summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* net: Implement read-only protection and COW'ing of metrics.David S. Miller2011-01-279-46/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Routing metrics are now copy-on-write. Initially a route entry points it's metrics at a read-only location. If a routing table entry exists, it will point there. Else it will point at the all zero metric place-holder called 'dst_default_metrics'. The writeability state of the metrics is stored in the low bits of the metrics pointer, we have two bits left to spare if we want to store more states. For the initial implementation, COW is implemented simply via kmalloc. However future enhancements will change this to place the writable metrics somewhere else, in order to increase sharing. Very likely this "somewhere else" will be the inetpeer cache. Note also that this means that metrics updates may transiently fail if we cannot COW the metrics successfully. But even by itself, this patch should decrease memory usage and increase cache locality especially for routing workloads. In those cases the read-only metric copies stay in place and never get written to. TCP workloads where metrics get updated, and those rare cases where PMTU triggers occur, will take a very slight performance hit. But that hit will be alleviated when the long-term writable metrics move to a more sharable location. Since the metrics storage went from a u32 array of RTAX_MAX entries to what is essentially a pointer, some retooling of the dst_entry layout was necessary. Most importantly, we need to preserve the alignment of the reference count so that it doesn't share cache lines with the read-mostly state, as per Eric Dumazet's alignment assertion checks. The only non-trivial bit here is the move of the 'flags' member into the writeable cacheline. This is OK since we are always accessing the flags around the same moment when we made a modification to the reference count. Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2011-01-2633-240/+384
|\ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
| * xfrm6: Don't forget to propagate peer into ipsec route.David S. Miller2011-01-261-0/+6
| | | | | | | | | | | | | | Like ipv4, we have to propagate the ipv6 route peer into the ipsec top-level route during instantiation. Signed-off-by: David S. Miller <davem@davemloft.net>
| * tg3: Use new VLAN codeMatt Carlson2011-01-262-88/+10
| | | | | | | | | | | | | | | | | | | | | | This patch pivots the tg3 driver to the new VLAN infrastructure. All references to vlgrp have been removed. The driver still attempts to disable VLAN tag stripping if CONFIG_VLAN_8021Q or CONFIG_VLAN_8021Q_MODULE is not defined. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * Merge branch 'master' of ↵David S. Miller2011-01-2617-132/+105
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| | * MAINTAINERS: remove Reinette Chatre as iwlwifi maintainerReinette Chatre2011-01-251-1/+0
| | | | | | | | | | | | | | | | | | Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * rt2x00: add device id for windy31 usb deviceGreg Kroah-Hartman2011-01-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds the device id for the windy31 USB device to the rt73usb driver. Thanks to Ralf Flaxa for reporting this and providing testing and a sample device. Reported-by: Ralf Flaxa <rf@suse.de> Tested-by: Ralf Flaxa <rf@suse.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * mac80211: fix a crash in ieee80211_beacon_get_tim on change_interfaceFelix Fietkau2011-01-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some drivers (e.g. ath9k) do not always disable beacons when they're supposed to. When an interface is changed using the change_interface op, the mode specific sdata part is in an undefined state and trying to get a beacon at this point can produce weird crashes. To fix this, add a check for ieee80211_sdata_running before using anything from the sdata. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * rtlwifi: Fix possible NULL dereferenceJesper Juhl2011-01-211-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In drivers/net/wireless/rtlwifi/pci.c::_rtl_pci_rx_interrupt() we call dev_alloc_skb(), which may fail and return NULL, but we do not check the returned value against NULL before dereferencing the returned pointer. This may lead to a NULL pointer dereference which means we'll crash - not good. In a separate call to dev_alloc_skb(), the debug level is changed so that the failure message will always be logged. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * ath9k: add missing ps wakeup/restore callsFelix Fietkau2011-01-212-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several places where ath_reset() was called without proper calls to ath9k_ps_wakeup/ath9k_ps_restore. To fix this, add those calls directly to ath_reset and drop them from callers where it makes sense. Also add them to the config callback around ath_update_txpow to fix a crash that happens when the tx power changed before any vif is brought up. Signed-off-by: Felix Fietkau <nbd@openwrt.org> Cc: stable@kernel.org Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * ath9k_hw: disabled PAPRD for AR9003Luis R. Rodriguez2011-01-212-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AR9003's PAPRD was enabled prematurely, and is causing some large discrepancies on throughput and network connectivity. For example downlink (RX) throughput against an AR9280 AP can vary widlely from 43-73 Mbit/s while disabling this gets AR9382 (2x2) up to around 93 Mbit/s in a 2.4 GHz HT20 setup. Cc: stable@kernel.org Cc: Paul Shaw <paul.shaw@atheros.com> Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * iwlwifi: don't read sku information from EEPROM for 4965Wey-Yi Guy2011-01-212-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For all the new devices, the sku information should read from EEPROM but for legacy devices such as 4965, appearly the EEPROM does not contain the necessary information. so skip the read from EEPROM and go back to use software configuration. Reported-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Tested-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * Bluetooth: Fix race condition with conn->sec_levelJohan Hedberg2011-01-193-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The conn->sec_level value is supposed to represent the current level of security that the connection has. However, by assigning to it before requesting authentication it will have the wrong value during the authentication procedure. To fix this a pending_sec_level variable is added which is used to track the desired security level while making sure that sec_level always represents the current level of security. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: Fix authentication request for L2CAP raw socketsJohan Hedberg2011-01-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When there is an existing connection l2cap_check_security needs to be called to ensure that the security level of the new socket is fulfilled. Normally l2cap_do_start takes care of this, but that function doesn't get called for SOCK_RAW type sockets. This patch adds the necessary l2cap_check_security call to the appropriate branch in l2cap_do_connect. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: Create a unified auth_type evaluation functionJohan Hedberg2011-01-191-49/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The logic for determining the needed auth_type for an L2CAP socket is rather complicated and has so far been duplicated in l2cap_check_security as well as l2cap_do_connect. Additionally the l2cap_check_security code was completely missing the handling of SOCK_RAW type sockets. This patch creates a unified function for the evaluation and makes l2cap_do_connect and l2cap_check_security use that function. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: Fix MITM protection requirement preservationJohan Hedberg2011-01-191-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an existing connection has a MITM protection requirement (the first bit of the auth_type) then that requirement should not be cleared by new sockets that reuse the ACL but don't have that requirement. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Revert "Bluetooth: Update sec_level/auth_type for already existing connections"Johan Hedberg2011-01-191-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 045309820afe047920a50de25634dab46a1e851d. That commit is wrong for two reasons: - The conn->sec_level shouldn't be updated without performing authentication first (as it's supposed to represent the level of security that the existing connection has) - A higher auth_type value doesn't mean "more secure" like the commit seems to assume. E.g. dedicated bonding with MITM protection is 0x03 whereas general bonding without MITM protection is 0x04. hci_conn_auth already takes care of updating conn->auth_type so hci_connect doesn't need to do it. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: Never deallocate a session when some DLC points to itLukáš Turek2011-01-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug introduced in commit 9cf5b0ea3a7f1432c61029f7aaf4b8b338628884: function rfcomm_recv_ua calls rfcomm_session_put without checking that the session is not referenced by some DLC. If the session is freed, that DLC would refer to deallocated memory, causing an oops later, as shown in this bug report: https://bugzilla.kernel.org/show_bug.cgi?id=15994 Signed-off-by: Lukas Turek <8an@praha12.net> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: Fix leaking blacklist when unregistering a hci deviceJohan Hedberg2011-01-191-0/+4
| | | | | | | | | | | | | | | | | | | | | The blacklist should be freed before the hci device gets unregistered. Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: l2cap: fix misuse of logical operation in place of bitopDavid Sterba2011-01-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | CC: Marcel Holtmann <marcel@holtmann.org> CC: "Gustavo F. Padovan" <padovan@profusion.mobi> CC: João Paulo Rechi Vita <jprvita@profusion.mobi> Signed-off-by: David Sterba <dsterba@suse.cz> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| | * Bluetooth: ath3k: reduce memory usageAlexander Holler2011-01-191-55/+20
| | | | | | | | | | | | | | | | | | | | | There is no need to hold the firmware in memory. Signed-off-by: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
| * | bonding: update documentation - alternate configuration.Nicolas de Pesloüan2011-01-251-12/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bonding documentation used to provide configuration details and examples for initscripts and sysconfig only. This patch describe the third possible configuration: /etc/network/interfaces. Signed-off-by: Nicolas de Pesloüan <nicolas.2p.debian@free.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | TCP: fix a bug that triggers large number of TCP RST by mistakeJerry Chu2011-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a bug that causes TCP RST packets to be generated on otherwise correctly behaved applications, e.g., no unread data on close,..., etc. To trigger the bug, at least two conditions must be met: 1. The FIN flag is set on the last data packet, i.e., it's not on a separate, FIN only packet. 2. The size of the last data chunk on the receive side matches exactly with the size of buffer posted by the receiver, and the receiver closes the socket without any further read attempt. This bug was first noticed on our netperf based testbed for our IW10 proposal to IETF where a large number of RST packets were observed. netperf's read side code meets the condition 2 above 100%. Before the fix, tcp_data_queue() will queue the last skb that meets condition 1 to sk_receive_queue even though it has fully copied out (skb_copy_datagram_iovec()) the data. Then if condition 2 is also met, tcp_recvmsg() often returns all the copied out data successfully without actually consuming the skb, due to a check "if ((chunk = len - tp->ucopy.len) != 0) {" and "len -= chunk;" after tcp_prequeue_process() that causes "len" to become 0 and an early exit from the big while loop. I don't see any reason not to free the skb whose data have been fully consumed in tcp_data_queue(), regardless of the FIN flag. We won't get there if MSG_PEEK is on. Am I missing some arcane cases related to urgent data? Signed-off-by: H.K. Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | ipv6: Revert 'administrative down' address handling changes.David S. Miller2011-01-251-48/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts the following set of commits: d1ed113f1669390da9898da3beddcc058d938587 ("ipv6: remove duplicate neigh_ifdown") 29ba5fed1bbd09c2cba890798c8f9eaab251401d ("ipv6: don't flush routes when setting loopback down") 9d82ca98f71fd686ef2f3017c5e3e6a4871b6e46 ("ipv6: fix missing in6_ifa_put in addrconf") 2de795707294972f6c34bae9de713e502c431296 ("ipv6: addrconf: don't remove address state on ifdown if the address is being kept") 8595805aafc8b077e01804c9a3668e9aa3510e89 ("IPv6: only notify protocols if address is compeletely gone") 27bdb2abcc5edb3526e25407b74bf17d1872c329 ("IPv6: keep tentative addresses in hash table") 93fa159abe50d3c55c7f83622d3f5c09b6e06f4b ("IPv6: keep route for tentative address") 8f37ada5b5f6bfb4d251a7f510f249cb855b77b3 ("IPv6: fix race between cleanup and add/delete address") 84e8b803f1e16f3a2b8b80f80a63fa2f2f8a9be6 ("IPv6: addrconf notify when address is unavailable") dc2b99f71ef477a31020511876ab4403fb7c4420 ("IPv6: keep permanent addresses on admin down") because the core semantic change to ipv6 address handling on ifdown has broken some things, in particular "disable_ipv6" sysctl handling. Stephen has made several attempts to get things back in working order, but nothing has restored disable_ipv6 fully yet. Reported-by: Eric W. Biederman <ebiederm@xmission.com> Tested-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | textsearch: doc - fix spelling in lib/textsearch.c.Jesper Dangaard Brouer2011-01-251-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found the following spelling errors while reading the textsearch code: "facitilies" -> "facilities" "continously" -> "continuously" "arbitary" -> "arbitrary" "patern" -> "pattern" "occurences" -> "occurrences" I'll try to push this patch through DaveM, given the only users of textsearch is in the net/ tree (nf_conntrack_amanda.c, xt_string.c and em_text.c) Signed-off-by: Jesper Sander <sander.contrib@gmail.com> Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | USB NET KL5KUSB101: Fix mem leak in error path of kaweth_download_firmware()Jesper Juhl2011-01-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We will leak the storage allocated by request_firmware() if the size of the firmware is greater than KAWETH_FIRMWARE_BUF_SIZE. This removes the leak by calling release_firmware() before we return -ENOSPC. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | pch_gbe: don't use flush_scheduled_work()Tejun Heo2011-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Directly cancel adapter->reset_task instead of using to-be-deprecated flush_scheduled_work(). Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | bnx2: Always set ETH_FLAG_TXVLANMichael Chan2011-01-251-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | TSO does not work if the VLAN tag is in the packet (non-accelerated). We may be able to remove this restriction in future firmware. Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | net: clear heap allocation for ethtool_get_regs()Eugene Teo2011-01-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | There is a conflict between commit b00916b1 and a77f5db3. This patch resolves the conflict by clearing the heap allocation in ethtool_get_regs(). Cc: stable@kernel.org Signed-off-by: Eugene Teo <eugeneteo@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | ipv6: Always clone offlink routes.David S. Miller2011-01-251-8/+1
| | | | | | | | | | | | | | | | | | | | | | | | Do not handle PMTU vs. route lookup creation any differently wrt. offlink routes, always clone them. Reported-by: PK <runningdoglackey@yahoo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | dcbnl: make get_app handling symmetric for IEEE and CEE DCBxJohn Fastabend2011-01-251-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IEEE get/set app handlers use generic routines and do not require the net_device to implement the dcbnl_ops routines. This patch makes it symmetric so user space and drivers do not have to handle the CEE version and IEEE DCBx versions differently. Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge branch 'can/at91_can-for-net-2.6' of ↵David S. Miller2011-01-252-26/+137
| |\ \ | | | | | | | | | | | | git://git.pengutronix.de/git/mkl/linux-2.6
| | * | can: at91_can: make can_id of mailbox 0 configurableMarc Kleine-Budde2011-01-242-7/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to a chip bug (errata 50.2.6.3 & 50.3.5.3 in "AT91SAM9263 Preliminary 6249H-ATARM-27-Jul-09") the contents of mailbox 0 may be send under certain conditions (even if disabled or in rx mode). The workaround in the errata suggests not to use the mailbox and load it with an unused identifier. This patch implements the second part of the workaround. A sysfs entry "mb0_id" is introduced. While the interface is down it can be used to configure the can_id of mailbox 0. The default value id 0x7ff. In order to use an extended can_id add the CAN_EFF_FLAG (0x80000000U) to the can_id. Example: - standard id 0x7ff: echo 0x7ff > /sys/class/net/can0/mb0_id - extended id 0x1fffffff: echo 0x9fffffff > /sys/class/net/can0/mb0_id Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Acked-by: Wolfgang Grandegger <wg@grandegger.com> Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be> For the Documentation-part: Acked-by: Wolfram Sang <w.sang@pengutronix.de>
| | * | can: at91_can: don't use mailbox 0Marc Kleine-Budde2011-01-241-12/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to a chip bug (errata 50.2.6.3 & 50.3.5.3 in "AT91SAM9263 Preliminary 6249H-ATARM-27-Jul-09") the contents of mailbox 0 may be send under certain conditions (even if disabled or in rx mode). The workaround in the errata suggests not to use the mailbox and load it with a unused identifier. This patch implements the first part of the workaround, it updates AT91_MB_RX_NUM and AT91_MB_RX_FIRST (and the inline documentation) so that mailbox 0 stays unused. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Acked-by: Wolfgang Grandegger <wg@grandegger.com> Acked-by: Kurt Van Dijck <kurt.van.dijck@eia.be>
| | * | can: at91_can: clean up usage of AT91_MB_RX_FIRST and AT91_MB_RX_NUMMarc Kleine-Budde2011-01-241-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch cleans up the usage of two macros which specify the mailbox usage. AT91_MB_RX_FIRST and AT91_MB_RX_NUM define the first and the number of RX mailboxes. The current driver uses these variables in an unclean way; assuming that AT91_MB_RX_FIRST is 0; This patch cleans up the usage of these macros, no longer assuming AT91_MB_RX_FIRST == 0. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Acked-by: Wolfgang Grandegger <wg@grandegger.com>
| * | | tcp: fix bug in listening_get_next()Eric Dumazet2011-01-241-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit a8b690f98baf9fb19 (tcp: Fix slowness in read /proc/net/tcp) introduced a bug in handling of SYN_RECV sockets. st->offset represents number of sockets found since beginning of listening_hash[st->bucket]. We should not reset st->offset when iterating through syn_table[st->sbucket], or else if more than ~25 sockets (if PAGE_SIZE=4096) are in SYN_RECV state, we exit from listening_get_next() with a too small st->offset Next time we enter tcp_seek_last_pos(), we are not able to seek past already found sockets. Reported-by: PK <runningdoglackey@yahoo.com> CC: Tom Herbert <therbert@google.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | inetpeer: Use correct AVL tree base pointer in inet_getpeer().David S. Miller2011-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Family was hard-coded to AF_INET but should be daddr->family. This fixes crashes when unlinking ipv6 peer entries, since the unlink code was looking up the base pointer properly. Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | GRO: fix merging a paged skb after non-paged skbsMichal Schmidt2011-01-241-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Suppose that several linear skbs of the same flow were received by GRO. They were thus merged into one skb with a frag_list. Then a new skb of the same flow arrives, but it is a paged skb with data starting in its frags[]. Before adding the skb to the frag_list skb_gro_receive() will of course adjust the skb to throw away the headers. It correctly modifies the page_offset and size of the frag, but it leaves incorrect information in the skb: ->data_len is not decreased at all. ->len is decreased only by headlen, as if no change were done to the frag. Later in a receiving process this causes skb_copy_datagram_iovec() to return -EFAULT and this is seen in userspace as the result of the recv() syscall. In practice the bug can be reproduced with the sfc driver. By default the driver uses an adaptive scheme when it switches between using napi_gro_receive() (with skbs) and napi_gro_frags() (with pages). The bug is reproduced when under rx load with enough successful GRO merging the driver decides to switch from the former to the latter. Manual control is also possible, so reproducing this is easy with netcat: - on machine1 (with sfc): nc -l 12345 > /dev/null - on machine2: nc machine1 12345 < /dev/zero - on machine1: echo 1 > /sys/module/sfc/parameters/rx_alloc_method # use skbs echo 2 > /sys/module/sfc/parameters/rx_alloc_method # use pages - See that nc has quit suddenly. [v2: Modified by Eric Dumazet to avoid advancing skb->data past the end and to use a temporary variable.] Signed-off-by: Michal Schmidt <mschmidt@redhat.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | net_sched: sch_mqprio: dont leak kernel memoryEric Dumazet2011-01-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mqprio_dump() should make sure all fields of struct tc_mqprio_qopt are initialized. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | smc91x: add devicetree supportThomas Chou2011-01-261-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Thomas Chou <thomas@wytron.com.tw> Reviewed-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Update copyrights and update version to 3.117Matt Carlson2011-01-262-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch updates copyrights and updates the tg3 version to 3.117. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Fix eee preprocessor namingMatt Carlson2011-01-262-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a preprocessor naming bug for one of the EEE registers. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Fix EEE interoperability issueMatt Carlson2011-01-262-7/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a problem where EEE will fail to work in certain environments. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Disable EEE during loopback testsMatt Carlson2011-01-261-5/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | EEE interferes with the hardware's ability to loop a packet back to the host. This patch disables the feature for the duration of the test. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Disable MAC loopback test for CPMU devicesMatt Carlson2011-01-261-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On CPMU devices, the MAC loopback test does not test any important paths the phy loopback test doesn't also test. The phy loopback test is the more comprehensive test. This patch disables the MAC loopback test for these devices. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Fix loopback testsMatt Carlson2011-01-261-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The half-duplex bit in the MAC MODE register will be set during the loopback test if the external link is in half-duplex mode. This will cause the loopback test to fail on newer devices. This patch turns the half-duplex bit off for the test. Also, newer devices fail the internal phy loopback test because the phy link takes a little while to come up. This patch adds code to wait for the link before proceeding with the test. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Restrict phy ioctl accessMatt Carlson2011-01-261-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If management firmware is present and the device is down, the firmware will assume control of the phy. If a phy access were allowed from the host, it will collide with firmware phy accesses, resulting in unpredictable behavior. This patch fixes the problem by disallowing phy accesses during the problematic condition. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Disable multivec mode for 1 MSIX vectorMatt Carlson2011-01-261-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For single vector MSI-X allocations, we do not want to enable multivector modes. This patch makes the necessary corrections. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Use new VLAN codeMatt Carlson2011-01-262-88/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch pivots the tg3 driver to the new VLAN infrastructure. All references to vlgrp have been removed. The driver still attempts to disable VLAN tag stripping if CONFIG_VLAN_8021Q or CONFIG_VLAN_8021Q_MODULE is not defined. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | tg3: Fix 5719 A0 tx completion bugMatt Carlson2011-01-262-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 5719 A0 has a bug that manifests itself as if the chipset were reordering memory writes. The best known way to solve this problem is to turn off LSO and jumbo frames. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>