Commit Graph

50963 Commits

Author SHA1 Message Date
Arnaldo Carvalho de Melo
39ebc0276b [DCCP] getsockopt: Fix DCCP_SOCKOPT_[SEND,RECV]_CSCOV
We were only checking if there was enough space to put the int, but
left len as specified by the (malicious) user, sigh, fix it by setting
len to sizeof(val) and transfering just one int worth of data, the one
asked for.

Also check for negative len values.

Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-28 11:54:32 -07:00
Herbert Xu
53aadcc909 [IPV6]: Set IF_READY if the device is up and has carrier
We still need to set the IF_READY flag in ipv6_add_dev for the case
where all addresses (including the link-local) are deleted and then
recreated.  In that case the IPv6 device too will be destroyed and
then recreated.

In order to prevent the original problem, we simply ensure that
the device is up before setting IF_READY.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-27 14:31:52 -07:00
Patrick McHardy
c38c83cb70 [NET_SCHED]: sch_htb/sch_hfsc: fix oops in qlen_notify
During both HTB and HFSC class deletion the class is removed from the
class hash before calling qdisc_tree_decrease_qlen. This makes the
->get operation in qdisc_tree_decrease_qlen fail, so it passes a NULL
pointer to ->qlen_notify, causing an oops.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-27 14:04:24 -07:00
Robert P. J. Day
9b2f7bcf0e [NET]: Remove dead net/sched/Makefile entry for sch_hpfq.o.
Remove the worthless net/sched/Makefile entry for the non-existent
source file sch_hpfq.c.

Signed-off-by: Robert P. J. Day <rpjday@mindspring.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-26 16:20:34 -07:00
Linus Torvalds
703071b5b9 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [SUNGEM]: Fix MAC address setting when interface is up.
  [IPV4] fib_trie: Document locking.
  [NET]: Correct accept(2) recovery after sock_attach_fd()
  [PPP]: Don't leak an sk_buff on interface destruction.
  [NET_SCHED]: Fix ingress locking
  [NET_SCHED]: cls_basic: fix NULL pointer dereference
  [DCCP]: make dccp_write_xmit_timer() static again
  [TG3]: Update version and reldate.
  [TG3]: Exit irq handler during chip reset.
  [TG3]: Eliminate the unused TG3_FLAG_SPLIT_MODE flag.
  [IPV6]: Fix routing round-robin locking.
  [DECNet] fib: Fix out of bound access of dn_fib_props[]
  [IPv4] fib: Fix out of bound access of fib_props[]
  [NET] AX.25 Kconfig and docs updates and fixes
  [NET]: Fix neighbour destructor handling.
  [NET]: Fix fib_rules compatibility breakage
  [SCTP]: Update SCTP Maintainers entry
  [NET]: remove unused header file: drivers/net/wan/lmc/lmc_media.h
2007-03-26 14:51:24 -07:00
Linus Torvalds
6288c33866 Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
  [S390] zcrypt: Fix ap_poll_requests counter in lost requests error path.
  [S390] zcrypt: Fix possible dead lock in AP bus module.
  [S390] cio: Device status validity.
  [S390] kprobes: Align probe address.
  [S390] Fix TCP/UDP pseudo header checksum computation.
  [S390] dasd: Work around gcc bug.
2007-03-26 14:45:56 -07:00
Ruben Vandeginste
09c72ec8ed [SUNGEM]: Fix MAC address setting when interface is up.
This patch implements set_mac_address for the sungem driver.  This
allows changing the mac address of the interface, even when the
interface is up.

Signed-off-by: Ruben Vandeginste <snowbender@gmail.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-26 14:43:49 -07:00
Linus Torvalds
8b66a454bf Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  USB: fix usb-serial/ftdi build warning
  USB: fix usb-serial/generic build warning
  USB: another entry for the quirk list
  USB: remove duplicated device id in airprime driver
  USB: omap_udc: workaround dma_free_coherent() bogosity
  UHCI: Fix problem caused by lack of terminating QH
2007-03-26 14:34:11 -07:00
Linus Torvalds
55ab97569f Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/pci-2.6:
  PCI: Fix warning message in PCIE port driver
  PCI: Stop unhiding the SMBus on Toshiba laptops
  PCI: Fix up PCI power management doc
  pci: set pci=bfsort for PowerEdge R900
2007-03-26 14:33:50 -07:00
Russ Cox
04a3952330 [PATCH] Add const to pointer qualifiers for __chk_user_ptr and __chk_io_ptr.
Change prototypes for __chk_user_ptr and __chk_io_ptr to take const
void* instead of void*, so that code can pass "const void *" to them.

(Right now sparse does not warn about passing const void* to void*
functions, but that is a separate bug that I believe Josh is working on,
and once sparse does check this, the changed prototypes will be
necessary.)

Signed-off-by: Russ Cox <rsc@swtch.com>
Signed-off-by: Josh Triplett <josh@freedesktop.org>
Acked-by: Christopher Li <sparse@chrisli.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-26 14:23:52 -07:00
Robert Olsson
d562f1f8a9 [IPV4] fib_trie: Document locking.
Paul E. McKenney writes:

> Those of use who dive into networking only occasionally would much
> appreciate this.  ;-)

No problem here... 

Acked-by: Robert Olsson <robert.olsson@its.uu.se>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> (but trivial)
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-26 14:22:22 -07:00
Linus Torvalds
00db779bfe Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  9p: make struct v9fs_cached_file_operations static
2007-03-26 14:21:55 -07:00
David Brownell
3b009c637f USB: fix usb-serial/ftdi build warning
Fix annoying build warning:

drivers/usb/serial/ftdi_sio.c:890: warning: enumeration value `FT232RL' not handled in switch

Also add logic to detect FT232R chips (version 6.00, usb 2.0 full speed),
so that case isn't completely useless.  (NOTE:  FT232RL and FT232RQ are
the same chip in different packages:  L is SSOP, Q is QFN.)

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
David Brownell
b46d60fc4b USB: fix usb-serial/generic build warning
Fix annoying build warning when CONFIG_USB_SERIAL_GENERIC is undefined.

  drivers/usb/serial/generic.c:24: warning: `generic_probe' declared `static' but never defined

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
Oliver Neukum
8a61499bc7 USB: another entry for the quirk list
this scanner disconnects upon suspend.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
Jon K Hellan
4928245163 USB: remove duplicated device id in airprime driver
Both airprime and option now want to handle vendor ID 0x1410,
device ID 0x1100. Airprime calls it 'ExpressCard34 Qualcomm 3G CDMA'.
Option calls it 'Novatel Merlin XS620/S640'. Patch attached to remove it
from airprime.

From: Jon K Hellan <jon.kare.hellan@uninett.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
David Brownell
8a3c1f573c USB: omap_udc: workaround dma_free_coherent() bogosity
Various fixes to omap_udc, noted with some recent testing:

 - Cope with some SMP-induced braindamage in ARM's dma_{alloc,free}_coherent()
   implementation: alloc() can be called with IRQs blocked, but since late
   last year that's no longer true for free().  This resolves really NASTY
   problems with logspamming via WARN_ON(), indicating N-page leaks.

 - Be more correct in handling GET_STATUS request for RECIP_ENDPOINT ... the
   previous code only handled RECIP_INTERFACE, this version should be correct
   except for (sigh) bulk/interrupt endpoints.

 - Provide a better name for the function reporting whether the board has
   vbus sensing wired up.

GET_STATUS requests for endpoint status still acts strangely though, at least
given one flakey host doesn't always ack the first DATA packet, then the packet
that gets retransmitted doesn't have data!

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
Alan Stern
e009f1b202 UHCI: Fix problem caused by lack of terminating QH
This patch (as871) fixes a problem introduced by an earlier change.
It turns out that some systems really do need to have a terminating
skeleton QH present whenever FSBR is on.  I don't know any way to tell
which systems do need it and which don't; the easiest answer is to
have it there always.

This fixes the NumLock-hang bug reported by Jiri Slaby.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:17:48 -07:00
Linus Torvalds
9c88b70218 Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6:
  ide: use correct IDE error recovery
  pdc202xx_new: Enable ATAPI DMA
  ide: cosmetic adaption of drivers/ide/Kconfig concerning SATA
  ide: fix locking for manual DMA enable/disable ("hdparm -d")
  ide: revert "ide: fix drive side 80c cable check, take 2" for now
2007-03-26 14:13:54 -07:00
Prarit Bhargava
bf5b4ba3d9 PCI: Fix warning message in PCIE port driver
PCIE error output should conform to vendor_id:device_id.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:13:08 -07:00
Jean Delvare
9208ee8286 PCI: Stop unhiding the SMBus on Toshiba laptops
It was found that the Toshiba laptops with hidden Intel SMBus have SMM
code handling the thermal management which accesses the SMBus. Thus it
is not safe to unhide it and let Linux access it. We have to leave the
SMBus hidden. SMM is a pain, really.

This fixes bugs #6315 and #6395, for good this time.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:13:07 -07:00
Jonathan Corbet
5fabdb9439 PCI: Fix up PCI power management doc
Update the documentation of PCI power management functions.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:13:07 -07:00
Matt Domsch
f7a9dae7c4 pci: set pci=bfsort for PowerEdge R900
This patch automatically enables pci=bfsort for the Dell PowerEdge
R900.  This is necessary to ensure the onboard NICs enumerate in the
proper order, similar to the other systems already on the list.

Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-03-26 14:13:07 -07:00
Alexey Dobriyan
79f4f6428f [NET]: Correct accept(2) recovery after sock_attach_fd()
* d_alloc() in sock_attach_fd() fails leaving ->f_dentry of new file NULL
* bail out to out_fd label, doing fput()/__fput() on new file
* but __fput() assumes valid ->f_dentry and dereferences it

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-26 14:09:52 -07:00
Thomas Gleixner
291bc047e1 [PATCH] clockevents: remove bad designed sysfs support for now
The current sysfs support of clockevents does not obey the "only one
value per file" rule.

The real fix is not 2.6.21 material. Therefor remove the sysfs support
for now.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-26 14:07:23 -07:00
Suleiman Souhlal
513daadd15 ide: use correct IDE error recovery
IDE error recovery is using IDLE IMMEDIATE if the drive is busy or has DRQ set.
This violates the ATA spec (can only send IDLE IMMEDIATE when drive is not
busy) and really hoses up some drives (modern drives will not be able to
recover using this error handling).  The correct thing to do is issue a SRST
followed by a SET FEATURES command.  This is what Western Digital recommends
for error recovery and what Western Digital says Windows does.  It also does
not violate the ATA spec as far as I can tell.

Bart:
* port the patch over the current tree
* undo the recalibration code removal
* send SET FEATURES command after checking for good drive status
* don't check whether the current request is of REQ_TYPE_ATA_{CMD,TASK}
  type because we need to send SET FEATURES before handling any requests
* some pre-ATA4 drives require INITIALIZE DEVICE PARAMETERS command before
  other commands (except IDENTIFY) so send SET FEATURES only if there are
  no pending drive->special requests
* update comments and patch description
* any bugs introduced by this patch are mine and not Suleiman's :-)

Signed-off-by: Suleiman Souhlal <suleiman@google.com>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-03-26 23:03:20 +02:00
Albert Lee
362ebd83ad pdc202xx_new: Enable ATAPI DMA
[ bart: the ressurection of 2 years old patch which slipped thru the cracks
  (thanks to Sergei Shtylyov for finding it) ]

These is the patch to turn on pdc202xx_new for ATAPI DMA.  When testing, it
works fine without the (request_bufflen % 256) workaround as needed in libata.
ide-scsi filters out (pc->request_transfer % 1024) and use PIO, so the pdc202xx
ATAPI DMA problem is avoid.  Both ide-cd and ide-scsi won't hit the ATAPI DMA
problem on pdc202xx_new.

Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-03-26 23:03:19 +02:00
Patrick Ringl
b43c5f3dbe ide: cosmetic adaption of drivers/ide/Kconfig concerning SATA
Since especially Serial ATA has it's own menu point now, I guess we can
change the description of the deprecated SATA driver as well, since the
new libATA subsystem is not configured through a SCSI low-level driver
anymore, but has it's own menu point.

From: Patrick Ringl <patrick_@freenet.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-03-26 23:03:19 +02:00
Bartlomiej Zolnierkiewicz
8799620400 ide: fix locking for manual DMA enable/disable ("hdparm -d")
Since hwif->ide_dma_check and hwif->ide_dma_on never queue any commands
(ide_config_drive_speed() sets transfer mode using polling and has no error
recovery) we are safe with setting hwgroup->busy for the time while DMA
setting for a drive is changed (so it won't race against I/O commands in fly).

I audited briefly all ->ide_dma_check/->ide_dma_on/->tuneproc/->speedproc
implementations and they all look OK wrt to this change.

This patch finally allowed me to close kernel bugzilla bug #8169
(once again thanks to Patrick Horn for reporting the issue & testing patches).

Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-03-26 23:03:19 +02:00
Bartlomiej Zolnierkiewicz
f68d9320cd ide: revert "ide: fix drive side 80c cable check, take 2" for now
"ide: fix drive side 80c cable check, take 2" patch from Tejun Heo (commit
fab59375b9) fixed 80c bit test (bit13 of word93)
but we also need to fix master/slave IDENTIFY order (slave device should be
probed first in order to make it release PDIAG- signal) and we should also
check for pre-ATA3 slave devices (which may not release PDIAG- signal).

[ Unfortunately the fact that IDE driver doesn't reset devices itself helps
  only a bit as it seems that some BIOS-es reset ATA devices after programming
  the chipset, some BIOS-es can be set to not probe/configure selected devices,
  there may be no BIOS in case of add-on cards etc. ]

Since we are quite late in the release cycle and the required changes will
affect a lot of systems just revert the fix for now.

[ Please also see libata commit f31f0cc2f0. ]

Thanks goes out to Fernando Mitio Yamada for reporting the problem
and patiently testing patches.

Acked-by: Tejun Heo <htejun@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2007-03-26 23:03:18 +02:00
Ralph Wuerthner
e675c0d2bf [S390] zcrypt: Fix ap_poll_requests counter in lost requests error path.
In the unlikely event that an AP device lost requests, don't forget to
update the ap_poll_requests counter too. Same must happen in case an AP
device is removed while there are still outstanding requests.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Ralph Wuerthner <rwuerthn@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:47 +02:00
Ralph Wuerthner
c6a4826473 [S390] zcrypt: Fix possible dead lock in AP bus module.
If a AP device is unconfigured __ap_poll_all() will call
device_unregister() in software interrupt context which can cause
dead locks. To fix this the device will be only marked as unconfigured
and the device_unregister() call will be done later by either
ap_scan_bus() or ap_queue_message() in process context.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Ralph Wuerthner <rwuerthn@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:47 +02:00
Cornelia Huck
25c61a1fe8 [S390] cio: Device status validity.
Only accumulate device status field in irb if it is valid.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:47 +02:00
David Wilder
b70842df77 [S390] kprobes: Align probe address.
Running a probe on s390 with a probe address that is not 4 byte aligned
results in a Kernel BUG.  The problem is that the stura instruction used
by swap_instruction requires the destination address to be 4 byte aligned.
As stura only writes 4 bytes, aligning to the next 4 byte aligned address
results in the breakpoint instruction being stored past the probe address.
The fix is to align the address backward (to the previous 4 byte aligned
address) and writing the two byte breakpoint instruction in the appropriate
bytes.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:46 +02:00
Heiko Carstens
afbc1e994d [S390] Fix TCP/UDP pseudo header checksum computation.
git commit f994aae1bd changed the
function declaration of csum_tcpudp_nofold. Argument types were
changed from unsigned long to __be32 (unsigned int). Therefore we
lost the implicit type conversion that zeroed the upper half of the
registers that are used to pass parameters. Since the inline assembly
relied on this we ended up adding random values and wrong checksums
were created.
Showed only up on machines with more than 4GB since gcc produced code
where the registers that are used to pass 'saddr' and 'daddr' previously
contained addresses before calling this function.
Fix this by using 32 bit arithmetics and convert code to C, since gcc
produces better code than these hand-optimized versions.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:46 +02:00
Peter Oberparleiter
04439694ea [S390] dasd: Work around gcc bug.
gcc incorrectly removes initialization of register 0 in dasd diag
inline assembly. Use different register to work around this compiler
bug.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2007-03-26 20:43:46 +02:00
Adrian Bunk
d32b687e2e 9p: make struct v9fs_cached_file_operations static
This patch makes te needlessly global struct v9fs_cached_file_operations
static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2007-03-26 18:14:44 +00:00
G. Liakhovetski
165de5b7f2 [PPP]: Don't leak an sk_buff on interface destruction.
Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
Acked-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 19:04:09 -07:00
Patrick McHardy
035832a280 [NET_SCHED]: Fix ingress locking
Ingress queueing uses a seperate lock for serializing enqueue operations,
but fails to properly protect itself against concurrent changes to the
qdisc tree. Use queue_lock for now since the real fix it quite intrusive.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:12 -07:00
Patrick McHardy
d3fa76ee6b [NET_SCHED]: cls_basic: fix NULL pointer dereference
cls_basic doesn't allocate tp->root before it is linked into the
active classifier list, resulting in a NULL pointer dereference
when packets hit the classifier before its ->change function is
called.

Reported by Chris Madden <chris@reflexsecurity.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:11 -07:00
Adrian Bunk
c93a882ebe [DCCP]: make dccp_write_xmit_timer() static again
dccp_write_xmit_timer() needlessly became global.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:10 -07:00
Michael Chan
20bd7dd4ca [TG3]: Update version and reldate.
Update version to 3.75.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:09 -07:00
Michael Chan
d18edcb212 [TG3]: Exit irq handler during chip reset.
On most tg3 chips, the memory enable bit in the PCI command register
gets cleared during chip reset and must be restored before accessing
PCI registers using memory cycles.  The chip does not generate
interrupt during chip reset, but the irq handler can still be called
because of irq sharing or irqpoll.  Reading a register in the irq
handler can cause a master abort in this scenario and may result in a
crash on some architectures.

Use the TG3_FLAG_CHIP_RESETTING flag to tell the irq handler to exit
without touching any registers.  The checking of the flag is in the
"slow" path of the irq handler and will not affect normal performance.
The msi handler is not shared and therefore does not require checking
the flag.

Thanks to Bernhard Walle <bwalle@suse.de> for reporting the problem.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:08 -07:00
Michael Chan
1c46ae05d9 [TG3]: Eliminate the unused TG3_FLAG_SPLIT_MODE flag.
This flag to support multiple PCIX split completions was never used
because of hardware bugs.  This will make room for a new flag.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:06 -07:00
David S. Miller
f11e6659ce [IPV6]: Fix routing round-robin locking.
As per RFC2461, section 6.3.6, item #2, when no routers on the
matching list are known to be reachable or probably reachable we
do round robin on those available routes so that we make sure
to probe as many of them as possible to detect when one becomes
reachable faster.

Each routing table has a rwlock protecting the tree and the linked
list of routes at each leaf.  The round robin code executes during
lookup and thus with the rwlock taken as a reader.  A small local
spinlock tries to provide protection but this does not work at all
for two reasons:

1) The round-robin list manipulation, as coded, goes like this (with
   read lock held):

	walk routes finding head and tail

	spin_lock();
	rotate list using head and tail
	spin_unlock();

   While one thread is rotating the list, another thread can
   end up with stale values of head and tail and then proceed
   to corrupt the list when it gets the lock.  This ends up causing
   the OOPS in fib6_add() later onthat many people have been hitting.

2) All the other code paths that run with the rwlock held as
   a reader do not expect the list to change on them, they
   expect it to remain completely fixed while they hold the
   lock in that way.

So, simply stated, it is impossible to implement this correctly using
a manipulation of the list without violating the rwlock locking
semantics.

Reimplement using a per-fib6_node round-robin pointer.  This way we
don't need to manipulate the list at all, and since the round-robin
pointer can only ever point to real existing entries we don't need
to perform any locking on the changing of the round-robin pointer
itself.  We only need to reset the round-robin pointer to NULL when
the entry it is pointing to is removed.

The idea is from Thomas Graf and it is very similar to how this
was implemented before the advanced router selection code when in.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:05 -07:00
Thomas Graf
a979101106 [DECNet] fib: Fix out of bound access of dn_fib_props[]
Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:04 -07:00
Thomas Graf
a0ee18b9b7 [IPv4] fib: Fix out of bound access of fib_props[]
Fixes a typo which caused fib_props[] to have the wrong size
and makes sure the value used to index the array which is
provided by userspace via netlink is checked to avoid out of
bound access.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:03 -07:00
Ralf Baechle
954b2e7f4c [NET] AX.25 Kconfig and docs updates and fixes
o The AX.25 Howto is unmaintained since several years.  I've replaced it
   with a wiki at http://www.linux-ax25.org which provides more uptodate
   information.
 o Change default for AX25_DAMA_SLAVE to Y.  AX25_DAMA_SLAVE only compiles
   in support for DAMA but doesn't activate it.  I hope this gets Linux
   distributions to ship their AX.25 kernels with AX25_DAMA_SLAVE enabled.
   The price for this would be very small.
 o Delete historic changelog from comments, that's what SCM systems are
   meant to do.
 o ---help--- in Kconfig looks so yellingly eye insulting.  Use just help.
 o Rewrite the commented out piece of old Linux 2.4 configuration language
   to Kconfig for consistency.
 o Fixup dependencies.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:02 -07:00
Alexey Kuznetsov
ecbb416939 [NET]: Fix neighbour destructor handling.
->neigh_destructor() is killed (not used), replaced with
->neigh_cleanup(), which is called when neighbor entry goes to dead
state. At this point everything is still valid: neigh->dev,
neigh->parms etc.

The device should guarantee that dead neighbor entries (neigh->dead !=
0) do not get private part initialized, otherwise nobody will cleanup
it.

I think this is enough for ipoib which is the only user of this thing.
Initialization private part of neighbor entries happens in ipib
start_xmit routine, which is not reached when device is down.  But it
would be better to add explicit test for neigh->dead in any case.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:01 -07:00
Thomas Graf
e1701c68c1 [NET]: Fix fib_rules compatibility breakage
Based upon a patch from Patrick McHardy.

The fib_rules netlink attribute policy introduced in 2.6.19 broke
userspace compatibilty. When specifying a rule with "from all"
or "to all", iproute adds a zero byte long netlink attribute,
but the policy requires all addresses to have a size equal to
sizeof(struct in_addr)/sizeof(struct in6_addr), resulting in a
validation error.

Check attribute length of FRA_SRC/FRA_DST in the generic framework
by letting the family specific rules implementation provide the
length of an address. Report an error if address length is non
zero but no address attribute is provided. Fix actual bug by
checking address length for non-zero instead of relying on
availability of attribute.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-25 18:48:00 -07:00