1. 02 Apr, 2008 24 commits
    • Brad Sawatzky's avatar
      USB: serial: fix regression in Visor/Palm OS module for kernels >= 2.6.24 · d04863e9
      Brad Sawatzky authored
      Fixes a bug/inconsistency revealed by the additional sanity checking in
         commit 063a2da8
      introduced in the original 2.6.24 branch.
      
      The Handspring Visor / PalmOS 4 device structure defines .num_bulk_out=2
      but the usb-serial probe returns num_bulk_out=3, triggering the check in
      the above commit and forcing a bail out when the device (a Garmin iQue in
      my case) attempts to connect.  The patch bumps the expected number of
      endpoints to 3.
      
      FWIW, this patch will probably solve the following kernel bug report for
      Treo users (identical symptoms, different model PalmOS units):
        <http://bugzilla.kernel.org/show_bug.cgi?id=10118>
      Signed-off-by: default avatarBrad Sawatzky <brad+kernel@swatter.net>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      d04863e9
    • Florian Fainelli's avatar
      USB: cp2101: Add identifiers for the Telegesys ETRX2USB · e8898681
      Florian Fainelli authored
      This patch adds support for the Telegesys ETRX2USB which
      works fine with the cp2101 driver.
      Signed-off-by: default avatarFlorian Fainelli <florian.fainelli@telecomint.eu>
      Tested-by: default avatarXavier Carcelle <xavier.carcelle@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e8898681
    • Robert Spanton's avatar
      USB: serial: ti_usb_3410_5052: Correct TUSB3410 endpoint requirements. · 1bfd6693
      Robert Spanton authored
      The changes introduced in commit
      063a2da8 changed the semantics of the
      num_interrupt_in, num_interrupt_out, num_bulk_in and num_bulk_out
      entries of the usb_serial_driver struct to be the number of endpoints
      the device has when probed.
      
      This patch changes the ti_1port_device usb_serial_driver struct to
      reflect this change.  The single port devices only have 1
      bulk_out endpoint in their initial configuration, and so this patch
      changes the number of other types to NUM_DONT_CARE.
      
      The same change probably needs doing to the ti_2port_device struct,
      but I don't have a two port device at hand.
      Signed-off-by: default avatarRobert Spanton <rspanton@zepler.net>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      1bfd6693
    • David Brownell's avatar
      USB: another ehci_iaa_watchdog fix · cdc647a9
      David Brownell authored
      This patch, suggested by Alan Stern, fixes the hung USB issues
      on my notebook from suspend/resume cycles.
      
      It does so by eliminating some confusion about the internal state
      machine associated with unlinking from the EHCI async schedule ring,
      which caused a recent regression:
      
        http://bugzilla.kernel.org/show_bug.cgi?id=10345Signed-off-by: default avatarMark Lord <mlord@pobox.com>
      Signed-off-by: default avatarDavid Brownell <dbrownell@users.sourceforge.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      cdc647a9
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb · 49115b7c
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb:
        V4L/DVB (7486): radio-cadet: wrap PNP probe code in #ifdef CONFIG_PNP
        V4L/DVB (7485): v4l2-int-device.c: add MODULE_LICENSE
        V4L/DVB (7466): Avoid minor model number warning when an OEM HVR1250 board is detected
        V4L/DVB (7465): Fix eeprom parsing and errors on the HVR1800 products
        V4L/DVB (7464): Convert driver to use a single SRAM memory map
        V4L/DVB (7461): bttv: fix missed index check
        V4L/DVB (7400): bttv: Add a radio compat_ioctl file operation
        V4L/DVB (7278): bttv: Re-enable radio tuner support for VIDIOCGFREQ/VIDIOCSFREQ ioctls
        V4L/DVB (7277): bttv: Re-enabling radio support requires the use of struct bttv_fh
      49115b7c
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 · d200ccce
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
        [SCSI] mvsas: check subsystem id
        [SCSI] mvsas: get phy info.
        [SCSI] mvsas: fix the buffer of rx DMA overflow bug
        [SCSI] mvsas: retry aborting task.
        [SCSI] mvsas: check hd whether unplugged
        [SCSI] mvsas : interrupt handling
        [SCSI] mvsas: a tag handler implementation
        [SCSI] mvsas: fill in error info record and phy mode6 bits.
        [SCSI] libsas: Warn if ATA device detected but CONFIG_SCSI_SAS_ATA not set
        [SCSI] hosts.c: fixes for "no error" reported after error scenarios
        Revert "[SCSI] fix bsg queue oops with iscsi logout"
      d200ccce
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 · 4c61f72c
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
        sparc64: remove unused calc_npages() in iommu_common.h
        sparc64: add the segment boundary checking to IOMMUs while merging SG entries
        [SPARC64]: Don't open-code {get,put}_cpu_var() in flush_tlb_pending().
      4c61f72c
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · 2f819ae8
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (45 commits)
        [VLAN]: Proc entry is not renamed when vlan device name changes.
        [IPV6]: Fix ICMP relookup error path dst leak
        [ATM] drivers/atm/iphase.c: compilation warning fix
        IPv6: do not create temporary adresses with too short preferred lifetime
        IPv6: only update the lifetime of the relevant temporary address
        bluetooth : __rfcomm_dlc_close lock fix
        bluetooth : use lockdep sub-classes for diffrent bluetooth protocol
        [ROSE/AX25] af_rose: rose_release() fix
        mac80211: correct use_short_preamble handling
        b43: Fix PCMCIA IRQ routing
        b43: Add DMA mapping failure messages
        mac80211: trigger ieee80211_sta_work after opening interface
        [LLC]: skb allocation size for responses
        [IP] UDP: Use SEQ_START_TOKEN.
        [NET]: Remove Documentation/networking/sk98lin.txt
        [ATM] atm/idt77252.c: Make 2 functions static
        [ATM]: Make atm/he.c:read_prom_byte() static
        [IPV6] MCAST: Ensure to check multicast listener(s).
        [LLC]: Kill llc_station_mac_sa symbol export.
        forcedeth: fix locking bug with netconsole
        ...
      2f819ae8
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 · d40c2f29
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
        selinux: handle files opened with flags 3 by checking ioctl permission
      d40c2f29
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block · 6be9f7b2
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.dk/linux-2.6-block:
        cfq-iosched: fix rcu freeing of cfq io contexts
        Fix bounce setting for 64-bit
      6be9f7b2
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 8774b7f6
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk
      8774b7f6
    • Sven Schnelle's avatar
      afs: add missing up_write() on return · a5f37c32
      Sven Schnelle authored
      If afs_cell_alloc() fails, afs_cells_sem doesn't get unlocked, which
      leads to a deadlock.  Unlock it before returning.
      Signed-off-by: default avatarSven Schnelle <svens@stackframe.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a5f37c32
    • Fabio Checconi's avatar
      cfq-iosched: fix rcu freeing of cfq io contexts · 34e6bbf2
      Fabio Checconi authored
      SLAB_DESTROY_BY_RCU is not a direct substitute for normal call_rcu()
      freeing, since it'll page freeing but NOT object freeing. So change
      cfq to do the freeing on its own.
      Signed-off-by: default avatarFabio Checconi <fabio@gandalf.sssup.it>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      34e6bbf2
    • Pavel Emelyanov's avatar
      [VLAN]: Proc entry is not renamed when vlan device name changes. · 802fb176
      Pavel Emelyanov authored
      This may lead to situations, when each of two proc entries produce
      data for the other's device.
      
      Looks like a BUG, so this patch is for net-2.6. It will not apply to
      net-2.6.26 since dev->nd_net access is replaced with dev_net(dev)
      one.
      Signed-off-by: default avatarPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      802fb176
    • Andrea Arcangeli's avatar
      Fix bounce setting for 64-bit · 00d61e3e
      Andrea Arcangeli authored
      Looking a bit closer into this regression the reason this can't be
      right is that dma_addr common default is BLK_BOUNCE_HIGH and most
      machines have less than 4G. So if you do:
      
          if (b_pfn <= (min_t(u64, 0xffffffff, BLK_BOUNCE_HIGH) >> PAGE_SHIFT))
      	dma = 1
      
      that will translate to:
      
           if (BLK_BOUNCE_HIGH <= BLK_BOUNCE_HIGH)
           	dma = 1
      
      So for 99% of hardware this will trigger unnecessary GFP_DMA
      allocations and isa pooling operations.
      
      Also note how the 32bit code still does b_pfn < blk_max_low_pfn.
      
      I guess this is what you were looking after. I didn't verify but as
      far as I can tell, this will stop the regression with isa dma
      operations at boot for 99% of blkdev/memory combinations out there and
      I guess this fixes the setups with >4G of ram and 32bit pci cards as
      well (this also retains symmetry with the 32bit code).
      Signed-off-by: default avatarAndrea Arcangeli <andrea@qumranet.com>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      00d61e3e
    • Herbert Xu's avatar
      [IPV6]: Fix ICMP relookup error path dst leak · f32c5f2c
      Herbert Xu authored
      When we encounter an error while looking up the dst the second
      time we need to drop the first dst.  This patch is pretty much
      the same as the one for IPv4.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f32c5f2c
    • Leonardo Potenza's avatar
      [ATM] drivers/atm/iphase.c: compilation warning fix · a22eb6fa
      Leonardo Potenza authored
      Removed the warning messages:
      drivers/atm/iphase.c:961: warning: 'tcnter' defined but not used
      drivers/atm/iphase.c:963: warning: 'xdump' defined but not used
      
      tcnter and xdump() are used only in debug build
      Signed-off-by: default avatarLeonardo Potenza <lpotenza@inwind.it>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a22eb6fa
    • Benoit Boissinot's avatar
      IPv6: do not create temporary adresses with too short preferred lifetime · eac55bf9
      Benoit Boissinot authored
      From RFC341:
      A temporary address is created only if this calculated Preferred
      Lifetime is greater than REGEN_ADVANCE time units.  In particular, an
      implementation must not create a temporary address with a zero
      Preferred Lifetime.
      Signed-off-by: default avatarBenoit Boissinot <benoit.boissinot@ens-lyon.org>
      Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eac55bf9
    • Benoit Boissinot's avatar
      IPv6: only update the lifetime of the relevant temporary address · c6fbfac2
      Benoit Boissinot authored
      When receiving a prefix information from a routeur, only update the
      lifetimes of the temporary address associated with that prefix.
      
      Otherwise if one deprecated prefix is advertized, all your temporary
      addresses will become deprecated.
      Signed-off-by: default avatarBenoit Boissinot <benoit.boissinot@ens-lyon.org>
      Acked-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6fbfac2
    • Dave Young's avatar
      bluetooth : __rfcomm_dlc_close lock fix · 1905f6c7
      Dave Young authored
      Lockdep warning will be trigged while rfcomm connection closing.
      
      The locks taken in rfcomm_dev_add:
      rfcomm_dev_lock --> d->lock
      
      In __rfcomm_dlc_close:
      d->lock --> rfcomm_dev_lock (in rfcomm_dev_state_change)
      
      There's two way to fix it, one is in rfcomm_dev_add we first locking
      d->lock then the rfcomm_dev_lock
      
      The other (in this patch), remove the locking of d->lock for
      rfcomm_dev_state_change because just locking "d->state = BT_CLOSED;"
      is enough.
      
      [  295.002046] =======================================================
      [  295.002046] [ INFO: possible circular locking dependency detected ]
      [  295.002046] 2.6.25-rc7 #1
      [  295.002046] -------------------------------------------------------
      [  295.002046] krfcommd/2705 is trying to acquire lock:
      [  295.002046]  (rfcomm_dev_lock){-.--}, at: [<f89a090a>] rfcomm_dev_state_change+0x6a/0xd0 [rfcomm]
      [  295.002046] 
      [  295.002046] but task is already holding lock:
      [  295.002046]  (&d->lock){--..}, at: [<f899c533>] __rfcomm_dlc_close+0x43/0xd0 [rfcomm]
      [  295.002046] 
      [  295.002046] which lock already depends on the new lock.
      [  295.002046] 
      [  295.002046] 
      [  295.002046] the existing dependency chain (in reverse order) is:
      [  295.002046] 
      [  295.002046] -> #1 (&d->lock){--..}:
      [  295.002046]        [<c0149b23>] check_prev_add+0xd3/0x200
      [  295.002046]        [<c0149ce5>] check_prevs_add+0x95/0xe0
      [  295.002046]        [<c0149f6f>] validate_chain+0x23f/0x320
      [  295.002046]        [<c014b7b1>] __lock_acquire+0x1c1/0x760
      [  295.002046]        [<c014c349>] lock_acquire+0x79/0xb0
      [  295.002046]        [<c03d6b99>] _spin_lock+0x39/0x80
      [  295.002046]        [<f89a01c0>] rfcomm_dev_add+0x240/0x360 [rfcomm]
      [  295.002046]        [<f89a047e>] rfcomm_create_dev+0x6e/0xe0 [rfcomm]
      [  295.002046]        [<f89a0823>] rfcomm_dev_ioctl+0x33/0x60 [rfcomm]
      [  295.002046]        [<f899facc>] rfcomm_sock_ioctl+0x2c/0x50 [rfcomm]
      [  295.002046]        [<c0363d38>] sock_ioctl+0x118/0x240
      [  295.002046]        [<c0194196>] vfs_ioctl+0x76/0x90
      [  295.002046]        [<c0194446>] do_vfs_ioctl+0x56/0x140
      [  295.002046]        [<c0194569>] sys_ioctl+0x39/0x60
      [  295.002046]        [<c0104faa>] syscall_call+0x7/0xb
      [  295.002046]        [<ffffffff>] 0xffffffff
      [  295.002046] 
      [  295.002046] -> #0 (rfcomm_dev_lock){-.--}:
      [  295.002046]        [<c0149a84>] check_prev_add+0x34/0x200
      [  295.002046]        [<c0149ce5>] check_prevs_add+0x95/0xe0
      [  295.002046]        [<c0149f6f>] validate_chain+0x23f/0x320
      [  295.002046]        [<c014b7b1>] __lock_acquire+0x1c1/0x760
      [  295.002046]        [<c014c349>] lock_acquire+0x79/0xb0
      [  295.002046]        [<c03d6639>] _read_lock+0x39/0x80
      [  295.002046]        [<f89a090a>] rfcomm_dev_state_change+0x6a/0xd0 [rfcomm]
      [  295.002046]        [<f899c548>] __rfcomm_dlc_close+0x58/0xd0 [rfcomm]
      [  295.002046]        [<f899d44f>] rfcomm_recv_ua+0x6f/0x120 [rfcomm]
      [  295.002046]        [<f899e061>] rfcomm_recv_frame+0x171/0x1e0 [rfcomm]
      [  295.002046]        [<f899e357>] rfcomm_run+0xe7/0x550 [rfcomm]
      [  295.002046]        [<c013c18c>] kthread+0x5c/0xa0
      [  295.002046]        [<c0105c07>] kernel_thread_helper+0x7/0x10
      [  295.002046]        [<ffffffff>] 0xffffffff
      [  295.002046] 
      [  295.002046] other info that might help us debug this:
      [  295.002046] 
      [  295.002046] 2 locks held by krfcommd/2705:
      [  295.002046]  #0:  (rfcomm_mutex){--..}, at: [<f899e2eb>] rfcomm_run+0x7b/0x550 [rfcomm]
      [  295.002046]  #1:  (&d->lock){--..}, at: [<f899c533>] __rfcomm_dlc_close+0x43/0xd0 [rfcomm]
      [  295.002046] 
      [  295.002046] stack backtrace:
      [  295.002046] Pid: 2705, comm: krfcommd Not tainted 2.6.25-rc7 #1
      [  295.002046]  [<c0128a38>] ? printk+0x18/0x20
      [  295.002046]  [<c014927f>] print_circular_bug_tail+0x6f/0x80
      [  295.002046]  [<c0149a84>] check_prev_add+0x34/0x200
      [  295.002046]  [<c0149ce5>] check_prevs_add+0x95/0xe0
      [  295.002046]  [<c0149f6f>] validate_chain+0x23f/0x320
      [  295.002046]  [<c014b7b1>] __lock_acquire+0x1c1/0x760
      [  295.002046]  [<c014c349>] lock_acquire+0x79/0xb0
      [  295.002046]  [<f89a090a>] ? rfcomm_dev_state_change+0x6a/0xd0 [rfcomm]
      [  295.002046]  [<c03d6639>] _read_lock+0x39/0x80
      [  295.002046]  [<f89a090a>] ? rfcomm_dev_state_change+0x6a/0xd0 [rfcomm]
      [  295.002046]  [<f89a090a>] rfcomm_dev_state_change+0x6a/0xd0 [rfcomm]
      [  295.002046]  [<f899c548>] __rfcomm_dlc_close+0x58/0xd0 [rfcomm]
      [  295.002046]  [<f899d44f>] rfcomm_recv_ua+0x6f/0x120 [rfcomm]
      [  295.002046]  [<f899e061>] rfcomm_recv_frame+0x171/0x1e0 [rfcomm]
      [  295.002046]  [<c014abd9>] ? trace_hardirqs_on+0xb9/0x130
      [  295.002046]  [<c03d6e89>] ? _spin_unlock_irqrestore+0x39/0x70
      [  295.002046]  [<f899e357>] rfcomm_run+0xe7/0x550 [rfcomm]
      [  295.002046]  [<c03d4559>] ? __sched_text_start+0x229/0x4c0
      [  295.002046]  [<c0120000>] ? cpu_avg_load_per_task+0x20/0x30
      [  295.002046]  [<f899e270>] ? rfcomm_run+0x0/0x550 [rfcomm]
      [  295.002046]  [<c013c18c>] kthread+0x5c/0xa0
      [  295.002046]  [<c013c130>] ? kthread+0x0/0xa0
      [  295.002046]  [<c0105c07>] kernel_thread_helper+0x7/0x10
      [  295.002046]  =======================
      Signed-off-by: default avatarDave Young <hidave.darkstar@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1905f6c7
    • Dave Young's avatar
      bluetooth : use lockdep sub-classes for diffrent bluetooth protocol · 68845cb2
      Dave Young authored
      'rfcomm connect' will trigger lockdep warnings which is caused by
      locking diffrent kinds of bluetooth sockets at the same time.
      
      So using sub-classes per AF_BLUETOOTH sub-type for lockdep.
      
      Thanks for the hints from dave jones.
      
      ---
      > From: Dave Jones <davej@codemonkey.org.uk>
      > Date: Thu, 27 Mar 2008 12:21:56 -0400
      >
      > > Mar 27 08:10:57 localhost kernel: Pid: 3611, comm: obex-data-serve Not tainted 2.6.25-0.121.rc5.git4.fc9 #1
      > > Mar 27 08:10:57 localhost kernel:  [__lock_acquire+2287/3089] __lock_acquire+0x8ef/0xc11
      > > Mar 27 08:10:57 localhost kernel:  [sched_clock+8/11] ? sched_clock+0x8/0xb
      > > Mar 27 08:10:57 localhost kernel:  [lock_acquire+106/144] lock_acquire+0x6a/0x90
      > > Mar 27 08:10:57 localhost kernel:  [<f8bd9321>] ? l2cap_sock_bind+0x29/0x108 [l2cap]
      > > Mar 27 08:10:57 localhost kernel:  [lock_sock_nested+182/198] lock_sock_nested+0xb6/0xc6
      > > Mar 27 08:10:57 localhost kernel:  [<f8bd9321>] ? l2cap_sock_bind+0x29/0x108 [l2cap]
      > > Mar 27 08:10:57 localhost kernel:  [security_socket_post_create+22/27] ? security_socket_post_create+0x16/0x1b
      > > Mar 27 08:10:57 localhost kernel:  [__sock_create+388/472] ? __sock_create+0x184/0x1d8
      > > Mar 27 08:10:57 localhost kernel:  [<f8bd9321>] l2cap_sock_bind+0x29/0x108 [l2cap]
      > > Mar 27 08:10:57 localhost kernel:  [kernel_bind+10/13] kernel_bind+0xa/0xd
      > > Mar 27 08:10:57 localhost kernel:  [<f8dad3d7>] rfcomm_dlc_open+0xc8/0x294 [rfcomm]
      > > Mar 27 08:10:57 localhost kernel:  [lock_sock_nested+187/198] ? lock_sock_nested+0xbb/0xc6
      > > Mar 27 08:10:57 localhost kernel:  [<f8dae18c>] rfcomm_sock_connect+0x8b/0xc2 [rfcomm]
      > > Mar 27 08:10:57 localhost kernel:  [sys_connect+96/125] sys_connect+0x60/0x7d
      > > Mar 27 08:10:57 localhost kernel:  [__lock_acquire+1370/3089] ? __lock_acquire+0x55a/0xc11
      > > Mar 27 08:10:57 localhost kernel:  [sys_socketcall+140/392] sys_socketcall+0x8c/0x188
      > > Mar 27 08:10:57 localhost kernel:  [syscall_call+7/11] syscall_call+0x7/0xb
      ---
      Signed-off-by: default avatarDave Young <hidave.darkstar@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      68845cb2
    • Jarek Poplawski's avatar
      [ROSE/AX25] af_rose: rose_release() fix · 4965291a
      Jarek Poplawski authored
      rose_release() doesn't release sockets properly, e.g. it skips
      sock_orphan(), so OOPSes are triggered in sock_def_write_space(),
      which was observed especially while ROSE skbs were kfreed from
      ax25_frames_acked(). There is also sock_hold() and lock_sock() added -
      similarly to ax25_release(). Thanks to Bernard Pidoux for substantial
      help in debugging this problem.
      Signed-off-by: default avatarJarek Poplawski <jarkao2@gmail.com>
      Reported-and-tested-by: default avatarBernard Pidoux <bpidoux@free.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4965291a
    • Joy Latten's avatar
      [CRYPTO] xcbc: Fix crash when ipsec uses xcbc-mac with big data chunk · 1edcf2e1
      Joy Latten authored
      The kernel crashes when ipsec passes a udp packet of about 14XX bytes
      of data to aes-xcbc-mac.
      
      It seems the first xxxx bytes of the data are in first sg entry,
      and remaining xx bytes are in next sg entry. But we don't 
      check next sg entry to see if we need to go look the page up.
      
      I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check
      and possible lookup, thus xcbc.c needs to use this routine too.
      
      A 15-hour run of an ipsec stress test sending streams of tcp and
      udp packets of various sizes,  using this patch and 
      aes-xcbc-mac completed successfully, so hopefully this fixes the
      problem.
      Signed-off-by: default avatarJoy Latten <latten@austin.ibm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1edcf2e1
    • Stephen Smalley's avatar
      selinux: handle files opened with flags 3 by checking ioctl permission · 0794c66d
      Stephen Smalley authored
      Handle files opened with flags 3 by checking ioctl permission.
      
      Default to returning FILE__IOCTL from file_to_av() if the f_mode has neither
      FMODE_READ nor FMODE_WRITE, and thus check ioctl permission on exec or
      transfer, thereby validating such descriptors early as with normal r/w
      descriptors and catching leaks of them prior to attempted usage.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: default avatarEric Paris <eparis@redhat.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      0794c66d
  2. 01 Apr, 2008 16 commits