| Age | Commit message (Collapse) | Author |
|---|
|
This patch is intended to unify string length declarations and usage.
There are number of calls to strlen which return size_t object.
The size of this object depends on compiler if it will be bigger,
equal or even smaller than an unsigned int
Signed-off-by: Leon Romanovsky <leon@leon.nu>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
This patch cleans up a couple of unnecessary codes related to unused variables
and return values.
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
This patch also resolves the following warning reported by kbuild test robot.
fs/f2fs/gc.c: In function 'start_bidx_of_node':
fs/f2fs/gc.c:453:21: warning: 'bidx' may be used uninitialized in this function
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
We can directly return '0' from the function, instead of introducing a
'ret' variable.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
In function find_fsync_dnodes() - the fsync inodes gets added to the list, but
in one path suppose f2fs_iget results in error, in such case - error gets added
to the fsync inode list.
In next call to recover_data()->get_fsync_inode()
entry = list_entry(this, struct fsync_inode_entry, list);
if (entry->inode->i_ino == ino)
This can result in "invalid access to memory" when it encounters 'error' as
entry in the fsync inode list.
So, add the fsync inode entry to the list only in case of no errors.
And, free the object at that point itself in case of issue.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
Since, the memory for the object of dirty_seglist_info is allocated
using kzalloc - which returns zeroed out memory. So, there is no need
to initialize the nr_dirty values with zeroes.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
We should not set con->state to CLOSED here; that happens in
ceph_fault() in the caller, where it first asserts that the state
is not yet CLOSED. Avoids a BUG when the features don't match.
Since the fail_protocol() has become a trivial wrapper, replace
calls to it with direct calls to reset_connection().
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
|
|
A number of assertions in the ceph messenger are implemented with
BUG_ON(), killing the system if connection's state doesn't match
what's expected. At this point our state model is (evidently) not
well understood enough for these assertions to trigger a BUG().
Convert all BUG_ON(con->state...) calls to be WARN_ON(con->state...)
so we learn about these issues without killing the machine.
We now recognize that a connection fault can occur due to a socket
closure at any time, regardless of the state of the connection. So
there is really nothing we can assert about the state of the
connection at that point so eliminate that assertion.
Reported-by: Ugis <ugis22@gmail.com>
Tested-by: Ugis <ugis22@gmail.com>
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
|
|
When ceph_osdc_handle_map() is called to process a new osd map,
kick_requests() is called to ensure all affected requests are
updated if necessary to reflect changes in the osd map. This
happens in two cases: whenever an incremental map update is
processed; and when a full map update (or the last one if there is
more than one) gets processed.
In the former case, the kick_requests() call is followed immediately
by a call to reset_changed_osds() to ensure any connections to osds
affected by the map change are reset. But for full map updates
this isn't done.
Both cases should be doing this osd reset.
Rather than duplicating the reset_changed_osds() call, move it into
the end of kick_requests().
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
|
|
The kick_requests() function is called by ceph_osdc_handle_map()
when an osd map change has been indicated. Its purpose is to
re-queue any request whose target osd is different from what it
was when it was originally sent.
It is structured as two loops, one for incomplete but registered
requests, and a second for handling completed linger requests.
As a special case, in the first loop if a request marked to linger
has not yet completed, it is moved from the request list to the
linger list. This is as a quick and dirty way to have the second
loop handle sending the request along with all the other linger
requests.
Because of the way it's done now, however, this quick and dirty
solution can result in these incomplete linger requests never
getting re-sent as desired. The problem lies in the fact that
the second loop only arranges for a linger request to be sent
if it appears its target osd has changed. This is the proper
handling for *completed* linger requests (it avoids issuing
the same linger request twice to the same osd).
But although the linger requests added to the list in the first loop
may have been sent, they have not yet completed, so they need to be
re-sent regardless of whether their target osd has changed.
The first required fix is we need to avoid calling __map_request()
on any incomplete linger request. Otherwise the subsequent
__map_request() call in the second loop will find the target osd
has not changed and will therefore not re-send the request.
Second, we need to be sure that a sent but incomplete linger request
gets re-sent. If the target osd is the same with the new osd map as
it was when the request was originally sent, this won't happen.
This can be fixed through careful handling when we move these
requests from the request list to the linger list, by unregistering
the request *before* it is registered as a linger request. This
works because a side-effect of unregistering the request is to make
the request's r_osd pointer be NULL, and *that* will ensure the
second loop actually re-sends the linger request.
Processing of such a request is done at that point, so continue with
the next one once it's been moved.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
|
|
In case f2fs_iget_nowait returns error, it results in truncate_hole being
called with 'error' value as inode pointer. There is no check in truncate_hole
for valid inode, so it could result in crash due "invalid access to memory".
Avoid this by handling error condition properly.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
Practically, has_not_enough_free_secs() should calculate with the numbers of
current node and directory data blocks together.
Actually the equation was implemented in need_to_flush().
So, this patch removes need_flush() and moves the equation into
has_not_enough_free_secs().
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
This patch adds myself to MAINTAINERS entry for the f2fs file system.
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
This patch resolves a build warning reported by kbuild test robot.
"
fs/f2fs/segment.c: In function '__get_segment_type':
fs/f2fs/segment.c:806:1: warning: control reaches end of non-void
function [-Wreturn-type]
"
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
The new_node_page() is processed as the following procedure.
1. A new node page is allocated.
2. Set PageUptodate with proper footer information.
3. Check if there is a free space for allocation
4.a. If there is no space, f2fs returns with -ENOSPC.
4.b. Otherwise, go next.
In the case of step #4.a, f2fs remains a wrong node page in the page cache
with the uptodate flag.
Also, even though a new node page is allocated successfully, an error can be
occurred afterwards due to allocation failure of the other data structures.
In such a case, remove_inode_page() would be triggered, so that we have to
clear uptodate flag in truncate_node() too.
So, we should remove the uptodate flag, if allocation is failed.
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
m68k allmodconfig:
fs/f2fs/data.c: In function ‘read_end_io’:
fs/f2fs/data.c:311: error: implicit declaration of function ‘prefetchw’
fs/f2fs/segment.c: In function ‘f2fs_end_io_write’:
fs/f2fs/segment.c:628: error: implicit declaration of function ‘prefetchw’
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
- Report i2c errors to userspace in lm73 driver
- Fix problem with DIV_ROUND_CLOSEST and unsigned divisors in emc6w201
driver
* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (emc6w201) Fix DIV_ROUND_CLOSEST problem with unsigned divisors
hwmon: (lm73} Detect and report i2c bus errors
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace fixes from Eric Biederman:
"This tree includes two bug fixes for problems Oleg spotted on his
review of the recent pid namespace work. A small fix to not enable
bottom halves with irqs disabled, and a trivial build fix for f2fs
with user namespaces enabled."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
f2fs: Don't assign e_id in f2fs_acl_from_disk
proc: Allow proc_free_inum to be called from any context
pidns: Stop pid allocation when init dies
pidns: Outlaw thread creation after unshare(CLONE_NEWPID)
|
|
Pull networking fixes from David Miller:
1) GRE tunnel drivers don't set the transport header properly, they also
blindly deref the inner protocol ipv4 and needs some checks. Fixes
from Isaku Yamahata.
2) Fix sleeps while atomic in netdevice rename code, from Eric Dumazet.
3) Fix double-spinlock in solos-pci driver, from Dan Carpenter.
4) More ARP bug fixes. Fix lockdep splat in arp_solicit() and then the
bug accidentally added by that fix. From Eric Dumazet and Cong Wang.
5) Remove some __dev* annotations that slipped back in, as well as all
HOTPLUG references. From Greg KH
6) RDS protocol uses wrong interfaces to access scatter-gather elements,
causing a regression. From Mike Marciniszyn.
7) Fix build error in cpts driver, from Richard Cochran.
8) Fix arithmetic in packet scheduler, from Stefan Hasko.
9) Similarly, fix association during calculation of random backoff in
batman-adv. From Akinobu Mita.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits)
ipv6/ip6_gre: set transport header correctly
ipv4/ip_gre: set transport header correctly to gre header
IB/rds: suppress incompatible protocol when version is known
IB/rds: Correct ib_api use with gs_dma_address/sg_dma_len
net/vxlan: Use the underlying device index when joining/leaving multicast groups
tcp: should drop incoming frames without ACK flag set
netprio_cgroup: define sk_cgrp_prioidx only if NETPRIO_CGROUP is enabled
cpts: fix a run time warn_on.
cpts: fix build error by removing useless code.
batman-adv: fix random jitter calculation
arp: fix a regression in arp_solicit()
net: sched: integer overflow fix
CONFIG_HOTPLUG removal from networking core
Drivers: network: more __dev* removal
bridge: call br_netpoll_disable in br_add_if
ipv4: arp: fix a lockdep splat in arp_solicit()
tuntap: dont use a private kmem_cache
net: devnet_rename_seq should be a seqcount
ip_gre: fix possible use after free
ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally
...
|
|
Reduce the HDMI resource size from 0x100000 to 0x70000 so it
doesn't overlap the Displayport resource space.
HDMI: (0x14530000 - 0x145A0000)
DP: (0x145B0000 - 0x145B1000)
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Prathyush K <prathyush.k@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
|
|
When probing aux_dev, initializing is as below:
device_initialize()
device_add()
So when remove aux_dev, we need do as below:
device_del()
device_put()
Otherwise, the rtd_release() will not be called.
So here using device_unregister() to replace device_del(),
like the action in soc_remove_link_dais().
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
|
|
After called device_initialize(), even device_add() returns
error, we still need use the put_device() to release the reference
to call rtd_release(), which will do the free() action.
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
|
|
The value is incorrect and were copied in Linux 2.5.4 from i386.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This reverts commit ff401e52100dcdc85e572d1ad376d3307b3fe28e.
This breaks on MIPS64 R2 cores such as Broadcom's.
|
|
Commit 4be3d2f3966b9f010bb997dcab25e7af489a841e ("MIPS: perf: Add XLP
support for hardware perf.") added UNSUPPORTED_PERF_EVENT_ID which was
removed a while back.
Cc: Zi Shen Lim <zlim@netlogicmicro.com>
Cc: Jayachandran C <jchandra@broadcom.com>
Cc: Linux-MIPS <linux-mips@linux-mips.org>
Cc: John Crispin <blogic@openwrt.org>
Cc: Zi Shen Lim <zlim@netlogicmicro.com>
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Acked-by: Jayachandran C <jchandra@broadcom.com>
Patchwork: https://patchwork.linux-mips.org/patch/4730/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Now that the r4k timer is registered no matter what, bump the rating of
the Alchemy 32kHz timer so that it gets used when it is working,
and fall back on the r4k when it isn't.
This fixes a timer-related hang on platform with a working 32kHz timer
(the better rated c0 timer stops while executing 'wait' leading to (almost)
eternal sleep) and an oops on boot on platforms without a working 32kHz
timer (due to double registration of the r4k timer).
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Cc: Linux-MIPS <linux-mips@linux-mips.org>
Patchwork: https://patchwork.linux-mips.org/patch/4728/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Instantiating the driver with no available regulator results in:
[39711.686393] i2c i2c-7: new_device: Instantiated device max1139 at 0x35
[39711.688687] BUG: unable to handle kernel paging request at fffffffffffffe13
[39711.688734] IP: [<ffffffff813e835b>] regulator_disable+0x1b/0x80
[39711.688788] PGD 1c0e067 PUD 1c0f067 PMD 0
[39711.688835] Oops: 0000 [#1] SMP
Caused by bad probe error path. Fix it.
Driver should also not attempt to free the interrupt in its error path if
none was allocated. Fix that problem as well.
Finally, testing if the regulator was allocated is not necessary in the
remove function, since the probe function bails out if this is the case.
Remove that check.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to voltage_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to voltage_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to voltage_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to voltage_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Don't set error code to to pos_voltage_uv and neg_voltage_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to st->vref_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
regulator_get_voltage() may return negative error code.
Add error checking to avoid setting error code to st->vref_uv.
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Not much to say, without that change, hid-sensor-trigger will be
always compiled if HID_SENSOR_IIO_COMMON is selected which fails if
CONFIG_IIO_TRIGGER is not set because CONFIG_IIO_CONSUMERS_PER_TRIGGER
will not be defined.
Signed-off-by: Alexander Holler <holler@ahsoftware.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
/opt/work/linux-2.6/drivers/iio/adc/at91_adc.c: In function 'at91_adc_trigger_handler':
/opt/work/linux-2.6/drivers/iio/adc/at91_adc.c:83:22: error: 'indio_dev' undeclared (first use in this function)
/opt/work/linux-2.6/drivers/iio/adc/at91_adc.c:83:22: note: each undeclared identifier is reported only once for each function it appears in
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Cc: linux-iio@vger.kernel.org
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Commit 9d5e9fdf ("staging:iio:adis16260: Use adis library") switched over the
adis16260 driver to use the common adis library but neglected to update the
Kconfig entry to reflect the change.
This leads to the following compile error if no other driver selects the adis
library:
drivers/built-in.o: In function `adis16260_write_frequency':
adis16260_core.c:(.text+0x5a83bf): undefined reference to `adis_write_reg_8'
drivers/built-in.o: In function `adis16260_read_frequency':
adis16260_core.c:(.text+0x5a8433): undefined reference to `adis_read_reg_16'
drivers/built-in.o: In function `adis16260_write_raw':
adis16260_core.c:(.text+0x5a8538): undefined reference to `adis_write_reg_16'
adis16260_core.c:(.text+0x5a856b): undefined reference to `adis_write_reg_16'
drivers/built-in.o: In function `adis16260_read_raw':
adis16260_core.c:(.text+0x5a85d3): undefined reference to `adis_single_conversion'
adis16260_core.c:(.text+0x5a873e): undefined reference to `adis_read_reg_16'
adis16260_core.c:(.text+0x5a87fb): undefined reference to `adis_read_reg_16'
drivers/built-in.o: In function `adis16260_probe':
adis16260_core.c:(.devinit.text+0x5c6b8): undefined reference to `adis_init'
adis16260_core.c:(.devinit.text+0x5c799): undefined reference to `adis_initial_startup'
drivers/built-in.o: In function `adis16260_remove':
adis16260_core.c:(.devexit.text+0x9943): undefined reference to `adis_write_reg_16'
This patch updates the adis16260 Kconfig entry to select the adis library.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
There is a typo in the adf4350 driver turning a shift into a compare. This patch
fixes it.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
When trying to mount a file system which does not contain a journal,
but which does have a orphan list containing an inode which needs to
be truncated, the mount call with hang forever in
ext4_orphan_cleanup() because ext4_orphan_del() will return
immediately without removing the inode from the orphan list, leading
to an uninterruptible loop in kernel code which will busy out one of
the CPU's on the system.
This can be trivially reproduced by trying to mount the file system
found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs
source tree. If a malicious user were to put this on a USB stick, and
mount it on a Linux desktop which has automatic mounts enabled, this
could be considered a potential denial of service attack. (Not a big
deal in practice, but professional paranoids worry about such things,
and have even been known to allocate CVE numbers for such problems.)
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
Cc: stable@vger.kernel.org
|
|
Commit c278531d39 added a warning when ext4_flush_unwritten_io() is
called without i_mutex being taken. It had previously not been taken
during orphan cleanup since races weren't possible at that point in
the mount process, but as a result of this c278531d39, we will now see
a kernel WARN_ON in this case. Take the i_mutex in
ext4_orphan_cleanup() to suppress this warning.
Reported-by: Alexander Beregalov <a.beregalov@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
Cc: stable@vger.kernel.org
|
|
ip6gre_xmit2() incorrectly sets transport header to inner payload
instead of GRE header. It seems copy-and-pasted from ipip.c.
Set transport header to gre header.
(In ipip case the transport header is the inner ip header, so that's
correct.)
Found by inspection. In practice the incorrect transport header
doesn't matter because the skb usually is sent to another net_device
or socket, so the transport header isn't referenced.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
ipgre_tunnel_xmit() incorrectly sets transport header to inner payload
instead of GRE header. It seems copy-and-pasted from ipip.c.
So set transport header to gre header.
(In ipip case the transport header is the inner ip header, so that's
correct.)
Found by inspection. In practice the incorrect transport header
doesn't matter because the skb usually is sent to another net_device
or socket, so the transport header isn't referenced.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Add an else to only print the incompatible protocol message
when version hasn't been established.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
0b088e00 ("RDS: Use page_remainder_alloc() for recv bufs")
added uses of sg_dma_len() and sg_dma_address(). This makes
RDS DOA with the qib driver.
IB ulps should use ib_sg_dma_len() and ib_sg_dma_address
respectively since some HCAs overload ib_sg_dma* operations.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The socket calls from vxlan to join/leave multicast group aren't
using the index of the underlying device, as a result the stack uses
the first interface that is up. This results in vxlan being non functional
over a device which isn't the 1st to be up.
Fix this by providing the iflink field to the vxlan instance
to the multicast calls.
Signed-off-by: Yan Burman <yanb@mellanox.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
In commit 96e0bf4b5193d (tcp: Discard segments that ack data not yet
sent) John Dykstra enforced a check against ack sequences.
In commit 354e4aa391ed5 (tcp: RFC 5961 5.2 Blind Data Injection Attack
Mitigation) I added more safety tests.
But we missed fact that these tests are not performed if ACK bit is
not set.
RFC 793 3.9 mandates TCP should drop a frame without ACK flag set.
" fifth check the ACK field,
if the ACK bit is off drop the segment and return"
Not doing so permits an attacker to only guess an acceptable sequence
number, evading stronger checks.
Many thanks to Zhiyun Qian for bringing this issue to our attention.
See :
http://web.eecs.umich.edu/~zhiyunq/pub/ccs12_TCP_sequence_number_inference.pdf
Reported-by: Zhiyun Qian <zhiyunq@umich.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Unfortunately with !CONFIG_PAGEFLAGS_EXTENDED, (!PageHead) is false, and
(PageHead) is true, for tail pages. If this is indeed the intended
behavior, which I doubt because it breaks cache cleaning on some ARM
systems, then the nomenclature is highly problematic.
This patch makes sure PageHead is only true for head pages and PageTail
is only true for tail pages, and neither is true for non-compound pages.
[ This buglet seems ancient - seems to have been introduced back in Apr
2008 in commit 6a1e7f777f61: "pageflags: convert to the use of new
macros". And the reason nobody noticed is because the PageHead()
tests are almost all about just sanity-checking, and only used on
pages that are actual page heads. The fact that the old code returned
true for tail pages too was thus not really noticeable. - Linus ]
Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Will Deacon <Will.Deacon@arm.com>
Cc: Steve Capper <Steve.Capper@arm.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: stable@kernel.org # 2.6.26+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
sock->sk_cgrp_prioidx won't be used at all if CONFIG_NETPRIO_CGROUP=n.
Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch fixes a warning in clk_enable by calling clk_prepare_enable
instead.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The cpts driver tries to obtain the input clock frequency by calling the
clock's internal 'recalc' method. Since <plat/clock.h> has been removed,
this code can no longer compile.
However, the driver never makes use of the frequency value, so this patch
fixes the issue by removing the offending code altogether.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
