summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-06-11dccp: Fix sparse warningsGerrit Renker6-40/+16
This patch fixes the following sparse warnings: * nested min(max()) expression: net/dccp/ccids/ccid3.c:91:21: warning: symbol '__x' shadows an earlier one net/dccp/ccids/ccid3.c:91:21: warning: symbol '__y' shadows an earlier one * Declaration of function prototypes in .c instead of .h file, resulting in "should it be static?" warnings. * Declared "struct dccpw" static (local to dccp_probe). * Disabled dccp_delayed_ack() - not fully removed due to RFC 4340, 11.3 ("Receivers SHOULD implement delayed acknowledgement timers ..."). * Used a different local variable name to avoid net/dccp/ackvec.c:293:13: warning: symbol 'state' shadows an earlier one net/dccp/ackvec.c:238:33: originally declared here * Removed unused functions `dccp_ackvector_print' and `dccp_ackvec_print'. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
2008-06-11dccp ccid-3: Bug-Fix - Zero RTT is possibleGerrit Renker1-2/+8
In commit $(825de27d9e40b3117b29a79d412b7a4b78c5d815) (from 27th May, commit message `dccp ccid-3: Fix "t_ipi explosion" bug'), the CCID-3 window counter computation was fixed to cope with RTTs < 4 microseconds. Such RTTs can be found e.g. when running CCID-3 over loopback. The fix removed a check against RTT < 4, but introduced a divide-by-zero bug. All steady-state RTTs in DCCP are filtered using dccp_sample_rtt(), which ensures non-zero samples. However, a zero RTT is possible on initialisation, when there is no RTT sample from the Request/Response exchange. The fix is to use the fallback-RTT from RFC 4340, 3.4. This is also better than just fixing update_win_count() since it allows other parts of the code to always assume that the RTT is non-zero during the time that the CCID is used. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
2008-06-11Merge branch 'davem-fixes' of ↵David S. Miller16-189/+151
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
2008-06-11net: Fix routing tables with id > 255 for legacy softwareKrzysztof Piotr Oledzki2-1/+5
Most legacy software do not like tables > 255 as rtm_table is u8 so tb_id is sent &0xff and it is possible to mismatch for example table 510 with table 254 (main). This patch introduces RT_TABLE_COMPAT=252 so the code uses it if tb_id > 255. It makes such old applications happy, new ones are still able to use RTA_TABLE to get a proper table id. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-11sky2: Hold RTNL while calling dev_close()Ben Hutchings1-0/+2
dev_close() must be called holding the RTNL. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11s2io iomem annotationsAl Viro1-4/+6
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11atl1: fix suspend regressionJay Cliburn1-17/+0
Using vendor magic to force the PHY into power save mode breaks suspend. It isn't needed anyway, so remove it. Tested-by: Avuton Olrich <avuton@gmail.com> Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11qeth: start dev queue after tx drop errorFrank Blaschka2-0/+2
In case the xmit function drop out with an error, we have to wake the netdevice queue to start another xmit. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11qeth: Prepare-function to call s390dbf was wrongPeter Tiedemann1-3/+5
Prepare-function to call s390dbf was wrong handling variable arguments. This worked as macro but not as function any more. Now using va_list processing. Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11qeth: reduce number of kernel messagesFrank Blaschka6-131/+42
Remove unnecessary messages. Write important debug information to s390dbf. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11qeth: Use ccw_device_get_id().Cornelia Huck2-15/+7
Get the devno from the ccw device via ccw_device_get_id() instead of parsing the bus_id. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11qeth: layer 3 Oops in ip event handlerFrank Blaschka1-1/+1
The ip event handler may present us non qeth network interfaces. Add qeth card pointer check. Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11virtio: use callback on empty in virtio_netRusty Russell1-5/+17
virtio_net uses a timer to free old transmitted packets, rather than leaving callbacks enabled all the time. If the host promises to always notify us when the transmit ring is empty, we can free packets at that point and avoid the timer. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11virtio: virtio_net free transmit skbs in a timerMark McLoughlin1-2/+26
virtio_net currently only frees old transmit skbs just before queueing new ones. If the queue is full, it then enables interrupts and waits for notification that more work has been performed. However, a side-effect of this scheme is that there are always xmit skbs left dangling when no new packets are sent, against the Documentation/networking/driver.txt guideline: "... it is not allowed for your TX mitigation scheme to let TX packets "hang out" in the TX ring unreclaimed forever if no new TX packets are sent." Add a timer to ensure that any time we queue new TX skbs, we will shortly free them again. This fixes an easily reproduced hang at shutdown where iptables attempts to unload nf_conntrack and nf_conntrack waits for an skb it is tracking to be freed, but virtio_net never frees it. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11virtio: Fix typo in virtio_net_hdr commentsMark McLoughlin1-1/+1
Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11virtio_net: Fix skb->csum_start computationMark McLoughlin1-3/+5
hdr->csum_start is the offset from the start of the ethernet header to the transport layer checksum field. skb->csum_start is the offset from skb->head. skb_partial_csum_set() assumes that skb->data points to the ethernet header - i.e. it computes skb->csum_start by adding the headroom to hdr->csum_start. Since eth_type_trans() skb_pull()s the ethernet header, skb_partial_csum_set() should be called before eth_type_trans(). (Without this patch, GSO packets from a guest to the world outside the host are corrupted). Signed-off-by: Mark McLoughlin <markmc@redhat.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11ehea: set mac address fixJan-Bernd Themann1-6/+10
eHEA has to call firmware functions in order to change the mac address of a logical port. This patch checks if the logical port is up when calling the register / deregister mac address calls. If the port is down these firmware calls would fail and are therefore not executed. Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11sfc: Recover from RX queue flush failureSteve Hodgson1-1/+3
RX queue flush can fail if traffic continues to arrive. Recover by performing an invisible reset. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11add missing lance_* exportsAdrian Bunk1-1/+5
This patch fixes the following build error: <-- snip --> ... Building modules, stage 2. MODPOST 1203 modules ERROR: "lance_open" [drivers/net/mvme147.ko] undefined! ERROR: "lance_close" [drivers/net/mvme147.ko] undefined! ERROR: "lance_tx_timeout" [drivers/net/mvme147.ko] undefined! ERROR: "lance_set_multicast" [drivers/net/mvme147.ko] undefined! ERROR: "lance_start_xmit" [drivers/net/mvme147.ko] undefined! ... make[2]: *** [__modpost] Error 1 <-- snip --> Reported-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11ixgbe: fix typoJeff Kirsher1-2/+2
Define names were accidently transposed. Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11forcedeth: msi interruptsAyaz Abdulla1-0/+20
Add a workaround for lost MSI interrupts. There is a race condition in the HW in which future interrupts could be missed. The workaround is to toggle the MSI irq mask. Added cleanup based on comments from Andrew Morton. Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: Jeff Garzik <jeff@garzik.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-11ipsec: pfkey should ignore events when no listenersJamal Hadi Salim1-0/+3
When pfkey has no km listeners, it still does a lot of work before finding out there aint nobody out there. If a tree falls in a forest and no one is around to hear it, does it make a sound? In this case it makes a lot of noise: With this short-circuit adding 10s of thousands of SAs using netlink improves performance by ~10%. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-11pppoe: Unshare skb before anything elseHerbert Xu1-3/+3
We need to unshare the skb first as otherwise pskb_may_pull may write to a shared skb which could be bad. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-11net pppoe: Check packet length on all receive pathsHerbert Xu1-14/+17
The length field in the PPPOE header wasn't checked completely. This patch causes all packets shorter than the declared length to be dropped. It also changes the memcpy_toiovec call to skb_copy_datagram_iovec so that paged packets (rare for PPPOE) are handled properly. Thanks to Ilja of the Netric Security Team for discovering and reporting this bug, and Chris Wright for the total_len check. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10isdn: use simple_read_from_buffer()Akinobu Mita1-21/+8
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10isdn divas: fix proc creationAlexey Dobriyan2-3/+2
1. creating proc entry and not saving pointer to PDE and checking it is not going to work. 2. if proc entry wasn't created, no reason to remove it on error path. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10drivers/atm/eni.h: remove unused macro KERNEL_OFFSETPradeep Singh Rautela1-1/+0
KERNEL_OFFSET macro in eni.h is not required as it is not used anywhere. Remove the unused macro from eni.h header file. Signed-off-by: Pradeep Singh <rautelap@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10inet{6}_request_sock: Init ->opt and ->pktopts in the constructorArnaldo Carvalho de Melo8-9/+16
Wei Yongjun noticed that we may call reqsk_free on request sock objects where the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc where we initialize ->opt to NULL and set ->pktopts to NULL in inet6_reqsk_alloc. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10ipv4: Remove unused declaration from include/net/tcp.h.Rami Rosen1-1/+0
- The tcp_unhash() method in /include/net/tcp.h is no more needed, as the unhash method in tcp_prot structure is now inet_unhash (instead of tcp_unhash in the past); see tcp_prot structure in net/ipv4/tcp_ipv4.c. - So, this patch removes tcp_unhash() declaration from include/net/tcp.h Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10l2tp: Fix potential memory corruption in pppol2tp_recvmsg()James Chapman1-8/+12
This patch fixes a potential memory corruption in pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer length, memcpy_toiovec() will go into unintialized data on the kernel heap, interpret it as an iovec and start modifying memory. The fix is to change the memcpy_toiovec() call to skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP) are handled properly. Also check that the caller's buffer is big enough for the data and set the MSG_TRUNC flag if it is not so. Reported-by: Ilja <ilja@netric.org> Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10ipv6 netns: init net is used to set bindv6only for new sockPavel Emelyanov1-1/+1
The bindv6only is tuned via sysctl. It is already on a struct net and per-net sysctls allow for its modification (ipv6_sysctl_net_init). Despite this the value configured in the init net is used for the rest of them. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10irda: net/irda build fix: mcs7780Ingo Molnar1-0/+1
-tip testing found the following build error: drivers/built-in.o: In function `mcs_receive_irq': mcs7780.c:(.text+0x4e429): undefined reference to `crc32_le' drivers/built-in.o: In function `mcs_hard_xmit': mcs7780.c:(.text+0x4e9af): undefined reference to `crc32_le' with: http://redhat.com/~mingo/misc/config-Sun_Jun__8_22_56_14_CEST_2008.bad the reason is a missing enablement of the CRC32 library in the Kconfig. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10tg3: Update version to 3.92.1Matt Carlson1-2/+2
This patch increments the version to 3.92.1. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10tg3: Fix 5761 WOLMatt Carlson1-0/+24
On 5761 non-e devices, two problems prevent the administrator from overriding the WOL settings in the device's NVRAM. The first problem is that GPIO 0 and GPIO 2 have been swapped. This change prevented the administrator from turning on WOL when it is disabled in NVRAM. The fix is to add a new path for the 5761 that swaps the two GPIOs in the code as well. The second problem is that GPIO 1 could not be toggled by the driver because the GPIO is shared with the debug UART GPIO. This will prevent the administrator from being able to turn WOL off if it was enabled in NVRAM. The fix is to always disable the debug UART after a GRC reset. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10tg3: Fix a flags typoMatt Carlson1-1/+1
This patch fixes a problem where the TG3_FLAG_10_100_ONLY flag was testing against the wrong flags variable. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10tg3: Fix 5714S / 5715S / 5780S link failuresMatt Carlson1-2/+1
The git commit ef167e27039eeaea6d3cdd5c547b082e89840bdd entitled "Fix supporting flowctrl code" introduced a bug that prevents 5714S, 5715S and 5780S devices from falling back to a forced link mode. The problem is that the added flow control check will always fail if flow control is set to autoneg and either RX or TX (or both) flow control is enabled. The driver defaults to setting flow control to autoneg and advertises both RX and TX flow control. The fix is to remove the errant check. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09iwlwifi: fix oops in iwl3945_led_brightness_setMarcin Slusarz1-2/+3
fix race between: ieee80211_open->ieee80211_led_radio->led_trigger_event->led_set_brightness->iwl3945_led_brightness_set (which assumes that "led->priv" is not NULL) and iwl3945_pci_probe->iwl3945_setup_deferred_work->(...)->iwl3945_bg_alive_start->iwl3945_alive_start->iwl3945_led_register->iwl3945_led_register_led which sets priv field in struct iwl3945_led after led->led_dev.brightness_set = iwl3945_led_brightness_set; (...) led_classdev_register(device, &led->led_dev); http://kerneloops.org/guilty.php?guilty=iwl3945_led_brightness_set&version=2.6.25-release&start=1671168&end=1703935&class=oops Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Cc: Zhu Yi <yi.zhu@intel.com> Cc: Reinette Chatre <reinette.chatre@intel.com> Cc: Tomas Winkler <tomas.winkler@intel.com> Cc: linux-wireless@vger.kernel.org Cc: ipw3945-devel@lists.sourceforge.net Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09include/linux/ssb/ssb_driver_gige.h typo fixAdrian Bunk1-1/+1
This patch fixes a typo in the name of a config variable. Reported-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Adrian Bunk <bunk@kernel.org> Reviewed-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09mac80211: Checking IBSS support while changing channel in ad-hoc modeAssaf Krauss3-12/+16
This patch adds a check to the set_channel flow. When attempting to change the channel while in IBSS mode, and the new channel does not support IBSS mode, the flow return with an error value with no consequences on the mac80211 and driver state. Signed-off-by: Assaf Krauss <assaf.krauss@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09mac80211: decrease IBSS creation latencyDan Williams1-1/+1
Sufficient scans (at least 2 or 3) should have been done within 7 seconds to find an existing IBSS to join. This should improve IBSS creation latency; and since IBSS merging is still in effect, shouldn't have detrimental effects on eventual IBSS convergence. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09zd1211rw: Fix data padding for QoSMichael Buesch1-1/+1
This patch fixes a data alignment issue in the zd1211rw driver. The IEEE80211_STYPE_QOS_DATA bit should be used as a bitwise test to test for the presence of the 2 byte QoS control field. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09mac80211: Fixing slow IBSS rejoinAssaf Krauss1-0/+1
This patch fixes the issue of slow reconnection to an IBSS cell after disconnection from it. Now the interface's bssid is reset upon ifdown. ieee80211_sta_find_ibss: if (found && memcmp(ifsta->bssid, bssid, ETH_ALEN) != 0 && (bss = ieee80211_rx_bss_get(dev, bssid, local->hw.conf.channel->center_freq, ifsta->ssid, ifsta->ssid_len))) Note: In general disconnection is still not handled properly in mac80211 Signed-off-by: Assaf Krauss <assaf.krauss@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09libertas: fix sleep confirmationHolger Schurig2-2/+5
This fixes an issus that made "iwconfig eth1 power on" non-working. When we get a "PS sleep" event, we have to confirm this to the firmware. The confirm happens with a command, but this command is special: the firmware won't send us a response. if_cs_host_to_card() is setting priv->dnld_sent anyway, so this variable stayed at DNLD_DATA_SENT and was never cleared back. Now I put the special knowledge that the CMD_802_11_PS_MODE with CMD_SUBCMD_SLEEP_CONFIRMED doesn't need to need a response by directly clearing the dnld_sent state in lbs_send_confirmsleep(). Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de> Acked-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09mac80211: send association event on IBSS createDan Williams1-0/+5
Otherwise userspace has no idea the IBSS creation succeeded. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-09ipw2200: queue direct scansDan Williams2-95/+87
When another scan is in progress, a direct scan gets dropped on the floor. However, that direct scan is usually the scan that's really needed by userspace, and gets stomped on by all the broadcast scans the ipw2200 driver issues internally. Make sure the direct scan happens eventually, and as a bonus ensure that the passive scan worker is cleaned up when appropriate. The change of request_passive_scan form a struct work to struct delayed_work is only to make the set_wx_scan() code a bit simpler, it's still only used with a delay of 0 to match previous behavior. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2008-06-05l2tp: Fix possible oops if transmitting or receiving when tunnel goes downJames Chapman1-23/+78
Some problems have been experienced in the field which cause an oops in the pppol2tp driver if L2TP tunnels fail while passing data. The pppol2tp driver uses private data that is referenced via the sk->sk_user_data of its UDP and PPPoL2TP sockets. This patch makes sure that the driver uses sock_hold() when it holds a reference to the sk pointer. This affects its sendmsg(), recvmsg(), getname(), [gs]etsockopt() and ioctl() handlers. Tested by ISP where problem was seen. System has been up 10 days with no oops since running this patch. Without the patch, an oops would occur every 1-2 days. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tcp: Fix for race due to temporary drop of the socket lock in skb_splice_bits.Octavian Purdila2-3/+11
skb_splice_bits temporary drops the socket lock while iterating over the socket queue in order to break a reverse locking condition which happens with sendfile. This, however, opens a window of opportunity for tcp_collapse() to aggregate skbs and thus potentially free the current skb used in skb_splice_bits and tcp_read_sock. This patch fixes the problem by (re-)getting the same "logical skb" after the lock has been temporary dropped. Based on idea and initial patch from Evgeniy Polyakov. Signed-off-by: Octavian Purdila <opurdila@ixiacom.com> Acked-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05tcp: Increment OUTRSTS in tcp_send_active_reset()Sridhar Samudrala1-0/+2
TCP "resets sent" counter is not incremented when a TCP Reset is sent via tcp_send_active_reset(). Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05raw: Raw socket leak.Denis V. Lunev2-0/+18
The program below just leaks the raw kernel socket int main() { int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP); struct sockaddr_in addr; memset(&addr, 0, sizeof(addr)); inet_aton("127.0.0.1", &addr.sin_addr); addr.sin_family = AF_INET; addr.sin_port = htons(2048); sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr)); return 0; } Corked packet is allocated via sock_wmalloc which holds the owner socket, so one should uncork it and flush all pending data on close. Do this in the same way as in UDP. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-05lt2p: Fix possible WARN_ON from socket code when UDP socket is closedJames Chapman1-0/+10
If an L2TP daemon closes a tunnel socket while packets are queued in the tunnel's reorder queue, a kernel warning is logged because the socket is closed while skbs are still referencing it. The fix is to purge the queue in the socket's release handler. WARNING: at include/net/sock.h:351 udp_lib_unhash+0x41/0x68() Pid: 12998, comm: openl2tpd Not tainted 2.6.25 #8 [<c0423c58>] warn_on_slowpath+0x41/0x51 [<c05d33a7>] udp_lib_unhash+0x41/0x68 [<c059424d>] sk_common_release+0x23/0x90 [<c05d16be>] udp_lib_close+0x8/0xa [<c05d8684>] inet_release+0x42/0x48 [<c0592599>] sock_release+0x14/0x60 [<c059299f>] sock_close+0x29/0x30 [<c046ef52>] __fput+0xad/0x15b [<c046f1d9>] fput+0x17/0x19 [<c046c8c4>] filp_close+0x50/0x5a [<c046da06>] sys_close+0x69/0x9f [<c04048ce>] syscall_call+0x7/0xb Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>