Commit Graph

32893 Commits

Author SHA1 Message Date
Jon Mason
d2105b10fe [PATCH] x86_64: Calgary IOMMU - Multi-Node NULL pointer dereference fix
Calgary hits a NULL pointer dereference when booting in a multi-chassis
NUMA system.  See Redhat bugzilla number 198498, found by Konrad
Rzeszutek (konradr@redhat.com).

There are many issues that had to be resolved to fix this problem.
Firstly when I originally wrote the code to handle NUMA systems, I
had a large misunderstanding that was not corrected until now.  That was
that I thought the "number of nodes online" referred to number of
physical systems connected.  So that if NUMA was disabled, there
would only be 1 node and it would only show that node's PCI bus.
In reality if NUMA is disabled, the system displays all of the
connected chassis as one node but is only ignorant of the delays
in accessing main memory.  Therefore, references to num_online_nodes()
and MAX_NUMNODES are incorrect and need to be set to the maximum
number of nodes that can be accessed (which are 8).  I created a
variable, MAX_NUM_CHASSIS, and set it to 8 to fix this.

Secondly, when walking the PCI in detect_calgary, the code only
checked the first "slot" when looking to see if a device is present.
This will work for most cases, but unfortunately it isn't always the
case.  In the NUMA MXE drawers, there are USB devices present on the
3rd slot (with slot 1 being empty).  So, to work around this, all
slots (up to 8) are scanned to see if there are any devices present.

Lastly, the bus is being enumerated on large systems in a different
way the we originally thought.  This throws the ugly logic we had
out the window.  To more elegantly handle this, I reorganized the
kva array to be sparse (which removed the need to have any bus number
to kva slot logic in tce.c) and created a secondary space array to
contain the bus number to phb mapping.

With these changes Calgary boots on an x460 with 4 nodes with and
without NUMA enabled.

Signed-off-by: Jon Mason <jdmason@us.ibm.com>
Signed-off-by: Muli Ben-Yehuda <muli@il.ibm.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-29 20:59:55 -07:00
Muli Ben-Yehuda
089bbbcb36 [PATCH] x86_64: Calgary IOMMU - fix off by one error
Fixed off-by-one error in detect_calgary and calgary_init which will
cause arrays to overflow.  Also, removed impossible to hit BUG_ON.

Signed-off-by: Jon Mason <jdmason@us.ibm.com>
Signed-off-by: Muli Ben-Yehuda <muli@il.ibm.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-29 20:59:55 -07:00
Andi Kleen
0e5f61b00c [PATCH] x86_64: On Intel systems when CPU has C3 don't use TSC
On Intel systems generally the TSC stops in C3 or deeper,
so don't use it there. Follows similar logic on i386.

This should fix problems on Meroms.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-29 20:59:55 -07:00
Andi Kleen
260f659b23 [PATCH] x86_64: Update defconfig
Update defconfig

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-29 20:59:55 -07:00
Linus Torvalds
dc710afe95 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  [libata] sata_promise: comment out duplicate PCI ID
  [PATCH] libata: improve EH action and EHI flag handling
  [PATCH] libata: fix eh_skip_recovery condition
  [PATCH] libata: fix autopsy ehc->i.action and ehc->i.dev handling
2006-07-28 22:47:44 -07:00
Jeff Garzik
ab3b3fd381 Merge branch 'master' into upstream-fixes 2006-07-29 01:39:17 -04:00
Jeff Garzik
4da3dcf346 Merge branch 'upstream' of git://electric-eye.fr.zoreil.com/home/romieu/linux-2.6 into upstream-fixes 2006-07-29 01:26:51 -04:00
Stephen Hemminger
187ff3b857 [PATCH] skge: chip clock rate typo
Okay, Fix both typo's in one patch .The impact is that the incorrect value
was being computed for blinking LED and interrupt moderation values.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-07-29 01:23:51 -04:00
Brice Goglin
9a71db721a [PATCH] myri10ge - Always do a dummy RDMA after loading the firmware
Always do a dummy RDMA after loading the firmware to work around
buggy PCIe chipsets which do not implement resending properly.
This is so cheap as to be almost free, and should never have been
conditional on the tx boundary != 4096.

Signed-off-by: Brice Goglin <brice@myri.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-07-29 01:23:51 -04:00
Jeff Garzik
5b84b6fa9b Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes 2006-07-29 00:32:29 -04:00
Ingo Molnar
e3f2ddeac7 [PATCH] pi-futex: robust-futex exit
Fix robust PI-futexes to be properly unlocked on unexpected exit.

For this to work the kernel has to know whether a futex is a PI or a
non-PI one, because the semantics are different.  Since the space in
relevant glibc data structures is extremely scarce, the best solution is
to encode the 'PI' information in bit 0 of the robust list pointer.
Existing (non-PI) glibc robust futexes have this bit always zero, so the
ABI is kept.  New glibc with PI-robust-futexes will set this bit.

Further fixes from Thomas Gleixner <tglx@linutronix.de>

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 21:02:00 -07:00
Ingo Molnar
627371d73c [PATCH] pi-futex: robust-futex exit crash fix
Fix pi_state->list handling bugs: list handling mishap, locking error.
Plus add more debug checks and fix a few style issues i noticed while
debugging this.

(reported by Ulrich Drepper and Jakub Jelinek.)

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 21:02:00 -07:00
Andi Kleen
c97d20a6c5 [PATCH] i386: Do backtrace fallback too
Similar patch to earlier x86-64 patch. When the dwarf2 unwinder fails
dump the left over stack with the old unwinder.

Also some clarifications in the headers.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
Andi Kleen
b783fd925c [PATCH] x86_64: Document backtracer selection options
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
Andi Kleen
b13761ecd1 [PATCH] x86_64: Dump leftover backtrace entries when dwarf2 unwinder got stuck
The dwarf2 unwinder currently often gets stuck because a lot
of assembly code doesn't have proper dwarf2 annotiation yet.

This currently often happens with __down. Should fix this by
adding proper dwarf2 annotation to all inline assembly. However
until that's done we need a quick fix for 2.6.18 to avoid
incomplete backtraces.

So when this happens dump the rest of the stack with the old unwinder
instead of silently not dumping it. There was already a optional
"both" mode that dumped both, but that was too ugly.

I also clarified the headers for the different backtraces a bit.

Also add a clear error message for missing dwarf2
annotation that people can work on.

And I removed a dead variable left over from Ingo's changes.

Cc: mingo@elte.hu
Cc: jbeulich@novell.com
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
bibo mao
a4045dff78 [PATCH] x86_64: Enlarge debug stack for nested kprobes
In x86_64 platform, INT1 and INT3 trap stack is IST stack called DEBUG_STACK,
when INT1/INT3 trap happens, system will switch to DEBUG_STACK by hardware.
Current DEBUG_STACK size is 4K, when int1/int3 trap happens, kernel will
minus current DEBUG_STACK IST value by 4k. But if int3/int1 trap is nested,
it will destroy other vector's IST stack. This patch modifies this, it sets
DEBUG_STACK size as 8K and allows two level of nested int1/int3 trap.

Kprobe DEBUG_STACK may be nested, because kprobe handler may be probed
by other kprobes.

Thanks jbeulich for pointing out error in the first patch.

[AK: nested kprobes are pretty dubious. Hopefully one nest
will be enough. This will cost 8K per CPU (4K more than before)]

Signed-off-by: bibo, mao <bibo.mao@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
Andi Kleen
0e92da4acb [PATCH] x86_64: Don't clobber r8-r11 in int 0x80 handler
When int 0x80 is called from long mode r8-r11 would leak out of the
kernel (or rather they would be filled with some values from
the kernel stack). I don't think it's a security issue because
the values come from the fixed stack frame which should be near
always user registers from a previous interrupt.

Still better fix it.

Longer term the register save macros need to be cleaned up
to avoid such mistakes in the future.

Original analysis from Richard Brunner, fix by me.

Cc: Richard.Brunner@amd.com

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
Andi Kleen
d5a2601734 [PATCH] i386/x86-64: Add user_mode checks to profile_pc for oprofile
Fixes a obscure user space triggerable crash during oprofiling.

Oprofile calls profile_pc from NMIs even when user_mode(regs) is not true and
the program counter is inside the kernel lock section. This opens
a race - when a user program jumps to a kernel lock address and
a NMI happens before the illegal page fault exception is raised
and the program has a unmapped esp or ebp then the kernel could
oops. NMIs have a higher priority than exceptions so that could
happen.

Add user_mode checks to i386/x86-64 profile_pc to prevent that.

Cc: John Levon <levon@movementarian.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:28:00 -07:00
Linus Torvalds
5d2edfe004 Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
  [S390] update default configuration
  [S390] duplicate ccw devices in ccwgroup.
  [S390] permanent subchannel busy conditions may cause I/O stall
2006-07-28 19:25:02 -07:00
Linus Torvalds
9d22e6d7ad Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SUNLANCE]: fix compilation on sparc-UP
  [SPARC]: Defer clock_probe to fs_initcall()
  [SPARC64]: Fix typo in pgprot_noncached().
  [SPARC64]: Fix quad-float multiply emulation.
2006-07-28 19:24:38 -07:00
Linus Torvalds
159099dc3d Merge git://oss.sgi.com:8090/nathans/xfs-rc-2.6
* git://oss.sgi.com:8090/nathans/xfs-rc-2.6:
  [XFS] Ensure bulkstat from an invalid inode number gets caught always with
  [XFS] Fix a barrier related forced shutdown on mounts with quota enabled.
  [XFS] Fix remount vs no/barrier options by ensuring we clear unwanted
  [XFS] All xfs_disk_dquot_t values are (as the name says) disk endian.
2006-07-28 19:24:16 -07:00
Linus Torvalds
16585e76a7 Merge branch 'for-linus' of git://brick.kernel.dk/data/git/linux-2.6-block
* 'for-linus' of git://brick.kernel.dk/data/git/linux-2.6-block:
  [PATCH] scsi: kill overeager "not-ready" messages
  [PATCH] it821x: fix ide dma setup bug
  [PATCH] ide: if the id fields looks screwy, disable DMA
  [PATCH] ide: option to disable cache flushes for buggy drives
2006-07-28 19:23:40 -07:00
Chuck Ebbert
facf014792 [PATCH] i386: switch_to(): misplaced parentheses
Recent changes in i386 __switch_to() have a misplaced closing
parenthesis causing an unlikely() to terminate early.

Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-28 19:22:35 -07:00
Alexey Dobriyan
93853fd0d4 [SUNLANCE]: fix compilation on sparc-UP
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-28 01:09:40 -07:00
Nathan Scott
41ff715abc [XFS] Ensure bulkstat from an invalid inode number gets caught always with
EINVAL.

SGI-PV: 953819
SGI-Modid: xfs-linux-melb:xfs-kern:26629a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-07-28 17:05:51 +10:00
Nathan Scott
b2ea401bac [XFS] Fix a barrier related forced shutdown on mounts with quota enabled.
SGI-PV: 912426
SGI-Modid: xfs-linux-melb:xfs-kern:26622a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-07-28 17:05:13 +10:00
Nathan Scott
f5faad7994 [XFS] Fix remount vs no/barrier options by ensuring we clear unwanted
flags from iclog buffers before submitting them for writing.

SGI-PV: 954772
SGI-Modid: xfs-linux-melb:xfs-kern:26605a

Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-07-28 17:04:44 +10:00
Christoph Hellwig
2a293b7d5a [XFS] All xfs_disk_dquot_t values are (as the name says) disk endian.
Before putting them into struct statfs they should be endian-swapped.

SGI-PV: 954580
SGI-Modid: xfs-linux-melb:xfs-kern:26550a

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Nathan Scott <nathans@sgi.com>
2006-07-28 17:04:26 +10:00
Jens Axboe
a75ad3c27a [PATCH] scsi: kill overeager "not-ready" messages
HAL and friends have a tendency to trigger this one all the time.
It's not really interesting, so kill it. The vendor kernels all do
anyways.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-28 09:04:09 +02:00
Jens Axboe
71ef51cc17 [PATCH] it821x: fix ide dma setup bug
Only enable dma for a valid speed setting.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-28 09:02:17 +02:00
Jens Axboe
0a8348d086 [PATCH] ide: if the id fields looks screwy, disable DMA
It's the safer choice. Originally due to a bug in itx821x, but a
generally sound thing to do.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-28 08:58:26 +02:00
Jens Axboe
361934849e [PATCH] ide: option to disable cache flushes for buggy drives
Some drives claim they support cache flushing, but get seriously
confused if you try. Add this option to be able to boot with
barriers enabled by default.

Signed-off-by: Jens Axboe <axboe@suse.de>
2006-07-28 08:54:59 +02:00
Bob Breuer
96ba989d22 [SPARC]: Defer clock_probe to fs_initcall()
From: Bob Breuer <breuerr@mc.net>

That way all the of_driver bits will be ready.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-27 22:08:01 -07:00
David S. Miller
b8cfac4c2f [SPARC64]: Fix typo in pgprot_noncached().
The sun4v code sequence was or'ing in the sun4u pte bits by mistake.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-27 17:57:32 -07:00
David S. Miller
92f282988b [SPARC64]: Fix quad-float multiply emulation.
Something is wrong with the 3-multiply (vs. 4-multiply) optimized
version of _FP_MUL_MEAT_2_*(), so just use the slower version
which actually computes correct values.

Noticed by Rene Rebe

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-27 16:49:21 -07:00
Chuck Ebbert
ca0084fa90 [PATCH] ieee80211: TKIP requires CRC32
ieee80211_crypt_tkip will not work without CRC32.

  LD      .tmp_vmlinux1
net/built-in.o: In function `ieee80211_tkip_encrypt':
net/ieee80211/ieee80211_crypt_tkip.c:349: undefined reference to `crc32_le'

Reported by Toralf Foerster <toralf.foerster@gmx.de>

Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:31 -04:00
Dan Williams
fe397d469f [PATCH] orinoco: fix setting transmit key only
When determining whether there's a key to set or not, orinoco should be
looking at the key length, not the key data.  Otherwise confusion reigns
when trying to set TX key only, passing in zero-length key, but non-NULL
pointer.  Key length takes precedence over non-NULL key data.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:31 -04:00
Daniel Drake
345f6b8beb [PATCH] softmac: do shared key auth in workqueue
Johann Uhrmann reported a bcm43xx crash and Michael Buesch tracked
it down to a problem with the new shared key auth code (recursive
calls into the driver)

This patch (effectively Michael's patch with a couple of small
modifications) solves the problem by sending the authentication
challenge response frame from a workqueue entry.

I also removed a lone \n from the bcm43xx messages relating to
authentication mode - this small change was previously discussed but
not patched in.

Signed-off-by: Daniel Drake <dsd@gentoo.org>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:30 -04:00
Robert Schulze
8fa9ea18e8 [PATCH] airo: should select crypto_aes
The driver airo (for Cisco Wlan-Cards) complains about "failed to load
transform for AES", when it is loaded and CRYPTO_AES is not selected
in Kconfig.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:30 -04:00
Pavel Machek
d91928e906 [PATCH] zd1201: workaround interference problem
zd1201 has nasty tendency to emit magicall anti-wifi cloud when it is
inserted into slot, but not used.

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-07-27 14:37:30 -04:00
Martin Schwidefsky
468310a8a7 [S390] update default configuration
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-07-27 14:04:57 +02:00
Cornelia Huck
1708822984 [S390] duplicate ccw devices in ccwgroup.
Fail to create a ccwgroup device if a ccw device is passed in twice.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-07-27 14:00:33 +02:00
Peter Oberparleiter
ba4ba8a69d [S390] permanent subchannel busy conditions may cause I/O stall
In special conditions where a subchannel rejects the HALT I/O-
instruction with a busy indication (cc 2), I/O may stall.
I/O request termination logic retries HALT I/O indefinitely
because it expects HALT I/O to alter the subchannel status which
is not true when cc 2 is returned.
In case of a busy indication, try CLEAR I/O instruction immediately.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-07-27 14:00:23 +02:00
Christoph Hellwig
64821324ca [PATCH] fix compile regression for a few scsi drivers
This fixes three drivers to compile again after my patch that removes
the data_cmnd member from struct scsi_cmnd.

The fas216 change is trivial, it should have been using ->cmnd all the
time.

NCR53C9 (which seem to be mostly duplicate driver with esp.c!) is doing
something odd, it should only have looked at ->cmnd before not the saved
copy that is kept for the error handlers sake.  Note that it really
should deal with the sync setting themselves but use the generic domain
validation code that get this right - but that's for later let's push
this simple compile fix for now.

And sorry for the late fix for this, I have been busy with OLS and
associated activities last week.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-26 07:30:45 -07:00
Linus Torvalds
dab5025ca2 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SCSI] esp: Fix build.
  [SPARC]: Fix SA_STATIC_ALLOC value.
  [SPARC64]: Explicitly print return PC when the kernel fault PC is bogus.
2006-07-26 07:22:36 -07:00
Linus Torvalds
761a126017 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IPV4/IPV6]: Setting 0 for unused port field in RAW IP recvmsg().
  [IPV4] ipmr: ip multicast route bug fix.
  [TG3]: Update version and reldate
  [TG3]: Handle tg3_init_rings() failures
  [TG3]: Add tg3_restart_hw()
  [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags.
  [IPV6]: Clean skb cb on IPv6 input.
  [NETFILTER]: Demote xt_sctp to EXPERIMENTAL
  [NETFILTER]: bridge netfilter: add deferred output hooks to feature-removal-schedule
  [NETFILTER]: xt_pkttype: fix mismatches on locally generated packets
  [NETFILTER]: SNMP NAT: fix byteorder confusion
  [NETFILTER]: conntrack: fix SYSCTL=n compile
  [NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
  [NETFILTER]: H.323 helper: fix possible NULL-ptr dereference
2006-07-26 07:22:10 -07:00
Arjan van de Ven
153d7f3fca [PATCH] Reorganize the cpufreq cpu hotplug locking to not be totally bizare
The patch below moves the cpu hotplugging higher up in the cpufreq
layering; this is needed to avoid recursive taking of the cpu hotplug
lock and to otherwise detangle the mess.

The new rules are:
1. you must do lock_cpu_hotplug() around the following functions:
   __cpufreq_driver_target
   __cpufreq_governor (for CPUFREQ_GOV_LIMITS operation only)
   __cpufreq_set_policy
2. governer methods (.governer) must NOT take the lock_cpu_hotplug()
   lock in any way; they are called with the lock taken already
3. if your governer spawns a thread that does things, like calling
   __cpufreq_driver_target, your thread must honor rule #1.
4. the policy lock and other cpufreq internal locks nest within
   the lock_cpu_hotplug() lock.

I'm not entirely happy about how the __cpufreq_governor rule ended up
(conditional locking rule depending on the argument) but basically all
callers pass this as a constant so it's not too horrible.

The patch also removes the cpufreq_governor() function since during the
locking audit it turned out to be entirely unused (so no need to fix it)

The patch works on my testbox, but it could use more testing
(otoh... it can't be much worse than the current code)

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-26 07:21:40 -07:00
Tetsuo Handa
f59fc7f30b [IPV4/IPV6]: Setting 0 for unused port field in RAW IP recvmsg().
From: Tetsuo Handa from-linux-kernel@i-love.sakura.ne.jp

The recvmsg() for raw socket seems to return random u16 value
from the kernel stack memory since port field is not initialized.
But I'm not sure this patch is correct.
Does raw socket return any information stored in port field?

[ BSD defines RAW IP recvmsg to return a sin_port value of zero.
  This is described in Steven's TCP/IP Illustrated Volume 2 on
  page 1055, which is discussing the BSD rip_input() implementation. ]
    
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 17:05:35 -07:00
Alexey Kuznetsov
7228749092 [IPV4] ipmr: ip multicast route bug fix.
IP multicast route code was reusing an skb which causes use after free
and double free.

From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>

Note, it is real skb_clone(), not alloc_skb(). Equeued skb contains
the whole half-prepared netlink message plus room for the rest.
It could be also skb_copy(), if we want to be puristic about mangling
cloned data, but original copy is really not going to be used.  

Acked-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:45:12 -07:00
Michael Chan
b6e77a5346 [TG3]: Update version and reldate
Update version to 3.63.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-07-25 16:39:12 -07:00