summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2011-03-05batman-adv: Fix possible buffer overflow in softif neigh list outputLinus Lüssing1-21/+1
When printing the soft interface table the number of entries in the softif neigh list are first being counted and a fitting buffer allocated. After that the softif neigh list gets locked again and the buffer printed - which has the following two issues: For one thing, the softif neigh list might have grown when reacquiring the rcu lock, which results in writing outside of the allocated buffer. Furthermore 31 Bytes are not enough for printing an entry with a vid of more than 2 digits. The manual buffering is unnecessary, we can safely print to the seq directly during the rcu_read_lock(). Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Increase orig_node refcount before releasing rcu read lockLinus Lüssing2-3/+5
When unicast_send_skb() is increasing the orig_node's refcount another thread might have been freeing this orig_node already. We need to increase the refcount in the rcu read lock protected area to avoid that. Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Make bat_priv->curr_gw an rcu protected pointerLinus Lüssing2-32/+72
The rcu protected macros rcu_dereference() and rcu_assign_pointer() for the bat_priv->curr_gw need to be used, as well as spin/rcu locking. Otherwise we might end up using a curr_gw pointer pointing to already freed memory. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: make broadcast seqno operations atomicMarek Lindner3-22/+37
Batman-adv could receive several payload broadcasts at the same time that would trigger access to the broadcast seqno sliding window to determine whether this is a new broadcast or not. If these incoming broadcasts are accessing the sliding window simultaneously it could be left in an inconsistent state. Therefore it is necessary to make sure this access is atomic. Reported-by: Linus Lüssing <linus.luessing@web.de> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect bit operations to count OGMs with spinlockMarek Lindner2-34/+33
Reported-by: Linus Lüssing <linus.luessing@saxnet.de> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Correct rcu refcounting for batman_ifMarek Lindner4-38/+33
It might be possible that 2 threads access the same data in the same rcu grace period. The first thread calls call_rcu() to decrement the refcount and free the data while the second thread increases the refcount to use the data. To avoid this race condition all refcount operations have to be atomic. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Correct rcu refcounting for softif_neighMarek Lindner2-17/+16
It might be possible that 2 threads access the same data in the same rcu grace period. The first thread calls call_rcu() to decrement the refcount and free the data while the second thread increases the refcount to use the data. To avoid this race condition all refcount operations have to be atomic. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Correct rcu refcounting for gw_nodeMarek Lindner2-22/+17
It might be possible that 2 threads access the same data in the same rcu grace period. The first thread calls call_rcu() to decrement the refcount and free the data while the second thread increases the refcount to use the data. To avoid this race condition all refcount operations have to be atomic. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: Correct rcu refcounting for neigh_nodeMarek Lindner7-174/+313
It might be possible that 2 threads access the same data in the same rcu grace period. The first thread calls call_rcu() to decrement the refcount and free the data while the second thread increases the refcount to use the data. To avoid this race condition all refcount operations have to be atomic. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect bonding with rcu locksSimon Wunderlich7-163/+195
bonding / alternating candidates need to be secured by rcu locks as well. This patch therefore converts the bonding list from a plain pointer list to a rcu securable lists and references the bonding candidates. Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect ogm counter arrays with spinlockMarek Lindner3-6/+33
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect originator nodes with reference countersMarek Lindner4-19/+78
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect each hash row with rcu locksMarek Lindner8-45/+141
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect neigh_nodes used outside of rcu_locks with refcountingMarek Lindner1-9/+31
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: free neighbors when an interface is deactivatedMarek Lindner1-2/+7
hardif_disable_interface() calls purge_orig_ref() to immediately free all neighbors associated with the interface that is going down. purge_orig_neighbors() checked if the interface status is IF_INACTIVE which is set to IF_NOT_IN_USE shortly before calling purge_orig_ref(). Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect neighbor list with rcu locksMarek Lindner3-21/+57
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: convert neighbor list to hlistMarek Lindner3-28/+35
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-03-05batman-adv: protect neighbor nodes with reference countersMarek Lindner4-8/+28
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
2011-02-14batman-adv: Remove two duplicate includes.Jesper Juhl1-2/+0
Remove duplicate inclusion of "send.h" and "routing.h" from net/batman-adv/soft-interface.c Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-02-11batman-adv: Disallow originator addressing within mesh layerLinus Lüssing1-6/+1
For a host in the mesh network, the batman layer should be transparent. However, we had one exception, data packets within the mesh network which have the same destination as a originator are being routed to that node, although there is no host that node's bat0 interface and therefore gets dropped anyway. This commit removes this exception. Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-02-11batman-adv: Remove duplicate types.h inclusionsLinus Lüssing10-14/+0
types.h is included by main.h, which is included at the beginning of any other c-file anyway. Therefore this commit removes those duplicate inclussions. Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-02-11batman-adv: Split combined variable declarationsMarek Lindner1-2/+2
Multiple variable declarations in a single statements over multiple lines can be split into multiple variable declarations without changing the actual behavior. Signed-off-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-02-11batman-adv: Use successive sequence numbers for fragmentsSven Eckelmann1-4/+4
The two fragments of an unicast packet must have successive sequence numbers to allow the receiver side to detect matching fragments and merge them again. The current implementation doesn't provide that property because a sequence of two atomic_inc_return may be interleaved with another sequence which also changes the variable. The access to the fragment sequence number pool has either to be protected by correct locking or it has to reserve two sequence numbers in a single fetch. The latter one can easily be done by increasing the value of the last used sequence number by 2 in a single step. The generated window of two currently unused sequence numbers can now be scattered across the two fragments. Reported-by: Linus Lüssing <linus.luessing@web.de> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Merge README of v2011.0.0 releaseSven Eckelmann1-8/+8
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Update copyright yearsSven Eckelmann39-39/+39
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Remove unused variablesSven Eckelmann2-10/+1
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Remove declaration of batman_skb_recvSven Eckelmann2-6/+9
batman_skb_recv can be defined in hard-interface.c as static because it is never used outside of that file. Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Remove unused definitionsSven Eckelmann1-15/+0
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Remove dangling declaration of hash_remove_elementSven Eckelmann1-5/+0
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: remove unused parametersSimon Wunderlich4-14/+10
Some function parameters are obsolete now and can be removed. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Calculate correct size for merged packetsSven Eckelmann4-3/+31
The routing algorithm must be able to decide if a fragment can be merged with the missing part and still be passed to a forwarding interface. The fragments can only differ by one byte in case that the original payload had an uneven length. In that situation the sender has to inform all possible receivers that the tail is one byte longer using the flag UNI_FRAG_LARGETAIL. The combination of UNI_FRAG_LARGETAIL and UNI_FRAG_HEAD flag makes it possible to calculate the correct length for even and uneven sized payloads. The original formula missed to add the unicast header at all and forgot to remove the fragment header of the second fragment. This made the results highly unreliable and only useful for machines with large differences between the configured MTUs. Reported-by: Russell Senior <russell@personaltelco.net> Reported-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-31batman-adv: Create roughly equal sized fragmentsSven Eckelmann1-2/+3
The routing algorithm must know how large two fragments are to be able to decide that it is safe to merge them or if it should resubmit without waiting for the second part. When these two fragments have a too different size, it is not possible to guess right in every situation. The user could easily configure the MTU of the attached cards so that one fragment is forwarded and the other one is added to the fragments table to wait for the missing part. For even sized packets, it is possible to split it so that the resulting packages are equal sized by ignoring the old non-fragment header at the beginning of the original packet. This still creates different sized fragments for uneven sized packets. Reported-by: Russell Senior <russell@personaltelco.net> Reported-by: Marek Lindner <lindner_marek@yahoo.de> Signed-off-by: Sven Eckelmann <sven@narfation.org>
2011-01-21Linux 2.6.38-rc2v2.6.38-rc2Linus Torvalds1-1/+1
2011-01-21Merge branch 'media_fixes' of ↵Linus Torvalds133-2661/+2442
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 * 'media_fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: (101 commits) [media] staging/lirc: fix mem leaks and ptr err usage [media] hdpvr: reduce latency of i2c read/write w/recycled buffer [media] hdpvr: enable IR part [media] rc/mceusb: timeout should be in ns, not us [media] v4l2-device: fix 'use-after-freed' oops [media] v4l2-dev: don't memset video_device.dev [media] zoran: use video_device_alloc instead of kmalloc [media] w9966: zero device state after a detach [media] v4l: Fix a use-before-set in the control framework [media] v4l: Include linux/videodev2.h in media/v4l2-ctrls.h [media] DocBook/v4l: update V4L2 revision and update copyright years [media] DocBook/v4l: fix validation error in dev-rds.xml [media] v4l2-ctrls: queryctrl shouldn't attempt to replace V4L2_CID_PRIVATE_BASE IDs [media] v4l2-ctrls: fix missing 'read-only' check [media] pvrusb2: Provide more information about IR units to lirc_zilog and ir-kbd-i2c [media] ir-kbd-i2c: Add back defaults setting for Zilog Z8's at addr 0x71 [media] lirc_zilog: Update TODO.lirc_zilog [media] lirc_zilog: Add Andy Walls to copyright notice and authors list [media] lirc_zilog: Remove useless struct i2c_driver.command function [media] lirc_zilog: Remove unneeded tests for existence of the IR Tx function ...
2011-01-21KEYS: Fix up comments in key management codeDavid Howells11-366/+777
Fix up comments in the key management code. No functional changes. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-01-21KEYS: Do some style cleanup in the key management code.David Howells10-248/+80
Do a bit of a style clean up in the key management code. No functional changes. Done using: perl -p -i -e 's!^/[*]*/\n!!' security/keys/*.c perl -p -i -e 's!} /[*] end [a-z0-9_]*[(][)] [*]/\n!}\n!' security/keys/*.c sed -i -s -e ": next" -e N -e 's/^\n[}]$/}/' -e t -e P -e 's/^.*\n//' -e "b next" security/keys/*.c To remove /*****/ lines, remove comments on the closing brace of a function to name the function and remove blank lines before the closing brace of a function. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-01-21Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds14-240/+405
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: fix up CIFSSMBEcho for unaligned access cifs: fix unaligned accesses in cifsConvertToUCS cifs: clean up unaligned accesses in cifs_unicode.c cifs: fix unaligned access in check2ndT2 and coalesce_t2 cifs: clean up unaligned accesses in validate_t2 cifs: use get/put_unaligned functions to access ByteCount cifs: move time field in cifsInodeInfo cifs: TCP_Server_Info diet CIFS: Implement cifs_strict_readv (try #4) CIFS: Implement cifs_file_strict_mmap (try #2) CIFS: Implement cifs_strict_fsync CIFS: Make cifsFileInfo_put work with strict cache mode
2011-01-21Merge branch 'fixes-2.6.38' of ↵Linus Torvalds1-4/+4
git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu * 'fixes-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: x86,percpu: Move out of place 64 bit ops into X86_64 section
2011-01-21Merge branch 'fixes-2.6.38' of ↵Linus Torvalds2-3/+20
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq * 'fixes-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: note the nested NOT_RUNNING test in worker_clr_flags() isn't a noop workqueue: relax lockdep annotation on flush_work()
2011-01-21Merge branch 'irq-cleanup-for-linus' of ↵Linus Torvalds35-1048/+428
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'irq-cleanup-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (37 commits) um: Use generic irq Kconfig tile: Use generic irq Kconfig sparc: Use generic irq Kconfig score: Use generic irq Kconfig powerpc: Use generic irq Kconfig parisc: Use generic irq Kconfig mn10300: Use generic irq Kconfig microblaze: Use generic irq Kconfig m68knommu: Use generic irq Kconfig ia64: Use generic irq Kconfig frv: Use generic irq Kconfig blackfin: Use generic irq Kconfig alpha: Use generic irq Kconfig genirq: Remove __do_IRQ m32r: Convert to generic irq Kconfig m32r: Convert usrv platform irq handling m32r: Convert opsput_lcdpld irq chip m32r: Convert opsput lanpld irq chip m32r: Convert opsput pld irq chip m32r: Convert opsput irq chip ...
2011-01-21Merge branch 'stable/bug-fixes-rc1' of ↵Linus Torvalds2-2/+20
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen * 'stable/bug-fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen: p2m: correctly initialize partial p2m leaf xen: fix non-ANSI function warning in irq.c
2011-01-21Merge branches 'fixes' and 'fwnet' of ↵Linus Torvalds3-7/+19
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: core: fix unstable I/O with Canon camcorder * 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: net: is not experimental anymore firewire: net: invalidate ARP entries of removed nodes
2011-01-21Merge branch 'for-linus' of ↵Linus Torvalds9-77/+79
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: hda - Fix EAPD to low on CZC P10T tablet computer with ALC662 ALSA: HDA: Add SKU ignore for another Thinkpad Edge 14 ALSA: hda - Fix "unused variable" compile warning ALSA: hda - Add quirk for HP Z-series workstation Revert "ALSA: HDA: Create mixers on ALC887" ASoC: PXA: Fix codec address on Zipit Z2 ASoC: PXA: Fix jack detection on Zipit Z2 ASoC: Blackfin: fix DAI/SPORT config dependency issues ASoC: Blackfin TDM: use external frame syncs ASoC: Blackfin AC97: fix build error after multi-component update ASoC: Blackfin TDM: fix missed snd_soc_dai_get_drvdata update ASoC: documentation updates ALSA: ice1712 delta - initialize SPI clock
2011-01-21Merge branch 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6Linus Torvalds2-4/+4
* 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6: powerpc/83xx: fix build failures on dt compatible list.
2011-01-21Merge branch 'merge' of ↵Linus Torvalds35-346/+334
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: (34 commits) powerpc/mpic: Fix mask/unmask timeout message powerpc/pseries: Add BNX2=m to defconfig powerpc: Enable 64kB pages and 1024 threads in pseries config powerpc: Disable mcount tracers in pseries defconfig powerpc/boot/dts: Install dts from the right directory powerpc: machine_check_generic is wrong on 64bit powerpc: Check RTAS extended log flag before checking length powerpc: Fix corruption when grabbing FWNMI data powerpc: Rework pseries machine check handler powerpc: Don't silently handle machine checks from userspace powerpc: Remove duplicate debugger hook in machine_check_exception powerpc: Never halt RTAS error logging after receiving an unrecoverable machine check powerpc: Don't force MSR_RI in machine_check_exception powerpc: Print 32 bits of DSISR in show_regs powerpc/kdump: Disable ftrace during kexec powerpc/kdump: Move crash_kexec_stop_spus to kdump crash handler powerpc/kexec: Remove empty ppc_md.machine_kexec_prepare powerpc/kexec: Don't initialise kexec hooks to default handlers powerpc/kdump: Remove ppc_md.machine_crash_shutdown powerpc/kexec: Remove ppc_md.machine_kexec ...
2011-01-21mm: System without MMU do not need pte_mkwriteMichal Simek1-0/+2
The patch "thp: export maybe_mkwrite" (commit 14fd403f2146) breaks systems without MMU. Error log: CC arch/microblaze/mm/init.o In file included from include/linux/mman.h:14, from arch/microblaze/mm/consistent.c:24: include/linux/mm.h: In function 'maybe_mkwrite': include/linux/mm.h:482: error: implicit declaration of function 'pte_mkwrite' include/linux/mm.h:482: error: incompatible types in assignment Signed-off-by: Michal Simek <monstr@monstr.eu> CC: Andrea Arcangeli <aarcange@redhat.com> Reviewed-by: Rik van Riel <riel@redhat.com> CC: Andrew Morton <akpm@linux-foundation.org> CC: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-01-21MAINTAINERS: Update Roland Dreier's email addressRoland Dreier1-1/+1
The cisco.com address will stop working soon, and besides no one can remember the second "d" in "rolandd" or how to spell "rdreier." Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-01-21xen: p2m: correctly initialize partial p2m leafStefan Bader1-1/+19
After changing the p2m mapping to a tree by commit 58e05027b530ff081ecea68e38de8d59db8f87e0 xen: convert p2m to a 3 level tree and trying to boot a DomU with 615MB of memory, the following crash was observed in the dump: kernel direct mapping tables up to 26f00000 @ 1ec4000-1fff000 BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c0107397>] xen_set_pte+0x27/0x60 *pdpt = 0000000000000000 *pde = 0000000000000000 Adding further debug statements showed that when trying to set up pfn=0x26700 the returned mapping was invalid. pfn=0x266ff calling set_pte(0xc1fe77f8, 0x6b3003) pfn=0x26700 calling set_pte(0xc1fe7800, 0x3) Although the last_pfn obtained from the startup info is 0x26700, which should in turn not be hit, the additional 8MB which are added as extra memory normally seem to be ok. This lead to looking into the initial p2m tree construction, which uses the smaller value and assuming that there is other code handling the extra memory. When the p2m tree is set up, the leaves are directly pointed to the array which the domain builder set up. But if the mapping is not on a boundary that fits into one p2m page, this will result in the last leaf being only partially valid. And as the invalid entries are not initialized in that case, things go badly wrong. I am trying to fix that by checking whether the current leaf is a complete map and if not, allocate a completely new page and copy only the valid pointers there. This may not be the most efficient or elegant solution, but at least it seems to allow me booting DomUs with memory assignments all over the range. BugLink: http://bugs.launchpad.net/bugs/686692 [v2: Redid a bit of commit wording and fixed a compile warning] Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
2011-01-21Merge branch 'for_linus' of ↵Linus Torvalds8-84/+56
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6: quota: Fix deadlock during path resolution
2011-01-21um: Use generic irq KconfigThomas Gleixner1-5/+1
No functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jeff Dike <jdike@addtoit.com>