Commit Graph

5799 Commits

Author SHA1 Message Date
Jeff Garzik 3ae7c0b2e3 [ETHTOOL]: Add ETHTOOL_[GS]FLAGS sub-ioctls
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:48:07 -07:00
Satyam Sharma 0bcc181618 [NET] netconsole: Support dynamic reconfiguration using configfs
Based upon initial work by Keiichi Kii <k-keiichi@bx.jp.nec.com>.

This patch introduces support for dynamic reconfiguration (adding, removing
and/or modifying parameters of netconsole targets at runtime) using a
userspace interface exported via configfs.  Documentation is also updated
accordingly.

Issues and brief design overview:

(1) Kernel-initiated creation / destruction of kernel objects is not
    possible with configfs -- the lifetimes of the "config items" is managed
    exclusively from userspace.  But netconsole must support boot/module
    params too, and these are parsed in kernel and hence netpolls must be
    setup from the kernel.  Joel Becker suggested to separately manage the
    lifetimes of the two kinds of netconsole_target objects -- those created
    via configfs mkdir(2) from userspace and those specified from the
    boot/module option string.  This adds complexity and some redundancy here
    and also means that boot/module param-created targets are not exposed
    through the configfs namespace (and hence cannot be updated / destroyed
    dynamically).  However, this saves us from locking / refcounting
    complexities that would need to be introduced in configfs to support
    kernel-initiated item creation / destroy there.

(2) In configfs, item creation takes place in the call chain of the
    mkdir(2) syscall in the driver subsystem.  If we used an ioctl(2) to
    create / destroy objects from userspace, the special userspace program is
    able to fill out the structure to be passed into the ioctl and hence
    specify attributes such as local interface that are required at the time
    we set up the netpoll.  For configfs, this information is not available at
    the time of mkdir(2).  So, we keep all newly-created targets (via
    configfs) disabled by default.  The user is expected to set various
    attributes appropriately (including the local network interface if
    required) and then write(2) "1" to the "enabled" attribute.  Thus,
    netpoll_setup() is then called on the set parameters in the context of
    _this_ write(2) on the "enabled" attribute itself.  This design enables
    the user to reconfigure existing netconsole targets at runtime to be
    attached to newly-come-up interfaces that may not have existed when
    netconsole was loaded or when the targets were actually created.  All this
    effectively enables us to get rid of custom ioctls.

(3) Ultra-paranoid configfs attribute show() and store() operations, with
    sanity and input range checking, using only safe string primitives, and
    compliant with the recommendations in Documentation/filesystems/sysfs.txt.

(4) A new function netpoll_print_options() is created in the netpoll API,
    that just prints out the configured parameters for a netpoll structure.
    netpoll_parse_options() is modified to use that and it is also exported to
    be used from netconsole.

Signed-off-by: Satyam Sharma <satyam@infradead.org>
Acked-by: Keiichi Kii <k-keiichi@bx.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:48:06 -07:00
Stephen Hemminger ab66b4a7a3 [IPV4] fib_trie: macro cleanup
This patch converts the messy macro for MASK_PFX to inline function
and expands TKEY_GET_MASK in the one place it is used.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:48:01 -07:00
Stephen Hemminger 0680191642 [IPV4] fib_trie: cleanup
Try this out:
     * replace macro's with inlines
     * get rid of places doing multiple evaluations of NODE_PARENT

[akpm@linux-foundation.org: rcu_dereference wants an lval]

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:48:01 -07:00
Ilpo Järvinen e60402d0a9 [TCP]: Move sack_ok access to obviously named funcs & cleanup
Previously code had IsReno/IsFack defined as macros that were
local to tcp_input.c though sack_ok field has user elsewhere too
for the same purpose. This changes them to static inlines as
preferred according the current coding style and unifies the
access to sack_ok across multiple files. Magic bitops of sack_ok
for FACK and DSACK are also abstracted to functions with
appropriate names.

Note:
- One sack_ok = 1 remains but that's self explanary, i.e., it
  enables sack
- Couple of !IsReno cases are changed to tcp_is_sack
- There were no users for IsDSack => I dropped it

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:48:00 -07:00
Ilpo Järvinen 1b6d427bb7 [TCP]: Reduce sacked_out with reno when purging write_queue
Previously TCP had a transitional state during which reno
counted segments that are already below the current window into
sacked_out, which is now prevented. In addition, re-try now
the unconditional S+L skb catching.

This approach conservatively calls just remove_sack and leaves
reset_sack() calls alone. The best solution to the whole problem
would be to first calculate the new sacked_out fully (this patch
does not move reno_sack_reset calls from original sites and thus
does not implement this). However, that would require very
invasive change to fastretrans_alert (perhaps even slicing it to
two halves). Alternatively, all callers of tcp_packets_in_flight
(i.e., users that depend on sacked_out) should be postponed
until the new sacked_out has been calculated but it isn't any
simpler alternative.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:58 -07:00
Ilpo Järvinen d02596e329 [TCP]: Keep state in Disorder also if only lost_out > 0
This happens rather infrequently and is only possible during
FRTO. We must not allow TCP to slip to Open state because
tcp_fastretrans_alert might then not be called on it's time
when FRTO has exited. This become a problem when left_out
got removed and was replaced by just sacked_out.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:58 -07:00
Ilpo Järvinen 86426c22d2 [TCP]: Restore over-zealous tcp_sync_left_out-like removals
tcp_verify_left_out is useful for verifying S+L condition, so
add it back to couple of places in where the code was not
calling to tcp_sync_left_out but used own ad-hoc solution
(before the tcp_sync_left_out got removed).

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:57 -07:00
Ilpo Järvinen 005903bc3a [TCP]: Left out sync->verify (the new meaning of it) & definify
Left_out was dropped a while ago, thus leaving verifying
consistency of the "left out" as only task for the function in
question. Thus make it's name more appropriate.

In addition, it is intentionally converted to #define instead
of static inline because the location of the invariant failure
is the most important thing to have if this ever triggers. I
think it would have been helpful e.g. in this case where the
location of the failure point had to be based on some quesswork:
    http://lkml.org/lkml/2007/5/2/464
...Luckily the guesswork seems to have proved to be correct.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:57 -07:00
Ilpo Järvinen 83ae40885f [TCP]: Add tcp_left_out(tp) "back" to get cleaner looking lines
tp->left_out got removed but nothing came to replace it back
then (users just did addition by themselves), so add function
for users now.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:56 -07:00
Ilpo Järvinen b5860bbac7 [TCP]: Tighten tcp_sock's belt, drop left_out
It is easily calculable when needed and user are not that many
after all.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:55 -07:00
Ilpo Järvinen 35e8694198 [TCP]: Remove num_acked>0 checks from cong.ctrl mods pkts_acked
There is no need for such check in pkts_acked because the
callback is not invoked unless at least one segment got fully
ACKed (i.e., the snd_una moved past skb's end_seq) by the
cumulative ACK's snd_una advancement.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:55 -07:00
Ilpo Järvinen af610b4ca1 [TCP]: Add tcp_dec_pcount_approx int variant
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:54 -07:00
Ilpo Järvinen bdf1ee5d3b [TCP]: Move code from tcp_ecn.h to tcp*.c and tcp.h & remove it
No other users exist for tcp_ecn.h. Very few things remain in
tcp.h, for most TCP ECN functions callers reside within a
single .c file and can be placed there.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:54 -07:00
Ilpo Järvinen 539d243fdd [TCP]: Access to highest_sack obsoletes forward_cnt_hint
In addition, added a reference about the purpose of the loop.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:53 -07:00
Ilpo Järvinen 9bff40fda0 [TCP] FRTO: remove unnecessary fackets/sacked_out recounting
F-RTO does not touch SACKED_ACKED bits at all, so there is no
need to recount them in tcp_enter_frto_loss. After removal of
the else branch, nested ifs can be combined.

This must also reset sacked_out when SACK is not in use as TCP
could have received some duplicate ACKs prior RTO. To achieve
that in a sane manner, tcp_reset_reno_sack was re-placed by the
previous patch.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:53 -07:00
Ilpo Järvinen 4ddf66769d [TCP]: Move Reno SACKed_out counter functions earlier
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:52 -07:00
David S. Miller d06e021d71 [TCP]: Extract DSACK detection code from tcp_sacktag_write_queue().
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:51 -07:00
Ilpo Järvinen 19b2b48658 [TCP]: Rexmit hint must be cleared instead of setting it
Stupid error from my side. Even though now that I noticed this,
I hoped it would have been an optimization but no, the counter
hint is then incorrect. Thus clearing is necessary for now (I
still suspect though that this path is never executed).

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:51 -07:00
Ilpo Järvinen d8f4f2235a [TCP]: Extracted rexmit hint clearing from the LOST marking code
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:50 -07:00
Ilpo Järvinen d738cd8fca [TCP]: Add highest_sack seqno, points to globally highest SACK
It is guaranteed to be valid only when !tp->sacked_out. In most
cases this seqno is available in the last ACK but there is no
guarantee for that. The new fast recovery loss marking algorithm
needs this as entry point.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:50 -07:00
Thomas Graf d961db358f [NEIGH]: Netlink notifications
Currently neighbour event notifications are limited to update
notifications and only sent if the ARP daemon is enabled. This
patch extends the existing notification code by also reporting
neighbours being removed due to gc or administratively and
removes the dependency on the ARP daemon. This allows to keep
track of neighbour states without periodically fetching the
complete neighbour table.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:49 -07:00
Thomas Graf 4f494554f9 [NEIGH]: Combine neighbour cleanup and release
Introduces neigh_cleanup_and_release() to be used after a
neighbour has been removed from its neighbour table. Serves
as preparation to add event notifications.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:48 -07:00
Jan-Bernd Themann 71c87e0ced [NET]: Generic Large Receive Offload for TCP traffic
This patch provides generic Large Receive Offload (LRO) functionality
for IPv4/TCP traffic.

LRO combines received tcp packets to a single larger tcp packet and
passes them then to the network stack in order to increase performance
(throughput). The interface supports two modes: Drivers can either
pass SKBs or fragment lists to the LRO engine.

Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:46 -07:00
Pavel Emelianov e71992889e [RTNETLINK]: Introduce generic rtnl_create_link().
This routine gets the parsed rtnl attributes and creates a new
link with generic info (IFLA_LINKINFO policy). Its intention
is to help the drivers, that need to create several links at
once (like VETH).

This is nothing but a copy-paste-ed part of rtnl_newlink() function
that is responsible for creation of new device.

Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:45 -07:00
Stephen Hemminger bea3348eef [NET]: Make NAPI polling independent of struct net_device objects.
Several devices have multiple independant RX queues per net
device, and some have a single interrupt doorbell for several
queues.

In either case, it's easier to support layouts like that if the
structure representing the poll is independant from the net
device itself.

The signature of the ->poll() call back goes from:

	int foo_poll(struct net_device *dev, int *budget)

to

	int foo_poll(struct napi_struct *napi, int budget)

The caller is returned the number of RX packets processed (or
the number of "NAPI credits" consumed if you want to get
abstract).  The callee no longer messes around bumping
dev->quota, *budget, etc. because that is all handled in the
caller upon return.

The napi_struct is to be embedded in the device driver private data
structures.

Furthermore, it is the driver's responsibility to disable all NAPI
instances in it's ->stop() device close handler.  Since the
napi_struct is privatized into the driver's private data structures,
only the driver knows how to get at all of the napi_struct instances
it may have per-device.

With lots of help and suggestions from Rusty Russell, Roland Dreier,
Michael Chan, Jeff Garzik, and Jamal Hadi Salim.

Bug fixes from Thomas Graf, Roland Dreier, Peter Zijlstra,
Joseph Fannin, Scott Wood, Hans J. Koch, and Michael Chan.

[ Ported to current tree and all drivers converted.  Integrated
  Stephen's follow-on kerneldoc additions, and restored poll_list
  handling to the old style to fix mutual exclusion issues.  -DaveM ]

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:47:45 -07:00
Johannes Berg dde4e47e8f [WIRELESS] radiotap parser: accept all other fields
This makes the radiotap parser accept all other fields that are
currently defined.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:43 -07:00
Larry Finger fe6aa301c7 [MAC80211]: Add SIOCGIWTXPOWER routine
The wireless extensions ioctl's implemented in mac80211 do not include
SIOCGIWTXPOWER. This patch adds the necessary code.

Acked-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:42 -07:00
Thomas Graf 744b096e2b [WIRELESS]: Use type safe netlink interface
Makes use of the type safe netlink interface and adds a warning
if the message is too big for NLMSG_DEFAULT_SIZE to help debug.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:42 -07:00
Johannes Berg 1bec3f1a3e [MAC80211]: fix add_interface monitor mode behaviour
This makes it behave the same whether we have monitor during operation
or not.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:41 -07:00
Andy Green 9b8a74e348 [MAC80211]: Improve sanity checks on injected packets
Michael Wu noticed that the skb length checking is not taken care of enough when
a packet is presented on the Monitor interface for injection.

This patch improves the sanity checking and removes fake offsets placed
into the skb network and transport header.

Signed-off-by: Andy Green <andy@warmcat.com>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:41 -07:00
Michael Wu 0ec0b7ac3c [MAC80211]: use more GFP_KERNEL instead of GFP_ATOMIC
This patch replaces atomic allocations with regular ones where possible.

Merged with "revert some GFP_ATOMIC -> GFP_KERNEL changes" from Michael Wu:
> Some of the allocations made with GFP_ATOMIC really were necessary.

Signed-off-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:40 -07:00
Daniel Drake d9430a3288 [MAC80211]: implement ERP info change notifications
zd1211rw and bcm43xx are interested in being notified when ERP IE conditions
change, so that they can reprogram a register which affects how control frames
are transmitted.

This patch adds an interface similar to the one that can be found in softmac.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:39 -07:00
Daniel Drake 7e9ed18874 [MAC80211]: improved short preamble handling
Similarly to CTS protection, whether short preambles are used for 802.11b
transmissions should be a per-subif setting, not device global.

For STAs, this patch makes short preamble handling automatic based on the ERP
IE. For APs, hostapd still uses the prism ioctls, but the write ioctl has been
restricted to AP-only subifs.

ieee80211_txrx_data.short_preamble (an unused field) was removed.

Unfortunately, some API changes were required for the following functions:
 - ieee80211_generic_frame_duration
 - ieee80211_rts_duration
 - ieee80211_ctstoself_duration
 - ieee80211_rts_get
 - ieee80211_ctstoself_get
Affected drivers were updated accordingly.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:38 -07:00
Ivo van Doorn d5d08def92 [MAC80211]: Add LONG_RETRY flag to ieee80211_tx_control
mac80211 informs the driver what the short and long retry values are through
set_retry_limit(), but when packets are being transmitted it did not inform the
driver which of the 2 retry limits should actually be used.
Instead it sends the actual value, but for drivers that can only set the retry limit
and the register and in the descriptor need to indicate which of the limits should
be used this is not really useful.

This patch will add a IEEE80211_TXCTL_LONG_RETRY_LIMIT flag to the
ieee80211_tx_control structure. By default the short retry limit should be
used but if the flag is set the long retry should be used.

This does not prevent the driver to ignore the request for "no retry" packets,
but at least those will be send out with the short retry limit. But there is no
perfect cure for this problem.. :(

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:38 -07:00
Daniel Drake 8a69aa93d5 [MAC80211]: STA reassociation improvements
My cheapy D-Link AP behaves strangely w.r.t reassociations.

The following sequence of commands causes me to lose association and to be
unable to regain it:

	ifconfig eth8 down
	ifconfig eth8 up
	iwconfig eth8 essid <x>

This is because mac80211 tries to reassociate, rather than just associate.
My AP replies with an association response (not a reassociation response...)
denying the association with code 12: "Association denied due to reason
outside the scope of this standard"

mac80211 tries this reassociation another 4 times or so before finally giving
up.

I see 2 problems here:
 1. bringing the interface down and up again should be resetting interface state
    i.e. after the interface is brought down, it should have no memory of if or
         where it was previously associated
 2. after the first reassociation fails, mac80211 should fall back to
    standard association for the next attempt

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:37 -07:00
Michael Wu be8755e180 [MAC80211]: improve locking of sta_info related structures
The sta_info code has some awkward locking which prevents some driver
callbacks from being allowed to sleep. This patch makes the locking more
focused so code that calls driver callbacks are allowed to sleep. It also
converts sta_lock to a rwlock.

Signed-off-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:37 -07:00
Johannes Berg c2d1560ad8 [MAC80211]: introduce util.c
Introduce a new file util.c and move a whole bunch of functions into it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:36 -07:00
Johannes Berg b2c258fb11 [MAC80211]: reorder interface related functions
This patch groups a whole bunch of functions together to make
ieee80211.c more maintainable.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:35 -07:00
Johannes Berg ff68808929 [MAC80211]: move some rate control functions out of ieee80211.c
I think these can go with rate control just as well and it makes
ieee80211.c more readable.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:35 -07:00
Johannes Berg 1f5a7e47ae [MAC80211]: split out some key functions from ieee80211.c
into a new file key.c which doesn't have much code right now but
it makes ieee80211.c easier to read.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:34 -07:00
Johannes Berg 75c35aa4e2 [MAC80211]: remove some unnecessary includes
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:34 -07:00
Johannes Berg e2ebc74d7e [MAC80211]: split TX path into own file
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:33 -07:00
Johannes Berg 340e11f332 [MAC80211]: rx cleanups (2)
Some more outdenting to make the code more readable.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:32 -07:00
Johannes Berg 52865dfd52 [MAC80211]: fix bug for per-sta stats
pre_rx handlers can't really touch sta since for IBSS it might not be
assigned yet, it can create sta info structs on-the-fly.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:32 -07:00
Johannes Berg 23a24defa0 [MAC80211]: split up __ieee80211_rx
The really indented part that does the huge switch on the interface
type is a nuisance. Put it into an own function 'prepare_for_handlers'.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:31 -07:00
Johannes Berg 570bd537a9 [MAC80211]: split ieee80211_rx_h_check handler
The ieee80211_rx_h_check handler really does two things, it's
a lot easier to understand if it's split into ieee80211_rx_h_check
and ieee80211_rx_h_load_key, and it may be possible in the future
to optimise the key loading to not do it for each interface.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:31 -07:00
Johannes Berg 8e6f003274 [MAC80211]: rx cleanups (1)
Make some really indented code more readable by outdenting.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:30 -07:00
Johannes Berg 6e0d114d52 [MAC80211]: move QoS rx handlers into rx.c
This patch moves the QoS handlers into rx.c making it possible
to compile wme.c only when NET_SCHED is defined.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:30 -07:00
Johannes Berg 571ecf676d [MAC80211]: split RX handlers into own file
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-10 16:47:29 -07:00
Brian Haley bf0b48dfc3 [IPv6]: Fix ICMPv6 redirect handling with target multicast address
When the ICMPv6 Target address is multicast, Linux processes the 
redirect instead of dropping it.  The problem is in this code in 
ndisc_redirect_rcv():

         if (ipv6_addr_equal(dest, target)) {
                 on_link = 1;
         } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
                 ND_PRINTK2(KERN_WARNING
                            "ICMPv6 Redirect: target address is not 
link-local.\n");
                 return;
         }

This second check will succeed if the Target address is, for example, 
FF02::1 because it has link-local scope.  Instead, it should be checking 
if it's a unicast link-local address, as stated in RFC 2461/4861 Section 
8.1:

       - The ICMP Target Address is either a link-local address (when
         redirected to a router) or the same as the ICMP Destination
         Address (when redirected to the on-link destination).

I know this doesn't explicitly say unicast link-local address, but it's 
implied.

This bug is preventing Linux kernels from achieving IPv6 Logo Phase II 
certification because of a recent error that was found in the TAHI test 
suite - Neighbor Disovery suite test 206 (v6LC.2.3.6_G) had the 
multicast address in the Destination field instead of Target field, so 
we were passing the test.  This won't be the case anymore.

The patch below fixes this problem, and also fixes ndisc_send_redirect() 
to not send an invalid redirect with a multicast address in the Target 
field.  I re-ran the TAHI Neighbor Discovery section to make sure Linux 
passes all 245 tests now.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Acked-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-08 00:12:05 -07:00
Stephen Hemminger bf1b803b01 [PKT_SCHED] cls_u32: error code isn't been propogated properly
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07 23:57:45 -07:00
Alexey Dobriyan 891e6a9312 [ROSE]: Fix rose.ko oops on unload
Commit a3d384029a aka
"[AX.25]: Fix unchecked rose_add_loopback_neigh uses"
transformed rose_loopback_neigh var into statically allocated one.
However, on unload it will be kfree's which can't work.

Steps to reproduce:

	modprobe rose
	rmmod rose

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000008
 printing eip:
c014c664
*pde = 00000000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: rose ax25 fan ufs loop usbhid rtc snd_intel8x0 snd_ac97_codec ehci_hcd ac97_bus uhci_hcd thermal usbcore button processor evdev sr_mod cdrom
CPU:    0
EIP:    0060:[<c014c664>]    Not tainted VLI
EFLAGS: 00210086   (2.6.23-rc9 #3)
EIP is at kfree+0x48/0xa1
eax: 00000556   ebx: c1734aa0   ecx: f6a5e000   edx: f7082000
esi: 00000000   edi: f9a55d20   ebp: 00200287   esp: f6a5ef28
ds: 007b   es: 007b   fs: 0000  gs: 0033  ss: 0068
Process rmmod (pid: 1823, ti=f6a5e000 task=f7082000 task.ti=f6a5e000)
Stack: f9a55d20 f9a5200c 00000000 00000000 00000000 f6a5e000 f9a5200c f9a55a00 
       00000000 bf818cf0 f9a51f3f f9a55a00 00000000 c0132c60 65736f72 00000000 
       f69f9630 f69f9528 c014244a f6a4e900 00200246 f7082000 c01025e6 00000000 
Call Trace:
 [<f9a5200c>] rose_rt_free+0x1d/0x49 [rose]
 [<f9a5200c>] rose_rt_free+0x1d/0x49 [rose]
 [<f9a51f3f>] rose_exit+0x4c/0xd5 [rose]
 [<c0132c60>] sys_delete_module+0x15e/0x186
 [<c014244a>] remove_vma+0x40/0x45
 [<c01025e6>] sysenter_past_esp+0x8f/0x99
 [<c012bacf>] trace_hardirqs_on+0x118/0x13b
 [<c01025b6>] sysenter_past_esp+0x5f/0x99
 =======================
Code: 05 03 1d 80 db 5b c0 8b 03 25 00 40 02 00 3d 00 40 02 00 75 03 8b 5b 0c 8b 73 10 8b 44 24 18 89 44 24 04 9c 5d fa e8 77 df fd ff <8b> 56 08 89 f8 e8 84 f4 fd ff e8 bd 32 06 00 3b 5c 86 60 75 0f 
EIP: [<c014c664>] kfree+0x48/0xa1 SS:ESP 0068:f6a5ef28

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07 23:44:17 -07:00
Ilpo Järvinen 48611c47d0 [TCP]: Fix fastpath_cnt_hint when GSO skb is partially ACKed
When only GSO skb was partially ACKed, no hints are reset,
therefore fastpath_cnt_hint must be tweaked too or else it can
corrupt fackets_out. The corruption to occur, one must have
non-trivial ACK/SACK sequence, so this bug is not very often
that harmful. There's a fackets_out state reset in TCP because
fackets_out is known to be inaccurate and that fixes the issue
eventually anyway.

In case there was also at least one skb that got fully ACKed,
the fastpath_skb_hint is set to NULL which causes a recount for
fastpath_cnt_hint (the old value won't be accessed anymore),
thus it can safely be decremented without additional checking.

Reported by Cedric Le Goater <clg@fr.ibm.com>

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-07 23:43:10 -07:00
Jeff Garzik 5c55c43491 Merge branch 'fixes-jgarzik' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes 2007-10-03 13:39:16 -04:00
Richard Knutsson ee0a8169b6 [PATCH] softmac: Fix compiler-warning
CC      net/ieee80211/softmac/ieee80211softmac_wx.o
/home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c: In function ‘ieee80211softmac_wx_set_essid’:
/home/kernel/src/net/ieee80211/softmac/ieee80211softmac_wx.c:117: warning: label ‘out’ defined but not used

due to commit: efe870f9f4. Removing the label.

Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-10-02 19:41:33 -04:00
John W. Linville 04045f98e0 [IEEE80211]: avoid integer underflow for runt rx frames
Reported by Chris Evans <scarybeasts@gmail.com>:

> The summary is that an evil 80211 frame can crash out a victim's
> machine. It only applies to drivers using the 80211 wireless code, and
> only then to certain drivers (and even then depends on a card's
> firmware not dropping a dubious packet). I must confess I'm not
> keeping track of Linux wireless support, and the different protocol
> stacks etc.
>
> Details are as follows:
>
> ieee80211_rx() does not explicitly check that "skb->len >= hdrlen".
> There are other skb->len checks, but not enough to prevent a subtle
> off-by-two error if the frame has the IEEE80211_STYPE_QOS_DATA flag
> set.
>
> This leads to integer underflow and crash here:
>
> if (frag != 0)
>    flen -= hdrlen;
>
> (flen is subsequently used as a memcpy length parameter).

How about this?

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-01 21:03:54 -07:00
Alexey Kuznetsov 32740ddc10 [SFQ]: Remove artificial limitation for queue limit.
This is followup to Patrick's patch. A little optimization to enqueue
routine allows to remove artificial limitation on queue length.

Plus, testing showed that hash function used by SFQ is too bad or even worse.
It does not even sweep the whole range of hash values.
Switched to Jenkins' hash.

Signed-off-by: Alexey Kuznetsov <kaber@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-01 21:01:23 -07:00
David S. Miller f8ab18d2d9 [TCP]: Fix MD5 signature handling on big-endian.
Based upon a report and initial patch by Peter Lieven.

tcp4_md5sig_key and tcp6_md5sig_key need to start with
the exact same members as tcp_md5sig_key.  Because they
are both cast to that type by tcp_v{4,6}_md5_do_lookup().

Unfortunately tcp{4,6}_md5sig_key use a u16 for the key
length instead of a u8, which is what tcp_md5sig_key
uses.  This just so happens to work by accident on
little-endian, but on big-endian it doesn't.

Instead of casting, just place tcp_md5sig_key as the first member of
the address-family specific structures, adjust the access sites, and
kill off the ugly casts.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-28 15:18:35 -07:00
David S. Miller e79ad711a0 [NET]: Zero length write() on socket should not simply return 0.
This fixes kernel bugzilla #5731

It should generate an empty packet for datagram protocols when the
socket is connected, for one.

The check is doubly-wrong because all that a write() can be is a
sendmsg() call with a NULL msg_control and a single entry iovec.  No
special semantics should be assigned to it, therefore the zero length
check should be removed entirely.

This matches the behavior of BSD and several other systems.

Alan Cox notes that SuSv3 says the behavior of a zero length write on
non-files is "unspecified", but that's kind of useless since BSD has
defined this behavior for a quarter century and BSD is essentially
what application folks code to.

Based upon a patch from Stephen Hemminger.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-27 13:52:00 -07:00
Al Viro 78bd8fbbcd fix sctp_del_bind_addr() last argument type
It gets pointer to fastcall function, expects a pointer to normal
one and calls the sucker.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Linus Torvalds d85f57938a Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [PPP_MPPE]: Don't put InterimKey on the stack
  SCTP : Add paramters validity check for ASCONF chunk
  SCTP: Discard OOTB packetes with bundled INIT early.
  SCTP: Clean up OOTB handling and fix infinite loop processing
  SCTP: Explicitely discard OOTB chunks
  SCTP: Send ABORT chunk with correct tag in response to INIT ACK
  SCTP: Validate buffer room when processing sequential chunks
  [PATCH] mac80211: fix initialisation when built-in
  [PATCH] net/mac80211/wme.c: fix sparse warning
  [PATCH] cfg80211: fix initialisation if built-in
  [PATCH] net/wireless/sysfs.c: Shut up build warning
2007-09-26 08:59:41 -07:00
Wei Yongjun 6f4c618ddb SCTP : Add paramters validity check for ASCONF chunk
If ADDIP is enabled, when an ASCONF chunk is received with ASCONF
paramter length set to zero, this will cause infinite loop.
By the way, if an malformed ASCONF chunk is received, will cause
processing to access memory without verifying.

This is because of not check the validity of parameters in ASCONF chunk.
This patch fixed this.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:49 -07:00
Vlad Yasevich 3c77f961b5 SCTP: Discard OOTB packetes with bundled INIT early.
RFC 4460 and future RFC 4960 (2960-bis) specify that packets
with bundled INIT chunks need to be dropped.  We currenlty do
that only after processing any leading chunks.  For OOTB chunks,
since we already walk the entire packet, we should discard packets
with bundled INITs.

There are other chunks chunks that MUST NOT be bundled, but the spec
is silent on theire treatment.  Thus, we'll leave their teatment
alone for the moment.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Wei Yongjun <yjwei@cn.fujitsu.com>
2007-09-25 22:55:48 -07:00
Vlad Yasevich ece25dfa09 SCTP: Clean up OOTB handling and fix infinite loop processing
While processing OOTB chunks as well as chunks with an invalid
length of 0, it was possible to SCTP to get wedged inside an
infinite loop because we didn't catch the condition correctly,
or didn't mark the packet for discard correctly.
This work is based on original findings and work by
Wei Yongjun <yjwei@cn.fujitsu.com>

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:47 -07:00
Vlad Yasevich d3f259687f SCTP: Explicitely discard OOTB chunks
Explicitely discard OOTB chunks, whether the result is a
SHUTDOWN COMPLETE or an ABORT.  We need to discard the OOTB
SHUTDOWN ACK to prevent bombing attackes since responsed
MUST NOT be bundled.  We also explicietely discard in the
ABORT case since that function is widely used internally.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
2007-09-25 22:55:47 -07:00
Wei Yongjun 02c4e12c64 SCTP: Send ABORT chunk with correct tag in response to INIT ACK
When SCTP client received an INIT ACK chunk with missing mandatory
parameter such as "cookie parameter", it will send back a ABORT
with T-bit not set and verification tag is set to 0.
This is because before we accept this INIT ACK chunk, we do not know
the peer's tag.  This patch change to reflect vtag when responding to
INIT ACK with missing mandatory parameter.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:46 -07:00
Vlad Yasevich a09c83847b SCTP: Validate buffer room when processing sequential chunks
When we process bundled chunks, we need to make sure that
the skb has the buffer for each header since we assume it's
always there.  Some malicious node can send us something like
DATA + 2 bytes and we'll try to walk off the end refrencing
potentially uninitialized memory.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:45 -07:00
Johannes Berg ca9938fea5 [PATCH] mac80211: fix initialisation when built-in
When mac80211 is built into the kernel it needs to init earlier
so that device registrations are run after it has initialised.
The same applies to rate control algorithms.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:45 -07:00
Johannes Berg 136e83d6b8 [PATCH] net/mac80211/wme.c: fix sparse warning
wme.c triggers a sparse warning; it wasn't noticed before because until
recently ARRAY_SIZE triggered a sparse error.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:44 -07:00
Johannes Berg 3a4624652e [PATCH] cfg80211: fix initialisation if built-in
When cfg80211 is built into the kernel it needs to init earlier
so that device registrations are run after it has initialised.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:44 -07:00
Satyam Sharma 7b5ee3a038 [PATCH] net/wireless/sysfs.c: Shut up build warning
net/wireless/sysfs.c:108: warning: ‘wiphy_uevent’ defined but not used

when CONFIG_HOTPLUG=n is because the only usage site of this function
is #ifdef'ed as such, so let's #ifdef the definition also.

Signed-off-by: Satyam Sharma <satyam@infradead.org>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:43 -07:00
Jeff Garzik 2aee619865 Merge branch 'fixes-jgarzik' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes 2007-09-25 15:47:12 -04:00
Larry Finger efe870f9f4 [PATCH] softmac: Fix inability to associate with WEP networks
Commit 4cf92a3c was submitted as a fix for bug #8686 at bugzilla.kernel.org
(http://bugzilla.kernel.org/show_bug.cgi?id=8686). Unfortunately, the fix led to
a new bug, reported by Yoshifuji Hideaki, that prevented association for WEP
encrypted networks that use ifconfig to control the device. This patch effectively
reverts the earlier commit and does a proper fix for bug #8686.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-21 11:26:33 -04:00
Wolfgang Walter 9db619e665 rpc: fix garbage in printk in svc_tcp_accept()
we upgraded the kernel of a nfs-server from 2.6.17.11 to 2.6.22.6. Since
then we get the message

lockd: too many open TCP sockets, consider increasing the number of nfsd threads
lockd: last TCP connect from ^\\236^\É^D

These random characters in the second line are caused by a bug in
svc_tcp_accept.

(Note: there are two previous __svc_print_addr(sin, buf, sizeof(buf))
calls in this function, either of which would initialize buf correctly;
but both are inside "if"'s and are not necessarily executed.  This is
less obvious in the second case, which is inside a dprintk(), which is a
macro which expands to an if statement.)

Signed-off-by: Wolfgang Walter <wolfgang.walter@studentenwerk.mhn.de>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-20 13:15:57 -07:00
Alexey Kuznetsov 5588b40d7c [PKT_SCHED]: Fix 'SFQ qdisc crashes with limit of 2 packets'
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-20 12:14:08 -07:00
Eric Leblond 29c5d4afba [NETFILTER]: nfnetlink_log: fix sending of multipart messages
The following patch fixes the handling of netlink packets containing
multiple messages.

As exposed during netfilter workshop, nfnetlink_log was overwritten the
message type of the last message (setting it to MSG_DONE) in a multipart
packet. The consequence was libnfnetlink to ignore the last message in the
packet.

The following patch adds a supplementary message (with type MSG_DONE) af
the end of the netlink skb.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-20 12:13:52 -07:00
Linus Torvalds edb1e9671a Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [VLAN]: Fix net_device leak.
  [PPP] generic: Fix receive path data clobbering & non-linear handling
  [PPP] generic: Call skb_cow_head before scribbling over skb
  [NET] skbuff: Add skb_cow_head
  [BRIDGE]: Kill clone argument to br_flood_*
  [PPP] pppoe: Fill in header directly in __pppoe_xmit
  [PPP] pppoe: Fix data clobbering in __pppoe_xmit and return value
  [PPP] pppoe: Fix skb_unshare_check call position
  [SCTP]: Convert bind_addr_list locking to RCU
  [SCTP]: Add RCU synchronization around sctp_localaddr_list
  [PKT_SCHED]: sch_cbq.c: Shut up uninitialized variable warning
  [PKTGEN]: srcmac fix
  [IPV6]: Fix source address selection.
  [IPV4]: Just increment OutDatagrams once per a datagram.
  [IPV6]: Just increment OutDatagrams once per a datagram.
  [IPV6]: Fix unbalanced socket reference with MSG_CONFIRM.
  [NET_SCHED] protect action config/dump from irqs
  [NET]: Fix two issues wrt. SO_BINDTODEVICE.
2007-09-16 21:14:54 -07:00
Al Viro d9f30ec0b0 [VLAN]: Fix net_device leak.
In "[VLAN]: Move device registation to seperate function" (commit
e89fe42cd0), a pile of code got moved
to register_vlan_dev(), including grabbing a reference to underlying
device.  However, original dev_hold() had been left behind, so we
leak a reference to net_device now...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 16:43:04 -07:00
Herbert Xu d9cc20484e [NET] skbuff: Add skb_cow_head
This patch adds an optimised version of skb_cow that avoids the copy if
the header can be modified even if the rest of the payload is cloned.

This can be used in encapsulating paths where we only need to modify the
header.  As it is, this can be used in PPPOE and bridging.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 16:21:16 -07:00
Herbert Xu e081e1e3ef [BRIDGE]: Kill clone argument to br_flood_*
The clone argument is only used by one caller and that caller can clone
the packet itself.  This patch moves the clone call into the caller and
kills the clone argument.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 16:20:48 -07:00
Vlad Yasevich 559cf710b0 [SCTP]: Convert bind_addr_list locking to RCU
Since the sctp_sockaddr_entry is now RCU enabled as part of
the patch to synchronize sctp_localaddr_list, it makes sense to
change all handling of these entries to RCU.  This includes the
sctp_bind_addrs structure and it's list of bound addresses.

This list is currently protected by an external rw_lock and that
looks like an overkill.  There are only 2 writers to the list:
bind()/bindx() calls, and BH processing of ASCONF-ACK chunks.
These are already seriealized via the socket lock, so they will
not step on each other.  These are also relatively rare, so we
should be good with RCU.

The readers are varied and they are easily converted to RCU.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Sridhar Samdurala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 16:03:28 -07:00
Vlad Yasevich 2930354799 [SCTP]: Add RCU synchronization around sctp_localaddr_list
sctp_localaddr_list is modified dynamically via NETDEV_UP
and NETDEV_DOWN events, but there is not synchronization
between writer (even handler) and readers.  As a result,
the readers can access an entry that has been freed and
crash the sytem.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Sridhar Samdurala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 16:02:12 -07:00
Satyam Sharma ddeee3ce7f [PKT_SCHED]: sch_cbq.c: Shut up uninitialized variable warning
net/sched/sch_cbq.c: In function 'cbq_enqueue':
net/sched/sch_cbq.c:383: warning: 'ret' may be used uninitialized in this function

has been verified to be a bogus case. So let's shut it up.

Signed-off-by: Satyam Sharma <satyam@infradead.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 14:54:05 -07:00
Adit Ranadive ce5d0b47f1 [PKTGEN]: srcmac fix
From: Adit Ranadive <adit.262@gmail.com>

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 14:52:15 -07:00
Jiri Kosina 6ae5f983cf [IPV6]: Fix source address selection.
The commit 95c385 broke proper source address selection for cases in which 
there is a address which is makred 'deprecated'. The commit mistakenly 
changed ifa->flags to ifa_result->flags (probably copy/paste error from a 
few lines above) in the 'Rule 3' address selection code.

The patch restores the previous RFC-compliant behavior.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16 14:48:21 -07:00
YOSHIFUJI Hideaki 2a0c6c980d [IPV4]: Just increment OutDatagrams once per a datagram.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 17:15:19 -07:00
YOSHIFUJI Hideaki cd562c9859 [IPV6]: Just increment OutDatagrams once per a datagram.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 17:15:01 -07:00
YOSHIFUJI Hideaki 3ef9d943d2 [IPV6]: Fix unbalanced socket reference with MSG_CONFIRM.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 16:45:40 -07:00
Jamal Hadi Salim e1e992e52f [NET_SCHED] protect action config/dump from irqs
(with no apologies to C Heston)

On Mon, 2007-10-09 at 21:00 +0800, Herbert Xu wrote:
On Sun, Sep 02, 2007 at 01:11:29PM +0000, Christian Kujau wrote:
> >
> > after upgrading to 2.6.23-rc5 (and applying davem's fix [0]), lockdep
> > was quite noisy when I tried to shape my external (wireless) interface:
> >
> > [ 6400.534545] FahCore_78.exe/3552 just changed the state of lock:
> > [ 6400.534713]  (&dev->ingress_lock){-+..}, at: [<c038d595>]
> > netif_receive_skb+0x2d5/0x3c0
> > [ 6400.534941] but this lock took another, soft-read-irq-unsafe lock in the
> > past:
> > [ 6400.535145]  (police_lock){-.--}
>
> This is a genuine dead-lock.  The police lock can be taken
> for reading with softirqs on.  If a second CPU tries to take
> the police lock for writing, while holding the ingress lock,
> then a softirq on the first CPU can dead-lock when it tries
> to get the ingress lock.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 16:43:05 -07:00
David S. Miller 4878809f71 [NET]: Fix two issues wrt. SO_BINDTODEVICE.
1) Comments suggest that setting optlen to zero will unbind
   the socket from whatever device it might be attached to.  This
   hasn't been the case since at least 2.2.x because the first thing
   this function does is return -EINVAL if 'optlen' is less than
   sizeof(int).

   This check also means that passing in a two byte string doesn't
   work so well.  It's almost as if this code was testing with "eth?"
   patterned strings and nothing else :-)

   Fix this by breaking the logic of this facility out into a
   seperate function which validates optlen more appropriately.

   The optlen==0 and small string cases now work properly.

2) We should reset the cached route of the socket after we have made
   the device binding changes, not before.

Reported by Ben Greear.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 16:41:03 -07:00
Neil Brown 7a1fa065a0 Correctly close old nfsd/lockd sockets.
Commit aaf68cfbf2 added a bias
to sk_inuse, so this test for an unused socket now fails.  So no
sockets get closed because they are old (they might get closed
if the client closed them).

This bug has existed since 2.6.21-rc1.

Thanks to Wolfgang Walter for finding and reporting the bug.

Cc: Wolfgang Walter <wolfgang.walter@studentenwerk.mhn.de>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-14 13:58:11 -07:00
David S. Miller 1da97f83a8 [BLUETOOTH]: Fix non-COMPAT build of hci_sock.c
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-12 14:10:58 +02:00
Patrick McHardy 0a9c730144 [INET_DIAG]: Fix oops in netlink_rcv_skb
netlink_run_queue() doesn't handle multiple processes processing the
queue concurrently. Serialize queue processing in inet_diag to fix
a oops in netlink_rcv_skb caused by netlink_run_queue passing a
NULL for the skb.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000054
[349587.500454]  printing eip:
[349587.500457] c03318ae
[349587.500459] *pde = 00000000
[349587.500464] Oops: 0000 [#1]
[349587.500466] PREEMPT SMP
[349587.500474] Modules linked in: w83627hf hwmon_vid i2c_isa
[349587.500483] CPU:    0
[349587.500485] EIP:    0060:[<c03318ae>]    Not tainted VLI
[349587.500487] EFLAGS: 00010246   (2.6.22.3 #1)
[349587.500499] EIP is at netlink_rcv_skb+0xa/0x7e
[349587.500506] eax: 00000000   ebx: 00000000   ecx: c148d2a0   edx: c0398819
[349587.500510] esi: 00000000   edi: c0398819   ebp: c7a21c8c   esp: c7a21c80
[349587.500517] ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
[349587.500521] Process oidentd (pid: 17943, ti=c7a20000 task=cee231c0 task.ti=c7a20000)
[349587.500527] Stack: 00000000 c7a21cac f7c8ba78 c7a21ca4 c0331962 c0398819 f7c8ba00 0000004c
[349587.500542]        f736f000 c7a21cb4 c03988e3 00000001 f7c8ba00 c7a21cc4 c03312a5 0000004c
[349587.500558]        f7c8ba00 c7a21cd4 c0330681 f7c8ba00 e4695280 c7a21d00 c03307c6 7fffffff
[349587.500578] Call Trace:
[349587.500581]  [<c010361a>] show_trace_log_lvl+0x1c/0x33
[349587.500591]  [<c01036d4>] show_stack_log_lvl+0x8d/0xaa
[349587.500595]  [<c010390e>] show_registers+0x1cb/0x321
[349587.500604]  [<c0103bff>] die+0x112/0x1e1
[349587.500607]  [<c01132d2>] do_page_fault+0x229/0x565
[349587.500618]  [<c03c8d3a>] error_code+0x72/0x78
[349587.500625]  [<c0331962>] netlink_run_queue+0x40/0x76
[349587.500632]  [<c03988e3>] inet_diag_rcv+0x1f/0x2c
[349587.500639]  [<c03312a5>] netlink_data_ready+0x57/0x59
[349587.500643]  [<c0330681>] netlink_sendskb+0x24/0x45
[349587.500651]  [<c03307c6>] netlink_unicast+0x100/0x116
[349587.500656]  [<c0330f83>] netlink_sendmsg+0x1c2/0x280
[349587.500664]  [<c02fcce9>] sock_sendmsg+0xba/0xd5
[349587.500671]  [<c02fe4d1>] sys_sendmsg+0x17b/0x1e8
[349587.500676]  [<c02fe92d>] sys_socketcall+0x230/0x24d
[349587.500684]  [<c01028d2>] syscall_call+0x7/0xb
[349587.500691]  =======================
[349587.500693] Code: f0 ff 4e 18 0f 94 c0 84 c0 0f 84 66 ff ff ff 89 f0 e8 86 e2 fc ff e9 5a ff ff ff f0 ff 40 10 eb be 55 89 e5 57 89 d7 56 89 c6 53 <8b> 50 54 83 fa 10 72 55 8b 9e 9c 00 00 00 31 c9 8b 03 83 f8 0f

Reported by Athanasius <link@miggy.org>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:33:28 +02:00
YOSHIFUJI Hideaki e1f52208bb [IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames
Some of skbs in sk->write_queue do not have skb->dst because
we do not fill skb->dst when we allocate new skb in append_data().

BTW, I think we may not need to (or we should not) increment some stats
when using corking; if 100 sendmsg() (with MSG_MORE) result in 2 packets,
how many should we increment?

If 100, we should set skb->dst for every queued skbs.

If 1 (or 2 (*)), we increment the stats for the first queued skb and
we should just skip incrementing OutDiscards for the rest of queued skbs,
adn we should also impelement this semantics in other places;
e.g., we should increment other stats just once, not 100 times.

*: depends on the place we are discarding the datagram.

I guess should just increment by 1 (or 2).

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:31:43 +02:00
Neil Horman 16fcec35e7 [NETFILTER]: Fix/improve deadlock condition on module removal netfilter
So I've had a deadlock reported to me.  I've found that the sequence of
events goes like this:

1) process A (modprobe) runs to remove ip_tables.ko

2) process B (iptables-restore) runs and calls setsockopt on a netfilter socket,
increasing the ip_tables socket_ops use count

3) process A acquires a file lock on the file ip_tables.ko, calls remove_module
in the kernel, which in turn executes the ip_tables module cleanup routine,
which calls nf_unregister_sockopt

4) nf_unregister_sockopt, seeing that the use count is non-zero, puts the
calling process into uninterruptible sleep, expecting the process using the
socket option code to wake it up when it exits the kernel

4) the user of the socket option code (process B) in do_ipt_get_ctl, calls
ipt_find_table_lock, which in this case calls request_module to load
ip_tables_nat.ko

5) request_module forks a copy of modprobe (process C) to load the module and
blocks until modprobe exits.

6) Process C. forked by request_module process the dependencies of
ip_tables_nat.ko, of which ip_tables.ko is one.

7) Process C attempts to lock the request module and all its dependencies, it
blocks when it attempts to lock ip_tables.ko (which was previously locked in
step 3)

Theres not really any great permanent solution to this that I can see, but I've
developed a two part solution that corrects the problem

Part 1) Modifies the nf_sockopt registration code so that, instead of using a
use counter internal to the nf_sockopt_ops structure, we instead use a pointer
to the registering modules owner to do module reference counting when nf_sockopt
calls a modules set/get routine.  This prevents the deadlock by preventing set 4
from happening.

Part 2) Enhances the modprobe utilty so that by default it preforms non-blocking
remove operations (the same way rmmod does), and add an option to explicity
request blocking operation.  So if you select blocking operation in modprobe you
can still cause the above deadlock, but only if you explicity try (and since
root can do any old stupid thing it would like....  :)  ).

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:28:26 +02:00
Patrick McHardy 0fb9670137 [NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages
Since we're now using a generic tuple decoding function in ICMP
connection tracking, ipv4_get_l4proto() might get called with a
fragmented packet from within an ICMP error. Remove the error
message we used to print when this happens.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:27:01 +02:00
David S. Miller 66eb50d5c9 Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6 2007-09-11 11:15:30 +02:00
Denis V. Lunev 9e3be4b343 [IPV6]: Freeing alive inet6 address
From: Denis V. Lunev <den@openvz.org>

addrconf_dad_failure calls addrconf_dad_stop which takes referenced address
and drops the count. So, in6_ifa_put perrformed at out: is extra. This
results in message: "Freeing alive inet6 address" and not released dst entries.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:04:49 +02:00
Patrick McHardy a2221f308d [DECNET]: Fix interface address listing regression.
Not all are listed, same as the IPV4 devinet bug.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 10:45:15 +02:00
Stephen Hemminger 596e415095 [IPV4] devinet: show all addresses assigned to interface
Bug: http://bugzilla.kernel.org/show_bug.cgi?id=8876

Not all ips are shown by "ip addr show" command when IPs number assigned to an
interface is more than 60-80 (in fact it depends on broadcast/label etc
presence on each address).

Steps to reproduce:
It's terribly simple to reproduce:

# for i in $(seq 1 100); do ip ad add 10.0.$i.1/24 dev eth10 ; done
# ip addr show

this will _not_ show all IPs.
Looks like the problem is in netlink/ipv4 message processing.

This is fix from bug submitter, it looks correct.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 10:41:04 +02:00
Herbert Xu ef8aef55ce [NET]: Do not dereference iov if length is zero
When msg_iovlen is zero we shouldn't try to dereference
msg_iov.  Right now the only thing that tries to do so
is skb_copy_and_csum_datagram_iovec.  Since the total
length should also be zero if msg_iovlen is zero, it's
sufficient to check the total length there and simply
return if it's zero.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 10:29:07 +02:00
Marcel Holtmann 89f2783ded [Bluetooth] Fix parameter list for event filter command
On device initialization the event filters are cleared. In case of
clearing the filters the extra condition type shall be omitted.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-09-09 08:39:49 +02:00
Marcel Holtmann 7c631a6760 [Bluetooth] Update security filter for Bluetooth 2.1
This patch updates the HCI security filter with support for the
Bluetooth 2.1 commands and events.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-09-09 08:39:43 +02:00
Marcel Holtmann 767c5eb5d3 [Bluetooth] Add compat handling for timestamp structure
The timestamp structure needs special handling in case of compat
programs. Use the same wrapping method the network core uses.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-09-09 08:39:34 +02:00
David S. Miller 5c127c58ae [TCP]: 'dst' can be NULL in tcp_rto_min()
Reported by Rick Jones.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-31 14:39:44 -07:00
Pavel Emelyanov 88282c6ecf [PKTGEN]: Remove write-only variable.
The pktgen_thread.pid is set to current->pid and is never used
after this. So remove this at all.

Found during isolating the explicit pid/tgid usage.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:46:36 -07:00
Jesper Bengtsson a289d70d74 [NETFILTER]: xt_tcpudp: fix wrong struct in udp_checkentry
It doesn't seem to have any effect on the x86 architecture but it does
have effect on the Axis CRIS architecture.

Signed-off-by: Jesper Bengtsson <jesper.bengtsson@axis.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:36:43 -07:00
Lucas Nussbaum dbaaa07a60 [NET_SCHED] sch_prio.c: remove duplicate call of tc_classify()
When CONFIG_NET_CLS_ACT is enabled, tc_classify() is called twice in
prio_classify(). This causes "interesting" behaviour: with the setup
below, packets are duplicated, sent twice to ifb0, and then loop in and
out of ifb0.

The patch uses the previously calculated return value in the switch,
which is probably what Patrick had in mind in commit
bdba91ec70 -- maybe Patrick can
double-check this?

-- example setup --
ifconfig ifb0 up
tc qdisc add dev ifb0 root netem delay 2s
tc qdisc add dev $ETH root handle 1: prio
tc filter add dev $ETH parent 1: protocol ip prio 10 u32 \
 match ip dst 172.24.110.6/32 flowid 1:1 \
 action mirred egress redirect dev ifb0
ping -c1 172.24.110.6

Signed-off-by: Lucas Nussbaum <lucas.nussbaum@imag.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:35:46 -07:00
Stephen Hemminger b4a488d182 [BRIDGE]: Fix OOPS when bridging device without ethtool.
Bridge code calls ethtool to get speed. The conversion to using
only ethtool_ops broke the case of devices without ethtool_ops.
This is a new regression in 2.6.23.

Rearranged the switch to a logical order, and use gcc initializer.

Ps: speed should have been part of the network device structure from
    the start rather than burying it in ethtool.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Acked-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:16:22 -07:00
Stephen Hemminger df1c0b8468 [BRIDGE]: Packets leaking out of disabled/blocked ports.
This patch fixes some packet leakage in bridge.  The bridging code was
allowing forward table entries to be generated even if a device was
being blocked. The fix is to not add forwarding database entries
unless the port is active.

The bug arose as part of the conversion to processing STP frames
through normal receive path (in 2.6.17).

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:15:35 -07:00
David S. Miller b91ddd8437 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/vxy/lksctp-dev 2007-08-30 22:11:31 -07:00
David S. Miller 05bb1fad1c [TCP]: Allow minimum RTO to be configurable via routing metrics.
Cell phone networks do link layer retransmissions and other
things that cause unnecessary timeout retransmits.  So allow
the minimum RTO to be inflated per-route to deal with this.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30 22:10:28 -07:00
Wei Yongjun cb243a1a9f SCTP: Fix to handle invalid parameter length correctly
If an INIT with invalid parameter length look like this:
Parameter Type : 1
Parameter Length: 800
and not contain any payload, SCTP will ignore this  parameter and send
back a INIT-ACK.
This patch is fix to handle this invalid parameter length correctly.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 16:44:27 -04:00
Vlad Yasevich 609ee4679b SCTP: Abort on COOKIE-ECHO if backlog is exceeded.
Currently we abort on the INIT chunk we our backlog is currenlty
exceeded.  Delay this about untill COOKIE-ECHO to give the user
time to accept the socket.  Also, make sure that we treat
sk_max_backlog of 0 as no connections allowed.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 14:12:25 -04:00
Vlad Yasevich 498d63071e SCTP: Correctly disable listening when backlog is 0.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 14:03:58 -04:00
Vlad Yasevich d0ce92910b SCTP: Do not retransmit chunks that are newer then rtt.
When performing a retransmit, do not include the chunk if
it was sent less then 1 rtt ago.  The reason is that we
may receive the SACK very soon and wouldn't retransmit.
Suggested by Randy Stewart.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 13:56:06 -04:00
Vlad Yasevich cc75689a4c SCTP: Uncomfirmed transports can't become Inactive
Do not set Unconfirmed transports to Inactive state.  This may
result in an inactive association being destroyed since we start
counting errors on "inactive" transports against the association.
This was found at the SCTP interop event.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 13:55:41 -04:00
Vlad Yasevich 2772b495ef SCTP: Pick the correct port when binding to 0.
sctp_bindx() allows the use of unspecified port.  The problem is
that every address we bind to ends up selecting a new port if
the user specified port 0.  This patch allows re-use of the
already selected port when the port from bindx was 0.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 13:55:20 -04:00
Wei Yongjun d99fa42963 SCTP: Use net_ratelimit to suppress error messages print too fast
When multi bundling SHUTDOWN-ACK message is received in ESTAB state,
this will cause "sctp protocol violation state" message print many times.
If SHUTDOWN-ACK is bundled 300 times in one packet, message will be
print 300 times. The same problem also exists when received unexpected
HEARTBEAT-ACK message which is bundled message times.

This patch used net_ratelimit() to suppress error messages print too fast.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 13:52:56 -04:00
Wei Yongjun 00f1c2df2a SCTP: Fix to encode PROTOCOL VIOLATION error cause correctly
PROTOCOL VIOLATION error cause in ABORT is bad encode when make abort
chunk. When SCTP encode ABORT chunk with PROTOCOL VIOLATION error cause,
it just add the error messages to PROTOCOL VIOLATION error cause, the
rest four bytes(struct sctp_paramhdr) is just add to the chunk, not
change the length of error cause. This cause the ABORT chunk to be a bad
format. The chunk is like this:

ABORT chunk
  Chunk type: ABORT (6)
  Chunk flags: 0x00
  Chunk length: 72 (*1)
  Protocol violation cause
    Cause code: Protocol violation (0x000d)
    Cause length: 62 (*2)
    Cause information: 5468652063756D756C61746976652074736E2061636B2062...
    Cause padding: 0000
[Needless] 00030010
Chunk Length(*1) = 72 but Cause length(*2) only 62, not include the
extend 4 bytes.
((72 - sizeof(chunk_hdr)) = 68) != (62 +3) / 4 * 4

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 13:50:48 -04:00
Wei Yongjun 8d614ade51 SCTP: Fix sctp_addto_chunk() to add pad with correct length
At function sctp_addto_chunk(), it do pad before add payload to chunk if
chunk length is not 4-byte alignment. But it do pad with a bad length.
This patch fixed this probleam.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30 11:56:17 -04:00
Vlad Yasevich ab3e5e7b65 SCTP: Assign stream sequence numbers to the entire message
Currently we only assign the sequence number to a packet that
we are about to transmit.  This however breaks the Partial
Reliability extensions, because it's possible for us to
never transmit a packet, i.e. it expires before we get to send
it.  In such cases, if the message contained multiple SCTP
fragments, and we did manage to send the first part of the
message, the Stream sequence numbers would get into invalid
state and cause receiver to stall.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-29 13:34:34 -04:00
Vlad Yasevich ea2dfb3733 SCTP: properly clean up fragment and ordering queues during FWD-TSN.
When we recieve a FWD-TSN (meaning the peer has abandoned the data),
we need to clean up any partially received messages that may be
hanging out on the re-assembly or re-ordering queues.  This is
a MUST requirement that was not properly done before.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com.>
2007-08-29 13:34:33 -04:00
Robert Olsson 378be2c083 [PKTGEN]: Fix multiqueue oops.
Initially pkt_dev can be NULL this causes netif_subqueue_stopped to 
oops. The patch below should cure it. But maybe the pktgen TX logic 
should be reworked to better support the new multiqueue support. 

Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-28 15:43:14 -07:00
Evgeniy Polyakov e7c243c925 [VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"
I tried to preserve bridging code as it was before, but logic is quite
strange - I think we should free skb on error, since it is already
unshared and thus will just leak.

Herbert Xu states:

> +	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
> +		goto out;

If this happens it'll be a double-free on skb since we'll
return NF_DROP which makes the caller free it too.

We could return NF_STOLEN to prevent that but I'm not sure
whether that's correct netfilter semantics.  Patrick, could
you please make a call on this?

Patrick McHardy states:

NF_STOLEN should work fine here.

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:47 -07:00
Benjamin Thery aaa53c4aba [NET]: Fix crash in dev_mc_sync()/dev_mc_unsync()
This patch fixes a crash that may occur when the routine dev_mc_sync()
deletes an address from the list it is currently going through. It
saves the pointer to the next element before deleting the current one.
The problem may also exist in dev_mc_unsync().

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:43 -07:00
vignesh babu c3609d510f [NET]: is_power_of_2 in net/core/neighbour.c
Replacing n & (n - 1) for power of 2 check by is_power_of_2(n)

Signed-off-by: vignesh babu <vignesh.babu@wipro.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:37 -07:00
David S. Miller 26722873a4 [TCP]: Describe tcp_init_cwnd() thoroughly in a comment.
People often get tripped up by this function and think that
it does not implemented the prescribed algorithms from
RFC2414 and RFC3390, even though it does.

So add a comment to head off such misunderstandings in the
future.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:36 -07:00
Flavio Leitner a96fb49be3 [NET]: Fix IP_ADD/DROP_MEMBERSHIP to handle only connectionless
Fix IP[V6]_ADD_MEMBERSHIP and IP[V6]_DROP_MEMBERSHIP to
return -EPROTO for connection oriented sockets.

Signed-off-by: Flavio Leitner <fleitner@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:35 -07:00
Nick Bowler 96fe1c0237 [IPSEC] AH4: Update IPv4 options handling to conform to RFC 4302.
In testing our ESP/AH offload hardware, I discovered an issue with how
AH handles mutable fields in IPv4.  RFC 4302 (AH) states the following
on the subject:

        For IPv4, the entire option is viewed as a unit; so even
        though the type and length fields within most options are immutable
        in transit, if an option is classified as mutable, the entire option
        is zeroed for ICV computation purposes.

The current implementation does not zero the type and length fields,
resulting in authentication failures when communicating with hosts
that do (i.e. FreeBSD).

I have tested record route and timestamp options (ping -R and ping -T)
on a small network involving Windows XP, FreeBSD 6.2, and Linux hosts,
with one router.  In the presence of these options, the FreeBSD and
Linux hosts (with the patch or with the hardware) can communicate.
The Windows XP host simply fails to accept these packets with or
without the patch.

I have also been trying to test source routing options (using
traceroute -g), but haven't had much luck getting this option to work
*without* AH, let alone with.

Signed-off-by: Nick Bowler <nbowler@ellipticsemi.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-26 18:35:33 -07:00
Linus Torvalds 0542170dec Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  9p: fix bad error path in conversion routines
  9p: remove deprecated v9fs_fid_lookup_remove()
  9p: update maintainers and documentation
  9p: fix use after free
2007-08-23 21:38:21 -07:00
Mariusz Kozlowski 02881d9478 9p: fix bad error path in conversion routines
When buf_check_overflow() returns != 0 we will hit kfree(ERR_PTR(err))
and it will not be happy about it.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2007-08-23 10:25:05 -05:00
Eric Van Hensbergen 1a3cac6c6d 9p: fix use after free
On 7/22/07, Adrian Bunk <bunk@stusta.de> wrote:
     The Coverity checker spotted the following use-after-free
     in net/9p/mux.c:

     <--  snip  -->

     ...
     struct p9_conn *p9_conn_create(struct p9_transport *trans, int msize,
                                         unsigned char *extended)
     {
     ...
             if (!m->tagpool) {
                     kfree(m);
                     return ERR_PTR(PTR_ERR(m->tagpool));
             }
     ...

     <--  snip  -->

Also spotted was a leak of the same structure further down in the function.

Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2007-08-23 10:12:48 -05:00
Andy Whitcroft 22117ea4fe [IRDA] irda_nl_get_mode: always results in failure
It seems an extraneous trailing ';' has slipped in to the error handling for a
name registration failure causing the error path to trigger unconditionally.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-21 21:23:39 -07:00
Jesper Juhl 2c20d72aaa [IRDA]: Avoid a label defined but not used warning in irda_init()
Easily avoidable compiler warnings bug me.

Building irmod without CONFIG_SYSCTL currently results in :
 net/irda/irmod.c:132: warning: label 'out_err_2' defined but not used

But that can easily be avoided by simply moving the label inside
the existing "#ifdef CONFIG_SYSCTL" one line above it.

This patch moves the label and buys us one less warning with no
ill effects.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-21 20:59:30 -07:00
Wei Yongjun 8984e41d18 [IPV6]: Fix kernel panic while send SCTP data with IP fragments
If ICMP6 message with "Packet Too Big" is received after send SCTP DATA,
kernel panic will occur when SCTP DATA is send again.

This is because of a bad dest address when call to skb_copy_bits().

The messages sequence is like this:

Endpoint A                             Endpoint B
                               <-------  SCTP DATA (size=1432)
ICMP6 message ------->
(Packet Too Big pmtu=1280)
                               <-------  Resend SCTP DATA (size=1432)
------------kernel panic---------------

 printing eip:
c05be62a
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: scomm l2cap bluetooth ipv6 dm_mirror dm_mod video output sbs battery lp floppy sg i2c_piix4 i2c_core pcnet32 mii button ac parport_pc parport ide_cd cdrom serio_raw mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    0
EIP:    0060:[<c05be62a>]    Not tainted VLI
EFLAGS: 00010282   (2.6.23-rc2 #1)
EIP is at skb_copy_bits+0x4f/0x1ef
eax: 000004d0   ebx: ce12a980   ecx: 00000134   edx: cfd5a880
esi: c8246858   edi: 00000000   ebp: c0759b14   esp: c0759adc
ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
Process swapper (pid: 0, ti=c0759000 task=c06d0340 task.ti=c0713000)
Stack: c0759b88 c0405867 ce12a980 c8bff838 c789c084 00000000 00000028 cfd5a880
       d09f1890 000005dc 0000007b ce12a980 cfd5a880 c8bff838 c0759b88 d09bc521
       000004d0 fffff96c 00000200 00000100 c0759b50 cfd5a880 00000246 c0759bd4
Call Trace:
 [<c0405e1d>] show_trace_log_lvl+0x1a/0x2f
 [<c0405ecd>] show_stack_log_lvl+0x9b/0xa3
 [<c040608d>] show_registers+0x1b8/0x289
 [<c0406271>] die+0x113/0x246
 [<c0625dbc>] do_page_fault+0x4ad/0x57e
 [<c0624642>] error_code+0x72/0x78
 [<d09bc521>] ip6_output+0x8e5/0xab2 [ipv6]
 [<d09bcec1>] ip6_xmit+0x2ea/0x3a3 [ipv6]
 [<d0a3f2ca>] sctp_v6_xmit+0x248/0x253 [sctp]
 [<d0a3c934>] sctp_packet_transmit+0x53f/0x5ae [sctp]
 [<d0a34bf8>] sctp_outq_flush+0x555/0x587 [sctp]
 [<d0a34d3c>] sctp_retransmit+0xf8/0x10f [sctp]
 [<d0a3d183>] sctp_icmp_frag_needed+0x57/0x5b [sctp]
 [<d0a3ece2>] sctp_v6_err+0xcd/0x148 [sctp]
 [<d09cf1ce>] icmpv6_notify+0xe6/0x167 [ipv6]
 [<d09d009a>] icmpv6_rcv+0x7d7/0x849 [ipv6]
 [<d09be240>] ip6_input+0x1dc/0x310 [ipv6]
 [<d09be965>] ipv6_rcv+0x294/0x2df [ipv6]
 [<c05c3789>] netif_receive_skb+0x2d2/0x335
 [<c05c5733>] process_backlog+0x7f/0xd0
 [<c05c58f6>] net_rx_action+0x96/0x17e
 [<c042e722>] __do_softirq+0x64/0xcd
 [<c0406f37>] do_softirq+0x5c/0xac
 =======================
Code: 00 00 29 ca 89 d0 2b 45 e0 89 55 ec 85 c0 7e 35 39 45 08 8b 55 e4 0f 4e 45 08 8b 75 e0 8b 7d dc 89 c1 c1 e9 02 03 b2 a0 00 00 00 <f3> a5 89 c1 83 e1 03 74 02 f3 a4 29 45 08 0f 84 7b 01 00 00 01
EIP: [<c05be62a>] skb_copy_bits+0x4f/0x1ef SS:ESP 0068:c0759adc
Kernel panic - not syncing: Fatal exception in interrupt

Arnaldo says:
====================
Thanks! I'm to blame for this one, problem was introduced in:

b0e380b1d8

@@ -761,7 +762,7 @@ slow_path:
                /*
                 *      Copy a block of the IP datagram.
                 */
-               if (skb_copy_bits(skb, ptr, frag->h.raw, len))
+               if (skb_copy_bits(skb, ptr, skb_transport_header(skb),
len))
                        BUG();
                left -= len;
====================

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-21 20:59:08 -07:00
Herbert Xu d92a7db710 [SNAP]: Check packet length before reading
The snap_rcv code reads 5 bytes so we should make sure that
we have 5 bytes in the head before proceeding.

Based on diagnosis and fix by Evgeniy Polyakov, reported by
Alan J. Wylie.

Patch also kills the skb->sk assignment before kfree_skb
since it's redundant.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-21 20:58:13 -07:00
Gerrit Renker 39dad26c37 [DCCP]: Allocation in atomic context
This fixes the following bug reported in syslog:

[ 4039.051658] BUG: sleeping function called from invalid context at /usr/src/davem-2.6/mm/slab.c:3032
[ 4039.051668] in_atomic():1, irqs_disabled():0
[ 4039.051670] INFO: lockdep is turned off.
[ 4039.051674]  [<c0104c0f>] show_trace_log_lvl+0x1a/0x30
[ 4039.051687]  [<c0104d4d>] show_trace+0x12/0x14
[ 4039.051691]  [<c0104d65>] dump_stack+0x16/0x18
[ 4039.051695]  [<c011371e>] __might_sleep+0xaf/0xbe
[ 4039.051700]  [<c0157b66>] __kmalloc+0xb1/0xd0
[ 4039.051706]  [<f090416f>] ccid2_hc_tx_alloc_seq+0x35/0xc3 [dccp_ccid2]
[ 4039.051717]  [<f09048d6>] ccid2_hc_tx_packet_sent+0x27f/0x2d9 [dccp_ccid2]
[ 4039.051723]  [<f085486b>] dccp_write_xmit+0x1eb/0x338 [dccp]
[ 4039.051741]  [<f085603d>] dccp_sendmsg+0x113/0x18f [dccp]
[ 4039.051750]  [<c03907fc>] inet_sendmsg+0x2e/0x4c
[ 4039.051758]  [<c033a47d>] sock_aio_write+0xd5/0x107
[ 4039.051766]  [<c015abc1>] do_sync_write+0xcd/0x11c
[ 4039.051772]  [<c015b296>] vfs_write+0x118/0x11f
[ 4039.051840]  [<c015b932>] sys_write+0x3d/0x64
[ 4039.051845]  [<c0103e7c>] syscall_call+0x7/0xb
[ 4039.051848]  =======================

The problem was that GFP_KERNEL was used; fixed by using gfp_any().

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-21 20:58:06 -07:00
Al Viro 35b426c329 missing return in bridge sysfs code
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-19 10:32:31 -07:00
Ilpo Järvinen 660adc6e60 [IPv6]: Invalid semicolon after if statement
A similar fix to netfilter from Eric Dumazet inspired me to
look around a bit by using some grep/sed stuff as looking for
this kind of bugs seemed easy to automate. This is one of them
I found where it looks like this semicolon is not valid.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-15 15:07:30 -07:00
Herbert Xu 3b18552550 [NET]: Fix unbalanced rcu_read_unlock in __sock_create
The recent RCU work created an unbalanced rcu_read_unlock
in __sock_create.  This patch fixes that.  Reported by
oleg 123.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-15 14:46:02 -07:00
David S. Miller cd8d60f28f Merge branch 'fixes-davem' of master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6 2007-08-14 18:32:20 -07:00
Adrian Bunk 16f3051b16 [VLAN] net/8021q/vlanproc.c: fix check-after-use
The Coverity checker spotted that we'd have already oops'ed if
"vlandev" was NULL.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 17:39:43 -07:00
Adrian Bunk 6f93b9c283 [NET]: Unexport dev_ethtool
This patch removes the no longer used EXPORT_SYMBOL(dev_ethtool).

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 17:38:44 -07:00
Alexey Dobriyan 9c29a377f9 [ECONET]: remove econet_packet_type on unload
Steps to reproduce:

	modprobe econet
	rmmod econet
	modprobe econet

Unable to handle kernel paging request at ffffffff8870a098 RIP: 
 [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90
PGD 203067 PUD 207063 PMD 7817f067 PTE 0
Oops: 0002 [1] PREEMPT SMP 
CPU 1 
Modules linked in: econet [maaaany]
Pid: 10671, comm: modprobe Not tainted 2.6.23-rc3-bloat #6
RIP: 0010:[<ffffffff8040bfb8>]  [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90
RSP: 0000:ffff810076293df8  EFLAGS: 00010202
RAX: ffffffff88659090 RBX: ffffffff88659060 RCX: ffffffff8870a090
RDX: 0000000000000080 RSI: ffffffff805ec660 RDI: ffff810078ce4680
RBP: ffff810076293e08 R08: 0000000000000002 R09: 0000000000000000
R10: ffffffff8040bf88 R11: 0000000000000001 R12: ffff810076293e18
R13: 000000000000001b R14: ffff810076dd06b0 R15: ffffffff886590c0
FS:  00002b96a525dae0(0000) GS:ffff81007e0e2138(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffff8870a098 CR3: 000000007bb67000 CR4: 00000000000026e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 10671, threadinfo ffff810076292000, task ffff810078ce4680)
Stack:  ffff810076dd06b0 0000000000000000 ffff810076293e38 ffffffff8865b180
 0000000000800000 0000000000000000 ffffffff886590c0 ffff810076dd01c8
 ffff810076293f78 ffffffff8026723c ffff810076293e48 ffffffff886590d8
Call Trace:
 [<ffffffff8865b180>] :econet:econet_proto_init+0x180/0x1da
 [<ffffffff8026723c>] sys_init_module+0x15c/0x19e0
 [<ffffffff8020c13e>] system_call+0x7e/0x83


Code: 48 89 41 08 48 89 82 e0 c5 5e 80 48 c7 c7 a0 08 5d 80 e8 f1 
RIP  [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90
 RSP <ffff810076293df8>
CR2: ffffffff8870a098

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 17:25:20 -07:00
Alexey Dobriyan 9ac0be9d4f [AX25]: don't free pointers to statically allocated data
commit 8d5cf596d1 started to add statically
allocated ax25_protocol's to list. However kfree() was still in place waiting
for unsuspecting ones on module removal.

Steps to reproduce:

	modprobe netrom
	rmmod netrom

P.S.: code would benefit greatly from list_add/list_del usage

kernel BUG at mm/slab.c:592!
invalid opcode: 0000 [1] PREEMPT SMP 
CPU 0 
Modules linked in: netrom ax25 af_packet usbcore rtc_cmos rtc_core rtc_lib
Pid: 4477, comm: rmmod Not tainted 2.6.23-rc3-bloat #2
RIP: 0010:[<ffffffff802ac646>]  [<ffffffff802ac646>] kfree+0x1c6/0x260
RSP: 0000:ffff810079a05e48  EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81000000c000
RDX: ffff81007e552458 RSI: 0000000000000000 RDI: 000000000000805d
RBP: ffff810079a05e88 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8805d080
R13: ffffffff8805d080 R14: 0000000000000000 R15: 0000000000000282
FS:  00002b73fc98aae0(0000) GS:ffffffff805dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 000000000053f3b8 CR3: 0000000079ff2000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process rmmod (pid: 4477, threadinfo ffff810079a04000, task ffff8100775aa480)
Stack:  ffff810079a05e68 0000000000000246 ffffffff8804eca0 0000000000000000
 ffffffff8805d080 00000000000000cf 0000000000000000 0000000000000880
 ffff810079a05eb8 ffffffff8803ec90 ffff810079a05eb8 0000000000000000
Call Trace:
 [<ffffffff8803ec90>] :ax25:ax25_protocol_release+0xa0/0xb0
 [<ffffffff88056ecb>] :netrom:nr_exit+0x6b/0xf0
 [<ffffffff80268bf0>] sys_delete_module+0x170/0x1f0
 [<ffffffff8025da35>] trace_hardirqs_on+0xd5/0x170
 [<ffffffff804835aa>] trace_hardirqs_on_thunk+0x35/0x37
 [<ffffffff8020c13e>] system_call+0x7e/0x83


Code: 0f 0b eb fe 66 66 90 66 66 90 48 8b 52 10 48 8b 02 25 00 40 
RIP  [<ffffffff802ac646>] kfree+0x1c6/0x260
 RSP <ffff810079a05e48>
Kernel panic - not syncing: Fatal exception

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 17:24:05 -07:00
John W. Linville b9bf1e60a2 [PATCH] mac80211: probe for hidden SSIDs in pre-auth scan
Probe for hidden SSIDs if initiating pre-authentication scan and SSID
is set for STA interface.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-14 16:48:23 -04:00
Johannes Berg 7b7ed87925 [PATCH] mac80211: fix tx status frame code
When I added the monitor for outgoing frames somehow a break
statement slipped in. Remove it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-14 16:48:23 -04:00
Jussi Kivilinna 02f44315dc [BRIDGE]: Fix typo in net/bridge/br_stp_if.c
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Acked-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:22:58 -07:00
Stephen Hemminger 17120889b0 [BRIDGE]: sysfs locking fix.
The stp change code generates "sleeping function called from invalid
context" because rtnl_lock() called with BH disabled. This fixes it by
not acquiring then dropping the bridge lock.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:21:34 -07:00
Patrick McHardy 45241a7a07 [NETFILTER]: nf_nat_sip: don't drop short packets
Don't drop packets shorter than "SIP/2.0", just ignore them. Keep-alives
can validly be shorter for example.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:14:58 -07:00
Patrick McHardy aa584eda5d [NETFILTER]: nf_conntrack_sip: fix SIP-URI parsing
The userinfo component of a SIP-URI is optional, continue parsing at the
beginning of the SIP-URI in case its not found.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:14:35 -07:00
Patrick McHardy 465f90a486 [NETFILTER]: nf_conntrack_sip: check sname != NULL before calling strncmp
The check got lost during the conversion to nf_conntrack.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:13:54 -07:00
Eric Dumazet 35019539d7 [NETFILTER]: netfilter: xt_u32 bug correction
An extraneous ";" makes xt_u32 match useless

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-14 13:13:28 -07:00
Heiko Carstens cae7ca3d3d [IPVS]: Use IP_VS_WAIT_WHILE when encessary.
For architectures that don't have a volatile atomic_ts constructs like
while (atomic_read(&something)); might result in endless loops since a
barrier() is missing which forces the compiler to generate code that
actually reads memory contents.
Fix this in ipvs by using the IP_VS_WAIT_WHILE macro which resolves to
while (expr) { cpu_relax(); }
(why isn't this open coded btw?)

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:15 -07:00
Herbert Xu 7f353bf29e [NET]: Share correct feature code between bridging and bonding
http://bugzilla.kernel.org/show_bug.cgi?id=8797 shows that the
bonding driver may produce bogus combinations of the checksum
flags and SG/TSO.

For example, if you bond devices with NETIF_F_HW_CSUM and
NETIF_F_IP_CSUM you'll end up with a bonding device that
has neither flag set.  If both have TSO then this produces
an illegal combination.

The bridge device on the other hand has the correct code to
deal with this.

In fact, the same code can be used for both.  So this patch
moves that logic into net/core/dev.c and uses it for both
bonding and bridging.

In the process I've made small adjustments such as only
setting GSO_ROBUST if at least one constituent device
supports it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:14 -07:00
Jesper Juhl e576de82ee [DCCP]: fix memory leak and clean up style - dccp_feat_empty_confirm()
There's a memory leak in net/dccp/feat.c::dccp_feat_empty_confirm().  If we
hit the 'default:' case of the 'switch' statement, then we return without
freeing 'opt', thus leaking 'struct dccp_opt_pend' bytes.

The leak is fixed easily enough by adding a kfree(opt); before the return
statement.

The patch also changes the layout of the 'switch' to be more in line with
CodingStyle.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:10 -07:00
Oleg Nesterov d725fdc802 [DCCP]: fix theoretical ccids_{read,write}_lock() race
Make sure that spin_unlock_wait() is properly ordered wrt atomic_inc().

(akpm: can't we convert this code to use rwlocks?)

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:09 -07:00
Jesper Juhl b5890d8ba4 [XFRM]: Clean up duplicate includes in net/xfrm/
This patch cleans up duplicate includes in
	net/xfrm/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:08 -07:00
Jesper Juhl 897c77cab0 [TIPC]: Clean up duplicate includes in net/tipc/
This patch cleans up duplicate includes in
	net/tipc/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:07 -07:00
Jesper Juhl 08dd2e2946 [SUNRPC]: Clean up duplicate includes in net/sunrpc/
This patch cleans up duplicate includes in
	net/sunrpc/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:05 -07:00
Jesper Juhl 0a26f4cdc2 [PKT_SCHED]: Clean up duplicate includes in net/sched/
This patch cleans up duplicate includes in
	net/sched/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:04 -07:00
Jesper Juhl 703310e645 [IPV6]: Clean up duplicate includes in net/ipv6/
This patch cleans up duplicate includes in
	net/ipv6/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:03 -07:00
Jesper Juhl f49f9967b2 [IPV4]: Clean up duplicate includes in net/ipv4/
This patch cleans up duplicate includes in
	net/ipv4/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:02 -07:00
Jesper Juhl 6869a35b36 [ATM]: Clean up duplicate includes in net/atm/
This patch cleans up duplicate includes in
	net/atm/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:52:01 -07:00
Joakim Tjernlund dcbdc93c6c [IPCONFIG]: ip_auto_config fix
The following commandline:

 root=/dev/mtdblock6 rw rootfstype=jffs2 ip=192.168.1.10:::255.255.255.0:localhost.localdomain:eth1:off console=ttyS0,115200

makes ip_auto_config fall back to DHCP and complain "IP-Config: Incomplete
network configuration information." depending on if CONFIG_IP_PNP_DHCP is
set or not.

The only way I can make ip_auto_config accept my IP config is to add an
entry for the server IP:

ip=192.168.1.10:192.168.1.15::255.255.255.0:localhost.localdomain:eth1:off

I think this is a bug since I am not using a NFS root FS.

The following patch fixes the above problem.

From: Andrew Morton <akpm@linux-foundation.org>

Davem said (in February!):

  Well, first of all the change in question is not in 2.4.x either.  I just
  checked the current 2.4.x GIT tree and the test is exactly:

	if (ic_myaddr == INADDR_NONE ||
#ifdef CONFIG_ROOT_NFS
	    (MAJOR(ROOT_DEV) == UNNAMED_MAJOR
	     && root_server_addr == INADDR_NONE
	     && ic_servaddr == INADDR_NONE) ||
#endif
	    ic_first_dev->next) {

  which matches 2.6.x

  I even checked 2.4.x when it was branched for 2.5.x and the test was the
  same at the point in time too.

  Looking at the proposed change a bit it appears that it is probably
  correct, as it's trying to check that ROOT_DEV is nfs root.  But if it is
  correct then the UNNAMED_MAJOR comparison in the same code block should be
  removed as it becomes superfluous.

  I'm happy to apply this patch with that modification made.

Signed-off-by: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-13 22:51:59 -07:00
Linus Torvalds 8b80fc02b8 Merge git://git.linux-nfs.org/pub/linux/nfs-2.6
* git://git.linux-nfs.org/pub/linux/nfs-2.6:
  SUNRPC: Replace flush_workqueue() with cancel_work_sync() and friends
  NFS: Replace flush_scheduled_work with cancel_work_sync() and friends
  SUNRPC: Don't call gss_delete_sec_context() from an rcu context
  NFSv4: Don't call put_rpccred() from an rcu callback
  NFS: Fix NFSv4 open stateid regressions
  NFSv4: Fix a locking regression in nfs4_set_mode_locked()
  NFS: Fix put_nfs_open_context
  SUNRPC: Fix a race in rpciod_down()
2007-08-09 08:38:14 -07:00
Linus Torvalds 660ca5317d Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [TCP]: H-TCP maxRTT estimation at startup
  [NETFILTER]: nf_nat: add symbolic dependency on IPv4 conntrack
  [NETFILTER]: ctnetlink: return EEXIST instead of EINVAL for existing nat'ed conntracks
  [NETFILTER]: ipt_recent: avoid a possible NULL pointer deref in recent_seq_open()
  [NET] net/core/utils: fix sparse warning
  [NetLabel]: add missing rcu_dereference() calls in the LSM domain mapping hash table
  [PATCH] mac80211: don't allow scanning in monitor mode
  [PATCH] mac80211: Fix sparse error for sta_last_seq_ctrl_read
  [PATCH] mac80211: use do { } while (0) for multi-line macros
  [PATCH] mac80211: missing dev_put in ieee80211_master_start_xmit
2007-08-09 08:31:03 -07:00
Stephen Hemminger f34d1955df [TCP]: H-TCP maxRTT estimation at startup
Small patch to H-TCP from Douglas Leith. 

Fix estimation of maxRTT.  The original code ignores rtt measurements
during slow start (via the check tp->snd_ssthresh < 0xFFFF) yet this
is probably a good time to try to estimate max rtt as delayed acking
is disabled and slow start will only exit on a loss which presumably
corresponds to a maxrtt measurement.  Second, the original code (via
the check htcp_ccount(ca) > 3) ignores rtt data during what it
estimates to be the first 3 round-trip times.  This seems like an
unnecessary check now that the RCV timestamp are no longer used
for rtt estimation.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 18:29:05 -07:00
Patrick McHardy 591e620693 [NETFILTER]: nf_nat: add symbolic dependency on IPv4 conntrack
Loading nf_nat causes the conntrack core to be loaded, but we need IPv4 as
well.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 18:12:01 -07:00
Pablo Neira Ayuso ff4ca8273e [NETFILTER]: ctnetlink: return EEXIST instead of EINVAL for existing nat'ed conntracks
ctnetlink must return EEXIST for existing nat'ed conntracks instead of
EINVAL. Only return EINVAL if we try to update a conntrack with NAT
handlings (that is not allowed).

Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat
TEST: create conntrack (0)(Success)
Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat
TEST: create conntrack (-1)(Invalid argument)

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 18:11:26 -07:00
Jesper Juhl 3af8e31cf5 [NETFILTER]: ipt_recent: avoid a possible NULL pointer deref in recent_seq_open()
If the call to seq_open() returns != 0 then the code calls 
kfree(st) but then on the very next line proceeds to 
dereference the pointer - not good.

Problem spotted by the Coverity checker.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 18:10:54 -07:00
David S. Miller 864c5a4d37 Merge branch 'fixes-davem' of master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6 2007-08-07 18:07:35 -07:00
Johannes Berg 14ae856645 [NET] net/core/utils: fix sparse warning
net_msg_warn is not defined because it is in net/sock.h which isn't
included.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 18:02:43 -07:00
Paul Moore 3482fd9099 [NetLabel]: add missing rcu_dereference() calls in the LSM domain mapping hash table
The LSM domain mapping head table pointer was not being referenced via the RCU
safe dereferencing function, rcu_dereference().  This patch adds those missing
calls to the NetLabel code.

This has been tested using recent linux-2.6 git kernels with no visible
regressions.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-07 17:53:10 -07:00
Trond Myklebust 4011cd9788 SUNRPC: Replace flush_workqueue() with cancel_work_sync() and friends
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-08-07 16:13:01 -04:00
Trond Myklebust a4deb81ba8 SUNRPC: Don't call gss_delete_sec_context() from an rcu context
Doing so may not be safe...

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-08-07 15:16:24 -04:00
Trond Myklebust b247bbf1da SUNRPC: Fix a race in rpciod_down()
The commit 4ada539ed7 lead to the unpleasant
possibility of an asynchronous rpc_task being required to call
rpciod_down() when it is complete. This again means that the rpciod
workqueue may get to call destroy_workqueue on itself -> hang...

Change rpciod_up/rpciod_down to just get/put the module, and then
create/destroy the workqueues on module load/unload.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2007-08-07 15:13:16 -04:00
Daniel Drake f27b62d3e7 [PATCH] mac80211: don't allow scanning in monitor mode
zd1211rw gets confused when the user asks for a scan when the device is
in monitor mode. This patch tightens up the SIWSCAN handler to deny the scan
under these conditions.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-06 15:39:15 -04:00
Zhu Yi ba9b07d08b [PATCH] mac80211: Fix sparse error for sta_last_seq_ctrl_read
Fix sparse error for sta_last_seq_ctrl_read.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-06 15:39:01 -04:00
Zhu Yi 21887b2f18 [PATCH] mac80211: use do { } while (0) for multi-line macros
Use do { } while (0) for multi-line macros

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-06 15:38:48 -04:00
Daniel Drake 0e7088de6c [PATCH] mac80211: missing dev_put in ieee80211_master_start_xmit
Fixes an unlikely reference leak condition.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: Jiri Benc <jbenc@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-06 15:37:56 -04:00
Michael Buesch fdc8f43b5e [PATCH] softmac: Fix deadlock of wx_set_essid with assoc work
The essid wireless extension does deadlock against the assoc mutex,
as we don't unlock the assoc mutex when flushing the workqueue, which
also holds the lock.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-08-06 15:06:03 -04:00
Ilpo Järvinen 49ff4bb4cd [TCP]: DSACK signals data receival, be conservative
In case a DSACK is received, it's better to lower cwnd as it's
a sign of data receival.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:47:59 -07:00
Ilpo Järvinen 2e6052941a [TCP]: Also handle snd_una changes in tcp_cwnd_down
tcp_cwnd_down must check for it too as it should be conservative
in case of collapse stuff and also when receiver is trying to
lie (though that wouldn't be very successful/useful anyway).

Note:
- Separated also is_dupack and do_lost in fast_retransalert
	* Much cleaner look-and-feel now
	* This time it really fixes cumulative ACK with many new
	  SACK blocks recovery entry (I claimed this fixes with
	  last patch but it wasn't). TCP will now call
	  tcp_update_scoreboard regardless of is_dupack when
	  in recovery as long as there is enough fackets_out.
- Introduce FLAG_SND_UNA_ADVANCED
	* Some prior_snd_una arguments are unnecessary after it
- Added helper FLAG_ANY_PROGRESS to avoid long FLAG...|FLAG...
  constructs

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:46:58 -07:00
David S. Miller 3a97aeb5c1 Merge davem@master.kernel.org:/pub/scm/linux/kernel/git/vxy/lksctp-dev 2007-08-02 19:44:43 -07:00
Florian Westphal d788d8056f [TIPC]: Fix two minor sparse warnings.
fix two warnings generated by sparse:

link.c:2386 symbol 'msgcount' shadows an earlier one
node.c:244 symbol 'addr_string' shadows an earlier one

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:31 -07:00
Florian Westphal 248bbf3821 [TIPC]: Make function tipc_nameseq_subscribe static.
make needlessly global function tipc_nameseq_subscribe static.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:30 -07:00
Joy Latten 4a4b6271a8 [PF_KEY]: Fix ipsec not working in 2.6.23-rc1-git10
Although an ipsec SA was established, kernel couldn't seem to find it.

I think since we are now using "x->sel.family" instead of "family" in
the xfrm_selector_match() called in xfrm_state_find(), af_key needs to
set this field too, just as xfrm_user.

In af_key.c, x->sel.family only gets set when there's an
ext_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel.

I think pfkey needs to also set the x->sel.family field when it is 0.

Tested with below patch, and ipsec worked when using pfkey.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:29 -07:00
David S. Miller 3516ffb0fe [TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg().
As discovered by Evegniy Polyakov, if we try to sendmsg after
a connection reset, we can do incredibly stupid things.

The core issue is that inet_sendmsg() tries to autobind the
socket, but we should never do that for TCP.  Instead we should
just go straight into TCP's sendmsg() code which will do all
of the necessary state and pending socket error checks.

TCP's sendpage already directly vectors to tcp_sendpage(), so this
merely brings sendmsg() in line with that.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:28 -07:00
Mariusz Kozlowski 1bcabbdb0b [IPV4] route.c: mostly kmalloc + memset conversion to k[cz]alloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:27 -07:00
Mariusz Kozlowski 4487b2f657 [IPV4] raw.c: kmalloc + memset conversion to kzalloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:26 -07:00
Mariusz Kozlowski 8adc546552 [NETFILTER] nf_conntrack_l3proto_ipv4_compat.c: kmalloc + memset conversion to kzalloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:24 -07:00
Mariusz Kozlowski 9f0d1a004d [NETFILTER] nf_conntrack_expect.c: kmalloc + memset conversion to kzalloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:23 -07:00
Michal Piotrowski 2f0812350e [NET]: Removal of duplicated include net/wanrouter/wanmain.c
Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-02 19:42:22 -07:00
Paul Moore e6e0871cce Net/Security: fix memory leaks from security_secid_to_secctx()
The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening.  This
patch fixes two of these problems (all that I could find in the kernel source
at present).

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2007-08-02 11:52:26 -04:00
Wei Yongjun 5f8f1c3c87 SCTP: remove useless code in function sctp_init_cause
Some code in function sctp_init_cause() seem useless, this patch remove
them.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-02 10:56:07 -04:00
Wei Yongjun aecedeab6f SCTP: drop SACK if ctsn is not less than the next tsn of assoc
We need to drop the SACK if the peer is attempting to acknowledge
unset data, i.e.  the CTSN in the SACK is greater or equal to the
next TSN we will send.

Example:
Endpoint A                                      Endpoint B
                             <---------------   DATA (TSN=1)
SACK(TSN=1) ---------------> 
                             <---------------   DATA (TSN=2)
                             <---------------   DATA (TSN=3)
                             <---------------   DATA (TSN=4)
                             <---------------   DATA (TSN=5)
SACK(TSN=1000) --------------->
                             <---------------   DATA (TSN=6)
                             <---------------   DATA (TSN=7)

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-02 10:41:18 -04:00
Vlad Yasevich e4d1feab5d SCTP: IPv4 mapped addr not returned in SCTPv6 accept()
When issuing a connect call on an AF_INET6 sctp socket with
a IPv4-mapped destination, the peer address that is returned
by getpeeraddr() should be v4-mapped as well.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
Dave Johnson b225b884a1 SCTP: IPv4 mapped addr not returned in SCTPv6 accept()
An accept() call on a SCTPv6 socket that returns due to connection of
a IPv4 mapped peer will fill out the 'struct sockaddr' with a zero
IPv6 address instead of the IPv4 mapped address of the peer.

This is due to the v4mapped flag not getting copied into the new
socket on accept() as well as a missing check for INET6 socket type in
sctp_v4_to_sk_*addr().

Signed-off-by: Dave Johnson <djohnson@sw.starentnetworks.com>
Cc: Srinivas Akkipeddi <sakkiped@starentnetworks.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
Sebastian Siewior cc121fa87a sctp: fix shadow symbol in net/sctp/tsnmap.c
net/sctp/tsnmap.c:164:16: warning: symbol '_end' shadows an earlier one
include/asm-generic/sections.h:13:13: originally declared here

Renamed renamed _end to end_ and _start (for consistence).

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
Sebastian Siewior d6f9fdaf64 sctp: try to fix readlock
unlock the reader lock in error case.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
sebastian@breakpoint.cc c86dabcf00 sctp: remove shadowed symbols
Fixes the following sparse warnings:
net/sctp/sm_make_chunk.c:1457:9: warning: symbol 'len' shadows an earlier one
net/sctp/sm_make_chunk.c:1356:23: originally declared here
net/sctp/socket.c:1534:22: warning: symbol 'chunk' shadows an earlier one
net/sctp/socket.c:1387:20: originally declared here

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
sebastian@breakpoint.cc 0a5fcb9cf8 sctp: move global declaration to header file.
sctp_chunk_cachep & sctp_bucket_cachep is used module global, so move it
to a header file.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:06 -04:00
sebastian@breakpoint.cc 046752104c sctp: make locally used function static
Forward declarion is static, the function itself is not. Make it
consistent.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01 11:19:05 -04:00
Linus Torvalds 0d6caa1795 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (41 commits)
  [RTNETLINK]: Fix warning for !CONFIG_KMOD
  [IPV4] ip_options.c: kmalloc + memset conversion to kzalloc
  [DECNET]: kmalloc + memset conversion to kzalloc
  [NET]: ethtool_perm_addr only has one implementation
  [NET]: ethtool ops are the only way
  [PPPOE]: Improve hashing function in hash_item().
  [XFRM]: State selection update to use inner addresses.
  [IPSEC]: Ensure that state inner family is set
  [TCP]: Bidir flow must not disregard SACK blocks for lost marking
  [TCP]: Fix ratehalving with bidirectional flows
  [PPPOL2TP]: Add CONFIG_INET Kconfig dependency.
  [NET]: Page offsets and lengths need to be __u32.
  [AF_UNIX]: Make code static.
  [NETFILTER]: Make nf_ct_ipv6_skip_exthdr() static.
  [PKTGEN]: make get_ipsec_sa() static and non-inline
  [PPPoE]: move lock_sock() in pppoe_sendmsg() to the right location
  [PPPoX/E]: return ENOTTY on unknown ioctl requests
  [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses.
  [NET]: Fix prio_tune() handling of root qdisc.
  [NET]: Fix sch_api to properly set sch->parent on the root.
  ...
2007-07-31 15:51:00 -07:00
Mariusz Kozlowski bbe06f6bf7 fs: 9p/conv.c error path fix
When buf_check_overflow() returns != 0 we will hit kfree(ERR_PTR(err)) and
it will not be happy about it.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@ericvh.myip.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-31 15:39:42 -07:00
Thomas Graf 8072f085d7 [RTNETLINK]: Fix warning for !CONFIG_KMOD
replay label is unused otherwise.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 14:13:50 -07:00
Mariusz Kozlowski 376407039c [IPV4] ip_options.c: kmalloc + memset conversion to kzalloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 14:06:45 -07:00
Mariusz Kozlowski f87966541e [DECNET]: kmalloc + memset conversion to kzalloc
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 14:05:56 -07:00
Matthew Wilcox 313674afa8 [NET]: ethtool_perm_addr only has one implementation
All drivers implement ethtool get_perm_addr the same way -- by calling
the generic function.  So we can inline the generic function into the
caller and avoid going through the drivers.

Signed-off-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 14:00:29 -07:00
Matthew Wilcox 61a44b9c4b [NET]: ethtool ops are the only way
During the transition to the ethtool_ops way of doing things, we supported
calling the device's ->do_ioctl method to allow unconverted drivers to
continue working.  Those days are long behind us, all in-tree drivers
use the ethtool_ops way, and so we no longer need to support this.

The bonding driver is the biggest beneficiary of this; it no longer
needs to call ioctl() as a fallback if ethtool_ops aren't supported.

Also put a proper copyright statement on ethtool.c.

Signed-off-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 14:00:02 -07:00
Joakim Koskela 48b8d78315 [XFRM]: State selection update to use inner addresses.
This patch modifies the xfrm state selection logic to use the inner
addresses where the outer have been (incorrectly) used. This is
required for beet mode in general and interfamily setups in both
tunnel and beet mode.

Signed-off-by: Joakim Koskela <jookos@gmail.com>
Signed-off-by: Herbert Xu     <herbert@gondor.apana.org.au>
Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu     <miika@iki.fi>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:33 -07:00
Herbert Xu 196b003620 [IPSEC]: Ensure that state inner family is set
Similar to the issue we had with template families which
specified the inner families of policies, we need to set
the inner families of states as the main xfrm user Openswan
leaves it as zero.

af_key is unaffected because the inner family is set by it
and not the KM.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:32 -07:00
Ilpo Järvinen b8ed601cef [TCP]: Bidir flow must not disregard SACK blocks for lost marking
It's possible that new SACK blocks that should trigger new LOST
markings arrive with new data (which previously made is_dupack
false). In addition, I think this fixes a case where we get
a cumulative ACK with enough SACK blocks to trigger the fast
recovery (is_dupack would be false there too).

I'm not completely pleased with this solution because readability
of the code is somewhat questionable as 'is_dupack' in SACK case
is no longer about dupacks only but would mean something like
'lost_marker_work_todo' too... But because of Eifel stuff done
in CA_Recovery, the FLAG_DATA_SACKED check cannot be placed to
the if statement which seems attractive solution. Nevertheless,
I didn't like adding another variable just for that either... :-)

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:31 -07:00
Ilpo Järvinen 1e757f9996 [TCP]: Fix ratehalving with bidirectional flows
Actually, the ratehalving seems to work too well, as cwnd is
reduced on every second ACK even though the packets in flight
remains unchanged. Recoveries in a bidirectional flows suffer
quite badly because of this, both NewReno and SACK are affected.

After this patch, rate halving is performed for ACK only if
packets in flight was supposedly changed too.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:30 -07:00
Adrian Bunk 131116989b [AF_UNIX]: Make code static.
The following code can now become static:
- struct unix_socket_table
- unix_table_lock

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:27 -07:00
Adrian Bunk 1a3a206f7f [NETFILTER]: Make nf_ct_ipv6_skip_exthdr() static.
nf_ct_ipv6_skip_exthdr() can now become static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:26 -07:00
Adrian Bunk fea1ab0fcf [PKTGEN]: make get_ipsec_sa() static and non-inline
Non-static inline code usually doesn't makes sense.

In this case making is static and non-inline is the correct solution.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:25 -07:00
Dave Johnson c61a7d10ef [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses.
ipv6_addr_type() doesn't check for 'Unique Local IPv6 Unicast
Addresses' (RFC4193) and returns IPV6_ADDR_RESERVED for that range.

SCTP uses this function and will fail bind() and connect() calls that
use RFC4193 addresses, SCTP will also ignore inbound connections from
RFC4193 addresses if listening on IPV6_ADDR_ANY.

There may be other users of ipv6_addr_type() that could also have
problems.

Signed-off-by: Dave Johnson <djohnson@sw.starentnetworks.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:21 -07:00
Peter P Waskiewicz Jr 0773192b0f [NET]: Fix prio_tune() handling of root qdisc.
Fix the check in prio_tune() to see if sch->parent is TC_H_ROOT instead of
sch->handle to load or reject the qdisc for multiqueue devices.

Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:20 -07:00
Patrick McHardy ffc8fefaf2 [NET]: Fix sch_api to properly set sch->parent on the root.
Fix sch_api to correctly set sch->parent for both ingress and egress
qdiscs in qdisc_create().

Signed-off-by: Patrick McHardy <trash@kaber.net>
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:19 -07:00
Patrick McHardy bdba91ec70 [NET_SCHED]: Fix prio/ingress classification logic error
Fix handling of empty or completely non-matching filter chains. In
that case -1 is returned and tcf_result is uninitialized, the
qdisc should fall back to default classification in that case.

Noticed by PJ Waskiewicz <peter.p.waskiewicz.jr@intel.com>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:18 -07:00
Herbert Xu b217d616a1 [IPV4/IPV6]: Fail registration if inet device construction fails
Now that netdev notifications can fail, we can use this to signal
errors during registration for IPv4/IPv6.  In particular, if we
fail to allocate memory for the inet device, we can fail the netdev
registration.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:16 -07:00
Herbert Xu fcc5a03ac4 [NET]: Allow netdev REGISTER/CHANGENAME events to fail
This patch adds code to allow errors to be passed up from event
handlers of NETDEV_REGISTER and NETDEV_CHANGENAME.  It also adds
the notifier_from_errno/notifier_to_errnor helpers to pass the
errno value up to the notifier caller.

If an error is detected when a device is registered, it causes
that operation to fail.  A NETDEV_UNREGISTER will be sent to
all event handlers.

Similarly if NETDEV_CHANGENAME fails the original name is restored
and a new NETDEV_CHANGENAME event is sent.

As such all event handlers must be idempotent with respect to
these events.

When an event handler is registered NETDEV_REGISTER events are
sent for all devices currently registered.  Should any of them
fail, we will send NETDEV_GOING_DOWN/NETDEV_DOWN/NETDEV_UNREGISTER
events to that handler for the devices which have already been
registered with it.  The handler registration itself will fail.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:15 -07:00
Herbert Xu 7f988eab57 [NET]: Take dev_base_lock when moving device name hash list entry
When we added name-based hashing the dev_base_lock was designated as the
lock to take when changing the name hash list.  Unfortunately, because
it was a preexisting lock that just happened to be taken in the right
spots we neglected to take it in dev_change_name.

The race can affect calles of __dev_get_by_name that do so without taking
the RTNL.  They may end up walking down the wrong hash chain and end up
missing the device that they're looking for.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:13 -07:00
Herbert Xu 7ce1b0edcb [NET]: Call uninit if necessary in register_netdevice
This patch makes register_netdevice call dev->uninit if the regsitration
fails after dev->init has completed successfully.  Very few drivers use
the init/uninit calls but at least one (drivers/net/wan/sealevel.c) may
leak without this change.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:12 -07:00
Herbert Xu ccc7911fbd [IPVS]: Use skb_forward_csum
As a path that forwards packets, IPVS should be using
skb_forward_csum instead of directly setting ip_summed
to CHECKSUM_NONE.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:11 -07:00
David S. Miller 25a8b2545b [PKTGEN]: Add missing KERN_* tags to printk()s.
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:10 -07:00
Al Viro d83852822c [BLUETOOTH] l2cap: don't mangle cmd.len
Since nobody uses it after we convert it to host-endian,
no need to do that at all.  At that point l2cap is endian-clean.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:09 -07:00
Al Viro 88219a0f65 [BLUETOOTH]: pass (host-endian) cmd length as explicit argument to l2cap_conf_req()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:08 -07:00
Al Viro 8e036fc314 [BLUETOOTH] l2cap: endianness annotations
no code changes, just documenting existing types

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:07 -07:00
Al Viro 6dc0c2082b [BLUETOOTH]: Fix endianness bug in l2cap_sock_listen()
We loop through psm values, calling __l2cap_get_sock_by_addr(psm, ...)
until we get NULL; then we set ->psm of our socket to htobs(psm).
IOW, we find unused psm value and put it into our socket.  So far, so
good, but...  __l2cap_get_sock_by_addr() compares its argument with
->psm of sockets.  IOW, the entire thing works correctly only on
little-endian.  On big-endian we'll get "no socket with such psm"
on the first iteration, since we won't find a socket with ->psm == 0x1001.
We will happily conclude that 0x1001 is unused and slap htobs(0x1001)
(i.e. 0x110) into ->psm of our socket.  Of course, the next time around
the same thing will repeat and we'll just get a fsckload of sockets
with the same ->psm assigned.

Fix: pass htobs(psm) to __l2cap_get_sock_by_addr() there.  All other
callers are already passing little-endian values and all places that
store something in ->psm are storing little-endian.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:06 -07:00
Marcel Holtmann 09c7d8293a [IRDA]: Fix rfcomm use-after-free
Adrian Bunk wrote:
> Commit 8de0a15483 added the following
> use-after-free in net/bluetooth/rfcomm/tty.c:
>
> <--  snip  -->
>
> ...
> static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
> {
> ...
>         if (IS_ERR(dev->tty_dev)) {
>                 list_del(&dev->list);
>                 kfree(dev);
>                 return PTR_ERR(dev->tty_dev);
>         }
> ...
>
> <--  snip  -->
>
> Spotted by the Coverity checker.

really good catch. I fully overlooked that one. The attached patch
should fix it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:05 -07:00
Simon Arlott 566cfd8f0e [IPV6]: Don't update ADVMSS on routes where the MTU is not also updated
The ADVMSS value was incorrectly updated for ALL routes when the MTU
is updated because it's outside the effect of the if statement's
condition.

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:04 -07:00
Florian Westphal 9457106575 [TIPC]: fix tipc_link_create error handling
if printbuf allocation or tipc_node_attach_link() fails, invalid
references to the link are left in the associated node and bearer
structures.
Fix by allocating printbuf early and moving timer initialization
and the addition of the new link to the b_ptr->links list after
tipc_node_attach_link() succeeded.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:02 -07:00
Randy Dunlap 0ed72ec4af [NET]: kernel-doc fixes
Fix kernel-doc omissions in net/:

Warning(linux-2.6.23-rc1//net/core/dev.c:2728): No description found for parameter 'addr'
Warning(linux-2.6.23-rc1//net/core/dev.c:2752): No description found for parameter 'addr'
Warning(linux-2.6.23-rc1//net/core/dev.c:3839): No description found for parameter 'net_dma'
Warning(linux-2.6.23-rc1//net/core/dev.c:3877): No description found for parameter 'state'

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:28:00 -07:00
Stephen Hemminger 113bbbd8d2 [TCP]: htcp - use measured rtt
Change HTCP to use measured RTT rather than smooth RTT.
Srtt is computed using the TCP receive timestamp
options, so it is vulnerable to hostile receivers. To avoid any problems
this might cause use the measured RTT instead.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:27:59 -07:00
Stephen Hemminger e7d0c88586 [TCP]: cubic - eliminate use of receive time stamp
Remove use of received timestamp option value from RTT calculation in Cubic.
A hostile receiver may be returning a larger timestamp option than the original
value. This would cause the sender to believe the malevolent receiver had
a larger RTT and because Cubic tries to provide some RTT friendliness, the
sender would then favor the liar.

Instead, use the jiffie resolutionRTT value already computed and
passed back after ack.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:27:58 -07:00
Stephen Hemminger 30cfd0baf0 [TCP]: congestion control API pass RTT in microseconds
This patch changes the API for the callback that is done after an ACK is
received. It solves a couple of issues:

  * Some congestion controls want higher resolution value of RTT
    (controlled by TCP_CONG_RTT_SAMPLE flag). These don't really want a ktime, but
    all compute a RTT in microseconds.

  * Other congestion control could use RTT at jiffies resolution.

To keep API consistent the units should be the same for both cases, just the
resolution should change.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31 02:27:57 -07:00
Heiko Carstens 3bb447fc8b [S390] Convert to smp_call_function_single.
smp_call_function_single now has the same semantics as s390's
smp_call_function_on. Therefore convert to the *single variant
and get rid of some architecture specific code.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-07-27 12:29:17 +02:00
Al Viro 582ee43dad net/* misc endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-26 11:11:56 -07:00
Al Viro 704eae1f32 ip6_tunnel - endianness annotations
Convert rel_info to host-endian before calling ip6_tnl_err().
The things become much more straightforward that way.
The key observation (and the reason why that code actually
worked) is that after ip6_tnl_err() we either immediately
bailed out or had rel_info set to 0 or had it set to host-endian
and guaranteed to hit
(rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED)
case.  So inconsistent endianness didn't really lead to bugs,
but it had been subtle and prone to breakage.  New variant is
saner and obviously safe.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-26 11:11:56 -07:00
Al Viro a34c45896a netfilter endian regressions
no real bugs, just misannotations cropping up

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-26 11:11:56 -07:00
john stultz 2c6b47de17 Cleanup non-arch xtime uses, use get_seconds() or current_kernel_time().
This avoids use of the kernel-internal "xtime" variable directly outside
of the actual time-related functions.  Instead, use the helper functions
that we already have available to us.

This doesn't actually change any behaviour, but this will allow us to
fix the fact that "xtime" isn't updated very often with CONFIG_NO_HZ
(because much of the realtime information is maintained as separate
offsets to 'xtime'), which has caused interfaces that use xtime directly
to get a time that is out of sync with the real-time clock by up to a
third of a second or so.

Signed-off-by: John Stultz <johnstul@us.ibm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-25 10:09:20 -07:00
Andrew Morton 3f5f4346b6 [8021Q]: vlan_ioctl_handler: fix return value
net/8021q/vlan.c: In function 'vlan_ioctl_handler':
net/8021q/vlan.c:700: warning: 'err' may be used uninitialized in this function

The warning is incorrect, but from my reading this ioctl will return -EINVAL
on success.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-24 15:37:11 -07:00
Thomas Graf 79d310d01e [GENETLINK]: Correctly report errors while registering a multicast group
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-24 15:34:53 -07:00
Thomas Graf 2c04ddb707 [GENETLINK]: Fix adjustment of number of multicast groups
The current calculation of the maximum number of genetlink
multicast groups seems odd, fix it.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-24 15:33:51 -07:00
Thomas Graf 79dc4386ae [GENETLINK]: Fix race in genl_unregister_mc_groups()
family->mcast_groups is protected by genl_lock so it must
be held while accessing the list in genl_unregister_mc_groups().
Requires adding a non-locking variant of genl_unregister_mc_group().

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-24 15:32:46 -07:00