29 Mar, 2011
6 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (30 commits)
xfrm: Restrict extended sequence numbers to esp
xfrm: Check for esn buffer len in xfrm_new_ae
xfrm: Assign esn pointers when cloning a state
xfrm: Move the test on replay window size into the replay check functions
netdev: bfin_mac: document TE setting in RMII modes
drivers net: Fix declaration ordering in inline functions.
cxgb3: Apply interrupt coalescing settings to all queues
net: Always allocate at least 16 skb frags regardless of page size
ipv4: Don't ip_rt_put() an error pointer in RAW sockets.
net: fix ethtool->set_flags not intended -EINVAL return value
mlx4_en: Fix loss of promiscuity
tg3: Fix inline keyword usage
tg3: use and instead and
net: use CHECKSUM_NONE instead of magic number
Net / jme: Do not use legacy PCI power management
myri10ge: small rx_done refactoring
bridge: notify applications if address of bridge device changes
ipv4: Fix IP timestamp option (IPOPT_TS_PRESPEC) handling in ip_options_echo()
can: c_can: Fix tx_bytes accounting
can: c_can_platform: fix irq check in probe
... -
The IPsec extended sequence numbers are fully implemented just for
esp. So restrict the usage to esp until other protocols have
support too.Signed-off-by: Steffen Klassert
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
In xfrm_new_ae() we may overwrite the allocated esn replay state
buffer with a wrong size. So check that the new size matches the
original allocated size and return an error if this is not the case.Signed-off-by: Steffen Klassert
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
When we clone a xfrm state we have to assign the replay_esn
and the preplay_esn pointers to the state if we use the
new replay detection method. To this end, we add a
xfrm_replay_clone() function that allocates memory for
the replay detection and takes over the necessary values
from the original state.Signed-off-by: Steffen Klassert
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
As it is, the replay check is just performed if the replay window of the
legacy implementation is nonzero. So we move the test on a nonzero replay
window inside the replay check functions to be sure we are testing for the
right implementation.Signed-off-by: Steffen Klassert
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
Reported-by: Marc Kleine-Budde
Signed-off-by: David S. Miller
28 Mar, 2011
12 commits
-
After commit d5dbda23804156ae6f35025ade5307a49d1db6d7 "ethtool: Add
support for vlan accleration.", drivers that have NETIF_F_HW_VLAN_TX,
and/or NETIF_F_HW_VLAN_RX feature, but do not allow enable/disable vlan
acceleration via ethtool set_flags, always return -EINVAL from that
function. Fix by returning -EINVAL only if requested features do not
match current settings and can not be changed by driver.Change any driver that define ethtool->set_flags to use
ethtool_invalid_flags() to avoid similar problems in the future
(also on drivers that do not have the problem).Tested with modified (to reproduce this bug) myri10ge driver.
Cc: stable@kernel.org # 2.6.37+
Signed-off-by: Stanislaw Gruszka
Signed-off-by: David S. Miller -
Two places in the kernel were doing skb->ip_summed = 0.
Change both to skb->ip_summed = CHECKSUM_NONE, which is more readable.
Signed-off-by: Cesar Eduardo Barros
Signed-off-by: David S. Miller -
The mac address of the bridge device may be changed when a new interface
is added to the bridge. If this happens, then the bridge needs to call
the network notifiers to tickle any other systems that care. Since bridge
can be a module, this also means exporting the notifier function.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
The current handling of echoed IP timestamp options with prespecified
addresses is rather broken since the 2.2.x kernels. As far as i understand
it, it should behave like when originating packets.Currently it will only timestamp the next free slot if:
- there is space for *two* timestamps
- some random data from the echoed packet taken as an IP is *not* a local IPThis first is caused by an off-by-one error. 'soffset' points to the next
free slot and so we only need to have 'soffset + 7
Signed-off-by: David S. Miller -
can_ioctl is the only reason for struct proto to be non-const.
script/check-patch.pl suggests struct proto be const.Setting the reference to the common can_ioctl() in all CAN protocols directly
removes the need to make the struct proto writable in af_can.cSigned-off-by: Kurt Van Dijck
Signed-off-by: Oliver Hartkopp
Signed-off-by: David S. Miller -
The code itself can explain what it is doing, no need these comments.
Signed-off-by: WANG Cong
Signed-off-by: David S. Miller -
Define some constant offsets for CALL_REQUEST based on the description
at and the
definition of ROSE as using 10-digit (5-byte) addresses. Use them
consistently. Validate all implicit and explicit facilities lengths.
Validate the address length byte rather than either trusting or
assuming its value.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
When parsing the FAC_NATIONAL_DIGIS facilities field, it's possible for
a remote host to provide more digipeaters than expected, resulting in
heap corruption. Check against ROSE_MAX_DIGIS to prevent overflows, and
abort facilities parsing on failure.Additionally, when parsing the FAC_CCITT_DEST_NSAP and
FAC_CCITT_SRC_NSAP facilities fields, a remote host can provide a length
of less than 10, resulting in an underflow in a memcpy size, causing a
kernel panic due to massive heap corruption. A length of greater than
20 results in a stack overflow of the callsign array. Abort facilities
parsing on these invalid length values.Signed-off-by: Dan Rosenberg
Cc: stable@kernel.org
Signed-off-by: David S. Miller -
Length fields provided by a peer for names and attributes may be longer
than the destination array sizes. Validate lengths to prevent stack
buffer overflows.Signed-off-by: Dan Rosenberg
Cc: stable@kernel.org
Signed-off-by: David S. Miller -
Invalid nicknames containing only spaces will result in an underflow in
a memcpy size calculation, subsequently destroying the heap and
panicking.v2 also catches the case where the provided nickname is longer than the
buffer size, which can result in controllable heap corruption.Signed-off-by: Dan Rosenberg
Cc: stable@kernel.org
Signed-off-by: David S. Miller -
We clone the child entry in skb_dst_pop before we call
skb_dst_drop(). Otherwise we might kill the child right
before we return it to the caller.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller -
Crypto requests might return asynchronous. In this case we leave
the rcu protected region, so force a refcount on the skb's
destination entry before we enter the xfrm type input/output
handlers.This fixes a crash when a route is deleted whilst sending IPsec
data that is transformed by an asynchronous algorithm.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller
27 Mar, 2011
1 commit
-
BUG: atomic_dec_and_test(): -1: atomic counter underflow at:
Pid: 2827, comm: mount.nfs Not tainted 2.6.38 #1
Call Trace:
[] ? put_rpccred+0x44/0x14e [sunrpc]
[] ? rpc_ping+0x4e/0x58 [sunrpc]
[] ? rpc_create+0x481/0x4fc [sunrpc]
[] ? rpcauth_lookup_credcache+0xab/0x22d [sunrpc]
[] ? nfs_create_rpc_client+0xa6/0xeb [nfs]
[] ? nfs4_set_client+0xc2/0x1f9 [nfs]
[] ? nfs4_create_server+0xf2/0x2a6 [nfs]
[] ? nfs4_remote_mount+0x4e/0x14a [nfs]
[] ? vfs_kern_mount+0x6e/0x133
[] ? nfs_do_root_mount+0x76/0x95 [nfs]
[] ? nfs4_try_mount+0x56/0xaf [nfs]
[] ? nfs_get_sb+0x435/0x73c [nfs]
[] ? vfs_kern_mount+0x99/0x133
[] ? do_kern_mount+0x48/0xd8
[] ? do_mount+0x6da/0x741
[] ? sys_mount+0x83/0xc0
[] ? system_call_fastpath+0x16/0x1bWell, so, I think this is real bug of nfs codes somewhere. With some
review, the coderpc_call_sync()
rpc_run_task
rpc_execute()
__rpc_execute()
rpc_release_task()
rpc_release_resources_task()
put_rpccred()
Signed-off-by: Trond Myklebust
26 Mar, 2011
3 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
route: Take the right src and dst addresses in ip_route_newports
ipv4: Fix nexthop caching wrt. scoping.
ipv4: Invalidate nexthop cache nh_saddr more correctly.
net: fix pch_gbe section mismatch warning
ipv4: fix fib metrics
mlx4_en: Removing HW info from ethtool -i report.
net_sched: fix THROTTLED/RUNNING race
drivers/net/a2065.c: Convert release_resource to release_region/release_mem_region
drivers/net/ariadne.c: Convert release_resource to release_region/release_mem_region
bonding: fix rx_handler locking
myri10ge: fix rmmod crash
mlx4_en: updated driver version to 1.5.4.1
mlx4_en: Using blue flame support
mlx4_core: reserve UARs for userspace consumers
mlx4_core: maintain available field in bitmap allocator
mlx4: Add blue flame support for kernel consumers
mlx4_en: Enabling new steering
mlx4: Add support for promiscuous mode in the new steering model.
mlx4: generalization of multicast steering.
mlx4_en: Reporting HW revision in ethtool -i
... -
The "ipv4: Inline fib_semantic_match into check_leaf"
change forgets to return the route errors. check_leaf should
return the same results as fib_table_lookup.Signed-off-by: Julian Anastasov
Signed-off-by: David S. Miller -
* 'nfs-for-2.6.39' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: (28 commits)
Cleanup XDR parsing for LAYOUTGET, GETDEVICEINFO
NFSv4.1 convert layoutcommit sync to boolean
NFSv4.1 pnfs_layoutcommit_inode fixes
NFS: Determine initial mount security
NFS: use secinfo when crossing mountpoints
NFS: Add secinfo procedure
NFS: lookup supports alternate client
NFS: convert call_sync() to a function
NFSv4.1 remove temp code that prevented ds commits
NFSv4.1: layoutcommit
NFSv4.1: filelayout driver specific code for COMMIT
NFSv4.1: remove GETATTR from ds commits
NFSv4.1: add generic layer hooks for pnfs COMMIT
NFSv4.1: alloc and free commit_buckets
NFSv4.1: shift filelayout_free_lseg
NFSv4.1: pull out code from nfs_commit_release
NFSv4.1: pull error handling out of nfs_commit_list
NFSv4.1: add callback to nfs4_commit_done
NFSv4.1: rearrange nfs_commit_rpcsetup
NFSv4.1: don't send COMMIT to ds for data sync writes
...
25 Mar, 2011
6 commits
-
Move the scope value out of the fib alias entries and into fib_info,
so that we always use the correct scope when recomputing the nexthop
cached source address.Reported-by: Julian Anastasov
Signed-off-by: David S. Miller -
Any operation that:
1) Brings up an interface
2) Adds an IP address to an interface
3) Deletes an IP address from an interfacecan potentially invalidate the nh_saddr value, requiring
it to be recomputed.Perform the recomputation lazily using a generation ID.
Reported-by: Julian Anastasov
Signed-off-by: David S. Miller -
Alessandro Suardi reported that we could not change route metrics :
ip ro change default .... advmss 1400
This regression came with commit 9c150e82ac50 (Allocate fib metrics
dynamically). fib_metrics is no longer an array, but a pointer to an
array.Reported-by: Alessandro Suardi
Signed-off-by: Eric Dumazet
Tested-by: Alessandro Suardi
Signed-off-by: David S. Miller -
When sec= is not presented as a mount option,
we should attempt to determine what security flavor the
server is using.Signed-off-by: Bryan Schumaker
Signed-off-by: Trond Myklebust -
A submount may use different security than the parent
mount does. We should figure out what sec flavor the
submount uses at mount time.Signed-off-by: Bryan Schumaker
Signed-off-by: Trond Myklebust
24 Mar, 2011
5 commits
-
* 'for-2.6.39' of git://linux-nfs.org/~bfields/linux:
SUNRPC: Remove resource leak in svc_rdma_send_error()
nfsd: wrong index used in inner loop
nfsd4: fix comment and remove unused nfsd4_file fields
nfs41: make sure nfs server return right ca_maxresponsesize_cached
nfsd: fix compile error
svcrpc: fix bad argument in unix_domain_find
nfsd4: fix struct file leak
nfsd4: minor nfs4state.c reshuffling
svcrpc: fix rare race on unix_domain creation
nfsd41: modify the members value of nfsd4_op_flags
nfsd: add proc file listing kernel's gss_krb5 enctypes
gss:krb5 only include enctype numbers in gm_upcall_enctypes
NFSD, VFS: Remove dead code in nfsd_rename()
nfsd: kill unused macro definition
locks: use assign_type() -
As a preparation for removing ext2 non-atomic bit operations from
asm/bitops.h. This converts ext2 non-atomic bit operations to
little-endian bit operations.Signed-off-by: Akinobu Mita
Cc: Andy Grover
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
asm-generic/bitops/le.h is only intended to be included directly from
asm-generic/bitops/ext2-non-atomic.h or asm-generic/bitops/minix-le.h
which implements generic ext2 or minix bit operations.This stops including asm-generic/bitops/le.h directly and use ext2
non-atomic bit operations instead.It seems odd to use ext2_*_bit() on rds, but it will replaced with
__{set,clear,test}_bit_le() after introducing little endian bit operations
for all architectures. This indirect step is necessary to maintain
bisectability for some architectures which have their own little-endian
bit operations.Signed-off-by: Akinobu Mita
Cc: Andy Grover
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
commit 2c8cec5c10bc (Cache learned PMTU information in inetpeer) added
an extra inet_putpeer() call in ip_rt_update_pmtu().This results in various problems, since we can free one inetpeer, while
it is still in use.Ref: http://www.spinics.net/lists/netdev/msg159121.html
Reported-by: Alexander Beregalov
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
In commit 9435eb1cf0b76b323019cebf8d16762a50a12a19
("ipv4: Implement __ip_dev_find using new interface address hash.")
we reimplemented __ip_dev_find() so that it doesn't have to
do a full FIB table lookup.Instead, it consults a hash table of addresses configured to
interfaces.This works identically to the old code in all except one case,
and that is for loopback subnets.The old code would match the loopback device for any IP address
that falls within a subnet configured to the loopback device.Handle this corner case by doing the FIB lookup.
We could implement this via inet_addr_onlink() but:
1) Someone could configure many addresses to loopback and
inet_addr_onlink() is a simple list traversal.2) We know the old code works.
Reported-by: Julian Anastasov
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller
23 Mar, 2011
7 commits
-
Signed-off-by: David S. Miller
-
In the current undo logic, cwnd is moderated after it was restored
to the value prior entering fast-recovery. It was moderated first
in tcp_try_undo_recovery then again in tcp_complete_cwr.Since the undo indicates recovery was false, these moderations
are not necessary. If the undo is triggered when most of the
outstanding data have been acknowledged, the (restored) cwnd is
falsely pulled down to a small value.This patch removes these cwnd moderations if cwnd is undone
a) during fast-recovery
b) by receiving DSACKs past fast-recoverySigned-off-by: Yuchung Cheng
Signed-off-by: David S. Miller -
The ipv6_dev_get_saddr() is currently called with an uninitialized
destination address. Although in tests it usually seemed to nevertheless
always fetch the right source address, there seems to be a possible race
condition.Therefore this commit changes this, first setting the destination
address and only after that fetching the source address.Reported-by: Jan Beulich
Signed-off-by: Linus Lüssing
Signed-off-by: David S. Miller -
This avoids explicit cast to avoid 'discards qualifiers'
compiler warning in a netfilter patch that i've been working on.Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller -
ksoftirqd, kworker, migration, and pktgend kthreads can be created with
kthread_create_on_node(), to get proper NUMA affinities for their stack and
task_struct.Signed-off-by: Eric Dumazet
Acked-by: David S. Miller
Reviewed-by: Andi Kleen
Acked-by: Rusty Russell
Acked-by: Tejun Heo
Cc: Tony Luck
Cc: Fenghua Yu
Cc: David Howells
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
[net/9p]: Introduce basic flow-control for VirtIO transport.
9p: use the updated offset given by generic_write_checks
[net/9p] Don't re-pin pages on retrying virtqueue_add_buf().
[net/9p] Set the condition just before waking up.
[net/9p] unconditional wake_up to proc waiting for space on VirtIO ring
fs/9p: Add v9fs_dentry2v9ses
fs/9p: Attach writeback_fid on first open with WR flag
fs/9p: Open writeback fid in O_SYNC mode
fs/9p: Use truncate_setsize instead of vmtruncate
net/9p: Fix compile warning
net/9p: Convert the in the 9p rpc call path to GFP_NOFS
fs/9p: Fix race in initializing writeback fid -
* git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
rbd: use watch/notify for changes in rbd header
libceph: add lingering request and watch/notify event framework
rbd: update email address in Documentation
ceph: rename dentry_release -> d_release, fix comment
ceph: add request to the tail of unsafe write list
ceph: remove request from unsafe list if it is canceled/timed out
ceph: move readahead default to fs/ceph from libceph
ceph: add ino32 mount option
ceph: update common header files
ceph: remove debugfs debug cruft
libceph: fix osd request queuing on osdmap updates
ceph: preserve I_COMPLETE across rename
libceph: Fix base64-decoding when input ends in newline.
