- 27 10月, 2009 8 次提交
-
-
由 Bruce Allan 提交于
PCH-based parts (82577/82578) and some ICH8-based parts (82566) need to hold the swflag (sw/fw/hw hardware semaphore) over consecutive PHY accesses in order to perform sw-driven PHY configuration during initialization to workaround known hardware issues (see follow-on patch). This patch provides new PHY read/write functions (and function pointers) that will allow accessing the PHY registers assuming the swflag has already been acquired. The actual PHY register access code has moved into helper functions that are called with a flag indicating whether or not the swflag has already been acquired and acquires/releases it if not. The functions called from within the updated PHY access functions had to be updated to assume the swflag was already acquired, and other functions that called those functions were also updated to acquire/release the swflag. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
Accesses to NVM and PHY/CSR registers on ICHx/PCH-based parts are protected from concurrent accesses with a mutex that is acquired when the access is initiated and released when the access has completed. However, the two types of accesses should not be protected by the same mutex because the driver may have to access the NVM while already holding the mutex over several consecutive PHY/CSR accesses which would result in livelock. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
Unlike previous ICHx-based parts, the PCH-based parts (82577/82578) require LPLU (Low Power Link Up, or "reverse auto-negotiation") to be configured in the PHY rather than the MAC. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
In some conditions (e.g. when AMT is enabled on the system), it is possible to take an extended period of time to for the driver to acquire the sw/fw/hw hardware semaphore used to protect against concurrent access of a shared resource (e.g. PHY registers). This could cause PHY registers to not get configured properly resulting in link issues. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
Performing a dummy read of the PHY Wakeup Control (WUC) register clears the wakeup enable bit set by an PHY reset. If this bit remains set, link problems may occur. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexander Duyck 提交于
This patch resolves a memory leak which occurs while changing the ring size while the interface is down. Signed-off-by: NAlexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexander Duyck 提交于
This patch resolves a memory leak that occurs when you resize the rings via the ethtool -G option while the interface is down. Signed-off-by: NAlexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexander Duyck 提交于
Changing ring sizes while the interface was down was causing a double allocation of the receive and transmit rings. This issue is amplified when there are multiple rings enabled. To prevent this we need to add an additional check which will just update the ring counts when the interface is not up and skip the allocation steps. Signed-off-by: NAlexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 24 10月, 2009 4 次提交
-
-
由 Jasper Spaans 提交于
Modify bonding hash transmit policies to use the psource MAC address of the packet instead of the MAC address configured for the bonding device. The old sitation conflicts with the documentation. Signed-off-by: NJasper Spaans <spaans@fox-it.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NJay Vosburgh <fubar@us.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
While playing with pktgen, I realized IP ID was not filled and a random value was taken, possibly leaking 2 bytes of kernel memory. We can use an increasing ID, this can help diagnostics anyway. Also clear packet payload, instead of leaking kernel memory. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Dooks 提交于
The DM9000B revision ID is 0x1A, not 0x1B as set in the curernt dm9000.h header. Fix bug reported by Paolo Zebelloni. Signed-off-by: NBen Dooks <ben@simtec.co.uk> Signed-off-by: NSimtec Linux Team <linux@simtec.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Simon Wunderlich 提交于
The 8110SC rev d chip on our board shows a regression which the 8110SB chip did not have. When inbound traffic is overflowing the receive descriptor queue, "holes" in the ring buffer may occur which lead to a hangup until the buffer is filled again. The packets are than completely processed, but the ring remains porous and no packets are processed until the next overflow. Setting the interface down and up can fix the problem temporary from userspace. For some reason we don't know, this behaviour is not occuring if the RxVlan bit for hardware VLAN untagging is set. There is another "Work around for AMD plateform" in the current code which checks the VLAN status word in receive descriptors, but does never come to effect when hardware VLAN support is enabled. We assume that this is a bug in the chip. The following patch fixes the problem. Without the patch we could reproduce the hang within minutes (given other devices also generating lots of interrupts), without we couldn't reproduce within a few days of long term testing. This version contains minor style adjustments and is sent with mutt which will hopefully not destroy the formatting again. Signed-off-by: NBernhard Schmidt <bernhard.schmidt@saxnet.de> Signed-off-by: NSimon Wunderlich <simon.wunderlich@saxnet.de> Acked-by: NFrancois Romieu <romieu@zoreil.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 23 10月, 2009 9 次提交
-
-
由 Eric Dumazet 提交于
At this point (ri_tasklet()), RTNL or dev_base_lock are not held, we must use dev_get_by_index() instead of __dev_get_by_index() Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Manuel Lauss 提交于
fixes the following build failure: CC drivers/net/au1000_eth.o /drivers/net/au1000_eth.c: In function 'au1000_set_settings': /drivers/net/au1000_eth.c:623: error: implicit declaration of function 'capable' /drivers/net/au1000_eth.c:623: error: 'CAP_NET_ADMIN' undeclared (first use in this function) /drivers/net/au1000_eth.c:623: error: (Each undeclared identifier is reported only once /drivers/net/au1000_eth.c:623: error: for each function it appears in. Signed-off-by: NManuel Lauss <manuel.lauss@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Brice Goglin 提交于
Improve the reporting of myri10ge port type in ethtool, and update for new boards. Signed-off-by: NBrice Goglin <brice@myri.com> Signed-off-by: NAndrew Gallatin <gallatin@myri.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Arjan van de Ven 提交于
Commit b6b39e8f (tcp: Try to catch MSG_PEEK bug) added a printk() to the WARN_ON() that's in tcp.c. This patch changes this combination to WARN(); the advantage of WARN() is that the printk message shows up inside the message, so that kerneloops.org will collect the message. In addition, this gets rid of an extra if() statement. Signed-off-by: NArjan van de Ven <arjan@linux.intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Bruce Allan 提交于
The PHY on 82577/82578 parts needs a soft reset when transitioning to Sx state in order for the PHY write which disables gigabit speed to take effect. Gigabit speed must be disabled in order for the PHY writes to registers on page 800 (the wakeup control registers) to work as expected otherwise the system might not wake via WoL. Signed-off-by: NBruce Allan <bruce.w.allan@intel.com> Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Xiaotian Feng 提交于
There's a circular locking dependency: ---> isdn_net_get_locked_lp --->lock &nd->queue_lock --->lock &nd->queue->xmit_lock ..................... ---->unlock &nd->queue_lock ---> isdn_net_writebuf_skb (called with &nd->queue->xmit_lock locked) ---->isdn_net_inc_frame_cnt ---->isdn_net_device_busy ----> lock &nd->queue_lock This will trigger lockdep warnings: ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.32-rc4-testing #7 ------------------------------------------------------- ipppd/28379 is trying to acquire lock: (&netdev->queue_lock){......}, at: [<e62ad0fd>] isdn_net_device_busy+0x2c/0x74 [isdn] but task is already holding lock: (&netdev->local->xmit_lock){+.....}, at: [<e62aefc2>] isdn_net_write_super+0x3f/0x6e [isdn] which lock already depends on the new lock. ....... We don't need to lock nd->queue->xmit_lock to protect single isdn_net_lp_busy(). This can fix above lockdep warnings. Reported-and-tested-by: NTilman Schmidt <tilman@imap.cc> Signed-off-by: NXiaotian Feng <xtfeng@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dhananjay Phadke 提交于
Old code assumed board config version in the flash to be 1. When this will get changed by tools, driver just refuses to attach. This is unnecessary since driver does not have to parse board config structure directly (maintained by firmware). Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Amit Kumar Salecha 提交于
Clear NX_RESETING bit in netxen_tx_timeout_task() so that the firmware watchdog task can catch need_reset request from tx timeout. Signed-off-by: NAmit Kumar Salecha <amit.salecha@qlogic.com> Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dhananjay Phadke 提交于
Avoid resetting subsys ID in i2c block. Also remove duplicate check for address tranlsation error. Signed-off-by: NDhananjay Phadke <dhananjay@netxen.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 10月, 2009 1 次提交
-
-
由 Joyce Yu 提交于
niu: VLAN_ETH_HLEN should be used to make sure that the whole MAC header was copied to the head buffer in the Vlan packets case Signed-off-by: NJoyce Yu <joyce.yu@sun.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 21 10月, 2009 4 次提交
-
-
由 Ben Dooks 提交于
In ks8851_set_rx_mode() the case handling IFF_MULTICAST was also setting the RXCR1_AE bit by accident. This meant that all unicast frames where being accepted by the device. Remove RXCR1_AE from this case. Note, RXCR1_AE was also masking a problem with setting the MAC address properly, so needs to be applied after fixing the MAC write order. Fixes a bug reported by Doong, Ping of Micrel. This version of the patch avoids setting RXCR1_ME for all cases. Signed-off-by: NBen Dooks <ben@simtec.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Dooks 提交于
The MAC address register was being written in the wrong order, so add a new address macro to convert mac-address byte to register address and a ks8851_wrreg8() function to write each byte without having to worry about any difficult byte swapping. Fixes a bug reported by Doong, Ping of Micrel. Signed-off-by: NBen Dooks <ben@simtec.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Dooks 提交于
Issue a full soft reset at probe time. This was reported by Doong Ping of Micrel, but no explanation of why this is necessary or what bug it is fixing. Add it as it does not seem to hurt the current driver and ensures that the device is in a known state when we start setting it up. Signed-off-by: NBen Dooks <ben@simtec.co.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steven King 提交于
fec_enet_init is called by both fec_probe and fec_resume, so it shouldn't be marked as __init. Signed-off-by: NSteven King <sfking@fdwdc.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 20 10月, 2009 9 次提交
-
-
由 Eric Dumazet 提交于
commit 9e337b0f (net: annotate inet_timewait_sock bitfields) added 4/8 bytes in struct inet_timewait_sock. Fix this by declaring tw_ipv6_offset in the 'flags' bitfield The 14 bits hole is named tw_pad to make it cleary apparent. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Herbert Xu 提交于
This patch tries to print out more information when we hit the MSG_PEEK bug in tcp_recvmsg. It's been around since at least 2005 and it's about time that we finally fix it. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
ipv4/ipv6 setsockopt(IP_MULTICAST_IF) have dubious __dev_get_by_index() calls. This function should be called only with RTNL or dev_base_lock held, or reader could see a corrupt hash chain and eventually enter an endless loop. Fix is to call dev_get_by_index()/dev_put(). If this happens to be performance critical, we could define a new dev_exist_by_index() function to avoid touching dev refcount. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dave Young 提交于
When shutdown ppp connection, lockdep waring about non-static key will happen, it is caused by the lock is not initialized properly at that time. Fix with tuning the lock/skb_queue_head init order [ 94.339261] INFO: trying to register non-static key. [ 94.342509] the code is fine but needs lockdep annotation. [ 94.342509] turning off the locking correctness validator. [ 94.342509] Pid: 0, comm: swapper Not tainted 2.6.31-mm1 #2 [ 94.342509] Call Trace: [ 94.342509] [<c0248fbe>] register_lock_class+0x58/0x241 [ 94.342509] [<c024b5df>] ? __lock_acquire+0xb57/0xb73 [ 94.342509] [<c024ab34>] __lock_acquire+0xac/0xb73 [ 94.342509] [<c024b7fa>] ? lock_release_non_nested+0x17b/0x1de [ 94.342509] [<c024b662>] lock_acquire+0x67/0x84 [ 94.342509] [<c04cd1eb>] ? skb_dequeue+0x15/0x41 [ 94.342509] [<c054a857>] _spin_lock_irqsave+0x2f/0x3f [ 94.342509] [<c04cd1eb>] ? skb_dequeue+0x15/0x41 [ 94.342509] [<c04cd1eb>] skb_dequeue+0x15/0x41 [ 94.342509] [<c054a648>] ? _read_unlock+0x1d/0x20 [ 94.342509] [<c04cd641>] skb_queue_purge+0x14/0x1b [ 94.342509] [<fab94fdc>] l2cap_recv_frame+0xea1/0x115a [l2cap] [ 94.342509] [<c024b5df>] ? __lock_acquire+0xb57/0xb73 [ 94.342509] [<c0249c04>] ? mark_lock+0x1e/0x1c7 [ 94.342509] [<f8364963>] ? hci_rx_task+0xd2/0x1bc [bluetooth] [ 94.342509] [<fab95346>] l2cap_recv_acldata+0xb1/0x1c6 [l2cap] [ 94.342509] [<f8364997>] hci_rx_task+0x106/0x1bc [bluetooth] [ 94.342509] [<fab95295>] ? l2cap_recv_acldata+0x0/0x1c6 [l2cap] [ 94.342509] [<c02302c4>] tasklet_action+0x69/0xc1 [ 94.342509] [<c022fbef>] __do_softirq+0x94/0x11e [ 94.342509] [<c022fcaf>] do_softirq+0x36/0x5a [ 94.342509] [<c022fe14>] irq_exit+0x35/0x68 [ 94.342509] [<c0204ced>] do_IRQ+0x72/0x89 [ 94.342509] [<c02038ee>] common_interrupt+0x2e/0x34 [ 94.342509] [<c024007b>] ? pm_qos_add_requirement+0x63/0x9d [ 94.342509] [<c038e8a5>] ? acpi_idle_enter_bm+0x209/0x238 [ 94.342509] [<c049d238>] cpuidle_idle_call+0x5c/0x94 [ 94.342509] [<c02023f8>] cpu_idle+0x4e/0x6f [ 94.342509] [<c0534153>] rest_init+0x53/0x55 [ 94.342509] [<c0781894>] start_kernel+0x2f0/0x2f5 [ 94.342509] [<c0781091>] i386_start_kernel+0x91/0x96 Reported-by: NOliver Hartkopp <oliver@hartkopp.net> Signed-off-by: NDave Young <hidave.darkstar@gmail.com> Tested-by: NOliver Hartkopp <oliver@hartkopp.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dave Young 提交于
Due to driver core changes dev_set_drvdata will call kzalloc which should be in might_sleep context, but hci_conn_add will be called in atomic context Like dev_set_name move dev_set_drvdata to work queue function. oops as following: Oct 2 17:41:59 darkstar kernel: [ 438.001341] BUG: sleeping function called from invalid context at mm/slqb.c:1546 Oct 2 17:41:59 darkstar kernel: [ 438.001345] in_atomic(): 1, irqs_disabled(): 0, pid: 2133, name: sdptool Oct 2 17:41:59 darkstar kernel: [ 438.001348] 2 locks held by sdptool/2133: Oct 2 17:41:59 darkstar kernel: [ 438.001350] #0: (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.+.}, at: [<faa1d2f5>] lock_sock+0xa/0xc [l2cap] Oct 2 17:41:59 darkstar kernel: [ 438.001360] #1: (&hdev->lock){+.-.+.}, at: [<faa20e16>] l2cap_sock_connect+0x103/0x26b [l2cap] Oct 2 17:41:59 darkstar kernel: [ 438.001371] Pid: 2133, comm: sdptool Not tainted 2.6.31-mm1 #2 Oct 2 17:41:59 darkstar kernel: [ 438.001373] Call Trace: Oct 2 17:41:59 darkstar kernel: [ 438.001381] [<c022433f>] __might_sleep+0xde/0xe5 Oct 2 17:41:59 darkstar kernel: [ 438.001386] [<c0298843>] __kmalloc+0x4a/0x15a Oct 2 17:41:59 darkstar kernel: [ 438.001392] [<c03f0065>] ? kzalloc+0xb/0xd Oct 2 17:41:59 darkstar kernel: [ 438.001396] [<c03f0065>] kzalloc+0xb/0xd Oct 2 17:41:59 darkstar kernel: [ 438.001400] [<c03f04ff>] device_private_init+0x15/0x3d Oct 2 17:41:59 darkstar kernel: [ 438.001405] [<c03f24c5>] dev_set_drvdata+0x18/0x26 Oct 2 17:41:59 darkstar kernel: [ 438.001414] [<fa51fff7>] hci_conn_init_sysfs+0x40/0xd9 [bluetooth] Oct 2 17:41:59 darkstar kernel: [ 438.001422] [<fa51cdc0>] ? hci_conn_add+0x128/0x186 [bluetooth] Oct 2 17:41:59 darkstar kernel: [ 438.001429] [<fa51ce0f>] hci_conn_add+0x177/0x186 [bluetooth] Oct 2 17:41:59 darkstar kernel: [ 438.001437] [<fa51cf8a>] hci_connect+0x3c/0xfb [bluetooth] Oct 2 17:41:59 darkstar kernel: [ 438.001442] [<faa20e87>] l2cap_sock_connect+0x174/0x26b [l2cap] Oct 2 17:41:59 darkstar kernel: [ 438.001448] [<c04c8df5>] sys_connect+0x60/0x7a Oct 2 17:41:59 darkstar kernel: [ 438.001453] [<c024b703>] ? lock_release_non_nested+0x84/0x1de Oct 2 17:41:59 darkstar kernel: [ 438.001458] [<c028804b>] ? might_fault+0x47/0x81 Oct 2 17:41:59 darkstar kernel: [ 438.001462] [<c028804b>] ? might_fault+0x47/0x81 Oct 2 17:41:59 darkstar kernel: [ 438.001468] [<c033361f>] ? __copy_from_user_ll+0x11/0xce Oct 2 17:41:59 darkstar kernel: [ 438.001472] [<c04c9419>] sys_socketcall+0x82/0x17b Oct 2 17:41:59 darkstar kernel: [ 438.001477] [<c020329d>] syscall_call+0x7/0xb Signed-off-by: NDave Young <hidave.darkstar@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julian Anastasov 提交于
Fix TCP_DEFER_ACCEPT conversion between seconds and retransmission to match the TCP SYN-ACK retransmission periods because the time is converted to such retransmissions. The old algorithm selects one more retransmission in some cases. Allow up to 255 retransmissions. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julian Anastasov 提交于
Change SYN-ACK retransmitting code for the TCP_DEFER_ACCEPT users to not retransmit SYN-ACKs during the deferring period if ACK from client was received. The goal is to reduce traffic during the deferring period. When the period is finished we continue with sending SYN-ACKs (at least one) but this time any traffic from client will change the request to established socket allowing application to terminate it properly. Also, do not drop acked request if sending of SYN-ACK fails. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julian Anastasov 提交于
Willy Tarreau and many other folks in recent years were concerned what happens when the TCP_DEFER_ACCEPT period expires for clients which sent ACK packet. They prefer clients that actively resend ACK on our SYN-ACK retransmissions to be converted from open requests to sockets and queued to the listener for accepting after the deferring period is finished. Then application server can decide to wait longer for data or to properly terminate the connection with FIN if read() returns EAGAIN which is an indication for accepting after the deferring period. This change still can have side effects for applications that expect always to see data on the accepted socket. Others can be prepared to work in both modes (with or without TCP_DEFER_ACCEPT period) and their data processing can ignore the read=EAGAIN notification and to allocate resources for clients which proved to have no data to send during the deferring period. OTOH, servers that use TCP_DEFER_ACCEPT=1 as flag (not as a timeout) to wait for data will notice clients that didn't send data for 3 seconds but that still resend ACKs. Thanks to Willy Tarreau for the initial idea and to Eric Dumazet for the review and testing the change. Signed-off-by: NJulian Anastasov <ja@ssi.bg> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
This reverts commit 6d01a026. Julian Anastasov, Willy Tarreau and Eric Dumazet have come up with a more correct way to deal with this. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 19 10月, 2009 3 次提交
-
-
由 Tomoki Sekiyama 提交于
I found a deadlock bug in UNIX domain socket, which makes able to DoS attack against the local machine by non-root users. How to reproduce: 1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct namespace(*), and shutdown(2) it. 2. Repeat connect(2)ing to the listening socket from the other sockets until the connection backlog is full-filled. 3. connect(2) takes the CPU forever. If every core is taken, the system hangs. PoC code: (Run as many times as cores on SMP machines.) int main(void) { int ret; int csd; int lsd; struct sockaddr_un sun; /* make an abstruct name address (*) */ memset(&sun, 0, sizeof(sun)); sun.sun_family = PF_UNIX; sprintf(&sun.sun_path[1], "%d", getpid()); /* create the listening socket and shutdown */ lsd = socket(AF_UNIX, SOCK_STREAM, 0); bind(lsd, (struct sockaddr *)&sun, sizeof(sun)); listen(lsd, 1); shutdown(lsd, SHUT_RDWR); /* connect loop */ alarm(15); /* forcely exit the loop after 15 sec */ for (;;) { csd = socket(AF_UNIX, SOCK_STREAM, 0); ret = connect(csd, (struct sockaddr *)&sun, sizeof(sun)); if (-1 == ret) { perror("connect()"); break; } puts("Connection OK"); } return 0; } (*) Make sun_path[0] = 0 to use the abstruct namespace. If a file-based socket is used, the system doesn't deadlock because of context switches in the file system layer. Why this happens: Error checks between unix_socket_connect() and unix_wait_for_peer() are inconsistent. The former calls the latter to wait until the backlog is processed. Despite the latter returns without doing anything when the socket is shutdown, the former doesn't check the shutdown state and just retries calling the latter forever. Patch: The patch below adds shutdown check into unix_socket_connect(), so connect(2) to the shutdown socket will return -ECONREFUSED. Signed-off-by: NTomoki Sekiyama <tomoki.sekiyama.qu@hitachi.com> Signed-off-by: NMasanori Yoshida <masanori.yoshida.tv@hitachi.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Chou 提交于
This patch fixed the problem of dropped packets due to lost of interrupt requests. We should only clear what was pending at the moment we read the irq source reg. Signed-off-by: NThomas Chou <thomas@wytron.com.tw> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Chou 提交于
Signed-off-by: NThomas Chou <thomas@wytron.com.tw> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 17 10月, 2009 1 次提交
-
-
由 Randy Dunlap 提交于
vmxnet3 was using dprintk() for debugging output. This was defined in <linux/dst.h> and was the only thing that was used from that header file. This caused compile errors when CONFIG_BLOCK was not enabled due to bio* and BIO* uses in the header file, so change this driver to use dev_dbg() for debugging output. include/linux/dst.h:520: error: dereferencing pointer to incomplete type include/linux/dst.h:520: error: 'BIO_POOL_BITS' undeclared (first use in this function) include/linux/dst.h:521: error: dereferencing pointer to incomplete type include/linux/dst.h:522: error: dereferencing pointer to incomplete type include/linux/dst.h:525: error: dereferencing pointer to incomplete type make[4]: *** [drivers/net/vmxnet3/vmxnet3_drv.o] Error 1 Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com> Signed-off-by: NBhavesh Davda <bhavesh@vmware.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 15 10月, 2009 1 次提交
-
-
由 Eric Dumazet 提交于
Because netpoll can call netdevice start_xmit() method with irqs disabled, drivers should not call kfree_skb() from their start_xmit(), but use dev_kfree_skb_any() instead. Oct 8 11:16:52 172.30.1.31 [113074.791813] ------------[ cut here ]------------ Oct 8 11:16:52 172.30.1.31 [113074.791813] WARNING: at net/core/skbuff.c:398 \ skb_release_head_state+0x64/0xc8() Oct 8 11:16:52 172.30.1.31 [113074.791813] Hardware name: Oct 8 11:16:52 172.30.1.31 [113074.791813] Modules linked in: netconsole ocfs2 jbd2 quota_tree \ ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs crc32c drbd cn loop \ serio_raw psmouse snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net pcspkr parport_pc parport \ i2c_piix4 i2c_core button processor evdev ext3 jbd mbcache dm_mirror dm_region_hash dm_log dm_snapshot \ dm_mod ide_cd_mod cdrom ata_generic ata_piix virtio_blk libata scsi_mod piix ide_pci_generic ide_core \ virtio_pci virtio_ring virtio floppy thermal fan thermal_sys [last unloaded: netconsole] Oct 8 11:16:52 172.30.1.31 [113074.791813] Pid: 11132, comm: php5-cgi Tainted: G W \ 2.6.31.2-vserver #1 Oct 8 11:16:52 172.30.1.31 [113074.791813] Call Trace: Oct 8 11:16:52 172.30.1.31 [113074.791813] <IRQ> [<ffffffff81253cd5>] ? \ skb_release_head_state+0x64/0xc8 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81253cd5>] ? skb_release_head_state+0x64/0xc8 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81049ae1>] ? warn_slowpath_common+0x77/0xa3 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81253cd5>] ? skb_release_head_state+0x64/0xc8 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81253a1a>] ? __kfree_skb+0x9/0x7d Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffffa01cb139>] ? free_old_xmit_skbs+0x51/0x6e \ [virtio_net] Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffffa01cbc85>] ? start_xmit+0x26/0xf2 [virtio_net] Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8126934f>] ? netpoll_send_skb+0xd2/0x205 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffffa0429216>] ? write_msg+0x90/0xeb [netconsole] Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81049f06>] ? __call_console_drivers+0x5e/0x6f Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8102b49d>] ? kvm_clock_read+0x4d/0x52 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8104a082>] ? release_console_sem+0x115/0x1ba Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8104a632>] ? vprintk+0x2f2/0x34b Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8106b142>] ? vx_update_load+0x18/0x13e Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81308309>] ? printk+0x4e/0x5d Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff8102b49d>] ? kvm_clock_read+0x4d/0x52 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81070b62>] ? getnstimeofday+0x55/0xaf Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81062683>] ? ktime_get_ts+0x21/0x49 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff810626b7>] ? ktime_get+0xc/0x41 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81062788>] ? hrtimer_interrupt+0x9c/0x146 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81024a4b>] ? smp_apic_timer_interrupt+0x80/0x93 Oct 8 11:16:52 172.30.1.31 [113074.791813] [<ffffffff81011663>] ? apic_timer_interrupt+0x13/0x20 Oct 8 11:16:52 172.30.1.31 [113074.791813] <EOI> [<ffffffff8130a9eb>] ? _spin_unlock_irq+0xd/0x31 Reported-and-tested-by: NMassimo Cetra <mcetra@navynet.it> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Bug-Entry: http://bugzilla.kernel.org/show_bug.cgi?id=14378Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-