Pavel Roskin [Wed, 25 Oct 2006 02:41:27 +0000 (22:41 -0400)]
[PATCH] hostap_plx: fix CIS verification
The length of the manfid CIS should be at least 4, and it's normally 4.
It's incorrect to require it to be at least 5. This breaks support for
most (if not all) cards.
The right place to ensure that we don't access beyond the CIS buffer is
to strengthen another check. Make sure that the next tuple begins at
least at the CIS buffer end (in which case we stop processing) or
before that.
Reported by ph35sm@free.fr
Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jiri Benc [Wed, 18 Oct 2006 17:34:40 +0000 (19:34 +0200)]
[PATCH] ieee80211: don't flood log with errors
The "ieee80211: Workaround malformed 802.11 frames from AP" patch (see
http://kernel.org/git/?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=f09fc44d8c25f22c4d985bb93857338ed02feac6 )
fixes the problem with some buggy APs but also converts debug message into
an error one. This floods the log with errors when you are near such AP (you
get a message for every beacon). This patch reverts the error message back
to the debug one.
Signed-off-by: Jiri Benc <jbenc@suse.cz> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Atsushi Nemoto [Mon, 23 Oct 2006 15:21:27 +0000 (00:21 +0900)]
[MIPS] Fixup migration to GENERIC_TIME
Since we already moved to GENERIC_TIME, we should implement alternatives
of old do_gettimeoffset routines to get sub-jiffies resolution from
gettimeofday(). This patch includes:
* MIPS clocksource support (based on works by Manish Lachwani).
* remove unused gettimeoffset routines and related codes.
* remove unised 64bit do_div64_32().
* simplify mips_hpt_init. (no argument needed, __init tag)
* simplify c0_hpt_timer_init. (no need to write to c0_count)
* remove some hpt_init routines.
* mips_hpt_mask variable to specify bitmask of hpt value.
* convert jmr3927_do_gettimeoffset to jmr3927_hpt_read.
* convert ip27_do_gettimeoffset to ip27_hpt_read.
* convert bcm1480_do_gettimeoffset to bcm1480_hpt_read.
* simplify sb1250 hpt functions. (no need to subtract and shift)
In very rare circumstances would we be pruning a merged request and at
the same time delete the implicated cfqq from the rr_list, and not readd
it when the merged request got added. This could cause io stalls until
that process issued io again.
Fix it up by putting the rr_list add handling into cfq_add_rq_rb(),
identical to how pruning is handled in cfq_del_rq_rb(). This fixes a
hang reproducible with fsx-linux.
NeilBrown [Tue, 31 Oct 2006 06:07:21 +0000 (22:07 -0800)]
[PATCH] md: check bio address after mapping through partitions.
Partitions are not limited to live within a device. So we should range
check after partition mapping.
Note that 'maxsector' was being used for two different things. I have
split off the second usage into 'old_sector' so that maxsector can be still
be used for it's primary usage later in the function.
Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Michael Halcrow [Tue, 31 Oct 2006 06:07:19 +0000 (22:07 -0800)]
[PATCH] eCryptfs: Consolidate lower dentry_open's
Opens on lower dentry objects happen in several places in eCryptfs, and they
all involve the same steps (dget, mntget, dentry_open). This patch
consolidates the lower open events into a single function call.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Oleg Nesterov [Tue, 31 Oct 2006 06:07:15 +0000 (22:07 -0800)]
[PATCH] taskstats: fix sub-threads accounting
If there are no listeners, taskstats_exit_send() just returns because
taskstats_exit_alloc() didn't allocate *tidstats. This is wrong, each
sub-thread should do fill_tgid_exit() on exit, otherwise its ->delays is
not recorded in ->signal->stats and lost.
Q: We don't send TASKSTATS_TYPE_AGGR_TGID when single-threaded process
exits. Is it good? How can the listener figure out that it was actually a
process exit, not sub-thread?
Jeff Dike [Tue, 31 Oct 2006 06:07:14 +0000 (22:07 -0800)]
[PATCH] uml: add INITCALLS
This is the UML piece of the INITCALLS tidying.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Tue, 31 Oct 2006 06:07:13 +0000 (22:07 -0800)]
[PATCH] uml: add _text definition to linker scripts
kallsyms now refers to addresses as '_text + 0xADDRESS', rather than just
'0xADDRESS', so we need to define _text.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix a small memory leak in ubd_config, and clearify the confusion which lead
to it.
Then, some little changes not affecting operations -
* move init functions together,
* add a comment about a potential problem in case of some evolution in the block layer,
* mark all initcalls as static __init functions
* mark an used once little function as inline
* document that mconsole methods are all called in process context (was
triggered when checking ubd mconsole methods).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: do not store error codes as ->fd
To simplify error handling, make sure fd is saved into ubd_dev->fd only when
we are sure it is an fd and not an error code.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: use bitfields where possible
Use bitfields for boolean fields in ubd data structure.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Pure whitespace and style fixes split out from subsequent patch. Some changes
(err -> ret) don't make sense now, only later, but I split them out anyway
since they cluttered the patch.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: convert do_ubd to a boolean variable
do_ubd is actually just a boolean variable - the way it is used currently is a
leftover from the old 2.4 block layer, but it is still used; its use is
suspicious, but removing it would be too intrusive for now and needs more
thinking.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add some comments about requirements for ubd_io_lock and expand its use.
When an irq signals that the "controller" (i.e. another thread on the host,
which does the actual requests and is the only one blocked on I/O on the host)
has done some work, we call again the request function ourselves
(do_ubd_request).
We now do that with ubd_io_lock held - that's useful to protect against
concurrent calls to elv_next_request and so on.
XXX: Maybe we shouldn't call at all the request function. Input needed on
this. Are we supposed to plug and unplug the queue? That code "indirectly"
does that by setting a flag, called do_ubd, which makes the request function
return (it's a residual of 2.4 block layer interface).
Meanwhile, however, merge this patch, which improves things.
Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: change ubd_lock to be a mutex
This lock protects ubd setup and teardown, so is only used in process context;
beyond that, during such setup memory allocations must be performed and some
generic functions which can sleep must be called (such as add_disk()). So the
only correct solution is to make it a mutex instead of a spin_lock. No other
change is done - this lock must be acquired in different places but it's done
afterwards.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: give better names to some functions.
To rethink locking, I needed to understand well what each function does.
While doing this I renamed some:
* ubd_close -> ubd_close_dev (since it pairs with ubd_open_dev)
* ubd_new_disk -> ubd_disk_register (it handles registration with the block
layer - one hopes this makes clearer the difference with ubd_add())
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Rename the ubd_dev array to ubd_devs and then call any "struct ubd" ubd_dev
instead of dev, which doesn't make clear what we're treating (and no, it's not
hungarian notation - not any more than calling all vm_area_struct vma or all
inodes inode).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: document some struct fields
Add documentation about some fields in struct ubd, whose meaning is
non-obvious due to struct names (should change names altogether, I agree).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] uml ubd driver: allow using up to 16 UBD devices
With 256 minors and 16 minors used per each UBD device, we can allow the use
of up to 16 UBD devices per UML.
Also chnage parse_unit and leave to the caller (which already do it) the check
for excess numbers, since this is just supposed to do raw parsing.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Tue, 31 Oct 2006 06:07:03 +0000 (22:07 -0800)]
[PATCH] find_bd_holder() fix
fs/block_dev.c: In function 'find_bd_holder':
fs/block_dev.c:666: warning: return makes integer from pointer without a cast
fs/block_dev.c:669: warning: return makes integer from pointer without a cast
fs/block_dev.c: In function 'add_bd_holder':
fs/block_dev.c:685: warning: unused variable 'tmp'
fs/block_dev.c: In function 'bd_claim_by_kobject':
fs/block_dev.c:773: warning: assignment makes pointer from integer without a cast
James Morris [Tue, 31 Oct 2006 08:43:44 +0000 (00:43 -0800)]
[IPV6]: fix flowlabel seqfile handling
There's a bug in the seqfile show operation for flowlabel objects, where
each hash chain is traversed cumulatively for each element. The following
function is called for each element of each chain:
Thus, objects can appear mutliple times when reading
/proc/net/ip6_flowlabel, as the above is called for each element in the
chain.
The solution is to remove the while() loop from the above, and traverse
each chain exactly once, per the patch below. This also removes the
ip6fl_fl_seq_show() function, which does nothing else.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Jamie Lenehan [Tue, 31 Oct 2006 03:35:02 +0000 (12:35 +0900)]
sh: Fix IPR-IRQ's for IRQ-chip change breakage.
The conversion from IPR-IRQ to IRQ-chip resulted in the
ipr data being allocated in a local variable in
make_ipr_irq - breaking anything using IPR interrupts.
This changes all of the callers of make_ipr_irq to
allocate a static structure containing the IPR data which
is then passed to make_ipr_irq. This removes the need for
make_ipr_irq to allocate any additional space for the IPR
information.
Signed-off-by: Jamie Lenehan <lenehan@twibble.org> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
David S. Miller [Mon, 30 Oct 2006 00:32:31 +0000 (16:32 -0800)]
[SPARC64]: Fix Tomatillo/Schizo IRQ handling.
The code in schizo_irq_trans_init() should set irq_data->sync_reg
to the location of the SYNC register if this is Tomatillo, and set
it to zero otherwise. But that is not what it is doing.
As a result, non-Tomatillo systems were trying to access a
non-existent register resulting in bus errors at the first
PCI interrupt.
Thanks to Roland Stigge for the bug report.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 31 Oct 2006 03:31:20 +0000 (19:31 -0800)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] MIPS doesn't need compat_sys_getdents.
[MIPS] JMR3927: Fixup another victim of the irq pt_regs cleanup.
[MIPS] EMMA 2 / Markeins: struct resource takes physical addresses.
[MIPS] EMMA 2 / Markeins: Convert to name struct resource initialization.
[MIPS] EMMA 2 / Markeins: Formitting fixes split from actual address fixes.
[MIPS] EMMA 2 / Markeins: Fix build wreckage due to genirq wreckage.
[MIPS] Ocelot G: Fix build error and numerous warnings.
[MIPS] Fix return value of TXX9 SPI interrupt handler
[MIPS] Au1000: Fix warning about unused variable.
[MIPS] Wire up getcpu(2) and epoll_wait(2) syscalls.
[MIPS] Make SB1 cache flushes not to use on_each_cpu
[MIPS] Fix warning about unused definition in c-sb1.c
[MIPS] SMTC: Make 8 the default number of processors.
[MIPS] Oprofile: Fix MIPSxx counter number detection.
[MIPS] Au1xx0 code sets incorrect mips_hpt_frequency
[MIPS] Oprofile: fix on non-VSMP / non-SMTC SMP configurations.
Jun'ichi Nomura [Mon, 30 Oct 2006 21:23:56 +0000 (16:23 -0500)]
[PATCH] clean up add_bd_holder()
add_bd_holder() is called from bd_claim_by_kobject to put a given struct
bd_holder in the list if there is no matching entry.
There are 3 possible results of add_bd_holder():
1. there is no matching entry and add the given one to the list
2. there is matching entry, so just increment reference count of
the existing one
3. something failed during its course
1 and 2 are successful cases. But for case 2, someone has to free the
unused struct bd_holder.
The current code frees it inside of add_bd_holder and returns same value
0 for both cases 1 and 2. However, it's natural and less error-prone if
caller frees it since it's allocated by the caller.
James Morris [Tue, 31 Oct 2006 02:56:06 +0000 (18:56 -0800)]
[IPV6]: return EINVAL for invalid address with flowlabel lease request
Currently, when an application requests a lease for a flowlabel via the
IPV6_FLOWLABEL_MGR socket option, no error is returned if an invalid type
of destination address is supplied as part of the request, leading to a
silent failure. This patch ensures that EINVAL is returned to the
application in this case.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 31 Oct 2006 02:55:11 +0000 (18:55 -0800)]
[SCTP]: Remove temporary associations from backlog and hash.
Every time SCTP creates a temporary association, the stack hashes it,
puts it on a list of endpoint associations and increments the backlog.
However, the lifetime of a temporary association is the processing time
of a current packet and it's destroyed after that. In fact, we don't
really want anyone else finding this association. There is no reason to
do this extra work.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 31 Oct 2006 02:54:32 +0000 (18:54 -0800)]
[SCTP]: Correctly set IP id for SCTP traffic
Make SCTP 1-1 style and peeled-off associations behave like TCP when
setting IP id. In both cases, we set the inet_sk(sk)->daddr and initialize
inet_sk(sk)->id to a random value.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Mon, 30 Oct 2006 23:22:15 +0000 (15:22 -0800)]
[NetLabel]: protect the CIPSOv4 socket option from setsockopt()
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket. The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send. The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.
Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes bug in iptables modules refcounting on compat error way.
As we are getting modules in check_compat_entry_size_and_hooks(), in case of
later error, we should put them all in translate_compat_table(), not in the
compat_copy_entry_from_user() or compat_copy_match_from_user(), as it is now.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Vasily Averin <vvs@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Martin Josefsson [Mon, 30 Oct 2006 23:13:58 +0000 (15:13 -0800)]
[NETFILTER]: nf_conntrack: add missing unlock in get_next_corpse()
Add missing unlock in get_next_corpse() in nf_conntrack. It was missed
during the removal of listhelp.h . Also remove an unneeded use of
nf_ct_tuplehash_to_ctrack() in the same function.
Should be applied before 2.6.19 is released.
Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Vasily Averin [Mon, 30 Oct 2006 23:13:28 +0000 (15:13 -0800)]
[NETFILTER]: ip_tables: compat error way cleanup
This patch adds forgotten compat_flush_offset() call to error way of
translate_compat_table(). May lead to table corruption on the next
compat_do_replace().
Signed-off-by: Vasily Averin <vvs@openvz.org> Acked-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Mishin [Mon, 30 Oct 2006 23:12:55 +0000 (15:12 -0800)]
[NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables
There is a number of issues in parsing user-provided table in
translate_table(). Malicious user with CAP_NET_ADMIN may crash system by
passing special-crafted table to the *_tables.
The first issue is that mark_source_chains() function is called before entry
content checks. In case of standard target, mark_source_chains() function
uses t->verdict field in order to determine new position. But the check, that
this field leads no further, than the table end, is in check_entry(), which
is called later, than mark_source_chains().
The second issue, that there is no check that target_offset points inside
entry. If so, *_ITERATE_MATCH macro will follow further, than the entry
ends. As a result, we'll have oops or memory disclosure.
And the third issue, that there is no check that the target is completely
inside entry. Results are the same, as in previous issue.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Acked-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
James Morris [Mon, 30 Oct 2006 23:08:42 +0000 (15:08 -0800)]
[IPV6]: fix lockup via /proc/net/ip6_flowlabel
There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where,
after finding a flowlabel, the code will loop forever not finding any
further flowlabels, first traversing the rest of the hash bucket then just
looping.
This patch fixes the problem by breaking after the hash bucket has been
traversed.
Note that this bug can cause lockups and oopses, and is trivially invoked
by an unpriveleged user.
Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Mon, 30 Oct 2006 07:46:42 +0000 (23:46 -0800)]
[SCTP]: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550).
It turns out that SCTP wasn't written to handle skb fragments at
all. The absence of any calls to skb_may_pull is testament to
that.
It just so happens that Xen creates fragmented packets more often
than other scenarios (header & data split when going from domU to
dom0). That's what caused this bug to show up.
Until someone has the time sits down and audits the entire net/sctp
directory, here is a conservative and safe solution that simply
linearises all packets on input.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Randy Dunlap [Mon, 30 Oct 2006 00:03:30 +0000 (16:03 -0800)]
[DCCP]: fix printk format warnings
Fix printk format warnings:
build2.out:net/dccp/ccids/ccid2.c:355: warning: long long unsigned int format, u64 arg (arg 3)
build2.out:net/dccp/ccids/ccid2.c:360: warning: long long unsigned int format, u64 arg (arg 3)
build2.out:net/dccp/ccids/ccid2.c:482: warning: long long unsigned int format, u64 arg (arg 5)
build2.out:net/dccp/ccids/ccid2.c:639: warning: long long unsigned int format, u64 arg (arg 3)
build2.out:net/dccp/ccids/ccid2.c:639: warning: long long unsigned int format, u64 arg (arg 4)
build2.out:net/dccp/ccids/ccid2.c:674: warning: long long unsigned int format, u64 arg (arg 3)
build2.out:net/dccp/ccids/ccid2.c:720: warning: long long unsigned int format, u64 arg (arg 3)
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 29 Oct 2006 23:59:41 +0000 (15:59 -0800)]
[NET]: Fix segmentation of linear packets
skb_segment fails to segment linear packets correctly because it
tries to write all linear parts of the original skb into each
segment. This will always panic as each segment only contains
enough space for one MSS.
This was not detected earlier because linear packets should be
rare for GSO. In fact it still remains to be seen what exactly
created the linear packets that triggered this bug. Basically
the only time this should happen is if someone enables GSO
emulation on an interface that does not support SG.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 27 Oct 2006 22:29:47 +0000 (15:29 -0700)]
[XFRM] xfrm_user: Fix unaligned accesses.
Use memcpy() to move xfrm_address_t objects in and out
of netlink messages. The vast majority of xfrm_user was
doing this properly, except for copy_from_user_state()
and copy_to_user_state().
Signed-off-by: David S. Miller <davem@davemloft.net>
Ralf Baechle [Mon, 30 Oct 2006 12:52:16 +0000 (12:52 +0000)]
[MIPS] Ocelot G: Fix build error and numerous warnings.
The cause of the build errors was a 64-bit kernel being configured in
ocelot_g_defconfig without the code being 64-bit proof. Fixed for now
by limiting 64-bit selection to SYS_SUPPORTS_64BIT_KERNEL if BROKEN.
Albert Cahalan [Mon, 30 Oct 2006 03:26:17 +0000 (22:26 -0500)]
[PATCH] fix i386 regparm=3 RT signal handlers on x86_64
The recent change to make x86_64 support i386 binaries compiled
with -mregparm=3 only covered signal handlers without SA_SIGINFO.
(the 3-arg "real-time" ones) This is useful for klibc at least.
Signed-off-by: Albert Cahalan <acahalan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Mon, 30 Oct 2006 06:46:45 +0000 (22:46 -0800)]
[PATCH] sunrpc: fix refcounting problems in rpc servers
A recent patch fixed a problem which would occur when the refcount on an
auth_domain reached zero. This problem has not been reported in practice
despite existing in two major kernel releases because the refcount can
never reach zero.
This patch fixes the problems that stop the refcount reaching zero.
1/ We were adding to the refcount when inserting in the hash table,
but only removing from the hashtable when the refcount reached zero.
Obviously it never would. So don't count the implied reference of
being in the hash table.
2/ There are two paths on which a socket can be destroyed. One called
svcauth_unix_info_release(). The other didn't. So when the other was
taken, we can lose a reference to an ip_map which in-turn holds a
reference to an auth_domain
So unify the exit paths into svc_sock_put. This highlights the fact
that svc_delete_socket has slightly odd semantics - it does not drop
a reference but probably should. Fixing this need a bit more
thought and testing.
Signed-off-by: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
akpm@osdl.org [Mon, 30 Oct 2006 06:46:42 +0000 (22:46 -0800)]
[PATCH] uml: fix compilation options for USER_OBJS
From: Jeff Dike <jdike@addtoit.com>, Paolo Giarrusso <blaisorblade@yahoo.it>
Make sure that when compiling USER_OBJS the correct compilation options are
passed; since they are compiled with USER_CFLAGS which is derived from
CFLAGS, make sure it is a recursively evaluated variable, so that changes
to CFLAGS done afterwards the inclusion of arch/$(ARCH)/Makefile are
reflected in USER_CFLAGS.
For instance, without this patch userspace objects are never compiled with
debug info active.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Fix "Remove the use of _syscallX macros in UML"
Fix commit 5f4c6bc1f369f20807a8e753c2308d1629478c61: it spits out warnings
about missing syscall prototype (it is in <unistd.h>) and it does not
recognize that two uses of _syscallX are to be resolved against kernel
headers in the source tree, not against _syscallX; they in fact do not
compile and would not work anyway.
If _syscallX macros will be removed from the kernel tree altogether, the
only reasonable solution for that piece of code is switching to open-coded
inline assembly (it's remapping the whole executable from memory, except
the page containing this code).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Mon, 30 Oct 2006 06:46:40 +0000 (22:46 -0800)]
[PATCH] docbook: make a filesystems book
Make a filesystems DocBook book/file by moving all filesystems info from
kernel-api.tmpl. Will also merge journal-api.tmpl into it soon (with
permission from Roger Gammans). Localizes filesystem info and reduces size
of the huge (produced) kernel-api output files.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Mon, 30 Oct 2006 06:46:40 +0000 (22:46 -0800)]
[PATCH] MTD: fix last kernel-doc warning
Fix the last current kernel-doc warning:
Warning(/var/linsrc/linux-2619-rc3g5//include/linux/mtd/nand.h:416): No description found for parameter 'write_page'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
When gigaset_initbcs() is called, cs->dev is not initialized yet. If
dev_alloc_skb() failed in this function, NULL poinster dereference will
happen at dev_warn().
Cc: Kai Germaschewski <kai.germaschewski@gmx.de> Cc: Hansjoerg Lipp <hjlipp@web.de> Cc: Tilman Schmidt <tilman@imap.cc> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Randy Dunlap [Mon, 30 Oct 2006 06:46:34 +0000 (22:46 -0800)]
[PATCH] ndiswrapper: don't set the module->taints flags
For ndiswrapper, don't set the module->taints flags, just set the kernel
global tainted flag. This should allow ndiswrapper to continue to use GPL
symbols.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Florin Malita <fmalita@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>