summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-03-20audit: netlink socket can be auto-bound to pid other than current->pid (v2)Pavel Emelyanov
From: Pavel Emelyanov <xemul@openvz.org> This patch is based on the one from Thomas. The kauditd_thread() calls the netlink_unicast() and passes the audit_pid to it. The audit_pid, in turn, is received from the user space and the tool (I've checked the audit v1.6.9) uses getpid() to pass one in the kernel. Besides, this tool doesn't bind the netlink socket to this id, but simply creates it allowing the kernel to auto-bind one. That's the preamble. The problem is that netlink_autobind() _does_not_ guarantees that the socket will be auto-bound to the current pid. Instead it uses the current pid as a hint to start looking for a free id. So, in case of conflict, the audit messages can be sent to a wrong socket. This can happen (it's unlikely, but can be) in case some task opens more than one netlink sockets and then the audit one starts - in this case the audit's pid can be busy and its socket will be bound to another id. The proposal is to introduce an audit_nlk_pid in audit subsys, that will point to the netlink socket to send packets to. It will most often be equal to audit_pid. The socket id can be got from the skb's netlink CB right in the audit_receive_msg. The audit_nlk_pid reset to 0 is not required, since all the decisions are taken based on audit_pid value only. Later, if the audit tools will bind the socket themselves, the kernel will have to provide a way to setup the audit_nlk_pid as well. A good side effect of this patch is that audit_pid can later be converted to struct pid, as it is not longer safe to use pid_t-s in the presence of pid namespaces. But audit code still uses the tgid from task_struct in the audit_signal_info and in the audit_filter_syscall. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-20[NET]: Fix permissions of /proc/netAndre Noll
commit e9720ac ([NET]: Make /proc/net a symlink on /proc/self/net (v3)) broke ganglia and probably other applications that read /proc/net/dev. This is due to the change of permissions of /proc/net that was introduced in that commit. Before: dr-xr-xr-x 5 root root 0 Mar 19 11:30 /proc/net After: dr-xr--r-- 5 root root 0 Mar 19 11:29 /proc/self/net This patch restores the permissions to the old value which makes ganglia happy again. Pavel Emelyanov says: This also broke the postfix, as it was reported in bug #10286 and described in detail by Benjamin. Signed-off-by: Andre Noll <maan@systemlinux.org> Acked-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-20[SCTP]: Fix a race between module load and protosw accessVlad Yasevich
There is a race is SCTP between the loading of the module and the access by the socket layer to the protocol functions. In particular, a list of addresss that SCTP maintains is not initialized prior to the registration with the protosw. Thus it is possible for a user application to gain access to SCTP functions before everything has been initialized. The problem shows up as odd crashes during connection initializtion when we try to access the SCTP address list. The solution is to refactor how we do registration and initialize the lists prior to registering with the protosw. Care must be taken since the address list initialization depends on some other pieces of SCTP initialization. Also the clean-up in case of failure now also needs to be refactored. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-20[NETFILTER]: ipt_recent: sanity check hit countDaniel Hokka Zakrisson
If a rule using ipt_recent is created with a hit count greater than ip_pkt_list_tot, the rule will never match as it cannot keep track of enough timestamps. This patch makes ipt_recent refuse to create such rules. With ip_pkt_list_tot's default value of 20, the following can be used to reproduce the problem. nc -u -l 0.0.0.0 1234 & for i in `seq 1 100`; do echo $i | nc -w 1 -u 127.0.0.1 1234; done This limits it to 20 packets: iptables -A OUTPUT -p udp --dport 1234 -m recent --set --name test \ --rsource iptables -A OUTPUT -p udp --dport 1234 -m recent --update --seconds \ 60 --hitcount 20 --name test --rsource -j DROP While this is unlimited: iptables -A OUTPUT -p udp --dport 1234 -m recent --set --name test \ --rsource iptables -A OUTPUT -p udp --dport 1234 -m recent --update --seconds \ 60 --hitcount 21 --name test --rsource -j DROP With the patch the second rule-set will throw an EINVAL. Reported-by: Sean Kennedy <skennedy@vcn.com> Signed-off-by: Daniel Hokka Zakrisson <daniel@hozac.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-20[NETFILTER]: nf_conntrack_h323: logical-bitwise & confusion in process_setup()Roel Kluin
logical-bitwise & confusion Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-18[RT2X00] drivers/net/wireless/rt2x00/rt2x00dev.c: remove dead code, fix warningAndrew Morton
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
2008-03-17[IPV4]: esp_output() misannotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[8021Q]: vlan_dev misannotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17xfrm: ->eth_proto is __be16Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[IPV4]: ipv4_is_lbcast() misannotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[SUNRPC]: net/* NULL noiseAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[SCTP]: fix misannotated __sctp_rcv_asconf_lookup()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[PKT_SCHED]: annotate cls_u32Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17[NET] endianness noise: INADDR_ANYAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-17Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2008-03-17Merge branch 'upstream-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: ahci: Add Marvell 6121 SATA support pata_ali: use atapi_cmd_type() to determine cmd type instead of transfer size ahci: implement skip_host_reset parameter ahci: request all PCI BARs devres: implement pcim_iomap_regions_request_all() libata-acpi: improve dock event handling
2008-03-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linusLinus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: virtio: fix race in enable_cb virtio: Enable netpoll interface for netconsole logging virtio: handle > 2 billion page balloon targets virtio: Fix sysfs bits to have proper block symlink virtio: Use spin_lock_irqsave/restore for virtio-pci
2008-03-17hfs_bnode_find() can fail, resulting in hfs_bnode_split() breakageAl Viro
oops and fs corruption; the latter can happen even on valid fs in case of oom. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-03-17ahci: Add Marvell 6121 SATA supportJose Alberto Reguero
Signed-off-by: Jose Alberto Reguero <jareguero@telefonica.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17pata_ali: use atapi_cmd_type() to determine cmd type instead of transfer sizeTejun Heo
pata_ali was using qc->nbytes to determine whether a command is data transfer type or not. As now qc->nbytes can be extended by padding and draining buffers, these tests are not useful anymore. Use atapi_cmd_type() instead. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17ahci: implement skip_host_reset parameterTejun Heo
Under certain circumstances (SSP turned off by the BIOS) and for debugging purposes, skipping global controller reset is helpful. Add a kernel parameter for it. Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17ahci: request all PCI BARsTejun Heo
ahci is often implemented with accompanying SFF compatible interface and legacy IDE driver may attach to the legacy IO ports when the controller is already claimed by ahci and vice-versa. This patch makes ahci use pcim_iomap_regions_request_all() so that all IO regions are claimed on attach. Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17devres: implement pcim_iomap_regions_request_all()Tejun Heo
Some drivers need to reserve all PCI BARs to prevent other drivers misusing unoccupied BARs. pcim_iomap_regions_request_all() requests all BARs and iomap specified BARs. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17libata-acpi: improve dock event handlingTejun Heo
Improve ACPI hotplug handling such that dock event is handled properly. * Register handlers for dock events. * Directly detach device on EJECT_REQUEST instead of signaling hotplug event. This prevents libata from accessing severed controller and/or device. * While at it, use named constants for ACPI events and move uevent signaling inside host lock. Original patch and testing by Holger Macht. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Holger Macht <hmacht@suse.de> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17ioc3.c: replace remaining __FUNCTION__ occurrencesHarvey Harrison
__FUNCTION__ is gcc-specific, use __func__ Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> drivers/sn/ioc3.c | 22 +++++++++++----------- 1 files changed, 11 insertions(+), 11 deletions(-) Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17ucc_geth: use correct thread number for 10/100Mbps linkJoakim Tjernlund
Use thread number of 1 for 10/100Mbps link instead of 4. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: Li Yang <leoli@freescale.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17igb: Correctly get protocol informationMitch Williams
We can't look at the socket to get protocol information. We should instead look directly at the packet, and hope there are no IPv6 option headers. Signed-off-by: Mitch Williams <mitch.a.williams@intel.com> Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17[IOC3] Fix section missmatchRalf Baechle
LD drivers/net/built-in.o WARNING: drivers/net/built-in.o(.text+0x3468): Section mismatch in reference fro m the function ioc3_probe() to the function .devinit.text:ioc3_serial_probe() The function ioc3_probe() references the function __devinit ioc3_serial_probe(). This is often because ioc3_probe lacks a __devinit annotation or the annotation of ioc3_serial_probe is wrong. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-172.6.25-rc4 de_stop_rxtx polling wrongGrant Grundler
This untested patch _should_ fix: "(net de2104x) Kernel panic with de2104x tulip driver on boot" http://bugzilla.kernel.org/show_bug.cgi?id=3156 But the bug submitter isn't responding. Same fix has been applied to tulip.c (several years ago) and uli526x.c (Feb 2008) drivers. [ The panic reported in the bug report was removed in a recently (march 2008) accepted patch from Ondrej Zary. ] Signed-off-by: Grant Grundler <grundler@parisc-linux.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17forcedeth: limit tx to 16Ayaz Abdulla
This is a critical patch which adds a workaround for a HW bug. The patch will limit the number of outstanding tx packets to 16. Otherwise, the HW could send out packets with bad checksums. The driver will still setup the tx packets into the ring, however, will only set the Valid bit on 16 packets at a time. Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-173c501: Further coding style fixesAlan Cox
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17cxgb3: Fix transmit queue stop mechanismDivy Le Ray
The last change in the Tx queue stop mechanism opens a window where the Tx queue might be stopped after pending credits returned. Tx credits are returned via a control message generated by the HW. It returns tx credits on demand, triggered by a completion bit set in selective transmit packet headers. The current code can lead to the Tx queue stopped with all pending credits returned, and the current frame not triggering a credit return. The Tx queue will then never be awaken. The driver could alternatively request a completion for packets that stop the queue. It's however safer at this point to go back to the pre-existing behaviour. Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17NEWEMAC: Add compatible "ibm,tah" to tah matching tableStefan Roese
Add "ibm,tah" to the compatible matching table of the ibm_newemac tah driver. The type "tah" is still preserved for compatibility reasons. New dts files should use the compatible property though. Signed-off-by: Stefan Roese <sr@denx.de> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17rndis_host: fix transfer size negotiationJean-Christophe Dubois
This patch should resolve a problem that's troubled support for some RNDIS peripherals. It seems to have boiled down to using a variable to establish transfer size limits before it was assigned, which caused those devices to fallback to a default "jumbogram" mode we don't support. Fix by assigning it earlier for RNDIS. Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> [ cleanups ] Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17NEWEMAC: fix support for pause packetsPravin M. Bathija
Problem Description and Fix --------------------------- When a pause packet(with destination as reserved Multicast address) is received by the EMAC hardware to control the flow of frames being transmitted by it, it is dropped by the hardware unless the reserved Multicast address is hashed in to the GAHT[1-4] registers. This code fix adds the default reserved multicast address to the GAHT[1-4] registers in the EMAC(s) present on the chip. The flow control with Pause packets will only work if the following register bits are programmed in EMAC: EMACx_MR1[APP] = 1 EMACx_RMR[BAE] = 1 EMACx_RMR[MAE] = 1 Behavior that may be observed in a running system ------------------------------------------------- A host transferring data from a PPC based system may send a Pause packet to the PPC EMAC requesting it to slow down the flow of packets. If the default reserved multicast MAC address is not programmed into the GAHT[1-4] registers this Pause packet will be dropped by PPC EMAC and no Flow Control will be done. Signed-off-by: Pravin M. Bathija <pbathija@amcc.com> Signed-off-by: Stefan Roese <sr@denx.de> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17virtio: fix race in enable_cbChristian Borntraeger
There is a race in virtio_net, dealing with disabling/enabling the callback. I saw the following oops: kernel BUG at /space/kvm/drivers/virtio/virtio_ring.c:218! illegal operation: 0001 [#1] SMP Modules linked in: sunrpc dm_mod CPU: 2 Not tainted 2.6.25-rc1zlive-host-10623-gd358142-dirty #99 Process swapper (pid: 0, task: 000000000f85a610, ksp: 000000000f873c60) Krnl PSW : 0404300180000000 00000000002b81a6 (vring_disable_cb+0x16/0x20) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:3 PM:0 EA:3 Krnl GPRS: 0000000000000001 0000000000000001 0000000010005800 0000000000000001 000000000f3a0900 000000000f85a610 0000000000000000 0000000000000000 0000000000000000 000000000f870000 0000000000000000 0000000000001237 000000000f3a0920 000000000010ff74 00000000002846f6 000000000fa0bcd8 Krnl Code: 00000000002b819a: a7110001 tmll %r1,1 00000000002b819e: a7840004 brc 8,2b81a6 00000000002b81a2: a7f40001 brc 15,2b81a4 >00000000002b81a6: a51b0001 oill %r1,1 00000000002b81aa: 40102000 sth %r1,0(%r2) 00000000002b81ae: 07fe bcr 15,%r14 00000000002b81b0: eb7ff0380024 stmg %r7,%r15,56(%r15) 00000000002b81b6: a7f13e00 tmll %r15,15872 Call Trace: ([<000000000fa0bcd0>] 0xfa0bcd0) [<00000000002b8350>] vring_interrupt+0x5c/0x6c [<000000000010ab08>] do_extint+0xb8/0xf0 [<0000000000110716>] ext_no_vtime+0x16/0x1a [<0000000000107e72>] cpu_idle+0x1c2/0x1e0 The problem can be triggered with a high amount of host->guest traffic. I think its the following race: poll says netif_rx_complete poll calls enable_cb enable_cb opens the interrupt mask a new packet comes, an interrupt is triggered----\ enable_cb sees that there is more work | enable_cb disables the interrupt | . V . interrupt is delivered . skb_recv_done does atomic napi test, ok some waiting disable_cb is called->check fails->bang! . poll would do napi check poll would do disable_cb The fix is to let enable_cb not disable the interrupt again, but expect the caller to do the cleanup if it returns false. In that case, the interrupt is only disabled, if the napi test_set_bit was successful. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cleaned up doco)
2008-03-17virtio: Enable netpoll interface for netconsole loggingAmit Shah
Add a new poll_controller handler that the netpoll interface needs. This enables netconsole logging from a kvm guest over the virtio net interface. Signed-off-by: Amit Shah <amitshah@gmx.net> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-03-17virtio: handle > 2 billion page balloon targetsRusty Russell
If the host asks for a huge target towards_target() can overflow, and we up oops as we try to release more pages than we have. The simple fix is to use a 64-bit value. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-03-17virtio: Fix sysfs bits to have proper block symlinkJeremy Katz
Fix up so that the virtio_blk devices in sysfs link correctly to their block device. This then allows them to be detected by hal, etc Signed-off-by: Jeremy Katz <katzj@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-03-17virtio: Use spin_lock_irqsave/restore for virtio-pciAnthony Liguori
virtio-pci acquires its spin lock in an interrupt context so it's necessary to use spin_lock_irqsave/restore variants. This patch fixes guest SMP when using virtio devices in KVM. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-03-17drivers/net/atl1/atl1_main.c: remove unused variableJulia Lawall
The variable update_rx is initialized but never used otherwise. The semantic patch that makes this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T; identifier i; constant C; @@ ( extern T i; | - T i; <+... when != i - i = C; ...+> ) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Acked-by: Jay Cliburn <jacliburn@bellsouth.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17drivers/net/ipg.c: remove unused variableJulia Lawall
The variable gig is initialized but never used otherwise. The semantic patch that makes this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T; identifier i; constant C; @@ ( extern T i; | - T i; <+... when != i - i = C; ...+> ) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17epic100 endianness annotations and fixesAl Viro
* "powerpc or sparc" is not the same as "big-endian", fix the ifdef * since we tell the card to byteswap the descriptors on big-endian, we ought to leave them host-endian... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17ipg fixAl Viro
spurious cpu_to_le64() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17more misannotations: ne2k-pciAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17fore2000 - fix misannotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17wan/farsync: copy_from_user() to iomem is wrongAl Viro
kmalloc intermediate buffer(), do copy_from_user() + memcpy_toio() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-17r6040 endianness fixesAl Viro
pci_unmap_single() on little-endian address Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2008-03-16Linux 2.6.25-rc6v2.6.25-rc6Linus Torvalds