23 Nov, 2011
1 commit
-
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFS: Revert pnfs ugliness from the generic NFS read code path
SUNRPC: destroy freshly allocated transport in case of sockaddr init error
NFS: Fix a regression in the referral code
nfs: move nfs_file_operations declaration to bottom of file.c (try #2)
nfs: when attempting to open a directory, fall back on normal lookup (try #5)
22 Nov, 2011
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
libceph: Allocate larger oid buffer in request msgs
ceph: initialize root dentry
ceph: fix iput race when queueing inode work
19 Nov, 2011
2 commits
-
commit f39925dbde77 (ipv4: Cache learned redirect information in
inetpeer.) introduced a regression in ICMP redirect handling.It assumed ipv4_dst_check() would be called because all possible routes
were attached to the inetpeer we modify in ip_rt_redirect(), but thats
not true.commit 7cc9150ebe (route: fix ICMP redirect validation) tried to fix
this but solution was not complete. (It fixed only one route)So we must lookup existing routes (including different TOS values) and
call check_peer_redir() on them.Reported-by: Ivan Zahariev
Signed-off-by: Eric Dumazet
CC: Flavio Leitner
Signed-off-by: David S. Miller -
ping module incorrectly increments ICMP_MIB_INERRORS if feeded with a
frame not belonging to its own sockets.RFC 2011 states that ICMP_MIB_INERRORS should count "the number of ICMP
messages which the entiry received but determined as having
ICMP-specific errors (bad ICMP checksums, bad length, etc.)."Signed-off-by: Eric Dumazet
CC: Vasiliy Kulikov
Acked-by: Flavio Leitner
Acked-by: Vasiliy Kulikov
Signed-off-by: David S. Miller
17 Nov, 2011
2 commits
-
Bridge multicast snooping of ICMPv6 would incorrectly report a checksum problem
when used with Ethernet devices like sky2 that use CHECKSUM_COMPLETE.
When bytes are removed from skb, the computed checksum needs to be adjusted.Signed-off-by: Stephen Hemminger
Tested-by: Martin Volf
Signed-off-by: David S. Miller -
Simon Kirby reported divides by zero errors in __tcp_select_window()
This happens when inet_csk_route_child_sock() returns a NULL pointer :
We free new socket while we eventually armed keepalive timer in
tcp_create_openreq_child()Fix this by a call to tcp_clear_xmit_timers()
[ This is a followup to commit 918eb39962dff (net: add missing
bh_unlock_sock() calls) ]Reported-by: Simon Kirby
Signed-off-by: Eric Dumazet
Tested-by: Simon Kirby
Signed-off-by: David S. Miller
15 Nov, 2011
2 commits
-
Signed-off-by: Jesper Juhl
Signed-off-by: David S. Miller
14 Nov, 2011
5 commits
-
commit 3ceca749668a52bd795585e0f71c6f0b04814f7b added a TOS attribute.
Unfortunately TOS and TCLASS are both present in a dual-stack v6 socket,
furthermore they can have different values. As such one cannot in a
sane way expose both through a single attribute.Signed-off-by: Maciej Żenczyowski
CC: Murali Raja
CC: Stephen Hemminger
CC: Eric Dumazet
CC: David S. Miller
Signed-off-by: David S. Miller -
multicast_lock is taken in softirq context, so we should use
spin_lock_bh() in userspace.call-chain in softirq context:
run_timer_softirq()
br_multicast_query_expired()call-chain in userspace:
sysfs_write_file()
store_multicast_snooping()
br_multicast_toggle()Signed-off-by: Andrew Vagin
Signed-off-by: David S. Miller -
Commit 1c5cae815d removed an explicit call to dev_alloc_name in ip6_tnl_create
because register_netdevice will now create a valid name. This works for the
net_device itself.However the tunnel keeps a copy of the name in the parms structure for the
ip6_tnl associated with the tunnel. parms.name is set by copying the net_device
name in ip6_tnl_dev_init_gen. That function is called from ip6_tnl_dev_init in
ip6_tnl_create, but it is done before register_netdevice is called so the name
is set to a bogus value in the parms.name structure.This shows up if you do a simple tunnel add, followed by a tunnel show:
[root@localhost ~]# ip -6 tunnel add remote fec0::100 local fec0::200
[root@localhost ~]# ip -6 tunnel show
ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit 0 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
ip6tnl%d: ipv6/ipv6 remote fec0::100 local fec0::200 encaplimit 4 hoplimit 64 tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
[root@localhost ~]#Fix this by moving the strcpy out of ip6_tnl_dev_init_gen, and calling it after
register_netdevice has successfully returned.Cc: stable@vger.kernel.org
Signed-off-by: Josh Boyer
Signed-off-by: David S. Miller -
Commit 1bc144b625 ("net, rds, Replace xlist in net/rds/xlist.h with
llist") added "select LLIST" to the RDS_RDMA Kconfig entry. But there is
no Kconfig symbol named LLIST. The select statement for that symbol is a
nop. Drop it.lib/llist.o is builtin, so all that's needed to use the llist
functionality is to include linux/llist.h, which this commit also did.Signed-off-by: Paul Bolle
Signed-off-by: David S. Miller -
We test for 'tx_ring' being != zero and BUG() if that's the case. So after
that check there is no way that 'tx_ring' could be anything _but_ zero, so
testing it again is just dead code. Once that dead code is removed, the
'pkc' local variable becomes entirely redundant, so remove that as well.Signed-off-by: Jesper Juhl
Signed-off-by: David S. Miller
13 Nov, 2011
1 commit
-
When the ahash driver returns -EBUSY, AH4/6 input functions return
NET_XMIT_DROP, presumably copied from the output code path. But
returning transmit codes on input doesn't make a lot of sense.
Since NET_XMIT_DROP is a positive int, this gets interpreted as
the next header type (i.e., success). As that can only end badly,
remove the check.Signed-off-by: Nick Bowler
Signed-off-by: David S. Miller
12 Nov, 2011
2 commits
-
ceph_osd_request struct allocates a 40-byte buffer for object names.
RBD image names can be up to 96 chars long (100 with the .rbd suffix),
which results in the object name for the image being truncated, and a
subsequent map failure.Increase the oid buffer in request messages, in order to avoid the
truncation.Signed-off-by: Stratos Psomadakis
Signed-off-by: Sage Weil -
…wireless into for-davem
11 Nov, 2011
1 commit
-
Otherwise we will leak xprt structure and struct net reference.
Signed-off-by: Stanislav Kinsbursky
Signed-off-by: Trond Myklebust
10 Nov, 2011
9 commits
-
When opt->srr_is_hit is set skb_rtable(skb) has been updated for
'nexthop' and iph->daddr should always equals to skb_rtable->rt_dst
holds, We need update iph->daddr either.Signed-off-by: Li Wei
Signed-off-by: David S. Miller -
The AH4/6 ahash input callbacks read out the nexthdr field from the AH
header *after* they overwrite that header. This is obviously not going
to end well. Fix it up.Signed-off-by: Nick Bowler
Signed-off-by: David S. Miller -
The AH4/6 ahash output callbacks pass nexthdr to xfrm_output_resume
instead of the error code. This appears to be a copy+paste error from
the input case, where nexthdr is expected. This causes the driver to
continuously add AH headers to the datagram until either an allocation
fails and the packet is dropped or the ahash driver hits a synchronous
fallback and the resulting monstrosity is transmitted.Correct this issue by simply passing the error code unadulterated.
Signed-off-by: Nick Bowler
Signed-off-by: David S. Miller -
When the connection monitor timer fires right before
suspend, the following will happen:
timer fires -> monitor_work gets queued
suspend calls ieee80211_sta_quiesce
ieee80211_sta_quiesce:
- deletes timer
- cancels monitor_work synchronously, running it
[note wrong order of these steps]
monitor_work runs, re-arming the timer
later, timer fires while system should be quiescedThis causes a warning:
WARNING: at net/mac80211/util.c:540 ieee80211_can_queue_work+0x35/0x40 [mac80211]()
but is otherwise harmless. I'm not completely sure
this is the scenario Thomas stumbled across, but it
is the only way I can right now see the warning in
a scenario like the one he reported.Reported-by: Thomas Meyer
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Commit 4d9d88d1 by Scott James Remnant added
the .uevent() callback for the regulatory device used during
the platform device registration. The change was done to account
for queuing up udev change requests through udevadm triggers.
The change also meant that upon regulatory core exit we will now
send a uevent() but the uevent() callback, reg_device_uevent(),
also accessed last_request. Right before commiting device suicide
we free'd last_request but never set it to NULL so
platform_device_unregister() would lead to bogus kernel paging
request. Fix this and also simply supress uevents right before
we commit suicide as they are pointless.This fix is required for kernels >= v2.6.39
$ git describe --contains 4d9d88d1
v2.6.39-rc1~468^2~25^2^2~21The impact of not having this present is that a bogus paging
access may occur (only read) upon cfg80211 unload time. You
may also get this BUG complaint below. Although Johannes
could not reproduce the issue this fix is theoretically correct.mac80211_hwsim: unregister radios
mac80211_hwsim: closing netlink
BUG: unable to handle kernel paging request at ffff88001a06b5ab
IP: [] reg_device_uevent+0x1a/0x50 [cfg80211]
PGD 1836063 PUD 183a063 PMD 1ffcb067 PTE 1a06b160
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: cfg80211(-) [last unloaded: mac80211]Pid: 2279, comm: rmmod Tainted: G W 3.1.0-wl+ #663 Bochs Bochs
RIP: 0010:[] [] reg_device_uevent+0x1a/0x50 [cfg80211]
RSP: 0000:ffff88001c5f9d58 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88001d2eda88 RCX: ffff88001c7468fc
RDX: ffff88001a06b5a0 RSI: ffff88001c7467b0 RDI: ffff88001c7467b0
RBP: ffff88001c5f9d58 R08: 000000000000ffff R09: 000000000000ffff
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88001c7467b0
R13: ffff88001d2eda78 R14: ffffffff8164a840 R15: 0000000000000001
FS: 00007f8a91d8a6e0(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff88001a06b5ab CR3: 000000001c62e000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process rmmod (pid: 2279, threadinfo ffff88001c5f8000, task ffff88000023c780)
Stack:
ffff88001c5f9d98 ffffffff812ff7e5 ffffffff8176ab3d ffff88001c7468c2
000000000000ffff ffff88001d2eda88 ffff88001c7467b0 ffff880000114820
ffff88001c5f9e38 ffffffff81241dc7 ffff88001c5f9db8 ffffffff81040189
Call Trace:
[] dev_uevent+0xc5/0x170
[] kobject_uevent_env+0x1f7/0x490
[] ? sub_preempt_count+0x29/0x60
[] ? _raw_spin_unlock_irqrestore+0x4a/0x90
[] ? devres_release_all+0x27/0x60
[] kobject_uevent+0xb/0x10
[] device_del+0x157/0x1b0
[] platform_device_del+0x1d/0x90
[] platform_device_unregister+0x16/0x30
[] regulatory_exit+0x5d/0x180 [cfg80211]
[] cfg80211_exit+0x2b/0x45 [cfg80211]
[] sys_delete_module+0x16c/0x220
[] ? trace_hardirqs_on_caller+0x7e/0x120
[] system_call_fastpath+0x16/0x1b
Code:
RIP [] reg_device_uevent+0x1a/0x50 [cfg80211]
RSP
CR2: ffff88001a06b5ab
---[ end trace 147c5099a411e8c0 ]---Reported-by: Johannes Berg
Cc: Scott James Remnant
Cc: stable@vger.kernel.org
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville -
ieee80211_probereq_get() can return NULL in
which case we should clean up & return NULL
in ieee80211_build_probe_req() as well.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
When receiving failed PLCP frames is enabled, there
won't be a rate pointer when we add the radiotap
header and thus the kernel will crash. Fix this by
not assuming the rate pointer is always valid. It's
still always valid for frames that have good PLCP
though, and that is checked & enforced.This was broken by my
commit fc88518916793af8ad6a02e05ff254d95c36d875
Author: Johannes Berg
Date: Fri Jul 30 13:23:12 2010 +0200mac80211: don't check rates on PLCP error frames
where I removed the check in this case but didn't
take into account that the rate info would be used.Reported-by: Xiaokang Qin
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
…ireless into for-davem
09 Nov, 2011
5 commits
-
As we update the learned pmtu informations on demand, we might
report a nagative expiration time value to userspace if the
pmtu informations are already expired and we have not send a
packet to that inetpeer after expiration. With this patch we
send a expire time of null to userspace after expiration
until the next packet is send to that inetpeer.Signed-off-by: Steffen Klassert
Signed-off-by: David S. Miller -
TCP_NODELAY is weaker than TCP_CORK, when TCP_CORK was set, small
segments will always pass Nagle test regardless of TCP_NODELAY option.Signed-off-by: Feng King
Signed-off-by: David S. Miller -
pskb_may_pull() can change skb->data, so we have to load ptr/optr at the
right place.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
RFC 4291 Section 2.7 says Multicast addresses must not be used as source
addresses in IPv6 packets - drop them on input so we don't process the
packet further.Signed-off-by: Brian Haley
Reported-and-Tested-by: Kumar Sanghvi
Signed-off-by: David S. Miller
08 Nov, 2011
9 commits
-
Timers set by __set_chan_timer() should use miliseconds instead of
jiffies. Commit 942ecc9c4643db5ce071562e0a23f99464d6b461 updated
l2cap_set_timer() so it expects timeout to be specified in msecs
instead of jiffies. This makes timeouts unreliable when CONFIG_HZ
is not set to 1000.Signed-off-by: Andrzej Kaczmarek
Signed-off-by: Gustavo F. Padovan -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
forcedeth: fix a few sparse warnings (variable shadowing)
forcedeth: Improve stats counters
forcedeth: remove unneeded stats updates
forcedeth: Acknowledge only interrupts that are being processed
forcedeth: fix race when unloading module
MAINTAINERS/rds: update maintainer
wanrouter: Remove kernel_lock annotations
usbnet: fix oops in usbnet_start_xmit
ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined
etherh: Add MAINTAINERS entry for etherh
bonding: comparing a u8 with -1 is always false
sky2: fix regression on Yukon Optima
netlink: clarify attribute length check documentation
netlink: validate NLA_MSECS length
i825xx:xscale:8390:freescale: Fix Kconfig dependancies
macvlan: receive multicast with local address
tg3: Update version to 3.121
tg3: Eliminate timer race with reset_task
tg3: Schedule at most one tg3_reset_task run
tg3: Obtain PCI function number from device
... -
This reverts commit 330605423ca6eafafb8dcc27502bce1c585d1b06.
The commit introduces regression when two 2.1 devices attempt
establish rfcomm channel. Such connection is refused since there's
a security block issue on l2cap. It means the link is unencrypted.2011-09-16 18:08:46.567616 < ACL data: handle 1 flags 0x00 dlen 24
0000: 14 00 40 00 06 00 02 00 0f 35 03 19 12 00 ff ff
..@......5....˙˙
0010: 35 05 0a 00 00 ff ff 00 5....˙˙.
2011-09-16 18:08:46.572377 > HCI Event: Number of Completed Packets
(0x13) plen 5
handle 1 packets 1
2011-09-16 18:08:46.577931 > ACL data: handle 1 flags 0x02 dlen 88
L2CAP(d): cid 0x0040 len 84 [psm 0]
0000: 07 00 02 00 4f 00 4c 35 4a 35 48 09 00 00 0a 00
....O.L5J5H.....
0010: 01 00 00 09 00 01 35 03 19 12 00 09 00 05 35 03
......5.......5.
0020: 19 10 02 09 00 09 35 08 35 06 19 12 00 09 01 02
......5.5.......
0030: 09 02 00 09 01 02 09 02 01 09 00 0a 09 02 02 09
................
0040: 00 00 09 02 03 09 00 00 09 02 04 28 01 09 02 05
...........(....
0050: 09 00 02 00 ....
2011-09-16 18:08:46.626057 < HCI Command: Authentication Requested
(0x01|0x0011) plen 2
handle 1
2011-09-16 18:08:46.627614 > HCI Event: Command Status (0x0f) plen 4
Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
2011-09-16 18:08:46.627675 > HCI Event: Link Key Request (0x17) plen 6
bdaddr 00:00:F2:6A:29:69
2011-09-16 18:08:46.634999 < HCI Command: Link Key Request Reply
(0x01|0x000b) plen 22
bdaddr 00:00:F2:6A:29:69 key 58CD393179FC902E5E8F512A855EE532
2011-09-16 18:08:46.683278 > HCI Event: Command Complete (0x0e) plen 10
Link Key Request Reply (0x01|0x000b) ncmd 1
status 0x00 bdaddr 00:00:F2:6A:29:69
2011-09-16 18:08:46.764729 > HCI Event: Auth Complete (0x06) plen 3
status 0x00 handle 1
2011-09-16 18:08:46.764821 < ACL data: handle 1 flags 0x00 dlen 12
0000: 08 00 01 00 02 05 04 00 03 00 41 00 ..........A.
2011-09-16 18:08:46.764851 > HCI Event: Command Status (0x0f) plen 4
Unknown (0x00|0x0000) status 0x00 ncmd 2
2011-09-16 18:08:46.768117 > HCI Event: Number of Completed Packets
(0x13) plen 5
handle 1 packets 1
2011-09-16 18:08:46.770894 > ACL data: handle 1 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0041 result 3 status 0
Connection refused - security block
2011-09-16 18:08:49.000691 < ACL data: handle 1 flags 0x00 dlen 12
0000: 08 00 01 00 06 06 04 00 40 00 40 00 ........@.@.
2011-09-16 18:08:49.015675 > HCI Event: Number of Completed Packets
(0x13) plen 5
handle 1 packets 1
2011-09-16 18:08:49.016927 > ACL data: handle 1 flags 0x02 dlen 12
L2CAP(s): Disconn rsp: dcid 0x0040 scid 0x0040
2011-09-16 18:08:51.009480 < HCI Command: Disconnect (0x01|0x0006) plen
3
handle 1 reason 0x13
Reason: Remote User Terminated Connection
2011-09-16 18:08:51.011525 > HCI Event: Command Status (0x0f) plen 4
Disconnect (0x01|0x0006) status 0x00 ncmd 1
2011-09-16 18:08:51.123494 > HCI Event: Disconn Complete (0x05) plen 4
status 0x00 handle 1 reason 0x16
Reason: Connection Terminated by Local HostSigned-off-by: Arek Lichwa
Signed-off-by: Gustavo F. Padovan -
The BKL is gone, these annotations are useless.
Signed-off-by: Richard Weinberger
Signed-off-by: David S. Miller -
Set IEEE80211_FCTL_MOREDATA bit also in case we have buffered
frames (more than one) only for one AC.Signed-off-by: Janusz Dziedzic
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville -
When comparing two items by IE, the sort order
wasn't stable, which could lead to issues in the
rbtree. Make it stable by making a missing IE
sort before a present IE.Also sort by length first if it differs and then
by contents.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
In other modes the parameters should not be set.
Right now, mac80211 will set them, even if the
user asked for setting them on VLANs which the
driver doesn't know about, causing all kinds of
trouble.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Since the NL80211_ATTR_HT_CAPABILITY attribute is
used as a struct, it needs a minimum, not maximum
length. Enforce that properly. Not doing so could
potentially lead to reading after the buffer.Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Some buggy APs (and even P2P_GO) don't advertise their
basic rates in the association response.In such case, use the min supported rate as the
basic rate.Reported-by: Pontus Fuchs
Signed-off-by: Eliad Peller
Signed-off-by: John W. Linville
