aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2006-04-24[PATCH] softmac: fix SIOCSIWAPJohannes Berg
There are some bugs in the current implementation of the SIOCSIWAP wext, for example that when you do it twice and it fails, it may still try another access point for some reason. This patch fixes this by introducing a new flag that tells the association code that the bssid that is in use was fixed by the user and shouldn't be deviated from. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-20Merge branch 'upstream-linus' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (21 commits) [PATCH] wext: Fix RtNetlink ENCODE security permissions [PATCH] bcm43xx: iw_priv_args names should be <16 characters [PATCH] bcm43xx: sysfs code cleanup [PATCH] bcm43xx: fix pctl slowclock limit calculation [PATCH] bcm43xx: fix dyn tssi2dbm memleak [PATCH] bcm43xx: fix config menu alignment [PATCH] bcm43xx wireless: fix printk format warnings [PATCH] softmac: report when scanning has finished [PATCH] softmac: fix event sending [PATCH] softmac: handle iw_mode properly [PATCH] softmac: dont send out packets while scanning [PATCH] softmac: return -EAGAIN from getscan while scanning [PATCH] bcm43xx: set trans_start on TX to prevent bogus timeouts [PATCH] orinoco: fix truncating commsquality RID with the latest Symbol firmware [PATCH] softmac: fix spinlock recursion on reassoc [PATCH] Revert NET_RADIO Kconfig title change [PATCH] wext: Fix IWENCODEEXT security permissions [PATCH] wireless/atmel: send WEXT scan completion events [PATCH] wireless/airo: clean up WEXT association and scan events [PATCH] softmac uses Wiress Ext. ...
2006-04-20Merge branch 'upstream-fixes' of ↵Jeff Garzik
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2006-04-20[EBTABLES]: Clean up vmalloc usage in net/bridge/netfilter/ebtables.cJayachandran C
Make all the vmalloc calls in net/bridge/netfilter/ebtables.c follow the standard convention. Remove unnecessary casts, and use '*object' instead of 'type'. Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-20[NET]: Add skb->truesize assertion checking.David S. Miller
Add some sanity checking. truesize should be at least sizeof(struct sk_buff) plus the current packet length. If not, then truesize is seriously mangled and deserves a kernel log message. Currently we'll do the check for release of stream socket buffers. But we can add checks to more spots over time. Incorporating ideas from Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-19[TCP]: Account skb overhead in tcp_fragmentHerbert Xu
Make sure that we get the full sizeof(struct sk_buff) plus the data size accounted for in skb->truesize. This will create invariants that will allow adding assertion checks on skb->truesize. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-19[LLC]: Use pskb_trim_rcsum() in llc_fixup_skb().David S. Miller
Kernel Bugzilla #6409 If we use plain skb_trim(), that's wrong, because if the SKB is cloned, and it can be because we unshared it in the caller, we have to allow reallocation. The pskb_trim*() family of routines is therefore the most appropriate here. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-19[NET]: sockfd_lookup_light() returns random error for -EBADFDHua Zhong
This applies to 2.6.17-rc2. There is a missing initialization of err in sockfd_lookup_light() that could return random error for an invalid file handle. Signed-off-by: Hua Zhong <hzhong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-19[PATCH] wext: Fix RtNetlink ENCODE security permissionsJean Tourrilhes
I've just realised that the RtNetlink code does not check the permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that any user can read the encryption keys. The fix is trivial and should go in 2.6.17 alonside the two other patch I sent you last week. Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: report when scanning has finishedJohannes Berg
Make softmac report a scan event when scanning has finished, that way userspace can wait for the event to happen instead of polling for the results. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: fix event sendingJohannes Berg
Softmac is sending custom events to userspace already, but it should _really_ be sending the right WEXT events instead. This patch fixes that. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: handle iw_mode properlyjohannes@sipsolutions.net
Below patch allows using iw_mode auto with softmac. bcm43xx forces managed so this bug wasn't noticed earlier, but this was one of the problems why zd1211 didn't work earlier. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: dont send out packets while scanningjohannes@sipsolutions.net
Seems we forgot to stop the queue while scanning. Better do that so we don't transmit packets all the time during background scanning. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: return -EAGAIN from getscan while scanningjohannes@sipsolutions.net
Below patch was developed after discussion with Daniel Drake who mentioned to me that wireless tools expect an EAGAIN return from getscan so that they can wait for the scan to finish before printing out the results. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac: fix spinlock recursion on reassocMichael Buesch
This fixes a spinlock recursion on receiving a reassoc request. On reassoc, the softmac calls back into the driver. This results in a driver lock recursion. This schedules the assoc workqueue, instead of calling it directly. Probably, we should defer the _whole_ management frame processing to a tasklet or workqueue, because it does several callbacks into the driver. That is dangerous. This fix should go into linus's tree, before 2.6.17 is released, because it is remote exploitable (DoS by crash). Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] wext: Fix IWENCODEEXT security permissionsJean Tourrilhes
Check the permissions when user-space try to read the encryption parameters via SIOCGIWENCODEEXT. This is trivial and probably should go in 2.6.17... Bug was found by Brian Eaton <eaton.lists@gmail.com>, thanks ! Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19[PATCH] softmac uses Wiress Ext.Randy Dunlap
softmac uses wireless extensions, so let it SELECT that config option; WARNING: "wireless_send_event" [net/ieee80211/softmac/ieee80211softmac.ko] undefined! Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-04-19SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.cEric Sesterhenn
Hi, the coverity checker spotted that cred is always NULL when we jump to out_err ( there is just one case, when we fail to allocate the memory for cred ) This is Coverity ID #79 Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-04-19NFS: make 2 functions staticAdrian Bunk
Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-04-19RPCSEC_GSS: fix leak in krb5 code caused by superfluous kmallocJ. Bruce Fields
I was sloppy when generating a previous patch; I modified the callers of krb5_make_checksum() to allocate memory for the buffer where the result is returned, then forgot to modify krb5_make_checksum to stop allocating that memory itself. The result is a per-packet memory leak. This fixes the problem by removing the now-superfluous kmalloc(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2006-04-18[NET]: Remove redundant NULL checks before [kv]freeJesper Juhl
Redundant NULL check before kfree removal from net/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18unaligned access in sk_run_filter()Dmitry Mishin
This patch fixes unaligned access warnings noticed on IA64 in sk_run_filter(). 'ptr' can be unaligned. Signed-off-By: Dmitry Mishin <dim@openvz.org> Signed-off-By: Kirill Korotaev <dev@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18[IPV6]: Clean up hop-by-hop options handler.YOSHIFUJI Hideaki
- Removed unused argument (nhoff) for ipv6_parse_hopopts(). - Make ipv6_parse_hopopts() to align with other extension header handlers. - Removed pointless assignment (hdr), which is not used afterwards. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18[IPV6] XFRM: Fix decoding session with preceding extension header(s).YOSHIFUJI Hideaki
We did not correctly decode session with preceding extension header(s). This was because we had already pulled preceding headers, skb->nh.raw + 40 + 1 - skb->data was minus, and pskb_may_pull() failed. We now have IP6CB(skb)->nhoff and skb->h.raw, and we can start parsing / decoding upper layer protocol from current position. Tracked down by Noriaki TAKAMIYA <takamiya@po.ntts.co.jp> and tested by Kazunori Miyazawa <kazunori@miyazawa.org>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18[IPV6] XFRM: Don't use old copy of pointer after pskb_may_pull().YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18[IPV6]: Ensure to have hop-by-hop options in our header of &sk_buff.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-18[TCP]: Fix truesize underflowHerbert Xu
There is a problem with the TSO packet trimming code. The cause of this lies in the tcp_fragment() function. When we allocate a fragment for a completely non-linear packet the truesize is calculated for a payload length of zero. This means that truesize could in fact be less than the real payload length. When that happens the TSO packet trimming can cause truesize to become negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE which would trigger the warning. I've copied the code DaveM used in tso_fragment which should work here. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-17[IPV4]: ip_route_input panic fixStephen Hemminger
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388 The bug is caused by ip_route_input dereferencing skb->nh.protocol of the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing it). It only happens if the route requested is for a multicast IP address. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[PATCH] ip_output: account for fraggap when checking to add trailer_lenZach Brown
During other work I noticed that ip_append_data() seemed to be forgetting to include the frag gap in its calculation of a fragment that consumes the rest of the payload. Herbert confirmed that this was a bug that snuck in during a previous rework. Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM] clip: add module infoStephen Hemminger
Add module information Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM] clip: notifier related cleanupsStephen Hemminger
Cleanup some code around notifier. Don't need (void) casts to ignore return values, and use C90 style initializer. Just ignore unused device events. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM] clip: get rid of PROC_FS ifdefStephen Hemminger
Don't need the ifdef here since create_proc_entry() is stubbed to always return NULL. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM] clip: run through LindentStephen Hemminger
Run CLIP driver through Lindent script to fix formatting. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM]: Clip timer race.Stephen Hemminger
By inspection, the clip idle timer code is racy on SMP. Here is a safe version of timer management. Untested, I don't have ATM hardware. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[ATM]: clip causes unregister hangStephen Hemminger
If Classical IP over ATM module is loaded, its neighbor table gets populated when permanent neighbor entries are created; but these entries are not flushed when the device is removed. Since the entry never gets flushed the unregister of the network device never completes. This version of the patch also adds locking around the reference to the atm arp daemon to avoid races with events and daemon state changes. (Note: barrier() was never really safe) Bug-reference: http://bugzilla.kernel.org/show_bug.cgi?id=6295 Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[XFRM]: Fix aevent timer.Jamal Hadi Salim
Send aevent immediately if we have sent nothing since last timer and this is the first packet. Fixes a corner case when packet threshold is very high, the timer low and a very low packet rate input which is bursty. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-14[IPV4]: Possible cleanups.Adrian Bunk
This patch contains the following possible cleanups: - make the following needlessly global function static: - arp.c: arp_rcv() - remove the following unused EXPORT_SYMBOL's: - devinet.c: devinet_ioctl - fib_frontend.c: ip_rt_ioctl - inet_hashtables.c: inet_bind_bucket_create - inet_hashtables.c: inet_bind_hash - tcp_input.c: sysctl_tcp_abc - tcp_ipv4.c: sysctl_tcp_tw_reuse - tcp_output.c: sysctl_tcp_mtu_probing - tcp_output.c: sysctl_tcp_base_mss Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11[WAN]: Remove broken and unmaintained Sangoma drivers.Adrian Bunk
The in-kernel Sangoma drivers are both not compiling and marked as BROKEN since at least kernel 2.6.0. Sangoma offers out-of-tree drivers, and David Mandelstam told me Sangoma does no longer maintain the in-kernel drivers and prefers to provide them as a separate installation package. This patch therefore removes these drivers. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11[BRIDGE] ebtables: fix allocation in net/bridge/netfilter/ebtables.cJayachandran C
Allocate an array of 'struct ebt_chainstack *', the current code allocates array of 'struct ebt_chainstack'. akpm: converted to use the foo = alloc(sizeof(*foo)) form. Which would have prevented this from happening in the first place. akpm: also removed unneeded typecast. akpm: what on earth is this code doing anyway? cpu_possible_map can be sparse.. Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11[DCCP]: Fix leak in net/dccp/ipv4.cEric Sesterhenn
we dont free req if we cant parse the options. This fixes coverity bug id #1046 Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11[BRIDGE]: receive link-local on disabled ports.Stephen Hemminger
This change allows link local packets (like 802.3ad and Spanning Tree Protocol) to be processed even when the bridge is not using the port. It fixes the chicken-egg problem for bridging a bonded device, and may also fix problems with spanning tree failover. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11[IPv6] reassembly: Always compute hash under the fragment lock.Zach Brown
This closes a race where an ipq6hashfn() caller could get a hash value and race with the cycling of the random seed. By the time they got to the read_lock they'd have a stale hash value and might not find previous fragments of their datagram. This matches the previous patch to IPv4. Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-11Merge branch 'splice' of git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] vfs: add splice_write and splice_read to documentation [PATCH] Remove sys_ prefix of new syscalls from __NR_sys_* [PATCH] splice: warning fix [PATCH] another round of fs/pipe.c cleanups [PATCH] splice: comment styles [PATCH] splice: add Ingo as addition copyright holder [PATCH] splice: unlikely() optimizations [PATCH] splice: speedups and optimizations [PATCH] pipe.c/fifo.c code cleanups [PATCH] get rid of the PIPE_*() macros [PATCH] splice: speedup __generic_file_splice_read [PATCH] splice: add direct fd <-> fd splicing support [PATCH] splice: add optional input and output offsets [PATCH] introduce a "kernel-internal pipe object" abstraction [PATCH] splice: be smarter about calling do_page_cache_readahead() [PATCH] splice: optimize the splice buffer mapping [PATCH] splice: cleanup __generic_file_splice_read() [PATCH] splice: only call wake_up_interruptible() when we really have to [PATCH] splice: potential !page dereference [PATCH] splice: mark the io page as accessed
2006-04-11[PATCH] knfsd: svcrpc: gss: don't call svc_take_page unnecessarilyNeilBrown
We're using svc_take_page here to get another page for the tail in case one wasn't already allocated. But there isn't always guaranteed to be another page available. Also fix a typo that made us check the tail buffer for space when we meant to be checking the head buffer. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-11[PATCH] for_each_possible_cpu: network codesKAMEZAWA Hiroyuki
for_each_cpu() actually iterates across all possible CPUs. We've had mistakes in the past where people were using for_each_cpu() where they should have been iterating across only online or present CPUs. This is inefficient and possibly buggy. We're renaming for_each_cpu() to for_each_possible_cpu() to avoid this in the future. This patch replaces for_each_cpu with for_each_possible_cpu under /net Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Acked-by: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-11[PATCH] splice: warning fixAndrew Morton
From: Andrew Morton <akpm@osdl.org> net/socket.c:148: warning: initialization from incompatible pointer type extern declarations in .c files! Bad boy. Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-09[IPV6]: Deinline few large functions in inet6 codeDenis Vlasenko
Deinline a few functions which produce 200+ bytes of code. Size Uses Wasted Name and definition ===== ==== ====== ================================================ 429 3 818 __inet6_lookup include/net/inet6_hashtables.h 404 2 384 __inet6_lookup_established include/net/inet6_hashtables.h 206 3 372 __inet6_hash include/net/inet6_hashtables.h Signed-off-by: Denis Vlasenko <vda@ilport.com.ua> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-09[IPV4] ip_fragment: Always compute hash with ipfrag_lock held.David S. Miller
Otherwise we could compute an inaccurate hash due to the random seed changing. Noticed by Zach Brown and patch is based upon some feedback from Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-09[NETFILTER]: Fix DNAT in LOCAL_OUTPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-09[NET]: Fix hotplug race during device registration.Sergey Vlasov
From: Thomas de Grenier de Latour <degrenier@easyconnect.fr> On Sun, 9 Apr 2006 21:56:59 +0400, Sergey Vlasov <vsu@altlinux.ru> wrote: > However, show_address() does not output anything unless > dev->reg_state == NETREG_REGISTERED - and this state is set by > netdev_run_todo() only after netdev_register_sysfs() returns, so in > the meantime (while netdev_register_sysfs() is busy adding the > "statistics" attribute group) some process may see an empty "address" > attribute. I've tried the attached patch, suggested by Sergey Vlasov on hotplug-devel@, and as far as i can test it works just fine. Signed-off-by: David S. Miller <davem@davemloft.net>