1. 26 Nov, 2007 3 commits
    • Herbert Xu's avatar
      [SKBUFF]: Free old skb properly in skb_morph · 2d4baff8
      Herbert Xu authored
      The skb_morph function only freed the data part of the dst skb, but leaked
      the auxiliary data such as the netfilter fields.  This patch fixes this by
      moving the relevant parts from __kfree_skb to skb_release_all and calling
      it in skb_morph.
      
      It also makes kfree_skbmem static since it's no longer called anywhere else
      and it now no longer does skb_release_data.
      
      Thanks to Yasuyuki KOZAKAI for finding this problem and posting a patch for
      it.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      2d4baff8
    • Pavel Emelyanov's avatar
      [IPV4]: Fix memory leak in inet_hashtables.h when NUMA is on · 218ad12f
      Pavel Emelyanov authored
      The inet_ehash_locks_alloc() looks like this:
      
      #ifdef CONFIG_NUMA
      	if (size > PAGE_SIZE)
      		x = vmalloc(...);
      	else
      #endif
      		x = kmalloc(...);
      
      Unlike it, the inet_ehash_locks_alloc() looks like this:
      
      #ifdef CONFIG_NUMA
      	if (size > PAGE_SIZE)
      		vfree(x);
      	else
      #else
      		kfree(x);
      #endif
      
      The error is obvious - if the NUMA is on and the size
      is less than the PAGE_SIZE we leak the pointer (kfree is
      inside the #else branch).
      
      Compiler doesn't warn us because after the kfree(x) there's
      a "x = NULL" assignment, so here's another (minor?) bug: we 
      don't set x to NULL under certain circumstances.
      
      Boring explanation, I know... Patch explains it better.
      Signed-off-by: default avatarPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      218ad12f
    • Herbert Xu's avatar
      [IPSEC]: Temporarily remove locks around copying of non-atomic fields · 8053fc3d
      Herbert Xu authored
      The change 050f009e
      
      	[IPSEC]: Lock state when copying non-atomic fields to user-space
      
      caused a regression.
      
      Ingo Molnar reports that it causes a potential dead-lock found by the
      lock validator as it tries to take x->lock within xfrm_state_lock while
      numerous other sites take the locks in opposite order.
      
      For 2.6.24, the best fix is to simply remove the added locks as that puts
      us back in the same state as we've been in for years.  For later kernels
      a proper fix would be to reverse the locking order for every xfrm state
      user such that if x->lock is taken together with xfrm_state_lock then
      it is to be taken within it.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      8053fc3d
  2. 23 Nov, 2007 2 commits
  3. 22 Nov, 2007 5 commits
  4. 21 Nov, 2007 7 commits
  5. 20 Nov, 2007 19 commits
  6. 19 Nov, 2007 3 commits
    • Herbert Xu's avatar
      [TCP]: Fix TCP header misalignment · 21df56c6
      Herbert Xu authored
      Indeed my previous change to alloc_pskb has made it possible
      for the TCP header to be misaligned iff the MTU is not a multiple
      of 4 (and less than a page).  So I suspect the optimised IPsec
      MTU calculation is giving you just such an MTU :)
      
      This patch fixes it by changing alloc_pskb to make sure that
      the size is at least 32-bit aligned.  This does not cause the
      problem fixed by the previous patch because max_header is always
      32-bit aligned which means that in the SG/NOTSO case this will
      be a no-op.
      
      I thought about putting this in the callers but all the current
      callers are from TCP.  If and when we get a non-TCP caller we
      can always create a TCP wrapper for this function and move the
      alignment over there.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      21df56c6
    • Eric Dumazet's avatar
      [NET]: Corrects a bug in ip_rt_acct_read() · 483b23ff
      Eric Dumazet authored
      It seems that stats of cpu 0 are counted twice, since
      for_each_possible_cpu() is looping on all possible cpus, including 0
      
      Before percpu conversion of ip_rt_acct, we should also remove the
      assumption that CPU 0 is online (or even possible)
      Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      483b23ff
    • Ivo van Doorn's avatar
      rt2x00: Request usb_maxpacket() once · b242e891
      Ivo van Doorn authored
      The usb max packet size won't change during the
      device's presence. We should store it in a
      variable inside rt2x00dev and use that.
      This should also fix a division error when the
      device is being hot-unplugged while a frame is
      being send out.
      Signed-off-by: default avatarIvo van Doorn <IvDoorn@gmail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b242e891
  7. 17 Nov, 2007 1 commit
    • Linus Torvalds's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86 · 2ffbb837
      Linus Torvalds authored
      * 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
        x86: simplify "make ARCH=x86" and fix kconfig all.config
        x86: reboot fixup for wrap2c board
        x86: check boundary in count setup resource
        x86: fix reboot with no keyboard attached
        x86: add hpet sanity checks
        x86: on x86_64, correct reading of PC RTC when update in progress in time_64.c
        x86: fix freeze in x86_64 RTC update code in time_64.c
        ntp: fix typo that makes sync_cmos_clock erratic
        Remove x86 merge artifact from top Makefile
        x86: fixup cpu_info array conversion
        x86: show cpuinfo only for online CPUs
        x86: fix cpu-hotplug regression
        x86: ignore the sys_getcpu() tcache parameter
        x86: voyager use correct header file name
        x86: fix smp init sections
        x86: fix voyager_cat_init section
        x86: fix bogus memcpy in es7000_check_dsdt()
      2ffbb837