aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAge
* [AX25, ROSE]: Remove useless SET_MODULE_OWNER calls.Ralf Baechle2006-05-04
| | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AX.25]: Spelling fixRalf Baechle2006-05-04
| | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ROSE]: Remove useless prototype for rose_remove_neigh().Ralf Baechle2006-05-04
| | | | | Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory ↵Patrick McHardy2006-05-04
| | | | | | | | | in compat layer Noticed by Linus Torvalds <torvalds@osdl.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: H.323 helper: Change author's email addressJing Min Zhao2006-05-04
| | | | | | Signed-off-by: Jing Min Zhao <zhaojingmin@users.sourceforge.net> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: NAT: silence unused variable warnings with CONFIG_XFRM=nPatrick McHardy2006-05-04
| | | | | | | | | | | net/ipv4/netfilter/ip_nat_standalone.c: In function 'ip_nat_out': net/ipv4/netfilter/ip_nat_standalone.c:223: warning: unused variable 'ctinfo' net/ipv4/netfilter/ip_nat_standalone.c:222: warning: unused variable 'ct' Surprisingly no complaints so far .. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: H.323 helper: fix use of uninitialized dataPatrick McHardy2006-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a Choice element contains an unsupported choice no error is returned and parsing continues normally, but the choice value is not set and contains data from the last parsed message. This may in turn lead to parsing of more stale data and following crashes. Fixes a crash triggered by testcase 0003243 from the PROTOS c07-h2250v4 testsuite following random other testcases: CPU: 0 EIP: 0060:[<c01a9554>] Not tainted VLI EFLAGS: 00210646 (2.6.17-rc2 #3) EIP is at memmove+0x19/0x22 eax: d7be0307 ebx: d7be0307 ecx: e841fcf9 edx: d7be0307 esi: bfffffff edi: bfffffff ebp: da5eb980 esp: c0347e2c ds: 007b es: 007b ss: 0068 Process events/0 (pid: 4, threadinfo=c0347000 task=dff86a90) Stack: <0>00000006 c0347ea6 d7be0301 e09a6b2c 00000006 da5eb980 d7be003e d7be0052 c0347f6c e09a6d9c 00000006 c0347ea6 00000006 00000000 d7b9a548 00000000 c0347f6c d7b9a548 00000004 e0a1a119 0000028f 00000006 c0347ea6 00000006 Call Trace: [<e09a6b2c>] mangle_contents+0x40/0xd8 [ip_nat] [<e09a6d9c>] ip_nat_mangle_tcp_packet+0xa1/0x191 [ip_nat] [<e0a1a119>] set_addr+0x60/0x14d [ip_nat_h323] [<e0ab6e66>] q931_help+0x2da/0x71a [ip_conntrack_h323] [<e0ab6e98>] q931_help+0x30c/0x71a [ip_conntrack_h323] [<e09af242>] ip_conntrack_help+0x22/0x2f [ip_conntrack] [<c022934a>] nf_iterate+0x2e/0x5f [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c02294ce>] nf_hook_slow+0x42/0xb0 [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c025d732>] xfrm4_output+0x3c/0x4e [<c025d357>] xfrm4_output_finish+0x0/0x39f [<c0230370>] ip_forward+0x1c2/0x1fa [<c022f417>] ip_rcv+0x388/0x3b5 [<c02188f9>] netif_receive_skb+0x2bc/0x2ec [<c0218994>] process_backlog+0x6b/0xd0 [<c021675a>] net_rx_action+0x4b/0xb7 [<c0115606>] __do_softirq+0x35/0x7d [<c0104294>] do_softirq+0x38/0x3f Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: H.323 helper: fix endless loop caused by invalid TPKT lenPatrick McHardy2006-05-04
| | | | | | | | | | When the TPKT len included in the packet is below the lowest valid value of 4 an underflow occurs which results in an endless loop. Found by testcase 0000058 from the PROTOS c07-h2250v4 testsuite. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] SCTP conntrack: fix infinite loopPatrick McHardy2006-05-02
| | | | | | | | | | | | | | fix infinite loop in the SCTP-netfilter code: check SCTP chunk size to guarantee progress of for_each_sctp_chunk(). (all other uses of for_each_sctp_chunk() are preceded by do_basic_checks(), so this fix should be complete.) Based on patch from Ingo Molnar <mingo@elte.hu> CVE-2006-1527 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'audit.b10' of ↵Linus Torvalds2006-05-02
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current * 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] Audit Filter Performance [PATCH] Rework of IPC auditing [PATCH] More user space subject labels [PATCH] Reworked patch for labels on user space messages [PATCH] change lspp ipc auditing [PATCH] audit inode patch [PATCH] support for context based audit filtering, part 2 [PATCH] support for context based audit filtering [PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit() [PATCH] drop task argument of audit_syscall_{entry,exit} [PATCH] drop gfp_mask in audit_log_exit() [PATCH] move call of audit_free() into do_exit() [PATCH] sockaddr patch [PATCH] deal with deadlocks in audit_free()
| * [PATCH] Reworked patch for labels on user space messagesSteve Grubb2006-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | The below patch should be applied after the inode and ipc sid patches. This patch is a reworking of Tim's patch that has been updated to match the inode and ipc patches since its similar. [updated: > Stephen Smalley also wanted to change a variable from isec to tsec in the > user sid patch. ] Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [PATCH] sockaddr patchSteve Grubb2006-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | On Thursday 23 March 2006 09:08, John D. Ramsdell wrote: > I noticed that a socketcall(bind) and socketcall(connect) event contain a > record of type=SOCKADDR, but I cannot see one for a system call event > associated with socketcall(accept). Recording the sockaddr of an accepted > socket is important for cross platform information flow analys Thanks for pointing this out. The following patch should address this. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | [NETFILTER] x_tables: fix compat related crash on non-x86Patrick McHardy2006-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When iptables userspace adds an ipt_standard_target, it calculates the size of the entire entry as: sizeof(struct ipt_entry) + XT_ALIGN(sizeof(struct ipt_standard_target)) ipt_standard_target looks like this: struct xt_standard_target { struct xt_entry_target target; int verdict; }; xt_entry_target contains a pointer, so when compiled for 64 bit the structure gets an extra 4 byte of padding at the end. On 32 bit architectures where iptables aligns to 8 byte it will also have 4 byte padding at the end because it is only 36 bytes large. The compat_ipt_standard_fn in the kernel adjusts the offsets by sizeof(struct ipt_standard_target) - sizeof(struct compat_ipt_standard_target), which will always result in 4, even if the structure from userspace was already padded to a multiple of 8. On x86 this works out by accident because userspace only aligns to 4, on all other architectures this is broken and causes incorrect adjustments to the size and following offsets. Thanks to Linus for lots of debugging help and testing. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [IPV6]: Fix race in route selection.YOSHIFUJI Hideaki2006-04-29
| | | | | | | | | | | | | | | | | | | | We eliminated rt6_dflt_lock (to protect default router pointer) at 2.6.17-rc1, and introduced rt6_select() for general router selection. The function is called in the context of rt6_lock read-lock held, but this means, we have some race conditions when we do round-robin. Signed-off-by; YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [XFRM]: fix incorrect xfrm_policy_afinfo_lock useIngo Molnar2006-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | xfrm_policy_afinfo_lock can be taken in bh context, at: [<c013fe1a>] lockdep_acquire_read+0x54/0x6d [<c0f6e024>] _read_lock+0x15/0x22 [<c0e8fcdb>] xfrm_policy_get_afinfo+0x1a/0x3d [<c0e8fd10>] xfrm_decode_session+0x12/0x32 [<c0e66094>] ip_route_me_harder+0x1c9/0x25b [<c0e770d3>] ip_nat_local_fn+0x94/0xad [<c0e2bbc8>] nf_iterate+0x2e/0x7a [<c0e2bc50>] nf_hook_slow+0x3c/0x9e [<c0e3a342>] ip_push_pending_frames+0x2de/0x3a7 [<c0e53e19>] icmp_push_reply+0x136/0x141 [<c0e543fb>] icmp_reply+0x118/0x1a0 [<c0e54581>] icmp_echo+0x44/0x46 [<c0e53fad>] icmp_rcv+0x111/0x138 [<c0e36764>] ip_local_deliver+0x150/0x1f9 [<c0e36be2>] ip_rcv+0x3d5/0x413 [<c0df760f>] netif_receive_skb+0x337/0x356 [<c0df76c3>] process_backlog+0x95/0x110 [<c0df5fe2>] net_rx_action+0xa5/0x16d [<c012d8a7>] __do_softirq+0x6f/0xe6 [<c0105ec2>] do_softirq+0x52/0xb1 this means that all write-locking of xfrm_policy_afinfo_lock must be bh-safe. This patch fixes xfrm_policy_register_afinfo() and xfrm_policy_unregister_afinfo(). Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [XFRM]: fix incorrect xfrm_state_afinfo_lock useIngo Molnar2006-04-29
| | | | | | | | | | | | | | | | | | xfrm_state_afinfo_lock can be read-locked from bh context, so take it in a bh-safe manner in xfrm_state_register_afinfo() and xfrm_state_unregister_afinfo(). Found by the lock validator. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: Fix unlikely usage in tcp_transmit_skb()Hua Zhong2006-04-29
| | | | | | | | | | | | | | | | | | The following unlikely should be replaced by likely because the condition happens every time unless there is a hard error to transmit a packet. Signed-off-by: Hua Zhong <hzhong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [XFRM]: fix softirq-unsafe xfrm typemap->lock useIngo Molnar2006-04-29
| | | | | | | | | | | | | | | | xfrm typemap->lock may be used in softirq context, so all write_lock() uses must be softirq-safe. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPSEC]: Fix IP ID selectionHerbert Xu2006-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I was looking through the xfrm input/output code in order to abstract out the address family specific encapsulation/decapsulation code. During that process I found this bug in the IP ID selection code in xfrm4_output.c. At that point dst is still the xfrm_dst for the current SA which represents an internal flow as far as the IPsec tunnel is concerned. Since the IP ID is going to sit on the outside of the encapsulated packet, we obviously want the external flow which is just dst->child. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4]: inet_init() -> fs_initcallHeiko Carstens2006-04-29
| | | | | | | | | | | | | | | | | | Convert inet_init to an fs_initcall to make sure its called before any device driver's initcall. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETLINK]: cleanup unused macro in net/netlink/af_netlink.cSoyoung Park2006-04-29
| | | | | | | | | | | | | | | | | | 1 line removal, of unused macro. ran 'egrep -r' from linux-2.6.16/ for Nprintk and didn't see it anywhere else but here, in #define... Signed-off-by: Soyoung Park <speattle@yahoo.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED] netem: fix lossStephen Hemminger2006-04-29
| | | | | | | | | | | | | | | | | | The following one line fix is needed to make loss function of netem work right when doing loss on the local host. Otherwise, higher layers just recover. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [X25]: fix for spinlock recurse and spinlock lockup with timer handlerShaun Pereira2006-04-29
|/ | | | | | | | | | When the sk_timer function x25_heartbeat_expiry() is called by the kernel in a running/terminating process, spinlock-recursion and spinlock-lockup locks up the kernel. This has happened with testing on some distro's and the patch below fixed it. Signed-off-by: Shaun Pereira <spereira@tusc.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2006-04-26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: [PATCH] forcedeth: fix initialization [PATCH] sky2: version 1.2 [PATCH] sky2: reset function can be devinit [PATCH] sky2: use ALIGN() macro [PATCH] sky2: add fake idle irq timer [PATCH] sky2: reschedule if irq still pending [PATCH] bcm43xx: make PIO mode usable [PATCH] bcm43xx: add to MAINTAINERS [PATCH] softmac: fix SIOCSIWAP [PATCH] Fix crash on big-endian systems during scan e1000: Update truesize with the length of the packet for packet split [PATCH] Fix locking in gianfar
| * Merge branch 'upstream-fixes' of ↵Jeff Garzik2006-04-26
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
| | * [PATCH] softmac: fix SIOCSIWAPJohannes Berg2006-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are some bugs in the current implementation of the SIOCSIWAP wext, for example that when you do it twice and it fails, it may still try another access point for some reason. This patch fixes this by introducing a new flag that tells the association code that the bssid that is in use was fixed by the user and shouldn't be deviated from. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | [BRIDGE]: allow full size vlan packetsStephen Hemminger2006-04-26
|/ / | | | | | | | | | | | | Need to allow for VLAN header when bridging. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: ipt action: use xt_check_target for basic verificationPatrick McHardy2006-04-24
| | | | | | | | | | | | | | | | The targets don't do the basic verification themselves anymore so the ipt action needs to take care of it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: x_tables: move table->lock initializationDmitry Mishin2006-04-24
| | | | | | | | | | | | | | | | | | | | | | xt_table->lock should be initialized before xt_replace_table() call, which uses it. This patch removes strict requirement that table should define lock before registering. Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: ip6_tables: remove broken comefrom debuggingPatrick McHardy2006-04-24
| | | | | | | | | | | | | | | | The introduction of x_tables broke comefrom debugging, remove it from ip6_tables as well (ip_tables already got removed). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_conntrack: kill unused callback init_conntrackYasuyuki Kozakai2006-04-24
| | | | | | | | | | | | Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: ULOG target is not obsoleteThomas Voegtle2006-04-24
| | | | | | | | | | | | | | | | The backend part is obsoleted, but the target itself is still needed. Signed-off-by: Thomas Voegtle <tv@lio96.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_conntrack: Fix module refcount dropping too farYasuyuki Kozakai2006-04-24
|/ | | | | | | | | | | | | | | | | If nf_ct_l3proto_find_get() fails to get the refcount of nf_ct_l3proto_generic, nf_ct_l3proto_put() will drop the refcount too far. This gets rid of '.me = THIS_MODULE' of nf_ct_l3proto_generic so that nf_ct_l3proto_find_get() doesn't try to get refcount of it. It's OK because its symbol is usable until nf_conntrack.ko is unloaded. This also kills unnecessary NULL pointer check as well. __nf_ct_proto_find() allways returns non-NULL pointer. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2006-04-20
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 * 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (21 commits) [PATCH] wext: Fix RtNetlink ENCODE security permissions [PATCH] bcm43xx: iw_priv_args names should be <16 characters [PATCH] bcm43xx: sysfs code cleanup [PATCH] bcm43xx: fix pctl slowclock limit calculation [PATCH] bcm43xx: fix dyn tssi2dbm memleak [PATCH] bcm43xx: fix config menu alignment [PATCH] bcm43xx wireless: fix printk format warnings [PATCH] softmac: report when scanning has finished [PATCH] softmac: fix event sending [PATCH] softmac: handle iw_mode properly [PATCH] softmac: dont send out packets while scanning [PATCH] softmac: return -EAGAIN from getscan while scanning [PATCH] bcm43xx: set trans_start on TX to prevent bogus timeouts [PATCH] orinoco: fix truncating commsquality RID with the latest Symbol firmware [PATCH] softmac: fix spinlock recursion on reassoc [PATCH] Revert NET_RADIO Kconfig title change [PATCH] wext: Fix IWENCODEEXT security permissions [PATCH] wireless/atmel: send WEXT scan completion events [PATCH] wireless/airo: clean up WEXT association and scan events [PATCH] softmac uses Wiress Ext. ...
| * Merge branch 'upstream-fixes' of ↵Jeff Garzik2006-04-20
| |\ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
| | * [PATCH] wext: Fix RtNetlink ENCODE security permissionsJean Tourrilhes2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I've just realised that the RtNetlink code does not check the permission for SIOCGIWENCODE and SIOCGIWENCODEEXT, which means that any user can read the encryption keys. The fix is trivial and should go in 2.6.17 alonside the two other patch I sent you last week. Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: report when scanning has finishedJohannes Berg2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | Make softmac report a scan event when scanning has finished, that way userspace can wait for the event to happen instead of polling for the results. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: fix event sendingJohannes Berg2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Softmac is sending custom events to userspace already, but it should _really_ be sending the right WEXT events instead. This patch fixes that. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: handle iw_mode properlyjohannes@sipsolutions.net2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | Below patch allows using iw_mode auto with softmac. bcm43xx forces managed so this bug wasn't noticed earlier, but this was one of the problems why zd1211 didn't work earlier. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: dont send out packets while scanningjohannes@sipsolutions.net2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | Seems we forgot to stop the queue while scanning. Better do that so we don't transmit packets all the time during background scanning. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: return -EAGAIN from getscan while scanningjohannes@sipsolutions.net2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Below patch was developed after discussion with Daniel Drake who mentioned to me that wireless tools expect an EAGAIN return from getscan so that they can wait for the scan to finish before printing out the results. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac: fix spinlock recursion on reassocMichael Buesch2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a spinlock recursion on receiving a reassoc request. On reassoc, the softmac calls back into the driver. This results in a driver lock recursion. This schedules the assoc workqueue, instead of calling it directly. Probably, we should defer the _whole_ management frame processing to a tasklet or workqueue, because it does several callbacks into the driver. That is dangerous. This fix should go into linus's tree, before 2.6.17 is released, because it is remote exploitable (DoS by crash). Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] wext: Fix IWENCODEEXT security permissionsJean Tourrilhes2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check the permissions when user-space try to read the encryption parameters via SIOCGIWENCODEEXT. This is trivial and probably should go in 2.6.17... Bug was found by Brian Eaton <eaton.lists@gmail.com>, thanks ! Signed-off-by: Jean Tourrilhes <jt@hpl.hp.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * [PATCH] softmac uses Wiress Ext.Randy Dunlap2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | softmac uses wireless extensions, so let it SELECT that config option; WARNING: "wireless_send_event" [net/ieee80211/softmac/ieee80211softmac.ko] undefined! Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | [EBTABLES]: Clean up vmalloc usage in net/bridge/netfilter/ebtables.cJayachandran C2006-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make all the vmalloc calls in net/bridge/netfilter/ebtables.c follow the standard convention. Remove unnecessary casts, and use '*object' instead of 'type'. Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [NET]: Add skb->truesize assertion checking.David S. Miller2006-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add some sanity checking. truesize should be at least sizeof(struct sk_buff) plus the current packet length. If not, then truesize is seriously mangled and deserves a kernel log message. Currently we'll do the check for release of stream socket buffers. But we can add checks to more spots over time. Incorporating ideas from Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [TCP]: Account skb overhead in tcp_fragmentHerbert Xu2006-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that we get the full sizeof(struct sk_buff) plus the data size accounted for in skb->truesize. This will create invariants that will allow adding assertion checks on skb->truesize. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [LLC]: Use pskb_trim_rcsum() in llc_fixup_skb().David S. Miller2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kernel Bugzilla #6409 If we use plain skb_trim(), that's wrong, because if the SKB is cloned, and it can be because we unshared it in the caller, we have to allow reallocation. The pskb_trim*() family of routines is therefore the most appropriate here. Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [NET]: sockfd_lookup_light() returns random error for -EBADFDHua Zhong2006-04-19
|/ / | | | | | | | | | | | | | | | | | | This applies to 2.6.17-rc2. There is a missing initialization of err in sockfd_lookup_light() that could return random error for an invalid file handle. Signed-off-by: Hua Zhong <hzhong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.cEric Sesterhenn2006-04-19
| | | | | | | | | | | | | | | | | | | | | | | | Hi, the coverity checker spotted that cred is always NULL when we jump to out_err ( there is just one case, when we fail to allocate the memory for cred ) This is Coverity ID #79 Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>