aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAge
* Merge branch 'upstream-fixes' of ↵Linus Torvalds2007-05-11
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid * 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid: USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release() HID: add hooks for getkeycode() and setkeycode() methods HID: switch to using input_dev->dev.parent USB HID: Logitech wheel 0x046d/0xc294 needs HID_QUIRK_NOGET quirk USB HID: usb_buffer_free() cleanup USB HID: report descriptor of Cypress USB barcode readers needs fixup Bluetooth HID: HIDP - don't initialize force feedback USB HID: update CONFIG_USB_HIDINPUT_POWERBOOK description HID: add input mappings for non-working keys on Logitech S510 remote
| * Bluetooth HID: HIDP - don't initialize force feedbackJiri Kosina2007-05-08
| | | | | | | | | | | | | | | | | | | | | | | | The current implementation of force feedback for HID devices is USB-transport only and therefore calling hid_ff_init() from hidp code is not going to work (plus it creates unwanted dependency of hidp on usbhid). Remove the hid_ff_init() until either the hid-ff is made transport-independent, or at least support for bluetooth transport is added. Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* | [NETFILTER]: xt_conntrack: add compat supportPatrick McHardy2007-05-11
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: iptable_raw: ignore short packets sent by SOCK_RAW socketsPatrick McHardy2007-05-11
| | | | | | | | | | | | | | | | | | iptables matches and targets expect packets to have at least a full IP header and a valid header length. Ignore packets sent through raw sockets for which this isn't true as in the other tables. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: iptable_{filter,mangle}: more descriptive "happy cracking" messagePatrick McHardy2007-05-11
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_nat: Clears helper private area when NATingYasuyuki Kozakai2007-05-11
| | | | | | | | | | | | | | | | | | Some helpers (eg. ftp) assume that private area in conntrack is filled with zero. It should be cleared when helper is changed. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: ctnetlink: clear helper area and handle unchanged helperYasuyuki Kozakai2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch - Clears private area for helper even if no helper is assigned to conntrack. It might be used by old helper. - Unchanges if the same helper as the used one is specified. - Does not find helper if no helper is specified. And it does not require private area for helper in that case. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_conntrack: Removes unused destroy operation of l3protoYasuyuki Kozakai2007-05-11
| | | | | | | | | | | | Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: nf_nat: remove unused argument of function allocating bindingYasuyuki Kozakai2007-05-11
| | | | | | | | | | | | | | | | | | | | | | nf_nat_rule_find, alloc_null_binding and alloc_null_binding_confirmed do not use the argument 'info', which is actually ct->nat.info. If they are necessary to access it again, we can use the argument 'ct' instead. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Clean up table initializationPatrick McHardy2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | - move arp_tables initial table structure definitions to arp_tables.h similar to ip_tables and ip6_tables - use C99 initializers - use initializer macros where possible Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET_SCHED]: Avoid requeue warning on dev_deactivateHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we relinquish queue_lock in qdisc_restart and then retake it for requeueing, we might race against dev_deactivate and end up requeueing onto noop_qdisc. This causes a warning to be printed. This patch fixes this by checking this before we requeue. As an added bonus, we can remove the same check in __qdisc_run which was added to prevent dev->gso_skb from being requeued when we're shutting down. Even though we've had to add a new conditional in its place, it's better because it only happens on requeues rather than every single time that qdisc_run is called. For this to work we also need to move the clearing of gso_skb up in dev_deactivate as now qdisc_restart can occur even after we wait for __LINK_STATE_QDISC_RUNNING to clear (but it won't do anything as long as the queue and gso_skb is already clear). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET_SCHED]: Reread dev->qdisc for NETDEV_TX_OKHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | Now that we return the queue length after NETDEV_TX_OK we better make sure that we have the right queue. Otherwise we can cause a stall after a really quick dev_deactive/dev_activate. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET_SCHED]: Rationalise return value of qdisc_restartHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current return value scheme and associated comment was invented back in the 20th century when we still had that tbusy flag. Things have changed quite a bit since then (even Tony Blair is moving on now, not to mention the new French president). All we need to indicate now is whether the caller should continue processing the queue. Therefore it's sufficient if we return 0 if we want to stop and non-zero otherwise. This is based on a patch by Krishna Kumar. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Fix dev->qdisc race for NETDEV_TX_LOCKED caseThomas Graf2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When transmit fails with NETDEV_TX_LOCKED the skb is requeued to dev->qdisc again. The dev->qdisc pointer is protected by the queue lock which needs to be dropped when attempting to transmit and acquired again before requeing. The problem is that qdisc_restart() fetches the dev->qdisc pointer once and stores it in the `q' variable which is invalidated when dropping the queue_lock, therefore the variable needs to be refreshed before requeueing. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [UDP]: Fix AF-specific references in AF-agnostic code.David S. Miller2007-05-11
| | | | | | | | | | | | | | | | | | | | | | __udp_lib_port_inuse() cannot make direct references to inet_sk(sk)->rcv_saddr as that is ipv4 specific state and this code is used by ipv6 too. Use an operations vector to solve this, and this also paves the way for ipv6 support for non-wild saddr hashing in UDP. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6] ROUTE: Assign rt6i_idev for ip6_{prohibit,blk_hole}_entry.YOSHIFUJI Hideaki2007-05-11
| | | | | | | | | | | | | | | | I think this is less critical, but is also suitable for -stable release. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Do no rely on skb->dst before it is assigned.YOSHIFUJI Hideaki2007-05-11
| | | | | | | | | | | | | | | | | | Because skb->dst is assigned in ip6_route_input(), it is really bad to use it in hop-by-hop option handler(s). Closes: Bug #8450 (Eric Sesterhenn <snakebyte@gmx.de>) Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Send ICMPv6 error on scope violations.David L Stevens2007-05-11
| | | | | | | | | | | | | | | | | | When an IPv6 router is forwarding a packet with a link-local scope source address off-link, RFC 4007 requires it to send an ICMPv6 destination unreachable with code 2 ("not neighbor"), but Linux doesn't. Fix below. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Do not include ABORT chunk header in the notification.Vlad Yasevich2007-05-11
| | | | | | | | | | | | | | | | | | | | The socket API draft is unclear about whether to include the chunk header or not. Recent discussion on the sctp implementors mailing list clarified that the chunk header shouldn't be included, but the error parameter header still needs to be there. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Correctly copy addresses in sctp_copy_laddrsVlad Yasevich2007-05-11
| | | | | | | | | | | | | | | | I broke the non-wildcard case recently. This is to fixes it. Now, explictitly bound addresses can ge retrieved using the API. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [SCTP]: Prevent OOPS if hmac modules didn't loadVlad Yasevich2007-05-11
| | | | | | | | | | | | | | | | | | | | SCTP was checking for NULL when trying to detect hmac allocation failure where it should have been using IS_ERR. Also, print a rate limited warning to the log telling the user what happend. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET] link_watch: Always schedule urgent eventsHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Urgent events may be delayed if we already have a non-urgent event queued for that device. This patch changes this by making sure that an urgent event is always looked at immediately. I've replaced the LW_RUNNING flag by LW_URGENT since whether work is scheduled is already kept track by the work queue system. The only complication is that we have to provide some exclusion for the setting linkwatch_nextevent which is available in the actual work function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET] link_watch: Eliminate potential delay on wrap-aroundHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | When the jiffies wrap around or when the system boots up for the first time, down events can be delayed indefinitely since we no longer update linkwatch_nextevent when only urgent events are processed. This patch fixes this by setting linkwatch_nextevent when a wrap-around occurs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET_SCHED]: teql_enqueue can check limits before skb enqueueKrishna Kumar2007-05-11
| | | | | | | | | | | | | | Optimize teql_enqueue so that it first checks limits before enqueing. Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [MAC80211]: include <linux/delay.h> instead of <asm/delay.h>Geert Uytterhoeven2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | CC net/mac80211/ieee80211_sta.o | In file included from linux/net/mac80211/ieee80211_sta.c:31: | include2/asm/delay.h: In function '__const_udelay': | include2/asm/delay.h:33: error: 'loops_per_jiffy' undeclared (first use in this function) | include2/asm/delay.h:33: error: (Each undeclared identifier is reported only once | include2/asm/delay.h:33: error: for each function it appears in.) Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Remove link_watch delay for up even when we're downHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently all link carrier events are delayed by up to a second before they're processed to prevent link storms. This causes unnecessary packet loss during that interval. In fact, we can achieve the same effect in preventing storms by only delaying down events and unnecssary up events. The latter is defined as up events when we're already up. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET] link_watch: Move link watch list into net_deviceHerbert Xu2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These days the link watch mechanism is an integral part of the network subsystem as it manages the carrier status. So it now makes sense to allocate some memory for it in net_device rather than allocating it on demand. In fact, this is necessary because we can't tolerate a memory allocation failure since that means we'd have to potentially throw a link up event away. It also simplifies the code greatly. In doing so I discovered a subtle race condition in the use of singleevent. This race condition still exists (and is somewhat magnified) without singleevent but it's now plugged thanks to an smp_mb__before_clear_bit. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [Bluetooth] Switch to using input_dev->dev.parentMarcel Holtmann2007-05-11
| | | | | | | | | | | | | | | | | | | | | | | | In preparation for struct class_device -> struct device input core conversion, switch to using input_dev->dev.parent when specifying device position in sysfs tree. Also, do not access input_dev->private directly, use helpers and do not use kfree() on input device, use input_free_device() instead. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* | Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds2007-05-10
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] update default configuration. [S390] Kconfig: no wireless on s390. [S390] Kconfig: use common Kconfig files for s390. [S390] Kconfig: common config options for s390. [S390] Kconfig: unwanted menus for s390. [S390] Kconfig: menus with depends on HAS_IOMEM. [S390] Kconfig: refine depends statements. [S390] Avoid compile warning. [S390] qdio: re-add lost perf_stats.tl_runs change in qdio_handle_pci [S390] Avoid sparse warnings. [S390] dasd: Fix modular build. [S390] monreader inlining cleanup. [S390] cio: Make some structures and a function static. [S390] cio: Get rid of _ccw_device_get_device_number(). [S390] fix subsystem removal fallout
| * | [S390] Kconfig: no wireless on s390.Martin Schwidefsky2007-05-10
| | | | | | | | | | | | | | | | | | | | | Hide the config menues for wireless on s390. Cc: John W. Linville <linville@tuxdriver.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] Kconfig: unwanted menus for s390.Martin Schwidefsky2007-05-10
| | | | | | | | | | | | | | | | | | | | | Disable some more menus in the configuration files that are of no interest to a s390 machine. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
* | | AF_RXRPC: reduce debugging noiseDavid Howells2007-05-10
|/ / | | | | | | | | | | | | | | | | Reduce debugging noise generated by AF_RXRPC. Signed-off-by: David Howells <dhowells@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge branch 'upstream' of ↵Jeff Garzik2007-05-09
|\ \ | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream
| * | [PATCH] ieee80211: include frequency in scan resultsLarry Finger2007-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | In ieee80211, the output of scan results lists channels, but not frequencies, which are needed by NetworkManager. This patch uses the new ieee80211_channel_to_freq routine to add the frequency to the output. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | [PATCH] ieee80211: add ieee80211_channel_to_freqLarry Finger2007-05-08
| | | | | | | | | | | | | | | | | | | | | | | | The routines that interrogate the ieee80211_geo struct are missing a channel to frequency entry. This patch adds it. Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* | | sunrpc: fix crash in rpc_malloc()Peter Zijlstra2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While the comment says: * To prevent rpciod from hanging, this allocator never sleeps, * returning NULL if the request cannot be serviced immediately. The function does not actually check for NULL pointers being returned. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | SUNRPC: Fix pointer arithmetic bug recently introduced in rpc_malloc/freeChuck Lever2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | Use a cleaner method to find the size of an rpc_buffer. This actually works on x86-64! Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* | | Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2007-05-09
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: (25 commits) sound: convert "sound" subdirectory to UTF-8 MAINTAINERS: Add cxacru website/mailing list include files: convert "include" subdirectory to UTF-8 general: convert "kernel" subdirectory to UTF-8 documentation: convert the Documentation directory to UTF-8 Convert the toplevel files CREDITS and MAINTAINERS to UTF-8. remove broken URLs from net drivers' output Magic number prefix consistency change to Documentation/magic-number.txt trivial: s/i_sem /i_mutex/ fix file specification in comments drivers/base/platform.c: fix small typo in doc misc doc and kconfig typos Remove obsolete fat_cvf help text Fix occurrences of "the the " Fix minor typoes in kernel/module.c Kconfig: Remove reference to external mqueue library Kconfig: A couple of grammatical fixes in arch/i386/Kconfig Correct comments in genrtc.c to refer to correct /proc file. Fix more "deprecated" spellos. Fix "deprecated" typoes. ... Fix trivial comment conflict in kernel/relay.c.
| * | | Fix occurrences of "the the "Michael Opdenacker2007-05-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Michael Opdenacker <michael@free-electrons.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>
| * | | Fix trivial typos in Kconfig* filesDavid Sterba2007-05-09
| | |/ | |/| | | | | | | | | | | | | | | | Fix several typos in help text in Kconfig* files. Signed-off-by: David Sterba <dave@jikos.cz> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* | | Add suspend-related notifications for CPU hotplugRafael J. Wysocki2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since nonboot CPUs are now disabled after tasks and devices have been frozen and the CPU hotplug infrastructure is used for this purpose, we need special CPU hotplug notifications that will help the CPU-hotplug-aware subsystems distinguish normal CPU hotplug events from CPU hotplug events related to a system-wide suspend or resume operation in progress. This patch introduces such notifications and causes them to be used during suspend and resume transitions. It also changes all of the CPU-hotplug-aware subsystems to take these notifications into consideration (for now they are handled in the same way as the corresponding "normal" ones). [oleg@tv-sign.ru: cleanups] Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Gautham R Shenoy <ego@in.ibm.com> Cc: Pavel Machek <pavel@ucw.cz> Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | knfsd: simplify a 'while' condition in svcsock.cNeilBrown2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This while loop has an overly complex condition, which performs a couple of assignments. This hurts readability. We don't really need a loop at all. We can just return -EAGAIN and (providing we set SK_DATA), the function will be called again. So discard the loop, make the complex conditional become a few clear function calls, and hopefully improve readability. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | knfsd: rpcgss: RPC_GSS_PROC_ DESTROY request will get a bad rpcWei Yongjun2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If I send a RPC_GSS_PROC_DESTROY message to NFSv4 server, it will reply with a bad rpc reply which lacks an authentication verifier. Maybe this patch is needed. Send/recv packets as following: send: RemoteProcedureCall xid rpcvers = 2 prog = 100003 vers = 4 proc = 0 cred = AUTH_GSS version = 1 gss_proc = 3 (RPCSEC_GSS_DESTROY) service = 1 (RPC_GSS_SVC_NONE) verf = AUTH_GSS checksum reply: RemoteProcedureReply xid msg_type reply_stat accepted_reply Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | knfsd: fix resource leak resulting in module refcount leak for ↵Frank Filz2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rpcsec_gss_krb5.ko I have been investigating a module reference count leak on the server for rpcsec_gss_krb5.ko. It turns out the problem is a reference count leak for the security context in net/sunrpc/auth_gss/svcauth_gss.c. The problem is that gss_write_init_verf() calls gss_svc_searchbyctx() which does a rsc_lookup() but never releases the reference to the context. There is another issue that rpc.svcgssd sets an "end of time" expiration for the context By adding a cache_put() call in gss_svc_searchbyctx(), and setting an expiration timeout in the downcall, cache_clean() does clean up the context and the module reference count now goes to zero after unmount. I also verified that if the context expires and then the client makes a new request, a new context is established. Here is the patch to fix the kernel, I will start a separate thread to discuss what expiration time should be set by rpc.svcgssd. Acked-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | knfsd: rpc: fix server-side wrapping of krb5i repliesNeilBrown2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's not necessarily correct to assume that the xdr_buf used to hold the server's reply must have page data whenever it has tail data. And there's no need for us to deal with that case separately anyway. Acked-by: "J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | sunrpc: fix error path in module_initAkinobu Mita2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | register_rpc_pipefs() needs to clean up rpc_inode_cache by kmem_cache_destroy() on register_filesystem() failure. init_sunrpc() needs to unregister rpc_pipe_fs by unregister_rpc_pipefs() when rpc_init_mempool() returns error. Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Cc: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | RPC: add wrapper for svc_reserve to account for checksumJeff Layton2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the kernel calls svc_reserve to downsize the expected size of an RPC reply, it fails to account for the possibility of a checksum at the end of the packet. If a client mounts a NFSv2/3 with sec=krb5i/p, and does I/O then you'll generally see messages similar to this in the server's ring buffer: RPC request reserved 164 but used 208 While I was never able to verify it, I suspect that this problem is also the root cause of some oopses I've seen under these conditions: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227726 This is probably also a problem for other sec= types and for NFSv4. The large reserved size for NFSv4 compound packets seems to generally paper over the problem, however. This patch adds a wrapper for svc_reserve that accounts for the possibility of a checksum. It also fixes up the appropriate callers of svc_reserve to call the wrapper. For now, it just uses a hardcoded value that I determined via testing. That value may need to be revised upward as things change, or we may want to eventually add a new auth_op that attempts to calculate this somehow. Unfortunately, there doesn't seem to be a good way to reliably determine the expected checksum length prior to actually calculating it, particularly with schemes like spkm3. Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Acked-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | knfsd: rename sk_defer_lock to sk_lockNeilBrown2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that sk_defer_lock protects two different things, make the name more generic. Also don't bother with disabling _bh as the lock is only ever taken from process context. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | unify flush_work/flush_work_keventd and rename it to cancel_work_syncOleg Nesterov2007-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | flush_work(wq, work) doesn't need the first parameter, we can use cwq->wq (this was possible from the very beginnig, I missed this). So we can unify flush_work_keventd and flush_work. Also, rename flush_work() to cancel_work_sync() and fix all callers. Perhaps this is not the best name, but "flush_work" is really bad. (akpm: this is why the earlier patches bypassed maintainers) Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Jeff Garzik <jeff@garzik.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: Tejun Heo <htejun@gmail.com> Cc: Auke Kok <auke-jan.h.kok@intel.com>, Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | ipvs: flush defense_work before module unloadOleg Nesterov2007-05-09
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | net/ipv4/ipvs/ip_vs_core.c module_exit ip_vs_cleanup ip_vs_control_cleanup cancel_rearming_delayed_work // done This is unsafe. The module may be unloaded and the memory may be freed while defense_work's handler is still running/preempted. Do flush_work(&defense_work.work) after cancel_rearming_delayed_work(). Alternatively, we could add flush_work() to cancel_rearming_delayed_work(), but note that we can't change cancel_delayed_work() in the same manner because it may be called from atomic context. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>