David Brownell [Thu, 15 Nov 2007 00:58:30 +0000 (16:58 -0800)]
RTCs: handle NVRAM better
Several of the RTC drivers are exporting binary "nvram" files in sysfs. Such
NVRAM (or on many systems, EEPROM) data is often initialized during system
manufacture to hold data about identity (serial numbers, Ethernet addresses,
etc), configuration, calibration, and so forth.
This patch improves integrity and security of those files:
- Correctly initializes the size in one of the two cases where
that was not yet being done.
- Improves system security/integrity by making this state not
be world-writable by default.
Letting arbitrary userspace code mangle such state by default is at least Not
A Good Thing; and it could sometimes be worse, depending on the particular
data that might be corrupted. (I disregard the paranoiac "don't let anyone
read it either" approach. Anyone storing passwords in such memory doesn't
really care about security.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: Torsten Ertbjerg Rasmussen <tr@newtec.dk> Cc: Mark Zhan <rongkai.zhan@windriver.com> Cc: Thomas Hommel <thomas.hommel@gefanuc.com> Acked-by: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Brownell [Thu, 15 Nov 2007 00:58:29 +0000 (16:58 -0800)]
rtc_hctosys expects RTCs in UTC (doc)
The RTC "hctosys" mechanism expects that RTC clock will use UTC, not local
time (e.g. PST). Say so in Kconfig and in the kernel message.
(Strictly speaking, the RTC clock should be tracking the POSIX epoch. That's
not worth going into here. Goofing timezones means clocks are wrong by many
hours; the POSIX-v-UTC differences just cost seconds.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Tue, 13 Nov 2007 17:09:36 +0000 (09:09 -0800)]
Merge branch 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6:
hwmon: (i5k_amb) Convert macros to C functions
hwmon: (w83781d) Add missing curly braces
hwmon: (abituguru3) Identify ABit IP35 Pro as such
hwmon: (f75375s) pwmX_mode sysfs files writable for f75375 variant
hwmon: (f75375s) On n2100 systems, set fans to full speed on boot
hwmon: (f75375s) Allow setting up fans with platform_data
hwmon: (f75375s) Add new style bindings
hwmon: (lm70) Convert semaphore to mutex
hwmon: (applesmc) Add support for Mac Pro 2 x Quad-Core
hwmon: (abituguru3) Add support for 2 new motherboards
hwmon: (ibmpex) Change printk to dev_{info,err} macros
hwmon: (i5k_amb) New memory temperature sensor driver
hwmon: (f75375s) fix pwm mode setting
hwmon: (ibmpex.c) fix NULL dereference
hwmon: (sis5595) Split sis5595_attributes_opt
hwmon: (sis5595) Add individual alarm files
hwmon: (w83627hf) push nr+1 offset into *_REG_FAN macros and simplify
hwmon: (w83627hf) hoist nr-1 offset out of show-store-temp-X
hwmon: Add power meter spec to Documentation/hwmon/sysfs-interface
Linus Torvalds [Tue, 13 Nov 2007 17:04:03 +0000 (09:04 -0800)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Silence an annoying boot message
[POWERPC] Fix early btext debug on PowerMac
[POWERPC] Demote clockevent printk to KERN_DEBUG
[POWERPC] Fix CONFIG_SMP=n build error on ppc64
[POWERPC] Avoid unpaired stwcx. on some processors
[POWERPC] Fix oops related to 4xx flush_tlb_page modification
[POWERPC] cpm: Fix a couple minor issues in cpm_common.c.
[POWERPC] Add -mno-spe for ARCH=powerpc builds
The cost of doing the bitmap validation on each lookup - even when the
bitmap is cached - is absolutely prohibitive. We could, and probably
should, do it only when adding the bitmap to the buffer cache. However,
right now we are better off just reverting it.
Peter Zijlstra measured the cost of this extra validation as a 85%
decrease in cached iozone, and while I had a patch that took it down to
just 17% by not being _quite_ so stupid in the validation, it was still
a big slowdown that could have been avoided by just doing it right.
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com> Cc: Andreas Dilger <adilger@clusterfs.com> Cc: Mingming Cao <cmm@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Denis V. Lunev [Tue, 13 Nov 2007 11:23:21 +0000 (03:23 -0800)]
[NET]: Cleanup pernet operation without CONFIG_NET_NS
If CONFIG_NET_NS is not set, the only namespace is possible.
This patch removes list of pernet_operations and cleanups code a bit.
This list is not needed if there are no namespaces. We should just call
->init method.
Additionally, the ->exit will be called on module unloading only. This
case is safe - the code is not discarded. For the in/kernel code, ->exit
should never be called.
Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Roel Kluin [Tue, 13 Nov 2007 11:16:17 +0000 (03:16 -0800)]
[MYRI_SBUS]: Prevent that myri_do_handshake lies about ticks.
With '<=' tick can be incremented up to 26, The last loop is redundant
since even when 'softstate' becomes 'STATE_READY', 'if (tick > 25)'
will still cause the function to return -1,
Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: David S. Miller <davem@davemloft.net>
Packets routed between bridges have the POST_ROUTING hook invoked
twice since bridging mistakes them for bridged packets because
they have skb->nf_bridge set.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Tue, 13 Nov 2007 10:58:09 +0000 (02:58 -0800)]
[NETFILTER]: Consolidate nf_sockopt and compat_nf_sockopt
Both lookup the nf_sockopt_ops object to call the get/set callbacks
from, but they perform it in a completely similar way.
Introduce the helper for finding the ops.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Rothwell [Tue, 13 Nov 2007 04:41:49 +0000 (15:41 +1100)]
[POWERPC] Silence an annoying boot message
vmemmap_populate will printk (with KERN_WARNING) for a lot of pages
if CONFIG_SPARSEMEM_VMEMMAP is enabled (at least it does on iSeries).
Use pr_debug for it instead.
Replace the only other use of DBG in this file with pr_debug as well.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
Matt Carlson [Tue, 13 Nov 2007 05:23:21 +0000 (21:23 -0800)]
[TG3]: Update version to 3.86
This patch updates the version number to 3.86
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Olof Johansson [Sat, 10 Nov 2007 20:59:29 +0000 (07:59 +1100)]
[POWERPC] Fix CONFIG_SMP=n build error on ppc64
The patch "KVM: fix !SMP build error" change the way smp_call_function()
actually uses the passed in function names on non-SMP builds. So
previously it was never caught that the function passed in was never
actually defined.
This causes a build error on ppc64_defconfig + CONFIG_SMP=n:
arch/powerpc/mm/tlb_64.c: In function 'pgtable_free_now':
arch/powerpc/mm/tlb_64.c:71: error: 'pte_free_smp_sync' undeclared (first use in this function)
arch/powerpc/mm/tlb_64.c:71: error: (Each undeclared identifier is reported only once
arch/powerpc/mm/tlb_64.c:71: error: for each function it appears in.)
So we need to define it even if CONFIG_SMP is off. Either that or ifdef
out the smp_call_function() call, but that's ugly.
Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
Becky Bruce [Fri, 9 Nov 2007 22:17:49 +0000 (09:17 +1100)]
[POWERPC] Avoid unpaired stwcx. on some processors
The context switch code in the kernel issues a dummy stwcx. to clear the
reservation, as recommended by the architecture. However, some processors
can have issues if this stwcx to address A occurs while the reservation
is already held to a different address B. To avoid this problem, the dummy
stwcx. needs to be paired with a dummy lwarx to the same address.
This adds the dummy lwarx, and creates a cpu feature bit to indicate
which cpus are affected. Tested on mpc8641_hpcn_defconfig in
arch/powerpc; build tested in arch/ppc.
Signed-off-by: Becky Bruce <becky.bruce@freescale.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Matt Carlson [Tue, 13 Nov 2007 05:22:40 +0000 (21:22 -0800)]
[TG3]: MII => TP
This patch changes the PHY type reported through ethtool for copper
devices from MII to TP. The latter is more accurate.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:22:02 +0000 (21:22 -0800)]
[TG3]: Add A1 revs
This patch adds the A1 revision of 5784, 5764, and 5761, and applies all
previous bugfixes. In places where the list of devices gets too long,
the patch uses a new TG3_FLG3_5761_5784_AX_FIXES flag instead.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:19:37 +0000 (21:19 -0800)]
[TG3]: Increase the PCI MRRS
Previous devices hardcoded the PCI Maximum Read Request Size to 4K. To
better comply with the PCI spec, the hardware now defaults the MRRS to
512 bytes. This will yield poor driver performance if left untouched.
This patch increases the MRRS to 4K on driver initialization.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:18:04 +0000 (21:18 -0800)]
[TG3]: Prescaler fix
Internal hardware timers become inaccurate after link events. Clock
frequency switches performed by the CPMU fail to adjust timer
prescalers. The fix is to detect core clock frequency changes during
link events and adjust the timer prescalers accordingly.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:17:07 +0000 (21:17 -0800)]
[TG3]: Limit 5784 / 5764 to MAC LED mode
Most 5784 / 5764 LED modes do not work as expected because of a hardware
bug. This patch forces the LED mode to be in MAC LED mode.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:16:17 +0000 (21:16 -0800)]
[TG3]: Disable GPHY autopowerdown
New CPMU devices contend with the GPHY for power management. The GPHY
autopowerdown feature is enabled by default in the PHY and thus needs to
be disabled after every PHY reset.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:11:51 +0000 (21:11 -0800)]
[TG3]: CPMU adjustments for loopback tests
This patch adds the LINK_SPEED mode to the list of CPMU modes that can
cause the loopback tests to fail. These bugs are planned to be fixed in
future revisions of the chip, so the patch qualifies the fixes as such.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:10:58 +0000 (21:10 -0800)]
[TG3]: Fix nvram selftest failures
Newer devices contain bootcode in the chip's private ROM area. This
bootcode is called selfboot. Selfboot can be patched in the device's
NVRAM and the patches can have several formats. In one particular
format, the checksum calculation needs to be slightly modified. This
patch adjusts the NVRAM test code for that case, and add support for the
missing formats.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:10:06 +0000 (21:10 -0800)]
[TG3]: 5784 / 5764 DMA engine lockup fix
5784 and 5764 devices lock up when the link speed is 10Mbps, the CPMU
link speed mode is enabled, and the MAC clock is running at 1.5Mhz. The
fix is to run the MAC clock at faster speeds.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:08:59 +0000 (21:08 -0800)]
[TG3]: APE flag fix
This patch corrects a bug where the ENABLE_APE flag was tested against
the wrong flag variable.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:08:03 +0000 (21:08 -0800)]
[TG3]: 5784 / 5764 GPHY power down fix
5784 and 5764 devices fail to link / pass traffic after one load /
unload cycle. This happens because of a hardware bug in the new CPMU.
During normal operation, the MAC depends on the PHY clock being
available. When the PHY is powered down, the clock the MAC depends on
is disabled. The fix is to switch the MAC clock to an alternate source
before powering down the PHY, and to restore the MAC clock to the PHY
source upon device resume.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Tue, 13 Nov 2007 05:07:01 +0000 (21:07 -0800)]
[TG3]: Fix 5761 PXEboot crash
When 5761 devices boot the machine using PXEboot, PXE leaves the device
active when it terminates. The tg3 driver has code to detect this
condition and resets the device during initialization. On 5761 devices,
device resets involve sending a driver state update message to the APE
on the 5761. However, during this initialization stage, communications
to the APE registers have not yet been set up. The driver then
dereferences a NULL pointer and crashes the machine. The fix is to move
the APE register access setup earlier in the initialization code to
cover this condition.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Trond Myklebust [Tue, 13 Nov 2007 02:10:39 +0000 (18:10 -0800)]
[NET]: Add the helper kernel_sock_shutdown()
...and fix a couple of bugs in the NBD, CIFS and OCFS2 socket handlers.
Looking at the sock->op->shutdown() handlers, it looks as if all of them
take a SHUT_RD/SHUT_WR/SHUT_RDWR argument instead of the
RCV_SHUTDOWN/SEND_SHUTDOWN arguments.
Add a helper, and then define the SHUT_* enum to ensure that kernel users
of shutdown() don't get confused.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Acked-by: Mark Fasheh <mark.fasheh@oracle.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Tue, 13 Nov 2007 02:09:25 +0000 (18:09 -0800)]
[SUNGEM]: Fix suspend regression due to NAPI changes.
Commit bea3348e (the NAPI changes) made sungem unconditionally enable
NAPI when resuming and unconditionally disable when suspending, this,
however, makes napi_disable() hang when suspending when the interface
was taken down before suspend because taking the interface down also
disables NAPI. This patch makes touching the napi struct in
suspend/resume code paths depend on having the interface up, thereby
fixing the hang on suspend.
The patch also moves the napi_disable() in gem_close() under the lock so
that the NAPI state is always modified atomically together with the
"opened" variable.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Roland McGrath [Mon, 12 Nov 2007 23:41:55 +0000 (15:41 -0800)]
sigwait eats blocked default-ignore signals
While a signal is blocked, it must be posted even if its action is
SIG_IGN or is SIG_DFL with the default action to ignore. This works
right most of the time, but is broken when a sigwait (rt_sigtimedwait)
is in progress. This changes the early-discard check to respect
real_blocked. ~blocked is the set to check for "should wake up now",
but ~(blocked|real_blocked) is the set for "blocked" semantics as
defined by POSIX.
This fixes bugzilla entry 9347, see
http://bugzilla.kernel.org/show_bug.cgi?id=9347
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
J. Bruce Fields [Mon, 12 Nov 2007 21:05:03 +0000 (16:05 -0500)]
nfsd4: recheck for secure ports in fh_verify
As with commit 7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1 ("knfsd: nfsd:
call nfsd_setuser() on fh_compose(), fix nfsd4 permissions problem")
this is a case where we need to redo a security check in fh_verify()
even though the filehandle already has an associated dentry--if the
filehandle was created by fh_compose() in an earlier operation of the
nfsv4 compound, then we may not have done these checks yet.
Without this fix it is possible, for example, to traverse from an export
without the secure ports requirement to one with it in a single
compound, and bypass the secure port check on the new export.
While we're here, fix up some minor style problems and change a printk()
to a dprintk(), to make it harder for random unprivileged users to spam
the logs.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Reviewed-By: NeilBrown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
J. Bruce Fields [Mon, 12 Nov 2007 21:05:02 +0000 (16:05 -0500)]
knfsd: fix spurious EINVAL errors on first access of new filesystem
The v2/v3 acl code in nfsd is translating any return from fh_verify() to
nfserr_inval. This is particularly unfortunate in the case of an
nfserr_dropit return, which is an internal error meant to indicate to
callers that this request has been deferred and should just be dropped
pending the results of an upcall to mountd.
Thanks to Roland <devzero@web.de> for bug report and data collection.
Cc: Roland <devzero@web.de> Acked-by: Andreas Gruenbacher <agruen@suse.de> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Reviewed-By: NeilBrown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexey Dobriyan reports that it causes huge slowdowns under some loads,
in his case a "mkfs.ext2" on a 30G partition. With the placement bias,
the mkfs took over four minutes, with it reverted it's back to about ten
seconds for Alexey.
Linus Torvalds [Mon, 12 Nov 2007 19:13:54 +0000 (11:13 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
KVM: SVM: Intercept the 'invd' and 'wbinvd' instructions
KVM: x86 emulator: invd instruction
KVM: SVM: Defer nmi processing until switch to host state is complete
KVM: SVM: Fix SMP with kernel apic
KVM: x86 emulator: fix 'push imm8' emulation
Linus Torvalds [Mon, 12 Nov 2007 19:13:31 +0000 (11:13 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-virtio
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-virtio:
virtio: Force use of power-of-two for descriptor ring sizes
lguest: Fix lguest virtio-blk backend size computation
virtio: Fix used_idx wrap-around
virtio: more fallout from scatterlist changes.
virtio: fix vring_init for 64 bits
Linus Torvalds [Mon, 12 Nov 2007 19:12:06 +0000 (11:12 -0800)]
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (39 commits)
[INET]: Small possible memory leak in FIB rules
[NETNS]: init dev_base_lock only once
[UNIX]: The unix_nr_socks limit can be exceeded
[AF_UNIX]: Convert socks to unix_socks in scan_inflight, not in callbacks
[AF_UNIX]: Make unix_tot_inflight counter non-atomic
[AF_PACKET]: Allow multicast traffic to be caught by ORIGDEV when bonded
ssb: Fix PCMCIA-host lowlevel bus access
mac80211: fix MAC80211_RCSIMPLE Kconfig
mac80211: make "decrypt failed" messages conditional upon MAC80211_DEBUG
mac80211: use IW_AUTH_PRIVACY_INVOKED rather than IW_AUTH_KEY_MGMT
mac80211: remove unused driver ops
mac80211: remove ieee80211_common.h
softmac: MAINTAINERS update
rfkill: Fix sparse warning
rfkill: Use mutex_lock() at register and add sanity check
iwlwifi: select proper rate control algorithm
mac80211: allow driver to ask for a rate control algorithm
mac80211: don't allow registering the same rate control twice
rfkill: Use subsys_initcall
mac80211: make simple rate control algorithm built-in
...
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (21 commits)
[CIFS] fix oops on second mount to same server when null auth is used
[CIFS] Fix stale mode after readdir when cifsacl specified
[CIFS] add mode to acl conversion helper function
[CIFS] Fix incorrect mode when ACL had deny access control entries
[CIFS] Add uid to key description so krb can handle user mounts
[CIFS] Fix walking out end of cifs dacl
[CIFS] Add upcall files for cifs to use spnego/kerberos
[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines
[CIFS] Register and unregister cifs_spnego_key_type on module init/exit
[CIFS] implement upcalls for SPNEGO blob via keyctl API
[CIFS] allow cifs_calc_signature2 to deal with a zero length iovec
[CIFS] If no Access Control Entries, set mode perm bits to zero
[CIFS] when mount helper missing fix slash wrong direction in share
[CIFS] Don't request too much permission when reading an ACL
[CIFS] enable get mode from ACL when cifsacl mount option specified
[CIFS] ACL support part 8
[CIFS] acl support part 7
[CIFS] acl support part 6
[CIFS] acl support part 6
[CIFS] remove unused funtion compile warning when experimental off
...
Siddha, Suresh B [Sun, 11 Nov 2007 19:27:59 +0000 (11:27 -0800)]
x86: fix taking DNA during 64bit sigreturn
restore sigcontext is taking a DNA exception while restoring FP context
from the user stack, during the sigreturn. Appended patch fixes it by
doing clts() if the app doesn't touch FP during the signal handler
execution. This will stop generating a DNA, during the fxrstor in the
sigreturn.
This improves 64-bit lat_sig numbers by ~30% on my core2 platform.
Roland McGrath [Mon, 12 Nov 2007 03:13:43 +0000 (19:13 -0800)]
core dump: remain dumpable
The coredump code always calls set_dumpable(0) when it starts (even
if RLIMIT_CORE prevents any core from being dumped). The effect of
this (via task_dumpable) is to make /proc/pid/* files owned by root
instead of the user, so the user can no longer examine his own
process--in a case where there was never any privileged data to
protect. This affects e.g. auxv, environ, fd; in Fedora (execshield)
kernels, also maps. In practice, you can only notice this when a
debugger has requested PTRACE_EVENT_EXIT tracing.
set_dumpable was only used in do_coredump for synchronization and not
intended for any security purpose. (It doesn't secure anything that wasn't
already unsecured when a process dies by SIGTERM instead of SIGQUIT.)
This changes do_coredump to check the core_waiters count as the means of
synchronization, which is sufficient. Now we leave the "dumpable" bits alone.
Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jesper Juhl [Sun, 11 Nov 2007 22:57:49 +0000 (23:57 +0100)]
Fix memory leak in discard case of sctp_sf_abort_violation()
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak
the storage allocated for 'abort' by returning from the function
without using or freeing it. This happens in case
"sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to
the 'discard' label.
Spotted by the Coverity checker.
The simple fix is to simply move the creation of the "abort chunk"
to after the possible jump to the 'discard' label. This way we don't
even have to allocate the memory at all in the problem case.
Rusty Russell [Mon, 12 Nov 2007 02:39:18 +0000 (13:39 +1100)]
virtio: Force use of power-of-two for descriptor ring sizes
The virtio descriptor rings of size N-1 were nicely set up to be
aligned to an N-byte boundary. But as Anthony Liguori points out, the
free-running indices used by virtio require that the sizes be a power
of 2, otherwise we get problems on wrap (demonstrated with lguest).
So we replace the clever "2^n-1" scheme with a simple "align to page
boundary" scheme: this means that all virtio rings take at least two
pages, but it's safer than guessing cache alignment.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Anthony Liguori [Wed, 7 Nov 2007 21:49:24 +0000 (15:49 -0600)]
virtio: Fix used_idx wrap-around
The more_used() function compares the vq->vring.used->idx with last_used_idx.
Since vq->vring.used->idx is a 16-bit integer, and last_used_idx is an
unsigned int, this results in unpredictable behavior when vq->vring.used->idx
wraps around.
This patch corrects this by changing last_used_idx to the correct type.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Anthony Liguori [Wed, 7 Nov 2007 05:31:52 +0000 (16:31 +1100)]
virtio: fix vring_init for 64 bits
This patch fixes a typo in vring_init(). This happens to work today in lguest
because the sizeof(struct vring_desc) is 16 and struct vring contains 3
pointers and an unsigned int so on 32-bit
sizeof(struct vring_desc) == sizeof(struct vring). However, this is no longer
true on 64-bit where the bug is exposed.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Denis V. Lunev [Sun, 11 Nov 2007 06:12:03 +0000 (22:12 -0800)]
[INET]: Small possible memory leak in FIB rules
This patch fixes a small memory leak. Default fib rules can be deleted by
the user if the rule does not carry FIB_RULE_PERMANENT flag, f.e. by
ip rule flush
Such a rule will not be freed as the ref-counter has 2 on start and becomes
clearly unreachable after removal.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Sun, 11 Nov 2007 06:08:30 +0000 (22:08 -0800)]
[UNIX]: The unix_nr_socks limit can be exceeded
The unix_nr_socks value is limited with the 2 * get_max_files() value,
as seen from the unix_create1(). However, the check and the actual
increment are separated with the GFP_KERNEL allocation, so this limit
can be exceeded under a memory pressure - task may go to sleep freeing
the pages and some other task will be allowed to allocate a new sock
and so on and so forth.
So make the increment before the check (similar thing is done in the
sock_kmalloc) and go to kmalloc after this.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Pavel Emelyanov [Sun, 11 Nov 2007 06:07:13 +0000 (22:07 -0800)]
[AF_UNIX]: Convert socks to unix_socks in scan_inflight, not in callbacks
The scan_inflight() routine scans through the unix sockets and calls
some passed callback. The fact is that all these callbacks work with
the unix_sock objects, not the sock ones, so make this conversion in
the scan_inflight() before calling the callbacks.
This removes one unneeded variable from the inc_inflight_move_tail().
Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_PACKET]: Allow multicast traffic to be caught by ORIGDEV when bonded
The socket option for packet sockets to return the original ifindex instead
of the bonded ifindex will not match multicast traffic. Since this socket
option is the most useful for layer 2 traffic and multicast traffic, make
the option multicast-aware.
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
mac80211: make "decrypt failed" messages conditional upon MAC80211_DEBUG
Make "decrypt failed" and "have no key" debugging messages compile
conditionally upon CONFIG_MAC80211_DEBUG. They have been useful for
finding certain problems in the past, but in many cases they just
clutter a user's logs.
A typical example is an enviornment where multiple SSIDs are using a
single BSSID but with different protection schemes or different keys
for each SSID. In such an environment these messages are just noise.
Let's just leave them for those interested enough to turn-on debugging.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sat, 3 Nov 2007 13:11:10 +0000 (13:11 +0000)]
mac80211: use IW_AUTH_PRIVACY_INVOKED rather than IW_AUTH_KEY_MGMT
In the long bug-hunt for why dynamic WEP networks didn't work it
turned out that mac80211 incorrectly uses IW_AUTH_KEY_MGMT while
it should use IW_AUTH_PRIVACY_INVOKED to determine whether to
associate to protected networks or not.
This patch changes the behaviour to be that way and clarifies the
existing code.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: Jouni Malinen <j@w1.fi> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Tue, 30 Oct 2007 14:58:18 +0000 (15:58 +0100)]
mac80211: remove unused driver ops
The driver operations set_ieee8021x(), set_port_auth() and
set_privacy_invoked() are not used by any drivers, except
set_privacy_invoked() they aren't even used by mac80211.
Remove them at least until we need to support drivers with
mac80211 that require getting this information.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Michael Wu <flamingice@sourmilk.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Mon, 5 Nov 2007 13:32:35 +0000 (14:32 +0100)]
softmac: MAINTAINERS update
This patch marks softmac as obsolete in MAINTAINERS and removes Joe and
myself as maintainers, we're no longer using it nor interested in the
code in any way. Also remove the website reference because I took it
offline. Hopefully the code will go away in 2.6.25.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Joseph Jezak <josejx@gentoo.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sun, 28 Oct 2007 14:16:50 +0000 (15:16 +0100)]
rfkill: Use mutex_lock() at register and add sanity check
Replace mutex_lock_interruptible() by mutex_lock() in rfkill_register(),
as interruptible doesn't make sense there.
Add a sanity check for rfkill->type, as that's used for an unchecked dereference
in an array and might cause hard to debug crashes if the driver sets this
to an invalid value.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:53:36 +0000 (14:53 +0100)]
iwlwifi: select proper rate control algorithm
Prior to this patch, iwlwifi would always use the first
registered rate control algorithm which, depending on system
setup, could be anything. After the mac80211 patch to make
the simple algorithm built-in, it would always be simple.
This has always been a bug in iwlwifi.
This fixes it by requesting that mac80211 selects the right
rate control algorithm.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:51:05 +0000 (14:51 +0100)]
mac80211: allow driver to ask for a rate control algorithm
This allows a driver to ask for a specific rate control algorithm.
The rate control algorithm asked for must be registered and be
available as a module or built-in.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:49:33 +0000 (14:49 +0100)]
mac80211: don't allow registering the same rate control twice
Previously, mac80211 would allow registering the same rate control
algorithm twice. This is a programming error in the registration
and should not happen; additionally the second version could never
be selected. Disallow this and warn about it.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Johannes Berg [Sun, 28 Oct 2007 13:17:44 +0000 (14:17 +0100)]
mac80211: make simple rate control algorithm built-in
Too frequently people do not have module autoloading enabled
or fail to install the rate control module correctly, hence
their hardware probing fails due to no rate control algorithm
being available. This makes the 'simple' algorithm built into
the mac80211 module unless EMBEDDED is enabled in which case
it can be disabled (eg. if the wanted driver requires another
rate control algorithm.)
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Acked-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sun, 28 Oct 2007 12:07:54 +0000 (13:07 +0100)]
rfkill: Register LED triggers before registering switch
Registering the switch triggers a LED event, so we must register
LED triggers before the switch.
This has a potential to fix a crash, depending on how the device
driver initializes the rfkill data structure.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Michael Buesch [Sat, 27 Oct 2007 13:14:39 +0000 (15:14 +0200)]
ssb: Fix initcall ordering
ssb must init after PCI but before the ssb drivers.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Cc: Christian Casteyde <casteyde.christian@free.fr>
Fixes-bug: #9219 Signed-off-by: John W. Linville <linville@tuxdriver.com>
The MLME request reason code is host-endian and our passing
it to the low level functions is host-endian as well since
they do the swapping. I noticed that the reason code 768 was
sent (0x300) rather than 3 when wpa_supplicant terminates.
This removes the superfluous cpu_to_le16() call.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Radu Rendec [Sun, 11 Nov 2007 05:54:50 +0000 (21:54 -0800)]
[PKT_SCHED] CLS_U32: Use ffs() instead of C code on hash mask to get first set bit.
Computing the rank of the first set bit in the hash mask (for using later
in u32_hash_fold()) was done with plain C code. Using ffs() instead makes
the code more readable and improves performance (since ffs() is better
optimized in assembler).
Using the conditional operator on hash mask before applying ntohl() also
saves one ntohl() call if mask is 0.
Signed-off-by: Radu Rendec <radu.rendec@ines.ro> Signed-off-by: Jarek Poplawski <jarkao2@o2.pl> Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
Chuck Lever [Sun, 11 Nov 2007 05:53:30 +0000 (21:53 -0800)]
[NET]: Fix skb_truesize_check() assertion
The intent of the assertion in skb_truesize_check() is to check
for skb->truesize being decremented too much by other code,
resulting in a wraparound below zero.
The type of the right side of the comparison causes the compiler to
promote the left side to an unsigned type, despite the presence of an
explicit type cast. This defeats the check for negativity.
Ensure both sides of the comparison are a signed type to prevent the
implicit type conversion.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>