- 01 May, 2008 7 commits
-
-
Holger Schurig authored
According to Coverity (kudo's to Adrian Bunk), we had one use-before-check bug in libe libertas driver. This patch fixes this issue. Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Michael Buesch authored
This fixes operation of dual-PHY (A/B/G) devices. Do not anounce the A-PHY to mac80211, as that's not supported, yet. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Harvey Harrison authored
Looks like 5d2cdcd4 ("mac80211: get a TKIP phase key from skb") got the shifts wrong. Noticed by sparse: net/mac80211/tkip.c:234:25: warning: right shift by bigger than source value net/mac80211/tkip.c:235:25: warning: right shift by bigger than source value net/mac80211/tkip.c:236:25: warning: right shift by bigger than source value Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
This reorders the open code so that WDS peer STA info entries are added after the corresponding interface is added to the driver so that driver callbacks aren't invoked out of order. Also make any master device startup fatal. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
Rather than just disallowing the zero address, disallow all invalid ones. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Johannes Berg authored
Drivers can rightfully assume that they get a beacon_control if the beacon is set. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
Luis Carlos Cobo authored
This follows the new 802.11s/D2.0 draft. Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-
- 30 Apr, 2008 5 commits
-
-
Pavel Emelyanov authored
The last hunk from the commit dae50295 (ipv4/ipv6 compat: Fix SSM applications on 64bit kernels.) escaped from the compat_ipv6_setsockopt to the ipv6_getsockopt (I guess due to patch smartness wrt searching for context) thus breaking 32-bit and 64-bit-without-compat compilation. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Lachlan Andrew authored
From: Lachlan Andrew <lachlan.andrew@gmail.com> There is an overflow bug in net/ipv4/tcp_vegas.c for large BDPs (e.g. 400Mbit/s, 400ms). The multiplication (old_wnd * vegas->baseRTT) << V_PARAM_SHIFT overflows a u32. [ Fix tcp_veno.c too, it has similar calculations. -DaveM ] Signed-off-by: David S. Miller <davem@davemloft.net>
-
Kostya B authored
Problem: ip_append_data() could wrongly generate a chained skb for devices which support UFO. When sk_write_queue is not empty (e.g. MSG_MORE), __instead__ of appending data into the next nr_frag of the queued skb, a new chained skb is created. I would normally assume UFO device should get data in nr_frags and not in frag_list. Later the udp4_hwcsum_outgoing() resets csum to NONE and skb_gso_segment() has oops. Proposal: 1. Even length is less than mtu, employ ip_ufo_append_data() and append data to the __existed__ skb in the sk_write_queue. 2. ip_ufo_append_data() is fixed due to a wrong manipulation of peek-ing and later enqueue-ing of the same skb. Now, enqueuing is always performed, because on error the further ip_flush_pending_frames() would release the queued skb. Signed-off-by: Kostya B <bkostya@hotmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Adrian Bunk authored
This patch moves the following select's: - RFKILL : IWLWIFI_RFKILL -> IWLCORE - RFKILL_INPUT : IWLWIFI_RFKILL -> IWLCORE - MAC80211_LEDS : IWL4965_LEDS -> IWLCORE - LEDS_CLASS : IWL4965_LEDS -> IWLCORE - MAC80211_LEDS : IWL3945_LEDS -> IWL3945 - LEDS_CLASS : IWL3945_LEDS -> IWL3945 The effects are: - with IWLCORE=m and/or IWL3945=m RFKILL/RFKILL_INPUT/MAC80211_LEDS/LEDS_CLASS are no longer wrongly forced to y - fixes a build error with IWLCORE=y, IWL4965=m might be a bug in kconfig causing it, but doing this change that is anyway the right thing fixes it Reported-by: Carlos R. Mafra <crmafra2@gmail.com> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sam Ravnborg authored
A few functions are only used from __init context. So annotate these with __init for consistency and silence the following warnings: WARNING: net/ipv4/built-in.o(.text+0x2a876): Section mismatch in reference from the function ic_bootp_init() to the variable .init.data:bootp_packet_type WARNING: net/ipv4/built-in.o(.text+0x2a907): Section mismatch in reference from the function ic_bootp_cleanup() to the variable .init.data:bootp_packet_type Note: The warnings only appear with CONFIG_DEBUG_SECTION_MISMATCH=y Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 29 Apr, 2008 28 commits
-
-
Daniel Walker authored
Signed-off-by: Daniel Walker <dwalker@mvista.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pavel Emelyanov authored
When I posted a copy_to_user fixes, the list daemon refused to accept the Cc: <this-list>, because I was not a subscriber. I found, that other lists with such a feature are marked respectively in the MAINTAINERS file. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Oliver Hartkopp <oliver.hartkopp@volkswagen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philip Craig authored
commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()" results in ARM platforms hashing uninitialised padding. This padding doesn't exist on other architectures. Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure everything is initialised. There were only 4 bytes that NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM). Signed-off-by: Philip Craig <philipc@snapgear.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Timo Teras authored
Add struct net_device parameter to ip_rt_frag_needed() and update MTU to cache entries where ifindex is specified. This is similar to what is already done in ip_rt_redirect(). Signed-off-by: Timo Teras <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jarek Poplawski authored
Let's delete timer reliably in sfq_destroy(). Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David L Stevens authored
This patch adds support for getsockopt for MCAST_MSFILTER for both IPv4 and IPv6. It depends on the previous setsockopt patch, and uses the same method. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David L Stevens authored
1) added missing "__user" for kgsr and kgf pointers 2) verify read for only GROUP_FILTER_SIZE(0). The group_filter structure definition (via RFC) includes space for one source in the source list array, but that source need not be present. So, sizeof(group_filter) > GROUP_FILTER_SIZE(0). Fixed the user read-check for minimum length to use the smaller size. 3) remove unneeded "&" for gf_slist addresses Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julian Anastasov authored
Fixes bug http://bugzilla.kernel.org/show_bug.cgi?id=10556 where conn templates with protocol=IPPROTO_IP can oops backup box. Result from ip_vs_proto_get() should be checked because protocol value can be invalid or unsupported in backup. But for valid message we should not fail for templates which use IPPROTO_IP. Also, add checks to validate message limits and connection state. Show state NONE for templates using IPPROTO_IP. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bodo Stroesser authored
There is a race condition when unloading bridge and netfilter. The problem happens if __fake_rtable is in use by a skb coming in, while someone starts to unload bridge.ko. br_netfilter_fini() is called at the beginning of unload in br_deinit() while skbs still are being forwarded and transferred to local ip stack. Thus there is a possibility of the __fake_rtable pointer not being removed in a skb that goes up to ip stack. This results in a kernel panic, as ip_rcv() calls the input-function of __fake_rtable, which is NULL. Moving the call of br_netfilter_fini() to the end of br_deinit() solves the problem. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Volodymyr G Lukiianyk authored
When device is added to bridge its refcnt is incremented (in new_nbp()), but if error occurs during further br_add_if() operations this counter is not decremented back. Fix it by adding dev_put() call in the error path. Signed-off-by: Volodymyr G Lukiianyk <volodymyrgl@gmail.com> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnaud Ebalard authored
While reinjecting *bigger* modified versions of IPv6 packets using libnetfilter_queue, things work fine on a 2.6.24 kernel (2.6.22 too) but I get the following on recents kernels (2.6.25, trace below is against today's net-2.6 git tree): skb_over_panic: text:c04fddb0 len:696 put:632 head:f7592c00 data:f7592c00 tail:0xf7592eb8 end:0xf7592e80 dev:eth0 ------------[ cut here ]------------ invalid opcode: 0000 [#1] PREEMPT Process sendd (pid: 3657, ti=f6014000 task=f77c31d0 task.ti=f6014000) Stack: c071e638 c04fddb0 000002b8 00000278 f7592c00 f7592c00 f7592eb8 f7592e80 f763c000 f6bc5200 f7592c40 f6015c34 c04cdbfc f6bc5200 00000278 f6015c60 c04fddb0 00000020 f72a10c0 f751b420 00000001 0000000a 000002b8 c065582c Call Trace: [<c04fddb0>] ? nfqnl_recv_verdict+0x1c0/0x2e0 [<c04cdbfc>] ? skb_put+0x3c/0x40 [<c04fddb0>] ? nfqnl_recv_verdict+0x1c0/0x2e0 [<c04fd115>] ? nfnetlink_rcv_msg+0xf5/0x160 [<c04fd03e>] ? nfnetlink_rcv_msg+0x1e/0x160 [<c04fd020>] ? nfnetlink_rcv_msg+0x0/0x160 [<c04f8ed7>] ? netlink_rcv_skb+0x77/0xa0 [<c04fcefc>] ? nfnetlink_rcv+0x1c/0x30 [<c04f8c73>] ? netlink_unicast+0x243/0x2b0 [<c04cfaba>] ? memcpy_fromiovec+0x4a/0x70 [<c04f9406>] ? netlink_sendmsg+0x1c6/0x270 [<c04c8244>] ? sock_sendmsg+0xc4/0xf0 [<c011970d>] ? set_next_entity+0x1d/0x50 [<c0133a80>] ? autoremove_wake_function+0x0/0x40 [<c0118f9e>] ? __wake_up_common+0x3e/0x70 [<c0342fbf>] ? n_tty_receive_buf+0x34f/0x1280 [<c011d308>] ? __wake_up+0x68/0x70 [<c02cea47>] ? copy_from_user+0x37/0x70 [<c04cfd7c>] ? verify_iovec+0x2c/0x90 [<c04c837a>] ? sys_sendmsg+0x10a/0x230 [<c011967a>] ? __dequeue_entity+0x2a/0xa0 [<c011970d>] ? set_next_entity+0x1d/0x50 [<c0345397>] ? pty_write+0x47/0x60 [<c033d59b>] ? tty_default_put_char+0x1b/0x20 [<c011d2e9>] ? __wake_up+0x49/0x70 [<c033df99>] ? tty_ldisc_deref+0x39/0x90 [<c033ff20>] ? tty_write+0x1a0/0x1b0 [<c04c93af>] ? sys_socketcall+0x7f/0x260 [<c0102ff9>] ? sysenter_past_esp+0x6a/0x91 [<c05f0000>] ? snd_intel8x0m_probe+0x270/0x6e0 ======================= Code: 00 00 89 5c 24 14 8b 98 9c 00 00 00 89 54 24 0c 89 5c 24 10 8b 40 50 89 4c 24 04 c7 04 24 38 e6 71 c0 89 44 24 08 e8 c4 46 c5 ff <0f> 0b eb fe 55 89 e5 56 89 d6 53 89 c3 83 ec 0c 8b 40 50 39 d0 EIP: [<c04ccdfc>] skb_over_panic+0x5c/0x60 SS:ESP 0068:f6015bf8 Looking at the code, I ended up in nfq_mangle() function (called by nfqnl_recv_verdict()) which performs a call to skb_copy_expand() due to the increased size of data passed to the function. AFAICT, it should ask for 'diff' instead of 'diff - skb_tailroom(e->skb)'. Because the resulting sk_buff has not enough space to support the skb_put(skb, diff) call a few lines later, this results in the call to skb_over_panic(). The patch below asks for allocation of a copy with enough space for mangled packet and the same amount of headroom as old sk_buff. While looking at how the regression appeared (e2b58a67), I noticed the same pattern in ipq_mangle_ipv6() and ipq_mangle_ipv4(). The patch corrects those locations too. Tested with bigger reinjected IPv6 packets (nfqnl_mangle() path), things are ok (2.6.25 and today's net-2.6 git tree). Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pavel Emelyanov authored
The seq_open_net() call should be accompanied with seq_release_net() one. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Roel Kluin authored
if tcphoff remains unsigned, a negative ipv6_skip_exthdr() return value will go unnoticed, Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Heffner authored
This fixes inappropriately large cwnd growth on sender-limited flows when GSO is enabled, limiting cwnd growth to 64k. Signed-off-by: John Heffner <johnwheffner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Heffner authored
This changes the logic in tcp_is_cwnd_limited() so that cwnd may grow up to tcp_max_burst() even when sk_can_gso() is false, or when sysctl_tcp_tso_win_divisor != 0. Signed-off-by: John Heffner <johnwheffner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Paul Gortmaker authored
TBIPA needs to be set to a value (on connected MDIO buses) that doesn't conflict with PHYs on the bus. By hardcoding it to 0x1f, we were preventing boards with PHYs at 0x1f from working properly. Instead, scan the bus when it comes up, and find an address that doesn't have a PHY on it. The TBI PHY configuration code then trusts that the value in TBIPA is either safe, or doesn't matter (ie - it's not an active bus with other PHYs). Signed-off-by: Andy Fleming <afleming@freescale.com> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Krzysztof Halasa authored
Adds a driver for built-in IXP4xx Ethernet ports. Signed-off-by: Krzysztof Hałasa <khc@pm.waw.pl> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Roel Kluin authored
dev->irq is unsigned, platform_get_irq() may return signed unnoticed Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Cornelia Huck authored
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Frank Blaschka authored
Allow ethtool to turn on/off EDDP via ethtool TSO interface. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Ursula Braun authored
Read out number of ports from the hardware. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Frank Blaschka authored
In case the ccwgroup device is set online/offline we have to run the corresponding dev_open/close for the netdevice. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Frank Blaschka authored
Remove unnecessary traces. Remove unnecessary wrappers for skb functions. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Frank Blaschka authored
Load balancing bonding queries the speed of the slave interfaces. To support a bond consisting of different slave speeds we have to report the speed by ethtool settings. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Frank Blaschka authored
hiper socket require the QETH_HDR_EXT_VLAN_FRAME flag in the qdio header to handle vlan tagged frames. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Peter Tiedemann authored
Replace complex macro for s390dbf calls by equivalent function. This reduces module size about 10% without visible performance impact. Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Ursula Braun authored
Instead of having each driver for ccwgroup slave device parsing the input itself and calling ccwgroup_create(), introduce a new function ccwgroup_create_from_string() and handle parsing inside the ccwgroup core. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Ursula Braun authored
There is no urgent need to restart a netiucv connection automatically, if packets are sent while the netiucv device is not up and running. Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-