- 15 Mar, 2013 1 commit
-
-
Gao feng authored
In (c296bb4d netfilter: nf_conntrack: refactor l4proto support for netns) the l4proto gre/dccp/udplite/sctp registration happened before the pernet subsystem, which is wrong. Register pernet subsystem before register L4proto since after register L4proto, init_conntrack may try to access the resources which allocated in register_pernet_subsys. Reported-by:
Alexey Dobriyan <adobriyan@gmail.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
- 14 Mar, 2013 2 commits
-
-
Pavel Emelyanov authored
Hi. I'm trying to send big chunks of memory from application address space via TCP socket using vmsplice + splice like this mem = mmap(128Mb); vmsplice(pipe[1], mem); /* splice memory into pipe */ splice(pipe[0], tcp_socket); /* send it into network */ When I'm lucky and a huge page splices into the pipe and then into the socket _and_ client and server ends of the TCP connection are on the same host, communicating via lo, the whole connection gets stuck! The sending queue becomes full and app stops writing/splicing more into it, but the receiving queue remains empty, and that's why. The __skb_fill_page_desc observes a tail page of a huge page and erroneously propagates its page->pfmemalloc value onto socket (the pfmemalloc on tail pages contain garbage). Then this skb->pfmemalloc leaks through lo and due to the tcp_v4_rcv sk_filter if (skb->pfmemalloc && !sock_flag(sk, SOCK_MEMALLOC)) /* true */ return -ENOMEM goto release_and_discard; no packets reach the socket. Even TCP re-transmits are dropped by this, as skb cloning clones the pfmemalloc flag as well. That said, here's the proper page->pfmemalloc propagation onto socket: we must check the huge-page's head page only, other pages' pfmemalloc and mapping values do not contain what is expected in this place. However, I'm not sure whether this fix is _complete_, since pfmemalloc propagation via lo also oesn't look great. Both, bit propagation from page to skb and this check in sk_filter, were introduced by c48a11c7 (netvm: propagate page->pfmemalloc to skb), in v3.5 so Mel and stable@ are in Cc. Signed-off-by:Pavel Emelyanov <xemul@parallels.com> Acked-by:
Eric Dumazet <edumazet@google.com> Acked-by:
Mel Gorman <mgorman@suse.de> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Chrome OS team reported a crash on a Pixel ChromeBook in TCP stack : https://code.google.com/p/chromium/issues/detail?id=182056 commit a21d4572 (tcp: avoid order-1 allocations on wifi and tx path) did a poor choice adding an 'avail_size' field to skb, while what we really needed was a 'reserved_tailroom' one. It would have avoided commit 22b4a4f2 (tcp: fix retransmit of partially acked frames) and this commit. Crash occurs because skb_split() is not aware of the 'avail_size' management (and should not be aware) Signed-off-by:
Mukesh Agrawal <quiche@chromium.org> Signed-off-by:
-
- 13 Mar, 2013 8 commits
-
-
Bjørn Mork authored
commit bd877e4 ("net: qmi_wwan: use a single bind function for all device types") made Gobi 1K devices fail probing. Using the number of endpoints in the default altsetting to decide whether the function use one or two interfaces is wrong. Other altsettings may provide more endpoints. With Gobi 1K devices, USB interface #3's altsetting is 0 by default, but altsetting 0 only provides one interrupt endpoint and is not sufficent for QMI. Altsetting 1 provides all 3 endpoints required for qmi_wwan and works with QMI. Gobi 1K layout for intf#3 is: Interface Descriptor: 255/255/255 bInterfaceNumber 3 bAlternateSetting 0 Endpoint Descriptor: Interrupt IN Interface Descriptor: 255/255/255 bInterfaceNumber 3 bAlternateSetting 1 Endpoint Descriptor: Interrupt IN Endpoint Descriptor: Bulk IN Endpoint Descriptor: Bulk OUT Prior to commit bd877e4, we would call usbnet_get_endpoints before giving up finding enough endpoints. Removing the early endpoint number test and the strict functional descriptor requirement allow qmi_wwan_bind to continue until usbnet_get_endpoints has made the final attempt to collect endpoints. This restores the behaviour from before commit bd877e4 without losing the added benefit of using a single bind function. The driver has always required a CDC Union functional descriptor for two-interface functions. Using the existence of this descriptor to detect two-interface functions is the logically correct method. Reported-by:Dan Williams <dcbw@redhat.com> Signed-off-by:
Bjørn Mork <bjorn@mork.no> Tested-by:
-
Denis V. Lunev authored
a long time ago by the commit commit 93456b6d Author: Denis V. Lunev <den@openvz.org> Date: Thu Jan 10 03:23:38 2008 -0800 [IPV4]: Unify access to the routing tables. the defenition of FIB_HASH_TABLE size has obtained wrong dependency: it should depend upon CONFIG_IP_MULTIPLE_TABLES (as was in the original code) but it was depended from CONFIG_IP_ROUTE_MULTIPATH This patch returns the situation to the original state. The problem was spotted by Tingwei Liu. Signed-off-by:
Denis V. Lunev <den@openvz.org> CC: Tingwei Liu <tingw.liu@gmail.com> CC: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by:
-
Xufeng Zhang authored
sctp_assoc_lookup_tsn() function searchs which transport a certain TSN was sent on, if not found in the active_path transport, then go search all the other transports in the peer's transport_addr_list, however, we should continue to the next entry rather than break the loop when meet the active_path transport. Signed-off-by:
Xufeng Zhang <xufeng.zhang@windriver.com> Acked-by:
Neil Horman <nhorman@tuxdriver.com> Acked-by:
Vlad Yasevich <vyasevich@gmail.com> Signed-off-by:
-
Vlad Yasevich authored
When SCTP is done processing a duplicate cookie chunk, it tries to delete a newly created association. For that, it has to set the right association for the side-effect processing to work. However, when it uses the SCTP_CMD_NEW_ASOC command, that performs more work then really needed (like hashing the associationa and assigning it an id) and there is no point to do that only to delete the association as a next step. In fact, it also creates an impossible condition where an association may be found by the getsockopt() call, and that association is empty. This causes a crash in some sctp getsockopts. The solution is rather simple. We simply use SCTP_CMD_SET_ASOC command that doesn't have all the overhead and does exactly what we need. Reported-by:
Karl Heiss <kheiss@gmail.com> Tested-by:
-
Nithin Sujir authored
Commit d13ba512 ("tg3: Remove SPEED_UNKNOWN checks") cleaned up the autoneg advertisement by removing some dead code. One effect of this change was that the advertisement register would not be updated if autoneg is turned off. This exposed a bug on the 5715 device w.r.t linking. The 5715 defaults to advertise only 10Mb Full duplex. But with autoneg disabled, it needs the configured speed enabled in the advertisement register to link up. This patch adds the work around to advertise all speeds on the 5715 when autoneg is disabled. Reported-by:
Marcin Miotk <marcinmiotk81@gmail.com> Reviewed-by:
Benjamin Li <benli@broadcom.com> Signed-off-by:
Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfcDavid S. Miller authored
Ben Hutchings says: ==================== Just the one bug fix I mentioned before, but it's a pretty important one as it can cause silent data corruption or IOMMU page faults. This would be suitable for stable and should apply cleanly to all the 3.x.y branches. I'm still working through testing of larger sets of fixes. ==================== Signed-off-by: -
Veaceslav Falico authored
bond_update_speed_duplex() might sleep while calling underlying slave's routines. Move it out of atomic context in bond_enslave() and remove it from bond_miimon_commit() - it was introduced by commit 546add79, however when the slave interfaces go up/change state it's their responsibility to fire NETDEV_UP/NETDEV_CHANGE events so that bonding can properly update their speed. I've tested it on all combinations of ifup/ifdown, autoneg/speed/duplex changes, remote-controlled and local, on (not) MII-based cards. All changes are visible. Signed-off-by:
Veaceslav Falico <vfalico@redhat.com> Signed-off-by:
-
Daniel Mack authored
Commit fae50823 ("net: ethernet: davinci_cpdma: Add boundary for rx and tx descriptors") introduced a function to check the current allocation state of tx packets. The return value is taken into account to stop the netqork queue on the adapter in case there are no free slots. However, cpdma_check_free_tx_desc() returns 'true' if there is room in the bitmap, not 'false', so the usage of the function is wrong. Signed-off-by:
Daniel Mack <zonque@gmail.com> Cc: Mugunthan V N <mugunthanvnm@ti.com> Reported-by:
Sven Neumann <s.neumann@raumfeld.com> Reported-by:
Andreas Fenkart <andreas.fenkart@streamunlimited.com> Tested-by:
Mugunthan V N <mugunthanvnm@ti.com> Acked-by:
-
- 12 Mar, 2013 8 commits
-
-
Ben Hutchings authored
Using TX push when notifying the NIC of multiple new descriptors in the ring will very occasionally cause the TX DMA engine to re-use an old descriptor. This can result in a duplicated or partly duplicated packet (new headers with old data), or an IOMMU page fault. This does not happen when the pushed descriptor is the only one written. TX push also provides little latency benefit when a packet requires more than one descriptor. Signed-off-by:Ben Hutchings <bhutchings@solarflare.com>
-
Li RongQing authored
[ Bug added added in commit 05e8ef4a (net: factor out skb_mac_gso_segment() from skb_gso_segment() ) ] move vlan_depth out of while loop, or else vlan_depth always is ETH_HLEN, can not be increased, and lead to infinite loop when frame has two vlan headers. Signed-off-by:
Li RongQing <roy.qing.li@gmail.com> Acked-by:
-
Chen Gang authored
k is u32 which never < 0, need type cast, or cause issue. Signed-off-by:
Chen Gang <gang.chen@asianux.com> Acked-by:
Russell King <rmk+kernel@arm.linux.org.uk> Acked-by:
Mircea Gherzan <mgherzan@gmail.com> Signed-off-by:
-
Veaceslav Falico authored
__netpoll_cleanup() is called in netconsole_netdev_event() while holding a spinlock. Release/acquire the spinlock before/after it and restart the loop. Also, disable the netconsole completely, because we won't have chance after the restart of the loop, and might end up in a situation where nt->enabled == 1 and nt->np.dev == NULL. Signed-off-by:
-
stephen hemminger authored
The bridge multicast fast leave feature was added sufficient space was not reserved in the netlink message. This means the flag may be lost in netlink events and results of queries. Found by observation while looking up some netlink stuff for discussion with Vlad. Problem introduced by commit c2d3babf Author: David S. Miller <davem@davemloft.net> Date: Wed Dec 5 16:24:45 2012 -0500 bridge: implement multicast fast leave Signed-off-by:
Stephen Hemminger <stephen@networkplumber.org> Signed-off-by:
-
git://git.open-mesh.org/linux-mergeDavid S. Miller authored
Included changes ares: - fix packet parsing routine to avoid to read beyond the packet boundary Signed-off-by: -
David Ward authored
This is needed in order to detect if the timestamp option appears more than once in a packet, to remove the option if the packet is fragmented, etc. My previous change neglected to store the option location when the router addresses were prespecified and Pointer > Length. But now the option location is also stored when Flag is an unrecognized value, to ensure these option handling behaviors are still performed. Signed-off-by:
David Ward <david.ward@ll.mit.edu> Signed-off-by:
-
Santosh Rastapur authored
New scheme calls for 3rd party VPD at offset 0x0 and Chelsio VPD at offset 0x400 of the function. If no 3rd party VPD is present, then a copy of Chelsio's VPD will be at offset 0x0 to keep in line with PCI spec which requires the VPD to be present at offset 0x0. Signed-off-by:
Santosh Rastapur <santosh@chelsio.com> Signed-off-by:
Vipul Pandya <vipul@chelsio.com> Signed-off-by:
-
- 11 Mar, 2013 15 commits
-
-
Marek Lindner authored
batadv_iv_ogm_process() accesses the packet using the tt_num_changes attribute regardless of the real packet len (assuming the length check was done before). Therefore a length check is needed to avoid reading random memory. Signed-off-by:
Marek Lindner <lindner_marek@yahoo.de> Signed-off-by:
Antonio Quartulli <ordex@autistici.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Ingo Molnar: "Misc minor fixes mostly related to tracing" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: s390: Fix a header dependencies related build error tracing: update documentation of snapshot utility tracing: Do not return EINVAL in snapshot when not allocated tracing: Add help of snapshot feature when snapshot is empty ftrace: Update the kconfig for DYNAMIC_FTRACE
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Missing cancel of work items in mac80211 MLME, from Ben Greear. 2) Fix DMA mapping handling in iwlwifi by using coherent DMA for command headers, from Johannes Berg. 3) Decrease the amount of pressure on the page allocator by using order 1 pages less in iwlwifi, from Emmanuel Grumbach. 4) Fix mesh PS broadcast OOPS in mac80211, from Marco Porsch. 5) Don't forget to recalculate idle state in mac80211 monitor interface, from Felix Fietkau. 6) Fix varargs in netfilter conntrack handler, from Joe Perches. 7) Need to reset entire chip when command queue fills up in iwlwifi, from Emmanuel Grumbach. 8) The TX antenna value must be valid when calibrations are performed in iwlwifi, fix from Dor Shaish. 9) Don't generate netfilter audit log entries when audit is disabled, from Gao Feng. 10) Deal with DMA unit hang on e1000e during power state transitions, from Bruce Allan. 11) Remove BUILD_BUG_ON check from igb driver, from Alexander Duyck. 12) Fix lockdep warning on i2c handling of igb driver, from Carolyn Wyborny. 13) Fix several TTY handling issues in IRDA ircomm tty driver, from Peter Hurley. 14) Several QFQ packet scheduler fixes from Paolo Valente. 15) When VXLAN encapsulates on transmit, we have to reset the netfilter state. From Zang MingJie. 16) Fix jiffie check in net_rx_action() so that we really cap the processing at 2HZ. From Eric Dumazet. 17) Fix erroneous trigger of IP option space exhaustion, when routers are pre-specified and we are looking to see if we can insert a timestamp, we will have the space. From David Ward. 18) Fix various issues in benet driver wrt waiting for firmware to finish POST after resets or errors. From Gavin Shan and Sathya Perla. 19) Fix TX locking in SFC driver, from Ben Hutchings. 20) Like the VXLAN fix above, when we encap in a TUN device we have to reset the netfilter state. This should fix several strange crashes reported by Dave Jones and others. From Eric Dumazet. 21) Don't forget to clean up MAC address resources when shutting down a port in mlx4 driver, from Yan Burman. 22) Fix divide by zero in vmxnet3 driver, from Bhavesh Davda. 23) Fix device statistic regression in tg3 when the driver is using phylib, from Nithin Sujir. 24) Fix info leak in several netlink handlers, from Mathias Krause. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (79 commits) 6lowpan: Fix endianness issue in is_addr_link_local(). rrunner.c: fix possible memory leak in rr_init_one() dcbnl: fix various netlink info leaks rtnl: fix info leak on RTM_GETLINK request for VF devices bridge: fix mdb info leaks tg3: Update link_up flag for phylib devices ipv6: stop multicast forwarding to process interface scoped addresses bridging: fix rx_handlers return code netlabel: fix build problems when CONFIG_IPV6=n drivers/isdn: checkng length to be sure not memory overflow net/rds: zero last byte for strncpy bnx2x: Fix SFP+ misconfiguration in iSCSI boot scenario bnx2x: Fix intermittent long KR2 link up time macvlan: Set IFF_UNICAST_FLT flag to prevent unnecessary promisc mode. team: unsyc the devices addresses when port is removed bridge: add missing vid to br_mdb_get() Fix: sparse warning in inet_csk_prepare_forced_close afkey: fix a typo MAINTAINERS: Update qlcnic maintainers list netlabel: correctly list all the static label mappings ... -
git://git.kernel.org/pub/scm/linux/kernel/git/rw/umlLinus Torvalds authored
Pull UML fixes from Richard Weinberger: "This update brings various fixes. Nothing special... In my local queue I have some more fixes which will be sent later to you. 3.9 uncovered strange UML issues. :(" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: Use tty_port in SIGWINCH handler um: Use tty_port_operations->destruct um: fix build failure due to mess-up of sig_info protorype um: add missing declaration of 'getrlimit()' and friends net : enable tx time stamping in the vde driver. hostfs: fix a not needed double check -
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input updates from Dmitry Torokhov: "Except for the largish change to the ALPS driver adding "Dolphin V1" support and Wacom getting a new signature of yet another device, the rest are straightforward driver fixes." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: mms114 - Fix regulator enable and disable paths Input: ads7864 - check return value of regulator enable Input: tc3589x-keypad - fix keymap size Input: wacom - add support for 0x10d Input: ALPS - update documentation for recent touchpad driver mods Input: ALPS - add "Dolphin V1" touchpad support Input: ALPS - remove unused argument to alps_enter_command_mode() Input: cypress_ps2 - fix trackpadi found in Dell XPS12
-
Li Zefan authored
Commit 877c6856 ("perf: Remove include of cgroup.h from perf_event.h") caused this build failure if PERF_EVENTS is enabled: In file included from arch/s390/include/asm/perf_event.h:9:0, from include/linux/perf_event.h:24, from kernel/events/ring_buffer.c:12: arch/s390/include/asm/cpu_mf.h: In function 'qctri': arch/s390/include/asm/cpu_mf.h:61:12: error: 'EINVAL' undeclared (first use in this function) cpu_mf.h had an implicit errno.h dependency, which was added indirectly via cgroups.h but not anymore. Add it explicitly. Reported-by:
Fengguang Wu <fengguang.wu@intel.com> Tested-by:
Li Zefan <lizefan@huawei.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Link: http://lkml.kernel.org/r/51385F79.7000106@huawei.comSigned-off-by:
Ingo Molnar <mingo@kernel.org>
-
Richard Weinberger authored
The tty below tty_port might get destroyed by the tty layer while we hold a reference to it. So we have to carry tty_port around... Signed-off-by:Richard Weinberger <richard@nod.at>
-
Richard Weinberger authored
As we setup the SIGWINCH handler in tty_port_operations->activate it makes sense to tear down it in ->destruct. Signed-off-by: -
Sergei Trofimovich authored
arch/um/os-Linux/signal.c:18:8: error: conflicting types for 'sig_info' In file included from /home/slyfox/linux-2.6/arch/um/os-Linux/signal.c:12:0: arch/um/include/shared/as-layout.h:64:15: note: previous declaration of 'sig_info' was here Signed-off-by:
Sergei Trofimovich <slyfox@gentoo.org> CC: Jeff Dike <jdike@addtoit.com> CC: Richard Weinberger <richard@nod.at> CC: "Martin Pärtel" <martin.partel@gmail.com> CC: Al Viro <viro@zeniv.linux.org.uk> CC: user-mode-linux-devel@lists.sourceforge.net CC: user-mode-linux-user@lists.sourceforge.net CC: linux-kernel@vger.kernel.org Signed-off-by:
-
Sergei Trofimovich authored
arch/um/os-Linux/start_up.c: In function 'check_coredump_limit': arch/um/os-Linux/start_up.c:338:16: error: storage size of 'lim' isn't known arch/um/os-Linux/start_up.c:339:2: error: implicit declaration of function 'getrlimit' [-Werror=implicit-function-declaration] Signed-off-by:
-
Paul Chavent authored
This new version moves the skb_tx_timestamp in the main uml driver. This should avoid the need to call this function in each transport (vde, slirp, tuntap, ...). It also add support for ethtool get_ts_info. Signed-off-by:
Paul Chavent <paul.chavent@onera.fr> Acked-by:
Richard Cochran <richardcochran@gmail.com> Signed-off-by:
-
Marco Stornelli authored
With the commit 3be2be0a we removed vmtruncate, but actaully there is no need to call inode_newsize_ok() because the checks are already done in inode_change_ok() at the begin of the function. Signed-off-by:
Marco Stornelli <marco.stornelli@gmail.com> Signed-off-by:
-
Mark Brown authored
When it uses regulators the mms114 driver checks to see if it managed to acquire regulators and ignores errors. This is not the intended usage and not great style in general. Since the driver already refuses to probe if it fails to allocate the regulators simply make the enable and disable calls unconditional and add appropriate error handling, including adding cleanup of the regulators if setup_reg() fails. Signed-off-by:
Mark Brown <broonie@opensource.wolfsonmicro.com> Acked-by:
Joonyoung Shim <jy0922.shim@samsung.com> Signed-off-by:
Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Mark Brown authored
At least print a warning if we can't power the device up. Signed-off-by:
-
Rabin Vincent authored
The keymap size used by tc3589x is too low, leading to the driver overwriting other people's memory. Fix this by making the driver use the automatically allocated keymap provided by matrix_keypad_build_keymap() instead of allocating one on its own. Signed-off-by:
Rabin Vincent <rabin.vincent@stericsson.com> Signed-off-by:
-
- 10 Mar, 2013 6 commits
-
-
Linus Torvalds authored
-
YOSHIFUJI Hideaki / 吉藤英明 authored
Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
David Oostdyk authored
In the event that register_netdev() failed, the rrpriv->evt_ring allocation would have not been freed. Signed-off-by:
David Oostdyk <daveo@ll.mit.edu> Signed-off-by:
-
Mathias Krause authored
The dcb netlink interface leaks stack memory in various places: * perm_addr[] buffer is only filled at max with 12 of the 32 bytes but copied completely, * no in-kernel driver fills all fields of an IEEE 802.1Qaz subcommand, so we're leaking up to 58 bytes for ieee_ets structs, up to 136 bytes for ieee_pfc structs, etc., * the same is true for CEE -- no in-kernel driver fills the whole struct, Prevent all of the above stack info leaks by properly initializing the buffers/structures involved. Signed-off-by:
Mathias Krause <minipli@googlemail.com> Signed-off-by:
-
Mathias Krause authored
Initialize the mac address buffer with 0 as the driver specific function will probably not fill the whole buffer. In fact, all in-kernel drivers fill only ETH_ALEN of the MAX_ADDR_LEN bytes, i.e. 6 of the 32 possible bytes. Therefore we currently leak 26 bytes of stack memory to userland via the netlink interface. Signed-off-by:
-
Mathias Krause authored
The bridging code discloses heap and stack bytes via the RTM_GETMDB netlink interface and via the notify messages send to group RTNLGRP_MDB afer a successful add/del. Fix both cases by initializing all unset members/padding bytes with memset(0). Cc: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by:
-
