- 07 Jun, 2007 39 commits
-
-
Miklos Szeredi authored
A recv() on an AF_UNIX, SOCK_STREAM socket can race with a send()+close() on the peer, causing recv() to return zero, even though the sent data should be received. This happens if the send() and the close() is performed between skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg(): process A skb_dequeue() returns NULL, there's no data in the socket queue process B new data is inserted onto the queue by unix_stream_sendmsg() process B sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock() process A sk->sk_shutdown is checked, unix_release_sock() returns zero I'm surprised nobody noticed this, it's not hard to trigger. Maybe it's just (un)luck with the timing. It's possible to work around this bug in userspace, by retrying the recv() once in case of a zero return value. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Akinobu Mita authored
The return value from textsearch_prepare() needs to be checked by IS_ERR(). Because it returns error code as a pointer. Cc: "Brian J. Murrell" <netfilter@interlinx.bc.ca> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Mishin authored
check_compat_entry_size_and_hooks iterates over the matches and calls compat_check_calc_match, which loads the match and calculates the compat offsets, but unlike the non-compat version, doesn't call ->checkentry yet. On error however it calls cleanup_matches, which in turn calls ->destroy, which can result in crashes if the destroy function (validly) expects to only get called after the checkentry function. Add a compat_release_match function that only drops the module reference on error and rename compat_check_calc_match to compat_find_calc_match to reflect the fact that it doesn't call the checkentry function. Reported by Jan Engelhardt <jengelh@linux01.gwdg.de> Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHarrdy authored
When a helper module is unloaded all conntracks refering to it have their helper pointer NULLed out, leading to lots of races. In most places this can be fixed by proper use of RCU (they do already check for != NULL, but in a racy way), additionally nf_conntrack_expect_related needs to bail out when no helper is present. Also remove two paranoid BUG_ONs in nf_conntrack_proto_gre that are racy and not worth fixing. Signed-off-by: Patrick McHarrdy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
ifindex == 0 does not exist and implies we should do a lookup by name if one was given. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
GCC doesn't like the way Stephen initially did it: net/ipv4/tcp_probe.c:83: warning: empty declaration Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
LIMIT_NETDEBUG allows the admin to disable some warning messages (echo 0 >/proc/sys/net/core/warnings). The "TCP: Treason uncloaked!" message can use this facility. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Denis Cheng authored
Signed-off-by: Denis Cheng <crquan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ivo van Doorn authored
The rfkill name can be made const safely, this makes the compiler happy when drivers make it point to some const string used elsewhere. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Previously inet devices were only constructed when addresses are added (or rarely in ipmr). Therefore the default config values they get are the ones at the time of these operations. Now that we're creating inet devices earlier, this changes the behaviour of default config values in an incompatible way (see bug #8519). This patch creates a compromise by setting the default values at the same point as before but only for those that have not been explicitly set by the user since the inet device's creation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Previously once inetdev_init has been called on a device any changes made to ipv4_devconf_dflt would have no effect on that device's configuration. This creates a problem since we have moved the point where inetdev_init is called from when an address is added to where the device is registered. This patch is the first half of a set that tries to mimic the old behaviour while still calling inetdev_init. It propagates any changes to ipv4_devconf_dflt to those devices that have not had the corresponding attribute set. The next patch will forcibly set all values at the point where inetdev_init was previously called. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
This patch converts the ipv4_devconf config members (everything except sysctl) to an array. This allows easier manipulation which will be needed later on to provide better management of default config values. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
When I made the inetdev_init call work on all devices I incorrectly left in the panic call as well. It is obviously undesirable to panic on an allocation failure for a normal network device. This patch moves the panic call under the loopback if clause. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
A time_wait socket inherits sk_bound_dev_if from the original socket, but it is not used when sending ACK packets using ip_send_reply. Fix by passing the oif to ip_send_reply in struct ip_reply_arg and use it for output routing. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Update to version 1.5.11. Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
The statistics block DMA on 5708 can be messed up occasionally on the average of about once per hour. If the user is reading the counters within one second after the corruption, the counters will be all messed up. One second later, the counters will be ok again until the next corruption occurs. The workaround is to disable the periodic statistics DMA. Instead, we manually trigger the DMA once a second in bnx2_timer(). This manual trigger of the DMA avoids the problem. As a consequence, we can only allow 0 or 1 second settings for ethtool -C statistics block. Thanks to Jean-Daniel Pauget <jd@disjunkt.com> and CaT <cat@zip.com.au> for reporting this rare problem. Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Add missing code to enable DMA on 5709 A1. The bit is a no-op on A0 and therefore can be set on all 5709 chips. Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
For correctness, we need to wait for the MEM_INIT bit to be cleared in the BNX2_CTX_COMMAND register before proceeding. [Added return -EBUSY when the MEM_INIT bit doesn't clear, suggested by Jeff Garzik.] Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
There's a bug in the driver that only initializes half of the context memory on the 5708. Surprisingly, this works most of the time except for some occasional netdev watchdogs when sending a lot of 64-byte packets. The fix is to add the missing code to initialize the 2nd halves of all context memory. Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [VIDEO] sunxvr500fb: Fix pseudo_palette array size [VIDEO] sunxvr2500fb: Fix pseudo_palette array size [VIDEO] ffb: The pseudo_palette is only 16 elements long [VIDEO]: Fix section mismatch warning in promcon. [ATA]: Back out bogus (SPARC64 && !PCI) Kconfig depends. [SPARC64]: Fill in gaps in non-PCI dma_*() NOP implementation. [SPARC64]: Fix {mc,smt}_capable(). [SPARC64]: Make core and sibling groups equal on UltraSPARC-IV. [SPARC64]: Proper multi-core scheduling support. [SPARC64]: Provide mmu statistics via sysfs. [SPARC64]: Fix service channel hypervisor function names. [SPARC64]: Export basic cpu properties via sysfs. [SPARC64]: Move topology init code into new file, sysfs.c
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpcLinus Torvalds authored
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: [POWERPC] Fix building of COFF zImages [POWERPC] spufs: Fix error handling in spufs_fill_dir() [POWERPC] Add table of contents to booting-without-of.txt [POWERPC] spufs: Don't yield nosched context [POWERPC] Fix typo in booting-without-of-txt section numbering [POWERPC] scc_sio: Fix link failure [POWERPC] cbe_cpufreq: Limit frequency via cpufreq notifier chain [POWERPC] Fix pci_setup_phb_io_dynamic for pci_iomap [POWERPC] spufs scheduler: Fix wakeup races [POWERPC] spufs: Synchronize pte invalidation vs ps close [POWERPC] spufs: Free mm if spufs_fill_dir() failed [POWERPC] spufs: Fix gang destroy leaks [POWERPC] spufs: Hook up spufs_release_mem [POWERPC] spufs: Refuse to load the module when not running on cell [POWERPC] pasemi: Fix iommu + 64K PAGE_SIZE bug
-
Roland McGrath authored
This patch should get a few birds. It prevents sigaction calls from clearing TIF_SIGPENDING in other threads, which could leak -ERESTART*. And It fixes ptrace_stop not to clear it, which done at the syscall exit stop could leak -ERESTART*. It probably removes the harm from signalfd, at least assuming it never calls dequeue_signal on kernel threads that might have used block_all_signals. Signed-off-by: Roland McGrath <roland@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Satoru Takeuchi <takeuchi_satoru@jp.fujitsu.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Andy Whitcroft authored
scripts/checkpatch.pl should be executable, make it so. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Acked-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Joel Schopp <jschopp@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Paul Mackerras authored
The COFF zImage (for booting oldworld powermacs) wasn't being built correctly because the procedure descriptor in crt0.S for the zImage entry point wasn't declared as .globl, and therefore wasn't getting pulled in from wrapper.a by the linker. This adds the necessary .globl statement. Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Sebastian Siewior authored
The error path in spufs_fill_dir() is broken. If d_alloc_name() or spufs_new_file() fails, spufs_prune_dir() is getting called. At this time dir->inode is not set and a NULL pointer is dereferenced by mutex_lock(). This bugfix replaces spufs_prune_dir() with a shorter version that does not touch dir->inode but simply removes all children. Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Acked-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Stuart Yoder authored
Add table of contents. Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Christoph Hellwig authored
Nosched context sould never be scheduled out, thus we must not deactivate them in spu_yield ever. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Stuart Yoder authored
Fix typo in section numbering. Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Christoph Hellwig authored
scc_sio.o should only be built if the txx9 serial driver is actually built into the kernel. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> -- Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Thomas Renninger authored
... and get rid of cpufreq_set_policy call that caused a build failure due interfering commits. Signed-off-by: Thomas Renninger <trenn@suse.de> Signed-off-by: Christian Krafft <krafft@de.ibm.com> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Arnd Bergmann authored
We had a problem on a system with only dynamically allocated PCI buses (using of_pci_phb_driver) in combination with libata. This setup ended up having no "primary" phb, which means that pci_io_base never got initialized and all IO port numbers are 64 bit numbers, which is larger than the PIO_MASK limit. Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Christoph Hellwig authored
Fix the race between checking for contexts on the runqueue and actually waking them in spu_deactive and spu_yield. The guts of spu_reschedule are split into a new helper called grab_runnable_context which shows if there is a runnable thread below a specified priority and if yes removes if from the runqueue and uses it. This function is used by the new __spu_deactivate hepler shared by preemption and spu_yield to grab a new context before deactivating a specified priority and if yes removes if from the runqueue and uses it. This function is used by the new __spu_deactivate hepler shared by preemption and spu_yield to grab a new context before deactivating the old one. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Christoph Hellwig authored
Make sure the mapping_lock also protects access to the various address_space pointers used for tearing down the ptes on a spu context switch. Because unmap_mapping_range can sleep we need to turn mapping_lock from a spinlock into a sleeping mutex. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Sebastian Siewior authored
In case spufs_fill_dir() fails only put_spu_context() gets called for cleanup and the acquired mm_struct never gets freed. Signed-off-by: Sebastian Siewior <bigeasy@linux.vnet.ibm.com> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Jeremy Kerr authored
Previously, closing a SPE gang that still has contexts would trigger a WARN_ON, and leak the allocated gang. This change fixes the problem by using the gang's reference counts to destroy the gang instead. The gangs will persist until their last reference (be it context or open file handle) is gone. Also, avoid using statements with side-effects in a WARN_ON(). Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Christoph Hellwig authored
Currently spufs_mem_release and the mem file doesn't have any release method hooked up, leading to leaks everytime is used. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Arnd Bergmann authored
As noticed by David Woodhouse, it's currently possible to mount spufs on any machine, which means that it actually will get mounted by fedora. This refuses to load the module on platforms that have no support for SPUs. Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Olof Johansson authored
The powerpc iommu code was refactored by Linas back in the 2.6.20 time frame to map 4K pages from the generic code, but I had forgotten to go back and fix my platform driver before submitting it. Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
- 05 Jun, 2007 1 commit
-
-
Antonino Daplas authored
- the pseudo_palette is only 16 elements long. - the pseudo_palette has only 16 elements. Do not write if regno (the array index) is more than 15. Signed-off-by: Antonino Daplas <adaplas@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-