<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/drivers/net/ethernet, branch linux-4.13.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.13.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.13.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2017-11-24T07:35:57+00:00</updated>
<entry>
<title>fealnx: Fix building error on MIPS</title>
<updated>2017-11-24T07:35:57+00:00</updated>
<author>
<name>Huacai Chen</name>
<email>chenhc@lemote.com</email>
</author>
<published>2017-11-16T03:07:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e9abe192f008e61e7b604a162b06fdaa6895b1ed'/>
<id>urn:sha1:e9abe192f008e61e7b604a162b06fdaa6895b1ed</id>
<content type='text'>
[ Upstream commit cc54c1d32e6a4bb3f116721abf900513173e4d02 ]

This patch try to fix the building error on MIPS. The reason is MIPS
has already defined the LONG macro, which conflicts with the LONG enum
in drivers/net/ethernet/fealnx.c.

Signed-off-by: Huacai Chen &lt;chenhc@lemote.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net/mlx5e: Set page to null in case dma mapping fails</title>
<updated>2017-11-24T07:35:57+00:00</updated>
<author>
<name>Inbar Karmy</name>
<email>inbark@mellanox.com</email>
</author>
<published>2017-10-15T14:30:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dd09c28f439ebf461505143dab2fd9175a164592'/>
<id>urn:sha1:dd09c28f439ebf461505143dab2fd9175a164592</id>
<content type='text'>
[ Upstream commit 2e50b2619538ea0224c037f6fa746023089e0654 ]

Currently, when dma mapping fails, put_page is called,
but the page is not set to null. Later, in the page_reuse treatment in
mlx5e_free_rx_descs(), mlx5e_page_release() is called for the second time,
improperly doing dma_unmap (for a non-mapped address) and an extra put_page.
Prevent this by nullifying the page pointer when dma_map fails.

Fixes: accd58833237 ("net/mlx5e: Introduce RX Page-Reuse")
Signed-off-by: Inbar Karmy &lt;inbark@mellanox.com&gt;
Reviewed-by: Tariq Toukan &lt;tariqt@mellanox.com&gt;
Cc: kernel-team@fb.com
Signed-off-by: Saeed Mahameed &lt;saeedm@mellanox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net/mlx5: Cancel health poll before sending panic teardown command</title>
<updated>2017-11-24T07:35:57+00:00</updated>
<author>
<name>Huy Nguyen</name>
<email>huyn@mellanox.com</email>
</author>
<published>2017-09-26T20:11:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=63d10e93df94c93bdeac87a9401696b1edadb7ed'/>
<id>urn:sha1:63d10e93df94c93bdeac87a9401696b1edadb7ed</id>
<content type='text'>
[ Upstream commit d2aa060d40fa060e963f9a356d43481e43ba3dac ]

After the panic teardown firmware command, health_care detects the error
in PCI bus and calls the mlx5_pci_err_detected. This health_care flow is
no longer needed because the panic teardown firmware command will bring
down the PCI bus communication with the HCA.

The solution is to cancel the health care timer and its pending
workqueue request before sending panic teardown firmware command.

Kernel trace:
mlx5_core 0033:01:00.0: Shutdown was called
mlx5_core 0033:01:00.0: health_care:154:(pid 9304): handling bad device here
mlx5_core 0033:01:00.0: mlx5_handle_bad_state:114:(pid 9304): NIC state 1
mlx5_core 0033:01:00.0: mlx5_pci_err_detected was called
mlx5_core 0033:01:00.0: mlx5_enter_error_state:96:(pid 9304): start
mlx5_3:mlx5_ib_event:3061:(pid 9304): warning: event on port 0
mlx5_core 0033:01:00.0: mlx5_enter_error_state:104:(pid 9304): end
Unable to handle kernel paging request for data at address 0x0000003f
Faulting instruction address: 0xc0080000434b8c80

Fixes: 8812c24d28f4 ('net/mlx5: Add fast unload support in shutdown flow')
Signed-off-by: Huy Nguyen &lt;huyn@mellanox.com&gt;
Reviewed-by: Moshe Shemesh &lt;moshe@mellanox.com&gt;
Signed-off-by: Saeed Mahameed &lt;saeedm@mellanox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: systemport: Correct IPG length settings</title>
<updated>2017-11-24T07:35:55+00:00</updated>
<author>
<name>Florian Fainelli</name>
<email>f.fainelli@gmail.com</email>
</author>
<published>2017-11-02T23:08:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eb56542e998c10276df827443ea81ff19c3abb4f'/>
<id>urn:sha1:eb56542e998c10276df827443ea81ff19c3abb4f</id>
<content type='text'>
[ Upstream commit 93824c80bf47ebe087414b3a40ca0ff9aab7d1fb ]

Due to a documentation mistake, the IPG length was set to 0x12 while it
should have been 12 (decimal). This would affect short packet (64B
typically) performance since the IPG was bigger than necessary.

Fixes: 44a4524c54af ("net: systemport: Add support for SYSTEMPORT Lite")
Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net/mlx5e: Properly deal with encap flows add/del under neigh update</title>
<updated>2017-11-18T10:30:38+00:00</updated>
<author>
<name>Or Gerlitz</name>
<email>ogerlitz@mellanox.com</email>
</author>
<published>2017-10-17T10:33:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d4e4e760e2265dc75cb245bb33fef09457dc849a'/>
<id>urn:sha1:d4e4e760e2265dc75cb245bb33fef09457dc849a</id>
<content type='text'>
[ Upstream commit 3c37745ec614ff048d5dce38f976804b05d307ee ]

Currently, the encap action offload is handled in the actions parse
function and not in mlx5e_tc_add_fdb_flow() where we deal with all
the other aspects of offloading actions (vlan, modify header) and
the rule itself.

When the neigh update code (mlx5e_tc_encap_flows_add()) recreates the
encap entry and offloads the related flows, we wrongly call again into
mlx5e_tc_add_fdb_flow(), this for itself would cause us to handle
again the offloading of vlans and header re-write which puts things
in non consistent state and step on freed memory (e.g the modify
header parse buffer which is already freed).

Since on error, mlx5e_tc_add_fdb_flow() detaches and may release the
encap entry, it causes a corruption at the neigh update code which goes
over the list of flows associated with this encap entry, or double free
when the tc flow is later deleted by user-space.

When neigh update (mlx5e_tc_encap_flows_del()) unoffloads the flows related
to an encap entry which is now invalid, we do a partial repeat of the eswitch
flow removal code which is wrong too.

To fix things up we do the following:

(1) handle the encap action offload in the eswitch flow add function
    mlx5e_tc_add_fdb_flow() as done for the other actions and the rule itself.

(2) modify the neigh update code (mlx5e_tc_encap_flows_add/del) to only
    deal with the encap entry and rules delete/add and not with any of
    the other offloaded actions.

Fixes: 232c001398ae ('net/mlx5e: Add support to neighbour update flow')
Signed-off-by: Or Gerlitz &lt;ogerlitz@mellanox.com&gt;
Reviewed-by: Paul Blakey &lt;paulb@mellanox.com&gt;
Signed-off-by: Saeed Mahameed &lt;saeedm@mellanox.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net/mlx5: Fix health work queue spin lock to IRQ safe</title>
<updated>2017-11-18T10:30:38+00:00</updated>
<author>
<name>Moshe Shemesh</name>
<email>moshe@mellanox.com</email>
</author>
<published>2017-10-19T11:14:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ed588a25d1efd800caaa4ebeee3cd1bff4fd198'/>
<id>urn:sha1:3ed588a25d1efd800caaa4ebeee3cd1bff4fd198</id>
<content type='text'>
[ Upstream commit 6377ed0bbae6fa28853e1679d068a9106c8a8908 ]

spin_lock/unlock of health-&gt;wq_lock should be IRQ safe.
It was changed to spin_lock_irqsave since adding commit 0179720d6be2
("net/mlx5: Introduce trigger_health_work function") which uses
spin_lock from asynchronous event (IRQ) context.
Thus, all spin_lock/unlock of health-&gt;wq_lock should have been moved
to IRQ safe mode.
However, one occurrence on new code using this lock missed that
change, resulting in possible deadlock:
  kernel: Possible unsafe locking scenario:
  kernel:       CPU0
  kernel:       ----
  kernel:  lock(&amp;(&amp;health-&gt;wq_lock)-&gt;rlock);
  kernel:  &lt;Interrupt&gt;
  kernel:    lock(&amp;(&amp;health-&gt;wq_lock)-&gt;rlock);
  kernel: #012 *** DEADLOCK ***

Fixes: 2a0165a034ac ("net/mlx5: Cancel delayed recovery work when unloading the driver")
Signed-off-by: Moshe Shemesh &lt;moshe@mellanox.com&gt;
Signed-off-by: Saeed Mahameed &lt;saeedm@mellanox.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>rocker: fix rocker_tlv_put_* functions for KASAN</title>
<updated>2017-10-12T09:56:17+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2017-09-22T21:29:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ff7c75a664756acec81526ebf6dceb320561de59'/>
<id>urn:sha1:ff7c75a664756acec81526ebf6dceb320561de59</id>
<content type='text'>
commit 6098d7ddd62f532f80ee2a4b01aca500a8e4e9e4 upstream.

Inlining these functions creates lots of stack variables that each take
64 bytes when KASAN is enabled, leading to this warning about potential
stack overflow:

drivers/net/ethernet/rocker/rocker_ofdpa.c: In function 'ofdpa_cmd_flow_tbl_add':
drivers/net/ethernet/rocker/rocker_ofdpa.c:621:1: error: the frame size of 2752 bytes is larger than 1536 bytes [-Werror=frame-larger-than=]

gcc-8 can now consolidate the stack slots itself, but on older versions
we get the same behavior by using a temporary variable that holds a
copy of the inline function argument.

Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
</entry>
<entry>
<title>net/mlx5e: IPoIB, Fix access to invalid memory address</title>
<updated>2017-10-12T09:56:06+00:00</updated>
<author>
<name>Roi Dayan</name>
<email>roid@mellanox.com</email>
</author>
<published>2017-08-21T09:04:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9de182964e0a6bbc1bb7935c6f9dc4f82fcf785d'/>
<id>urn:sha1:9de182964e0a6bbc1bb7935c6f9dc4f82fcf785d</id>
<content type='text'>
[ Upstream commit 38e8a5c040d3ec99a8351c688dcdf0f549611565 ]

When cleaning rdma netdevice we need to save the mdev pointer
because priv is released when we release netdev.

This bug was found using the kernel address sanitizer (KASAN).
use-after-free in mlx5_rdma_netdev_free+0xe3/0x100 [mlx5_core]

Fixes: 48935bbb7ae8 ("net/mlx5e: IPoIB, Add netdevice profile skeleton")
Signed-off-by: Roi Dayan &lt;roid@mellanox.com&gt;
Reviewed-by: Or Gerlitz &lt;ogerlitz@mellanox.com&gt;
Signed-off-by: Saeed Mahameed &lt;saeedm@mellanox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: qcom/emac: specify the correct size when mapping a DMA buffer</title>
<updated>2017-10-12T09:56:05+00:00</updated>
<author>
<name>Timur Tabi</name>
<email>timur@codeaurora.org</email>
</author>
<published>2017-09-22T20:32:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5e4038e83d88b36ad913b4e3cfd35c5337d30535'/>
<id>urn:sha1:5e4038e83d88b36ad913b4e3cfd35c5337d30535</id>
<content type='text'>
[ Upstream commit a93ad944f4ff9a797abff17c73fc4b1e4a1d9141 ]

When mapping the RX DMA buffers, the driver was accidentally specifying
zero for the buffer length.  Under normal circumstances, SWIOTLB does not
need to allocate a bounce buffer, so the address is just mapped without
checking the size field.  This is why the error was not detected earlier.

Fixes: b9b17debc69d ("net: emac: emac gigabit ethernet controller driver")
Cc: stable@vger.kernel.org
Signed-off-by: Timur Tabi &lt;timur@codeaurora.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: stmmac: Cocci spatch "of_table"</title>
<updated>2017-10-12T09:56:05+00:00</updated>
<author>
<name>Thomas Meyer</name>
<email>thomas@m3y3r.de</email>
</author>
<published>2017-09-21T06:24:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0476f91d987466884ba8c529aa29a839c4df3380'/>
<id>urn:sha1:0476f91d987466884ba8c529aa29a839c4df3380</id>
<content type='text'>
[ Upstream commit f0ef1f4f2b772c0a1c8b35a6ae3edf974cc110dd ]

Make sure (of/i2c/platform)_device_id tables are NULL terminated.
Found by coccinelle spatch "misc/of_table.cocci"

Signed-off-by: Thomas Meyer &lt;thomas@m3y3r.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
</feed>
