summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* SCTP: Fix to encode PROTOCOL VIOLATION error cause correctlyWei Yongjun2007-08-302-23/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | PROTOCOL VIOLATION error cause in ABORT is bad encode when make abort chunk. When SCTP encode ABORT chunk with PROTOCOL VIOLATION error cause, it just add the error messages to PROTOCOL VIOLATION error cause, the rest four bytes(struct sctp_paramhdr) is just add to the chunk, not change the length of error cause. This cause the ABORT chunk to be a bad format. The chunk is like this: ABORT chunk Chunk type: ABORT (6) Chunk flags: 0x00 Chunk length: 72 (*1) Protocol violation cause Cause code: Protocol violation (0x000d) Cause length: 62 (*2) Cause information: 5468652063756D756C61746976652074736E2061636B2062... Cause padding: 0000 [Needless] 00030010 Chunk Length(*1) = 72 but Cause length(*2) only 62, not include the extend 4 bytes. ((72 - sizeof(chunk_hdr)) = 68) != (62 +3) / 4 * 4 Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix sctp_addto_chunk() to add pad with correct lengthWei Yongjun2007-08-301-1/+1
| | | | | | | | | At function sctp_addto_chunk(), it do pad before add payload to chunk if chunk length is not 4-byte alignment. But it do pad with a bad length. This patch fixed this probleam. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Assign stream sequence numbers to the entire messageVlad Yasevich2007-08-291-12/+23
| | | | | | | | | | | | | Currently we only assign the sequence number to a packet that we are about to transmit. This however breaks the Partial Reliability extensions, because it's possible for us to never transmit a packet, i.e. it expires before we get to send it. In such cases, if the message contained multiple SCTP fragments, and we did manage to send the first part of the message, the Stream sequence numbers would get into invalid state and cause receiver to stall. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: properly clean up fragment and ordering queues during FWD-TSN.Vlad Yasevich2007-08-292-13/+65
| | | | | | | | | When we recieve a FWD-TSN (meaning the peer has abandoned the data), we need to clean up any partially received messages that may be hanging out on the re-assembly or re-ordering queues. This is a MUST requirement that was not properly done before. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com.>
* [VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"Evgeniy Polyakov2007-08-262-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | I tried to preserve bridging code as it was before, but logic is quite strange - I think we should free skb on error, since it is already unshared and thus will just leak. Herbert Xu states: > + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) > + goto out; If this happens it'll be a double-free on skb since we'll return NF_DROP which makes the caller free it too. We could return NF_STOLEN to prevent that but I'm not sure whether that's correct netfilter semantics. Patrick, could you please make a call on this? Patrick McHardy states: NF_STOLEN should work fine here. Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix crash in dev_mc_sync()/dev_mc_unsync()Benjamin Thery2007-08-261-4/+10
| | | | | | | | | | | This patch fixes a crash that may occur when the routine dev_mc_sync() deletes an address from the list it is currently going through. It saves the pointer to the next element before deleting the current one. The problem may also exist in dev_mc_unsync(). Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: is_power_of_2 in net/core/neighbour.cvignesh babu2007-08-261-1/+2
| | | | | | | Replacing n & (n - 1) for power of 2 check by is_power_of_2(n) Signed-off-by: vignesh babu <vignesh.babu@wipro.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Describe tcp_init_cwnd() thoroughly in a comment.David S. Miller2007-08-261-1/+9
| | | | | | | | | | | People often get tripped up by this function and think that it does not implemented the prescribed algorithms from RFC2414 and RFC3390, even though it does. So add a comment to head off such misunderstandings in the future. Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix IP_ADD/DROP_MEMBERSHIP to handle only connectionlessFlavio Leitner2007-08-262-0/+8
| | | | | | | | Fix IP[V6]_ADD_MEMBERSHIP and IP[V6]_DROP_MEMBERSHIP to return -EPROTO for connection oriented sockets. Signed-off-by: Flavio Leitner <fleitner@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC] AH4: Update IPv4 options handling to conform to RFC 4302.Nick Bowler2007-08-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | In testing our ESP/AH offload hardware, I discovered an issue with how AH handles mutable fields in IPv4. RFC 4302 (AH) states the following on the subject: For IPv4, the entire option is viewed as a unit; so even though the type and length fields within most options are immutable in transit, if an option is classified as mutable, the entire option is zeroed for ICV computation purposes. The current implementation does not zero the type and length fields, resulting in authentication failures when communicating with hosts that do (i.e. FreeBSD). I have tested record route and timestamp options (ping -R and ping -T) on a small network involving Windows XP, FreeBSD 6.2, and Linux hosts, with one router. In the presence of these options, the FreeBSD and Linux hosts (with the patch or with the hardware) can communicate. The Windows XP host simply fails to accept these packets with or without the patch. I have also been trying to test source routing options (using traceroute -g), but haven't had much luck getting this option to work *without* AH, let alone with. Signed-off-by: Nick Bowler <nbowler@ellipticsemi.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'for-linus' of ↵Linus Torvalds2007-08-232-3/+7
|\ | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs: 9p: fix bad error path in conversion routines 9p: remove deprecated v9fs_fid_lookup_remove() 9p: update maintainers and documentation 9p: fix use after free
| * 9p: fix bad error path in conversion routinesMariusz Kozlowski2007-08-231-0/+1
| | | | | | | | | | | | | | | | When buf_check_overflow() returns != 0 we will hit kfree(ERR_PTR(err)) and it will not be happy about it. Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
| * 9p: fix use after freeEric Van Hensbergen2007-08-231-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On 7/22/07, Adrian Bunk <bunk@stusta.de> wrote: The Coverity checker spotted the following use-after-free in net/9p/mux.c: <-- snip --> ... struct p9_conn *p9_conn_create(struct p9_transport *trans, int msize, unsigned char *extended) { ... if (!m->tagpool) { kfree(m); return ERR_PTR(PTR_ERR(m->tagpool)); } ... <-- snip --> Also spotted was a leak of the same structure further down in the function. Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
* | [IRDA] irda_nl_get_mode: always results in failureAndy Whitcroft2007-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | It seems an extraneous trailing ';' has slipped in to the error handling for a name registration failure causing the error path to trigger unconditionally. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IRDA]: Avoid a label defined but not used warning in irda_init()Jesper Juhl2007-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Easily avoidable compiler warnings bug me. Building irmod without CONFIG_SYSCTL currently results in : net/irda/irmod.c:132: warning: label 'out_err_2' defined but not used But that can easily be avoided by simply moving the label inside the existing "#ifdef CONFIG_SYSCTL" one line above it. This patch moves the label and buys us one less warning with no ill effects. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Fix kernel panic while send SCTP data with IP fragmentsWei Yongjun2007-08-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If ICMP6 message with "Packet Too Big" is received after send SCTP DATA, kernel panic will occur when SCTP DATA is send again. This is because of a bad dest address when call to skb_copy_bits(). The messages sequence is like this: Endpoint A Endpoint B <------- SCTP DATA (size=1432) ICMP6 message -------> (Packet Too Big pmtu=1280) <------- Resend SCTP DATA (size=1432) ------------kernel panic--------------- printing eip: c05be62a *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: scomm l2cap bluetooth ipv6 dm_mirror dm_mod video output sbs battery lp floppy sg i2c_piix4 i2c_core pcnet32 mii button ac parport_pc parport ide_cd cdrom serio_raw mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd CPU: 0 EIP: 0060:[<c05be62a>] Not tainted VLI EFLAGS: 00010282 (2.6.23-rc2 #1) EIP is at skb_copy_bits+0x4f/0x1ef eax: 000004d0 ebx: ce12a980 ecx: 00000134 edx: cfd5a880 esi: c8246858 edi: 00000000 ebp: c0759b14 esp: c0759adc ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068 Process swapper (pid: 0, ti=c0759000 task=c06d0340 task.ti=c0713000) Stack: c0759b88 c0405867 ce12a980 c8bff838 c789c084 00000000 00000028 cfd5a880 d09f1890 000005dc 0000007b ce12a980 cfd5a880 c8bff838 c0759b88 d09bc521 000004d0 fffff96c 00000200 00000100 c0759b50 cfd5a880 00000246 c0759bd4 Call Trace: [<c0405e1d>] show_trace_log_lvl+0x1a/0x2f [<c0405ecd>] show_stack_log_lvl+0x9b/0xa3 [<c040608d>] show_registers+0x1b8/0x289 [<c0406271>] die+0x113/0x246 [<c0625dbc>] do_page_fault+0x4ad/0x57e [<c0624642>] error_code+0x72/0x78 [<d09bc521>] ip6_output+0x8e5/0xab2 [ipv6] [<d09bcec1>] ip6_xmit+0x2ea/0x3a3 [ipv6] [<d0a3f2ca>] sctp_v6_xmit+0x248/0x253 [sctp] [<d0a3c934>] sctp_packet_transmit+0x53f/0x5ae [sctp] [<d0a34bf8>] sctp_outq_flush+0x555/0x587 [sctp] [<d0a34d3c>] sctp_retransmit+0xf8/0x10f [sctp] [<d0a3d183>] sctp_icmp_frag_needed+0x57/0x5b [sctp] [<d0a3ece2>] sctp_v6_err+0xcd/0x148 [sctp] [<d09cf1ce>] icmpv6_notify+0xe6/0x167 [ipv6] [<d09d009a>] icmpv6_rcv+0x7d7/0x849 [ipv6] [<d09be240>] ip6_input+0x1dc/0x310 [ipv6] [<d09be965>] ipv6_rcv+0x294/0x2df [ipv6] [<c05c3789>] netif_receive_skb+0x2d2/0x335 [<c05c5733>] process_backlog+0x7f/0xd0 [<c05c58f6>] net_rx_action+0x96/0x17e [<c042e722>] __do_softirq+0x64/0xcd [<c0406f37>] do_softirq+0x5c/0xac ======================= Code: 00 00 29 ca 89 d0 2b 45 e0 89 55 ec 85 c0 7e 35 39 45 08 8b 55 e4 0f 4e 45 08 8b 75 e0 8b 7d dc 89 c1 c1 e9 02 03 b2 a0 00 00 00 <f3> a5 89 c1 83 e1 03 74 02 f3 a4 29 45 08 0f 84 7b 01 00 00 01 EIP: [<c05be62a>] skb_copy_bits+0x4f/0x1ef SS:ESP 0068:c0759adc Kernel panic - not syncing: Fatal exception in interrupt Arnaldo says: ==================== Thanks! I'm to blame for this one, problem was introduced in: b0e380b1d8a8e0aca215df97702f99815f05c094 @@ -761,7 +762,7 @@ slow_path: /* * Copy a block of the IP datagram. */ - if (skb_copy_bits(skb, ptr, frag->h.raw, len)) + if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len)) BUG(); left -= len; ==================== Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SNAP]: Check packet length before readingHerbert Xu2007-08-211-5/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The snap_rcv code reads 5 bytes so we should make sure that we have 5 bytes in the head before proceeding. Based on diagnosis and fix by Evgeniy Polyakov, reported by Alan J. Wylie. Patch also kills the skb->sk assignment before kfree_skb since it's redundant. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [DCCP]: Allocation in atomic contextGerrit Renker2007-08-211-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following bug reported in syslog: [ 4039.051658] BUG: sleeping function called from invalid context at /usr/src/davem-2.6/mm/slab.c:3032 [ 4039.051668] in_atomic():1, irqs_disabled():0 [ 4039.051670] INFO: lockdep is turned off. [ 4039.051674] [<c0104c0f>] show_trace_log_lvl+0x1a/0x30 [ 4039.051687] [<c0104d4d>] show_trace+0x12/0x14 [ 4039.051691] [<c0104d65>] dump_stack+0x16/0x18 [ 4039.051695] [<c011371e>] __might_sleep+0xaf/0xbe [ 4039.051700] [<c0157b66>] __kmalloc+0xb1/0xd0 [ 4039.051706] [<f090416f>] ccid2_hc_tx_alloc_seq+0x35/0xc3 [dccp_ccid2] [ 4039.051717] [<f09048d6>] ccid2_hc_tx_packet_sent+0x27f/0x2d9 [dccp_ccid2] [ 4039.051723] [<f085486b>] dccp_write_xmit+0x1eb/0x338 [dccp] [ 4039.051741] [<f085603d>] dccp_sendmsg+0x113/0x18f [dccp] [ 4039.051750] [<c03907fc>] inet_sendmsg+0x2e/0x4c [ 4039.051758] [<c033a47d>] sock_aio_write+0xd5/0x107 [ 4039.051766] [<c015abc1>] do_sync_write+0xcd/0x11c [ 4039.051772] [<c015b296>] vfs_write+0x118/0x11f [ 4039.051840] [<c015b932>] sys_write+0x3d/0x64 [ 4039.051845] [<c0103e7c>] syscall_call+0x7/0xb [ 4039.051848] ======================= The problem was that GFP_KERNEL was used; fixed by using gfp_any(). Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* missing return in bridge sysfs codeAl Viro2007-08-191-0/+1
| | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [IPv6]: Invalid semicolon after if statementIlpo Järvinen2007-08-151-1/+1
| | | | | | | | | | A similar fix to netfilter from Eric Dumazet inspired me to look around a bit by using some grep/sed stuff as looking for this kind of bugs seemed easy to automate. This is one of them I found where it looks like this semicolon is not valid. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix unbalanced rcu_read_unlock in __sock_createHerbert Xu2007-08-151-1/+1
| | | | | | | | | The recent RCU work created an unbalanced rcu_read_unlock in __sock_create. This patch fixes that. Reported by oleg 123. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'fixes-davem' of ↵David S. Miller2007-08-142-2/+5
|\ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6
| * [PATCH] mac80211: probe for hidden SSIDs in pre-auth scanJohn W. Linville2007-08-141-1/+5
| | | | | | | | | | | | | | Probe for hidden SSIDs if initiating pre-authentication scan and SSID is set for STA interface. Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * [PATCH] mac80211: fix tx status frame codeJohannes Berg2007-08-141-1/+0
| | | | | | | | | | | | | | | | When I added the monitor for outgoing frames somehow a break statement slipped in. Remove it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | [VLAN] net/8021q/vlanproc.c: fix check-after-useAdrian Bunk2007-08-141-1/+1
| | | | | | | | | | | | | | | | The Coverity checker spotted that we'd have already oops'ed if "vlandev" was NULL. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Unexport dev_ethtoolAdrian Bunk2007-08-141-1/+0
| | | | | | | | | | | | | | | | This patch removes the no longer used EXPORT_SYMBOL(dev_ethtool). Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [ECONET]: remove econet_packet_type on unloadAlexey Dobriyan2007-08-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Steps to reproduce: modprobe econet rmmod econet modprobe econet Unable to handle kernel paging request at ffffffff8870a098 RIP: [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90 PGD 203067 PUD 207063 PMD 7817f067 PTE 0 Oops: 0002 [1] PREEMPT SMP CPU 1 Modules linked in: econet [maaaany] Pid: 10671, comm: modprobe Not tainted 2.6.23-rc3-bloat #6 RIP: 0010:[<ffffffff8040bfb8>] [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90 RSP: 0000:ffff810076293df8 EFLAGS: 00010202 RAX: ffffffff88659090 RBX: ffffffff88659060 RCX: ffffffff8870a090 RDX: 0000000000000080 RSI: ffffffff805ec660 RDI: ffff810078ce4680 RBP: ffff810076293e08 R08: 0000000000000002 R09: 0000000000000000 R10: ffffffff8040bf88 R11: 0000000000000001 R12: ffff810076293e18 R13: 000000000000001b R14: ffff810076dd06b0 R15: ffffffff886590c0 FS: 00002b96a525dae0(0000) GS:ffff81007e0e2138(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffffffff8870a098 CR3: 000000007bb67000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process modprobe (pid: 10671, threadinfo ffff810076292000, task ffff810078ce4680) Stack: ffff810076dd06b0 0000000000000000 ffff810076293e38 ffffffff8865b180 0000000000800000 0000000000000000 ffffffff886590c0 ffff810076dd01c8 ffff810076293f78 ffffffff8026723c ffff810076293e48 ffffffff886590d8 Call Trace: [<ffffffff8865b180>] :econet:econet_proto_init+0x180/0x1da [<ffffffff8026723c>] sys_init_module+0x15c/0x19e0 [<ffffffff8020c13e>] system_call+0x7e/0x83 Code: 48 89 41 08 48 89 82 e0 c5 5e 80 48 c7 c7 a0 08 5d 80 e8 f1 RIP [<ffffffff8040bfb8>] dev_add_pack+0x48/0x90 RSP <ffff810076293df8> CR2: ffffffff8870a098 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [AX25]: don't free pointers to statically allocated dataAlexey Dobriyan2007-08-141-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 8d5cf596d10d740b69b5f4bbdb54b85abf75810d started to add statically allocated ax25_protocol's to list. However kfree() was still in place waiting for unsuspecting ones on module removal. Steps to reproduce: modprobe netrom rmmod netrom P.S.: code would benefit greatly from list_add/list_del usage kernel BUG at mm/slab.c:592! invalid opcode: 0000 [1] PREEMPT SMP CPU 0 Modules linked in: netrom ax25 af_packet usbcore rtc_cmos rtc_core rtc_lib Pid: 4477, comm: rmmod Not tainted 2.6.23-rc3-bloat #2 RIP: 0010:[<ffffffff802ac646>] [<ffffffff802ac646>] kfree+0x1c6/0x260 RSP: 0000:ffff810079a05e48 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81000000c000 RDX: ffff81007e552458 RSI: 0000000000000000 RDI: 000000000000805d RBP: ffff810079a05e88 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8805d080 R13: ffffffff8805d080 R14: 0000000000000000 R15: 0000000000000282 FS: 00002b73fc98aae0(0000) GS:ffffffff805dc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000053f3b8 CR3: 0000000079ff2000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process rmmod (pid: 4477, threadinfo ffff810079a04000, task ffff8100775aa480) Stack: ffff810079a05e68 0000000000000246 ffffffff8804eca0 0000000000000000 ffffffff8805d080 00000000000000cf 0000000000000000 0000000000000880 ffff810079a05eb8 ffffffff8803ec90 ffff810079a05eb8 0000000000000000 Call Trace: [<ffffffff8803ec90>] :ax25:ax25_protocol_release+0xa0/0xb0 [<ffffffff88056ecb>] :netrom:nr_exit+0x6b/0xf0 [<ffffffff80268bf0>] sys_delete_module+0x170/0x1f0 [<ffffffff8025da35>] trace_hardirqs_on+0xd5/0x170 [<ffffffff804835aa>] trace_hardirqs_on_thunk+0x35/0x37 [<ffffffff8020c13e>] system_call+0x7e/0x83 Code: 0f 0b eb fe 66 66 90 66 66 90 48 8b 52 10 48 8b 02 25 00 40 RIP [<ffffffff802ac646>] kfree+0x1c6/0x260 RSP <ffff810079a05e48> Kernel panic - not syncing: Fatal exception Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [BRIDGE]: Fix typo in net/bridge/br_stp_if.cJussi Kivilinna2007-08-141-1/+1
| | | | | | | | | | | | Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [BRIDGE]: sysfs locking fix.Stephen Hemminger2007-08-141-9/+15
| | | | | | | | | | | | | | | | | | The stp change code generates "sleeping function called from invalid context" because rtnl_lock() called with BH disabled. This fixes it by not acquiring then dropping the bridge lock. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_nat_sip: don't drop short packetsPatrick McHardy2007-08-141-1/+1
| | | | | | | | | | | | | | | | Don't drop packets shorter than "SIP/2.0", just ignore them. Keep-alives can validly be shorter for example. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_conntrack_sip: fix SIP-URI parsingPatrick McHardy2007-08-141-1/+4
| | | | | | | | | | | | | | | | The userinfo component of a SIP-URI is optional, continue parsing at the beginning of the SIP-URI in case its not found. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_conntrack_sip: check sname != NULL before calling strncmpPatrick McHardy2007-08-141-1/+2
| | | | | | | | | | | | | | The check got lost during the conversion to nf_conntrack. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: netfilter: xt_u32 bug correctionEric Dumazet2007-08-141-1/+1
| | | | | | | | | | | | | | | | An extraneous ";" makes xt_u32 match useless Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPVS]: Use IP_VS_WAIT_WHILE when encessary.Heiko Carstens2007-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For architectures that don't have a volatile atomic_ts constructs like while (atomic_read(&something)); might result in endless loops since a barrier() is missing which forces the compiler to generate code that actually reads memory contents. Fix this in ipvs by using the IP_VS_WAIT_WHILE macro which resolves to while (expr) { cpu_relax(); } (why isn't this open coded btw?) Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Share correct feature code between bridging and bondingHerbert Xu2007-08-133-33/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://bugzilla.kernel.org/show_bug.cgi?id=8797 shows that the bonding driver may produce bogus combinations of the checksum flags and SG/TSO. For example, if you bond devices with NETIF_F_HW_CSUM and NETIF_F_IP_CSUM you'll end up with a bonding device that has neither flag set. If both have TSO then this produces an illegal combination. The bridge device on the other hand has the correct code to deal with this. In fact, the same code can be used for both. So this patch moves that logic into net/core/dev.c and uses it for both bonding and bridging. In the process I've made small adjustments such as only setting GSO_ROBUST if at least one constituent device supports it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [DCCP]: fix memory leak and clean up style - dccp_feat_empty_confirm()Jesper Juhl2007-08-131-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's a memory leak in net/dccp/feat.c::dccp_feat_empty_confirm(). If we hit the 'default:' case of the 'switch' statement, then we return without freeing 'opt', thus leaking 'struct dccp_opt_pend' bytes. The leak is fixed easily enough by adding a kfree(opt); before the return statement. The patch also changes the layout of the 'switch' to be more in line with CodingStyle. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [DCCP]: fix theoretical ccids_{read,write}_lock() raceOleg Nesterov2007-08-131-0/+1
| | | | | | | | | | | | | | | | | | | | Make sure that spin_unlock_wait() is properly ordered wrt atomic_inc(). (akpm: can't we convert this code to use rwlocks?) Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [XFRM]: Clean up duplicate includes in net/xfrm/Jesper Juhl2007-08-132-4/+2
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/xfrm/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TIPC]: Clean up duplicate includes in net/tipc/Jesper Juhl2007-08-131-1/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/tipc/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SUNRPC]: Clean up duplicate includes in net/sunrpc/Jesper Juhl2007-08-131-1/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/sunrpc/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Clean up duplicate includes in net/sched/Jesper Juhl2007-08-131-1/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/sched/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Clean up duplicate includes in net/ipv6/Jesper Juhl2007-08-131-1/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/ipv6/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4]: Clean up duplicate includes in net/ipv4/Jesper Juhl2007-08-133-3/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/ipv4/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [ATM]: Clean up duplicate includes in net/atm/Jesper Juhl2007-08-131-1/+0
| | | | | | | | | | | | | | | | | | This patch cleans up duplicate includes in net/atm/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPCONFIG]: ip_auto_config fixJoakim Tjernlund2007-08-131-3/+3
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following commandline: root=/dev/mtdblock6 rw rootfstype=jffs2 ip=192.168.1.10:::255.255.255.0:localhost.localdomain:eth1:off console=ttyS0,115200 makes ip_auto_config fall back to DHCP and complain "IP-Config: Incomplete network configuration information." depending on if CONFIG_IP_PNP_DHCP is set or not. The only way I can make ip_auto_config accept my IP config is to add an entry for the server IP: ip=192.168.1.10:192.168.1.15::255.255.255.0:localhost.localdomain:eth1:off I think this is a bug since I am not using a NFS root FS. The following patch fixes the above problem. From: Andrew Morton <akpm@linux-foundation.org> Davem said (in February!): Well, first of all the change in question is not in 2.4.x either. I just checked the current 2.4.x GIT tree and the test is exactly: if (ic_myaddr == INADDR_NONE || #ifdef CONFIG_ROOT_NFS (MAJOR(ROOT_DEV) == UNNAMED_MAJOR && root_server_addr == INADDR_NONE && ic_servaddr == INADDR_NONE) || #endif ic_first_dev->next) { which matches 2.6.x I even checked 2.4.x when it was branched for 2.5.x and the test was the same at the point in time too. Looking at the proposed change a bit it appears that it is probably correct, as it's trying to check that ROOT_DEV is nfs root. But if it is correct then the UNNAMED_MAJOR comparison in the same code block should be removed as it becomes superfluous. I'm happy to apply this patch with that modification made. Signed-off-by: Joakim Tjernlund <joakim.tjernlund@transmode.se> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds2007-08-094-41/+31
|\ | | | | | | | | | | | | | | | | | | | | | | * git://git.linux-nfs.org/pub/linux/nfs-2.6: SUNRPC: Replace flush_workqueue() with cancel_work_sync() and friends NFS: Replace flush_scheduled_work with cancel_work_sync() and friends SUNRPC: Don't call gss_delete_sec_context() from an rcu context NFSv4: Don't call put_rpccred() from an rcu callback NFS: Fix NFSv4 open stateid regressions NFSv4: Fix a locking regression in nfs4_set_mode_locked() NFS: Fix put_nfs_open_context SUNRPC: Fix a race in rpciod_down()
| * SUNRPC: Replace flush_workqueue() with cancel_work_sync() and friendsTrond Myklebust2007-08-072-4/+2
| | | | | | | | Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Don't call gss_delete_sec_context() from an rcu contextTrond Myklebust2007-08-071-3/+6
| | | | | | | | | | | | Doing so may not be safe... Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
| * SUNRPC: Fix a race in rpciod_down()Trond Myklebust2007-08-071-34/+23
| | | | | | | | | | | | | | | | | | | | | | | | The commit 4ada539ed77c7a2bbcb75cafbbd7bd8d2b9bef7b lead to the unpleasant possibility of an asynchronous rpc_task being required to call rpciod_down() when it is complete. This again means that the rpciod workqueue may get to call destroy_workqueue on itself -> hang... Change rpciod_up/rpciod_down to just get/put the module, and then create/destroy the workqueues on module load/unload. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
OpenPOWER on IntegriCloud