From 046752104c7090e3679b09274f02d8fd2aa0b4b2 Mon Sep 17 00:00:00 2001 From: "sebastian@breakpoint.cc" Date: Thu, 26 Jul 2007 23:21:31 +0200 Subject: sctp: make locally used function static Forward declarion is static, the function itself is not. Make it consistent. Signed-off-by: Sebastian Siewior Signed-off-by: Vlad Yasevich --- net/sctp/input.c | 2 +- net/sctp/socket.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/sctp/input.c b/net/sctp/input.c index d57ff7f3c576..47e56017f4ce 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -590,7 +590,7 @@ out_unlock: * Return 0 - If further processing is needed. * Return 1 - If the packet can be discarded right away. */ -int sctp_rcv_ootb(struct sk_buff *skb) +static int sctp_rcv_ootb(struct sk_buff *skb) { sctp_chunkhdr_t *ch; __u8 *ch_end; diff --git a/net/sctp/socket.c b/net/sctp/socket.c index ee88f2ea5101..f8bacc898e12 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -433,7 +433,7 @@ out: * * Only sctp_setsockopt_bindx() is supposed to call this function. */ -int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt) +static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt) { int cnt; int retval = 0; @@ -602,7 +602,7 @@ out: * * Only sctp_setsockopt_bindx() is supposed to call this function. */ -int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt) +static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt) { struct sctp_sock *sp = sctp_sk(sk); struct sctp_endpoint *ep = sp->ep; @@ -5964,7 +5964,7 @@ static int sctp_wait_for_accept(struct sock *sk, long timeo) return err; } -void sctp_wait_for_close(struct sock *sk, long timeout) +static void sctp_wait_for_close(struct sock *sk, long timeout) { DEFINE_WAIT(wait); -- cgit v1.2.3 From 0a5fcb9cf8e5c3fabaab1c20668f58fe85d7c70d Mon Sep 17 00:00:00 2001 From: "sebastian@breakpoint.cc" Date: Thu, 26 Jul 2007 23:21:32 +0200 Subject: sctp: move global declaration to header file. sctp_chunk_cachep & sctp_bucket_cachep is used module global, so move it to a header file. Signed-off-by: Sebastian Siewior Signed-off-by: Vlad Yasevich --- include/net/sctp/sctp.h | 10 ++++++++++ net/sctp/sm_make_chunk.c | 2 -- net/sctp/socket.c | 2 -- 3 files changed, 10 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index 16baef4dab7e..d529045c1679 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -189,6 +189,16 @@ int sctp_assocs_proc_init(void); void sctp_assocs_proc_exit(void); +/* + * Module global variables + */ + + /* + * sctp/protocol.c + */ +extern struct kmem_cache *sctp_chunk_cachep __read_mostly; +extern struct kmem_cache *sctp_bucket_cachep __read_mostly; + /* * Section: Macros, externs, and inlines */ diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 8d18f570c2e6..ad02311dcd83 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -65,8 +65,6 @@ #include #include -extern struct kmem_cache *sctp_chunk_cachep; - SCTP_STATIC struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, __u8 type, __u8 flags, int paylen); diff --git a/net/sctp/socket.c b/net/sctp/socket.c index f8bacc898e12..f8de0eb235d9 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -107,8 +107,6 @@ static void sctp_sock_migrate(struct sock *, struct sock *, struct sctp_association *, sctp_socket_type_t); static char *sctp_hmac_alg = SCTP_COOKIE_HMAC_ALG; -extern struct kmem_cache *sctp_bucket_cachep; - /* Get the sndbuf space available at the time on the association. */ static inline int sctp_wspace(struct sctp_association *asoc) { -- cgit v1.2.3 From c86dabcf00f3ca167df59f3526a53b3da3ede2c8 Mon Sep 17 00:00:00 2001 From: "sebastian@breakpoint.cc" Date: Thu, 26 Jul 2007 23:21:33 +0200 Subject: sctp: remove shadowed symbols Fixes the following sparse warnings: net/sctp/sm_make_chunk.c:1457:9: warning: symbol 'len' shadows an earlier one net/sctp/sm_make_chunk.c:1356:23: originally declared here net/sctp/socket.c:1534:22: warning: symbol 'chunk' shadows an earlier one net/sctp/socket.c:1387:20: originally declared here Signed-off-by: Sebastian Siewior Signed-off-by: Vlad Yasevich --- net/sctp/sm_make_chunk.c | 1 - net/sctp/socket.c | 1 - 2 files changed, 2 deletions(-) (limited to 'net') diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index ad02311dcd83..ba76ceca2a4e 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1452,7 +1452,6 @@ no_hmac: do_gettimeofday(&tv); if (!asoc && tv_lt(bear_cookie->expiration, tv)) { - __u16 len; /* * Section 3.3.10.3 Stale Cookie Error (3) * diff --git a/net/sctp/socket.c b/net/sctp/socket.c index f8de0eb235d9..b31be0994572 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1529,7 +1529,6 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, goto out_unlock; } if (sinfo_flags & SCTP_ABORT) { - struct sctp_chunk *chunk; chunk = sctp_make_abort_user(asoc, msg, msg_len); if (!chunk) { -- cgit v1.2.3 From d6f9fdaf643eca8fb49fffdd6269b78f4ef1ef86 Mon Sep 17 00:00:00 2001 From: Sebastian Siewior Date: Fri, 27 Jul 2007 22:55:59 +0200 Subject: sctp: try to fix readlock unlock the reader lock in error case. Signed-off-by: Sebastian Siewior Signed-off-by: Vlad Yasevich --- net/sctp/socket.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'net') diff --git a/net/sctp/socket.c b/net/sctp/socket.c index b31be0994572..be743d4a7c09 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4350,7 +4350,7 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len, space_left, &bytes_copied); if (cnt < 0) { err = cnt; - goto error; + goto error_lock; } goto copy_getaddrs; } @@ -4364,7 +4364,7 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) { err = -ENOMEM; /*fixme: right error?*/ - goto error; + goto error_lock; } memcpy(buf, &temp, addrlen); buf += addrlen; @@ -4378,15 +4378,21 @@ copy_getaddrs: if (copy_to_user(to, addrs, bytes_copied)) { err = -EFAULT; - goto error; + goto out; } if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) { err = -EFAULT; - goto error; + goto out; } if (put_user(bytes_copied, optlen)) err = -EFAULT; -error: + + goto out; + +error_lock: + sctp_read_unlock(addr_lock); + +out: kfree(addrs); return err; } -- cgit v1.2.3 From cc121fa87a0ce356c23fb4d7358310e747cad8cc Mon Sep 17 00:00:00 2001 From: Sebastian Siewior Date: Fri, 27 Jul 2007 22:59:49 +0200 Subject: sctp: fix shadow symbol in net/sctp/tsnmap.c net/sctp/tsnmap.c:164:16: warning: symbol '_end' shadows an earlier one include/asm-generic/sections.h:13:13: originally declared here Renamed renamed _end to end_ and _start (for consistence). Signed-off-by: Sebastian Siewior Signed-off-by: Vlad Yasevich --- net/sctp/tsnmap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'net') diff --git a/net/sctp/tsnmap.c b/net/sctp/tsnmap.c index d3192a1babcc..1ff0daade304 100644 --- a/net/sctp/tsnmap.c +++ b/net/sctp/tsnmap.c @@ -161,7 +161,7 @@ SCTP_STATIC int sctp_tsnmap_next_gap_ack(const struct sctp_tsnmap *map, __u16 *start, __u16 *end) { int started, ended; - __u16 _start, _end, offset; + __u16 start_, end_, offset; /* We haven't found a gap yet. */ started = ended = 0; @@ -175,7 +175,7 @@ SCTP_STATIC int sctp_tsnmap_next_gap_ack(const struct sctp_tsnmap *map, offset = iter->start - map->base_tsn; sctp_tsnmap_find_gap_ack(map->tsn_map, offset, map->len, 0, - &started, &_start, &ended, &_end); + &started, &start_, &ended, &end_); } /* Do we need to check the overflow map? */ @@ -193,8 +193,8 @@ SCTP_STATIC int sctp_tsnmap_next_gap_ack(const struct sctp_tsnmap *map, offset, map->len, map->len, - &started, &_start, - &ended, &_end); + &started, &start_, + &ended, &end_); } /* The Gap Ack Block happens to end at the end of the @@ -202,7 +202,7 @@ SCTP_STATIC int sctp_tsnmap_next_gap_ack(const struct sctp_tsnmap *map, */ if (started && !ended) { ended++; - _end = map->len + map->len - 1; + end_ = map->len + map->len - 1; } /* If we found a Gap Ack Block, return the start and end and @@ -215,8 +215,8 @@ SCTP_STATIC int sctp_tsnmap_next_gap_ack(const struct sctp_tsnmap *map, int gap = map->cumulative_tsn_ack_point - map->base_tsn; - *start = _start - gap; - *end = _end - gap; + *start = start_ - gap; + *end = end_ - gap; /* Move the iterator forward. */ iter->start = map->cumulative_tsn_ack_point + *end + 1; -- cgit v1.2.3 From b225b884a18a1932db5414abd3ef94a45e4e348e Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Wed, 25 Jul 2007 19:49:29 -0400 Subject: SCTP: IPv4 mapped addr not returned in SCTPv6 accept() An accept() call on a SCTPv6 socket that returns due to connection of a IPv4 mapped peer will fill out the 'struct sockaddr' with a zero IPv6 address instead of the IPv4 mapped address of the peer. This is due to the v4mapped flag not getting copied into the new socket on accept() as well as a missing check for INET6 socket type in sctp_v4_to_sk_*addr(). Signed-off-by: Dave Johnson Cc: Srinivas Akkipeddi Signed-off-by: Vlad Yasevich --- net/sctp/ipv6.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'net') diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 2c29394fd92e..f8aa23dda1c1 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -641,6 +641,8 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk, newsctp6sk = (struct sctp6_sock *)newsk; inet_sk(newsk)->pinet6 = &newsctp6sk->inet6; + sctp_sk(newsk)->v4mapped = sctp_sk(sk)->v4mapped; + newinet = inet_sk(newsk); newnp = inet6_sk(newsk); -- cgit v1.2.3 From e4d1feab5df035312494ce3037ac5f041d0f5fc9 Mon Sep 17 00:00:00 2001 From: Vlad Yasevich Date: Wed, 1 Aug 2007 10:56:43 -0400 Subject: SCTP: IPv4 mapped addr not returned in SCTPv6 accept() When issuing a connect call on an AF_INET6 sctp socket with a IPv4-mapped destination, the peer address that is returned by getpeeraddr() should be v4-mapped as well. Signed-off-by: Vlad Yasevich --- net/sctp/socket.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'net') diff --git a/net/sctp/socket.c b/net/sctp/socket.c index be743d4a7c09..01c6364245b7 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -975,7 +975,7 @@ static int __sctp_connect(struct sock* sk, int err = 0; int addrcnt = 0; int walk_size = 0; - union sctp_addr *sa_addr; + union sctp_addr *sa_addr = NULL; void *addr_buf; unsigned short port; unsigned int f_flags = 0; @@ -1009,7 +1009,10 @@ static int __sctp_connect(struct sock* sk, goto out_free; } - err = sctp_verify_addr(sk, sa_addr, af->sockaddr_len); + /* Save current address so we can work with it */ + memcpy(&to, sa_addr, af->sockaddr_len); + + err = sctp_verify_addr(sk, &to, af->sockaddr_len); if (err) goto out_free; @@ -1019,12 +1022,11 @@ static int __sctp_connect(struct sock* sk, if (asoc && asoc->peer.port && asoc->peer.port != port) goto out_free; - memcpy(&to, sa_addr, af->sockaddr_len); /* Check if there already is a matching association on the * endpoint (other than the one created here). */ - asoc2 = sctp_endpoint_lookup_assoc(ep, sa_addr, &transport); + asoc2 = sctp_endpoint_lookup_assoc(ep, &to, &transport); if (asoc2 && asoc2 != asoc) { if (asoc2->state >= SCTP_STATE_ESTABLISHED) err = -EISCONN; @@ -1037,7 +1039,7 @@ static int __sctp_connect(struct sock* sk, * make sure that there is no peeled-off association matching * the peer address even on another socket. */ - if (sctp_endpoint_is_peeled_off(ep, sa_addr)) { + if (sctp_endpoint_is_peeled_off(ep, &to)) { err = -EADDRNOTAVAIL; goto out_free; } @@ -1068,7 +1070,7 @@ static int __sctp_connect(struct sock* sk, } } - scope = sctp_scope(sa_addr); + scope = sctp_scope(&to); asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL); if (!asoc) { err = -ENOMEM; @@ -1077,7 +1079,7 @@ static int __sctp_connect(struct sock* sk, } /* Prime the peer's transport structures. */ - transport = sctp_assoc_add_peer(asoc, sa_addr, GFP_KERNEL, + transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN); if (!transport) { err = -ENOMEM; @@ -1101,8 +1103,8 @@ static int __sctp_connect(struct sock* sk, /* Initialize sk's dport and daddr for getpeername() */ inet_sk(sk)->dport = htons(asoc->peer.port); - af = sctp_get_af_specific(to.sa.sa_family); - af->to_sk_daddr(&to, sk); + af = sctp_get_af_specific(sa_addr->sa.sa_family); + af->to_sk_daddr(sa_addr, sk); sk->sk_err = 0; /* in-kernel sockets don't generally have a file allocated to them -- cgit v1.2.3 From aecedeab6fcf914929cd8ff6fa0b8ae9bfdf3d30 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Thu, 2 Aug 2007 16:57:44 +0800 Subject: SCTP: drop SACK if ctsn is not less than the next tsn of assoc We need to drop the SACK if the peer is attempting to acknowledge unset data, i.e. the CTSN in the SACK is greater or equal to the next TSN we will send. Example: Endpoint A Endpoint B <--------------- DATA (TSN=1) SACK(TSN=1) ---------------> <--------------- DATA (TSN=2) <--------------- DATA (TSN=3) <--------------- DATA (TSN=4) <--------------- DATA (TSN=5) SACK(TSN=1000) ---------------> <--------------- DATA (TSN=6) <--------------- DATA (TSN=7) Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich --- net/sctp/sm_statefuns.c | 103 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 78 insertions(+), 25 deletions(-) (limited to 'net') diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index fd2dfdd7d7fd..71cad56dd73f 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -97,6 +97,13 @@ static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands, const struct sctp_association *asoc, struct sctp_transport *transport); +static sctp_disposition_t sctp_sf_abort_violation( + const struct sctp_association *asoc, + void *arg, + sctp_cmd_seq_t *commands, + const __u8 *payload, + const size_t paylen); + static sctp_disposition_t sctp_sf_violation_chunklen( const struct sctp_endpoint *ep, const struct sctp_association *asoc, @@ -104,6 +111,13 @@ static sctp_disposition_t sctp_sf_violation_chunklen( void *arg, sctp_cmd_seq_t *commands); +static sctp_disposition_t sctp_sf_violation_ctsn( + const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const sctp_subtype_t type, + void *arg, + sctp_cmd_seq_t *commands); + /* Small helper function that checks if the chunk length * is of the appropriate length. The 'required_length' argument * is set to be the size of a specific chunk we are testing. @@ -2880,6 +2894,13 @@ sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep, return SCTP_DISPOSITION_DISCARD; } + /* If Cumulative TSN Ack beyond the max tsn currently + * send, terminating the association and respond to the + * sender with an ABORT. + */ + if (!TSN_lt(ctsn, asoc->next_tsn)) + return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands); + /* Return this SACK for further processing. */ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh)); @@ -3691,40 +3712,21 @@ sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep, return SCTP_DISPOSITION_VIOLATION; } - /* - * Handle a protocol violation when the chunk length is invalid. - * "Invalid" length is identified as smaller then the minimal length a - * given chunk can be. For example, a SACK chunk has invalid length - * if it's length is set to be smaller then the size of sctp_sack_chunk_t. - * - * We inform the other end by sending an ABORT with a Protocol Violation - * error code. - * - * Section: Not specified - * Verification Tag: Nothing to do - * Inputs - * (endpoint, asoc, chunk) - * - * Outputs - * (reply_msg, msg_up, counters) - * - * Generate an ABORT chunk and terminate the association. + * Common function to handle a protocol violation. */ -static sctp_disposition_t sctp_sf_violation_chunklen( - const struct sctp_endpoint *ep, +static sctp_disposition_t sctp_sf_abort_violation( const struct sctp_association *asoc, - const sctp_subtype_t type, void *arg, - sctp_cmd_seq_t *commands) + sctp_cmd_seq_t *commands, + const __u8 *payload, + const size_t paylen) { struct sctp_chunk *chunk = arg; struct sctp_chunk *abort = NULL; - char err_str[]="The following chunk had invalid length:"; /* Make the abort chunk. */ - abort = sctp_make_abort_violation(asoc, chunk, err_str, - sizeof(err_str)); + abort = sctp_make_abort_violation(asoc, chunk, payload, paylen); if (!abort) goto nomem; @@ -3756,6 +3758,57 @@ nomem: return SCTP_DISPOSITION_NOMEM; } +/* + * Handle a protocol violation when the chunk length is invalid. + * "Invalid" length is identified as smaller then the minimal length a + * given chunk can be. For example, a SACK chunk has invalid length + * if it's length is set to be smaller then the size of sctp_sack_chunk_t. + * + * We inform the other end by sending an ABORT with a Protocol Violation + * error code. + * + * Section: Not specified + * Verification Tag: Nothing to do + * Inputs + * (endpoint, asoc, chunk) + * + * Outputs + * (reply_msg, msg_up, counters) + * + * Generate an ABORT chunk and terminate the association. + */ +static sctp_disposition_t sctp_sf_violation_chunklen( + const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const sctp_subtype_t type, + void *arg, + sctp_cmd_seq_t *commands) +{ + char err_str[]="The following chunk had invalid length:"; + + return sctp_sf_abort_violation(asoc, arg, commands, err_str, + sizeof(err_str)); +} + +/* Handle a protocol violation when the peer trying to advance the + * cumulative tsn ack to a point beyond the max tsn currently sent. + * + * We inform the other end by sending an ABORT with a Protocol Violation + * error code. + */ +static sctp_disposition_t sctp_sf_violation_ctsn( + const struct sctp_endpoint *ep, + const struct sctp_association *asoc, + const sctp_subtype_t type, + void *arg, + sctp_cmd_seq_t *commands) +{ + char err_str[]="The cumulative tsn ack beyond the max tsn currently sent:"; + + return sctp_sf_abort_violation(asoc, arg, commands, err_str, + sizeof(err_str)); +} + /*************************************************************************** * These are the state functions for handling primitive (Section 10) events. ***************************************************************************/ -- cgit v1.2.3 From 5f8f1c3c87e44f1bd0180cf19d0e7c83d062b4dc Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Thu, 2 Aug 2007 17:02:29 +0800 Subject: SCTP: remove useless code in function sctp_init_cause Some code in function sctp_init_cause() seem useless, this patch remove them. Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich --- net/sctp/sm_make_chunk.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'net') diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index ba76ceca2a4e..51c4d7fef1d2 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -113,15 +113,12 @@ void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, const void *payload, size_t paylen) { sctp_errhdr_t err; - int padlen; __u16 len; /* Cause code constants are now defined in network order. */ err.cause = cause_code; len = sizeof(sctp_errhdr_t) + paylen; - padlen = len % 4; err.length = htons(len); - len += padlen; chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); sctp_addto_chunk(chunk, paylen, payload); } -- cgit v1.2.3 From 2f0812350e0e34f583919470b0517c2e368ee048 Mon Sep 17 00:00:00 2001 From: Michal Piotrowski Date: Wed, 1 Aug 2007 21:50:44 -0700 Subject: [NET]: Removal of duplicated include net/wanrouter/wanmain.c Signed-off-by: Michal Piotrowski Signed-off-by: David S. Miller --- net/wanrouter/wanmain.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/wanrouter/wanmain.c b/net/wanrouter/wanmain.c index 849cc06bd914..9ab31a3ce3ad 100644 --- a/net/wanrouter/wanmain.c +++ b/net/wanrouter/wanmain.c @@ -46,7 +46,6 @@ #include #include /* return codes */ #include -#include #include /* support for loadable modules */ #include /* kmalloc(), kfree() */ #include -- cgit v1.2.3 From 9f0d1a004d8d8c33d337d2b1cc9f0dc941cab627 Mon Sep 17 00:00:00 2001 From: Mariusz Kozlowski Date: Wed, 1 Aug 2007 21:52:34 -0700 Subject: [NETFILTER] nf_conntrack_expect.c: kmalloc + memset conversion to kzalloc Signed-off-by: Mariusz Kozlowski Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_expect.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index eb6695dcd73b..3ac64e25f10c 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -477,15 +477,14 @@ static int exp_open(struct inode *inode, struct file *file) struct ct_expect_iter_state *st; int ret; - st = kmalloc(sizeof(struct ct_expect_iter_state), GFP_KERNEL); - if (st == NULL) + st = kzalloc(sizeof(struct ct_expect_iter_state), GFP_KERNEL); + if (!st) return -ENOMEM; ret = seq_open(file, &exp_seq_ops); if (ret) goto out_free; seq = file->private_data; seq->private = st; - memset(st, 0, sizeof(struct ct_expect_iter_state)); return ret; out_free: kfree(st); -- cgit v1.2.3 From 8adc5465525f28be1f728b6fa600d327e1d49f55 Mon Sep 17 00:00:00 2001 From: Mariusz Kozlowski Date: Wed, 1 Aug 2007 21:53:24 -0700 Subject: [NETFILTER] nf_conntrack_l3proto_ipv4_compat.c: kmalloc + memset conversion to kzalloc Signed-off-by: Mariusz Kozlowski Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 27c7918e442a..b3dd5de9a258 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c @@ -294,15 +294,14 @@ static int exp_open(struct inode *inode, struct file *file) struct ct_expect_iter_state *st; int ret; - st = kmalloc(sizeof(struct ct_expect_iter_state), GFP_KERNEL); - if (st == NULL) + st = kzalloc(sizeof(struct ct_expect_iter_state), GFP_KERNEL); + if (!st) return -ENOMEM; ret = seq_open(file, &exp_seq_ops); if (ret) goto out_free; seq = file->private_data; seq->private = st; - memset(st, 0, sizeof(struct ct_expect_iter_state)); return ret; out_free: kfree(st); -- cgit v1.2.3 From 4487b2f657a4d204c35a7afaa45fc8569c9069ca Mon Sep 17 00:00:00 2001 From: Mariusz Kozlowski Date: Wed, 1 Aug 2007 21:53:57 -0700 Subject: [IPV4] raw.c: kmalloc + memset conversion to kzalloc Signed-off-by: Mariusz Kozlowski Signed-off-by: David S. Miller --- net/ipv4/raw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 24d7c9f31918..c6d71526f625 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -900,8 +900,9 @@ static int raw_seq_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; - struct raw_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL); + struct raw_iter_state *s; + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; rc = seq_open(file, &raw_seq_ops); @@ -910,7 +911,6 @@ static int raw_seq_open(struct inode *inode, struct file *file) seq = file->private_data; seq->private = s; - memset(s, 0, sizeof(*s)); out: return rc; out_kfree: -- cgit v1.2.3 From 1bcabbdb0bdfe8b15b05150a7857646430aaa7f8 Mon Sep 17 00:00:00 2001 From: Mariusz Kozlowski Date: Wed, 1 Aug 2007 21:54:27 -0700 Subject: [IPV4] route.c: mostly kmalloc + memset conversion to k[cz]alloc Signed-off-by: Mariusz Kozlowski Signed-off-by: David S. Miller --- net/ipv4/route.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/ipv4/route.c b/net/ipv4/route.c index df42b7fb3268..c7ca94bd152c 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -374,8 +374,9 @@ static int rt_cache_seq_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; - struct rt_cache_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL); + struct rt_cache_iter_state *s; + s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; rc = seq_open(file, &rt_cache_seq_ops); @@ -383,7 +384,6 @@ static int rt_cache_seq_open(struct inode *inode, struct file *file) goto out_kfree; seq = file->private_data; seq->private = s; - memset(s, 0, sizeof(*s)); out: return rc; out_kfree: -- cgit v1.2.3 From 3516ffb0fef710749daf288c0fe146503e0cf9d4 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 2 Aug 2007 19:23:56 -0700 Subject: [TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg(). As discovered by Evegniy Polyakov, if we try to sendmsg after a connection reset, we can do incredibly stupid things. The core issue is that inet_sendmsg() tries to autobind the socket, but we should never do that for TCP. Instead we should just go straight into TCP's sendmsg() code which will do all of the necessary state and pending socket error checks. TCP's sendpage already directly vectors to tcp_sendpage(), so this merely brings sendmsg() in line with that. Signed-off-by: David S. Miller --- include/net/tcp.h | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/tcp.c | 3 ++- net/ipv4/tcp_ipv4.c | 1 - net/ipv6/af_inet6.c | 2 +- net/ipv6/tcp_ipv6.c | 1 - 6 files changed, 5 insertions(+), 6 deletions(-) (limited to 'net') diff --git a/include/net/tcp.h b/include/net/tcp.h index c209361ab74a..185c7ecce4cc 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -281,7 +281,7 @@ extern int tcp_v4_remember_stamp(struct sock *sk); extern int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw); -extern int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, +extern int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size); extern ssize_t tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags); diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 06c08e5740fb..e68103475cca 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops = { .shutdown = inet_shutdown, .setsockopt = sock_common_setsockopt, .getsockopt = sock_common_getsockopt, - .sendmsg = inet_sendmsg, + .sendmsg = tcp_sendmsg, .recvmsg = sock_common_recvmsg, .mmap = sock_no_mmap, .sendpage = tcp_sendpage, diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index da4c0b6ab79a..7e740112b238 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -658,9 +658,10 @@ static inline int select_size(struct sock *sk) return tmp; } -int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size) { + struct sock *sk = sock->sk; struct iovec *iov; struct tcp_sock *tp = tcp_sk(sk); struct sk_buff *skb; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 3f5f7423b95c..9c94627c8c7e 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -2425,7 +2425,6 @@ struct proto tcp_prot = { .shutdown = tcp_shutdown, .setsockopt = tcp_setsockopt, .getsockopt = tcp_getsockopt, - .sendmsg = tcp_sendmsg, .recvmsg = tcp_recvmsg, .backlog_rcv = tcp_v4_do_rcv, .hash = tcp_v4_hash, diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index eed09373a45d..b5f96372ad73 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -484,7 +484,7 @@ const struct proto_ops inet6_stream_ops = { .shutdown = inet_shutdown, /* ok */ .setsockopt = sock_common_setsockopt, /* ok */ .getsockopt = sock_common_getsockopt, /* ok */ - .sendmsg = inet_sendmsg, /* ok */ + .sendmsg = tcp_sendmsg, /* ok */ .recvmsg = sock_common_recvmsg, /* ok */ .mmap = sock_no_mmap, .sendpage = tcp_sendpage, diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index f10f3689d671..cbdb78487915 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -2115,7 +2115,6 @@ struct proto tcpv6_prot = { .shutdown = tcp_shutdown, .setsockopt = tcp_setsockopt, .getsockopt = tcp_getsockopt, - .sendmsg = tcp_sendmsg, .recvmsg = tcp_recvmsg, .backlog_rcv = tcp_v6_do_rcv, .hash = tcp_v6_hash, -- cgit v1.2.3 From 4a4b6271a8df417e328aed4c8a7e04e0b282207e Mon Sep 17 00:00:00 2001 From: Joy Latten Date: Thu, 2 Aug 2007 19:25:43 -0700 Subject: [PF_KEY]: Fix ipsec not working in 2.6.23-rc1-git10 Although an ipsec SA was established, kernel couldn't seem to find it. I think since we are now using "x->sel.family" instead of "family" in the xfrm_selector_match() called in xfrm_state_find(), af_key needs to set this field too, just as xfrm_user. In af_key.c, x->sel.family only gets set when there's an ext_hdrs[SADB_EXT_ADDRESS_PROXY-1] which I think is for tunnel. I think pfkey needs to also set the x->sel.family field when it is 0. Tested with below patch, and ipsec worked when using pfkey. Signed-off-by: David S. Miller --- net/key/af_key.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net') diff --git a/net/key/af_key.c b/net/key/af_key.c index 7b0a95abe934..5502df115a63 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1206,6 +1206,9 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr, x->sel.prefixlen_s = addr->sadb_address_prefixlen; } + if (!x->sel.family) + x->sel.family = x->props.family; + if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { struct sadb_x_nat_t_type* n_type; struct xfrm_encap_tmpl *natt; -- cgit v1.2.3 From 248bbf38215fd5ce45a31c65c5e5511d9b611e5a Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 2 Aug 2007 19:26:23 -0700 Subject: [TIPC]: Make function tipc_nameseq_subscribe static. make needlessly global function tipc_nameseq_subscribe static. Signed-off-by: Florian Westphal Signed-off-by: David S. Miller --- net/tipc/name_table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/tipc/name_table.c b/net/tipc/name_table.c index d8473eefcd23..ac7dfdda7973 100644 --- a/net/tipc/name_table.c +++ b/net/tipc/name_table.c @@ -501,7 +501,7 @@ end_node: * sequence overlapping with the requested sequence */ -void tipc_nameseq_subscribe(struct name_seq *nseq, struct subscription *s) +static void tipc_nameseq_subscribe(struct name_seq *nseq, struct subscription *s) { struct sub_seq *sseq = nseq->sseqs; -- cgit v1.2.3 From d788d8056fd913defa48bd94f18dc53de98cd7a6 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 2 Aug 2007 19:28:06 -0700 Subject: [TIPC]: Fix two minor sparse warnings. fix two warnings generated by sparse: link.c:2386 symbol 'msgcount' shadows an earlier one node.c:244 symbol 'addr_string' shadows an earlier one Signed-off-by: Florian Westphal Signed-off-by: David S. Miller --- net/tipc/link.c | 2 +- net/tipc/node.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) (limited to 'net') diff --git a/net/tipc/link.c b/net/tipc/link.c index 1d674e0848fa..1b17fecee747 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -2383,10 +2383,10 @@ void tipc_link_changeover(struct link *l_ptr) struct tipc_msg *msg = buf_msg(crs); if ((msg_user(msg) == MSG_BUNDLER) && split_bundles) { - u32 msgcount = msg_msgcnt(msg); struct tipc_msg *m = msg_get_wrapped(msg); unchar* pos = (unchar*)m; + msgcount = msg_msgcnt(msg); while (msgcount--) { msg_set_seqno(m,msg_seqno(msg)); tipc_link_tunnel(l_ptr, &tunnel_hdr, m, diff --git a/net/tipc/node.c b/net/tipc/node.c index e2e452a62ba1..598f4d3a0098 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -241,8 +241,6 @@ struct node *tipc_node_attach_link(struct link *l_ptr) char addr_string[16]; if (n_ptr->link_cnt >= 2) { - char addr_string[16]; - err("Attempt to create third link to %s\n", addr_string_fill(addr_string, n_ptr->addr)); return NULL; -- cgit v1.2.3 From 2e6052941ae1f2f875d7d9092acb8836af1e0193 Mon Sep 17 00:00:00 2001 From: Ilpo Järvinen Date: Thu, 2 Aug 2007 19:46:58 -0700 Subject: [TCP]: Also handle snd_una changes in tcp_cwnd_down MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tcp_cwnd_down must check for it too as it should be conservative in case of collapse stuff and also when receiver is trying to lie (though that wouldn't be very successful/useful anyway). Note: - Separated also is_dupack and do_lost in fast_retransalert * Much cleaner look-and-feel now * This time it really fixes cumulative ACK with many new SACK blocks recovery entry (I claimed this fixes with last patch but it wasn't). TCP will now call tcp_update_scoreboard regardless of is_dupack when in recovery as long as there is enough fackets_out. - Introduce FLAG_SND_UNA_ADVANCED * Some prior_snd_una arguments are unnecessary after it - Added helper FLAG_ANY_PROGRESS to avoid long FLAG...|FLAG... constructs Signed-off-by: Ilpo Järvinen Signed-off-by: David S. Miller --- net/ipv4/tcp_input.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'net') diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 378ca8a086a3..c3124e6de1d3 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -102,11 +102,13 @@ int sysctl_tcp_abc __read_mostly; #define FLAG_DATA_LOST 0x80 /* SACK detected data lossage. */ #define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/ #define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */ +#define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */ #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) #define FLAG_CA_ALERT (FLAG_DATA_SACKED|FLAG_ECE) #define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED) +#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED) #define IsReno(tp) ((tp)->rx_opt.sack_ok == 0) #define IsFack(tp) ((tp)->rx_opt.sack_ok & 2) @@ -1856,7 +1858,7 @@ static void tcp_cwnd_down(struct sock *sk, int flag) struct tcp_sock *tp = tcp_sk(sk); int decr = tp->snd_cwnd_cnt + 1; - if ((flag&FLAG_FORWARD_PROGRESS) || + if ((flag&FLAG_ANY_PROGRESS) || (IsReno(tp) && !(flag&FLAG_NOT_DUP))) { tp->snd_cwnd_cnt = decr&1; decr >>= 1; @@ -2107,15 +2109,13 @@ static void tcp_mtup_probe_success(struct sock *sk, struct sk_buff *skb) * tcp_xmit_retransmit_queue(). */ static void -tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una, - int prior_packets, int flag) +tcp_fastretrans_alert(struct sock *sk, int prior_packets, int flag) { struct inet_connection_sock *icsk = inet_csk(sk); struct tcp_sock *tp = tcp_sk(sk); - int is_dupack = (tp->snd_una == prior_snd_una && - (!(flag&FLAG_NOT_DUP) || - ((flag&FLAG_DATA_SACKED) && - (tp->fackets_out > tp->reordering)))); + int is_dupack = !(flag&(FLAG_SND_UNA_ADVANCED|FLAG_NOT_DUP)); + int do_lost = is_dupack || ((flag&FLAG_DATA_SACKED) && + (tp->fackets_out > tp->reordering)); /* Some technical things: * 1. Reno does not count dupacks (sacked_out) automatically. */ @@ -2192,14 +2192,14 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una, /* F. Process state. */ switch (icsk->icsk_ca_state) { case TCP_CA_Recovery: - if (prior_snd_una == tp->snd_una) { + if (!(flag & FLAG_SND_UNA_ADVANCED)) { if (IsReno(tp) && is_dupack) tcp_add_reno_sack(sk); } else { int acked = prior_packets - tp->packets_out; if (IsReno(tp)) tcp_remove_reno_sacks(sk, acked); - is_dupack = tcp_try_undo_partial(sk, acked); + do_lost = tcp_try_undo_partial(sk, acked); } break; case TCP_CA_Loss: @@ -2215,7 +2215,7 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una, /* Loss is undone; fall through to processing in Open state. */ default: if (IsReno(tp)) { - if (tp->snd_una != prior_snd_una) + if (flag & FLAG_SND_UNA_ADVANCED) tcp_reset_reno_sack(tp); if (is_dupack) tcp_add_reno_sack(sk); @@ -2264,7 +2264,7 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una, tcp_set_ca_state(sk, TCP_CA_Recovery); } - if (is_dupack || tcp_head_timedout(sk)) + if (do_lost || tcp_head_timedout(sk)) tcp_update_scoreboard(sk); tcp_cwnd_down(sk, flag); tcp_xmit_retransmit_queue(sk); @@ -2684,7 +2684,7 @@ static void tcp_undo_spur_to_response(struct sock *sk, int flag) * to prove that the RTO is indeed spurious. It transfers the control * from F-RTO to the conventional RTO recovery */ -static int tcp_process_frto(struct sock *sk, u32 prior_snd_una, int flag) +static int tcp_process_frto(struct sock *sk, int flag) { struct tcp_sock *tp = tcp_sk(sk); @@ -2704,8 +2704,7 @@ static int tcp_process_frto(struct sock *sk, u32 prior_snd_una, int flag) * ACK isn't duplicate nor advances window, e.g., opposite dir * data, winupdate */ - if ((tp->snd_una == prior_snd_una) && (flag&FLAG_NOT_DUP) && - !(flag&FLAG_FORWARD_PROGRESS)) + if (!(flag&FLAG_ANY_PROGRESS) && (flag&FLAG_NOT_DUP)) return 1; if (!(flag&FLAG_DATA_ACKED)) { @@ -2785,6 +2784,9 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag) if (before(ack, prior_snd_una)) goto old_ack; + if (after(ack, prior_snd_una)) + flag |= FLAG_SND_UNA_ADVANCED; + if (sysctl_tcp_abc) { if (icsk->icsk_ca_state < TCP_CA_CWR) tp->bytes_acked += ack - prior_snd_una; @@ -2837,14 +2839,14 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag) flag |= tcp_clean_rtx_queue(sk, &seq_rtt); if (tp->frto_counter) - frto_cwnd = tcp_process_frto(sk, prior_snd_una, flag); + frto_cwnd = tcp_process_frto(sk, flag); if (tcp_ack_is_dubious(sk, flag)) { /* Advance CWND, if state allows this. */ if ((flag & FLAG_DATA_ACKED) && !frto_cwnd && tcp_may_raise_cwnd(sk, flag)) tcp_cong_avoid(sk, ack, prior_in_flight, 0); - tcp_fastretrans_alert(sk, prior_snd_una, prior_packets, flag); + tcp_fastretrans_alert(sk, prior_packets, flag); } else { if ((flag & FLAG_DATA_ACKED) && !frto_cwnd) tcp_cong_avoid(sk, ack, prior_in_flight, 1); -- cgit v1.2.3 From 49ff4bb4cd4c04acf8f9e3d3ec2148305a1db445 Mon Sep 17 00:00:00 2001 From: Ilpo Järvinen Date: Thu, 2 Aug 2007 19:47:59 -0700 Subject: [TCP]: DSACK signals data receival, be conservative MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In case a DSACK is received, it's better to lower cwnd as it's a sign of data receival. Signed-off-by: Ilpo Järvinen Signed-off-by: David S. Miller --- net/ipv4/tcp_input.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index c3124e6de1d3..f030435e0eb4 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -103,6 +103,7 @@ int sysctl_tcp_abc __read_mostly; #define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/ #define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */ #define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */ +#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained DSACK info */ #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) @@ -966,12 +967,14 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_ /* Check for D-SACK. */ if (before(ntohl(sp[0].start_seq), TCP_SKB_CB(ack_skb)->ack_seq)) { + flag |= FLAG_DSACKING_ACK; found_dup_sack = 1; tp->rx_opt.sack_ok |= 4; NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV); } else if (num_sacks > 1 && !after(ntohl(sp[0].end_seq), ntohl(sp[1].end_seq)) && !before(ntohl(sp[0].start_seq), ntohl(sp[1].start_seq))) { + flag |= FLAG_DSACKING_ACK; found_dup_sack = 1; tp->rx_opt.sack_ok |= 4; NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV); @@ -1858,7 +1861,7 @@ static void tcp_cwnd_down(struct sock *sk, int flag) struct tcp_sock *tp = tcp_sk(sk); int decr = tp->snd_cwnd_cnt + 1; - if ((flag&FLAG_ANY_PROGRESS) || + if ((flag&(FLAG_ANY_PROGRESS|FLAG_DSACKING_ACK)) || (IsReno(tp) && !(flag&FLAG_NOT_DUP))) { tp->snd_cwnd_cnt = decr&1; decr >>= 1; -- cgit v1.2.3 From fdc8f43b5e49b64b251bb48da95193a13ac0132f Mon Sep 17 00:00:00 2001 From: Michael Buesch Date: Tue, 31 Jul 2007 20:41:04 +0200 Subject: [PATCH] softmac: Fix deadlock of wx_set_essid with assoc work The essid wireless extension does deadlock against the assoc mutex, as we don't unlock the assoc mutex when flushing the workqueue, which also holds the lock. Signed-off-by: Michael Buesch Signed-off-by: John W. Linville --- net/ieee80211/softmac/ieee80211softmac_wx.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c index f13937bf9e8c..d054e9224b3e 100644 --- a/net/ieee80211/softmac/ieee80211softmac_wx.c +++ b/net/ieee80211/softmac/ieee80211softmac_wx.c @@ -74,8 +74,8 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev, struct ieee80211softmac_auth_queue_item *authptr; int length = 0; +check_assoc_again: mutex_lock(&sm->associnfo.mutex); - /* Check if we're already associating to this or another network * If it's another network, cancel and start over with our new network * If it's our network, ignore the change, we're already doing it! @@ -98,13 +98,18 @@ ieee80211softmac_wx_set_essid(struct net_device *net_dev, cancel_delayed_work(&authptr->work); sm->associnfo.bssvalid = 0; sm->associnfo.bssfixed = 0; - flush_scheduled_work(); sm->associnfo.associating = 0; sm->associnfo.associated = 0; + /* We must unlock to avoid deadlocks with the assoc workqueue + * on the associnfo.mutex */ + mutex_unlock(&sm->associnfo.mutex); + flush_scheduled_work(); + /* Avoid race! Check assoc status again. Maybe someone started an + * association while we flushed. */ + goto check_assoc_again; } } - sm->associnfo.static_essid = 0; sm->associnfo.assoc_wait = 0; -- cgit v1.2.3 From 0e7088de6ce5a64d9bb7b11eba4ee98ca5b654e8 Mon Sep 17 00:00:00 2001 From: Daniel Drake Date: Fri, 27 Jul 2007 15:43:21 +0200 Subject: [PATCH] mac80211: missing dev_put in ieee80211_master_start_xmit Fixes an unlikely reference leak condition. Signed-off-by: Daniel Drake Signed-off-by: Jiri Benc Signed-off-by: John W. Linville --- net/mac80211/ieee80211.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net') diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index c944b17d0fc0..8ec5ed192b5d 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -1650,6 +1650,7 @@ static int ieee80211_master_start_xmit(struct sk_buff *skb, if (skb_headroom(skb) < headroom) { if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) { dev_kfree_skb(skb); + dev_put(odev); return 0; } } -- cgit v1.2.3 From 21887b2f1826876f78a2d8e8e89f52993e7d76db Mon Sep 17 00:00:00 2001 From: Zhu Yi Date: Fri, 27 Jul 2007 15:43:23 +0200 Subject: [PATCH] mac80211: use do { } while (0) for multi-line macros Use do { } while (0) for multi-line macros Signed-off-by: Zhu Yi Signed-off-by: Jiri Benc Signed-off-by: John W. Linville --- net/mac80211/debugfs_netdev.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c index 799a9208c4b4..095be91829ca 100644 --- a/net/mac80211/debugfs_netdev.c +++ b/net/mac80211/debugfs_netdev.c @@ -271,9 +271,11 @@ static void add_files(struct ieee80211_sub_if_data *sdata) } } -#define DEBUGFS_DEL(name, type)\ - debugfs_remove(sdata->debugfs.type.name);\ - sdata->debugfs.type.name = NULL; +#define DEBUGFS_DEL(name, type) \ + do { \ + debugfs_remove(sdata->debugfs.type.name); \ + sdata->debugfs.type.name = NULL; \ + } while (0) static void del_sta_files(struct ieee80211_sub_if_data *sdata) { -- cgit v1.2.3 From ba9b07d08b7e512535c6fcfcc2cf470f3dd58b8d Mon Sep 17 00:00:00 2001 From: Zhu Yi Date: Fri, 27 Jul 2007 15:43:23 +0200 Subject: [PATCH] mac80211: Fix sparse error for sta_last_seq_ctrl_read Fix sparse error for sta_last_seq_ctrl_read. Signed-off-by: Zhu Yi Signed-off-by: Jiri Benc Signed-off-by: John W. Linville --- net/mac80211/debugfs_sta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c index d41e696f3980..da34ea70276f 100644 --- a/net/mac80211/debugfs_sta.c +++ b/net/mac80211/debugfs_sta.c @@ -157,7 +157,7 @@ static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf, struct sta_info *sta = file->private_data; for (i = 0; i < NUM_RX_DATA_QUEUES; i++) p += scnprintf(p, sizeof(buf)+buf-p, "%x ", - sta->last_seq_ctrl[i]); + le16_to_cpu(sta->last_seq_ctrl[i])); p += scnprintf(p, sizeof(buf)+buf-p, "\n"); return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf); } -- cgit v1.2.3 From f27b62d3e7ecca42a75f1c5d3cc225539301ba6d Mon Sep 17 00:00:00 2001 From: Daniel Drake Date: Fri, 27 Jul 2007 15:43:24 +0200 Subject: [PATCH] mac80211: don't allow scanning in monitor mode zd1211rw gets confused when the user asks for a scan when the device is in monitor mode. This patch tightens up the SIWSCAN handler to deny the scan under these conditions. Signed-off-by: Daniel Drake Signed-off-by: Jiri Benc Signed-off-by: John W. Linville --- net/mac80211/ieee80211_ioctl.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'net') diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c index d0e1ab5589db..e7904db55325 100644 --- a/net/mac80211/ieee80211_ioctl.c +++ b/net/mac80211/ieee80211_ioctl.c @@ -697,17 +697,24 @@ static int ieee80211_ioctl_siwscan(struct net_device *dev, if (!netif_running(dev)) return -ENETDOWN; - if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) { - if (sdata->type == IEEE80211_IF_TYPE_STA || - sdata->type == IEEE80211_IF_TYPE_IBSS) { + switch (sdata->type) { + case IEEE80211_IF_TYPE_STA: + case IEEE80211_IF_TYPE_IBSS: + if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) { ssid = sdata->u.sta.ssid; ssid_len = sdata->u.sta.ssid_len; - } else if (sdata->type == IEEE80211_IF_TYPE_AP) { + } + break; + case IEEE80211_IF_TYPE_AP: + if (local->scan_flags & IEEE80211_SCAN_MATCH_SSID) { ssid = sdata->u.ap.ssid; ssid_len = sdata->u.ap.ssid_len; - } else - return -EINVAL; + } + break; + default: + return -EOPNOTSUPP; } + return ieee80211_sta_req_scan(dev, ssid, ssid_len); } -- cgit v1.2.3 From b247bbf1da69ce376aa1ceb8057331214589e366 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Thu, 19 Jul 2007 16:32:20 -0400 Subject: SUNRPC: Fix a race in rpciod_down() The commit 4ada539ed77c7a2bbcb75cafbbd7bd8d2b9bef7b lead to the unpleasant possibility of an asynchronous rpc_task being required to call rpciod_down() when it is complete. This again means that the rpciod workqueue may get to call destroy_workqueue on itself -> hang... Change rpciod_up/rpciod_down to just get/put the module, and then create/destroy the workqueues on module load/unload. Signed-off-by: Trond Myklebust --- net/sunrpc/sched.c | 57 ++++++++++++++++++++++-------------------------------- 1 file changed, 23 insertions(+), 34 deletions(-) (limited to 'net') diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c index b5723c262a3e..954d7ec86c7e 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -50,8 +50,6 @@ static RPC_WAITQ(delay_queue, "delayq"); /* * rpciod-related stuff */ -static DEFINE_MUTEX(rpciod_mutex); -static atomic_t rpciod_users = ATOMIC_INIT(0); struct workqueue_struct *rpciod_workqueue; /* @@ -961,60 +959,49 @@ void rpc_killall_tasks(struct rpc_clnt *clnt) spin_unlock(&clnt->cl_lock); } +int rpciod_up(void) +{ + return try_module_get(THIS_MODULE) ? 0 : -EINVAL; +} + +void rpciod_down(void) +{ + module_put(THIS_MODULE); +} + /* - * Start up the rpciod process if it's not already running. + * Start up the rpciod workqueue. */ -int -rpciod_up(void) +static int rpciod_start(void) { struct workqueue_struct *wq; - int error = 0; - - if (atomic_inc_not_zero(&rpciod_users)) - return 0; - - mutex_lock(&rpciod_mutex); - /* Guard against races with rpciod_down() */ - if (rpciod_workqueue != NULL) - goto out_ok; /* * Create the rpciod thread and wait for it to start. */ dprintk("RPC: creating workqueue rpciod\n"); - error = -ENOMEM; wq = create_workqueue("rpciod"); - if (wq == NULL) - goto out; - rpciod_workqueue = wq; - error = 0; -out_ok: - atomic_inc(&rpciod_users); -out: - mutex_unlock(&rpciod_mutex); - return error; + return rpciod_workqueue != NULL; } -void -rpciod_down(void) +static void rpciod_stop(void) { - if (!atomic_dec_and_test(&rpciod_users)) - return; + struct workqueue_struct *wq = NULL; - mutex_lock(&rpciod_mutex); + if (rpciod_workqueue == NULL) + return; dprintk("RPC: destroying workqueue rpciod\n"); - if (atomic_read(&rpciod_users) == 0 && rpciod_workqueue != NULL) { - destroy_workqueue(rpciod_workqueue); - rpciod_workqueue = NULL; - } - mutex_unlock(&rpciod_mutex); + wq = rpciod_workqueue; + rpciod_workqueue = NULL; + destroy_workqueue(wq); } void rpc_destroy_mempool(void) { + rpciod_stop(); if (rpc_buffer_mempool) mempool_destroy(rpc_buffer_mempool); if (rpc_task_mempool) @@ -1048,6 +1035,8 @@ rpc_init_mempool(void) rpc_buffer_slabp); if (!rpc_buffer_mempool) goto err_nomem; + if (!rpciod_start()) + goto err_nomem; return 0; err_nomem: rpc_destroy_mempool(); -- cgit v1.2.3 From a4deb81ba8ece75af5560d40d9bb8d242c48a111 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Mon, 6 Aug 2007 12:21:13 -0400 Subject: SUNRPC: Don't call gss_delete_sec_context() from an rcu context Doing so may not be safe... Signed-off-by: Trond Myklebust --- net/sunrpc/auth_gss/auth_gss.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c index 4bbc59cc237c..53995af9ca4b 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c @@ -736,9 +736,6 @@ gss_do_free_ctx(struct gss_cl_ctx *ctx) { dprintk("RPC: gss_free_ctx\n"); - if (ctx->gc_gss_ctx) - gss_delete_sec_context(&ctx->gc_gss_ctx); - kfree(ctx->gc_wire_ctx.data); kfree(ctx); } @@ -753,7 +750,13 @@ gss_free_ctx_callback(struct rcu_head *head) static void gss_free_ctx(struct gss_cl_ctx *ctx) { + struct gss_ctx *gc_gss_ctx; + + gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx); + rcu_assign_pointer(ctx->gc_gss_ctx, NULL); call_rcu(&ctx->gc_rcu, gss_free_ctx_callback); + if (gc_gss_ctx) + gss_delete_sec_context(&gc_gss_ctx); } static void -- cgit v1.2.3 From 4011cd97886dd04b90fef8b671b9936cd39ab983 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Tue, 7 Aug 2007 15:33:01 -0400 Subject: SUNRPC: Replace flush_workqueue() with cancel_work_sync() and friends Signed-off-by: Trond Myklebust --- net/sunrpc/cache.c | 3 +-- net/sunrpc/rpc_pipe.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c index 01c3c4105204..ebe344f34d1a 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -371,8 +371,7 @@ int cache_unregister(struct cache_detail *cd) } if (list_empty(&cache_list)) { /* module must be being unloaded so its safe to kill the worker */ - cancel_delayed_work(&cache_cleaner); - flush_scheduled_work(); + cancel_delayed_work_sync(&cache_cleaner); } return 0; } diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c index 650af064ff8d..669e12a4ed18 100644 --- a/net/sunrpc/rpc_pipe.c +++ b/net/sunrpc/rpc_pipe.c @@ -132,8 +132,7 @@ rpc_close_pipes(struct inode *inode) rpci->nwriters = 0; if (ops->release_pipe) ops->release_pipe(inode); - cancel_delayed_work(&rpci->queue_timeout); - flush_workqueue(rpciod_workqueue); + cancel_delayed_work_sync(&rpci->queue_timeout); } rpc_inode_setowner(inode, NULL); mutex_unlock(&inode->i_mutex); -- cgit v1.2.3 From 3482fd9099e8aab8b8096eb6da93571ea5a0b4c2 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Tue, 7 Aug 2007 17:53:10 -0700 Subject: [NetLabel]: add missing rcu_dereference() calls in the LSM domain mapping hash table The LSM domain mapping head table pointer was not being referenced via the RCU safe dereferencing function, rcu_dereference(). This patch adds those missing calls to the NetLabel code. This has been tested using recent linux-2.6 git kernels with no visible regressions. Signed-off-by: Paul Moore Signed-off-by: David S. Miller --- net/netlabel/netlabel_domainhash.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index f46a0aeec44f..b6c844b7e1c1 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c @@ -126,7 +126,9 @@ static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain, u32 def) if (domain != NULL) { bkt = netlbl_domhsh_hash(domain); - list_for_each_entry_rcu(iter, &netlbl_domhsh->tbl[bkt], list) + list_for_each_entry_rcu(iter, + &rcu_dereference(netlbl_domhsh)->tbl[bkt], + list) if (iter->valid && strcmp(iter->domain, domain) == 0) return iter; } @@ -227,7 +229,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, spin_lock(&netlbl_domhsh_lock); if (netlbl_domhsh_search(entry->domain, 0) == NULL) list_add_tail_rcu(&entry->list, - &netlbl_domhsh->tbl[bkt]); + &rcu_dereference(netlbl_domhsh)->tbl[bkt]); else ret_val = -EEXIST; spin_unlock(&netlbl_domhsh_lock); @@ -423,8 +425,8 @@ int netlbl_domhsh_walk(u32 *skip_bkt, iter_bkt < rcu_dereference(netlbl_domhsh)->size; iter_bkt++, chain_cnt = 0) { list_for_each_entry_rcu(iter_entry, - &netlbl_domhsh->tbl[iter_bkt], - list) + &rcu_dereference(netlbl_domhsh)->tbl[iter_bkt], + list) if (iter_entry->valid) { if (chain_cnt++ < *skip_chain) continue; -- cgit v1.2.3 From 14ae856645dba5b9ba56b2d0627b3b9825fa37b2 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 7 Aug 2007 18:02:43 -0700 Subject: [NET] net/core/utils: fix sparse warning net_msg_warn is not defined because it is in net/sock.h which isn't included. Signed-off-by: Johannes Berg Signed-off-by: David S. Miller --- net/core/utils.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net') diff --git a/net/core/utils.c b/net/core/utils.c index 2030bb8c2d30..0bf17da40d52 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From 3af8e31cf57646284b5f77f9d57d2c22fa77485a Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Tue, 7 Aug 2007 18:10:54 -0700 Subject: [NETFILTER]: ipt_recent: avoid a possible NULL pointer deref in recent_seq_open() If the call to seq_open() returns != 0 then the code calls kfree(st) but then on the very next line proceeds to dereference the pointer - not good. Problem spotted by the Coverity checker. Signed-off-by: Jesper Juhl Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/ipt_recent.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 321804315659..6d0c0f7364ad 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c @@ -387,12 +387,17 @@ static int recent_seq_open(struct inode *inode, struct file *file) st = kzalloc(sizeof(*st), GFP_KERNEL); if (st == NULL) return -ENOMEM; + ret = seq_open(file, &recent_seq_ops); - if (ret) + if (ret) { kfree(st); + goto out; + } + st->table = pde->data; seq = file->private_data; seq->private = st; +out: return ret; } -- cgit v1.2.3 From ff4ca8273eafbba875a86d333e059e78f292107f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 7 Aug 2007 18:11:26 -0700 Subject: [NETFILTER]: ctnetlink: return EEXIST instead of EINVAL for existing nat'ed conntracks ctnetlink must return EEXIST for existing nat'ed conntracks instead of EINVAL. Only return EINVAL if we try to update a conntrack with NAT handlings (that is not allowed). Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat TEST: create conntrack (0)(Success) Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat TEST: create conntrack (-1)(Invalid argument) Signed-off-by: Pablo Neira Ayuso Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_netlink.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'net') diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 6f89b105a205..2863e72b4091 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1052,17 +1052,18 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, } /* implicit 'else' */ - /* we only allow nat config for new conntracks */ - if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) { - err = -EINVAL; - goto out_unlock; - } - /* We manipulate the conntrack inside the global conntrack table lock, * so there's no need to increase the refcount */ err = -EEXIST; - if (!(nlh->nlmsg_flags & NLM_F_EXCL)) - err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), cda); + if (!(nlh->nlmsg_flags & NLM_F_EXCL)) { + /* we only allow nat config for new conntracks */ + if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) { + err = -EINVAL; + goto out_unlock; + } + err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), + cda); + } out_unlock: write_unlock_bh(&nf_conntrack_lock); -- cgit v1.2.3 From 591e620693e71e24fb3450a4084217e44b7a60b6 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 7 Aug 2007 18:12:01 -0700 Subject: [NETFILTER]: nf_nat: add symbolic dependency on IPv4 conntrack Loading nf_nat causes the conntrack core to be loaded, but we need IPv4 as well. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 2 ++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 ++++++ net/ipv4/netfilter/nf_nat_standalone.c | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h index 7a671603fca6..9bf059817aec 100644 --- a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h +++ b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h @@ -21,4 +21,6 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp; extern int nf_conntrack_ipv4_compat_init(void); extern void nf_conntrack_ipv4_compat_fini(void); +extern void need_ipv4_conntrack(void); + #endif /*_NF_CONNTRACK_IPV4_H*/ diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 64552afd01cb..d9b5177989c6 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c @@ -509,3 +509,9 @@ static void __exit nf_conntrack_l3proto_ipv4_fini(void) module_init(nf_conntrack_l3proto_ipv4_init); module_exit(nf_conntrack_l3proto_ipv4_fini); + +void need_ipv4_conntrack(void) +{ + return; +} +EXPORT_SYMBOL_GPL(need_ipv4_conntrack); diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 332814dac503..46cc99def165 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c @@ -328,7 +328,7 @@ static int __init nf_nat_standalone_init(void) { int ret = 0; - need_conntrack(); + need_ipv4_conntrack(); #ifdef CONFIG_XFRM BUG_ON(ip_nat_decode_session != NULL); -- cgit v1.2.3 From f34d1955dff5a5769d24614d137003f0316406f3 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 7 Aug 2007 18:29:05 -0700 Subject: [TCP]: H-TCP maxRTT estimation at startup Small patch to H-TCP from Douglas Leith. Fix estimation of maxRTT. The original code ignores rtt measurements during slow start (via the check tp->snd_ssthresh < 0xFFFF) yet this is probably a good time to try to estimate max rtt as delayed acking is disabled and slow start will only exit on a loss which presumably corresponds to a maxrtt measurement. Second, the original code (via the check htcp_ccount(ca) > 3) ignores rtt data during what it estimates to be the first 3 round-trip times. This seems like an unnecessary check now that the RCV timestamp are no longer used for rtt estimation. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- net/ipv4/tcp_htcp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'net') diff --git a/net/ipv4/tcp_htcp.c b/net/ipv4/tcp_htcp.c index b66556c0a5bd..5215691f2760 100644 --- a/net/ipv4/tcp_htcp.c +++ b/net/ipv4/tcp_htcp.c @@ -79,7 +79,6 @@ static u32 htcp_cwnd_undo(struct sock *sk) static inline void measure_rtt(struct sock *sk, u32 srtt) { const struct inet_connection_sock *icsk = inet_csk(sk); - const struct tcp_sock *tp = tcp_sk(sk); struct htcp *ca = inet_csk_ca(sk); /* keep track of minimum RTT seen so far, minRTT is zero at first */ @@ -87,8 +86,7 @@ static inline void measure_rtt(struct sock *sk, u32 srtt) ca->minRTT = srtt; /* max RTT */ - if (icsk->icsk_ca_state == TCP_CA_Open - && tp->snd_ssthresh < 0xFFFF && htcp_ccount(ca) > 3) { + if (icsk->icsk_ca_state == TCP_CA_Open) { if (ca->maxRTT < ca->minRTT) ca->maxRTT = ca->minRTT; if (ca->maxRTT < srtt -- cgit v1.2.3 From dcbdc93c6c64daf20622d6deae774d1e740efb8d Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Fri, 10 Aug 2007 15:14:54 -0700 Subject: [IPCONFIG]: ip_auto_config fix The following commandline: root=/dev/mtdblock6 rw rootfstype=jffs2 ip=192.168.1.10:::255.255.255.0:localhost.localdomain:eth1:off console=ttyS0,115200 makes ip_auto_config fall back to DHCP and complain "IP-Config: Incomplete network configuration information." depending on if CONFIG_IP_PNP_DHCP is set or not. The only way I can make ip_auto_config accept my IP config is to add an entry for the server IP: ip=192.168.1.10:192.168.1.15::255.255.255.0:localhost.localdomain:eth1:off I think this is a bug since I am not using a NFS root FS. The following patch fixes the above problem. From: Andrew Morton Davem said (in February!): Well, first of all the change in question is not in 2.4.x either. I just checked the current 2.4.x GIT tree and the test is exactly: if (ic_myaddr == INADDR_NONE || #ifdef CONFIG_ROOT_NFS (MAJOR(ROOT_DEV) == UNNAMED_MAJOR && root_server_addr == INADDR_NONE && ic_servaddr == INADDR_NONE) || #endif ic_first_dev->next) { which matches 2.6.x I even checked 2.4.x when it was branched for 2.5.x and the test was the same at the point in time too. Looking at the proposed change a bit it appears that it is probably correct, as it's trying to check that ROOT_DEV is nfs root. But if it is correct then the UNNAMED_MAJOR comparison in the same code block should be removed as it becomes superfluous. I'm happy to apply this patch with that modification made. Signed-off-by: Joakim Tjernlund Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/ipv4/ipconfig.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'net') diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c index 342ca8d89458..c5b247077539 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -1281,9 +1281,9 @@ static int __init ip_auto_config(void) */ if (ic_myaddr == NONE || #ifdef CONFIG_ROOT_NFS - (MAJOR(ROOT_DEV) == UNNAMED_MAJOR - && root_server_addr == NONE - && ic_servaddr == NONE) || + (root_server_addr == NONE + && ic_servaddr == NONE + && ROOT_DEV == Root_NFS) || #endif ic_first_dev->next) { #ifdef IPCONFIG_DYNAMIC -- cgit v1.2.3 From 6869a35b365c027b7acf50585c5bb34e34d4c41c Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:16:42 -0700 Subject: [ATM]: Clean up duplicate includes in net/atm/ This patch cleans up duplicate includes in net/atm/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/atm/lec.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/atm/lec.c b/net/atm/lec.c index 2770fb451ae8..59d5aa3366f2 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -21,7 +21,6 @@ #include #include #include -#include #include /* TokenRing if needed */ -- cgit v1.2.3 From f49f9967b263cc88b48d912172afdc621bcb0a3c Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:17:24 -0700 Subject: [IPV4]: Clean up duplicate includes in net/ipv4/ This patch cleans up duplicate includes in net/ipv4/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/ipv4/ip_output.c | 1 - net/ipv4/ipvs/ip_vs_ctl.c | 1 - net/ipv4/netfilter/ipt_CLUSTERIP.c | 1 - 3 files changed, 3 deletions(-) (limited to 'net') diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index c9e2b5e6305e..0f1d7beacf78 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -75,7 +75,6 @@ #include #include #include -#include #include #include #include diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c index e1052bcf4ed1..c32781d0ead2 100644 --- a/net/ipv4/ipvs/ip_vs_ctl.c +++ b/net/ipv4/ipvs/ip_vs_ctl.c @@ -29,7 +29,6 @@ #include #include #include -#include #include #include diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index dcc12b183474..69bd362b5fa2 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c @@ -19,7 +19,6 @@ #include #include #include -#include #include #include #include -- cgit v1.2.3 From 703310e645c639a84e7f4b35d8a508acde9ef360 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:17:58 -0700 Subject: [IPV6]: Clean up duplicate includes in net/ipv6/ This patch cleans up duplicate includes in net/ipv6/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/ipv6/tcp_ipv6.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index cbdb78487915..0f7defb482e9 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -56,7 +56,6 @@ #include #include #include -#include #include #include #include -- cgit v1.2.3 From 0a26f4cdc207db14a8e7192bac5a7c84d9e2390a Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:18:31 -0700 Subject: [PKT_SCHED]: Clean up duplicate includes in net/sched/ This patch cleans up duplicate includes in net/sched/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/sched/act_police.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/sched/act_police.c b/net/sched/act_police.c index bf90e60f8411..6085be578459 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -16,7 +16,6 @@ #include #include #include -#include #include #include #include -- cgit v1.2.3 From 08dd2e29468d55f67fa346ede07ddfc58a60536b Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:19:09 -0700 Subject: [SUNRPC]: Clean up duplicate includes in net/sunrpc/ This patch cleans up duplicate includes in net/sunrpc/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/sunrpc/auth_gss/svcauth_gss.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index dc2f41e9f577..7da7050f06c3 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -42,7 +42,6 @@ #include #include -#include #include #include #include -- cgit v1.2.3 From 897c77cab0c386103e1c51fe8f3fc7eb5d1eb37f Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:19:43 -0700 Subject: [TIPC]: Clean up duplicate includes in net/tipc/ This patch cleans up duplicate includes in net/tipc/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/tipc/port.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/tipc/port.c b/net/tipc/port.c index 5d2b9ce84d0a..76088153524c 100644 --- a/net/tipc/port.c +++ b/net/tipc/port.c @@ -41,7 +41,6 @@ #include "addr.h" #include "link.h" #include "node.h" -#include "port.h" #include "name_table.h" #include "user_reg.h" #include "msg.h" -- cgit v1.2.3 From b5890d8ba47741425fe3c0d753e1b57bc0561b7b Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:20:21 -0700 Subject: [XFRM]: Clean up duplicate includes in net/xfrm/ This patch cleans up duplicate includes in net/xfrm/ Signed-off-by: Jesper Juhl Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/xfrm/xfrm_policy.c | 3 +-- net/xfrm/xfrm_state.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index e5a3be03aa0d..7012891d39f2 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -23,10 +23,9 @@ #include #include #include +#include #include #include -#include -#include #include "xfrm_hash.h" diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 31be405efb55..d4356e6f7f9b 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -19,9 +19,8 @@ #include #include #include -#include #include -#include +#include #include "xfrm_hash.h" -- cgit v1.2.3 From d725fdc8027a4cd961f58d92917fbb91b171abfa Mon Sep 17 00:00:00 2001 From: Oleg Nesterov Date: Fri, 10 Aug 2007 15:21:17 -0700 Subject: [DCCP]: fix theoretical ccids_{read,write}_lock() race Make sure that spin_unlock_wait() is properly ordered wrt atomic_inc(). (akpm: can't we convert this code to use rwlocks?) Signed-off-by: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/dccp/ccid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net') diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c index ccbf72c793b6..c45088b5e6fb 100644 --- a/net/dccp/ccid.c +++ b/net/dccp/ccid.c @@ -40,6 +40,7 @@ static inline void ccids_write_unlock(void) static inline void ccids_read_lock(void) { atomic_inc(&ccids_lockct); + smp_mb__after_atomic_inc(); spin_unlock_wait(&ccids_lock); } -- cgit v1.2.3 From e576de82ee628f68e5a44527c7ee99eadeab2e62 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 10 Aug 2007 15:23:54 -0700 Subject: [DCCP]: fix memory leak and clean up style - dccp_feat_empty_confirm() There's a memory leak in net/dccp/feat.c::dccp_feat_empty_confirm(). If we hit the 'default:' case of the 'switch' statement, then we return without freeing 'opt', thus leaking 'struct dccp_opt_pend' bytes. The leak is fixed easily enough by adding a kfree(opt); before the return statement. The patch also changes the layout of the 'switch' to be more in line with CodingStyle. Signed-off-by: Jesper Juhl Acked-by: Ian McDonald Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/dccp/feat.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'net') diff --git a/net/dccp/feat.c b/net/dccp/feat.c index cd845df5320d..5ebdd86c1b99 100644 --- a/net/dccp/feat.c +++ b/net/dccp/feat.c @@ -327,10 +327,16 @@ static void dccp_feat_empty_confirm(struct dccp_minisock *dmsk, } switch (type) { - case DCCPO_CHANGE_L: opt->dccpop_type = DCCPO_CONFIRM_R; break; - case DCCPO_CHANGE_R: opt->dccpop_type = DCCPO_CONFIRM_L; break; - default: DCCP_WARN("invalid type %d\n", type); return; - + case DCCPO_CHANGE_L: + opt->dccpop_type = DCCPO_CONFIRM_R; + break; + case DCCPO_CHANGE_R: + opt->dccpop_type = DCCPO_CONFIRM_L; + break; + default: + DCCP_WARN("invalid type %d\n", type); + kfree(opt); + return; } opt->dccpop_feat = feature; opt->dccpop_val = NULL; -- cgit v1.2.3 From 7f353bf29e162459f2f1e2ca25e41011fae65241 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Fri, 10 Aug 2007 15:47:58 -0700 Subject: [NET]: Share correct feature code between bridging and bonding http://bugzilla.kernel.org/show_bug.cgi?id=8797 shows that the bonding driver may produce bogus combinations of the checksum flags and SG/TSO. For example, if you bond devices with NETIF_F_HW_CSUM and NETIF_F_IP_CSUM you'll end up with a bonding device that has neither flag set. If both have TSO then this produces an illegal combination. The bridge device on the other hand has the correct code to deal with this. In fact, the same code can be used for both. So this patch moves that logic into net/core/dev.c and uses it for both bonding and bridging. In the process I've made small adjustments such as only setting GSO_ROBUST if at least one constituent device supports it. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- drivers/net/bonding/bond_main.c | 34 +++++++++++++--------------------- include/linux/netdevice.h | 2 ++ net/bridge/br_device.c | 2 +- net/bridge/br_if.c | 36 ++++-------------------------------- net/core/dev.c | 39 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 59 insertions(+), 54 deletions(-) (limited to 'net') diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 070b78d959cc..1afda3230def 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1202,43 +1202,35 @@ static int bond_sethwaddr(struct net_device *bond_dev, return 0; } -#define BOND_INTERSECT_FEATURES \ - (NETIF_F_SG | NETIF_F_ALL_CSUM | NETIF_F_TSO | NETIF_F_UFO) +#define BOND_VLAN_FEATURES \ + (NETIF_F_VLAN_CHALLENGED | NETIF_F_HW_VLAN_RX | NETIF_F_HW_VLAN_TX | \ + NETIF_F_HW_VLAN_FILTER) /* * Compute the common dev->feature set available to all slaves. Some - * feature bits are managed elsewhere, so preserve feature bits set on - * master device that are not part of the examined set. + * feature bits are managed elsewhere, so preserve those feature bits + * on the master device. */ static int bond_compute_features(struct bonding *bond) { - unsigned long features = BOND_INTERSECT_FEATURES; struct slave *slave; struct net_device *bond_dev = bond->dev; + unsigned long features = bond_dev->features; unsigned short max_hard_header_len = ETH_HLEN; int i; + features &= ~(NETIF_F_ALL_CSUM | BOND_VLAN_FEATURES); + features |= NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA | + NETIF_F_GSO_MASK | NETIF_F_NO_CSUM; + bond_for_each_slave(bond, slave, i) { - features &= (slave->dev->features & BOND_INTERSECT_FEATURES); + features = netdev_compute_features(features, + slave->dev->features); if (slave->dev->hard_header_len > max_hard_header_len) max_hard_header_len = slave->dev->hard_header_len; } - if ((features & NETIF_F_SG) && - !(features & NETIF_F_ALL_CSUM)) - features &= ~NETIF_F_SG; - - /* - * features will include NETIF_F_TSO (NETIF_F_UFO) iff all - * slave devices support NETIF_F_TSO (NETIF_F_UFO), which - * implies that all slaves also support scatter-gather - * (NETIF_F_SG), which implies that features also includes - * NETIF_F_SG. So no need to check whether we have an - * illegal combination of NETIF_F_{TSO,UFO} and - * !NETIF_F_SG - */ - - features |= (bond_dev->features & ~BOND_INTERSECT_FEATURES); + features |= (bond_dev->features & BOND_VLAN_FEATURES); bond_dev->features = features; bond_dev->hard_header_len = max_hard_header_len; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 4a616d73cc25..e679b2751665 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1131,6 +1131,8 @@ extern void dev_seq_stop(struct seq_file *seq, void *v); extern void linkwatch_run_queue(void); +extern int netdev_compute_features(unsigned long all, unsigned long one); + static inline int net_gso_ok(int features, int gso_type) { int feature = gso_type << NETIF_F_GSO_SHIFT; diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 5e1892d8d874..0eded176ce99 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -179,5 +179,5 @@ void br_dev_setup(struct net_device *dev) dev->priv_flags = IFF_EBRIDGE; dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA | - NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST; + NETIF_F_GSO_MASK | NETIF_F_NO_CSUM | NETIF_F_LLTX; } diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index b40dada002bf..749f0e8f541d 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c @@ -349,43 +349,15 @@ int br_min_mtu(const struct net_bridge *br) void br_features_recompute(struct net_bridge *br) { struct net_bridge_port *p; - unsigned long features, checksum; + unsigned long features; - checksum = br->feature_mask & NETIF_F_ALL_CSUM ? NETIF_F_NO_CSUM : 0; - features = br->feature_mask & ~NETIF_F_ALL_CSUM; + features = br->feature_mask; list_for_each_entry(p, &br->port_list, list) { - unsigned long feature = p->dev->features; - - /* if device needs checksumming, downgrade to hw checksumming */ - if (checksum & NETIF_F_NO_CSUM && !(feature & NETIF_F_NO_CSUM)) - checksum ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM; - - /* if device can't do all checksum, downgrade to ipv4/ipv6 */ - if (checksum & NETIF_F_HW_CSUM && !(feature & NETIF_F_HW_CSUM)) - checksum ^= NETIF_F_HW_CSUM - | NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM; - - if (checksum & NETIF_F_IPV6_CSUM && !(feature & NETIF_F_IPV6_CSUM)) - checksum &= ~NETIF_F_IPV6_CSUM; - - if (!(feature & NETIF_F_IP_CSUM)) - checksum = 0; - - if (feature & NETIF_F_GSO) - feature |= NETIF_F_GSO_SOFTWARE; - feature |= NETIF_F_GSO; - - features &= feature; + features = netdev_compute_features(features, p->dev->features); } - if (!(checksum & NETIF_F_ALL_CSUM)) - features &= ~NETIF_F_SG; - if (!(features & NETIF_F_SG)) - features &= ~NETIF_F_GSO_MASK; - - br->dev->features = features | checksum | NETIF_F_LLTX | - NETIF_F_GSO_ROBUST; + br->dev->features = features; } /* called with RTNL */ diff --git a/net/core/dev.c b/net/core/dev.c index 6cc8a70350ac..a76021c71207 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3993,6 +3993,45 @@ static int __init netdev_dma_register(void) static int __init netdev_dma_register(void) { return -ENODEV; } #endif /* CONFIG_NET_DMA */ +/** + * netdev_compute_feature - compute conjunction of two feature sets + * @all: first feature set + * @one: second feature set + * + * Computes a new feature set after adding a device with feature set + * @one to the master device with current feature set @all. Returns + * the new feature set. + */ +int netdev_compute_features(unsigned long all, unsigned long one) +{ + /* if device needs checksumming, downgrade to hw checksumming */ + if (all & NETIF_F_NO_CSUM && !(one & NETIF_F_NO_CSUM)) + all ^= NETIF_F_NO_CSUM | NETIF_F_HW_CSUM; + + /* if device can't do all checksum, downgrade to ipv4/ipv6 */ + if (all & NETIF_F_HW_CSUM && !(one & NETIF_F_HW_CSUM)) + all ^= NETIF_F_HW_CSUM + | NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM; + + if (one & NETIF_F_GSO) + one |= NETIF_F_GSO_SOFTWARE; + one |= NETIF_F_GSO; + + /* If even one device supports robust GSO, enable it for all. */ + if (one & NETIF_F_GSO_ROBUST) + all |= NETIF_F_GSO_ROBUST; + + all &= one | NETIF_F_LLTX; + + if (!(all & NETIF_F_ALL_CSUM)) + all &= ~NETIF_F_SG; + if (!(all & NETIF_F_SG)) + all &= ~NETIF_F_GSO_MASK; + + return all; +} +EXPORT_SYMBOL(netdev_compute_features); + /* * Initialize the DEV module. At boot time this walks the device list and * unhooks any devices that fail to initialise (normally hardware not -- cgit v1.2.3 From cae7ca3d3de48851e929de9469397749638df779 Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Fri, 10 Aug 2007 15:50:30 -0700 Subject: [IPVS]: Use IP_VS_WAIT_WHILE when encessary. For architectures that don't have a volatile atomic_ts constructs like while (atomic_read(&something)); might result in endless loops since a barrier() is missing which forces the compiler to generate code that actually reads memory contents. Fix this in ipvs by using the IP_VS_WAIT_WHILE macro which resolves to while (expr) { cpu_relax(); } (why isn't this open coded btw?) Signed-off-by: Heiko Carstens Signed-off-by: Simon Horman Signed-off-by: David S. Miller --- net/ipv4/ipvs/ip_vs_ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c index c32781d0ead2..902fd578aa3c 100644 --- a/net/ipv4/ipvs/ip_vs_ctl.c +++ b/net/ipv4/ipvs/ip_vs_ctl.c @@ -908,7 +908,7 @@ ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest) write_lock_bh(&__ip_vs_svc_lock); /* Wait until all other svc users go away */ - while (atomic_read(&svc->usecnt) > 1) {}; + IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1); /* call the update_service, because server weight may be changed */ svc->scheduler->update_service(svc); -- cgit v1.2.3 From 35019539d71bacd98de318c34728c97b1b505b49 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Tue, 14 Aug 2007 13:13:28 -0700 Subject: [NETFILTER]: netfilter: xt_u32 bug correction An extraneous ";" makes xt_u32 match useless Signed-off-by: Eric Dumazet Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/xt_u32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c index 74f9b14c012f..bec427915b30 100644 --- a/net/netfilter/xt_u32.c +++ b/net/netfilter/xt_u32.c @@ -36,7 +36,7 @@ static bool u32_match_it(const struct xt_u32 *data, at = 0; pos = ct->location[0].number; - if (skb->len < 4 || pos > skb->len - 4); + if (skb->len < 4 || pos > skb->len - 4) return false; ret = skb_copy_bits(skb, pos, &n, sizeof(n)); -- cgit v1.2.3 From 465f90a486cd724d364167747e8b8b9f806fa91a Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Aug 2007 13:13:54 -0700 Subject: [NETFILTER]: nf_conntrack_sip: check sname != NULL before calling strncmp The check got lost during the conversion to nf_conntrack. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_sip.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 1276a442f10c..5cc9636e46e9 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -330,7 +330,8 @@ int ct_sip_get_info(struct nf_conn *ct, while (dptr <= limit) { if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) && - (strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) { + (hnfo->sname == NULL || + strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) { dptr++; continue; } -- cgit v1.2.3 From aa584eda5d2002097de9f608b362d9150730abd7 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Aug 2007 13:14:35 -0700 Subject: [NETFILTER]: nf_conntrack_sip: fix SIP-URI parsing The userinfo component of a SIP-URI is optional, continue parsing at the beginning of the SIP-URI in case its not found. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_sip.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 5cc9636e46e9..d449fa47491c 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -295,6 +295,7 @@ static int epaddr_len(struct nf_conn *ct, const char *dptr, static int skp_epaddr_len(struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { + const char *start = dptr; int s = *shift; /* Search for @, but stop at the end of the line. @@ -309,8 +310,10 @@ static int skp_epaddr_len(struct nf_conn *ct, const char *dptr, if (dptr <= limit && *dptr == '@') { dptr++; (*shift)++; - } else + } else { + dptr = start; *shift = s; + } return epaddr_len(ct, dptr, limit, shift); } -- cgit v1.2.3 From 45241a7a07537266eec363593ef377a1e6b7db7f Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 14 Aug 2007 13:14:58 -0700 Subject: [NETFILTER]: nf_nat_sip: don't drop short packets Don't drop packets shorter than "SIP/2.0", just ignore them. Keep-alives can validly be shorter for example. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_nat_sip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index a889ec3ec83a..e14d41976c27 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c @@ -104,7 +104,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); datalen = (*pskb)->len - dataoff; if (datalen < sizeof("SIP/2.0") - 1) - return NF_DROP; + return NF_ACCEPT; addr_map_init(ct, &map); -- cgit v1.2.3 From 17120889b0706b69ae24cba3ef0a340dc3fb7edc Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 14 Aug 2007 13:21:34 -0700 Subject: [BRIDGE]: sysfs locking fix. The stp change code generates "sleeping function called from invalid context" because rtnl_lock() called with BH disabled. This fixes it by not acquiring then dropping the bridge lock. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- net/bridge/br_sysfs_br.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'net') diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c index 4f42263e0a8a..88f43003b193 100644 --- a/net/bridge/br_sysfs_br.c +++ b/net/bridge/br_sysfs_br.c @@ -147,20 +147,26 @@ static ssize_t show_stp_state(struct device *d, return sprintf(buf, "%d\n", br->stp_enabled); } -static void set_stp_state(struct net_bridge *br, unsigned long val) -{ - rtnl_lock(); - spin_unlock_bh(&br->lock); - br_stp_set_enabled(br, val); - spin_lock_bh(&br->lock); - rtnl_unlock(); -} static ssize_t store_stp_state(struct device *d, struct device_attribute *attr, const char *buf, size_t len) { - return store_bridge_parm(d, buf, len, set_stp_state); + struct net_bridge *br = to_bridge(d); + char *endp; + unsigned long val; + + if (!capable(CAP_NET_ADMIN)) + return -EPERM; + + val = simple_strtoul(buf, &endp, 0); + if (endp == buf) + return -EINVAL; + + rtnl_lock(); + br_stp_set_enabled(br, val); + rtnl_unlock(); + } static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state, store_stp_state); -- cgit v1.2.3 From 02f44315dc4bce8a222564aa023c965efbeb73b5 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Tue, 14 Aug 2007 13:22:58 -0700 Subject: [BRIDGE]: Fix typo in net/bridge/br_stp_if.c Signed-off-by: Jussi Kivilinna Acked-by: Stephen Hemminger Signed-off-by: David S. Miller --- net/bridge/br_stp_if.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c index 1ea2f86f7683..1a430eccec9b 100644 --- a/net/bridge/br_stp_if.c +++ b/net/bridge/br_stp_if.c @@ -132,7 +132,7 @@ static void br_stp_start(struct net_bridge *br) } else { br->stp_enabled = BR_KERNEL_STP; printk(KERN_INFO "%s: starting userspace STP failed, " - "staring kernel STP\n", br->dev->name); + "starting kernel STP\n", br->dev->name); /* To start timers on any ports left in blocking */ spin_lock_bh(&br->lock); -- cgit v1.2.3 From 7b7ed879254ad43990c9d67f95be3427401c3392 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 7 Aug 2007 10:23:57 +0200 Subject: [PATCH] mac80211: fix tx status frame code When I added the monitor for outgoing frames somehow a break statement slipped in. Remove it. Signed-off-by: Johannes Berg --- net/mac80211/ieee80211.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/mac80211/ieee80211.c b/net/mac80211/ieee80211.c index 8ec5ed192b5d..7286c389a4d0 100644 --- a/net/mac80211/ieee80211.c +++ b/net/mac80211/ieee80211.c @@ -4678,7 +4678,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb, memset(skb->cb, 0, sizeof(skb->cb)); netif_rx(skb); skb = skb2; - break; } } out: -- cgit v1.2.3 From b9bf1e60a294fc7795d5198f94a917290e52865b Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Tue, 7 Aug 2007 16:33:15 -0400 Subject: [PATCH] mac80211: probe for hidden SSIDs in pre-auth scan Probe for hidden SSIDs if initiating pre-authentication scan and SSID is set for STA interface. Signed-off-by: John W. Linville --- net/mac80211/ieee80211_sta.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c index 7ba352e3ffe0..0d99b685df5f 100644 --- a/net/mac80211/ieee80211_sta.c +++ b/net/mac80211/ieee80211_sta.c @@ -2154,7 +2154,11 @@ static int ieee80211_sta_config_auth(struct net_device *dev, return 0; } else { if (ifsta->state != IEEE80211_AUTHENTICATE) { - ieee80211_sta_start_scan(dev, NULL, 0); + if (ifsta->auto_ssid_sel) + ieee80211_sta_start_scan(dev, NULL, 0); + else + ieee80211_sta_start_scan(dev, ifsta->ssid, + ifsta->ssid_len); ifsta->state = IEEE80211_AUTHENTICATE; set_bit(IEEE80211_STA_REQ_AUTH, &ifsta->request); } else -- cgit v1.2.3 From 9ac0be9d4fa0c0ec7a447eeaa080bc13cf865319 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 14 Aug 2007 17:24:05 -0700 Subject: [AX25]: don't free pointers to statically allocated data commit 8d5cf596d10d740b69b5f4bbdb54b85abf75810d started to add statically allocated ax25_protocol's to list. However kfree() was still in place waiting for unsuspecting ones on module removal. Steps to reproduce: modprobe netrom rmmod netrom P.S.: code would benefit greatly from list_add/list_del usage kernel BUG at mm/slab.c:592! invalid opcode: 0000 [1] PREEMPT SMP CPU 0 Modules linked in: netrom ax25 af_packet usbcore rtc_cmos rtc_core rtc_lib Pid: 4477, comm: rmmod Not tainted 2.6.23-rc3-bloat #2 RIP: 0010:[] [] kfree+0x1c6/0x260 RSP: 0000:ffff810079a05e48 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81000000c000 RDX: ffff81007e552458 RSI: 0000000000000000 RDI: 000000000000805d RBP: ffff810079a05e88 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8805d080 R13: ffffffff8805d080 R14: 0000000000000000 R15: 0000000000000282 FS: 00002b73fc98aae0(0000) GS:ffffffff805dc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000000053f3b8 CR3: 0000000079ff2000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process rmmod (pid: 4477, threadinfo ffff810079a04000, task ffff8100775aa480) Stack: ffff810079a05e68 0000000000000246 ffffffff8804eca0 0000000000000000 ffffffff8805d080 00000000000000cf 0000000000000000 0000000000000880 ffff810079a05eb8 ffffffff8803ec90 ffff810079a05eb8 0000000000000000 Call Trace: [] :ax25:ax25_protocol_release+0xa0/0xb0 [] :netrom:nr_exit+0x6b/0xf0 [] sys_delete_module+0x170/0x1f0 [] trace_hardirqs_on+0xd5/0x170 [] trace_hardirqs_on_thunk+0x35/0x37 [] system_call+0x7e/0x83 Code: 0f 0b eb fe 66 66 90 66 66 90 48 8b 52 10 48 8b 02 25 00 40 RIP [] kfree+0x1c6/0x260 RSP Kernel panic - not syncing: Fatal exception Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller --- net/ax25/ax25_iface.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'net') diff --git a/net/ax25/ax25_iface.c b/net/ax25/ax25_iface.c index 16be0c14780a..8443af57a374 100644 --- a/net/ax25/ax25_iface.c +++ b/net/ax25/ax25_iface.c @@ -69,7 +69,6 @@ void ax25_protocol_release(unsigned int pid) if (protocol->pid == pid) { protocol_list = protocol->next; write_unlock_bh(&protocol_list_lock); - kfree(protocol); return; } @@ -78,7 +77,6 @@ void ax25_protocol_release(unsigned int pid) s = protocol->next; protocol->next = protocol->next->next; write_unlock_bh(&protocol_list_lock); - kfree(s); return; } -- cgit v1.2.3 From 9c29a377f99b42c59721112cd2388cf27547fc84 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 14 Aug 2007 17:25:20 -0700 Subject: [ECONET]: remove econet_packet_type on unload Steps to reproduce: modprobe econet rmmod econet modprobe econet Unable to handle kernel paging request at ffffffff8870a098 RIP: [] dev_add_pack+0x48/0x90 PGD 203067 PUD 207063 PMD 7817f067 PTE 0 Oops: 0002 [1] PREEMPT SMP CPU 1 Modules linked in: econet [maaaany] Pid: 10671, comm: modprobe Not tainted 2.6.23-rc3-bloat #6 RIP: 0010:[] [] dev_add_pack+0x48/0x90 RSP: 0000:ffff810076293df8 EFLAGS: 00010202 RAX: ffffffff88659090 RBX: ffffffff88659060 RCX: ffffffff8870a090 RDX: 0000000000000080 RSI: ffffffff805ec660 RDI: ffff810078ce4680 RBP: ffff810076293e08 R08: 0000000000000002 R09: 0000000000000000 R10: ffffffff8040bf88 R11: 0000000000000001 R12: ffff810076293e18 R13: 000000000000001b R14: ffff810076dd06b0 R15: ffffffff886590c0 FS: 00002b96a525dae0(0000) GS:ffff81007e0e2138(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffffffff8870a098 CR3: 000000007bb67000 CR4: 00000000000026e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process modprobe (pid: 10671, threadinfo ffff810076292000, task ffff810078ce4680) Stack: ffff810076dd06b0 0000000000000000 ffff810076293e38 ffffffff8865b180 0000000000800000 0000000000000000 ffffffff886590c0 ffff810076dd01c8 ffff810076293f78 ffffffff8026723c ffff810076293e48 ffffffff886590d8 Call Trace: [] :econet:econet_proto_init+0x180/0x1da [] sys_init_module+0x15c/0x19e0 [] system_call+0x7e/0x83 Code: 48 89 41 08 48 89 82 e0 c5 5e 80 48 c7 c7 a0 08 5d 80 e8 f1 RIP [] dev_add_pack+0x48/0x90 RSP CR2: ffffffff8870a098 Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller --- net/econet/af_econet.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net') diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c index b5524f32ac2d..35c96bcc0f32 100644 --- a/net/econet/af_econet.c +++ b/net/econet/af_econet.c @@ -1146,6 +1146,9 @@ static void __exit econet_proto_exit(void) sock_release(udpsock); #endif unregister_netdevice_notifier(&econet_netdev_notifier); +#ifdef CONFIG_ECONET_NATIVE + dev_remove_pack(&econet_packet_type); +#endif sock_unregister(econet_family_ops.family); proto_unregister(&econet_proto); } -- cgit v1.2.3 From 6f93b9c28326df34b23a6c0dbe4c51d4654bdf0b Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 14 Aug 2007 17:38:44 -0700 Subject: [NET]: Unexport dev_ethtool This patch removes the no longer used EXPORT_SYMBOL(dev_ethtool). Signed-off-by: Adrian Bunk Acked-by: Matthew Wilcox Signed-off-by: David S. Miller --- net/core/ethtool.c | 1 - 1 file changed, 1 deletion(-) (limited to 'net') diff --git a/net/core/ethtool.c b/net/core/ethtool.c index 2ab0a60046a5..c5e059352d43 100644 --- a/net/core/ethtool.c +++ b/net/core/ethtool.c @@ -948,7 +948,6 @@ int dev_ethtool(struct ifreq *ifr) return rc; } -EXPORT_SYMBOL(dev_ethtool); EXPORT_SYMBOL(ethtool_op_get_link); EXPORT_SYMBOL(ethtool_op_get_sg); EXPORT_SYMBOL(ethtool_op_get_tso); -- cgit v1.2.3 From 16f3051b166bde3f1bd741783b64a8feebdb6f00 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 14 Aug 2007 17:39:43 -0700 Subject: [VLAN] net/8021q/vlanproc.c: fix check-after-use The Coverity checker spotted that we'd have already oops'ed if "vlandev" was NULL. Signed-off-by: Adrian Bunk Signed-off-by: David S. Miller --- net/8021q/vlanproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/8021q/vlanproc.c b/net/8021q/vlanproc.c index c0040c9064a1..bd08aa090763 100644 --- a/net/8021q/vlanproc.c +++ b/net/8021q/vlanproc.c @@ -319,7 +319,7 @@ static int vlandev_seq_show(struct seq_file *seq, void *offset) static const char fmt[] = "%30s %12lu\n"; int i; - if ((vlandev == NULL) || (!(vlandev->priv_flags & IFF_802_1Q_VLAN))) + if (!(vlandev->priv_flags & IFF_802_1Q_VLAN)) return 0; seq_printf(seq, "%s VID: %d REORDER_HDR: %i dev->priv_flags: %hx\n", -- cgit v1.2.3 From 3b1855255098e1f78fa74c0f3378c0391e9a7a2b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 15 Aug 2007 14:46:02 -0700 Subject: [NET]: Fix unbalanced rcu_read_unlock in __sock_create The recent RCU work created an unbalanced rcu_read_unlock in __sock_create. This patch fixes that. Reported by oleg 123. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/socket.c b/net/socket.c index ec077037f534..7d44453dfae1 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1168,7 +1168,7 @@ static int __sock_create(int family, int type, int protocol, module_put(pf->owner); err = security_socket_post_create(sock, family, type, protocol, kern); if (err) - goto out_release; + goto out_sock_release; *res = sock; return 0; -- cgit v1.2.3 From 660adc6e60bc8882b16e466c09401cff017dcd94 Mon Sep 17 00:00:00 2001 From: Ilpo Järvinen Date: Wed, 15 Aug 2007 15:07:30 -0700 Subject: [IPv6]: Invalid semicolon after if statement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A similar fix to netfilter from Eric Dumazet inspired me to look around a bit by using some grep/sed stuff as looking for this kind of bugs seemed easy to automate. This is one of them I found where it looks like this semicolon is not valid. Signed-off-by: Ilpo Järvinen Signed-off-by: David S. Miller --- net/ipv6/ipv6_sockglue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index d6846393182d..761a910f4f97 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -820,7 +820,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, return 0; len = min_t(unsigned int, len, ipv6_optlen(hdr)); - if (copy_to_user(optval, hdr, len)); + if (copy_to_user(optval, hdr, len)) return -EFAULT; return ipv6_optlen(hdr); } -- cgit v1.2.3 From 35b426c329e12e33bd0f0912f3d2e3f5f7b2c486 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 19 Aug 2007 04:51:26 +0100 Subject: missing return in bridge sysfs code Signed-off-by: Al Viro Acked-by: David S. Miller Signed-off-by: Linus Torvalds --- net/bridge/br_sysfs_br.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net') diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c index 88f43003b193..c65f54e0e27f 100644 --- a/net/bridge/br_sysfs_br.c +++ b/net/bridge/br_sysfs_br.c @@ -167,6 +167,7 @@ static ssize_t store_stp_state(struct device *d, br_stp_set_enabled(br, val); rtnl_unlock(); + return len; } static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state, store_stp_state); -- cgit v1.2.3 From 39dad26c37fdb1382e4173172a2704fa278f7fd6 Mon Sep 17 00:00:00 2001 From: Gerrit Renker Date: Sun, 19 Aug 2007 17:12:50 -0700 Subject: [DCCP]: Allocation in atomic context This fixes the following bug reported in syslog: [ 4039.051658] BUG: sleeping function called from invalid context at /usr/src/davem-2.6/mm/slab.c:3032 [ 4039.051668] in_atomic():1, irqs_disabled():0 [ 4039.051670] INFO: lockdep is turned off. [ 4039.051674] [] show_trace_log_lvl+0x1a/0x30 [ 4039.051687] [] show_trace+0x12/0x14 [ 4039.051691] [] dump_stack+0x16/0x18 [ 4039.051695] [] __might_sleep+0xaf/0xbe [ 4039.051700] [] __kmalloc+0xb1/0xd0 [ 4039.051706] [] ccid2_hc_tx_alloc_seq+0x35/0xc3 [dccp_ccid2] [ 4039.051717] [] ccid2_hc_tx_packet_sent+0x27f/0x2d9 [dccp_ccid2] [ 4039.051723] [] dccp_write_xmit+0x1eb/0x338 [dccp] [ 4039.051741] [] dccp_sendmsg+0x113/0x18f [dccp] [ 4039.051750] [] inet_sendmsg+0x2e/0x4c [ 4039.051758] [] sock_aio_write+0xd5/0x107 [ 4039.051766] [] do_sync_write+0xcd/0x11c [ 4039.051772] [] vfs_write+0x118/0x11f [ 4039.051840] [] sys_write+0x3d/0x64 [ 4039.051845] [] syscall_call+0x7/0xb [ 4039.051848] ======================= The problem was that GFP_KERNEL was used; fixed by using gfp_any(). Signed-off-by: Gerrit Renker Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller --- net/dccp/ccids/ccid2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c index 248d20f4c7c4..d29b88fe723c 100644 --- a/net/dccp/ccids/ccid2.c +++ b/net/dccp/ccids/ccid2.c @@ -298,7 +298,7 @@ static void ccid2_hc_tx_packet_sent(struct sock *sk, int more, unsigned int len) int rc; ccid2_pr_debug("allocating more space in history\n"); - rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, GFP_KERNEL); + rc = ccid2_hc_tx_alloc_seq(hctx, CCID2_SEQBUF_LEN, gfp_any()); BUG_ON(rc); /* XXX what do we do? */ next = hctx->ccid2hctx_seqh->ccid2s_next; -- cgit v1.2.3 From d92a7db710c32db826a00ba9bc7a22e741d5041e Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 21 Aug 2007 00:06:37 -0700 Subject: [SNAP]: Check packet length before reading The snap_rcv code reads 5 bytes so we should make sure that we have 5 bytes in the head before proceeding. Based on diagnosis and fix by Evgeniy Polyakov, reported by Alan J. Wylie. Patch also kills the skb->sk assignment before kfree_skb since it's redundant. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/802/psnap.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'net') diff --git a/net/802/psnap.c b/net/802/psnap.c index 04ee43e7538f..31128cb92a23 100644 --- a/net/802/psnap.c +++ b/net/802/psnap.c @@ -55,6 +55,9 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev, .type = __constant_htons(ETH_P_SNAP), }; + if (unlikely(!pskb_may_pull(skb, 5))) + goto drop; + rcu_read_lock(); proto = find_snap_client(skb_transport_header(skb)); if (proto) { @@ -62,14 +65,18 @@ static int snap_rcv(struct sk_buff *skb, struct net_device *dev, skb->transport_header += 5; skb_pull_rcsum(skb, 5); rc = proto->rcvfunc(skb, dev, &snap_packet_type, orig_dev); - } else { - skb->sk = NULL; - kfree_skb(skb); - rc = 1; } - rcu_read_unlock(); + + if (unlikely(!proto)) + goto drop; + +out: return rc; + +drop: + kfree_skb(skb); + goto out; } /* -- cgit v1.2.3 From 8984e41d18a545320201950b8721e7ce3ac2a5e7 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Tue, 21 Aug 2007 20:59:08 -0700 Subject: [IPV6]: Fix kernel panic while send SCTP data with IP fragments If ICMP6 message with "Packet Too Big" is received after send SCTP DATA, kernel panic will occur when SCTP DATA is send again. This is because of a bad dest address when call to skb_copy_bits(). The messages sequence is like this: Endpoint A Endpoint B <------- SCTP DATA (size=1432) ICMP6 message -------> (Packet Too Big pmtu=1280) <------- Resend SCTP DATA (size=1432) ------------kernel panic--------------- printing eip: c05be62a *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: scomm l2cap bluetooth ipv6 dm_mirror dm_mod video output sbs battery lp floppy sg i2c_piix4 i2c_core pcnet32 mii button ac parport_pc parport ide_cd cdrom serio_raw mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 00010282 (2.6.23-rc2 #1) EIP is at skb_copy_bits+0x4f/0x1ef eax: 000004d0 ebx: ce12a980 ecx: 00000134 edx: cfd5a880 esi: c8246858 edi: 00000000 ebp: c0759b14 esp: c0759adc ds: 007b es: 007b fs: 00d8 gs: 0000 ss: 0068 Process swapper (pid: 0, ti=c0759000 task=c06d0340 task.ti=c0713000) Stack: c0759b88 c0405867 ce12a980 c8bff838 c789c084 00000000 00000028 cfd5a880 d09f1890 000005dc 0000007b ce12a980 cfd5a880 c8bff838 c0759b88 d09bc521 000004d0 fffff96c 00000200 00000100 c0759b50 cfd5a880 00000246 c0759bd4 Call Trace: [] show_trace_log_lvl+0x1a/0x2f [] show_stack_log_lvl+0x9b/0xa3 [] show_registers+0x1b8/0x289 [] die+0x113/0x246 [] do_page_fault+0x4ad/0x57e [] error_code+0x72/0x78 [] ip6_output+0x8e5/0xab2 [ipv6] [] ip6_xmit+0x2ea/0x3a3 [ipv6] [] sctp_v6_xmit+0x248/0x253 [sctp] [] sctp_packet_transmit+0x53f/0x5ae [sctp] [] sctp_outq_flush+0x555/0x587 [sctp] [] sctp_retransmit+0xf8/0x10f [sctp] [] sctp_icmp_frag_needed+0x57/0x5b [sctp] [] sctp_v6_err+0xcd/0x148 [sctp] [] icmpv6_notify+0xe6/0x167 [ipv6] [] icmpv6_rcv+0x7d7/0x849 [ipv6] [] ip6_input+0x1dc/0x310 [ipv6] [] ipv6_rcv+0x294/0x2df [ipv6] [] netif_receive_skb+0x2d2/0x335 [] process_backlog+0x7f/0xd0 [] net_rx_action+0x96/0x17e [] __do_softirq+0x64/0xcd [] do_softirq+0x5c/0xac ======================= Code: 00 00 29 ca 89 d0 2b 45 e0 89 55 ec 85 c0 7e 35 39 45 08 8b 55 e4 0f 4e 45 08 8b 75 e0 8b 7d dc 89 c1 c1 e9 02 03 b2 a0 00 00 00 a5 89 c1 83 e1 03 74 02 f3 a4 29 45 08 0f 84 7b 01 00 00 01 EIP: [] skb_copy_bits+0x4f/0x1ef SS:ESP 0068:c0759adc Kernel panic - not syncing: Fatal exception in interrupt Arnaldo says: ==================== Thanks! I'm to blame for this one, problem was introduced in: b0e380b1d8a8e0aca215df97702f99815f05c094 @@ -761,7 +762,7 @@ slow_path: /* * Copy a block of the IP datagram. */ - if (skb_copy_bits(skb, ptr, frag->h.raw, len)) + if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len)) BUG(); left -= len; ==================== Signed-off-by: Wei Yongjun Acked-by: YOSHIFUJI Hideaki Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller --- net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 50d86e94d9ed..5dead399fe64 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -794,7 +794,7 @@ slow_path: /* * Copy a block of the IP datagram. */ - if (skb_copy_bits(skb, ptr, skb_transport_header(skb), len)) + if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) BUG(); left -= len; -- cgit v1.2.3 From 2c20d72aaadd41fdf0a3b6cb8514c2f7b7d263e4 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Tue, 21 Aug 2007 00:10:50 -0700 Subject: [IRDA]: Avoid a label defined but not used warning in irda_init() Easily avoidable compiler warnings bug me. Building irmod without CONFIG_SYSCTL currently results in : net/irda/irmod.c:132: warning: label 'out_err_2' defined but not used But that can easily be avoided by simply moving the label inside the existing "#ifdef CONFIG_SYSCTL" one line above it. This patch moves the label and buys us one less warning with no ill effects. Signed-off-by: Jesper Juhl Signed-off-by: David S. Miller --- net/irda/irmod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/irda/irmod.c b/net/irda/irmod.c index 1900937b3328..8ba703da2797 100644 --- a/net/irda/irmod.c +++ b/net/irda/irmod.c @@ -128,8 +128,8 @@ static int __init irda_init(void) out_err_3: #ifdef CONFIG_SYSCTL irda_sysctl_unregister(); -#endif out_err_2: +#endif #ifdef CONFIG_PROC_FS irda_proc_unregister(); #endif -- cgit v1.2.3 From 22117ea4fef4ea1c7d97c4d68c02c96c268a511b Mon Sep 17 00:00:00 2001 From: Andy Whitcroft Date: Tue, 21 Aug 2007 21:23:39 -0700 Subject: [IRDA] irda_nl_get_mode: always results in failure It seems an extraneous trailing ';' has slipped in to the error handling for a name registration failure causing the error path to trigger unconditionally. Signed-off-by: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Samuel Ortiz Signed-off-by: David S. Miller --- net/irda/irnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/irda/irnetlink.c b/net/irda/irnetlink.c index 694ea4d92fa8..1e429c929739 100644 --- a/net/irda/irnetlink.c +++ b/net/irda/irnetlink.c @@ -106,7 +106,7 @@ static int irda_nl_get_mode(struct sk_buff *skb, struct genl_info *info) } if(nla_put_string(msg, IRDA_NL_ATTR_IFNAME, - dev->name)); + dev->name)) goto err_out; if(nla_put_u32(msg, IRDA_NL_ATTR_MODE, irlap->mode)) -- cgit v1.2.3