<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net, branch linux-3.15.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>macvlan: Initialize vlan_features to turn on offload support.</title>
<updated>2014-08-14T01:51:49+00:00</updated>
<author>
<name>Vlad Yasevich</name>
<email>vyasevic@redhat.com</email>
</author>
<published>2014-07-31T14:30:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e629ca252210ebd0bb6a944851e90e620cfcd15e'/>
<id>e629ca252210ebd0bb6a944851e90e620cfcd15e</id>
<content type='text'>
[ Upstream commit 081e83a78db9b0ae1f5eabc2dedecc865f509b98 ]

Macvlan devices do not initialize vlan_features.  As a result,
any vlan devices configured on top of macvlans perform very poorly.
Initialize vlan_features based on the vlan features of the lower-level
device.

Signed-off-by: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 081e83a78db9b0ae1f5eabc2dedecc865f509b98 ]

Macvlan devices do not initialize vlan_features.  As a result,
any vlan devices configured on top of macvlans perform very poorly.
Initialize vlan_features based on the vlan features of the lower-level
device.

Signed-off-by: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bna: fix performance regression</title>
<updated>2014-08-14T01:51:48+00:00</updated>
<author>
<name>Ivan Vecera</name>
<email>ivecera@redhat.com</email>
</author>
<published>2014-07-29T14:29:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6980baed350d2e32647595fd06f5281d708fbee0'/>
<id>6980baed350d2e32647595fd06f5281d708fbee0</id>
<content type='text'>
[ Upstream commit c36c9d50cc6af5c5bfcc195f21b73f55520c15f9 ]

The recent commit "e29aa33 bna: Enable Multi Buffer RX" is causing
a performance regression. It does not properly update 'cmpl' pointer
at the end of the loop in NAPI handler bnad_cq_process(). The result is
only one packet / per NAPI-schedule is processed.

Signed-off-by: Ivan Vecera &lt;ivecera@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c36c9d50cc6af5c5bfcc195f21b73f55520c15f9 ]

The recent commit "e29aa33 bna: Enable Multi Buffer RX" is causing
a performance regression. It does not properly update 'cmpl' pointer
at the end of the loop in NAPI handler bnad_cq_process(). The result is
only one packet / per NAPI-schedule is processed.

Signed-off-by: Ivan Vecera &lt;ivecera@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>inetpeer: get rid of ip_id_count</title>
<updated>2014-08-14T01:51:48+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2014-06-02T12:26:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6ea4adaf4cd1183e44b81e62f3226b1816749c77'/>
<id>6ea4adaf4cd1183e44b81e62f3226b1816749c77</id>
<content type='text'>
[ Upstream commit 73f156a6e8c1074ac6327e0abd1169e95eb66463 ]

Ideally, we would need to generate IP ID using a per destination IP
generator.

linux kernels used inet_peer cache for this purpose, but this had a huge
cost on servers disabling MTU discovery.

1) each inet_peer struct consumes 192 bytes

2) inetpeer cache uses a binary tree of inet_peer structs,
   with a nominal size of ~66000 elements under load.

3) lookups in this tree are hitting a lot of cache lines, as tree depth
   is about 20.

4) If server deals with many tcp flows, we have a high probability of
   not finding the inet_peer, allocating a fresh one, inserting it in
   the tree with same initial ip_id_count, (cf secure_ip_id())

5) We garbage collect inet_peer aggressively.

IP ID generation do not have to be 'perfect'

Goal is trying to avoid duplicates in a short period of time,
so that reassembly units have a chance to complete reassembly of
fragments belonging to one message before receiving other fragments
with a recycled ID.

We simply use an array of generators, and a Jenkin hash using the dst IP
as a key.

ipv6_select_ident() is put back into net/ipv6/ip6_output.c where it
belongs (it is only used from this file)

secure_ip_id() and secure_ipv6_id() no longer are needed.

Rename ip_select_ident_more() to ip_select_ident_segs() to avoid
unnecessary decrement/increment of the number of segments.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 73f156a6e8c1074ac6327e0abd1169e95eb66463 ]

Ideally, we would need to generate IP ID using a per destination IP
generator.

linux kernels used inet_peer cache for this purpose, but this had a huge
cost on servers disabling MTU discovery.

1) each inet_peer struct consumes 192 bytes

2) inetpeer cache uses a binary tree of inet_peer structs,
   with a nominal size of ~66000 elements under load.

3) lookups in this tree are hitting a lot of cache lines, as tree depth
   is about 20.

4) If server deals with many tcp flows, we have a high probability of
   not finding the inet_peer, allocating a fresh one, inserting it in
   the tree with same initial ip_id_count, (cf secure_ip_id())

5) We garbage collect inet_peer aggressively.

IP ID generation do not have to be 'perfect'

Goal is trying to avoid duplicates in a short period of time,
so that reassembly units have a chance to complete reassembly of
fragments belonging to one message before receiving other fragments
with a recycled ID.

We simply use an array of generators, and a Jenkin hash using the dst IP
as a key.

ipv6_select_ident() is put back into net/ipv6/ip6_output.c where it
belongs (it is only used from this file)

secure_ip_id() and secure_ipv6_id() no longer are needed.

Rename ip_select_ident_more() to ip_select_ident_segs() to avoid
unnecessary decrement/increment of the number of segments.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: phy: re-apply PHY fixups during phy_register_device</title>
<updated>2014-08-14T01:51:48+00:00</updated>
<author>
<name>Florian Fainelli</name>
<email>f.fainelli@gmail.com</email>
</author>
<published>2014-07-28T23:28:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4521c12b503fb88f1a90e4a377869a51658b3789'/>
<id>4521c12b503fb88f1a90e4a377869a51658b3789</id>
<content type='text'>
[ Upstream commit d92f5dec6325079c550889883af51db1b77d5623 ]

Commit 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()")
moved the call to phy_scan_fixups() in phy_init_hw() after a software
reset is performed.

By the time phy_init_hw() is called in phy_device_register(), no driver
has been bound to this PHY yet, so all the checks in phy_init_hw()
against the PHY driver and the PHY driver's config_init function will
return 0. We will therefore never call phy_scan_fixups() as we should.

Fix this by calling phy_scan_fixups() and check for its return value to
restore the intended functionality.

This broke PHY drivers which do register an early PHY fixup callback to
intercept the PHY probing and do things like changing the 32-bits unique
PHY identifier when a pseudo-PHY address has been used, as well as
board-specific PHY fixups that need to be applied during driver probe
time.

Reported-by: Hauke Merthens &lt;hauke-m@hauke-m.de&gt;
Reported-by: Jonas Gorski &lt;jogo@openwrt.org&gt;
Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit d92f5dec6325079c550889883af51db1b77d5623 ]

Commit 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()")
moved the call to phy_scan_fixups() in phy_init_hw() after a software
reset is performed.

By the time phy_init_hw() is called in phy_device_register(), no driver
has been bound to this PHY yet, so all the checks in phy_init_hw()
against the PHY driver and the PHY driver's config_init function will
return 0. We will therefore never call phy_scan_fixups() as we should.

Fix this by calling phy_scan_fixups() and check for its return value to
restore the intended functionality.

This broke PHY drivers which do register an early PHY fixup callback to
intercept the PHY probing and do things like changing the 32-bits unique
PHY identifier when a pseudo-PHY address has been used, as well as
board-specific PHY fixups that need to be applied during driver probe
time.

Reported-by: Hauke Merthens &lt;hauke-m@hauke-m.de&gt;
Reported-by: Jonas Gorski &lt;jogo@openwrt.org&gt;
Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bnx2x: fix crash during TSO tunneling</title>
<updated>2014-08-14T01:51:48+00:00</updated>
<author>
<name>Dmitry Kravkov</name>
<email>Dmitry.Kravkov@qlogic.com</email>
</author>
<published>2014-07-24T15:54:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e0d1b89416a6a32461fb110ebc6e0f4cf01fb411'/>
<id>e0d1b89416a6a32461fb110ebc6e0f4cf01fb411</id>
<content type='text'>
[ Upstream commit fe26566d8a05151ba1dce75081f6270f73ec4ae1 ]

When TSO packet is transmitted additional BD w/o mapping is used
to describe the packed. The BD needs special handling in tx
completion.

kernel: Call Trace:
kernel: &lt;IRQ&gt;  [&lt;ffffffff815e19ba&gt;] dump_stack+0x19/0x1b
kernel: [&lt;ffffffff8105dee1&gt;] warn_slowpath_common+0x61/0x80
kernel: [&lt;ffffffff8105df5c&gt;] warn_slowpath_fmt+0x5c/0x80
kernel: [&lt;ffffffff814a8c0d&gt;] ? find_iova+0x4d/0x90
kernel: [&lt;ffffffff814ab0e2&gt;] intel_unmap_page.part.36+0x142/0x160
kernel: [&lt;ffffffff814ad0e6&gt;] intel_unmap_page+0x26/0x30
kernel: [&lt;ffffffffa01f55d7&gt;] bnx2x_free_tx_pkt+0x157/0x2b0 [bnx2x]
kernel: [&lt;ffffffffa01f8dac&gt;] bnx2x_tx_int+0xac/0x220 [bnx2x]
kernel: [&lt;ffffffff8101a0d9&gt;] ? read_tsc+0x9/0x20
kernel: [&lt;ffffffffa01f8fdb&gt;] bnx2x_poll+0xbb/0x3c0 [bnx2x]
kernel: [&lt;ffffffff814d041a&gt;] net_rx_action+0x15a/0x250
kernel: [&lt;ffffffff81067047&gt;] __do_softirq+0xf7/0x290
kernel: [&lt;ffffffff815f3a5c&gt;] call_softirq+0x1c/0x30
kernel: [&lt;ffffffff81014d25&gt;] do_softirq+0x55/0x90
kernel: [&lt;ffffffff810673e5&gt;] irq_exit+0x115/0x120
kernel: [&lt;ffffffff815f4358&gt;] do_IRQ+0x58/0xf0
kernel: [&lt;ffffffff815e94ad&gt;] common_interrupt+0x6d/0x6d
kernel: &lt;EOI&gt;  [&lt;ffffffff810bbff7&gt;] ? clockevents_notify+0x127/0x140
kernel: [&lt;ffffffff814834df&gt;] ? cpuidle_enter_state+0x4f/0xc0
kernel: [&lt;ffffffff81483615&gt;] cpuidle_idle_call+0xc5/0x200
kernel: [&lt;ffffffff8101bc7e&gt;] arch_cpu_idle+0xe/0x30
kernel: [&lt;ffffffff810b4725&gt;] cpu_startup_entry+0xf5/0x290
kernel: [&lt;ffffffff815cfee1&gt;] start_secondary+0x265/0x27b
kernel: ---[ end trace 11aa7726f18d7e80 ]---

Fixes: a848ade408b ("bnx2x: add CSUM and TSO support for encapsulation protocols")
Reported-by: Yulong Pei &lt;ypei@redhat.com&gt;
Cc: Michal Schmidt &lt;mschmidt@redhat.com&gt;
Signed-off-by: Dmitry Kravkov &lt;Dmitry.Kravkov@qlogic.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit fe26566d8a05151ba1dce75081f6270f73ec4ae1 ]

When TSO packet is transmitted additional BD w/o mapping is used
to describe the packed. The BD needs special handling in tx
completion.

kernel: Call Trace:
kernel: &lt;IRQ&gt;  [&lt;ffffffff815e19ba&gt;] dump_stack+0x19/0x1b
kernel: [&lt;ffffffff8105dee1&gt;] warn_slowpath_common+0x61/0x80
kernel: [&lt;ffffffff8105df5c&gt;] warn_slowpath_fmt+0x5c/0x80
kernel: [&lt;ffffffff814a8c0d&gt;] ? find_iova+0x4d/0x90
kernel: [&lt;ffffffff814ab0e2&gt;] intel_unmap_page.part.36+0x142/0x160
kernel: [&lt;ffffffff814ad0e6&gt;] intel_unmap_page+0x26/0x30
kernel: [&lt;ffffffffa01f55d7&gt;] bnx2x_free_tx_pkt+0x157/0x2b0 [bnx2x]
kernel: [&lt;ffffffffa01f8dac&gt;] bnx2x_tx_int+0xac/0x220 [bnx2x]
kernel: [&lt;ffffffff8101a0d9&gt;] ? read_tsc+0x9/0x20
kernel: [&lt;ffffffffa01f8fdb&gt;] bnx2x_poll+0xbb/0x3c0 [bnx2x]
kernel: [&lt;ffffffff814d041a&gt;] net_rx_action+0x15a/0x250
kernel: [&lt;ffffffff81067047&gt;] __do_softirq+0xf7/0x290
kernel: [&lt;ffffffff815f3a5c&gt;] call_softirq+0x1c/0x30
kernel: [&lt;ffffffff81014d25&gt;] do_softirq+0x55/0x90
kernel: [&lt;ffffffff810673e5&gt;] irq_exit+0x115/0x120
kernel: [&lt;ffffffff815f4358&gt;] do_IRQ+0x58/0xf0
kernel: [&lt;ffffffff815e94ad&gt;] common_interrupt+0x6d/0x6d
kernel: &lt;EOI&gt;  [&lt;ffffffff810bbff7&gt;] ? clockevents_notify+0x127/0x140
kernel: [&lt;ffffffff814834df&gt;] ? cpuidle_enter_state+0x4f/0xc0
kernel: [&lt;ffffffff81483615&gt;] cpuidle_idle_call+0xc5/0x200
kernel: [&lt;ffffffff8101bc7e&gt;] arch_cpu_idle+0xe/0x30
kernel: [&lt;ffffffff810b4725&gt;] cpu_startup_entry+0xf5/0x290
kernel: [&lt;ffffffff815cfee1&gt;] start_secondary+0x265/0x27b
kernel: ---[ end trace 11aa7726f18d7e80 ]---

Fixes: a848ade408b ("bnx2x: add CSUM and TSO support for encapsulation protocols")
Reported-by: Yulong Pei &lt;ypei@redhat.com&gt;
Cc: Michal Schmidt &lt;mschmidt@redhat.com&gt;
Signed-off-by: Dmitry Kravkov &lt;Dmitry.Kravkov@qlogic.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: bcmgenet: correctly pad short packets</title>
<updated>2014-08-14T01:51:47+00:00</updated>
<author>
<name>Florian Fainelli</name>
<email>f.fainelli@gmail.com</email>
</author>
<published>2014-07-22T18:01:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=34ada3629e591ddb43c1aa799f5e4f39b1a1597a'/>
<id>34ada3629e591ddb43c1aa799f5e4f39b1a1597a</id>
<content type='text'>
[ Upstream commit 474ea9cafc459976827a477f2c30eaf6313cb7c1 ]

Packets shorter than ETH_ZLEN were not padded with zeroes, hence leaking
potentially sensitive information. This bug has been present since the
driver got accepted in commit 1c1008c793fa46703a2fee469f4235e1c7984333
("net: bcmgenet: add main driver file").

Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 474ea9cafc459976827a477f2c30eaf6313cb7c1 ]

Packets shorter than ETH_ZLEN were not padded with zeroes, hence leaking
potentially sensitive information. This bug has been present since the
driver got accepted in commit 1c1008c793fa46703a2fee469f4235e1c7984333
("net: bcmgenet: add main driver file").

Signed-off-by: Florian Fainelli &lt;f.fainelli@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix aggregation session lockup</title>
<updated>2014-08-07T23:53:51+00:00</updated>
<author>
<name>Felix Fietkau</name>
<email>nbd@openwrt.org</email>
</author>
<published>2014-07-23T13:40:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f0eda5106e9b2adef0f801a57ae7c60b158aed9d'/>
<id>f0eda5106e9b2adef0f801a57ae7c60b158aed9d</id>
<content type='text'>
commit c01fac1c77a00227f706a1654317023e3f4ac7f0 upstream.

If an aggregation session fails, frames still end up in the driver queue
with IEEE80211_TX_CTL_AMPDU set.
This causes tx for the affected station/tid to stall, since
ath_tx_get_tid_subframe returning packets to send.

Fix this by clearing IEEE80211_TX_CTL_AMPDU as long as no aggregation
session is running.

Reported-by: Antonio Quartulli &lt;antonio@open-mesh.com&gt;
Signed-off-by: Felix Fietkau &lt;nbd@openwrt.org&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit c01fac1c77a00227f706a1654317023e3f4ac7f0 upstream.

If an aggregation session fails, frames still end up in the driver queue
with IEEE80211_TX_CTL_AMPDU set.
This causes tx for the affected station/tid to stall, since
ath_tx_get_tid_subframe returning packets to send.

Fix this by clearing IEEE80211_TX_CTL_AMPDU as long as no aggregation
session is running.

Reported-by: Antonio Quartulli &lt;antonio@open-mesh.com&gt;
Signed-off-by: Felix Fietkau &lt;nbd@openwrt.org&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>iwlwifi: mvm: disable CTS to Self</title>
<updated>2014-07-28T15:08:29+00:00</updated>
<author>
<name>Emmanuel Grumbach</name>
<email>emmanuel.grumbach@intel.com</email>
</author>
<published>2014-07-03T17:46:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7d71bcace158a70c28928784e75e4e447f6c2ac2'/>
<id>7d71bcace158a70c28928784e75e4e447f6c2ac2</id>
<content type='text'>
commit dc271ee0d04d12d6bfabacbec803289a7072fbd9 upstream.

Firmware folks seem say that this flag can make trouble.
Drop it. The advantage of CTS to self is that it slightly
reduces the cost of the protection, but make the protection
less reliable.

Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;


</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit dc271ee0d04d12d6bfabacbec803289a7072fbd9 upstream.

Firmware folks seem say that this flag can make trouble.
Drop it. The advantage of CTS to self is that it slightly
reduces the cost of the protection, but make the protection
less reliable.

Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;


</pre>
</div>
</content>
</entry>
<entry>
<title>mwifiex: fix Tx timeout issue</title>
<updated>2014-07-28T15:08:26+00:00</updated>
<author>
<name>Amitkumar Karwar</name>
<email>akarwar@marvell.com</email>
</author>
<published>2014-06-20T18:45:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=363595404bded8c468a27af2d11b6578c2f6d64a'/>
<id>363595404bded8c468a27af2d11b6578c2f6d64a</id>
<content type='text'>
commit d76744a93246eccdca1106037e8ee29debf48277 upstream.

https://bugzilla.kernel.org/show_bug.cgi?id=70191
https://bugzilla.kernel.org/show_bug.cgi?id=77581

It is observed that sometimes Tx packet is downloaded without
adding driver's txpd header. This results in firmware parsing
garbage data as packet length. Sometimes firmware is unable
to read the packet if length comes out as invalid. This stops
further traffic and timeout occurs.

The root cause is uninitialized fields in tx_info(skb-&gt;cb) of
packet used to get garbage values. In this case if
MWIFIEX_BUF_FLAG_REQUEUED_PKT flag is mistakenly set, txpd
header was skipped. This patch makes sure that tx_info is
correctly initialized to fix the problem.

Reported-by: Andrew Wiley &lt;wiley.andrew.j@gmail.com&gt;
Reported-by: Linus Gasser &lt;list@markas-al-nour.org&gt;
Reported-by: Michael Hirsch &lt;hirsch@teufel.de&gt;
Tested-by: Xinming Hu &lt;huxm@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Maithili Hinge &lt;maithili@marvell.com&gt;
Signed-off-by: Avinash Patil &lt;patila@marvell.com&gt;
Signed-off-by: Bing Zhao &lt;bzhao@marvell.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit d76744a93246eccdca1106037e8ee29debf48277 upstream.

https://bugzilla.kernel.org/show_bug.cgi?id=70191
https://bugzilla.kernel.org/show_bug.cgi?id=77581

It is observed that sometimes Tx packet is downloaded without
adding driver's txpd header. This results in firmware parsing
garbage data as packet length. Sometimes firmware is unable
to read the packet if length comes out as invalid. This stops
further traffic and timeout occurs.

The root cause is uninitialized fields in tx_info(skb-&gt;cb) of
packet used to get garbage values. In this case if
MWIFIEX_BUF_FLAG_REQUEUED_PKT flag is mistakenly set, txpd
header was skipped. This patch makes sure that tx_info is
correctly initialized to fix the problem.

Reported-by: Andrew Wiley &lt;wiley.andrew.j@gmail.com&gt;
Reported-by: Linus Gasser &lt;list@markas-al-nour.org&gt;
Reported-by: Michael Hirsch &lt;hirsch@teufel.de&gt;
Tested-by: Xinming Hu &lt;huxm@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Maithili Hinge &lt;maithili@marvell.com&gt;
Signed-off-by: Avinash Patil &lt;patila@marvell.com&gt;
Signed-off-by: Bing Zhao &lt;bzhao@marvell.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>xen-netback: Fix pointer incrementation to avoid incorrect logging</title>
<updated>2014-07-28T15:08:26+00:00</updated>
<author>
<name>Zoltan Kiss</name>
<email>zoltan.kiss@citrix.com</email>
</author>
<published>2014-07-18T18:08:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c780438d32b674c825f355fdecc0a012e3e7652f'/>
<id>c780438d32b674c825f355fdecc0a012e3e7652f</id>
<content type='text'>
[ Upstream commit d8cfbfc4660054150ca1b7c501a8edc0771022f9 ]

Due to this pointer is increased prematurely, the error log contains rubbish.

Signed-off-by: Zoltan Kiss &lt;zoltan.kiss@citrix.com&gt;
Reported-by: Armin Zentai &lt;armin.zentai@ezit.hu&gt;
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: xen-devel@lists.xenproject.org
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit d8cfbfc4660054150ca1b7c501a8edc0771022f9 ]

Due to this pointer is increased prematurely, the error log contains rubbish.

Signed-off-by: Zoltan Kiss &lt;zoltan.kiss@citrix.com&gt;
Reported-by: Armin Zentai &lt;armin.zentai@ezit.hu&gt;
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: xen-devel@lists.xenproject.org
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
