Commit Graph

33006 Commits

Author SHA1 Message Date
Alexey Kuznetsov 7228749092 [IPV4] ipmr: ip multicast route bug fix.
IP multicast route code was reusing an skb which causes use after free
and double free.

From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>

Note, it is real skb_clone(), not alloc_skb(). Equeued skb contains
the whole half-prepared netlink message plus room for the rest.
It could be also skb_copy(), if we want to be puristic about mangling
cloned data, but original copy is really not going to be used.  

Acked-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:45:12 -07:00
Michael Chan b6e77a5346 [TG3]: Update version and reldate
Update version to 3.63.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:39:12 -07:00
Michael Chan 32d8c5724b [TG3]: Handle tg3_init_rings() failures
Handle dev_alloc_skb() failures when initializing the RX rings.
Without proper handling, the driver will crash when using a partial
ring.

Thanks to Stephane Doyon <sdoyon@max-t.com> for reporting the bug and
providing the initial patch.

Howie Xu <howie@vmware.com> also reported the same issue.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:38:29 -07:00
Michael Chan b9ec6c1b91 [TG3]: Add tg3_restart_hw()
Add tg3_restart_hw() to handle failures when re-initializing the
device.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:37:27 -07:00
Michael Ellerman 30f30e1305 [POWERPC] Fix mem= handling when the memory limit is > RMO size
There's a bug in my cleaned up mem= handling, if the memory limit is
larger than the RMO size we'll erroneously enlarge the RMO size.

Fix is to only change the RMO size if the memory limit is less than
the current RMO value.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:28:24 +10:00
Benjamin Herrenschmidt 98c82472e9 [POWERPC] More offb/bootx fixes
There were still some issues with offb when BootX doesn't provide a
proper display node, this fixes them.  This also re-instates the
palette hacks that were disabled a couple of kernel versions ago when
I converted to the new OF parsing, and shuffles some functions around
to avoid prototypes.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:28:04 +10:00
Benjamin Herrenschmidt 45507ff3a2 [POWERPC] Fix legacy_serial.c error handling on 32 bits
The code in legacy_serial.c wouldn't properly compare OF translation
results against OF_BAD_ADDR as it's using a phys_addr_t which is 32
bits on some 32-bit powerpc platforms. This fixes it by always using
a u64 which is what is returned by the OF parsing routines. It also
makes translation failure harmless for ISA serial ports.  If they
can't translate, we can't use the UART early, but we can still let the
8250 driver use it later on by using IO port accessors.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:27:27 +10:00
Benjamin Herrenschmidt 171505dafe [POWERPC] Fix default clock for udbg_16550
This patch makes it possible to provide 0 as the clock value for
udbg_16550, making it default to the standard 1.8432Mhz clock

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:27:13 +10:00
Benjamin Herrenschmidt 8cffc6ac66 [POWERPC] Fix non-MPIC CHRPs with CONFIG_SMP set
Pseudo-CHRP machines like Pegasos without an MPIC would crash at boot if
CONFIG_SMP was set because the "smp_ops" pointer was set to MPIC related
ops unconditionally. This patch makes it NULL on machines that don't
support SMP and provides proper default behaviour in the callers when
smp_ops is NULL.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:27:04 +10:00
Benjamin Herrenschmidt 21bd2e6696 [POWERPC] Fix 32 bits warning in prom_init.c
A warning is hurting my eyes when building 32 bits kernels

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:26:43 +10:00
Benjamin Herrenschmidt f0ca330bc4 [POWERPC] Workaround Pegasos incorrect ISA "ranges"
The Pegasos firmware doesn't create a valid "ranges" property for the
ISA bridge, thus causing translation of ISA addresses and IO ports to
fail. This fixes it, thus re-enabling proper early serial console to
work on Pegasos.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:26:24 +10:00
Johannes Berg d1a8df9136 [POWERPC] fix up front-LED Kconfig
This patch fixes the front-LED Kconfig issues I introduced while
creating it. Apparently having a dependency isn't enough to have the
select not evaluated or something like that.

The patch also changes the default configuration for pmac32 select the
default for the LED to be the IDE trigger. While I was at it, I
completely updated the defconfig and also added snd-aoa to it.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-26 01:26:08 +10:00
Jens Axboe 44eb123126 [PATCH] cfq-iosched: don't use a hard jiffies value, translate from msecs
The CIC_SEEKY() test really wants to use the minimum of either:

- 2 msecs (not jiffies)

- or, the pending slice time

So code it like that.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-25 15:05:21 +02:00
Milton Miller ad01b1ca79 [PATCH] blktrace: fix read-ahead bit
It should be toggling the same bit on and off, fix it up.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-25 15:04:13 +02:00
Jens Axboe 7b30f09245 [PATCH] cciss: fix stall with softirq handling and CFQ
We need to postpone the queue startup until after the softirq
handler has actually finished some requests, otherwise we could
be racing with cciss_softirq_done() and not actually restart
the queue handling.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-25 15:02:48 +02:00
Guillaume Chazarain d569f1d72f [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags.
Signed-off-by: Guillaume Chazarain <guichaz@yahoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 23:45:16 -07:00
Guillaume Chazarain 6b7fdc3ae1 [IPV6]: Clean skb cb on IPv6 input.
Clear the accumulated junk in IP6CB when starting to handle an IPV6
packet.

Signed-off-by: Guillaume Chazarain <guichaz@yahoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 23:44:44 -07:00
Patrick McHardy d5af981e93 [NETFILTER]: Demote xt_sctp to EXPERIMENTAL
After the recent problems with all the SCTP stuff it seems reasonable
to mark this as experimental.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:55:29 -07:00
Patrick McHardy 10ea6ac895 [NETFILTER]: bridge netfilter: add deferred output hooks to feature-removal-schedule
Add bridge netfilter deferred output hooks to feature-removal-schedule
and disable them by default. Until their removal they will be
activated by the physdev match when needed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:54:55 -07:00
Phil Oester 28658c8967 [NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
Locally generated broadcast and multicast packets have pkttype set to
PACKET_LOOPBACK instead of PACKET_BROADCAST or PACKET_MULTICAST. This
causes the pkttype match to fail to match packets of either type.

The below patch remedies this by using the daddr as a hint as to
broadcast|multicast. While not pretty, this seems like the only way
to solve the problem short of just noting this as a limitation of the
match.

This resolves netfilter bugzilla #484

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:54:14 -07:00
Patrick McHardy 8cf8fb5687 [NETFILTER]: SNMP NAT: fix byteorder confusion
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:53:35 -07:00
Adrian Bunk 72b5582359 [NETFILTER]: conntrack: fix SYSCTL=n compile
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:53:12 -07:00
Patrick McHardy 3bc38712e3 [NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts
can happen when userspace is buggy. Reinject the packet in case of NF_STOP,
drop on unknown verdicts.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:52:47 -07:00
Patrick McHardy 083edca05a [NETFILTER]: H.323 helper: fix possible NULL-ptr dereference
An RCF message containing a timeout results in a NULL-ptr dereference if
no RRQ has been seen before.

Noticed by the "SATURN tool", reported by Thomas Dillig <tdillig@stanford.edu>
and Isil Dillig <isil@stanford.edu>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:52:10 -07:00
David S. Miller 6bc063d414 [SCSI] esp: Fix build.
The data_cmd[] member got deleted, so do not use it any more.  Scsi
commands do not have their ->cmd[] overwritten temporary to probe for
status after an error before retrying.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:47:14 -07:00
David S. Miller 29ed46015d [SPARC]: Fix SA_STATIC_ALLOC value.
It alises IRQF_SHARED which causes all kinds of
problems.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:34:00 -07:00
David S. Miller eb398d1044 [SPARC64]: Explicitly print return PC when the kernel fault PC is bogus.
That way we'll have at least some debugging info even if
the stack dump explodes.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 22:33:58 -07:00
Christoph Hellwig b4e54de8d3 [NET]: Correct dev_alloc_skb kerneldoc
dev_alloc_skb is designated for RX descriptors, not TX.  (Some drivers
use it for the latter anyway, but that's a different story)

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 15:31:14 -07:00
Christoph Hellwig 37182d1bd3 [NET]: Remove CONFIG_HAVE_ARCH_DEV_ALLOC_SKB
skbuff.h has an #ifndef CONFIG_HAVE_ARCH_DEV_ALLOC_SKB to allow
architectures to reimplement __dev_alloc_skb.  It's not set on any
architecture and now that we have an architecture-overrideable
NET_SKB_PAD there is not point at all to have one either.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 15:30:28 -07:00
Stefan Rompf 6c753c3d3b [VLAN]: Fix link state propagation
When the queue of the underlying device is stopped at initialization time
or the device is marked "not present", the state will be propagated to the
vlan device and never change. Based on an analysis by Patrick McHardy.

Signed-off-by: Stefan Rompf <stefan@loplof.de>
ACKed-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 13:52:13 -07:00
David S. Miller a922ba5510 [IPV6] xfrm6_tunnel: Delete debugging code.
It doesn't compile, and it's dubious in several regards:

1) is enabled by non-Kconfig controlled CONFIG_* value
   (noted by Randy Dunlap)
2) XFRM6_TUNNEL_SPI_MAGIC is defined after it's first use
3) the debugging messages print object pointer addresses
   which have no meaning without context

So let's just get rid of it.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 13:49:06 -07:00
Martin Michlmayr d8ca3d11c6 [ARM] 3731/1: Allow IRQ definitions of IQ80331 and IQ80332 to co-exist
Patch from Martin Michlmayr

ARCH_IQ80331 and MACH_IQ80332 can be enabled at the same time but a
header file makes certain IRQ definitions conditional, leading to
the following compilation error when both platforms are enabled:

arch/arm/mach-iop3xx/iq80332-pci.c: In function 'iq80332_map_irq':
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: 'IRQ_IQ80332_INTA' undeclared (first use in this function)
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: (Each undeclared identifier is reported only once
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: for each function it appears in.)
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: 'IRQ_IQ80332_INTB' undeclared (first use in this function)
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: 'IRQ_IQ80332_INTC' undeclared (first use in this function)
arch/arm/mach-iop3xx/iq80332-pci.c:54: error: 'IRQ_IQ80332_INTD' undeclared (first use in this function)

Signed-off-by: Martin Michlmayr <tbm@cyrius.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-07-24 21:30:01 +01:00
Marcel Holtmann e9e9290f5c [Bluetooth] Enable SCO support for Broadcom HID proxy dongle
The Broadcom dongles with HID proxy support actually support SCO over
HCI if the SCO buffer size values are corrected. So instead of disabling
the SCO support, mark this dongle with the quirk for the Bluetooth core
to correct the wrong buffer size values.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:34 -07:00
Marcel Holtmann 8e4f7230a3 [Bluetooth] Add quirk for another broken RTX Telecom based dongle
This patch disables the ISOC transfers for another broken RTX Telecom
based USB dongle. Starting the USB ISOC transfers only ends in a burst
of error messages for invalid SCO packets on connection handle 0.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:32 -07:00
Marcel Holtmann ea9727f6e5 [Bluetooth] Correct SCO buffer size for Belkin devices
The Belkin F8T012 and F8T013 devices are both based on a Bluetooth chip
from Broadcom and their SCO buffer size values are wrong. The Bluetooth
core should correct these values.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:30 -07:00
Marcel Holtmann 520ca78acc [Bluetooth] Correct SCO buffer size for another Broadcom chip
The SCO buffer size values on IBM/Lenovo ThinkPad laptops with a
Bluetooth chip from Broadcom are wrong. The USB Bluetooth driver
has to set a quirk to correct the SCO buffer size values.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:27 -07:00
Marcel Holtmann 98bcd08b5b [Bluetooth] Correct RFCOMM channel MTU for broken implementations
Some Bluetooth RFCOMM implementations try to negotiate a bigger channel
MTU than we can support for a particular session. The maximum MTU for
a RFCOMM session is limited through the L2CAP layer. So if the other
side proposes a channel MTU that is bigger than the underlying L2CAP
MTU, we should reduce it to the L2CAP MTU of the session minus five
bytes for the RFCOMM headers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:25 -07:00
Guillaume Chazarain 2266d8886f [PKT_SCHED]: Fix regression in PSCHED_TADD{,2}.
In PSCHED_TADD and PSCHED_TADD2, if delta is less than tv.tv_usec (so,
less than USEC_PER_SEC too) then tv_res will be smaller than tv. The
affectation "(tv_res).tv_usec = __delta;" is wrong.  The fix is to
revert to the original code before
4ee303dfea and change the 'if' in
'while'.

[Shuya MAEDA: "while (__delta >= USEC_PER_SEC){ ... }" instead of
"while (__delta > USEC_PER_SEC){ ... }"]

Signed-off-by: Guillaume Chazarain <guichaz@yahoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 12:44:23 -07:00
Ian McDonald 4b79f0af48 [DCCP]: Fix default sequence window size
When using the default sequence window size (100) I got the following in
my logs:

Jun 22 14:24:09 localhost kernel: [ 1492.114775] DCCP: Step 6 failed for
DATA packet, (LSWL(6279674225) <= P.seqno(6279674749) <=
S.SWH(6279674324)) and (P.ackno doesn't exist or LAWL(18798206530) <=
P.ackno(1125899906842620) <= S.AWH(18798206548), sending SYNC...
Jun 22 14:24:09 localhost kernel: [ 1492.115147] DCCP: Step 6 failed for
DATA packet, (LSWL(6279674225) <= P.seqno(6279674750) <=
S.SWH(6279674324)) and (P.ackno doesn't exist or LAWL(18798206530) <=
P.ackno(1125899906842620) <= S.AWH(18798206549), sending SYNC...

I went to alter the default sysctl and it didn't take for new sockets.
Below patch fixes this.

I think the default is too low but it is what the DCCP spec specifies.

As a side effect of this my rx speed using iperf goes from about 2.8 Mbits/sec
to 3.5. This is still far too slow but it is a step in the right direction.

Compile tested only for IPv6 but not particularly complex change.

Signed off by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-24 12:44:21 -07:00
Roland Dreier 8fdf679fdb IB/mthca: Initialize max_cmds before debug code prints it
Read the max_cmds value from the response to the QUERY_FW command
before printing out the value, so that the real value goes into the
debug output.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:36:50 -07:00
Michael S. Tsirkin 8a7f752125 IB/ipoib: Fix packet loss after hardware address update
The neighbour ha field may get updated without destroying the
neighbour.  In this case, the ha field gets out of sync with the
address handle stored in ipoib_neigh->ah, with the result that
the ah field would point to an incorrect path, resulting in all
packets being lost.

Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:07 -07:00
Or Gerlitz 624d01f899 IB/ipoib: Fix oops with ipoib_debug_mcast set
Need to set mcast->ah before debug code dereferences it.

Signed-off-by: Or Gerlitz <ogerlitz@voltaire.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:07 -07:00
Sean Hefty 2527e681fd IB/mad: Validate MADs for spec compliance
Validate MADs sent by userspace clients for spec compliance with
C13-18.1.1 (prevent duplicate requests and responses sent on the
same port).  Without this, RMPP transactions get aborted because
of duplicate packets.

This patch is similar to that provided by Jack Morgenstein.

Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:07 -07:00
Ralph Campbell 16c59419a0 IB/ipath: ipath_skip_sge() can break if num_sge > 1
ipath_skip_sge() doesn't exactly duplicate the side effects of
ipath_copy_sge() if num_sge > 1 since it doesn't decrement ss->num_sge.
This could result in the sg_list being accessed out of bounds.
Since ipath_skip_sge() is almost always called with num_sge == 1,
the original "optimization" is almost never used.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:07 -07:00
Ralph Campbell c9f79bdc21 IB/ipath: Fix ib_ipath driver to work with SRP
I am still working on a proposal to remove the phys_to_virt() calls
in the ib_ipath driver.  In the mean time, this patch allows SRP
to work by fixing the R_Key check and conversion from IB address
to kernel virtual address.  It also returns the correct page size
for FMRs.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:07 -07:00
Ralph Campbell 3d37b9e209 IB/ipath: Fix a data corruption
This patch fixes a problem where certain error packets are passed
to the InfiniBand layer for processing even though the packet
actually was received with an error.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 09:18:05 -07:00
Dotan Barak 1252c517cf IB/mthca: Fix SRQ limit event range check
Mem-free HCAs always keep one spare SRQ WQE, so the SRQ limit cannot
be set beyond srq->max - 1.

Signed-off-by: Dotan Barak <dotanb@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-24 07:20:32 -07:00
Jeff Garzik b71426eb10 Merge branch 'master' into upstream-fixes 2006-07-24 03:38:13 -04:00
Jeff Garzik 8419dc8a34 [libata] sata_promise: comment out duplicate PCI ID
This is just the for-RC fix.  A 'TODO' command is added, describing
what's needed for the more-complete fix.
2006-07-24 03:37:52 -04:00
Roland Dreier 43db2bc044 IB/uverbs: Fix lockdep warnings
Lockdep warns because uverbs is trying to take uobj->mutex when it
already holds that lock.  This is because there are really multiple
types of uobjs even though all of their locks are initialized in
common code.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-07-23 15:16:04 -07:00