Eamon Walsh [Thu, 24 Jan 2008 20:30:52 +0000 (15:30 -0500)]
selinux: make mls_compute_sid always polyinstantiate
This patch removes the requirement that the new and related object types
differ in order to polyinstantiate by MLS level. This allows MLS
polyinstantiation to occur in the absence of explicit type_member rules or
when the type has not changed.
Potential users of this support include pam_namespace.so (directory
polyinstantiation) and the SELinux X support (property polyinstantiation).
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
David Howells [Tue, 15 Jan 2008 23:47:35 +0000 (23:47 +0000)]
security: add a secctx_to_secid() hook
Add a secctx_to_secid() LSM hook to go along with the existing
secid_to_secctx() LSM hook. This patch also includes the SELinux
implementation for this hook.
Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
H. Peter Anvin [Sun, 30 Dec 2007 00:20:25 +0000 (16:20 -0800)]
security: remove security_sb_post_mountroot hook
The security_sb_post_mountroot() hook is long-since obsolete, and is
fundamentally broken: it is never invoked if someone uses initramfs.
This is particularly damaging, because the existence of this hook has
been used as motivation for not using initramfs.
Stephen Smalley confirmed on 2007-07-19 that this hook was originally
used by SELinux but can now be safely removed:
Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Eric Paris <eparis@parisplace.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: James Morris <jmorris@namei.org>
Security: remove security_file_mmap hook sparse-warnings (NULL as 0).
Fixing:
CHECK mm/mmap.c
mm/mmap.c:1623:29: warning: Using plain integer as NULL pointer
mm/mmap.c:1623:29: warning: Using plain integer as NULL pointer
mm/mmap.c:1944:29: warning: Using plain integer as NULL pointer
Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se> Signed-off-by: James Morris <jmorris@namei.org>
Eric Paris [Fri, 30 Nov 2007 18:00:35 +0000 (13:00 -0500)]
Security: add get, set, and cloning of superblock security information
Adds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and
security_clont_sb_mnt_opts to the LSM and to SELinux. This will allow
filesystems to directly own and control all of their mount options if they
so choose. This interface deals only with option identifiers and strings so
it should generic enough for any LSM which may come in the future.
Filesystems which pass text mount data around in the kernel (almost all of
them) need not currently make use of this interface when dealing with
SELinux since it will still parse those strings as it always has. I assume
future LSM's would do the same. NFS is the primary FS which does not use
text mount data and thus must make use of this interface.
An LSM would need to implement these functions only if they had mount time
options, such as selinux has context= or fscontext=. If the LSM has no
mount time options they could simply not implement and let the dummy ops
take care of things.
An LSM other than SELinux would need to define new option numbers in
security.h and any FS which decides to own there own security options would
need to be patched to use this new interface for every possible LSM. This
is because it was stated to me very clearly that LSM's should not attempt to
understand FS mount data and the burdon to understand security should be in
the FS which owns the options.
Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Kalle Valo [Thu, 24 Jan 2008 22:00:40 +0000 (14:00 -0800)]
spi: omap2_mcspi PIO RX fix
Before transmission of the last word in PIO RX_ONLY mode rx+tx mode
is enabled:
/* prevent last RX_ONLY read from triggering
* more word i/o: switch to rx+tx
*/
if (c == 0 && tx == NULL)
mcspi_write_cs_reg(spi,
OMAP2_MCSPI_CHCONF0, l);
But because c is decremented after the test, c will never be zero and
rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers.
Fix it by decrementing c in the beginning of the various I/O loops.
Signed-off-by: Kalle Valo <kalle.valo@nokia.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 24 Jan 2008 21:35:10 +0000 (13:35 -0800)]
Revert "mac80211: warn when receiving frames with unaligned data"
This reverts commit 81100eb80add328c4d2a377326f15aa0e7236398 for the
release, to avoid the unnecessary warning noise that is only really
relevant to wireless driver developers.
The warning will probably go right back in after I cut the release, but
at least we won't unnecessarily worry users.
Acked-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Thu, 24 Jan 2008 13:49:54 +0000 (05:49 -0800)]
slab: partially revert list3 changes
Partial revert the changes made by 04231b3002ac53f8a64a7bd142fde3fa4b6808c6
to the kmem_list3 management. On a machine with a memoryless node, this
BUG_ON was triggering
Larry Woodman [Thu, 24 Jan 2008 13:49:25 +0000 (05:49 -0800)]
fix hugepages leak due to pagetable page sharing
The shared page table code for hugetlb memory on x86 and x86_64
is causing a leak. When a user of hugepages exits using this code
the system leaks some of the hugepages.
-------------------------------------------------------
Part of /proc/meminfo just before database startup:
HugePages_Total: 5500
HugePages_Free: 5500
HugePages_Rsvd: 0
Hugepagesize: 2048 kB
Just before shutdown:
HugePages_Total: 5500
HugePages_Free: 4475
HugePages_Rsvd: 0
Hugepagesize: 2048 kB
The problem occurs durring a fork, in copy_hugetlb_page_range(). It
locates the dst_pte using huge_pte_alloc(). Since huge_pte_alloc() calls
huge_pmd_share() it will share the pmd page if can, yet the main loop in
copy_hugetlb_page_range() does a get_page() on every hugepage. This is a
violation of the shared hugepmd pagetable protocol and creates additional
referenced to the hugepages causing a leak when the unmap of the VMA
occurs. We can skip the entire replication of the ptes when the hugepage
pagetables are shared. The attached patch skips copying the ptes and the
get_page() calls if the hugetlbpage pagetable is shared.
[akpm@linux-foundation.org: coding-style cleanups] Signed-off-by: Larry Woodman <lwoodman@redhat.com> Signed-off-by: Adam Litke <agl@us.ibm.com> Cc: Badari Pulavarty <pbadari@us.ibm.com> Cc: Ken Chen <kenchen@google.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: William Lee Irwin III <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
: Stefan Roese <sr@denx.de> said:
> ppc: 4xx: sysctl table check failed: /kernel/l2cr .1.31 Missing strategy
>
> I'm seeing this error message when booting an recent arch/ppc kernel on
> 4xx platforms (tested on Ocotea and other 4xx platforms). Booting NFS
> rootfs still works fine, but this message kind of makes me "nervous".
> This is not seen on 4xx arch/powerpc platforms. Here the bootlog:
Because the data field was never filled and a binary sysctl handler was
never written this sysctl has never been usable through the sys_sysctl
interface. So just remove the binary sysctl number. Making the kernel
sanity checks happy.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Reported-by: Stefan Roese <sr@denx.de> Cc: Josh Boyer <jwboyer@gmail.com> Cc: Wolfgang Denk <wd@denx.de> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
that certain wireless drivers ended up having their name in module
memory, which would then crash the kernel on module unload.
The patch he proposed was a bit clumsy in that it increased the size of
a lockdep entry significantly; the patch below tries another approach,
it checks, on module teardown, if the name of a class is in module space
and then zaps the class. This is very similar to what we already do
with keys that are in module space.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Márton Németh [Thu, 24 Jan 2008 03:33:06 +0000 (22:33 -0500)]
ACPI: EC: add leading zeros to debug messages
Add leading zeros to pr_debug() calls. For example if x=0x0a, the format
"0x%2x" will result the string "0x a", the format "0x%2.2x" will result "0x0a".
Signed-off-by: Márton Németh <nm127@freemail.hu> Signed-off-by: Len Brown <len.brown@intel.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
sis190: scheduling while atomic error
sis190: mdio operation failure is not correctly detected
sis190: remove duplicate INIT_WORK
sis190: add cmos ram access code for the SiS19x/968 chipset pair
[INET]: Fix truesize setting in ip_append_data
[NETNS]: Re-export init_net via EXPORT_SYMBOL.
iwlwifi: fix possible read attempt on ucode that is not available
[IPV4]: Add missing skb->truesize increment in ip_append_page().
[TULIP] DMFE: Fix SROM parsing regression.
[BLUETOOTH]: Move children of connection device to NULL before connection down.
Len Brown [Thu, 24 Jan 2008 01:06:41 +0000 (20:06 -0500)]
ACPI: Delete Intel Customer Reference Board (CRB) from OSI(Linux) DMI list
Linux does not want BIOS writers to invoke _OSI(Linux) -
for in the field it causes more Windows incompatibility problems
than it solves.
So when it is seen in the BIOS for an Intel Customer Reference Board,
Linux should ignore its effect by default, and should complain loudly.
Otherwise, the reference BIOS will go unfixed, and the bad BIOS
will spread to the field.
Users of this board can get the old behavior with "acpi_osi=Linux"
As this was the only entry, delete acpi_osl_dmi_table[].
Herbert Xu [Wed, 23 Jan 2008 06:39:26 +0000 (22:39 -0800)]
[INET]: Fix truesize setting in ip_append_data
As it is ip_append_data only counts page fragments to the skb that
allocated it. As such it means that the first skb gets hit with a
4K charge even though it might have only used a fraction of it while
all subsequent skb's that use the same page gets away with no charge
at all.
This bug was exposed by the UDP accounting patch.
[ The wmem_alloc bumping needs to be moved with the truesize,
noticed by Takahiro Yasui. -DaveM ]
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Wed, 23 Jan 2008 06:05:33 +0000 (22:05 -0800)]
[NETNS]: Re-export init_net via EXPORT_SYMBOL.
init_net is used added as a parameter to a lot of old API calls, f.e.
ip_dev_find. These calls were exported as EXPORT_SYMBOL. So, export init_net
as EXPORT_SYMBOL to keep networking API consistent.
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 22 Jan 2008 07:20:58 +0000 (23:20 -0800)]
[TULIP] DMFE: Fix SROM parsing regression.
Changeset 16b110c3fd760620b4a787db6ed512fe531ab1b5 (dmfe warning fix)
bothed up the offsets read from the SROM so that it doesn't read the
same datums it used to.
The change made transformations like turning:
"srom + 34"
into
"(__le32 *)srom + 34/4"
which doesn't work because 4 does not divide evenly
into 34 so we're using a different pointer offset
than in the original code.
I've changed theses cases in dmfe_parse_srom() to
consistently use "(type *)(srom + offset)" preserving
the offsets from the original code.
Signed-off-by: David S. Miller <davem@davemloft.net>
Dave Young [Tue, 22 Jan 2008 06:35:21 +0000 (22:35 -0800)]
[BLUETOOTH]: Move children of connection device to NULL before connection down.
The rfcomm tty device will possibly retain even when conn is down, and
sysfs doesn't support zombie device moving, so this patch move the tty
device before conn device is destroyed.
For the bug refered please see :
http://lkml.org/lkml/2007/12/28/87
Signed-off-by: Dave Young <hidave.darkstar@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jordan Crouse [Tue, 22 Jan 2008 22:30:16 +0000 (23:30 +0100)]
x86: GEODE fix a race condition in the MFGPT timer tick
When we set the MFGPT timer tick, there is a chance that we'll
immediately assert an event. If for some reason the IRQ routing
for this clock has been setup for some other purpose, then we
could end up firing an interrupt into the SMM handler or worse.
This rearranges the timer tick init function to initalize the handler
before we set up the MFGPT clock to make sure that even if we get
an event, it will go to the handler.
Furthermore, in the handler we need to make sure that we clear the
event, even if the timer isn't running.
Signed-off-by: Jordan Crouse <jordan.crouse@amd.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Tested-by: Arnd Hannemann <hannemann@i4.informatik.rwth-aachen.de>
Fix typo in arch/powerpc/boot/flatdevtree_env.h.
There is no Documentation/networking/ixgbe.txt.
README.cycladesZ is now in Documentation/.
wavelan.p.h is now in drivers/net/wireless/.
HFS.txt is now Documentation/filesystems/hfs.txt.
OSS-files are now in sound/oss/.
Signed-off-by: Johann Felix Soden <johfel@users.sourceforge.net> Acked-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Fries [Tue, 22 Jan 2008 11:31:39 +0000 (03:31 -0800)]
W1: w1_therm.c is flagging 0C etc as invalid
The extra rom[0] check is flagging valid temperatures as invalid when
there is already a CRC data transmission check.
w1_therm_read_bin()
if (rom[8] == crc && rom[0])
verdict = 1;
Requiring rom[0] to be non-zero will flag as invalid temperature
conversions when the low byte is zero, specifically the temperatures 0C,
16C, 32C, 48C, -16C, -32C, and -48C.
The CRC check is produced on the device for the previous 8 bytes and is
required to ensure the data integrity in transmission. I don't see why the
extra check for rom[0] being non-zero is in there. Evgeniy Polyakov didn't
know either. Just for a check I unplugged the sensor, executed a
temperature conversion, and read the results. The read was all ff's, which
also failed the CRC, so it doesn't need to protect against a disconnected
sensor.
I have more extensive patches in the work, but these two trivial ones will
do for today. I would like to hear from people who use the ds2490 USB to
one wire dongle. 1 if you would be willing to test the patches as I
currently only have the one sensor on a short parisite powered wire, 2 if
there is any cheap sources for the ds2490.
Signed-off-by: David Fries <david@fries.net> Acked-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Correct the decoding of negative C temperatures. The code did a binary OR
of two bytes to make a 16 bit value, but assignd it to an integer. This
caused the value to not be sign extended and to loose that it was a
negative number in the assignment.
Before the patch (in my freezer),
w1_slave
ed fe 4b 46 7f ff 03 10 e4 : crc=e4 YES
ed fe 4b 46 7f ff 03 10 e4 t=4078
With the patch,
e3 fe 4b 46 7f ff 0d 10 81 : crc=81 YES
e3 fe 4b 46 7f ff 0d 10 81 t=-17
Signed-off-by: David Fries <david@fries.net> Acked-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bjorn Helgaas [Tue, 22 Jan 2008 12:21:03 +0000 (07:21 -0500)]
hwmon: (it87) request only Environment Controller ports
The IT8705F and related parts are Super I/O controllers that contain
many separate devices.
Some BIOSes describe IT8705F I/O port usage under a motherboard device
(PNP0C02) with overlapping regions, e.g., 0x290-0x29f and 0x290-0x294.
The it87 driver supports only the Environment Controller, which requires
only two ISA ports, but it used to request an eight-port range. If that
range exceeds a range reported by the BIOS, as 0x290-0x297 would, the
request fails, and the it87 driver cannot claim the device.
This patch makes the it87 driver request only the two ports used for the
Environment Controller device.
Systems where this problem has been reported:
Gigabyte GA-K8N Ultra 9
Gigabyte M56S-S3
Gigabyte GA-965G-DS3
The patch above increases the number of PNP port resources we support.
Prior to this patch, we ignored some port resources, which masked the
it87 problem.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
It tried to fix long standing bugzilla entries, but the solution was
reported to break other systems. The reporter of
http://bugzilla.kernel.org/show_bug.cgi?id=9791
tracked it down to this commit and confirmed that reverting the patch
restores the correct behaviour. It's too late in the release cycle to
find a better solution than reverting the commit to avoid regressions.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu>
Sam Ravnborg [Tue, 22 Jan 2008 01:25:37 +0000 (17:25 -0800)]
[SPARC64]: Fix section error in sparcspkr
With a sparc64 defconfig modified to set CONFIG_HOTPLUG=n
the following error happened during link of vmlinux:
local symbol 0: discarded in section `.devexit.text' from drivers/built-in.o
local symbol 1: discarded in section `.devexit.text' from drivers/built-in.o
(The error message above is from kbuild.git but it happens in mainline too)
The error happens becase there is a reference from .text/.data to a
function marked __devexit. With CONFIG_HOTPLUG=n all code marked
__devexit are discarded and the linker complains.
It was tracked down to sparcspkr.c which were missing __devexit_p()
around the function pointers.
Unfortunately modpost did not catch this since modpost do not warn
about references from .data to .devexit from variables named *_driver.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 22 Jan 2008 03:40:05 +0000 (19:40 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
tc35815: Use irq number for tc35815-mac platform device id
[MIPS] Malta: Fix reading the PCI clock frequency on big-endian
[MIPS] SMTC: Fix build error.
Andrew G. Morgan [Tue, 22 Jan 2008 01:18:30 +0000 (17:18 -0800)]
Fix filesystem capability support
In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was
introduced. It has the exact reverse of its intended behavior. This
led to an unintended privilege esculation involving a process'
inheritable capability set.
To be exposed to this bug, you need to have Filesystem Capabilities
enabled and in use. That is:
- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code
to be compiled in.
- You also need to have files on your system marked with fI bits raised.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Stefan Schmidt [Tue, 22 Jan 2008 01:18:27 +0000 (17:18 -0800)]
s3c2410_fb: fix line length calculation
Fix line length calculation. var->width is the size of the display in mm. We
like to use the pixel size.
Without this fix, dynamic (fbset) based resolution and depths changes with
s3c2410_fb don't work at all.
Spotted by john cass <johnpcass@yahoo.com>
Signed-off-by: Stefan Schmidt <stefan@openmoko.org> Signed-off-by: Harald Welte <laforge@openmoko.org> Acked-by: Ben Dooks <ben-linux@fluff.org> Acked-by: Arnaud Patard <arnaud.patard@rtp-net.org> Acked-by: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: "Antonino A. Daplas" <adaplas@pol.net> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Randy Dunlap [Tue, 22 Jan 2008 01:18:25 +0000 (17:18 -0800)]
timer: fix section mismatch
The caller is __cpuinit.
Also, this code block and its caller are inside #ifdef CONFIG_HOTPLUG_CPU
blocks, so this code should reflect that config symbol's usage.
WARNING: vmlinux.o(.text+0x4252f): Section mismatch: reference to .init.text: (between 'timer_cpu_notify' and 'msleep')
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Sam Ravnborg <sam@ravnborg.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Alan Cox [Tue, 22 Jan 2008 01:18:24 +0000 (17:18 -0800)]
keyspan: fix oops
If we get a data URB back from the hardware after we have put the tty to
bed we go kaboom. Fortunately all we need to do is process the URB without
trying to ram its contents down the throat of an ex-tty.
Signed-off-by: Alan Cox <alan@redhat.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
Atsushi Nemoto [Fri, 18 Jan 2008 16:15:52 +0000 (01:15 +0900)]
tc35815: Use irq number for tc35815-mac platform device id
The tc35815-mac platform device used a pci bus number and a devfn to
identify its target device, but the pci bus number may vary if some
bus-bridges are found. Use irq number which is be unique for embedded
controllers.
Dmitri Vorobiev [Mon, 14 Jan 2008 21:27:46 +0000 (00:27 +0300)]
[MIPS] Malta: Fix reading the PCI clock frequency on big-endian
The JMPRS register on Malta boards keeps a 32-bit CPU-endian
value. The readw() function assumes that the value it reads is a
little-endian 16-bit number. Therefore, using readw() to obtain
the value of the JMPRS register is a mistake. This error leads
to incorrect reading of the PCI clock frequency on big-endian
during board start-up.
Change readw() to __raw_readl().
This was tested by injecting a call to printk() and verifying
that the value of the jmpr variable was consistent with current
setting of the JP4 "PCI CLK" jumper.
Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
In that patch, David L added a icmp_out_count() in
ip_push_pending_frames(), remove icmp_out_count() from
icmp_reply(). But he forgot to remove icmp_out_count() from
icmp_send() too. Since icmp_send and icmp_reply will call
icmp_push_reply, which will call ip_push_pending_frames, a duplicated
increment happened in icmp_send.
This patch remove the icmp_out_count from icmp_send too.
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wang Chen [Mon, 21 Jan 2008 11:05:43 +0000 (03:05 -0800)]
[IPV6]: RFC 2011 compatibility broken
The snmp6 entry name was changed, and it broke compatibility
to RFC 2011.
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Wang Chen [Mon, 21 Jan 2008 11:04:47 +0000 (03:04 -0800)]
[IPV6]: ICMP6_MIB_OUTMSGS increment duplicated
icmpv6_send() calls ip6_push_pending_frames() indirectly.
Both ip6_push_pending_frames() and icmpv6_send() increment
counter ICMP6_MIB_OUTMSGS.
This patch remove the increment from icmpv6_send.
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Mon, 21 Jan 2008 01:25:14 +0000 (17:25 -0800)]
[NET]: rtnl_link: fix use-after-free
When unregistering the rtnl_link_ops, all existing devices using
the ops are destroyed. With nested devices this may lead to a
use-after-free despite the use of for_each_netdev_safe() in case
the upper device is next in the device list and is destroyed
by the NETDEV_UNREGISTER notifier.
The easy fix is to restart scanning the device list after removing
a device. Alternatively we could add new devices to the front of
the list to avoid having dependant devices follow the device they
depend on. A third option would be to only restart scanning if
dev->iflink of the next device matches dev->ifindex of the current
one. For now this seems like the safest solution.
With this patch, the veth rtnl_link_ops unregistration can use
rtnl_link_unregister() directly since it now also handles destruction
of multiple devices at once.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Mon, 21 Jan 2008 00:58:04 +0000 (16:58 -0800)]
[IrDA]: af_irda memory leak fixes
Here goes an IrDA patch against your latest net-2.6 tree.
This patch fixes some af_irda memory leaks. It also checks for
irias_new_obect() return value.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 21 Jan 2008 00:39:03 +0000 (16:39 -0800)]
[NEIGH]: Revert 'Fix race between neigh_parms_release and neightbl_fill_parms'
Commit 9cd40029423701c376391da59d2c6469672b4bed (Fix race between
neigh_parms_release and neightbl_fill_parms) introduced device
reference counting regressions for several people, see:
http://bugzilla.kernel.org/show_bug.cgi?id=9778
for example.
Signed-off-by: David S. Miller <davem@davemloft.net>
When packets are flood-forwarded to multiple output devices, the
bridge-netfilter code reuses skb->nf_bridge for each clone to store
the bridge port. When queueing packets using NFQUEUE netfilter takes
a reference to skb->nf_bridge->physoutdev, which is overwritten
when the packet is forwarded to the second port. This causes
refcount unterflows for the first device and refcount leaks for all
others. Additionally this provides incorrect data to the iptables
physdev match.
Unshare skb->nf_bridge by copying it if it is shared before assigning
the physoutdev device.
Reported, tested and based on initial patch by
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
[IPV6] ROUTE: Make sending algorithm more friendly with RFC 4861.
We omit (or delay) sending NSes for known-to-unreachable routers (in
NUD_FAILED state) according to RFC 4191 (Default Router Preferences
and More-Specific Routes). But this is not fully compatible with RFC
4861 (Neighbor Discovery Protocol for IPv6), which does not remember
unreachability of neighbors.
So, let's avoid mixing sending algorithm of RFC 4191 and that of RFC
4861, and make the algorithm more friendly with RFC 4861 if RFC 4191
is disabled.
Issue was found by IPv6 Ready Logo Core Self_Test 1.5.0b2 (by TAHI
Project), and has been tracked down by Mitsuru Chinen
<mitch@linux.vnet.ibm.com>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Fri, 18 Jan 2008 12:30:21 +0000 (04:30 -0800)]
[IPV4] FIB_HASH : Avoid unecessary loop in fn_hash_dump_zone()
I noticed "ip route list" was slower than "cat /proc/net/route" on a
machine with a full Internet routing table (214392 entries : Special
thanks to Robert ;) )
David S. Miller [Fri, 18 Jan 2008 12:21:39 +0000 (04:21 -0800)]
[NET]: Fix interrupt semaphore corruption in Intel drivers.
Several of the Intel ethernet drivers keep an atomic counter used to
manage when to actually hit the hardware with a disable or an enable.
The way the net_rx_work() breakout logic works during a pending
napi_disable() is that it simply unschedules the poll even if it
still has work.
This can potentially leave interrupts disabled, but that is OK
because all of the drivers are about to disable interrupts
anyways in all such code paths that do a napi_disable().
Unfortunately, this trips up the semaphore used here in the Intel
drivers. If you hit this case, when you try to bring the interface
back up it won't enable interrupts. A reload of the driver module
fixes it of course.
So what we do is make sure all the sequences now go:
Russell King [Sun, 20 Jan 2008 10:18:12 +0000 (10:18 +0000)]
Merge branch 'omap-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6
* 'omap-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6:
ARM: OMAP1: Fix compile for board-nokia770
ARM: OMAP1: Keymap fix for f-sample and p2-sample
Dan Williams [Fri, 18 Jan 2008 22:26:10 +0000 (23:26 +0100)]
[ARM] 4748/1: dca: source drivers/dca/Kconfig in arch/arm/Kconfig to fix warning
'select' used by config symbol 'INTEL_IOATDMA' refers to undefined symbol 'DCA'
Although drivers/dma is currently the only user future drivers outside of
drivers/dma may select this option so it is better to add this to
arch/arm/Kconfig than move DCA to drivers/dma/Kconfig.
Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
projects / linux-beck.git / log