/[linux-patches]/genpatches-2.6/tags/2.6.19-3/1000_linux-2.6.19.1.patch
Gentoo

Contents of /genpatches-2.6/tags/2.6.19-3/1000_linux-2.6.19.1.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 764 - (show annotations) (download)
Wed Dec 13 00:23:17 2006 UTC (11 years, 7 months ago) by dsd
File size: 47737 byte(s)
2.6.19-3 release
1 diff --git a/arch/i386/kernel/acpi/boot.c b/arch/i386/kernel/acpi/boot.c
2 index d12fb97..c8f96cf 100644
3 --- a/arch/i386/kernel/acpi/boot.c
4 +++ b/arch/i386/kernel/acpi/boot.c
5 @@ -333,7 +333,7 @@ acpi_parse_ioapic(acpi_table_entry_heade
6 /*
7 * Parse Interrupt Source Override for the ACPI SCI
8 */
9 -static void acpi_sci_ioapic_setup(u32 bus_irq, u32 gsi, u16 polarity, u16 trigger)
10 +static void acpi_sci_ioapic_setup(u32 gsi, u16 polarity, u16 trigger)
11 {
12 if (trigger == 0) /* compatible SCI trigger is level */
13 trigger = 3;
14 @@ -353,13 +353,13 @@ static void acpi_sci_ioapic_setup(u32 bu
15 * If GSI is < 16, this will update its flags,
16 * else it will create a new mp_irqs[] entry.
17 */
18 - mp_override_legacy_irq(bus_irq, polarity, trigger, gsi);
19 + mp_override_legacy_irq(gsi, polarity, trigger, gsi);
20
21 /*
22 * stash over-ride to indicate we've been here
23 * and for later update of acpi_fadt
24 */
25 - acpi_sci_override_gsi = bus_irq;
26 + acpi_sci_override_gsi = gsi;
27 return;
28 }
29
30 @@ -377,7 +377,7 @@ acpi_parse_int_src_ovr(acpi_table_entry_
31 acpi_table_print_madt_entry(header);
32
33 if (intsrc->bus_irq == acpi_fadt.sci_int) {
34 - acpi_sci_ioapic_setup(intsrc->bus_irq, intsrc->global_irq,
35 + acpi_sci_ioapic_setup(intsrc->global_irq,
36 intsrc->flags.polarity,
37 intsrc->flags.trigger);
38 return 0;
39 @@ -880,7 +880,7 @@ static int __init acpi_parse_madt_ioapic
40 * pretend we got one so we can set the SCI flags.
41 */
42 if (!acpi_sci_override_gsi)
43 - acpi_sci_ioapic_setup(acpi_fadt.sci_int, acpi_fadt.sci_int, 0, 0);
44 + acpi_sci_ioapic_setup(acpi_fadt.sci_int, 0, 0);
45
46 /* Fill in identity legacy mapings where no override */
47 mp_config_acpi_legacy_irqs();
48 diff --git a/arch/i386/kernel/nmi.c b/arch/i386/kernel/nmi.c
49 index eaafe23..d9df609 100644
50 --- a/arch/i386/kernel/nmi.c
51 +++ b/arch/i386/kernel/nmi.c
52 @@ -192,6 +192,8 @@ static __cpuinit inline int nmi_known_cp
53 return 0;
54 }
55
56 +static int endflag __initdata = 0;
57 +
58 #ifdef CONFIG_SMP
59 /* The performance counters used by NMI_LOCAL_APIC don't trigger when
60 * the CPU is idle. To make sure the NMI watchdog really ticks on all
61 @@ -199,7 +201,6 @@ #ifdef CONFIG_SMP
62 */
63 static __init void nmi_cpu_busy(void *data)
64 {
65 - volatile int *endflag = data;
66 local_irq_enable_in_hardirq();
67 /* Intentionally don't use cpu_relax here. This is
68 to make sure that the performance counter really ticks,
69 @@ -207,14 +208,13 @@ static __init void nmi_cpu_busy(void *da
70 pause instruction. On a real HT machine this is fine because
71 all other CPUs are busy with "useless" delay loops and don't
72 care if they get somewhat less cycles. */
73 - while (*endflag == 0)
74 - barrier();
75 + while (endflag == 0)
76 + mb();
77 }
78 #endif
79
80 static int __init check_nmi_watchdog(void)
81 {
82 - volatile int endflag = 0;
83 unsigned int *prev_nmi_count;
84 int cpu;
85
86 diff --git a/arch/m32r/kernel/entry.S b/arch/m32r/kernel/entry.S
87 index ac6d840..5b01fd2 100644
88 --- a/arch/m32r/kernel/entry.S
89 +++ b/arch/m32r/kernel/entry.S
90 @@ -23,35 +23,35 @@
91 * updated in fork.c:copy_thread, signal.c:do_signal,
92 * ptrace.c and ptrace.h
93 *
94 - * M32Rx/M32R2 M32R
95 - * @(sp) - r4 ditto
96 - * @(0x04,sp) - r5 ditto
97 - * @(0x08,sp) - r6 ditto
98 - * @(0x0c,sp) - *pt_regs ditto
99 - * @(0x10,sp) - r0 ditto
100 - * @(0x14,sp) - r1 ditto
101 - * @(0x18,sp) - r2 ditto
102 - * @(0x1c,sp) - r3 ditto
103 - * @(0x20,sp) - r7 ditto
104 - * @(0x24,sp) - r8 ditto
105 - * @(0x28,sp) - r9 ditto
106 - * @(0x2c,sp) - r10 ditto
107 - * @(0x30,sp) - r11 ditto
108 - * @(0x34,sp) - r12 ditto
109 - * @(0x38,sp) - syscall_nr ditto
110 - * @(0x3c,sp) - acc0h @(0x3c,sp) - acch
111 - * @(0x40,sp) - acc0l @(0x40,sp) - accl
112 - * @(0x44,sp) - acc1h @(0x44,sp) - dummy_acc1h
113 - * @(0x48,sp) - acc1l @(0x48,sp) - dummy_acc1l
114 - * @(0x4c,sp) - psw ditto
115 - * @(0x50,sp) - bpc ditto
116 - * @(0x54,sp) - bbpsw ditto
117 - * @(0x58,sp) - bbpc ditto
118 - * @(0x5c,sp) - spu (cr3) ditto
119 - * @(0x60,sp) - fp (r13) ditto
120 - * @(0x64,sp) - lr (r14) ditto
121 - * @(0x68,sp) - spi (cr2) ditto
122 - * @(0x6c,sp) - orig_r0 ditto
123 + * M32R/M32Rx/M32R2
124 + * @(sp) - r4
125 + * @(0x04,sp) - r5
126 + * @(0x08,sp) - r6
127 + * @(0x0c,sp) - *pt_regs
128 + * @(0x10,sp) - r0
129 + * @(0x14,sp) - r1
130 + * @(0x18,sp) - r2
131 + * @(0x1c,sp) - r3
132 + * @(0x20,sp) - r7
133 + * @(0x24,sp) - r8
134 + * @(0x28,sp) - r9
135 + * @(0x2c,sp) - r10
136 + * @(0x30,sp) - r11
137 + * @(0x34,sp) - r12
138 + * @(0x38,sp) - syscall_nr
139 + * @(0x3c,sp) - acc0h
140 + * @(0x40,sp) - acc0l
141 + * @(0x44,sp) - acc1h ; ISA_DSP_LEVEL2 only
142 + * @(0x48,sp) - acc1l ; ISA_DSP_LEVEL2 only
143 + * @(0x4c,sp) - psw
144 + * @(0x50,sp) - bpc
145 + * @(0x54,sp) - bbpsw
146 + * @(0x58,sp) - bbpc
147 + * @(0x5c,sp) - spu (cr3)
148 + * @(0x60,sp) - fp (r13)
149 + * @(0x64,sp) - lr (r14)
150 + * @(0x68,sp) - spi (cr2)
151 + * @(0x6c,sp) - orig_r0
152 */
153
154 #include <linux/linkage.h>
155 @@ -95,17 +95,10 @@ #define R10(reg) @(0x2C,reg)
156 #define R11(reg) @(0x30,reg)
157 #define R12(reg) @(0x34,reg)
158 #define SYSCALL_NR(reg) @(0x38,reg)
159 -#if defined(CONFIG_ISA_M32R2) && defined(CONFIG_ISA_DSP_LEVEL2)
160 #define ACC0H(reg) @(0x3C,reg)
161 #define ACC0L(reg) @(0x40,reg)
162 #define ACC1H(reg) @(0x44,reg)
163 #define ACC1L(reg) @(0x48,reg)
164 -#elif defined(CONFIG_ISA_M32R2) || defined(CONFIG_ISA_M32R)
165 -#define ACCH(reg) @(0x3C,reg)
166 -#define ACCL(reg) @(0x40,reg)
167 -#else
168 -#error unknown isa configuration
169 -#endif
170 #define PSW(reg) @(0x4C,reg)
171 #define BPC(reg) @(0x50,reg)
172 #define BBPSW(reg) @(0x54,reg)
173 diff --git a/arch/x86_64/kernel/nmi.c b/arch/x86_64/kernel/nmi.c
174 index 7af9cb3..b10b9ef 100644
175 --- a/arch/x86_64/kernel/nmi.c
176 +++ b/arch/x86_64/kernel/nmi.c
177 @@ -190,6 +190,8 @@ void nmi_watchdog_default(void)
178 nmi_watchdog = NMI_IO_APIC;
179 }
180
181 +static int endflag __initdata = 0;
182 +
183 #ifdef CONFIG_SMP
184 /* The performance counters used by NMI_LOCAL_APIC don't trigger when
185 * the CPU is idle. To make sure the NMI watchdog really ticks on all
186 @@ -197,7 +199,6 @@ #ifdef CONFIG_SMP
187 */
188 static __init void nmi_cpu_busy(void *data)
189 {
190 - volatile int *endflag = data;
191 local_irq_enable_in_hardirq();
192 /* Intentionally don't use cpu_relax here. This is
193 to make sure that the performance counter really ticks,
194 @@ -205,14 +206,13 @@ static __init void nmi_cpu_busy(void *da
195 pause instruction. On a real HT machine this is fine because
196 all other CPUs are busy with "useless" delay loops and don't
197 care if they get somewhat less cycles. */
198 - while (*endflag == 0)
199 - barrier();
200 + while (endflag == 0)
201 + mb();
202 }
203 #endif
204
205 int __init check_nmi_watchdog (void)
206 {
207 - volatile int endflag = 0;
208 int *counts;
209 int cpu;
210
211 @@ -253,6 +253,7 @@ #endif
212 if (!atomic_read(&nmi_active)) {
213 kfree(counts);
214 atomic_set(&nmi_active, -1);
215 + endflag = 1;
216 return -1;
217 }
218 endflag = 1;
219 diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig
220 index 17dc222..e00568e 100644
221 --- a/drivers/block/Kconfig
222 +++ b/drivers/block/Kconfig
223 @@ -305,6 +305,7 @@ config BLK_DEV_LOOP
224 config BLK_DEV_CRYPTOLOOP
225 tristate "Cryptoloop Support"
226 select CRYPTO
227 + select CRYPTO_CBC
228 depends on BLK_DEV_LOOP
229 ---help---
230 Say Y here if you want to be able to use the ciphers that are
231 diff --git a/drivers/char/drm/drm_sman.c b/drivers/char/drm/drm_sman.c
232 index 425c823..19c81d2 100644
233 --- a/drivers/char/drm/drm_sman.c
234 +++ b/drivers/char/drm/drm_sman.c
235 @@ -162,6 +162,7 @@ drm_sman_set_manager(drm_sman_t * sman,
236
237 return 0;
238 }
239 +EXPORT_SYMBOL(drm_sman_set_manager);
240
241 static drm_owner_item_t *drm_sman_get_owner_item(drm_sman_t * sman,
242 unsigned long owner)
243 diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c
244 index ad4f4d5..0128288 100644
245 --- a/drivers/infiniband/core/ucm.c
246 +++ b/drivers/infiniband/core/ucm.c
247 @@ -161,12 +161,14 @@ static void ib_ucm_cleanup_events(struct
248 struct ib_ucm_event, ctx_list);
249 list_del(&uevent->file_list);
250 list_del(&uevent->ctx_list);
251 + mutex_unlock(&ctx->file->file_mutex);
252
253 /* clear incoming connections. */
254 if (ib_ucm_new_cm_id(uevent->resp.event))
255 ib_destroy_cm_id(uevent->cm_id);
256
257 kfree(uevent);
258 + mutex_lock(&ctx->file->file_mutex);
259 }
260 mutex_unlock(&ctx->file->file_mutex);
261 }
262 diff --git a/drivers/net/forcedeth.c b/drivers/net/forcedeth.c
263 index c5ed635..72325fa 100644
264 --- a/drivers/net/forcedeth.c
265 +++ b/drivers/net/forcedeth.c
266 @@ -2815,11 +2815,13 @@ static int nv_request_irq(struct net_dev
267 }
268 if (ret != 0 && np->msi_flags & NV_MSI_CAPABLE) {
269 if ((ret = pci_enable_msi(np->pci_dev)) == 0) {
270 + pci_intx(np->pci_dev, 0);
271 np->msi_flags |= NV_MSI_ENABLED;
272 if ((!intr_test && request_irq(np->pci_dev->irq, &nv_nic_irq, IRQF_SHARED, dev->name, dev) != 0) ||
273 (intr_test && request_irq(np->pci_dev->irq, &nv_nic_irq_test, IRQF_SHARED, dev->name, dev) != 0)) {
274 printk(KERN_INFO "forcedeth: request_irq failed %d\n", ret);
275 pci_disable_msi(np->pci_dev);
276 + pci_intx(np->pci_dev, 1);
277 np->msi_flags &= ~NV_MSI_ENABLED;
278 goto out_err;
279 }
280 @@ -2862,6 +2864,7 @@ static void nv_free_irq(struct net_devic
281 free_irq(np->pci_dev->irq, dev);
282 if (np->msi_flags & NV_MSI_ENABLED) {
283 pci_disable_msi(np->pci_dev);
284 + pci_intx(np->pci_dev, 1);
285 np->msi_flags &= ~NV_MSI_ENABLED;
286 }
287 }
288 diff --git a/drivers/net/sunhme.c b/drivers/net/sunhme.c
289 index 9d7cd13..9f1c9bc 100644
290 --- a/drivers/net/sunhme.c
291 +++ b/drivers/net/sunhme.c
292 @@ -3012,6 +3012,11 @@ #else
293 #endif
294
295 err = -ENODEV;
296 +
297 + if (pci_enable_device(pdev))
298 + goto err_out;
299 + pci_set_master(pdev);
300 +
301 if (!strcmp(prom_name, "SUNW,qfe") || !strcmp(prom_name, "qfe")) {
302 qp = quattro_pci_find(pdev);
303 if (qp == NULL)
304 diff --git a/drivers/net/tokenring/ibmtr.c b/drivers/net/tokenring/ibmtr.c
305 index bfe5986..0d97e10 100644
306 --- a/drivers/net/tokenring/ibmtr.c
307 +++ b/drivers/net/tokenring/ibmtr.c
308 @@ -1826,7 +1826,7 @@ #define BUFFER_LENGTH_OFST 6
309 skb->protocol = tr_type_trans(skb, dev);
310 if (IPv4_p) {
311 skb->csum = chksum;
312 - skb->ip_summed = 1;
313 + skb->ip_summed = CHECKSUM_COMPLETE;
314 }
315 netif_rx(skb);
316 dev->last_rx = jiffies;
317 diff --git a/drivers/usb/misc/phidgetservo.c b/drivers/usb/misc/phidgetservo.c
318 index 7163f05..0d9de2f 100644
319 --- a/drivers/usb/misc/phidgetservo.c
320 +++ b/drivers/usb/misc/phidgetservo.c
321 @@ -282,6 +282,7 @@ servo_probe(struct usb_interface *interf
322 dev->dev = NULL;
323 goto out;
324 }
325 + dev_set_drvdata(dev->dev, dev);
326
327 servo_count = dev->type & SERVO_COUNT_QUAD ? 4 : 1;
328
329 diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
330 index 38ede5c..f968d13 100644
331 --- a/fs/autofs/inode.c
332 +++ b/fs/autofs/inode.c
333 @@ -28,10 +28,11 @@ void autofs_kill_sb(struct super_block *
334 /*
335 * In the event of a failure in get_sb_nodev the superblock
336 * info is not present so nothing else has been setup, so
337 - * just exit when we are called from deactivate_super.
338 + * just call kill_anon_super when we are called from
339 + * deactivate_super.
340 */
341 if (!sbi)
342 - return;
343 + goto out_kill_sb;
344
345 if ( !sbi->catatonic )
346 autofs_catatonic_mode(sbi); /* Free wait queues, close pipe */
347 @@ -44,6 +45,7 @@ void autofs_kill_sb(struct super_block *
348
349 kfree(sb->s_fs_info);
350
351 +out_kill_sb:
352 DPRINTK(("autofs: shutting down\n"));
353 kill_anon_super(sb);
354 }
355 @@ -209,7 +211,6 @@ fail_iput:
356 fail_free:
357 kfree(sbi);
358 s->s_fs_info = NULL;
359 - kill_anon_super(s);
360 fail_unlock:
361 return -EINVAL;
362 }
363 diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
364 index ce7c0f1..9c48250 100644
365 --- a/fs/autofs4/inode.c
366 +++ b/fs/autofs4/inode.c
367 @@ -152,10 +152,11 @@ void autofs4_kill_sb(struct super_block
368 /*
369 * In the event of a failure in get_sb_nodev the superblock
370 * info is not present so nothing else has been setup, so
371 - * just exit when we are called from deactivate_super.
372 + * just call kill_anon_super when we are called from
373 + * deactivate_super.
374 */
375 if (!sbi)
376 - return;
377 + goto out_kill_sb;
378
379 sb->s_fs_info = NULL;
380
381 @@ -167,6 +168,7 @@ void autofs4_kill_sb(struct super_block
382
383 kfree(sbi);
384
385 +out_kill_sb:
386 DPRINTK("shutting down");
387 kill_anon_super(sb);
388 }
389 @@ -426,7 +428,6 @@ fail_ino:
390 fail_free:
391 kfree(sbi);
392 s->s_fs_info = NULL;
393 - kill_anon_super(s);
394 fail_unlock:
395 return -EINVAL;
396 }
397 diff --git a/fs/compat.c b/fs/compat.c
398 index 8d0a001..7c8dd28 100644
399 --- a/fs/compat.c
400 +++ b/fs/compat.c
401 @@ -869,7 +869,7 @@ asmlinkage long compat_sys_mount(char __
402
403 retval = -EINVAL;
404
405 - if (type_page) {
406 + if (type_page && data_page) {
407 if (!strcmp((char *)type_page, SMBFS_NAME)) {
408 do_smb_super_data_conv((void *)data_page);
409 } else if (!strcmp((char *)type_page, NCPFS_NAME)) {
410 diff --git a/fs/exec.c b/fs/exec.c
411 index d993ea1..8c01dcb 100644
412 --- a/fs/exec.c
413 +++ b/fs/exec.c
414 @@ -1515,7 +1515,8 @@ int do_coredump(long signr, int exit_cod
415 ispipe = 1;
416 } else
417 file = filp_open(corename,
418 - O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE, 0600);
419 + O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
420 + 0600);
421 if (IS_ERR(file))
422 goto fail_unlock;
423 inode = file->f_dentry->d_inode;
424 diff --git a/include/asm-m32r/ptrace.h b/include/asm-m32r/ptrace.h
425 index 2d2a6c9..632b4ce 100644
426 --- a/include/asm-m32r/ptrace.h
427 +++ b/include/asm-m32r/ptrace.h
428 @@ -33,21 +33,10 @@ #define PT_R14 PT_LR
429 #define PT_R15 PT_SP
430
431 /* processor status and miscellaneous context registers. */
432 -#if defined(CONFIG_ISA_M32R2) && defined(CONFIG_ISA_DSP_LEVEL2)
433 #define PT_ACC0H 15
434 #define PT_ACC0L 16
435 -#define PT_ACC1H 17
436 -#define PT_ACC1L 18
437 -#define PT_ACCH PT_ACC0H
438 -#define PT_ACCL PT_ACC0L
439 -#elif defined(CONFIG_ISA_M32R2) || defined(CONFIG_ISA_M32R)
440 -#define PT_ACCH 15
441 -#define PT_ACCL 16
442 -#define PT_DUMMY_ACC1H 17
443 -#define PT_DUMMY_ACC1L 18
444 -#else
445 -#error unknown isa conifiguration
446 -#endif
447 +#define PT_ACC1H 17 /* ISA_DSP_LEVEL2 only */
448 +#define PT_ACC1L 18 /* ISA_DSP_LEVEL2 only */
449 #define PT_PSW 19
450 #define PT_BPC 20
451 #define PT_BBPSW 21
452 @@ -103,19 +92,10 @@ struct pt_regs {
453 long syscall_nr;
454
455 /* Saved main processor status and miscellaneous context registers. */
456 -#if defined(CONFIG_ISA_M32R2) && defined(CONFIG_ISA_DSP_LEVEL2)
457 unsigned long acc0h;
458 unsigned long acc0l;
459 - unsigned long acc1h;
460 - unsigned long acc1l;
461 -#elif defined(CONFIG_ISA_M32R2) || defined(CONFIG_ISA_M32R)
462 - unsigned long acch;
463 - unsigned long accl;
464 - unsigned long dummy_acc1h;
465 - unsigned long dummy_acc1l;
466 -#else
467 -#error unknown isa configuration
468 -#endif
469 + unsigned long acc1h; /* ISA_DSP_LEVEL2 only */
470 + unsigned long acc1l; /* ISA_DSP_LEVEL2 only */
471 unsigned long psw;
472 unsigned long bpc; /* saved PC for TRAP syscalls */
473 unsigned long bbpsw;
474 diff --git a/include/asm-m32r/sigcontext.h b/include/asm-m32r/sigcontext.h
475 index 73025c0..62537dc 100644
476 --- a/include/asm-m32r/sigcontext.h
477 +++ b/include/asm-m32r/sigcontext.h
478 @@ -23,19 +23,10 @@ struct sigcontext {
479 unsigned long sc_r12;
480
481 /* Saved main processor status and miscellaneous context registers. */
482 -#if defined(CONFIG_ISA_M32R2) && defined(CONFIG_ISA_DSP_LEVEL2)
483 unsigned long sc_acc0h;
484 unsigned long sc_acc0l;
485 - unsigned long sc_acc1h;
486 - unsigned long sc_acc1l;
487 -#elif defined(CONFIG_ISA_M32R2) || defined(CONFIG_ISA_M32R)
488 - unsigned long sc_acch;
489 - unsigned long sc_accl;
490 - unsigned long sc_dummy_acc1h;
491 - unsigned long sc_dummy_acc1l;
492 -#else
493 -#error unknown isa configuration
494 -#endif
495 + unsigned long sc_acc1h; /* ISA_DSP_LEVEL2 only */
496 + unsigned long sc_acc1l; /* ISA_DSP_LEVEL2 only */
497 unsigned long sc_psw;
498 unsigned long sc_bpc; /* saved PC for TRAP syscalls */
499 unsigned long sc_bbpsw;
500 diff --git a/include/linux/bottom_half.h b/include/linux/bottom_half.h
501 new file mode 100644
502 index 0000000..c26a721
503 --- /dev/null
504 +++ b/include/linux/bottom_half.h
505 @@ -0,0 +1,5 @@
506 +extern void local_bh_disable(void);
507 +extern void __local_bh_enable(void);
508 +extern void _local_bh_enable(void);
509 +extern void local_bh_enable(void);
510 +extern void local_bh_enable_ip(unsigned long ip);
511 diff --git a/include/linux/if_addr.h b/include/linux/if_addr.h
512 index dbe8f61..d557e4c 100644
513 --- a/include/linux/if_addr.h
514 +++ b/include/linux/if_addr.h
515 @@ -52,4 +52,10 @@ struct ifa_cacheinfo
516 __u32 tstamp; /* updated timestamp, hundredths of seconds */
517 };
518
519 +/* backwards compatibility for userspace */
520 +#ifndef __KERNEL__
521 +#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
522 +#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
523 +#endif
524 +
525 #endif
526 diff --git a/include/linux/if_link.h b/include/linux/if_link.h
527 index e963a07..35ed3b5 100644
528 --- a/include/linux/if_link.h
529 +++ b/include/linux/if_link.h
530 @@ -82,6 +82,12 @@ #define IFLA_WEIGHT IFLA_WEIGHT
531
532 #define IFLA_MAX (__IFLA_MAX - 1)
533
534 +/* backwards compatibility for userspace */
535 +#ifndef __KERNEL__
536 +#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
537 +#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
538 +#endif
539 +
540 /* ifi_flags.
541
542 IFF_* flags.
543 diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
544 index 5b83e7b..de7593f 100644
545 --- a/include/linux/interrupt.h
546 +++ b/include/linux/interrupt.h
547 @@ -11,6 +11,7 @@ #include <linux/irqreturn.h>
548 #include <linux/hardirq.h>
549 #include <linux/sched.h>
550 #include <linux/irqflags.h>
551 +#include <linux/bottom_half.h>
552 #include <asm/atomic.h>
553 #include <asm/ptrace.h>
554 #include <asm/system.h>
555 @@ -217,12 +218,6 @@ static inline void __deprecated save_and
556 #define save_and_cli(x) save_and_cli(&x)
557 #endif /* CONFIG_SMP */
558
559 -extern void local_bh_disable(void);
560 -extern void __local_bh_enable(void);
561 -extern void _local_bh_enable(void);
562 -extern void local_bh_enable(void);
563 -extern void local_bh_enable_ip(unsigned long ip);
564 -
565 /* PLEASE, avoid to allocate new softirqs, if you need not _really_ high
566 frequency threaded job scheduling. For almost all the purposes
567 tasklets are more than enough. F.e. all serial device BHs et
568 diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
569 index 3a18add..29042d0 100644
570 --- a/include/linux/rtnetlink.h
571 +++ b/include/linux/rtnetlink.h
572 @@ -3,6 +3,8 @@ #define __LINUX_RTNETLINK_H
573
574 #include <linux/netlink.h>
575 #include <linux/if_link.h>
576 +#include <linux/if_addr.h>
577 +#include <linux/neighbour.h>
578
579 /****
580 * Routing/neighbour discovery messages.
581 diff --git a/include/linux/spinlock.h b/include/linux/spinlock.h
582 index 8451052..94b767d 100644
583 --- a/include/linux/spinlock.h
584 +++ b/include/linux/spinlock.h
585 @@ -52,6 +52,7 @@ #include <linux/compiler.h>
586 #include <linux/thread_info.h>
587 #include <linux/kernel.h>
588 #include <linux/stringify.h>
589 +#include <linux/bottom_half.h>
590
591 #include <asm/system.h>
592
593 diff --git a/kernel/power/disk.c b/kernel/power/disk.c
594 index b1fb786..f8f04ed 100644
595 --- a/kernel/power/disk.c
596 +++ b/kernel/power/disk.c
597 @@ -127,7 +127,7 @@ int pm_suspend_disk(void)
598 return error;
599
600 if (pm_disk_mode == PM_DISK_TESTPROC)
601 - goto Thaw;
602 + return 0;
603
604 suspend_console();
605 error = device_suspend(PMSG_FREEZE);
606 diff --git a/kernel/softirq.c b/kernel/softirq.c
607 index bf25015..918e52d 100644
608 --- a/kernel/softirq.c
609 +++ b/kernel/softirq.c
610 @@ -574,8 +574,6 @@ static int __cpuinit cpu_callback(struct
611
612 switch (action) {
613 case CPU_UP_PREPARE:
614 - BUG_ON(per_cpu(tasklet_vec, hotcpu).list);
615 - BUG_ON(per_cpu(tasklet_hi_vec, hotcpu).list);
616 p = kthread_create(ksoftirqd, hcpu, "ksoftirqd/%d", hotcpu);
617 if (IS_ERR(p)) {
618 printk("ksoftirqd for %i failed\n", hotcpu);
619 diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
620 index ac181be..65dff06 100644
621 --- a/net/bridge/br_netfilter.c
622 +++ b/net/bridge/br_netfilter.c
623 @@ -34,6 +34,7 @@ #include <linux/netfilter_ipv4.h>
624 #include <linux/netfilter_ipv6.h>
625 #include <linux/netfilter_arp.h>
626 #include <linux/in_route.h>
627 +#include <linux/inetdevice.h>
628
629 #include <net/ip.h>
630 #include <net/ipv6.h>
631 @@ -222,10 +223,14 @@ static void __br_dnat_complain(void)
632 *
633 * Otherwise, the packet is considered to be routed and we just
634 * change the destination MAC address so that the packet will
635 - * later be passed up to the IP stack to be routed.
636 + * later be passed up to the IP stack to be routed. For a redirected
637 + * packet, ip_route_input() will give back the localhost as output device,
638 + * which differs from the bridge device.
639 *
640 * Let us now consider the case that ip_route_input() fails:
641 *
642 + * This can be because the destination address is martian, in which case
643 + * the packet will be dropped.
644 * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input()
645 * will fail, while __ip_route_output_key() will return success. The source
646 * address for __ip_route_output_key() is set to zero, so __ip_route_output_key
647 @@ -238,7 +243,8 @@ static void __br_dnat_complain(void)
648 *
649 * --Lennert, 20020411
650 * --Bart, 20020416 (updated)
651 - * --Bart, 20021007 (updated) */
652 + * --Bart, 20021007 (updated)
653 + * --Bart, 20062711 (updated) */
654 static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
655 {
656 if (skb->pkt_type == PACKET_OTHERHOST) {
657 @@ -265,15 +271,15 @@ static int br_nf_pre_routing_finish(stru
658 struct net_device *dev = skb->dev;
659 struct iphdr *iph = skb->nh.iph;
660 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
661 + int err;
662
663 if (nf_bridge->mask & BRNF_PKT_TYPE) {
664 skb->pkt_type = PACKET_OTHERHOST;
665 nf_bridge->mask ^= BRNF_PKT_TYPE;
666 }
667 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
668 -
669 if (dnat_took_place(skb)) {
670 - if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev)) {
671 + if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) {
672 struct rtable *rt;
673 struct flowi fl = {
674 .nl_u = {
675 @@ -284,19 +290,33 @@ static int br_nf_pre_routing_finish(stru
676 },
677 .proto = 0,
678 };
679 + struct in_device *in_dev = in_dev_get(dev);
680 +
681 + /* If err equals -EHOSTUNREACH the error is due to a
682 + * martian destination or due to the fact that
683 + * forwarding is disabled. For most martian packets,
684 + * ip_route_output_key() will fail. It won't fail for 2 types of
685 + * martian destinations: loopback destinations and destination
686 + * 0.0.0.0. In both cases the packet will be dropped because the
687 + * destination is the loopback device and not the bridge. */
688 + if (err != -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev))
689 + goto free_skb;
690
691 if (!ip_route_output_key(&rt, &fl)) {
692 /* - Bridged-and-DNAT'ed traffic doesn't
693 - * require ip_forwarding.
694 - * - Deal with redirected traffic. */
695 - if (((struct dst_entry *)rt)->dev == dev ||
696 - rt->rt_type == RTN_LOCAL) {
697 + * require ip_forwarding. */
698 + if (((struct dst_entry *)rt)->dev == dev) {
699 skb->dst = (struct dst_entry *)rt;
700 goto bridged_dnat;
701 }
702 + /* we are sure that forwarding is disabled, so printing
703 + * this message is no problem. Note that the packet could
704 + * still have a martian destination address, in which case
705 + * the packet could be dropped even if forwarding were enabled */
706 __br_dnat_complain();
707 dst_release((struct dst_entry *)rt);
708 }
709 +free_skb:
710 kfree_skb(skb);
711 return 0;
712 } else {
713 diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
714 index 9f85666..136ed7d 100644
715 --- a/net/bridge/netfilter/ebtables.c
716 +++ b/net/bridge/netfilter/ebtables.c
717 @@ -338,10 +338,11 @@ ebt_check_match(struct ebt_entry_match *
718 const char *name, unsigned int hookmask, unsigned int *cnt)
719 {
720 struct ebt_match *match;
721 + size_t left = ((char *)e + e->watchers_offset) - (char *)m;
722 int ret;
723
724 - if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) >
725 - ((char *)e) + e->watchers_offset)
726 + if (left < sizeof(struct ebt_entry_match) ||
727 + left - sizeof(struct ebt_entry_match) < m->match_size)
728 return -EINVAL;
729 match = find_match_lock(m->u.name, &ret, &ebt_mutex);
730 if (!match)
731 @@ -367,10 +368,11 @@ ebt_check_watcher(struct ebt_entry_watch
732 const char *name, unsigned int hookmask, unsigned int *cnt)
733 {
734 struct ebt_watcher *watcher;
735 + size_t left = ((char *)e + e->target_offset) - (char *)w;
736 int ret;
737
738 - if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) >
739 - ((char *)e) + e->target_offset)
740 + if (left < sizeof(struct ebt_entry_watcher) ||
741 + left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
742 return -EINVAL;
743 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
744 if (!watcher)
745 @@ -401,19 +403,23 @@ ebt_check_entry_size_and_hooks(struct eb
746 struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt,
747 unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks)
748 {
749 + unsigned int offset = (char *)e - newinfo->entries;
750 + size_t left = (limit - base) - offset;
751 int i;
752
753 + if (left < sizeof(unsigned int))
754 + goto Esmall;
755 +
756 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
757 if ((valid_hooks & (1 << i)) == 0)
758 continue;
759 - if ( (char *)hook_entries[i] - base ==
760 - (char *)e - newinfo->entries)
761 + if ((char *)hook_entries[i] == base + offset)
762 break;
763 }
764 /* beginning of a new chain
765 if i == NF_BR_NUMHOOKS it must be a user defined chain */
766 if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
767 - if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
768 + if (e->bitmask != 0) {
769 /* we make userspace set this right,
770 so there is no misunderstanding */
771 BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
772 @@ -428,11 +434,8 @@ ebt_check_entry_size_and_hooks(struct eb
773 return -EINVAL;
774 }
775 /* before we look at the struct, be sure it is not too big */
776 - if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
777 - > limit) {
778 - BUGPRINT("entries_size too small\n");
779 - return -EINVAL;
780 - }
781 + if (left < sizeof(struct ebt_entries))
782 + goto Esmall;
783 if (((struct ebt_entries *)e)->policy != EBT_DROP &&
784 ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
785 /* only RETURN from udc */
786 @@ -455,6 +458,8 @@ ebt_check_entry_size_and_hooks(struct eb
787 return 0;
788 }
789 /* a plain old entry, heh */
790 + if (left < sizeof(struct ebt_entry))
791 + goto Esmall;
792 if (sizeof(struct ebt_entry) > e->watchers_offset ||
793 e->watchers_offset > e->target_offset ||
794 e->target_offset >= e->next_offset) {
795 @@ -466,10 +471,16 @@ ebt_check_entry_size_and_hooks(struct eb
796 BUGPRINT("target size too small\n");
797 return -EINVAL;
798 }
799 + if (left < e->next_offset)
800 + goto Esmall;
801
802 (*cnt)++;
803 (*totalcnt)++;
804 return 0;
805 +
806 +Esmall:
807 + BUGPRINT("entries_size too small\n");
808 + return -EINVAL;
809 }
810
811 struct ebt_cl_stack
812 @@ -491,7 +502,7 @@ ebt_get_udc_positions(struct ebt_entry *
813 int i;
814
815 /* we're only interested in chain starts */
816 - if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
817 + if (e->bitmask)
818 return 0;
819 for (i = 0; i < NF_BR_NUMHOOKS; i++) {
820 if ((valid_hooks & (1 << i)) == 0)
821 @@ -541,7 +552,7 @@ ebt_cleanup_entry(struct ebt_entry *e, u
822 {
823 struct ebt_entry_target *t;
824
825 - if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
826 + if (e->bitmask == 0)
827 return 0;
828 /* we're done */
829 if (cnt && (*cnt)-- == 0)
830 @@ -564,10 +575,11 @@ ebt_check_entry(struct ebt_entry *e, str
831 struct ebt_entry_target *t;
832 struct ebt_target *target;
833 unsigned int i, j, hook = 0, hookmask = 0;
834 + size_t gap = e->next_offset - e->target_offset;
835 int ret;
836
837 /* don't mess with the struct ebt_entries */
838 - if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
839 + if (e->bitmask == 0)
840 return 0;
841
842 if (e->bitmask & ~EBT_F_MASK) {
843 @@ -625,8 +637,7 @@ ebt_check_entry(struct ebt_entry *e, str
844
845 t->u.target = target;
846 if (t->u.target == &ebt_standard_target) {
847 - if (e->target_offset + sizeof(struct ebt_standard_target) >
848 - e->next_offset) {
849 + if (gap < sizeof(struct ebt_standard_target)) {
850 BUGPRINT("Standard target size too big\n");
851 ret = -EFAULT;
852 goto cleanup_watchers;
853 @@ -637,8 +648,7 @@ ebt_check_entry(struct ebt_entry *e, str
854 ret = -EFAULT;
855 goto cleanup_watchers;
856 }
857 - } else if ((e->target_offset + t->target_size +
858 - sizeof(struct ebt_entry_target) > e->next_offset) ||
859 + } else if (t->target_size > gap - sizeof(struct ebt_entry_target) ||
860 (t->u.target->check &&
861 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
862 module_put(t->u.target->me);
863 @@ -708,7 +718,9 @@ static int check_chainloops(struct ebt_e
864 BUGPRINT("loop\n");
865 return -1;
866 }
867 - /* this can't be 0, so the above test is correct */
868 + if (cl_s[i].hookmask & (1 << hooknr))
869 + goto letscontinue;
870 + /* this can't be 0, so the loop test is correct */
871 cl_s[i].cs.n = pos + 1;
872 pos = 0;
873 cl_s[i].cs.e = ((void *)e + e->next_offset);
874 @@ -1300,7 +1312,7 @@ static inline int ebt_make_names(struct
875 char *hlp;
876 struct ebt_entry_target *t;
877
878 - if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
879 + if (e->bitmask == 0)
880 return 0;
881
882 hlp = ubase - base + (char *)e + e->target_offset;
883 diff --git a/net/ieee80211/softmac/ieee80211softmac_scan.c b/net/ieee80211/softmac/ieee80211softmac_scan.c
884 index d31cf77..ad67368 100644
885 --- a/net/ieee80211/softmac/ieee80211softmac_scan.c
886 +++ b/net/ieee80211/softmac/ieee80211softmac_scan.c
887 @@ -47,7 +47,6 @@ ieee80211softmac_start_scan(struct ieee8
888 sm->scanning = 1;
889 spin_unlock_irqrestore(&sm->lock, flags);
890
891 - netif_tx_disable(sm->ieee->dev);
892 ret = sm->start_scan(sm->dev);
893 if (ret) {
894 spin_lock_irqsave(&sm->lock, flags);
895 @@ -248,7 +247,6 @@ void ieee80211softmac_scan_finished(stru
896 if (net)
897 sm->set_channel(sm->dev, net->channel);
898 }
899 - netif_wake_queue(sm->ieee->dev);
900 ieee80211softmac_call_events(sm, IEEE80211SOFTMAC_EVENT_SCAN_FINISHED, NULL);
901 }
902 EXPORT_SYMBOL_GPL(ieee80211softmac_scan_finished);
903 diff --git a/net/ieee80211/softmac/ieee80211softmac_wx.c b/net/ieee80211/softmac/ieee80211softmac_wx.c
904 index 23068a8..5b7b5b4 100644
905 --- a/net/ieee80211/softmac/ieee80211softmac_wx.c
906 +++ b/net/ieee80211/softmac/ieee80211softmac_wx.c
907 @@ -495,7 +495,8 @@ ieee80211softmac_wx_set_mlme(struct net_
908 printk(KERN_DEBUG PFX "wx_set_mlme: we should know the net here...\n");
909 goto out;
910 }
911 - return ieee80211softmac_deauth_req(mac, net, reason);
912 + err = ieee80211softmac_deauth_req(mac, net, reason);
913 + goto out;
914 case IW_MLME_DISASSOC:
915 ieee80211softmac_send_disassoc_req(mac, reason);
916 mac->associnfo.associated = 0;
917 diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
918 index 413c2d0..71b76ad 100644
919 --- a/net/ipv4/netfilter/arp_tables.c
920 +++ b/net/ipv4/netfilter/arp_tables.c
921 @@ -375,6 +375,13 @@ static int mark_source_chains(struct xt_
922 && unconditional(&e->arp)) {
923 unsigned int oldpos, size;
924
925 + if (t->verdict < -NF_MAX_VERDICT - 1) {
926 + duprintf("mark_source_chains: bad "
927 + "negative verdict (%i)\n",
928 + t->verdict);
929 + return 0;
930 + }
931 +
932 /* Return: backtrack through the last
933 * big jump.
934 */
935 @@ -404,6 +411,14 @@ static int mark_source_chains(struct xt_
936 if (strcmp(t->target.u.user.name,
937 ARPT_STANDARD_TARGET) == 0
938 && newpos >= 0) {
939 + if (newpos > newinfo->size -
940 + sizeof(struct arpt_entry)) {
941 + duprintf("mark_source_chains: "
942 + "bad verdict (%i)\n",
943 + newpos);
944 + return 0;
945 + }
946 +
947 /* This a jump; chase it. */
948 duprintf("Jump rule %u -> %u\n",
949 pos, newpos);
950 @@ -426,8 +441,6 @@ static int mark_source_chains(struct xt_
951 static inline int standard_check(const struct arpt_entry_target *t,
952 unsigned int max_offset)
953 {
954 - struct arpt_standard_target *targ = (void *)t;
955 -
956 /* Check standard info. */
957 if (t->u.target_size
958 != ARPT_ALIGN(sizeof(struct arpt_standard_target))) {
959 @@ -437,18 +450,6 @@ static inline int standard_check(const s
960 return 0;
961 }
962
963 - if (targ->verdict >= 0
964 - && targ->verdict > max_offset - sizeof(struct arpt_entry)) {
965 - duprintf("arpt_standard_check: bad verdict (%i)\n",
966 - targ->verdict);
967 - return 0;
968 - }
969 -
970 - if (targ->verdict < -NF_MAX_VERDICT - 1) {
971 - duprintf("arpt_standard_check: bad negative verdict (%i)\n",
972 - targ->verdict);
973 - return 0;
974 - }
975 return 1;
976 }
977
978 @@ -627,18 +628,20 @@ static int translate_table(const char *n
979 }
980 }
981
982 + if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
983 + duprintf("Looping hook\n");
984 + return -ELOOP;
985 + }
986 +
987 /* Finally, each sanity check must pass */
988 i = 0;
989 ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
990 check_entry, name, size, &i);
991
992 - if (ret != 0)
993 - goto cleanup;
994 -
995 - ret = -ELOOP;
996 - if (!mark_source_chains(newinfo, valid_hooks, entry0)) {
997 - duprintf("Looping hook\n");
998 - goto cleanup;
999 + if (ret != 0) {
1000 + ARPT_ENTRY_ITERATE(entry0, newinfo->size,
1001 + cleanup_entry, &i);
1002 + return ret;
1003 }
1004
1005 /* And one copy for every other CPU */
1006 @@ -647,9 +650,6 @@ static int translate_table(const char *n
1007 memcpy(newinfo->entries[i], entry0, newinfo->size);
1008 }
1009
1010 - return 0;
1011 -cleanup:
1012 - ARPT_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
1013 return ret;
1014 }
1015
1016 diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
1017 index 8a45543..0ff2956 100644
1018 --- a/net/ipv4/netfilter/ip_tables.c
1019 +++ b/net/ipv4/netfilter/ip_tables.c
1020 @@ -401,6 +401,13 @@ mark_source_chains(struct xt_table_info
1021 && unconditional(&e->ip)) {
1022 unsigned int oldpos, size;
1023
1024 + if (t->verdict < -NF_MAX_VERDICT - 1) {
1025 + duprintf("mark_source_chains: bad "
1026 + "negative verdict (%i)\n",
1027 + t->verdict);
1028 + return 0;
1029 + }
1030 +
1031 /* Return: backtrack through the last
1032 big jump. */
1033 do {
1034 @@ -438,6 +445,13 @@ #endif
1035 if (strcmp(t->target.u.user.name,
1036 IPT_STANDARD_TARGET) == 0
1037 && newpos >= 0) {
1038 + if (newpos > newinfo->size -
1039 + sizeof(struct ipt_entry)) {
1040 + duprintf("mark_source_chains: "
1041 + "bad verdict (%i)\n",
1042 + newpos);
1043 + return 0;
1044 + }
1045 /* This a jump; chase it. */
1046 duprintf("Jump rule %u -> %u\n",
1047 pos, newpos);
1048 @@ -470,27 +484,6 @@ cleanup_match(struct ipt_entry_match *m,
1049 }
1050
1051 static inline int
1052 -standard_check(const struct ipt_entry_target *t,
1053 - unsigned int max_offset)
1054 -{
1055 - struct ipt_standard_target *targ = (void *)t;
1056 -
1057 - /* Check standard info. */
1058 - if (targ->verdict >= 0
1059 - && targ->verdict > max_offset - sizeof(struct ipt_entry)) {
1060 - duprintf("ipt_standard_check: bad verdict (%i)\n",
1061 - targ->verdict);
1062 - return 0;
1063 - }
1064 - if (targ->verdict < -NF_MAX_VERDICT - 1) {
1065 - duprintf("ipt_standard_check: bad negative verdict (%i)\n",
1066 - targ->verdict);
1067 - return 0;
1068 - }
1069 - return 1;
1070 -}
1071 -
1072 -static inline int
1073 check_match(struct ipt_entry_match *m,
1074 const char *name,
1075 const struct ipt_ip *ip,
1076 @@ -576,12 +569,7 @@ check_entry(struct ipt_entry *e, const c
1077 if (ret)
1078 goto err;
1079
1080 - if (t->u.kernel.target == &ipt_standard_target) {
1081 - if (!standard_check(t, size)) {
1082 - ret = -EINVAL;
1083 - goto err;
1084 - }
1085 - } else if (t->u.kernel.target->checkentry
1086 + if (t->u.kernel.target->checkentry
1087 && !t->u.kernel.target->checkentry(name, e, target, t->data,
1088 e->comefrom)) {
1089 duprintf("ip_tables: check failed for `%s'.\n",
1090 @@ -718,17 +706,19 @@ translate_table(const char *name,
1091 }
1092 }
1093
1094 + if (!mark_source_chains(newinfo, valid_hooks, entry0))
1095 + return -ELOOP;
1096 +
1097 /* Finally, each sanity check must pass */
1098 i = 0;
1099 ret = IPT_ENTRY_ITERATE(entry0, newinfo->size,
1100 check_entry, name, size, &i);
1101
1102 - if (ret != 0)
1103 - goto cleanup;
1104 -
1105 - ret = -ELOOP;
1106 - if (!mark_source_chains(newinfo, valid_hooks, entry0))
1107 - goto cleanup;
1108 + if (ret != 0) {
1109 + IPT_ENTRY_ITERATE(entry0, newinfo->size,
1110 + cleanup_entry, &i);
1111 + return ret;
1112 + }
1113
1114 /* And one copy for every other CPU */
1115 for_each_possible_cpu(i) {
1116 @@ -736,9 +726,6 @@ translate_table(const char *name,
1117 memcpy(newinfo->entries[i], entry0, newinfo->size);
1118 }
1119
1120 - return 0;
1121 -cleanup:
1122 - IPT_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
1123 return ret;
1124 }
1125
1126 @@ -1529,25 +1516,8 @@ static inline int compat_copy_match_from
1127 void **dstptr, compat_uint_t *size, const char *name,
1128 const struct ipt_ip *ip, unsigned int hookmask)
1129 {
1130 - struct ipt_entry_match *dm;
1131 - struct ipt_match *match;
1132 - int ret;
1133 -
1134 - dm = (struct ipt_entry_match *)*dstptr;
1135 - match = m->u.kernel.match;
1136 xt_compat_match_from_user(m, dstptr, size);
1137 -
1138 - ret = xt_check_match(match, AF_INET, dm->u.match_size - sizeof(*dm),
1139 - name, hookmask, ip->proto,
1140 - ip->invflags & IPT_INV_PROTO);
1141 - if (!ret && m->u.kernel.match->checkentry
1142 - && !m->u.kernel.match->checkentry(name, ip, match, dm->data,
1143 - hookmask)) {
1144 - duprintf("ip_tables: check failed for `%s'.\n",
1145 - m->u.kernel.match->name);
1146 - ret = -EINVAL;
1147 - }
1148 - return ret;
1149 + return 0;
1150 }
1151
1152 static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1153 @@ -1569,7 +1539,7 @@ static int compat_copy_entry_from_user(s
1154 ret = IPT_MATCH_ITERATE(e, compat_copy_match_from_user, dstptr, size,
1155 name, &de->ip, de->comefrom);
1156 if (ret)
1157 - goto err;
1158 + return ret;
1159 de->target_offset = e->target_offset - (origsize - *size);
1160 t = ipt_get_target(e);
1161 target = t->u.kernel.target;
1162 @@ -1582,31 +1552,62 @@ static int compat_copy_entry_from_user(s
1163 if ((unsigned char *)de - base < newinfo->underflow[h])
1164 newinfo->underflow[h] -= origsize - *size;
1165 }
1166 + return ret;
1167 +}
1168 +
1169 +static inline int compat_check_match(struct ipt_entry_match *m, const char *name,
1170 + const struct ipt_ip *ip, unsigned int hookmask)
1171 +{
1172 + struct ipt_match *match;
1173 + int ret;
1174 +
1175 + match = m->u.kernel.match;
1176 + ret = xt_check_match(match, AF_INET, m->u.match_size - sizeof(*m),
1177 + name, hookmask, ip->proto,
1178 + ip->invflags & IPT_INV_PROTO);
1179 + if (!ret && m->u.kernel.match->checkentry
1180 + && !m->u.kernel.match->checkentry(name, ip, match, m->data,
1181 + hookmask)) {
1182 + duprintf("ip_tables: compat: check failed for `%s'.\n",
1183 + m->u.kernel.match->name);
1184 + ret = -EINVAL;
1185 + }
1186 + return ret;
1187 +}
1188 +
1189 +static inline int compat_check_target(struct ipt_entry *e, const char *name)
1190 +{
1191 + struct ipt_entry_target *t;
1192 + struct ipt_target *target;
1193 + int ret;
1194
1195 - t = ipt_get_target(de);
1196 + t = ipt_get_target(e);
1197 target = t->u.kernel.target;
1198 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
1199 name, e->comefrom, e->ip.proto,
1200 e->ip.invflags & IPT_INV_PROTO);
1201 - if (ret)
1202 - goto err;
1203 -
1204 - ret = -EINVAL;
1205 - if (t->u.kernel.target == &ipt_standard_target) {
1206 - if (!standard_check(t, *size))
1207 - goto err;
1208 - } else if (t->u.kernel.target->checkentry
1209 - && !t->u.kernel.target->checkentry(name, de, target,
1210 - t->data, de->comefrom)) {
1211 + if (!ret && t->u.kernel.target->checkentry
1212 + && !t->u.kernel.target->checkentry(name, e, target,
1213 + t->data, e->comefrom)) {
1214 duprintf("ip_tables: compat: check failed for `%s'.\n",
1215 t->u.kernel.target->name);
1216 - goto err;
1217 + ret = -EINVAL;
1218 }
1219 - ret = 0;
1220 -err:
1221 return ret;
1222 }
1223
1224 +static inline int compat_check_entry(struct ipt_entry *e, const char *name)
1225 +{
1226 + int ret;
1227 +
1228 + ret = IPT_MATCH_ITERATE(e, compat_check_match, name, &e->ip,
1229 + e->comefrom);
1230 + if (ret)
1231 + return ret;
1232 +
1233 + return compat_check_target(e, name);
1234 +}
1235 +
1236 static int
1237 translate_compat_table(const char *name,
1238 unsigned int valid_hooks,
1239 @@ -1695,6 +1696,11 @@ translate_compat_table(const char *name,
1240 if (!mark_source_chains(newinfo, valid_hooks, entry1))
1241 goto free_newinfo;
1242
1243 + ret = IPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,
1244 + name);
1245 + if (ret)
1246 + goto free_newinfo;
1247 +
1248 /* And one copy for every other CPU */
1249 for_each_possible_cpu(i)
1250 if (newinfo->entries[i] && newinfo->entries[i] != entry1)
1251 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
1252 index 925ee4d..00073a0 100644
1253 --- a/net/ipv4/route.c
1254 +++ b/net/ipv4/route.c
1255 @@ -1784,7 +1784,7 @@ #ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
1256 #endif
1257 if (in_dev->cnf.no_policy)
1258 rth->u.dst.flags |= DST_NOPOLICY;
1259 - if (in_dev->cnf.no_xfrm)
1260 + if (out_dev->cnf.no_xfrm)
1261 rth->u.dst.flags |= DST_NOXFRM;
1262 rth->fl.fl4_dst = daddr;
1263 rth->rt_dst = daddr;
1264 diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
1265 index 1bed0cd..2cf7840 100644
1266 --- a/net/ipv4/xfrm4_policy.c
1267 +++ b/net/ipv4/xfrm4_policy.c
1268 @@ -273,6 +273,8 @@ static void xfrm4_dst_destroy(struct dst
1269
1270 if (likely(xdst->u.rt.idev))
1271 in_dev_put(xdst->u.rt.idev);
1272 + if (likely(xdst->u.rt.peer))
1273 + inet_putpeer(xdst->u.rt.peer);
1274 xfrm_dst_destroy(xdst);
1275 }
1276
1277 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
1278 index 73eb8c3..89d527e 100644
1279 --- a/net/ipv6/ndisc.c
1280 +++ b/net/ipv6/ndisc.c
1281 @@ -472,7 +472,9 @@ static void ndisc_send_na(struct net_dev
1282 inc_opt = 0;
1283 }
1284
1285 - skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1286 + skb = sock_alloc_send_skb(sk,
1287 + (MAX_HEADER + sizeof(struct ipv6hdr) +
1288 + len + LL_RESERVED_SPACE(dev)),
1289 1, &err);
1290
1291 if (skb == NULL) {
1292 @@ -561,7 +563,9 @@ void ndisc_send_ns(struct net_device *de
1293 if (send_llinfo)
1294 len += ndisc_opt_addr_space(dev);
1295
1296 - skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1297 + skb = sock_alloc_send_skb(sk,
1298 + (MAX_HEADER + sizeof(struct ipv6hdr) +
1299 + len + LL_RESERVED_SPACE(dev)),
1300 1, &err);
1301 if (skb == NULL) {
1302 ND_PRINTK0(KERN_ERR
1303 @@ -636,7 +640,9 @@ void ndisc_send_rs(struct net_device *de
1304 if (dev->addr_len)
1305 len += ndisc_opt_addr_space(dev);
1306
1307 - skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1308 + skb = sock_alloc_send_skb(sk,
1309 + (MAX_HEADER + sizeof(struct ipv6hdr) +
1310 + len + LL_RESERVED_SPACE(dev)),
1311 1, &err);
1312 if (skb == NULL) {
1313 ND_PRINTK0(KERN_ERR
1314 @@ -1446,7 +1452,9 @@ void ndisc_send_redirect(struct sk_buff
1315 rd_len &= ~0x7;
1316 len += rd_len;
1317
1318 - buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1319 + buff = sock_alloc_send_skb(sk,
1320 + (MAX_HEADER + sizeof(struct ipv6hdr) +
1321 + len + LL_RESERVED_SPACE(dev)),
1322 1, &err);
1323 if (buff == NULL) {
1324 ND_PRINTK0(KERN_ERR
1325 diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
1326 index 204e021..626dcaf 100644
1327 --- a/net/ipv6/netfilter/ip6_tables.c
1328 +++ b/net/ipv6/netfilter/ip6_tables.c
1329 @@ -440,6 +440,13 @@ mark_source_chains(struct xt_table_info
1330 && unconditional(&e->ipv6)) {
1331 unsigned int oldpos, size;
1332
1333 + if (t->verdict < -NF_MAX_VERDICT - 1) {
1334 + duprintf("mark_source_chains: bad "
1335 + "negative verdict (%i)\n",
1336 + t->verdict);
1337 + return 0;
1338 + }
1339 +
1340 /* Return: backtrack through the last
1341 big jump. */
1342 do {
1343 @@ -477,6 +484,13 @@ #endif
1344 if (strcmp(t->target.u.user.name,
1345 IP6T_STANDARD_TARGET) == 0
1346 && newpos >= 0) {
1347 + if (newpos > newinfo->size -
1348 + sizeof(struct ip6t_entry)) {
1349 + duprintf("mark_source_chains: "
1350 + "bad verdict (%i)\n",
1351 + newpos);
1352 + return 0;
1353 + }
1354 /* This a jump; chase it. */
1355 duprintf("Jump rule %u -> %u\n",
1356 pos, newpos);
1357 @@ -509,27 +523,6 @@ cleanup_match(struct ip6t_entry_match *m
1358 }
1359
1360 static inline int
1361 -standard_check(const struct ip6t_entry_target *t,
1362 - unsigned int max_offset)
1363 -{
1364 - struct ip6t_standard_target *targ = (void *)t;
1365 -
1366 - /* Check standard info. */
1367 - if (targ->verdict >= 0
1368 - && targ->verdict > max_offset - sizeof(struct ip6t_entry)) {
1369 - duprintf("ip6t_standard_check: bad verdict (%i)\n",
1370 - targ->verdict);
1371 - return 0;
1372 - }
1373 - if (targ->verdict < -NF_MAX_VERDICT - 1) {
1374 - duprintf("ip6t_standard_check: bad negative verdict (%i)\n",
1375 - targ->verdict);
1376 - return 0;
1377 - }
1378 - return 1;
1379 -}
1380 -
1381 -static inline int
1382 check_match(struct ip6t_entry_match *m,
1383 const char *name,
1384 const struct ip6t_ip6 *ipv6,
1385 @@ -616,12 +609,7 @@ check_entry(struct ip6t_entry *e, const
1386 if (ret)
1387 goto err;
1388
1389 - if (t->u.kernel.target == &ip6t_standard_target) {
1390 - if (!standard_check(t, size)) {
1391 - ret = -EINVAL;
1392 - goto err;
1393 - }
1394 - } else if (t->u.kernel.target->checkentry
1395 + if (t->u.kernel.target->checkentry
1396 && !t->u.kernel.target->checkentry(name, e, target, t->data,
1397 e->comefrom)) {
1398 duprintf("ip_tables: check failed for `%s'.\n",
1399 @@ -758,17 +746,19 @@ translate_table(const char *name,
1400 }
1401 }
1402
1403 + if (!mark_source_chains(newinfo, valid_hooks, entry0))
1404 + return -ELOOP;
1405 +
1406 /* Finally, each sanity check must pass */
1407 i = 0;
1408 ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size,
1409 check_entry, name, size, &i);
1410
1411 - if (ret != 0)
1412 - goto cleanup;
1413 -
1414 - ret = -ELOOP;
1415 - if (!mark_source_chains(newinfo, valid_hooks, entry0))
1416 - goto cleanup;
1417 + if (ret != 0) {
1418 + IP6T_ENTRY_ITERATE(entry0, newinfo->size,
1419 + cleanup_entry, &i);
1420 + return ret;
1421 + }
1422
1423 /* And one copy for every other CPU */
1424 for_each_possible_cpu(i) {
1425 @@ -777,9 +767,6 @@ translate_table(const char *name,
1426 }
1427
1428 return 0;
1429 -cleanup:
1430 - IP6T_ENTRY_ITERATE(entry0, newinfo->size, cleanup_entry, &i);
1431 - return ret;
1432 }
1433
1434 /* Gets counters. */
1435 diff --git a/net/irda/irttp.c b/net/irda/irttp.c
1436 index 3c2e70b..da73e63 100644
1437 --- a/net/irda/irttp.c
1438 +++ b/net/irda/irttp.c
1439 @@ -1099,7 +1099,7 @@ int irttp_connect_request(struct tsap_cb
1440 return -ENOMEM;
1441
1442 /* Reserve space for MUX_CONTROL and LAP header */
1443 - skb_reserve(tx_skb, TTP_MAX_HEADER);
1444 + skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1445 } else {
1446 tx_skb = userdata;
1447 /*
1448 @@ -1348,7 +1348,7 @@ int irttp_connect_response(struct tsap_c
1449 return -ENOMEM;
1450
1451 /* Reserve space for MUX_CONTROL and LAP header */
1452 - skb_reserve(tx_skb, TTP_MAX_HEADER);
1453 + skb_reserve(tx_skb, TTP_MAX_HEADER + TTP_SAR_HEADER);
1454 } else {
1455 tx_skb = userdata;
1456 /*
1457 diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
1458 index 6cff566..85de7ef 100644
1459 --- a/net/sched/act_gact.c
1460 +++ b/net/sched/act_gact.c
1461 @@ -48,14 +48,14 @@ static struct tcf_hashinfo gact_hash_inf
1462 #ifdef CONFIG_GACT_PROB
1463 static int gact_net_rand(struct tcf_gact *gact)
1464 {
1465 - if (net_random() % gact->tcfg_pval)
1466 + if (!gact->tcfg_pval || net_random() % gact->tcfg_pval)
1467 return gact->tcf_action;
1468 return gact->tcfg_paction;
1469 }
1470
1471 static int gact_determ(struct tcf_gact *gact)
1472 {
1473 - if (gact->tcf_bstats.packets % gact->tcfg_pval)
1474 + if (!gact->tcfg_pval || gact->tcf_bstats.packets % gact->tcfg_pval)
1475 return gact->tcf_action;
1476 return gact->tcfg_paction;
1477 }
1478 diff --git a/net/sched/act_police.c b/net/sched/act_police.c
1479 index fed47b6..af68e1e 100644
1480 --- a/net/sched/act_police.c
1481 +++ b/net/sched/act_police.c
1482 @@ -46,6 +46,18 @@ static struct tcf_hashinfo police_hash_i
1483 .lock = &police_lock,
1484 };
1485
1486 +/* old policer structure from before tc actions */
1487 +struct tc_police_compat
1488 +{
1489 + u32 index;
1490 + int action;
1491 + u32 limit;
1492 + u32 burst;
1493 + u32 mtu;
1494 + struct tc_ratespec rate;
1495 + struct tc_ratespec peakrate;
1496 +};
1497 +
1498 /* Each policer is serialized by its individual spinlock */
1499
1500 #ifdef CONFIG_NET_CLS_ACT
1501 @@ -131,12 +143,15 @@ static int tcf_act_police_locate(struct
1502 struct tc_police *parm;
1503 struct tcf_police *police;
1504 struct qdisc_rate_table *R_tab = NULL, *P_tab = NULL;
1505 + int size;
1506
1507 if (rta == NULL || rtattr_parse_nested(tb, TCA_POLICE_MAX, rta) < 0)
1508 return -EINVAL;
1509
1510 - if (tb[TCA_POLICE_TBF-1] == NULL ||
1511 - RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
1512 + if (tb[TCA_POLICE_TBF-1] == NULL)
1513 + return -EINVAL;
1514 + size = RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]);
1515 + if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat))
1516 return -EINVAL;
1517 parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);
1518
1519 @@ -415,12 +430,15 @@ struct tcf_police *tcf_police_locate(str
1520 struct tcf_police *police;
1521 struct rtattr *tb[TCA_POLICE_MAX];
1522 struct tc_police *parm;
1523 + int size;
1524
1525 if (rtattr_parse_nested(tb, TCA_POLICE_MAX, rta) < 0)
1526 return NULL;
1527
1528 - if (tb[TCA_POLICE_TBF-1] == NULL ||
1529 - RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]) != sizeof(*parm))
1530 + if (tb[TCA_POLICE_TBF-1] == NULL)
1531 + return NULL;
1532 + size = RTA_PAYLOAD(tb[TCA_POLICE_TBF-1]);
1533 + if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat))
1534 return NULL;
1535
1536 parm = RTA_DATA(tb[TCA_POLICE_TBF-1]);

  ViewVC Help
Powered by ViewVC 1.1.20