summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove empty file fs/xfs/Makefile-linux-2.6.Lachlan McIlroy2008-02-221-0/+0
|
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 into ↵Lachlan McIlroy2008-02-183478-79801/+191786
|\ | | | | | | for-linus
| * Merge branch 'upstream-linus' of ↵Linus Torvalds2008-02-1513-25/+22
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: ata: fix sparse warning in pata_acpi.c ata: fix sparse warning in pata_marvell.c ata: fix sparse warning in pata_jmicron.c ata: fix sparse warning in pata_cs5536.c ata: sparse fixes for pata_amd.c pata_scc.c: add thaw ops pata_cs5536.c bugfix pata_legacy: don't call ata_host_detach() after initialization failure ata: fix sparse warnings in sata_mv.c ata: fix sparse warning in sata_via.c ata: fix sparse warning in sata_promise.c ata: fix sparse warning in ata_piix.c ata: fix sparse warning in libata-core.c ata: make ata_scsiop_inq_89 static in libata-scsi.c
| | * ata: fix sparse warning in pata_acpi.cHarvey Harrison2008-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | drivers/ata/pata_acpi.c:80:2: warning: returning void-valued expression Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in pata_marvell.cHarvey Harrison2008-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | drivers/ata/pata_marvell.c:88:2: warning: returning void-valued expression Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in pata_jmicron.cHarvey Harrison2008-02-151-1/+2
| | | | | | | | | | | | | | | | | | | | | drivers/ata/pata_jmicron.c:118:2: warning: returning void-valued expression Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in pata_cs5536.cHarvey Harrison2008-02-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Everybody passes in a u32...why fight it. drivers/ata/pata_cs5536.c:124:26: warning: incorrect type in argument 3 (different signedness) drivers/ata/pata_cs5536.c:124:26: expected int *val drivers/ata/pata_cs5536.c:124:26: got unsigned int *<noident> Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: sparse fixes for pata_amd.cHarvey Harrison2008-02-151-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | drop return statement. drivers/ata/pata_amd.c:149:2: warning: returning void-valued expression Commit ce54d1616302117fa98513ae916bb3333e1c02ea pata_amd: update mode selection for NV PATAs added the initializer for nv_mode_filter but missed deleting the previously set mode_filter drivers/ata/pata_amd.c:509:3: warning: Initializer entry defined twice drivers/ata/pata_amd.c:521:3: also defined here drivers/ata/pata_amd.c:544:3: warning: Initializer entry defined twice drivers/ata/pata_amd.c:556:3: also defined here Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * pata_scc.c: add thaw opsAkira Iguchi2008-02-151-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds default thaw ops and fixes the freeze/thaw inconsistency. Signed-off-by: Kou Ishizaki <kou.ishizaki@toshiba.co.jp> Signed-off-by: Akira Iguchi <akira2.iguchi@toshiba.co.jp> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * pata_cs5536.c bugfixMartin K. Petersen2008-02-151-4/+4
| | | | | | | | | | | | | | | | | | | | | Fix speed negotiation for secondary device. Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * pata_legacy: don't call ata_host_detach() after initialization failureTejun Heo2008-02-151-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ata_host_detach() detaches an attached port and shouldn't be called on a port which hasn't been attached yet. pata_legacy incorrectly calls ata_host_detach() on unattached port after initialization failure causing oops. Fix it. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Ingo Molnar <mingo@elte.hu> Cc: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warnings in sata_mv.cHarvey Harrison2008-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pp is never used again in this function, no need to declare a new one. drivers/ata/sata_mv.c:1545:24: warning: symbol 'pp' shadows an earlier one drivers/ata/sata_mv.c:1501:22: originally declared here drivers/ata/sata_mv.c:1553:24: warning: symbol 'pp' shadows an earlier one drivers/ata/sata_mv.c:1501:22: originally declared here Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in sata_via.cHarvey Harrison2008-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | drivers/ata/sata_via.c:336:2: warning: returning void-valued expression Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in sata_promise.cHarvey Harrison2008-02-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | drivers/ata/sata_promise.c:546:15: warning: symbol 'len' shadows an earlier one drivers/ata/sata_promise.c:538:6: originally declared here len is set again immediately after the loop, so this is safe. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in ata_piix.cHarvey Harrison2008-02-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | drivers/ata/ata_piix.c:1655:8: warning: symbol 'rc' shadows an earlier one drivers/ata/ata_piix.c:1616:6: originally declared here Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: fix sparse warning in libata-core.cHarvey Harrison2008-02-151-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rc is used to test the return value and possibly return an error. No need to redeclare inside the loop. drivers/ata/libata-core.c:7089:7: warning: symbol 'rc' shadows an earlier one drivers/ata/libata-core.c:7030:9: originally declared here Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| | * ata: make ata_scsiop_inq_89 static in libata-scsi.cHarvey Harrison2008-02-151-1/+1
| | | | | | | | | | | | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | Linux 2.6.25-rc2v2.6.25-rc2Linus Torvalds2008-02-151-2/+2
| | |
| * | Merge branch 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6Linus Torvalds2008-02-155-16/+21
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: NFS: add missing spkm3 strings to mount option parser NFS: remove error field from nfs_readdir_descriptor_t NFS: missing spaces in KERN_WARNING NFS: Allow text-based mounts via compat_sys_mount NFS: fix reference counting for NFSv4 callback thread
| | * \ Merge branch 'linus_origin' into hotfixesTrond Myklebust2008-02-15271-3432/+5317
| | |\ \
| | * | | NFS: add missing spkm3 strings to mount option parserOlga Kornievskaia2008-02-131-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This patch adds previous missing spkm3 string values that are needed to parse mount options in the kernel.
| | * | | NFS: remove error field from nfs_readdir_descriptor_tJeff Layton2008-02-131-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The error field in nfs_readdir_descriptor_t is never used outside of the function in which it is set. Remove the field and change the place that does use it to use an existing local variable. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| | * | | NFS: missing spaces in KERN_WARNINGDan Muntz2008-02-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The warning message for a v4 server returning various bad sequence-ids is missing spaces. Signed-off-by: Dan Muntz <dmuntz@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| | * | | NFS: Allow text-based mounts via compat_sys_mountChuck Lever2008-02-131-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compat_sys_mount() system call throws EINVAL for text-based NFSv4 mounts. The text-based mount interface assumes that any mount option blob that doesn't set the version field to "1" is a C string (ie not a legacy mount request). The compat_sys_mount() call treats blobs that don't set the version field to "1" as an error. We just relax the check in compat_sys_mount() a bit to allow C strings to be passed down to the NFSv4 client. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| | * | | NFS: fix reference counting for NFSv4 callback threadJeff Layton2008-02-131-6/+12
| | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The reference counting for the NFSv4 callback thread stays artificially high. When this thread comes down, it doesn't properly tear down the svc_serv, causing a memory leak. In my testing on an older kernel on x86_64, memory would leak out of the 8k kmalloc slab. So, we're leaking at least a page of memory every time the thread comes down. svc_create() creates the svc_serv with a sv_nrthreads count of 1, and then svc_create_thread() increments that count. Whenever the callback thread is started it has a sv_nrthreads count of 2. When coming down, it calls svc_exit_thread() which decrements that count and if it hits 0, it tears everything down. That never happens here since the count is always at 2 when the thread exits. The problem is that nfs_callback_up() should be calling svc_destroy() on the svc_serv on both success and failure. This is how lockd_up_proto() handles the reference counting, and doing that here fixes the leak. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-02-1560-1953/+5663
| |\ \ \ | | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (82 commits) [NET]: Make sure sockets implement splice_read netconsole: avoid null pointer dereference at show_local_mac() [IPV6]: Fix reversed local_df test in ip6_fragment [XFRM]: Avoid bogus BUG() when throwing new policy away. [AF_KEY]: Fix bug in spdadd [NETFILTER] nf_conntrack_proto_tcp.c: Mistyped state corrected. net: xfrm statistics depend on INET [NETFILTER]: make secmark_tg_destroy() static [INET]: Unexport inet_listen_wlock [INET]: Unexport __inet_hash_connect [NET]: Improve cache line coherency of ingress qdisc [NET]: Fix race in dev_close(). (Bug 9750) [IPSEC]: Fix bogus usage of u64 on input sequence number [RTNETLINK]: Send a single notification on device state changes. [NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6. [NETLABEL]: Don't produce unused variables when IPv6 is off. [NETLABEL]: Compilation for CONFIG_AUDIT=n case. [GENETLINK]: Relax dances with genl_lock. [NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def. [IPV6]: remove unused method declaration (net/ndisc.h). ...
| | * | [NET]: Make sure sockets implement splice_readRémi Denis-Courmont2008-02-151-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a segmentation fault when trying to splice from a non-TCP socket. Signed-off-by: Rémi Denis-Courmont <rdenis@simphalempin.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | netconsole: avoid null pointer dereference at show_local_mac()Keiichi KII2008-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch avoids a null pointer dereference when we read local_mac for netconsole in configfs and shows default local mac address value. A null pointer dereference occurs when we call show_local_mac() via local_mac entry in configfs before we setup the content of netpoll using netpoll_setup(). Signed-off-by: Keiichi KII <k-keiichi@bx.jp.nec.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [IPV6]: Fix reversed local_df test in ip6_fragmentHerbert Xu2008-02-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I managed to reverse the local_df test when forward-porting this patch so it actually makes things worse by never fragmenting at all. Thanks to David Stevens for testing and reporting this bug. Bill Fink pointed out that the local_df setting is also the wrong way around. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [XFRM]: Avoid bogus BUG() when throwing new policy away.YOSHIFUJI Hideaki2008-02-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> When we destory a new policy entry, we need to tell xfrm_policy_destroy() explicitly that the entry is not alive yet. Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [AF_KEY]: Fix bug in spdaddKazunori MIYAZAWA2008-02-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fix a BUG when adding spds which have same selector. Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETFILTER] nf_conntrack_proto_tcp.c: Mistyped state corrected.Jozsef Kadlecsik2008-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | net: xfrm statistics depend on INETPaul Mundt2008-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | net/built-in.o: In function `xfrm_policy_init': /home/pmundt/devel/git/sh-2.6.25/net/xfrm/xfrm_policy.c:2338: undefined reference to `snmp_mib_init' snmp_mib_init() is only built in if CONFIG_INET is set. Signed-off-by: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETFILTER]: make secmark_tg_destroy() staticAdrian Bunk2008-02-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch makes the needlessly global secmark_tg_destroy() static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [INET]: Unexport inet_listen_wlockAdrian Bunk2008-02-131-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the no longer used EXPORT_SYMBOL(inet_listen_wlock). Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [INET]: Unexport __inet_hash_connectAdrian Bunk2008-02-131-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the unused EXPORT_SYMBOL_GPL(__inet_hash_connect). Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NET]: Improve cache line coherency of ingress qdiscNeil Turton2008-02-121-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the ingress qdisc members of struct net_device from the transmit cache line to the receive cache line to avoid cache line ping-pong. These members are only used on the receive path. Signed-off-by: Neil Turton <nturton@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NET]: Fix race in dev_close(). (Bug 9750)Matti Linnanvuori2008-02-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a race in Linux kernel file net/core/dev.c, function dev_close. The function calls function dev_deactivate, which calls function dev_watchdog_down that deletes the watchdog timer. However, after that, a driver can call netif_carrier_ok, which calls function __netdev_watchdog_up that can add the watchdog timer again. Function unregister_netdevice calls function dev_shutdown that traps the bug !timer_pending(&dev->watchdog_timer). Moving dev_deactivate after netif_running() has been cleared prevents function netif_carrier_on from calling __netdev_watchdog_up and adding the watchdog timer again. Signed-off-by: Matti Linnanvuori <mattilinnanvuori@yahoo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [IPSEC]: Fix bogus usage of u64 on input sequence numberHerbert Xu2008-02-127-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Al Viro spotted a bogus use of u64 on the input sequence number which is big-endian. This patch fixes it by giving the input sequence number its own member in the xfrm_skb_cb structure. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [RTNETLINK]: Send a single notification on device state changes.Laszlo Attila Toth2008-02-121-10/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In do_setlink() a single notification is sent at the end of the function if any modification occured. If the address has been changed, another notification is sent. Both of them is required because originally only the NETDEV_CHANGEADDR notification was sent and although device state change implies address change, some programs may expect the original notification. It remains for compatibity. If set_operstate() is called from do_setlink(), it doesn't send a notification, only if it is called from rtnl_create_link() as earlier. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETLABLE]: Hide netlbl_unlabel_audit_addr6 under ifdef CONFIG_IPV6.Pavel Emelyanov2008-02-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one is called from under this config only, so move it in the same place. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETLABEL]: Don't produce unused variables when IPv6 is off.Pavel Emelyanov2008-02-121-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some code declares variables on the stack, but uses them under #ifdef CONFIG_IPV6, so thay become unused when ipv6 is off. Fortunately, they are used in a switch's case branches, so the fix is rather simple. Is it OK from coding style POV to add braces inside "cases", or should I better avoid such style and rework the patch? Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETLABEL]: Compilation for CONFIG_AUDIT=n case.Pavel Emelyanov2008-02-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The audit_log_start() will expand into an empty do { } while (0) construction and the audit_ctx becomes unused. The solution: push current->audit_context into audit_log_start() directly, since it is not required in any other place in the calling function. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [GENETLINK]: Relax dances with genl_lock.Pavel Emelyanov2008-02-121-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The genl_unregister_family() calls the genl_unregister_mc_groups(), which takes and releases the genl_lock and then locks and releases this lock itself. Relax this behavior, all the more so the genl_unregister_mc_groups() is called from genl_unregister_family() only. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NETLABEL]: Fix lookup logic of netlbl_domhsh_search_def.Pavel Emelyanov2008-02-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if the call to netlbl_domhsh_search succeeds the return result will still be NULL. Fix that, by returning the found entry (if any). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [IPV6]: remove unused method declaration (net/ndisc.h).Rami Rosen2008-02-121-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes unused declaration of dflt_rt_lookup() method in include/net/ndisc.h Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NET]: Fix comment for skb_pull_rcsumUrs Thuermann2008-02-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix comment for skb_pull_rcsum Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [IPV6]: Fix IPsec datagram fragmentationHerbert Xu2008-02-122-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a long-standing bug in the IPsec IPv6 code that breaks when we emit a IPsec tunnel-mode datagram packet. The problem is that the code the emits the packet assumes the IPv6 stack will fragment it later, but the IPv6 stack assumes that whoever is emitting the packet is going to pre-fragment the packet. In the long term we need to fix both sides, e.g., to get the datagram code to pre-fragment as well as to get the IPv6 stack to fragment locally generated tunnel-mode packet. For now this patch does the second part which should make it work for the IPsec host case. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | [NDISC]: Fix race in generic address resolutionDavid S. Miller2008-02-122-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Frank Blaschka provided the bug report and the initial suggested fix for this bug. He also validated this version of this fix. The problem is that the access to neigh->arp_queue is inconsistent, we grab references when dropping the lock lock to call neigh->ops->solicit() but this does not prevent other threads of control from trying to send out that packet at the same time causing corruptions because both code paths believe they have exclusive access to the skb. The best option seems to be to hold the write lock on neigh->lock during the ->solicit() call. I looked at all of the ndisc_ops implementations and this seems workable. The only case that needs special care is the IPV4 ARP implementation of arp_solicit(). It wants to take neigh->lock as a reader to protect the header entry in neigh->ha during the emission of the soliciation. We can simply remove the read lock calls to take care of that since holding the lock as a writer at the caller providers a superset of the protection afforded by the existing read locking. The rest of the ->solicit() implementations don't care whether the neigh is locked or not. Signed-off-by: David S. Miller <davem@davemloft.net>
| | * | hci_ldisc: fix null pointer derefDavid Newall2008-02-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Arjan: With the help of kerneloops.org I've spotted a nice little interaction between the TTY layer and the bluetooth code, however the tty layer is not something I'm all too familiar with so I rather ask than brute-force fix the code incorrectly. The raw details are at: http://www.kerneloops.org/search.php?search=uart_flush_buffer What happens is that, on closing the bluetooth tty, the tty layer goes into the release_dev() function, which first does a bunch of stuff, then sets the file->private_data to NULL, does some more stuff and then calls the ldisc close function. Which in this case, is hci_uart_tty_close(). Now, hci_uart_tty_close() calls hci_uart_close() which clears some internal bit, and then calls hci_uart_flush()... which calls back to the tty layers' uart_flush_buffer() function. (in drivers/bluetooth/hci_tty.c around line 194) Which then WARN_ON()'s because that's not allowed/supposed to be called this late in the shutdown of the port.... Should the bluetooth driver even call this flush function at all?? David: This seems to be what happens: Hci_uart_close() flushes using hci_uart_flush(). Subsequently, in hci_dev_do_close(), (one step in hci_unregister_dev()), hci_uart_flush() is called again. The comment in uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush after the port is closed; which sounds reasonable. I think hci_uart_close() should set hdev->flush to NULL before returning. Hci_dev_do_close() does check for this. The code path is rather involved and I'm not entirely clear of all steps, but I think that's what should be done. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud