1. 21 Apr, 2013 2 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 851b3f32
      Linus Torvalds authored
      Pull sparc fixes from David Miller:
      
       1) Fix race in sparc64 TLB shootdowns, we have to synchronize with the
          sibling cpus completing if we are passing them a reference via
          pointer to a data structure.
      
       2) Fix cleaning of bitmaps in sparc32, from Akinobu Mita.
      
       3) Fix various sparc header mistakes, some of which resulted in
          userland build breakage.  From Sam Ravnborg.
      
       4) Kill ghost declarations and defines missed when several bits of code
          got deleted recently.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix race in TLB batch processing.
        sparc: use asm-generic version of types.h
        bbc_i2c: fix section mismatch warning
        sparc: use generic headers
        sparc:cleanup unused code in smp_32.h
        sparc/iommu: fix typo s/265KB/256KB/
        sparc/srmmu: clear trailing edge of bitmap properly
        sparc:remove unused declaration smp_boot_cpus()
      851b3f32
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · c437d888
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) ax88796 does 64-bit divides which causes link errors on ARM, fix
          from Arnd Bergmann.
      
       2) Once an improper offload setting is detected on an SKB we don't rate
          limit the log message so we can very easily live lock.  From Ben
          Greear.
      
       3) Openvswitch cannot report vport configuration changes reliably
          because it didn't preallocate the netlink notification message
          before changing state.  From Jesse Gross.
      
       4) The effective UID/GID SCM credentials fix, from Linus.
      
       5) When a user explicitly asks for wireless authentication, cfg80211
          isn't told about the AP detachment leaving inconsistent state.  Fix
          from Johannes Berg.
      
       6) Fix self-MAC checks in batman-adv on multi-mesh nodes, from Antonio
          Quartulli.
      
       7) Revert build_skb() change sin IGB driver, can result in memory
          corruption.  From Alexander Duyck.
      
       8) Fix setting VLANs on virtual functions in IXGBE, from Greg Rose.
      
       9) Fix TSO races in qlcnic driver, from Sritej Velaga.
      
      10) In bnx2x the kernel driver and UNDI firmware can try to program the
          chip at the same time, resulting in corruption.  Add proper
          synchronization.  From Dmitry Kravkov.
      
      11) Fix corruption of status block in firmware ram in bxn2x, from Ariel
          Elior.
      
      12) Fix load balancing hash regression of bonding driver in forwarding
          configurations, from Eric Dumazet.
      
      13) Fix TS ECR regression in TCP by calling tcp_replace_ts_recent() in
          all the right spots, from Eric Dumazet.
      
      14) Fix several bonding bugs having to do with address manintainence,
          including not removing address when configuration operations
          encounter errors, missed locking on the address lists, missing
          refcounting on VLAN objects, etc.  All from Nikolay Aleksandrov.
      
      15) Add workarounds for firmware bugs in LTE qmi_wwan devices, wherein
          the devices fail to add a proper ethernet header while on LTE
          networks but otherwise properly do so on 2G and 3G ones.  From Bjørn
          Mork.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits)
        net: fix incorrect credentials passing
        net: rate-limit warn-bad-offload splats.
        net: ax88796: avoid 64 bit arithmetic
        qlge: Update version to 1.00.00.32.
        qlge: Fix ethtool autoneg advertising.
        qlge: Fix receive path to drop error frames
        net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround)
        net: qmi_wwan: fixup destination address (firmware bug workaround)
        net: qmi_wwan: fixup missing ethernet header (firmware bug workaround)
        bonding: in bond_mc_swap() bond's mc addr list is walked without lock
        bonding: disable netpoll on enslave failure
        bonding: primary_slave & curr_active_slave are not cleaned on enslave failure
        bonding: vlans don't get deleted on enslave failure
        bonding: mc addresses don't get deleted on enslave failure
        pkt_sched: fix error return code in fw_change_attrs()
        irda: small read past the end of array in debug code
        tcp: call tcp_replace_ts_recent() from tcp_ack()
        netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
        netfilter: ipset: bitmap:ip,mac: fix listing with timeout
        bonding: fix l23 and l34 load balancing in forwarding path
        ...
      c437d888
  2. 20 Apr, 2013 1 commit
  3. 19 Apr, 2013 27 commits
    • Ben Greear's avatar
      net: rate-limit warn-bad-offload splats. · c846ad9b
      Ben Greear authored
      If one does do something unfortunate and allow a
      bad offload bug into the kernel, this the
      skb_warn_bad_offload can effectively live-lock the
      system, filling the logs with the same error over
      and over.
      
      Add rate limitation to this so that box remains otherwise
      functional in this case.
      Signed-off-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c846ad9b
    • Arnd Bergmann's avatar
      net: ax88796: avoid 64 bit arithmetic · b261c20f
      Arnd Bergmann authored
      When building ax88796 on an ARM platform with 64-bit resource_size_t,
      we currently get
      
      drivers/net/ethernet/8390/ax88796.c:875: undefined reference to `__aeabi_uldivmod'
      
      because we do a division on the length of the MMIO resource.
      Since we know that this resource is very short, using an
      "unsigned long" instead of "resource_size_t" is entirely
      sufficient, and avoids this link-time error.
      
      Cc: Ben Dooks <ben-linux@fluff.org>
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b261c20f
    • Jitendra Kalsaria's avatar
    • Jitendra Kalsaria's avatar
      qlge: Fix ethtool autoneg advertising. · c5e991af
      Jitendra Kalsaria authored
      Autoneg is supported on specific port types only. Fix the driver to advertise
      autoneg based on the port type.
      Signed-off-by: default avatarJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5e991af
    • Sritej Velaga's avatar
      qlge: Fix receive path to drop error frames · ae721f3a
      Sritej Velaga authored
      o Fix the driver to drop error frames in the receive path
      o Update error counter which was not getting incremented
      Signed-off-by: default avatarSritej Velaga <sritej.velaga@qlogic.com>
      Signed-off-by: default avatarJitendra Kalsaria <jitendra.kalsaria@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae721f3a
    • David S. Miller's avatar
      Merge branch 'qmi_wwan' · b79d4a8d
      David S. Miller authored
      Bjørn Mork says:
      
      ====================
      This series adds workarounds for 3 different firmware bugs, each
      preventing the affected devices from working at all. I therefore
      humbly request that these fixes go to stable-3.8 (if still
      maintained) and 3.9 (either via net if still possible, or via
      stable if not).
      
      All 3 workarounds are applied to all devices supported by the driver.
      Adding quirks for specific devices was considered as an alternative,
      but was rejected because we have too little information about the
      exact distribution of the buggy firmwares. All we know is that the
      same bug shows up in devices from at least 3 different, and presumably
      independent, vendors.
      
      The workarounds have instead been designed to automatically apply
      when necessary, and to have as little impact as possible on unaffected
      devices.  The series has been tested on a number of devices both with
      and without these bugs.
      
      The series should apply cleanly to net/master, net-next/master and
      stable/linux-3.8.y
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b79d4a8d
    • Bjørn Mork's avatar
      net: qmi_wwan: prevent duplicate mac address on link (firmware bug workaround) · cc6ba5fd
      Bjørn Mork authored
      We normally trust and use the CDC functional descriptors provided by a
      number of devices.  But some of these will erroneously list the address
      reserved for the device end of the link.  Attempting to use this on
      both the device and host side will naturally not work.
      
      Work around this bug by ignoring the functional descriptor and assign a
      random address instead in this case.
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc6ba5fd
    • Bjørn Mork's avatar
      net: qmi_wwan: fixup destination address (firmware bug workaround) · 6483bdc9
      Bjørn Mork authored
      Received packets are sometimes addressed to 00:a0:c6:00:00:00
      instead of the address the device firmware should have learned
      from the host:
      
      321.224126 77.16.85.204 -> 148.122.171.134 ICMP 98 Echo (ping) request  id=0x4025, seq=64/16384, ttl=64
      
      0000  82 c0 82 c9 f1 67 82 c0 82 c9 f1 67 08 00 45 00   .....g.....g..E.
      0010  00 54 00 00 40 00 40 01 57 cc 4d 10 55 cc 94 7a   .T..@.@.W.M.U..z
      0020  ab 86 08 00 62 fc 40 25 00 40 b2 bc 6e 51 00 00   ....b.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      321.240607 148.122.171.134 -> 77.16.85.204 ICMP 98 Echo (ping) reply    id=0x4025, seq=64/16384, ttl=55
      
      0000  00 a0 c6 00 00 00 02 50 f3 00 00 00 08 00 45 00   .......P......E.
      0010  00 54 00 56 00 00 37 01 a0 76 94 7a ab 86 4d 10   .T.V..7..v.z..M.
      0020  55 cc 00 00 6a fc 40 25 00 40 b2 bc 6e 51 00 00   U...j.@%.@..nQ..
      0030  00 00 6b bd 09 00 00 00 00 00 10 11 12 13 14 15   ..k.............
      0040  16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25   .......... !"#$%
      0050  26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35   &'()*+,-./012345
      0060  36 37                                             67
      
      The bogus address is always the same, and matches the address
      suggested by many devices as a default address.  It is likely a
      hardcoded firmware default.
      
      The circumstances where this bug has been observed indicates that
      the trigger is related to timing or some other factor the host
      cannot control. Repeating the exact same configuration sequence
      that caused it to trigger once, will not necessarily cause it to
      trigger the next time. Reproducing the bug is therefore difficult.
      This opens up a possibility that the bug is more common than we can
      confirm, because affected devices often will work properly again
      after a reset.  A procedure most users are likely to try out before
      reporting a bug.
      
      Unconditionally rewriting the destination address if the first digit
      of the received packet is 0, is considered an acceptable compromise
      since we already have to inspect this digit.  The simplification will
      cause unnecessary rewrites if the real address starts with 0, but this
      is still better than adding additional tests for this particular case.
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6483bdc9
    • Bjørn Mork's avatar
      net: qmi_wwan: fixup missing ethernet header (firmware bug workaround) · 6ff509af
      Bjørn Mork authored
      A number of LTE devices from different vendors all suffer from the
      same firmware bug: Most of the packets received from the device while
      it is attached to a LTE network will not have an ethernet header. The
      devices work as expected when attached to 2G or 3G networks, sending
      an ethernet header with all packets.
      
      This driver is not aware of which network the modem attached to, and
      even if it were there are still some packet types which are always
      received with the header intact.
      
      All devices supported by this driver have severely limited
      networking capabilities:
       - can only transmit IPv4, IPv6 and possibly ARP
       - can only support a single host hardware address at any time
       - will only do point-to-point communcation with the host
      
      Because of this, we are able to reliably identify any bogus raw IP
      packets by simply looking at the 4 IP version bits.  All we need to
      do is to avoid 4 or 6 in the first digit of the mac address.  This
      workaround ensures this, and fix up the received packets as necessary.
      
      Given the distribution of the bug, it is believed that the source is
      the chipset vendor.  The devices which are verified to be affected are:
       Huawei E392u-12 (Qualcomm MDM9200)
       Pantech UML290  (Qualcomm MDM9600)
       Novatel USB551L (Qualcomm MDM9600)
       Novatel E362    (Qualcomm MDM9600)
      
      It is believed that the bug depend on firmware revision, which means
      that possibly all devices based on the above mentioned chipset may be
      affected if we consider all available firmware revisions.
      
      The information about affected devices and versions is likely
      incomplete.  As the additional overhead for packets not needing this
      fixup is very small, it is considered acceptable to apply the
      workaround to all devices handled by this driver.
      Reported-by: default avatarDan Williams <dcbw@redhat.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ff509af
    • David S. Miller's avatar
      Merge branch 'bonding' · 0cb670ee
      David S. Miller authored
      Nikolay Aleksandrov says:
      
      ====================
      This patch-set fixes mainly bugs on enslave failure and one occasion
      of a needed locking. The patches are:
      
      	1. On enslave failure mc addresses are not flushed from the slave
      	2. On enslave failure vlans are not cleaned up from the slave
      	3. On enslave failure the bond's primary and curr_active_slave
      	   are not cleaned up (which might result in use of freed memory)
      	4. On enslave failure netpoll is not disabled which might result in
      	   a memory leak
      	5. In bond_mc_swap() the bond's mc addr list is walked without
      	   netif_addr_lock, since it can be called without rtnl, add it
      
      v2: patch 01 - fix log message and remove unnecessary code move
      ====================
      Signed-off-by: default avatarJay Vosburgh <fubar@us.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0cb670ee
    • nikolay@redhat.com's avatar
      bonding: in bond_mc_swap() bond's mc addr list is walked without lock · d632ce98
      nikolay@redhat.com authored
      Use netif_addr_lock_bh() to acquire the appropriate lock before walking.
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d632ce98
    • nikolay@redhat.com's avatar
      bonding: disable netpoll on enslave failure · fc7a72ac
      nikolay@redhat.com authored
      slave_disable_netpoll() is not called upon enslave failure which would
      lead to a memory leak. Call slave_disable_netpoll() after err_detach as
      that's the first error path after enabling netpoll on that slave.
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fc7a72ac
    • nikolay@redhat.com's avatar
      bonding: primary_slave & curr_active_slave are not cleaned on enslave failure · 3c5913b5
      nikolay@redhat.com authored
      On enslave failure primary_slave can point to new_slave which is to be
      freed, and the same applies to curr_active_slave. So check if this is
      the case and clean up properly after err_detach because that's the first
      error code path after they're set.
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c5913b5
    • nikolay@redhat.com's avatar
      bonding: vlans don't get deleted on enslave failure · a506e7b4
      nikolay@redhat.com authored
      The main problem is with vid refcount which only gets bumped up.
      Delete the vlans after err_detach as that's the first error path
      after the vlans are added.
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a506e7b4
    • nikolay@redhat.com's avatar
      bonding: mc addresses don't get deleted on enslave failure · 25e40305
      nikolay@redhat.com authored
      Add bond_mc_list_flush() after err_detach as that's the first error path
      after the addresses are added. The main issue is the mc addresses' refcount
      which only gets bumped up.
      
      v2: update log message and don't move code unnecessarily
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      25e40305
    • Wei Yongjun's avatar
      pkt_sched: fix error return code in fw_change_attrs() · cb95ec62
      Wei Yongjun authored
      Fix to return -EINVAL when tb[TCA_FW_MASK] is set and head->mask != 0xFFFFFFFF
      instead of 0 (ifdef CONFIG_NET_CLS_IND and tb[TCA_FW_INDEV]), as done elsewhere
      in this function.
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cb95ec62
    • Dan Carpenter's avatar
      irda: small read past the end of array in debug code · e15465e1
      Dan Carpenter authored
      The "reason" can come from skb->data[] and it hasn't been capped so it
      can be from 0-255 instead of just 0-6.  For example in irlmp_state_dtr()
      the code does:
      
      	reason = skb->data[3];
      	...
      	irlmp_disconnect_indication(self, reason, skb);
      
      Also LMREASON has a couple other values which don't have entries in the
      irlmp_reasons[] array.  And 0xff is a valid reason as well which means
      "unknown".
      
      So far as I can see we don't actually care about "reason" except for in
      the debug code.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e15465e1
    • David S. Miller's avatar
      sparc64: Fix race in TLB batch processing. · f36391d2
      David S. Miller authored
      As reported by Dave Kleikamp, when we emit cross calls to do batched
      TLB flush processing we have a race because we do not synchronize on
      the sibling cpus completing the cross call.
      
      So meanwhile the TLB batch can be reset (tb->tlb_nr set to zero, etc.)
      and either flushes are missed or flushes will flush the wrong
      addresses.
      
      Fix this by using generic infrastructure to synchonize on the
      completion of the cross call.
      
      This first required getting the flush_tlb_pending() call out from
      switch_to() which operates with locks held and interrupts disabled.
      The problem is that smp_call_function_many() cannot be invoked with
      IRQs disabled and this is explicitly checked for with WARN_ON_ONCE().
      
      We get the batch processing outside of locked IRQ disabled sections by
      using some ideas from the powerpc port. Namely, we only batch inside
      of arch_{enter,leave}_lazy_mmu_mode() calls.  If we're not in such a
      region, we flush TLBs synchronously.
      
      1) Get rid of xcall_flush_tlb_pending and per-cpu type
         implementations.
      
      2) Do TLB batch cross calls instead via:
      
      	smp_call_function_many()
      		tlb_pending_func()
      			__flush_tlb_pending()
      
      3) Batch only in lazy mmu sequences:
      
      	a) Add 'active' member to struct tlb_batch
      	b) Define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
      	c) Set 'active' in arch_enter_lazy_mmu_mode()
      	d) Run batch and clear 'active' in arch_leave_lazy_mmu_mode()
      	e) Check 'active' in tlb_batch_add_one() and do a synchronous
                 flush if it's clear.
      
      4) Add infrastructure for synchronous TLB page flushes.
      
      	a) Implement __flush_tlb_page and per-cpu variants, patch
      	   as needed.
      	b) Likewise for xcall_flush_tlb_page.
      	c) Implement smp_flush_tlb_page() to invoke the cross-call.
      	d) Wire up global_flush_tlb_page() to the right routine based
                 upon CONFIG_SMP
      
      5) It turns out that singleton batches are very common, 2 out of every
         3 batch flushes have only a single entry in them.
      
         The batch flush waiting is very expensive, both because of the poll
         on sibling cpu completeion, as well as because passing the tlb batch
         pointer to the sibling cpus invokes a shared memory dereference.
      
         Therefore, in flush_tlb_pending(), if there is only one entry in
         the batch perform a completely asynchronous global_flush_tlb_page()
         instead.
      Reported-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Acked-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
      f36391d2
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · f068f5e1
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Only one remaining fix for arm-soc platforms at this time, a small
        bugfix for cpu hotplug on highbank platforms that has become much
        easier to hit as of late.
      
        Details in the patch description, but it's small and well-contained
        and definitely impacts users of the platform, so 3.9 seems
        appropriate."
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: highbank: fix cache flush ordering for cpu hotplug
      f068f5e1
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · fd7fc253
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      If time allows, please consider pulling the following patchset contains two
      late Netfilter fixes, they are:
      
      * Skip broadcast/multicast locally generated traffic in the rpfilter,
        (closes netfilter bugzilla #814), from Florian Westphal.
      
      * Fix missing elements in the listing of ipset bitmap ip,mac set
        type with timeout support enabled, from Jozsef Kadlecsik.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd7fc253
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 6a4cd3fd
      David S. Miller authored
      John W. Linville says:
      
      ====================
      A few stragglers hoping for 3.9, somewhat delayed due to my travels...
      
      On the mac80211 bits, Johannes says:
      
      "Sadly, I have another pull request -- the idle handling fix broke LED
      handling in some cases."
      
      and:
      
      "Yet one more!
      
      This fixes a fairly important/annoying bug -- when roaming between
      multiple APs of the same network, the system could get stuck thinking it
      was connected to the old one while it really wasn't."
      
      On top of that...
      
      Arend sends a brcmfmac patch that removes advertising a feature that
      isn't actually fully supported, and a brcmsmac patch that rearranges
      code to request firmware at IFF_UP to play more nicely with being
      built into the kernel.
      
      Felix gives us a minor ath9k_htc fix to support the newly released
      open source firmware, and an ath9k_hw initvals fix to improve device
      stability.
      
      Rafał Miłecki provides a fix for an ssb regression that caused a
      serious performance problem with b43.
      
      Zefir Kurtisi offers an ath9k fix to change some kmalloc flags to
      allow the DFS detector to be called in softirq context.
      
      Please let me know if there are problems.  If these don't make 3.9,
      I'll just pull them into wireless-next -- just let me know if you
      want to do it that way!
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a4cd3fd
    • Eric Dumazet's avatar
      tcp: call tcp_replace_ts_recent() from tcp_ack() · 12fb3dd9
      Eric Dumazet authored
      commit bd090dfc (tcp: tcp_replace_ts_recent() should not be called
      from tcp_validate_incoming()) introduced a TS ecr bug in slow path
      processing.
      
      1 A > B P. 1:10001(10000) ack 1 <nop,nop,TS val 1001 ecr 200>
      2 B < A . 1:1(0) ack 1 win 257 <sack 9001:10001,TS val 300 ecr 1001>
      3 A > B . 1:1001(1000) ack 1 win 227 <nop,nop,TS val 1002 ecr 200>
      4 A > B . 1001:2001(1000) ack 1 win 227 <nop,nop,TS val 1002 ecr 200>
      
      (ecr 200 should be ecr 300 in packets 3 & 4)
      
      Problem is tcp_ack() can trigger send of new packets (retransmits),
      reflecting the prior TSval, instead of the TSval contained in the
      currently processed incoming packet.
      
      Fix this by calling tcp_replace_ts_recent() from tcp_ack() after the
      checks, but before the actions.
      Reported-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      12fb3dd9
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 0f177f87
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
       "Two more small fixups to the wacom driver"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: wacom - fix "can not retrieve extra class descriptor" for DTH2242
        Input: wacom - DTH2242 Grip Pen id was off by one bit
      0f177f87
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 53d945e1
      Linus Torvalds authored
      Pull fuse build fix from Miklos Szeredi:
       "This fixes android builds.  The patch appears large, but is just
        search & replace."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: fix type definitions in uapi header
      53d945e1
    • Ping Cheng's avatar
      Input: wacom - fix "can not retrieve extra class descriptor" for DTH2242 · 5846115b
      Ping Cheng authored
      Same as Cintiq 24HDT, DTH2242 has two interfaces sharing one configuration.
      This patch ignores the second interface.
      Signed-off-by: default avatarPing Cheng <pingc@wacom.com>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      5846115b
    • Ping Cheng's avatar
    • Linus Torvalds's avatar
      Merge branch 'userns-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux · 6835039d
      Linus Torvalds authored
      Pull user-namespace fixes from Andy Lutomirski.
      
      * 'userns-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux:
        userns: Changing any namespace id mappings should require privileges
        userns: Check uid_map's opener's fsuid, not the current fsuid
        userns: Don't let unprivileged users trick privileged users into setting the id_map
      6835039d
  4. 18 Apr, 2013 10 commits