]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
15 years agomac80211: pid, fix memory corruption
Jiri Slaby [Mon, 4 May 2009 16:10:28 +0000 (18:10 +0200)]
mac80211: pid, fix memory corruption

pid doesn't count with some band having more bitrates than the one
associated the first time.
Fix that by counting the maximal available bitrate count and allocate
big enough space.

Secondly, fix touching uninitialized memory which causes panics.
Index sucked from this random memory points to the hell.
The fix is to sort the rates on each band change.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: minstrel, fix memory corruption
Jiri Slaby [Mon, 4 May 2009 16:04:55 +0000 (18:04 +0200)]
mac80211: minstrel, fix memory corruption

minstrel doesn't count max rate count in fact, since it doesn't use
a loop variable `i' and hence allocs space only for bitrates found in
the first band.

Fix it by involving the `i' as an index so that it traverses all the
bands now and finds the real max bitrate count.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agocfg80211: fix comment on regulatory hint processing
Luis R. Rodriguez [Sat, 2 May 2009 05:17:27 +0000 (01:17 -0400)]
cfg80211: fix comment on regulatory hint processing

Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agocfg80211: fix bug while trying to process beacon hints on init
Luis R. Rodriguez [Sat, 2 May 2009 04:34:15 +0000 (00:34 -0400)]
cfg80211: fix bug while trying to process beacon hints on init

During initialization we would not have received any beacons
so skip processing reg beacon hints, also adds a check to
reg_is_world_roaming() for last_request before accessing its
fields.

This should fix this:

BUG: unable to handle kernel NULL pointer dereference at

IP: [<e0171332>] wiphy_update_regulatory+0x20f/0x295

*pdpt = 0000000008bf1001 *pde = 0000000000000000
Oops: 0000 [#1]
last sysfs file: /sys/class/backlight/eeepc/brightness
Modules linked in: ath5k(+) mac80211 led_class cfg80211
go_bit cfbcopyarea cfbimgblt cfbfillrect ipv6
ydev usual_tables(P) snd_hda_codec_realtek snd_hda_intel
nd_hwdep uhci_hcd snd_pcm_oss snd_mixer_oss i2c_i801
e serio_raw i2c_core pcspkr atl2 snd_pcm intel_agp
re agpgart eeepc_laptop snd_page_alloc ac video backlight
rfkill button processor evdev thermal fan ata_generic

Pid: 2909, comm: modprobe Tainted: Pc #112) 701
EIP: 0060:[<e0171332>] EFLAGS: 00010246 CPU: 0
EIP is at wiphy_update_regulatory+0x20f/0x295 [cfg80211]
EAX: 00000000 EBX: c5da0000 ECX: 00000000 EDX: c5da0060
ESI: 0000001a EDI: c5da0060 EBP: df3bdd70 ESP: df3bdd40
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process modprobe (pid: 2909, ti=df3bc000 task=c5d030000)
Stack:
 df3bdd90 c5da0060 c04277e0 00000001 00000044 c04277e402
 00000002 c5da0000 0000001a c5da0060 df3bdda8 e01706a2 02
 00000282 000080d0 00000068 c5d53500 00000080 0000028240
Call Trace:
 [<e01706a2>] ? wiphy_register+0x122/0x1b7 [cfg80211]
 [<e0328e02>] ? ieee80211_register_hw+0xd8/0x346
 [<e06a7c9f>] ? ath5k_hw_set_bssid_mask+0x71/0x78 [ath5k]
 [<e06b0c52>] ? ath5k_pci_probe+0xa5c/0xd0a [ath5k]
 [<c01a6037>] ? sysfs_find_dirent+0x16/0x27
 [<c01fec95>] ? local_pci_probe+0xe/0x10
 [<c01ff526>] ? pci_device_probe+0x48/0x66
 [<c024c9fd>] ? driver_probe_device+0x7f/0xf2
 [<c024cab3>] ? __driver_attach+0x43/0x5f
 [<c024c0af>] ? bus_for_each_dev+0x39/0x5a
 [<c024c8d0>] ? driver_attach+0x14/0x16
 [<c024ca70>] ? __driver_attach+0x0/0x5f
 [<c024c5b3>] ? bus_add_driver+0xd7/0x1e7
 [<c024ccb9>] ? driver_register+0x7b/0xd7
 [<c01ff827>] ? __pci_register_driver+0x32/0x85
 [<e00a8018>] ? init_ath5k_pci+0x18/0x30 [ath5k]
 [<c0101131>] ? _stext+0x49/0x10b
 [<e00a8000>] ? init_ath5k_pci+0x0/0x30 [ath5k]
 [<c012f452>] ? __blocking_notifier_call_chain+0x40/0x4c
 [<c013a714>] ? sys_init_module+0x87/0x18b
 [<c0102804>] ? sysenter_do_call+0x12/0x22
Code: b8 da 17 e0 83 c0 04 e8 92 f9 ff ff 84 c0 75 2a 8b
85 c0 74 0c 83 c0 04 e8 7c f9 ff ff 84 c0 75 14 a1 bc da
4 03 74 66 8b 4d d4 80 79 08 00 74 5d a1 e0 d2 17 e0 48
EIP: [<e0171332>] wiphy_update_regulatory+0x20f/0x295
SP 0068:df3bdd40
CR2: 0000000000000004
---[ end trace 830f2dd2a95fd1a8 ]---

This issue is hard to reproduce, but it was noticed and discussed on
this thread:

http://marc.info/?t=123938022700005&r=1&w=2

Cc: stable@kernel.org
Reported-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agocfg80211: fix race condition with wiphy_apply_custom_regulatory()
Luis R. Rodriguez [Fri, 1 May 2009 22:44:50 +0000 (18:44 -0400)]
cfg80211: fix race condition with wiphy_apply_custom_regulatory()

We forgot to lock using the cfg80211_mutex in
wiphy_apply_custom_regulatory(). Without the lock
there is possible race between processing a reply from CRDA
and a driver calling wiphy_apply_custom_regulatory(). During
the processing of the reply from CRDA we free last_request and
wiphy_apply_custom_regulatory() eventually accesses an
element from last_request in the through freq_reg_info_regd().

This is very difficult to reproduce (I haven't), it takes us
3 hours and you need to be banging hard, but the race is obvious
by looking at the code.

This should only affect those who use this caller, which currently
is ath5k, ath9k, and ar9170.

EIP: 0060:[<f8ebec50>] EFLAGS: 00210282 CPU: 1
EIP is at freq_reg_info_regd+0x24/0x121 [cfg80211]
EAX: 00000000 EBX: f7ca0060 ECX: f5183d94 EDX: 0024cde0
ESI: f8f56edc EDI: 00000000 EBP: 00000000 ESP: f5183d44
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 14617, ti=f5182000 task=f3934d10 task.ti=f5182000)
Stack: c0505300 f7ca0ab4 f5183d94 0024cde0 f8f403a6 f8f63160 f7ca0060 00000000
00000000 f8ebedf8 f5183d90 f8f56edc 00000000 00000004 00000f40 f8f56edc
f7ca0060 f7ca1234 00000000 00000000 00000000 f7ca14f0 f7ca0ab4 f7ca1289
Call Trace:
[<f8ebedf8>] wiphy_apply_custom_regulatory+0x8f/0x122 [cfg80211]
[<f8f3f798>] ath_attach+0x707/0x9e6 [ath9k]
[<f8f45e46>] ath_pci_probe+0x18d/0x29a [ath9k]
[<c023c7ba>] pci_device_probe+0xa3/0xe4
[<c02a860b>] really_probe+0xd7/0x1de
[<c02a87e7>] __driver_attach+0x37/0x55
[<c02a7eed>] bus_for_each_dev+0x31/0x57
[<c02a83bd>] driver_attach+0x16/0x18
[<c02a78e6>] bus_add_driver+0xec/0x21b
[<c02a8959>] driver_register+0x85/0xe2
[<c023c9bb>] __pci_register_driver+0x3c/0x69
[<f8e93043>] ath9k_init+0x43/0x68 [ath9k]
[<c010112b>] _stext+0x3b/0x116
[<c014a872>] sys_init_module+0x8a/0x19e
[<c01049ad>] sysenter_do_call+0x12/0x21
[<ffffe430>] 0xffffe430
=======================
Code: 0f 94 c0 c3 31 c0 c3 55 57 56 53 89 c3 83 ec 14 8b 74 24 2c 89 54 24 0c 89 4c 24 08 85 f6 75
06 8b 35 c8 bb ec f8 a1 cc bb ec f8 <8b> 40 04 83 f8 03 74 3a 48 74 37 8b 43 28 85 c0 74 30 89 c6
8b
EIP: [<f8ebec50>] freq_reg_info_regd+0x24/0x121 [cfg80211] SS:ESP 0068:f5183d44

Cc: stable@kernel.org
Reported-by: Nataraj Sadasivam <Nataraj.Sadasivam@Atheros.com>
Reported-by: Vivek Natarajan <Vivek.Natarajan@Atheros.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: update key flags at time key is set
Reinette Chatre [Thu, 30 Apr 2009 20:56:31 +0000 (13:56 -0700)]
iwlwifi: update key flags at time key is set

We need to be symmetrical in what is done when key is set and cleared.
This is important wrt the key flags as they are used during key
clearing and if they are not set when the key is set the key cannot be
cleared completely.

This addresses the many occurences of the WARN found in
iwl_set_tkip_dynamic_key_info() and tracked in
http://www.kerneloops.org/searchweek.php?search=iwl_set_dynamic_key

If calling iwl_set_tkip_dynamic_key_info()/iwl_remove_dynamic_key()
pair a few times in a row will cause that we run out of key space.
This is because the index stored in the key flags is used by
iwl_remove_dynamic_key() to decide if it should remove the key.
Unfortunately the key flags, and hence the key index is currently only
set at the time the key is written to the device (in
iwl_update_tkip_key()) and _not_ in iwl_set_tkip_dynamic_key_info().
Fix this by setting flags in iwl_set_tkip_dynamic_key_info().

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agocfg80211: fix truncated IEs
Johannes Berg [Thu, 30 Apr 2009 18:09:56 +0000 (20:09 +0200)]
cfg80211: fix truncated IEs

Another bug in the "cfg80211: do not replace BSS structs" patch,
a forgotten length update leads to bogus data being stored and
passed to userspace, often truncated.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: correct fragmentation threshold check
Johannes Berg [Wed, 29 Apr 2009 21:35:56 +0000 (23:35 +0200)]
mac80211: correct fragmentation threshold check

The fragmentation threshold is defined to be including the
FCS, and the code that sets the TX_FRAGMENTED flag correctly
accounts for those four bytes. The code that verifies this
doesn't though, which could lead to spurious warnings and
frames being dropped although everything is ok. Correct the
code by accounting for the FCS.

(JWL -- The problem is described here:
 http://article.gmane.org/gmane.linux.kernel.wireless.general/32205 )

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: remove EXPORT_SYMBOL for static symbol
Andreas Schwab [Thu, 30 Apr 2009 07:58:50 +0000 (09:58 +0200)]
iwlwifi: remove EXPORT_SYMBOL for static symbol

It does not make sense to apply EXPORT_SYMBOL to a static symbol.  Fixes
this build error:

drivers/net/wireless/iwlwifi/iwl3945-base.c:1697: error: __ksymtab_iwl3945_rx_queue_reset causes a section type conflict

Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agone2k-pci: Do not register device until initialized.
Lubomir Rintel [Sat, 2 May 2009 20:52:13 +0000 (13:52 -0700)]
ne2k-pci: Do not register device until initialized.

Doing it in reverse order causes uevent to be sent before
we have a MAC address, which confuses udev.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoSubject: [PATCH] br2684: restore net_dev initialization
Rabin Vincent [Sat, 2 May 2009 20:49:36 +0000 (13:49 -0700)]
Subject: [PATCH] br2684: restore net_dev initialization

Commit 0ba25ff4c669e5395110ba6ab4958a97a9f96922 ("br2684: convert to
net_device_ops") inadvertently deleted the initialization of the net_dev
pointer in the br2684_dev structure, leading to crashes.  This patch
adds it back.

Reported-by: Mikko Vinni <mmvinni@yahoo.com>
Tested-by: Mikko Vinni <mmvinni@yahoo.com>
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Only store high 16 bits of kernel generated filter priorities
Robert Love [Sat, 2 May 2009 20:48:32 +0000 (13:48 -0700)]
net: Only store high 16 bits of kernel generated filter priorities

The kernel should only be using the high 16 bits of a kernel
generated priority. Filter priorities in all other cases only
use the upper 16 bits of the u32 'prio' field of 'struct tcf_proto',
but when the kernel generates the priority of a filter is saves all
32 bits which can result in incorrect lookup failures when a filter
needs to be deleted or modified.

Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agovirtio_net: Fix function name typo
Alex Williamson [Fri, 1 May 2009 17:31:10 +0000 (17:31 +0000)]
virtio_net: Fix function name typo

Signed-off-by: Alex Williamson <alex.williamson@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agovirtio_net: Cleanup command queue scatterlist usage
Alex Williamson [Fri, 1 May 2009 17:27:56 +0000 (17:27 +0000)]
virtio_net: Cleanup command queue scatterlist usage

We were avoiding calling sg_init* on scatterlists passed
into virtnet_send_command to prevent extraneous end markers.
This caused build warnings for uninitialized variables.
Cleanup the code to create proper scatterlists.

Signed-off-by: Alex Williamson <alex.williamson@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agobonding: correct the cleanup in bond_create()
Jiri Pirko [Fri, 1 May 2009 22:35:28 +0000 (15:35 -0700)]
bonding: correct the cleanup in bond_create()

This patch makes the cleanup in bond_create nicer :) Also now the forgotten
free_netdev is called.

Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agovirtio: add missing include to virtio_net.h
Grant Likely [Fri, 1 May 2009 22:34:02 +0000 (15:34 -0700)]
virtio: add missing include to virtio_net.h

virtio_net.h uses the macro ETH_ALEN which is defined in linux/if_ether.h.
Discovered when hacking on virtio-over-pci patches.

Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosmsc95xx: add support for LAN9512 and LAN9514
Steve Glendinning [Fri, 1 May 2009 06:07:22 +0000 (06:07 +0000)]
smsc95xx: add support for LAN9512 and LAN9514

LAN9512 and LAN9514 are USB hubs with an integrated 10/100 ethernet
controller.  Logically this looks like an ethernet controller (similar
to LAN9500) permanently attached to one of the hub's downstream ports.

This patch adds the usb device id of the new ethernet controller to the
smsc95xx driver.  This id is the same in both new devices.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosmsc95xx: configure LED outputs
Steve Glendinning [Fri, 1 May 2009 05:46:51 +0000 (05:46 +0000)]
smsc95xx: configure LED outputs

SMSC LAN9500 has dual purpose GPIO/LED pins, and by default at power-on
these are configured as GPIOs.  This means that if LEDs are fitted they
won't ever light.

This patch sets them to be LED outputs for speed, duplex and
link/activity.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonetconsole: take care of NETDEV_UNREGISTER event
Bruno Prémont [Wed, 29 Apr 2009 20:45:17 +0000 (20:45 +0000)]
netconsole: take care of NETDEV_UNREGISTER event

When netconsole is loaded and a network interface fades away (e.g. on
rmmod $interface_driver_module) the rmmod remains stuck and some locks
are taken that prevent any additional module loading/unloading as well
as interface up/down changes.
In addition kernel logs (and console) get flooded at 10s interval with

[  122.464065] unregister_netdevice: waiting for eth0 to become free. Usage count = 1
[  132.704059] unregister_netdevice: waiting for eth0 to become free. Usage count = 1

This patch lets netconsole take NETDEV_UNREGISTER event into account
and release the affected interface if it was in use.

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoxt_socket: checks for the state of nf_conntrack
Laszlo Attila Toth [Fri, 1 May 2009 22:23:10 +0000 (15:23 -0700)]
xt_socket: checks for the state of nf_conntrack

xt_socket can use connection tracking, and checks whether it is a module.

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agobonding: bond_slave_info_query() fix
Eric Dumazet [Thu, 23 Apr 2009 03:39:04 +0000 (03:39 +0000)]
bonding: bond_slave_info_query() fix

bond_slave_info_query() should keep a read lock while accessing slave info,
or risk accessing stale data and corruption.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agocxgb3: fixing gcc 4.4 compiler warning: suggest parentheses around operand of ‘!’
Sergey Senozhatsky [Fri, 1 May 2009 16:15:09 +0000 (09:15 -0700)]
cxgb3: fixing gcc 4.4 compiler warning: suggest parentheses around operand of ‘!’

Trivial: fixing gcc 4.4 compiler warning:
drivers/net/cxgb3/t3_hw.c: In function ‘t3_prep_adapter’:
drivers/net/cxgb3/t3_hw.c:3782: warning: suggest parentheses around operand of ‘!’ or change ‘|’ to ‘||’ or ‘!’ to ‘~’

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@mail.by>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonetfilter: use likely() in xt_info_rdlock_bh()
Eric Dumazet [Fri, 1 May 2009 16:10:46 +0000 (09:10 -0700)]
netfilter: use likely() in xt_info_rdlock_bh()

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Fix skb_tx_hash() for forwarding workloads.
Eric Dumazet [Fri, 1 May 2009 16:05:06 +0000 (09:05 -0700)]
net: Fix skb_tx_hash() for forwarding workloads.

When skb_rx_queue_recorded() is true, we dont want to use jash distribution
as the device driver exactly told us which queue was selected at RX time.
jhash makes a statistical shuffle, but this wont work with 8 static inputs.

Later improvements would be to compute reciprocal value of real_num_tx_queues
to avoid a divide here. But this computation should be done once,
when real_num_tx_queues is set. This needs a separate patch, and a new
field in struct net_device.

Reported-by: Andrew Dickinson <andrew@whydna.net>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Fix oops when splicing skbs from a frag_list.
Jarek Poplawski [Thu, 30 Apr 2009 12:41:19 +0000 (05:41 -0700)]
net: Fix oops when splicing skbs from a frag_list.

Lennert Buytenhek wrote:
> Since 4fb669948116d928ae44262ab7743732c574630d ("net: Optimize memory
> usage when splicing from sockets.") I'm seeing this oops (e.g. in
> 2.6.30-rc3) when splicing from a TCP socket to /dev/null on a driver
> (mv643xx_eth) that uses LRO in the skb mode (lro_receive_skb) rather
> than the frag mode:

My patch incorrectly assumed skb->sk was always valid, but for
"frag_listed" skbs we can only use skb->sk of their parent.

Reported-by: Lennert Buytenhek <buytenh@wantstofly.org>
Debugged-by: Lennert Buytenhek <buytenh@wantstofly.org>
Tested-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomv643xx_eth: 64bit mib counter read fix
Lennert Buytenhek [Wed, 29 Apr 2009 11:58:18 +0000 (11:58 +0000)]
mv643xx_eth: 64bit mib counter read fix

On several mv643xx_eth hardware versions, the two 64bit mib counters
for 'good octets received' and 'good octets sent' are actually 32bit
counters, and reading from the upper half of the register has the same
effect as reading from the lower half of the register: an atomic
read-and-clear of the entire 32bit counter value.  This can under heavy
traffic occasionally lead to small numbers being added to the upper
half of the 64bit mib counter even though no 32bit wrap has occured.

Since we poll the mib counters at least every 30 seconds anyway, we
might as well just skip the reads of the upper halves of the hardware
counters without breaking the stats, which this patch does.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomv643xx_eth: OOM handling fixes
Lennert Buytenhek [Wed, 29 Apr 2009 11:57:34 +0000 (11:57 +0000)]
mv643xx_eth: OOM handling fixes

Currently, when OOM occurs during rx ring refill, mv643xx_eth will get
into an infinite loop, due to the refill function setting the OOM bit
but not clearing the 'rx refill needed' bit for this queue, while the
calling function (the NAPI poll handler) will call the refill function
in a loop until the 'rx refill needed' bit goes off, without checking
the OOM bit.

This patch fixes this by checking the OOM bit in the NAPI poll handler
before attempting to do rx refill.  This means that once OOM occurs,
we won't try to do any memory allocations again until the next invocation
of the poll handler.

While we're at it, change the OOM flag to be a single bit instead of
one bit per receive queue since OOM is a system state rather than a
per-queue state, and cancel the OOM timer on entry to the NAPI poll
handler if it's running to prevent it from firing when we've already
come out of OOM.

Signed-off-by: Lennert Buytenhek <buytenh@marvell.com>
Cc: stable@kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Wed, 29 Apr 2009 22:52:56 +0000 (15:52 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6

15 years agomac80211: default to automatic power control
Johannes Berg [Tue, 28 Apr 2009 22:28:18 +0000 (00:28 +0200)]
mac80211: default to automatic power control

In "mac80211: correct wext transmit power handler"
I fixed the wext handler, but forgot to make the default of the
user_power_level -1 (aka "auto"), so that now the transmit power
is always set to 0, causing associations to time out and similar
problems since we're transmitting with very little power. Correct
this by correcting the default user_power_level to -1.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Bisected-by: Niel Lambrechts <niel.lambrechts@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: fix modprobe deadlock by not calling wep_init under rtnl_lock
Alan Jenkins [Wed, 29 Apr 2009 10:41:24 +0000 (11:41 +0100)]
mac80211: fix modprobe deadlock by not calling wep_init under rtnl_lock

- ieee80211_wep_init(), which is called with rtnl_lock held, blocks in
   request_module() [waiting for modprobe to load a crypto module].

 - modprobe blocks in a call to flush_workqueue(), when it closes a TTY
   [presumably when it exits].

 - The workqueue item linkwatch_event() blocks on rtnl_lock.

There's no reason for wep_init() to be called with rtnl_lock held, so
just move it outside the critical section.

Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoe100: do not go D3 in shutdown unless system is powering off
Thadeu Lima de Souza Cascardo [Wed, 29 Apr 2009 05:42:39 +0000 (22:42 -0700)]
e100: do not go D3 in shutdown unless system is powering off

After experimenting with kexec with the last merges after 2.6.29, I've
had some problems when probing e100.  It would not read the eeprom.  After
some bisects, I realized this has been like that since forever (at least
2.6.18).  The problem is that shutdown is doing the same thing that
suspend does and puts the device in D3 state.  I couldn't find a way to
get the device back to a sane state in the probe function.  So, based on
some similar patches from Rafael J. Wysocki for e1000, e1000e, and ixgbe,
I wrote this one for e100.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Acked-by: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluet...
David S. Miller [Wed, 29 Apr 2009 05:40:49 +0000 (22:40 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6

15 years agonetfilter: revised locking for x_tables
Stephen Hemminger [Wed, 29 Apr 2009 05:36:33 +0000 (22:36 -0700)]
netfilter: revised locking for x_tables

The x_tables are organized with a table structure and a per-cpu copies
of the counters and rules. On older kernels there was a reader/writer
lock per table which was a performance bottleneck. In 2.6.30-rc, this
was converted to use RCU and the counters/rules which solved the performance
problems for do_table but made replacing rules much slower because of
the necessary RCU grace period.

This version uses a per-cpu set of spinlocks and counters to allow to
table processing to proceed without the cache thrashing of a global
reader lock and keeps the same performance for table updates.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoath5k: fix buffer overrun in rate debug code
Bob Copeland [Tue, 28 Apr 2009 02:12:43 +0000 (22:12 -0400)]
ath5k: fix buffer overrun in rate debug code

char bname[5] is too small for the string "X GHz" when the null
terminator is taken into account.  Thus, turning on rate debugging
can crash unless we have lucky stack alignment.

Cc: stable@kernel.org
Reported-by: Paride Legovini <legovini@spiro.fisica.unipd.it>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: notify on scan completion even when shutting down
Johannes Berg [Thu, 23 Apr 2009 08:45:04 +0000 (10:45 +0200)]
iwlwifi: notify on scan completion even when shutting down

Under certain circumstances iwlwifi can get stuck and will no
longer accept scan requests, because the core code (cfg80211)
thinks that it's still processing one. This fixes one of the
points where it can happen, but I've still seen it (although
only with my radio-off-when-idle patch).

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agorndis_wlan: fix initialization order for workqueue&workers
Jussi Kivilinna [Wed, 22 Apr 2009 07:59:37 +0000 (10:59 +0300)]
rndis_wlan: fix initialization order for workqueue&workers

rndis_wext_link_change() might be called from rndis_command() at
initialization stage and priv->workqueue/priv->work have not been
initialized yet. This causes invalid opcode at rndis_wext_bind on
some brands of bcm4320.

Fix by initializing workqueue/workers in rndis_wext_bind() before
rndis_command is used.

This bug has existed since 2.6.25, reported at:
http://bugzilla.kernel.org/show_bug.cgi?id=12794

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agowireless: remove unneeded EXPORT_SYMBOL the tickles a powerpc compiler bug
Stephen Rothwell [Wed, 22 Apr 2009 05:11:05 +0000 (15:11 +1000)]
wireless: remove unneeded EXPORT_SYMBOL the tickles a powerpc compiler bug

drivers/net/wireless/iwlwifi/iwl3945-base.c:1415: error: __ksymtab_iwl3945_rx_queue_reset causes a section type conflict

I am pretty sure that this is a compiler bug, so not to worry.  However,
as far as I can see, iwl-3945.o (the only user) and iwl3945-base.o are
always linked into the same module, so the EXPORT_SYMBOL (which causes
the problem) should not be needed.  Correct?

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoBluetooth: Fix connection establishment with low security requirement
Marcel Holtmann [Tue, 28 Apr 2009 16:04:55 +0000 (09:04 -0700)]
Bluetooth: Fix connection establishment with low security requirement

The Bluetooth 2.1 specification introduced four different security modes
that can be mapped using Legacy Pairing and Simple Pairing. With the
usage of Simple Pairing it is required that all connections (except
the ones for SDP) are encrypted. So even the low security requirement
mandates an encrypted connection when using Simple Pairing. When using
Legacy Pairing (for Bluetooth 2.0 devices and older) this is not required
since it causes interoperability issues.

To support this properly the low security requirement translates into
different host controller transactions depending if Simple Pairing is
supported or not. However in case of Simple Pairing the command to
switch on encryption after a successful authentication is not triggered
for the low security mode. This patch fixes this and actually makes
the logic to differentiate between Simple Pairing and Legacy Pairing
a lot simpler.

Based on a report by Ville Tervo <ville.tervo@nokia.com>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
15 years agoBluetooth: Add different pairing timeout for Legacy Pairing
Marcel Holtmann [Sun, 26 Apr 2009 18:01:22 +0000 (20:01 +0200)]
Bluetooth: Add different pairing timeout for Legacy Pairing

The Bluetooth stack uses a reference counting for all established ACL
links and if no user (L2CAP connection) is present, the link will be
terminated to save power. The problem part is the dedicated pairing
when using Legacy Pairing (Bluetooth 2.0 and before). At that point
no user is present and pairing attempts will be disconnected within
10 seconds or less. In previous kernel version this was not a problem
since the disconnect timeout wasn't triggered on incoming connections
for the first time. However this caused issues with broken host stacks
that kept the connections around after dedicated pairing. When the
support for Simple Pairing got added, the link establishment procedure
needed to be changed and now causes issues when using Legacy Pairing

When using Simple Pairing it is possible to do a proper reference
counting of ACL link users. With Legacy Pairing this is not possible
since the specification is unclear in some areas and too many broken
Bluetooth devices have already been deployed. So instead of trying to
deal with all the broken devices, a special pairing timeout will be
introduced that increases the timeout to 60 seconds when pairing is
triggered.

If a broken devices now puts the stack into an unforeseen state, the
worst that happens is the disconnect timeout triggers after 120 seconds
instead of 4 seconds. This allows successful pairings with legacy and
broken devices now.

Based on a report by Johan Hedberg <johan.hedberg@nokia.com>

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
15 years agoBluetooth: Ensure that HCI sysfs add/del is preempt safe
Roger Quadros [Thu, 23 Apr 2009 11:50:54 +0000 (14:50 +0300)]
Bluetooth: Ensure that HCI sysfs add/del is preempt safe

Use a different work_struct variables for add_conn() and del_conn() and
use single work queue instead of two for adding and deleting connections.

It eliminates the following error on a preemptible kernel:

[  204.358032] Unable to handle kernel NULL pointer dereference at virtual address 0000000c
[  204.370697] pgd = c0004000
[  204.373443] [0000000c] *pgd=00000000
[  204.378601] Internal error: Oops: 17 [#1] PREEMPT
[  204.383361] Modules linked in: vfat fat rfcomm sco l2cap sd_mod scsi_mod iphb pvr2d drm omaplfb ps
[  204.438537] CPU: 0    Not tainted  (2.6.28-maemo2 #1)
[  204.443664] PC is at klist_put+0x2c/0xb4
[  204.447601] LR is at klist_put+0x18/0xb4
[  204.451568] pc : [<c0270f08>]    lr : [<c0270ef4>]    psr: a0000113
[  204.451568] sp : cf1b3f10  ip : cf1b3f10  fp : cf1b3f2c
[  204.463104] r10: 00000000  r9 : 00000000  r8 : bf08029c
[  204.468353] r7 : c7869200  r6 : cfbe2690  r5 : c78692c8  r4 : 00000001
[  204.474945] r3 : 00000001  r2 : cf1b2000  r1 : 00000001  r0 : 00000000
[  204.481506] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM Segment kernel
[  204.488861] Control: 10c5387d  Table: 887fc018  DAC: 00000017
[  204.494628] Process btdelconn (pid: 515, stack limit = 0xcf1b22e0)

Signed-off-by: Roger Quadros <ext-roger.quadros@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
15 years agonet: Avoid extra wakeups of threads blocked in wait_for_packet()
Eric Dumazet [Tue, 28 Apr 2009 09:24:21 +0000 (02:24 -0700)]
net: Avoid extra wakeups of threads blocked in wait_for_packet()

In 2.6.25 we added UDP mem accounting.

This unfortunatly added a penalty when a frame is transmitted, since
we have at TX completion time to call sock_wfree() to perform necessary
memory accounting. This calls sock_def_write_space() and utimately
scheduler if any thread is waiting on the socket.
Thread(s) waiting for an incoming frame was scheduled, then had to sleep
again as event was meaningless.

(All threads waiting on a socket are using same sk_sleep anchor)

This adds lot of extra wakeups and increases latencies, as noted
by Christoph Lameter, and slows down softirq handler.

Reference : http://marc.info/?l=linux-netdev&m=124060437012283&w=2

Fortunatly, Davide Libenzi recently added concept of keyed wakeups
into kernel, and particularly for sockets (see commit
37e5540b3c9d838eb20f2ca8ea2eb8072271e403
epoll keyed wakeups: make sockets use keyed wakeups)

Davide goal was to optimize epoll, but this new wakeup infrastructure
can help non epoll users as well, if they care to setup an appropriate
handler.

This patch introduces new DEFINE_WAIT_FUNC() helper and uses it
in wait_for_packet(), so that only relevant event can wakeup a thread
blocked in this function.

Trace of function calls from bnx2 TX completion bnx2_poll_work() is :
__kfree_skb()
 skb_release_head_state()
  sock_wfree()
   sock_def_write_space()
    __wake_up_sync_key()
     __wake_up_common()
      receiver_wake_function() : Stops here since thread is waiting for an INPUT

Reported-by: Christoph Lameter <cl@linux.com>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Fix typo in net_device_ops description.
Mike Rapoport [Mon, 27 Apr 2009 12:45:54 +0000 (05:45 -0700)]
net: Fix typo in net_device_ops description.

Signed-off-by: Mike Rapoport <mike@compulab.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoipv4: Limit size of route cache hash table
Anton Blanchard [Mon, 27 Apr 2009 12:42:24 +0000 (05:42 -0700)]
ipv4: Limit size of route cache hash table

Right now we have no upper limit on the size of the route cache hash table.
On a 128GB POWER6 box it ends up as 32MB:

    IP route cache hash table entries: 4194304 (order: 9, 33554432 bytes)

It would be nice to cap this for memory consumption reasons, but a massive
hashtable also causes a significant spike when measuring OS jitter.

With a 32MB hashtable and 4 million entries, rt_worker_func is taking
5 ms to complete. On another system with more memory it's taking 14 ms.
Even though rt_worker_func does call cond_sched() to limit its impact,
in an HPC environment we want to keep all sources of OS jitter to a minimum.

With the patch applied we limit the number of entries to 512k which
can still be overriden by using the rt_entries boot option:

    IP route cache hash table entries: 524288 (order: 6, 4194304 bytes)

With this patch rt_worker_func now takes 0.460 ms on the same system.

Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoAdd reference to CAPI 2.0 standard
Karsten Keil [Thu, 23 Apr 2009 02:24:21 +0000 (02:24 +0000)]
Add reference to CAPI 2.0 standard

Move the entry about CAPI 2.0 to the beginning and add a URL.
Incorporate changes suggested by Randy Dunlap, thanks for proofreading.

Signed-off-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoDocumentation/isdn/INTERFACE.CAPI
Tilman Schmidt [Thu, 23 Apr 2009 02:24:21 +0000 (02:24 +0000)]
Documentation/isdn/INTERFACE.CAPI

isdn: document Kernel CAPI driver interface

Create a file Documentation/isdn/INTERFACE.CAPI describing the
interface between the kernel CAPI subsystem and ISDN device drivers,
analogous to the existing Documentation/isdn/INTERFACE for the old
isdn4linux subsystem. Also add kerneldoc comments to the exported
functions in drivers/isdn/capi/kcapi.c.

Impact: Documentation
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoupdate Documentation/isdn/00-INDEX
Tilman Schmidt [Thu, 23 Apr 2009 02:24:21 +0000 (02:24 +0000)]
update Documentation/isdn/00-INDEX

After the merging of mISDN, state which files refer only to the
old isdn4linux subsystem.  Also add a few missing files.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Karsten Keil <keil@b1-systems.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoixgbe: Fix WoL functionality for 82599 KX4 devices
Waskiewicz Jr, Peter P [Thu, 23 Apr 2009 11:15:18 +0000 (11:15 +0000)]
ixgbe: Fix WoL functionality for 82599 KX4 devices

The current code writes the PME enabled bit in PCI config space which is
wrong.  This was needed for pre-release hardware, and was not removed from
the driver.  Also, we need to clear the WUS (wake up status) after we
resume.  Otherwise we can't wake for the same event again since it's still
asserted in the hardware.  Plus, the multicast lists were being written
improperly, causing multicast WoL to fail.

Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoveth: prevent oops caused by netdev destructor
Stephen Hemminger [Mon, 27 Apr 2009 10:04:58 +0000 (03:04 -0700)]
veth: prevent oops caused by netdev destructor

From: Stephen Hemminger <shemminger@vyatta.com>

The veth driver will oops if sysfs hooks are open while module is removed.

The net device destructor can not point to code in a module; basically
there are only two possible safe values: NULL - no destructor, or
free_netdev - free on last use

Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoxfrm: wrong hash value for temporary SA
Nicolas Dichtel [Mon, 27 Apr 2009 09:58:59 +0000 (02:58 -0700)]
xfrm: wrong hash value for temporary SA

When kernel inserts a temporary SA for IKE, it uses the wrong hash
value for dst list. Two hash values were calcultated before: one with
source address and one with a wildcard source address.

Bug hinted by Junwei Zhang <junwei.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoforcedeth: tx timeout fix
Ayaz Abdulla [Sat, 25 Apr 2009 09:17:56 +0000 (09:17 +0000)]
forcedeth: tx timeout fix

This patch fixes the tx_timeout() to properly handle the clean up of the
tx ring. It also sets the tx put pointer back to the correct position to
be in sync with HW.

Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Fix LL_MAX_HEADER for CONFIG_TR_MODULE
Adrian Bunk [Mon, 27 Apr 2009 09:36:20 +0000 (02:36 -0700)]
net: Fix LL_MAX_HEADER for CONFIG_TR_MODULE

Unless I miss anything this should fix a bug.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Handle page allocation failure during receive
Yevgeny Petrilin [Sun, 26 Apr 2009 20:42:57 +0000 (20:42 +0000)]
mlx4_en: Handle page allocation failure during receive

If we failed to allocate new fragments for receive buffer,
the packet should be dropped and packets should be reused.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Fix cleanup flow on cq activation
Yevgeny Petrilin [Sun, 26 Apr 2009 20:41:34 +0000 (20:41 +0000)]
mlx4_en: Fix cleanup flow on cq activation

In case of mlx4_en_activate_cq() failure, the cleanup
code would go to rx_err and try to disable unactivated rings.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agovlan: update vlan carrier state for admin up/down
Jay Vosburgh [Sun, 26 Apr 2009 01:03:35 +0000 (18:03 -0700)]
vlan: update vlan carrier state for admin up/down

Currently, the VLAN event handler does not adjust the VLAN
device's carrier state when the real device or the VLAN device is set
administratively up or down.

The following patch adds a transfer of operating state from the
real device to the VLAN device when the real device is administratively
set up or down, and sets the carrier state up or down during init, open
and close of the VLAN device.

This permits observers above the VLAN device that care about the
carrier state (bonding's link monitor, for example) to receive updates
for administrative changes by more closely mimicing the behavior of real
devices.

Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
David S. Miller [Sun, 26 Apr 2009 00:46:34 +0000 (17:46 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

15 years agonetfilter: xt_recent: fix stack overread in compat code
Jan Engelhardt [Fri, 24 Apr 2009 15:05:21 +0000 (17:05 +0200)]
netfilter: xt_recent: fix stack overread in compat code

Related-to: commit 325fb5b4d26038cba665dd0d8ee09555321061f0
The compat path suffers from a similar problem. It only uses a __be32
when all of the recent code uses, and expects, an nf_inet_addr
everywhere. As a result, addresses stored by xt_recents were
filled with whatever other stuff was on the stack following the be32.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
With a minor compile fix from Roman.

Reported-and-tested-by: Roman Hoog Antink <rha@open.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agonetfilter: nf_ct_dccp: add missing role attributes for DCCP
Pablo Neira Ayuso [Fri, 24 Apr 2009 14:58:41 +0000 (16:58 +0200)]
netfilter: nf_ct_dccp: add missing role attributes for DCCP

This patch adds missing role attribute to the DCCP type, otherwise
the creation of entries is not of any use.

The attribute added is CTA_PROTOINFO_DCCP_ROLE which contains the
role of the conntrack original tuple.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agonetfilter: Kconfig: TProxy doesn't depend on NF_CONNTRACK
Laszlo Attila Toth [Fri, 24 Apr 2009 14:55:25 +0000 (16:55 +0200)]
netfilter: Kconfig: TProxy doesn't depend on NF_CONNTRACK

Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agonetfilter: nf_ct_dccp/udplite: fix protocol registration error
Patrick McHardy [Fri, 24 Apr 2009 13:37:44 +0000 (15:37 +0200)]
netfilter: nf_ct_dccp/udplite: fix protocol registration error

Commit d0dba725 (netfilter: ctnetlink: add callbacks to the per-proto
nlattrs) changed the protocol registration function to abort if the
to-be registered protocol doesn't provide a new callback function.

The DCCP and UDP-Lite IPv6 protocols were missed in this conversion,
add the required callback pointer.

Reported-and-tested-by: Steven Jan Springl <steven@springl.ukfsn.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agonetfilter: ctnetlink: fix gcc warning during compilation
Pablo Neira Ayuso [Wed, 22 Apr 2009 09:26:37 +0000 (02:26 -0700)]
netfilter: ctnetlink: fix gcc warning during compilation

This patch fixes a (bogus?) gcc warning during compilation:

net/netfilter/nf_conntrack_netlink.c:1234: warning: 'helpname' may be used uninitialized in this function
net/netfilter/nf_conntrack_netlink.c:991: warning: 'helpname' may be used uninitialized in this function

In fact, helpname is initialized by ctnetlink_parse_help() so
I cannot see a way to use it without being initialized.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet/netrom: Fix socket locking
Jean Delvare [Wed, 22 Apr 2009 07:49:51 +0000 (00:49 -0700)]
net/netrom: Fix socket locking

Patch "af_rose/x25: Sanity check the maximum user frame size"
(commit 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9) from Alan Cox got
locking wrong. If we bail out due to user frame size being too large,
we must unlock the socket beforehand.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonetlabel: Always remove the correct address selector
Paul Moore [Tue, 21 Apr 2009 10:04:22 +0000 (10:04 +0000)]
netlabel: Always remove the correct address selector

The NetLabel address selector mechanism has a problem where it can get
mistakenly remove the wrong selector when similar addresses are used.  The
problem is caused when multiple addresses are configured that have different
netmasks but the same address, e.g. 127.0.0.0/8 and 127.0.0.0/24.  This patch
fixes the problem.

Reported-by: Etienne Basset <etienne.basset@numericable.fr>
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Tested-by: Etienne Basset <etienne.basset@numericable.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoucc_geth.c: Fix upsmr setting in RMII mode
Heiko Schocher [Mon, 20 Apr 2009 22:36:43 +0000 (22:36 +0000)]
ucc_geth.c: Fix upsmr setting in RMII mode

If using the UCC on a MPC8360 in RMII mode, don;t set
UCC_GETH_UPSMR_RPM bit in the upsmr register.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Li Yang <leoli@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years ago8139too: fix HW initial flow
Jianjun kong [Mon, 20 Apr 2009 23:48:25 +0000 (23:48 +0000)]
8139too: fix HW initial flow

While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
setting up the DMA buffer address. In this interval where RX was
enabled and DMA buffer address is not yet set up, any incoming
broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled
and everything is fine even under broadcast packets attack.

Signed-off-by: Jonathan Lin <jon.lin@vatics.com>
Signed-off-by: Amos Kong <jianjun@zeuux.org>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaf_iucv: Fix race when queuing incoming iucv messages
Hendrik Brueckner [Tue, 21 Apr 2009 06:04:24 +0000 (06:04 +0000)]
af_iucv: Fix race when queuing incoming iucv messages

AF_IUCV runs into a race when queuing incoming iucv messages
and receiving the resulting backlog.

If the Linux system is under pressure (high load or steal time),
the message queue grows up, but messages are not received and queued
onto the backlog queue. In that case, applications do not
receive any data with recvmsg() even if AF_IUCV puts incoming
messages onto the message queue.

The race can be avoided if the message queue spinlock in the
message_pending callback is spreaded across the entire callback
function.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaf_iucv: Test additional sk states in iucv_sock_shutdown
Hendrik Brueckner [Tue, 21 Apr 2009 06:04:23 +0000 (06:04 +0000)]
af_iucv: Test additional sk states in iucv_sock_shutdown

Add few more sk states in iucv_sock_shutdown().

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaf_iucv: Reject incoming msgs if RECV_SHUTDOWN is set
Hendrik Brueckner [Tue, 21 Apr 2009 06:04:22 +0000 (06:04 +0000)]
af_iucv: Reject incoming msgs if RECV_SHUTDOWN is set

Reject incoming iucv messages if the receive direction has been shut down.
It avoids that the queue of outstanding messages increases and exceeds the
message limit of the iucv communication path.

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaf_iucv: fix oops in iucv_sock_recvmsg() for MSG_PEEK flag
Hendrik Brueckner [Tue, 21 Apr 2009 06:04:21 +0000 (06:04 +0000)]
af_iucv: fix oops in iucv_sock_recvmsg() for MSG_PEEK flag

If iucv_sock_recvmsg() is called with MSG_PEEK flag set, the skb is enqueued
twice. If the socket is then closed, the pointer to the skb is freed twice.

Remove the skb_queue_head() call for MSG_PEEK, because the skb_recv_datagram()
function already handles MSG_PEEK (does not dequeue the skb).

Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaf_iucv: consider state IUCV_CLOSING when closing a socket
Ursula Braun [Tue, 21 Apr 2009 06:04:20 +0000 (06:04 +0000)]
af_iucv: consider state IUCV_CLOSING when closing a socket

Make sure a second invocation of iucv_sock_close() guarantees proper
freeing of an iucv path.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoiwlwifi: DMA fixes
Reinette Chatre [Tue, 21 Apr 2009 17:55:48 +0000 (10:55 -0700)]
iwlwifi: DMA fixes

A few issues wrt DMA were uncovered when using the driver with swiotlb.
- driver should not use memory after it has been mapped
- iwl3945's RX queue management cannot use all of iwlagn because
  the size of the RX buffer is different. Revert back to using
  iwl3945 specific routines that map/unmap memory.
- no need to "dma_syn_single_range_for_cpu" followed by pci_unmap_single,
  we can just call pci_unmap_single initially
- only map the memory area that will be used by device. this is especially
  relevant to the mapping of iwl_cmd. we should not map the entire
  structure because the meta data at the beginning of structure contains
  the address to be used later for unmapping. If the address to be used for
  unmapping is stored in mapped data it creates a problem.
- ensure that _if_ memory needs to be modified after it is mapped that we
  call _sync_single_for_cpu first, and then release it back to device with
  _sync_single_for_device
- we mapped the wrong length of data for host commands, with mapped length
  differing with length provided to device, fix that.

Thanks to Jason Andryuk <jandryuk@gmail.com> for significant bisecting
help to find these issues.

This fixes http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1964

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Tested-by: Jason Andryuk <jandryuk@gmail.com>
Tested-by: Ben Gamari <bgamari@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: add debugging for TX path
Reinette Chatre [Tue, 21 Apr 2009 17:55:47 +0000 (10:55 -0700)]
iwlwifi: add debugging for TX path

When debugging TX issues it is helpful to know the seq nr of the
frame being transmitted. The seq nr is printed as part of ucode's
log informing us which frame is being processed. Having this information
printed in driver log makes it easy to match activities between driver
and firmware.

Also make possible to print TX flags directly. These are already printed
as part of entire TX command, but having it printed directly in cpu format
makes it easier to look at.

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomwl8: fix build warning.
Rami Rosen [Tue, 21 Apr 2009 13:22:01 +0000 (16:22 +0300)]
mwl8: fix build warning.

This patch fixes a build warning in mwl8.c.
(Marvell TOPDOG wireless driver)

The warning it fixes is: "large integer implicitly truncated to unsigned type."

The rx_ctrl member of the mwl8k_rx_desc struct is 8 bit (__u8 ), whereas trying
to assign it a 32 bit value (which is returned from  cpu_to_le32())
causes the compiler to issue
a truncation warning.

Signed-off-by: Rami Rosen <ramirose@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: fix alignment calculation bug
Johannes Berg [Mon, 20 Apr 2009 23:36:59 +0000 (01:36 +0200)]
mac80211: fix alignment calculation bug

When checking whether or not a given frame needs to be
moved to be properly aligned to a 4-byte boundary, we
use & 4 which wasn't intended, this code should check
the lowest two bits.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: do not print WARN if config interface
Reinette Chatre [Mon, 20 Apr 2009 22:36:19 +0000 (15:36 -0700)]
mac80211: do not print WARN if config interface

It is expected that config interface will always succeed as mac80211
will only request what driver supports. The exception here is when a
device has rfkill enabled. At this time the rfkill state is unknown to
mac80211 and config interface can fail. When this happens we deal with
this error instead of printing a WARN.

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwl3945: use cancel_delayed_work_sync to cancel rfkill_poll
Reinette Chatre [Mon, 20 Apr 2009 21:37:01 +0000 (14:37 -0700)]
iwl3945: use cancel_delayed_work_sync to cancel rfkill_poll

Users reported lockup with work still trying to run
after module has been unloaded.

http://thread.gmane.org/gmane.linux.kernel.wireless.general/30594/focus=30601

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Reported-by: TJ <ubuntu@tjworld.net>
Reported-by: Huaxu Wan <huaxu.wan@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwlwifi: fix EEPROM validation mask to include OTP only devices
Jay Sternberg [Mon, 20 Apr 2009 21:36:54 +0000 (14:36 -0700)]
iwlwifi: fix EEPROM validation mask to include OTP only devices

Fix the bug where some revisions of 6000 series hardware cannot
be used. Later versions of 6000 series have the EEPROM replaced by
OTP. For these devices to be used we need to expand valid EEPROM mask.

Signed-off-by: Jay Sternberg <jay.e.sternberg@linux.intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoatmel: fix netdev ops conversion
Johannes Berg [Tue, 21 Apr 2009 09:08:51 +0000 (02:08 -0700)]
atmel: fix netdev ops conversion

sparse says:

drivers/net/wireless/atmel.c:1501:3: warning: Initializer entry defined twice
drivers/net/wireless/atmel.c:1505:3:   also defined here

and it's correct; atmel has its own ndo_change_mtu and
shouldn't use eth_change_mtu.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agopcnet_cs: add cis(firmware) of the Allied Telesis LA-PCM
Ken Kawasaki [Sat, 18 Apr 2009 13:44:44 +0000 (13:44 +0000)]
pcnet_cs: add cis(firmware) of the Allied Telesis LA-PCM

pcnet_cs: add cis(firmware) of the Allied Telesis LA-PCM

Signed-off-by: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Fix cleanup if workqueue create in mlx4_en_add() fails
Roland Dreier [Mon, 20 Apr 2009 18:32:08 +0000 (18:32 +0000)]
mlx4_en: Fix cleanup if workqueue create in mlx4_en_add() fails

If creating a workqueue fails, don't jump to the error path where that
same workqueue is destroyed, since destroy_workqueue() can't handle a
NULL pointer.

This was spotted by the Coverity checker (CID 2617).

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Move to SW counters for total bytes and packets
Yevgeny Petrilin [Mon, 20 Apr 2009 04:34:38 +0000 (04:34 +0000)]
mlx4_en: Move to SW counters for total bytes and packets

The per ring counters are implemented in SW. Now moving to have the total
counters as the sum of all rings. This way the numbers will always be consistent
and we no longer depend on HW buffer size limitations for those counters
that can be insufficient in some cases.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: use NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM for tx csum at initialization
Yevgeny Petrilin [Mon, 20 Apr 2009 04:33:15 +0000 (04:33 +0000)]
mlx4_en: use NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM for tx csum at initialization

The former usage was to set the NETIF_F_HW_CSUM flag which is not used
in get_tx_csum. It caused Ethtool to show tx checksum as "on" even
though it was turned off in previous operation.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Assign dummy event handler for TX queue
Yevgeny Petrilin [Mon, 20 Apr 2009 04:30:03 +0000 (04:30 +0000)]
mlx4_en: Assign dummy event handler for TX queue

The low level driver always assumes this handler exists.
The lack of it could cause kernel panic

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Fix a race at restart task
Yevgeny Petrilin [Mon, 20 Apr 2009 04:26:05 +0000 (04:26 +0000)]
mlx4_en: Fix a race at restart task

The query whether the port is up or not should be done at
the execution of the restart task and not when it is queued.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomlx4_en: Fix error handling while activating RX rings
Yevgeny Petrilin [Mon, 20 Apr 2009 04:24:28 +0000 (04:24 +0000)]
mlx4_en: Fix error handling while activating RX rings

In case of failure of either srq creation or page allocation,
the cleanup code handled the failed ring as well, and tried
to destroy resources that where not allocated.

Signed-off-by: Yevgeny Petrilin <yevgenyp@mellanox.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Mon, 20 Apr 2009 22:33:46 +0000 (15:33 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6

15 years agotg3: Fix SEEPROM accesses
Matt Carlson [Mon, 20 Apr 2009 21:52:29 +0000 (14:52 -0700)]
tg3: Fix SEEPROM accesses

The recent NVRAM patches sanitized how the driver deals with NVRAM
data, but they failed to bring the SEEPROM interfaces inline with
the new strategy.  This patch brings the SEEPROM interfaces up to date.
This patch also reverts commit 0d489ffb76de0fe804cf06a9d4d11fa7342d74b9
("tg3: fix big endian MAC address collection failure").

Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Tested-by: Robin Holt <holt@sgi.com>
Tested-by: James Bottomley <james.bottomley@HansenPartnership.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agomac80211: fix basic rate bitmap calculation
Johannes Berg [Sun, 19 Apr 2009 11:22:11 +0000 (13:22 +0200)]
mac80211: fix basic rate bitmap calculation

"mac80211: fix basic rates setting from association response"
introduced a copy/paste error.

Unfortunately, this not just leads to wrong data being passed
to the driver but is remotely exploitable for some hardware or
driver combinations.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: stable@kernel.org [2.6.29]
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomac80211: fix beacon loss detection after scan
Kalle Valo [Sun, 19 Apr 2009 05:47:19 +0000 (08:47 +0300)]
mac80211: fix beacon loss detection after scan

Currently beacon loss detection triggers after a scan. A probe request
is sent and a message like this is printed to the log:

wlan0: beacon loss from AP 00:12:17:e7:98:de - sending probe request

But in fact there is no beacon loss, the beacons are just not received
because of the ongoing scan. Fix it by updating last_beacon after
the scan has finished.

Reported-by: Jaswinder Singh Rajput <jaswinder@kernel.org>
Signed-off-by: Kalle Valo <kalle.valo@iki.fi>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agonl80211: Make nl80211_send_mlme_event() atomic
Jouni Malinen [Sat, 18 Apr 2009 18:53:15 +0000 (21:53 +0300)]
nl80211: Make nl80211_send_mlme_event() atomic

One of the code paths sending deauth/disassoc events ends up calling
this function with rcu_read_lock held, so we must use GFP_ATOMIC in
allocation routines.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoar9170usb: fix hang on resume
Christian Lamparter [Sat, 18 Apr 2009 15:12:18 +0000 (17:12 +0200)]
ar9170usb: fix hang on resume

This patch fixes a hang on resume when the filesystem is not
available and request_firmware blocks.

However, the device does not accept the firmware on resume.
and it will exit with:

> firmware part 1 upload failed (-71).
> device is in a bad state. please reconnect it!

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoMAC80211: Remove unused MAC80211_VERBOSE_SPECT_MGMT_DEBUG.
Robert P. J. Day [Sat, 18 Apr 2009 13:33:55 +0000 (09:33 -0400)]
MAC80211: Remove unused MAC80211_VERBOSE_SPECT_MGMT_DEBUG.

Remove this unused Kconfig variable, which Intel apparently once
promised to make use of but never did.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agomwl8k: fix module re-insertion bug
Joerg Albert [Sat, 18 Apr 2009 00:10:45 +0000 (02:10 +0200)]
mwl8k: fix module re-insertion bug

swap mwl8k_remove and mwl8k_shutdown functions to allow
"rmmod mwl8k; modprobe mwl8k"

Signed-off-by: Joerg Albert <jal2@gmx.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agop54: deactivate broken powersave function
Christian Lamparter [Fri, 17 Apr 2009 13:14:22 +0000 (15:14 +0200)]
p54: deactivate broken powersave function

This patch deactivates powersave in station mode.

It does not work correctly yet, so the code does more harm than good.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Christian Lamparter <chunkeey@web.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agoiwl3945-base.c: Add missing space to debug print
Joe Perches [Thu, 16 Apr 2009 23:23:26 +0000 (16:23 -0700)]
iwl3945-base.c: Add missing space to debug print

"not" is not printed without a space after %pM

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agort2x00: Don't free register information on suspend
Ivo van Doorn [Sat, 28 Mar 2009 19:51:58 +0000 (20:51 +0100)]
rt2x00: Don't free register information on suspend

After suspend & resume the rt2x00 devices won't wakeup
anymore due to a broken register information setup.
The most important problem is the release of the EEPROM
buffer which is completely cleared and never read again
after the suspend.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agonetfilter: bridge: allow fragmentation of VLAN packets traversing a bridge
hummerbliss@gmail.com [Mon, 20 Apr 2009 15:12:35 +0000 (17:12 +0200)]
netfilter: bridge: allow fragmentation of VLAN packets traversing a bridge

br_nf_dev_queue_xmit only checks for ETH_P_IP packets for fragmenting but not
VLAN packets. This results in dropping of large VLAN packets. This can be
observed when connection tracking is enabled. Connection tracking re-assembles
fragmented packets, and these have to re-fragmented when transmitting out. Also,
make sure only refragmented packets are defragmented as per suggestion from
Patrick McHardy.

Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
15 years agotun: Fix sk_sleep races when attaching/detaching
Herbert Xu [Sun, 19 Apr 2009 22:35:50 +0000 (22:35 +0000)]
tun: Fix sk_sleep races when attaching/detaching

As the sk_sleep wait queue actually lives in tfile, which may be
detached from the tun device, bad things will happen when we use
sk_sleep after detaching.

Since the tun device is the persistent data structure here (when
requested by the user), it makes much more sense to have the wait
queue live there.  There is no reason to have it in tfile at all
since the only time we can wait is if we have a tun attached.
In fact we already have a wait queue in tun_struct, so we might
as well use it.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agotun: Only free a netdev when all tun descriptors are closed
Herbert Xu [Sat, 18 Apr 2009 14:15:52 +0000 (14:15 +0000)]
tun: Only free a netdev when all tun descriptors are closed

The commit c70f182940f988448f3c12a209d18b1edc276e33 ("tun: Fix
races between tun_net_close and free_netdev") fixed a race where
an asynchronous deletion of a tun device can hose a poll(2) on
a tun fd attached to that device.

However, this came at the cost of moving the tun wait queue into
the tun file data structure.  The problem with this is that it
imposes restrictions on when and where the tun device can access
the wait queue since the tun file may change at any time due to
detaching and reattaching.

In particular, now that we need to use the wait queue on the
receive path it becomes difficult to properly synchronise this
with the detachment of the tun device.

This patch solves the original race in a different way.  Since
the race is only because the underlying memory gets freed, we
can prevent it simply by ensuring that we don't do that until
all tun descriptors ever attached to the device (even if they
have since be detached because they may still be sitting in poll)
have been closed.

This is done by using reference counting the attached tun file
descriptors.  The refcount in tun->sk has been reappropriated
for this purpose since it was already being used for that, albeit
from the opposite angle.

Note that we no longer zero tfile->tun since tun_get will return
NULL anyway after the refcount on tfile hits zero.  Instead it
represents whether this device has ever been attached to a device.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: Fix GRO for multiple page fragments
Ben Hutchings [Thu, 16 Apr 2009 08:04:20 +0000 (08:04 +0000)]
net: Fix GRO for multiple page fragments

This loop over fragments in napi_fraginfo_skb() was "interesting".

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluet...
David S. Miller [Mon, 20 Apr 2009 09:16:44 +0000 (02:16 -0700)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6