aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAge
* Merge branch 'for-linus' of ↵Linus Torvalds2008-04-18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
| * Netlink: Use generic LSM hookAhmed S. Darwish2008-04-18
| | | | | | | | | | | | | | | | | | | | | | Don't use SELinux exported selinux_get_task_sid symbol. Use the generic LSM equivalent instead. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: David S. Miller <davem@davemloft.net> Reviewed-by: Paul Moore <paul.moore@hp.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26Linus Torvalds2008-04-18
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits) [NET]: Fix and allocate less memory for ->priv'less netdevices [IPV6]: Fix dangling references on error in fib6_add(). [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found [PKT_SCHED]: Fix datalen check in tcf_simp_init(). [INET]: Uninline the __inet_inherit_port call. [INET]: Drop the inet_inherit_port() call. SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked. [netdrvr] forcedeth: internal simplifications; changelog removal phylib: factor out get_phy_id from within get_phy_device PHY: add BCM5464 support to broadcom PHY driver cxgb3: Fix __must_check warning with dev_dbg. tc35815: Statistics cleanup natsemi: fix MMIO for PPC 44x platforms [TIPC]: Cleanup of TIPC reference table code [TIPC]: Optimized initialization of TIPC reference table [TIPC]: Remove inlining of reference table locking routines e1000: convert uint16_t style integers to u16 ixgb: convert uint16_t style integers to u16 sb1000.c: make const arrays static sb1000.c: stop inlining largish static functions ...
| * [NET]: Fix and allocate less memory for ->priv'less netdevicesAlexey Dobriyan2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch effectively reverts commit d0498d9ae1a5cebac363e38907266d5cd2eedf89 aka "[NET]: Do not allocate unneeded memory for dev->priv alignment." It was found to be buggy because of final unconditional += NETDEV_ALIGN_CONST removal. For example, for sizeof(struct net_device) being 2048 bytes, "alloc_size" was also 2048 bytes, but allocator with debugging options turned on started giving out !32-byte aligned memory resulting in redzones overwrites. Patch does small optimization in ->priv'less case: bumping size to next 32-byte boundary was always done to ensure ->priv will also be aligned. But, no ->priv, no need to do that. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
| * [IPV6]: Fix dangling references on error in fib6_add().David S. Miller2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bugzilla #8895 If a super-tree leaf has 'rt' assigned to it and we get an error from fib6_add_rt2node(), we'll leave a reference to 'rt' in pn->leaf and then do an unconditional dst_free(). We should prune such references. Based upon a report by Vincent Perrier. Signed-off-by: David S. Miller <davem@davemloft.net>
| * Merge branch 'master' of ↵David S. Miller2008-04-18
| |\ | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6
| * | [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not ↵Jesper Juhl2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | found dev_get_by_index() may return NULL if nothing is found. In net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the function is called, but the return value is never checked. If it returns NULL then we'll deref a NULL pointer on the very next line. I checked the callers, and I don't think this can actually happen today, but code changes over time and in the future it might happen and it does no harm to be defensive and check for the failure, so that if/when it happens we'll fail gracefully instead of crashing. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [PKT_SCHED]: Fix datalen check in tcf_simp_init().Patrick McHardy2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | datalen is unsigned so it can never be less than zero, but that's ok because the attribute passed to nla_len() has been validated and therefore a negative return value is impossible. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [INET]: Uninline the __inet_inherit_port call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This deblats ~200 bytes when ipv6 and dccp are 'y'. Besides, this will ease compilation issues for patches I'm working on to make inet hash tables more scalable wrt net namespaces. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [INET]: Drop the inet_inherit_port() call.Pavel Emelyanov2008-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As I can see from the code, two places (tcp_v6_syn_recv_sock and dccp_v6_request_recv_sock) that call this one already run with BHs disabled, so it's safe to call __inet_inherit_port there. Besides (in case I missed smth with code review) the calltrace tcp_v6_syn_recv_sock `- tcp_v4_syn_recv_sock `- __inet_inherit_port and the similar for DCCP are valid, but assumes BHs to be disabled. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked.Gui Jianfeng2008-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC4960 7.2.2, When all of the data transmitted by the sender has been acknowledged by the recerver, partial_bytes_acked is initialized to 0. This patch conforms to rfc requirement. Without this fix, cwnd might be error incremented. Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | Merge branch 'master' of ↵David S. Miller2008-04-16
| |\ \ | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/linville/wireless-2.6.26
| | * | mac80211: rework scanning to account for probe response/beacon differenceJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reworks the scanning code (ieee80211_rx_bss_info) to take more parameters from beacons and keep a BSS info structure alive when only beacons for it are received. This fixes a problem with iwlwifi drivers (where we don't understand the root cause of the problem yet) and another driver for some broken hardware (which cannot send probe requests unless associated, so can't always actively scan.) Signed-off-by: Bill Moss <bmoss@clemson.edu> [jmberg: reformatted comments, make probe_resp a bool] Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: allow WDS modeJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows creating interfaces in WDS mode or switching existing ones into WDS mode (both via cfg80211 and wext.) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: fix key todo list orderJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we add multiple todo entries, we rely on them being executed mostly in the right order, especially when a key is being replaced. But when a default key is replaced, the todo list order will differ from the order when the key being replaced is not a default key, so problems will happen. Hence, just move each todo item to the end of the list when it is added so we can in the other code ensure that hw accel for a key will be disabled before it is enabled for the replacement. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: fix spinlock recursionJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When STAs are expired, we need to hold the sta_lock. Using the same lock for keys too would then mean we'd need another key free function, and that'll just lead to confusion, so just use a new spinlock for all key lists. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: no BSS changes to driver from beacons processed during scanningReinette Chatre2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to send BSS changes to driver from beacons processed during scanning. We are more interested in beacons from an AP with which we are associated - these will still be used to send updates to driver as the beacons are received without scanning. This change·removes the requirement that bss_info_changed needs to be atomic. The beacons received during scanning are processed from a tasklet, but if we do not call bss_info_changed for these beacons there is no need for it to be atomic. This function (bss_info_changed) is called either from workqueue or ioctl in all other instances. Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Acked-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: further RCU fixesJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were a few more instances of sta_info_get calls not being protected by RCU, fix them. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mac80211: fix key hwaccel raceJohannes Berg2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous key locking patch left a small race: it would be possible to add a key and take the interface down before the key todo is run so that hwaccel for that key is enabled on an interface that is down. Avoid this by running the todo list when an interface is brought up or down. This patch also fixes a small bug: before this change, a few functions used the key list without the lock that protects it. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| | * | mlme.c: fixup some merge damageJohn W. Linville2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This one got renamed, complicating the merge a bit...this should restore it to its intended state. Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * | | [TIPC]: Cleanup of TIPC reference table codeAllan Stephens2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a largely cosmetic cleanup of the TIPC reference table code. - The object reference field in each table entry is now single 32-bit integer instead of a union of two 32-bit integers. - Variable naming has been made more consistent. - Error message output has been made more consistent. - Useless #includes have been eliminated. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [TIPC]: Optimized initialization of TIPC reference tableAllan Stephens2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch modifies TIPC's reference table code to delay initializing table entries until they are actually needed by applications. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [TIPC]: Remove inlining of reference table locking routinesAllan Stephens2008-04-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch converts the TIPC reference table locking routines into non-inlined routines, since they are mainly called from non-performance critical areas of TIPC and the added code footprint incurred through inlining can no longer be justified. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: Do not allocate unneeded memory for dev->priv alignment.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The alloc_netdev_mq() tries to produce 32-bytes alignment for both the net_device itself and its private data. The second alignment is achieved by adding the NETDEV_ALIGN_CONST to the whole size of the memory to be allocated. However, for those devices that do not need the private area, this addition just makes the net_device weight 1024 + 32 = 1068 bytes, i.e. consume twice as much memory. Since loopback device is such (sizeof_priv == 0 for it), and each net namespace creates one, this can save a noticeable amount of memory for kernel with net namespaces turned on. After this set the lo device is actually allocated from a size-1024 kmem cache on i386 box even with NETPOLL and WIRELESS_EXT turned on. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug for network devices.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dev_set_net is called for - just allocated devices - devices moving from one namespace to another release_net has proper check inside to distinguish these cases. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug to fib rules.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug for dst ops.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug for inet bind buckets.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug into fib_info.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug for timewait buckets.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Add netns refcnt debug for kernel sockets.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Protocol control sockets and netlink kernel sockets should not prevent the namespace stop request. They are initialized and disposed in a special way by sk_change_net/sk_release_kernel. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETNS]: Make netns refconting debug like a socket one.Denis V. Lunev2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make release_net/hold_net noop for performance-hungry people. This is a debug staff and should be used in the debug mode only. Add check for net != NULL in hold/release calls. This will be required later on. [ Added minor simplifications suggested by Brian Haley. -DaveM ] Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Allow to create IP6 tunnels in net namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And no need in some IPPROTO_XXX enabling, since ipv6 code doesn't have any filtering. So, just set proper net and mark device with NETNS_LOCAL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Use proper net instead of init_net stubs.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All the ip_route_output_key(), dev_get_by_...() and ipv6_chk_addr() calls are now stubbed with init_net. Fortunately, all the places already have where to get the proper net from. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Make tunnels hashes per-net.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | Move hashes in the struct ip6_tnl_net, replace tnls_xxx[] with ip6n->tnlx_xxx[] and handle init and exit appropriately. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Make the fallback tunnel device per-net.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | All the code, that reference it already has the ip6_tnl_net pointer, so s/ip6_fb_tnl_dev/ip6n->fb_tnl_dev/ and move creation/releasing code into net init/exit ops. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | Calls to ip6_tnl_lookup were stubbed with init_net - give them a proper one. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Add (ip6_tnl_)net argument to some calls.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | Hashes and fallback device used in them will be per-net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IP6TUNNEL]: Introduce empty ip6_tnl_net structure and net ops.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Allow for IPPROTO_IPV6 protocol in namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | This makes sit-generated traffic enter the namespace. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Allow to create SIT tunnels in net namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | Set proper net and mark a new device as NETNS_LOCAL before registering. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Use proper net in routing calls.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | I.e. replace init_net stubs in ip_route_output_key() calls. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Make tunnels hashes per-net.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | Just move all the hashes on the sit_net structure and patch the rest of the code appropriately. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Make the fallback tunnel device per-netPavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | Allocate and register one in sit_init_net, use sitn->fb_tunnel_dev over the code and unregister one in sit_exit_net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Use proper net in hash-lookup functions.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | Replace introduced in the previous patch init_net stubs with the proper net pointer. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Add net/sit_net argument to some functions.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | ... to make them prepared for future hashes and fallback device move on the struct sit_net. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [SIT]: Introduce empty struct sit_net and init/exit net ops.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [GRE]: Allow for IPPROTO_GRE protocol in namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | This one was also disabled by default for sanity. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [GRE]: Allow to create IPGRE tunnels in net namespaces.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | I.e. set the proper net and mark as NETNS_LOCAL. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [GRE]: Use proper net in routing calls.Pavel Emelyanov2008-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As for the IPIP tunnel, there are some ip_route_output_key() calls in there that require a proper net so give one to them. And a proper net for the __get_dev_by_index hanging around. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>