<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/net/core, branch v3.5.5</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/net/core?h=v3.5.5</id>
<link rel='self' href='https://git.amat.us/linux/atom/net/core?h=v3.5.5'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2012-10-02T17:38:54Z</updated>
<entry>
<title>af_packet: don't emit packet on orig fanout group</title>
<updated>2012-10-02T17:38:54Z</updated>
<author>
<name>Eric Leblond</name>
<email>eric@regit.org</email>
</author>
<published>2012-08-16T22:02:58Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=c182b9556632ce565dc7ecbb49759334628f75bb'/>
<id>urn:sha1:c182b9556632ce565dc7ecbb49759334628f75bb</id>
<content type='text'>
[ Upstream commit c0de08d04215031d68fa13af36f347a6cfa252ca ]

If a packet is emitted on one socket in one group of fanout sockets,
it is transmitted again. It is thus read again on one of the sockets
of the fanout group. This result in a loop for software which
generate packets when receiving one.
This retransmission is not the intended behavior: a fanout group
must behave like a single socket. The packet should not be
transmitted on a socket if it originates from a socket belonging
to the same fanout group.

This patch fixes the issue by changing the transmission check to
take fanout group info account.

Reported-by: Aleksandr Kotov &lt;a1k@mail.ru&gt;
Signed-off-by: Eric Leblond &lt;eric@regit.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net/core: Fix potential memory leak in dev_set_alias()</title>
<updated>2012-10-02T17:38:40Z</updated>
<author>
<name>Alexey Khoroshilov</name>
<email>khoroshilov@ispras.ru</email>
</author>
<published>2012-08-08T00:33:25Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=b5db88321043909060745304c1e485a6a2839d31'/>
<id>urn:sha1:b5db88321043909060745304c1e485a6a2839d31</id>
<content type='text'>
[ Upstream commit 7364e445f62825758fa61195d237a5b8ecdd06ec ]

Do not leak memory by updating pointer with potentially NULL realloc return value.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov &lt;khoroshilov@ispras.ru&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tcp: Apply device TSO segment limit earlier</title>
<updated>2012-10-02T17:38:39Z</updated>
<author>
<name>Ben Hutchings</name>
<email>bhutchings@solarflare.com</email>
</author>
<published>2012-07-30T16:11:42Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=b541db6330465eae0032d46d7d67ca7e0e1047e2'/>
<id>urn:sha1:b541db6330465eae0032d46d7d67ca7e0e1047e2</id>
<content type='text'>
[ Upstream commit 1485348d2424e1131ea42efc033cbd9366462b01 ]

Cache the device gso_max_segs in sock::sk_gso_max_segs and use it to
limit the size of TSO skbs.  This avoids the need to fall back to
software GSO for local TCP senders.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: Allow driver to limit number of GSO segments per skb</title>
<updated>2012-10-02T17:38:39Z</updated>
<author>
<name>Ben Hutchings</name>
<email>bhutchings@solarflare.com</email>
</author>
<published>2012-07-30T15:57:00Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=525e07b8b6f18aec949c9f68672a0a3e3d8c38b1'/>
<id>urn:sha1:525e07b8b6f18aec949c9f68672a0a3e3d8c38b1</id>
<content type='text'>
[ Upstream commit 30b678d844af3305cda5953467005cebb5d7b687 ]

A peer (or local user) may cause TCP to use a nominal MSS of as little
as 88 (actual MSS of 76 with timestamps).  Given that we have a
sufficiently prodigious local sender and the peer ACKs quickly enough,
it is nevertheless possible to grow the window for such a connection
to the point that we will try to send just under 64K at once.  This
results in a single skb that expands to 861 segments.

In some drivers with TSO support, such an skb will require hundreds of
DMA descriptors; a substantial fraction of a TX ring or even more than
a full ring.  The TX queue selected for the skb may stall and trigger
the TX watchdog repeatedly (since the problem skb will be retried
after the TX reset).  This particularly affects sfc, for which the
issue is designated as CVE-2012-3412.

Therefore:
1. Add the field net_device::gso_max_segs holding the device-specific
   limit.
2. In netif_skb_features(), if the number of segments is too high then
   mask out GSO features to force fall back to software GSO.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: feed /dev/random with the MAC address when registering a device</title>
<updated>2012-08-15T14:52:48Z</updated>
<author>
<name>Theodore Ts'o</name>
<email>tytso@mit.edu</email>
</author>
<published>2012-07-05T01:23:25Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=b8570c10637c4e3666b6da473a17fa5484d3b06c'/>
<id>urn:sha1:b8570c10637c4e3666b6da473a17fa5484d3b06c</id>
<content type='text'>
commit 7bf2357524408b97fec58344caf7397f8140c3fd upstream.

Cc: David Miller &lt;davem@davemloft.net&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: "Theodore Ts'o" &lt;tytso@mit.edu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
</entry>
<entry>
<title>net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling</title>
<updated>2012-08-09T15:23:13Z</updated>
<author>
<name>Jiri Benc</name>
<email>jbenc@redhat.com</email>
</author>
<published>2012-07-27T02:58:22Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=b71b10d6e9c2e3ddded0204be9b75719991a62b6'/>
<id>urn:sha1:b71b10d6e9c2e3ddded0204be9b75719991a62b6</id>
<content type='text'>
[ Upstream commit b1beb681cba5358f62e6187340660ade226a5fcc ]

When device flags are set using rtnetlink, IFF_PROMISC and IFF_ALLMULTI
flags are handled specially. Function dev_change_flags sets IFF_PROMISC and
IFF_ALLMULTI bits in dev-&gt;gflags according to the passed value but
do_setlink passes a result of rtnl_dev_combine_flags which takes those bits
from dev-&gt;flags.

This can be easily trigerred by doing:

tcpdump -i eth0 &amp;
ip l s up eth0

ip sets IFF_UP flag in ifi_flags and ifi_change, which is combined with
IFF_PROMISC by rtnl_dev_combine_flags, causing __dev_change_flags to set
IFF_PROMISC in gflags.

Reported-by: Max Matveev &lt;makc@redhat.com&gt;
Signed-off-by: Jiri Benc &lt;jbenc@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: Statically initialize init_net.dev_base_head</title>
<updated>2012-07-18T20:32:27Z</updated>
<author>
<name>Rustad, Mark D</name>
<email>mark.d.rustad@intel.com</email>
</author>
<published>2012-07-18T09:06:07Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=734b65417b24d6eea3e3d7457e1f11493890ee1d'/>
<id>urn:sha1:734b65417b24d6eea3e3d7457e1f11493890ee1d</id>
<content type='text'>
This change eliminates an initialization-order hazard most
recently seen when netprio_cgroup is built into the kernel.

With thanks to Eric Dumazet for catching a bug.

Signed-off-by: Mark Rustad &lt;mark.d.rustad@intel.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>net: cgroup: fix access the unallocated memory in netprio cgroup</title>
<updated>2012-07-17T06:00:43Z</updated>
<author>
<name>Gao feng</name>
<email>gaofeng@cn.fujitsu.com</email>
</author>
<published>2012-07-11T21:50:15Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=ef209f15980360f6945873df3cd710c5f62f2a3e'/>
<id>urn:sha1:ef209f15980360f6945873df3cd710c5f62f2a3e</id>
<content type='text'>
there are some out of bound accesses in netprio cgroup.

now before accessing the dev-&gt;priomap.priomap array,we only check
if the dev-&gt;priomap exist.and because we don't want to see
additional bound checkings in fast path, so we should make sure
that dev-&gt;priomap is null or array size of dev-&gt;priomap.priomap
is equal to max_prioidx + 1;

so in write_priomap logic,we should call extend_netdev_table when
dev-&gt;priomap is null and dev-&gt;priomap.priomap_len &lt; max_len.
and in cgrp_create-&gt;update_netdev_tables logic,we should call
extend_netdev_table only when dev-&gt;priomap exist and
dev-&gt;priomap.priomap_len &lt; max_len.

and it's not needed to call update_netdev_tables in write_priomap,
we can only allocate the net device's priomap which we change through
net_prio.ifpriomap.

this patch also add a return value for update_netdev_tables &amp;
extend_netdev_table, so when new_priomap is allocated failed,
write_priomap will stop to access the priomap,and return -ENOMEM
back to the userspace to tell the user what happend.

Change From v3:
1. add rtnl protect when reading max_prioidx in write_priomap.

2. only call extend_netdev_table when map-&gt;priomap_len &lt; max_len,
   this will make sure array size of dev-&gt;map-&gt;priomap always
   bigger than any prioidx.

3. add a function write_update_netdev_table to make codes clear.

Change From v2:
1. protect extend_netdev_table by RTNL.
2. when extend_netdev_table failed,call dev_put to reduce device's refcount.

Signed-off-by: Gao feng &lt;gaofeng@cn.fujitsu.com&gt;
Cc: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Cc: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>net: respect GFP_DMA in __netdev_alloc_skb()</title>
<updated>2012-07-16T11:17:49Z</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2012-07-16T11:15:52Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=310e158cc3b7a6adf41e778d52be746c4dc88561'/>
<id>urn:sha1:310e158cc3b7a6adf41e778d52be746c4dc88561</id>
<content type='text'>
Few drivers use GFP_DMA allocations, and netdev_alloc_frag()
doesn't allocate pages in DMA zone.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
<entry>
<title>net: cgroup: fix out of bounds accesses</title>
<updated>2012-07-09T21:50:54Z</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2012-07-08T21:45:10Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=91c68ce2b26319248a32d7baa1226f819d283758'/>
<id>urn:sha1:91c68ce2b26319248a32d7baa1226f819d283758</id>
<content type='text'>
dev-&gt;priomap is allocated by extend_netdev_table() called from
update_netdev_tables().
And this is only called if write_priomap() is called.

But if write_priomap() is not called, it seems we can have out of bounds
accesses in cgrp_destroy(), read_priomap() &amp; skb_update_prio()

With help from Gao Feng

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Cc: Gao feng &lt;gaofeng@cn.fujitsu.com&gt;
Acked-by: Gao feng &lt;gaofeng@cn.fujitsu.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
</entry>
</feed>
