Eric Lee / smarc-fsl-linux-kernel

22 Dec, 2011

1 commit

  • c0ed1c14a   net: Add a flow_cache_flush_deferred function ... Browse Code »

    flow_cach_flush() might sleep but can be called from
    atomic context via the xfrm garbage collector. So add
    a flow_cache_flush_deferred() function and use this if
    the xfrm garbage colector is invoked from within the
    packet path.

    Signed-off-by: Steffen Klassert
    Acked-by: Timo Teräs
    Signed-off-by: David S. Miller

    Steffen Klassert
     

27 Nov, 2011

2 commits

01 Nov, 2011

1 commit

19 Oct, 2011

2 commits

08 Oct, 2011

1 commit

28 Sep, 2011

1 commit

22 Sep, 2011

2 commits

  • 8decf8687   Merge branch 'master' of github.com:davem330/net ... Browse Code »

    Conflicts:
    MAINTAINERS
    drivers/net/Kconfig
    drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
    drivers/net/ethernet/broadcom/tg3.c
    drivers/net/wireless/iwlwifi/iwl-pci.c
    drivers/net/wireless/iwlwifi/iwl-trans-tx-pcie.c
    drivers/net/wireless/rt2x00/rt2800usb.c
    drivers/net/wireless/wl12xx/main.c

    David S. Miller
     
  • bcf66bf54   xfrm: Perform a replay check after return from async codepaths ... Browse Code »
    1

    When asyncronous crypto algorithms are used, there might be many
    packets that passed the xfrm replay check, but the replay advance
    function is not called yet for these packets. So the replay check
    function would accept a replay of all of these packets. Also the
    system might crash if there are more packets in async processing
    than the size of the anti replay window, because the replay advance
    function would try to update the replay window beyond the bounds.

    This pach adds a second replay check after resuming from the async
    processing to fix these issues.

    Signed-off-by: Steffen Klassert
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Steffen Klassert
     

25 Aug, 2011

1 commit

02 Aug, 2011

1 commit

  • a9b3cd7f3   rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER ... Browse Code »

    When assigning a NULL value to an RCU protected pointer, no barrier
    is needed. The rcu_assign_pointer, used to handle that but will soon
    change to not handle the special case.

    Convert all rcu_assign_pointer of NULL value.

    //smpl
    @@ expression P; @@

    - rcu_assign_pointer(P, NULL)
    + RCU_INIT_POINTER(P, NULL)

    //

    Signed-off-by: Stephen Hemminger
    Acked-by: Paul E. McKenney
    Signed-off-by: David S. Miller

    Stephen Hemminger
     

29 Jul, 2011

1 commit

  • 4203223a1   xfrm: Fix key lengths for rfc3686(ctr(aes)) ... Browse Code »
    1

    Fix the min and max bit lengths for AES-CTR (RFC3686) keys.
    The number of bits in key spec is the key length (128/256)
    plus 32 bits of nonce.

    This change takes care of the "Invalid key length" errors
    reported by setkey when specifying 288 bit keys for aes-ctr.

    Signed-off-by: Tushar Gohad
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Tushar Gohad
     

18 Jul, 2011

2 commits

14 Jul, 2011

1 commit

08 Jul, 2011

1 commit

  • 8fcbc6370   XFRM: Fix memory leak in xfrm_state_update ... Browse Code »

    Upon "ip xfrm state update ..", xfrm_add_sa() takes an extra reference on
    the user-supplied SA and forgets to drop the reference when
    xfrm_state_update() returns 0. This leads to a memory leak as the
    parameter SA is never freed. This change attempts to fix the leak by
    calling __xfrm_state_put() when xfrm_state_update() updates a valid SA
    (err = 0). The parameter SA is added to the gc list when the final
    reference is dropped by xfrm_add_sa() upon completion.

    Signed-off-by: Tushar Gohad
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Tushar Gohad
     

06 Jul, 2011

1 commit

02 Jul, 2011

1 commit

21 Jun, 2011

1 commit

10 Jun, 2011

1 commit

  • c7ac8679b   rtnetlink: Compute and store minimum ifinfo dump size ... Browse Code »

    The message size allocated for rtnl ifinfo dumps was limited to
    a single page. This is not enough for additional interface info
    available with devices that support SR-IOV and caused a bug in
    which VF info would not be displayed if more than approximately
    40 VFs were created per interface.

    Implement a new function pointer for the rtnl_register service that will
    calculate the amount of data required for the ifinfo dump and allocate
    enough data to satisfy the request.

    Signed-off-by: Greg Rose
    Signed-off-by: Jeff Kirsher

    Greg Rose
     

08 Jun, 2011

1 commit

12 May, 2011

1 commit

11 May, 2011

2 commits

  • 6fa5ddcc6   xfrm: Don't allow esn with disabled anti replay detection ... Browse Code »

    Unlike the standard case, disabled anti replay detection needs some
    nontrivial extra treatment on ESN. RFC 4303 states:

    Note: If a receiver chooses to not enable anti-replay for an SA, then
    the receiver SHOULD NOT negotiate ESN in an SA management protocol.
    Use of ESN creates a need for the receiver to manage the anti-replay
    window (in order to determine the correct value for the high-order
    bits of the ESN, which are employed in the ICV computation), which is
    generally contrary to the notion of disabling anti-replay for an SA.

    So return an error if an ESN state with disabled anti replay detection
    is inserted for now and add the extra treatment later if we need it.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     
  • 43a4dea4c   xfrm: Assign the inner mode output function to the dst entry ... Browse Code »

    As it is, we assign the outer modes output function to the dst entry
    when we create the xfrm bundle. This leads to two problems on interfamily
    scenarios. We might insert ipv4 packets into ip6_fragment when called
    from xfrm6_output. The system crashes if we try to fragment an ipv4
    packet with ip6_fragment. This issue was introduced with git commit
    ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets
    as needed). The second issue is, that we might insert ipv4 packets in
    netfilter6 and vice versa on interfamily scenarios.

    With this patch we assign the inner mode output function to the dst entry
    when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner
    mode is used and the right fragmentation and netfilter functions are called.
    We switch then to outer mode with the output_finish functions.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     

06 May, 2011

1 commit

29 Apr, 2011

2 commits

27 Apr, 2011

2 commits

23 Apr, 2011

1 commit

31 Mar, 2011

1 commit

29 Mar, 2011

4 commits

28 Mar, 2011

2 commits

22 Mar, 2011

1 commit

  • a454f0cce   xfrm: Fix initialize repl field of struct xfrm_state ... Browse Code »

    Commit 'xfrm: Move IPsec replay detection functions to a separate file'
    (9fdc4883d92d20842c5acea77a4a21bb1574b495)
    introduce repl field to struct xfrm_state, and only initialize it
    under SA's netlink create path, the other path, such as pf_key,
    ipcomp/ipcomp6 etc, the repl field remaining uninitialize. So if
    the SA is created by pf_key, any input packet with SA's encryption
    algorithm will cause panic.

    int xfrm_input()
    {
    ...
    x->repl->advance(x, seq);
    ...
    }

    This patch fixed it by introduce new function __xfrm_init_state().

    Pid: 0, comm: swapper Not tainted 2.6.38-next+ #14 Bochs Bochs
    EIP: 0060:[] EFLAGS: 00010206 CPU: 0
    EIP is at xfrm_input+0x31c/0x4cc
    EAX: dd839c00 EBX: 00000084 ECX: 00000000 EDX: 01000000
    ESI: dd839c00 EDI: de3a0780 EBP: dec1de88 ESP: dec1de64
    DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
    Process swapper (pid: 0, ti=dec1c000 task=c09c0f20 task.ti=c0992000)
    Stack:
    00000000 00000000 00000002 c0ba27c0 00100000 01000000 de3a0798 c0ba27c0
    00000033 dec1de98 c0786848 00000000 de3a0780 dec1dea4 c0786868 00000000
    dec1debc c074ee56 e1da6b8c de3a0780 c074ed44 de3a07a8 dec1decc c074ef32
    Call Trace:
    [] xfrm4_rcv_encap+0x22/0x27
    [] xfrm4_rcv+0x1b/0x1d
    [] ip_local_deliver_finish+0x112/0x1b1
    [] ? ip_local_deliver_finish+0x0/0x1b1
    [] NF_HOOK.clone.1+0x3d/0x44
    [] ip_local_deliver+0x3e/0x44
    [] ? ip_local_deliver_finish+0x0/0x1b1
    [] ip_rcv_finish+0x30a/0x332
    [] ? ip_rcv_finish+0x0/0x332
    [] NF_HOOK.clone.1+0x3d/0x44
    [] ip_rcv+0x20b/0x247
    [] ? ip_rcv_finish+0x0/0x332
    [] __netif_receive_skb+0x373/0x399
    [] netif_receive_skb+0x4b/0x51
    [] cp_rx_poll+0x210/0x2c4 [8139cp]
    [] net_rx_action+0x9a/0x17d
    [] __do_softirq+0xa1/0x149
    [] ? __do_softirq+0x0/0x149

    Signed-off-by: Wei Yongjun
    Signed-off-by: David S. Miller

    Wei Yongjun
     

17 Mar, 2011

1 commit

  • fbd506087   xfrm: Refcount destination entry on xfrm_lookup ... Browse Code »

    We return a destination entry without refcount if a socket
    policy is found in xfrm_lookup. This triggers a warning on
    a negative refcount when freeeing this dst entry. So take
    a refcount in this case to fix it.

    This refcount was forgotten when xfrm changed to cache bundles
    instead of policies for outgoing flows.

    Signed-off-by: Steffen Klassert
    Acked-by: Timo Teräs
    Signed-off-by: David S. Miller

    Steffen Klassert