Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'net-6.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from bluetooth and CAN. No known outstanding
regressions.
Current release - regressions:
- mptcp: initialize rcv_mss before calling tcp_send_active_reset()
- eth: mlx5e: fix validation logic in rate limiting
Previous releases - regressions:
- xsk: avoid data corruption on cq descriptor number
- bluetooth:
- prevent race in socket write iter and sock bind
- fix not generating mackey and ltk when repairing
- can:
- kvaser_usb: fix potential infinite loop in command parsers
- rcar_canfd: fix CAN-FD mode as default
- eth:
- veth: reduce XDP no_direct return section to fix race
- virtio-net: avoid unnecessary checksum calculation on guest RX
Previous releases - always broken:
- sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr()
- bluetooth: mediatek: fix kernel crash when releasing iso interface
- vhost: rewind next_avail_head while discarding descriptors
- eth:
- r8169: fix RTL8127 hang on suspend/shutdown
- aquantia: add missing descriptor cache invalidation on ATL2
- dsa: microchip: fix resource releases in error path"
* tag 'net-6.18-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (47 commits)
mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
net: fec: do not register PPS event for PEROUT
net: fec: do not allow enabling PPS and PEROUT simultaneously
net: fec: do not update PEROUT if it is enabled
net: fec: cancel perout_timer when PEROUT is disabled
net: mctp: unconditionally set skb->dev on dst output
net: atlantic: fix fragment overflow handling in RX path
MAINTAINERS: separate VIRTIO NET DRIVER and add netdev
virtio-net: avoid unnecessary checksum calculation on guest RX
eth: fbnic: Fix counter roll-over issue
mptcp: clear scheduled subflows on retransmit
net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic
s390/net: list Aswin Karuvally as maintainer
net: wwan: mhi: Keep modem name match with Foxconn T99W640
vhost: rewind next_avail_head while discarding descriptors
net/sched: em_canid: fix uninit-value in em_canid_match
can: rcar_canfd: Fix CAN-FD mode as default
xsk: avoid data corruption on cq descriptor number
r8169: fix RTL8127 hang on suspend/shutdown
net: sxgbe: fix potential NULL dereference in sxgbe_rx()
...
+701
-354
+15
-4
MAINTAINERS
+15
-4
MAINTAINERS
···
22655
22655
22656
22656
S390 NETWORK DRIVERS
22657
22657
M: Alexandra Winter <wintera@linux.ibm.com>
22658
-
R: Aswin Karuvally <aswin@linux.ibm.com>
22658
+
M: Aswin Karuvally <aswin@linux.ibm.com>
22659
22659
L: linux-s390@vger.kernel.org
22660
22660
L: netdev@vger.kernel.org
22661
22661
S: Supported
···
27122
27122
F: drivers/char/virtio_console.c
27123
27123
F: include/uapi/linux/virtio_console.h
27124
27124
27125
-
VIRTIO CORE AND NET DRIVERS
27125
+
VIRTIO CORE
27126
27126
M: "Michael S. Tsirkin" <mst@redhat.com>
27127
27127
M: Jason Wang <jasowang@redhat.com>
27128
27128
R: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
···
27135
27135
F: Documentation/driver-api/virtio/
27136
27136
F: drivers/block/virtio_blk.c
27137
27137
F: drivers/crypto/virtio/
27138
-
F: drivers/net/virtio_net.c
27139
27138
F: drivers/vdpa/
27140
27139
F: drivers/virtio/
27141
27140
F: include/linux/vdpa.h
···
27143
27144
F: include/uapi/linux/virtio_*.h
27144
27145
F: net/vmw_vsock/virtio*
27145
27146
F: tools/virtio/
27146
-
F: tools/testing/selftests/drivers/net/virtio_net/
27147
27147
27148
27148
VIRTIO CRYPTO DRIVER
27149
27149
M: Gonglei <arei.gonglei@huawei.com>
···
27253
27255
W: https://virtio-mem.gitlab.io/
27254
27256
F: drivers/virtio/virtio_mem.c
27255
27257
F: include/uapi/linux/virtio_mem.h
27258
+
27259
+
VIRTIO NET DRIVER
27260
+
M: "Michael S. Tsirkin" <mst@redhat.com>
27261
+
M: Jason Wang <jasowang@redhat.com>
27262
+
R: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
27263
+
R: Eugenio Pérez <eperezma@redhat.com>
27264
+
L: netdev@vger.kernel.org
27265
+
L: virtualization@lists.linux.dev
27266
+
S: Maintained
27267
+
F: drivers/net/virtio_net.c
27268
+
F: include/linux/virtio_net.h
27269
+
F: include/uapi/linux/virtio_net.h
27270
+
F: tools/testing/selftests/drivers/net/virtio_net/
27256
27271
27257
27272
VIRTIO PMEM DRIVER
27258
27273
M: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
+2
drivers/atm/fore200e.c
+2
drivers/atm/fore200e.c
+32
-7
drivers/bluetooth/btusb.c
+32
-7
drivers/bluetooth/btusb.c
···
2711
2711
2712
2712
static void btusb_mtk_claim_iso_intf(struct btusb_data *data)
2713
2713
{
2714
-
struct btmtk_data *btmtk_data = hci_get_priv(data->hdev);
2714
+
struct btmtk_data *btmtk_data;
2715
2715
int err;
2716
+
2717
+
if (!data->hdev)
2718
+
return;
2719
+
2720
+
btmtk_data = hci_get_priv(data->hdev);
2721
+
if (!btmtk_data)
2722
+
return;
2723
+
2724
+
if (!btmtk_data->isopkt_intf) {
2725
+
bt_dev_err(data->hdev, "Can't claim NULL iso interface");
2726
+
return;
2727
+
}
2716
2728
2717
2729
/*
2718
2730
* The function usb_driver_claim_interface() is documented to need
···
2747
2735
2748
2736
static void btusb_mtk_release_iso_intf(struct hci_dev *hdev)
2749
2737
{
2750
-
struct btmtk_data *btmtk_data = hci_get_priv(hdev);
2738
+
struct btmtk_data *btmtk_data;
2739
+
2740
+
if (!hdev)
2741
+
return;
2742
+
2743
+
btmtk_data = hci_get_priv(hdev);
2744
+
if (!btmtk_data)
2745
+
return;
2751
2746
2752
2747
if (test_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags)) {
2753
2748
usb_kill_anchored_urbs(&btmtk_data->isopkt_anchor);
2754
2749
clear_bit(BTMTK_ISOPKT_RUNNING, &btmtk_data->flags);
2755
2750
2756
-
dev_kfree_skb_irq(btmtk_data->isopkt_skb);
2757
-
btmtk_data->isopkt_skb = NULL;
2758
-
usb_set_intfdata(btmtk_data->isopkt_intf, NULL);
2759
-
usb_driver_release_interface(&btusb_driver,
2760
-
btmtk_data->isopkt_intf);
2751
+
if (btmtk_data->isopkt_skb) {
2752
+
dev_kfree_skb_irq(btmtk_data->isopkt_skb);
2753
+
btmtk_data->isopkt_skb = NULL;
2754
+
}
2755
+
2756
+
if (btmtk_data->isopkt_intf) {
2757
+
usb_set_intfdata(btmtk_data->isopkt_intf, NULL);
2758
+
usb_driver_release_interface(&btusb_driver,
2759
+
btmtk_data->isopkt_intf);
2760
+
btmtk_data->isopkt_intf = NULL;
2761
+
}
2761
2762
}
2762
2763
2763
2764
clear_bit(BTMTK_ISOPKT_OVER_INTR, &btmtk_data->flags);
+31
-22
drivers/net/can/rcar/rcar_canfd.c
+31
-22
drivers/net/can/rcar/rcar_canfd.c
···
709
709
rcar_canfd_update(val, val, addr);
710
710
}
711
711
712
+
static void rcar_canfd_clear_bit_reg(void __iomem *addr, u32 val)
713
+
{
714
+
rcar_canfd_update(val, 0, addr);
715
+
}
716
+
712
717
static void rcar_canfd_update_bit_reg(void __iomem *addr, u32 mask, u32 val)
713
718
{
714
719
rcar_canfd_update(mask, val, addr);
···
760
755
rcar_canfd_set_bit(gpriv->base, RCANFD_GAFLCFG(w), rnc);
761
756
}
762
757
763
-
static void rcar_canfd_set_mode(struct rcar_canfd_global *gpriv)
764
-
{
765
-
if (gpriv->info->ch_interface_mode) {
766
-
u32 ch, val = gpriv->fdmode ? RCANFD_GEN4_FDCFG_FDOE
767
-
: RCANFD_GEN4_FDCFG_CLOE;
768
-
769
-
for_each_set_bit(ch, &gpriv->channels_mask,
770
-
gpriv->info->max_channels)
771
-
rcar_canfd_set_bit_reg(&gpriv->fcbase[ch].cfdcfg, val);
772
-
} else {
773
-
if (gpriv->fdmode)
774
-
rcar_canfd_set_bit(gpriv->base, RCANFD_GRMCFG,
775
-
RCANFD_GRMCFG_RCMC);
776
-
else
777
-
rcar_canfd_clear_bit(gpriv->base, RCANFD_GRMCFG,
778
-
RCANFD_GRMCFG_RCMC);
779
-
}
780
-
}
781
-
782
758
static int rcar_canfd_reset_controller(struct rcar_canfd_global *gpriv)
783
759
{
784
760
struct device *dev = &gpriv->pdev->dev;
···
792
806
/* Reset Global error flags */
793
807
rcar_canfd_write(gpriv->base, RCANFD_GERFL, 0x0);
794
808
809
+
/* Set the controller into appropriate mode */
810
+
if (!gpriv->info->ch_interface_mode) {
811
+
if (gpriv->fdmode)
812
+
rcar_canfd_set_bit(gpriv->base, RCANFD_GRMCFG,
813
+
RCANFD_GRMCFG_RCMC);
814
+
else
815
+
rcar_canfd_clear_bit(gpriv->base, RCANFD_GRMCFG,
816
+
RCANFD_GRMCFG_RCMC);
817
+
}
818
+
795
819
/* Transition all Channels to reset mode */
796
820
for_each_set_bit(ch, &gpriv->channels_mask, gpriv->info->max_channels) {
797
821
rcar_canfd_clear_bit(gpriv->base,
···
819
823
dev_dbg(dev, "channel %u reset failed\n", ch);
820
824
return err;
821
825
}
822
-
}
823
826
824
-
/* Set the controller into appropriate mode */
825
-
rcar_canfd_set_mode(gpriv);
827
+
/* Set the controller into appropriate mode */
828
+
if (gpriv->info->ch_interface_mode) {
829
+
/* Do not set CLOE and FDOE simultaneously */
830
+
if (!gpriv->fdmode) {
831
+
rcar_canfd_clear_bit_reg(&gpriv->fcbase[ch].cfdcfg,
832
+
RCANFD_GEN4_FDCFG_FDOE);
833
+
rcar_canfd_set_bit_reg(&gpriv->fcbase[ch].cfdcfg,
834
+
RCANFD_GEN4_FDCFG_CLOE);
835
+
} else {
836
+
rcar_canfd_clear_bit_reg(&gpriv->fcbase[ch].cfdcfg,
837
+
RCANFD_GEN4_FDCFG_FDOE);
838
+
rcar_canfd_clear_bit_reg(&gpriv->fcbase[ch].cfdcfg,
839
+
RCANFD_GEN4_FDCFG_CLOE);
840
+
}
841
+
}
842
+
}
826
843
827
844
return 0;
828
845
}
+2
-2
drivers/net/can/sja1000/sja1000.c
+2
-2
drivers/net/can/sja1000/sja1000.c
···
548
548
if (priv->read_reg(priv, SJA1000_IER) == IRQ_OFF)
549
549
goto out;
550
550
551
-
while ((isrc = priv->read_reg(priv, SJA1000_IR)) &&
552
-
(n < SJA1000_MAX_IRQ)) {
551
+
while ((n < SJA1000_MAX_IRQ) &&
552
+
(isrc = priv->read_reg(priv, SJA1000_IR))) {
553
553
554
554
status = priv->read_reg(priv, SJA1000_SR);
555
555
/* check for absent controller due to hw unplug */
+2
-2
drivers/net/can/sun4i_can.c
+2
-2
drivers/net/can/sun4i_can.c
···
657
657
u8 isrc, status;
658
658
int n = 0;
659
659
660
-
while ((isrc = readl(priv->base + SUN4I_REG_INT_ADDR)) &&
661
-
(n < SUN4I_CAN_MAX_IRQ)) {
660
+
while ((n < SUN4I_CAN_MAX_IRQ) &&
661
+
(isrc = readl(priv->base + SUN4I_REG_INT_ADDR))) {
662
662
n++;
663
663
status = readl(priv->base + SUN4I_REG_STA_ADDR);
664
664
+88
-14
drivers/net/can/usb/gs_usb.c
+88
-14
drivers/net/can/usb/gs_usb.c
···
261
261
u8 quirk;
262
262
} __packed;
263
263
264
-
struct gs_host_frame {
265
-
u32 echo_id;
266
-
__le32 can_id;
264
+
/* struct gs_host_frame::echo_id == GS_HOST_FRAME_ECHO_ID_RX indicates
265
+
* a regular RX'ed CAN frame
266
+
*/
267
+
#define GS_HOST_FRAME_ECHO_ID_RX 0xffffffff
267
268
268
-
u8 can_dlc;
269
-
u8 channel;
270
-
u8 flags;
271
-
u8 reserved;
269
+
struct gs_host_frame {
270
+
struct_group(header,
271
+
u32 echo_id;
272
+
__le32 can_id;
273
+
274
+
u8 can_dlc;
275
+
u8 channel;
276
+
u8 flags;
277
+
u8 reserved;
278
+
);
272
279
273
280
union {
274
281
DECLARE_FLEX_ARRAY(struct classic_can, classic_can);
···
575
568
return len;
576
569
}
577
570
571
+
static unsigned int
572
+
gs_usb_get_minimum_rx_length(const struct gs_can *dev, const struct gs_host_frame *hf,
573
+
unsigned int *data_length_p)
574
+
{
575
+
unsigned int minimum_length, data_length = 0;
576
+
577
+
if (hf->flags & GS_CAN_FLAG_FD) {
578
+
if (hf->echo_id == GS_HOST_FRAME_ECHO_ID_RX)
579
+
data_length = can_fd_dlc2len(hf->can_dlc);
580
+
581
+
if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP)
582
+
/* timestamp follows data field of max size */
583
+
minimum_length = struct_size(hf, canfd_ts, 1);
584
+
else
585
+
minimum_length = sizeof(hf->header) + data_length;
586
+
} else {
587
+
if (hf->echo_id == GS_HOST_FRAME_ECHO_ID_RX &&
588
+
!(hf->can_id & cpu_to_le32(CAN_RTR_FLAG)))
589
+
data_length = can_cc_dlc2len(hf->can_dlc);
590
+
591
+
if (dev->feature & GS_CAN_FEATURE_HW_TIMESTAMP)
592
+
/* timestamp follows data field of max size */
593
+
minimum_length = struct_size(hf, classic_can_ts, 1);
594
+
else
595
+
minimum_length = sizeof(hf->header) + data_length;
596
+
}
597
+
598
+
*data_length_p = data_length;
599
+
return minimum_length;
600
+
}
601
+
578
602
static void gs_usb_receive_bulk_callback(struct urb *urb)
579
603
{
580
604
struct gs_usb *parent = urb->context;
···
614
576
int rc;
615
577
struct net_device_stats *stats;
616
578
struct gs_host_frame *hf = urb->transfer_buffer;
579
+
unsigned int minimum_length, data_length;
617
580
struct gs_tx_context *txc;
618
581
struct can_frame *cf;
619
582
struct canfd_frame *cfd;
···
633
594
return;
634
595
}
635
596
597
+
minimum_length = sizeof(hf->header);
598
+
if (urb->actual_length < minimum_length) {
599
+
dev_err_ratelimited(&parent->udev->dev,
600
+
"short read (actual_length=%u, minimum_length=%u)\n",
601
+
urb->actual_length, minimum_length);
602
+
603
+
goto resubmit_urb;
604
+
}
605
+
636
606
/* device reports out of range channel id */
637
607
if (hf->channel >= parent->channel_cnt)
638
608
goto device_detach;
···
657
609
if (!netif_running(netdev))
658
610
goto resubmit_urb;
659
611
660
-
if (hf->echo_id == -1) { /* normal rx */
612
+
minimum_length = gs_usb_get_minimum_rx_length(dev, hf, &data_length);
613
+
if (urb->actual_length < minimum_length) {
614
+
stats->rx_errors++;
615
+
stats->rx_length_errors++;
616
+
617
+
if (net_ratelimit())
618
+
netdev_err(netdev,
619
+
"short read (actual_length=%u, minimum_length=%u)\n",
620
+
urb->actual_length, minimum_length);
621
+
622
+
goto resubmit_urb;
623
+
}
624
+
625
+
if (hf->echo_id == GS_HOST_FRAME_ECHO_ID_RX) { /* normal rx */
661
626
if (hf->flags & GS_CAN_FLAG_FD) {
662
627
skb = alloc_canfd_skb(netdev, &cfd);
663
628
if (!skb)
664
629
return;
665
630
666
631
cfd->can_id = le32_to_cpu(hf->can_id);
667
-
cfd->len = can_fd_dlc2len(hf->can_dlc);
632
+
cfd->len = data_length;
668
633
if (hf->flags & GS_CAN_FLAG_BRS)
669
634
cfd->flags |= CANFD_BRS;
670
635
if (hf->flags & GS_CAN_FLAG_ESI)
671
636
cfd->flags |= CANFD_ESI;
672
637
673
-
memcpy(cfd->data, hf->canfd->data, cfd->len);
638
+
memcpy(cfd->data, hf->canfd->data, data_length);
674
639
} else {
675
640
skb = alloc_can_skb(netdev, &cf);
676
641
if (!skb)
···
692
631
cf->can_id = le32_to_cpu(hf->can_id);
693
632
can_frame_set_cc_len(cf, hf->can_dlc, dev->can.ctrlmode);
694
633
695
-
memcpy(cf->data, hf->classic_can->data, 8);
634
+
memcpy(cf->data, hf->classic_can->data, data_length);
696
635
697
636
/* ERROR frames tell us information about the controller */
698
637
if (le32_to_cpu(hf->can_id) & CAN_ERR_FLAG)
···
748
687
resubmit_urb:
749
688
usb_fill_bulk_urb(urb, parent->udev,
750
689
parent->pipe_in,
751
-
hf, dev->parent->hf_size_rx,
690
+
hf, parent->hf_size_rx,
752
691
gs_usb_receive_bulk_callback, parent);
753
692
754
693
rc = usb_submit_urb(urb, GFP_ATOMIC);
···
811
750
struct gs_can *dev = txc->dev;
812
751
struct net_device *netdev = dev->netdev;
813
752
814
-
if (urb->status)
815
-
netdev_info(netdev, "usb xmit fail %u\n", txc->echo_id);
753
+
if (!urb->status)
754
+
return;
755
+
756
+
if (urb->status != -ESHUTDOWN && net_ratelimit())
757
+
netdev_info(netdev, "failed to xmit URB %u: %pe\n",
758
+
txc->echo_id, ERR_PTR(urb->status));
759
+
760
+
netdev->stats.tx_dropped++;
761
+
netdev->stats.tx_errors++;
762
+
763
+
can_free_echo_skb(netdev, txc->echo_id, NULL);
764
+
gs_free_tx_context(txc);
765
+
atomic_dec(&dev->active_tx_urbs);
766
+
767
+
netif_wake_queue(netdev);
816
768
}
817
769
818
770
static netdev_tx_t gs_can_start_xmit(struct sk_buff *skb,
+2
-2
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+2
-2
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
···
685
685
* for further details.
686
686
*/
687
687
if (tmp->len == 0) {
688
-
pos = round_up(pos,
688
+
pos = round_up(pos + 1,
689
689
le16_to_cpu
690
690
(dev->bulk_in->wMaxPacketSize));
691
691
continue;
···
1732
1732
* number of events in case of a heavy rx load on the bus.
1733
1733
*/
1734
1734
if (cmd->len == 0) {
1735
-
pos = round_up(pos, le16_to_cpu
1735
+
pos = round_up(pos + 1, le16_to_cpu
1736
1736
(dev->bulk_in->wMaxPacketSize));
1737
1737
continue;
1738
1738
}
+15
-16
drivers/net/dsa/microchip/ksz_common.c
+15
-16
drivers/net/dsa/microchip/ksz_common.c
···
2587
2587
2588
2588
irq = irq_find_mapping(dev->ports[port].pirq.domain,
2589
2589
PORT_SRC_PHY_INT);
2590
-
if (irq < 0) {
2591
-
ret = irq;
2590
+
if (!irq) {
2591
+
ret = -EINVAL;
2592
2592
goto out;
2593
2593
}
2594
2594
ds->user_mii_bus->irq[phy] = irq;
···
2952
2952
snprintf(pirq->name, sizeof(pirq->name), "port_irq-%d", p);
2953
2953
2954
2954
pirq->irq_num = irq_find_mapping(dev->girq.domain, p);
2955
-
if (pirq->irq_num < 0)
2956
-
return pirq->irq_num;
2955
+
if (!pirq->irq_num)
2956
+
return -EINVAL;
2957
2957
2958
2958
return ksz_irq_common_setup(dev, pirq);
2959
2959
}
···
3038
3038
dsa_switch_for_each_user_port(dp, dev->ds) {
3039
3039
ret = ksz_pirq_setup(dev, dp->index);
3040
3040
if (ret)
3041
-
goto out_girq;
3041
+
goto port_release;
3042
3042
3043
3043
if (dev->info->ptp_capable) {
3044
3044
ret = ksz_ptp_irq_setup(ds, dp->index);
3045
3045
if (ret)
3046
-
goto out_pirq;
3046
+
goto pirq_release;
3047
3047
}
3048
3048
}
3049
3049
}
···
3053
3053
if (ret) {
3054
3054
dev_err(dev->dev, "Failed to register PTP clock: %d\n",
3055
3055
ret);
3056
-
goto out_ptpirq;
3056
+
goto port_release;
3057
3057
}
3058
3058
}
3059
3059
···
3076
3076
out_ptp_clock_unregister:
3077
3077
if (dev->info->ptp_capable)
3078
3078
ksz_ptp_clock_unregister(ds);
3079
-
out_ptpirq:
3080
-
if (dev->irq > 0 && dev->info->ptp_capable)
3081
-
dsa_switch_for_each_user_port(dp, dev->ds)
3082
-
ksz_ptp_irq_free(ds, dp->index);
3083
-
out_pirq:
3084
-
if (dev->irq > 0)
3085
-
dsa_switch_for_each_user_port(dp, dev->ds)
3079
+
port_release:
3080
+
if (dev->irq > 0) {
3081
+
dsa_switch_for_each_user_port_continue_reverse(dp, dev->ds) {
3082
+
if (dev->info->ptp_capable)
3083
+
ksz_ptp_irq_free(ds, dp->index);
3084
+
pirq_release:
3086
3085
ksz_irq_free(&dev->ports[dp->index].pirq);
3087
-
out_girq:
3088
-
if (dev->irq > 0)
3086
+
}
3089
3087
ksz_irq_free(&dev->girq);
3088
+
}
3090
3089
3091
3090
return ret;
3092
3091
}
+9
-13
drivers/net/dsa/microchip/ksz_ptp.c
+9
-13
drivers/net/dsa/microchip/ksz_ptp.c
···
1093
1093
static const char * const name[] = {"pdresp-msg", "xdreq-msg",
1094
1094
"sync-msg"};
1095
1095
const struct ksz_dev_ops *ops = port->ksz_dev->dev_ops;
1096
+
struct ksz_irq *ptpirq = &port->ptpirq;
1096
1097
struct ksz_ptp_irq *ptpmsg_irq;
1097
1098
1098
1099
ptpmsg_irq = &port->ptpmsg_irq[n];
1100
+
ptpmsg_irq->num = irq_create_mapping(ptpirq->domain, n);
1101
+
if (!ptpmsg_irq->num)
1102
+
return -EINVAL;
1099
1103
1100
1104
ptpmsg_irq->port = port;
1101
1105
ptpmsg_irq->ts_reg = ops->get_port_addr(port->num, ts_reg[n]);
1102
1106
1103
1107
strscpy(ptpmsg_irq->name, name[n]);
1104
-
1105
-
ptpmsg_irq->num = irq_find_mapping(port->ptpirq.domain, n);
1106
-
if (ptpmsg_irq->num < 0)
1107
-
return ptpmsg_irq->num;
1108
1108
1109
1109
return request_threaded_irq(ptpmsg_irq->num, NULL,
1110
1110
ksz_ptp_msg_thread_fn, IRQF_ONESHOT,
···
1135
1135
if (!ptpirq->domain)
1136
1136
return -ENOMEM;
1137
1137
1138
-
for (irq = 0; irq < ptpirq->nirqs; irq++)
1139
-
irq_create_mapping(ptpirq->domain, irq);
1140
-
1141
1138
ptpirq->irq_num = irq_find_mapping(port->pirq.domain, PORT_SRC_PTP_INT);
1142
-
if (ptpirq->irq_num < 0) {
1143
-
ret = ptpirq->irq_num;
1139
+
if (!ptpirq->irq_num) {
1140
+
ret = -EINVAL;
1144
1141
goto out;
1145
1142
}
1146
1143
···
1156
1159
1157
1160
out_ptp_msg:
1158
1161
free_irq(ptpirq->irq_num, ptpirq);
1159
-
while (irq--)
1162
+
while (irq--) {
1160
1163
free_irq(port->ptpmsg_irq[irq].num, &port->ptpmsg_irq[irq]);
1161
-
out:
1162
-
for (irq = 0; irq < ptpirq->nirqs; irq++)
1163
1164
irq_dispose_mapping(port->ptpmsg_irq[irq].num);
1164
-
1165
+
}
1166
+
out:
1165
1167
irq_domain_remove(ptpirq->domain);
1166
1168
1167
1169
return ret;
-7
drivers/net/dsa/sja1105/sja1105_main.c
-7
drivers/net/dsa/sja1105/sja1105_main.c
···
1302
1302
* table, since this will be used for the clocking setup, and we no
1303
1303
* longer need to store it in the static config (already told hardware
1304
1304
* we want auto during upload phase).
1305
-
* Actually for the SGMII port, the MAC is fixed at 1 Gbps and
1306
-
* we need to configure the PCS only (if even that).
1307
1305
*/
1308
-
if (priv->phy_mode[port] == PHY_INTERFACE_MODE_SGMII)
1309
-
speed = priv->info->port_speed[SJA1105_SPEED_1000MBPS];
1310
-
else if (priv->phy_mode[port] == PHY_INTERFACE_MODE_2500BASEX)
1311
-
speed = priv->info->port_speed[SJA1105_SPEED_2500MBPS];
1312
-
1313
1306
mac[port].speed = speed;
1314
1307
1315
1308
return 0;
+22
drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c
+22
drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.c
···
15
15
16
16
#include "aq_hw.h"
17
17
#include "aq_nic.h"
18
+
#include "hw_atl/hw_atl_llh.h"
18
19
19
20
void aq_hw_write_reg_bit(struct aq_hw_s *aq_hw, u32 addr, u32 msk,
20
21
u32 shift, u32 val)
···
80
79
writeq(value, hw->mmio + reg);
81
80
else
82
81
lo_hi_writeq(value, hw->mmio + reg);
82
+
}
83
+
84
+
int aq_hw_invalidate_descriptor_cache(struct aq_hw_s *hw)
85
+
{
86
+
int err;
87
+
u32 val;
88
+
89
+
/* Invalidate Descriptor Cache to prevent writing to the cached
90
+
* descriptors and to the data pointer of those descriptors
91
+
*/
92
+
hw_atl_rdm_rx_dma_desc_cache_init_tgl(hw);
93
+
94
+
err = aq_hw_err_from_flags(hw);
95
+
if (err)
96
+
goto err_exit;
97
+
98
+
readx_poll_timeout_atomic(hw_atl_rdm_rx_dma_desc_cache_init_done_get,
99
+
hw, val, val == 1, 1000U, 10000U);
100
+
101
+
err_exit:
102
+
return err;
83
103
}
84
104
85
105
int aq_hw_err_from_flags(struct aq_hw_s *hw)
+1
drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h
+1
drivers/net/ethernet/aquantia/atlantic/aq_hw_utils.h
···
35
35
void aq_hw_write_reg(struct aq_hw_s *hw, u32 reg, u32 value);
36
36
u64 aq_hw_read_reg64(struct aq_hw_s *hw, u32 reg);
37
37
void aq_hw_write_reg64(struct aq_hw_s *hw, u32 reg, u64 value);
38
+
int aq_hw_invalidate_descriptor_cache(struct aq_hw_s *hw);
38
39
int aq_hw_err_from_flags(struct aq_hw_s *hw);
39
40
int aq_hw_num_tcs(struct aq_hw_s *hw);
40
41
int aq_hw_q_per_tc(struct aq_hw_s *hw);
+5
drivers/net/ethernet/aquantia/atlantic/aq_ring.c
+5
drivers/net/ethernet/aquantia/atlantic/aq_ring.c
+1
-18
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
+1
-18
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
···
1198
1198
1199
1199
static int hw_atl_b0_hw_stop(struct aq_hw_s *self)
1200
1200
{
1201
-
int err;
1202
-
u32 val;
1203
-
1204
1201
hw_atl_b0_hw_irq_disable(self, HW_ATL_B0_INT_MASK);
1205
1202
1206
-
/* Invalidate Descriptor Cache to prevent writing to the cached
1207
-
* descriptors and to the data pointer of those descriptors
1208
-
*/
1209
-
hw_atl_rdm_rx_dma_desc_cache_init_tgl(self);
1210
-
1211
-
err = aq_hw_err_from_flags(self);
1212
-
1213
-
if (err)
1214
-
goto err_exit;
1215
-
1216
-
readx_poll_timeout_atomic(hw_atl_rdm_rx_dma_desc_cache_init_done_get,
1217
-
self, val, val == 1, 1000U, 10000U);
1218
-
1219
-
err_exit:
1220
-
return err;
1203
+
return aq_hw_invalidate_descriptor_cache(self);
1221
1204
}
1222
1205
1223
1206
int hw_atl_b0_hw_ring_tx_stop(struct aq_hw_s *self, struct aq_ring_s *ring)
+1
-1
drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c
+1
-1
drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c
+1
drivers/net/ethernet/freescale/fec.h
+1
drivers/net/ethernet/freescale/fec.h
+52
-12
drivers/net/ethernet/freescale/fec_ptp.c
+52
-12
drivers/net/ethernet/freescale/fec_ptp.c
···
128
128
129
129
spin_lock_irqsave(&fep->tmreg_lock, flags);
130
130
131
+
if (fep->perout_enable) {
132
+
spin_unlock_irqrestore(&fep->tmreg_lock, flags);
133
+
dev_err(&fep->pdev->dev, "PEROUT is running");
134
+
return -EBUSY;
135
+
}
136
+
131
137
if (fep->pps_enable == enable) {
132
138
spin_unlock_irqrestore(&fep->tmreg_lock, flags);
133
139
return 0;
···
249
243
* the FEC_TCCR register in time and missed the start time.
250
244
*/
251
245
if (fep->perout_stime < curr_time + 100 * NSEC_PER_MSEC) {
246
+
fep->perout_enable = false;
252
247
dev_err(&fep->pdev->dev, "Current time is too close to the start time!\n");
253
248
spin_unlock_irqrestore(&fep->tmreg_lock, flags);
254
249
return -1;
···
504
497
{
505
498
unsigned long flags;
506
499
500
+
hrtimer_cancel(&fep->perout_timer);
501
+
507
502
spin_lock_irqsave(&fep->tmreg_lock, flags);
503
+
fep->perout_enable = false;
508
504
writel(0, fep->hwp + FEC_TCSR(channel));
509
505
spin_unlock_irqrestore(&fep->tmreg_lock, flags);
510
506
···
539
529
540
530
return ret;
541
531
} else if (rq->type == PTP_CLK_REQ_PEROUT) {
532
+
u32 reload_period;
533
+
542
534
/* Reject requests with unsupported flags */
543
535
if (rq->perout.flags)
544
536
return -EOPNOTSUPP;
···
560
548
return -EOPNOTSUPP;
561
549
}
562
550
563
-
fep->reload_period = div_u64(period_ns, 2);
564
-
if (on && fep->reload_period) {
551
+
reload_period = div_u64(period_ns, 2);
552
+
if (on && reload_period) {
553
+
u64 perout_stime;
554
+
565
555
/* Convert 1588 timestamp to ns*/
566
556
start_time.tv_sec = rq->perout.start.sec;
567
557
start_time.tv_nsec = rq->perout.start.nsec;
568
-
fep->perout_stime = timespec64_to_ns(&start_time);
558
+
perout_stime = timespec64_to_ns(&start_time);
569
559
570
560
mutex_lock(&fep->ptp_clk_mutex);
571
561
if (!fep->ptp_clk_on) {
···
576
562
return -EOPNOTSUPP;
577
563
}
578
564
spin_lock_irqsave(&fep->tmreg_lock, flags);
565
+
566
+
if (fep->pps_enable) {
567
+
dev_err(&fep->pdev->dev, "PPS is running");
568
+
ret = -EBUSY;
569
+
goto unlock;
570
+
}
571
+
572
+
if (fep->perout_enable) {
573
+
dev_err(&fep->pdev->dev,
574
+
"PEROUT has been enabled\n");
575
+
ret = -EBUSY;
576
+
goto unlock;
577
+
}
578
+
579
579
/* Read current timestamp */
580
580
curr_time = timecounter_read(&fep->tc);
581
+
if (perout_stime <= curr_time) {
582
+
dev_err(&fep->pdev->dev,
583
+
"Start time must be greater than current time\n");
584
+
ret = -EINVAL;
585
+
goto unlock;
586
+
}
587
+
588
+
/* Calculate time difference */
589
+
delta = perout_stime - curr_time;
590
+
fep->reload_period = reload_period;
591
+
fep->perout_stime = perout_stime;
592
+
fep->perout_enable = true;
593
+
594
+
unlock:
581
595
spin_unlock_irqrestore(&fep->tmreg_lock, flags);
582
596
mutex_unlock(&fep->ptp_clk_mutex);
583
597
584
-
/* Calculate time difference */
585
-
delta = fep->perout_stime - curr_time;
586
-
587
-
if (fep->perout_stime <= curr_time) {
588
-
dev_err(&fep->pdev->dev, "Start time must larger than current time!\n");
589
-
return -EINVAL;
590
-
}
598
+
if (ret)
599
+
return ret;
591
600
592
601
/* Because the timer counter of FEC only has 31-bits, correspondingly,
593
602
* the time comparison register FEC_TCCR also only low 31 bits can be
···
718
681
fep->next_counter = (fep->next_counter + fep->reload_period) &
719
682
fep->cc.mask;
720
683
721
-
event.type = PTP_CLOCK_PPS;
722
-
ptp_clock_event(fep->ptp_clock, &event);
684
+
if (fep->pps_enable) {
685
+
event.type = PTP_CLOCK_PPS;
686
+
ptp_clock_event(fep->ptp_clock, &event);
687
+
}
688
+
723
689
return IRQ_HANDLED;
724
690
}
725
691
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c
···
627
627
MLX5E_100MB);
628
628
max_bw_value[i] = max_bw_value[i] ? max_bw_value[i] : 1;
629
629
max_bw_unit[i] = MLX5_100_MBPS_UNIT;
630
-
} else if (max_bw_value[i] <= upper_limit_gbps) {
630
+
} else if (maxrate->tc_maxrate[i] <= upper_limit_gbps) {
631
631
max_bw_value[i] = div_u64(maxrate->tc_maxrate[i],
632
632
MLX5E_1GB);
633
633
max_bw_unit[i] = MLX5_GBPS_UNIT;
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_fw.c
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_fw.c
+4
-1
drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c
+4
-1
drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c
···
1
1
// SPDX-License-Identifier: GPL-2.0+
2
2
3
3
#include <linux/ptp_classify.h>
4
+
#include <linux/units.h>
4
5
5
6
#include "lan966x_main.h"
6
7
#include "vcap_api.h"
7
8
#include "vcap_api_client.h"
9
+
10
+
#define LAN9X66_CLOCK_RATE 165617754
8
11
9
12
#define LAN966X_MAX_PTP_ID 512
10
13
···
1129
1126
u32 lan966x_ptp_get_period_ps(void)
1130
1127
{
1131
1128
/* This represents the system clock period in picoseconds */
1132
-
return 15125;
1129
+
return PICO / LAN9X66_CLOCK_RATE;
1133
1130
}
+14
-5
drivers/net/ethernet/realtek/r8169_main.c
+14
-5
drivers/net/ethernet/realtek/r8169_main.c
···
1514
1514
1515
1515
static void rtl_set_d3_pll_down(struct rtl8169_private *tp, bool enable)
1516
1516
{
1517
-
if (tp->mac_version >= RTL_GIGA_MAC_VER_25 &&
1518
-
tp->mac_version != RTL_GIGA_MAC_VER_28 &&
1519
-
tp->mac_version != RTL_GIGA_MAC_VER_31 &&
1520
-
tp->mac_version != RTL_GIGA_MAC_VER_38)
1521
-
r8169_mod_reg8_cond(tp, PMCH, D3_NO_PLL_DOWN, !enable);
1517
+
switch (tp->mac_version) {
1518
+
case RTL_GIGA_MAC_VER_02 ... RTL_GIGA_MAC_VER_24:
1519
+
case RTL_GIGA_MAC_VER_28:
1520
+
case RTL_GIGA_MAC_VER_31:
1521
+
case RTL_GIGA_MAC_VER_38:
1522
+
break;
1523
+
case RTL_GIGA_MAC_VER_80:
1524
+
r8169_mod_reg8_cond(tp, PMCH, D3_NO_PLL_DOWN, true);
1525
+
break;
1526
+
default:
1527
+
r8169_mod_reg8_cond(tp, PMCH, D3HOT_NO_PLL_DOWN, true);
1528
+
r8169_mod_reg8_cond(tp, PMCH, D3COLD_NO_PLL_DOWN, !enable);
1529
+
break;
1530
+
}
1522
1531
}
1523
1532
1524
1533
static void rtl_reset_packet_filter(struct rtl8169_private *tp)
+3
-1
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
+3
-1
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
···
1521
1521
1522
1522
skb = priv->rxq[qnum]->rx_skbuff[entry];
1523
1523
1524
-
if (unlikely(!skb))
1524
+
if (unlikely(!skb)) {
1525
1525
netdev_err(priv->dev, "rx descriptor is not consistent\n");
1526
+
break;
1527
+
}
1526
1528
1527
1529
prefetch(skb->data - NET_IP_ALIGN);
1528
1530
priv->rxq[qnum]->rx_skbuff[entry] = NULL;
+12
-8
drivers/net/phy/mxl-gpy.c
+12
-8
drivers/net/phy/mxl-gpy.c
···
540
540
/* Interface mode is fixed for USXGMII and integrated PHY */
541
541
if (phydev->interface == PHY_INTERFACE_MODE_USXGMII ||
542
542
phydev->interface == PHY_INTERFACE_MODE_INTERNAL)
543
-
return -EINVAL;
543
+
return 0;
544
544
545
545
/* Automatically switch SERDES interface between SGMII and 2500-BaseX
546
546
* according to speed. Disable ANEG in 2500-BaseX mode.
···
578
578
break;
579
579
}
580
580
581
-
if (phydev->speed == SPEED_2500 || phydev->speed == SPEED_1000) {
582
-
ret = genphy_read_master_slave(phydev);
583
-
if (ret < 0)
584
-
return ret;
585
-
}
586
-
587
-
return gpy_update_mdix(phydev);
581
+
return 0;
588
582
}
589
583
590
584
static int gpy_read_status(struct phy_device *phydev)
···
631
637
632
638
if (phydev->link) {
633
639
ret = gpy_update_interface(phydev);
640
+
if (ret < 0)
641
+
return ret;
642
+
643
+
if (phydev->speed == SPEED_2500 || phydev->speed == SPEED_1000) {
644
+
ret = genphy_read_master_slave(phydev);
645
+
if (ret < 0)
646
+
return ret;
647
+
}
648
+
649
+
ret = gpy_update_mdix(phydev);
634
650
if (ret < 0)
635
651
return ret;
636
652
}
+15
-8
drivers/net/team/team_core.c
+15
-8
drivers/net/team/team_core.c
···
1191
1191
return -EPERM;
1192
1192
}
1193
1193
1194
-
err = team_dev_type_check_change(dev, port_dev);
1195
-
if (err)
1196
-
return err;
1197
-
1198
1194
if (port_dev->flags & IFF_UP) {
1199
1195
NL_SET_ERR_MSG(extack, "Device is up. Set it down before adding it as a team port");
1200
1196
netdev_err(dev, "Device %s is up. Set it down before adding it as a team port\n",
···
1208
1212
INIT_LIST_HEAD(&port->qom_list);
1209
1213
1210
1214
port->orig.mtu = port_dev->mtu;
1211
-
err = dev_set_mtu(port_dev, dev->mtu);
1212
-
if (err) {
1213
-
netdev_dbg(dev, "Error %d calling dev_set_mtu\n", err);
1214
-
goto err_set_mtu;
1215
+
/*
1216
+
* MTU assignment will be handled in team_dev_type_check_change
1217
+
* if dev and port_dev are of different types
1218
+
*/
1219
+
if (dev->type == port_dev->type) {
1220
+
err = dev_set_mtu(port_dev, dev->mtu);
1221
+
if (err) {
1222
+
netdev_dbg(dev, "Error %d calling dev_set_mtu\n", err);
1223
+
goto err_set_mtu;
1224
+
}
1215
1225
}
1216
1226
1217
1227
memcpy(port->orig.dev_addr, port_dev->dev_addr, port_dev->addr_len);
···
1292
1290
}
1293
1291
}
1294
1292
1293
+
err = team_dev_type_check_change(dev, port_dev);
1294
+
if (err)
1295
+
goto err_set_dev_type;
1296
+
1295
1297
if (dev->flags & IFF_UP) {
1296
1298
netif_addr_lock_bh(dev);
1297
1299
dev_uc_sync_multiple(port_dev, dev);
···
1314
1308
1315
1309
return 0;
1316
1310
1311
+
err_set_dev_type:
1317
1312
err_set_slave_promisc:
1318
1313
__team_option_inst_del_port(team, port);
1319
1314
+1
-1
drivers/net/tun_vnet.h
+1
-1
drivers/net/tun_vnet.h
+3
-4
drivers/net/veth.c
+3
-4
drivers/net/veth.c
···
975
975
976
976
if (stats.xdp_redirect > 0)
977
977
xdp_do_flush();
978
+
if (stats.xdp_tx > 0)
979
+
veth_xdp_flush(rq, &bq);
980
+
xdp_clear_return_frame_no_direct();
978
981
979
982
if (done < budget && napi_complete_done(napi, done)) {
980
983
/* Write rx_notify_masked before reading ptr_ring */
···
989
986
}
990
987
}
991
988
}
992
-
993
-
if (stats.xdp_tx > 0)
994
-
veth_xdp_flush(rq, &bq);
995
-
xdp_clear_return_frame_no_direct();
996
989
997
990
/* Release backpressure per NAPI poll */
998
991
smp_rmb(); /* Paired with netif_tx_stop_queue set_bit */
+2
-1
drivers/net/virtio_net.c
+2
-1
drivers/net/virtio_net.c
···
3339
3339
hdr = &skb_vnet_common_hdr(skb)->tnl_hdr;
3340
3340
3341
3341
if (virtio_net_hdr_tnl_from_skb(skb, hdr, vi->tx_tnl,
3342
-
virtio_is_little_endian(vi->vdev), 0))
3342
+
virtio_is_little_endian(vi->vdev), 0,
3343
+
false))
3343
3344
return -EPROTO;
3344
3345
3345
3346
if (vi->mergeable_rx_bufs)
+1
-1
drivers/net/wwan/mhi_wwan_mbim.c
+1
-1
drivers/net/wwan/mhi_wwan_mbim.c
···
98
98
static int mhi_mbim_get_link_mux_id(struct mhi_controller *cntrl)
99
99
{
100
100
if (strcmp(cntrl->name, "foxconn-dw5934e") == 0 ||
101
-
strcmp(cntrl->name, "foxconn-t99w515") == 0)
101
+
strcmp(cntrl->name, "foxconn-t99w640") == 0)
102
102
return WDS_BIND_MUX_DATA_PORT_MUX_ID;
103
103
104
104
return 0;
+32
-21
drivers/vhost/net.c
+32
-21
drivers/vhost/net.c
···
592
592
static int vhost_net_tx_get_vq_desc(struct vhost_net *net,
593
593
struct vhost_net_virtqueue *tnvq,
594
594
unsigned int *out_num, unsigned int *in_num,
595
-
struct msghdr *msghdr, bool *busyloop_intr)
595
+
struct msghdr *msghdr, bool *busyloop_intr,
596
+
unsigned int *ndesc)
596
597
{
597
598
struct vhost_net_virtqueue *rnvq = &net->vqs[VHOST_NET_VQ_RX];
598
599
struct vhost_virtqueue *rvq = &rnvq->vq;
599
600
struct vhost_virtqueue *tvq = &tnvq->vq;
600
601
601
-
int r = vhost_get_vq_desc(tvq, tvq->iov, ARRAY_SIZE(tvq->iov),
602
-
out_num, in_num, NULL, NULL);
602
+
int r = vhost_get_vq_desc_n(tvq, tvq->iov, ARRAY_SIZE(tvq->iov),
603
+
out_num, in_num, NULL, NULL, ndesc);
603
604
604
605
if (r == tvq->num && tvq->busyloop_timeout) {
605
606
/* Flush batched packets first */
···
611
610
612
611
vhost_net_busy_poll(net, rvq, tvq, busyloop_intr, false);
613
612
614
-
r = vhost_get_vq_desc(tvq, tvq->iov, ARRAY_SIZE(tvq->iov),
615
-
out_num, in_num, NULL, NULL);
613
+
r = vhost_get_vq_desc_n(tvq, tvq->iov, ARRAY_SIZE(tvq->iov),
614
+
out_num, in_num, NULL, NULL, ndesc);
616
615
}
617
616
618
617
return r;
···
643
642
struct vhost_net_virtqueue *nvq,
644
643
struct msghdr *msg,
645
644
unsigned int *out, unsigned int *in,
646
-
size_t *len, bool *busyloop_intr)
645
+
size_t *len, bool *busyloop_intr,
646
+
unsigned int *ndesc)
647
647
{
648
648
struct vhost_virtqueue *vq = &nvq->vq;
649
649
int ret;
650
650
651
-
ret = vhost_net_tx_get_vq_desc(net, nvq, out, in, msg, busyloop_intr);
651
+
ret = vhost_net_tx_get_vq_desc(net, nvq, out, in, msg,
652
+
busyloop_intr, ndesc);
652
653
653
654
if (ret < 0 || ret == vq->num)
654
655
return ret;
···
769
766
int sent_pkts = 0;
770
767
bool sock_can_batch = (sock->sk->sk_sndbuf == INT_MAX);
771
768
bool in_order = vhost_has_feature(vq, VIRTIO_F_IN_ORDER);
769
+
unsigned int ndesc = 0;
772
770
773
771
do {
774
772
bool busyloop_intr = false;
···
778
774
vhost_tx_batch(net, nvq, sock, &msg);
779
775
780
776
head = get_tx_bufs(net, nvq, &msg, &out, &in, &len,
781
-
&busyloop_intr);
777
+
&busyloop_intr, &ndesc);
782
778
/* On error, stop handling until the next kick. */
783
779
if (unlikely(head < 0))
784
780
break;
···
810
806
goto done;
811
807
} else if (unlikely(err != -ENOSPC)) {
812
808
vhost_tx_batch(net, nvq, sock, &msg);
813
-
vhost_discard_vq_desc(vq, 1);
809
+
vhost_discard_vq_desc(vq, 1, ndesc);
814
810
vhost_net_enable_vq(net, vq);
815
811
break;
816
812
}
···
833
829
err = sock->ops->sendmsg(sock, &msg, len);
834
830
if (unlikely(err < 0)) {
835
831
if (err == -EAGAIN || err == -ENOMEM || err == -ENOBUFS) {
836
-
vhost_discard_vq_desc(vq, 1);
832
+
vhost_discard_vq_desc(vq, 1, ndesc);
837
833
vhost_net_enable_vq(net, vq);
838
834
break;
839
835
}
···
872
868
int err;
873
869
struct vhost_net_ubuf_ref *ubufs;
874
870
struct ubuf_info_msgzc *ubuf;
871
+
unsigned int ndesc = 0;
875
872
bool zcopy_used;
876
873
int sent_pkts = 0;
877
874
···
884
879
885
880
busyloop_intr = false;
886
881
head = get_tx_bufs(net, nvq, &msg, &out, &in, &len,
887
-
&busyloop_intr);
882
+
&busyloop_intr, &ndesc);
888
883
/* On error, stop handling until the next kick. */
889
884
if (unlikely(head < 0))
890
885
break;
···
946
941
vq->heads[ubuf->desc].len = VHOST_DMA_DONE_LEN;
947
942
}
948
943
if (retry) {
949
-
vhost_discard_vq_desc(vq, 1);
944
+
vhost_discard_vq_desc(vq, 1, ndesc);
950
945
vhost_net_enable_vq(net, vq);
951
946
break;
952
947
}
···
1050
1045
unsigned *iovcount,
1051
1046
struct vhost_log *log,
1052
1047
unsigned *log_num,
1053
-
unsigned int quota)
1048
+
unsigned int quota,
1049
+
unsigned int *ndesc)
1054
1050
{
1055
1051
struct vhost_virtqueue *vq = &nvq->vq;
1056
1052
bool in_order = vhost_has_feature(vq, VIRTIO_F_IN_ORDER);
1057
-
unsigned int out, in;
1053
+
unsigned int out, in, desc_num, n = 0;
1058
1054
int seg = 0;
1059
1055
int headcount = 0;
1060
1056
unsigned d;
···
1070
1064
r = -ENOBUFS;
1071
1065
goto err;
1072
1066
}
1073
-
r = vhost_get_vq_desc(vq, vq->iov + seg,
1074
-
ARRAY_SIZE(vq->iov) - seg, &out,
1075
-
&in, log, log_num);
1067
+
r = vhost_get_vq_desc_n(vq, vq->iov + seg,
1068
+
ARRAY_SIZE(vq->iov) - seg, &out,
1069
+
&in, log, log_num, &desc_num);
1076
1070
if (unlikely(r < 0))
1077
1071
goto err;
1078
1072
···
1099
1093
++headcount;
1100
1094
datalen -= len;
1101
1095
seg += in;
1096
+
n += desc_num;
1102
1097
}
1103
1098
1104
1099
*iovcount = seg;
···
1120
1113
nheads[0] = headcount;
1121
1114
}
1122
1115
1116
+
*ndesc = n;
1117
+
1123
1118
return headcount;
1124
1119
err:
1125
-
vhost_discard_vq_desc(vq, headcount);
1120
+
vhost_discard_vq_desc(vq, headcount, n);
1126
1121
return r;
1127
1122
}
1128
1123
···
1160
1151
struct iov_iter fixup;
1161
1152
__virtio16 num_buffers;
1162
1153
int recv_pkts = 0;
1154
+
unsigned int ndesc;
1163
1155
1164
1156
mutex_lock_nested(&vq->mutex, VHOST_NET_VQ_RX);
1165
1157
sock = vhost_vq_get_backend(vq);
···
1192
1182
headcount = get_rx_bufs(nvq, vq->heads + count,
1193
1183
vq->nheads + count,
1194
1184
vhost_len, &in, vq_log, &log,
1195
-
likely(mergeable) ? UIO_MAXIOV : 1);
1185
+
likely(mergeable) ? UIO_MAXIOV : 1,
1186
+
&ndesc);
1196
1187
/* On error, stop handling until the next kick. */
1197
1188
if (unlikely(headcount < 0))
1198
1189
goto out;
···
1239
1228
if (unlikely(err != sock_len)) {
1240
1229
pr_debug("Discarded rx packet: "
1241
1230
" len %d, expected %zd\n", err, sock_len);
1242
-
vhost_discard_vq_desc(vq, headcount);
1231
+
vhost_discard_vq_desc(vq, headcount, ndesc);
1243
1232
continue;
1244
1233
}
1245
1234
/* Supply virtio_net_hdr if VHOST_NET_F_VIRTIO_NET_HDR */
···
1263
1252
copy_to_iter(&num_buffers, sizeof num_buffers,
1264
1253
&fixup) != sizeof num_buffers) {
1265
1254
vq_err(vq, "Failed num_buffers write");
1266
-
vhost_discard_vq_desc(vq, headcount);
1255
+
vhost_discard_vq_desc(vq, headcount, ndesc);
1267
1256
goto out;
1268
1257
}
1269
1258
nvq->done_idx += headcount;
+62
-14
drivers/vhost/vhost.c
+62
-14
drivers/vhost/vhost.c
···
2792
2792
return 0;
2793
2793
}
2794
2794
2795
-
/* This looks in the virtqueue and for the first available buffer, and converts
2796
-
* it to an iovec for convenient access. Since descriptors consist of some
2797
-
* number of output then some number of input descriptors, it's actually two
2798
-
* iovecs, but we pack them into one and note how many of each there were.
2795
+
/**
2796
+
* vhost_get_vq_desc_n - Fetch the next available descriptor chain and build iovecs
2797
+
* @vq: target virtqueue
2798
+
* @iov: array that receives the scatter/gather segments
2799
+
* @iov_size: capacity of @iov in elements
2800
+
* @out_num: the number of output segments
2801
+
* @in_num: the number of input segments
2802
+
* @log: optional array to record addr/len for each writable segment; NULL if unused
2803
+
* @log_num: optional output; number of entries written to @log when provided
2804
+
* @ndesc: optional output; number of descriptors consumed from the available ring
2805
+
* (useful for rollback via vhost_discard_vq_desc)
2799
2806
*
2800
-
* This function returns the descriptor number found, or vq->num (which is
2801
-
* never a valid descriptor number) if none was found. A negative code is
2802
-
* returned on error. */
2803
-
int vhost_get_vq_desc(struct vhost_virtqueue *vq,
2804
-
struct iovec iov[], unsigned int iov_size,
2805
-
unsigned int *out_num, unsigned int *in_num,
2806
-
struct vhost_log *log, unsigned int *log_num)
2807
+
* Extracts one available descriptor chain from @vq and translates guest addresses
2808
+
* into host iovecs.
2809
+
*
2810
+
* On success, advances @vq->last_avail_idx by 1 and @vq->next_avail_head by the
2811
+
* number of descriptors consumed (also stored via @ndesc when non-NULL).
2812
+
*
2813
+
* Return:
2814
+
* - head index in [0, @vq->num) on success;
2815
+
* - @vq->num if no descriptor is currently available;
2816
+
* - negative errno on failure
2817
+
*/
2818
+
int vhost_get_vq_desc_n(struct vhost_virtqueue *vq,
2819
+
struct iovec iov[], unsigned int iov_size,
2820
+
unsigned int *out_num, unsigned int *in_num,
2821
+
struct vhost_log *log, unsigned int *log_num,
2822
+
unsigned int *ndesc)
2807
2823
{
2808
2824
bool in_order = vhost_has_feature(vq, VIRTIO_F_IN_ORDER);
2809
2825
struct vring_desc desc;
···
2937
2921
vq->last_avail_idx++;
2938
2922
vq->next_avail_head += c;
2939
2923
2924
+
if (ndesc)
2925
+
*ndesc = c;
2926
+
2940
2927
/* Assume notifications from guest are disabled at this point,
2941
2928
* if they aren't we would need to update avail_event index. */
2942
2929
BUG_ON(!(vq->used_flags & VRING_USED_F_NO_NOTIFY));
2943
2930
return head;
2944
2931
}
2932
+
EXPORT_SYMBOL_GPL(vhost_get_vq_desc_n);
2933
+
2934
+
/* This looks in the virtqueue and for the first available buffer, and converts
2935
+
* it to an iovec for convenient access. Since descriptors consist of some
2936
+
* number of output then some number of input descriptors, it's actually two
2937
+
* iovecs, but we pack them into one and note how many of each there were.
2938
+
*
2939
+
* This function returns the descriptor number found, or vq->num (which is
2940
+
* never a valid descriptor number) if none was found. A negative code is
2941
+
* returned on error.
2942
+
*/
2943
+
int vhost_get_vq_desc(struct vhost_virtqueue *vq,
2944
+
struct iovec iov[], unsigned int iov_size,
2945
+
unsigned int *out_num, unsigned int *in_num,
2946
+
struct vhost_log *log, unsigned int *log_num)
2947
+
{
2948
+
return vhost_get_vq_desc_n(vq, iov, iov_size, out_num, in_num,
2949
+
log, log_num, NULL);
2950
+
}
2945
2951
EXPORT_SYMBOL_GPL(vhost_get_vq_desc);
2946
2952
2947
-
/* Reverse the effect of vhost_get_vq_desc. Useful for error handling. */
2948
-
void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int n)
2953
+
/**
2954
+
* vhost_discard_vq_desc - Reverse the effect of vhost_get_vq_desc_n()
2955
+
* @vq: target virtqueue
2956
+
* @nbufs: number of buffers to roll back
2957
+
* @ndesc: number of descriptors to roll back
2958
+
*
2959
+
* Rewinds the internal consumer cursors after a failed attempt to use buffers
2960
+
* returned by vhost_get_vq_desc_n().
2961
+
*/
2962
+
void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int nbufs,
2963
+
unsigned int ndesc)
2949
2964
{
2950
-
vq->last_avail_idx -= n;
2965
+
vq->next_avail_head -= ndesc;
2966
+
vq->last_avail_idx -= nbufs;
2951
2967
}
2952
2968
EXPORT_SYMBOL_GPL(vhost_discard_vq_desc);
2953
2969
+9
-1
drivers/vhost/vhost.h
+9
-1
drivers/vhost/vhost.h
···
230
230
struct iovec iov[], unsigned int iov_size,
231
231
unsigned int *out_num, unsigned int *in_num,
232
232
struct vhost_log *log, unsigned int *log_num);
233
-
void vhost_discard_vq_desc(struct vhost_virtqueue *, int n);
233
+
234
+
int vhost_get_vq_desc_n(struct vhost_virtqueue *vq,
235
+
struct iovec iov[], unsigned int iov_size,
236
+
unsigned int *out_num, unsigned int *in_num,
237
+
struct vhost_log *log, unsigned int *log_num,
238
+
unsigned int *ndesc);
239
+
240
+
void vhost_discard_vq_desc(struct vhost_virtqueue *, int nbuf,
241
+
unsigned int ndesc);
234
242
235
243
bool vhost_vq_work_queue(struct vhost_virtqueue *vq, struct vhost_work *work);
236
244
bool vhost_vq_has_work(struct vhost_virtqueue *vq);
+4
-3
include/linux/virtio_net.h
+4
-3
include/linux/virtio_net.h
···
384
384
struct virtio_net_hdr_v1_hash_tunnel *vhdr,
385
385
bool tnl_hdr_negotiated,
386
386
bool little_endian,
387
-
int vlan_hlen)
387
+
int vlan_hlen,
388
+
bool has_data_valid)
388
389
{
389
390
struct virtio_net_hdr *hdr = (struct virtio_net_hdr *)vhdr;
390
391
unsigned int inner_nh, outer_th;
···
395
394
tnl_gso_type = skb_shinfo(skb)->gso_type & (SKB_GSO_UDP_TUNNEL |
396
395
SKB_GSO_UDP_TUNNEL_CSUM);
397
396
if (!tnl_gso_type)
398
-
return virtio_net_hdr_from_skb(skb, hdr, little_endian, false,
399
-
vlan_hlen);
397
+
return virtio_net_hdr_from_skb(skb, hdr, little_endian,
398
+
has_data_valid, vlan_hlen);
400
399
401
400
/* Tunnel support not negotiated but skb ask for it. */
402
401
if (!tnl_hdr_negotiated)
+14
-7
include/net/bluetooth/hci_core.h
+14
-7
include/net/bluetooth/hci_core.h
···
749
749
750
750
__u8 remote_cap;
751
751
__u8 remote_auth;
752
-
__u8 remote_id;
753
752
754
753
unsigned int sent;
755
754
···
856
857
/* ----- HCI interface to upper protocols ----- */
857
858
int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr);
858
859
int l2cap_disconn_ind(struct hci_conn *hcon);
859
-
void l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags);
860
+
int l2cap_recv_acldata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb,
861
+
u16 flags);
860
862
861
863
#if IS_ENABLED(CONFIG_BT_BREDR)
862
864
int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags);
863
-
void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb);
865
+
int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb);
864
866
#else
865
867
static inline int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr,
866
868
__u8 *flags)
···
869
869
return 0;
870
870
}
871
871
872
-
static inline void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
872
+
static inline int sco_recv_scodata(struct hci_dev *hdev, u16 handle,
873
+
struct sk_buff *skb)
873
874
{
875
+
kfree_skb(skb);
876
+
return -ENOENT;
874
877
}
875
878
#endif
876
879
877
880
#if IS_ENABLED(CONFIG_BT_LE)
878
881
int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags);
879
-
void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags);
882
+
int iso_recv(struct hci_dev *hdev, u16 handle, struct sk_buff *skb,
883
+
u16 flags);
880
884
#else
881
885
static inline int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr,
882
886
__u8 *flags)
883
887
{
884
888
return 0;
885
889
}
886
-
static inline void iso_recv(struct hci_conn *hcon, struct sk_buff *skb,
887
-
u16 flags)
890
+
891
+
static inline int iso_recv(struct hci_dev *hdev, u16 handle,
892
+
struct sk_buff *skb, u16 flags)
888
893
{
894
+
kfree_skb(skb);
895
+
return -ENOENT;
889
896
}
890
897
#endif
891
898
+2
include/net/pkt_cls.h
+2
include/net/pkt_cls.h
+1
-1
net/atm/common.c
+1
-1
net/atm/common.c
+37
-52
net/bluetooth/hci_core.c
+37
-52
net/bluetooth/hci_core.c
···
3832
3832
static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3833
3833
{
3834
3834
struct hci_acl_hdr *hdr;
3835
-
struct hci_conn *conn;
3836
3835
__u16 handle, flags;
3836
+
int err;
3837
3837
3838
3838
hdr = skb_pull_data(skb, sizeof(*hdr));
3839
3839
if (!hdr) {
3840
3840
bt_dev_err(hdev, "ACL packet too small");
3841
-
goto drop;
3841
+
kfree_skb(skb);
3842
+
return;
3842
3843
}
3843
3844
3844
3845
handle = __le16_to_cpu(hdr->handle);
···
3851
3850
3852
3851
hdev->stat.acl_rx++;
3853
3852
3854
-
hci_dev_lock(hdev);
3855
-
conn = hci_conn_hash_lookup_handle(hdev, handle);
3856
-
hci_dev_unlock(hdev);
3857
-
3858
-
if (conn) {
3859
-
hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
3860
-
3861
-
/* Send to upper protocol */
3862
-
l2cap_recv_acldata(conn, skb, flags);
3863
-
return;
3864
-
} else {
3853
+
err = l2cap_recv_acldata(hdev, handle, skb, flags);
3854
+
if (err == -ENOENT)
3865
3855
bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
3866
3856
handle);
3867
-
}
3868
-
3869
-
drop:
3870
-
kfree_skb(skb);
3857
+
else if (err)
3858
+
bt_dev_dbg(hdev, "ACL packet recv for handle %d failed: %d",
3859
+
handle, err);
3871
3860
}
3872
3861
3873
3862
/* SCO data packet */
3874
3863
static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3875
3864
{
3876
3865
struct hci_sco_hdr *hdr;
3877
-
struct hci_conn *conn;
3878
3866
__u16 handle, flags;
3867
+
int err;
3879
3868
3880
3869
hdr = skb_pull_data(skb, sizeof(*hdr));
3881
3870
if (!hdr) {
3882
3871
bt_dev_err(hdev, "SCO packet too small");
3883
-
goto drop;
3872
+
kfree_skb(skb);
3873
+
return;
3884
3874
}
3885
3875
3886
3876
handle = __le16_to_cpu(hdr->handle);
···
3883
3891
3884
3892
hdev->stat.sco_rx++;
3885
3893
3886
-
hci_dev_lock(hdev);
3887
-
conn = hci_conn_hash_lookup_handle(hdev, handle);
3888
-
hci_dev_unlock(hdev);
3894
+
hci_skb_pkt_status(skb) = flags & 0x03;
3889
3895
3890
-
if (conn) {
3891
-
/* Send to upper protocol */
3892
-
hci_skb_pkt_status(skb) = flags & 0x03;
3893
-
sco_recv_scodata(conn, skb);
3894
-
return;
3895
-
} else {
3896
+
err = sco_recv_scodata(hdev, handle, skb);
3897
+
if (err == -ENOENT)
3896
3898
bt_dev_err_ratelimited(hdev, "SCO packet for unknown connection handle %d",
3897
3899
handle);
3898
-
}
3899
-
3900
-
drop:
3901
-
kfree_skb(skb);
3900
+
else if (err)
3901
+
bt_dev_dbg(hdev, "SCO packet recv for handle %d failed: %d",
3902
+
handle, err);
3902
3903
}
3903
3904
3904
3905
static void hci_isodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3905
3906
{
3906
3907
struct hci_iso_hdr *hdr;
3907
-
struct hci_conn *conn;
3908
3908
__u16 handle, flags;
3909
+
int err;
3909
3910
3910
3911
hdr = skb_pull_data(skb, sizeof(*hdr));
3911
3912
if (!hdr) {
3912
3913
bt_dev_err(hdev, "ISO packet too small");
3913
-
goto drop;
3914
+
kfree_skb(skb);
3915
+
return;
3914
3916
}
3915
3917
3916
3918
handle = __le16_to_cpu(hdr->handle);
···
3914
3928
bt_dev_dbg(hdev, "len %d handle 0x%4.4x flags 0x%4.4x", skb->len,
3915
3929
handle, flags);
3916
3930
3917
-
hci_dev_lock(hdev);
3918
-
conn = hci_conn_hash_lookup_handle(hdev, handle);
3919
-
hci_dev_unlock(hdev);
3920
-
3921
-
if (!conn) {
3931
+
err = iso_recv(hdev, handle, skb, flags);
3932
+
if (err == -ENOENT)
3922
3933
bt_dev_err(hdev, "ISO packet for unknown connection handle %d",
3923
3934
handle);
3924
-
goto drop;
3925
-
}
3926
-
3927
-
/* Send to upper protocol */
3928
-
iso_recv(conn, skb, flags);
3929
-
return;
3930
-
3931
-
drop:
3932
-
kfree_skb(skb);
3935
+
else if (err)
3936
+
bt_dev_dbg(hdev, "ISO packet recv for handle %d failed: %d",
3937
+
handle, err);
3933
3938
}
3934
3939
3935
3940
static bool hci_req_is_complete(struct hci_dev *hdev)
···
4098
4121
}
4099
4122
}
4100
4123
4101
-
static void hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb)
4124
+
static int hci_send_cmd_sync(struct hci_dev *hdev, struct sk_buff *skb)
4102
4125
{
4103
4126
int err;
4104
4127
···
4110
4133
if (!hdev->sent_cmd) {
4111
4134
skb_queue_head(&hdev->cmd_q, skb);
4112
4135
queue_work(hdev->workqueue, &hdev->cmd_work);
4113
-
return;
4136
+
return -EINVAL;
4114
4137
}
4115
4138
4116
4139
if (hci_skb_opcode(skb) != HCI_OP_NOP) {
4117
4140
err = hci_send_frame(hdev, skb);
4118
4141
if (err < 0) {
4119
4142
hci_cmd_sync_cancel_sync(hdev, -err);
4120
-
return;
4143
+
return err;
4121
4144
}
4122
4145
atomic_dec(&hdev->cmd_cnt);
4146
+
} else {
4147
+
err = -ENODATA;
4148
+
kfree_skb(skb);
4123
4149
}
4124
4150
4125
4151
if (hdev->req_status == HCI_REQ_PEND &&
···
4130
4150
kfree_skb(hdev->req_skb);
4131
4151
hdev->req_skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4132
4152
}
4153
+
4154
+
return err;
4133
4155
}
4134
4156
4135
4157
static void hci_cmd_work(struct work_struct *work)
4136
4158
{
4137
4159
struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4138
4160
struct sk_buff *skb;
4161
+
int err;
4139
4162
4140
4163
BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4141
4164
atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
···
4149
4166
if (!skb)
4150
4167
return;
4151
4168
4152
-
hci_send_cmd_sync(hdev, skb);
4169
+
err = hci_send_cmd_sync(hdev, skb);
4170
+
if (err)
4171
+
return;
4153
4172
4154
4173
rcu_read_lock();
4155
4174
if (test_bit(HCI_RESET, &hdev->flags) ||
+2
net/bluetooth/hci_sock.c
+2
net/bluetooth/hci_sock.c
+25
-5
net/bluetooth/iso.c
+25
-5
net/bluetooth/iso.c
···
2314
2314
iso_conn_del(hcon, bt_to_errno(reason));
2315
2315
}
2316
2316
2317
-
void iso_recv(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2317
+
int iso_recv(struct hci_dev *hdev, u16 handle, struct sk_buff *skb, u16 flags)
2318
2318
{
2319
-
struct iso_conn *conn = hcon->iso_data;
2319
+
struct hci_conn *hcon;
2320
+
struct iso_conn *conn;
2320
2321
struct skb_shared_hwtstamps *hwts;
2321
2322
__u16 pb, ts, len, sn;
2322
2323
2323
-
if (!conn)
2324
-
goto drop;
2324
+
hci_dev_lock(hdev);
2325
+
2326
+
hcon = hci_conn_hash_lookup_handle(hdev, handle);
2327
+
if (!hcon) {
2328
+
hci_dev_unlock(hdev);
2329
+
kfree_skb(skb);
2330
+
return -ENOENT;
2331
+
}
2332
+
2333
+
conn = iso_conn_hold_unless_zero(hcon->iso_data);
2334
+
hcon = NULL;
2335
+
2336
+
hci_dev_unlock(hdev);
2337
+
2338
+
if (!conn) {
2339
+
kfree_skb(skb);
2340
+
return -EINVAL;
2341
+
}
2325
2342
2326
2343
pb = hci_iso_flags_pb(flags);
2327
2344
ts = hci_iso_flags_ts(flags);
···
2394
2377
hci_skb_pkt_status(skb) = flags & 0x03;
2395
2378
hci_skb_pkt_seqnum(skb) = sn;
2396
2379
iso_recv_frame(conn, skb);
2397
-
return;
2380
+
goto done;
2398
2381
}
2399
2382
2400
2383
if (pb == ISO_SINGLE) {
···
2472
2455
2473
2456
drop:
2474
2457
kfree_skb(skb);
2458
+
done:
2459
+
iso_conn_put(conn);
2460
+
return 0;
2475
2461
}
2476
2462
2477
2463
static struct hci_cb iso_cb = {
+18
-5
net/bluetooth/l2cap_core.c
+18
-5
net/bluetooth/l2cap_core.c
···
7510
7510
return c;
7511
7511
}
7512
7512
7513
-
void l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
7513
+
int l2cap_recv_acldata(struct hci_dev *hdev, u16 handle,
7514
+
struct sk_buff *skb, u16 flags)
7514
7515
{
7516
+
struct hci_conn *hcon;
7515
7517
struct l2cap_conn *conn;
7516
7518
int len;
7517
7519
7518
-
/* Lock hdev to access l2cap_data to avoid race with l2cap_conn_del */
7519
-
hci_dev_lock(hcon->hdev);
7520
+
/* Lock hdev for hci_conn, and race on l2cap_data vs. l2cap_conn_del */
7521
+
hci_dev_lock(hdev);
7522
+
7523
+
hcon = hci_conn_hash_lookup_handle(hdev, handle);
7524
+
if (!hcon) {
7525
+
hci_dev_unlock(hdev);
7526
+
kfree_skb(skb);
7527
+
return -ENOENT;
7528
+
}
7529
+
7530
+
hci_conn_enter_active_mode(hcon, BT_POWER_FORCE_ACTIVE_OFF);
7520
7531
7521
7532
conn = hcon->l2cap_data;
7522
7533
···
7535
7524
conn = l2cap_conn_add(hcon);
7536
7525
7537
7526
conn = l2cap_conn_hold_unless_zero(conn);
7527
+
hcon = NULL;
7538
7528
7539
-
hci_dev_unlock(hcon->hdev);
7529
+
hci_dev_unlock(hdev);
7540
7530
7541
7531
if (!conn) {
7542
7532
kfree_skb(skb);
7543
-
return;
7533
+
return -EINVAL;
7544
7534
}
7545
7535
7546
7536
BT_DBG("conn %p len %u flags 0x%x", conn, skb->len, flags);
···
7655
7643
unlock:
7656
7644
mutex_unlock(&conn->lock);
7657
7645
l2cap_conn_put(conn);
7646
+
return 0;
7658
7647
}
7659
7648
7660
7649
static struct hci_cb l2cap_cb = {
+26
-9
net/bluetooth/sco.c
+26
-9
net/bluetooth/sco.c
···
1458
1458
sco_conn_del(hcon, bt_to_errno(reason));
1459
1459
}
1460
1460
1461
-
void sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb)
1461
+
int sco_recv_scodata(struct hci_dev *hdev, u16 handle, struct sk_buff *skb)
1462
1462
{
1463
-
struct sco_conn *conn = hcon->sco_data;
1463
+
struct hci_conn *hcon;
1464
+
struct sco_conn *conn;
1464
1465
1465
-
if (!conn)
1466
-
goto drop;
1466
+
hci_dev_lock(hdev);
1467
+
1468
+
hcon = hci_conn_hash_lookup_handle(hdev, handle);
1469
+
if (!hcon) {
1470
+
hci_dev_unlock(hdev);
1471
+
kfree_skb(skb);
1472
+
return -ENOENT;
1473
+
}
1474
+
1475
+
conn = sco_conn_hold_unless_zero(hcon->sco_data);
1476
+
hcon = NULL;
1477
+
1478
+
hci_dev_unlock(hdev);
1479
+
1480
+
if (!conn) {
1481
+
kfree_skb(skb);
1482
+
return -EINVAL;
1483
+
}
1467
1484
1468
1485
BT_DBG("conn %p len %u", conn, skb->len);
1469
1486
1470
-
if (skb->len) {
1487
+
if (skb->len)
1471
1488
sco_recv_frame(conn, skb);
1472
-
return;
1473
-
}
1489
+
else
1490
+
kfree_skb(skb);
1474
1491
1475
-
drop:
1476
-
kfree_skb(skb);
1492
+
sco_conn_put(conn);
1493
+
return 0;
1477
1494
}
1478
1495
1479
1496
static struct hci_cb sco_cb = {
+7
-24
net/bluetooth/smp.c
+7
-24
net/bluetooth/smp.c
···
2136
2136
struct smp_chan *smp = chan->data;
2137
2137
struct hci_conn *hcon = conn->hcon;
2138
2138
u8 *pkax, *pkbx, *na, *nb, confirm_hint;
2139
-
u32 passkey;
2139
+
u32 passkey = 0;
2140
2140
int err;
2141
2141
2142
2142
bt_dev_dbg(hcon->hdev, "conn %p", conn);
···
2188
2188
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
2189
2189
smp->prnd);
2190
2190
SMP_ALLOW_CMD(smp, SMP_CMD_DHKEY_CHECK);
2191
-
2192
-
/* Only Just-Works pairing requires extra checks */
2193
-
if (smp->method != JUST_WORKS)
2194
-
goto mackey_and_ltk;
2195
-
2196
-
/* If there already exists long term key in local host, leave
2197
-
* the decision to user space since the remote device could
2198
-
* be legitimate or malicious.
2199
-
*/
2200
-
if (hci_find_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
2201
-
hcon->role)) {
2202
-
/* Set passkey to 0. The value can be any number since
2203
-
* it'll be ignored anyway.
2204
-
*/
2205
-
passkey = 0;
2206
-
confirm_hint = 1;
2207
-
goto confirm;
2208
-
}
2209
2191
}
2210
2192
2211
2193
mackey_and_ltk:
···
2208
2226
if (err)
2209
2227
return SMP_UNSPECIFIED;
2210
2228
2211
-
confirm_hint = 0;
2212
-
2213
-
confirm:
2214
-
if (smp->method == JUST_WORKS)
2215
-
confirm_hint = 1;
2229
+
/* Always require user confirmation for Just-Works pairing to prevent
2230
+
* impersonation attacks, or in case of a legitimate device that is
2231
+
* repairing use the confirmation as acknowledgment to proceed with the
2232
+
* creation of new keys.
2233
+
*/
2234
+
confirm_hint = smp->method == JUST_WORKS ? 1 : 0;
2216
2235
2217
2236
err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst, hcon->type,
2218
2237
hcon->dst_type, passkey, confirm_hint);
+1
net/mctp/route.c
+1
net/mctp/route.c
+17
-2
net/mptcp/protocol.c
+17
-2
net/mptcp/protocol.c
···
2665
2665
}
2666
2666
2667
2667
if (!mptcp_send_head(sk))
2668
-
return;
2668
+
goto clear_scheduled;
2669
2669
2670
2670
goto reset_timer;
2671
2671
}
···
2696
2696
if (__mptcp_check_fallback(msk)) {
2697
2697
spin_unlock_bh(&msk->fallback_lock);
2698
2698
release_sock(ssk);
2699
-
return;
2699
+
goto clear_scheduled;
2700
2700
}
2701
2701
2702
2702
while (info.sent < info.limit) {
···
2728
2728
2729
2729
if (!mptcp_rtx_timer_pending(sk))
2730
2730
mptcp_reset_rtx_timer(sk);
2731
+
2732
+
clear_scheduled:
2733
+
/* If no rtx data was available or in case of fallback, there
2734
+
* could be left-over scheduled subflows; clear them all
2735
+
* or later xmit could use bad ones
2736
+
*/
2737
+
mptcp_for_each_subflow(msk, subflow)
2738
+
if (READ_ONCE(subflow->scheduled))
2739
+
mptcp_subflow_set_scheduled(subflow, false);
2731
2740
}
2732
2741
2733
2742
/* schedule the timeout timer for the relevant event: either close timeout
···
2798
2789
goto unlock;
2799
2790
2800
2791
subflow->send_fastclose = 1;
2792
+
2793
+
/* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0
2794
+
* issue in __tcp_select_window(), see tcp_disconnect().
2795
+
*/
2796
+
inet_csk(ssk)->icsk_ack.rcv_mss = TCP_MIN_MSS;
2797
+
2801
2798
tcp_send_active_reset(ssk, ssk->sk_allocation,
2802
2799
SK_RST_REASON_TCP_ABORT_ON_CLOSE);
2803
2800
unlock:
+3
net/sched/em_canid.c
+3
net/sched/em_canid.c
+4
-1
net/sched/em_cmp.c
+4
-1
net/sched/em_cmp.c
···
22
22
struct tcf_pkt_info *info)
23
23
{
24
24
struct tcf_em_cmp *cmp = (struct tcf_em_cmp *) em->data;
25
-
unsigned char *ptr = tcf_get_base_ptr(skb, cmp->layer) + cmp->off;
25
+
unsigned char *ptr = tcf_get_base_ptr(skb, cmp->layer);
26
26
u32 val = 0;
27
27
28
+
if (!ptr)
29
+
return 0;
30
+
ptr += cmp->off;
28
31
if (!tcf_valid_offset(skb, ptr, cmp->align))
29
32
return 0;
30
33
+2
net/sched/em_nbyte.c
+2
net/sched/em_nbyte.c
+9
-2
net/sched/em_text.c
+9
-2
net/sched/em_text.c
···
29
29
struct tcf_pkt_info *info)
30
30
{
31
31
struct text_match *tm = EM_TEXT_PRIV(m);
32
+
unsigned char *ptr;
32
33
int from, to;
33
34
34
-
from = tcf_get_base_ptr(skb, tm->from_layer) - skb->data;
35
+
ptr = tcf_get_base_ptr(skb, tm->from_layer);
36
+
if (!ptr)
37
+
return 0;
38
+
from = ptr - skb->data;
35
39
from += tm->from_offset;
36
40
37
-
to = tcf_get_base_ptr(skb, tm->to_layer) - skb->data;
41
+
ptr = tcf_get_base_ptr(skb, tm->to_layer);
42
+
if (!ptr)
43
+
return 0;
44
+
to = ptr - skb->data;
38
45
to += tm->to_offset;
39
46
40
47
return skb_find_text(skb, from, to, tm->config) != UINT_MAX;
+88
-55
net/xdp/xsk.c
+88
-55
net/xdp/xsk.c
···
36
36
#define TX_BATCH_SIZE 32
37
37
#define MAX_PER_SOCKET_BUDGET 32
38
38
39
-
struct xsk_addr_node {
40
-
u64 addr;
41
-
struct list_head addr_node;
42
-
};
43
-
44
-
struct xsk_addr_head {
39
+
struct xsk_addrs {
45
40
u32 num_descs;
46
-
struct list_head addrs_list;
41
+
u64 addrs[MAX_SKB_FRAGS + 1];
47
42
};
48
43
49
44
static struct kmem_cache *xsk_tx_generic_cache;
50
-
51
-
#define XSKCB(skb) ((struct xsk_addr_head *)((skb)->cb))
52
45
53
46
void xsk_set_rx_need_wakeup(struct xsk_buff_pool *pool)
54
47
{
···
551
558
return ret;
552
559
}
553
560
561
+
static bool xsk_skb_destructor_is_addr(struct sk_buff *skb)
562
+
{
563
+
return (uintptr_t)skb_shinfo(skb)->destructor_arg & 0x1UL;
564
+
}
565
+
566
+
static u64 xsk_skb_destructor_get_addr(struct sk_buff *skb)
567
+
{
568
+
return (u64)((uintptr_t)skb_shinfo(skb)->destructor_arg & ~0x1UL);
569
+
}
570
+
571
+
static void xsk_skb_destructor_set_addr(struct sk_buff *skb, u64 addr)
572
+
{
573
+
skb_shinfo(skb)->destructor_arg = (void *)((uintptr_t)addr | 0x1UL);
574
+
}
575
+
576
+
static void xsk_inc_num_desc(struct sk_buff *skb)
577
+
{
578
+
struct xsk_addrs *xsk_addr;
579
+
580
+
if (!xsk_skb_destructor_is_addr(skb)) {
581
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
582
+
xsk_addr->num_descs++;
583
+
}
584
+
}
585
+
586
+
static u32 xsk_get_num_desc(struct sk_buff *skb)
587
+
{
588
+
struct xsk_addrs *xsk_addr;
589
+
590
+
if (xsk_skb_destructor_is_addr(skb))
591
+
return 1;
592
+
593
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
594
+
595
+
return xsk_addr->num_descs;
596
+
}
597
+
554
598
static void xsk_cq_submit_addr_locked(struct xsk_buff_pool *pool,
555
599
struct sk_buff *skb)
556
600
{
557
-
struct xsk_addr_node *pos, *tmp;
601
+
u32 num_descs = xsk_get_num_desc(skb);
602
+
struct xsk_addrs *xsk_addr;
558
603
u32 descs_processed = 0;
559
604
unsigned long flags;
560
-
u32 idx;
605
+
u32 idx, i;
561
606
562
607
spin_lock_irqsave(&pool->cq_lock, flags);
563
608
idx = xskq_get_prod(pool->cq);
564
609
565
-
xskq_prod_write_addr(pool->cq, idx,
566
-
(u64)(uintptr_t)skb_shinfo(skb)->destructor_arg);
567
-
descs_processed++;
610
+
if (unlikely(num_descs > 1)) {
611
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
568
612
569
-
if (unlikely(XSKCB(skb)->num_descs > 1)) {
570
-
list_for_each_entry_safe(pos, tmp, &XSKCB(skb)->addrs_list, addr_node) {
613
+
for (i = 0; i < num_descs; i++) {
571
614
xskq_prod_write_addr(pool->cq, idx + descs_processed,
572
-
pos->addr);
615
+
xsk_addr->addrs[i]);
573
616
descs_processed++;
574
-
list_del(&pos->addr_node);
575
-
kmem_cache_free(xsk_tx_generic_cache, pos);
576
617
}
618
+
kmem_cache_free(xsk_tx_generic_cache, xsk_addr);
619
+
} else {
620
+
xskq_prod_write_addr(pool->cq, idx,
621
+
xsk_skb_destructor_get_addr(skb));
622
+
descs_processed++;
577
623
}
578
624
xskq_prod_submit_n(pool->cq, descs_processed);
579
625
spin_unlock_irqrestore(&pool->cq_lock, flags);
···
625
593
spin_lock_irqsave(&pool->cq_lock, flags);
626
594
xskq_prod_cancel_n(pool->cq, n);
627
595
spin_unlock_irqrestore(&pool->cq_lock, flags);
628
-
}
629
-
630
-
static void xsk_inc_num_desc(struct sk_buff *skb)
631
-
{
632
-
XSKCB(skb)->num_descs++;
633
-
}
634
-
635
-
static u32 xsk_get_num_desc(struct sk_buff *skb)
636
-
{
637
-
return XSKCB(skb)->num_descs;
638
596
}
639
597
640
598
static void xsk_destruct_skb(struct sk_buff *skb)
···
643
621
static void xsk_skb_init_misc(struct sk_buff *skb, struct xdp_sock *xs,
644
622
u64 addr)
645
623
{
646
-
BUILD_BUG_ON(sizeof(struct xsk_addr_head) > sizeof(skb->cb));
647
-
INIT_LIST_HEAD(&XSKCB(skb)->addrs_list);
648
624
skb->dev = xs->dev;
649
625
skb->priority = READ_ONCE(xs->sk.sk_priority);
650
626
skb->mark = READ_ONCE(xs->sk.sk_mark);
651
-
XSKCB(skb)->num_descs = 0;
652
627
skb->destructor = xsk_destruct_skb;
653
-
skb_shinfo(skb)->destructor_arg = (void *)(uintptr_t)addr;
628
+
xsk_skb_destructor_set_addr(skb, addr);
654
629
}
655
630
656
631
static void xsk_consume_skb(struct sk_buff *skb)
657
632
{
658
633
struct xdp_sock *xs = xdp_sk(skb->sk);
659
634
u32 num_descs = xsk_get_num_desc(skb);
660
-
struct xsk_addr_node *pos, *tmp;
635
+
struct xsk_addrs *xsk_addr;
661
636
662
637
if (unlikely(num_descs > 1)) {
663
-
list_for_each_entry_safe(pos, tmp, &XSKCB(skb)->addrs_list, addr_node) {
664
-
list_del(&pos->addr_node);
665
-
kmem_cache_free(xsk_tx_generic_cache, pos);
666
-
}
638
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
639
+
kmem_cache_free(xsk_tx_generic_cache, xsk_addr);
667
640
}
668
641
669
642
skb->destructor = sock_wfree;
···
718
701
{
719
702
struct xsk_buff_pool *pool = xs->pool;
720
703
u32 hr, len, ts, offset, copy, copied;
721
-
struct xsk_addr_node *xsk_addr;
722
704
struct sk_buff *skb = xs->skb;
723
705
struct page *page;
724
706
void *buffer;
···
743
727
return ERR_PTR(err);
744
728
}
745
729
} else {
746
-
xsk_addr = kmem_cache_zalloc(xsk_tx_generic_cache, GFP_KERNEL);
747
-
if (!xsk_addr)
748
-
return ERR_PTR(-ENOMEM);
730
+
struct xsk_addrs *xsk_addr;
731
+
732
+
if (xsk_skb_destructor_is_addr(skb)) {
733
+
xsk_addr = kmem_cache_zalloc(xsk_tx_generic_cache,
734
+
GFP_KERNEL);
735
+
if (!xsk_addr)
736
+
return ERR_PTR(-ENOMEM);
737
+
738
+
xsk_addr->num_descs = 1;
739
+
xsk_addr->addrs[0] = xsk_skb_destructor_get_addr(skb);
740
+
skb_shinfo(skb)->destructor_arg = (void *)xsk_addr;
741
+
} else {
742
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
743
+
}
749
744
750
745
/* in case of -EOVERFLOW that could happen below,
751
746
* xsk_consume_skb() will release this node as whole skb
752
747
* would be dropped, which implies freeing all list elements
753
748
*/
754
-
xsk_addr->addr = desc->addr;
755
-
list_add_tail(&xsk_addr->addr_node, &XSKCB(skb)->addrs_list);
749
+
xsk_addr->addrs[xsk_addr->num_descs] = desc->addr;
756
750
}
757
751
758
752
len = desc->len;
···
839
813
}
840
814
} else {
841
815
int nr_frags = skb_shinfo(skb)->nr_frags;
842
-
struct xsk_addr_node *xsk_addr;
816
+
struct xsk_addrs *xsk_addr;
843
817
struct page *page;
844
818
u8 *vaddr;
819
+
820
+
if (xsk_skb_destructor_is_addr(skb)) {
821
+
xsk_addr = kmem_cache_zalloc(xsk_tx_generic_cache,
822
+
GFP_KERNEL);
823
+
if (!xsk_addr) {
824
+
err = -ENOMEM;
825
+
goto free_err;
826
+
}
827
+
828
+
xsk_addr->num_descs = 1;
829
+
xsk_addr->addrs[0] = xsk_skb_destructor_get_addr(skb);
830
+
skb_shinfo(skb)->destructor_arg = (void *)xsk_addr;
831
+
} else {
832
+
xsk_addr = (struct xsk_addrs *)skb_shinfo(skb)->destructor_arg;
833
+
}
845
834
846
835
if (unlikely(nr_frags == (MAX_SKB_FRAGS - 1) && xp_mb_desc(desc))) {
847
836
err = -EOVERFLOW;
···
869
828
goto free_err;
870
829
}
871
830
872
-
xsk_addr = kmem_cache_zalloc(xsk_tx_generic_cache, GFP_KERNEL);
873
-
if (!xsk_addr) {
874
-
__free_page(page);
875
-
err = -ENOMEM;
876
-
goto free_err;
877
-
}
878
-
879
831
vaddr = kmap_local_page(page);
880
832
memcpy(vaddr, buffer, len);
881
833
kunmap_local(vaddr);
···
876
842
skb_add_rx_frag(skb, nr_frags, page, 0, len, PAGE_SIZE);
877
843
refcount_add(PAGE_SIZE, &xs->sk.sk_wmem_alloc);
878
844
879
-
xsk_addr->addr = desc->addr;
880
-
list_add_tail(&xsk_addr->addr_node, &XSKCB(skb)->addrs_list);
845
+
xsk_addr->addrs[xsk_addr->num_descs] = desc->addr;
881
846
}
882
847
}
883
848
···
1937
1904
goto out_pernet;
1938
1905
1939
1906
xsk_tx_generic_cache = kmem_cache_create("xsk_generic_xmit_cache",
1940
-
sizeof(struct xsk_addr_node),
1907
+
sizeof(struct xsk_addrs),
1941
1908
0, SLAB_HWCACHE_ALIGN, NULL);
1942
1909
if (!xsk_tx_generic_cache) {
1943
1910
err = -ENOMEM;