- 29 11月, 2011 3 次提交
-
-
由 Xi Wang 提交于
The previous commit 30c2235c is incomplete and cannot prevent integer overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the left-hand side of the check, (INT_MAX - key_len), which is unsigned, becomes 0xffffffff (UINT_MAX) and bypasses the check. Signed-off-by: NXi Wang <xi.wang@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Li Wei 提交于
We need to set np->mcast_hops to it's default value at this moment otherwise when we use it and found it's value is -1, the logic to get default hop limit doesn't take multicast into account and will return wrong hop limit(IPV6_DEFAULT_HOPLIMIT) which is for unicast. Signed-off-by: NLi Wei <lw@cn.fujitsu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anton Blanchard 提交于
I just hit this during my testing. Isn't there another bug lurking? BUG kmalloc-8: Redzone overwritten INFO: 0xc0000000de9dec48-0xc0000000de9dec4b. First byte 0x0 instead of 0xcc INFO: Allocated in .__seq_open_private+0x30/0xa0 age=0 cpu=5 pid=3896 .__kmalloc+0x1e0/0x2d0 .__seq_open_private+0x30/0xa0 .seq_open_net+0x60/0xe0 .dev_mc_seq_open+0x4c/0x70 .proc_reg_open+0xd8/0x260 .__dentry_open.clone.11+0x2b8/0x400 .do_last+0xf4/0x950 .path_openat+0xf8/0x480 .do_filp_open+0x48/0xc0 .do_sys_open+0x140/0x250 syscall_exit+0x0/0x40 dev_mc_seq_ops uses dev_seq_start/next/stop but only allocates sizeof(struct seq_net_private) of private data, whereas it expects sizeof(struct dev_iter_state): struct dev_iter_state { struct seq_net_private p; unsigned int pos; /* bucket << BUCKET_SPACE + offset */ }; Create dev_seq_open_ops and use it so we don't have to expose struct dev_iter_state. [ Problem added by commit f04565dd (dev: use name hash for dev_seq_ops) -Eric ] Signed-off-by: NAnton Blanchard <anton@samba.org> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 28 11月, 2011 1 次提交
-
-
由 Aries Lee 提交于
To perform PHY calibration and set a different EA value by chip ID, Whenever the NIC chip power on, ie booting or resuming, we need to force HW to calibrate PHY parameter again, and also set a proper EA value which gather from experiment. Those procedures help to reduce compatible issues(NIC is unable to link up in some special case) in giga speed. Signed-off-by: NAriesLee <AriesLee@jmicron.com> Signed-off-by: NGuo-Fu Tseng <cooldavid@cooldavid.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 27 11月, 2011 11 次提交
-
-
由 Eric Dumazet 提交于
Now inetpeer is the place where we cache redirect information for ipv4 destinations, we must be able to invalidate informations when a route is added/removed on host. As inetpeer is not yet namespace aware, this patch adds a shared redirect_genid, and a per inetpeer redirect_genid. This might be changed later if inetpeer becomes ns aware. Cache information for one inerpeer is valid as long as its redirect_genid has the same value than global redirect_genid. Reported-by: NArkadiusz Miśkiewicz <a.miskiewicz@gmail.com> Tested-by: NArkadiusz Miśkiewicz <a.miskiewicz@gmail.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Alexey Moiseytsev 提交于
poll() call may be blocked by concurrent reading from the same stream socket. Signed-off-by: NAlexey Moiseytsev <himeraster@gmail.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mark Brown 提交于
We're trying to check if any options are defined which isn't wha the existing code does due to confusing & and &&. Signed-off-by: NMark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Florian Westphal 提交于
When using l2tp over ipsec, the tunnel will hang when rekeying occurs. Reason is that the transformer bundle attached to the dst entry is now in STATE_DEAD and thus xfrm_output_one() drops all packets (XfrmOutStateExpired increases). Fix this by calling __sk_dst_check (which drops the stale dst if xfrm dst->check callback finds that the bundle is no longer valid). Cc: James Chapman <jchapman@katalix.com> Signed-off-by: NFlorian Westphal <fw@strlen.de> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we dont access already freed/reused memory later. Reported-by: NSasha Levin <levinsasha928@gmail.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Tested-by: NSasha Levin <levinsasha928@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ben Hutchings 提交于
commit 88491d81 ("drivers/net: Kconfig & Makefile cleanup") changed the type of these options to bool, but they select code that could (and still can) be built as modules. Signed-off-by: NBen Hutchings <ben@decadent.org.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steffen Klassert 提交于
The pmtu informations on the inetpeer are visible for output and input routes. On packet forwarding, we might propagate a learned pmtu to the sender. As we update the pmtu informations of the inetpeer on demand, the original sender of the forwarded packets might never notice when the pmtu to that inetpeer increases. So use the mtu of the outgoing device on packet forwarding instead of the pmtu to the final destination. Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steffen Klassert 提交于
Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steffen Klassert 提交于
We move all mtu handling from dst_mtu() down to the protocol layer. So each protocol can implement the mtu handling in a different manner. Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steffen Klassert 提交于
We plan to invoke the dst_opt->default_mtu() method unconditioally from dst_mtu(). So rename the method to dst_opt->mtu() to match the name with the new meaning. Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Steffen Klassert 提交于
As it is, we return null as the default mtu of blackhole routes. This may lead to a propagation of a bogus pmtu if the default_mtu method of a blackhole route is invoked. So return dst->dev->mtu as the default mtu instead. Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 26 11月, 2011 1 次提交
-
-
由 Jorge Boncompte [DTI2] 提交于
Skip entries from foreign network namespaces. Signed-off-by: NJorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 25 11月, 2011 1 次提交
-
-
由 Dan Carpenter 提交于
This was copy and pasted from the IPv4 code. We're calling the ip4 version of that function and map4 is NULL. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 24 11月, 2011 10 次提交
-
-
由 Li Wei 提交于
We can not update iph->daddr in ip_options_rcv_srr(), It is too early. When some exception ocurred later (eg. in ip_forward() when goto sr_failed) we need the ip header be identical to the original one as ICMP need it. Add a field 'nexthop' in struct ip_options to save nexthop of LSRR or SSRR option. Signed-off-by: NLi Wei <lw@cn.fujitsu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anton Blanchard 提交于
Use round_jiffies_relative to align the ehea workqueue and avoid extra wakeups. Signed-off-by: NAnton Blanchard <anton@samba.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Anton Blanchard 提交于
Now that we enable multiqueue by default the ehea driver is using quite a lot of memory for its buffer pools. With 4 queues we consume 64MB in the jumbo packet ring, 16MB in the medium packet ring and 16MB in the tiny packet ring. We should only fill the jumbo ring once the MTU is increased but for now halve it's size so it consumes 32MB. Also reduce the tiny packet ring, with 4 queues we had 16k entries which is overkill. Signed-off-by: NAnton Blanchard <anton@samba.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
When transmiting a fragmented skb, qlge fills a descriptor with the fragment addresses, after DMA-mapping them. If there are more than eight fragments, it will use the eighth descriptor as a pointer to an external list. After mapping this external list, called OAL to a structure containing more descriptors, it fills it with the extra fragments. However, considering that systems with pages larger than 8KiB would have less than 8 fragments, which was true before commit a715dea3, it defined a macro for the OAL size as 0 in those cases. Now, if a skb with more than 8 fragments (counting skb->data as one fragment), this would start overwriting the list of addresses already mapped and would make the driver fail to properly unmap the right addresses on architectures with pages larger than 8KiB. Besides that, the list of mappings was one size too small, since it must have a mapping for the maxinum number of skb fragments plus one for skb->data and another for the OAL. So, even on architectures with page sizes 4KiB and 8KiB, a skb with the maximum number of fragments would make the driver overwrite its counter for the number of mappings, which, again, would make it fail to unmap the mapped DMA addresses. Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yaniv Rosner 提交于
Fix port identify test on 5461x PHY by driving LEDs through MDIO. Signed-off-by: NYaniv Rosner <yanivr@broadcom.com> Signed-off-by: NEilon Greenstein <eilong@broadcom.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jun Zhao 提交于
When add sources to interface failure, need to roll back the sfcount[MODE] to before state. We need to match it corresponding. Acked-by: NDavid L Stevens <dlstevens@us.ibm.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NJun Zhao <mypopydev@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Since linux 2.6.26 (commit c6aefafb : Add IPv6 support to TCP SYN cookies), we can drop a SYN packet reusing a TIME_WAIT socket. (As a matter of fact we fail to send the SYNACK answer) As the client resends its SYN packet after a one second timeout, we accept it, because first packet removed the TIME_WAIT socket before being dropped. This probably explains why nobody ever noticed or complained. Reported-by: NJesse Young <jlyo@jlyo.org> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Xander Hover 提交于
Reported issues when using dev_kfree_skb() on UP systems and systems with low numbers of cores. dev_kfree_skb_irq() will properly save IRQ state before freeing the skb. Tested on 3.1.1 and 3.2_rc2 Example of reproducible trace of kernel 3.1.1 ------------[ cut here ]------------ WARNING: at kernel/softirq.c:159 local_bh_enable+0x32/0x79() ... Pid: 0, comm: swapper Not tainted 3.1.1-gentoo #1 Call Trace: [<c1022970>] warn_slowpath_common+0x65/0x7a [<c102699e>] ? local_bh_enable+0x32/0x79 [<c1022994>] warn_slowpath_null+0xf/0x13 [<c102699e>] local_bh_enable+0x32/0x79 [<c134bfd8>] destroy_conntrack+0x7c/0x9b [<c134890b>] nf_conntrack_destroy+0x1f/0x26 [<c132e3a6>] skb_release_head_state+0x74/0x83 [<c132e286>] __kfree_skb+0xb/0x6b [<c132e30a>] consume_skb+0x24/0x26 [<c127c925>] b44_poll+0xaa/0x449 [<c1333ca1>] net_rx_action+0x3f/0xea [<c1026a44>] __do_softirq+0x5f/0xd5 [<c10269e5>] ? local_bh_enable+0x79/0x79 <IRQ> [<c1026c32>] ? irq_exit+0x34/0x8d [<c1003628>] ? do_IRQ+0x74/0x87 [<c13f5329>] ? common_interrupt+0x29/0x30 [<c1006e18>] ? default_idle+0x29/0x3e [<c10015a7>] ? cpu_idle+0x2f/0x5d [<c13e91c5>] ? rest_init+0x79/0x7b [<c15c66a9>] ? start_kernel+0x297/0x29c [<c15c60b0>] ? i386_start_kernel+0xb0/0xb7 ---[ end trace 583f33bb1aa207a9 ]--- Signed-off-by: NXander Hover <LKML@hover.be> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Distributions are using this in their default scripts, so don't hide them behind the advanced setting. Reported-by: NLinus Torvalds <torvalds@linux-foundation.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
commit 72a3effa ([NET]: Size listen hash tables using backlog hint) added a bug allowing inet6_synq_hash() to return an out of bound array index, because of u16 overflow. Bug can happen if system admins set net.core.somaxconn & net.ipv4.tcp_max_syn_backlog sysctls to values greater than 65536 Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 23 11月, 2011 7 次提交
-
-
由 Li Wei 提交于
Release skb when transmit rate limit _not_ allow Signed-off-by: NLi Wei <lw@cn.fujitsu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 John W. Linville 提交于
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
-
由 John W. Linville 提交于
This reverts commit 4ba7d999. The original patch was a misguided attempt to improve performance on some hardware that is apparently prone to spurious interrupt generation. Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 stephen hemminger 提交于
Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 John W. Linville 提交于
This reverts commit 23085d57. The original patch was a misguided attempt to improve performance on some hardware that is apparently prone to spurious interrupt generation. Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
由 Feng King 提交于
when skb_shift, we want to shift paged data from skb to tgt frag area. Original comments revert the shift order Signed-off-by: NFeng King <kinwin2008@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Maciej Żenczykowski 提交于
Signed-off-by: NMaciej Żenczykowski <maze@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 22 11月, 2011 6 次提交
-
-
由 Dan Carpenter 提交于
The "tmp" variable here is used to store the result of cpu_to_le16() so it should be an __le16 instead of an int. We want the high bits set and the current code works on little endian systems but not on big endian systems. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Acked-by: NSjur Brændeland <sjur.brandeland@stericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 RongQing.Li 提交于
The errcode is not updated when ip_route_newports() fails. Signed-off-by: NRongQing.Li <roy.qing.li@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jesper Juhl 提交于
It was pointed out by "make versioncheck" that we do not need to include version.h in drivers/net/can/sja1000/peak_pci.c This patch removes the unneeded include. Signed-off-by: NJesper Juhl <jj@chaosbits.net> Acked-by: NMarc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jan Beulich 提交于
Signed-off-by: NJan Beulich <jbeulich@suse.com> Signed-off-by: NIan Campbell <ian.campbell@citrix.com> Cc: stable@vger.kernel.org Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Giuseppe CAVALLARO 提交于
We need to mask the MMC irq otherwise if we raise the mmc interrupts that are not handled the driver loops in the handler. In fact, by default all mmc counters (only used for stats) are managed in SW and registers are cleared on each READ. Signed-off-by: NGiuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Jarosch 提交于
"remote_list" is of type struct dma_chunk remote_list[VETH_MAX_FRAMES_PER_MSG]; Probably a copy'n'paste error. Signed-off-by: NThomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-