David Miller [Sat, 16 Feb 2008 00:08:59 +0000 (16:08 -0800)]
ath5k: Fix build warnings on some 64-bit platforms.
'u64' is not necessarily 'unsigned long long'
drivers/net/wireless/ath5k/base.c: In function 'ath5k_beacon_update_timers':
drivers/net/wireless/ath5k/base.c:2130: warning: format '%llx' expects type 'long long unsigned int', but argument 4 has type 'u64'
drivers/net/wireless/ath5k/base.c:2130: warning: format '%llx' expects type 'long long unsigned int', but argument 5 has type 'u64'
drivers/net/wireless/ath5k/base.c: In function 'ath5k_intr':
drivers/net/wireless/ath5k/base.c:2391: warning: format '%llx' expects type 'long long unsigned int', but argument 6 has type 'u64'
Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jiri Slaby [Fri, 15 Feb 2008 20:58:52 +0000 (21:58 +0100)]
WDEV, ath5k, don't return int from bool function
sparse sees int -> bool cast as an error:
hw.c:3754:10: warning: cast truncates bits from constant value (ffffffea becomes 0)
Fix it by converting the rettype to int and check appropriately.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jiri Slaby [Fri, 15 Feb 2008 20:58:51 +0000 (21:58 +0100)]
WDEV: ath5k, fix lock imbalance
Omitted lock causes sparse warning
drivers/net/wireless/ath5k/base.c:1682:1: warning: context imbalance in 'ath5k_tasklet_rx' - different lock contexts for basic block
Add the lock to the guilty fail path.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Nick Kossifidis <mickflemm@gmail.com> Cc: Luis R. Rodriguez <mcgrof@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Pavel Emelyanov [Wed, 20 Feb 2008 08:23:01 +0000 (00:23 -0800)]
[SCTP]: Pick up an orphaned sctp_sockets_allocated counter.
This counter is currently write-only.
Drawing an analogy with the similar tcp counter, I think
that this one should be pointed by the sockets_allocated
members of sctp_prot and sctpv6_prot.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Lezcano [Wed, 20 Feb 2008 08:21:47 +0000 (00:21 -0800)]
veth: fix dev refcount race
When deleting the veth driver, veth_close calls netif_carrier_off
for the two extremities of the network device. netif_carrier_off on
the peer device will fire an event and hold a reference on the peer
device. Just after, the peer is unregistered taking the rtnl_lock while
the linkwatch_event is scheduled. If __linkwatch_run_queue does not
occurs before the unregistering, unregister_netdevice will wait for
the dev refcount to reach zero holding the rtnl_lock and linkwatch_event
will wait for the rtnl_lock and hold the dev refcount.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
The host address parts need to be converted to host-endian first
before arithmetic makes any sense on them.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Jan Engelhardt [Wed, 20 Feb 2008 01:19:44 +0000 (17:19 -0800)]
[NETFILTER]: xt_hashlimit: remove unneeded struct member
By allocating ->hinfo, we already have the needed indirection to cope
with the per-cpu xtables struct match_entry.
[Patrick: do this now before the revision 1 struct is used by userspace]
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Robert P. J. Day [Wed, 20 Feb 2008 01:19:14 +0000 (17:19 -0800)]
[NETFILTER]: Make sure xt_policy.h is unifdef'ed.
Since the header file xt_policy.h tests __KERNEL__, it should be
unifdef'ed before exporting to userspace.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Joonwoo Park [Wed, 20 Feb 2008 01:18:47 +0000 (17:18 -0800)]
[NETFILTER]: Fix incorrect use of skb_make_writable
http://bugzilla.kernel.org/show_bug.cgi?id=9920
The function skb_make_writable returns true or false.
Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Wed, 20 Feb 2008 01:18:20 +0000 (17:18 -0800)]
[NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it
The int ret variable is used only to trigger the BUG_ON() after
the skb_copy_bits() call, so check the call failure directly
and drop the variable.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Wed, 20 Feb 2008 01:17:52 +0000 (17:17 -0800)]
[NETFILTER]: {ip,ip6,nfnetlink}_queue: fix SKB_LINEAR_ASSERT when mangling packet data
As reported by Tomas Simonaitis <tomas.simonaitis@gmail.com>,
inserting new data in skbs queued over {ip,ip6,nfnetlink}_queue
triggers a SKB_LINEAR_ASSERT in skb_put().
Going back through the git history, it seems this bug is present since
at least 2.6.12-rc2, probably even since the removal of
skb_linearize() for netfilter.
Linearize non-linear skbs through skb_copy_expand() when enlarging
them. Tested by Thomas, fixes bugzilla #9933.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Adrian Bunk [Wed, 20 Feb 2008 00:28:54 +0000 (16:28 -0800)]
ipv4/fib_hash.c: fix NULL dereference
Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e080c318f8d4467679d17807f42b3a33cd5 ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.
Eric Dumazet says:
Hum, you are right, kmem_cache_free() doesnt allow a NULL
object, like kfree() does.
Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Messed multicast lists after dev_mc_sync/unsync
Commit a0a400d79e3dd7843e7e81baa3ef2957bdc292d0 ("[NET]: dev_mcast:
add multicast list synchronization helpers") from you introduced a new
field "da_synced" to struct dev_addr_list that is not properly
initialized to 0. So when any of the current users (8021q, macvlan,
mac80211) calls dev_mc_sync/unsync they mess the address list for both
devices.
The attached patch fixed it for me and avoid future problems.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Denis V. Lunev [Tue, 19 Feb 2008 04:49:36 +0000 (20:49 -0800)]
[IPV6]: dst_entry leak in ip4ip6_err. (resend)
The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[XFRM]: Fix ordering issue in xfrm_dst_hash_transfer().
Keep ordering of policy entries with same selector in
xfrm_dst_hash_transfer().
Issue should not appear in usual cases because multiple policy entries
with same selector are basically not allowed so far. Bug was pointed
out by Sebastien Decugis <sdecugis@hongo.wide.ad.jp>.
We could convert bydst from hlist to list and use list_add_tail()
instead.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Sebastien Decugis <sdecugis@hongo.wide.ad.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
S.Çağlar Onur [Mon, 18 Feb 2008 07:25:57 +0000 (23:25 -0800)]
[BLUETOOTH] net/bluetooth/hci_core.c: Use time_* macros
The functions time_before, time_before_eq, time_after, and
time_after_eq are more robust for comparing jiffies against other
values.
So following patch implements usage of the time_after() macro, defined
at linux/jiffies.h, which deals with wrapping correctly
Signed-off-by: S.Çağlar Onur <caglar@pardus.org.tr> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Jarek Poplawski [Mon, 18 Feb 2008 06:31:19 +0000 (22:31 -0800)]
[AX25] ax25_out: check skb for NULL in ax25_kick()
According to some OOPS reports ax25_kick tries to clone NULL skbs
sometimes. It looks like a race with ax25_clear_queues(). Probably
there is no need to add more than a simple check for this yet.
Another report suggested there are probably also cases where ax25
->paclen == 0 can happen in ax25_output(); this wasn't confirmed
during testing but let's leave this debugging check for some time.
Reported-and-tested-by: Jann Traschewski <jann@gmx.de> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Make the indented lines aligned in the output (not in the code).
Signed-off-by: Uwe Kleine-Koenig <Uwe.Kleine-Koenig@digi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
It causes recursive locking in IPV6 because unlike other
neighbour layer clients, it even needs neighbour cache
entries to send neighbour soliciation messages :-(
We'll have to find another way to fix this race.
Signed-off-by: David S. Miller <davem@davemloft.net>
Stefano Brivio [Sat, 9 Feb 2008 06:20:43 +0000 (07:20 +0100)]
b43legacy: Add driver load messages
This adds printk messages with basic information about the driver being loaded.
This information includes a summary of the compiled-in features, which
simplifies bug-reporting and debugging a lot.
Also a firmware ID is printed. This is a unique identifier blob for a specific
version of the firmware. This ID is attached to a specific version of the firmware
blob in b43-fwcutter (see fwcutter git).
This helps users to select the right firmware for their device.
This also makes it possible to use automated scripts to fetch and extract the right
firmware for the driver. (The script will grep the .ko for the "Firmware-ID: xxx" string.)
While the driver might still support other versions of the firmware for backward
compatibility, this will always print out the officially supported version, which
people _should_ use.
Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Williams [Thu, 14 Feb 2008 22:49:41 +0000 (17:49 -0500)]
ipw2200: fix ucode assertion for RX queue overrun
Restock the RX queue when there are a lot of unused frames so that the
RX ring buffer doesn't overrun, causing a ucode assertion. Backport of
patch "iwlwifi: fix ucode assertion for RX queue overrun".
Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reinette Chatre [Thu, 14 Feb 2008 18:40:28 +0000 (10:40 -0800)]
iwlwifi: only check for association id when associating with AP
There is no association process in IBSS mode - so testing the
association id is not needed.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> CC: Richard Scherping <richard@scherping.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Tomas Winkler [Wed, 13 Feb 2008 00:47:54 +0000 (02:47 +0200)]
iwlwifi: reverting 'misc wireless annotations' patch for iwlwifi
This patch revert commit blow that wrongly suppressed sparse warning in
iwlwifi eeprom reading
In addtion it suppresses correctly the iwlwifi eeprom register reading anomaly.
commit 45883ae47a0a4700c0f4716dc75a255cccdc3a76
misc wireless annotations Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sun, 10 Feb 2008 13:16:52 +0000 (14:16 +0100)]
mac80211: Fix initial hardware configuration
On the initial device-open we need to defer the hardware reconfiguration
after we incremented the open_count, because the hw_config checks this flag
and won't call the lowlevel driver in case it is zero.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Fri, 8 Feb 2008 23:18:35 +0000 (00:18 +0100)]
b43: Add driver load messages
This adds printk messages with basic information about the driver being loaded.
This information includes a summary of the compiled-in features, which
simplifies bug-reporting and debugging a lot.
Also a firmware ID is printed. This is a unique identifier blob for a specific
version of the firmware. This ID is attached to a specific version of the firmware
blob in b43-fwcutter (see fwcutter git).
This helps users to select the right firmware for their device.
This also makes it possible to use automated scripts to fetch and extract the right
firmware for the driver. (the script will grep the .ko for the "Firmware-ID: xxx" string.
While the driver might still support other versions of the firmware for backward
compatibility, this will always print out the officially supported version, which
people _should_ use.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stefano Brivio [Fri, 8 Feb 2008 05:31:53 +0000 (06:31 +0100)]
b43legacy: fix DMA for 30/32-bit DMA engines
This checks if the DMA address is bigger than what the controller can manage.
It will reallocate the buffers in the GFP_DMA zone in that case.
The patch by Michael Buesch has been ported to b43legacy.
Thanks to Matti Viljanen for reporting this.
Cc: Matti Viljanen <viljanen.matti@gmail.com> Signed-off-by: Stefano Brivio <stefano.brivio@polimi.it> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Mohamed Abbas [Thu, 7 Feb 2008 21:16:33 +0000 (13:16 -0800)]
iwlwifi: earlier rx allocation
Value of count is used to decide when to replenish rx buffers. If it is
equal or above 8 we replenish the buffers. Ensure there is no starvation
by initializing count to 8 - thus forcing replenish at first iteration.
This is helpful when rx receives batches of buffers smaller than 8.
Signed-off-by: Mohamed Abbas <mabbas@linux.intel.com> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch prevents sending host commands when rfkill is on
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reinette Chatre [Wed, 6 Feb 2008 19:20:38 +0000 (11:20 -0800)]
iwlwifi: do not clear GEO_CONFIGURED bit when calling _down
The geos information is set up during probe and should only
be removed during pci_remove, not during _down.
This is a temporary fix until the setting of the status bits
have been cleaned up (to explicitly match all setting with
clearing of status bits).
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jussi Kivilinna [Wed, 6 Feb 2008 13:36:10 +0000 (15:36 +0200)]
rndis_wlan: enable stall workaround by link quality instead of link speed
Enable workaround for poor link stalls by link quality instead of link
speed. Using link speed caused workaround be active always on 802.11b
networks which reduced performance and not even catch all stalls.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Bruno Randolf [Tue, 5 Feb 2008 09:44:55 +0000 (18:44 +0900)]
ath5k: correct padding in tx descriptors
when setting up the tx descriptors for the hardware we must account for any
padding between the header and the data we might have added previously. frame
len is the length of the frame in the air (including FCS but no padding) and
buffer len is the length of the buffer (including padding, but without FCS).
changing the way ah_setup_tx_desc is called: now excluding the FCS, since it's
easier to add that in the function where we need it.
before this fix we sent trailing zero bytes after the packet (because frame len
included the padding) which was not a big problem without WEP, but with WEP
this resultes in a wrong WEP checksum and the packet is discarded - which is
how i noticed at all ;)
an easy way to run into header padding problems, btw, is to connect to a QoS
(WME) enabled access point (eg. madwifi) - QoS data frames are 2 byte longer
and will require padding.
this patch applies on top of luis latest patch series from 04.02.2008.
David Graham [Thu, 14 Feb 2008 18:17:20 +0000 (10:17 -0800)]
e1000e: PCIe devices do not need to unset MANC_ARP_ENA
Users reported that ARP's were lost with e1000e. The problem
is fixed by not enabling this manageability configuration
bit.
None of the release_manageability code is actually needed as the
normal device reset during a shutdown returns everthing to
the right condition automatically.
Signed-off-by: David Graham <david.graham@intel.com> Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
David Graham [Thu, 14 Feb 2008 18:17:12 +0000 (10:17 -0800)]
igb: PCIe devices do not need to unset MANC_ARP_ENA
Users reported that ARP's were lost with igb. The problem
is fixed by not enabling this manageability configuration
bit.
None of the release_manageability code is actually needed as the
normal device reset during a shutdown returns everthing to
the right condition automatically.
Signed-off-by: David Graham <david.graham@intel.com> Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Tue, 12 Feb 2008 23:20:33 +0000 (15:20 -0800)]
ixgbe: Correctly obtain protocol information on transmit
In reply to "RE: [Fwd: [PATCH 2.6.25] ixgbe/igb: correctly obtain protocol
information on transmit]" from Andy Gospodarek:
The driver was incorrectly looking at socket headers for
protocol information, needed for checksumming offload. Fix
this by not looking at the socket but frame headers instead.
This disregards extension headers but it's unclear that linux
generates those anyway.
Tested by Andy Gospodarek.
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Tue, 12 Feb 2008 23:20:24 +0000 (15:20 -0800)]
e1000e: Fix CRC stripping in hardware context bug
CRC stripping was only correctly enabled for packet split recieves
which is used when receiving jumbo frames. Correctly enable SECRC
also for normal buffer packet receives.
Tested by Andy Gospodarek and Johan Andersson, see bugzilla #9940.
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Jarek Poplawski [Wed, 13 Feb 2008 11:17:58 +0000 (11:17 +0000)]
mkiss: ax_bump() locking fix
According to one of OOPSes reported by Jann softirq can break
while skb is prepared for netif_rx. The report isn't complete,
so the real reason of the later bug could be different, but
IMHO this locking break in ax_bump is unsafe and unnecessary.
Chuck Ebbert [Thu, 14 Feb 2008 00:47:11 +0000 (19:47 -0500)]
Fix station address detection in smc
Megahertz EM1144 PCMCIA ethernet adapter needs special handling
because it has two VERS_1 tuples and the station address is in
the second one. Conversion to generic handling of these fields
broke it. Reverting that fixes the device.
Keiichi KII [Fri, 15 Feb 2008 10:01:58 +0000 (02:01 -0800)]
netconsole: avoid null pointer dereference at show_local_mac()
This patch avoids a null pointer dereference when we read local_mac
for netconsole in configfs and shows default local mac address
value.
A null pointer dereference occurs when we call show_local_mac() via
local_mac entry in configfs before we setup the content of netpoll
using netpoll_setup().
Signed-off-by: Keiichi KII <k-keiichi@bx.jp.nec.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Mundt [Thu, 14 Feb 2008 22:48:45 +0000 (14:48 -0800)]
net: xfrm statistics depend on INET
net/built-in.o: In function `xfrm_policy_init':
/home/pmundt/devel/git/sh-2.6.25/net/xfrm/xfrm_policy.c:2338: undefined reference to `snmp_mib_init'
snmp_mib_init() is only built in if CONFIG_INET is set.
Signed-off-by: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Neil Turton [Wed, 13 Feb 2008 07:13:48 +0000 (23:13 -0800)]
[NET]: Improve cache line coherency of ingress qdisc
Move the ingress qdisc members of struct net_device from the transmit
cache line to the receive cache line to avoid cache line ping-pong.
These members are only used on the receive path.
Signed-off-by: Neil Turton <nturton@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
There is a race in Linux kernel file net/core/dev.c, function dev_close.
The function calls function dev_deactivate, which calls function
dev_watchdog_down that deletes the watchdog timer. However, after that, a
driver can call netif_carrier_ok, which calls function
__netdev_watchdog_up that can add the watchdog timer again. Function
unregister_netdevice calls function dev_shutdown that traps the bug
!timer_pending(&dev->watchdog_timer). Moving dev_deactivate after
netif_running() has been cleared prevents function netif_carrier_on
from calling __netdev_watchdog_up and adding the watchdog timer again.
Signed-off-by: Matti Linnanvuori <mattilinnanvuori@yahoo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Wed, 13 Feb 2008 06:50:35 +0000 (22:50 -0800)]
[IPSEC]: Fix bogus usage of u64 on input sequence number
Al Viro spotted a bogus use of u64 on the input sequence number which
is big-endian. This patch fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
[RTNETLINK]: Send a single notification on device state changes.
In do_setlink() a single notification is sent at the end of the
function if any modification occured. If the address has been changed,
another notification is sent.
Both of them is required because originally only the NETDEV_CHANGEADDR
notification was sent and although device state change implies address
change, some programs may expect the original notification. It remains
for compatibity.
If set_operstate() is called from do_setlink(), it doesn't send a
notification, only if it is called from rtnl_create_link() as earlier.
Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Wed, 13 Feb 2008 06:37:19 +0000 (22:37 -0800)]
[NETLABEL]: Don't produce unused variables when IPv6 is off.
Some code declares variables on the stack, but uses them
under #ifdef CONFIG_IPV6, so thay become unused when ipv6
is off. Fortunately, they are used in a switch's case
branches, so the fix is rather simple.
Is it OK from coding style POV to add braces inside "cases",
or should I better avoid such style and rework the patch?
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Wed, 13 Feb 2008 06:16:33 +0000 (22:16 -0800)]
[GENETLINK]: Relax dances with genl_lock.
The genl_unregister_family() calls the genl_unregister_mc_groups(),
which takes and releases the genl_lock and then locks and releases
this lock itself.
Relax this behavior, all the more so the genl_unregister_mc_groups()
is called from genl_unregister_family() only.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Wed, 13 Feb 2008 02:07:27 +0000 (18:07 -0800)]
[IPV6]: Fix IPsec datagram fragmentation
This is a long-standing bug in the IPsec IPv6 code that breaks
when we emit a IPsec tunnel-mode datagram packet. The problem
is that the code the emits the packet assumes the IPv6 stack
will fragment it later, but the IPv6 stack assumes that whoever
is emitting the packet is going to pre-fragment the packet.
In the long term we need to fix both sides, e.g., to get the
datagram code to pre-fragment as well as to get the IPv6 stack
to fragment locally generated tunnel-mode packet.
For now this patch does the second part which should make it
work for the IPsec host case.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 12 Feb 2008 05:45:44 +0000 (21:45 -0800)]
[NDISC]: Fix race in generic address resolution
Frank Blaschka provided the bug report and the initial suggested fix
for this bug. He also validated this version of this fix.
The problem is that the access to neigh->arp_queue is inconsistent, we
grab references when dropping the lock lock to call
neigh->ops->solicit() but this does not prevent other threads of
control from trying to send out that packet at the same time causing
corruptions because both code paths believe they have exclusive access
to the skb.
The best option seems to be to hold the write lock on neigh->lock
during the ->solicit() call. I looked at all of the ndisc_ops
implementations and this seems workable. The only case that needs
special care is the IPV4 ARP implementation of arp_solicit(). It
wants to take neigh->lock as a reader to protect the header entry in
neigh->ha during the emission of the soliciation. We can simply
remove the read lock calls to take care of that since holding the lock
as a writer at the caller providers a superset of the protection
afforded by the existing read locking.
The rest of the ->solicit() implementations don't care whether the
neigh is locked or not.
Signed-off-by: David S. Miller <davem@davemloft.net>
David Newall [Tue, 12 Feb 2008 05:41:30 +0000 (21:41 -0800)]
hci_ldisc: fix null pointer deref
Arjan:
With the help of kerneloops.org I've spotted a nice little interaction
between the TTY layer and the bluetooth code, however the tty layer is not
something I'm all too familiar with so I rather ask than brute-force fix the
code incorrectly.
The raw details are at:
http://www.kerneloops.org/search.php?search=uart_flush_buffer
What happens is that, on closing the bluetooth tty, the tty layer goes
into the release_dev() function, which first does a bunch of stuff, then
sets the file->private_data to NULL, does some more stuff and then calls the
ldisc close function. Which in this case, is hci_uart_tty_close().
Now, hci_uart_tty_close() calls hci_uart_close() which clears some
internal bit, and then calls hci_uart_flush()... which calls back to the
tty layers' uart_flush_buffer() function. (in drivers/bluetooth/hci_tty.c
around line 194) Which then WARN_ON()'s because that's not allowed/supposed
to be called this late in the shutdown of the port....
Should the bluetooth driver even call this flush function at all??
David:
This seems to be what happens: Hci_uart_close() flushes using
hci_uart_flush(). Subsequently, in hci_dev_do_close(), (one step in
hci_unregister_dev()), hci_uart_flush() is called again. The comment in
uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush
after the port is closed; which sounds reasonable. I think hci_uart_close()
should set hdev->flush to NULL before returning. Hci_dev_do_close() does
check for this. The code path is rather involved and I'm not entirely clear
of all steps, but I think that's what should be done.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Jarek Poplawski [Tue, 12 Feb 2008 05:36:39 +0000 (21:36 -0800)]
[AX25] ax25_timer: use mod_timer instead of add_timer
According to one of Jann's OOPS reports it looks like
BUG_ON(timer_pending(timer)) triggers during add_timer()
in ax25_start_t1timer(). This patch changes current use
of: init_timer(), add_timer() and del_timer() to
setup_timer() with mod_timer(), which should be safer
anyway.
Reported-by: Jann Traschewski <jann@gmx.de> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This lockdep report shows that ax25_route_lock is taken for reading in
softirq context, and for writing in process context with BHs enabled.
So, to make this safe, all write_locks in ax25_route.c are changed to
_bh versions.
Reported-by: Jann Traschewski <jann@gmx.de>, Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jarek Poplawski [Tue, 12 Feb 2008 05:24:56 +0000 (21:24 -0800)]
[AX25] af_ax25: remove sock lock in ax25_info_show()
This lockdep warning:
> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.24 #3
> -------------------------------------------------------
> swapper/0 is trying to acquire lock:
> (ax25_list_lock){-+..}, at: [<f91dd3b1>] ax25_destroy_socket+0x171/0x1f0 [ax25]
>
> but task is already holding lock:
> (slock-AF_AX25){-+..}, at: [<f91dbabc>] ax25_std_heartbeat_expiry+0x1c/0xe0 [ax25]
>
> which lock already depends on the new lock.
...
shows that ax25_list_lock and slock-AF_AX25 are taken in different
order: ax25_info_show() takes slock (bh_lock_sock(ax25->sk)) while
ax25_list_lock is held, so reversely to other functions. To fix this
the sock lock should be moved to ax25_info_start(), and there would
be still problem with breaking ax25_list_lock (it seems this "proper"
order isn't optimal yet). But, since it's only for reading proc info
it seems this is not necessary (e.g. ax25_send_to_raw() does similar
reading without this lock too).
So, this patch removes sock lock to avoid deadlock possibility; there
is also used sock_i_ino() function, which reads sk_socket under proper
read lock. Additionally printf format of this i_ino is changed to %lu.
Reported-by: Bernard Pidoux F6BVP <f6bvp@free.fr> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / mv-sheeva.git / log