From 820a8c3b2a0a93baf2c2df2a34ccc44342d7d618 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 19 Mar 2014 23:32:28 +0000 Subject: [PATCH] 3.10-stable patches added patches: ipv6-ipv6_find_hdr-restore-prev-functionality.patch ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch net-tcp-fastopen-fix-high-order-allocations.patch rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch sched-fix-double-normalization-of-vruntime.patch sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch tg3-don-t-check-undefined-error-bits-in-rxbd.patch virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch --- ..._find_hdr-restore-prev-functionality.patch | 41 ++++++ ...ip6_frag_id-from-ip6_ufo_append_data.patch | 38 +++++ ...e-returning-from-neigh_periodic_work.patch | 42 ++++++ ...to-verify-if-we-peer-is-auth-capable.patch | 137 ++++++++++++++++++ ...-fastopen-fix-high-order-allocations.patch | 94 ++++++++++++ ...t-termination-in-dma-channel-release.patch | 131 +++++++++++++++++ ...fix-double-normalization-of-vruntime.patch | 60 ++++++++ queue-3.10/series | 10 ++ ...r-null-efx-ptp_data-in-efx_ptp_event.patch | 37 +++++ ...t-check-undefined-error-bits-in-rxbd.patch | 47 ++++++ ...fers-also-when-guest-can-receive-ufo.patch | 39 +++++ 11 files changed, 676 insertions(+) create mode 100644 queue-3.10/ipv6-ipv6_find_hdr-restore-prev-functionality.patch create mode 100644 queue-3.10/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch create mode 100644 queue-3.10/neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch create mode 100644 queue-3.10/net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch create mode 100644 queue-3.10/net-tcp-fastopen-fix-high-order-allocations.patch create mode 100644 queue-3.10/rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch create mode 100644 queue-3.10/sched-fix-double-normalization-of-vruntime.patch create mode 100644 queue-3.10/sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch create mode 100644 queue-3.10/tg3-don-t-check-undefined-error-bits-in-rxbd.patch create mode 100644 queue-3.10/virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch diff --git a/queue-3.10/ipv6-ipv6_find_hdr-restore-prev-functionality.patch b/queue-3.10/ipv6-ipv6_find_hdr-restore-prev-functionality.patch new file mode 100644 index 00000000000..df7626931cd --- /dev/null +++ b/queue-3.10/ipv6-ipv6_find_hdr-restore-prev-functionality.patch @@ -0,0 +1,41 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Hans Schillstrom +Date: Thu, 27 Feb 2014 12:57:58 +0100 +Subject: ipv6: ipv6_find_hdr restore prev functionality + +From: Hans Schillstrom + +[ Upstream commit accfe0e356327da5bd53da8852b93fc22de9b5fc ] + +The commit 9195bb8e381d81d5a315f911904cdf0cfcc919b8 ("ipv6: improve +ipv6_find_hdr() to skip empty routing headers") broke ipv6_find_hdr(). + +When a target is specified like IPPROTO_ICMPV6 ipv6_find_hdr() +returns -ENOENT when it's found, not the header as expected. + +A part of IPVS is broken and possible also nft_exthdr_eval(). +When target is -1 which it is most cases, it works. + +This patch exits the do while loop if the specific header is found +so the nexthdr could be returned as expected. + +Reported-by: Art -kwaak- van Breemen +Signed-off-by: Hans Schillstrom +CC:Ansis Atteka +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/exthdrs_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/exthdrs_core.c ++++ b/net/ipv6/exthdrs_core.c +@@ -212,7 +212,7 @@ int ipv6_find_hdr(const struct sk_buff * + found = (nexthdr == target); + + if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { +- if (target < 0) ++ if (target < 0 || found) + break; + return -ENOENT; + } diff --git a/queue-3.10/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch b/queue-3.10/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch new file mode 100644 index 00000000000..1b4841c7df6 --- /dev/null +++ b/queue-3.10/ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch @@ -0,0 +1,38 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Hannes Frederic Sowa +Date: Fri, 21 Feb 2014 02:55:35 +0100 +Subject: ipv6: reuse ip6_frag_id from ip6_ufo_append_data + +From: Hannes Frederic Sowa + +[ Upstream commit 916e4cf46d0204806c062c8c6c4d1f633852c5b6 ] + +Currently we generate a new fragmentation id on UFO segmentation. It +is pretty hairy to identify the correct net namespace and dst there. +Especially tunnels use IFF_XMIT_DST_RELEASE and thus have no skb_dst +available at all. + +This causes unreliable or very predictable ipv6 fragmentation id +generation while segmentation. + +Luckily we already have pregenerated the ip6_frag_id in +ip6_ufo_append_data and can use it here. + +Signed-off-by: Hannes Frederic Sowa +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/udp_offload.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/udp_offload.c ++++ b/net/ipv6/udp_offload.c +@@ -108,7 +108,7 @@ static struct sk_buff *udp6_ufo_fragment + fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); + fptr->nexthdr = nexthdr; + fptr->reserved = 0; +- ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb)); ++ fptr->identification = skb_shinfo(skb)->ip6_frag_id; + + /* Fragment the skb. ipv6 header and the remaining fields of the + * fragment header are updated in ipv6_gso_segment() diff --git a/queue-3.10/neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch b/queue-3.10/neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch new file mode 100644 index 00000000000..51e74467f4e --- /dev/null +++ b/queue-3.10/neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Duan Jiong +Date: Thu, 27 Feb 2014 17:14:41 +0800 +Subject: neigh: recompute reachabletime before returning from neigh_periodic_work() + +From: Duan Jiong + +[ Upstream commit feff9ab2e7fa773b6a3965f77375fe89f7fd85cf ] + +If the neigh table's entries is less than gc_thresh1, the function +will return directly, and the reachabletime will not be recompute, +so the reachabletime can be guessed. + +Signed-off-by: Duan Jiong +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/core/neighbour.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -764,9 +764,6 @@ static void neigh_periodic_work(struct w + nht = rcu_dereference_protected(tbl->nht, + lockdep_is_held(&tbl->lock)); + +- if (atomic_read(&tbl->entries) < tbl->gc_thresh1) +- goto out; +- + /* + * periodically recompute ReachableTime from random function + */ +@@ -779,6 +776,9 @@ static void neigh_periodic_work(struct w + neigh_rand_reach_time(p->base_reachable_time); + } + ++ if (atomic_read(&tbl->entries) < tbl->gc_thresh1) ++ goto out; ++ + for (i = 0 ; i < (1 << nht->hash_shift); i++) { + np = &nht->hash_buckets[i]; + diff --git a/queue-3.10/net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch b/queue-3.10/net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch new file mode 100644 index 00000000000..0927e39b705 --- /dev/null +++ b/queue-3.10/net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch @@ -0,0 +1,137 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Daniel Borkmann +Date: Mon, 3 Mar 2014 17:23:04 +0100 +Subject: net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable + +From: Daniel Borkmann + +[ Upstream commit ec0223ec48a90cb605244b45f7c62de856403729 ] + +RFC4895 introduced AUTH chunks for SCTP; during the SCTP +handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS +being optional though): + + ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> + <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- + -------------------- COOKIE-ECHO --------------------> + <-------------------- COOKIE-ACK --------------------- + +A special case is when an endpoint requires COOKIE-ECHO +chunks to be authenticated: + + ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> + <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- + ------------------ AUTH; COOKIE-ECHO ----------------> + <-------------------- COOKIE-ACK --------------------- + +RFC4895, section 6.3. Receiving Authenticated Chunks says: + + The receiver MUST use the HMAC algorithm indicated in + the HMAC Identifier field. If this algorithm was not + specified by the receiver in the HMAC-ALGO parameter in + the INIT or INIT-ACK chunk during association setup, the + AUTH chunk and all the chunks after it MUST be discarded + and an ERROR chunk SHOULD be sent with the error cause + defined in Section 4.1. [...] If no endpoint pair shared + key has been configured for that Shared Key Identifier, + all authenticated chunks MUST be silently discarded. [...] + + When an endpoint requires COOKIE-ECHO chunks to be + authenticated, some special procedures have to be followed + because the reception of a COOKIE-ECHO chunk might result + in the creation of an SCTP association. If a packet arrives + containing an AUTH chunk as a first chunk, a COOKIE-ECHO + chunk as the second chunk, and possibly more chunks after + them, and the receiver does not have an STCB for that + packet, then authentication is based on the contents of + the COOKIE-ECHO chunk. In this situation, the receiver MUST + authenticate the chunks in the packet by using the RANDOM + parameters, CHUNKS parameters and HMAC_ALGO parameters + obtained from the COOKIE-ECHO chunk, and possibly a local + shared secret as inputs to the authentication procedure + specified in Section 6.3. If authentication fails, then + the packet is discarded. If the authentication is successful, + the COOKIE-ECHO and all the chunks after the COOKIE-ECHO + MUST be processed. If the receiver has an STCB, it MUST + process the AUTH chunk as described above using the STCB + from the existing association to authenticate the + COOKIE-ECHO chunk and all the chunks after it. [...] + +Commit bbd0d59809f9 introduced the possibility to receive +and verification of AUTH chunk, including the edge case for +authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, +the function sctp_sf_do_5_1D_ce() handles processing, +unpacks and creates a new association if it passed sanity +checks and also tests for authentication chunks being +present. After a new association has been processed, it +invokes sctp_process_init() on the new association and +walks through the parameter list it received from the INIT +chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO +and SCTP_PARAM_CHUNKS, and copies them into asoc->peer +meta data (peer_random, peer_hmacs, peer_chunks) in case +sysctl -w net.sctp.auth_enable=1 is set. If in INIT's +SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, +peer_random != NULL and peer_hmacs != NULL the peer is to be +assumed asoc->peer.auth_capable=1, in any other case +asoc->peer.auth_capable=0. + +Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is +available, we set up a fake auth chunk and pass that on to +sctp_sf_authenticate(), which at latest in +sctp_auth_calculate_hmac() reliably dereferences a NULL pointer +at position 0..0008 when setting up the crypto key in +crypto_hash_setkey() by using asoc->asoc_shared_key that is +NULL as condition key_id == asoc->active_key_id is true if +the AUTH chunk was injected correctly from remote. This +happens no matter what net.sctp.auth_enable sysctl says. + +The fix is to check for net->sctp.auth_enable and for +asoc->peer.auth_capable before doing any operations like +sctp_sf_authenticate() as no key is activated in +sctp_auth_asoc_init_active_key() for each case. + +Now as RFC4895 section 6.3 states that if the used HMAC-ALGO +passed from the INIT chunk was not used in the AUTH chunk, we +SHOULD send an error; however in this case it would be better +to just silently discard such a maliciously prepared handshake +as we didn't even receive a parameter at all. Also, as our +endpoint has no shared key configured, section 6.3 says that +MUST silently discard, which we are doing from now onwards. + +Before calling sctp_sf_pdiscard(), we need not only to free +the association, but also the chunk->auth_chunk skb, as +commit bbd0d59809f9 created a skb clone in that case. + +I have tested this locally by using netfilter's nfqueue and +re-injecting packets into the local stack after maliciously +modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) +and the SCTP packet containing the COOKIE_ECHO (injecting +AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. + +Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") +Signed-off-by: Daniel Borkmann +Cc: Vlad Yasevich +Cc: Neil Horman +Acked-by: Vlad Yasevich +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/sctp/sm_statefuns.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/net/sctp/sm_statefuns.c ++++ b/net/sctp/sm_statefuns.c +@@ -765,6 +765,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(st + struct sctp_chunk auth; + sctp_ierror_t ret; + ++ /* Make sure that we and the peer are AUTH capable */ ++ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { ++ kfree_skb(chunk->auth_chunk); ++ sctp_association_free(new_asoc); ++ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); ++ } ++ + /* set-up our fake chunk so that we can process it */ + auth.skb = chunk->auth_chunk; + auth.asoc = chunk->asoc; diff --git a/queue-3.10/net-tcp-fastopen-fix-high-order-allocations.patch b/queue-3.10/net-tcp-fastopen-fix-high-order-allocations.patch new file mode 100644 index 00000000000..1ba23bc7809 --- /dev/null +++ b/queue-3.10/net-tcp-fastopen-fix-high-order-allocations.patch @@ -0,0 +1,94 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Eric Dumazet +Date: Thu, 20 Feb 2014 10:09:18 -0800 +Subject: net-tcp: fastopen: fix high order allocations + +From: Eric Dumazet + +[ Upstream commit f5ddcbbb40aa0ba7fbfe22355d287603dbeeaaac ] + +This patch fixes two bugs in fastopen : + +1) The tcp_sendmsg(..., @size) argument was ignored. + + Code was relying on user not fooling the kernel with iovec mismatches + +2) When MTU is about 64KB, tcp_send_syn_data() attempts order-5 +allocations, which are likely to fail when memory gets fragmented. + +Fixes: 783237e8daf13 ("net-tcp: Fast Open client - sending SYN-data") +Signed-off-by: Eric Dumazet +Cc: Yuchung Cheng +Acked-by: Yuchung Cheng +Tested-by: Yuchung Cheng +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + include/net/tcp.h | 3 ++- + net/ipv4/tcp.c | 8 +++++--- + net/ipv4/tcp_output.c | 7 ++++++- + 3 files changed, 13 insertions(+), 5 deletions(-) + +--- a/include/net/tcp.h ++++ b/include/net/tcp.h +@@ -1308,7 +1308,8 @@ struct tcp_fastopen_request { + /* Fast Open cookie. Size 0 means a cookie request */ + struct tcp_fastopen_cookie cookie; + struct msghdr *data; /* data in MSG_FASTOPEN */ +- u16 copied; /* queued in tcp_connect() */ ++ size_t size; ++ int copied; /* queued in tcp_connect() */ + }; + void tcp_free_fastopen_req(struct tcp_sock *tp); + +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -1001,7 +1001,8 @@ void tcp_free_fastopen_req(struct tcp_so + } + } + +-static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size) ++static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, ++ int *copied, size_t size) + { + struct tcp_sock *tp = tcp_sk(sk); + int err, flags; +@@ -1016,11 +1017,12 @@ static int tcp_sendmsg_fastopen(struct s + if (unlikely(tp->fastopen_req == NULL)) + return -ENOBUFS; + tp->fastopen_req->data = msg; ++ tp->fastopen_req->size = size; + + flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0; + err = __inet_stream_connect(sk->sk_socket, msg->msg_name, + msg->msg_namelen, flags); +- *size = tp->fastopen_req->copied; ++ *copied = tp->fastopen_req->copied; + tcp_free_fastopen_req(tp); + return err; + } +@@ -1040,7 +1042,7 @@ int tcp_sendmsg(struct kiocb *iocb, stru + + flags = msg->msg_flags; + if (flags & MSG_FASTOPEN) { +- err = tcp_sendmsg_fastopen(sk, msg, &copied_syn); ++ err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size); + if (err == -EINPROGRESS && copied_syn > 0) + goto out; + else if (err) +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -2892,7 +2892,12 @@ static int tcp_send_syn_data(struct sock + space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) - + MAX_TCP_OPTION_SPACE; + +- syn_data = skb_copy_expand(syn, skb_headroom(syn), space, ++ space = min_t(size_t, space, fo->size); ++ ++ /* limit to order-0 allocations */ ++ space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER)); ++ ++ syn_data = skb_copy_expand(syn, MAX_TCP_HEADER, space, + sk->sk_allocation); + if (syn_data == NULL) + goto fallback; diff --git a/queue-3.10/rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch b/queue-3.10/rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch new file mode 100644 index 00000000000..d3289ca3943 --- /dev/null +++ b/queue-3.10/rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch @@ -0,0 +1,131 @@ +From 04379dffdd4da820d51a1566ad2e86f3b1ad97ed Mon Sep 17 00:00:00 2001 +From: Alexandre Bounine +Date: Mon, 3 Mar 2014 15:38:36 -0800 +Subject: rapidio/tsi721: fix tasklet termination in dma channel release + +From: Alexandre Bounine + +commit 04379dffdd4da820d51a1566ad2e86f3b1ad97ed upstream. + +This patch is a modification of the patch originally proposed by +Xiaotian Feng : https://lkml.org/lkml/2012/11/5/413 +This new version disables DMA channel interrupts and ensures that the +tasklet wil not be scheduled again before calling tasklet_kill(). + +Unfortunately the updated patch was not released at that time due to +planned rework of Tsi721 mport driver to use threaded interrupts (which +has yet to happen). Recently the issue was reported again: +https://lkml.org/lkml/2014/2/19/762. + +Description from the original Xiaotian's patch: + + "Some drivers use tasklet_disable in device remove/release process, + tasklet_disable will inc tasklet->count and return. If the tasklet is + not handled yet under some softirq pressure, the tasklet will be + placed on the tasklet_vec, never have a chance to be excuted. This + might lead to a heavy loaded ksoftirqd, wakeup with pending_softirq, + but tasklet is disabled. tasklet_kill should be used in this case." + +This patch is applicable to kernel versions starting from v3.5. + +Signed-off-by: Alexandre Bounine +Cc: Matt Porter +Cc: Xiaotian Feng +Reviewed-by: Thomas Gleixner +Cc: Mike Galbraith +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/rapidio/devices/tsi721.h | 1 + + drivers/rapidio/devices/tsi721_dma.c | 27 ++++++++++++++++++--------- + 2 files changed, 19 insertions(+), 9 deletions(-) + +--- a/drivers/rapidio/devices/tsi721.h ++++ b/drivers/rapidio/devices/tsi721.h +@@ -678,6 +678,7 @@ struct tsi721_bdma_chan { + struct list_head free_list; + dma_cookie_t completed_cookie; + struct tasklet_struct tasklet; ++ bool active; + }; + + #endif /* CONFIG_RAPIDIO_DMA_ENGINE */ +--- a/drivers/rapidio/devices/tsi721_dma.c ++++ b/drivers/rapidio/devices/tsi721_dma.c +@@ -206,8 +206,8 @@ void tsi721_bdma_handler(struct tsi721_b + { + /* Disable BDMA channel interrupts */ + iowrite32(0, bdma_chan->regs + TSI721_DMAC_INTE); +- +- tasklet_schedule(&bdma_chan->tasklet); ++ if (bdma_chan->active) ++ tasklet_schedule(&bdma_chan->tasklet); + } + + #ifdef CONFIG_PCI_MSI +@@ -562,7 +562,7 @@ static int tsi721_alloc_chan_resources(s + } + #endif /* CONFIG_PCI_MSI */ + +- tasklet_enable(&bdma_chan->tasklet); ++ bdma_chan->active = true; + tsi721_bdma_interrupt_enable(bdma_chan, 1); + + return bdma_chan->bd_num - 1; +@@ -576,9 +576,7 @@ err_out: + static void tsi721_free_chan_resources(struct dma_chan *dchan) + { + struct tsi721_bdma_chan *bdma_chan = to_tsi721_chan(dchan); +-#ifdef CONFIG_PCI_MSI + struct tsi721_device *priv = to_tsi721(dchan->device); +-#endif + LIST_HEAD(list); + + dev_dbg(dchan->device->dev, "%s: Entry\n", __func__); +@@ -589,14 +587,25 @@ static void tsi721_free_chan_resources(s + BUG_ON(!list_empty(&bdma_chan->active_list)); + BUG_ON(!list_empty(&bdma_chan->queue)); + +- tasklet_disable(&bdma_chan->tasklet); ++ tsi721_bdma_interrupt_enable(bdma_chan, 0); ++ bdma_chan->active = false; ++ ++#ifdef CONFIG_PCI_MSI ++ if (priv->flags & TSI721_USING_MSIX) { ++ synchronize_irq(priv->msix[TSI721_VECT_DMA0_DONE + ++ bdma_chan->id].vector); ++ synchronize_irq(priv->msix[TSI721_VECT_DMA0_INT + ++ bdma_chan->id].vector); ++ } else ++#endif ++ synchronize_irq(priv->pdev->irq); ++ ++ tasklet_kill(&bdma_chan->tasklet); + + spin_lock_bh(&bdma_chan->lock); + list_splice_init(&bdma_chan->free_list, &list); + spin_unlock_bh(&bdma_chan->lock); + +- tsi721_bdma_interrupt_enable(bdma_chan, 0); +- + #ifdef CONFIG_PCI_MSI + if (priv->flags & TSI721_USING_MSIX) { + free_irq(priv->msix[TSI721_VECT_DMA0_DONE + +@@ -790,6 +799,7 @@ int tsi721_register_dma(struct tsi721_de + bdma_chan->dchan.cookie = 1; + bdma_chan->dchan.chan_id = i; + bdma_chan->id = i; ++ bdma_chan->active = false; + + spin_lock_init(&bdma_chan->lock); + +@@ -799,7 +809,6 @@ int tsi721_register_dma(struct tsi721_de + + tasklet_init(&bdma_chan->tasklet, tsi721_dma_tasklet, + (unsigned long)bdma_chan); +- tasklet_disable(&bdma_chan->tasklet); + list_add_tail(&bdma_chan->dchan.device_node, + &mport->dma.channels); + } diff --git a/queue-3.10/sched-fix-double-normalization-of-vruntime.patch b/queue-3.10/sched-fix-double-normalization-of-vruntime.patch new file mode 100644 index 00000000000..79ab34896b8 --- /dev/null +++ b/queue-3.10/sched-fix-double-normalization-of-vruntime.patch @@ -0,0 +1,60 @@ +From 791c9e0292671a3bfa95286bb5c08129d8605618 Mon Sep 17 00:00:00 2001 +From: George McCollister +Date: Tue, 18 Feb 2014 17:56:51 -0600 +Subject: sched: Fix double normalization of vruntime + +From: George McCollister + +commit 791c9e0292671a3bfa95286bb5c08129d8605618 upstream. + +dequeue_entity() is called when p->on_rq and sets se->on_rq = 0 +which appears to guarentee that the !se->on_rq condition is met. +If the task has done set_current_state(TASK_INTERRUPTIBLE) without +schedule() the second condition will be met and vruntime will be +incorrectly adjusted twice. + +In certain cases this can result in the task's vruntime never increasing +past the vruntime of other tasks on the CFS' run queue, starving them of +CPU time. + +This patch changes switched_from_fair() to use !p->on_rq instead of +!se->on_rq. + +I'm able to cause a task with a priority of 120 to starve all other +tasks with the same priority on an ARM platform running 3.2.51-rt72 +PREEMPT RT by writing one character at time to a serial tty (16550 UART) +in a tight loop. I'm also able to verify making this change corrects the +problem on that platform and kernel version. + +Signed-off-by: George McCollister +Signed-off-by: Peter Zijlstra +Link: http://lkml.kernel.org/r/1392767811-28916-1-git-send-email-george.mccollister@gmail.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/fair.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -5862,15 +5862,15 @@ static void switched_from_fair(struct rq + struct cfs_rq *cfs_rq = cfs_rq_of(se); + + /* +- * Ensure the task's vruntime is normalized, so that when its ++ * Ensure the task's vruntime is normalized, so that when it's + * switched back to the fair class the enqueue_entity(.flags=0) will + * do the right thing. + * +- * If it was on_rq, then the dequeue_entity(.flags=0) will already +- * have normalized the vruntime, if it was !on_rq, then only when ++ * If it's on_rq, then the dequeue_entity(.flags=0) will already ++ * have normalized the vruntime, if it's !on_rq, then only when + * the task is sleeping will it still have non-normalized vruntime. + */ +- if (!se->on_rq && p->state != TASK_RUNNING) { ++ if (!p->on_rq && p->state != TASK_RUNNING) { + /* + * Fix up our vruntime so that the current sleep doesn't + * cause 'unlimited' sleep bonus. diff --git a/queue-3.10/series b/queue-3.10/series index 81e4552c978..0dd30ae2918 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -1,2 +1,12 @@ ocfs2-fix-quota-file-corruption.patch ocfs2-syncs-the-wrong-range.patch +sched-fix-double-normalization-of-vruntime.patch +rapidio-tsi721-fix-tasklet-termination-in-dma-channel-release.patch +net-tcp-fastopen-fix-high-order-allocations.patch +neigh-recompute-reachabletime-before-returning-from-neigh_periodic_work.patch +virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch +ipv6-reuse-ip6_frag_id-from-ip6_ufo_append_data.patch +sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch +ipv6-ipv6_find_hdr-restore-prev-functionality.patch +tg3-don-t-check-undefined-error-bits-in-rxbd.patch +net-sctp-fix-sctp_sf_do_5_1d_ce-to-verify-if-we-peer-is-auth-capable.patch diff --git a/queue-3.10/sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch b/queue-3.10/sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch new file mode 100644 index 00000000000..20525aee556 --- /dev/null +++ b/queue-3.10/sfc-check-for-null-efx-ptp_data-in-efx_ptp_event.patch @@ -0,0 +1,37 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Edward Cree +Date: Tue, 25 Feb 2014 13:17:59 +0000 +Subject: sfc: check for NULL efx->ptp_data in efx_ptp_event + +From: Edward Cree + +[ Upstream commit 8f355e5cee63c2c0c145d8206c4245d0189f47ff ] + +If we receive a PTP event from the NIC when we haven't set up PTP state +in the driver, we attempt to read through a NULL pointer efx->ptp_data, +triggering a panic. + +Signed-off-by: Edward Cree +Acked-by: Shradha Shah +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/sfc/ptp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/net/ethernet/sfc/ptp.c ++++ b/drivers/net/ethernet/sfc/ptp.c +@@ -1319,6 +1319,13 @@ void efx_ptp_event(struct efx_nic *efx, + struct efx_ptp_data *ptp = efx->ptp_data; + int code = EFX_QWORD_FIELD(*ev, MCDI_EVENT_CODE); + ++ if (!ptp) { ++ if (net_ratelimit()) ++ netif_warn(efx, drv, efx->net_dev, ++ "Received PTP event but PTP not set up\n"); ++ return; ++ } ++ + if (!ptp->enabled) + return; + diff --git a/queue-3.10/tg3-don-t-check-undefined-error-bits-in-rxbd.patch b/queue-3.10/tg3-don-t-check-undefined-error-bits-in-rxbd.patch new file mode 100644 index 00000000000..52516ea8507 --- /dev/null +++ b/queue-3.10/tg3-don-t-check-undefined-error-bits-in-rxbd.patch @@ -0,0 +1,47 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Michael Chan +Date: Fri, 28 Feb 2014 15:05:10 -0800 +Subject: tg3: Don't check undefined error bits in RXBD + +From: Michael Chan + +[ Upstream commit d7b95315cc7f441418845a165ee56df723941487 ] + +Redefine the RXD_ERR_MASK to include only relevant error bits. This fixes +a customer reported issue of randomly dropping packets on the 5719. + +Signed-off-by: Michael Chan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/broadcom/tg3.c | 3 +-- + drivers/net/ethernet/broadcom/tg3.h | 6 +++++- + 2 files changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -6687,8 +6687,7 @@ static int tg3_rx(struct tg3_napi *tnapi + + work_mask |= opaque_key; + +- if ((desc->err_vlan & RXD_ERR_MASK) != 0 && +- (desc->err_vlan != RXD_ERR_ODD_NIBBLE_RCVD_MII)) { ++ if (desc->err_vlan & RXD_ERR_MASK) { + drop_it: + tg3_recycle_rx(tnapi, tpr, opaque_key, + desc_idx, *post_ptr); +--- a/drivers/net/ethernet/broadcom/tg3.h ++++ b/drivers/net/ethernet/broadcom/tg3.h +@@ -2587,7 +2587,11 @@ struct tg3_rx_buffer_desc { + #define RXD_ERR_TOO_SMALL 0x00400000 + #define RXD_ERR_NO_RESOURCES 0x00800000 + #define RXD_ERR_HUGE_FRAME 0x01000000 +-#define RXD_ERR_MASK 0xffff0000 ++ ++#define RXD_ERR_MASK (RXD_ERR_BAD_CRC | RXD_ERR_COLLISION | \ ++ RXD_ERR_LINK_LOST | RXD_ERR_PHY_DECODE | \ ++ RXD_ERR_MAC_ABRT | RXD_ERR_TOO_SMALL | \ ++ RXD_ERR_NO_RESOURCES | RXD_ERR_HUGE_FRAME) + + u32 reserved; + u32 opaque; diff --git a/queue-3.10/virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch b/queue-3.10/virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch new file mode 100644 index 00000000000..19fa6149a03 --- /dev/null +++ b/queue-3.10/virtio-net-alloc-big-buffers-also-when-guest-can-receive-ufo.patch @@ -0,0 +1,39 @@ +From foo@baz Wed Mar 19 23:28:23 Local time zone must be set--see zic manual page 2014 +From: Jason Wang +Date: Fri, 21 Feb 2014 13:08:04 +0800 +Subject: virtio-net: alloc big buffers also when guest can receive UFO + +From: Jason Wang + +[ Upstream commit 0e7ede80d929ff0f830c44a543daa1acd590c749 ] + +We should alloc big buffers also when guest can receive UFO +packets to let the big packets fit into guest rx buffer. + +Fixes 5c5167515d80f78f6bb538492c423adcae31ad65 +(virtio-net: Allow UFO feature to be set and advertised.) + +Cc: Rusty Russell +Cc: Michael S. Tsirkin +Cc: Sridhar Samudrala +Signed-off-by: Jason Wang +Acked-by: Michael S. Tsirkin +Acked-by: Rusty Russell +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/virtio_net.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -1597,7 +1597,8 @@ static int virtnet_probe(struct virtio_d + /* If we can receive ANY GSO packets, we must allocate large ones. */ + if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) || + virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) || +- virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN)) ++ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) || ++ virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO)) + vi->big_packets = true; + + if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF)) -- 2.47.3