aboutsummaryrefslogtreecommitdiff
path: root/net
AgeCommit message (Collapse)Author
2006-06-29[NETLINK]: Encapsulate eff_cap usage within security framework.Darrel Goeddel
This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NET]: Added GSO header verificationHerbert Xu
When GSO packets come from an untrusted source (e.g., a Xen guest domain), we need to verify the header integrity before passing it to the hardware. Since the first step in GSO is to verify the header, we can reuse that code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this bit set can only be fed directly to devices with the corresponding bit NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb is fed to the GSO engine which will allow the packet to be sent to the hardware if it passes the header check. This patch changes the sg flag to a full features flag. The same method can be used to implement TSO ECN support. We simply have to mark packets with CWR set with SKB_GSO_ECN so that only hardware with a corresponding NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment the packet, or segment the first MTU and pass the rest to the hardware for further segmentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: statistic match: add missing Kconfig help textPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev ↵Patrick McHardy
disappears When a device that is acting as a bridge port is unregistered, the ip_queue/nfnetlink_queue notifier doesn't check if its one of physindev/physoutdev and doesn't release the references if it is. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: xt_sctp: fix --chunk-types matchingJorge Matias
xt_sctp uses an incorrect header offset when --chunk-types is used. Signed-off-by: Jorge Matias <jorge.matias@motorola.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: xt_tcpudp: fix double unregistration in error pathYuri Gushin
"xt_unregister_match(AF_INET, &tcp_matchstruct)" is called twice, leaving "udp_matchstruct" registered, in case of a failure in the registration of the udp6 structure. Signed-off-by: Yuri Gushin <yuri@ecl-labs.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: nf_conntrack: Fix undefined references to local_bh_*Yasuyuki Kozakai
CC net/netfilter/nf_conntrack_proto_sctp.o net/netfilter/nf_conntrack_proto_sctp.c: In function `sctp_print_conntrack': net/netfilter/nf_conntrack_proto_sctp.c:206: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_proto_sctp.c:208: warning: implicit declaration of function `local_bh_enable' CC net/netfilter/nf_conntrack_netlink.o net/netfilter/nf_conntrack_netlink.c: In function `ctnetlink_dump_table': net/netfilter/nf_conntrack_netlink.c:429: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_netlink.c:452: warning: implicit declaration of function `local_bh_enable' Spotted by Toralf Förster Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29[NETFILTER]: x_tables: fix xt_register_table error propagationPatrick McHardy
When xt_register_table fails the error is not properly propagated back. Based on patch by Lepton Wu <ytht.net@gmail.com>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-29Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/devfs-2.6: (22 commits) [PATCH] devfs: Remove it from the feature_removal.txt file [PATCH] devfs: Last little devfs cleanups throughout the kernel tree. [PATCH] devfs: Rename TTY_DRIVER_NO_DEVFS to TTY_DRIVER_DYNAMIC_DEV [PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer needed [PATCH] devfs: Remove the line_driver devfs_name field as it's no longer needed [PATCH] devfs: Remove the videodevice devfs_name field as it's no longer needed [PATCH] devfs: Remove the gendisk devfs_name field as it's no longer needed [PATCH] devfs: Remove the miscdevice devfs_name field as it's no longer needed [PATCH] devfs: Remove the devfs_fs_kernel.h file from the tree [PATCH] devfs: Remove devfs_remove() function from the kernel tree [PATCH] devfs: Remove devfs_mk_cdev() function from the kernel tree [PATCH] devfs: Remove devfs_mk_bdev() function from the kernel tree [PATCH] devfs: Remove devfs_mk_symlink() function from the kernel tree [PATCH] devfs: Remove devfs_mk_dir() function from the kernel tree [PATCH] devfs: Remove devfs_*_tape() functions from the kernel tree [PATCH] devfs: Remove devfs support from the sound subsystem [PATCH] devfs: Remove devfs support from the ide subsystem. [PATCH] devfs: Remove devfs support from the serial subsystem [PATCH] devfs: Remove devfs from the init code [PATCH] devfs: Remove devfs from the partition code ...
2006-06-28[PATCH] remove TTY_DONT_FLIPPaul Fulghum
Remove TTY_DONT_FLIP tty flag. This flag was introduced in 2.1.X kernels to prevent the N_TTY line discipline functions read_chan() and n_tty_receive_buf() from running at the same time. 2.2.15 introduced tty->read_lock to protect access to the N_TTY read buffer, which is the only state requiring protection between these two functions. The current TTY_DONT_FLIP implementation is broken for SMP, and is not universally honored by drivers that send data directly to the line discipline receive_buf function. Because TTY_DONT_FLIP is not necessary, is broken in implementation, and is not universally honored, it is removed. Signed-off-by: Paul Fulghum <paulkf@microgate.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27[PATCH] spin/rwlock init cleanupsIngo Molnar
locking init cleanups: - convert " = SPIN_LOCK_UNLOCKED" to spin_lock_init() or DEFINE_SPINLOCK() - convert rwlocks in a similar manner this patch was generated automatically. Motivation: - cleanliness - lockdep needs control of lock initialization, which the open-coded variants do not give - it's also useful for -rt and for lock debugging in general Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: typo fixes Clean up 'inline is not at beginning' warnings for usb storage Storage class should be first i386: Trivial typo fixes ixj: make ixj_set_tone_off() static spelling fixes fix paniced->panicked typos Spelling fixes for Documentation/atomic_ops.txt move acknowledgment for Mark Adler to CREDITS remove the bouncing email address of David Campbell
2006-06-26[PATCH] devfs: Rename TTY_DRIVER_NO_DEVFS to TTY_DRIVER_DYNAMIC_DEVGreg Kroah-Hartman
I've always found this flag confusing. Now that devfs is no longer around, it has been renamed, and the documentation for when this flag should be used has been updated. Also fixes all drivers that use this flag. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-06-26[PATCH] devfs: Remove the tty_driver devfs_name field as it's no longer neededGreg Kroah-Hartman
Also fixes all drivers that set this field. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-06-26[PATCH] devfs: Remove the devfs_fs_kernel.h file from the treeGreg Kroah-Hartman
Also fixes up all files that #include it. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-06-26Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits) [IOAT]: Do not dereference THIS_MODULE directly to set unsafe. [NETROM]: Fix possible null pointer dereference. [NET] netpoll: break recursive loop in netpoll rx path [NET] netpoll: don't spin forever sending to stopped queues [IRDA]: add some IBM think pads [ATM]: atm/mpc.c warning fix [NET]: skb_find_text ignores to argument [NET]: make net/core/dev.c:netdev_nit static [NET]: Fix GSO problems in dev_hard_start_xmit() [NET]: Fix CHECKSUM_HW GSO problems. [TIPC]: Fix incorrect correction to discovery timer frequency computation. [TIPC]: Get rid of dynamically allocated arrays in broadcast code. [TIPC]: Fixed link switchover bugs [TIPC]: Enhanced & cleaned up system messages; fixed 2 obscure memory leaks. [TIPC]: First phase of assert() cleanup [TIPC]: Disallow config operations that aren't supported in certain modes. [TIPC]: Fixed memory leak in tipc_link_send() when destination is unreachable [TIPC]: Added missing warning for out-of-memory condition [TIPC]: Withdrawing all names from nameless port now returns success, not error [TIPC]: Optimized argument validation done by connect(). ...
2006-06-26[PATCH] net/rxrpc: use list_move()Akinobu Mita
This patch converts the combination of list_del(A) and list_add(A, B) to list_move(A, B) under net/rxrpc. Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Akinobu Mita <mita@miraclelinux.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26spelling fixesAndreas Mohr
acquired (aquired) contiguous (contigious) successful (succesful, succesfull) surprise (suprise) whether (weather) some other misspellings Signed-off-by: Andreas Mohr <andi@lisas.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-06-26[NETROM]: Fix possible null pointer dereference.Ralf Baechle
If in nr_link_failed the neighbour list is non-empty but the node list is empty we'll end dereferencing a in a NULL pointer. This fixes coverity 362. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-26[NET] netpoll: break recursive loop in netpoll rx pathNeil Horman
The netpoll system currently has a rx to tx path via: netpoll_rx __netpoll_rx arp_reply netpoll_send_skb dev->hard_start_tx This rx->tx loop places network drivers at risk of inadvertently causing a deadlock or BUG halt by recursively trying to acquire a spinlock that is used in both their rx and tx paths (this problem was origionally reported to me in the 3c59x driver, which shares a spinlock between the boomerang_interrupt and boomerang_start_xmit routines). This patch breaks this loop, by queueing arp frames, so that they can be responded to after all receive operations have been completed. Tested by myself and the reported with successful results. Specifically it was tested with netdump. Heres the BZ with details: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194055 Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-26[NET] netpoll: don't spin forever sending to stopped queuesJeremy Fitzhardinge
When transmitting a skb in netpoll_send_skb(), only retry a limited number of times if the device queue is stopped. Signed-off-by: Jeremy Fitzhardinge <jeremy@goop.org> Acked-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-26[ATM]: atm/mpc.c warning fixAndrew Morton
net/atm/mpc.c: In function 'MPOA_res_reply_rcvd': net/atm/mpc.c:1116: warning: unused variable 'ip' Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-26[NET]: skb_find_text ignores to argumentPhil Oester
skb_find_text takes a "to" argument which is supposed to limit how far into the skb it will search for the given text. At present, it seems to ignore that argument on the first skb, and instead return a match even if the text occurs beyond the limit. Patch below fixes this, after adjusting for the "from" starting point. This consequently fixes the netfilter string match's "--to" handling, which currently is broken. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[NET]: make net/core/dev.c:netdev_nit staticAdrian Bunk
netdev_nit can now become static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[NET]: Fix GSO problems in dev_hard_start_xmit()Michael Chan
Fix 2 problems in dev_hard_start_xmit(): 1. nskb->next needs to link back to skb->next if hard_start_xmit() returns non-zero. 2. Since the total number of GSO fragments may exceed MAX_SKB_FRAGS + 1, it needs to stop transmitting if the netif_queue is stopped. Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[NET]: Fix CHECKSUM_HW GSO problems.Herbert Xu
Fix checksum problems in the GSO code path for CHECKSUM_HW packets. The ipv4 TCP pseudo header checksum has to be adjusted for GSO segmented packets. The adjustment is needed because the length field in the pseudo-header changes. However, because we have the inequality oldlen > newlen, we know that delta = (u16)~oldlen + newlen is still a 16-bit quantity. This also means that htonl(delta) + th->check still fits in 32 bits. Therefore we don't have to use csum_add on this operations. This is based on a patch by Michael Chan <mchan@broadcom.com>. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fix incorrect correction to discovery timer frequency computation.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Get rid of dynamically allocated arrays in broadcast code.Allan Stephens
This change improves an earlier change which replaced the large local variable arrays used during broadcasting with dynamically allocated arrays. The temporary arrays are now incoprorated into the multicast link data structure. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fixed link switchover bugsAllan Stephens
Incorporates several related fixes: - switchover now occurs when switching from an active link to a standby link - failure of a standby link no longer initiates switchover - links now display correct # of received packtes following reactivation Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Enhanced & cleaned up system messages; fixed 2 obscure memory leaks.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: First phase of assert() cleanupAllan Stephens
This also contains enhancements to simplify comparisons in name table publication removal algorithm and to simplify name table sanity checking when shutting down TIPC. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Disallow config operations that aren't supported in certain modes.Allan Stephens
This change provides user-friendly feedback when TIPC is unable to perform certain configuration operations that don't work properly in certain modes. (In particular, any reconfiguration request that would temporarily take TIPC from network mode to standalone mode, or from standalone mode to not running mode, is disallowed.) Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fixed memory leak in tipc_link_send() when destination is unreachableAllan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Added missing warning for out-of-memory conditionAllan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Withdrawing all names from nameless port now returns success, not errorAllan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Optimized argument validation done by connect().Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Simplify code for returning partial success of stream send request.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: recvmsg() now returns TIPC ancillary data using correct level (SOL_TIPC)Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Improved performance of error checking during socket creation.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Stream socket send indicates partial success if data partially sent.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Connected send now checks socket state when retrying congested send.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Can now return destination name of form {0,x,y} via ancillary data.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Implied connect now saves dest name for retrieval as ancillary data.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fixed connect() to detect a dest address that is missing or too short.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Non-operation-affecting corrections to comments & function definitions.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Validate entire interface name when locating bearer to enable.Allan Stephens
This fix prevents a bearer from being enabled using the wrong interface. For example, specifying "eth:eth14" might enable "eth:eth1" by mistake. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com>
2006-06-25[TIPC]: Added support for MODULE_VERSION capability.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fix misleading comment in buf_discard() routine.Allan Stephens
Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC]: Fixed privilege checking typo in dest_name_check().Allan Stephens
This patch originated by Stephane Ouellette <ouellettes@videotron.ca>. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-25[TIPC] Fix for NULL pointer dereferenceEric Sesterhenn
This fixes a bug spotted by the coverity checker, bug id #366. If (mod(seqno - prev) != 1) we set buf to NULL, dereference it in the for case, and set it to whatever value happes to be at adress 0+next, if it happens to be non-zero, we even stay in the loop. It seems that the author intended to break there. Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>