<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net/ethernet/broadcom, branch linux-3.9.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>tg3: Wait for boot code to finish after power on</title>
<updated>2013-06-20T19:01:38+00:00</updated>
<author>
<name>Nithin Sujir</name>
<email>nsujir@broadcom.com</email>
</author>
<published>2013-06-12T18:08:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=43553a33ff54c011225967861e34f3f4047a3b7e'/>
<id>43553a33ff54c011225967861e34f3f4047a3b7e</id>
<content type='text'>
commit df465abfe06f7dc4f33f4a96d17f096e9e8ac917 upstream.

Some systems that don't need wake-on-lan may choose to power down the
chip on system standby. Upon resume, the power on causes the boot code
to startup and initialize the hardware. On one new platform, this is
causing the device to go into a bad state due to a race between the
driver and boot code, once every several hundred resumes. The same race
exists on open since we come up from a power on.

This patch adds a wait for boot code signature at the beginning of
tg3_init_hw() which is common to both cases. If there has not been a
power-off or the boot code has already completed, the signature will be
present and poll_fw() returns immediately. Also return immediately if
the device does not have firmware.

Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit df465abfe06f7dc4f33f4a96d17f096e9e8ac917 upstream.

Some systems that don't need wake-on-lan may choose to power down the
chip on system standby. Upon resume, the power on causes the boot code
to startup and initialize the hardware. On one new platform, this is
causing the device to go into a bad state due to a race between the
driver and boot code, once every several hundred resumes. The same race
exists on open since we come up from a power on.

This patch adds a wait for boot code signature at the beginning of
tg3_init_hw() which is common to both cases. If there has not been a
power-off or the boot code has already completed, the signature will be
present and poll_fw() returns immediately. Also return immediately if
the device does not have firmware.

Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>tg3: Add read dma workaround for 5720</title>
<updated>2013-06-07T19:53:35+00:00</updated>
<author>
<name>Nithin Sujir</name>
<email>nsujir@broadcom.com</email>
</author>
<published>2013-06-03T09:19:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=330733ae806a83fa59a019fb086be5743323ecac'/>
<id>330733ae806a83fa59a019fb086be5743323ecac</id>
<content type='text'>
commit 9bc297ea0622bb2a6b3abfa2fa84f0a3b86ef8c8 upstream.

Commit 091f0ea30074bc43f9250961b3247af713024bc6 "tg3: Add New 5719 Read
DMA workaround" added a workaround for TX DMA stall on the 5719. This
workaround needs to be applied to the 5720 as well.

Reported-by: Roland Dreier &lt;roland@purestorage.com&gt;
Tested-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9bc297ea0622bb2a6b3abfa2fa84f0a3b86ef8c8 upstream.

Commit 091f0ea30074bc43f9250961b3247af713024bc6 "tg3: Add New 5719 Read
DMA workaround" added a workaround for TX DMA stall on the 5719. This
workaround needs to be applied to the 5720 as well.

Reported-by: Roland Dreier &lt;roland@purestorage.com&gt;
Tested-by: Roland Dreier &lt;roland@purestorage.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>tg3: Fix data corruption on 5725 with TSO</title>
<updated>2013-06-07T19:52:28+00:00</updated>
<author>
<name>Michael Chan</name>
<email>mchan@broadcom.com</email>
</author>
<published>2013-05-13T11:04:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b042d0bdfab0c8d52a54ed979531356c259bca57'/>
<id>b042d0bdfab0c8d52a54ed979531356c259bca57</id>
<content type='text'>
commit 0f0d15100a8ac875bdd408324c473e16d73d3557 upstream.

The 5725 family of devices (asic rev 5762), corrupts TSO packets where
the buffer is within MSS bytes of a 4G boundary (4G, 8G etc.). Detect
this condition and trigger the workaround path.

Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 0f0d15100a8ac875bdd408324c473e16d73d3557 upstream.

The 5725 family of devices (asic rev 5762), corrupts TSO packets where
the buffer is within MSS bytes of a 4G boundary (4G, 8G etc.). Detect
this condition and trigger the workaround path.

Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>tg3: Skip powering down function 0 on certain serdes devices</title>
<updated>2013-06-07T19:52:27+00:00</updated>
<author>
<name>Nithin Sujir</name>
<email>nsujir@broadcom.com</email>
</author>
<published>2013-05-13T11:04:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f5a30b16941df0a86a394c749f6a3c243bd5bd5d'/>
<id>f5a30b16941df0a86a394c749f6a3c243bd5bd5d</id>
<content type='text'>
commit 44f3b503c16425c8e9db4bbaa2fc9cd0c9d0ba91 upstream.

On the 5718, 5719 and 5720 serdes devices, powering down function 0
results in all the other ports being powered down. Add code to skip
function 0 power down.

v2:
 - Modify tg3_phy_power_bug() function to use a switch instead of a
   complicated if statement. Suggested by Joe Perches.

Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 44f3b503c16425c8e9db4bbaa2fc9cd0c9d0ba91 upstream.

On the 5718, 5719 and 5720 serdes devices, powering down function 0
results in all the other ports being powered down. Add code to skip
function 0 power down.

v2:
 - Modify tg3_phy_power_bug() function to use a switch instead of a
   complicated if statement. Suggested by Joe Perches.

Signed-off-by: Michael Chan &lt;mchan@broadcom.com&gt;
Signed-off-by: Nithin Nayak Sujir &lt;nsujir@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: Fix status blocks configuration</title>
<updated>2013-04-18T19:03:26+00:00</updated>
<author>
<name>Ariel Elior</name>
<email>ariele@broadcom.com</email>
</author>
<published>2013-04-17T22:49:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0c14e5ced264620284bd96f888614768c9bd0976'/>
<id>0c14e5ced264620284bd96f888614768c9bd0976</id>
<content type='text'>
This fixes 2 issues regarding bnx2x's status blocks:

   1. ethtool -c caused corruption of status blocks in FW RAM.

   2. when using multi-CoS, the configuration of the timeout values of
      status blocks is incorrect, harming the coalescing of interrupts
      for such CoSs.

Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This fixes 2 issues regarding bnx2x's status blocks:

   1. ethtool -c caused corruption of status blocks in FW RAM.

   2. when using multi-CoS, the configuration of the timeout values of
      status blocks is incorrect, harming the coalescing of interrupts
      for such CoSs.

Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: Prevent UNDI FW illegal host access</title>
<updated>2013-04-18T19:03:25+00:00</updated>
<author>
<name>Dmitry Kravkov</name>
<email>dmitry@broadcom.com</email>
</author>
<published>2013-04-17T22:49:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d46f7c4df342c27cea676939d7c005f1e86173e9'/>
<id>d46f7c4df342c27cea676939d7c005f1e86173e9</id>
<content type='text'>
When loading after UNDI (e.g., Boot from SAN) the UNDI does not
gracefully yield its resources; The bnx2x driver handles that release
itself.

During the manipulation required to release those resources, it's possible
for the UNDI to try and write to memory regions which are no longer accessible,
causing the PCI bus to prevent further writes from the chip.

This would in turn cause DMAE timeouts later on in the driver, as the driver
will be unable to use the chip's DMA engines.

This patch prevents the chip from actually writing through the PCI bus
in said scenario, thus allowing the release without the unfortunate by-product.

Signed-off-by: Dmitry Kravkov &lt;dmitry@broadcom.com&gt;
Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When loading after UNDI (e.g., Boot from SAN) the UNDI does not
gracefully yield its resources; The bnx2x driver handles that release
itself.

During the manipulation required to release those resources, it's possible
for the UNDI to try and write to memory regions which are no longer accessible,
causing the PCI bus to prevent further writes from the chip.

This would in turn cause DMAE timeouts later on in the driver, as the driver
will be unable to use the chip's DMA engines.

This patch prevents the chip from actually writing through the PCI bus
in said scenario, thus allowing the release without the unfortunate by-product.

Signed-off-by: Dmitry Kravkov &lt;dmitry@broadcom.com&gt;
Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: Prevent null pointer dereference in AFEX mode</title>
<updated>2013-04-10T19:27:04+00:00</updated>
<author>
<name>Yuval Mintz</name>
<email>yuvalmin@broadcom.com</email>
</author>
<published>2013-04-10T10:34:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fea75645342c7ad574214497a78e562db12dfd7b'/>
<id>fea75645342c7ad574214497a78e562db12dfd7b</id>
<content type='text'>
The cnic module is responsible for initializing various bnx2x structs
via callbacks provided by the bnx2x module.
One such struct is the queue object for the FCoE queue.

If a device is working in AFEX mode and its configuration allows FCoE yet
the cnic module is not loaded, it's very likely a null pointer dereference
will occur, as the bnx2x will erroneously access the FCoE's queue object.

Prevent said access until cnic properly registers itself.

Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The cnic module is responsible for initializing various bnx2x structs
via callbacks provided by the bnx2x module.
One such struct is the queue object for the FCoE queue.

If a device is working in AFEX mode and its configuration allows FCoE yet
the cnic module is not loaded, it's very likely a null pointer dereference
will occur, as the bnx2x will erroneously access the FCoE's queue object.

Prevent said access until cnic properly registers itself.

Signed-off-by: Yuval Mintz &lt;yuvalmin@broadcom.com&gt;
Signed-off-by: Ariel Elior &lt;ariele@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: Fix KR2 rapid link flap</title>
<updated>2013-04-07T21:17:00+00:00</updated>
<author>
<name>Yaniv Rosner</name>
<email>yanivr@broadcom.com</email>
</author>
<published>2013-04-07T05:36:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cb28ea3b13b86fb23448525f34720e659bda7aa8'/>
<id>cb28ea3b13b86fb23448525f34720e659bda7aa8</id>
<content type='text'>
Check KR2 recovery time at the beginning of the work-around function.

Signed-off-by: Yaniv Rosner &lt;yanivr@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Check KR2 recovery time at the beginning of the work-around function.

Signed-off-by: Yaniv Rosner &lt;yanivr@broadcom.com&gt;
Signed-off-by: Eilon Greenstein &lt;eilong@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tg3: fix length overflow in VPD firmware parsing</title>
<updated>2013-03-27T18:06:41+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2013-03-27T06:40:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=715230a44310a8cf66fbfb5a46f9a62a9b2de424'/>
<id>715230a44310a8cf66fbfb5a46f9a62a9b2de424</id>
<content type='text'>
Commit 184b89044fb6e2a74611dafa69b1dce0d98612c6 ("tg3: Use VPD fw version
when present") introduced VPD parsing that contained a potential length
overflow.

Limit the hardware's reported firmware string length (max 255 bytes) to
stay inside the driver's firmware string length (32 bytes). On overflow,
truncate the formatted firmware string instead of potentially overwriting
portions of the tg3 struct.

http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Reported-by: Oded Horovitz &lt;oded@privatecore.com&gt;
Reported-by: Brad Spengler &lt;spender@grsecurity.net&gt;
Cc: stable@vger.kernel.org
Cc: Matt Carlson &lt;mcarlson@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 184b89044fb6e2a74611dafa69b1dce0d98612c6 ("tg3: Use VPD fw version
when present") introduced VPD parsing that contained a potential length
overflow.

Limit the hardware's reported firmware string length (max 255 bytes) to
stay inside the driver's firmware string length (32 bytes). On overflow,
truncate the formatted firmware string instead of potentially overwriting
portions of the tg3 struct.

http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Reported-by: Oded Horovitz &lt;oded@privatecore.com&gt;
Reported-by: Brad Spengler &lt;spender@grsecurity.net&gt;
Cc: stable@vger.kernel.org
Cc: Matt Carlson &lt;mcarlson@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: fix assignment of signed expression to unsigned variable</title>
<updated>2013-03-24T21:27:28+00:00</updated>
<author>
<name>Kumar Amit Mehta</name>
<email>gmate.amit@gmail.com</email>
</author>
<published>2013-03-23T20:10:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8fe7f99a9e11a43183bc27420309ae105e1fec1a'/>
<id>8fe7f99a9e11a43183bc27420309ae105e1fec1a</id>
<content type='text'>
fix for incorrect assignment of signed expression to unsigned variable.

Signed-off-by: Kumar Amit Mehta &lt;gmate.amit@gmail.com&gt;
Acked-by: Dmitry Kravkov &lt;dmitry@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
fix for incorrect assignment of signed expression to unsigned variable.

Signed-off-by: Kumar Amit Mehta &lt;gmate.amit@gmail.com&gt;
Acked-by: Dmitry Kravkov &lt;dmitry@broadcom.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
