Commit Graph

871 Commits

Author SHA1 Message Date
David S. Miller
0f4821e7b9 [XFRM/RTNETLINK]: Decrement qlen properly in {xfrm_,rt}netlink_rcv().
If we free up a partially processed packet because it's
skb->len dropped to zero, we need to decrement qlen because
we are dropping out of the top-level loop so it will do
the decrement for us.

Spotted by Herbert Xu.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 16:15:59 -07:00
David S. Miller
09e1430598 [NETLINK]: Fix infinite loops in synchronous netlink changes.
The qlen should continue to decrement, even if we
pop partially processed SKBs back onto the receive queue.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 15:30:05 -07:00
Linus Torvalds
84e48b6d64 Merge of master.kernel.org:/home/rmk/linux-2.6-rmk.git 2005-05-03 15:27:24 -07:00
Nicolas Pitre
48af721540 [PATCH] ARM: 2662/1: missing "default y" for CONFIG_HAS_TLS_REG
Patch from Nicolas Pitre

Signed-off-by: Nicolas Pitre
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2005-05-03 22:57:56 +01:00
Sascha Hauer
a493820df6 [PATCH] ARM: 2661/1: imxfb include
Patch from Sascha Hauer

This patch adds the missing include files for the i.MX framebuffer
driver.

Signed-off-by: Sascha Hauer
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2005-05-03 22:57:56 +01:00
Herbert Xu
2a0a6ebee1 [NETLINK]: Synchronous message processing.
Let's recap the problem.  The current asynchronous netlink kernel
message processing is vulnerable to these attacks:

1) Hit and run: Attacker sends one or more messages and then exits
before they're processed.  This may confuse/disable the next netlink
user that gets the netlink address of the attacker since it may
receive the responses to the attacker's messages.

Proposed solutions:

a) Synchronous processing.
b) Stream mode socket.
c) Restrict/prohibit binding.

2) Starvation: Because various netlink rcv functions were written
to not return until all messages have been processed on a socket,
it is possible for these functions to execute for an arbitrarily
long period of time.  If this is successfully exploited it could
also be used to hold rtnl forever.

Proposed solutions:

a) Synchronous processing.
b) Stream mode socket.

Firstly let's cross off solution c).  It only solves the first
problem and it has user-visible impacts.  In particular, it'll
break user space applications that expect to bind or communicate
with specific netlink addresses (pid's).

So we're left with a choice of synchronous processing versus
SOCK_STREAM for netlink.

For the moment I'm sticking with the synchronous approach as
suggested by Alexey since it's simpler and I'd rather spend
my time working on other things.

However, it does have a number of deficiencies compared to the
stream mode solution:

1) User-space to user-space netlink communication is still vulnerable.

2) Inefficient use of resources.  This is especially true for rtnetlink
since the lock is shared with other users such as networking drivers.
The latter could hold the rtnl while communicating with hardware which
causes the rtnetlink user to wait when it could be doing other things.

3) It is still possible to DoS all netlink users by flooding the kernel
netlink receive queue.  The attacker simply fills the receive socket
with a single netlink message that fills up the entire queue.  The
attacker then continues to call sendmsg with the same message in a loop.

Point 3) can be countered by retransmissions in user-space code, however
it is pretty messy.

In light of these problems (in particular, point 3), we should implement
stream mode netlink at some point.  In the mean time, here is a patch
that implements synchronous processing.  

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:55:09 -07:00
Herbert Xu
96c3602343 [NETLINK]: cb_lock does not needs ref count on sk
Here is a little optimisation for the cb_lock used by netlink_dump.
While fixing that race earlier, I noticed that the reference count
held by cb_lock is completely useless.  The reason is that in order
to obtain the protection of the reference count, you have to take
the cb_lock.  But the only way to take the cb_lock is through
dereferencing the socket.

That is, you must already possess a reference count on the socket
before you can take advantage of the reference count held by cb_lock.
As a corollary, we can remve the reference count held by the cb_lock.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:43:27 -07:00
Patrick McHardy
9dfa277f88 [PKT_SCHED]: Fix range in PSCHED_TDIFF_SAFE to 0..bound
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:41:18 -07:00
Asim Shankar
033d899904 [PKT_SCHED]: HTB: Drop packet when direct queue is full
htb_enqueue(): Free skb and return NET_XMIT_DROP if a packet is
destined for the direct_queue but the direct_queue is full. (Before
this: erroneously returned NET_XMIT_SUCCESS even though the packet was
not enqueued)

Signed-off-by: Asim Shankar <asimshankar@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:39:33 -07:00
Jesper Juhl
96edf83c4e [PPP]: remove redundant NULL pointer checks before kfree & vfree
kfree() and vfree() can both deal with NULL pointers. This patch removes 
redundant NULL pointer checks from the ppp code in drivers/net/

Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:38:09 -07:00
Folkert van Heusden
c3924c70dd [TCP]: Optimize check in port-allocation code, v6 version.
Signed-off-by: Folkert van Heusden <folkert@vanheusden.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:36:45 -07:00
Folkert van Heusden
0b2531bdc5 [TCP]: Optimize check in port-allocation code.
Signed-off-by: Folkert van Heusden <folkert@vanheusden.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:36:08 -07:00
Lucas Correia Villa Real
20cc6befa2 [PKT_SCHED]: fix typo on Kconfig
This is a trivial fix for a typo on Kconfig, where the Generic Random Early 
Detection algorithm is abbreviated as RED instead of GRED.

Signed-off-by: Lucas Correia Villa Real <lucasvr@gobolinux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:34:20 -07:00
Jesper Juhl
6a5d362120 [WAN]: kfree of NULL pointer is valid
kfree(0) is perfectly valid, checking pointers for NULL before calling 
kfree() on them is redundant. The patch below cleans away a few such 
redundant checks (and while I was around some of those bits I couldn't 
stop myself from making a few tiny whitespace changes as well).

Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk>
Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:33:27 -07:00
Thomas Graf
db46edc6d3 [RTNETLINK] Cleanup rtnetlink_link tables
Converts remaining rtnetlink_link tables to use c99 designated
initializers to make greping a little bit easier.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:29:39 -07:00
Thomas Graf
f90a0a74b8 [RTNETLINK] Fix & cleanup rtm_min/rtm_max
Converts rtm_min and rtm_max arrays to use c99 designated
initializers for easier insertion of new message families.
RTM_GETMULTICAST and RTM_GETANYCAST did not have the minimal
message size specified which means that the netlink message
was parsed for routing attributes starting from the header.
Adds the proper minimal message sizes for these messages
(netlink header + common rtnetlink header) to fix this issue.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:29:00 -07:00
Thomas Graf
d775fc09f1 [RTNETLINK] Fix RTM_MAX to represent the maximum valid message type
RTM_MAX is currently set to the maximum reserverd message type plus one
thus being the cause of two bugs for new types being assigned a) given the
new family registers only the NEW command in its reserved block the array
size for per family entries is calculated one entry short and b) given the
new family registers all commands RTM_MAX would point to the first entry
of the block following this one and the rtnetlink receive path would accept
a message type for a nonexisting family.

This patch changes RTM_MAX to point to the maximum valid message type
by aligning it to the start of the next block and subtracting one.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:27:35 -07:00
Thomas Graf
492b558b31 [XFRM]: Cleanup xfrm_msg_min and xfrm_dispatch
Converts xfrm_msg_min and xfrm_dispatch to use c99 designated
initializers to make greping a little bit easier. Also replaces
two hardcoded message type with meaningful names.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:26:40 -07:00
Thomas Graf
526bdb80a2 [XFRM]: Prevent off-by-one access to xfrm_dispatch
Makes the type > XFRM_MSG_MAX check behave correctly to
protect access to xfrm_dispatch.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:26:01 -07:00
Herbert Xu
e4553eddae [IPV6]: Include ipv6.h for ipv6_addr_set
This patch includes net/ipv6.h from addrconf.h since it needs
ipv6_addr_set.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:25:13 -07:00
Herbert Xu
679a873824 [IPV6]: Fix raw socket checksums with IPsec
I made a mistake in my last patch to the raw socket checksum code.
I used the value of inet->cork.length as the length of the payload.
While this works with normal packets, it breaks down when IPsec is
present since the cork length includes the extension header length.

So here is a patch to fix the length calculations.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:24:36 -07:00
Patrick McHardy
31da185d81 [NETFILTER]: Don't checksum CHECKSUM_UNNECESSARY skbs in TCP connection tracking
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:23:50 -07:00
Patrick McHardy
b433095784 [NETFILTER]: Missing owner-field initialization in iptable_raw
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-05-03 14:23:13 -07:00
Benjamin Herrenschmidt
52292c9b8c [PATCH] ppc64: fix gcc 4.0 vs CONFIG_ALTIVEC
gcc-4.0 generates altivec code implicitly when -mcpu indicates an
altivec capable CPU which is not suitable for the kernel.  However, we
used to set -mcpu=970 when CONFIG_ALTIVEC was set because a gcc-3.x bug
prevented from using -maltivec along with -mcpu=power4, thus prevented
building the RAID6 altivec code.

This patch fixes all of this by testing for the gcc version.  If 4.0 or
later, just normally use -mcpu=power4 and let the RAID6 code add
-maltivec to the few files it needs to be compiled with altivec support.
For 3.x, we still use -mcpu=970 to work around the above problem, which
is fine as 3.x will never implicitly generate altivec code.

The Makefile hackery may not be the most lovely, I welcome anybody more
skilled than me to improve it.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-03 07:38:34 -07:00
Russell King
eca02b0c1d [PATCH] ARM: Cleanup kmalloc in cyber2000fb
We use one kmalloc to allocate two structures needlessly.
Combine these two structures into one.

Signed-off-by: Russell King <rmk@arm.linux.org.uk>
2005-05-03 12:23:56 +01:00
Russell King
1f9c381fa3 [PATCH] ARM: Clean up commenting/spacing for Integrator
Signed-off-by: Russell King <rmk@arm.linux.org.uk>
2005-05-03 12:22:19 +01:00
Russell King
5c3073e691 [PATCH] ARM: cleanup vmalloc start/offset macros
VMALLOC_START and VMALLOC_OFFSET are common between all ARM
machine classes.  Move them into include/asm-arm/pgtable.h,
but allow a machine class to override them if required.

Signed-off-by: Russell King <rmk@arm.linux.org.uk>
2005-05-03 12:20:29 +01:00
Russell King
5cd0c34420 [PATCH] ARM: decompressor: use platform debug macros
Rather than duplicate the assembly for debug macros in the
decompressor head.S, use asm/arch/debug-macros.S instead.

Signed-off-by: Russell King <rmk@arm.linux.org.uk>
2005-05-03 12:18:46 +01:00
Dave Kleikamp
6628465e33 [PATCH] JFS: Don't allocate extents that overlap existing extents
Modify xtSearch so that it returns the next allocated block when the
requested block is unmapped.  This can be used to make sure we don't
create a new extent that overlaps the next one.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:54 -07:00
Dave Kleikamp
1c6278295d [PATCH] JFS: Write journal sync points more often
This patch adds jfs_syncpt, which calls lmLogSync to write sync points
to the journal both in jfs_sync_fs and when sync barrier processing
completes.

lmLogSync accomplishes two things:  1) it pushes logged-but-dirty
metadata pages to disk, and 2) it writes a sync record to the journal
so that jfs_fsck doesn't need to replay more transactions than is
necessary.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:53 -07:00
Dave Kleikamp
7fab479beb [PATCH] JFS: Support page sizes greater than 4K
jfs has never worked on architecutures where the page size was not 4K.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:53 -07:00
Dave Kleikamp
dc5798d9a7 [PATCH] JFS: Changes for larger page size
JFS code has always assumed a page size of 4K.  This patch fixes the
non-pagecache uses of pages to deal with larger pages.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:53 -07:00
Dave Kleikamp
d2e83707ed [PATCH] JFS: Simplify creation of new iag
JFS was creating a new IAG (inode aggregate group) in one address
space, and afterwards, accessing it from another.  This could lead to
complications when cache pages contain more than one page of jfs
metadata.  This patch causes the IAG to be initialized in the same
address space that it is subsequently accessed with.

This also elimitates an I/O, but IAG's aren't created too often.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:53 -07:00
Dave Kleikamp
66f3131f54 [PATCH] JFS: reduce number of synchronous transactions
Use an inline pxd list rather than an xad list in the xadlock.
When the number of extents being modified can fit with the xadlock,
a transaction can be committed asynchronously.  Using a list of
pxd's instead of xad's allows us to fit 4 extents, rather than 2.

Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 22:23:52 -07:00
Benjamin Herrenschmidt
ac09f698f1 [PATCH] cpufreq annoying warning fix
The cpufreq core patch I sent earlier got only half-applied.  I added a
flag to let the low level driver disable an annoying warning on
suspend/resume that is normal on ppc, but the "resume" part of it wasn't
applied.

This just adds back that missing bit.  The original patch also reworked
the resume() function to avoid nesting too many if () statements along
the way I did the suspend() one, but I didn't include that in the patch
below.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 08:15:22 -07:00
Benjamin Herrenschmidt
e521dca64e [PATCH] ppc32: Fix might_sleep() warning with clock spreading
The clock spreading disable/enable code was called to late/early during
the suspend/resume code on some laptops and would trigger a
might_sleep() warning due to the down() call in the low level i2c code.

This fixes it by calling those functions earlier/later when interrupts
are still enabled.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-02 08:15:22 -07:00
Benjamin Herrenschmidt
6995f17a5a [PATCH] ppc32: More fixlet for pmac sound
As Al Viro noticed, my previous fix missed one instance of "device" in
the driver local debug code. Harmless unless you tweak the #define's in
there but still work fixing.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 21:56:39 -07:00
Benjamin Herrenschmidt
f0f539755b [PATCH] ppc32: Fix sleep on old 101 PowerBook
A typo in the machine table incorrectly mark the 101 PowerBook as
needing explicit callback from the video driver to enable sleep mode. I
did not implement that mecanism for chipsest older than r128, so we need
to mark this machine as always beeing able to sleep for now.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 19:43:54 -07:00
Benjamin Herrenschmidt
7eb8073ecc [PATCH] ppc32: Small build fix for alsa powermac
My newer iMac mini driver doesn't build with verbose debug enabled.

This fixes it, and removes an erroneous error printk (since it's normal
on some machine to not find some gpios on the "first try").

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 18:54:23 -07:00
Benjamin Herrenschmidt
15fd56867b [PATCH] ppc32: Workaround a cache flush issue on sleep
We are experiencing a problem when flushing the CPU caches before sleep
on some laptop models using the 750FX CPU rev 1.X. While I haven't been
able to figure out a proper explanation for what's going on, I do have a
workaround that seem to work reliably and allows those machine to sleep
and wakeup properly again.

I'll re-update that code if/when I ever find exactly what is happening
with those CPU revisions.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 18:22:34 -07:00
Jens Axboe
7da21a02b3 [PATCH] Avoid unnecessary ide-cd cache flushes
Only issue a cdrom cache flush if we've done write to the drive.  The
->media_written() flag keeps track of that.

Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 12:12:52 -07:00
Adrian Bunk
76530da1a9 [PATCH] sound/oss/sonicvibes.c: fix an array overflow
This patch fixes an array overflow found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:30 -07:00
Adrian Bunk
6c207e7692 [PATCH] drivers/input/joystick/spaceorb.c: fix an array overflow
This patch fixes an array overflow found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:30 -07:00
Adrian Bunk
0dec63bab8 [PATCH] drivers/pnp/pnpacpi/rsparser.c: fix an array overflow
This patch fixes an array overflow found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:30 -07:00
Adrian Bunk
390725c36d [PATCH] drivers/video/radeonfb.c: fix an array overflow
This patch fixes an array overflow found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:30 -07:00
Adrian Bunk
6e3e98d1dc [PATCH] drivers/pnp/pnpbios/rsparser.c: fix an array overflow
This patch fixes an array overflow found by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:29 -07:00
Adrian Bunk
408b664a7d [PATCH] make lots of things static
Another large rollup of various patches from Adrian which make things static
where they were needlessly exported.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:29 -07:00
Cosmin Nicolaescu
c31403a1f5 [PATCH] Documentation: remove super-{nr, max} to reflect fs/super.c
The patch updates the documentation for /proc.  super-nr and super-max have
been dropped from the kernel since 2.4.9 due to minor numbering issues.
This change was not documented in the documentation.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:28 -07:00
Sam Ravnborg
fd4a324494 [PATCH] docbook: Tell users to install xmlto, not stylesheets
We have at least two users which were confused by these messages, myself
included.

Signed-off-by: Alexey Dobriyan <adobriyan@mail.ru>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:28 -07:00
Martin Waitz
4fa35166c5 [PATCH] DocBook: fix html link
The start page for each book has changed from book1.html to index.html.
Update our generated links acocrdingly.

Signed-off-by: Martin Waitz <tali@admingilde.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-05-01 08:59:28 -07:00