1. 12 Dec, 2010 3 commits
  2. 11 Dec, 2010 1 commit
  3. 10 Dec, 2010 14 commits
  4. 09 Dec, 2010 1 commit
  5. 08 Dec, 2010 21 commits
    • Eric Dumazet's avatar
      tcp: protect sysctl_tcp_cookie_size reads · f1987257
      Eric Dumazet authored
      Make sure sysctl_tcp_cookie_size is read once in
      tcp_cookie_size_check(), or we might return an illegal value to caller
      if sysctl_tcp_cookie_size is changed by another cpu.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Cc: William Allen Simpson <william.allen.simpson@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1987257
    • Eric Dumazet's avatar
      tcp: avoid a possible divide by zero · ad9f4f50
      Eric Dumazet authored
      sysctl_tcp_tso_win_divisor might be set to zero while one cpu runs in
      tcp_tso_should_defer(). Make sure we dont allow a divide by zero by
      reading sysctl_tcp_tso_win_divisor exactly once.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ad9f4f50
    • David Kilroy's avatar
      orinoco: fix TKIP countermeasure behaviour · 0a54917c
      David Kilroy authored
      Enable the port when disabling countermeasures, and disable it on
      enabling countermeasures.
      
      This bug causes the response of the system to certain attacks to be
      ineffective.
      
      It also prevents wpa_supplicant from getting scan results, as
      wpa_supplicant disables countermeasures on startup - preventing the
      hardware from scanning.
      
      wpa_supplicant works with ap_mode=2 despite this bug because the commit
      handler re-enables the port.
      
      The log tends to look like:
      
      State: DISCONNECTED -> SCANNING
      Starting AP scan for wildcard SSID
      Scan requested (ret=0) - scan timeout 5 seconds
      EAPOL: disable timer tick
      EAPOL: Supplicant port status: Unauthorized
      Scan timeout - try to get results
      Failed to get scan results
      Failed to get scan results - try scanning again
      Setting scan request: 1 sec 0 usec
      Starting AP scan for wildcard SSID
      Scan requested (ret=-1) - scan timeout 5 seconds
      Failed to initiate AP scan.
      
      Reported by: Giacomo Comes <comes@naic.edu>
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      0a54917c
    • David Kilroy's avatar
      orinoco: clear countermeasure setting on commit · ba34fcee
      David Kilroy authored
      ... and interface up.
      
      In these situations, you are usually trying to connect to a new AP, so
      keeping TKIP countermeasures active is confusing. This is already how
      the driver behaves (inadvertently). However, querying SIOCGIWAUTH may
      tell userspace that countermeasures are active when they aren't.
      
      Clear the setting so that the reporting matches what the driver has
      done..
      
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      ba34fcee
    • Helmut Schaa's avatar
      mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs · 7e244707
      Helmut Schaa authored
      mac80211 doesn't handle shared skbs correctly at the moment. As a result
      a possible resize can trigger a BUG in pskb_expand_head.
      
      [  676.030000] Kernel bug detected[#1]:
      [  676.030000] Cpu 0
      [  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
      [  676.030000] $ 4   : 81966200 00000020 00000000 00000020
      [  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
      [  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
      [  676.030000] $16   : 80ea2000 00000000 00000000 00000000
      [  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
      [  676.030000] $24   : 00000002 800ace5c
      [  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
      [  676.030000] Hi    : 0000026e
      [  676.030000] Lo    : 0000757e
      [  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
      [  676.030000]     Not tainted
      [  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] Status: 1000a403    KERNEL EXL IE
      [  676.030000] Cause : 10800024
      [  676.030000] PrId  : 0001964c (MIPS 24Kc)
      [  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
      [  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
      [  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
      [  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
      [  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
      [  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
      [  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
      [  676.030000]         ...
      [  676.030000] Call Trace:
      [  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
      [  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
      [  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
      [  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
      [  676.030000] [<8002ebe8>] kthread+0x7c/0x88
      [  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
      [  676.030000]
      [  676.030000]
      [  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021
      
      Fix this by making a local copy of shared skbs prior to mangeling them.
      To avoid copying the skb unnecessarily move the skb_copy call below the
      checks that don't need write access to the skb.
      
      Also, move the assignment of nh_pos and h_pos below the skb_copy to point
      to the correct skb.
      
      It would be possible to avoid another resize of the copied skb by using
      skb_copy_expand instead of skb_copy but that would make the patch more
      complex. Also, shared skbs are a corner case right now, so the resize
      shouldn't matter much.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7e244707
    • Sujith Manoharan's avatar
      ath9k_htc: Fix suspend/resume · f933ebed
      Sujith Manoharan authored
      The HW has to be set to FULLSLEEP mode during suspend,
      when no interface has been brought up. Not doing this would
      break resume, as the chip won't be powered up at all.
      Signed-off-by: default avatarSujith Manoharan <Sujith.Manoharan@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      f933ebed
    • Javier Cardona's avatar
    • Javier Cardona's avatar
      ath5k: Prevent mesh interfaces from being counted as ad-hoc · c26d5339
      Javier Cardona authored
      This results in an erroneus num_adhoc_vifs count, as the this counter
      was incremented but not decremented for mesh interfaces.
      Signed-off-by: default avatarJavier Cardona <javier@cozybit.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      c26d5339
    • Javier Cardona's avatar
      ath5k: Fix beaconing in mesh mode · d82b577b
      Javier Cardona authored
      This patch fixes the oops below when attempting to bring up a mesh
      interface on ath5k hardware.
      
      [  128.933099] kernel BUG at drivers/net/wireless/ath/ath5k/base.c:197!
      [  128.933099] invalid opcode: 0000 [#1]
      (...)
      [  128.933099] Call Trace:
      [  128.933099]  [<c83b77fa>] ? ath5k_beacon_update+0x57/0x1f8 [ath5k]
      [  128.933099]  [<c02d9a40>] ? __sysfs_add_one+0x28/0x76
      [  128.933099]  [<c83b830e>] ? ath5k_bss_info_changed+0x13f/0x173
      [ath5k]
      [  128.933099]  [<c82ff629>] ? ieee80211_config_beacon+0xc0/0x17e
      [mac80211]
      [  128.933099]  [<c82f073e>] ?
      ieee80211_bss_info_change_notify+0x182/0x18b [mac80211]
      [  128.933099]  [<c83b81cf>] ? ath5k_bss_info_changed+0x0/0x173 [ath5k]
      [  128.933099]  [<c82ff6d6>] ? ieee80211_config_beacon+0x16d/0x17e
      [mac80211]
      [  128.933099]  [<c82ff753>] ? ieee80211_add_beacon+0x34/0x39 [mac80211]
      [  128.933099]  [<c830a4ed>] ? ieee80211s_init+0xf8/0x10f [mac80211]
      [  128.933099]  [<c830a5df>] ? ieee80211_mesh_init_sdata+0xdb/0x154 [mac80211]
      Signed-off-by: default avatarJavier Cardona <javier@cozybit.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      d82b577b
    • David Kilroy's avatar
      orinoco: initialise priv->hw before assigning the interrupt · 229bd792
      David Kilroy authored
      The interrupt handler takes a lock - but since commit bcad6e80 this
      lock goes through an indirection specified in the hermes_t structure.
      We must therefore initialise the structure before setting up the
      interrupt handler.
      
      Fix orinoco_cs and spectrum_cs
      
      <https://bugzilla.kernel.org/show_bug.cgi?id=23932>
      
      Bisected by: Matt Domsch <Matt_Domsch@dell.com>
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      229bd792
    • Breno Leitao's avatar
      ehea: Fixing LRO configuration · c7757fdb
      Breno Leitao authored
      In order to set LRO on ehea, the user must set a module parameter, which
      is not the standard way to do so. This patch adds a way to set LRO using
      the ethtool tool.
      Signed-off-by: default avatarBreno Leitao <leitao@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c7757fdb
    • Tom Herbert's avatar
      tcp: Replace time wait bucket msg by counter · 67631510
      Tom Herbert authored
      Rather than printing the message to the log, use a mib counter to keep
      track of the count of occurences of time wait bucket overflow.  Reduces
      spam in logs.
      Signed-off-by: default avatarTom Herbert <therbert@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67631510
    • Apollon Oikonomopoulos's avatar
      x25: decrement netdev reference counts on unload · 171995e5
      Apollon Oikonomopoulos authored
      x25 does not decrement the network device reference counts on module unload.
      Thus unregistering any pre-existing interface after unloading the x25 module
      hangs and results in
      
       unregister_netdevice: waiting for tap0 to become free. Usage count = 1
      
      This patch decrements the reference counts of all interfaces in x25_link_free,
      the way it is already done in x25_link_device_down for NETDEV_DOWN events.
      Signed-off-by: default avatarApollon Oikonomopoulos <apollon@noc.grnet.gr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      171995e5
    • Joe Jin's avatar
      driver/net/benet: fix be_cmd_multicast_set() memcpy bug · 408cc293
      Joe Jin authored
      Regarding  benet be_cmd_multicast_set() function, now using
      netdev_for_each_mc_addr() helper for mac address copy, but
      when copying to req->mac[] did not increase of the index.
      
      Cc: Sathya Perla <sathyap@serverengines.com>
      Cc: Subbu Seetharaman <subbus@serverengines.com>
      Cc: Sarveshwar Bandi <sarveshwarb@serverengines.com>
      Cc: Ajit Khaparde <ajitk@serverengines.com>
      Signed-off-by: default avatarJoe Jin <joe.jin@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      408cc293
    • Michal Marek's avatar
      l2tp: Fix modalias of l2tp_ip · e8d34a88
      Michal Marek authored
      Using the SOCK_DGRAM enum results in
      "net-pf-2-proto-SOCK_DGRAM-type-115", so use the numeric value like it
      is done in net/dccp.
      Signed-off-by: default avatarMichal Marek <mmarek@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e8d34a88
    • Nelson Elhage's avatar
      econet: Do the correct cleanup after an unprivileged SIOCSIFADDR. · 0c62fc6d
      Nelson Elhage authored
      We need to drop the mutex and do a dev_put, so set an error code and break like
      the other paths, instead of returning directly.
      Signed-off-by: default avatarNelson Elhage <nelhage@ksplice.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c62fc6d
    • David S. Miller's avatar
    • Eric Dumazet's avatar
      llc: fix a device refcount imbalance · 35d9b0c9
      Eric Dumazet authored
      Le dimanche 05 décembre 2010 à 12:23 +0100, Eric Dumazet a écrit :
      > Le dimanche 05 décembre 2010 à 09:19 +0100, Eric Dumazet a écrit :
      >
      > > Hmm..
      > >
      > > If somebody can explain why RTNL is held in arp_ioctl() (and therefore
      > > in arp_req_delete()), we might first remove RTNL use in arp_ioctl() so
      > > that your patch can be applied.
      > >
      > > Right now it is not good, because RTNL wont be necessarly held when you
      > > are going to call arp_invalidate() ?
      >
      > While doing this analysis, I found a refcount bug in llc, I'll send a
      > patch for net-2.6
      
      Oh well, of course I must first fix the bug in net-2.6, and wait David
      pull the fix in net-next-2.6 before sending this rcu conversion.
      
      Note: this patch should be sent to stable teams (2.6.34 and up)
      
      [PATCH net-2.6] llc: fix a device refcount imbalance
      
      commit abf9d537 (llc: add support for SO_BINDTODEVICE) added one
      refcount imbalance in llc_ui_bind(), because dev_getbyhwaddr() doesnt
      take a reference on device, while dev_get_by_index() does.
      
      Fix this using RCU locking. And since an RCU conversion will be done for
      2.6.38 for dev_getbyhwaddr(), put the rcu_read_lock/unlock exactly at
      their final place.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Cc: stable@kernel.org
      Cc: Octavian Purdila <opurdila@ixiacom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35d9b0c9
    • Changli Gao's avatar
      ifb: goto resched directly if error happens and dp->tq isn't empty · 75c1c825
      Changli Gao authored
      If we break the loop when there are still skbs in tq and no skb in
      rq, the skbs will be left in txq until new skbs are enqueued into rq.
      In rare cases, no new skb is queued, then these skbs will stay in rq
      forever.
      
      After this patch, if tq isn't empty when we break the loop, we goto
      resched directly.
      Signed-off-by: default avatarChangli Gao <xiaosuo@gmail.com>
      Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      75c1c825
    • Nandita Dukkipati's avatar
      tcp: Bug fix in initialization of receive window. · b1afde60
      Nandita Dukkipati authored
      The bug has to do with boundary checks on the initial receive window.
      If the initial receive window falls between init_cwnd and the
      receive window specified by the user, the initial window is incorrectly
      brought down to init_cwnd. The correct behavior is to allow it to
      remain unchanged.
      Signed-off-by: default avatarNandita Dukkipati <nanditad@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b1afde60
    • Dimitris Michailidis's avatar
      cxgb4: fix MAC address hash filter · ce9aeb58
      Dimitris Michailidis authored
      Fix the calculation of the inexact hash-based MAC address filter.
      It's 64 bits but current code is missing a ULL.  Results in filtering out
      some legitimate packets.
      Signed-off-by: default avatarDimitris Michailidis <dm@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce9aeb58