- 26 May, 2014 1 commit
-
-
Peter Christensen authored
Receiving a ICMP response to an IPIP packet in a non-linear skb could cause a kernel panic in __skb_pull. The problem was introduced in commit f2edb9f7 ("ipvs: implement passive PMTUD for IPIP packets"). Signed-off-by:
Peter Christensen <pch@ordbogen.com> Acked-by:
Julian Anastasov <ja@ssi.bg> Signed-off-by:
Simon Horman <horms@verge.net.au>
-
- 15 May, 2014 1 commit
-
-
Pablo Neira Ayuso authored
Add the corresponding trace if we have a full match in a non-terminal rule. Note that the traces will look slightly different than in x_tables since the log message after all expressions have been evaluated (contrary to x_tables, that emits it before the target action). This manifests in two differences in nf_tables wrt. x_tables: 1) The rule that enables the tracing is included in the trace. 2) If the rule emits some log message, that is shown before the trace log message. Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org>
-
- 12 May, 2014 4 commits
-
-
Pablo Neira Ayuso authored
Display "return" for implicit rule at the end of a non-base chain, instead of when popping chain from the stack. Signed-off-by: -
Pablo Neira Ayuso authored
After returning from the chain that we just went to with no matchings, we get a bogus rule number in the trace. To fix this, we would need to iterate over the list of remaining rules in the chain to update the rule number counter. Patrick suggested to set this to the maximum value since the default base chain policy is the very last action when the processing the base chain is over. Signed-off-by: -
Pablo Neira Ayuso authored
Add missing code to trace goto actions. Signed-off-by: -
Pablo Neira Ayuso authored
This patch fixes a crash when trying to access the counters and the default chain policy from the non-base chain that we have reached via the goto chain. Fix this by falling back on the original base chain after returning from the custom chain. While fixing this, kill the inline function to account chain statistics to improve source code readability. Signed-off-by:
-
- 10 May, 2014 1 commit
-
-
Pablo Neira Ayuso authored
Otherwise we start incrementing the rule number counter from the previous chain iteration. Signed-off-by:
-
- 09 May, 2014 1 commit
-
-
Sergey Popovich authored
Dst is released one line before we access it again with dst->error. Fixes: 58e35d14 netfilter: ipv6: propagate routing errors from ip6_route_me_harder() Signed-off-by:
Sergey Popovich <popovich_sergei@mail.ru> Signed-off-by:
-
- 05 May, 2014 2 commits
-
-
Vasily Averin authored
Currently bridge can silently drop ipv4 fragments. If node have loaded nf_defrag_ipv4 module but have no nf_conntrack_ipv4, br_nf_pre_routing defragments incoming ipv4 fragments but nfct check in br_nf_dev_queue_xmit does not allow re-fragment combined packet back, and therefore it is dropped in br_dev_queue_push_xmit without incrementing of any failcounters It seems the only way to hit the ip_fragment code in the bridge xmit path is to have a fragment list whose reassembled fragments go over the mtu. This only happens if nf_defrag is enabled. Thanks to Florian Westphal for providing feedback to clarify this. Defragmentation ipv4 is required not only in conntracks but at least in TPROXY target and socket match, therefore #ifdef is changed from NF_CONNTRACK_IPV4 to NF_DEFRAG_IPV4 Signed-off-by:
Vasily Averin <vvs@openvz.org> Signed-off-by:
-
Vasily Averin authored
Defrag user check in ip_expire was not updated after adding support for "conntrack zones". This bug manifests as a RFC violation, since the router will send the icmp time exceeeded message when using conntrack zones. Signed-off-by:
-
- 04 May, 2014 2 commits
-
-
Denys Fedoryshchenko authored
This bug manifests when calling the nft command line tool without nf_tables kernel support. kernel message: [ 44.071555] Netfilter messages via NETLINK v0.30. [ 44.072253] BUG: unable to handle kernel NULL pointer dereference at 0000000000000119 [ 44.072264] IP: [<ffffffff8171db1f>] netlink_getsockbyportid+0xf/0x70 [ 44.072272] PGD 7f2b74067 PUD 7f2b73067 PMD 0 [ 44.072277] Oops: 0000 [#1] SMP [...] [ 44.072369] Call Trace: [ 44.072373] [<ffffffff8171fd81>] netlink_unicast+0x91/0x200 [ 44.072377] [<ffffffff817206c9>] netlink_ack+0x99/0x110 [ 44.072381] [<ffffffffa004b951>] nfnetlink_rcv+0x3c1/0x408 [nfnetlink] [ 44.072385] [<ffffffff8171fde3>] netlink_unicast+0xf3/0x200 [ 44.072389] [<ffffffff817201ef>] netlink_sendmsg+0x2ff/0x740 [ 44.072394] [<ffffffff81044752>] ? __mmdrop+0x62/0x90 [ 44.072398] [<ffffffff816dafdb>] sock_sendmsg+0x8b/0xc0 [ 44.072403] [<ffffffff812f1af5>] ? copy_user_enhanced_fast_string+0x5/0x10 [ 44.072406] [<ffffffff816dbb6c>] ? move_addr_to_kernel+0x2c/0x50 [ 44.072410] [<ffffffff816db423>] ___sys_sendmsg+0x3c3/0x3d0 [ 44.072415] [<ffffffff811301ba>] ? handle_mm_fault+0xa9a/0xc60 [ 44.072420] [<ffffffff811362d6>] ? mmap_region+0x166/0x5a0 [ 44.072424] [<ffffffff817da84c>] ? __do_page_fault+0x1dc/0x510 [ 44.072428] [<ffffffff812b8b2c>] ? apparmor_capable+0x1c/0x60 [ 44.072435] [<ffffffff817d6e9a>] ? _raw_spin_unlock_bh+0x1a/0x20 [ 44.072439] [<ffffffff816dfc86>] ? release_sock+0x106/0x150 [ 44.072443] [<ffffffff816dc212>] __sys_sendmsg+0x42/0x80 [ 44.072446] [<ffffffff816dc262>] SyS_sendmsg+0x12/0x20 [ 44.072450] [<ffffffff817df616>] system_call_fastpath+0x1a/0x1f Signed-off-by:
Denys Fedoryshchenko <nuclearcat@nuclearcat.com> Signed-off-by:
-
Florian Westphal authored
else we may fail to forward skb even if original fragments do fit outgoing link mtu: 1. remote sends 2k packets in two 1000 byte frags, DF set 2. we want to forward but only see '2k > mtu and DF set' 3. we then send icmp error saying that outgoing link is 1500 But original sender never sent a packet that would not fit the outgoing link. Setting local_df makes outgoing path test size vs. IPCB(skb)->frag_max_size, so we will still send the correct error in case the largest original size did not fit outgoing link mtu. Reported-by:
Maxime Bizon <mbizon@freebox.fr> Suggested-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
- 29 Apr, 2014 1 commit
-
-
Florian Westphal authored
commit 0eba801b tried to fix a race where nat initialisation can happen after ctnetlink-created conntrack has been created. However, it causes the nat module(s) to be loaded needlessly on systems that are not using NAT. Fortunately, we do not have to create null bindings in that case. conntracks injected via ctnetlink always have the CONFIRMED bit set, which prevents addition of the nat extension in nf_nat_ipv4/6_fn(). We only need to make sure that either no nat extension is added or that we've created both src and dst manips. Signed-off-by:
-
- 28 Apr, 2014 12 commits
-
-
Masanari Iida authored
Fix format string mismatch in bonding_show_min_links(). Signed-off-by:
Masanari Iida <standby24x7@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Julian Anastasov authored
To properly match iif in ip rules we have to provide LOOPBACK_IFINDEX in flowi6_iif, not 0. Some ip6mr_fib_lookup and fib6_rule_lookup callers need such fix. Signed-off-by:
-
Karl Heiss authored
Don't transition to the PF state on every strike after 'Path.Max.Retrans'. Per draft-ietf-tsvwg-sctp-failover-03 Section 5.1.6: Additional (PMR - PFMR) consecutive timeouts on a PF destination confirm the path failure, upon which the destination transitions to the Inactive state. As described in [RFC4960], the sender (i) SHOULD notify ULP about this state transition, and (ii) transmit heartbeats to the Inactive destination at a lower frequency as described in Section 8.3 of [RFC4960]. This also prevents sending SCTP_ADDR_UNREACHABLE to the user as the state bounces between SCTP_INACTIVE and SCTP_PF for each subsequent strike. Signed-off-by:
Karl Heiss <kheiss@gmail.com> Acked-by:
Vlad Yasevich <vyasevich@gmail.com> Signed-off-by:
-
Oliver Hartkopp authored
With commit cc9fa74e ("slip/slcan: added locking in wakeup function") a formerly missing locking was added to slip.c and slcan.c by Andre Naujoks. Alexander Stein contributed the fix 367525c8 ("can: slcan: Fix spinlock variant") as the kernel lock debugging advised to use spin_lock_bh() instead of just using spin_lock(). This fix has to be applied to the same code section in slip.c for the same reason too. Signed-off-by:
Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by:
-
David S. Miller authored
Bjørn Mork says: ==================== qmi_wwan: adding a few new devices Adding some new and some old QMI devices. A similar series for usb-serial support will be posted as well. These new device ID patches should also go to all maintained stable kernels where they apply. I believe that should be stable-3.10 and newer. ==================== Signed-off-by: -
Bjørn Mork authored
Dan writes: "The Dell drivers use the same configuration for PIDs: 81A2: Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card 81A3: Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card 81A4: Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card 81A8: Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card 81A9: Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card These devices are all clearly Sierra devices, but are also definitely Gobi-based. The A8 might be the MC7700/7710 and A9 is likely a MC7750. >From DellGobi5kSetup.exe from the Dell drivers: usbif0: serial/firmware loader? usbif2: nmea usbif3: modem/ppp usbif8: net/QMI" Reported-by:
AceLan Kao <acelan.kao@canonical.com> Reported-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
Bjørn Mork <bjorn@mork.no> Signed-off-by:
-
Bjørn Mork authored
A number of older CMOTech modems are based on Qualcomm chips and exporting a QMI/wwan function. Reported-by:
Lars Melin <larsm17@gmail.com> Signed-off-by:
-
Bjørn Mork authored
Device interface layout: 0: ff/ff/ff - serial 1: ff/00/00 - serial AT+PPP 2: ff/ff/ff - QMI/wwan 3: 08/06/50 - storage Signed-off-by:
-
Bjørn Mork authored
Device interface layout: 0: ff/ff/ff - serial 1: ff/ff/ff - serial AT+PPP 2: 08/06/50 - storage 3: ff/ff/ff - serial 4: ff/ff/ff - QMI/wwan Reported-by:
Julio Araujo <julio.araujo@wllctel.com.br> Signed-off-by:
-
Bjørn Mork authored
Signed-off-by:
-
Bjørn Mork authored
Signed-off-by:
-
Bjørn Mork authored
Signed-off-by:
-
- 27 Apr, 2014 5 commits
-
-
Xufeng Zhang authored
commit 813b3b5d (ipv4: Use caller's on-stack flowi as-is in output route lookups.) introduces another regression which is very similar to the problem of commit e6b45241 (ipv4: reset flowi parameters on route connect) wants to fix: Before we call ip_route_output_key() in sctp_v4_get_dst() to get a dst that matches a bind address as the source address, we have already called this function previously and the flowi parameters have been initialized including flowi4_oif, so when we call this function again, the process in __ip_route_output_key() will be different because of the setting of flowi4_oif, and we'll get a networking device which corresponds to the inputted flowi4_oif as the output device, this is wrong because we'll never hit this place if the previously returned source address of dst match one of the bound addresses. To reproduce this problem, a vlan setting is enough: # ifconfig eth0 up # route del default # vconfig add eth0 2 # vconfig add eth0 3 # ifconfig eth0.2 10.0.1.14 netmask 255.255.255.0 # route add default gw 10.0.1.254 dev eth0.2 # ifconfig eth0.3 10.0.0.14 netmask 255.255.255.0 # ip rule add from 10.0.0.14 table 4 # ip route add table 4 default via 10.0.0.254 src 10.0.0.14 dev eth0.3 # sctp_darn -H 10.0.0.14 -P 36422 -h 10.1.4.134 -p 36422 -s -I You'll detect that all the flow are routed to eth0.2(10.0.1.254). Signed-off-by:
Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by:
-
Heiko Stübner authored
This adds ability for the arc_emac to really handle its supplying clock. To get the needed clock-frequency either a real clock or the previous clock-frequency property must be provided. Signed-off-by:
Heiko Stuebner <heiko@sntech.de> Tested-by:
Max Schwarz <max.schwarz@online.de> Signed-off-by:
-
Heiko Stübner authored
The probe function at the moment only frees the netdev but does not disconnect the phy or removes the mdio bus it registered. Signed-off-by:
-
Toshiaki Makita authored
When bridge device is created with IFLA_ADDRESS, we are not calling br_stp_change_bridge_id(), which leads to incorrect local fdb management and bridge id calculation, and prevents us from receiving frames on the bridge device. Reported-by:
Tom Gundersen <teg@jklm.no> Signed-off-by:
Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> Signed-off-by:
-
Hariprasad Shenai authored
Signed-off-by:
Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by:
-
- 26 Apr, 2014 10 commits
-
-
Jacob Keller authored
This patch fixes the PTP Tx timestamp interrupt handler. The original code misinterpreted the interrupt handler design. We were clearing the ena_mask bit for the Timesync interrupts. This is done to indicate that the interrupt will be handled in a scheduled work item (instead of immediately) and that work item is responsible for re-enabling the interrupts. However, the Tx timestamp was being handled immediately and nothing was ever re-enabling it. This resulted in a single interrupt working for the life of the driver. This patch fixes the issue by instead clearing the bit from icr0 which is used to indicate that the interrupt was immediately handled and can be re-enabled right away. This patch also clears up a related issue due to writing the PRTTSYN_STAT_0 register, which was unintentionally clearing the cause bits for Timesync interrupts. Change-ID: I057bd70d53c302f60fab78246989cbdfa469d83b Signed-off-by:
Jacob Keller <jacob.e.keller@intel.com> Acked-by:
Anjali Singhai Jain <anjali.singhai@intel.com> Acked-by:
Shannon Nelson <shannon.nelson@intel.com> Tested-by:
Kavindya Deegala <kavindya.s.deegala@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by:
-
git://gitorious.org/linux-can/linux-canDavid S. Miller authored
Marc Kleine-Budde says: ==================== this is a pull request for net/master, for the v3.15 release cycle, consisting of 26 patches. Thomas Gleixner contributes 21 patches for the c_can driver, which address several shortcomings in the driver like hardware initialisation, concurrency, message ordering and poor performance. Two patches Oliver Hartkopp, one adds a missing lock to the sja1000_isa driver, the other one fixes the return value in the generic bit time configuration function. And finally a patch by Alexander Stein, that fixes the slcan driver to use the correct spinlock variant. To make it 26 patches, Wolfgang Grandegger patch for the c_can_pci driver, which enables the bus master only for MSI and a patch by Wolfram Sang, which converts the 'instance' in the c_can driver to the proper type. ==================== Signed-off-by: -
David S. Miller authored
Vince Bridgers says: ==================== This series of patches addresses a handful of issues found in testing and reported by users of the Altera Triple Speed Ethernet soft IP. The patches address the following issues (in summary) 1) The SGDMA soft IP was found to incorrectly process receive packets when the target physical address of the receive buffer was on a boundary that's not 32-bit aligned. One of the patches addresses this issue. 2) The pause quanta was not being set by the driver, one patch of this series sets the pause quanta to the IEEE defined default value since the hardware reset value is 0. 3) An issue in a error recovery path of the probe routine caused a kernel panic in the event a phy was probed and could not be found. A patch addresses this issue. 4) A change was made to the driver name for Ethtool support, and comments added to support an addition to Ethtool to support the Altera Triple Speed Ethernet controller. ==================== Signed-off-by: -
Vince Bridgers authored
This patch changes the name used by Ethtool to something more conventional in preparation for TSE Ethtool register dump support to be added in the near future. Signed-off-by:
Vince Bridgers <vbridgers2013@gmail.com> Signed-off-by:
-
Vince Bridgers authored
This patch addresses a fault in the error recovery path of the probe routine where the netdev structure was not being unregistered properly leading to a panic only when the phy probe failed. Abbreviated panic stack seen is as follows: (free_netdev+0xXX) from (altera_tse_probe+0xXX) (altera_tse_probe+0xXX) from (platform_drv_probe+0xXX) (platform_drv_probe+0xXX) from (driver_probe_device+0xXX) (driver_probe_device+0xXX) from (__driver_attach+0xXX) (__driver_attach+0xXX) from (bus_for_each_dev+0xXX) (bus_for_each_dev+0xXX) from (driver_attach+0xXX) (driver_attach+0xXX) from (bus_add_driver+0xXX) (bus_add_driver+0xXX) from (driver_register+0xXX) (driver_register+0xXX) from (__platform_driver_register+0xXX) (__platform_driver_register+0xXX) from (altera_tse_driver_init+0xXX) (altera_tse_driver_init+0xXX) from (do_one_initcall+0xXX) (do_one_initcall+0xXX) from (kernel_init_freeable+0xXX) (kernel_init_freeable+0xXX) from (kernel_init+0xXX) (kernel_init+0xXX) from (ret_from_fork+0xXX) Signed-off-by:
-
Vince Bridgers authored
This patch initializes the pause quanta set for transmitted pause frames to the IEEE specified default of 0xffff. Signed-off-by:
-
Vince Bridgers authored
This patch works around a recently discovered unaligned receive dma problem with the Altera SGMDA. The Altera SGDMA component cannot be configured to DMA data to unaligned addresses for receive packet operations from the Triple Speed Ethernet component because of a potential data transfer corruption that can occur. This patch addresses this issue by utilizing the shift 16 bits feature of the Altera Triple Speed Ethernet component and modifying the receive buffer physical addresses accordingly such that the target receive DMA address is always aligned on a 32-bit boundary. Signed-off-by:
Matthew Gerlach <mgerlach@altera.com> Signed-off-by:
-
David S. Miller authored
Yuval Mintz says: ==================== bnx2x: SRIOV bug fixes This series contains 3 SRIOV bug fixes, 2 of which are regressions starting with commit 2dc33bbc "bnx2x: Remove the sriov VFOP mechanism". ==================== Signed-off-by:
-
Narender Kumar authored
Commit 2dc33bbc "bnx2x: Remove the sriov VFOP mechanism" caused a regression, preventing VFs from configuring multicast filters. Signed-off-by:
Naredner Kumar <narender.kumar@qlogic.com> Signed-off-by:
Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by:
Ariel Elior <Ariel.Elior@qlogic.com> Signed-off-by:
-
Yuval Mintz authored
Starting with commit 2dc33bbc "bnx2x: Remove the sriov VFOP mechanism", the bnx2x started enforcing vlan credits for all vlan configurations. This exposed 2 issues: - Vlan credits are not returned once a VF is removed; this causes a leak of credits, and eventually will lead to VFs with no vlan credits. - A vlan credit must be set aside for the Hypervisor to use, and should not be visible to the VF. Although linux VFs at the moment do not support vlan configuration [from the VF side] which causes them to be resilient to this sort of issue, Windows VF over linux hypervisors might fail to load as the vlan credits become depleted. Signed-off-by:
-
