21 Apr, 2006
2 commits
-
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (21 commits)
[PATCH] wext: Fix RtNetlink ENCODE security permissions
[PATCH] bcm43xx: iw_priv_args names should be <16 characters
[PATCH] bcm43xx: sysfs code cleanup
[PATCH] bcm43xx: fix pctl slowclock limit calculation
[PATCH] bcm43xx: fix dyn tssi2dbm memleak
[PATCH] bcm43xx: fix config menu alignment
[PATCH] bcm43xx wireless: fix printk format warnings
[PATCH] softmac: report when scanning has finished
[PATCH] softmac: fix event sending
[PATCH] softmac: handle iw_mode properly
[PATCH] softmac: dont send out packets while scanning
[PATCH] softmac: return -EAGAIN from getscan while scanning
[PATCH] bcm43xx: set trans_start on TX to prevent bogus timeouts
[PATCH] orinoco: fix truncating commsquality RID with the latest Symbol firmware
[PATCH] softmac: fix spinlock recursion on reassoc
[PATCH] Revert NET_RADIO Kconfig title change
[PATCH] wext: Fix IWENCODEEXT security permissions
[PATCH] wireless/atmel: send WEXT scan completion events
[PATCH] wireless/airo: clean up WEXT association and scan events
[PATCH] softmac uses Wiress Ext.
...
20 Apr, 2006
17 commits
-
Make all the vmalloc calls in net/bridge/netfilter/ebtables.c follow
the standard convention. Remove unnecessary casts, and use '*object'
instead of 'type'.Signed-off-by: Jayachandran C.
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
Add some sanity checking. truesize should be at least sizeof(struct
sk_buff) plus the current packet length. If not, then truesize is
seriously mangled and deserves a kernel log message.Currently we'll do the check for release of stream socket buffers.
But we can add checks to more spots over time.
Incorporating ideas from Herbert Xu.
Signed-off-by: David S. Miller
-
Make sure that we get the full sizeof(struct sk_buff)
plus the data size accounted for in skb->truesize.This will create invariants that will allow adding
assertion checks on skb->truesize.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Kernel Bugzilla #6409
If we use plain skb_trim(), that's wrong, because if
the SKB is cloned, and it can be because we unshared
it in the caller, we have to allow reallocation. The
pskb_trim*() family of routines is therefore the most
appropriate here.Signed-off-by: David S. Miller
-
This applies to 2.6.17-rc2.
There is a missing initialization of err in sockfd_lookup_light() that
could return random error for an invalid file handle.Signed-off-by: Hua Zhong
Signed-off-by: David S. Miller -
I've just realised that the RtNetlink code does not check the
permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that
any user can read the encryption keys. The fix is trivial and should
go in 2.6.17 alonside the two other patch I sent you last week.Signed-off-by: Jean Tourrilhes
Signed-off-by: John W. Linville -
Make softmac report a scan event when scanning has finished, that way
userspace can wait for the event to happen instead of polling for the
results.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Softmac is sending custom events to userspace already, but it
should _really_ be sending the right WEXT events instead. This
patch fixes that.Signed-off-by: Dan Williams
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Below patch allows using iw_mode auto with softmac. bcm43xx forces managed
so this bug wasn't noticed earlier, but this was one of the problems why
zd1211 didn't work earlier.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Seems we forgot to stop the queue while scanning. Better do that so we
don't transmit packets all the time during background scanning.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Below patch was developed after discussion with Daniel Drake who
mentioned to me that wireless tools expect an EAGAIN return from getscan
so that they can wait for the scan to finish before printing out the
results.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
This fixes a spinlock recursion on receiving a reassoc request.
On reassoc, the softmac calls back into the driver. This results in a
driver lock recursion. This schedules the assoc workqueue, instead
of calling it directly.Probably, we should defer the _whole_ management frame processing
to a tasklet or workqueue, because it does several callbacks into the driver.
That is dangerous.This fix should go into linus's tree, before 2.6.17 is released, because it
is remote exploitable (DoS by crash).Signed-off-by: John W. Linville
-
Check the permissions when user-space try to read the
encryption parameters via SIOCGIWENCODEEXT. This is trivial and
probably should go in 2.6.17...
Bug was found by Brian Eaton , thanks !Signed-off-by: Jean Tourrilhes
Signed-off-by: John W. Linville -
softmac uses wireless extensions, so let it SELECT that config option;
WARNING: "wireless_send_event" [net/ieee80211/softmac/ieee80211softmac.ko] undefined!Signed-off-by: Randy Dunlap
Signed-off-by: John W. Linville -
Hi,
the coverity checker spotted that cred is always NULL
when we jump to out_err ( there is just one case, when
we fail to allocate the memory for cred )
This is Coverity ID #79Signed-off-by: Eric Sesterhenn
Signed-off-by: Trond Myklebust -
Signed-off-by: Adrian Bunk
Cc: Trond Myklebust
Signed-off-by: Andrew Morton
Signed-off-by: Trond Myklebust -
I was sloppy when generating a previous patch; I modified the callers of
krb5_make_checksum() to allocate memory for the buffer where the result is
returned, then forgot to modify krb5_make_checksum to stop allocating that
memory itself. The result is a per-packet memory leak. This fixes the
problem by removing the now-superfluous kmalloc().Signed-off-by: J. Bruce Fields
Signed-off-by: Trond Myklebust
19 Apr, 2006
7 commits
-
Redundant NULL check before kfree removal
from net/Signed-off-by: Jesper Juhl
Acked-by: James Morris
Signed-off-by: David S. Miller -
This patch fixes unaligned access warnings noticed on IA64
in sk_run_filter(). 'ptr' can be unaligned.Signed-off-By: Dmitry Mishin
Signed-off-By: Kirill Korotaev
Signed-off-by: David S. Miller -
- Removed unused argument (nhoff) for ipv6_parse_hopopts().
- Make ipv6_parse_hopopts() to align with other extension header
handlers.
- Removed pointless assignment (hdr), which is not used afterwards.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
We did not correctly decode session with preceding extension
header(s). This was because we had already pulled preceding
headers, skb->nh.raw + 40 + 1 - skb->data was minus, and
pskb_may_pull() failed.We now have IP6CB(skb)->nhoff and skb->h.raw, and we can
start parsing / decoding upper layer protocol from current
position.Tracked down by Noriaki TAKAMIYA
and tested by Kazunori Miyazawa .Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
There is a problem with the TSO packet trimming code. The cause of
this lies in the tcp_fragment() function.When we allocate a fragment for a completely non-linear packet the
truesize is calculated for a payload length of zero. This means that
truesize could in fact be less than the real payload length.When that happens the TSO packet trimming can cause truesize to become
negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE
which would trigger the warning.I've copied the code DaveM used in tso_fragment which should work here.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
18 Apr, 2006
1 commit
-
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
The bug is caused by ip_route_input dereferencing skb->nh.protocol of
the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
it). It only happens if the route requested is for a multicast IP
address.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
15 Apr, 2006
9 commits
-
During other work I noticed that ip_append_data() seemed to be forgetting to
include the frag gap in its calculation of a fragment that consumes the rest of
the payload. Herbert confirmed that this was a bug that snuck in during a
previous rework.Signed-off-by: Zach Brown
Signed-off-by: David S. Miller -
Add module information
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Cleanup some code around notifier. Don't need (void) casts to ignore
return values, and use C90 style initializer. Just ignore unused device
events.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Don't need the ifdef here since create_proc_entry() is stubbed to
always return NULL.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Run CLIP driver through Lindent script to fix formatting.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
By inspection, the clip idle timer code is racy on SMP.
Here is a safe version of timer management.
Untested, I don't have ATM hardware.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
If Classical IP over ATM module is loaded, its neighbor table gets
populated when permanent neighbor entries are created; but these entries
are not flushed when the device is removed. Since the entry never gets
flushed the unregister of the network device never completes.This version of the patch also adds locking around the reference to
the atm arp daemon to avoid races with events and daemon state changes.
(Note: barrier() was never really safe)Bug-reference: http://bugzilla.kernel.org/show_bug.cgi?id=6295
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Send aevent immediately if we have sent nothing since last timer and
this is the first packet.Fixes a corner case when packet threshold is very high, the timer low
and a very low packet rate input which is bursty.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
This patch contains the following possible cleanups:
- make the following needlessly global function static:
- arp.c: arp_rcv()
- remove the following unused EXPORT_SYMBOL's:
- devinet.c: devinet_ioctl
- fib_frontend.c: ip_rt_ioctl
- inet_hashtables.c: inet_bind_bucket_create
- inet_hashtables.c: inet_bind_hash
- tcp_input.c: sysctl_tcp_abc
- tcp_ipv4.c: sysctl_tcp_tw_reuse
- tcp_output.c: sysctl_tcp_mtu_probing
- tcp_output.c: sysctl_tcp_base_mssSigned-off-by: Adrian Bunk
Signed-off-by: David S. Miller
12 Apr, 2006
4 commits
-
The in-kernel Sangoma drivers are both not compiling and marked as BROKEN
since at least kernel 2.6.0.Sangoma offers out-of-tree drivers, and David Mandelstam told me Sangoma
does no longer maintain the in-kernel drivers and prefers to provide them
as a separate installation package.This patch therefore removes these drivers.
Signed-off-by: Adrian Bunk
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
Allocate an array of 'struct ebt_chainstack *', the current code allocates
array of 'struct ebt_chainstack'.akpm: converted to use the
foo = alloc(sizeof(*foo))
form. Which would have prevented this from happening in the first place.
akpm: also removed unneeded typecast.
akpm: what on earth is this code doing anyway? cpu_possible_map can be
sparse..Signed-off-by: Jayachandran C.
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
we dont free req if we cant parse the options.
This fixes coverity bug id #1046Signed-off-by: Eric Sesterhenn
Signed-off-by: David S. Miller -
This change allows link local packets (like 802.3ad and Spanning Tree
Protocol) to be processed even when the bridge is not using the port.
It fixes the chicken-egg problem for bridging a bonded device, and
may also fix problems with spanning tree failover.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller