pandora-kernel.git
9 years agonetprio_cgroup: remove task_struct parameter from sock_update_netprio()
Zefan Li [Mon, 8 Apr 2013 20:03:47 +0000 (20:03 +0000)]
netprio_cgroup: remove task_struct parameter from sock_update_netprio()

The callers always pass current to sock_update_netprio().

Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agocls_cgroup: remove task_struct parameter from sock_update_classid()
Zefan Li [Mon, 8 Apr 2013 20:03:35 +0000 (20:03 +0000)]
cls_cgroup: remove task_struct parameter from sock_update_classid()

The callers always pass current to sock_update_classid().

Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotcp_memcontrol: remove a redundant statement in tcp_destroy_cgroup()
Zefan Li [Mon, 8 Apr 2013 19:59:28 +0000 (19:59 +0000)]
tcp_memcontrol: remove a redundant statement in tcp_destroy_cgroup()

We read the value but make no use of it.

Signed-off-by: Li Zefan <lizefan@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ipv6: only invalidate previously tokenized addresses
Daniel Borkmann [Tue, 9 Apr 2013 03:47:16 +0000 (03:47 +0000)]
net: ipv6: only invalidate previously tokenized addresses

Instead of invalidating all IPv6 addresses with global scope
when one decides to use IPv6 tokens, we should only invalidate
previous tokens and leave the rest intact until they expire
eventually (or are intact forever). For doing this less greedy
approach, we're adding a bool at the end of inet6_ifaddr structure
instead, for two reasons: i) per-inet6_ifaddr flag space is
already used up, making it wider might not be a good idea,
since ii) also we do not necessarily need to export this
information into user space.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ipv6: also allow token to be set when device not ready
Daniel Borkmann [Tue, 9 Apr 2013 03:47:15 +0000 (03:47 +0000)]
net: ipv6: also allow token to be set when device not ready

When we set the iftoken in inet6_set_iftoken(), we return -EINVAL
when the device does not have flag IF_READY. This is however not
necessary and rather an artificial usability barrier, since we
simply can set the token despite that, and in case the device is
ready, we just send out our rs, otherwise ifup et al. will do
this for us anyway.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ipv6: minor: use in6addr_any in token init
Daniel Borkmann [Tue, 9 Apr 2013 03:47:14 +0000 (03:47 +0000)]
net: ipv6: minor: use in6addr_any in token init

Since we check for !ipv6_addr_any(&in6_dev->token) in
addrconf_prefix_rcv(), make the token initialization on
device setup more intuitive by using in6addr_any as an
initializer.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: cdc_ncm: demote "unexpected notification" to debug level
Bjørn Mork [Mon, 8 Apr 2013 08:26:23 +0000 (08:26 +0000)]
net: cdc_ncm: demote "unexpected notification" to debug level

Receiving unhandled notifications is most certainly not an error
and should not be logged as one.  Knowing that the device sends
notifications we don't handle is useful for developers, but there
is very little a user can do about this.  The message is therefore
just annoying noise to most users with devices sending unhandled
notifications like e.g. USB_CDC_NOTIFY_RESPONSE_AVAILABLE

Cc: Alexey Orishko <alexey.orishko@stericsson.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoDocumentation: cgroup: add documentation for net_cls cgroups.
Rami Rosen [Mon, 8 Apr 2013 04:04:20 +0000 (04:04 +0000)]
Documentation: cgroup: add documentation for net_cls cgroups.

This patch adds a new file, Documentation/cgroups/net_cls.txt, with info
about net_cls cgroups, and updates the 00-INDEX accordingly.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ipv6: add tokenized interface identifier support
Daniel Borkmann [Mon, 8 Apr 2013 04:01:30 +0000 (04:01 +0000)]
net: ipv6: add tokenized interface identifier support

This patch adds support for IPv6 tokenized IIDs, that allow
for administrators to assign well-known host-part addresses
to nodes whilst still obtaining global network prefix from
Router Advertisements. It is currently in draft status.

  The primary target for such support is server platforms
  where addresses are usually manually configured, rather
  than using DHCPv6 or SLAAC. By using tokenised identifiers,
  hosts can still determine their network prefix by use of
  SLAAC, but more readily be automatically renumbered should
  their network prefix change. [...]

  The disadvantage with static addresses is that they are
  likely to require manual editing should the network prefix
  in use change.  If instead there were a method to only
  manually configure the static identifier part of the IPv6
  address, then the address could be automatically updated
  when a new prefix was introduced, as described in [RFC4192]
  for example.  In such cases a DNS server might be
  configured with such a tokenised interface identifier of
  ::53, and SLAAC would use the token in constructing the
  interface address, using the advertised prefix. [...]

  http://tools.ietf.org/html/draft-chown-6man-tokenised-ipv6-identifiers-02

The implementation is partially based on top of Mark K.
Thompson's proof of concept. However, it uses the Netlink
interface for configuration resp. data retrival, so that
it can be easily extended in future. Successfully tested
by myself.

Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: prefetch all dma_erx when use extend_desc
Giuseppe CAVALLARO [Mon, 8 Apr 2013 02:10:03 +0000 (02:10 +0000)]
stmmac: prefetch all dma_erx when use extend_desc

This patch is to prefetch, in the stmmac_rx, the whole
dma_erx descriptor in case of using the extended descriptors.

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: review private structure fields
Giuseppe CAVALLARO [Mon, 8 Apr 2013 02:10:02 +0000 (02:10 +0000)]
stmmac: review private structure fields

recently many new supports have been added in the stmmac driver w/o taking care
about where each new field had to be placed inside the private structure for
guaranteeing the best cache usage.
This is what I wanted in the beginning, so this patch reorganizes all the fields
in order to keep adjacent fields for cache effect.
I have also tried to optimize them by using pahole.

V2: do not abuse with ____cacheline_aligned_in_smp and keep fields that
potentially could stay in the same cache-line for better usage in SMP systems.

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: code tidy-up
Giuseppe CAVALLARO [Mon, 8 Apr 2013 02:10:01 +0000 (02:10 +0000)]
stmmac: code tidy-up

This patch tidies up the code. I have run Linden (and verified with checkpatch)
many part of the driver trying to reorganize some sections respecting the
codying-style rules in the points where it was not done.

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: improve/review and fix kernel-doc
Giuseppe CAVALLARO [Mon, 8 Apr 2013 02:10:00 +0000 (02:10 +0000)]
stmmac: improve/review and fix kernel-doc

this patch reviews/improves and adds some fixes in the code doc.
Also kernel-doc passes w/o any warnings.

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: review driver documentation
Giuseppe CAVALLARO [Mon, 8 Apr 2013 02:09:59 +0000 (02:09 +0000)]
stmmac: review driver documentation

This patch reviews the driver documentation file;
for example, there were some new fields (in the driver
module parameter section) and the ptp files were
not documented.

Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agostmmac: modified pcs mode support for SGMII
Byungho An [Sun, 7 Apr 2013 17:56:16 +0000 (17:56 +0000)]
stmmac: modified pcs mode support for SGMII

This patch modifies the pcs mode support for SGMII. Even though
SGMII does auto-negotiation with phy, it needs stmmac_init_phy and
stmmac_mdio_register function for initializing phy.

Signed-off-by: Byungho An <bh74.an@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: of_mdio: scan mdiobus for PHYs without reg property
Sebastian Hesselbarth [Sun, 7 Apr 2013 01:09:48 +0000 (01:09 +0000)]
net: of_mdio: scan mdiobus for PHYs without reg property

Using DT for mdiobus and ethernet-phy requires to know the PHY address, which
is hard to guess if you don't know it. This patch extends of_mdiobus_register
to scan mdiobus for PHYs if reg property of the corresponding node is not set.
This also allows to have phy nodes in SoC DT files where the reg property can
be overwritten in the board file later. To encourage people to finally set the
actual phy address, the mdiobus scan is noisier than required.

Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: mvmdio: get and enable optional clock
Sebastian Hesselbarth [Sun, 7 Apr 2013 01:09:47 +0000 (01:09 +0000)]
net: mvmdio: get and enable optional clock

Marvell mdio driver uses internal registers that can be clock gated on
some SoCs. This patch just adds optional clock handling, to allow to pass
and enable the corresponding clock.

Signed-off-by: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Acked-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ks8851: Use dev_pm_ops
Lars-Peter Clausen [Sat, 6 Apr 2013 23:33:04 +0000 (23:33 +0000)]
net: ks8851: Use dev_pm_ops

Use dev_pm_ops instead of the deprecated legacy suspend/resume callbacks.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ks8851: Use module_spi_driver
Lars-Peter Clausen [Sat, 6 Apr 2013 23:33:03 +0000 (23:33 +0000)]
net: ks8851: Use module_spi_driver

By using module_spi_driver we can eliminate a few lines of boilerplate code.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomac802154: Keep track of the channel when changed
Alan Ott [Fri, 5 Apr 2013 13:03:10 +0000 (13:03 +0000)]
mac802154: Keep track of the channel when changed

Two sections checked whether the current channel != the new channel
without ever setting the current channel variables.

1. net/mac802154/tx.c: Prevent set_channel() from getting called every
time a packet is sent.

2. net/mac802154/mib.c: Lock (pib_lock) accesses to current_channel and
current_page and make sure they are updated when the channel has been
changed.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomrf24j40: Enable link-layer acknowledgement and retry
Alan Ott [Fri, 5 Apr 2013 10:34:51 +0000 (10:34 +0000)]
mrf24j40: Enable link-layer acknowledgement and retry

On the MRF24J40, link-layer acknowledgment request and retry must be
turned on explicitly for each packet.  Turn this on in the hardware based
on the FC_ACK_REQ bit being set in the packet.

Also, now that failure to receive an ACK will cause the hardware to report
failure of transmission, change the log level for this failure to debug
level.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoTTY: ircomm, use GFP_KERNEL in ircomm_open()
Mathias Krause [Fri, 5 Apr 2013 11:02:07 +0000 (11:02 +0000)]
TTY: ircomm, use GFP_KERNEL in ircomm_open()

Hi Greg,

I'm unsure if you or Dave should take that one as it's for one a TTY
patch but also living under net/. So I'm uncertain and let you decide!

Thanks,
Mathias

-- >8 --
Subject: [PATCH] TTY: ircomm, use GFP_KERNEL in ircomm_open()

We're clearly running in non-atomic context as our only call site is
able to call wait_event_interruptible(). So we're safe to use GFP_KERNEL
here instead of GFP_ATOMIC.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoirda: use GFP_KERNEL in irda_connect_response()
Mathias Krause [Fri, 5 Apr 2013 10:41:28 +0000 (10:41 +0000)]
irda: use GFP_KERNEL in irda_connect_response()

The only call site of irda_connect_response() is irda_accept() -- a
function called from user context only. Therefore it has no need for
GFP_ATOMIC.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoirda: use GFP_KERNEL in irda_create()
Mathias Krause [Fri, 5 Apr 2013 10:41:27 +0000 (10:41 +0000)]
irda: use GFP_KERNEL in irda_create()

irda_create() is called from user context only, therefore has no need
for GFP_ATOMIC.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoip_gre: fix a possible crash in parse_gre_header()
Eric Dumazet [Thu, 4 Apr 2013 15:41:27 +0000 (15:41 +0000)]
ip_gre: fix a possible crash in parse_gre_header()

pskb_may_pull() can change skb->head, so we must init iph/greh after
calling it.

Bug added in commit c54419321455 (GRE: Refactor GRE tunneling code.)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoat86rf230: remove unnecessary / dead code
Sascha Herrmann [Thu, 4 Apr 2013 11:02:00 +0000 (11:02 +0000)]
at86rf230: remove unnecessary / dead code

In at86rf230_probe() lp was first set to dev->priv and a few lines later
dev->priv was set to lp again, without changing lp in between. The call
to ieee802154_unregister_device() before err_irq: was unreachable.

Signed-off-by: Sascha Herrmann <sascha@ps.nvbi.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoenic: be less verbose about non-critical firmware errors
Stefan Assmann [Thu, 4 Apr 2013 06:57:08 +0000 (06:57 +0000)]
enic: be less verbose about non-critical firmware errors

If a feature is not supported by firmware no need to print an error message.
This surpresses the following harmless message on boot up and ethtool query.
enic: Error 1 devcmd 36

Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoieee802154/nl-mac.c: make some MLME operations optional
Werner Almesberger [Thu, 4 Apr 2013 06:32:35 +0000 (06:32 +0000)]
ieee802154/nl-mac.c: make some MLME operations optional

Check for NULL before calling the following operations from "struct
ieee802154_mlme_ops": assoc_req, assoc_resp, disassoc_req, start_req,
and scan_req.

This fixes a current oops where those functions are called but not
implemented. It also updates the documentation to clarify that they
are now optional by design. If a call to an unimplemented function
is attempted, the kernel returns EOPNOTSUPP via netlink.

The following operations are still required: get_phy, get_pan_id,
get_short_addr, and get_dsn.

Note that the places where this patch changes the initialization
of "ret" should not affect the rest of the code since "ret" was
always set (again) before returning its value.

Signed-off-by: Werner Almesberger <werner@almesberger.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoIEEE 802.15.4: remove get_bsn from "struct ieee802154_mlme_ops"
Werner Almesberger [Thu, 4 Apr 2013 06:32:12 +0000 (06:32 +0000)]
IEEE 802.15.4: remove get_bsn from "struct ieee802154_mlme_ops"

It served no purpose: we never call it from anywhere in the stack
and the only driver that did implement it (fakehard) merely provided
a dummy value.

There is also considerable doubt whether it would make sense to
even attempt beacon processing at this level in the Linux kernel.

Signed-off-by: Werner Almesberger <werner@almesberger.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoscm: Stop passing struct cred
Eric W. Biederman [Wed, 3 Apr 2013 17:28:16 +0000 (17:28 +0000)]
scm: Stop passing struct cred

Now that uids and gids are completely encapsulated in kuid_t
and kgid_t we no longer need to pass struct cred which allowed
us to test both the uid and the user namespace for equality.

Passing struct cred potentially allows us to pass the entire group
list as BSD does but I don't believe the cost of cache line misses
justifies retaining code for a future potential application.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Sun, 7 Apr 2013 22:37:01 +0000 (18:37 -0400)]
Merge git://git./linux/kernel/git/davem/net

Conflicts:
drivers/nfc/microread/mei.c
net/netfilter/nfnetlink_queue_core.c

Pull in 'net' to get Eric Biederman's AF_UNIX fix, upon which
some cleanups are going to go on-top.

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobnx2x: Fix KR2 rapid link flap
Yaniv Rosner [Sun, 7 Apr 2013 05:36:23 +0000 (05:36 +0000)]
bnx2x: Fix KR2 rapid link flap

Check KR2 recovery time at the beginning of the work-around function.

Signed-off-by: Yaniv Rosner <yanivr@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agodecnet: remove duplicated include from dn_table.c
Wei Yongjun [Wed, 3 Apr 2013 15:33:07 +0000 (15:33 +0000)]
decnet: remove duplicated include from dn_table.c

Remove duplicated include.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet_cls: remove duplicated include from cls_api.c
Wei Yongjun [Wed, 3 Apr 2013 15:21:22 +0000 (15:21 +0000)]
net_cls: remove duplicated include from cls_api.c

Remove duplicated include.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonetdev/phy: Implement ieee802.3 clause 45 in mdio-octeon.c
David Daney [Wed, 3 Apr 2013 09:25:32 +0000 (09:25 +0000)]
netdev/phy: Implement ieee802.3 clause 45 in mdio-octeon.c

The Octeon SMI/MDIO interfaces can do clause 45 communications, so
implement this in the driver.

Also fix some comment formatting to make it consistent and to comply
with the netdev style.

Signed-off-by: David Daney <david.daney@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years ago6lowpan: handle dev_queue_xmit() error code properly
Alan Ott [Wed, 3 Apr 2013 04:00:58 +0000 (04:00 +0000)]
6lowpan: handle dev_queue_xmit() error code properly

dev_queue_xmit() will return a positive value if the packet could not be
queued, often because the real network device (in our case the mac802154
wpan device) has its queue stopped.  lowpan_xmit() should handle the
positive return code (for the debug statement) and return that value to
the higher layer so the higher layer will retry sending the packet.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomac802154: Increase tx_buffer_len
Alan Ott [Wed, 3 Apr 2013 04:00:57 +0000 (04:00 +0000)]
mac802154: Increase tx_buffer_len

Increase the buffer length from 10 to 300 packets. Consider that traffic on
mac802154 devices will often be 6LoWPAN, and a full-length (1280 octet)
IPv6 packet will fragment into 15 6LoWPAN fragments (because the MTU of
IEEE 802.15.4 is 127).  A 300-packet queue is really 20 full-length IPv6
packets.

With a queue length of 10, an entire IPv6 packet was unable to get queued
at one time, causing fragments to be dropped, and making reassembly
impossible.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomac802154: Use netif flow control
Alan Ott [Wed, 3 Apr 2013 04:00:56 +0000 (04:00 +0000)]
mac802154: Use netif flow control

Use netif_stop_queue() and netif_wake_queue() to control the flow of
packets to mac802154 devices.  Since many IEEE 802.15.4 devices have no
output buffer, and since the mac802154 xmit() function is designed to
block, netif_stop_queue() is called after each packet.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agomac802154: Do not try to resend failed packets
Alan Ott [Wed, 3 Apr 2013 04:00:55 +0000 (04:00 +0000)]
mac802154: Do not try to resend failed packets

When ops->xmit() fails, drop the packet. Devices which support hardware
ack and retry (which include all devices currently supported by mainline),
will automatically retry sending the packet (in the hardware) up to 3
times, per the 802.15.4 spec.  There is no need, and it is incorrect to
try to do it in mac802154.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosctp: fix error return code in __sctp_connect()
Wei Yongjun [Wed, 3 Apr 2013 03:02:28 +0000 (03:02 +0000)]
sctp: fix error return code in __sctp_connect()

Fix to return a negative error code from the error handling
case instead of 0, as returned elsewhere in this function.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years ago802: fix a possible race condition
Cong Wang [Tue, 2 Apr 2013 21:52:40 +0000 (21:52 +0000)]
802: fix a possible race condition

(Resend with a better changelog)

garp_pdu_queue() should ways be called with this spin lock.
garp_uninit_applicant() only holds rtnl lock which is not
enough here.  A possible race can happen as garp_pdu_rcv()
is called in BH context:

garp_pdu_rcv()
  |->garp_pdu_parse_msg()
    |->garp_pdu_parse_attr()
      |-> garp_gid_event()

Found by code inspection.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: David Ward <david.ward@ll.mit.edu>
Cc: "Jorge Boncompte [DTI2]" <jorge@dti2.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoselftests: net: add PF_PACKET TPACKET v1/v2/v3 selftests
Daniel Borkmann [Tue, 2 Apr 2013 13:00:51 +0000 (13:00 +0000)]
selftests: net: add PF_PACKET TPACKET v1/v2/v3 selftests

This patch adds a simple test case that probes the packet socket's
TPACKET_V1, TPACKET_V2 and TPACKET_V3 behavior regarding mmap(2)'ed
I/O for a small burst of 100 packets. The test currently runs for ...

  TPACKET_V1: RX_RING, TX_RING
  TPACKET_V2: RX_RING, TX_RING
  TPACKET_V3: RX_RING

... and will output on success:

  test: TPACKET_V1 with PACKET_RX_RING .................... 100 pkts (9600 bytes)
  test: TPACKET_V1 with PACKET_TX_RING .................... 100 pkts (9600 bytes)
  test: TPACKET_V2 with PACKET_RX_RING .................... 100 pkts (9600 bytes)
  test: TPACKET_V2 with PACKET_TX_RING .................... 100 pkts (9600 bytes)
  test: TPACKET_V3 with PACKET_RX_RING .................... 100 pkts (9600 bytes)
  OK. All tests passed

Reusable parts of psock_fanout.c have been put into a psock_lib.h
file for common usage. Test case successfully tested on x86_64.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agosctp: remove 'sridhar' from maintainers list
Sridhar Samudrala [Tue, 2 Apr 2013 12:35:31 +0000 (12:35 +0000)]
sctp: remove 'sridhar' from maintainers list

Update SCTP maintainers list.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agovxlan: Bypass encapsulation if the destination is local
Sridhar Samudrala [Tue, 2 Apr 2013 12:31:52 +0000 (12:31 +0000)]
vxlan: Bypass encapsulation if the destination is local

This patch bypasses vxlan encapsulation if the destination vxlan
endpoint is a local device.

Changes since v1: added missing check for vxlan_find_vni() failure

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx4_en: Advertize DCB_CAP_DCBX_HOST in getdcbx
Or Gerlitz [Sun, 7 Apr 2013 03:44:08 +0000 (03:44 +0000)]
net/mlx4_en: Advertize DCB_CAP_DCBX_HOST in getdcbx

When our getdcbx entry is called, DCB_CAP_DCBX_HOST should be advertized too.

Cc: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx4_en: Enable DCB ETS ops only when supported by the firmware
Or Gerlitz [Sun, 7 Apr 2013 03:44:07 +0000 (03:44 +0000)]
net/mlx4_en: Enable DCB ETS ops only when supported by the firmware

Enable the DCB ETS ops only when supported by the firmware. For older firmware/cards
which don't support ETS, advertize only PFC DCB ops.

Signed-off-by: Eugenia Emantayev <eugenia@mellanox.co.il>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/mlx4_core: Added proper description for two device capabilities
Or Gerlitz [Sun, 7 Apr 2013 03:44:06 +0000 (03:44 +0000)]
net/mlx4_core: Added proper description for two device capabilities

Added readable description for the DPDP and port sensing device capabilities.

Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: phy: spi_ks8995: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:37:07 +0000 (20:37 +0000)]
net: phy: spi_ks8995: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: wireless: p54spi: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:36:47 +0000 (20:36 +0000)]
net: wireless: p54spi: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: wireless: wl1251: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:36:25 +0000 (20:36 +0000)]
net: wireless: wl1251: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ethernet: enc28j60: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:36:11 +0000 (20:36 +0000)]
net: ethernet: enc28j60: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ethernet: ks8851: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:35:43 +0000 (20:35 +0000)]
net: ethernet: ks8851: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: can: mcp251x: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:35:14 +0000 (20:35 +0000)]
net: can: mcp251x: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: ieee802154: mrf24j40: use spi_get_drvdata() and spi_set_drvdata()
Jingoo Han [Fri, 5 Apr 2013 20:34:18 +0000 (20:34 +0000)]
net: ieee802154: mrf24j40: use spi_get_drvdata() and spi_set_drvdata()

Use the wrapper functions for getting and setting the driver data using
spi_device instead of using dev_{get|set}_drvdata with &spi->dev, so we
can directly pass a struct spi_device.

Signed-off-by: Jingoo Han <jg1.han@samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: add a new chip for RTL8106E
hayeswang [Mon, 1 Apr 2013 22:23:42 +0000 (22:23 +0000)]
r8169: add a new chip for RTL8106E

Add a new chip for RTL8106E series.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: adjust the flow of hw_start
hayeswang [Mon, 1 Apr 2013 22:23:41 +0000 (22:23 +0000)]
r8169: adjust the flow of hw_start

The suggestion as following:
- initial settings or default settings
- rtl_hw_start_xxx. rtl_hw_start_xxx may change some default settings.
- enable tx/rx. This has to be after the above two steps.
- rtl_set_rx_mode. AcceptXXXs have to be enabled after enabling tx/rx.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: add a new chip for RTL8111G
hayeswang [Mon, 1 Apr 2013 22:23:40 +0000 (22:23 +0000)]
r8169: add a new chip for RTL8111G

Add a new chip for RTL8111G series.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Update the RTL8111G parameters
hayeswang [Mon, 1 Apr 2013 22:23:39 +0000 (22:23 +0000)]
r8169: Update the RTL8111G parameters

- replace rtl8168g-1.fw with rtl8168g-2.fw which support new method.
- fix PHY power down is useless.
- disable rx early which causes the rx abnormal.
- enable auto fifo.
- set 10M IFG to default value.
- fix the conflict between jumbo frame and flow control.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Modify the method for setting firmware
hayeswang [Mon, 1 Apr 2013 22:23:38 +0000 (22:23 +0000)]
r8169: Modify the method for setting firmware

Remove useless action PHY_READ_EFUSE, PHY_READ_MAC_BYTE, PHY_WRITE_MAC_BYTE,
PHY_WRITE_ERI_WORD. And define the new action PHY_MDIO_CHG.

PHY_MDIO_CHG is used to modify the mdio operation. By the way, the
firmware could support setting mac ocp.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Update PHY settings of RTL8111G
hayeswang [Mon, 1 Apr 2013 22:23:37 +0000 (22:23 +0000)]
r8169: Update PHY settings of RTL8111G

Add the new settings and correct the wrong settings.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Modify the mothod for PHY settings of RTL8111G
hayeswang [Mon, 1 Apr 2013 22:23:36 +0000 (22:23 +0000)]
r8169: Modify the mothod for PHY settings of RTL8111G

Replace the current settings with rtl_writephy and rtl_readphy.
For the hardware, the settings are same with previous ones. This
make the setting method like the previous chips.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agor8169: Remove firmware code
hayeswang [Mon, 1 Apr 2013 22:23:35 +0000 (22:23 +0000)]
r8169: Remove firmware code

Some codes are belong to binary codes and should be removed.

Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'infoleaks'
David S. Miller [Sun, 7 Apr 2013 20:42:40 +0000 (16:42 -0400)]
Merge branch 'infoleaks'

Mathias Krause says:

====================
a few more info leak fixes in the recvmsg path. The error pattern here
is the protocol specific recvmsg function is missing the msg_namelen
assignment -- either completely or in early exit paths that do not
result in errors in __sys_recvmsg()/sys_recvfrom() and, in turn, make
them call move_addr_to_user(), leaking the then still uninitialized
sockaddr_storage stack variable to userland.

My audit was initiated by a rather coarse fix of the leak that can be
found in the grsecurity patch, putting a penalty on protocols complying
to the rules of recvmsg. So credits for finding the leak in the recvmsg
path in __sys_recvmsg() should go to Brad!

The buggy protocols/subsystems are rather obscure anyway. As a missing
assignment of msg_namelen coupled with a missing filling of msg_name
would only result in garbage -- the leak -- in case userland would care
about that information, i.e. would provide a msg_name pointer. But
obviously current userland does not.

While auditing the code for the above pattern I found a few more
'uninitialized members' kind of leaks related to the msg_name filling.
Those are fixed in this series, too.

I have to admit, I failed to test all of the patches due to missing
hardware, e.g. iucv depends on S390 -- hardware I've no access to :/
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoVSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:52:02 +0000 (01:52 +0000)]
VSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg()

The code misses to update the msg_namelen member to 0 and therefore
makes net/socket.c leak the local, uninitialized sockaddr_storage
variable to userland -- 128 bytes of kernel stack memory.

Cc: Andy King <acking@vmware.com>
Cc: Dmitry Torokhov <dtor@vmware.com>
Cc: George Zhang <georgezhang@vmware.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoVSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue()
Mathias Krause [Sun, 7 Apr 2013 01:52:01 +0000 (01:52 +0000)]
VSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue()

In case we received no data on the call to skb_recv_datagram(), i.e.
skb->data is NULL, vmci_transport_dgram_dequeue() will return with 0
without updating msg_namelen leading to net/socket.c leaking the local,
uninitialized sockaddr_storage variable to userland -- 128 bytes of
kernel stack memory.

Fix this by moving the already existing msg_namelen assignment a few
lines above.

Cc: Andy King <acking@vmware.com>
Cc: Dmitry Torokhov <dtor@vmware.com>
Cc: George Zhang <georgezhang@vmware.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: fix info leaks via msg_name in recv_msg/recv_stream
Mathias Krause [Sun, 7 Apr 2013 01:52:00 +0000 (01:52 +0000)]
tipc: fix info leaks via msg_name in recv_msg/recv_stream

The code in set_orig_addr() does not initialize all of the members of
struct sockaddr_tipc when filling the sockaddr info -- namely the union
is only partly filled. This will make recv_msg() and recv_stream() --
the only users of this function -- leak kernel stack memory as the
msg_name member is a local variable in net/socket.c.

Additionally to that both recv_msg() and recv_stream() fail to update
the msg_namelen member to 0 while otherwise returning with 0, i.e.
"success". This is the case for, e.g., non-blocking sockets. This will
lead to a 128 byte kernel stack leak in net/socket.c.

Fix the first issue by initializing the memory of the union with
memset(0). Fix the second one by setting msg_namelen to 0 early as it
will be updated later if we're going to fill the msg_name member.

Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agorose: fix info leak via msg_name in rose_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:59 +0000 (01:51 +0000)]
rose: fix info leak via msg_name in rose_recvmsg()

The code in rose_recvmsg() does not initialize all of the members of
struct sockaddr_rose/full_sockaddr_rose when filling the sockaddr info.
Nor does it initialize the padding bytes of the structure inserted by
the compiler for alignment. This will lead to leaking uninitialized
kernel stack bytes in net/socket.c.

Fix the issue by initializing the memory used for sockaddr info with
memset(0).

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoNFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:58 +0000 (01:51 +0000)]
NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg()

The code in llcp_sock_recvmsg() does not initialize all the members of
struct sockaddr_nfc_llcp when filling the sockaddr info. Nor does it
initialize the padding bytes of the structure inserted by the compiler
for alignment.

Also, if the socket is in state LLCP_CLOSED or is shutting down during
receive the msg_namelen member is not updated to 0 while otherwise
returning with 0, i.e. "success". The msg_namelen update is also
missing for stream and seqpacket sockets which don't fill the sockaddr
info.

Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.

Fix the first issue by initializing the memory used for sockaddr info
with memset(0). Fix the second one by setting msg_namelen to 0 early.
It will be updated later if we're going to fill the msg_name member.

Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonetrom: fix info leak via msg_name in nr_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:57 +0000 (01:51 +0000)]
netrom: fix info leak via msg_name in nr_recvmsg()

In case msg_name is set the sockaddr info gets filled out, as
requested, but the code fails to initialize the padding bytes of
struct sockaddr_ax25 inserted by the compiler for alignment. Also
the sax25_ndigis member does not get assigned, leaking four more
bytes.

Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.

Fix both issues by initializing the memory with memset(0).

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agollc: Fix missing msg_namelen update in llc_ui_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:56 +0000 (01:51 +0000)]
llc: Fix missing msg_namelen update in llc_ui_recvmsg()

For stream sockets the code misses to update the msg_namelen member
to 0 and therefore makes net/socket.c leak the local, uninitialized
sockaddr_storage variable to userland -- 128 bytes of kernel stack
memory. The msg_namelen update is also missing for datagram sockets
in case the socket is shutting down during receive.

Fix both issues by setting msg_namelen to 0 early. It will be
updated later if we're going to fill the msg_name member.

Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agol2tp: fix info leak in l2tp_ip6_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:55 +0000 (01:51 +0000)]
l2tp: fix info leak in l2tp_ip6_recvmsg()

The L2TP code for IPv6 fails to initialize the l2tp_conn_id member of
struct sockaddr_l2tpip6 and therefore leaks four bytes kernel stack
in l2tp_ip6_recvmsg() in case msg_name is set.

Initialize l2tp_conn_id with 0 to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoiucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:54 +0000 (01:51 +0000)]
iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()

The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.

Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about iucv_sock_recvmsg() not filling the msg_name in case it was set.

Cc: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoirda: Fix missing msg_namelen update in irda_recvmsg_dgram()
Mathias Krause [Sun, 7 Apr 2013 01:51:53 +0000 (01:51 +0000)]
irda: Fix missing msg_namelen update in irda_recvmsg_dgram()

The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.

Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about irda_recvmsg_dgram() not filling the msg_name in case it was
set.

Cc: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agocaif: Fix missing msg_namelen update in caif_seqpkt_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:52 +0000 (01:51 +0000)]
caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg()

The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.

Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about caif_seqpkt_recvmsg() not filling the msg_name in case it was
set.

Cc: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoBluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:51 +0000 (01:51 +0000)]
Bluetooth: SCO - Fix missing msg_namelen update in sco_sock_recvmsg()

If the socket is in state BT_CONNECT2 and BT_SK_DEFER_SETUP is set in
the flags, sco_sock_recvmsg() returns early with 0 without updating the
possibly set msg_namelen member. This, in turn, leads to a 128 byte
kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_recvmsg().

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoBluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:50 +0000 (01:51 +0000)]
Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg()

If RFCOMM_DEFER_SETUP is set in the flags, rfcomm_sock_recvmsg() returns
early with 0 without updating the possibly set msg_namelen member. This,
in turn, leads to a 128 byte kernel stack leak in net/socket.c.

Fix this by updating msg_namelen in this case. For all other cases it
will be handled in bt_sock_stream_recvmsg().

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoBluetooth: fix possible info leak in bt_sock_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:49 +0000 (01:51 +0000)]
Bluetooth: fix possible info leak in bt_sock_recvmsg()

In case the socket is already shutting down, bt_sock_recvmsg() returns
with 0 without updating msg_namelen leading to net/socket.c leaking the
local, uninitialized sockaddr_storage variable to userland -- 128 bytes
of kernel stack memory.

Fix this by moving the msg_namelen assignment in front of the shutdown
test.

Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoax25: fix info leak via msg_name in ax25_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:48 +0000 (01:51 +0000)]
ax25: fix info leak via msg_name in ax25_recvmsg()

When msg_namelen is non-zero the sockaddr info gets filled out, as
requested, but the code fails to initialize the padding bytes of struct
sockaddr_ax25 inserted by the compiler for alignment. Additionally the
msg_namelen value is updated to sizeof(struct full_sockaddr_ax25) but is
not always filled up to this size.

Both issues lead to the fact that the code will leak uninitialized
kernel stack bytes in net/socket.c.

Fix both issues by initializing the memory with memset(0).

Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoatm: update msg_namelen in vcc_recvmsg()
Mathias Krause [Sun, 7 Apr 2013 01:51:47 +0000 (01:51 +0000)]
atm: update msg_namelen in vcc_recvmsg()

The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.

Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about vcc_recvmsg() not filling the msg_name in case it was set.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoipv6/tcp: Stop processing ICMPv6 redirect messages
Christoph Paasch [Sun, 7 Apr 2013 04:53:15 +0000 (04:53 +0000)]
ipv6/tcp: Stop processing ICMPv6 redirect messages

Tetja Rediske found that if the host receives an ICMPv6 redirect message
after sending a SYN+ACK, the connection will be reset.

He bisected it down to 093d04d (ipv6: Change skb->data before using
icmpv6_notify() to propagate redirect), but the origin of the bug comes
from ec18d9a26 (ipv6: Add redirect support to all protocol icmp error
handlers.). The bug simply did not trigger prior to 093d04d, because
skb->data did not point to the inner IP header and thus icmpv6_notify
did not call the correct err_handler.

This patch adds the missing "goto out;" in tcp_v6_err. After receiving
an ICMPv6 Redirect, we should not continue processing the ICMP in
tcp_v6_err, as this may trigger the removal of request-socks or setting
sk_err(_soft).

Reported-by: Tetja Rediske <tetja@tetja.de>
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'master' of git://1984.lsi.us.es/nf-next
David S. Miller [Sun, 7 Apr 2013 16:22:06 +0000 (12:22 -0400)]
Merge branch 'master' of git://1984.lsi.us.es/nf-next

Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter and IPVS updates for
your net-next tree, most relevantly they are:

* Add net namespace support to NFLOG, ULOG and ebt_ulog and NFQUEUE.
  The LOG and ebt_log target has been also adapted, but they still
  depend on the syslog netnamespace that seems to be missing, from
  Gao Feng.

* Don't lose indications of congestion in IPv6 fragmentation handling,
  from Hannes Frederic Sowa.i

* IPVS conversion to use RCU, including some code consolidation patches
  and optimizations, also some from Julian Anastasov.

* cpu fanout support for NFQUEUE, from Holger Eitzenberger.

* Better error reporting to userspace when dropping packets from
  all our _*_[xfrm|route]_me_harder functions, from Patrick McHardy.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonetfilter: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling
Hannes Frederic Sowa [Sun, 24 Mar 2013 15:20:51 +0000 (15:20 +0000)]
netfilter: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling

This change brings netfilter reassembly logic on par with
reassembly.c. The corresponding change in net-next is
(eec2e61 ipv6: implement RFC3168 5.3 (ecn protection) for
ipv6 fragmentation handling)

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Fri, 5 Apr 2013 21:04:10 +0000 (14:04 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Fix erroneous sock_orphan() leading to crashes and double
    kfree_skb() in NFC protocol.  From Thierry Escande and Samuel Ortiz.

 2) Fix use after free in remain-on-channel mac80211 code, from Johannes
    Berg.

 3) nf_reset() needs to reset the NF tracing cookie, otherwise we can
    leak it from one namespace into another.  Fix from Gao Feng and
    Patrick McHardy.

 4) Fix overflow in channel scanning array of mwifiex driver, from Stone
    Piao.

 5) Fix loss of link after suspend/shutdown in r8169, from Hayes Wang.

 6) Synchronization of unicast address lists to the undelying device
    doesn't work because whether to sync is maintained as a boolean
    rather than a true count.  Fix from Vlad Yasevich.

 7) Fix corruption of TSO packets in atl1e by limiting the segmented
    packet length.  From Hannes Frederic Sowa.

 8) Revert bogus AF_UNIX credential passing change and fix the
    coalescing issue properly, from Eric W Biederman.

 9) Changes of ipv4 address lifetime settings needs to generate a
    notification, from Jiri Pirko.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (22 commits)
  netfilter: don't reset nf_trace in nf_reset()
  net: ipv4: notify when address lifetime changes
  ixgbe: fix registration order of driver and DCA nofitication
  af_unix: If we don't care about credentials coallesce all messages
  Revert "af_unix: dont send SCM_CREDENTIAL when dest socket is NULL"
  bonding: remove sysfs before removing devices
  atl1e: limit gso segment size to prevent generation of wrong ip length fields
  net: count hw_addr syncs so that unsync works properly.
  r8169: fix auto speed down issue
  netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths
  mwifiex: limit channel number not to overflow memory
  NFC: microread: Fix build failure due to a new MEI bus API
  iwlwifi: dvm: fix the passive-no-RX workaround
  netfilter: nf_conntrack: fix error return code
  NFC: llcp: Keep the connected socket parent pointer alive
  mac80211: fix idle handling sequence
  netfilter: nfnetlink_acct: return -EINVAL if object name is empty
  netfilter: nfnetlink_queue: fix error return code in nfnetlink_queue_init()
  netfilter: reset nf_trace in nf_reset
  mac80211: fix remain-on-channel cancel crash
  ...

9 years agonetfilter: don't reset nf_trace in nf_reset()
Patrick McHardy [Fri, 5 Apr 2013 18:42:05 +0000 (20:42 +0200)]
netfilter: don't reset nf_trace in nf_reset()

Commit 130549fe ("netfilter: reset nf_trace in nf_reset") added code
to reset nf_trace in nf_reset(). This is wrong and unnecessary.

nf_reset() is used in the following cases:

- when passing packets up the the socket layer, at which point we want to
  release all netfilter references that might keep modules pinned while
  the packet is queued. nf_trace doesn't matter anymore at this point.

- when encapsulating or decapsulating IPsec packets. We want to continue
  tracing these packets after IPsec processing.

- when passing packets through virtual network devices. Only devices on
  that encapsulate in IPv4/v6 matter since otherwise nf_trace is not
  used anymore. Its not entirely clear whether those packets should
  be traced after that, however we've always done that.

- when passing packets through virtual network devices that make the
  packet cross network namespace boundaries. This is the only cases
  where we clearly want to reset nf_trace and is also what the
  original patch intended to fix.

Add a new function nf_reset_trace() and use it in dev_forward_skb() to
fix this properly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Linus Torvalds [Fri, 5 Apr 2013 19:23:12 +0000 (12:23 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus

Pull MIPS fixes from Ralf Baechle:
 "Fixes for a number of small glitches in various corners of the MIPS
  tree.  No particular areas is standing out.

  With this applied all MIPS defconfigs are building fine.  No merge
  conflicts are expected."

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Delete definition of SA_RESTORER.
  MIPS: Fix ISA level which causes secondary cache init bypassing and more
  MIPS: Fix build error cavium-octeon without CONFIG_SMP
  MIPS: Kconfig: Rename SNIPROM too
  MIPS: Alchemy: Fix typo "CONFIG_DEBUG_PCI"
  MIPS: Unbreak function tracer for 64-bit kernel.

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes
Linus Torvalds [Fri, 5 Apr 2013 19:22:02 +0000 (12:22 -0700)]
Merge git://git./linux/kernel/git/steve/gfs2-3.0-fixes

Pull GFS2 fixes from Steven Whitehouse:
 "There are two patches which fix up a couple of minor issues in the DLM
  interface code, a missing error path in gfs2_rs_alloc(), one patch
  which fixes a problem during "withdraw" and a fix for discards/FITRIM
  when using 4k sector sized devices."

* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
  GFS2: Issue discards in 512b sectors
  GFS2: Fix unlock of fcntl locks during withdrawn state
  GFS2: return error if malloc failed in gfs2_rs_alloc()
  GFS2: use memchr_inv
  GFS2: use kmalloc for lvb bitmap

9 years agofirmware,IB/qib: revert firmware file move
Mike Marciniszyn [Fri, 5 Apr 2013 18:30:13 +0000 (14:30 -0400)]
firmware,IB/qib: revert firmware file move

Commit e2eed58b4fbf ("IB/qib: change QLogic to Intel") moved a firmware
file potentially breaking the ABI.

This patch reverts that aspect of the fix as well as reverting the
firmware name as used in qib.

Reported-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agonetfilter: remove unneeded variable proc_net_netfilter
Pablo Neira Ayuso [Fri, 5 Apr 2013 17:40:10 +0000 (19:40 +0200)]
netfilter: remove unneeded variable proc_net_netfilter

Now that this supports net namespace for nflog and nfqueue,
we can remove the global proc_net_netfilter which has no
clients anymore.

Based on patch from Gao feng.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue
Gao feng [Sun, 24 Mar 2013 23:50:47 +0000 (23:50 +0000)]
netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue

This patch makes /proc/net/netfilter/nfnetlink_queue pernet.
Moreover, there's a pernet instance table and lock.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: enable per netns support for nf_loggers
Gao feng [Fri, 5 Apr 2013 15:04:35 +0000 (17:04 +0200)]
netfilter: enable per netns support for nf_loggers

After this patch, all nf_loggers support net namespace. Still
xt_LOG and ebt_log require syslog netns support.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: nfnetlink_log: add net namespace support for nfnetlink_log
Gao feng [Sun, 24 Mar 2013 23:50:45 +0000 (23:50 +0000)]
netfilter: nfnetlink_log: add net namespace support for nfnetlink_log

This patch makes /proc/net/netfilter/nfnetlink_log pernet.
Moreover, there's a pernet instance table and lock.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ipt_ULOG: add net namespace support for ipt_ULOG
Gao feng [Sun, 24 Mar 2013 23:50:44 +0000 (23:50 +0000)]
netfilter: ipt_ULOG: add net namespace support for ipt_ULOG

Add pernet support to ipt_ULOG by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).

This patch also make ulog_buffers and netlink socket
nflognl per netns.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ebt_ulog: add net namespace support for ebt_ulog
Gao feng [Sun, 24 Mar 2013 23:50:43 +0000 (23:50 +0000)]
netfilter: ebt_ulog: add net namespace support for ebt_ulog

Add pernet support to ebt_ulog by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).

This patch also make ulog_buffers and netlink socket
ebtulognl per netns.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: xt_LOG: add net namespace support for xt_LOG
Gao feng [Sun, 24 Mar 2013 23:50:42 +0000 (23:50 +0000)]
netfilter: xt_LOG: add net namespace support for xt_LOG

Add pernet support to xt_LOG by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).

Since syslog ns has yet not been implemented, we don't want
the containers to DDOS host's syslogd. So only enable ebt_log
only from init_net and wait for syslog ns support

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: ebt_log: add net namespace support for ebt_log
Gao feng [Sun, 24 Mar 2013 23:50:41 +0000 (23:50 +0000)]
netfilter: ebt_log: add net namespace support for ebt_log

Add pernet support to ebt_log by means of the new nf_log_set
function added in (30e0c6a netfilter: nf_log: prepare net
namespace support for loggers).

Since syslog ns has yet not been implemented, we don't want
the containers to DDOS host's syslogd. So only enable ebt_log
only from init_net and wait for syslog ns support.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: nf_log: prepare net namespace support for loggers
Gao feng [Sun, 24 Mar 2013 23:50:40 +0000 (23:50 +0000)]
netfilter: nf_log: prepare net namespace support for loggers

This patch adds netns support to nf_log and it prepares netns
support for existing loggers. It is composed of four major
changes.

1) nf_log_register has been split to two functions: nf_log_register
   and nf_log_set. The new nf_log_register is used to globally
   register the nf_logger and nf_log_set is used for enabling
   pernet support from nf_loggers.

   Per netns is not yet complete after this patch, it comes in
   separate follow up patches.

2) Add net as a parameter of nf_log_bind_pf. Per netns is not
   yet complete after this patch, it only allows to bind the
   nf_logger to the protocol family from init_net and it skips
   other cases.

3) Adapt all nf_log_packet callers to pass netns as parameter.
   After this patch, this function only works for init_net.

4) Make the sysctl net/netfilter/nf_log pernet.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agonetfilter: make /proc/net/netfilter pernet
Gao feng [Sun, 24 Mar 2013 23:50:39 +0000 (23:50 +0000)]
netfilter: make /proc/net/netfilter pernet

This patch makes this proc dentry pernet. So far only init_net
had a /proc/net/netfilter directory.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 years agoMerge tag 'spi-fix-v3.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie...
Linus Torvalds [Fri, 5 Apr 2013 17:04:41 +0000 (10:04 -0700)]
Merge tag 'spi-fix-v3.9-rc5' of git://git./linux/kernel/git/broonie/misc

Pull spi fixes from Mark Brown:
 "A bunch of small driver fixes plus a fix for error handling in the
  core - nothing too exciting overall."

* tag 'spi-fix-v3.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/misc:
  spi/mpc512x-psc: optionally keep PSC SS asserted across xfer segmensts
  spi: Unlock a spinlock before calling into the controller driver.
  spi/s3c64xx: modified error interrupt handling and init
  spi/bcm63xx: don't disable non enabled clocks in probe error path
  spi/bcm63xx: Remove unused variable
  spi: slink-tegra20: move runtime pm calls to transfer_one_message

9 years agoGFS2: Issue discards in 512b sectors
Bob Peterson [Fri, 22 Mar 2013 14:07:24 +0000 (10:07 -0400)]
GFS2: Issue discards in 512b sectors

This patch changes GFS2's discard issuing code so that it calls
function sb_issue_discard rather than blkdev_issue_discard. The
code was calling blkdev_issue_discard and specifying the correct
sector offset and sector size, but blkdev_issue_discard expects
these values to be in terms of 512 byte sectors, even if the native
sector size for the device is different. Calling sb_issue_discard
with the BLOCK size instead ensures the correct block-to-512b-sector
translation. I verified that "minlen" is specified in blocks, so
comparing it to a number of blocks is correct.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
9 years agoRevert "drivers/rtc/rtc-at91rm9200.c: use a variable for storing IMR"
Johan Hovold [Fri, 5 Apr 2013 16:16:34 +0000 (18:16 +0200)]
Revert "drivers/rtc/rtc-at91rm9200.c: use a variable for storing IMR"

This reverts commit 0ef1594c017521ea89278e80fe3f80dafb17abde.

This patch introduced a few races which cannot be easily fixed with a
small follow-up patch. Furthermore, the SoC with the broken hardware
register, which this patch intended to add support for, can only be used
with device trees, which this driver currently does not support.

[ Here is the discussion that led to this "revert" patch:
  https://lkml.org/lkml/2013/4/3/176 ]

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>