<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/net, branch v3.10.41</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/net?h=v3.10.41</id>
<link rel='self' href='https://git.amat.us/linux/atom/net?h=v3.10.41'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2014-05-31T04:52:16Z</updated>
<entry>
<title>net-gro: reset skb-&gt;truesize in napi_reuse_skb()</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2014-04-03T16:28:10Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=fd6b1194f0096af91c6e2b31065f5f9d2b066d80'/>
<id>urn:sha1:fd6b1194f0096af91c6e2b31065f5f9d2b066d80</id>
<content type='text'>
[ Upstream commit e33d0ba8047b049c9262fdb1fcafb93cb52ceceb ]

Recycling skb always had been very tough...

This time it appears GRO layer can accumulate skb-&gt;truesize
adjustments made by drivers when they attach a fragment to skb.

skb_gro_receive() can only subtract from skb-&gt;truesize the used part
of a fragment.

I spotted this problem seeing TcpExtPruneCalled and
TcpExtTCPRcvCollapsed that were unexpected with a recent kernel, where
TCP receive window should be sized properly to accept traffic coming
from a driver not overshooting skb-&gt;truesize.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ipv4: initialise the itag variable in __mkroute_input</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Li RongQing</name>
<email>roy.qing.li@gmail.com</email>
</author>
<published>2014-05-22T08:36:55Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=809d0bf75e96b1f9241e58e9d6ef64d1de8ce053'/>
<id>urn:sha1:809d0bf75e96b1f9241e58e9d6ef64d1de8ce053</id>
<content type='text'>
[ Upstream commit fbdc0ad095c0a299e9abf5d8ac8f58374951149a ]

the value of itag is a random value from stack, and may not be initiated by
fib_validate_source, which called fib_combine_itag if CONFIG_IP_ROUTE_CLASSID
is not set

This will make the cached dst uncertainty

Signed-off-by: Li RongQing &lt;roy.qing.li@gmail.com&gt;
Acked-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ip6_tunnel: fix potential NULL pointer dereference</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Susant Sahani</name>
<email>susant@redhat.com</email>
</author>
<published>2014-05-09T18:41:32Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=4cba246ac61971484e454ee16efabb51e7452572'/>
<id>urn:sha1:4cba246ac61971484e454ee16efabb51e7452572</id>
<content type='text'>
[ Upstream commit c8965932a2e3b70197ec02c6741c29460279e2a8 ]

The function ip6_tnl_validate assumes that the rtnl
attribute IFLA_IPTUN_PROTO always be filled . If this
attribute is not filled by  the userspace application
kernel get crashed with NULL pointer dereference. This
patch fixes the potential kernel crash when
IFLA_IPTUN_PROTO is missing .

Signed-off-by: Susant Sahani &lt;susant@redhat.com&gt;
Acked-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ipv4: fib_semantics: increment fib_info_cnt after fib_info allocation</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Sergey Popovich</name>
<email>popovich_sergei@mail.ru</email>
</author>
<published>2014-05-06T15:23:08Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=6e020d8ab8dad5c4ebb5317898d05d437a6f5c49'/>
<id>urn:sha1:6e020d8ab8dad5c4ebb5317898d05d437a6f5c49</id>
<content type='text'>
[ Upstream commit aeefa1ecfc799b0ea2c4979617f14cecd5cccbfd ]

Increment fib_info_cnt in fib_create_info() right after successfuly
alllocating fib_info structure, overwise fib_metrics allocation failure
leads to fib_info_cnt incorrectly decremented in free_fib_info(), called
on error path from fib_create_info().

Signed-off-by: Sergey Popovich &lt;popovich_sergei@mail.ru&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: ipv6: send pkttoobig immediately if orig frag size &gt; mtu</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Florian Westphal</name>
<email>fw@strlen.de</email>
</author>
<published>2014-05-04T22:03:34Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=bbdd224c0ad28a77161aeb8c45d34fe0928ef997'/>
<id>urn:sha1:bbdd224c0ad28a77161aeb8c45d34fe0928ef997</id>
<content type='text'>
[ Upstream commit 418a31561d594a2b636c1e2fa94ecd9e1245abb1 ]

If conntrack defragments incoming ipv6 frags it stores largest original
frag size in ip6cb and sets -&gt;local_df.

We must thus first test the largest original frag size vs. mtu, and not
vice versa.

Without this patch PKTTOOBIG is still generated in ip6_fragment() later
in the stack, but

1) IPSTATS_MIB_INTOOBIGERRORS won't increment
2) packet did (needlessly) traverse netfilter postrouting hook.

Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path")
Signed-off-by: Florian Westphal &lt;fw@strlen.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>net: ipv4: ip_forward: fix inverted local_df test</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Florian Westphal</name>
<email>fw@strlen.de</email>
</author>
<published>2014-05-04T21:24:31Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=5478c9cb6b408df9d649e73816d23c40aa7d6d4b'/>
<id>urn:sha1:5478c9cb6b408df9d649e73816d23c40aa7d6d4b</id>
<content type='text'>
[ Upstream commit ca6c5d4ad216d5942ae544bbf02503041bd802aa ]

local_df means 'ignore DF bit if set', so if its set we're
allowed to perform ip fragmentation.

This wasn't noticed earlier because the output path also drops such skbs
(and emits needed icmp error) and because netfilter ip defrag did not
set local_df until couple of days ago.

Only difference is that DF-packets-larger-than MTU now discarded
earlier (f.e. we avoid pointless netfilter postrouting trip).

While at it, drop the repeated test ip_exceeds_mtu, checking it once
is enough...

Fixes: fe6cc55f3a9 ("net: ip, ipv6: handle gso skbs in forwarding path")
Signed-off-by: Florian Westphal &lt;fw@strlen.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tcp_cubic: fix the range of delayed_ack</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Liu Yu</name>
<email>allanyuliu@tencent.com</email>
</author>
<published>2014-04-30T09:34:09Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=28e00c4c37f1100394928e28e7fcdc58640440aa'/>
<id>urn:sha1:28e00c4c37f1100394928e28e7fcdc58640440aa</id>
<content type='text'>
[ Upstream commit 0cda345d1b2201dd15591b163e3c92bad5191745 ]

commit b9f47a3aaeab (tcp_cubic: limit delayed_ack ratio to prevent
divide error) try to prevent divide error, but there is still a little
chance that delayed_ack can reach zero. In case the param cnt get
negative value, then ratio+cnt would overflow and may happen to be zero.
As a result, min(ratio, ACK_RATIO_LIMIT) will calculate to be zero.

In some old kernels, such as 2.6.32, there is a bug that would
pass negative param, which then ultimately leads to this divide error.

commit 5b35e1e6e9c (tcp: fix tcp_trim_head() to adjust segment count
with skb MSS) fixed the negative param issue. However,
it's safe that we fix the range of delayed_ack as well,
to make sure we do not hit a divide by zero.

CC: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Signed-off-by: Liu Yu &lt;allanyuliu@tencent.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: Neal Cardwell &lt;ncardwell@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sctp: reset flowi4_oif parameter on route lookup</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Xufeng Zhang</name>
<email>xufeng.zhang@windriver.com</email>
</author>
<published>2014-04-25T08:55:41Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=4de3e298aa5eaf1982c4068d76a2246054eed34c'/>
<id>urn:sha1:4de3e298aa5eaf1982c4068d76a2246054eed34c</id>
<content type='text'>
[ Upstream commit 85350871317a5adb35519d9dc6fc9e80809d42ad ]

commit 813b3b5db83 (ipv4: Use caller's on-stack flowi as-is
in output route lookups.) introduces another regression which
is very similar to the problem of commit e6b45241c (ipv4: reset
flowi parameters on route connect) wants to fix:
Before we call ip_route_output_key() in sctp_v4_get_dst() to
get a dst that matches a bind address as the source address,
we have already called this function previously and the flowi
parameters have been initialized including flowi4_oif, so when
we call this function again, the process in __ip_route_output_key()
will be different because of the setting of flowi4_oif, and we'll
get a networking device which corresponds to the inputted flowi4_oif
as the output device, this is wrong because we'll never hit this
place if the previously returned source address of dst match one
of the bound addresses.

To reproduce this problem, a vlan setting is enough:
  # ifconfig eth0 up
  # route del default
  # vconfig add eth0 2
  # vconfig add eth0 3
  # ifconfig eth0.2 10.0.1.14 netmask 255.255.255.0
  # route add default gw 10.0.1.254 dev eth0.2
  # ifconfig eth0.3 10.0.0.14 netmask 255.255.255.0
  # ip rule add from 10.0.0.14 table 4
  # ip route add table 4 default via 10.0.0.254 src 10.0.0.14 dev eth0.3
  # sctp_darn -H 10.0.0.14 -P 36422 -h 10.1.4.134 -p 36422 -s -I
You'll detect that all the flow are routed to eth0.2(10.0.1.254).

Signed-off-by: Xufeng Zhang &lt;xufeng.zhang@windriver.com&gt;
Signed-off-by: Julian Anastasov &lt;ja@ssi.bg&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bridge: Handle IFLA_ADDRESS correctly when creating bridge device</title>
<updated>2014-05-31T04:52:16Z</updated>
<author>
<name>Toshiaki Makita</name>
<email>makita.toshiaki@lab.ntt.co.jp</email>
</author>
<published>2014-04-25T08:01:18Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=28ad29fc24863062b43c0893f8475bedb38d4862'/>
<id>urn:sha1:28ad29fc24863062b43c0893f8475bedb38d4862</id>
<content type='text'>
[ Upstream commit 30313a3d5794472c3548d7288e306a5492030370 ]

When bridge device is created with IFLA_ADDRESS, we are not calling
br_stp_change_bridge_id(), which leads to incorrect local fdb
management and bridge id calculation, and prevents us from receiving
frames on the bridge device.

Reported-by: Tom Gundersen &lt;teg@jklm.no&gt;
Signed-off-by: Toshiaki Makita &lt;makita.toshiaki@lab.ntt.co.jp&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ipv6: fib: fix fib dump restart</title>
<updated>2014-05-31T04:52:15Z</updated>
<author>
<name>Kumar Sundararajan</name>
<email>kumar@fb.com</email>
</author>
<published>2014-04-24T13:48:53Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=83445f0d5cd735169879d9e1179d1d35d559ea07'/>
<id>urn:sha1:83445f0d5cd735169879d9e1179d1d35d559ea07</id>
<content type='text'>
[ Upstream commit 1c2658545816088477e91860c3a645053719cb54 ]

When the ipv6 fib changes during a table dump, the walk is
restarted and the number of nodes dumped are skipped. But the existing
code doesn't advance to the next node after a node is skipped. This can
cause the dump to loop or produce lots of duplicates when the fib
is modified during the dump.

This change advances the walk to the next node if the current node is
skipped after a restart.

Signed-off-by: Kumar Sundararajan &lt;kumar@fb.com&gt;
Signed-off-by: Chris Mason &lt;clm@fb.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
</feed>
