Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
isdn: mISDN: socket: fix information leak to userland
netdev: can: Change mail address of Hans J. Koch
pcnet_cs: add new_id
net: Truncate recvfrom and sendto length to INT_MAX.
RDS: Let rds_message_alloc_sgs() return NULL
RDS: Copy rds_iovecs into kernel memory instead of rereading from userspace
RDS: Clean up error handling in rds_cmsg_rdma_args
RDS: Return -EINVAL if rds_rdma_pages returns an error
net: fix rds_iovec page count overflow
can: pch_can: fix section mismatch warning by using a whitelisted name
can: pch_can: fix sparse warning
netxen_nic: Fix the tx queue manipulation bug in netxen_nic_probe
ip_gre: fix fallback tunnel setup
vmxnet: trivial annotation of protocol constant
vmxnet3: remove unnecessary byteswapping in BAR writing macros
ipv6/udp: report SndbufErrors and RcvbufErrors
phy/marvell: rename 88ec048 to 88e1318s and fix mscr1 addr
+2
drivers/isdn/mISDN/socket.c
+2
drivers/isdn/mISDN/socket.c
···
392
if (dev) {
393
struct mISDN_devinfo di;
394
395
di.id = dev->id;
396
di.Dprotocols = dev->Dprotocols;
397
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
···
673
if (dev) {
674
struct mISDN_devinfo di;
675
676
di.id = dev->id;
677
di.Dprotocols = dev->Dprotocols;
678
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
···
392
if (dev) {
393
struct mISDN_devinfo di;
394
395
+
memset(&di, 0, sizeof(di));
396
di.id = dev->id;
397
di.Dprotocols = dev->Dprotocols;
398
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
···
672
if (dev) {
673
struct mISDN_devinfo di;
674
675
+
memset(&di, 0, sizeof(di));
676
di.id = dev->id;
677
di.Dprotocols = dev->Dprotocols;
678
di.Bprotocols = dev->Bprotocols | get_all_Bprotocols();
+1
-1
drivers/net/can/at91_can.c
+1
-1
drivers/net/can/at91_can.c
+5
-5
drivers/net/can/pch_can.c
+5
-5
drivers/net/can/pch_can.c
···
213
};
214
MODULE_DEVICE_TABLE(pci, pch_pci_tbl);
215
216
-
static inline void pch_can_bit_set(u32 *addr, u32 mask)
217
{
218
iowrite32(ioread32(addr) | mask, addr);
219
}
220
221
-
static inline void pch_can_bit_clear(u32 *addr, u32 mask)
222
{
223
iowrite32(ioread32(addr) & ~mask, addr);
224
}
···
1437
return rc;
1438
}
1439
1440
-
static struct pci_driver pch_can_pcidev = {
1441
.name = "pch_can",
1442
.id_table = pch_pci_tbl,
1443
.probe = pch_can_probe,
···
1448
1449
static int __init pch_can_pci_init(void)
1450
{
1451
-
return pci_register_driver(&pch_can_pcidev);
1452
}
1453
module_init(pch_can_pci_init);
1454
1455
static void __exit pch_can_pci_exit(void)
1456
{
1457
-
pci_unregister_driver(&pch_can_pcidev);
1458
}
1459
module_exit(pch_can_pci_exit);
1460
···
213
};
214
MODULE_DEVICE_TABLE(pci, pch_pci_tbl);
215
216
+
static inline void pch_can_bit_set(void __iomem *addr, u32 mask)
217
{
218
iowrite32(ioread32(addr) | mask, addr);
219
}
220
221
+
static inline void pch_can_bit_clear(void __iomem *addr, u32 mask)
222
{
223
iowrite32(ioread32(addr) & ~mask, addr);
224
}
···
1437
return rc;
1438
}
1439
1440
+
static struct pci_driver pch_can_pci_driver = {
1441
.name = "pch_can",
1442
.id_table = pch_pci_tbl,
1443
.probe = pch_can_probe,
···
1448
1449
static int __init pch_can_pci_init(void)
1450
{
1451
+
return pci_register_driver(&pch_can_pci_driver);
1452
}
1453
module_init(pch_can_pci_init);
1454
1455
static void __exit pch_can_pci_exit(void)
1456
{
1457
+
pci_unregister_driver(&pch_can_pci_driver);
1458
}
1459
module_exit(pch_can_pci_exit);
1460
-1
drivers/net/netxen/netxen_nic_main.c
-1
drivers/net/netxen/netxen_nic_main.c
+1
drivers/net/pcmcia/pcnet_cs.c
+1
drivers/net/pcmcia/pcnet_cs.c
···
1536
PCMCIA_DEVICE_PROD_ID12("COMPU-SHACK", "FASTline PCMCIA 10/100 Fast-Ethernet", 0xfa2e424d, 0x3953d9b9),
1537
PCMCIA_DEVICE_PROD_ID12("CONTEC", "C-NET(PC)C-10L", 0x21cab552, 0xf6f90722),
1538
PCMCIA_DEVICE_PROD_ID12("corega", "FEther PCC-TXF", 0x0a21501a, 0xa51564a2),
1539
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-T", 0x5261440f, 0xfa9d85bd),
1540
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-TD", 0x5261440f, 0xc49bd73d),
1541
PCMCIA_DEVICE_PROD_ID12("Corega K.K.", "corega EtherII PCC-TD", 0xd4fdcbd8, 0xc49bd73d),
···
1536
PCMCIA_DEVICE_PROD_ID12("COMPU-SHACK", "FASTline PCMCIA 10/100 Fast-Ethernet", 0xfa2e424d, 0x3953d9b9),
1537
PCMCIA_DEVICE_PROD_ID12("CONTEC", "C-NET(PC)C-10L", 0x21cab552, 0xf6f90722),
1538
PCMCIA_DEVICE_PROD_ID12("corega", "FEther PCC-TXF", 0x0a21501a, 0xa51564a2),
1539
+
PCMCIA_DEVICE_PROD_ID12("corega", "Ether CF-TD", 0x0a21501a, 0x6589340a),
1540
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-T", 0x5261440f, 0xfa9d85bd),
1541
PCMCIA_DEVICE_PROD_ID12("corega K.K.", "corega EtherII PCC-TD", 0x5261440f, 0xc49bd73d),
1542
PCMCIA_DEVICE_PROD_ID12("Corega K.K.", "corega EtherII PCC-TD", 0xd4fdcbd8, 0xc49bd73d),
+9
-9
drivers/net/phy/marvell.c
+9
-9
drivers/net/phy/marvell.c
···
74
#define MII_88E1121_PHY_MSCR_TX_DELAY BIT(4)
75
#define MII_88E1121_PHY_MSCR_DELAY_MASK (~(0x3 << 4))
76
77
-
#define MII_88EC048_PHY_MSCR1_REG 16
78
-
#define MII_88EC048_PHY_MSCR1_PAD_ODD BIT(6)
79
80
#define MII_88E1121_PHY_LED_CTRL 16
81
#define MII_88E1121_PHY_LED_PAGE 3
···
240
return err;
241
}
242
243
-
static int m88ec048_config_aneg(struct phy_device *phydev)
244
{
245
int err, oldpage, mscr;
246
···
251
if (err < 0)
252
return err;
253
254
-
mscr = phy_read(phydev, MII_88EC048_PHY_MSCR1_REG);
255
-
mscr |= MII_88EC048_PHY_MSCR1_PAD_ODD;
256
257
-
err = phy_write(phydev, MII_88E1121_PHY_MSCR_REG, mscr);
258
if (err < 0)
259
return err;
260
···
659
.driver = { .owner = THIS_MODULE },
660
},
661
{
662
-
.phy_id = MARVELL_PHY_ID_88EC048,
663
.phy_id_mask = MARVELL_PHY_ID_MASK,
664
-
.name = "Marvell 88EC048",
665
.features = PHY_GBIT_FEATURES,
666
.flags = PHY_HAS_INTERRUPT,
667
-
.config_aneg = &m88ec048_config_aneg,
668
.read_status = &marvell_read_status,
669
.ack_interrupt = &marvell_ack_interrupt,
670
.config_intr = &marvell_config_intr,
···
74
#define MII_88E1121_PHY_MSCR_TX_DELAY BIT(4)
75
#define MII_88E1121_PHY_MSCR_DELAY_MASK (~(0x3 << 4))
76
77
+
#define MII_88E1318S_PHY_MSCR1_REG 16
78
+
#define MII_88E1318S_PHY_MSCR1_PAD_ODD BIT(6)
79
80
#define MII_88E1121_PHY_LED_CTRL 16
81
#define MII_88E1121_PHY_LED_PAGE 3
···
240
return err;
241
}
242
243
+
static int m88e1318_config_aneg(struct phy_device *phydev)
244
{
245
int err, oldpage, mscr;
246
···
251
if (err < 0)
252
return err;
253
254
+
mscr = phy_read(phydev, MII_88E1318S_PHY_MSCR1_REG);
255
+
mscr |= MII_88E1318S_PHY_MSCR1_PAD_ODD;
256
257
+
err = phy_write(phydev, MII_88E1318S_PHY_MSCR1_REG, mscr);
258
if (err < 0)
259
return err;
260
···
659
.driver = { .owner = THIS_MODULE },
660
},
661
{
662
+
.phy_id = MARVELL_PHY_ID_88E1318S,
663
.phy_id_mask = MARVELL_PHY_ID_MASK,
664
+
.name = "Marvell 88E1318S",
665
.features = PHY_GBIT_FEATURES,
666
.flags = PHY_HAS_INTERRUPT,
667
+
.config_aneg = &m88e1318_config_aneg,
668
.read_status = &marvell_read_status,
669
.ack_interrupt = &marvell_ack_interrupt,
670
.config_intr = &marvell_config_intr,
+1
-1
drivers/net/vmxnet3/vmxnet3_drv.c
+1
-1
drivers/net/vmxnet3/vmxnet3_drv.c
+4
-4
drivers/net/vmxnet3/vmxnet3_int.h
+4
-4
drivers/net/vmxnet3/vmxnet3_int.h
···
330
};
331
332
#define VMXNET3_WRITE_BAR0_REG(adapter, reg, val) \
333
-
writel(cpu_to_le32(val), (adapter)->hw_addr0 + (reg))
334
#define VMXNET3_READ_BAR0_REG(adapter, reg) \
335
-
le32_to_cpu(readl((adapter)->hw_addr0 + (reg)))
336
337
#define VMXNET3_WRITE_BAR1_REG(adapter, reg, val) \
338
-
writel(cpu_to_le32(val), (adapter)->hw_addr1 + (reg))
339
#define VMXNET3_READ_BAR1_REG(adapter, reg) \
340
-
le32_to_cpu(readl((adapter)->hw_addr1 + (reg)))
341
342
#define VMXNET3_WAKE_QUEUE_THRESHOLD(tq) (5)
343
#define VMXNET3_RX_ALLOC_THRESHOLD(rq, ring_idx, adapter) \
···
330
};
331
332
#define VMXNET3_WRITE_BAR0_REG(adapter, reg, val) \
333
+
writel((val), (adapter)->hw_addr0 + (reg))
334
#define VMXNET3_READ_BAR0_REG(adapter, reg) \
335
+
readl((adapter)->hw_addr0 + (reg))
336
337
#define VMXNET3_WRITE_BAR1_REG(adapter, reg, val) \
338
+
writel((val), (adapter)->hw_addr1 + (reg))
339
#define VMXNET3_READ_BAR1_REG(adapter, reg) \
340
+
readl((adapter)->hw_addr1 + (reg))
341
342
#define VMXNET3_WAKE_QUEUE_THRESHOLD(tq) (5)
343
#define VMXNET3_RX_ALLOC_THRESHOLD(rq, ring_idx, adapter) \
+1
-1
include/linux/marvell_phy.h
+1
-1
include/linux/marvell_phy.h
+3
-3
net/ipv4/ip_gre.c
+3
-3
net/ipv4/ip_gre.c
···
1325
{
1326
struct ip_tunnel *tunnel = netdev_priv(dev);
1327
struct iphdr *iph = &tunnel->parms.iph;
1328
-
struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id);
1329
1330
tunnel->dev = dev;
1331
strcpy(tunnel->parms.name, dev->name);
···
1335
tunnel->hlen = sizeof(struct iphdr) + 4;
1336
1337
dev_hold(dev);
1338
-
rcu_assign_pointer(ign->tunnels_wc[0], tunnel);
1339
}
1340
1341
···
1381
if ((err = register_netdev(ign->fb_tunnel_dev)))
1382
goto err_reg_dev;
1383
1384
return 0;
1385
1386
err_reg_dev:
1387
-
free_netdev(ign->fb_tunnel_dev);
1388
err_alloc_dev:
1389
return err;
1390
}
···
1325
{
1326
struct ip_tunnel *tunnel = netdev_priv(dev);
1327
struct iphdr *iph = &tunnel->parms.iph;
1328
1329
tunnel->dev = dev;
1330
strcpy(tunnel->parms.name, dev->name);
···
1336
tunnel->hlen = sizeof(struct iphdr) + 4;
1337
1338
dev_hold(dev);
1339
}
1340
1341
···
1383
if ((err = register_netdev(ign->fb_tunnel_dev)))
1384
goto err_reg_dev;
1385
1386
+
rcu_assign_pointer(ign->tunnels_wc[0],
1387
+
netdev_priv(ign->fb_tunnel_dev));
1388
return 0;
1389
1390
err_reg_dev:
1391
+
ipgre_dev_free(ign->fb_tunnel_dev);
1392
err_alloc_dev:
1393
return err;
1394
}
+4
net/ipv6/proc.c
+4
net/ipv6/proc.c
···
126
SNMP_MIB_ITEM("Udp6NoPorts", UDP_MIB_NOPORTS),
127
SNMP_MIB_ITEM("Udp6InErrors", UDP_MIB_INERRORS),
128
SNMP_MIB_ITEM("Udp6OutDatagrams", UDP_MIB_OUTDATAGRAMS),
129
SNMP_MIB_SENTINEL
130
};
131
···
136
SNMP_MIB_ITEM("UdpLite6NoPorts", UDP_MIB_NOPORTS),
137
SNMP_MIB_ITEM("UdpLite6InErrors", UDP_MIB_INERRORS),
138
SNMP_MIB_ITEM("UdpLite6OutDatagrams", UDP_MIB_OUTDATAGRAMS),
139
SNMP_MIB_SENTINEL
140
};
141
···
126
SNMP_MIB_ITEM("Udp6NoPorts", UDP_MIB_NOPORTS),
127
SNMP_MIB_ITEM("Udp6InErrors", UDP_MIB_INERRORS),
128
SNMP_MIB_ITEM("Udp6OutDatagrams", UDP_MIB_OUTDATAGRAMS),
129
+
SNMP_MIB_ITEM("Udp6RcvbufErrors", UDP_MIB_RCVBUFERRORS),
130
+
SNMP_MIB_ITEM("Udp6SndbufErrors", UDP_MIB_SNDBUFERRORS),
131
SNMP_MIB_SENTINEL
132
};
133
···
134
SNMP_MIB_ITEM("UdpLite6NoPorts", UDP_MIB_NOPORTS),
135
SNMP_MIB_ITEM("UdpLite6InErrors", UDP_MIB_INERRORS),
136
SNMP_MIB_ITEM("UdpLite6OutDatagrams", UDP_MIB_OUTDATAGRAMS),
137
+
SNMP_MIB_ITEM("UdpLite6RcvbufErrors", UDP_MIB_RCVBUFERRORS),
138
+
SNMP_MIB_ITEM("UdpLite6SndbufErrors", UDP_MIB_SNDBUFERRORS),
139
SNMP_MIB_SENTINEL
140
};
141
+5
net/rds/message.c
+5
net/rds/message.c
···
224
WARN_ON(rm->m_used_sgs + nents > rm->m_total_sgs);
225
WARN_ON(!nents);
226
227
sg_ret = &sg_first[rm->m_used_sgs];
228
sg_init_table(sg_ret, nents);
229
rm->m_used_sgs += nents;
···
249
rm->m_inc.i_hdr.h_len = cpu_to_be32(total_len);
250
rm->data.op_nents = ceil(total_len, PAGE_SIZE);
251
rm->data.op_sg = rds_message_alloc_sgs(rm, num_sgs);
252
253
for (i = 0; i < rm->data.op_nents; ++i) {
254
sg_set_page(&rm->data.op_sg[i],
···
224
WARN_ON(rm->m_used_sgs + nents > rm->m_total_sgs);
225
WARN_ON(!nents);
226
227
+
if (rm->m_used_sgs + nents > rm->m_total_sgs)
228
+
return NULL;
229
+
230
sg_ret = &sg_first[rm->m_used_sgs];
231
sg_init_table(sg_ret, nents);
232
rm->m_used_sgs += nents;
···
246
rm->m_inc.i_hdr.h_len = cpu_to_be32(total_len);
247
rm->data.op_nents = ceil(total_len, PAGE_SIZE);
248
rm->data.op_sg = rds_message_alloc_sgs(rm, num_sgs);
249
+
if (!rm->data.op_sg)
250
+
return ERR_PTR(-ENOMEM);
251
252
for (i = 0; i < rm->data.op_nents; ++i) {
253
sg_set_page(&rm->data.op_sg[i],
+84
-42
net/rds/rdma.c
+84
-42
net/rds/rdma.c
···
479
480
481
/*
482
-
* Count the number of pages needed to describe an incoming iovec.
483
*/
484
-
static int rds_rdma_pages(struct rds_rdma_args *args)
485
{
486
struct rds_iovec vec;
487
struct rds_iovec __user *local_vec;
488
-
unsigned int tot_pages = 0;
489
unsigned int nr_pages;
490
unsigned int i;
491
···
527
return -EINVAL;
528
529
tot_pages += nr_pages;
530
}
531
532
-
return tot_pages;
533
-
}
534
-
535
-
int rds_rdma_extra_size(struct rds_rdma_args *args)
536
-
{
537
-
return rds_rdma_pages(args) * sizeof(struct scatterlist);
538
}
539
540
/*
···
547
struct cmsghdr *cmsg)
548
{
549
struct rds_rdma_args *args;
550
-
struct rds_iovec vec;
551
struct rm_rdma_op *op = &rm->rdma;
552
int nr_pages;
553
unsigned int nr_bytes;
554
struct page **pages = NULL;
555
-
struct rds_iovec __user *local_vec;
556
-
unsigned int nr;
557
unsigned int i, j;
558
int ret = 0;
559
···
572
goto out;
573
}
574
575
-
nr_pages = rds_rdma_pages(args);
576
-
if (nr_pages < 0)
577
goto out;
578
579
pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL);
580
if (!pages) {
···
607
op->op_recverr = rs->rs_recverr;
608
WARN_ON(!nr_pages);
609
op->op_sg = rds_message_alloc_sgs(rm, nr_pages);
610
611
if (op->op_notify || op->op_recverr) {
612
/* We allocate an uninitialized notifier here, because
···
644
(unsigned long long)args->remote_vec.addr,
645
op->op_rkey);
646
647
-
local_vec = (struct rds_iovec __user *)(unsigned long) args->local_vec_addr;
648
-
649
for (i = 0; i < args->nr_local; i++) {
650
-
if (copy_from_user(&vec, &local_vec[i],
651
-
sizeof(struct rds_iovec))) {
652
-
ret = -EFAULT;
653
-
goto out;
654
-
}
655
656
-
nr = rds_pages_in_vec(&vec);
657
-
if (nr == 0) {
658
-
ret = -EINVAL;
659
-
goto out;
660
-
}
661
-
662
-
rs->rs_user_addr = vec.addr;
663
-
rs->rs_user_bytes = vec.bytes;
664
665
/* If it's a WRITE operation, we want to pin the pages for reading.
666
* If it's a READ operation, we need to pin the pages for writing.
667
*/
668
-
ret = rds_pin_pages(vec.addr, nr, pages, !op->op_write);
669
if (ret < 0)
670
goto out;
671
672
-
rdsdebug("RDS: nr_bytes %u nr %u vec.bytes %llu vec.addr %llx\n",
673
-
nr_bytes, nr, vec.bytes, vec.addr);
674
675
-
nr_bytes += vec.bytes;
676
677
for (j = 0; j < nr; j++) {
678
-
unsigned int offset = vec.addr & ~PAGE_MASK;
679
struct scatterlist *sg;
680
681
sg = &op->op_sg[op->op_nents + j];
682
sg_set_page(sg, pages[j],
683
-
min_t(unsigned int, vec.bytes, PAGE_SIZE - offset),
684
offset);
685
686
-
rdsdebug("RDS: sg->offset %x sg->len %x vec.addr %llx vec.bytes %llu\n",
687
-
sg->offset, sg->length, vec.addr, vec.bytes);
688
689
-
vec.addr += sg->length;
690
-
vec.bytes -= sg->length;
691
}
692
693
op->op_nents += nr;
···
692
}
693
op->op_bytes = nr_bytes;
694
695
-
ret = 0;
696
out:
697
kfree(pages);
698
if (ret)
699
rds_rdma_free_op(op);
700
-
701
-
rds_stats_inc(s_send_rdma);
702
703
return ret;
704
}
···
811
rm->atomic.op_active = 1;
812
rm->atomic.op_recverr = rs->rs_recverr;
813
rm->atomic.op_sg = rds_message_alloc_sgs(rm, 1);
814
815
/* verify 8 byte-aligned */
816
if (args->local_addr & 0x7) {
···
479
480
481
/*
482
+
* Count the number of pages needed to describe an incoming iovec array.
483
*/
484
+
static int rds_rdma_pages(struct rds_iovec iov[], int nr_iovecs)
485
+
{
486
+
int tot_pages = 0;
487
+
unsigned int nr_pages;
488
+
unsigned int i;
489
+
490
+
/* figure out the number of pages in the vector */
491
+
for (i = 0; i < nr_iovecs; i++) {
492
+
nr_pages = rds_pages_in_vec(&iov[i]);
493
+
if (nr_pages == 0)
494
+
return -EINVAL;
495
+
496
+
tot_pages += nr_pages;
497
+
498
+
/*
499
+
* nr_pages for one entry is limited to (UINT_MAX>>PAGE_SHIFT)+1,
500
+
* so tot_pages cannot overflow without first going negative.
501
+
*/
502
+
if (tot_pages < 0)
503
+
return -EINVAL;
504
+
}
505
+
506
+
return tot_pages;
507
+
}
508
+
509
+
int rds_rdma_extra_size(struct rds_rdma_args *args)
510
{
511
struct rds_iovec vec;
512
struct rds_iovec __user *local_vec;
513
+
int tot_pages = 0;
514
unsigned int nr_pages;
515
unsigned int i;
516
···
502
return -EINVAL;
503
504
tot_pages += nr_pages;
505
+
506
+
/*
507
+
* nr_pages for one entry is limited to (UINT_MAX>>PAGE_SHIFT)+1,
508
+
* so tot_pages cannot overflow without first going negative.
509
+
*/
510
+
if (tot_pages < 0)
511
+
return -EINVAL;
512
}
513
514
+
return tot_pages * sizeof(struct scatterlist);
515
}
516
517
/*
···
520
struct cmsghdr *cmsg)
521
{
522
struct rds_rdma_args *args;
523
struct rm_rdma_op *op = &rm->rdma;
524
int nr_pages;
525
unsigned int nr_bytes;
526
struct page **pages = NULL;
527
+
struct rds_iovec iovstack[UIO_FASTIOV], *iovs = iovstack;
528
+
int iov_size;
529
unsigned int i, j;
530
int ret = 0;
531
···
546
goto out;
547
}
548
549
+
/* Check whether to allocate the iovec area */
550
+
iov_size = args->nr_local * sizeof(struct rds_iovec);
551
+
if (args->nr_local > UIO_FASTIOV) {
552
+
iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL);
553
+
if (!iovs) {
554
+
ret = -ENOMEM;
555
+
goto out;
556
+
}
557
+
}
558
+
559
+
if (copy_from_user(iovs, (struct rds_iovec __user *)(unsigned long) args->local_vec_addr, iov_size)) {
560
+
ret = -EFAULT;
561
goto out;
562
+
}
563
+
564
+
nr_pages = rds_rdma_pages(iovs, args->nr_local);
565
+
if (nr_pages < 0) {
566
+
ret = -EINVAL;
567
+
goto out;
568
+
}
569
570
pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL);
571
if (!pages) {
···
564
op->op_recverr = rs->rs_recverr;
565
WARN_ON(!nr_pages);
566
op->op_sg = rds_message_alloc_sgs(rm, nr_pages);
567
+
if (!op->op_sg) {
568
+
ret = -ENOMEM;
569
+
goto out;
570
+
}
571
572
if (op->op_notify || op->op_recverr) {
573
/* We allocate an uninitialized notifier here, because
···
597
(unsigned long long)args->remote_vec.addr,
598
op->op_rkey);
599
600
for (i = 0; i < args->nr_local; i++) {
601
+
struct rds_iovec *iov = &iovs[i];
602
+
/* don't need to check, rds_rdma_pages() verified nr will be +nonzero */
603
+
unsigned int nr = rds_pages_in_vec(iov);
604
605
+
rs->rs_user_addr = iov->addr;
606
+
rs->rs_user_bytes = iov->bytes;
607
608
/* If it's a WRITE operation, we want to pin the pages for reading.
609
* If it's a READ operation, we need to pin the pages for writing.
610
*/
611
+
ret = rds_pin_pages(iov->addr, nr, pages, !op->op_write);
612
if (ret < 0)
613
goto out;
614
615
+
rdsdebug("RDS: nr_bytes %u nr %u iov->bytes %llu iov->addr %llx\n",
616
+
nr_bytes, nr, iov->bytes, iov->addr);
617
618
+
nr_bytes += iov->bytes;
619
620
for (j = 0; j < nr; j++) {
621
+
unsigned int offset = iov->addr & ~PAGE_MASK;
622
struct scatterlist *sg;
623
624
sg = &op->op_sg[op->op_nents + j];
625
sg_set_page(sg, pages[j],
626
+
min_t(unsigned int, iov->bytes, PAGE_SIZE - offset),
627
offset);
628
629
+
rdsdebug("RDS: sg->offset %x sg->len %x iov->addr %llx iov->bytes %llu\n",
630
+
sg->offset, sg->length, iov->addr, iov->bytes);
631
632
+
iov->addr += sg->length;
633
+
iov->bytes -= sg->length;
634
}
635
636
op->op_nents += nr;
···
655
}
656
op->op_bytes = nr_bytes;
657
658
out:
659
+
if (iovs != iovstack)
660
+
sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size);
661
kfree(pages);
662
if (ret)
663
rds_rdma_free_op(op);
664
+
else
665
+
rds_stats_inc(s_send_rdma);
666
667
return ret;
668
}
···
773
rm->atomic.op_active = 1;
774
rm->atomic.op_recverr = rs->rs_recverr;
775
rm->atomic.op_sg = rds_message_alloc_sgs(rm, 1);
776
+
if (!rm->atomic.op_sg) {
777
+
ret = -ENOMEM;
778
+
goto err;
779
+
}
780
781
/* verify 8 byte-aligned */
782
if (args->local_addr & 0x7) {
+4
net/rds/send.c
+4
net/rds/send.c
···
973
/* Attach data to the rm */
974
if (payload_len) {
975
rm->data.op_sg = rds_message_alloc_sgs(rm, ceil(payload_len, PAGE_SIZE));
976
+
if (!rm->data.op_sg) {
977
+
ret = -ENOMEM;
978
+
goto out;
979
+
}
980
ret = rds_message_copy_from_user(rm, msg->msg_iov, payload_len);
981
if (ret)
982
goto out;
+4
net/socket.c
+4
net/socket.c
···
1652
struct iovec iov;
1653
int fput_needed;
1654
1655
+
if (len > INT_MAX)
1656
+
len = INT_MAX;
1657
sock = sockfd_lookup_light(fd, &err, &fput_needed);
1658
if (!sock)
1659
goto out;
···
1709
int err, err2;
1710
int fput_needed;
1711
1712
+
if (size > INT_MAX)
1713
+
size = INT_MAX;
1714
sock = sockfd_lookup_light(fd, &err, &fput_needed);
1715
if (!sock)
1716
goto out;