aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-06-08pi-futex: fix exit races and locking problemsAlexey Kuznetsov
1. New entries can be added to tsk->pi_state_list after task completed exit_pi_state_list(). The result is memory leakage and deadlocks. 2. handle_mm_fault() is called under spinlock. The result is obvious. 3. results in self-inflicted deadlock inside glibc. Sometimes futex_lock_pi returns -ESRCH, when it is not expected and glibc enters to for(;;) sleep() to simulate deadlock. This problem is quite obvious and I think the patch is right. Though it looks like each "if" in futex_lock_pi() got some stupid special case "else if". :-) 4. sometimes futex_lock_pi() returns -EDEADLK, when nobody has the lock. The reason is also obvious (see comment in the patch), but correct fix is far beyond my comprehension. I guess someone already saw this, the chunk: if (rt_mutex_trylock(&q.pi_state->pi_mutex)) ret = 0; is obviously from the same opera. But it does not work, because the rtmutex is really taken at this point: wake_futex_pi() of previous owner reassigned it to us. My fix works. But it looks very stupid. I would think about removal of shift of ownership in wake_futex_pi() and making all the work in context of process taking lock. From: Thomas Gleixner <tglx@linutronix.de> Fix 1) Avoid the tasklist lock variant of the exit race fix by adding an additional state transition to the exit code. This fixes also the issue, when a task with recursive segfaults is not able to release the futexes. Fix 2) Cleanup the lookup_pi_state() failure path and solve the -ESRCH problem finally. Fix 3) Solve the fixup_pi_state_owner() problem which needs to do the fixup in the lock protected section by using the in_atomic userspace access functions. This removes also the ugly lock drop / unqueue inside of fixup_pi_state() Fix 4) Fix a stale lock in the error path of futex_wake_pi() Added some error checks for verification. The -EDEADLK problem is solved by the rtmutex fixups. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08rt-mutex: fix chain walk early wakeup bugThomas Gleixner
Alexey Kuznetsov found some problems in the pi-futex code. One of the root causes is: When a wakeup happens, we do not to stop the chain walk so we follow a not longer relevant locking chain. Drop out when this happens. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08rt-mutex: fix stale return valueThomas Gleixner
Alexey Kuznetsov found some problems in the pi-futex code. The major problem is a stale return value in rt_mutex_slowlock(): When the pi chain walk returns -EDEADLK, but the waiter was woken up during the phases where the locks were dropped, the rtmutex could be acquired, but due to the stale return value -EDEADLK returned to the caller. Reset the return value in the retry path. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08sata_promise: use TF interface for polling NODATA commandsTejun Heo
sata_promise uses two different command modes - packet and TF. Packet mode is intelligent low-overhead mode while TF is the same old taskfile interface. As with other advanced interface (ahci/sil24), ATA_TFLAG_POLLING has no effect in packet mode. However, PIO commands are issued using TF interface in polling mode, so pdc_interrupt() considers interrupts spurious if ATA_TFLAG_POLLING is set. This is broken for polling NODATA commands because command is issued using packet mode but the interrupt handler ignores it due to ATA_TFLAG_POLLING. Fix pdc_qc_issue_prot() such that ATA/ATAPI NODATA commands are issued using TF interface if ATA_TFLAG_POLLING is set. This patch fixes detection failure introduced by polling SETXFERMODE. Signed-off-by: Tejun Heo <htejun@gmail.com> Acked-by: Mikael Pettersson <mikpe@it.uu.se> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08isdn/diva: fix section mismatchRandy Dunlap
__exit function is used by both init and exit routines, so it cannot be marked __init. (from allyesconfig) WARNING: drivers/built-in.o(.text+0x9b83cf): Section mismatch: reference to .exit.text: (between 'divasfunc_exit' and 'didd_callback') Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Karsten Keil <kkeil@suse.de> Acked-by: Armin Schindler <armin@melware.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08uml: get declaration of simple_strtoulJeff Dike
Include linux/kernel.h wherever simple_strtoul is used. This kills a compile warning in stderr_console.c and potential ones in the other files. This also fixes a bunch of style violations in exitcode.c. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08Char: stallion, proper fail return valuesJiri Slaby
do not return 0 in one case and return proper values in other 2. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08Char: stallion, alloc tty before pci devices initJiri Slaby
this causes oops, because pci probe function calls tty_register_device for each device found. Thanks to Ingo. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: "Ingo Korb" <ingo@akana.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08Char: stallion, don't fail with less than max panelsJiri Slaby
Since it's not neccesary to have MAX_PANELS on the card, don't fail to let users use this card even in this case. Stop the testing for loop instead. Thanks to Ingo. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: "Ingo Korb" <ingo@akana.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08Move three functions that are only needed for CONFIG_MEMORY_HOTPLUGStephen Rothwell
into the appropriate #ifdef. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Cc: Andy Whitcroft <apw@shadowen.org> Cc: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08Documentation/atomic_ops.txt typo fixRatnadeep Joshi
Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08uml: fix kernel stack size on x86_64Jeff Dike
Force KERNEL_STACK_ORDER to be at least 1 on UML/x86_64, to avoid overflows. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08SLUB: return ZERO_SIZE_PTR for kmalloc(0)Christoph Lameter
Instead of returning the smallest available object return ZERO_SIZE_PTR. A ZERO_SIZE_PTR can be legitimately used as an object pointer as long as it is not deferenced. The dereference of ZERO_SIZE_PTR causes a distinctive fault. kfree can handle a ZERO_SIZE_PTR in the same way as NULL. This enables functions to use zero sized object. e.g. n = number of objects. objects = kmalloc(n * sizeof(object)); for (i = 0; i < n; i++) objects[i].x = y; kfree(objects); Signed-off-by: Christoph Lameter <clameter@sgi.com> Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08potential parse error in ifdef part 3Yoann Padioleau
Fix various bits of obviously-busted code which we're not happening to compile, due to ifdefs. Signed-off-by: Yoann Padioleau <padator@wanadoo.fr> Cc: Andi Kleen <ak@suse.de> Cc: Paul Mackerras <paulus@samba.org> Acked-by: Paul Mundt <lethal@linux-sh.org> Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08slab: fix alien cache handlingChristoph Lameter
cache_free_alien must be called regardless if we use alien caches or not. cache_free_alien() will do the right thing if there are no alien caches available. Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Paul Mundt <lethal@linux-sh.org> Acked-by: Pekka J Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08mount -t tmpfs -o mpol=: check nodes onlineHugh Dickins
Randy Dunlap reports that a tmpfs, mounted with NUMA mpol= specifying an offline node, crashes as soon as data is allocated upon it. Now restrict it to online nodes, where before it restricted to MAX_NUMNODES. Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: Robin Holt <holt@sgi.com> Cc: Christoph Lameter <clameter@sgi.com> Cc: Andi Kleen <ak@suse.de> Tested-and-acked-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08update feature-removal-schedule.txt to include deprecated functionsAndy Whitcroft
Now that deprecated functions are detected out of Documentation/feature-removal-schedule.txt update this to include kernel_thread. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08document Acked-by:Andrew Morton
Explain what we use Acked-by: for, and how it differs from Signed-off-by: Acked-by: Dave Jones <davej@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08loop: preallocate eight loop devicesKen Chen
The kernel on-demand loop device instantiation breaks several user space tools as the tools are not ready to cope with the "on-demand feature". Fix it by instantiate default 8 loop devices and also reinstate max_loop module parameter. Signed-off-by: Ken Chen <kenchen@google.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08nommu: report correct errno in messageGreg Ungerer
Report the correct errno for out of memory debug output in binfmt_flat.c Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: Greg Ungerer <gerg@uclinux.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08m68knommu: fix ColdFire timer off by 1Greg Ungerer
The coldfire timer runs from 0 to TRR included, then 0 again and so on. It counts thus actually TRR + 1 steps for 1 tick, not TRR. Fix that. Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-08update checkpatch.pl to version 0.03Andy Whitcroft
This version brings a host of changes to cure false positives and bugs detected on patches submitted to lkml and -mm. It also brings a number of new tests in response to reviews, of particular note: - catch use of volatile - allow deprecated functions to be listed in feature-removal-schedule.txt - warn about #ifdef's in c files - check that spinlock_t and struct mutex use is commented - report on architecture specific defines being used - report memory barriers without an associated comment Full changelog: catch use of volatile convert other quoted string checks to common routine alloc deprecated functions to be listed in feature-removal-schedule.txt split out the line length and indent for each line improve switch block handling handle GNU diff context lines with no leading space warn about #ifdef's in c files tidy up tests for signed-off-by using raw mode check that spinlock_t and struct mutex use is commented syntax checks for open brace placement may drop off the bottom of hunk report memory barriers without an associated comment when a sign off is present but ugly do not report it missing do not mistake bitfield definitions for indented labels report on architecture specific defines being used major update to the operator checks prevent switch/if/while etc matching foo_switch generify assignement in condition error message introduce an operator context marker Version: 0.03 Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-07RAMFS NOMMU: missed POSIX UID/GID inode attribute checkingBryan Wu
This bug was caught by LTP testcase fchmod06 on Blackfin platform. In the manpage of fchmod, "EPERM: The effective UID does not match the owner of the file, and the process is not privileged (Linux: it does not have the CAP_FOWNER capability)." But the ramfs nommu code missed the inode_change_ok POSIX UID/GID verification. This patch fixed this. Signed-off-by: Bryan Wu <bryan.wu@analog.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-07Merge git://git.linux-xtensa.org/kernel/xtensa-feedLinus Torvalds
* git://git.linux-xtensa.org/kernel/xtensa-feed: Xtensa: use asm-generic/fcntl.h [XTENSA] Remove non-rt signal handling [XTENSA] Move common sections into bss sections [XTENSA] clean-up header files [XTENSA] Use generic 64-bit division [XTENSA] Remove multi-exported symbols from xtensa_ksyms.c [XTENSA] fix sources using deprecated assembler directive [XTENSA] Spelling fixes in arch/xtensa [XTENSA] fix bit operations in bitops.h
2007-06-07Merge branch 'master' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 * 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC64]: Fix SBUS IRQ regression caused by PCI-E driver. [SPARC64]: Fix 2 bugs in PCI Sabre bus scanning.
2007-06-07Merge branch 'master' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 * 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (24 commits) xfrm: Add security check before flushing SAD/SPD [NET_SCHED]: Fix filter double free [NET]: Avoid duplicate netlink notification when changing link state [UDP]: Revert 2-pass hashing changes. [AF_UNIX]: Fix stream recvmsg() race. [NETFILTER]: nf_conntrack_amanda: fix textsearch_prepare() error check [NETFILTER]: ip_tables: fix compat related crash [NETFILTER]: nf_conntrack: fix helper module unload races [RTNETLINK]: ifindex 0 does not exist [NETLINK]: Mark netlink policies const [TCP] tcp_probe: Attach printf attribute properly to printl(). [TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer(). [NET]: Merge dst_discard_in and dst_discard_out. [RFKILL]: Make rfkill->name const [IPV4]: Restore old behaviour of default config values [IPV4]: Add default config support after inetdev_init [IPV4]: Convert IPv4 devconf to an array [IPV4]: Only panic if inetdev_init fails for loopback [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack [BNX2]: Update version and reldate. ...
2007-06-07enable interrupts in user path of page fault.Steven Rostedt
This is a minor fix, but what is currently there is essentially wrong. In do_page_fault, if the faulting address from user code happens to be in kernel address space (int *p = (int*)-1; p = 0xbed;) then the do_page_fault handler will jump over the local_irq_enable with the goto bad_area_nosemaphore; But the first line there sees this is user code and goes through the process of sending a signal to send SIGSEGV to the user task. This whole time interrupts are disabled and the task can not be preempted by a higher priority task. This patch always enables interrupts in the user path of the bad_area_nosemaphore. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-07Merge master.kernel.org:/home/rmk/linux-2.6-armLinus Torvalds
* master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] pxa: fix pxa27x keyboard driver [ARM] Fix 4417/1: Serial: Fix AMBA drivers locking [ARM] 4421/1: AT91: Value of _KEY fields. [ARM] Solve buggy smp_processor_id() usage [ARM] 4422/1: Fix default value handling in gpio_direction_output (PXA) [ARM] 4419/1: AT91: SAM9 USB clocks check for suspending [ARM] 4418/1: AT91: Number of programmable clocks differs [ARM] 4392/2: Do not corrupt the SP register in compressed/head.S
2007-06-07Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Fix warning by moving do_default_vi into CONFIG_CPU_MIPSR2_SRS [MIPS] Fix some minor typoes in arch/mips/Kconfig. [MIPS] Remove prototype for deleted function qemu_handle_int [MIPS] Fix some system calls with long long arguments [MIPS] Make dma_map_sg handle sg elements which are longer than one page [MIPS] Drop __ARCH_WANT_SYS_FADVISE64 [MIPS] Fix VGA corruption on RM300C [MIPS] RM300: Fix MMIO problems by marking the PCI INT ACK region busy [MIPS] EMMA2RH: remove dead KGDB code [MIPS] Remove duplicate fpu enable hazard code. [MIPS] Atlas, Malta, SEAD: Remove scroll from interrupt handler.
2007-06-07frv: build fixPeter Zijlstra
In file included from /usr/src/linux-2.6-2/net/ipv4/ip_input.c:118: include2/asm/system.h:245: error: parse error before "__cmpxchg_32" include2/asm/system.h:245: error: parse error before '*' token include2/asm/system.h:245: warning: type defaults to `int' in declaration of `__cmpxchg_32' include2/asm/system.h:245: warning: function declaration isn't a prototype include2/asm/system.h:245: warning: data definition has no type or storage class Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-06-07[SPARC64]: Fix SBUS IRQ regression caused by PCI-E driver.David S. Miller
We used to access the 64-bit IRQ IMAP and ICLR registers of bus controllers 4-bytes in and as a 32-bit register word, since only the low 32-bits were relevant. This seemed like a good idea at the time. But the PCI-E controller requires full 8-byte 64-bit access to these registers, so we switched over to accessing them fully. SBUS was not adjusted properly, which broke interrupts completely. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[SPARC64]: Fix 2 bugs in PCI Sabre bus scanning.David S. Miller
If we are on hummingbird, bus runs at 66MHZ. pbm->pci_bus should be setup with the result of pci_scan_one_pbm() or else we deref NULL pointers in the error interrupt handlers. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07xfrm: Add security check before flushing SAD/SPDJoy Latten
Currently we check for permission before deleting entries from SAD and SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete()) However we are not checking for authorization when flushing the SPD and the SAD completely. It was perhaps missed in the original security hooks patch. This patch adds a security check when flushing entries from the SAD and SPD. It runs the entire database and checks each entry for a denial. If the process attempting the flush is unable to remove all of the entries a denial is logged the the flush function returns an error without removing anything. This is particularly useful when a process may need to create or delete its own xfrm entries used for things like labeled networking but that same process should not be able to delete other entries or flush the entire database. Signed-off-by: Joy Latten<latten@austin.ibm.com> Signed-off-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
2007-06-07[NET_SCHED]: Fix filter double freePatrick McHardy
cbq and atm destroy their filters twice when destroying inner classes during qdisc destruction. Reported-and-tested-by: Strobl Anton <a.strobl@aws-it.at> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NET]: Avoid duplicate netlink notification when changing link stateThomas Graf
When changing the link state from userspace not affecting any other flags. Two duplicate notification are being sent, once as action in the NETDEV_UP/NETDEV_DOWN notification chain and a second time when comparing old and new device flags after the change has been completed. Although harmless, the duplicates should be avoided. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[UDP]: Revert 2-pass hashing changes.David S. Miller
This reverts changesets: 6aaf47fa48d3c44280810b1b470261d340e4ed87 b7b5f487ab39bc10ed0694af35651a03d9cb97ff de34ed91c4ffa4727964a832c46e624dd1495cf5 fc038410b4b1643766f8033f4940bcdb1dace633 There are still some correctness issues recently discovered which do not have a known fix that doesn't involve doing a full hash table scan on port bind. So revert for now. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[AF_UNIX]: Fix stream recvmsg() race.Miklos Szeredi
A recv() on an AF_UNIX, SOCK_STREAM socket can race with a send()+close() on the peer, causing recv() to return zero, even though the sent data should be received. This happens if the send() and the close() is performed between skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg(): process A skb_dequeue() returns NULL, there's no data in the socket queue process B new data is inserted onto the queue by unix_stream_sendmsg() process B sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock() process A sk->sk_shutdown is checked, unix_release_sock() returns zero I'm surprised nobody noticed this, it's not hard to trigger. Maybe it's just (un)luck with the timing. It's possible to work around this bug in userspace, by retrying the recv() once in case of a zero return value. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NETFILTER]: nf_conntrack_amanda: fix textsearch_prepare() error checkAkinobu Mita
The return value from textsearch_prepare() needs to be checked by IS_ERR(). Because it returns error code as a pointer. Cc: "Brian J. Murrell" <netfilter@interlinx.bc.ca> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NETFILTER]: ip_tables: fix compat related crashDmitry Mishin
check_compat_entry_size_and_hooks iterates over the matches and calls compat_check_calc_match, which loads the match and calculates the compat offsets, but unlike the non-compat version, doesn't call ->checkentry yet. On error however it calls cleanup_matches, which in turn calls ->destroy, which can result in crashes if the destroy function (validly) expects to only get called after the checkentry function. Add a compat_release_match function that only drops the module reference on error and rename compat_check_calc_match to compat_find_calc_match to reflect the fact that it doesn't call the checkentry function. Reported by Jan Engelhardt <jengelh@linux01.gwdg.de> Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NETFILTER]: nf_conntrack: fix helper module unload racesPatrick McHarrdy
When a helper module is unloaded all conntracks refering to it have their helper pointer NULLed out, leading to lots of races. In most places this can be fixed by proper use of RCU (they do already check for != NULL, but in a racy way), additionally nf_conntrack_expect_related needs to bail out when no helper is present. Also remove two paranoid BUG_ONs in nf_conntrack_proto_gre that are racy and not worth fixing. Signed-off-by: Patrick McHarrdy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[RTNETLINK]: ifindex 0 does not existPatrick McHardy
ifindex == 0 does not exist and implies we should do a lookup by name if one was given. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NETLINK]: Mark netlink policies constPatrick McHardy
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[TCP] tcp_probe: Attach printf attribute properly to printl().David S. Miller
GCC doesn't like the way Stephen initially did it: net/ipv4/tcp_probe.c:83: warning: empty declaration Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer().Eric Dumazet
LIMIT_NETDEBUG allows the admin to disable some warning messages (echo 0 >/proc/sys/net/core/warnings). The "TCP: Treason uncloaked!" message can use this facility. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[NET]: Merge dst_discard_in and dst_discard_out.Denis Cheng
Signed-off-by: Denis Cheng <crquan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[RFKILL]: Make rfkill->name constIvo van Doorn
The rfkill name can be made const safely, this makes the compiler happy when drivers make it point to some const string used elsewhere. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[IPV4]: Restore old behaviour of default config valuesHerbert Xu
Previously inet devices were only constructed when addresses are added (or rarely in ipmr). Therefore the default config values they get are the ones at the time of these operations. Now that we're creating inet devices earlier, this changes the behaviour of default config values in an incompatible way (see bug #8519). This patch creates a compromise by setting the default values at the same point as before but only for those that have not been explicitly set by the user since the inet device's creation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[IPV4]: Add default config support after inetdev_initHerbert Xu
Previously once inetdev_init has been called on a device any changes made to ipv4_devconf_dflt would have no effect on that device's configuration. This creates a problem since we have moved the point where inetdev_init is called from when an address is added to where the device is registered. This patch is the first half of a set that tries to mimic the old behaviour while still calling inetdev_init. It propagates any changes to ipv4_devconf_dflt to those devices that have not had the corresponding attribute set. The next patch will forcibly set all values at the point where inetdev_init was previously called. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[IPV4]: Convert IPv4 devconf to an arrayHerbert Xu
This patch converts the ipv4_devconf config members (everything except sysctl) to an array. This allows easier manipulation which will be needed later on to provide better management of default config values. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-07[IPV4]: Only panic if inetdev_init fails for loopbackHerbert Xu
When I made the inetdev_init call work on all devices I incorrectly left in the panic call as well. It is obviously undesirable to panic on an allocation failure for a normal network device. This patch moves the panic call under the loopback if clause. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>