aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2008-04-29netfilter: x_tables: fix net namespace leak when reading ↵Pavel Emelyanov
/proc/net/xxx_tables_names The seq_open_net() call should be accompanied with seq_release_net() one. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-29netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retvalRoel Kluin
if tcphoff remains unsigned, a negative ipv6_skip_exthdr() return value will go unnoticed, Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-29tcp: Limit cwnd growth when deferring for GSOJohn Heffner
This fixes inappropriately large cwnd growth on sender-limited flows when GSO is enabled, limiting cwnd growth to 64k. Signed-off-by: John Heffner <johnwheffner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-29tcp: Allow send-limited cwnd to grow up to max_burst when gso disabledJohn Heffner
This changes the logic in tcp_is_cwnd_limited() so that cwnd may grow up to tcp_max_burst() even when sk_can_gso() is false, or when sysctl_tcp_tso_win_divisor != 0. Signed-off-by: John Heffner <johnwheffner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27wireless: Fix compile error with wifi & ledsLuca Tettamanti
Fix build error caused by commit e82404ad612ebabc65d15c3d59b971cb35c3ff36 ("iwlwifi: Select LEDS_CLASS.") from David Miller: Since MAC80211_LEDS is selected by wireless drivers it must select its own dependencies otherwise a build error may occur (kbuild will select the symbol regardless of "depends" constraints). Signed-off-By: Luca Tettamanti <kronos.it@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27tcp: Fix slab corruption with ipv6 and tcp6fuzzEvgeniy Polyakov
From: Evgeniy Polyakov <johnpol@2ka.mipt.ru> This fixes a regression added by ec3c0982a2dd1e671bad8e9d26c28dcba0039d87 ("[TCP]: TCP_DEFER_ACCEPT updates - process as established") tcp_v6_do_rcv()->tcp_rcv_established(), the latter goes to step5, where eventually skb can be freed via tcp_data_queue() (drop: label), then if check for tcp_defer_accept_check() returns true and thus tcp_rcv_established() returns -1, which forces tcp_v6_do_rcv() to jump to reset: label, which in turn will pass through discard: label and free the same skb again. Tested by Eric Sesterhenn. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-By: Patrick McManus <mcmanus@ducksong.com>
2008-04-27ipv4/ipv6 compat: Fix SSM applications on 64bit kernels.David L Stevens
Add support on 64-bit kernels for seting 32-bit compatible MCAST* socket options. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27[IPSEC]: Use digest_null directly for authHerbert Xu
Previously digest_null had no setkey function which meant that we used hmac(digest_null) for IPsec since IPsec always calls setkey. Now that digest_null has a setkey we no longer need to do that. In fact when only confidentiality is specified for ESP we already use digest_null directly. However, when the null algorithm is explicitly specified by the user we still opt for hmac(digest_null). This patch removes this discrepancy. I have not added a new compat name for it because by chance it wasn't actualy possible for the user to specify the name hmac(digest_null) due to a key length check in xfrm_user (which I found out when testing that compat name :) Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27sunrpc: fix missing kernel-docRandy Dunlap
Fix missing sunrpc kernel-doc: Warning(linux-2.6.25-git7//net/sunrpc/xprt.c:451): No description found for parameter 'action' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27can: Fix copy_from_user() results interpretationSam Ravnborg
Both copy_to_ and _from_user return the number of bytes, that failed to reach their destination, not the 0/-EXXX values. Based on patch from Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Acked-by: Oliver Hartkopp <oliver.hartkopp@volkswagen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27Revert "ipv6: Fix typo in net/ipv6/Kconfig"David S. Miller
This reverts commit 5b3f129c5592ca35b3fe8916767c58b98710478c. As requested by Maciej W. Rozycki. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27tipc: endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27ipv6: result of csum_fold() is already 16bit, no need to castAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-27[XFRM] AUDIT: Fix flowlabel text format ambibuity.YOSHIFUJI Hideaki
Flowlabel text format was not correct and thus ambiguous. For example, 0x00123 or 0x01203 are formatted as 0x123. This is not what audit tools want. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-25net: Fix wrong interpretation of some copy_to_user() results.Pavel Emelyanov
I found some places, that erroneously return the value obtained from the copy_to_user() call: if some amount of bytes were not able to get to the user (this is what this one returns) the proper behavior is to return the -EFAULT error, not that number itself. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24ipv6: Fix typo in net/ipv6/KconfigMichael Beasley
Two is used in the wrong context here, as you are connecting to an IPv6 network over IPv4; not connecting two IPv6 networks to an IPv4 one. Signed-off-by: Michael Beasley <youvegotmoxie@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24ipv6 RAW: Disallow IPPROTO_IPV6-level IPV6_CHECKSUM socket option on ICMPv6 ↵YOSHIFUJI Hideaki
sockets. RFC3542 tells that IPV6_CHECKSUM socket option in the IPPROTO_IPV6 level is not allowed on ICMPv6 sockets. IPPROTO_RAW level IPV6_CHECKSUM socket option (a Linux extension) is still allowed. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24tcp: tcp_probe buffer overflow and incorrect return valueTom Quetchenbach
tcp_probe has a bounds-checking bug that causes many programs (less, python) to crash reading /proc/net/tcp_probe. When it outputs a log line to the reader, it only checks if that line alone will fit in the reader's buffer, rather than that line and all the previous lines it has already written. tcpprobe_read also returns the wrong value if copy_to_user fails--it just passes on the return value of copy_to_user (number of bytes not copied), which makes a failure look like a success. This patch fixes the buffer overflow and sets the return value to -EFAULT if copy_to_user fails. Patch is against latest net-2.6; tested briefly and seems to fix the crashes in less and python. Signed-off-by: Tom Quetchenbach <virtualphtn@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24ethtool: EEPROM dump no longer works for tg3 and natsemiMandeep Singh Baines
In the ethtool user-space application, tg3 and natsemi over-ride the default implementation of dump_eeprom(). In both tg3_dump_eeprom() and natsemi_dump_eeprom(), there is a magic number check which is not present in the default implementation. Commit b131dd5d ("[ETHTOOL]: Add support for large eeproms") snipped the code which copied the ethtool_eeprom structure back to user-space. tg3 and natsemi are over-writing the magic number field and then checking it in user-space. With the ethtool_eeprom copy removed, the check is failing. The fix is simple. Add the ethtool_eeprom copy back. Signed-off-by: Mandeep Singh Baines <msb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24af_key: Fix af_key.c compiler warningBrian Haley
net/key/af_key.c: In function ‘pfkey_spddelete’: net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in this function When CONFIG_SECURITY_NETWORK_XFRM isn't set, security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so this seemed like the easiest fix short of using *uninitialized_var(pol_ctx). Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24[NET]: Fix heavy stack usage in seq_file output routines.Pavel Emelyanov
Plan C: we can follow the Al Viro's proposal about %n like in this patch. The same applies to udp, fib (the /proc/net/route file), rt_cache and sctp debug. This is minus ~150-200 bytes for each. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-24[AF_UNIX] Initialise UNIX sockets before general device initcallsDavid Woodhouse
When drivers call request_module(), it tries to do something with UNIX sockets and triggers a 'runaway loop modprobe net-pf-1' warning. Avoid this by initialising AF_UNIX support earlier. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23[RTNETLINK]: Fix bogus ASSERT_RTNL warningPatrick McHardy
ASSERT_RTNL uses mutex_trylock to test whether the rtnl_mutex is held. This bogus warnings when running in atomic context, which f.e. happens when adding secondary unicast addresses through macvlan or vlan or when synchronizing multicast addresses from wireless devices. Mid-term we might want to consider moving all address updates to process context since the locking seems overly complicated, for now just fix the bogus warning by changing ASSERT_RTNL to use mutex_is_locked(). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-23mac80211: fix use before check of Qdisc lengthRon Rindjunsky
This patch fixes use of Qdisc length in requeue function, before we checked the reference is valid. (Adrian Bunk's catch) Signed-off-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23net/mac80211/rx.c: fix off-by-oneAdrian Bunk
This patch fixes an off-by-one in net/mac80211/rx.c introduced by commit 8318d78a44d49ac1edf2bdec7299de3617c4232e (cfg80211 API for channels/bitrates, mac80211 and driver conversion) and spotted by the Coverity checker. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23mac80211: Fix race between ieee80211_rx_bss_put and lookup routines.Pavel Emelyanov
The put routine first decrements the users counter and then (if it is zero) locks the sta_bss_lock and removes one from the list and the hash. Thus, any of ieee80211_sta_config_auth, ieee80211_rx_bss_get or ieee80211_rx_mesh_bss_get can race with it by finding a bss that is about to get kfree-ed. Using atomic_dec_and_lock in ieee80211_rx_bss_put takes care of this race. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23mac80211: Fix n-band association problemAbhijeet Kolekar
There are two structures named wmm_info and wmm_param, they are used while parsing the beacon frame. (Check the function ieee802_11_parse_elems). Certain APs like D-link does not set the fifth bit in WMM IE. While sending the association request to n-only ap it checks for wmm_ie. If it is set then only ieee80211_ht_cap is sent during association request. So n-only association fails. And this patch fixes this problem by copying the wmm_info to wmm_ie, which enables the "wmm" flag in iee80211_send_assoc. Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com> Acked-by: Ron Rindjunsky <ron.rindjunsky@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-04-23net: Unexport move_addr_to_{kernel,user}Adrian Bunk
After the removal of the Solaris binary emulation the exports of move_addr_to_{kernel,user} are no longer used. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-22[IPSEC]: Fix catch-22 with algorithm IDs above 31Herbert Xu
As it stands it's impossible to use any authentication algorithms with an ID above 31 portably. It just happens to work on x86 but fails miserably on ppc64. The reason is that we're using a bit mask to check the algorithm ID but the mask is only 32 bits wide. After looking at how this is used in the field, I have concluded that in the long term we should phase out state matching by IDs because this is made superfluous by the reqid feature. For current applications, the best solution IMHO is to allow all algorithms when the bit masks are all ~0. The following patch does exactly that. This bug was identified by IBM when testing on the ppc64 platform using the NULL authentication algorithm which has an ID of 251. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21tcp: Make use of before macro in tcp_input.cArnd Hannemann
Make use of tcp before macro. Signed-off-by: Arnd Hannemann <hannemann@nets.rwth-aachen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[NETNS]: Remove empty ->init callback.Pavel Emelyanov
The netns start-stop engine can happily live with any of init or exit callbacks set to NULL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[DCCP]: Convert do_gettimeofday() to getnstimeofday().YOSHIFUJI Hideaki
What do_gettimeofday() does is to call getnstimeofday() and to convert the result from timespec{} to timeval{}. We do not always need timeval{} and we can convert timespec{} when we really need (to print). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[NETNS]: Don't initialize err variable twice.Pavel Emelyanov
The ip6_route_net_init() performs some unneeded actions. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[NETNS]: The ip6_fib_timer can work with garbage on net namespace stop.Pavel Emelyanov
The del_timer() function doesn't guarantee, that the timer callback is not active by the time it exits. Thus, the fib6_net_exit() may kfree() all the data, that is required by the fib6_run_gc(). The race window is tiny, but slab poisoning can trigger this bug. Using del_timer_sync() will cure this. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[IPV4]: Convert do_gettimeofday() to getnstimeofday().YOSHIFUJI Hideaki
What do_gettimeofday() does is to call getnstimeofday() and to convert the result from timespec{} to timeval{}. After that, these callers convert the result again to msec. Use getnstimeofday() and convert the units at once. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[IPV4]: Make icmp_sk_init() static.Adrian Bunk
This patch makes the needlessly global icmp_sk_init() static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21[IPV6]: Make struct ip6_prohibit_entry_template static.Adrian Bunk
This patch makes the needlessly global struct ip6_prohibit_entry_template static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-21tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.cSatoru SATOH
This is a trivial fix to correct function name in a comment in net/ipv4/tcp.c. Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-20[NET]: Expose netdevice dev_id through sysfsDavid Woodhouse
Expose dev_id to userspace, because it helps to disambiguate between interfaces where the MAC address is unique. This should allow us to simplify the handling of persistent naming for S390 network devices in udev -- because it can depend on a simple attribute of the device like the other match criteria, rather than having a special case for SUBSYSTEMS=="ccwgroup". Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-20[ROSE]: Fix soft lockup wrt. rose_node_list_lockBernard Pidoux
[ INFO: possible recursive locking detected ] 2.6.25 #3 --------------------------------------------- ax25ipd/3811 is trying to acquire lock: (rose_node_list_lock){-+..}, at: [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] but task is already holding lock: (rose_node_list_lock){-+..}, at: [<f8d31fed>] rose_route_frame+0x4d/0x620 [rose] other info that might help us debug this: 6 locks held by ax25ipd/3811: #0: (&tty->atomic_write_lock){--..}, at: [<c0259a1c>] tty_write_lock+0x1c/0x50 #1: (rcu_read_lock){..--}, at: [<c02aea36>] net_rx_action+0x96/0x230 #2: (rcu_read_lock){..--}, at: [<c02ac5c0>] netif_receive_skb+0x100/0x2f0 #3: (rose_node_list_lock){-+..}, at: [<f8d31fed>] rose_route_frame+0x4d/0x620 [rose] #4: (rose_neigh_list_lock){-+..}, at: [<f8d31ff7>] rose_route_frame+0x57/0x620 [rose] #5: (rose_route_list_lock){-+..}, at: [<f8d32001>] rose_route_frame+0x61/0x620 [rose] stack backtrace: Pid: 3811, comm: ax25ipd Not tainted 2.6.25 #3 [<c0147e27>] print_deadlock_bug+0xc7/0xd0 [<c0147eca>] check_deadlock+0x9a/0xb0 [<c0149cd2>] validate_chain+0x1e2/0x310 [<c0149b95>] ? validate_chain+0xa5/0x310 [<c010a7d8>] ? native_sched_clock+0x88/0xc0 [<c0149fa1>] __lock_acquire+0x1a1/0x750 [<c014a5d1>] lock_acquire+0x81/0xa0 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<c03201a3>] _spin_lock_bh+0x33/0x60 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] [<f8d32404>] rose_route_frame+0x464/0x620 [rose] [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose] [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25] [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25] [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25] [<c0320005>] ? _spin_unlock_bh+0x25/0x30 [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25] [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c014a8a7>] ? __lock_release+0x47/0x70 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0 [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0 [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25] [<c02ac715>] netif_receive_skb+0x255/0x2f0 [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0 [<c02af05c>] process_backlog+0x7c/0xf0 [<c02aeb0c>] net_rx_action+0x16c/0x230 [<c02aea36>] ? net_rx_action+0x96/0x230 [<c012bd53>] __do_softirq+0x93/0x120 [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c012be37>] do_softirq+0x57/0x60 [<c012c265>] local_bh_enable_ip+0xa5/0xe0 [<c0320005>] _spin_unlock_bh+0x25/0x30 [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c025ea37>] pty_write+0x47/0x60 [<c025c620>] write_chan+0x1b0/0x220 [<c0259a1c>] ? tty_write_lock+0x1c/0x50 [<c011fec0>] ? default_wake_function+0x0/0x10 [<c0259bea>] tty_write+0x12a/0x1c0 [<c025c470>] ? write_chan+0x0/0x220 [<c018bbc6>] vfs_write+0x96/0x130 [<c0259ac0>] ? tty_write+0x0/0x1c0 [<c018c24d>] sys_write+0x3d/0x70 [<c0104d1e>] sysenter_past_esp+0x5f/0xa5 ======================= BUG: soft lockup - CPU#0 stuck for 61s! [ax25ipd:3811] Pid: 3811, comm: ax25ipd Not tainted (2.6.25 #3) EIP: 0060:[<c010a9db>] EFLAGS: 00000246 CPU: 0 EIP is at native_read_tsc+0xb/0x20 EAX: b404aa2c EBX: b404a9c9 ECX: 017f1000 EDX: 0000076b ESI: 00000001 EDI: 00000000 EBP: ecc83afc ESP: ecc83afc DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 CR0: 8005003b CR2: b7f5f000 CR3: 2cd8e000 CR4: 000006f0 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: ffff0ff0 DR7: 00000400 [<c0204937>] delay_tsc+0x17/0x30 [<c02048e9>] __delay+0x9/0x10 [<c02127f6>] __spin_lock_debug+0x76/0xf0 [<c0212618>] ? spin_bug+0x18/0x100 [<c0147923>] ? __lock_contended+0xa3/0x110 [<c0212998>] _raw_spin_lock+0x68/0x90 [<c03201bf>] _spin_lock_bh+0x4f/0x60 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] [<f8d32404>] rose_route_frame+0x464/0x620 [rose] [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose] [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25] [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25] [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25] [<c0320005>] ? _spin_unlock_bh+0x25/0x30 [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25] [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c014a8a7>] ? __lock_release+0x47/0x70 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0 [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0 [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25] [<c02ac715>] netif_receive_skb+0x255/0x2f0 [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0 [<c02af05c>] process_backlog+0x7c/0xf0 [<c02aeb0c>] net_rx_action+0x16c/0x230 [<c02aea36>] ? net_rx_action+0x96/0x230 [<c012bd53>] __do_softirq+0x93/0x120 [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c012be37>] do_softirq+0x57/0x60 [<c012c265>] local_bh_enable_ip+0xa5/0xe0 [<c0320005>] _spin_unlock_bh+0x25/0x30 [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c025ea37>] pty_write+0x47/0x60 [<c025c620>] write_chan+0x1b0/0x220 [<c0259a1c>] ? tty_write_lock+0x1c/0x50 [<c011fec0>] ? default_wake_function+0x0/0x10 [<c0259bea>] tty_write+0x12a/0x1c0 [<c025c470>] ? write_chan+0x0/0x220 [<c018bbc6>] vfs_write+0x96/0x130 [<c0259ac0>] ? tty_write+0x0/0x1c0 [<c018c24d>] sys_write+0x3d/0x70 [<c0104d1e>] sysenter_past_esp+0x5f/0xa5 ======================= Since rose_route_frame() does not use rose_node_list we can safely remove rose_node_list_lock spin lock here and let it be free for rose_get_neigh(). Signed-off-by: Bernard Pidoux <f6bvp@amsat.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-19rose: Socket lock was not released before returning to user spaceBernard Pidoux
================================================ [ BUG: lock held when returning to user space! ] ------------------------------------------------ xfbbd/3683 is leaving the kernel with locks still held! 1 lock held by xfbbd/3683: #0: (sk_lock-AF_ROSE){--..}, at: [<c8cd1eb3>] rose_connect+0x73/0x420 [rose] INFO: task xfbbd:3683 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. xfbbd D 00000246 0 3683 3669 c6965ee0 00000092 c02c5c40 00000246 c0f6b5f0 c0f6b5c0 c0f6b5f0 c0f6b5c0 c0f6b614 c6965f18 c024b74b ffffffff c06ba070 00000000 00000000 00000001 c6ab07c0 c012d450 c0f6b634 c0f6b634 c7b5bf10 c0d6004c c7b5bf10 c6965f40 Call Trace: [<c024b74b>] lock_sock_nested+0x6b/0xd0 [<c012d450>] ? autoremove_wake_function+0x0/0x40 [<c02488f1>] sock_fasync+0x41/0x150 [<c0249e69>] sock_close+0x19/0x40 [<c0175d54>] __fput+0xb4/0x170 [<c0176018>] fput+0x18/0x20 [<c017300e>] filp_close+0x3e/0x70 [<c01744e9>] sys_close+0x69/0xb0 [<c0103bda>] sysenter_past_esp+0x5f/0xa5 ======================= INFO: lockdep is turned off. Signed-off-by: Bernard Pidoux <f6bvp@amsat.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-19netfilter: Fix SIP conntrack build with NAT disabled.Patrick McHardy
Reported by Ingo Molnar. The SIP helper is also useful without NAT. This patch adds an ifdef around the RTP call optimization for NATed clients. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-19netfilter: Fix SCTP nat build.Patrick McHardy
We need to select LIBCRC32C. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-18Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
2008-04-18Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits) [NET]: Fix and allocate less memory for ->priv'less netdevices [IPV6]: Fix dangling references on error in fib6_add(). [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found [PKT_SCHED]: Fix datalen check in tcf_simp_init(). [INET]: Uninline the __inet_inherit_port call. [INET]: Drop the inet_inherit_port() call. SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked. [netdrvr] forcedeth: internal simplifications; changelog removal phylib: factor out get_phy_id from within get_phy_device PHY: add BCM5464 support to broadcom PHY driver cxgb3: Fix __must_check warning with dev_dbg. tc35815: Statistics cleanup natsemi: fix MMIO for PPC 44x platforms [TIPC]: Cleanup of TIPC reference table code [TIPC]: Optimized initialization of TIPC reference table [TIPC]: Remove inlining of reference table locking routines e1000: convert uint16_t style integers to u16 ixgb: convert uint16_t style integers to u16 sb1000.c: make const arrays static sb1000.c: stop inlining largish static functions ...
2008-04-19Netlink: Use generic LSM hookAhmed S. Darwish
Don't use SELinux exported selinux_get_task_sid symbol. Use the generic LSM equivalent instead. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: David S. Miller <davem@davemloft.net> Reviewed-by: Paul Moore <paul.moore@hp.com>
2008-04-18[NET]: Fix and allocate less memory for ->priv'less netdevicesAlexey Dobriyan
This patch effectively reverts commit d0498d9ae1a5cebac363e38907266d5cd2eedf89 aka "[NET]: Do not allocate unneeded memory for dev->priv alignment." It was found to be buggy because of final unconditional += NETDEV_ALIGN_CONST removal. For example, for sizeof(struct net_device) being 2048 bytes, "alloc_size" was also 2048 bytes, but allocator with debugging options turned on started giving out !32-byte aligned memory resulting in redzones overwrites. Patch does small optimization in ->priv'less case: bumping size to next 32-byte boundary was always done to ensure ->priv will also be aligned. But, no ->priv, no need to do that. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-18[IPV6]: Fix dangling references on error in fib6_add().David S. Miller
Fixes bugzilla #8895 If a super-tree leaf has 'rt' assigned to it and we get an error from fib6_add_rt2node(), we'll leave a reference to 'rt' in pn->leaf and then do an unconditional dst_free(). We should prune such references. Based upon a report by Vincent Perrier. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-17Merge branch 'master' of ↵David S. Miller
master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
2008-04-17[NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not ↵Jesper Juhl
found dev_get_by_index() may return NULL if nothing is found. In net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the function is called, but the return value is never checked. If it returns NULL then we'll deref a NULL pointer on the very next line. I checked the callers, and I don't think this can actually happen today, but code changes over time and in the future it might happen and it does no harm to be defensive and check for the failure, so that if/when it happens we'll fail gracefully instead of crashing. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>