summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2013-01-28net: phy: icplus: fix broken INTR pin settingsGiuseppe CAVALLARO1-5/+5
This patch fixes the setting of the INTR pin that is valid for IP101 A/G device and not for the IP1001. Reported-by: Anunay Saxena <anunay.saxena@st.com> Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-28net: phy: icplus: Use the RGMII interface mode to configure clock delaysStuart Menefy1-5/+16
Like several other PHY devices which support RGMII, the IC+1001 allows additional delays to by added to the RX_CLK and TX_CLK signals to compensate for skew between the clock and data signals. Previously this was always enabled, but this change makes use of the different RGMII interface modes to allow the user to specify whether this should be enabled. Signed-off-by: Stuart Menefy <stuart.menefy@st.com> Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-28IP_GRE: Fix kernel panic in IP_GRE with GRE csum.Pravin B Shelar1-1/+5
Due to IP_GRE GSO support, GRE can recieve non linear skb which results in panic in case of GRE_CSUM. Following patch fixes it by using correct csum API. Bug introduced in commit 6b78f16e4bdde3936b (gre: add GSO support) Signed-off-by: Pravin B Shelar <pshelar@nicira.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27sctp: set association state to established in dupcook_a handlerXufeng Zhang1-1/+3
While sctp handling a duplicate COOKIE-ECHO and the action is 'Association restart', sctp_sf_do_dupcook_a() will processing the unexpected COOKIE-ECHO for peer restart, but it does not set the association state to SCTP_STATE_ESTABLISHED, so the association could stuck in SCTP_STATE_SHUTDOWN_PENDING state forever. This violates the sctp specification: RFC 4960 5.2.4. Handle a COOKIE ECHO when a TCB Exists Action A) In this case, the peer may have restarted. ..... After this, the endpoint shall enter the ESTABLISHED state. To resolve this problem, adding a SCTP_CMD_NEW_STATE cmd to the command list before SCTP_CMD_REPLY cmd, this will set the restart association to SCTP_STATE_ESTABLISHED state properly and also avoid I-bit being set in the DATA chunk header when COOKIE_ACK is bundled with DATA chunks. Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27ip6mr: limit IPv6 MRT_TABLE identifiersDan Carpenter1-0/+3
We did this for IPv4 in b49d3c1e1c "net: ipmr: limit MRT_TABLE identifiers" but we need to do it for IPv6 as well. On IPv6 the name is "pim6reg" instead of "pimreg" so there is one less digit allowed. The strcpy() is in ip6mr_reg_vif(). Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27r8169: fix vlan tag read ordering.françois romieu1-8/+6
Control of receive descriptor must not be returned to ethernet chipset before vlan tag processing is done. VLAN tag receive word is now reset both in normal and error path. Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Spotted-by: Timo Teras <timo.teras@iki.fi> Cc: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27net: cdc_ncm: use IAD provided by the USB coreBjørn Mork1-24/+4
commit 9992c2e (net: cdc_ncm: workaround for missing CDC Union) added code to lookup an IAD for the interface we are probing. This is redundant. The USB core has already done the lookup and saved the result in the USB interface struct. Use that instead. Cc: Greg Suarez <gsuarez@smithmicro.com> Cc: Alexey Orishko <alexey.orishko@stericsson.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-mergeDavid S. Miller1-1/+18
Included changes ares: - fix an skb memleak in DAT - fix the ARP filtering routine in DAT by preventing bogus entries to overwrite already existing ones in the local cache. - fix the ARP filtering routine in DAT by preventing it to parse and add to the cache bogus entries Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27batman-adv: filter ARP packets with invalid MAC addresses in DATMatthias Schiffer1-0/+13
We never want multicast MAC addresses in the Distributed ARP Table, so it's best to completely ignore ARP packets containing them where we expect unicast addresses. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2013-01-27batman-adv: check for more types of invalid IP addresses in DATMatthias Schiffer1-1/+3
There are more types of IP addresses that may appear in ARP packets that we don't want to process. While some of these should never appear in sane ARP packets, a 0.0.0.0 source is used for duplicate address detection and thus seen quite often. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2013-01-27batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()Matthias Schiffer1-0/+2
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been freed when it returns true; fix this by calling kfree_skb before returning as it is done in batadv_dat_snoop_incoming_arp_request(). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Acked-by: Antonio Quartulli <ordex@autistici.org> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2013-01-27Merge branch 'for-davem' of ↵David S. Miller14-75/+67
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless John W. Linville says: ==================== This is a batch of fixes intende for the 3.8 stream. Regarding the iwlwifi bits, Johannes says this: "Please pull to get a single fix from Emmanuel for a bug I introduced due to misunderstanding the code." Regarding the mac80211 bits, Johannes says this: "I have a few small fixes for you: * some mesh frames would cause encryption warnings -- fixes from Bob * scanning would pretty much break an association if we transmitted anything to the AP while scanning -- fix from Stanislaw * mode injection was broken by channel contexts -- fix from Felix * FT roaming was broken: hardware crypto would get disabled by it" Along with that, a handful of other fixes confined to specific drivers. Avinash Patil fixes a typo in a NULL check in mwifiex. Larry Finger fixes a build warning in rtlwifi. Seems safe... Stanislaw Gruszka fixes iwlegacy to prevent microcode errors when switching from IBSS mode to STA mode. Felix Fietkau provides a trio of ath9k fixes related to proper tuning. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27net: loopback: fix a dst refcounting issueEric Dumazet1-0/+5
Ben Greear reported crashes in ip_rcv_finish() on a stress test involving many macvlans. We tracked the bug to a dst use after free. ip_rcv_finish() was calling dst->input() and got garbage for dst->input value. It appears the bug is in loopback driver, lacking a skb_dst_force() before calling netif_rx(). As a result, a non refcounted dst, normally protected by a RCU read_lock section, was escaping this section and could be freed before the packet being processed. [<ffffffff813a3c4d>] loopback_xmit+0x64/0x83 [<ffffffff81477364>] dev_hard_start_xmit+0x26c/0x35e [<ffffffff8147771a>] dev_queue_xmit+0x2c4/0x37c [<ffffffff81477456>] ? dev_hard_start_xmit+0x35e/0x35e [<ffffffff8148cfa6>] ? eth_header+0x28/0xb6 [<ffffffff81480f09>] neigh_resolve_output+0x176/0x1a7 [<ffffffff814ad835>] ip_finish_output2+0x297/0x30d [<ffffffff814ad6d5>] ? ip_finish_output2+0x137/0x30d [<ffffffff814ad90e>] ip_finish_output+0x63/0x68 [<ffffffff814ae412>] ip_output+0x61/0x67 [<ffffffff814ab904>] dst_output+0x17/0x1b [<ffffffff814adb6d>] ip_local_out+0x1e/0x23 [<ffffffff814ae1c4>] ip_queue_xmit+0x315/0x353 [<ffffffff814adeaf>] ? ip_send_unicast_reply+0x2cc/0x2cc [<ffffffff814c018f>] tcp_transmit_skb+0x7ca/0x80b [<ffffffff814c3571>] tcp_connect+0x53c/0x587 [<ffffffff810c2f0c>] ? getnstimeofday+0x44/0x7d [<ffffffff810c2f56>] ? ktime_get_real+0x11/0x3e [<ffffffff814c6f9b>] tcp_v4_connect+0x3c2/0x431 [<ffffffff814d6913>] __inet_stream_connect+0x84/0x287 [<ffffffff814d6b38>] ? inet_stream_connect+0x22/0x49 [<ffffffff8108d695>] ? _local_bh_enable_ip+0x84/0x9f [<ffffffff8108d6c8>] ? local_bh_enable+0xd/0x11 [<ffffffff8146763c>] ? lock_sock_nested+0x6e/0x79 [<ffffffff814d6b38>] ? inet_stream_connect+0x22/0x49 [<ffffffff814d6b49>] inet_stream_connect+0x33/0x49 [<ffffffff814632c6>] sys_connect+0x75/0x98 This bug was introduced in linux-2.6.35, in commit 7fee226ad2397b (net: add a noref bit on skb dst) skb_dst_force() is enforced in dev_queue_xmit() for devices having a qdisc. Reported-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27virtio-net: reset virtqueue affinity when doing cpu hotplugWanlong Gao1-0/+33
Add a cpu notifier to virtio-net, so that we can reset the virtqueue affinity if the cpu hotplug happens. It improve the performance through enabling or disabling the virtqueue affinity after doing cpu hotplug. Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27virtio-net: split out clean affinity functionWanlong Gao1-36/+40
Split out the clean affinity function to virtnet_clean_affinity(). Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-27virtio-net: fix the set affinity bug when CPU IDs are not consecutiveWanlong Gao1-13/+54
As Michael mentioned, set affinity and select queue will not work very well when CPU IDs are not consecutive, this can happen with hot unplug. Fix this bug by traversal the online CPUs, and create a per cpu variable to find the mapping from CPU to the preferable virtual-queue. Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Cc: Eric Dumazet <erdnetdev@gmail.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: virtualization@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-26can: pch_can: fix invalid error codesOlivier Sobrie1-1/+1
Errors in CAN protocol (location) are reported in data[3] of the can frame instead of data[2]. Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Olivier Sobrie <olivier@sobrie.be> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-01-26can: ti_hecc: fix invalid error codesOlivier Sobrie1-2/+2
Errors in CAN protocol (location) are reported in data[3] of the can frame instead of data[2]. Cc: linux-stable <stable@vger.kernel.org> Cc: Anant Gole <anantgole@ti.com> Signed-off-by: Olivier Sobrie <olivier@sobrie.be> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-01-26can: c_can: fix invalid error codesOlivier Sobrie1-2/+2
Errors in CAN protocol (location) are reported in data[3] of the can frame instead of data[2]. Cc: linux-stable <stable@vger.kernel.org> Cc: Bhupesh Sharma <bhupesh.sharma@st.com> Signed-off-by: Olivier Sobrie <olivier@sobrie.be> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2013-01-23Merge branch 'master' of ↵John W. Linville14-75/+67
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
2013-01-23r8169: remove the obsolete and incorrect AMD workaroundTimo Teräs1-7/+0
This was introduced in commit 6dccd16 "r8169: merge with version 6.001.00 of Realtek's r8169 driver". I did not find the version 6.001.00 online, but in 6.002.00 or any later r8169 from Realtek this hunk is no longer present. Also commit 05af214 "r8169: fix Ethernet Hangup for RTL8110SC rev d" claims to have fixed this issue otherwise. The magic compare mask of 0xfffe000 is dubious as it masks parts of the Reserved part, and parts of the VLAN tag. But this does not make much sense as the VLAN tag parts are perfectly valid there. In matter of fact this seems to be triggered with any VLAN tagged packet as RxVlanTag bit is matched. I would suspect 0xfffe0000 was intended to test reserved part only. Finally, this hunk is evil as it can cause more packets to be handled than what was NAPI quota causing net/core/dev.c: net_rx_action(): WARN_ON_ONCE(work > weight) to trigger, and mess up the NAPI state causing device to hang. As result, any system using VLANs and having high receive traffic (so that NAPI poll budget limits rtl_rx) would result in device hang. Signed-off-by: Timo Teräs <timo.teras@iki.fi> Acked-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-23tuntap: limit the number of flow cachesJason Wang1-1/+6
We create new flow caches when a new flow is identified by tuntap, This may lead some issues: - userspace may produce a huge amount of short live flows to exhaust host memory - the unlimited number of flow caches may produce a long list which increase the time in the linear searching Solve this by introducing a limit of total number of flow caches. Cc: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-23tuntap: reduce memory using of queuesJason Wang1-7/+8
A MAX_TAP_QUEUES(1024) queues of tuntap device is always allocated unconditionally even userspace only requires a single queue device. This is unnecessary and will lead a very high order of page allocation when has a high possibility to fail. Solving this by creating a one queue net device when userspace only use one queue and also reduce MAX_TAP_QUEUES to DEFAULT_MAX_NUM_RSS_QUEUES which can guarantee the success of the allocation. Reported-by: Dirk Hohndel <dirk@hohndel.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-23net: cdc_mbim: send ZLP only for the specific buggy deviceBjørn Mork1-0/+19
Reverting 328d7b8 and instead adding an exception for the Sierra Wireless MC7710. commit 328d7b8 (net: cdc_mbim: send ZLP after max sized NTBs) added a workaround for an issue observed on one specific device. Concerns were raised that this workaround adds a performance penalty to all devices based on questionable, if not buggy, behaviour of a single device: "If you add ZLP for NTBs of dwNtbOutMaxSize, you are heavily affecting CPU load, increasing interrupt load by factor of 2 in high load traffic scenario and possibly decreasing throughput for all other devices which behaves correctly." "The idea of NCM was to avoid extra ZLPs. If your transfer is exactly dwNtbOutMaxSize, it's known, you can submit such request on the receiver side and you do not need any EOT indicatation, so the frametime can be used for useful data." Adding a device specific exception to prevent the workaround from affecting well behaved devices. The assumption here is that needing a ZLP is truly an *exception*. We do not yet have enough data to verify this. The generic workaround in commit 328d7b8 should be considered acceptable despite the performance penalty if the exception list becomes a maintainance hassle. Cc: Alexey ORISHKO <alexey.orishko@stericsson.com> Cc: Yauheni Kaliuta <y.kaliuta@gmail.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-22mwifiex: fix typo in PCIe adapter NULL checkAvinash Patil1-1/+1
Add missing "!" as we are supposed to check "!card->adapter" in PCIe suspend handler. Cc: "3.2+" <stable@vger.kernel.org> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Reviewed-by: Sergey V. <sftp.mtuci@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22ath9k: allow setting arbitrary antenna masks on AR9003+Felix Fietkau1-0/+3
Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22ath9k_hw: fix chain swap setting when setting rx chainmask to 5Felix Fietkau1-19/+6
Chain swapping should only be enabled when the EEPROM chainmask is set to 5, regardless of what the runtime chainmask is. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22ath9k_hw: fix calibration issues on chainmask that don't include chain 0Felix Fietkau3-1/+4
Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22rtlwifi: Fix build warning introduced by commit a290593Larry Finger1-2/+2
The kbuild test robot reports the following warning with x86_64-randconfig-x955: warning: (RTL8192CE && RTL8192SE && RTL8192DE && RTL8723AE && RTL8192CU) selects RTLWIFI which has unmet direct dependencies (NETDEVICES && WLAN && (RTL8192CE || RTL8192CU || RTL8192SE || RTL8192DE)) This warning was introduced in commit a290593, "rtlwifi: Modify files for addition of rtl8723ae", and is d ue to a missing dependence of RTLWIFI on RTL8723AE. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: kbuild test robot <fengguang.wu@intel.com> Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22iwlegacy: fix IBSS cleanupStanislaw Gruszka1-21/+14
We do not correctly change interface type when switching from IBSS mode to STA mode, that results in microcode errors. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=886946 Reported-by: Jaroslav Skarvada <jskarvad@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-01-22ipv4: Fix route refcount on pmtu discoverySteffen Klassert1-2/+9
git commit 9cb3a50c (ipv4: Invalidate the socket cached route on pmtu events if possible) introduced a refcount problem. We don't get a refcount on the route if we get it from__sk_dst_get(), but we need one if we want to reuse this route because __sk_dst_set() releases the refcount of the old route. This patch adds proper refcount handling for that case. We introduce a 'new' flag to indicate that we are going to use a new route and we release the old route only if we replace it by a new one. Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-22Merge branch 'for-john' of ↵John W. Linville6-31/+35
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
2013-01-22Merge branch 'for-john' of ↵John W. Linville1-0/+2
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
2013-01-22Merge branch 'master' of ↵David S. Miller7-14/+45
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== 1) The transport header did not point to the right place after esp/ah processing on tunnel mode in the receive path. As a result, the ECN field of the inner header was not set correctly, fixes from Li RongQing. 2) We did a null check too late in one of the xfrm_replay advance functions. This can lead to a division by zero, fix from Nickolai Zeldovich. 3) The size calculation of the hash table missed the muiltplication with the actual struct size when the hash table is freed. We might call the wrong free function, fix from Michal Kubecek. 4) On IPsec pmtu events we can't access the transport headers of the original packet, so force a relookup for all routes to notify about the pmtu event. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-22net: net_cls: fd passed in SCM_RIGHTS datagram not set correctlyDaniel Wagner1-1/+4
Commit 6a328d8c6f03501657ad580f6f98bf9a42583ff7 changed the update logic for the socket but it does not update the SCM_RIGHTS update as well. This patch is based on the net_prio fix commit 48a87cc26c13b68f6cce4e9d769fcb17a6b3e4b8 net: netprio: fd passed in SCM_RIGHTS datagram not set correctly A socket fd passed in a SCM_RIGHTS datagram was not getting updated with the new tasks cgrp prioidx. This leaves IO on the socket tagged with the old tasks priority. To fix this add a check in the scm recvmsg path to update the sock cgrp prioidx with the new tasks value. Let's apply the same fix for net_cls. Signed-off-by: Daniel Wagner <daniel.wagner@bmw-carit.de> Reported-by: Li Zefan <lizefan@huawei.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Fastabend <john.r.fastabend@intel.com> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: netdev@vger.kernel.org Cc: cgroups@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-22netxen: fix off by one bug in netxen_release_tx_buffer()Eric Dumazet2-1/+3
Christoph Paasch found netxen could trigger a BUG in its dismantle phase, in netxen_release_tx_buffer(), using full size TSO packets. cmd_buf->frag_count includes the skb->data part, so the loop must start at index 1 instead of 0, or else we can make an out of bound access to cmd_buff->frag_array[MAX_SKB_FRAGS + 2] Christoph provided the fixes in netxen_map_tx_skb() function. In case of a dma mapping error, its better to clear the dma fields so that we don't try to unmap them again in netxen_release_tx_buffer() Reported-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Christoph Paasch <christoph.paasch@uclouvain.be> Cc: Sony Chacko <sony.chacko@qlogic.com> Cc: Rajesh Borundia <rajesh.borundia@qlogic.com> Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21isdn/gigaset: fix zero size border case in debug dumpTilman Schmidt1-0/+2
If subtracting 12 from l leaves zero we'd do a zero size allocation, leading to an oops later when we try to set the NUL terminator. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21cdc_ncm: add support FLAG_NOARP for Infineon modem platformWei Shuai1-0/+21
Infineon(now Intel) HSPA Modem platform NCM cannot support ARP. we can define a new common structure wwan_noarp_info. Then more similiar NO ARP devices can be handled easily Signed-off-by: Wei Shuai <cpuwolf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21usbnet: add new flag FLAG_NOARP for usb net devicesWei Shuai2-0/+5
We do have some USB net devices, which cannot do ARP. so we can introduce a new flag FLAG_NOARP, then client drivers can easily handle this kind of devices Signed-off-by: Wei Shuai <cpuwolf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21Merge branch 'usb_cdc_fixes'David S. Miller2-2/+30
Bjørn Mork says: ==================== The 2 first patches in this series are required to make the Sierra Wireless MC7710 card work in MBIM mode. They may also be required for other Qualcomm firmware based MBIM devices. Patch #1 was previously posted as a standalone patch. This version is a replacement, removing a theoretical NULL pointer exception. Patch #3 fixes a bug I introduced in v3.7 ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21net: cdc_ncm: fix error path for single interface probingBjørn Mork1-1/+2
commit bbc8d92 (net: cdc_ncm: add Huawei devices) implemented support for devices with a single combined control and data interface. Fix up the error path so that we do not double release such interfaces in case of probing failures. Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21net: cdc_mbim: send ZLP after max sized NTBsBjørn Mork1-1/+1
We normally avoid sending ZLPs by padding NTBs with a zero byte if the NTB is shorter than dwNtbOutMaxSize, resulting in a short USB packet instead of a ZLP. But in the case where the NTB length is exactly dwNtbOutMaxSize and this is an exact multiplum of wMaxPacketSize, then we must send a ZLP. This fixes an issue seen on a Sierra Wireless MC7710 device where the transmission would fail whenever we ended up padding the NTBs to max size. Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21net: cdc_ncm: workaround for missing CDC UnionBjørn Mork1-0/+27
Adding support for the MBIM mode in some Sierra Wireless devices. Some Sierra Wireless firmwares support CDC MBIM but have no CDC Union funtional descriptor. This violates the MBIM specification, but we can easily work around the bug by looking at the Interface Association Descriptor instead. This is most likely what Windows uses too, which explains how the firmware bug has gone unnoticed until now. This change will not affect any currently supported device conforming to the NCM or MBIM specifications, as they must have the CDC Union descriptor. Cc: Greg Suarez <gsuarez@smithmicro.com> Cc: Alexey Orishko <alexey.orishko@stericsson.com> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21ipv4: Add a socket release callback for datagram socketsSteffen Klassert5-0/+30
This implements a socket release callback function to check if the socket cached route got invalid during the time we owned the socket. The function is used from udp, raw and ping sockets. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21ipv4: Invalidate the socket cached route on pmtu events if possibleSteffen Klassert1-1/+41
The route lookup in ipv4_sk_update_pmtu() might return a route different from the route we cached at the socket. This is because standart routes are per cpu, so each cpu has it's own struct rtable. This means that we do not invalidate the socket cached route if the NET_RX_SOFTIRQ is not served by the same cpu that the sending socket uses. As a result, the cached route reused until we disconnect. With this patch we invalidate the socket cached route if possible. If the socket is owened by the user, we can't update the cached route directly. A followup patch will implement socket release callback functions for datagram sockets to handle this case. Reported-by: Yurij M. Plotnikov <Yurij.Plotnikov@oktetlabs.ru> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-21xfrm4: Invalidate all ipv4 routes on IPsec pmtu eventsSteffen Klassert3-6/+15
On IPsec pmtu events we can't access the transport headers of the original packet, so we can't find the socket that sent the packet. The only chance to notify the socket about the pmtu change is to force a relookup for all routes. This patch implenents this for the IPsec protocols. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2013-01-21xfrm: fix freed block size calculation in xfrm_policy_fini()Michal Kubecek1-1/+1
Missing multiplication of block size by sizeof(struct hlist_head) can cause xfrm_hash_free() to be called with wrong second argument so that kfree() is called on a block allocated with vzalloc() or __get_free_pages() or free_pages() is called with wrong order when a namespace with enough policies is removed. Bug introduced by commit a35f6c5d, i.e. versions >= 2.6.29 are affected. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2013-01-20net: splice: fix __splice_segment()Eric Dumazet1-13/+15
commit 9ca1b22d6d2 (net: splice: avoid high order page splitting) forgot that skb->head could need a copy into several page frags. This could be the case for loopback traffic mostly. Also remove now useless skb argument from linear_to_page() and __splice_segment() prototypes. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-20net: splice: avoid high order page splittingEric Dumazet1-29/+9
splice() can handle pages of any order, but network code tries hard to split them in PAGE_SIZE units. Not quite successfully anyway, as __splice_segment() assumed poff < PAGE_SIZE. This is true for the skb->data part, not necessarily for the fragments. This patch removes this logic to give the pages as they are in the skb. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-20tcp: fix incorrect LOCKDROPPEDICMPS counterEric Dumazet1-5/+4
commit 563d34d057 (tcp: dont drop MTU reduction indications) added an error leading to incorrect accounting of LINUX_MIB_LOCKDROPPEDICMPS If socket is owned by the user, we want to increment this SNMP counter, unless the message is a (ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED) one. Reported-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Neal Cardwell <ncardwell@google.com> Signed-off-by: Maciej Żenczykowski <maze@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>