- 31 Jul, 2014 2 commits
-
-
Pablo Neira Ayuso authored
Otherwise, the kernel oopses in nla_for_each_nested when iterating over the unset attribute NFTA_SET_ELEM_LIST_ELEMENTS in the nf_tables_{new,del}setelem() path. netlink: 65524 bytes leftover after parsing attributes in process `nft'. [...] Oops: 0000 [#1] SMP [...] CPU: 2 PID: 6287 Comm: nft Not tainted 3.16.0-rc2+ #169 RIP: 0010:[<ffffffffa0526e61>] [<ffffffffa0526e61>] nf_tables_newsetelem+0x82/0xec [nf_tables] [...] Call Trace: [<ffffffffa05178c4>] nfnetlink_rcv+0x2e7/0x3d7 [nfnetlink] [<ffffffffa0517939>] ? nfnetlink_rcv+0x35c/0x3d7 [nfnetlink] [<ffffffff8137d300>] netlink_unicast+0xf8/0x17a [<ffffffff8137d6a5>] netlink_sendmsg+0x323/0x351 [...] Fix this by returning -EINVAL if this attribute is not set, which doesn't make sense at all since those commands are there to add and to delete elements from the set. Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org>
-
Alexey Perevalov authored
Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA, but they are accepting pit position, but not a bit mask. As a result not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such behaviour was dangarous and could lead to unexpected overquota report result. Signed-off-by:
Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by:
-
- 30 Jul, 2014 1 commit
-
-
Alexey Perevalov authored
NFNL_MSG_ACCT_GET_CTRZERO modifies dumped flags, in this case client see unmodified (uncleared) counter value and cleared overquota state - end user doesn't know anything about overquota state, unless end user subscribed on overquota report. Signed-off-by:
-
- 25 Jul, 2014 3 commits
-
-
Paul Bolle authored
The ulog targets were recently killed. A few references to the Kconfig macros CONFIG_IP_NF_TARGET_ULOG and CONFIG_BRIDGE_EBT_ULOG were left untouched. Kill these too. Signed-off-by:
Paul Bolle <pebolle@tiscali.nl> Signed-off-by:
-
Duan Jiong authored
The function led_trigger_register() will only return -EEXIST when error arises. Signed-off-by:
Duan Jiong <duanj.fnst@cn.fujitsu.com> Signed-off-by:
-
Himangi Saraogi authored
In this file, function names are otherwise used as pointers without &. A simplified version of the Coccinelle semantic patch that makes this change is as follows: // <smpl> @r@ identifier f; @@ f(...) { ... } @@ identifier r.f; @@ - &f + f // </smpl> Signed-off-by:Himangi Saraogi <himangi774@gmail.com> Acked-by:
Julia Lawall <julia.lawall@lip6.fr> Signed-off-by:
-
- 24 Jul, 2014 1 commit
-
-
Eric Dumazet authored
xt_hashlimit cannot be used with large hash tables, because garbage collector is run from a timer. If table is really big, its possible to hold cpu for more than 500 msec, which is unacceptable. Switch to a work queue, and use proper scheduling points to remove latencies spikes. Later, we also could switch to a smoother garbage collection done at lookup time, one bucket at a time... Signed-off-by:
Eric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Cc: Patrick McHardy <kaber@trash.net> Reviewed-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
- 22 Jul, 2014 22 commits
-
-
Pablo Neira Ayuso authored
This patch uses the cb->data pointer that allows us to store the context when dumping the set list. Thus, we don't need to parse the original netlink message containing the dump request for each recvmsg() call when dumping the set list. The different function flavours depending on the dump criteria has been also merged into one single generic function. This saves us ~100 lines of code. Signed-off-by: -
Pablo Neira Ayuso authored
So you can reject IPv4 and IPv6 packets from bridge tables. If the ether proto is now known, default on dropping the packet instead. Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: drivers/infiniband/hw/cxgb4/device.c The cxgb4 conflict was simply overlapping changes. Signed-off-by:David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Null termination fix in dns_resolver got the pointer dereferncing wrong, fix from Ben Hutchings. 2) ip_options_compile() has a benign but real buffer overflow when parsing options. From Eric Dumazet. 3) Table updates can crash in netfilter's nftables if none of the state flags indicate an actual change, from Pablo Neira Ayuso. 4) Fix race in nf_tables dumping, also from Pablo. 5) GRE-GRO support broke the forwarding path because the segmentation state was not fully initialized in these paths, from Jerry Chu. 6) sunvnet driver leaks objects and potentially crashes on module unload, from Sowmini Varadhan. 7) We can accidently generate the same handle for several u32 classifier filters, fix from Cong Wang. 8) Several edge case bug fixes in fragment handling in xen-netback, from Zoltan Kiss. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits) ipv4: fix buffer overflow in ip_options_compile() batman-adv: fix TT VLAN inconsistency on VLAN re-add batman-adv: drop QinQ claim frames in bridge loop avoidance dns_resolver: Null-terminate the right string xen-netback: Fix pointer incrementation to avoid incorrect logging xen-netback: Fix releasing header slot on error path xen-netback: Fix releasing frag_list skbs in error path xen-netback: Fix handling frag_list on grant op error path net_sched: avoid generating same handle for u32 filters net: huawei_cdc_ncm: add "subclass 3" devices net: qmi_wwan: add two Sierra Wireless/Netgear devices wan/x25_asy: integer overflow in x25_asy_change_mtu() net: ppp: fix creating PPP pass and active filters net/mlx4_en: cq->irq_desc wasn't set in legacy EQ's sunvnet: clean up objects created in vnet_new() on vnet_exit() r8169: Enable RX_MULTI_EN for RTL_GIGA_MAC_VER_40 net-gre-gro: Fix a bug that breaks the forwarding path netfilter: nf_tables: 64bit stats need some extra synchronization netfilter: nf_tables: set NLM_F_DUMP_INTR if netlink dumping is stale netfilter: nf_tables: safe RCU iteration on list when dumping ... -
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds authored
Pull sparc fix from David Miller: "Need to hook up the new renameat2 system call" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: Hook up renameat2 syscall.
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/ideLinus Torvalds authored
Pull IDE fixes from David Miller: - fix interrupt registry for some Atari IDE chipsets. - adjust Kconfig dependencies for x86_32 specific chips. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide: ide: Fix SC1200 dependencies ide: Fix CS5520 and CS5530 dependencies m68k/atari - ide: do not register interrupt if host->get_lock is set
-
Linus Torvalds authored
Merge tag 'trace-fixes-v3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull trace fix from Steven Rostedt: "Tony Luck found that using the "uptime" trace clock that uses jiffies as a counter was converted to nanoseconds (silly), and after 1 hour 11 minutes and 34 seconds, this monotonic clock would wrap, causing havoc with the tracing system and making the clock useless. He converted that clock to use jiffies_64 and made it into a counter instead of nanosecond conversions, and displayed the clock with the straight jiffy count, which works much better than it did in the past" * tag 'trace-fixes-v3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Fix wraparound problems in "uptime" trace clock
-
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Hariprasad Shenai says: ==================== Misc. fix for cxgb4 and iw_cxgb4 This patch series adds support to enchance error reporting, log detailed warning for negative advice, support query_qp verb and advertise correct device max attributes for iwarp. The patches series is created against 'net-next' tree. And includes patches on cxgb4 and iw_cxgb4 driver. Since this patch-series contains changes which are dependent on commit id 4c2c5763 ("cxgb4/iw_cxgb4: use firmware ord/ird resource limits") of net-next tree we would like to request this patch series to get merged via David Miller's 'net-next' tree. ==================== Signed-off-by:
-
Hariprasad Shenai authored
Use the size advertised by FW Signed-off-by:
Steve Wise <swise@opengridcomputing.com> Signed-off-by:
Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by:
-
Hariprasad Shenai authored
Advertise the actual max limits for things like qp depths, number of qps, cqs, etc. Clean up the queue allocation for qps and cqs. Signed-off-by:
-
Hariprasad Shenai authored
Signed-off-by:
-
Hariprasad Shenai authored
Signed-off-by:
-
Hariprasad Shenai authored
Signed-off-by:
-
David S. Miller authored
Govindarajulu Varadarajan says: ==================== enic: Display classifier filters using ethtool This series adds ethtool support to show classifier filters added by driver. v2: The patch 1/2 removes the $ifdef's around the filter structure. Making it available always. So that .get_rxnfc() can be implimented without any #ifdefs ==================== Signed-off-by: -
Govindarajulu Varadarajan authored
This patch impliments ethtool_ops->get_rxnfc() to display the classifier filter added by the driver. Signed-off-by:
Govindarajulu Varadarajan <_govind@gmx.com> Signed-off-by:
-
Govindarajulu Varadarajan authored
This patch removes the #ifdef CONFIG_RFS_ACCEL around the classifier filter structures. This makes the filter structures available when CONFIG_RFS_ACCEL = n. Introduce enic_rfs_timer_start() & enic_rfs_timer_stop() to start/stop the timer. These two functions are nop when CONFIG_RFS_ACCEL = n. Signed-off-by:
-
Ursula Braun authored
An af_iucv stress test showed -EPIPE results for sendmsg() calls. They are caused by quiescing a path even though it has been already severed by peer. For IUCV transport shutdown() consists of 2 steps: (1) sending the shutdown message to peer (2) quiescing the iucv path If the iucv path between these 2 steps is severed due to peer closing the path, the quiesce step is no longer needed. Signed-off-by:
Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by:
Frank Blaschka <blaschka@linux.vnet.ibm.com> Reported-by:
Philipp Hachtmann <phacht@linux.vnet.ibm.com> Signed-off-by:
-
Stefan Raspl authored
Add support to display the adjacent switch port's forwarding attributes. Currently supports info on forwarding modes '802.1' and 'rr' (reflective relay). Signed-off-by:
Stefan Raspl <raspl@linux.vnet.ibm.com> Signed-off-by:
-
git://git.open-mesh.org/linux-mergeDavid S. Miller authored
Antonio Quartulli says: ==================== pull request [net]: batman-adv 20140721 here you have two fixes that we have been testing for quite some time (this is why they arrived a bit late in the rc cycle). Patch 1) ensures that BLA packets get dropped and not forwarded to the mesh even if they reach batman-adv within QinQ frames. Forwarding them into the mesh means messing up with the TT database of other nodes which can generate all kind of unexpected behaviours during route computation. Patch 2) avoids a couple of race conditions triggered upon fast VLAN deletion-addition. Such race conditions are pretty dangerous because they not only create inconsistencies in the TT database of the nodes in the network, but such scenario is also unrecoverable (unless nodes are rebooted). ==================== Signed-off-by: -
Eric Dumazet authored
There is a benign buffer overflow in ip_options_compile spotted by AddressSanitizer[1] : Its benign because we always can access one extra byte in skb->head (because header is followed by struct skb_shared_info), and in this case this byte is not even used. [28504.910798] ================================================================== [28504.912046] AddressSanitizer: heap-buffer-overflow in ip_options_compile [28504.913170] Read of size 1 by thread T15843: [28504.914026] [<ffffffff81802f91>] ip_options_compile+0x121/0x9c0 [28504.915394] [<ffffffff81804a0d>] ip_options_get_from_user+0xad/0x120 [28504.916843] [<ffffffff8180dedf>] do_ip_setsockopt.isra.15+0x8df/0x1630 [28504.918175] [<ffffffff8180ec60>] ip_setsockopt+0x30/0xa0 [28504.919490] [<ffffffff8181e59b>] tcp_setsockopt+0x5b/0x90 [28504.920835] [<ffffffff8177462f>] sock_common_setsockopt+0x5f/0x70 [28504.922208] [<ffffffff817729c2>] SyS_setsockopt+0xa2/0x140 [28504.923459] [<ffffffff818cfb69>] system_call_fastpath+0x16/0x1b [28504.924722] [28504.925106] Allocated by thread T15843: [28504.925815] [<ffffffff81804995>] ip_options_get_from_user+0x35/0x120 [28504.926884] [<ffffffff8180dedf>] do_ip_setsockopt.isra.15+0x8df/0x1630 [28504.927975] [<ffffffff8180ec60>] ip_setsockopt+0x30/0xa0 [28504.929175] [<ffffffff8181e59b>] tcp_setsockopt+0x5b/0x90 [28504.930400] [<ffffffff8177462f>] sock_common_setsockopt+0x5f/0x70 [28504.931677] [<ffffffff817729c2>] SyS_setsockopt+0xa2/0x140 [28504.932851] [<ffffffff818cfb69>] system_call_fastpath+0x16/0x1b [28504.934018] [28504.934377] The buggy address ffff880026382828 is located 0 bytes to the right [28504.934377] of 40-byte region [ffff880026382800, ffff880026382828) [28504.937144] [28504.937474] Memory state around the buggy address: [28504.938430] ffff880026382300: ........ rrrrrrrr rrrrrrrr rrrrrrrr [28504.939884] ffff880026382400: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28504.941294] ffff880026382500: .....rrr rrrrrrrr rrrrrrrr rrrrrrrr [28504.942504] ffff880026382600: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28504.943483] ffff880026382700: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28504.944511] >ffff880026382800: .....rrr rrrrrrrr rrrrrrrr rrrrrrrr [28504.945573] ^ [28504.946277] ffff880026382900: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28505.094949] ffff880026382a00: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28505.096114] ffff880026382b00: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28505.097116] ffff880026382c00: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28505.098472] ffff880026382d00: ffffffff rrrrrrrr rrrrrrrr rrrrrrrr [28505.099804] Legend: [28505.100269] f - 8 freed bytes [28505.100884] r - 8 redzone bytes [28505.101649] . - 8 allocated bytes [28505.102406] x=1..7 - x allocated bytes + (8-x) redzone bytes [28505.103637] ================================================================== [1] https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernelSigned-off-by:
-
Florian Fainelli authored
The link adjustment callback can be called as frequently as desired by the PHY library, as such, let's avoid doing a Read/Modify/Write sequence if nothing changed, since these register accesses can be expensive. Signed-off-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
- 21 Jul, 2014 11 commits
-
-
David S. Miller authored
Florian Fainelli says: ==================== net: bcmgenet: PM and Wake-on-LAN This patchset brings S2/S3 Power Management support to the GENET driver as well as Wake-on-LAN using Magic Packets with or without SecureOn passwords. ==================== Signed-off-by: -
Florian Fainelli authored
Now that Wake-on-LAN support mode is fully integrated into the driver, allow an user to query and configure Wake-on-LAN in the driver. Signed-off-by:
-
Florian Fainelli authored
Update bcmgenet_suspend() to prepare the hardware for being put into Wake-on-LAN mode if the device can wakeup the system, and Wake-on-LAN is enabled. Whether we resume from Wake-on-LAN or not, make sure that bcmgenet_resume() disables the UniMAC MagicPacket matching mode and puts the hardware in a state where it can receive all incoming packets. Signed-off-by:
-
Florian Fainelli authored
bcmgenet_wol_resume() will create an unbalanced clock state for the wol_clk clock pointer since everywhere else in the code, we always call clk_prepare_enable() and clk_disable_unprepare(). This function also calls init_umac() which is neither correct nor necessary since bcmgenet_resume() and bcmgenet_open() already does that. Finally calling bcmgenet_wol_resume() in bcmgenet_open() is not correct, since the interface would not have been able to put us in Wake-on-LAN mode if it was not UP before. Signed-off-by:
-
Florian Fainelli authored
Handle UMAC_IRQ_MPD_R interrupt bit in our workqueue to make sure that we properly re-configure the GENET adapter from Wake-on-LAN. bcmgenet_power_up() makes sure that we will not leave the UniMAC hardware in MagicPacket matching mode, since that would prevent any other packet from being received. Signed-off-by:
-
Florian Fainelli authored
Update bcmgenet_power_{up,down} to handle the case where the adapter has been suspend respectively resumed from Wake-on-LAN using MagicPackets. Signed-off-by: -
Florian Fainelli authored
Add all the required code to program the GENET hardware to enter Wake-on-LAN mode and wake using MagicPackets with or without SecureOn password. This code is hooked to the build system, but is not yet referenced from ethtool or the main bcmgenet driver. Signed-off-by:
-
Florian Fainelli authored
Attempt to the request the Wake-on-LAN interrupt bit, and if successful, advertise wakeup capability instead of doing this unconditionnally. Signed-off-by:
-
Florian Fainelli authored
Implement suspend/resume callbacks in the GENET driver. This makes sure that we de-initialize and re-initialize the hardware correctly before entering suspend and when resuming. Signed-off-by:
-
Florian Fainelli authored
Introduce a bunch of helper functions: bcmgenet_netif_start, bcmgenet_netif_stop and bcmgenet_intr_disable to help reuse code that is going to be necessary for suspend/resume. Signed-off-by:
-
Florian Fainelli authored
Factor the code touching the UniMAC RX/TX enable bits since we are going to re-use it for implementing suspend/resume. Signed-off-by:
-
