07 Dec, 2011
2 commits
-
On a CONFIG_NET=y build
net/core/secure_seq.c:22: warning: 'seq_scale' defined but not
usedSigned-off-by: Stephen Boyd
Signed-off-by: David S. Miller -
Since commit c5ed63d66f24(tcp: fix three tcp sysctls tuning),
sysctl_max_syn_backlog is determined by tcp_hashinfo->ehash_mask,
and the minimal value is 128, and it will increase in proportion to the
memory of machine.
The original description for tcp_max_syn_backlog and sysctl_max_syn_backlog
are out of date.Changelog:
V2: update description for sysctl_max_syn_backlogSigned-off-by: Weiping Pan
Reviewed-by: Shan Wei
Acked-by: Neil Horman
Signed-off-by: David S. Miller
06 Dec, 2011
3 commits
-
If ipv4_valdiate_peer() fails during a cached entry lookup,
we'll NULL derer since the loop iterator assumes rth is not
NULL.Letting this be handled as a failure is just bogus, so just make it
not fail. If we have trouble getting a non-NULL neighbour for the
redirected gateway, just restore the original gateway and continue.The very next use of this cached route will try again.
Reported-by: Dan Carpenter
Signed-off-by: David S. Miller -
…wireless into for-davem
03 Dec, 2011
1 commit
-
__mkroute_output fails to work with the original tos
and uses value with stripped RTO_ONLINK bit. Make sure we put
the original TOS bits into rt_key_tos because it used to match
cached route.Signed-off-by: Julian Anastasov
Signed-off-by: David S. Miller
02 Dec, 2011
7 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (73 commits)
netfilter: Remove ADVANCED dependency from NF_CONNTRACK_NETBIOS_NS
ipv4: flush route cache after change accept_local
sch_red: fix red_change
Revert "udp: remove redundant variable"
bridge: master device stuck in no-carrier state forever when in user-stp mode
ipv4: Perform peer validation on cached route lookup.
net/core: fix rollback handler in register_netdevice_notifier
sch_red: fix red_calc_qavg_from_idle_time
bonding: only use primary address for ARP
ipv4: fix lockdep splat in rt_cache_seq_show
sch_teql: fix lockdep splat
net: fec: Select the FEC driver by default for i.MX SoCs
isdn: avoid copying too long drvid
isdn: make sure strings are null terminated
netlabel: Fix build problems when IPv6 is not enabled
sctp: better integer overflow check in sctp_auth_create_key()
sctp: integer overflow in sctp_auth_create_key()
ipv6: Set mcast_hops to IPV6_DEFAULT_MCASTHOPS when -1 was given.
net: Fix corruption in /proc/*/net/dev_mcast
mac80211: fix race between the AGG SM and the Tx data path
... -
firewalld in Fedora 16 needs this.
Signed-off-by: David S. Miller
-
After reset ipv4_devconf->data[IPV4_DEVCONF_ACCEPT_LOCAL] to 0,
we should flush route cache, or it will continue receive packets with local
source address, which should be dropped.Signed-off-by: Weiping Pan
Signed-off-by: David S. Miller -
Le mercredi 30 novembre 2011 à 14:36 -0800, Stephen Hemminger a écrit :
> (Almost) nobody uses RED because they can't figure it out.
> According to Wikipedia, VJ says that:
> "there are not one, but two bugs in classic RED."RED is useful for high throughput routers, I doubt many linux machines
act as such devices.I was considering adding Adaptative RED (Sally Floyd, Ramakrishna
Gummadi, Scott Shender), August 2001In this version, maxp is dynamic (from 1% to 50%), and user only have to
setup min_th (target average queue size)
(max_th and wq (burst in linux RED) are automatically setup)By the way it seems we have a small bug in red_change()
if (skb_queue_empty(&sch->q))
red_end_of_idle_period(&q->parms);First, if queue is empty, we should call
red_start_of_idle_period(&q->parms);Second, since we dont use anymore sch->q, but q->qdisc, the test is
meaningless.Oh well...
[PATCH] sch_red: fix red_change()
Now RED is classful, we must check q->qdisc->q.qlen, and if queue is empty,
we start an idle period, not end it.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
This reverts commit 81d54ec8479a2c695760da81f05b5a9fb2dbe40a.
If we take the "try_again" goto, due to a checksum error,
the 'len' has already been truncated. So we won't compute
the same values as the original code did.Reported-by: paul bilke
Signed-off-by: David S. Miller -
When in user-stp mode, bridge master do not follow state of its slaves, so
after the following sequence of events it can stuck forever in no-carrier
state:
1) turn stp off
2) put all slaves down - master device will follow their state and also go in
no-carrier state
3) turn stp on with bridge-stp script returning 0 (go to the user-stp mode)
Now bridge master won't follow slaves' state and will never reach running
state.This patch solves the problem by making user-stp and kernel-stp behavior
similar regarding master following slaves' states.Signed-off-by: Vitalii Demianets
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Otherwise we won't notice the peer GENID change.
Reported-by: Steffen Klassert
Signed-off-by: David S. Miller
01 Dec, 2011
8 commits
-
This reverts commit f785d83a19bca326f79d127a413e35769afc0105.
This was provoking WARNINGs from the iwlegacy drivers.
Signed-off-by: John W. Linville
-
Within nested statements, the break statement terminates only the
do, for, switch, or while statement that immediately encloses it,
So replace the break with goto.Signed-off-by: RongQing.Li
Signed-off-by: David S. Miller -
After commit f2c31e32b378 (fix NULL dereferences in check_peer_redir()),
dst_get_neighbour() should be guarded by rcu_read_lock() /
rcu_read_unlock() section.Reported-by: Miles Lane
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
We need rcu_read_lock() protection before using dst_get_neighbour(), and
we must cache its value (pass it to __teql_resolve())teql_master_xmit() is called under rcu_read_lock_bh() protection, its
not enough.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
The rates bitmap for internal scan requests shoud be filled,
otherwise there will be probe requests with zero rates supported.Signed-off-by: Simon Wunderlich
Signed-off-by: Mathias Kretschmer
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville -
Johannes' patch for "cfg80211: fix regulatory NULL dereference"
broke user regulaotry hints and it did not address the fact that
last_request was left populated even if the previous regulatory
hint was stale due to the wiphy disappearing.Fix user reguluatory hints by only bailing out if for those
regulatory hints where a request_wiphy is expected. The stale last_request
considerations are addressed through the previous fixes on last_request
where we reset the last_request to a static world regdom request upon
reset_regdomains(). In this case though we further enhance the effect
by simply restoring reguluatory settings completely.Cc: stable@vger.kernel.org
Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
There is a theoretical race that if hit will trigger
a crash. The race is between when we issue the first
regulatory hint, regulatory_hint_core(), gets processed
by the workqueue and between when the first device
gets registered to the wireless core. This is not easy
to reproduce but it was easy to do so through the
regulatory simulator I have been working on. This
is a port of the fix I implemented there [1].[1] https://github.com/mcgrof/regsim/commit/a246ccf81f059cb662eee288aa13100f631e4cc8
Cc: stable@vger.kernel.org
Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
…wireless into for-davem
30 Nov, 2011
2 commits
-
A recent fix to the the NetLabel code caused build problem with
configurations that did not have IPv6 enabled; see below:netlabel_kapi.c: In function 'netlbl_cfg_unlbl_map_add':
netlabel_kapi.c:165:4:
error: implicit declaration of function 'netlbl_af6list_add'This patch fixes this problem by making the IPv6 specific code conditional
on the IPv6 configuration flags as we done in the rest of NetLabel and the
network stack as a whole. We have to move some variable declarations
around as a result so things may not be quite as pretty, but at least it
builds cleanly now.Some additional IPv6 conditionals were added to the NetLabel code as well
for the sake of consistency.Reported-by: Randy Dunlap
Signed-off-by: Paul Moore
Acked-by: Randy Dunlap
Signed-off-by: David S. Miller -
The check from commit 30c2235c is incomplete and cannot prevent
cases like key_len = 0x80000000 (INT_MAX + 1). In that case, the
left-hand side of the check (INT_MAX - key_len), which is unsigned,
becomes 0xffffffff (UINT_MAX) and bypasses the check.However this shouldn't be a security issue. The function is called
from the following two code paths:1) setsockopt()
2) sctp_auth_asoc_set_secret()
In case (1), sca_keylength is never going to exceed 65535 since it's
bounded by a u16 from the user API. As such, the key length will
never overflow.In case (2), sca_keylength is computed based on the user key (1 short)
and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
will not overflow.In other words, this overflow check is not really necessary. Just
make it more correct.Signed-off-by: Xi Wang
Cc: Vlad Yasevich
Signed-off-by: David S. Miller
29 Nov, 2011
7 commits
-
We need to set np->mcast_hops to it's default value at this moment
otherwise when we use it and found it's value is -1, the logic to
get default hop limit doesn't take multicast into account and will
return wrong hop limit(IPV6_DEFAULT_HOPLIMIT) which is for unicast.Signed-off-by: Li Wei
Signed-off-by: David S. Miller -
I just hit this during my testing. Isn't there another bug lurking?
BUG kmalloc-8: Redzone overwritten
INFO: 0xc0000000de9dec48-0xc0000000de9dec4b. First byte 0x0 instead of 0xcc
INFO: Allocated in .__seq_open_private+0x30/0xa0 age=0 cpu=5 pid=3896
.__kmalloc+0x1e0/0x2d0
.__seq_open_private+0x30/0xa0
.seq_open_net+0x60/0xe0
.dev_mc_seq_open+0x4c/0x70
.proc_reg_open+0xd8/0x260
.__dentry_open.clone.11+0x2b8/0x400
.do_last+0xf4/0x950
.path_openat+0xf8/0x480
.do_filp_open+0x48/0xc0
.do_sys_open+0x140/0x250
syscall_exit+0x0/0x40dev_mc_seq_ops uses dev_seq_start/next/stop but only allocates
sizeof(struct seq_net_private) of private data, whereas it expects
sizeof(struct dev_iter_state):struct dev_iter_state {
struct seq_net_private p;
unsigned int pos; /* bucket << BUCKET_SPACE + offset */
};Create dev_seq_open_ops and use it so we don't have to expose
struct dev_iter_state.[ Problem added by commit f04565ddf52e4 (dev: use name hash for
dev_seq_ops) -Eric ]Signed-off-by: Anton Blanchard
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
When a packet is supposed to sent be as an a-MPDU, mac80211 sets
IEEE80211_TX_CTL_AMPDU to let the driver know. On the other
hand, mac80211 configures the driver for aggregration with the
ampdu_action callback.
There is race between these two mechanisms since the following
scenario can occur when the BA agreement is torn down:Tx softIRQ drv configuration
========== =================check OPERATIONAL bit
Set the TX_CTL_AMPDU bit in the packetclear OPERATIONAL bit
stop Tx AGG
Pass Tx packet to the driver.In that case the driver would get a packet with TX_CTL_AMPDU set
although it has already been notified that the BA session has been
torn down.To fix this, we need to synchronize all the Qdisc activity after we
cleared the OPERATIONAL bit. After that step, all the following
packets will be buffered until the driver reports it is ready to get
new packets for this RA / TID. This buffering allows not to run into
another race that would send packets with TX_CTL_AMPDU unset while
the driver hasn't been requested to tear down the BA session yet.This race occurs in practice and iwlwifi complains with a WARN_ON
when it happens.Cc: stable@kernel.org
Signed-off-by: Emmanuel Grumbach
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
If addBA responses comes in just after addba_resp_timer has
expired mac80211 will still accept it and try to open the
aggregation session. This causes drivers to be confused and
in some cases even crash.This patch fixes the race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer
accepted and we do not try to open half-closed session.Cc: stable@vger.kernel.org
Signed-off-by: Nikolay Martynov
[some adjustments]
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Nikolay noticed (by code review) that mac80211 can
attempt to stop an aggregation session while it is
already being stopped. So to fix it, check whether
stop is already being done and bail out if so.Also move setting the STOPPING state into the lock
so things are properly atomic.Cc: stable@vger.kernel.org
Reported-by: Nikolay Martynov
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
MAC addresses have a fixed length. The current
policy allows passing < ETH_ALEN bytes, which
might result in reading beyond the buffer.Cc: stable@vger.kernel.org
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville
27 Nov, 2011
8 commits
-
Now inetpeer is the place where we cache redirect information for ipv4
destinations, we must be able to invalidate informations when a route is
added/removed on host.As inetpeer is not yet namespace aware, this patch adds a shared
redirect_genid, and a per inetpeer redirect_genid. This might be changed
later if inetpeer becomes ns aware.Cache information for one inerpeer is valid as long as its
redirect_genid has the same value than global redirect_genid.Reported-by: Arkadiusz Miśkiewicz
Tested-by: Arkadiusz Miśkiewicz
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
poll() call may be blocked by concurrent reading from the same stream
socket.Signed-off-by: Alexey Moiseytsev
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
When using l2tp over ipsec, the tunnel will hang when rekeying
occurs. Reason is that the transformer bundle attached to the dst entry
is now in STATE_DEAD and thus xfrm_output_one() drops all packets
(XfrmOutStateExpired increases).Fix this by calling __sk_dst_check (which drops the stale dst
if xfrm dst->check callback finds that the bundle is no longer valid).Cc: James Chapman
Signed-off-by: Florian Westphal
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we
dont access already freed/reused memory later.Reported-by: Sasha Levin
Signed-off-by: Eric Dumazet
Tested-by: Sasha Levin
Signed-off-by: David S. Miller -
The pmtu informations on the inetpeer are visible for output and
input routes. On packet forwarding, we might propagate a learned
pmtu to the sender. As we update the pmtu informations of the
inetpeer on demand, the original sender of the forwarded packets
might never notice when the pmtu to that inetpeer increases.
So use the mtu of the outgoing device on packet forwarding instead
of the pmtu to the final destination.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller -
We move all mtu handling from dst_mtu() down to the protocol
layer. So each protocol can implement the mtu handling in
a different manner.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller -
We plan to invoke the dst_opt->default_mtu() method unconditioally
from dst_mtu(). So rename the method to dst_opt->mtu() to match
the name with the new meaning.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller -
As it is, we return null as the default mtu of blackhole routes.
This may lead to a propagation of a bogus pmtu if the default_mtu
method of a blackhole route is invoked. So return dst->dev->mtu
as the default mtu instead.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller
26 Nov, 2011
1 commit
-
Skip entries from foreign network namespaces.
Signed-off-by: Jorge Boncompte [DTI2]
Signed-off-by: David S. Miller
25 Nov, 2011
1 commit
-
This was copy and pasted from the IPv4 code. We're calling the
ip4 version of that function and map4 is NULL.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
