aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* ppp_generic: use stats from net_device structurePaulius Zaleckas2008-04-23
| | | | | | | | | | Use stats which now is in the net_device instead of one declared in ppp structure. Kill ppp_net_stats function, because by default it is used identical internal_stats function from net/core/dev.c Signed-of-by: Paulius Zaleckas <paulius.zaleckas@teltonika.lt> Signed-off-by: David S. Miller <davem@davemloft.net>
* iwlwifi: Fix built-in compilation of iwlcoreTomas Winkler2008-04-23
| | | | | | | | | | | | This patch fixes problem in Makefile that prevented built-in compilation of iwlcore Commit that caused this problem: eadd3c4b ("iwlwifi: make Makefile more concise") Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Yi Zhu <yi.zhu@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Unexport move_addr_to_{kernel,user}Adrian Bunk2008-04-23
| | | | | | | | After the removal of the Solaris binary emulation the exports of move_addr_to_{kernel,user} are no longer used. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* rt2x00: Select LEDS_CLASS.David S. Miller2008-04-23
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* iwlwifi: Select LEDS_CLASS.David S. Miller2008-04-23
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* leds: Do not guard NEW_LEDS with HAS_IOMEMDavid S. Miller2008-04-23
| | | | | | | | | | | | | The LEDS infrastructure itself does not require anything that a platform dependant upon HAS_IOMEM. The individual drivers do, but they are properly guarded with the necessary platform dependencies. One can even imagine a hypervisor based LED driver that a platform without HAS_IOMEM might have. Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPSEC]: Fix catch-22 with algorithm IDs above 31Herbert Xu2008-04-22
| | | | | | | | | | | | | | | | | | | | | | | As it stands it's impossible to use any authentication algorithms with an ID above 31 portably. It just happens to work on x86 but fails miserably on ppc64. The reason is that we're using a bit mask to check the algorithm ID but the mask is only 32 bits wide. After looking at how this is used in the field, I have concluded that in the long term we should phase out state matching by IDs because this is made superfluous by the reqid feature. For current applications, the best solution IMHO is to allow all algorithms when the bit masks are all ~0. The following patch does exactly that. This bug was identified by IBM when testing on the ppc64 platform using the NULL authentication algorithm which has an ID of 251. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* time: Export set_normalized_timespec.YOSHIFUJI Hideaki2008-04-21
| | | | | | | | Sorry I have just realized set_normalized_timespec() (used in timespec_sub()) is not exported, and link will fail because of it... Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: Make use of before macro in tcp_input.cArnd Hannemann2008-04-21
| | | | | | | Make use of tcp before macro. Signed-off-by: Arnd Hannemann <hannemann@nets.rwth-aachen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* hamradio: Remove unneeded and deprecated cli()/sti() calls in dmascc.cMark Asselstine2008-04-21
| | | | | | | | | | These cli()/sti() calls are made in start_timer() and are therefor redundant since the register_lock is now used to protect register io from within scc_isr() and write_scc() (where all calls to start_timer() originate). Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Remove empty ->init callback.Pavel Emelyanov2008-04-21
| | | | | | | | The netns start-stop engine can happily live with any of init or exit callbacks set to NULL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Convert do_gettimeofday() to getnstimeofday().YOSHIFUJI Hideaki2008-04-21
| | | | | | | | | | | What do_gettimeofday() does is to call getnstimeofday() and to convert the result from timespec{} to timeval{}. We do not always need timeval{} and we can convert timespec{} when we really need (to print). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Don't initialize err variable twice.Pavel Emelyanov2008-04-21
| | | | | | | The ip6_route_net_init() performs some unneeded actions. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: The ip6_fib_timer can work with garbage on net namespace stop.Pavel Emelyanov2008-04-21
| | | | | | | | | | | | | | The del_timer() function doesn't guarantee, that the timer callback is not active by the time it exits. Thus, the fib6_net_exit() may kfree() all the data, that is required by the fib6_run_gc(). The race window is tiny, but slab poisoning can trigger this bug. Using del_timer_sync() will cure this. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Convert do_gettimeofday() to getnstimeofday().YOSHIFUJI Hideaki2008-04-21
| | | | | | | | | | What do_gettimeofday() does is to call getnstimeofday() and to convert the result from timespec{} to timeval{}. After that, these callers convert the result again to msec. Use getnstimeofday() and convert the units at once. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Make icmp_sk_init() static.Adrian Bunk2008-04-21
| | | | | | | This patch makes the needlessly global icmp_sk_init() static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Make struct ip6_prohibit_entry_template static.Adrian Bunk2008-04-21
| | | | | | | | This patch makes the needlessly global struct ip6_prohibit_entry_template static. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.cSatoru SATOH2008-04-21
| | | | | | | | This is a trivial fix to correct function name in a comment in net/ipv4/tcp.c. Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Expose netdevice dev_id through sysfsDavid Woodhouse2008-04-20
| | | | | | | | | | | | | Expose dev_id to userspace, because it helps to disambiguate between interfaces where the MAC address is unique. This should allow us to simplify the handling of persistent naming for S390 network devices in udev -- because it can depend on a simple attribute of the device like the other match criteria, rather than having a special case for SUBSYSTEMS=="ccwgroup". Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* skbuff: fix missing kernel-doc notationRandy Dunlap2008-04-20
| | | | | | | | | Add kernel-doc notation for ndisc_nodetype: Warning(linux-2.6.25-git2//include/linux/skbuff.h:340): No description found for parameter 'ndisc_nodetype' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ROSE]: Fix soft lockup wrt. rose_node_list_lockBernard Pidoux2008-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ INFO: possible recursive locking detected ] 2.6.25 #3 --------------------------------------------- ax25ipd/3811 is trying to acquire lock: (rose_node_list_lock){-+..}, at: [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] but task is already holding lock: (rose_node_list_lock){-+..}, at: [<f8d31fed>] rose_route_frame+0x4d/0x620 [rose] other info that might help us debug this: 6 locks held by ax25ipd/3811: #0: (&tty->atomic_write_lock){--..}, at: [<c0259a1c>] tty_write_lock+0x1c/0x50 #1: (rcu_read_lock){..--}, at: [<c02aea36>] net_rx_action+0x96/0x230 #2: (rcu_read_lock){..--}, at: [<c02ac5c0>] netif_receive_skb+0x100/0x2f0 #3: (rose_node_list_lock){-+..}, at: [<f8d31fed>] rose_route_frame+0x4d/0x620 [rose] #4: (rose_neigh_list_lock){-+..}, at: [<f8d31ff7>] rose_route_frame+0x57/0x620 [rose] #5: (rose_route_list_lock){-+..}, at: [<f8d32001>] rose_route_frame+0x61/0x620 [rose] stack backtrace: Pid: 3811, comm: ax25ipd Not tainted 2.6.25 #3 [<c0147e27>] print_deadlock_bug+0xc7/0xd0 [<c0147eca>] check_deadlock+0x9a/0xb0 [<c0149cd2>] validate_chain+0x1e2/0x310 [<c0149b95>] ? validate_chain+0xa5/0x310 [<c010a7d8>] ? native_sched_clock+0x88/0xc0 [<c0149fa1>] __lock_acquire+0x1a1/0x750 [<c014a5d1>] lock_acquire+0x81/0xa0 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<c03201a3>] _spin_lock_bh+0x33/0x60 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] [<f8d32404>] rose_route_frame+0x464/0x620 [rose] [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose] [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25] [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25] [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25] [<c0320005>] ? _spin_unlock_bh+0x25/0x30 [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25] [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c014a8a7>] ? __lock_release+0x47/0x70 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0 [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0 [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25] [<c02ac715>] netif_receive_skb+0x255/0x2f0 [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0 [<c02af05c>] process_backlog+0x7c/0xf0 [<c02aeb0c>] net_rx_action+0x16c/0x230 [<c02aea36>] ? net_rx_action+0x96/0x230 [<c012bd53>] __do_softirq+0x93/0x120 [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c012be37>] do_softirq+0x57/0x60 [<c012c265>] local_bh_enable_ip+0xa5/0xe0 [<c0320005>] _spin_unlock_bh+0x25/0x30 [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c025ea37>] pty_write+0x47/0x60 [<c025c620>] write_chan+0x1b0/0x220 [<c0259a1c>] ? tty_write_lock+0x1c/0x50 [<c011fec0>] ? default_wake_function+0x0/0x10 [<c0259bea>] tty_write+0x12a/0x1c0 [<c025c470>] ? write_chan+0x0/0x220 [<c018bbc6>] vfs_write+0x96/0x130 [<c0259ac0>] ? tty_write+0x0/0x1c0 [<c018c24d>] sys_write+0x3d/0x70 [<c0104d1e>] sysenter_past_esp+0x5f/0xa5 ======================= BUG: soft lockup - CPU#0 stuck for 61s! [ax25ipd:3811] Pid: 3811, comm: ax25ipd Not tainted (2.6.25 #3) EIP: 0060:[<c010a9db>] EFLAGS: 00000246 CPU: 0 EIP is at native_read_tsc+0xb/0x20 EAX: b404aa2c EBX: b404a9c9 ECX: 017f1000 EDX: 0000076b ESI: 00000001 EDI: 00000000 EBP: ecc83afc ESP: ecc83afc DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 CR0: 8005003b CR2: b7f5f000 CR3: 2cd8e000 CR4: 000006f0 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: ffff0ff0 DR7: 00000400 [<c0204937>] delay_tsc+0x17/0x30 [<c02048e9>] __delay+0x9/0x10 [<c02127f6>] __spin_lock_debug+0x76/0xf0 [<c0212618>] ? spin_bug+0x18/0x100 [<c0147923>] ? __lock_contended+0xa3/0x110 [<c0212998>] _raw_spin_lock+0x68/0x90 [<c03201bf>] _spin_lock_bh+0x4f/0x60 [<f8d31f1a>] ? rose_get_neigh+0x1a/0xa0 [rose] [<f8d31f1a>] rose_get_neigh+0x1a/0xa0 [rose] [<f8d32404>] rose_route_frame+0x464/0x620 [rose] [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<f8d31fa0>] ? rose_route_frame+0x0/0x620 [rose] [<f8d1c396>] ax25_rx_iframe+0x66/0x3b0 [ax25] [<f8d1f42f>] ? ax25_start_t3timer+0x1f/0x40 [ax25] [<f8d1e65b>] ax25_std_frame_in+0x7fb/0x890 [ax25] [<c0320005>] ? _spin_unlock_bh+0x25/0x30 [<f8d1bdf6>] ax25_kiss_rcv+0x2c6/0x800 [ax25] [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c014a8a7>] ? __lock_release+0x47/0x70 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c031ffdd>] ? _read_unlock+0x1d/0x20 [<c02a4769>] ? sock_def_readable+0x59/0x80 [<c02a4d3a>] ? sock_queue_rcv_skb+0x13a/0x1d0 [<c02a4c45>] ? sock_queue_rcv_skb+0x45/0x1d0 [<f8d1bb30>] ? ax25_kiss_rcv+0x0/0x800 [ax25] [<c02ac715>] netif_receive_skb+0x255/0x2f0 [<c02ac5c0>] ? netif_receive_skb+0x100/0x2f0 [<c02af05c>] process_backlog+0x7c/0xf0 [<c02aeb0c>] net_rx_action+0x16c/0x230 [<c02aea36>] ? net_rx_action+0x96/0x230 [<c012bd53>] __do_softirq+0x93/0x120 [<f8d2a68a>] ? mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c012be37>] do_softirq+0x57/0x60 [<c012c265>] local_bh_enable_ip+0xa5/0xe0 [<c0320005>] _spin_unlock_bh+0x25/0x30 [<f8d2a68a>] mkiss_receive_buf+0x33a/0x3f0 [mkiss] [<c025ea37>] pty_write+0x47/0x60 [<c025c620>] write_chan+0x1b0/0x220 [<c0259a1c>] ? tty_write_lock+0x1c/0x50 [<c011fec0>] ? default_wake_function+0x0/0x10 [<c0259bea>] tty_write+0x12a/0x1c0 [<c025c470>] ? write_chan+0x0/0x220 [<c018bbc6>] vfs_write+0x96/0x130 [<c0259ac0>] ? tty_write+0x0/0x1c0 [<c018c24d>] sys_write+0x3d/0x70 [<c0104d1e>] sysenter_past_esp+0x5f/0xa5 ======================= Since rose_route_frame() does not use rose_node_list we can safely remove rose_node_list_lock spin lock here and let it be free for rose_get_neigh(). Signed-off-by: Bernard Pidoux <f6bvp@amsat.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* rose: Socket lock was not released before returning to user spaceBernard Pidoux2008-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ================================================ [ BUG: lock held when returning to user space! ] ------------------------------------------------ xfbbd/3683 is leaving the kernel with locks still held! 1 lock held by xfbbd/3683: #0: (sk_lock-AF_ROSE){--..}, at: [<c8cd1eb3>] rose_connect+0x73/0x420 [rose] INFO: task xfbbd:3683 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. xfbbd D 00000246 0 3683 3669 c6965ee0 00000092 c02c5c40 00000246 c0f6b5f0 c0f6b5c0 c0f6b5f0 c0f6b5c0 c0f6b614 c6965f18 c024b74b ffffffff c06ba070 00000000 00000000 00000001 c6ab07c0 c012d450 c0f6b634 c0f6b634 c7b5bf10 c0d6004c c7b5bf10 c6965f40 Call Trace: [<c024b74b>] lock_sock_nested+0x6b/0xd0 [<c012d450>] ? autoremove_wake_function+0x0/0x40 [<c02488f1>] sock_fasync+0x41/0x150 [<c0249e69>] sock_close+0x19/0x40 [<c0175d54>] __fput+0xb4/0x170 [<c0176018>] fput+0x18/0x20 [<c017300e>] filp_close+0x3e/0x70 [<c01744e9>] sys_close+0x69/0xb0 [<c0103bda>] sysenter_past_esp+0x5f/0xa5 ======================= INFO: lockdep is turned off. Signed-off-by: Bernard Pidoux <f6bvp@amsat.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* hci_usb: remove code obfuscationPavel Machek2008-04-19
| | | | | | | | | _urb_free is an alias for kfree... making code longer & harder to read. Remove it. Signed-off-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* drivers/net/appletalk: use time_before, time_before_eq, etcJulia Lawall2008-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The functions time_before, time_before_eq, time_after, and time_after_eq are more robust for comparing jiffies against other values. A simplified version of the semantic patch making this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @ change_compare_np @ expression E; @@ ( - jiffies <= E + time_before_eq(jiffies,E) | - jiffies >= E + time_after_eq(jiffies,E) | - jiffies < E + time_before(jiffies,E) | - jiffies > E + time_after(jiffies,E) ) @ include depends on change_compare_np @ @@ #include <linux/jiffies.h> @ no_include depends on !include && change_compare_np @ @@ #include <linux/...> + #include <linux/jiffies.h> // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* drivers/atm: use time_before, time_before_eq, etcJulia Lawall2008-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The functions time_before, time_before_eq, time_after, and time_after_eq are more robust for comparing jiffies against other values. A simplified version of the semantic patch making this change is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @ change_compare_np @ expression E; @@ ( - jiffies <= E + time_before_eq(jiffies,E) | - jiffies >= E + time_after_eq(jiffies,E) | - jiffies < E + time_before(jiffies,E) | - jiffies > E + time_after(jiffies,E) ) @ include depends on change_compare_np @ @@ #include <linux/jiffies.h> @ no_include depends on !include && change_compare_np @ @@ #include <linux/...> + #include <linux/jiffies.h> // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* hci_usb: do not initialize static variables to 0Pavel Machek2008-04-19
| | | | | | | | hci_usb: do not initialize static variables to 0. Signed-off-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* tg3: 5701 DMA corruption fixMatt Carlson2008-04-19
| | | | | | | | | | | | | | | | Herbert Xu's commit fb93134dfc2a6e6fbedc7c270a31da03fce88db9, entitled "[TCP]: Fix size calculation in sk_stream_alloc_pskb", has triggered a bug in the 5701 where the 5701 DMA engine will corrupt outgoing packets. This problem only happens when the starting address of the packet matches a certain range of offsets and only when the 5701 is placed downstream of a particular Intel bridge. This patch detects the problematic bridge and if present, readjusts the starting address of the packet data to a dword aligned boundary. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* atm nicstar: Removal of debug code containing deprecated calls to cli()/sti()Mark Asselstine2008-04-19
| | | | | | | | | | | Code within NS_DEBUG_SPINLOCKS contained deprecated cli()/sti() function calls. NS_DEBUG_SPINLOCKS and the associated code seems to be of little use these days so the strategy of removing this code rather then updating it to use spinlocks has been taken. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Reviewed-by: Matthew Wilcox <willy@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* iwlwifi: Fix unconditional access to station->tidp[].agg.David S. Miller2008-04-19
| | | | | | | | | | | Reportred by Ingo Molnar: drivers/net/wireless/iwlwifi/iwl-debugfs.c: In function 'iwl_dbgfs_stations_read': drivers/net/wireless/iwlwifi/iwl-debugfs.c:256: error: 'struct iwl4965_tid_data' has no member named 'agg' Needs CONFIG_IWL4965_HT protection. Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Fix SIP conntrack build with NAT disabled.Patrick McHardy2008-04-19
| | | | | | | | | | Reported by Ingo Molnar. The SIP helper is also useful without NAT. This patch adds an ifdef around the RTP call optimization for NATed clients. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Fix SCTP nat build.Patrick McHardy2008-04-19
| | | | | | | We need to select LIBCRC32C. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'for-linus' of ↵Linus Torvalds2008-04-18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
| * security: fix up documentation for security_module_enableJames Morris2008-04-18
| | | | | | | | | | | | security_module_enable() can only be called during kernel init. Signed-off-by: James Morris <jmorris@namei.org>
| * Security: Introduce security= boot parameterAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the security= boot parameter. This is done to avoid LSM registration clashes in case of more than one bult-in module. User can choose a security module to enable at boot. If no security= boot parameter is specified, only the first LSM asking for registration will be loaded. An invalid security module name will be treated as if no module has been chosen. LSM modules must check now if they are allowed to register by calling security_module_enable(ops) first. Modify SELinux and SMACK to do so. Do not let SMACK register smackfs if it was not chosen on boot. Smackfs assumes that smack hooks are registered and the initial task security setup (swapper->security) is done. Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
| * Audit: Final renamings and cleanupAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | Rename the se_str and se_rule audit fields elements to lsm_str and lsm_rule to avoid confusion. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
| * SELinux: use new audit hooks, remove redundant exportsAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | Setup the new Audit LSM hooks for SELinux. Remove the now redundant exported SELinux Audit interface. Audit: Export 'audit_krule' and 'audit_field' to the public since their internals are needed by the implementation of the new LSM hook 'audit_rule_known'. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
| * Audit: internally use the new LSM audit hooksAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert Audit to use the new LSM Audit hooks instead of the exported SELinux interface. Basically, use: security_audit_rule_init secuirty_audit_rule_free security_audit_rule_known security_audit_rule_match instad of (respectively) : selinux_audit_rule_init selinux_audit_rule_free audit_rule_has_selinux selinux_audit_rule_match Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org>
| * LSM/Audit: Introduce generic Audit LSM hooksAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a generic Audit interface for security modules by adding the following new LSM hooks: audit_rule_init(field, op, rulestr, lsmrule) audit_rule_known(krule) audit_rule_match(secid, field, op, rule, actx) audit_rule_free(rule) Those hooks are only available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
| * SELinux: remove redundant exportsAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the following exported SELinux interfaces: selinux_get_inode_sid(inode, sid) selinux_get_ipc_sid(ipcp, sid) selinux_get_task_sid(tsk, sid) selinux_sid_to_string(sid, ctx, len) They can be substitued with the following generic equivalents respectively: new LSM hook, inode_getsecid(inode, secid) new LSM hook, ipc_getsecid*(ipcp, secid) LSM hook, task_getsecid(tsk, secid) LSM hook, sid_to_secctx(sid, ctx, len) Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
| * Netlink: Use generic LSM hookAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | Don't use SELinux exported selinux_get_task_sid symbol. Use the generic LSM equivalent instead. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: David S. Miller <davem@davemloft.net> Reviewed-by: Paul Moore <paul.moore@hp.com>
| * Audit: use new LSM hooks instead of SELinux exportsAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stop using the following exported SELinux interfaces: selinux_get_inode_sid(inode, sid) selinux_get_ipc_sid(ipcp, sid) selinux_get_task_sid(tsk, sid) selinux_sid_to_string(sid, ctx, len) kfree(ctx) and use following generic LSM equivalents respectively: security_inode_getsecid(inode, secid) security_ipc_getsecid*(ipcp, secid) security_task_getsecid(tsk, secid) security_sid_to_secctx(sid, ctx, len) security_release_secctx(ctx, len) Call security_release_secctx only if security_secid_to_secctx succeeded. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
| * SELinux: setup new inode/ipc getsecid hooksAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | Setup the new inode_getsecid and ipc_getsecid() LSM hooks for SELinux. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
| * LSM: Introduce inode_getsecid and ipc_getsecid hooksAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce inode_getsecid(inode, secid) and ipc_getsecid(ipcp, secid) LSM hooks. These hooks will be used instead of similar exported SELinux interfaces. Let {inode,ipc,task}_getsecid hooks set the secid to 0 by default if CONFIG_SECURITY is not defined or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26Linus Torvalds2008-04-18
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits) [NET]: Fix and allocate less memory for ->priv'less netdevices [IPV6]: Fix dangling references on error in fib6_add(). [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found [PKT_SCHED]: Fix datalen check in tcf_simp_init(). [INET]: Uninline the __inet_inherit_port call. [INET]: Drop the inet_inherit_port() call. SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked. [netdrvr] forcedeth: internal simplifications; changelog removal phylib: factor out get_phy_id from within get_phy_device PHY: add BCM5464 support to broadcom PHY driver cxgb3: Fix __must_check warning with dev_dbg. tc35815: Statistics cleanup natsemi: fix MMIO for PPC 44x platforms [TIPC]: Cleanup of TIPC reference table code [TIPC]: Optimized initialization of TIPC reference table [TIPC]: Remove inlining of reference table locking routines e1000: convert uint16_t style integers to u16 ixgb: convert uint16_t style integers to u16 sb1000.c: make const arrays static sb1000.c: stop inlining largish static functions ...
| * [NET]: Fix and allocate less memory for ->priv'less netdevicesAlexey Dobriyan2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch effectively reverts commit d0498d9ae1a5cebac363e38907266d5cd2eedf89 aka "[NET]: Do not allocate unneeded memory for dev->priv alignment." It was found to be buggy because of final unconditional += NETDEV_ALIGN_CONST removal. For example, for sizeof(struct net_device) being 2048 bytes, "alloc_size" was also 2048 bytes, but allocator with debugging options turned on started giving out !32-byte aligned memory resulting in redzones overwrites. Patch does small optimization in ->priv'less case: bumping size to next 32-byte boundary was always done to ensure ->priv will also be aligned. But, no ->priv, no need to do that. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: Fix dangling references on error in fib6_add().David S. Miller2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bugzilla #8895 If a super-tree leaf has 'rt' assigned to it and we get an error from fib6_add_rt2node(), we'll leave a reference to 'rt' in pn->leaf and then do an unconditional dst_free(). We should prune such references. Based upon a report by Vincent Perrier. Signed-off-by: David S. Miller <davem@davemloft.net>
| * Merge branch 'master' of ↵David S. Miller2008-04-18
| |\ | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
| * | [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not ↵Jesper Juhl2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | found dev_get_by_index() may return NULL if nothing is found. In net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the function is called, but the return value is never checked. If it returns NULL then we'll deref a NULL pointer on the very next line. I checked the callers, and I don't think this can actually happen today, but code changes over time and in the future it might happen and it does no harm to be defensive and check for the failure, so that if/when it happens we'll fail gracefully instead of crashing. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [PKT_SCHED]: Fix datalen check in tcf_simp_init().Patrick McHardy2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | datalen is unsigned so it can never be less than zero, but that's ok because the attribute passed to nla_len() has been validated and therefore a negative return value is impossible. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [INET]: Uninline the __inet_inherit_port call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This deblats ~200 bytes when ipv6 and dccp are 'y'. Besides, this will ease compilation issues for patches I'm working on to make inet hash tables more scalable wrt net namespaces. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>