Loading the crypto algorithm by the alias instead of by module directly
has the advantage that all possible implementations of this algorithm
are loaded automatically and the crypto API can choose the best one
depending on its priority.
Additionally it ensures that the generic implementation as well as the
HW driver (if available) is loaded in case the HW driver needs the
generic version as fallback in corner cases.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Loading the crypto algorithm by the alias instead of by module directly
has the advantage that all possible implementations of this algorithm
are loaded automatically and the crypto API can choose the best one
depending on its priority.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the helper blkcipher_walk_virt_block which is similar to
blkcipher_walk_virt but uses a supplied block size instead of the block
size of the block cipher. This is useful for CTR where the block size is
1 but we still want to walk by the block size of the underlying cipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 4 Oct 2007 06:49:00 +0000 (14:49 +0800)]
[CRYPTO] blkcipher: Increase kmalloc amount to aligned block size
Now that the block size is no longer a multiple of the alignment, we need to
increase the kmalloc amount in blkcipher_next_slow to use the aligned block
size.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 2 Oct 2007 14:27:29 +0000 (22:27 +0800)]
[CRYPTO] api: Explain the comparison on larval cra_name
This patch adds a comment to explain why we compare the cra_driver_name of
the algorithm being registered against the cra_name of a larval as opposed
to the cra_driver_name of the larval.
In fact larvals have only one name, cra_name which is the name that was
requested by the user. The test here is simply trying to find out whether
the algorithm being registered can or can not satisfy the larval.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 29 Sep 2007 13:24:23 +0000 (21:24 +0800)]
[CRYPTO] blkcipher: Remove alignment restriction on block size
Previously we assumed for convenience that the block size is a multiple of
the algorithm's required alignment. With the pending addition of CTR this
will no longer be the case as the block size will be 1 due to it being a
stream cipher. However, the alignment requirement will be that of the
underlying implementation which will most likely be greater than 1.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Rik Snel [Wed, 19 Sep 2007 12:23:13 +0000 (20:23 +0800)]
[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks
XTS currently considered to be the successor of the LRW mode by the IEEE1619
workgroup. LRW was discarded, because it was not secure if the encyption key
itself is encrypted with LRW.
XTS does not have this problem. The implementation is pretty straightforward,
a new function was added to gf128mul to handle GF(128) elements in ble format.
Four testvectors from the specification
http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
were added, and they verify on my system.
Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 1 Sep 2007 08:52:13 +0000 (16:52 +0800)]
[CRYPTO] api: Kill crypto_km_types
When scatterwalk is built as a module digest.c was broken because it
requires the crypto_km_types structure which is in scatterwalk. This
patch removes the crypto_km_types structure by encoding the logic into
crypto_kmap_type directly.
In fact, this even saves a few bytes of code (not to mention the data
structure itself) on i386 which is about the only place where it's
needed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 30 Aug 2007 08:24:15 +0000 (16:24 +0800)]
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the function scatterwalk_map_and_copy which reads or
writes a chunk of data from a scatterlist at a given offset. It will
be used by authenc which would read/write the authentication data at
the end of the cipher/plain text.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 26 Aug 2007 11:12:47 +0000 (19:12 +0800)]
[CRYPTO] ablkcipher: Remove queue pointer from common alg object
Since not everyone needs a queue pointer and those who need it can
always get it from the context anyway the queue pointer in the
common alg object is redundant.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Wed, 29 Aug 2007 11:27:26 +0000 (19:27 +0800)]
[CRYPTO] api: Add support for multiple template parameters
This patch adds support for having multiple parameters to
a template, separated by a comma. It also adds support
for integer parameters in addition to the current algorithm
parameter type.
This will be used by the authenc template which will have
four parameters: the authentication algorithm, the encryption
algorithm, the authentication size and the encryption key
length.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 30 Aug 2007 07:36:14 +0000 (15:36 +0800)]
[CRYPTO] api: Add aead crypto type
This patch adds crypto_aead which is the interface for AEAD
(Authenticated Encryption with Associated Data) algorithms.
AEAD algorithms perform authentication and encryption in one
step. Traditionally users (such as IPsec) would use two
different crypto algorithms to perform these. With AEAD
this comes down to one algorithm and one operation.
Of course if traditional algorithms were used we'd still
be doing two operations underneath. However, real AEAD
algorithms may allow the underlying operations to be
optimised as well.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This is function does the same thing for ablkcipher that is done for
blkcipher by crypto_blkcipher_ctx_aligned(): it returns an aligned
address of the private ctx.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Pavel Emelyanov [Wed, 10 Oct 2007 09:28:42 +0000 (02:28 -0700)]
[FS] seq_file: Introduce the seq_open_private()
This function allocates the zeroed chunk of memory and
call seq_open(). The __seq_open_private() helper returns
the allocated memory to make it possible for the caller
to initialize it.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Roland Dreier [Tue, 9 Oct 2007 22:48:56 +0000 (15:48 -0700)]
ibm_emac: Convert to use napi_struct independent of struct net_device
Commit da3dedd9 ("[NET]: Make NAPI polling independent of struct
net_device objects.") changed the interface to NAPI polling. Fix up
the ibm_newemac driver so that it works with this new interface. This
is actually a nice cleanup because ibm_newemac is one of the drivers
that wants to have multiple NAPI structures for a single net_device.
Compile-tested only as I don't have a system that uses the ibm_newemac
driver. This conversion the conversion for the ibm_emac driver that
was tested on real PowerPC 440SPe hardware.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Roland Dreier [Tue, 9 Oct 2007 22:47:37 +0000 (15:47 -0700)]
ibm_emac: Convert to use napi_struct independent of struct net_device
Commit da3dedd9 ("[NET]: Make NAPI polling independent of struct
net_device objects.") changed the interface to NAPI polling. Fix up
the ibm_emac driver so that it works with this new interface. This is
actually a nice cleanup because ibm_emac is one of the drivers that
wants to have multiple NAPI structures for a single net_device.
Tested with the internal MAC of a PowerPC 440SPe SoC with an AMCC
'Yucca' evaluation board.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Roland Dreier [Tue, 9 Oct 2007 22:46:13 +0000 (15:46 -0700)]
IPoIB: Fix unused variable warning
The conversion to use netdevice internal stats left an unused variable
in ipoib_neigh_free(), since there's no longer any reason to get
netdev_priv() in order to increment dropped packets. Delete the
unused priv variable.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Mark Brown [Tue, 9 Oct 2007 21:57:39 +0000 (22:57 +0100)]
natsemi: Use NATSEMI_TIMER_FREQ consistently
The natsemi driver has a define NATSEMI_TIMER_FREQ which looks like it
controls the normal frequency of the chip poll timer but in fact only
takes effect for the first run of the timer. Adjust the value of the
define to match that used by the timer and use the define consistently.
Signed-off-by: Mark Brown <broonie@sirena.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Fri, 5 Oct 2007 22:22:02 +0000 (15:22 -0700)]
e1000e: restore flow control settings properly
After a cable unplug the forced flow control settings were lost
accidentally and the flow control settings fell back to the default
EEPROM determined values. This breaks for people who want to
run without fc enabled - after a cable reset the driver would
refuse to run with fc disabled.
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Mattias Nissler [Sun, 7 Oct 2007 14:35:31 +0000 (16:35 +0200)]
[PATCH] mac80211: Defer setting of RX_FLAG_DECRYPTED.
The decryption handlers will skip the frame if the RX_FLAG_DECRYPTED
flag is set, so the early flag setting introduced by Johannes breaks
decryption. To work around this, call the handlers first and then set
the flag.
Signed-off-by: Mattias Nissler <mattias.nissler@gmx.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
[PATCH] ieee80211_if_set_type: make check for master dev more explicit
Problem description by Daniel Drake <dsd@gentoo.org>:
"This sequence of events causes loss of connectivity:
<plug in>
<associate as normal in managed mode>
ifconfig eth7 down
iwconfig eth7 mode monitor
ifconfig eth7 up
ifconfig eth7 down
iwconfig eth7 mode managed
<associate as normal>
At this point you are associated but TX does not work. This is because
the eth7 hard_start_xmit is still ieee80211_monitor_start_xmit."
The problem is caused by ieee80211_if_set_type checking for a non-zero
hard_start_xmit pointer value in order to avoid changing that value for
master devices. The fix is to make that check more explicitly linked to
master devices rather than simply checking if the value has been
previously set.
CC: Daniel Drake <dsd@gentoo.org> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Holger Schurig [Tue, 9 Oct 2007 13:04:14 +0000 (15:04 +0200)]
[PATCH] libertas: let get nick return what set nick has set
Make the get-nickname wireless extension actually work. Before
this patch, I could do "iwconfig eth1 nick BLAH" but "iwconfig
eth1" would have still showed "MRVL-USB8388" to me. Hey, and that
was wrong anyway, I'm on a CF card, not on USB :-)
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Acked-By: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Holger Schurig [Tue, 9 Oct 2007 12:15:19 +0000 (14:15 +0200)]
[PATCH] libertas: clean up scan debug messages
* make scan debug output cleaner
* change some LBS_DEB_ASSOC messages to LBS_DEB_SCAN, which is more correct
* move helper functions together
* print function return value in the tracing code at one central location
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Acked-By: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
[PATCH] libertas link error due to gcc `smartness'
Some versions of gcc replace strstr() calls with a single-character `needle'
parameter by strchr() behind our back. This causes a link error if strchr() is
defined as an inline function in <asm/string.h> (e.g. on m68k):
| drivers/built-in.o: In function `libertas_parse_chan':
| linux/drivers/net/wireless/libertas/debugfs.c:209: undefined reference to `strchr'
| drivers/built-in.o: In function `libertas_parse_ssid':
| linux/drivers/net/wireless/libertas/debugfs.c:260: undefined reference to `strchr'
Avoid this by explicitly calling strchr() instead.
Also include <linux/string.h>, because this file calls lots of str*() routines.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-By: Holger Schurig <hs4233@mail.mn-solutions.de> Acked-By: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Holger Schurig [Mon, 8 Oct 2007 09:07:27 +0000 (11:07 +0200)]
[PATCH] libertas: fix u8 constant
Don't write constants that are (per documentation and struct) u8
as 0x0001, use 0x01 instead. Also remove an useless cast.
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Acked-By: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Williams [Wed, 3 Oct 2007 14:37:45 +0000 (10:37 -0400)]
[PATCH] libertas: problems setting wpa keys
The 88w8385 chip, using SDIO interface and firmware release 5.0.11p0,
has problems when both unicast and multicast WPA keys are set in one
command. This patch ensures the keys are set independently.
The original author of this patch is Marc Pignat <marc.pignat@hevs.ch>
Signed-off-by: Marc Pignat <marc.pignat@hevs.ch> Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:18:00 +0000 (14:18 +0200)]
[PATCH] rt2x00: Clean disabling of rt73usb_get_tsf
By defining rt73usb_get_tsf to NULL we only
have 1 location that needs to be edited
when rt73usb_get_tsf can be enabled again.
This also reduces the number of #ifdefs in
the code which is also a "good thing"
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 11:34:52 +0000 (13:34 +0200)]
[PATCH] rt2x00: Reorganize configuration handler
Reorganize configuration handling by creating a extra
structure which contains precalculated values based
on the mac80211 values which are usefull for all
individual drivers.
This also fixes the preamble configuration problem,
up untill now preamble was never configured since
by default the rate->val value was used when changing
the mode.
Now rate->val will only be used to set the basic rate mask.
The preamble configuration will now be done correctly
through the erp_ie_changed callback function.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:16:09 +0000 (14:16 +0200)]
[PATCH] rt2x00: Pass dev_state to rt2x00lib_toggle_rx
Directly pass a value from the enum dev_state with rt2x00lib_toggle_rx,
this will save us a ? : statement, and it is clearer then passing a 1 0
argument.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:15:46 +0000 (14:15 +0200)]
[PATCH] rt2x00: Add get_tx_data_len callback function
The TX datalen must always be converted to a value rt73 and rt2500usb
understand. Both require to use a different size then skb->len.
First off this is required because the descriptor must be added,
but the second is because the value must be a multiple of either 2 or 4,
and it should not be a multiple of the USB packetmax
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:14:29 +0000 (14:14 +0200)]
[PATCH] rt2x00: Move TSF sync values into rt2x00config
All drivers use the same values for TSF sync,
this will move the value determination into rt2x00config.c,
and the definition for the values to rt2x00reg.h
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:14:06 +0000 (14:14 +0200)]
[PATCH] rt2x00: Fix rfkill handling
As reported by Modestas Vainius, enabling rkfill in 1 driver and
disabling it in a second could cause a NULL pointer exception when
the rfkill-disabled driver still sets the CONFIG_SUPPORT_HW_BUTTON flag.
Furthermore, rfkill expects the timeout as a value in milliseconds
instead of jiffies. Also increase the timeout to a second,
since this 250ms would be overkill.
Also the flag DEVICE_ENABLED_RADIO_HW is causing problems
for devices which do not support the hardware button
while rfkill is enabled in the driver.
To remidy this we should inverse the flag and its meaning,
rename the flag to DEVICE_DISABLED_RADIO_HW this means that
by default the radio is enabled by the hardware button (if present)
and can only be disabled explicitely.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:13:38 +0000 (14:13 +0200)]
[PATCH] rt2x00: Don't use changed_flags inside configure_packet_filter
We shouldn't use changed_flags when configuring the packet filter,
we work directly with the total_flags which is safe enough since
we already check if something has changed after we applied our
packet filtering flag rules.
Also make sure that when the packet filter is scheduled, the
rt2x00dev->interface.filter is cleared to make sure the drivers
will update the packet filter instead of failing at the check:
*total_flags == rt2x00dev->interface.filter
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:13:06 +0000 (14:13 +0200)]
[PATCH] rt2x00: Move rt2x00dev flags into enumeration
By putting the flags into a enumeration we can
make it easier maintable since we don't have to
assign numbers for each flag. This makes it easier
to insert and remove flags.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:12:42 +0000 (14:12 +0200)]
[PATCH] rt2x00: Store "STARTED" state during suspend
Store the started state into a new flag DEVICE_STARTED_SUSPEND
and set this when suspending while the device was started.
We can't check for is_interface_present() since only mac80211
knows if there are monitor interfaces present.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:12:13 +0000 (14:12 +0200)]
[PATCH] rt2x00: Remove radio check from rt2x00lib_toggle_rx
Don't check if the radio is enabled in rt2x00lib_toggle_rx,
this is required since the link tuner should be disabled
when shutting down the device. The remaining calls inside the
rt2x00lib_toggle_rx handler should deliver no problems when
called while the radio is done.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Ivo van Doorn [Sat, 6 Oct 2007 12:11:46 +0000 (14:11 +0200)]
[PATCH] rt2x00: Remove duplicate code in MAC & BSSID handling
The various drivers contained duplicate code to handle the
MAC and BSSID initialization correctly. This moves the
address copy to little endian variables to rt2x00config.
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Williams [Tue, 9 Oct 2007 17:55:24 +0000 (13:55 -0400)]
[PATCH] ipw2200: batch non-user-requested scan result notifications
ipw2200 makes extensive use of background scanning when unassociated or
down. Unfortunately, the firmware sends scan completed events many
times per second, which the driver pushes directly up to userspace.
This needlessly wakes up processes listening for wireless events many
times per second. Batch together scan completed events for
non-user-requested scans and send them up to userspace every 4 seconds.
Scan completed events resulting from an SIOCSIWSCAN call are pushed up
without delay.
Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Herbert Xu [Tue, 9 Oct 2007 20:31:47 +0000 (13:31 -0700)]
[IPSEC]: Lock state when copying non-atomic fields to user-space
This patch adds locking so that when we're copying non-atomic fields such as
life-time or coaddr to user-space we don't get a partial result.
For af_key I've changed every instance of pfkey_xfrm_state2msg apart from
expiration notification to include the keys and life-times. This is in-line
with XFRM behaviour.
The actual cases affected are:
* pfkey_getspi: No change as we don't have any keys to copy.
* key_notify_sa:
+ ADD/UPD: This wouldn't work otherwise.
+ DEL: It can't hurt.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 20:30:57 +0000 (13:30 -0700)]
[XFRM] user: Move attribute copying code into copy_to_user_state_extra
Here's a good example of code duplication leading to code rot. The
notification patch did its own netlink message creation for xfrm states.
It duplicated code that was already in dump_one_state. Guess what, the
next time (and the time after) when someone updated dump_one_state the
notification path got zilch.
This patch moves that code from dump_one_state to copy_to_user_state_extra
and uses it in xfrm_notify_sa too. Unfortunately whoever updates this
still needs to update xfrm_sa_len since the notification path wants to
know the exact size for allocation.
At least I've added a comment saying so and if someone still forgest, we'll
have a WARN_ON telling us so.
I also changed the security size calculation to use xfrm_user_sec_ctx since
that's what we actually put into the skb. However it makes no practical
difference since it has the same size as xfrm_sec_ctx.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 20:29:52 +0000 (13:29 -0700)]
[IPSEC]: Move common code into xfrm_alloc_spi
This patch moves some common code that conceptually belongs to the xfrm core
from af_key/xfrm_user into xfrm_alloc_spi.
In particular, the spin lock on the state is now taken inside xfrm_alloc_spi.
Previously it also protected the construction of the response PF_KEY/XFRM
messages to user-space. This is inconsistent as other identical constructions
are not protected by the state lock. This is bad because they in fact should
be protected but only in certain spots (so as not to hold the lock for too
long which may cause packet drops).
The SPI byte order conversion has also been moved.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 20:27:27 +0000 (13:27 -0700)]
[IPSEC]: Remove gratuitous km wake-up events on ACQUIRE
There is no point in waking people up when creating/updating larval states
because they'll just go back to sleep again as larval states by definition
cannot be found by xfrm_state_find.
We should only wake them up when the larvals mature or die.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 20:25:59 +0000 (13:25 -0700)]
[IPSEC]: Store IPv6 nh pointer in mac_header on output
Current the x->mode->output functions store the IPv6 nh pointer in the
skb network header. This is inconvenient because the network header then
has to be fixed up before the packet can leave the IPsec stack. The mac
header field is unused on output so we can use that to store this instead.
This patch does that and removes the network header fix-up in xfrm_output.
It also uses ipv6_hdr where appropriate in the x->type->output functions.
There is also a minor clean-up in esp4 to make it use the same code as
esp6 to help any subsequent effort to merge the two.
Lastly it kills two redundant skb_set_* statements in BEET that were
simply copied over from transport mode.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 20:24:07 +0000 (13:24 -0700)]
[IPSEC]: Remove bogus ref count in xfrm_secpath_reject
Constructs of the form
xfrm_state_hold(x);
foo(x);
xfrm_state_put(x);
tend to be broken because foo is either synchronous where this is totally
unnecessary or if foo is asynchronous then the reference count is in the
wrong spot.
In the case of xfrm_secpath_reject, the function is synchronous and therefore
we should just kill the reference count.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Tue, 9 Oct 2007 20:02:17 +0000 (13:02 -0700)]
[NETNS]: Don't memset() netns to zero manually
The newly created net namespace is set to 0 with memset()
in setup_net(). The setup_net() is also called for the
init_net_ns(), which is zeroed naturally as a global var.
So remove this memset and allocate new nets with the
kmem_cache_zalloc().
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Benjamin Thery [Tue, 9 Oct 2007 03:39:36 +0000 (20:39 -0700)]
[IPv6]: use container_of() macro in fib6_clean_node()
In ip6_fib.c, fib6_clean_node() casts a fib6_walker_t pointer to
a fib6_cleaner_t pointer assuming a struct fib6_walker_t (field 'w')
is the first field in struct fib6_walker_t.
To prevent any future problems that may occur if one day a field
is inadvertently inserted before the 'w' field in struct fib6_cleaner_t,
(and to improve readability), this patch uses the container_of() macro.
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Tue, 9 Oct 2007 03:38:39 +0000 (20:38 -0700)]
[NETNS]: Move some code into __init section when CONFIG_NET_NS=n
With the net namespaces many code leaved the __init section,
thus making the kernel occupy more memory than it did before.
Since we have a config option that prohibits the namespace
creation, the functions that initialize/finalize some netns
stuff are simply not needed and can be freed after the boot.
Currently, this is almost not noticeable, since few calls
are no longer in __init, but when the namespaces will be
merged it will be possible to free more code. I propose to
use the __net_init, __net_exit and __net_initdata "attributes"
for functions/variables that are not used if the CONFIG_NET_NS
is not set to save more space in memory.
The exiting functions cannot just reside in the __exit section,
as noticed by David, since the init section will have
references on it and the compilation will fail due to modpost
checks. These references can exist, since the init namespace
never dies and the exit callbacks are never called. So I
introduce the __exit_refok attribute just like it is already
done with the __init_refok.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Ursula Braun [Tue, 9 Oct 2007 03:28:47 +0000 (20:28 -0700)]
[8021Q]: transfer dev_id from real device
A net_device struct provides field dev_id. It is used for
unique ipv6 generation in case of shared network cards
(as for the OSA network cards of IBM System z).
If VLAN devices are built on top of such shared network cards,
this dev_id information needs to be transferred to the VLAN device.
Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 00:25:53 +0000 (17:25 -0700)]
[IPSEC]: Move output replay code into xfrm_output
The replay counter is one of only two remaining things in the output code
that requires a lock on the xfrm state (the other being the crypto). This
patch moves it into the generic xfrm_output so we can remove the lock from
the transforms themselves.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 00:16:30 +0000 (17:16 -0700)]
[IPSEC]: Move common output code to xfrm_output
Most of the code in xfrm4_output_one and xfrm6_output_one are identical so
this patch moves them into a common xfrm_output function which will live
in net/xfrm.
In fact this would seem to fix a bug as on IPv4 we never reset the network
header after a transform which may upset netfilter later on.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 00:14:34 +0000 (17:14 -0700)]
[IPSEC] ah: Remove keys from ah_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Tue, 9 Oct 2007 00:13:44 +0000 (17:13 -0700)]
[IPSEC] esp: Remove keys from esp_data structure
The keys are only used during initialisation so we don't need to carry them
in esp_data. Since we don't have to allocate them again, there is no need
to place a limit on the authentication key length anymore.
This patch also kills the unused auth.icv member.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Ursula Braun [Mon, 8 Oct 2007 09:03:31 +0000 (02:03 -0700)]
[AF_IUCV]: postpone receival of iucv-packets
AF_IUCV socket programs may waste Linux storage, because af_iucv
allocates an skb whenever posted by the receive callback routine and
receives the message immediately.
Message receival is now postponed if data from previous callbacks has
not yet been transferred to the receiving socket program. Instead a
message handle is saved in a message queue as a reminder. Once
messages could be given to the receiving socket program, there is
an additional checking for entries in the message queue, followed
by skb allocation and message receival if applicable.
Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Heiko Carstens [Mon, 8 Oct 2007 09:02:52 +0000 (02:02 -0700)]
[AF_IUCV]: remove static declarations from header file.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Ursula Braun <braunu@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Honor the advertisement bitmask from ethtool. We used to always
advertise the full capability when autoneg was set to on.
changed things around so that ethtool speed settings were strictly
followed. Unfortunately ethtool doesn't seem to set ADVERTISED_Autoneg
in the advertising field (and maybe it shouldn't have to). I'd vote
that it should be fixed there, but it should also be added here just in
case someone using ethtool ioctls in their own application gets what
they want.
Adding that flag in tg3_set_settings seemed like the most logical place
since the driver works fine on boot. This is just an issue when
re-enabling autonegotiation, so we should probably nip it there.
Signed-off-by: Andy Gospodarek <andy@greyhouse.net> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This fixes a kernel oops triggered by the ksdazzle SIR driver.
We need more space for input frames, and 2048 should be plenty of it.
Signed-off-by: Alex Villacís Lasso <a_villacis@palosanto.com> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Garzik [Mon, 8 Oct 2007 07:06:32 +0000 (00:06 -0700)]
[NET]: split dev_ifsioc() according to locking
This always bugged me: dev_ioctl() called dev_ifsioc() either inside
read_lock(dev_base_lock) or rtnl_lock(), depending on the ioctl being
executed.
This change moves the ioctls executed inside dev_base_lock to a new
function, dev_ifsioc_locked(). Now the locking context is completely
clear to the reader.
Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Fix a bunch of sparse warnings. Mostly about 0 used as
NULL pointer, and shadowed variable declarations.
One notable case was that hash size should have been unsigned.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>