You need to sign in or sign up before continuing.
  1. 20 11月, 2013 2 次提交
  2. 05 11月, 2013 1 次提交
  3. 04 11月, 2013 7 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · be408cd3
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "I'm sending a pull request of these lingering bug fixes for networking
        before the normal merge window material because some of this stuff I'd
        like to get to -stable ASAP"
      
       1) cxgb3 stopped working on 32-bit machines, fix from Ben Hutchings.
      
       2) Structures passed via netlink for netfilter logging are not fully
          initialized.  From Mathias Krause.
      
       3) Properly unlink upper openvswitch device during notifications, from
          Alexei Starovoitov.
      
       4) Fix race conditions involving access to the IP compression scratch
          buffer, from Michal Kubrecek.
      
       5) We don't handle the expiration of MTU information contained in ipv6
          routes sometimes, fix from Hannes Frederic Sowa.
      
       6) With Fast Open we can miscompute the TCP SYN/ACK RTT, from Yuchung
          Cheng.
      
       7) Don't take TCP RTT sample when an ACK doesn't acknowledge new data,
          also from Yuchung Cheng.
      
       8) The decreased IPSEC garbage collection threshold causes problems for
          some people, bump it back up.  From Steffen Klassert.
      
       9) Fix skb->truesize calculated by tcp_tso_segment(), from Eric
          Dumazet.
      
      10) flow_dissector doesn't validate packet lengths sufficiently, from
          Jason Wang
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
        net/mlx4_core: Fix call to __mlx4_unregister_mac
        net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb
        net: flow_dissector: fail on evil iph->ihl
        xfrm: Fix null pointer dereference when decoding sessions
        can: kvaser_usb: fix usb endpoints detection
        can: c_can: Fix RX message handling, handle lost message before EOB
        doc:net: Fix typo in Documentation/networking
        bgmac: don't update slot on skb alloc/dma mapping error
        ibm emac: Fix locking for enable/disable eob irq
        ibm emac: Don't call napi_complete if napi_reschedule failed
        virtio-net: correctly handle cpu hotplug notifier during resuming
        bridge: pass correct vlan id to multicast code
        net: x25: Fix dead URLs in Kconfig
        netfilter: xt_NFQUEUE: fix --queue-bypass regression
        xen-netback: use jiffies_64 value to calculate credit timeout
        cxgb3: Fix length calculation in write_ofld_wr() on 32-bit architectures
        bnx2x: Disable VF access on PF removal
        bnx2x: prevent FW assert on low mem during unload
        tcp: gso: fix truesize tracking
        xfrm: Increase the garbage collector threshold
        ...
      be408cd3
    • J
      net/mlx4_core: Fix call to __mlx4_unregister_mac · c32b7dfb
      Jack Morgenstein 提交于
      In function mlx4_master_deactivate_admin_state() __mlx4_unregister_mac was
      called using the MAC index. It should be called with the value of the MAC itself.
      Signed-off-by: NJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c32b7dfb
    • D
      Merge branch 'fixes-for-3.12' of git://gitorious.org/linux-can/linux-can · e9b51a19
      David S. Miller 提交于
      Marc Kleine-Budde says:
      
      ====================
      I have two late fixes for the v3.12 release:
      
      The first patch fixes a problem in the c_can's RX message handling, which can
      lead to an endless interrupt loop under heavy load if messages are lost. The
      second patch is by Olivier Sobrie and fixes the endpoint detection of the
      kvaser_usb driver, which is needed for some devices.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9b51a19
    • D
      net: sctp: do not trigger BUG_ON in sctp_cmd_delete_tcb · 7926c1d5
      Daniel Borkmann 提交于
      Introduced in f9e42b85 ("net: sctp: sideeffect: throw BUG if
      primary_path is NULL"), we intended to find a buggy assoc that's
      part of the assoc hash table with a primary_path that is NULL.
      However, we better remove the BUG_ON for now and find a more
      suitable place to assert for these things as Mark reports that
      this also triggers the bug when duplication cookie processing
      happens, and the assoc is not part of the hash table (so all
      good in this case). Such a situation can for example easily be
      reproduced by:
      
        tc qdisc add dev eth0 root handle 1: prio bands 2 priomap 1 1 1 1 1 1
        tc qdisc add dev eth0 parent 1:2 handle 20: netem loss 20%
        tc filter add dev eth0 protocol ip parent 1: prio 2 u32 match ip \
                  protocol 132 0xff match u8 0x0b 0xff at 32 flowid 1:2
      
      This drops 20% of COOKIE-ACK packets. After some follow-up
      discussion with Vlad we came to the conclusion that for now we
      should still better remove this BUG_ON() assertion, and come up
      with two follow-ups later on, that is, i) find a more suitable
      place for this assertion, and possibly ii) have a special
      allocator/initializer for such kind of temporary assocs.
      Reported-by: NMark Thomas <Mark.Thomas@metaswitch.com>
      Signed-off-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7926c1d5
    • L
      Linux 3.12 · 5e01dc7b
      Linus Torvalds 提交于
      5e01dc7b
    • L
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 17f6ee43
      Linus Torvalds 提交于
      Pull MIPS fixes from Ralf Baechle:
       "Three fixes across arch/mips with the most complex one being the GIC
        interrupt fix - at nine lines still not monster.  I'm confident this
        are the final MIPS patches even if there should go for an rc8"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: ralink: fix return value check in rt_timer_probe()
        MIPS: malta: Fix GIC interrupt offsets
        MIPS: Perf: Fix 74K cache map
      17f6ee43
    • M
      ipc, msg: forbid negative values for "msg{max,mnb,mni}" · 9bf76ca3
      Mathias Krause 提交于
      Negative message lengths make no sense -- so don't do negative queue
      lenghts or identifier counts. Prevent them from getting negative.
      
      Also change the underlying data types to be unsigned to avoid hairy
      surprises with sign extensions in cases where those variables get
      evaluated in unsigned expressions with bigger data types, e.g size_t.
      
      In case a user still wants to have "unlimited" sizes she could just use
      INT_MAX instead.
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9bf76ca3
  4. 03 11月, 2013 2 次提交
  5. 02 11月, 2013 22 次提交
  6. 01 11月, 2013 6 次提交
    • S
      xfrm: Fix null pointer dereference when decoding sessions · 84502b5e
      Steffen Klassert 提交于
      On some codepaths the skb does not have a dst entry
      when xfrm_decode_session() is called. So check for
      a valid skb_dst() before dereferencing the device
      interface index. We use 0 as the device index if
      there is no valid skb_dst(), or at reverse decoding
      we use skb_iif as device interface index.
      
      Bug was introduced with git commit bafd4bd4
      ("xfrm: Decode sessions with output interface.").
      Reported-by: NMeelis Roos <mroos@linux.ee>
      Tested-by: NMeelis Roos <mroos@linux.ee>
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      84502b5e
    • L
      Merge branch 'akpm' (fixes from Andrew Morton) · 4f794ee8
      Linus Torvalds 提交于
      Merge four more fixes from Andrew Morton.
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        lib/scatterlist.c: don't flush_kernel_dcache_page on slab page
        mm: memcg: fix test for child groups
        mm: memcg: lockdep annotation for memcg OOM lock
        mm: memcg: use proper memcg in limit bypass
      4f794ee8
    • M
      lib/scatterlist.c: don't flush_kernel_dcache_page on slab page · 3d77b50c
      Ming Lei 提交于
      Commit b1adaf65 ("[SCSI] block: add sg buffer copy helper
      functions") introduces two sg buffer copy helpers, and calls
      flush_kernel_dcache_page() on pages in SG list after these pages are
      written to.
      
      Unfortunately, the commit may introduce a potential bug:
      
       - Before sending some SCSI commands, kmalloc() buffer may be passed to
         block layper, so flush_kernel_dcache_page() can see a slab page
         finally
      
       - According to cachetlb.txt, flush_kernel_dcache_page() is only called
         on "a user page", which surely can't be a slab page.
      
       - ARCH's implementation of flush_kernel_dcache_page() may use page
         mapping information to do optimization so page_mapping() will see the
         slab page, then VM_BUG_ON() is triggered.
      
      Aaro Koskinen reported the bug on ARM/kirkwood when DEBUG_VM is enabled,
      and this patch fixes the bug by adding test of '!PageSlab(miter->page)'
      before calling flush_kernel_dcache_page().
      Signed-off-by: NMing Lei <ming.lei@canonical.com>
      Reported-by: NAaro Koskinen <aaro.koskinen@iki.fi>
      Tested-by: NSimon Baatz <gmbnomis@gmail.com>
      Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
      Acked-by: NCatalin Marinas <catalin.marinas@arm.com>
      Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: <stable@vger.kernel.org>	[3.2+]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3d77b50c
    • J
      mm: memcg: fix test for child groups · 696ac172
      Johannes Weiner 提交于
      When memcg code needs to know whether any given memcg has children, it
      uses the cgroup child iteration primitives and returns true/false
      depending on whether the iteration loop is executed at least once or
      not.
      
      Because a cgroup's list of children is RCU protected, these primitives
      require the RCU read-lock to be held, which is not the case for all
      memcg callers.  This results in the following splat when e.g.  enabling
      hierarchy mode:
      
        WARNING: CPU: 3 PID: 1 at kernel/cgroup.c:3043 css_next_child+0xa3/0x160()
        CPU: 3 PID: 1 Comm: systemd Not tainted 3.12.0-rc5-00117-g83f11a9c-dirty #18
        Hardware name: LENOVO 3680B56/3680B56, BIOS 6QET69WW (1.39 ) 04/26/2012
        Call Trace:
          dump_stack+0x54/0x74
          warn_slowpath_common+0x78/0xa0
          warn_slowpath_null+0x1a/0x20
          css_next_child+0xa3/0x160
          mem_cgroup_hierarchy_write+0x5b/0xa0
          cgroup_file_write+0x108/0x2a0
          vfs_write+0xbd/0x1e0
          SyS_write+0x4c/0xa0
          system_call_fastpath+0x16/0x1b
      
      In the memcg case, we only care about children when we are attempting to
      modify inheritable attributes interactively.  Racing with deletion could
      mean a spurious -EBUSY, no problem.  Racing with addition is handled
      just fine as well through the memcg_create_mutex: if the child group is
      not on the list after the mutex is acquired, it won't be initialized
      from the parent's attributes until after the unlock.
      Signed-off-by: NJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: NMichal Hocko <mhocko@suse.cz>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      696ac172
    • J
      mm: memcg: lockdep annotation for memcg OOM lock · 0056f4e6
      Johannes Weiner 提交于
      The memcg OOM lock is a mutex-type lock that is open-coded due to
      memcg's special needs.  Add annotations for lockdep coverage.
      Signed-off-by: NJohannes Weiner <hannes@cmpxchg.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0056f4e6
    • J
      mm: memcg: use proper memcg in limit bypass · 3168ecbe
      Johannes Weiner 提交于
      Commit 84235de3 ("fs: buffer: move allocation failure loop into the
      allocator") allowed __GFP_NOFAIL allocations to bypass the limit if they
      fail to reclaim enough memory for the charge.  But because the main test
      case was on a 3.2-based system, the patch missed the fact that on newer
      kernels the charge function needs to return root_mem_cgroup when
      bypassing the limit, and not NULL.  This will corrupt whatever memory is
      at NULL + percpu pointer offset.  Fix this quickly before problems are
      reported.
      Signed-off-by: NJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: NMichal Hocko <mhocko@suse.cz>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3168ecbe