Commit Graph

26866 Commits

Author SHA1 Message Date
Stephen Hemminger 6d4b0f617d sky2: version 1.3
Update version number, to track changes.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:28 -07:00
Stephen Hemminger ed6d32c7a9 Add more support for the Yukon Ultra chip found in dual core centino laptops.
The newest Yukon Ultra chipset's require more special tweaks.
They seem to be like the Yukon XL chipsets. This code is transliterated
from the latest SysKonnect driver; I don't have any Ultra hardware.

Signed-off-by: Stephe Hemminger <shemminger@osdl.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:27 -07:00
Stephen Hemminger 72cb852920 sky2: synchronize irq on remove
Need to make sure interrupt is not racing with unregister of
network device.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:27 -07:00
Stephen Hemminger e71ebd7327 sky2: dont write status ring
It is more efficient not to write the status ring from the
processor and just read the active portion.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:27 -07:00
Stephen Hemminger 01bd75645f sky2: edge triggered workaround enhancement
Need to make the edge-triggered workaround timer faster to get marginally
better peformance. The test_and_set_bit in schedule_prep() acts as a barrier
already. Make it a module parameter so that laptops who are concerned
about power can set it to 0; and user's stuck with broken BIOS's
can turn the driver into pure polling.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:27 -07:00
Stephen Hemminger cb5d954730 sky2: use mask instead of modulo operation
Gcc isn't smart enough to know that it can do a modulo
operation with power of 2 constant by doing a mask.
So add macro to do it for us.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:27 -07:00
Stephen Hemminger f55925d7eb sky2: tx ring index mask fix
Mask for transmit ring status was picking up bits from the
unused sync ring.  They were always zero, so far...
Also, make sure to remind self not to make tx ring too big.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:25 -07:00
Stephen Hemminger 1e5f1283a2 sky2: status irq hang fix
The status interrupt flag should be cleared before processing,
not afterwards to avoid race. Need to process in poll routine
even if no new interrupt status. This is a normal occurrence when
more than 64 frames (NAPI weight) are processed in one poll routine.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:24 -07:00
Stephen Hemminger d324031245 sky2: backout NAPI reschedule
This is a backout of earlier patch.

The whole rescheduling hack was a bad idea. It doesn't really solve
the problem and it makes the code more complicated for no good reason.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-08 16:00:23 -07:00
David S. Miller 1f8aa2f66b [SPARC64]: Update defconfig.
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-08 15:13:14 -07:00
Linus Torvalds 601e7f024e Revert "kbuild: fix modpost segfault for 64bit mipsel kernel"
This reverts commit c8d8b837eb, which
caused problems for the x86 build. Quoth Sam:

  "It was discussed on mips list but apparently the fix was bogus.  I
   will not have time to look into it so mips can carry this local fix
   until we get a proper fix in mainline."

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 13:38:42 -07:00
Russell King f9d8f063fe [ARM] Update mach-types
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-08 20:31:11 +01:00
Russell King 5eb204eb1f [ARM] Update versatile_defconfig
Update versatile default configuration, enabling the AACI sound driver,
VFP and Versatile AB support.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-08 20:30:24 +01:00
Andi Kleen 6810b548b2 [PATCH] x86_64: Move ondemand timer into own work queue
Taking the cpu hotplug semaphore in a normal events workqueue
is unsafe because other tasks can wait for any workqueues with
it hold. This results in a deadlock.

Move the DBS timer into its own work queue which is not
affected by other work queue flushes to avoid this.

Has been acked by Venkatesh.

Cc: venkatesh.pallipadi@intel.com
Cc: cpufreq@lists.linux.org.uk
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Andi Kleen ac71d12c99 [PATCH] x86_64: Avoid EBDA area in early boot allocator
Based on analysis&patch from Robert Hentosch

Observed on a Dell PE6850 with 16GB

The problem occurs very early on, when the kernel allocates space for the
temporary memory map called bootmap. The bootmap overlaps the EBDA region.
EBDA region is not historically reserved in the e820 mapping. When the
bootmap is freed it marks the EBDA region as usable.

If you notice in setup.c there is already code to work around the EBDA
in reserve_ebda_region(), this check however occurs after the bootmap
is allocated and doesn't prevent the bootmap from using this range.

AK: I redid the original patch. Thanks also to Jan Beulich for
spotting some mistakes.

Cc: Robert_Hentosch@dell.com
Cc: jbeulich@novell.com
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Corey Minyard 8b1ffe9550 [PATCH] x86_64: add nmi_exit to die_nmi
Playing with NMI watchdog on x86_64, I discovered that it didn't
do what I expected.  It always panic-ed, even when it didn't
happen from interrupt context.  This patch solves that
problem for me.  Also, in this case, do_exit() will be called
with interrupts disabled, I believe.  Would it be wise to also
call local_irq_enable() after nmi_exit()?
[Yes I added it -AK]

Currently, on x86_64, any NMI watchdog timeout will cause a panic
because the irq count will always be set to be in an interrupt
when do_exit() is called from die_nmi().  If we add nmi_exit() to
the die_nmi() call (since the nmi will never exit "normally")
it seems to solve this problem.  The following small program
can be used to trigger the NMI watchdog to reproduce this:
  main ()
  {
        iopl(3);
        for (;;) asm("cli");
  }

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Corey Minyard cdc60a4c8e [PATCH] x86_64: fix die_lock nesting
I noticed this when poking around in this area.

The oops_begin() function in x86_64 would only conditionally claim
the die_lock if the call is nested, but oops_end() would always
release the spinlock. This patch adds a nest count for the die lock
so that the release of the lock is only done on the final oops_end().

Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Andi Kleen 5192d84e4c [PATCH] x86_64: Check for too many northbridges in IOMMU code
The IOMMU code can only deal with 8 northbridges. Error out when
more are found.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Kimball Murray e0c1e9bf81 [PATCH] x86_64: avoid IRQ0 ioapic pin collision
The patch addresses a problem with ACPI SCI interrupt entry, which gets
re-used, and the IRQ is assigned to another unrelated device.  The patch
corrects the code such that SCI IRQ is skipped and duplicate entry is
avoided.  Second issue came up with VIA chipset, the problem was caused by
original patch assigning IRQs starting 16 and up.  The VIA chipset uses
4-bit IRQ register for internal interrupt routing, and therefore cannot
handle IRQ numbers assigned to its devices.  The patch corrects this
problem by allowing PCI IRQs below 16.

Cc: len.brown@intel.com

Signed-off by: Natalie Protasevich <Natalie.Protasevich@unisys.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Linus Torvalds abfd305718 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] remove asm-ia64/bitops.h self-inclusion
  [IA64] strcpy returns NULL pointer and not destination pointer
2006-05-08 09:28:35 -07:00
Linus Torvalds 96b8eaa14a Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IRDA] irda-usb: use NULL instead of 0
  [IPV4]: Remove likely in ip_rcv_finish()
  [NET]: Create netdev attribute_groups with class_device_add
  [CLASS DEVICE]: add attribute_group creation
2006-05-08 09:11:10 -07:00
Linus Torvalds bed7a56033 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild:
  kbuild: Do not overwrite makefile as anohter user
  kbuild: drivers/video/logo/ - fix ident glitch
  kbuild: fix gen_initramfs_list.sh
  kbuild modpost - relax driver data name
  kbuild: removing .tmp_versions considered harmful
  kbuild: fix modpost segfault for 64bit mipsel kernel
2006-05-08 09:10:44 -07:00
Trond Myklebust 75dff55af9 [PATCH] fs/locks.c: Fix lease_init
It is insane to be giving lease_init() the task of freeing the lock it is
supposed to initialise, given that the lock is not guaranteed to be
allocated on the stack. This causes lockups in fcntl_setlease().
Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com>

Also fix a slab leak in __setlease() due to an uninitialised return value.
Problem diagnosed by Björn Steinbrink.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Daniel Hokka Zakrisson <daniel@hozac.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 08:07:17 -07:00
Nathan Scott e63a369001 [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing an
AG freelist.

SGI-PV: 952681
SGI-Modid: xfs-linux-melb:xfs-kern:25902a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:58 +10:00
Nathan Scott b1ecdda931 [XFS] Fix a project quota space accounting leak on rename.
SGI-PV: 951636
SGI-Modid: xfs-linux-melb:xfs-kern:25811a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:42 +10:00
Nathan Scott d08d389d5a [XFS] Fix a possible forced shutdown due to mishandling write barriers
with remount,ro.

SGI-PV: 951944
SGI-Modid: xfs-linux-melb:xfs-kern:25742a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:28 +10:00
Martin Habets 4cfbd7eb24 [SPARC]: show device name in /proc/dvma_map
This patch will set the device name in a resource, which will be shown
in /proc/dvma_map.

Signed-off-by: Martin Habets <errandir_news@mph.eclipse.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-07 23:43:19 -07:00
Martin Habets bb3426ad66 [SPARC]: Remove duplicate symbol exports
This patch resolves the following build warnings seen in 2.6.17-rc3:
WARNING: vmlinux: 'sys_close' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'memchr' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strstr' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strnlen' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strrchr' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strchr' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strcmp' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strncat' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strcat' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strncpy' exported twice. Previous export was in vmlinux
WARNING: vmlinux: 'strcpy' exported twice. Previous export was in vmlinux

Signed-off-by: Martin Habets <errandir_news@mph.eclipse.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-07 23:04:06 -07:00
Jan Beulich fd5f0cd6b0 kbuild: Do not overwrite makefile as anohter user
Change the conditional of the outputmakefile rule to be evaluated entirely
in make, and add a conditional to not touch the generated makefile when e.g.
running 'make install' as root while the build was done as non-root. Also
adjust the comment describing this, and move the message printing and
redirection to mkmakefile.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
2006-05-08 06:55:32 +02:00
Linus Torvalds 9d21f09ca0 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3507/1: Replace map_desc.physical with map_desc.pfn: aaed2000
  [ARM] 3506/1: aaec2000: debug-macro.S needs hardware.h
  [ARM] 3505/1: aaec2000: entry-macro.S needs asm/arch/irqs.h
  [ARM] 3504/1: Fix clcd includes for aaec2000
  [ARM] 3503/1: Fix map_desc structure for aaec2000
  [ARM] 3501/1: i.MX: fix lowlevel debug macros
  [ARM] rtc-sa1100: fix compiler warnings and error cleanup
  [ARM] Allow SA1100 RTC alarm to be configured for wakeup
2006-05-07 17:32:57 -07:00
Bellido Nicolas 74fae122eb [ARM] 3507/1: Replace map_desc.physical with map_desc.pfn: aaed2000
Patch from Bellido Nicolas

aaed2000 map_desc.pfn conversion

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:24 +01:00
Bellido Nicolas 9a708becaf [ARM] 3506/1: aaec2000: debug-macro.S needs hardware.h
Patch from Bellido Nicolas

Include hardware.h in debug-macro.S, otherwise io_p2v is undefined.

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:23 +01:00
Bellido Nicolas 201be92a42 [ARM] 3505/1: aaec2000: entry-macro.S needs asm/arch/irqs.h
Patch from Bellido Nicolas

Since git commit 2b78838842, entry-macro.S needs to include asm/arch/irqs.h

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:22 +01:00
Bellido Nicolas 8a33b224ec [ARM] 3504/1: Fix clcd includes for aaec2000
Patch from Bellido Nicolas

Since this patch:
 [ARM] 3366/1: Allow the 16bpp mode configuration in the CLCD control register

linux/amba/bus.h needs to be included before linux/amba/clcd.h

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:21 +01:00
Bellido Nicolas 16b6dd4419 [ARM] 3503/1: Fix map_desc structure for aaec2000
Patch from Bellido Nicolas

Patch:
 [ARM] 2982/1: Replace map_desc.physical with map_desc.pfn: aaec2000
incorrectly expanded the struct map_desc for aaec2000.

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:21 +01:00
Sascha Hauer 216251cff9 [ARM] 3501/1: i.MX: fix lowlevel debug macros
Patch from Sascha Hauer

This patch fixes the addruart macro to work with both mmu enabled and
disabled.

Signed-off-by: Sascha Hauer <s.hauer@pengutonix.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 18:56:27 +01:00
Linus Torvalds f5b40e363a Fix ptrace_attach()/ptrace_traceme()/de_thread() race
This holds the task lock (and, for ptrace_attach, the tasklist_lock)
over the actual attach event, which closes a race between attacking to a
thread that is either doing a PTRACE_TRACEME or getting de-threaded.

Thanks to Oleg Nesterov for reminding me about this, and Chris Wright
for noticing a lost return value in my first version.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-07 10:49:33 -07:00
Randy Dunlap 0eb1bd210d [IRDA] irda-usb: use NULL instead of 0
Use NULL instead of 0 for a null pointer value (sparse warning):

drivers/net/irda/irda-usb.c:1781:30: warning: Using plain integer as NULL pointer

Also, correct timeout argument to use milliseconds instead of jiffies.

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 18:34:10 -07:00
Hua Zhong 0182bd2b1e [IPV4]: Remove likely in ip_rcv_finish()
This is another result from my likely profiling tool
(dwalker@mvista.com just sent the patch of the profiling tool to
linux-kernel mailing list, which is similar to what I use).

On my system (not very busy, normal development machine within a
VMWare workstation), I see a 6/5 miss/hit ratio for this "likely".

Signed-off-by: Hua Zhong <hzhong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 18:11:39 -07:00
Stephen Hemminger fe9925b551 [NET]: Create netdev attribute_groups with class_device_add
Atomically create attributes when class device is added. This avoids
the race between registering class_device (which generates hotplug
event), and the creation of attribute groups.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 17:56:03 -07:00
Stephen Hemminger 1498221d51 [CLASS DEVICE]: add attribute_group creation
Extend the support of attribute groups in class_device's to allow
groups to be created as part of the registration process. This allows
network device's to avoid race between registration and creating
groups.

Note that unlike attributes that are a property of the class object,
the groups are a property of the class_device object. This is done
because there are different types of network devices (wireless for
example).

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 17:55:11 -07:00
Russell King f12267011d [ARM] rtc-sa1100: fix compiler warnings and error cleanup
Fix:
drivers/rtc/rtc-sa1100.c: In function `sa1100_rtc_proc':
drivers/rtc/rtc-sa1100.c:298: warning: unsigned int format, long unsigned int arg (arg 3)

and arrange for sa1100_rtc_open() to pass the devid to free_irq()
rather than NULL.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-06 11:29:21 +01:00
Russell King 19ca5d27e1 [ARM] Allow SA1100 RTC alarm to be configured for wakeup
The SA1100 RTC alarm can be configured to wake up the CPU
from sleep mode, and the RTC driver has been using the
API to configure this mode.  Unfortunately, the code was
which sets the required bit in the hardware was missing.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-06 11:26:30 +01:00
John Heffner 5528e568a7 [TCP]: Fix snd_cwnd adjustments in tcp_highspeed.c
Xiaoliang (David) Wei wrote:
> Hi gurus,
> 
>    I am reading the code of tcp_highspeed.c in the kernel and have a
> question on the hstcp_cong_avoid function, specifically the following
> AI part (line 136~143 in net/ipv4/tcp_highspeed.c ):
> 
>                /* Do additive increase */
>                if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
>                        tp->snd_cwnd_cnt += ca->ai;
>                        if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
>                                tp->snd_cwnd++;
>                                tp->snd_cwnd_cnt -= tp->snd_cwnd;
>                        }
>                }
> 
>    In this part, when (tp->snd_cwnd_cnt == tp->snd_cwnd),
> snd_cwnd_cnt will be -1... snd_cwnd_cnt is defined as u16, will this
> small chance of getting -1 becomes a problem?
> Shall we change it by reversing the order of the cwnd++ and cwnd_cnt -= 
> cwnd?

Absolutely correct.  Thanks.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:41:44 -07:00
Ralf Baechle f530937b2c [NETROM/ROSE]: Kill module init version kernel log messages.
There are out of date and don't tell the user anything useful.
The similar messages which IPV4 and the core networking used
to output were killed a long time ago.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:19:26 -07:00
Herbert Xu 134af34632 [DCCP]: Fix sock_orphan dead lock
Calling sock_orphan inside bh_lock_sock in dccp_close can lead to dead
locks.  For example, the inet_diag code holds sk_callback_lock without
disabling BH.  If an inbound packet arrives during that admittedly tiny
window, it will cause a dead lock on bh_lock_sock.  Another possible
path would be through sock_wfree if the network device driver frees the
tx skb in process context with BH enabled.

We can fix this by moving sock_orphan out of bh_lock_sock.

The tricky bit is to work out when we need to destroy the socket
ourselves and when it has already been destroyed by someone else.

By moving sock_orphan before the release_sock we can solve this
problem.  This is because as long as we own the socket lock its
state cannot change.

So we simply record the socket state before the release_sock
and then check the state again after we regain the socket lock.
If the socket state has transitioned to DCCP_CLOSED in the time being,
we know that the socket has been destroyed.  Otherwise the socket is
still ours to keep.

This problem was discoverd by Ingo Molnar using his lock validator.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:09:13 -07:00
Stephen Hemminger 1c29fc4989 [BRIDGE]: keep track of received multicast packets
It makes sense to add this simple statistic to keep track of received
multicast packets.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:07:13 -07:00
Sridhar Samudrala 35d63edb1c [SCTP]: Fix state table entries for chunks received in CLOSED state.
Discard an unexpected chunk in CLOSED state rather can calling BUG().

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:05:23 -07:00
Sridhar Samudrala 62b08083ec [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
Use pskb_pull() to handle incoming COOKIE_ECHO and HEARTBEAT chunks that
are received as skb's with fragment list.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:04:43 -07:00
Vladislav Yasevich 672e7cca17 [SCTP]: Prevent possible infinite recursion with multiple bundled DATA.
There is a rare situation that causes lksctp to go into infinite recursion
and crash the system.  The trigger is a packet that contains at least the
first two DATA fragments of a message bundled together. The recursion is
triggered when the user data buffer is smaller that the full data message.
The problem is that we clone the skb for every fragment in the message.
When reassembling the full message, we try to link skbs from the "first
fragment" clone using the frag_list. However, since the frag_list is shared
between two clones in this rare situation, we end up setting the frag_list
pointer of the second fragment to point to itself.  This causes
sctp_skb_pull() to potentially recurse indefinitely.

Proposed solution is to make a copy of the skb when attempting to link
things using frag_list.

Signed-off-by: Vladislav Yasevich <vladsilav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:03:49 -07:00