GitHub/exynos8895/android_kernel_samsung_universal8895.git
12 years agotipc: Optimize detection of duplicate media registration
Allan Stephens [Thu, 6 Oct 2011 20:40:55 +0000 (16:40 -0400)]
tipc: Optimize detection of duplicate media registration

Streamlines the detection of an attempt to register a TIPC media structure
using an already registered name or type identifier. The revised logic now
reuses an existing routine to detect an existing name and no longer
unnecessarily manipulates the media type counter during an unsuccessful
registration attempt.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
12 years agotipc: Register new media using pre-compiled structure
Allan Stephens [Thu, 6 Oct 2011 19:28:44 +0000 (15:28 -0400)]
tipc: Register new media using pre-compiled structure

Speeds up the registration of TIPC media types by passing in a structure
containing the required information, rather than by passing in the various
fields describing the media type individually.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
12 years agotipc: Enable use by containers having their own network namespace
Allan Stephens [Thu, 6 Oct 2011 17:57:51 +0000 (13:57 -0400)]
tipc: Enable use by containers having their own network namespace

Permits a Linux container to use TIPC sockets even when it has its own
network namespace defined by removing the check that prohibits such use.
This makes it possible for users who wish to isolate their container
network traffic from normal network traffic to utilize TIPC.

Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
12 years agobonding: document undocumented active_slave sysfs entry.
Nicolas de Pesloüan [Mon, 26 Dec 2011 13:35:24 +0000 (13:35 +0000)]
bonding: document undocumented active_slave sysfs entry.

v2, based on Jay's review.

I kept the 'link must be up' part, because this is enforced in the code.

Signed-off-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
cc: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv6: Kill useless route tracing bits in net/ipv6/route.c
David S. Miller [Mon, 26 Dec 2011 20:24:36 +0000 (15:24 -0500)]
ipv6: Kill useless route tracing bits in net/ipv6/route.c

RDBG() wasn't even used, and the messages printed by RT6_DEBUG() were
far from useful.  Just get rid of all this stuff, we can replace it
with something more suitable if we want.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomlx4: Add missing include of linux/slab.h
Axel Lin [Sun, 25 Dec 2011 23:35:34 +0000 (23:35 +0000)]
mlx4: Add missing include of linux/slab.h

Include linux/slab.h to fix below build error:

  CC      drivers/net/ethernet/mellanox/mlx4/resource_tracker.o
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'mlx4_init_resource_tracker':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:233: error: implicit declaration of function 'kzalloc'
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:234: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'mlx4_free_resource_tracker':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:264: error: implicit declaration of function 'kfree'
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_qp_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:370: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_mtt_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:386: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_mpt_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:402: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_eq_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:417: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_cq_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:431: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_srq_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:446: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'alloc_counter_tr':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:461: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'add_res_range':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:521: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'mac_add_to_slave':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:1193: warning: assignment makes pointer from integer without a cast
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c: In function 'add_mcg_res':
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c:2521: warning: assignment makes pointer from integer without a cast
make[5]: *** [drivers/net/ethernet/mellanox/mlx4/resource_tracker.o] Error 1
make[4]: *** [drivers/net/ethernet/mellanox/mlx4] Error 2
make[3]: *** [drivers/net/ethernet/mellanox] Error 2
make[2]: *** [drivers/net/ethernet] Error 2
make[1]: *** [drivers/net] Error 2
make: *** [drivers] Error 2

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agounix: If we happen to find peer NULL when diag dumping, write zero.
David S. Miller [Mon, 26 Dec 2011 19:41:55 +0000 (14:41 -0500)]
unix: If we happen to find peer NULL when diag dumping, write zero.

Otherwise we leave uninitialized kernel memory in there.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agounix_diag: Fix incoming connections nla length
Pavel Emelyanov [Mon, 26 Dec 2011 19:08:47 +0000 (14:08 -0500)]
unix_diag: Fix incoming connections nla length

The NLA_PUT macro should accept the actual attribute length, not
the amount of elements in array :(

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'nf-next' of git://1984.lsi.us.es/net-next
David S. Miller [Sun, 25 Dec 2011 07:21:45 +0000 (02:21 -0500)]
Merge branch 'nf-next' of git://1984.lsi.us.es/net-next

12 years agonetfilter: xtables: add nfacct match to support extended accounting
Pablo Neira Ayuso [Fri, 23 Dec 2011 13:28:59 +0000 (14:28 +0100)]
netfilter: xtables: add nfacct match to support extended accounting

This patch adds the match that allows to perform extended
accounting. It requires the new nfnetlink_acct infrastructure.

 # iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
 # iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: add extended accounting infrastructure over nfnetlink
Pablo Neira Ayuso [Fri, 23 Dec 2011 13:19:50 +0000 (14:19 +0100)]
netfilter: add extended accounting infrastructure over nfnetlink

We currently have two ways to account traffic in netfilter:

- iptables chain and rule counters:

 # iptables -L -n -v
Chain INPUT (policy DROP 3 packets, 867 bytes)
 pkts bytes target     prot opt in     out     source               destination
    8  1104 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

- use flow-based accounting provided by ctnetlink:

 # conntrack -L
tcp      6 431999 ESTABLISHED src=192.168.1.130 dst=212.106.219.168 sport=58152 dport=80 packets=47 bytes=7654 src=212.106.219.168 dst=192.168.1.130 sport=80 dport=58152 packets=49 bytes=66340 [ASSURED] mark=0 use=1

While trying to display real-time accounting statistics, we require
to pool the kernel periodically to obtain this information. This is
OK if the number of flows is relatively low. However, in case that
the number of flows is huge, we can spend a considerable amount of
cycles to iterate over the list of flows that have been obtained.

Moreover, if we want to obtain the sum of the flow accounting results
that match some criteria, we have to iterate over the whole list of
existing flows, look for matchings and update the counters.

This patch adds the extended accounting infrastructure for
nfnetlink which aims to allow displaying real-time traffic accounting
without the need of complicated and resource-consuming implementation
in user-space. Basically, this new infrastructure allows you to create
accounting objects. One accounting object is composed of packet and
byte counters.

In order to manipulate create accounting objects, you require the
new libnetfilter_acct library. It contains several examples of use:

libnetfilter_acct/examples# ./nfacct-add http-traffic
libnetfilter_acct/examples# ./nfacct-get
http-traffic = { pkts = 000000000000,   bytes = 000000000000 };

Then, you can use one of this accounting objects in several iptables
rules using the new nfacct match (which comes in a follow-up patch):

 # iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
 # iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic

The idea is simple: if one packet matches the rule, the nfacct match
updates the counters.

Thanks to Patrick McHardy, Eric Dumazet, Changli Gao for reviewing and
providing feedback for this contribution.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agorfs: better sizing of dev_flow_table
Eric Dumazet [Sat, 24 Dec 2011 06:56:49 +0000 (06:56 +0000)]
rfs: better sizing of dev_flow_table

Aim of this patch is to provide full range of rps_flow_cnt on 64bit arches.

Theorical limit on number of flows is 2^32

Fix some buggy RPS/RFS macros as well.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Tom Herbert <therbert@google.com>
CC: Xi Wang <xi.wang@gmail.com>
CC: Laurent Chavey <chavey@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetfilter: ctnetlink: get and zero operations must be atomic
Pablo Neira Ayuso [Sat, 24 Dec 2011 13:11:39 +0000 (14:11 +0100)]
netfilter: ctnetlink: get and zero operations must be atomic

The get and zero operations have to be done in an atomic context,
otherwise counters added between them will be lost.

This problem was spotted by Changli Gao while discussing the
nfacct infrastructure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetlink: Undo const marker in netlink_is_kernel().
David S. Miller [Fri, 23 Dec 2011 22:33:03 +0000 (17:33 -0500)]
netlink: Undo const marker in netlink_is_kernel().

We can't do this without propagating the const to nlk_sk()
too, otherwise:

net/netlink/af_netlink.c: In function ‘netlink_is_kernel’:
net/netlink/af_netlink.c:103:2: warning: passing argument 1 of ‘nlk_sk’ discards ‘const’ qualifier from pointer target type [enabled by default]
net/netlink/af_netlink.c:96:36: note: expected ‘struct sock *’ but argument is of type ‘const struct sock *’

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Fri, 23 Dec 2011 22:13:56 +0000 (17:13 -0500)]
Merge git://git./linux/kernel/git/davem/net

Conflicts:
net/bluetooth/l2cap_core.c

Just two overlapping changes, one added an initialization of
a local variable, and another change added a new local variable.

Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetem: loss model API sizes
stephen hemminger [Fri, 23 Dec 2011 09:16:30 +0000 (09:16 +0000)]
netem: loss model API sizes

The new netem loss model is configured with nested netlink messages.
This code is being overly strict about sizes, and is easily confused
by padding (or possible future expansion). Also message
for gemodel is incorrect.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosch_hfsc: report backlog information
Eric Dumazet [Fri, 23 Dec 2011 05:19:20 +0000 (05:19 +0000)]
sch_hfsc: report backlog information

Add backlog (byte count) information in hfsc classes and qdisc, so that
"tc -s" can report it to user, instead of 0 values :

qdisc hfsc 1: root refcnt 6 default 20
 Sent 45141660 bytes 30545 pkt (dropped 0, overlimits 91751 requeues 0)
 rate 1492Kbit 126pps backlog 103226b 74p requeues 0
...
class hfsc 1:20 parent 1:1 leaf 1201: rt m1 0bit d 0us m2 400000bit ls m1 0bit d 0us m2 200000bit
 Sent 49534912 bytes 33519 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 81822b 56p requeues 0
 period 23 work 49451576 bytes rtwork 13277552 bytes level 0
...

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: John A. Sullivan III <jsullivan@opensourcedevel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agousb: pegasus: cleanup a couple conditions
Dan Carpenter [Fri, 23 Dec 2011 00:44:36 +0000 (00:44 +0000)]
usb: pegasus: cleanup a couple conditions

We recently made loopback a bool type instead of an int, so the bitwise
AND is redundent.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: only use a single page of slop in MAX_SKB_FRAGS
Ian Campbell [Thu, 22 Dec 2011 23:39:14 +0000 (23:39 +0000)]
net: only use a single page of slop in MAX_SKB_FRAGS

In order to accommodate a 64K buffer we need 64K/PAGE_SIZE plus one more page
in order to allow for a buffer which does not start on a page boundary.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agodrivers/net/usb/asix: fixed asix_get_wol reported wrong wol status issue
allan [Thu, 22 Dec 2011 20:38:51 +0000 (20:38 +0000)]
drivers/net/usb/asix: fixed asix_get_wol reported wrong wol status issue

Fixed the asix_get_wol() routine reported wrong wol status issue.

Signed-off-by: Allan Chou <allan@asix.com.tw>
Tested-by: Eugene <elubarsky@gmail.com>; Allan Chou <allan@asix.com.tw>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agopacket: fix typo in packet_mmap.txt
Wei Yongjun [Thu, 22 Dec 2011 17:47:54 +0000 (17:47 +0000)]
packet: fix typo in packet_mmap.txt

Just fixed typo of sample code in packet_mmap.txt

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobna: Add debugfs interface.
Krishna Gudipati [Thu, 22 Dec 2011 13:30:19 +0000 (13:30 +0000)]
bna: Add debugfs interface.

Change details:
- Add debugfs support to obtain firmware trace, saved firmware trace on
  an IOC crash, driver info and read/write to registers.

- debugfs hierarchy:
  bna/pci_dev:<pci_name>
  where the pci_name corresponds to the one under /sys/bus/pci/drivers/bna

- Following are the new debugfs entries added:
  fwtrc: collect current firmware trace.
  fwsave: collect last saved fw trace as a result of firmware crash.
  regwr: write one word to chip register
  regrd: read one or more words from chip register.
  drvinfo: collect the driver information.

Signed-off-by: Krishna Gudipati <kgudipat@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobna: Added flash sub-module and ethtool eeprom entry points.
Krishna Gudipati [Thu, 22 Dec 2011 13:29:45 +0000 (13:29 +0000)]
bna: Added flash sub-module and ethtool eeprom entry points.

Change details:
- The patch adds flash sub-module to the bna driver.
- Added ethtool set_eeprom() and get_eeprom() entry points to
  support flash partition read/write operations.

Signed-off-by: Krishna Gudipati <kgudipat@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'nf' of git://1984.lsi.us.es/net
David S. Miller [Fri, 23 Dec 2011 19:29:20 +0000 (14:29 -0500)]
Merge branch 'nf' of git://1984.lsi.us.es/net

12 years agostmmac: fix missing module license in the main.
Giuseppe Cavallaro [Fri, 23 Dec 2011 19:21:20 +0000 (14:21 -0500)]
stmmac: fix missing module license in the main.

This patch fixes the following warning raised
when compile:

WARNING: modpost: missing MODULE_LICENSE()
in drivers/net/ethernet/stmicro/stmmac/stmmac.o

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetfilter: xt_connbytes: handle negation correctly
Florian Westphal [Fri, 16 Dec 2011 17:35:15 +0000 (18:35 +0100)]
netfilter: xt_connbytes: handle negation correctly

"! --connbytes 23:42" should match if the packet/byte count is not in range.

As there is no explict "invert match" toggle in the match structure,
userspace swaps the from and to arguments
(i.e., as if "--connbytes 42:23" were given).

However, "what <= 23 && what >= 42" will always be false.

Change things so we use "||" in case "from" is larger than "to".

This change may look like it breaks backwards compatibility when "to" is 0.
However, older iptables binaries will refuse "connbytes 42:0",
and current releases treat it to mean "! --connbytes 0:42",
so we should be fine.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: ctnetlink: remove dead NAT code
Patrick McHardy [Fri, 23 Dec 2011 13:01:36 +0000 (14:01 +0100)]
netfilter: ctnetlink: remove dead NAT code

The NAT range to nlattr conversation callbacks and helpers are entirely
dead code and are also useless since there are no NAT ranges in conntrack
context, they are only used for initially selecting a tuple. The final NAT
information is contained in the selected tuples of the conntrack entry.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet()
Patrick McHardy [Fri, 23 Dec 2011 13:01:26 +0000 (14:01 +0100)]
netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet()

The packet size check originates from a time when UDP helpers could
accidentally mangle incorrect packets (NEWNAT) and is unnecessary
nowadays since the conntrack helpers invoke the NAT helpers for the
proper packet directly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation()
Patrick McHardy [Fri, 23 Dec 2011 13:01:03 +0000 (14:01 +0100)]
netfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation()

The inner tuple that is extracted from the packet is unused. The code also
doesn't have any useful side-effects like verifying the packet does contain
enough data to extract the inner tuple since conntrack already does the
same, so remove it.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nat: remove module reference counting from NAT protocols
Patrick McHardy [Fri, 23 Dec 2011 13:00:49 +0000 (14:00 +0100)]
netfilter: nat: remove module reference counting from NAT protocols

The only remaining user of NAT protocol module reference counting is NAT
ctnetlink support. Since this is a fairly short sequence of code, convert
over to use RCU and remove module reference counting.

Module unregistration is already protected by RCU using synchronize_rcu(),
so no further changes are necessary.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_nat: add missing nla_policy entry for CTA_NAT_PROTO attribute
Patrick McHardy [Fri, 23 Dec 2011 13:00:30 +0000 (14:00 +0100)]
netfilter: nf_nat: add missing nla_policy entry for CTA_NAT_PROTO attribute

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_nat: use hash random for bysource hash
Patrick McHardy [Fri, 23 Dec 2011 13:00:13 +0000 (14:00 +0100)]
netfilter: nf_nat: use hash random for bysource hash

Use nf_conntrack_hash_rnd in NAT bysource hash to avoid hash chain attacks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: nf_nat: export NAT definitions to userspace
Patrick McHardy [Fri, 23 Dec 2011 12:59:49 +0000 (13:59 +0100)]
netfilter: nf_nat: export NAT definitions to userspace

Export the NAT definitions to userspace. So far userspace (specifically,
iptables) has been copying the headers files from include/net. Also
rename some structures and definitions in preparation for IPv6 NAT.
Since these have never been officially exported, this doesn't affect
existing userspace code.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonetfilter: rework user-space expectation helper support
Pablo Neira Ayuso [Sun, 18 Dec 2011 00:55:54 +0000 (01:55 +0100)]
netfilter: rework user-space expectation helper support

This partially reworks bc01befdcf3e40979eb518085a075cbf0aacede0
which added userspace expectation support.

This patch removes the nf_ct_userspace_expect_list since now we
force to use the new iptables CT target feature to add the helper
extension for conntracks that have attached expectations from
userspace.

A new version of the proof-of-concept code to implement userspace
helpers from userspace is available at:

http://people.netfilter.org/pablo/userspace-conntrack-helpers/nf-ftp-helper-POC.tar.bz2

This patch also modifies the CT target to allow to set the
conntrack's userspace helper status flags. This flag is used
to tell the conntrack system to explicitly allocate the helper
extension.

This helper extension is useful to link the userspace expectations
with the master conntrack that is being tracked from one userspace
helper.

This feature fixes a problem in the current approach of the
userspace helper support. Basically, if the master conntrack that
has got a userspace expectation vanishes, the expectations point to
one invalid memory address. Thus, triggering an oops in the
expectation deletion event path.

I decided not to add a new revision of the CT target because
I only needed to add a new flag for it. I'll document in this
issue in the iptables manpage. I have also changed the return
value from EINVAL to EOPNOTSUPP if one flag not supported is
specified. Thus, in the future adding new features that only
require a new flag can be added without a new revision.

There is no official code using this in userspace (apart from
the proof-of-concept) that uses this infrastructure but there
will be some by beginning 2012.

Reported-by: Sam Roberts <vieuxtech@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 years agonet: relax rcvbuf limits
Eric Dumazet [Wed, 21 Dec 2011 07:11:44 +0000 (07:11 +0000)]
net: relax rcvbuf limits

skb->truesize might be big even for a small packet.

Its even bigger after commit 87fb4b7b533 (net: more accurate skb
truesize) and big MTU.

We should allow queueing at least one packet per receiver, even with a
low RCVBUF setting.

Reported-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetlink: wake up netlink listeners sooner (v2)
stephen hemminger [Thu, 22 Dec 2011 08:52:03 +0000 (08:52 +0000)]
netlink: wake up netlink listeners sooner (v2)

This patch changes it to yield sooner at halfway instead. Still not a cure-all
for listener overrun if listner is slow, but works much reliably.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetlink: af_netlink cleanup (v2)
stephen hemminger [Thu, 22 Dec 2011 08:52:02 +0000 (08:52 +0000)]
netlink: af_netlink cleanup (v2)

Don't inline functions that cover several lines, and do inline
the trivial ones. Also make some arguments const.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoPartial revert "Basic kernel memory functionality for the Memory Controller"
Glauber Costa [Thu, 22 Dec 2011 01:02:27 +0000 (01:02 +0000)]
Partial revert "Basic kernel memory functionality for the Memory Controller"

This reverts commit e5671dfae59b165e2adfd4dfbdeab11ac8db5bda.

After a follow up discussion with Michal, it was agreed it would
be better to leave the kmem controller with just the tcp files,
deferring the behavior of the other general memory.kmem.* files
for a later time, when more caches are controlled. This is because
generic kmem files are not used by tcp accounting and it is
not clear how other slab caches would fit into the scheme.

We are reverting the original commit so we can track the reference.
Part of the patch is kept, because it was used by the later tcp
code. Conflicts are shown in the bottom. init/Kconfig is removed from
the revert entirely.

Signed-off-by: Glauber Costa <glommer@parallels.com>
Acked-by: Michal Hocko <mhocko@suse.cz>
CC: Kirill A. Shutemov <kirill@shutemov.name>
CC: Paul Menage <paul@paulmenage.org>
CC: Greg Thelen <gthelen@google.com>
CC: Johannes Weiner <jweiner@redhat.com>
CC: David S. Miller <davem@davemloft.net>
Conflicts:

Documentation/cgroups/memory.txt
mm/memcontrol.c
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agorps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()
Xi Wang [Thu, 22 Dec 2011 13:35:22 +0000 (13:35 +0000)]
rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt()

Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
cause a kernel oops due to insufficient bounds checking.

if (count > 1<<30) {
/* Enforce a limit to prevent overflow */
return -EINVAL;
}
count = roundup_pow_of_two(count);
table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));

Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:

... + (count * sizeof(struct rps_dev_flow))

where sizeof(struct rps_dev_flow) is 8.  (1 << 30) * 8 will overflow
32 bits.

This patch replaces the magic number (1 << 30) with a symbolic bound.

Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: introduce DST_NOPEER dst flag
Eric Dumazet [Thu, 22 Dec 2011 04:15:53 +0000 (04:15 +0000)]
net: introduce DST_NOPEER dst flag

Chris Boot reported crashes occurring in ipv6_select_ident().

[  461.457562] RIP: 0010:[<ffffffff812dde61>]  [<ffffffff812dde61>]
ipv6_select_ident+0x31/0xa7

[  461.578229] Call Trace:
[  461.580742] <IRQ>
[  461.582870]  [<ffffffff812efa7f>] ? udp6_ufo_fragment+0x124/0x1a2
[  461.589054]  [<ffffffff812dbfe0>] ? ipv6_gso_segment+0xc0/0x155
[  461.595140]  [<ffffffff812700c6>] ? skb_gso_segment+0x208/0x28b
[  461.601198]  [<ffffffffa03f236b>] ? ipv6_confirm+0x146/0x15e
[nf_conntrack_ipv6]
[  461.608786]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
[  461.614227]  [<ffffffff81271d64>] ? dev_hard_start_xmit+0x357/0x543
[  461.620659]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
[  461.626440]  [<ffffffffa0379745>] ? br_parse_ip_options+0x19a/0x19a
[bridge]
[  461.633581]  [<ffffffff812722ff>] ? dev_queue_xmit+0x3af/0x459
[  461.639577]  [<ffffffffa03747d2>] ? br_dev_queue_push_xmit+0x72/0x76
[bridge]
[  461.646887]  [<ffffffffa03791e3>] ? br_nf_post_routing+0x17d/0x18f
[bridge]
[  461.653997]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
[  461.659473]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
[  461.665485]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
[  461.671234]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
[  461.677299]  [<ffffffffa0379215>] ?
nf_bridge_update_protocol+0x20/0x20 [bridge]
[  461.684891]  [<ffffffffa03bb0e5>] ? nf_ct_zone+0xa/0x17 [nf_conntrack]
[  461.691520]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
[  461.697572]  [<ffffffffa0374812>] ? NF_HOOK.constprop.8+0x3c/0x56
[bridge]
[  461.704616]  [<ffffffffa0379031>] ?
nf_bridge_push_encap_header+0x1c/0x26 [bridge]
[  461.712329]  [<ffffffffa037929f>] ? br_nf_forward_finish+0x8a/0x95
[bridge]
[  461.719490]  [<ffffffffa037900a>] ?
nf_bridge_pull_encap_header+0x1c/0x27 [bridge]
[  461.727223]  [<ffffffffa0379974>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
[  461.734292]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
[  461.739758]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
[  461.746203]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
[  461.751950]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
[  461.758378]  [<ffffffffa037533a>] ? NF_HOOK.constprop.4+0x56/0x56
[bridge]

This is caused by bridge netfilter special dst_entry (fake_rtable), a
special shared entry, where attaching an inetpeer makes no sense.

Problem is present since commit 87c48fa3b46 (ipv6: make fragment
identifications less predictable)

Introduce DST_NOPEER dst flag and make sure ipv6_select_ident() and
__ip_select_ident() fallback to the 'no peer attached' handling.

Reported-by: Chris Boot <bootc@bootc.net>
Tested-by: Chris Boot <bootc@bootc.net>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomqprio: Avoid panic if no options are provided
Thomas Graf [Thu, 22 Dec 2011 02:05:07 +0000 (02:05 +0000)]
mqprio: Avoid panic if no options are provided

Userspace may not provide TCA_OPTIONS, in fact tc currently does
so not do so if no arguments are specified on the command line.
Return EINVAL instead of panicing.

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobridge: provide a mtu() method for fake_dst_ops
Eric Dumazet [Wed, 21 Dec 2011 20:00:32 +0000 (20:00 +0000)]
bridge: provide a mtu() method for fake_dst_ops

Commit 618f9bc74a039da76 (net: Move mtu handling down to the protocol
depended handlers) forgot the bridge netfilter case, adding a NULL
dereference in ip_fragment().

Reported-by: Chris Boot <bootc@bootc.net>
CC: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Thu, 22 Dec 2011 20:59:47 +0000 (12:59 -0800)]
Merge branch 'usb-linus' of git://git./linux/kernel/git/gregkh/usb

* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: Fix usb/isp1760 build on sparc
  usb: gadget: epautoconf: do not change number of streams
  usb: dwc3: core: fix cached revision on our structure
  usb: musb: fix reset issue with full speed device

12 years agoMerge branch 'upstream-linus' of git://github.com/jgarzik/libata-dev
Linus Torvalds [Thu, 22 Dec 2011 20:53:32 +0000 (12:53 -0800)]
Merge branch 'upstream-linus' of git://github.com/jgarzik/libata-dev

* 'upstream-linus' of git://github.com/jgarzik/libata-dev:
  pata_of_platform: Add missing CONFIG_OF_IRQ dependency.

12 years agopata_of_platform: Add missing CONFIG_OF_IRQ dependency.
David Miller [Wed, 21 Dec 2011 22:38:10 +0000 (17:38 -0500)]
pata_of_platform: Add missing CONFIG_OF_IRQ dependency.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
12 years agoipv4: using prefetch requires including prefetch.h
Stephen Rothwell [Thu, 22 Dec 2011 06:03:29 +0000 (17:03 +1100)]
ipv4: using prefetch requires including prefetch.h

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Thu, 22 Dec 2011 02:29:26 +0000 (18:29 -0800)]
Merge git://git./linux/kernel/git/davem/net

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  net: Add a flow_cache_flush_deferred function
  ipv4: reintroduce route cache garbage collector
  net: have ipconfig not wait if no dev is available
  sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd
  asix: new device id
  davinci-cpdma: fix locking issue in cpdma_chan_stop
  sctp: fix incorrect overflow check on autoclose
  r8169: fix Config2 MSIEnable bit setting.
  llc: llc_cmsg_rcv was getting called after sk_eat_skb.
  net: bpf_jit: fix an off-one bug in x86_64 cond jump target
  iwlwifi: update SCD BC table for all SCD queues
  Revert "Bluetooth: Revert: Fix L2CAP connection establishment"
  Bluetooth: Clear RFCOMM session timer when disconnecting last channel
  Bluetooth: Prevent uninitialized data access in L2CAP configuration
  iwlwifi: allow to switch to HT40 if not associated
  iwlwifi: tx_sync only on PAN context
  mwifiex: avoid double list_del in command cancel path
  ath9k: fix max phy rate at rate control init
  nfc: signedness bug in __nci_request()
  iwlwifi: do not set the sequence control bit is not needed

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Linus Torvalds [Thu, 22 Dec 2011 02:29:05 +0000 (18:29 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: atmel/ac97c: using software reset instead hardware reset if not available

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6
Linus Torvalds [Thu, 22 Dec 2011 02:28:52 +0000 (18:28 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sameo/mfd-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
  mfd: Include linux/io.h to jz4740-adc
  mfd: Use request_threaded_irq for twl4030-irq instead of irq_set_chained_handler
  mfd: Base interrupt for twl4030-irq must be one-shot
  mfd: Handle tps65910 clear-mask correctly
  mfd: add #ifdef CONFIG_DEBUG_FS guard for ab8500_debug_resources
  mfd: Fix twl-core oops while calling twl_i2c_* for unbound driver
  mfd: include linux/module.h for ab5500-debugfs
  mfd: Update wm8994 active device checks for WM1811
  mfd: Set tps6586x bits if new value is different from the old one
  mfd: Set da903x bits if new value is different from the old one
  mfd: Set adp5520 bits if new value is different from the old one
  mfd: Add missed free_irq in da903x_remove

12 years agovfs: __read_cache_page should use gfp argument rather than GFP_KERNEL
Dave Kleikamp [Wed, 21 Dec 2011 17:05:48 +0000 (11:05 -0600)]
vfs: __read_cache_page should use gfp argument rather than GFP_KERNEL

lockdep reports a deadlock in jfs because a special inode's rw semaphore
is taken recursively.  The mapping's gfp mask is GFP_NOFS, but is not
used when __read_cache_page() calls add_to_page_cache_lru().

Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoMerge branch 'for-greg' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb...
Greg Kroah-Hartman [Wed, 21 Dec 2011 22:42:17 +0000 (14:42 -0800)]
Merge branch 'for-greg' of git://git./linux/kernel/git/balbi/usb into usb-linus

* 'for-greg' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb:
  usb: gadget: epautoconf: do not change number of streams
  usb: dwc3: core: fix cached revision on our structure
  usb: musb: fix reset issue with full speed device

12 years agoUSB: Fix usb/isp1760 build on sparc
David Miller [Wed, 21 Dec 2011 22:31:54 +0000 (17:31 -0500)]
USB: Fix usb/isp1760 build on sparc

This commit:

commit 8f5d621543cb064d2989fc223d3c2bc61a43981e
Author: Joachim Foerster <joachim.foerster@missinglinkelectronics.com>
Date:   Mon Oct 10 18:06:54 2011 +0200

    usb/isp1760: Let OF bindings depend on general CONFIG_OF instead of PPC_OF .

    To be able to use the driver on other OF-aware architectures, too.
    And add necessary OF related #includes to fix compilation error.

Signed-off-by: Joachim Foerster <joachim.foerster@missinglinkelectronics.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
enabled the build on all CONFIG_OF architectures, but it cannot do
this.

This driver depends upon CONFIG_OF_IRQ but not all CONFIG_OF platforms
support that infrastructure, in particular Sparc does not so the
build fails.

Please push a patch like the following to Linus so that this code only
gets built where it actually should.

--------------------
usb/isp1760: Add missing CONFIG_OF_IRQ dependency on OF code.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
12 years agonet: Add a flow_cache_flush_deferred function
Steffen Klassert [Wed, 21 Dec 2011 21:48:08 +0000 (16:48 -0500)]
net: Add a flow_cache_flush_deferred function

flow_cach_flush() might sleep but can be called from
atomic context via the xfrm garbage collector. So add
a flow_cache_flush_deferred() function and use this if
the xfrm garbage colector is invoked from within the
packet path.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoipv4: reintroduce route cache garbage collector
Eric Dumazet [Wed, 21 Dec 2011 20:47:16 +0000 (15:47 -0500)]
ipv4: reintroduce route cache garbage collector

Commit 2c8cec5c10b (ipv4: Cache learned PMTU information in inetpeer)
removed IP route cache garbage collector a bit too soon, as this gc was
responsible for expired routes cleanup, releasing their neighbour
reference.

As pointed out by Robert Gladewitz, recent kernels can fill and exhaust
their neighbour cache.

Reintroduce the garbage collection, since we'll have to wait our
neighbour lookups become refcount-less to not depend on this stuff.

Reported-by: Robert Gladewitz <gladewitz@gmx.de>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoirda: use msecs_to_jiffies() rather than manual calculation
Xi Wang [Wed, 21 Dec 2011 02:57:16 +0000 (02:57 +0000)]
irda: use msecs_to_jiffies() rather than manual calculation

Also use mod_timer() instead of direct assignment to "expires".

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agostmmac: update the driver's documentation (Dec-2011)
Giuseppe CAVALLARO [Wed, 21 Dec 2011 03:58:20 +0000 (03:58 +0000)]
stmmac: update the driver's documentation (Dec-2011)

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agostmmac: add the experimental PCI support
Giuseppe CAVALLARO [Wed, 21 Dec 2011 03:58:19 +0000 (03:58 +0000)]
stmmac: add the experimental PCI support

This patch adds the PCI support (as EXPERIMENTAL)
this has been also tested on XLINX XC2V3000 FF1152AMT0221
D1215994A VIRTEX FPGA board.
To support the PCI bus the main part has been reworked
and both the platform and the PCI specific parts have
been moved into different files.

Signed-off-by: Rayagond Kokatanur <rayagond@vayavyalabs.com>
Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosch_sfq: rehash queues in perturb timer
Eric Dumazet [Wed, 21 Dec 2011 03:30:11 +0000 (03:30 +0000)]
sch_sfq: rehash queues in perturb timer

A known Out Of Order (OOO) problem hurts SFQ when timer changes
perturbation value, since all new packets delivered to SFQ enqueue might
end on different slots than previous in-flight packets.

With round robin delivery, we can thus deliver packets in a different
order.

Since SFQ is limited to small amount of in-flight packets, we can rehash
packets so that this OOO problem is fixed.

This rehashing is performed only if internal flow classifier is in use.

We now store in skb->cb[] the "struct flow_keys" so that we dont call
skb_flow_dissect() again while rehashing.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: ethernet: xilinx: Don't use NO_IRQ in xilinx
Michal Simek [Wed, 21 Dec 2011 20:42:50 +0000 (15:42 -0500)]
net: ethernet: xilinx: Don't use NO_IRQ in xilinx

Fix ll_temac and emaclite drivers. Only Microblaze and Xilinx PPC
use then and both use NO_IRQ as 0. It will be removed in near future.

Signed-off-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
John W. Linville [Wed, 21 Dec 2011 18:18:22 +0000 (13:18 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless into for-davem

12 years agotcp: Replace constants with #define macros
Vijay Subramanian [Tue, 20 Dec 2011 13:23:24 +0000 (13:23 +0000)]
tcp: Replace constants with #define macros

to record the state of SACK/FACK and DSACK for better readability and maintenance.

Signed-off-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agofirmware: Refer to the co-maintained linux-firmware.git repository
Ben Hutchings [Wed, 21 Dec 2011 03:54:24 +0000 (03:54 +0000)]
firmware: Refer to the co-maintained linux-firmware.git repository

David and I are sharing maintenance of this repository.  Patches
should be sent to both of us.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoMerge git://git.infradead.org/mtd-2.6
Linus Torvalds [Wed, 21 Dec 2011 02:39:37 +0000 (18:39 -0800)]
Merge git://git.infradead.org/mtd-2.6

* git://git.infradead.org/mtd-2.6:
  mtd: plat_ram: call mtd_device_register only if partition data exists
  mtd: pxa2xx-flash.c: It used to fall back to provided table.
  mtd: gpmi: add missing include 'module.h'
  mtd: ndfc: fix typo in structure dereference

12 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
Linus Torvalds [Wed, 21 Dec 2011 02:31:34 +0000 (18:31 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/cjb/mmc

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
  mmc: vub300: fix type of firmware_rom_wait_states module parameter
  Revert "mmc: enable runtime PM by default"
  mmc: sdhci: remove "state" argument from sdhci_suspend_host

12 years agoSELinux: Fix RCU deref check warning in sel_netport_insert()
David Howells [Tue, 13 Dec 2011 14:49:04 +0000 (14:49 +0000)]
SELinux: Fix RCU deref check warning in sel_netport_insert()

Fix the following bug in sel_netport_insert() where rcu_dereference() should
be rcu_dereference_protected() as sel_netport_lock is held.

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/selinux/netport.c:127 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by ossec-rootcheck/3323:
 #0:  (sel_netport_lock){+.....}, at: [<ffffffff8117d775>] sel_netport_sid+0xbb/0x226

stack backtrace:
Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
Call Trace:
 [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
 [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
 [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
 [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
 [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
 [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
 [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
 [<ffffffff812ba967>] sys_bind+0x56/0x95
 [<ffffffff81380dac>] ? sysret_check+0x27/0x62
 [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
 [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
 [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
12 years agoMerge branch 'evm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kasatkin...
James Morris [Wed, 21 Dec 2011 00:28:16 +0000 (11:28 +1100)]
Merge branch 'evm-fixes' of git://git./linux/kernel/git/kasatkin/linux-digsig into for-linus

12 years agoMerge branch 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj...
Linus Torvalds [Tue, 20 Dec 2011 19:44:18 +0000 (11:44 -0800)]
Merge branch 'for-3.2-fixes' of git://git./linux/kernel/git/tj/cgroup

* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroups: fix a css_set not found bug in cgroup_attach_proc

12 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 20 Dec 2011 19:43:08 +0000 (11:43 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, dumpstack: Fix code bytes breakage due to missing KERN_CONT

12 years agoMerge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 20 Dec 2011 19:42:38 +0000 (11:42 -0800)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  time/clocksource: Fix kernel-doc warnings
  rtc: m41t80: Workaround broken alarm functionality
  rtc: Expire alarms after the time is set.

12 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 20 Dec 2011 19:41:17 +0000 (11:41 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  oprofile: Fix uninitialized memory access when writing to writing to oprofilefs

12 years agoMerge branch 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kerne...
Linus Torvalds [Tue, 20 Dec 2011 19:40:48 +0000 (11:40 -0800)]
Merge branch 'stable/for-linus-fixes-3.2' of git://git./linux/kernel/git/konrad/xen

* 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  Revert "xen/pv-on-hvm kexec: add xs_reset_watches to shutdown watches from old kernel"

12 years agoMerge branch 'sh-fixes-for-linus' of git://github.com/pmundt/linux-sh
Linus Torvalds [Tue, 20 Dec 2011 19:39:21 +0000 (11:39 -0800)]
Merge branch 'sh-fixes-for-linus' of git://github.com/pmundt/linux-sh

* 'sh-fixes-for-linus' of git://github.com/pmundt/linux-sh:
  sh: fix build warning in board-sh7757lcr

12 years agoMerge branch 'rmobile-fixes-for-linus' of git://github.com/pmundt/linux-sh
Linus Torvalds [Tue, 20 Dec 2011 19:32:18 +0000 (11:32 -0800)]
Merge branch 'rmobile-fixes-for-linus' of git://github.com/pmundt/linux-sh

* 'rmobile-fixes-for-linus' of git://github.com/pmundt/linux-sh:
  ARM: mach-shmobile: SH73A0 external Ethernet fix
  ARM: mach-shmobile: AG5EVM GIC Sparse IRQ fix
  ARM: mach-shmobile: Kota2 TPU LED platform data
  ARM: mach-shmobile: Kota2 GIC Sparse IRQ fix
  ARM: mach-shmobile: Kota2 PINT fix

12 years agoMerge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Linus Torvalds [Tue, 20 Dec 2011 19:31:56 +0000 (11:31 -0800)]
Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: Fix a regression in nfs_file_llseek()
  NFSv4: Do not accept delegated opens when a delegation recall is in effect
  NFSv4: Ensure correct locking when accessing the 'lock_states' list
  NFSv4.1: Ensure that we handle _all_ SEQUENCE status bits.
  NFSv4: Don't error if we handled it in nfs4_recovery_handle_error
  SUNRPC: Ensure we always bump the backlog queue in xprt_free_slot
  SUNRPC: Fix the execution time statistics in the face of RPC restarts

12 years agoMerge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Tue, 20 Dec 2011 19:31:44 +0000 (11:31 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  vmwgfx: Clip cliprects against screen boundaries in present and dirty
  vmwgfx: Resend the cursor after legacy modeset
  vmwgfx: Do better culling of presents
  vmwgfx: Refactor kms code to use vmw_user_lookup_handle helper
  vmwgfx: Add helper function to get surface or dmabuf
  vmwgfx: Refactor cursor update
  vmwgfx: Remove dmabuf check in present ioctl
  vmwgfx: Use the revised fifo hw version register when present

12 years agonet: doc: fix many typos in scaling.txt
Shan Wei [Mon, 19 Dec 2011 16:34:15 +0000 (16:34 +0000)]
net: doc: fix many typos in scaling.txt

Fix some trivial typos.

Signed-off-by: Shan Wei <shanwei88@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: have ipconfig not wait if no dev is available
Gerlando Falauto [Mon, 19 Dec 2011 22:58:04 +0000 (22:58 +0000)]
net: have ipconfig not wait if no dev is available

previous commit 3fb72f1e6e6165c5f495e8dc11c5bbd14c73385c
makes IP-Config wait for carrier on at least one network device.

Before waiting (predefined value 120s), check that at least one device
was successfully brought up. Otherwise (e.g. buggy bootloader
which does not set the MAC address) there is no point in waiting
for carrier.

Cc: Micha Nelissen <micha@neli.hopto.org>
Cc: Holger Brunck <holger.brunck@keymile.com>
Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoqeth: recovery through asynchronous delivery
Einar Lueck [Mon, 19 Dec 2011 22:56:36 +0000 (22:56 +0000)]
qeth: recovery through asynchronous delivery

If recovery is triggered in presence of pending asynchronous
deliveries of storage blocks we do a forced cleanup after
the corresponding tasklets are completely stopped and trigger
appropriate notifications for the correspondingerror state.

Signed-off-by: Einar Lueck <elelueck@de.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoqeth: improve recovery during resource shortage
Frank Blaschka [Mon, 19 Dec 2011 22:56:35 +0000 (22:56 +0000)]
qeth: improve recovery during resource shortage

In case there are no system resources to run a recovery we have to clear
recovery bitmasks so a further automatic or manual driven recovery can
fix up the device.

Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonetiucv: allow multiple interfaces to same peer
Ursula Braun [Mon, 19 Dec 2011 22:56:34 +0000 (22:56 +0000)]
netiucv: allow multiple interfaces to same peer

The NETIUCV device driver allows to connect a Linux guest on z/VM to
another z/VM guest based on the z/VM communication facility IUCV.
Multiple output paths to different guests are possible, as well as
multiple input paths from different guests.
With this feature, you can configure multiple point-to-point NETIUCV
interfaces between your Linux on System z instance and another z/VM
guest.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoqeth: forbid recovery during shutdown
Ursula Braun [Mon, 19 Dec 2011 22:56:33 +0000 (22:56 +0000)]
qeth: forbid recovery during shutdown

A recovery does not make sense during shutdown and may even cause an
error like this:

qeth 0.0.f503: A recovery process has been started for the device
Badness at drivers/s390/cio/qdio_main.c:1156
Modules linked in: autofs4 sunrpc dm_multipath scsi_dh scsi_mod qeth_l3 ipv6 vmu
r qeth qdio ccwgroup ext3 jbd mbcache dasd_eckd_mod dasd_mod dm_mirror dm_region
_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
CPU: 3 Not tainted 2.6.32-202.el6.s390x #1
Process qeth_recover (pid: 1498, task: 000000003efe2040, ksp: 000000003d5e3b80)
Krnl PSW : 0404200180000000 000003c000be6da8 (qdio_int_handler+0x88/0x43c [qdio]
)
           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
Krnl GPRS: ffffffffffff3bac 0000000000000005 0000000000000000 fffffffffffffff4
           0000000000000000 000000000000000c 0000000000000000 000000003ca97000
           0000000000000380 fffffffffffffff4 000000003f22d800 000000003f22c478
           000003c000bdf000 000003c000bea270 000000003f447e10 000000003f447db0
Krnl Code: 000003c000be6d9ac21f00000004       clfi    %r1,4
           000003c000be6da0a7c40021           brc     12,3c000be6de2
           000003c000be6da4a7f40001           brc     15,3c000be6da6
          >000003c000be6da8e320a0080004       lg      %r2,8(%r10)
           000003c000be6daea7390003           lghi    %r3,3
           000003c000be6db2a72b0178           aghi    %r2,376
           000003c000be6db6a7490001           lghi    %r4,1
           000003c000be6dbaa7590000           lghi    %r5,0
Call Trace:
([<000000000080ee80>] __per_cpu_offset+0x0/0x200)
[<00000000003d90e8>] ccw_device_call_handler+0x70/0xcc
[<00000000003d83a2>] ccw_device_irq+0x82/0x180
[<00000000003cc6a8>] do_IRQ+0x16c/0x1ec
[<0000000000118abe>] io_return+0x0/0x8
[<000003c000d04c74>] qeth_determine_capabilities+0x208/0x5cc [qeth]
([<000003c000d04c4a>] qeth_determine_capabilities+0x1de/0x5cc [qeth])
[<000003c000d0a6e0>] qeth_core_hardsetup_card+0x160/0x1258 [qeth]
[<000003c000f49f56>] __qeth_l3_set_online+0x132/0xb14 [qeth_l3]
[<000003c000f4ac70>] qeth_l3_recover+0x168/0x224 [qeth_l3]
[<000000000016e210>] kthread+0xa4/0xac
[<0000000000109c6e>] kernel_thread_starter+0x6/0xc
[<0000000000109c68>] kernel_thread_starter+0x0/0xc

The patch forbids start of a recovery once qeth shutdown is running.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoqeth: suspicious rcu_dereference_check in recovery
Ursula Braun [Mon, 19 Dec 2011 22:56:32 +0000 (22:56 +0000)]
qeth: suspicious rcu_dereference_check in recovery

qeth layer3 recovery invokes its set_multicast_list function, which
invokes function __vlan_find_dev_deep requiring rcu_read_lock or
rtnl lock. This causes kernel messages:

kernel: [ INFO: suspicious rcu_dereference_check() usage. ]
kernel: ---------------------------------------------------
kernel: net/8021q/vlan_core.c:70 invoked rcu_dereference_check() without protection!

kernel: stack backtrace:
kernel: CPU: 0 Not tainted 3.1.0 #9
kernel: Process qeth_recover (pid: 2078, task: 000000007e584680, ksp: 000000007e3e3930)
kernel: 000000007e3e3d08 000000007e3e3c88 0000000000000002 0000000000000000
kernel:       000000007e3e3d28 000000007e3e3ca0 000000007e3e3ca0 00000000005e77ce
kernel:       0000000000000000 0000000000000001 ffffffffffffffff 0000000000000001
kernel:       000000000000000d 000000000000000c 000000007e3e3cf0 0000000000000000
kernel:       0000000000000000 0000000000100a18 000000007e3e3c88 000000007e3e3cc8
kernel: Call Trace:
kernel: ([<0000000000100926>] show_trace+0xee/0x144)
kernel: [<00000000005d395c>] __vlan_find_dev_deep+0xb0/0x108
kernel: [<00000000004acd3a>] qeth_l3_set_multicast_list+0x976/0xe38
kernel: [<00000000004ae0f4>] __qeth_l3_set_online+0x75c/0x1498
kernel: [<00000000004aefec>] qeth_l3_recover+0xc4/0x1d0
kernel: [<0000000000185372>] kthread+0xa6/0xb0
kernel: [<00000000005ed4c6>] kernel_thread_starter+0x6/0xc
kernel: [<00000000005ed4c0>] kernel_thread_starter+0x0/0xc

The patch makes sure the rtnl lock is held once qeth recovery invokes
its set_multicast_list function.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaf_iucv: get rid of state IUCV_SEVERED
Ursula Braun [Mon, 19 Dec 2011 22:56:31 +0000 (22:56 +0000)]
af_iucv: get rid of state IUCV_SEVERED

af_iucv differs unnecessarily between state IUCV_SEVERED and
IUCV_DISCONN. This patch removes state IUCV_SEVERED.
While simplifying af_iucv, this patch removes the 2nd invocation of
cpcmd as well.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaf_iucv: remove unused timer infrastructure
Ursula Braun [Mon, 19 Dec 2011 22:56:30 +0000 (22:56 +0000)]
af_iucv: remove unused timer infrastructure

af_iucv contains timer infrastructure which is not exploited.
This patch removes the timer related code parts.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaf_iucv: release reference to HS device
Ursula Braun [Mon, 19 Dec 2011 22:56:29 +0000 (22:56 +0000)]
af_iucv: release reference to HS device

For HiperSockets transport skbs sent are bound to one of the
available HiperSockets devices. Add missing release of reference to
a HiperSockets device before freeing an skb.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaf_iucv: accelerate close for HS transport
Ursula Braun [Mon, 19 Dec 2011 22:56:28 +0000 (22:56 +0000)]
af_iucv: accelerate close for HS transport

Closing an af_iucv socket may wait for confirmation of outstanding
send requests. This patch adds confirmation code for the new
HiperSockets transport.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoaf_iucv: support ancillary data with HS transport
Ursula Braun [Mon, 19 Dec 2011 22:56:27 +0000 (22:56 +0000)]
af_iucv: support ancillary data with HS transport

The AF_IUCV address family offers support for ancillary data.
This patch enables usage of ancillary data with the new
HiperSockets transport.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agosctp: Do not account for sizeof(struct sk_buff) in estimated rwnd
Thomas Graf [Mon, 19 Dec 2011 04:11:40 +0000 (04:11 +0000)]
sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd

When checking whether a DATA chunk fits into the estimated rwnd a
full sizeof(struct sk_buff) is added to the needed chunk size. This
quickly exhausts the available rwnd space and leads to packets being
sent which are much below the PMTU limit. This can lead to much worse
performance.

The reason for this behaviour was to avoid putting too much memory
pressure on the receiver. The concept is not completely irational
because a Linux receiver does in fact clone an skb for each DATA chunk
delivered. However, Linux also reserves half the available socket
buffer space for data structures therefore usage of it is already
accounted for.

When proposing to change this the last time it was noted that this
behaviour was introduced to solve a performance issue caused by rwnd
overusage in combination with small DATA chunks.

Trying to reproduce this I found that with the sk_buff overhead removed,
the performance would improve significantly unless socket buffer limits
are increased.

The following numbers have been gathered using a patched iperf
supporting SCTP over a live 1 Gbit ethernet network. The -l option
was used to limit DATA chunk sizes. The numbers listed are based on
the average of 3 test runs each. Default values have been used for
sk_(r|w)mem.

Chunk
Size    Unpatched     No Overhead
-------------------------------------
   4    15.2 Kbit [!]   12.2 Mbit [!]
   8    35.8 Kbit [!]   26.0 Mbit [!]
  16    95.5 Kbit [!]   54.4 Mbit [!]
  32   106.7 Mbit      102.3 Mbit
  64   189.2 Mbit      188.3 Mbit
 128   331.2 Mbit      334.8 Mbit
 256   537.7 Mbit      536.0 Mbit
 512   766.9 Mbit      766.6 Mbit
1024   810.1 Mbit      808.6 Mbit

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agoMerge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab...
Linus Torvalds [Tue, 20 Dec 2011 18:49:39 +0000 (10:49 -0800)]
Merge branch 'v4l_for_linus' of git://git./linux/kernel/git/mchehab/linux-media

* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (31 commits)
  Revert "[media] af9015: limit I2C access to keep FW happy"
  [media] s5p-fimc: Fix camera input configuration in subdev operations
  [media] m5mols: Fix logic in sanity check
  [media] ati_remote: switch to single-byte scancodes
  [media] V4L: mt9m111: fix uninitialised mutex
  [media] V4L: omap1_camera: fix missing <linux/module.h> include
  [media] V4L: mt9t112: use after free in mt9t112_probe()
  [media] V4L: soc-camera: fix compiler warnings on 64-bit platforms
  [media] s5p_mfc_enc: fix s/H264/H263/ typo
  [media] omap_vout: Fix compile error in 3.1
  [media] au0828: add missing models 72101, 72201 & 72261 to the model matrix
  [media] au0828: add missing USB ID 2040:7213
  [media] au0828: add missing USB ID 2040:7260
  [media] [trivial] omap24xxcam-dma: Fix logical test
  [media] omap_vout: fix crash if no driver for a display
  [media] media: video: s5p-tv: fix build break
  [media] omap3isp: fix compilation of ispvideo.c
  [media] m5mols: Fix set_fmt to return proper pixel format code
  [media] s5p-fimc: Use correct fourcc for RGB565 colour format
  [media] s5p-fimc: Fail driver probing when sensor configuration is wrong
  ...

12 years agomacvtap: Fix macvtap_get_queue to use rxhash first
Krishna Kumar [Wed, 23 Nov 2011 22:17:14 +0000 (22:17 +0000)]
macvtap: Fix macvtap_get_queue to use rxhash first

It was reported that the macvtap device selects a
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agomlx4_en: FIX: Setting default_qpn before using it
Yevgeny Petrilin [Mon, 19 Dec 2011 21:53:38 +0000 (21:53 +0000)]
mlx4_en: FIX: Setting default_qpn before using it

When UDP RSS is enabled, we use same QPN for TCP and UDP ranges
The bug is that the default_qpn was used base UDP qpn before it
was set.
Fixes bug introduced in commit: 1202d460b1df3a77fda66f4ba5f90ae3527dd42f

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agonet: unix -- Add missing module.h inclusion
Cyrill Gorcunov [Tue, 20 Dec 2011 04:33:03 +0000 (04:33 +0000)]
net: unix -- Add missing module.h inclusion

Otherwise getting

 | net/unix/diag.c:312:16: error: expected declaration specifiers or ‘...’ before string constant
 | net/unix/diag.c:313:1: error: expected declaration specifiers or ‘...’ before string constant

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 years agobinary_sysctl(): fix memory leak
Michel Lespinasse [Tue, 20 Dec 2011 01:12:06 +0000 (17:12 -0800)]
binary_sysctl(): fix memory leak

binary_sysctl() calls sysctl_getname() which allocates from names_cache
slab usin __getname()

The matching function to free the name is __putname(), and not putname()
which should be used only to match getname() allocations.

This is because when auditing is enabled, putname() calls audit_putname
*instead* (not in addition) to __putname().  Then, if a syscall is in
progress, audit_putname does not release the name - instead, it expects
the name to get released when the syscall completes, but that will happen
only if audit_getname() was called previously, i.e.  if the name was
allocated with getname() rather than the naked __getname().  So,
__getname() followed by putname() ends up leaking memory.

Signed-off-by: Michel Lespinasse <walken@google.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Eric Paris <eparis@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agomm/vmalloc.c: remove static declaration of va from __get_vm_area_node
Kautuk Consul [Tue, 20 Dec 2011 01:12:04 +0000 (17:12 -0800)]
mm/vmalloc.c: remove static declaration of va from __get_vm_area_node

Static storage is not required for the struct vmap_area in
__get_vm_area_node.

Removing "static" to store this variable on the stack instead.

Signed-off-by: Kautuk Consul <consul.kautuk@gmail.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agoipmi_watchdog: restore settings when BMC reset
Corey Minyard [Tue, 20 Dec 2011 01:12:02 +0000 (17:12 -0800)]
ipmi_watchdog: restore settings when BMC reset

If the BMC gets reset, it will return 0x80 response errors.

In less than a week
# grep "Error 80 on cmd 22" /var/log/kernel |wc -l
378681

In this case, it is probably a good idea to restore the IPMI settings.

Signed-off-by: Corey Minyard <cminyard@mvista.com>
Tested-by: Arkadiusz Miśkiewicz <a.miskiewicz@gmail.com>
Reported-by: Arkadiusz Miśkiewicz <a.miskiewicz@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agooom: fix integer overflow of points in oom_badness
Frantisek Hrbata [Tue, 20 Dec 2011 01:11:59 +0000 (17:11 -0800)]
oom: fix integer overflow of points in oom_badness

An integer overflow will happen on 64bit archs if task's sum of rss,
swapents and nr_ptes exceeds (2^31)/1000 value.  This was introduced by
commit

f755a04 oom: use pte pages in OOM score

where the oom score computation was divided into several steps and it's no
longer computed as one expression in unsigned long(rss, swapents, nr_pte
are unsigned long), where the result value assigned to points(int) is in
range(1..1000).  So there could be an int overflow while computing

176          points *= 1000;

and points may have negative value. Meaning the oom score for a mem hog task
will be one.

196          if (points <= 0)
197                  return 1;

For example:
[ 3366]     0  3366 35390480 24303939   5       0             0 oom01
Out of memory: Kill process 3366 (oom01) score 1 or sacrifice child

Here the oom1 process consumes more than 24303939(rss)*4096~=92GB physical
memory, but it's oom score is one.

In this situation the mem hog task is skipped and oom killer kills another and
most probably innocent task with oom score greater than one.

The points variable should be of type long instead of int to prevent the
int overflow.

Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org> [2.6.36+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agomemcg: keep root group unchanged if creation fails
Hillf Danton [Tue, 20 Dec 2011 01:11:57 +0000 (17:11 -0800)]
memcg: keep root group unchanged if creation fails

If the request is to create non-root group and we fail to meet it, we
should leave the root unchanged.

Signed-off-by: Hillf Danton <dhillf@gmail.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Balbir Singh <bsingharora@gmail.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agonilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
Haogang Chen [Tue, 20 Dec 2011 01:11:56 +0000 (17:11 -0800)]
nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()

There is a potential integer overflow in nilfs_ioctl_clean_segments().
When a large argv[n].v_nmembs is passed from the userspace, the subsequent
call to vmalloc() will allocate a buffer smaller than expected, which
leads to out-of-bound access in nilfs_ioctl_move_blocks() and
lfs_clean_segments().

The following check does not prevent the overflow because nsegs is also
controlled by the userspace and could be very large.

if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
goto out_free;

This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
returns -EINVAL when overflow.

Signed-off-by: Haogang Chen <haogangchen@gmail.com>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agonilfs2: unbreak compat ioctl
Thomas Meyer [Tue, 20 Dec 2011 01:11:55 +0000 (17:11 -0800)]
nilfs2: unbreak compat ioctl

commit 828b1c50ae ("nilfs2: add compat ioctl") incidentally broke all
other NILFS compat ioctls.  Make them work again.

Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org> [3.0+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
12 years agocpusets: stall when updating mems_allowed for mempolicy or disjoint nodemask
David Rientjes [Tue, 20 Dec 2011 01:11:52 +0000 (17:11 -0800)]
cpusets: stall when updating mems_allowed for mempolicy or disjoint nodemask

Kernels where MAX_NUMNODES > BITS_PER_LONG may temporarily see an empty
nodemask in a tsk's mempolicy if its previous nodemask is remapped onto a
new set of allowed cpuset nodes where the two nodemasks, as a result of
the remap, are now disjoint.

c0ff7453bb5c ("cpuset,mm: fix no node to alloc memory when changing
cpuset's mems") adds get_mems_allowed() to prevent the set of allowed
nodes from changing for a thread.  This causes any update to a set of
allowed nodes to stall until put_mems_allowed() is called.

This stall is unncessary, however, if at least one node remains unchanged
in the update to the set of allowed nodes.  This was addressed by
89e8a244b97e ("cpusets: avoid looping when storing to mems_allowed if one
node remains set"), but it's still possible that an empty nodemask may be
read from a mempolicy because the old nodemask may be remapped to the new
nodemask during rebind.  To prevent this, only avoid the stall if there is
no mempolicy for the thread being changed.

This is a temporary solution until all reads from mempolicy nodemasks can
be guaranteed to not be empty without the get_mems_allowed()
synchronization.

Also moves the check for nodemask intersection inside task_lock() so that
tsk->mems_allowed cannot change.  This ensures that nothing can set this
tsk's mems_allowed out from under us and also protects tsk->mempolicy.

Reported-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Paul Menage <paul@paulmenage.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>