ tid_agg_rx->reorder_buf = diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index 45319cc01121..60e2a62f7bef 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c @@ -670,14 +670,14 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, tid_tx->timeout = timeout; /* response timer */ - tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired; - tid_tx->addba_resp_timer.data = (unsigned long)>timer_to_tid[tid]; - init_timer(_tx->addba_resp_timer); + setup_timer(_tx->addba_resp_timer, + sta_addba_resp_timer_expired, + (unsigned long)>timer_to_tid[tid]); /* tx timer */ - tid_tx->session_timer.function = sta_tx_agg_session_timer_expired; - tid_tx->session_timer.data = (unsigned long)>timer_to_tid[tid]; - init_timer_deferrable(_tx->session_timer); + setup_deferrable_timer(_tx->session_timer, + sta_tx_agg_session_timer_expired, + (unsigned long)>timer_to_tid[tid]); /* assign a dialog token */ sta->ampdu_mlme.dialog_token_allocator++; -- 2.12.0
[PATCH] atm: idt77252, use setup_timer and mod_timer
From: Jan Koniarik <jan.konia...@trustica.cz> Stop accessing timer struct members directly and use setup_timer and mod_timer helpers intended for that use. It makes the code cleaner and will allow for easier change of the timer struct internals. Signed-off-by: Jan Koniarik <jan.konia...@trustica.cz> Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Chas Williams <3ch...@gmail.com> Cc: <linux-atm-gene...@lists.sourceforge.net> Cc: <netdev@vger.kernel.org> --- drivers/atm/idt77252.c | 12 +++- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index 471ddfd93ea8..5ec109533bb9 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -2132,12 +2132,8 @@ idt77252_init_est(struct vc_map *vc, int pcr) est->interval = 2; /* XXX: make this configurable */ est->ewma_log = 2; /* XXX: make this configurable */ - init_timer(>timer); - est->timer.data = (unsigned long)vc; - est->timer.function = idt77252_est_timer; - - est->timer.expires = jiffies + ((HZ / 4) << est->interval); - add_timer(>timer); + setup_timer(>timer, idt77252_est_timer, (unsigned long)vc); + mod_timer(>timer, jiffies + ((HZ / 4) << est->interval)); return est; } @@ -3638,9 +3634,7 @@ static int idt77252_init_one(struct pci_dev *pcidev, spin_lock_init(>cmd_lock); spin_lock_init(>tst_lock); - init_timer(>tst_timer); - card->tst_timer.data = (unsigned long)card; - card->tst_timer.function = tst_timer; + setup_timer(>tst_timer, tst_timer, (unsigned long)card); /* Do the I/O remapping... */ card->membase = ioremap(membase, 1024); -- 2.11.1
[PATCH 3.12 093/127] net: sctp, forbid negative length
3.12-stable review patch. If anyone has any objections, please let me know. === [ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ] Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(int)) return -EINVAL; On the first look, the check seems to be correct. But since len is int and sizeof returns size_t, int gets promoted to unsigned size_t too. So the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is false. Fix this in sctp by explicitly checking len < 0 before any getsockopt handler is called. Note that sctp_getsockopt_events already handled the negative case. Since we added the < 0 check elsewhere, this one can be removed. If not checked, this is the result: UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19 shift exponent 52 is too large for 32-bit type 'int' CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 88006d99f2a8 b2f7bdea 41b58ab3 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270 0034 b5096422 Call Trace: [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300 ... [] ? kmalloc_order+0x24/0x90 [] ? kmalloc_order_trace+0x24/0x220 [] ? __kmalloc+0x330/0x540 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp] [] ? sctp_getsockopt+0x10d/0x1b0 [sctp] [] ? sock_common_getsockopt+0xb9/0x150 [] ? SyS_getsockopt+0x1a5/0x270 Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Vlad Yasevich <vyasev...@gmail.com> Cc: Neil Horman <nhor...@tuxdriver.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org Acked-by: Neil Horman <nhor...@tuxdriver.com> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- net/sctp/socket.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index ead3a8adca08..98cd6606f4a4 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4247,7 +4247,7 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { - if (len <= 0) + if (len == 0) return -EINVAL; if (len > sizeof(struct sctp_event_subscribe)) len = sizeof(struct sctp_event_subscribe); @@ -5758,6 +5758,9 @@ static int sctp_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; + if (len < 0) + return -EINVAL; + sctp_lock_sock(sk); switch (optname) { -- 2.10.2
[patch added to 3.12-stable] net: sctp, forbid negative length
This patch has been added to the 3.12 stable tree. If you have any objections, please let us know. === [ Upstream commit a4b8e71b05c27bae6bad3bdecddbc6b68a3ad8cf ] Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(int)) return -EINVAL; On the first look, the check seems to be correct. But since len is int and sizeof returns size_t, int gets promoted to unsigned size_t too. So the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is false. Fix this in sctp by explicitly checking len < 0 before any getsockopt handler is called. Note that sctp_getsockopt_events already handled the negative case. Since we added the < 0 check elsewhere, this one can be removed. If not checked, this is the result: UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19 shift exponent 52 is too large for 32-bit type 'int' CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 88006d99f2a8 b2f7bdea 41b58ab3 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270 0034 b5096422 Call Trace: [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300 ... [] ? kmalloc_order+0x24/0x90 [] ? kmalloc_order_trace+0x24/0x220 [] ? __kmalloc+0x330/0x540 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp] [] ? sctp_getsockopt+0x10d/0x1b0 [sctp] [] ? sock_common_getsockopt+0xb9/0x150 [] ? SyS_getsockopt+0x1a5/0x270 Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Vlad Yasevich <vyasev...@gmail.com> Cc: Neil Horman <nhor...@tuxdriver.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org Acked-by: Neil Horman <nhor...@tuxdriver.com> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- net/sctp/socket.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index ead3a8adca08..98cd6606f4a4 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4247,7 +4247,7 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { - if (len <= 0) + if (len == 0) return -EINVAL; if (len > sizeof(struct sctp_event_subscribe)) len = sizeof(struct sctp_event_subscribe); @@ -5758,6 +5758,9 @@ static int sctp_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; + if (len < 0) + return -EINVAL; + sctp_lock_sock(sk); switch (optname) { -- 2.10.2
Re: UDP does not autobind on recv
On 10/24/2016, 03:03 PM, Eric Dumazet wrote: > On Mon, 2016-10-24 at 14:54 +0200, Jiri Slaby wrote: >> Hello, >> >> as per man 7 udp: >> In order to receive packets, the socket can be bound to >> a local address first by using bind(2). Otherwise, >> the socket layer will automatically assign a free local >> port out of the range defined by /proc/sys/net/ipv4 >> /ip_local_port_range and bind the socket to INADDR_ANY. >> >> I did not know that bind is unneeded, so I tried that. But it does not >> work with this piece of code: >> int main() >> { >> char buf[128]; >> int fd = socket(AF_INET, SOCK_DGRAM, 0); >> recv(fd, buf, sizeof(buf), 0); >> } > > autobind makes little sense at recv() time really. > > How an application could expect to receive a frame to 'some socket' > without even knowing its port ? For example struct sockaddr_storage sa; socklen_t slen = sizeof(sa); recv(fd, buf, sizeof(buf), MSG_DONTWAIT); getsockname(fd, (struct sockaddr *), ); recv(fd, buf, sizeof(buf), 0); works. > How useful would that be exactly ? No need for finding a free port and checking, for example. > How TCP behaves ? TCP is a completely different story. bind is documented to be required there. (And listen and accept.) > I would say, fix the documentation if it is not correct. I don't have a problem with either. I have only found, that the implementation differs from the documentation :). Is there some supervisor documentation (like POSIX) which should we be in conformance to? thanks, -- js suse labs
UDP does not autobind on recv
Hello, as per man 7 udp: In order to receive packets, the socket can be bound to a local address first by using bind(2). Otherwise, the socket layer will automatically assign a free local port out of the range defined by /proc/sys/net/ipv4 /ip_local_port_range and bind the socket to INADDR_ANY. I did not know that bind is unneeded, so I tried that. But it does not work with this piece of code: int main() { char buf[128]; int fd = socket(AF_INET, SOCK_DGRAM, 0); recv(fd, buf, sizeof(buf), 0); } The recv above never returns (even if I bomb all ports from the range). ss -ulpan is silent too. As a workaround, I can stick a dummy write/send before recv: write(fd, "", 0); And it starts working. ss suddenly displays a port which the program listens on. I think the UDP recv path should do inet_autobind as I have done in the attached patch. But my knowledge is very limited in that area, so I have no idea whether that is correct at all. thanks, -- js suse labs >From 57c320998feb2e1e705a4ab6d3bbcb74c6ae65f0 Mon Sep 17 00:00:00 2001 From: Jiri Slaby <jsl...@suse.cz> Date: Sat, 22 Oct 2016 12:10:53 +0200 Subject: [PATCH] net: autobind UDP on recv Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- include/net/inet_common.h | 1 + net/ipv4/af_inet.c| 3 ++- net/ipv4/udp.c| 5 + net/ipv6/udp.c| 5 + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/net/inet_common.h b/include/net/inet_common.h index 5d683428fced..ba224ed3dd36 100644 --- a/include/net/inet_common.h +++ b/include/net/inet_common.h @@ -27,6 +27,7 @@ ssize_t inet_sendpage(struct socket *sock, struct page *page, int offset, int inet_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int flags); int inet_shutdown(struct socket *sock, int how); +int inet_autobind(struct sock *sk); int inet_listen(struct socket *sock, int backlog); void inet_sock_destruct(struct sock *sk); int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len); diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 9648c97e541f..d23acb11cdb0 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -171,7 +171,7 @@ EXPORT_SYMBOL(inet_sock_destruct); * Automatically bind an unbound socket. */ -static int inet_autobind(struct sock *sk) +int inet_autobind(struct sock *sk) { struct inet_sock *inet; /* We may need to bind the socket. */ @@ -187,6 +187,7 @@ static int inet_autobind(struct sock *sk) release_sock(sk); return 0; } +EXPORT_SYMBOL_GPL(inet_autobind); /* * Move a socket into listening state. diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 82fb78265f4b..ceb07c83af17 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1360,6 +1360,11 @@ int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len, addr_len); + /* We may need to bind the socket. */ + if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind && + inet_autobind(sk)) + return -EAGAIN; + try_again: peeking = off = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 71963b23d5a5..1c3dafc3d91e 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -341,6 +341,11 @@ int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len, addr_len); + /* We may need to bind the socket. */ + if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind && + inet_autobind(sk)) + return -EAGAIN; + try_again: peeking = off = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), -- 2.10.1
[PATCH] net: sctp, forbid negative length
Most of getsockopt handlers in net/sctp/socket.c check len against sizeof some structure like: if (len < sizeof(int)) return -EINVAL; On the first look, the check seems to be correct. But since len is int and sizeof returns size_t, int gets promoted to unsigned size_t too. So the test returns false for negative lengths. Yes, (-1 < sizeof(long)) is false. Fix this in sctp by explicitly checking len < 0 before any getsockopt handler is called. Note that sctp_getsockopt_events already handled the negative case. Since we added the < 0 check elsewhere, this one can be removed. If not checked, this is the result: UBSAN: Undefined behaviour in ../mm/page_alloc.c:2722:19 shift exponent 52 is too large for 32-bit type 'int' CPU: 1 PID: 24535 Comm: syz-executor Not tainted 4.8.1-0-syzkaller #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 88006d99f2a8 b2f7bdea 41b58ab3 b4363c14 b2f7bcde 88006d99f2d0 88006d99f270 0034 b5096422 Call Trace: [] ? __ubsan_handle_shift_out_of_bounds+0x29c/0x300 ... [] ? kmalloc_order+0x24/0x90 [] ? kmalloc_order_trace+0x24/0x220 [] ? __kmalloc+0x330/0x540 [] ? sctp_getsockopt_local_addrs+0x174/0xca0 [sctp] [] ? sctp_getsockopt+0x10d/0x1b0 [sctp] [] ? sock_common_getsockopt+0xb9/0x150 [] ? SyS_getsockopt+0x1a5/0x270 Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Vlad Yasevich <vyasev...@gmail.com> Cc: Neil Horman <nhor...@tuxdriver.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org --- net/sctp/socket.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index fb02c7033307..9fbb6feb8c27 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4687,7 +4687,7 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { - if (len <= 0) + if (len == 0) return -EINVAL; if (len > sizeof(struct sctp_event_subscribe)) len = sizeof(struct sctp_event_subscribe); @@ -6430,6 +6430,9 @@ static int sctp_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; + if (len < 0) + return -EINVAL; + lock_sock(sk); switch (optname) { -- 2.10.1
[PATCH] p54: memset(0) whole array
gcc 7 complains: drivers/net/wireless/intersil/p54/fwio.c: In function 'p54_scan': drivers/net/wireless/intersil/p54/fwio.c:491:4: warning: 'memset' used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size] Fix that by passing the correct size to memset. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Christian Lamparter <chunk...@googlemail.com> Cc: Kalle Valo <kv...@codeaurora.org> Cc: linux-wirel...@vger.kernel.org Cc: netdev@vger.kernel.org --- drivers/net/wireless/intersil/p54/fwio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/intersil/p54/fwio.c b/drivers/net/wireless/intersil/p54/fwio.c index 257a9eadd595..4ac6764f4897 100644 --- a/drivers/net/wireless/intersil/p54/fwio.c +++ b/drivers/net/wireless/intersil/p54/fwio.c @@ -488,7 +488,7 @@ int p54_scan(struct p54_common *priv, u16 mode, u16 dwell) entry += sizeof(__le16); chan->pa_points_per_curve = 8; - memset(chan->curve_data, 0, sizeof(*chan->curve_data)); + memset(chan->curve_data, 0, sizeof(chan->curve_data)); memcpy(chan->curve_data, entry, sizeof(struct p54_pa_curve_data_sample) * min((u8)8, curve_data->points_per_channel)); -- 2.10.1
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
On 09/13/2016, 05:35 PM, Tejun Heo wrote: > Hello, > > On Sat, Sep 10, 2016 at 11:33:48AM +0200, Dmitry Vyukov wrote: >> Hit the WARNING with the patch. It showed "Showing busy workqueues and >> worker pools:" after the WARNING, but then no queue info. Was it >> already destroyed and removed from the list?... > > Hmm... It either means that the work item which was in flight when > WARN_ON() ran finished by the time the debug printout got to it or > that it's something unrelated to busy work items. > >> [ 198.113838] WARNING: CPU: 2 PID: 26691 at kernel/workqueue.c:4042 >> destroy_workqueue+0x17b/0x630 > > I don't seem to have the same source code that you have. Which exact > WARN_ON() is this? I assume Dmitry sees the same what I am still seeing, so I reported this some time ago: https://lkml.org/lkml/2016/3/21/492 This warning is trigerred there and still occurs with "HEAD": (pwq != wq->dfl_pwq) && (pwq->refcnt > 1) and the state dump is in the log empty too: destroy_workqueue: name='hci0' pwq=88006b5c8f00 wq->dfl_pwq=88006b5c9b00 pwq->refcnt=2 pwq->nr_active=0 delayed_works: pwq 13: cpus=2-3 node=1 flags=0x4 nice=-20 active=0/1 in-flight: 2669:wq_barrier_func thanks, -- js suse labs
[PATCH] kcm: fix /proc memory leak
Every open of /proc/net/kcm leaks 16 bytes of memory as is reported by kmemleak: unreferenced object 0x88059c0e3458 (size 192): comm "cat", pid 1401, jiffies 4294935742 (age 310.720s) hex dump (first 32 bytes): 28 45 71 96 05 88 ff ff 00 10 00 00 00 00 00 00 (Eq. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] kmem_cache_alloc_trace+0x16e/0x230 [] seq_open+0x79/0x1d0 [] kcm_seq_open+0x0/0x30 [kcm] [] seq_open+0x79/0x1d0 [] __seq_open_private+0x2f/0xa0 [] seq_open_net+0x38/0xa0 ... It is caused by a missing free in the ->release path. So fix it by providing seq_release_net as the ->release method. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Fixes: cd6e111bf5 (kcm: Add statistics and proc interfaces) Cc: "David S. Miller" <da...@davemloft.net> Cc: Tom Herbert <t...@herbertland.com> Cc: netdev@vger.kernel.org --- net/kcm/kcmproc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/kcm/kcmproc.c b/net/kcm/kcmproc.c index 738008726cc6..fda7f4715c58 100644 --- a/net/kcm/kcmproc.c +++ b/net/kcm/kcmproc.c @@ -241,6 +241,7 @@ static const struct file_operations kcm_seq_fops = { .open = kcm_seq_open, .read = seq_read, .llseek = seq_lseek, + .release= seq_release_net, }; static struct kcm_seq_muxinfo kcm_seq_muxinfo = { -- 2.9.0
[PATCH 3.12 30/76] cpuset: Fix potential deadlock w/ set_mems_allowed
From: John Stultz <john.stu...@linaro.org> 3.12-stable review patch. If anyone has any objections, please let me know. === commit db751fe3ea6880ff5ac5abe60cb7b80deb5a4140 upstream. After adding lockdep support to seqlock/seqcount structures, I started seeing the following warning: [1.070907] == [1.072015] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ] [1.073181] 3.11.0+ #67 Not tainted [1.073801] -- [1.074882] kworker/u4:2/708 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [1.076088] (>mems_allowed_seq){+.+...}, at: [] new_slab+0x5f/0x280 [1.077572] [1.077572] and this task is already holding: [1.078593] (&(>__queue_lock)->rlock){..-...}, at: [] blk_execute_rq_nowait+0x53/0xf0 [1.080042] which would create a new lock dependency: [1.080042] (&(>__queue_lock)->rlock){..-...} -> (>mems_allowed_seq){+.+...} [1.080042] [1.080042] but this new dependency connects a SOFTIRQ-irq-safe lock: [1.080042] (&(>__queue_lock)->rlock){..-...} [1.080042] ... which became SOFTIRQ-irq-safe at: [1.080042] [] __lock_acquire+0x5b9/0x1db0 [1.080042] [] lock_acquire+0x95/0x130 [1.080042] [] _raw_spin_lock+0x41/0x80 [1.080042] [] scsi_device_unbusy+0x7e/0xd0 [1.080042] [] scsi_finish_command+0x32/0xf0 [1.080042] [] scsi_softirq_done+0xa1/0x130 [1.080042] [] blk_done_softirq+0x73/0x90 [1.080042] [] __do_softirq+0x110/0x2f0 [1.080042] [] run_ksoftirqd+0x2d/0x60 [1.080042] [] smpboot_thread_fn+0x156/0x1e0 [1.080042] [] kthread+0xd6/0xe0 [1.080042] [] ret_from_fork+0x7c/0xb0 [1.080042] [1.080042] to a SOFTIRQ-irq-unsafe lock: [1.080042] (>mems_allowed_seq){+.+...} [1.080042] ... which became SOFTIRQ-irq-unsafe at: [1.080042] ... [] __lock_acquire+0x613/0x1db0 [1.080042] [] lock_acquire+0x95/0x130 [1.080042] [] kthreadd+0x82/0x180 [1.080042] [] ret_from_fork+0x7c/0xb0 [1.080042] [1.080042] other info that might help us debug this: [1.080042] [1.080042] Possible interrupt unsafe locking scenario: [1.080042] [1.080042]CPU0CPU1 [1.080042] [1.080042] lock(>mems_allowed_seq); [1.080042]local_irq_disable(); [1.080042]lock(&(>__queue_lock)->rlock); [1.080042]lock(>mems_allowed_seq); [1.080042] [1.080042] lock(&(>__queue_lock)->rlock); [1.080042] [1.080042] *** DEADLOCK *** The issue stems from the kthreadd() function calling set_mems_allowed with irqs enabled. While its possibly unlikely for the actual deadlock to trigger, a fix is fairly simple: disable irqs before taking the mems_allowed_seq lock. Signed-off-by: John Stultz <john.stu...@linaro.org> Signed-off-by: Peter Zijlstra <pet...@infradead.org> Acked-by: Li Zefan <lize...@huawei.com> Cc: Mathieu Desnoyers <mathieu.desnoy...@efficios.com> Cc: Steven Rostedt <rost...@goodmis.org> Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Link: http://lkml.kernel.org/r/1381186321-4906-4-git-send-email-john.stu...@linaro.org Signed-off-by: Ingo Molnar <mi...@kernel.org> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- include/linux/cpuset.h | 4 1 file changed, 4 insertions(+) diff --git a/include/linux/cpuset.h b/include/linux/cpuset.h index a7ebb89ae9fb..ade2390ffe92 100644 --- a/include/linux/cpuset.h +++ b/include/linux/cpuset.h @@ -132,10 +132,14 @@ static inline bool read_mems_allowed_retry(unsigned int seq) static inline void set_mems_allowed(nodemask_t nodemask) { + unsigned long flags; + task_lock(current); + local_irq_save(flags); write_seqcount_begin(>mems_allowed_seq); current->mems_allowed = nodemask; write_seqcount_end(>mems_allowed_seq); + local_irq_restore(flags); task_unlock(current); } -- 2.8.2
[PATCH 3.12 70/76] VSOCK: do not disconnect socket when peer has shutdown SEND only
From: Ian Campbell <ian.campb...@docker.com> 3.12-stable review patch. If anyone has any objections, please let me know. === [ Upstream commit dedc58e067d8c379a15a8a183c5db318201295bb ] The peer may be expecting a reply having sent a request and then done a shutdown(SHUT_WR), so tearing down the whole socket at this point seems wrong and breaks for me with a client which does a SHUT_WR. Looking at other socket family's stream_recvmsg callbacks doing a shutdown here does not seem to be the norm and removing it does not seem to have had any adverse effects that I can see. I'm using Stefan's RFC virtio transport patches, I'm unsure of the impact on the vmci transport. Signed-off-by: Ian Campbell <ian.campb...@docker.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: Stefan Hajnoczi <stefa...@redhat.com> Cc: Claudio Imbrenda <imbre...@linux.vnet.ibm.com> Cc: Andy King <ack...@vmware.com> Cc: Dmitry Torokhov <d...@vmware.com> Cc: Jorgen Hansen <jhan...@vmware.com> Cc: Adit Ranadive <ad...@vmware.com> Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- net/vmw_vsock/af_vsock.c | 21 + 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 85d232bed87d..e8d3313ea2c9 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1796,27 +1796,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb, else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; - if (copied > 0) { - /* We only do these additional bookkeeping/notification steps -* if we actually copied something out of the queue pair -* instead of just peeking ahead. -*/ - - if (!(flags & MSG_PEEK)) { - /* If the other side has shutdown for sending and there -* is nothing more to read, then modify the socket -* state. -*/ - if (vsk->peer_shutdown & SEND_SHUTDOWN) { - if (vsock_stream_has_data(vsk) <= 0) { - sk->sk_state = SS_UNCONNECTED; - sock_set_flag(sk, SOCK_DONE); - sk->sk_state_change(sk); - } - } - } + if (copied > 0) err = copied; - } out_wait: finish_wait(sk_sleep(sk), ); -- 2.8.2
[patch added to 3.12-stable] VSOCK: do not disconnect socket when peer has shutdown SEND only
From: Ian Campbell <ian.campb...@docker.com> This patch has been added to the 3.12 stable tree. If you have any objections, please let us know. === [ Upstream commit dedc58e067d8c379a15a8a183c5db318201295bb ] The peer may be expecting a reply having sent a request and then done a shutdown(SHUT_WR), so tearing down the whole socket at this point seems wrong and breaks for me with a client which does a SHUT_WR. Looking at other socket family's stream_recvmsg callbacks doing a shutdown here does not seem to be the norm and removing it does not seem to have had any adverse effects that I can see. I'm using Stefan's RFC virtio transport patches, I'm unsure of the impact on the vmci transport. Signed-off-by: Ian Campbell <ian.campb...@docker.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: Stefan Hajnoczi <stefa...@redhat.com> Cc: Claudio Imbrenda <imbre...@linux.vnet.ibm.com> Cc: Andy King <ack...@vmware.com> Cc: Dmitry Torokhov <d...@vmware.com> Cc: Jorgen Hansen <jhan...@vmware.com> Cc: Adit Ranadive <ad...@vmware.com> Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- net/vmw_vsock/af_vsock.c | 21 + 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c index 85d232bed87d..e8d3313ea2c9 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1796,27 +1796,8 @@ vsock_stream_recvmsg(struct kiocb *kiocb, else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; - if (copied > 0) { - /* We only do these additional bookkeeping/notification steps -* if we actually copied something out of the queue pair -* instead of just peeking ahead. -*/ - - if (!(flags & MSG_PEEK)) { - /* If the other side has shutdown for sending and there -* is nothing more to read, then modify the socket -* state. -*/ - if (vsk->peer_shutdown & SEND_SHUTDOWN) { - if (vsock_stream_has_data(vsk) <= 0) { - sk->sk_state = SS_UNCONNECTED; - sock_set_flag(sk, SOCK_DONE); - sk->sk_state_change(sk); - } - } - } + if (copied > 0) err = copied; - } out_wait: finish_wait(sk_sleep(sk), ); -- 2.8.2
[PATCH 2/7] net: ircomm, cleanup TIOCGSERIAL
In ircomm_tty_get_serial_info, struct serial_struct is memset to 0 and then some members set to 0 explicitly. Remove the latter as it is obviously superfluous. And remove the retinfo check against NULL. copy_to_user will take care of that. Part of hub6 cleanup series. Signed-off-by: Jiri Slaby <jsl...@suse.cz> Cc: Samuel Ortiz <sam...@sortiz.org> Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org --- net/irda/ircomm/ircomm_tty_ioctl.c | 8 1 file changed, 8 deletions(-) diff --git a/net/irda/ircomm/ircomm_tty_ioctl.c b/net/irda/ircomm/ircomm_tty_ioctl.c index 17c49bf26313..0985588c9dec 100644 --- a/net/irda/ircomm/ircomm_tty_ioctl.c +++ b/net/irda/ircomm/ircomm_tty_ioctl.c @@ -246,9 +246,6 @@ static int ircomm_tty_get_serial_info(struct ircomm_tty_cb *self, { struct serial_struct info; - if (!retinfo) - return -EFAULT; - memset(, 0, sizeof(info)); info.line = self->line; info.flags = self->port.flags; @@ -258,11 +255,6 @@ static int ircomm_tty_get_serial_info(struct ircomm_tty_cb *self, /* For compatibility */ info.type = PORT_16550A; - info.port = 0; - info.irq = 0; - info.xmit_fifo_size = 0; - info.hub6 = 0; - info.custom_divisor = 0; if (copy_to_user(retinfo, , sizeof(*retinfo))) return -EFAULT; -- 2.8.2
[patch added to 3.12-stable] cpuset: Fix potential deadlock w/ set_mems_allowed
From: John Stultz <john.stu...@linaro.org> This patch has been added to the 3.12 stable tree. If you have any objections, please let us know. === commit db751fe3ea6880ff5ac5abe60cb7b80deb5a4140 upstream. After adding lockdep support to seqlock/seqcount structures, I started seeing the following warning: [1.070907] == [1.072015] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ] [1.073181] 3.11.0+ #67 Not tainted [1.073801] -- [1.074882] kworker/u4:2/708 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [1.076088] (>mems_allowed_seq){+.+...}, at: [] new_slab+0x5f/0x280 [1.077572] [1.077572] and this task is already holding: [1.078593] (&(>__queue_lock)->rlock){..-...}, at: [] blk_execute_rq_nowait+0x53/0xf0 [1.080042] which would create a new lock dependency: [1.080042] (&(>__queue_lock)->rlock){..-...} -> (>mems_allowed_seq){+.+...} [1.080042] [1.080042] but this new dependency connects a SOFTIRQ-irq-safe lock: [1.080042] (&(>__queue_lock)->rlock){..-...} [1.080042] ... which became SOFTIRQ-irq-safe at: [1.080042] [] __lock_acquire+0x5b9/0x1db0 [1.080042] [] lock_acquire+0x95/0x130 [1.080042] [] _raw_spin_lock+0x41/0x80 [1.080042] [] scsi_device_unbusy+0x7e/0xd0 [1.080042] [] scsi_finish_command+0x32/0xf0 [1.080042] [] scsi_softirq_done+0xa1/0x130 [1.080042] [] blk_done_softirq+0x73/0x90 [1.080042] [] __do_softirq+0x110/0x2f0 [1.080042] [] run_ksoftirqd+0x2d/0x60 [1.080042] [] smpboot_thread_fn+0x156/0x1e0 [1.080042] [] kthread+0xd6/0xe0 [1.080042] [] ret_from_fork+0x7c/0xb0 [1.080042] [1.080042] to a SOFTIRQ-irq-unsafe lock: [1.080042] (>mems_allowed_seq){+.+...} [1.080042] ... which became SOFTIRQ-irq-unsafe at: [1.080042] ... [] __lock_acquire+0x613/0x1db0 [1.080042] [] lock_acquire+0x95/0x130 [1.080042] [] kthreadd+0x82/0x180 [1.080042] [] ret_from_fork+0x7c/0xb0 [1.080042] [1.080042] other info that might help us debug this: [1.080042] [1.080042] Possible interrupt unsafe locking scenario: [1.080042] [1.080042]CPU0CPU1 [1.080042] [1.080042] lock(>mems_allowed_seq); [1.080042]local_irq_disable(); [1.080042]lock(&(>__queue_lock)->rlock); [1.080042]lock(>mems_allowed_seq); [1.080042] [1.080042] lock(&(>__queue_lock)->rlock); [1.080042] [1.080042] *** DEADLOCK *** The issue stems from the kthreadd() function calling set_mems_allowed with irqs enabled. While its possibly unlikely for the actual deadlock to trigger, a fix is fairly simple: disable irqs before taking the mems_allowed_seq lock. Signed-off-by: John Stultz <john.stu...@linaro.org> Signed-off-by: Peter Zijlstra <pet...@infradead.org> Acked-by: Li Zefan <lize...@huawei.com> Cc: Mathieu Desnoyers <mathieu.desnoy...@efficios.com> Cc: Steven Rostedt <rost...@goodmis.org> Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Link: http://lkml.kernel.org/r/1381186321-4906-4-git-send-email-john.stu...@linaro.org Signed-off-by: Ingo Molnar <mi...@kernel.org> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- include/linux/cpuset.h | 4 1 file changed, 4 insertions(+) diff --git a/include/linux/cpuset.h b/include/linux/cpuset.h index a7ebb89ae9fb..ade2390ffe92 100644 --- a/include/linux/cpuset.h +++ b/include/linux/cpuset.h @@ -132,10 +132,14 @@ static inline bool read_mems_allowed_retry(unsigned int seq) static inline void set_mems_allowed(nodemask_t nodemask) { + unsigned long flags; + task_lock(current); + local_irq_save(flags); write_seqcount_begin(>mems_allowed_seq); current->mems_allowed = nodemask; write_seqcount_end(>mems_allowed_seq); + local_irq_restore(flags); task_unlock(current); } -- 2.8.2
Re: [PATCH net] tun, bpf: fix suspicious RCU usage in tun_{attach,detach}_filter
On 03/31/2016, 02:13 AM, Daniel Borkmann wrote: > Sasha Levin reported a suspicious rcu_dereference_protected() warning > found while fuzzing with trinity that is similar to this one: > > [ 52.765684] net/core/filter.c:2262 suspicious > rcu_dereference_protected() usage! > [ 52.765688] other info that might help us debug this: > [ 52.765695] rcu_scheduler_active = 1, debug_locks = 1 > [ 52.765701] 1 lock held by a.out/1525: > [ 52.765704] #0: (rtnl_mutex){+.+.+.}, at: [] > rtnl_lock+0x17/0x20 > [ 52.765721] stack backtrace: > [ 52.765728] CPU: 1 PID: 1525 Comm: a.out Not tainted 4.5.0+ #264 > [...] > [ 52.765768] Call Trace: > [ 52.765775] [] dump_stack+0x85/0xc8 > [ 52.765784] [] lockdep_rcu_suspicious+0xd5/0x110 > [ 52.765792] [] sk_detach_filter+0x82/0x90 > [ 52.765801] [] tun_detach_filter+0x35/0x90 [tun] > [ 52.765810] [] __tun_chr_ioctl+0x354/0x1130 [tun] > [ 52.765818] [] ? selinux_file_ioctl+0x130/0x210 > [ 52.765827] [] tun_chr_ioctl+0x13/0x20 [tun] > [ 52.765834] [] do_vfs_ioctl+0x96/0x690 > [ 52.765843] [] ? security_file_ioctl+0x43/0x60 > [ 52.765850] [] SyS_ioctl+0x79/0x90 > [ 52.765858] [] do_syscall_64+0x62/0x140 > [ 52.765866] [] entry_SYSCALL64_slow_path+0x25/0x25 > > Same can be triggered with PROVE_RCU (+ PROVE_RCU_REPEATEDLY) enabled > from tun_attach_filter() when user space calls ioctl(tun_fd, TUN{ATTACH, > DETACH}FILTER, ...) for adding/removing a BPF filter on tap devices. > > Since the fix in f91ff5b9ff52 ("net: sk_{detach|attach}_filter() rcu > fixes") sk_attach_filter()/sk_detach_filter() now dereferences the > filter with rcu_dereference_protected(), checking whether socket lock > is held in control path. > > Since its introduction in 994051625981 ("tun: socket filter support"), > tap filters are managed under RTNL lock from __tun_chr_ioctl(). Thus the > sock_owned_by_user(sk) doesn't apply in this specific case and therefore > triggers the false positive. > > Extend the BPF API with __sk_attach_filter()/__sk_detach_filter() pair > that is used by tap filters and pass in lockdep_rtnl_is_held() for the > rcu_dereference_protected() checks instead. It seems to be gone with this patch here. thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
On 03/21/2016, 04:58 PM, Jiri Slaby wrote: > Hello, > > On 03/18/2016, 09:52 PM, Tejun Heo wrote: >> On Thu, Mar 17, 2016 at 01:00:13PM +0100, Jiri Slaby wrote: >>>>> I have not done that yet, but today, I see: >>>>> destroy_workqueue: name='req_hci0' pwq=88002f590300 >>>>> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works: >>>>>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1 >>>>> in-flight: 18568:wq_barrier_func >>>> >>>> So, this means that there's flush_work() racing against workqueue >>>> destruction, which can't be safe. :( >>> >>> But I cannot trigger the WARN_ONs in the attached patch, so I am >>> confused how this can happen :(. (While I am still seeing the destroy >>> WARNINGs.) >> >> So, no operations should be in progress when destroy_workqueue() is >> called. If somebody was flushing a work item, the flush call must >> have returned before destroy_workqueue() was invoked, which doesn't >> seem to be the case here. Can you trigger BUG_ON() or sysrq-t when >> the above triggers? There must be a task which is flushing a work >> item there and it shouldn't be difficult to pinpoint what's going on >> from it. > > The output of sysrq-t is here (> 200k), but I cannot see anything > suspicious in it: > http://www.fi.muni.cz/~xslaby/sklad/panics/jctl.txt Hmm, so I seem I cannot reproduce with this hunk: --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -3139,10 +3139,10 @@ void hci_unregister_dev(struct hci_dev *hdev) list_del(>list); write_unlock(_dev_list_lock); - hci_dev_do_close(hdev); - cancel_work_sync(>power_on); + hci_dev_do_close(hdev); + if (!test_bit(HCI_INIT, >flags) && !hci_dev_test_flag(hdev, HCI_SETUP) && !hci_dev_test_flag(hdev, HCI_CONFIG)) { I cannot explain why though. I do not see how it matters in this particular case... Dmitry, could you apply it too? But I don't know how often you see the warning. PS. next on the table is the gsm tty warning. thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
Hello, On 03/18/2016, 09:52 PM, Tejun Heo wrote: > On Thu, Mar 17, 2016 at 01:00:13PM +0100, Jiri Slaby wrote: >>>> I have not done that yet, but today, I see: >>>> destroy_workqueue: name='req_hci0' pwq=88002f590300 >>>> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works: >>>>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1 >>>> in-flight: 18568:wq_barrier_func >>> >>> So, this means that there's flush_work() racing against workqueue >>> destruction, which can't be safe. :( >> >> But I cannot trigger the WARN_ONs in the attached patch, so I am >> confused how this can happen :(. (While I am still seeing the destroy >> WARNINGs.) > > So, no operations should be in progress when destroy_workqueue() is > called. If somebody was flushing a work item, the flush call must > have returned before destroy_workqueue() was invoked, which doesn't > seem to be the case here. Can you trigger BUG_ON() or sysrq-t when > the above triggers? There must be a task which is flushing a work > item there and it shouldn't be difficult to pinpoint what's going on > from it. The output of sysrq-t is here (> 200k), but I cannot see anything suspicious in it: http://www.fi.muni.cz/~xslaby/sklad/panics/jctl.txt This is what the code does now: + if ((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) { + pr_info("%s: name='%s' pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d pwq->nr_active=%d delayed_works:", + __func__, wq->name, pwq, wq->dfl_pwq, + pwq->refcnt, pwq->nr_active); + + show_pwq(pwq); + + mutex_unlock(>mutex); + show_state(); + show_workqueue_state(); + WARN_ON(1); + return; + } thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
Hello, On 03/11/2016, 06:12 PM, Tejun Heo wrote: > On Thu, Mar 03, 2016 at 10:12:01AM +0100, Jiri Slaby wrote: >> On 03/02/2016, 04:45 PM, Tejun Heo wrote: >>> On Fri, Feb 19, 2016 at 01:10:00PM +0100, Jiri Slaby wrote: >>>>> 1. didn't help, the problem persists. So I haven't applied the patch from >>>>> 2. >>>> >>>> FWIW I dumped more info about the wq: >>>> wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200 >>>> pwq->refcnt=2 pwq->nr_active=0 delayed_works: >>> >>> Can you please print out the same info for all pwq's during shutdown? >>> It looks like we're leaking pwq refcnt but I can't spot a place where >>> that could happen on an empty pwq. >> >> I have not done that yet, but today, I see: >> destroy_workqueue: name='req_hci0' pwq=88002f590300 >> wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works: >>pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1 >> in-flight: 18568:wq_barrier_func > > So, this means that there's flush_work() racing against workqueue > destruction, which can't be safe. :( But I cannot trigger the WARN_ONs in the attached patch, so I am confused how this can happen :(. (While I am still seeing the destroy WARNINGs.) BTW. what did you mean by dumping the states at shutdown? Is it still relevant? thanks, -- js suse labs --- include/linux/workqueue.h|1 + include/net/bluetooth/hci_core.h |5 + kernel/reboot.c |1 + kernel/workqueue.c | 34 +++--- net/bluetooth/hci_core.c | 39 +++ 5 files changed, 73 insertions(+), 7 deletions(-) --- a/include/linux/workqueue.h +++ b/include/linux/workqueue.h @@ -312,6 +312,7 @@ enum { __WQ_DRAINING = 1 << 16, /* internal: workqueue is draining */ __WQ_ORDERED = 1 << 17, /* internal: workqueue is ordered */ __WQ_LEGACY = 1 << 18, /* internal: create*_workqueue() */ + __WQ_DESTROYING = 1 << 19, WQ_MAX_ACTIVE = 512, /* I like 512, better ideas? */ WQ_MAX_UNBOUND_PER_CPU = 4, /* 4 * #cpus for unbound wq */ --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -312,6 +312,11 @@ struct hci_dev { struct workqueue_struct *workqueue; struct workqueue_struct *req_workqueue; +#define HCI_WQ_A 0 +#define HCI_WQ_D 1 +#define HCI_WQR_A 8 +#define HCI_WQR_D 9 + unsigned long wq_status; struct work_struct power_on; struct delayed_work power_off; --- a/kernel/reboot.c +++ b/kernel/reboot.c @@ -231,6 +231,7 @@ static void kernel_shutdown_prepare(enum (state == SYSTEM_HALT) ? SYS_HALT : SYS_POWER_OFF, NULL); system_state = state; usermodehelper_disable(); + show_workqueue_state(); device_shutdown(); } /** --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1366,6 +1366,9 @@ static void __queue_work(int cpu, struct unsigned int work_flags; unsigned int req_cpu = cpu; + if (WARN_ON(wq->flags & __WQ_DESTROYING)) + return; + /* * While a work item is PENDING && off queue, a task trying to * steal the PENDING will busy-loop waiting for it to either get @@ -2804,6 +2807,9 @@ static bool start_flush_work(struct work pwq = worker->current_pwq; } + if (WARN_ON(pwq->wq->flags & __WQ_DESTROYING)) + return false; + check_flush_dependency(pwq->wq, work); insert_wq_barrier(pwq, barr, work, worker); @@ -2821,6 +2827,8 @@ static bool start_flush_work(struct work lock_map_acquire_read(>wq->lockdep_map); lock_map_release(>wq->lockdep_map); + WARN_ON(pwq->wq->flags & __WQ_DESTROYING); + return true; already_gone: spin_unlock_irq(>lock); @@ -3998,6 +4006,8 @@ err_destroy: } EXPORT_SYMBOL_GPL(__alloc_workqueue_key); +static void show_pwq(struct pool_workqueue *pwq); + /** * destroy_workqueue - safely terminate a workqueue * @wq: target workqueue @@ -4010,6 +4020,7 @@ void destroy_workqueue(struct workqueue_ int node; /* drain it before proceeding with destruction */ + wq->flags |= __WQ_DESTROYING; drain_workqueue(wq); /* sanity checks */ @@ -4024,9 +4035,26 @@ void destroy_workqueue(struct workqueue_ } } - if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) || - WARN_ON(pwq->nr_active) || - WARN_ON(!list_empty(>delayed_works))) { + if ((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) { + pr_info("%s: name='%s' pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d pwq->nr_active=%d delayed_works:", + __func__, wq->name, pwq, wq->dfl_pwq, + pwq->refcnt, pwq->nr_active); + + show_pwq(pwq); + + mutex_unlock(>mutex); + WARN_ON(1); + return; + } + + if (WARN_ON(pwq->nr_active)) { + pr_inf
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
Hi, On 03/02/2016, 04:45 PM, Tejun Heo wrote: > On Fri, Feb 19, 2016 at 01:10:00PM +0100, Jiri Slaby wrote: >>> 1. didn't help, the problem persists. So I haven't applied the patch from 2. >> >> FWIW I dumped more info about the wq: >> wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200 >> pwq->refcnt=2 pwq->nr_active=0 delayed_works: > > Can you please print out the same info for all pwq's during shutdown? > It looks like we're leaking pwq refcnt but I can't spot a place where > that could happen on an empty pwq. I have not done that yet, but today, I see: destroy_workqueue: name='req_hci0' pwq=88002f590300 wq->dfl_pwq=88002f591e00 pwq->refcnt=2 pwq->nr_active=0 delayed_works: pwq 12: cpus=0-1 node=0 flags=0x4 nice=-20 active=0/1 in-flight: 18568:wq_barrier_func thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
On 02/19/2016, 11:20 AM, Jiri Slaby wrote: > On 02/18/2016, 06:44 PM, Tejun Heo wrote: >> Hello, >> >> Can you please do the followings? >> >> 1. Remove WQ_MEM_RECLAIM from the affected workqueue and see whether >>the problem is reproducible. WQ_MEM_RECLAIM on anything bluetooth >>doesn't make sense btw. Why is it there? >> >> 2. If WQ_MEM_RECLAIM makes the issue go away, see whether the attached >>patch works too. > > Hello, > > 1. didn't help, the problem persists. So I haven't applied the patch from 2. FWIW I dumped more info about the wq: wq->name='hci0' pwq=8800390d7600 wq->dfl_pwq=8800390d5200 pwq->refcnt=2 pwq->nr_active=0 delayed_works: > thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
On 02/18/2016, 06:44 PM, Tejun Heo wrote: > Hello, > > Can you please do the followings? > > 1. Remove WQ_MEM_RECLAIM from the affected workqueue and see whether >the problem is reproducible. WQ_MEM_RECLAIM on anything bluetooth >doesn't make sense btw. Why is it there? > > 2. If WQ_MEM_RECLAIM makes the issue go away, see whether the attached >patch works too. Hello, 1. didn't help, the problem persists. So I haven't applied the patch from 2. thanks, -- js suse labs
Re: net/bluetooth: workqueue destruction WARNING in hci_unregister_dev
Cc Tejun (workqueues), Takashi (debug patch) On 01/26/2016, 12:53 PM, Dmitry Vyukov wrote: > Hello, > > I've hit the following warning while running syzkaller fuzzer: Hi, I am hitting it over and over again using syzkaller. > WARNING: CPU: 2 PID: 17409 at kernel/workqueue.c:3968 > destroy_workqueue+0x172/0x550() Which of the warnings is it in your case? I hit "(pwq != wq->dfl_pwq) && (pwq->refcnt > 1)". So I have this in the code: if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1))) { pr_info("%s: pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d\n", __func__, pwq, wq->dfl_pwq, pwq->refcnt); mutex_unlock(>mutex); return; } if (WARN_ON(pwq->nr_active)) { ... And the values are: pwq=88006e271500 wq->dfl_pwq=88006e272400 pwq->refcnt=2 pwq=88002ec48300 wq->dfl_pwq=88002ec4bc00 pwq->refcnt=2 pwq=880020f76400 wq->dfl_pwq=880020f75500 pwq->refcnt=2 pwq=88002a908f00 wq->dfl_pwq=88002a90bc00 pwq->refcnt=1 pwq=8800348e0300 wq->dfl_pwq=8800348e pwq->refcnt=2 pwq=88006e276400 wq->dfl_pwq=88006e275800 pwq->refcnt=2 Note the single "pwq->refcnt=1" in there. So this is perhaps a race? Takashi also provided me with a debug patch included in the attached patch. It did not trigger though. > CPU: 2 PID: 17409 Comm: syz-executor Not tainted 4.5.0-rc1+ #283 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > 88003665f8a0 8299a06d > 88003599c740 8643f0c0 88003665f8e0 8134fcf9 > 8139d4c2 8643f0c0 0f80 8800630c5ae8 > Call Trace: > [< inline >] __dump_stack lib/dump_stack.c:15 > [] dump_stack+0x6f/0xa2 lib/dump_stack.c:50 > [] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482 > [] warn_slowpath_null+0x29/0x30 kernel/panic.c:515 > [] destroy_workqueue+0x172/0x550 kernel/workqueue.c:3968 > [] hci_unregister_dev+0x264/0x700 > net/bluetooth/hci_core.c:3162 > [] vhci_release+0x76/0xe0 drivers/bluetooth/hci_vhci.c:341 > [] __fput+0x236/0x780 fs/file_table.c:208 > [] fput+0x15/0x20 fs/file_table.c:244 > [] task_work_run+0x170/0x210 kernel/task_work.c:115 > [< inline >] exit_task_work include/linux/task_work.h:21 > [] do_exit+0x8b5/0x2c60 kernel/exit.c:748 > [] do_group_exit+0x108/0x330 kernel/exit.c:878 > [] get_signal+0x5e4/0x14f0 kernel/signal.c:2307 > [] do_signal+0x83/0x1c90 arch/x86/kernel/signal.c:712 > [] exit_to_usermode_loop+0x1a5/0x210 > arch/x86/entry/common.c:247 > [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:282 > [] syscall_return_slowpath+0x2ba/0x340 > arch/x86/entry/common.c:344 > [] int_ret_from_sys_call+0x25/0x9f > arch/x86/entry/entry_64.S:281 > ---[ end trace f627386faee7426f ]--- > > Unfortunately I cannot reproduce it in a controlled environment, but > I've hit it twice in different VMs. So maybe if you see something > obvious there. Is it possible that something is submitted into the > workqueue between it is drained and destroyed in hci_unregister_dev? > > On commit 92e963f50fc74041b5e9e744c330dca48e04f08d (Jan 24). > thanks, -- js suse labs --- include/linux/workqueue.h |1 + kernel/workqueue.c| 23 --- net/bluetooth/hci_core.c | 19 +++ 3 files changed, 40 insertions(+), 3 deletions(-) --- a/include/linux/workqueue.h +++ b/include/linux/workqueue.h @@ -312,6 +312,7 @@ enum { __WQ_DRAINING = 1 << 16, /* internal: workqueue is draining */ __WQ_ORDERED = 1 << 17, /* internal: workqueue is ordered */ __WQ_LEGACY = 1 << 18, /* internal: create*_workqueue() */ + __WQ_DESTROYING = 1 << 19, WQ_MAX_ACTIVE = 512, /* I like 512, better ideas? */ WQ_MAX_UNBOUND_PER_CPU = 4, /* 4 * #cpus for unbound wq */ --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1366,6 +1366,9 @@ static void __queue_work(int cpu, struct unsigned int work_flags; unsigned int req_cpu = cpu; + if (WARN_ON(wq->flags & __WQ_DESTROYING)) + return; + /* * While a work item is PENDING && off queue, a task trying to * steal the PENDING will busy-loop waiting for it to either get @@ -4010,6 +4013,7 @@ void destroy_workqueue(struct workqueue_ int node; /* drain it before proceeding with destruction */ + wq->flags |= __WQ_DESTROYING; drain_workqueue(wq); /* sanity checks */ @@ -4024,9 +4028,22 @@ void destroy_workqueue(struct workqueue_ } } - if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1)) || - WARN_ON(pwq->nr_active) || - WARN_ON(!list_empty(>delayed_works))) { + if (WARN_ON((pwq != wq->dfl_pwq) && (pwq->refcnt > 1))) { + pr_info("%s: pwq=%p wq->dfl_pwq=%p pwq->refcnt=%d\n", + __func__, pwq, wq->dfl_pwq, + pwq->refcnt); + mutex_unlock(>mutex); + return; + } + + if (WARN_ON(pwq->nr_active)) { + pr_info("%s: %ps\n", __func__, wq); + mutex_unlock(>mutex); + return; + } + + if
Re: [PATCH 00/33] Compile-time stack metadata validation
On 01/21/2016, 11:49 PM, Josh Poimboeuf wrote: > This is v16 of the compile-time stack metadata validation patch set, > along with proposed fixes for most of the warnings it found. It's based > on the tip/master branch. Hi, with this config: https://github.com/openSUSE/kernel-source/blob/master/config/x86_64/vanilla I am seeing a lot of functions in C which do not have frame pointer setup/cleanup: stacktool: drivers/scsi/hpsa.o: hpsa_scsi_do_simple_cmd.constprop.106()+0x79: call without frame pointer save/setup stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: cfs_cdebug_show.part.5.constprop.35()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: cfs_cdebug_show.part.5.constprop.35()+0x8: duplicate frame pointer save stacktool: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.o: cfs_cdebug_show.part.5.constprop.35()+0x9: duplicate frame pointer setup stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: ksocknal_connsock_decref()+0x0: duplicate frame pointer save stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: ksocknal_connsock_decref()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: ksocknal_connsock_decref()+0x1: duplicate frame pointer setup stacktool: drivers/staging/lustre/lnet/klnds/socklnd/socklnd.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: cfs_cdebug_show.part.1.constprop.16()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: cfs_cdebug_show.part.1.constprop.16()+0x8: duplicate frame pointer save stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: cfs_cdebug_show.part.1.constprop.16()+0x9: duplicate frame pointer setup stacktool: drivers/staging/lustre/lnet/lnet/lib-move.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lnet/lnet/lo.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lnet/lnet/nidstrings.o: cfs_print_nidlist()+0x220: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/lnet/peer.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lnet/lnet/router.o: cfs_cdebug_show.part.0.constprop.16()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/lnet/router.o: cfs_cdebug_show.part.0.constprop.16()+0x8: duplicate frame pointer save stacktool: drivers/staging/lustre/lnet/lnet/router.o: cfs_cdebug_show.part.0.constprop.16()+0x9: duplicate frame pointer setup stacktool: drivers/staging/lustre/lnet/lnet/router.o: lnet_find_net_locked()+0x8a: frame pointer state mismatch stacktool: drivers/staging/lustre/lnet/lnet/router.o: lnet_find_net_locked()+0x8a: return without frame pointer restore stacktool: drivers/staging/lustre/lustre/fid/fid_request.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/fld/lproc_fld.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/libcfs/libcfs_lock.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/libcfs/libcfs_mem.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x0: duplicate frame pointer save stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lustre/llite/dir.o: obd_unpackmd()+0x4: duplicate frame pointer setup stacktool: drivers/staging/lustre/lustre/llite/file.o: md_intent_lock.part.28()+0x0: duplicate frame pointer save stacktool: drivers/staging/lustre/lustre/llite/file.o: md_intent_lock.part.28()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lustre/llite/file.o: md_intent_lock.part.28()+0x24: duplicate frame pointer setup stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: cl_io_get()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: cl_io_get()+0x1a: duplicate frame pointer save stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: cl_io_get()+0x1b: duplicate frame pointer setup stacktool: drivers/staging/lustre/lustre/llite/../lclient/glimpse.o: cl_io_get()+0x19: return without frame pointer restore stacktool: drivers/staging/lustre/lustre/llite/../lclient/lcommon_misc.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/llite/llite_mmap.o: .text: unexpected end of section stacktool: drivers/staging/lustre/lustre/llite/lproc_llite.o: checksum_pages_store()+0x19e: frame pointer state mismatch stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x0: frame pointer state mismatch stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x5: duplicate frame pointer save stacktool: drivers/staging/lustre/lustre/llite/namei.o: ll_test_inode()+0x9: duplicate frame pointer setup stacktool:
Re: [PATCH 00/33] Compile-time stack metadata validation
On 02/12/2016, 11:36 AM, Jiri Slaby wrote: > It there some compilation flag missing? -f flags when compiling that file are: > -falign-jumps=1 > -falign-loops=1 > -fconserve-stack > -fno-asynchronous-unwind-tables > -fno-common > -fno-delete-null-pointer-checks > -fno-inline-functions-called-once > -fno-omit-frame-pointer > -fno-optimize-sibling-calls > -fno-strict-aliasing > -fno-strict-overflow > -fno-var-tracking-assignments > -fstack-protector > -funit-at-a-time Happens with: gcc (SUSE Linux) 5.3.1 20151207 [gcc-5-branch revision 231355] gcc-6 (SUSE Linux) 6.0.0 20160202 (experimental) [trunk revision 233076] > thanks, -- js suse labs
[PATCH 3.12 28/64] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
From: Vijay Pandurangan <vij...@vijayp.ca> 3.12-stable review patch. If anyone has any objections, please let me know. === [ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ] Packets that arrive from real hardware devices have ip_summed == CHECKSUM_UNNECESSARY if the hardware verified the checksums, or CHECKSUM_NONE if the packet is bad or it was unable to verify it. The current version of veth will replace CHECKSUM_NONE with CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to a veth device to be delivered to the application. This caused applications at Twitter to receive corrupt data when network hardware was corrupting packets. We believe this was added as an optimization to skip computing and verifying checksums for communication between containers. However, locally generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as written does nothing for them. As far as we can tell, after removing this code, these packets are transmitted from one stack to another unmodified (tcpdump shows invalid checksums on both sides, as expected), and they are delivered correctly to applications. We didn’t test every possible network configuration, but we tried a few common ones such as bridging containers, using NAT between the host and a container, and routing from hardware devices to containers. We have effectively deployed this in production at Twitter (by disabling RX checksum offloading on veth devices). This code dates back to the first version of the driver, commit ("[NET]: Virtual ethernet device driver"), so I suspect this bug occurred mostly because the driver API has evolved significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix packet checksumming") (in December 2010) fixed this for packets that get created locally and sent to hardware devices, by not changing CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming in from hardware devices. Co-authored-by: Evan Jones <e...@evanjones.ca> Signed-off-by: Evan Jones <e...@evanjones.ca> Cc: Nicolas Dichtel <nicolas.dich...@6wind.com> Cc: Phil Sutter <p...@nwl.cc> Cc: Toshiaki Makita <makita.toshi...@lab.ntt.co.jp> Cc: netdev@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Vijay Pandurangan <vij...@vijayp.ca> Acked-by: Cong Wang <cw...@twopensource.com> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- drivers/net/veth.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net/veth.c index 61c4044f644e..917abeae77ad 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -116,12 +116,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev) kfree_skb(skb); goto drop; } - /* don't change ip_summed == CHECKSUM_PARTIAL, as that -* will cause bad checksum on forwarded packets -*/ - if (skb->ip_summed == CHECKSUM_NONE && - rcv->features & NETIF_F_RXCSUM) - skb->ip_summed = CHECKSUM_UNNECESSARY; if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) { struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats); -- 2.7.1
[patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
From: Vijay Pandurangan <vij...@vijayp.ca> This patch has been added to the 3.12 stable tree. If you have any objections, please let us know. === [ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ] Packets that arrive from real hardware devices have ip_summed == CHECKSUM_UNNECESSARY if the hardware verified the checksums, or CHECKSUM_NONE if the packet is bad or it was unable to verify it. The current version of veth will replace CHECKSUM_NONE with CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to a veth device to be delivered to the application. This caused applications at Twitter to receive corrupt data when network hardware was corrupting packets. We believe this was added as an optimization to skip computing and verifying checksums for communication between containers. However, locally generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as written does nothing for them. As far as we can tell, after removing this code, these packets are transmitted from one stack to another unmodified (tcpdump shows invalid checksums on both sides, as expected), and they are delivered correctly to applications. We didn’t test every possible network configuration, but we tried a few common ones such as bridging containers, using NAT between the host and a container, and routing from hardware devices to containers. We have effectively deployed this in production at Twitter (by disabling RX checksum offloading on veth devices). This code dates back to the first version of the driver, commit ("[NET]: Virtual ethernet device driver"), so I suspect this bug occurred mostly because the driver API has evolved significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix packet checksumming") (in December 2010) fixed this for packets that get created locally and sent to hardware devices, by not changing CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming in from hardware devices. Co-authored-by: Evan Jones <e...@evanjones.ca> Signed-off-by: Evan Jones <e...@evanjones.ca> Cc: Nicolas Dichtel <nicolas.dich...@6wind.com> Cc: Phil Sutter <p...@nwl.cc> Cc: Toshiaki Makita <makita.toshi...@lab.ntt.co.jp> Cc: netdev@vger.kernel.org Cc: linux-ker...@vger.kernel.org Signed-off-by: Vijay Pandurangan <vij...@vijayp.ca> Acked-by: Cong Wang <cw...@twopensource.com> Signed-off-by: David S. Miller <da...@davemloft.net> Signed-off-by: Jiri Slaby <jsl...@suse.cz> --- drivers/net/veth.c | 6 -- 1 file changed, 6 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net/veth.c index 61c4044f644e..917abeae77ad 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -116,12 +116,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev) kfree_skb(skb); goto drop; } - /* don't change ip_summed == CHECKSUM_PARTIAL, as that -* will cause bad checksum on forwarded packets -*/ - if (skb->ip_summed == CHECKSUM_NONE && - rcv->features & NETIF_F_RXCSUM) - skb->ip_summed = CHECKSUM_UNNECESSARY; if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) { struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats); -- 2.7.0
Re: [PATCH stable-3.2 stable-3.12] net: fix checksum check in skb_copy_and_csum_datagram_iovec()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/05/2016, 05:40 PM, Ben Hutchings wrote: > On Tue, 2016-01-05 at 17:36 +0100, Jiri Slaby wrote: >> On 12/28/2015, 03:01 PM, Michal Kubecek wrote: >>> Recent fix "net: add length argument to >>> skb_copy_and_csum_datagram_iovec" added to some pre-3.19 >>> stable branches, namely >>> >>> stable-3.2.y: commit 127500d724f8 stable-3.12.y: commit >>> 3e1ac3aafbd0 >> >> Applied this fix to 3.12. Thanks! > [...] > > You don't want this, you want Eric's fix (commit 197c949e7, "udp: > properly support MSG_PEEK with truncated buffers") although that's > not upstream yet. Dropped then. Thanks! - -- js suse labs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJWi/IlAAoJEL0lsQQGtHBJ+HkP/RSxEleW2xhvRXBVz9S5iTgR U5dDY3gdpajVuouc8S8ZC8o6/BT+rx0LwzrCcb8RDkIOPad3dFVrcPn5uwZvCZ+b JSNKvNLTLgtn/jvSu5ZhjlL0F4zXu2Pl37KZpaimwEgGAEmfKAvLL52mdHWURGRq AD7qD5UJxybejt8VNpExX6Oo+Q6nsRJtbrXXSRbalpeCwUhMxu+A/0vWFQ+bFR4M GPMw6GqhCoCTy1fcpI4csyvEJImg91PAnNc2+37vOUqxrpr4hqBtNnVerampaI1N u6QGl5WxfqvX+sDeYv7JDCR+2D750EixcfI6PYFdINSgTBn/7veKTsN1buj9JzlU LBVFKXLILX3pOj16rIiwVtmqapinyJB9c3vCUDP19opn7LtkR16a5wDOTD3T59zs KX6FZ0mO3uRacJNpVqeAcYQ8MVFIN6JRCCokJoTgFmia19rSpxV3Th1MoFy/bafX yc5T+n0CYguTVirME2hn2vt2JHvUzUCcabktT0chY8EhXTc6XMBefRGWnhL3raBe zRCn8tnGUbawr46ZbwMggpavfzUg3lGE6Y5/g5l5dNmdrLfU5SnNmid769Uvlrad MFf56DMfMFHmojcqOukcN1v97jvmaK9eY2xXRvuoGnzYexL2JCiPEKfB21NQfZhW NZSya8PXfCtyAnUS+56r =hGxr -END PGP SIGNATURE- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH stable-3.2 stable-3.12] net: fix checksum check in skb_copy_and_csum_datagram_iovec()
On 12/28/2015, 03:01 PM, Michal Kubecek wrote: > Recent fix "net: add length argument to > skb_copy_and_csum_datagram_iovec" added to some pre-3.19 stable > branches, namely > > stable-3.2.y: commit 127500d724f8 > stable-3.12.y: commit 3e1ac3aafbd0 Applied this fix to 3.12. Thanks! > doesn't handle truncated reads correctly. If read length is shorter than > incoming datagram (but non-zero) and first segment of target iovec is > sufficient for read length, skb_copy_and_csum_datagram() is used to copy > checksum the data while copying it. For truncated reads this means only > the copied part is checksummed (rather than the whole datagram) so that > the check almost always fails. > > Add checksum of the remaining part so that the proper checksum of the > whole datagram is computed and checked. Special care must be taken if > the copied length is odd. > > For zero read length, we don't have to copy anything but we still should > check the checksum so that a peek doesn't return with a datagram which > is invalid and wouldn't be returned by an actual read. > > Signed-off-by: Michal Kubecek> --- > net/core/datagram.c | 26 +- > 1 file changed, 21 insertions(+), 5 deletions(-) > > diff --git a/net/core/datagram.c b/net/core/datagram.c > index f22f120771ef..af4bf368257c 100644 > --- a/net/core/datagram.c > +++ b/net/core/datagram.c > @@ -809,13 +809,14 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff > *skb, >int hlen, struct iovec *iov, int len) > { > __wsum csum; > - int chunk = skb->len - hlen; > + int full_chunk = skb->len - hlen; > + int chunk = min_t(int, full_chunk, len); > > - if (chunk > len) > - chunk = len; > - > - if (!chunk) > + if (!chunk) { > + if (__skb_checksum_complete(skb)) > + goto csum_error; > return 0; > + } > > /* Skip filled elements. >* Pretty silly, look at memcpy_toiovec, though 8) > @@ -833,6 +834,21 @@ int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, > if (skb_copy_and_csum_datagram(skb, hlen, iov->iov_base, > chunk, )) > goto fault; > + if (full_chunk > chunk) { > + if (chunk % 2) { > + __be16 odd = 0; > + > + if (skb_copy_bits(skb, hlen + chunk, > + (char *) + 1, 1)) > + goto fault; > + csum = add32_with_carry(odd, csum); > + csum = skb_checksum(skb, hlen + chunk + 1, > + full_chunk - chunk - 1, > + csum); > + } else > + csum = skb_checksum(skb, hlen + chunk, > + full_chunk - chunk, csum); > + } > if (csum_fold(csum)) > goto csum_error; > if (unlikely(skb->ip_summed == CHECKSUM_COMPLETE)) > -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 01/15] net: wireless: ath: use | instead of + for summing bitmasks
On 10/21/2015, 04:55 PM, Punit Vara wrote: > This patch is to the ath10k/pci.h file that fixes following warning > reported by coccicheck: > > WARNING: sum of probable bitmasks, consider | > > I have replaced + with OR operator | for summing bitmasks > > Signed-off-by: Punit Vara> --- > drivers/net/wireless/ath/ath10k/pci.c | 10 +- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/drivers/net/wireless/ath/ath10k/pci.c > b/drivers/net/wireless/ath/ath10k/pci.c > index 1046ab6..165a318 100644 > --- a/drivers/net/wireless/ath/ath10k/pci.c > +++ b/drivers/net/wireless/ath/ath10k/pci.c > @@ -775,7 +775,7 @@ static u32 ath10k_pci_targ_cpu_to_ce_addr(struct ath10k > *ar, u32 addr) > switch (ar->hw_rev) { > case ATH10K_HW_QCA988X: > case ATH10K_HW_QCA6174: > - val = (ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS + > + val = (ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS | > CORE_CTRL_ADDRESS) & Could you explain where exactly are 2 bitmasks here? thanks, -- js -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 08/15] net: wireless: simplify return flow for usb_control_msg
On 10/21/2015, 04:55 PM, Punit Vara wrote: > @@ -544,13 +544,10 @@ static void at76_ledtrig_tx_activity(void) > static int at76_remap(struct usb_device *udev) > { > int ret; > - ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x0a, > + return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x0a, > USB_TYPE_VENDOR | USB_DIR_OUT | > USB_RECIP_INTERFACE, 0, 0, NULL, 0, > USB_CTRL_GET_TIMEOUT); > - if (ret < 0) > - return ret; > - return 0; ret is now unused, right? -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3.19 and earlier] fib_rules: Fix dump_rules() not to exit early
On 10/05/2015, 07:29 PM, Roland Dreier wrote: > From: Roland Dreier> > Backports of 41fc014332d9 ("fib_rules: fix fib rule dumps across > multiple skbs") introduced a regression in "ip rule show" - it ends up > dumping the first rule over and over and never exiting, because 3.19 > and earlier are missing commit 053c095a82cf ("netlink: make > nlmsg_end() and genlmsg_end() void"), so fib_nl_fill_rule() ends up > returning skb->len (i.e. > 0) in the success case. > > Fix this by checking the return code for < 0 instead of != 0. > > Signed-off-by: Roland Dreier > --- > Hi, this is needed for all stable trees earlier than 4.0 that have > picked up 41fc014332d9; so far looks like at least 3.10.y and 3.14.y > have made such releases. > > net/core/fib_rules.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c > index 627e517077e4..84340a2605ed 100644 > --- a/net/core/fib_rules.c > +++ b/net/core/fib_rules.c > @@ -606,7 +606,7 @@ static int dump_rules(struct sk_buff *skb, struct > netlink_callback *cb, > err = fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).portid, > cb->nlh->nlmsg_seq, RTM_NEWRULE, > NLM_F_MULTI, ops); > - if (err) > + if (err < 0) I integrated the fix into the backport of 41fc014332d9 in 3.12 and made a note in there. Thanks! -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: please queue commit ac37e2515c1a for stable 3.12 - 3.18
On 06/04/2015, 10:54 PM, Michal Kubecek wrote: Hello, please queue mainline commit ac37e2515c1a (xfrm: release dst_orig in case of error in xfrm_lookup()) for stable branches 3.12, 3.14 and 3.18. It fixes a dst_entry reference leak introduced by commit f92ee61982d6 (xfrm: Generate blackhole routes only from route lookup functions) present in these branches (3.12 and 3.14 as a backport, 3.18 from mainline). The patch applies cleanly to all three and I tested that it fixes the issue in 3.12. David, do you have any plans on taking the commit or should we apply it directly? thanks, -- js suse labs -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/1] bna: remove obsolete use of EXTRA_CFLAGS
EXTRA_CFLAGS should be used on the command line only. Since EXTRA_CFLAGS here add only a non-existant path to compiler include paths (by -I), remove EXTRA_CFLAGS completely. Signed-off-by: Jiri Slaby jsl...@suse.cz --- drivers/net/ethernet/brocade/bna/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/net/ethernet/brocade/bna/Makefile b/drivers/net/ethernet/brocade/bna/Makefile index 6e10b99733a2..8584abcf5366 100644 --- a/drivers/net/ethernet/brocade/bna/Makefile +++ b/drivers/net/ethernet/brocade/bna/Makefile @@ -9,5 +9,3 @@ obj-$(CONFIG_BNA) += bna.o bna-objs := bnad.o bnad_ethtool.o bnad_debugfs.o bna_enet.o bna_tx_rx.o bna-objs += bfa_msgq.o bfa_ioc.o bfa_ioc_ct.o bfa_cee.o bna-objs += cna_fwimg.o - -EXTRA_CFLAGS := -Idrivers/net/bna -- 2.4.2 -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: v3.12-stable-queue build errors
On 04/25/2015, 04:16 PM, Guenter Roeck wrote: Several powerpc build fail with: drivers/net/ethernet/freescale/gianfar.c: In function 'gfar_start_xmit': drivers/net/ethernet/freescale/gianfar.c:2146:3: error: implicit declaration of function 'dev_consume_skb_any' [-Werror=implicit-function-declaration] dev_consume_skb_any(skb); dev_consume_skb_any() does not exist in 3.12. Introduced by 'gianfar: Carefully free skbs in functions called by netpoll'. Eric, David, what action should I take here? 1) take also: commit e6247027e5173c00efb2084d688d06ff835bc3b0 Author: Eric Dumazet eduma...@google.com Date: Thu Dec 5 04:45:08 2013 -0800 net: introduce dev_consume_skb_any() 2) drop 'gianfar: Carefully free skbs in functions called by netpoll' from stable-3.12 3) any other idea? thanks, -- js suse labs -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3.12 04/83] net: ethernet: pcnet32: Setup the SRAM and NOUFLO on Am79C97{3, 5}
From: Markos Chandras markos.chand...@imgtec.com 3.12-stable review patch. If anyone has any objections, please let me know. === commit 87f966d97b89774162df04d2106c6350c8fe4cb3 upstream. On a MIPS Malta board, tons of fifo underflow errors have been observed when using u-boot as bootloader instead of YAMON. The reason for that is that YAMON used to set the pcnet device to SRAM mode but u-boot does not. As a result, the default Tx threshold (64 bytes) is now too small to keep the fifo relatively used and it can result to Tx fifo underflow errors. As a result of which, it's best to setup the SRAM on supported controllers so we can always use the NOUFLO bit. Cc: netdev@vger.kernel.org Cc: linux-ker...@vger.kernel.org Cc: Don Fry pcne...@frontier.com Signed-off-by: Markos Chandras markos.chand...@imgtec.com Signed-off-by: David S. Miller da...@davemloft.net Signed-off-by: Jiri Slaby jsl...@suse.cz --- drivers/net/ethernet/amd/pcnet32.c | 31 +-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c index 2d8e28819779..048743573230 100644 --- a/drivers/net/ethernet/amd/pcnet32.c +++ b/drivers/net/ethernet/amd/pcnet32.c @@ -1516,7 +1516,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) { struct pcnet32_private *lp; int i, media; - int fdx, mii, fset, dxsuflo; + int fdx, mii, fset, dxsuflo, sram; int chip_version; char *chipname; struct net_device *dev; @@ -1553,7 +1553,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) } /* initialize variables */ - fdx = mii = fset = dxsuflo = 0; + fdx = mii = fset = dxsuflo = sram = 0; chip_version = (chip_version 12) 0x; switch (chip_version) { @@ -1586,6 +1586,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) chipname = PCnet/FAST III 79C973; /* PCI */ fdx = 1; mii = 1; + sram = 1; break; case 0x2626: chipname = PCnet/Home 79C978; /* PCI */ @@ -1609,6 +1610,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) chipname = PCnet/FAST III 79C975; /* PCI */ fdx = 1; mii = 1; + sram = 1; break; case 0x2628: chipname = PCnet/PRO 79C976; @@ -1637,6 +1639,31 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) dxsuflo = 1; } + /* +* The Am79C973/Am79C975 controllers come with 12K of SRAM +* which we can use for the Tx/Rx buffers but most importantly, +* the use of SRAM allow us to use the BCR18:NOUFLO bit to avoid +* Tx fifo underflows. +*/ + if (sram) { + /* +* The SRAM is being configured in two steps. First we +* set the SRAM size in the BCR25:SRAM_SIZE bits. According +* to the datasheet, each bit corresponds to a 512-byte +* page so we can have at most 24 pages. The SRAM_SIZE +* holds the value of the upper 8 bits of the 16-bit SRAM size. +* The low 8-bits start at 0x00 and end at 0xff. So the +* address range is from 0x up to 0x17ff. Therefore, +* the SRAM_SIZE is set to 0x17. The next step is to set +* the BCR26:SRAM_BND midway through so the Tx and Rx +* buffers can share the SRAM equally. +*/ + a-write_bcr(ioaddr, 25, 0x17); + a-write_bcr(ioaddr, 26, 0xc); + /* And finally enable the NOUFLO bit */ + a-write_bcr(ioaddr, 18, a-read_bcr(ioaddr, 18) | (1 11)); + } + dev = alloc_etherdev(sizeof(*lp)); if (!dev) { ret = -ENOMEM; -- 2.3.5 -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: v3.12-stable-queue build errors
On 04/27/2015, 06:25 PM, David Miller wrote: From: ebied...@xmission.com (Eric W. Biederman) Date: Mon, 27 Apr 2015 10:35:51 -0500 Jiri Slaby jsl...@suse.cz writes: On 04/25/2015, 04:16 PM, Guenter Roeck wrote: Several powerpc build fail with: drivers/net/ethernet/freescale/gianfar.c: In function 'gfar_start_xmit': drivers/net/ethernet/freescale/gianfar.c:2146:3: error: implicit declaration of function 'dev_consume_skb_any' [-Werror=implicit-function-declaration] dev_consume_skb_any(skb); dev_consume_skb_any() does not exist in 3.12. Introduced by 'gianfar: Carefully free skbs in functions called by netpoll'. Eric, David, what action should I take here? 1) take also: commit e6247027e5173c00efb2084d688d06ff835bc3b0 Author: Eric Dumazet eduma...@google.com Date: Thu Dec 5 04:45:08 2013 -0800 net: introduce dev_consume_skb_any() 2) drop 'gianfar: Carefully free skbs in functions called by netpoll' from stable-3.12 This is probably the most reasonable. KISS. Yeah just drop the patch. I didn't even want to submit this series in the first place but people kept poking me endlessly about it. Now dropped. Thanks. -- js suse labs -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch added to the 3.12 stable tree] net: ethernet: pcnet32: Setup the SRAM and NOUFLO on Am79C97{3, 5}
From: Markos Chandras markos.chand...@imgtec.com This patch has been added to the 3.12 stable tree. If you have any objections, please let us know. === commit 87f966d97b89774162df04d2106c6350c8fe4cb3 upstream. On a MIPS Malta board, tons of fifo underflow errors have been observed when using u-boot as bootloader instead of YAMON. The reason for that is that YAMON used to set the pcnet device to SRAM mode but u-boot does not. As a result, the default Tx threshold (64 bytes) is now too small to keep the fifo relatively used and it can result to Tx fifo underflow errors. As a result of which, it's best to setup the SRAM on supported controllers so we can always use the NOUFLO bit. Cc: netdev@vger.kernel.org Cc: linux-ker...@vger.kernel.org Cc: Don Fry pcne...@frontier.com Signed-off-by: Markos Chandras markos.chand...@imgtec.com Signed-off-by: David S. Miller da...@davemloft.net Signed-off-by: Jiri Slaby jsl...@suse.cz --- drivers/net/ethernet/amd/pcnet32.c | 31 +-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c index 2d8e28819779..048743573230 100644 --- a/drivers/net/ethernet/amd/pcnet32.c +++ b/drivers/net/ethernet/amd/pcnet32.c @@ -1516,7 +1516,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) { struct pcnet32_private *lp; int i, media; - int fdx, mii, fset, dxsuflo; + int fdx, mii, fset, dxsuflo, sram; int chip_version; char *chipname; struct net_device *dev; @@ -1553,7 +1553,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) } /* initialize variables */ - fdx = mii = fset = dxsuflo = 0; + fdx = mii = fset = dxsuflo = sram = 0; chip_version = (chip_version 12) 0x; switch (chip_version) { @@ -1586,6 +1586,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) chipname = PCnet/FAST III 79C973; /* PCI */ fdx = 1; mii = 1; + sram = 1; break; case 0x2626: chipname = PCnet/Home 79C978; /* PCI */ @@ -1609,6 +1610,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) chipname = PCnet/FAST III 79C975; /* PCI */ fdx = 1; mii = 1; + sram = 1; break; case 0x2628: chipname = PCnet/PRO 79C976; @@ -1637,6 +1639,31 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) dxsuflo = 1; } + /* +* The Am79C973/Am79C975 controllers come with 12K of SRAM +* which we can use for the Tx/Rx buffers but most importantly, +* the use of SRAM allow us to use the BCR18:NOUFLO bit to avoid +* Tx fifo underflows. +*/ + if (sram) { + /* +* The SRAM is being configured in two steps. First we +* set the SRAM size in the BCR25:SRAM_SIZE bits. According +* to the datasheet, each bit corresponds to a 512-byte +* page so we can have at most 24 pages. The SRAM_SIZE +* holds the value of the upper 8 bits of the 16-bit SRAM size. +* The low 8-bits start at 0x00 and end at 0xff. So the +* address range is from 0x up to 0x17ff. Therefore, +* the SRAM_SIZE is set to 0x17. The next step is to set +* the BCR26:SRAM_BND midway through so the Tx and Rx +* buffers can share the SRAM equally. +*/ + a-write_bcr(ioaddr, 25, 0x17); + a-write_bcr(ioaddr, 26, 0xc); + /* And finally enable the NOUFLO bit */ + a-write_bcr(ioaddr, 18, a-read_bcr(ioaddr, 18) | (1 11)); + } + dev = alloc_etherdev(sizeof(*lp)); if (!dev) { ret = -ENOMEM; -- 2.3.5 -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] bad address in twothirdsMD4Transform
On 02/11/2008 08:42 PM, Matt Mackall wrote: BUG: unable to handle kernel paging request at 8102366213f8 IP: [803558f4] twothirdsMD4Transform+0xc4/0x3b0 You should mention what kernel you're using. Kernel version is in the bug below modules and above registers. This bug is only in -mm (you didn't cc: Andrew), and it's fixed here: http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.24/2.6.24-mm1/hot-fixes/random-clean-up-checkpatch-complaints-fix.patch I need to ask google first! Sorry. -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[BUG] bad address in twothirdsMD4Transform
Hi, I get this with 32 bit Firefox 3b2 and java 1.6.0_03 on 64 bit: BUG: unable to handle kernel paging request at 8102366213f8 IP: [803558f4] twothirdsMD4Transform+0xc4/0x3b0 PGD 8063 PUD 0 Oops: [1] SMP last sysfs file: /sys/devices/virtual/net/tun0/statistics/collisions CPU 1 Modules linked in: szetest szedata2 v4l2_extension videodev v4l2_common v4l1_compat isofs tun bitrev ipv6 arc4 ecb crypto_blkcipher cryptomgr crypto_algapi ath5k mac80211 cfg80211 rtc_cmos sr_mod rtc_core ehci_hcd floppy rtc_lib cdrom crc32 [last unloaded: szedata2] Pid: 3512, comm: java_vm Not tainted 2.6.24-mm1_64 #380 RIP: 0010:[803558f4] [803558f4] twothirdsMD4Transform+0xc4/0x3b0 RSP: :810042721c68 EFLAGS: 00010286 RAX: 4000 RBX: RCX: 3ffc RDX: 7cfbfdc8 RSI: 810042721cd8 RDI: 8100435893d0 RBP: 810042721cc8 R08: 8000 R09: R10: 8101ac7c033c R11: R12: 67f18b72 R13: R14: 8100435893b0 R15: c42802a9 FS: () GS:81007d008500(0063) knlGS:f492ab90 CS: 0010 DS: 002b ES: 002b CR0: 80050033 CR2: 8102366213f8 CR3: 426e6000 CR4: 06e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process java_vm (pid: 3512, threadinfo 81004272, task 81002211b6b0) Stack: 81007c0c62d0 7cfbfdc8 2dc63fea 0100 8100435893b0 810043588d80 8100435893b0 810042721e88 Call Trace: [80356cce] secure_tcpv6_sequence_number+0x6e/0xa0 [880b24ff] :ipv6:tcp_v6_connect+0x4bf/0x650 [80466a89] ? lock_sock_nested+0xc9/0xe0 [804b68d1] inet_stream_connect+0x231/0x2c0 [804a5efe] ? tcp_init_xmit_timers+0x1e/0x20 [802b96aa] ? inotify_d_instantiate+0x1a/0x50 [80464171] sys_connect+0x71/0xa0 [8046449a] ? sock_map_fd+0x4a/0x70 [80480f56] compat_sys_socketcall+0x86/0x1b0 [80224302] ia32_sysret+0x0/0xa Code: 56 10 c1 c8 0d 48 89 55 b0 03 0c 96 44 89 ca 44 31 c2 21 c2 44 31 c2 01 d1 8b 56 14 c1 c9 1d 48 89 55 a8 44 8b 7e 18 44 8b 66 1c 44 03 04 96 89 c2 44 31 ca 21 ca 44 31 ca 46 03 0c be 41 01 d0 RIP [803558f4] twothirdsMD4Transform+0xc4/0x3b0 RSP 810042721c68 CR2: 8102366213f8 ---[ end trace 057610ccf9ee39f0 ]--- Reproducible, going to https://www.mojebanka.cz/InternetBanking/JSPLogin.jsp?L=CS triggers it. -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150
On 02/04/2008 10:40 PM, Oliver Pinter wrote: On 2/4/08, Oliver Pinter [EMAIL PROTECTED] wrote: On 2/4/08, Jiri Slaby [EMAIL PROTECTED] wrote: On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote: [ 413.118874] wpa_supplicant[4388]: segfault at 30 ip 080697ca sp bfc9cab0 error 4 in wpa_supplicant[8048000+4c000] Seems like wpa_supplicant is broken. Is this a regression? yes, but with madwifi is all ok And this... madwifi goes through ported bsd net80211. So which latest git you tried worked for you when this is a regression, please? -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150
On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote: git top: 9135f1901ee6449dfe338adf6e40e9c2025b8150 [ 399.582185] wpa_supplicant[4383]: segfault at 30 ip 080697ca sp bf87a690 error 4 in wpa_supplicant[8048000+4c000] [ 406.277199] wpa_supplicant[4384]: segfault at 30 ip 080697ca sp bfc13a30 error 4 in wpa_supplicant[8048000+4c000] [ 407.586375] wpa_supplicant[4385]: segfault at 30 ip 080697ca sp bf9ed000 error 4 in wpa_supplicant[8048000+4c000] [ 411.671037] wpa_supplicant[4386]: segfault at 30 ip 080697ca sp bf8f3710 error 4 in wpa_supplicant[8048000+4c000] [ 412.569843] wpa_supplicant[4387]: segfault at 30 ip 080697ca sp bfc19a30 error 4 in wpa_supplicant[8048000+4c000] [ 413.118874] wpa_supplicant[4388]: segfault at 30 ip 080697ca sp bfc9cab0 error 4 in wpa_supplicant[8048000+4c000] Seems like wpa_supplicant is broken. Is this a regression? home:~# wpa_supplicant -Dwext -iath0 -c /etc/wpa_supplicant/wpa_supplicant.conf ath0? udev renamed it? ioctl[SIOCSIWAUTH]: Operation not supported WEXT auth param 4 value 0x0 - bind(PF_UNIX): Address already in use 4 - 0x0 is TKIP, nothing we should worry about. ctrl_iface exists and seems to be in use - cannot override it Delete '/var/run/wpa_supplicant/ath0' manually if it is not used anymore Failed to initialize control interface '/var/run/wpa_supplicant'. You may have another wpa_supplicant process already running or the file was left by an unclean termination of wpa_supplicant in which case you will need to manually remove this file before starting wpa_supplicant again. Have you? I guess ltrace would help here. And maybe strace... -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [Wireless, ath5k] 2.6.24-git13 9135f1901ee6449dfe338adf6e40e9c2025b8150
On 02/04/2008 10:52 PM, Dan Williams wrote: On Mon, 2008-02-04 at 22:34 +0100, Oliver Pinter wrote: On 2/4/08, Jiri Slaby [EMAIL PROTECTED] wrote: On 02/04/2008 03:00 PM, Oliver Pinter (Pintér Olivér) wrote: ioctl[SIOCSIWAUTH]: Operation not supported WEXT auth param 4 value 0x0 - bind(PF_UNIX): Address already in use 4 - 0x0 is TKIP, nothing we should worry about. ctrl_iface exists and seems to be in use - cannot override it Delete '/var/run/wpa_supplicant/ath0' manually if it is not used anymore Failed to initialize control interface '/var/run/wpa_supplicant'. You may have another wpa_supplicant process already running or the file was left by an unclean termination of wpa_supplicant in which case you will need to manually remove this file before starting wpa_supplicant again. Have you? yes Ok, on one log it can't be bound and connected to, on the others it can be bound. I think you have 2 wpa/NM/whatever processes there which try to assign. Note that the specific behavior of the process requesting scan results can sometimes interact badly with the driver. The driver most likely needs to cope with this (by caching the BSS list internally for example) and handle whatever behavior userspace programs throw at it. The driver doesn't cope with scanning at all. It doesn't support passive scans. It's a mac layer who scans (sends probe request for each channel and listens for probe response for a while) here. The scan results as Dan mentioned will be appreciated. -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: namespace support requires network modules to say GPL
On 12/02/2007 12:13 AM, Eric W. Biederman wrote: Mark Lord [EMAIL PROTECTED] writes: Fine. But all of them want to call sk_alloc(), network drivers should be calling sk_alloc less then they should call dev_get_by_. Only protocols call sk_alloc. and many want to do register_netdev(). I haven't even touched register_netdev. So what should they be using there ? What are you having problems with? It is hard to answer specific questions without a context. VMware vmnet. -- To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
sock_valbool_flag is required by VMware
Hi, this commit: [NET]: Move sock_valbool_flag to socket.c The sock_valbool_flag() helper is used in setsockopt to set or reset some flag on the sock. This helper is required in the net/socket.c only, so move it there. Besides, patch two places in sys_setsockopt() that repeat this helper functionality manually. Since this is not a bugfix, but a trivial cleanup, I prepared this patch against net-2.6.25, but it also applies (with a single offset) to the latest net-2.6. breaks vmware module compilation, since it uses sock_valbool_flag(). Is this their business (and they should use sock_set_flag/sock_reset_flag) or should this be reverted? thanks, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/5] Net: ibm_newemac, remove SPIN_LOCK_UNLOCKED
ibm_newemac, remove SPIN_LOCK_UNLOCKED SPIN_LOCK_UNLOCKED is deprecated, use DEFINE_SPINLOCK instead Signed-off-by: Jiri Slaby [EMAIL PROTECTED] Cc: Jeff Garzik [EMAIL PROTECTED] --- commit aefcf0f6b6ab925184e7cebff8b609e4da1f5c0d tree 9e1e6240f26c759826959e8812885726c520019d parent f87566db6dd9613dde8de59380cd2f423166511e author Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 11:54:41 +0200 committer Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 11:54:41 +0200 drivers/net/ibm_newemac/debug.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/net/ibm_newemac/debug.c b/drivers/net/ibm_newemac/debug.c index 170524e..ada13cd 100644 --- a/drivers/net/ibm_newemac/debug.c +++ b/drivers/net/ibm_newemac/debug.c @@ -21,7 +21,7 @@ #include core.h -static spinlock_t emac_dbg_lock = SPIN_LOCK_UNLOCKED; +static DEFINE_SPINLOCK(emac_dbg_lock); static void emac_desc_dump(struct emac_instance *p) { - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 5/5] Net: sunrpc, remove SPIN_LOCK_UNLOCKED
sunrpc, remove SPIN_LOCK_UNLOCKED SPIN_LOCK_UNLOCKED is deprecated, use DEFINE_SPINLOCK instead Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit d5e782e62a4fe2663a012571c345d9887b02 tree b993038b020d8c619f6ffdad412fbb992c073513 parent 828042d12cc0aa515e049889aa76d4066df100c0 author Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 12:00:13 +0200 committer Jiri Slaby [EMAIL PROTECTED] Thu, 25 Oct 2007 12:00:13 +0200 net/sunrpc/xprt.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c index 282a9a2..cd641c8 100644 --- a/net/sunrpc/xprt.c +++ b/net/sunrpc/xprt.c @@ -62,7 +62,7 @@ static inline voiddo_xprt_reserve(struct rpc_task *); static voidxprt_connect_status(struct rpc_task *task); static int __xprt_get_cong(struct rpc_xprt *, struct rpc_task *); -static spinlock_t xprt_list_lock = SPIN_LOCK_UNLOCKED; +static DEFINE_SPINLOCK(xprt_list_lock); static LIST_HEAD(xprt_list); /* - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
/proc/net/ bad hard links count [Was: 2.6.23-rc8-mm2]
On 09/27/2007 11:22 AM, Andrew Morton wrote: ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc8/2.6.23-rc8-mm2/ # find /proc /dev/null find: WARNING: Hard link count is wrong for /proc/net: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched. # stat net File: `net' Size: 0 Blocks: 0 IO Block: 1024 directory Device: 3h/3d Inode: 4026531864 Links: 2 Access: (0555/dr-xr-xr-x) Uid: (0/root) Gid: (0/root) Access: 2007-09-28 18:21:24.651209759 +0200 Modify: 2007-09-28 18:21:24.651209759 +0200 Change: 2007-09-28 18:21:24.651209759 +0200 # stat net/ File: `net/' Size: 0 Blocks: 0 IO Block: 1024 directory Device: 3h/3d Inode: 4026531909 Links: 4 Access: (0555/dr-xr-xr-x) Uid: (0/root) Gid: (0/root) Access: 2007-09-28 18:26:48.813048220 +0200 Modify: 2007-09-28 18:26:48.813048220 +0200 Change: 2007-09-28 18:26:48.813048220 +0200 hmm, this is some kind of weirdness :) regards, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] [-MM, FIX V4] e1000e: incorporate napi_struct changes from net-2.6.24.git
[8020eecd] do_softirq+0x3d/0x90 [8023d932] ksoftirqd+0x72/0x100 [8023d8c0] ksoftirqd+0x0/0x100 [8024dbbd] kthread+0x4d/0x80 [8020caf8] child_rip+0xa/0x12 [8024db70] kthread+0x0/0x80 [8020caee] child_rip+0x0/0x12 SysRq : Show Regs CPU 0: Modules linked in: floppy sr_mod ehci_hcd cdrom rtc_cmos rtc_core usbhid rtc_lib Pid: 4, comm: ksoftirqd/0 Not tainted 2.6.23-rc4-mm1_64 #24 RIP: 0010:[804cd3f8] [804cd3f8] _spin_trylock+0x8/0x20 RSP: :80703ea8 EFLAGS: 0246 RAX: 0001 RBX: 80703ea8 RCX: 80703f28 RDX: 8100032b0888 RSI: 0040 RDI: 8100032b0850 RBP: 80703e20 R08: 810002b85340 R09: 0002 R10: 0002 R11: 8100032b0700 R12: 8020c1f1 R13: 80703e20 R14: 0040 R15: 8100032b0700 FS: () GS:806ad000() knlGS: CS: 0010 DS: 0018 ES: 0018 CR0: 8005003b CR2: 445d9978 CR3: 04c49000 CR4: 06e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Call Trace: IRQ [803b302d] e1000_clean+0xdd/0x250 [80250a43] hrtimer_run_queues+0x33/0x1b0 [8046d777] net_rx_action+0xd7/0x190 [8023dc54] __do_softirq+0x74/0xf0 [8020ce6c] call_softirq+0x1c/0x30 EOI [8020eecd] do_softirq+0x3d/0x90 [8023d932] ksoftirqd+0x72/0x100 [8023d8c0] ksoftirqd+0x0/0x100 [8024dbbd] kthread+0x4d/0x80 [8020caf8] child_rip+0xa/0x12 [8024db70] kthread+0x0/0x80 [8020caee] child_rip+0x0/0x12 regards, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] [-MM, FIX V4] e1000e: incorporate napi_struct changes from net-2.6.24.git
On 09/17/2007 06:29 PM, Kok, Auke wrote: Jiri Slaby wrote: On 12/23/-28158 08:59 PM, Auke Kok wrote: This incorporates the new napi_struct changes into e1000e. Included bugfix for ifdown hang from Krishna Kumar for e1000. Disabling polling is no longer needed at init time, so remove napi_disable() call from _probe(). This also fixes an endless polling loop where the driver signalled polling done improperly back to the stack. Signed-off-by: Auke Kok [EMAIL PROTECTED] Tested-by: Jiri Slaby [EMAIL PROTECTED] --- drivers/net/e1000e/e1000.h |2 ++ drivers/net/e1000e/netdev.c | 40 2 files changed, 18 insertions(+), 24 deletions(-) [...] I have no lockups here as well anymore, so I'm wondering if you accidentally used V3 of the patch. And so am I, it works, I ported one change to e1000 (non-e) driver and missed the return 0; removal. Fixed both of them now, so one of them caused it. thanks a lot, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: 2.6.23-rc4-mm1: e1000e napi lockup
Kok, Auke napsal(a): Jiri Slaby wrote: I still have problems with the driver. When I do `ip link set eth0 up', ksoftirq runs with 100 % cpu time, so I think you endlessly re-schedule some timer (or the new napi layer?) something changed in the logic and e1000e apparently does something wrong. I'll look into it on monday and resubmit a fixup patch (see robert olsson's mail as well discussing this issue) he's posted me a patch, but no change on my side :(. Anyway, I'm going away of the box on monday (today). will be back on fri to test patches :). thanks, -- http://www.fi.muni.cz/~xslaby/Jiri Slaby faculty of informatics, masaryk university, brno, cz - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: 2.6.23-rc4-mm1: e1000e napi lockup
On 09/07/2007 09:19 AM, Jiri Slaby wrote: Hi, I found a regression in 2.6.23-rc4-mm1 (since -rc3-mm1) in e1000e driver. napi_disable(adapter-napi) in e1000_probe freezes the kernel on boot. Ok, after these changes: diff --git a/drivers/net/e1000e/netdev.c b/drivers/net/e1000e/netdev.c index c1c64e2..f8ec537 100644 --- a/drivers/net/e1000e/netdev.c +++ b/drivers/net/e1000e/netdev.c @@ -1693,10 +1693,7 @@ quit_polling: if (adapter-itr_setting 3) e1000_set_itr(adapter); netif_rx_complete(poll_dev, napi); - if (test_bit(__E1000_DOWN, adapter-state)) - atomic_dec(adapter-irq_sem); - else - e1000_irq_enable(adapter); + e1000_irq_enable(adapter); return 0; } @@ -4257,7 +4254,6 @@ static int __devinit e1000_probe(struct pci_dev *pdev, /* tell the stack to leave us alone until e1000_open() is called */ netif_carrier_off(netdev); netif_stop_queue(netdev); - napi_disable(adapter-napi); strcpy(netdev-name, eth%d); err = register_netdev(netdev); I still have problems with the driver. When I do `ip link set eth0 up', ksoftirq runs with 100 % cpu time, so I think you endlessly re-schedule some timer (or the new napi layer?) regards, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] remove asm/bitops.h includes
remove asm/bitops.h includes including asm/bitops directly may cause compile errors. don't include it and include linux/bitops instead. next patch will deny including asm header directly. Cc: Adrian Bunk [EMAIL PROTECTED] Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 3c05eef3d0a98065323d7d6d9a78e0985eba4b10 tree cb9691832992f570b0363dd568f6fa3d2c81e3f5 parent 132bb039c741d00f066e7501e3613d2d20bf0595 author Jiri Slaby [EMAIL PROTECTED] Tue, 04 Sep 2007 21:01:35 +0200 committer Jiri Slaby [EMAIL PROTECTED] Tue, 04 Sep 2007 21:01:35 +0200 arch/alpha/lib/fls.c|2 +- arch/frv/kernel/irq-mb93091.c |2 +- arch/frv/kernel/irq-mb93093.c |2 +- arch/frv/kernel/irq-mb93493.c |2 +- arch/frv/kernel/irq.c |2 +- arch/mips/au1000/pb1200/irqmap.c|2 +- arch/mips/basler/excite/excite_irq.c|2 +- arch/mips/gt64120/wrppmc/irq.c |1 - arch/mips/tx4938/common/setup.c |2 +- arch/powerpc/platforms/maple/setup.c|2 +- drivers/char/esp.c |2 +- drivers/char/mxser.c|2 +- drivers/char/mxser_new.c|2 +- drivers/ide/ide-io.c|2 +- drivers/media/dvb/ttpci/av7110_ir.c |2 +- drivers/net/bnx2.c |2 +- drivers/net/cris/eth_v10.c |2 +- drivers/net/cxgb3/adapter.h |2 +- drivers/net/hamradio/dmascc.c |2 +- drivers/net/mac89x0.c |2 +- drivers/net/spider_net.c|2 +- drivers/net/tulip/uli526x.c |2 +- drivers/net/wireless/bcm43xx/bcm43xx_leds.c |2 +- drivers/pcmcia/m32r_pcc.c |2 +- drivers/pcmcia/m8xx_pcmcia.c|2 +- drivers/ps3/vuart.c |2 +- drivers/rtc/rtc-pl031.c |2 +- drivers/rtc/rtc-sa1100.c|2 +- drivers/s390/cio/idset.c|2 +- drivers/s390/net/claw.c |2 +- drivers/scsi/ide-scsi.c |2 +- drivers/serial/crisv10.c|2 +- drivers/watchdog/at91rm9200_wdt.c |2 +- drivers/watchdog/ks8695_wdt.c |2 +- drivers/watchdog/omap_wdt.c |2 +- drivers/watchdog/sa1100_wdt.c |2 +- fs/reiser4/jnode.h |2 +- fs/reiser4/plugin/space/bitmap.c|2 +- include/asm-cris/posix_types.h |2 +- include/asm-i386/pgtable.h |5 + include/asm-i386/smp.h |2 +- include/asm-ia64/cacheflush.h |2 +- include/asm-ia64/pgtable.h |2 +- include/asm-ia64/smp.h |2 +- include/asm-ia64/spinlock.h |2 +- include/asm-m32r/pgtable.h |2 +- include/asm-mips/fpu.h |2 +- include/asm-parisc/pgtable.h|2 +- include/asm-powerpc/iommu.h |2 +- include/asm-powerpc/mmu_context.h |2 +- include/asm-ppc/mmu_context.h |3 ++- include/asm-sparc64/smp.h |2 +- include/asm-x86_64/pgtable.h|2 +- include/asm-x86_64/topology.h |2 +- include/linux/of.h |2 +- lib/hweight.c |2 +- net/core/gen_estimator.c|2 +- net/core/pktgen.c |2 +- net/ipv4/fib_trie.c |2 +- net/netfilter/xt_connbytes.c|2 +- 60 files changed, 60 insertions(+), 63 deletions(-) diff --git a/arch/alpha/lib/fls.c b/arch/alpha/lib/fls.c index 7ad84ea..32afaa3 100644 --- a/arch/alpha/lib/fls.c +++ b/arch/alpha/lib/fls.c @@ -3,7 +3,7 @@ */ #include linux/module.h -#include asm/bitops.h +#include linux/bitops.h /* This is fls(x)-1, except zero is held to zero. This allows most efficent input into extbl, plus it allows easy handling of fls(0)=0. */ diff --git a/arch/frv/kernel/irq-mb93091.c b/arch/frv/kernel/irq-mb93091.c index ad753c1..9e38f99 100644 --- a/arch/frv/kernel/irq-mb93091.c +++ b/arch/frv/kernel/irq-mb93091.c @@ -17,10 +17,10 @@ #include linux/interrupt.h #include linux/init.h #include linux/irq.h +#include linux/bitops.h #include asm/io.h #include asm/system.h -#include asm/bitops.h #include asm/delay.h #include asm/irq.h #include asm/irc-regs.h diff --git a/arch/frv/kernel/irq-mb93093.c b/arch/frv/kernel/irq-mb93093.c index e0983f6..3c2752c 100644 --- a/arch/frv/kernel/irq-mb93093.c +++ b/arch/frv/kernel/irq-mb93093.c @@ -17,10 +17,10 @@ #include linux/interrupt.h #include linux/init.h #include linux/irq.h
2.6.23-rc4-mm1: e1000e napi lockup
Hi, I found a regression in 2.6.23-rc4-mm1 (since -rc3-mm1) in e1000e driver. napi_disable(adapter-napi) in e1000_probe freezes the kernel on boot. regards, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 4/5] Net: ath5k, license is GPLv2
On 8/29/07, Johannes Berg [EMAIL PROTECTED] wrote: On Tue, 2007-08-28 at 12:00 -0400, Jiri Slaby wrote: The files are available only under GPLv2 since now. Since the BSD people are already getting upset about (for various reasons among which seem to be a clear non-understanding) I'd suggest changing it to: yes, please. Can somebody do it, I'm away from my box. + * Parts of this file were originally licenced under the BSD licence: + * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Further changes to this file since the moment this notice was extended + * are now distributed under the terms of the GPL version two as published + * by the Free Software Foundation yaddaya johannes - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/4] Net: ath5k, use short preamble for some rates
Johannes Berg napsal(a): On Sat, 2007-08-25 at 03:58 -0400, Jiri Slaby wrote: ath5k, use short preamble for some rates 2, 5.5 and 11 in b/g are now in short preamble mode umm, mac80211 needs to be able to choose depending on the network. Hmm, misleading log comment. It should be 'can now be in SP mode'. thanks, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/5] Net: ath5k, switch to ioread/iowrite
ath5k, switch to ioread/iowrite Do not use readl/writel, since iomap retval is platform dependent and needn't be virtual address awaited by readl/writel. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 64b9d0578668fe8c7a43eadace673bc3e57fc22b tree 4990ed95e4112d79830d306ab6ae7afb2235f190 parent f65aa1c7d680d1bcde1ae20749eeda6d3ec02652 author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:06:28 +0200 committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:24:50 +0200 drivers/net/wireless/ath5k.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h index 0bb62dc..26f1229 100644 --- a/drivers/net/wireless/ath5k.h +++ b/drivers/net/wireless/ath5k.h @@ -1018,12 +1018,12 @@ extern int ath5k_hw_set_txpower_limit(struct ath_hw *hal, unsigned int power); static inline u32 ath5k_hw_reg_read(struct ath_hw *hal, u16 reg) { - return readl(hal-ah_sh + reg); + return ioread32(hal-ah_sh + reg); } static inline void ath5k_hw_reg_write(struct ath_hw *hal, u32 val, u16 reg) { - writel(val, hal-ah_sh + reg); + iowrite32(val, hal-ah_sh + reg); } #endif - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/5] Net: ath5k, use int as retval
ath5k, use int as retval Convert some functions to return int and proper negative return value on error as we are used to. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit ceeaf6b9aac9daaa41ec38fbba3d2c1972af4470 tree 44cd0736147325e35c32274eb53bd543fb1510a9 parent 64b9d0578668fe8c7a43eadace673bc3e57fc22b author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:10:36 +0200 committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:24:57 +0200 drivers/net/wireless/ath5k.h | 27 +++--- drivers/net/wireless/ath5k_base.c |2 drivers/net/wireless/ath5k_hw.c | 169 + 3 files changed, 91 insertions(+), 107 deletions(-) diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h index 26f1229..0c6f3f5 100644 --- a/drivers/net/wireless/ath5k.h +++ b/drivers/net/wireless/ath5k.h @@ -919,10 +919,10 @@ extern int ath5k_hw_stop_rx_dma(struct ath_hw *hal); extern u32 ath5k_hw_get_rx_buf(struct ath_hw *hal); extern void ath5k_hw_put_rx_buf(struct ath_hw *hal, u32 phys_addr); extern int ath5k_hw_tx_start(struct ath_hw *hal, unsigned int queue); -extern bool ath5k_hw_stop_tx_dma(struct ath_hw *hal, unsigned int queue); +extern int ath5k_hw_stop_tx_dma(struct ath_hw *hal, unsigned int queue); extern u32 ath5k_hw_get_tx_buf(struct ath_hw *hal, unsigned int queue); extern int ath5k_hw_put_tx_buf(struct ath_hw *hal, unsigned int queue, u32 phys_addr); -extern bool ath5k_hw_update_tx_triglevel(struct ath_hw *hal, bool increase); +extern int ath5k_hw_update_tx_triglevel(struct ath_hw *hal, bool increase); /* Interrupt handling */ extern bool ath5k_hw_is_intr_pending(struct ath_hw *hal); extern int ath5k_hw_get_isr(struct ath_hw *hal, enum ath5k_int *interrupt_mask); @@ -930,19 +930,19 @@ extern enum ath5k_int ath5k_hw_set_intr(struct ath_hw *hal, enum ath5k_int new_m /* EEPROM access functions */ extern int ath5k_hw_set_regdomain(struct ath_hw *hal, u16 regdomain); /* Protocol Control Unit Functions */ -extern void ath5k_hw_set_opmode(struct ath_hw *hal); +extern int ath5k_hw_set_opmode(struct ath_hw *hal); /* BSSID Functions */ extern void ath5k_hw_get_lladdr(struct ath_hw *hal, u8 *mac); -extern bool ath5k_hw_set_lladdr(struct ath_hw *hal, const u8 *mac); +extern int ath5k_hw_set_lladdr(struct ath_hw *hal, const u8 *mac); extern void ath5k_hw_set_associd(struct ath_hw *hal, const u8 *bssid, u16 assoc_id); -extern bool ath5k_hw_set_bssid_mask(struct ath_hw *hal, const u8 *mask); +extern int ath5k_hw_set_bssid_mask(struct ath_hw *hal, const u8 *mask); /* Receive start/stop functions */ extern void ath5k_hw_start_rx_pcu(struct ath_hw *hal); extern void ath5k_hw_stop_pcu_recv(struct ath_hw *hal); /* RX Filter functions */ extern void ath5k_hw_set_mcast_filter(struct ath_hw *hal, u32 filter0, u32 filter1); -extern bool ath5k_hw_set_mcast_filterindex(struct ath_hw *hal, u32 index); -extern bool ath5k_hw_clear_mcast_filter_idx(struct ath_hw *hal, u32 index); +extern int ath5k_hw_set_mcast_filterindex(struct ath_hw *hal, u32 index); +extern int ath5k_hw_clear_mcast_filter_idx(struct ath_hw *hal, u32 index); extern u32 ath5k_hw_get_rx_filter(struct ath_hw *ah); extern void ath5k_hw_set_rx_filter(struct ath_hw *ah, u32 filter); /* Beacon related functions */ @@ -950,14 +950,14 @@ extern u32 ath5k_hw_get_tsf32(struct ath_hw *hal); extern u64 ath5k_hw_get_tsf64(struct ath_hw *hal); extern void ath5k_hw_reset_tsf(struct ath_hw *hal); extern void ath5k_hw_init_beacon(struct ath_hw *hal, u32 next_beacon, u32 interval); -extern void ath5k_hw_set_beacon_timers(struct ath_hw *hal, const struct ath5k_beacon_state *state); +extern int ath5k_hw_set_beacon_timers(struct ath_hw *hal, const struct ath5k_beacon_state *state); extern void ath5k_hw_reset_beacon(struct ath_hw *hal); -extern bool ath5k_hw_wait_for_beacon(struct ath_hw *hal, unsigned long phys_addr); +extern int ath5k_hw_wait_for_beacon(struct ath_hw *hal, unsigned long phys_addr); extern void ath5k_hw_update_mib_counters(struct ath_hw *hal, struct ath5k_mib_stats *statistics); /* ACK/CTS Timeouts */ -extern bool ath5k_hw_set_ack_timeout(struct ath_hw *hal, unsigned int timeout); +extern int ath5k_hw_set_ack_timeout(struct ath_hw *hal, unsigned int timeout); extern unsigned int ath5k_hw_get_ack_timeout(struct ath_hw *hal); -extern bool ath5k_hw_set_cts_timeout(struct ath_hw *hal, unsigned int timeout); +extern int ath5k_hw_set_cts_timeout(struct ath_hw *hal, unsigned int timeout); extern unsigned int ath5k_hw_get_cts_timeout(struct ath_hw *hal); /* Key table (WEP) functions */ extern int ath5k_hw_reset_key(struct ath_hw *hal, u16 entry); @@ -971,7 +971,7 @@ extern int ath5k_hw_get_tx_queueprops(struct ath_hw *hal, int queue, struct ath5 extern void ath5k_hw_release_tx_queue(struct ath_hw *hal, unsigned int queue); extern int ath5k_hw_reset_tx_queue(struct ath_hw *hal, unsigned int queue); extern u32 ath5k_hw_num_tx_pending(struct ath_hw *hal, unsigned int queue
[PATCH 4/5] Net: ath5k, license is GPLv2
ath5k, license is GPLv2 The files are available only under GPLv2 since now. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 330c2ab9a53ddce27003218bd546034e8eeeff17 tree b24cecd991fbe3046d5c5269c61e0090427e4fd3 parent ceeaf6b9aac9daaa41ec38fbba3d2c1972af4470 author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:27:51 +0200 committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 16:27:51 +0200 drivers/net/wireless/ath5k.h| 12 +--- drivers/net/wireless/ath5k_base.c | 22 +++--- drivers/net/wireless/ath5k_base.h | 33 + drivers/net/wireless/ath5k_hw.c | 13 + drivers/net/wireless/ath5k_hw.h | 12 +--- drivers/net/wireless/ath5k_reg.h| 31 +-- drivers/net/wireless/ath5k_regdom.c |4 +--- drivers/net/wireless/ath5k_regdom.h |4 +--- 8 files changed, 10 insertions(+), 121 deletions(-) diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h index 0c6f3f5..c76b97b 100644 --- a/drivers/net/wireless/ath5k.h +++ b/drivers/net/wireless/ath5k.h @@ -2,17 +2,7 @@ * Copyright (c) 2004-2007 Reyk Floeter [EMAIL PROTECTED] * Copyright (c) 2006-2007 Nick Kossifidis [EMAIL PROTECTED] * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * This file is released under GPLv2 */ #ifndef _ATH5K_H diff --git a/drivers/net/wireless/ath5k_base.c b/drivers/net/wireless/ath5k_base.c index 5ee36b5..8703988 100644 --- a/drivers/net/wireless/ath5k_base.c +++ b/drivers/net/wireless/ath5k_base.c @@ -4,25 +4,9 @@ * Copyright (c) 2007 Jiri Slaby [EMAIL PROTECTED] * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - *notice, this list of conditions and the following disclaimer, - *without modification. - * 2. Redistributions in binary form must reproduce at minimum a disclaimer - *similar to the NO WARRANTY disclaimer below (Disclaimer) and any - *redistribution must be conditioned upon including a substantially - *similar Disclaimer requirement for further binary redistribution. - * 3. Neither the names of the above-listed copyright holders nor the names - *of any contributors may be used to endorse or promote products derived - *from this software without specific prior written permission. - * - * Alternatively, this software may be distributed under the terms of the - * GNU General Public License (GPL) version 2 as published by the Free - * Software Foundation. - * + * This file is released under GPLv2 */ + #defineATH_PCI_VERSION 0.9.5.0-BSD #include linux/version.h @@ -2530,5 +2514,5 @@ module_exit(exit_ath_pci); MODULE_AUTHOR(Jiri Slaby); MODULE_DESCRIPTION(Support for Atheros 802.11 wireless LAN cards.); MODULE_SUPPORTED_DEVICE(Atheros WLAN cards); -MODULE_LICENSE(Dual BSD/GPL); +MODULE_LICENSE(GPL v2); MODULE_VERSION(ATH_PCI_VERSION (EXPERIMENTAL)); diff --git a/drivers/net/wireless/ath5k_base.h b/drivers/net/wireless/ath5k_base.h index 15560ad..aa07dfb 100644 --- a/drivers/net/wireless/ath5k_base.h +++ b/drivers/net/wireless/ath5k_base.h @@ -2,38 +2,7 @@ * Copyright (c) 2002-2007 Sam Leffler, Errno Consulting * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - *notice, this list of conditions and the following disclaimer, - *without modification. - * 2. Redistributions in binary form must reproduce at minimum a disclaimer - *similar to the NO WARRANTY disclaimer below (Disclaimer) and any - *redistribution must be conditioned upon including a substantially - *similar Disclaimer requirement for further binary redistribution. - * 3. Neither the names of the above-listed copyright holders nor the names - *of any contributors may be used to endorse or promote products derived - *from this software without specific prior written permission. - * - * Alternatively, this software may be distributed under
[PATCH 5/5] Net: ath5k, kconfig changes
ath5k, kconfig changes - build 5120, 5111 and 5112 optionally - alter Kconfig text Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 0902114e92b19bc080780f21f98807688244fc8f tree d7b4a039e4d14ae73faf1b33907c38825d198461 parent 330c2ab9a53ddce27003218bd546034e8eeeff17 author Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 17:39:44 +0200 committer Jiri Slaby [EMAIL PROTECTED] Tue, 28 Aug 2007 17:39:44 +0200 drivers/net/wireless/Kconfig| 30 +++ drivers/net/wireless/ath5k_hw_inivals.c | 35 --- drivers/net/wireless/ath5k_hw_phy.c | 24 + 3 files changed, 77 insertions(+), 12 deletions(-) diff --git a/drivers/net/wireless/Kconfig b/drivers/net/wireless/Kconfig index 00b4fcd..a4608f9 100644 --- a/drivers/net/wireless/Kconfig +++ b/drivers/net/wireless/Kconfig @@ -856,18 +856,30 @@ config IWL3945 will be called iwl3945.ko. config ATH5K - tristate Atheros 5xxx wireless cards support - depends on MAC80211 - depends on PCI - default m + tristate Atheros 5xxx PCI/Cardbus wireless cards + depends on PCI MAC80211 WLAN_80211 EXPERIMENTAL ---help--- - This module adds support for atheros 5xxx (e.g. 5212) wireless - cards. If you have this card in your PC, select this to be build. + Say Y here if you intend to attach an Atheros 5xxx + series Cardbus or PCI wireless Ethernet networking card to + your computer. This driver uses mac80211 stack. - This driver uses the kernel's mac80211 subsystem. + To compile this driver as a module, choose M here: the module will be + called ath5k. If unsure, say M. - If you choose to build a module, it'll be called ath5k. Say M if - unsure. +config ATH5K_AR5210 + bool Support AR5210 + depends on ATH5K + default y + +config ATH5K_AR5211 + bool Support AR5211 + depends on ATH5K + default y + +config ATH5K_AR5212 + bool Support AR5212 + depends on ATH5K + default y source drivers/net/wireless/hostap/Kconfig source drivers/net/wireless/bcm43xx/Kconfig diff --git a/drivers/net/wireless/ath5k_hw_inivals.c b/drivers/net/wireless/ath5k_hw_inivals.c index 062e03d..0531ad3 100644 --- a/drivers/net/wireless/ath5k_hw_inivals.c +++ b/drivers/net/wireless/ath5k_hw_inivals.c @@ -38,6 +38,7 @@ struct ath5k_ini_mode { u32 mode_value[5]; }; +#ifdef CONFIG_ATH5K_AR5210 /* Initial register settings for AR5210 */ static const struct ath5k_ini ar5210_ini[] = { /* PCU and MAC registers */ @@ -249,7 +250,9 @@ static const struct ath5k_ini ar5210_ini[] = { { AR5K_PHY(52), 0x0014 }, { AR5K_PHY_ACT, AR5K_PHY_ACT_ENABLE }, }; +#endif +#ifdef CONFIG_ATH5K_AR5211 /* Initial register settings for AR5211 */ static const struct ath5k_ini ar5211_ini[] = { { AR5K_RXDP,0x }, @@ -448,7 +451,9 @@ static const struct ath5k_ini_mode ar5211_ini_mode[] = { { AR5K_RF_BUFFER_CONTROL_4, { 0x0010, 0x0014, 0x0010, 0x0010, 0x0010 } }, }; +#endif +#ifdef CONFIG_ATH5K_AR5212 /* Initial register settings for AR5212 */ static const struct ath5k_ini ar5212_ini[] = { { AR5K_RXDP,0x }, @@ -842,12 +847,14 @@ static const struct ath5k_ini_mode ar5212_rf5112_ini_mode[] = { { AR5K_PHY_GAIN_2GHZ, { 0x642c0140, 0x642c0140, 0x6442c160, 0x6442c160, 0x6442c160 } }, }; +#endif /* * Initial BaseBand Gain settings for RF5111/5112 (only AR5210 comes with * RF5110 so initial BB Gain settings are included in AR5K_AR5210_INI) */ +#if defined(CONFIG_ATH5K_AR5211) || defined (CONFIG_ATH5K_AR5212) /* RF5111 Initial BaseBand Gain settings */ static const struct ath5k_ini rf5111_ini_bbgain[] = { { AR5K_BB_GAIN(0), 0x }, @@ -915,7 +922,9 @@ static const struct ath5k_ini rf5111_ini_bbgain[] = { { AR5K_BB_GAIN(62), 0x0002 }, { AR5K_BB_GAIN(63), 0x0016 }, }; +#endif +#ifdef CONFIG_ATH5K_AR5212 /* RF 5112 Initial BaseBand Gain settings */ static const struct ath5k_ini rf5112_ini_bbgain[] = { { AR5K_BB_GAIN(0), 0x }, @@ -983,7 +992,10 @@ static const struct ath5k_ini rf5112_ini_bbgain[] = { { AR5K_BB_GAIN(62), 0x0010 }, { AR5K_BB_GAIN(63), 0x001a }, }; +#endif +#if defined(CONFIG_ATH5K_AR5210) || defined(CONFIG_ATH5K_AR5211) \ + || defined(CONFIG_ATH5K_AR5212) /* * Write initial register dump */ @@ -1014,7 +1026,12 @@ static void ath5k_hw_ini_registers(struct ath_hw *hal, unsigned int size, } } } +#endif +#if defined(CONFIG_ATH5K_AR5211) || defined(CONFIG_ATH5K_AR5212) +/* + * Write initial mode-specific register dump + */ static void ath5k_hw_ini_mode_registers(struct ath_hw *hal, unsigned int size, const struct ath5k_ini_mode
[PATCH 3/4] Net: ath5k, use short preamble for some rates
ath5k, use short preamble for some rates 2, 5.5 and 11 in b/g are now in short preamble mode Signed-off-by: Jiri Slaby [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] --- commit 0a11d301ccb5caf1c9738a7307002a5295aecd58 tree f812c3fb91651437c7b434afbd4f8dc8435611f0 parent 0aebc8bb5574b6b0cc8f9f0d73672c1bee5cbfbb author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:24:05 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:24:05 +0200 drivers/net/wireless/ath5k.h | 12 ++-- 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h index c70cd30..ad5e196 100644 --- a/drivers/net/wireless/ath5k.h +++ b/drivers/net/wireless/ath5k.h @@ -613,9 +613,9 @@ struct ath5k_rate_table { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \ 3, 2, 1, 0, 255, 255, 255, 255 }, { \ { 1, MODULATION_CCK, 1000, 27, 130, 0 },\ - { 1, MODULATION_CCK, 2000, 26, 132, 1 },\ - { 1, MODULATION_CCK, 5500, 25, 139, 1 },\ - { 1, MODULATION_CCK, 11000, 24, 150, 1 } } \ + { 1, MODULATION_CCK_SP, 2000, 26, 132, 1 }, \ + { 1, MODULATION_CCK_SP, 5500, 25, 139, 1 }, \ + { 1, MODULATION_CCK_SP, 11000, 24, 150, 1 } } \ } #define AR5K_RATES_11G { 12, { \ @@ -623,9 +623,9 @@ struct ath5k_rate_table { 11, 9, 7, 5, 255, 255, 255, 255, 255, 255, 255, 255,\ 3, 2, 1, 0, 255, 255, 255, 255 }, { \ { 1, MODULATION_CCK, 1000, 27, 2, 0 }, \ - { 1, MODULATION_CCK, 2000, 26, 4, 1 }, \ - { 1, MODULATION_CCK, 5500, 25, 11, 1 }, \ - { 1, MODULATION_CCK, 11000, 24, 22, 1 },\ + { 1, MODULATION_CCK_SP, 2000, 26, 4, 1 }, \ + { 1, MODULATION_CCK_SP, 5500, 25, 11, 1 }, \ + { 1, MODULATION_CCK_SP, 11000, 24, 22, 1 }, \ { 0, MODULATION_OFDM, 6000, 11, 12, 4 },\ { 0, MODULATION_OFDM, 9000, 15, 18, 4 },\ { 1, MODULATION_OFDM, 12000, 10, 24, 6 }, \ - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 4/4] Net: ath5k, remove some ieee80211 re-defines
ath5k, remove some ieee80211 re-defines use mac80211 defines directly instead. this means MODULATION_* to IEEE80211_RATE_* switch. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] --- commit c858c1b27bfb4c58c9ebfa24de0d6442e364db97 tree 1add137b1e95ca1b4905441b5e30c779f8801c36 parent 0a11d301ccb5caf1c9738a7307002a5295aecd58 author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:25:32 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:25:32 +0200 drivers/net/wireless/ath5k.h | 92 ++--- drivers/net/wireless/ath5k_base.c |2 - drivers/net/wireless/ath5k_hw.c |9 ++-- 3 files changed, 50 insertions(+), 53 deletions(-) diff --git a/drivers/net/wireless/ath5k.h b/drivers/net/wireless/ath5k.h index ad5e196..78d7cb2 100644 --- a/drivers/net/wireless/ath5k.h +++ b/drivers/net/wireless/ath5k.h @@ -82,7 +82,7 @@ #define AR5K_TUNE_ADDITIONAL_SWBA_BACKOFF 0 #define AR5K_TUNE_RADAR_ALERT false #define AR5K_TUNE_MIN_TX_FIFO_THRES1 -#define AR5K_TUNE_MAX_TX_FIFO_THRES((MAX_PDU_LENGTH / 64) + 1) +#define AR5K_TUNE_MAX_TX_FIFO_THRES((IEEE80211_MAX_LEN / 64) + 1) #define AR5K_TUNE_RSSI_THRES 1792 #define AR5K_TUNE_REGISTER_TIMEOUT 2 #define AR5K_TUNE_REGISTER_DWELL_TIME 2 @@ -187,18 +187,14 @@ struct ath5k_srev_name { #define IEEE80211_MAX_LEN 2500 -#define MAX_PDU_LENGTH IEEE80211_MAX_LEN -#define MODULATION_CCK IEEE80211_RATE_CCK -#define MODULATION_OFDMIEEE80211_RATE_OFDM -#define MODULATION_TURBO IEEE80211_RATE_TURBO +/* TODO Merge this to mac80211 */ #define MODULATION_XR 0x0200 /*XR thingie*/ -#define MODULATION_CCK_SP IEEE80211_RATE_CCK_2 /*CCK + Shortpreamble*/ #define AR5K_SET_SHORT_PREAMBLE 0x04 /* adding this flag to rate_code enables short preamble, see ar5212_reg.h */ -#define HAS_SHPREAMBLE(_ix) (rt-rates[_ix].modulation == MODULATION_CCK_SP) -#define SHPREAMBLE_FLAG(_ix) HAS_SHPREAMBLE(_ix)?AR5K_SET_SHORT_PREAMBLE:0 +#define HAS_SHPREAMBLE(_ix) (rt-rates[_ix].modulation == IEEE80211_RATE_CCK_2) +#define SHPREAMBLE_FLAG(_ix) (HAS_SHPREAMBLE(_ix) ? AR5K_SET_SHORT_PREAMBLE : 0) /\ TX DEFINITIONS @@ -598,56 +594,56 @@ struct ath5k_rate_table { 255, 255, 255, 255, 255, 255, 255, 255, 6, 4, 2, 0, \ 7, 5, 3, 1, 255, 255, 255, 255, 255, 255, 255, 255, \ 255, 255, 255, 255, 255, 255, 255, 255 }, { \ - { 1, MODULATION_OFDM, 6000, 11, 140, 0 }, \ - { 1, MODULATION_OFDM, 9000, 15, 18, 0 },\ - { 1, MODULATION_OFDM, 12000, 10, 152, 2 }, \ - { 1, MODULATION_OFDM, 18000, 14, 36, 2 }, \ - { 1, MODULATION_OFDM, 24000, 9, 176, 4 }, \ - { 1, MODULATION_OFDM, 36000, 13, 72, 4 }, \ - { 1, MODULATION_OFDM, 48000, 8, 96, 4 },\ - { 1, MODULATION_OFDM, 54000, 12, 108, 4 } } \ + { 1, IEEE80211_RATE_OFDM, 6000, 11, 140, 0 }, \ + { 1, IEEE80211_RATE_OFDM, 9000, 15, 18, 0 },\ + { 1, IEEE80211_RATE_OFDM, 12000, 10, 152, 2 }, \ + { 1, IEEE80211_RATE_OFDM, 18000, 14, 36, 2 }, \ + { 1, IEEE80211_RATE_OFDM, 24000, 9, 176, 4 }, \ + { 1, IEEE80211_RATE_OFDM, 36000, 13, 72, 4 }, \ + { 1, IEEE80211_RATE_OFDM, 48000, 8, 96, 4 },\ + { 1, IEEE80211_RATE_OFDM, 54000, 12, 108, 4 } } \ } #define AR5K_RATES_11B { 4, { \ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, \ 3, 2, 1, 0, 255, 255, 255, 255 }, { \ - { 1, MODULATION_CCK, 1000, 27, 130, 0 },\ - { 1, MODULATION_CCK_SP, 2000, 26, 132, 1 }, \ - { 1, MODULATION_CCK_SP, 5500, 25, 139, 1 }, \ - { 1, MODULATION_CCK_SP, 11000, 24, 150, 1 } } \ + { 1, IEEE80211_RATE_CCK, 1000, 27, 130, 0 },\ + { 1, IEEE80211_RATE_CCK_2, 2000, 26, 132, 1 }, \ + { 1, IEEE80211_RATE_CCK_2, 5500, 25, 139, 1 }, \ + { 1, IEEE80211_RATE_CCK_2, 11000, 24, 150, 1 } }\ } #define AR5K_RATES_11G { 12, { \ 255, 255, 255, 255, 255, 255, 255, 255, 10, 8, 6, 4,\ 11, 9, 7, 5, 255, 255, 255, 255, 255, 255, 255, 255,\ 3, 2, 1, 0, 255, 255, 255, 255 }, { \ - { 1, MODULATION_CCK, 1000, 27, 2, 0 }, \ - { 1, MODULATION_CCK_SP, 2000, 26, 4, 1 }, \ - { 1, MODULATION_CCK_SP, 5500, 25, 11, 1 }, \ - { 1, MODULATION_CCK_SP, 11000, 24, 22, 1
[PATCH 1/1] MAINTAINERS, order NETERION alphabetically
MAINTAINERS, order NETERION alphabetically Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit f5f10b061961546a77300f3ebe92abd9cb5b9b48 tree 90ad6e22504aeaadb17309d01996eb6cd7eb5a93 parent c858c1b27bfb4c58c9ebfa24de0d6442e364db97 author Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:39:05 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 25 Aug 2007 09:39:05 +0200 MAINTAINERS | 26 +- 1 files changed, 13 insertions(+), 13 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 16a8abd..c986d11 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2654,6 +2654,19 @@ M: [EMAIL PROTECTED] L: [EMAIL PROTECTED] S: Maintained +NETERION (S2IO) Xframe 10GbE DRIVER +P: Ramkrishna Vepa +M: [EMAIL PROTECTED] +P: Rastapur Santosh +M: [EMAIL PROTECTED] +P: Sivakumar Subramani +M: [EMAIL PROTECTED] +P: Sreenivasa Honnur +M: [EMAIL PROTECTED] +L: netdev@vger.kernel.org +W: http://trac.neterion.com/cgi-bin/trac.cgi/wiki/TitleIndex?anonymous +S: Supported + NETFILTER/IPTABLES/IPCHAINS P: Rusty Russell P: Marc Boucher @@ -2788,19 +2801,6 @@ M: [EMAIL PROTECTED] L: [EMAIL PROTECTED] (subscribers-only) S: Maintained -NETERION (S2IO) Xframe 10GbE DRIVER -P: Ramkrishna Vepa -M: [EMAIL PROTECTED] -P: Rastapur Santosh -M: [EMAIL PROTECTED] -P: Sivakumar Subramani -M: [EMAIL PROTECTED] -P: Sreenivasa Honnur -M: [EMAIL PROTECTED] -L: netdev@vger.kernel.org -W: http://trac.neterion.com/cgi-bin/trac.cgi/wiki/TitleIndex?anonymous -S: Supported - OPENCORES I2C BUS DRIVER P: Peter Korsgaard M: [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH -mm] ath5k: remove sysctl(2) support
Alexey Dobriyan napsal(a): sysctl(2) is supported but frozen. I've posted similar patch yesterday: http://marc.info/?l=linux-mm-commitsm=118782442602108w=2 Signed-off-by: Alexey Dobriyan [EMAIL PROTECTED] --- drivers/net/wireless/ath5k_base.c | 21 ++--- 1 file changed, 6 insertions(+), 15 deletions(-) --- a/drivers/net/wireless/ath5k_base.c +++ b/drivers/net/wireless/ath5k_base.c @@ -2438,21 +2438,12 @@ static struct pci_driver ath_pci_drv_id = { .resume = ath_pci_resume, }; -/* - * Static (i.e. global) sysctls. Note that the hal sysctls - * are located under ours by sharing the setting for DEV_ATH. - */ -enum { - DEV_ATH = 9,/* XXX known by hal */ -}; - static int mincalibrate = 1; static int maxcalibrate = INT_MAX / 1000; -#define CTL_AUTO-2 /* cannot be CTL_ANY or CTL_NONE */ static ctl_table ath_static_sysctls[] = { #if AR_DEBUG - { .ctl_name = CTL_AUTO, + { .procname = debug, .mode = 0644, .data = ath_debug, @@ -2460,28 +2451,28 @@ static ctl_table ath_static_sysctls[] = { .proc_handler = proc_dointvec }, #endif - { .ctl_name = CTL_AUTO, + { .procname = countrycode, .mode = 0444, .data = countrycode, .maxlen = sizeof(countrycode), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = outdoor, .mode = 0444, .data = outdoor, .maxlen = sizeof(outdoor), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = xchanmode, .mode = 0444, .data = xchanmode, .maxlen = sizeof(xchanmode), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = calibrate, .mode = 0644, .data = ath_calinterval, @@ -2493,7 +2484,7 @@ static ctl_table ath_static_sysctls[] = { { 0 } }; static ctl_table ath_ath_table[] = { - { .ctl_name = DEV_ATH, + { .procname = ath, .mode = 0555, .child= ath_static_sysctls Anyway thanks! -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/2] Net: ath5k, remove sysctls
ath5k, remove sysctls Syscalls were buggy and defunct in later kernels (due to sysctl check). Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 069bfbe93facb3468f579568434d18f1268a487c tree 87c19ebf2c91d9fb07f1847adcb6098f2235eaaa parent b01c0e9a02b248c3e2f2923da9728ba2c3961dee author Jiri Slaby [EMAIL PROTECTED] Wed, 22 Aug 2007 22:48:41 +0200 committer Jiri Slaby [EMAIL PROTECTED] Wed, 22 Aug 2007 22:48:41 +0200 drivers/net/wireless/ath5k_base.c | 23 --- 1 files changed, 8 insertions(+), 15 deletions(-) diff --git a/drivers/net/wireless/ath5k_base.c b/drivers/net/wireless/ath5k_base.c index 2ce82ed..7f938c4 100644 --- a/drivers/net/wireless/ath5k_base.c +++ b/drivers/net/wireless/ath5k_base.c @@ -2440,21 +2440,13 @@ static struct pci_driver ath_pci_drv_id = { .resume = ath_pci_resume, }; -/* - * Static (i.e. global) sysctls. Note that the hal sysctls - * are located under ours by sharing the setting for DEV_ATH. - */ -enum { - DEV_ATH = 9,/* XXX known by hal */ -}; - static int mincalibrate = 1; static int maxcalibrate = INT_MAX / 1000; #defineCTL_AUTO-2 /* cannot be CTL_ANY or CTL_NONE */ static ctl_table ath_static_sysctls[] = { #if AR_DEBUG - { .ctl_name = CTL_AUTO, + { .procname = debug, .mode = 0644, .data = ath_debug, @@ -2462,28 +2454,28 @@ static ctl_table ath_static_sysctls[] = { .proc_handler = proc_dointvec }, #endif - { .ctl_name = CTL_AUTO, + { .procname = countrycode, .mode = 0444, .data = countrycode, .maxlen = sizeof(countrycode), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = outdoor, .mode = 0444, .data = outdoor, .maxlen = sizeof(outdoor), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = xchanmode, .mode = 0444, .data = xchanmode, .maxlen = sizeof(xchanmode), .proc_handler = proc_dointvec }, - { .ctl_name = CTL_AUTO, + { .procname = calibrate, .mode = 0644, .data = ath_calinterval, @@ -2495,14 +2487,15 @@ static ctl_table ath_static_sysctls[] = { { 0 } }; static ctl_table ath_ath_table[] = { - { .ctl_name = DEV_ATH, + { .procname = ath, .mode = 0555, .child= ath_static_sysctls }, { 0 } }; static ctl_table ath_root_table[] = { - { .ctl_name = CTL_DEV, + { + .ctl_name = CTL_DEV, .procname = dev, .mode = 0555, .child= ath_ath_table - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/4 #2] Net: mac80211, remove bitfields from struct ieee80211_tx_packet_data
mac80211, remove bitfields from struct ieee80211_tx_packet_data Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit b7844000ba006531bd2133e8097fa27724efe3c2 tree ba74c93d4c8f1ef7d7c4a3f45af9a24cf3a6d329 parent a050b807aede7f9c6bee0bef1c07cd9c5fc4 author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:23:58 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:23:58 +0200 net/mac80211/ieee80211.c | 15 +++ net/mac80211/ieee80211_i.h | 12 +++- net/mac80211/ieee80211_sta.c |6 -- net/mac80211/rx.c|4 ++-- net/mac80211/tx.c| 23 --- net/mac80211/wme.c |4 ++-- 6 files changed, 38 insertions(+), 26 deletions(-) diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index 9ff86ee..0952237 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -933,10 +933,17 @@ static void ieee80211_remove_tx_extra(struct ieee80211_local *local, pkt_data = (struct ieee80211_tx_packet_data *)skb-cb; pkt_data-ifindex = control-ifindex; - pkt_data-mgmt_iface = (control-type == IEEE80211_IF_TYPE_MGMT); - pkt_data-req_tx_status = !!(control-flags IEEE80211_TXCTL_REQ_TX_STATUS); - pkt_data-do_not_encrypt = !!(control-flags IEEE80211_TXCTL_DO_NOT_ENCRYPT); - pkt_data-requeue = !!(control-flags IEEE80211_TXCTL_REQUEUE); + pkt_data-flags = ~(IEEE80211_TXPD_REQ_TX_STATUS | + IEEE80211_TXPD_DO_NOT_ENCRYPT | IEEE80211_TXPD_REQUEUE | + IEEE80211_TXPD_MGMT_IFACE); + if (control-flags IEEE80211_TXCTL_REQ_TX_STATUS) + pkt_data-flags |= IEEE80211_TXPD_REQ_TX_STATUS; + if (control-flags IEEE80211_TXCTL_DO_NOT_ENCRYPT) + pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT; + if (control-flags IEEE80211_TXCTL_REQUEUE) + pkt_data-flags |= IEEE80211_TXPD_REQUEUE; + if (control-type == IEEE80211_IF_TYPE_MGMT) + pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE; pkt_data-queue = control-queue; hdrlen = ieee80211_get_hdrlen_from_skb(skb); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 4599d55..8163a5a 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -166,15 +166,17 @@ struct ieee80211_txrx_data { #endif /* CONFIG_HOSTAPD_WPA_TESTING */ }; +/* flags used in struct ieee80211_tx_packet_data.flags */ +#define IEEE80211_TXPD_REQ_TX_STATUS BIT(0) +#define IEEE80211_TXPD_DO_NOT_ENCRYPT BIT(1) +#define IEEE80211_TXPD_REQUEUE BIT(2) +#define IEEE80211_TXPD_MGMT_IFACE BIT(3) /* Stored in sk_buff-cb */ struct ieee80211_tx_packet_data { int ifindex; unsigned long jiffies; - unsigned int req_tx_status:1; - unsigned int do_not_encrypt:1; - unsigned int requeue:1; - unsigned int mgmt_iface:1; - unsigned int queue:4; + unsigned int flags; + u8 queue; }; struct ieee80211_tx_stored_packet { diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c index b996332..75521ae 100644 --- a/net/mac80211/ieee80211_sta.c +++ b/net/mac80211/ieee80211_sta.c @@ -506,8 +506,10 @@ static void ieee80211_sta_tx(struct net_device *dev, struct sk_buff *skb, pkt_data = (struct ieee80211_tx_packet_data *) skb-cb; memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data)); pkt_data-ifindex = sdata-dev-ifindex; - pkt_data-mgmt_iface = (sdata-type == IEEE80211_IF_TYPE_MGMT); - pkt_data-do_not_encrypt = !encrypt; + if (sdata-type == IEEE80211_IF_TYPE_MGMT) + pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE; + if (!encrypt) + pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT; dev_queue_xmit(skb); } diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 0a10720..948eb2f 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -415,7 +415,7 @@ static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta) while ((skb = skb_dequeue(sta-tx_filtered)) != NULL) { pkt_data = (struct ieee80211_tx_packet_data *) skb-cb; sent++; - pkt_data-requeue = 1; + pkt_data-flags |= IEEE80211_TXPD_REQUEUE; dev_queue_xmit(skb); } while ((skb = skb_dequeue(sta-ps_tx_buf)) != NULL) { @@ -427,7 +427,7 @@ static int ap_sta_ps_end(struct net_device *dev, struct sta_info *sta) since STA not sleeping anymore\n, dev-name, MAC_ARG(sta-addr), sta-aid); #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ - pkt_data-requeue = 1; + pkt_data-flags |= IEEE80211_TXPD_REQUEUE; dev_queue_xmit(skb); } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index b57a592..3d05f8f 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1248,11 +1248,11 @@ int
[PATCH 2/4 #2] Net: mac80211, remove bitfields from struct ieee80211_txrx_data
mac80211, remove bitfields from struct ieee80211_txrx_data Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit bb1e8d28c269abe10378d39c2050ad2653c4f1a9 tree a44c0c27ffaeb917f9e4753019d4cbc17e4c341a parent b7844000ba006531bd2133e8097fa27724efe3c2 author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:25:56 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:25:56 +0200 net/mac80211/ieee80211_i.h | 22 --- net/mac80211/rx.c | 64 +--- net/mac80211/tx.c | 61 +- net/mac80211/wpa.c | 14 +- 4 files changed, 91 insertions(+), 70 deletions(-) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 8163a5a..0c4b73c 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -119,6 +119,16 @@ typedef enum { TXRX_CONTINUE, TXRX_DROP, TXRX_QUEUED } ieee80211_txrx_result; +/* flags used in struct ieee80211_txrx_data.flags */ +/* whether the MSDU was fragmented */ +#define IEEE80211_TXRXD_FRAGMENTED BIT(0) +#define IEEE80211_TXRXD_TXUNICAST BIT(1) +#define IEEE80211_TXRXD_TXPS_BUFFERED BIT(2) +#define IEEE80211_TXRXD_TXPROBE_LAST_FRAG BIT(3) +#define IEEE80211_TXRXD_RXIN_SCAN BIT(4) +/* frame is destined to interface currently processed (incl. multicast frames) */ +#define IEEE80211_TXRXD_RXRA_MATCH BIT(5) +#define IEEE80211_TXRXD_RXIS_AGG_FRAME BIT(6) struct ieee80211_txrx_data { struct sk_buff *skb; struct net_device *dev; @@ -127,13 +137,10 @@ struct ieee80211_txrx_data { struct sta_info *sta; u16 fc, ethertype; struct ieee80211_key *key; - unsigned int fragmented:1; /* whether the MSDU was fragmented */ + unsigned int flags; union { struct { struct ieee80211_tx_control *control; - unsigned int unicast:1; - unsigned int ps_buffered:1; - unsigned int probe_last_frag:1; struct ieee80211_hw_mode *mode; struct ieee80211_rate *rate; /* use this rate (if set) for last fragment; rate can @@ -154,11 +161,6 @@ struct ieee80211_txrx_data { int queue; int load; u16 qos_control; - unsigned int in_scan:1; - /* frame is destined to interface currently processed -* (including multicast frames) */ - unsigned int ra_match:1; - unsigned int is_agg_frame:1; } rx; } u; #ifdef CONFIG_HOSTAPD_WPA_TESTING @@ -187,7 +189,7 @@ struct ieee80211_tx_stored_packet { int last_frag_rateidx; int last_frag_hwrate; struct ieee80211_rate *last_frag_rate; - unsigned int last_frag_rate_ctrl_probe:1; + unsigned int last_frag_rate_ctrl_probe; }; struct sta_ts_data { diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 948eb2f..8dd7488 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -65,7 +65,10 @@ ieee80211_rx_h_parse_qos(struct ieee80211_txrx_data *rx) I802_DEBUG_INC(rx-sta-wme_rx_queue[tid]); rx-u.rx.queue = tid; - rx-u.rx.is_agg_frame = is_agg_frame; + if (is_agg_frame) + rx-flags |= IEEE80211_TXRXD_RXIS_AGG_FRAME; + else + rx-flags = ~IEEE80211_TXRXD_RXIS_AGG_FRAME; /* Set skb-priority to 1d tag if highest order bit of TID is not set. * For now, set skb-priority to 0 for other cases. */ rx-skb-priority = (tid 7) ? 0 : tid; @@ -229,7 +232,7 @@ ieee80211_rx_h_passive_scan(struct ieee80211_txrx_data *rx) return TXRX_QUEUED; } - if (unlikely(rx-u.rx.in_scan)) { + if (unlikely(rx-flags IEEE80211_TXRXD_RXIN_SCAN)) { /* scanning finished during invoking of handlers */ I802_DEBUG_INC(local-rx_handlers_drop_passive_scan); return TXRX_DROP; @@ -249,7 +252,7 @@ ieee80211_rx_h_check(struct ieee80211_txrx_data *rx) if (unlikely(rx-fc IEEE80211_FCTL_RETRY rx-sta-last_seq_ctrl[rx-u.rx.queue] == hdr-seq_ctrl)) { - if (rx-u.rx.ra_match) { + if (rx-flags IEEE80211_TXRXD_RXRA_MATCH) { rx-local-dot11FrameDuplicateCount++; rx-sta-num_duplicates++; } @@ -267,7 +270,7 @@ ieee80211_rx_h_check(struct ieee80211_txrx_data *rx) return TXRX_DROP; } - if (!rx-u.rx.ra_match) + if (!(rx-flags IEEE80211_TXRXD_RXRA_MATCH)) rx-skb-pkt_type = PACKET_OTHERHOST; else
[PATCH 3/4 #2] Net: mac80211, remove bitfields from struct ieee80211_if_sta
mac80211, remove bitfields from struct ieee80211_if_sta Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 5d3b17704c1cb1d8c8ff45f72282918f89e1d5c0 tree 41c8b637c79728517d647edc8f0e41f544ccefbc parent bb1e8d28c269abe10378d39c2050ad2653c4f1a9 author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:39:52 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:39:52 +0200 net/mac80211/debugfs_netdev.c | 14 +++-- net/mac80211/ieee80211.c |2 - net/mac80211/ieee80211_i.h | 28 ++- net/mac80211/ieee80211_iface.c |9 ++- net/mac80211/ieee80211_ioctl.c | 57 +++--- net/mac80211/ieee80211_sta.c | 104 ++-- 6 files changed, 123 insertions(+), 91 deletions(-) diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index 806c5bd..fa3b153 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -373,13 +373,13 @@ static ssize_t ieee80211_if_fmt_flags( const struct ieee80211_sub_if_data *sdata, char *buf, int buflen) { return scnprintf(buf, buflen, %s%s%s%s%s%s%s\n, -sdata-u.sta.ssid_set ? SSID\n : , -sdata-u.sta.bssid_set ? BSSID\n : , -sdata-u.sta.prev_bssid_set ? prev BSSID\n : , -sdata-u.sta.authenticated ? AUTH\n : , -sdata-u.sta.associated ? ASSOC\n : , -sdata-u.sta.probereq_poll ? PROBEREQ POLL\n : , -sdata-use_protection ? CTS prot\n : ); +sdata-u.sta.flags IEEE80211_STA_SSID_SET ? SSID\n : , +sdata-u.sta.flags IEEE80211_STA_BSSID_SET ? BSSID\n : , +sdata-u.sta.flags IEEE80211_STA_PREV_BSSID_SET ? prev BSSID\n : , +sdata-u.sta.flags IEEE80211_STA_AUTHENTICATED ? AUTH\n : , +sdata-u.sta.flags IEEE80211_STA_ASSOCIATED ? ASSOC\n : , +sdata-u.sta.flags IEEE80211_STA_PROBEREQ_POLL ? PROBEREQ POLL\n : , +sdata-use_protection ? CTS prot\n : ); } __IEEE80211_IF_FILE(flags); diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index 0952237..8a6e66f 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -382,7 +382,7 @@ static void ieee80211_if_open(struct net_device *dev) switch (sdata-type) { case IEEE80211_IF_TYPE_STA: case IEEE80211_IF_TYPE_IBSS: - sdata-u.sta.prev_bssid_set = 0; + sdata-u.sta.flags = ~IEEE80211_STA_PREV_BSSID_SET; break; } } diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 0c4b73c..de429d1 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -241,6 +241,20 @@ struct ieee80211_if_vlan { u8 id; }; +/* flags used in struct ieee80211_if_sta.flags */ +#define IEEE80211_STA_SSID_SET BIT(0) +#define IEEE80211_STA_BSSID_SETBIT(1) +#define IEEE80211_STA_PREV_BSSID_SET BIT(2) +#define IEEE80211_STA_AUTHENTICATEDBIT(3) +#define IEEE80211_STA_ASSOCIATED BIT(4) +#define IEEE80211_STA_PROBEREQ_POLLBIT(5) +#define IEEE80211_STA_CREATE_IBSS BIT(6) +#define IEEE80211_STA_MIXED_CELL BIT(7) +#define IEEE80211_STA_WMM_ENABLED BIT(8) +#define IEEE80211_STA_HT_ENABLED BIT(9) +#define IEEE80211_STA_AUTO_SSID_SELBIT(10) +#define IEEE80211_STA_AUTO_BSSID_SEL BIT(11) +#define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12) struct ieee80211_if_sta { enum { IEEE80211_DISABLED, IEEE80211_AUTHENTICATE, @@ -264,19 +278,7 @@ struct ieee80211_if_sta { int auth_tries, assoc_tries; - unsigned int ssid_set:1; - unsigned int bssid_set:1; - unsigned int prev_bssid_set:1; - unsigned int authenticated:1; - unsigned int associated:1; - unsigned int probereq_poll:1; - unsigned int create_ibss:1; - unsigned int mixed_cell:1; - unsigned int wmm_enabled:1; - unsigned int ht_enabled:1; - unsigned int auto_ssid_sel:1; - unsigned int auto_bssid_sel:1; - unsigned int auto_channel_sel:1; + unsigned int flags; #define IEEE80211_STA_REQ_SCAN 0 #define IEEE80211_STA_REQ_AUTH 1 #define IEEE80211_STA_REQ_RUN 2 diff --git a/net/mac80211/ieee80211_iface.c b/net/mac80211/ieee80211_iface.c index edd1535..c5e0288 100644 --- a/net/mac80211/ieee80211_iface.c +++ b/net/mac80211/ieee80211_iface.c @@ -191,11 +191,10 @@ void ieee80211_if_set_type(struct net_device *dev, int type) ifsta-capab = WLAN_CAPABILITY_ESS; ifsta-auth_algs = IEEE80211_AUTH_ALG_OPEN | IEEE80211_AUTH_ALG_SHARED_KEY; - ifsta-create_ibss = 1; - ifsta-wmm_enabled = 1; - ifsta-ht_enabled = 1; - ifsta-auto_channel_sel = 1; - ifsta-auto_bssid_sel = 1; + ifsta
[PATCH 4/4 #2] Net: mac80211, remove bitfields from struct ieee80211_sub_if_data
mac80211, remove bitfields from struct ieee80211_sub_if_data Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 44b3d1f3d0bd6a9a02d2a1383a4d9c91ce897c68 tree f5566b0211375a426080487d32eeab228b264b0e parent 5d3b17704c1cb1d8c8ff45f72282918f89e1d5c0 author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:46:51 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 10:46:51 +0200 net/mac80211/debugfs_netdev.c |2 +- net/mac80211/ieee80211.c | 30 ++ net/mac80211/ieee80211_i.h | 18 ++ net/mac80211/ieee80211_ioctl.c | 20 ++-- net/mac80211/ieee80211_sta.c | 19 +-- net/mac80211/rx.c |4 ++-- net/mac80211/tx.c | 18 ++ net/mac80211/util.c|6 +++--- 8 files changed, 67 insertions(+), 50 deletions(-) diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index fa3b153..588f71b 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -379,7 +379,7 @@ static ssize_t ieee80211_if_fmt_flags( sdata-u.sta.flags IEEE80211_STA_AUTHENTICATED ? AUTH\n : , sdata-u.sta.flags IEEE80211_STA_ASSOCIATED ? ASSOC\n : , sdata-u.sta.flags IEEE80211_STA_PROBEREQ_POLL ? PROBEREQ POLL\n : , -sdata-use_protection ? CTS prot\n : ); +sdata-flags IEEE80211_SDATA_USE_PROTECTION ? CTS prot\n : ); } __IEEE80211_IF_FILE(flags); diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index 8a6e66f..136410c 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -575,23 +575,21 @@ static void ieee80211_set_multicast_list(struct net_device *dev) unsigned short flags; netif_tx_lock_nested(local-mdev, TX_LOCK_MASTER); - if (((dev-flags IFF_ALLMULTI) != 0) ^ (sdata-allmulti != 0)) { - if (sdata-allmulti) { - sdata-allmulti = 0; + if (((dev-flags IFF_ALLMULTI) != 0) ^ + ((sdata-flags IEEE80211_SDATA_ALLMULTI) != 0)) { + if (sdata-flags IEEE80211_SDATA_ALLMULTI) local-iff_allmultis--; - } else { - sdata-allmulti = 1; + else local-iff_allmultis++; - } + sdata-flags ^= IEEE80211_SDATA_ALLMULTI; } - if (((dev-flags IFF_PROMISC) != 0) ^ (sdata-promisc != 0)) { - if (sdata-promisc) { - sdata-promisc = 0; + if (((dev-flags IFF_PROMISC) != 0) ^ + ((sdata-flags IEEE80211_SDATA_PROMISC) != 0)) { + if (sdata-flags IEEE80211_SDATA_PROMISC) local-iff_promiscs--; - } else { - sdata-promisc = 1; + else local-iff_promiscs++; - } + sdata-flags ^= IEEE80211_SDATA_PROMISC; } if (dev-mc_count != sdata-mc_count) { local-mc_count = local-mc_count - sdata-mc_count + @@ -761,16 +759,16 @@ void ieee80211_erp_info_change_notify(struct net_device *dev, u8 changes) struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); if (local-ops-erp_ie_changed) local-ops-erp_ie_changed(local_to_hw(local), changes, - sdata-use_protection, - !sdata-short_preamble); + !!(sdata-flags IEEE80211_SDATA_USE_PROTECTION), + !(sdata-flags IEEE80211_SDATA_SHORT_PREAMBLE)); } void ieee80211_reset_erp_info(struct net_device *dev) { struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); - sdata-short_preamble = 0; - sdata-use_protection = 0; + sdata-flags = ~(IEEE80211_SDATA_USE_PROTECTION | + IEEE80211_SDATA_SHORT_PREAMBLE); ieee80211_erp_info_change_notify(dev, IEEE80211_ERP_CHANGE_PROTECTION | IEEE80211_ERP_CHANGE_PREAMBLE); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index de429d1..81179c0 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -314,6 +314,14 @@ struct ieee80211_if_sta { }; +/* flags used in struct ieee80211_sub_if_data.flags */ +#define IEEE80211_SDATA_ALLMULTI BIT(0) +#define IEEE80211_SDATA_PROMISCBIT(1) +#define IEEE80211_SDATA_USE_PROTECTION BIT(2) /* CTS protect ERP frames */ +/* use short preamble with IEEE 802.11b: this flag is set when the AP or beacon + * generator reports that there are no present stations that cannot support short + * preambles */ +#define IEEE80211_SDATA_SHORT_PREAMBLE BIT(3) struct ieee80211_sub_if_data { struct list_head list; unsigned int type
[PATCH 4/9] s2io, rename BIT macro
s2io, rename BIT macro BIT macro will be global definiton of (1x) Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 0d66c4337fec02f0b9bd1c1fd783b60fbab5438b tree c2027e1c366255dbec6ae061aed2c5cf809232b0 parent 6aec5d2e526e319488e6cdd627ca370086d458df author Jiri Slaby [EMAIL PROTECTED] Wed, 15 Aug 2007 14:32:44 +0200 committer Jiri Slaby [EMAIL PROTECTED] Wed, 15 Aug 2007 14:32:44 +0200 drivers/net/s2io-regs.h | 484 --- drivers/net/s2io.c | 16 +- drivers/net/s2io.h | 84 3 files changed, 292 insertions(+), 292 deletions(-) diff --git a/drivers/net/s2io-regs.h b/drivers/net/s2io-regs.h index cfa2679..0bebfd3 100644 --- a/drivers/net/s2io-regs.h +++ b/drivers/net/s2io-regs.h @@ -20,17 +20,17 @@ struct XENA_dev_config { /* General Control-Status Registers */ u64 general_int_status; -#define GEN_INTR_TXPIC BIT(0) -#define GEN_INTR_TXDMA BIT(1) -#define GEN_INTR_TXMAC BIT(2) -#define GEN_INTR_TXXGXSBIT(3) -#define GEN_INTR_TXTRAFFIC BIT(8) -#define GEN_INTR_RXPIC BIT(32) -#define GEN_INTR_RXDMA BIT(33) -#define GEN_INTR_RXMAC BIT(34) -#define GEN_INTR_MCBIT(35) -#define GEN_INTR_RXXGXSBIT(36) -#define GEN_INTR_RXTRAFFIC BIT(40) +#define GEN_INTR_TXPIC s2BIT(0) +#define GEN_INTR_TXDMA s2BIT(1) +#define GEN_INTR_TXMAC s2BIT(2) +#define GEN_INTR_TXXGXSs2BIT(3) +#define GEN_INTR_TXTRAFFIC s2BIT(8) +#define GEN_INTR_RXPIC s2BIT(32) +#define GEN_INTR_RXDMA s2BIT(33) +#define GEN_INTR_RXMAC s2BIT(34) +#define GEN_INTR_MCs2BIT(35) +#define GEN_INTR_RXXGXSs2BIT(36) +#define GEN_INTR_RXTRAFFIC s2BIT(40) #define GEN_ERROR_INTR GEN_INTR_TXPIC | GEN_INTR_RXPIC | \ GEN_INTR_TXDMA | GEN_INTR_RXDMA | \ GEN_INTR_TXMAC | GEN_INTR_RXMAC | \ @@ -54,36 +54,36 @@ struct XENA_dev_config { u64 adapter_status; -#define ADAPTER_STATUS_TDMA_READY BIT(0) -#define ADAPTER_STATUS_RDMA_READY BIT(1) -#define ADAPTER_STATUS_PFC_READY BIT(2) -#define ADAPTER_STATUS_TMAC_BUF_EMPTY BIT(3) -#define ADAPTER_STATUS_PIC_QUIESCENT BIT(5) -#define ADAPTER_STATUS_RMAC_REMOTE_FAULT BIT(6) -#define ADAPTER_STATUS_RMAC_LOCAL_FAULTBIT(7) +#define ADAPTER_STATUS_TDMA_READY s2BIT(0) +#define ADAPTER_STATUS_RDMA_READY s2BIT(1) +#define ADAPTER_STATUS_PFC_READY s2BIT(2) +#define ADAPTER_STATUS_TMAC_BUF_EMPTY s2BIT(3) +#define ADAPTER_STATUS_PIC_QUIESCENT s2BIT(5) +#define ADAPTER_STATUS_RMAC_REMOTE_FAULT s2BIT(6) +#define ADAPTER_STATUS_RMAC_LOCAL_FAULTs2BIT(7) #define ADAPTER_STATUS_RMAC_PCC_IDLE vBIT(0xFF,8,8) #define ADAPTER_STATUS_RMAC_PCC_FOUR_IDLE vBIT(0x0F,8,8) #define ADAPTER_STATUS_RC_PRC_QUIESCENTvBIT(0xFF,16,8) -#define ADAPTER_STATUS_MC_DRAM_READY BIT(24) -#define ADAPTER_STATUS_MC_QUEUES_READY BIT(25) -#define ADAPTER_STATUS_M_PLL_LOCK BIT(30) -#define ADAPTER_STATUS_P_PLL_LOCK BIT(31) +#define ADAPTER_STATUS_MC_DRAM_READY s2BIT(24) +#define ADAPTER_STATUS_MC_QUEUES_READY s2BIT(25) +#define ADAPTER_STATUS_M_PLL_LOCK s2BIT(30) +#define ADAPTER_STATUS_P_PLL_LOCK s2BIT(31) u64 adapter_control; -#define ADAPTER_CNTL_ENBIT(7) -#define ADAPTER_EOI_TX_ON BIT(15) -#define ADAPTER_LED_ON BIT(23) +#define ADAPTER_CNTL_ENs2BIT(7) +#define ADAPTER_EOI_TX_ON s2BIT(15) +#define ADAPTER_LED_ON s2BIT(23) #define ADAPTER_UDPI(val) vBIT(val,36,4) -#define ADAPTER_WAIT_INT BIT(48) -#define ADAPTER_ECC_EN BIT(55) +#define ADAPTER_WAIT_INT s2BIT(48) +#define ADAPTER_ECC_EN s2BIT(55) u64 serr_source; -#define SERR_SOURCE_PICBIT(0) -#define SERR_SOURCE_TXDMA BIT(1) -#define SERR_SOURCE_RXDMA BIT(2) -#define SERR_SOURCE_MAC BIT(3) -#define SERR_SOURCE_MC BIT(4) -#define SERR_SOURCE_XGXSBIT(5) +#define SERR_SOURCE_PICs2BIT(0) +#define SERR_SOURCE_TXDMA s2BIT(1) +#define SERR_SOURCE_RXDMA s2BIT(2) +#define SERR_SOURCE_MAC s2BIT(3) +#define SERR_SOURCE_MC s2BIT(4) +#define SERR_SOURCE_XGXSs2BIT(5) #defineSERR_SOURCE_ANY (SERR_SOURCE_PIC| \ SERR_SOURCE_TXDMA | \ SERR_SOURCE_RXDMA | \ @@ -101,41 +101,41 @@ struct XENA_dev_config { #define
[PATCH 8/9] define global BIT macro
define global BIT macro move all local BIT defines to the new globally define macro. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- commit 19b14b967521eda7011bd70891bbe5044882d739 tree cd49de4f9f8d991ee7af22037a86978ea227abb8 parent fef5bcc8e5a7bfd66920df6d02c3448314dfe4b2 author Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 11:16:36 +0200 committer Jiri Slaby [EMAIL PROTECTED] Sat, 18 Aug 2007 11:16:36 +0200 arch/ppc/platforms/chestnut.c |1 - drivers/edac/edac_core.h|2 -- drivers/firmware/dcdbas.h |2 -- drivers/input/serio/maceps2.c |2 -- drivers/net/eth16i.c|1 - drivers/net/meth.h |3 --- drivers/net/wireless/hostap/hostap_common.h |2 -- drivers/scsi/FlashPoint.c |1 - drivers/scsi/nsp32.h|5 - drivers/scsi/pcmcia/nsp_cs.h|1 - drivers/video/pnx4008/sdum.h|3 --- include/asm-arm/arch-ixp4xx/io.h|3 --- include/asm-mips/ip32/crime.h |3 --- include/asm-mips/ip32/mace.h|3 --- include/linux/bitops.h |1 + include/video/sstfb.h |1 - include/video/tdfx.h|2 -- net/mac80211/ieee80211_i.h |2 -- 18 files changed, 1 insertions(+), 37 deletions(-) diff --git a/arch/ppc/platforms/chestnut.c b/arch/ppc/platforms/chestnut.c index 4696849..ccd2faa 100644 --- a/arch/ppc/platforms/chestnut.c +++ b/arch/ppc/platforms/chestnut.c @@ -49,7 +49,6 @@ extern void gen550_progress(char *, unsigned short); extern void gen550_init(int, struct uart_port *); extern void mv64360_pcibios_fixup(mv64x60_handle_t *bh); -#define BIT(x) (1x) #define CHESTNUT_PRESERVE_MASK (BIT(MV64x60_CPU2DEV_0_WIN) | \ BIT(MV64x60_CPU2DEV_1_WIN) | \ BIT(MV64x60_CPU2DEV_2_WIN) | \ diff --git a/drivers/edac/edac_core.h b/drivers/edac/edac_core.h index 4e6bad1..309a1a5 100644 --- a/drivers/edac/edac_core.h +++ b/drivers/edac/edac_core.h @@ -94,8 +94,6 @@ extern int edac_debug_level; #endif /* !CONFIG_EDAC_DEBUG */ -#define BIT(x) (1 (x)) - #define PCI_VEND_DEV(vend, dev) PCI_VENDOR_ID_ ## vend, \ PCI_DEVICE_ID_ ## vend ## _ ## dev diff --git a/drivers/firmware/dcdbas.h b/drivers/firmware/dcdbas.h index 8960cad..87bc341 100644 --- a/drivers/firmware/dcdbas.h +++ b/drivers/firmware/dcdbas.h @@ -20,8 +20,6 @@ #include linux/sysfs.h #include linux/types.h -#define BIT(x) (1UL x) - #define MAX_SMI_DATA_BUF_SIZE (256 * 1024) #define HC_ACTION_NONE (0) diff --git a/drivers/input/serio/maceps2.c b/drivers/input/serio/maceps2.c index 5a41b8f..558200e 100644 --- a/drivers/input/serio/maceps2.c +++ b/drivers/input/serio/maceps2.c @@ -31,8 +31,6 @@ MODULE_LICENSE(GPL); #define MACE_PS2_TIMEOUT 1 /* in 50us unit */ -#define BIT(x) (1UL (x)) - #define PS2_STATUS_CLOCK_SIGNAL BIT(0) /* external clock signal */ #define PS2_STATUS_CLOCK_INHIBIT BIT(1) /* clken output signal */ #define PS2_STATUS_TX_INPROGRESS BIT(2) /* transmission in progress */ diff --git a/drivers/net/eth16i.c b/drivers/net/eth16i.c index 04abf59..f613dae 100644 --- a/drivers/net/eth16i.c +++ b/drivers/net/eth16i.c @@ -170,7 +170,6 @@ static char *version = /* Few macros */ -#define BIT(a)( (1 (a)) ) #define BITSET(ioaddr, bnum) ((outb(((inb(ioaddr)) | (bnum)), ioaddr))) #define BITCLR(ioaddr, bnum) ((outb(((inb(ioaddr)) (~(bnum))), ioaddr))) diff --git a/drivers/net/meth.h b/drivers/net/meth.h index ea3b8fc..a78dc1c 100644 --- a/drivers/net/meth.h +++ b/drivers/net/meth.h @@ -28,9 +28,6 @@ #define RX_BUFFER_OFFSET (sizeof(rx_status_vector)+2) /* staus vector + 2 bytes of padding */ #define RX_BUCKET_SIZE 256 -#undef BIT -#define BIT(x) (1UL (x)) - /* For more detailed explanations of what each field menas, see Nick's great comments to #defines below (or docs, if you are lucky enough toget hold of them :)*/ diff --git a/drivers/net/wireless/hostap/hostap_common.h b/drivers/net/wireless/hostap/hostap_common.h index b31e6a0..f3930f9 100644 --- a/drivers/net/wireless/hostap/hostap_common.h +++ b/drivers/net/wireless/hostap/hostap_common.h @@ -4,8 +4,6 @@ #include linux/types.h #include linux/if_ether.h -#define BIT(x) (1 (x)) - #define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5] #define MACSTR %02x:%02x:%02x:%02x:%02x:%02x diff --git a/drivers/scsi/FlashPoint.c b/drivers/scsi/FlashPoint.c index a7f916c..cf549ff 100644 --- a/drivers/scsi/FlashPoint.c +++ b/drivers/scsi/FlashPoint.c @@ -25,7 +25,6 @@ #define FAILURE 0xL -#define BIT(x) ((unsigned char)(1(x))) /* single-bit mask in bit position x
Re: [PATCH 8/9] define global BIT macro
Randy Dunlap napsal(a): On Sat, 18 Aug 2007 11:44:12 +0200 (CEST) Jiri Slaby wrote: define global BIT macro move all local BIT defines to the new globally define macro. Signed-off-by: Jiri Slaby [EMAIL PROTECTED] --- include/linux/bitops.h |1 + include/video/sstfb.h |1 - include/video/tdfx.h|2 -- net/mac80211/ieee80211_i.h |2 -- 18 files changed, 1 insertions(+), 37 deletions(-) diff --git a/include/linux/bitops.h b/include/linux/bitops.h index 3255b06..a57b81f 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h @@ -3,6 +3,7 @@ #include asm/types.h #ifdef __KERNEL__ +#define BIT(nr) (1UL (nr)) #define BIT_MASK(nr)(1UL ((nr) % BITS_PER_LONG)) #define BIT_WORD(nr)((nr) / BITS_PER_LONG) #define BITS_TO_TYPE(nr, t) (((nr)+(t)-1)/(t)) So users of the BIT() macro in include/linux/input.h can be changed to use the global BIT_MASK() macro... and the former can be removed. I'm afraid I don't understand you. Maybe, you are writing about changes done in patch no. 7 [1], which didn't go through to the lkml? [1] http://www.fi.muni.cz/~xslaby/sklad/07-get-rid-of-input-bit-duplicate-defines.patch thanks, -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/4] Net: mac80211, remove bitfields from struct ieee80211_tx_packet_data
Johannes Berg napsal(a): On Sun, 2007-08-12 at 15:08 +0200, Jiri Slaby wrote: +if (control-flags IEEE80211_TXCTL_REQ_TX_STATUS) +pkt_data-flags |= IEEE80211_TXPD_REQ_TX_STATUS; +if (control-flags IEEE80211_TXCTL_DO_NOT_ENCRYPT) +pkt_data-flags |= IEEE80211_TXPD_DO_NOT_ENCRYPT; +if (control-flags IEEE80211_TXCTL_REQUEUE) +pkt_data-flags |= IEEE80211_TXPD_REQUEUE; +if (control-type == IEEE80211_IF_TYPE_MGMT) +pkt_data-flags |= IEEE80211_TXPD_MGMT_IFACE; This looks weird. Can't we just use the same flags? I don't think, that it must be subset one of each another in the future. (This is why I created yet another bits defined). Do we still want the same flags? -- Jiri Slaby ([EMAIL PROTECTED]) Faculty of Informatics, Masaryk University - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html