<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net/tipc/link.c, branch linux-3.13.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>tipc: correctly unlink packets from deferred packet queue</title>
<updated>2014-01-07T21:15:24+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2014-01-07T20:51:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=732256b9335f8456623bb772d86c2a24e3cafca2'/>
<id>732256b9335f8456623bb772d86c2a24e3cafca2</id>
<content type='text'>
When we pull a received packet from a link's 'deferred packets' queue
for processing, its 'next' pointer is not cleared, and still refers to
the next packet in that queue, if any. This is incorrect, but caused
no harm before commit 40ba3cdf542a469aaa9083fa041656e59b109b90 ("tipc:
message reassembly using fragment chain") was introduced. After that
commit, it may sometimes lead to the following oops:

general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: tipc
CPU: 4 PID: 0 Comm: swapper/4 Tainted: G        W 3.13.0-rc2+ #6
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
task: ffff880017af4880 ti: ffff880017aee000 task.ti: ffff880017aee000
RIP: 0010:[&lt;ffffffff81710694&gt;]  [&lt;ffffffff81710694&gt;] skb_try_coalesce+0x44/0x3d0
RSP: 0018:ffff880016603a78  EFLAGS: 00010212
RAX: 6b6b6b6bd6d6d6d6 RBX: ffff880013106ac0 RCX: ffff880016603ad0
RDX: ffff880016603ad7 RSI: ffff88001223ed00 RDI: ffff880013106ac0
RBP: ffff880016603ab8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88001223ed00
R13: ffff880016603ad0 R14: 000000000000058c R15: ffff880012297650
FS:  0000000000000000(0000) GS:ffff880016600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000000805b000 CR3: 0000000011f5d000 CR4: 00000000000006e0
Stack:
 ffff880016603a88 ffffffff810a38ed ffff880016603aa8 ffff88001223ed00
 0000000000000001 ffff880012297648 ffff880016603b68 ffff880012297650
 ffff880016603b08 ffffffffa0006c51 ffff880016603b08 00ffffffa00005fc
Call Trace:
 &lt;IRQ&gt;
 [&lt;ffffffff810a38ed&gt;] ? trace_hardirqs_on+0xd/0x10
 [&lt;ffffffffa0006c51&gt;] tipc_link_recv_fragment+0xd1/0x1b0 [tipc]
 [&lt;ffffffffa0007214&gt;] tipc_recv_msg+0x4e4/0x920 [tipc]
 [&lt;ffffffffa00016f0&gt;] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
 [&lt;ffffffffa000177c&gt;] tipc_l2_rcv_msg+0xcc/0x250 [tipc]
 [&lt;ffffffffa00016f0&gt;] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
 [&lt;ffffffff8171e65b&gt;] __netif_receive_skb_core+0x80b/0xd00
 [&lt;ffffffff8171df94&gt;] ? __netif_receive_skb_core+0x144/0xd00
 [&lt;ffffffff8171eb76&gt;] __netif_receive_skb+0x26/0x70
 [&lt;ffffffff8171ed6d&gt;] netif_receive_skb+0x2d/0x200
 [&lt;ffffffff8171fe70&gt;] napi_gro_receive+0xb0/0x130
 [&lt;ffffffff815647c2&gt;] e1000_clean_rx_irq+0x2c2/0x530
 [&lt;ffffffff81565986&gt;] e1000_clean+0x266/0x9c0
 [&lt;ffffffff81985f7b&gt;] ? notifier_call_chain+0x2b/0x160
 [&lt;ffffffff8171f971&gt;] net_rx_action+0x141/0x310
 [&lt;ffffffff81051c1b&gt;] __do_softirq+0xeb/0x480
 [&lt;ffffffff819817bb&gt;] ? _raw_spin_unlock+0x2b/0x40
 [&lt;ffffffff810b8c42&gt;] ? handle_fasteoi_irq+0x72/0x100
 [&lt;ffffffff81052346&gt;] irq_exit+0x96/0xc0
 [&lt;ffffffff8198cbc3&gt;] do_IRQ+0x63/0xe0
 [&lt;ffffffff81981def&gt;] common_interrupt+0x6f/0x6f
 &lt;EOI&gt;

This happens when the last fragment of a message has passed through the
the receiving link's 'deferred packets' queue, and at least one other
packet was added to that queue while it was there. After the fragment
chain with the complete message has been successfully delivered to the
receiving socket, it is released. Since 'next' pointer of the last
fragment in the released chain now is non-NULL, we get the crash shown
above.

We fix this by clearing the 'next' pointer of all received packets,
including those being pulled from the 'deferred' queue, before they
undergo any further processing.

Fixes: 40ba3cdf542a4 ("tipc: message reassembly using fragment chain")
Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reported-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When we pull a received packet from a link's 'deferred packets' queue
for processing, its 'next' pointer is not cleared, and still refers to
the next packet in that queue, if any. This is incorrect, but caused
no harm before commit 40ba3cdf542a469aaa9083fa041656e59b109b90 ("tipc:
message reassembly using fragment chain") was introduced. After that
commit, it may sometimes lead to the following oops:

general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: tipc
CPU: 4 PID: 0 Comm: swapper/4 Tainted: G        W 3.13.0-rc2+ #6
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
task: ffff880017af4880 ti: ffff880017aee000 task.ti: ffff880017aee000
RIP: 0010:[&lt;ffffffff81710694&gt;]  [&lt;ffffffff81710694&gt;] skb_try_coalesce+0x44/0x3d0
RSP: 0018:ffff880016603a78  EFLAGS: 00010212
RAX: 6b6b6b6bd6d6d6d6 RBX: ffff880013106ac0 RCX: ffff880016603ad0
RDX: ffff880016603ad7 RSI: ffff88001223ed00 RDI: ffff880013106ac0
RBP: ffff880016603ab8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88001223ed00
R13: ffff880016603ad0 R14: 000000000000058c R15: ffff880012297650
FS:  0000000000000000(0000) GS:ffff880016600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000000805b000 CR3: 0000000011f5d000 CR4: 00000000000006e0
Stack:
 ffff880016603a88 ffffffff810a38ed ffff880016603aa8 ffff88001223ed00
 0000000000000001 ffff880012297648 ffff880016603b68 ffff880012297650
 ffff880016603b08 ffffffffa0006c51 ffff880016603b08 00ffffffa00005fc
Call Trace:
 &lt;IRQ&gt;
 [&lt;ffffffff810a38ed&gt;] ? trace_hardirqs_on+0xd/0x10
 [&lt;ffffffffa0006c51&gt;] tipc_link_recv_fragment+0xd1/0x1b0 [tipc]
 [&lt;ffffffffa0007214&gt;] tipc_recv_msg+0x4e4/0x920 [tipc]
 [&lt;ffffffffa00016f0&gt;] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
 [&lt;ffffffffa000177c&gt;] tipc_l2_rcv_msg+0xcc/0x250 [tipc]
 [&lt;ffffffffa00016f0&gt;] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
 [&lt;ffffffff8171e65b&gt;] __netif_receive_skb_core+0x80b/0xd00
 [&lt;ffffffff8171df94&gt;] ? __netif_receive_skb_core+0x144/0xd00
 [&lt;ffffffff8171eb76&gt;] __netif_receive_skb+0x26/0x70
 [&lt;ffffffff8171ed6d&gt;] netif_receive_skb+0x2d/0x200
 [&lt;ffffffff8171fe70&gt;] napi_gro_receive+0xb0/0x130
 [&lt;ffffffff815647c2&gt;] e1000_clean_rx_irq+0x2c2/0x530
 [&lt;ffffffff81565986&gt;] e1000_clean+0x266/0x9c0
 [&lt;ffffffff81985f7b&gt;] ? notifier_call_chain+0x2b/0x160
 [&lt;ffffffff8171f971&gt;] net_rx_action+0x141/0x310
 [&lt;ffffffff81051c1b&gt;] __do_softirq+0xeb/0x480
 [&lt;ffffffff819817bb&gt;] ? _raw_spin_unlock+0x2b/0x40
 [&lt;ffffffff810b8c42&gt;] ? handle_fasteoi_irq+0x72/0x100
 [&lt;ffffffff81052346&gt;] irq_exit+0x96/0xc0
 [&lt;ffffffff8198cbc3&gt;] do_IRQ+0x63/0xe0
 [&lt;ffffffff81981def&gt;] common_interrupt+0x6f/0x6f
 &lt;EOI&gt;

This happens when the last fragment of a message has passed through the
the receiving link's 'deferred packets' queue, and at least one other
packet was added to that queue while it was there. After the fragment
chain with the complete message has been successfully delivered to the
receiving socket, it is released. Since 'next' pointer of the last
fragment in the released chain now is non-NULL, we get the crash shown
above.

We fix this by clearing the 'next' pointer of all received packets,
including those being pulled from the 'deferred' queue, before they
undergo any further processing.

Fixes: 40ba3cdf542a4 ("tipc: message reassembly using fragment chain")
Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reported-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: fix dereference before check warning</title>
<updated>2013-11-15T08:11:06+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2013-11-13T08:35:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3db0a197ed86317ab2915bc8bddb91807b0f0e96'/>
<id>3db0a197ed86317ab2915bc8bddb91807b0f0e96</id>
<content type='text'>
This fixes the following Smatch warning:
net/tipc/link.c:2364 tipc_link_recv_fragment()
    warn: variable dereferenced before check '*head' (see line 2361)

A null pointer might be passed to skb_try_coalesce if
a malicious sender injects orphan fragments on a link.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This fixes the following Smatch warning:
net/tipc/link.c:2364 tipc_link_recv_fragment()
    warn: variable dereferenced before check '*head' (see line 2361)

A null pointer might be passed to skb_try_coalesce if
a malicious sender injects orphan fragments on a link.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: reassembly failures should cause link reset</title>
<updated>2013-11-07T23:30:11+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2013-11-06T08:28:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a715b49e79b0924863ff1424f9823cc1b5972322'/>
<id>a715b49e79b0924863ff1424f9823cc1b5972322</id>
<content type='text'>
If appending a received fragment to the pending fragment chain
in a unicast link fails, the current code tries to force a retransmission
of the fragment by decrementing the 'next received sequence number'
field in the link. This is done under the assumption that the failure
is caused by an out-of-memory situation, an assumption that does
not hold true after the previous patch in this series.

A failure to append a fragment can now only be caused by a protocol
violation by the sending peer, and it must hence be assumed that it
is either malicious or buggy.  Either way, the correct behavior is now
to reset the link instead of trying to revert its sequence number.
So, this is what we do in this commit.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If appending a received fragment to the pending fragment chain
in a unicast link fails, the current code tries to force a retransmission
of the fragment by decrementing the 'next received sequence number'
field in the link. This is done under the assumption that the failure
is caused by an out-of-memory situation, an assumption that does
not hold true after the previous patch in this series.

A failure to append a fragment can now only be caused by a protocol
violation by the sending peer, and it must hence be assumed that it
is either malicious or buggy.  Either way, the correct behavior is now
to reset the link instead of trying to revert its sequence number.
So, this is what we do in this commit.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: message reassembly using fragment chain</title>
<updated>2013-11-07T23:30:11+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2013-11-06T08:28:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=40ba3cdf542a469aaa9083fa041656e59b109b90'/>
<id>40ba3cdf542a469aaa9083fa041656e59b109b90</id>
<content type='text'>
When the first fragment of a long data data message is received on a link, a
reassembly buffer large enough to hold the data from this and all subsequent
fragments of the message is allocated. The payload of each new fragment is
copied into this buffer upon arrival. When the last fragment is received, the
reassembled message is delivered upwards to the port/socket layer.

Not only is this an inefficient approach, but it may also cause bursts of
reassembly failures in low memory situations. since we may fail to allocate
the necessary large buffer in the first place. Furthermore, after 100 subsequent
such failures the link will be reset, something that in reality aggravates the
situation.

To remedy this problem, this patch introduces a different approach. Instead of
allocating a big reassembly buffer, we now append the arriving fragments
to a reassembly chain on the link, and deliver the whole chain up to the
socket layer once the last fragment has been received. This is safe because
the retransmission layer of a TIPC link always delivers packets in strict
uninterrupted order, to the reassembly layer as to all other upper layers.
Hence there can never be more than one fragment chain pending reassembly at
any given time in a link, and we can trust (but still verify) that the
fragments will be chained up in the correct order.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the first fragment of a long data data message is received on a link, a
reassembly buffer large enough to hold the data from this and all subsequent
fragments of the message is allocated. The payload of each new fragment is
copied into this buffer upon arrival. When the last fragment is received, the
reassembled message is delivered upwards to the port/socket layer.

Not only is this an inefficient approach, but it may also cause bursts of
reassembly failures in low memory situations. since we may fail to allocate
the necessary large buffer in the first place. Furthermore, after 100 subsequent
such failures the link will be reset, something that in reality aggravates the
situation.

To remedy this problem, this patch introduces a different approach. Instead of
allocating a big reassembly buffer, we now append the arriving fragments
to a reassembly chain on the link, and deliver the whole chain up to the
socket layer once the last fragment has been received. This is safe because
the retransmission layer of a TIPC link always delivers packets in strict
uninterrupted order, to the reassembly layer as to all other upper layers.
Hence there can never be more than one fragment chain pending reassembly at
any given time in a link, and we can trust (but still verify) that the
fragments will be chained up in the correct order.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: don't reroute message fragments</title>
<updated>2013-11-07T23:30:11+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2013-11-06T08:28:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=528f6f4bf372511ebf6004eed822de8f749b5930'/>
<id>528f6f4bf372511ebf6004eed822de8f749b5930</id>
<content type='text'>
When a message fragment is received in a broadcast or unicast link,
the reception code will append the fragment payload to a big reassembly
buffer through a call to the function tipc_recv_fragm(). However, after
the return of that call, the logics goes on and passes the fragment
buffer to the function tipc_net_route_msg(), which will simply drop it.
This behavior is a remnant from the now obsolete multi-cluster
functionality, and has no relevance in the current code base.

Although currently harmless, this unnecessary call would be fatal
after applying the next patch in this series, which introduces
a completely new reassembly algorithm. So we change the code to
eliminate the redundant call.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When a message fragment is received in a broadcast or unicast link,
the reception code will append the fragment payload to a big reassembly
buffer through a call to the function tipc_recv_fragm(). However, after
the return of that call, the logics goes on and passes the fragment
buffer to the function tipc_net_route_msg(), which will simply drop it.
This behavior is a remnant from the now obsolete multi-cluster
functionality, and has no relevance in the current code base.

Although currently harmless, this unnecessary call would be fatal
after applying the next patch in this series, which introduces
a completely new reassembly algorithm. So we change the code to
eliminate the redundant call.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: remove two indentation levels in tipc_recv_msg routine</title>
<updated>2013-10-30T20:54:54+00:00</updated>
<author>
<name>Ying Xue</name>
<email>ying.xue@windriver.com</email>
</author>
<published>2013-10-30T03:26:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3af390e2c5fd8a8cab6d123c18fcd3e1a65b43c6'/>
<id>3af390e2c5fd8a8cab6d123c18fcd3e1a65b43c6</id>
<content type='text'>
The message dispatching part of tipc_recv_msg() is wrapped layers of
while/if/if/switch, causing out-of-control indentation and does not
look very good. We reduce two indentation levels by separating the
message dispatching from the blocks that checks link state and
sequence numbers, allowing longer function and arg names to be
consistently indented without wrapping. Additionally we also rename
"cont" label to "discard" and add one new label called "unlock_discard"
to make code clearer. In all, these are cosmetic changes that do not
alter the operation of TIPC in any way.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Cc: David Laight &lt;david.laight@aculab.com&gt;
Cc: Andreas Bofjäll &lt;andreas.bofjall@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The message dispatching part of tipc_recv_msg() is wrapped layers of
while/if/if/switch, causing out-of-control indentation and does not
look very good. We reduce two indentation levels by separating the
message dispatching from the blocks that checks link state and
sequence numbers, allowing longer function and arg names to be
consistently indented without wrapping. Additionally we also rename
"cont" label to "discard" and add one new label called "unlock_discard"
to make code clearer. In all, these are cosmetic changes that do not
alter the operation of TIPC in any way.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Cc: David Laight &lt;david.laight@aculab.com&gt;
Cc: Andreas Bofjäll &lt;andreas.bofjall@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: simplify the link lookup routine</title>
<updated>2013-10-18T17:20:43+00:00</updated>
<author>
<name>Erik Hugne</name>
<email>erik.hugne@ericsson.com</email>
</author>
<published>2013-10-18T05:23:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=bbfbe47cc99ce093708aaf28b7f2c08d28045c67'/>
<id>bbfbe47cc99ce093708aaf28b7f2c08d28045c67</id>
<content type='text'>
When checking statistics or changing parameters on a link, the
link_find_link function is used to locate the link with a given
name. The complex method of deconstructing the name into local
and remote address/interface is error prone and may fail if the
interface names contains special characters. We change the lookup
method to iterate over the list of nodes and compare the link
names.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When checking statistics or changing parameters on a link, the
link_find_link function is used to locate the link with a given
name. The complex method of deconstructing the name into local
and remote address/interface is error prone and may fail if the
interface names contains special characters. We change the lookup
method to iterate over the list of nodes and compare the link
names.

Signed-off-by: Erik Hugne &lt;erik.hugne@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: correct return value of link_cmd_set_value routine</title>
<updated>2013-10-18T17:20:43+00:00</updated>
<author>
<name>Ying Xue</name>
<email>ying.xue@windriver.com</email>
</author>
<published>2013-10-18T05:23:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=636c0371a737c27510df867161fb8100c2f086bd'/>
<id>636c0371a737c27510df867161fb8100c2f086bd</id>
<content type='text'>
link_cmd_set_value() takes commands for link, bearer and media related
configuration. Genereally the function returns 0 when a command is
recognized, and -EINVAL when it is not. However, in the switch for link
related commands it returns 0 even when the command is unrecognized. This
will sometimes make it look as if a failed configuration command has been
successful, but has otherwise no negative effects.

We remove this anomaly by returning -EINVAL even for link commands. We also
rework all three switches to make them  conforming to common kernel coding
style.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
link_cmd_set_value() takes commands for link, bearer and media related
configuration. Genereally the function returns 0 when a command is
recognized, and -EINVAL when it is not. However, in the switch for link
related commands it returns 0 even when the command is unrecognized. This
will sometimes make it look as if a failed configuration command has been
successful, but has otherwise no negative effects.

We remove this anomaly by returning -EINVAL even for link commands. We also
rework all three switches to make them  conforming to common kernel coding
style.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: silence sparse warnings</title>
<updated>2013-10-18T17:20:42+00:00</updated>
<author>
<name>Ying Xue</name>
<email>ying.xue@windriver.com</email>
</author>
<published>2013-10-18T05:23:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4068243208d605b046479e25c253379069a05fed'/>
<id>4068243208d605b046479e25c253379069a05fed</id>
<content type='text'>
Eliminate below sparse warnings:

net/tipc/link.c:1210:37: warning: cast removes address space of expression
net/tipc/link.c:1218:59: warning: incorrect type in argument 2 (different address spaces)
net/tipc/link.c:1218:59:    expected void const [noderef] &lt;asn:1&gt;*from
net/tipc/link.c:1218:59:    got unsigned char const [usertype] *[assigned] sect_crs
net/tipc/socket.c:341:49: warning: Using plain integer as NULL pointer
net/tipc/socket.c:1371:36: warning: Using plain integer as NULL pointer
net/tipc/socket.c:1694:57: warning: Using plain integer as NULL pointer

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Signed-off-by: Andreas Bofjäll &lt;andreas.bofjall@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Eliminate below sparse warnings:

net/tipc/link.c:1210:37: warning: cast removes address space of expression
net/tipc/link.c:1218:59: warning: incorrect type in argument 2 (different address spaces)
net/tipc/link.c:1218:59:    expected void const [noderef] &lt;asn:1&gt;*from
net/tipc/link.c:1218:59:    got unsigned char const [usertype] *[assigned] sect_crs
net/tipc/socket.c:341:49: warning: Using plain integer as NULL pointer
net/tipc/socket.c:1371:36: warning: Using plain integer as NULL pointer
net/tipc/socket.c:1694:57: warning: Using plain integer as NULL pointer

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Signed-off-by: Andreas Bofjäll &lt;andreas.bofjall@ericsson.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tipc: remove iovec length parameter from all sending functions</title>
<updated>2013-10-18T17:20:42+00:00</updated>
<author>
<name>Ying Xue</name>
<email>ying.xue@windriver.com</email>
</author>
<published>2013-10-18T05:23:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9446b87addd90a067b21c726aedd3c42694c1780'/>
<id>9446b87addd90a067b21c726aedd3c42694c1780</id>
<content type='text'>
tipc_msg_build() now copies message data from iovec to skb_buff
using memcpy_fromiovecend(), which doesn't need to be passed the
iovec length to perform the copying.

So we remove the parameter indicating iovec length in all
functions where TIPC messages are built and sent.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
tipc_msg_build() now copies message data from iovec to skb_buff
using memcpy_fromiovecend(), which doesn't need to be passed the
iovec length to perform the copying.

So we remove the parameter indicating iovec length in all
functions where TIPC messages are built and sent.

Signed-off-by: Ying Xue &lt;ying.xue@windriver.com&gt;
Reviewed-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
Signed-off-by: Jon Maloy &lt;jon.maloy@ericsson.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
