Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 14, 2013
  1. @gregkh

    Linux 3.4.31

    gregkh authored
  2. @gregkh

    be2net: Fix to trim skb for padded vlan packets to workaround an ASIC…

    Somnath Kotur authored gregkh committed
    … Bug
    
    commit 93040ae upstream.
    
    Fixed spelling error in a comment as pointed out by DaveM.
    Also refactored existing code a bit to provide placeholders for another ASIC
    Bug workaround that will be checked-in soon after this.
    
    Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Cc: Jacek Luczak <difrost.kernel@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  3. @gregkh

    tg3: Fix crc errors on jumbo frame receive

    Nithin Nayak Sujir authored gregkh committed
    [ Upstream commit daf3ec6 ]
    
    TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy
    auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting
    in intermittent crc errors on jumbo frames with some link partners. Change
    the code to do a read/modify/write.
    
    Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
    Signed-off-by: Michael Chan <mchan@broadcom.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  4. @gregkh

    tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode

    Nithin Nayak Sujir authored gregkh committed
    [ Upstream commit 9c13cb8 ]
    
    When netconsole is enabled, logging messages generated during tg3_open
    can result in a null pointer dereference for the uninitialized tg3
    status block. Use the irq_sync flag to disable polling in the early
    stages. irq_sync is cleared when the driver is enabling interrupts after
    all initialization is completed.
    
    Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
    Signed-off-by: Michael Chan <mchan@broadcom.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. @gregkh

    bridge: Pull ip header into skb->data before looking into ip header.

    Sarveshwar Bandi authored gregkh committed
    [ Upstream commit 6caab7b ]
    
    If lower layer driver leaves the ip header in the skb fragment, it needs to
    be first pulled into skb->data before inspecting ip header length or ip version
    number.
    
    Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  6. @gregkh

    tcp: fix for zero packets_in_flight was too broad

    Ilpo Järvinen authored gregkh committed
    [ Upstream commit 6731d20 ]
    
    There are transients during normal FRTO procedure during which
    the packets_in_flight can go to zero between write_queue state
    updates and firing the resulting segments out. As FRTO processing
    occurs during that window the check must be more precise to
    not match "spuriously" :-). More specificly, e.g., when
    packets_in_flight is zero but FLAG_DATA_ACKED is true the problematic
    branch that set cwnd into zero would not be taken and new segments
    might be sent out later.
    
    Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
    Tested-by: Eric Dumazet <edumazet@google.com>
    Acked-by: Neal Cardwell <ncardwell@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  7. @gregkh

    tcp: frto should not set snd_cwnd to 0

    Eric Dumazet authored gregkh committed
    [ Upstream commit 2e5f421 ]
    
    Commit 9dc2741 (tcp: fix ABC in tcp_slow_start())
    uncovered a bug in FRTO code :
    tcp_process_frto() is setting snd_cwnd to 0 if the number
    of in flight packets is 0.
    
    As Neal pointed out, if no packet is in flight we lost our
    chance to disambiguate whether a loss timeout was spurious.
    
    We should assume it was a proper loss.
    
    Reported-by: Pasi Kärkkäinen <pasik@iki.fi>
    Signed-off-by: Neal Cardwell <ncardwell@google.com>
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
    Cc: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  8. @gregkh

    netback: correct netbk_tx_err to handle wrap around.

    Ian Campbell authored gregkh committed
    [ Upstream commit b914972 ]
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Jan Beulich <JBeulich@suse.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  9. @gregkh

    xen/netback: free already allocated memory on failure in xen_netbk_ge…

    Ian Campbell authored gregkh committed
    …t_requests
    
    [ Upstream commit 4cc7c1c ]
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  10. @gregkh

    xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop.

    Matthew Daley authored gregkh committed
    [ Upstream commit 7d5145d ]
    
    Signed-off-by: Matthew Daley <mattjd@gmail.com>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Acked-by: Ian Campbell <ian.campbell@citrix.com>
    Acked-by: Jan Beulich <JBeulich@suse.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  11. @gregkh

    xen/netback: shutdown the ring if it contains garbage.

    Ian Campbell authored gregkh committed
    [ Upstream commit 4885628 ]
    
    A buggy or malicious frontend should not be able to confuse netback.
    If we spot anything which is not as it should be then shutdown the
    device and don't try to continue with the ring in a potentially
    hostile state. Well behaved and non-hostile frontends will not be
    penalised.
    
    As well as making the existing checks for such errors fatal also add a
    new check that ensures that there isn't an insane number of requests
    on the ring (i.e. more than would fit in the ring). If the ring
    contains garbage then previously is was possible to loop over this
    insane number, getting an error each time and therefore not generating
    any more pending requests and therefore not exiting the loop in
    xen_netbk_tx_build_gops for an externded period.
    
    Also turn various netdev_dbg calls which no precipitate a fatal error
    into netdev_err, they are rate limited because the device is shutdown
    afterwards.
    
    This fixes at least one known DoS/softlockup of the backend domain.
    
    Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Acked-by: Jan Beulich <JBeulich@suse.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  12. @borkmann @gregkh

    net: sctp: sctp_endpoint_free: zero out secret key data

    borkmann authored gregkh committed
    [ Upstream commit b5c37fe ]
    
    On sctp_endpoint_destroy, previously used sensitive keying material
    should be zeroed out before the memory is returned, as we already do
    with e.g. auth keys when released.
    
    Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
    Acked-by: Vlad Yasevich <vyasevic@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  13. @borkmann @gregkh

    net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree

    borkmann authored gregkh committed
    [ Upstream commit 6ba542a ]
    
    In sctp_setsockopt_auth_key, we create a temporary copy of the user
    passed shared auth key for the endpoint or association and after
    internal setup, we free it right away. Since it's sensitive data, we
    should zero out the key before returning the memory back to the
    allocator. Thus, use kzfree instead of kfree, just as we do in
    sctp_auth_key_put().
    
    Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  14. @gregkh

    sctp: refactor sctp_outq_teardown to insure proper re-initalization

    Neil Horman authored gregkh committed
    [ Upstream commit 2f94aab ]
    
    Jamie Parsons reported a problem recently, in which the re-initalization of an
    association (The duplicate init case), resulted in a loss of receive window
    space.  He tracked down the root cause to sctp_outq_teardown, which discarded
    all the data on an outq during a re-initalization of the corresponding
    association, but never reset the outq->outstanding_data field to zero.  I wrote,
    and he tested this fix, which does a proper full re-initalization of the outq,
    fixing this problem, and hopefully future proofing us from simmilar issues down
    the road.
    
    Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
    Reported-by: Jamie Parsons <Jamie.Parsons@metaswitch.com>
    Tested-by: Jamie Parsons <Jamie.Parsons@metaswitch.com>
    CC: Jamie Parsons <Jamie.Parsons@metaswitch.com>
    CC: Vlad Yasevich <vyasevich@gmail.com>
    CC: "David S. Miller" <davem@davemloft.net>
    CC: netdev@vger.kernel.org
    Acked-by: Vlad Yasevich <vyasevich@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  15. @gregkh

    atm/iphase: rename fregt_t -> ffreg_t

    Heiko Carstens authored gregkh committed
    [ Upstream commit ab54ee8 ]
    
    We have conflicting type qualifiers for "freg_t" in s390's ptrace.h and the
    iphase atm device driver, which causes the compile error below.
    Unfortunately the s390 typedef can't be renamed, since it's a user visible api,
    nor can I change the include order in s390 code to avoid the conflict.
    
    So simply rename the iphase typedef to a new name. Fixes this compile error:
    
    In file included from drivers/atm/iphase.c:66:0:
    drivers/atm/iphase.h:639:25: error: conflicting type qualifiers for 'freg_t'
    In file included from next/arch/s390/include/asm/ptrace.h:9:0,
                     from next/arch/s390/include/asm/lowcore.h:12,
                     from next/arch/s390/include/asm/thread_info.h:30,
                     from include/linux/thread_info.h:54,
                     from include/linux/preempt.h:9,
                     from include/linux/spinlock.h:50,
                     from include/linux/seqlock.h:29,
                     from include/linux/time.h:5,
                     from include/linux/stat.h:18,
                     from include/linux/module.h:10,
                     from drivers/atm/iphase.c:43:
    next/arch/s390/include/uapi/asm/ptrace.h:197:3: note: previous declaration of 'freg_t' was here
    
    Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Acked-by: chas williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  16. @gregkh

    packet: fix leakage of tx_ring memory

    Phil Sutter authored gregkh committed
    [ Upstream commit 9665d5d ]
    
    When releasing a packet socket, the routine packet_set_ring() is reused
    to free rings instead of allocating them. But when calling it for the
    first time, it fills req->tp_block_nr with the value of rb->pg_vec_len
    which in the second invocation makes it bail out since req->tp_block_nr
    is greater zero but req->tp_block_size is zero.
    
    This patch solves the problem by passing a zeroed auto-variable to
    packet_set_ring() upon each invocation from packet_release().
    
    As far as I can tell, this issue exists even since 69e3c75 (net: TX_RING
    and packet mmap), i.e. the original inclusion of TX ring support into
    af_packet, but applies only to sockets with both RX and TX ring
    allocated, which is probably why this was unnoticed all the time.
    
    Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
    Cc: Johann Baudy <johann.baudy@gnu-log.net>
    Cc: Daniel Borkmann <dborkman@redhat.com>
    Acked-by: Daniel Borkmann <dborkman@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  17. @davem330 @gregkh

    via-rhine: Fix bugs in NAPI support.

    davem330 authored gregkh committed
    [ Upstream commit 559bcac ]
    
    1) rhine_tx() should use dev_kfree_skb() not dev_kfree_skb_irq()
    
    2) rhine_slow_event_task's NAPI triggering logic is racey, it
       should just hit the interrupt mask register.  This is the
       same as commit 7dbb491
       ("r8169: avoid NAPI scheduling delay.") made to fix the same
       problem in the r8169 driver.  From Francois Romieu.
    
    Reported-by: Jamie Gloudon <jamie.gloudon@gmail.com>
    Tested-by: Jamie Gloudon <jamie.gloudon@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  18. @gregkh

    ipv6: do not create neighbor entries for local delivery

    Marcelo Ricardo Leitner authored gregkh committed
    [ Upstream commit bd30e94 ]
    
    They will be created at output, if ever needed. This avoids creating
    empty neighbor entries when TPROXYing/Forwarding packets for addresses
    that are not even directly reachable.
    
    Note that IPv4 already handles it this way. No neighbor entries are
    created for local input.
    
    Tested by myself and customer.
    
    Signed-off-by: Jiri Pirko <jiri@resnulli.us>
    Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19. @gregkh

    pktgen: correctly handle failures when adding a device

    Cong Wang authored gregkh committed
    [ Upstream commit 604dfd6 ]
    
    The return value of pktgen_add_device() is not checked, so
    even if we fail to add some device, for example, non-exist one,
    we still see "OK:...". This patch fixes it.
    
    After this patch, I got:
    
    	# echo "add_device non-exist" > /proc/net/pktgen/kpktgend_0
    	-bash: echo: write error: No such device
    	# cat /proc/net/pktgen/kpktgend_0
    	Running:
    	Stopped:
    	Result: ERROR: can not add device non-exist
    	# echo "add_device eth0" > /proc/net/pktgen/kpktgend_0
    	# cat /proc/net/pktgen/kpktgend_0
    	Running:
    	Stopped: eth0
    	Result: OK: add_device=eth0
    
    (Candidate for -stable)
    
    Cc: David S. Miller <davem@davemloft.net>
    Signed-off-by: Cong Wang <amwang@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20. @gregkh

    net: loopback: fix a dst refcounting issue

    Eric Dumazet authored gregkh committed
    [ Upstream commit 794ed39 ]
    
    Ben Greear reported crashes in ip_rcv_finish() on a stress
    test involving many macvlans.
    
    We tracked the bug to a dst use after free. ip_rcv_finish()
    was calling dst->input() and got garbage for dst->input value.
    
    It appears the bug is in loopback driver, lacking
    a skb_dst_force() before calling netif_rx().
    
    As a result, a non refcounted dst, normally protected by a
    RCU read_lock section, was escaping this section and could
    be freed before the packet being processed.
    
      [<ffffffff813a3c4d>] loopback_xmit+0x64/0x83
      [<ffffffff81477364>] dev_hard_start_xmit+0x26c/0x35e
      [<ffffffff8147771a>] dev_queue_xmit+0x2c4/0x37c
      [<ffffffff81477456>] ? dev_hard_start_xmit+0x35e/0x35e
      [<ffffffff8148cfa6>] ? eth_header+0x28/0xb6
      [<ffffffff81480f09>] neigh_resolve_output+0x176/0x1a7
      [<ffffffff814ad835>] ip_finish_output2+0x297/0x30d
      [<ffffffff814ad6d5>] ? ip_finish_output2+0x137/0x30d
      [<ffffffff814ad90e>] ip_finish_output+0x63/0x68
      [<ffffffff814ae412>] ip_output+0x61/0x67
      [<ffffffff814ab904>] dst_output+0x17/0x1b
      [<ffffffff814adb6d>] ip_local_out+0x1e/0x23
      [<ffffffff814ae1c4>] ip_queue_xmit+0x315/0x353
      [<ffffffff814adeaf>] ? ip_send_unicast_reply+0x2cc/0x2cc
      [<ffffffff814c018f>] tcp_transmit_skb+0x7ca/0x80b
      [<ffffffff814c3571>] tcp_connect+0x53c/0x587
      [<ffffffff810c2f0c>] ? getnstimeofday+0x44/0x7d
      [<ffffffff810c2f56>] ? ktime_get_real+0x11/0x3e
      [<ffffffff814c6f9b>] tcp_v4_connect+0x3c2/0x431
      [<ffffffff814d6913>] __inet_stream_connect+0x84/0x287
      [<ffffffff814d6b38>] ? inet_stream_connect+0x22/0x49
      [<ffffffff8108d695>] ? _local_bh_enable_ip+0x84/0x9f
      [<ffffffff8108d6c8>] ? local_bh_enable+0xd/0x11
      [<ffffffff8146763c>] ? lock_sock_nested+0x6e/0x79
      [<ffffffff814d6b38>] ? inet_stream_connect+0x22/0x49
      [<ffffffff814d6b49>] inet_stream_connect+0x33/0x49
      [<ffffffff814632c6>] sys_connect+0x75/0x98
    
    This bug was introduced in linux-2.6.35, in commit
    7fee226 (net: add a noref bit on skb dst)
    
    skb_dst_force() is enforced in dev_queue_xmit() for devices having a
    qdisc.
    
    Reported-by: Ben Greear <greearb@candelatech.com>
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Tested-by: Ben Greear <greearb@candelatech.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21. @fabled @gregkh

    r8169: remove the obsolete and incorrect AMD workaround

    fabled authored gregkh committed
    [ Upstream commit 5d0feaf ]
    
    This was introduced in commit 6dccd16 "r8169: merge with version
    6.001.00 of Realtek's r8169 driver". I did not find the version
    6.001.00 online, but in 6.002.00 or any later r8169 from Realtek
    this hunk is no longer present.
    
    Also commit 05af214 "r8169: fix Ethernet Hangup for RTL8110SC
    rev d" claims to have fixed this issue otherwise.
    
    The magic compare mask of 0xfffe000 is dubious as it masks
    parts of the Reserved part, and parts of the VLAN tag. But this
    does not make much sense as the VLAN tag parts are perfectly
    valid there. In matter of fact this seems to be triggered with
    any VLAN tagged packet as RxVlanTag bit is matched. I would
    suspect 0xfffe0000 was intended to test reserved part only.
    
    Finally, this hunk is evil as it can cause more packets to be
    handled than what was NAPI quota causing net/core/dev.c:
    net_rx_action(): WARN_ON_ONCE(work > weight) to trigger, and
    mess up the NAPI state causing device to hang.
    
    As result, any system using VLANs and having high receive
    traffic (so that NAPI poll budget limits rtl_rx) would result
    in device hang.
    
    Signed-off-by: Timo Teräs <timo.teras@iki.fi>
    Acked-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22. @gregkh

    netxen: fix off by one bug in netxen_release_tx_buffer()

    Eric Dumazet authored gregkh committed
    [ Upstream commit a05948f ]
    
    Christoph Paasch found netxen could trigger a BUG in its dismantle
    phase, in netxen_release_tx_buffer(), using full size TSO packets.
    
    cmd_buf->frag_count includes the skb->data part, so the loop must
    start at index 1 instead of 0, or else we can make an out
    of bound access to cmd_buff->frag_array[MAX_SKB_FRAGS + 2]
    
    Christoph provided the fixes in netxen_map_tx_skb() function.
    In case of a dma mapping error, its better to clear the dma fields
    so that we don't try to unmap them again in netxen_release_tx_buffer()
    
    Reported-by: Christoph Paasch <christoph.paasch@uclouvain.be>
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Tested-by: Christoph Paasch <christoph.paasch@uclouvain.be>
    Cc: Sony Chacko <sony.chacko@qlogic.com>
    Cc: Rajesh Borundia <rajesh.borundia@qlogic.com>
    Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  23. @gregkh

    isdn/gigaset: fix zero size border case in debug dump

    Tilman Schmidt authored gregkh committed
    [ Upstream commit d721a17 ]
    
    If subtracting 12 from l leaves zero we'd do a zero size allocation,
    leading to an oops later when we try to set the NUL terminator.
    
    Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Tilman Schmidt <tilman@imap.cc>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  24. @gregkh

    net/mlx4_core: Set number of msix vectors under SRIOV mode to firmwar…

    Or Gerlitz authored gregkh committed
    …e defaults
    
    [ Upstream commit ca4c7b3 ]
    
    The lines
    
    	if (mlx4_is_mfunc(dev)) {
    		nreq = 2;
    	} else {
    
    which hard code the number of requested msi-x vectors under multi-function
    mode to two can be removed completely, since the firmware sets num_eqs and
    reserved_eqs appropriately Thus, the code line:
    
    	nreq = min_t(int, dev->caps.num_eqs - dev->caps.reserved_eqs, nreq);
    
    is by itself sufficient and correct for all cases. Currently, for mfunc
    mode num_eqs = 32 and reserved_eqs = 28, hence four vectors will be enabled.
    
    This triples (one vector is used for the async events and commands EQ) the
    horse power provided for processing of incoming packets on netdev RSS scheme,
    IO initiators/targets commands processing flows, etc.
    
    Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
    Signed-off-by: Amir Vadai <amirv@mellanox.com>
    Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  25. @yanburman @gregkh

    net/mlx4_en: Fix bridged vSwitch configuration for non SRIOV mode

    yanburman authored gregkh committed
    [ Upstream commit 213815a ]
    
    Commit 5b4c4d3 "mlx4_en: Allow communication between functions on
    same host" introduced a regression under which a bridge acting as vSwitch
    whose uplink is an mlx4 Ethernet device become non-operative in native
    (non sriov) mode. This happens since broadcast ARP requests sent by VMs
    were loopback-ed by the HW and hence the bridge learned VM source MACs
    on both the VM and the uplink ports.
    
    The fix is to place the DMAC in the send WQE only under SRIOV/eSwitch
    configuration or when the device is in selftest.
    
    Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
    Signed-off-by: Yan Burman <yanb@mellanox.com>
    Signed-off-by: Amir Vadai <amirv@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26. @gregkh

    net: calxedaxgmac: throw away overrun frames

    Rob Herring authored gregkh committed
    [ Upstream commit d6fb3be ]
    
    The xgmac driver assumes 1 frame per descriptor. If a frame larger than
    the descriptor's buffer size is received, the frame will spill over into
    the next descriptor. So check for received frames that span more than one
    descriptor and discard them. This prevents a crash if we receive erroneous
    large packets.
    
    Signed-off-by: Rob Herring <rob.herring@calxeda.com>
    Cc: netdev@vger.kernel.org
    Cc: linux-kernel@vger.kernel.org
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  27. @ipflavors @gregkh

    ipv6: fix header length calculation in ip6_append_data()

    ipflavors authored gregkh committed
    [ Upstream commit 7efdba5 ]
    
    Commit 299b076 (ipv6: Fix IPsec slowpath fragmentation problem)
    has introduced a error in the header length calculation that
    provokes corrupted packets when non-fragmentable extensions
    headers (Destination Option or Routing Header Type 2) are used.
    
    rt->rt6i_nfheader_len is the length of the non-fragmentable
    extension header, and it should be substracted to
    rt->dst.header_len, and not to exthdrlen, as it was done before
    commit 299b076.
    
    This patch reverts to the original and correct behavior. It has
    been successfully tested with and without IPsec on packets
    that include non-fragmentable extensions headers.
    
    Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com>
    Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  28. @gregkh

    MAINTAINERS: Stephen Hemminger email change

    Stephen Hemminger authored gregkh committed
    [ Upstream commit adbbf69 ]
    
    I changed my email because the vyatta.com mail server is now
    redirected to brocade.com; and the Brocade mail system
    is not friendly to Linux desktop users.
    
    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  29. @ipflavors @gregkh

    ipv6: fix the noflags test in addrconf_get_prefix_route

    ipflavors authored gregkh committed
    [ Upstream commit 85da53b ]
    
    The tests on the flags in addrconf_get_prefix_route() does no make
    much sense: the 'noflags' parameter contains the set of flags that
    must not match with the route flags, so the test must be done
    against 'noflags', and not against 'flags'.
    
    Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com>
    Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  30. @congwang @gregkh

    net: prevent setting ttl=0 via IP_TTL

    congwang authored gregkh committed
    [ Upstream commit c9be4a5 ]
    
    A regression is introduced by the following commit:
    
    	commit 4d52cfb
    	Author: Eric Dumazet <eric.dumazet@gmail.com>
    	Date:   Tue Jun 2 00:42:16 2009 -0700
    
    	    net: ipv4/ip_sockglue.c cleanups
    
    	    Pure cleanups
    
    but it is not a pure cleanup...
    
    	-               if (val != -1 && (val < 1 || val>255))
    	+               if (val != -1 && (val < 0 || val > 255))
    
    Since there is no reason provided to allow ttl=0, change it back.
    
    Reported-by: nitin padalia <padalia.nitin@gmail.com>
    Cc: nitin padalia <padalia.nitin@gmail.com>
    Cc: Eric Dumazet <eric.dumazet@gmail.com>
    Cc: David S. Miller <davem@davemloft.net>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  31. @mfleming @gregkh

    samsung-laptop: Disable on EFI hardware

    mfleming authored gregkh committed
    commit e009424 upstream.
    
    It has been reported that running this driver on some Samsung laptops
    with EFI can cause those machines to become bricked as detailed in the
    following report,
    
    	https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557
    
    There have also been reports of this driver causing Machine Check
    Exceptions on recent EFI-enabled Samsung laptops,
    
    	https://bugzilla.kernel.org/show_bug.cgi?id=47121
    
    So disable it if booting from EFI since this driver relies on
    grovelling around in the BIOS memory map which isn't going to work.
    
    Signed-off-by: Matt Fleming <matt.fleming@intel.com>
    Cc: Corentin Chary <corentincj@iksaif.net>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Cc: Colin Ian King <colin.king@canonical.com>
    Cc: Steve Langasek <steve.langasek@canonical.com>
    Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  32. @mfleming @gregkh

    efi: Make 'efi_enabled' a function to query EFI facilities

    mfleming authored gregkh committed
    commit 83e6818 upstream.
    
    Originally 'efi_enabled' indicated whether a kernel was booted from
    EFI firmware. Over time its semantics have changed, and it now
    indicates whether or not we are booted on an EFI machine with
    bit-native firmware, e.g. 64-bit kernel with 64-bit firmware.
    
    The immediate motivation for this patch is the bug report at,
    
        https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557
    
    which details how running a platform driver on an EFI machine that is
    designed to run under BIOS can cause the machine to become
    bricked. Also, the following report,
    
        https://bugzilla.kernel.org/show_bug.cgi?id=47121
    
    details how running said driver can also cause Machine Check
    Exceptions. Drivers need a new means of detecting whether they're
    running on an EFI machine, as sadly the expression,
    
        if (!efi_enabled)
    
    hasn't been a sufficient condition for quite some time.
    
    Users actually want to query 'efi_enabled' for different reasons -
    what they really want access to is the list of available EFI
    facilities.
    
    For instance, the x86 reboot code needs to know whether it can invoke
    the ResetSystem() function provided by the EFI runtime services, while
    the ACPI OSL code wants to know whether the EFI config tables were
    mapped successfully. There are also checks in some of the platform
    driver code to simply see if they're running on an EFI machine (which
    would make it a bad idea to do BIOS-y things).
    
    This patch is a prereq for the samsung-laptop fix patch.
    
    Signed-off-by: Matt Fleming <matt.fleming@intel.com>
    Cc: David Airlie <airlied@linux.ie>
    Cc: Corentin Chary <corentincj@iksaif.net>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Cc: Dave Jiang <dave.jiang@intel.com>
    Cc: Olof Johansson <olof@lixom.net>
    Cc: Peter Jones <pjones@redhat.com>
    Cc: Colin Ian King <colin.king@canonical.com>
    Cc: Steve Langasek <steve.langasek@canonical.com>
    Cc: Tony Luck <tony.luck@intel.com>
    Cc: Konrad Rzeszutek Wilk <konrad@kernel.org>
    Cc: Rafael J. Wysocki <rjw@sisk.pl>
    Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  33. @jhedberg @gregkh

    Bluetooth: Fix handling of unexpected SMP PDUs

    jhedberg authored gregkh committed
    commit 8cf9fa1 upstream.
    
    The conn->smp_chan pointer can be NULL if SMP PDUs arrive at unexpected
    moments. To avoid NULL pointer dereferences the code should be checking
    for this and disconnect if an unexpected SMP PDU arrives. This patch
    fixes the issue by adding a check for conn->smp_chan for all other PDUs
    except pairing request and security request (which are are the first
    PDUs to come to initialize the SMP context).
    
    Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
    Acked-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  34. @gregkh

    kernel/resource.c: fix stack overflow in __reserve_region_with_split()

    T Makphaibulchoke authored gregkh committed
    commit 4965f56 upstream.
    
    Using a recursive call add a non-conflicting region in
    __reserve_region_with_split() could result in a stack overflow in the case
    that the recursive calls are too deep.  Convert the recursive calls to an
    iterative loop to avoid the problem.
    
    Tested on a machine containing 135 regions.  The kernel no longer panicked
    with stack overflow.
    
    Also tested with code arbitrarily adding regions with no conflict,
    embedding two consecutive conflicts and embedding two non-consecutive
    conflicts.
    
    Signed-off-by: T Makphaibulchoke <tmac@hp.com>
    Reviewed-by: Ram Pai <linuxram@us.ibm.com>
    Cc: Paul Gortmaker <paul.gortmaker@gmail.com>
    Cc: Wei Yang <weiyang@linux.vnet.ibm.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Jiri Slaby <jslaby@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  35. @gregkh

    virtio_console: Don't access uninitialized data.

    Sjur Brændeland authored gregkh committed
    commit aded024 upstream.
    
    Don't access uninitialized work-queue when removing device.
    The work queue is initialized only if the device multi-queue.
    So don't call cancel_work unless this is a multi-queue device.
    
    This fixes the following panic:
    
    Kernel panic - not syncing: BUG!
    Call Trace:
    62031b28:  [<6026085d>] panic+0x16b/0x2d3
    62031b30:  [<6004ef5e>] flush_work+0x0/0x1d7
    62031b60:  [<602606f2>] panic+0x0/0x2d3
    62031b68:  [<600333b0>] memcpy+0x0/0x140
    62031b80:  [<6002d58a>] unblock_signals+0x0/0x84
    62031ba0:  [<602609c5>] printk+0x0/0xa0
    62031bd8:  [<60264e51>] __mutex_unlock_slowpath+0x13d/0x148
    62031c10:  [<6004ef5e>] flush_work+0x0/0x1d7
    62031c18:  [<60050234>] try_to_grab_pending+0x0/0x17e
    62031c38:  [<6004e984>] get_work_gcwq+0x71/0x8f
    62031c48:  [<60050539>] __cancel_work_timer+0x5b/0x115
    62031c78:  [<628acc85>] unplug_port+0x0/0x191 [virtio_console]
    62031c98:  [<6005061c>] cancel_work_sync+0x12/0x14
    62031ca8:  [<628ace96>] virtcons_remove+0x80/0x15c [virtio_console]
    62031ce8:  [<628191de>] virtio_dev_remove+0x1e/0x7e [virtio]
    62031d08:  [<601cf242>] __device_release_driver+0x75/0xe4
    62031d28:  [<601cf2dd>] device_release_driver+0x2c/0x40
    62031d48:  [<601ce0dd>] driver_unbind+0x7d/0xc6
    62031d88:  [<601cd5d9>] drv_attr_store+0x27/0x29
    62031d98:  [<60115f61>] sysfs_write_file+0x100/0x14d
    62031df8:  [<600b737d>] vfs_write+0xcb/0x184
    62031e08:  [<600b58b8>] filp_close+0x88/0x94
    62031e38:  [<600b7686>] sys_write+0x59/0x88
    62031e88:  [<6001ced1>] handle_syscall+0x5d/0x80
    62031ea8:  [<60030a74>] userspace+0x405/0x531
    62031f08:  [<600d32cc>] sys_dup+0x0/0x5e
    62031f28:  [<601b11d6>] strcpy+0x0/0x18
    62031f38:  [<600be46c>] do_execve+0x10/0x12
    62031f48:  [<600184c7>] run_init_process+0x43/0x45
    62031fd8:  [<60019a91>] new_thread_handler+0xba/0xbc
    
    Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com>
    Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Something went wrong with that request. Please try again.