29 Apr, 2008
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
iwlwifi: Allow building iwl3945 without iwl4965.
wireless: Fix compile error with wifi & leds
tcp: Fix slab corruption with ipv6 and tcp6fuzz
ipv4/ipv6 compat: Fix SSM applications on 64bit kernels.
[IPSEC]: Use digest_null directly for auth
sunrpc: fix missing kernel-doc
can: Fix copy_from_user() results interpretation
Revert "ipv6: Fix typo in net/ipv6/Kconfig"
tipc: endianness annotations
ipv6: result of csum_fold() is already 16bit, no need to cast
[XFRM] AUDIT: Fix flowlabel text format ambibuity.
28 Apr, 2008
11 commits
-
Fix build error caused by commit
e82404ad612ebabc65d15c3d59b971cb35c3ff36 ("iwlwifi: Select
LEDS_CLASS.") from David Miller:Since MAC80211_LEDS is selected by wireless drivers it must select its
own dependencies otherwise a build error may occur (kbuild will select
the symbol regardless of "depends" constraints).Signed-off-By: Luca Tettamanti
Signed-off-by: David S. Miller -
From: Evgeniy Polyakov
This fixes a regression added by ec3c0982a2dd1e671bad8e9d26c28dcba0039d87
("[TCP]: TCP_DEFER_ACCEPT updates - process as established")tcp_v6_do_rcv()->tcp_rcv_established(), the latter goes to step5, where
eventually skb can be freed via tcp_data_queue() (drop: label), then if
check for tcp_defer_accept_check() returns true and thus
tcp_rcv_established() returns -1, which forces tcp_v6_do_rcv() to jump
to reset: label, which in turn will pass through discard: label and free
the same skb again.Tested by Eric Sesterhenn.
Signed-off-by: David S. Miller
Acked-By: Patrick McManus -
Add support on 64-bit kernels for seting 32-bit compatible MCAST*
socket options.Signed-off-by: David L Stevens
Signed-off-by: David S. Miller -
Previously digest_null had no setkey function which meant that
we used hmac(digest_null) for IPsec since IPsec always calls
setkey. Now that digest_null has a setkey we no longer need to
do that.In fact when only confidentiality is specified for ESP we already
use digest_null directly. However, when the null algorithm is
explicitly specified by the user we still opt for hmac(digest_null).This patch removes this discrepancy. I have not added a new compat
name for it because by chance it wasn't actualy possible for the user
to specify the name hmac(digest_null) due to a key length check in
xfrm_user (which I found out when testing that compat name :)Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Fix missing sunrpc kernel-doc:
Warning(linux-2.6.25-git7//net/sunrpc/xprt.c:451): No description found for parameter 'action'
Signed-off-by: Randy Dunlap
Signed-off-by: David S. Miller -
Both copy_to_ and _from_user return the number of bytes, that failed to
reach their destination, not the 0/-EXXX values.Based on patch from Pavel Emelyanov
Signed-off-by: Sam Ravnborg
Acked-by: Oliver Hartkopp
Signed-off-by: David S. Miller -
This reverts commit 5b3f129c5592ca35b3fe8916767c58b98710478c.
As requested by Maciej W. Rozycki.
Signed-off-by: David S. Miller
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Flowlabel text format was not correct and thus ambiguous.
For example, 0x00123 or 0x01203 are formatted as 0x123.
This is not what audit tools want.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
26 Apr, 2008
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (48 commits)
net: Fix wrong interpretation of some copy_to_user() results.
xfrm: alg_key_len & alg_icv_len should be unsigned
[netdrvr] tehuti: move ioctl perm check closer to function start
ipv6: Fix typo in net/ipv6/Kconfig
via-velocity: fix vlan receipt
tg3: sparse cleanup
forcedeth: realtek phy crossover detection
ibm_newemac: Increase MDIO timeouts
gianfar: Fix skb allocation strategy
netxen: reduce stack usage of netxen_nic_flash_print
smc911x: test after postfix decrement fails in smc911x_{reset,drop_pkt}
net drivers: fix platform driver hotplug/coldplug
forcedeth: new backoff implementation
ehea: make things static
phylib: Add support for board-level PHY fixups
[netdrvr] atlx: code movement: move atl1 parameter parsing
atlx: remove flash vendor parameter
korina: misc cleanup
korina: fix misplaced return statement
WAN: Fix confusing insmod error code for C101 too.
...
25 Apr, 2008
11 commits
-
I found some places, that erroneously return the value obtained from
the copy_to_user() call: if some amount of bytes were not able to get
to the user (this is what this one returns) the proper behavior is to
return the -EFAULT error, not that number itself.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Two is used in the wrong context here, as you are connecting to an
IPv6 network over IPv4; not connecting two IPv6 networks to an IPv4
one.Signed-off-by: Michael Beasley
Signed-off-by: David S. Miller -
RFC3542 tells that IPV6_CHECKSUM socket option in the IPPROTO_IPV6
level is not allowed on ICMPv6 sockets. IPPROTO_RAW level
IPV6_CHECKSUM socket option (a Linux extension) is still allowed.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
tcp_probe has a bounds-checking bug that causes many programs (less,
python) to crash reading /proc/net/tcp_probe. When it outputs a log
line to the reader, it only checks if that line alone will fit in the
reader's buffer, rather than that line and all the previous lines it
has already written.tcpprobe_read also returns the wrong value if copy_to_user fails--it
just passes on the return value of copy_to_user (number of bytes not
copied), which makes a failure look like a success.This patch fixes the buffer overflow and sets the return value to
-EFAULT if copy_to_user fails.Patch is against latest net-2.6; tested briefly and seems to fix the
crashes in less and python.Signed-off-by: Tom Quetchenbach
Signed-off-by: David S. Miller -
In the ethtool user-space application, tg3 and natsemi over-ride the
default implementation of dump_eeprom(). In both tg3_dump_eeprom() and
natsemi_dump_eeprom(), there is a magic number check which is not
present in the default implementation.Commit b131dd5d ("[ETHTOOL]: Add support for large eeproms") snipped
the code which copied the ethtool_eeprom structure back to
user-space. tg3 and natsemi are over-writing the magic number field
and then checking it in user-space. With the ethtool_eeprom copy
removed, the check is failing.The fix is simple. Add the ethtool_eeprom copy back.
Signed-off-by: Mandeep Singh Baines
Signed-off-by: David S. Miller -
net/key/af_key.c: In function ‘pfkey_spddelete’:
net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in
this functionWhen CONFIG_SECURITY_NETWORK_XFRM isn't set,
security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so
this seemed like the easiest fix short of using *uninitialized_var(pol_ctx).Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
Fix a regression in the RXKAD security module introduced in:
commit 91e916cffec7c0153c5cbaa447151862a7a9a047
Author: Al Viro
Date: Sat Mar 29 03:08:38 2008 +0000net/rxrpc trivial annotations
A variable was declared as a 16-bit type rather than a 32-bit type.
Signed-off-by: David Howells
Acked-with-apologies-by: Al Viro
Signed-of-by: Linus Torvalds -
* git://git.linux-nfs.org/projects/trondmy/nfs-2.6: (80 commits)
SUNRPC: Invalidate the RPCSEC_GSS session if the server dropped the request
make nfs_automount_list static
NFS: remove duplicate flags assignment from nfs_validate_mount_data
NFS - fix potential NULL pointer dereference v2
SUNRPC: Don't change the RPCSEC_GSS context on a credential that is in use
SUNRPC: Fix a race in gss_refresh_upcall()
SUNRPC: Don't disconnect more than once if retransmitting NFSv4 requests
SUNRPC: Remove the unused export of xprt_force_disconnect
SUNRPC: remove XS_SENDMSG_RETRY
SUNRPC: Protect creds against early garbage collection
NFSv4: Attempt to use machine credentials in SETCLIENTID calls
NFSv4: Reintroduce machine creds
NFSv4: Don't use cred->cr_ops->cr_name in nfs4_proc_setclientid()
nfs: fix printout of multiword bitfields
nfs: return negative error value from nfs{,4}_stat_to_errno
NLM/lockd: Ensure client locking calls use correct credentials
NFS: Remove the buggy lock-if-signalled case from do_setlk()
NLM/lockd: Fix a race when cancelling a blocking lock
NLM/lockd: Ensure that nlmclnt_cancel() returns results of the CANCEL call
NLM: Remove the signal masking in nlmclnt_proc/nlmclnt_cancel
... -
* 'for-linus' of git://linux-nfs.org/~bfields/linux: (52 commits)
knfsd: clear both setuid and setgid whenever a chown is done
knfsd: get rid of imode variable in nfsd_setattr
SUNRPC: Use unsigned loop and array index in svc_init_buffer()
SUNRPC: Use unsigned index when looping over arrays
SUNRPC: Update RPC server's TCP record marker decoder
SUNRPC: RPC server still uses 2.4 method for disabling TCP Nagle
NLM: don't let lockd exit on unexpected svc_recv errors (try #2)
NFS: don't let nfs_callback_svc exit on unexpected svc_recv errors (try #2)
Use a zero sized array for raw field in struct fid
nfsd: use static memory for callback program and stats
SUNRPC: remove svc_create_thread()
nfsd: fix comment
lockd: Fix stale nlmsvc_unlink_block comment
NFSD: Strip __KERNEL__ testing from unexported header files.
sunrpc: make token header values less confusing
gss_krb5: consistently use unsigned for seqnum
NFSD: Remove NFSv4 dependency on NFSv3
SUNRPC: Remove PROC_FS dependency
NFSD: Use "depends on" for PROC_FS dependency
nfsd: move most of fh_verify to separate function
... -
RFC 2203 requires the server to drop the request if it believes the
RPCSEC_GSS context is out of sequence. The problem is that we have no way
on the client to know why the server dropped the request. In order to avoid
spinning forever trying to resend the request, the safe approach is
therefore to always invalidate the RPCSEC_GSS context on every major
timeout.Signed-off-by: Trond Myklebust
24 Apr, 2008
16 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (22 commits)
tun: Multicast handling in tun_chr_ioctl() needs proper locking.
[NET]: Fix heavy stack usage in seq_file output routines.
[AF_UNIX] Initialise UNIX sockets before general device initcalls
[RTNETLINK]: Fix bogus ASSERT_RTNL warning
iwlwifi: Fix built-in compilation of iwlcore (part 2)
tun: Fix minor race in TUNSETLINK ioctl handling.
ppp_generic: use stats from net_device structure
iwlwifi: Don't unlock priv->mutex if it isn't locked
wireless: rndis_wlan: modparam_workaround_interval is never below 0.
prism54: prism54_get_encode() test below 0 on unsigned index
mac80211: update mesh EID values
b43: Workaround DMA quirks
mac80211: fix use before check of Qdisc length
net/mac80211/rx.c: fix off-by-one
mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.
ath5k: Fix radio identification on AR5424/2424
ssb: Fix all-ones boardflags
b43: Add more btcoexist workarounds
b43: Fix HostFlags data types
b43: Workaround invalid bluetooth settings
... -
Plan C: we can follow the Al Viro's proposal about %n like in this patch.
The same applies to udp, fib (the /proc/net/route file), rt_cache and
sctp debug. This is minus ~150-200 bytes for each.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
When drivers call request_module(), it tries to do something with UNIX
sockets and triggers a 'runaway loop modprobe net-pf-1' warning. Avoid
this by initialising AF_UNIX support earlier.Signed-off-by: David Woodhouse
Signed-off-by: David S. Miller -
ASSERT_RTNL uses mutex_trylock to test whether the rtnl_mutex is
held. This bogus warnings when running in atomic context, which
f.e. happens when adding secondary unicast addresses through
macvlan or vlan or when synchronizing multicast addresses from
wireless devices.Mid-term we might want to consider moving all address updates
to process context since the locking seems overly complicated,
for now just fix the bogus warning by changing ASSERT_RTNL to
use mutex_is_locked().Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch fixes use of Qdisc length in requeue function, before we checked
the reference is valid. (Adrian Bunk's catch)Signed-off-by: Ron Rindjunsky
Signed-off-by: Adrian Bunk
Signed-off-by: John W. Linville -
This patch fixes an off-by-one in net/mac80211/rx.c introduced by
commit 8318d78a44d49ac1edf2bdec7299de3617c4232e
(cfg80211 API for channels/bitrates, mac80211 and driver conversion)
and spotted by the Coverity checker.Signed-off-by: Adrian Bunk
Signed-off-by: John W. Linville -
The put routine first decrements the users counter and then
(if it is zero) locks the sta_bss_lock and removes one from
the list and the hash.Thus, any of ieee80211_sta_config_auth, ieee80211_rx_bss_get
or ieee80211_rx_mesh_bss_get can race with it by finding a
bss that is about to get kfree-ed.Using atomic_dec_and_lock in ieee80211_rx_bss_put takes care
of this race.Signed-off-by: Pavel Emelyanov
Signed-off-by: John W. Linville -
There are two structures named wmm_info and wmm_param, they are used while
parsing the beacon frame. (Check the function ieee802_11_parse_elems).
Certain APs like D-link does not set the fifth bit in WMM IE.
While sending the association request to n-only ap it checks for wmm_ie.
If it is set then only ieee80211_ht_cap is sent during association request.
So n-only association fails.
And this patch fixes this problem by copying the wmm_info to wmm_ie,
which enables the "wmm" flag in iee80211_send_assoc.Signed-off-by: Abhijeet Kolekar
Acked-by: Ron Rindjunsky
Signed-off-by: John W. Linville -
Clean up: Suppress a harmless compiler warning.
Index rq_pages[] with an unsigned type. Make "pages" unsigned as well,
as it never represents a value less than zero.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Clean up: Suppress a harmless compiler warning in the RPC server related
to array indices.ARRAY_SIZE() returns a size_t, so use unsigned type for a loop index when
looping over arrays.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Clean up: Update the RPC server's TCP record marker decoder to match the
constructs used by the RPC client's TCP socket transport.Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Use the 2.6 method for disabling TCP Nagle in the kernel's RPC server.
Signed-off-by: Chuck Lever
Signed-off-by: J. Bruce Fields -
Now that the nfs4 callback thread uses the kthread API, there are no
more users of svc_create_thread(). Remove it.Signed-off-by: Jeff Layton
Signed-off-by: J. Bruce Fields -
g_make_token_header() and g_token_size() add two too many, and
therefore their callers pass in "(logical_value - 2)" rather
than "logical_value" as hard-coded values which causes confusion.This dates back to the original g_make_token_header which took an
optional token type (token_id) value and added it to the token.
This was removed, but the routine always adds room for the token_id
rather than not.Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
Consistently use unsigned (u32 vs. s32) for seqnum.
In get_mic function, send the local copy of seq_send,
rather than the context version.Signed-off-by: Kevin Coffman
Signed-off-by: J. Bruce Fields -
net/sunrpc/svc.c: In function '__svc_create_thread':
net/sunrpc/svc.c:587: warning: 'oldmask.bits[0u]' may be used uninitialized in this functionCc: Neil Brown
Cc: Trond Myklebust
Cc: David S. Miller
Cc: Tom Tucker
Cc: Chuck Lever
Signed-off-by: Andrew Morton
Signed-off-by: J. Bruce Fields