1. 18 Sep, 2012 10 commits
  2. 05 Sep, 2012 7 commits
  3. 02 Sep, 2012 4 commits
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · 5b716ac7
      Linus Torvalds authored
      Pull CIFS fixes from Steve French.
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        CIFS: Fix cifs_do_create error hadnling
        cifs: print error code if smb signature verification fails
        CIFS: Fix log messages in packet checking for SMB2
        CIFS: Protect i_nlink from being negative
      5b716ac7
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0b1a34c9
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) NLA_PUT* --> nla_put_* conversion got one case wrong in
          nfnetlink_log, fix from Patrick McHardy.
      
       2) Missed error return check in ipw2100 driver, from Julia Lawall.
      
       3) PMTU updates in ipv4 were setting the expiry time incorrectly, fix
          from Eric Dumazet.
      
       4) SFC driver erroneously reversed src and dst when reporting filters
          via ethtool.
      
       5) Memory leak in CAN protocol and wrong setting of IRQF_SHARED in
          sja1000 can platform driver, from Alexey Khoroshilov and Sven
          Schmitt.
      
       6) Fix multicast traffic scaling regression in ipv4_dst_destroy, only
          take the lock when we really need to.  From Eric Dumazet.
      
       7) Fix non-root process spoofing in netlink, from Pablo Neira Ayuso.
      
       8) CWND reduction in TCP is done incorrectly during non-SACK recovery,
          fix from Yuchung Cheng.
      
       9) Revert netpoll change, and fix what was actually a driver specific
          problem.  From Amerigo Wang.  This should cure bootup hangs with
          netconsole some people reported.
      
      10) Fix xen-netfront invoking __skb_fill_page_desc() with a NULL page
          pointer.  From Ian Campbell.
      
      11) SIP NAT fix for expectiontation creation, from Pablo Neira Ayuso.
      
      12) __ip_rt_update_pmtu() needs RCU locking, from Eric Dumazet.
      
      13) Fix usbnet deadlock on resume, can't use GFP_KERNEL in this
          situation.  From Oliver Neukum.
      
      14) The davinci ethernet driver triggers an OOPS on removal because it
          frees an MDIO object before unregistering it.  Fix from Bin Liu.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
        net: qmi_wwan: add several new Gobi devices
        fddi: 64 bit bug in smt_add_para()
        net: ethernet: fix kernel OOPS when remove davinci_mdio module
        net/xfrm/xfrm_state.c: fix error return code
        net: ipv6: fix error return code
        net: qmi_wwan: new device: Foxconn/Novatel E396
        usbnet: fix deadlock in resume
        cs89x0 : packet reception not working
        netfilter: nf_conntrack: fix racy timer handling with reliable events
        bnx2x: Correct the ndo_poll_controller call
        bnx2x: Move netif_napi_add to the open call
        ipv4: must use rcu protection while calling fib_lookup
        bnx2x: fix 57840_MF pci id
        net: ipv4: ipmr_expire_timer causes crash when removing net namespace
        e1000e: DoS while TSO enabled caused by link partner with small MSS
        l2tp: avoid to use synchronize_rcu in tunnel free function
        gianfar: fix default tx vlan offload feature flag
        netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation
        xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX
        netfilter: nfnetlink_log: fix error return code in init path
        ...
      0b1a34c9
    • Bjørn Mork's avatar
      net: qmi_wwan: add several new Gobi devices · 50022005
      Bjørn Mork authored
      Gobi devices are composite, needing both the qcserial and
      qmi_wwan drivers to support all functions.  Re-syncing the
      list of supported devices with qcserial.
      
      Cc: Aleksander Morgado <aleksander@lanedo.com>
      Cc: Thomas Tuttle <ttuttle@chromium.org>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@tempietto.lan>
      50022005
    • Dan Carpenter's avatar
      fddi: 64 bit bug in smt_add_para() · e1b2aa7f
      Dan Carpenter authored
      The intent was to set 4 bytes of data so that's why the sp_len is set
      to 4 on the next line.  The cast to u_long pointer clears 8 bytes
      on 64 bit arches.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@tempietto.lan>
      e1b2aa7f
  4. 01 Sep, 2012 5 commits
  5. 31 Aug, 2012 8 commits
  6. 30 Aug, 2012 6 commits
    • Merav Sicron's avatar
      bnx2x: Correct the ndo_poll_controller call · 14a15d61
      Merav Sicron authored
      This patch correct poll_bnx2x (ndo_poll_controller call) which was not
      functioning well with MSI-X.
      Signed-off-by: default avatarMerav Sicron <meravs@broadcom.com>
      Signed-off-by: default avatarDmitry Kravkov <dmitry@broadcom.com>
      Signed-off-by: default avatarEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      14a15d61
    • Merav Sicron's avatar
      bnx2x: Move netif_napi_add to the open call · 26614ba5
      Merav Sicron authored
      Move netif_napi_add for all queues from the probe call to the open call, to
      avoid the case that napi objects are added for queues that may eventually not
      be initialized and activated. With the former behavior, the driver could crash
      when netpoll was calling ndo_poll_controller.
      Signed-off-by: default avatarMerav Sicron <meravs@broadcom.com>
      Signed-off-by: default avatarDmitry Kravkov <dmitry@broadcom.com>
      Signed-off-by: default avatarEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      26614ba5
    • Eric Dumazet's avatar
      ipv4: must use rcu protection while calling fib_lookup · c5ae7d41
      Eric Dumazet authored
      Following lockdep splat was reported by Pavel Roskin :
      
      [ 1570.586223] ===============================
      [ 1570.586225] [ INFO: suspicious RCU usage. ]
      [ 1570.586228] 3.6.0-rc3-wl-main #98 Not tainted
      [ 1570.586229] -------------------------------
      [ 1570.586231] /home/proski/src/linux/net/ipv4/route.c:645 suspicious rcu_dereference_check() usage!
      [ 1570.586233]
      [ 1570.586233] other info that might help us debug this:
      [ 1570.586233]
      [ 1570.586236]
      [ 1570.586236] rcu_scheduler_active = 1, debug_locks = 0
      [ 1570.586238] 2 locks held by Chrome_IOThread/4467:
      [ 1570.586240]  #0:  (slock-AF_INET){+.-...}, at: [<ffffffff814f2c0c>] release_sock+0x2c/0xa0
      [ 1570.586253]  #1:  (fnhe_lock){+.-...}, at: [<ffffffff815302fc>] update_or_create_fnhe+0x2c/0x270
      [ 1570.586260]
      [ 1570.586260] stack backtrace:
      [ 1570.586263] Pid: 4467, comm: Chrome_IOThread Not tainted 3.6.0-rc3-wl-main #98
      [ 1570.586265] Call Trace:
      [ 1570.586271]  [<ffffffff810976ed>] lockdep_rcu_suspicious+0xfd/0x130
      [ 1570.586275]  [<ffffffff8153042c>] update_or_create_fnhe+0x15c/0x270
      [ 1570.586278]  [<ffffffff815305b3>] __ip_rt_update_pmtu+0x73/0xb0
      [ 1570.586282]  [<ffffffff81530619>] ip_rt_update_pmtu+0x29/0x90
      [ 1570.586285]  [<ffffffff815411dc>] inet_csk_update_pmtu+0x2c/0x80
      [ 1570.586290]  [<ffffffff81558d1e>] tcp_v4_mtu_reduced+0x2e/0xc0
      [ 1570.586293]  [<ffffffff81553bc4>] tcp_release_cb+0xa4/0xb0
      [ 1570.586296]  [<ffffffff814f2c35>] release_sock+0x55/0xa0
      [ 1570.586300]  [<ffffffff815442ef>] tcp_sendmsg+0x4af/0xf50
      [ 1570.586305]  [<ffffffff8156fc60>] inet_sendmsg+0x120/0x230
      [ 1570.586308]  [<ffffffff8156fb40>] ? inet_sk_rebuild_header+0x40/0x40
      [ 1570.586312]  [<ffffffff814f4bdd>] ? sock_update_classid+0xbd/0x3b0
      [ 1570.586315]  [<ffffffff814f4c50>] ? sock_update_classid+0x130/0x3b0
      [ 1570.586320]  [<ffffffff814ec435>] do_sock_write+0xc5/0xe0
      [ 1570.586323]  [<ffffffff814ec4a3>] sock_aio_write+0x53/0x80
      [ 1570.586328]  [<ffffffff8114bc83>] do_sync_write+0xa3/0xe0
      [ 1570.586332]  [<ffffffff8114c5a5>] vfs_write+0x165/0x180
      [ 1570.586335]  [<ffffffff8114c805>] sys_write+0x45/0x90
      [ 1570.586340]  [<ffffffff815d2722>] system_call_fastpath+0x16/0x1b
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarPavel Roskin <proski@gnu.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5ae7d41
    • Yuval Mintz's avatar
      bnx2x: fix 57840_MF pci id · 5c879d20
      Yuval Mintz authored
      Commit c3def943 have added support for
      new pci ids of the 57840 board, while failing to change the obsolete value
      in 'pci_ids.h'.
      This patch does so, allowing the probe of such devices.
      Signed-off-by: default avatarYuval Mintz <yuvalmin@broadcom.com>
      Signed-off-by: default avatarEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c879d20
    • Francesco Ruggeri's avatar
      net: ipv4: ipmr_expire_timer causes crash when removing net namespace · acbb219d
      Francesco Ruggeri authored
      When tearing down a net namespace, ipv4 mr_table structures are freed
      without first deactivating their timers. This can result in a crash in
      run_timer_softirq.
      This patch mimics the corresponding behaviour in ipv6.
      Locking and synchronization seem to be adequate.
      We are about to kfree mrt, so existing code should already make sure that
      no other references to mrt are pending or can be created by incoming traffic.
      The functions invoked here do not cause new references to mrt or other
      race conditions to be created.
      Invoking del_timer_sync guarantees that ipmr_expire_timer is inactive.
      Both ipmr_expire_process (whose completion we may have to wait in
      del_timer_sync) and mroute_clean_tables internally use mfc_unres_lock
      or other synchronizations when needed, and they both only modify mrt.
      
      Tested in Linux 3.4.8.
      Signed-off-by: default avatarFrancesco Ruggeri <fruggeri@aristanetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      acbb219d
    • Bruce Allan's avatar
      e1000e: DoS while TSO enabled caused by link partner with small MSS · d821a4c4
      Bruce Allan authored
      With a low enough MSS on the link partner and TSO enabled locally, the
      networking stack can periodically send a very large (e.g.  64KB) TCP
      message for which the driver will attempt to use more Tx descriptors than
      are available by default in the Tx ring.  This is due to a workaround in
      the code that imposes a limit of only 4 MSS-sized segments per descriptor
      which appears to be a carry-over from the older e1000 driver and may be
      applicable only to some older PCI or PCIx parts which are not supported in
      e1000e.  When the driver gets a message that is too large to fit across the
      configured number of Tx descriptors, it stops the upper stack from queueing
      any more and gets stuck in this state.  After a timeout, the upper stack
      assumes the adapter is hung and calls the driver to reset it.
      
      Remove the unnecessary limitation of using up to only 4 MSS-sized segments
      per Tx descriptor, and put in a hard failure test to catch when attempting
      to check for message sizes larger than would fit in the whole Tx ring.
      Refactor the remaining logic that limits the size of data per Tx descriptor
      from a seemingly arbitrary 8KB to a limit based on the dynamic size of the
      Tx packet buffer as described in the hardware specification.
      
      Also, fix the logic in the check for space in the Tx ring for the next
      largest possible packet after the current one has been successfully queued
      for transmit, and use the appropriate defines for default ring sizes in
      e1000_probe instead of magic values.
      
      This issue goes back to the introduction of e1000e in 2.6.24 when it was
      split off from e1000.
      Reported-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarBruce Allan <bruce.w.allan@intel.com>
      Cc: Stable <stable@vger.kernel.org> [2.6.24+]
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d821a4c4