04 May, 2006
16 commits
-
This patch fixes hello messages sent when a node is a level 1
router. Slightly contrary to the spec (maybe) VMS ignores hello
messages that do not name level2 routers that it also knows about.So, here we simply name all the routers that the node knows about
rather just other level1 routers. (I hope the patch is clearer than
the description. sorry).Signed-off-by: Patrick Caulfield
Signed-off-by: David S. Miller -
Calling sock_orphan inside bh_lock_sock in tcp_close can lead to dead
locks. For example, the inet_diag code holds sk_callback_lock without
disabling BH. If an inbound packet arrives during that admittedly tiny
window, it will cause a dead lock on bh_lock_sock. Another possible
path would be through sock_wfree if the network device driver frees the
tx skb in process context with BH enabled.We can fix this by moving sock_orphan out of bh_lock_sock.
The tricky bit is to work out when we need to destroy the socket
ourselves and when it has already been destroyed by someone else.By moving sock_orphan before the release_sock we can solve this
problem. This is because as long as we own the socket lock its
state cannot change.So we simply record the socket state before the release_sock
and then check the state again after we regain the socket lock.
If the socket state has transitioned to TCP_CLOSE in the time being,
we know that the socket has been destroyed. Otherwise the socket is
still ours to keep.Note that I've also moved the increment on the orphan count forward.
This may look like a problem as we're increasing it even if the socket
is just about to be destroyed where it'll be decreased again. However,
this simply enlarges a window that already exists. This also changes
the orphan count test by one.Considering what the orphan count is meant to do this is no big deal.
This problem was discoverd by Ingo Molnar using his lock validator.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Convert all ROSE sysctl time values from jiffies to ms as units.
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Convert all NET/ROM sysctl time values from jiffies to ms as units.
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Convert all AX.25 sysctl time values from jiffies to ms as units.
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
The locking rule for rose_remove_neigh() are that the caller needs to
hold rose_neigh_list_lock, so we better don't take it yet again in
rose_neigh_list_lock.Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Move AX.25 symbol exports to next to their definitions where they're
supposed to be these days.Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Signed-off-by: Ralf Baechle DL5RB
Signed-off-by: David S. Miller -
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller -
Noticed by Linus Torvalds
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Jing Min Zhao
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
net/ipv4/netfilter/ip_nat_standalone.c: In function 'ip_nat_out':
net/ipv4/netfilter/ip_nat_standalone.c:223: warning: unused variable 'ctinfo'
net/ipv4/netfilter/ip_nat_standalone.c:222: warning: unused variable 'ct'Surprisingly no complaints so far ..
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When a Choice element contains an unsupported choice no error is returned
and parsing continues normally, but the choice value is not set and
contains data from the last parsed message. This may in turn lead to
parsing of more stale data and following crashes.Fixes a crash triggered by testcase 0003243 from the PROTOS c07-h2250v4
testsuite following random other testcases:CPU: 0
EIP: 0060:[] Not tainted VLI
EFLAGS: 00210646 (2.6.17-rc2 #3)
EIP is at memmove+0x19/0x22
eax: d7be0307 ebx: d7be0307 ecx: e841fcf9 edx: d7be0307
esi: bfffffff edi: bfffffff ebp: da5eb980 esp: c0347e2c
ds: 007b es: 007b ss: 0068
Process events/0 (pid: 4, threadinfo=c0347000 task=dff86a90)
Stack: 00000006 c0347ea6 d7be0301 e09a6b2c 00000006 da5eb980 d7be003e d7be0052
c0347f6c e09a6d9c 00000006 c0347ea6 00000006 00000000 d7b9a548 00000000
c0347f6c d7b9a548 00000004 e0a1a119 0000028f 00000006 c0347ea6 00000006
Call Trace:
[] mangle_contents+0x40/0xd8 [ip_nat]
[] ip_nat_mangle_tcp_packet+0xa1/0x191 [ip_nat]
[] set_addr+0x60/0x14d [ip_nat_h323]
[] q931_help+0x2da/0x71a [ip_conntrack_h323]
[] q931_help+0x30c/0x71a [ip_conntrack_h323]
[] ip_conntrack_help+0x22/0x2f [ip_conntrack]
[] nf_iterate+0x2e/0x5f
[] xfrm4_output_finish+0x0/0x39f
[] nf_hook_slow+0x42/0xb0
[] xfrm4_output_finish+0x0/0x39f
[] xfrm4_output+0x3c/0x4e
[] xfrm4_output_finish+0x0/0x39f
[] ip_forward+0x1c2/0x1fa
[] ip_rcv+0x388/0x3b5
[] netif_receive_skb+0x2bc/0x2ec
[] process_backlog+0x6b/0xd0
[] net_rx_action+0x4b/0xb7
[] __do_softirq+0x35/0x7d
[] do_softirq+0x38/0x3fSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When the TPKT len included in the packet is below the lowest valid value
of 4 an underflow occurs which results in an endless loop.Found by testcase 0000058 from the PROTOS c07-h2250v4 testsuite.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 May, 2006
4 commits
-
fix infinite loop in the SCTP-netfilter code: check SCTP chunk size to
guarantee progress of for_each_sctp_chunk(). (all other uses of
for_each_sctp_chunk() are preceded by do_basic_checks(), so this fix
should be complete.)Based on patch from Ingo Molnar
CVE-2006-1527
Signed-off-by: Patrick McHardy
Signed-off-by: Linus Torvalds -
This patch fixes the issues with multiple irqs.
I am resending based on feedback. I decoupled the dma mask for
consistent memory and fixed leak with multiple irq in error path.Thanks to Manfred for catching the spin lock problem.
Signed-Off-By: Ayaz Abdulla
-
Fixes Rhine I cards disclosing fragments of previously transmitted frames
in new transmissions.Before transmission, any socket buffer (skb) shorter than the ethernet
minimum length of 60 bytes was zero-padded. On Rhine I cards the data can
later be copied into an aligned transmission buffer without copying this
padding. This resulted in the transmission of the frame with the extra
bytes beyond the provided content leaking the previous contents of this
buffer on to the network.Now zero-padding is repeated in the local aligned buffer if one is used.
Following a suggestion from the via-rhine maintainer, no attempt is made
here to avoid the duplicated effort of padding the skb if it is known that
an aligned buffer will definitely be used. This is to make the change
"obviously correct" and allow it to be applied to a stable kernel if
necessary. There is no change to the flow of control and the changes are
only to the Rhine I code path.The patch has run on an in-service Rhine-I host without incident. Frames
shorter than 60 bytes are now correctly zero-padded when captured on a
separate host. I see no unusual stats reported by ifconfig, and no unusual
log messages.Signed-off-by: Craig Brind
Signed-off-by: Roger Luethi
Cc: Jeff Garzik
Signed-off-by: Andrew Morton
Signed-off-by: Jeff Garzik -
On Sat, Mar 11, Olaf Hering wrote:
> Why is the /sys/class/net/eth0/device symlink not created for the
> mv643xx_eth driver? Does this work for other platform device drivers?
> Seems to work for the ps2 keyboard at least.The SET_NETDEV_DEV has to be done before a call to register_netdev. With
the new patch below, the device symlink for the platform device was
created. Unfortunately, after the 4 ls commands, the network connection
died. No idea if the box crashed or if something else broke, lost remote
access.Provide sysfs 'device' in /class/net/ethN Also, set module owner field,
like pcnet32 driver does.Signed-off-by: Olaf Hering
Acked-by: Dale Farnsworth
Signed-off-by: Andrew Morton
Signed-off-by: Jeff Garzik
02 May, 2006
20 commits
-
Apply the same rules as the anon pipe pages, only allow stealing
if no one else is using the page.Signed-off-by: Jens Axboe
-
Currently we rely on the PIPE_BUF_FLAG_LRU flag being set correctly
to know whether we need to fiddle with page LRU state after stealing it,
however for some origins we just don't know if the page is on the LRU
list or not.So remove PIPE_BUF_FLAG_LRU and do this check/add manually in pipe_to_file()
instead.Signed-off-by: Jens Axboe
-
We need to use the minium of {len, PAGE_SIZE-off}, not {len, PAGE_SIZE}-off.
The latter doesn't make any sense, and could cause us to attempt negative
length transfers...Signed-off-by: Jens Axboe
-
* 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] Audit Filter Performance
[PATCH] Rework of IPC auditing
[PATCH] More user space subject labels
[PATCH] Reworked patch for labels on user space messages
[PATCH] change lspp ipc auditing
[PATCH] audit inode patch
[PATCH] support for context based audit filtering, part 2
[PATCH] support for context based audit filtering
[PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit()
[PATCH] drop task argument of audit_syscall_{entry,exit}
[PATCH] drop gfp_mask in audit_log_exit()
[PATCH] move call of audit_free() into do_exit()
[PATCH] sockaddr patch
[PATCH] deal with deadlocks in audit_free() -
When iptables userspace adds an ipt_standard_target, it calculates the size
of the entire entry as:sizeof(struct ipt_entry) + XT_ALIGN(sizeof(struct ipt_standard_target))
ipt_standard_target looks like this:
struct xt_standard_target
{
struct xt_entry_target target;
int verdict;
};xt_entry_target contains a pointer, so when compiled for 64 bit the
structure gets an extra 4 byte of padding at the end. On 32 bit
architectures where iptables aligns to 8 byte it will also have 4
byte padding at the end because it is only 36 bytes large.The compat_ipt_standard_fn in the kernel adjusts the offsets by
sizeof(struct ipt_standard_target) - sizeof(struct compat_ipt_standard_target),
which will always result in 4, even if the structure from userspace
was already padded to a multiple of 8. On x86 this works out by
accident because userspace only aligns to 4, on all other
architectures this is broken and causes incorrect adjustments to
the size and following offsets.Thanks to Linus for lots of debugging help and testing.
Signed-off-by: Patrick McHardy
Signed-off-by: Linus Torvalds -
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block:
[PATCH] vmsplice: allow user to pass in gift pages
[PATCH] pipe: enable atomic copying of pipe data to/from user space
[PATCH] splice: call handle_ra_miss() on failure to lookup page
[PATCH] Add ->splice_read/splice_write to def_blk_fops
[PATCH] pipe: introduce ->pin() buffer operation
[PATCH] splice: fix bugs in pipe_to_file()
[PATCH] splice: fix bugs with stealing regular pipe pages -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/ipath: tidy up white space in a few files
IB/ipath: fix label name in interrupt handler
IB/ipath: improve sparse annotation
IB/ipath: simplify IB timer usage
IB/ipath: simplify RC send posting
IB/ipath: prevent hardware from being accessed during reset
IB/ipath: fix verbs registration
IB/ipath: change handling of PIO buffers
IB/ipath: iterate over correct number of ports during reset
IB/ipath: set up 32-bit DMA mask if 64-bit setup fails
IB/ipath: fix race with exposing reset file
IB/mthca: Fix offset in query_gid method -
At suspend time, the TSC CPUFREQ_SUSPENDCHANGE notifier change might
wrongly enable interrupt. cpufreq driver suspend/resume is in interrupt
disabled environment.Signed-off-by: Shaohua Li
Cc: Pavel Machek
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The PC Speaker driver's ->probe() routine doesn't even get called in the
64-bit kernels. The reason for that is that the arch code apparently has
to explictly add a "pcspkr" platform device in order for the driver core to
call the ->probe() routine. arch/i386/kernel/setup.c unconditionally adds
a "pcspkr" device, but the x86_64 kernel has no code at all related to the
PC Speaker.The patch below copies the relevant code from i386 to x86_64, which makes
the PC Speaker work for me on x86_64.Cc: Dmitry Torokhov
Acked-by: Andi Kleen
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix genrtc's read() routine for 64-bit platforms. Current gen_rtc_read()
stores 64bit integer and returns 8 even if an user tried to read a 32bit
integer.Signed-off-by: Atsushi Nemoto
Cc: Alessandro Zummo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Make rtc-dev work well on 64-bit platforms with 32-bit userland. On those
platforms, users might try to read 32-bit integer value. This patch make
rtc-dev's read() work well for both "int" and "long" size. This tweak is came
from genrtc driver.Signed-off-by: Atsushi Nemoto
Cc: Alessandro Zummo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Consider return value of __put_user() when setting up a signal frame
instead of ignoring it.Cc: Martin Schwidefsky
Signed-off-by: Heiko Carstens
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
As pointed out by Paulo Marques MAX_IPD_TIME is by
a factor of ten too small. Since this means that we allow ten times more
IPDs in the intended time frame this could result in a cpu check stop of a
physical cpu.Cc: Martin Schwidefsky
Signed-off-by: Heiko Carstens
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add an nid member to the spu structure, and store the numa id of the spu there
on creation.Signed-off-by: Arnd Bergmann
Cc: Paul Mackerras
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Change of_node_to_nid() to traverse the device tree, looking for a numa id.
Cell uses this to assign ids to SPUs, which are children of the CPU node.
Existing users of of_node_to_nid() are altered to use of_node_to_nid_single(),
which doesn't do the traversal.Export an attach_sysdev_to_node() function, allowing system devices (eg.
SPUs) to link themselves into the numa topology in sysfs.Signed-off-by: Arnd Bergmann
Cc: Paul Mackerras
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Based on an older patch from Mike Kravetz
We need to have a mem_map for high addresses in order to make fops->no_page
work on spufs mem and register files. So far, we have used the
memory_present() function during early bootup, but that did not work when
CONFIG_NUMA was enabled.We now use the __add_pages() function to add the mem_map when loading the
spufs module, which is a lot nicer.Signed-off-by: Arnd Bergmann
Cc: Paul Mackerras
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patch fixes two bugs with the way sparsemem interacts with memory add.
They are:- memory leak if memmap for section already exists
- calling alloc_bootmem_node() after boot
These bugs were discovered and a first cut at the fixes were provided by
Arnd Bergmann and Joel Schopp .Signed-off-by: Mike Kravetz
Signed-off-by: Joel Schopp
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently loading the ioc3 as a module will cause the ports to be numbered
in reverse order. This mod maintains the proper order of cards for port
numbering.Signed-off-by: Patrick Gefre
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently we check PageDirty() in order to make the decision to swap out
the page. However, the dirty information may be only be contained in the
ptes pointing to the page. We need to first unmap the ptes before checking
for PageDirty(). If unmap is successful then the page count of the page
will also be decreased so that pageout() works properly.This is a fix necessary for 2.6.17. Without this fix we may migrate dirty
pages for filesystems without migration functions. Filesystems may keep
pointers to dirty pages. Migration of dirty pages can result in the
filesystem keeping pointers to freed pages.Unmapping is currently not be separated out from removing all the
references to a page and moving the mapping. Therefore try_to_unmap will
be called again in migrate_page() if the writeout is successful. However,
it wont do anything since the ptes are already removed.The coming updates to the page migration code will restructure the code
so that this is no longer necessary.Signed-off-by: Christoph Lameter
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Blaisorblade's uml-makefile-nicer makes a V=0 build say SYMLINK where
what's happening is really a LINK.Signed-off-by: Jeff Dike
Acked-by: Paolo 'Blaisorblade' Giarrusso
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
