20 May, 2007
9 commits
-
Kenji Kaneshige found this race between device removal and
registration. On unregister it is possible for the old device to
exist, because sysfs file is still open. A new device with 'eth%d'
will select the same name, but sysfs kobject register will fial.The following changes the shutdown order slightly. It hold a removes
the sysfs entries earlier (on unregister_netdevice), but holds a
kobject reference. Then when todo runs the actual last put free
happens.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
When icmp_send is called on the local output path before the
packet hits ip_output, skb->dev is not set, causing a crash
when sysctl_icmp_errors_use_inbound_ifaddr is set. This can
happen with the netfilter REJECT target or IPsec tunnels.Let routing decide the ICMP source address in that case, since the
packet is locally generated there is no inbound interface and
the sysctl should not apply.The option actually seems to be unfixable broken, on the path
after ip_output() skb->dev points to the outgoing device and
we don't know the incoming device anymore, so its going to do
the absolute wrong thing and pick the address of the outgoing
interface. Add a comment about this.Reported by Curtis Doty .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The option is named CONFIG_NF_NAT not CONFIG_IP_NF_NAT. Remove the ifdef
completely since helpers also expect defragmented packet even without
NAT.Noticed by Robert P. J. Day
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When the helper module is removed for a master connection that has a
fulfilled expectation, but has already timed out and got removed from
the hash tables, nf_conntrack_helper_unregister can't find the master
connection to unset the helper, causing a use-after-free when the
expected connection is destroyed and releases the last reference to
the master.The helper destroy callback was introduced for the PPtP helper to clean
up expectations and expected connections when the master connection
times out, but doing this from destroy_conntrack only works for
unfulfilled expectations since expected connections hold a reference
to the master, preventing its destruction. Move the destroy callback to
the timeout function, which fixes both problems.Reported/tested by Gabor Burjan .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This is a natural extension of the changeset
[XFRM]: Probe selected algorithm only.
which only removed the probe call for xfrm_user. This patch does exactly
the same thing for af_key. In other words, we load the algorithm requested
by the user rather than everything when adding xfrm states in af_key.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
State could become inconsistent in two cases:
1) Userspace disabled FRTO by tuning sysctl when one of the TCP
flows was in the middle of FRTO algorithm (and then RTO is
again triggered)2) SACK reneging occurs during FRTO algorithm
A simple solution is just to abort the previous FRTO when such
obscure condition occurs...Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
The conservative spurious RTO response did not queue CWR even
though the sending rate was lowered. Whenever reduction happens
regardless of reason, CWR should be sent (forgetting to send it
is not very fatal though).A better approach would be to queue CWR when one of the sending
rate reducing responses (rate-halving one or this conservative
response) is used already at RTO. Doing that would allow CWR to
be sent along with the two new data segments that are sent
during FRTO. However, it's a bit "racy" because userland could
tune the response sysctl to a more aggressive one in between.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
Compiling 2.6.22-rc1 with gcc-3.2.3 for i486 fails with:
gcc -m32 -Wp,-MD,net/core/.skbuff.o.d -nostdinc -isystem /home/mikpe/pkgs/linux-x86/gnu/lib/gcc-lib/i486-pc-linux-gnu/3.2.3/include -D__KERNEL__ -Iinclude -include include/linux/autoconf.h -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -O2 -pipe -msoft-float -mregparm=3 -freg-struct-return -mpreferred-stack-boundary=4 -march=i486 -ffreestanding -maccumulate-outgoing-args -DCONFIG_AS_CFI=1 -Iinclude/asm-i386/mach-default -fomit-frame-pointer -D"KBUILD_STR(s)=#s" -D"KBUILD_BASENAME=KBUILD_STR(skbuff)" -D"KBUILD_MODNAME=KBUILD_STR(skbuff)" -c -o net/core/skbuff.o net/core/skbuff.c
net/core/skbuff.c:648:1: directives may not be used inside a macro argument
net/core/skbuff.c:647:39: unterminated argument list invoking macro "memcpy"
net/core/skbuff.c: In function `pskb_expand_head':
net/core/skbuff.c:651: `memcpy' undeclared (first use in this function)
net/core/skbuff.c:651: (Each undeclared identifier is reported only once
net/core/skbuff.c:651: for each function it appears in.)
net/core/skbuff.c:651: syntax error before "skb"
make[2]: *** [net/core/skbuff.o] Error 1
make[1]: *** [net/core] Error 2
make: *** [net] Error 2The patch below implements a simple workaround which is to
clone the offending memcpy() call and specialise it for the
two different scenarios.Other workarounds are of course possible: e.g. bind the varying
parameter in a local variable, or use a macro or inline function
to perform the varying computation.Signed-off-by: Mikael Pettersson
Signed-off-by: David S. Miller -
coverity has spotted a bug in rfkill.c (bug id #1627),
in rfkill_allocate() NULL was returns if the kzalloc() works,
and deref the NULL pointer if it fails,Signed-off-by: Ivo van Doorn
Signed-off-by: David S. Miller
18 May, 2007
7 commits
-
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPV4]: Remove IPVS icmp hack from route.c for now.
[IPV4]: Correct rp_filter help text.
[TCP]: TCP_CONG_YEAH requires TCP_CONG_VEGAS
[TCP] slow start: Make comments and code logic clearer.
[BLUETOOTH]: Fix locking in hci_sock_dev_event().
[NET]: Fix BMSR_100{HALF,FULL}2 defines in linux/mii.h
[NET]: lockdep classes in register_netdevice -
Revert: 2d771cd86d4c3af26f34a7bcdc1b87696824cad9
This is dangerous if enabled and a better solution to the
problem is being worked on.Signed-off-by: David S. Miller
-
As mentioned in http://bugzilla.kernel.org/show_bug.cgi?id=5015
The helptext implies that this is on by default.
This may be true on some distros (Fedora/RHEL have it enabled
in /etc/sysctl.conf), but the kernel defaults to it off.Signed-off-by: Dave Jones
Signed-off-by: David S. Miller -
These two congestion control modules share code.
Signed-off-by: David S. Miller
-
Add more comments to describe our version of tcp_slow_start().
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
We presently use lock_sock() to acquire a lock on a socket in
hci_sock_dev_event(), but this goes BUG because lock_sock()
can sleep and we're already holding a read-write spinlock at
that point. So, we must use the non-sleeping BH version,
bh_lock_sock().However, hci_sock_dev_event() is called from user context and
hence using simply bh_lock_sock() will deadlock against a
concurrent softirq that tries to acquire a lock on the same
socket. Hence, disabling BH's before acquiring the socket lock
and enable them afterwards, is the proper solution to fix
socket locking in hci_sock_dev_event().Signed-off-by: Satyam Sharma
Signed-off-by: Marcel Holtmann
Signed-off-by: Jiri Kosina
Signed-off-by: David S. Miller -
After initializing dev->_xmit_lock register_netdevice()
sets lockdep class according to dev->type.Idea of this patch - by David Miller.
Reported & tested by: "Yuriy N. Shkandybin"
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller
17 May, 2007
3 commits
-
The function ipxrtr_route_packet() takes a 'len' argument of type
size_t. However, its prototype in af_ipx.c incorrectly suggests that the
corresponding argument is of type 'int' instead.Discovered by building with --combine and letting the compiler see it
all at once.Signed-off-by: David Woodhouse
Signed-off-by: Linus Torvalds -
SLAB_CTOR_CONSTRUCTOR is always specified. No point in checking it.
Signed-off-by: Christoph Lameter
Cc: David Howells
Cc: Jens Axboe
Cc: Steven French
Cc: Michael Halcrow
Cc: OGAWA Hirofumi
Cc: Miklos Szeredi
Cc: Steven Whitehouse
Cc: Roman Zippel
Cc: David Woodhouse
Cc: Dave Kleikamp
Cc: Trond Myklebust
Cc: "J. Bruce Fields"
Cc: Anton Altaparmakov
Cc: Mark Fasheh
Cc: Paul Mackerras
Cc: Christoph Hellwig
Cc: Jan Kara
Cc: David Chinner
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
15 May, 2007
2 commits
-
- net/sunrpc/xprtsock.c:1635:5: warning: symbol 'init_socket_xprt' was not
declared. Should it be static?
- net/sunrpc/xprtsock.c:1649:6: warning: symbol 'cleanup_socket_xprt' was
not declared. Should it be static?Signed-off-by: Trond Myklebust
-
rpciod_running is not used at all, but due to the way DECLARE_MUTEX_LOCKED
works we don't get a warning for it.Signed-off-by: Christoph Hellwig
Signed-off-by: Trond Myklebust
14 May, 2007
5 commits
-
This displays the statistics specified in the updated IP-MIB RFC
(RFC4293) in /proc/net/netstat. The reason why these are not displayed
in /proc/net/snmp is that some existing utilities are developed under
the assumption which ipstat items in /proc/net/snmp is unchanged.Signed-off-by: Mitsuru Chinen
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Reverse the sense of the promiscuous-mode tests in ip6_mc_input().
Signed-off-by: Corey Mutter
Signed-off-by: David L Stevens
Signed-off-by: David S. Miller -
This fixes an out-of-boundary condition when the classified
band equals q->bands. Caught by AlexeySigned-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
Multi-page allocations are always likely to fail. Since such failures
are expected and non-critical in xfrm_hash_alloc, we shouldn't warn about
them.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The function xfrm_policy_byid takes a dir argument but finds the policy
using the index instead. We only use the dir argument to update the
policy count for that direction. Since the user can supply any value
for dir, this can corrupt our policy count.I know this is the problem because a few days ago I was deleting
policies by hand using indicies and accidentally typed in the wrong
direction. It still deleted the policy and at the time I thought
that was cool. In retrospect it isn't such a good idea :)I decided against letting it delete the policy anyway just in case
we ever remove the connection between indicies and direction.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
12 May, 2007
1 commit
-
* 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid:
USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release()
HID: add hooks for getkeycode() and setkeycode() methods
HID: switch to using input_dev->dev.parent
USB HID: Logitech wheel 0x046d/0xc294 needs HID_QUIRK_NOGET quirk
USB HID: usb_buffer_free() cleanup
USB HID: report descriptor of Cypress USB barcode readers needs fixup
Bluetooth HID: HIDP - don't initialize force feedback
USB HID: update CONFIG_USB_HIDINPUT_POWERBOOK description
HID: add input mappings for non-working keys on Logitech S510 remote
11 May, 2007
13 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
iptables matches and targets expect packets to have at least a full
IP header and a valid header length. Ignore packets sent through
raw sockets for which this isn't true as in the other tables.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Some helpers (eg. ftp) assume that private area in conntrack is
filled with zero. It should be cleared when helper is changed.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch
- Clears private area for helper even if no helper is assigned to
conntrack. It might be used by old helper.
- Unchanges if the same helper as the used one is specified.
- Does not find helper if no helper is specified. And it does not
require private area for helper in that case.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
nf_nat_rule_find, alloc_null_binding and alloc_null_binding_confirmed
do not use the argument 'info', which is actually ct->nat.info.
If they are necessary to access it again, we can use the argument 'ct'
instead.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- move arp_tables initial table structure definitions to arp_tables.h
similar to ip_tables and ip6_tables- use C99 initializers
- use initializer macros where possible
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When we relinquish queue_lock in qdisc_restart and then retake it for
requeueing, we might race against dev_deactivate and end up requeueing
onto noop_qdisc. This causes a warning to be printed.This patch fixes this by checking this before we requeue. As an added
bonus, we can remove the same check in __qdisc_run which was added to
prevent dev->gso_skb from being requeued when we're shutting down.Even though we've had to add a new conditional in its place, it's better
because it only happens on requeues rather than every single time that
qdisc_run is called.For this to work we also need to move the clearing of gso_skb up in
dev_deactivate as now qdisc_restart can occur even after we wait for
__LINK_STATE_QDISC_RUNNING to clear (but it won't do anything as long
as the queue and gso_skb is already clear).Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Now that we return the queue length after NETDEV_TX_OK we better
make sure that we have the right queue. Otherwise we can cause a
stall after a really quick dev_deactive/dev_activate.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
The current return value scheme and associated comment was invented
back in the 20th century when we still had that tbusy flag. Things
have changed quite a bit since then (even Tony Blair is moving on
now, not to mention the new French president).All we need to indicate now is whether the caller should continue
processing the queue. Therefore it's sufficient if we return 0 if
we want to stop and non-zero otherwise.This is based on a patch by Krishna Kumar.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
When transmit fails with NETDEV_TX_LOCKED the skb is requeued
to dev->qdisc again. The dev->qdisc pointer is protected by
the queue lock which needs to be dropped when attempting to
transmit and acquired again before requeing. The problem is
that qdisc_restart() fetches the dev->qdisc pointer once and
stores it in the `q' variable which is invalidated when
dropping the queue_lock, therefore the variable needs to be
refreshed before requeueing.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
__udp_lib_port_inuse() cannot make direct references to
inet_sk(sk)->rcv_saddr as that is ipv4 specific state and
this code is used by ipv6 too.Use an operations vector to solve this, and this also paves
the way for ipv6 support for non-wild saddr hashing in UDP.Signed-off-by: David S. Miller
