Back in 2006, commit 1a2449a8

 ("[I/OAT]: TCP recv offload to I/OAT")
added support for receive offloading to IOAT dma engine if available.

The code in tcp_rcv_established() tries to perform early DMA copy if
applicable. It however does so without checking whether the userspace
task is actually expecting the data in the buffer.

This is not a problem under normal circumstances, but there is a corner
case where this doesn't work -- and that's when MSG_TRUNC flag to
recvmsg() is used.

If the IOAT dma engine is not used, the code properly checks whether
there is a valid ucopy.task and the socket is owned by userspace, but
misses the check in the dmaengine case.

This problem can be observed in real trivially -- for example 'tbench' is a
good reproducer, as it makes a heavy use of MSG_TRUNC. On systems utilizing
IOAT, you will soon find tbench waiting indefinitely in sk_wait_data(), as they
have been already early-copied in tcp_rcv_established() using dma engine.

This patch introduces the same check we are performing in the simple
iovec copy case to the IOAT case as well. It fixes the indefinite
recvmsg(MSG_TRUNC) hangs.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>

This reverts commit 5b3e7e6c

.

The problem that the original commit was attempting to fix can
never happen in practice because validation is done one a per-flow
basis rather than a per-packet basis.  Adding additional checks at
runtime is unnecessary and inconsistent with the rest of the code.

CC: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jesse Gross <jesse@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

commit 92101b3b

 (ipv4: Prepare for change of rt->rt_iif encoding.)
invalidated TCP early demux, because rx_dst_ifindex is not properly
initialized and checked.

Also remove the use of inet_iif(skb) in favor or skb->skb_iif

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

When device flags are set using rtnetlink, IFF_PROMISC and IFF_ALLMULTI
flags are handled specially. Function dev_change_flags sets IFF_PROMISC and
IFF_ALLMULTI bits in dev->gflags according to the passed value but
do_setlink passes a result of rtnl_dev_combine_flags which takes those bits
from dev->flags.

This can be easily trigerred by doing:

tcpdump -i eth0 &
ip l s up eth0

ip sets IFF_UP flag in ifi_flags and ifi_change, which is combined with
IFF_PROMISC by rtnl_dev_combine_flags, causing __dev_change_flags to set
IFF_PROMISC in gflags.

Reported-by: Max Matveev <makc@redhat.com>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

The problem is that we call this with a spin lock held.  The call tree
is:
	kaweth_start_xmit() holds kaweth->device_lock.
	-> kaweth_async_set_rx_mode()
	   -> kaweth_control()
	      -> kaweth_internal_control_msg()

The kaweth_internal_control_msg() function is only called from
kaweth_control() which used GFP_ATOMIC for its allocations.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

TCP_USER_TIMEOUT is a TCP level socket option that takes an unsigned int. But
patch "tcp: Add TCP_USER_TIMEOUT socket option"(dca43c75

) didn't check the negative
values. If a user assign -1 to it, the socket will set successfully and wait
for 4294967295 miliseconds. This patch add a negative value check to avoid
this issue.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull powerpc fixes from Benjamin Herrenschmidt:
 "Here's a handful of powerpc patches, a couple of regression fixes for
  problems introduced in the main batch in this merge window, a couple
  of defconfig updates, and some trivials.

  The radeonfb one is something that was long standing in SLES which I
  forgot to pickup earlier."

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc/ftrace: Trace function graph entry before updating index
  radeonfb: Add quirk for the graphics adapter in some JSxx
  powerpc: Lack of firmware flash support is not an error
  powerpc: Enable pseries hardware RNG and crypto modules
  powerpc: Update g5_defconfig
  powerpc/kvm/bookehv: Fix build regression
  powerpc: Set stack limit properly in crit_transfer_to_handler

Merge tag 'cpumask-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus

Pull cpumask changes from Rusty Russell:
 "Trivial comment changes to cpumask code.  I guess it's getting boring."

Boring is good.

* tag 'cpumask-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
  cpumask: cpulist_parse() comments correction
  init: add comments to keep initcall-names in sync with initcall levels
  cpumask: add a few comments of cpumask functions

Pull ARM SoC fixes from Olof Johansson:
 "A mixed bag of fixes, some for merge window fallout (tegra, MXS), and
  a short series of fixes for marvell platforms that didn't make it in
  before 3.5."

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: mxs: fix compile error caused by prom_update_property change
  ARM: dt: tegra trimslice: enable USB2 port
  ARM: dt: tegra trimslice: add vbus-gpio property
  ARM: vt8500: Add maintainer for VT8500 architecture
  ARM: Kirkwood: Replace mrvl with marvell
  ARM: Orion: fix driver probe error handling with respect to clk
  ARM: Dove: Fixup ge00 initialisation
  ARM: Kirkwood: Fix PHY disable clk problems
  ARM: Kirkwood: Ensure runit clock always ticks.
  ARM: versatile: Don't use platform clock for Integrator & VE
  ARM: tegra: harmony: add regulator supply name and its input supply

Pull LED subsystem update from Bryan Wu.

* 'for-3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds: (50 commits)
  leds-lp8788: forgotten unlock at lp8788_led_work
  LEDS: propagate error codes in blinkm_detect()
  LEDS: memory leak in blinkm_led_common_set()
  leds: add new lp8788 led driver
  LEDS: add BlinkM RGB LED driver, documentation and update MAINTAINERS
  leds: max8997: Simplify max8997_led_set_mode implementation
  leds/leds-s3c24xx: use devm_gpio_request
  leds: convert Network Space v2 LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert DAC124S085 LED driver to devm_kzalloc()
  leds: convert LM3530 LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert TCA6507 LED driver to devm_kzalloc()
  leds: convert Freescale MC13783 LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert ADP5520 LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert PCA955x LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert Sun Fire LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert PCA9532 LED driver to devm_kzalloc()
  leds: convert LT3593 LED driver to devm_kzalloc()
  leds: convert Renesas TPU LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert LP5523 LED driver to devm_kzalloc() and cleanup error exit path
  leds: convert PCA9633 LED driver to devm_kzalloc()
  ...

As Colin Cross ported my x86 change to ARM, he also pointed out that
powerpc is also behind in this fix.

The commit 722b3c74

 "ftrace/graph: Trace function entry before
updating index" fixes an issue with function graph tracing for x86,
where if the called entry function decides not to trace interrupts, it
can fail the check if an interrupt comes in just after the
curr_ret_stack is updated.

The solution is to call the entry function first, then update the
curr_ret_stack if the entry function wants to be traced.

Cc: Colin Cross <ccross@android.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

These devices are set to 640x480 by firmware, switch them to 800x600@60
so that the graphical installer can run on remote console.

Reported by IBM during SLES10 SP2 beta testing:

https://bugzilla.novell.com/show_bug.cgi?id=461002
LTC50817

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Reduce the severity of the warning given when firmware flash is
not supported. Not all platforms have it.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Enable the hardware RNG and crypto modules. I verified they both
autoload via the VIO subsystem, so there is no need to build them in.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

This updates the g5 defconfig to include nouveau instead of nvidiafb
(which works much better nowadays, in fact the latter crashes on modern
distros), and to set CONFIG_VT_HW_CONSOLE_BINDING without which takeover
from the firmware offb by nouveau doesn't work properly (and leads to
unexplained black screens for some users).

The rest is churn of going through defconfig / savedefconfig

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

After merging the register type check patches from Ben's tree, the
hv enabled booke implementation ceased to compile.

This patch fixes things up so everyone's happy again.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Commit 9778b696

 incorrectly
changes the code setting the stack limit on entry to the
kernel to mark the thread_info at the bottom of the stack
out of bounds anymore. This fixes it.

Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

Pull sparc updates from David Miller:
 "Nothing much this merge window for sparc.

  1) Fix FPU state management in sparc32, from Tkhai Kirill.

  2) More sparc32 mm layer code cleanups, largely more side effects of
     the sun4c support removal in the 3.5 From Sam Ravnborg.

  3) Remove unused code in sparc64, from Bjorn Helgaas and Kirill Tkhai.

  4) Some declaration and comment tidies in PROM support code, from
     Geert Uytterhoeven."

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: (24 commits)
  sparc32, copy_thread: Clear TIF_USEDFPU flag of created task instead of current
  sparc32: delete dead code in show_mem()
  sparc32: move kmap_init() to highmem.c
  sparc32: move probe_memory() to srmmu.c
  sparc32: drop unused BAD_PAGE stuff
  sparc32: centralize all mmu context handling in srmmu.c
  sparc32: drop quicklist
  sparc32: drop sparc model check in paging_init
  sparc32: drop sparc_unmapped_base
  sparc32,leon: drop leon_init()
  sparc32: drop fixmap.h
  sparc32: fixmap.h cleanup
  sparc32: drop unused kmap_atomic_to_page
  sparc32: drop swapper_pg_dir
  sparc32: beautify srmmu_inherit_prom_mappings()
  sparc32: use void * in nocache get/free
  sparc32: fix coding-style in srmmu.c
  sparc32: sort includes in srmmu.c
  sparc32: define a few srmmu functions __init
  sparc64: remove unused function straddles_64bit_va_hole()
  ...

Pull networking updates and fixes from David Miller:

1) Reinstate the no-ref optimization for input route lookups in ipv4 to
   fix some routing cache removal perf regressions.

2) Make TCP socket pre-demux work on ipv6 side too, from Eric Dumazet.

3) Get RX hash value from correct place in be2net driver, from
   Sarveshwar Bandi.

4) Validation of FIB cached routes missing critical check, from Eric
   Dumazet.

5) EEH support in mlx4 driver, from Kleber Sacilotto de Souza.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (23 commits)
  ipv6: Early TCP socket demux
  ipv4: Fix input route performance regression.
  pch_gbe: vlan skb len fix
  pch_gbe: add extra clean tx
  pch_gbe: fix transmit watchdog timeout
  ixgbe: fix panic while dumping packets on Tx hang with IOMMU
  be2net: Fix to parse RSS hash from Receive completions correctly.
  net/mlx4_en: Limit the RFS filter IDs to be < RPS_NO_FILTER
  hyperv: Add error handling to rndis_filter_device_add()
  hyperv: Add a check for ring_size value
  ipv4: rt_cache_valid must check expired routes
  net/pch_gpe: Cannot disable ethernet autonegation
  qeth: repair crash in qeth_l3_vlan_rx_kill_vid()
  netiucv: cleanup attribute usage
  net: wiznet add missing HAS_IOMEM dependency
  be2net: Missing byteswap in be_get_fw_log_level causes oops on PowerPC
  mlx4: Add support for EEH error recovery
  cdc-ncm: tag Ericsson WWAN devices (eg F5521gw) with FLAG_WWAN
  wanmain: comparing array with NULL
  caif: fix NULL pointer check
  ...

On powerpc, we don't get the implicit vmalloc.h include, and as a result
the build fails noisily:

  fs/btrfs/send.c: In function 'fs_path_free':
  fs/btrfs/send.c:185:4: error: implicit declaration of function 'vfree' [-Werror=implicit-function-declaration]
  fs/btrfs/send.c: In function 'fs_path_ensure_buf':
  fs/btrfs/send.c:215:4: error: implicit declaration of function 'vmalloc' [-Werror=implicit-function-declaration]
  fs/btrfs/send.c:215:12: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:225:12: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:233:13: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c: In function 'iterate_dir_item':
  fs/btrfs/send.c:900:10: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:909:11: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c: In function 'btrfs_ioctl_send':
  fs/btrfs/send.c:4463:17: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:4469:17: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:4475:2: error: implicit declaration of function 'vzalloc' [-Werror=implicit-function-declaration]
  fs/btrfs/send.c:4475:20: warning: assignment makes pointer from integer without a cast [enabled by default]
  fs/btrfs/send.c:4483:21: warning: assignment makes pointer from integer without a cast [enabled by default]

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

at default case of switch we return with out unlocking the mutex.

Signed-off-by: Devendra Naga <develkernel412222@gmail.com>
Signed-off-by: Bryan Wu <bryan.wu@canonical.com>

Use the error codes from the lower levels instead of -ENODEV.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jan-Simon Möller <jansimon.moeller@gmx.de>
Signed-off-by: Bryan Wu <bryan.wu@canonical.com>

This can return without freeing the bl_work struct.  Also there was no
check for allocation failure.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jan-Simon Möller <jansimon.moeller@gmx.de>
Signed-off-by: Bryan Wu <bryan.wu@canonical.com>

As introduced in Rusty's commit 29c0177e

, the function has no
parameter @len, so need to remove it from comments to avoid kernel-doc
warning:

alexs@debian:~/linux-next$ scripts/kernel-doc -man
include/linux/cpumask.h | split-man.pl /tmp/man
....
Warning(include/linux/cpumask.h:602): Excess function parameter 'len'
description in 'cpulist_parse'

and correct the function name in comments to cpulist_parse.

Signed-off-by: Alex Shi <alex.shi@intel.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

main.c has initcall_level_names[] for parse_args to print in debug messages,
add comments to keep them in sync with initcalls defined in init.h.

Also add "loadable" into comment re not using *_initcall macros in
modules, to disambiguate from kernel/params.c and other builtins.

Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Acked-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Current few cpumask functions' purposes are not quite clear. Stupid
user like myself needs to dig into details for clear function
purpose and return value.
Add few explanation for them is helpful.

Thanks for Srivatsa's comments and correction!

Signed-off-by: Alex Shi <alex.shi@intel.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

FPU state is saved into task_struct of created task. Current task continues
use of the state, so it needs TIF_USEDFPU flag is not cleared.

Created task receives fresh FPU and cleared TIF_USEFPU flag is required for it.

Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Try to keep highmem support in a more central place.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Only one user so move it to the file using it.
It had nothing to do in fault_32.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

The quicklist stuff is not used anymore - drop it.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

We already check the model in head_32.S so no need to
repeat the check here

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

The base is always the same so no need to use a variable for this.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

This function was only used to set of_pdt_build_more to leon_node_init().
But the leon_node_init() was a nop as prom_amba_init was never assigned.

Cc: Daniel Hellstrom <daniel@gaisler.com>
Cc: Konrad Eisele <konrad@gaisler.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

sparc32 does not support fixmaps - so do not pretend so by
having the fixmap.h file.
Move relevant parts to vaddrs.h.

I looked at simplifying this even more but failed to understand
the reasoning behind the extra guard page involved and due to
missing testing possibilities only the trivial conversion was done.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Remove all unused stuff from fixmap.h
It is only used for highmem - sparc32 has no fixmap support.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

No users left of this function - drop it.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

We save one page of RAM dropping swapper_pg_dir.
It was only used for an assignment in init-mm.c and we
redid this later in srmmu.c anyway.

This is likely a left-over from the sun4c removal.

To avoid a dummy variable we use a simple #define swapper_pg_dir NULL

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>