Junio C Hamano [Mon, 9 Jul 2007 21:17:57 +0000 (23:17 +0200)]
ide_in_drive_list(): "ALL" is not a wildcard anymore
This removes the support to treat "ALL" as a wildcard for
firmware revision. This is made a separate patch, as it will
break out-of-tree ide drivers that feed its own table that uses
"ALL" as the wildcard to ide_in_drive_list().
Signed-off-by: Junio C Hamano <junkio@cox.net> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Junio C Hamano [Mon, 9 Jul 2007 21:17:56 +0000 (23:17 +0200)]
mips au1xxx_ide.h: use NULL as firmware-revision wildcard
This updates the DMA whitelist in MIPS specific au1xxx ide
driver to use NULL instead of "ALL" as the wildcard.
Signed-off-by: Junio C Hamano <junkio@cox.net> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Junio C Hamano [Mon, 9 Jul 2007 21:17:56 +0000 (23:17 +0200)]
ide_in_drive_list(): accept NULL as the wildcard for firmware revision
Earlier, the matching of (model,rev) in ide-dma black/white list
handling was to consider "ALL" in the table to match any
revision. This makes NULL to be also an accepted wildcard, and
changes the entries of tables in ide-dma.c to use NULL.
The code still accepts "ALL" as the wildcard, in order to keep
any out-of-tree ide driver that feeds its own table that uses
"ALL" as the wildcard to ide_in_drive_list() function from
breaking.
Signed-off-by: Junio C Hamano <junkio@cox.net> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Mon, 9 Jul 2007 21:17:56 +0000 (23:17 +0200)]
aec62xx: remove init_dma() method (take 2)
Get rid of the init_dma() method (which had no particular reason to exist) by
folding it into the init_hwif() method. While at it, also perform some cleanup
in the latter method:
- get rid of the useless clearing of hwif->autodma;
- fold the serialization code into one 'if' statement;
- fold setting the drives' 'autotune' and 'autodma' fields into the single
statements...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Mon, 9 Jul 2007 21:17:55 +0000 (23:17 +0200)]
cmd64x: init. code cleanup
Fix two minor issues with PCI0646 chip reporting in the init_chipset() method:
"IRQ workaround enabled" message printed out not only for revision 0x01 and
"CMD646: chipset revision" printed twice (by IDE core and the driver itself).
Also, remove empty/pointless switch cases for the chips other than PCI0646,
duplicate write to the MRDMODE register when enabling interrupts and MEMORY
READ LINE cycles, and needless/misplaced initialization of the timing registers
in this method.
Switch to reading only the PCI revision ID register itself, not the whole 32
bits at its address in init_chipset() and init_hwif() methods; in addition,
get rid of the useless clearing of hwif->autodma and perform some cosmetic
style changes in the latter method.
Refactor ata66_cmd64x() by moving all the code into the 'switch' statement,
renaming/adding variables, and fixing the coding style.
While at it, finally get rid of the meaningless aliasing register #define's...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Mon, 9 Jul 2007 21:17:55 +0000 (23:17 +0200)]
hpt366: simplify UltraDMA filtering (take 4)
Simplify UltraDMA mode filtering in the driver:
- make use of the newly introduced 'udma_mask' field of 'ide_pci_device_t' to
set the correct hwif->ultra_mask, modifying init_setup_hpt366() to select
the correct mask based on the chip revision;
- replace 'max_mode' field of the 'struct hpt_info' with 'max_ultra' specifying
the maximum UltraDMA mode allowed;
- rewrite hpt3xx_udma_filter() to differ the filters based on the 'chip_type'
field, and only use it for HPT366 and HPT370[A] where it's really necessary.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Mon, 9 Jul 2007 21:17:54 +0000 (23:17 +0200)]
ide: make void and rename ide_dma_timeout() method
Since ide_dma_timeout() method's result is discarded, make it return 'void'.
While at it, drop 'ide_' from the method's name, drop the '__' prefix from
the default method's name, and do some cleanups in this method driver-wise:
- in ide-dma.c, au1xxx-ide.c, and pdc202xx_old.c, define/use 'hwif' variable;
- in au1xxx-ide.c, get rid of commented out printk();
- in sl82c105.c, get rid of unnecessary variables.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sergei Shtylyov [Mon, 9 Jul 2007 21:17:54 +0000 (23:17 +0200)]
ide: make void and rename ide_dma_lostirq() method
Since ide_dma_lostirq() method's result is discarded, make it return 'void'.
While at it, rename the method to dma_lost_irq(), drop the '__' prefix from the
default method's name, and do some cleanups in this method driver-wise:
- in aec62xx.c, rename the method in accordance with other drivers, and get rid
of unnecessary variables there;
- in pdc202xx_old.c, define/use 'hwif' variable;
- in sgiioc4.c, rearrange the code to call the resetproc() method directly.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Switch the driver to always program DMA/PIO timings and set device transfer
mode instead of trusting BIOS on CSB6 controllers (libata pata_serverworks.c
driver is also doing things this way and there were no problems reported so
far). While doing conversion I noticed that the old code had many issues:
* the code was assuming that hwif->dma_status is always valid
(which obviously isn't true if hwif->dma_base == NULL)
* value of "(ultra_timing >> (4*unit)) & ~(0xF0)" expression wasn't checked
to fit into udma_modes[5]
* code validating DMA timings didn't validate corresponding PIO timings
* extra CSB5 PIO register wasn't validated et all
* hwif->ide_dma_off_quietly() is always called before ide_set_dma() (which in
turn calls hwif->speedproc() method - svwks_tune_chipset() in this case)
so the code depending on DMA capable bit of DMA status to be set was never
executed (=> the code was never validating DMA timings despite actually
enabling DMA if the PIO timings were OK!)
* on resume driver dependend entirely on BIOS to restore timings and set
transfer mode on the device
While at it:
There is no need to read PIO/MWDMA timings now so don't do it.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6:
JFS: Update print_hex_dump() syntax
JFS: use print_hex_dump() rather than private dump_mem() function
JFS: Whitespace cleanup and remove some dead code
add credits for recent major scheduler contributions:
Con Kolivas, for pioneering the fair-scheduling approach
Peter Williams, for smpnice
Mike Galbraith, for interactivity tuning of CFS
Srivatsa Vaddagiri, for group scheduling enhancements
the Linux scheduler is starving a number of workloads. So default
to more agressive idle-balancing. This hurts lmbench context-switching
numbers (which was the main reason we sucked at idle-balancing for
such a long time) but the lmbench numbers are fine once the system is
minimally utilized.
do not set softirqs to nice +19. _If_ for whatever reason
we missed to process some high-prio softirq and woke up
ksoftirqd, we should give it a fair chance to actually
get some work done, even if the system is under load.
sched: clean up fastcall uses of sched_fork()/sched_exit()
sched_fork()/sched_exit() does not need to specify fastcall anymore,
as the x86 kernel defaults to regparm3, and no assembly code calls
these functions.
track TSC-unstable events and propagate it to the scheduler code.
Also allow sched_clock() to be used when the TSC is unstable,
the rq_clock() wrapper creates a reliable clock out of it.
this change switches over the scheduler core to CFS's modular
design and makes use of kernel/sched_fair/rt/idletask.c to implement
Linux's scheduling policies.
thanks to Andrew Morton and Thomas Gleixner for lots of detailed review
feedback and for fixlets.
remove the sleep_type heuristics from the core scheduler - scheduling
policy is implemented in the scheduling-policy modules. (and CFS does
not use this type of sleep-type heuristics)
add rq_clock()/__rq_clock(), a robust wrapper around sched_clock(),
used by CFS. It protects against common type of sched_clock() problems
(caused by hardware): time warps forwards and backwards.
add kernel/sched_idletask.c - which implements the idle thread
scheduling class. This further simplifies sched.c (under CFS),
for example a number of 'if (p == rq->idle)' type of special-cases
can be removed from sched.c, and schedule() gets simpler too.
add the init_idle_bootup_task() callback to the bootup thread,
unused at the moment. (CFS will use it to switch the scheduling
class of the boot thread to the idle class)
sched: zap the migration init / cache-hot balancing code
the SMP load-balancer uses the boot-time migration-cost estimation
code to attempt to improve the quality of balancing. The reason for
this code is that the discrete priority queues do not preserve
the order of scheduling accurately, so the load-balancer skips
tasks that were running on a CPU 'recently'.
this code is fundamental fragile: the boot-time migration cost detector
doesnt really work on systems that had large L3 caches, it caused boot
delays on large systems and the whole cache-hot concept made the
balancing code pretty undeterministic as well.
(and hey, i wrote most of it, so i can say it out loud that it sucks ;-)
under CFS the same purpose of cache affinity can be achieved without
any special cache-hot special-case: tasks are sorted in the 'timeline'
tree and the SMP balancer picks tasks from the left side of the
tree, thus the most cache-cold task is balanced automatically.
enum idle_type (used by the load-balancer) clashes with the
SCHED_IDLE name that we want to introduce. 'CPU_IDLE' instead
of 'SCHED_IDLE' is more descriptive as well.
Fix permission checking for the new utimensat() system call
Commit 1c710c896eb461895d3c399e15bb5f20b39c9073 added the utimensat()
system call, but didn't handle the case of checking for the writability
of the target right, when the target was a file descriptor, not a
filename.
We cannot use vfs_permission(MAY_WRITE) for that case, and need to
simply check whether the file descriptor is writable. The oops from
using the wrong function was noticed and narrowed down by Markus
Trippelsdorf.
Cc: Ulrich Drepper <drepper@redhat.com> Cc: Markus Trippelsdorf <markus@trippelsdorf.de> Cc: Andrew Morton <akpm@linux-foundation.org> Acked-by: Al Viro <viro@ftp.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
PIO4 is a maximum PIO mode supported by a driver. Using "255" as a max_mode
argument to ide_get_best_pio_mode() could result in wrong timings being used
by a driver (for "pio" equal to 5) or OOPS (for "pio" values > 5 && < 255).
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Reviewed-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
If the chipset is using this PCI-ID, the primary channel is connected to the
first PATA-port. The secondary channel is connected to SATA-ports in IDE
emulation mode. The legacy IO-ports are used.
The including of the PCI-ID into pata_sis is not sufficient, because the legacy
driver in drivers/ide is initialized before pata_sis.
Adrian Bunk [Sat, 7 Jul 2007 04:14:02 +0000 (06:14 +0200)]
DLM must depend on SYSFS
The dependency of DLM on SYSFS got lost in
commit 6ed7257b46709e87d79ac2b6b819b7e0c9184998 resulting in the
following compile error with CONFIG_DLM=y, CONFIG_SYSFS=n:
<-- snip -->
...
LD .tmp_vmlinux1
fs/built-in.o: In function `dlm_lockspace_init':
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/fs/dlm/lockspace.c:231: undefined reference to `kernel_subsys'
fs/built-in.o: In function `configfs_init':
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/fs/configfs/mount.c:143: undefined reference to `kernel_subsys'
make[1]: *** [.tmp_vmlinux1] Error 1
<-- snip -->
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Adrian Bunk [Fri, 6 Jul 2007 22:54:09 +0000 (00:54 +0200)]
include/linux/kallsyms.h must #include <linux/errno.h>
This patch fixes the following 2.6.22 regression with CONFIG_KALLSYMS=n:
<-- snip -->
...
CC arch/m32r/kernel/traps.o
In file included from /home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/arch/m32r/kernel/traps.c:14:
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h: In function 'lookup_symbol_name':
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h:66: error: 'ERANGE' undeclared (first use in this function)
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h:66: error: (Each undeclared identifier is reported only once
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h:66: error: for each function it appears in.)
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h: In function 'lookup_symbol_attrs':
/home/bunk/linux/kernel-2.6/linux-2.6.22-rc6-mm1/include/linux/kallsyms.h:71: error: 'ERANGE' undeclared (first use in this function)
make[2]: *** [arch/m32r/kernel/traps.o] Error 1
<-- snip -->
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Woodhouse [Sat, 7 Jul 2007 18:58:39 +0000 (14:58 -0400)]
Fix use-after-free oops in Bluetooth HID.
When cleaning up HIDP sessions, we currently close the ACL connection
before deregistering the input device. Closing the ACL connection
schedules a workqueue to remove the associated objects from sysfs, but
the input device still refers to them -- and if the workqueue happens to
run before the input device removal, the kernel will oops when trying to
look up PHYSDEVPATH for the removed input device.
Fix this by deregistering the input device before closing the
connections.
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NETPOLL]: Fixups for 'fix soft lockup when removing module'
[NET]: net/core/netevent.c should #include <net/netevent.h>
[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
[NET] skbuff: remove export of static symbol
SCTP: Add scope_id validation for link-local binds
SCTP: Check to make sure file is valid before setting timeout
SCTP: Fix thinko in sctp_copy_laddrs()
He correctly updated many of the function definitions that were using this
extra regs pointer parameter but forgot to update some caller sites of
those functions. The reason the modifications was not properly done on all
drivers is that some drivers were rarely compiled because they are for
AMIGA, or that some code sites were inside #ifdefs where the option is not
set or inside #if 0.
Here is the semantic patch that found the occurences
and fixed the problem.
arch/i386/kernel/built-in.o(.init.text+0x4fa9): In function `acpi_parse_madt':
: undefined reference to `acpi_madt_oem_check'
arch/i386/kernel/built-in.o(.init.text+0x7406): In function `smp_read_mpc':
: undefined reference to `mps_oem_check'
arch/i386/kernel/built-in.o(.init.text+0x8990): In function
`connect_bsp_APIC':
: undefined reference to `enable_apic_mode'
make: *** [.tmp_vmlinux1] Error 1
o Fix the build issue. Provided the definitions of missing functions.
o Don't have ES7000 machine. Only compile tested.
Cc: Len Brown <lenb@kernel.org> Cc: Natalie Protasevich <protasnb@gmail.com> Cc: Roland Dreier <rolandd@cisco.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
PNP SMCf010 quirk: work around Toshiba Portege 4000 ACPI issues
When we enable the SMCf010 IR device, the Toshiba Portege 4000 BIOS claims
the device is working, but it really isn't configured correctly. The BIOS
*will* configure it, but only if we call _SRS after (1) reversing the order
of the SIR and FIR I/O port regions and (2) changing the IRQ from
active-high to active-low.
This patch addresses the 2.6.22 regression:
"no irda0 interface (2.6.21 was OK), smsc does not find chip"
I tested this on a Portege 4000. The smsc-ircc2 driver correctly detects
the device, and "irattach irda0 -s && irdadump" shows transmitted and
received packets.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Cc: Andrey Borzenkov <arvidjaar@mail.ru> Cc: Samuel Ortiz <samuel@sortiz.org> Cc: "Linus Walleij (LD/EAB)" <linus.walleij@ericsson.com> Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Cc: Adam Belay <ambx1@neo.rr.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Woodhouse [Fri, 6 Jul 2007 09:39:52 +0000 (02:39 -0700)]
x86_64: fix headers_install
A bug in headers_install for ARCH=x86_64 yields an asm/ directory full of
files all of which are using the same #ifdef guard, "__ASM_STUB_" with no
postfix. So the second and later asm files #included in the same C file
(often through standard headers like ioctl.h) yields no symbols.
Strangeness with the Ubuntu 'tell me if I support something that's not
explcitly mentioned in POSIX, and I'll strip it out' shell, I believe.
We don't need the 'export' but we do need a semicolon at the end of the
FNAME line:
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Rob Landley <rob@landley.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MTRR: Fix race causing set_mtrr to go into infinite loop
Processors synchronization in set_mtrr requires the .gate field to be set
after .count field is properly initialized. Without an explicit barrier,
the compiler was reordering those memory stores. That was sometimes
causing a processor (in ipi_handler) to see the .gate change and decrement
.count before the latter is set by set_mtrr() (which then hangs in a
infinite loop with irqs disabled).
Jason Wessel [Fri, 6 Jul 2007 09:39:50 +0000 (02:39 -0700)]
i386: fix regression, endless loop in ptrace singlestep over an int80
The commit 635cf99a80f4ebee59d70eb64bb85ce829e4591f introduced a
regression. Executing a ptrace single step after certain int80
accesses will infinitely loop and never advance the PC.
The TIF_SINGLESTEP check should be done on the return from the syscall
and not before it.
I loops on each single step on the pop right after the int80 which writes out
to the console. At that point you can issue as many single steps as you want
and it will not advance any further.
The test case is below:
/* Test whether singlestep through an int80 syscall works.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
#include <sys/mman.h>
#include <asm/user.h>
#include <string.h>
static int child, status;
static struct user_regs_struct regs;
Fix elf_core_dump() when writing arch specific notes (spu coredumps)
elf_core_dump() supports dumping arch specific ELF notes, via the #define
ELF_CORE_WRITE_EXTRA_NOTES. Currently the only user of this is the powerpc
spu coredump code.
There is a bug in the handling of foffset WRT the arch notes, which causes
us to erroneously increment foffset by the size of the arch notes, leaving
a block of zeroes in the file, and causing all subsequent data in the file
to be at <supposed position> + <arch note size>. eg:
LOAD 0x050000 0x00100000 0x00000000 0x20000 0x20000 R E 0x10000
Tells us we should have a chunk of data at 0x50000. The truth is the data
is at 0x90dbc = 0x50000 + 0x40dbc (the size of the arch notes).
This bug prevents gdb from reading the core file correctly.
The simplest fix is to simply remember the size of the arch notes, and add
it to foffset after we've written the arch notes. The only drawback is
that if the arch code doesn't write as many bytes as it said it would, we
end up with a broken core dump again. For now I think that's a reasonable
requirement.
Tested on a Cell blade, gdb no longer complains about the core file being
bogus.
While I'm here I should point out that the spu coredump code does not work
if we're dumping to a pipe - we'll have to wait for 23 to fix that.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ralf Baechle [Wed, 20 Jun 2007 23:22:34 +0000 (00:22 +0100)]
[MIPS] Fix scheduling latency issue on 24K, 34K and 74K cores
The idle loop goes to sleep using the WAIT instruction if !need_resched().
This has is suffering from from a race condition that if if just after
need_resched has returned 0 an interrupt might set TIF_NEED_RESCHED but
we've just completed the test so go to sleep anyway. This would be
trivial to fix by just disabling interrupts during that sequence as in:
local_irq_disable();
if (!need_resched())
__asm__("wait");
local_irq_enable();
but the processor architecture leaves it undefined if a processor calling
WAIT with interrupts disabled will ever restart its pipeline and indeed
some processors have made use of the freedom provided by the architecture
definition. This has been resolved and the Config7.WII bit indicates that
the use of WAIT is safe on 24K, 24KE and 34K cores. It also is safe on
74K starting revision 2.1.0 so enable the use of WAIT with interrupts
disabled for 74K based on a c0_prid of at least that.
Older processors used to encode processor version and revision in two
4-bit bitfields, the 4K seems to simply count up and even newer MTI cores
have switched to use the 8-bits as 3:3:2 bitfield with the last field as
the patch number.
The RM7000 processors and the E9000 cores have a bug (though PMC-Sierra
opposes it being called that) where invalid instructions in the same
I-cache line worth of instructions being fetched may case spurious
exceptions.
The workaround for this was only enabled for E9000 cores; enable it also
for all RM7000-based platforms.
[NETPOLL]: Fixups for 'fix soft lockup when removing module'
>From my recent patch:
> > #1
> > Until kernel ver. 2.6.21 (including) cancel_rearming_delayed_work()
> > required a work function should always (unconditionally) rearm with
> > delay > 0 - otherwise it would endlessly loop. This patch replaces
> > this function with cancel_delayed_work(). Later kernel versions don't
> > require this, so here it's only for uniformity.
But Oleg Nesterov <oleg@tv-sign.ru> found:
> But 2.6.22 doesn't need this change, why it was merged?
>
> In fact, I suspect this change adds a race,
...
His description was right (thanks), so this patch reverts #1.
Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
Choices' index values may be out of range while still encoded in the fixed
length bit-field. This bug may cause access to undefined types (NULL
pointers) and thus crashes (Reported by Zhongling Wen).
This patch also adds checking of decode flag when decoding SEQUENCEs.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
SCTP: Add scope_id validation for link-local binds
SCTP currently permits users to bind to link-local addresses,
but doesn't verify that the scope id specified at bind matches
the interface that the address is configured on. It was report
that this can hang a system.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>