path: root/net
AgeCommit message (Collapse)AuthorFilesLines
2013-01-14Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds17-115/+237
Pull networking fixes from David Miller: 1) Fix regression allowing IP_TTL setting of zero, fix from Cong Wang. 2) Fix leak regressions in tunap, from Jason Wang. 3) be2net driver always returns IRQ_HANDLED in INTx handler, fix from Sathya Perla. 4) qlge doesn't really support NETIF_F_TSO6, don't set that flag. Fix from Amerigo Wang. 5) Add 802.11ad Atheros wil6210 driver, from Vladimir Kondratiev. 6) Fix MTU calculations in mac80211 layer, from T Krishna Chaitanya. 7) Station info layer of mac80211 needs to use del_timer_sync(), from Johannes Berg. 8) tcp_read_sock() can loop forever, because we don't immediately stop when recv_actor() returns zero. Fix from Eric Dumazet. 9) Fix WARN_ON() in tcp_cleanup_rbuf(). We have to use sk_eat_skb() in tcp_recv_skb() to handle the case where a large GRO packet is split up while it is use by a splice() operation. Fix also from Eric Dumazet. 10) addrconf_get_prefix_route() in ipv6 tests flags incorrectly, it does: if (X && (p->flags & Y) != 0) when it really meant to go: if (X && (p->flags & X) != 0) fix from Romain Kuntz. 11) Fix lost Kconfig dependency for bfin_mac driver hardware timestamping. From Lars-Peter Clausen. 12) Fix regression in handling of RST without ACK in TCP, from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (37 commits) be2net: fix unconditionally returning IRQ_HANDLED in INTx tuntap: fix leaking reference count tuntap: forbid calling TUNSETIFF when detached tuntap: switch to use rtnl_dereference() net, wireless: overwrite default_ethtool_ops qlge: remove NETIF_F_TSO6 flag tcp: accept RST without ACK flag net: ethernet: xilinx: Do not use NO_IRQ in axienet net: ethernet: xilinx: Do not use axienet on PPC bnx2x: Allow management traffic after boot from SAN bnx2x: Fix fastpath structures when memory allocation fails bfin_mac: Restore hardware time-stamping dependency on BF518 tun: avoid owner checks on IFF_ATTACH_QUEUE bnx2x: move debugging code before the return tuntap: refuse to re-attach to different tun_struct ipv6: use addrconf_get_prefix_route for prefix route lookup [v2] ipv6: fix the noflags test in addrconf_get_prefix_route tcp: fix splice() and tcp collapsing interaction tcp: splice: fix an infinite loop in tcp_read_sock() net: prevent setting ttl=0 via IP_TTL ...
2013-01-11net, wireless: overwrite default_ethtool_opsStanislaw Gruszka2-2/+9
Since: commit 2c60db037034d27f8c636403355d52872da92f81 Author: Eric Dumazet <edumazet@google.com> Date: Sun Sep 16 09:17:26 2012 +0000 net: provide a default dev->ethtool_ops wireless core does not correctly assign ethtool_ops. After alloc_netdev*() call, some cfg80211 drivers provide they own ethtool_ops, but some do not. For them, wireless core provide generic cfg80211_ethtool_ops, which is assigned in NETDEV_REGISTER notify call: if (!dev->ethtool_ops) dev->ethtool_ops = &cfg80211_ethtool_ops; But after Eric's commit, dev->ethtool_ops is no longer NULL (on cfg80211 drivers without custom ethtool_ops), but points to &default_ethtool_ops. In order to fix the problem, provide function which will overwrite default_ethtool_ops and use it by wireless core. Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-11Merge tag 'nfs-for-3.8-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds2-4/+11
Pull NFS client bugfix from Trond Myklebust: - Fix a socket lock leak in net/sunrpc/xprt.c * tag 'nfs-for-3.8-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: SUNRPC: Ensure we release the socket write lock if the rpc_task exits early
2013-01-10tcp: accept RST without ACK flagEric Dumazet1-2/+2
commit c3ae62af8e755 (tcp: should drop incoming frames without ACK flag set) added a regression on the handling of RST messages. RST should be allowed to come even without ACK bit set. We validate the RST by checking the exact sequence, as requested by RFC 793 and 5961 3.2, in tcp_validate_incoming() Reported-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Tested-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-10nfs: fix sunrpc/clnt.c kernel-doc warningsRandy Dunlap1-1/+1
Fix new kernel-doc warnings in clnt.c: Warning(net/sunrpc/clnt.c:561): No description found for parameter 'flavor' Warning(net/sunrpc/clnt.c:561): Excess function parameter 'auth' description in 'rpc_clone_client_set_auth' Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: linux-nfs@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-10ipv6: use addrconf_get_prefix_route for prefix route lookup [v2]Romain Kuntz1-14/+11
Replace ip6_route_lookup() with addrconf_get_prefix_route() when looking up for a prefix route. This ensures that the connected prefix is looked up in the main table, and avoids the selection of other matching routes located in different tables as well as blackhole or prohibited entries. In addition, this fixes an Opps introduced by commit 64c6d08e (ipv6: del unreachable route when an addr is deleted on lo), that would occur when a blackhole or prohibited entry is selected by ip6_route_lookup(). Such entries have a NULL rt6i_table argument, which is accessed by __ip6_del_rt() when trying to lock rt6i_table->tb6_lock. The function addrconf_is_prefix_route() is not used anymore and is removed. [v2] Minor indentation cleanup and log updates. Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-10ipv6: fix the noflags test in addrconf_get_prefix_routeRomain Kuntz1-1/+1
The tests on the flags in addrconf_get_prefix_route() does no make much sense: the 'noflags' parameter contains the set of flags that must not match with the route flags, so the test must be done against 'noflags', and not against 'flags'. Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-10tcp: fix splice() and tcp collapsing interactionEric Dumazet1-3/+10
Under unusual circumstances, TCP collapse can split a big GRO TCP packet while its being used in a splice(socket->pipe) operation. skb_splice_bits() releases the socket lock before calling splice_to_pipe(). [ 1081.353685] WARNING: at net/ipv4/tcp.c:1330 tcp_cleanup_rbuf+0x4d/0xfc() [ 1081.371956] Hardware name: System x3690 X5 -[7148Z68]- [ 1081.391820] cleanup rbuf bug: copied AD3BCF1 seq AD370AF rcvnxt AD3CF13 To fix this problem, we must eat skbs in tcp_recv_skb(). Remove the inline keyword from tcp_recv_skb() definition since it has three call sites. Reported-by: Christian Becker <c.becker@traviangames.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-10tcp: splice: fix an infinite loop in tcp_read_sock()Eric Dumazet1-1/+1
commit 02275a2ee7c0 (tcp: don't abort splice() after small transfers) added a regression. [ 83.843570] INFO: rcu_sched self-detected stall on CPU [ 83.844575] INFO: rcu_sched detected stalls on CPUs/tasks: { 6} (detected by 0, t=21002 jiffies, g=4457, c=4456, q=13132) [ 83.844582] Task dump for CPU 6: [ 83.844584] netperf R running task 0 8966 8952 0x0000000c [ 83.844587] 0000000000000000 0000000000000006 0000000000006c6c 0000000000000000 [ 83.844589] 000000000000006c 0000000000000096 ffffffff819ce2bc ffffffffffffff10 [ 83.844592] ffffffff81088679 0000000000000010 0000000000000246 ffff880c4b9ddcd8 [ 83.844594] Call Trace: [ 83.844596] [<ffffffff81088679>] ? vprintk_emit+0x1c9/0x4c0 [ 83.844601] [<ffffffff815ad449>] ? schedule+0x29/0x70 [ 83.844606] [<ffffffff81537bd2>] ? tcp_splice_data_recv+0x42/0x50 [ 83.844610] [<ffffffff8153beaa>] ? tcp_read_sock+0xda/0x260 [ 83.844613] [<ffffffff81537b90>] ? tcp_prequeue_process+0xb0/0xb0 [ 83.844615] [<ffffffff8153c0f0>] ? tcp_splice_read+0xc0/0x250 [ 83.844618] [<ffffffff814dc0c2>] ? sock_splice_read+0x22/0x30 [ 83.844622] [<ffffffff811b820b>] ? do_splice_to+0x7b/0xa0 [ 83.844627] [<ffffffff811ba4bc>] ? sys_splice+0x59c/0x5d0 [ 83.844630] [<ffffffff8119745b>] ? putname+0x2b/0x40 [ 83.844633] [<ffffffff8118bcb4>] ? do_sys_open+0x174/0x1e0 [ 83.844636] [<ffffffff815b6202>] ? system_call_fastpath+0x16/0x1b if recv_actor() returns 0, we should stop immediately, because looping wont give a chance to drain the pipe. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-10Merge branch 'for-linus' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 patches from Martin Schwidefsky: "Add the finit_module system call, fix the irq statistics in /proc/stat, fix a s390dbf lockdep problem, a patch revert for a problem that is not 100% understood yet, and a few patches to fix warnings." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/pci: define read*_relaxed functions s390/topology: export cpu_topology s390/pm: export pm_power_off s390/pci: define isa_dma_bridge_buggy s390/3215: partially revert tty close handling fix s390/irq: count cpu restart events s390/irq: remove split irq fields from /proc/stat s390/irq: enable irq sum accounting for /proc/stat again s390/syscalls: wire up finit_module syscall s390/pci: remove dead code s390/smp: fix section mismatch for smp_add_present_cpu() s390/debug: Fix s390dbf lockdep problem in debug_(un)register_view()
2013-01-09Merge branch 'master' of ↵John W. Linville11-91/+202
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
2013-01-08net: prevent setting ttl=0 via IP_TTLCong Wang1-1/+1
A regression is introduced by the following commit: commit 4d52cfbef6266092d535237ba5a4b981458ab171 Author: Eric Dumazet <eric.dumazet@gmail.com> Date: Tue Jun 2 00:42:16 2009 -0700 net: ipv4/ip_sockglue.c cleanups Pure cleanups but it is not a pure cleanup... - if (val != -1 && (val < 1 || val>255)) + if (val != -1 && (val < 0 || val > 255)) Since there is no reason provided to allow ttl=0, change it back. Reported-by: nitin padalia <padalia.nitin@gmail.com> Cc: nitin padalia <padalia.nitin@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-08SUNRPC: Ensure we release the socket write lock if the rpc_task exits earlyTrond Myklebust2-4/+11
If the rpc_task exits while holding the socket write lock before it has allocated an rpc slot, then the usual mechanism for releasing the write lock in xprt_release() is defeated. The problem occurs if the call to xprt_lock_write() initially fails, so that the rpc_task is put on the xprt->sending wait queue. If the task exits after being assigned the lock by __xprt_lock_write_func, but before it has retried the call to xprt_lock_and_alloc_slot(), then it calls xprt_release() while holding the write lock, but will immediately exit due to the test for task->tk_rqstp != NULL. Reported-by: Chris Perl <chris.perl@gmail.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@vger.kernel.org [>= 3.1]
2013-01-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds20-68/+221
Pull networking fixes from David Miller: 1) New sysctl ndisc_notify needs some documentation, from Hanns Frederic Sowa. 2) Netfilter REJECT target doesn't set transport header of SKB correctly, from Mukund Jampala. 3) Forcedeth driver needs to check for DMA mapping failures, from Larry Finger. 4) brcmsmac driver can't use usleep_range while holding locks, use udelay instead. From Niels Ole Salscheider. 5) Fix unregister of netlink bridge multicast database handlers, from Vlad Yasevich and Rami Rosen. 6) Fix checksum calculations in netfilter's ipv6 network prefix translation module. 7) Fix high order page allocation failures in netfilter xt_recent, from Eric Dumazet. 8) mac802154 needs to use netif_rx_ni() instead of netif_rx() because mac802154_process_data() can execute in process rather than interrupt context. From Alexander Aring. 9) Fix splice handling of MSG_SENDPAGE_NOTLAST, otherwise we elide one tcp_push() too many. From Eric Dumazet and Willy Tarreau. 10) Fix skb->truesize tracking in XEN netfront driver, from Ian Campbell. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits) xen/netfront: improve truesize tracking ipv4: fix NULL checking in devinet_ioctl() tcp: fix MSG_SENDPAGE_NOTLAST logic net/ipv4/ipconfig: really display the BOOTP/DHCP server's address. ip-sysctl: fix spelling errors mac802154: fix NOHZ local_softirq_pending 08 warning ipv6: document ndisc_notify in networking/ip-sysctl.txt ath9k: Fix Kconfig for ATH9K_HTC netfilter: xt_recent: avoid high order page allocations netfilter: fix missing dependencies for the NOTRACK target netfilter: ip6t_NPT: fix IPv6 NTP checksum calculation bridge: add empty br_mdb_init() and br_mdb_uninit() definitions. vxlan: allow live mac address change bridge: Correctly unregister MDB rtnetlink handlers brcmfmac: fix parsing rsn ie for ap mode. brcmsmac: add copyright information for Canonical rtlwifi: rtl8723ae: Fix warning for unchecked pci_map_single() call rtlwifi: rtl8192se: Fix warning for unchecked pci_map_single() call rtlwifi: rtl8192de: Fix warning for unchecked pci_map_single() call rtlwifi: rtl8192ce: Fix warning for unchecked pci_map_single() call ...
2013-01-08s390/irq: remove split irq fields from /proc/statHeiko Carstens1-1/+1
Now that irq sum accounting for /proc/stat's "intr" line works again we have the oddity that the sum field (first field) contains only the sum of the second (external irqs) and third field (I/O interrupts). The reason for that is that these two fields are already sums of all other fields. So if we would sum up everything we would count every interrupt twice. This is broken since the split interrupt accounting was merged two years ago: 052ff461c8427629aee887ccc27478fc7373237c "[S390] irq: have detailed statistics for interrupt types". To fix this remove the split interrupt fields from /proc/stat's "intr" line again and only have them in /proc/interrupts. This restores the old behaviour, seems to be the only sane fix and mimics a behaviour from other architectures where /proc/interrupts also contains more than /proc/stat's "intr" line does. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2013-01-07Merge branch 'master' of git://1984.lsi.us.es/nfDavid S. Miller3-31/+28
Pablo Neira Ayuso says: ==================== The following batch contains Netfilter fixes for 3.8-rc2, they are: * Fix IPv6 stateless network/port translation (NPT) checksum calculation, from Ulrich Weber. * Fix for xt_recent to avoid memory allocation failures if large hashtables are used, from Eric Dumazet. * Fix missing dependencies in Kconfig for the deprecated NOTRACK, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-07sctp: fix Kconfig bug in default cookie hmac selectionAlex Elder1-1/+1
Commit 0d0863b02002 ("sctp: Change defaults on cookie hmac selection") added a "choice" to the sctp Kconfig file. It introduced a bug which led to an infinite loop when while running "make oldconfig". The problem is that the wrong symbol was defined as the default value for the choice. Using the correct value gets rid of the infinite loop. Note: if CONFIG_SCTP_COOKIE_HMAC_SHA1=y was present in the input config file, both that and CONFIG_SCTP_COOKIE_HMAC_MD5=y be present in the generated config file. Signed-off-by: Alex Elder <elder@inktank.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-06ipv4: fix NULL checking in devinet_ioctl()Xi Wang1-1/+1
The NULL pointer check `!ifa' should come before its first use. [ Bug origin : commit fd23c3b31107e2fc483301ee923d8a1db14e53f4 (ipv4: Add hash table of interface addresses) in linux-2.6.39 ] Signed-off-by: Xi Wang <xi.wang@gmail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-04net/ipv4/ipconfig: really display the BOOTP/DHCP server's address.Philippe De Muyter1-2/+6
Up to now, the debug and info messages from the ipconfig subsytem claim to display the IP address of the DHCP/BOOTP server but display instead the IP address of the bootserver. Fix that. Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-04mac802154: fix NOHZ local_softirq_pending 08 warningAlexander Aring1-1/+1
When using nanosleep() in an userspace application we get a ratelimit warning NOHZ: local_softirq_pending 08 for 10 times. This patch replaces netif_rx() with netif_rx_ni() which has to be used from process/softirq context. The process/softirq context will be called from fakelb driver. See linux-kernel commit 481a819 for similar fix. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-04netfilter: xt_recent: avoid high order page allocationsEric Dumazet1-5/+18
xt_recent can try high order page allocations and this can fail. iptables: page allocation failure: order:9, mode:0xc0d0 It also wastes about half the allocated space because of kmalloc() power-of-two roundups and struct recent_table layout. Use vmalloc() instead to save space and be less prone to allocation errors when memory is fragmented. Reported-by: Miroslav Kratochvil <exa.exa@gmail.com> Reported-by: Dave Jones <davej@redhat.com> Reported-by: Harald Reindl <h.reindl@thelounge.net> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-01-04netfilter: fix missing dependencies for the NOTRACK targetPablo Neira Ayuso1-0/+3
warning: (NETFILTER_XT_TARGET_NOTRACK) selects NETFILTER_XT_TARGET_CT which has unmet direct +dependencies (NET && INET && NETFILTER && NETFILTER_XTABLES && NF_CONNTRACK && (IP_NF_RAW || +IP6_NF_RAW) && NETFILTER_ADVANCED) Reported-by: Randy Dunlap <rdunlap@infradead.org> Reported-by: kbuild test robot <fengguang.wu@intel.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-01-04netfilter: ip6t_NPT: fix IPv6 NTP checksum calculationUlrich Weber1-26/+7
csum16_add() has a broken carry detection, should be: sum += sum < (__force u16)b; Instead of fixing csum16_add, remove the custom checksum functions and use the generic csum_add/csum_sub ones. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-01-04SUNRPC: Partial revert of commit 168e4b39d1afb79a7e3ea6c3bb246b4c82c6bdb9Trond Myklebust1-5/+0
Partially revert commit (SUNRPC: add WARN_ON_ONCE for potential deadlock). The looping behaviour has been tracked down to a knownn issue with workqueues, and a workaround has now been implemented. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Weston Andros Adamson <dros@netapp.com> Cc: Tejun Heo <tj@kernel.org> Cc: Bruce Fields <bfields@fieldses.org> Cc: stable@vger.kernel.org [>= 3.7]
2013-01-04SUNRPC: Ensure that we free the rpc_task after cleanups are doneTrond Myklebust1-4/+23
This patch ensures that we free the rpc_task after the cleanup callbacks are done in order to avoid a deadlock problem that can be triggered if the callback needs to wait for another workqueue item to complete. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: Weston Andros Adamson <dros@netapp.com> Cc: Tejun Heo <tj@kernel.org> Cc: Bruce Fields <bfields@fieldses.org> Cc: stable@vger.kernel.org
2013-01-03mac80211: fix maximum MTUChaitanya1-10/+1
The maximum MTU shouldn't take the headers into account, the maximum MSDU size is exactly the maximum MTU. Signed-off-by: T Krishna Chaitanya <chaitanyatk@posedge.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: fix dtim_period in hidden SSID AP associationJohannes Berg3-37/+55
When AP's SSID is hidden the BSS can appear several times in cfg80211's BSS list: once with a zero-length SSID that comes from the beacon, and once for each SSID from probe reponses. Since the mac80211 stores its data in ieee80211_bss which is embedded into cfg80211_bss, mac80211's data will be duplicated too. This becomes a problem when a driver needs the dtim_period since this data exists only in the beacon's instance in cfg80211 bss table which isn't the instance that is used when associating. Remove the DTIM period from the BSS table and track it explicitly to avoid this problem. Cc: stable@vger.kernel.org Tested-by: Efi Tubul <efi.tubul@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: use del_timer_sync for final sta cleanup timer deletionJohannes Berg1-1/+1
This is a very old bug, but there's nothing that prevents the timer from running while the module is being removed when we only do del_timer() instead of del_timer_sync(). The timer should normally not be running at this point, but it's not clearly impossible (or we could just remove this.) Cc: stable@vger.kernel.org Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: fix station destruction in AP/mesh modesJohannes Berg4-17/+62
Unfortunately, commit b22cfcfcae5b, intended to speed up roaming by avoiding the synchronize_rcu() broke AP/mesh modes as it moved some code into that work item that will still call into the driver at a time where it's no longer expected to handle this: after the AP or mesh has been stopped. To fix this problem remove the per-station work struct, maintain a station cleanup list instead and flush this list when stations are flushed. To keep this patch smaller for stable, do this when the stations are flushed (sta_info_flush()). This unfortunately brings back the original roaming delay; I'll fix that again in a separate patch. Also, Ben reported that the original commit could sometimes (with many interfaces) cause long delays when an interface is set down, due to blocking on flush_workqueue(). Since we now maintain the cleanup list, this particular change of the original patch can be reverted. Cc: stable@vger.kernel.org [3.7] Reported-by: Ben Greear <greearb@candelatech.com> Tested-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: RMC buckets are just list headsThomas Pedersen2-5/+5
The array of rmc_entrys is redundant since only the list_head is used. Make this an array of list_heads instead and save ~6k per vif at runtime :D Signed-off-by: Thomas Pedersen <thomas@cozybit.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: assign VLAN channel contextsJohannes Berg3-3/+45
Make AP_VLAN type interfaces track the AP master channel context so they have one assigned for the various lookups. Don't give them their own refcount etc. since they're just slaves to the AP master. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: flush AP_VLAN stations when tearing down the BSS APFelix Fietkau1-0/+2
Signed-off-by: Felix Fietkau <nbd@openwrt.org> [change to flush stations with AP flush in second loop] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03mac80211: fix ibss scanningStanislaw Gruszka3-18/+31
Do not scan on no-IBSS and disabled channels in IBSS mode. Doing this can trigger Microcode errors on iwlwifi and iwlegacy drivers. Also rename ieee80211_request_internal_scan() function since it is only used in IBSS mode and simplify calling it from ieee80211_sta_find_ibss(). This patch should address: https://bugzilla.redhat.com/show_bug.cgi?id=883414 https://bugzilla.kernel.org/show_bug.cgi?id=49411 Reported-by: Jesse Kahtava <jesse_kahtava@f-m.fm> Reported-by: Mikko Rapeli <mikko.rapeli@iki.fi> Cc: stable@vger.kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-01-03bridge: add empty br_mdb_init() and br_mdb_uninit() definitions.Rami Rosen1-0/+6
This patch adds empty br_mdb_init() and br_mdb_uninit() definitions in br_private.h to avoid build failure when CONFIG_BRIDGE_IGMP_SNOOPING is not set. These methods were moved from br_multicast.c to br_netlink.c by commit 3ec8e9f085bcaef0de1077f555c2c5102c223390 Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-03bridge: Correctly unregister MDB rtnetlink handlersVlad Yasevich2-3/+12
Commit 63233159fd4e596568f5f168ecb0879b61631d47: bridge: Do not unregister all PF_BRIDGE rtnl operations introduced a bug where a removal of a single bridge from a multi-bridge system would remove MDB netlink handlers. The handlers should only be removed once all bridges are gone, but since we don't keep track of the number of bridge interfaces, it's simpler to do it when the bridge module is unloaded. To make it consistent, move the registration code into module initialization code path. Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-02Merge branch 'for-linus' of ↵Linus Torvalds2-28/+29
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client Pull Ceph fixes from Sage Weil: "Two of Alex's patches deal with a race when reseting server connections for open RBD images, one demotes some non-fatal BUGs to WARNs, and my patch fixes a protocol feature bit failure path." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: libceph: fix protocol feature mismatch failure path libceph: WARN, don't BUG on unexpected connection states libceph: always reset osds when kicking libceph: move linger requests sooner in kick_requests()
2012-12-28Merge branch 'master' of git://1984.lsi.us.es/nfDavid S. Miller13-30/+167
Pablo Neira Ayuso says: ==================== The following batch contains Netfilter fixes for 3.8-rc1. They are a mixture of old bugs that have passed unnoticed (I'll pass these to stable) and more fresh ones from the previous merge window, they are: * Fix for MAC address in 6in4 tunnels via NFLOG that results in ulogd showing up wrong address, from Bob Hockney. * Fix a comment in nf_conntrack_ipv6, from Florent Fourcot. * Fix a leak an error path in ctnetlink while creating an expectation, from Jesper Juhl. * Fix missing ICMP time exceeded in the IPv6 defragmentation code, from Haibo Xi. * Fix inconsistent handling of routing changes in MASQUERADE for the new connections case, from Andrew Collins. * Fix a missing skb_reset_transport in ip[6]t_REJECT that leads to crashes in the ixgbe driver (since it seems to access the transport header with TSO enabled), from Mukund Jampala. * Recover obsoleted NOTRACK target by including it into the CT and spot a warning via printk about being obsoleted. Many people don't check the scheduled to be removal file under Documentation, so we follow some less agressive approach to kill this in a year or so. Spotted by Florian Westphal, patch from myself. * Fix race condition in xt_hashlimit that allows to create two or more entries, from myself. * Fix crash if the CT is used due to the recently added facilities to consult the dying and unconfirmed conntrack lists, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-27libceph: fix protocol feature mismatch failure pathSage Weil1-10/+4
We should not set con->state to CLOSED here; that happens in ceph_fault() in the caller, where it first asserts that the state is not yet CLOSED. Avoids a BUG when the features don't match. Since the fail_protocol() has become a trivial wrapper, replace calls to it with direct calls to reset_connection(). Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Alex Elder <elder@inktank.com>
2012-12-27libceph: WARN, don't BUG on unexpected connection statesAlex Elder1-6/+5
A number of assertions in the ceph messenger are implemented with BUG_ON(), killing the system if connection's state doesn't match what's expected. At this point our state model is (evidently) not well understood enough for these assertions to trigger a BUG(). Convert all BUG_ON(con->state...) calls to be WARN_ON(con->state...) so we learn about these issues without killing the machine. We now recognize that a connection fault can occur due to a socket closure at any time, regardless of the state of the connection. So there is really nothing we can assert about the state of the connection at that point so eliminate that assertion. Reported-by: Ugis <ugis22@gmail.com> Tested-by: Ugis <ugis22@gmail.com> Signed-off-by: Alex Elder <elder@inktank.com> Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-27libceph: always reset osds when kickingAlex Elder1-2/+2
When ceph_osdc_handle_map() is called to process a new osd map, kick_requests() is called to ensure all affected requests are updated if necessary to reflect changes in the osd map. This happens in two cases: whenever an incremental map update is processed; and when a full map update (or the last one if there is more than one) gets processed. In the former case, the kick_requests() call is followed immediately by a call to reset_changed_osds() to ensure any connections to osds affected by the map change are reset. But for full map updates this isn't done. Both cases should be doing this osd reset. Rather than duplicating the reset_changed_osds() call, move it into the end of kick_requests(). Signed-off-by: Alex Elder <elder@inktank.com> Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-27libceph: move linger requests sooner in kick_requests()Alex Elder1-11/+19
The kick_requests() function is called by ceph_osdc_handle_map() when an osd map change has been indicated. Its purpose is to re-queue any request whose target osd is different from what it was when it was originally sent. It is structured as two loops, one for incomplete but registered requests, and a second for handling completed linger requests. As a special case, in the first loop if a request marked to linger has not yet completed, it is moved from the request list to the linger list. This is as a quick and dirty way to have the second loop handle sending the request along with all the other linger requests. Because of the way it's done now, however, this quick and dirty solution can result in these incomplete linger requests never getting re-sent as desired. The problem lies in the fact that the second loop only arranges for a linger request to be sent if it appears its target osd has changed. This is the proper handling for *completed* linger requests (it avoids issuing the same linger request twice to the same osd). But although the linger requests added to the list in the first loop may have been sent, they have not yet completed, so they need to be re-sent regardless of whether their target osd has changed. The first required fix is we need to avoid calling __map_request() on any incomplete linger request. Otherwise the subsequent __map_request() call in the second loop will find the target osd has not changed and will therefore not re-send the request. Second, we need to be sure that a sent but incomplete linger request gets re-sent. If the target osd is the same with the new osd map as it was when the request was originally sent, this won't happen. This can be fixed through careful handling when we move these requests from the request list to the linger list, by unregistering the request *before* it is registered as a linger request. This works because a side-effect of unregistering the request is to make the request's r_osd pointer be NULL, and *that* will ensure the second loop actually re-sends the linger request. Processing of such a request is done at that point, so continue with the next one once it's been moved. Signed-off-by: Alex Elder <elder@inktank.com> Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-26ipv6/ip6_gre: set transport header correctlyIsaku Yamahata1-2/+1
ip6gre_xmit2() incorrectly sets transport header to inner payload instead of GRE header. It seems copy-and-pasted from ipip.c. Set transport header to gre header. (In ipip case the transport header is the inner ip header, so that's correct.) Found by inspection. In practice the incorrect transport header doesn't matter because the skb usually is sent to another net_device or socket, so the transport header isn't referenced. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26ipv4/ip_gre: set transport header correctly to gre headerIsaku Yamahata1-1/+1
ipgre_tunnel_xmit() incorrectly sets transport header to inner payload instead of GRE header. It seems copy-and-pasted from ipip.c. So set transport header to gre header. (In ipip case the transport header is the inner ip header, so that's correct.) Found by inspection. In practice the incorrect transport header doesn't matter because the skb usually is sent to another net_device or socket, so the transport header isn't referenced. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26IB/rds: suppress incompatible protocol when version is knownMarciniszyn, Mike1-6/+5
Add an else to only print the incompatible protocol message when version hasn't been established. Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26IB/rds: Correct ib_api use with gs_dma_address/sg_dma_lenMarciniszyn, Mike1-3/+6
0b088e00 ("RDS: Use page_remainder_alloc() for recv bufs") added uses of sg_dma_len() and sg_dma_address(). This makes RDS DOA with the qib driver. IB ulps should use ib_sg_dma_len() and ib_sg_dma_address respectively since some HCAs overload ib_sg_dma* operations. Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26tcp: should drop incoming frames without ACK flag setEric Dumazet1-4/+10
In commit 96e0bf4b5193d (tcp: Discard segments that ack data not yet sent) John Dykstra enforced a check against ack sequences. In commit 354e4aa391ed5 (tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation) I added more safety tests. But we missed fact that these tests are not performed if ACK bit is not set. RFC 793 3.9 mandates TCP should drop a frame without ACK flag set. " fifth check the ACK field, if the ACK bit is off drop the segment and return" Not doing so permits an attacker to only guess an acceptable sequence number, evading stronger checks. Many thanks to Zhiyun Qian for bringing this issue to our attention. See : http://web.eecs.umich.edu/~zhiyunq/pub/ccs12_TCP_sequence_number_inference.pdf Reported-by: Zhiyun Qian <zhiyunq@umich.edu> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Nandita Dukkipati <nanditad@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: John Dykstra <john.dykstra1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26batman-adv: fix random jitter calculationAkinobu Mita1-1/+1
batadv_iv_ogm_emit_send_time() attempts to calculates a random integer in the range of 'orig_interval +- BATADV_JITTER' by the below lines. msecs = atomic_read(&bat_priv->orig_interval) - BATADV_JITTER; msecs += (random32() % 2 * BATADV_JITTER); But it actually gets 'orig_interval' or 'orig_interval - BATADV_JITTER' because '%' and '*' have same precedence and associativity is left-to-right. This adds the parentheses at the appropriate position so that it matches original intension. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Antonio Quartulli <ordex@autistici.org> Cc: Marek Lindner <lindner_marek@yahoo.de> Cc: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Cc: Antonio Quartulli <ordex@autistici.org> Cc: b.a.t.m.a.n@lists.open-mesh.org Cc: "David S. Miller" <davem@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26netfilter: ctnetlink: fix leak in error path of ctnetlink_create_expectJesper Juhl1-1/+1
This patch fixes a leak in one of the error paths of ctnetlink_create_expect if no helper and no timeout is specified. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-12-26netfilter: xt_hashlimit: fix namespace destroy pathVitaly E. Lavrov1-4/+25
recent_net_exit() is called before recent_mt_destroy() in the destroy path of network namespaces. Make sure there are no entries in the parent proc entry xt_recent before removing it. Signed-off-by: Vitaly E. Lavrov <lve@guap.ru> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-12-26netfilter: xt_recent: fix namespace destroy pathVitaly E. Lavrov1-4/+16
recent_net_exit() is called before recent_mt_destroy() in the destroy path of network namespaces. Make sure there are no entries in the parent proc entry xt_recent before removing it. Signed-off-by: Vitaly E. Lavrov <lve@guap.ru> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>