- 08 Apr, 2011 2 commits
-
-
Yevgeny Petrilin authored
If not done, second attempt to open the RX ring would cause memory corruption. Signed-off-by:
Yevgeny Petrilin <yevgenyp@mellanox.co.il> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yevgeny Petrilin authored
When bringing the port up, performing a SENSE_PORT command To try and check to which physical link type (IB or Ethernet) the physical port is connected. In case there is no valid link partner, the port will come up as its supported default. Signed-off-by:
-
- 07 Apr, 2011 1 commit
-
-
OGAWA Hirofumi authored
Commit 1018b5c0 ("Set rt->rt_iif more sanely on output routes.") breaks rt_is_{output,input}_route. This became the cause to return "IP_PKTINFO's ->ipi_ifindex == 0". To fix it, this does: 1) Add "int rt_route_iif;" to struct rtable 2) For input routes, always set rt_route_iif to same value as rt_iif 3) For output routes, always set rt_route_iif to zero. Set rt_iif as it is done currently. 4) Change rt_is_{output,input}_route() to test rt_route_iif Signed-off-by:
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by:
-
- 06 Apr, 2011 11 commits
-
-
Ian Campbell authored
Signed-off-by:
Ian Campbell <ian.campbell@citrix.com> Signed-off-by:
-
Padmanabh Ratnakar authored
eq_next_idx is not getting reset to zero during suspend. This causes resume to fail. Added the fix. Signed-off-by:
Sarveswara Rao Mygapula <sarveswararao.mygapula@emulex.com> Signed-off-by:
Padmanabh Ratnakar <padmanabh.ratnakar@emulex.com> Signed-off-by:
-
Padmanabh Ratnakar authored
Renamed msix_vec_idx to eq_idx in be_eq_obj struct. Renamed msix_vec_next_idx to eq_next_idx in be_adapter structure. These members are used in INTX mode also. Signed-off-by:
-
Ulrich Weber authored
otherwise we loop forever if a PPPoE socket was set to PPPOX_ZOMBIE state by a PADT message when the ethernet device is going down afterwards. Signed-off-by:
Ulrich Weber <uweber@astaro.com> Signed-off-by:
-
-
Peter Korsgaard authored
The mv88e6085 is identical to the mv88e6095, except that all ports are 10/100 Mb/s, so use the existing setup code except for the cpu/dsa speed selection in _setup_port(). Signed-off-by:
Peter Korsgaard <jacmet@sunsite.dk> Acked-by:
Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by:
-
Neil Horman authored
properly record sk_rxhash in ipv6 sockets (v2) Noticed while working on another project that flows to sockets which I had open on a test systems weren't getting steered properly when I had RFS enabled. Looking more closely I found that: 1) The affected sockets were all ipv6 2) They weren't getting steered because sk->sk_rxhash was never set from the incomming skbs on that socket. This was occuring because there are several points in the IPv4 tcp and udp code which save the rxhash value when a new connection is established. Those calls to sock_rps_save_rxhash were never added to the corresponding ipv6 code paths. This patch adds those calls. Tested by myself to properly enable RFS functionalty on ipv6. Change notes: v2: Filtered UDP to only arm RFS on bound sockets (Eric Dumazet) Signed-off-by:
Neil Horman <nhorman@tuxdriver.com> Signed-off-by:
-
Ajit Khaparde authored
adapter could remain uninitialized if probe fails for some reason. A null pointer access could cause a crash if be_shutdown is called after that. Signed-off-by:
Ajit Khaparde <ajit.khaparde@emulex.com> Signed-off-by:
-
Rasesh Mody authored
This patch contains a fix for gracefully handling firmware heartbeat failure instead of forcing panic. Signed-off-by:
Debashis Dutt <ddutt@brocade.com> Signed-off-by:
Rasesh Mody <rmody@brocade.com> Signed-off-by:
-
Enric Balletbo i Serra authored
When an interrupt occurs, the INT pin is driven low by the MCP251x controller (falling edge) but in some cases the INT pin can be connected to the MPU through a transistor or level translator which inverts this signal. In this case interrupt should be configured in rising edge. This patch adds support to pass the IRQ flags via mcp251x_platform_data. Signed-off-by:
Enric Balletbo i Serra <eballetbo@iseebcn.com> Acked-by:
Wolfgang Grandegger <wg@grandegger.com> Acked-by:
Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by:
-
Enric Balletbo i Serra authored
When SMSC911X_SAVE_MAC_ADDRESS flag is enabled the driver calls smsc911x_mac_read and smsc911x_mac_read function without acquiring mac_lock spinlock This patch fixes following warning smsc911x: Driver version 2008-10-21. ------------[ cut here ]------------ WARNING: at drivers/net/smsc911x.c:261 smsc911x_mac_read+0x24/0x220() Modules linked in: [<c0060858>] (unwind_backtrace+0x0/0xe0) from [<c009322c>] (warn_slowpath_common+0x4c/0x64) [<c009322c>] (warn_slowpath_common+0x4c/0x64) from [<c009325c>] (warn_slowpath_null+0x18/0x1c) [<c009325c>] (warn_slowpath_null+0x18/0x1c) from [<c0324bec>] (smsc911x_mac_read+0x24/0x220) [<c0324bec>] (smsc911x_mac_read+0x24/0x220) from [<c0434788>] (smsc911x_read_mac_address+0x18/0x6c) [<c0434788>] (smsc911x_read_mac_address+0x18/0x6c) from [<c0434c74>] (smsc911x_drv_probe+0x498/0x1788) [<c0434c74>] (smsc911x_drv_probe+0x498/0x1788) from [<c02d3e54>] (platform_drv_probe+0x14/0x18) [<c02d3e54>] (platform_drv_probe+0x14/0x18) from [<c02d2d60>] (driver_probe_device+0xc8/0x184) [<c02d2d60>] (driver_probe_device+0xc8/0x184) from [<c02d2e84>] (__driver_attach+0x68/0x8c) [<c02d2e84>] (__driver_attach+0x68/0x8c) from [<c02d1fc8>] (bus_for_each_dev+0x48/0x74) [<c02d1fc8>] (bus_for_each_dev+0x48/0x74) from [<c02d2660>] (bus_add_driver+0x9c/0x228) [<c02d2660>] (bus_add_driver+0x9c/0x228) from [<c02d3598>] (driver_register+0xa0/0x124) [<c02d3598>] (driver_register+0xa0/0x124) from [<c0050668>] (do_one_initcall+0x94/0x168) [<c0050668>] (do_one_initcall+0x94/0x168) from [<c0008984>] (kernel_init+0xa0/0x154) [<c0008984>] (kernel_init+0xa0/0x154) from [<c005afac>] (kernel_thread_exit+0x0/0x8) ---[ end trace 2c931a35b7885770 ]--- Signed-off-by:
-
- 05 Apr, 2011 1 commit
-
-
- 04 Apr, 2011 22 commits
-
-
Boris Ostrovsky authored
Make sure dst_release() is not called with error pointer. This is similar to commit 4910ac6c ("ipv4: Don't ip_rt_put() an error pointer in RAW sockets."). Signed-off-by:
Boris Ostrovsky <boris.ostrovsky@amd.com> Signed-off-by:
-
John W. Linville authored
A number of these devices have appeared "in the wild", and apparently the Windows driver is perfectly happy to support this EEPROM version. Signed-off-by:
John W. Linville <linville@tuxdriver.com> Cc: stable@kernel.org Acked-by:
Wey-Yi Guy <wey-yi.w.guy@intel.com>
-
Stanislaw Gruszka authored
{rx,tx}done_work's are only initialized for usb devices. Signed-off-by:Stanislaw Gruszka <sgruszka@redhat.com> Cc: stable@kernel.org Acked-by:
Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by:
-
Larry Finger authored
Some compiler/architecture combinations generate some warnings that are not seen on my main system. Two of the "warnings" about unitialized variables are really bugs. Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Christian Lamparter authored
Cc: <stable@kernel.org> Reported-by: Mark Davis [via p54/devices wiki] Signed-off-by:
Christian Lamparter <chunkeey@googlemail.com> Signed-off-by:
-
Luciano Coelho authored
We were allocating the size of the NVS file struct and not checking whether the length of the buffer passed was correct before copying it into the allocated memory. This is a security hole because buffer overflows can occur if the userspace passes a bigger file than what is expected. With this patch, we check if the size of the data passed from userspace matches the size required. This bug was introduced in 2.6.36. Cc: stable@kernel.org Reported-by:
Ido Yariv <ido@wizery.com> Signed-off-by:
Luciano Coelho <coelho@ti.com> Signed-off-by:
-
Jussi Kivilinna authored
2.6.38 added WARN_ON(in_irq) in del_timer_sync that triggers on zd1211rw when reseting rx idle timer in urb completion handler. Move timer reseting to tasklet. Signed-off-by:
Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by:
-
Jussi Kivilinna authored
Patch removes the bogus flag introduced by upstream commit eefdbec1. Old code had buffer length check that new code tried to handle with URB_SHORT_NOT_OK flag. With USB debugging enabled bogus flag caused usb_submit_urb fail. Remove URB_SHORT_NOT_OK flag and add buffer length check to urb completion handler. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=32092Reported-by:
Jonathan Callen <abcd@gentoo.org> Signed-off-by:
-
Helmut Schaa authored
Cleaning the ieee80211_rx_data.flags field here is wrong, instead the flags should be valid accross processing the frame on different interfaces. Fix this by removing the incorrect flags=0 assignment. Introduced in commit 554891e6 (mac80211: move packet flags into packet). Signed-off-by:
Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by:
-
Johannes Berg authored
The description for buf_size was misleading and just said you couldn't TX larger aggregates, but of course you can't TX aggregates in a way that would exceed the window either, which is possible even if the aggregates are shorter than that. Expand the description, thanks to Emmanuel for explaining this to me. Cc: Emmanuel Grumbach <egrumbach@gmail.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Senthil Balasubramanian authored
The phy information print during driver init time doesn't show the numeric part of the chip name properly for AR9485. This patch addresses this issue by adding the string to the respective array. Signed-off-by:
Senthil Balasubramanian <senthilkumar@atheros.com> Signed-off-by:
-
Luciano Coelho authored
The MODULE_AUTHOR() macro in the main module (wl12xx) has been updated to reflect one of the author's new email address, but the wl12xx_spi and wl12xx_sdio modules haven't been updated. This patches updates them. Signed-off-by:
-
John W. Linville authored
Otherwise, skb_put inside of dma_rx can fail... https://bugzilla.kernel.org/show_bug.cgi?id=32042Signed-off-by:
-
Florian Westphal authored
--ctdir ORIGINAL matches REPLY packets, and vv: userspace sets "invert_flags &= ~XT_CONNTRACK_DIRECTION" in ORIGINAL case. Thus: (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) ^ !!(info->invert_flags & XT_CONNTRACK_DIRECTION)) yields "1 ^ 0", which is true -> returns false. Reproducer: iptables -I OUTPUT 1 -p tcp --syn -m conntrack --ctdir ORIGINAL Signed-off-by:Florian Westphal <fwestphal@astaro.com> Signed-off-by:
Patrick McHardy <kaber@trash.net>
-
Florian Westphal authored
This avoids pulling in the ipv6 module when using (ipv4-only) iptables -m addrtype. Signed-off-by:
Florian Westphal <fw@strlen.de> Acked-by:
-
Florian Westphal authored
ipv6 fib lookup can set RT6_LOOKUP_F_IFACE flag to restrict search to an interface, but this flag cannot be set via struct flowi. Also, it cannot be set via ip6_route_output: this function uses the passed sock struct to determine if this flag is required (by testing for nonzero sk_bound_dev_if). Work around this by passing in an artificial struct sk in case 'strict' argument is true. This is required to replace the rt6_lookup call in xt_addrtype.c with nf_afinfo->route(). Signed-off-by:
-
Florian Westphal authored
This is required to eventually replace the rt6_lookup call in xt_addrtype.c with nf_afinfo->route(). Signed-off-by:
-
Hans Schillstrom authored
ipvsadm -ln --daemon will trigger a Null pointer exception because ip_vs_genl_dump_daemons() uses skb_net() instead of skb_sknet(). To prevent others from NULL ptr a check is made in ip_vs.h skb_net(). Signed-off-by:
Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by:
Simon Horman <horms@verge.net.au> Signed-off-by:
-
David Sterba authored
Static analyzer of clang found a dead store which appears to be a bug in reading count of items in SEQOF field, only the lower byte of word is stored. This may lead to corrupted read and communication shutdown. The bug has been in the module since it's first inclusion into linux kernel. [Patrick: the bug is real, but without practical consequence since the largest amount of sequence-of members we parse is 30.] Signed-off-by:
David Sterba <dsterba@suse.cz> Signed-off-by:
-
Jozsef Kadlecsik authored
The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock. Signed-off-by:
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by:
-
Jozsef Kadlecsik authored
- the timeout value was actually not set - the garbage collector was broken The variant is fixed, the tests to the ipset testsuite are added. Signed-off-by:
-
Mariusz Kozlowski authored
On error path kfree() should get pointer to memory allocated by kmalloc() not the address of variable holding it (which is on stack). Signed-off-by:
Mariusz Kozlowski <mk@lab.zgora.pl> Signed-off-by:
-
- 02 Apr, 2011 3 commits
-
-
Ilpo Järvinen authored
All callers are prepared for alloc failures anyway, so this error can safely be boomeranged to the callers domain without super bad consequences. ...At worst the connection might go into a state where each RTO tries to (unsuccessfully) re-fragment with such a mis-sized value and eventually dies. Signed-off-by:
Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
Wei Yongjun authored
Sometime the ASCONF_ACK parameters can equal to the fourfold of ASCONF parameters, this only happend in some special case: ASCONF parameter is : Unrecognized Parameter (4 bytes) ASCONF_ACK parameter should be: Error Cause Indication parameter (8 bytes header) + Error Cause (4 bytes header) + Unrecognized Parameter (4bytes) Four 4bytes Unrecognized Parameters in ASCONF chunk will cause panic. Pid: 0, comm: swapper Not tainted 2.6.38-next+ #22 Bochs Bochs EIP: 0060:[<c0717eae>] EFLAGS: 00010246 CPU: 0 EIP is at skb_put+0x60/0x70 EAX: 00000077 EBX: c09060e2 ECX: dec1dc30 EDX: c09469c0 ESI: 00000000 EDI: de3c8d40 EBP: dec1dc58 ESP: dec1dc2c DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process swapper (pid: 0, ti=dec1c000 task=c09aef20 task.ti=c0980000) Stack: c09469c0 e1894fa4 00000044 00000004 de3c8d00 de3c8d00 de3c8d44 de3c8d40 c09060e2 de25dd80 de3c8d40 dec1dc7c e1894fa4 dec1dcb0 00000040 00000004 00000000 00000800 00000004 00000004 dec1dce0 e1895a2b dec1dcb4 de25d960 Call Trace: [<e1894fa4>] ? sctp_addto_chunk+0x4e/0x89 [sctp] [<e1894fa4>] sctp_addto_chunk+0x4e/0x89 [sctp] [<e1895a2b>] sctp_process_asconf+0x32f/0x3d1 [sctp] [<e188d554>] sctp_sf_do_asconf+0xf8/0x173 [sctp] [<e1890b02>] sctp_do_sm+0xb8/0x159 [sctp] [<e18a2248>] ? sctp_cname+0x0/0x52 [sctp] [<e189392d>] sctp_assoc_bh_rcv+0xac/0xe3 [sctp] [<e1897d76>] sctp_inq_push+0x2d/0x30 [sctp] [<e18a21b2>] sctp_rcv+0x7a7/0x83d [sctp] [<c077a95c>] ? ipv4_confirm+0x118/0x125 [<c073a970>] ? nf_iterate+0x34/0x62 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194 [<c0747992>] ip_local_deliver_finish+0xf5/0x194 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44 [<c0747ab3>] ip_local_deliver+0x3e/0x44 [<c074789d>] ? ip_local_deliver_finish+0x0/0x194 [<c074775c>] ip_rcv_finish+0x29f/0x2c7 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7 [<c0747a6e>] NF_HOOK.clone.1+0x3d/0x44 [<c0747cae>] ip_rcv+0x1f5/0x233 [<c07474bd>] ? ip_rcv_finish+0x0/0x2c7 [<c071dce3>] __netif_receive_skb+0x310/0x336 [<c07221f3>] netif_receive_skb+0x4b/0x51 [<e0a4ed3d>] cp_rx_poll+0x1e7/0x29c [8139cp] [<c072275e>] net_rx_action+0x65/0x13a [<c0445a54>] __do_softirq+0xa1/0x149 [<c04459b3>] ? __do_softirq+0x0/0x149 <IRQ> [<c0445891>] ? irq_exit+0x37/0x72 [<c040a7e9>] ? do_IRQ+0x81/0x95 [<c07b3670>] ? common_interrupt+0x30/0x38 [<c0428058>] ? native_safe_halt+0xa/0xc [<c040f5d7>] ? default_idle+0x58/0x92 [<c0408fb0>] ? cpu_idle+0x96/0xb2 [<c0797989>] ? rest_init+0x5d/0x5f [<c09fd90c>] ? start_kernel+0x34b/0x350 [<c09fd0cb>] ? i386_start_kernel+0xba/0xc1 Signed-off-by:Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by:
-
Wei Yongjun authored
auth_hmacs field of struct sctp_cookie is used for store Requested HMAC Algorithm Parameter, and each HMAC Identifier is 2 bytes, so the length should be: SCTP_AUTH_NUM_HMACS * sizeof(__u16) + 2 Signed-off-by:
-
