28 Apr, 2008
1 commit
-
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
26 Apr, 2008
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (48 commits)
net: Fix wrong interpretation of some copy_to_user() results.
xfrm: alg_key_len & alg_icv_len should be unsigned
[netdrvr] tehuti: move ioctl perm check closer to function start
ipv6: Fix typo in net/ipv6/Kconfig
via-velocity: fix vlan receipt
tg3: sparse cleanup
forcedeth: realtek phy crossover detection
ibm_newemac: Increase MDIO timeouts
gianfar: Fix skb allocation strategy
netxen: reduce stack usage of netxen_nic_flash_print
smc911x: test after postfix decrement fails in smc911x_{reset,drop_pkt}
net drivers: fix platform driver hotplug/coldplug
forcedeth: new backoff implementation
ehea: make things static
phylib: Add support for board-level PHY fixups
[netdrvr] atlx: code movement: move atl1 parameter parsing
atlx: remove flash vendor parameter
korina: misc cleanup
korina: fix misplaced return statement
WAN: Fix confusing insmod error code for C101 too.
...
25 Apr, 2008
11 commits
-
I found some places, that erroneously return the value obtained from
the copy_to_user() call: if some amount of bytes were not able to get
to the user (this is what this one returns) the proper behavior is to
return the -EFAULT error, not that number itself.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Two is used in the wrong context here, as you are connecting to an
IPv6 network over IPv4; not connecting two IPv6 networks to an IPv4
one.Signed-off-by: Michael Beasley
Signed-off-by: David S. Miller -
RFC3542 tells that IPV6_CHECKSUM socket option in the IPPROTO_IPV6
level is not allowed on ICMPv6 sockets. IPPROTO_RAW level
IPV6_CHECKSUM socket option (a Linux extension) is still allowed.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
tcp_probe has a bounds-checking bug that causes many programs (less,
python) to crash reading /proc/net/tcp_probe. When it outputs a log
line to the reader, it only checks if that line alone will fit in the
reader's buffer, rather than that line and all the previous lines it
has already written.tcpprobe_read also returns the wrong value if copy_to_user fails--it
just passes on the return value of copy_to_user (number of bytes not
copied), which makes a failure look like a success.This patch fixes the buffer overflow and sets the return value to
-EFAULT if copy_to_user fails.Patch is against latest net-2.6; tested briefly and seems to fix the
crashes in less and python.Signed-off-by: Tom Quetchenbach
Signed-off-by: David S. Miller -
In the ethtool user-space application, tg3 and natsemi over-ride the
default implementation of dump_eeprom(). In both tg3_dump_eeprom() and
natsemi_dump_eeprom(), there is a magic number check which is not
present in the default implementation.Commit b131dd5d ("[ETHTOOL]: Add support for large eeproms") snipped
the code which copied the ethtool_eeprom structure back to
user-space. tg3 and natsemi are over-writing the magic number field
and then checking it in user-space. With the ethtool_eeprom copy
removed, the check is failing.The fix is simple. Add the ethtool_eeprom copy back.
Signed-off-by: Mandeep Singh Baines
Signed-off-by: David S. Miller -
net/key/af_key.c: In function ‘pfkey_spddelete’:
net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in
this functionWhen CONFIG_SECURITY_NETWORK_XFRM isn't set,
security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so
this seemed like the easiest fix short of using *uninitialized_var(pol_ctx).Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
Fix a regression in the RXKAD security module introduced in:
commit 91e916cffec7c0153c5cbaa447151862a7a9a047
Author: Al Viro
Date: Sat Mar 29 03:08:38 2008 +0000net/rxrpc trivial annotations
A variable was declared as a 16-bit type rather than a 32-bit type.
Signed-off-by: David Howells
Acked-with-apologies-by: Al Viro
Signed-of-by: Linus Torvalds -
* git://git.linux-nfs.org/projects/trondmy/nfs-2.6: (80 commits)
SUNRPC: Invalidate the RPCSEC_GSS session if the server dropped the request
make nfs_automount_list static
NFS: remove duplicate flags assignment from nfs_validate_mount_data
NFS - fix potential NULL pointer dereference v2
SUNRPC: Don't change the RPCSEC_GSS context on a credential that is in use
SUNRPC: Fix a race in gss_refresh_upcall()
SUNRPC: Don't disconnect more than once if retransmitting NFSv4 requests
SUNRPC: Remove the unused export of xprt_force_disconnect
SUNRPC: remove XS_SENDMSG_RETRY
SUNRPC: Protect creds against early garbage collection
NFSv4: Attempt to use machine credentials in SETCLIENTID calls
NFSv4: Reintroduce machine creds
NFSv4: Don't use cred->cr_ops->cr_name in nfs4_proc_setclientid()
nfs: fix printout of multiword bitfields
nfs: return negative error value from nfs{,4}_stat_to_errno
NLM/lockd: Ensure client locking calls use correct credentials
NFS: Remove the buggy lock-if-signalled case from do_setlk()
NLM/lockd: Fix a race when cancelling a blocking lock
NLM/lockd: Ensure that nlmclnt_cancel() returns results of the CANCEL call
NLM: Remove the signal masking in nlmclnt_proc/nlmclnt_cancel
... -
* 'for-linus' of git://linux-nfs.org/~bfields/linux: (52 commits)
knfsd: clear both setuid and setgid whenever a chown is done
knfsd: get rid of imode variable in nfsd_setattr
SUNRPC: Use unsigned loop and array index in svc_init_buffer()
SUNRPC: Use unsigned index when looping over arrays
SUNRPC: Update RPC server's TCP record marker decoder
SUNRPC: RPC server still uses 2.4 method for disabling TCP Nagle
NLM: don't let lockd exit on unexpected svc_recv errors (try #2)
NFS: don't let nfs_callback_svc exit on unexpected svc_recv errors (try #2)
Use a zero sized array for raw field in struct fid
nfsd: use static memory for callback program and stats
SUNRPC: remove svc_create_thread()
nfsd: fix comment
lockd: Fix stale nlmsvc_unlink_block comment
NFSD: Strip __KERNEL__ testing from unexported header files.
sunrpc: make token header values less confusing
gss_krb5: consistently use unsigned for seqnum
NFSD: Remove NFSv4 dependency on NFSv3
SUNRPC: Remove PROC_FS dependency
NFSD: Use "depends on" for PROC_FS dependency
nfsd: move most of fh_verify to separate function
... -
RFC 2203 requires the server to drop the request if it believes the
RPCSEC_GSS context is out of sequence. The problem is that we have no way
on the client to know why the server dropped the request. In order to avoid
spinning forever trying to resend the request, the safe approach is
therefore to always invalidate the RPCSEC_GSS context on every major
timeout.Signed-off-by: Trond Myklebust
24 Apr, 2008
26 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (22 commits)
tun: Multicast handling in tun_chr_ioctl() needs proper locking.
[NET]: Fix heavy stack usage in seq_file output routines.
[AF_UNIX] Initialise UNIX sockets before general device initcalls
[RTNETLINK]: Fix bogus ASSERT_RTNL warning
iwlwifi: Fix built-in compilation of iwlcore (part 2)
tun: Fix minor race in TUNSETLINK ioctl handling.
ppp_generic: use stats from net_device structure
iwlwifi: Don't unlock priv->mutex if it isn't locked
wireless: rndis_wlan: modparam_workaround_interval is never below 0.
prism54: prism54_get_encode() test below 0 on unsigned index
mac80211: update mesh EID values
b43: Workaround DMA quirks
mac80211: fix use before check of Qdisc length
net/mac80211/rx.c: fix off-by-one
mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.
ath5k: Fix radio identification on AR5424/2424
ssb: Fix all-ones boardflags
b43: Add more btcoexist workarounds
b43: Fix HostFlags data types
b43: Workaround invalid bluetooth settings
... -
Plan C: we can follow the Al Viro's proposal about %n like in this patch.
The same applies to udp, fib (the /proc/net/route file), rt_cache and
sctp debug. This is minus ~150-200 bytes for each.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
When drivers call request_module(), it tries to do something with UNIX
sockets and triggers a 'runaway loop modprobe net-pf-1' warning. Avoid
this by initialising AF_UNIX support earlier.Signed-off-by: David Woodhouse
Signed-off-by: David S. Miller -
ASSERT_RTNL uses mutex_trylock to test whether the rtnl_mutex is
held. This bogus warnings when running in atomic context, which
f.e. happens when adding secondary unicast addresses through
macvlan or vlan or when synchronizing multicast addresses from
wireless devices.Mid-term we might want to consider moving all address updates
to process context since the locking seems overly complicated,
for now just fix the bogus warning by changing ASSERT_RTNL to
use mutex_is_locked().Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch fixes use of Qdisc length in requeue function, before we checked
the reference is valid. (Adrian Bunk's catch)Signed-off-by: Ron Rindjunsky
Signed-off-by: Adrian Bunk
Signed-off-by: John W. Linville -
This patch fixes an off-by-one in net/mac80211/rx.c introduced by
commit 8318d78a44d49ac1edf2bdec7299de3617c4232e
(cfg80211 API for channels/bitrates, mac80211 and driver conversion)
and spotted by the Coverity checker.Signed-off-by: Adrian Bunk
Signed-off-by: John W. Linville -
The put routine first decrements the users counter and then
(if it is zero) locks the sta_bss_lock and removes one from
the list and the hash.Thus, any of ieee80211_sta_config_auth, ieee80211_rx_bss_get
or ieee80211_rx_mesh_bss_get can race with it by finding a
bss that is about to get kfree-ed.Using atomic_dec_and_lock in ieee80211_rx_bss_put takes care
of this race.Signed-off-by: Pavel Emelyanov
Signed-off-by: John W. Linville -
There are two structures named wmm_info and wmm_param, they are used while
parsing the beacon frame. (Check the function ieee802_11_parse_elems).
Certain APs like D-link does not set the fifth bit in WMM IE.
While sending the association request to n-only ap it checks for wmm_ie.
If it is set then only ieee80211_ht_cap is sent during association request.
So n-only association fails.
And this patch fixes this problem by copying the wmm_info to wmm_ie,
which enables the "wmm" flag in iee80211_send_assoc.Signed-off-by: Abhijeet Kolekar
Acked-by: Ron Rindjunsky
Signed-off-by: John W. Linville -
Clean up: Suppress a harmless compiler warning.
Index rq_pages[] with an unsigned type. Make "pages" unsigned as well,
as it never represents a value less than zero.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Clean up: Suppress a harmless compiler warning in the RPC server related
to array indices.ARRAY_SIZE() returns a size_t, so use unsigned type for a loop index when
looping over arrays.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Clean up: Update the RPC server's TCP record marker decoder to match the
constructs used by the RPC client's TCP socket transport.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Use the 2.6 method for disabling TCP Nagle in the kernel's RPC server.
Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Now that the nfs4 callback thread uses the kthread API, there are no
more users of svc_create_thread(). Remove it.Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields -
g_make_token_header() and g_token_size() add two too many, and
therefore their callers pass in "(logical_value - 2)" rather
than "logical_value" as hard-coded values which causes confusion.This dates back to the original g_make_token_header which took an
optional token type (token_id) value and added it to the token.
This was removed, but the routine always adds room for the token_id
rather than not.Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
Consistently use unsigned (u32 vs. s32) for seqnum.
In get_mic function, send the local copy of seq_send,
rather than the context version.Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
net/sunrpc/svc.c: In function '__svc_create_thread':
net/sunrpc/svc.c:587: warning: 'oldmask.bits[0u]' may be used uninitialized in this functionCc: Neil Brown
Cc: Trond Myklebust
Cc: David S. Miller
Cc: Tom Tucker
Cc: Chuck Lever
Signed-off-by: Andrew Morton
Signed-off-by: J. Bruce Fields -
cleanup: When adding new encryption types, the checksum length
can be different for each enctype. Face the fact that the
current code only supports DES which has a checksum length of 8.Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
cleanup: Fix grammer/typos to use "too" instead of "to"
Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
SVCRDMA: Add check for XPT_CLOSE in svc_rdma_send
The svcrdma transport can crash if a send is waiting for an
empty SQ slot and the connection is closed due to an asynchronous error.
The crash is caused when svc_rdma_send attempts to send on a deleted
QP.Signed-off-by: Tom Tucker
Signed-off-by: J. Bruce Fields -
In function svcauth_gss_accept() (net/sunrpc/auth_gss/svcauth_gss.c) the
code that handles GSS integrity and decryption failures should be
returning GARBAGE_ARGS as specified in RFC 2203, sections 5.3.3.4.2 and
5.3.3.4.3.Reviewed-by: Greg Banks
Signed-off-by: Harshula Jayasuriya
Signed-off-by: J. Bruce Fields -
svc_recv() calls alloc_page(), and if it fails it does a 500ms
uninterruptible sleep and then reattempts. There doesn't seem to be any
real reason for this to be uninterruptible, so change it to an
interruptible sleep. Also check for kthread_stop() and signalled() after
setting the task state to avoid races that might lead to sleeping after
kthread_stop() wakes up the task.I've done some very basic smoke testing with this, but obviously it's
hard to test the actual changes since this all depends on an
alloc_page() call failing.Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields -
This field is set once and never used; probably some artifact of an
earlier implementation idea.Signed-off-by: J. Bruce Fields
-
This adds IPv6 support to the interfaces that are used to express nfsd
exports. All addressed are stored internally as IPv6; backwards
compatibility is maintained using mapped addresses.Thanks to Bruce Fields, Brian Haley, Neil Brown and Hideaki Joshifuji
for commentsSigned-off-by: Aurelien Charbon
Cc: Neil Brown
Cc: Brian Haley
Cc: YOSHIFUJI Hideaki / 吉藤英明
Signed-off-by: J. Bruce Fields -
When using kthreads that call into svc_recv, we want to make sure that
they do not block there for a long time when we're trying to take down
the kthread.This patch changes svc_recv() to check kthread_should_stop() at the same
places that it checks to see if it's signalled(). Also check just before
svc_recv() tries to schedule(). By making sure that we check it just
after setting the task state we can avoid having to use any locking or
signalling to ensure it doesn't block for a long time.There's still a chance of a 500ms sleep if alloc_page() fails, but
that should be a rare occurrence and isn't a terribly long time in
the context of a kthread being taken down.Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields -
Needed since the plan is to not have a svc_create_thread helper and to
have current users of that function just call kthread_run directly.Signed-off-by: Jeff Layton
Reviewed-by: NeilBrown
Signed-off-by: J. Bruce Fields -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
iwlwifi: Fix built-in compilation of iwlcore
net: Unexport move_addr_to_{kernel,user}
rt2x00: Select LEDS_CLASS.
iwlwifi: Select LEDS_CLASS.
leds: Do not guard NEW_LEDS with HAS_IOMEM
[IPSEC]: Fix catch-22 with algorithm IDs above 31
time: Export set_normalized_timespec.
tcp: Make use of before macro in tcp_input.c
hamradio: Remove unneeded and deprecated cli()/sti() calls in dmascc.c
[NETNS]: Remove empty ->init callback.
[DCCP]: Convert do_gettimeofday() to getnstimeofday().
[NETNS]: Don't initialize err variable twice.
[NETNS]: The ip6_fib_timer can work with garbage on net namespace stop.
[IPV4]: Convert do_gettimeofday() to getnstimeofday().
[IPV4]: Make icmp_sk_init() static.
[IPV6]: Make struct ip6_prohibit_entry_template static.
tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.c
[NET]: Expose netdevice dev_id through sysfs
skbuff: fix missing kernel-doc notation
[ROSE]: Fix soft lockup wrt. rose_node_list_lock
23 Apr, 2008
1 commit
-
After the removal of the Solaris binary emulation the exports of
move_addr_to_{kernel,user} are no longer used.Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller