Commit Graph

65576 Commits

Author SHA1 Message Date
Linus Torvalds
ae000eec2c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-x86setup
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-x86setup:
  [x86 setup] Correct the SMAP check for INT 0x15, AX=0xe820
2007-09-28 11:24:20 -07:00
H. Peter Anvin
4ee5b10abe [x86 setup] Correct the SMAP check for INT 0x15, AX=0xe820
The e820 probe code was checking %edx, not %eax, for the SMAP
signature on return.  This worked on *almost* all systems, since %edx
still contained SMAP from the call on entry, but on a handful of
systems it failed -- plus, we would have missed real mismatches.

The error output is "=d" to make sure gcc knows %edx is clobbered
here.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2007-09-28 10:12:44 -07:00
jacmet@sunsite.dk
f93c7c5aab [POWERPC] mpc8349emitx.dts: Setup USB-DR for peripheral mode.
Setup dr_mode for USB-DR to peripheral as the default (host mode) doesn't make
much sense for the mini-AB connector on the ITX board.

Peripheral mode is preferable to OTG as the fsl_usb2_udc.c driver doesn't yet
properly support it.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2007-09-28 10:26:48 -05:00
jacmet@sunsite.dk
39db0fd9db [POWERPC] Fix mpc834x USB-MPH configuration.
mpc834x USB-MPH configuration got broken by commit
6f44256002. The selection bits in SICRL
should be cleared rather than set to configure the USB MUXes for the MPH.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2007-09-28 10:26:35 -05:00
Jochen Friedrich
d214602804 [POWERPC] Fix cpm_uart driver for cpm1 machines
in cpm_uart_cpm1.h, DPRAM_BASE is assigned an address derived from cpmp.
On ARC=ppc, this is a physical address with 1:1 DMA mapping which can't
be used for arithmetric compare operations with virtual addresses
returned by cpm_dpram_addr. This patch changes the assignment to use
cpm_dpram_addr as well, like in cpm_uart_cpm2.h.

Signed-off-by: Jochen Friedrich <jochen@scram.de>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2007-09-28 10:26:30 -05:00
Jochen Friedrich
bc63818931 [PPC] Fix cpm_dpram_addr returning phys mem instead of virt mem
cpm_dpram_addr returns physical memory of the DP RAM instead of
iomapped virtual memory. As there usually is a 1:1 MMU map of
the IMMR area, this is often not noticed. However, cpm_dpram_phys
assumes this iomapped virtual memory and returns garbage on the
1:1 mapped memory causing CPM1 uart console to fail.

This patch fixes the problem (copied from the powerpc tree).

Signed-off-by: Jochen Friedrich <jochen@scram.de>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2007-09-28 10:25:32 -05:00
Jochen Friedrich
83af919e0f [POWERPC] Fix copy'n'paste typo in commproc.c
The powerpc version of commproc.c exports cpm_dpram_addr twice
and cpm_dpram_phys not at all due to a typo. This patch fixes this
problem.

CC      arch/powerpc/sysdev/commproc.o
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__kcrctab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__kcrctab_cpm_dpram_addr' was here
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__kstrtab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__kstrtab_cpm_dpram_addr' was here
arch/powerpc/sysdev/commproc.c:398: error: redefinition of '__ksymtab_cpm_dpram_addr'
arch/powerpc/sysdev/commproc.c:392: error: previous definition of '__ksymtab_cpm_dpram_addr' was here
make[1]: *** [arch/powerpc/sysdev/commproc.o] Error 1
make: *** [arch/powerpc/sysdev] Error 2

Signed-off-by: Jochen Friedrich <jochen@scram.de>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2007-09-28 10:25:16 -05:00
Auke Kok
f4ec7f9871 e1000: Add device IDs of blade version of the 82571 quad port
This blade-specific board form factor is identical to the 82571EB
board.

Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-09-27 23:38:35 -04:00
Stephen Hemminger
88f5f0cad3 sky2: fix transmit state on resume
This should fix http://bugzilla.kernel.org/show_bug.cgi?id=8667

After resume, driver has reset the chip so the current state
of transmit checksum offload state machine and DMA state machine
will be undefined.

The fix is to set the state so that first Tx will set MSS and offset
values.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-09-27 23:32:29 -04:00
Stephen Hemminger
d6c9bc1ed4 sky2: FE+ vlan workaround
The FE+ workaround means the driver can no longer trust the status register
to indicate VLAN tagged frames.  The fix for this is to just disable VLAN
acceleration for that chip version. Tested and works fine.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-09-27 23:32:28 -04:00
Stephen Hemminger
3b12e0141f sky2: sky2 FE+ receive status workaround
The Yukon FE+ chip appears to have a hardware glitch that causes bogus
receive status values to be posted. The data in the packet is good, but
the status value is random garbage.  As a temporary workaround until the
problem is better understood, implement the workaround the vendor driver
used of ignoring the status value on this chip.

Since this means trusting dodgy hardware values; add additional checking
of the receive packet length.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-09-27 23:32:28 -04:00
Linus Torvalds
cdfef17d93 Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] Fix CONFIG_BUILD_ELF64 kernels with symbols in CKSEG0.
  [MIPS] IP32: Fix initialization of UART base addresses.
2007-09-27 19:47:53 -07:00
Dave Airlie
e4a7b1d1d9 i915: make vbl interrupts work properly on i965g/gm hw.
This code is ported from the DRM git tree and allows the vblank interrupts
to function on the i965 hw. It also requires a change in Mesa's 965 driver
to actually use them.

[ Without this patch, my 965GM drops vblank interrupts  - Jesse ]

Signed-off-by: Dave Airlie <airlied@linux.ie>
Acked-by: Jesse Barnes <jesse.barnes@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-27 19:47:28 -07:00
Ralf Baechle
7d809ba3f9 [MIPS] Fix CONFIG_BUILD_ELF64 kernels with symbols in CKSEG0.
The __pa() for those did assume that all symbols have XKPHYS values and
the math fails for any other address range.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-09-27 23:19:16 +01:00
Ralf Baechle
6e351064b1 [MIPS] IP32: Fix initialization of UART base addresses.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-09-27 23:19:16 +01:00
David S. Miller
e79ad711a0 [NET]: Zero length write() on socket should not simply return 0.
This fixes kernel bugzilla #5731

It should generate an empty packet for datagram protocols when the
socket is connected, for one.

The check is doubly-wrong because all that a write() can be is a
sendmsg() call with a NULL msg_control and a single entry iovec.  No
special semantics should be assigned to it, therefore the zero length
check should be removed entirely.

This matches the behavior of BSD and several other systems.

Alan Cox notes that SuSv3 says the behavior of a zero length write on
non-files is "unspecified", but that's kind of useless since BSD has
defined this behavior for a quarter century and BSD is essentially
what application folks code to.

Based upon a patch from Stephen Hemminger.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-27 13:52:00 -07:00
David S. Miller
9c908f97d0 [SPARC]: Fix EBUS use of uninitialized variable.
If of_get_property() fails, it returns NULL and the 'len'
parameter is undefined.  So we need to explicitly set len
to zero in such cases.

Noticed by Al Viro.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-27 13:09:28 -07:00
Linus Torvalds
ff0ce6845b Revert "[PATCH] x86-64: fix x86_64-mm-sched-clock-share"
This reverts commit 184c44d204.

As noted by Dave Jones:
   "Linus, please revert the above cset.  It doesn't seem to be
    necessary (it was added to fix a miscompile in 'make allnoconfig'
    which doesn't seem to be repeatable with it reverted) and actively
   breaks the ARM SA1100 framebuffer driver."

Requested-by: Dave Jones <davej@redhat.com>
Cc: Russell King <rmk+lkml@arm.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 15:52:17 -07:00
Linus Torvalds
a07921bcd5 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-x86setup
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-x86setup:
  [x86 setup] Handle case of improperly terminated E820 chain
2007-09-26 15:43:55 -07:00
Linus Torvalds
f7f847b015 Revert "x86-64: Disable local APIC timer use on AMD systems with C1E"
This reverts commit e66485d747, since
Rafael Wysocki noticed that the change only works for his in -mm, not in
mainline (and that both "noapictimer" _and_ "apicmaintimer" are broken
on his hardware, but that's apparently not a regression, just a symptom
of the same issue that causes the automatic apic timer disable to not
work).

It turns out that it really doesn't work correctly on x86-64, since
x86-64 doesn't use the generic clock events for timers yet.

Thanks to Rafal for testing, and here's the ugly details on x86-64 as
per Thomas:

  "I just looked into the code and the logic vs.  noapictimer on SMP is
   completely broken.

   On i386 the noapictimer option not only disables the local APIC
   timer, it also registers the CPUs for broadcasting via IPI on SMP
   systems.

   The x86-64 code uses the broadcast only when the local apic timer is
   active, i.e.  "noapictimer" is not on the command line.  This defeats
   the whole purpose of "noapictimer".  It should be there to make boxen
   work, where the local APIC timer actually has a hardware problem,
   e.g.  the nx6325.

   The current implementation of x86_64 only fixes the ACPI c-states
   related problem where the APIC timer stops in C3(2), nothing else.

   On nx6325 and other AMD X2 equipped systems which have the C1E
   enabled we run into the following:

   PIT keeps jiffies (and the system) running, but the local APIC timer
   interrupts can get out of sync due to this C1E effect.

   I don't think this is a critical problem, but it is wrong
   nevertheless.

   I think it's safe to revert the C1E patch and postpone the fix to the
   clock events conversion."

On further reflection, Thomas noted:

   "It's even worse than I thought on the first check:

    "noapictimer" on the command line of an SMP box prevents _ONLY_ the
    boot CPU apic timer from being used.  But the secondary CPU is still
    unconditionally setting up the APIC timer and uses the non
    calibrated variable calibration_result, which is of course 0, to
    setup the APIC timer.  Wreckage guaranteed."

so we'll just have to wait for the x86 merge to hopefully fix this up
for x86-64.

Tested-and-requested-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 15:43:41 -07:00
H. Peter Anvin
2efa33f81e [x86 setup] Handle case of improperly terminated E820 chain
At least one system (a Geode system with a Digital Logic BIOS) has
been found which suddenly stops reporting the SMAP signature when
reading the E820 memory chain.  We can't know what, exactly, broke in
the BIOS, so if we detect this situation, declare the E820 data
unusable and fall back to E801.

Also, revert to original behavior of always probing all memory
methods; that way all the memory information is available to the
kernel.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Jordan Crouse <jordan.crouse@amd.com>
Cc: Joerg Pommnitz <pommnitz@yahoo.com>
2007-09-26 14:15:04 -07:00
Jeremy Fitzhardinge
df912ea4ae xen: execve's error paths don't pin the mm before unpinning
execve's error paths don't activate (and therefore pin) the mm before
calling exit_mmap to free it up, so don't try to unpin unless it is
actually pinned.  This prevents a BUG_ON from triggering.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Cc: Christian Ostheimer <osth@freesurf.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:27:14 -07:00
Thomas Gleixner
e66485d747 x86-64: Disable local APIC timer use on AMD systems with C1E
commit 3556ddfa92 titled

 [PATCH] x86-64: Disable local APIC timer use on AMD systems with C1E

solves a problem with AMD dual core laptops e.g. HP nx6325 (Turion 64
X2) with C1E enabled:

When both cores go into idle at the same time, then the system switches
into C1E state, which is basically the same as C3. This stops the local
apic timer.

This was debugged right after the dyntick merge on i386 and despite the
patch title it fixes only the 32 bit path.

x86_64 is still missing this fix. It seems that mainline is not really
affected by this issue, as the PIT is running and keeps jiffies
incrementing, but that's just waiting for trouble.

-mm suffers from this problem due to the x86_64 high resolution timer
patches.

This is a quick and dirty port of the i386 code to x86_64.

I spent quite a time with Rafael to debug the -mm / hrt wreckage until
someone pointed us to this. I really had forgotten that we debugged this
half a year ago already.

Sigh, is it just me or is there something yelling arch/x86 into my ear?

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
S.Çağlar Onur
3dffec45c2 Silent drivers/char/hpet.c build warnings on i386
Following patch silents;

...
drivers/char/hpet.c:72: warning: 'clocksource_hpet' defined but not used
drivers/char/hpet.c:81: warning: 'hpet_clocksource' defined but not used
...

build warnings on i386, they appeared after commit 3b2b64fd31

Signed-off-by: S.Çağlar Onur <caglar@pardus.org.tr>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
--
 drivers/char/hpet.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
2007-09-26 09:22:04 -07:00
Trond Myklebust
255129d1e9 NLM: Fix a circular lock dependency in lockd
The problem is that the garbage collector for the 'host' structures
nlm_gc_hosts(), holds nlm_host_mutex while calling down to
nlmsvc_mark_resources, which, eventually takes the file->f_mutex.

We cannot therefore call nlmsvc_lookup_host() from within
nlmsvc_create_block, since the caller will already hold file->f_mutex, so
the attempt to grab nlm_host_mutex may deadlock.

Fix the problem by calling nlmsvc_lookup_host() outside the file->f_mutex.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Chris Malley
f6a592e8ab lguest example launcher truncates block device file to 0 length on problems
The function should also use ftruncate64() rather than ftruncate() to prevent
files over 4GB (not uncommon for a root filesystem) being zeroed.

Signed-off-by: Chris Malley <mail@chrismalley.co.uk>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Al Viro
78bd8fbbcd fix sctp_del_bind_addr() last argument type
It gets pointer to fastcall function, expects a pointer to normal
one and calls the sucker.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Al Viro
459685c75b hibernation doesn't even build on frv - tons of helpers are missing
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-By: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Al Viro
d8c4a2f9d9 mv643xx_eth: duplicate methods in initializer
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Al Viro
ed4d6375a1 usbvision-video: buggered method tables
duplicated .mmap in one, .vidioc_s_audio misspelled as .vidioc_g_audio
in other

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:22:04 -07:00
Linus Torvalds
5309809129 Add explicit zeroing to "envp" array in device 'show' method
As Stephen Hemminger says, this is a "belt and suspenders" patch that
zeroes the envp array at allocation time, even though all the users
should NULL-terminate it anyway (and we've hopefully fixed everybody
that doesn't do that).

And we'll apparently clean the whole envp thing up for 2.6.24 anyway.

But let's just be robust, and do both this *and* make sure that all
users are doing the right thing.

Acked-by: Stephen Hemminger <shemminger@linux-foundation.org>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-26 09:16:21 -07:00
Linus Torvalds
544002ef83 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] esp: fix instance numbering.
2007-09-26 09:08:04 -07:00
Linus Torvalds
aa9d40de77 Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
  [POWERPC] spufs: fix mismerge, making context signal{1,2} files readable again
2007-09-26 09:00:04 -07:00
Linus Torvalds
d85f57938a Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [PPP_MPPE]: Don't put InterimKey on the stack
  SCTP : Add paramters validity check for ASCONF chunk
  SCTP: Discard OOTB packetes with bundled INIT early.
  SCTP: Clean up OOTB handling and fix infinite loop processing
  SCTP: Explicitely discard OOTB chunks
  SCTP: Send ABORT chunk with correct tag in response to INIT ACK
  SCTP: Validate buffer room when processing sequential chunks
  [PATCH] mac80211: fix initialisation when built-in
  [PATCH] net/mac80211/wme.c: fix sparse warning
  [PATCH] cfg80211: fix initialisation if built-in
  [PATCH] net/wireless/sysfs.c: Shut up build warning
2007-09-26 08:59:41 -07:00
Linus Torvalds
acbbe6c28a Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SUNSAB]: Fix broken SYSRQ.
2007-09-26 08:58:45 -07:00
Linus Torvalds
9a22e330e9 Merge branch 'trivial' of git://git.kernel.dk/data/git/linux-2.6-block
* 'trivial' of git://git.kernel.dk/data/git/linux-2.6-block:
  cdrom_open() forgets to unlock on -EROFS failure exits
2007-09-26 08:58:13 -07:00
Linus Torvalds
4d3fac0871 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  pata_sis: add missing UDMA5 timing value in sis_66_set_dmamode()
  sata_sil24: fix IRQ clearing race when PCIX_IRQ_WOC is used
2007-09-26 08:57:27 -07:00
Linus Torvalds
1f23f4209f Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
  ACPI: hpet: ACPI Error (utglobal-0126): Unknown exception code: 0xFFFFFFF0
  ACPI: CONFIG_ACPI_SLEEP=n power off regression in 2.6.23-rc8 (NOT in rc7)
  ACPI: suspend: build-fix for CONFIG_SUSPEND=n and CONFIG_HIBERNATION=y
2007-09-26 08:56:28 -07:00
Linus Torvalds
e4b42be77e Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  [PATCH] WE : Add missing auth compat-ioctl
  [PATCH] softmac: Fix inability to associate with WEP networks
2007-09-26 08:55:54 -07:00
Jeremy Kerr
603c461250 [POWERPC] spufs: fix mismerge, making context signal{1,2} files readable again
The commit 8b6f50ef1d seems to have
been affected by a mismerge of a duplicate patch
(d054b36ffd) - both the
spufs_dir_contents and spufs_dir_nosched_contents have been given
write-only signal notification files.

This change reverts the spufs_dir_contents array to use the
readable signal notification file implementation.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Acked-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-09-26 19:47:07 +10:00
Al Viro
ae3ba4fd96 cdrom_open() forgets to unlock on -EROFS failure exits
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
2007-09-26 08:20:44 +02:00
Michal Schmidt
45dfd5b5dd [PPP_MPPE]: Don't put InterimKey on the stack
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-25 23:05:39 -07:00
Wei Yongjun
6f4c618ddb SCTP : Add paramters validity check for ASCONF chunk
If ADDIP is enabled, when an ASCONF chunk is received with ASCONF
paramter length set to zero, this will cause infinite loop.
By the way, if an malformed ASCONF chunk is received, will cause
processing to access memory without verifying.

This is because of not check the validity of parameters in ASCONF chunk.
This patch fixed this.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:49 -07:00
Vlad Yasevich
3c77f961b5 SCTP: Discard OOTB packetes with bundled INIT early.
RFC 4460 and future RFC 4960 (2960-bis) specify that packets
with bundled INIT chunks need to be dropped.  We currenlty do
that only after processing any leading chunks.  For OOTB chunks,
since we already walk the entire packet, we should discard packets
with bundled INITs.

There are other chunks chunks that MUST NOT be bundled, but the spec
is silent on theire treatment.  Thus, we'll leave their teatment
alone for the moment.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Wei Yongjun <yjwei@cn.fujitsu.com>
2007-09-25 22:55:48 -07:00
Vlad Yasevich
ece25dfa09 SCTP: Clean up OOTB handling and fix infinite loop processing
While processing OOTB chunks as well as chunks with an invalid
length of 0, it was possible to SCTP to get wedged inside an
infinite loop because we didn't catch the condition correctly,
or didn't mark the packet for discard correctly.
This work is based on original findings and work by
Wei Yongjun <yjwei@cn.fujitsu.com>

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:47 -07:00
Vlad Yasevich
d3f259687f SCTP: Explicitely discard OOTB chunks
Explicitely discard OOTB chunks, whether the result is a
SHUTDOWN COMPLETE or an ABORT.  We need to discard the OOTB
SHUTDOWN ACK to prevent bombing attackes since responsed
MUST NOT be bundled.  We also explicietely discard in the
ABORT case since that function is widely used internally.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
2007-09-25 22:55:47 -07:00
Wei Yongjun
02c4e12c64 SCTP: Send ABORT chunk with correct tag in response to INIT ACK
When SCTP client received an INIT ACK chunk with missing mandatory
parameter such as "cookie parameter", it will send back a ABORT
with T-bit not set and verification tag is set to 0.
This is because before we accept this INIT ACK chunk, we do not know
the peer's tag.  This patch change to reflect vtag when responding to
INIT ACK with missing mandatory parameter.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:46 -07:00
Vlad Yasevich
a09c83847b SCTP: Validate buffer room when processing sequential chunks
When we process bundled chunks, we need to make sure that
the skb has the buffer for each header since we assume it's
always there.  Some malicious node can send us something like
DATA + 2 bytes and we'll try to walk off the end refrencing
potentially uninitialized memory.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25 22:55:45 -07:00
Johannes Berg
ca9938fea5 [PATCH] mac80211: fix initialisation when built-in
When mac80211 is built into the kernel it needs to init earlier
so that device registrations are run after it has initialised.
The same applies to rate control algorithms.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:45 -07:00
Johannes Berg
136e83d6b8 [PATCH] net/mac80211/wme.c: fix sparse warning
wme.c triggers a sparse warning; it wasn't noticed before because until
recently ARRAY_SIZE triggered a sparse error.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2007-09-25 22:55:44 -07:00