- 04 May, 2006 24 commits
-
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [DECNET]: Fix level1 router hello [TCP]: Fix sock_orphan dead lock [ROSE]: Eleminate HZ from ROSE kernel interfaces [NETROM]: Eleminate HZ from NET/ROM kernel interfaces [AX.25]: Eleminate HZ from AX.25 kernel interfaces [ROSE]: Fix routing table locking in rose_remove_neigh. [AX.25]: Move AX.25 symbol exports [HAMRADIO]: Remove remaining SET_MODULE_OWNER calls from hamradio drivers. [AX25, ROSE]: Remove useless SET_MODULE_OWNER calls. [AX.25]: Spelling fix [ROSE]: Remove useless prototype for rose_remove_neigh(). [NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory in compat layer [NETFILTER]: H.323 helper: Change author's email address [NETFILTER]: NAT: silence unused variable warnings with CONFIG_XFRM=n [NETFILTER]: H.323 helper: fix use of uninitialized data [NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT len -
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC]: Hook up vmsplice into syscall tables.
-
Linus Torvalds authored
By request from Tristan. Signed-off-by:Linus Torvalds <torvalds@osdl.org>
-
Patrick Caulfield authored
This patch fixes hello messages sent when a node is a level 1 router. Slightly contrary to the spec (maybe) VMS ignores hello messages that do not name level2 routers that it also knows about. So, here we simply name all the routers that the node knows about rather just other level1 routers. (I hope the patch is clearer than the description. sorry). Signed-off-by:
Patrick Caulfield <patrick@tykepenguin.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Calling sock_orphan inside bh_lock_sock in tcp_close can lead to dead locks. For example, the inet_diag code holds sk_callback_lock without disabling BH. If an inbound packet arrives during that admittedly tiny window, it will cause a dead lock on bh_lock_sock. Another possible path would be through sock_wfree if the network device driver frees the tx skb in process context with BH enabled. We can fix this by moving sock_orphan out of bh_lock_sock. The tricky bit is to work out when we need to destroy the socket ourselves and when it has already been destroyed by someone else. By moving sock_orphan before the release_sock we can solve this problem. This is because as long as we own the socket lock its state cannot change. So we simply record the socket state before the release_sock and then check the state again after we regain the socket lock. If the socket state has transitioned to TCP_CLOSE in the time being, we know that the socket has been destroyed. Otherwise the socket is still ours to keep. Note that I've also moved the increment on the orphan count forward. This may look like a problem as we're increasing it even if the socket is just about to be destroyed where it'll be decreased again. However, this simply enlarges a window that already exists. This also changes the orphan count test by one. Considering what the orphan count is meant to do this is no big deal. This problem was discoverd by Ingo Molnar using his lock validator. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Ralf Baechle authored
Convert all ROSE sysctl time values from jiffies to ms as units. Signed-off-by:
Ralf Baechle <ralf@linux-mips.org> Signed-off-by:
-
Ralf Baechle authored
Convert all NET/ROM sysctl time values from jiffies to ms as units. Signed-off-by:
-
Ralf Baechle authored
Convert all AX.25 sysctl time values from jiffies to ms as units. Signed-off-by:
-
Ralf Baechle authored
The locking rule for rose_remove_neigh() are that the caller needs to hold rose_neigh_list_lock, so we better don't take it yet again in rose_neigh_list_lock. Signed-off-by:
-
Ralf Baechle authored
Move AX.25 symbol exports to next to their definitions where they're supposed to be these days. Signed-off-by:
-
Ralf Baechle DL5RB authored
Signed-off-by:
-
Ralf Baechle authored
Signed-off-by:
-
Ralf Baechle authored
Signed-off-by:
-
Ralf Baechle authored
Signed-off-by:
-
Patrick McHardy authored
Noticed by Linus Torvalds <torvalds@osdl.org> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Jing Min Zhao authored
Signed-off-by:
Jing Min Zhao <zhaojingmin@users.sourceforge.net> Signed-off-by:
-
Patrick McHardy authored
net/ipv4/netfilter/ip_nat_standalone.c: In function 'ip_nat_out': net/ipv4/netfilter/ip_nat_standalone.c:223: warning: unused variable 'ctinfo' net/ipv4/netfilter/ip_nat_standalone.c:222: warning: unused variable 'ct' Surprisingly no complaints so far .. Signed-off-by:
-
Patrick McHardy authored
When a Choice element contains an unsupported choice no error is returned and parsing continues normally, but the choice value is not set and contains data from the last parsed message. This may in turn lead to parsing of more stale data and following crashes. Fixes a crash triggered by testcase 0003243 from the PROTOS c07-h2250v4 testsuite following random other testcases: CPU: 0 EIP: 0060:[<c01a9554>] Not tainted VLI EFLAGS: 00210646 (2.6.17-rc2 #3) EIP is at memmove+0x19/0x22 eax: d7be0307 ebx: d7be0307 ecx: e841fcf9 edx: d7be0307 esi: bfffffff edi: bfffffff ebp: da5eb980 esp: c0347e2c ds: 007b es: 007b ss: 0068 Process events/0 (pid: 4, threadinfo=c0347000 task=dff86a90) Stack: <0>00000006 c0347ea6 d7be0301 e09a6b2c 00000006 da5eb980 d7be003e d7be0052 c0347f6c e09a6d9c 00000006 c0347ea6 00000006 00000000 d7b9a548 00000000 c0347f6c d7b9a548 00000004 e0a1a119 0000028f 00000006 c0347ea6 00000006 Call Trace: [<e09a6b2c>] mangle_contents+0x40/0xd8 [ip_nat] [<e09a6d9c>] ip_nat_mangle_tcp_packet+0xa1/0x191 [ip_nat] [<e0a1a119>] set_addr+0x60/0x14d [ip_nat_h323] [<e0ab6e66>] q931_help+0x2da/0x71a [ip_conntrack_h323] [<e0ab6e98>] q931_help+0x30c/0x71a [ip_conntrack_h323] [<e09af242>] ip_conntrack_help+0x22/0x2f [ip_conntrack] [<c022934a>] nf_iterate+0x2e/0x5f [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c02294ce>] nf_hook_slow+0x42/0xb0 [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c025d732>] xfrm4_output+0x3c/0x4e [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c0230370>] ip_forward+0x1c2/0x1fa [<c022f417>] ip_rcv+0x388/0x3b5 [<c02188f9>] netif_receive_skb+0x2bc/0x2ec [<c0218994>] process_backlog+0x6b/0xd0 [<c021675a>] net_rx_action+0x4b/0xb7 [<c0115606>] __do_softirq+0x35/0x7d [<c0104294>] do_softirq+0x38/0x3f Signed-off-by: -
Patrick McHardy authored
When the TPKT len included in the packet is below the lowest valid value of 4 an underflow occurs which results in an endless loop. Found by testcase 0000058 from the PROTOS c07-h2250v4 testsuite. Signed-off-by:
-
Mingming Cao authored
Some places in ext3 multiple block allocation code (in 2.6.17-rc3) don't handle the little endian well. This was resulting in *wrong* block numbers being assigned to in-memory block variables and then stored on disk eventually. The following patch has been verified to fix an ext3 filesystem failure when run ltp test on a 64 bit machine. Signed-off-by; Mingming Cao <cmm@us.ibm.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
-
Brent Casavant authored
Currently loading the ioc3 as a module will cause the ports to be numbered in reverse order. This mod maintains the proper order of cards for port numbering. Signed-off-by:
Brent Casavant <bcasavan@sgi.com> Cc: Pat Gefre <pfg@sgi.com> Signed-off-by:
-
mark gross authored
Address the issue of EDAC/BIOS coexistence for the e752x chip-sets. We have found a problem where the BIOS will start the system with the error registers (dev0:fun1) hidden and assuming it has exclusive access to them. The edac driver violates this assumption. The workaround this patch offers is to honor the hidden-ness as an indication that it is not safe to use those registers. Signed-off-by:
Mark Gross <mark.gross@intel.com> Signed-off-by:
-
Jeff Dike authored
inet_init, which schedules, is called before the UML timer_init, which sets up the timer. The result is the interval timers being manipulated before the appropriate signal handlers are established, causing unhandled timers. This is fixed by making timer_init be called earlier. Signed-off-by:
Jeff Dike <jdike@addtoit.com> Signed-off-by:
-
Andi Kleen authored
We only need to check cpu_has_apic in the IO-APIC/L-APIC parsing, not for all of ACPI. Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
- 03 May, 2006 3 commits
-
-
David S. Miller authored
Signed-off-by: -
Stephen Smalley authored
Clear selinux_enabled flag upon runtime disable of SELinux by userspace, and make sure it is defined even if selinux= boot parameter support is not enabled in configuration. Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov> Acked-by:
James Morris <jmorris@namei.org> Tested-by:
Jon Smirl <jonsmirl@gmail.com> Acked-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Patrick McHardy authored
fix infinite loop in the SCTP-netfilter code: check SCTP chunk size to guarantee progress of for_each_sctp_chunk(). (all other uses of for_each_sctp_chunk() are preceded by do_basic_checks(), so this fix should be complete.) Based on patch from Ingo Molnar <mingo@elte.hu> CVE-2006-1527 Signed-off-by:
-
- 02 May, 2006 13 commits
-
-
Ayaz Abdulla authored
This patch fixes the issues with multiple irqs. I am resending based on feedback. I decoupled the dma mask for consistent memory and fixed leak with multiple irq in error path. Thanks to Manfred for catching the spin lock problem. Signed-Off-By:Ayaz Abdulla <aabdulla@nvidia.com>
-
Craig Brind authored
Fixes Rhine I cards disclosing fragments of previously transmitted frames in new transmissions. Before transmission, any socket buffer (skb) shorter than the ethernet minimum length of 60 bytes was zero-padded. On Rhine I cards the data can later be copied into an aligned transmission buffer without copying this padding. This resulted in the transmission of the frame with the extra bytes beyond the provided content leaking the previous contents of this buffer on to the network. Now zero-padding is repeated in the local aligned buffer if one is used. Following a suggestion from the via-rhine maintainer, no attempt is made here to avoid the duplicated effort of padding the skb if it is known that an aligned buffer will definitely be used. This is to make the change "obviously correct" and allow it to be applied to a stable kernel if necessary. There is no change to the flow of control and the changes are only to the Rhine I code path. The patch has run on an in-service Rhine-I host without incident. Frames shorter than 60 bytes are now correctly zero-padded when captured on a separate host. I see no unusual stats reported by ifconfig, and no unusual log messages. Signed-off-by:
Craig Brind <craigbrind@gmail.com> Signed-off-by:
Roger Luethi <rl@hellgate.ch> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by:
Jeff Garzik <jeff@garzik.org>
-
Olaf Hering authored
On Sat, Mar 11, Olaf Hering wrote: > Why is the /sys/class/net/eth0/device symlink not created for the > mv643xx_eth driver? Does this work for other platform device drivers? > Seems to work for the ps2 keyboard at least. The SET_NETDEV_DEV has to be done before a call to register_netdev. With the new patch below, the device symlink for the platform device was created. Unfortunately, after the 4 ls commands, the network connection died. No idea if the box crashed or if something else broke, lost remote access. Provide sysfs 'device' in /class/net/ethN Also, set module owner field, like pcnet32 driver does. Signed-off-by:
Olaf Hering <olh@suse.de> Acked-by:
Dale Farnsworth <dale@farnsworth.org> Signed-off-by:
-
Jens Axboe authored
Apply the same rules as the anon pipe pages, only allow stealing if no one else is using the page. Signed-off-by:Jens Axboe <axboe@suse.de>
-
Jens Axboe authored
Currently we rely on the PIPE_BUF_FLAG_LRU flag being set correctly to know whether we need to fiddle with page LRU state after stealing it, however for some origins we just don't know if the page is on the LRU list or not. So remove PIPE_BUF_FLAG_LRU and do this check/add manually in pipe_to_file() instead. Signed-off-by: -
Jens Axboe authored
We need to use the minium of {len, PAGE_SIZE-off}, not {len, PAGE_SIZE}-off. The latter doesn't make any sense, and could cause us to attempt negative length transfers... Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-currentLinus Torvalds authored
* 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] Audit Filter Performance [PATCH] Rework of IPC auditing [PATCH] More user space subject labels [PATCH] Reworked patch for labels on user space messages [PATCH] change lspp ipc auditing [PATCH] audit inode patch [PATCH] support for context based audit filtering, part 2 [PATCH] support for context based audit filtering [PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit() [PATCH] drop task argument of audit_syscall_{entry,exit} [PATCH] drop gfp_mask in audit_log_exit() [PATCH] move call of audit_free() into do_exit() [PATCH] sockaddr patch [PATCH] deal with deadlocks in audit_free()
-
Patrick McHardy authored
When iptables userspace adds an ipt_standard_target, it calculates the size of the entire entry as: sizeof(struct ipt_entry) + XT_ALIGN(sizeof(struct ipt_standard_target)) ipt_standard_target looks like this: struct xt_standard_target { struct xt_entry_target target; int verdict; }; xt_entry_target contains a pointer, so when compiled for 64 bit the structure gets an extra 4 byte of padding at the end. On 32 bit architectures where iptables aligns to 8 byte it will also have 4 byte padding at the end because it is only 36 bytes large. The compat_ipt_standard_fn in the kernel adjusts the offsets by sizeof(struct ipt_standard_target) - sizeof(struct compat_ipt_standard_target), which will always result in 4, even if the structure from userspace was already padded to a multiple of 8. On x86 this works out by accident because userspace only aligns to 4, on all other architectures this is broken and causes incorrect adjustments to the size and following offsets. Thanks to Linus for lots of debugging help and testing. Signed-off-by: -
git://brick.kernel.dk/data/git/linux-2.6-blockLinus Torvalds authored
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] vmsplice: allow user to pass in gift pages [PATCH] pipe: enable atomic copying of pipe data to/from user space [PATCH] splice: call handle_ra_miss() on failure to lookup page [PATCH] Add ->splice_read/splice_write to def_blk_fops [PATCH] pipe: introduce ->pin() buffer operation [PATCH] splice: fix bugs in pipe_to_file() [PATCH] splice: fix bugs with stealing regular pipe pages
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/ipath: tidy up white space in a few files IB/ipath: fix label name in interrupt handler IB/ipath: improve sparse annotation IB/ipath: simplify IB timer usage IB/ipath: simplify RC send posting IB/ipath: prevent hardware from being accessed during reset IB/ipath: fix verbs registration IB/ipath: change handling of PIO buffers IB/ipath: iterate over correct number of ports during reset IB/ipath: set up 32-bit DMA mask if 64-bit setup fails IB/ipath: fix race with exposing reset file IB/mthca: Fix offset in query_gid method
-
Shaohua Li authored
At suspend time, the TSC CPUFREQ_SUSPENDCHANGE notifier change might wrongly enable interrupt. cpufreq driver suspend/resume is in interrupt disabled environment. Signed-off-by:
Shaohua Li <shaohua.li@intel.com> Cc: Pavel Machek <pavel@ucw.cz> Signed-off-by:
-
Mikael Pettersson authored
The PC Speaker driver's ->probe() routine doesn't even get called in the 64-bit kernels. The reason for that is that the arch code apparently has to explictly add a "pcspkr" platform device in order for the driver core to call the ->probe() routine. arch/i386/kernel/setup.c unconditionally adds a "pcspkr" device, but the x86_64 kernel has no code at all related to the PC Speaker. The patch below copies the relevant code from i386 to x86_64, which makes the PC Speaker work for me on x86_64. Cc: Dmitry Torokhov <dtor_core@ameritech.net> Acked-by:
Andi Kleen <ak@muc.de> Signed-off-by:
-
Atsushi Nemoto authored
Fix genrtc's read() routine for 64-bit platforms. Current gen_rtc_read() stores 64bit integer and returns 8 even if an user tried to read a 32bit integer. Signed-off-by:
Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by:
-
