- 01 Oct, 2008 10 commits
-
-
David S. Miller authored
Conflicts: drivers/net/wireless/ath9k/core.c drivers/net/wireless/ath9k/main.c net/core/dev.c
-
Timo Teras authored
Fix a xfrm_{state,policy}_walk leak if pfkey socket is closed while dumping is on-going. Signed-off-by:Timo Teras <timo.teras@iki.fi> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Ilpo Järvinen authored
$ diff-funcs ip6qhashfn reassembly.c netfilter/nf_conntrack_reasm.c --- reassembly.c:ip6qhashfn() +++ netfilter/nf_conntrack_reasm.c:ip6qhashfn() @@ -1,5 +1,5 @@ -static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, - struct in6_addr *daddr) +static unsigned int ip6qhashfn(__be32 id, const struct in6_addr *saddr, + const struct in6_addr *daddr) { u32 a, b, c; @@ -9,7 +9,7 @@ a += JHASH_GOLDEN_RATIO; b += JHASH_GOLDEN_RATIO; - c += ip6_frags.rnd; + c += nf_frags.rnd; __jhash_mix(a, b, c); a += (__force u32)saddr->s6_addr32[3]; And codiff xx.o.old xx.o.new: net/ipv6/netfilter/nf_conntrack_reasm.c: ip6qhashfn | -512 nf_hashfn | +6 nf_ct_frag6_gather | +36 3 functions changed, 42 bytes added, 512 bytes removed, diff: -470 net/ipv6/reassembly.c: ip6qhashfn | -512 ip6_hashfn | +7 ipv6_frag_rcv | +89 3 functions changed, 96 bytes added, 512 bytes removed, diff: -416 net/ipv6/reassembly.c: inet6_hash_frag | +510 1 function changed, 510 bytes added, diff: +510 Total: -376 Compile tested. Signed-off-by:Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Acked-by:
Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by:
-
Arnaud Ebalard authored
ip6_dst_blackhole_ops.kmem_cachep is not expected to be NULL (i.e. to be initialized) when dst_alloc() is called from ip6_dst_blackhole(). Otherwise, it results in the following (xfrm_larval_drop is now set to 1 by default): [ 78.697642] Unable to handle kernel paging request for data at address 0x0000004c [ 78.703449] Faulting instruction address: 0xc0097f54 [ 78.786896] Oops: Kernel access of bad area, sig: 11 [#1] [ 78.792791] PowerMac [ 78.798383] Modules linked in: btusb usbhid bluetooth b43 mac80211 cfg80211 ehci_hcd ohci_hcd sungem sungem_phy usbcore ssb [ 78.804263] NIP: c0097f54 LR: c0334a28 CTR: c002d430 [ 78.809997] REGS: eef19ad0 TRAP: 0300 Not tainted (2.6.27-rc5) [ 78.815743] MSR: 00001032 <ME,IR,DR> CR: 22242482 XER: 20000000 [ 78.821550] DAR: 0000004c, DSISR: 40000000 [ 78.827278] TASK = eef0df40[3035] 'mip6d' THREAD: eef18000 [ 78.827408] GPR00: 00001032 eef19b80 eef0df40 00000000 00008020 eef19c30 00000001 00000000 [ 78.833249] GPR08: eee5101c c05a5c10 ef9ad500 00000000 24242422 1005787c 00000000 1004f960 [ 78.839151] GPR16: 00000000 10024e90 10050040 48030018 0fe44150 00000000 00000000 eef19c30 [ 78.845046] GPR24: eef19e44 00000000 eef19bf8 efb37c14 eef19bf8 00008020 00009032 c0596064 [ 78.856671] NIP [c0097f54] kmem_cache_alloc+0x20/0x94 [ 78.862581] LR [c0334a28] dst_alloc+0x40/0xc4 [ 78.868451] Call Trace: [ 78.874252] [eef19b80] [c03c1810] ip6_dst_lookup_tail+0x1c8/0x1dc (unreliable) [ 78.880222] [eef19ba0] [c0334a28] dst_alloc+0x40/0xc4 [ 78.886164] [eef19bb0] [c03cd698] ip6_dst_blackhole+0x28/0x1cc [ 78.892090] [eef19be0] [c03d9be8] rawv6_sendmsg+0x75c/0xc88 [ 78.897999] [eef19cb0] [c038bca4] inet_sendmsg+0x4c/0x78 [ 78.903907] [eef19cd0] [c03207c8] sock_sendmsg+0xac/0xe4 [ 78.909734] [eef19db0] [c03209e4] sys_sendmsg+0x1e4/0x2a0 [ 78.915540] [eef19f00] [c03220a8] sys_socketcall+0xfc/0x210 [ 78.921406] [eef19f40] [c0014b3c] ret_from_syscall+0x0/0x38 [ 78.927295] --- Exception: c01 at 0xfe2d730 [ 78.927297] LR = 0xfe2d71c [ 78.939019] Instruction dump: [ 78.944835] 91640018 9144001c 900a0000 4bffff44 9421ffe0 7c0802a6 bf810010 7c9d2378 [ 78.950694] 90010024 7fc000a6 57c0045e 7c000124 <83e3004c> 8383005c 2f9f0000 419e0050 [ 78.956464] ---[ end trace 05fa1ed7972487a1 ]--- As commented by Benjamin Thery, the bug was introduced by f2fc6a54, while adding network namespaces support to ipv6 routes. Signed-off-by:
Arnaud Ebalard <arno@natisbad.org> Acked-by:
Benjamin Thery <benjamin.thery@bull.net> Signed-off-by:
-
Lennert Buytenhek authored
This gives a nice increase in the maximum loss-free packet forwarding rate in routing workloads. Signed-off-by:
Lennert Buytenhek <buytenh@marvell.com> Signed-off-by:
-
Lennert Buytenhek authored
This patch adds skb_recycle_check(), which can be used by a network driver after transmitting an skb to check whether this skb can be recycled as a receive buffer. skb_recycle_check() checks that the skb is not shared or cloned, and that it is linear and its head portion large enough (as determined by the driver) to be recycled as a receive buffer. If these conditions are met, it does any necessary reference count dropping and cleans up the skbuff as if it just came from __alloc_skb(). Signed-off-by:
-
Denis V. Lunev authored
The following actions are possible: tcp_v6_rcv skb->dev = NULL; tcp_v6_do_rcv tcp_v6_hnd_req tcp_check_req req->rsk_ops->send_ack == tcp_v6_send_ack So, skb->dev can be NULL in tcp_v6_send_ack. We must obtain namespace from dst entry. Thanks to Vitaliy Gusev <vgusev@openvz.org> for initial problem finding in IPv4 code. Signed-off-by:Denis V. Lunev <den@openvz.org> Signed-off-by:
-
-
Vitaliy Gusev authored
Fix NULL dereference in tcp_4_send_ack(). As skb->dev is reset to NULL in tcp_v4_rcv() thus OOPS occurs: BUG: unable to handle kernel NULL pointer dereference at 00000000000004d0 IP: [<ffffffff80498503>] tcp_v4_send_ack+0x203/0x250 Stack: ffff810005dbb000 ffff810015c8acc0 e77b2c6e5f861600 a01610802e90cb6d 0a08010100000000 88afffff88afffff 0000000080762be8 0000000115c872e8 0004122000000000 0000000000000001 ffffffff80762b88 0000000000000020 Call Trace: <IRQ> [<ffffffff80499c33>] tcp_v4_reqsk_send_ack+0x20/0x22 [<ffffffff8049bce5>] tcp_check_req+0x108/0x14c [<ffffffff8047aaf7>] ? rt_intern_hash+0x322/0x33c [<ffffffff80499846>] tcp_v4_do_rcv+0x399/0x4ec [<ffffffff8045ce4b>] ? skb_checksum+0x4f/0x272 [<ffffffff80485b74>] ? __inet_lookup_listener+0x14a/0x15c [<ffffffff8049babc>] tcp_v4_rcv+0x6a1/0x701 [<ffffffff8047e739>] ip_local_deliver_finish+0x157/0x24a [<ffffffff8047ec9a>] ip_local_deliver+0x72/0x7c [<ffffffff8047e5bd>] ip_rcv_finish+0x38d/0x3b2 [<ffffffff803d3548>] ? scsi_io_completion+0x19d/0x39e [<ffffffff8047ebe5>] ip_rcv+0x2a2/0x2e5 [<ffffffff80462faa>] netif_receive_skb+0x293/0x303 [<ffffffff80465a9b>] process_backlog+0x80/0xd0 [<ffffffff802630b4>] ? __rcu_process_callbacks+0x125/0x1b4 [<ffffffff8046560e>] net_rx_action+0xb9/0x17f [<ffffffff80234cc5>] __do_softirq+0xa3/0x164 [<ffffffff8020c52c>] call_softirq+0x1c/0x28 <EOI> [<ffffffff8020de1c>] do_softirq+0x34/0x72 [<ffffffff80234b8e>] local_bh_enable_ip+0x3f/0x50 [<ffffffff804d43ca>] _spin_unlock_bh+0x12/0x14 [<ffffffff804599cd>] release_sock+0xb8/0xc1 [<ffffffff804a6f9a>] inet_stream_connect+0x146/0x25c [<ffffffff80243078>] ? autoremove_wake_function+0x0/0x38 [<ffffffff8045751f>] sys_connect+0x68/0x8e [<ffffffff80291818>] ? fd_install+0x5f/0x68 [<ffffffff80457784>] ? sock_map_fd+0x55/0x62 [<ffffffff8020b39b>] system_call_after_swapgs+0x7b/0x80 Code: 41 10 11 d0 83 d0 00 4d 85 ed 89 45 c0 c7 45 c4 08 00 00 00 74 07 41 8b 45 04 89 45 c8 48 8b 43 20 8b 4d b8 48 8d 55 b0 48 89 de <48> 8b 80 d0 04 00 00 48 8b b8 60 01 00 00 e8 20 ae fe ff 65 48 RIP [<ffffffff80498503>] tcp_v4_send_ack+0x203/0x250 RSP <ffffffff80762b78> CR2: 00000000000004d0 Signed-off-by:
Vitaliy Gusev <vgusev@openvz.org> Signed-off-by:
-
Remi Denis-Courmont authored
From: Remi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by:
-
- 30 Sep, 2008 27 commits
-
-
Nick Kossifidis authored
* Add support for AR2417 (include pci id) since my previous patch doesn't sit on top of base.c/ath5k.h anymore. * Update module version to 0.6.0 Changes-Licensed-under: ISC Signed-Off-by:
Nick Kossifidis <mickflemm@gmail.com> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
Nick Kossifidis authored
* Fix srev reporting during attach Changes-Licensed-under: ISC Signed-Off-by:
-
Nick Kossifidis authored
* Use QUIET mechanism to drain tx buffer on PCU for newer chips * Make sure that INTPEND is really 1 and not 0xffffffff while checking for pending interrupts Changes-Licensed-under: ISC Signed-Off-by:
-
Nick Kossifidis authored
* Use new SREV values and PHY srevs to identify radio type durring attach Changes-Licensed-under: ISC Signed-Off-by:
-
Larry Finger authored
One of the spin-on-condition loops in routine do_dummy_tx always exits before the condition is satisfied. The hardware might be left in an inconsistent state that might be the cause of the PHY transmission errors seen by some users. Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
Michael Buesch <mb@bu3sch.de> Signed-off-by:
-
Nick Kossifidis authored
* Update registers * Update SREV values and add some PHY srevs * Prepare ath5k.h for newer radios etc Thanks to Atheros 's HAL source we now know for sure how many parts we have and what their SREV values are. We also have some updates on registers. Prepare ath5k for some major updates ;-) My previous mail had 2 more patches following (git log misusage), sorry for double posting ;-( Changes-Licensed-under: ISC Signed-Off-by:
-
Bob Copeland authored
According to the newly-released Atheros HAL code, asserting the TSF reset bit will toggle a hardware internal state, resulting in a spurious reset on the next chip reset. Whenever we force a TSF bit, write the bit twice to clear the internal signal. Signed-off-by:
Bob Copeland <me@bobcopeland.com> Acked-by:
-
Davide Pesavento authored
When CONFIG_MAC80211_MESH=n and CONFIG_MAC80211_NOINLINE=y, gcc doesn't optimize out a call to ieee80211_rx_h_mesh_fwding, even if the previous comparison is always false in this case. This leads to the following errors during modpost: ERROR: "mpp_path_lookup" [net/mac80211/mac80211.ko] undefined! ERROR: "mpp_path_add" [net/mac80211/mac80211.ko] undefined! Fix by removing the possibility of uninlining ieee80211_rx_h_mesh_fwding rx handler. Signed-off-by:
Davide Pesavento <davidepesa@gmail.com> Signed-off-by:
-
Gertjan van Wingerde authored
Fix by disabling rt2x00 rfkill support when rt2x00 is built-in and rfkill has been modularized, and a similar scheme for the relationship between leds_class and rt2x00.. Also, give a warning to the end-user when rfkill-/leds-support is disabled this way, so that the end-user has at least some clues on what is going on. Proper fixing required some general updates of the Kconfig-structure for the rt2x00 driver, whereby internal configuration symbols had to be moved to after the user-visible configuration symbols. Signed-off-by:
Gertjan van Wingerde <gwingerde@kpnplanet.nl> Signed-off-by:
Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by:
-
John W. Linville authored
Signed-off-by: -
Anna Neal authored
This patch addresses comments from Dan Williams about the patch committed as "libertas: Improvements on automatic tx power control via SIOCSIWTXPOW." Signed-off-by:
Anna Neal <anna@cozybit.com> Signed-off-by:
Javier Cardona <javier@cozybit.com> Signed-off-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
-
Rami Rosen authored
This patch removes wme_tx_queue and wme_rx_queue from struct sta_info and from the debugfs sub-structure of struct sta_info in net/mac80211/sta_info.h, as they are useless and not used. Signed-off-by:
Rami Rosen <ramirose@gmail.com> Signed-off-by:
-
Larry Finger authored
Yet another BCM4306 card with the Bluetooth Coexistence SPROM programming error has been found. Signed-off-by:
-
Johannes Berg authored
In "mac80211: make master iface not wireless" I accidentally forgot to include these changes ... leading to the expected BUG_ON errors. Signed-off-by:
Johannes Berg <johannes@sipsolutions.net> Signed-off-by:
-
Winkler, Tomas authored
Use correct DMA_MASK: 4964 and 5000 support 36 bit addresses for pci express memory access. Signed-off-by:
Tomas Winkler <tomas.winkler@intel.com> Signed-off-by:
Zhu Yi <yi.zhu@intel.com> Signed-off-by:
-
Ester Kummer authored
This patch enables power save setting from config (iwconfig power) The sysfs power_level interface is still preserved as it has mac80211 power implementation is not yet rich enough. Signed-off-by:
Ester Kummer <ester.kummer@intel.com> Reviewed-by:
-
Winkler, Tomas authored
The patch adds HW bug W/A FH_RCSR_CHNL0_RX_IGNORE_RXF_EMPTY so that we can enable again interrupt coalescing. It also uses named constants for open code. Signed-off-by:
-
Larry Finger authored
The command make C=2 CF="-D__CHECK_ENDIAN__" drivers/net/wireless/p54/ generates the following warnings: .../p54common.c:152:38: warning: incorrect type in argument 1 (different base types) .../p54common.c:152:38: expected restricted __be32 const [usertype] *p .../p54common.c:152:38: got unsigned int *<noident> .../p54common.c:184:15: warning: restricted __le32 degrades to integer .../p54common.c:185:29: warning: cast to restricted __le16 .../p54common.c:309:11: warning: symbol 'p54_rf_chips' was not declared. Should it be static? .../p54common.c:313:5: warning: symbol 'p54_parse_eeprom' was not declared. Should it be static? .../p54common.c:620:43: warning: incorrect type in argument 3 (different base types) .../p54common.c:620:43: expected unsigned long [unsigned] [usertype] len .../p54common.c:620:43: got restricted __le16 [usertype] len .../p54common.c:780:41: warning: restricted __le16 degrades to integer .../p54common.c:781:32: warning: restricted __le16 degrades to integer .../p54common.c:1250:28: warning: incorrect type in argument 2 (different base types) .../p54common.c:1250:28: expected unsigned short [unsigned] [usertype] filter_type .../p54common.c:1250:28: got restricted __le16 [usertype] filter_type .../p54common.c:1252:28: warning: incorrect type in argument 2 (different base types) .../p54common.c:1252:28: expected unsigned short [unsigned] [usertype] filter_type .../p54common.c:1252:28: got restricted __le16 [usertype] filter_type .../p54common.c:1257:42: warning: incorrect type in argument 2 (different base types) .../p54common.c:1257:42: expected unsigned short [unsigned] [usertype] filter_type .../p54common.c:1257:42: got restricted __le16 .../p54common.c:1260:42: warning: incorrect type in argument 2 (different base types) .../p54common.c:1260:42: expected unsigned short [unsigned] [usertype] filter_type .../p54common.c:1260:42: got restricted __le16 .../p54usb.c:228:10: warning: restricted __le32 degrades to integer .../p54usb.c:228:23: warning: restricted __le32 degrades to integer .../p54usb.c:228:7: warning: incorrect type in assignment (different base types) .../p54usb.c:228:7: expected restricted __le32 [assigned] [usertype] chk .../p54usb.c:228:7: got unsigned int .../p54usb.c:221:8: warning: symbol 'p54u_lm87_chksum' was not declared. Should it be static? All of the above have been fixed. One question, however, remains: In struct bootrec, the array "data" is treated in many places as native CPU order, but it may be little-endian everywhere. As far as I can tell, this driver has only been used with little-endian hardware. Signed-off-by:
-
Larry Finger authored
An additional BCM4306 has been found with the Bluetooth coexistence SPROM coding error. Signed-off-by:
-
Wei Yongjun authored
Since call to function sctp_sf_abort_violation() need paramter 'arg' with 'struct sctp_chunk' type, it will read the chunk type and chunk length from the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's parameter, it will be passed to sctp_sf_abort_violation(). This may cause kernel panic. sctp_sf_violation_paramlen() |-- sctp_sf_abort_violation() |-- sctp_make_abort_violation() This patch fixed this problem. This patch also fix two place which called sctp_sf_violation_paramlen() with wrong paramter type. Signed-off-by:Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by:
Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by:
-
Heiko Carstens authored
fb65a7c0 ("iucv: Fix bad merging.") fixed a merge error, but in a wrong way. We now end up with the bug below. This patch corrects the mismerge like it was intended. BUG: scheduling while atomic: swapper/1/0x00000000 Modules linked in: CPU: 1 Not tainted 2.6.27-rc7-00094-gc0f4d6d4 #9 Process swapper (pid: 1, task: 000000003fe7d988, ksp: 000000003fe838c0) 0000000000000000 000000003fe839b8 0000000000000002 0000000000000000 000000003fe83a58 000000003fe839d0 000000003fe839d0 0000000000390de6 000000000058acd8 00000000000000d0 000000003fe7dcd8 0000000000000000 000000000000000c 000000000000000d 0000000000000000 000000003fe83a28 000000000039c5b8 0000000000015e5e 000000003fe839b8 000000003fe83a00 Call Trace: ([<0000000000015d6a>] show_trace+0xe6/0x134) [<0000000000039656>] __schedule_bug+0xa2/0xa8 [<0000000000391744>] schedule+0x49c/0x910 [<0000000000391f64>] schedule_timeout+0xc4/0x114 [<00000000003910d4>] wait_for_common+0xe8/0x1b4 [<00000000000549ae>] call_usermodehelper_exec+0xa6/0xec [<00000000001af7b8>] kobject_uevent_env+0x418/0x438 [<00000000001d08fc>] bus_add_driver+0x1e4/0x298 [<00000000001d1ee4>] driver_register+0x90/0x18c [<0000000000566848>] netiucv_init+0x168/0x2c8 [<00000000000120be>] do_one_initcall+0x3e/0x17c [<000000000054a31a>] kernel_init+0x1ce/0x248 [<000000000001a97a>] kernel_thread_starter+0x6/0xc [<000000000001a974>] kernel_thread_starter+0x0/0xc iucv: NETIUCV driver initialized initcall netiucv_init+0x0/0x2c8 returned with preemption imbalance Signed-off-by:
Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by:
-
Rémi Denis-Courmont authored
Signed-off-by:
Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by:
-
Rémi Denis-Courmont authored
Fix grammar errors spotted by Randy Dunlap, and adds some more details. Signed-off-by:
-
Rémi Denis-Courmont authored
Signed-off-by:
-
Stephen Hemminger authored
Add more docbook comments to network device functions and cleanup the comments. Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
Stephen Hemminger authored
dev_change_name and netdev_drivername should use const char on parameters that are read-only input values. The strcpy to newname is not needed since newname is not used later in function. Signed-off-by:
-
Herbert Xu authored
We're never supposed to shrink the headroom or tailroom. In fact, shrinking the headroom is a fatal action. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
- 29 Sep, 2008 3 commits
-
-
Linus Torvalds authored
-
Balbir Singh authored
There's a race between mm->owner assignment and swapoff, more easily seen when task slab poisoning is turned on. The condition occurs when try_to_unuse() runs in parallel with an exiting task. A similar race can occur with callers of get_task_mm(), such as /proc/<pid>/<mmstats> or ptrace or page migration. CPU0 CPU1 try_to_unuse looks at mm = task0->mm increments mm->mm_users task 0 exits mm->owner needs to be updated, but no new owner is found (mm_users > 1, but no other task has task->mm = task0->mm) mm_update_next_owner() leaves mmput(mm) decrements mm->mm_users task0 freed dereferencing mm->owner fails The fix is to notify the subsystem via mm_owner_changed callback(), if no new owner is found, by specifying the new task as NULL. Jiri Slaby: mm->owner was set to NULL prior to calling cgroup_mm_owner_callbacks(), but must be set after that, so as not to pass NULL as old owner causing oops. Daisuke Nishimura: mm_update_next_owner() may set mm->owner to NULL, but mem_cgroup_from_task() and its callers need to take account of this situation to avoid oops. Hugh Dickins: Lockdep warning and hang below exec_mmap() when testing these patches. exit_mm() up_reads mmap_sem before calling mm_update_next_owner(), so exec_mmap() now needs to do the same. And with that repositioning, there's now no point in mm_need_new_owner() allowing for NULL mm. Reported-by:Hugh Dickins <hugh@veritas.com> Signed-off-by:
Balbir Singh <balbir@linux.vnet.ibm.com> Signed-off-by:
Jiri Slaby <jirislaby@gmail.com> Signed-off-by:
Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: disable apm on the olpc
-
