1. 21 Sep, 2012 11 commits
    • David S. Miller's avatar
      Merge branch 'fixes-for-3.6' of git://gitorious.org/linux-can/linux-can · e0c7a4a1
      David S. Miller authored
      Marc Kleine-Budde says:
      
      ====================
      two patches for the v3.6 release cycle. Ira W. Snyder fixed support for the
      older version of the Janz CMOD-IO Carrier Board. I found and fixed an oops in
      the ti_hecc driver, which occurs when removing the module if the network
      interface is still open.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0c7a4a1
    • Wei Yongjun's avatar
      net/irda: sh_sir: fix return value check in sh_sir_set_baudrate() · dc9c9759
      Wei Yongjun authored
      In case of error, the function clk_get() returns ERR_PTR()
      and never returns NULL pointer. The NULL test in the error
      handling should be replaced with IS_ERR().
      
      dpatch engine is used to auto generated this patch.
      (https://github.com/weiyj/dpatch)
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dc9c9759
    • Wei Yongjun's avatar
      stmmac: fix return value check in stmmac_open_ext_timer() · 6861509f
      Wei Yongjun authored
      In case of error, the function clk_get() returns ERR_PTR()
      and never returns NULL pointer. The NULL test in the error
      handling should be replaced with IS_ERR().
      
      dpatch engine is used to auto generated this patch.
      (https://github.com/weiyj/dpatch)
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6861509f
    • Richard Cochran's avatar
      gianfar: fix phc index build failure · 28889b7e
      Richard Cochran authored
      This patch fixes a build failure introduced in commit 66636287
      ("gianfar: Support the get_ts_info ethtool method."). Not only was a
      global variable inconsistently named, but also it was not exported as
      it should have been.
      
      This fix is also needed in stable version 3.5.
      Signed-off-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28889b7e
    • Wei Yongjun's avatar
      ipv6: fix return value check in fib6_add() · f950c0ec
      Wei Yongjun authored
      In case of error, the function fib6_add_1() returns ERR_PTR()
      or NULL pointer. The ERR_PTR() case check is missing in fib6_add().
      
      dpatch engine is used to generated this patch.
      (https://github.com/weiyj/dpatch)
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f950c0ec
    • Ariel Elior's avatar
      bnx2x: remove false warning regarding interrupt number · 185d4c8b
      Ariel Elior authored
      Since version 7.4 the FW configures in the pci config space the max
      number of interrupts available to the physical function, instead of
      the exact number to use.
      This causes a false warning in driver when comparing the number of
      configured interrupts to the number about to be used.
      Signed-off-by: default avatarAriel Elior <ariele@broadcom.com>
      Signed-off-by: default avatarEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      185d4c8b
    • Marc Kleine-Budde's avatar
      can: ti_hecc: fix oops during rmmod · ab04c8bd
      Marc Kleine-Budde authored
      This patch fixes an oops which occurs when unloading the driver, while the
      network interface is still up. The problem is that first the io mapping is
      teared own, then the CAN device is unregistered, resulting in accessing the
      hardware's iomem:
      
      [  172.744232] Unable to handle kernel paging request at virtual address c88b0040
      [  172.752441] pgd = c7be4000
      [  172.755645] [c88b0040] *pgd=87821811, *pte=00000000, *ppte=00000000
      [  172.762207] Internal error: Oops: 807 [#1] PREEMPT ARM
      [  172.767517] Modules linked in: ti_hecc(-) can_dev
      [  172.772430] CPU: 0    Not tainted  (3.5.0alpha-00037-g3554cc0 #126)
      [  172.778961] PC is at ti_hecc_close+0xb0/0x100 [ti_hecc]
      [  172.784423] LR is at __dev_close_many+0x90/0xc0
      [  172.789123] pc : [<bf00c768>]    lr : [<c033be58>]    psr: 60000013
      [  172.789123] sp : c5c1de68  ip : 00040081  fp : 00000000
      [  172.801025] r10: 00000001  r9 : c5c1c000  r8 : 00100100
      [  172.806457] r7 : c5d0a48c  r6 : c5d0a400  r5 : 00000000  r4 : c5d0a000
      [  172.813232] r3 : c88b0000  r2 : 00000001  r1 : c5d0a000  r0 : c5d0a000
      [  172.820037] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      [  172.827423] Control: 10c5387d  Table: 87be4019  DAC: 00000015
      [  172.833404] Process rmmod (pid: 600, stack limit = 0xc5c1c2f0)
      [  172.839447] Stack: (0xc5c1de68 to 0xc5c1e000)
      [  172.843994] de60:                   bf00c6b8 c5c1dec8 c5d0a000 c5d0a000 00200200 c033be58
      [  172.852478] de80: c5c1de44 c5c1dec8 c5c1dec8 c033bf2c c5c1de90 c5c1de90 c5d0a084 c5c1de44
      [  172.860992] dea0: c5c1dec8 c033c098 c061d3dc c5d0a000 00000000 c05edf28 c05edb34 c000d724
      [  172.869476] dec0: 00000000 c033c2f8 c5d0a084 c5d0a084 00000000 c033c370 00000000 c5d0a000
      [  172.877990] dee0: c05edb00 c033c3b8 c5d0a000 bf00d3ac c05edb00 bf00d7c8 bf00d7c8 c02842dc
      [  172.886474] df00: c02842c8 c0282f90 c5c1c000 c05edb00 bf00d7c8 c0283668 bf00d7c8 00000000
      [  172.894989] df20: c0611f98 befe2f80 c000d724 c0282d10 bf00d804 00000000 00000013 c0068a8c
      [  172.903472] df40: c5c538e8 685f6974 00636365 c61571a8 c5cb9980 c61571a8 c6158a20 c00c9bc4
      [  172.911987] df60: 00000000 00000000 c5cb9980 00000000 c5cb9980 00000000 c7823680 00000006
      [  172.920471] df80: bf00d804 00000880 c5c1df8c 00000000 000d4267 befe2f80 00000001 b6d90068
      [  172.928985] dfa0: 00000081 c000d5a0 befe2f80 00000001 befe2f80 00000880 b6d90008 00000008
      [  172.937469] dfc0: befe2f80 00000001 b6d90068 00000081 00000001 00000000 befe2eac 00000000
      [  172.945983] dfe0: 00000000 befe2b18 00023ba4 b6e6addc 60000010 befe2f80 a8e00190 86d2d344
      [  172.954498] [<bf00c768>] (ti_hecc_close+0xb0/0x100 [ti_hecc]) from [<c033be58>] (__dev__registered_many+0xc0/0x2a0)
      [  172.984161] [<c033c098>] (rollback_registered_many+0xc0/0x2a0) from [<c033c2f8>] (rollback_registered+0x20/0x30)
      [  172.994750] [<c033c2f8>] (rollback_registered+0x20/0x30) from [<c033c370>] (unregister_netdevice_queue+0x68/0x98)
      [  173.005401] [<c033c370>] (unregister_netdevice_queue+0x68/0x98) from [<c033c3b8>] (unregister_netdev+0x18/0x20)
      [  173.015899] [<c033c3b8>] (unregister_netdev+0x18/0x20) from [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc])
      [  173.026245] [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc]) from [<c02842dc>] (platform_drv_remove+0x14/0x18)
      [  173.036712] [<c02842dc>] (platform_drv_remove+0x14/0x18) from [<c0282f90>] (__device_release_driver+0x7c/0xbc)
      
      Cc: stable <stable@vger.kernel.org>
      Cc: Anant Gole <anantgole@ti.com>
      Tested-by: default avatarJan Luebbe <jlu@pengutronix.de>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      ab04c8bd
    • Ira W. Snyder's avatar
      can: janz-ican3: fix support for older hardware revisions · e21093ef
      Ira W. Snyder authored
      The Revision 1.0 Janz CMOD-IO Carrier Board does not have support for
      the reset registers. To support older hardware, the code is changed to
      use the hardware reset register on the Janz VMOD-ICAN3 hardware itself.
      
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarIra W. Snyder <iws@ovro.caltech.edu>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      e21093ef
    • Ed Cashin's avatar
      net: do not disable sg for packets requiring no checksum · c0d680e5
      Ed Cashin authored
      A change in a series of VLAN-related changes appears to have
      inadvertently disabled the use of the scatter gather feature of
      network cards for transmission of non-IP ethernet protocols like ATA
      over Ethernet (AoE).  Below is a reference to the commit that
      introduces a "harmonize_features" function that turns off scatter
      gather when the NIC does not support hardware checksumming for the
      ethernet protocol of an sk buff.
      
        commit f01a5236
        Author: Jesse Gross <jesse@nicira.com>
        Date:   Sun Jan 9 06:23:31 2011 +0000
      
            net offloading: Generalize netif_get_vlan_features().
      
      The can_checksum_protocol function is not equipped to consider a
      protocol that does not require checksumming.  Calling it for a
      protocol that requires no checksum is inappropriate.
      
      The patch below has harmonize_features call can_checksum_protocol when
      the protocol needs a checksum, so that the network layer is not forced
      to perform unnecessary skb linearization on the transmission of AoE
      packets.  Unnecessary linearization results in decreased performance
      and increased memory pressure, as reported here:
      
        http://www.spinics.net/lists/linux-mm/msg15184.html
      
      The problem has probably not been widely experienced yet, because
      only recently has the kernel.org-distributed aoe driver acquired the
      ability to use payloads of over a page in size, with the patchset
      recently included in the mm tree:
      
        https://lkml.org/lkml/2012/8/28/140
      
      The coraid.com-distributed aoe driver already could use payloads of
      greater than a page in size, but its users generally do not use the
      newest kernels.
      Signed-off-by: default avatarEd Cashin <ecashin@coraid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0d680e5
    • Ed Cashin's avatar
      aoe: assert AoE packets marked as requiring no checksum · 8babe8cc
      Ed Cashin authored
      In order for the network layer to see that AoE requires
      no checksumming in a generic way, the packets must be
      marked as requiring no checksum, so we make this requirement
      explicit with the assertion.
      Signed-off-by: default avatarEd Cashin <ecashin@coraid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8babe8cc
    • Devendra Naga's avatar
      at91ether: return PTR_ERR if call to clk_get fails · 3cfc1590
      Devendra Naga authored
      we are currently returning ENODEV, as the clk_get may give a exact
      error code in its returned pointer, assign it to the ret by using the
      PTR_ERR function, so that the subsequent goto label will jump to the
      error path and clean the driver and return the error correctly.
      Signed-off-by: default avatarDevendra Naga <devendra.aaru@gmail.com>
      Acked-by: default avatarNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3cfc1590
  2. 20 Sep, 2012 8 commits
    • Mathias Krause's avatar
      xfrm_user: don't copy esn replay window twice for new states · e3ac104d
      Mathias Krause authored
      The ESN replay window was already fully initialized in
      xfrm_alloc_replay_state_esn(). No need to copy it again.
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3ac104d
    • Mathias Krause's avatar
      xfrm_user: ensure user supplied esn replay window is valid · ecd79187
      Mathias Krause authored
      The current code fails to ensure that the netlink message actually
      contains as many bytes as the header indicates. If a user creates a new
      state or updates an existing one but does not supply the bytes for the
      whole ESN replay window, the kernel copies random heap bytes into the
      replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
      netlink attribute. This leads to following issues:
      
      1. The replay window has random bits set confusing the replay handling
         code later on.
      
      2. A malicious user could use this flaw to leak up to ~3.5kB of heap
         memory when she has access to the XFRM netlink interface (requires
         CAP_NET_ADMIN).
      
      Known users of the ESN replay window are strongSwan and Steffen's
      iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
      uses the interface with a bitmap supplied while the former does not.
      strongSwan is therefore prone to run into issue 1.
      
      To fix both issues without breaking existing userland allow using the
      XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
      fully specified one. For the former case we initialize the in-kernel
      bitmap with zero, for the latter we copy the user supplied bitmap. For
      state updates the full bitmap must be supplied.
      
      To prevent overflows in the bitmap length calculation the maximum size
      of bmp_len is limited to 128 by this patch -- resulting in a maximum
      replay window of 4096 packets. This should be sufficient for all real
      life scenarios (RFC 4303 recommends a default replay window size of 64).
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Martin Willi <martin@revosec.ch>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ecd79187
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_tmpl() · 1f86840f
      Mathias Krause authored
      The memory used for the template copy is a local stack variable. As
      struct xfrm_user_tmpl contains multiple holes added by the compiler for
      alignment, not initializing the memory will lead to leaking stack bytes
      to userland. Add an explicit memset(0) to avoid the info leak.
      
      Initial version of the patch by Brad Spengler.
      
      Cc: Brad Spengler <spender@grsecurity.net>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f86840f
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_policy() · 7b789836
      Mathias Krause authored
      The memory reserved to dump the xfrm policy includes multiple padding
      bytes added by the compiler for alignment (padding bytes in struct
      xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
      memset(0) before filling the buffer to avoid the heap info leak.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7b789836
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_state() · f778a636
      Mathias Krause authored
      The memory reserved to dump the xfrm state includes the padding bytes of
      struct xfrm_usersa_info added by the compiler for alignment (7 for
      amd64, 3 for i386). Add an explicit memset(0) before filling the buffer
      to avoid the info leak.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f778a636
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_auth() · 4c87308b
      Mathias Krause authored
      copy_to_user_auth() fails to initialize the remainder of alg_name and
      therefore discloses up to 54 bytes of heap memory via netlink to
      userland.
      
      Use strncpy() instead of strcpy() to fill the trailing bytes of alg_name
      with null bytes.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c87308b
    • Bjørn Mork's avatar
      net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200 · 9db273f4
      Bjørn Mork authored
      One of the modes of Huawei E367 has this QMI/wwan interface:
      
       I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=07 Driver=(none)
       E:  Ad=83(I) Atr=03(Int.) MxPS=  64 Ivl=2ms
       E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
       E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
      
      Huawei use subclass and protocol to identify vendor specific
      functions, so adding a new vendor rule for this combination.
      
      The Pantech devices UML290 (106c:3718) and P4200 (106c:3721) use
      the same subclass to identify the QMI/wwan function.  Replace the
      existing device specific UML290 entries with generic vendor matching,
      adding support for the Pantech P4200.
      
      The ZTE MF683 has 6 vendor specific interfaces, all using
      ff/ff/ff for cls/sub/prot.  Adding a match on interface #5 which
      is a QMI/wwan interface.
      
      Cc: Fangxiaozhi (Franko) <fangxiaozhi@huawei.com>
      Cc: Thomas Schäfer <tschaefer@t-online.de>
      Cc: Dan Williams <dcbw@redhat.com>
      Cc: Shawn J. Goff <shawn7400@gmail.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9db273f4
    • Andrey Vagin's avatar
      tcp: restore rcv_wscale in a repair mode (v2) · bc26ccd8
      Andrey Vagin authored
      rcv_wscale is a symetric parameter with snd_wscale.
      
      Both this parameters are set on a connection handshake.
      
      Without this value a remote window size can not be interpreted correctly,
      because a value from a packet should be shifted on rcv_wscale.
      
      And one more thing is that wscale_ok should be set too.
      
      This patch doesn't break a backward compatibility.
      If someone uses it in a old scheme, a rcv window
      will be restored with the same bug (rcv_wscale = 0).
      
      v2: Save backward compatibility on big-endian system. Before
          the first two bytes were snd_wscale and the second two bytes were
          rcv_wscale. Now snd_wscale is opt_val & 0xFFFF and rcv_wscale >> 16.
          This approach is independent on byte ordering.
      
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
      Cc: James Morris <jmorris@namei.org>
      Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
      Cc: Patrick McHardy <kaber@trash.net>
      CC: Pavel Emelyanov <xemul@parallels.com>
      Signed-off-by: default avatarAndrew Vagin <avagin@openvz.org>
      Acked-by: default avatarPavel Emelyanov <xemul@parallels.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc26ccd8
  3. 19 Sep, 2012 5 commits
  4. 18 Sep, 2012 14 commits
  5. 17 Sep, 2012 1 commit
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · a1f6d8f7
      David S. Miller authored
      John W. Linville says:
      
      ====================
      This is a batch of fixes intended for the 3.6 stream.
      
      Arend van Spriel sends a simple thinko fix to correct a constant,
      preventing the setting of an invalid power level.
      
      Colin Ian King gives us a simple allocation failure check to avoid a
      NULL pointer dereference.
      
      Felix Fietkau sends another ath9k tx power patch, this time disabling a
      feature that has been reported to cause rx problems.
      
      Hante Meuleman provides a pair of endian fixes for brcmfmac.
      
      Larry Finger offers an rtlwifi fix that avoids a system lockup related
      to loading the wrong firmware for RTL8188CE devices.
      
      These have been in linux-next for a few days and I think they should be
      included in the final 3.6 kernel if possible.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1f6d8f7
  6. 15 Sep, 2012 1 commit
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes · 3f0c3c8f
      Linus Torvalds authored
      Pull GFS2 fixes from Steven Whitehouse:
       "Here are three GFS2 fixes for the current kernel tree.  These are all
        related to the block reservation code which was added at the merge
        window.  That code will be getting an update at the forthcoming merge
        window too.  In the mean time though there are a few smaller issues
        which should be fixed.
      
        The first patch resolves an issue with write sizes of greater than 32
        bits with the size hinting code.  The second ensures that the
        allocation data structure is initialised when using xattrs and the
        third takes into account allocations which may have been made by other
        nodes which affect a reservation on the local node."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
        GFS2: Take account of blockages when using reserved blocks
        GFS2: Fix missing allocation data for set/remove xattr
        GFS2: Make write size hinting code common
      3f0c3c8f