1. 23 9月, 2012 2 次提交
    • E
      ipv4: raw: fix icmp_filter() · ab43ed8b
      Eric Dumazet 提交于
      icmp_filter() should not modify its input, or else its caller
      would need to recompute ip_hdr() if skb->head is reallocated.
      
      Use skb_header_pointer() instead of pskb_may_pull() and
      change the prototype to make clear both sk and skb are const.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ab43ed8b
    • P
      net/phy/bcm87xx: Add MODULE_LICENSE("GPL") to GPL driver · 9913b8c8
      Peter Hüwe 提交于
      Currently the driver has no MODULE_LICENSE attribute in its source which
      results in a kernel taint if I load this:
      
      root@(none):~# modprobe bcm87xx
      bcm87xx: module license 'unspecified' taints kernel.
      
      Since the first lines of the source code clearly state:
       * This file is subject to the terms and conditions of the GNU General
       * Public License.  See the file "COPYING" in the main directory of this
       * archive for more details.
      I think it's safe to add the MODULE_LICENSE("GPL") macro and thus remove
      the kernel taint.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NPeter Huewe <peterhuewe@gmx.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9913b8c8
  2. 22 9月, 2012 26 次提交
  3. 21 9月, 2012 12 次提交
    • M
      can: ti_hecc: fix oops during rmmod · ab04c8bd
      Marc Kleine-Budde 提交于
      This patch fixes an oops which occurs when unloading the driver, while the
      network interface is still up. The problem is that first the io mapping is
      teared own, then the CAN device is unregistered, resulting in accessing the
      hardware's iomem:
      
      [  172.744232] Unable to handle kernel paging request at virtual address c88b0040
      [  172.752441] pgd = c7be4000
      [  172.755645] [c88b0040] *pgd=87821811, *pte=00000000, *ppte=00000000
      [  172.762207] Internal error: Oops: 807 [#1] PREEMPT ARM
      [  172.767517] Modules linked in: ti_hecc(-) can_dev
      [  172.772430] CPU: 0    Not tainted  (3.5.0alpha-00037-g3554cc0 #126)
      [  172.778961] PC is at ti_hecc_close+0xb0/0x100 [ti_hecc]
      [  172.784423] LR is at __dev_close_many+0x90/0xc0
      [  172.789123] pc : [<bf00c768>]    lr : [<c033be58>]    psr: 60000013
      [  172.789123] sp : c5c1de68  ip : 00040081  fp : 00000000
      [  172.801025] r10: 00000001  r9 : c5c1c000  r8 : 00100100
      [  172.806457] r7 : c5d0a48c  r6 : c5d0a400  r5 : 00000000  r4 : c5d0a000
      [  172.813232] r3 : c88b0000  r2 : 00000001  r1 : c5d0a000  r0 : c5d0a000
      [  172.820037] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
      [  172.827423] Control: 10c5387d  Table: 87be4019  DAC: 00000015
      [  172.833404] Process rmmod (pid: 600, stack limit = 0xc5c1c2f0)
      [  172.839447] Stack: (0xc5c1de68 to 0xc5c1e000)
      [  172.843994] de60:                   bf00c6b8 c5c1dec8 c5d0a000 c5d0a000 00200200 c033be58
      [  172.852478] de80: c5c1de44 c5c1dec8 c5c1dec8 c033bf2c c5c1de90 c5c1de90 c5d0a084 c5c1de44
      [  172.860992] dea0: c5c1dec8 c033c098 c061d3dc c5d0a000 00000000 c05edf28 c05edb34 c000d724
      [  172.869476] dec0: 00000000 c033c2f8 c5d0a084 c5d0a084 00000000 c033c370 00000000 c5d0a000
      [  172.877990] dee0: c05edb00 c033c3b8 c5d0a000 bf00d3ac c05edb00 bf00d7c8 bf00d7c8 c02842dc
      [  172.886474] df00: c02842c8 c0282f90 c5c1c000 c05edb00 bf00d7c8 c0283668 bf00d7c8 00000000
      [  172.894989] df20: c0611f98 befe2f80 c000d724 c0282d10 bf00d804 00000000 00000013 c0068a8c
      [  172.903472] df40: c5c538e8 685f6974 00636365 c61571a8 c5cb9980 c61571a8 c6158a20 c00c9bc4
      [  172.911987] df60: 00000000 00000000 c5cb9980 00000000 c5cb9980 00000000 c7823680 00000006
      [  172.920471] df80: bf00d804 00000880 c5c1df8c 00000000 000d4267 befe2f80 00000001 b6d90068
      [  172.928985] dfa0: 00000081 c000d5a0 befe2f80 00000001 befe2f80 00000880 b6d90008 00000008
      [  172.937469] dfc0: befe2f80 00000001 b6d90068 00000081 00000001 00000000 befe2eac 00000000
      [  172.945983] dfe0: 00000000 befe2b18 00023ba4 b6e6addc 60000010 befe2f80 a8e00190 86d2d344
      [  172.954498] [<bf00c768>] (ti_hecc_close+0xb0/0x100 [ti_hecc]) from [<c033be58>] (__dev__registered_many+0xc0/0x2a0)
      [  172.984161] [<c033c098>] (rollback_registered_many+0xc0/0x2a0) from [<c033c2f8>] (rollback_registered+0x20/0x30)
      [  172.994750] [<c033c2f8>] (rollback_registered+0x20/0x30) from [<c033c370>] (unregister_netdevice_queue+0x68/0x98)
      [  173.005401] [<c033c370>] (unregister_netdevice_queue+0x68/0x98) from [<c033c3b8>] (unregister_netdev+0x18/0x20)
      [  173.015899] [<c033c3b8>] (unregister_netdev+0x18/0x20) from [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc])
      [  173.026245] [<bf00d3ac>] (ti_hecc_remove+0x60/0x80 [ti_hecc]) from [<c02842dc>] (platform_drv_remove+0x14/0x18)
      [  173.036712] [<c02842dc>] (platform_drv_remove+0x14/0x18) from [<c0282f90>] (__device_release_driver+0x7c/0xbc)
      
      Cc: stable <stable@vger.kernel.org>
      Cc: Anant Gole <anantgole@ti.com>
      Tested-by: NJan Luebbe <jlu@pengutronix.de>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      ab04c8bd
    • I
      can: janz-ican3: fix support for older hardware revisions · e21093ef
      Ira W. Snyder 提交于
      The Revision 1.0 Janz CMOD-IO Carrier Board does not have support for
      the reset registers. To support older hardware, the code is changed to
      use the hardware reset register on the Janz VMOD-ICAN3 hardware itself.
      
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NIra W. Snyder <iws@ovro.caltech.edu>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      e21093ef
    • D
      Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes · 017a27e7
      Dave Airlie 提交于
      Daniel writes:
      Essentially just flush my -fixes queue before I head off to xdc.
      - gen2 regression fixer, we've enabled the lvds stuff too late. Not
        causing any known issues, but this restores the sequence before a
        refactor that landed in 3.5, and lvds is a fickle beast. And seriously,
        who runs gen2 still ...
      - downgrade a BUG to a WARN - we haven't root-caused/fixed the underlying
        issue yet, but this should help bug reporters quite a bit.
      - properly disable hdmi audio - we've lost track of this, which resulted
        in the alsa driver again losing track of the unplug event.
      
      * 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
        drm/i915: HDMI - Clear Audio Enable bit for Hot Plug
        drm/i915: Reduce a pin-leak BUG into a WARN
        drm/i915: enable lvds pin pairs before dpll on gen2
      017a27e7
    • D
      drm/nouveau: add dmi quirk for gpio reset · 6c06d608
      Dave Airlie 提交于
      This fixes the gpio reset problem so the Retina MBP works, but avoids
      breaking the Dell systems. Ben will work on a better solution for 3.7.
      
      Tested by me on retina MBP.
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      6c06d608
    • E
      net: do not disable sg for packets requiring no checksum · c0d680e5
      Ed Cashin 提交于
      A change in a series of VLAN-related changes appears to have
      inadvertently disabled the use of the scatter gather feature of
      network cards for transmission of non-IP ethernet protocols like ATA
      over Ethernet (AoE).  Below is a reference to the commit that
      introduces a "harmonize_features" function that turns off scatter
      gather when the NIC does not support hardware checksumming for the
      ethernet protocol of an sk buff.
      
        commit f01a5236
        Author: Jesse Gross <jesse@nicira.com>
        Date:   Sun Jan 9 06:23:31 2011 +0000
      
            net offloading: Generalize netif_get_vlan_features().
      
      The can_checksum_protocol function is not equipped to consider a
      protocol that does not require checksumming.  Calling it for a
      protocol that requires no checksum is inappropriate.
      
      The patch below has harmonize_features call can_checksum_protocol when
      the protocol needs a checksum, so that the network layer is not forced
      to perform unnecessary skb linearization on the transmission of AoE
      packets.  Unnecessary linearization results in decreased performance
      and increased memory pressure, as reported here:
      
        http://www.spinics.net/lists/linux-mm/msg15184.html
      
      The problem has probably not been widely experienced yet, because
      only recently has the kernel.org-distributed aoe driver acquired the
      ability to use payloads of over a page in size, with the patchset
      recently included in the mm tree:
      
        https://lkml.org/lkml/2012/8/28/140
      
      The coraid.com-distributed aoe driver already could use payloads of
      greater than a page in size, but its users generally do not use the
      newest kernels.
      Signed-off-by: NEd Cashin <ecashin@coraid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0d680e5
    • E
      aoe: assert AoE packets marked as requiring no checksum · 8babe8cc
      Ed Cashin 提交于
      In order for the network layer to see that AoE requires
      no checksumming in a generic way, the packets must be
      marked as requiring no checksum, so we make this requirement
      explicit with the assertion.
      Signed-off-by: NEd Cashin <ecashin@coraid.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8babe8cc
    • D
      at91ether: return PTR_ERR if call to clk_get fails · 3cfc1590
      Devendra Naga 提交于
      we are currently returning ENODEV, as the clk_get may give a exact
      error code in its returned pointer, assign it to the ret by using the
      PTR_ERR function, so that the subsequent goto label will jump to the
      error path and clean the driver and return the error correctly.
      Signed-off-by: NDevendra Naga <devendra.aaru@gmail.com>
      Acked-by: NNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3cfc1590
    • M
      xfrm_user: don't copy esn replay window twice for new states · e3ac104d
      Mathias Krause 提交于
      The ESN replay window was already fully initialized in
      xfrm_alloc_replay_state_esn(). No need to copy it again.
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e3ac104d
    • M
      xfrm_user: ensure user supplied esn replay window is valid · ecd79187
      Mathias Krause 提交于
      The current code fails to ensure that the netlink message actually
      contains as many bytes as the header indicates. If a user creates a new
      state or updates an existing one but does not supply the bytes for the
      whole ESN replay window, the kernel copies random heap bytes into the
      replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
      netlink attribute. This leads to following issues:
      
      1. The replay window has random bits set confusing the replay handling
         code later on.
      
      2. A malicious user could use this flaw to leak up to ~3.5kB of heap
         memory when she has access to the XFRM netlink interface (requires
         CAP_NET_ADMIN).
      
      Known users of the ESN replay window are strongSwan and Steffen's
      iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
      uses the interface with a bitmap supplied while the former does not.
      strongSwan is therefore prone to run into issue 1.
      
      To fix both issues without breaking existing userland allow using the
      XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
      fully specified one. For the former case we initialize the in-kernel
      bitmap with zero, for the latter we copy the user supplied bitmap. For
      state updates the full bitmap must be supplied.
      
      To prevent overflows in the bitmap length calculation the maximum size
      of bmp_len is limited to 128 by this patch -- resulting in a maximum
      replay window of 4096 packets. This should be sufficient for all real
      life scenarios (RFC 4303 recommends a default replay window size of 64).
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Martin Willi <martin@revosec.ch>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ecd79187
    • M
      xfrm_user: fix info leak in copy_to_user_tmpl() · 1f86840f
      Mathias Krause 提交于
      The memory used for the template copy is a local stack variable. As
      struct xfrm_user_tmpl contains multiple holes added by the compiler for
      alignment, not initializing the memory will lead to leaking stack bytes
      to userland. Add an explicit memset(0) to avoid the info leak.
      
      Initial version of the patch by Brad Spengler.
      
      Cc: Brad Spengler <spender@grsecurity.net>
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1f86840f
    • M
      xfrm_user: fix info leak in copy_to_user_policy() · 7b789836
      Mathias Krause 提交于
      The memory reserved to dump the xfrm policy includes multiple padding
      bytes added by the compiler for alignment (padding bytes in struct
      xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
      memset(0) before filling the buffer to avoid the heap info leak.
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7b789836
    • M
      xfrm_user: fix info leak in copy_to_user_state() · f778a636
      Mathias Krause 提交于
      The memory reserved to dump the xfrm state includes the padding bytes of
      struct xfrm_usersa_info added by the compiler for alignment (7 for
      amd64, 3 for i386). Add an explicit memset(0) before filling the buffer
      to avoid the info leak.
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f778a636