24 Aug, 2014
1 commit
-
Pulling to get some TIPC fixes that a net-next series depends
upon.Signed-off-by: David S. Miller
23 Aug, 2014
3 commits
-
This patch introduces the use of the function usb_endpoint_num.
The Coccinelle semantic patch that makes these changes is as follows:
@@ struct usb_endpoint_descriptor *epd; @@
- (epd->bEndpointAddress & \(USB_ENDPOINT_NUMBER_MASK\|0x0f\))
+ usb_endpoint_num(epd)Signed-off-by: Himangi Saraogi
Acked-by: Julia Lawall
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller -
This patch introduces the use of the function usb_endpoint_num.
The Coccinelle semantic patch that makes these changes is as follows:
@@ struct usb_endpoint_descriptor *epd; @@
- (epd->bEndpointAddress & \(USB_ENDPOINT_NUMBER_MASK\|0x0f\))
+ usb_endpoint_num(epd)Signed-off-by: Himangi Saraogi
Acked-by: Julia Lawall
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Test for definedness of the macro which is actually defined (the
change is hard to see: it is s/SSS/SSA/).Signed-off-by: Rasmus Villemoes
Signed-off-by: David S. Miller
03 Aug, 2014
1 commit
-
clean up names related to socket filtering and bpf in the following way:
- everything that deals with sockets keeps 'sk_*' prefix
- everything that is pure BPF is changed to 'bpf_*' prefixsplit 'struct sk_filter' into
struct sk_filter {
atomic_t refcnt;
struct rcu_head rcu;
struct bpf_prog *prog;
};
and
struct bpf_prog {
u32 jited:1,
len:31;
struct sock_fprog_kern *orig_prog;
unsigned int (*bpf_func)(const struct sk_buff *skb,
const struct bpf_insn *filter);
union {
struct sock_filter insns[0];
struct bpf_insn insnsi[0];
struct work_struct work;
};
};
so that 'struct bpf_prog' can be used independent of sockets and cleans up
'unattached' bpf use casessplit SK_RUN_FILTER macro into:
SK_RUN_FILTER to be used with 'struct sk_filter *' and
BPF_PROG_RUN to be used with 'struct bpf_prog *'__sk_filter_release(struct sk_filter *) gains
__bpf_prog_release(struct bpf_prog *) helper functionalso perform related renames for the functions that work
with 'struct bpf_prog *', since they're on the same lines:sk_filter_size -> bpf_prog_size
sk_filter_select_runtime -> bpf_prog_select_runtime
sk_filter_free -> bpf_prog_free
sk_unattached_filter_create -> bpf_prog_create
sk_unattached_filter_destroy -> bpf_prog_destroy
sk_store_orig_filter -> bpf_prog_store_orig_filter
sk_release_orig_filter -> bpf_release_orig_filter
__sk_migrate_filter -> bpf_migrate_filter
__sk_prepare_filter -> bpf_prepare_filterAPI for attaching classic BPF to a socket stays the same:
sk_attach_filter(prog, struct sock *)/sk_detach_filter(struct sock *)
and SK_RUN_FILTER(struct sk_filter *, ctx) to execute a program
which is used by sockets, tun, af_packetAPI for 'unattached' BPF programs becomes:
bpf_prog_create(struct bpf_prog **)/bpf_prog_destroy(struct bpf_prog *)
and BPF_PROG_RUN(struct bpf_prog *, ctx) to execute a program
which is used by isdn, ppp, team, seccomp, ptp, xt_bpf, cls_bpf, test_bpfSigned-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller
01 Aug, 2014
1 commit
-
1) We don't allocate enough space for the NUL terminator so we end up
corrupting one character beyond the end of the buffer.2) The "len - 1" should just be "len". The code is trying to copy a
word from a buffer up to a comma or the last word in the buffer.
Say you have the buffer, "foo,bar,baz", then this code truncates the
last letter off each word so you get "fo", "ba", and "ba". You would
hope this kind of bug would get noticed in testing...I'm not very familiar with this code and I can't test it, but I think
we should copy the final character.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
31 Jul, 2014
2 commits
-
Correct typo in the name of the type given to sizeof. Because it is the
size of a pointer that is wanted, the typo has no impact on compilation or
execution.This problem was found using Coccinelle (http://coccinelle.lip6.fr/). The
semantic patch used can be found in message 0 of this patch series.Signed-off-by: Julia Lawall
Signed-off-by: David S. Miller -
Signed-off-by: David S. Miller
30 Jul, 2014
1 commit
-
There is a lack of usb_put_dev(udev) on failure path in gigaset_probe().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller
25 Jul, 2014
1 commit
-
This patch changes instances of magic numbers like 4 and 8 to equivalent
constants.The Coccinelle semantic patch used for making the change is as follows:
//
@r@
type T;
T E;
identifier fld;
identifier c;
@@E->fld & c
@s@
constant C;
identifier r.c;
@@#define c C
@@
r.T E;
identifier r.fld;
identifier r.c;
constant s.C;
@@E->fld &
- C
+ c
//Signed-off-by: Himangi Saraogi
Acked-by: Julia Lawall
Signed-off-by: David S. Miller
22 Jul, 2014
1 commit
-
Conflicts:
drivers/infiniband/hw/cxgb4/device.cThe cxgb4 conflict was simply overlapping changes.
Signed-off-by: David S. Miller
17 Jul, 2014
2 commits
-
Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
sk_unattached_filter api") inadvertently changed the logic when setting
PPP pass and active filters. This applies to both the generic PPP subsystem
implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP subsystem
implemented by drivers/isdn/i4l/isdn_ppp.c. The original code in ppp_ioctl()
(or isdn_ppp_ioctl(), resp.) handling PPPIOCSPASS and PPPIOCSACTIVE allowed to
remove a pass/active filter previously set by using a filter of length zero.
However, with the new code this is not possible anymore as this case is not
explicitly checked for, which leads to passing NULL as a filter to
sk_unattached_filter_create(). This results in returning EINVAL to the caller.Additionally, the variables ppp->pass_filter and ppp->active_filter (or
is->pass_filter and is->active_filter, resp.) are not reset to NULL, although
the filters they point to may have been destroyed by
sk_unattached_filter_destroy(), so in this EINVAL case dangling pointers are
left behind (provided the pointers were previously non-NULL).This patch corrects both problems by checking whether the filter passed is
empty or non-empty, and prevents sk_unattached_filter_create() from being
called in the first case. Moreover, the pointers are always reset to NULL
as soon as sk_unattached_filter_destroy() returns.Signed-off-by: Christoph Schulz
Signed-off-by: David S. Miller -
Signed-off-by: David S. Miller
16 Jul, 2014
1 commit
-
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen
Reviewed-by: David Herrmann
Signed-off-by: David S. Miller
15 Jul, 2014
1 commit
-
Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
sk_unattached_filter api") causes sk_chk_filter() to be called twice when
setting a PPP pass or active filter. This applies to both the generic PPP
subsystem implemented by drivers/net/ppp/ppp_generic.c and the ISDN PPP
subsystem implemented by drivers/isdn/i4l/isdn_ppp.c. The first call is from
within get_filter(). The second one is through the call chainppp_ioctl() or isdn_ppp_ioctl()
--> sk_unattached_filter_create()
--> __sk_prepare_filter()
--> sk_chk_filter()The first call from within get_filter() should be deleted as get_filter() is
called just before calling sk_unattached_filter_create() later on, which
eventually calls sk_chk_filter() anyway.For 3.15.x, this proposed change is a bugfix rather than a pure optimization as
in that branch, sk_chk_filter() may replace filter codes by other codes which
are not recognized when executing sk_chk_filter() a second time. So with
3.15.x, if sk_chk_filter() is called twice, the second invocation may yield
EINVAL (this depends on the filter codes found in the filter to be set, but
because the replacement is done for frequently used codes, this is almost
always the case). The net effect is that setting pass and/or active PPP filters
does not work anymore, since sk_unattached_filter_create() always returns
EINVAL due to the second call to sk_chk_filter(), regardless whether the filter
was originally sane or not.Signed-off-by: Christoph Schulz
Acked-by: Daniel Borkmann
Signed-off-by: David S. Miller
09 Jul, 2014
1 commit
-
There is otherwise a risk of a possible null pointer dereference.
Was largely found by using a static code analysis program called cppcheck.
Signed-off-by: Rickard Strandqvist
17 Jun, 2014
2 commits
-
There are 2 HISAX_AVM_A1_PCMCIA Kconfig entries. The kbuild system
ignores the second one, and apparently nobody noticed the problem so
far, so let's remove that second entry.Signed-off-by: Jean Delvare
Cc: Karsten Keil
Signed-off-by: David S. Miller -
The first half of the HiSax config options is presented if
ISDN_DRV_HISAX!=n, while the second half of the options is presented
if ISDN_DRV_HISAX. That's the same, so merge both conditionals.Signed-off-by: Jean Delvare
Cc: Karsten Keil
Signed-off-by: David S. Miller
05 Jun, 2014
3 commits
-
Since v2.4 the capi driver used the following device nodes if
"middleware" support was enabled:
/dev/capi20
/dev/capi/0
/dev/capi/1
[...]/dev/capi20 is a character device node. /dev/capi/0 (and up) are tty
device nodes (with a different major).This device node (naming) scheme is not documented anywhere, as far as I
know. It was originally provided by the capifs pseudo filesystem (before
udev became available). It is required for example by the pppd
capiplugin. It was supported until a few years ago. But a number of
developments broke it:
- v2.6.6 (May 2004) renamed /dev/capi20 to /dev/capi and removed the
"/" from the name of capi's tty driver. The explanation of the patch
that did this included two examples of udev rules "to restore the old
namespace";
- either udev 154 (May 2010) or udev 179 (January 2012) stopped
allowing to rename device nodes, and thus the ability to have
/dev/capi20 appear instead of /dev/capi and /dev/capi/0 (and up)
instead of /dev/capi0 (and up);
- v3.0 (July 2011) also removed capifs. That disabled another method to
create the /dev/capi/0 (and up) device nodes.So now users need to manually tweak their setup (eg, create /dev/capi/
and fill that with symlinks) to get things working. This is all rather
hacky and only discoverable by searching the web. Fix all this by
renaming /dev/capi back to /dev/capi20, and by setting the name of the
"capi_nc" tty driver to "capi!" so the tty device nodes appear as
/dev/capi/0 (and up).Signed-off-by: Paul Bolle
Signed-off-by: Tilman Schmidt
Acked-by: Greg Kroah-Hartman
Signed-off-by: David S. Miller -
The Kconfig symbol ISDN_DRV_AVMB1_VERBOSE_REASON is only used for
capi_info2str(). That function is only used in capidrv.c. So setting it
without setting ISDN_CAPI_CAPIDRV is pointless. Make it depend on
ISDN_CAPI_CAPIDRV, rename it to ISDN_CAPI_CAPIDRV_VERBOSE and put its
entry after ISDN_CAPI_CAPIDRV's entry.Since this symbol seems to be primarily used for debugging, keep it off
by default. By now the last users of capidrv hopefully know all they
need to know about the reasons for disconnecting.Signed-off-by: Paul Bolle
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
capi_info2str() is apparently meant to be of general utility. It is
actually only used in capidrv.c. So move it from capiutil.c to
capidrv.c and (obviously) stop exporting it.And, since we're touching this, merge the two versions of this
function.Signed-off-by: Paul Bolle
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
24 May, 2014
1 commit
-
The sk_unattached_filter_create() API is used by BPF filters that
are not directly attached or related to sockets, and are used in
team, ptp, xt_bpf, cls_bpf, etc. As such all users do their own
internal managment of obtaining filter blocks and thus already
have them in kernel memory and set up before calling into
sk_unattached_filter_create(). As a result, due to __user annotation
in sock_fprog, sparse triggers false positives (incorrect type in
assignment [different address space]) when filters are set up before
passing them to sk_unattached_filter_create(). Therefore, let
sk_unattached_filter_create() API use sock_fprog_kern to overcome
this issue.Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Signed-off-by: David S. Miller
23 May, 2014
2 commits
-
The code for resetting the timer can be simplified if mod_timer() is used
instead of del_timer() followed by add_timer().Signed-off-by: Manuel Schölling
Signed-off-by: David S. Miller -
To be future-proof and for better readability the time comparisons are modified
to use time_before() instead of plain, error-prone math.Signed-off-by: Manuel Schölling
Signed-off-by: David S. Miller
08 May, 2014
1 commit
-
The HISAX_HFC4S8S_PCIMEM code hasn't been able to compile since before
the start of git history. I have deleted it.There are also a few indenting mistakes where one side of the ifdef
wasn't indented correctly which I fixed as well.Reported-by: Walter Harms
Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
23 Apr, 2014
1 commit
-
A label just before a brace needs a following semicolon (empty statement).
Signed-off-by: Julia Lawall
Signed-off-by: David S. Miller
17 Apr, 2014
1 commit
-
This buffer over was detected using static analysis:
drivers/isdn/icn/icn.c:1325 icn_command()
error: format string overflow. buf_size: 60 length: 98The calculation for the length of the string is off because it assumes
that the dial[] buffer holds a 50 character string, but actually it is
at most 31 characters and NUL. I have removed the dial[] buffer because
it isn't needed.The maximum length of the string is actually 79 characters and a NUL. I
have made the cbuf[] array large enough to hold it and changed the
sprintf() to an snprintf() as a further safety enhancement.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
09 Apr, 2014
1 commit
-
There are three buffer overflows addressed in this patch.
1) In isdnloop_fake_err() we add an 'E' to a 60 character string and
then copy it into a 60 character buffer. I have made the destination
buffer 64 characters and I'm changed the sprintf() to a snprintf().2) In isdnloop_parse_cmd(), p points to a 6 characters into a 60
character buffer so we have 54 characters. The ->eazlist[] is 11
characters long. I have modified the code to return if the source
buffer is too long.3) In isdnloop_command() the cbuf[] array was 60 characters long but the
max length of the string then can be up to 79 characters. I made the
cbuf array 80 characters long and changed the sprintf() to snprintf().
I also removed the temporary "dial" buffer and changed it to use "p"
directly.Unfortunately, we pass the "cbuf" string from isdnloop_command() to
isdnloop_writecmd() which truncates anything over 60 characters to make
it fit in card->omsg[]. (It can accept values up to 255 characters so
long as there is a '\n' character every 60 characters). For now I have
just fixed the memory corruption bug and left the other problems in this
driver alone.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
03 Apr, 2014
1 commit
-
Return -EINVAL unless all of user-given strings are correctly
NUL-terminated.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
31 Mar, 2014
1 commit
-
Similarly as in ppp, we need to migrate the ISDN/PPP code to make use
of the sk_unattached_filter api in order to decouple having direct
filter structure access. By using sk_unattached_filter_{create,destroy},
we can allow for the possibility to jit compile filters for faster
filter verdicts as well.Joint work with Alexei Starovoitov.
Signed-off-by: Daniel Borkmann
Signed-off-by: Alexei Starovoitov
Cc: Karsten Keil
Cc: isdn4linux@listserv.isdn4linux.de
Signed-off-by: David S. Miller
28 Mar, 2014
1 commit
-
Use del_timer_sync to ensure that the timer is stopped on all CPUs before
the driver exists.This change was suggested by Thomas Gleixner.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)//
@r@
declarer name module_exit;
identifier ex;
@@module_exit(ex);
@@
identifier r.ex;
@@ex(...) {
}
//Signed-off-by: Julia Lawall
Signed-off-by: David S. Miller
26 Mar, 2014
1 commit
-
Conflicts:
Documentation/devicetree/bindings/net/micrel-ks8851.txt
net/core/netpoll.cThe net/core/netpoll.c conflict is a bug fix in 'net' happening
to code which is completely removed in 'net-next'.In micrel-ks8851.txt we simply have overlapping changes.
Signed-off-by: David S. Miller
19 Mar, 2014
1 commit
-
The Kconfig symbol ISDN_CAPI_MIDDLEWARE is only used in capi.c. Setting
it without setting ISDN_CAPI_CAPI20 is therefor useless. Make it depend
on ISDN_CAPI_CAPI20 and put its entry after ISDN_CAPI_CAPI20's entry.Signed-off-by: Paul Bolle
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
27 Feb, 2014
4 commits
-
The isdn core code uses a couple of wait queues with
interruptible_sleep_on, which is racy and about to get
removed from the kernel. Fortunately, we know for each case
what we are waiting for, so they can all be converted to
the better wait_event_interruptible interface.Signed-off-by: Arnd Bergmann
Cc: Karsten Keil
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller -
These two drivers use identical code for their procfs status
file handling, which contains a small race against status
data becoming available while reading the file.This uses wait_event_interruptible instead to fix this
particular race and eventually get rid of all sleep_on
instances. There seems to be another race involving
multiple concurrent readers of the same procfs file, which
I don't try to fix here.Signed-off-by: Arnd Bergmann
Cc: Karsten Keil
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller -
The state machine code in the elsa driver uses interruptible_sleep_on
to wait for state changes, which is racy. A closer look at the possible
states reveals that it is always used to wait for getting back into
ARCOFI_NOP, so we can use wait_event_interruptible instead.Signed-off-by: Arnd Bergmann
Cc: Karsten Keil
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller -
interruptible_sleep_on is racy and going away. In case of pcbit,
the driver would run into a timeout if the card is initialized
before we start waiting for it. This uses wait_event to fix the
race. In order to do this, the state machine handling for the
timeout case has to get trivially reorganized so we actually know
whether the timeout has occorred or not.Signed-off-by: Arnd Bergmann
Cc: Karsten Keil
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller
07 Feb, 2014
1 commit
-
This is a static checker fix, but judging from the context then I think
hexidecimal 0x80 is intended here instead of decimal 80.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
26 Jan, 2014
1 commit
-
Pull networking updates from David Miller:
1) BPF debugger and asm tool by Daniel Borkmann.
2) Speed up create/bind in AF_PACKET, also from Daniel Borkmann.
3) Correct reciprocal_divide and update users, from Hannes Frederic
Sowa and Daniel Borkmann.4) Currently we only have a "set" operation for the hw timestamp socket
ioctl, add a "get" operation to match. From Ben Hutchings.5) Add better trace events for debugging driver datapath problems, also
from Ben Hutchings.6) Implement auto corking in TCP, from Eric Dumazet. Basically, if we
have a small send and a previous packet is already in the qdisc or
device queue, defer until TX completion or we get more data.7) Allow userspace to manage ipv6 temporary addresses, from Jiri Pirko.
8) Add a qdisc bypass option for AF_PACKET sockets, from Daniel
Borkmann.9) Share IP header compression code between Bluetooth and IEEE802154
layers, from Jukka Rissanen.10) Fix ipv6 router reachability probing, from Jiri Benc.
11) Allow packets to be captured on macvtap devices, from Vlad Yasevich.
12) Support tunneling in GRO layer, from Jerry Chu.
13) Allow bonding to be configured fully using netlink, from Scott
Feldman.14) Allow AF_PACKET users to obtain the VLAN TPID, just like they can
already get the TCI. From Atzm Watanabe.15) New "Heavy Hitter" qdisc, from Terry Lam.
16) Significantly improve the IPSEC support in pktgen, from Fan Du.
17) Allow ipv4 tunnels to cache routes, just like sockets. From Tom
Herbert.18) Add Proportional Integral Enhanced packet scheduler, from Vijay
Subramanian.19) Allow openvswitch to mmap'd netlink, from Thomas Graf.
20) Key TCP metrics blobs also by source address, not just destination
address. From Christoph Paasch.21) Support 10G in generic phylib. From Andy Fleming.
22) Try to short-circuit GRO flow compares using device provided RX
hash, if provided. From Tom Herbert.The wireless and netfilter folks have been busy little bees too.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (2064 commits)
net/cxgb4: Fix referencing freed adapter
ipv6: reallocate addrconf router for ipv6 address when lo device up
fib_frontend: fix possible NULL pointer dereference
rtnetlink: remove IFLA_BOND_SLAVE definition
rtnetlink: remove check for fill_slave_info in rtnl_have_link_slave_info
qlcnic: update version to 5.3.55
qlcnic: Enhance logic to calculate msix vectors.
qlcnic: Refactor interrupt coalescing code for all adapters.
qlcnic: Update poll controller code path
qlcnic: Interrupt code cleanup
qlcnic: Enhance Tx timeout debugging.
qlcnic: Use bool for rx_mac_learn.
bonding: fix u64 division
rtnetlink: add missing IFLA_BOND_AD_INFO_UNSPEC
sfc: Use the correct maximum TX DMA ring size for SFC9100
Add Shradha Shah as the sfc driver maintainer.
net/vxlan: Share RX skb de-marking and checksum checks with ovs
tulip: cleanup by using ARRAY_SIZE()
ip_tunnel: clear IPCB in ip_tunnel_xmit() in case dst_link_failure() is called
net/cxgb4: Don't retrieve stats during recovery
...
23 Jan, 2014
1 commit
-
Pull trivial tree updates from Jiri Kosina:
"Usual rocket science stuff from trivial.git"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
neighbour.h: fix comment
sched: Fix warning on make htmldocs caused by wait.h
slab: struct kmem_cache is protected by slab_mutex
doc: Fix typo in USB Gadget Documentation
of/Kconfig: Spelling s/one/once/
mkregtable: Fix sscanf handling
lp5523, lp8501: comment improvements
thermal: rcar: comment spelling
treewide: fix comments and printk msgs
IXP4xx: remove '1 &&' from a condition check in ixp4xx_restart()
Documentation: update /proc/uptime field description
Documentation: Fix size parameter for snprintf
arm: fix comment header and macro name
asm-generic: uaccess: Spelling s/a ny/any/
mtd: onenand: fix comment header
doc: driver-model/platform.txt: fix a typo
drivers: fix typo in DEVTMPFS_MOUNT Kconfig help text
doc: Fix typo (acces_process_vm -> access_process_vm)
treewide: Fix typos in printk
drivers/gpu/drm/qxl/Kconfig: reformat the help text
...