1. 16 Dec, 2010 2 commits
    • Andrey Vagin's avatar
      ipv6: delete expired route in ip6_pmtu_deliver · d3052b55
      Andrey Vagin authored
      The first big packets sent to a "low-MTU" client correctly
      triggers the creation of a temporary route containing the reduced MTU.
      
      But after the temporary route has expired, new ICMP6 "packet too big"
      will be sent, rt6_pmtu_discovery will find the previous EXPIRED route
      check that its mtu isn't bigger then in icmp packet and do nothing
      before the temporary route will not deleted by gc.
      
      I make the simple experiment:
      while :; do
          time ( dd if=/dev/zero bs=10K count=1 | ssh hostname dd of=/dev/null ) || break;
      done
      
      The "time" reports real 0m0.197s if a temporary route isn't expired, but
      it reports real 0m52.837s (!!!!) immediately after a temporare route has
      expired.
      Signed-off-by: default avatarAndrey Vagin <avagin@openvz.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3052b55
    • Hillf Danton's avatar
      bonding: Fix slave selection bug. · af3e5bd5
      Hillf Danton authored
      The returned slave is incorrect, if the net device under check is not
      charged yet by the master.
      Signed-off-by: default avatarHillf Danton <dhillf@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      af3e5bd5
  2. 15 Dec, 2010 1 commit
  3. 14 Dec, 2010 1 commit
  4. 13 Dec, 2010 5 commits
  5. 12 Dec, 2010 7 commits
  6. 11 Dec, 2010 1 commit
  7. 10 Dec, 2010 14 commits
  8. 09 Dec, 2010 3 commits
  9. 08 Dec, 2010 6 commits
    • Eric Dumazet's avatar
      tcp: protect sysctl_tcp_cookie_size reads · f1987257
      Eric Dumazet authored
      Make sure sysctl_tcp_cookie_size is read once in
      tcp_cookie_size_check(), or we might return an illegal value to caller
      if sysctl_tcp_cookie_size is changed by another cpu.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Cc: William Allen Simpson <william.allen.simpson@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1987257
    • Eric Dumazet's avatar
      tcp: avoid a possible divide by zero · ad9f4f50
      Eric Dumazet authored
      sysctl_tcp_tso_win_divisor might be set to zero while one cpu runs in
      tcp_tso_should_defer(). Make sure we dont allow a divide by zero by
      reading sysctl_tcp_tso_win_divisor exactly once.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ad9f4f50
    • David Kilroy's avatar
      orinoco: fix TKIP countermeasure behaviour · 0a54917c
      David Kilroy authored
      Enable the port when disabling countermeasures, and disable it on
      enabling countermeasures.
      
      This bug causes the response of the system to certain attacks to be
      ineffective.
      
      It also prevents wpa_supplicant from getting scan results, as
      wpa_supplicant disables countermeasures on startup - preventing the
      hardware from scanning.
      
      wpa_supplicant works with ap_mode=2 despite this bug because the commit
      handler re-enables the port.
      
      The log tends to look like:
      
      State: DISCONNECTED -> SCANNING
      Starting AP scan for wildcard SSID
      Scan requested (ret=0) - scan timeout 5 seconds
      EAPOL: disable timer tick
      EAPOL: Supplicant port status: Unauthorized
      Scan timeout - try to get results
      Failed to get scan results
      Failed to get scan results - try scanning again
      Setting scan request: 1 sec 0 usec
      Starting AP scan for wildcard SSID
      Scan requested (ret=-1) - scan timeout 5 seconds
      Failed to initiate AP scan.
      
      Reported by: Giacomo Comes <comes@naic.edu>
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      0a54917c
    • David Kilroy's avatar
      orinoco: clear countermeasure setting on commit · ba34fcee
      David Kilroy authored
      ... and interface up.
      
      In these situations, you are usually trying to connect to a new AP, so
      keeping TKIP countermeasures active is confusing. This is already how
      the driver behaves (inadvertently). However, querying SIOCGIWAUTH may
      tell userspace that countermeasures are active when they aren't.
      
      Clear the setting so that the reporting matches what the driver has
      done..
      
      Signed-off by: David Kilroy <kilroyd@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      ba34fcee
    • Helmut Schaa's avatar
      mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs · 7e244707
      Helmut Schaa authored
      mac80211 doesn't handle shared skbs correctly at the moment. As a result
      a possible resize can trigger a BUG in pskb_expand_head.
      
      [  676.030000] Kernel bug detected[#1]:
      [  676.030000] Cpu 0
      [  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
      [  676.030000] $ 4   : 81966200 00000020 00000000 00000020
      [  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
      [  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
      [  676.030000] $16   : 80ea2000 00000000 00000000 00000000
      [  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
      [  676.030000] $24   : 00000002 800ace5c
      [  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
      [  676.030000] Hi    : 0000026e
      [  676.030000] Lo    : 0000757e
      [  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
      [  676.030000]     Not tainted
      [  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] Status: 1000a403    KERNEL EXL IE
      [  676.030000] Cause : 10800024
      [  676.030000] PrId  : 0001964c (MIPS 24Kc)
      [  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
      [  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
      [  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
      [  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
      [  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
      [  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
      [  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
      [  676.030000]         ...
      [  676.030000] Call Trace:
      [  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
      [  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
      [  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
      [  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
      [  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
      [  676.030000] [<8002ebe8>] kthread+0x7c/0x88
      [  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
      [  676.030000]
      [  676.030000]
      [  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021
      
      Fix this by making a local copy of shared skbs prior to mangeling them.
      To avoid copying the skb unnecessarily move the skb_copy call below the
      checks that don't need write access to the skb.
      
      Also, move the assignment of nh_pos and h_pos below the skb_copy to point
      to the correct skb.
      
      It would be possible to avoid another resize of the copied skb by using
      skb_copy_expand instead of skb_copy but that would make the patch more
      complex. Also, shared skbs are a corner case right now, so the resize
      shouldn't matter much.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7e244707
    • Sujith Manoharan's avatar
      ath9k_htc: Fix suspend/resume · f933ebed
      Sujith Manoharan authored
      The HW has to be set to FULLSLEEP mode during suspend,
      when no interface has been brought up. Not doing this would
      break resume, as the chip won't be powered up at all.
      Signed-off-by: default avatarSujith Manoharan <Sujith.Manoharan@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      f933ebed