04 Feb, 2010

1 commit

  • 1. After sock_register() returns, it's possible to create sockets,
    even if module still not initialized fully (blame generic module code
    for that!)
    2. Consequently, pfkey_create() can be called with pfkey_net_id still not
    initialized which will BUG_ON in net_generic():
    kernel BUG at include/net/netns/generic.h:43!
    3. During netns shutdown, netns ops should be unregistered after
    key manager unregistered because key manager calls can be triggered
    from xfrm_user module:

    general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
    pfkey_broadcast+0x111/0x210 [af_key]
    pfkey_send_notify+0x16a/0x300 [af_key]
    km_state_notify+0x41/0x70
    xfrm_flush_sa+0x75/0x90 [xfrm_user]
    4. Unregister netns ops after socket ops just in case and for symmetry.

    Reported by Luca Tettamanti.

    Signed-off-by: Alexey Dobriyan
    Tested-by: Luca Tettamanti
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     

03 Feb, 2010

2 commits

  • On Tue, Feb 02, 2010 at 02:57:14PM -0800, Greg KH (gregkh@suse.de) wrote:
    > > There are at least two ways to fix it: using a big cannon and a small
    > > one. The former way is to disable notification registration, since it is
    > > not used by anyone at all. Second way is to check whether calling
    > > process is root and its destination group is -1 (kind of priveledged
    > > one) before command is dispatched to workqueue.
    >
    > Well if no one is using it, removing it makes the most sense, right?
    >
    > No objection from me, care to make up a patch either way for this?

    Getting it is not used, let's drop support for notifications about
    (un)registered events from connector.
    Another option was to check credentials on receiving, but we can always
    restore it without bugs if needed, but genetlink has a wider code base
    and none complained, that userspace can not get notification when some
    other clients were (un)registered.

    Kudos for Sebastian Krahmer , who found a bug in the
    code.

    Signed-off-by: Evgeniy Polyakov
    Acked-by: Greg Kroah-Hartman
    Signed-off-by: David S. Miller

    Evgeniy Polyakov
     
  • David S. Miller
     

02 Feb, 2010

1 commit


01 Feb, 2010

1 commit


30 Jan, 2010

5 commits


29 Jan, 2010

2 commits

  • Commit 37e8273cd30592d3a82bcb70cbb1bdc4eaeb6b71 ("usbnet: Set link down
    initially for drivers that update link state") changed the initial link
    state in cdc_ether and other drivers based on the understanding that the
    devices they support generate link change interrupts. However, this is
    optional in the CDC Ethernet protocol, and two users have reported in
    that the link state
    for their devices remains down. Therefore, revert the change in
    cdc_ether.

    Signed-off-by: Ben Hutchings
    Tested-by: Avi Rozen
    Signed-off-by: David S. Miller

    Ben Hutchings
     
  • Noticed by Ben Hutchings.

    Signed-off-by: David S. Miller

    David S. Miller
     

28 Jan, 2010

7 commits


27 Jan, 2010

3 commits

  • netdev_open() will return without cleaning up net device or hardware state
    if firmware loading fails. This results in a BUG() on a second attempt to
    bring the interface up, reported in
    , and probably has even
    worse effects if the driver is removed afterwards.

    Call netdev_close() to clean up on failure.

    Addresses http://bugzilla.kernel.org/show_bug.cgi?id=15091

    Signed-off-by: Ben Hutchings
    Reported-by: Michael Moffatt
    Tested-by: Michael Moffatt
    Cc: "David S. Miller"
    Cc:
    Signed-off-by: Andrew Morton
    Signed-off-by: David S. Miller

    Ben Hutchings
     
  • I got below kernel oops when I try to bring down the network interface if
    ftrace is enabled. The root cause is drv_ampdu_action() is passed with a
    NULL ssn pointer in the BA session tear down case. We need to check and
    avoid dereferencing it in trace entry assignment.

    BUG: unable to handle kernel NULL pointer dereference
    Modules linked in: at (null)
    IP: [] ftrace_raw_event_drv_ampdu_action+0x10a/0x160 [mac80211]
    *pde = 00000000
    Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
    [...]
    Call Trace:
    [] ? ftrace_raw_event_drv_ampdu_action+0x0/0x160 [mac80211]
    [] ? __ieee80211_stop_rx_ba_session+0xfc/0x220 [mac80211]
    [] ? ieee80211_sta_tear_down_BA_sessions+0x3b/0x50 [mac80211]
    [] ? ieee80211_set_disassoc+0xe6/0x230 [mac80211]
    [] ? ieee80211_set_disassoc+0x9c/0x230 [mac80211]
    [] ? ieee80211_mgd_deauth+0x158/0x170 [mac80211]
    [] ? ieee80211_deauth+0x1b/0x20 [mac80211]
    [] ? __cfg80211_mlme_deauth+0xe9/0x120 [cfg80211]
    [] ? __cfg80211_disconnect+0x170/0x1d0 [cfg80211]

    Cc: Johannes Berg
    Cc: stable@kernel.org
    Signed-off-by: Zhu Yi
    Signed-off-by: John W. Linville

    Zhu Yi
     
  • The protocol number is not initialized, so userspace can't interpret
    the layer 4 data properly.

    Signed-off-by: Patrick McHardy

    Patrick McHardy
     

26 Jan, 2010

8 commits

  • The commit 0b5ccb2(title:ipv6: reassembly: use seperate reassembly queues for
    conntrack and local delivery) has broken the saddr&&daddr member of
    nf_ct_frag6_queue when creating new queue. And then hash value
    generated by nf_hashfn() was not equal with that generated by fq_find().
    So, a new received fragment can't be inserted to right queue.

    The patch fixes the bug with adding member of user to nf_ct_frag6_queue structure.

    Signed-off-by: Shan Wei
    Acked-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Shan Wei
     
  • I have seen RX stalls on a machine that experienced a suspected
    OOM. After the stall, the RX buffer is empty on the guest side
    and there are exactly 16 entries available on the host side. As
    the number of entries is less than that required by a maximal
    skb, the host cannot proceed.

    The guest did not have a refill job scheduled.

    My diagnosis is that an OOM had occured, with the delayed refill
    job scheduled. The job was able to allocate at least one skb, but
    not enough to overcome the minimum required by the host to proceed.

    As the refill job would only reschedule itself if it failed completely
    to allocate any skbs, this would lead to an RX stall.

    The following patch removes this stall possibility by always
    rescheduling the refill job until the ring is totally refilled.

    Testing has shown that the RX stall no longer occurs whereas
    previously it would occur within a day.

    Signed-off-by: Herbert Xu
    Acked-by: Rusty Russell
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • The low-level MCDI code always uses 32-bit MMIO operations, and
    callers must pad input and output buffers to multiples of 4 bytes.
    The MCDI NVRAM functions are not doing this. Also, their buffers are
    declared as variable-length arrays with no explicit maximum length.

    Switch to a fixed buffer size based on the chunk size used by the
    MTD driver (which is a multiple of 4).

    Signed-off-by: Ben Hutchings
    Signed-off-by: David S. Miller

    Ben Hutchings
     
  • Due to a hardware bug in the SFC9000 family, the firmware must
    transfer raw GMAC statistics to host memory before aggregating them
    into the cooked (speed-independent) MAC statistics. Extend the stats
    buffer to support this.

    The length of the buffer is explicit in the MAC_STATS command, so this
    change is backward-compatible on both sides.

    Signed-off-by: Ben Hutchings
    Signed-off-by: David S. Miller

    Guido Barzini
     
  • By rounding up the buffer size to power of 2, several expensive
    modulus operations can be avoided. This patch also solves a bug where
    the gap need when ring gets full was not being accounted for.

    Signed-off-by: Stephen Hemminger
    Signed-off-by: David S. Miller

    Stephen Hemminger
     
  • Currently qlge tries to release regions even if they were not allocated.
    This causes messages like the following in the kernel log

    Trying to free nonexistent resource
    Trying to free nonexistent resource
    Trying to free nonexistent resource

    This patch fixes the goto logic in order to not release the resources
    if they were not allocated.

    Signed-off-by: Breno Leitao
    Signed-off-by: David S. Miller

    Breno Leitao
     
  • Among other changes, this commit:

    commit 06d0f0663e11cab4ec5f2c143a118d71a12fbbe9
    Author: Sujith
    Date: Thu Feb 12 10:06:45 2009 +0530

    ath9k: Enable Fractional N mode

    changed the hw attach code to fix up initialization values only for
    dual band devices, however the commit message did not give a reason as
    to why this would be useful or necessary.

    According to tests by Jorge Boncompte, this breaks at least some
    2GHz-only cards, so the code should be changed back to the
    unconditional INI fixup.

    Signed-off-by: Felix Fietkau
    Reported-by: Jorge Boncompte
    Cc: stable@kernel.org
    Tested-by: Pavel Roskin
    Signed-off-by: John W. Linville

    Felix Fietkau
     
  • There are a few station addresses that are
    char *, instead of the normal u8 *; gcc
    gives pointer signedness warnings for some
    of those, so use u8 * consistently.

    Signed-off-by: Johannes Berg
    Signed-off-by: Reinette Chatre
    Signed-off-by: John W. Linville

    Johannes Berg
     

25 Jan, 2010

3 commits

  • GC is non-existent in netns, so after you hit GC threshold, no new
    dst entries will be created until someone triggers cleanup in init_net.

    Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
    This is not done in a generic way, because it woule waste
    (AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.

    Reorder GC threshold initialization so it'd be done before registering
    XFRM policies.

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     
  • Obviously, this register had some other impact that is causing
    the regression. Either it is masking some other access or needs
    to be reset in some path.

    Either, way it is best to just revert the change for 2.6.33

    This reverts commit 166a0fd4c788ec7f10ca8194ec6d526afa12db75.

    Signed-off-by: David S. Miller

    stephen hemminger
     
  • Bruno Prémont found commit 9793241fe92f7d930
    (vlan: Precise RX stats accounting) added a regression for non
    hw accelerated vlans.

    [ 26.390576] BUG: unable to handle kernel NULL pointer dereference at (null)
    [ 26.396369] IP: [] vlan_skb_recv+0x89/0x280 [8021q]

    vlan_dev_info() was used with original device, instead of
    skb->dev. Also spotted by Américo Wang.

    Reported-By: Bruno Prémont
    Tested-By: Bruno Prémont
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

24 Jan, 2010

1 commit


23 Jan, 2010

6 commits

  • Y2_HW_WOL_ON/Y2_HW_WOL_OFF should be set and cleared per chip,
    not per port. On dual port cards, Y2_HW_WOL_ON should be
    enabled if either sky2 port has WOL enabled.

    Found while reviewing code for a WOL regression, though this is
    probably not the cause of the regression.

    Signed-off-by: Mike McCormack
    Signed-off-by: David S. Miller

    Mike McCormack
     
  • Found this problem when testing IPv6 from a KVM guest to a remote
    host via e1000e device on the host.
    The following patch fixes the check for IPv6 GSO packet in Intel
    ethernet drivers to use skb_is_gso_v6(). SKB_GSO_DODGY is also set
    when packets are forwarded from a guest.

    Signed-off-by: Sridhar Samudrala
    Signed-off-by: Jeff Kirsher
    Signed-off-by: David S. Miller

    Sridhar Samudrala
     
  • After removing the skb_dma_map/unmap calls the exception handling in
    igb_tx_map_adv is not correct. The issue is that the count value was not
    being correctly handled so as a result we were not rewinding the ring as
    back as we should have been.

    Signed-off-by: Alexander Duyck
    Signed-off-by: Jeff Kirsher
    Signed-off-by: David S. Miller

    Alexander Duyck
     
  • Add igbvf to the list of supported Intel drivers and Alex to the list of
    maintainers.

    Signed-off-by: Jeff Kirsher
    Signed-off-by: David S. Miller

    Jeff Kirsher
     
  • When testing the "e1000: enhance frame fragment detection" (and e1000e)
    patches we found some bugs with reducing the MTU size. The 1024 byte
    descriptor used with the 1000 mtu test also (re) introduced the
    (originally) reported bug, and causes us to need the e1000_clean_tx_irq
    "enhance frame fragment detection" fix.

    So what has occured here is that 2.6.32 is only vulnerable for mtu <
    1500 due to the jumbo specific routines in both e1000 and e1000e.
    So, 2.6.32 needs the 2kB buffer len fix for those smaller MTUs, but
    is not vulnerable to the original issue reported. It has been pointed
    out that this vulnerability needs to be patched in older kernels that
    don't have the e1000 jumbo routine. Without the jumbo routines, we
    need the "enhance frame fragment detection" fix the e1000, old
    e1000e is only vulnerable for < 1500 mtu, and needs a similar
    fix. We split the patches up to provide easy backport paths.

    There is only a slight bit of extra code when this fix and the
    original "enhance frame fragment detection" fixes are applied, so
    please apply both, even though it is a bit of overkill.

    Signed-off-by: Jesse Brandeburg
    Signed-off-by: Jeff Kirsher
    Signed-off-by: David S. Miller

    Jesse Brandeburg
     
  • fmvj18x_cs, serial_cs:
    add new id
    Panasonic lan & modem card (model name:AL-VML101)

    Signed-off-by: Ken Kawasaki
    Signed-off-by: David S. Miller

    Ken Kawasaki