diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-12 17:04:33 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-12 17:04:33 -0400 |
| commit | 174808af90a06ee59ffedd60c00c252f1f887f25 (patch) | |
| tree | 5e026fdc0d2b4d66c0a79267e5755e10d6d04bd8 /net/ipv4 | |
| parent | 778c2dee6f134bf0472ed45eedaee53b4f336afb (diff) | |
| parent | 5d949944229b0a08e218723be231731cd86b94f3 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix bluetooth userland regression reported by Keith Packard, from
Gustavo Padovan.
2) Revert ath9k PS idle change, from Sujith Manoharan.
3) Correct default TCP memory limits (again), from Eric Dumazet.
4) Fix tcp_rcv_rtt_update() accidental use of unscaled RTT, from Neal
Cardwell.
5) We made a facility for layers like wireless to say how much tailroom
they need in the SKB for link layer stuff such as wireless
encryption etc., but TCP works hard to fill every SKB out to the end
defeating this specification.
This leads to every TCP packet getting reallocated by the wireless
code in order to have the right amount of tailroom available.
Fix TCP to only fill SKBs out to the real amount of data area it
asked for during the allocation, this way it won't eat into the
slack added for the device's tailroom needs.
Reported by Marc Merlin and fixed by Eric Dumazet.
6) Leaks, endian bugs, and new device IDs in bluetooth from Santosh
Nayak, João Paulo Rechi Vita, Cho, Yu-Chen, Andrei Emeltchenko,
AceLan Kao, and Andrei Emeltchenko.
7) OOPS on tty_close fix in bluetooth's hci_ldisc from Johan Hovold.
8) netfilter erroneously scales TCP window twice, fix from Changli Gao.
9) Memleak fix in wext-core from Julia Lawall.
10) Consistently handle invalid TCP packets in ipv4 vs. ipv6 conntrack,
from Jozsef Kadlecsik.
11) Validate IP header length properly in netfilter conntrack's
ipv4_get_l4proto().
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (39 commits)
NFC: Fix the LLCP Tx fragmentation loop
rtlwifi: Add missing DMA buffer unmapping for PCI drivers
rtlwifi: Preallocate USB read buffers and eliminate kalloc in read routine
tcp: avoid order-1 allocations on wifi and tx path
net: allow pskb_expand_head() to get maximum tailroom
bridge: Do not send queries on multicast group leaves
MAINTAINERS: Mark NATSEMI driver as orphan'd.
tcp: fix tcp_rcv_rtt_update() use of an unscaled RTT sample
tcp: restore correct limit
Revert "ath9k: fix going to full-sleep on PS idle"
rt2x00: Fix rfkill_polling register function.
bcma: fix build error on MIPS; implicit pcibios_enable_device
netfilter: nf_conntrack: fix incorrect logic in nf_conntrack_init_net
netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently
net/wireless/wext-core.c: add missing kfree
rtlwifi: Fix oops on rate-control failure
mac80211: Convert WARN_ON to WARN_ON_ONCE
rtlwifi: rtl8192de: Fix firmware initialization
nl80211: ensure interface is up in various APIs
...
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 12 | ||||
| -rw-r--r-- | net/ipv4/tcp.c | 11 | ||||
| -rw-r--r-- | net/ipv4/tcp_input.c | 7 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 2 |
4 files changed, 21 insertions, 11 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index de9da21113a1..cf73cc70ed2d 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
| 74 | 74 | ||
| 75 | iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); | 75 | iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); |
| 76 | if (iph == NULL) | 76 | if (iph == NULL) |
| 77 | return -NF_DROP; | 77 | return -NF_ACCEPT; |
| 78 | 78 | ||
| 79 | /* Conntrack defragments packets, we might still see fragments | 79 | /* Conntrack defragments packets, we might still see fragments |
| 80 | * inside ICMP packets though. */ | 80 | * inside ICMP packets though. */ |
| 81 | if (iph->frag_off & htons(IP_OFFSET)) | 81 | if (iph->frag_off & htons(IP_OFFSET)) |
| 82 | return -NF_DROP; | 82 | return -NF_ACCEPT; |
| 83 | 83 | ||
| 84 | *dataoff = nhoff + (iph->ihl << 2); | 84 | *dataoff = nhoff + (iph->ihl << 2); |
| 85 | *protonum = iph->protocol; | 85 | *protonum = iph->protocol; |
| 86 | 86 | ||
| 87 | /* Check bogus IP headers */ | ||
| 88 | if (*dataoff > skb->len) { | ||
| 89 | pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: " | ||
| 90 | "nhoff %u, ihl %u, skblen %u\n", | ||
| 91 | nhoff, iph->ihl << 2, skb->len); | ||
| 92 | return -NF_ACCEPT; | ||
| 93 | } | ||
| 94 | |||
| 87 | return NF_ACCEPT; | 95 | return NF_ACCEPT; |
| 88 | } | 96 | } |
| 89 | 97 | ||
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 0cd36e33273b..8bb6adeb62c0 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c | |||
| @@ -701,11 +701,12 @@ struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp) | |||
| 701 | skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp); | 701 | skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp); |
| 702 | if (skb) { | 702 | if (skb) { |
| 703 | if (sk_wmem_schedule(sk, skb->truesize)) { | 703 | if (sk_wmem_schedule(sk, skb->truesize)) { |
| 704 | skb_reserve(skb, sk->sk_prot->max_header); | ||
| 704 | /* | 705 | /* |
| 705 | * Make sure that we have exactly size bytes | 706 | * Make sure that we have exactly size bytes |
| 706 | * available to the caller, no more, no less. | 707 | * available to the caller, no more, no less. |
| 707 | */ | 708 | */ |
| 708 | skb_reserve(skb, skb_tailroom(skb) - size); | 709 | skb->avail_size = size; |
| 709 | return skb; | 710 | return skb; |
| 710 | } | 711 | } |
| 711 | __kfree_skb(skb); | 712 | __kfree_skb(skb); |
| @@ -995,10 +996,9 @@ new_segment: | |||
| 995 | copy = seglen; | 996 | copy = seglen; |
| 996 | 997 | ||
| 997 | /* Where to copy to? */ | 998 | /* Where to copy to? */ |
| 998 | if (skb_tailroom(skb) > 0) { | 999 | if (skb_availroom(skb) > 0) { |
| 999 | /* We have some space in skb head. Superb! */ | 1000 | /* We have some space in skb head. Superb! */ |
| 1000 | if (copy > skb_tailroom(skb)) | 1001 | copy = min_t(int, copy, skb_availroom(skb)); |
| 1001 | copy = skb_tailroom(skb); | ||
| 1002 | err = skb_add_data_nocache(sk, skb, from, copy); | 1002 | err = skb_add_data_nocache(sk, skb, from, copy); |
| 1003 | if (err) | 1003 | if (err) |
| 1004 | goto do_fault; | 1004 | goto do_fault; |
| @@ -3302,8 +3302,7 @@ void __init tcp_init(void) | |||
| 3302 | 3302 | ||
| 3303 | tcp_init_mem(&init_net); | 3303 | tcp_init_mem(&init_net); |
| 3304 | /* Set per-socket limits to no more than 1/128 the pressure threshold */ | 3304 | /* Set per-socket limits to no more than 1/128 the pressure threshold */ |
| 3305 | limit = nr_free_buffer_pages() << (PAGE_SHIFT - 10); | 3305 | limit = nr_free_buffer_pages() << (PAGE_SHIFT - 7); |
| 3306 | limit = max(limit, 128UL); | ||
| 3307 | max_share = min(4UL*1024*1024, limit); | 3306 | max_share = min(4UL*1024*1024, limit); |
| 3308 | 3307 | ||
| 3309 | sysctl_tcp_wmem[0] = SK_MEM_QUANTUM; | 3308 | sysctl_tcp_wmem[0] = SK_MEM_QUANTUM; |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 05b2dd569691..9944c1d9a218 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -474,8 +474,11 @@ static void tcp_rcv_rtt_update(struct tcp_sock *tp, u32 sample, int win_dep) | |||
| 474 | if (!win_dep) { | 474 | if (!win_dep) { |
| 475 | m -= (new_sample >> 3); | 475 | m -= (new_sample >> 3); |
| 476 | new_sample += m; | 476 | new_sample += m; |
| 477 | } else if (m < new_sample) | 477 | } else { |
| 478 | new_sample = m << 3; | 478 | m <<= 3; |
| 479 | if (m < new_sample) | ||
| 480 | new_sample = m; | ||
| 481 | } | ||
| 479 | } else { | 482 | } else { |
| 480 | /* No previous measure. */ | 483 | /* No previous measure. */ |
| 481 | new_sample = m << 3; | 484 | new_sample = m << 3; |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 364784a91939..376b2cfbb685 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -2060,7 +2060,7 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to, | |||
| 2060 | /* Punt if not enough space exists in the first SKB for | 2060 | /* Punt if not enough space exists in the first SKB for |
| 2061 | * the data in the second | 2061 | * the data in the second |
| 2062 | */ | 2062 | */ |
| 2063 | if (skb->len > skb_tailroom(to)) | 2063 | if (skb->len > skb_availroom(to)) |
| 2064 | break; | 2064 | break; |
| 2065 | 2065 | ||
| 2066 | if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp))) | 2066 | if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp))) |