GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
16 years ago[NETFILTER]: Fix incorrect use of skb_make_writable
Joonwoo Park [Wed, 20 Feb 2008 01:18:47 +0000 (17:18 -0800)]
[NETFILTER]: Fix incorrect use of skb_make_writable

http://bugzilla.kernel.org/show_bug.cgi?id=9920
The function skb_make_writable returns true or false.

Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it
Pavel Emelyanov [Wed, 20 Feb 2008 01:18:20 +0000 (17:18 -0800)]
[NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it

The int ret variable is used only to trigger the BUG_ON() after
the skb_copy_bits() call, so check the call failure directly
and drop the variable.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: {ip,ip6,nfnetlink}_queue: fix SKB_LINEAR_ASSERT when mangling packet...
Patrick McHardy [Wed, 20 Feb 2008 01:17:52 +0000 (17:17 -0800)]
[NETFILTER]: {ip,ip6,nfnetlink}_queue: fix SKB_LINEAR_ASSERT when mangling packet data

As reported by Tomas Simonaitis <tomas.simonaitis@gmail.com>,
inserting new data in skbs queued over {ip,ip6,nfnetlink}_queue
triggers a SKB_LINEAR_ASSERT in skb_put().

Going back through the git history, it seems this bug is present since
at least 2.6.12-rc2, probably even since the removal of
skb_linearize() for netfilter.

Linearize non-linear skbs through skb_copy_expand() when enlarging
them.  Tested by Thomas, fixes bugzilla #9933.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoipv4/fib_hash.c: fix NULL dereference
Adrian Bunk [Wed, 20 Feb 2008 00:28:54 +0000 (16:28 -0800)]
ipv4/fib_hash.c: fix NULL dereference

Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e080c318f8d4467679d17807f42b3a33cd5 ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.

Eric Dumazet says:

Hum, you are right, kmem_cache_free() doesnt allow a NULL
object, like kfree() does.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet/9p/trans_virtio.c: kmalloc() enough memory
Adrian Bunk [Wed, 20 Feb 2008 00:25:30 +0000 (16:25 -0800)]
net/9p/trans_virtio.c: kmalloc() enough memory

The Coverity checker spotted that less memory than required was
allocated.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[RTNL]: Add missing link netlink attribute policy definitions
Thomas Graf [Wed, 20 Feb 2008 00:12:08 +0000 (16:12 -0800)]
[RTNL]: Add missing link netlink attribute policy definitions

IFLA_LINK is no longer a write-only attribute on the kernel side and
must thus be validated. Same goes for the newly introduced
IFLA_LINKINFO.

Fixes undefined behaviour if either of the attributes are not well
formed.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Messed multicast lists after dev_mc_sync/unsync
Jorge Boncompte [DTI2] [Tue, 19 Feb 2008 22:17:04 +0000 (14:17 -0800)]
[NET]: Messed multicast lists after dev_mc_sync/unsync

Commit a0a400d79e3dd7843e7e81baa3ef2957bdc292d0 ("[NET]: dev_mcast:
add multicast list synchronization helpers") from you introduced a new
field "da_synced" to struct dev_addr_list that is not properly
initialized to 0. So when any of the current users (8021q, macvlan,
mac80211) calls dev_mc_sync/unsync they mess the address list for both
devices.

The attached patch fixed it for me and avoid future problems.

Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NIU]: Bump driver version and release date.
David S. Miller [Tue, 19 Feb 2008 05:30:48 +0000 (21:30 -0800)]
[NIU]: Bump driver version and release date.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NIU]: Fix BMAC alternate MAC address indexing.
Matheos Worku [Tue, 19 Feb 2008 05:30:03 +0000 (21:30 -0800)]
[NIU]: Fix BMAC alternate MAC address indexing.

BMAC port alternate MAC address index needs to start at 1. Index 0 is
used for the main MAC address.

Signed-off-by: Matheos Worku <matheos.worku@sun.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet: fix kernel-doc warnings in header files
Randy Dunlap [Tue, 19 Feb 2008 04:52:13 +0000 (20:52 -0800)]
net: fix kernel-doc warnings in header files

Add missing structure kernel-doc descriptions to sock.h & skbuff.h
to fix kernel-doc warnings.

(I think that Stephen H. sent a similar patch, but I can't find it.
I just want to kill the warnings, with either patch.)

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Use BUG_ON instead of if + BUG in fib6_del_route.
Pavel Emelyanov [Tue, 19 Feb 2008 04:50:42 +0000 (20:50 -0800)]
[IPV6]: Use BUG_ON instead of if + BUG in fib6_del_route.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: dst_entry leak in ip4ip6_err. (resend)
Denis V. Lunev [Tue, 19 Feb 2008 04:49:36 +0000 (20:49 -0800)]
[IPV6]: dst_entry leak in ip4ip6_err. (resend)

The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobluetooth: do not move child device other than rfcomm
Dave Young [Tue, 19 Feb 2008 04:45:41 +0000 (20:45 -0800)]
bluetooth: do not move child device other than rfcomm

hci conn child devices other than rfcomm tty should not be moved here.
This is my lost, thanks for Barnaby's reporting and testing.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agobluetooth: put hci dev after del conn
Dave Young [Tue, 19 Feb 2008 04:44:01 +0000 (20:44 -0800)]
bluetooth: put hci dev after del conn

Move hci_dev_put to del_conn to avoid hci dev going away before hci conn.

Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Elminate spurious print_mac() calls.
David S. Miller [Tue, 19 Feb 2008 00:50:22 +0000 (16:50 -0800)]
[NET]: Elminate spurious print_mac() calls.

Patrick McHardy notes that print_mac() can get invoked
even if the result it unused (f.e. as an argument to
pr_debug() when DEBUG is not defined).

Mark this function as "__pure" to eliminate this problem.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[BLUETOOTH] hci_sysfs.c: Kill build warning.
David S. Miller [Mon, 18 Feb 2008 08:20:50 +0000 (00:20 -0800)]
[BLUETOOTH] hci_sysfs.c: Kill build warning.

net/bluetooth/hci_sysfs.c: In function ‘del_conn’:
net/bluetooth/hci_sysfs.c:339: warning: suggest parentheses around assignment used as truth value

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Remove MAC_FMT
Joe Perches [Mon, 18 Feb 2008 07:35:28 +0000 (23:35 -0800)]
[NET]: Remove MAC_FMT

MAC_FMT is no longer used

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet/8021q/vlan_dev.c: Use print_mac.
Joe Perches [Mon, 18 Feb 2008 07:34:54 +0000 (23:34 -0800)]
net/8021q/vlan_dev.c: Use print_mac.

Remove direct use of MAC_FMT

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[XFRM]: Fix ordering issue in xfrm_dst_hash_transfer().
YOSHIFUJI Hideaki [Mon, 18 Feb 2008 07:29:30 +0000 (23:29 -0800)]
[XFRM]: Fix ordering issue in xfrm_dst_hash_transfer().

Keep ordering of policy entries with same selector in
xfrm_dst_hash_transfer().

Issue should not appear in usual cases because multiple policy entries
with same selector are basically not allowed so far.  Bug was pointed
out by Sebastien Decugis <sdecugis@hongo.wide.ad.jp>.

We could convert bydst from hlist to list and use list_add_tail()
instead.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Sebastien Decugis <sdecugis@hongo.wide.ad.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[BLUETOOTH] net/bluetooth/hci_core.c: Use time_* macros
S.Çağlar Onur [Mon, 18 Feb 2008 07:25:57 +0000 (23:25 -0800)]
[BLUETOOTH] net/bluetooth/hci_core.c: Use time_* macros

The functions time_before, time_before_eq, time_after, and
time_after_eq are more robust for comparing jiffies against other
values.

So following patch implements usage of the time_after() macro, defined
at linux/jiffies.h, which deals with wrapping correctly

Signed-off-by: S.Çağlar Onur <caglar@pardus.org.tr>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Fix hardcoded removing of old module code
Wang Chen [Mon, 18 Feb 2008 06:34:53 +0000 (22:34 -0800)]
[IPV6]: Fix hardcoded removing of old module code

Rusty hardcoded the old module code.
We can remove it now.

Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABEL]: Move some initialization code into __init section.
Pavel Emelyanov [Mon, 18 Feb 2008 06:33:57 +0000 (22:33 -0800)]
[NETLABEL]: Move some initialization code into __init section.

Everything that is called from netlbl_init() can be marked with
__init. This moves 620 bytes from .text section to .text.init one.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABEL]: Shrink the genl-ops registration code.
Pavel Emelyanov [Mon, 18 Feb 2008 06:33:16 +0000 (22:33 -0800)]
[NETLABEL]: Shrink the genl-ops registration code.

Turning them to array and registration in a loop saves
80 lines of code and ~300 bytes from text section.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AX25] ax25_out: check skb for NULL in ax25_kick()
Jarek Poplawski [Mon, 18 Feb 2008 06:31:19 +0000 (22:31 -0800)]
[AX25] ax25_out: check skb for NULL in ax25_kick()

According to some OOPS reports ax25_kick tries to clone NULL skbs
sometimes. It looks like a race with ax25_clear_queues(). Probably
there is no need to add more than a simple check for this yet.
Another report suggested there are probably also cases where ax25
->paclen == 0 can happen in ax25_output(); this wasn't confirmed
during testing but let's leave this debugging check for some time.

Reported-and-tested-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[TCP]: Fix tcp_v4_send_synack() comment
Kris Katterjohn [Mon, 18 Feb 2008 06:29:19 +0000 (22:29 -0800)]
[TCP]: Fix tcp_v4_send_synack() comment

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: fix alignment of IP-Config output
Uwe Kleine-Koenig [Mon, 18 Feb 2008 06:28:32 +0000 (22:28 -0800)]
[IPV4]: fix alignment of IP-Config output

Make the indented lines aligned in the output (not in the code).

Signed-off-by: Uwe Kleine-Koenig <Uwe.Kleine-Koenig@digi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoDocumentation: fix tcp.txt
Matti Linnanvuori [Mon, 18 Feb 2008 06:21:04 +0000 (22:21 -0800)]
Documentation: fix tcp.txt

Replace BIC with CUBIC as default congestion control. Fix grammar.

Signed-off-by: Matti Linnanvuori <mattilinnanvuori@yahoo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet/9p/trans_virtio.c: Use BUG_ON
Julia Lawall [Mon, 18 Feb 2008 02:42:53 +0000 (18:42 -0800)]
net/9p/trans_virtio.c: Use BUG_ON

if (...) BUG(); should be replaced with BUG_ON(...) when the test has no
side-effects to allow a definition of BUG_ON that drops the code completely.

The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@ disable unlikely @ expression E,f; @@

(
  if (<... f(...) ...>) { BUG(); }
|
- if (unlikely(E)) { BUG(); }
+ BUG_ON(E);
)

@@ expression E,f; @@

(
  if (<... f(...) ...>) { BUG(); }
|
- if (E) { BUG(); }
+ BUG_ON(E);
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet/rxrpc: Use BUG_ON
Julia Lawall [Mon, 18 Feb 2008 02:42:03 +0000 (18:42 -0800)]
net/rxrpc: Use BUG_ON

if (...) BUG(); should be replaced with BUG_ON(...) when the test has no
side-effects to allow a definition of BUG_ON that drops the code completely.

The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@ disable unlikely @ expression E,f; @@

(
  if (<... f(...) ...>) { BUG(); }
|
- if (unlikely(E)) { BUG(); }
+ BUG_ON(E);
)

@@ expression E,f; @@

(
  if (<... f(...) ...>) { BUG(); }
|
- if (E) { BUG(); }
+ BUG_ON(E);
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoRevert "[NDISC]: Fix race in generic address resolution"
David S. Miller [Mon, 18 Feb 2008 02:39:54 +0000 (18:39 -0800)]
Revert "[NDISC]: Fix race in generic address resolution"

This reverts commit 69cc64d8d92bf852f933e90c888dfff083bd4fc9.

It causes recursive locking in IPV6 because unlike other
neighbour layer clients, it even needs neighbour cache
entries to send neighbour soliciation messages :-(

We'll have to find another way to fix this race.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoRevert "[RTNETLINK]: Send a single notification on device state changes."
David S. Miller [Mon, 18 Feb 2008 02:35:07 +0000 (18:35 -0800)]
Revert "[RTNETLINK]: Send a single notification on device state changes."

This reverts commit 45b503548210fe6f23e92b856421c2a3f05fd034.

It break locking around dev->link_mode as well as cause
other bootup problems.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'upstream-davem' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
David S. Miller [Fri, 15 Feb 2008 23:59:19 +0000 (15:59 -0800)]
Merge branch 'upstream-davem' of /linux/kernel/git/jgarzik/netdev-2.6

16 years agoMerge branch 'fixes' of master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6
David S. Miller [Fri, 15 Feb 2008 23:56:47 +0000 (15:56 -0800)]
Merge branch 'fixes' of /linux/kernel/git/linville/wireless-2.6

16 years agob43legacy: Add driver load messages
Stefano Brivio [Sat, 9 Feb 2008 06:20:43 +0000 (07:20 +0100)]
b43legacy: Add driver load messages

This adds printk messages with basic information about the driver being loaded.
This information includes a summary of the compiled-in features, which
simplifies bug-reporting and debugging a lot.
Also a firmware ID is printed. This is a unique identifier blob for a specific
version of the firmware. This ID is attached to a specific version of the firmware
blob in b43-fwcutter (see fwcutter git).
This helps users to select the right firmware for their device.
This also makes it possible to use automated scripts to fetch and extract the right
firmware for the driver. (The script will grep the .ko for the "Firmware-ID: xxx" string.)
While the driver might still support other versions of the firmware for backward
compatibility, this will always print out the officially supported version, which
people _should_ use.

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoipw2200: fix ucode assertion for RX queue overrun
Dan Williams [Thu, 14 Feb 2008 22:49:41 +0000 (17:49 -0500)]
ipw2200: fix ucode assertion for RX queue overrun

Restock the RX queue when there are a lot of unused frames so that the
RX ring buffer doesn't overrun, causing a ucode assertion.  Backport of
patch "iwlwifi: fix ucode assertion for RX queue overrun".

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: only check for association id when associating with AP
Reinette Chatre [Thu, 14 Feb 2008 18:40:28 +0000 (10:40 -0800)]
iwlwifi: only check for association id when associating with AP

There is no association process in IBSS mode - so testing the
association id is not needed.

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
CC: Richard Scherping <richard@scherping.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: reverting 'misc wireless annotations' patch for iwlwifi
Tomas Winkler [Wed, 13 Feb 2008 00:47:54 +0000 (02:47 +0200)]
iwlwifi: reverting 'misc wireless annotations' patch for iwlwifi

This patch revert commit blow that wrongly suppressed sparse warning in
iwlwifi eeprom reading
In addtion it suppresses correctly the iwlwifi eeprom register reading anomaly.

commit 45883ae47a0a4700c0f4716dc75a255cccdc3a76
misc wireless annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43legacy: fix firmware load message level
Stefano Brivio [Tue, 12 Feb 2008 02:09:10 +0000 (03:09 +0100)]
b43legacy: fix firmware load message level

The firmware version information should always get printed. Not only on a
debug build.

The patch by Michael Buesch has been ported to b43legacy.

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43legacy: add firmware information to modinfo
Stefano Brivio [Tue, 12 Feb 2008 02:09:00 +0000 (03:09 +0100)]
b43legacy: add firmware information to modinfo

This adds the firmware ID to modinfo.

The patch by Michael Buesch has been ported to b43legacy.

Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agomac80211: Fix initial hardware configuration
Michael Buesch [Sun, 10 Feb 2008 13:16:52 +0000 (14:16 +0100)]
mac80211: Fix initial hardware configuration

On the initial device-open we need to defer the hardware reconfiguration
after we incremented the open_count, because the hw_config checks this flag
and won't call the lowlevel driver in case it is zero.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agort2x00: Add new USB ID to rt2500usb
Ivo van Doorn [Sun, 10 Feb 2008 10:21:57 +0000 (11:21 +0100)]
rt2x00: Add new USB ID to rt2500usb

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43: Fix firmware load message level
Michael Buesch [Sat, 9 Feb 2008 16:53:41 +0000 (17:53 +0100)]
b43: Fix firmware load message level

The firmware version information should always get printed. Not only
on a debug build.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43: Add firmware information to modinfo
Michael Buesch [Sat, 9 Feb 2008 09:23:49 +0000 (10:23 +0100)]
b43: Add firmware information to modinfo

This adds the firmware ID to modinfo.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43: Add driver load messages
Michael Buesch [Fri, 8 Feb 2008 23:18:35 +0000 (00:18 +0100)]
b43: Add driver load messages

This adds printk messages with basic information about the driver being loaded.
This information includes a summary of the compiled-in features, which
simplifies bug-reporting and debugging a lot.
Also a firmware ID is printed. This is a unique identifier blob for a specific
version of the firmware. This ID is attached to a specific version of the firmware
blob in b43-fwcutter (see fwcutter git).
This helps users to select the right firmware for their device.
This also makes it possible to use automated scripts to fetch and extract the right
firmware for the driver. (the script will grep the .ko for the "Firmware-ID: xxx" string.
While the driver might still support other versions of the firmware for backward
compatibility, this will always print out the officially supported version, which
people _should_ use.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agob43legacy: fix DMA for 30/32-bit DMA engines
Stefano Brivio [Fri, 8 Feb 2008 05:31:53 +0000 (06:31 +0100)]
b43legacy: fix DMA for 30/32-bit DMA engines

This checks if the DMA address is bigger than what the controller can manage.
It will reallocate the buffers in the GFP_DMA zone in that case.

The patch by Michael Buesch has been ported to b43legacy.
Thanks to Matti Viljanen for reporting this.

Cc: Matti Viljanen <viljanen.matti@gmail.com>
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: earlier rx allocation
Mohamed Abbas [Thu, 7 Feb 2008 21:16:33 +0000 (13:16 -0800)]
iwlwifi: earlier rx allocation

Value of count is used to decide when to replenish rx buffers. If it is
equal or above 8 we replenish the buffers. Ensure there is no starvation
by initializing count to 8 - thus forcing replenish at first iteration.

This is helpful when rx receives batches of buffers smaller than 8.

Signed-off-by: Mohamed Abbas <mabbas@linux.intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: Don't send host commands on rfkill
Gregory Greenman [Wed, 6 Feb 2008 19:20:40 +0000 (11:20 -0800)]
iwlwifi: Don't send host commands on rfkill

This patch prevents sending host commands when rfkill is on

Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoiwlwifi: do not clear GEO_CONFIGURED bit when calling _down
Reinette Chatre [Wed, 6 Feb 2008 19:20:38 +0000 (11:20 -0800)]
iwlwifi: do not clear GEO_CONFIGURED bit when calling _down

The geos information is set up during probe and should only
be removed during pci_remove, not during _down.
This is a temporary fix until the setting of the status bits
have been cleaned up (to explicitly match all setting with
clearing of status bits).

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agorndis_wlan: enable stall workaround by link quality instead of link speed
Jussi Kivilinna [Wed, 6 Feb 2008 13:36:10 +0000 (15:36 +0200)]
rndis_wlan: enable stall workaround by link quality instead of link speed

Enable workaround for poor link stalls by link quality instead of link
speed. Using link speed caused workaround be active always on 802.11b
networks which reduced performance and not even catch all stalls.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoath5k: correct padding in tx descriptors
Bruno Randolf [Tue, 5 Feb 2008 09:44:55 +0000 (18:44 +0900)]
ath5k: correct padding in tx descriptors

when setting up the tx descriptors for the hardware we must account for any
padding between the header and the data we might have added previously. frame
len is the length of the frame in the air (including FCS but no padding) and
buffer len is the length of the buffer (including padding, but without FCS).

changing the way ah_setup_tx_desc is called: now excluding the FCS, since it's
easier to add that in the function where we need it.

before this fix we sent trailing zero bytes after the packet (because frame len
included the padding) which was not a big problem without WEP, but with WEP
this resultes in a wrong WEP checksum and the packet is discarded - which is
how i noticed at all ;)

an easy way to run into header padding problems, btw, is to connect to a QoS
(WME) enabled access point (eg. madwifi) - QoS data frames are 2 byte longer
and will require padding.

this patch applies on top of luis latest patch series from 04.02.2008.

drivers/net/wireless/ath5k/base.c:      Changes-licensed-under: 3-Clause-BSD
drivers/net/wireless/ath5k/hw.c:        Changes-licensed-under: ISC

Signed-off-by: Bruno Randolf <bruno@thinktube.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agowavelan: mark hardware interfacing structures as packed
John W. Linville [Thu, 7 Feb 2008 20:46:01 +0000 (15:46 -0500)]
wavelan: mark hardware interfacing structures as packed

With assists from Russell King <rmk+kernel@arm.linux.org.uk> and
Andrew Morton <akpm@linux-foundation.org>...

Signed-off-by: John W. Linville <linville@tuxdriver.com>
16 years agoe1000e: PCIe devices do not need to unset MANC_ARP_ENA
David Graham [Thu, 14 Feb 2008 18:17:20 +0000 (10:17 -0800)]
e1000e: PCIe devices do not need to unset MANC_ARP_ENA

Users reported that ARP's were lost with e1000e. The problem
is fixed by not enabling this manageability configuration
bit.

None of the release_manageability code is actually needed as the
normal device reset during a shutdown returns everthing to
the right condition automatically.

Signed-off-by: David Graham <david.graham@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agoigb: PCIe devices do not need to unset MANC_ARP_ENA
David Graham [Thu, 14 Feb 2008 18:17:12 +0000 (10:17 -0800)]
igb: PCIe devices do not need to unset MANC_ARP_ENA

Users reported that ARP's were lost with igb. The problem
is fixed by not enabling this manageability configuration
bit.

None of the release_manageability code is actually needed as the
normal device reset during a shutdown returns everthing to
the right condition automatically.

Signed-off-by: David Graham <david.graham@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agoixgbe: Correctly obtain protocol information on transmit
Auke Kok [Tue, 12 Feb 2008 23:20:33 +0000 (15:20 -0800)]
ixgbe: Correctly obtain protocol information on transmit

In reply to "RE: [Fwd: [PATCH 2.6.25] ixgbe/igb: correctly obtain protocol
information on transmit]" from Andy Gospodarek:

The driver was incorrectly looking at socket headers for
protocol information, needed for checksumming offload. Fix
this by not looking at the socket but frame headers instead.

This disregards extension headers but it's unclear that linux
generates those anyway.

Tested by Andy Gospodarek.

Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agoe1000e: Fix CRC stripping in hardware context bug
Auke Kok [Tue, 12 Feb 2008 23:20:24 +0000 (15:20 -0800)]
e1000e: Fix CRC stripping in hardware context bug

CRC stripping was only correctly enabled for packet split recieves
which is used when receiving jumbo frames. Correctly enable SECRC
also for normal buffer packet receives.

Tested by Andy Gospodarek and Johan Andersson, see bugzilla #9940.

Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agogianfar iomem misannotations
Al Viro [Wed, 13 Feb 2008 03:58:36 +0000 (03:58 +0000)]
gianfar iomem misannotations

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agomkiss: ax_bump() locking fix
Jarek Poplawski [Wed, 13 Feb 2008 11:17:58 +0000 (11:17 +0000)]
mkiss: ax_bump() locking fix

According to one of OOPSes reported by Jann softirq can break
while skb is prepared for netif_rx. The report isn't complete,
so the real reason of the later bug could be different, but
IMHO this locking break in ax_bump is unsafe and unnecessary.

Reported-and-tested-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years agoFix station address detection in smc
Chuck Ebbert [Thu, 14 Feb 2008 00:47:11 +0000 (19:47 -0500)]
Fix station address detection in smc

Megahertz EM1144 PCMCIA ethernet adapter needs special handling
because it has two VERS_1 tuples and the station address is in
the second one. Conversion to generic handling of these fields
broke it. Reverting that fixes the device.

  https://bugzilla.redhat.com/show_bug.cgi?id=233255

Thanks go to Jon Stanley for not giving up on this one until the
problem was found.

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
16 years ago[NET]: Make sure sockets implement splice_read
Rémi Denis-Courmont [Fri, 15 Feb 2008 10:35:45 +0000 (02:35 -0800)]
[NET]: Make sure sockets implement splice_read

Fixes a segmentation fault when trying to splice from a non-TCP socket.

Signed-off-by: Rémi Denis-Courmont <rdenis@simphalempin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonetconsole: avoid null pointer dereference at show_local_mac()
Keiichi KII [Fri, 15 Feb 2008 10:01:58 +0000 (02:01 -0800)]
netconsole: avoid null pointer dereference at show_local_mac()

This patch avoids a null pointer dereference when we read local_mac
for netconsole in configfs and shows default local mac address
value.

A null pointer dereference occurs when we call show_local_mac() via
local_mac entry in configfs before we setup the content of netpoll
using netpoll_setup().

Signed-off-by: Keiichi KII <k-keiichi@bx.jp.nec.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Fix reversed local_df test in ip6_fragment
Herbert Xu [Fri, 15 Feb 2008 07:49:37 +0000 (23:49 -0800)]
[IPV6]: Fix reversed local_df test in ip6_fragment

I managed to reverse the local_df test when forward-porting this
patch so it actually makes things worse by never fragmenting at
all.

Thanks to David Stevens for testing and reporting this bug.

Bill Fink pointed out that the local_df setting is also the wrong
way around.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[XFRM]: Avoid bogus BUG() when throwing new policy away.
YOSHIFUJI Hideaki [Thu, 14 Feb 2008 22:52:38 +0000 (14:52 -0800)]
[XFRM]: Avoid bogus BUG() when throwing new policy away.

From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

When we destory a new policy entry, we need to tell
xfrm_policy_destroy() explicitly that the entry is not
alive yet.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AF_KEY]: Fix bug in spdadd
Kazunori MIYAZAWA [Thu, 14 Feb 2008 22:51:38 +0000 (14:51 -0800)]
[AF_KEY]: Fix bug in spdadd

This patch fix a BUG when adding spds which have same selector.

Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER] nf_conntrack_proto_tcp.c: Mistyped state corrected.
Jozsef Kadlecsik [Thu, 14 Feb 2008 22:50:21 +0000 (14:50 -0800)]
[NETFILTER] nf_conntrack_proto_tcp.c: Mistyped state corrected.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agonet: xfrm statistics depend on INET
Paul Mundt [Thu, 14 Feb 2008 22:48:45 +0000 (14:48 -0800)]
net: xfrm statistics depend on INET

net/built-in.o: In function `xfrm_policy_init':
/home/pmundt/devel/git/sh-2.6.25/net/xfrm/xfrm_policy.c:2338: undefined reference to `snmp_mib_init'

snmp_mib_init() is only built in if CONFIG_INET is set.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETFILTER]: make secmark_tg_destroy() static
Adrian Bunk [Thu, 14 Feb 2008 01:41:39 +0000 (17:41 -0800)]
[NETFILTER]: make secmark_tg_destroy() static

This patch makes the needlessly global secmark_tg_destroy() static.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[INET]: Unexport inet_listen_wlock
Adrian Bunk [Thu, 14 Feb 2008 01:40:25 +0000 (17:40 -0800)]
[INET]: Unexport inet_listen_wlock

This patch removes the no longer used EXPORT_SYMBOL(inet_listen_wlock).

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[INET]: Unexport __inet_hash_connect
Adrian Bunk [Thu, 14 Feb 2008 01:39:34 +0000 (17:39 -0800)]
[INET]: Unexport __inet_hash_connect

This patch removes the unused EXPORT_SYMBOL_GPL(__inet_hash_connect).

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Improve cache line coherency of ingress qdisc
Neil Turton [Wed, 13 Feb 2008 07:13:48 +0000 (23:13 -0800)]
[NET]: Improve cache line coherency of ingress qdisc

Move the ingress qdisc members of struct net_device from the transmit
cache line to the receive cache line to avoid cache line ping-pong.
These members are only used on the receive path.

Signed-off-by: Neil Turton <nturton@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Fix race in dev_close(). (Bug 9750)
Matti Linnanvuori [Wed, 13 Feb 2008 07:10:11 +0000 (23:10 -0800)]
[NET]: Fix race in dev_close(). (Bug 9750)

There is a race in Linux kernel file net/core/dev.c, function dev_close.
The function calls function dev_deactivate, which calls function
dev_watchdog_down that deletes the watchdog timer. However, after that, a
driver can call netif_carrier_ok, which calls function
__netdev_watchdog_up that can add the watchdog timer again. Function
unregister_netdevice calls function dev_shutdown that traps the bug
!timer_pending(&dev->watchdog_timer). Moving dev_deactivate after
netif_running() has been cleared prevents function netif_carrier_on
from calling __netdev_watchdog_up and adding the watchdog timer again.

Signed-off-by: Matti Linnanvuori <mattilinnanvuori@yahoo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPSEC]: Fix bogus usage of u64 on input sequence number
Herbert Xu [Wed, 13 Feb 2008 06:50:35 +0000 (22:50 -0800)]
[IPSEC]: Fix bogus usage of u64 on input sequence number

Al Viro spotted a bogus use of u64 on the input sequence number which
is big-endian.  This patch fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[RTNETLINK]: Send a single notification on device state changes.
Laszlo Attila Toth [Wed, 13 Feb 2008 06:42:09 +0000 (22:42 -0800)]
[RTNETLINK]: Send a single notification on device state changes.

In do_setlink() a single notification is sent at the end of the
function if any modification occured. If the address has been changed,
another notification is sent.

Both of them is required because originally only the NETDEV_CHANGEADDR
notification was sent and although device state change implies address
change, some programs may expect the original notification. It remains
for compatibity.

If set_operstate() is called from do_setlink(), it doesn't send a
notification, only if it is called from rtnl_create_link() as earlier.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6.
Pavel Emelyanov [Wed, 13 Feb 2008 06:38:06 +0000 (22:38 -0800)]
[NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6.

This one is called from under this config only, so move
it in the same place.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABEL]: Don't produce unused variables when IPv6 is off.
Pavel Emelyanov [Wed, 13 Feb 2008 06:37:19 +0000 (22:37 -0800)]
[NETLABEL]: Don't produce unused variables when IPv6 is off.

Some code declares variables on the stack, but uses them
under #ifdef CONFIG_IPV6, so thay become unused when ipv6
is off. Fortunately, they are used in a switch's case
branches, so the fix is rather simple.

Is it OK from coding style POV to add braces inside "cases",
or should I better avoid such style and rework the patch?

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABEL]: Compilation for CONFIG_AUDIT=n case.
Pavel Emelyanov [Wed, 13 Feb 2008 06:35:37 +0000 (22:35 -0800)]
[NETLABEL]: Compilation for CONFIG_AUDIT=n case.

The audit_log_start() will expand into an empty do { } while (0)
construction and the audit_ctx becomes unused.

The solution: push current->audit_context into audit_log_start()
directly, since it is not required in any other place in the
calling function.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[GENETLINK]: Relax dances with genl_lock.
Pavel Emelyanov [Wed, 13 Feb 2008 06:16:33 +0000 (22:16 -0800)]
[GENETLINK]: Relax dances with genl_lock.

The genl_unregister_family() calls the genl_unregister_mc_groups(),
which takes and releases the genl_lock and then locks and releases
this lock itself.

Relax this behavior, all the more so the genl_unregister_mc_groups()
is called from genl_unregister_family() only.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def.
Pavel Emelyanov [Wed, 13 Feb 2008 06:15:14 +0000 (22:15 -0800)]
[NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def.

Currently, if the call to netlbl_domhsh_search succeeds the
return result will still be NULL.

Fix that, by returning the found entry (if any).

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: remove unused method declaration (net/ndisc.h).
Rami Rosen [Wed, 13 Feb 2008 06:06:53 +0000 (22:06 -0800)]
[IPV6]: remove unused method declaration (net/ndisc.h).

This patch removes unused declaration of dflt_rt_lookup() method in
include/net/ndisc.h

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NET]: Fix comment for skb_pull_rcsum
Urs Thuermann [Wed, 13 Feb 2008 06:03:25 +0000 (22:03 -0800)]
[NET]: Fix comment for skb_pull_rcsum

Fix comment for skb_pull_rcsum

Signed-off-by: Urs Thuermann <urs@isnogud.escape.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV6]: Fix IPsec datagram fragmentation
Herbert Xu [Wed, 13 Feb 2008 02:07:27 +0000 (18:07 -0800)]
[IPV6]: Fix IPsec datagram fragmentation

This is a long-standing bug in the IPsec IPv6 code that breaks
when we emit a IPsec tunnel-mode datagram packet.  The problem
is that the code the emits the packet assumes the IPv6 stack
will fragment it later, but the IPv6 stack assumes that whoever
is emitting the packet is going to pre-fragment the packet.

In the long term we need to fix both sides, e.g., to get the
datagram code to pre-fragment as well as to get the IPv6 stack
to fragment locally generated tunnel-mode packet.

For now this patch does the second part which should make it
work for the IPsec host case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[NDISC]: Fix race in generic address resolution
David S. Miller [Tue, 12 Feb 2008 05:45:44 +0000 (21:45 -0800)]
[NDISC]: Fix race in generic address resolution

Frank Blaschka provided the bug report and the initial suggested fix
for this bug.  He also validated this version of this fix.

The problem is that the access to neigh->arp_queue is inconsistent, we
grab references when dropping the lock lock to call
neigh->ops->solicit() but this does not prevent other threads of
control from trying to send out that packet at the same time causing
corruptions because both code paths believe they have exclusive access
to the skb.

The best option seems to be to hold the write lock on neigh->lock
during the ->solicit() call.  I looked at all of the ndisc_ops
implementations and this seems workable.  The only case that needs
special care is the IPV4 ARP implementation of arp_solicit().  It
wants to take neigh->lock as a reader to protect the header entry in
neigh->ha during the emission of the soliciation.  We can simply
remove the read lock calls to take care of that since holding the lock
as a writer at the caller providers a superset of the protection
afforded by the existing read locking.

The rest of the ->solicit() implementations don't care whether the
neigh is locked or not.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agohci_ldisc: fix null pointer deref
David Newall [Tue, 12 Feb 2008 05:41:30 +0000 (21:41 -0800)]
hci_ldisc: fix null pointer deref

Arjan:

  With the help of kerneloops.org I've spotted a nice little interaction
  between the TTY layer and the bluetooth code, however the tty layer is not
  something I'm all too familiar with so I rather ask than brute-force fix the
  code incorrectly.

  The raw details are at:
  http://www.kerneloops.org/search.php?search=uart_flush_buffer

  What happens is that, on closing the bluetooth tty, the tty layer goes
  into the release_dev() function, which first does a bunch of stuff, then
  sets the file->private_data to NULL, does some more stuff and then calls the
  ldisc close function.  Which in this case, is hci_uart_tty_close().

  Now, hci_uart_tty_close() calls hci_uart_close() which clears some
  internal bit, and then calls hci_uart_flush()...  which calls back to the
  tty layers' uart_flush_buffer() function.  (in drivers/bluetooth/hci_tty.c
  around line 194) Which then WARN_ON()'s because that's not allowed/supposed
  to be called this late in the shutdown of the port....

  Should the bluetooth driver even call this flush function at all??

David:

  This seems to be what happens: Hci_uart_close() flushes using
  hci_uart_flush().  Subsequently, in hci_dev_do_close(), (one step in
  hci_unregister_dev()), hci_uart_flush() is called again.  The comment in
  uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush
  after the port is closed; which sounds reasonable.  I think hci_uart_close()
  should set hdev->flush to NULL before returning.  Hci_dev_do_close() does
  check for this.  The code path is rather involved and I'm not entirely clear
  of all steps, but I think that's what should be done.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AX25] ax25_ds_timer: use mod_timer instead of add_timer
Jarek Poplawski [Tue, 12 Feb 2008 05:38:32 +0000 (21:38 -0800)]
[AX25] ax25_ds_timer: use mod_timer instead of add_timer

This patch changes current use of: init_timer(), add_timer()
and del_timer() to setup_timer() with mod_timer(), which
should be safer anyway.

Reported-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AX25] ax25_timer: use mod_timer instead of add_timer
Jarek Poplawski [Tue, 12 Feb 2008 05:36:39 +0000 (21:36 -0800)]
[AX25] ax25_timer: use mod_timer instead of add_timer

According to one of Jann's OOPS reports it looks like
BUG_ON(timer_pending(timer)) triggers during add_timer()
in ax25_start_t1timer(). This patch changes current use
of: init_timer(), add_timer() and del_timer() to
setup_timer() with mod_timer(), which should be safer
anyway.

Reported-by: Jann Traschewski <jann@gmx.de>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AX25] ax25_route: make ax25_route_lock BH safe
Jarek Poplawski [Tue, 12 Feb 2008 05:26:43 +0000 (21:26 -0800)]
[AX25] ax25_route: make ax25_route_lock BH safe

> =================================
> [ INFO: inconsistent lock state ]
> 2.6.24-dg8ngn-p02 #1
> ---------------------------------
> inconsistent {softirq-on-W} -> {in-softirq-R} usage.
> linuxnet/3046 [HC0[0]:SC1[2]:HE1:SE0] takes:
>  (ax25_route_lock){--.+}, at: [<f8a0cfb7>] ax25_get_route+0x18/0xb7 [ax25]
> {softirq-on-W} state was registered at:
...

This lockdep report shows that ax25_route_lock is taken for reading in
softirq context, and for writing in process context with BHs enabled.
So, to make this safe, all write_locks in ax25_route.c are changed to
_bh versions.

Reported-by: Jann Traschewski <jann@gmx.de>,
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[AX25] af_ax25: remove sock lock in ax25_info_show()
Jarek Poplawski [Tue, 12 Feb 2008 05:24:56 +0000 (21:24 -0800)]
[AX25] af_ax25: remove sock lock in ax25_info_show()

This lockdep warning:

> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.24 #3
> -------------------------------------------------------
> swapper/0 is trying to acquire lock:
>  (ax25_list_lock){-+..}, at: [<f91dd3b1>] ax25_destroy_socket+0x171/0x1f0 [ax25]
>
> but task is already holding lock:
>  (slock-AF_AX25){-+..}, at: [<f91dbabc>] ax25_std_heartbeat_expiry+0x1c/0xe0 [ax25]
>
> which lock already depends on the new lock.
...

shows that ax25_list_lock and slock-AF_AX25 are taken in different
order: ax25_info_show() takes slock (bh_lock_sock(ax25->sk)) while
ax25_list_lock is held, so reversely to other functions. To fix this
the sock lock should be moved to ax25_info_start(), and there would
be still problem with breaking ax25_list_lock (it seems this "proper"
order isn't optimal yet). But, since it's only for reading proc info
it seems this is not necessary (e.g.  ax25_send_to_raw() does similar
reading without this lock too).

So, this patch removes sock lock to avoid deadlock possibility; there
is also used sock_i_ino() function, which reads sk_socket under proper
read lock. Additionally printf format of this i_ino is changed to %lu.

Reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agofib_trie: /proc/net/route performance improvement
Stephen Hemminger [Tue, 12 Feb 2008 05:14:39 +0000 (21:14 -0800)]
fib_trie: /proc/net/route performance improvement

Use key/offset caching to change /proc/net/route (use by iputils route)
from O(n^2) to O(n). This improves performance from 30sec with 160,000
routes to 1sec.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agofib_trie: handle empty tree
Stephen Hemminger [Tue, 12 Feb 2008 05:12:49 +0000 (21:12 -0800)]
fib_trie: handle empty tree

This fixes possible problems when trie_firstleaf() returns NULL
to trie_leafindex().

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
16 years ago[IPV4]: Remove IP_TOS setting privilege checks.
David S. Miller [Tue, 12 Feb 2008 01:50:30 +0000 (17:50 -0800)]
[IPV4]: Remove IP_TOS setting privilege checks.

Various RFCs have all sorts of things to say about the CS field of the
DSCP value.  In particular they try to make the distinction between
values that should be used by "user applications" and things like
routing daemons.

This seems to have influenced the CAP_NET_ADMIN check which exists for
IP_TOS socket option settings, but in fact it has an off-by-one error
so it wasn't allowing CS5 which is meant for "user applications" as
well.

Further adding to the inconsistency and brokenness here, IPV6 does not
validate the DSCP values specified for the IPV6_TCLASS socket option.

The real actual uses of these TOS values are system specific in the
final analysis, and these RFC recommendations are just that, "a
recommendation".  In fact the standards very purposefully use
"SHOULD" and "SHOULD NOT" when describing how these values can be
used.

In the final analysis the only clean way to provide consistency here
is to remove the CAP_NET_ADMIN check.  The alternatives just don't
work out:

1) If we add the CAP_NET_ADMIN check to ipv6, this can break existing
   setups.

2) If we just fix the off-by-one error in the class comparison in
   IPV4, certain DSCP values can be used in IPV6 but not IPV4 by
   default.  So people will just ask for a sysctl asking to
   override that.

I checked several other freely available kernel trees and they
do not make any privilege checks in this area like we do.  For
the BSD stacks, this goes back all the way to Stevens Volume 2
and beyond.

Signed-off-by: David S. Miller <davem@davemloft.net>
16 years agoMerge branch 'upstream-davem' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
David S. Miller [Wed, 13 Feb 2008 01:51:26 +0000 (17:51 -0800)]
Merge branch 'upstream-davem' of /linux/kernel/git/jgarzik/netdev-2.6

16 years agoWMI: initialize wmi_blocks.list even if ACPI is disabled
Linus Torvalds [Tue, 12 Feb 2008 04:52:01 +0000 (20:52 -0800)]
WMI: initialize wmi_blocks.list even if ACPI is disabled

Even if we don't want to register the WMI driver, we should initialize
the wmi_blocks list to be empty, since we don't want the wmi helper
functions to oops just because that basic list has not even been set up.

With this, "find_guid()" will happily return "not found" rather than
oopsing all over the place, and the callers will then just automatically
return false or AE_NOT_FOUND as appropriate.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agox86: vdso_install fix
Roland McGrath [Mon, 11 Feb 2008 22:38:51 +0000 (14:38 -0800)]
x86: vdso_install fix

The makefile magic for installing the 32-bit vdso images on disk had a
little error.  A single-line change would fix that bug, but this does a
little more to reduce the error-prone duplication of this bit of
makefile variable magic.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agomempolicy: silently restrict nodemask to allowed nodes
KOSAKI Motohiro [Tue, 12 Feb 2008 04:30:22 +0000 (13:30 +0900)]
mempolicy: silently restrict nodemask to allowed nodes

Kosaki Motohito noted that "numactl --interleave=all ..." failed in the
presence of memoryless nodes.  This patch attempts to fix that problem.

Some background:

numactl --interleave=all calls set_mempolicy(2) with a fully populated
[out to MAXNUMNODES] nodemask.  set_mempolicy() [in do_set_mempolicy()]
calls contextualize_policy() which requires that the nodemask be a
subset of the current task's mems_allowed; else EINVAL will be returned.

A task's mems_allowed will always be a subset of node_states[N_HIGH_MEMORY]
i.e., nodes with memory.  So, a fully populated nodemask will be
declared invalid if it includes memoryless nodes.

  NOTE:  the same thing will occur when running in a cpuset
         with restricted mem_allowed--for the same reason:
         node mask contains dis-allowed nodes.

mbind(2), on the other hand, just masks off any nodes in the nodemask
that are not included in the caller's mems_allowed.

In each case [mbind() and set_mempolicy()], mpol_check_policy() will
complain [again, resulting in EINVAL] if the nodemask contains any
memoryless nodes.  This is somewhat redundant as mpol_new() will remove
memoryless nodes for interleave policy, as will bind_zonelist()--called
by mpol_new() for BIND policy.

Proposed fix:

1) modify contextualize_policy logic to:
   a) remember whether the incoming node mask is empty.
   b) if not, restrict the nodemask to allowed nodes, as is
      currently done in-line for mbind().  This guarantees
      that the resulting mask includes only nodes with memory.

      NOTE:  this is a [benign, IMO] change in behavior for
             set_mempolicy().  Dis-allowed nodes will be
             silently ignored, rather than returning an error.

   c) fold this code into mpol_check_policy(), replace 2 calls to
      contextualize_policy() to call mpol_check_policy() directly
      and remove contextualize_policy().

2) In existing mpol_check_policy() logic, after "contextualization":
   a) MPOL_DEFAULT:  require that in coming mask "was_empty"
   b) MPOL_{BIND|INTERLEAVE}:  require that contextualized nodemask
      contains at least one node.
   c) add a case for MPOL_PREFERRED:  if in coming was not empty
      and resulting mask IS empty, user specified invalid nodes.
      Return EINVAL.
   c) remove the now redundant check for memoryless nodes

3) remove the now redundant masking of policy nodes for interleave
   policy from mpol_new().

4) Now that mpol_check_policy() contextualizes the nodemask, remove
   the in-line nodes_and() from sys_mbind().  I believe that this
   restores mbind() to the behavior before the memoryless-nodes
   patch series.  E.g., we'll no longer treat an invalid nodemask
   with MPOL_PREFERRED as local allocation.

[ Patch history:

  v1 -> v2:
   - Communicate whether or not incoming node mask was empty to
     mpol_check_policy() for better error checking.
   - As suggested by David Rientjes, remove the now unused
     cpuset_nodes_subset_current_mems_allowed() from cpuset.h

  v2 -> v3:
   - As suggested by Kosaki Motohito, fold the "contextualization"
     of policy nodemask into mpol_check_policy().  Looks a little
     cleaner. ]

Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agoMerge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
Linus Torvalds [Tue, 12 Feb 2008 04:44:58 +0000 (20:44 -0800)]
Merge branch 'release' of git://git./linux/kernel/git/aegl/linux-2.6

* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] Fix build for sim_defconfig

16 years agoBe more robust about bad arguments in get_user_pages()
Jonathan Corbet [Mon, 11 Feb 2008 23:17:33 +0000 (16:17 -0700)]
Be more robust about bad arguments in get_user_pages()

So I spent a while pounding my head against my monitor trying to figure
out the vmsplice() vulnerability - how could a failure to check for
*read* access turn into a root exploit? It turns out that it's a buffer
overflow problem which is made easy by the way get_user_pages() is
coded.

In particular, "len" is a signed int, and it is only checked at the
*end* of a do {} while() loop.  So, if it is passed in as zero, the loop
will execute once and decrement len to -1.  At that point, the loop will
proceed until the next invalid address is found; in the process, it will
likely overflow the pages array passed in to get_user_pages().

I think that, if get_user_pages() has been asked to grab zero pages,
that's what it should do.  Thus this patch; it is, among other things,
enough to block the (already fixed) root exploit and any others which
might be lurking in similar code.  I also think that the number of pages
should be unsigned, but changing the prototype of this function probably
requires some more careful review.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...
Linus Torvalds [Tue, 12 Feb 2008 04:43:14 +0000 (20:43 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/roland/infiniband

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  mlx4_core: Fix build break (missing include)

16 years agoAdd Matt to MAINTAINERS as a SLAB allocator maintainer
Pekka Enberg [Mon, 11 Feb 2008 21:52:47 +0000 (23:52 +0200)]
Add Matt to MAINTAINERS as a SLAB allocator maintainer

Matt is already the maintainer of SLOB which is one of the "SLAB" allocators in
the kernel so add him to MAINTAINERS.

Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agoMerge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...
Linus Torvalds [Tue, 12 Feb 2008 04:42:11 +0000 (20:42 -0800)]
Merge branch 'upstream-fixes' of git://git./linux/kernel/git/jgarzik/libata-dev

* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  sata_mv: platform driver allocs dma without create
  pata_ninja32: setup changes
  pata_legacy: typo fix
  pata_amd: Note in the module description it handles Nvidia
  sata_mv: fix loop with last port
  libata: ignore deverr on SETXFER if mode is configured
  pata_via: fix SATA cable detection on cx700

16 years agoMake topology fallback macros reference their arguments.
Andi Kleen [Mon, 11 Feb 2008 19:03:17 +0000 (20:03 +0100)]
Make topology fallback macros reference their arguments.

This avoids warnings with unreferenced variables in the !NUMA case.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
16 years agomlx4_core: Fix build break (missing include)
Olof Johansson [Mon, 11 Feb 2008 02:22:57 +0000 (20:22 -0600)]
mlx4_core: Fix build break (missing include)

Commit 313abe55 ("mlx4_core: For 64-bit systems, vmap() kernel queue
buffers") caused this to pop up on powerpc allyesconfig, looks like a
missing include file:

    drivers/net/mlx4/alloc.c: In function 'mlx4_buf_alloc':
    drivers/net/mlx4/alloc.c:162: error: implicit declaration of function 'vmap'
    drivers/net/mlx4/alloc.c:162: error: 'VM_MAP' undeclared (first use in this function)
    drivers/net/mlx4/alloc.c:162: error: (Each undeclared identifier is reported only once
    drivers/net/mlx4/alloc.c:162: error: for each function it appears in.)
    drivers/net/mlx4/alloc.c:162: warning: assignment makes pointer from integer without a cast
    drivers/net/mlx4/alloc.c: In function 'mlx4_buf_free':
    drivers/net/mlx4/alloc.c:187: error: implicit declaration of function 'vunmap'

Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Roland Dreier <rolandd@cisco.com>