Commit Graph

311659 Commits

Author SHA1 Message Date
Pablo Neira Ayuso
12f7a50533 netfilter: add user-space connection tracking helper infrastructure
There are good reasons to supports helpers in user-space instead:

* Rapid connection tracking helper development, as developing code
  in user-space is usually faster.

* Reliability: A buggy helper does not crash the kernel. Moreover,
  we can monitor the helper process and restart it in case of problems.

* Security: Avoid complex string matching and mangling in kernel-space
  running in privileged mode. Going further, we can even think about
  running user-space helpers as a non-root process.

* Extensibility: It allows the development of very specific helpers (most
  likely non-standard proprietary protocols) that are very likely not to be
  accepted for mainline inclusion in the form of kernel-space connection
  tracking helpers.

This patch adds the infrastructure to allow the implementation of
user-space conntrack helpers by means of the new nfnetlink subsystem
`nfnetlink_cthelper' and the existing queueing infrastructure
(nfnetlink_queue).

I had to add the new hook NF_IP6_PRI_CONNTRACK_HELPER to register
ipv[4|6]_helper which results from splitting ipv[4|6]_confirm into
two pieces. This change is required not to break NAT sequence
adjustment and conntrack confirmation for traffic that is enqueued
to our user-space conntrack helpers.

Basic operation, in a few steps:

1) Register user-space helper by means of `nfct':

 nfct helper add ftp inet tcp

 [ It must be a valid existing helper supported by conntrack-tools ]

2) Add rules to enable the FTP user-space helper which is
   used to track traffic going to TCP port 21.

For locally generated packets:

 iptables -I OUTPUT -t raw -p tcp --dport 21 -j CT --helper ftp

For non-locally generated packets:

 iptables -I PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp

3) Run the test conntrackd in helper mode (see example files under
   doc/helper/conntrackd.conf

 conntrackd

4) Generate FTP traffic going, if everything is OK, then conntrackd
   should create expectations (you can check that with `conntrack':

 conntrack -E expect

    [NEW] 301 proto=6 src=192.168.1.136 dst=130.89.148.12 sport=0 dport=54037 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.1.136 master-dst=130.89.148.12 sport=57127 dport=21 class=0 helper=ftp
[DESTROY] 301 proto=6 src=192.168.1.136 dst=130.89.148.12 sport=0 dport=54037 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.1.136 master-dst=130.89.148.12 sport=57127 dport=21 class=0 helper=ftp

This confirms that our test helper is receiving packets including the
conntrack information, and adding expectations in kernel-space.

The user-space helper can also store its private tracking information
in the conntrack structure in the kernel via the CTA_HELP_INFO. The
kernel will consider this a binary blob whose layout is unknown. This
information will be included in the information that is transfered
to user-space via glue code that integrates nfnetlink_queue and
ctnetlink.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:40:02 +02:00
Pablo Neira Ayuso
ae243bee39 netfilter: ctnetlink: add CTA_HELP_INFO attribute
This attribute can be used to modify and to dump the internal
protocol information.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:09:15 +02:00
Pablo Neira Ayuso
8c88f87cb2 netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled
User-space programs that receive traffic via NFQUEUE may mangle packets.
If NAT is enabled, this usually puzzles sequence tracking, leading to
traffic disruptions.

With this patch, nfnl_queue will make the corresponding NAT TCP sequence
adjustment if:

1) The packet has been mangled,
2) the NFQA_CFG_F_CONNTRACK flag has been set, and
3) NAT is detected.

There are some records on the Internet complaning about this issue:
http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables

By now, we only support TCP since we have no helpers for DCCP or SCTP.
Better to add this if we ever have some helper over those layer 4 protocols.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:09:08 +02:00
Pablo Neira Ayuso
9cb0176654 netfilter: add glue code to integrate nfnetlink_queue and ctnetlink
This patch allows you to include the conntrack information together
with the packet that is sent to user-space via NFQUEUE.

Previously, there was no integration between ctnetlink and
nfnetlink_queue. If you wanted to access conntrack information
from your libnetfilter_queue program, you required to query
ctnetlink from user-space to obtain it. Thus, delaying the packet
processing even more.

Including the conntrack information is optional, you can set it
via NFQA_CFG_F_CONNTRACK flag with the new NFQA_CFG_FLAGS attribute.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:09:02 +02:00
Pablo Neira Ayuso
1afc56794e netfilter: nf_ct_helper: implement variable length helper private data
This patch uses the new variable length conntrack extensions.

Instead of using union nf_conntrack_help that contain all the
helper private data information, we allocate variable length
area to store the private helper data.

This patch includes the modification of all existing helpers.
It also includes a couple of include header to avoid compilation
warnings.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:08:55 +02:00
Pablo Neira Ayuso
3cf4c7e381 netfilter: nf_ct_ext: support variable length extensions
We can now define conntrack extensions of variable size. This
patch is useful to get rid of these unions:

union nf_conntrack_help
union nf_conntrack_proto
union nf_conntrack_nat_help

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:08:49 +02:00
Pablo Neira Ayuso
3a8fc53a45 netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names
This patch modifies the struct nf_conntrack_helper to allocate
the room for the helper name. The maximum length is 16 bytes
(this was already introduced in 2.6.24).

For the maximum length for expectation policy names, I have
also selected 16 bytes.

This patch is required by the follow-up patch to support
user-space connection tracking helpers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-16 15:08:39 +02:00
David S. Miller
aee289baaa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
	net/ipv6/route.c

Pull in 'net' again to get the revert of Thomas's change
which introduced regressions.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-16 01:23:04 -07:00
David S. Miller
e8803b6c38 Revert "ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route"
This reverts commit 2a0c451ade.

It causes crashes, because now ip6_null_entry is used before
it is initialized.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-16 01:12:19 -07:00
David S. Miller
42ae66c80d ipv6: Fix types of ip6_update_pmtu().
The mtu should be a __be32, not the mark.

Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 20:01:57 -07:00
David S. Miller
7e52b33bd5 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
	net/ipv6/route.c

This deals with a merge conflict between the net-next addition of the
inetpeer network namespace ops, and Thomas Graf's bug fix in
2a0c451ade which makes sure we don't
register /proc/net/ipv6_route before it is actually safe to do so.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:51:55 -07:00
David S. Miller
91c8028c95 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next 2012-06-15 15:37:05 -07:00
Thomas Graf
2a0c451ade ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
/proc/net/ipv6_route reflects the contents of fib_table_hash. The proc
handler is installed in ip6_route_net_init() whereas fib_table_hash is
allocated in fib6_net_init() _after_ the proc handler has been installed.

This opens up a short time frame to access fib_table_hash with its pants
down.

fib6_init() as a whole can't be moved to an earlier position as it also
registers the rtnetlink message handlers which should be registered at
the end. Therefore split it into fib6_init() which is run early and
fib6_init_late() to register the rtnetlink message handlers.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:30:15 -07:00
Dan Carpenter
0f6efff925 qlcnic: off by one in qlcnic_init_pci_info()
The adapter->npars[] array has QLCNIC_MAX_PCI_FUNC elements.  We
allocate it that way a few lines earlier in the function.  So this test
is off by one.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Anirban Chakraborty <anirban.chakraborty@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:30:15 -07:00
Eric Dumazet
62b1a8ab9b net: remove skb_orphan_try()
Orphaning skb in dev_hard_start_xmit() makes bonding behavior
unfriendly for applications sending big UDP bursts : Once packets
pass the bonding device and come to real device, they might hit a full
qdisc and be dropped. Without orphaning, the sender is automatically
throttled because sk->sk_wmemalloc reaches sk->sk_sndbuf (assuming
sk_sndbuf is not too big)

We could try to defer the orphaning adding another test in
dev_hard_start_xmit(), but all this seems of little gain,
now that BQL tends to make packets more likely to be parked
in Qdisc queues instead of NIC TX ring, in cases where performance
matters.

Reverts commits :
fc6055a5ba net: Introduce skb_orphan_try()
87fd308cfc net: skb_tx_hash() fix relative to skb_orphan_try()
and removes SKBTX_DRV_NEEDS_SK_REF flag

Reported-and-bisected-by: Jean-Michel Hautbois <jhautbois@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:30:15 -07:00
Eric Dumazet
bc14786a10 bnx2x: fix panic when TX ring is full
There is a off by one error in the minimal number of BD in
bnx2x_start_xmit() and bnx2x_tx_int() before stopping/resuming tx queue.

A full size GSO packet, with data included in skb->head really needs
(MAX_SKB_FRAGS + 4) BDs, because of bnx2x_tx_split()

This error triggers if BQL is disabled and heavy TCP transmit traffic
occurs.

bnx2x_tx_split() definitely can be called, remove a wrong comment.

Reported-by: Tomas Hruby <thruby@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:30:15 -07:00
Dan Carpenter
d9cb9bd63e can: c_can: precedence error in c_can_chip_config()
(CAN_CTRLMODE_LISTENONLY & CAN_CTRLMODE_LOOPBACK) is (0x02 & 0x01) which
is zero so the condition is never true.  The intent here was to test
that both flags were set.

Cc: <stable@kernel.org> # 2.6.39+
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 15:25:56 -07:00
David S. Miller
81aded2467 ipv6: Handle PMTU in ICMP error handlers.
One tricky issue on the ipv6 side vs. ipv4 is that the ICMP callouts
to handle the error pass the 32-bit info cookie in network byte order
whereas ipv4 passes it around in host byte order.

Like the ipv4 side, we have two helper functions.  One for when we
have a socket context and one for when we do not.

ip6ip6 tunnels are not handled here, because they handle PMTU events
by essentially relaying another ICMP packet-too-big message back to
the original sender.

This patch allows us to get rid of rt6_do_pmtu_disc().  It handles all
kinds of situations that simply cannot happen when we do the PMTU
update directly using a fully resolved route.

In fact, the "plen == 128" check in ip6_rt_update_pmtu() can very
likely be removed or changed into a BUG_ON() check.  We should never
have a prefixed ipv6 route when we get there.

Another piece of strange history here is that TCP and DCCP, unlike in
ipv4, never invoke the update_pmtu() method from their ICMP error
handlers.  This is incredibly astonishing since this is the context
where we have the most accurate context in which to make a PMTU
update, namely we have a fully connected socket and associated cached
socket route.

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-15 14:54:11 -07:00
David S. Miller
3639339553 ipv4: Handle PMTU in all ICMP error handlers.
With ip_rt_frag_needed() removed, we have to explicitly update PMTU
information in every ICMP error handler.

Create two helper functions to facilitate this.

1) ipv4_sk_update_pmtu()

   This updates the PMTU when we have a socket context to
   work with.

2) ipv4_update_pmtu()

   Raw version, used when no socket context is available.  For this
   interface, we essentially just pass in explicit arguments for
   the flow identity information we would have extracted from the
   socket.

   And you'll notice that ipv4_sk_update_pmtu() is simply implemented
   in terms of ipv4_update_pmtu()

Note that __ip_route_output_key() is used, rather than something like
ip_route_output_flow() or ip_route_output_key().  This is because we
absolutely do not want to end up with a route that does IPSEC
encapsulation and the like.  Instead, we only want the route that
would get us to the node described by the outermost IP header.

Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-14 22:22:07 -07:00
Dan Carpenter
daf67ce8cf iwlwifi: unlock on error path
We introduced a lock here in ff1ffb850b ("iwlwifi: fix dynamic
loading").  But we missed an error path which needs an unlock.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-14 14:55:14 -04:00
Vishal Agarwal
f960727e6c Bluetooth: Fix sending HCI_Disconnect only when connected
HCI_Disconnect should only be sent after connection is established.
If connection is not yet established and HCI_Disconnect is called
then disconnection complete will be received with a handle which
does not exist and hence this event will be ignored.
But as mgmt.c will not receive this event, its variable for pending
command is not cleared.This will result in future Disconnect commands
for that BD Address to be blocked with error busy.

Signed-off-by: Vishal Agarwal <vishal.agarwal@stericsson.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2012-06-14 12:19:39 -03:00
Linus Torvalds
424d54d2dc Merge git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fix from Marcelo Tosatti:
 "Fix a spurious warning on CPU offline path"

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
  x86: kvmclock: remove check_and_clear_guest_paused warning
2012-06-14 15:46:59 +03:00
Linus Torvalds
0953135956 pinctrl fixes for v3.5 rc series:
- section markup fixes
 - clk_prepare() fix to conform to the clk API
 - memory leaks
 - incorrect debug messages
 - bad errorpaths
 - typos
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iQIcBAABAgAGBQJP2ZIRAAoJEEEQszewGV1zJEsP/jwNNj1+OvGYiOg+Tn29wc0q
 J02EJGb0mNCPX8JzWpKSXoEdCzqbmqdjR7zfmetQV1GpiUgidrnIjyLnUCXZnNaF
 2z210SoOWKnats9kvwdbptZ/xY/o1Ncdlfw2QgLiX6gx+bRmyNWR/4IOilsNMywA
 u7gPcfGGNgidUCAjNz5tFS5o8kFI+Z9FF/7f8gs4TAT70k40n79RGpgW7gA2PhR8
 c8WcJk2TOBThMdSl07JKChTtBtU1ZrPrv8quuk6+voPJa71nJfHNYkAd78cegOBS
 5pfh0rCGElHDMfZ5DdFBsFL1ETxni0mSziBIdgnBX85Ll/wJH6tEPjcVA1sv8Jka
 kLm61XKsDwV+A0KibgmGPSu6nYqGZMaAsvJPSWJjXcPcS3VhXK4lly3OCD1KB6U+
 5u6hD+yavYX8mpEOik3y9pnKYS80d8zvR22/jGpqTByG3DbLwAlLzen7iWHqAbLG
 JJLpD6pxkVA15x+TkS3I1kBMzjM5G11AjticgIxAfx4pSqL/n0CJ1m9tXQ1X7iis
 Kl526ZWxh+GDy9/cM/AqjEJYoefmcCTv1wSieWVsgEKc7+tut47rdaNa4eC+jqho
 NprmfhS16na5GCagh0yI+YXl+nK0Kd9oWoGiJqQcS67UZEn06SzRNdABBPa5OO1F
 ZVfnheS1t4UVw/E5Gmz2
 =F/II
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pinctrl fixes from Linus Walleij:
 - section markup fixes
 - clk_prepare() fix to conform to the clk API
 - memory leaks
 - incorrect debug messages
 - bad errorpaths
 - typos

* tag 'pinctrl-fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: pinctrl-mxs: set platform driver data to NULL at errpath and at unregister
  pinctrl: pinctrl-mxs: Take care of frees if the kzalloc fails
  pinctrl: pinctrl-imx: fix incorrect debug message of maps
  pinctrl: pinctrl-imx: free if of_get_parent fails to get the parent node
  pinctrl: pinctrl-imx: free allocated pinctrl_map structure only once and use kernel facilities for IMX_PMX_DUMP
  pinctrl: nomadik: fix up typo
  pinctrl: nomadik: add clk_prepare() call
  pinctrl: fix a minor harmless typo
  pinctrl: sirf: mark of_device_id match table as __devinitconst
2012-06-14 15:43:32 +03:00
Linus Torvalds
b532ff20bc Sound fixes for 3.5-rc3
- Fix a regression of USB-audio PCM assignment since 3.4
 - A few VGA-switcheroo-related fixes for proper HDMI audio enablement
 - Fixed the missing initializations of HD-audio verbs, which may have
   resulted in various breakage
 - Some driver-specific ASoC updates
 - A few fixes for the dynamic PCM code
 - The addition of pinctrl support for the i.MX audmux which didn't make it
   into -rc1 due to cross tree dependency issues
 - A few minor fixes in compress API codes
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
 iQIcBAABAgAGBQJP2KtCAAoJEGwxgFQ9KSmkCosQAIKjgSBIT9JMZ714q2LkyZkb
 bo+Rr4N/WKq7E2xV/2nsziWhZoPlInws+hYvFx8eFP84gKlGUCZyJwV5Rzn37h3W
 IK6ACkgDD3f9U50oO9jwM2M6lFxpu+4LJPIJEewYAfhtr9gLv9uxALDhocfhg6Gd
 H+IaYdCKZxffCaXTNUiLURoEDA+qp7/T4d5CHuc7/l/RRCb2n7ZaKXoreCvon+iK
 h6I3J91MdudDvn6X+h7KFOIq01L5R5gp3ml+T7REg9rNB2aQk9UGo+qBqsKEoihO
 /7Ih0pvny167dVZJKGzjh3uM7G7cnLcnhmc88jFFRhRooETNDwk1Qz3V+ur+sSdw
 rkoNicdgujXRsuPr+xqmWYRZrfmeBZ3SJWEA+aFA8pRhrU/WrbNAaj7EBVc0Gq3f
 p1rEZ4t16Qqj+1Px+xHUEMjOidF1voCX3NiWZrfYBqO8AheerrNKe6zmCY20cRaC
 4PYWJYzRui9rec1Ic5fW/7BWqWEv+2rAoBdisZmVAqjNEUlP/pHEdi4OTmCL8ss0
 hrp0BLksfeedDcVhdVSQG6UjA4U6IOcA528Z731FGZ5QP7ZZ3IdwvuZFiact5QHx
 HbBTjCYR52VsmTPSWJpQ5rc5Kq0lBz5VayTrTIt0f9nom7Qm7RgiFatDkMeObwgm
 Ncwa8CIInqsFq384g4E4
 =Hrh7
 -----END PGP SIGNATURE-----

Merge tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:

 - Fix a regression of USB-audio PCM assignment since 3.4
 - A few VGA-switcheroo-related fixes for proper HDMI audio enablement
 - Fixed the missing initializations of HD-audio verbs, which may have
   resulted in various breakage
 - Some driver-specific ASoC updates
 - A few fixes for the dynamic PCM code
 - The addition of pinctrl support for the i.MX audmux which didn't make
   it into -rc1 due to cross tree dependency issues
 - A few minor fixes in compress API codes

* tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda - Don't forget to call init verbs added by fixup list
  ALSA: HDA: Pin fixup for Zotac Z68 motherboard
  ALSA: compress_core: cleanup pointers on stop
  ALSA: compress_core: don't wake up on pause
  ALSA: hda - Fix detection of Creative SoundCore3D controllers
  vga_switcheroo: Enable/disable audio clients at the right time
  ALSA: hda - HDMI Audio init all connectors when VGA-switcheroo is off
  vga_switcheroo: Fix error without CONFIG_VGA_SWITCHEROO
  ALSA: hda - Fix uninitialized HDMI controllers with VGA-switcheroo
  vga_switcheroo: Add a helper function to get the client state
  ALSA: usb-audio: Fix substream assignments
  ASoC: tegra: add MODULE_DEVICE_TABLE to tegra30_ahub
  ASoC: wm2000: Always use a 4s timeout for the firmware
  ASoC: dapm: Fix input list to use source widgets
  ASoC: dpcm: Fix dpcm_get_be() to check that DAI is BE
  ASoC: wm8994: Apply volume updates with clocks enabled
  ASoC: wm8994: Ensure all AIFnCLK events are run from the _late variants
  ASoC: imx-audmux: add pinctrl support
  ASoC: dapm: Fix connected widget capture path query.
2012-06-14 15:38:48 +03:00
Linus Torvalds
fea7c7830d Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David S. Miller:

This has the fix for the wireless issues I ran into the other week as
well as:

 1) Fix CAN c_can driver transmit handling resulting in BUG check
    triggers, from AnilKumar Ch.

 2) Fix packet drop monitor sleeping in atomic context, from Eric
    Dumazet.

 3) Fix mv643xx_eth driver build regression, from Andrew Lunn.

 4) Inetpeer freeing needs an RCU grace period in order to avoid races
    during tree invalidation.  From Eric Dumazet.

 5) Fix endianness bugs in xt_HMARK netfilter module, from Hans
    Schillstrom.

 6) Add proper module refcounting to l2tp_eth to avoid crash on module
    unload, from Eric Dumazet.

 7) Fix truncation of neighbour entry dumps due to logic errors in
    neigh_dump_info() and friends, from Eric Dumazet.

 8) The conversion of fib6_age() to dst_neigh_lookup() accidently
    reversed the logic of a flags test, fix from Thomas Graf.

 9) Fix checksum configuration in newer sky2 chips, from Stephen
    Hemminger.

10) Revert BQL support in NIU driver, doesn't work.

11) l2tp_ip_sendmsg() illegally uses a route without a proper reference.
    From Eric Dumazet.

12) be2net driver references an SKB after it's potentially been freed,
    also from Eric Dumazet.

13) Fix RCU stalls in dummy net driver init.  Also from Eric Dumazet.

14) lpc_eth has several bugs in it's transmit engine leading to packet
    leaks and improper queue wakes, from Eric Dumazet.

15) Apply short DMA workaround to more tg3 chips, from Matt Carlson.

16) Add tilegx network driver.

17) Bonding queue mapping for a packet can get corrupted, fix from Eric
    Dumazet.

18) Fix bug in netpoll_send_udp() SKB management that can leave garbage
    in the payload in certain situations.  From Eric Dumazet.

19) bnx2x driver interprets chip RX checksum offload incorrectly in
    encapsulation situations.  Fix from Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
  bnx2x: fix checksum validation
  netpoll: fix netpoll_send_udp() bugs
  bonding: Fix corrupted queue_mapping
  bonding:record primary when modify it via sysfs
  tilegx network driver: initial support
  tg3: Apply short DMA frag workaround to 5906
  net: stmmac: Fix clock en-/disable calls
  lpc_eth: fix tx completion
  lpc_eth: add missing ndo_change_mtu()
  dummy: fix rcu_sched self-detected stalls
  net: Reorder initialization in ip_route_output to fix gcc warning
  virtio-net: fix a race on 32bit arches
  r8169: avoid NAPI scheduling delay.
  net: Make linux/tcp.h C++ friendly (trivial)
  netdev: fix drivers/net/phy/ kernel-doc warnings
  net/core: fix kernel-doc warnings
  be2net: fix a race in be_xmit()
  l2tp: fix a race in l2tp_ip_sendmsg()
  mac80211: add back channel change flag
  NFC: Fix possible NULL ptr deref when getting the name of a socket
  ...
2012-06-14 15:33:55 +03:00
Jacob Keller
1d1a79b5b9 ixgbe: Check PTP Rx timestamps via BPF filter
This patch fixes a potential Rx timestamp deadlock that causes the Rx
timestamping to stall indefinitely. The issue could occur when a PTP packet is
timestamped by hardware but never reaches the Rx queue. In order to prevent a
permanent loss of timestamping, the RXSTMP(L/H) registers have to be read to
unlock them. (This used to only occur when a packet that was timestamped
reached the software.) However the registers can't be read early otherwise
there is no way to correlate them to the packet.

This patch introduces a filter function which can be used to determine if a
packet should have been timestamped. Supplied with the filter setup by the
hwtstamp ioctl, check to make sure the PTP protocol and message type match the
expected values. If so, then read the timestamp registers (to free them.) At
this point check the descriptor bit, if the bit is set then we know this
packet correlates to the timestamp stored in the RXTSTAMP registers.
Otherwise, assume that packet was dropped by the hardware, and ignore this
timestamp value. However, we have at least unlocked the rxtstamp registers for
future timestamping.

Due to the way the driver handles skb data, it cannot be directly accessed. In
order to work around this, a copy of the skb data into a linear buffer is
made. From this buffer it becomes possible to read the data correctly

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Richard Cochran <richardcochran@gmail.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:13:48 -07:00
Jacob Keller
c19197a786 ixgbe: PTP Fix hwtstamp mode settings
When enabling the hwtstamp mode for Rx timestamping the V2 ptp event type
specific modes (Delay Request and Sync) have been rolled into the V2 all event
packet modes, in order to more accurately represent what hardware is doing.
Hardware always timestamps the Path delay packets when a V2 mode is selected,
regardless of what type was selected (in order to always support Path delay
mode). However this means the user selected modes of timestamping only Sync or
Delay Request is not truly supported. This patch correctly sets the mode for
the hwtstamp config and returns to the user that all V2 event packets will be
timestamped.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:13:22 -07:00
Jacob Keller
0ede4a606a ixgbe: ptp code cleanup
This patch fixes two minor nits from Richard Cochran. The first is a case of
ambitious line wrapping that wasn't necessary. The second is to re-order the
flag checks for PPS support. Previously, the hardware test was done first, and
the interrupt flag test was done second. Now, test the interrupt flag and use
the unlikely macro.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:13:06 -07:00
Emil Tantilov
6cbc52ef10 ixgbe: do not compile ixgbe_sysfs.c when CONFIG_IXGBE_HWMON is not set
ixgbe_sysfs.c is only needed when CONFIG_IXGBE_HWMON is configured in the
kernel.

Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Acked-by: Don Skidmore <Donald.c.skidmore@intel.com>
Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:12:41 -07:00
John Fastabend
4f8a91ad9a ixgbe: align flow control DV macros with datasheet
The flow control DV macros are used to calculate the flow control
high and low thresholds. This patch annotates these macros slightly
better and fixes the issues below.

The macro variables are renamed LINK to _max_frame_link and TC to
_max_frame_tc. This was to avoid confusion and make them more
readable. It was found that people auditing the code read TC to be
'traffic class' in the 802.1Q definition instead of the max frame
size of the tc. Hopefully it is clear now.

This audit also found the following real deviations from the
theoretical values. Fixed in this patch.

  * I multiplied the DV calculations by (36/25) which always
    evaluates to 1. This does not match the intended theoretical
    value of 1.44.

  * IXGBE_BT2KB added 1023 to account for rounding however this
    really should be 8 * 1023 - 1 to account for division by 8k.

  * x2 multiplication of max frame in DV calculations to account
    for updated hardware recommendations.

With this patch the DV values are inline with the recommendations
in the 82599 and 82598 data sheets. Its worth noting I did not
see any dropped frames with flow control on in my experiments without
this patch. However aligning with the hardware specs and
recommendations seems like a good idea here to account for worst
case scenarios.

Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:12:17 -07:00
Bruce Allan
185095fb80 e1000e: use more informative logging macros when netdev not yet registered
Based on a report from Ethan Zhao, before calling register_netdev() the
driver should be using logging macros that do not display the potentially
confusing "(unregistered net_device)" yet still display the useful driver
name and PCI bus/device/function.

Reported-by: Ethan Zhao <ethan.kernel@gmail.com>
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2012-06-14 03:03:14 -07:00
Thomas Graf
b3908e22ad dcbnl: Use BUG_ON() instead of BUG()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-14 01:45:46 -07:00
Thomas Graf
39912f9cf9 dcbnl: Silence harmless gcc warning about uninitialized reply_nlh
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-14 01:45:46 -07:00
Eric Dumazet
0450243096 bonding: drop_monitor aware
When packets are dropped in TX path, its better to use kfree_skb()
instead of dev_kfree_skb() to give proper drop_monitor events.

Also move the kfree_skb() call after read_unlock() in bond_alb_xmit()
and bond_xmit_activebackup()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 16:00:26 -07:00
Eric Dumazet
d6cb3e4138 bnx2x: fix checksum validation
bnx2x driver incorrectly sets ip_summed to CHECKSUM_UNNECESSARY on
encapsulated segments. TCP stack happily accepts frames with bad
checksums, if they are inside a GRE or IPIP encapsulation.

Our understanding is that if no IP or L4 csum validation was done by the
hardware, we should leave ip_summed as is (CHECKSUM_NONE), since
hardware doesn't provide CHECKSUM_COMPLETE support in its cqe.

Then, if IP/L4 checksumming was done by the hardware, set
CHECKSUM_UNNECESSARY if no error was flagged.

Patch based on findings and analysis from Robert Evans

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:58:53 -07:00
Eric Dumazet
954fba0274 netpoll: fix netpoll_send_udp() bugs
Bogdan Hamciuc diagnosed and fixed following bug in netpoll_send_udp() :

"skb->len += len;" instead of "skb_put(skb, len);"

Meaning that _if_ a network driver needs to call skb_realloc_headroom(),
only packet headers would be copied, leaving garbage in the payload.

However the skb_realloc_headroom() must be avoided as much as possible
since it requires memory and netpoll tries hard to work even if memory
is exhausted (using a pool of preallocated skbs)

It appears netpoll_send_udp() reserved 16 bytes for the ethernet header,
which happens to work for typicall drivers but not all.

Right thing is to use LL_RESERVED_SPACE(dev)
(And also add dev->needed_tailroom of tailroom)

This patch combines both fixes.

Many thanks to Bogdan for raising this issue.

Reported-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:57:31 -07:00
Thomas Graf
7a282bc37f dcbnl: Use type safe nlmsg_data()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:35 -07:00
Thomas Graf
4e4f2f6970 dcbnl: Move dcb app allocation into dcb_app_add()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:35 -07:00
Thomas Graf
716b31abbd dcbnl: Move dcb app lookup code into dcb_app_lookup()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:35 -07:00
Thomas Graf
3d1f486952 dcbnl: Return consistent error codes
EMSGSIZE - ran out of space while constructing message
EOPNOTSUPP - driver/hardware does not support operation
ENODEV - network device not found
EINVAL - invalid message

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:34 -07:00
Thomas Graf
ab6d470735 dcbnl: Use dcbnl_newmsg() where possible
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:34 -07:00
Thomas Graf
77c6849d7a dcbnl: Remove now unused dcbnl_reply()
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:34 -07:00
Thomas Graf
7be994138b dcbnl: Shorten all command handling functions
Allocating and sending the skb in dcb_doit() allows for much
shorter and cleaner command handling functions.

The huge switch statement is replaced with an array based definition
of the handling function and reply message type.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:34 -07:00
Thomas Graf
33a03aadb5 dcbnl: Prepare framework to shorten handling functions
There is no need to allocate and send the reply message in each
handling function separately. Instead, the reply skb can be allocated
and sent in dcb_doit() directly.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-13 15:46:34 -07:00
Linus Torvalds
790b9d4bb7 SuperH fixes for 3.5-rc3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.15 (GNU/Linux)
 
 iEYEABECAAYFAk/YA2QACgkQGkmNcg7/o7iquwCg1dTXMRl6iC+/nGrfBylFhbvQ
 IjQAnj/+piJJlqdN8HDPnnXOvbcgZLNk
 =hO8d
 -----END PGP SIGNATURE-----

Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh

Pull SuperH fixes from Paul Mundt.

* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
  sh: Kill off additional asm-generic wrappers.
  sh: Setup CROSS_COMPILE at the top
  sh: Fix up link time defsym warnings.
  sh: use the new generic strnlen_user() function
  sh: switch to generic strncpy_from_user().
  sh: Kill off last dead UBC header
  serial: sh-sci: Make probe fail for ports that exceed the maximum count
  serial: sh-sci: Fix probe error paths
  clocksource: sh_tmu: Use clockevents_config_and_register().
  clocksource: sh_tmu: Convert timer lock to raw spinlock.
  clocksource: sh_mtu2: Convert timer lock to raw spinlock.
  clocksource: sh_cmt: Convert timer lock to raw spinlock.
  bug.h: need linux/kernel.h for TAINT_WARN.
  sh: convert to kbuild asm-generic support.
  sh64: Fix up fallout from generic init_task conversion.
  sh: arch/sh/kernel/process.c needs asm/fpu.h for unlazy_fpu().
2012-06-13 23:19:34 +03:00
Linus Torvalds
c02feeea3d Merge branch 'fixes-for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds
Pull led fixes from Bryan Wu.

* 'fixes-for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
  leds: Make LEDS_ASIC3 and LEDS_RENESAS_TPU depend on LEDS_CLASS=y
  leds: fixed a coding style issue.
  leds: don't disable blinking when writing the same value to delay_on or delay_off
2012-06-13 23:18:41 +03:00
Linus Torvalds
6ddb99043c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
Pull m68k update from Geert Uytterhoeven.

This makes m68k use the generic library functions for the user-space
strn[cpy|len] functions.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Use generic strncpy_from_user(), strlen_user(), and strnlen_user()
2012-06-13 23:17:12 +03:00
John W. Linville
211c17aaee Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Conflicts:
	drivers/net/wireless/ath/ath9k/main.c
	net/bluetooth/hci_event.c
2012-06-13 15:35:35 -04:00
John W. Linville
ec8eb9ae58 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2012-06-13 15:12:07 -04:00
Rajkumar Manoharan
9330969b8f ath9k_hw: remove MCI_STATE_SET_BT_SLEEP
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-13 14:36:02 -04:00