From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [060/141] xen-netback: coalesce slots in TX path and fix regressions
Date: Wed, 03 Jul 2013 14:39:57 -0400 [thread overview]
Message-ID: <20130703184054.550676722@goodmis.org> (raw)
In-Reply-To: 20130703183857.307196999@goodmis.org
[-- Attachment #1: 0060-xen-netback-coalesce-slots-in-TX-path-and-fix-regres.patch --]
[-- Type: text/plain, Size: 18027 bytes --]
3.6.11.6 stable review patch.
If anyone has any objections, please let me know.
------------------
From: Wei Liu <wei.liu2@citrix.com>
[ Upstream commit 2810e5b9a7731ca5fce22bfbe12c96e16ac44b6f ]
This patch tries to coalesce tx requests when constructing grant copy
structures. It enables netback to deal with situation when frontend's
MAX_SKB_FRAGS is larger than backend's MAX_SKB_FRAGS.
With the help of coalescing, this patch tries to address two regressions
avoid reopening the security hole in XSA-39.
Regression 1. The reduction of the number of supported ring entries (slots)
per packet (from 18 to 17). This regression has been around for some time but
remains unnoticed until XSA-39 security fix. This is fixed by coalescing
slots.
Regression 2. The XSA-39 security fix turning "too many frags" errors from
just dropping the packet to a fatal error and disabling the VIF. This is fixed
by coalescing slots (handling 18 slots when backend's MAX_SKB_FRAGS is 17)
which rules out false positive (using 18 slots is legit) and dropping packets
using 19 to `max_skb_slots` slots.
To avoid reopening security hole in XSA-39, frontend sending packet using more
than max_skb_slots is considered malicious.
The behavior of netback for packet is thus:
1-18 slots: valid
19-max_skb_slots slots: drop and respond with an error
max_skb_slots+ slots: fatal error
max_skb_slots is configurable by admin, default value is 20.
Also change variable name from "frags" to "slots" in netbk_count_requests.
Please note that RX path still has dependency on MAX_SKB_FRAGS. This will be
fixed with separate patch.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
drivers/net/xen-netback/netback.c | 273 ++++++++++++++++++++++++++++++-------
include/xen/interface/io/netif.h | 18 +++
2 files changed, 241 insertions(+), 50 deletions(-)
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index 0ed1b26..d5a4e74 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -46,11 +46,25 @@
#include <asm/xen/hypercall.h>
#include <asm/xen/page.h>
+/*
+ * This is the maximum slots a skb can have. If a guest sends a skb
+ * which exceeds this limit it is considered malicious.
+ */
+#define MAX_SKB_SLOTS_DEFAULT 20
+static unsigned int max_skb_slots = MAX_SKB_SLOTS_DEFAULT;
+module_param(max_skb_slots, uint, 0444);
+
+typedef unsigned int pending_ring_idx_t;
+#define INVALID_PENDING_RING_IDX (~0U)
+
struct pending_tx_info {
- struct xen_netif_tx_request req;
+ struct xen_netif_tx_request req; /* coalesced tx request */
struct xenvif *vif;
+ pending_ring_idx_t head; /* head != INVALID_PENDING_RING_IDX
+ * if it is head of one or more tx
+ * reqs
+ */
};
-typedef unsigned int pending_ring_idx_t;
struct netbk_rx_meta {
int id;
@@ -101,7 +115,11 @@ struct xen_netbk {
atomic_t netfront_count;
struct pending_tx_info pending_tx_info[MAX_PENDING_REQS];
- struct gnttab_copy tx_copy_ops[MAX_PENDING_REQS];
+ /* Coalescing tx requests before copying makes number of grant
+ * copy ops greater or equal to number of slots required. In
+ * worst case a tx request consumes 2 gnttab_copy.
+ */
+ struct gnttab_copy tx_copy_ops[2*MAX_PENDING_REQS];
u16 pending_ring[MAX_PENDING_REQS];
@@ -117,6 +135,16 @@ struct xen_netbk {
static struct xen_netbk *xen_netbk;
static int xen_netbk_group_nr;
+/*
+ * If head != INVALID_PENDING_RING_IDX, it means this tx request is head of
+ * one or more merged tx requests, otherwise it is the continuation of
+ * previous tx request.
+ */
+static inline int pending_tx_is_head(struct xen_netbk *netbk, RING_IDX idx)
+{
+ return netbk->pending_tx_info[idx].head != INVALID_PENDING_RING_IDX;
+}
+
void xen_netbk_add_xenvif(struct xenvif *vif)
{
int i;
@@ -249,6 +277,7 @@ static int max_required_rx_slots(struct xenvif *vif)
{
int max = DIV_ROUND_UP(vif->dev->mtu, PAGE_SIZE);
+ /* XXX FIXME: RX path dependent on MAX_SKB_FRAGS */
if (vif->can_sg || vif->gso || vif->gso_prefix)
max += MAX_SKB_FRAGS + 1; /* extra_info + frags */
@@ -626,6 +655,7 @@ static void xen_netbk_rx_action(struct xen_netbk *netbk)
__skb_queue_tail(&rxq, skb);
/* Filled the batch queue? */
+ /* XXX FIXME: RX path dependent on MAX_SKB_FRAGS */
if (count + MAX_SKB_FRAGS >= XEN_NETIF_RX_RING_SIZE)
break;
}
@@ -869,47 +899,78 @@ static void netbk_fatal_tx_err(struct xenvif *vif)
static int netbk_count_requests(struct xenvif *vif,
struct xen_netif_tx_request *first,
+ RING_IDX first_idx,
struct xen_netif_tx_request *txp,
int work_to_do)
{
RING_IDX cons = vif->tx.req_cons;
- int frags = 0;
+ int slots = 0;
+ int drop_err = 0;
if (!(first->flags & XEN_NETTXF_more_data))
return 0;
do {
- if (frags >= work_to_do) {
- netdev_err(vif->dev, "Need more frags\n");
+ if (slots >= work_to_do) {
+ netdev_err(vif->dev,
+ "Asked for %d slots but exceeds this limit\n",
+ work_to_do);
netbk_fatal_tx_err(vif);
return -ENODATA;
}
- if (unlikely(frags >= MAX_SKB_FRAGS)) {
- netdev_err(vif->dev, "Too many frags\n");
+ /* This guest is really using too many slots and
+ * considered malicious.
+ */
+ if (unlikely(slots >= max_skb_slots)) {
+ netdev_err(vif->dev,
+ "Malicious frontend using %d slots, threshold %u\n",
+ slots, max_skb_slots);
netbk_fatal_tx_err(vif);
return -E2BIG;
}
- memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + frags),
+ /* Xen network protocol had implicit dependency on
+ * MAX_SKB_FRAGS. XEN_NETIF_NR_SLOTS_MIN is set to the
+ * historical MAX_SKB_FRAGS value 18 to honor the same
+ * behavior as before. Any packet using more than 18
+ * slots but less than max_skb_slots slots is dropped
+ */
+ if (!drop_err && slots >= XEN_NETIF_NR_SLOTS_MIN) {
+ if (net_ratelimit())
+ netdev_dbg(vif->dev,
+ "Too many slots (%d) exceeding limit (%d), dropping packet\n",
+ slots, XEN_NETIF_NR_SLOTS_MIN);
+ drop_err = -E2BIG;
+ }
+
+ memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + slots),
sizeof(*txp));
if (txp->size > first->size) {
- netdev_err(vif->dev, "Frag is bigger than frame.\n");
+ netdev_err(vif->dev,
+ "Invalid tx request, slot size %u > remaining size %u\n",
+ txp->size, first->size);
netbk_fatal_tx_err(vif);
return -EIO;
}
first->size -= txp->size;
- frags++;
+ slots++;
if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) {
- netdev_err(vif->dev, "txp->offset: %x, size: %u\n",
+ netdev_err(vif->dev, "Cross page boundary, txp->offset: %x, size: %u\n",
txp->offset, txp->size);
netbk_fatal_tx_err(vif);
return -EINVAL;
}
} while ((txp++)->flags & XEN_NETTXF_more_data);
- return frags;
+
+ if (drop_err) {
+ netbk_tx_err(vif, first, first_idx + slots);
+ return drop_err;
+ }
+
+ return slots;
}
static struct page *xen_netbk_alloc_page(struct xen_netbk *netbk,
@@ -933,48 +994,114 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk,
struct skb_shared_info *shinfo = skb_shinfo(skb);
skb_frag_t *frags = shinfo->frags;
u16 pending_idx = *((u16 *)skb->data);
- int i, start;
+ u16 head_idx = 0;
+ int slot, start;
+ struct page *page;
+ pending_ring_idx_t index, start_idx = 0;
+ uint16_t dst_offset;
+ unsigned int nr_slots;
+ struct pending_tx_info *first = NULL;
+
+ /* At this point shinfo->nr_frags is in fact the number of
+ * slots, which can be as large as XEN_NETIF_NR_SLOTS_MIN.
+ */
+ nr_slots = shinfo->nr_frags;
/* Skip first skb fragment if it is on same page as header fragment. */
start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx);
- for (i = start; i < shinfo->nr_frags; i++, txp++) {
- struct page *page;
- pending_ring_idx_t index;
+ /* Coalesce tx requests, at this point the packet passed in
+ * should be <= 64K. Any packets larger than 64K have been
+ * handled in netbk_count_requests().
+ */
+ for (shinfo->nr_frags = slot = start; slot < nr_slots;
+ shinfo->nr_frags++) {
struct pending_tx_info *pending_tx_info =
netbk->pending_tx_info;
- index = pending_index(netbk->pending_cons++);
- pending_idx = netbk->pending_ring[index];
- page = xen_netbk_alloc_page(netbk, pending_idx);
+ page = alloc_page(GFP_KERNEL|__GFP_COLD);
if (!page)
goto err;
- gop->source.u.ref = txp->gref;
- gop->source.domid = vif->domid;
- gop->source.offset = txp->offset;
-
- gop->dest.u.gmfn = virt_to_mfn(page_address(page));
- gop->dest.domid = DOMID_SELF;
- gop->dest.offset = txp->offset;
-
- gop->len = txp->size;
- gop->flags = GNTCOPY_source_gref;
+ dst_offset = 0;
+ first = NULL;
+ while (dst_offset < PAGE_SIZE && slot < nr_slots) {
+ gop->flags = GNTCOPY_source_gref;
+
+ gop->source.u.ref = txp->gref;
+ gop->source.domid = vif->domid;
+ gop->source.offset = txp->offset;
+
+ gop->dest.domid = DOMID_SELF;
+
+ gop->dest.offset = dst_offset;
+ gop->dest.u.gmfn = virt_to_mfn(page_address(page));
+
+ if (dst_offset + txp->size > PAGE_SIZE) {
+ /* This page can only merge a portion
+ * of tx request. Do not increment any
+ * pointer / counter here. The txp
+ * will be dealt with in future
+ * rounds, eventually hitting the
+ * `else` branch.
+ */
+ gop->len = PAGE_SIZE - dst_offset;
+ txp->offset += gop->len;
+ txp->size -= gop->len;
+ dst_offset += gop->len; /* quit loop */
+ } else {
+ /* This tx request can be merged in the page */
+ gop->len = txp->size;
+ dst_offset += gop->len;
+
+ index = pending_index(netbk->pending_cons++);
+
+ pending_idx = netbk->pending_ring[index];
+
+ memcpy(&pending_tx_info[pending_idx].req, txp,
+ sizeof(*txp));
+ xenvif_get(vif);
+
+ pending_tx_info[pending_idx].vif = vif;
+
+ /* Poison these fields, corresponding
+ * fields for head tx req will be set
+ * to correct values after the loop.
+ */
+ netbk->mmap_pages[pending_idx] = (void *)(~0UL);
+ pending_tx_info[pending_idx].head =
+ INVALID_PENDING_RING_IDX;
+
+ if (!first) {
+ first = &pending_tx_info[pending_idx];
+ start_idx = index;
+ head_idx = pending_idx;
+ }
+
+ txp++;
+ slot++;
+ }
- gop++;
+ gop++;
+ }
- memcpy(&pending_tx_info[pending_idx].req, txp, sizeof(*txp));
- xenvif_get(vif);
- pending_tx_info[pending_idx].vif = vif;
- frag_set_pending_idx(&frags[i], pending_idx);
+ first->req.offset = 0;
+ first->req.size = dst_offset;
+ first->head = start_idx;
+ set_page_ext(page, netbk, head_idx);
+ netbk->mmap_pages[head_idx] = page;
+ frag_set_pending_idx(&frags[shinfo->nr_frags], head_idx);
}
+ BUG_ON(shinfo->nr_frags > MAX_SKB_FRAGS);
+
return gop;
err:
/* Unwind, freeing all pages and sending error responses. */
- while (i-- > start) {
- xen_netbk_idx_release(netbk, frag_get_pending_idx(&frags[i]),
- XEN_NETIF_RSP_ERROR);
+ while (shinfo->nr_frags-- > start) {
+ xen_netbk_idx_release(netbk,
+ frag_get_pending_idx(&frags[shinfo->nr_frags]),
+ XEN_NETIF_RSP_ERROR);
}
/* The head too, if necessary. */
if (start)
@@ -990,8 +1117,10 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk,
struct gnttab_copy *gop = *gopp;
u16 pending_idx = *((u16 *)skb->data);
struct skb_shared_info *shinfo = skb_shinfo(skb);
+ struct pending_tx_info *tx_info;
int nr_frags = shinfo->nr_frags;
int i, err, start;
+ u16 peek; /* peek into next tx request */
/* Check status of header. */
err = gop->status;
@@ -1003,11 +1132,20 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk,
for (i = start; i < nr_frags; i++) {
int j, newerr;
+ pending_ring_idx_t head;
pending_idx = frag_get_pending_idx(&shinfo->frags[i]);
+ tx_info = &netbk->pending_tx_info[pending_idx];
+ head = tx_info->head;
/* Check error status: if okay then remember grant handle. */
- newerr = (++gop)->status;
+ do {
+ newerr = (++gop)->status;
+ if (newerr)
+ break;
+ peek = netbk->pending_ring[pending_index(++head)];
+ } while (!pending_tx_is_head(netbk, peek));
+
if (likely(!newerr)) {
/* Had a previous error? Invalidate this fragment. */
if (unlikely(err))
@@ -1232,11 +1370,12 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
struct sk_buff *skb;
int ret;
- while (((nr_pending_reqs(netbk) + MAX_SKB_FRAGS) < MAX_PENDING_REQS) &&
+ while ((nr_pending_reqs(netbk) + XEN_NETIF_NR_SLOTS_MIN
+ < MAX_PENDING_REQS) &&
!list_empty(&netbk->net_schedule_list)) {
struct xenvif *vif;
struct xen_netif_tx_request txreq;
- struct xen_netif_tx_request txfrags[MAX_SKB_FRAGS];
+ struct xen_netif_tx_request txfrags[max_skb_slots];
struct page *page;
struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1];
u16 pending_idx;
@@ -1297,7 +1436,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
continue;
}
- ret = netbk_count_requests(vif, &txreq, txfrags, work_to_do);
+ ret = netbk_count_requests(vif, &txreq, idx,
+ txfrags, work_to_do);
if (unlikely(ret < 0))
continue;
@@ -1324,7 +1464,7 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
pending_idx = netbk->pending_ring[index];
data_len = (txreq.size > PKT_PROT_LEN &&
- ret < MAX_SKB_FRAGS) ?
+ ret < XEN_NETIF_NR_SLOTS_MIN) ?
PKT_PROT_LEN : txreq.size;
skb = alloc_skb(data_len + NET_SKB_PAD + NET_IP_ALIGN,
@@ -1374,6 +1514,7 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
memcpy(&netbk->pending_tx_info[pending_idx].req,
&txreq, sizeof(txreq));
netbk->pending_tx_info[pending_idx].vif = vif;
+ netbk->pending_tx_info[pending_idx].head = index;
*((u16 *)skb->data) = pending_idx;
__skb_put(skb, data_len);
@@ -1504,7 +1645,10 @@ static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx,
{
struct xenvif *vif;
struct pending_tx_info *pending_tx_info;
- pending_ring_idx_t index;
+ pending_ring_idx_t head;
+ u16 peek; /* peek into next tx request */
+
+ BUG_ON(netbk->mmap_pages[pending_idx] == (void *)(~0UL));
/* Already complete? */
if (netbk->mmap_pages[pending_idx] == NULL)
@@ -1513,19 +1657,40 @@ static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx,
pending_tx_info = &netbk->pending_tx_info[pending_idx];
vif = pending_tx_info->vif;
+ head = pending_tx_info->head;
- make_tx_response(vif, &pending_tx_info->req, status);
+ BUG_ON(!pending_tx_is_head(netbk, head));
+ BUG_ON(netbk->pending_ring[pending_index(head)] != pending_idx);
- index = pending_index(netbk->pending_prod++);
- netbk->pending_ring[index] = pending_idx;
+ do {
+ pending_ring_idx_t index;
+ pending_ring_idx_t idx = pending_index(head);
+ u16 info_idx = netbk->pending_ring[idx];
- xenvif_put(vif);
+ pending_tx_info = &netbk->pending_tx_info[info_idx];
+ make_tx_response(vif, &pending_tx_info->req, status);
+
+ /* Setting any number other than
+ * INVALID_PENDING_RING_IDX indicates this slot is
+ * starting a new packet / ending a previous packet.
+ */
+ pending_tx_info->head = 0;
+
+ index = pending_index(netbk->pending_prod++);
+ netbk->pending_ring[index] = netbk->pending_ring[info_idx];
+
+ xenvif_put(vif);
+
+ peek = netbk->pending_ring[pending_index(++head)];
+
+ } while (!pending_tx_is_head(netbk, peek));
netbk->mmap_pages[pending_idx]->mapping = 0;
put_page(netbk->mmap_pages[pending_idx]);
netbk->mmap_pages[pending_idx] = NULL;
}
+
static void make_tx_response(struct xenvif *vif,
struct xen_netif_tx_request *txp,
s8 st)
@@ -1578,8 +1743,9 @@ static inline int rx_work_todo(struct xen_netbk *netbk)
static inline int tx_work_todo(struct xen_netbk *netbk)
{
- if (((nr_pending_reqs(netbk) + MAX_SKB_FRAGS) < MAX_PENDING_REQS) &&
- !list_empty(&netbk->net_schedule_list))
+ if ((nr_pending_reqs(netbk) + XEN_NETIF_NR_SLOTS_MIN
+ < MAX_PENDING_REQS) &&
+ !list_empty(&netbk->net_schedule_list))
return 1;
return 0;
@@ -1662,6 +1828,13 @@ static int __init netback_init(void)
if (!xen_domain())
return -ENODEV;
+ if (max_skb_slots < XEN_NETIF_NR_SLOTS_MIN) {
+ printk(KERN_INFO
+ "xen-netback: max_skb_slots too small (%d), bump it to XEN_NETIF_NR_SLOTS_MIN (%d)\n",
+ max_skb_slots, XEN_NETIF_NR_SLOTS_MIN);
+ max_skb_slots = XEN_NETIF_NR_SLOTS_MIN;
+ }
+
xen_netbk_group_nr = num_online_cpus();
xen_netbk = vzalloc(sizeof(struct xen_netbk) * xen_netbk_group_nr);
if (!xen_netbk)
diff --git a/include/xen/interface/io/netif.h b/include/xen/interface/io/netif.h
index cb94668..a36c87a 100644
--- a/include/xen/interface/io/netif.h
+++ b/include/xen/interface/io/netif.h
@@ -13,6 +13,24 @@
#include "../grant_table.h"
/*
+ * Older implementation of Xen network frontend / backend has an
+ * implicit dependency on the MAX_SKB_FRAGS as the maximum number of
+ * ring slots a skb can use. Netfront / netback may not work as
+ * expected when frontend and backend have different MAX_SKB_FRAGS.
+ *
+ * A better approach is to add mechanism for netfront / netback to
+ * negotiate this value. However we cannot fix all possible
+ * frontends, so we need to define a value which states the minimum
+ * slots backend must support.
+ *
+ * The minimum value derives from older Linux kernel's MAX_SKB_FRAGS
+ * (18), which is proved to work with most frontends. Any new backend
+ * which doesn't negotiate with frontend should expect frontend to
+ * send a valid packet using slots up to this value.
+ */
+#define XEN_NETIF_NR_SLOTS_MIN 18
+
+/*
* Notifications after enqueuing any type of message should be conditional on
* the appropriate req_event or rsp_event field in the shared ring.
* If the client sends notification for rx requests then it should specify
--
1.7.10.4
next prev parent reply other threads:[~2013-07-03 19:01 UTC|newest]
Thread overview: 143+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-03 18:38 [000/141] 3.6.11.6-stable review Steven Rostedt
2013-07-03 18:38 ` [001/141] avr32: fix relocation check for signed 18-bit offset Steven Rostedt
2013-07-03 18:38 ` [002/141] ARM: plat-orion: Fix num_resources and id for ge10 and ge11 Steven Rostedt
2013-07-03 18:39 ` [003/141] cfg80211: fix wiphy_register error path Steven Rostedt
2013-07-03 18:39 ` [004/141] mac80211: fix AP-mode frame matching Steven Rostedt
2013-07-03 18:39 ` [005/141] usb: option: Add Telewell TW-LTE 4G Steven Rostedt
2013-07-03 18:39 ` [006/141] USB: option: add device IDs for Dell 5804 (Novatel E371) WWAN card Steven Rostedt
2013-07-03 18:39 ` [007/141] USB: ftdi_sio: Add support for Newport CONEX motor drivers Steven Rostedt
2013-07-03 18:39 ` [008/141] USB: cxacru: potential underflow in cxacru_cm_get_array() Steven Rostedt
2013-07-03 18:39 ` [009/141] TTY: Fix tty miss restart after we turn off flow-control Steven Rostedt
2013-07-03 18:39 ` [010/141] USB: Blacklisted Cinterions PLxx WWAN Interface Steven Rostedt
2013-07-03 18:39 ` [011/141] USB: reset resume quirk needed by a hub Steven Rostedt
2013-07-03 18:39 ` [012/141] USB: xHCI: override bogus bulk wMaxPacketSize values Steven Rostedt
2013-07-03 18:39 ` [013/141] USB: UHCI: fix for suspend of virtual HP controller Steven Rostedt
2013-07-03 18:39 ` [014/141] Input: egalax_ts - ABS_MT_POSITION_Y not reported well Steven Rostedt
2013-07-03 18:39 ` [015/141] cifs: only set ops for inodes in I_NEW state Steven Rostedt
2013-07-03 18:39 ` [016/141] random: fix accounting race condition with lockless irq entropy_count update Steven Rostedt
2013-07-03 18:39 ` [017/141] fat: fix possible overflow for fat_clusters Steven Rostedt
2013-07-03 18:39 ` [018/141] tg3: Skip powering down function 0 on certain serdes devices Steven Rostedt
2013-07-03 18:39 ` [019/141] tg3: Fix data corruption on 5725 with TSO Steven Rostedt
2013-07-03 18:39 ` [020/141] perf: net_dropmonitor: Fix trace parameter order Steven Rostedt
2013-07-03 18:39 ` [021/141] perf: net_dropmonitor: Fix symbol-relative addresses Steven Rostedt
2013-07-03 18:39 ` [022/141] ocfs2: goto out_unlock if ocfs2_get_clusters_nocache() failed in ocfs2_fiemap() Steven Rostedt
2013-07-03 18:39 ` [023/141] Kirkwood: Enable PCIe port 1 on QNAP TS-11x/TS-21x Steven Rostedt
2013-07-03 18:39 ` [024/141] drivers/leds/leds-ot200.c: fix error caused by shifted mask Steven Rostedt
2013-07-03 18:39 ` [025/141] rapidio/tsi721: fix bug in MSI interrupt handling Steven Rostedt
2013-07-03 18:39 ` [026/141] mm compaction: fix of improper cache flush in migration code Steven Rostedt
2013-07-03 18:39 ` [027/141] wait: fix false timeouts when using wait_event_timeout() Steven Rostedt
2013-07-03 18:39 ` [028/141] nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary Steven Rostedt
2013-07-03 18:39 ` [029/141] mm: memcg: remove incorrect VM_BUG_ON for swap cache pages in uncharge Steven Rostedt
2013-07-03 18:39 ` [030/141] drivers/block/brd.c: fix brd_lookup_page() race Steven Rostedt
2013-07-03 18:39 ` [031/141] mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas Steven Rostedt
2013-07-03 18:39 ` [032/141] mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer Steven Rostedt
2013-07-03 18:39 ` [033/141] xfs: kill suid/sgid through the truncate path Steven Rostedt
2013-07-03 18:39 ` [034/141] SUNRPC: Prevent an rpc_task wakeup race Steven Rostedt
2013-07-03 18:39 ` [035/141] ASoC: cs42l52: fix default value for MASTERA_VOL Steven Rostedt
2013-07-03 18:39 ` [036/141] drm/radeon: fix typo in cu_per_sh on verde Steven Rostedt
2013-07-03 18:39 ` [037/141] drm/radeon: fix card_posted check for newer asics Steven Rostedt
2013-07-03 18:39 ` [038/141] cifs: fix potential buffer overrun when composing a new options string Steven Rostedt
2013-07-03 18:39 ` [039/141] ata_piix: add PCI IDs for Intel BayTail Steven Rostedt
2013-07-03 18:39 ` [040/141] libata: make ata_exec_internal_sg honor DMADIR Steven Rostedt
2013-07-03 18:39 ` [041/141] m68k/mac: Fix unexpected interrupt with CONFIG_EARLY_PRINTK Steven Rostedt
2013-07-03 18:39 ` [042/141] iscsi-target: fix heap buffer overflow on error Steven Rostedt
2013-07-03 18:39 ` [043/141] ib_srpt: Call target_sess_cmd_list_set_waiting during shutdown_session Steven Rostedt
2013-07-03 18:39 ` [044/141] NFSv4: Fix a thinko in nfs4_try_open_cached Steven Rostedt
2013-07-03 18:39 ` [045/141] regulator: palmas: Fix "enable_reg" to point to the correct reg for SMPS10 Steven Rostedt
2013-07-03 18:39 ` [046/141] reiserfs: fix deadlock with nfs racing on create/lookup Steven Rostedt
2013-07-03 18:39 ` [047/141] reiserfs: fix problems with chowning setuid file w/ xattrs Steven Rostedt
2013-07-03 18:39 ` [048/141] reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry Steven Rostedt
2013-07-03 18:39 ` [049/141] jfs: fix a couple races Steven Rostedt
2013-07-03 18:39 ` [050/141] xen-netback: remove skb in xen_netbk_alloc_page Steven Rostedt
2013-07-03 18:39 ` [051/141] iommu/amd: Re-enable IOMMU event log interrupt after handling Steven Rostedt
2013-07-03 18:39 ` [052/141] iommu/amd: Workaround for ERBT1312 Steven Rostedt
2013-07-03 18:39 ` [053/141] ACPI / video: Add "Asus UL30A" to ACPI video detect blacklist Steven Rostedt
2013-07-03 18:39 ` [054/141] mac80211: close AP_VLAN interfaces before unregistering all Steven Rostedt
2013-07-03 18:39 ` [055/141] iwlwifi: dvm: fix zero LQ CMD sending avoidance Steven Rostedt
2013-07-03 18:39 ` [056/141] cfg80211: check wdev->netdev in connection work Steven Rostedt
2013-07-03 18:39 ` [057/141] ath9k: use correct OTP register offsets for AR9550 Steven Rostedt
2013-07-03 18:39 ` [058/141] tg3: Add read dma workaround for 5720 Steven Rostedt
2013-07-03 18:39 ` [059/141] target: Re-instate sess_wait_list for target_wait_for_sess_cmds Steven Rostedt
2013-07-03 18:39 ` Steven Rostedt [this message]
2013-07-03 18:39 ` [061/141] xen-netback: dont disconnect frontend when seeing oversize packet Steven Rostedt
2013-07-03 18:39 ` [062/141] xen-netback: remove redundent parameter in netbk_count_requests Steven Rostedt
2013-07-03 18:40 ` [063/141] xen-netback: avoid allocating variable size array on stack Steven Rostedt
2013-07-03 18:40 ` [064/141] xen-netfront: reduce gso_max_size to account for max TCP header Steven Rostedt
2013-07-03 18:40 ` [065/141] xen-netback: better names for thresholds Steven Rostedt
2013-07-03 18:40 ` [066/141] USB: serial: Add Option GTM681W to qcserial device table Steven Rostedt
2013-07-03 18:40 ` [067/141] USB: option: blacklist network interface on Huawei E1820 Steven Rostedt
2013-07-03 18:40 ` [068/141] xhci - correct comp_mode_recovery_timer on return from hibernate Steven Rostedt
2013-07-03 18:40 ` [069/141] xhci-mem: init list heads at the beginning of init Steven Rostedt
2013-07-03 18:40 ` [070/141] xhci: fix list access before init Steven Rostedt
2013-07-03 18:40 ` [071/141] xhci: Disable D3cold for buggy TI redrivers Steven Rostedt
2013-07-03 18:40 ` [072/141] ALSA: usb-audio: fix Roland/Cakewalk UM-3G support Steven Rostedt
2013-07-03 18:40 ` [073/141] ALSA: usb-audio - Apply Logitech QuickCam Pro 9000 quirk only to audio iface Steven Rostedt
2013-07-03 18:40 ` [074/141] ALSA: usb-audio - Fix invalid volume resolution on Logitech HD webcam c270 Steven Rostedt
2013-07-03 18:40 ` [075/141] USB: iuu_phoenix: fix bulk-message timeout Steven Rostedt
2013-07-03 18:40 ` [076/141] USB: keyspan: fix bogus array index Steven Rostedt
2013-07-03 18:40 ` [077/141] USB: ark3116: fix control-message timeout Steven Rostedt
2013-07-03 18:40 ` [078/141] USB: visor: fix initialisation of Treo/Kyocera devices Steven Rostedt
2013-07-03 18:40 ` [079/141] USB: Serial: cypress_M8: Enable FRWD Dongle hidcom device Steven Rostedt
2013-07-03 18:40 ` [080/141] USB: whiteheat: fix broken port configuration Steven Rostedt
2013-07-03 18:40 ` [081/141] USB: serial: fix Treo/Kyocera interrrupt-in urb context Steven Rostedt
2013-07-03 18:40 ` [082/141] USB: mos7840: fix DMA to stack Steven Rostedt
2013-07-03 18:40 ` [083/141] USB: mos7720: " Steven Rostedt
2013-07-03 18:40 ` [084/141] USB: mos7720: fix message timeouts Steven Rostedt
2013-07-03 18:40 ` [085/141] USB: mos7720: fix hardware flow control Steven Rostedt
2013-07-03 18:40 ` [086/141] ACPI / video: ignore BIOS initial backlight value for HP m4 Steven Rostedt
2013-07-03 18:40 ` [087/141] ACPI / video: ignore BIOS initial backlight value for HP Pavilion g6 Steven Rostedt
2013-07-03 18:40 ` [088/141] ARM: 7742/1: topology: export cpu_topology Steven Rostedt
2013-07-03 18:40 ` [089/141] ARM: 7743/1: compressed/head.S: work around new binutils warning Steven Rostedt
2013-07-03 18:40 ` [090/141] powerpc/eeh: Dont check RTAS token to get PE addr Steven Rostedt
2013-07-03 18:40 ` [091/141] dmaengine: ste_dma40: fix pm runtime ref counting Steven Rostedt
2013-07-03 18:40 ` [092/141] radeon: Fix system hang issue when using KMS with older cards Steven Rostedt
2013-07-03 18:40 ` [093/141] drm/radeon: dont allow audio on DCE6 Steven Rostedt
2013-07-03 18:40 ` [094/141] ecryptfs: fixed msync to flush data Steven Rostedt
2013-07-03 18:40 ` [095/141] eCryptfs: Check return of filemap_write_and_wait during fsync Steven Rostedt
2013-07-03 18:40 ` [096/141] hwmon: (adm1021) Strengthen chip detection for ADM1021, LM84 and MAX1617 Steven Rostedt
2013-07-03 18:40 ` [097/141] drm/mgag200: Add missing write to index before accessing data register Steven Rostedt
2013-07-03 18:40 ` [098/141] drm: fix a use-after-free when GPU acceleration disabled Steven Rostedt
2013-07-03 18:40 ` [099/141] drm/i915/sdvo: Use &intel_sdvo->ddc instead of intel_sdvo->i2c for DDC Steven Rostedt
2013-07-03 18:40 ` [100/141] drm/i915: no lvds quirk for hp t5740 Steven Rostedt
2013-07-03 18:40 ` [101/141] usb: dwc3: gadget: free trb pool only from epnum 2 Steven Rostedt
2013-07-03 18:40 ` [102/141] drm/gma500: Increase max resolution for mode setting Steven Rostedt
2013-07-03 18:40 ` [103/141] powerpc: Set default VGA device Steven Rostedt
2013-07-03 18:40 ` [104/141] powerpc/pseries: Force 32 bit MSIs for devices that require it Steven Rostedt
2013-07-03 18:40 ` [105/141] powerpc/pseries: Perform proper max_bus_speed detection Steven Rostedt
2013-07-03 18:40 ` [106/141] radeon: use max_bus_speed to activate gen2 speeds Steven Rostedt
2013-07-03 18:40 ` [107/141] iio: frequency: ad4350: Fix bug / typo in mask Steven Rostedt
2013-07-03 18:40 ` [108/141] USB: serial: add wait_until_sent operation Steven Rostedt
2013-07-03 18:40 ` [109/141] USB: serial: add generic wait_until_sent implementation Steven Rostedt
2013-07-03 18:40 ` [110/141] USB: io_ti: fix chars_in_buffer overhead Steven Rostedt
2013-07-03 18:40 ` [111/141] xen/smp: Fixup NOHZ per cpu data when onlining an offline CPU Steven Rostedt
2013-07-03 18:40 ` [112/141] b43: stop format string leaking into error msgs Steven Rostedt
2013-07-03 18:40 ` [113/141] ceph: add cpu_to_le32() calls when encoding a reconnect capability Steven Rostedt
2013-07-03 18:40 ` [114/141] ceph: ceph_pagelist_append might sleep while atomic Steven Rostedt
2013-07-03 18:40 ` [115/141] drivers/rtc/rtc-twl.c: fix missing device_init_wakeup() when booted with device tree Steven Rostedt
2013-07-03 18:40 ` [116/141] drm/gma500/psb: Unpin framebuffer on crtc disable Steven Rostedt
2013-07-03 18:40 ` [117/141] drm/gma500/cdv: " Steven Rostedt
2013-07-03 18:40 ` [118/141] Bluetooth: Fix mgmt handling of power on failures Steven Rostedt
2013-07-03 18:40 ` [119/141] ath9k: Disable PowerSave by default Steven Rostedt
2013-07-03 18:40 ` [120/141] Revert "ath9k_hw: Update rx gain initval to improve rx sensitivity" Steven Rostedt
2013-07-03 18:40 ` [121/141] ath9k: Use minstrel rate control by default Steven Rostedt
2013-07-03 18:40 ` [122/141] CPU hotplug: provide a generic helper to disable/enable CPU hotplug Steven Rostedt
2013-07-03 18:41 ` [123/141] reboot: rigrate shutdown/reboot to boot cpu Steven Rostedt
2013-07-03 18:41 ` [124/141] kmsg: honor dmesg_restrict sysctl on /dev/kmsg Steven Rostedt
2013-07-03 18:41 ` [125/141] cciss: fix broken mutex usage in ioctl Steven Rostedt
2013-07-03 18:41 ` [126/141] drm/i915: prefer VBT modes for SVDO-LVDS over EDID Steven Rostedt
2013-07-03 18:41 ` [127/141] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion Steven Rostedt
2013-07-03 18:41 ` [128/141] md/raid1: consider WRITE as successful only if at least one non-Faulty and non-rebuilding drive completed it Steven Rostedt
2013-07-03 18:41 ` [129/141] md/raid1,raid10: use freeze_array in place of raise_barrier in various places Steven Rostedt
2013-07-03 18:41 ` [130/141] mm: migration: add migrate_entry_wait_huge() Steven Rostedt
2013-07-03 18:41 ` [131/141] x86: Fix typo in kexec register clearing Steven Rostedt
2013-07-03 18:41 ` [132/141] libceph: clear messenger auth_retry flag when we authenticate Steven Rostedt
2013-07-03 18:41 ` [133/141] libceph: fix authorizer invalidation Steven Rostedt
2013-07-03 18:41 ` [134/141] libceph: add update_authorizer auth method Steven Rostedt
2013-07-03 18:41 ` [135/141] libceph: wrap auth ops in wrapper functions Steven Rostedt
2013-07-03 18:41 ` [136/141] libceph: wrap auth methods in a mutex Steven Rostedt
2013-07-03 18:41 ` [137/141] powerpc: Fix stack overflow crash in resume_kernel when ftracing Steven Rostedt
2013-07-03 18:41 ` [138/141] powerpc: Fix emulation of illegal instructions on PowerNV platform Steven Rostedt
2013-07-03 18:41 ` [139/141] powerpc: Fix missing/delayed calls to irq_work Steven Rostedt
2013-07-03 18:41 ` [140/141] USB: pl2303: fix device initialisation at open Steven Rostedt
2013-07-03 18:41 ` [141/141] USB: spcp8x5: " Steven Rostedt
2013-07-03 19:16 ` [000/141] 3.6.11.6-stable review Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130703184054.550676722@goodmis.org \
--to=rostedt@goodmis.org \
--cc=davem@davemloft.net \
--cc=ian.campbell@citrix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wei.liu2@citrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox