1. 09 Apr, 2012 12 commits
    • Eric Paris's avatar
      SELinux: delay initialization of audit data in selinux_inode_permission · 2e334057
      Eric Paris authored
      We pay a rather large overhead initializing the common_audit_data.
      Since we only need this information if we actually emit an audit
      message there is little need to set it up in the hot path.  This patch
      splits the functionality of avc_has_perm() into avc_has_perm_noaudit(),
      avc_audit_required() and slow_avc_audit().  But we take care of setting
      up to audit between required() and the actual audit call.  Thus saving
      measurable time in a hot path.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      2e334057
    • Eric Paris's avatar
      SELinux: if sel_make_bools errors don't leave inconsistent state · 154c50ca
      Eric Paris authored
      We reset the bool names and values array to NULL, but do not reset the
      number of entries in these arrays to 0.  If we error out and then get back
      into this function we will walk these NULL pointers based on the belief
      that they are non-zero length.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      cc: stable@kernel.org
      154c50ca
    • Eric Paris's avatar
      SELinux: remove needless sel_div function · 92ae9e82
      Eric Paris authored
      I'm not really sure what the idea behind the sel_div function is, but it's
      useless.  Since a and b are both unsigned, it's impossible for a % b < 0.
      That means that part of the function never does anything.  Thus it's just a
      normal /.  Just do that instead.  I don't even understand what that operation
      was supposed to mean in the signed case however....
      
      If it was signed:
      sel_div(-2, 4) == ((-2 / 4) - ((-2 % 4) < 0))
      		  ((0)      - ((-2)     < 0))
      		  ((0)      - (1))
      		  (-1)
      
      What actually happens:
      sel_div(-2, 4) == ((18446744073709551614 / 4) - ((18446744073709551614 % 4) < 0))
      		  ((4611686018427387903)      - ((2 < 0))
      		  (4611686018427387903        - 0)
      		  ((unsigned int)4611686018427387903)
      		  (4294967295)
      
      Neither makes a whole ton of sense to me.  So I'm getting rid of the
      function entirely.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      92ae9e82
    • Eric Paris's avatar
      SELinux: possible NULL deref in context_struct_to_string · bb7081ab
      Eric Paris authored
      It's possible that the caller passed a NULL for scontext.  However if this
      is a defered mapping we might still attempt to call *scontext=kstrdup().
      This is bad.  Instead just return the len.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      bb7081ab
    • Eric Paris's avatar
      SELinux: audit failed attempts to set invalid labels · d6ea83ec
      Eric Paris authored
      We know that some yum operation is causing CAP_MAC_ADMIN failures.  This
      implies that an RPM is laying down (or attempting to lay down) a file with
      an invalid label.  The problem is that we don't have any information to
      track down the cause.  This patch will cause such a failure to report the
      failed label in an SELINUX_ERR audit message.  This is similar to the
      SELINUX_ERR reports on invalid transitions and things like that.  It should
      help run down problems on what is trying to set invalid labels in the
      future.
      
      Resulting records look something like:
      type=AVC msg=audit(1319659241.138:71): avc:  denied  { mac_admin } for pid=2594 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2
      type=SELINUX_ERR msg=audit(1319659241.138:71): op=setxattr invalid_context=unconfined_u:object_r:hello:s0
      type=SYSCALL msg=audit(1319659241.138:71): arch=c000003e syscall=188 success=no exit=-22 a0=a2c0e0 a1=390341b79b a2=a2d620 a3=1f items=1 ppid=2519 pid=2594 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
      type=CWD msg=audit(1319659241.138:71):  cwd="/root" type=PATH msg=audit(1319659241.138:71): item=0 name="test" inode=785879 dev=fc:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:admin_home_t:s0
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      d6ea83ec
    • Eric Paris's avatar
      SELinux: rename dentry_open to file_open · 83d49856
      Eric Paris authored
      dentry_open takes a file, rename it to file_open
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      83d49856
    • Eric Paris's avatar
      SELinux: check OPEN on truncate calls · 95dbf739
      Eric Paris authored
      In RH BZ 578841 we realized that the SELinux sandbox program was allowed to
      truncate files outside of the sandbox.  The reason is because sandbox
      confinement is determined almost entirely by the 'open' permission.  The idea
      was that if the sandbox was unable to open() files it would be unable to do
      harm to those files.  This turns out to be false in light of syscalls like
      truncate() and chmod() which don't require a previous open() call.  I looked
      at the syscalls that did not have an associated 'open' check and found that
      truncate(), did not have a seperate permission and even if it did have a
      separate permission such a permission owuld be inadequate for use by
      sandbox (since it owuld have to be granted so liberally as to be useless).
      This patch checks the OPEN permission on truncate.  I think a better solution
      for sandbox is a whole new permission, but at least this fixes what we have
      today.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      95dbf739
    • Eric Paris's avatar
      SELinux: add default_type statements · eed7795d
      Eric Paris authored
      Because Fedora shipped userspace based on my development tree we now
      have policy version 27 in the wild defining only default user, role, and
      range.  Thus to add default_type we need a policy.28.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      eed7795d
    • Eric Paris's avatar
      SELinux: allow default source/target selectors for user/role/range · aa893269
      Eric Paris authored
      When new objects are created we have great and flexible rules to
      determine the type of the new object.  We aren't quite as flexible or
      mature when it comes to determining the user, role, and range.  This
      patch adds a new ability to specify the place a new objects user, role,
      and range should come from.  For users and roles it can come from either
      the source or the target of the operation.  aka for files the user can
      either come from the source (the running process and todays default) or
      it can come from the target (aka the parent directory of the new file)
      
      examples always are done with
      directory context: system_u:object_r:mnt_t:s0-s0:c0.c512
      process context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
      
      [no rule]
      	unconfined_u:object_r:mnt_t:s0   test_none
      [default user source]
      	unconfined_u:object_r:mnt_t:s0   test_user_source
      [default user target]
      	system_u:object_r:mnt_t:s0       test_user_target
      [default role source]
      	unconfined_u:unconfined_r:mnt_t:s0 test_role_source
      [default role target]
      	unconfined_u:object_r:mnt_t:s0   test_role_target
      [default range source low]
      	unconfined_u:object_r:mnt_t:s0 test_range_source_low
      [default range source high]
      	unconfined_u:object_r:mnt_t:s0:c0.c1023 test_range_source_high
      [default range source low-high]
      	unconfined_u:object_r:mnt_t:s0-s0:c0.c1023 test_range_source_low-high
      [default range target low]
      	unconfined_u:object_r:mnt_t:s0 test_range_target_low
      [default range target high]
      	unconfined_u:object_r:mnt_t:s0:c0.c512 test_range_target_high
      [default range target low-high]
      	unconfined_u:object_r:mnt_t:s0-s0:c0.c512 test_range_target_low-high
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      aa893269
    • Eric Paris's avatar
      SELinux: include flow.h where used rather than get it indirectly · 6ce74ec7
      Eric Paris authored
      We use flow_cache_genid in the selinux xfrm files.  This is declared in
      net/flow.h  However we do not include that file directly anywhere.  We have
      always just gotten it through a long chain of indirect .h file includes.
      
      on x86_64:
      
        CC      security/selinux/ss/services.o
      In file included from
      /next/linux-next-20120216/security/selinux/ss/services.c:69:0:
      /next/linux-next-20120216/security/selinux/include/xfrm.h: In function 'selinux_xfrm_notify_policyload':
      /next/linux-next-20120216/security/selinux/include/xfrm.h:51:14: error: 'flow_cache_genid' undeclared (first use in this function)
      /next/linux-next-20120216/security/selinux/include/xfrm.h:51:14: note: each undeclared identifier is reported only once for each function it appears in
      make[3]: *** [security/selinux/ss/services.o] Error 1
      Reported-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      6ce74ec7
    • Eric Paris's avatar
      SELinux: loosen DAC perms on reading policy · 72e8c859
      Eric Paris authored
      There is no reason the DAC perms on reading the policy file need to be root
      only.  There are selinux checks which should control this access.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      72e8c859
    • Eric Paris's avatar
      SELinux: allow seek operations on the file exposing policy · 47a93a5b
      Eric Paris authored
      sesearch uses:
      lseek(3, 0, SEEK_SET)                   = -1 ESPIPE (Illegal seek)
      
      Make that work.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      47a93a5b
  2. 08 Apr, 2012 1 commit
  3. 07 Apr, 2012 13 commits
    • Linus Torvalds's avatar
      Merge tag 'regmap-3.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap · f4e52e7f
      Linus Torvalds authored
      Pull two more small regmap fixes from Mark Brown:
       - Now we have users for it that aren't running Android it turns out
         that regcache_sync_region() is much more useful to drivers if it's
         exported for use by modules.  Who knew?
       - Make sure we don't divide by zero when doing debugfs dumps of
         rbtrees, not visible up until now because everything was providing at
         least some cache on startup.
      
      * tag 'regmap-3.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap: prevent division by zero in rbtree_show
        regmap: Export regcache_sync_region()
      f4e52e7f
    • Linus Torvalds's avatar
      Merge branch 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm · a3fac080
      Linus Torvalds authored
      Pull a few KVM fixes from Avi Kivity:
       "A bunch of powerpc KVM fixes, a guest and a host RCU fix (unrelated),
        and a small build fix."
      
      * 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: Resolve RCU vs. async page fault problem
        KVM: VMX: vmx_set_cr0 expects kvm->srcu locked
        KVM: PMU: Fix integer constant is too large warning in kvm_pmu_set_msr()
        KVM: PPC: Book3S: PR: Fix preemption
        KVM: PPC: Save/Restore CR over vcpu_run
        KVM: PPC: Book3S HV: Save and restore CR in __kvmppc_vcore_entry
        KVM: PPC: Book3S HV: Fix kvm_alloc_linear in case where no linears exist
        KVM: PPC: Book3S: Compile fix for ppc32 in HIOR access code
      a3fac080
    • Linus Torvalds's avatar
      Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh · 664481ed
      Linus Torvalds authored
      Pull SuperH fixes from Paul Mundt.
      
      * tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
        sh: fix clock-sh7757 for the latest sh_mobile_sdhi driver
        serial: sh-sci: use serial_port_in/out vs sci_in/out.
        sh: vsyscall: Fix up .eh_frame generation.
        sh: dma: Fix up device attribute mismatch from sysdev fallout.
        sh: dwarf unwinder depends on SHcompact.
        sh: fix up fallout from system.h disintegration.
      664481ed
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · d6a624ee
      Linus Torvalds authored
      Pull security layer fixlet from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        sysctl: fix write access to dmesg_restrict/kptr_restrict
      d6a624ee
    • Linus Torvalds's avatar
      Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux · f21fec96
      Linus Torvalds authored
      Pull ACPI & Power Management patches from Len Brown:
       "Two fixes for cpuidle merge-window changes, plus a URL fix in
        MAINTAINERS"
      
      * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
        MAINTAINERS: Update git url for ACPI
        cpuidle: Fix panic in CPU off-lining with no idle driver
        ACPI processor: Use safe_halt() rather than halt() in acpi_idle_play_dead()
      f21fec96
    • Linus Torvalds's avatar
      Merge branch '3.4-rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · a0421da4
      Linus Torvalds authored
      Pull target fixes from Nicholas Bellinger:
       "Pull two tcm_fc fabric related fixes for -rc2:
      
        Note that both have been CC'ed to stable, and patch #1 is the
        important one that addresses a memory corruption bug related to FC
        exchange timeouts + command abort.
      
        Thanks again to MDR for tracking down this issue!"
      
      * '3.4-rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        tcm_fc: Do not free tpg structure during wq allocation failure
        tcm_fc: Add abort flag for gracefully handling exchange timeout
      a0421da4
    • Mark Rustad's avatar
      tcm_fc: Do not free tpg structure during wq allocation failure · 06383f10
      Mark Rustad authored
      Avoid freeing a registered tpg structure if an alloc_workqueue call
      fails.  This fixes a bug where the failure was leaking memory associated
      with se_portal_group setup during the original core_tpg_register() call.
      Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
      Acked-by: default avatarKiran Patil <Kiran.patil@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      06383f10
    • Mark Rustad's avatar
      tcm_fc: Add abort flag for gracefully handling exchange timeout · e1c40382
      Mark Rustad authored
      Add abort flag and use it to terminate processing when an exchange
      is timed out or is reset. The abort flag is used in place of the
      transport_generic_free_cmd function call in the reset and timeout
      cases, because calling that function in that context would free
      memory that was in use. The aborted flag allows the lifetime to
      be managed in a more normal way, while truncating the processing.
      
      This change eliminates a source of memory corruption which
      manifested in a variety of ugly ways.
      
      (nab: Drop unused struct fc_exch *ep in ft_recv_seq)
      Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
      Acked-by: default avatarKiran Patil <Kiran.patil@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e1c40382
    • Len Brown's avatar
      eeaab2d8
    • Igor Murzov's avatar
      MAINTAINERS: Update git url for ACPI · aaef292a
      Igor Murzov authored
      Signed-off-by: default avatarIgor Murzov <e-mail@date.by>
      Signed-off-by: default avatarLen Brown <len.brown@intel.com>
      aaef292a
    • Linus Torvalds's avatar
      Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 4157368e
      Linus Torvalds authored
      Pull arch/tile bug fixes from Chris Metcalf:
       "This includes Paul Gortmaker's change to fix the <asm/system.h>
        disintegration issues on tile, a fix to unbreak the tilepro ethernet
        driver, and a backlog of bugfix-only changes from internal Tilera
        development over the last few months.
      
        They have all been to LKML and on linux-next for the last few days.
        The EDAC change to MAINTAINERS is an oddity but discussion on the
        linux-edac list suggested I ask you to pull that change through my
        tree since they don't have a tree to pull edac changes from at the
        moment."
      
      * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: (39 commits)
        drivers/net/ethernet/tile: fix netdev_alloc_skb() bombing
        MAINTAINERS: update EDAC information
        tilepro ethernet driver: fix a few minor issues
        tile-srom.c driver: minor code cleanup
        edac: say "TILEGx" not "TILEPro" for the tilegx edac driver
        arch/tile: avoid accidentally unmasking NMI-type interrupt accidentally
        arch/tile: remove bogus performance optimization
        arch/tile: return SIGBUS for addresses that are unaligned AND invalid
        arch/tile: fix finv_buffer_remote() for tilegx
        arch/tile: use atomic exchange in arch_write_unlock()
        arch/tile: stop mentioning the "kvm" subdirectory
        arch/tile: export the page_home() function.
        arch/tile: fix pointer cast in cacheflush.c
        arch/tile: fix single-stepping over swint1 instructions on tilegx
        arch/tile: implement panic_smp_self_stop()
        arch/tile: add "nop" after "nap" to help GX idle power draw
        arch/tile: use proper memparse() for "maxmem" options
        arch/tile: fix up locking in pgtable.c slightly
        arch/tile: don't leak kernel memory when we unload modules
        arch/tile: fix bug in delay_backoff()
        ...
      4157368e
    • Linus Torvalds's avatar
      Merge tag 'stable/for-linus-3.4-rc1-tag' of... · 9479f0f8
      Linus Torvalds authored
      Merge tag 'stable/for-linus-3.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
      
      Pull xen fixes from Konrad Rzeszutek Wilk:
       "Two fixes for regressions:
         * one is a workaround that will be removed in v3.5 with proper fix in
           the tip/x86 tree,
         * the other is to fix drivers to load on PV (a previous patch made
           them only load in PVonHVM mode).
      
        The rest are just minor fixes in the various drivers and some cleanup
        in the core code."
      
      * tag 'stable/for-linus-3.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success
        xen/pciback: fix XEN_PCI_OP_enable_msix result
        xen/smp: Remove unnecessary call to smp_processor_id()
        xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries'
        xen: only check xen_platform_pci_unplug if hvm
      9479f0f8
    • Linus Torvalds's avatar
      Merge tag 'mmc-fixes-for-3.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc · 1ddca057
      Linus Torvalds authored
      Pull MMC fixes from Chris Ball:
       - Disable use of MSI in sdhci-pci, which caused multiple chipsets to
         stop working in 3.4-rc1.  I'll wait to turn this on again until we
         have a chipset whitelist for it.
       - Fix a libertas SDIO powered-resume regression introduced in 3.3;
         thanks to Neil Brown and Rafael Wysocki for this fix.
       - Fix module reloading on omap_hsmmc.
       - Stop trusting the spec/card's specified maximum data timeout length,
         and use three seconds instead.  Previously we used 300ms.
      
      Also cleanups and fixes for s3c, atmel, sh_mmcif and omap_hsmmc.
      
      * tag 'mmc-fixes-for-3.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (28 commits)
        mmc: use really long write timeout to deal with crappy cards
        mmc: sdhci-dove: Fix compile error by including module.h
        mmc: Prevent 1.8V switch for SD hosts that don't support UHS modes.
        Revert "mmc: sdhci-pci: Add MSI support"
        Revert "mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers"
        mmc: core: fix power class selection
        mmc: omap_hsmmc: fix module re-insertion
        mmc: omap_hsmmc: convert to module_platform_driver
        mmc: omap_hsmmc: make it behave well as a module
        mmc: omap_hsmmc: trivial cleanups
        mmc: omap_hsmmc: context save after enabling runtime pm
        mmc: omap_hsmmc: use runtime put sync in probe error patch
        mmc: sdio: Use empty system suspend/resume callbacks at the bus level
        mmc: bus: print bus speed mode of UHS-I card
        mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers
        mmc: sh_mmcif: Simplify calculation of mmc->f_min
        mmc: sh_mmcif: mmc->f_max should be half of the bus clock
        mmc: sh_mmcif: double clock speed
        mmc: block: Remove use of mmc_blk_set_blksize
        mmc: atmel-mci: add support for odd clock dividers
        ...
      1ddca057
  4. 06 Apr, 2012 14 commits
    • Linus Torvalds's avatar
      Make the "word-at-a-time" helper functions more commonly usable · f68e556e
      Linus Torvalds authored
      I have a new optimized x86 "strncpy_from_user()" that will use these
      same helper functions for all the same reasons the name lookup code uses
      them.  This is preparation for that.
      
      This moves them into an architecture-specific header file.  It's
      architecture-specific for two reasons:
      
       - some of the functions are likely to want architecture-specific
         implementations.  Even if the current code happens to be "generic" in
         the sense that it should work on any little-endian machine, it's
         likely that the "multiply by a big constant and shift" implementation
         is less than optimal for an architecture that has a guaranteed fast
         bit count instruction, for example.
      
       - I expect that if architectures like sparc want to start playing
         around with this, we'll need to abstract out a few more details (in
         particular the actual unaligned accesses).  So we're likely to have
         more architecture-specific stuff if non-x86 architectures start using
         this.
      
         (and if it turns out that non-x86 architectures don't start using
         this, then having it in an architecture-specific header is still the
         right thing to do, of course)
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f68e556e
    • Toshi Kani's avatar
      cpuidle: Fix panic in CPU off-lining with no idle driver · ee01e663
      Toshi Kani authored
      Fix a NULL pointer dereference panic in cpuidle_play_dead() during
      CPU off-lining when no cpuidle driver is registered.  A cpuidle
      driver may be registered at boot-time based on CPU type.  This patch
      allows an off-lined CPU to enter HLT-based idle in this condition.
      Signed-off-by: default avatarToshi Kani <toshi.kani@hp.com>
      Cc: Boris Ostrovsky <boris.ostrovsky@amd.com>
      Reviewed-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Tested-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarLen Brown <len.brown@intel.com>
      ee01e663
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 23f347ef
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) Fix inaccuracies in network driver interface documentation, from Ben
          Hutchings.
      
       2) Fix handling of negative offsets in BPF JITs, from Jan Seiffert.
      
       3) Compile warning, locking, and refcounting fixes in netfilter's
          xt_CT, from Pablo Neira Ayuso.
      
       4) phonet sendmsg needs to validate user length just like any other
          datagram protocol, fix from Sasha Levin.
      
       5) Ipv6 multicast code uses wrong loop index, from RongQing Li.
      
       6) Link handling and firmware fixes in bnx2x driver from Yaniv Rosner
          and Yuval Mintz.
      
       7) mlx4 erroneously allocates 4 pages at a time, regardless of page
          size, fix from Thadeu Lima de Souza Cascardo.
      
       8) SCTP socket option wasn't extended in a backwards compatible way,
          fix from Thomas Graf.
      
       9) Add missing address change event emissions to bonding, from Shlomo
          Pongratz.
      
      10) /proc/net/dev regressed because it uses a private offset to track
          where we are in the hash table, but this doesn't track the offset
          pullback that the seq_file code does resulting in some entries being
          missed in large dumps.
      
          Fix from Eric Dumazet.
      
      11) do_tcp_sendpage() unloads the send queue way too fast, because it
          invokes tcp_push() when it shouldn't.  Let the natural sequence
          generated by the splice paths, and the assosciated MSG_MORE
          settings, guide the tcp_push() calls.
      
          Otherwise what goes out of TCP is spaghetti and doesn't batch
          effectively into GSO/TSO clusters.
      
          From Eric Dumazet.
      
      12) Once we put a SKB into either the netlink receiver's queue or a
          socket error queue, it can be consumed and freed up, therefore we
          cannot touch it after queueing it like that.
      
          Fixes from Eric Dumazet.
      
      13) PPP has this annoying behavior in that for every transmit call it
          immediately stops the TX queue, then calls down into the next layer
          to transmit the PPP frame.
      
          But if that next layer can take it immediately, it just un-stops the
          TX queue right before returning from the transmit method.
      
          Besides being useless work, it makes several facilities unusable, in
          particular things like the equalizers.  Well behaved devices should
          only stop the TX queue when they really are full, and in PPP's case
          when it gets backlogged to the downstream device.
      
          David Woodhouse therefore fixed PPP to not stop the TX queue until
          it's downstream can't take data any more.
      
      14) IFF_UNICAST_FLT got accidently lost in some recent stmmac driver
          changes, re-add.  From Marc Kleine-Budde.
      
      15) Fix link flaps in ixgbe, from Eric W. Multanen.
      
      16) Descriptor writeback fixes in e1000e from Matthew Vick.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
        net: fix a race in sock_queue_err_skb()
        netlink: fix races after skb queueing
        doc, net: Update ndo_start_xmit return type and values
        doc, net: Remove instruction to set net_device::trans_start
        doc, net: Update netdev operation names
        doc, net: Update documentation of synchronisation for TX multiqueue
        doc, net: Remove obsolete reference to dev->poll
        ethtool: Remove exception to the requirement of holding RTNL lock
        MAINTAINERS: update for Marvell Ethernet drivers
        bonding: properly unset current_arp_slave on slave link up
        phonet: Check input from user before allocating
        tcp: tcp_sendpages() should call tcp_push() once
        ipv6: fix array index in ip6_mc_add_src()
        mlx4: allocate just enough pages instead of always 4 pages
        stmmac: re-add IFF_UNICAST_FLT for dwmac1000
        bnx2x: Clear MDC/MDIO warning message
        bnx2x: Fix BCM57711+BCM84823 link issue
        bnx2x: Clear BCM84833 LED after fan failure
        bnx2x: Fix BCM84833 PHY FW version presentation
        bnx2x: Fix link issue for BCM8727 boards.
        ...
      23f347ef
    • Jan Beulich's avatar
      xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success · f09d8432
      Jan Beulich authored
      The original XenoLinux code has always had things this way, and for
      compatibility reasons (in particular with a subsequent pciback
      adjustment) upstream Linux should behave the same way (allowing for two
      distinct error indications to be returned by the backend).
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      f09d8432
    • Jan Beulich's avatar
      xen/pciback: fix XEN_PCI_OP_enable_msix result · 0ee46eca
      Jan Beulich authored
      Prior to 2.6.19 and as of 2.6.31, pci_enable_msix() can return a
      positive value to indicate the number of vectors (less than the amount
      requested) that can be set up for a given device. Returning this as an
      operation value (secondary result) is fine, but (primary) operation
      results are expected to be negative (error) or zero (success) according
      to the protocol. With the frontend fixed to match the XenoLinux
      behavior, the backend can now validly return zero (success) here,
      passing the upper limit on the number of vectors in op->value.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      0ee46eca
    • Srivatsa S. Bhat's avatar
      xen/smp: Remove unnecessary call to smp_processor_id() · e8c9e788
      Srivatsa S. Bhat authored
      There is an extra and unnecessary call to smp_processor_id()
      in cpu_bringup(). Remove it.
      Signed-off-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      e8c9e788
    • Konrad Rzeszutek Wilk's avatar
      xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries' · 2531d64b
      Konrad Rzeszutek Wilk authored
      The above mentioned patch checks the IOAPIC and if it contains
      -1, then it unmaps said IOAPIC. But under Xen we get this:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
      IP: [<ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
      PGD 0
      Oops: 0002 [#1] SMP
      CPU 0
      Modules linked in:
      
      Pid: 1, comm: swapper/0 Not tainted 3.2.10-3.fc16.x86_64 #1 Dell Inc. Inspiron
      1525                  /0U990C
      RIP: e030:[<ffffffff8134e51f>]  [<ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
      RSP: e02b: ffff8800d42cbb70  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: 00000000ffffffef RCX: 0000000000000001
      RDX: 0000000000000040 RSI: 00000000ffffffef RDI: 0000000000000001
      RBP: ffff8800d42cbb80 R08: ffff8800d6400000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffef
      R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000010
      FS:  0000000000000000(0000) GS:ffff8800df5fe000(0000) knlGS:0000000000000000
      CS:  e033 DS: 0000 ES: 0000 CR0:000000008005003b
      CR2: 0000000000000040 CR3: 0000000001a05000 CR4: 0000000000002660
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process swapper/0 (pid: 1, threadinfo ffff8800d42ca000, task ffff8800d42d0000)
      Stack:
       00000000ffffffef 0000000000000010 ffff8800d42cbbe0 ffffffff8134f157
       ffffffff8100a9b2 ffffffff8182ffd1 00000000000000a0 00000000829e7384
       0000000000000002 0000000000000010 00000000ffffffff 0000000000000000
      Call Trace:
       [<ffffffff8134f157>] xen_bind_pirq_gsi_to_irq+0x87/0x230
       [<ffffffff8100a9b2>] ? check_events+0x12+0x20
       [<ffffffff814bab42>] xen_register_pirq+0x82/0xe0
       [<ffffffff814bac1a>] xen_register_gsi.part.2+0x4a/0xd0
       [<ffffffff814bacc0>] acpi_register_gsi_xen+0x20/0x30
       [<ffffffff8103036f>] acpi_register_gsi+0xf/0x20
       [<ffffffff8131abdb>] acpi_pci_irq_enable+0x12e/0x202
       [<ffffffff814bc849>] pcibios_enable_device+0x39/0x40
       [<ffffffff812dc7ab>] do_pci_enable_device+0x4b/0x70
       [<ffffffff812dc878>] __pci_enable_device_flags+0xa8/0xf0
       [<ffffffff812dc8d3>] pci_enable_device+0x13/0x20
      
      The reason we are dying is b/c the call acpi_get_override_irq() is used,
      which returns the polarity and trigger for the IRQs. That function calls
      mp_find_ioapics to get the 'struct ioapic' structure - which along with the
      mp_irq[x] is used to figure out the default values and the polarity/trigger
      overrides. Since the mp_find_ioapics now returns -1 [b/c the IOAPIC is filled
      with 0xffffffff], the acpi_get_override_irq() stops trying to lookup in the
      mp_irq[x] the proper INT_SRV_OVR and we can't install the SCI interrupt.
      
      The proper fix for this is going in v3.5 and adds an x86_io_apic_ops
      struct so that platforms can override it. But for v3.4 lets carry this
      work-around. This patch does that by providing a slightly different variant
      of the fake IOAPIC entries.
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      2531d64b
    • Igor Mammedov's avatar
      xen: only check xen_platform_pci_unplug if hvm · e95ae5a4
      Igor Mammedov authored
      commit b9136d207f08
        xen: initialize platform-pci even if xen_emul_unplug=never
      
      breaks blkfront/netfront by not loading them because of
      xen_platform_pci_unplug=0 and it is never set for PV guest.
      Signed-off-by: default avatarAndrew Jones <drjones@redhat.com>
      Signed-off-by: default avatarIgor Mammedov <imammedo@redhat.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      e95ae5a4
    • Eric Dumazet's avatar
      net: fix a race in sock_queue_err_skb() · 110c4330
      Eric Dumazet authored
      As soon as an skb is queued into socket error queue, another thread
      can consume it, so we are not allowed to reference skb anymore, or risk
      use after free.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      110c4330
    • Eric Dumazet's avatar
      netlink: fix races after skb queueing · 4a7e7c2a
      Eric Dumazet authored
      As soon as an skb is queued into socket receive_queue, another thread
      can consume it, so we are not allowed to reference skb anymore, or risk
      use after free.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4a7e7c2a
    • Ben Hutchings's avatar
      doc, net: Update ndo_start_xmit return type and values · e34fac1c
      Ben Hutchings authored
      Commit dc1f8bf6 ('netdev: change
      transmit to limited range type') changed the required return type and
      9a1654ba ('net: Optimize
      hard_start_xmit() return checking') changed the valid numerical
      return values.
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e34fac1c
    • Ben Hutchings's avatar
      doc, net: Remove instruction to set net_device::trans_start · de7aca16
      Ben Hutchings authored
      Commit 08baf561 ('net:
      txq_trans_update() helper') made it unnecessary for most drivers to
      set net_device::trans_start (or netdev_queue::trans_start).
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      de7aca16
    • Ben Hutchings's avatar
      doc, net: Update netdev operation names · b3cf6545
      Ben Hutchings authored
      Commits d314774c ('netdev: network
      device operations infrastructure') and
      00829823 ('netdev: add more functions
      to netdevice ops') moved and renamed net device operation pointers.
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b3cf6545
    • Ben Hutchings's avatar
      doc, net: Update documentation of synchronisation for TX multiqueue · 04fd3d35
      Ben Hutchings authored
      Commits e308a5d8 ('netdev: Add
      netdev->addr_list_lock protection.') and
      e8a0464c ('netdev: Allocate multiple
      queues for TX.') introduced more fine-grained locks.
      Signed-off-by: default avatarBen Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      04fd3d35