1. 17 Jul, 2009 8 commits
  2. 16 Jul, 2009 2 commits
    • Eric Dumazet's avatar
      netfilter: nf_conntrack: nf_conntrack_alloc() fixes · 941297f4
      Eric Dumazet authored
      When a slab cache uses SLAB_DESTROY_BY_RCU, we must be careful when allocating
      objects, since slab allocator could give a freed object still used by lockless
      readers.
      
      In particular, nf_conntrack RCU lookups rely on ct->tuplehash[xxx].hnnode.next
      being always valid (ie containing a valid 'nulls' value, or a valid pointer to next
      object in hash chain.)
      
      kmem_cache_zalloc() setups object with NULL values, but a NULL value is not valid
      for ct->tuplehash[xxx].hnnode.next.
      
      Fix is to call kmem_cache_alloc() and do the zeroing ourself.
      
      As spotted by Patrick, we also need to make sure lookup keys are committed to
      memory before setting refcount to 1, or a lockless reader could get a reference
      on the old version of the object. Its key re-check could then pass the barrier.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      941297f4
    • Patrick McHardy's avatar
      netfilter: xt_osf: fix nf_log_packet() arguments · aa6a03eb
      Patrick McHardy authored
      The first argument is the address family, the second one the hook
      number.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      aa6a03eb
  3. 15 Jul, 2009 2 commits
  4. 14 Jul, 2009 5 commits
  5. 13 Jul, 2009 3 commits
    • Eric Dumazet's avatar
      igb: gcc-3.4.6 fix · c8159b2d
      Eric Dumazet authored
      forward declaration of inline function should be avoided, or
      old gcc cannot compile.
      Reported-by: default avatarTeck Choon Giam <giamteckchoon@gmail.com>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c8159b2d
    • roel kluin's avatar
      atlx: duplicate testing of MCAST flag · 41796e91
      roel kluin authored
      Fix duplicate testing of MCAST flag
      Signed-off-by: default avatarRoel Kluin <roel.kluin@gmail.com>
      Acked-by: default avatarJay Cliburn <jcliburn@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      41796e91
    • Ralf Baechle's avatar
      NET: Fix locking issues in PPP, 6pack, mkiss and strip line disciplines. · adeab1af
      Ralf Baechle authored
      Guido Trentalancia reports:
      
      I am trying to use the kiss driver in the Linux kernel that is being
      shipped with Fedora 10 but unfortunately I get the following oops:
      
      mkiss: AX.25 Multikiss, Hans Albas PE1AYX
      mkiss: ax0: crc mode is auto.
      ADDRCONF(NETDEV_CHANGE): ax0: link becomes ready
      ------------[ cut here ]------------
      WARNING: at kernel/softirq.c:77 __local_bh_disable+0x2f/0x83() (Not
      tainted)
      [...]
      unloaded: microcode]
      Pid: 0, comm: swapper Not tainted 2.6.27.25-170.2.72.fc10.i686 #1
       [<c042ddfb>] warn_on_slowpath+0x65/0x8b
       [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
       [<c04228b4>] ? __enqueue_entity+0xe3/0xeb
       [<c042431e>] ? enqueue_entity+0x203/0x20b
       [<c0424361>] ? enqueue_task_fair+0x3b/0x3f
       [<c041f88c>] ? resched_task+0x3a/0x6e
       [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
       [<c06ab4e2>] ? _spin_lock_bh+0xb/0x16
       [<c043255b>] __local_bh_disable+0x2f/0x83
       [<c04325ba>] local_bh_disable+0xb/0xd
       [<c06ab4e2>] _spin_lock_bh+0xb/0x16
       [<f8b6f600>] mkiss_receive_buf+0x2fb/0x3a6 [mkiss]
       [<c0572a30>] flush_to_ldisc+0xf7/0x198
       [<c0572b12>] tty_flip_buffer_push+0x41/0x51
       [<f89477f2>] ftdi_process_read+0x375/0x4ad [ftdi_sio]
       [<f8947a5a>] ftdi_read_bulk_callback+0x130/0x138 [ftdi_sio]
       [<c05d4bec>] usb_hcd_giveback_urb+0x63/0x93
       [<c05ea290>] uhci_giveback_urb+0xe5/0x15f
       [<c05eaabf>] uhci_scan_schedule+0x52e/0x767
       [<c05f6288>] ? psmouse_handle_byte+0xc/0xe5
       [<c054df78>] ? acpi_ev_gpe_detect+0xd6/0xe1
       [<c05ec5b0>] uhci_irq+0x110/0x125
       [<c05d4834>] usb_hcd_irq+0x40/0xa3
       [<c0465313>] handle_IRQ_event+0x2f/0x64
       [<c046642b>] handle_level_irq+0x74/0xbe
       [<c04663b7>] ? handle_level_irq+0x0/0xbe
       [<c0406e6e>] do_IRQ+0xc7/0xfe
       [<c0405668>] common_interrupt+0x28/0x30
       [<c056821a>] ? acpi_idle_enter_simple+0x162/0x19d
       [<c0617f52>] cpuidle_idle_call+0x60/0x92
       [<c0403c61>] cpu_idle+0x101/0x134
       [<c069b1ba>] rest_init+0x4e/0x50
       =======================
      ---[ end trace b7cc8076093467ad ]---
      ------------[ cut here ]------------
      WARNING: at kernel/softirq.c:136 _local_bh_enable_ip+0x3d/0xc4()
      [...]
      Pid: 0, comm: swapper Tainted: G        W 2.6.27.25-170.2.72.fc10.i686
       [<c042ddfb>] warn_on_slowpath+0x65/0x8b
       [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
       [<c04228b4>] ? __enqueue_entity+0xe3/0xeb
       [<c042431e>] ? enqueue_entity+0x203/0x20b
       [<c0424361>] ? enqueue_task_fair+0x3b/0x3f
       [<c041f88c>] ? resched_task+0x3a/0x6e
       [<c06ab62b>] ? _spin_unlock_irqrestore+0x22/0x38
       [<c06ab4e2>] ? _spin_lock_bh+0xb/0x16
       [<f8b6f642>] ? mkiss_receive_buf+0x33d/0x3a6 [mkiss]
       [<c04325f9>] _local_bh_enable_ip+0x3d/0xc4
       [<c0432688>] local_bh_enable_ip+0x8/0xa
       [<c06ab54d>] _spin_unlock_bh+0x11/0x13
       [<f8b6f642>] mkiss_receive_buf+0x33d/0x3a6 [mkiss]
       [<c0572a30>] flush_to_ldisc+0xf7/0x198
       [<c0572b12>] tty_flip_buffer_push+0x41/0x51
       [<f89477f2>] ftdi_process_read+0x375/0x4ad [ftdi_sio]
       [<f8947a5a>] ftdi_read_bulk_callback+0x130/0x138 [ftdi_sio]
       [<c05d4bec>] usb_hcd_giveback_urb+0x63/0x93
       [<c05ea290>] uhci_giveback_urb+0xe5/0x15f
       [<c05eaabf>] uhci_scan_schedule+0x52e/0x767
       [<c05f6288>] ? psmouse_handle_byte+0xc/0xe5
       [<c054df78>] ? acpi_ev_gpe_detect+0xd6/0xe1
       [<c05ec5b0>] uhci_irq+0x110/0x125
       [<c05d4834>] usb_hcd_irq+0x40/0xa3
       [<c0465313>] handle_IRQ_event+0x2f/0x64
       [<c046642b>] handle_level_irq+0x74/0xbe
       [<c04663b7>] ? handle_level_irq+0x0/0xbe
       [<c0406e6e>] do_IRQ+0xc7/0xfe
       [<c0405668>] common_interrupt+0x28/0x30
       [<c056821a>] ? acpi_idle_enter_simple+0x162/0x19d
       [<c0617f52>] cpuidle_idle_call+0x60/0x92
       [<c0403c61>] cpu_idle+0x101/0x134
       [<c069b1ba>] rest_init+0x4e/0x50
       =======================
      ---[ end trace b7cc8076093467ad ]---
      mkiss: ax0: Trying crc-smack
      mkiss: ax0: Trying crc-flexnet
      
      The issue was, that the locking code in mkiss was assuming it was only
      ever being called in process or bh context.  Fixed by converting the
      involved locking code to use irq-safe locks.
      
      Review of other networking line disciplines shows that 6pack, both sync
      and async PPP and STRIP have similar issues.  The ppp_async one is the
      most interesting one as it sorts out half of the issue as far back as
      2004 in commit http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2996d8deaeddd01820691a872550dc0cfba0c37dSigned-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Reported-by: default avatarGuido Trentalancia <guido@trentalancia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      adeab1af
  6. 12 Jul, 2009 5 commits
  7. 10 Jul, 2009 4 commits
    • Roland Dreier's avatar
      cxgb3: Fix crash caused by stashing wrong netdev_queue · e594e96e
      Roland Dreier authored
      Commit c3a8c5b6 ("cxgb3: move away from LLTX") exposed a bug in how
      cxgb3 looks up the netdev_queue it stashes away in a qset during
      initialization.  For multiport devices, the TX queue index it uses is
      offset by the first_qset index of each port.  This leads to a crash
      once LLTX is removed, since hard_start_xmit is called with one TX
      queue lock held, while the TX reclaim timer task grabs a different
      (wrong) TX queue lock when it frees skbs.
      
      Fix this by removing the first_qset offset used to look up the TX
      queue passed into t3_sge_alloc_qset() from setup_sge_qsets().
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      Acked-by: default avatarDivy Le Ray <divy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e594e96e
    • Yi Zou's avatar
      ixgbe: Fix coexistence of FCoE and Flow Director in 82599 · 8faa2a78
      Yi Zou authored
      Fix coexistence of Fiber Channel over Ethernet (FCoE) and Flow Director (FDIR)
      in 82599 and remove the disabling of FDIR when FCoE is enabled.
      
      Currently, FDIR is turned off when FCoE is enabled under the assumption that
      FCoE is always enabled with DCB being turned on. However, FDIR does not have
      to be turned off all the time when FCoE is enabled since FCoE can be enabled
      without DCB being turned on, e.g., use link pause only. This patch makes sure
      that when DCB is turned on or off, FDIR is turned on or off correspondingly;
      and when FCoE is enabled, it does not disable FDIR, rather, it will have FDIR
      set up properly so FCoE and FDIR can coexist regardless of DCB being on or off.
      Signed-off-by: default avatarYi Zou <yi.zou@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8faa2a78
    • Jiri Olsa's avatar
      memory barrier: adding smp_mb__after_lock · ad462769
      Jiri Olsa authored
      Adding smp_mb__after_lock define to be used as a smp_mb call after
      a lock.
      
      Making it nop for x86, since {read|write|spin}_lock() on x86 are
      full memory barriers.
      Signed-off-by: default avatarJiri Olsa <jolsa@redhat.com>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ad462769
    • Jiri Olsa's avatar
      net: adding memory barrier to the poll and receive callbacks · a57de0b4
      Jiri Olsa authored
      Adding memory barrier after the poll_wait function, paired with
      receive callbacks. Adding fuctions sock_poll_wait and sk_has_sleeper
      to wrap the memory barrier.
      
      Without the memory barrier, following race can happen.
      The race fires, when following code paths meet, and the tp->rcv_nxt
      and __add_wait_queue updates stay in CPU caches.
      
      CPU1                         CPU2
      
      sys_select                   receive packet
        ...                        ...
        __add_wait_queue           update tp->rcv_nxt
        ...                        ...
        tp->rcv_nxt check          sock_def_readable
        ...                        {
        schedule                      ...
                                      if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
                                              wake_up_interruptible(sk->sk_sleep)
                                      ...
                                   }
      
      If there was no cache the code would work ok, since the wait_queue and
      rcv_nxt are opposit to each other.
      
      Meaning that once tp->rcv_nxt is updated by CPU2, the CPU1 either already
      passed the tp->rcv_nxt check and sleeps, or will get the new value for
      tp->rcv_nxt and will return with new data mask.
      In both cases the process (CPU1) is being added to the wait queue, so the
      waitqueue_active (CPU2) call cannot miss and will wake up CPU1.
      
      The bad case is when the __add_wait_queue changes done by CPU1 stay in its
      cache, and so does the tp->rcv_nxt update on CPU2 side.  The CPU1 will then
      endup calling schedule and sleep forever if there are no more data on the
      socket.
      
      Calls to poll_wait in following modules were ommited:
      	net/bluetooth/af_bluetooth.c
      	net/irda/af_irda.c
      	net/irda/irnet/irnet_ppp.c
      	net/mac80211/rc80211_pid_debugfs.c
      	net/phonet/socket.c
      	net/rds/af_rds.c
      	net/rfkill/core.c
      	net/sunrpc/cache.c
      	net/sunrpc/rpc_pipe.c
      	net/tipc/socket.c
      Signed-off-by: default avatarJiri Olsa <jolsa@redhat.com>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a57de0b4
  8. 09 Jul, 2009 2 commits
  9. 08 Jul, 2009 9 commits