linux.git/include, branch v3.6-rc7 Linux kernel source tree Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-21T21:32:55+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-09-21T21:32:55+00:00 abef3bd71029b80ec1bdd6c6244b5b0b99f56633 Pull networking updates from David Miller: "More bug fixes, nothing gets past these guys" 1) More kernel info leaks found by Mathias Krause, this time in the IPSEC configuration layers. 2) When IPSEC policies change, we do not properly make sure that cached routes (which could now be stale) throughout the system will be revalidated. Fix this by generalizing the generation count invalidation scheme used by ipv4. From Nicolas Dichtel. 3) When repairing TCP sockets, we need to allow to restore not just the send window scale, but the receive one too. Extend the existing interface to achieve this in a backwards compatible way. From Andrey Vagin. 4) A fix for FCOE scatter gather feature validation erroneously caused scatter gather to be disabled for things like AOE too. From Ed L Cashin. 5) Several cases of mishandling of error pointers, from Mathias Krause, Wei Yongjun, and Devendra Naga. 6) Fix gianfar build, from Richard Cochran. 7) CAP_NET_* failures should return -EPERM not -EACCES, from Zhao Hongjiang. 8) Hardware reset fix in janz-ican3 CAN driver, from Ira W Snyder. 9) Fix oops during rmmod in ti_hecc CAN driver, from Marc Kleine-Budde. 10) The removal of the conditional compilation of the clk support code in the stmmac driver broke things. This is because the interfaces used are the ones that don't also perform the enable/disable of the clk. Fix from Stefan Roese. 11) The QFQ packet scheduler can record out of range virtual start times, resulting later in misbehavior and even crashes. Fix from Paolo Valente. 12) If MSG_WAITALL is used with IOAT DMA under TCP, we can wedge the receiver when the advertised receive window goes to zero. Detect this case and force the processing of the IOAT DMA queue when it happens to avoid getting stuck. Fix from Michal Kubecek. 13) batman-adv assumes that test_bit() returns only 0 or 1, but this is not true for x86 (which returns -1 or 0, via the 'sbb' instruction). Fix from Linus Lussing. 14) Fix small packet corruption in e1000, from Tushar Dave. 15) make_blackhole() in the IPSEC policy code can do one read unlock too many, fix from Li RongQing. 16) The new tcp_try_coalesce() code introduced a bug in TCP URG handling, fix from Eric Dumazet. 17) Fix memory leak in __netif_receive_skb() when doing zerocopy and when hit an OOM condition. From Michael S Tsirkin. 18) netxen blindly deferences pdev->bus->self, which is not guarenteed to be non-NULL. Fix from Nikolay Aleksandrov. 19) Fix a performance regression caused by mistakes in ipv6 checksum validation in the bnx2x driver, fix from Michal Schmidt. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits) net/stmmac: Use clk_prepare_enable and clk_disable_unprepare net: change return values from -EACCES to -EPERM net/irda: sh_sir: fix return value check in sh_sir_set_baudrate() stmmac: fix return value check in stmmac_open_ext_timer() gianfar: fix phc index build failure ipv6: fix return value check in fib6_add() bnx2x: remove false warning regarding interrupt number can: ti_hecc: fix oops during rmmod can: janz-ican3: fix support for older hardware revisions net: do not disable sg for packets requiring no checksum aoe: assert AoE packets marked as requiring no checksum at91ether: return PTR_ERR if call to clk_get fails xfrm_user: don't copy esn replay window twice for new states xfrm_user: ensure user supplied esn replay window is valid xfrm_user: fix info leak in copy_to_user_tmpl() xfrm_user: fix info leak in copy_to_user_policy() xfrm_user: fix info leak in copy_to_user_state() xfrm_user: fix info leak in copy_to_user_auth() net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200 tcp: restore rcv_wscale in a repair mode (v2) ... 
Pull networking updates from David Miller:
 "More bug fixes, nothing gets past these guys"

 1) More kernel info leaks found by Mathias Krause, this time in the
    IPSEC configuration layers.

 2) When IPSEC policies change, we do not properly make sure that cached
    routes (which could now be stale) throughout the system will be
    revalidated.  Fix this by generalizing the generation count
    invalidation scheme used by ipv4.  From Nicolas Dichtel.

 3) When repairing TCP sockets, we need to allow to restore not just the
    send window scale, but the receive one too.  Extend the existing
    interface to achieve this in a backwards compatible way.  From
    Andrey Vagin.

 4) A fix for FCOE scatter gather feature validation erroneously caused
    scatter gather to be disabled for things like AOE too.  From Ed L
    Cashin.

 5) Several cases of mishandling of error pointers, from Mathias Krause,
    Wei Yongjun, and Devendra Naga.

 6) Fix gianfar build, from Richard Cochran.

 7) CAP_NET_* failures should return -EPERM not -EACCES, from Zhao
    Hongjiang.

 8) Hardware reset fix in janz-ican3 CAN driver, from Ira W Snyder.

 9) Fix oops during rmmod in ti_hecc CAN driver, from Marc Kleine-Budde.

10) The removal of the conditional compilation of the clk support code
    in the stmmac driver broke things.  This is because the interfaces
    used are the ones that don't also perform the enable/disable of the
    clk.  Fix from Stefan Roese.

11) The QFQ packet scheduler can record out of range virtual start
    times, resulting later in misbehavior and even crashes.  Fix from
    Paolo Valente.

12) If MSG_WAITALL is used with IOAT DMA under TCP, we can wedge the
    receiver when the advertised receive window goes to zero.  Detect
    this case and force the processing of the IOAT DMA queue when it
    happens to avoid getting stuck.  Fix from Michal Kubecek.

13) batman-adv assumes that test_bit() returns only 0 or 1, but this is
    not true for x86 (which returns -1 or 0, via the 'sbb' instruction).
    Fix from Linus Lussing.

14) Fix small packet corruption in e1000, from Tushar Dave.

15) make_blackhole() in the IPSEC policy code can do one read unlock too
    many, fix from Li RongQing.

16) The new tcp_try_coalesce() code introduced a bug in TCP URG
    handling, fix from Eric Dumazet.

17) Fix memory leak in __netif_receive_skb() when doing zerocopy and
    when hit an OOM condition.  From Michael S Tsirkin.

18) netxen blindly deferences pdev->bus->self, which is not guarenteed
    to be non-NULL.  Fix from Nikolay Aleksandrov.

19) Fix a performance regression caused by mistakes in ipv6 checksum
    validation in the bnx2x driver, fix from Michal Schmidt.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (45 commits)
  net/stmmac: Use clk_prepare_enable and clk_disable_unprepare
  net: change return values from -EACCES to -EPERM
  net/irda: sh_sir: fix return value check in sh_sir_set_baudrate()
  stmmac: fix return value check in stmmac_open_ext_timer()
  gianfar: fix phc index build failure
  ipv6: fix return value check in fib6_add()
  bnx2x: remove false warning regarding interrupt number
  can: ti_hecc: fix oops during rmmod
  can: janz-ican3: fix support for older hardware revisions
  net: do not disable sg for packets requiring no checksum
  aoe: assert AoE packets marked as requiring no checksum
  at91ether: return PTR_ERR if call to clk_get fails
  xfrm_user: don't copy esn replay window twice for new states
  xfrm_user: ensure user supplied esn replay window is valid
  xfrm_user: fix info leak in copy_to_user_tmpl()
  xfrm_user: fix info leak in copy_to_user_policy()
  xfrm_user: fix info leak in copy_to_user_state()
  xfrm_user: fix info leak in copy_to_user_auth()
  net: qmi_wwan: adding Huawei E367, ZTE MF683 and Pantech P4200
  tcp: restore rcv_wscale in a repair mode (v2)
  ...
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-09-21T21:24:48+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-09-21T21:24:48+00:00 18f5600ba2629feca202a7d6387b9c32371af329 Pull perf fixes from Ingo Molnar: "Small perf fixlets" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: tracing: Don't call page_to_pfn() if page is NULL perf/x86: Fix Intel Ivy Bridge support perf/x86/ibs: Check syscall attribute flags perf/x86: Export Sandy Bridge uncore clockticks event in sysfs 
Pull perf fixes from Ingo Molnar:
 "Small perf fixlets"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  tracing: Don't call page_to_pfn() if page is NULL
  perf/x86: Fix Intel Ivy Bridge support
  perf/x86/ibs: Check syscall attribute flags
  perf/x86: Export Sandy Bridge uncore clockticks event in sysfs
Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging 2012-09-21T19:33:31+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-09-21T19:33:31+00:00 6d77987fe62eb97479f27426d12f33ef97145c5b Pull hwmon fixes from Guenter Roeck: - Add missing 'name' sysfs attributes to ad7314 and ads7871 drivers - Bump maximum wait time for applesmc driver (again) - Fix build warning seen with W=1 in include/linux/kernel.h, introduced with commit b6d86d3d6d6e ("Fix DIV_ROUND_CLOSEST to support negative dividends") * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST hwmon: (applesmc) Bump max wait hwmon: (ad7314) Add 'name' sysfs attribute hwmon: (ads7871) Add 'name' sysfs attribute 
Pull hwmon fixes from Guenter Roeck:
 - Add missing 'name' sysfs attributes to ad7314 and ads7871 drivers
 - Bump maximum wait time for applesmc driver (again)
 - Fix build warning seen with W=1 in include/linux/kernel.h, introduced
   with commit b6d86d3d6d6e ("Fix DIV_ROUND_CLOSEST to support negative
   dividends")

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST
  hwmon: (applesmc) Bump max wait
  hwmon: (ad7314) Add 'name' sysfs attribute
  hwmon: (ads7871) Add 'name' sysfs attribute
Merge tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2012-09-21T19:06:54+00:00 Linus Torvalds torvalds@linux-foundation.org 2012-09-21T19:06:54+00:00 8ca7de91640a9840a0d29021d17492be7fd8232b Pull Xen bug-fixes from Konrad Rzeszutek Wilk: - Fix M2P batching re-using the incorrect structure field. In v3.5 we added batching for M2P override (Machine Frame Number -> Physical Frame Number), but the original MFN was saved in an incorrect structure - and we would oops/restore when restoring with the old MFN. - Disable BIOS SMP MP table search. A bootup issue that we had ignored until we found that on DL380 G6 it was needed. * tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/boot: Disable BIOS SMP MP table search. xen/m2p: do not reuse kmap_op->dev_bus_addr 
Pull Xen bug-fixes from Konrad Rzeszutek Wilk:
 - Fix M2P batching re-using the incorrect structure field.

   In v3.5 we added batching for M2P override (Machine Frame Number ->
   Physical Frame Number), but the original MFN was saved in an
   incorrect structure - and we would oops/restore when restoring with
   the old MFN.

 - Disable BIOS SMP MP table search.

   A bootup issue that we had ignored until we found that on DL380 G6 it
   was needed.

* tag 'stable/for-linus-3.6-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/boot: Disable BIOS SMP MP table search.
  xen/m2p: do not reuse kmap_op->dev_bus_addr
xfrm_user: ensure user supplied esn replay window is valid 2012-09-20T22:08:40+00:00 Mathias Krause minipli@googlemail.com 2012-09-20T10:01:49+00:00 ecd7918745234e423dd87fcc0c077da557909720 The current code fails to ensure that the netlink message actually contains as many bytes as the header indicates. If a user creates a new state or updates an existing one but does not supply the bytes for the whole ESN replay window, the kernel copies random heap bytes into the replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL netlink attribute. This leads to following issues: 1. The replay window has random bits set confusing the replay handling code later on. 2. A malicious user could use this flaw to leak up to ~3.5kB of heap memory when she has access to the XFRM netlink interface (requires CAP_NET_ADMIN). Known users of the ESN replay window are strongSwan and Steffen's iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter uses the interface with a bitmap supplied while the former does not. strongSwan is therefore prone to run into issue 1. To fix both issues without breaking existing userland allow using the XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a fully specified one. For the former case we initialize the in-kernel bitmap with zero, for the latter we copy the user supplied bitmap. For state updates the full bitmap must be supplied. To prevent overflows in the bitmap length calculation the maximum size of bmp_len is limited to 128 by this patch -- resulting in a maximum replay window of 4096 packets. This should be sufficient for all real life scenarios (RFC 4303 recommends a default replay window size of 64). Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: Martin Willi <martin@revosec.ch> Cc: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
The current code fails to ensure that the netlink message actually
contains as many bytes as the header indicates. If a user creates a new
state or updates an existing one but does not supply the bytes for the
whole ESN replay window, the kernel copies random heap bytes into the
replay bitmap, the ones happen to follow the XFRMA_REPLAY_ESN_VAL
netlink attribute. This leads to following issues:

1. The replay window has random bits set confusing the replay handling
   code later on.

2. A malicious user could use this flaw to leak up to ~3.5kB of heap
   memory when she has access to the XFRM netlink interface (requires
   CAP_NET_ADMIN).

Known users of the ESN replay window are strongSwan and Steffen's
iproute2 patch (<http://patchwork.ozlabs.org/patch/85962/>). The latter
uses the interface with a bitmap supplied while the former does not.
strongSwan is therefore prone to run into issue 1.

To fix both issues without breaking existing userland allow using the
XFRMA_REPLAY_ESN_VAL netlink attribute with either an empty bitmap or a
fully specified one. For the former case we initialize the in-kernel
bitmap with zero, for the latter we copy the user supplied bitmap. For
state updates the full bitmap must be supplied.

To prevent overflows in the bitmap length calculation the maximum size
of bmp_len is limited to 128 by this patch -- resulting in a maximum
replay window of 4096 packets. This should be sufficient for all real
life scenarios (RFC 4303 recommends a default replay window size of 64).

Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Martin Willi <martin@revosec.ch>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
tracing: Don't call page_to_pfn() if page is NULL 2012-09-20T19:51:16+00:00 Wen Congyang wency@cn.fujitsu.com 2012-09-20T06:04:47+00:00 85f2a2ef1d0ab99523e0b947a2b723f5650ed6aa When allocating memory fails, page is NULL. page_to_pfn() will cause the kernel panicked if we don't use sparsemem vmemmap. Link: http://lkml.kernel.org/r/505AB1FF.8020104@cn.fujitsu.com Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: stable <stable@vger.kernel.org> Acked-by: Mel Gorman <mel@csn.ul.ie> Reviewed-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> 
When allocating memory fails, page is NULL. page_to_pfn() will
cause the kernel panicked if we don't use sparsemem vmemmap.

Link: http://lkml.kernel.org/r/505AB1FF.8020104@cn.fujitsu.com

Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable <stable@vger.kernel.org>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
linux/kernel.h: Fix warning seen with W=1 due to change in DIV_ROUND_CLOSEST 2012-09-19T13:51:25+00:00 Guenter Roeck linux@roeck-us.net 2012-09-19T03:42:31+00:00 263a523d18bca306016d75f5c8d5c57c37fe52fb After commit b6d86d3d (Fix DIV_ROUND_CLOSEST to support negative dividends), the following warning is seen if the kernel is compiled with W=1 (-Wextra): warning: comparison of unsigned expression >= 0 is always true The warning is due to the test '((typeof(x))-1) >= 0', which is used to detect if the variable type is unsigned. Research on the web suggests that the warning disappears if '>' instead of '>=' is used for the comparison. Tests after changing the macro along that line show that the warning is gone, and that the result is still correct: i=-4: DIV_ROUND_CLOSEST(i, 2)=-2 i=-3: DIV_ROUND_CLOSEST(i, 2)=-2 i=-2: DIV_ROUND_CLOSEST(i, 2)=-1 i=-1: DIV_ROUND_CLOSEST(i, 2)=-1 i=0: DIV_ROUND_CLOSEST(i, 2)=0 i=1: DIV_ROUND_CLOSEST(i, 2)=1 i=2: DIV_ROUND_CLOSEST(i, 2)=1 i=3: DIV_ROUND_CLOSEST(i, 2)=2 i=4: DIV_ROUND_CLOSEST(i, 2)=2 Code size is the same as before. Signed-off-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Mauro Carvalho Chehab <mchehab@redhat.com> Acked-by: Jean Delvare <khali@linux-fr.org> 
After commit b6d86d3d (Fix DIV_ROUND_CLOSEST to support negative dividends),
the following warning is seen if the kernel is compiled with W=1 (-Wextra):

warning: comparison of unsigned expression >= 0 is always true

The warning is due to the test '((typeof(x))-1) >= 0', which is used to detect
if the variable type is unsigned. Research on the web suggests that the warning
disappears if '>' instead of '>=' is used for the comparison.

Tests after changing the macro along that line show that the warning is gone,
and that the result is still correct:

i=-4: DIV_ROUND_CLOSEST(i, 2)=-2
i=-3: DIV_ROUND_CLOSEST(i, 2)=-2
i=-2: DIV_ROUND_CLOSEST(i, 2)=-1
i=-1: DIV_ROUND_CLOSEST(i, 2)=-1
i=0: DIV_ROUND_CLOSEST(i, 2)=0
i=1: DIV_ROUND_CLOSEST(i, 2)=1
i=2: DIV_ROUND_CLOSEST(i, 2)=1
i=3: DIV_ROUND_CLOSEST(i, 2)=2
i=4: DIV_ROUND_CLOSEST(i, 2)=2

Code size is the same as before.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Acked-by: Jean Delvare <khali@linux-fr.org>
ipv6: use net->rt_genid to check dst validity 2012-09-18T19:57:03+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2012-09-10T22:09:46+00:00 6f3118b571b8a4c06c7985dc3172c3526cb86253 IPv6 dst should take care of rt_genid too. When a xfrm policy is inserted or deleted, all dst should be invalidated. To force the validation, dst entries should be created with ->obsolete set to DST_OBSOLETE_FORCE_CHK. This was already the case for all functions calling ip6_dst_alloc(), except for ip6_rt_copy(). As a consequence, we can remove the specific code in inet6_connection_sock. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
IPv6 dst should take care of rt_genid too. When a xfrm policy is inserted or
deleted, all dst should be invalidated.
To force the validation, dst entries should be created with ->obsolete set to
DST_OBSOLETE_FORCE_CHK. This was already the case for all functions calling
ip6_dst_alloc(), except for ip6_rt_copy().

As a consequence, we can remove the specific code in inet6_connection_sock.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
netns: move net->ipv4.rt_genid to net->rt_genid 2012-09-18T19:57:03+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2012-09-10T22:09:44+00:00 b42664f898c976247f7f609b8bb9c94d7475ca10 This commit prepares the use of rt_genid by both IPv4 and IPv6. Initialization is left in IPv4 part. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
This commit prepares the use of rt_genid by both IPv4 and IPv6.
Initialization is left in IPv4 part.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv4/route: arg delay is useless in rt_cache_flush() 2012-09-18T19:44:34+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2012-09-07T00:45:29+00:00 bafa6d9d89072c1a18853afe9ee5de05c491c13a Since route cache deletion (89aef8921bfbac22f), delay is no more used. Remove it. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Since route cache deletion (89aef8921bfbac22f), delay is no
more used. Remove it.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>