1. 29 1月, 2014 14 次提交
  2. 28 1月, 2014 14 次提交
    • M
      net: Document promote_secondaries · d922e1cb
      Martin Schwenke 提交于
      From 038a821667f62c496f2bbae27081b1b612122a97 Mon Sep 17 00:00:00 2001
      From: Martin Schwenke <martin@meltin.net>
      Date: Tue, 28 Jan 2014 15:16:49 +1100
      Subject: [PATCH] net: Document promote_secondaries
      
      This option was added a long time ago...
      
        commit 8f937c60
        Author: Harald Welte <laforge@gnumonks.org>
        Date:   Sun May 29 20:23:46 2005 -0700
      
          [IPV4]: Primary and secondary addresses
      Signed-off-by: NMartin Schwenke <martin@meltin.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d922e1cb
    • D
      net: gre: use icmp_hdr() to get inner ip header · c0c0c50f
      Duan Jiong 提交于
      When dealing with icmp messages, the skb->data points the
      ip header that triggered the sending of the icmp message.
      
      In gre_cisco_err(), the parse_gre_header() is called, and the
      iptunnel_pull_header() is called to pull the skb at the end of
      the parse_gre_header(), so the skb->data doesn't point the
      inner ip header.
      
      Unfortunately, the ipgre_err still needs those ip addresses in
      inner ip header to look up tunnel by ip_tunnel_lookup().
      
      So just use icmp_hdr() to get inner ip header instead of skb->data.
      Signed-off-by: NDuan Jiong <duanj.fnst@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0c0c50f
    • D
      i40e: Add missing braces to i40e_dcb_need_reconfig() · 3d9667a9
      Dave Jones 提交于
      Indentation mismatch spotted with Coverity.
      Introduced in 4e3b35b0 ("i40e: add DCB and DCBNL support")
      Signed-off-by: NDave Jones <davej@fedoraproject.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3d9667a9
    • A
      xen-netfront: fix resource leak in netfront · cefe0078
      Annie Li 提交于
      This patch removes grant transfer releasing code from netfront, and uses
      gnttab_end_foreign_access to end grant access since
      gnttab_end_foreign_access_ref may fail when the grant entry is
      currently used for reading or writing.
      
      * clean up grant transfer code kept from old netfront(2.6.18) which grants
      pages for access/map and transfer. But grant transfer is deprecated in current
      netfront, so remove corresponding release code for transfer.
      
      * fix resource leak, release grant access (through gnttab_end_foreign_access)
      and skb for tx/rx path, use get_page to ensure page is released when grant
      access is completed successfully.
      
      Xen-blkfront/xen-tpmfront/xen-pcifront also have similar issue, but patches
      for them will be created separately.
      
      V6: Correct subject line and commit message.
      
      V5: Remove unecessary change in xennet_end_access.
      
      V4: Revert put_page in gnttab_end_foreign_access, and keep netfront change in
      single patch.
      
      V3: Changes as suggestion from David Vrabel, ensure pages are not freed untill
      grant acess is ended.
      
      V2: Improve patch comments.
      Signed-off-by: NAnnie Li <annie.li@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cefe0078
    • S
      ce60e0c4
    • H
      hyperv: Add support for physically discontinuous receive buffer · b679ef73
      Haiyang Zhang 提交于
      This will allow us to use bigger receive buffer, and prevent allocation failure
      due to fragmented memory.
      Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
      Reviewed-by: NK. Y. Srinivasan <kys@microsoft.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b679ef73
    • S
      sky2: initialize napi before registering device · 731073b9
      Stanislaw Gruszka 提交于
      There is race condition when call netif_napi_add() after
      register_netdevice(), as ->open() can be called without napi initialized
      and trigger BUG_ON() on napi_enable(), like on below messages:
      
      [    9.699863] sky2: driver version 1.30
      [    9.699960] sky2 0000:02:00.0: Yukon-2 EC Ultra chip revision 2
      [    9.700020] sky2 0000:02:00.0: irq 45 for MSI/MSI-X
      [    9.700498] ------------[ cut here ]------------
      [    9.703391] kernel BUG at include/linux/netdevice.h:501!
      [    9.703391] invalid opcode: 0000 [#1] PREEMPT SMP
      <snip>
      [    9.830018] Call Trace:
      [    9.830018]  [<fa996169>] sky2_open+0x309/0x360 [sky2]
      [    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
      [    9.830018]  [<c1007210>] ? via_no_dac+0x40/0x40
      [    9.830018]  [<c135ed4b>] __dev_open+0x9b/0x120
      [    9.830018]  [<c1431cbe>] ? _raw_spin_unlock_bh+0x1e/0x20
      [    9.830018]  [<c135efd9>] __dev_change_flags+0x89/0x150
      [    9.830018]  [<c135f148>] dev_change_flags+0x18/0x50
      [    9.830018]  [<c13bb8e0>] devinet_ioctl+0x5d0/0x6e0
      [    9.830018]  [<c13bcced>] inet_ioctl+0x6d/0xa0
      
      To fix the problem patch changes the order of initialization.
      
      Bug report:
      https://bugzilla.kernel.org/show_bug.cgi?id=67151
      
      Reported-and-tested-by: ebrahim.azarisooreh@gmail.com
      Signed-off-by: NStanislaw Gruszka <stf_xl@wp.pl>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      731073b9
    • H
      net: Fix memory leak if TPROXY used with TCP early demux · a452ce34
      Holger Eitzenberger 提交于
      I see a memory leak when using a transparent HTTP proxy using TPROXY
      together with TCP early demux and Kernel v3.8.13.15 (Ubuntu stable):
      
      unreferenced object 0xffff88008cba4a40 (size 1696):
        comm "softirq", pid 0, jiffies 4294944115 (age 8907.520s)
        hex dump (first 32 bytes):
          0a e0 20 6a 40 04 1b 37 92 be 32 e2 e8 b4 00 00  .. j@..7..2.....
          02 00 07 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<ffffffff810b710a>] kmem_cache_alloc+0xad/0xb9
          [<ffffffff81270185>] sk_prot_alloc+0x29/0xc5
          [<ffffffff812702cf>] sk_clone_lock+0x14/0x283
          [<ffffffff812aaf3a>] inet_csk_clone_lock+0xf/0x7b
          [<ffffffff8129a893>] netlink_broadcast+0x14/0x16
          [<ffffffff812c1573>] tcp_create_openreq_child+0x1b/0x4c3
          [<ffffffff812c033e>] tcp_v4_syn_recv_sock+0x38/0x25d
          [<ffffffff812c13e4>] tcp_check_req+0x25c/0x3d0
          [<ffffffff812bf87a>] tcp_v4_do_rcv+0x287/0x40e
          [<ffffffff812a08a7>] ip_route_input_noref+0x843/0xa55
          [<ffffffff812bfeca>] tcp_v4_rcv+0x4c9/0x725
          [<ffffffff812a26f4>] ip_local_deliver_finish+0xe9/0x154
          [<ffffffff8127a927>] __netif_receive_skb+0x4b2/0x514
          [<ffffffff8127aa77>] process_backlog+0xee/0x1c5
          [<ffffffff8127c949>] net_rx_action+0xa7/0x200
          [<ffffffff81209d86>] add_interrupt_randomness+0x39/0x157
      
      But there are many more, resulting in the machine going OOM after some
      days.
      
      From looking at the TPROXY code, and with help from Florian, I see
      that the memory leak is introduced in tcp_v4_early_demux():
      
        void tcp_v4_early_demux(struct sk_buff *skb)
        {
          /* ... */
      
          iph = ip_hdr(skb);
          th = tcp_hdr(skb);
      
          if (th->doff < sizeof(struct tcphdr) / 4)
              return;
      
          sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
                             iph->saddr, th->source,
                             iph->daddr, ntohs(th->dest),
                             skb->skb_iif);
          if (sk) {
              skb->sk = sk;
      
      where the socket is assigned unconditionally to skb->sk, also bumping
      the refcnt on it.  This is problematic, because in our case the skb
      has already a socket assigned in the TPROXY target.  This then results
      in the leak I see.
      
      The very same issue seems to be with IPv6, but haven't tested.
      Reviewed-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NHolger Eitzenberger <holger@eitzenberger.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a452ce34
    • D
      Merge branch 'bonding' · 66dd1c07
      David S. Miller 提交于
      Veaceslav Falico says:
      
      ====================
      bonding: fix locking in bond_ab_arp_prob
      
      After the latest patches, on every call of bond_ab_arp_probe() without an
      active slave I see the following warning:
      
      [    7.912314] RTNL: assertion failed at net/core/dev.c (4494)
      ...
      [    7.922495]  [<ffffffff817acc6f>] dump_stack+0x51/0x72
      [    7.923714]  [<ffffffff8168795e>] netdev_master_upper_dev_get+0x6e/0x70
      [    7.924940]  [<ffffffff816a2a66>] rtnl_link_fill+0x116/0x260
      [    7.926143]  [<ffffffff817acc6f>] ? dump_stack+0x51/0x72
      [    7.927333]  [<ffffffff816a350c>] rtnl_fill_ifinfo+0x95c/0xb90
      [    7.928529]  [<ffffffff8167af2b>] ? __kmalloc_reserve+0x3b/0xa0
      [    7.929681]  [<ffffffff8167bfcf>] ? __alloc_skb+0x9f/0x1e0
      [    7.930827]  [<ffffffff816a3b64>] rtmsg_ifinfo+0x84/0x100
      [    7.931960]  [<ffffffffa00bca07>] bond_ab_arp_probe+0x1a7/0x370 [bonding]
      [    7.933133]  [<ffffffffa00bcd78>] bond_activebackup_arp_mon+0x1a8/0x2f0 [bonding]
      ...
      
      It happens because in bond_ab_arp_probe() we change the flags of a slave
      without holding the RTNL lock.
      
      To fix this - remove the useless curr_active_lock, RCUify it and lock RTNL
      while changing the slave's flags. Also, remove bond_ab_arp_probe() from
      under any locks in bond_ab_arp_mon().
      ====================
      Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      66dd1c07
    • V
      bonding: restructure locking of bond_ab_arp_probe() · f2ebd477
      Veaceslav Falico 提交于
      Currently we're calling it from under RCU context, however we're using some
      functions that require rtnl to be held.
      
      Fix this by restructuring the locking - don't call it under any locks,
      aquire rcu_read_lock() if we're sending _only_ (i.e. we have the active
      slave present), and use rtnl locking otherwise - if we need to modify
      (in)active flags of a slave.
      
      CC: Jay Vosburgh <fubar@us.ibm.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f2ebd477
    • V
      bonding: RCUify bond_ab_arp_probe · 98b90f26
      Veaceslav Falico 提交于
      Currently bond_ab_arp_probe() is always called under rcu_read_lock(),
      however to work with curr_active_slave we're still holding the
      curr_slave_lock.
      
      To remove that curr_slave_lock - rcu_dereference the bond's
      curr_active_slave and use it further - so that we're sure the slave won't
      go away, and we don't care if it will change in the meanwhile.
      
      CC: Jay Vosburgh <fubar@us.ibm.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      Signed-off-by: NVeaceslav Falico <vfalico@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      98b90f26
    • N
      AF_PACKET: Add documentation for queue mapping fanout mode · bb9fbe2d
      Neil Horman 提交于
      Recently I added a new AF_PACKET fanout operation mode in commit
      2d36097d, but I forgot to document it.  Add PACKET_FANOUT_QM as an available mode
      in the af_packet documentation.  Applies to net-next.
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Daniel Borkmann <dborkman@redhat.com>
      Acked-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bb9fbe2d
    • Y
      bnx2x: More Shutdown revisions · 5f6db130
      Yuval Mintz 提交于
      Submission d9aee591 "bnx2x: Don't release PCI bars on shutdown" separated
      the PCI remove and shutdown flows, but pci_disable_device() is still
      being called on both.
      As a result, a dev_WARN_ONCE will be hit during shutdown for every bnx2x
      VF probed on a hypervisor (as its shutdown callback will be called and later
      pci_disable_sriov() will call its remove callback).
      
      This calls the pci_disable_device() only on the remove flow.
      Signed-off-by: NYuval Mintz <yuvalmin@broadcom.com>
      Signed-off-by: NAriel Elior <ariele@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5f6db130
    • S
      net: ipv4: Use PTR_ERR_OR_ZERO · 27d79f3b
      Sachin Kamat 提交于
      PTR_RET is deprecated. Use PTR_ERR_OR_ZERO instead. While at it
      also include missing err.h header.
      Signed-off-by: NSachin Kamat <sachin.kamat@linaro.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      27d79f3b
  3. 27 1月, 2014 7 次提交
  4. 26 1月, 2014 5 次提交
    • T
      af_rxrpc: Handle frames delivered from another VM · 1ea42735
      Tim Smith 提交于
      On input, CHECKSUM_PARTIAL should be treated the same way as
      CHECKSUM_UNNECESSARY. See include/linux/skbuff.h
      Signed-off-by: NTim Smith <tim@electronghost.co.uk>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      1ea42735
    • T
      af_rxrpc: Avoid setting up double-free on checksum error · 24a9981e
      Tim Smith 提交于
      skb_kill_datagram() does not dequeue the skb when MSG_PEEK is unset.
      This leaves a free'd skb on the queue, resulting a double-free later.
      
      Without this, the following oops can occur:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
      IP: [<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
      PGD 0
      Oops: 0002 [#1] SMP
      Modules linked in: af_rxrpc ...
      CPU: 0 PID: 1191 Comm: listen Not tainted 3.12.0+ #4
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      task: ffff8801183536b0 ti: ffff880035c92000 task.ti: ffff880035c92000
      RIP: 0010:[<ffffffff8154fcf7>] skb_dequeue+0x47/0x70
      RSP: 0018:ffff880035c93db8  EFLAGS: 00010097
      RAX: 0000000000000246 RBX: ffff8800d2754b00 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff8800d254c084
      RBP: ffff880035c93dd0 R08: ffff880035c93cf0 R09: ffff8800d968f270
      R10: 0000000000000000 R11: 0000000000000293 R12: ffff8800d254c070
      R13: ffff8800d254c084 R14: ffff8800cd861240 R15: ffff880119b39720
      FS:  00007f37a969d740(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 0000000000000008 CR3: 00000000d4413000 CR4: 00000000000006f0
      Stack:
       ffff8800d254c000 ffff8800d254c070 ffff8800d254c2c0 ffff880035c93df8
       ffffffffa041a5b8 ffff8800cd844c80 ffffffffa04385a0 ffff8800cd844cb0
       ffff880035c93e18 ffffffff81546cef ffff8800d45fea00 0000000000000008
      Call Trace:
       [<ffffffffa041a5b8>] rxrpc_release+0x128/0x2e0 [af_rxrpc]
       [<ffffffff81546cef>] sock_release+0x1f/0x80
       [<ffffffff81546d62>] sock_close+0x12/0x20
       [<ffffffff811aaba1>] __fput+0xe1/0x230
       [<ffffffff811aad3e>] ____fput+0xe/0x10
       [<ffffffff810862cc>] task_work_run+0xbc/0xe0
       [<ffffffff8106a3be>] do_exit+0x2be/0xa10
       [<ffffffff8116dc47>] ? do_munmap+0x297/0x3b0
       [<ffffffff8106ab8f>] do_group_exit+0x3f/0xa0
       [<ffffffff8106ac04>] SyS_exit_group+0x14/0x20
       [<ffffffff8166b069>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NTim Smith <tim@electronghost.co.uk>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      24a9981e
    • A
      RxRPC: do not unlock unheld spinlock in rxrpc_connect_exclusive() · 8f22ba61
      Alexey Khoroshilov 提交于
      If rx->conn is not NULL, rxrpc_connect_exclusive() does not
      acquire the transport's client lock, but it still releases it.
      
      The patch adds locking of the spinlock to this path.
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      8f22ba61
    • J
      um: hostfs: make functions static · 9e443bc3
      James Hogan 提交于
      The hostfs_*() callback functions are all only used within
      hostfs_kern.c, so make them static.
      Signed-off-by: NJames Hogan <james.hogan@imgtec.com>
      Cc: Jeff Dike <jdike@addtoit.com>
      Cc: Richard Weinberger <richard@nod.at>
      Cc: user-mode-linux-devel@lists.sourceforge.net
      Signed-off-by: NRichard Weinberger <richard@nod.at>
      9e443bc3
    • R
      um: Include generic barrier.h · 9af2452a
      Richard Weinberger 提交于
      ...to get smp_store_release().
      Reported-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NRichard Weinberger <richard@nod.at>
      9af2452a