David Woodhouse [Wed, 22 Jun 2005 14:04:33 +0000 (15:04 +0100)]
AUDIT: Wait for backlog to clear when generating messages.
Add a gfp_mask to audit_log_start() and audit_log(), to reduce the
amount of GFP_ATOMIC allocation -- most of it doesn't need to be
GFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to
60 seconds for the auditd backlog to clear instead of immediately
abandoning the message.
The timeout should probably be made configurable, but for now it'll
suffice that it only happens if auditd is actually running.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Tue, 21 Jun 2005 15:22:01 +0000 (16:22 +0100)]
AUDIT: Spawn kernel thread to list filter rules.
If we have enough rules to fill the netlink buffer space, it'll
deadlock because auditctl isn't ever actually going to read from the
socket until we return, and we aren't going to return until it
reads... so we spawn a kernel thread to spew out the list and then
exit.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Mon, 20 Jun 2005 15:11:05 +0000 (16:11 +0100)]
AUDIT: Report lookup flags with path/inode records.
When LOOKUP_PARENT is used, the inode which results is not the inode
found at the pathname. Report the flags so that this doesn't generate
misleading audit records.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 19 Jun 2005 18:35:50 +0000 (19:35 +0100)]
AUDIT: Allow filtering of user messages
Turn the field from a bitmask to an enumeration and add a list to allow
filtering of messages generated by userspace. We also define a list for
file system watches in anticipation of that feature.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Jesper Juhl [Sun, 19 Jun 2005 06:00:34 +0000 (23:00 -0700)]
[IPV4]: [4/4] signed vs unsigned cleanup in net/ipv4/raw.c
This patch changes the type of the third parameter 'length' of the
raw_send_hdrinc() function from 'int' to 'size_t'.
This makes sense since this function is only ever called from one
location, and the value passed as the third parameter in that location is
itself of type size_t, so this makes the recieving functions parameter
type match. Also, inside raw_send_hdrinc() the 'length' variable is
used in comparisons with unsigned values and passed as parameter to
functions expecting unsigned values (it's used in a single comparison with
a signed value, but that one can never actually be negative so the patch
also casts that one to size_t to stop gcc worrying, and it is passed in a
single instance to memcpy_fromiovecend() which expects a signed int, but
as far as I can see that's not a problem since the value of 'length'
shouldn't ever exceed the value of a signed int).
Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Sun, 19 Jun 2005 06:00:15 +0000 (23:00 -0700)]
[IPV4]: [3/4] signed vs unsigned cleanup in net/ipv4/raw.c
This patch changes the type of the local variable 'i' in
raw_probe_proto_opt() from 'int' to 'unsigned int'. The only use of 'i' in
this function is as a counter in a for() loop and subsequent index into
the msg->msg_iov[] array.
Since 'i' is compared in a loop to the unsigned variable msg->msg_iovlen
gcc -W generates this warning :
net/ipv4/raw.c:340: warning: comparison between signed and unsigned
Changing 'i' to unsigned silences this warning and is safe since the array
index can never be negative anyway, so unsigned int is the logical type to
use for 'i' and also enables a larger msg_iov[] array (but I don't know if
that will ever matter).
Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Sun, 19 Jun 2005 06:00:00 +0000 (23:00 -0700)]
[IPV4]: [2/4] signed vs unsigned cleanup in net/ipv4/raw.c
This patch gets rid of the following gcc -W warning in net/ipv4/raw.c :
net/ipv4/raw.c:387: warning: comparison of unsigned expression < 0 is always false
Since 'len' is of type size_t it is unsigned and can thus never be <0, and
since this is obvious from the function declaration just a few lines above
I think it's ok to remove the pointless check for len<0.
Signed-off-by: Jesper Juhl <juhl-lkml@dif.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl [Sun, 19 Jun 2005 05:59:45 +0000 (22:59 -0700)]
[IPV4]: [1/4] signed vs unsigned cleanup in net/ipv4/raw.c
This patch silences these two gcc -W warnings in net/ipv4/raw.c :
net/ipv4/raw.c:517: warning: signed and unsigned type in conditional expression
net/ipv4/raw.c:613: warning: signed and unsigned type in conditional expression
It doesn't change the behaviour of the code, simply writes the conditional
expression with plain 'if()' syntax instead of '? :' , but since this
breaks it into sepperate statements gcc no longer complains about having
both a signed and unsigned value in the same conditional expression.
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:58:53 +0000 (22:58 -0700)]
[PKT_SCHED]: Cleanup pfifo_fast qdisc and remove unnecessary code
Removes the skb trimming code which is not needed since we never
touch the skb upon failure. Removes unnecessary initializers,
and simplifies the code a bit.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:58:00 +0000 (22:58 -0700)]
[PKT_SCHED]: Cleanup fifo qdisc and remove unnecessary code
Removes the skb trimming code which is not needed since we never
touch the skb upon failure. Removes unnecessary includes,
initializers, and simplifies the code a bit.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:57:42 +0000 (22:57 -0700)]
[PKT_SCHED]: Transform fifo qdisc to use generic queue management interface
The simplicity of the fifo qdisc allows several qdisc operations to be
redirected to the relevant queue management function directly. Saves
a lot of code lines and gives the pfifo a byte based backlog.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:57:26 +0000 (22:57 -0700)]
[PKT_SCHED]: Generic queue management interface for qdiscs using internal skb queues
Implements an interface to be used by leaf qdiscs maintaining an internal
skb queue. The interface maintains a backlog in bytes additionaly
to the skb_queue_len() maintained by the queue itself. Relevant statistics
get incremented automatically. Every function comes in two variants, one
assuming Qdisc->q is used as queue and the second taking a sk_buff_head
as argument. Be aware that, if you use multiple queues, you still have to
maintain the Qdisc->q.qlen counter yourself.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 19 Jun 2005 05:56:42 +0000 (22:56 -0700)]
[SCTP]: Replace spin_lock_irqsave with spin_lock_bh
This patch replaces the spin_lock_irqsave call on the receive queue
lock in SCTP with spin_lock_bh. Despite the proliferation of
spin_lock_irqsave calls in this stack, it is only entered from the
IPv4/IPv6 stack and user space. That is, it is never entered from
hardirq context.
The call in question is only called from recvmsg which means that
IRQs aren't disabled. Therefore it is safe to replace it with
spin_lock_bh.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 19 Jun 2005 05:56:18 +0000 (22:56 -0700)]
[IPV4/IPV6]: Replace spin_lock_irq with spin_lock_bh
In light of my recent patch to net/ipv4/udp.c that replaced the
spin_lock_irq calls on the receive queue lock with spin_lock_bh,
here is a similar patch for all other occurences of spin_lock_irq
on receive/error queue locks in IPv4 and IPv6.
In these stacks, we know that they can only be entered from user
or softirq context. Therefore it's safe to disable BH only.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Jamal Hadi Salim [Sun, 19 Jun 2005 05:55:51 +0000 (22:55 -0700)]
[NETLINK]: Set correct pid for ioctl originating netlink events
This patch ensures that netlink events created as a result of programns
using ioctls (such as ifconfig, route etc) contains the correct PID of
those events.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 19 Jun 2005 05:54:36 +0000 (22:54 -0700)]
[IPSEC]: Add XFRMA_SA/XFRMA_POLICY for delete notification
This patch changes the format of the XFRM_MSG_DELSA and
XFRM_MSG_DELPOLICY notification so that the main message
sent is of the same format as that received by the kernel
if the original message was via netlink. This also means
that we won't lose the byid information carried in km_event.
Since this user interface is introduced by Jamal's patch
we can still afford to change it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Jamal Hadi Salim [Sun, 19 Jun 2005 05:54:12 +0000 (22:54 -0700)]
[NETLINK]: Correctly set NLM_F_MULTI without checking the pid
This patch rectifies some rtnetlink message builders that derive the
flags from the pid. It is now explicit like the other cases
which get it right. Also fixes half a dozen dumpers which did not
set NLM_F_MULTI at all.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:53:48 +0000 (22:53 -0700)]
[NETLINK]: Introduce NLMSG_NEW macro to better handle netlink flags
Introduces a new macro NLMSG_NEW which extends NLMSG_PUT but takes
a flags argument. NLMSG_PUT stays there for compatibility but now
calls NLMSG_NEW with flags == 0. NLMSG_PUT_ANSWER is renamed to
NLMSG_NEW_ANSWER which now also takes a flags argument.
Also converts the users of NLMSG_PUT_ANSWER to use NLMSG_NEW_ANSWER
and fixes the two direct users of __nlmsg_put to either provide
the flags or use NLMSG_NEW(_ANSWER).
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:52:54 +0000 (22:52 -0700)]
[PKT_SCHED]: Fix dsmark to apply changes consistent
Fixes dsmark to do all configuration sanity checks first and
only apply the changes if all of them can be applied without
any errors. Also fixes the weak sanity checks for DSMARK_VALUE
and DSMASK_MASK.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 19 Jun 2005 05:50:55 +0000 (22:50 -0700)]
[NETLINK]: Neighbour table configuration and statistics via rtnetlink
To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
NLM_F_DUMP flag set. Every neighbour table configuration is
spread over multiple messages to avoid running into message
size limits on systems with many interfaces. The first message
in the sequence transports all not device specific data such as
statistics, configuration, and the default parameter set.
This message is followed by 0..n messages carrying device
specific parameter sets.
Although the ordering should be sufficient, NDTA_NAME can be
used to identify sequences. The initial message can be identified
by checking for NDTA_CONFIG. The device specific messages do
not contain this TLV but have NDTPA_IFINDEX set to the
corresponding interface index.
To change neighbour table attributes, send RTM_SETNEIGHTBL
with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
otherwise. Device specific parameter sets can be changed by
setting NDTPA_IFINDEX to the interface index of the corresponding
device.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
This chunks out the accept_queue and tcp_listen_opt code and moves
them to net/core/request_sock.c and include/net/request_sock.h, to
make it useful for other transport protocols, DCCP being the first one
to use it.
Next patches will rename tcp_listen_opt to accept_sock and remove the
inline tcp functions that just call a reqsk_queue_ function.
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Kept this first changeset minimal, without changing existing names to
ease peer review.
Basicaly tcp_openreq_alloc now receives the or_calltable, that in turn
has two new members:
->slab, that replaces tcp_openreq_cachep
->obj_size, to inform the size of the openreq descendant for
a specific protocol
The protocol specific fields in struct open_request were moved to a
class hierarchy, with the things that are common to all connection
oriented PF_INET protocols in struct inet_request_sock, the TCP ones
in tcp_request_sock, that is an inet_request_sock, that is an
open_request.
I.e. this uses the same approach used for the struct sock class
hierarchy, with sk_prot indicating if the protocol wants to use the
open_request infrastructure by filling in sk_prot->rsk_prot with an
or_calltable.
Results? Performance is improved and TCP v4 now uses only 64 bytes per
open request minisock, down from 96 without this patch :-)
Next changeset will rename some of the structs, fields and functions
mentioned above, struct or_calltable is way unclear, better name it
struct request_sock_ops, s/struct open_request/struct request_sock/g,
etc.
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This is for use with slab users that pass a dynamically allocated slab name in
kmem_cache_create, so that before destroying the slab one can retrieve the name
and free its memory.
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Jamal Hadi Salim [Sun, 19 Jun 2005 05:45:56 +0000 (22:45 -0700)]
[IPSEC] Use NLMSG_LENGTH in xfrm_exp_state_notify
Small fixup to use netlink macros instead of hardcoding.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Sun, 19 Jun 2005 05:45:31 +0000 (22:45 -0700)]
[IPSEC] Fix xfrm_state leaks in error path
Herbert Xu wrote:
> @@ -1254,6 +1326,7 @@ static int pfkey_add(struct sock *sk, st
> if (IS_ERR(x))
> return PTR_ERR(x);
>
> + xfrm_state_hold(x);
This introduces a leak when xfrm_state_add()/xfrm_state_update()
fail. We hold two references (one from xfrm_state_alloc(), one
from xfrm_state_hold()), but only drop one. We need to take the
reference because the reference from xfrm_state_alloc() can
be dropped by __xfrm_state_delete(), so the fix is to drop both
references on error. Same problem in xfrm_user.c.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu [Sun, 19 Jun 2005 05:44:37 +0000 (22:44 -0700)]
[IPSEC] Use XFRM_MSG_* instead of XFRM_SAP_*
This patch removes XFRM_SAP_* and converts them over to XFRM_MSG_*.
The netlink interface is meant to map directly onto the underlying
xfrm subsystem. Therefore rather than using a new independent
representation for the events we can simply use the existing ones
from xfrm_user.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 19 Jun 2005 05:43:43 +0000 (22:43 -0700)]
[IPSEC] Fix xfrm to pfkey SA state conversion
This patch adjusts the SA state conversion in af_key such that
XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
instead of SADB_STATE_DYING.
According to RFC 2367, SADB_STATE_DYING SAs can be turned into
mature ones through updating their lifetime settings. Since SAs
which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
be resurrected, this value is unsuitable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 19 Jun 2005 05:43:22 +0000 (22:43 -0700)]
[IPSEC] Kill spurious hard expire messages
This patch ensures that the hard state/policy expire notifications are
only sent when the state/policy is successfully removed from their
respective tables.
As it is, it's possible for a state/policy to both expire through
reaching a hard limit, as well as being deleted by the user.
Note that this behaviour isn't actually forbidden by RFC 2367.
However, it is a quality of implementation issue.
As an added bonus, the restructuring in this patch will help
eventually in moving the expire notifications from softirq
context into process context, thus improving their reliability.
One important side-effect from this change is that SAs reaching
their hard byte/packet limits are now deleted immediately, just
like SAs that have reached their hard time limits.
Previously they were announced immediately but only deleted after
30 seconds.
This is bad because it prevents the system from issuing an ACQUIRE
command until the existing state was deleted by the user or expires
after the time is up.
In the scenario where the expire notification was lost this introduces
a 30 second delay into the system for no good reason.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jamal Hadi Salim [Sun, 19 Jun 2005 05:42:13 +0000 (22:42 -0700)]
[IPSEC] Add complete xfrm event notification
Heres the final patch.
What this patch provides
- netlink xfrm events
- ability to have events generated by netlink propagated to pfkey
and vice versa.
- fixes the acquire lets-be-happy-with-one-success issue
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jan Beulich [Fri, 17 Jun 2005 20:20:58 +0000 (13:20 -0700)]
[PATCH] console blanking oops fix
When significant delays happen during boot (e.g. with a kernel debugger,
but the problem has also seen in other cases) the timeout for blanking the
console may trigger, but the work scheduler may not have been initialized,
yet. schedule_work() will oops over the null keventd_wq.
Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mika Kukkonen [Sat, 18 Jun 2005 19:49:56 +0000 (22:49 +0300)]
[PATCH] Fix typo in drivers/pci/pci-driver.c
The git commit 794f5bfa77955c4455f6d72d8b0e2bee25f1ff0c
accidentally suffers from a previous typo in that file
(',' instead of ';' in end of line). Patch included.
Signed-off-by: Mika Kukkonen (mikukkon@iki.fi) Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Linus Torvalds [Sat, 18 Jun 2005 18:42:35 +0000 (11:42 -0700)]
Manual merge of rsync://rsync.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6.git
This is a fixed-up version of the broken "upstream-2.6.13" branch, where
I re-did the manual merge of drivers/net/r8169.c by hand, and made sure
the history is all good.
Russell King [Sat, 18 Jun 2005 08:33:31 +0000 (09:33 +0100)]
[PATCH] ARM SMP: Add support for startup of secondary processors
Create a temporary page table to startup secondary processors. This
page table must have a 1:1 virtual/physical mapping for the kernel
in addition to the standard mappings to ensure that the secondary
CPU can enable its MMU safely.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Mark Haverkamp [Fri, 17 Jun 2005 20:38:04 +0000 (13:38 -0700)]
[SCSI] aacraid: regression fix
The fixes for sparse warnings mixed in with the fixups for
the raw_srb handler resulted in a bug that showed up in the 32 bit
environments when trying to issue calls directly to the physical devices
that are part of the arrays (ioctl scsi passthrough).
Received from Mark Salyzyn at adaptec.
Applied comment from Christoph to remove cpu_to_le32(0)
Applied Mark S fix of missing memcpy.
It applies to the scsi-misc-2.6 git tree.
Signed-off-by: Mark Haverkamp <markh@osdl.org> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Kiyoshi Ueda [Fri, 17 Jun 2005 14:15:10 +0000 (16:15 +0200)]
When cfq I/O scheduler is selected, get_request() in __make_request() calls
__cfq_get_queue(). __cfq_get_queue() finds an existing queue (struct
cfq_queue) of the current process for the device and returns it. If it's not
found, __cfq_get_queue() creates and returns a new one if __cfq_get_queue() is
called with __GFP_WAIT flag, or __cfq_get_queue() returns NULL (this means that
get_request() fails) if no __GFP_WAIT flag.
On the other hand, in __make_request(), get_request() is called without
__GFP_WAIT flag at the first time. Thus, the get_request() fails when there is
no existing queue, typically when it's called for the first I/O request of the
process to the device.
Though it will be followed by get_request_wait() for general case,
__make_request() will just end the I/O with an error (EWOULDBLOCK) when the
request was for read-ahead.
Catalin Marinas [Thu, 16 Jun 2005 17:01:11 +0000 (18:01 +0100)]
[PATCH] ARM: 2712/1: Fix the RGB order for the Versatile CLCD
Patch from Catalin Marinas
The current red and blue colours on the Versatile CLCD are
reversed when the 5:6:5 mode is used. The patch sets the proper
bit in the SYS_CLCD register value.
Signed-off-by: Catalin Marinas Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The ELF core dump code has one use of off_t when writing out segments.
Some of the segments may be passed the 2GB limit of an off_t, even on a
32-bit system, so it's important to use loff_t instead. This fixes a
corrupted core dump in the bigcore test in GDB's testsuite.
Signed-off-by: Daniel Jacobowitz <dan@codesourcery.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexandre Oliva [Thu, 16 Jun 2005 05:26:31 +0000 (22:26 -0700)]
[PATCH] sbp2 slab corruption fix
This fixed a problem that showed up in the Fedora development tree a few
weeks before the Fedora Core 4 release, initially as slab corruption, later
as hard crashes on boot up, when slab debugging was disabled for the
release. More details on the history at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158424
The problem is caused by sbp2's use of scsi_host->hostdata[0] to hold a
scsi_id, without explicitly requesting space for it. Since hostdata is
declared as a zero-sized array, we don't get any such space by default, so
it must be explicitly requested. The patch below implements just that.
Tejun Heo [Thu, 16 Jun 2005 10:57:31 +0000 (12:57 +0200)]
This patch fixes q->unplug_thresh condition check in
__elv_add_request(). rq.count[READ] + rq.count[WRITE] can increase
more than one if another thread has allocated a request after the
current request is allocated or in_flight could have changed resulting
in larger-than-one change of nrq, thus breaking the threshold
mechanism.