- 16 Sep, 2013 12 commits
-
-
Manish Chopra authored
o At the time of firmware hang "adapter->need_fw_reset" variable gets set but after re-initialization of firmware OR at the time of VF re-initialization that variable was not getting cleared which was leading to failure in VF reset recovery.Fix it by clearing this variable before re-initializing VF Signed-off-by:
Manish Chopra <manish.chopra@qlogic.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Hong Zhiguo authored
The NULL deref happens when br_handle_frame is called between these 2 lines of del_nbp: dev->priv_flags &= ~IFF_BRIDGE_PORT; /* --> br_handle_frame is called at this time */ netdev_rx_handler_unregister(dev); In br_handle_frame the return of br_port_get_rcu(dev) is dereferenced without check but br_port_get_rcu(dev) returns NULL if: !(dev->priv_flags & IFF_BRIDGE_PORT) Eric Dumazet pointed out the testing of IFF_BRIDGE_PORT is not necessary here since we're in rcu_read_lock and we have synchronize_net() in netdev_rx_handler_unregister. So remove the testing of IFF_BRIDGE_PORT and by the previous patch, make sure br_port_get_rcu is called in bridging code. Signed-off-by:
Hong Zhiguo <zhiguohong@tencent.com> Acked-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
Hong Zhiguo authored
current br_port_get_rcu is problematic in bridging path (NULL deref). Change these calls in netlink path first. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/toshiba/ps3_gelic_net.c It's a NOOP since 2.6.35 and I will remove it one day ;) Signed-off-by:
Michael Opdenacker <michael.opdenacker@free-electrons.com> Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from code in drivers/net/ethernet/smsc/ It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/pasemi/pasemi_mac.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from code in drivers/net/ethernet/natsemi/ It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/micrel/ks8851_mll.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/lantiq_etop.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/hp/hp100.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/freescale/fec_main.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
- 14 Sep, 2013 6 commits
-
-
Jon Mason authored
Use the already existing pm_cap variable in struct pci_dev for determining the power management offset. This saves the driver from having to keep track of an extra variable. Signed-off-by:
Jon Mason <jdmason@kudzu.us> Cc: Nithin Nayak Sujir <nsujir@broadcom.com> Cc: Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Jon Mason authored
Use the already existing pm_cap variable in struct pci_dev for determining the power management offset. This saves the driver from having to keep track of an extra variable. Signed-off-by:
-
Yijing Wang authored
Pci_enable_device_mem() will set device power state to D0, so it's no need to do it again in alx_probe(). Also remove redundant PM Cap find code, because pci core has been saved the pci device pm cap value. Signed-off-by:
Yijing Wang <wangyijing@huawei.com> Signed-off-by:
-
Antonio Alecrim Jr authored
Signed-off-by:
Antonio Alecrim Jr <antonio.alecrim@gmail.com> Signed-off-by:
-
Kees Cook authored
Avoid unneeded local string buffers for constructing debug output. Also cleans up debug calls that contain a single parameter so that they cannot be accidentally parsed as format strings. Signed-off-by:
Kees Cook <keescook@chromium.org> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: David Miller <davem@davemloft.net> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Libo Chen authored
Signed-off-by:
Libo Chen <libo.chen@huawei.com> Cc: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by:
-
- 13 Sep, 2013 17 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/netDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains updates to ixgbe and e1000e. Jacob provides a ixgbe patch to fix the configure_rx patch to properly disable RSC hardware logic when a user disables it. Previously we only disabled RSC in the queue settings, but this does not fully disable hardware RSC logic which can lead to unexpected performance issues. Emil provides three fixes for ixgbe. First fixes the ethtool loopback test when DCB is enabled, where the frames may be modified on Tx (by adding VLAN tag) which will fail the check on receive. Then a fix for QSFP+ modules, limit the speed setting to advertise only one speed at a time since the QSFP+ modules do not support auto negotiation. Lastly, resolve an issue where the driver will display incorrect info for QSFP+ modules that were inserted after the driver has been loaded. David Ertman provides to fixes for e1000e, one removes a comparison to the boolean value true where evaluating the lvalue will produce the same result. The other fixes an error in the calculation of the rar_entry_count, which causes a write of unkown/undefined register space in the MAC to unknown/undefined register space in the PHY. ==================== Signed-off-by: -
David Ertman authored
When copying the MAC RAR registers to PHY there is an error in the calculation of the rar_entry_count, which causes a write of unknown/ undefined register space in the MAC to unknown/undefined register space in the PHY. This patch fixes the overrun with writing to the PHY RAR and also fixes the ethtool offline register tests so that the correctly addressed registers have the appropriate bitmasks for R/W and RO bits for affected parts. Shawn Rader gets credit for finding and fixing the register overrun. Signed-off-by:
Dave Ertman <davidx.m.ertman@intel.com> CC: Shawn Rader <shawn.t.rader@intel.com> Tested-by:
Aaron Brown <aaron.f.brown@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
David Ertman authored
Removing a comparison to the boolean value true where simply interrogating the lvalue will produce the same result. Signed-off-by:
-
Emil Tantilov authored
This patch resolves an issue where the driver will display incorrect info for Q/SFP+ modules that were inserted after the driver has been loaded. This patch adds a call to identify_phy() in ixgbe_get_settings() prior to calling get_link_capabilities() which needs the PHY data in order to determine the correct settings. Signed-off-by:
Emil Tantilov <emil.s.tantilov@intel.com> Tested-by:
Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by:
-
Emil Tantilov authored
QSFP+ modules do not support auto negotiation and should advertise only one speed at a time. This patch adds logic in ethtool to allow setting and reporting the advertised speed at either 1Gbps or 10Gbps, but not both. Also limits the speed set in ixgbe_sfp_link_config_subtask() to highest supported. Previously the link was set to whatever the supported speeds were. Signed-off-by:
-
Emil Tantilov authored
This patch disables DCB prior to running the loopback test. When DCB is enabled the frames may be modified on Tx (by adding vlan tag) which will fail the check on Rx. Signed-off-by:
Jack Morgan <jack.morgan@intel.com> Signed-off-by:
-
Jacob Keller authored
This patch modifies the configure_rx path in order to properly disable RSC hardware logic when the user disables it. Previously we only disabled RSC in the queue settings, but this does not fully disable hardware RSC logic which can lead to some unexpected performance issues. Signed-off-by:
Jacob Keller <jacob.e.keller@intel.com> Tested-by:
-
Alexey Khoroshilov authored
If rx_urb allocation fails in mcs_setup_urbs(), tx_urb leaks. If mcs_receive_start() fails in mcs_net_open(), the both urbs are not deallocated. The patch fixes the issues and by the way fixes label indentation. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by:
-
Eugenia Emantayev authored
When the device is down, CQs are freed. We must check the device state to avoid issuing firmware commands on non existing CQs. CC: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
Eugenia Emantayev <eugenia@mellanox.com> Signed-off-by:
Amir Vadai <amirv@mellanox.com> Signed-off-by:
-
Herbert Xu authored
At some point limits were added to forward_delay. However, the limits are only enforced when STP is enabled. This created a scenario where you could have a value outside the allowed range while STP is disabled, which then stuck around even after STP is enabled. This patch fixes this by clamping the value when we enable STP. I had to move the locking around a bit to ensure that there is no window where someone could insert a value outside the range while we're in the middle of enabling STP. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Cheers, Signed-off-by:
-
Chris Healy authored
This changes the message_age_timer calculation to use the BPDU's max age as opposed to the local bridge's max age. This is in accordance with section 8.6.2.3.2 Step 2 of the 802.1D-1998 sprecification. With the current implementation, when running with very large bridge diameters, convergance will not always occur even if a root bridge is configured to have a longer max age. Tested successfully on bridge diameters of ~200. Signed-off-by:
Chris Healy <cphealy@gmail.com> Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/dec/tulip/de4x5.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
Grant Grundler <grundler@parisc-linux.org> Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/amd/sun3lance.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/ibm/ehea/ehea_main.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Signed-off-by:
-
Michael Opdenacker authored
This patch proposes to remove the IRQF_DISABLED flag from drivers/net/ethernet/adi/bfin_mac.c. It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by:
Jingoo Han <jg1.han@samsung.com> Signed-off-by:
-
David Vrabel authored
When a VM is providing an iSCSI target and the LUN is used by the backend domain, the generated skbs for direct I/O writes to the disk have large, multi-page skb->data but no frags. With some lengths and starting offsets, xen_netbk_count_skb_slots() would be one short because the simple calculation of DIV_ROUND_UP(skb_headlen(), PAGE_SIZE) was not accounting for the decisions made by start_new_rx_buffer() which does not guarantee responses are fully packed. For example, a skb with length < 2 pages but which spans 3 pages would be counted as requiring 2 slots but would actually use 3 slots. skb->data: | 1111|222222222222|3333 | Fully packed, this would need 2 slots: |111122222222|22223333 | But because the 2nd page wholy fits into a slot it is not split across slots and goes into a slot of its own: |1111 |222222222222|3333 | Miscounting the number of slots means netback may push more responses than the number of available requests. This will cause the frontend to get very confused and report "Too many frags/slots". The frontend never recovers and will eventually BUG. Fix this by counting the number of required slots more carefully. In xen_netbk_count_skb_slots(), more closely follow the algorithm used by xen_netbk_gop_skb() by introducing xen_netbk_count_frag_slots() which is the dry-run equivalent of netbk_gop_frag_copy(). Signed-off-by:David Vrabel <david.vrabel@citrix.com> Acked-by:
Ian Campbell <ian.campbell@citrix.com> Signed-off-by:
-
Nithin Sujir authored
Commit 989038e2 ("tg3: Don't turn off led on 5719 serdes port 0") added code to skip turning led off on port 0 of the 5719 since it powered down other ports. This workaround needs to be enabled on the 5720 as well. Cc: stable@vger.kernel.org Signed-off-by:
Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
- 12 Sep, 2013 5 commits
-
-
Daniel Borkmann authored
Alan Chester reported an issue with IPv6 on SCTP that IPsec traffic is not being encrypted, whereas on IPv4 it is. Setting up an AH + ESP transport does not seem to have the desired effect: SCTP + IPv4: 22:14:20.809645 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto AH (51), length 116) 192.168.0.2 > 192.168.0.5: AH(spi=0x00000042,sumlen=16,seq=0x1): ESP(spi=0x00000044,seq=0x1), length 72 22:14:20.813270 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto AH (51), length 340) 192.168.0.5 > 192.168.0.2: AH(spi=0x00000043,sumlen=16,seq=0x1): SCTP + IPv6: 22:31:19.215029 IP6 (class 0x02, hlim 64, next-header SCTP (132) payload length: 364) fe80::222:15ff:fe87:7fc.3333 > fe80::92e6:baff:fe0d:5a54.36767: sctp 1) [INIT ACK] [init tag: 747759530] [rwnd: 62464] [OS: 10] [MIS: 10] Moreover, Alan says: This problem was seen with both Racoon and Racoon2. Other people have seen this with OpenSwan. When IPsec is configured to encrypt all upper layer protocols the SCTP connection does not initialize. After using Wireshark to follow packets, this is because the SCTP packet leaves Box A unencrypted and Box B believes all upper layer protocols are to be encrypted so it drops this packet, causing the SCTP connection to fail to initialize. When IPsec is configured to encrypt just SCTP, the SCTP packets are observed unencrypted. In fact, using `socat sctp6-listen:3333 -` on one end and transferring "plaintext" string on the other end, results in cleartext on the wire where SCTP eventually does not report any errors, thus in the latter case that Alan reports, the non-paranoid user might think he's communicating over an encrypted transport on SCTP although he's not (tcpdump ... -X): ... 0x0030: 5d70 8e1a 0003 001a 177d eb6c 0000 0000 ]p.......}.l.... 0x0040: 0000 0000 706c 6169 6e74 6578 740a 0000 ....plaintext... Only in /proc/net/xfrm_stat we can see XfrmInTmplMismatch increasing on the receiver side. Initial follow-up analysis from Alan's bug report was done by Alexey Dobriyan. Also thanks to Vlad Yasevich for feedback on this. SCTP has its own implementation of sctp_v6_xmit() not calling inet6_csk_xmit(). This has the implication that it probably never really got updated along with changes in inet6_csk_xmit() and therefore does not seem to invoke xfrm handlers. SCTP's IPv4 xmit however, properly calls ip_queue_xmit() to do the work. Since a call to inet6_csk_xmit() would solve this problem, but result in unecessary route lookups, let us just use the cached flowi6 instead that we got through sctp_v6_get_dst(). Since all SCTP packets are being sent through sctp_packet_transmit(), we do the route lookup / flow caching in sctp_transport_route(), hold it in tp->dst and skb_dst_set() right after that. If we would alter fl6->daddr in sctp_v6_xmit() to np->opt->srcrt, we possibly could run into the same effect of not having xfrm layer pick it up, hence, use fl6_update_dst() in sctp_v6_get_dst() instead to get the correct source routed dst entry, which we assign to the skb. Also source address routing example from 62503411 ("sctp: fix sctp to work with ipv6 source address routing") still works with this patch! Nevertheless, in RFC5095 it is actually 'recommended' to not use that anyway due to traffic amplification [1]. So it seems we're not supposed to do that anyway in sctp_v6_xmit(). Moreover, if we overwrite the flow destination here, the lower IPv6 layer will be unable to put the correct destination address into IP header, as routing header is added in ipv6_push_nfrag_opts() but then probably with wrong final destination. Things aside, result of this patch is that we do not have any XfrmInTmplMismatch increase plus on the wire with this patch it now looks like: SCTP + IPv6: 08:17:47.074080 IP6 2620:52:0:102f:7a2b:cbff:fe27:1b0a > 2620:52:0:102f:213:72ff:fe32:7eba: AH(spi=0x00005fb4,seq=0x1): ESP(spi=0x00005fb5,seq=0x1), length 72 08:17:47.074264 IP6 2620:52:0:102f:213:72ff:fe32:7eba > 2620:52:0:102f:7a2b:cbff:fe27:1b0a: AH(spi=0x00003d54,seq=0x1): ESP(spi=0x00003d55,seq=0x1), length 296 This fixes Kernel Bugzilla 24412. This security issue seems to be present since 2.6.18 kernels. Lets just hope some big passive adversary in the wild didn't have its fun with that. lksctp-tools IPv6 regression test suite passes as well with this patch. [1] http://www.secdev.org/conf/IPv6_RH_security-csw07.pdfReported-by:Alan Chester <alan.chester@tekelec.com> Reported-by:
Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
Daniel Borkmann <dborkman@redhat.com> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by:
Vlad Yasevich <vyasevich@gmail.com> Signed-off-by:
-
Jason Wang authored
Commit c8d68e6b (tuntap: multiqueue support) only call free_netdev() on error in tun_set_iff(). This causes several issues: - memory of tun security were leaked - use after free since the flow gc timer was not deleted and the tfile were not detached This patch solves the above issues. Reported-by:
Wannes Rombouts <wannes.rombouts@epitech.eu> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
Jason Wang <jasowang@redhat.com> Acked-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Kees Cook authored
This makes sure a format string cannot accidentally leak into the kthread_run() call. Signed-off-by:
-
Sonic Zhang authored
The received ARP request type in the Ethernet packet head is ETH_P_ARP other than ETH_P_IP. [ Bug introduced by commit b7394d24 ("netpoll: prepare for ipv6") ] Signed-off-by:
Sonic Zhang <sonic.zhang@analog.com> Signed-off-by:
-
Fujinaka, Todd authored
Flow control is defined in the four EEPROM sections but the driver only reads from section 0. Signed-off-by:
Todd Fujinaka <todd.fujinaka@intel.com> Tested-by:
-
