aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAge
* net: Allow netdevices to specify needed head/tailroomJohannes Berg2008-05-12
| | | | | | | | | | This patch adds needed_headroom/needed_tailroom members to struct net_device and updates many places that allocate sbks to use them. Not all of them can be converted though, and I'm sure I missed some (I mostly grepped for LL_RESERVED_SPACE) Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: add missing newlines in printk()Pavel Roskin2008-05-12
| | | | | Signed-off-by: Pavel Roskin <proski@gnu.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix association with some APsHelmut Schaa2008-05-12
| | | | | | | | | | | Some APs refuse association if the supported rates contained in the association request do not match its own supported rates. This patch introduces a new function which builds the intersection between the AP's supported rates and the client's supported rates to work around such problems. The same approach is already used in ipw2200 for example. Signed-off-by: Helmut Schaa <hschaa@suse.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Fix potential scheduling while atomic in mesh_path_add.Pavel Emelyanov2008-05-12
| | | | | | | | | | Calling synchronize_rcu() under write-lock-ed pathtbl_resize_lock may result in this warning (and other side effects). It looks safe just dropping this lock before calling synchronize_rcu. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Fix not checked kmalloc() result.Pavel Emelyanov2008-05-12
| | | | | | | | | | The new_node kmallocation is not checked for success, so add this check. BTW, it also happens under the read_lock. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* Fix GFP_KERNEL allocation under read lock.Pavel Emelyanov2008-05-12
| | | | | | | | | | | | The mesh_path_add() read-locks the pathtbl_resize_lock and calls kmalloc with GFP_KERNEL mask. Fix it and move the endadd2 label lower. It should be _before_ the if() beyond, but it makes no sense for it being there, so I move it right after this if(). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: mesh hwmp: fix kfree(skb)Patrick McHardy2008-05-12
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix access to null skbLuis Carlos Cobo2008-05-12
| | | | | | | | | Without this patch, if xmit_skb is null but net_ratelimit() returns 0 we would go to the else branch and access the null xmit_skb. Pointed out by Johannes Berg. Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix incorrect mesh header lengthLuis Carlos Cobo2008-05-12
| | | | | | | | This should have been updated at the same time we were transitioning from 3 byte to 4 byte mesh sequence number. Pointed out by Johannes Berg. Signed-off-by: Luis Carlos Cobo <luisca@cozybit.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: Don't encrypt beaconsIvo van Doorn2008-05-12
| | | | | | | | | | mac80211 should set the IEEE80211_TX_CTL_DO_NOT_ENCRYPT flag in tx_control structure to inform drivers not to encrypt the beacon. Drivers that only check for that flag before accessing the hw_key field, will otherwise cause a NULL pointer dereference since that field is not configured for beacons. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* mac80211: fix debugfs default key oopsJohannes Berg2008-05-12
| | | | | | | | | | Under certain circumstances (in AP mode) the debugfs function that is supposed to add the default key symlink can encounter a NULL default_key pointer. This patch makes it handle that situtation gracefully. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* fix irq flags in mac80211 codeSteven Rostedt2008-05-12
| | | | | | | | | | | | | A file in the net/mac80211 directory uses "int" for flags. This can cause hard to find bugs on some architectures. This patch converts the flags to use "long" instead. This bug was discovered by doing an allyesconfig make on the -rt kernel where checks are done to ensure all flags are of size sizeof(long). Signed-off-by: Steven Rostedt <srostedt@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* sctp: Add address type check while process paramaters of ASCONF chunkWei Yongjun2008-05-12
| | | | | | | | | | | | | If socket is create by AF_INET type, add IPv6 address to asoc will cause kernel panic while packet is transmitted on that transport. This patch add address type check before process paramaters of ASCONF chunk. If peer is not support this address type, return with error invald parameter. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Do not enable peer IPv6 address support on PF_INET socketWei Yongjun2008-05-12
| | | | | | | | | | | If socket is create by PF_INET type, it can not used IPv6 address to send/recv DATA, So we can not used IPv6 address even if peer tell us it support IPv6 address. This patch fix to only enabled peer IPv6 address support on PF_INET6 socket. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sit: Add missing kfree_skb() on pskb_may_pull() failure.David S. Miller2008-05-09
| | | | | | Noticed by Paul Marks <paul@pmarks.net>. Signed-off-by: David S. Miller <davem@davemloft.net>
* tipc: Increase buffer header to support worst-case deviceAllan Stephens2008-05-09
| | | | | | | | This patch increases the headroom TIPC reserves in each sk_buff to accommodate the largest possible link level device header. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Added ASSERT_RTNL() to dev_open() and dev_close().Ben Hutchings2008-05-08
| | | | | | | | dev_open() and dev_close() must be called holding the RTNL, since they call device functions and netdevice notifiers that are promised the RTNL. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* can: Fix can_send() handling on dev_queue_xmit() failuresOliver Hartkopp2008-05-08
| | | | | | | | | | | | The tx packet counting and the local loopback of CAN frames should only happen in the case that the CAN frame has been enqueued to the netdevice tx queue successfully. Thanks to Andre Naujoks <nautsch@gmail.com> for reporting this issue. Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: Fix arbitrary net_device-s corruptions on net_ns stop.Pavel Emelyanov2008-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a net namespace is destroyed, some devices (those, not killed on ns stop explicitly) are moved back to init_net. The problem, is that this net_ns change has one point of failure - the __dev_alloc_name() may be called if a name collision occurs (and this is easy to trigger). This allocator performs a likely-to-fail GFP_ATOMIC allocation to find a suitable number. Other possible conditions that may cause error (for device being ns local or not registered) are always false in this case. So, when this call fails, the device is unregistered. But this is *not* the right thing to do, since after this the device may be released (and kfree-ed) improperly. E. g. bridges require more actions (sysfs update, timer disarming, etc.), some other devices want to remove their private areas from lists, etc. I. e. arbitrary use-after-free cases may occur. The proposed fix is the following: since the only reason for the dev_change_net_namespace to fail is the name generation, we may give it a unique fall-back name w/o %d-s in it - the dev<ifindex> one, since ifindexes are still unique. So make this change, raise the failure-case printk loglevel to EMERG and replace the unregister_netdevice call with BUG(). [ Use snprintf() -DaveM ] Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Kconfig: default DCCP/SCTP conntrack support to the protocol ↵Patrick McHardy2008-05-08
| | | | | | | | | | config values When conntrack and DCCP/SCTP protocols are enabled, chances are good that people also want DCCP/SCTP conntrack and NAT support. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last ↵Patrick McHardy2008-05-08
| | | | | | | | | | | | | | | | | request Some Inovaphone PBXs exhibit very stange behaviour: when dialing for example "123", the device sends INVITE requests for "1", "12" and "123" back to back. The first requests will elicit error responses from the receiver, causing the SIP helper to flush the RTP expectations even though we might still see a positive response. Note the sequence number of the last INVITE request that contained a media description and only flush the expectations when receiving a negative response for that sequence number. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* net/ipv4: correct RFC 1122 section reference in commentJ.H.M. Dassen (Ray)2008-05-08
| | | | | | | | | | | RFC 1122 does not have a section 3.1.2.2. The requirement to silently discard datagrams with a bad checksum is in section 3.2.1.2 instead. Addresses http://bugzilla.kernel.org/show_bug.cgi?id=10611 Signed-off-by: J.H.M. Dassen (Ray) <jdassen@debian.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* tcp FRTO: SACK variant is errorneously used with NewRenoIlpo Järvinen2008-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note: there's actually another bug in FRTO's SACK variant, which is the causing failure in NewReno case because of the error that's fixed here. I'll fix the SACK case separately (it's a separate bug really, though related, but in order to fix that I need to audit tp->snd_nxt usage a bit). There were two places where SACK variant of FRTO is getting incorrectly used even if SACK wasn't negotiated by the TCP flow. This leads to incorrect setting of frto_highmark with NewReno if a previous recovery was interrupted by another RTO. An eventual fallback to conventional recovery then incorrectly considers one or couple of segments as forward transmissions though they weren't, which then are not LOST marked during fallback making them "non-retransmittable" until the next RTO. In a bad case, those segments are really lost and are the only one left in the window. Thus TCP needs another RTO to continue. The next FRTO, however, could again repeat the same events making the progress of the TCP flow extremely slow. In order for these events to occur at all, FRTO must occur again in FRTOs step 3 while the key segments must be lost as well, which is not too likely in practice. It seems to most frequently with some small devices such as network printers that *seem* to accept TCP segments only in-order. In cases were key segments weren't lost, things get automatically resolved because those wrongly marked segments don't need to be retransmitted in order to continue. I found a reproducer after digging up relevant reports (few reports in total, none at netdev or lkml I know of), some cases seemed to indicate middlebox issues which seems now to be a false assumption some people had made. Bugzilla #10063 _might_ be related. Damon L. Chesser <damon@damtek.com> had a reproducable case and was kind enough to tcpdump it for me. With the tcpdump log it was quite trivial to figure out. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
* net_cls_act: act_simple dont ignore realloc codeJamal Hadi Salim2008-05-06
| | | | | | | | reallocation of the policy data was being ignored. It could fail. Simplify so that there is no need for reallocating. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* Revert "atm: Do not free already unregistered net device."David S. Miller2008-05-06
| | | | | | | | | | This reverts commit 65e4113684e50cee75357ce10dc9026b0929e4e9. Unlike the other cases Pavel fixed, this case did not setup a netdev->destructor of free_netdev, therefore this change was not correct. Signed-off-by: David S. Miller <davem@davemloft.net>
* dccp: return -EINVAL on invalid feature lengthChris Wright2008-05-05
| | | | | | | | | | dccp_feat_change() validates length and on error is returning 1. This happens to work since call chain is checking for 0 == success, but this is returned to userspace, so make it a real error value. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net_cls_act: Make act_simple use of netlink policy.Jamal Hadi Salim2008-05-05
| | | | | | | | Convert to netlink helpers by using netlink policy validation. As a side effect fixes a leak. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* ip: Use inline function dst_metric() instead of direct access to dst->metric[]Satoru SATOH2008-05-05
| | | | | | | | | | | | There are functions to refer to the value of dst->metric[THE_METRIC-1] directly without use of a inline function "dst_metric" defined in net/dst.h. The following patch changes them to use the inline function consistently. Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ip: Make use of the inline function dst_metric_locked()Satoru SATOH2008-05-05
| | | | | Signed-off-by: Satoru SATOH <satoru.satoh@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* atm: Bad locking on br2684_devs modifications.Pavel Emelyanov2008-05-04
| | | | | | | The list_del happens under read-locked devs_lock. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* atm: Do not free already unregistered net device.Pavel Emelyanov2008-05-04
| | | | | | | | Both br2684_push and br2684_exit do so, but unregister_netdev() releases the device itself. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* mac80211: Do not free net device after it is unregistered.Pavel Emelyanov2008-05-04
| | | | | | | | | | | | | | | The error path in ieee80211_register_hw() may call the unregister_netdev() and right after it - the free_netdev(), which is wrong, since the unregister releases the device itself. So the proposed fix is to NULL the local->mdev after unregister is done and check this before calling free_netdev(). I checked - no code uses the local->mdev after unregister in this error path (but even if some did this would be a BUG). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* bridge: Consolidate error paths in br_add_bridge().Pavel Emelyanov2008-05-04
| | | | | | | | | | | This actually had to be merged with the patch #1, but I decided not to mix two changes in one patch. There are already two calls to free_netdev() in there, so merge them into one. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* bridge: Net device leak in br_add_bridge().Pavel Emelyanov2008-05-04
| | | | | | | | | | In case the register_netdevice() call fails the device is leaked, since the out: label is just rtnl_unlock()+return. Free the device. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Fix useless comment reference loop.Johannes Berg2008-05-03
| | | | | | | | | | | | | | include/linux/skbuff.h says: /* These elements must be at the end, see alloc_skb() for details. */ net/core/skbuff.c says: * See comment in sk_buff definition, just before the 'tail' member This patch contains my guess as to the actual reason rather than a dead comment reference loop. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* sch_htb: remove from event queue in htb_parent_to_leaf()Jarek Poplawski2008-05-03
| | | | | | | | | | | | | | | | | There is lack of removing a class from the event queue while changing from parent to leaf which can cause corruption of this rb tree. This patch fixes a bug introduced by my patch: "sch_htb: turn intermediate classes into leaves" commit: 160d5e10f87b1dc88fd9b84b31b1718e0fd76398. Many thanks to Jan 'yanek' Bortl for finding a way to reproduce this rare bug and narrowing the test case, which made possible proper diagnosing. This patch is recommended for all kernels starting from 2.6.20. Reported-and-tested-by: Jan 'yanek' Bortl <yanek@ya.bofh.cz> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* rose: Wrong list_lock argument in rose_node seqopsBernard Pidoux2008-05-02
| | | | | | | | | In rose_node_start() as well as in rose_node_stop() __acquires() and spin_lock_bh() were wrongly passing rose_neigh_list_lock instead of rose_node_list_lock arguments. Signed-off-by: Bernard Pidoux <f6bvp@amsat.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: Fix reassembly timer to use the right namespaceDaniel Lezcano2008-05-02
| | | | | | | | This trivial fix retrieves the network namespace from frag queue and use it to get the network device in the right namespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: Fix device renaming for sysfsDaniel Lezcano2008-05-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a netdev is moved across namespaces with the 'dev_change_net_namespace' function, the 'device_rename' function is used to fixup kobject and refresh the sysfs tree. The device_rename function will call kobject_rename and this one will check if there is an object with the same name and this is the case because we are renaming the object with the same name. The use of 'device_rename' seems for me wrong because we usually don't rename it but just move it across namespaces. As we just want to do a mini "netdev_[un]register", IMO the functions 'netdev_[un]register_kobject' should be used instead, like an usual network device [un]registering. This patch replace device_rename by netdev_unregister_kobject, followed by netdev_register_kobject. The netdev_register_kobject will call device_initialize and will raise a warning indicating the device was already initialized. In order to fix that, I split the device initialization into a separate function and use it together with 'netdev_register_kobject' into register_netdevice. So we can safely call 'netdev_register_kobject' in 'dev_change_net_namespace'. This fix will allow to properly use the sysfs per namespace which is coming from -mm tree. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* bridge: forwarding table information for >256 devicesStephen Hemminger2008-05-02
| | | | | | | | | | | | | | | The forwarding table binary interface (my bad choice), only exposes the port number of the first 8 bits. The bridge code was limited to 256 ports at the time, but now the kernel supports up 1024 ports, so the upper bits are lost when doing: brctl showmacs The fix is to squeeze the extra bits into small hole left in data structure, to maintain binary compatiablity. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* dccp: ccid2.c, ccid3.c use clamp(), clamp_t()Harvey Harrison2008-05-02
| | | | | | | | Makes the intention of the nested min/max clear. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: remove NR_CPUS arrays in net/core/dev.cMike Travis2008-05-02
| | | | | | | | | Remove the fixed size channels[NR_CPUS] array in net/core/dev.c and dynamically allocate array based on nr_cpu_ids. Signed-off-by: Mike Travis <travis@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: use get/put_unaligned_* helpersHarvey Harrison2008-05-02
| | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* bluetooth: use get/put_unaligned_* helpersHarvey Harrison2008-05-02
| | | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* irda: use get_unaligned_* helpersHarvey Harrison2008-05-02
| | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Add a WARN_ON_ONCE() to the transmit timeout functionArjan van de Ven2008-05-02
| | | | | | | | | | | | | WARN_ON_ONCE() gives a stack trace including the full module list. Having this in the kernel dump for the timeout case in the generic netdev watchdog will help us see quicker which driver is involved. It also allows us to collect statistics and patterns in terms of which drivers have this event occuring. Suggested by Andrew Morton Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Add missing braces to multi-statement if()sIlpo Järvinen2008-05-02
| | | | | | | | One finds all kinds of crazy things with some shell pipelining. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: assign PDE->data before gluing PDE into /proc treeDenis V. Lunev2008-05-02
| | | | | | | | Replace proc_net_fops_create with proc_create_data. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: assign PDE->fops before gluing PDE into /proc treeDenis V. Lunev2008-05-02
| | | | | | | | Replace create_proc_entry with specially created for this purpose proc_create. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv4: assign PDE->data before gluing PDE into /proc treeDenis V. Lunev2008-05-02
| | | | | | | | The check for PDE->data != NULL becomes useless after the replacement of proc_net_fops_create with proc_create_data. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>