Eric Lee / smarc-fsl-linux-kernel

21 Oct, 2010

1 commit

21 Sep, 2010

1 commit

  • 8444cf712   xfrm: Allow different selector family in temporary state ... Browse Code »

    The family parameter xfrm_state_find is used to find a state matching a
    certain policy. This value is set to the template's family
    (encap_family) right before xfrm_state_find is called.
    The family parameter is however also used to construct a temporary state
    in xfrm_state_find itself which is wrong for inter-family scenarios
    because it produces a selector for the wrong family. Since this selector
    is included in the xfrm_user_acquire structure, user space programs
    misinterpret IPv6 addresses as IPv4 and vice versa.
    This patch splits up the original init_tempsel function into a part that
    initializes the selector respectively the props and id of the temporary
    state, to allow for differing ip address families whithin the state.

    Signed-off-by: Thomas Egerer
    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Thomas Egerer
     

17 Sep, 2010

1 commit

02 Sep, 2010

1 commit

15 Aug, 2010

1 commit

21 Jul, 2010

1 commit

15 Jul, 2010

1 commit

  • d809ec895   xfrm: do not assume that template resolving always returns xfrms ... Browse Code »

    xfrm_resolve_and_create_bundle() assumed that, if policies indicated
    presence of xfrms, bundle template resolution would always return
    some xfrms. This is not true for 'use' level policies which can
    result in no xfrm's being applied if there is no suitable xfrm states.
    This fixes a crash by this incorrect assumption.

    Reported-by: George Spelvin
    Bisected-by: George Spelvin
    Tested-by: George Spelvin
    Signed-off-by: Timo Teräs
    Signed-off-by: David S. Miller

    Timo Teräs
     

08 Jul, 2010

1 commit

26 Jun, 2010

1 commit

  • 1823e4c80   snmp: add align parameter to snmp_mib_init() ... Browse Code »

    In preparation for 64bit snmp counters for some mibs,
    add an 'align' parameter to snmp_mib_init(), instead
    of assuming mibs only contain 'unsigned long' fields.

    Callers can use __alignof__(type) to provide correct
    alignment.

    Signed-off-by: Eric Dumazet
    CC: Herbert Xu
    CC: Arnaldo Carvalho de Melo
    CC: Hideaki YOSHIFUJI
    CC: Vlad Yasevich
    Signed-off-by: David S. Miller

    Eric Dumazet
     

25 Jun, 2010

1 commit

  • b1312c89f   xfrm: check bundle policy existance before dereferencing it ... Browse Code »

    Fix the bundle validation code to not assume having a valid policy.
    When we have multiple transformations for a xfrm policy, the bundle
    instance will be a chain of bundles with only the first one having
    the policy reference. When policy_genid is bumped it will expire the
    first bundle in the chain which is equivalent of expiring the whole
    chain.

    Reported-bisected-and-tested-by: Justin P. Mattock
    Signed-off-by: Timo Teräs
    Signed-off-by: David S. Miller

    Timo Teräs
     

05 Jun, 2010

1 commit

  • 8764ab2ca   net: check for refcount if pop a stacked dst_entry ... Browse Code »

    xfrm triggers a warning if dst_pop() drops a refcount
    on a noref dst. This patch changes dst_pop() to
    skb_dst_pop(). skb_dst_pop() drops the refcnt only
    on a refcounted dst. Also we don't clone the child
    dst_entry, so it is not refcounted and we can use
    skb_dst_set_noref() in xfrm_output_one().

    Signed-off-by: Steffen Klassert
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Steffen Klassert
     

02 Jun, 2010

1 commit

  • fafeeb6c8   xfrm: force a dst reference in __xfrm_route_forward() ... Browse Code »

    Packets going through __xfrm_route_forward() have a not refcounted dst
    entry, since we enabled a noref forwarding path.

    xfrm_lookup() might incorrectly release this dst entry.

    It's a bit late to make invasive changes in xfrm_lookup(), so lets force
    a refcount in this path.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

18 May, 2010

3 commits

16 May, 2010

1 commit

  • a1aa34830   xfrm: fix policy unreferencing on larval drop ... Browse Code »

    I mistakenly had the error path to use num_pols to decide how
    many policies we need to drop (cruft from earlier patch set
    version which did not handle socket policies right).

    This is wrong since normally we do not keep explicit references
    (instead we hold reference to the cache entry which holds references
    to policies). drop_pols is set to num_pols if we are holding the
    references, so use that. Otherwise we eventually BUG_ON inside
    xfrm_policy_destroy due to premature policy deletion.

    Signed-off-by: Timo Teras
    Signed-off-by: David S. Miller

    Timo Teras
     

01 May, 2010

1 commit

21 Apr, 2010

1 commit

12 Apr, 2010

1 commit

07 Apr, 2010

3 commits

  • 285ead175   xfrm: remove policy garbage collection ... Browse Code »

    Policies are now properly reference counted and destroyed from
    all code paths. The delayed gc is just an overhead now and can
    be removed.

    Signed-off-by: Timo Teras
    Signed-off-by: David S. Miller

    Timo Teräs
     
  • 80c802f30   xfrm: cache bundles instead of policies for outgoing flows ... Browse Code »

    __xfrm_lookup() is called for each packet transmitted out of
    system. The xfrm_find_bundle() does a linear search which can
    kill system performance depending on how many bundles are
    required per policy.

    This modifies __xfrm_lookup() to store bundles directly in
    the flow cache. If we did not get a hit, we just create a new
    bundle instead of doing slow search. This means that we can now
    get multiple xfrm_dst's for same flow (on per-cpu basis).

    Signed-off-by: Timo Teras
    Signed-off-by: David S. Miller

    Timo Teräs
     
  • fe1a5f031   flow: virtualize flow cache entry methods ... Browse Code »

    This allows to validate the cached object before returning it.
    It also allows to destruct object properly, if the last reference
    was held in flow cache. This is also a prepartion for caching
    bundles in the flow cache.

    In return for virtualizing the methods, we save on:
    - not having to regenerate the whole flow cache on policy removal:
    each flow matching a killed policy gets refreshed as the getter
    function notices it smartly.
    - we do not have to call flow_cache_flush from policy gc, since the
    flow cache now properly deletes the object if it had any references

    Signed-off-by: Timo Teras
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Timo Teräs
     

02 Apr, 2010

3 commits

  • ea2dea9da   xfrm: remove policy lock when accessing policy->walk.dead ... Browse Code »

    All of the code considers ->dead as a hint that the cached policy
    needs to get refreshed. The read side can just drop the read lock
    without any side effects.

    The write side needs to make sure that it's written only exactly
    once. Only possible race is at xfrm_policy_kill(). This is fixed
    by checking result of __xfrm_policy_unlink() when needed. It will
    always succeed if the policy object is looked up from the hash
    list (so some checks are removed), but it needs to be checked if
    we are trying to unlink policy via a reference (appropriate
    checks added).

    Since policy->walk.dead is written exactly once, it no longer
    needs to be protected with a write lock.

    Signed-off-by: Timo Teras
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Timo Teräs
     
  • c8bf4d04f   xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler ... Browse Code »

    Add missing check for policy direction verification. This is
    especially important since without this xfrm_user may end up
    deleting per-socket policy which is not allowed.

    Signed-off-by: Timo Teras
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Timo Teräs
     
  • 34996cb91   xfrm: Remove xfrm_state_genid ... Browse Code »

    The xfrm state genid only needs to be matched against the copy
    saved in xfrm_dst. So we don't need a global genid at all. In
    fact, we don't even need to initialise it.

    Based on observation by Timo Teräs.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

03 Mar, 2010

1 commit

  • 87c1e12b5   ipsec: Fix bogus bundle flowi ... Browse Code »

    When I merged the bundle creation code, I introduced a bogus
    flowi value in the bundle. Instead of getting from the caller,
    it was instead set to the flow in the route object, which is
    totally different.

    The end result is that the bundles we created never match, and
    we instead end up with an ever growing bundle list.

    Thanks to Jamal for find this problem.

    Reported-by: Jamal Hadi Salim
    Signed-off-by: Herbert Xu
    Acked-by: Steffen Klassert
    Acked-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Herbert Xu
     

01 Mar, 2010

1 commit

27 Feb, 2010

1 commit

  • 37d400848   Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 ... Browse Code »

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (31 commits)
    crypto: aes_generic - Fix checkpatch errors
    crypto: fcrypt - Fix checkpatch errors
    crypto: ecb - Fix checkpatch errors
    crypto: des_generic - Fix checkpatch errors
    crypto: deflate - Fix checkpatch errors
    crypto: crypto_null - Fix checkpatch errors
    crypto: cipher - Fix checkpatch errors
    crypto: crc32 - Fix checkpatch errors
    crypto: compress - Fix checkpatch errors
    crypto: cast6 - Fix checkpatch errors
    crypto: cast5 - Fix checkpatch errors
    crypto: camellia - Fix checkpatch errors
    crypto: authenc - Fix checkpatch errors
    crypto: api - Fix checkpatch errors
    crypto: anubis - Fix checkpatch errors
    crypto: algapi - Fix checkpatch errors
    crypto: blowfish - Fix checkpatch errors
    crypto: aead - Fix checkpatch errors
    crypto: ablkcipher - Fix checkpatch errors
    crypto: pcrypt - call the complete function on error
    ...

    Linus Torvalds
     

24 Feb, 2010

1 commit

23 Feb, 2010

6 commits

20 Feb, 2010

2 commits

  • 2f1eb65f3   xfrm: Flushing empty SPD generates false events ... Browse Code »

    To see the effect make sure you have an empty SPD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
    You get prompt back in window2 and you see the flush event on window1.
    With this fix, you still get prompt on window1 but no event on window2.

    Thanks to Alexey Dobriyan for finding a bug in earlier version
    when using pfkey to do the flushing.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     
  • 9e64cc957   xfrm: Flushing empty SAD generates false events ... Browse Code »

    To see the effect make sure you have an empty SAD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
    You get prompt back in window2 and you see the flush event on window1.
    With this fix, you still get prompt on window1 but no event on window2.

    Thanks to Alexey Dobriyan for finding a bug in earlier version
    when using pfkey to do the flushing.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     

19 Feb, 2010

1 commit

18 Feb, 2010

1 commit

  • 069c474e8   xfrm: Revert false event eliding commits. ... Browse Code »

    As reported by Alexey Dobriyan:

    --------------------
    setkey now takes several seconds to run this simple script
    and it spits "recv: Resource temporarily unavailable" messages.

    #!/usr/sbin/setkey -f
    flush;
    spdflush;

    add A B ipcomp 44 -m tunnel -C deflate;
    add B A ipcomp 45 -m tunnel -C deflate;

    spdadd A B any -P in ipsec
    ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
    spdadd B A any -P out ipsec
    ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
    --------------------

    Obviously applications want the events even when the table
    is empty. So we cannot make this behavioral change.

    Signed-off-by: David S. Miller

    David S. Miller