1. 22 11月, 2017 9 次提交
  2. 21 11月, 2017 16 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0c86a6bd
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix a reference to a module parameter which was lost during the
          GREv6 receive path rewrite, from Alexey Kodanev.
      
       2) Fix deref before NULL check in ipheth, from Gustavo A. R. Silva.
      
       3) RCU read lock imbalance in tun_build_skb(), from Xin Long.
      
       4) Some stragglers from the mac80211 folks:
      
            a) Timer conversions from Kees Cook
      
            b) Fix some sequencing issue when cfg80211 is built statically,
               from Johannes Berg
      
            c) Memory leak in mac80211_hwsim, from Ben Hutchings.
      
       5) Add new qmi_wwan device ID, from Sebastian Sjoholm.
      
       6) Fix use after free in tipc, from Jon Maloy.
      
       7) Missing kdoc in nfp driver, from Jakub Kicinski.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        nfp: flower: add missing kdoc
        tipc: fix access of released memory
        net: qmi_wwan: add Quectel BG96 2c7c:0296
        mlxsw: spectrum: Do not try to create non-existing ports during unsplit
        mac80211: properly free requested-but-not-started TX agg sessions
        mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
        cfg80211: initialize regulatory keys/database later
        mac80211: aggregation: Convert timers to use timer_setup()
        nl80211: don't expose wdev->ssid for most interfaces
        mac80211: Convert timers to use timer_setup()
        net: vxge: Fix some indentation issues
        net: ena: fix race condition between device reset and link up setup
        r8169: use same RTL8111EVL green settings as in vendor driver
        r8169: fix RTL8111EVL EEE and green settings
        tun: fix rcu_read_lock imbalance in tun_build_skb
        tcp: when scheduling TLP, time of RTO should account for current ACK
        usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
      0c86a6bd
    • L
      Merge tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux · b620fd2d
      Linus Torvalds 提交于
      Pull orangefs updates from Mike Marshall:
       "Fix:
      
         - stop setting atime on inode dirty (Martin Brandenburg)
      
        Cleanups:
      
         - remove initialization of i_version (Jeff Layton)
      
         - use ARRAY_SIZE (Jérémy Lefaure)
      
         - call op_release sooner when creating inodes (Mike MarshallMartin
           Brandenburg)"
      
      * tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
        orangefs: call op_release sooner when creating inodes
        orangefs: stop setting atime on inode dirty
        orangefs: use ARRAY_SIZE
        orangefs: remove initialization of i_version
      b620fd2d
    • L
      Merge tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client · adb072d3
      Linus Torvalds 提交于
      Pull ceph updates from Ilya Dryomov:
       "We have a set of file locking improvements from Zheng, rbd rw/ro state
        handling code cleanup from myself and some assorted CephFS fixes from
        Jeff.
      
        rbd now defaults to single-major=Y, lifting the limit of ~240 rbd
        images per host for everyone"
      
      * tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client:
        rbd: default to single-major device number scheme
        libceph: don't WARN() if user tries to add invalid key
        rbd: set discard_alignment to zero
        ceph: silence sparse endianness warning in encode_caps_cb
        ceph: remove the bump of i_version
        ceph: present consistent fsid, regardless of arch endianness
        ceph: clean up spinlocking and list handling around cleanup_cap_releases()
        rbd: get rid of rbd_mapping::read_only
        rbd: fix and simplify rbd_ioctl_set_ro()
        ceph: remove unused and redundant variable dropping
        ceph: mark expected switch fall-throughs
        ceph: -EINVAL on decoding failure in ceph_mdsc_handle_fsmap()
        ceph: disable cached readdir after dropping positive dentry
        ceph: fix bool initialization/comparison
        ceph: handle 'session get evicted while there are file locks'
        ceph: optimize flock encoding during reconnect
        ceph: make lock_to_ceph_filelock() static
        ceph: keep auth cap when inode has flocks or posix locks
      adb072d3
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk · 11ca75d2
      Linus Torvalds 提交于
      Pull printk updates from Petr Mladek:
      
       - print the warning about dropped messages on consoles on a separate
         line.   It makes it more legible.
      
       - one typo fix and small code clean up.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        added new line symbol after warning about dropped messages
        printk: fix typo in printk_safe.c
        printk: simplify no_printk()
      11ca75d2
    • D
      Merge tag 'mac80211-for-davem-2017-11-20' of... · a13e8d41
      David S. Miller 提交于
      Merge tag 'mac80211-for-davem-2017-11-20' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      A few things:
       * straggler timer conversions from Kees
       * memory leak fix in hwsim
       * fix some fallout from regdb changes if wireless is built-in
       * also free aggregation sessions in startup state when station
         goes away, to avoid crashing the timer
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a13e8d41
    • J
      nfp: flower: add missing kdoc · b48b1f7a
      Jakub Kicinski 提交于
      Commit 0115552e ("nfp: remove false positive offloads
      in flower vxlan") missed adding kdoc for a new parameter
      of nfp_flower_add_offload().
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b48b1f7a
    • J
      tipc: fix access of released memory · e0e853ac
      Jon Maloy 提交于
      When the function tipc_group_filter_msg() finds that a member event
      indicates that the member is leaving the group, it first deletes the
      member instance, and then purges the message queue being handled
      by the call. But the message queue is an aggregated field in the
      just deleted item, leading the purge call to access freed memory.
      
      We fix this by swapping the order of the two actions.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e0e853ac
    • S
      net: qmi_wwan: add Quectel BG96 2c7c:0296 · f9409e7f
      Sebastian Sjoholm 提交于
      Quectel BG96 is an Qualcomm MDM9206 based IoT modem, supporting both
      CAT-M and NB-IoT. Tested hardware is BG96 mounted on Quectel development
      board (EVB). The USB id is added to qmi_wwan.c to allow QMI
      communication with the BG96.
      Signed-off-by: NSebastian Sjoholm <ssjoholm@mac.com>
      Acked-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9409e7f
    • I
      mlxsw: spectrum: Do not try to create non-existing ports during unsplit · bf4e9f24
      Ido Schimmel 提交于
      On some systems, when we unsplit a port we need to re-create two ports
      instead. On other systems, only one needs to be re-created.
      
      Do not try to create a port if during driver initialization it was
      assigned a negative module number, which is invalid.
      
      This avoids the following error during unsplit:
      [  941.012478] mlxsw_spectrum 0000:01:00.0: Port 43: Failed to map module
      
      The error is harmless and caused by the fact that a local port is
      already mapped to module 0.
      
      Fixes: be94535f ("mlxsw: spectrum: Make split flow match firmware requirements")
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: NArkadi Sharshevsky <arkadis@mellanox.com>
      Signed-off-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bf4e9f24
    • L
      Merge tag 'fbdev-v4.15' of git://github.com/bzolnier/linux · e1d1ea54
      Linus Torvalds 提交于
      Pull fbdev updates from Bartlomiej Zolnierkiewicz:
       "There is nothing really major here (though removal of the dead igafb
        driver stands out in diffstat).
      
        Summary:
      
         - convert timers to use timer_setup() (Kees Cook, Thierry Reding)
      
         - fix panels support on iMX boards in mxsfb driver (Stefan Agner)
      
         - fix timeout on EDID read in udlfb driver (Ladislav Michl)
      
         - add missing modes to fix out of bounds access in controlfb driver
           (Geert Uytterhoeven)
      
         - update initialisation paths in sa1100fb driver to be more robust
           (Russell King)
      
         - fix error handling path of ->probe method in au1200fb driver
           (Christophe JAILLET)
      
         - fix handling of cases when either panel or crt is defined in
           sm501fb driver (Sudip Mukherjee, Colin Ian King)
      
         - add ability to the Goldfish FB driver to be recognized by OS via DT
           (Aleksandar Markovic)
      
         - structures constifications (Bhumika Goyal)
      
         - misc fixes (Allen Pais, Gustavo A. R. Silva, Dan Carpenter)
      
         - misc cleanups (Colin Ian King, Himanshu Jha, Markus Elfring)
      
         - remove dead igafb driver"
      
      * tag 'fbdev-v4.15' of git://github.com/bzolnier/linux: (42 commits)
        OMAPFB: prevent buffer underflow in omapfb_parse_vram_param()
        video: fbdev: sm501fb: fix potential null pointer dereference on fbi
        fbcon: Initialize ops->info early
        video: fbdev: Convert timers to use timer_setup()
        video: fbdev: pxa3xx_gcu: Convert timers to use timer_setup()
        fbdev: controlfb: Add missing modes to fix out of bounds access
        video: fbdev: sis_main: mark expected switch fall-throughs
        video: fbdev: cirrusfb: mark expected switch fall-throughs
        video: fbdev: aty: radeon_pm: mark expected switch fall-throughs
        video: fbdev: sm501fb: mark expected switch fall-through in sm501fb_blank_crt
        video: fbdev: intelfb: remove redundant variables
        video/fbdev/dnfb: Use common error handling code in dnfb_probe()
        sm501fb: suspend and resume fb if it exists
        sm501fb: unregister framebuffer only if registered
        sm501fb: deallocate colormap only if allocated
        video: goldfishfb: Add support for device tree bindings
        Documentation: Add device tree binding for Goldfish FB driver
        video: udlfb: Fix read EDID timeout
        video: fbdev: remove dead igafb driver
        video: fbdev: mxsfb: fix pixelclock polarity
        ...
      e1d1ea54
    • L
      Merge tag 'devicetree-fixes-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · c633e898
      Linus Torvalds 提交于
      Pull DeviceTree fixes from Rob Herring:
      
       - Remove mc13892 as a trivial device
      
       - Improve of_find_node_by_name() documentation
      
       - Fix unit test dtc warnings
      
       - Clean-ups of USB binding documentation
      
       - Fix potential NULL deref in of_pci_map_rid
      
      * tag 'devicetree-fixes-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: trivial-devices: Remove fsl,mc13892
        of: Document exactly what of_find_node_by_name() puts
        of: unittest: disable interrupts_property warning
        of: unittest: let dtc generate __local_fixups__
        dt-bindings: usb: document hub and host-controller properties
        dt-bindings: usb: clean up compatible property
        dt-bindings: usb: fix reg-property port-number range
        dt-bindings: usb: fix example hub node name
        of/pci: Fix theoretical NULL dereference
      c633e898
    • L
      Merge tag 'jfs-4.15-2' of git://github.com/kleikamp/linux-shaggy · bf8973fc
      Linus Torvalds 提交于
      Pull jfs fixlet from Dave Kleikamp:
       "Update jfs git tree in MAINTAINERS"
      
      * tag 'jfs-4.15-2' of git://github.com/kleikamp/linux-shaggy:
        MAINTAINERS: fix jfs tree location
      bf8973fc
    • J
      dt-bindings: trivial-devices: Remove fsl,mc13892 · def4db33
      Jonathan Neuschäfer 提交于
      This device's bindings are not trivial: Additional properties are
      documented in in Documentation/devicetree/bindings/mfd/mc13xxx.txt.
      Signed-off-by: NJonathan Neuschäfer <j.neuschaefer@gmx.net>
      Reviewed-by: NFabio Estevam <fabio.estevam@nxp.com>
      Signed-off-by: NRob Herring <robh@kernel.org>
      def4db33
    • S
      of: Document exactly what of_find_node_by_name() puts · 02a876b5
      Stephen Boyd 提交于
      It isn't clear if this function of_node_put()s the 'from'
      argument, or the node it searches. Clearly indicate which
      variable is touched. Fold in some more fixes from Randy too
      because we're in the area.
      
      Cc: Randy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NStephen Boyd <sboyd@codeaurora.org>
      Acked-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NRob Herring <robh@kernel.org>
      02a876b5
    • T
      MAINTAINERS: fix jfs tree location · 86313903
      Tom Saeger 提交于
      JFS tree has been moved to github.
      Signed-off-by: NTom Saeger <tom.saeger@oracle.com>
      Signed-off-by: NDave Kleikamp <dave.kleikamp@oracle.com>
      86313903
    • J
      mac80211: properly free requested-but-not-started TX agg sessions · 33ddd81e
      Johannes Berg 提交于
      When deleting a station or otherwise tearing down all aggregation
      sessions, make sure to delete requested but not yet started ones,
      to avoid the following scenario:
      
       * session is requested, added to tid_start_tx[]
       * ieee80211_ba_session_work() runs, gets past BLOCK_BA check
       * ieee80211_sta_tear_down_BA_sessions() runs, locks &sta->ampdu_mlme.mtx,
         e.g. while deleting the station - deleting all active sessions
       * ieee80211_ba_session_work() continues since tear down flushes it, and
         calls ieee80211_tx_ba_session_handle_start() for the new session, arms
         the timer for it
       * station deletion continues to __cleanup_single_sta() and frees the
         session struct, while the timer is armed
      Reported-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      33ddd81e
  3. 20 11月, 2017 10 次提交
    • B
      mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() · 67bd5238
      Ben Hutchings 提交于
      hwsim_new_radio_nl() now copies the name attribute in order to add a
      null-terminator.  mac80211_hwsim_new_radio() (indirectly) copies it
      again into the net_device structure, so the first copy is not used or
      freed later.  Free the first copy before returning.
      
      Fixes: ff4dd73d ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length")
      Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      67bd5238
    • J
      cfg80211: initialize regulatory keys/database later · d7be102f
      Johannes Berg 提交于
      When cfg80211 is built as a module, everything is fine, and we
      can keep the code as is; in fact, we have to, because there can
      only be a single module_init().
      
      When cfg80211 is built-in, however, it needs to initialize
      before drivers (device_initcall/module_init), and thus used to
      be at subsys_initcall(). I'd moved it to fs_initcall() earlier,
      where it can remain. However, this is still too early because at
      that point the key infrastructure hasn't been initialized yet,
      so X.509 certificates can't be parsed yet.
      
      To work around this problem, load the regdb keys only later in
      a late_initcall(), at which point the necessary infrastructure
      has been initialized.
      
      Fixes: 90a53e44 ("cfg80211: implement regdb signature checking")
      Reported-by: NXiaolong Ye <xiaolong.ye@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      d7be102f
    • K
      mac80211: aggregation: Convert timers to use timer_setup() · 7cca2acd
      Kees Cook 提交于
      In preparation for unconditionally passing the struct timer_list pointer to
      all timer callbacks, switch to using the new timer_setup() and from_timer()
      to pass the timer pointer explicitly.
      
      This removes the tid mapping array and expands the tid structures to
      add a pointer back to the station, along with the tid index itself.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: linux-wireless@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: NKees Cook <keescook@chromium.org>
      [switch tid variables to u8, the valid range is 0-15 at most,
       initialize tid_tx->sta/tid properly]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      7cca2acd
    • J
      nl80211: don't expose wdev->ssid for most interfaces · 44905265
      Johannes Berg 提交于
      For mesh, this is simply wrong - there's no SSID, only the
      mesh ID, so don't expose it at all.
      For (P2P) client, it's wrong, because it exposes an internal
      value that's only used when certain APIs are used.
      For AP, it's actually the only correct case, so leave that.
      All other interface types shouldn't be setting this anyway,
      so there it won't change anything.
      
      Fixes: b84e7a05 ("nl80211: send the NL80211_ATTR_SSID in nl80211_send_iface()")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      44905265
    • K
      mac80211: Convert timers to use timer_setup() · 34f11cd3
      Kees Cook 提交于
      In preparation for unconditionally passing the struct timer_list pointer to
      all timer callbacks, switch to using the new timer_setup() and from_timer()
      to pass the timer pointer explicitly.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: linux-wireless@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      34f11cd3
    • L
      Merge tag 'ntb-4.15' of git://github.com/jonmason/ntb · c8a0739b
      Linus Torvalds 提交于
      Pull ntb updates from Jon Mason:
       "Support for the switchtec ntb and related changes. Also, a couple of
        bug fixes"
      
      [ The timing isn't great. I had asked people to send me pull requests
        before my family vacation, and this code has not even been in
        linux-next as far as I can tell. But Logan Gunthorpe pleaded for its
        inclusion because the Switchtec driver has apparently been around for
        a while, just never in linux-next - Linus ]
      
      * tag 'ntb-4.15' of git://github.com/jonmason/ntb:
        ntb: intel: remove b2b memory window workaround for Skylake NTB
        NTB: make idt_89hpes_cfg const
        NTB: switchtec_ntb: Update switchtec documentation with notes for NTB
        NTB: switchtec_ntb: Add memory window support
        NTB: switchtec_ntb: Implement scratchpad registers
        NTB: switchtec_ntb: Implement doorbell registers
        NTB: switchtec_ntb: Add link management
        NTB: switchtec_ntb: Add skeleton NTB driver
        NTB: switchtec_ntb: Initialize hardware for doorbells and messages
        NTB: switchtec_ntb: Initialize hardware for memory windows
        NTB: switchtec_ntb: Introduce initial NTB driver
        NTB: Add check and comment for link up to mw_count() and mw_get_align()
        NTB: Ensure ntb_mw_get_align() is only called when the link is up
        NTB: switchtec: Add link event notifier callback
        NTB: switchtec: Add NTB hardware register definitions
        NTB: switchtec: Export class symbol for use in upper layer driver
        NTB: switchtec: Move structure definitions into a common header
        ntb: update maintainer list for Intel NTB driver
      c8a0739b
    • C
      net: vxge: Fix some indentation issues · 32a72bbd
      Christophe JAILLET 提交于
      Some statements are not enough or too much indented.
      Fix it to improve readalbility.
      Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      32a72bbd
    • N
      net: ena: fix race condition between device reset and link up setup · d18e4f68
      Netanel Belgazal 提交于
      In rare cases, ena driver would reset and re-start the device,
      for example, in case of misbehaving application that causes
      transmit timeout
      
      The first step in the reset procedure is to stop the Tx traffic by
      calling ena_carrier_off().
      
      After the driver have just started the device reset procedure, device
      happens to send an asynchronous notification (via AENQ) to the driver
      than there was a link change (to link-up state).
      This link change is mapped to a call to netif_carrier_on() which
      re-activates the Tx queues, violating the assumption of no tx traffic
      until device reset is completed, as the reset task might still be in
      the process of queues initialization, leading to an access to
      uninitialized memory.
      Signed-off-by: NNetanel Belgazal <netanel@amazon.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d18e4f68
    • R
      ima: do not update security.ima if appraisal status is not INTEGRITY_PASS · 020aae3e
      Roberto Sassu 提交于
      Commit b65a9cfc ("Untangling ima mess, part 2: deal with counters")
      moved the call of ima_file_check() from may_open() to do_filp_open() at a
      point where the file descriptor is already opened.
      
      This breaks the assumption made by IMA that file descriptors being closed
      belong to files whose access was granted by ima_file_check(). The
      consequence is that security.ima and security.evm are updated with good
      values, regardless of the current appraisal status.
      
      For example, if a file does not have security.ima, IMA will create it after
      opening the file for writing, even if access is denied. Access to the file
      will be allowed afterwards.
      
      Avoid this issue by checking the appraisal status before updating
      security.ima.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NRoberto Sassu <roberto.sassu@huawei.com>
      Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      020aae3e
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide · ed30b147
      Linus Torvalds 提交于
      Pull small IDE cleanup from David Miller.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
        PNP: ide: constify pnp_device_id
      ed30b147
  4. 19 11月, 2017 5 次提交
    • H
      r8169: use same RTL8111EVL green settings as in vendor driver · b399a394
      Heiner Kallweit 提交于
      Adjust the code to use the same green settings as in the latest
      vendor driver.
      Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b399a394
    • H
      r8169: fix RTL8111EVL EEE and green settings · 1814d6a8
      Heiner Kallweit 提交于
      Name of functions rtl_w0w1_eri and rtl_w0w1_phy is somewhat misleading
      regarding order of arguments. One could assume that w0w1 means
      argument with bits to be reset comes before argument with bits to set.
      However this is not the case.
      So fix the order of arguments in several statements.
      
      In addition fix EEE advertisement. The current code resets the bits
      for 100BaseT and 1000BaseT EEE advertisement what is not what we want.
      
      I have a little of a hard time to find a proper "Fixes" line as the
      issue seems to have been there forever (at least it existed already
      when the driver was moved to the current place in 2011).
      
      The patch was tested on a Zotac Mini-PC with a RTL8111E-VL chip.
      Before the patch EEE was disabled, now it's properly advertised and
      works fine.
      Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1814d6a8
    • X
      tun: fix rcu_read_lock imbalance in tun_build_skb · 654d5738
      Xin Long 提交于
      rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog
      safely, rcu_read_unlock should be done in every return path.
      
      Now I could see one place missing it, where it returns NULL in switch-case
      XDP_REDIRECT,  another palce using rcu_read_lock wrongly, where it returns
      NULL in if (xdp_xmit) chunk.
      
      So fix both in this patch.
      
      Fixes: 761876c8 ("tap: XDP support")
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      654d5738
    • N
      tcp: when scheduling TLP, time of RTO should account for current ACK · ed66dfaf
      Neal Cardwell 提交于
      Fix the TLP scheduling logic so that when scheduling a TLP probe, we
      ensure that the estimated time at which an RTO would fire accounts for
      the fact that ACKs indicating forward progress should push back RTO
      times.
      
      After the following fix:
      
      df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")
      
      we had an unintentional behavior change in the following kind of
      scenario: suppose the RTT variance has been very low recently. Then
      suppose we send out a flight of N packets and our RTT is 100ms:
      
      t=0: send a flight of N packets
      t=100ms: receive an ACK for N-1 packets
      
      The response before df92c839 that was:
        -> schedule a TLP for now + RTO_interval
      
      The response after df92c839 is:
        -> schedule a TLP for t=0 + RTO_interval
      
      Since RTO_interval = srtt + RTT_variance, this means that we have
      scheduled a TLP timer at a point in the future that only accounts for
      RTT_variance. If the RTT_variance term is small, this means that the
      timer fires soon.
      
      Before df92c839 this would not happen, because in that code, when
      we receive an ACK for a prefix of flight, we did:
      
          1) Near the top of tcp_ack(), switch from TLP timer to RTO
             at write_queue_head->paket_tx_time + RTO_interval:
                  if (icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
                         tcp_rearm_rto(sk);
      
          2) In tcp_clean_rtx_queue(), update the RTO to now + RTO_interval:
                  if (flag & FLAG_ACKED) {
                         tcp_rearm_rto(sk);
      
          3) In tcp_ack() after tcp_fastretrans_alert() switch from RTO
             to TLP at now + RTO_interval:
                  if (icsk->icsk_pending == ICSK_TIME_RETRANS)
                         tcp_schedule_loss_probe(sk);
      
      In df92c839 we removed that 3-phase dance, and instead directly
      set the TLP timer once: we set the TLP timer in cases like this to
      write_queue_head->packet_tx_time + RTO_interval. So if the RTT
      variance is small, then this means that this is setting the TLP timer
      to fire quite soon. This means if the ACK for the tail of the flight
      takes longer than an RTT to arrive (often due to delayed ACKs), then
      the TLP timer fires too quickly.
      
      Fixes: df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")
      Signed-off-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ed66dfaf
    • G
      usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set · 61c59355
      Gustavo A. R. Silva 提交于
      _dev_ is being dereferenced before it is null checked, hence there
      is a potential null pointer dereference.
      
      Fix this by moving the pointer dereference after _dev_ has been null
      checked.
      
      Addresses-Coverity-ID: 1462020
      Fixes: bb1b40c7 ("usbnet: ipheth: prevent TX queue timeouts when device not ready")
      Signed-off-by: NGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      61c59355