- 08 Mar, 2007 9 commits
-
-
Eric Paris authored
pfkey_spdget neither had an LSM security hook nor auditing for the removal of xfrm_policy structs. The security hook was added when it was moved into xfrm_policy_byid instead of the callers to that function by my earlier patch and this patch adds the auditing hooks as well. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Paris authored
The security hooks to check permissions to remove an xfrm_policy were actually done after the policy was removed. Since the unlinking and deletion are done in xfrm_policy_by* functions this moves the hooks inside those 2 functions. There we have all the information needed to do the security check and it can be done before the deletion. Since auditing requires the result of that security check err has to be passed back and forth from the xfrm_policy_by* functions. This patch also fixes a bug where a deletion that failed the security check could cause improper accounting on the xfrm_policy (xfrm_get_policy didn't have a put on the exit path for the hold taken by xfrm_policy_by*) It also fixes the return code when no policy is found in xfrm_add_pol_expire. In old code (at least back in the 2.6.18 days) err wasn't used before the return when no policy is found and so the initialization would cause err to be ENOENT. But since err has since been used above when we don't get a policy back from the xfrm_policy_by* function we would always return 0 instead of the intended ENOENT. Also fixed some white space damage in the same area. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philipp Reisner authored
When system under heavy stress and must allocate new work instead of reusing old one, new work must use correct completion callback. Patch is based on Philipp's and Lars' work. I only cleaned small stuff (and removed spaces instead of tabs). Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com> Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gerrit Renker authored
This reverts an earlier patch which disabled bidirectional mode, meaning that a listening (passive) socket was not allowed to write to the other (active) end of the connection. This mode had been disabled when there were problems with CCID3, but it imposes a constraint on socket programming and thus hinders deployment. A change is included to ignore RX feedback received by the TX CCID3 module. Many thanks to Andre Noll for pointing out this issue. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
The header may have moved when trimming. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
physoutdev is only set on purely bridged packet, when nfnetlink_log is used in the OUTPUT/FORWARD/POSTROUTING hooks on packets forwarded from or to a bridge it crashes when trying to dereference skb->nf_bridge->physoutdev. Reported by Holger Eitzenberger <heitzenberger@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
Userspace expects a zero-terminated string, so include the trailing zero in the netlink message. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
The individual fragments of a packet reassembled by conntrack have the conntrack reference from the reassembled packet attached, but nfctinfo is not copied. This leaves it initialized to 0, which unfortunately is the value of IP_CT_ESTABLISHED. The result is that all IPv6 fragments are tracked as ESTABLISHED, allowing them to bypass a usual ruleset which accepts ESTABLISHED packets early. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 07 Mar, 2007 31 commits
-
-
git://www.atmel.no/~hskinnemoen/linux/kernel/avr32Linus Torvalds authored
* 'for-linus' of git://www.atmel.no/~hskinnemoen/linux/kernel/avr32: avr32: dma-mapping.h [AVR32] Don't use kmap() in flush_icache_page() [AVR32] Fix bogus ti->flags manipulation in debug handler [AVR32] Fix typo in include/asm-avr32/Kbuild [AVR32] show_trace: Only walk valid stack addresses [AVR32] at32_spi_setup_slaves should be __init
-
git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixesLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixes: [GFS2] Fix bz 229873, alternate test: assertion "!ip->i_inode.i_mapping->nrpages" failed [GFS2] build fix [GFS2] go_drop_bh is never used, so remove it [GFS2] Remove unused variable [GFS2] Fix bz 229831, lookup returns wrong inode [GFS2] Fix bz 230143, incorrect flushing of rgrps [GFS2] pass formal ino in do_filldir_main [DLM] fs/dlm/user.c should #include "user.h" [GFS2] fix hangup when multiple processes are trying to write to the same file [GFS2] NFS filehandle check [GFS2] add newline to printk message [GFS2] fix locking mistake
-
Steven Whitehouse authored
The following removes an incorrect assertion from the GFS2 glops code. This fixes Red Hat bz 229873. Thanks to Abhijith Das for testing the patch and confirming the fix. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Cc: Abhijith Das <adas@redhat.com>
-
akpm@linux-foundation.org authored
fs/gfs2/glock.c:2198: error: 'THIS_MODULE' undeclared here (not in a function) Cc: Steven Whitehouse <swhiteho@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-
Steven Whitehouse authored
The ->go_drop_bh function is never used, so this removes it and the single caller, Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Steven Whitehouse authored
Remove an unused variable. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Steven Whitehouse authored
The following patch fixes Red Hat bz 229831. Without this patch its possible for the wrong inode to be returned in certain cases. It is a pretty unusual event, so that its taken some time to track down. Thanks and due to Josef Whiter who did a lot of the testing required to thrack this down and fix it. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Steven Whitehouse authored
The below patch fixes a problem where we were not flushing rgrps correctly. It only occurred in the specific case that a callback was received for an rgrp which was dirty and when a journal log flush had not already resulted in the rgrp being flushed anyway. This fixes Red Hat bz 230143, Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Wendy Cheng authored
ok, the following is the minimum changes to get NFSD going before we settle down this issue .. would appreciate this in the tree so other NFS related works can get done in parallel. Signed-off-by: S. Wendy Cheng <wcheng@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Adrian Bunk authored
Every file should include the headers containing the prototypes for it's global functions. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Josef Whiter authored
This fixes a problem I encountered while running bonnie++. When you have one thread that opens a file and starts to write to it, and then another thread that tries to open and write to the same file, the second thread will loop forever trying to grab the inode lock for that inode. Basically we come in through generic_buffered_file_write, which calls gfs2_prepare_write, which then attempts to grab the glock. Because we don't own the lock, gfs2_prepare_write gets GLR_TRYFAILED, which returns AOP_TRUNCATED_PAGE to generic_buffered_file_write. At this point generic_buffered_file_write loops around again and immediately retries the prepare_write. This means that the second process never gets off of the processor in order to allow the process that holds the lock to finish its work and let go of the lock. This patch makes gfs2_glock_nq schedule() if it gets back a GLR_TRYFAILED, which resolves this problem. Signed-off-by: Josef Whiter <jwhiter@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Wendy Cheng authored
File handle checking error found in '07 NFS connectathon. The fh_type and fh_len are not necessarily identical. Some of the client machines could fail mount with stale filehandle without this patch. Signed-off-by: S. Wendy Cheng <wcheng@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Richard Fearn authored
Patch for the 2.6.20 stable tree that adds a missing newline to one of the printk messages in fs/gfs2/ops_fstype.c. Signed-off-by: Richard Fearn <richardfearn@gmail.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Josef Whiter authored
This patch fixes a locking mistake in the quota code, we do a mutex_lock instead of a mutex_unlock. Signed-off-by: Josef Whiter <jwhiter@redhat.com> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: Kill off I/O cruft for R7780RP. sh: Revert lazy dcache writeback changes. sh: Enable SM501 support for RTS7751R2D. sh: Use L1_CACHE_BYTES for .data.cacheline_aligned. sysctl: Support vdso_enabled sysctl on SH. sh: Fix kernel thread stack corruption with preempt. doc: Add SH to vdso and earlyprintk in kernel-parameters.txt sh: Fix sigmask trampling in signal delivery. sh: Clear UBC when not in use.
-
Ingo Molnar authored
check_tsc_sync_source() depends on being called with irqs disabled (it checks whether the TSC is coherent across two specific CPUs). This is incidentally true during bootup, but not during cpu hotplug __cpu_up(). This got found via smp_processor_id() debugging. disable irqs explicitly and remove the unconditional enabling of interrupts. Add touch_nmi_watchdog() to the cpu_online_map busy loop. this bug is present both on i386 and on x86_64. Reported-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Gary Zambrano authored
Added dma_sync_single_range_for_cpu/device to dma-mapping.h in asm-avr32 to call dma_sync_single_for_cpu/device. This patch enables b44 to compile on systems with these cpus. This patch was created with the assumption that another method of dma_sync_single_range_for_cpu/device does not exist on these architectures. Signed-off by: Gary Zambrano <zambrano@broadcom.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Haavard Skinnemoen authored
flush_icache_page() can be called from atomic context, so we can't use kmap(). Use page_address() instead. Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Haavard Skinnemoen authored
We should OR in a bitmask, not a bit offset, into ti->flags. This might fix some strange behaviour when single stepping. Also, use set_ti_thread_flag() to manipulate the flags to avoid surprises in the future. Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Haavard Skinnemoen authored
It's header-y, not headers-y. Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Haavard Skinnemoen authored
Terminate the frame pointer walk if (a) the address is outside the task's kernel stack or (b) if the frame pointer isn't monotonically increasing. Without this fix, show_trace() may enter an infinite loop, walking through random data anywhere in memory. Since any address within the kernel stack is guaranteed to be valid, we may eliminate the __get_user() calls as well. Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Haavard Skinnemoen authored
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
-
Linus Torvalds authored
.. hopefully most of the resume/suspend problems introduced by the timer and other changes are behind us. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC64]: Fix floppy build failure.
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [DCCP]: Set RTO for newly created child socket [DCCP]: Correctly split CCID half connections [NET]: Fix compat_sock_common_getsockopt typo. [NET]: Revert incorrect accept queue backlog changes. [INET]: twcal_jiffie should be unsigned long, not int [GIANFAR]: Fix compile error in latest git [PPPOE]: Use ifindex instead of device pointer in key lookups. [NETFILTER]: ip6_route_me_harder should take into account mark [NETFILTER]: nfnetlink_log: fix reference counting [NETFILTER]: nfnetlink_log: fix module reference counting [NETFILTER]: nfnetlink_log: fix possible NULL pointer dereference [NETFILTER]: nfnetlink_log: fix NULL pointer dereference [NETFILTER]: nfnetlink_log: fix use after free [NETFILTER]: nfnetlink_log: fix reference leak [NETFILTER]: tcp conntrack: accept SYN|URG as valid [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops
-
git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds authored
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] cio: Call cancel_halt_clear even when actl == 0. [S390] cio: Use path verification to check for path state. [S390] cio: Fix locking when calling notify function. [S390] Fixed handling of access register mode faults. [S390] dasd: Use default recovery for SNSS requests [S390] check_bugs() should be inline. [S390] tape: Compression overwrites crypto setting [S390] nss: disable kexec. [S390] reipl: move dump_prefix_page out of text section. [S390] smp: disable preemption in smp_call_function/smp_call_function_on [S390] kprobes breaks BUG_ON
-
Linus Torvalds authored
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev: pata_pdc202xx_old: fix data corruption and other problems pata_legacy: fix io/irq mismatch ahci: RAID mode SATA patch for Intel ICH9M
-
Linus Torvalds authored
This reverts commit 39d61db0. The commit was buggy in multiple ways: - the conversion to ilog2() was incorrect to begin with - it tested the wrong #defines, so on all architectures but FRV you'd never see the bug except for constant arguments. - the new "get_order()" macro used its arguments multiple times, and didn't even parenthesize them properly - despite the comments, it was not true that you could use it for constant initializers, since not all architectures even use the generic page.h header file. All of the problems are individually fixable, but it all boils down to: better just revert it, and re-do it from scratch. Cc: David Howells <dhowells@redhat.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Greg Ungerer authored
Remove un-used/un-referenced local_bh_count. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Greg Ungerer authored
Use irq_handler_t for passing clock handler routine around. And use new rtc_time in place of hwclock_time. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Greg Ungerer authored
For the Freescale M5282 ColdFire, Port UA Pin Assignment Register should set to UART mode. Patch submitted by David Wu <davidwu@arcturusnetworks.com>. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-