aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-01-07[NETFILTER]: Keep conntrack reference until IPsec policy checks are donePatrick McHardy
Keep the conntrack reference until policy checks have been performed for IPsec NAT support. The reference needs to be dropped before a packet is queued to avoid having the conntrack module unloadable. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[NETFILTER]: Redo policy lookups after NAT when neccessaryPatrick McHardy
When NAT changes the key used for the xfrm lookup it needs to be done again. If a new policy is returned in POST_ROUTING the packet needs to be passed to xfrm4_output_one manually after all hooks were called because POST_ROUTING is called with fixed okfn (ip_finish_output). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[NETFILTER]: Use conntrack information to determine if packet was NATedPatrick McHardy
Preparation for IPsec support for NAT: Use conntrack information instead of saving the saving and comparing the addresses to determine if a packet was NATed and needs to be rerouted to make it easier to extend the key. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harderPatrick McHardy
ip_route_me_harder doesn't use the port numbers of the xfrm lookup and uses ip_route_input for non-local addresses which doesn't do a xfrm lookup, ip6_route_me_harder doesn't do a xfrm lookup at all. Use xfrm_decode_session and do the lookup manually, make sure both only do the lookup if the packet hasn't been transformed already. Makeing sure the lookup only happens once needs a new field in the IP6CB, which exceeds the size of skb->cb. The size of skb->cb is increased to 48b. Apparently the IPv6 mobile extensions need some more room anyway. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV4]: reset IPCB flags when neccessaryPatrick McHardy
Reset IPSKB_XFRM_TUNNEL_SIZE flags in ipip and ip_gre hard_start_xmit function before the packet reenters IP. This is neccessary so the encapsulated packets are checked not to be oversized in xfrm4_output.c again. Reset all flags in sit when a packet changes its address family. Also remove some obsolete IPSKB flags. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV4/6]: Netfilter IPsec input hooksPatrick McHardy
When the innermost transform uses transport mode the decapsulated packet is not visible to netfilter. Pass the packet through the PRE_ROUTING and LOCAL_IN hooks again before handing it to upper layer protocols to make netfilter-visibility symetrical to the output path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[IPV6]: Move nextheader offset to the IP6CBPatrick McHardy
Move nextheader offset to the IP6CB to make it possible to pass a packet to ip6_input_finish multiple times and have it skip already parsed headers. As a nice side effect this gets rid of the manual hopopts skipping in ip6_input_finish. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[XFRM]: Netfilter IPsec output hooksPatrick McHardy
Call netfilter hooks before IPsec transforms. Packets visit the FORWARD/LOCAL_OUT and POST_ROUTING hook before the first encapsulation and the LOCAL_OUT and POST_ROUTING hook before each following tunnel mode transform. Patch from Herbert Xu <herbert@gondor.apana.org.au>: Move the loop from dst_output into xfrm4_output/xfrm6_output since they're the only ones who need to it. xfrm{4,6}_output_one() processes the first SA all subsequent transport mode SAs and is called in a loop that calls the netfilter hooks between each two calls. In order to avoid the tail call issue, I've added the inline function nf_hook which is nf_hook_slow plus the empty list check. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[XFRM]: Fix sparse warning.Luiz Capitulino
security/selinux/xfrm.c:155:10: warning: Using plain integer as NULL pointer Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07[DCCP]: ipv6.c needs net/ip6_checksum.cDavid S. Miller
Reported by Dave Jones. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds
2006-01-07Merge master.kernel.org:/home/rmk/linux-2.6-armLinus Torvalds
2006-01-07Merge master.kernel.org:/home/rmk/linux-2.6-serialLinus Torvalds
2006-01-07Merge master.kernel.org:/home/rmk/linux-2.6-mmcLinus Torvalds
2006-01-07[PATCH] fbcon: donīt call set_par() in fbcon_init() if vc_mode == KD_GRAPHICSKnut Petersen
Nothing prevents a user to modprobe a framebuffer driver from e.g. the xterm prompt. As a result, the set_par() function of the driver will be called from fbcon_init(). This is fatal as a lot of X / framebuffer combinations are unable to recover from set_par() reprogramming the graphics controller in KD_GRAPHICS mode. It is also unnecessary as the set_par() function will be called during a switch to KD_TEXT anyway. Because of this no side effects are possible. Signed-off-by: Knut Petersen <Knut_Petersen@t-online.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-07[ARM] byteorder.h needs linux/compiler.hRussell King
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07Input: ibmasm - convert to dynamic input_dev allocationVernon Mauery
Update the ibmasm driver to use the dynamic allocation of input_dev structs to work with the sysfs subsystem. Vojtech: Fixed some problems/bugs in the patch. Dmitry: Fixed some more. Signed-off-by: Vernon Mauery <vernux@us.ibm.com> Signed-off-by: Vojtech Pavlik <vojtech@suse.cz> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
2006-01-07[ARM] Move asm/hardware/clock.h to linux/clk.hRussell King
This is needs to be visible to other architectures using the AMBA bus and peripherals. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07[ARM] Move AMBA bus code to drivers/amba/Russell King
Make the AMBA bus code visible to other architectures. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07Merge with Linus' kernel.Russell King
2006-01-07[ARM] Move AMBA include files to include/linux/amba/Russell King
Since the ARM AMBA bus is used on MIPS as well as ARM, we need to make the bus available for other architectures to use. Move the AMBA include files from include/asm-arm/hardware/ to include/linux/amba/ Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07[ARM] 3239/1: Add ARM optimised swab32Andre McCurdy
Patch from Andre McCurdy Replaces generic swab32 routine with a more ARM friendly version. Reduces kernel text size by approx 1200 bytes when compiled with 3.4.4 and approx 2400 bytes with 4.0.2 Probably some performance benefit as well. Signed-off-by: Andre McCurdy <armccurdy@yahoo.co.uk> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07[ARM] 3235/1: SharpSL PM: Fix a gcc4 build errorRichard Purdie
Patch from Richard Purdie Fix a gcc4 build error (incomplete element type) in the pxa SharpSL PM code. Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07[ARM] 3232/1: i.MX Frame Buffer undeclared "dev" variable fixPavel Pisa
Patch from Pavel Pisa Correction of the code broken by update whole-tree platform devices update. Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-01-07[ACPI] remove Kconfig "default y" for laptop driversBorislav Petkov
Signed-off-by: Borislav Petkov <petkov@uni-muenster.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Len Brown <len.brown@intel.com>
2006-01-07[ACPI] fix kernel-doc warnings in acpi/scan.cRandy Dunlap
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Len Brown <len.brown@intel.com>
2006-01-07Auto-update from upstreamLen Brown
2006-01-06[PATCH] Fix posix-cpu-timers sched_time accumulationDavid S. Miller
I've spent the past 3 days digging into a glibc testsuite failure in current CVS, specifically libc/rt/tst-cputimer1.c The thr1 and thr2 timers fire too early in the second pass of this test. The second pass is noteworthy because it makes use of intervals, whereas the first pass does not. All throughout the posix-cpu-timers.c code, the calculation of the process sched_time sum is implemented roughly as: unsigned long long sum; sum = tsk->signal->sched_time; t = tsk; do { sum += t->sched_time; t = next_thread(t); } while (t != tsk); In fact this is the exact scheme used by check_process_timers(). In the case of check_process_timers(), current->sched_time has just been updated (via scheduler_tick(), which is invoked by update_process_times(), which subsequently invokes run_posix_cpu_timers()) So there is no special processing necessary wrt. that. In other contexts, we have to allot for the fact that tsk->sched_time might be a bit out of date if we are current. And the posix-cpu-timers.c code uses current_sched_time() to deal with that. Unfortunately it does so in an erroneous and inconsistent manner in one spot which is what results in the early timer firing. In cpu_clock_sample_group_locked(), it does this: cpu->sched = p->signal->sched_time; /* Add in each other live thread. */ while ((t = next_thread(t)) != p) { cpu->sched += t->sched_time; } if (p->tgid == current->tgid) { /* * We're sampling ourselves, so include the * cycles not yet banked. We still omit * other threads running on other CPUs, * so the total can always be behind as * much as max(nthreads-1,ncpus) * (NSEC_PER_SEC/HZ). */ cpu->sched += current_sched_time(current); } else { cpu->sched += p->sched_time; } The problem is the "p->tgid == current->tgid" test. If "p" is not current, and the tgids are the same, we will add the process t->sched_time twice into cpu->sched and omit "p"'s sched_time which is very very very wrong. posix-cpu-timers.c has a helper function, sched_ns(p) which takes care of this, so my fix is to use that here instead of this special tgid test. The fact that current can be one of the sub-threads of "p" points out that we could make things a little bit more accurate, perhaps by using sched_ns() on every thread we process in these loops. It also points out that we don't use the most accurate value for threads in the group actively running other cpus (and this is mentioned in the comment). But that is a future enhancement, and this fix here definitely makes sense. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6Linus Torvalds
2006-01-06Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds
2006-01-06Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuildLinus Torvalds
2006-01-06Merge git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds
2006-01-06[PATCH] fs/ufs: debug mode compilation failureEvgeniy
This patch should fix compilation failure of fs/ufs/dir.c with defined UFS_DIR_DEBUG Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06[PATCH] shrink mmtimer memory sizeDimitri Sivanich
This greatly reduces the amount of memory used by mmtimer on smaller machines with large values of MAX_COMPACT_NODES. Signed-off-by: Dimitri Sivanich <sivanich@sgi.com> Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06[PATCH] MAINTAINERS: remove the outdated DAC960 entryAdrian Bunk
Randy Dunlap: "Dave is no longer at OSDL and is no longer maintaining that driver." Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-06Auto-update from upstreamLen Brown
2006-01-06[NET]: Endian-annotate in_aton()Alexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Endian-annotate struct iphdrAlexey Dobriyan
And fix trivial warnings that emerged. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[LSM-IPSec]: Corrections to LSM-IPSec NethooksTrent Jaeger
This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[PKTGEN]: Adds missing __init.Luiz Capitulino
pktgen_find_thread() and pktgen_create_thread() are only called at initialization time. Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[ACPI] linux-acpi@vger.kernel.org replaces acpi-devel@lists.sourceforge.netLen Brown
Signed-off-by: Len Brown <len.brown@intel.com>
2006-01-06[NETFILTER]: ipt_helper.c needs linux/interrupt.hJoe
From: Joe <joecool1029@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[BRIDGE] netfilter: vlan + hw checksum = bug?Stephen Hemminger
It looks like the bridge netfilter code does not correctly update the hardware checksum after popping off the VLAN header. This is by inspection, I have *not* tested this. To test you would need to set up a filtering bridge with vlans and a device the does hardware receive checksum (skge, or sungem) Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[X25]: Fix for broken x25 module.Shaun Pereira
When a user-space server application calls bind on a socket, then in kernel space this bound socket is considered 'x25-linked' and the SOCK_ZAPPED flag is unset.(As in x25_bind()/af_x25.c). Now when a user-space client application attempts to connect to the server on the listening socket, if the kernel accepts this in-coming call, then it returns a new socket to userland and attempts to reply to the caller. The reply/x25_sendmsg() will fail, because the new socket created on call-accept has its SOCK_ZAPPED flag set by x25_make_new(). (sock_init_data() called by x25_alloc_socket() called by x25_make_new() sets the flag to SOCK_ZAPPED)). Fix: Using the sock_copy_flag() routine available in sock.h fixes this. Tested on 32 and 64 bit kernels with x25 over tcp. Signed-off-by: Shaun Pereira <pereira.shaun@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Change sk_run_filter()'s return type in net/core/filter.cKris Katterjohn
It should return an unsigned value, and fix sk_filter() as well. Signed-off-by: Kris Katterjohn <kjak@ispwest.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06[NET]: Use newer is_multicast_ether_addr() in some filesKris Katterjohn
This uses is_multicast_ether_addr() because it has recently been changed to do the same thing these seperate tests are doing. Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06Merge ../torvalds-2.6/Greg Kroah-Hartman
2006-01-06kconfig: fix gconfig with POSIXLY_CORRECT=1Adrian Bunk
This patch fixed "make gconfig" with POSIXLY_CORRECT=1 set. This issue was reported by Jens Elkner <elkner@linofee.org> in kernel Bugzilla #2919. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
2006-01-06kbuild: un-stringnify KBUILD_MODNAMESam Ravnborg
Now when kbuild passes KBUILD_MODNAME with "" do not __stringify it when used. Remove __stringnify for all users. This also fixes the output of: $ ls -l /sys/module/ drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia drwxr-xr-x 4 root root 0 2006-01-05 14:24 pcmcia_core drwxr-xr-x 3 root root 0 2006-01-05 14:24 "processor" drwxr-xr-x 3 root root 0 2006-01-05 14:24 "psmouse" The quoting of the module names will be gone again. Thanks to GregKH + Kay Sievers for reproting this. Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
2006-01-06SUNRPC: Make krb5 report unsupported encryption typesJ. Bruce Fields
Print messages when an unsupported encrytion algorthm is requested or there is an error locating a supported algorthm. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>