Herbert Xu [Thu, 21 Sep 2006 01:44:08 +0000 (11:44 +1000)]
[CRYPTO] cipher: Added block ciphers for CBC/ECB
This patch adds two block cipher algorithms, CBC and ECB. These
are implemented as templates on top of existing single-block cipher
algorithms. They invoke the single-block cipher through the new
encrypt_one/decrypt_one interface.
This also optimises the in-place encryption and decryption to remove
the cost of an IV copy each round.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 21 Aug 2006 14:07:53 +0000 (00:07 +1000)]
[CRYPTO] cipher: Added block cipher type
This patch adds the new type of block ciphers. Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data. As it is block-based,
it will skip any data remaining at the end which cannot form a block.
The block cipher has one major difference when compared to the existing
block cipher implementation. The sg walking is now performed by the
algorithm rather than the cipher mid-layer. This is needed for drivers
that directly support sg lists. It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.
In future the existing cipher algorithm will be converted to only have
a single-block interface. This will be done after all existing users
have switched over to the new block cipher type.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 12 Aug 2006 11:56:17 +0000 (21:56 +1000)]
[CRYPTO] scatterwalk: Prepare for block ciphers
This patch prepares the scatterwalk code for use by the new block cipher
type.
Firstly it halves the size of scatter_walk on 32-bit platforms. This
is important as we allocate at least two of these objects on the stack
for each block cipher operation.
It also exports the symbols since the block cipher code can be built as
a module.
Finally there is a hack in scatterwalk_unmap that relies on progress
being made. Unfortunately, for hardware crypto we can't guarantee
progress to be made since the hardware can fail.
So this also gets rid of the hack by not advancing the address returned
by scatterwalk_map.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 13 Aug 2006 10:58:18 +0000 (20:58 +1000)]
[CRYPTO] cipher: Added encrypt_one/decrypt_one
This patch adds two new operations for the simple cipher that encrypts or
decrypts a single block at a time. This will be the main interface after
the existing block operations have moved over to the new block ciphers.
It also adds the crypto_cipher type which is currently only used on the
new operations but will be extended to setkey as well once existing users
have been converted to use block ciphers where applicable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 21 Aug 2006 14:06:54 +0000 (00:06 +1000)]
[CRYPTO] api: Added crypto_type support
This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.
The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 30 Jul 2006 01:53:45 +0000 (11:53 +1000)]
[CRYPTO] api: Feed flag directly to crypto_yield
The sleeping flag used to determine whether crypto_yield can actually
yield is really a per-operation flag rather than a per-tfm flag. This
patch changes crypto_yield to take a flag directly so that we can start
using a per-operation flag instead the tfm flag.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 30 Jul 2006 01:53:01 +0000 (11:53 +1000)]
[CRYPTO] api: Added crypto_alloc_base
Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types. As a result of that, we check the types at run-time before
each crypto operation.
This is rather cumbersome. We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time. That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm. The appropriate type would then be required for the
actual operations such as crypto_digest_digest.
Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants. However, crypto_alloc_tfm currently does not expose these new
attributes.
This patch introduces the function crypto_alloc_base which will carry
these new parameters. It will be renamed to crypto_alloc_tfm once
all existing users have been converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 21 Aug 2006 11:18:50 +0000 (21:18 +1000)]
[CRYPTO] s390: Added missing driver name and priority
Accelerated versions of crypto algorithms must carry a distinct driver name
and priority in order to distinguish themselves from their generic counter-
part.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 6 Aug 2006 13:10:45 +0000 (23:10 +1000)]
[CRYPTO] api: Add common instance initialisation code
This patch adds the helpers crypto_get_attr_alg and crypto_alloc_instance
which can be used by simple one-argument templates like hmac to process
input parameters and allocate instances.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 14 Jul 2006 00:42:27 +0000 (10:42 +1000)]
[CRYPTO] cipher: Removed special IV checks for ECB
This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG(). This is needed to generalise CBC/ECB using the template
mechanism.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 9 Jul 2006 04:49:42 +0000 (14:49 +1000)]
[CRYPTO] digest: Store temporary digest in tfm
When the final result location is unaligned, we store the digest in a
temporary buffer before copying it to the final location. Currently
that buffer sits on the stack. This patch moves it to an area in the
tfm, just like the CBC IV buffer.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 13 Aug 2006 04:16:39 +0000 (14:16 +1000)]
[CRYPTO] api: Get rid of flags argument to setkey
Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.
This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.
Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm. The redundant check from crypto_digest_setkey
is also removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 6 Aug 2006 13:03:08 +0000 (23:03 +1000)]
[CRYPTO] crc32c: Fix unconventional setkey usage
The convention for setkey is that once it is set it should not change,
in particular, init must not wipe out the key set by it. In fact, init
should always be used after setkey before any digestion is performed.
The only user of crc32c that sets the key is tcrypt. This patch adds
the necessary init calls there.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Michal Ludvig [Sun, 6 Aug 2006 12:46:20 +0000 (22:46 +1000)]
[CRYPTO] padlock: Get rid of padlock-generic.c
Merge padlock-generic.c into padlock-aes.c and compile
AES as a standalone module. We won't make a monolithic
padlock.ko with all supported algorithms, instead we'll
compile each driver into its own module.
Signed-off-by: Michal Ludvig <michal@logix.cz> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Michal Ludvig [Sat, 8 Jul 2006 22:59:38 +0000 (08:59 +1000)]
[CRYPTO] sha: Add module aliases for sha1 / sha256
Crypto modules should be loadable by their .cra_driver_name, so
we should make MODULE_ALIAS()es with these names. This patch adds
aliases for SHA1 and SHA256 only as that's what we need for
PadLock-SHA driver.
Signed-off-by: Michal Ludvig <michal@logix.cz> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 21 Sep 2006 01:39:29 +0000 (11:39 +1000)]
[CRYPTO] api: Added spawns
Spawns lock a specific crypto algorithm in place. They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm. When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 21 Sep 2006 01:35:17 +0000 (11:35 +1000)]
[CRYPTO] api: Allow algorithm lookup by type
This patch also adds the infrastructure to pick an algorithm based on
their type. For example, this allows you to select the encryption
algorithm "aes", instead of any algorithm registered under the name
"aes". For now this is only accessible internally. Eventually it
will be made available through crypto_alloc_tfm.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Thu, 21 Sep 2006 01:31:44 +0000 (11:31 +1000)]
[CRYPTO] api: Add cryptomgr
The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.
This is meant to satisfy the needs for most users. For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 6 Aug 2006 11:23:26 +0000 (21:23 +1000)]
[CRYPTO] api: Added event notification
This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes). In
future this will also be passed onto user-space through netlink.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 6 Aug 2006 11:16:34 +0000 (21:16 +1000)]
[CRYPTO] api: Add template registration
A crypto_template generates a crypto_alg object when given a set of
parameters. this patch adds the basic data structure fo templates
and code to handle their registration/deregistration.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Mon, 21 Aug 2006 11:08:13 +0000 (21:08 +1000)]
[CRYPTO] api: Split out low-level API
The crypto API is made up of the part facing users such as IPsec and the
low-level part which is used by cryptographic entities such as algorithms.
This patch splits out the latter so that the two APIs are more clearly
delineated. As a bonus the low-level API can now be modularised if all
algorithms are built as modules.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 6 Aug 2006 09:49:12 +0000 (19:49 +1000)]
[IPSEC]: Move linux/crypto.h inclusion out of net/xfrm.h
The header file linux/crypto.h is only needed by a few files so including
it in net/xfrm.h (which is included by half of the networking stack) is a
waste. This patch moves it out of net/xfrm.h and into the specific header
files that actually need it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 6 Aug 2006 10:28:44 +0000 (20:28 +1000)]
[CRYPTO] api: Add crypto_alg reference counting
Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us. This was good enough
as long as each crypto_alg came from exactly one module.
However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate. This means that we need to count the
references to the crypto_alg object directly.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sat, 27 May 2006 23:05:24 +0000 (09:05 +1000)]
[CRYPTO] api: Rename crypto_alg_get to crypto_mod_get
The functions crypto_alg_get and crypto_alg_put operates on the crypto
modules rather than the algorithms. Therefore it makes sense to call
them crypto_mod_get and crypto_alg_put respectively.
This is needed because we need to have real algorithm reference counters
for parameterised algorithms as they can be unregistered from below by
when their parameter algorithms are themselves unregistered.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Full Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-x86_64.txt
Here is another bonnie++ benchmark with encrypted filesystems. Most runs maxed
out the hd. It should give some idea what the module can do for encrypted filesystem
performance even though you can't see the full numbers.
Full Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-i586.txt
Here is another bonnie++ benchmark with encrypted filesystems. All runs with
the twofish assembler modules max out the drivespeed. It should give some
idea what the module can do for encrypted filesystem performance even though
you can't see the full numbers.
Joachim Fritschi [Tue, 20 Jun 2006 10:37:23 +0000 (20:37 +1000)]
[CRYPTO] twofish: Split out common c code
This patch splits up the twofish crypto routine into a common part ( key
setup ) which will be uses by all twofish crypto modules ( generic-c , i586
assembler and x86_64 assembler ) and generic-c part. It also creates a new
header file which will be used by all 3 modules.
This eliminates all code duplication.
Correctness was verified with the tcrypt module and automated test scripts.
Signed-off-by: Joachim Fritschi <jfritschi@freenet.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 21 Aug 2006 11:03:52 +0000 (21:03 +1000)]
[CRYPTO] api: Fixed crypto_tfm context alignment
Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.
This patch changes it to use kmalloc's minimum alignment.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Merge branch 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6
* 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6:
NFS: Fix nfs_page use after free issues in fs/nfs/write.c
NFSv4: Fix incorrect semaphore release in _nfs4_do_open()
NFS: Fix Oopsable condition in nfs_readpage_sync()
Those changes were needed for EFI-environment Intel macs, but broke some
newer Intel 965 boards, so for now it's better to revert to our old
2.6.17 behaviour and at least avoid introducing any new breakage.
Andi Kleen has a set of patches that work with both EFI and the broken
Intel 965 boards, which will be applied once they get wider testing.
Cc: Arjan van de Ven <arjan@infradead.org> Cc: Edgar Hucek <hostmaster@ed-soft.at> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* git://git.infradead.org/mtd-2.6:
[MTD] Use SEEK_{SET,CUR,END} instead of hardcoded values in mtdchar lseek()
MTD: Fix bug in fixup_convert_atmel_pri
[JFFS2][SUMMARY] Fix a summary collecting bug.
[PATCH] [MTD] DEVICES: Fill more device IDs in the structure of m25p80
MTD: Add lock/unlock operations for Atmel AT49BV6416
MTD: Convert Atmel PRI information to AMD format
fs/jffs2/xattr.c: remove dead code
[PATCH] [MTD] Maps: Add dependency on alternate probe methods to physmap
[PATCH] MTD: Add Macronix MX29F040 to JEDEC
[MTD] Fixes of performance and stability issues in CFI driver.
block2mtd.c: Make kernel boot command line arguments work (try 4)
[MTD NAND] Fix lookup error in nand_get_flash_type()
remove #error on !PCI from pmc551.c
MTD: [NAND] Fix the sharpsl driver after breakage from a core conversion
[MTD] NAND: OOB buffer offset fixups
make fs/jffs2/nodelist.c:jffs2_obsolete_node_frag() static
[PATCH] [MTD] NAND: fix dead URL in Kconfig
Dave Kleikamp [Tue, 19 Sep 2006 03:12:33 +0000 (20:12 -0700)]
[PATCH] EXT2: Remove superblock lock contention in ext2_statfs
Fix a performance degradation introduced in 2.6.17. (30% degradation
running dbench with 16 threads)
Commit 21730eed11de42f22afcbd43f450a1872a0b5ea1, which claims to make
EXT2_DEBUG work again, moves the taking of the kernel lock out of
debug-only code in ext2_count_free_inodes and ext2_count_free_blocks and
into ext2_statfs.
Matthew Wilcox [Tue, 19 Sep 2006 03:12:27 +0000 (20:12 -0700)]
[PATCH] headers_check: Clean up asm-parisc/page.h for user headers
Remove definitions of PAGE_* from the user view
Delete unnecessary comments referring to the size of pages
Only include <asm-generic> if we're in __KERNEL__
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
as it turns out, the bug is caused by handle_level_irq(), which if it
races with another CPU already handling this IRQ, it _unmasks_ the IRQ
line on the way out. This is not how 2.6.17 works, and we introduced
this bug in one of the early genirq cleanups right before it went into
-mm. (the bug was not in the genirq patchset for a long time, and we
didnt notice the bug due to the lack of -rt rebase to the new genirq
code. -rt, and hardirq-preemption in particular opens up such races much
wider than anything else.)
Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It turns out that eflags is important to save and restore not just
because of iopl, but due to the magic bits like the NT bit, which we
don't want leaking between different threads.
Tested-by: Mike Galbraith <efault@gmx.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[ATM] CLIP: Do not refer freed skbuff in clip_mkip().
[NET]: Drop tx lock in dev_watchdog_up
[PACKET]: Don't truncate non-linear skbs with mmaped IO
[NET]: Mark frame diverter for future removal.
[NETFILTER]: Add secmark headers to header-y
[ATM]: linux-atm-general mailing list is subscribers only
[ATM]: [he] when transmit fails, unmap the dma regions
[TCP] tcp-lp: update information to MAINTAINERS
[TCP] tcp-lp: bug fix for oops in 2.6.18-rc6
[BRIDGE]: random extra bytes on STP TCN packet
[IPV6]: Accept -1 for IPV6_TCLASS
[IPV6]: Fix tclass setting for raw sockets.
[IPVS]: remove the debug option go ip_vs_ftp
[IPVS]: Make sure ip_vs_ftp ports are valid
[IPVS]: auto-help for ip_vs_ftp
[IPVS]: Document the ports option to ip_vs_ftp in kernel-parameters.txt
[TCP]: Turn ABC off.
[NEIGH]: neigh_table_clear() doesn't free stats
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 3815/1: headers_install support for ARM
[ARM] 3794/1: S3C24XX: do not defined set_irq_wake when no CONFIG_PM
[ARM] 3793/1: S3C2412: fix wrong serial info struct
[ARM] 3780/1: Fix iop321 cpuid
[ARM] 3786/1: pnx4008: update defconfig
[ARM] 3785/1: S3C2412: Fix idle code as default uses wrong clocks
[ARM] 3784/1: S3C2413: fix config for MACH_S3C2413/MACH_SMDK2413
Ben Dooks [Mon, 18 Sep 2006 12:30:17 +0000 (13:30 +0100)]
[ARM] 3793/1: S3C2412: fix wrong serial info struct
Patch from Ben Dooks
The S3C2440 serial info struct is being passed
through the S3C2412 serial info struct probe
routine.
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Thomas Glexiner <tglx@linutronix.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
David S. Miller [Mon, 18 Sep 2006 08:47:13 +0000 (01:47 -0700)]
[OPENPROMIO]: Handle current_node being NULL correctly.
If the user tries to traverse to the next node of the
last node, we get NULL in current_node and a zero phandle
returned. That's fine, but if the user tries to obtain
properties in that state, we try to dereference a NULL
pointer in the downcall to the of_*() routines.
So protect against that.
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Mon, 18 Sep 2006 07:22:30 +0000 (00:22 -0700)]
[NET]: Drop tx lock in dev_watchdog_up
Fix lockdep warning with GRE, iptables and Speedtouch ADSL, PPP over ATM.
On Sat, Sep 02, 2006 at 08:39:28PM +0000, Krzysztof Halasa wrote:
>
> =======================================================
> [ INFO: possible circular locking dependency detected ]
> -------------------------------------------------------
> swapper/0 is trying to acquire lock:
> (&dev->queue_lock){-+..}, at: [<c02c8c46>] dev_queue_xmit+0x56/0x290
>
> but task is already holding lock:
> (&dev->_xmit_lock){-+..}, at: [<c02c8e14>] dev_queue_xmit+0x224/0x290
>
> which lock already depends on the new lock.
This turns out to be a genuine bug. The queue lock and xmit lock are
intentionally taken out of order. Two things are supposed to prevent
dead-locks from occuring:
1) When we hold the queue_lock we're supposed to only do try_lock on the
tx_lock.
2) We always drop the queue_lock after taking the tx_lock and before doing
anything else.
>
> the existing dependency chain (in reverse order) is:
>
> -> #1 (&dev->_xmit_lock){-+..}:
> [<c012e7b6>] lock_acquire+0x76/0xa0
> [<c0336241>] _spin_lock_bh+0x31/0x40
> [<c02d25a9>] dev_activate+0x69/0x120
This path obviously breaks assumption 1) and therefore can lead to ABBA
dead-locks.
I've looked at the history and there seems to be no reason for the lock
to be held at all in dev_watchdog_up. The lock appeared in day one and
even there it was unnecessary. In fact, people added __dev_watchdog_up
precisely in order to get around the tx lock there.
The function dev_watchdog_up is already serialised by rtnl_lock since
its only caller dev_activate is always called under it.
So here is a simple patch to remove the tx lock from dev_watchdog_up.
In 2.6.19 we can eliminate the unnecessary __dev_watchdog_up and
replace it with dev_watchdog_up.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Mon, 18 Sep 2006 06:59:57 +0000 (23:59 -0700)]
[PACKET]: Don't truncate non-linear skbs with mmaped IO
Non-linear skbs are truncated to their linear part with mmaped IO.
Fix by using skb_copy_bits instead of memcpy.
Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
The code for frame diverter is unmaintained and has bitrotted.
The number of users is very small and the code has lots of problems.
If anyone is using it, they maybe exposing themselves to bad packet attacks.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
James Morris [Thu, 14 Sep 2006 04:04:55 +0000 (21:04 -0700)]
[NETFILTER]: Add secmark headers to header-y
This patch includes xt_SECMARK.h and xt_CONNSECMARK.h to the kernel
headers which are exported via 'make headers_install'. This is needed to
allow userland code to be built correctly with these features.
Please apply, and consider for inclusion with 2.6.18 as a bugfix.
Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Sorry that the patch submited yesterday still contain a small bug.
This version have already been test for hours with BT connections. The
oops is now difficult to reproduce.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This patch should add support for -1 as "default" IPv6 traffic class,
as specified in IETF RFC3542 ยง6.5. Within the kernel, it seems tclass
< 0 is already handled, but setsockopt, getsockopt and recvmsg calls
won't accept it from userland.
Signed-off-by: Remi Denis-Courmont <rdenis@simphalempin.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Turn Appropriate Byte Count off by default because it unfairly
penalizes applications that do small writes. Add better documentation
to describe what it is so users will understand why they might want to
turn it on.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
neigh_table_clear() doesn't free tbl->stats.
Found by Alexey Kuznetsov. Though Alexey considers this
leak minor for mainstream, I still believe that cleanup
code should not forget to free some of the resources :)
At least, this is critical for OpenVZ with virtualized
neighbour tables.
Signed-Off-By: Kirill Korotaev <dev@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Frank Pavlic [Fri, 15 Sep 2006 14:27:02 +0000 (16:27 +0200)]
[PATCH] s390: qeth driver fixes [6/6]
[PATCH 9/9] s390: qeth driver fixes [6/6]
From: Frank Pavlic <fpavlic@de.ibm.com>
- Hipersockets has no IPV6 support, thus prevent issueing
SETRTG_IPV6 control commands on Hipersockets devices.
- fixed error handling in qeth_sysfs_(un)register
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:26:52 +0000 (16:26 +0200)]
[PATCH] s390: qeth driver fixes [5/6]
[PATCH 8/9] s390: qeth driver fixes [5/6]
From: Frank Pavlic <fpavlic@de.ibm.com>
fix kernel panic in qdio queue handling.
qeth_qdio_clear_card() could be invoked by 2 CPUs
simultaneously (for example reboot event and recovery).
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:26:34 +0000 (16:26 +0200)]
[PATCH] s390: qeth driver fixes [4/6]
[PATCH 7/9] s390: qeth driver fixes [4/6]
From: Frank Pavlic <fpavlic@de.ibm.com>
- fix kernel crash due to race,
set card->state to SOFTSETUP after
card and card->dev are initialized properly.
- remove CONFIG_QETH_PERF_STATS, use sysfs attribute instead,
as we want to have the ability to turn on/off the
statistics at runtime.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:26:19 +0000 (16:26 +0200)]
[PATCH] s390: qeth driver fixes [3/6]
[PATCH 6/9] s390: qeth driver fixes [3/6]
From: Frank Pavlic <fpavlic@de.ibm.com>
fixed kernel panic caused by qeth driver:
Using a bonding device qeth driver will realloc
headroom for every skb coming from the bond device.
Once this happens qeth frees the original skb and
set the skb pointer to the new realloced skb.
Under heavy transmit workload (e.g.UDP streams) through bond
network device the qdio output queue might get full.
In this case we return with EBUSY from qeth_send_packet.
Returning to qeth_hard_start_xmit routine
the skb address on the stack still points to the old address,
which has been freed before.
Returning from qeth_hard_start_xmit with EBUSY results in
requeuing the skb. In this case it corrupts the qdisc queue
and results in kernel panic.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:25:56 +0000 (16:25 +0200)]
[PATCH] s390: qeth driver fixes [1/6]
[PATCH 4/9] s390: qeth driver fixes [1/6]
From: Frank Pavlic <fpavlic@de.ibm.com>
- Drop incoming packets with vlan_tag set
if card->vlangrp is not set.
- use always vlan_hwaccel_rx to pass
vlan frames to the stack.
- fix recovery problem. Device was recovered
properly but still not working.
netif_carrier_on call right before
recovery start fixes it.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:25:19 +0000 (16:25 +0200)]
[PATCH] s390: netiucv driver fixes
[PATCH 2/9] s390: netiucv driver fixes
From: Frank Pavlic <fpavlic@de.ibm.com>
- missing lock initialization added
- avoid duplicate iucv-interfaces to the same peer
- rw-lock added for manipulating the list of
defined iucv connections
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Frank Pavlic [Fri, 15 Sep 2006 14:25:03 +0000 (16:25 +0200)]
[PATCH] s390: minor s390 network driver fixes
Hi Jeff,
this is a RESEND of the nine s390 network driver patches.
I finally found that my kmail corrupted almost every patch
I sent the last time. Please apply these 9 patches and forget
about my first attempt! Sorry for the delay, I had some fights
with sendmail, IMAP and mutt configuration.
Frank
[RESEND PATCH 1/9] s390: minor s390 network driver fixes
From: Frank Pavlic <fpavlic@de.ibm.com>
- iucv driver:
use do { } while (0) constructs
instead of empty defines to avoid compile bugs.
- ctc driver:
missing lock initialization added
- lcs driver:
BUG_ON usage was removed accidently
with the last lcs patch.
Put them back in place.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
RDMA/cma: Increase the IB CM retry count in CMA
IPoIB: Retry failed send-only multicast group joins
IB/srp: Don't schedule reconnect from srp
[PATCH] JFFS2: SUMMARY: fix a summary collecting bug
In some special case (padding because of sync or umount) it can be possible
that summary information is not fit to the end of the erase block. In
these cases the collecting of summary is disabled for this erase block.
The problem was that this was not respected by jffs2_sum_add_kvec(). This
patch fix this bug.
Signed-off-by: Ferenc Havasi <havasi@inf.u-szeged.hu> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ext3-get-blocks support caused ~20% degrade in Sequential read
performance (tiobench). Problem is with marking the buffer boundary
so IO can be submitted right away. Here is the patch to fix it.
2.6.18-rc6:
-----------
# ./iotest 1048576+0 records in 1048576+0 records out 4294967296 bytes (4.3 GB) copied, 75.2726 seconds, 57.1 MB/s
real 1m15.285s
user 0m0.276s
sys 0m3.884s
2.6.18-rc6 + fix:
-----------------
[root@elm3a241 ~]# ./iotest 1048576+0 records in 1048576+0 records out 4294967296 bytes (4.3 GB) copied, 62.9356 seconds, 68.2 MB/s
The boundary block check in ext3_get_blocks_handle needs to be adjusted
against the count of blocks mapped in this call, now that it can map
more than one block.
Kenneth Lee [Sat, 16 Sep 2006 19:15:55 +0000 (12:15 -0700)]
[PATCH] bug fix in kernel/kmod.c
I think there is a bug in kmod.c: In __call_usermodehelper(), when
kernel_thread(wait_for_helper, ...) return success, since wait_for_helper()
might call complete() at any time, the sub_info should not be used any
more.
Normally wait_for_helper() take a long time to finish, you may not get
problem for most of the case. But if you remove /sbin/modprobe, it may
become easier for you to get a oop in khelper.
Cc: Matt Helsley <matthltc@us.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Woodhouse [Sat, 16 Sep 2006 19:15:55 +0000 (12:15 -0700)]
[PATCH] headers_check: use a different default directory
`make headers_check' wants to go and write stuff in /lib/modules, which
requires root, whic is unfortunate.
In fact, there's no _particular_ reason for headers_install to put it there
either -- it can go into a subdirectory of the build tree in both cases.
It's not intended to go directly into /usr/include, which is why we didn't
put it there -- and we certainly don't want people screwing around with
symlinking to it. It's for distributors to take away and do stuff with, so
leaving it in $(objtree) is fine, even in the headers_install case.
I picked $(objtree)/usr/include but I have no _particular_ preference
for that; it just seemed reasonable.
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>