1. 23 1月, 2013 2 次提交
  2. 22 1月, 2013 9 次提交
  3. 21 1月, 2013 3 次提交
  4. 20 1月, 2013 1 次提交
  5. 19 1月, 2013 5 次提交
  6. 18 1月, 2013 6 次提交
  7. 17 1月, 2013 7 次提交
  8. 16 1月, 2013 2 次提交
  9. 15 1月, 2013 5 次提交
    • N
      tg3: Fix crc errors on jumbo frame receive · daf3ec68
      Nithin Nayak Sujir 提交于
      TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy
      auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting
      in intermittent crc errors on jumbo frames with some link partners. Change
      the code to do a read/modify/write.
      Signed-off-by: NNithin Nayak Sujir <nsujir@broadcom.com>
      Signed-off-by: NMichael Chan <mchan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      daf3ec68
    • N
      tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode · 9c13cb8b
      Nithin Nayak Sujir 提交于
      When netconsole is enabled, logging messages generated during tg3_open
      can result in a null pointer dereference for the uninitialized tg3
      status block. Use the irq_sync flag to disable polling in the early
      stages. irq_sync is cleared when the driver is enabling interrupts after
      all initialization is completed.
      Signed-off-by: NNithin Nayak Sujir <nsujir@broadcom.com>
      Signed-off-by: NMichael Chan <mchan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9c13cb8b
    • D
      Merge branch 'master' of git://1984.lsi.us.es/nf · 47fb3a26
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      The following patchset contains netfilter fixes for 3.8-rc3,
      they are:
      
      * fix possible BUG_ON if several netns are in use and the nf_conntrack
        module is removed, initial patch from Gao feng, final patch from myself.
      
      * fix unset return value if conntrack zone are disabled at
        compile-time, reported by Borislav Petkov, fix from myself.
      
      * fix display error message via dmesg for arp_tables, from Jan Engelhardt.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      47fb3a26
    • P
      tun: fix LSM/SELinux labeling of tun/tap devices · 5dbbaf2d
      Paul Moore 提交于
      This patch corrects some problems with LSM/SELinux that were introduced
      with the multiqueue patchset.  The problem stems from the fact that the
      multiqueue work changed the relationship between the tun device and its
      associated socket; before the socket persisted for the life of the
      device, however after the multiqueue changes the socket only persisted
      for the life of the userspace connection (fd open).  For non-persistent
      devices this is not an issue, but for persistent devices this can cause
      the tun device to lose its SELinux label.
      
      We correct this problem by adding an opaque LSM security blob to the
      tun device struct which allows us to have the LSM security state, e.g.
      SELinux labeling information, persist for the lifetime of the tun
      device.  In the process we tweak the LSM hooks to work with this new
      approach to TUN device/socket labeling and introduce a new LSM hook,
      security_tun_dev_attach_queue(), to approve requests to attach to a
      TUN queue via TUNSETQUEUE.
      
      The SELinux code has been adjusted to match the new LSM hooks, the
      other LSMs do not make use of the LSM TUN controls.  This patch makes
      use of the recently added "tun_socket:attach_queue" permission to
      restrict access to the TUNSETQUEUE operation.  On older SELinux
      policies which do not define the "tun_socket:attach_queue" permission
      the access control decision for TUNSETQUEUE will be handled according
      to the SELinux policy's unknown permission setting.
      Signed-off-by: NPaul Moore <pmoore@redhat.com>
      Acked-by: NEric Paris <eparis@parisplace.org>
      Tested-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5dbbaf2d
    • P
      selinux: add the "attach_queue" permission to the "tun_socket" class · 6f96c142
      Paul Moore 提交于
      Add a new permission to align with the new TUN multiqueue support,
      "tun_socket:attach_queue".
      
      The corresponding SELinux reference policy patch is show below:
      
       diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
       index 28802c5..a0664a1 100644
       --- a/policy/flask/access_vectors
       +++ b/policy/flask/access_vectors
       @@ -827,6 +827,9 @@ class kernel_service
      
        class tun_socket
        inherits socket
       +{
       +       attach_queue
       +}
      
        class x_pointer
        inherits x_device
      Signed-off-by: NPaul Moore <pmoore@redhat.com>
      Acked-by: NEric Paris <eparis@parisplace.org>
      Tested-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6f96c142