Commit Graph

349069 Commits

Author SHA1 Message Date
Jesper Dangaard Brouer
c2a936600f net: increase fragment memory usage limits
Increase the amount of memory usage limits for incomplete
IP fragments.

Arguing for new thresh high/low values:

 High threshold = 4 MBytes
 Low  threshold = 3 MBytes

The fragmentation memory accounting code, tries to account for the
real memory usage, by measuring both the size of frag queue struct
(inet_frag_queue (ipv4:ipq/ipv6:frag_queue)) and the SKB's truesize.

We want to be able to handle/hold-on-to enough fragments, to ensure
good performance, without causing incomplete fragments to hurt
scalability, by causing the number of inet_frag_queue to grow too much
(resulting longer searches for frag queues).

For IPv4, how much memory does the largest frag consume.

Maximum size fragment is 64K, which is approx 44 fragments with
MTU(1500) sized packets. Sizeof(struct ipq) is 200.  A 1500 byte
packet results in a truesize of 2944 (not 2048 as I first assumed)

  (44*2944)+200 = 129736 bytes

The current default high thresh of 262144 bytes, is obviously
problematic, as only two 64K fragments can fit in the queue at the
same time.

How many 64K fragment can we fit into 4 MBytes:

  4*2^20/((44*2944)+200) = 32.34 fragment in queues

An attacker could send a separate/distinct fake fragment packets per
queue, causing us to allocate one inet_frag_queue per packet, and thus
attacking the hash table and its lists.

How many frag queue do we need to store, and given a current hash size
of 64, what is the average list length.

Using one MTU sized fragment per inet_frag_queue, each consuming
(2944+200) 3144 bytes.

  4*2^20/(2944+200) = 1334 frag queues -> 21 avg list length

An attack could send small fragments, the smallest packet I could send
resulted in a truesize of 896 bytes (I'm a little surprised by this).

  4*2^20/(896+200)  = 3827 frag queues -> 59 avg list length

When increasing these number, we also need to followup with
improvements, that is going to help scalability.  Simply increasing
the hash size, is not enough as the current implementation does not
have a per hash bucket locking.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-17 14:29:53 -05:00
Vincent Bernat
d59577b6ff sk-filter: Add ability to lock a socket filter program
While a privileged program can open a raw socket, attach some
restrictive filter and drop its privileges (or send the socket to an
unprivileged program through some Unix socket), the filter can still
be removed or modified by the unprivileged program. This commit adds a
socket option to lock the filter (SO_LOCK_FILTER) preventing any
modification of a socket filter program.

This is similar to OpenBSD BIOCLOCK ioctl on bpf sockets, except even
root is not allowed change/drop the filter.

The state of the lock can be read with getsockopt(). No error is
triggered if the state is not changed. -EPERM is returned when a user
tries to remove the lock or to change/remove the filter while the lock
is active. The check is done directly in sk_attach_filter() and
sk_detach_filter() and does not affect only setsockopt() syscall.

Signed-off-by: Vincent Bernat <bernat@luffy.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-17 03:21:25 -05:00
Cong Wang
5bd30d3987 netpoll: fix a missing dev refcounting
__dev_get_by_name() doesn't refcount the network device,
so we have to do this by ourselves. Noticed by Eric.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 23:33:06 -05:00
YOSHIFUJI Hideaki
07f623d3b2 ipv6: Fix endianess warning in ip6_flow_hdr().
Commit 3e4e4c1f ("ipv6: Introduce ip6_flow_hdr() to fill version,
tclass and flowlabel.) uses ntohl(), which should be htonl().

Found by Fengguang Wu <fengguang.wu@intel.com>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 22:12:36 -05:00
Timo Teräs
9fba0812c1 r8169: remove unneeded dirty_rx index
After commit 6f0333b ("r8169: use 50% less ram for RX ring") the rx
ring buffers are always copied making dirty_rx useless.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 18:02:09 -05:00
Cong Wang
f92d318023 netpoll: fix a rtnl lock assertion failure
v4: hold rtnl lock for the whole netpoll_setup()
v3: remove the comment
v2: use RCU read lock

This patch fixes the following warning:

[   72.013864] RTNL: assertion failed at net/core/dev.c (4955)
[   72.017758] Pid: 668, comm: netpoll-prep-v6 Not tainted 3.8.0-rc1+ #474
[   72.019582] Call Trace:
[   72.020295]  [<ffffffff8176653d>] netdev_master_upper_dev_get+0x35/0x58
[   72.022545]  [<ffffffff81784edd>] netpoll_setup+0x61/0x340
[   72.024846]  [<ffffffff815d837e>] store_enabled+0x82/0xc3
[   72.027466]  [<ffffffff815d7e51>] netconsole_target_attr_store+0x35/0x37
[   72.029348]  [<ffffffff811c3479>] configfs_write_file+0xe2/0x10c
[   72.030959]  [<ffffffff8115d239>] vfs_write+0xaf/0xf6
[   72.032359]  [<ffffffff81978a05>] ? sysret_check+0x22/0x5d
[   72.033824]  [<ffffffff8115d453>] sys_write+0x5c/0x84
[   72.035328]  [<ffffffff819789d9>] system_call_fastpath+0x16/0x1b

In case of other races, hold rtnl lock for the entire netpoll_setup() function.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 15:26:03 -05:00
Stephen Hemminger
7db11f7596 vmxnet3: better RSS support
The VMXNET3 device provides RSS hash value for received packets,
but it is not being used.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:53 -05:00
Stephen Hemminger
66d3591036 vmxnet3: use static RSS key
Rather than generating a different RSS key on each boot, just use
a predetermined value that will map same flow to same value on
every device for more predictable testing. This is already done
on most hardware drivers.

Initial key value just some arbitrary bits extracted once
from /dev/random.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:52 -05:00
Stephen Hemminger
4db37a7856 vmxnet3: remove unused irq_share_mode
This static variable is never set, it initializes to 0 which
is VMXNET3_INTR_BUDDYSHARE, and never changes.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:52 -05:00
Stephen Hemminger
f32a2605bb vmxnet3: remove device counter
An atomic counter of devices present is maintained but never used.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:51 -05:00
Stephen Hemminger
4816a07266 vmxnet3: remove VMXNET3_MAX_DEVICES
Defined but never used.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:51 -05:00
Stephen Hemminger
204a6e6594 vmxnet3: use netdev_ printk wrappers
Use the standard netdev_xxx() and dev_xxx() wrappers to format
log messages.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:51 -05:00
Stephen Hemminger
fdcd79b94b vmxnet3: use netdev_dbg
Use netdev_dbg() rather than dev_dbg() because the former prints
the device name which is more useful than the pci name.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:50 -05:00
Stephen Hemminger
4bad25fa7e vmxnet3: fix messages printed before registration
This messages that occur during boot time from this device
when netdev_err is called before calling register_netdevice().
Switch to using dev_XXX macros which correlate message with PCI info which
is available.

Rather than fixing the features message, just remove it since
the information is redundant and available through ethtool.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:49 -05:00
Stephen Hemminger
69b9a71266 vmxnet3: remove unnecessary bookkeeping
The uncommitted[] array was set but never used except in a debug
message. Remove it.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:49 -05:00
Stephen Hemminger
0d735f13d8 vmxnet3: use netdev_alloc_skb_ip_align
Use netdev_alloc_skb_align, rather than open code using dev_alloc_skb.
Change allocation at startup to use GFP_KERNEL.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:40:48 -05:00
David S. Miller
8c174e6f77 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next
Jeff Kirsher says:

====================
This series contains updates to e1000e only.

v2- updates patch 09/15 "e1000e: resolve checkpatch PREFER_PR_LEVEL warning"
    based on feedback from Joe Perches.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 14:31:56 -05:00
Bruce Allan
d60923c465 e1000e: merge multiple conditional statements into one
Cleanup a set of conditional tests.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 01:00:09 -08:00
Bruce Allan
e3d14b08e8 e1000e: cleanup code duplication
The removed code block is duplicated in e1000e_write_itr() so use that
instead.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:49:47 -08:00
Bruce Allan
3a3104e7d0 e1000e: cleanup magic number
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:38:58 -08:00
Bruce Allan
1860ac8461 e1000e: cleanup unnecessary line wrap
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:32:12 -08:00
Bruce Allan
2a2293b951 e1000e: cleanup unusual comment placement
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:20:15 -08:00
Bruce Allan
0a939912cf e1000e: cleanup redundant statistics counter
rx_long_byte_count can be removed since it is duplicated in rx_bytes

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:13:50 -08:00
Bruce Allan
7dbc1672f1 e1000e: resolve checkpatch PREFER_PR_LEVEL warning
WARNING: Prefer netdev_info(netdev, ... then dev_info(dev, ...
then pr_info(...  to printk(KERN_INFO ...

v2 - remove unnecessary "e1000e:" prefix as pointed out by Joe Perches
     since that produces a redundant "e1000e:" in the log message

Cc: Joe Perches <joe@perches.com>
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16 00:01:50 -08:00
Bruce Allan
8e5ab42d7f e1000e: add missing bailout on error
...discovered during code inspection.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 23:40:35 -08:00
Bruce Allan
12d43f7d3c e1000e: unexpected "Reset adapter" message when cable pulled
When there is heavy traffic and the cable is pulled, the driver must reset
the adapter to flush the Tx queue in hardware.  This causes the reset path
to be scheduled and logs the message "Reset adapter" which could be mis-
interpreted as an error by the user.  Change how the reset path is invoked
for this scenario by using the same method done in an existing work-around
for 80003es2lan (i.e. set a flag and if the flag is set in the reset code
do not log the "Reset adapter" message since the reset is expected).

Re-name the FLAG_RX_RESTART_NOW to FLAG_RESTART_NOW since it is used for
resets in both the Rx and Tx specific code.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 23:32:23 -08:00
Bruce Allan
3d4d5755f1 e1000e: fix enabling of EEE on 82579 and I217
Energy Efficient Ethernet on 82579 and I217 should only be enabled if not
disabled by the user, if the link is full duplex and the link partner has
similar EEE capabilities (stored in different EMI registers on the two
different parts).

After enabling EEE, read the IEEE MMD register 3.1 (which is also stored in
different EMI registers on the two different parts) to clear the count of
received Tx/Rx LPI indications.

Also, rename I217_EEE_100_SUPPORTED to I82579_EEE_100_SUPPORTED to indicate
the bit is valid starting with I82579 (released before I217).

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 22:46:58 -08:00
Bruce Allan
651fb1026d e1000e: 82577: workaround for link drop issue
When connected to certain switches, the 82577 PHY might drop link
unexpectedly.  Work around the issue by setting the Mean Square Error
higher than the hardware default.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 22:37:56 -08:00
Bruce Allan
4ddc48a9a5 e1000e: helper functions for accessing EMI registers
The Extended Management Interface (EMI) registers are accessed by first
writing the EMI register offset to the EMI_ADDR regiter and then either
reading or writing the data to/from the EMI_DATA register.  Add helper
functions for performing these steps and convert existing EMI register
accesses accordingly.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 21:47:20 -08:00
Eric Dumazet
757b8b1d2b net_sched: fix qdisc_pkt_len_init()
commit 1def9238d4 (net_sched: more precise pkt_len computation)
does a wrong computation of mac + network headers length, as it includes
the padding before the frame.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16 00:41:19 -05:00
Bruce Allan
1cc7a3a14f e1000e: Invalid Image CSUM bit changed for I217
On I217, the bit that indicates an invalid EEPROM (NVM) image checksum has
changed from previous ICH/PCH LOMs.  When validating the EEPROM checksum,
check the appropriate bit on different devices.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 21:38:39 -08:00
Bruce Allan
635ab56439 e1000e: Acquire/release semaphore when writing each EEPROM page
When data blocks are written to the EEPROM, the HW/SW/FW semaphore must be
held for the duration.  With large data blocks on 80003es2lan, 82571 and
82572, this can take too long and cause the firmware to take ownership of
the semaphore and consequently ownership of writes to the EEPROM.
Instead, acquire and release the semaphore for each page of the block
written.

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 21:31:41 -08:00
Bruce Allan
1241f29fa3 e1000e: SerDes autoneg flow control
Enables flow control to be set in SerDes autoneg mode. This is what is
done for copper, but relies on a different set of register/bit checks
since this is all done within the Mac registers.

Remove inapplicable comment in defines.h

Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15 21:25:11 -08:00
Yuval Mintz
247fa82be1 bnx2x: Introduce 2013 and advance version to 1.78.02
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:59 -05:00
Yuval Mintz
9969085e7e bnx2x: Added FW GRO bridging support
Since submit 621b4d6 the bnx2x driver support FW GRO.
However, when using the device with GRO enabled in bridging
scenarios throughput is very low, as the bridge expects all
incoming packets to be passed with CHECKSUM_PARTIAL -
a demand which is satisfied by the SW GRO implementation,
but was missed in the bnx2x driver implementation (which returned
CHECKSUM_UNNECESSARY).

Now, given that the traffic is supported by FW GRO (TCP/IP),
the bnx2x driver calculates the pseudo checksum by itself,
passing skbs with CHECKSUM_PARTIAL and giving a much better
throughput when receiving GRO traffic.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:59 -05:00
Yuval Mintz
ebe61d80b4 bnx2x: Clean previous IGU status before ack
When enabling interrupts, acknowledge the interrupt only
after configuring the IGU to the correct interrupt mode
(otherwise it would dirty selftests)

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:59 -05:00
Yuval Mintz
823e1d9079 bnx2x: improve stop-on-error
Get better control over interrupts during panic, and allow FW to
test outgoing Tx packets when stop-on-error is allowed.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:59 -05:00
Miriam Shitrit
07ba6af465 bnx2x: add `ethtool -w' support.
This revises and enhances the bnx2x register dump facilities,
adding support for `ethtool -w' on top of `ethtool -d'.

Signed-off-by: Miriam Shitrit <miris@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:59 -05:00
Yuval Mintz
4ba7699be9 bnx2x: Added nvram personalities support
When a device is configured to act as either iscsi or fcoe
device in its nvram, prevent the other from being misused by
preventing its activation in the driver.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:58 -05:00
Yaniv Rosner
a336ca7cc5 bnx2x: Fix rare self-test failures
On rare occasions, self test link may fail since the link is
being sampled while it's still being stabilized.
To correct this behaviour, try to sample the link for 2 seconds
prior to declaring a failure.

Signed-off-by: Yaniv Rosner <yanivr@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:58 -05:00
Dmitry Kravkov
f72839d036 bnx2x: use SAN Mac for FCoE.
Current logic causes chips running in switch dependent multi-function
FCoE mode not to configure their MAC, leading to an all 0s MAC.

This patch configures the interface with the SAN Mac instead.

Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:58 -05:00
Dmitry Kravkov
c14a09b785 bnx2x: Add an additional fatal hw assertion - BRB_HW_INTERRUPT
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:58 -05:00
Yuval Mintz
a74801c59e bnx2x: Clear dirty status when booting after UNDI
Self-tests following boot from SAN have failed as the
UNDI driver might leave some NIG interrupt indications.

This patch does the clean-up, clearing those indications
and allowing the test to pass.

Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:07:58 -05:00
David S. Miller
4b87f92259 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
	Documentation/networking/ip-sysctl.txt
	drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c

Both conflicts were simply overlapping context.

A build fix for qlcnic is in here too, simply removing the added
devinit annotations which no longer exist.

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15 15:05:59 -05:00
Nithin Nayak Sujir
daf3ec688e tg3: Fix crc errors on jumbo frame receive
TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy
auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting
in intermittent crc errors on jumbo frames with some link partners. Change
the code to do a read/modify/write.

Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 22:09:29 -05:00
Nithin Nayak Sujir
9c13cb8bb4 tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
When netconsole is enabled, logging messages generated during tg3_open
can result in a null pointer dereference for the uninitialized tg3
status block. Use the irq_sync flag to disable polling in the early
stages. irq_sync is cleared when the driver is enabling interrupts after
all initialization is completed.

Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 22:09:29 -05:00
Paul Gortmaker
55eb555d96 drivers/net: delete orphaned MCA ibmlana driver content
In commit a5e371f61a ("drivers/net: delete
all code/drivers depending on CONFIG_MCA") most of the MCA drivers went,
including the Kconfig/Makefile hooks for ibmlana, but it seems that I
missed the "git rm" on these actual driver files, and with the namespace
overlap with machine check architecture, it got missed by various git
grep type checking done at that time.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 21:26:06 -05:00
David S. Miller
47fb3a26e2 Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:

====================
The following patchset contains netfilter fixes for 3.8-rc3,
they are:

* fix possible BUG_ON if several netns are in use and the nf_conntrack
  module is removed, initial patch from Gao feng, final patch from myself.

* fix unset return value if conntrack zone are disabled at
  compile-time, reported by Borislav Petkov, fix from myself.

* fix display error message via dmesg for arp_tables, from Jan Engelhardt.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 18:26:41 -05:00
Paul Moore
5dbbaf2de8 tun: fix LSM/SELinux labeling of tun/tap devices
This patch corrects some problems with LSM/SELinux that were introduced
with the multiqueue patchset.  The problem stems from the fact that the
multiqueue work changed the relationship between the tun device and its
associated socket; before the socket persisted for the life of the
device, however after the multiqueue changes the socket only persisted
for the life of the userspace connection (fd open).  For non-persistent
devices this is not an issue, but for persistent devices this can cause
the tun device to lose its SELinux label.

We correct this problem by adding an opaque LSM security blob to the
tun device struct which allows us to have the LSM security state, e.g.
SELinux labeling information, persist for the lifetime of the tun
device.  In the process we tweak the LSM hooks to work with this new
approach to TUN device/socket labeling and introduce a new LSM hook,
security_tun_dev_attach_queue(), to approve requests to attach to a
TUN queue via TUNSETQUEUE.

The SELinux code has been adjusted to match the new LSM hooks, the
other LSMs do not make use of the LSM TUN controls.  This patch makes
use of the recently added "tun_socket:attach_queue" permission to
restrict access to the TUNSETQUEUE operation.  On older SELinux
policies which do not define the "tun_socket:attach_queue" permission
the access control decision for TUNSETQUEUE will be handled according
to the SELinux policy's unknown permission setting.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 18:16:59 -05:00
Paul Moore
6f96c142f7 selinux: add the "attach_queue" permission to the "tun_socket" class
Add a new permission to align with the new TUN multiqueue support,
"tun_socket:attach_queue".

The corresponding SELinux reference policy patch is show below:

 diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
 index 28802c5..a0664a1 100644
 --- a/policy/flask/access_vectors
 +++ b/policy/flask/access_vectors
 @@ -827,6 +827,9 @@ class kernel_service

  class tun_socket
  inherits socket
 +{
 +       attach_queue
 +}

  class x_pointer
  inherits x_device

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14 18:16:59 -05:00