1. 01 9月, 2012 7 次提交
  2. 31 8月, 2012 11 次提交
    • P
      netfilter: nf_conntrack: fix racy timer handling with reliable events · 5b423f6a
      Pablo Neira Ayuso 提交于
      Existing code assumes that del_timer returns true for alive conntrack
      entries. However, this is not true if reliable events are enabled.
      In that case, del_timer may return true for entries that were
      just inserted in the dying list. Note that packets / ctnetlink may
      hold references to conntrack entries that were just inserted to such
      list.
      
      This patch fixes the issue by adding an independent timer for
      event delivery. This increases the size of the ecache extension.
      Still we can revisit this later and use variable size extensions
      to allocate this area on demand.
      Tested-by: NOliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      5b423f6a
    • M
      bnx2x: Correct the ndo_poll_controller call · 14a15d61
      Merav Sicron 提交于
      This patch correct poll_bnx2x (ndo_poll_controller call) which was not
      functioning well with MSI-X.
      Signed-off-by: NMerav Sicron <meravs@broadcom.com>
      Signed-off-by: NDmitry Kravkov <dmitry@broadcom.com>
      Signed-off-by: NEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      14a15d61
    • M
      bnx2x: Move netif_napi_add to the open call · 26614ba5
      Merav Sicron 提交于
      Move netif_napi_add for all queues from the probe call to the open call, to
      avoid the case that napi objects are added for queues that may eventually not
      be initialized and activated. With the former behavior, the driver could crash
      when netpoll was calling ndo_poll_controller.
      Signed-off-by: NMerav Sicron <meravs@broadcom.com>
      Signed-off-by: NDmitry Kravkov <dmitry@broadcom.com>
      Signed-off-by: NEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      26614ba5
    • E
      ipv4: must use rcu protection while calling fib_lookup · c5ae7d41
      Eric Dumazet 提交于
      Following lockdep splat was reported by Pavel Roskin :
      
      [ 1570.586223] ===============================
      [ 1570.586225] [ INFO: suspicious RCU usage. ]
      [ 1570.586228] 3.6.0-rc3-wl-main #98 Not tainted
      [ 1570.586229] -------------------------------
      [ 1570.586231] /home/proski/src/linux/net/ipv4/route.c:645 suspicious rcu_dereference_check() usage!
      [ 1570.586233]
      [ 1570.586233] other info that might help us debug this:
      [ 1570.586233]
      [ 1570.586236]
      [ 1570.586236] rcu_scheduler_active = 1, debug_locks = 0
      [ 1570.586238] 2 locks held by Chrome_IOThread/4467:
      [ 1570.586240]  #0:  (slock-AF_INET){+.-...}, at: [<ffffffff814f2c0c>] release_sock+0x2c/0xa0
      [ 1570.586253]  #1:  (fnhe_lock){+.-...}, at: [<ffffffff815302fc>] update_or_create_fnhe+0x2c/0x270
      [ 1570.586260]
      [ 1570.586260] stack backtrace:
      [ 1570.586263] Pid: 4467, comm: Chrome_IOThread Not tainted 3.6.0-rc3-wl-main #98
      [ 1570.586265] Call Trace:
      [ 1570.586271]  [<ffffffff810976ed>] lockdep_rcu_suspicious+0xfd/0x130
      [ 1570.586275]  [<ffffffff8153042c>] update_or_create_fnhe+0x15c/0x270
      [ 1570.586278]  [<ffffffff815305b3>] __ip_rt_update_pmtu+0x73/0xb0
      [ 1570.586282]  [<ffffffff81530619>] ip_rt_update_pmtu+0x29/0x90
      [ 1570.586285]  [<ffffffff815411dc>] inet_csk_update_pmtu+0x2c/0x80
      [ 1570.586290]  [<ffffffff81558d1e>] tcp_v4_mtu_reduced+0x2e/0xc0
      [ 1570.586293]  [<ffffffff81553bc4>] tcp_release_cb+0xa4/0xb0
      [ 1570.586296]  [<ffffffff814f2c35>] release_sock+0x55/0xa0
      [ 1570.586300]  [<ffffffff815442ef>] tcp_sendmsg+0x4af/0xf50
      [ 1570.586305]  [<ffffffff8156fc60>] inet_sendmsg+0x120/0x230
      [ 1570.586308]  [<ffffffff8156fb40>] ? inet_sk_rebuild_header+0x40/0x40
      [ 1570.586312]  [<ffffffff814f4bdd>] ? sock_update_classid+0xbd/0x3b0
      [ 1570.586315]  [<ffffffff814f4c50>] ? sock_update_classid+0x130/0x3b0
      [ 1570.586320]  [<ffffffff814ec435>] do_sock_write+0xc5/0xe0
      [ 1570.586323]  [<ffffffff814ec4a3>] sock_aio_write+0x53/0x80
      [ 1570.586328]  [<ffffffff8114bc83>] do_sync_write+0xa3/0xe0
      [ 1570.586332]  [<ffffffff8114c5a5>] vfs_write+0x165/0x180
      [ 1570.586335]  [<ffffffff8114c805>] sys_write+0x45/0x90
      [ 1570.586340]  [<ffffffff815d2722>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NPavel Roskin <proski@gnu.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c5ae7d41
    • Y
      bnx2x: fix 57840_MF pci id · 5c879d20
      Yuval Mintz 提交于
      Commit c3def943 have added support for
      new pci ids of the 57840 board, while failing to change the obsolete value
      in 'pci_ids.h'.
      This patch does so, allowing the probe of such devices.
      Signed-off-by: NYuval Mintz <yuvalmin@broadcom.com>
      Signed-off-by: NEilon Greenstein <eilong@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5c879d20
    • F
      net: ipv4: ipmr_expire_timer causes crash when removing net namespace · acbb219d
      Francesco Ruggeri 提交于
      When tearing down a net namespace, ipv4 mr_table structures are freed
      without first deactivating their timers. This can result in a crash in
      run_timer_softirq.
      This patch mimics the corresponding behaviour in ipv6.
      Locking and synchronization seem to be adequate.
      We are about to kfree mrt, so existing code should already make sure that
      no other references to mrt are pending or can be created by incoming traffic.
      The functions invoked here do not cause new references to mrt or other
      race conditions to be created.
      Invoking del_timer_sync guarantees that ipmr_expire_timer is inactive.
      Both ipmr_expire_process (whose completion we may have to wait in
      del_timer_sync) and mroute_clean_tables internally use mfc_unres_lock
      or other synchronizations when needed, and they both only modify mrt.
      
      Tested in Linux 3.4.8.
      Signed-off-by: NFrancesco Ruggeri <fruggeri@aristanetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      acbb219d
    • B
      e1000e: DoS while TSO enabled caused by link partner with small MSS · d821a4c4
      Bruce Allan 提交于
      With a low enough MSS on the link partner and TSO enabled locally, the
      networking stack can periodically send a very large (e.g.  64KB) TCP
      message for which the driver will attempt to use more Tx descriptors than
      are available by default in the Tx ring.  This is due to a workaround in
      the code that imposes a limit of only 4 MSS-sized segments per descriptor
      which appears to be a carry-over from the older e1000 driver and may be
      applicable only to some older PCI or PCIx parts which are not supported in
      e1000e.  When the driver gets a message that is too large to fit across the
      configured number of Tx descriptors, it stops the upper stack from queueing
      any more and gets stuck in this state.  After a timeout, the upper stack
      assumes the adapter is hung and calls the driver to reset it.
      
      Remove the unnecessary limitation of using up to only 4 MSS-sized segments
      per Tx descriptor, and put in a hard failure test to catch when attempting
      to check for message sizes larger than would fit in the whole Tx ring.
      Refactor the remaining logic that limits the size of data per Tx descriptor
      from a seemingly arbitrary 8KB to a limit based on the dynamic size of the
      Tx packet buffer as described in the hardware specification.
      
      Also, fix the logic in the check for space in the Tx ring for the next
      largest possible packet after the current one has been successfully queued
      for transmit, and use the appropriate defines for default ring sizes in
      e1000_probe instead of magic values.
      
      This issue goes back to the introduction of e1000e in 2.6.24 when it was
      split off from e1000.
      Reported-by: NBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
      Cc: Stable <stable@vger.kernel.org> [2.6.24+]
      Tested-by: NAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d821a4c4
    • X
      l2tp: avoid to use synchronize_rcu in tunnel free function · 99469c32
      xeb@mail.ru 提交于
      Avoid to use synchronize_rcu in l2tp_tunnel_free because context may be
      atomic.
      Signed-off-by: NDmitry Kozlov <xeb@mail.ru>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      99469c32
    • C
      gianfar: fix default tx vlan offload feature flag · e2c53be2
      Claudiu Manoil 提交于
      Commit -
      "b852b720 gianfar: fix bug caused by
      87c288c6"
      disables by default (on mac init) the hw vlan tag insertion.
      The "features" flags were not updated to reflect this, and
      "ethtool -K" shows tx-vlan-offload to be "on" by default.
      
      Cc: Sebastian Poehn <sebastian.poehn@belden.com>
      Signed-off-by: NClaudiu Manoil <claudiu.manoil@freescale.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e2c53be2
    • P
      netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation · 3f509c68
      Pablo Neira Ayuso 提交于
      We're hitting bug while trying to reinsert an already existing
      expectation:
      
      kernel BUG at kernel/timer.c:895!
      invalid opcode: 0000 [#1] SMP
      [...]
      Call Trace:
       <IRQ>
       [<ffffffffa0069563>] nf_ct_expect_related_report+0x4a0/0x57a [nf_conntrack]
       [<ffffffff812d423a>] ? in4_pton+0x72/0x131
       [<ffffffffa00ca69e>] ip_nat_sdp_media+0xeb/0x185 [nf_nat_sip]
       [<ffffffffa00b5b9b>] set_expected_rtp_rtcp+0x32d/0x39b [nf_conntrack_sip]
       [<ffffffffa00b5f15>] process_sdp+0x30c/0x3ec [nf_conntrack_sip]
       [<ffffffff8103f1eb>] ? irq_exit+0x9a/0x9c
       [<ffffffffa00ca738>] ? ip_nat_sdp_media+0x185/0x185 [nf_nat_sip]
      
      We have to remove the RTP expectation if the RTCP expectation hits EBUSY
      since we keep trying with other ports until we succeed.
      Reported-by: NRafal Fitt <rafalf@aplusc.com.pl>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      3f509c68
    • I
      xen-netfront: use __pskb_pull_tail to ensure linear area is big enough on RX · 3683243b
      Ian Campbell 提交于
      I'm slightly concerned by the "only in exceptional circumstances"
      comment on __pskb_pull_tail but the structure of an skb just created
      by netfront shouldn't hit any of the especially slow cases.
      
      This approach still does slightly more work than the old way, since if
      we pull up the entire first frag we now have to shuffle everything
      down where before we just received into the right place in the first
      place.
      Signed-off-by: NIan Campbell <ian.campbell@citrix.com>
      Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: Jeremy Fitzhardinge <jeremy@goop.org>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: xen-devel@lists.xensource.com
      Cc: netdev@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Tested-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Acked-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3683243b
  3. 30 8月, 2012 4 次提交
  4. 25 8月, 2012 6 次提交
    • D
      Merge branch 'sfc-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc · f88cf73d
      David S. Miller 提交于
      Ben Hutchings says:
      
      ====================
      Simple fix for a braino.  Please also queue this for the 3.4 and 3.5
      stable series.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f88cf73d
    • D
      Merge branch 'fixes-for-3.6' of git://gitorious.org/linux-can/linux-can · cd5c2ed6
      David S. Miller 提交于
      Marc Kleine-Budde says:
      
      ====================
      here are two fixes for the v3.6 release cycle. Alexey Khoroshilov submitted a
      fix for a memory leak in the softing driver (in softing_load_fw()) in case a
      krealloc() fails. Sven Schmitt fixed the misuse of the IRQF_SHARED flag in the
      irq resouce of the sja1000 platform driver, now the correct flag is used. There
      are no mainline users of this feature which need to be converted.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cd5c2ed6
    • D
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · d05cebb9
      David S. Miller 提交于
      John W. Linville says:
      
      ====================
      This batch of fixes is intended for 3.6...
      
      Johannes Berg gives us a pair of iwlwifi fixes.  One corrects some
      improperly defined ifdefs that lead to crashes and BUG_ONs.  The other
      prevents attempts to read SRAM for devices that aren't actually started.
      
      Julia Lawall provides an ipw2100 fix to properly set the return code
      from a function call before testing it! :-)
      
      Thomas Huehn corrects the improper use of a constant related to a power
      setting in ath5k.
      
      Thomas Pedersen offers a mac80211 fix to properly handle destination
      addresses of unicast frames passing though a mesh gate.
      
      Vladimir Zapolskiy provides a brcmsmac fix to properly mark the
      interface state when the device goes down.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d05cebb9
    • Y
      tcp: fix cwnd reduction for non-sack recovery · 7c4a56fe
      Yuchung Cheng 提交于
      The cwnd reduction in fast recovery is based on the number of packets
      newly delivered per ACK. For non-sack connections every DUPACK
      signifies a packet has been delivered, but the sender mistakenly
      skips counting them for cwnd reduction.
      
      The fix is to compute newly_acked_sacked after DUPACKs are accounted
      in sacked_out for non-sack connections.
      Signed-off-by: NYuchung Cheng <ycheng@google.com>
      Acked-by: NNandita Dukkipati <nanditad@google.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7c4a56fe
    • P
      netlink: fix possible spoofing from non-root processes · 20e1db19
      Pablo Neira Ayuso 提交于
      Non-root user-space processes can send Netlink messages to other
      processes that are well-known for being subscribed to Netlink
      asynchronous notifications. This allows ilegitimate non-root
      process to send forged messages to Netlink subscribers.
      
      The userspace process usually verifies the legitimate origin in
      two ways:
      
      a) Socket credentials. If UID != 0, then the message comes from
         some ilegitimate process and the message needs to be dropped.
      
      b) Netlink portID. In general, portID == 0 means that the origin
         of the messages comes from the kernel. Thus, discarding any
         message not coming from the kernel.
      
      However, ctnetlink sets the portID in event messages that has
      been triggered by some user-space process, eg. conntrack utility.
      So other processes subscribed to ctnetlink events, eg. conntrackd,
      know that the event was triggered by some user-space action.
      
      Neither of the two ways to discard ilegitimate messages coming
      from non-root processes can help for ctnetlink.
      
      This patch adds capability validation in case that dst_pid is set
      in netlink_sendmsg(). This approach is aggressive since existing
      applications using any Netlink bus to deliver messages between
      two user-space processes will break. Note that the exception is
      NETLINK_USERSOCK, since it is reserved for netlink-to-netlink
      userspace communication.
      
      Still, if anyone wants that his Netlink bus allows netlink-to-netlink
      userspace, then they can set NL_NONROOT_SEND. However, by default,
      I don't think it makes sense to allow to use NETLINK_ROUTE to
      communicate two processes that are sending no matter what information
      that is not related to link/neighbouring/routing. They should be using
      NETLINK_USERSOCK instead for that.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      20e1db19
    • R
      stmmac: add header inclusion protection · bd4242df
      Rayagond Kokatanur 提交于
      This patch adds "#ifndef __<header>_H" for protecting header from double
      inclusion.
      Signed-off-by: NRayagond Kokatanur <rayagond@vayavyalabs.com>
      Hacked-by: NGiuseppe Cavallaro <peppe.cavallaro@st.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bd4242df
  5. 24 8月, 2012 6 次提交
  6. 23 8月, 2012 6 次提交