05 Oct, 2009
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Linus Torvalds
03 Oct, 2009
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (46 commits)
cnic: Fix NETDEV_UP event processing.
uvesafb/connector: Disallow unpliviged users to send netlink packets
pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
dst/connector: Disallow unpliviged users to configure dst
dm/connector: Only process connector packages from privileged processes
connector: Removed the destruct_data callback since it is always kfree_skb()
connector/dm: Fixed a compilation warning
connector: Provide the sender's credentials to the callback
connector: Keep the skb in cn_callback_data
e1000e/igb/ixgbe: Don't report an error if devices don't support AER
net: Fix wrong sizeof
net: splice() from tcp to pipe should take into account O_NONBLOCK
net: Use sk_mark for routing lookup in more places
sky2: irqname based on pci address
skge: use unique IRQ name
IPv4 TCP fails to send window scale option when window scale is zero
net/ipv4/tcp.c: fix min() type mismatch warning
Kconfig: STRIP: Remove stale bits of STRIP help text
NET: mkiss: Fix typo
tg3: Remove prev_vlan_tag from struct tx_ring_info
... -
tcp_splice_read() doesnt take into account socket's O_NONBLOCK flag
Before this patch :
splice(socket,0,pipe,0,128*1024,SPLICE_F_MOVE);
causes a random endless block (if pipe is full) and
splice(socket,0,pipe,0,128*1024,SPLICE_F_MOVE | SPLICE_F_NONBLOCK);
will return 0 immediately if the TCP buffer is empty.User application has no way to instruct splice() that socket should be in blocking mode
but pipe in nonblock more.Many projects cannot use splice(tcp -> pipe) because of this flaw.
http://git.samba.org/?p=samba.git;a=history;f=source3/lib/recvfile.c;h=ea0159642137390a0f7e57a123684e6e63e47581;hb=HEAD
http://lkml.indiana.edu/hypermail/linux/kernel/0807.2/0687.htmlLinus introduced SPLICE_F_NONBLOCK in commit 29e350944fdc2dfca102500790d8ad6d6ff4f69d
(splice: add SPLICE_F_NONBLOCK flag )It doesn't make the splice itself necessarily nonblocking (because the
actual file descriptors that are spliced from/to may block unless they
have the O_NONBLOCK flag set), but it makes the splice pipe operations
nonblocking.Linus intention was clear : let SPLICE_F_NONBLOCK control the splice pipe mode only
This patch instruct tcp_splice_read() to use the underlying file O_NONBLOCK
flag, as other socket operations do.Users will then call :
splice(socket,0,pipe,0,128*1024,SPLICE_F_MOVE | SPLICE_F_NONBLOCK );
to block on data coming from socket (if file is in blocking mode),
and not block on pipe output (to avoid deadlock)First version of this patch was submitted by Octavian Purdila
Reported-by: Volker Lendecke
Reported-by: Jason Gunthorpe
Signed-off-by: Eric Dumazet
Signed-off-by: Octavian Purdila
Acked-by: Linus Torvalds
Acked-by: Jens Axboe
Signed-off-by: David S. Miller
02 Oct, 2009
5 commits
-
This patch against v2.6.31 adds support for route lookup using sk_mark in some
more places. The benefits from this patch are the following.
First, SO_MARK option now has effect on UDP sockets too.
Second, ip_queue_xmit() and inet_sk_rebuild_header() could fail to do routing
lookup correctly if TCP sockets with SO_MARK were used.Signed-off-by: Atis Elsts
Acked-by: Eric Dumazet -
Acknowledge TCP window scale support by inserting the proper option in SYN/ACK
and SYN headers even if our window scale is zero.This fixes the following observed behavior:
1. Client sends a SYN with TCP window scaling option and non zero window scale
value to a Linux box.
2. Linux box notes large receive window from client.
3. Linux decides on a zero value of window scale for its part.
4. Due to compare against requested window scale size option, Linux does not to
send windows scale TCP option header on SYN/ACK at all.With the following result:
Client box thinks TCP window scaling is not supported, since SYN/ACK had no
TCP window scale option, while Linux thinks that TCP window scaling is
supported (and scale might be non zero), since SYN had TCP window scale
option and we have a mismatched idea between the client and server
regarding window sizes.Probably it also fixes up the following bug (not observed in practice):
1. Linux box opens TCP connection to some server.
2. Linux decides on zero value of window scale.
3. Due to compare against computed window scale size option, Linux does
not to set windows scale TCP option header on SYN.With the expected result that the server OS does not use window scale option
due to not receiving such an option in the SYN headers, leading to suboptimal
performance.Signed-off-by: Gilad Ben-Yossef
Signed-off-by: Ori Finkelman
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
net/ipv4/tcp.c: In function 'do_tcp_setsockopt':
net/ipv4/tcp.c:2050: warning: comparison of distinct pointer types lacks a castSigned-off-by: Andrew Morton
Signed-off-by: David S. Miller -
After last pktgen changes, delay handling is wrong.
pktgen actually sends packets at full line speed.
Fix is to update pkt_dev->next_tx even if spin() returns early,
so that next spin() calls have a chance to see a positive delay.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
01 Oct, 2009
7 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
ax25: Fix possible oops in ax25_make_new
net: restore tx timestamping for accelerated vlans
Phonet: fix mutex imbalance
sit: fix off-by-one in ipip6_tunnel_get_prl
net: Fix sock_wfree() race
net: Make setsockopt() optlen be unsigned. -
In ax25_make_new, if kmemdup of digipeat returns an error, there would
be an oops in sk_free while calling sk_destruct, because sk_protinfo
is NULL at the moment; move sk->sk_destruct initialization after this.BTW of reported-by: Bernard Pidoux F6BVP
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
Since commit 9b22ea560957de1484e6b3e8538f7eef202e3596
( net: fix packet socket delivery in rx irq handler )We lost rx timestamping of packets received on accelerated vlans.
Effect is that tcpdump on real dev can show strange timings, since it gets rx timestamps
too late (ie at skb dequeueing time, not at skb queueing time)14:47:26.986871 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 1
14:47:26.986786 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 114:47:27.986888 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 2
14:47:27.986781 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 214:47:28.986896 IP 192.168.20.110 > 192.168.20.141: icmp 64: echo request seq 3
14:47:28.986780 IP 192.168.20.141 > 192.168.20.110: icmp 64: echo reply seq 3Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
From: Rémi Denis-Courmont
port_mutex was unlocked twice.
Signed-off-by: Rémi Denis-Courmont
Signed-off-by: David S. Miller -
When requesting all prl entries (kprl.addr == INADDR_ANY) and there are
more prl entries than there is space passed from userspace, the existing
code would always copy cmax+1 entries, which is more than can be handled.This patch makes the kernel copy only exactly cmax entries.
Signed-off-by: Sascha Hlusiak
Acked-By: Fred L. Templin
Signed-off-by: David S. Miller -
Commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
(net: No more expensive sock_hold()/sock_put() on each tx)
opens a window in sock_wfree() where another cpu
might free the socket we are working on.A fix is to call sk->sk_write_space(sk) while still
holding a reference on sk.Reported-by: Jike Song
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
This provides safety against negative optlen at the type
level instead of depending upon (sometimes non-trivial)
checks against this sprinkled all over the the place, in
each and every implementation.Based upon work done by Arjan van de Ven and feedback
from Linus Torvalds.Signed-off-by: David S. Miller
30 Sep, 2009
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (33 commits)
sony-laptop: re-read the rfkill state when resuming from suspend
sony-laptop: check for rfkill hard block at load time
wext: add back wireless/ dir in sysfs for cfg80211 interfaces
wext: Add bound checks for copy_from_user
mac80211: improve/fix mlme messages
cfg80211: always get BSS
iwlwifi: fix 3945 ucode info retrieval after failure
iwlwifi: fix memory leak in command queue handling
iwlwifi: fix debugfs buffer handling
cfg80211: don't set privacy w/o key
cfg80211: wext: don't display BSSID unless associated
net: Add explicit bound checks in net/socket.c
bridge: Fix double-free in br_add_if.
isdn: fix netjet/isdnhdlc build errors
atm: dereference of he_dev->rbps_virt in he_init_group()
ax25: Add missing dev_put in ax25_setsockopt
Revert "sit: stateless autoconf for isatap"
net: fix double skb free in dcbnl
net: fix nlmsg len size for skb when error bit is set.
net: fix vlan_get_size to include vlan_flags size
... -
Consider the following step-by step:
1. A STA authenticates and associates with the AP and exchanges
traffic.
2. The STA reports to the AP that it is going to PS state.
3. Some time later the STA device goes to the stand-by mode (not only
its wi-fi card, but the device itself) and drops the association state
without sending a disassociation frame.
4. The STA device wakes up and begins authentication with an
Auth frame as it hasn't been authenticated/associated previously.At the step 4 the AP "remembers" the STA and considers it is still in
the PS state, so the AP buffers frames, which it has to send to the STA.
But the STA isn't actually in the PS state and so it neither checks
TIM bits nor reports to the AP that it isn't power saving.
Because of that authentication/[re]association fails.To fix authentication/[re]association stage of this issue, Auth, Assoc
Resp and Reassoc Resp frames are transmitted disregarding of STA's power
saving state.N.B. This patch doesn't fix further data frame exchange after
authentication/[re]association. A patch in hostapd is required to fix
that.Signed-off-by: Igor Perminov
Signed-off-by: John W. Linville
29 Sep, 2009
10 commits
-
The move away from having drivers assign wireless handlers,
in favour of making cfg80211 assign them, broke the sysfs
registration (the wireless/ dir went missing) because the
handlers are now assigned only after registration, which is
too late.Fix this by special-casing cfg80211-based devices, all
of which are required to have an ieee80211_ptr, in the
sysfs code, and also using get_wireless_stats() to have
the same values reported as in procfs.Signed-off-by: Johannes Berg
Reported-by: Hugh Dickins
Tested-by: Hugh Dickins
Signed-off-by: John W. Linville -
The wireless extensions have a copy_from_user to a local stack
array "essid", but both me and gcc have failed to find where
the bounds for this copy are located in the code.This patch adds some basic sanity checks for the copy length
to make sure that we don't overflow the stack buffer.Signed-off-by: Arjan van de Ven
Cc: linux-wireless@vger.kernel.org
Signed-off-by: John W. Linville -
It's useful to know the MAC address when being
disassociated; fix a typo (missing colon) and
move some messages so we get them only when they
are actually taking effect.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Multiple problems were reported due to interaction
between wpa_supplicant and the wext compat code in
cfg80211, which appear to be due to it not getting
any bss pointer here when wpa_supplicant sets all
parameters -- do that now. We should still get the
bss after doing an extra scan, but that appears to
increase the time we need for connecting enough to
sometimes cause timeouts.Signed-off-by: Johannes Berg
Tested-by: Hin-Tak Leung ,
Signed-off-by: John W. Linville -
When wpa_supplicant is used to connect to open networks,
it causes the wdev->wext.keys to point to key memory, but
that key memory is all empty. Only use privacy when there
is a default key to be used.Signed-off-by: Johannes Berg
Tested-by: Luis R. Rodriguez
Tested-by: Kalle Valo
Signed-off-by: John W. Linville -
Currently, cfg80211's SIOCGIWAP implementation returns
the BSSID that the user set, even if the connection has
since been dropped due to other changes. It only should
return the current BSSID when actually connected.Also do a small code cleanup.
Reported-by: Thomas H. Guenther
Signed-off-by: Johannes Berg
Tested-by: Thomas H. Guenther
Signed-off-by: John W. Linville -
The sys_socketcall() function has a very clever system for the copy
size of its arguments. Unfortunately, gcc cannot deal with this in
terms of proving that the copy_from_user() is then always in bounds.
This is the last (well 9th of this series, but last in the kernel) such
case around.With this patch, we can turn on code to make having the boundary provably
right for the whole kernel, and detect introduction of new security
accidents of this type early on.Signed-off-by: Arjan van de Ven
Signed-off-by: David S. Miller -
There is a potential double-kfree in net/bridge/br_if.c. If br_fdb_insert
fails, then the kobject is put back (which calls kfree due to the kobject
release), and then kfree is called again on the net_bridge_port. This
patch fixes the crash.Thanks to Stephen Hemminger for the one-line fix.
Signed-off-by: Jeff Hansen
Signed-off-by: David S. Miller -
ax25_setsockopt SO_BINDTODEVICE is missing a dev_put call in case of
success. Re-order code to fix this bug. While at it also reformat two
lines of code to comply with the Linux coding style.Initial patch by Jarek Poplawski .
Reported-by: Bernard Pidoux F6BVP
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller
28 Sep, 2009
1 commit
-
* mark struct vm_area_struct::vm_ops as const
* mark vm_ops in AGP codeBut leave TTM code alone, something is fishy there with global vm_ops
being used.Signed-off-by: Alexey Dobriyan
Signed-off-by: Linus Torvalds
27 Sep, 2009
4 commits
-
This reverts commit 645069299a1c7358cf7330afe293f07552f11a5d.
While the code does not actually break anything, it does not completely follow
RFC5214 yet. After talking back with Fred L. Templin, I agree that completing the
ISATAP specific RS/RA code, would pollute the kernel a lot with code that is better
implemented in userspace.The kernel should not send RS packages for ISATAP at all.
Signed-off-by: Sascha Hlusiak
Acked-by: Fred L. Templin
Signed-off-by: David S. Miller -
netlink_unicast() calls kfree_skb even in the error case.
dcbnl calls netlink_unicast() which when it fails free's the
skb and returns an error value. dcbnl is free'ing the skb
again when this error occurs. This patch removes the double
free.Signed-off-by: John Fastabend
Signed-off-by: Jeff Kirsher
Signed-off-by: David S. Miller -
Currently, the nlmsg->len field is not set correctly in netlink_ack()
for ack messages that include the nlmsg of the error frame. This
corrects the length field passed to __nlmsg_put to use the correct
payload size.Signed-off-by: John Fastabend
Signed-off-by: Jeff Kirsher
Signed-off-by: David S. Miller -
Fix vlan_get_size to include vlan->flags. Currently, the
size of the vlan flags is not included in the nlmsg size.Signed-off-by: John Fastabend
Signed-off-by: Jeff Kirsher
Signed-off-by: David S. Miller
26 Sep, 2009
1 commit
-
Use ax25_cb_put after ax25_find_cb in ax25_ctl_ioctl.
Reported-by: Bernard Pidoux F6BVP
Signed-off-by: Jarek Poplawski
Reviewed-by: Ralf Baechle
Signed-off-by: David S. Miller
25 Sep, 2009
7 commits
-
Similar to commit d136f1bd366fdb7e747ca7e0218171e7a00a98a5,
there's a bug when unregistering a generic netlink family,
which is caught by the might_sleep() added in that commit:BUG: sleeping function called from invalid context at net/netlink/af_netlink.c:183
in_atomic(): 1, irqs_disabled(): 0, pid: 1510, name: rmmod
2 locks held by rmmod/1510:
#0: (genl_mutex){+.+.+.}, at: [] genl_unregister_family+0x2b/0x130
#1: (rcu_read_lock){.+.+..}, at: [] __genl_unregister_mc_group+0x1c/0x120
Pid: 1510, comm: rmmod Not tainted 2.6.31-wl #444
Call Trace:
[] __might_sleep+0x119/0x150
[] netlink_table_grab+0x21/0x100
[] netlink_clear_multicast_users+0x23/0x60
[] __genl_unregister_mc_group+0x71/0x120
[] genl_unregister_family+0x56/0x130
[] nl80211_exit+0x15/0x20 [cfg80211]
[] cfg80211_exit+0x1a/0x40 [cfg80211]Fix in the same way by grabbing the netlink table lock
before doing rcu_read_lock().Signed-off-by: Johannes Berg
Signed-off-by: David S. Miller -
It seems recursion field from "struct ip_tunnel" is not anymore needed.
recursion prevention is done at the upper level (in dev_queue_xmit()),
since we use HARD_TX_LOCK protection for tunnels.This avoids a cache line ping pong on "struct ip_tunnel" : This structure
should be now mostly read on xmit and receive paths.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
DOCPROC Documentation/DocBook/networking.xml
Warning(net/sunrpc/clnt.c:647): No description found for parameter 'req'
Warning(net/sunrpc/clnt.c:647): No description found for parameter 'tk_ops'
Warning(net/sunrpc/clnt.c:647): Excess function parameter 'ops' description in 'rpc_run_bc_task'Signed-off-by: Jaswinder Singh Rajput
Cc: Ricardo Labiaga
Cc: Benny Halevy
Cc: Andy Adamson
Cc: Trond Myklebust
Cc: Randy Dunlap
Cc: David Miller
Signed-off-by: David S. Miller -
If we ever implement this, then we can stop returning an error.
Signed-off-by: Rémi Denis-Courmont
Signed-off-by: David S. Miller -
Allocating a port number to a socket and hashing that socket shall be
an atomic operation with regards to other port allocation. Otherwise,
we could allocate a port that is already being allocated to another
socket.Signed-off-by: Rémi Denis-Courmont
Signed-off-by: David S. Miller -
Previous update did not resched in inner loop causing watchdogs.
Rewrite inner loop to:
* account for delays better with less clock calls
* more accurate timing of delay:
- only delay if packet was successfully sent
- if delay is 100ns and it takes 10ns to build packet then
account for that
* use wait_event_interruptible_timeout rather than open coding it.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Get rid of unused flag bit.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
