summaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)AuthorFilesLines
2012-11-16Merge branch 'for-davem' of ↵David S. Miller12-20/+47
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== This batch of fixes is intended for the 3.7 stream... This includes a pull of the Bluetooth tree. Gustavo says: "A few important fixes to go into 3.7. There is a new hw support by Marcos Chaparro. Johan added a memory leak fix and hci device index list fix. Also Marcel fixed a race condition in the device set up that was prevent the bt monitor to work properly. Last, Paulo Sérgio added a fix to the error status when pairing for LE fails. This was prevent userspace to work to handle the failure properly." Regarding the mac80211 pull, Johannes says: "I have a locking fix for some SKB queues, a variable initialization to avoid crashes in a certain failure case, another free_txskb fix from Felix and another fix from him to avoid calling a stopped driver, a fix for a (very unlikely) memory leak and a fix to not send null data packets when resuming while not associated." Regarding the iwlwifi pull, Johannes says: "Two more fixes for iwlwifi ... one to use ieee80211_free_txskb(), and one to check DMA mapping errors, please pull." On top of that, Johannes also included a wireless regulatory fix to allow 40 MHz on channels 12 and 13 in world roaming mode. Also, Hauke Mehrtens fixes a #ifdef typo in brcmfmac. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16net-rps: Fix brokeness causing OOO packetsTom Herbert1-1/+3
In commit c445477d74ab3779 which adds aRFS to the kernel, the CPU selected for RFS is not set correctly when CPU is changing. This is causing OOO packets and probably other issues. Signed-off-by: Tom Herbert <therbert@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-mergeDavid S. Miller2-7/+20
Included fixes are: - update the client entry status flags when using the "early client detection". This makes the Distributed AP isolation correctly work; - transfer the client entry status flags when recovering the translation table from another node. This makes the Distributed AP isolation correctly work; - prevent the "early client detection mechanism" to add clients belonging to other backbone nodes in the same LAN. This breaks connectivity when using this mechanism together with the Bridge Loop Avoidance - process broadcast packets with the Bridge Loop Avoidance before any other component. BLA can possibly drop the packets based on the source address. This makes the "early client detection mechanism" correctly work when used with BLA. Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16tcp: handle tcp_net_metrics_init() order-5 memory allocation failuresEric Dumazet1-3/+9
order-5 allocations can fail with current kernels, we should try vmalloc() as well. Reported-by: Julien Tinnes <jln@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16Merge branch 'master' of ↵John W. Linville12-20/+47
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
2012-11-16batman-adv: process broadcast packets in BLA earlierAntonio Quartulli1-6/+6
The logic in the BLA mechanism may decide to drop broadcast packets because the node may still be in the setup phase. For this reason, further broadcast processing like the early client detection mechanism must be done only after the BLA check. This patches moves the invocation to BLA before any other broadcast processing. This was introduced 30cfd02b60e1cb16f5effb0a01f826c5bb7e4c59 ("batman-adv: detect not yet announced clients") Reported-by: Glen Page <glen.page@thet.net> Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2012-11-16batman-adv: don't add TEMP clients belonging to other backbone nodesAntonio Quartulli1-0/+7
The "early client detection" mechanism must not add clients belonging to other backbone nodes. Such clients must be reached by directly using the LAN instead of the mesh. This was introduced by 30cfd02b60e1cb16f5effb0a01f826c5bb7e4c59 ("batman-adv: detect not yet announced clients") Reported-by: Glen Page <glen.page@thet.net> Signed-off-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2012-11-16batman-adv: correctly pass the client flag on tt_responseAntonio Quartulli1-1/+1
When a TT response with the full table is sent, the client flags should be sent as well. This patch fix the flags assignment when populating the tt_response to send back This was introduced by 30cfd02b60e1cb16f5effb0a01f826c5bb7e4c59 ("batman-adv: detect not yet announced clients") Signed-off-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2012-11-16batman-adv: fix tt_global_entries flags updateAntonio Quartulli1-0/+6
Flags carried by a change_entry have to be always copied into the client entry as they may contain important attributes (e.g. TT_CLIENT_WIFI). For instance, a client added by means of the "early detection mechanism" has no flag set at the beginning, so they must be updated once the proper ADD event is received. This was introduced by 30cfd02b60e1cb16f5effb0a01f826c5bb7e4c59 ("batman-adv: detect not yet announced clients") Signed-off-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2012-11-15net: correct check in dev_addr_del()Jiri Pirko1-1/+2
Check (ha->addr == dev->dev_addr) is always true because dev_addr_init() sets this. Correct the check to behave properly on addr removal. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15tcp: fix retransmission in repair modeAndrew Vagin2-2/+6
Currently if a socket was repaired with a few packet in a write queue, a kernel bug may be triggered: kernel BUG at net/ipv4/tcp_output.c:2330! RIP: 0010:[<ffffffff8155784f>] tcp_retransmit_skb+0x5ff/0x610 According to the initial realization v3.4-rc2-963-gc0e88ff, all skb-s should look like already posted. This patch fixes code according with this sentence. Here are three points, which were not done in the initial patch: 1. A tcp send head should not be changed 2. Initialize TSO state of a skb 3. Reset the retransmission time This patch moves logic from tcp_sendmsg to tcp_write_xmit. A packet passes the ussual way, but isn't sent to network. This patch solves all described problems and handles tcp_sendpages. Cc: Pavel Emelyanov <xemul@parallels.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Signed-off-by: Andrey Vagin <avagin@openvz.org> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15sctp: fix /proc/net/sctp/ memory leakTommi Rantala1-4/+4
Commit 13d782f ("sctp: Make the proc files per network namespace.") changed the /proc/net/sctp/ struct file_operations opener functions to use single_open_net() and seq_open_net(). Avoid leaking memory by using single_release_net() and seq_release_net() as the release functions. Discovered with Trinity (the syscall fuzzer). Signed-off-by: Tommi Rantala <tt.rantala@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-14ipv4/ip_vti.c: VTI fix post-decryption forwardingSaurabh Mohan1-0/+5
With the latest kernel there are two things that must be done post decryption so that the packet are forwarded. 1. Remove the mark from the packet. This will cause the packet to not match the ipsec-policy again. However doing this causes the post-decryption check to fail also and the packet will get dropped. (cat /proc/net/xfrm_stat). 2. Remove the sp association in the skbuff so that no policy check is done on the packet for VTI tunnels. Due to #2 above we must now do a security-policy check in the vti rcv path prior to resetting the mark in the skbuff. Signed-off-by: Saurabh Mohan <saurabh.mohan@vyatta.com> Reported-by: Ruben Herold <ruben@puettmann.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-14Merge branch 'master' of ↵John W. Linville3-8/+10
git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
2012-11-14Merge branch 'for-john' of ↵John W. Linville9-12/+37
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
2012-11-13ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return valueHannes Frederic Sowa1-0/+1
Cc: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-13tcp: tcp_replace_ts_recent() should not be called from tcp_validate_incoming()Eric Dumazet1-5/+10
We added support for RFC 5961 in latest kernels but TCP fails to perform exhaustive check of ACK sequence. We can update our view of peer tsval from a frame that is later discarded by tcp_ack() This makes timestamps enabled sessions vulnerable to injection of a high tsval : peers start an ACK storm, since the victim sends a dupack each time it receives an ACK from the other peer. As tcp_validate_incoming() is called before tcp_ack(), we should not peform tcp_replace_ts_recent() from it, and let callers do it at the right time. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Nandita Dukkipati <nanditad@google.com> Cc: H.K. Jerry Chu <hkchu@google.com> Cc: Romain Francoise <romain@orebokech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-12wireless: allow 40 MHz on world roaming channels 12/13Johannes Berg1-3/+2
When in world roaming mode, allow 40 MHz to be used on channels 12 and 13 so that an AP that is, e.g., using HT40+ on channel 9 (in the UK) can be used. Cc: stable@vger.kernel.org Reported-by: Eddie Chapman <eddie@ehuk.net> Tested-by: Eddie Chapman <eddie@ehuk.net> Acked-by: Luis R. Rodriguez <mcgrof@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-11-11ipv4: avoid undefined behavior in do_ip_setsockopt()Xi Wang1-13/+22
(1<<optname) is undefined behavior in C with a negative optname or optname larger than 31. In those cases the result of the shift is not necessarily zero (e.g., on x86). This patch simplifies the code with a switch statement on optname. It also allows the compiler to generate better code (e.g., using a 64-bit mask). Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-10Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds7-40/+91
Pull networking fixes from David Miller: "Bug fixes galore, mostly in drivers as is often the case: 1) USB gadget and cdc_eem drivers need adjustments to their frame size lengths in order to handle VLANs correctly. From Ian Coolidge. 2) TIPC and several network drivers erroneously call tasklet_disable before tasklet_kill, fix from Xiaotian Feng. 3) r8169 driver needs to apply the WOL suspend quirk to more chipsets, fix from Cyril Brulebois. 4) Fix multicast filters on RTL_GIGA_MAC_VER_35 r8169 chips, from Nathan Walp. 5) FDB netlink dumps should use RTM_NEWNEIGH as the message type, not zero. From John Fastabend. 6) Fix smsc95xx tx checksum offload on big-endian, from Steve Glendinning. 7) __inet_diag_dump() needs to repsect and report the error value returned from inet_diag_lock_handler() rather than ignore it. Otherwise if an inet diag handler is not available for a particular protocol, we essentially report success instead of giving an error indication. Fix from Cyrill Gorcunov. 8) When the QFQ packet scheduler sees TSO/GSO packets it does not handle things properly, and in fact ends up corrupting it's datastructures as well as mis-schedule packets. Fix from Paolo Valente. 9) Fix oopser in skb_loop_sk(), from Eric Leblond. 10) CXGB4 passes partially uninitialized datastructures in to FW commands, fix from Vipul Pandya. 11) When we send unsolicited ipv6 neighbour advertisements, we should send them to the link-local allnodes multicast address, as per RFC4861. Fix from Hannes Frederic Sowa. 12) There is some kind of bug in the usbnet's kevent deferral mechanism, but more immediately when it triggers an uncontrolled stream of kernel messages spam the log. Rate limit the error log message triggered when this problem occurs, as sending thousands of error messages into the kernel log doesn't help matters at all, and in fact makes further diagnosis more difficult. From Steve Glendinning. 13) Fix gianfar restore from hibernation, from Wang Dongsheng. 14) The netlink message attribute sizes are wrong in the ipv6 GRE driver, it was using the size of ipv4 addresses instead of ipv6 ones :-) Fix from Nicolas Dichtel." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: gre6: fix rtnl dump messages gianfar: ethernet vanishes after restoring from hibernation usbnet: ratelimit kevent may have been dropped warnings ipv6: send unsolicited neighbour advertisements to all-nodes net: usb: cdc_eem: Fix rx skb allocation for 802.1Q VLANs usb: gadget: g_ether: fix frame size check for 802.1Q cxgb4: Fix initialization of SGE_CONTROL register isdn: Make CONFIG_ISDN depend on CONFIG_NETDEVICES cxgb4: Initialize data structures before using. af-packet: fix oops when socket is not present pkt_sched: enable QFQ to support TSO/GSO net: inet_diag -- Return error code if protocol handler is missed net: bnx2x: Fix typo in bnx2x driver smsc95xx: fix tx checksum offload for big endian rtnetlink: Use nlmsg type RTM_NEWNEIGH from dflt fdb dump ptp: update adjfreq callback description r8169: allow multicast packets on sub-8168f chipset. r8169: Fix WoL on RTL8168d/8111d. drivers/net: use tasklet_kill in device remove/close process tipc: do not use tasklet_disable before tasklet_kill
2012-11-10mac80211: call skb_dequeue/ieee80211_free_txskb instead of __skb_queue_purgeFelix Fietkau4-6/+20
Fixes more wifi status skb leaks, leading to hostapd/wpa_supplicant hangs. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-11-09gre6: fix rtnl dump messagesNicolas Dichtel1-4/+4
Spotted after a code review. Introduced by c12b395a46646bab69089ce7016ac78177f6001f (gre: Support GRE over IPv6). Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-09ipv6: send unsolicited neighbour advertisements to all-nodesHannes Frederic Sowa1-2/+1
As documented in RFC4861 (Neighbor Discovery for IP version 6) 7.2.6., unsolicited neighbour advertisements should be sent to the all-nodes multicast address. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-09mac80211: don't send null data packet when not associatedJohannes Berg1-0/+2
On resume or firmware recovery, mac80211 sends a null data packet to see if the AP is still around and hasn't disconnected us. However, it always does this even if it wasn't even connected before, leading to a warning in the new channel context code. Fix this by checking that it's associated. Cc: stable@vger.kernel.org Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-11-09Bluetooth: Fix memory leak when removing a UUIDJohan Hedberg1-0/+1
When removing a UUID from the list in the remove_uuid() function we must also kfree the entry in addition to removing it from the list. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-11-09Bluetooth: Notify about device registration before power onMarcel Holtmann1-2/+2
It is important that the monitor interface gets notified about a new device before its power on procedure has been started. For some reason that is no longer working as expected and the power on procedure runs first. It is safe to just notify about device registration and trigger the power on procedure afterwards. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-11-09Bluetooth: Fix error status when pairing failsPaulo Sérgio1-1/+1
When pairing fails due to wrong confirm value, the management layer doesn't report a proper error status. It sends MGMT_STATUS_CONNECT_FAILED instead of MGMT_STATUS_AUTH_FAILED. Most of management functions that receive a status as a parameter expects for it to be encoded as a HCI status. But when a SMP pairing fails, the SMP layer sends the SMP reason as the error status to the management layer. This commit maps all SMP reasons to HCI_ERROR_AUTH_FAILURE, which will be converted to MGMT_STATUS_AUTH_FAILED in the management layer. Reported-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Reviewed-by: João Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: Paulo Sérgio <paulo.sergio@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-11-09Bluetooth: Fix having bogus entries in mgmt_read_index_list replyJohan Hedberg1-5/+6
The mgmt_read_index_list uses one loop to calculate the max needed size of its response with the help of an upper-bound of the controller count. The second loop is more strict as it checks for HCI_SETUP (which might have gotten set after the first loop) and could result in some indexes being skipped. Because of this the function needs to readjust the event length and index count after filling in the response array. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Cc: stable@vger.kernel.org Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-11-09mac80211: fix memory leak in device registration error pathJohannes Berg1-2/+4
If the cipher suites need to be allocated, but this allocation fails, this leaks the internal scan request. Fix that by going to the correct error handling label. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-11-07af-packet: fix oops when socket is not presentEric Leblond1-1/+1
Due to a NULL dereference, the following patch is causing oops in normal trafic condition: commit c0de08d04215031d68fa13af36f347a6cfa252ca Author: Eric Leblond <eric@regit.org> Date:   Thu Aug 16 22:02:58 2012 +0000     af_packet: don't emit packet on orig fanout group This buggy patch was a feature fix and has reached most stable branches. When skb->sk is NULL and when packet fanout is used, there is a crash in match_fanout_group where skb->sk is accessed. This patch fixes the issue by returning false as soon as the socket is NULL: this correspond to the wanted behavior because the kernel as to resend the skb to all the listening socket in this case. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-07pkt_sched: enable QFQ to support TSO/GSOPaolo Valente1-30/+79
If the max packet size for some class (configured through tc) is violated by the actual size of the packets of that class, then QFQ would not schedule classes correctly, and the data structures implementing the bucket lists may get corrupted. This problem occurs with TSO/GSO even if the max packet size is set to the MTU, and is, e.g., the cause of the failure reported in [1]. Two patches have been proposed to solve this problem in [2], one of them is a preliminary version of this patch. This patch addresses the above issues by: 1) setting QFQ parameters to proper values for supporting TSO/GSO (in particular, setting the maximum possible packet size to 64KB), 2) automatically increasing the max packet size for a class, lmax, when a packet with a larger size than the current value of lmax arrives. The drawback of the first point is that the maximum weight for a class is now limited to 4096, which is equal to 1/16 of the maximum weight sum. Finally, this patch also forcibly caps the timestamps of a class if they are too high to be stored in the bucket list. This capping, taken from QFQ+ [3], handles the unfrequent case described in the comment to the function slot_insert. [1] http://marc.info/?l=linux-netdev&m=134968777902077&w=2 [2] http://marc.info/?l=linux-netdev&m=135096573507936&w=2 [3] http://marc.info/?l=linux-netdev&m=134902691421670&w=2 Signed-off-by: Paolo Valente <paolo.valente@unimore.it> Tested-by: Cong Wang <amwang@redhat.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-05mac80211: sync acccess to tx_filtered/ps_tx_buf queuesArik Nemtsov1-0/+5
These are accessed without a lock when ending STA PSM. If the sta_cleanup timer accesses these lists at the same time, we might crash. This may fix some mysterious crashes we had during ieee80211_sta_ps_deliver_wakeup. Cc: stable@vger.kernel.org Signed-off-by: Arik Nemtsov <arik@wizery.com> Signed-off-by: Ido Yariv <ido@wizery.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-11-04net: inet_diag -- Return error code if protocol handler is missedCyrill Gorcunov1-1/+4
We've observed that in case if UDP diag module is not supported in kernel the netlink returns NLMSG_DONE without notifying a caller that handler is missed. This patch makes __inet_diag_dump to return error code instead. So as example it become possible to detect such situation and handle it gracefully on userspace level. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> CC: David Miller <davem@davemloft.net> CC: Eric Dumazet <eric.dumazet@gmail.com> CC: Pavel Emelyanov <xemul@parallels.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-03Merge tag 'nfs-for-3.7-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds1-1/+1
Pull NFS client bugfixes from Trond Myklebust: - Fix a bunch of deadlock situations: * State recovery can deadlock if we fail to release sequence ids before scheduling the recovery thread. * Calling deactivate_super() from an RPC workqueue thread can deadlock because of the call to rpc_shutdown_client. - Display the device name correctly in /proc/*/mounts - Fix a number of incorrect error return values: * When NFSv3 mounts fail due to a timeout. * On NFSv4.1 backchannel setup failure * On NFSv4 open access checks - pnfs_find_alloc_layout() must check the layout pointer for NULL - Fix a regression in the legacy DNS resolved * tag 'nfs-for-3.7-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFS4: nfs4_opendata_access should return errno NFSv4: Initialise the NFSv4.1 slot table highest_used_slotid correctly SUNRPC: return proper errno from backchannel_rqst NFS: add nfs_sb_deactive_async to avoid deadlock nfs: Show original device name verbatim in /proc/*/mount{s,info} nfsv3: Make v3 mounts fail with ETIMEDOUTs instead EIO on mountd timeouts nfs: Check whether a layout pointer is NULL before free it NFS: fix bug in legacy DNS resolver. NFSv4: nfs4_locku_done must release the sequence id NFSv4.1: We must release the sequence id when we fail to get a session slot NFS: Wait for session recovery to finish before returning
2012-11-03rtnetlink: Use nlmsg type RTM_NEWNEIGH from dflt fdb dumpJohn Fastabend1-1/+2
Change the dflt fdb dump handler to use RTM_NEWNEIGH to be compatible with bridge dump routines. The dump reply from the network driver handlers should match the reply from bridge handler. The fact they were not in the ixgbe case was effectively a bug. This patch resolves it. Applications that were not checking the nlmsg type will continue to work. And now applications that do check the type will work as expected. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-03tipc: do not use tasklet_disable before tasklet_killXiaotian Feng1-1/+0
If tasklet_disable() is called before related tasklet handled, tasklet_kill will never be finished. tasklet_kill is enough. Signed-off-by: Xiaotian Feng <dannyfeng@tencent.com> Cc: Jon Maloy <jon.maloy@ericsson.com> Cc: Allan Stephens <allan.stephens@windriver.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: netdev@vger.kernel.org Cc: tipc-discussion@lists.sourceforge.net Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-02Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds15-46/+125
Pull networking fixes from David Miller: "First post-Sandy pull request" 1) Fix antenna gain handling and initialization of chan->max_reg_power in wireless, from Felix Fietkau. 2) Fix nexthop handling in H.232 conntrack helper, from Julian Anastasov. 3) Only process 80211 mesh config header in certain kinds of frames, from Javier Cardona. 4) 80211 management frame header length needs to be validated, from Johannes Berg. 5) Don't access free'd SKBs in ath9k driver, from Felix Fietkay. 6) Test for permanent state correctly in VXLAN driver, from Stephen Hemminger. 7) BNX2X bug fixes from Yaniv Rosner and Dmitry Kravkov. 8) Fix off by one errors in bonding, from Nikolay ALeksandrov. 9) Fix divide by zero in TCP-Illinois congestion control. From Jesper Dangaard Brouer. 10) TCP metrics code says "Yo dawg, I heard you like sizeof, so I did a sizeof of a sizeof, so you can size your size" Fix from Julian Anastasov. 11) Several drivers do mdiobus_free without first doing an mdiobus_unregister leading to stray pointer references. Fix from Peter Senna Tschudin. 12) Fix OOPS in l2tp_eth_create() error path, it's another danling pointer kinda situation. Fix from Tom Parkin. 13) Hardware driven by the vmxnet driver can't handle larger than 16K fragments, so split them up when necessary. From Eric Dumazet. 14) Handle zero length data length in tcp_send_rcvq() properly. Fix from Pavel Emelyanov. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (38 commits) tcp-repair: Handle zero-length data put in rcv queue vmxnet3: must split too big fragments l2tp: fix oops in l2tp_eth_create() error path cxgb4: Fix unable to get UP event from the LLD drivers/net/phy/mdio-bitbang.c: Call mdiobus_unregister before mdiobus_free drivers/net/ethernet/nxp/lpc_eth.c: Call mdiobus_unregister before mdiobus_free bnx2x: fix HW initialization using fw 7.8.x tcp: Fix double sizeof in new tcp_metrics code net: fix divide by zero in tcp algorithm illinois net: sctp: Fix typo in net/sctp bonding: fix second off-by-one error bonding: fix off-by-one error bnx2x: Disable FCoE for 57840 since not yet supported by FW bnx2x: Fix no link on 577xx 10G-baseT bnx2x: Fix unrecognized SFP+ module after driver is loaded bnx2x: Fix potential incorrect link speed provision bnx2x: Restore global registers back to default. bnx2x: Fix link down in 57712 following LFA bnx2x: Fix 57810 1G-KR link against certain switches. ixgbe: PTP get_ts_info missing software support ...
2012-11-02tcp-repair: Handle zero-length data put in rcv queuePavel Emelyanov1-0/+3
When sending data into a tcp socket in repair state we should check for the amount of data being 0 explicitly. Otherwise we'll have an skb with seq == end_seq in rcv queue, but tcp doesn't expect this to happen (in particular a warn_on in tcp_recvmsg shoots). Signed-off-by: Pavel Emelyanov <xemul@parallels.com> Reported-by: Giorgos Mavrikas <gmavrikas@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-02l2tp: fix oops in l2tp_eth_create() error pathTom Parkin1-0/+1
When creating an L2TPv3 Ethernet session, if register_netdev() should fail for any reason (for example, automatic naming for "l2tpeth%d" interfaces hits the 32k-interface limit), the netdev is freed in the error path. However, the l2tp_eth_sess structure's dev pointer is left uncleared, and this results in l2tp_eth_delete() then attempting to unregister the same netdev later in the session teardown. This results in an oops. To avoid this, clear the session dev pointer in the error path. Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-01tcp: Fix double sizeof in new tcp_metrics codeJulian Anastasov1-1/+1
Fix double sizeof when parsing IPv6 address from user space because it breaks get/del by specific IPv6 address. Problem noticed by David Binderman: https://bugzilla.kernel.org/show_bug.cgi?id=49171 Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-01net: fix divide by zero in tcp algorithm illinoisJesper Dangaard Brouer1-3/+5
Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops. The division by zero occur in tcp_illinois_info() at: do_div(t, ca->cnt_rtt); where ca->cnt_rtt can become zero (when rtt_reset is called) Steps to Reproduce: 1. Register tcp_illinois: # sysctl -w net.ipv4.tcp_congestion_control=illinois 2. Monitor internal TCP information via command "ss -i" # watch -d ss -i 3. Establish new TCP conn to machine Either it fails at the initial conn, or else it needs to wait for a loss or a reset. This is only related to reading stats. The function avg_delay() also performs the same divide, but is guarded with a (ca->cnt_rtt > 0) at its calling point in update_params(). Thus, simply fix tcp_illinois_info(). Function tcp_illinois_info() / get_info() is called without socket lock. Thus, eliminate any race condition on ca->cnt_rtt by using a local stack variable. Simply reuse info.tcpv_rttcnt, as its already set to ca->cnt_rtt. Function avg_delay() is not affected by this race condition, as its called with the socket lock. Cc: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-01net: sctp: Fix typo in net/sctpMasanari Iida1-1/+1
Correct spelling typo in net/sctp/socket.c Signed-off-by: Masanari Iida <standby24x7@gmail.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-01SUNRPC: return proper errno from backchannel_rqstWeston Andros Adamson1-1/+1
The one and only caller (in fs/nfs/nfs4client.c) uses the result as an errno and would have interpreted an error as EPERM. Signed-off-by: Weston Andros Adamson <dros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2012-10-31Merge branch 'for-davem' of ↵David S. Miller6-36/+104
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== This is a batch of fixes intended for 3.7... The biggest portion of this is a pull request from Johannes Berg: "Please pull my mac80211.git tree per below to get a number of fixes. I have included a patch from Antonio to fix a memcpy overrun, Felix's patches for the antenna gain/tx power issues, a few mesh-related fixes from Javier for mac80211 and my own patches to not access data that might not be present in an skb at all as well as a patch (the duplicate IE check one) to make mac80211 forward-compatible with potential future spec extensions that use the same IE multiple times. It's a bit bigger than I'd like maybe, but I think all of these are worthwhile fixes at this point." In addition... Felix Fietkau fixes an ath9k use-after-free issue. Stanislaw Gruszka adds a valid value check to rt2800. Sven Eckelmann adds a check to only check a TID value in a BlockAck, for frames that could be either a BlockAck or a normal Ack. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-31Merge branch 'master' of git://1984.lsi.us.es/nfDavid S. Miller4-5/+10
Pablo Neira Ayuso says: ==================== The following patchset contains fixes for your net tree, two of them are due to relatively recent changes, one has been a longstanding bug, they are: * Fix incorrect usage of rt_gateway in the H.323 helper, from Julian Anastasov. * Skip re-route in nf_nat code for ICMP traffic. If CONFIG_XFRM is enabled, we waste cycles to look up for the route again. This problem seems to be there since really long time. From Ulrich Weber. * Fix mismatching section in nf_conntrack_reasm, from Hein Tibosch. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-31Merge branch 'master' of ↵John W. Linville6-36/+104
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
2012-10-31mac80211: init sched_scan_iesDavid Spinadel1-1/+1
In case that there is an unsupported band, the ie will be unallocated and the free will crash. Cc: stable@vger.kernel.org Signed-off-by: David Spinadel <david.spinadel@intel.com> Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-10-31mac80211: do not call ieee80211_configure_filter if no interfaces are upFelix Fietkau1-0/+3
Drivers are not expected to handle it before drv_start has been called. It will be called again after an interface has been brought up. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-10-29Merge branch 'for-john' of ↵John W. Linville6-36/+104
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
2012-10-29Merge branch 'for-linus' of ↵Linus Torvalds1-2/+4
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client Pull Ceph fixes form Sage Weil: "There are two fixes in the messenger code, one that can trigger a NULL dereference, and one that error in refcounting (extra put). There is also a trivial fix that in the fs client code that is triggered by NFS reexport." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: fix dentry reference leak in encode_fh() libceph: avoid NULL kref_put when osd reset races with alloc_msg rbd: reset BACKOFF if unable to re-queue