Netdev List
 help / color / mirror / Atom feed
* Re: ipv4: Simplify ARP hash function.
From: Martin Mares @ 2011-07-08 17:40 UTC (permalink / raw)
  To: David Miller; +Cc: netdev
In-Reply-To: <20110708.101056.89960389404725087.davem@davemloft.net>

Hello!

> Using Jenkins is over the top.
> 
> If the premise is that the hash_rnd is a random unpredictable key,
> then:
> 
> 	key ^ dev->ifindex ^ hash_rnd
> 
> results in an unpredictable hash result, even if an attacker
> controls 'key' and 'dev->ifindex' completely.
> 
> Therefore, if this hash result is unpredictable, then the
> final fold phase of:
> 
> 	(val >> 8) ^ (val >> 16) ^ (val >> 24)
> 
> is unpredictable as well.

If I understand the new hash function correctly, it should be very easy
for an outside attacker to force arbitrary collisions.

The hash function is linear, so it can be reduced to:

	a = key ^ dev->ifindex
	return (a >> 8) ^ (a >> 16) ^ (a >> 24)				// (1)
	     ^ (hash_rnd >> 8) ^ (hash_rnd >> 16) ^ (hash_rnd >> 24)	// (2)

Where (1) is under control of the attacker and while (2) is not, the
only effect of (2) is a random permutation on the hash buckets.

I.e., the attacker can generate arbitrarily long collision chains,
although he cannot pick the bucket where the collisions happen :)

Am I right?

				Have a nice fortnight
-- 
Martin `MJ' Mares                          <mj@ucw.cz>   http://mj.ucw.cz/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
If going to a church makes you a Christian, does going to a garage make you a car?

^ permalink raw reply

* ipv4: Simplify ARP hash function.
From: David Miller @ 2011-07-08 17:10 UTC (permalink / raw)
  To: netdev


Using Jenkins is over the top.

If the premise is that the hash_rnd is a random unpredictable key,
then:

	key ^ dev->ifindex ^ hash_rnd

results in an unpredictable hash result, even if an attacker
controls 'key' and 'dev->ifindex' completely.

Therefore, if this hash result is unpredictable, then the
final fold phase of:

	(val >> 8) ^ (val >> 16) ^ (val >> 24)

is unpredictable as well.

Signed-off-by: David S. Miller <davem@davemloft.net>
---

Someone please check my logic :-) This sames ~100 cycles during a
neigh_lookup() on my Niagara2 box.

diff --git a/include/net/arp.h b/include/net/arp.h
index 91f0568..d570747 100644
--- a/include/net/arp.h
+++ b/include/net/arp.h
@@ -8,6 +8,13 @@
 
 extern struct neigh_table arp_tbl;
 
+static inline u32 arp_hashfn(u32 key, const struct net_device *dev, u32 hash_rnd)
+{
+	u32 val = key ^ dev->ifindex ^ hash_rnd;
+
+	return (val >> 8) ^ (val >> 16) ^ (val >> 24);
+}
+
 extern void	arp_init(void);
 extern int	arp_find(unsigned char *haddr, struct sk_buff *skb);
 extern int	arp_ioctl(struct net *net, unsigned int cmd, void __user *arg);
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 1b74d3b..4412b57 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -97,7 +97,6 @@
 #include <linux/init.h>
 #include <linux/net.h>
 #include <linux/rcupdate.h>
-#include <linux/jhash.h>
 #include <linux/slab.h>
 #ifdef CONFIG_SYSCTL
 #include <linux/sysctl.h>
@@ -232,7 +231,7 @@ static u32 arp_hash(const void *pkey,
 		    const struct net_device *dev,
 		    __u32 hash_rnd)
 {
-	return jhash_2words(*(u32 *)pkey, dev->ifindex, hash_rnd);
+	return arp_hashfn(*(u32 *)pkey, dev, hash_rnd);
 }
 
 static int arp_constructor(struct neighbour *neigh)

^ permalink raw reply related

* Re: [PATCHv3] sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket
From: David Miller @ 2011-07-08 16:53 UTC (permalink / raw)
  To: vladislav.yasevich; +Cc: netdev, yjwei, sri, linux-sctp
In-Reply-To: <4E1733CF.5090004@hp.com>

From: Vladislav Yasevich <vladislav.yasevich@hp.com>
Date: Fri, 08 Jul 2011 12:43:59 -0400

> On 07/08/2011 10:37 AM, Thomas Graf wrote:
>> Trigger user ABORT if application closes a socket which has data
>> queued on the socket receive queue or chunks waiting on the
>> reassembly or ordering queue as this would imply data being lost
>> which defeats the point of a graceful shutdown.
>> 
>> This behavior is already practiced in TCP.
>> 
>> We do not check the input queue because that would mean to parse
>> all chunks on it to look for unacknowledged data which seems too
>> much of an effort. Control chunks or duplicated chunks may also
>> be in the input queue and should not be stopping a graceful
>> shutdown.
>> 
>> Signed-off-by: Thomas Graf <tgraf@infradead.org>
> 
> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>

Applied, thanks.

^ permalink raw reply

* Re: [PATCHv3] sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket
From: Vladislav Yasevich @ 2011-07-08 16:43 UTC (permalink / raw)
  To: netdev, davem, Wei Yongjun, Sridhar Samudrala, linux-sctp
In-Reply-To: <20110708143746.GB24249@canuck.infradead.org>

On 07/08/2011 10:37 AM, Thomas Graf wrote:
> Trigger user ABORT if application closes a socket which has data
> queued on the socket receive queue or chunks waiting on the
> reassembly or ordering queue as this would imply data being lost
> which defeats the point of a graceful shutdown.
> 
> This behavior is already practiced in TCP.
> 
> We do not check the input queue because that would mean to parse
> all chunks on it to look for unacknowledged data which seems too
> much of an effort. Control chunks or duplicated chunks may also
> be in the input queue and should not be stopping a graceful
> shutdown.
> 
> Signed-off-by: Thomas Graf <tgraf@infradead.org>

Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>

-vlad

> 
> diff --git a/include/net/sctp/ulpevent.h b/include/net/sctp/ulpevent.h
> index 99b027b..ca4693b 100644
> --- a/include/net/sctp/ulpevent.h
> +++ b/include/net/sctp/ulpevent.h
> @@ -80,7 +80,7 @@ static inline struct sctp_ulpevent *sctp_skb2event(struct sk_buff *skb)
>  
>  void sctp_ulpevent_free(struct sctp_ulpevent *);
>  int sctp_ulpevent_is_notification(const struct sctp_ulpevent *);
> -void sctp_queue_purge_ulpevents(struct sk_buff_head *list);
> +unsigned int sctp_queue_purge_ulpevents(struct sk_buff_head *list);
>  
>  struct sctp_ulpevent *sctp_ulpevent_make_assoc_change(
>  	const struct sctp_association *asoc,
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 08c6238..d3ccf79 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -1384,6 +1384,7 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
>  	struct sctp_endpoint *ep;
>  	struct sctp_association *asoc;
>  	struct list_head *pos, *temp;
> +	unsigned int data_was_unread;
>  
>  	SCTP_DEBUG_PRINTK("sctp_close(sk: 0x%p, timeout:%ld)\n", sk, timeout);
>  
> @@ -1393,6 +1394,10 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
>  
>  	ep = sctp_sk(sk)->ep;
>  
> +	/* Clean up any skbs sitting on the receive queue.  */
> +	data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
> +	data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
> +
>  	/* Walk all associations on an endpoint.  */
>  	list_for_each_safe(pos, temp, &ep->asocs) {
>  		asoc = list_entry(pos, struct sctp_association, asocs);
> @@ -1410,7 +1415,9 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
>  			}
>  		}
>  
> -		if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
> +		if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) ||
> +		    !skb_queue_empty(&asoc->ulpq.reasm) ||
> +		    (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) {
>  			struct sctp_chunk *chunk;
>  
>  			chunk = sctp_make_abort_user(asoc, NULL, 0);
> @@ -1420,10 +1427,6 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
>  			sctp_primitive_SHUTDOWN(asoc, NULL);
>  	}
>  
> -	/* Clean up any skbs sitting on the receive queue.  */
> -	sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
> -	sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
> -
>  	/* On a TCP-style socket, block for at most linger_time if set. */
>  	if (sctp_style(sk, TCP) && timeout)
>  		sctp_wait_for_close(sk, timeout);
> diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
> index e70e5fc..8a84017 100644
> --- a/net/sctp/ulpevent.c
> +++ b/net/sctp/ulpevent.c
> @@ -1081,9 +1081,19 @@ void sctp_ulpevent_free(struct sctp_ulpevent *event)
>  }
>  
>  /* Purge the skb lists holding ulpevents. */
> -void sctp_queue_purge_ulpevents(struct sk_buff_head *list)
> +unsigned int sctp_queue_purge_ulpevents(struct sk_buff_head *list)
>  {
>  	struct sk_buff *skb;
> -	while ((skb = skb_dequeue(list)) != NULL)
> -		sctp_ulpevent_free(sctp_skb2event(skb));
> +	unsigned int data_unread = 0;
> +
> +	while ((skb = skb_dequeue(list)) != NULL) {
> +		struct sctp_ulpevent *event = sctp_skb2event(skb);
> +
> +		if (!sctp_ulpevent_is_notification(event))
> +			data_unread += skb->len;
> +
> +		sctp_ulpevent_free(event);
> +	}
> +
> +	return data_unread;
>  }
> 


^ permalink raw reply

* Re: [PATCHv3] sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket
From: David Miller @ 2011-07-08 16:37 UTC (permalink / raw)
  To: tgraf; +Cc: vladislav.yasevich, netdev, yjwei, sri, linux-sctp
In-Reply-To: <20110708143746.GB24249@canuck.infradead.org>

From: Thomas Graf <tgraf@infradead.org>
Date: Fri, 8 Jul 2011 10:37:46 -0400

> Trigger user ABORT if application closes a socket which has data
> queued on the socket receive queue or chunks waiting on the
> reassembly or ordering queue as this would imply data being lost
> which defeats the point of a graceful shutdown.
> 
> This behavior is already practiced in TCP.
> 
> We do not check the input queue because that would mean to parse
> all chunks on it to look for unacknowledged data which seems too
> much of an effort. Control chunks or duplicated chunks may also
> be in the input queue and should not be stopping a graceful
> shutdown.
> 
> Signed-off-by: Thomas Graf <tgraf@infradead.org>

Vlad please ACK/NACK this updated patch.

Thanks.

^ permalink raw reply

* Re: pull request: wireless-next-2.6 2011-07-08
From: David Miller @ 2011-07-08 16:37 UTC (permalink / raw)
  To: linville-2XuSBdqkA4R54TAoqtyWWQ
  Cc: linux-wireless-u79uwXL29TY76Z2rM5mHXA,
	netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <20110708162808.GB15143-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>

From: "John W. Linville" <linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>
Date: Fri, 8 Jul 2011 12:28:08 -0400

> Here is another batch of wireless updates intended for 3.1.  The most
> interesting new thing here is the NFC subsystem.  There are also the
> usual variety of driver updates, particular for iwlagn, rtlwifi, rt2x00,
> and wl12xx.  Johannes continues to tend to mac80211 as well.
> 
> Please let me know if there are problems!

Pulled, thanks John.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: pull request: wireless-2.6 2011-07-08
From: David Miller @ 2011-07-08 16:33 UTC (permalink / raw)
  To: linville-2XuSBdqkA4R54TAoqtyWWQ
  Cc: linux-wireless-u79uwXL29TY76Z2rM5mHXA,
	netdev-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <20110708162144.GA15143-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>

From: "John W. Linville" <linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>
Date: Fri, 8 Jul 2011 12:21:44 -0400

> Here is a final(?) batch of wireless-related fixes intended for 3.0.
> Included are a fix for a TKIP replay vulnerability from Johannes, a
> locking fix related to rfkill and a memory corruption fix from Luca,
> an SSB initialization fix from Rafał, an ath9k performance regression
> fix from Rajkumar, and some fixes from Pavel for sysfs bad pointer
> accesses in ath5k.
> 
> Also included are some Bluetooth fixes.  Gustavo described them thusly:
> 
> 	There are here two regression fixes, a hidp deadlock hang up
> 	of the system fix from Peter Hurley. As the commit messages
> 	says it is a partial revert from a commit that adds kthread
> 	to hidp. And L2CAP incoming connection request fix that
> 	was breaking one test in the PTS suit, that is, breaking
> 	interop. Patch is based on code from Ilia Kolomisnky.  Also,
> 	a buffer overflow fix by Dan Rosenberg and finally Tomas
> 	Targownik fixed a memory leak on failed connections attempts
> 	that seems to be around since 2006!!
> 
> I also included a couple of device ID additions -- I hope that's OK.
> 
> Please let me know if there are problems!

Pulled, thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: orphan sockets
From: Daniel Baluta @ 2011-07-08 16:33 UTC (permalink / raw)
  To: David Miller; +Cc: denys, netdev
In-Reply-To: <20110708.093155.1103063166626789067.davem@davemloft.net>

On Fri, Jul 8, 2011 at 7:31 PM, David Miller <davem@davemloft.net> wrote:
> From: Daniel Baluta <daniel.baluta@gmail.com>
> Date: Fri, 8 Jul 2011 19:28:27 +0300
>
>> I can try to make a patch for this if you want.

thanks David.

Daniel.

^ permalink raw reply

* Re: orphan sockets
From: David Miller @ 2011-07-08 16:31 UTC (permalink / raw)
  To: daniel.baluta; +Cc: denys, netdev
In-Reply-To: <CAEnQRZDWZzCCeL3auoLJ=sK5V9yi_Zxs+HgtPoeLFRUV8b0m-Q@mail.gmail.com>

From: Daniel Baluta <daniel.baluta@gmail.com>
Date: Fri, 8 Jul 2011 19:28:27 +0300

> I can try to make a patch for this if you want.

No need, I'll take care of this, thanks:

--------------------
net: Fix default in docs for tcp_orphan_retries.

Default should be listed at 8 instead of 7.

Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 Documentation/networking/ip-sysctl.txt |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index d3d653a..bfe9242 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -346,7 +346,7 @@ tcp_orphan_retries - INTEGER
 	when RTO retransmissions remain unacknowledged.
 	See tcp_retries2 for more details.
 
-	The default value is 7.
+	The default value is 8.
 	If your machine is a loaded WEB server,
 	you should think about lowering this value, such sockets
 	may consume significant resources. Cf. tcp_max_orphans.
-- 
1.7.6


^ permalink raw reply related

* Re: orphan sockets
From: Daniel Baluta @ 2011-07-08 16:28 UTC (permalink / raw)
  To: Denys Fedoryshchenko; +Cc: netdev
In-Reply-To: <6fa7e62e85e1e2fd069aa9cbf307737a@visp.net.lb>

On Fri, Jul 8, 2011 at 6:13 PM, Denys Fedoryshchenko <denys@visp.net.lb> wrote:
> Hi
>
> Just after digging orphan sockets problem, that was causing "Address already
> in use" for bind(),i found that in documentation is mentioned:
>
> tcp_orphan_retries - INTEGER
>        This value influences the timeout of a locally closed TCP connection,
>        when RTO retransmissions remain unacknowledged.
>        See tcp_retries2 for more details.
>
>        The default value is 7.
>        If your machine is a loaded WEB server,
>        you should think about lowering this value, such sockets
>        may consume significant resources. Cf. tcp_max_orphans.

This should be 8. tcp(7) got it wright.

> But all servers i have, i notice that  tcp_orphan_retries = 0 by default, i
> check in code, and found that:
>        if (retries == 0 && alive)
>                retries = 8;
> is a bit confusing, that tcp_orphan_retries = 0, is in fact = 8, or to be
> more exact is 8 if socket has rto < RTO_MAX. But nothing like 7 mentioned in
> documentation, i guess it is wrong?. My english too bad to edit that, but
> maybe someone will take a look :-)

I guess 0 means, let the operating system to choose the default value for this.
Basically, what we should do here is replace 7 with 8 in
Documentation/networking/ip-sysctl.txt
I can try to make a patch for this if you want.

thanks,
Daniel.

^ permalink raw reply

* pull request: wireless-next-2.6 2011-07-08
From: John W. Linville @ 2011-07-08 16:28 UTC (permalink / raw)
  To: davem-fT/PcQaiUtIeIZ0/mPfg9Q
  Cc: linux-wireless-u79uwXL29TY76Z2rM5mHXA,
	netdev-u79uwXL29TY76Z2rM5mHXA

Dave,

Here is another batch of wireless updates intended for 3.1.  The most
interesting new thing here is the NFC subsystem.  There are also the
usual variety of driver updates, particular for iwlagn, rtlwifi, rt2x00,
and wl12xx.  Johannes continues to tend to mac80211 as well.

Please let me know if there are problems!

Thanks,

John

---

The following changes since commit 31817df025e24559a01d33ddd68bd11b21bf9d7b:

  packet: Fix build with INET disabled. (2011-07-07 08:18:04 -0700)

are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6.git for-davem

Aloisio Almeida Jr (3):
      NFC: add NFC socket family
      NFC: pn533: add NXP pn533 nfc device driver
      NFC: add Documentation/networking/nfc.txt

Amitkumar Karwar (1):
      mwifiex: modify SDIO aggregation Tx/Rx buffer size

Andrew Morton (1):
      drivers/net/wireless/rtlwifi/rtl8192de/phy.c: fix udelay() usage

Christian Lamparter (5):
      carl9170: import 1.9.4 firmware headers
      carl9170: enable IEEE80211_HW_NEED_DTIM_PERIOD
      carl9170: allow PSM if the 5 GHz band is selected
      mac80211: fix smatch complains
      carl9170: use carl9170 queue enums

Eliad Peller (12):
      wl12xx: add support for rx streaming
      wl12xx: add automatic rx streaming triggers
      wl12xx: add rx_streaming debugfs entry
      wl12xx: remove unused crc7 references
      wl12xx: fix erroneous commit (cb5ae0)
      wl12xx: don't check wow param on suspend/resume
      wl12xx: clear wl->wow_enabled on resume
      wl12xx: enable/disable beacon filtering on ap suspend/resume
      wl12xx_sdio: enable wowlan only if enable_irq_wake() succeeded
      wl12xx: check the vif's operstate after join
      wl12xx: use _ni version of ieee80211_tx_status
      wl12xx: use freezable workqueue for netstack_work

Emmanuel Grumbach (4):
      iwlagn: introduce transport layer and implement rx_init
      iwlagn: add rx_free to transport layer
      iwlagn: move the tx allocation funcs to the transport layer
      iwlagn: remove the indirection for the rx write pointer

Felipe Balbi (5):
      net: wl12xx: sdio: id_tables should be __devinitconst
      net: wl12xx: remove some unnecessary prints
      net: wl12xx: care for optional operations
      net: wl12xx: remove the nops
      net: wl12xx: remove unnecessary prints

Gertjan van Wingerde (6):
      rt2x00: Serialize TX operations on a queue.
      rt2x00: Don't use queue entry as parameter when creating TX descriptor.
      rt2x00: Reduce window of a queue's tx lock.
      rt2x00: Add device ID for RT539F device.
      rt2x00: Properly identify rt2800usb devices.
      rt2x00: Implement tx_frames_pending mac80211 callback function.

Ido Yariv (3):
      wl12xx: Check for FW quirks as soon as the FW boots
      wl12xx: Avoid recovery while one is already in progress
      wl12xx: Support routing FW logs to the host

Jean Delvare (1):
      ipw2100: Fix command list for debugging

Jesper Juhl (1):
      net, wireless: Don't return uninitialized in __cfg80211_stop_sched_scan()

Johannes Berg (5):
      iwlagn: verify mutex held for sync commands
      mac80211: allow driver to impose WoWLAN restrictions
      mac80211: allow driver to iterate keys
      cfg80211/nl80211: support GTK rekey offload
      mac80211: support GTK rekey offload

John W. Linville (2):
      Merge branch 'for-linville' of git://git.kernel.org/.../luca/wl12xx
      Merge branch 'master' of git://git.kernel.org/.../linville/wireless-next-2.6 into for-davem

Jon Mason (1):
      iwlwifi: remove unnecessary read of PCI_CAP_ID_EXP

Larry Finger (4):
      rtlwifi: rtl8192de: Remove irq_enabled boolean
      rtlwifi: rtl8192de: Remove comparison of boolean with true
      rtlwifi: rtl8192de: Replace loops calling udelay with single mdelay
      rtlwifi: rtl8192de: Fix error exit from hw_init

Lauro Ramos Venancio (3):
      NFC: add nfc subsystem core
      NFC: add nfc generic netlink interface
      NFC: add the NFC socket raw protocol

Luciano Coelho (1):
      wl12xx: split channel array per band in sched_scan

Michael Büsch (1):
      b43: Add RX side DMA memory barrier

Mike McCormack (1):
      rtlwifi: rtl8192{ce,cu,se} Remove irq_enabled

Ohad Ben-Cohen (1):
      wl12xx: don't bail if mmc isn't MMC_CAP_POWER_OFF_CARD

Rafał Miłecki (1):
      bcma: detect PCI core working in hostmode

Sergei Shtylyov (3):
      ssb: PCI revision ID register is 8-bit wide
      ssb: use pci_dev->revision
      ssb: use pci_dev->subsystem_{vendor,device}

Shahar Levi (2):
      wl12xx: Enable beacon early termination in 2.4GHz band only
      wl12xx: Add Support for Low Power DRPw (LPD) Mode

Wey-Yi Guy (6):
      iwlagn: re-define the testmode cmd and attr enum
      iwlagn: add correct firmware name for 135 series
      iwlagn: add module parameter to disable stuck queue watchdog timer
      iwlagn: scd memory boundary
      iwlagn: call bt_coex directlly
      iwlagn: remove hcmd ops

Yogesh Ashok Powar (1):
      mac80211: Skip tailroom reservation for full HW-crypto devices with race fix

 Documentation/networking/nfc.txt             |  128 ++
 drivers/Kconfig                              |    2 -
 drivers/Makefile                             |    1 +
 drivers/bcma/Kconfig                         |    6 +
 drivers/bcma/Makefile                        |    1 +
 drivers/bcma/bcma_private.h                  |    4 +
 drivers/bcma/driver_pci.c                    |   38 +-
 drivers/bcma/driver_pci_host.c               |   14 +
 drivers/net/wireless/ath/carl9170/carl9170.h |    3 +-
 drivers/net/wireless/ath/carl9170/fw.c       |    2 +-
 drivers/net/wireless/ath/carl9170/fwcmd.h    |   19 +-
 drivers/net/wireless/ath/carl9170/fwdesc.h   |   18 +-
 drivers/net/wireless/ath/carl9170/hw.h       |   15 +-
 drivers/net/wireless/ath/carl9170/main.c     |   11 +-
 drivers/net/wireless/ath/carl9170/phy.c      |    6 -
 drivers/net/wireless/ath/carl9170/version.h  |    6 +-
 drivers/net/wireless/ath/carl9170/wlan.h     |   25 +-
 drivers/net/wireless/b43/dma.c               |    1 +
 drivers/net/wireless/ipw2x00/ipw2100.c       |    2 +-
 drivers/net/wireless/iwlwifi/Makefile        |    1 +
 drivers/net/wireless/iwlwifi/iwl-1000.c      |    2 -
 drivers/net/wireless/iwlwifi/iwl-2000.c      |   21 +-
 drivers/net/wireless/iwlwifi/iwl-5000.c      |    4 -
 drivers/net/wireless/iwlwifi/iwl-6000.c      |    5 -
 drivers/net/wireless/iwlwifi/iwl-agn-hcmd.c  |   16 +-
 drivers/net/wireless/iwlwifi/iwl-agn-lib.c   |   88 +--
 drivers/net/wireless/iwlwifi/iwl-agn-rxon.c  |   19 +-
 drivers/net/wireless/iwlwifi/iwl-agn-tx.c    |   90 --
 drivers/net/wireless/iwlwifi/iwl-agn-ucode.c |    8 +-
 drivers/net/wireless/iwlwifi/iwl-agn.c       |   54 +-
 drivers/net/wireless/iwlwifi/iwl-agn.h       |    5 +-
 drivers/net/wireless/iwlwifi/iwl-core.c      |   22 +-
 drivers/net/wireless/iwlwifi/iwl-core.h      |   18 +-
 drivers/net/wireless/iwlwifi/iwl-dev.h       |   22 +-
 drivers/net/wireless/iwlwifi/iwl-hcmd.c      |   13 +-
 drivers/net/wireless/iwlwifi/iwl-pci.c       |    3 +-
 drivers/net/wireless/iwlwifi/iwl-prph.h      |   19 +-
 drivers/net/wireless/iwlwifi/iwl-rx.c        |   47 +-
 drivers/net/wireless/iwlwifi/iwl-testmode.h  |  236 +++--
 drivers/net/wireless/iwlwifi/iwl-trans.c     |  423 +++++++
 drivers/net/wireless/iwlwifi/iwl-trans.h     |   64 +
 drivers/net/wireless/iwlwifi/iwl-tx.c        |  139 +---
 drivers/net/wireless/mwifiex/sdio.h          |    4 +-
 drivers/net/wireless/rt2x00/rt2400pci.c      |    1 +
 drivers/net/wireless/rt2x00/rt2500pci.c      |    1 +
 drivers/net/wireless/rt2x00/rt2500usb.c      |    1 +
 drivers/net/wireless/rt2x00/rt2800pci.c      |    2 +
 drivers/net/wireless/rt2x00/rt2800usb.c      |    5 +-
 drivers/net/wireless/rt2x00/rt2x00.h         |    1 +
 drivers/net/wireless/rt2x00/rt2x00crypto.c   |    6 +-
 drivers/net/wireless/rt2x00/rt2x00lib.h      |    3 +-
 drivers/net/wireless/rt2x00/rt2x00mac.c      |   14 +
 drivers/net/wireless/rt2x00/rt2x00queue.c    |  108 +-
 drivers/net/wireless/rt2x00/rt2x00queue.h    |    2 +
 drivers/net/wireless/rt2x00/rt61pci.c        |    1 +
 drivers/net/wireless/rt2x00/rt73usb.c        |    1 +
 drivers/net/wireless/rtlwifi/pci.c           |    4 -
 drivers/net/wireless/rtlwifi/pci.h           |    1 -
 drivers/net/wireless/rtlwifi/rtl8192ce/hw.c  |    2 -
 drivers/net/wireless/rtlwifi/rtl8192cu/mac.c |    9 -
 drivers/net/wireless/rtlwifi/rtl8192de/hw.c  |   19 +-
 drivers/net/wireless/rtlwifi/rtl8192de/led.c |    2 +-
 drivers/net/wireless/rtlwifi/rtl8192de/phy.c |   30 +-
 drivers/net/wireless/rtlwifi/rtl8192de/rf.c  |   16 +-
 drivers/net/wireless/rtlwifi/rtl8192de/trx.c |    6 +-
 drivers/net/wireless/rtlwifi/rtl8192se/hw.c  |    3 -
 drivers/net/wireless/wl12xx/Kconfig          |    2 +-
 drivers/net/wireless/wl12xx/acx.c            |   49 +-
 drivers/net/wireless/wl12xx/acx.h            |   16 +
 drivers/net/wireless/wl12xx/boot.c           |   33 +
 drivers/net/wireless/wl12xx/cmd.c            |   94 ++-
 drivers/net/wireless/wl12xx/cmd.h            |   62 +
 drivers/net/wireless/wl12xx/conf.h           |   55 +
 drivers/net/wireless/wl12xx/debugfs.c        |  138 +++-
 drivers/net/wireless/wl12xx/event.c          |   36 +-
 drivers/net/wireless/wl12xx/ini.h            |    3 +
 drivers/net/wireless/wl12xx/init.c           |   19 +
 drivers/net/wireless/wl12xx/io.c             |    7 +-
 drivers/net/wireless/wl12xx/io.h             |   14 +
 drivers/net/wireless/wl12xx/main.c           |  590 ++++++++--
 drivers/net/wireless/wl12xx/ps.c             |   12 +-
 drivers/net/wireless/wl12xx/rx.c             |   39 +-
 drivers/net/wireless/wl12xx/rx.h             |   12 +
 drivers/net/wireless/wl12xx/scan.c           |   63 +-
 drivers/net/wireless/wl12xx/scan.h           |   17 +-
 drivers/net/wireless/wl12xx/sdio.c           |   71 +-
 drivers/net/wireless/wl12xx/spi.c            |   15 +-
 drivers/net/wireless/wl12xx/testmode.c       |    2 +-
 drivers/net/wireless/wl12xx/tx.c             |   33 +-
 drivers/net/wireless/wl12xx/wl12xx.h         |   38 +-
 drivers/nfc/Kconfig                          |   24 +-
 drivers/nfc/Makefile                         |    3 +
 drivers/nfc/pn533.c                          | 1632 ++++++++++++++++++++++++++
 drivers/ssb/pci.c                            |    9 +-
 include/linux/nfc.h                          |  126 ++
 include/linux/nl80211.h                      |   39 +
 include/linux/socket.h                       |    4 +-
 include/linux/ssb/ssb.h                      |    2 +-
 include/net/cfg80211.h                       |   26 +
 include/net/mac80211.h                       |   47 +
 include/net/nfc.h                            |  156 +++
 net/Kconfig                                  |    1 +
 net/Makefile                                 |    1 +
 net/core/sock.c                              |    6 +-
 net/mac80211/cfg.c                           |   16 +
 net/mac80211/driver-ops.h                    |   10 +
 net/mac80211/driver-trace.h                  |   49 +
 net/mac80211/ieee80211_i.h                   |    3 +
 net/mac80211/key.c                           |   96 ++-
 net/mac80211/mesh_pathtbl.c                  |    4 +-
 net/mac80211/mlme.c                          |    4 +-
 net/mac80211/pm.c                            |   16 +-
 net/mac80211/tx.c                            |   14 +-
 net/nfc/Kconfig                              |   16 +
 net/nfc/Makefile                             |    7 +
 net/nfc/af_nfc.c                             |   98 ++
 net/nfc/core.c                               |  468 ++++++++
 net/nfc/netlink.c                            |  537 +++++++++
 net/nfc/nfc.h                                |  117 ++
 net/nfc/rawsock.c                            |  354 ++++++
 net/wireless/mlme.c                          |   11 +
 net/wireless/nl80211.c                       |  113 ++
 net/wireless/nl80211.h                       |    4 +
 net/wireless/scan.c                          |    5 +-
 124 files changed, 6268 insertions(+), 1033 deletions(-)
 create mode 100644 Documentation/networking/nfc.txt
 create mode 100644 drivers/bcma/driver_pci_host.c
 create mode 100644 drivers/net/wireless/iwlwifi/iwl-trans.c
 create mode 100644 drivers/net/wireless/iwlwifi/iwl-trans.h
 create mode 100644 drivers/nfc/pn533.c
 create mode 100644 include/linux/nfc.h
 create mode 100644 include/net/nfc.h
 create mode 100644 net/nfc/Kconfig
 create mode 100644 net/nfc/Makefile
 create mode 100644 net/nfc/af_nfc.c
 create mode 100644 net/nfc/core.c
 create mode 100644 net/nfc/netlink.c
 create mode 100644 net/nfc/nfc.h
 create mode 100644 net/nfc/rawsock.c

Omnibus patch is available here:

	http://www.kernel.org/pub/linux/kernel/people/linville/wireless-next-2.6-2011-07-08.patch.bz2

-- 
John W. Linville		Someday the world will need a hero, and you
linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org			might be all we have.  Be ready.
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* pull request: wireless-2.6 2011-07-08
From: John W. Linville @ 2011-07-08 16:21 UTC (permalink / raw)
  To: davem; +Cc: linux-wireless, netdev, linux-kernel

Dave,

Here is a final(?) batch of wireless-related fixes intended for 3.0.
Included are a fix for a TKIP replay vulnerability from Johannes, a
locking fix related to rfkill and a memory corruption fix from Luca,
an SSB initialization fix from Rafał, an ath9k performance regression
fix from Rajkumar, and some fixes from Pavel for sysfs bad pointer
accesses in ath5k.

Also included are some Bluetooth fixes.  Gustavo described them thusly:

	There are here two regression fixes, a hidp deadlock hang up
	of the system fix from Peter Hurley. As the commit messages
	says it is a partial revert from a commit that adds kthread
	to hidp. And L2CAP incoming connection request fix that
	was breaking one test in the PTS suit, that is, breaking
	interop. Patch is based on code from Ilia Kolomisnky.  Also,
	a buffer overflow fix by Dan Rosenberg and finally Tomas
	Targownik fixed a memory leak on failed connections attempts
	that seems to be around since 2006!!

I also included a couple of device ID additions -- I hope that's OK.

Please let me know if there are problems!

John

---

The following changes since commit f8d9605243280f1870dd2c6c37a735b925c15f3c:

  sctp: Enforce retransmission limit during shutdown (2011-07-07 14:08:44 -0700)

are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6.git for-davem

Christian Lamparter (1):
      carl9170: add NEC WL300NU-AG usbid

Dan Rosenberg (1):
      Bluetooth: Prevent buffer overflow in l2cap config request

Gustavo F. Padovan (1):
      Bluetooth: Fix regression with incoming L2CAP connections

Johannes Berg (1):
      mac80211: fix TKIP replay vulnerability

John W. Linville (2):
      Merge branch 'master' of master.kernel.org:/.../padovan/bluetooth-2.6
      Merge branch 'master' of git://git.kernel.org/.../linville/wireless-2.6 into for-davem

Luciano Coelho (2):
      cfg80211: fix deadlock with rfkill/sched_scan by adding new mutex
      mac80211: fix ie memory allocation for scheduled scans

Pavel Roskin (2):
      ath5k: fix incorrect use of drvdata in sysfs code
      ath5k: fix incorrect use of drvdata in PCI suspend/resume code

Peter Hurley (1):
      Bluetooth: Fix hidp disconnect deadlocks and lost wakeup

Rafał Miłecki (1):
      ssb: fix init regression of hostmode PCI core

Rajkumar Manoharan (1):
      ath9k: Fix tx throughput drops for AR9003 chips with AES encryption

Tomas Targownik (1):
      Bluetooth: Fix memory leak under page timeouts

Yoann DI-RUZZA (1):
      rtlwifi: rtl8192cu: Add new USB ID for Netgear WNA1000M

 drivers/net/wireless/ath/ath5k/pci.c        |    7 +++++--
 drivers/net/wireless/ath/ath5k/sysfs.c      |    9 ++++++---
 drivers/net/wireless/ath/ath9k/xmit.c       |    3 ++-
 drivers/net/wireless/ath/carl9170/usb.c     |    2 ++
 drivers/net/wireless/rtlwifi/rtl8192cu/sw.c |    1 +
 drivers/ssb/driver_pcicore.c                |   18 +++++++++---------
 net/bluetooth/hci_conn.c                    |    3 +++
 net/bluetooth/hidp/core.c                   |   18 +++++++++++-------
 net/bluetooth/hidp/hidp.h                   |    1 +
 net/bluetooth/l2cap_core.c                  |    5 +++--
 net/mac80211/scan.c                         |    3 ++-
 net/mac80211/wpa.c                          |   16 +++++++++++++---
 net/wireless/core.c                         |   12 +++++++++---
 net/wireless/core.h                         |    2 ++
 net/wireless/nl80211.c                      |   24 ++++++++++++++++++------
 net/wireless/scan.c                         |   10 +++++-----
 16 files changed, 92 insertions(+), 42 deletions(-)

diff --git a/drivers/net/wireless/ath/ath5k/pci.c b/drivers/net/wireless/ath/ath5k/pci.c
index 296c316..f2c0c23 100644
--- a/drivers/net/wireless/ath/ath5k/pci.c
+++ b/drivers/net/wireless/ath/ath5k/pci.c
@@ -297,7 +297,9 @@ ath5k_pci_remove(struct pci_dev *pdev)
 #ifdef CONFIG_PM_SLEEP
 static int ath5k_pci_suspend(struct device *dev)
 {
-	struct ath5k_softc *sc = pci_get_drvdata(to_pci_dev(dev));
+	struct pci_dev *pdev = to_pci_dev(dev);
+	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
+	struct ath5k_softc *sc = hw->priv;
 
 	ath5k_led_off(sc);
 	return 0;
@@ -306,7 +308,8 @@ static int ath5k_pci_suspend(struct device *dev)
 static int ath5k_pci_resume(struct device *dev)
 {
 	struct pci_dev *pdev = to_pci_dev(dev);
-	struct ath5k_softc *sc = pci_get_drvdata(pdev);
+	struct ieee80211_hw *hw = pci_get_drvdata(pdev);
+	struct ath5k_softc *sc = hw->priv;
 
 	/*
 	 * Suspend/Resume resets the PCI configuration space, so we have to
diff --git a/drivers/net/wireless/ath/ath5k/sysfs.c b/drivers/net/wireless/ath/ath5k/sysfs.c
index 929c68c..a073cdc 100644
--- a/drivers/net/wireless/ath/ath5k/sysfs.c
+++ b/drivers/net/wireless/ath/ath5k/sysfs.c
@@ -10,7 +10,8 @@ static ssize_t ath5k_attr_show_##name(struct device *dev,		\
 			struct device_attribute *attr,			\
 			char *buf)					\
 {									\
-	struct ath5k_softc *sc = dev_get_drvdata(dev);			\
+	struct ieee80211_hw *hw = dev_get_drvdata(dev);			\
+	struct ath5k_softc *sc = hw->priv;				\
 	return snprintf(buf, PAGE_SIZE, "%d\n", get); 			\
 }									\
 									\
@@ -18,7 +19,8 @@ static ssize_t ath5k_attr_store_##name(struct device *dev,		\
 			struct device_attribute *attr,			\
 			const char *buf, size_t count)			\
 {									\
-	struct ath5k_softc *sc = dev_get_drvdata(dev);			\
+	struct ieee80211_hw *hw = dev_get_drvdata(dev);			\
+	struct ath5k_softc *sc = hw->priv;				\
 	int val;							\
 									\
 	val = (int)simple_strtoul(buf, NULL, 10);			\
@@ -33,7 +35,8 @@ static ssize_t ath5k_attr_show_##name(struct device *dev,		\
 			struct device_attribute *attr,			\
 			char *buf)					\
 {									\
-	struct ath5k_softc *sc = dev_get_drvdata(dev);			\
+	struct ieee80211_hw *hw = dev_get_drvdata(dev);			\
+	struct ath5k_softc *sc = hw->priv;				\
 	return snprintf(buf, PAGE_SIZE, "%d\n", get); 			\
 }									\
 static DEVICE_ATTR(name, S_IRUGO, ath5k_attr_show_##name, NULL)
diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
index 3779b89..33443bc 100644
--- a/drivers/net/wireless/ath/ath9k/xmit.c
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
@@ -671,7 +671,8 @@ static int ath_compute_num_delims(struct ath_softc *sc, struct ath_atx_tid *tid,
 	 * TODO - this could be improved to be dependent on the rate.
 	 *      The hardware can keep up at lower rates, but not higher rates
 	 */
-	if (fi->keyix != ATH9K_TXKEYIX_INVALID)
+	if ((fi->keyix != ATH9K_TXKEYIX_INVALID) &&
+	    !(sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA))
 		ndelim += ATH_AGGR_ENCRYPTDELIM;
 
 	/*
diff --git a/drivers/net/wireless/ath/carl9170/usb.c b/drivers/net/wireless/ath/carl9170/usb.c
index 2fb53d0..333b69e 100644
--- a/drivers/net/wireless/ath/carl9170/usb.c
+++ b/drivers/net/wireless/ath/carl9170/usb.c
@@ -112,6 +112,8 @@ static struct usb_device_id carl9170_usb_ids[] = {
 	{ USB_DEVICE(0x04bb, 0x093f) },
 	/* NEC WL300NU-G */
 	{ USB_DEVICE(0x0409, 0x0249) },
+	/* NEC WL300NU-AG */
+	{ USB_DEVICE(0x0409, 0x02b4) },
 	/* AVM FRITZ!WLAN USB Stick N */
 	{ USB_DEVICE(0x057c, 0x8401) },
 	/* AVM FRITZ!WLAN USB Stick N 2.4 */
diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
index 092e342..942f7a3 100644
--- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c
@@ -298,6 +298,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = {
 	{RTL_USB_DEVICE(0x06f8, 0xe033, rtl92cu_hal_cfg)}, /*Hercules - Edimax*/
 	{RTL_USB_DEVICE(0x07b8, 0x8188, rtl92cu_hal_cfg)}, /*Abocom - Abocom*/
 	{RTL_USB_DEVICE(0x07b8, 0x8189, rtl92cu_hal_cfg)}, /*Funai - Abocom*/
+	{RTL_USB_DEVICE(0x0846, 0x9041, rtl92cu_hal_cfg)}, /*NetGear WNA1000M*/
 	{RTL_USB_DEVICE(0x0Df6, 0x0052, rtl92cu_hal_cfg)}, /*Sitecom - Edimax*/
 	{RTL_USB_DEVICE(0x0eb0, 0x9071, rtl92cu_hal_cfg)}, /*NO Brand - Etop*/
 	/* HP - Lite-On ,8188CUS Slim Combo */
diff --git a/drivers/ssb/driver_pcicore.c b/drivers/ssb/driver_pcicore.c
index 2a20dab..d6620ad 100644
--- a/drivers/ssb/driver_pcicore.c
+++ b/drivers/ssb/driver_pcicore.c
@@ -516,8 +516,17 @@ static void ssb_pcicore_pcie_setup_workarounds(struct ssb_pcicore *pc)
 
 static void ssb_pcicore_init_clientmode(struct ssb_pcicore *pc)
 {
+	ssb_pcicore_fix_sprom_core_index(pc);
+
 	/* Disable PCI interrupts. */
 	ssb_write32(pc->dev, SSB_INTVEC, 0);
+
+	/* Additional PCIe always once-executed workarounds */
+	if (pc->dev->id.coreid == SSB_DEV_PCIE) {
+		ssb_pcicore_serdes_workaround(pc);
+		/* TODO: ASPM */
+		/* TODO: Clock Request Update */
+	}
 }
 
 void ssb_pcicore_init(struct ssb_pcicore *pc)
@@ -529,8 +538,6 @@ void ssb_pcicore_init(struct ssb_pcicore *pc)
 	if (!ssb_device_is_enabled(dev))
 		ssb_device_enable(dev, 0);
 
-	ssb_pcicore_fix_sprom_core_index(pc);
-
 #ifdef CONFIG_SSB_PCICORE_HOSTMODE
 	pc->hostmode = pcicore_is_in_hostmode(pc);
 	if (pc->hostmode)
@@ -538,13 +545,6 @@ void ssb_pcicore_init(struct ssb_pcicore *pc)
 #endif /* CONFIG_SSB_PCICORE_HOSTMODE */
 	if (!pc->hostmode)
 		ssb_pcicore_init_clientmode(pc);
-
-	/* Additional PCIe always once-executed workarounds */
-	if (dev->id.coreid == SSB_DEV_PCIE) {
-		ssb_pcicore_serdes_workaround(pc);
-		/* TODO: ASPM */
-		/* TODO: Clock Request Update */
-	}
 }
 
 static u32 ssb_pcie_read(struct ssb_pcicore *pc, u32 address)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index d3a05b9..bcd158f 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -393,6 +393,9 @@ int hci_conn_del(struct hci_conn *conn)
 
 	hci_dev_put(hdev);
 
+	if (conn->handle == 0)
+		kfree(conn);
+
 	return 0;
 }
 
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index c405a95..43b4c2d 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -464,7 +464,8 @@ static void hidp_idle_timeout(unsigned long arg)
 {
 	struct hidp_session *session = (struct hidp_session *) arg;
 
-	kthread_stop(session->task);
+	atomic_inc(&session->terminate);
+	wake_up_process(session->task);
 }
 
 static void hidp_set_timer(struct hidp_session *session)
@@ -535,7 +536,8 @@ static void hidp_process_hid_control(struct hidp_session *session,
 		skb_queue_purge(&session->ctrl_transmit);
 		skb_queue_purge(&session->intr_transmit);
 
-		kthread_stop(session->task);
+		atomic_inc(&session->terminate);
+		wake_up_process(current);
 	}
 }
 
@@ -706,9 +708,8 @@ static int hidp_session(void *arg)
 	add_wait_queue(sk_sleep(intr_sk), &intr_wait);
 	session->waiting_for_startup = 0;
 	wake_up_interruptible(&session->startup_queue);
-	while (!kthread_should_stop()) {
-		set_current_state(TASK_INTERRUPTIBLE);
-
+	set_current_state(TASK_INTERRUPTIBLE);
+	while (!atomic_read(&session->terminate)) {
 		if (ctrl_sk->sk_state != BT_CONNECTED ||
 				intr_sk->sk_state != BT_CONNECTED)
 			break;
@@ -726,6 +727,7 @@ static int hidp_session(void *arg)
 		hidp_process_transmit(session);
 
 		schedule();
+		set_current_state(TASK_INTERRUPTIBLE);
 	}
 	set_current_state(TASK_RUNNING);
 	remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
@@ -1060,7 +1062,8 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
 err_add_device:
 	hid_destroy_device(session->hid);
 	session->hid = NULL;
-	kthread_stop(session->task);
+	atomic_inc(&session->terminate);
+	wake_up_process(session->task);
 
 unlink:
 	hidp_del_timer(session);
@@ -1111,7 +1114,8 @@ int hidp_del_connection(struct hidp_conndel_req *req)
 			skb_queue_purge(&session->ctrl_transmit);
 			skb_queue_purge(&session->intr_transmit);
 
-			kthread_stop(session->task);
+			atomic_inc(&session->terminate);
+			wake_up_process(session->task);
 		}
 	} else
 		err = -ENOENT;
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index 19e9500..af1bcc8 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -142,6 +142,7 @@ struct hidp_session {
 	uint ctrl_mtu;
 	uint intr_mtu;
 
+	atomic_t terminate;
 	struct task_struct *task;
 
 	unsigned char keys[8];
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 56fdd91..ebff14c 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -2323,7 +2323,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
 
 	sk = chan->sk;
 
-	if (sk->sk_state != BT_CONFIG) {
+	if ((bt_sk(sk)->defer_setup && sk->sk_state != BT_CONNECT2) ||
+		 (!bt_sk(sk)->defer_setup && sk->sk_state != BT_CONFIG)) {
 		struct l2cap_cmd_rej rej;
 
 		rej.reason = cpu_to_le16(0x0002);
@@ -2334,7 +2335,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
 
 	/* Reject if config buffer is too small. */
 	len = cmd_len - sizeof(*req);
-	if (chan->conf_len + len > sizeof(chan->conf_req)) {
+	if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
 		l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
 				l2cap_build_conf_rsp(chan, rsp,
 					L2CAP_CONF_REJECT, flags), rsp);
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 58ffa7d..669d2e3 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -877,7 +877,8 @@ int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 		local->sched_scan_ies.ie[i] = kzalloc(2 +
 						      IEEE80211_MAX_SSID_LEN +
-						      local->scan_ies_len,
+						      local->scan_ies_len +
+						      req->ie_len,
 						      GFP_KERNEL);
 		if (!local->sched_scan_ies.ie[i]) {
 			ret = -ENOMEM;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index d91c1a2..8f6a302 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -86,6 +86,11 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
 	struct sk_buff *skb = rx->skb;
 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+	int queue = rx->queue;
+
+	/* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */
+	if (rx->queue == NUM_RX_DATA_QUEUES - 1)
+		queue = 0;
 
 	/*
 	 * it makes no sense to check for MIC errors on anything other
@@ -148,8 +153,8 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
 
 update_iv:
 	/* update IV in key information to be able to detect replays */
-	rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32;
-	rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16;
+	rx->key->u.tkip.rx[queue].iv32 = rx->tkip_iv32;
+	rx->key->u.tkip.rx[queue].iv16 = rx->tkip_iv16;
 
 	return RX_CONTINUE;
 
@@ -241,6 +246,11 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
 	struct ieee80211_key *key = rx->key;
 	struct sk_buff *skb = rx->skb;
 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
+	int queue = rx->queue;
+
+	/* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */
+	if (rx->queue == NUM_RX_DATA_QUEUES - 1)
+		queue = 0;
 
 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
 
@@ -261,7 +271,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
 	res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
 					  key, skb->data + hdrlen,
 					  skb->len - hdrlen, rx->sta->sta.addr,
-					  hdr->addr1, hwaccel, rx->queue,
+					  hdr->addr1, hwaccel, queue,
 					  &rx->tkip_iv32,
 					  &rx->tkip_iv16);
 	if (res != TKIP_DECRYPT_OK)
diff --git a/net/wireless/core.c b/net/wireless/core.c
index c22ef34..880dbe2 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -366,6 +366,7 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
 
 	mutex_init(&rdev->mtx);
 	mutex_init(&rdev->devlist_mtx);
+	mutex_init(&rdev->sched_scan_mtx);
 	INIT_LIST_HEAD(&rdev->netdev_list);
 	spin_lock_init(&rdev->bss_lock);
 	INIT_LIST_HEAD(&rdev->bss_list);
@@ -701,6 +702,7 @@ void cfg80211_dev_free(struct cfg80211_registered_device *rdev)
 	rfkill_destroy(rdev->rfkill);
 	mutex_destroy(&rdev->mtx);
 	mutex_destroy(&rdev->devlist_mtx);
+	mutex_destroy(&rdev->sched_scan_mtx);
 	list_for_each_entry_safe(scan, tmp, &rdev->bss_list, list)
 		cfg80211_put_bss(&scan->pub);
 	cfg80211_rdev_free_wowlan(rdev);
@@ -737,12 +739,16 @@ static void wdev_cleanup_work(struct work_struct *work)
 		___cfg80211_scan_done(rdev, true);
 	}
 
+	cfg80211_unlock_rdev(rdev);
+
+	mutex_lock(&rdev->sched_scan_mtx);
+
 	if (WARN_ON(rdev->sched_scan_req &&
 		    rdev->sched_scan_req->dev == wdev->netdev)) {
 		__cfg80211_stop_sched_scan(rdev, false);
 	}
 
-	cfg80211_unlock_rdev(rdev);
+	mutex_unlock(&rdev->sched_scan_mtx);
 
 	mutex_lock(&rdev->devlist_mtx);
 	rdev->opencount--;
@@ -830,9 +836,9 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
 			break;
 		case NL80211_IFTYPE_P2P_CLIENT:
 		case NL80211_IFTYPE_STATION:
-			cfg80211_lock_rdev(rdev);
+			mutex_lock(&rdev->sched_scan_mtx);
 			__cfg80211_stop_sched_scan(rdev, false);
-			cfg80211_unlock_rdev(rdev);
+			mutex_unlock(&rdev->sched_scan_mtx);
 
 			wdev_lock(wdev);
 #ifdef CONFIG_CFG80211_WEXT
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 3dce1f1..a570ff9 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -65,6 +65,8 @@ struct cfg80211_registered_device {
 	struct work_struct scan_done_wk;
 	struct work_struct sched_scan_results_wk;
 
+	struct mutex sched_scan_mtx;
+
 #ifdef CONFIG_NL80211_TESTMODE
 	struct genl_info *testmode_info;
 #endif
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index f07602d..cea3381 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3461,9 +3461,6 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
 		return -EINVAL;
 
-	if (rdev->sched_scan_req)
-		return -EINPROGRESS;
-
 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
 		return -EINVAL;
 
@@ -3502,12 +3499,21 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
 	if (ie_len > wiphy->max_scan_ie_len)
 		return -EINVAL;
 
+	mutex_lock(&rdev->sched_scan_mtx);
+
+	if (rdev->sched_scan_req) {
+		err = -EINPROGRESS;
+		goto out;
+	}
+
 	request = kzalloc(sizeof(*request)
 			+ sizeof(*request->ssids) * n_ssids
 			+ sizeof(*request->channels) * n_channels
 			+ ie_len, GFP_KERNEL);
-	if (!request)
-		return -ENOMEM;
+	if (!request) {
+		err = -ENOMEM;
+		goto out;
+	}
 
 	if (n_ssids)
 		request->ssids = (void *)&request->channels[n_channels];
@@ -3605,6 +3611,7 @@ static int nl80211_start_sched_scan(struct sk_buff *skb,
 out_free:
 	kfree(request);
 out:
+	mutex_unlock(&rdev->sched_scan_mtx);
 	return err;
 }
 
@@ -3612,12 +3619,17 @@ static int nl80211_stop_sched_scan(struct sk_buff *skb,
 				   struct genl_info *info)
 {
 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
+	int err;
 
 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
 	    !rdev->ops->sched_scan_stop)
 		return -EOPNOTSUPP;
 
-	return __cfg80211_stop_sched_scan(rdev, false);
+	mutex_lock(&rdev->sched_scan_mtx);
+	err = __cfg80211_stop_sched_scan(rdev, false);
+	mutex_unlock(&rdev->sched_scan_mtx);
+
+	return err;
 }
 
 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 7a6c676..ae0c225 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -100,14 +100,14 @@ void __cfg80211_sched_scan_results(struct work_struct *wk)
 	rdev = container_of(wk, struct cfg80211_registered_device,
 			    sched_scan_results_wk);
 
-	cfg80211_lock_rdev(rdev);
+	mutex_lock(&rdev->sched_scan_mtx);
 
 	/* we don't have sched_scan_req anymore if the scan is stopping */
 	if (rdev->sched_scan_req)
 		nl80211_send_sched_scan_results(rdev,
 						rdev->sched_scan_req->dev);
 
-	cfg80211_unlock_rdev(rdev);
+	mutex_unlock(&rdev->sched_scan_mtx);
 }
 
 void cfg80211_sched_scan_results(struct wiphy *wiphy)
@@ -123,9 +123,9 @@ void cfg80211_sched_scan_stopped(struct wiphy *wiphy)
 {
 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
 
-	cfg80211_lock_rdev(rdev);
+	mutex_lock(&rdev->sched_scan_mtx);
 	__cfg80211_stop_sched_scan(rdev, true);
-	cfg80211_unlock_rdev(rdev);
+	mutex_unlock(&rdev->sched_scan_mtx);
 }
 EXPORT_SYMBOL(cfg80211_sched_scan_stopped);
 
@@ -135,7 +135,7 @@ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev,
 	int err;
 	struct net_device *dev;
 
-	ASSERT_RDEV_LOCK(rdev);
+	lockdep_assert_held(&rdev->sched_scan_mtx);
 
 	if (!rdev->sched_scan_req)
 		return 0;
-- 
John W. Linville		Someday the world will need a hero, and you
linville@tuxdriver.com			might be all we have.  Be ready.

^ permalink raw reply related

* Re: [PATCH] e1000: always call e1000_check_for_link() on e1000_ce4100 MACs.
From: Jeff Kirsher @ 2011-07-08 16:21 UTC (permalink / raw)
  To: nschichan@freebox.fr
  Cc: Brandewie, Dirk J, netdev@vger.kernel.org, Florian Fainelli,
	stable@kernel.org
In-Reply-To: <1310044617-22978-1-git-send-email-nschichan@freebox.fr>

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

On Thu, 2011-07-07 at 06:16 -0700, nschichan@freebox.fr wrote:
> From: Nicolas Schichan <nschichan@freebox.fr>
> 
> Interrupts about link lost or rx sequence errors are not reported by
> the ce4100 hardware, leading to transitions from link UP to link DOWN
> never being reported.
> 
> Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
> ---
>  drivers/net/e1000/e1000_main.c |   11 +++++++----
>  1 files changed, 7 insertions(+), 4 deletions(-) 

Thank you for the patch.  I have added the patch to my queue.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

^ permalink raw reply

* Re: [PATCH] bna: use netdev_alloc_skb_ip_align()
From: David Miller @ 2011-07-08 16:09 UTC (permalink / raw)
  To: eric.dumazet; +Cc: netdev, rmody, ddutt
In-Reply-To: <1310138970.2333.11.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri, 08 Jul 2011 17:29:30 +0200

> Some workloads need some headroom (NET_SKB_PAD) to avoid expensive
> reallocations.
> 
> Using netdev_alloc_skb_ip_align() instead of bare skb_alloc() brings the
> NET_IP_ALIGN and the NET_SKB_PAD headroom.
> 
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

Applied, thanks Eric.

^ permalink raw reply

* Re: [PATCH] hso: fix a use after free condition
From: David Miller @ 2011-07-08 16:08 UTC (permalink / raw)
  To: greg-U8xfFu+wG4EAvxtiuMwx3w
  Cc: alan-qBU/x9rampVanCEyBjwyrvXRex20P6io,
	netdev-u79uwXL29TY76Z2rM5mHXA, j.dumon-x9gZzRpC1QbQT0dZR+AlfA,
	linux-usb-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <20110708134525.GA5069-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>

From: Greg KH <greg-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
Date: Fri, 8 Jul 2011 06:45:25 -0700

> This needs to go to netdev:
> 
> From: Octavian Purdila <octavian.purdila-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> 
> In hso_free_net_device hso_net pointer is freed and then used to
> cleanup urb pools. Catched with SLAB_DEBUG during S3 resume:
 ...
> Signed-off-by: Octavian Purdila <octavian.purdila-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> Signed-off-by: Alan Cox <alan-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [PATCH] net/natsemi: Fix module parameter permissions
From: David Miller @ 2011-07-08 16:05 UTC (permalink / raw)
  To: jdelvare; +Cc: netdev, thockin, broonie
In-Reply-To: <201107081101.28812.jdelvare@suse.de>

From: Jean Delvare <jdelvare@suse.de>
Date: Fri, 8 Jul 2011 11:01:28 +0200

> The third parameter of module_param is supposed to represent sysfs
> file permissions. A value of "1" leads to the following:
> 
> $ ls -l /sys/module/natsemi/parameters/
> total 0
> ---------x 1 root root 4096 Jul  8 09:46 dspcfg_workaround
> 
> I am changing it to "0" to align with the other module parameters in
> this driver.
> 
> Signed-off-by: Jean Delvare <jdelvare@suse.de>

Applied, thanks.

^ permalink raw reply

* Re: [PATCH] drivers/net: Omit check for multicast bit in netdev_for_each_mc_addr
From: David Miller @ 2011-07-08 16:03 UTC (permalink / raw)
  To: tklauser; +Cc: joe, netdev, perex
In-Reply-To: <20110708084218.GK8334@distanz.ch>

From: Tobias Klauser <tklauser@distanz.ch>
Date: Fri, 8 Jul 2011 10:42:18 +0200

> On 2011-07-08 at 10:35:09 +0200, Joe Perches <joe@perches.com> wrote:
>> On Fri, 2011-07-08 at 10:06 +0200, Tobias Klauser wrote:
>> > There is no need to check for the address being a multicast address in
>> > the netdev_for_each_mc_addr loop, so remove it.
>> > 
>> > There is no need to check for the address being a multicast address in
>> > the netdev_for_each_mc_addr loop, so remove it.
>> 
>> Thanks Tobias.
>> 
>> The commit message is a bit redundant, but this looks
>> good to me.
> 
> Oops, sorry. The first part should've gone away.
> 
> David, I can resend it with an adjusted commit message if you want, so
> you don't need to edit it.

I fixed it up when I applied this patch, thanks.

^ permalink raw reply

* Re: [patch] dcbnl: unlock on an error path in dcbnl_cee_fill()
From: David Miller @ 2011-07-08 16:02 UTC (permalink / raw)
  To: error27; +Cc: shmulikr, john.r.fastabend, netdev, kernel-janitors
In-Reply-To: <20110708072724.GW18655@shale.localdomain>

From: Dan Carpenter <error27@gmail.com>
Date: Fri, 8 Jul 2011 10:27:24 +0300

> We need to release "dcb_lock" which we took on the previous line.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Applied, thanks!

^ permalink raw reply

* Re: [PATCH] XFRM: Fix memory leak in xfrm_state_update
From: David Miller @ 2011-07-08 15:59 UTC (permalink / raw)
  To: herbert; +Cc: tgohad, netdev, tusharsg
In-Reply-To: <20110708030032.GA25702@gondor.apana.org.au>

From: Herbert Xu <herbert@gondor.hengli.com.au>
Date: Fri, 8 Jul 2011 11:00:32 +0800

> On Thu, Jul 07, 2011 at 06:38:52PM -0700, Tushar Gohad wrote:
>>
>> Upon "ip xfrm state update ..", xfrm_add_sa() takes an extra reference on 
>> the user-supplied SA and forgets to drop the reference when  
>> xfrm_state_update() returns 0.  This leads to a memory leak as the  
>> parameter SA is never freed.  This change attempts to fix the leak by  
>> calling __xfrm_state_put() when xfrm_state_update() updates a valid SA  
>> (err = 0).  The parameter SA is added to the gc list when the final  
>> reference is dropped by xfrm_add_sa() upon completion.
>>
>> Signed-off-by: Tushar Gohad <tgohad@mvista.com>
> 
> Ouch, thanks for catching this bug!
> 
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Applied, thanks.

^ permalink raw reply

* Re: [PATCH net-next 1/5] sky2: force receive checksum when using RSS on some hardware (v2)
From: David Miller @ 2011-07-08 15:54 UTC (permalink / raw)
  To: shemminger; +Cc: mirqus, netdev
In-Reply-To: <20110707164000.6f3f58f4@nehalam.ftrdhcpuser.net>

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Thu, 7 Jul 2011 16:40:00 -0700

> Found when reviewing the vendor driver. Apparently some chip versions
> require receive checksumming to be enabled in order for RSS to work.
> 
> Also, if fix_features has to change some settings; put in message
> in log in similar manner to netdev_fix_features.
> 
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
> 
> ---
> v2 - enforce the requirement in fix_features rather than set features

All 5 patches applied, I changed this patch #1 to use netdev_info()
as per the discussion.

^ permalink raw reply

* Re: pull request: batman-adv 2011-07-08
From: David Miller @ 2011-07-08 15:46 UTC (permalink / raw)
  To: lindner_marek-LWAfsSFWpa4
  Cc: netdev-u79uwXL29TY76Z2rM5mHXA,
	b.a.t.m.a.n-ZwoEplunGu2X36UT3dwllkB+6BGkLq7r
In-Reply-To: <201107080039.05143.lindner_marek-LWAfsSFWpa4@public.gmane.org>

From: Marek Lindner <lindner_marek-LWAfsSFWpa4@public.gmane.org>
Date: Fri, 8 Jul 2011 00:39:04 +0200

> The following changes since commit 44c4349a2a117b22a5c4087f2ac9faf10c575e17:
> 
>   batman-adv: Replace version info instead of appending them (2011-07-05 14:48:56 +0200)
> 
> are available in the git repository at:
>   git://git.open-mesh.org/linux-merge.git batman-adv/next
> 
> Antonio Quartulli (4):
>       batman-adv: initialise last_ttvn and tt_crc for the orig_node structure
>       batman-adv: keep local table consistency for further TT_RESPONSE
>       batman-adv: keep global table consistency in case of roaming
>       batman-adv: request the full table if tt_crc doesn't match

Pulled.

You may want to make the tt_response_fill_table() callback return
'bool' if it's just returning what amounts to true/false values.

^ permalink raw reply

* Re: [PATCH net-next 1/5] sky2: force receive checksum when using RSS on some hardware (v2)
From: Stephen Hemminger @ 2011-07-08 15:32 UTC (permalink / raw)
  To: Michał Mirosław; +Cc: David S. Miller, netdev
In-Reply-To: <CAHXqBF+XfArvVDXQ+JBGQ1hEne=w7u6eFTf=SQciLr48BD7h8w@mail.gmail.com>

On Fri, 8 Jul 2011 10:45:33 +0200
Michał Mirosław <mirqus@gmail.com> wrote:

> 2011/7/8 Stephen Hemminger <shemminger@vyatta.com>:
> > Found when reviewing the vendor driver. Apparently some chip versions
> > require receive checksumming to be enabled in order for RSS to work.
> >
> > Also, if fix_features has to change some settings; put in message
> > in log in similar manner to netdev_fix_features.
> >
> > Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
> >
> > ---
> > v2 - enforce the requirement in fix_features rather than set features
> >
> > --- a/drivers/net/sky2.c        2011-07-07 13:56:03.575420273 -0700
> > +++ b/drivers/net/sky2.c        2011-07-07 14:03:17.775403938 -0700
> [...]
> > @@ -4176,8 +4180,18 @@ static u32 sky2_fix_features(struct net_
> >        /* In order to do Jumbo packets on these chips, need to turn off the
> >         * transmit store/forward. Therefore checksum offload won't work.
> >         */
> > -       if (dev->mtu > ETH_DATA_LEN && hw->chip_id == CHIP_ID_YUKON_EC_U)
> > +       if (dev->mtu > ETH_DATA_LEN && hw->chip_id == CHIP_ID_YUKON_EC_U) {
> > +               netdev_warn(dev, "checksum offload not possible with jumbo frames\n");
> >                features &= ~(NETIF_F_TSO|NETIF_F_SG|NETIF_F_ALL_CSUM);
> > +       }
> > +
> > +       /* Some hardware requires receive checksum for RSS to work. */
> > +       if ( (features & NETIF_F_RXHASH) &&
> > +            !(features & NETIF_F_RXCSUM) &&
> > +            (sky2->hw->flags & SKY2_HW_RSS_CHKSUM)) {
> > +               netdev_warn(dev, "receive hashing forces receive checksum\n");
> > +               features |= NETIF_F_RXCSUM;
> > +       }
> >
> >        return features;
> >  }
> 
> I suggest using netdev_dbg() instead of netdev_warn() so it won't spam
> dmesg on every features update.

I was just copying existing policy in netdev_fix_features.
netdev_dbg() is useless because most user turn off debug messages.
Maybe notice or info is more appropriate level here.


^ permalink raw reply

* [PATCH] bna: use netdev_alloc_skb_ip_align()
From: Eric Dumazet @ 2011-07-08 15:29 UTC (permalink / raw)
  To: David Miller; +Cc: netdev, Rasesh Mody, Debashis Dutt

Some workloads need some headroom (NET_SKB_PAD) to avoid expensive
reallocations.

Using netdev_alloc_skb_ip_align() instead of bare skb_alloc() brings the
NET_IP_ALIGN and the NET_SKB_PAD headroom.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Rasesh Mody <rmody@brocade.com>
CC: Debashis Dutt <ddutt@brocade.com>
---
 drivers/net/bna/bnad.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/net/bna/bnad.c b/drivers/net/bna/bnad.c
index 44e219c..795b93b 100644
--- a/drivers/net/bna/bnad.c
+++ b/drivers/net/bna/bnad.c
@@ -386,14 +386,12 @@ bnad_alloc_n_post_rxbufs(struct bnad *bnad, struct bna_rcb *rcb)
 			BNA_RXQ_QPGE_PTR_GET(unmap_prod, rcb->sw_qpt, rxent,
 					     wi_range);
 		}
-		skb = alloc_skb(rcb->rxq->buffer_size + NET_IP_ALIGN,
-				     GFP_ATOMIC);
+		skb = netdev_alloc_skb_ip_align(bnad->netdev,
+						rcb->rxq->buffer_size);
 		if (unlikely(!skb)) {
 			BNAD_UPDATE_CTR(bnad, rxbuf_alloc_failed);
 			goto finishing;
 		}
-		skb->dev = bnad->netdev;
-		skb_reserve(skb, NET_IP_ALIGN);
 		unmap_array[unmap_prod].skb = skb;
 		dma_addr = dma_map_single(&bnad->pcidev->dev, skb->data,
 					  rcb->rxq->buffer_size,



^ permalink raw reply related

* orphan sockets
From: Denys Fedoryshchenko @ 2011-07-08 15:13 UTC (permalink / raw)
  To: netdev

 Hi

 Just after digging orphan sockets problem, that was causing "Address 
 already in use" for bind(),i found that in documentation is mentioned:

 tcp_orphan_retries - INTEGER
         This value influences the timeout of a locally closed TCP 
 connection,
         when RTO retransmissions remain unacknowledged.
         See tcp_retries2 for more details.

         The default value is 7.
         If your machine is a loaded WEB server,
         you should think about lowering this value, such sockets
         may consume significant resources. Cf. tcp_max_orphans.


 But all servers i have, i notice that  tcp_orphan_retries = 0 by 
 default, i check in code, and found that:
         if (retries == 0 && alive)
                 retries = 8;
 is a bit confusing, that tcp_orphan_retries = 0, is in fact = 8, or to 
 be more exact is 8 if socket has rto < RTO_MAX. But nothing like 7 
 mentioned in documentation, i guess it is wrong?. My english too bad to 
 edit that, but maybe someone will take a look :-)


 ---
 System administrator
 Denys Fedoryshchenko
 Virtual ISP S.A.L.


^ permalink raw reply

* [PATCHv3] sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket
From: Thomas Graf @ 2011-07-08 14:37 UTC (permalink / raw)
  To: Vladislav Yasevich
  Cc: netdev, davem, Wei Yongjun, Sridhar Samudrala, linux-sctp
In-Reply-To: <4E170B00.9080406@hp.com>

Trigger user ABORT if application closes a socket which has data
queued on the socket receive queue or chunks waiting on the
reassembly or ordering queue as this would imply data being lost
which defeats the point of a graceful shutdown.

This behavior is already practiced in TCP.

We do not check the input queue because that would mean to parse
all chunks on it to look for unacknowledged data which seems too
much of an effort. Control chunks or duplicated chunks may also
be in the input queue and should not be stopping a graceful
shutdown.

Signed-off-by: Thomas Graf <tgraf@infradead.org>

diff --git a/include/net/sctp/ulpevent.h b/include/net/sctp/ulpevent.h
index 99b027b..ca4693b 100644
--- a/include/net/sctp/ulpevent.h
+++ b/include/net/sctp/ulpevent.h
@@ -80,7 +80,7 @@ static inline struct sctp_ulpevent *sctp_skb2event(struct sk_buff *skb)
 
 void sctp_ulpevent_free(struct sctp_ulpevent *);
 int sctp_ulpevent_is_notification(const struct sctp_ulpevent *);
-void sctp_queue_purge_ulpevents(struct sk_buff_head *list);
+unsigned int sctp_queue_purge_ulpevents(struct sk_buff_head *list);
 
 struct sctp_ulpevent *sctp_ulpevent_make_assoc_change(
 	const struct sctp_association *asoc,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 08c6238..d3ccf79 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1384,6 +1384,7 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
 	struct sctp_endpoint *ep;
 	struct sctp_association *asoc;
 	struct list_head *pos, *temp;
+	unsigned int data_was_unread;
 
 	SCTP_DEBUG_PRINTK("sctp_close(sk: 0x%p, timeout:%ld)\n", sk, timeout);
 
@@ -1393,6 +1394,10 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
 
 	ep = sctp_sk(sk)->ep;
 
+	/* Clean up any skbs sitting on the receive queue.  */
+	data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
+	data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
+
 	/* Walk all associations on an endpoint.  */
 	list_for_each_safe(pos, temp, &ep->asocs) {
 		asoc = list_entry(pos, struct sctp_association, asocs);
@@ -1410,7 +1415,9 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
 			}
 		}
 
-		if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
+		if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) ||
+		    !skb_queue_empty(&asoc->ulpq.reasm) ||
+		    (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) {
 			struct sctp_chunk *chunk;
 
 			chunk = sctp_make_abort_user(asoc, NULL, 0);
@@ -1420,10 +1427,6 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
 			sctp_primitive_SHUTDOWN(asoc, NULL);
 	}
 
-	/* Clean up any skbs sitting on the receive queue.  */
-	sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
-	sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
-
 	/* On a TCP-style socket, block for at most linger_time if set. */
 	if (sctp_style(sk, TCP) && timeout)
 		sctp_wait_for_close(sk, timeout);
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index e70e5fc..8a84017 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -1081,9 +1081,19 @@ void sctp_ulpevent_free(struct sctp_ulpevent *event)
 }
 
 /* Purge the skb lists holding ulpevents. */
-void sctp_queue_purge_ulpevents(struct sk_buff_head *list)
+unsigned int sctp_queue_purge_ulpevents(struct sk_buff_head *list)
 {
 	struct sk_buff *skb;
-	while ((skb = skb_dequeue(list)) != NULL)
-		sctp_ulpevent_free(sctp_skb2event(skb));
+	unsigned int data_unread = 0;
+
+	while ((skb = skb_dequeue(list)) != NULL) {
+		struct sctp_ulpevent *event = sctp_skb2event(skb);
+
+		if (!sctp_ulpevent_is_notification(event))
+			data_unread += skb->len;
+
+		sctp_ulpevent_free(event);
+	}
+
+	return data_unread;
 }

^ permalink raw reply related


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox