1. 05 Aug, 2013 1 commit
  2. 04 Aug, 2013 2 commits
  3. 03 Aug, 2013 20 commits
  4. 02 Aug, 2013 17 commits
    • Paul Moore's avatar
      netlabel: use domain based selectors when address based selectors are not available · 6a8b7f0c
      Paul Moore authored
      NetLabel has the ability to selectively assign network security labels
      to outbound traffic based on either the LSM's "domain" (different for
      each LSM), the network destination, or a combination of both.  Depending
      on the type of traffic, local or forwarded, and the type of traffic
      selector, domain or address based, different hooks are used to label the
      traffic; the goal being minimal overhead.
      
      Unfortunately, there is a bug such that a system using NetLabel domain
      based traffic selectors does not correctly label outbound local traffic
      that is not assigned to a socket.  The issue is that in these cases
      the associated NetLabel hook only looks at the address based selectors
      and not the domain based selectors.  This patch corrects this by
      checking both the domain and address based selectors so that the correct
      labeling is applied, regardless of the configuration type.
      
      In order to acomplish this fix, this patch also simplifies some of the
      NetLabel domainhash structures to use a more common outbound traffic
      mapping type: struct netlbl_dommap_def.  This simplifies some of the code
      in this patch and paves the way for further simplifications in the
      future.
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a8b7f0c
    • Michael Chan's avatar
      cnic, bnx2i: Fix bug on some bnx2x devices that don't support iSCSI · 9e9402eb
      Michael Chan authored
      On some bnx2x devices, iSCSI is determined to be unsupported only after
      firmware is downloaded.  We need to check max_iscsi_conn again after
      NETDEV_UP and block iSCSI init operations.  Without this fix, iscsiadm
      can hang as the firmware will not respond to the iSCSI init message.
      Signed-off-by: default avatarEddie Wai <eddie.wai@broadcom.com>
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9e9402eb
    • David S. Miller's avatar
      Merge branch 'bond_neigh_parms' · 4b42df5d
      David S. Miller authored
      Veaceslav Falico says:
      
      ====================
      Recent patches revealed an old bug, which was there for quite awhile. It's
      related to vlan on top of bonding and ndo_neigh_setup(). When vlan device
      is initiated, it calls its real_dev->ndo_neigh_setup(), and in case of
      bonding - it will modify neigh_parms->neigh_setup to point to
      bond_neigh_init, while neigh_parms are of vlan's dev.
      
      This way, when neigh_parms->neigh_setup() of vlan's dev is called, the
      bonding function will be called, which expects the dev to be struct
      bonding, but will receive a vlan dev.
      
      It was hidden before because of bond->first_slave usage. Now, with
      Nikolay's conversion to list/RCU, first_slave is gone and we hit a null
      pointer dereference when working with lists/slave.
      
      First patch moves ndo_neigh_setup() in neigh_parms_alloc() to the bottom,
      so that the ->dev will be available to the caller. It doesn't really change
      anything, however is needed for the second patch.
      
      Second patch makes bond_neigh_setup() (bond->ndo_neigh_setup()) check if
      the neigh_parms are really from a bonding dev, and only modify the
      neigh_setup in this case.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4b42df5d
    • Veaceslav Falico's avatar
      bonding: modify only neigh_parms owned by us · 9918d5bf
      Veaceslav Falico authored
      Otherwise, on neighbour creation, bond_neigh_init() will be called with a
      foreign netdev.
      Signed-off-by: default avatarVeaceslav Falico <vfalico@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9918d5bf
    • Veaceslav Falico's avatar
      neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup · 63134803
      Veaceslav Falico authored
      dev->ndo_neigh_setup() might need some of the values of neigh_parms, so
      populate them before calling it.
      Signed-off-by: default avatarVeaceslav Falico <vfalico@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      63134803
    • Daniel Borkmann's avatar
      net: netlink: minor: remove unused pointer in alloc_pg_vec · 8a849bb7
      Daniel Borkmann authored
      Variable ptr is being assigned, but never used, so just remove it.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a849bb7
    • Stefan Tomanek's avatar
      fib_rules: add route suppression based on ifgroup · 6ef94cfa
      Stefan Tomanek authored
      This change adds the ability to suppress a routing decision based upon the
      interface group the selected interface belongs to. This allows it to
      exclude specific devices from a routing decision.
      Signed-off-by: default avatarStefan Tomanek <stefan.tomanek@wertarbyte.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ef94cfa
    • Roman Gushchin's avatar
      net: check net.core.somaxconn sysctl values · 5f671d6b
      Roman Gushchin authored
      It's possible to assign an invalid value to the net.core.somaxconn
      sysctl variable, because there is no checks at all.
      
      The sk_max_ack_backlog field of the sock structure is defined as
      unsigned short. Therefore, the backlog argument in inet_listen()
      shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
      is truncated to the somaxconn value. So, the somaxconn value shouldn't
      exceed 65535 (USHRT_MAX).
      Also, negative values of somaxconn are meaningless.
      
      before:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      net.core.somaxconn = 65536
      $ sysctl -w net.core.somaxconn=-100
      net.core.somaxconn = -100
      
      after:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      error: "Invalid argument" setting key "net.core.somaxconn"
      $ sysctl -w net.core.somaxconn=-100
      error: "Invalid argument" setting key "net.core.somaxconn"
      
      Based on a prior patch from Changli Gao.
      Signed-off-by: default avatarRoman Gushchin <klamm@yandex-team.ru>
      Reported-by: default avatarChangli Gao <xiaosuo@gmail.com>
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f671d6b
    • Werner Almesberger's avatar
      icmpv6_filter: allow ICMPv6 messages with bodies < 4 bytes · d1c53c8e
      Werner Almesberger authored
      By using sizeof(_hdr), net/ipv6/raw.c:icmpv6_filter implicitly assumes
      that any valid ICMPv6 message is at least eight bytes long, i.e., that
      the message body is at least four bytes.
      
      The DIS message of RPL (RFC 6550 section 6.2, from the 6LoWPAN world),
      has a minimum length of only six bytes, and is thus blocked by
      icmpv6_filter.
      
      RFC 4443 seems to allow even a zero-sized body, making the minimum
      allowable message size four bytes.
      Signed-off-by: default avatarWerner Almesberger <werner@almesberger.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1c53c8e
    • Werner Almesberger's avatar
      icmpv6_filter: fix "_hdr" incorrectly being a pointer · 9cc08af3
      Werner Almesberger authored
      "_hdr" should hold the ICMPv6 header while "hdr" is the pointer to it.
      This worked by accident.
      Signed-off-by: default avatarWerner Almesberger <werner@almesberger.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9cc08af3
    • Denis Kirjanov's avatar
      sis900: Fix the tx queue timeout issue · 3508ea33
      Denis Kirjanov authored
      [  198.720048] ------------[ cut here ]------------
      [  198.720108] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:255 dev_watchdog+0x229/0x240()
      [  198.720118] NETDEV WATCHDOG: eth0 (sis900): transmit queue 0 timed out
      [  198.720125] Modules linked in: bridge stp llc dmfe sundance 3c59x sis900 mii
      [  198.720159] CPU: 0 PID: 0 Comm: swapper Not tainted 3.11.0-rc3+ #12
      [  198.720167] Hardware name: System Manufacturer System Name/TUSI-M, BIOS ASUS TUSI-M ACPI BIOS
      Revision 1013 Beta 001 12/14/2001
      [  198.720175]  000000ff c13fa6b9 c169ddcc c12208d6 c169ddf8 c1031e4d c1664a84 c169de24
      [  198.720197]  00000000 c165f5ea 000000ff c13fa6b9 00000001 000000ff c1664a84 c169de10
      [  198.720217]  c1031f13 00000009 c169de08 c1664a84 c169de24 c169de50 c13fa6b9 c165f5ea
      [  198.720240] Call Trace:
      [  198.720257]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720274]  [<c12208d6>] dump_stack+0x16/0x20
      [  198.720306]  [<c1031e4d>] warn_slowpath_common+0x7d/0xa0
      [  198.720318]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720330]  [<c1031f13>] warn_slowpath_fmt+0x33/0x40
      [  198.720342]  [<c13fa6b9>] dev_watchdog+0x229/0x240
      [  198.720357]  [<c103f158>] call_timer_fn+0x78/0x150
      [  198.720369]  [<c103f0e0>] ? internal_add_timer+0x40/0x40
      [  198.720381]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720392]  [<c103f33f>] run_timer_softirq+0x10f/0x200
      [  198.720412]  [<c103954f>] ? __do_softirq+0x6f/0x210
      [  198.720424]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720435]  [<c1039598>] __do_softirq+0xb8/0x210
      [  198.720467]  [<c14b54d2>] ? _raw_spin_unlock+0x22/0x30
      [  198.720484]  [<c1003245>] ? handle_irq+0x25/0xd0
      [  198.720496]  [<c1039c0c>] irq_exit+0x9c/0xb0
      [  198.720508]  [<c14bc9d7>] do_IRQ+0x47/0x94
      [  198.720534]  [<c1056078>] ? hrtimer_start+0x28/0x30
      [  198.720564]  [<c14bc8b1>] common_interrupt+0x31/0x38
      [  198.720589]  [<c1008692>] ? default_idle+0x22/0xa0
      [  198.720600]  [<c10083c7>] arch_cpu_idle+0x17/0x30
      [  198.720631]  [<c106d23d>] cpu_startup_entry+0xcd/0x180
      [  198.720643]  [<c14ae30a>] rest_init+0xaa/0xb0
      [  198.720654]  [<c14ae260>] ? reciprocal_value+0x50/0x50
      [  198.720668]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720679]  [<c1704bda>] start_kernel+0x29a/0x350
      [  198.720690]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720721]  [<c1704269>] i386_start_kernel+0x39/0xa0
      [  198.720729] ---[ end trace 81e0a6266f5c73a8 ]---
      [  198.720740] eth0: Transmit timeout, status 00000204 00000000
      
      timer routine checks the link status and if it's up calls
      netif_carrier_on() allowing upper layer to start the tx queue
      even if the auto-negotiation process is not finished.
      
      Also remove ugly auto-negotiation check from the sis900_start_xmit()
      
      CC: Duan Fugang <B38611@freescale.com>
      CC: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDenis Kirjanov <kda@linux-powerpc.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3508ea33
    • Phil Sutter's avatar
      af_packet: simplify VLAN frame check in packet_snd · c483e026
      Phil Sutter authored
      For ethernet frames, eth_type_trans() already parses the header, so one
      can skip this when checking the frame size.
      Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c483e026
    • Phil Sutter's avatar
      af_packet: fix for sending VLAN frames via packet_mmap · cbd89acb
      Phil Sutter authored
      Since tpacket_fill_skb() parses the protocol field in ethernet frames'
      headers, it's easy to see if any passed frame is a VLAN one and account
      for the extended size.
      
      But as the real protocol does not turn up before tpacket_fill_skb()
      runs which in turn also checks the frame length, move the max frame
      length calculation into the function.
      Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cbd89acb
    • Phil Sutter's avatar
      af_packet: when sending ethernet frames, parse header for skb->protocol · 0f75b09c
      Phil Sutter authored
      This may be necessary when the SKB is passed to other layers on the go,
      which check the protocol field on their own. An example is a VLAN packet
      sent out using AF_PACKET on a bridge interface. The bridging code checks
      the SKB size, accounting for any VLAN header only if the protocol field
      is set accordingly.
      
      Note that eth_type_trans() sets skb->dev to the passed argument, so this
      can be skipped in packet_snd() for ethernet frames, as well.
      Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0f75b09c
    • Linus Torvalds's avatar
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · abe03080
      Linus Torvalds authored
      Pull infiniband/rdma fixes from Roland Dreier:
       - Fixes for the newly merged mlx5 hardware driver
       - Stack info leak fixes from Dan Carpenter
       - Fixes for pkey table handling with SR-IOV
       - A few other small things
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        IPoIB: Fix pkey change flow for virtualization environments
        IPoIB: Make sure child devices use valid/proper pkeys
        IB/core: Create QP1 using the pkey index which contains the default pkey
        mlx5_core: Variable may be used uninitialized
        mlx5_core: Implement new initialization sequence
        mlx5_core: Fix use after free in mlx5_cmd_comp_handler()
        IB/mlx5: Fix stack info leak in mlx5_ib_alloc_ucontext()
        IB/mlx5: Fix error return code in init_one()
        IB/mlx4: Use default pkey when creating tunnel QPs
        RDMA/cma: Only call cma_save_ib_info() for CM REQs
        RDMA/cma: Fix accessing invalid private data for UD
        RDMA/cma: Fix gcc warning
        Revert "RDMA/nes: Fix compilation error when nes_debug is enabled"
        IB/qib: Add err_decode() call for ring dump
        RDMA/cxgb3: Fix stack info leak in iwch_create_cq()
        RDMA/nes: Fix info leaks in nes_create_qp() and nes_create_cq()
        RDMA/ocrdma: Fix several stack info leaks
        RDMA/cxgb4: Fix stack info leak in c4iw_create_qp()
        RDMA/ocrdma: Remove unused include
      abe03080
    • Linus Torvalds's avatar
      Merge tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 1cb39a6c
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Yet another GPIO pull request, fixing the fix from the last one.  It
        turns out that fixing the boot path for device tree boots on OMAP
        breaks out antique systems (such as OMAP1) and we need to find a
        better way.  So we're reverting that "fix" for the moment and thinking
        about something better.
      
        Also fixing a build issue on the MSM driver"
      
      * tag 'gpio-for-v3.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio_msm: Fix build error due to missing err.h
        Revert "gpio/omap: don't create an IRQ mapping for every GPIO on DT"
        Revert "gpio/omap: auto request GPIO as input if used as IRQ via DT"
        Revert "gpio/omap: fix build error when OF_GPIO is not defined."
      1cb39a6c
    • Daniel Borkmann's avatar
      net: rtm_to_ifaddr: free ifa if ifa_cacheinfo processing fails · 446266b0
      Daniel Borkmann authored
      Commit 5c766d64 ("ipv4: introduce address lifetime") leaves the ifa
      resource that was allocated via inet_alloc_ifa() unfreed when returning
      the function with -EINVAL. Thus, free it first via inet_free_ifa().
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Reviewed-by: default avatarJiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      446266b0