GitHub/MotorolaMobilityLLC/kernel-slsi.git
13 years agobridge: notify applications if address of bridge device changes
stephen hemminger [Thu, 24 Mar 2011 13:24:01 +0000 (13:24 +0000)]
bridge: notify applications if address of bridge device changes

The mac address of the bridge device may be changed when a new interface
is added to the bridge. If this happens, then the bridge needs to call
the network notifiers to tickle any other systems that care. Since bridge
can be a module, this also means exporting the notifier function.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Fix IP timestamp option (IPOPT_TS_PRESPEC) handling in ip_options_echo()
Jan Luebbe [Thu, 24 Mar 2011 07:44:22 +0000 (07:44 +0000)]
ipv4: Fix IP timestamp option (IPOPT_TS_PRESPEC) handling in ip_options_echo()

The current handling of echoed IP timestamp options with prespecified
addresses is rather broken since the 2.2.x kernels. As far as i understand
it, it should behave like when originating packets.

Currently it will only timestamp the next free slot if:
 - there is space for *two* timestamps
 - some random data from the echoed packet taken as an IP is *not* a local IP

This first is caused by an off-by-one error. 'soffset' points to the next
free slot and so we only need to have 'soffset + 7 <= optlen'.

The second bug is using sptr as the start of the option, when it really is
set to 'skb_network_header(skb)'. I just use dptr instead which points to
the timestamp option.

Finally it would only timestamp for non-local IPs, which we shouldn't do.
So instead we exclude all unicast destinations, similar to what we do in
ip_options_compile().

Signed-off-by: Jan Luebbe <jluebbe@debian.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocan: c_can: Fix tx_bytes accounting
Jan Altenberg [Mon, 28 Mar 2011 01:24:10 +0000 (18:24 -0700)]
can: c_can: Fix tx_bytes accounting

The current SocketCAN implementation for the Bosch c_can cell doesn't
account the TX bytes correctly, because it calls
c_can_inval_msg_object() (which clears the msg ctrl register) before
reading the DLC value:

for (/* nix */; (priv->tx_next - priv->tx_echo) > 0; priv->tx_echo++) {
        msg_obj_no = get_tx_echo_msg_obj(priv);
        c_can_inval_msg_object(dev, 0, msg_obj_no);
        val = c_can_read_reg32(priv, &priv->regs->txrqst1);
        if (!(val & (1 << msg_obj_no))) {
                can_get_echo_skb(dev,
                                msg_obj_no - C_CAN_MSG_OBJ_TX_FIRST);
                stats->tx_bytes += priv->read_reg(priv,
                                &priv->regs->ifregs[0].msg_cntrl)
                                & IF_MCONT_DLC_MASK;
                stats->tx_packets++;
        }
}

So, we will always read 0 for the DLC value and "ifconfig" will report
*0* TX Bytes.

The fix is quite easy: Just move c_can_inval_msg_object() to the end of
the if() statement. So:
      * We only call c_can_inval_msg_object() if the message was
        actually transmitted
      * We read out the DLC value _before_ clearing the msg ctrl
        register

Signed-off-by: Jan Altenberg <jan@linutronix.de>
Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocan: c_can_platform: fix irq check in probe
Marc Kleine-Budde [Thu, 24 Mar 2011 02:34:33 +0000 (02:34 +0000)]
can: c_can_platform: fix irq check in probe

This patch fixes the check in the probe function whether a IRQ was supplied
to the driver. The original driver check the irq "struct resource *" against
<= 0. Use "platform_get_irq" instead.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: Bhupesh Sharma <bhupesh.sharma@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocan: c_can: disable one shot mode until driver is fixed
Marc Kleine-Budde [Thu, 24 Mar 2011 02:34:32 +0000 (02:34 +0000)]
can: c_can: disable one shot mode until driver is fixed

This patch disables the one shot mode, until the driver has been fixed and
tested to support it.

> I'm quite sure I've seen a situation where msg_obj 17 "seemed" to be
> pending, while msg_obj 18 and 19 already have been transmitted. But
> in that case, I enabled ONESHOT for the can interface, which enables
> the DA mode (automatic retransmission is disabled).

Reported-by: Jan Altenberg <jan@linutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Cc: Bhupesh Sharma <bhupesh.sharma@st.com>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocan: make struct proto const
Oliver Hartkopp [Tue, 22 Mar 2011 08:27:25 +0000 (08:27 +0000)]
can: make struct proto const

can_ioctl is the only reason for struct proto to be non-const.
script/check-patch.pl suggests struct proto be const.

Setting the reference to the common can_ioctl() in all CAN protocols directly
removes the need to make the struct proto writable in af_can.c

Signed-off-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: remove useless comments in net/core/dev.c
Amerigo Wang [Tue, 22 Mar 2011 01:59:47 +0000 (01:59 +0000)]
net: remove useless comments in net/core/dev.c

The code itself can explain what it is doing, no need these comments.

Signed-off-by: WANG Cong <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agorose: Add length checks to CALL_REQUEST parsing
Ben Hutchings [Sun, 20 Mar 2011 06:48:05 +0000 (06:48 +0000)]
rose: Add length checks to CALL_REQUEST parsing

Define some constant offsets for CALL_REQUEST based on the description
at <http://www.techfest.com/networking/wan/x25plp.htm> and the
definition of ROSE as using 10-digit (5-byte) addresses.  Use them
consistently.  Validate all implicit and explicit facilities lengths.
Validate the address length byte rather than either trusting or
assuming its value.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoROSE: prevent heap corruption with bad facilities
Dan Rosenberg [Sat, 19 Mar 2011 20:43:43 +0000 (20:43 +0000)]
ROSE: prevent heap corruption with bad facilities

When parsing the FAC_NATIONAL_DIGIS facilities field, it's possible for
a remote host to provide more digipeaters than expected, resulting in
heap corruption.  Check against ROSE_MAX_DIGIS to prevent overflows, and
abort facilities parsing on failure.

Additionally, when parsing the FAC_CCITT_DEST_NSAP and
FAC_CCITT_SRC_NSAP facilities fields, a remote host can provide a length
of less than 10, resulting in an underflow in a memcpy size, causing a
kernel panic due to massive heap corruption.  A length of greater than
20 results in a stack overflow of the callsign array.  Abort facilities
parsing on these invalid length values.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoirda: validate peer name and attribute lengths
Dan Rosenberg [Sun, 20 Mar 2011 15:32:06 +0000 (15:32 +0000)]
irda: validate peer name and attribute lengths

Length fields provided by a peer for names and attributes may be longer
than the destination array sizes.  Validate lengths to prevent stack
buffer overflows.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoirda: prevent heap corruption on invalid nickname
Dan Rosenberg [Sat, 19 Mar 2011 20:14:30 +0000 (20:14 +0000)]
irda: prevent heap corruption on invalid nickname

Invalid nicknames containing only spaces will result in an underflow in
a memcpy size calculation, subsequently destroying the heap and
panicking.

v2 also catches the case where the provided nickname is longer than the
buffer size, which can result in controllable heap corruption.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agodst: Clone child entry in skb_dst_pop
Steffen Klassert [Tue, 15 Mar 2011 21:09:32 +0000 (21:09 +0000)]
dst: Clone child entry in skb_dst_pop

We clone the child entry in skb_dst_pop before we call
skb_dst_drop(). Otherwise we might kill the child right
before we return it to the caller.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Force a dst refcount before entering the xfrm type handlers
Steffen Klassert [Tue, 15 Mar 2011 21:08:28 +0000 (21:08 +0000)]
xfrm: Force a dst refcount before entering the xfrm type handlers

Crypto requests might return asynchronous. In this case we leave
the rcu protected region, so force a refcount on the skb's
destination entry before we enter the xfrm type input/output
handlers.

This fixes a crash when a route is deleted whilst sending IPsec
data that is transformed by an asynchronous algorithm.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: do not ignore route errors
Julian Anastasov [Sat, 26 Mar 2011 03:33:23 +0000 (20:33 -0700)]
ipv4: do not ignore route errors

The "ipv4: Inline fib_semantic_match into check_leaf"
change forgets to return the route errors. check_leaf should
return the same results as fib_table_lookup.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoroute: Take the right src and dst addresses in ip_route_newports
Steffen Klassert [Fri, 25 Mar 2011 08:28:45 +0000 (01:28 -0700)]
route: Take the right src and dst addresses in ip_route_newports

When we set up the flow informations in ip_route_newports(), we take
the address informations from the the rt_key_src and rt_key_dst fields
of the rtable. They appear to be empty. So take the address
informations from rt_src and rt_dst instead. This issue was introduced
by commit 5e2b61f78411be25f0b84f97d5b5d312f184dfd1 ("ipv4: Remove
flowi from struct rtable.")

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Fix nexthop caching wrt. scoping.
David S. Miller [Fri, 25 Mar 2011 01:06:47 +0000 (18:06 -0700)]
ipv4: Fix nexthop caching wrt. scoping.

Move the scope value out of the fib alias entries and into fib_info,
so that we always use the correct scope when recomputing the nexthop
cached source address.

Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Invalidate nexthop cache nh_saddr more correctly.
David S. Miller [Fri, 25 Mar 2011 00:42:21 +0000 (17:42 -0700)]
ipv4: Invalidate nexthop cache nh_saddr more correctly.

Any operation that:

1) Brings up an interface
2) Adds an IP address to an interface
3) Deletes an IP address from an interface

can potentially invalidate the nh_saddr value, requiring
it to be recomputed.

Perform the recomputation lazily using a generation ID.

Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: fix pch_gbe section mismatch warning
Randy Dunlap [Thu, 24 Mar 2011 23:16:02 +0000 (16:16 -0700)]
net: fix pch_gbe section mismatch warning

Fix section mismatch warning by renaming the pci_driver variable to a
recognized (whitelisted) name.

WARNING: drivers/net/pch_gbe/pch_gbe.o(.data+0x1f8): Section mismatch in reference from the variable pch_gbe_pcidev to the variable .devinit.rodata:pch_gbe_pcidev_id
The variable pch_gbe_pcidev references
the variable __devinitconst pch_gbe_pcidev_id
If the reference is valid then annotate the
variable with __init* or __refdata (see linux/init.h) or name the variable:
*driver, *_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: fix fib metrics
Eric Dumazet [Thu, 24 Mar 2011 07:01:24 +0000 (07:01 +0000)]
ipv4: fix fib metrics

Alessandro Suardi reported that we could not change route metrics :

ip ro change default .... advmss 1400

This regression came with commit 9c150e82ac50 (Allocate fib metrics
dynamically). fib_metrics is no longer an array, but a pointer to an
array.

Reported-by: Alessandro Suardi <alessandro.suardi@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Alessandro Suardi <alessandro.suardi@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: Removing HW info from ethtool -i report.
Yevgeny Petrilin [Thu, 24 Mar 2011 18:47:51 +0000 (11:47 -0700)]
mlx4_en: Removing HW info from ethtool -i report.

Avoiding abuse of ethtool_drvinfo.driver field.
HW specific info can be retrieved using lspci.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Thu, 24 Mar 2011 18:43:09 +0000 (11:43 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

13 years agonet_sched: fix THROTTLED/RUNNING race
Eric Dumazet [Thu, 24 Mar 2011 07:13:14 +0000 (00:13 -0700)]
net_sched: fix THROTTLED/RUNNING race

commit fd245a4adb52 (net_sched: move TCQ_F_THROTTLED flag)
added a race.

qdisc_watchdog() is run from softirq, so special care should be taken or
we can lose one state transition (THROTTLED/RUNNING)

Prior to fd245a4adb52, we were manipulating q->flags (qdisc->flags &=
~TCQ_F_THROTTLED;) and this manipulation could only race with
qdisc_warn_nonwc().

Since we want to avoid atomic ops in qdisc fast path - it was the
meaning of commit 371121057607e (QDISC_STATE_RUNNING dont need atomic
bit ops) - fix is to move THROTTLE bit into 'state' field, this one
being manipulated with SMP and IRQ safe operations.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoMerge branch 'sfc-2.6.39' of git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-2.6
David S. Miller [Wed, 23 Mar 2011 22:56:02 +0000 (15:56 -0700)]
Merge branch 'sfc-2.6.39' of git://git./linux/kernel/git/bwh/sfc-2.6

13 years agodrivers/net/a2065.c: Convert release_resource to release_region/release_mem_region
Julia Lawall [Tue, 22 Mar 2011 07:15:23 +0000 (07:15 +0000)]
drivers/net/a2065.c: Convert release_resource to release_region/release_mem_region

Request_mem_region should be used with release_mem_region, not
release_resource.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression x,E;
@@
*x = request_mem_region(...)
... when != release_mem_region(x)
    when != x = E
* release_resource(x);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agodrivers/net/ariadne.c: Convert release_resource to release_region/release_mem_region
Julia Lawall [Tue, 22 Mar 2011 07:15:21 +0000 (07:15 +0000)]
drivers/net/ariadne.c: Convert release_resource to release_region/release_mem_region

Request_mem_region should be used with release_mem_region, not
release_resource.

The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression x,E;
@@
*x = request_mem_region(...)
... when != release_mem_region(x)
    when != x = E
* release_resource(x);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobonding: fix rx_handler locking
Jiri Pirko [Tue, 22 Mar 2011 02:38:12 +0000 (02:38 +0000)]
bonding: fix rx_handler locking

This prevents possible race between bond_enslave and bond_handle_frame
as reported by Nicolas by moving rx_handler register/unregister.
slave->bond is added to hold pointer to master bonding sructure. That
way dev->master is no longer used in bond_handler_frame.
Also, this removes "BUG: scheduling while atomic" message

Reported-by: Nicolas de Pesloüan <nicolas.2p.debian@gmail.com>
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Tested-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomyri10ge: fix rmmod crash
Stanislaw Gruszka [Wed, 23 Mar 2011 02:44:30 +0000 (02:44 +0000)]
myri10ge: fix rmmod crash

Rmmod myri10ge crash at free_netdev() -> netif_napi_del(), because napi
structures are already deallocated. To fix call netif_napi_del() before
kfree() at myri10ge_free_slices().

Cc: stable@kernel.org
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: updated driver version to 1.5.4.1
Yevgeny Petrilin [Tue, 22 Mar 2011 22:39:05 +0000 (22:39 +0000)]
mlx4_en: updated driver version to 1.5.4.1

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: Using blue flame support
Yevgeny Petrilin [Tue, 22 Mar 2011 22:38:52 +0000 (22:38 +0000)]
mlx4_en: Using blue flame support

Doorbell is used according to usage of BlueFlame.
For Blue Flame to work in Ethernet mode QP number should have 0
at bits 6,7.
Allocating range of QPs accordingly.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_core: reserve UARs for userspace consumers
Eli Cohen [Tue, 22 Mar 2011 22:38:48 +0000 (22:38 +0000)]
mlx4_core: reserve UARs for userspace consumers

Do not allow a kernel consumer to allocate a UAR to serve for blue flame if the
number of available UARs gets below MLX4_NUM_RESERVED_UARS (currently 8). This
will allow userspace apps to open a device file and run things like
ibv_devinfo.

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_core: maintain available field in bitmap allocator
Eli Cohen [Tue, 22 Mar 2011 22:38:45 +0000 (22:38 +0000)]
mlx4_core: maintain available field in bitmap allocator

Add mlx4_bitmap_avail() to give the number of available resources. We want to
use this as a hint to whether to allocate a resources or not. This patch is
introduced to be used with allocation blue flame registers.

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4: Add blue flame support for kernel consumers
Eli Cohen [Tue, 22 Mar 2011 22:38:41 +0000 (22:38 +0000)]
mlx4: Add blue flame support for kernel consumers

Using blue flame can improve latency by allowing the HW to more efficiently
access the WQE. This patch presents two functions that are used to allocate or
release HW resources for using blue flame; the caller need to supply a struct
mlx4_bf object when allocating resources. Consumers that make use of this API
should post doorbells to the UAR object pointed by the initialized struct
mlx4_bf;

Signed-off-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: Enabling new steering
Yevgeny Petrilin [Tue, 22 Mar 2011 22:38:31 +0000 (22:38 +0000)]
mlx4_en: Enabling new steering

The mlx4_en module now uses the new steering mechanism.
The RX packets are now steered through the MCG table instead
of Mac table for unicast, and default entry for multicast.
The feature is enabled through INIT_HCA

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4: Add support for promiscuous mode in the new steering model.
Yevgeny Petrilin [Tue, 22 Mar 2011 22:38:24 +0000 (22:38 +0000)]
mlx4: Add support for promiscuous mode in the new steering model.

For Ethernet mode only,
When we want to register QP as promiscuous, it must be added to all the
existing steering entries and also to the default one.
The promiscuous QP might also be on of "real" QPs,
which means we need to monitor every entry to avoid duplicates and ensure
we close an entry when all it has is promiscuous QPs.
Same mechanism both for unicast and multicast.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4: generalization of multicast steering.
Yevgeny Petrilin [Tue, 22 Mar 2011 22:38:17 +0000 (22:38 +0000)]
mlx4: generalization of multicast steering.

The same packet steering mechanism would be used both for IB and Ethernet,
Both multicasts and unicasts.
This commit prepares the general infrastructure for this.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: Reporting HW revision in ethtool -i
Yevgeny Petrilin [Tue, 22 Mar 2011 22:38:07 +0000 (22:38 +0000)]
mlx4_en: Reporting HW revision in ethtool -i

HW revision is derived from device ID and rev id.

Signed-off-by: Eugenia Emantayev <eugenia@mellanox.co.il>
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4: Wake on LAN support
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:59 +0000 (22:37 +0000)]
mlx4: Wake on LAN support

The driver queries the FW for WOL support.
Ethtool get/set_wol is implemented accordingly.
Only magic packets are supported at the time.

Signed-off-by: Igor Yarovinsky <igory@mellanox.co.il>
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: using new mlx4 interrupt scheme
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:52 +0000 (22:37 +0000)]
mlx4_en: using new mlx4 interrupt scheme

Each RX ring will have its own interrupt vector, and TX rings will share one
(we mostly use polling for TX completions).
The vectors are assigned first time device is opened, and its name includes
the interface name and ring number.

Signed-off-by: Markuze Alex <markuze@mellanox.co.il>
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4: Changing interrupt scheme
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:47 +0000 (22:37 +0000)]
mlx4: Changing interrupt scheme

Adding a pool of MSI-X vectors and EQs that can be used explicitly by mlx4_core
customers (mlx4_ib, mlx4_en). The consumers will assign their own names to the
interrupt vectors. Those vectors are not opened at mlx4 device initialization,
opened by demand.
Changed the max number of possible EQs according to the new scheme, no longer relies on
on number of cores.
The new functionality is exposed through mlx4_assign_eq() and mlx4_release_eq().
Customers that do not use the new API will get completion vectors as before.

Signed-off-by: Markuze Alex <markuze@mellanox.co.il>
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: bringing link up when registering netdevice
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:41 +0000 (22:37 +0000)]
mlx4_en: bringing link up when registering netdevice

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: optimize adaptive moderation algorithm for better latency
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:36 +0000 (22:37 +0000)]
mlx4_en: optimize adaptive moderation algorithm for better latency

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: moderation parameters are not reseted.
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:28 +0000 (22:37 +0000)]
mlx4_en: moderation parameters are not reseted.

Instead of reseting the module parameters each ifup or mtu change,
they are being set once at device initialization
Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomlx4_en: going out of range of TX rings when reporting stats
Yevgeny Petrilin [Tue, 22 Mar 2011 22:37:23 +0000 (22:37 +0000)]
mlx4_en: going out of range of TX rings when reporting stats

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoath9k: Fix TX queue stuck issue.
Senthil Balasubramanian [Wed, 23 Mar 2011 17:37:22 +0000 (23:07 +0530)]
ath9k: Fix TX queue stuck issue.

commit 86271e460a66003dc1f4cbfd845adafb790b7587 introduced a
regression that caused mac80211 queues in stopped state.

ath_drain_all_txq is called in driver flush which would reset
the stopped flag and the mac80211 queues were never started
after that. iperf traffic is completely stalled due to this issue.

Restart the mac80211 queues in driver flush only if the txqs were
drained.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoath9k: Fix kernel panic caused by invalid rate index access.
Senthil Balasubramanian [Wed, 23 Mar 2011 17:37:21 +0000 (23:07 +0530)]
ath9k: Fix kernel panic caused by invalid rate index access.

With the recent tx status optimization in mac80211, we bail out as
and and when invalid rate index is found. So the behavior of resetting
rate idx to -1 and count to 0 has changed for the rate indexes that
were not part of the driver's retry series.

This has resulted in ath9k using incorrect rate table index which
caused the system to panic. Ideally ath9k need to loop only for the
indexes that were part of the retry series and so simply use hw->max_rates
as the loop counter.

Pasted the stack trace of the panic issue for reference.

[  754.093192] BUG: unable to handle kernel paging request at ffff88046a9025b0
[  754.093256] IP: [<ffffffffa02eac49>] ath_tx_status+0x209/0x2f0 [ath9k]
[  754.094888] Call Trace:
[  754.094903]  <IRQ>
[  754.094928]  [<ffffffffa051f883>] ieee80211_tx_status+0x203/0x9e0 [mac80211]
[  754.094975]  [<ffffffffa053e305>] ? __ieee80211_wake_queue+0x125/0x140 [mac80211]
[  754.095017]  [<ffffffffa02e66c9>] ath_tx_complete_buf+0x1b9/0x370 [ath9k]
[  754.095054]  [<ffffffffa02e6fcf>] ath_tx_complete_aggr+0x51f/0xb50 [ath9k]
[  754.095098]  [<ffffffffa05382a3>] ? ieee80211_prepare_and_rx_handle+0x173/0xab0 [mac80211]
[  754.095148]  [<ffffffff81350e62>] ? _raw_spin_unlock_irqrestore+0x32/0x40
[  754.095186]  [<ffffffffa02e9735>] ath_tx_tasklet+0x365/0x4b0 [ath9k]
[  754.095224]  [<ffffffff8107a2a2>] ? clockevents_program_event+0x62/0xa0
[  754.095261]  [<ffffffffa02e2628>] ath9k_tasklet+0x168/0x1c0 [ath9k]
[  754.095298]  [<ffffffff8105599b>] tasklet_action+0x6b/0xe0
[  754.095331]  [<ffffffff81056278>] __do_softirq+0x98/0x120
[  754.095361]  [<ffffffff8100cd5c>] call_softirq+0x1c/0x30
[  754.095393]  [<ffffffff8100efb5>] do_softirq+0x65/0xa0
[  754.095423]  [<ffffffff810563fd>] irq_exit+0x8d/0x90
[  754.095453]  [<ffffffff8100ebc1>] do_IRQ+0x61/0xe0
[  754.095482]  [<ffffffff81351413>] ret_from_intr+0x0/0x15
[  754.095513]  <EOI>
[  754.095531]  [<ffffffff81014375>] ? native_sched_clock+0x15/0x70
[  754.096475]  [<ffffffffa02bcfa6>] ? acpi_idle_enter_bm+0x24d/0x285 [processor]
[  754.096475]  [<ffffffffa02bcf9f>] ? acpi_idle_enter_bm+0x246/0x285 [processor]
[  754.096475]  [<ffffffff8127fab2>] cpuidle_idle_call+0x82/0x100
[  754.096475]  [<ffffffff8100a236>] cpu_idle+0xa6/0xf0
[  754.096475]  [<ffffffff81339bc1>] rest_init+0x91/0xa0
[  754.096475]  [<ffffffff814efccd>] start_kernel+0x3fd/0x408
[  754.096475]  [<ffffffff814ef347>] x86_64_start_reservations+0x132/0x136
[  754.096475]  [<ffffffff814ef451>] x86_64_start_kernel+0x106/0x115
[  754.096475] RIP  [<ffffffffa02eac49>] ath_tx_status+0x209/0x2f0 [ath9k]

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoorinoco: Clear dangling pointer on hardware busy
armadefuego@gmail.com [Tue, 22 Mar 2011 16:49:15 +0000 (09:49 -0700)]
orinoco: Clear dangling pointer on hardware busy

On hardware busy the scan request pointer should be cleared, as higher
levels will release. This avoids a crash when that pointer is
erroneously used later.

Signed-off-by: Joseph J. Gunn <armadefuego@yahoo.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlagn: fix error in command waiting
Johannes Berg [Tue, 22 Mar 2011 10:00:37 +0000 (11:00 +0100)]
iwlagn: fix error in command waiting

Clearly a mistake, since pointers won't suddenly
change their value...

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoipv4: fix ip_rt_update_pmtu()
Eric Dumazet [Wed, 23 Mar 2011 19:18:15 +0000 (12:18 -0700)]
ipv4: fix ip_rt_update_pmtu()

commit 2c8cec5c10bc (Cache learned PMTU information in inetpeer) added
an extra inet_putpeer() call in ip_rt_update_pmtu().

This results in various problems, since we can free one inetpeer, while
it is still in use.

Ref: http://www.spinics.net/lists/netdev/msg159121.html

Reported-by: Alexander Beregalov <a.beregalov@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: Fallback to FIB local table in __ip_dev_find().
David S. Miller [Wed, 23 Mar 2011 04:56:23 +0000 (21:56 -0700)]
ipv4: Fallback to FIB local table in __ip_dev_find().

In commit 9435eb1cf0b76b323019cebf8d16762a50a12a19
("ipv4: Implement __ip_dev_find using new interface address hash.")
we reimplemented __ip_dev_find() so that it doesn't have to
do a full FIB table lookup.

Instead, it consults a hash table of addresses configured to
interfaces.

This works identically to the old code in all except one case,
and that is for loopback subnets.

The old code would match the loopback device for any IP address
that falls within a subnet configured to the loopback device.

Handle this corner case by doing the FIB lookup.

We could implement this via inet_addr_onlink() but:

1) Someone could configure many addresses to loopback and
   inet_addr_onlink() is a simple list traversal.

2) We know the old code works.

Reported-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agotcp: Make undo_ssthresh arg to tcp_undo_cwr() a bool.
David S. Miller [Wed, 23 Mar 2011 02:37:11 +0000 (19:37 -0700)]
tcp: Make undo_ssthresh arg to tcp_undo_cwr() a bool.

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agotcp: avoid cwnd moderation in undo
Yuchung Cheng [Mon, 14 Mar 2011 10:57:03 +0000 (10:57 +0000)]
tcp: avoid cwnd moderation in undo

In the current undo logic, cwnd is moderated after it was restored
to the value prior entering fast-recovery. It was moderated first
in tcp_try_undo_recovery then again in tcp_complete_cwr.

Since the undo indicates recovery was false, these moderations
are not necessary. If the undo is triggered when most of the
outstanding data have been acknowledged, the (restored) cwnd is
falsely pulled down to a small value.

This patch removes these cwnd moderations if cwnd is undone
  a) during fast-recovery
b) by receiving DSACKs past fast-recovery

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobridge: Fix possibly wrong MLD queries' ethernet source address
Linus Lüssing [Tue, 22 Mar 2011 11:40:32 +0000 (11:40 +0000)]
bridge: Fix possibly wrong MLD queries' ethernet source address

The ipv6_dev_get_saddr() is currently called with an uninitialized
destination address. Although in tests it usually seemed to nevertheless
always fetch the right source address, there seems to be a possible race
condition.

Therefore this commit changes this, first setting the destination
address and only after that fetching the source address.

Reported-by: Jan Beulich <JBeulich@novell.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: davinci_emac:Fix translation logic for buffer descriptor
Sriram [Tue, 22 Mar 2011 02:31:03 +0000 (02:31 +0000)]
net: davinci_emac:Fix translation logic for buffer descriptor

With recent changes to the driver(switch to new cpdma layer),
the support for buffer descriptor address translation logic
is broken. This affects platforms where the physical address of
the descriptors as seen by the DMA engine is different from the
physical address.

Original Patch adding translation logic support:
Commit: ad021ae8862209864dc8ebd3b7d3a55ce84b9ea2

Signed-off-by: Sriramakrishnan A G <srk@ti.com>
Tested-By: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv6: ip6_route_output does not modify sk parameter, so make it const
Florian Westphal [Wed, 23 Mar 2011 02:17:36 +0000 (19:17 -0700)]
ipv6: ip6_route_output does not modify sk parameter, so make it const

This avoids explicit cast to avoid 'discards qualifiers'
compiler warning in a netfilter patch that i've been working on.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosfc: Siena: Disable write-combining when SR-IOV is enabled
Steve Hodgson [Tue, 22 Mar 2011 19:46:43 +0000 (19:46 +0000)]
sfc: Siena: Disable write-combining when SR-IOV is enabled

If SR-IOV is enabled by firmware, even if it is not enabled in the PCI
capability, TX pushes using write-combining may be corrupted.

We want to know whether it is enabled before mapping the NIC
registers, and even if PCI extended capabilities are not accessible.
Therefore, we look for the MSI capability, which is removed if SR-IOV
is enabled.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Tue, 22 Mar 2011 21:36:18 +0000 (14:36 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

13 years agoipv4: optimize route adding on secondary promotion
Julian Anastasov [Sat, 19 Mar 2011 12:13:54 +0000 (12:13 +0000)]
ipv4: optimize route adding on secondary promotion

Optimize the calling of fib_add_ifaddr for all
secondary addresses after the promoted one to start from
their place, not from the new place of the promoted
secondary. It will save some CPU cycles because we
are sure the promoted secondary was first for the subnet
and all next secondaries do not change their place.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: remove the routes on secondary promotion
Julian Anastasov [Sat, 19 Mar 2011 12:13:52 +0000 (12:13 +0000)]
ipv4: remove the routes on secondary promotion

The secondary address promotion relies on fib_sync_down_addr
to remove all routes created for the secondary addresses when
the old primary address is deleted. It does not happen for cases
when the primary address is also in another subnet. Fix that
by deleting local and broadcast routes for all secondaries while
they are on device list and by faking that all addresses from
this subnet are to be deleted. It relies on fib_del_ifaddr being
able to ignore the IPs from the concerned subnet while checking
for duplication.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: fix route deletion for IPs on many subnets
Julian Anastasov [Sat, 19 Mar 2011 12:13:49 +0000 (12:13 +0000)]
ipv4: fix route deletion for IPs on many subnets

Alex Sidorenko reported for problems with local
routes left after IP addresses are deleted. It happens
when same IPs are used in more than one subnet for the
device.

Fix fib_del_ifaddr to restrict the checks for duplicate
local and broadcast addresses only to the IFAs that use
our primary IFA or another primary IFA with same address.
And we expect the prefsrc to be matched when the routes
are deleted because it is possible they to differ only by
prefsrc. This patch prevents local and broadcast routes
to be leaked until their primary IP is deleted finally
from the box.

As the secondary address promotion needs to delete
the routes for all secondaries that used the old primary IFA,
add option to ignore these secondaries from the checks and
to assume they are already deleted, so that we can safely
delete the route while these IFAs are still on the device list.

Reported-by: Alex Sidorenko <alexandre.sidorenko@hp.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipv4: match prefsrc when deleting routes
Julian Anastasov [Sat, 19 Mar 2011 12:13:46 +0000 (12:13 +0000)]
ipv4: match prefsrc when deleting routes

fib_table_delete forgets to match the routes by prefsrc.
Callers can specify known IP in fc_prefsrc and we should remove
the exact route. This is needed for cases when same local or
broadcast addresses are used in different subnets and the
routes differ only in prefsrc. All callers that do not provide
fc_prefsrc will ignore the route prefsrc as before and will
delete the first occurence. That is how the ip route del default
magic works.

Current callers are:

- ip_rt_ioctl where rtentry_to_fib_config provides fc_prefsrc only
when the provided device name matches IP label with colon.

- inet_rtm_delroute where RTA_PREFSRC is optional too

- fib_magic which deals with routes when deleting addresses
and where the fc_prefsrc is always set with the primary IP
for the concerned IFA.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoNET: smsc95xx: don't use stack for async writes to the device
Marc Zyngier [Fri, 18 Mar 2011 03:53:58 +0000 (03:53 +0000)]
NET: smsc95xx: don't use stack for async writes to the device

The set_multicast operation performs asynchronous writes to the
device, with some addresses pointing to the stack. Bad things may
happen, and this is trapped CONFIG_DMA_API_DEBUG:

[    5.237762] WARNING: at /build/buildd/linux-linaro-omap-2.6.38/lib/dma-debug.c:867 check_for_stack+0xd4/0x100()
[    5.237792] ehci-omap ehci-omap.0: DMA-API: device driver maps memory fromstack [addr=d9c77dec]
[    5.237792] Modules linked in: smsc95xx(+) usbnet twl6030_usb twl4030_pwrbutton leds_gpio omap_wdt omap2_mcspi
[    5.237854] [<c006d618>] (unwind_backtrace+0x0/0xf8) from [<c00a6a14>] (warn_slowpath_common+0x54/0x64)
[    5.237884] [<c00a6a14>] (warn_slowpath_common+0x54/0x64) from [<c00a6ab8>] (warn_slowpath_fmt+0x30/0x40)
[    5.237915] [<c00a6ab8>] (warn_slowpath_fmt+0x30/0x40) from [<c034e9d8>] (check_for_stack+0xd4/0x100)
[    5.237915] [<c034e9d8>] (check_for_stack+0xd4/0x100) from [<c034fea8>] (debug_dma_map_page+0xb4/0xdc)
[    5.237976] [<c034fea8>] (debug_dma_map_page+0xb4/0xdc) from [<c04242f0>] (map_urb_for_dma+0x26c/0x304)
[    5.237976] [<c04242f0>] (map_urb_for_dma+0x26c/0x304) from [<c0424594>] (usb_hcd_submit_urb+0x78/0x19c)
[    5.238037] [<c0424594>] (usb_hcd_submit_urb+0x78/0x19c) from [<bf049c5c>] (smsc95xx_write_reg_async+0xb4/0x130 [smsc95xx])
[    5.238067] [<bf049c5c>] (smsc95xx_write_reg_async+0xb4/0x130 [smsc95xx]) from [<bf049dd4>] (smsc95xx_set_multicast+0xfc/0x148 [smsc95xx])
[    5.238098] [<bf049dd4>] (smsc95xx_set_multicast+0xfc/0x148 [smsc95xx]) from [<bf04a118>] (smsc95xx_reset+0x2f8/0x68c [smsc95xx])
[    5.238128] [<bf04a118>] (smsc95xx_reset+0x2f8/0x68c [smsc95xx]) from [<bf04a8cc>] (smsc95xx_bind+0xcc/0x188 [smsc95xx])
[    5.238159] [<bf04a8cc>] (smsc95xx_bind+0xcc/0x188 [smsc95xx]) from [<bf03ef1c>] (usbnet_probe+0x204/0x4c4 [usbnet])
[    5.238220] [<bf03ef1c>] (usbnet_probe+0x204/0x4c4 [usbnet]) from [<c0429078>] (usb_probe_interface+0xe4/0x1c4)
[    5.238250] [<c0429078>] (usb_probe_interface+0xe4/0x1c4) from [<c03a8770>] (really_probe+0x64/0x160)
[    5.238250] [<c03a8770>] (really_probe+0x64/0x160) from [<c03a8a30>] (driver_probe_device+0x48/0x60)
[    5.238281] [<c03a8a30>] (driver_probe_device+0x48/0x60) from [<c03a8ad4>] (__driver_attach+0x8c/0x90)
[    5.238311] [<c03a8ad4>] (__driver_attach+0x8c/0x90) from [<c03a7b24>] (bus_for_each_dev+0x50/0x7c)
[    5.238311] [<c03a7b24>] (bus_for_each_dev+0x50/0x7c) from [<c03a82ec>] (bus_add_driver+0x190/0x250)
[    5.238311] [<c03a82ec>] (bus_add_driver+0x190/0x250) from [<c03a8cf8>] (driver_register+0x78/0x13c)
[    5.238433] [<c03a8cf8>] (driver_register+0x78/0x13c) from [<c0428040>] (usb_register_driver+0x78/0x13c)
[    5.238464] [<c0428040>] (usb_register_driver+0x78/0x13c) from [<c005b680>] (do_one_initcall+0x34/0x188)
[    5.238494] [<c005b680>] (do_one_initcall+0x34/0x188) from [<c00e11f0>] (sys_init_module+0xb0/0x1c0)
[    5.238525] [<c00e11f0>] (sys_init_module+0xb0/0x1c0) from [<c0065c40>] (ret_fast_syscall+0x0/0x30)

Move the two offenders to the private structure which is kmalloc-ed,
and thus safe.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: implement dev_disable_lro() hw_features compatibility
Michał Mirosław [Fri, 18 Mar 2011 16:56:34 +0000 (16:56 +0000)]
net: implement dev_disable_lro() hw_features compatibility

Implement compatibility with new hw_features for dev_disable_lro().
This is a transition path - dev_disable_lro() should be later
integrated into netdev_fix_features() after all drivers are converted.

Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoIPVS: Use global mutex in ip_vs_app.c
Simon Horman [Mon, 21 Mar 2011 15:18:01 +0000 (15:18 +0000)]
IPVS: Use global mutex in ip_vs_app.c

As part of the work to make IPVS network namespace aware
__ip_vs_app_mutex was replaced by a per-namespace lock,
ipvs->app_mutex. ipvs->app_key is also supplied for debugging purposes.

Unfortunately this implementation results in ipvs->app_key residing
in non-static storage which at the very least causes a lockdep warning.

This patch takes the rather heavy-handed approach of reinstating
__ip_vs_app_mutex which will cover access to the ipvs->list_head
of all network namespaces.

[   12.610000] IPVS: Creating netns size=2456 id=0
[   12.630000] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[   12.640000] BUG: key ffff880003bbf1a0 not in .data!
[   12.640000] ------------[ cut here ]------------
[   12.640000] WARNING: at kernel/lockdep.c:2701 lockdep_init_map+0x37b/0x570()
[   12.640000] Hardware name: Bochs
[   12.640000] Pid: 1, comm: swapper Tainted: G        W 2.6.38-kexec-06330-g69b7efe-dirty #122
[   12.650000] Call Trace:
[   12.650000]  [<ffffffff8102e685>] warn_slowpath_common+0x75/0xb0
[   12.650000]  [<ffffffff8102e6d5>] warn_slowpath_null+0x15/0x20
[   12.650000]  [<ffffffff8105967b>] lockdep_init_map+0x37b/0x570
[   12.650000]  [<ffffffff8105829d>] ? trace_hardirqs_on+0xd/0x10
[   12.650000]  [<ffffffff81055ad8>] debug_mutex_init+0x38/0x50
[   12.650000]  [<ffffffff8104bc4c>] __mutex_init+0x5c/0x70
[   12.650000]  [<ffffffff81685ee7>] __ip_vs_app_init+0x64/0x86
[   12.660000]  [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[   12.660000]  [<ffffffff811b1c33>] T.620+0x43/0x170
[   12.660000]  [<ffffffff811b1e9a>] ? register_pernet_subsys+0x1a/0x40
[   12.660000]  [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[   12.660000]  [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[   12.660000]  [<ffffffff811b1db7>] register_pernet_operations+0x57/0xb0
[   12.660000]  [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[   12.670000]  [<ffffffff811b1ea9>] register_pernet_subsys+0x29/0x40
[   12.670000]  [<ffffffff81685f19>] ip_vs_app_init+0x10/0x12
[   12.670000]  [<ffffffff81685a87>] ip_vs_init+0x4c/0xff
[   12.670000]  [<ffffffff8166562c>] do_one_initcall+0x7a/0x12e
[   12.670000]  [<ffffffff8166583e>] kernel_init+0x13e/0x1c2
[   12.670000]  [<ffffffff8128c134>] kernel_thread_helper+0x4/0x10
[   12.670000]  [<ffffffff8128ad40>] ? restore_args+0x0/0x30
[   12.680000]  [<ffffffff81665700>] ? kernel_init+0x0/0x1c2
[   12.680000]  [<ffffffff8128c130>] ? kernel_thread_helper+0x0/0x1global0

Signed-off-by: Simon Horman <horms@verge.net.au>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipvs: fix a typo in __ip_vs_control_init()
Eric Dumazet [Mon, 21 Mar 2011 10:15:40 +0000 (10:15 +0000)]
ipvs: fix a typo in __ip_vs_control_init()

Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Simon Horman <horms@verge.net.au>
Cc: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoveth: Fix the byte counters
Eric W. Biederman [Tue, 22 Mar 2011 01:24:53 +0000 (18:24 -0700)]
veth: Fix the byte counters

Commit 44540960 "veth: move loopback logic to common location" introduced
a bug in the packet counters.  I don't understand why that happened as it
is not explained in the comments and the mut check in dev_forward_skb
retains the assumption that skb->len is the total length of the packet.

I just measured this emperically by setting up a veth pair between two
noop network namespaces setting and attempting a telnet connection between
the two.  I saw three packets in each direction and the byte counters were
exactly 14*3 = 42 bytes high in each direction.  I got the actual
packet lengths with tcpdump.

So remove the extra ETH_HLEN from the veth byte count totals.

Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.
Eric W. Biederman [Tue, 22 Mar 2011 01:23:34 +0000 (18:23 -0700)]
net ipv6: Fix duplicate /proc/sys/net/ipv6/neigh directory entries.

When I was fixing issues with unregisgtering tables under /proc/sys/net/ipv6/neigh
by adding a mount point it appears I missed a critical ordering issue, in the
ipv6 initialization.  I had not realized that ipv6_sysctl_register is called
at the very end of the ipv6 initialization and in particular after we call
neigh_sysctl_register from ndisc_init.

"neigh" needs to be initialized in ipv6_static_sysctl_register which is
the first ipv6 table to initialized, and definitely before ndisc_init.
This removes the weirdness of duplicate tables while still providing a
"neigh" mount point which prevents races in sysctl unregistering.

This was initially reported at https://bugzilla.kernel.org/show_bug.cgi?id=31232
Reported-by: sunkan@zappa.cx
Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomacvlan: Fix use after free of struct macvlan_port.
Eric W. Biederman [Tue, 22 Mar 2011 01:22:22 +0000 (18:22 -0700)]
macvlan: Fix use after free of struct macvlan_port.

When the macvlan driver was extended to call unregisgter_netdevice_queue
in 23289a37e2b127dfc4de1313fba15bb4c9f0cd5b, a use after free of struct
macvlan_port was introduced.  The code in dellink relied on unregister_netdevice
actually unregistering the net device so it would be safe to free macvlan_port.

Since unregister_netdevice_queue can just queue up the unregister instead of
performing the unregiser immediately we free the macvlan_port too soon and
then the code in macvlan_stop removes the macaddress for the set of macaddress
to listen for and uses memory that has already been freed.

To fix this add a reference count to track when it is safe to free the macvlan_port
and move the call of macvlan_port_destroy into macvlan_uninit which is guaranteed
to be called after the final macvlan_port_close.

Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: fix incorrect spelling in drop monitor protocol
Neil Horman [Tue, 22 Mar 2011 01:20:26 +0000 (18:20 -0700)]
net: fix incorrect spelling in drop monitor protocol

It was pointed out to me recently that my spelling could be better :)

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agocan: c_can: Do basic c_can configuration _before_ enabling the interrupts
Jan Altenberg [Tue, 22 Mar 2011 01:19:26 +0000 (18:19 -0700)]
can: c_can: Do basic c_can configuration _before_ enabling the interrupts

I ran into some trouble while testing the SocketCAN driver for the BOSCH
C_CAN controller. The interface is not correctly initialized, if I put
some CAN traffic on the line, _while_ the interface is being started
(which means: the interface doesn't come up correcty, if there's some RX
traffic while doing 'ifconfig can0 up').

The current implementation enables the controller interrupts _before_
doing the basic c_can configuration. I think, this should be done the
other way round.

The patch below fixes things for me.

Signed-off-by: Jan Altenberg <jan@linutronix.de>
Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
Acked-by: Wolfgang Grandegger <wg@grandegger.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet/appletalk: fix atalk_release use after free
Arnd Bergmann [Tue, 22 Mar 2011 01:18:00 +0000 (18:18 -0700)]
net/appletalk: fix atalk_release use after free

The BKL removal in appletalk introduced a use-after-free problem,
where atalk_destroy_socket frees a sock, but we still release
the socket lock on it.

An easy fix is to take an extra reference on the sock and sock_put
it when returning from atalk_release.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoipx: fix ipx_release()
Eric Dumazet [Tue, 22 Mar 2011 01:16:39 +0000 (18:16 -0700)]
ipx: fix ipx_release()

Commit b0d0d915d1d1a0 (remove the BKL) added a regression, because
sock_put() can free memory while we are going to use it later.

Fix is to delay sock_put() _after_ release_sock().

Reported-by: Ingo Molnar <mingo@elte.hu>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosnmp: SNMP_UPD_PO_STATS_BH() always called from softirq
Eric Dumazet [Tue, 22 Mar 2011 01:12:54 +0000 (18:12 -0700)]
snmp: SNMP_UPD_PO_STATS_BH() always called from softirq

We dont need to test if we run from softirq context, we definitely are.

This saves few instructions in ip_rcv() & ip_rcv_finish()

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agol2tp: fix possible oops on l2tp_eth module unload
James Chapman [Tue, 22 Mar 2011 01:10:25 +0000 (18:10 -0700)]
l2tp: fix possible oops on l2tp_eth module unload

A struct used in the l2tp_eth driver for registering network namespace
ops was incorrectly marked as __net_initdata, leading to oops when
module unloaded.

BUG: unable to handle kernel paging request at ffffffffa00ec098
IP: [<ffffffff8123dbd8>] ops_exit_list+0x7/0x4b
PGD 142d067 PUD 1431063 PMD 195da8067 PTE 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/module/l2tp_eth/refcnt
Call Trace:
 [<ffffffff8123dc94>] ? unregister_pernet_operations+0x32/0x93
 [<ffffffff8123dd20>] ? unregister_pernet_device+0x2b/0x38
 [<ffffffff81068b6e>] ? sys_delete_module+0x1b8/0x222
 [<ffffffff810c7300>] ? do_munmap+0x254/0x318
 [<ffffffff812c64e5>] ? page_fault+0x25/0x30
 [<ffffffff812c6952>] ? system_call_fastpath+0x16/0x1b

Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxfrm: Fix initialize repl field of struct xfrm_state
Wei Yongjun [Tue, 22 Mar 2011 01:08:28 +0000 (18:08 -0700)]
xfrm: Fix initialize repl field of struct xfrm_state

Commit 'xfrm: Move IPsec replay detection functions to a separate file'
  (9fdc4883d92d20842c5acea77a4a21bb1574b495)
introduce repl field to struct xfrm_state, and only initialize it
under SA's netlink create path, the other path, such as pf_key,
ipcomp/ipcomp6 etc, the repl field remaining uninitialize. So if
the SA is created by pf_key, any input packet with SA's encryption
algorithm will cause panic.

    int xfrm_input()
    {
        ...
        x->repl->advance(x, seq);
        ...
    }

This patch fixed it by introduce new function __xfrm_init_state().

Pid: 0, comm: swapper Not tainted 2.6.38-next+ #14 Bochs Bochs
EIP: 0060:[<c078e5d5>] EFLAGS: 00010206 CPU: 0
EIP is at xfrm_input+0x31c/0x4cc
EAX: dd839c00 EBX: 00000084 ECX: 00000000 EDX: 01000000
ESI: dd839c00 EDI: de3a0780 EBP: dec1de88 ESP: dec1de64
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process swapper (pid: 0, ti=dec1c000 task=c09c0f20 task.ti=c0992000)
Stack:
 00000000 00000000 00000002 c0ba27c0 00100000 01000000 de3a0798 c0ba27c0
 00000033 dec1de98 c0786848 00000000 de3a0780 dec1dea4 c0786868 00000000
 dec1debc c074ee56 e1da6b8c de3a0780 c074ed44 de3a07a8 dec1decc c074ef32
Call Trace:
 [<c0786848>] xfrm4_rcv_encap+0x22/0x27
 [<c0786868>] xfrm4_rcv+0x1b/0x1d
 [<c074ee56>] ip_local_deliver_finish+0x112/0x1b1
 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1
 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44
 [<c074ef77>] ip_local_deliver+0x3e/0x44
 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1
 [<c074ec03>] ip_rcv_finish+0x30a/0x332
 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332
 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44
 [<c074f188>] ip_rcv+0x20b/0x247
 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332
 [<c072797d>] __netif_receive_skb+0x373/0x399
 [<c0727bc1>] netif_receive_skb+0x4b/0x51
 [<e0817e2a>] cp_rx_poll+0x210/0x2c4 [8139cp]
 [<c072818f>] net_rx_action+0x9a/0x17d
 [<c0445b5c>] __do_softirq+0xa1/0x149
 [<c0445abb>] ? __do_softirq+0x0/0x149

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agomac80211: initialize sta->last_rx in sta_info_alloc
Felix Fietkau [Mon, 21 Mar 2011 19:01:00 +0000 (20:01 +0100)]
mac80211: initialize sta->last_rx in sta_info_alloc

This field is used to determine the inactivity time. When in AP mode,
hostapd uses it for kicking out inactive clients after a while. Without this
patch, hostapd immediately deauthenticates a new client if it checks the
inactivity time before the client sends its first data frame.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoath9k: Fix kernel panic in AR2427
Mohammed Shafi Shajakhan [Mon, 21 Mar 2011 12:57:21 +0000 (18:27 +0530)]
ath9k: Fix kernel panic in AR2427

Kernel panic occurs just after AR2427 establishes connection with AP.
Unless aggregation is enabled we don't initialize the TID structure.
Thus accesing the elements of the TID structure when aggregation is
disabled, leads to NULL pointer dereferencing.

[  191.320358] Call Trace:
[  191.320364]  [<fd250ea7>] ? ath9k_tx+0xa7/0x200 [ath9k]
[  191.320376]  [<fd1ec7fc>] ? __ieee80211_tx+0x5c/0x1e0 [mac80211]
[  191.320386]  [<fd1edd2b>] ? ieee80211_tx+0x7b/0x90 [mac80211]
[  191.320395]  [<fd1edddd>] ? ieee80211_xmit+0x9d/0x1d0 [mac80211]
[  191.320401]  [<c014218f>] ? wake_up_state+0xf/0x20
[  191.320405]  [<c015dbc8>] ? signal_wake_up+0x28/0x40
[  191.320410]  [<c012a578>] ? default_spin_lock_flags+0x8/0x10
[  191.320420]  [<fd1ee308>] ? ieee80211_subif_start_xmit+0x2e8/0x7c0
[mac80211]
[  191.320425]  [<c058f905>] ? do_page_fault+0x295/0x3a0
[  191.320431]  [<c04c4a3d>] ? dev_hard_start_xmit+0x1ad/0x210
[  191.320436]  [<c04d96b5>] ? sch_direct_xmit+0x105/0x170
[  191.320445]  [<fd1f161a>] ? get_sta_flags+0x2a/0x40 [mac80211]
[  191.320449]  [<c04c780f>] ? dev_queue_xmit+0x37f/0x4b0
[  191.320452]  [<c04d75b0>] ? eth_header+0x0/0xb0
[  191.320456]  [<c04cc479>] ? neigh_resolve_output+0xe9/0x310
[  191.320461]  [<c053d295>] ? ip6_output_finish+0xa5/0x110
[  191.320464]  [<c053e354>] ? ip6_output2+0x134/0x250
[  191.320468]  [<c053f7dd>] ? ip6_output+0x6d/0x100
[  191.320471]  [<c0559665>] ? mld_sendpack+0x395/0x3e0
[  191.320475]  [<c0557f81>] ? add_grhead+0x31/0xa0
[  191.320478]  [<c055a83c>] ? mld_send_cr+0x1bc/0x2b0
[  191.320482]  [<c01535d9>] ? irq_exit+0x39/0x70
[  191.320485]  [<c055a940>] ? mld_ifc_timer_expire+0x10/0x40
[  191.320489]  [<c015b92e>] ? run_timer_softirq+0x13e/0x2c0
[  191.320493]  [<c0103a30>] ? common_interrupt+0x30/0x40
[  191.320498]  [<c055a930>] ? mld_ifc_timer_expire+0x0/0x40
[  191.320502]  [<c0153358>] ? __do_softirq+0x98/0x1b0
[  191.320506]  [<c01534b5>] ? do_softirq+0x45/0x50
[  191.320509]  [<c0153605>] ? irq_exit+0x65/0x70
[  191.320513]  [<c05917dc>] ? smp_apic_timer_interrupt+0x5c/0x8b
[  191.320516]  [<c0103df1>] ? apic_timer_interrupt+0x31/0x40
[  191.320521]  [<c016007b>] ? k_getrusage+0x12b/0x2f0
[  191.320525]  [<c039e384>] ? acpi_idle_enter_simple+0x117/0x148
[  191.320529]  [<c04a20da>] ? cpuidle_idle_call+0x7a/0x100
[  191.320532]  [<c01021d4>] ? cpu_idle+0x94/0xd0
[  191.320536]  [<c057ab88>] ? rest_init+0x58/0x60
[  191.320541]  [<c07a58ec>] ? start_kernel+0x351/0x357
[  191.320544]  [<c07a53c7>] ? unknown_bootoption+0x0/0x19e
[  191.320548]  [<c07a50aa>] ? i386_start_kernel+0xaa/0xb1
[  191.320550] Code: 03 66 3d 00 03 0f 84 7c 02 00 00 83 c3 18 0f b6 03
8b 4d e0 89 c3 83 e3 0f 6b c3 48 89 5d d8 8d 04 06 8d 50 0c 89 55 d0 8b
40 20 <8b> 00 3b 01 0f 85 8e 02 00 00 f6 47 20 40 0f 84 29 ff ff ff 8b
[  191.320634] EIP: [<fd2586d4>] ath_tx_start+0x474/0x770 [ath9k] SS:ESP
0068:c0761a90
[  191.320642] CR2: 0000000000000000
[  191.320647] ---[ end trace 9296ef23b9076ece ]---
[  191.320650] Kernel panic - not syncing: Fatal exception in interrupt

Cc: stable@kernel.org
Signed-off-by: Mohammed Shafi Shajakhan <mshajakhan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agowireless: fix 80211 kernel-doc warnings
Randy Dunlap [Fri, 18 Mar 2011 16:33:02 +0000 (09:33 -0700)]
wireless: fix 80211 kernel-doc warnings

Fix many of each of these warnings:

Warning(include/net/cfg80211.h:519): No description found for parameter 'rxrate'
Warning(include/net/mac80211.h:1163): bad line:

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agortlwifi: Fix memset argument order
Ilia Mirkin [Thu, 17 Mar 2011 18:08:57 +0000 (14:08 -0400)]
rtlwifi: Fix memset argument order

These were found using the following semantic match:
// <smpl>
@@expression E1; type T;@@
* memset(E1, ... * sizeof(T) * ..., ...);
// </smpl>

Also take this opportunity to remove the unnecessary void* casts.

Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agort2x00: Add unknown Toshiba device
Peter Lemenkov [Wed, 16 Mar 2011 14:12:18 +0000 (17:12 +0300)]
rt2x00: Add unknown Toshiba device

Add unknown Toshiba device, mentioned in rt3572sta sources, under
CONFIG_RT2800USB_UNKNOWN

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agort2x00: Add 2L Central Europe BV 8070
Peter Lemenkov [Wed, 16 Mar 2011 14:12:17 +0000 (17:12 +0300)]
rt2x00: Add 2L Central Europe BV 8070

Add 2L Central Europe BV 8070 under CONFIG_RT2800USB_UNKNOWN

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agort2x00: Add Planex Communications, Inc. RT8070
Peter Lemenkov [Wed, 16 Mar 2011 14:12:16 +0000 (17:12 +0300)]
rt2x00: Add Planex Communications, Inc. RT8070

Add Planex Communications, Inc. RT8070 under CONFIG_RT2800USB_UNKNOWN

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agort2x00: Add rt2870 device id
Peter Lemenkov [Wed, 16 Mar 2011 14:12:15 +0000 (17:12 +0300)]
rt2x00: Add rt2870 device id

Add ID for Asus USB-N11 Wi-FI adapter. Tested by me.

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Acked-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoorinoco: Maintain lock until entry removed from list
Joe Gunn [Tue, 15 Mar 2011 15:41:19 +0000 (08:41 -0700)]
orinoco: Maintain lock until entry removed from list

Removing an entry from the scan_list should be performed while holding
the lock.

Signed-off-by: Joseph J. Gunn <armadefuego@yahoo.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlwifi: missing unlock on error path
Dan Carpenter [Tue, 15 Mar 2011 07:01:58 +0000 (10:01 +0300)]
iwlwifi: missing unlock on error path

We should unlock here instead of returning -EINVAL directly.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agozd1211rw: TrendNet TEW-509UB id added
Tõnu Samuel [Sat, 12 Mar 2011 09:29:25 +0000 (11:29 +0200)]
zd1211rw: TrendNet TEW-509UB id added

Signed-off-by: Tõnu Samuel <tonu@jes.ee>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoMerge branch 'vhost-net-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mst...
David S. Miller [Sun, 20 Mar 2011 21:35:09 +0000 (14:35 -0700)]
Merge branch 'vhost-net-next' of git://git./linux/kernel/git/mst/vhost

13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
David S. Miller [Sun, 20 Mar 2011 20:42:25 +0000 (13:42 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/kaber/nf-2.6

13 years agonetfilter: ipt_CLUSTERIP: fix buffer overflow
Vasiliy Kulikov [Sun, 20 Mar 2011 14:42:52 +0000 (15:42 +0100)]
netfilter: ipt_CLUSTERIP: fix buffer overflow

'buffer' string is copied from userspace.  It is not checked whether it is
zero terminated.  This may lead to overflow inside of simple_strtoul().
Changli Gao suggested to copy not more than user supplied 'size' bytes.

It was introduced before the git epoch.  Files "ipt_CLUSTERIP/*" are
root writable only by default, however, on some setups permissions might be
relaxed to e.g. network admin user.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Acked-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 years agonetfilter: xtables: fix reentrancy
Eric Dumazet [Sun, 20 Mar 2011 14:40:06 +0000 (15:40 +0100)]
netfilter: xtables: fix reentrancy

commit f3c5c1bfd4308 (make ip_tables reentrant) introduced a race in
handling the stackptr restore, at the end of ipt_do_table()

We should do it before the call to xt_info_rdunlock_bh(), or we allow
cpu preemption and another cpu overwrites stackptr of original one.

A second fix is to change the underflow test to check the origptr value
instead of 0 to detect underflow, or else we allow a jump from different
hooks.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 years agonetfilter: ipset: fix checking the type revision at create command
Jozsef Kadlecsik [Sun, 20 Mar 2011 14:35:01 +0000 (15:35 +0100)]
netfilter: ipset: fix checking the type revision at create command

The revision of the set type was not checked at the create command: if the
userspace sent a valid set type but with not supported revision number,
it'd create a loop.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 years agonetfilter: ipset: fix address ranges at hash:*port* types
Jozsef Kadlecsik [Sun, 20 Mar 2011 14:33:26 +0000 (15:33 +0100)]
netfilter: ipset: fix address ranges at hash:*port* types

The hash:*port* types with IPv4 silently ignored when address ranges
with non TCP/UDP were added/deleted from the set and used the first
address from the range only.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 years agoniu: Rename NIU parent platform device name to fix conflict.
David S. Miller [Sun, 20 Mar 2011 06:06:33 +0000 (23:06 -0700)]
niu: Rename NIU parent platform device name to fix conflict.

When the OF device driver bits were converted over to the platform
device infrastructure in commit 74888760d40b3ac9054f9c5fa07b566c0676ba2d
("dt/net: Eliminate users of of_platform_{,un}register_driver") we
inadvertantly created probing problems in the OF case.

The NIU driver creates a dummy platform device to represent the
board that contains one or more child NIU devices.  Unfortunately
we use the same name, "niu", as the OF device driver itself uses.

The result is that we try to probe the dummy "niu" parent device we
create, and since it has a NULL ofdevice pointer etc. everything
explodes:

[783019.128243] niu: niu.c:v1.1 (Apr 22, 2010)
[783019.128810] Unable to handle kernel NULL pointer dereference
[783019.128949] tsk->{mm,active_mm}->context = 000000000000039e
[783019.129078] tsk->{mm,active_mm}->pgd = fffff803afc5a000
[783019.129206]               \|/ ____ \|/
[783019.129213]               "@'/ .. \`@"
[783019.129220]               /_| \__/ |_\
[783019.129226]                  \__U_/
[783019.129378] modprobe(2004): Oops [#1]
[783019.129423] TSTATE: 0000000011001602 TPC: 0000000010052ff8 TNPC: 000000000061bbb4 Y: 00000000    Not tainted
[783019.129542] TPC: <niu_of_probe+0x3c/0x2dc [niu]>
[783019.129624] g0: 8080000000000000 g1: 0000000000000000 g2: 0000000010056000 g3: 0000000000000002
[783019.129733] g4: fffff803fc1da0c0 g5: fffff800441e2000 g6: fffff803fba84000 g7: 0000000000000000
[783019.129842] o0: fffff803fe7df010 o1: 0000000010055700 o2: 0000000000000000 o3: fffff803fbacaca0
[783019.129951] o4: 0000000000000080 o5: 0000000000777908 sp: fffff803fba866e1 ret_pc: 0000000010052ff4
[783019.130083] RPC: <niu_of_probe+0x38/0x2dc [niu]>
[783019.130165] l0: fffff803fe7df010 l1: fffff803fbacafc0 l2: fffff803fbacaca0 l3: ffffffffffffffed
[783019.130273] l4: 0000000000000000 l5: 000000007fffffff l6: fffff803fba86f40 l7: 0000000000000001
[783019.130382] i0: fffff803fe7df000 i1: fffff803fc20aba0 i2: 0000000000000000 i3: 0000000000000001
[783019.130490] i4: 0000000000000000 i5: 0000000000000000 i6: fffff803fba867a1 i7: 000000000062038c
[783019.130614] I7: <platform_drv_probe+0xc/0x20>

Fix by simply renaming the parent device to "niu-board".

Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agor8169: fix a bug in rtl8169_init_phy()
Eric Dumazet [Sat, 19 Mar 2011 05:39:11 +0000 (05:39 +0000)]
r8169: fix a bug in rtl8169_init_phy()

commit 54405cde7624 (r8169: support control of advertising.)
introduced a bug in rtl8169_init_phy()

Reported-by: Piotr Hosowicz <piotr@hosowicz.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Oliver Neukum <oliver@neukum.org>
Cc: Francois Romieu <romieu@fr.zoreil.com>
Tested-by: Anca Emanuel <anca.emanuel@gmail.com>
Tested-by: Piotr Hosowicz <piotr@hosowicz.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobonding: fix a typo in a comment
Nicolas de Pesloüan [Sat, 19 Mar 2011 20:36:18 +0000 (13:36 -0700)]
bonding: fix a typo in a comment

Signed-off-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoftmac100: use resource_size()
Dan Carpenter [Sat, 19 Mar 2011 04:53:03 +0000 (21:53 -0700)]
ftmac100: use resource_size()

The calculation is off-by-one.  It should be "end - start + 1".  This
patch fixes it to use resource_size() instead.  Oddly, the code already
uses resource size correctly a couple lines earlier when it calls
request_mem_region() for this memory.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoheaders: use __aligned_xx types for userspace
Mike Frysinger [Fri, 18 Mar 2011 08:50:37 +0000 (08:50 +0000)]
headers: use __aligned_xx types for userspace

Now that we finally have __aligned_xx exported to userspace, convert
the headers that get exported over to the proper type.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobridge: Reset IPCB when entering IP stack on NF_FORWARD
Herbert Xu [Fri, 18 Mar 2011 05:27:28 +0000 (05:27 +0000)]
bridge: Reset IPCB when entering IP stack on NF_FORWARD

Whenever we enter the IP stack proper from bridge netfilter we
need to ensure that the skb is in a form the IP stack expects
it to be in.

The entry point on NF_FORWARD did not meet the requirements of
the IP stack, therefore leading to potential crashes/panics.

This patch fixes the problem.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agovlan: should take into account needed_headroom
Eric Dumazet [Fri, 18 Mar 2011 00:27:27 +0000 (00:27 +0000)]
vlan: should take into account needed_headroom

Commit c95b819ad7 (gre: Use needed_headroom)
made gre use needed_headroom instead of hard_header_len

This uncover a bug in vlan code.

We should make sure vlan devices take into account their
real_dev->needed_headroom or we risk a crash in ipgre_header(), because
we dont have enough room to push IP header in skb.

Reported-by: Diddi Oscarsson <diddi@diddi.se>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoethtool: Compat handling for struct ethtool_rxnfc
Ben Hutchings [Thu, 17 Mar 2011 07:34:32 +0000 (07:34 +0000)]
ethtool: Compat handling for struct ethtool_rxnfc

This structure was accidentally defined such that its layout can
differ between 32-bit and 64-bit processes.  Add compat structure
definitions and an ioctl wrapper function.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Acked-by: Alexander Duyck <alexander.h.duyck@intel.com>
Cc: stable@kernel.org [2.6.30+]
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoethtool: __ethtool_set_sg: check for function pointer before using it
Roger Luethi [Thu, 17 Mar 2011 06:37:21 +0000 (06:37 +0000)]
ethtool: __ethtool_set_sg: check for function pointer before using it

__ethtool_set_sg does not check if dev->ethtool_ops->set_sg is defined
which can result in a NULL pointer dereference when ethtool is used to
change SG settings for drivers without SG support.

Signed-off-by: Roger Luethi <rl@hellgate.ch>
Reviewed-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>