summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-01-17sk-filter: Add ability to lock a socket filter programVincent Bernat
While a privileged program can open a raw socket, attach some restrictive filter and drop its privileges (or send the socket to an unprivileged program through some Unix socket), the filter can still be removed or modified by the unprivileged program. This commit adds a socket option to lock the filter (SO_LOCK_FILTER) preventing any modification of a socket filter program. This is similar to OpenBSD BIOCLOCK ioctl on bpf sockets, except even root is not allowed change/drop the filter. The state of the lock can be read with getsockopt(). No error is triggered if the state is not changed. -EPERM is returned when a user tries to remove the lock or to change/remove the filter while the lock is active. The check is done directly in sk_attach_filter() and sk_detach_filter() and does not affect only setsockopt() syscall. Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16netpoll: fix a missing dev refcountingCong Wang
__dev_get_by_name() doesn't refcount the network device, so we have to do this by ourselves. Noticed by Eric. Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jiri Pirko <jiri@resnulli.us> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16ipv6: Fix endianess warning in ip6_flow_hdr().YOSHIFUJI Hideaki
Commit 3e4e4c1f ("ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel.) uses ntohl(), which should be htonl(). Found by Fengguang Wu <fengguang.wu@intel.com>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16r8169: remove unneeded dirty_rx indexTimo Teräs
After commit 6f0333b ("r8169: use 50% less ram for RX ring") the rx ring buffers are always copied making dirty_rx useless. Signed-off-by: Timo Teräs <timo.teras@iki.fi> Acked-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16netpoll: fix a rtnl lock assertion failureCong Wang
v4: hold rtnl lock for the whole netpoll_setup() v3: remove the comment v2: use RCU read lock This patch fixes the following warning: [ 72.013864] RTNL: assertion failed at net/core/dev.c (4955) [ 72.017758] Pid: 668, comm: netpoll-prep-v6 Not tainted 3.8.0-rc1+ #474 [ 72.019582] Call Trace: [ 72.020295] [<ffffffff8176653d>] netdev_master_upper_dev_get+0x35/0x58 [ 72.022545] [<ffffffff81784edd>] netpoll_setup+0x61/0x340 [ 72.024846] [<ffffffff815d837e>] store_enabled+0x82/0xc3 [ 72.027466] [<ffffffff815d7e51>] netconsole_target_attr_store+0x35/0x37 [ 72.029348] [<ffffffff811c3479>] configfs_write_file+0xe2/0x10c [ 72.030959] [<ffffffff8115d239>] vfs_write+0xaf/0xf6 [ 72.032359] [<ffffffff81978a05>] ? sysret_check+0x22/0x5d [ 72.033824] [<ffffffff8115d453>] sys_write+0x5c/0x84 [ 72.035328] [<ffffffff819789d9>] system_call_fastpath+0x16/0x1b In case of other races, hold rtnl lock for the entire netpoll_setup() function. Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Jiri Pirko <jiri@resnulli.us> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: better RSS supportStephen Hemminger
The VMXNET3 device provides RSS hash value for received packets, but it is not being used. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: use static RSS keyStephen Hemminger
Rather than generating a different RSS key on each boot, just use a predetermined value that will map same flow to same value on every device for more predictable testing. This is already done on most hardware drivers. Initial key value just some arbitrary bits extracted once from /dev/random. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: remove unused irq_share_modeStephen Hemminger
This static variable is never set, it initializes to 0 which is VMXNET3_INTR_BUDDYSHARE, and never changes. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: remove device counterStephen Hemminger
An atomic counter of devices present is maintained but never used. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: remove VMXNET3_MAX_DEVICESStephen Hemminger
Defined but never used. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: use netdev_ printk wrappersStephen Hemminger
Use the standard netdev_xxx() and dev_xxx() wrappers to format log messages. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: use netdev_dbgStephen Hemminger
Use netdev_dbg() rather than dev_dbg() because the former prints the device name which is more useful than the pci name. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: fix messages printed before registrationStephen Hemminger
This messages that occur during boot time from this device when netdev_err is called before calling register_netdevice(). Switch to using dev_XXX macros which correlate message with PCI info which is available. Rather than fixing the features message, just remove it since the information is redundant and available through ethtool. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: remove unnecessary bookkeepingStephen Hemminger
The uncommitted[] array was set but never used except in a debug message. Remove it. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16vmxnet3: use netdev_alloc_skb_ip_alignStephen Hemminger
Use netdev_alloc_skb_align, rather than open code using dev_alloc_skb. Change allocation at startup to use GFP_KERNEL. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-next Jeff Kirsher says: ==================== This series contains updates to e1000e only. v2- updates patch 09/15 "e1000e: resolve checkpatch PREFER_PR_LEVEL warning" based on feedback from Joe Perches. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-16e1000e: merge multiple conditional statements into oneBruce Allan
Cleanup a set of conditional tests. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: cleanup code duplicationBruce Allan
The removed code block is duplicated in e1000e_write_itr() so use that instead. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: cleanup magic numberBruce Allan
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: cleanup unnecessary line wrapBruce Allan
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: cleanup unusual comment placementBruce Allan
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: cleanup redundant statistics counterBruce Allan
rx_long_byte_count can be removed since it is duplicated in rx_bytes Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16e1000e: resolve checkpatch PREFER_PR_LEVEL warningBruce Allan
WARNING: Prefer netdev_info(netdev, ... then dev_info(dev, ... then pr_info(... to printk(KERN_INFO ... v2 - remove unnecessary "e1000e:" prefix as pointed out by Joe Perches since that produces a redundant "e1000e:" in the log message Cc: Joe Perches <joe@perches.com> Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: add missing bailout on errorBruce Allan
...discovered during code inspection. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: unexpected "Reset adapter" message when cable pulledBruce Allan
When there is heavy traffic and the cable is pulled, the driver must reset the adapter to flush the Tx queue in hardware. This causes the reset path to be scheduled and logs the message "Reset adapter" which could be mis- interpreted as an error by the user. Change how the reset path is invoked for this scenario by using the same method done in an existing work-around for 80003es2lan (i.e. set a flag and if the flag is set in the reset code do not log the "Reset adapter" message since the reset is expected). Re-name the FLAG_RX_RESTART_NOW to FLAG_RESTART_NOW since it is used for resets in both the Rx and Tx specific code. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: fix enabling of EEE on 82579 and I217Bruce Allan
Energy Efficient Ethernet on 82579 and I217 should only be enabled if not disabled by the user, if the link is full duplex and the link partner has similar EEE capabilities (stored in different EMI registers on the two different parts). After enabling EEE, read the IEEE MMD register 3.1 (which is also stored in different EMI registers on the two different parts) to clear the count of received Tx/Rx LPI indications. Also, rename I217_EEE_100_SUPPORTED to I82579_EEE_100_SUPPORTED to indicate the bit is valid starting with I82579 (released before I217). Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: 82577: workaround for link drop issueBruce Allan
When connected to certain switches, the 82577 PHY might drop link unexpectedly. Work around the issue by setting the Mean Square Error higher than the hardware default. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: helper functions for accessing EMI registersBruce Allan
The Extended Management Interface (EMI) registers are accessed by first writing the EMI register offset to the EMI_ADDR regiter and then either reading or writing the data to/from the EMI_DATA register. Add helper functions for performing these steps and convert existing EMI register accesses accordingly. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-16net_sched: fix qdisc_pkt_len_init()Eric Dumazet
commit 1def9238d4aa2 (net_sched: more precise pkt_len computation) does a wrong computation of mac + network headers length, as it includes the padding before the frame. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15e1000e: Invalid Image CSUM bit changed for I217Bruce Allan
On I217, the bit that indicates an invalid EEPROM (NVM) image checksum has changed from previous ICH/PCH LOMs. When validating the EEPROM checksum, check the appropriate bit on different devices. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: Acquire/release semaphore when writing each EEPROM pageBruce Allan
When data blocks are written to the EEPROM, the HW/SW/FW semaphore must be held for the duration. With large data blocks on 80003es2lan, 82571 and 82572, this can take too long and cause the firmware to take ownership of the semaphore and consequently ownership of writes to the EEPROM. Instead, acquire and release the semaphore for each page of the block written. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15e1000e: SerDes autoneg flow controlBruce Allan
Enables flow control to be set in SerDes autoneg mode. This is what is done for copper, but relies on a different set of register/bit checks since this is all done within the Mac registers. Remove inapplicable comment in defines.h Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2013-01-15bnx2x: Introduce 2013 and advance version to 1.78.02Yuval Mintz
Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Added FW GRO bridging supportYuval Mintz
Since submit 621b4d6 the bnx2x driver support FW GRO. However, when using the device with GRO enabled in bridging scenarios throughput is very low, as the bridge expects all incoming packets to be passed with CHECKSUM_PARTIAL - a demand which is satisfied by the SW GRO implementation, but was missed in the bnx2x driver implementation (which returned CHECKSUM_UNNECESSARY). Now, given that the traffic is supported by FW GRO (TCP/IP), the bnx2x driver calculates the pseudo checksum by itself, passing skbs with CHECKSUM_PARTIAL and giving a much better throughput when receiving GRO traffic. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Clean previous IGU status before ackYuval Mintz
When enabling interrupts, acknowledge the interrupt only after configuring the IGU to the correct interrupt mode (otherwise it would dirty selftests) Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: improve stop-on-errorYuval Mintz
Get better control over interrupts during panic, and allow FW to test outgoing Tx packets when stop-on-error is allowed. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: add `ethtool -w' support.Miriam Shitrit
This revises and enhances the bnx2x register dump facilities, adding support for `ethtool -w' on top of `ethtool -d'. Signed-off-by: Miriam Shitrit <miris@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Added nvram personalities supportYuval Mintz
When a device is configured to act as either iscsi or fcoe device in its nvram, prevent the other from being misused by preventing its activation in the driver. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Fix rare self-test failuresYaniv Rosner
On rare occasions, self test link may fail since the link is being sampled while it's still being stabilized. To correct this behaviour, try to sample the link for 2 seconds prior to declaring a failure. Signed-off-by: Yaniv Rosner <yanivr@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: use SAN Mac for FCoE.Dmitry Kravkov
Current logic causes chips running in switch dependent multi-function FCoE mode not to configure their MAC, leading to an all 0s MAC. This patch configures the interface with the SAN Mac instead. Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Add an additional fatal hw assertion - BRB_HW_INTERRUPTDmitry Kravkov
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15bnx2x: Clear dirty status when booting after UNDIYuval Mintz
Self-tests following boot from SAN have failed as the UNDI driver might leave some NIG interrupt indications. This patch does the clean-up, clearing those indications and allowing the test to pass. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-15Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller
Conflicts: Documentation/networking/ip-sysctl.txt drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c Both conflicts were simply overlapping context. A build fix for qlcnic is in here too, simply removing the added devinit annotations which no longer exist. Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14tg3: Fix crc errors on jumbo frame receiveNithin Nayak Sujir
TG3_PHY_AUXCTL_SMDSP_ENABLE/DISABLE macros do a blind write to the phy auxiliary control register and overwrite the EXT_PKT_LEN (bit 14) resulting in intermittent crc errors on jumbo frames with some link partners. Change the code to do a read/modify/write. Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14tg3: Avoid null pointer dereference in tg3_interrupt in netconsole modeNithin Nayak Sujir
When netconsole is enabled, logging messages generated during tg3_open can result in a null pointer dereference for the uninitialized tg3 status block. Use the irq_sync flag to disable polling in the early stages. irq_sync is cleared when the driver is enabling interrupts after all initialization is completed. Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14drivers/net: delete orphaned MCA ibmlana driver contentPaul Gortmaker
In commit a5e371f61ad33c07b28e7c9b60c78d71fdd34e2a ("drivers/net: delete all code/drivers depending on CONFIG_MCA") most of the MCA drivers went, including the Kconfig/Makefile hooks for ibmlana, but it seems that I missed the "git rm" on these actual driver files, and with the namespace overlap with machine check architecture, it got missed by various git grep type checking done at that time. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14Merge branch 'master' of git://1984.lsi.us.es/nfDavid S. Miller
Pablo Neira Ayuso says: ==================== The following patchset contains netfilter fixes for 3.8-rc3, they are: * fix possible BUG_ON if several netns are in use and the nf_conntrack module is removed, initial patch from Gao feng, final patch from myself. * fix unset return value if conntrack zone are disabled at compile-time, reported by Borislav Petkov, fix from myself. * fix display error message via dmesg for arp_tables, from Jan Engelhardt. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14tun: fix LSM/SELinux labeling of tun/tap devicesPaul Moore
This patch corrects some problems with LSM/SELinux that were introduced with the multiqueue patchset. The problem stems from the fact that the multiqueue work changed the relationship between the tun device and its associated socket; before the socket persisted for the life of the device, however after the multiqueue changes the socket only persisted for the life of the userspace connection (fd open). For non-persistent devices this is not an issue, but for persistent devices this can cause the tun device to lose its SELinux label. We correct this problem by adding an opaque LSM security blob to the tun device struct which allows us to have the LSM security state, e.g. SELinux labeling information, persist for the lifetime of the tun device. In the process we tweak the LSM hooks to work with this new approach to TUN device/socket labeling and introduce a new LSM hook, security_tun_dev_attach_queue(), to approve requests to attach to a TUN queue via TUNSETQUEUE. The SELinux code has been adjusted to match the new LSM hooks, the other LSMs do not make use of the LSM TUN controls. This patch makes use of the recently added "tun_socket:attach_queue" permission to restrict access to the TUNSETQUEUE operation. On older SELinux policies which do not define the "tun_socket:attach_queue" permission the access control decision for TUNSETQUEUE will be handled according to the SELinux policy's unknown permission setting. Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14selinux: add the "attach_queue" permission to the "tun_socket" classPaul Moore
Add a new permission to align with the new TUN multiqueue support, "tun_socket:attach_queue". The corresponding SELinux reference policy patch is show below: diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 28802c5..a0664a1 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -827,6 +827,9 @@ class kernel_service class tun_socket inherits socket +{ + attach_queue +} class x_pointer inherits x_device Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-14tcp: fix a panic on UP machines in reqsk_fastopen_removeEric Dumazet
spin_is_locked() on a non !SMP build is kind of useless. BUG_ON(!spin_is_locked(xx)) is guaranteed to crash. Just remove this check in reqsk_fastopen_remove() as the callers do hold the socket lock. Reported-by: Ketan Kulkarni <ketkulka@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Jerry Chu <hkchu@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Dave Taht <dave.taht@gmail.com> Acked-by: H.K. Jerry Chu <hkchu@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>