If an INIT with invalid parameter length look like this:
Parameter Type : 1
Parameter Length: 800
and not contain any payload, SCTP will ignore this parameter and send
back a INIT-ACK.
This patch is fix to handle this invalid parameter length correctly.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Currently we abort on the INIT chunk we our backlog is currenlty
exceeded. Delay this about untill COOKIE-ECHO to give the user
time to accept the socket. Also, make sure that we treat
sk_max_backlog of 0 as no connections allowed.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
When performing a retransmit, do not include the chunk if
it was sent less then 1 rtt ago. The reason is that we
may receive the SACK very soon and wouldn't retransmit.
Suggested by Randy Stewart.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Do not set Unconfirmed transports to Inactive state. This may
result in an inactive association being destroyed since we start
counting errors on "inactive" transports against the association.
This was found at the SCTP interop event.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
sctp_bindx() allows the use of unspecified port. The problem is
that every address we bind to ends up selecting a new port if
the user specified port 0. This patch allows re-use of the
already selected port when the port from bindx was 0.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
When multi bundling SHUTDOWN-ACK message is received in ESTAB state,
this will cause "sctp protocol violation state" message print many times.
If SHUTDOWN-ACK is bundled 300 times in one packet, message will be
print 300 times. The same problem also exists when received unexpected
HEARTBEAT-ACK message which is bundled message times.
This patch used net_ratelimit() to suppress error messages print too fast.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
PROTOCOL VIOLATION error cause in ABORT is bad encode when make abort
chunk. When SCTP encode ABORT chunk with PROTOCOL VIOLATION error cause,
it just add the error messages to PROTOCOL VIOLATION error cause, the
rest four bytes(struct sctp_paramhdr) is just add to the chunk, not
change the length of error cause. This cause the ABORT chunk to be a bad
format. The chunk is like this:
ABORT chunk
Chunk type: ABORT (6)
Chunk flags: 0x00
Chunk length: 72 (*1)
Protocol violation cause
Cause code: Protocol violation (0x000d)
Cause length: 62 (*2)
Cause information: 5468652063756D756C61746976652074736E2061636B2062...
Cause padding: 0000
[Needless] 00030010
Chunk Length(*1) = 72 but Cause length(*2) only 62, not include the
extend 4 bytes.
((72 - sizeof(chunk_hdr)) = 68) != (62 +3) / 4 * 4
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
At function sctp_addto_chunk(), it do pad before add payload to chunk if
chunk length is not 4-byte alignment. But it do pad with a bad length.
This patch fixed this probleam.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Currently we only assign the sequence number to a packet that
we are about to transmit. This however breaks the Partial
Reliability extensions, because it's possible for us to
never transmit a packet, i.e. it expires before we get to send
it. In such cases, if the message contained multiple SCTP
fragments, and we did manage to send the first part of the
message, the Stream sequence numbers would get into invalid
state and cause receiver to stall.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
When we recieve a FWD-TSN (meaning the peer has abandoned the data),
we need to clean up any partially received messages that may be
hanging out on the re-assembly or re-ordering queues. This is
a MUST requirement that was not properly done before.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com.>
Without this, we get qla2xxx complaining about "ISP System Error".
What's happening here is the firmware is detecting a Xfer-ready from the
storage when in fact the data-direction for a mode-select should be a
write (DATA_OUT).
The following patch fixes the problem (typo). Verified by Brian, as
well.
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Verified-by: Brian De Wolf <bldewolf@csupomona.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC32]: Make flush_tlb_kernel_range() an inline function.
[SERIAL]: Fix 32-bit warnings in sunzilog.c and sunsu.c
[SPARC32]: Kill unused vars and macros from prom/console.c
[SPARC32]: Add __cmpdi2() libcall implementation ala. MIPS.
[VIDEO]: Do not prom_halt() in cg3 and bw2 device probe.
[SUNVDC]: Use slice 0xff on VD_DISK_TYPE_DISK.
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Mark Paul Moore as maintainer of labelled networking.
[VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"
[ISDN]: Get rid of some pointless allocation casts in common and bsd comp.
[NET]: Avoid pointless allocation casts in BSD compression module
[IRDA]: Do not do pointless kmalloc return value cast in KingSun driver
[NET]: Fix crash in dev_mc_sync()/dev_mc_unsync()
[PPPOL2TP]: Fix endianness annotations.
[IOAT]: ioatdma needs to to play nice in a multi-dma-client world
[SLIP]: trivial sparse warning fix
[EQL]: sparse warning fix
[NET]: is_power_of_2 in net/core/neighbour.c
[TCP]: Describe tcp_init_cwnd() thoroughly in a comment.
[NET]: Fix IP_ADD/DROP_MEMBERSHIP to handle only connectionless
[KBUILD]: Sanitize tc_ematch headers.
[IPSEC] AH4: Update IPv4 options handling to conform to RFC 4302.
Fix bogus DEBUG_PREEMPT warning on x86_64, when cpu brought online after
bootup: current_is_keventd is right to note its use of smp_processor_id
is preempt-safe, but should use raw_smp_processor_id to avoid the warning.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sigh. Again an ACPI assault on the Thinkpad's Fn+F4 to suspend to RAM.
The default and text for CONFIG_THINKPAD_ACPI_INPUT_ENABLED were fixed
in -rc3, but now commit 14e04fb34f ("ACPI:
Schedule /proc/acpi/event for removal") introduces the ACPI_PROC_EVENT
config entry, and defaults it to 'n' to disable it again.
Change default to y, and add comment to make it clearer that n is for
future distros.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 61ec7567db ('ACPI: boot correctly
with "nosmp" or "maxcpus=0"') broke 'maxcpus=' handling on x86[-64].
maxcpus=N is now having no effect on x86_64, and freezing bootup on i386
(because of inconsistency with the separate maxcpus parsing down in
arch/i386, I guess). That's because early_param parsing is a little
different from __setup parsing, and needs the "=" omitted: then it seems
to work as the original commit intended (no mention of IO-APIC in
/proc/interrupts when maxcpus=0).
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Len Brown <len.brown@intel.com>
Cc: Andi Kleen <ak@suse.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix SLB initialization at boot time
[POWERPC] Fix undefined reference to device_power_up/resume
[POWERPC] cell: Update cell_defconfig for 2.6.23
[POWERPC] axonram: Do not delete gendisks queue in error path
[POWERPC] axonram: Module modification for latest firmware API changes
[POWERPC] cell: Support pinhole-reset on IBM cell blades
[POWERPC] spu_manage: Use newer physical-id attribute
[POWERPC] pasemi: Another IOMMU bugfix for 64K PAGE_SIZE
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kyle/parisc-2.6:
[PARISC] Add NOTES section
[PARISC] Use compat_sys_getdents
[PARISC] Do not allow STI_CONSOLE to be modular
[PARISC] Clean up sti_flush
[PARISC] Add dummy isa_(bus|virt)_to_(virt|bus) inlines
[PARISC] Add empty <asm-parisc/vga.h>
Bisected bizarre kernel-space nullptr dereference in udev to commit
18991197b4, adding the NOTES section fixes
it.
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
sti_flush is supposed to flush the caches so we can execute the STI rom
we copied to memory. Anything more than flush_icache_range is overkill.
Fixes a missing symbol when built as a module.
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Less painful than fixing up the Kconfig for a pile of drivers to only build
on X86 && ARM && MIPS...
Just make them BUG(), as defining them to be 1:1 with physical memory will
likely HPMC the box anyways.
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
This avoids unused variable warnings in places like mm/vmalloc.c:
mm/vmalloc.c: In function ‘unmap_kernel_range’:
mm/vmalloc.c:75: warning: unused variable ‘start’
caused by it previously being a macro.
Signed-off-by: David S. Miller <davem@davemloft.net>
resource_size_t can be either a u64 or a u32, and we can't
really know for sure, so when printing such a value out
always use long-long printf formatting and cast the argument
to that type.
Signed-off-by: David S. Miller <davem@davemloft.net>
Just give a normal kernel log message of the problem and
return failure.
Based upon a patch from Mark Fortescue.
Signed-off-by: David S. Miller <davem@davemloft.net>
While debugging issues with the VDS server I made the
driver use partition 2 to get at the whole disk since
this is the "whole disk" partition in the Sun disk
label.
We really should use slice 0xff which really means
the whole physical disk in the VIO disk protocol.
Otherwise things won't work well on a disk image
that doesn't have a proper disk label on it.
Signed-off-by: David S. Miller <davem@davemloft.net>
I tried to preserve bridging code as it was before, but logic is quite
strange - I think we should free skb on error, since it is already
unshared and thus will just leak.
Herbert Xu states:
> + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
> + goto out;
If this happens it'll be a double-free on skb since we'll
return NF_DROP which makes the caller free it too.
We could return NF_STOLEN to prevent that but I'm not sure
whether that's correct netfilter semantics. Patrick, could
you please make a call on this?
Patrick McHardy states:
NF_STOLEN should work fine here.
Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
vmalloc() returns a void pointer - no need to cast the return value.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The general kernel memory allocation functions return void pointers
and there is no need to cast their return values.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
kmalloc() returns a void pointer, so there is no need to cast it in
drivers/net/irda/kingsun-sir.c::kingsun_probe().
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes a crash that may occur when the routine dev_mc_sync()
deletes an address from the list it is currently going through. It
saves the pointer to the next element before deleting the current one.
The problem may also exist in dev_mc_unsync().
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
{s,d}_{session,tunnel} in pppol2tp_addr are actually host-endian
everywhere. We might switch them to net-endian, of course, but
that structure is exposed to userland via getname...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Now that the DMA engine has a multi-client interface, fix the ioatdma
driver to play along. At the same time, remove a couple of unnecessary
reads and writes.
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Function declared static in forward declaration, but not in actual code.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
More noodlin on long flights, patch bin. Sparse warning fix for eql.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Replacing n & (n - 1) for power of 2 check by is_power_of_2(n)
Signed-off-by: vignesh babu <vignesh.babu@wipro.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
People often get tripped up by this function and think that
it does not implemented the prescribed algorithms from
RFC2414 and RFC3390, even though it does.
So add a comment to head off such misunderstandings in the
future.
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix IP[V6]_ADD_MEMBERSHIP and IP[V6]_DROP_MEMBERSHIP to
return -EPROTO for connection oriented sockets.
Signed-off-by: Flavio Leitner <fleitner@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The headers in tc_ematch are used by iproute2, so these headers should
be processed.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
In testing our ESP/AH offload hardware, I discovered an issue with how
AH handles mutable fields in IPv4. RFC 4302 (AH) states the following
on the subject:
For IPv4, the entire option is viewed as a unit; so even
though the type and length fields within most options are immutable
in transit, if an option is classified as mutable, the entire option
is zeroed for ICV computation purposes.
The current implementation does not zero the type and length fields,
resulting in authentication failures when communicating with hosts
that do (i.e. FreeBSD).
I have tested record route and timestamp options (ping -R and ping -T)
on a small network involving Windows XP, FreeBSD 6.2, and Linux hosts,
with one router. In the presence of these options, the FreeBSD and
Linux hosts (with the patch or with the hardware) can communicate.
The Windows XP host simply fails to accept these packets with or
without the patch.
I have also been trying to test source routing options (using
traceroute -g), but haven't had much luck getting this option to work
*without* AH, let alone with.
Signed-off-by: Nick Bowler <nbowler@ellipticsemi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
