10 Dec, 2014
1 commit
-
Note that the code _using_ ->msg_iter at that point will be very
unhappy with anything other than unshifted iovec-backed iov_iter.
We still need to convert users to proper primitives.Signed-off-by: Al Viro
24 Nov, 2014
2 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
06 Nov, 2014
1 commit
-
This encapsulates all of the skb_copy_datagram_iovec() callers
with call argument signature "skb, offset, msghdr->msg_iov, length".When we move to iov_iters in the networking, the iov_iter object will
sit in the msghdr.Having a helper like this means there will be less places to touch
during that transformation.Based upon descriptions and patch from Al Viro.
Signed-off-by: David S. Miller
15 Oct, 2014
3 commits
-
parent cfusbl was used instead of first structure member 'layer'
Suggested-by: Joe Perches
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller -
Let MM subsystem display out of memory messages.
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller -
Also add blank line after declaration
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller
16 Jul, 2014
1 commit
-
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller
03 Jul, 2014
1 commit
-
based on checkpatch:
"debugfs_remove_recursive(NULL) is safe this check is probably not required"Cc: Dmitry Tarnyagin
Cc: "David S. Miller"
Cc: netdev@vger.kernel.org
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller
12 Apr, 2014
1 commit
-
Several spots in the kernel perform a sequence like:
skb_queue_tail(&sk->s_receive_queue, skb);
sk->sk_data_ready(sk, skb->len);But at the moment we place the SKB onto the socket receive queue it
can be consumed and freed up. So this skb->len access is potentially
to freed up memory.Furthermore, the skb->len can be modified by the consumer so it is
possible that the value isn't accurate.And finally, no actual implementation of this callback actually uses
the length argument. And since nobody actually cared about it's
value, lots of call sites pass arbitrary values in such as '0' and
even '1'.So just remove the length argument from the callback, that way there
is no confusion whatsoever and all of these use-after-free cases get
fixed as a side effect.Based upon a patch by Eric Dumazet and his suggestion to audit this
issue tree-wide.Signed-off-by: David S. Miller
10 Feb, 2014
2 commits
-
Include appropriate header file net/caif/caif_dev.h in caif/cfsrvl.c
because it has prototype declaration of functions defined in
caif/cfsrvl.c.This eliminates the following warning in caif/cfsrvl.c:
net/caif/cfsrvl.c:198:6: warning: no previous prototype for ‘caif_free_client’ [-Wmissing-prototypes]
net/caif/cfsrvl.c:208:6: warning: no previous prototype for ‘caif_client_register_refcnt’ [-Wmissing-prototypes]Signed-off-by: Rashika Kheria
Reviewed-by: Josh Triplett
Signed-off-by: David S. Miller -
Include appropriate header file net/caif/caif_dev.h in caif/caif_dev.c
because it has prototype declarations of function defined in
caif/caif_dev.c.This eliminates the following file in caif/caif_dev.c:
net/caif/caif_dev.c:303:6: warning: no previous prototype for ‘caif_enroll_dev’ [-Wmissing-prototypes]Signed-off-by: Rashika Kheria
Reviewed-by: Josh Triplett
Signed-off-by: David S. Miller
22 Jan, 2014
2 commits
-
Signed-off-by: David S. Miller
-
Use ether_addr_copy instead of memcpy(a, b, ETH_ALEN) to
save some cycles on arm and powerpc.Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
15 Jan, 2014
1 commit
-
The following call chains indicate that chnl_net_open() is under
rtnl_lock protection as __dev_open() is protected by rtnl_lock.
So if __dev_get_by_index() instead of dev_get_by_index() is used
to find interface handler in it, this would help us avoid to change
interface reference counter.__dev_open()
chnl_net_open()Cc: Dmitry Tarnyagin
Signed-off-by: Ying Xue
Signed-off-by: David S. Miller
21 Nov, 2013
1 commit
-
This patch now always passes msg->msg_namelen as 0. recvmsg handlers must
set msg_namelen to the proper size
Suggested-by: Eric Dumazet
Signed-off-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller
08 Nov, 2013
1 commit
-
Also remove the warning for fragmented packets -- skb_cow_data() will
linearize the buffer, removing all fragments.Signed-off-by: Mathias Krause
Cc: Dmitry Tarnyagin
Cc: "David S. Miller"
Signed-off-by: David S. Miller
06 Sep, 2013
1 commit
-
The indentation here implies this was meant to be a multi-line if.
Introduced several years back in commit c85c2951d4da1236e32f1858db418221e624aba5
("caif: Handle dev_queue_xmit errors.")Signed-off-by: Dave Jones
Signed-off-by: David S. Miller
29 May, 2013
1 commit
-
So far, only net_device * could be passed along with netdevice notifier
event. This patch provides a possibility to pass custom structure
able to provide info that event listener needs to know.Signed-off-by: Jiri Pirko
v2->v3: fix typo on simeth
shortened dev_getter
shortened notifier_info struct name
v1->v2: fix notifier_call parameter in call_netdevice_notifier()
Signed-off-by: David S. Miller
24 Apr, 2013
2 commits
-
cc: Daniel Martensson
Signed-off-by: Sjur Brændeland
Signed-off-by: David S. Miller -
Remove my soon bouncing email address.
Also remove the "Contact:" line in file header.
The MAINTAINERS file is a better place to find the
contact person anyway.Signed-off-by: Sjur Brændeland
Signed-off-by: David S. Miller
08 Apr, 2013
2 commits
-
Conflicts:
drivers/nfc/microread/mei.c
net/netfilter/nfnetlink_queue_core.cPull in 'net' to get Eric Biederman's AF_UNIX fix, upon which
some cleanups are going to go on-top.Signed-off-by: David S. Miller
-
The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about caif_seqpkt_recvmsg() not filling the msg_name in case it was
set.Cc: Sjur Braendeland
Signed-off-by: Mathias Krause
Signed-off-by: David S. Miller
08 Mar, 2013
1 commit
-
This lines up function arguments on second and subsequent lines at the
first column after the openning parenthesis of the first line.Signed-off-by: Silviu-Mihai Popescu
Signed-off-by: David S. Miller
05 Mar, 2013
1 commit
-
This fixes the following sparse warning:
net/caif/caif_usb.c:84:16: warning: symbol 'cfusbl_create' was not
declared. Should it be static?Signed-off-by: Silviu-Mihai Popescu
Signed-off-by: David S. Miller
03 Mar, 2013
1 commit
-
This fixed the following sparse warning:
net/caif/caif_dev.c:121:6: warning: symbol 'caif_flow_cb' was not
declared. Should it be static?Signed-off-by: Silviu-Mihai Popescu
Signed-off-by: David S. Miller
29 Jan, 2013
1 commit
-
Conflicts:
drivers/devfreq/exynos4_bus.cSync with Linus' tree to be able to apply patches that are
against newer code (mvneta).
09 Jan, 2013
1 commit
-
Correct spelling typo in printk within various drivers.
Signed-off-by: Masanari Iida
Signed-off-by: Jiri Kosina
09 Dec, 2012
2 commits
-
Use the device model to get just the name, rather than using the
ethtool API to get all driver information.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
In cfusbl_device_notify(), the usbnet and usbdev variables are
initialised before the driver name has been checked. In case the
device's driver is not cdc_ncm, this may result in reading beyond the
end of the netdev private area. Move the initialisation below the
driver name check.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller
21 Nov, 2012
1 commit
-
kfree on a null pointer is a no-op.
Signed-off-by: Sachin Kamat
Acked-by: Sjur Brændeland
Signed-off-by: David S. Miller
11 Sep, 2012
1 commit
-
The dereference should be moved below the NULL test.
spatch with a semantic match is used to found this.
(http://coccinelle.lip6.fr/)Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller
20 Aug, 2012
1 commit
-
In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer()
which may return NULL, but we do not check for a NULL pointer before
dereferencing it.
This patch adds such a NULL check and properly free's allocated memory
and return an error (-EINVAL) on failure - much better than crashing..Signed-off-by: Jesper Juhl
Acked-by: Sjur Brændeland
Signed-off-by: David S. Miller
01 Aug, 2012
1 commit
-
This patch series is based on top of "Swap-over-NBD without deadlocking
v15" as it depends on the same reservation of PF_MEMALLOC reserves logic.When a user or administrator requires swap for their application, they
create a swap partition and file, format it with mkswap and activate it
with swapon. In diskless systems this is not an option so if swap if
required then swapping over the network is considered. The two likely
scenarios are when blade servers are used as part of a cluster where the
form factor or maintenance costs do not allow the use of disks and thin
clients.The Linux Terminal Server Project recommends the use of the Network Block
Device (NBD) for swap but this is not always an option. There is no
guarantee that the network attached storage (NAS) device is running Linux
or supports NBD. However, it is likely that it supports NFS so there are
users that want support for swapping over NFS despite any performance
concern. Some distributions currently carry patches that support swapping
over NFS but it would be preferable to support it in the mainline kernel.Patch 1 avoids a stream-specific deadlock that potentially affects TCP.
Patch 2 is a small modification to SELinux to avoid using PFMEMALLOC
reserves.Patch 3 adds three helpers for filesystems to handle swap cache pages.
For example, page_file_mapping() returns page->mapping for
file-backed pages and the address_space of the underlying
swap file for swap cache pages.Patch 4 adds two address_space_operations to allow a filesystem
to pin all metadata relevant to a swapfile in memory. Upon
successful activation, the swapfile is marked SWP_FILE and
the address space operation ->direct_IO is used for writing
and ->readpage for reading in swap pages.Patch 5 notes that patch 3 is bolting
filesystem-specific-swapfile-support onto the side and that
the default handlers have different information to what
is available to the filesystem. This patch refactors the
code so that there are generic handlers for each of the new
address_space operations.Patch 6 adds an API to allow a vector of kernel addresses to be
translated to struct pages and pinned for IO.Patch 7 adds support for using highmem pages for swap by kmapping
the pages before calling the direct_IO handler.Patch 8 updates NFS to use the helpers from patch 3 where necessary.
Patch 9 avoids setting PF_private on PG_swapcache pages within NFS.
Patch 10 implements the new swapfile-related address_space operations
for NFS and teaches the direct IO handler how to manage
kernel addresses.Patch 11 prevents page allocator recursions in NFS by using GFP_NOIO
where appropriate.Patch 12 fixes a NULL pointer dereference that occurs when using
swap-over-NFS.With the patches applied, it is possible to mount a swapfile that is on an
NFS filesystem. Swap performance is not great with a swap stress test
taking roughly twice as long to complete than if the swap device was
backed by NBD.This patch: netvm: prevent a stream-specific deadlock
It could happen that all !SOCK_MEMALLOC sockets have buffered so much data
that we're over the global rmem limit. This will prevent SOCK_MEMALLOC
buffers from receiving data, which will prevent userspace from running,
which is needed to reduce the buffered data.Fix this by exempting the SOCK_MEMALLOC sockets from the rmem limit. Once
this change it applied, it is important that sockets that set
SOCK_MEMALLOC do not clear the flag until the socket is being torn down.
If this happens, a warning is generated and the tokens reclaimed to avoid
accounting errors until the bug is fixed.[davem@davemloft.net: Warning about clearing SOCK_MEMALLOC]
Signed-off-by: Peter Zijlstra
Signed-off-by: Mel Gorman
Acked-by: David S. Miller
Acked-by: Rik van Riel
Cc: Trond Myklebust
Cc: Neil Brown
Cc: Christoph Hellwig
Cc: Mike Christie
Cc: Eric B Munson
Cc: Sebastian Andrzej Siewior
Cc: Mel Gorman
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
20 Jul, 2012
1 commit
-
Conflicts:
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
17 Jul, 2012
1 commit
-
unregister_netdevice_notifier() must be called before
unregister_pernet_subsys() to avoid accessing already freed
pernet memory. This fixes the following oops when doing rmmod:Call Trace:
[] caif_device_notify+0x4d/0x5a0 [caif]
[] unregister_netdevice_notifier+0xb9/0x100
[] caif_device_exit+0x1c/0x250 [caif]
[] sys_delete_module+0x1a4/0x300
[] ? trace_hardirqs_on_caller+0x15d/0x1e0
[] ? trace_hardirqs_on_thunk+0x3a/0x3
[] system_call_fastpath+0x1a/0x1fRIP
[] caif_get+0x51/0xb0 [caif]Signed-off-by: Sjur Brændeland
Acked-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
29 Jun, 2012
1 commit
-
Conflicts:
drivers/net/caif/caif_hsi.c
drivers/net/usb/qmi_wwan.cThe qmi_wwan merge was trivial.
The caif_hsi.c, on the other hand, was not. It's a conflict between
1c385f1fdf6f9c66d982802cd74349c040980b50 ("caif-hsi: Replace platform
device with ops structure.") in the net-next tree and commit
39abbaef19cd0a30be93794aa4773c779c3eb1f3 ("caif-hsi: Postpone init of
HIS until open()") in the net tree.I did my best with that one and will ask Sjur to check it out.
Signed-off-by: David S. Miller
26 Jun, 2012
3 commits
-
Rearranged the allocation and packet creations to
avoid potential leaks in error path.Signed-off-by: Kim Lilliestierna
Signed-off-by: Sjur Brændeland
Signed-off-by: David S. Miller -
Add check on NULL return from caif_get().
Signed-off-by: Kim Lilliestierna
Signed-off-by: Sjur Brændeland
Signed-off-by: David S. Miller -
Removed surplus call to caif_device_list() in caif_dev.c
Signed-off-by: Kim Lilliestierna
Signed-off-by: Sjur Brændeland
Signed-off-by: David S. Miller