From 322c8a3c364ef4d9ead17e86890c19816b0e262f Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 5 Feb 2008 02:51:39 -0800 Subject: [PATCH 01/21] [IPSEC] xfrm4_beet_input(): fix an if() A bug every C programmer makes at some point in time... Signed-off-by: Adrian Bunk Acked-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv4/xfrm4_mode_beet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c index e093a7b59e18..b47030ba162b 100644 --- a/net/ipv4/xfrm4_mode_beet.c +++ b/net/ipv4/xfrm4_mode_beet.c @@ -102,7 +102,7 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) XFRM_MODE_SKB_CB(skb)->protocol = ph->nexthdr; - if (!pskb_may_pull(skb, phlen)); + if (!pskb_may_pull(skb, phlen)) goto out; __skb_pull(skb, phlen); } From cc8274f50f2ad9a97a837451f63a0a3e65f7f490 Mon Sep 17 00:00:00 2001 From: Li Zefan Date: Tue, 5 Feb 2008 02:54:16 -0800 Subject: [PATCH 02/21] [IPV4]: Fix compile error building without CONFIG_FS_PROC compile error building without CONFIG_FS_PROC: net/ipv4/fib_frontend.c: In function 'fib_net_init': net/ipv4/fib_frontend.c:1032: error: implicit declaration of function 'fib_proc_ init' net/ipv4/fib_frontend.c: In function 'fib_net_exit': net/ipv4/fib_frontend.c:1047: error: implicit declaration of function 'fib_proc_ exit' Signed-off-by: Li Zefan Signed-off-by: David S. Miller --- include/net/ip_fib.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 90d1175f63de..8b12667f7a2b 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -266,6 +266,14 @@ static inline void fib_res_put(struct fib_result *res) #ifdef CONFIG_PROC_FS extern int __net_init fib_proc_init(struct net *net); extern void __net_exit fib_proc_exit(struct net *net); +#else +static inline int fib_proc_init(struct net *net) +{ + return 0; +} +static inline void fib_proc_exit(struct net *net) +{ +} #endif #endif /* _NET_FIB_H */ From 0aead543479e7f20013217fe3fc33a604fdd8944 Mon Sep 17 00:00:00 2001 From: Rami Rosen Date: Tue, 5 Feb 2008 02:56:48 -0800 Subject: [PATCH 03/21] [NET_SCHED]: Add #ifdef CONFIG_NET_EMATCH in net/sched/cls_flow.c (latest git broken build) The 2.6 latest git build was broken when using the following configuration options: CONFIG_NET_EMATCH=n CONFIG_NET_CLS_FLOW=y with the following error: net/sched/cls_flow.c: In function 'flow_dump': net/sched/cls_flow.c:598: error: 'struct tcf_ematch_tree' has no member named 'hdr' make[2]: *** [net/sched/cls_flow.o] Error 1 make[1]: *** [net/sched] Error 2 make: *** [net] Error 2 see the recent post by Li Zefan: http://www.spinics.net/lists/netdev/msg54434.html The reason for this crash is that struct tcf_ematch_tree (net/pkt_cls.h) is empty when CONFIG_NET_EMATCH is not defined. When CONFIG_NET_EMATCH is defined, the tcf_ematch_tree structure indeed holds a struct tcf_ematch_tree_hdr (hdr) as flow_dump() expects. This patch adds #ifdef CONFIG_NET_EMATCH in flow_dump to avoid this. Signed-off-by: Rami Rosen Signed-off-by: David S. Miller --- net/sched/cls_flow.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c index 5a7f6a3060fc..8d7698621f0a 100644 --- a/net/sched/cls_flow.c +++ b/net/sched/cls_flow.c @@ -594,11 +594,11 @@ static int flow_dump(struct tcf_proto *tp, unsigned long fh, if (tcf_exts_dump(skb, &f->exts, &flow_ext_map) < 0) goto nla_put_failure; - +#ifdef CONFIG_NET_EMATCH if (f->ematches.hdr.nmatches && tcf_em_tree_dump(skb, &f->ematches, TCA_FLOW_EMATCHES) < 0) goto nla_put_failure; - +#endif nla_nest_end(skb, nest); if (tcf_exts_dump_stats(skb, &f->exts, &flow_ext_map) < 0) From 6de1a9104034a2c58db3abdaf03cddb507225137 Mon Sep 17 00:00:00 2001 From: Daniel Lezcano Date: Tue, 5 Feb 2008 02:57:59 -0800 Subject: [PATCH 04/21] [IPV6]: Fix sysctl compilation error. Move ipv6_icmp_sysctl_init and ipv6_route_sysctl_init into the right ifdef section otherwise that does not compile when CONFIG_SYSCTL=yes and CONFIG_PROC_FS=no Signed-off-by: Daniel Lezcano Acked-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- include/net/ipv6.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index fa80ea48639d..c0c019f72ba9 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -110,7 +110,6 @@ struct frag_hdr { /* sysctls */ extern int sysctl_mld_max_msf; - extern struct ctl_path net_ipv6_ctl_path[]; #define _DEVINC(statname, modifier, idev, field) \ @@ -586,9 +585,6 @@ extern int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, int __user *optlen); #ifdef CONFIG_PROC_FS -extern struct ctl_table *ipv6_icmp_sysctl_init(struct net *net); -extern struct ctl_table *ipv6_route_sysctl_init(struct net *net); - extern int ac6_proc_init(void); extern void ac6_proc_exit(void); extern int raw6_proc_init(void); @@ -621,6 +617,8 @@ static inline int snmp6_unregister_dev(struct inet6_dev *idev) extern ctl_table ipv6_route_table_template[]; extern ctl_table ipv6_icmp_table_template[]; +extern struct ctl_table *ipv6_icmp_sysctl_init(struct net *net); +extern struct ctl_table *ipv6_route_sysctl_init(struct net *net); extern int ipv6_sysctl_register(void); extern void ipv6_sysctl_unregister(void); #endif From b9c4d82a853713d49ac53b507964d7cf30ee408d Mon Sep 17 00:00:00 2001 From: "Denis V. Lunev" Date: Tue, 5 Feb 2008 02:58:45 -0800 Subject: [PATCH 05/21] [IPV4]: Formatting fix for /proc/net/fib_trie. The line in the /proc/net/fib_trie for route with TOS specified - has extra \n at the end - does not have a space after route scope like below. |-- 1.1.1.1 /32 universe UNICASTtos =1 Signed-off-by: Denis V. Lunev Signed-off-by: David S. Miller --- net/ipv4/fib_trie.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 35851c96bdfb..f5fba3f71c06 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -2431,8 +2431,7 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v) rtn_type(buf2, sizeof(buf2), fa->fa_type)); if (fa->fa_tos) - seq_printf(seq, "tos =%d\n", - fa->fa_tos); + seq_printf(seq, " tos=%d", fa->fa_tos); seq_putc(seq, '\n'); } } From d2f19fa13ee5e78d4195a771f8f1ff7d42a80740 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Tue, 5 Feb 2008 03:02:26 -0800 Subject: [PATCH 06/21] [SCTP]: Fix kernel panic while received AUTH chunk while enabled auth If STCP is started while /proc/sys/net/sctp/auth_enable is set 0 and association is established between endpoints. Then if /proc/sys/net/sctp/auth_enable is set 1, a received AUTH chunk will cause kernel panic. Test as following: step 1: echo 0> /proc/sys/net/sctp/auth_enable step 2: SCTP client SCTP server INIT ---------> <--------- INIT-ACK COOKIE-ECHO ---------> <--------- COOKIE-ACK step 3: echo 1> /proc/sys/net/sctp/auth_enable step 4: SCTP client SCTP server AUTH -----------> Kernel Panic This patch fix this probleam to treat AUTH chunk as unknow chunk if peer has initialized with no auth capable. > Sorry for the delay. Was on vacation without net access. > > Wei Yongjun wrote: >> >> >> This patch fix this probleam to treat AUTH chunk as unknow chunk if >> peer has initialized with no auth capable. >> >> Signed-off-by: Wei Yongjun > > Acked-by: Vlad Yasevich > >> Signed-off-by: Wei Yongjun Acked-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/sm_statefuns.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 5df0c4bd415b..f98658782d4f 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -3865,6 +3865,10 @@ sctp_disposition_t sctp_sf_eat_auth(const struct sctp_endpoint *ep, struct sctp_chunk *err_chunk; sctp_ierror_t error; + /* Make sure that the peer has AUTH capable */ + if (!asoc->peer.auth_capable) + return sctp_sf_unk_chunk(ep, asoc, type, arg, commands); + if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); From 7cc08b55fc476a9474e4dc9da41071b5dc2b406e Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Tue, 5 Feb 2008 03:03:06 -0800 Subject: [PATCH 07/21] [SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key identifier If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key identifier will cause kernel panic. Test as following: step1: enabled /proc/sys/net/sctp/auth_enable step 2: connect to SCTP server with auth capable. Association is established between endpoints. Then send a AUTH chunk with a bad shareid, SCTP server will kernel panic after received that AUTH chunk. SCTP client SCTP server INIT ----------> (with auth capable) <---------- INIT-ACK (with auth capable) COOKIE-ECHO ----------> <---------- COOKIE-ACK AUTH ----------> AUTH chunk is like this: AUTH chunk Chunk type: AUTH (15) Chunk flags: 0x00 Chunk length: 28 Shared key identifier: 10 HMAC identifier: SHA-1 (1) HMAC: 0000000000000000000000000000000000000000 The assignment of NULL to key can safely be removed, since key_for_each (which is just list_for_each_entry under the covers does an initial assignment to key anyway). If the endpoint_shared_keys list is empty, or if the key_id being requested does not exist, the function as it currently stands returns the actuall list_head (in this case endpoint_shared_keys. Since that list_head isn't surrounded by an actuall data structure, the last iteration through list_for_each_entry will do a container_of on key, and we wind up returning a bogus pointer, instead of NULL, as we should. > Neil Horman wrote: >> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote: >> >> FWIW, Ack from me. The assignment of NULL to key can safely be >> removed, since >> key_for_each (which is just list_for_each_entry under the covers does >> an initial >> assignment to key anyway). >> If the endpoint_shared_keys list is empty, or if the key_id being >> requested does >> not exist, the function as it currently stands returns the actuall >> list_head (in >> this case endpoint_shared_keys. Since that list_head isn't >> surrounded by an >> actuall data structure, the last iteration through >> list_for_each_entry will do a >> container_of on key, and we wind up returning a bogus pointer, >> instead of NULL, >> as we should. Wei's patch corrects that. >> >> Regards >> Neil >> >> Acked-by: Neil Horman >> > > Yep, the patch is correct. > > Acked-by: Vlad Yasevich > > -vlad > Signed-off-by: Wei Yongjun Acked-by: Neil Horman Acked-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/auth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/sctp/auth.c b/net/sctp/auth.c index 97e6ebd14500..ae367c82e512 100644 --- a/net/sctp/auth.c +++ b/net/sctp/auth.c @@ -420,15 +420,15 @@ struct sctp_shared_key *sctp_auth_get_shkey( const struct sctp_association *asoc, __u16 key_id) { - struct sctp_shared_key *key = NULL; + struct sctp_shared_key *key; /* First search associations set of endpoint pair shared keys */ key_for_each(key, &asoc->endpoint_shared_keys) { if (key->key_id == key_id) - break; + return key; } - return key; + return NULL; } /* From cd8d627a6b66d9755637b4dad2083864a9bfce9a Mon Sep 17 00:00:00 2001 From: Randy Dunlap Date: Tue, 5 Feb 2008 03:04:05 -0800 Subject: [PATCH 08/21] hamradio: fix dmascc section mismatch hw[] is used in both init and exit functions so it cannot be initdata (section mismatch is when CONFIG_MODULES=n and CONFIG_DMASCC=y). WARNING: vmlinux.o(.exit.text+0xba7): Section mismatch: reference to .init.data: (between 'dmascc_exit' and 'sixpack_exit_driver') Signed-off-by: Randy Dunlap Cc: Klaus Kudielka Cc: Sam Ravnborg Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/net/hamradio/dmascc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/hamradio/dmascc.c b/drivers/net/hamradio/dmascc.c index 11b83dae00ac..e04bf9926441 100644 --- a/drivers/net/hamradio/dmascc.c +++ b/drivers/net/hamradio/dmascc.c @@ -262,8 +262,8 @@ static void tm_isr(struct scc_priv *priv); static int io[MAX_NUM_DEVS] __initdata = { 0, }; -/* Beware! hw[] is also used in cleanup_module(). */ -static struct scc_hardware hw[NUM_TYPES] __initdata_or_module = HARDWARE; +/* Beware! hw[] is also used in dmascc_exit(). */ +static struct scc_hardware hw[NUM_TYPES] = HARDWARE; /* Global variables */ From a26af1e08a3a1e0f88e6f2685ac2313d713a59c9 Mon Sep 17 00:00:00 2001 From: Nathaniel Filardo Date: Tue, 5 Feb 2008 03:05:07 -0800 Subject: [PATCH 09/21] tun: impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI From: "Nathaniel Filardo" Taken from http://bugzilla.kernel.org/show_bug.cgi?id=9806 The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or IFF_ONE_QUEUE during the lifetime of a tap/tun interface. Note that tun_set_iff contains 541 if (ifr->ifr_flags & IFF_NO_PI) 542 tun->flags |= TUN_NO_PI; 543 544 if (ifr->ifr_flags & IFF_ONE_QUEUE) 545 tun->flags |= TUN_ONE_QUEUE; This is easily fixed by adding else branches which clear these bits. Steps to reproduce: This is easily reproduced by setting an interface persistant using tunctl then attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI flag. The ioctl() will succeed and the ifr.flags word is not modified, but the interface remains in IFF_NO_PI mode (as it was set by tunctl). Acked-by: Maxim Krasnyansky Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/net/tun.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 46339f6bcd00..038c1ef94d2e 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -529,9 +529,13 @@ static int tun_set_iff(struct file *file, struct ifreq *ifr) if (ifr->ifr_flags & IFF_NO_PI) tun->flags |= TUN_NO_PI; + else + tun->flags &= ~TUN_NO_PI; if (ifr->ifr_flags & IFF_ONE_QUEUE) tun->flags |= TUN_ONE_QUEUE; + else + tun->flags &= ~TUN_ONE_QUEUE; file->private_data = tun; tun->attached = 1; From eff001e35a857361f3fb289fea86e97c334a5446 Mon Sep 17 00:00:00 2001 From: Dave Young Date: Tue, 5 Feb 2008 03:07:14 -0800 Subject: [PATCH 10/21] bluetooth: hidp_process_hid_control remove unnecessary parameter dealing According to the bluetooth HID spec v1.0 chapter 7.4.2 "This code requests a major state change in a BT-HID device. A HID_CONTROL request does not generate a HANDSHAKE response." "A HID_CONTROL packet with a parameter of VIRTUAL_CABLE_UNPLUG is the only HID_CONTROL packet a device can send to a host. A host will ignore all other packets." So in the hidp_precess_hid_control function, we just need to deal with the UNLUG packet. Signed-off-by: Dave Young Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/bluetooth/hidp/core.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 782a22602b86..b5c40d60cdf3 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c @@ -369,30 +369,13 @@ static inline void hidp_process_hid_control(struct hidp_session *session, unsign { BT_DBG("session %p param 0x%02x", session, param); - switch (param) { - case HIDP_CTRL_NOP: - break; - - case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG: + if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { /* Flush the transmit queues */ skb_queue_purge(&session->ctrl_transmit); skb_queue_purge(&session->intr_transmit); /* Kill session thread */ atomic_inc(&session->terminate); - break; - - case HIDP_CTRL_HARD_RESET: - case HIDP_CTRL_SOFT_RESET: - case HIDP_CTRL_SUSPEND: - case HIDP_CTRL_EXIT_SUSPEND: - /* FIXME: We have to parse these and return no error */ - break; - - default: - __hidp_send_ctrl_message(session, - HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); - break; } } From 91f5cca3d1b4341624715f6dd01ee09be9af46c4 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Tue, 5 Feb 2008 03:07:58 -0800 Subject: [PATCH 11/21] bluetooth: uninlining Remove all those inlines which were either a) unneeded or b) increased code size. text data bss dec hex filename before: 6997 74 8 7079 1ba7 net/bluetooth/hidp/core.o after: 6492 74 8 6574 19ae net/bluetooth/hidp/core.o Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/bluetooth/hidp/core.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index b5c40d60cdf3..519cdb920f93 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c @@ -135,8 +135,8 @@ static void __hidp_copy_session(struct hidp_session *session, struct hidp_connin } } -static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, - unsigned int type, unsigned int code, int value) +static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, + unsigned int type, unsigned int code, int value) { unsigned char newleds; struct sk_buff *skb; @@ -243,7 +243,8 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) input_sync(dev); } -static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size) +static int hidp_queue_report(struct hidp_session *session, + unsigned char *data, int size) { struct sk_buff *skb; @@ -287,7 +288,7 @@ static void hidp_idle_timeout(unsigned long arg) hidp_schedule(session); } -static inline void hidp_set_timer(struct hidp_session *session) +static void hidp_set_timer(struct hidp_session *session) { if (session->idle_to > 0) mod_timer(&session->timer, jiffies + HZ * session->idle_to); @@ -332,7 +333,8 @@ static inline int hidp_send_ctrl_message(struct hidp_session *session, return err; } -static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param) +static void hidp_process_handshake(struct hidp_session *session, + unsigned char param) { BT_DBG("session %p param 0x%02x", session, param); @@ -365,7 +367,8 @@ static inline void hidp_process_handshake(struct hidp_session *session, unsigned } } -static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param) +static void hidp_process_hid_control(struct hidp_session *session, + unsigned char param) { BT_DBG("session %p param 0x%02x", session, param); @@ -379,7 +382,8 @@ static inline void hidp_process_hid_control(struct hidp_session *session, unsign } } -static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param) +static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, + unsigned char param) { BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); @@ -406,7 +410,8 @@ static inline void hidp_process_data(struct hidp_session *session, struct sk_buf } } -static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb) +static void hidp_recv_ctrl_frame(struct hidp_session *session, + struct sk_buff *skb) { unsigned char hdr, type, param; @@ -440,7 +445,8 @@ static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_ kfree_skb(skb); } -static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb) +static void hidp_recv_intr_frame(struct hidp_session *session, + struct sk_buff *skb) { unsigned char hdr; @@ -608,7 +614,8 @@ static struct device *hidp_get_device(struct hidp_session *session) return conn ? &conn->dev : NULL; } -static inline int hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) +static int hidp_setup_input(struct hidp_session *session, + struct hidp_connadd_req *req) { struct input_dev *input = session->input; int i; @@ -685,7 +692,8 @@ static void hidp_setup_quirks(struct hid_device *hid) hid->quirks = hidp_blacklist[n].quirks; } -static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) +static void hidp_setup_hid(struct hidp_session *session, + struct hidp_connadd_req *req) { struct hid_device *hid = session->hid; struct hid_report *report; From cb7cd42930d4421780e78323f62243350ea14789 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 5 Feb 2008 03:08:45 -0800 Subject: [PATCH 12/21] drivers/bluetooth/bpa10x.c: fix memleak This patch fixea a memleak spotted by the Coverity checker. Signed-off-by: Adrian Bunk Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/bluetooth/bpa10x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/bpa10x.c b/drivers/bluetooth/bpa10x.c index 1375b5345a0a..3b28658f5a1f 100644 --- a/drivers/bluetooth/bpa10x.c +++ b/drivers/bluetooth/bpa10x.c @@ -423,6 +423,7 @@ static int bpa10x_send_frame(struct sk_buff *skb) break; default: + usb_free_urb(urb); return -EILSEQ; } From 2fa993423a345fd484f7295797ddb59b7738ad38 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 5 Feb 2008 03:09:17 -0800 Subject: [PATCH 13/21] drivers/bluetooth/btsdio.c: fix double-free This patch fixes a double-free spotted by the Coverity checker. Signed-off-by: Adrian Bunk Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/bluetooth/btsdio.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c index b786f6187902..58630cc1eff2 100644 --- a/drivers/bluetooth/btsdio.c +++ b/drivers/bluetooth/btsdio.c @@ -162,10 +162,8 @@ static int btsdio_rx_packet(struct btsdio_data *data) bt_cb(skb)->pkt_type = hdr[3]; err = hci_recv_frame(skb); - if (err < 0) { - kfree(skb); + if (err < 0) return err; - } sdio_writeb(data->func, 0x00, REG_PC_RRT, NULL); From 6e46c8cb3cbfa7bafe78d43a3d57750605a2dfa3 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Tue, 5 Feb 2008 03:10:02 -0800 Subject: [PATCH 14/21] bluetooth: blacklist another Broadcom BCM2035 device This device is recognized as bluetooth, but still not works. Signed-off-by: Andy Shevchenko Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- drivers/bluetooth/hci_usb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c index 98a9cdeaffb6..372c7ef633da 100644 --- a/drivers/bluetooth/hci_usb.c +++ b/drivers/bluetooth/hci_usb.c @@ -111,6 +111,7 @@ static struct usb_device_id blacklist_ids[] = { { USB_DEVICE(0x0a5c, 0x2033), .driver_info = HCI_IGNORE }, /* Broadcom BCM2035 */ + { USB_DEVICE(0x0a5c, 0x2035), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, { USB_DEVICE(0x0a5c, 0x200a), .driver_info = HCI_RESET | HCI_WRONG_SCO_MTU }, { USB_DEVICE(0x0a5c, 0x2009), .driver_info = HCI_BCM92035 }, From 93d807401ced2320d0d1e56bf9de099bba5c0424 Mon Sep 17 00:00:00 2001 From: Dave Young Date: Tue, 5 Feb 2008 03:12:06 -0800 Subject: [PATCH 15/21] bluetooth rfcomm tty: destroy before tty_close() rfcomm dev could be deleted in tty_hangup, so we must not call rfcomm_dev_del again to prevent from destroying rfcomm dev before tty close. Signed-off-by: Dave Young Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/bluetooth/rfcomm/tty.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 788c70321858..e4c779bb8d76 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -429,7 +429,8 @@ static int rfcomm_release_dev(void __user *arg) if (dev->tty) tty_vhangup(dev->tty); - rfcomm_dev_del(dev); + if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) + rfcomm_dev_del(dev); rfcomm_dev_put(dev); return 0; } From 2bfc79de2b6482955f0e352da7e53787dd8167c0 Mon Sep 17 00:00:00 2001 From: Johann Felix Soden Date: Tue, 5 Feb 2008 03:13:58 -0800 Subject: [PATCH 16/21] [NET]: Remove further references to net-modules.txt The Kconfig of igb and enc28j60 contains references to obsolet Documentation/networking/net-modules.txt. Signed-off-by: Johann Felix Soden Signed-off-by: David S. Miller --- drivers/net/Kconfig | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig index f234ba3f0404..7d170cd381c3 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig @@ -920,8 +920,7 @@ config ENC28J60 ---help--- Support for the Microchip EN28J60 ethernet chip. - To compile this driver as a module, choose M here and read - . The module will be + To compile this driver as a module, choose M here. The module will be called enc28j60. config ENC28J60_WRITEVERIFY @@ -2041,8 +2040,7 @@ config IGB More specific information on configuring the driver is in . - To compile this driver as a module, choose M here and read - . The module + To compile this driver as a module, choose M here. The module will be called igb. source "drivers/net/ixp2000/Kconfig" From 5d8c0aa9433b09387d9021358baef7939f9b32c4 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Tue, 5 Feb 2008 03:14:44 -0800 Subject: [PATCH 17/21] [INET]: Fix accidentally broken inet(6)_hash_connect's port offset calculations. The port offset calculations depend on the protocol family, but, as Adrian noticed, I broke this logic with the commit 5ee31fc1ecdcbc234c8c56dcacef87c8e09909d8 [INET]: Consolidate inet(6)_hash_connect. Return this logic back, by passing the port offset directly into the consolidated function. Signed-off-by: Pavel Emelyanov Noticed-by: Adrian Bunk Signed-off-by: David S. Miller --- include/net/inet_hashtables.h | 2 +- net/ipv4/inet_hashtables.c | 6 +++--- net/ipv6/inet6_hashtables.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index 48ac620cb846..97dc35ad09be 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -389,7 +389,7 @@ static inline struct sock *inet_lookup(struct net *net, } extern int __inet_hash_connect(struct inet_timewait_death_row *death_row, - struct sock *sk, + struct sock *sk, u32 port_offset, int (*check_established)(struct inet_timewait_death_row *, struct sock *, __u16, struct inet_timewait_sock **), void (*hash)(struct sock *sk)); diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 90f422c9447b..9cac6c034abd 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -398,7 +398,7 @@ void inet_unhash(struct sock *sk) EXPORT_SYMBOL_GPL(inet_unhash); int __inet_hash_connect(struct inet_timewait_death_row *death_row, - struct sock *sk, + struct sock *sk, u32 port_offset, int (*check_established)(struct inet_timewait_death_row *, struct sock *, __u16, struct inet_timewait_sock **), void (*hash)(struct sock *sk)) @@ -413,7 +413,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, if (!snum) { int i, remaining, low, high, port; static u32 hint; - u32 offset = hint + inet_sk_port_offset(sk); + u32 offset = hint + port_offset; struct hlist_node *node; struct inet_timewait_sock *tw = NULL; @@ -502,7 +502,7 @@ EXPORT_SYMBOL_GPL(__inet_hash_connect); int inet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk) { - return __inet_hash_connect(death_row, sk, + return __inet_hash_connect(death_row, sk, inet_sk_port_offset(sk), __inet_check_established, __inet_hash_nolisten); } diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index 43f3993e1f30..99fd25f7f005 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -236,7 +236,7 @@ static inline u32 inet6_sk_port_offset(const struct sock *sk) int inet6_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk) { - return __inet_hash_connect(death_row, sk, + return __inet_hash_connect(death_row, sk, inet6_sk_port_offset(sk), __inet6_check_established, __inet6_hash); } From 8cf229437fd826c32a44546899412b1eb3e1db6f Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 5 Feb 2008 03:15:50 -0800 Subject: [PATCH 18/21] [ICMP]: Restore pskb_pull calls in receive function Somewhere along the development of my ICMP relookup patch the header length check went AWOL on the non-IPsec path. This patch restores the check. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv4/icmp.c | 3 ++- net/ipv6/icmp.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index a7321a82df6d..a13c074dac09 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -1015,7 +1015,8 @@ int icmp_rcv(struct sk_buff *skb) goto error; } - __skb_pull(skb, sizeof(*icmph)); + if (!pskb_pull(skb, sizeof(*icmph))) + goto error; icmph = icmp_hdr(skb); diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index cbb5b9cf84ad..121d517bf91c 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -683,7 +683,8 @@ static int icmpv6_rcv(struct sk_buff *skb) } } - __skb_pull(skb, sizeof(*hdr)); + if (!pskb_pull(skb, sizeof(*hdr))) + goto discard_it; hdr = icmp6_hdr(skb); From 03245ce2f03228d681580c30c435225efadca602 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Tue, 5 Feb 2008 03:17:22 -0800 Subject: [PATCH 19/21] [NET] rtnetlink.c: remove no longer used functions This patch removes the following no longer used functions: - rtattr_parse() - rtattr_strlcpy() - __rtattr_parse_nested_compat() Signed-off-by: Adrian Bunk Signed-off-by: David S. Miller --- include/linux/rtnetlink.h | 12 ----------- net/core/rtnetlink.c | 44 --------------------------------------- 2 files changed, 56 deletions(-) diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h index b014f6b7fe29..b9e174079002 100644 --- a/include/linux/rtnetlink.h +++ b/include/linux/rtnetlink.h @@ -602,24 +602,12 @@ struct tcamsg #include -extern size_t rtattr_strlcpy(char *dest, const struct rtattr *rta, size_t size); static __inline__ int rtattr_strcmp(const struct rtattr *rta, const char *str) { int len = strlen(str) + 1; return len > rta->rta_len || memcmp(RTA_DATA(rta), str, len); } -extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, int len); -extern int __rtattr_parse_nested_compat(struct rtattr *tb[], int maxattr, - struct rtattr *rta, int len); - -#define rtattr_parse_nested(tb, max, rta) \ - rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta))) - -#define rtattr_parse_nested_compat(tb, max, rta, data, len) \ -({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ - __rtattr_parse_nested_compat(tb, max, rta, len); }) - extern int rtnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, u32 group, int echo); extern int rtnl_unicast(struct sk_buff *skb, struct net *net, u32 pid); extern int rtnl_notify(struct sk_buff *skb, struct net *net, u32 pid, u32 group, diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index ddbdde82a700..61ac8d06292c 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -82,32 +82,6 @@ int rtnl_trylock(void) return mutex_trylock(&rtnl_mutex); } -int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, int len) -{ - memset(tb, 0, sizeof(struct rtattr*)*maxattr); - - while (RTA_OK(rta, len)) { - unsigned flavor = rta->rta_type; - if (flavor && flavor <= maxattr) - tb[flavor-1] = rta; - rta = RTA_NEXT(rta, len); - } - return 0; -} - -int __rtattr_parse_nested_compat(struct rtattr *tb[], int maxattr, - struct rtattr *rta, int len) -{ - if (RTA_PAYLOAD(rta) < len) - return -1; - if (RTA_PAYLOAD(rta) >= RTA_ALIGN(len) + sizeof(struct rtattr)) { - rta = RTA_DATA(rta) + RTA_ALIGN(len); - return rtattr_parse_nested(tb, maxattr, rta); - } - memset(tb, 0, sizeof(struct rtattr *) * maxattr); - return 0; -} - static struct rtnl_link *rtnl_msg_handlers[NPROTO]; static inline int rtm_msgindex(int msgtype) @@ -442,21 +416,6 @@ void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data memset(RTA_DATA(rta) + attrlen, 0, RTA_ALIGN(size) - size); } -size_t rtattr_strlcpy(char *dest, const struct rtattr *rta, size_t size) -{ - size_t ret = RTA_PAYLOAD(rta); - char *src = RTA_DATA(rta); - - if (ret > 0 && src[ret - 1] == '\0') - ret--; - if (size > 0) { - size_t len = (ret >= size) ? size - 1 : ret; - memset(dest, 0, size); - memcpy(dest, src, len); - } - return ret; -} - int rtnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group, int echo) { struct sock *rtnl = net->rtnl; @@ -1411,9 +1370,6 @@ void __init rtnetlink_init(void) } EXPORT_SYMBOL(__rta_fill); -EXPORT_SYMBOL(rtattr_strlcpy); -EXPORT_SYMBOL(rtattr_parse); -EXPORT_SYMBOL(__rtattr_parse_nested_compat); EXPORT_SYMBOL(rtnetlink_put_metrics); EXPORT_SYMBOL(rtnl_lock); EXPORT_SYMBOL(rtnl_trylock); From dded91611a728d65721cdab3dd41d801a356fa15 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 5 Feb 2008 03:18:51 -0800 Subject: [PATCH 20/21] [NET]: Add if_addrlabel.h to sanitized headers. if_addrlabel.h is needed for iproute2 usage. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- include/linux/Kbuild | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/Kbuild b/include/linux/Kbuild index c0f9bb78727d..93631229fd5c 100644 --- a/include/linux/Kbuild +++ b/include/linux/Kbuild @@ -219,6 +219,7 @@ unifdef-y += i2c-dev.h unifdef-y += icmp.h unifdef-y += icmpv6.h unifdef-y += if_addr.h +unifdef-y += if_addrlabel.h unifdef-y += if_arp.h unifdef-y += if_bridge.h unifdef-y += if_ec.h From 3113e88c3cb3c0a22920b621f8e4d1f2ccc07f1e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 5 Feb 2008 03:20:13 -0800 Subject: [PATCH 21/21] [PKT_SCHED]: vlan tag match Provide a way to use tc filters on vlan tag even if tag is buried in skb due to hardware acceleration. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- include/linux/pkt_cls.h | 3 ++- include/linux/tc_ematch/tc_em_meta.h | 1 + net/sched/em_meta.c | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index 1c1dba9ea5fb..40fac8c4559d 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h @@ -459,7 +459,8 @@ enum #define TCF_EM_U32 3 #define TCF_EM_META 4 #define TCF_EM_TEXT 5 -#define TCF_EM_MAX 5 +#define TCF_EM_VLAN 6 +#define TCF_EM_MAX 6 enum { diff --git a/include/linux/tc_ematch/tc_em_meta.h b/include/linux/tc_ematch/tc_em_meta.h index e21937cf91d0..c50d2ba5caf0 100644 --- a/include/linux/tc_ematch/tc_em_meta.h +++ b/include/linux/tc_ematch/tc_em_meta.h @@ -81,6 +81,7 @@ enum TCF_META_ID_SK_SNDTIMEO, TCF_META_ID_SK_SENDMSG_OFF, TCF_META_ID_SK_WRITE_PENDING, + TCF_META_ID_VLAN_TAG, __TCF_META_ID_MAX }; #define TCF_META_ID_MAX (__TCF_META_ID_MAX - 1) diff --git a/net/sched/em_meta.c b/net/sched/em_meta.c index a1e5619b1876..9c2ec1992a2a 100644 --- a/net/sched/em_meta.c +++ b/net/sched/em_meta.c @@ -65,6 +65,7 @@ #include #include #include +#include #include #include #include @@ -169,6 +170,21 @@ META_COLLECTOR(var_dev) *err = var_dev(skb->dev, dst); } +/************************************************************************** + * vlan tag + **************************************************************************/ + +META_COLLECTOR(int_vlan_tag) +{ + unsigned short tag; + if (vlan_get_tag(skb, &tag) < 0) + *err = -1; + else + dst->value = tag; +} + + + /************************************************************************** * skb attributes **************************************************************************/ @@ -520,6 +536,7 @@ static struct meta_ops __meta_ops[TCF_META_TYPE_MAX+1][TCF_META_ID_MAX+1] = { [META_ID(SK_SNDTIMEO)] = META_FUNC(int_sk_sndtimeo), [META_ID(SK_SENDMSG_OFF)] = META_FUNC(int_sk_sendmsg_off), [META_ID(SK_WRITE_PENDING)] = META_FUNC(int_sk_write_pend), + [META_ID(VLAN_TAG)] = META_FUNC(int_vlan_tag), } };