Please queue up the following networking bug fixes for 3.0.x-stable, 3.2.x-stable, and 3.3.x-stable respectively.
Thanks!
>From 614a1a267155150b202ba82f459555f2dfd56e0c Mon Sep 17 00:00:00 2001 From: Benjamin LaHaise <[email protected]> Date: Tue, 20 Mar 2012 03:57:54 +0000 Subject: [PATCH 1/7] Fix pppol2tp getsockname() [ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ] While testing L2TP functionality, I came across a bug in getsockname(). The IP address returned within the pppol2tp_addr's addr memember was not being set to the IP address in use. This bug is caused by using inet_sk() on the wrong socket (the L2TP socket rather than the underlying UDP socket), and was likely introduced during the addition of L2TPv3 support. Signed-off-by: Benjamin LaHaise <[email protected]> Signed-off-by: James Chapman <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/l2tp/l2tp_ppp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 39a21d0..13f9868 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -908,7 +908,7 @@ static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr, goto end_put_sess; } - inet = inet_sk(sk); + inet = inet_sk(tunnel->sock); if (tunnel->version == 2) { struct sockaddr_pppol2tp sp; len = sizeof(sp); -- 1.7.7.6 >From 8d30d6420b637b29fc84471bb4c6a857e472fa2e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Sun, 18 Mar 2012 02:40:48 +0000 Subject: [PATCH 2/7] net: bpf_jit: fix BPF_S_LDX_B_MSH compilation [ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ] Matt Evans spotted that x86 bpf_jit was incorrectly handling negative constant offsets in BPF_S_LDX_B_MSH instruction. We need to abort JIT compilation like we do in common_load so that filter uses the interpreter code and can call __load_pointer() Reference: http://lists.openwall.net/netdev/2011/07/19/11 Thanks to Indan Zupancic to bring back this issue. Reported-by: Matt Evans <[email protected]> Reported-by: Indan Zupancic <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- arch/x86/net/bpf_jit_comp.c | 14 +++++--------- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index 7c1b765..5671752 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_LD_W_ABS: func = sk_load_word; common_load: seen |= SEEN_DATAREF; - if ((int)K < 0) + if ((int)K < 0) { + /* Abort the JIT because __load_pointer() is needed. */ goto out; + } t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); /* mov imm32,%esi */ EMIT1_off32(0xe8, t_offset); /* call */ @@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF; goto common_load; case BPF_S_LDX_B_MSH: if ((int)K < 0) { - if (pc_ret0 > 0) { - /* addrs[pc_ret0 - 1] is the start address */ - EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]); - break; - } - CLEAR_A(); - EMIT_JMP(cleanup_addr - addrs[i]); - break; + /* Abort the JIT because __load_pointer() is needed. */ + goto out; } seen |= SEEN_DATAREF | SEEN_XREG; t_offset = sk_load_byte_msh - (image + addrs[i]); -- 1.7.7.6 >From 6c81e086f3da5ab72801dda2d7d8fc756219e7b9 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Tue, 27 Mar 2012 09:53:52 +0000 Subject: [PATCH 3/7] net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() [ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) added a regression in rt6_fill_node(), leading to rcu_read_lock() imbalance. Thats because NLA_PUT() can make a jump to nla_put_failure label. Fix this by using nla_put() Many thanks to Ben Greear for his help Reported-by: Ben Greear <[email protected]> Reported-by: Dave Jones <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Tested-by: Ben Greear <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/ipv6/route.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index e70e902..8e600f8 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2411,8 +2411,12 @@ static int rt6_fill_node(struct net *net, rcu_read_lock(); n = dst_get_neighbour(&rt->dst); - if (n) - NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); + if (n) { + if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { + rcu_read_unlock(); + goto nla_put_failure; + } + } rcu_read_unlock(); if (rt->dst.dev) -- 1.7.7.6 >From 0fc09f4e0703bfb90c461a23120d5ab7bf019118 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Wed, 21 Mar 2012 06:58:03 +0000 Subject: [PATCH 4/7] net: fix napi_reuse_skb() skb reserve [ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ] napi->skb is allocated in napi_get_frags() using netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD + NET_IP_ALIGN bytes. However, when such skb is recycled in napi_reuse_skb(), it ends with a reserve of NET_IP_ALIGN which is suboptimal. Signed-off-by: Eric Dumazet <[email protected]> Cc: Herbert Xu <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/core/dev.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 17fdbf8..f134f88 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3504,7 +3504,8 @@ EXPORT_SYMBOL(napi_gro_receive); static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb) { __skb_pull(skb, skb_headlen(skb)); - skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); + /* restore the reserve we had after netdev_alloc_skb_ip_align() */ + skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb)); skb->vlan_tci = 0; skb->dev = napi->dev; skb->skb_iif = 0; -- 1.7.7.6 >From ea2a58435da894993683e3ad6e350fef1685403f Mon Sep 17 00:00:00 2001 From: Dave Jones <[email protected]> Date: Mon, 19 Mar 2012 13:01:07 +0000 Subject: [PATCH 5/7] Remove printk from rds_sendmsg [ Upstream commit a6506e1486181975d318344143aca722b2b91621 ] no socket layer outputs a message for this error and neither should rds. Signed-off-by: Dave Jones <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/rds/send.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/net/rds/send.c b/net/rds/send.c index d58ae5f..c803341 100644 --- a/net/rds/send.c +++ b/net/rds/send.c @@ -932,7 +932,6 @@ int rds_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, /* Mirror Linux UDP mirror of BSD error message compatibility */ /* XXX: Perhaps MSG_MORE someday */ if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { - printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags); ret = -EOPNOTSUPP; goto out; } -- 1.7.7.6 >From 2fcda11818b28ee2846c95855046686cdc0af4e7 Mon Sep 17 00:00:00 2001 From: stephen hemminger <[email protected]> Date: Wed, 21 Mar 2012 05:32:05 +0000 Subject: [PATCH 6/7] sky2: override for PCI legacy power management [ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ] Some BIOS's don't setup power management correctly (what else is new) and don't allow use of PCI Express power control. Add a special exception module parameter to allow working around this issue. Based on slightly different patch by Knut Petersen. Reported-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- drivers/net/sky2.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c index 3ee41da..80df3a8 100644 --- a/drivers/net/sky2.c +++ b/drivers/net/sky2.c @@ -94,6 +94,10 @@ static int disable_msi = 0; module_param(disable_msi, int, 0); MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)"); +static int legacy_pme = 0; +module_param(legacy_pme, int, 0); +MODULE_PARM_DESC(legacy_pme, "Legacy power management"); + static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = { { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */ { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */ @@ -794,6 +798,13 @@ static void sky2_wol_init(struct sky2_port *sky2) /* Disable PiG firmware */ sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF); + /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */ + if (legacy_pme) { + u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1); + reg1 |= PCI_Y2_PME_LEGACY; + sky2_pci_write32(hw, PCI_DEV_REG1, reg1); + } + /* block receiver */ sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET); } -- 1.7.7.6 >From 5e80741a11459f91553c8ff1bd12eec21c1cc572 Mon Sep 17 00:00:00 2001 From: Steffen Klassert <[email protected]> Date: Wed, 21 Mar 2012 23:36:13 +0000 Subject: [PATCH 7/7] xfrm: Access the replay notify functions via the registered callbacks [ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ] We call the wrong replay notify function when we use ESN replay handling. This leads to the fact that we don't send notifications if we use ESN. Fix this by calling the registered callbacks instead of xfrm_replay_notify(). Signed-off-by: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/xfrm/xfrm_replay.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index b11ea69..3235023 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -166,7 +166,7 @@ static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq) } if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb) @@ -293,7 +293,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq) } if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event) @@ -502,7 +502,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) } if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static struct xfrm_replay xfrm_replay_legacy = { -- 1.7.7.6
>From c1c18dd841e1acb901844e73e4a419e6d5e94318 Mon Sep 17 00:00:00 2001 From: Benjamin LaHaise <[email protected]> Date: Tue, 20 Mar 2012 03:57:54 +0000 Subject: [PATCH 1/8] Fix pppol2tp getsockname() [ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ] While testing L2TP functionality, I came across a bug in getsockname(). The IP address returned within the pppol2tp_addr's addr memember was not being set to the IP address in use. This bug is caused by using inet_sk() on the wrong socket (the L2TP socket rather than the underlying UDP socket), and was likely introduced during the addition of L2TPv3 support. Signed-off-by: Benjamin LaHaise <[email protected]> Signed-off-by: James Chapman <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/l2tp/l2tp_ppp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 8a90d75..b1bd16f 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -915,7 +915,7 @@ static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr, goto end_put_sess; } - inet = inet_sk(sk); + inet = inet_sk(tunnel->sock); if (tunnel->version == 2) { struct sockaddr_pppol2tp sp; len = sizeof(sp); -- 1.7.7.6 >From 50f8b11db950dc674bc0ac6cc50ea2b587fabd64 Mon Sep 17 00:00:00 2001 From: Gao feng <[email protected]> Date: Mon, 19 Mar 2012 22:36:10 +0000 Subject: [PATCH 2/8] ipv6: fix incorrent ipv6 ipsec packet fragment [ Upstream commit 1f85851e17b64cabd089a8a8839dddebc627948c ] Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem) In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen) the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent Fix this by reserve headroom for dst_exthdrlen. Signed-off-by: Gao feng <[email protected]> Acked-by: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/ipv6/ip6_output.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ec56271..f7f07e2 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1411,8 +1411,9 @@ alloc_new_skb: */ skb->ip_summed = csummode; skb->csum = 0; - /* reserve for fragmentation */ - skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); + /* reserve for fragmentation and ipsec header */ + skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + + dst_exthdrlen); if (sk->sk_type == SOCK_DGRAM) skb_shinfo(skb)->tx_flags = tx_flags; @@ -1420,9 +1421,9 @@ alloc_new_skb: /* * Find where to start putting bytes */ - data = skb_put(skb, fraglen + dst_exthdrlen); - skb_set_network_header(skb, exthdrlen + dst_exthdrlen); - data += fragheaderlen + dst_exthdrlen; + data = skb_put(skb, fraglen); + skb_set_network_header(skb, exthdrlen); + data += fragheaderlen; skb->transport_header = (skb->network_header + fragheaderlen); if (fraggap) { -- 1.7.7.6 >From 1e9d54fb995b9fb49b723b0ebf79782fb15071f7 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Sun, 18 Mar 2012 02:40:48 +0000 Subject: [PATCH 3/8] net: bpf_jit: fix BPF_S_LDX_B_MSH compilation [ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ] Matt Evans spotted that x86 bpf_jit was incorrectly handling negative constant offsets in BPF_S_LDX_B_MSH instruction. We need to abort JIT compilation like we do in common_load so that filter uses the interpreter code and can call __load_pointer() Reference: http://lists.openwall.net/netdev/2011/07/19/11 Thanks to Indan Zupancic to bring back this issue. Reported-by: Matt Evans <[email protected]> Reported-by: Indan Zupancic <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- arch/x86/net/bpf_jit_comp.c | 14 +++++--------- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index 7c1b765..5671752 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_LD_W_ABS: func = sk_load_word; common_load: seen |= SEEN_DATAREF; - if ((int)K < 0) + if ((int)K < 0) { + /* Abort the JIT because __load_pointer() is needed. */ goto out; + } t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); /* mov imm32,%esi */ EMIT1_off32(0xe8, t_offset); /* call */ @@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF; goto common_load; case BPF_S_LDX_B_MSH: if ((int)K < 0) { - if (pc_ret0 > 0) { - /* addrs[pc_ret0 - 1] is the start address */ - EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]); - break; - } - CLEAR_A(); - EMIT_JMP(cleanup_addr - addrs[i]); - break; + /* Abort the JIT because __load_pointer() is needed. */ + goto out; } seen |= SEEN_DATAREF | SEEN_XREG; t_offset = sk_load_byte_msh - (image + addrs[i]); -- 1.7.7.6 >From ad454b8a4852f7bbb8d86ae07dbc13cc7479ad01 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Tue, 27 Mar 2012 09:53:52 +0000 Subject: [PATCH 4/8] net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() [ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) added a regression in rt6_fill_node(), leading to rcu_read_lock() imbalance. Thats because NLA_PUT() can make a jump to nla_put_failure label. Fix this by using nla_put() Many thanks to Ben Greear for his help Reported-by: Ben Greear <[email protected]> Reported-by: Dave Jones <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Tested-by: Ben Greear <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/ipv6/route.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index b582a0a..059b9d9 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2446,8 +2446,12 @@ static int rt6_fill_node(struct net *net, rcu_read_lock(); n = dst_get_neighbour(&rt->dst); - if (n) - NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); + if (n) { + if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { + rcu_read_unlock(); + goto nla_put_failure; + } + } rcu_read_unlock(); if (rt->dst.dev) -- 1.7.7.6 >From b1e9f286f86f2c17995d0092da97998ed1a52b25 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Wed, 21 Mar 2012 06:58:03 +0000 Subject: [PATCH 5/8] net: fix napi_reuse_skb() skb reserve [ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ] napi->skb is allocated in napi_get_frags() using netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD + NET_IP_ALIGN bytes. However, when such skb is recycled in napi_reuse_skb(), it ends with a reserve of NET_IP_ALIGN which is suboptimal. Signed-off-by: Eric Dumazet <[email protected]> Cc: Herbert Xu <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/core/dev.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index c56cacf..55cd370 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3634,7 +3634,8 @@ EXPORT_SYMBOL(napi_gro_receive); static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb) { __skb_pull(skb, skb_headlen(skb)); - skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); + /* restore the reserve we had after netdev_alloc_skb_ip_align() */ + skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb)); skb->vlan_tci = 0; skb->dev = napi->dev; skb->skb_iif = 0; -- 1.7.7.6 >From 972312b8df4174aa1487928daaf3e0dbffa937ad Mon Sep 17 00:00:00 2001 From: Dave Jones <[email protected]> Date: Mon, 19 Mar 2012 13:01:07 +0000 Subject: [PATCH 6/8] Remove printk from rds_sendmsg [ Upstream commit a6506e1486181975d318344143aca722b2b91621 ] no socket layer outputs a message for this error and neither should rds. Signed-off-by: Dave Jones <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/rds/send.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/net/rds/send.c b/net/rds/send.c index e2d63c5..96531d4 100644 --- a/net/rds/send.c +++ b/net/rds/send.c @@ -935,7 +935,6 @@ int rds_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, /* Mirror Linux UDP mirror of BSD error message compatibility */ /* XXX: Perhaps MSG_MORE someday */ if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { - printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags); ret = -EOPNOTSUPP; goto out; } -- 1.7.7.6 >From 4e541d17f7a70db2bbd3d7800d0afd1196f772e2 Mon Sep 17 00:00:00 2001 From: stephen hemminger <[email protected]> Date: Wed, 21 Mar 2012 05:32:05 +0000 Subject: [PATCH 7/8] sky2: override for PCI legacy power management [ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ] Some BIOS's don't setup power management correctly (what else is new) and don't allow use of PCI Express power control. Add a special exception module parameter to allow working around this issue. Based on slightly different patch by Knut Petersen. Reported-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- drivers/net/ethernet/marvell/sky2.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c index 7803efa..f612b35 100644 --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -95,6 +95,10 @@ static int disable_msi = 0; module_param(disable_msi, int, 0); MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)"); +static int legacy_pme = 0; +module_param(legacy_pme, int, 0); +MODULE_PARM_DESC(legacy_pme, "Legacy power management"); + static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = { { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */ { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */ @@ -867,6 +871,13 @@ static void sky2_wol_init(struct sky2_port *sky2) /* Disable PiG firmware */ sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF); + /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */ + if (legacy_pme) { + u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1); + reg1 |= PCI_Y2_PME_LEGACY; + sky2_pci_write32(hw, PCI_DEV_REG1, reg1); + } + /* block receiver */ sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET); sky2_read32(hw, B0_CTST); -- 1.7.7.6 >From 3a1a2612bf6b5d17df2b63c7ca03d67fbe15a15a Mon Sep 17 00:00:00 2001 From: Steffen Klassert <[email protected]> Date: Wed, 21 Mar 2012 23:36:13 +0000 Subject: [PATCH 8/8] xfrm: Access the replay notify functions via the registered callbacks [ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ] We call the wrong replay notify function when we use ESN replay handling. This leads to the fact that we don't send notifications if we use ESN. Fix this by calling the registered callbacks instead of xfrm_replay_notify(). Signed-off-by: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/xfrm/xfrm_replay.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 39e02c5..2f6d11d 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -167,7 +167,7 @@ static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq) } if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb) @@ -279,7 +279,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq) replay_esn->bmp[nr] |= (1U << bitnr); if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event) @@ -473,7 +473,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) replay_esn->bmp[nr] |= (1U << bitnr); if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static struct xfrm_replay xfrm_replay_legacy = { -- 1.7.7.6
>From 997a695fc8a065c729ec228c0b87a7c22dc05e96 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Sun, 18 Mar 2012 02:40:48 +0000 Subject: [PATCH 1/8] net: bpf_jit: fix BPF_S_LDX_B_MSH compilation [ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ] Matt Evans spotted that x86 bpf_jit was incorrectly handling negative constant offsets in BPF_S_LDX_B_MSH instruction. We need to abort JIT compilation like we do in common_load so that filter uses the interpreter code and can call __load_pointer() Reference: http://lists.openwall.net/netdev/2011/07/19/11 Thanks to Indan Zupancic to bring back this issue. Reported-by: Matt Evans <[email protected]> Reported-by: Indan Zupancic <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- arch/x86/net/bpf_jit_comp.c | 14 +++++--------- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index 7c1b765..5671752 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_LD_W_ABS: func = sk_load_word; common_load: seen |= SEEN_DATAREF; - if ((int)K < 0) + if ((int)K < 0) { + /* Abort the JIT because __load_pointer() is needed. */ goto out; + } t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); /* mov imm32,%esi */ EMIT1_off32(0xe8, t_offset); /* call */ @@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF; goto common_load; case BPF_S_LDX_B_MSH: if ((int)K < 0) { - if (pc_ret0 > 0) { - /* addrs[pc_ret0 - 1] is the start address */ - EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]); - break; - } - CLEAR_A(); - EMIT_JMP(cleanup_addr - addrs[i]); - break; + /* Abort the JIT because __load_pointer() is needed. */ + goto out; } seen |= SEEN_DATAREF | SEEN_XREG; t_offset = sk_load_byte_msh - (image + addrs[i]); -- 1.7.7.6 >From d40850a8c9c0608fc486ad7f352702533898df28 Mon Sep 17 00:00:00 2001 From: Gao feng <[email protected]> Date: Mon, 19 Mar 2012 22:36:10 +0000 Subject: [PATCH 2/8] ipv6: fix incorrent ipv6 ipsec packet fragment [ Upstream commit 1f85851e17b64cabd089a8a8839dddebc627948c ] Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem) In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen) the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent Fix this by reserve headroom for dst_exthdrlen. Signed-off-by: Gao feng <[email protected]> Acked-by: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/ipv6/ip6_output.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index d97e071..ea58e27a 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1416,8 +1416,9 @@ alloc_new_skb: */ skb->ip_summed = csummode; skb->csum = 0; - /* reserve for fragmentation */ - skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); + /* reserve for fragmentation and ipsec header */ + skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + + dst_exthdrlen); if (sk->sk_type == SOCK_DGRAM) skb_shinfo(skb)->tx_flags = tx_flags; @@ -1425,9 +1426,9 @@ alloc_new_skb: /* * Find where to start putting bytes */ - data = skb_put(skb, fraglen + dst_exthdrlen); - skb_set_network_header(skb, exthdrlen + dst_exthdrlen); - data += fragheaderlen + dst_exthdrlen; + data = skb_put(skb, fraglen); + skb_set_network_header(skb, exthdrlen); + data += fragheaderlen; skb->transport_header = (skb->network_header + fragheaderlen); if (fraggap) { -- 1.7.7.6 >From c40b8d23db77c1023ac8bbb2bf6fcce6db76c7a5 Mon Sep 17 00:00:00 2001 From: Dave Jones <[email protected]> Date: Mon, 19 Mar 2012 13:01:07 +0000 Subject: [PATCH 3/8] Remove printk from rds_sendmsg [ Upstream commit a6506e1486181975d318344143aca722b2b91621 ] no socket layer outputs a message for this error and neither should rds. Signed-off-by: Dave Jones <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/rds/send.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/net/rds/send.c b/net/rds/send.c index e2d63c5..96531d4 100644 --- a/net/rds/send.c +++ b/net/rds/send.c @@ -935,7 +935,6 @@ int rds_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, /* Mirror Linux UDP mirror of BSD error message compatibility */ /* XXX: Perhaps MSG_MORE someday */ if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { - printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags); ret = -EOPNOTSUPP; goto out; } -- 1.7.7.6 >From e56b54c50e16fda9abf25ca8276e6d918d7b58b8 Mon Sep 17 00:00:00 2001 From: Benjamin LaHaise <[email protected]> Date: Tue, 20 Mar 2012 03:57:54 +0000 Subject: [PATCH 4/8] Fix pppol2tp getsockname() [ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ] While testing L2TP functionality, I came across a bug in getsockname(). The IP address returned within the pppol2tp_addr's addr memember was not being set to the IP address in use. This bug is caused by using inet_sk() on the wrong socket (the L2TP socket rather than the underlying UDP socket), and was likely introduced during the addition of L2TPv3 support. Signed-off-by: Benjamin LaHaise <[email protected]> Signed-off-by: James Chapman <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/l2tp/l2tp_ppp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 8a90d75..b1bd16f 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -915,7 +915,7 @@ static int pppol2tp_getname(struct socket *sock, struct sockaddr *uaddr, goto end_put_sess; } - inet = inet_sk(sk); + inet = inet_sk(tunnel->sock); if (tunnel->version == 2) { struct sockaddr_pppol2tp sp; len = sizeof(sp); -- 1.7.7.6 >From a6a871fb214995ea98fe5003ce9e3c4c55595004 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Wed, 21 Mar 2012 06:58:03 +0000 Subject: [PATCH 5/8] net: fix napi_reuse_skb() skb reserve [ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ] napi->skb is allocated in napi_get_frags() using netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD + NET_IP_ALIGN bytes. However, when such skb is recycled in napi_reuse_skb(), it ends with a reserve of NET_IP_ALIGN which is suboptimal. Signed-off-by: Eric Dumazet <[email protected]> Cc: Herbert Xu <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/core/dev.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 6ca32f6..a4bf943 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3569,7 +3569,8 @@ EXPORT_SYMBOL(napi_gro_receive); static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb) { __skb_pull(skb, skb_headlen(skb)); - skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); + /* restore the reserve we had after netdev_alloc_skb_ip_align() */ + skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb)); skb->vlan_tci = 0; skb->dev = napi->dev; skb->skb_iif = 0; -- 1.7.7.6 >From ca717fa414d95a3fc575c646a516dad6381c03bc Mon Sep 17 00:00:00 2001 From: stephen hemminger <[email protected]> Date: Wed, 21 Mar 2012 05:32:05 +0000 Subject: [PATCH 6/8] sky2: override for PCI legacy power management [ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ] Some BIOS's don't setup power management correctly (what else is new) and don't allow use of PCI Express power control. Add a special exception module parameter to allow working around this issue. Based on slightly different patch by Knut Petersen. Reported-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- drivers/net/ethernet/marvell/sky2.c | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c index 760c2b1..b4a208e 100644 --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -95,6 +95,10 @@ static int disable_msi = 0; module_param(disable_msi, int, 0); MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)"); +static int legacy_pme = 0; +module_param(legacy_pme, int, 0); +MODULE_PARM_DESC(legacy_pme, "Legacy power management"); + static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = { { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */ { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */ @@ -867,6 +871,13 @@ static void sky2_wol_init(struct sky2_port *sky2) /* Disable PiG firmware */ sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF); + /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */ + if (legacy_pme) { + u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1); + reg1 |= PCI_Y2_PME_LEGACY; + sky2_pci_write32(hw, PCI_DEV_REG1, reg1); + } + /* block receiver */ sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET); sky2_read32(hw, B0_CTST); -- 1.7.7.6 >From 7de1ce54acd0914694178f7af2b63759b2f19131 Mon Sep 17 00:00:00 2001 From: Steffen Klassert <[email protected]> Date: Wed, 21 Mar 2012 23:36:13 +0000 Subject: [PATCH 7/8] xfrm: Access the replay notify functions via the registered callbacks [ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ] We call the wrong replay notify function when we use ESN replay handling. This leads to the fact that we don't send notifications if we use ESN. Fix this by calling the registered callbacks instead of xfrm_replay_notify(). Signed-off-by: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/xfrm/xfrm_replay.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 39e02c5..2f6d11d 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -167,7 +167,7 @@ static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq) } if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb) @@ -279,7 +279,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq) replay_esn->bmp[nr] |= (1U << bitnr); if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event) @@ -473,7 +473,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq) replay_esn->bmp[nr] |= (1U << bitnr); if (xfrm_aevent_is_on(xs_net(x))) - xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); + x->repl->notify(x, XFRM_REPLAY_UPDATE); } static struct xfrm_replay xfrm_replay_legacy = { -- 1.7.7.6 >From f096c1671ac2a2e0b0f9c87400b26edcc232a37e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <[email protected]> Date: Tue, 27 Mar 2012 09:53:52 +0000 Subject: [PATCH 8/8] net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() [ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) added a regression in rt6_fill_node(), leading to rcu_read_lock() imbalance. Thats because NLA_PUT() can make a jump to nla_put_failure label. Fix this by using nla_put() Many thanks to Ben Greear for his help Reported-by: Ben Greear <[email protected]> Reported-by: Dave Jones <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Tested-by: Ben Greear <[email protected]> Signed-off-by: David S. Miller <[email protected]> --- net/ipv6/route.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 22b7664..4d5915d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2461,8 +2461,12 @@ static int rt6_fill_node(struct net *net, rcu_read_lock(); n = dst_get_neighbour_noref(&rt->dst); - if (n) - NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); + if (n) { + if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { + rcu_read_unlock(); + goto nla_put_failure; + } + } rcu_read_unlock(); if (rt->dst.dev) -- 1.7.7.6
