- 08 May, 2008 6 commits
-
-
Pavel Emelyanov authored
When a net namespace is destroyed, some devices (those, not killed on ns stop explicitly) are moved back to init_net. The problem, is that this net_ns change has one point of failure - the __dev_alloc_name() may be called if a name collision occurs (and this is easy to trigger). This allocator performs a likely-to-fail GFP_ATOMIC allocation to find a suitable number. Other possible conditions that may cause error (for device being ns local or not registered) are always false in this case. So, when this call fails, the device is unregistered. But this is *not* the right thing to do, since after this the device may be released (and kfree-ed) improperly. E. g. bridges require more actions (sysfs update, timer disarming, etc.), some other devices want to remove their private areas from lists, etc. I. e. arbitrary use-after-free cases may occur. The proposed fix is the following: since the only reason for the dev_change_net_namespace to fail is the name generation, we may give it a unique fall-back name w/o %d-s in it - the dev<ifindex> one, since ifindexes are still unique. So make this change, raise the failure-case printk loglevel to EMERG and replace the unregister_netdevice call with BUG(). [ Use snprintf() -DaveM ] Signed-off-by:
Pavel Emelyanov <xemul@openvz.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
When conntrack and DCCP/SCTP protocols are enabled, chances are good that people also want DCCP/SCTP conntrack and NAT support. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Patrick McHardy authored
Some Inovaphone PBXs exhibit very stange behaviour: when dialing for example "123", the device sends INVITE requests for "1", "12" and "123" back to back. The first requests will elicit error responses from the receiver, causing the SIP helper to flush the RTP expectations even though we might still see a positive response. Note the sequence number of the last INVITE request that contained a media description and only flush the expectations when receiving a negative response for that sequence number. Signed-off-by:
-
Patrick McHardy authored
As noticed by Ben Greear, macvlan crashes the kernel when unloading the module. The reason is that it tries to clean up the macvlan_port pointer on the macvlan device itself instead of the underlying device. A non-NULL pointer is taken as indication that the macvlan_handle_frame_hook is valid, when receiving the next packet on the underlying device it tries to call the NULL hook and crashes. Clean up the macvlan_port on the correct device to fix this. Signed-off-by; Patrick McHardy <kaber@trash.net> Tested-by:
Ben Greear <greearb@candelatech.com> Signed-off-by:
-
J.H.M. Dassen (Ray) authored
RFC 1122 does not have a section 3.1.2.2. The requirement to silently discard datagrams with a bad checksum is in section 3.2.1.2 instead. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=10611Signed-off-by:
J.H.M. Dassen (Ray) <jdassen@debian.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Ilpo Järvinen authored
Note: there's actually another bug in FRTO's SACK variant, which is the causing failure in NewReno case because of the error that's fixed here. I'll fix the SACK case separately (it's a separate bug really, though related, but in order to fix that I need to audit tp->snd_nxt usage a bit). There were two places where SACK variant of FRTO is getting incorrectly used even if SACK wasn't negotiated by the TCP flow. This leads to incorrect setting of frto_highmark with NewReno if a previous recovery was interrupted by another RTO. An eventual fallback to conventional recovery then incorrectly considers one or couple of segments as forward transmissions though they weren't, which then are not LOST marked during fallback making them "non-retransmittable" until the next RTO. In a bad case, those segments are really lost and are the only one left in the window. Thus TCP needs another RTO to continue. The next FRTO, however, could again repeat the same events making the progress of the TCP flow extremely slow. In order for these events to occur at all, FRTO must occur again in FRTOs step 3 while the key segments must be lost as well, which is not too likely in practice. It seems to most frequently with some small devices such as network printers that *seem* to accept TCP segments only in-order. In cases were key segments weren't lost, things get automatically resolved because those wrongly marked segments don't need to be retransmitted in order to continue. I found a reproducer after digging up relevant reports (few reports in total, none at netdev or lkml I know of), some cases seemed to indicate middlebox issues which seems now to be a false assumption some people had made. Bugzilla #10063 _might_ be related. Damon L. Chesser <damon@damtek.com> had a reproducable case and was kind enough to tcpdump it for me. With the tcpdump log it was quite trivial to figure out. Signed-off-by:
Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
- 06 May, 2008 3 commits
-
-
Jamal Hadi Salim authored
reallocation of the policy data was being ignored. It could fail. Simplify so that there is no need for reallocating. Signed-off-by:
Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by:
-
Adrian Bunk authored
IWLWIFI should be a tristate so that if IWLCORE and/or IWL3945 are m and none of them is y kbuild doesn't create an empty drivers/net/wireless/built-in.o This patch also removes the pointless "default n". Signed-off-by:
Adrian Bunk <bunk@kernel.org> Signed-off-by:
-
David S. Miller authored
This reverts commit 65e41136. Unlike the other cases Pavel fixed, this case did not setup a netdev->destructor of free_netdev, therefore this change was not correct. Signed-off-by:
-
- 05 May, 2008 11 commits
-
-
Chris Wright authored
dccp_feat_change() validates length and on error is returning 1. This happens to work since call chain is checking for 0 == success, but this is returned to userspace, so make it a real error value. Signed-off-by:
Chris Wright <chrisw@sous-sol.org> Acked-by:
Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by:
-
Ingo Molnar authored
x86.git testing found this build bug on v2.6.26-rc1: ERROR: "pnp_get_resource" [drivers/net/irda/smsc-ircc2.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 the driver did not anticipate the case of !CONFIG_PNP which is rare but still possible. Instead of restricting the driver to PNP-only in the Kconfig space, add the (trivial) dummy struct pnp_driver - this is that other drivers use in the !PNP case too. The driver itself can in theory be initialized on !PNP too in certain cases, via smsc_ircc_legacy_probe(). Patch only minimally build tested, i dont have this hardware. Signed-off-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Ingo Molnar authored
x86.git testing found the following build failure in latest -git: drivers/built-in.o: In function `nsc_ircc_pnp_probe': nsc-ircc.c:(.text+0xdf1b6): undefined reference to `pnp_get_resource' nsc-ircc.c:(.text+0xdf1d4): undefined reference to `pnp_get_resource' nsc-ircc.c:(.text+0xdf1ee): undefined reference to `pnp_get_resource' nsc-ircc.c:(.text+0xdf237): undefined reference to `pnp_get_resource' nsc-ircc.c:(.text+0xdf24c): undefined reference to `pnp_get_resource' drivers/built-in.o:nsc-ircc.c:(.text+0xdf266): more undefined references to `pnp_get_resource' follow make: *** [.tmp_vmlinux1] Error 1 triggered via this config: http://redhat.com/~mingo/misc/config-Sat_May__3_20_53_13_CEST_2008.bad while generally most users will have PNP enabled, drivers can support non-PNP build mode too - and most drivers implement it. That is typically done by providing a dummy pnp_driver structure that will not probe anything. The fallback routines in the driver will handle this dumber mode of operation too. This patch implements that. I have not tested whether this actually works on real hardware so take care. It does resolve the build bug. [ Another solution that is used by a few drivers is to exclude the driver in the Kconfig if PNP is disabled, via "depends on PNP", but this would limit the availability of the driver needlessly. ] Signed-off-by:
-
Jamal Hadi Salim authored
Convert to netlink helpers by using netlink policy validation. As a side effect fixes a leak. Signed-off-by:
-
Satoru SATOH authored
There are functions to refer to the value of dst->metric[THE_METRIC-1] directly without use of a inline function "dst_metric" defined in net/dst.h. The following patch changes them to use the inline function consistently. Signed-off-by:
Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by:
-
Satoru SATOH authored
Signed-off-by:
-
Pavel Emelyanov authored
The list_del happens under read-locked devs_lock. Signed-off-by:
-
Pavel Emelyanov authored
Both br2684_push and br2684_exit do so, but unregister_netdev() releases the device itself. Signed-off-by:
-
Pavel Emelyanov authored
The error path in ieee80211_register_hw() may call the unregister_netdev() and right after it - the free_netdev(), which is wrong, since the unregister releases the device itself. So the proposed fix is to NULL the local->mdev after unregister is done and check this before calling free_netdev(). I checked - no code uses the local->mdev after unregister in this error path (but even if some did this would be a BUG). Signed-off-by:
-
Pavel Emelyanov authored
This actually had to be merged with the patch #1, but I decided not to mix two changes in one patch. There are already two calls to free_netdev() in there, so merge them into one. Signed-off-by:
-
Pavel Emelyanov authored
In case the register_netdevice() call fails the device is leaked, since the out: label is just rtnl_unlock()+return. Free the device. Signed-off-by:
-
- 04 May, 2008 5 commits
-
-
David S. Miller authored
Changeset 7f7c4072 ("niu: Determine the # of ports from the card's VPD data") caused maramba on-board NIU ports to stop probing properly. The old code had a fallback that would use a num_ports value of 4 if all the probing methods failed, but that was removed. This restores the fallback of 4 ports, to get things working again. Bump driver version and release date. Signed-off-by:
-
David S. Miller authored
Otherwise it leaks forever. Based upon a report by Roland <devzero@web.de> Signed-off-by: -
Marcin Slusarz authored
it removes these warnings when CONFIG_AUDITSYSCALL is unset: net/xfrm/xfrm_user.c: In function 'xfrm_add_sa': net/xfrm/xfrm_user.c:412: warning: unused variable 'sid' net/xfrm/xfrm_user.c:411: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:410: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_del_sa': net/xfrm/xfrm_user.c:485: warning: unused variable 'sid' net/xfrm/xfrm_user.c:484: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:483: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_policy': net/xfrm/xfrm_user.c:1132: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1131: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1130: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_get_policy': net/xfrm/xfrm_user.c:1382: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1381: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1380: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_pol_expire': net/xfrm/xfrm_user.c:1620: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1619: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1618: warning: unused variable 'loginuid' net/xfrm/xfrm_user.c: In function 'xfrm_add_sa_expire': net/xfrm/xfrm_user.c:1658: warning: unused variable 'sid' net/xfrm/xfrm_user.c:1657: warning: unused variable 'sessionid' net/xfrm/xfrm_user.c:1656: warning: unused variable 'loginuid' Signed-off-by:
Marcin Slusarz <marcin.slusarz@gmail.com> Signed-off-by:
-
Johannes Berg authored
include/linux/skbuff.h says: /* These elements must be at the end, see alloc_skb() for details. */ net/core/skbuff.c says: * See comment in sk_buff definition, just before the 'tail' member This patch contains my guess as to the actual reason rather than a dead comment reference loop. Signed-off-by:Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
-
Jarek Poplawski authored
There is lack of removing a class from the event queue while changing from parent to leaf which can cause corruption of this rb tree. This patch fixes a bug introduced by my patch: "sch_htb: turn intermediate classes into leaves" commit: 160d5e10. Many thanks to Jan 'yanek' Bortl for finding a way to reproduce this rare bug and narrowing the test case, which made possible proper diagnosing. This patch is recommended for all kernels starting from 2.6.20. Reported-and-tested-by:
Jan 'yanek' Bortl <yanek@ya.bofh.cz> Signed-off-by:
Jarek Poplawski <jarkao2@gmail.com> Signed-off-by:
-
- 03 May, 2008 3 commits
-
-
Bernard Pidoux authored
In rose_node_start() as well as in rose_node_stop() __acquires() and spin_lock_bh() were wrongly passing rose_neigh_list_lock instead of rose_node_list_lock arguments. Signed-off-by:
Bernard Pidoux <f6bvp@amsat.org> Signed-off-by:
-
Daniel Lezcano authored
This trivial fix retrieves the network namespace from frag queue and use it to get the network device in the right namespace. Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by:
-
Daniel Lezcano authored
When a netdev is moved across namespaces with the 'dev_change_net_namespace' function, the 'device_rename' function is used to fixup kobject and refresh the sysfs tree. The device_rename function will call kobject_rename and this one will check if there is an object with the same name and this is the case because we are renaming the object with the same name. The use of 'device_rename' seems for me wrong because we usually don't rename it but just move it across namespaces. As we just want to do a mini "netdev_[un]register", IMO the functions 'netdev_[un]register_kobject' should be used instead, like an usual network device [un]registering. This patch replace device_rename by netdev_unregister_kobject, followed by netdev_register_kobject. The netdev_register_kobject will call device_initialize and will raise a warning indicating the device was already initialized. In order to fix that, I split the device initialization into a separate function and use it together with 'netdev_register_kobject' into register_netdevice. So we can safely call 'netdev_register_kobject' in 'dev_change_net_namespace'. This fix will allow to properly use the sysfs per namespace which is coming from -mm tree. Signed-off-by:
Benjamin Thery <benjamin.thery@bull.net> Signed-off-by:
-
- 02 May, 2008 12 commits
-
-
Michael Chan authored
Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Michael Chan authored
The new RV2P firmware fixes 2 issues: 1. The jumbo rx buffer page size is now configurable and set to the proper PAGE_SIZE. Before, it was assumed to be always 4K. 2. Driver sometimes would crash when receiving jumbo packets mixed with firmware management packets. This was caused by the old firmware DMA'ing to the wrong address. Signed-off-by:
-
Michael Chan authored
We should zero out the context memory for 5709 before each reset. When we resume after suspend for example, the memory may not be zero and the chip may not function correctly. Signed-off-by:
Benjamin Li <benli@broadcom.com> Signed-off-by:
-
Michael Chan authored
The register BNX2_CTX_STATUS (0x1004) should be skipped on 5709 as it contains reserved bits. Signed-off-by:
-
Michael Chan authored
On some remote PHY blade systems, the driver receives no initial link interrupt. As a result, the GMII/MII MAC mode does not get setup properly. To fix this problem, we add an initial poll of the link state after chip reset. With this change, the setting of the initial carrier state in the init code can be eliminated. Signed-off-by:
-
Michael Chan authored
bnx2_set_remote_link() should be called under bp->phy_lock to protect against concurrent polling and interrupt calls. This change is needed by the next patch which will add one initial poll of the remote PHY link status. Signed-off-by:
-
Stephen Hemminger authored
The forwarding table binary interface (my bad choice), only exposes the port number of the first 8 bits. The bridge code was limited to 256 ports at the time, but now the kernel supports up 1024 ports, so the upper bits are lost when doing: brctl showmacs The fix is to squeeze the extra bits into small hole left in data structure, to maintain binary compatiablity. Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
Matt Carlson authored
This patch updates the version number to 3.92. Signed-off-by:
Matt Carlson <mcarlson@broadcom.com> Signed-off-by:
-
Matt Carlson authored
All variants of the 5714, 5715, and 5780 offer a feature called the "Universal Management Port". This feature is implemented in firmware and is largely transparent to the driver, except... It turns out that the UMP firmware needs to know the current status of the link. Because the firmware cannot touch the PHY registers while the driver is in control of the device, it needs the driver to report link status changes through an additional handshaking mechanism. Without this handshake, it has been observed in the field that the UMP firmware will not operate correctly. This patch implements the new handshake with the UMP firmware. Since the handshake uses the same mechanism ASF heartbeats use, code was added to detect and wait for completion of a pending previous event. Signed-off-by:
-
Matt Carlson authored
A CPMU related loopback test bug existed for AX revisions of the 5761. While that errata has been fixed, the CPMU still slows down the core clock too far to run the loopback test successfully. This patch disables the CPMU LINK_SPEED mode just like we do with the AX revisions of the 5761 and all revisions of the 5784. Signed-off-by:
-
Matt Carlson authored
The 5761 NVRAM sizes assigned to the nvram_size member are half as big as they should be. This patch corrects the NVRAM sizes and replaces the hardcoded constants with preprocessor constants for readability. Signed-off-by:
-
Matt Carlson authored
The MI clock is not configured correctly on adapters with the CPMU present. The tg3 driver has code which statically sets the MI clock to be a fraction of the speed at which the core clock is running. However, the CPMU can change the adapter's core clock frequency based on operating conditions. Consequently, the MI will run slow when the core's clock has been slowed down. There is a new 500KHz constant frequency clock available on adapters with a CPMU. This patch removes the static core clock scaling and configures the MI clock to use this new 500KHz clock instead. Running the MI clock at slower speeds will not directly result in data corruption, but it does challenge the PHY read and write routine timeouts. Signed-off-by:
-
