aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-09-08Merge branch 'master' of ↵David S. Miller
master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
2010-09-08KS8851: Correct RX packet allocationEric Dumazet
Use netdev_alloc_skb_ip_align() helper and do correct allocation Tested-by: Abraham Arce <x0066660@ti.com> Signed-off-by: Abraham Arce <x0066660@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08udp: add rehash on connect()Eric Dumazet
commit 30fff923 introduced in linux-2.6.33 (udp: bind() optimisation) added a secondary hash on UDP, hashed on (local addr, local port). Problem is that following sequence : fd = socket(...) connect(fd, &remote, ...) not only selects remote end point (address and port), but also sets local address, while UDP stack stored in secondary hash table the socket while its local address was INADDR_ANY (or ipv6 equivalent) Sequence is : - autobind() : choose a random local port, insert socket in hash tables [while local address is INADDR_ANY] - connect() : set remote address and port, change local address to IP given by a route lookup. When an incoming UDP frame comes, if more than 10 sockets are found in primary hash table, we switch to secondary table, and fail to find socket because its local address changed. One solution to this problem is to rehash datagram socket if needed. We add a new rehash(struct socket *) method in "struct proto", and implement this method for UDP v4 & v6, using a common helper. This rehashing only takes care of secondary hash table, since primary hash (based on local port only) is not changed. Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08net: blackhole route should always be recalculatedJianzhao Wang
Blackhole routes are used when xfrm_lookup() returns -EREMOTE (error triggered by IKE for example), hence this kind of route is always temporary and so we should check if a better route exists for next packets. Bug has been introduced by commit d11a4dc18bf41719c9f0d7ed494d295dd2973b92. Signed-off-by: Jianzhao Wang <jianzhao.wang@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08ipv4: Suppress lockdep-RCU false positive in FIB trie (3)Jarek Poplawski
Hi, Here is one more of these warnings and a patch below: Sep 5 23:52:33 del kernel: [46044.244833] =================================================== Sep 5 23:52:33 del kernel: [46044.269681] [ INFO: suspicious rcu_dereference_check() usage. ] Sep 5 23:52:33 del kernel: [46044.277000] --------------------------------------------------- Sep 5 23:52:33 del kernel: [46044.285185] net/ipv4/fib_trie.c:1756 invoked rcu_dereference_check() without protection! Sep 5 23:52:33 del kernel: [46044.293627] Sep 5 23:52:33 del kernel: [46044.293632] other info that might help us debug this: Sep 5 23:52:33 del kernel: [46044.293634] Sep 5 23:52:33 del kernel: [46044.325333] Sep 5 23:52:33 del kernel: [46044.325335] rcu_scheduler_active = 1, debug_locks = 0 Sep 5 23:52:33 del kernel: [46044.348013] 1 lock held by pppd/1717: Sep 5 23:52:33 del kernel: [46044.357548] #0: (rtnl_mutex){+.+.+.}, at: [<c125dc1f>] rtnl_lock+0xf/0x20 Sep 5 23:52:33 del kernel: [46044.367647] Sep 5 23:52:33 del kernel: [46044.367652] stack backtrace: Sep 5 23:52:33 del kernel: [46044.387429] Pid: 1717, comm: pppd Not tainted 2.6.35.4.4a #3 Sep 5 23:52:33 del kernel: [46044.398764] Call Trace: Sep 5 23:52:33 del kernel: [46044.409596] [<c12f9aba>] ? printk+0x18/0x1e Sep 5 23:52:33 del kernel: [46044.420761] [<c1053969>] lockdep_rcu_dereference+0xa9/0xb0 Sep 5 23:52:33 del kernel: [46044.432229] [<c12b7235>] trie_firstleaf+0x65/0x70 Sep 5 23:52:33 del kernel: [46044.443941] [<c12b74d4>] fib_table_flush+0x14/0x170 Sep 5 23:52:33 del kernel: [46044.455823] [<c1033e92>] ? local_bh_enable_ip+0x62/0xd0 Sep 5 23:52:33 del kernel: [46044.467995] [<c12fc39f>] ? _raw_spin_unlock_bh+0x2f/0x40 Sep 5 23:52:33 del kernel: [46044.480404] [<c12b24d0>] ? fib_sync_down_dev+0x120/0x180 Sep 5 23:52:33 del kernel: [46044.493025] [<c12b069d>] fib_flush+0x2d/0x60 Sep 5 23:52:33 del kernel: [46044.505796] [<c12b06f5>] fib_disable_ip+0x25/0x50 Sep 5 23:52:33 del kernel: [46044.518772] [<c12b10d3>] fib_netdev_event+0x73/0xd0 Sep 5 23:52:33 del kernel: [46044.531918] [<c1048dfd>] notifier_call_chain+0x2d/0x70 Sep 5 23:52:33 del kernel: [46044.545358] [<c1048f0a>] raw_notifier_call_chain+0x1a/0x20 Sep 5 23:52:33 del kernel: [46044.559092] [<c124f687>] call_netdevice_notifiers+0x27/0x60 Sep 5 23:52:33 del kernel: [46044.573037] [<c124faec>] __dev_notify_flags+0x5c/0x80 Sep 5 23:52:33 del kernel: [46044.586489] [<c124fb47>] dev_change_flags+0x37/0x60 Sep 5 23:52:33 del kernel: [46044.599394] [<c12a8a8d>] devinet_ioctl+0x54d/0x630 Sep 5 23:52:33 del kernel: [46044.612277] [<c12aabb7>] inet_ioctl+0x97/0xc0 Sep 5 23:52:34 del kernel: [46044.625208] [<c123f6af>] sock_ioctl+0x6f/0x270 Sep 5 23:52:34 del kernel: [46044.638046] [<c109d2b0>] ? handle_mm_fault+0x420/0x6c0 Sep 5 23:52:34 del kernel: [46044.650968] [<c123f640>] ? sock_ioctl+0x0/0x270 Sep 5 23:52:34 del kernel: [46044.663865] [<c10c3188>] vfs_ioctl+0x28/0xa0 Sep 5 23:52:34 del kernel: [46044.676556] [<c10c38fa>] do_vfs_ioctl+0x6a/0x5c0 Sep 5 23:52:34 del kernel: [46044.688989] [<c1048676>] ? up_read+0x16/0x30 Sep 5 23:52:34 del kernel: [46044.701411] [<c1021376>] ? do_page_fault+0x1d6/0x3a0 Sep 5 23:52:34 del kernel: [46044.714223] [<c10b6588>] ? fget_light+0xf8/0x2f0 Sep 5 23:52:34 del kernel: [46044.726601] [<c1241f98>] ? sys_socketcall+0x208/0x2c0 Sep 5 23:52:34 del kernel: [46044.739140] [<c10c3eb3>] sys_ioctl+0x63/0x70 Sep 5 23:52:34 del kernel: [46044.751967] [<c12fca3d>] syscall_call+0x7/0xb Sep 5 23:52:34 del kernel: [46044.764734] [<c12f0000>] ? cookie_v6_check+0x3d0/0x630 --------------> This patch fixes the warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- net/ipv4/fib_trie.c:1756 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by pppd/1717: #0: (rtnl_mutex){+.+.+.}, at: [<c125dc1f>] rtnl_lock+0xf/0x20 stack backtrace: Pid: 1717, comm: pppd Not tainted 2.6.35.4a #3 Call Trace: [<c12f9aba>] ? printk+0x18/0x1e [<c1053969>] lockdep_rcu_dereference+0xa9/0xb0 [<c12b7235>] trie_firstleaf+0x65/0x70 [<c12b74d4>] fib_table_flush+0x14/0x170 ... Allow trie_firstleaf() to be called either under rcu_read_lock() protection or with RTNL held. The same annotation is added to node_parent_rcu() to prevent a similar warning a bit later. Followup of commits 634a4b20 and 4eaa0e3c. Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALLBen Hutchings
niu_get_ethtool_tcam_all() assumes that its output buffer is the right size, and warns before returning if it is not. However, the output buffer size is under user control and ETHTOOL_GRXCLSRLALL is an unprivileged ethtool command. Therefore this is at least a local denial-of-service vulnerability. Change it to check before writing each entry and to return an error if the buffer is already full. Compile-tested only. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08ipvs: fix active FTPJulian Anastasov
- Do not create expectation when forwarding the PORT command to avoid blocking the connection. The problem is that nf_conntrack_ftp.c:help() tries to create the same expectation later in POST_ROUTING and drops the packet with "dropping packet" message after failure in nf_ct_expect_related. - Change ip_vs_update_conntrack to alter the conntrack for related connections from real server. If we do not alter the reply in this direction the next packet from client sent to vport 20 comes as NEW connection. We alter it but may be some collision happens for both conntracks and the second conntrack gets destroyed immediately. The connection stucks too. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-08gro: Re-fix different skb headroomsJarek Poplawski
The patch: "gro: fix different skb headrooms" in its part: "2) allocate a minimal skb for head of frag_list" is buggy. The copied skb has p->data set at the ip header at the moment, and skb_gro_offset is the length of ip + tcp headers. So, after the change the length of mac header is skipped. Later skb_set_mac_header() sets it into the NET_SKB_PAD area (if it's long enough) and ip header is misaligned at NET_SKB_PAD + NET_IP_ALIGN offset. There is no reason to assume the original skb was wrongly allocated, so let's copy it as it was. bugzilla : https://bugzilla.kernel.org/show_bug.cgi?id=16626 fixes commit: 3d3be4333fdf6faa080947b331a6a19bce1a4f57 Reported-by: Plamen Petrov <pvp-lsts@fs.uni-ruse.bg> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> CC: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Tested-by: Plamen Petrov <pvp-lsts@fs.uni-ruse.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6: PCI: bus speed strings should be const PCI hotplug: Fix build with CONFIG_ACPI unset PCI: PCIe: Remove the port driver module exit routine PCI: PCIe: Move PCIe PME code to the pcie directory PCI: PCIe: Disable PCIe port services during port initialization PCI: PCIe: Ask BIOS for control of all native services at once ACPI/PCI: Negotiate _OSC control bits before requesting them ACPI/PCI: Do not preserve _OSC control bits returned by a query ACPI/PCI: Make acpi_pci_query_osc() return control bits ACPI/PCI: Reorder checks in acpi_pci_osc_control_set() PCI: PCIe: Introduce commad line switch for disabling port services PCI: PCIe AER: Introduce pci_aer_available() x86/PCI: only define pci_domain_nr if PCI and PCI_DOMAINS are set PCI: provide stub pci_domain_nr function for !CONFIG_PCI configs
2010-09-07Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfsLinus Torvalds
* 'for-linus' of git://oss.sgi.com/xfs/xfs: xfs: Make fiemap work with sparse files xfs: prevent 32bit overflow in space reservation xfs: Disallow 32bit project quota id xfs: improve buffer cache hash scalability
2010-09-07Merge branch 'for-linus' of git://android.kernel.org/kernel/tegraLinus Torvalds
* 'for-linus' of git://android.kernel.org/kernel/tegra: [ARM] tegra: Add ZRELADDR default for ARCH_TEGRA
2010-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6: alpha: Fix printk format errors alpha: convert perf_event to use local_t Fix call to replaced SuperIO functions alpha: remove homegrown L1_CACHE_ALIGN macro
2010-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: 9p: potential ERR_PTR() dereference
2010-09-07Merge branch 'for-linus' of git://neil.brown.name/mdLinus Torvalds
* 'for-linus' of git://neil.brown.name/md: md: resolve confusion of MD_CHANGE_CLEAN md: don't clear MD_CHANGE_CLEAN in md_update_sb() for external arrays Move .gitignore from drivers/md to lib/raid6
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: Revert "hwrng: n2-drv - remove casts from void*" crypto: testmgr - Default to no tests crypto: testmgr - Fix test disabling option crypto: hash - Fix handling of small unaligned buffers
2010-09-07Merge branch 'merge' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc/pseries: Correct rtas_data_buf locking in dlpar code powerpc/85xx: Add P1021 PCI IDs and quirks arch/powerpc/sysdev/qe_lib/qe.c: Add of_node_put to avoid memory leak arch/powerpc/platforms/83xx/mpc837x_mds.c: Add missing iounmap fsl_rio: fix compile errors powerpc/85xx: Fix compile issue with p1022_ds due to lmb rename to memblock powerpc/85xx: Fix compilation of mpc85xx_mds.c powerpc: Don't use kernel stack with translation off powerpc/perf_event: Reduce latency of calling perf_event_do_pending powerpc/kexec: Adds correct calling convention for kexec purgatory
2010-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu: fix a mismatch between code and comment percpu: fix a memory leak in pcpu_extend_area_map() percpu: add __percpu notations to UP allocator percpu: handle __percpu notations in UP accessors
2010-09-07Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wqLinus Torvalds
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: use zalloc_cpumask_var() for gcwq->mayday_mask workqueue: fix GCWQ_DISASSOCIATED initialization workqueue: Add a workqueue chapter to the tracepoint docbook workqueue: fix cwq->nr_active underflow workqueue: improve destroy_workqueue() debuggability workqueue: mark lock acquisition on worker_maybe_bind_and_lock() workqueue: annotate lock context change workqueue: free rescuer on destroy_workqueue
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (26 commits) pkt_sched: Fix lockdep warning on est_tree_lock in gen_estimator ipvs: avoid oops for passive FTP Revert "sky2: don't do GRO on second port" gro: fix different skb headrooms bridge: Clear INET control block of SKBs passed into ip_fragment(). 3c59x: Remove incorrect locking; correct documented lock hierarchy sky2: don't do GRO on second port ipv4: minor fix about RPF in help of Kconfig xfrm_user: avoid a warning with some compiler net/sched/sch_hfsc.c: initialize parent's cl_cfmin properly in init_vf() pxa168_eth: fix a mdiobus leak net sched: fix kernel leak in act_police vhost: stop worker only if created MAINTAINERS: Add ehea driver as Supported ath9k_hw: fix parsing of HT40 5 GHz CTLs ath9k_hw: Fix EEPROM uncompress block reading on AR9003 wireless: register wiphy rfkill w/o holding cfg80211_mutex netlink: Make NETLINK_USERSOCK work again. irda: Correctly clean up self->ias_obj on irda_bind() failure. wireless extensions: fix kernel heap content leak ...
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: Staging: wlan-ng: Explicitly set some fields in cfg80211 interface Staging: octeon: depends on NETDEVICES Staging: spectra: depend on X86_MRST Staging: zram: free device memory when init fails Staging: rt2870sta: Add more device IDs from vendor drivers staging: comedi das08_cs.c: Fix io_req_t conversion staging: spectra needs <linux/slab.h> staging: hv: Fixed lockup problem with bounce_buffer scatter list staging: hv: Increased storvsc ringbuffer and max_io_requests staging: hv: Fixed the value of the 64bit-hole inside ring buffer staging: hv: Fixed bounce kmap problem by using correct index staging: hv: Fix missing functions for net_device_ops
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6: sysfs: checking for NULL instead of ERR_PTR
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: USB: ftdi_sio: Added custom PIDs for ChamSys products USB: cdc-acm: Fixing crash when ACM probing interfaces with no endpoint descriptors. USB: cdc-acm: Add pseudo modem without AT command capabilities USB: cxacru: Use a bulk/int URB to access the command endpoint usb: serial: mos7840: Add USB IDs to support more B&B USB/RS485 converters. USB: cdc-acm: Adding second ACM channel support for various Nokia and one Samsung phones usb: serial: mos7840: Add USB ID to support the B&B Electronics USOPTL4-2P. USB: ssu100: turn off debug flag usb: allow drivers to use allocated bandwidth until unbound USB: cp210x usb driver: add USB_DEVICE for Pirelli DP-L10 mobile. USB: cp210x: Add B&G H3000 link cable ID USB: CP210x Add new device ID USB: option: fix incorrect novatel entries USB: Fix kernel oops with g_ether and Windows USB: rndis: section mismatch fix USB: ehci-ppc-of: problems in unwind USB: s3c-hsotg: Remove DEBUG define
2010-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6: tty: fix tty_line must not be equal to number of allocated tty pointers in tty driver serial: bfin_sport_uart: restore transmit frame sync fix serial: fix port type conflict between NS16550A & U6_16550A MAINTAINERS: orphan isicom vt: Fix console corruption on driver hand-over.
2010-09-07Merge branch 'linux-next' of git://git.infradead.org/ubi-2.6Linus Torvalds
* 'linux-next' of git://git.infradead.org/ubi-2.6: UBI: do not oops when erroneous PEB is scheduled for scrubbing UBI: fix kconfig unmet dependency UBI: fix forward compatibility UBI: eliminate update of list_for_each_entry loop cursor
2010-09-07Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2: nilfs2: fix leak of shadow dat inode in error path of load_nilfs
2010-09-07Merge branch 'drm-intel-fixes' of git://anongit.freedesktop.org/~ickle/drm-intelLinus Torvalds
* 'drm-intel-fixes' of git://anongit.freedesktop.org/~ickle/drm-intel: (25 commits) intel_agp,i915: Add more sandybridge graphics device ids drm/i915: Enable MI_FLUSH on Sandybridge agp/intel: Fix cache control for Sandybridge agp/intel: use #ifdef idiom for intel-agp.h agp/intel: fix physical address mask bits for sandybridge drm/i915: Prevent double dpms on drm/i915: Avoid use of uninitialised values when disabling panel-fitter drm/i915: Avoid pageflipping freeze when we miss the flip prepare interrupt drm/i915: Tightly scope intel_encoder to prevent invalid use drm/i915: Allocate the PCI resource for the MCHBAR drm/i915/dp: Really try 5 times before giving up. drm/i915/sdvo: Restore guess of the DDC bus in absence of VBIOS drm/i915/dp: Boost timeout for enabling transcoder to 100ms drm/i915: Re-use set_base_atomic to share setting of the display registers drm/i915: Fix offset page-flips on i965+ drm/i915: Include a generation number in the device info i915: return -EFAULT if copy_to_user fails i915: return -EFAULT if copy_to_user fails agp/intel: Promote warning about failure to setup flush to error. drm/i915: overlay on gen2 can't address above 1G ...
2010-09-07Merge branch 'drm-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 * 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm: Do not force 1024x768 modes on unknown connectors drm/kms: Add a module parameter to disable polling drm/radeon/kms: fix tv-out on avivo asics drm/radeon/kms/evergreen: fix gpu hangs in userspace accel code drm/nv50: initialize ramht_refs list for faked 0 channel drm/nouveau: Don't take struct_mutex around the pushbuf IOCTL. drm/nouveau: Take fence spinlock before reading the last sequence. drm/radeon/kms/evergreen: work around bad data in some i2c tables drm/radeon/kms: properly set crtc high base on r7xx drm/radeon/kms: fix tv module parameter drm/radeon/kms: force legacy pll algo for RV515 LVDS drm/radeon/kms: remove useless clock code drm/radeon/kms: fix a regression on r7xx AGP due to the HDP flush fix drm/radeon/kms: use tracked values for sclk and mclk
2010-09-07via-velocity: Turn scatter-gather support back off.David S. Miller
It causes all kinds of DMA API debugging assertions and all straight-forward attempts to fix it have failed. So turn off SG, and we'll tackle making this work properly in net-next-2.6 Reported-by: Dave Jones <davej@redhat.com> Tested-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07ipv4: Fix reverse path filtering with multipath routing.David S. Miller
Actually iterate over the next-hops to make sure we have a device match. Otherwise RP filtering is always elided when the route matched has multiple next-hops. Reported-by: Igor M Podlesny <for.poige@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07UNIX: Do not loop forever at unix_autobind().Tetsuo Handa
We assumed that unix_autobind() never fails if kzalloc() succeeded. But unix_autobind() allows only 1048576 names. If /proc/sys/fs/file-max is larger than 1048576 (e.g. systems with more than 10GB of RAM), a local user can consume all names using fork()/socket()/bind(). If all names are in use, those who call bind() with addr_len == sizeof(short) or connect()/sendmsg() with setsockopt(SO_PASSCRED) will continue while (1) yield(); loop at unix_autobind() till a name becomes available. This patch adds a loop counter in order to give up after 1048576 attempts. Calling yield() for once per 256 attempts may not be sufficient when many names are already in use, for __unix_find_socket_byname() can take long time under such circumstance. Therefore, this patch also adds cond_resched() call. Note that currently a local user can consume 2GB of kernel memory if the user is allowed to create and autobind 1048576 UNIX domain sockets. We should consider adding some restriction for autobind operation. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07PATCH: b44 Handle RX FIFO overflow better (simplified)Mark Lord
This patch is a simplified version of the original patch from James Courtier-Dutton. >From: James Courtier-Dutton >Subject: [PATCH] Fix b44 RX FIFO overflow recovery. >Date: Wednesday, June 30, 2010 - 1:11 pm > >This patch improves the recovery after a RX FIFO overflow on the b44 >Ethernet NIC. >Before it would do a complete chip reset, resulting is loss of link >for a few seconds. >This patch improves this to do recovery in about 20ms without loss of link. > >Signed off by: James@superbug.co.uk Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07irda: off by oneDan Carpenter
This is an off by one. We would go past the end when we NUL terminate the "value" string at end of the function. The "value" buffer is allocated in irlan_client_parse_response() or irlan_provider_parse_command(). CC: stable@kernel.org Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-073c59x: Fix deadlock in vortex_error()Ben Hutchings
This fixes a bug introduced in commit de847272149365363a6043a963a6f42fb91566e2 "3c59x: Use fine-grained locks for MII and windowed register access". vortex_interrupt() holds vp->window_lock over multiple register accesses to reduce locking overhead. However it also needs to call vortex_error() sometimes, and that uses the regular functions for access to windowed registers, which will try to acquire window_lock again. Therefore, drop window_lock around the call to vortex_error() and set the window afterward reacquiring the lock. Since vortex_error() may call vortex_rx(), which *does* require its caller to hold window_lock, lift that call up into vortex_interrupt(). This also removes the potential for calling vortex_rx() on a later-generation NIC. Reported-and-tested-by: Jens Schüßler <jgs@trash.net> [in Debian's 2.6.32] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07netfilter: discard overlapping IPv6 fragmentNicolas Dichtel
RFC5722 prohibits reassembling IPv6 fragments when some data overlaps. Bug spotted by Zhang Zuotao <zuotao.zhang@6wind.com>. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07ipv6: discard overlapping fragmentNicolas Dichtel
RFC5722 prohibits reassembling fragments when some data overlaps. Bug spotted by Zhang Zuotao <zuotao.zhang@6wind.com>. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07net: fix tx queue selection for bridged devices implementing select_queueHelmut Schaa
When a net device is implementing the select_queue callback and is part of a bridge, frames coming from the bridge already have a tx queue associated to the socket (introduced in commit a4ee3ce3293dc931fab19beb472a8bde1295aebe, "net: Use sk_tx_queue_mapping for connected sockets"). The call to sk_tx_queue_get will then return the tx queue used by the bridge instead of calling the select_queue callback. In case of mac80211 this broke QoS which is implemented by using the select_queue callback. Furthermore it introduced problems with rt2x00 because frames with the same TID and RA sometimes appeared on different tx queues which the hw cannot handle correctly. Fix this by always calling select_queue first if it is available and only afterwards use the socket tx queue mapping. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07bonding: Fix jiffies overflow problems (again)Jiri Bohac
The time_before_eq()/time_after_eq() functions operate on unsigned long and only work if the difference between the two compared values is smaller than half the range of unsigned long (31 bits on i386). Some of the variables (slave->jiffies, dev->trans_start, dev->last_rx) used by bonding store a copy of jiffies and may not be updated for a long time. With HZ=1000, time_before_eq()/time_after_eq() will start giving bad results after ~25 days. jiffies will never be before slave->jiffies, dev->trans_start, dev->last_rx by more than possibly a couple ticks caused by preemption of this code. This allows us to detect/prevent these overflows by replacing time_before_eq()/time_after_eq() with time_in_range(). Signed-off-by: Jiri Bohac <jbohac@suse.cz> Signed-off-by: Jean Delvare <jdelvare@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07stmmac: fix sleep inside atomicGiuseppe Cavallaro
We cannot use spinlock when kmalloc is invoked with GFP_KERNEL flag because it can sleep. So this patch reviews the usage of spinlock within the stmmac_resume function avoing this bug. Signed-off-by: Giuseppe Cavallaro <peppe.cavallaro@st.com> Reported-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-07m68knommu: fix missing linker segmentsGreg Ungerer
Recent changes to linker segments that hold per-cpu data broke linking for m68knommu targets: LD vmlinux /usr/local/bin/m68k-uclinux-ld.real: error: no memory region specified for loadable section `.data..shared_aligned' Add missing segments into the m68knommu linker script. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-07h8300: Fix missing consts in kernel_execve()David Howells
Fix missing consts in h8300's kernel_execve(): arch/h8300/kernel/sys_h8300.c: In function 'kernel_execve': arch/h8300/kernel/sys_h8300.c:59: warning: initialization from incompatible pointer type arch/h8300/kernel/sys_h8300.c:60: warning: initialization from incompatible pointer type Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-07h8300: Fix die()David Howells
Fix h8300's die() to take care of a number of problems: CC arch/h8300/kernel/traps.o In file included from arch/h8300/include/asm/bitops.h:10, from include/linux/bitops.h:22, from include/linux/kernel.h:17, from include/linux/sched.h:54, from arch/h8300/kernel/traps.c:18: arch/h8300/include/asm/system.h:136: warning: 'struct pt_regs' declared inside parameter list arch/h8300/include/asm/system.h:136: warning: its scope is only this definition or declaration, which is probably not what you want arch/h8300/kernel/traps.c:100: error: conflicting types for 'die' arch/h8300/include/asm/system.h:136: error: previous declaration of 'die' was here make[2]: *** [arch/h8300/kernel/traps.o] Error 1 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-07h8300: IRQ flags should be stored in an unsigned longDavid Howells
Fix h8300's asm/atomic.h to store the IRQ flags in an unsigned long to deal with warnings of the following type: arch/h8300/include/asm/atomic.h: In function 'atomic_add_return': arch/h8300/include/asm/atomic.h:22: warning: comparison of distinct pointer types lacks a cast arch/h8300/include/asm/atomic.h:24: warning: comparison of distinct pointer types lacks a cast Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-07VFS: Sanity check mount flags passed to change_mnt_propagation()Valerie Aurora
Sanity check the flags passed to change_mnt_propagation(). Exactly one flag should be set. Return EINVAL otherwise. Userspace can pass in arbitrary combinations of MS_* flags to mount(). do_change_type() is called if any of MS_SHARED, MS_PRIVATE, MS_SLAVE, or MS_UNBINDABLE is set. do_change_type() clears MS_REC and then calls change_mnt_propagation() with the rest of the user-supplied flags. change_mnt_propagation() clearly assumes only one flag is set but do_change_type() does not check that this is true. For example, mount() with flags MS_SHARED | MS_RDONLY does not actually make the mount shared or read-only but does clear MNT_UNBINDABLE. Signed-off-by: Valerie Aurora <vaurora@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-07intel_agp,i915: Add more sandybridge graphics device idsZhenyu Wang
New pci ids for GT2 and GT2+ on desktop and mobile sandybridge, and graphics device ids for server sandybridge. Also rename original ids string to reflect GT1 version. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: stable@kernel.org Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
2010-09-07drm/i915: Enable MI_FLUSH on SandybridgeZhenyu Wang
MI_FLUSH is being deprecated, but still available on Sandybridge. Make sure it's enabled as userspace still uses MI_FLUSH. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: stable@kernel.org Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
2010-09-07agp/intel: Fix cache control for SandybridgeZhenyu Wang
Sandybridge GTT has new cache control bits in PTE, which controls graphics page cache in LLC or LLC/MLC, so we need to extend the mask function to respect the new bits. And set cache control to always LLC only by default on Gen6. Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: stable@kernel.org Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
2010-09-07agp/intel: use #ifdef idiom for intel-agp.hZhenyu Wang
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: stable@kernel.org Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
2010-09-07agp/intel: fix physical address mask bits for sandybridgeZhenyu Wang
It should shift bit 39-32 into pte's bit 11-4. Reported-by:Takashi Iwai <tiwai@suse.de> Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: stable@kernel.org Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
2010-09-07drm/i915: Prevent double dpms onChris Wilson
Arguably this is a bug in drm-core in that we should not be called twice in succession with DPMS_ON, however this is still occuring and we see FDI link training failures on the second call leading to the occassional blank display. For the time being ignore the repeated call. Original patch by Dave Airlie <airlied@redhat.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: stable@kernel.org
2010-09-07drm/i915: Avoid use of uninitialised values when disabling panel-fitterChris Wilson
We were passing garbage values into the panel-fitter control register when disabling it on Ironlake - those values (filter modes and reserved MBZ bits) would have then be re-used the next time panel-fitting was enabled. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>