This project is mirrored from https://git.kernel.org/pub/scm/linux/kernel/git/wagi/linux-cip-rt.git. The repository failed to update .
Repository mirroring has been paused due to too many failed attempts, and can be resumed by a project maintainer.
Last successful update .
  1. 01 Jul, 2012 1 commit
    • Neil Horman's avatar
      sctp: be more restrictive in transport selection on bundled sacks · 4244854d
      Neil Horman authored
      It was noticed recently that when we send data on a transport, its possible that
      we might bundle a sack that arrived on a different transport.  While this isn't
      a major problem, it does go against the SHOULD requirement in section 6.4 of RFC
      2960:
      
       An endpoint SHOULD transmit reply chunks (e.g., SACK, HEARTBEAT ACK,
         etc.) to the same destination transport address from which it
         received the DATA or control chunk to which it is replying.  This
         rule should also be followed if the endpoint is bundling DATA chunks
         together with the reply chunk.
      
      This patch seeks to correct that.  It restricts the bundling of sack operations
      to only those transports which have moved the ctsn of the association forward
      since the last sack.  By doing this we guarantee that we only bundle outbound
      saks on a transport that has received a chunk since the last sack.  This brings
      us into stricter compliance with the RFC.
      
      Vlad had initially suggested that we strictly allow only sack bundling on the
      transport that last moved the ctsn forward.  While this makes sense, I was
      concerned that doing so prevented us from bundling in the case where we had
      received chunks that moved the ctsn on multiple transports.  In those cases, the
      RFC allows us to select any of the transports having received chunks to bundle
      the sack on.  so I've modified the approach to allow for that, by adding a state
      variable to each transport that tracks weather it has moved the ctsn since the
      last sack.  This I think keeps our behavior (and performance), close enough to
      our current profile that I think we can do this without a sysctl knob to
      enable/disable it.
      Signed-off-by: 's avatarNeil Horman <nhorman@tuxdriver.com>
      CC: Vlad Yaseivch <vyasevich@gmail.com>
      CC: David S. Miller <davem@davemloft.net>
      CC: linux-sctp@vger.kernel.org
      Reported-by: 's avatarMichele Baldessari <michele@redhat.com>
      Reported-by: 's avatarsorin serban <sserban@redhat.com>
      Acked-by: 's avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      4244854d
  2. 29 Jun, 2012 2 commits
  3. 28 Jun, 2012 1 commit
  4. 27 Jun, 2012 3 commits
  5. 26 Jun, 2012 1 commit
    • Eric Dumazet's avatar
      net: l2tp_eth: use LLTX to avoid LOCKDEP splats · a2842a1e
      Eric Dumazet authored
      Denys Fedoryshchenko reported a LOCKDEP issue with l2tp code.
      
      [ 8683.927442] ======================================================
      [ 8683.927555] [ INFO: possible circular locking dependency detected ]
      [ 8683.927672] 3.4.1-build-0061 #14 Not tainted
      [ 8683.927782] -------------------------------------------------------
      [ 8683.927895] swapper/0/0 is trying to acquire lock:
      [ 8683.928007]  (slock-AF_INET){+.-...}, at: [<e0fc73ec>]
      l2tp_xmit_skb+0x173/0x47e [l2tp_core]
      [ 8683.928121]
      [ 8683.928121] but task is already holding lock:
      [ 8683.928121]  (_xmit_ETHER#2){+.-...}, at: [<c02f062d>]
      sch_direct_xmit+0x36/0x119
      [ 8683.928121]
      [ 8683.928121] which lock already depends on the new lock.
      [ 8683.928121]
      [ 8683.928121]
      [ 8683.928121] the existing dependency chain (in reverse order) is:
      [ 8683.928121]
      [ 8683.928121] -> #1 (_xmit_ETHER#2){+.-...}:
      [ 8683.928121]        [<c015a561>] lock_acquire+0x71/0x85
      [ 8683.928121]        [<c034da2d>] _raw_spin_lock+0x33/0x40
      [ 8683.928121]        [<c0304e0c>] ip_send_reply+0xf2/0x1ce
      [ 8683.928121]        [<c0317dbc>] tcp_v4_send_reset+0x153/0x16f
      [ 8683.928121]        [<c0317f4a>] tcp_v4_do_rcv+0x172/0x194
      [ 8683.928121]        [<c031929b>] tcp_v4_rcv+0x387/0x5a0
      [ 8683.928121]        [<c03001d0>] ip_local_deliver_finish+0x13a/0x1e9
      [ 8683.928121]        [<c0300645>] NF_HOOK.clone.11+0x46/0x4d
      [ 8683.928121]        [<c030075b>] ip_local_deliver+0x41/0x45
      [ 8683.928121]        [<c03005dd>] ip_rcv_finish+0x31a/0x33c
      [ 8683.928121]        [<c0300645>] NF_HOOK.clone.11+0x46/0x4d
      [ 8683.928121]        [<c0300960>] ip_rcv+0x201/0x23d
      [ 8683.928121]        [<c02de91b>] __netif_receive_skb+0x329/0x378
      [ 8683.928121]        [<c02deae8>] netif_receive_skb+0x4e/0x7d
      [ 8683.928121]        [<e08d5ef3>] rtl8139_poll+0x243/0x33d [8139too]
      [ 8683.928121]        [<c02df103>] net_rx_action+0x90/0x15d
      [ 8683.928121]        [<c012b2b5>] __do_softirq+0x7b/0x118
      [ 8683.928121]
      [ 8683.928121] -> #0 (slock-AF_INET){+.-...}:
      [ 8683.928121]        [<c0159f1b>] __lock_acquire+0x9a3/0xc27
      [ 8683.928121]        [<c015a561>] lock_acquire+0x71/0x85
      [ 8683.928121]        [<c034da2d>] _raw_spin_lock+0x33/0x40
      [ 8683.928121]        [<e0fc73ec>] l2tp_xmit_skb+0x173/0x47e
      [l2tp_core]
      [ 8683.928121]        [<e0fe31fb>] l2tp_eth_dev_xmit+0x1a/0x2f
      [l2tp_eth]
      [ 8683.928121]        [<c02e01e7>] dev_hard_start_xmit+0x333/0x3f2
      [ 8683.928121]        [<c02f064c>] sch_direct_xmit+0x55/0x119
      [ 8683.928121]        [<c02e0528>] dev_queue_xmit+0x282/0x418
      [ 8683.928121]        [<c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
      [ 8683.928121]        [<c031f524>] arp_xmit+0x22/0x24
      [ 8683.928121]        [<c031f567>] arp_send+0x41/0x48
      [ 8683.928121]        [<c031fa7d>] arp_process+0x289/0x491
      [ 8683.928121]        [<c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
      [ 8683.928121]        [<c031f7a0>] arp_rcv+0xb1/0xc3
      [ 8683.928121]        [<c02de91b>] __netif_receive_skb+0x329/0x378
      [ 8683.928121]        [<c02de9d3>] process_backlog+0x69/0x130
      [ 8683.928121]        [<c02df103>] net_rx_action+0x90/0x15d
      [ 8683.928121]        [<c012b2b5>] __do_softirq+0x7b/0x118
      [ 8683.928121]
      [ 8683.928121] other info that might help us debug this:
      [ 8683.928121]
      [ 8683.928121]  Possible unsafe locking scenario:
      [ 8683.928121]
      [ 8683.928121]        CPU0                    CPU1
      [ 8683.928121]        ----                    ----
      [ 8683.928121]   lock(_xmit_ETHER#2);
      [ 8683.928121]                                lock(slock-AF_INET);
      [ 8683.928121]                                lock(_xmit_ETHER#2);
      [ 8683.928121]   lock(slock-AF_INET);
      [ 8683.928121]
      [ 8683.928121]  *** DEADLOCK ***
      [ 8683.928121]
      [ 8683.928121] 3 locks held by swapper/0/0:
      [ 8683.928121]  #0:  (rcu_read_lock){.+.+..}, at: [<c02dbc10>]
      rcu_lock_acquire+0x0/0x30
      [ 8683.928121]  #1:  (rcu_read_lock_bh){.+....}, at: [<c02dbc10>]
      rcu_lock_acquire+0x0/0x30
      [ 8683.928121]  #2:  (_xmit_ETHER#2){+.-...}, at: [<c02f062d>]
      sch_direct_xmit+0x36/0x119
      [ 8683.928121]
      [ 8683.928121] stack backtrace:
      [ 8683.928121] Pid: 0, comm: swapper/0 Not tainted 3.4.1-build-0061 #14
      [ 8683.928121] Call Trace:
      [ 8683.928121]  [<c034bdd2>] ? printk+0x18/0x1a
      [ 8683.928121]  [<c0158904>] print_circular_bug+0x1ac/0x1b6
      [ 8683.928121]  [<c0159f1b>] __lock_acquire+0x9a3/0xc27
      [ 8683.928121]  [<c015a561>] lock_acquire+0x71/0x85
      [ 8683.928121]  [<e0fc73ec>] ? l2tp_xmit_skb+0x173/0x47e [l2tp_core]
      [ 8683.928121]  [<c034da2d>] _raw_spin_lock+0x33/0x40
      [ 8683.928121]  [<e0fc73ec>] ? l2tp_xmit_skb+0x173/0x47e [l2tp_core]
      [ 8683.928121]  [<e0fc73ec>] l2tp_xmit_skb+0x173/0x47e [l2tp_core]
      [ 8683.928121]  [<e0fe31fb>] l2tp_eth_dev_xmit+0x1a/0x2f [l2tp_eth]
      [ 8683.928121]  [<c02e01e7>] dev_hard_start_xmit+0x333/0x3f2
      [ 8683.928121]  [<c02f064c>] sch_direct_xmit+0x55/0x119
      [ 8683.928121]  [<c02e0528>] dev_queue_xmit+0x282/0x418
      [ 8683.928121]  [<c02e02a6>] ? dev_hard_start_xmit+0x3f2/0x3f2
      [ 8683.928121]  [<c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
      [ 8683.928121]  [<c031f524>] arp_xmit+0x22/0x24
      [ 8683.928121]  [<c02e02a6>] ? dev_hard_start_xmit+0x3f2/0x3f2
      [ 8683.928121]  [<c031f567>] arp_send+0x41/0x48
      [ 8683.928121]  [<c031fa7d>] arp_process+0x289/0x491
      [ 8683.928121]  [<c031f7f4>] ? __neigh_lookup.clone.20+0x42/0x42
      [ 8683.928121]  [<c031f4fb>] NF_HOOK.clone.19+0x45/0x4c
      [ 8683.928121]  [<c031f7a0>] arp_rcv+0xb1/0xc3
      [ 8683.928121]  [<c031f7f4>] ? __neigh_lookup.clone.20+0x42/0x42
      [ 8683.928121]  [<c02de91b>] __netif_receive_skb+0x329/0x378
      [ 8683.928121]  [<c02de9d3>] process_backlog+0x69/0x130
      [ 8683.928121]  [<c02df103>] net_rx_action+0x90/0x15d
      [ 8683.928121]  [<c012b2b5>] __do_softirq+0x7b/0x118
      [ 8683.928121]  [<c012b23a>] ? local_bh_enable+0xd/0xd
      [ 8683.928121]  <IRQ>  [<c012b4d0>] ? irq_exit+0x41/0x91
      [ 8683.928121]  [<c0103c6f>] ? do_IRQ+0x79/0x8d
      [ 8683.928121]  [<c0157ea1>] ? trace_hardirqs_off_caller+0x2e/0x86
      [ 8683.928121]  [<c034ef6e>] ? common_interrupt+0x2e/0x34
      [ 8683.928121]  [<c0108a33>] ? default_idle+0x23/0x38
      [ 8683.928121]  [<c01091a8>] ? cpu_idle+0x55/0x6f
      [ 8683.928121]  [<c033df25>] ? rest_init+0xa1/0xa7
      [ 8683.928121]  [<c033de84>] ? __read_lock_failed+0x14/0x14
      [ 8683.928121]  [<c0498745>] ? start_kernel+0x303/0x30a
      [ 8683.928121]  [<c0498209>] ? repair_env_string+0x51/0x51
      [ 8683.928121]  [<c04980a8>] ? i386_start_kernel+0xa8/0xaf
      
      It appears that like most virtual devices, l2tp should be converted to
      LLTX mode.
      
      This patch takes care of statistics using atomic_long in both RX and TX
      paths, and fix a bug in l2tp_eth_dev_recv(), which was caching skb->data
      before a pskb_may_pull() call.
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Reported-by: Denys Fedoryshchenko's avatarDenys Fedoryshchenko <denys@visp.net.lb>
      Cc: James Chapman <jchapman@katalix.com>
      Cc: Hong zhi guo <honkiko@gmail.com>
      Cc: Francois Romieu <romieu@fr.zoreil.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      a2842a1e
  6. 25 Jun, 2012 10 commits
    • alex.bluesman.smirnov@gmail.com's avatar
      mac802154: add missed braces · 8a8e28b8
      alex.bluesman.smirnov@gmail.com authored
      Add missed braces after 'if' operator.
      Signed-off-by: 's avatarAlexander Smirnov <alex.bluesman.smirnov@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      8a8e28b8
    • Eric Dumazet's avatar
      NFC: Return from rawsock_release when sk is NULL · 03e934f6
      Eric Dumazet authored
      Sasha Levin reported following panic :
      
      [ 2136.383310] BUG: unable to handle kernel NULL pointer dereference at
      00000000000003b0
      [ 2136.384022] IP: [<ffffffff8114e400>] __lock_acquire+0xc0/0x4b0
      [ 2136.384022] PGD 131c4067 PUD 11c0c067 PMD 0
      [ 2136.388106] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
      [ 2136.388106] CPU 1
      [ 2136.388106] Pid: 24855, comm: trinity-child1 Tainted: G        W
      3.5.0-rc2-sasha-00015-g7b268f7 #374
      [ 2136.388106] RIP: 0010:[<ffffffff8114e400>]  [<ffffffff8114e400>]
      __lock_acquire+0xc0/0x4b0
      [ 2136.388106] RSP: 0018:ffff8800130b3ca8  EFLAGS: 00010046
      [ 2136.388106] RAX: 0000000000000086 RBX: ffff88001186b000 RCX:
      0000000000000000
      [ 2136.388106] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
      0000000000000000
      [ 2136.388106] RBP: ffff8800130b3d08 R08: 0000000000000001 R09:
      0000000000000000
      [ 2136.388106] R10: 0000000000000000 R11: 0000000000000001 R12:
      0000000000000002
      [ 2136.388106] R13: 00000000000003b0 R14: 0000000000000000 R15:
      0000000000000000
      [ 2136.388106] FS:  00007fa5b1bd4700(0000) GS:ffff88001b800000(0000)
      knlGS:0000000000000000
      [ 2136.388106] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 2136.388106] CR2: 00000000000003b0 CR3: 0000000011d1f000 CR4:
      00000000000406e0
      [ 2136.388106] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
      0000000000000000
      [ 2136.388106] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
      0000000000000400
      [ 2136.388106] Process trinity-child1 (pid: 24855, threadinfo
      ffff8800130b2000, task ffff88001186b000)
      [ 2136.388106] Stack:
      [ 2136.388106]  ffff8800130b3cd8 ffffffff81121785 ffffffff81236774
      000080d000000001
      [ 2136.388106]  ffff88001b9d6c00 00000000001d6c00 ffffffff130b3d08
      ffff88001186b000
      [ 2136.388106]  0000000000000000 0000000000000002 0000000000000000
      0000000000000000
      [ 2136.388106] Call Trace:
      [ 2136.388106]  [<ffffffff81121785>] ? sched_clock_local+0x25/0x90
      [ 2136.388106]  [<ffffffff81236774>] ? get_empty_filp+0x74/0x220
      [ 2136.388106]  [<ffffffff8114e97a>] lock_acquire+0x18a/0x1e0
      [ 2136.388106]  [<ffffffff836b37df>] ? rawsock_release+0x4f/0xa0
      [ 2136.388106]  [<ffffffff837c0ef0>] _raw_write_lock_bh+0x40/0x80
      [ 2136.388106]  [<ffffffff836b37df>] ? rawsock_release+0x4f/0xa0
      [ 2136.388106]  [<ffffffff836b37df>] rawsock_release+0x4f/0xa0
      [ 2136.388106]  [<ffffffff8321cfe8>] sock_release+0x18/0x70
      [ 2136.388106]  [<ffffffff8321d069>] sock_close+0x29/0x30
      [ 2136.388106]  [<ffffffff81236bca>] __fput+0x11a/0x2c0
      [ 2136.388106]  [<ffffffff81236d85>] fput+0x15/0x20
      [ 2136.388106]  [<ffffffff8321de34>] sys_accept4+0x1b4/0x200
      [ 2136.388106]  [<ffffffff837c165c>] ? _raw_spin_unlock_irq+0x4c/0x80
      [ 2136.388106]  [<ffffffff837c1669>] ? _raw_spin_unlock_irq+0x59/0x80
      [ 2136.388106]  [<ffffffff837c2565>] ? sysret_check+0x22/0x5d
      [ 2136.388106]  [<ffffffff8321de8b>] sys_accept+0xb/0x10
      [ 2136.388106]  [<ffffffff837c2539>] system_call_fastpath+0x16/0x1b
      [ 2136.388106] Code: ec 04 00 0f 85 ea 03 00 00 be d5 0b 00 00 48 c7 c7
      8a c1 40 84 e8 b1 a5 f8 ff 31 c0 e9 d4 03 00 00 66 2e 0f 1f 84 00 00 00
      00 00 <49> 81 7d 00 60 73 5e 85 b8 01 00 00 00 44 0f 44 e0 83 fe 01 77
      [ 2136.388106] RIP  [<ffffffff8114e400>] __lock_acquire+0xc0/0x4b0
      [ 2136.388106]  RSP <ffff8800130b3ca8>
      [ 2136.388106] CR2: 00000000000003b0
      [ 2136.388106] ---[ end trace 6d450e935ee18982 ]---
      [ 2136.388106] Kernel panic - not syncing: Fatal exception in interrupt
      
      rawsock_release() should test if sock->sk is NULL before calling
      sock_orphan()/sock_put()
      Reported-by: 's avatarSasha Levin <levinsasha928@gmail.com>
      Tested-by: 's avatarSasha Levin <levinsasha928@gmail.com>
      Cc: stable@kernel.org
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: 's avatarSamuel Ortiz <sameo@linux.intel.com>
      03e934f6
    • Eric Dumazet's avatar
      net: l2tp_eth: fix l2tp_eth_dev_xmit race · aa214de0
      Eric Dumazet authored
      Its illegal to dereference skb after giving it to l2tp_xmit_skb()
      as it might be already freed/reused.
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Cc: James Chapman <jchapman@katalix.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      aa214de0
    • Sjur Brændeland's avatar
      caif: Clear shutdown mask to zero at reconnect. · eaa8c5f3
      Sjur Brændeland authored
      Clear caif sockets's shutdown mask at (re)connect.
      Signed-off-by: 's avatarSjur Brændeland <sjur.brandeland@stericsson.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      eaa8c5f3
    • Neal Cardwell's avatar
      tcp: heed result of security_inet_conn_request() in tcp_v6_conn_request() · 437c5b53
      Neal Cardwell authored
      If security_inet_conn_request() returns non-zero then TCP/IPv6 should
      drop the request, just as in TCP/IPv4 and DCCP in both IPv4 and IPv6.
      Signed-off-by: 's avatarNeal Cardwell <ncardwell@google.com>
      Acked-by: 's avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      437c5b53
    • Eric Dumazet's avatar
      ipv6: fib: fix fib dump restart · fa809e2f
      Eric Dumazet authored
      Commit 2bec5a36 (ipv6: fib: fix crash when changing large fib
      while dumping it) introduced ability to restart the dump at tree root,
      but failed to skip correctly a count of already dumped entries. Code
      didn't match Patrick intent.
      
      We must skip exactly the number of already dumped entries.
      
      Note that like other /proc/net files or netlink producers, we could
      still dump some duplicates entries.
      Reported-by: 's avatarDebabrata Banerjee <dbavatar@gmail.com>
      Reported-by: 's avatarJosh Hunt <johunt@akamai.com>
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      fa809e2f
    • Henrik Rydberg's avatar
      HID: Fix the generic Kconfig options · 1f41a6a9
      Henrik Rydberg authored
      The generic HID driver is obviously not a special driver, so move it
      outside of the special drivers menu. Explain the usage and make the
      default follow the HID setting. This should simplify migration from
      older kernels. While at it, remove the redundant HID_SUPPORT option
      and modify the HID and USB_HID entries to better explain the bus
      structure.
      Reported-by: Jan Beulich's avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: 's avatarHenrik Rydberg <rydberg@euromail.se>
      Signed-off-by: 's avatarJiri Kosina <jkosina@suse.cz>
      1f41a6a9
    • Dan Rosenberg's avatar
      NFC: Prevent multiple buffer overflows in NCI · 67de956f
      Dan Rosenberg authored
      Fix multiple remotely-exploitable stack-based buffer overflows due to
      the NCI code pulling length fields directly from incoming frames and
      copying too much data into statically-sized arrays.
      Signed-off-by: 's avatarDan Rosenberg <dan.j.rosenberg@gmail.com>
      Cc: stable@kernel.org
      Cc: security@kernel.org
      Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
      Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
      Cc: Samuel Ortiz <sameo@linux.intel.com>
      Cc: David S. Miller <davem@davemloft.net>
      Acked-by: 's avatarIlan Elias <ilane@ti.com>
      Signed-off-by: 's avatarSamuel Ortiz <sameo@linux.intel.com>
      67de956f
    • Eric Dumazet's avatar
      netfilter: ipvs: fix dst leak in __ip_vs_addr_is_local_v6 · c24584c0
      Eric Dumazet authored
      After call to ip6_route_output() we must release dst or we leak it.
      
      Also should test dst->error, as ip6_route_output() never returns NULL.
      
      Use boolean while we are at it.
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
      c24584c0
    • Florian Westphal's avatar
      netfilter: ipset: fix interface comparision in hash-netiface sets · ef5b6e12
      Florian Westphal authored
      ifname_compare() assumes that skb->dev is zero-padded,
      e.g 'eth1\0\0\0\0\0...'. This isn't always the case. e1000 driver does
      
      strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1);
      
      in e1000_probe(), so once device is registered dev->name memory contains
      'eth1\0:0:3\0\0\0' (or something like that), which makes eth1 compare
      fail.
      
      Use plain strcmp() instead.
      Signed-off-by: 's avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
      ef5b6e12
  7. 23 Jun, 2012 2 commits
    • Antonio Quartulli's avatar
      batman-adv: fix race condition in TT full-table replacement · 8b8e4bc0
      Antonio Quartulli authored
      bug introduced with cea194d90b11aff7fc289149e4c7f305fad3535a
      
      In the current TT code, when a TT_Response containing a full table is received
      from an originator, first the node purges all the clients for that originator in
      the global translation-table and then merges the newly received table.
      During the purging phase each client deletion is done by means of a call_rcu()
      invocation and at the end of this phase the global entry counter for that
      originator is set to 0. However the invoked rcu function decreases the global
      entry counter for that originator by one too and since the rcu invocation is
      likely to be postponed, the node will end up in first setting the counter to 0
      and then decreasing it one by one for each deleted client.
      
      This bug leads to having a wrong global entry counter for the related node, say
      X. Then when the node with the broken counter will answer to a TT_REQUEST on
      behalf of node X, it will create faulty TT_RESPONSE that will generate an
      unrecoverable situation on the node that asked for the full table recover.
      
      The non-recoverability is given by the fact that the node with the broken
      counter will keep answering on behalf of X because its knowledge about X's state
      (ttvn + tt_crc) is correct.
      
      To solve this problem the counter is not explicitly set to 0 anymore and the
      counter decrement is performed right before the invocation of call_rcu().
      Signed-off-by: 's avatarAntonio Quartulli <ordex@autistici.org>
      8b8e4bc0
    • Marek Lindner's avatar
      batman-adv: only drop packets of known wifi clients · 5870adc6
      Marek Lindner authored
      bug introduced with 59b699cd
      
      If the source or destination mac address of an ethernet packet
      could not be found in the translation table the packet was
      dropped if AP isolation was turned on. This behavior would
      make it impossible to send broadcast packets over the mesh as
      the broadcast address will never enter the translation table.
      Signed-off-by: 's avatarMarek Lindner <lindner_marek@yahoo.de>
      Acked-by: 's avatarAntonio Quartulli <ordex@autistici.org>
      5870adc6
  8. 21 Jun, 2012 1 commit
  9. 20 Jun, 2012 4 commits
  10. 19 Jun, 2012 3 commits
  11. 17 Jun, 2012 1 commit
  12. 16 Jun, 2012 1 commit
  13. 15 Jun, 2012 2 commits
  14. 14 Jun, 2012 1 commit
  15. 13 Jun, 2012 5 commits
    • Eric Dumazet's avatar
      netpoll: fix netpoll_send_udp() bugs · 954fba02
      Eric Dumazet authored
      Bogdan Hamciuc diagnosed and fixed following bug in netpoll_send_udp() :
      
      "skb->len += len;" instead of "skb_put(skb, len);"
      
      Meaning that _if_ a network driver needs to call skb_realloc_headroom(),
      only packet headers would be copied, leaving garbage in the payload.
      
      However the skb_realloc_headroom() must be avoided as much as possible
      since it requires memory and netpoll tries hard to work even if memory
      is exhausted (using a pool of preallocated skbs)
      
      It appears netpoll_send_udp() reserved 16 bytes for the ethernet header,
      which happens to work for typicall drivers but not all.
      
      Right thing is to use LL_RESERVED_SPACE(dev)
      (And also add dev->needed_tailroom of tailroom)
      
      This patch combines both fixes.
      
      Many thanks to Bogdan for raising this issue.
      Reported-by: 's avatarBogdan Hamciuc <bogdan.hamciuc@freescale.com>
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Tested-by: 's avatarBogdan Hamciuc <bogdan.hamciuc@freescale.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Neil Horman <nhorman@tuxdriver.com>
      Reviewed-by: 's avatarNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: 's avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      954fba02
    • Eric Dumazet's avatar
      splice: fix racy pipe->buffers uses · 047fe360
      Eric Dumazet authored
      Dave Jones reported a kernel BUG at mm/slub.c:3474! triggered
      by splice_shrink_spd() called from vmsplice_to_pipe()
      
      commit 35f3d14d (pipe: add support for shrinking and growing pipes)
      added capability to adjust pipe->buffers.
      
      Problem is some paths don't hold pipe mutex and assume pipe->buffers
      doesn't change for their duration.
      
      Fix this by adding nr_pages_max field in struct splice_pipe_desc, and
      use it in place of pipe->buffers where appropriate.
      
      splice_shrink_spd() loses its struct pipe_inode_info argument.
      Reported-by: 's avatarDave Jones <davej@redhat.com>
      Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Tom Herbert <therbert@google.com>
      Cc: stable <stable@vger.kernel.org> # 2.6.35
      Tested-by: 's avatarDave Jones <davej@redhat.com>
      Signed-off-by: 's avatarJens Axboe <axboe@kernel.dk>
      047fe360
    • David Spinadel's avatar
      mac80211: stop polling in disassociation · 79543d8e
      David Spinadel authored
      Stop connection monitor poll during disassociation.
      This clears the polling flags and if a scan was
      deferred it will be run.
      
      Without this fix, if a scan was deferred due to
      connection monitoring while disassociation happens,
      this scan blocks further scan requests until interface
      down/up which causes problems connecting to another AP.
      Signed-off-by: 's avatarDavid Spinadel <david.spinadel@intel.com>
      Signed-off-by: 's avatarJohannes Berg <johannes.berg@intel.com>
      79543d8e
    • Eliad Peller's avatar
      mac80211: check sdata_running on ieee80211_set_bitrate_mask · 554a43d5
      Eliad Peller authored
      Otherwise, we might call the driver callback before
      the interface was uploaded.
      
      Solves the following warning:
      WARNING: at net/mac80211/driver-ops.h:12 ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]()
      wlan0:  Failed check-sdata-in-driver check, flags: 0x0
      Modules linked in: wlcore_sdio wl12xx wl18xx wlcore mac80211 cfg80211 [last unloaded: cfg80211]
      [<c001b964>] (unwind_backtrace+0x0/0x12c) from [<c0495550>] (dump_stack+0x20/0x24)
      [<c0495550>] (dump_stack+0x20/0x24) from [<c003ee28>] (warn_slowpath_common+0x5c/0x74)
      [<c003ee28>] (warn_slowpath_common+0x5c/0x74) from [<c003eefc>] (warn_slowpath_fmt+0x40/0x48)
      [<c003eefc>] (warn_slowpath_fmt+0x40/0x48) from [<bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211])
      [<bf5c1ad0>] (ieee80211_set_bitrate_mask+0xbc/0x18c [mac80211]) from [<bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211])
      [<bf575960>] (nl80211_set_tx_bitrate_mask+0x350/0x358 [cfg80211]) from [<c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8)
      [<c03e9e94>] (genl_rcv_msg+0x1a8/0x1e8) from [<c03e9164>] (netlink_rcv_skb+0x5c/0xc0)
      [<c03e9164>] (netlink_rcv_skb+0x5c/0xc0) from [<c03e9ce0>] (genl_rcv+0x28/0x34)
      [<c03e9ce0>] (genl_rcv+0x28/0x34) from [<c03e8e74>] (netlink_unicast+0x158/0x234)
      [<c03e8e74>] (netlink_unicast+0x158/0x234) from [<c03e93e0>] (netlink_sendmsg+0x218/0x298)
      [<c03e93e0>] (netlink_sendmsg+0x218/0x298) from [<c03b4e5c>] (sock_sendmsg+0xa4/0xc0)
      [<c03b4e5c>] (sock_sendmsg+0xa4/0xc0) from [<c03b5af4>] (__sys_sendmsg+0x1d8/0x254)
      [<c03b5af4>] (__sys_sendmsg+0x1d8/0x254) from [<c03b5ca8>] (sys_sendmsg+0x4c/0x70)
      [<c03b5ca8>] (sys_sendmsg+0x4c/0x70) from [<c0013980>] (ret_fast_syscall+0x0/0x3c)
      
      Note that calling the driver can also result
      in undefined behaviour since it doesn't have
      to deal with calls while down.
      Signed-off-by: 's avatarEliad Peller <eliad@wizery.com>
      [removed timestamps, added note - Johannes]
      Signed-off-by: 's avatarJohannes Berg <johannes.berg@intel.com>
      554a43d5
    • Eliad Peller's avatar
      cfg80211: fix potential deadlock in regulatory · fe20b39e
      Eliad Peller authored
      reg_timeout_work() calls restore_regulatory_settings() which
      takes cfg80211_mutex.
      
      reg_set_request_processed() already holds cfg80211_mutex
      before calling cancel_delayed_work_sync(reg_timeout),
      so it might deadlock.
      
      Call the async cancel_delayed_work instead, in order
      to avoid the potential deadlock.
      
      This is the relevant lockdep warning:
      
      cfg80211: Calling CRDA for country: XX
      
      ======================================================
      [ INFO: possible circular locking dependency detected ]
      3.4.0-rc5-wl+ #26 Not tainted
      -------------------------------------------------------
      kworker/0:2/1391 is trying to acquire lock:
       (cfg80211_mutex){+.+.+.}, at: [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
      
      but task is already holding lock:
       ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 ((reg_timeout).work){+.+...}:
             [<c008fd44>] validate_chain+0xb94/0x10f0
             [<c0090b68>] __lock_acquire+0x8c8/0x9b0
             [<c0090d40>] lock_acquire+0xf0/0x114
             [<c005b600>] wait_on_work+0x4c/0x154
             [<c005c000>] __cancel_work_timer+0xd4/0x11c
             [<c005c064>] cancel_delayed_work_sync+0x1c/0x20
             [<bf28b274>] reg_set_request_processed+0x50/0x78 [cfg80211]
             [<bf28bd84>] set_regdom+0x550/0x600 [cfg80211]
             [<bf294cd8>] nl80211_set_reg+0x218/0x258 [cfg80211]
             [<c03c7738>] genl_rcv_msg+0x1a8/0x1e8
             [<c03c6a00>] netlink_rcv_skb+0x5c/0xc0
             [<c03c7584>] genl_rcv+0x28/0x34
             [<c03c6720>] netlink_unicast+0x15c/0x228
             [<c03c6c7c>] netlink_sendmsg+0x218/0x298
             [<c03933c8>] sock_sendmsg+0xa4/0xc0
             [<c039406c>] __sys_sendmsg+0x1e4/0x268
             [<c0394228>] sys_sendmsg+0x4c/0x70
             [<c0013840>] ret_fast_syscall+0x0/0x3c
      
      -> #1 (reg_mutex){+.+.+.}:
             [<c008fd44>] validate_chain+0xb94/0x10f0
             [<c0090b68>] __lock_acquire+0x8c8/0x9b0
             [<c0090d40>] lock_acquire+0xf0/0x114
             [<c04734dc>] mutex_lock_nested+0x48/0x320
             [<bf28b2cc>] reg_todo+0x30/0x538 [cfg80211]
             [<c0059f44>] process_one_work+0x2a0/0x480
             [<c005a4b4>] worker_thread+0x1bc/0x2bc
             [<c0061148>] kthread+0x98/0xa4
             [<c0014af4>] kernel_thread_exit+0x0/0x8
      
      -> #0 (cfg80211_mutex){+.+.+.}:
             [<c008ed58>] print_circular_bug+0x68/0x2cc
             [<c008fb28>] validate_chain+0x978/0x10f0
             [<c0090b68>] __lock_acquire+0x8c8/0x9b0
             [<c0090d40>] lock_acquire+0xf0/0x114
             [<c04734dc>] mutex_lock_nested+0x48/0x320
             [<bf28ae00>] restore_regulatory_settings+0x34/0x418 [cfg80211]
             [<bf28b200>] reg_timeout_work+0x1c/0x20 [cfg80211]
             [<c0059f44>] process_one_work+0x2a0/0x480
             [<c005a4b4>] worker_thread+0x1bc/0x2bc
             [<c0061148>] kthread+0x98/0xa4
             [<c0014af4>] kernel_thread_exit+0x0/0x8
      
      other info that might help us debug this:
      
      Chain exists of:
        cfg80211_mutex --> reg_mutex --> (reg_timeout).work
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock((reg_timeout).work);
                                     lock(reg_mutex);
                                     lock((reg_timeout).work);
        lock(cfg80211_mutex);
      
       *** DEADLOCK ***
      
      2 locks held by kworker/0:2/1391:
       #0:  (events){.+.+.+}, at: [<c0059e94>] process_one_work+0x1f0/0x480
       #1:  ((reg_timeout).work){+.+...}, at: [<c0059e94>] process_one_work+0x1f0/0x480
      
      stack backtrace:
      [<c001b928>] (unwind_backtrace+0x0/0x12c) from [<c0471d3c>] (dump_stack+0x20/0x24)
      [<c0471d3c>] (dump_stack+0x20/0x24) from [<c008ef70>] (print_circular_bug+0x280/0x2cc)
      [<c008ef70>] (print_circular_bug+0x280/0x2cc) from [<c008fb28>] (validate_chain+0x978/0x10f0)
      [<c008fb28>] (validate_chain+0x978/0x10f0) from [<c0090b68>] (__lock_acquire+0x8c8/0x9b0)
      [<c0090b68>] (__lock_acquire+0x8c8/0x9b0) from [<c0090d40>] (lock_acquire+0xf0/0x114)
      [<c0090d40>] (lock_acquire+0xf0/0x114) from [<c04734dc>] (mutex_lock_nested+0x48/0x320)
      [<c04734dc>] (mutex_lock_nested+0x48/0x320) from [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211])
      [<bf28ae00>] (restore_regulatory_settings+0x34/0x418 [cfg80211]) from [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211])
      [<bf28b200>] (reg_timeout_work+0x1c/0x20 [cfg80211]) from [<c0059f44>] (process_one_work+0x2a0/0x480)
      [<c0059f44>] (process_one_work+0x2a0/0x480) from [<c005a4b4>] (worker_thread+0x1bc/0x2bc)
      [<c005a4b4>] (worker_thread+0x1bc/0x2bc) from [<c0061148>] (kthread+0x98/0xa4)
      [<c0061148>] (kthread+0x98/0xa4) from [<c0014af4>] (kernel_thread_exit+0x0/0x8)
      cfg80211: Calling CRDA to update world regulatory domain
      cfg80211: World regulatory domain updated:
      cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
      cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
      cfg80211:   (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
      cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
      cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
      cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
      
      Cc: stable@kernel.org
      Signed-off-by: 's avatarEliad Peller <eliad@wizery.com>
      Signed-off-by: 's avatarJohannes Berg <johannes.berg@intel.com>
      fe20b39e
  16. 12 Jun, 2012 2 commits
    • Ashok Nagarajan's avatar
      mac80211: add missing kernel-doc · 1dd45581
      Ashok Nagarajan authored
      Add a few kernel-doc descriptions that were missed
      during mesh development.
      Reported-by: 's avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: 's avatarAshok Nagarajan <ashok@cozybit.com>
      Acked-by: 's avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: 's avatarJohannes Berg <johannes.berg@intel.com>
      1dd45581
    • Szymon Janc's avatar
      Bluetooth: Fix using uninitialized option in RFCMode · 8f321f85
      Szymon Janc authored
      If remote device sends bogus RFC option with invalid length,
      undefined options values are used. Fix this by using defaults when
      remote misbehaves.
      
      This also fixes the following warning reported by gcc 4.7.0:
      
      net/bluetooth/l2cap_core.c: In function 'l2cap_config_rsp':
      net/bluetooth/l2cap_core.c:3302:13: warning: 'rfc.max_pdu_size' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.max_pdu_size' was declared here
      net/bluetooth/l2cap_core.c:3298:25: warning: 'rfc.monitor_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.monitor_timeout' was declared here
      net/bluetooth/l2cap_core.c:3297:25: warning: 'rfc.retrans_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.retrans_timeout' was declared here
      net/bluetooth/l2cap_core.c:3295:2: warning: 'rfc.mode' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.mode' was declared here
      Signed-off-by: 's avatarSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: 's avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      8f321f85