Commit graph

26580 commits

Author SHA1 Message Date
Luiz Fernando Capitulino 704936a25b [PATCH] usbserial: Fixes use-after-free in serial_open().
If the device is disconnected while serial_open() is executing and
either try_module_get() or the device specific open function fails, the
kref_put() call in the 'bailout_kref_put' label will free the memory
pointed out by 'port'.

The subsequent dereferences in the 'bailout_kref_put' label will be
invalid.

The fix is just to assure kref_put() is called after any 'port' usage.

Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Monty 16c23f7d88 [PATCH] USB: Emagic USB firmware loading fixes
It's become apparent as machines get faster that the emagic kernel firmware
loaders (based on the ezusb loader) have a reset race.  a 400MHz TiBook
never tripped it, but a 2GHz Pentium M seems to hit it about 30% of the
time.  The bug is seen as a hung USB box and the kernel error:

drivers/usb/misc/emi62.c: emi62_load_firmware - error loading firmware:
error = -110

The patch below inserts a delay after deasserting reset to allow the box to
settle before a new command is issued.  This affects only device startup.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Olaf Hering 332bbf6138 [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
After recent changes, the USB keyboard as shipped with IBM pSeries systems
does not work anymore, unless the keyboard is replugged after reboot.
Adding this model to the blacklist fixes it.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Ken Brush b68f7de02a [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
This adds the Sierra Wireless card to airprime.c.

I tested this on my laptop.

Signed-off-by: Ken Brush <ken@cgi101.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:08 -07:00
Razvan Gavril 72a9f95842 [PATCH] USB: ftdi_sio: add device id for ACT Solutions HomePro ZWave interface
Signed-off-by: Razvan Gavril <razvan.g@plutohome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:56 -07:00
Ian Abbott 20a0f47e18 [PATCH] USB: ftdi_sio: Add support for HCG HF Dual ISO RFID Reader
This patch adds support for ACG Identification Technologies GmbH's HF
Dual ISO Reader (an RFID tag reader) to the ftdi_sio driver's device ID
table.  The product ID was supplied by anotonios (anton at goto10 dot
org) on the ftdi-usb-sio-devel list and subsequently verified by myself
(Ian Abbott).

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:55 -07:00
Pete Zaitcev 77ef6c4d6e [PATCH] USB: ub oops in block_uevent
In kernel 2.6.16, if a mounted storage device is removed, an oops happens
because ub supplies an interface device (and kobject) to the block layer,
but neglects to pin it. And apparently, the block layer expects its users
to pin device structures.

The code in ub was broken this way for years. But the bug was exposed only
by 2.6.16 when it started to call block_uevent on close, which traverses
device structures (kobjects actually).

Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:55 -07:00
Alan Stern 436f5762bc [PATCH] USB: usbcore: don't check the device's power source
The choose_configuration() routine contains code the determine the
device's power source, so that configurations requiring external power
can be ruled out if the device is running on bus power.  Unfortunately
it turns out that some devices have errors in their config descriptors
and other devices don't like the GET_DEVICE_STATUS request.

Since that information wasn't used for anything else, this patch (as673)
removes the code, leaving only a comment.  It fixes bugzilla entry
#6448.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:55 -07:00
David Brownell db4cefaaea [PATCH] USB: fix OHCI PM regression
This fixes a small regression in USB controller power usage for many
OHCI controllers, notably including every non-PCI version of OHCI:  on
those systems, the runtime autosuspend mechanism is no longer enabled.

The change moves to saner defaults.  All root hubs are expected to handle
remote wakeup (and hence autosuspend), although drivers for buggy silicon
may override that default.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:55 -07:00
David Brownell 7e713b8256 [PATCH] USB: pegasus fixes (logstorm, suspend)
Teach "pegasus" to handle a few of the disconnect fault paths
without hundreds of usless syslog messages.

Handle the carrier check workqueue entry even if the driver has
not been opened.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:55 -07:00
Duncan Sands 6275cdfa0f [PATCH] USBATM: fix modinfo output
Because of the way stringify works, using an expression
like 64 * 1024 for UDSL_MAX_BUF_SIZE results in 64 * 1024
turning up in the modinfo output instead of 65536.  So use
65536 directly (this was the only way I found of fixing this).

Signed-off-by: Duncan Sands <baldrick@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:54 -07:00
Duncan Sands 67c752b41a [PATCH] USBATM: change the default speedtouch iso altsetting
The maximum possible bandwidth for a speedtouch modem is about 7Mbaud.
You can only get this by using isochronous urbs (enable_isoc=1) and
altsetting 3.  With the current default altsetting of 2, the modem
maxes out at about 4Mbaud.  So change the default altsetting to 3
when using isochronous urbs.  It would be nice to base the altsetting
on the detected line speed, but that's hard given the current design.

Signed-off-by: Duncan Sands <baldrick@free.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:54 -07:00
David Brownell 839ab1d4ce [PATCH] USB: fix bug in ohci-hcd.c ohci_restart()
A loop on a power-lost resume path used the wrong index.
I suspect khubd has been working around such bugs.
Noticed by Andreas Mohr <andi@rhlx01.fht-esslingen.de>.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-08 23:43:54 -07:00
Linus Torvalds e515f048c4 Merge git://oss.sgi.com:8090/xfs-2.6
* git://oss.sgi.com:8090/xfs-2.6:
  [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing an
  [XFS] Fix a project quota space accounting leak on rename.
  [XFS] Fix a possible forced shutdown due to mishandling write barriers
2006-05-08 17:41:05 -07:00
Linus Torvalds 601e7f024e Revert "kbuild: fix modpost segfault for 64bit mipsel kernel"
This reverts commit c8d8b837eb, which
caused problems for the x86 build. Quoth Sam:

  "It was discussed on mips list but apparently the fix was bogus.  I
   will not have time to look into it so mips can carry this local fix
   until we get a proper fix in mainline."

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 13:38:42 -07:00
Andi Kleen 6810b548b2 [PATCH] x86_64: Move ondemand timer into own work queue
Taking the cpu hotplug semaphore in a normal events workqueue
is unsafe because other tasks can wait for any workqueues with
it hold. This results in a deadlock.

Move the DBS timer into its own work queue which is not
affected by other work queue flushes to avoid this.

Has been acked by Venkatesh.

Cc: venkatesh.pallipadi@intel.com
Cc: cpufreq@lists.linux.org.uk
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Andi Kleen ac71d12c99 [PATCH] x86_64: Avoid EBDA area in early boot allocator
Based on analysis&patch from Robert Hentosch

Observed on a Dell PE6850 with 16GB

The problem occurs very early on, when the kernel allocates space for the
temporary memory map called bootmap. The bootmap overlaps the EBDA region.
EBDA region is not historically reserved in the e820 mapping. When the
bootmap is freed it marks the EBDA region as usable.

If you notice in setup.c there is already code to work around the EBDA
in reserve_ebda_region(), this check however occurs after the bootmap
is allocated and doesn't prevent the bootmap from using this range.

AK: I redid the original patch. Thanks also to Jan Beulich for
spotting some mistakes.

Cc: Robert_Hentosch@dell.com
Cc: jbeulich@novell.com
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Corey Minyard 8b1ffe9550 [PATCH] x86_64: add nmi_exit to die_nmi
Playing with NMI watchdog on x86_64, I discovered that it didn't
do what I expected.  It always panic-ed, even when it didn't
happen from interrupt context.  This patch solves that
problem for me.  Also, in this case, do_exit() will be called
with interrupts disabled, I believe.  Would it be wise to also
call local_irq_enable() after nmi_exit()?
[Yes I added it -AK]

Currently, on x86_64, any NMI watchdog timeout will cause a panic
because the irq count will always be set to be in an interrupt
when do_exit() is called from die_nmi().  If we add nmi_exit() to
the die_nmi() call (since the nmi will never exit "normally")
it seems to solve this problem.  The following small program
can be used to trigger the NMI watchdog to reproduce this:
  main ()
  {
        iopl(3);
        for (;;) asm("cli");
  }

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Corey Minyard cdc60a4c8e [PATCH] x86_64: fix die_lock nesting
I noticed this when poking around in this area.

The oops_begin() function in x86_64 would only conditionally claim
the die_lock if the call is nested, but oops_end() would always
release the spinlock. This patch adds a nest count for the die lock
so that the release of the lock is only done on the final oops_end().

Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Andi Kleen 5192d84e4c [PATCH] x86_64: Check for too many northbridges in IOMMU code
The IOMMU code can only deal with 8 northbridges. Error out when
more are found.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Kimball Murray e0c1e9bf81 [PATCH] x86_64: avoid IRQ0 ioapic pin collision
The patch addresses a problem with ACPI SCI interrupt entry, which gets
re-used, and the IRQ is assigned to another unrelated device.  The patch
corrects the code such that SCI IRQ is skipped and duplicate entry is
avoided.  Second issue came up with VIA chipset, the problem was caused by
original patch assigning IRQs starting 16 and up.  The VIA chipset uses
4-bit IRQ register for internal interrupt routing, and therefore cannot
handle IRQ numbers assigned to its devices.  The patch corrects this
problem by allowing PCI IRQs below 16.

Cc: len.brown@intel.com

Signed-off by: Natalie Protasevich <Natalie.Protasevich@unisys.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 09:34:56 -07:00
Linus Torvalds abfd305718 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] remove asm-ia64/bitops.h self-inclusion
  [IA64] strcpy returns NULL pointer and not destination pointer
2006-05-08 09:28:35 -07:00
Linus Torvalds 96b8eaa14a Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IRDA] irda-usb: use NULL instead of 0
  [IPV4]: Remove likely in ip_rcv_finish()
  [NET]: Create netdev attribute_groups with class_device_add
  [CLASS DEVICE]: add attribute_group creation
2006-05-08 09:11:10 -07:00
Linus Torvalds bed7a56033 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild:
  kbuild: Do not overwrite makefile as anohter user
  kbuild: drivers/video/logo/ - fix ident glitch
  kbuild: fix gen_initramfs_list.sh
  kbuild modpost - relax driver data name
  kbuild: removing .tmp_versions considered harmful
  kbuild: fix modpost segfault for 64bit mipsel kernel
2006-05-08 09:10:44 -07:00
Trond Myklebust 75dff55af9 [PATCH] fs/locks.c: Fix lease_init
It is insane to be giving lease_init() the task of freeing the lock it is
supposed to initialise, given that the lock is not guaranteed to be
allocated on the stack. This causes lockups in fcntl_setlease().
Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com>

Also fix a slab leak in __setlease() due to an uninitialised return value.
Problem diagnosed by Björn Steinbrink.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Daniel Hokka Zakrisson <daniel@hozac.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-08 08:07:17 -07:00
Nathan Scott e63a369001 [XFS] Fix a possible metadata buffer (AGFL) refcount leak when fixing an
AG freelist.

SGI-PV: 952681
SGI-Modid: xfs-linux-melb:xfs-kern:25902a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:58 +10:00
Nathan Scott b1ecdda931 [XFS] Fix a project quota space accounting leak on rename.
SGI-PV: 951636
SGI-Modid: xfs-linux-melb:xfs-kern:25811a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:42 +10:00
Nathan Scott d08d389d5a [XFS] Fix a possible forced shutdown due to mishandling write barriers
with remount,ro.

SGI-PV: 951944
SGI-Modid: xfs-linux-melb:xfs-kern:25742a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-05-08 19:51:28 +10:00
Jan Beulich fd5f0cd6b0 kbuild: Do not overwrite makefile as anohter user
Change the conditional of the outputmakefile rule to be evaluated entirely
in make, and add a conditional to not touch the generated makefile when e.g.
running 'make install' as root while the build was done as non-root. Also
adjust the comment describing this, and move the message printing and
redirection to mkmakefile.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
2006-05-08 06:55:32 +02:00
Linus Torvalds 9d21f09ca0 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3507/1: Replace map_desc.physical with map_desc.pfn: aaed2000
  [ARM] 3506/1: aaec2000: debug-macro.S needs hardware.h
  [ARM] 3505/1: aaec2000: entry-macro.S needs asm/arch/irqs.h
  [ARM] 3504/1: Fix clcd includes for aaec2000
  [ARM] 3503/1: Fix map_desc structure for aaec2000
  [ARM] 3501/1: i.MX: fix lowlevel debug macros
  [ARM] rtc-sa1100: fix compiler warnings and error cleanup
  [ARM] Allow SA1100 RTC alarm to be configured for wakeup
2006-05-07 17:32:57 -07:00
Bellido Nicolas 74fae122eb [ARM] 3507/1: Replace map_desc.physical with map_desc.pfn: aaed2000
Patch from Bellido Nicolas

aaed2000 map_desc.pfn conversion

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:24 +01:00
Bellido Nicolas 9a708becaf [ARM] 3506/1: aaec2000: debug-macro.S needs hardware.h
Patch from Bellido Nicolas

Include hardware.h in debug-macro.S, otherwise io_p2v is undefined.

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:23 +01:00
Bellido Nicolas 201be92a42 [ARM] 3505/1: aaec2000: entry-macro.S needs asm/arch/irqs.h
Patch from Bellido Nicolas

Since git commit 2b78838842, entry-macro.S needs to include asm/arch/irqs.h

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:22 +01:00
Bellido Nicolas 8a33b224ec [ARM] 3504/1: Fix clcd includes for aaec2000
Patch from Bellido Nicolas

Since this patch:
 [ARM] 3366/1: Allow the 16bpp mode configuration in the CLCD control register

linux/amba/bus.h needs to be included before linux/amba/clcd.h

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:21 +01:00
Bellido Nicolas 16b6dd4419 [ARM] 3503/1: Fix map_desc structure for aaec2000
Patch from Bellido Nicolas

Patch:
 [ARM] 2982/1: Replace map_desc.physical with map_desc.pfn: aaec2000
incorrectly expanded the struct map_desc for aaec2000.

Signed-off-by: Nicolas Bellido <ml@acolin.be>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 22:49:21 +01:00
Sascha Hauer 216251cff9 [ARM] 3501/1: i.MX: fix lowlevel debug macros
Patch from Sascha Hauer

This patch fixes the addruart macro to work with both mmu enabled and
disabled.

Signed-off-by: Sascha Hauer <s.hauer@pengutonix.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-07 18:56:27 +01:00
Linus Torvalds f5b40e363a Fix ptrace_attach()/ptrace_traceme()/de_thread() race
This holds the task lock (and, for ptrace_attach, the tasklist_lock)
over the actual attach event, which closes a race between attacking to a
thread that is either doing a PTRACE_TRACEME or getting de-threaded.

Thanks to Oleg Nesterov for reminding me about this, and Chris Wright
for noticing a lost return value in my first version.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-07 10:49:33 -07:00
Randy Dunlap 0eb1bd210d [IRDA] irda-usb: use NULL instead of 0
Use NULL instead of 0 for a null pointer value (sparse warning):

drivers/net/irda/irda-usb.c:1781:30: warning: Using plain integer as NULL pointer

Also, correct timeout argument to use milliseconds instead of jiffies.

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 18:34:10 -07:00
Hua Zhong 0182bd2b1e [IPV4]: Remove likely in ip_rcv_finish()
This is another result from my likely profiling tool
(dwalker@mvista.com just sent the patch of the profiling tool to
linux-kernel mailing list, which is similar to what I use).

On my system (not very busy, normal development machine within a
VMWare workstation), I see a 6/5 miss/hit ratio for this "likely".

Signed-off-by: Hua Zhong <hzhong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 18:11:39 -07:00
Stephen Hemminger fe9925b551 [NET]: Create netdev attribute_groups with class_device_add
Atomically create attributes when class device is added. This avoids
the race between registering class_device (which generates hotplug
event), and the creation of attribute groups.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 17:56:03 -07:00
Stephen Hemminger 1498221d51 [CLASS DEVICE]: add attribute_group creation
Extend the support of attribute groups in class_device's to allow
groups to be created as part of the registration process. This allows
network device's to avoid race between registration and creating
groups.

Note that unlike attributes that are a property of the class object,
the groups are a property of the class_device object. This is done
because there are different types of network devices (wireless for
example).

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-06 17:55:11 -07:00
Russell King f12267011d [ARM] rtc-sa1100: fix compiler warnings and error cleanup
Fix:
drivers/rtc/rtc-sa1100.c: In function `sa1100_rtc_proc':
drivers/rtc/rtc-sa1100.c:298: warning: unsigned int format, long unsigned int arg (arg 3)

and arrange for sa1100_rtc_open() to pass the devid to free_irq()
rather than NULL.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-06 11:29:21 +01:00
Russell King 19ca5d27e1 [ARM] Allow SA1100 RTC alarm to be configured for wakeup
The SA1100 RTC alarm can be configured to wake up the CPU
from sleep mode, and the RTC driver has been using the
API to configure this mode.  Unfortunately, the code was
which sets the required bit in the hardware was missing.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-06 11:26:30 +01:00
John Heffner 5528e568a7 [TCP]: Fix snd_cwnd adjustments in tcp_highspeed.c
Xiaoliang (David) Wei wrote:
> Hi gurus,
> 
>    I am reading the code of tcp_highspeed.c in the kernel and have a
> question on the hstcp_cong_avoid function, specifically the following
> AI part (line 136~143 in net/ipv4/tcp_highspeed.c ):
> 
>                /* Do additive increase */
>                if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
>                        tp->snd_cwnd_cnt += ca->ai;
>                        if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
>                                tp->snd_cwnd++;
>                                tp->snd_cwnd_cnt -= tp->snd_cwnd;
>                        }
>                }
> 
>    In this part, when (tp->snd_cwnd_cnt == tp->snd_cwnd),
> snd_cwnd_cnt will be -1... snd_cwnd_cnt is defined as u16, will this
> small chance of getting -1 becomes a problem?
> Shall we change it by reversing the order of the cwnd++ and cwnd_cnt -= 
> cwnd?

Absolutely correct.  Thanks.

Signed-off-by: John Heffner <jheffner@psc.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:41:44 -07:00
Ralf Baechle f530937b2c [NETROM/ROSE]: Kill module init version kernel log messages.
There are out of date and don't tell the user anything useful.
The similar messages which IPV4 and the core networking used
to output were killed a long time ago.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:19:26 -07:00
Herbert Xu 134af34632 [DCCP]: Fix sock_orphan dead lock
Calling sock_orphan inside bh_lock_sock in dccp_close can lead to dead
locks.  For example, the inet_diag code holds sk_callback_lock without
disabling BH.  If an inbound packet arrives during that admittedly tiny
window, it will cause a dead lock on bh_lock_sock.  Another possible
path would be through sock_wfree if the network device driver frees the
tx skb in process context with BH enabled.

We can fix this by moving sock_orphan out of bh_lock_sock.

The tricky bit is to work out when we need to destroy the socket
ourselves and when it has already been destroyed by someone else.

By moving sock_orphan before the release_sock we can solve this
problem.  This is because as long as we own the socket lock its
state cannot change.

So we simply record the socket state before the release_sock
and then check the state again after we regain the socket lock.
If the socket state has transitioned to DCCP_CLOSED in the time being,
we know that the socket has been destroyed.  Otherwise the socket is
still ours to keep.

This problem was discoverd by Ingo Molnar using his lock validator.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:09:13 -07:00
Stephen Hemminger 1c29fc4989 [BRIDGE]: keep track of received multicast packets
It makes sense to add this simple statistic to keep track of received
multicast packets.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:07:13 -07:00
Sridhar Samudrala 35d63edb1c [SCTP]: Fix state table entries for chunks received in CLOSED state.
Discard an unexpected chunk in CLOSED state rather can calling BUG().

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:05:23 -07:00
Sridhar Samudrala 62b08083ec [SCTP]: Fix panic's when receiving fragmented SCTP control chunks.
Use pskb_pull() to handle incoming COOKIE_ECHO and HEARTBEAT chunks that
are received as skb's with fragment list.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:04:43 -07:00
Vladislav Yasevich 672e7cca17 [SCTP]: Prevent possible infinite recursion with multiple bundled DATA.
There is a rare situation that causes lksctp to go into infinite recursion
and crash the system.  The trigger is a packet that contains at least the
first two DATA fragments of a message bundled together. The recursion is
triggered when the user data buffer is smaller that the full data message.
The problem is that we clone the skb for every fragment in the message.
When reassembling the full message, we try to link skbs from the "first
fragment" clone using the frag_list. However, since the frag_list is shared
between two clones in this rare situation, we end up setting the frag_list
pointer of the second fragment to point to itself.  This causes
sctp_skb_pull() to potentially recurse indefinitely.

Proposed solution is to make a copy of the skb when attempting to link
things using frag_list.

Signed-off-by: Vladislav Yasevich <vladsilav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:03:49 -07:00