From ea73ee23c43d6eb75f88c4fc9e1230b44673c0d2 Mon Sep 17 00:00:00 2001
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Mon, 6 Nov 2006 09:45:44 -0800
Subject: [IPV6] ROUTE: Try to use router which is not known unreachable.
Only routers in "FAILED" state should be considered unreachable.
Otherwise, we do not try to use speicific routes unless all least specific
routers are considered unreachable.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
net/ipv6/route.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index c953466b7a..5132821e89 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -330,6 +330,8 @@ static int inline rt6_check_neigh(struct rt6_info *rt)
read_lock_bh(&neigh->lock);
if (neigh->nud_state & NUD_VALID)
m = 2;
+ else if (!(neigh->nud_state & NUD_FAILED))
+ m = 1;
read_unlock_bh(&neigh->lock);
}
return m;
--
cgit v1.2.2
From 557e92efd44878beccd08d5dd54ed343be0e5819 Mon Sep 17 00:00:00 2001
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Mon, 6 Nov 2006 09:45:45 -0800
Subject: [IPV6] ROUTE: Prefer reachable nexthop only if the caller requests.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
net/ipv6/route.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5132821e89..a972a6641e 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -349,9 +349,7 @@ static int rt6_score_route(struct rt6_info *rt, int oif,
m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
#endif
n = rt6_check_neigh(rt);
- if (n > 1)
- m |= 16;
- else if (!n && strict & RT6_LOOKUP_F_REACHABLE)
+ if (!n && (strict & RT6_LOOKUP_F_REACHABLE))
return -1;
return m;
}
--
cgit v1.2.2
From ea659e0775281e1c02556e939bf749bb4f55e50c Mon Sep 17 00:00:00 2001
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Mon, 6 Nov 2006 09:45:45 -0800
Subject: [IPV6] ROUTE: Do not enable router reachability probing in router
mode.
RFC4191 explicitly states that the procedures are applicable to
hosts only. We should not have changed behavior of routers.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
net/ipv6/route.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index a972a6641e..b39ae99122 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -380,10 +380,11 @@ static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
continue;
if (m > mpri) {
- rt6_probe(match);
+ if (strict & RT6_LOOKUP_F_REACHABLE)
+ rt6_probe(match);
match = rt;
mpri = m;
- } else {
+ } else if (strict & RT6_LOOKUP_F_REACHABLE) {
rt6_probe(rt);
}
}
@@ -636,7 +637,7 @@ static struct rt6_info *ip6_pol_route_input(struct fib6_table *table,
int strict = 0;
int attempts = 3;
int err;
- int reachable = RT6_LOOKUP_F_REACHABLE;
+ int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
strict |= flags & RT6_LOOKUP_F_IFACE;
@@ -733,7 +734,7 @@ static struct rt6_info *ip6_pol_route_output(struct fib6_table *table,
int strict = 0;
int attempts = 3;
int err;
- int reachable = RT6_LOOKUP_F_REACHABLE;
+ int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
strict |= flags & RT6_LOOKUP_F_IFACE;
--
cgit v1.2.2
From b3fdd9f115c776d381b30b296849f8e4046bcdaa Mon Sep 17 00:00:00 2001
From: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Date: Mon, 6 Nov 2006 10:06:22 -0800
Subject: [IPV6] IP6TUNNEL: Delete all tunnel device when unloading module.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
net/ipv6/ip6_tunnel.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 84d7ebdb9d..c8d4160385 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1149,6 +1149,20 @@ fail:
return err;
}
+static void __exit ip6ip6_destroy_tunnels(void)
+{
+ int h;
+ struct ip6_tnl *t;
+
+ for (h = 0; h < HASH_SIZE; h++) {
+ while ((t = tnls_r_l[h]) != NULL)
+ unregister_netdevice(t->dev);
+ }
+
+ t = tnls_wc[0];
+ unregister_netdevice(t->dev);
+}
+
/**
* ip6_tunnel_cleanup - free resources and unregister protocol
**/
@@ -1158,7 +1172,9 @@ static void __exit ip6_tunnel_cleanup(void)
if (xfrm6_tunnel_deregister(&ip6ip6_handler))
printk(KERN_INFO "ip6ip6 close: can't deregister tunnel\n");
- unregister_netdev(ip6ip6_fb_tnl_dev);
+ rtnl_lock();
+ ip6ip6_destroy_tunnels();
+ rtnl_unlock();
}
module_init(ip6_tunnel_init);
--
cgit v1.2.2
From 53ab61c6d8f391bda04dbc1e95bac348fe81103b Mon Sep 17 00:00:00 2001
From: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Date: Mon, 6 Nov 2006 10:06:23 -0800
Subject: [IPV6] IP6TUNNEL: Add missing nf_reset() on input path.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
net/ipv6/ip6_tunnel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index c8d4160385..b9f40290d1 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -542,6 +542,7 @@ ip6ip6_rcv(struct sk_buff *skb)
skb->dev = t->dev;
dst_release(skb->dst);
skb->dst = NULL;
+ nf_reset(skb);
if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
ipv6_copy_dscp(ipv6h, skb->nh.ipv6h);
ip6ip6_ecn_decapsulate(ipv6h, skb);
--
cgit v1.2.2
From e52726dece1d2e3976c0caf2f4e9e1c452d31282 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sat, 18 Nov 2006 22:14:05 +0100
Subject: [Bluetooth] Attach low-level connections to the Bluetooth bus
To receive uvents for the low-level ACL and SCO links, they must be
assigned to a subsystem. It is enough to attach them to the already
established Bluetooth bus.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/hci_sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 954eb74eb3..3eeeb7a86e 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -259,7 +259,9 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
BT_DBG("conn %p", conn);
- conn->dev.parent = &hdev->dev;
+ conn->dev.bus = &bt_bus;
+ conn->dev.parent = &hdev->dev;
+
conn->dev.release = bt_release;
snprintf(conn->dev.bus_id, BUS_ID_SIZE,
--
cgit v1.2.2
From 6bd57416127e92d35e6798925502c84e14a3a966 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sat, 18 Nov 2006 22:14:22 +0100
Subject: [Bluetooth] Handling pending connect attempts after inquiry
After an inquiry completed or got canceled the Bluetooth core should
check for any pending connect attempts.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/hci_event.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 65f0948457..bb94e6da22 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -57,6 +57,7 @@
static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
{
__u8 status;
+ struct hci_conn *pend;
BT_DBG("%s ocf 0x%x", hdev->name, ocf);
@@ -71,6 +72,15 @@ static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb
clear_bit(HCI_INQUIRY, &hdev->flags);
hci_req_complete(hdev, status);
}
+
+ hci_dev_lock(hdev);
+
+ pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
+ if (pend)
+ hci_acl_connect(pend);
+
+ hci_dev_unlock(hdev);
+
break;
default:
@@ -565,11 +575,20 @@ static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
__u8 status = *((__u8 *) skb->data);
+ struct hci_conn *pend;
BT_DBG("%s status %d", hdev->name, status);
clear_bit(HCI_INQUIRY, &hdev->flags);
hci_req_complete(hdev, status);
+
+ hci_dev_lock(hdev);
+
+ pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
+ if (pend)
+ hci_acl_connect(pend);
+
+ hci_dev_unlock(hdev);
}
/* Inquiry Result */
--
cgit v1.2.2
From ff2d367ac33b9278c9516ac1888207dac11d10b0 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sat, 18 Nov 2006 22:14:42 +0100
Subject: [Bluetooth] Check if RFCOMM session is still attached to the TTY
If the RFCOMM session is no longer attached to the TTY device, then it
makes no sense to go through with changing the termios settings.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/rfcomm/tty.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index b8e3a5f1c8..1fb5d42f37 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -765,7 +765,7 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
BT_DBG("tty %p termios %p", tty, old);
- if (!dev)
+ if (!dev || !dev->dlc || !dev->dlc->session)
return;
/* Handle turning off CRTSCTS */
--
cgit v1.2.2
From 820ae1b865caa05e0614004d0183ca70de2b8665 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sat, 18 Nov 2006 22:15:00 +0100
Subject: [Bluetooth] Always include MTU in L2CAP config responses
When sending a positive config response it shall include the actual
MTU to be used on this channel. This differs from the Bluetooth 1.1
specification where it was enough to acknowledge the config request.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/l2cap.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 2b3dcb8f90..c09d4a20d6 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1353,12 +1353,12 @@ static inline int l2cap_conf_output(struct sock *sk, void **ptr)
/* Configure output options and let the other side know
* which ones we don't like. */
- if (pi->conf_mtu < pi->omtu) {
- l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
+ if (pi->conf_mtu < pi->omtu)
result = L2CAP_CONF_UNACCEPT;
- } else {
+ else
pi->omtu = pi->conf_mtu;
- }
+
+ l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
BT_DBG("sk %p result %d", sk, result);
return result;
--
cgit v1.2.2
From 354f60a9952d0af59e684b91cc6e06b95fbbf5ef Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sat, 18 Nov 2006 22:15:20 +0100
Subject: [Bluetooth] Ignore L2CAP config requests on disconnect
Any L2CAP connection in disconnecting state shall not response
to any further config requests from the remote side. So in case
such a request is received, ignore it.
Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/l2cap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c09d4a20d6..bbf78e6a7b 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -1533,6 +1533,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
return -ENOENT;
+ if (sk->sk_state == BT_DISCONN)
+ goto unlock;
+
l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req));
if (flags & 0x0001) {
--
cgit v1.2.2
From fb47ddb2db9c18664bd7b06c201a2398885b64fc Mon Sep 17 00:00:00 2001
From: David L Stevens <dlstevens@us.ibm.com>
Date: Sun, 19 Nov 2006 10:38:39 -0800
Subject: [IGMP]: Fix IGMPV3_EXP() normalization bit shift value.
The IGMPV3_EXP() macro doesn't correctly shift the normalization bit, so
time-out values are longer than they should be.
Thanks to Dirk Ooms for finding the problem in IGMPv3 - MLDv2 had a
similar problem that was already fixed a year ago. :-(
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
include/linux/igmp.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/igmp.h b/include/linux/igmp.h
index 03f43e2893..21dd569052 100644
--- a/include/linux/igmp.h
+++ b/include/linux/igmp.h
@@ -191,7 +191,7 @@ struct ip_mc_list
#define IGMPV3_MASK(value, nb) ((nb)>=32 ? (value) : ((1<<(nb))-1) & (value))
#define IGMPV3_EXP(thresh, nbmant, nbexp, value) \
((value) < (thresh) ? (value) : \
- ((IGMPV3_MASK(value, nbmant) | (1<<(nbmant+nbexp))) << \
+ ((IGMPV3_MASK(value, nbmant) | (1<<(nbmant))) << \
(IGMPV3_MASK((value) >> (nbmant), nbexp) + (nbexp))))
#define IGMPV3_QQIC(value) IGMPV3_EXP(0x80, 4, 3, value)
--
cgit v1.2.2
From 334f3d45d3e0c925eb15003560cdd6f5383c88d0 Mon Sep 17 00:00:00 2001
From: Jamal Hadi Salim <hadi@cyberus.ca>
Date: Sun, 19 Nov 2006 14:53:07 -0800
Subject: [XFRM]: Sub-policies broke policy events
XFRM policy events are broken when sub-policy feature is turned on.
A simple test to verify this:
run ip xfrm mon on one window and add then delete a policy on another
window ..
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/xfrm/xfrm_user.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b43e7647e1..2dae1c1ea3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2060,6 +2060,9 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *
len += RTA_SPACE(headlen);
headlen = sizeof(*id);
}
+#ifdef CONFIG_XFRM_SUB_POLICY
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
+#endif
len += NLMSG_SPACE(headlen);
skb = alloc_skb(len, GFP_ATOMIC);
--
cgit v1.2.2
From 785fd8b8a597519127c6d9e16e81f48af2ad391e Mon Sep 17 00:00:00 2001
From: Jamal Hadi Salim <hadi@cyberus.ca>
Date: Sun, 19 Nov 2006 14:55:30 -0800
Subject: [XFRM]: nlmsg length not computed correctly in the presence of
subpolicies
I actually dont have a test case for these; i just found them by
inspection. Refer to patch "[XFRM]: Sub-policies broke policy events"
for more info
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/xfrm/xfrm_user.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2dae1c1ea3..c4cde57d92 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1927,6 +1927,9 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+#ifdef CONFIG_XFRM_SUB_POLICY
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
+#endif
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -2034,6 +2037,9 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+#ifdef CONFIG_XFRM_SUB_POLICY
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
+#endif
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -2109,10 +2115,12 @@ static int xfrm_notify_policy_flush(struct km_event *c)
struct nlmsghdr *nlh;
struct sk_buff *skb;
unsigned char *b;
+ int len = 0;
#ifdef CONFIG_XFRM_SUB_POLICY
struct xfrm_userpolicy_type upt;
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
#endif
- int len = NLMSG_LENGTH(0);
+ len += NLMSG_LENGTH(0);
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)
--
cgit v1.2.2
From 4498c80d9c1ebdf42837be6a52ead35a2aa2b819 Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Tue, 21 Nov 2006 16:17:41 -0800
Subject: [BLUETOOTH]: Fix unaligned access in hci_send_to_sock.
The "u16 *" derefs of skb->data need to be wrapped inside of
a get_unaligned().
Thanks to Gustavo Zacarias for the bug report.
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/bluetooth/hci_sock.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index f26a9eb499..711a085eca 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -120,10 +120,13 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
if (!hci_test_bit(evt, &flt->event_mask))
continue;
- if (flt->opcode && ((evt == HCI_EV_CMD_COMPLETE &&
- flt->opcode != *(__u16 *)(skb->data + 3)) ||
- (evt == HCI_EV_CMD_STATUS &&
- flt->opcode != *(__u16 *)(skb->data + 4))))
+ if (flt->opcode &&
+ ((evt == HCI_EV_CMD_COMPLETE &&
+ flt->opcode !=
+ get_unaligned((__u16 *)(skb->data + 3))) ||
+ (evt == HCI_EV_CMD_STATUS &&
+ flt->opcode !=
+ get_unaligned((__u16 *)(skb->data + 4)))))
continue;
}
--
cgit v1.2.2
From 700f9672c9a61c12334651a94d17ec04620e1976 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <a.p.zijlstra@chello.nl>
Date: Tue, 21 Nov 2006 17:33:01 -0800
Subject: [IRDA]: Lockdep fix.
On Sat, 2006-11-18 at 16:12 +0300, Andrey Borzenkov wrote:
> =============================================
> [ INFO: possible recursive locking detected ]
> 2.6.19-rc5-2avb #2
> - ---------------------------------------------
> pppd/26425 is trying to acquire lock:
> (&hashbin->hb_spinlock){....}, at: [<dfdea87a>] irlmp_slsap_inuse+0x5a/0x170
> [irda]
>
> but task is already holding lock:
> (&hashbin->hb_spinlock){....}, at: [<dfdea857>] irlmp_slsap_inuse+0x37/0x170
> [irda]
>
> other info that might help us debug this:
> 1 lock held by pppd/26425:
> #0: (&hashbin->hb_spinlock){....}, at: [<dfdea857>]
> irlmp_slsap_inuse+0x37/0x170 [irda]
>
> stack backtrace:
> [<c010413c>] dump_trace+0x1cc/0x200
> [<c010418a>] show_trace_log_lvl+0x1a/0x30
> [<c01047f2>] show_trace+0x12/0x20
> [<c01048c9>] dump_stack+0x19/0x20
> [<c01346ca>] __lock_acquire+0x8fa/0xc20
> [<c0134d2d>] lock_acquire+0x5d/0x80
> [<c02a851c>] _spin_lock+0x2c/0x40
> [<dfdea87a>] irlmp_slsap_inuse+0x5a/0x170 [irda]
> [<dfdebab2>] irlmp_open_lsap+0x62/0x180 [irda]
> [<dfdf35d1>] irttp_open_tsap+0x181/0x230 [irda]
> [<dfdc0c3d>] ircomm_open_tsap+0x5d/0xa0 [ircomm]
> [<dfdc05d8>] ircomm_open+0xb8/0xd0 [ircomm]
> [<dfdd0477>] ircomm_tty_open+0x4f7/0x570 [ircomm_tty]
> [<c020bbe4>] tty_open+0x174/0x340
> [<c016bd69>] chrdev_open+0x89/0x170
> [<c0167bd6>] __dentry_open+0xa6/0x1d0
> [<c0167da5>] nameidata_to_filp+0x35/0x40
> [<c0167df9>] do_filp_open+0x49/0x50
> [<c0167e47>] do_sys_open+0x47/0xd0
> [<c0167f0c>] sys_open+0x1c/0x20
> [<c010307d>] sysenter_past_esp+0x56/0x8d
> [<b7f86410>] 0xb7f86410
> =======================
The comment at the nesting lock says:
/* Careful for priority inversions here !
* irlmp->links is never taken while another IrDA
* spinlock is held, so we are safe. Jean II */
So, under the assumption the author was right, it just needs a lockdep
annotation.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/irda/irlmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/irda/irlmp.c b/net/irda/irlmp.c
index 5073261b9d..fede837630 100644
--- a/net/irda/irlmp.c
+++ b/net/irda/irlmp.c
@@ -1678,7 +1678,8 @@ static int irlmp_slsap_inuse(__u8 slsap_sel)
* every IrLAP connection and check every LSAP associated with each
* the connection.
*/
- spin_lock_irqsave(&irlmp->links->hb_spinlock, flags);
+ spin_lock_irqsave_nested(&irlmp->links->hb_spinlock, flags,
+ SINGLE_DEPTH_NESTING);
lap = (struct lap_cb *) hashbin_get_first(irlmp->links);
while (lap != NULL) {
IRDA_ASSERT(lap->magic == LMP_LAP_MAGIC, goto errlap;);
--
cgit v1.2.2
From f2776ff047229c3e7cee2454e2704dd6f98fa32f Mon Sep 17 00:00:00 2001
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Tue, 21 Nov 2006 17:41:56 -0800
Subject: [IPV6]: Fix address/interface handling in UDP and DCCP, according to
the scoping architecture.
TCP and RAW do not have this issue. Closes Bug #7432.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/dccp/ipv6.c | 2 +-
net/ipv6/udp.c | 7 +++----
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index eb0ff7ab05..fc4242c076 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -277,7 +277,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
__u64 seq;
sk = inet6_lookup(&dccp_hashinfo, &hdr->daddr, dh->dccph_dport,
- &hdr->saddr, dh->dccph_sport, skb->dev->ifindex);
+ &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
if (sk == NULL) {
ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index e0c3934a7e..c83f23e51c 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -242,14 +242,13 @@ static void udpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
{
struct ipv6_pinfo *np;
struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
- struct net_device *dev = skb->dev;
struct in6_addr *saddr = &hdr->saddr;
struct in6_addr *daddr = &hdr->daddr;
struct udphdr *uh = (struct udphdr*)(skb->data+offset);
struct sock *sk;
int err;
- sk = udp_v6_lookup(daddr, uh->dest, saddr, uh->source, dev->ifindex);
+ sk = udp_v6_lookup(daddr, uh->dest, saddr, uh->source, inet6_iif(skb));
if (sk == NULL)
return;
@@ -348,7 +347,7 @@ static void udpv6_mcast_deliver(struct udphdr *uh,
read_lock(&udp_hash_lock);
sk = sk_head(&udp_hash[ntohs(uh->dest) & (UDP_HTABLE_SIZE - 1)]);
- dif = skb->dev->ifindex;
+ dif = inet6_iif(skb);
sk = udp_v6_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif);
if (!sk) {
kfree_skb(skb);
@@ -429,7 +428,7 @@ static int udpv6_rcv(struct sk_buff **pskb)
* check socket cache ... must talk to Alan about his plans
* for sock caches... i'll skip this for now.
*/
- sk = udp_v6_lookup(saddr, uh->source, daddr, uh->dest, dev->ifindex);
+ sk = udp_v6_lookup(saddr, uh->source, daddr, uh->dest, inet6_iif(skb));
if (sk == NULL) {
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
--
cgit v1.2.2
From 12862086f24d7382b24379bbcbe0dadf12ca5945 Mon Sep 17 00:00:00 2001
From: "Ira W. Snyder" <kernel@irasnyder.com>
Date: Tue, 21 Nov 2006 17:44:31 -0800
Subject: [TG3]: Add missing unlock in tg3_open() error path.
Sparse noticed a locking imbalance in tg3_open(). This patch adds an
unlock to one of the error paths, so that tg3_open() always exits
without the lock held.
Signed-off-by: Ira W. Snyder <kernel@irasnyder.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/tg3.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index 1dbdd6bb58..c20bb998e0 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -6979,8 +6979,10 @@ static int tg3_open(struct net_device *dev)
tg3_full_lock(tp, 0);
err = tg3_set_power_state(tp, PCI_D0);
- if (err)
+ if (err) {
+ tg3_full_unlock(tp);
return err;
+ }
tg3_disable_ints(tp);
tp->tg3_flags &= ~TG3_FLAG_INIT_COMPLETE;
--
cgit v1.2.2