1. 21 Sep, 2012 3 commits
    • Ed Cashin's avatar
      net: do not disable sg for packets requiring no checksum · c0d680e5
      Ed Cashin authored
      A change in a series of VLAN-related changes appears to have
      inadvertently disabled the use of the scatter gather feature of
      network cards for transmission of non-IP ethernet protocols like ATA
      over Ethernet (AoE).  Below is a reference to the commit that
      introduces a "harmonize_features" function that turns off scatter
      gather when the NIC does not support hardware checksumming for the
      ethernet protocol of an sk buff.
      
        commit f01a5236
        Author: Jesse Gross <jesse@nicira.com>
        Date:   Sun Jan 9 06:23:31 2011 +0000
      
            net offloading: Generalize netif_get_vlan_features().
      
      The can_checksum_protocol function is not equipped to consider a
      protocol that does not require checksumming.  Calling it for a
      protocol that requires no checksum is inappropriate.
      
      The patch below has harmonize_features call can_checksum_protocol when
      the protocol needs a checksum, so that the network layer is not forced
      to perform unnecessary skb linearization on the transmission of AoE
      packets.  Unnecessary linearization results in decreased performance
      and increased memory pressure, as reported here:
      
        http://www.spinics.net/lists/linux-mm/msg15184.html
      
      The problem has probably not been widely experienced yet, because
      only recently has the kernel.org-distributed aoe driver acquired the
      ability to use payloads of over a page in size, with the patchset
      recently included in the mm tree:
      
        https://lkml.org/lkml/2012/8/28/140
      
      The coraid.com-distributed aoe driver already could use payloads of
      greater than a page in size, but its users generally do not use the
      newest kernels.
      Signed-off-by: default avatarEd Cashin <ecashin@coraid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0d680e5
    • Ed Cashin's avatar
      aoe: assert AoE packets marked as requiring no checksum · 8babe8cc
      Ed Cashin authored
      In order for the network layer to see that AoE requires
      no checksumming in a generic way, the packets must be
      marked as requiring no checksum, so we make this requirement
      explicit with the assertion.
      Signed-off-by: default avatarEd Cashin <ecashin@coraid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8babe8cc
    • Devendra Naga's avatar
      at91ether: return PTR_ERR if call to clk_get fails · 3cfc1590
      Devendra Naga authored
      we are currently returning ENODEV, as the clk_get may give a exact
      error code in its returned pointer, assign it to the ret by using the
      PTR_ERR function, so that the subsequent goto label will jump to the
      error path and clean the driver and return the error correctly.
      Signed-off-by: default avatarDevendra Naga <devendra.aaru@gmail.com>
      Acked-by: default avatarNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3cfc1590
  2. 20 Sep, 2012 8 commits
    • Mathias Krause's avatar
      xfrm_user: don't copy esn replay window twice for new states · e3ac104d
      Mathias Krause authored
      The ESN replay window was already fully initialized in
      xfrm_alloc_replay_state_esn(). No need to copy it again.
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3ac104d
    • Mathias Krause's avatar
      xfrm_user: ensure user supplied esn replay window is valid · ecd79187
      Mathias Krause authored
      The current code fails to ensure that the netlink message actually
      contains as many bytes as the header indicates. If a user creates a new
      state or updates an existing one but does not supply the bytes for the
      whole ESN replay window, the kernel copies random heap bytes into the
      replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
      netlink attribute. This leads to following issues:
      
      1. The replay window has random bits set confusing the replay handling
         code later on.
      
      2. A malicious user could use this flaw to leak up to ~3.5kB of heap
         memory when she has access to the XFRM netlink interface (requires
         CAP_NET_ADMIN).
      
      Known users of the ESN replay window are strongSwan and Steffen's
      iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
      uses the interface with a bitmap supplied while the former does not.
      strongSwan is therefore prone to run into issue 1.
      
      To fix both issues without breaking existing userland allow using the
      XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
      fully specified one. For the former case we initialize the in-kernel
      bitmap with zero, for the latter we copy the user supplied bitmap. For
      state updates the full bitmap must be supplied.
      
      To prevent overflows in the bitmap length calculation the maximum size
      of bmp_len is limited to 128 by this patch -- resulting in a maximum
      replay window of 4096 packets. This should be sufficient for all real
      life scenarios (RFC 4303 recommends a default replay window size of 64).
      
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Martin Willi <martin@revosec.ch>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ecd79187
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_tmpl() · 1f86840f
      Mathias Krause authored
      The memory used for the template copy is a local stack variable. As
      struct xfrm_user_tmpl contains multiple holes added by the compiler for
      alignment, not initializing the memory will lead to leaking stack bytes
      to userland. Add an explicit memset(0) to avoid the info leak.
      
      Initial version of the patch by Brad Spengler.
      
      Cc: Brad Spengler <spender@grsecurity.net>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f86840f
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_policy() · 7b789836
      Mathias Krause authored
      The memory reserved to dump the xfrm policy includes multiple padding
      bytes added by the compiler for alignment (padding bytes in struct
      xfrm_selector and struct xfrm_userpolicy_info). Add an explicit
      memset(0) before filling the buffer to avoid the heap info leak.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7b789836
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_state() · f778a636
      Mathias Krause authored
      The memory reserved to dump the xfrm state includes the padding bytes of
      struct xfrm_usersa_info added by the compiler for alignment (7 for
      amd64, 3 for i386). Add an explicit memset(0) before filling the buffer
      to avoid the info leak.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f778a636
    • Mathias Krause's avatar
      xfrm_user: fix info leak in copy_to_user_auth() · 4c87308b
      Mathias Krause authored
      copy_to_user_auth() fails to initialize the remainder of alg_name and
      therefore discloses up to 54 bytes of heap memory via netlink to
      userland.
      
      Use strncpy() instead of strcpy() to fill the trailing bytes of alg_name
      with null bytes.
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c87308b
    • Bjørn Mork's avatar
      net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200 · 9db273f4
      Bjørn Mork authored
      One of the modes of Huawei E367 has this QMI/wwan interface:
      
       I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=07 Driver=(none)
       E:  Ad=83(I) Atr=03(Int.) MxPS=  64 Ivl=2ms
       E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
       E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
      
      Huawei use subclass and protocol to identify vendor specific
      functions, so adding a new vendor rule for this combination.
      
      The Pantech devices UML290 (106c:3718) and P4200 (106c:3721) use
      the same subclass to identify the QMI/wwan function.  Replace the
      existing device specific UML290 entries with generic vendor matching,
      adding support for the Pantech P4200.
      
      The ZTE MF683 has 6 vendor specific interfaces, all using
      ff/ff/ff for cls/sub/prot.  Adding a match on interface #5 which
      is a QMI/wwan interface.
      
      Cc: Fangxiaozhi (Franko) <fangxiaozhi@huawei.com>
      Cc: Thomas Schäfer <tschaefer@t-online.de>
      Cc: Dan Williams <dcbw@redhat.com>
      Cc: Shawn J. Goff <shawn7400@gmail.com>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9db273f4
    • Andrey Vagin's avatar
      tcp: restore rcv_wscale in a repair mode (v2) · bc26ccd8
      Andrey Vagin authored
      rcv_wscale is a symetric parameter with snd_wscale.
      
      Both this parameters are set on a connection handshake.
      
      Without this value a remote window size can not be interpreted correctly,
      because a value from a packet should be shifted on rcv_wscale.
      
      And one more thing is that wscale_ok should be set too.
      
      This patch doesn't break a backward compatibility.
      If someone uses it in a old scheme, a rcv window
      will be restored with the same bug (rcv_wscale = 0).
      
      v2: Save backward compatibility on big-endian system. Before
          the first two bytes were snd_wscale and the second two bytes were
          rcv_wscale. Now snd_wscale is opt_val & 0xFFFF and rcv_wscale >> 16.
          This approach is independent on byte ordering.
      
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
      Cc: James Morris <jmorris@namei.org>
      Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
      Cc: Patrick McHardy <kaber@trash.net>
      CC: Pavel Emelyanov <xemul@parallels.com>
      Signed-off-by: default avatarAndrew Vagin <avagin@openvz.org>
      Acked-by: default avatarPavel Emelyanov <xemul@parallels.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc26ccd8
  3. 19 Sep, 2012 5 commits
  4. 18 Sep, 2012 14 commits
  5. 17 Sep, 2012 1 commit
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · a1f6d8f7
      David S. Miller authored
      John W. Linville says:
      
      ====================
      This is a batch of fixes intended for the 3.6 stream.
      
      Arend van Spriel sends a simple thinko fix to correct a constant,
      preventing the setting of an invalid power level.
      
      Colin Ian King gives us a simple allocation failure check to avoid a
      NULL pointer dereference.
      
      Felix Fietkau sends another ath9k tx power patch, this time disabling a
      feature that has been reported to cause rx problems.
      
      Hante Meuleman provides a pair of endian fixes for brcmfmac.
      
      Larry Finger offers an rtlwifi fix that avoids a system lockup related
      to loading the wrong firmware for RTL8188CE devices.
      
      These have been in linux-next for a few days and I think they should be
      included in the final 3.6 kernel if possible.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1f6d8f7
  6. 15 Sep, 2012 9 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes · 3f0c3c8f
      Linus Torvalds authored
      Pull GFS2 fixes from Steven Whitehouse:
       "Here are three GFS2 fixes for the current kernel tree.  These are all
        related to the block reservation code which was added at the merge
        window.  That code will be getting an update at the forthcoming merge
        window too.  In the mean time though there are a few smaller issues
        which should be fixed.
      
        The first patch resolves an issue with write sizes of greater than 32
        bits with the size hinting code.  The second ensures that the
        allocation data structure is initialised when using xattrs and the
        third takes into account allocations which may have been made by other
        nodes which affect a reservation on the local node."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
        GFS2: Take account of blockages when using reserved blocks
        GFS2: Fix missing allocation data for set/remove xattr
        GFS2: Make write size hinting code common
      3f0c3c8f
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86 · 9cb0ee85
      Linus Torvalds authored
      Pull x86 platform driver updates from Matthew Garrett:
       "A few small updates for 3.6 - a trivial regression fix and a couple of
        conformance updates for the gmux driver, plus some tiny fixes for
        asus-wmi, eeepc-laptop and thinkpad_acpi."
      
      * 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86:
        thinkpad_acpi: buffer overflow in fan_get_status()
        eeepc-laptop: fix device reference count leakage in eeepc_rfkill_hotplug()
        platform/x86: fix asus_laptop.wled_type description
        asus-laptop: HRWS/HWRS typo
        drivers-platform-x86: remove useless #ifdef CONFIG_ACPI_VIDEO
        apple-gmux: Fix port address calculation in gmux_pio_write32()
        apple-gmux: Fix index read functions
        apple-gmux: Obtain version info from indexed gmux
      9cb0ee85
    • Linus Torvalds's avatar
      Merge branch 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux · 5b799dde
      Linus Torvalds authored
      Pull i2c embedded fixes from Wolfram Sang:
       "The last bunch of (typical) i2c-embedded driver fixes for 3.6.
      
        Also update the MAINTAINERS file to point to my tree since people keep
        asking where to find their patches."
      
      * 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux:
        i2c: algo: pca: Fix mode selection for PCA9665
        MAINTAINERS: fix tree for current i2c-embedded development
        i2c: mxs: correctly setup speed for non devicetree
        i2c: pnx: Fix read transactions of >= 2 bytes
        i2c: pnx: Fix bit definitions
      5b799dde
    • Linus Torvalds's avatar
      Merge tag 'ecryptfs-3.6-rc6-fixes' of... · 1547cb80
      Linus Torvalds authored
      Merge tag 'ecryptfs-3.6-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
      
      Pull ecryptfs fixes from Tyler Hicks:
      
       - Fixes a regression, introduced in 3.6-rc1, when a file is closed
         before its shared memory mapping is dirtied and unmapped.  The lower
         file was being released when the eCryptfs file was closed and the
         dirtied pages could not be written out.
       - Adds a call to the lower filesystem's ->flush() from
         ecryptfs_flush().
       - Fixes a regression, introduced in 2.6.39, when a file is renamed on
         top of another file.  The target file's inode was not being evicted
         and the space taken by the file was not reclaimed until eCryptfs was
         unmounted.
      
      * tag 'ecryptfs-3.6-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
        eCryptfs: Copy up attributes of the lower target inode after rename
        eCryptfs: Call lower ->flush() from ecryptfs_flush()
        eCryptfs: Write out all dirty pages just before releasing the lower file
      1547cb80
    • Linus Torvalds's avatar
      Merge branch 'fixes-for-3.6' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping · 1568d9f4
      Linus Torvalds authored
      Pull one more DMA-mapping fix from Marek Szyprowski:
       "This patch fixes very subtle bug (typical off-by-one error) which
        might appear in very rare circumstances."
      
      * 'fixes-for-3.6' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping:
        arm: mm: fix DMA pool affiliation check
      1568d9f4
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging · 1c23ce72
      Linus Torvalds authored
      Pull hwmon fixes from Guenter Roeck:
       "Fix word size register read and write operations in ina2xx driver, and
        initialize uninitialized structure elements in twl4030-madc-hwmon
        driver."
      
      * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (ina2xx) Fix word size register read and write operations
        hwmon: (twl4030-madc-hwmon) Initialize uninitialized structure elements
      1c23ce72
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · dd383af6
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "I realise this a bit bigger than I would want at this point.
      
        Exynos is a large chunk, I got them to half what they wanted already,
        and hey its ARM based, so not going to hurt many people.
      
        Radeon has only two fixes, but the PLL fixes were a bit bigger, but
        required for a lot of scenarios, the fence fix is really urgent.
      
        vmwgfx: I've pulled in a dumb ioctl support patch that I was going to
        shove in later and cc stable, but we need it asap, its mainly to stop
        mesa growing a really ugly dependency in userspace to run stuff on
        vmware, and if I don't stick it in the kernel now, everyone will have
        to ship ugly userspace libs to workaround it.
      
        nouveau: single urgent fix found in F18 testing, causes X to not start
        properly when f18 plymouth is used
      
        i915: smattering of fixes and debug quieting
      
        gma500: single regression fix
      
        So as I said a bit large, but its fairly well scattered and its all
        stuff I'll be shipping in F18's 3.6 kernel."
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (26 commits)
        drm/nouveau: fix booting with plymouth + dumb support
        drm/radeon: make 64bit fences more robust v3
        drm/radeon: rework pll selection (v3)
        drm: Drop the NV12M and YUV420M formats
        drm/exynos: remove DRM_FORMAT_NV12M from plane module
        drm/exynos: fix double call of drm_prime_(init/destroy)_file_private
        drm/exynos: add dummy support for dmabuf-mmap
        drm/exynos: Add missing braces around sizeof in exynos_mixer.c
        drm/exynos: Add missing braces around sizeof in exynos_hdmi.c
        drm/exynos: Make g2d_pm_ops static
        drm/exynos: Add dependency for G2D in Kconfig
        drm/exynos: fixed page align bug.
        drm/exynos: Use ERR_CAST inlined function instead of ERR_PTR(PTR_ERR(.. [1]
        drm/exynos: Use devm_* functions in exynos_drm_g2d.c file
        drm/exynos: Use devm_kzalloc in exynos_drm_hdmi.c file
        drm/exynos: Use devm_kzalloc in exynos_drm_vidi.c file
        drm/exynos: Remove redundant check in exynos_drm_fimd.c file
        drm/exynos: Remove redundant check in exynos_hdmi.c file
        vmwgfx: add dumb ioctl support
        gma500: Fix regression on Oaktrail devices
        ...
      dd383af6
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 889cb3b9
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Smaller fixlets"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched: Fix kernel-doc warnings in kernel/sched/fair.c
        sched: Unthrottle rt runqueues in __disable_runtime()
        sched: Add missing call to calc_load_exit_idle()
        sched: Fix load avg vs cpu-hotplug
      889cb3b9
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7ef6e973
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "This tree includes various fixes"
      
      Ingo really needs to improve on the whole "explain git pull" part.
      "Various fixes" indeed.
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/hwpb: Invoke __perf_event_disable() if interrupts are already disabled
        perf/x86: Enable Intel Cedarview Atom suppport
        perf_event: Switch to internal refcount, fix race with close()
        oprofile, s390: Fix uninitialized memory access when writing to oprofilefs
        perf/x86: Fix microcode revision check for SNB-PEBS
      7ef6e973