Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v2.6.26-rc5

Jun 05, 2008

  1. Linus Torvalds

    Linux 2.6.26-rc5

    torvalds authored
  2. Linus Torvalds

    Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
      l2tp: Fix possible oops if transmitting or receiving when tunnel goes down
      tcp: Fix for race due to temporary drop of the socket lock in skb_splice_bits.
      tcp: Increment OUTRSTS in tcp_send_active_reset()
      raw: Raw socket leak.
      lt2p: Fix possible WARN_ON from socket code when UDP socket is closed
      USB ID for Philips CPWUA054/00 Wireless USB Adapter 11g
      ssb: Fix context assertion in ssb_pcicore_dev_irqvecs_enable
      libertas: fix command size for CMD_802_11_SUBSCRIBE_EVENT
      ipw2200: expire and use oldest BSS on adhoc create
      airo warning fix
      b43legacy: Fix controller restart crash
      sctp: Fix ECN markings for IPv6
      sctp: Flush the queue only once during fast retransmit.
      sctp: Start T3-RTX timer when fast retransmitting lowest TSN
      sctp: Correctly implement Fast Recovery cwnd manipulations.
      sctp: Move sctp_v4_dst_saddr out of loop
      sctp: retran_path update bug fix
      tcp: fix skb vs fack_count out-of-sync condition
      sunhme: Cleanup use of deprecated calls to save_and_cli and restore_flags.
      xfrm: xfrm_algo: correct usage of RIPEMD-160
      ...
    torvalds authored
  3. Linus Torvalds

    Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
      sparc: switch /proc/led to seq_file
      sparc64: IO accessors fix
    torvalds authored

Jun 04, 2008

  1. l2tp: Fix possible oops if transmitting or receiving when tunnel goes…

    … down
    
    Some problems have been experienced in the field which cause an oops
    in the pppol2tp driver if L2TP tunnels fail while passing data.
    
    The pppol2tp driver uses private data that is referenced via the
    sk->sk_user_data of its UDP and PPPoL2TP sockets. This patch makes
    sure that the driver uses sock_hold() when it holds a reference to the
    sk pointer. This affects its sendmsg(), recvmsg(), getname(),
    [gs]etsockopt() and ioctl() handlers.
    
    Tested by ISP where problem was seen. System has been up 10 days with
    no oops since running this patch. Without the patch, an oops would
    occur every 1-2 days.
    
    Signed-off-by: James Chapman <jchapman@katalix.com> 
    Signed-off-by: David S. Miller <davem@davemloft.net>
    James Chapman authored davem330 committed
  2. tcp: Fix for race due to temporary drop of the socket lock in skb_spl…

    …ice_bits.
    
    skb_splice_bits temporary drops the socket lock while iterating over
    the socket queue in order to break a reverse locking condition which
    happens with sendfile. This, however, opens a window of opportunity
    for tcp_collapse() to aggregate skbs and thus potentially free the
    current skb used in skb_splice_bits and tcp_read_sock.
    
    This patch fixes the problem by (re-)getting the same "logical skb"
    after the lock has been temporary dropped.
    
    Based on idea and initial patch from Evgeniy Polyakov.
    
    Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
    Acked-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Octavian Purdila authored davem330 committed
  3. tcp: Increment OUTRSTS in tcp_send_active_reset()

    TCP "resets sent" counter is not incremented when a TCP Reset is 
    sent via tcp_send_active_reset().
    
    Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Sridhar Samudrala authored davem330 committed
  4. raw: Raw socket leak.

    The program below just leaks the raw kernel socket
    
    int main() {
            int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
            struct sockaddr_in addr;
    
            memset(&addr, 0, sizeof(addr));
            inet_aton("127.0.0.1", &addr.sin_addr);
            addr.sin_family = AF_INET;
            addr.sin_port = htons(2048);
            sendto(fd,  "a", 1, MSG_MORE, &addr, sizeof(addr));
            return 0;
    }
    
    Corked packet is allocated via sock_wmalloc which holds the owner socket,
    so one should uncork it and flush all pending data on close. Do this in the
    same way as in UDP.
    
    Signed-off-by: Denis V. Lunev <den@openvz.org>
    Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Denis V. Lunev authored davem330 committed
  5. lt2p: Fix possible WARN_ON from socket code when UDP socket is closed

    If an L2TP daemon closes a tunnel socket while packets are queued in
    the tunnel's reorder queue, a kernel warning is logged because the
    socket is closed while skbs are still referencing it. The fix is to
    purge the queue in the socket's release handler.
    
    WARNING: at include/net/sock.h:351 udp_lib_unhash+0x41/0x68()
    Pid: 12998, comm: openl2tpd Not tainted 2.6.25 #8
     [<c0423c58>] warn_on_slowpath+0x41/0x51
     [<c05d33a7>] udp_lib_unhash+0x41/0x68
     [<c059424d>] sk_common_release+0x23/0x90
     [<c05d16be>] udp_lib_close+0x8/0xa
     [<c05d8684>] inet_release+0x42/0x48
     [<c0592599>] sock_release+0x14/0x60
     [<c059299f>] sock_close+0x29/0x30
     [<c046ef52>] __fput+0xad/0x15b
     [<c046f1d9>] fput+0x17/0x19
     [<c046c8c4>] filp_close+0x50/0x5a
     [<c046da06>] sys_close+0x69/0x9f
     [<c04048ce>] syscall_call+0x7/0xb
    
    Signed-off-by: James Chapman <jchapman@katalix.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    James Chapman authored davem330 committed
  6. davem330

    Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/…

    …linville/wireless-2.6
    davem330 authored
  7. USB ID for Philips CPWUA054/00 Wireless USB Adapter 11g

    Enable the Philips CPWUA054/00 in p54usb.
    
    Cc: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Felix Homann authored John W. Linville committed
  8. ssb: Fix context assertion in ssb_pcicore_dev_irqvecs_enable

    This fixes a context assertion in ssb that makes b44 print
    out warnings on resume.
    
    This fixes the following kernel oops:
    http://www.kerneloops.org/oops.php?number=12732
    http://www.kerneloops.org/oops.php?number=11410
    
    Signed-off-by: Michael Buesch <mb@bu3sch.de>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Michael Buesch authored John W. Linville committed
  9. libertas: fix command size for CMD_802_11_SUBSCRIBE_EVENT

    The size was two small by two bytes.
    
    Signed-off-by: Holger Schurig
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Holger Schurig authored John W. Linville committed
  10. ipw2200: expire and use oldest BSS on adhoc create

    If there are no networks on the free list, expire the oldest one when
    creating a new adhoc network.  Because ipw2200 and the ieee80211 stack
    don't actually cull old networks and place them back on the free list
    unless they are needed for new probe responses, over time the free list
    would become empty and creating an adhoc network would fail due to the !
    list_empty(...) check.
    
    Signed-off-by: Dan Williams <dcbw@redhat.com>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Dan Williams authored John W. Linville committed
  11. airo warning fix

    WARNING: space prohibited between function name and open parenthesis '('
    #22: FILE: drivers/net/wireless/airo.c:2907:
    +	while ((IN4500 (ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
    
    total: 0 errors, 1 warnings, 8 lines checked
    
    ./patches/wireless-airo-waitbusy-wont-delay.patch has style problems, please review.  If any of these errors
    are false positives report them to the maintainer, see
    CHECKPATCH in MAINTAINERS.
    
    Please run checkpatch prior to sending patches
    
    Cc: Dan Williams <dcbw@redhat.com>
    Cc: Roel Kluin <roel.kluin@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Andrew Morton authored John W. Linville committed
  12. b43legacy: Fix controller restart crash

    This fixes a kernel crash on rmmod, in the case where the controller
    was restarted before doing the rmmod.
    
    Signed-off-by: Michael Buesch <mb@bu3sch.de>
    Signed-off-by: John W. Linville <linville@tuxdriver.com>
    Michael Buesch authored John W. Linville committed
  13. sctp: Fix ECN markings for IPv6

    Commit e9df2e8 ("[IPV6]: Use
    appropriate sock tclass setting for routing lookup.") also changed the
    way that ECN capable transports mark this capability in IPv6.  As a
    result, SCTP was not marking ECN capablity because the traffic class
    was never set.  This patch brings back the markings for IPv6 traffic.
    
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Vlad Yasevich authored davem330 committed
  14. sctp: Flush the queue only once during fast retransmit.

    When fast retransmit is triggered by a sack, we should flush the queue
    only once so that only 1 retransmit happens.  Also, since we could
    potentially have non-fast-rtx chunks on the retransmit queue, we need
    make sure any chunks eligable for fast retransmit are sent first
    during fast retransmission.
    
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Vlad Yasevich authored davem330 committed
  15. sctp: Start T3-RTX timer when fast retransmitting lowest TSN

    When we are trying to fast retransmit the lowest outstanding TSN, we
    need to restart the T3-RTX timer, so that subsequent timeouts will
    correctly tag all the packets necessary for retransmissions.
    
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Vlad Yasevich authored davem330 committed
  16. sctp: Correctly implement Fast Recovery cwnd manipulations.

    Correctly keep track of Fast Recovery state and do not reduce
    congestion window multiple times during sucht state.
    
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Tested-by: Wei Yongjun <yjwei@cn.fujitsu.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Vlad Yasevich authored davem330 committed
  17. sctp: Move sctp_v4_dst_saddr out of loop

    There's no need to execute sctp_v4_dst_saddr() for each
    iteration, just move it out of loop.
    
    Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Gui Jianfeng authored davem330 committed
  18. sctp: retran_path update bug fix

    If the current retran_path is the only active one, it should
    update it to the the next inactive one.
    
    Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
    Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Gui Jianfeng authored davem330 committed
  19. davem330

    Merge branch 'net-2.6-misc-20080605a' of git://git.linux-ipv6.org/git…

    …root/yoshfuji/linux-2.6-fix
    davem330 authored
  20. tcp: fix skb vs fack_count out-of-sync condition

    This bug is able to corrupt fackets_out in very rare cases.
    In order for this to cause corruption:
      1) DSACK in the middle of previous SACK block must be generated.
      2) In order to take that particular branch, part or all of the
         DSACKed segment must already be SACKed so that we have that
         in cache in the first place.
      3) The new info must be top enough so that fackets_out will be
         updated on this iteration.
    ...then fack_count is updated while skb wasn't, then we walk again
    that particular segment thus updating fack_count twice for
    a single skb and finally that value is assigned to fackets_out
    by tcp_sacktag_one.
    
    It is safe to call tcp_sacktag_one just once for a segment (at
    DSACK), no need to call again for plain SACK.
    
    Potential problem of the miscount are limited to premature entry
    to recovery and to inflated reordering metric (which could even
    cancel each other out in the most the luckiest scenarios :-)).
    Both are quite insignificant in worst case too and there exists
    also code to reset them (fackets_out once sacked_out becomes zero
    and reordering metric on RTO).
    
    This has been reported by a number of people, because it occurred
    quite rarely, it has been very evasive. Andy Furniss was able to
    get it to occur couple of times so that a bit more info was
    collected about the problem using a debug patch, though it still
    required lot of checking around. Thanks also to others who have
    tried to help here.
    
    This is listed as Bugzilla #10346. The bug was introduced by
    me in commit 68f8353 ([TCP]: Rewrite SACK block processing & 
    sack_recv_cache use), I probably thought back then that there's
    need to scan that entry twice or didn't dare to make it go
    through it just once there. Going through twice would have
    required restoring fack_count after the walk but as noted above,
    I chose to drop the additional walk step altogether here.
    
    Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Ilpo Järvinen authored davem330 committed
  21. sunhme: Cleanup use of deprecated calls to save_and_cli and restore_f…

    …lags.
    
    Make use of local_irq_save and local_irq_restore rather then the
    deprecated save_and_cli and restore_flags calls.
    
    Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Mark Asselstine authored davem330 committed
  22. xfrm: xfrm_algo: correct usage of RIPEMD-160

    This patch fixes the usage of RIPEMD-160 in xfrm_algo which in turn
    allows hmac(rmd160) to be used as authentication mechanism in IPsec
    ESP and AH (see RFC 2857).
    
    Signed-off-by: Adrian-Ken Rueegsegger <rueegsegger@swiss-it.ch>
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Adrian-Ken Rueegsegger authored davem330 committed
  23. [IPV6]: Do not change protocol for UDPv6 sockets with pending sent data.

    Signed-off-by: Denis V. Lunev <den@openvz.org>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Denis V. Lunev authored YOSHIFUJI Hideaki committed
  24. [IPV6]: inet_sk(sk)->cork.opt leak

    IPv6 UDP sockets wth IPv4 mapped address use udp_sendmsg to send the data
    actually. In this case ip_flush_pending_frames should be called instead
    of ip6_flush_pending_frames.
    
    Signed-off-by: Denis V. Lunev <den@openvz.org>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Denis V. Lunev authored YOSHIFUJI Hideaki committed
  25. [IPV6]: Do not change protocol for raw IPv6 sockets.

    It is not allowed to change underlying protocol for
       int fd = socket(PF_INET6, SOCK_RAW, IPPROTO_UDP);
    
    Signed-off-by: Denis V. Lunev <den@openvz.org>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Denis V. Lunev authored YOSHIFUJI Hideaki committed
  26. [IPV6] NETNS: Handle ancillary data in appropriate namespace.

    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    YOSHIFUJI Hideaki authored
  27. [IPV6]: Check outgoing interface even if source address is unspecified.

    The outgoing interface index (ipi6_ifindex) in IPV6_PKTINFO
    ancillary data, is not checked if the source address (ipi6_addr)
    is unspecified.  If the ipi6_ifindex is the not-exist interface,
    it should be fail.
    
    Based on patch from Shan Wei <shanwei@cn.fujitsu.com> and
    Brian Haley <brian.haley@hp.com>.
    
    Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
    Signed-off-by: Brian Haley <brian.haley@hp.com>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    YOSHIFUJI Hideaki authored
  28. [IPV6]: Fix the data length of get destination options with short length

     If get destination options with length which is not enough for that
    option,getsockopt() will still return the real length of the option,
    which is larger then the buffer space.
     This is because ipv6_getsockopt_sticky() returns the real length of
    the option.
    
    This patch fix this problem.
    
    Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Yang Hongyang authored YOSHIFUJI Hideaki committed
  29. [IPV6]: Fix the return value of get destination options with NULL dat…

    …a pointer
    
    If we pass NULL data buffer to getsockopt(), it will return 0,
    and the option length is set to -EFAULT:
        getsockopt(sk, IPPROTO_IPV6, IPV6_DSTOPTS, NULL, &len);
    
    This is because ipv6_getsockopt_sticky() will return -EFAULT or
    -EINVAL if some error occur.
    
    This patch fix this problem.
    
    Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Yang Hongyang authored YOSHIFUJI Hideaki committed
  30. [IPV6] ADDRCONF: Allow longer lifetime on 64bit archs.

    - Allow longer lifetimes (>= 0x7fffffff/HZ) on 64bit archs
      by using unsigned long.
    - Shadow this arithmetic overflow workaround by introducing
      helper functions: addrconf_timeout_fixup() and
      addrconf_finite_timeout().
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    YOSHIFUJI Hideaki authored
  31. [IPV4] TUNNEL4: Fix incoming packet length check for inter-protocol t…

    …unnel.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    YOSHIFUJI Hideaki authored
  32. [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol t…

    …unnel.
    
    I discover a strange behavior in [ipv4 in ipv6] tunnel. When IPv6 tunnel
    payload is less than 40(0x28), packet can be sent to network, received in
    physical interface, but not seen in IP tunnel interface. No counter increase
    in tunnel interface.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Colin authored YOSHIFUJI Hideaki committed
Something went wrong with that request. Please try again.