Audit contexts can be reused, so initialize a name's osid to the
default in audit_getname(). This ensures we don't log a bogus object
label when no inode data is collected for a name.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
When auditing syscalls that send signals, log the pid and security
context for each target process. Optimize the data collection by
adding a counter for signal-related rules, and avoiding allocating an
aux struct unless we have more than one target process. For process
groups, collect pid/context data in blocks of 16. Move the
audit_signal_info() hook up in check_kill_permission() so we audit
attempts where permission is denied.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
iptables matches and targets expect packets to have at least a full
IP header and a valid header length. Ignore packets sent through
raw sockets for which this isn't true as in the other tables.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Some helpers (eg. ftp) assume that private area in conntrack is
filled with zero. It should be cleared when helper is changed.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch
- Clears private area for helper even if no helper is assigned to
conntrack. It might be used by old helper.
- Unchanges if the same helper as the used one is specified.
- Does not find helper if no helper is specified. And it does not
require private area for helper in that case.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
These are also in include/net/netfilter/nf_conntrack_helper.h
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
nf_nat_rule_find, alloc_null_binding and alloc_null_binding_confirmed
do not use the argument 'info', which is actually ct->nat.info.
If they are necessary to access it again, we can use the argument 'ct'
instead.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
- move arp_tables initial table structure definitions to arp_tables.h
similar to ip_tables and ip6_tables
- use C99 initializers
- use initializer macros where possible
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When we relinquish queue_lock in qdisc_restart and then retake it for
requeueing, we might race against dev_deactivate and end up requeueing
onto noop_qdisc. This causes a warning to be printed.
This patch fixes this by checking this before we requeue. As an added
bonus, we can remove the same check in __qdisc_run which was added to
prevent dev->gso_skb from being requeued when we're shutting down.
Even though we've had to add a new conditional in its place, it's better
because it only happens on requeues rather than every single time that
qdisc_run is called.
For this to work we also need to move the clearing of gso_skb up in
dev_deactivate as now qdisc_restart can occur even after we wait for
__LINK_STATE_QDISC_RUNNING to clear (but it won't do anything as long
as the queue and gso_skb is already clear).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Now that we return the queue length after NETDEV_TX_OK we better
make sure that we have the right queue. Otherwise we can cause a
stall after a really quick dev_deactive/dev_activate.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
The current return value scheme and associated comment was invented
back in the 20th century when we still had that tbusy flag. Things
have changed quite a bit since then (even Tony Blair is moving on
now, not to mention the new French president).
All we need to indicate now is whether the caller should continue
processing the queue. Therefore it's sufficient if we return 0 if
we want to stop and non-zero otherwise.
This is based on a patch by Krishna Kumar.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
When transmit fails with NETDEV_TX_LOCKED the skb is requeued
to dev->qdisc again. The dev->qdisc pointer is protected by
the queue lock which needs to be dropped when attempting to
transmit and acquired again before requeing. The problem is
that qdisc_restart() fetches the dev->qdisc pointer once and
stores it in the `q' variable which is invalidated when
dropping the queue_lock, therefore the variable needs to be
refreshed before requeueing.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
__udp_lib_port_inuse() cannot make direct references to
inet_sk(sk)->rcv_saddr as that is ipv4 specific state and
this code is used by ipv6 too.
Use an operations vector to solve this, and this also paves
the way for ipv6 support for non-wild saddr hashing in UDP.
Signed-off-by: David S. Miller <davem@davemloft.net>
This dongle does not follow the usb-irda specification, so it needs its
own special driver. In addition, it uses interrupt endpoints instead of
bulk ones as the rest of USB IrDA dongles supported by Linux (just to be
different?) and data reads need to be parsed to extract the valid bytes
before being unwrapped (details in the comment at the start of the
source). No speed commands have been discovered for this dongle, and I
suspect it does not have any at all.
On plugin, this dongle reports vendor and device IDs: 0x07c0:0x4200 .
The Windows driver that is used normally to control this dongle has a
filename of DSIR620.SYS .
Signed-off-by: Alex Villac�s Lasso <a_villacis@palosanto.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
I think this is less critical, but is also suitable for -stable
release.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Because skb->dst is assigned in ip6_route_input(), it is really
bad to use it in hop-by-hop option handler(s).
Closes: Bug #8450 (Eric Sesterhenn <snakebyte@gmx.de>)
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
When an IPv6 router is forwarding a packet with a link-local scope source
address off-link, RFC 4007 requires it to send an ICMPv6 destination
unreachable with code 2 ("not neighbor"), but Linux doesn't. Fix below.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The socket API draft is unclear about whether to include the
chunk header or not. Recent discussion on the sctp implementors
mailing list clarified that the chunk header shouldn't be included,
but the error parameter header still needs to be there.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I broke the non-wildcard case recently. This is to fixes it.
Now, explictitly bound addresses can ge retrieved using the API.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
SCTP was checking for NULL when trying to detect hmac
allocation failure where it should have been using IS_ERR.
Also, print a rate limited warning to the log telling the
user what happend.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Urgent events may be delayed if we already have a non-urgent event
queued for that device. This patch changes this by making sure that
an urgent event is always looked at immediately.
I've replaced the LW_RUNNING flag by LW_URGENT since whether work
is scheduled is already kept track by the work queue system.
The only complication is that we have to provide some exclusion for
the setting linkwatch_nextevent which is available in the actual
work function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
When the jiffies wrap around or when the system boots up for the first
time, down events can be delayed indefinitely since we no longer
update linkwatch_nextevent when only urgent events are processed.
This patch fixes this by setting linkwatch_nextevent when a
wrap-around occurs.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Optimize teql_enqueue so that it first checks limits before enqueing.
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| CC net/mac80211/ieee80211_sta.o
| In file included from linux/net/mac80211/ieee80211_sta.c:31:
| include2/asm/delay.h: In function '__const_udelay':
| include2/asm/delay.h:33: error: 'loops_per_jiffy' undeclared (first use in this function)
| include2/asm/delay.h:33: error: (Each undeclared identifier is reported only once
| include2/asm/delay.h:33: error: for each function it appears in.)
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently all link carrier events are delayed by up to a second
before they're processed to prevent link storms. This causes
unnecessary packet loss during that interval.
In fact, we can achieve the same effect in preventing storms by
only delaying down events and unnecssary up events. The latter
is defined as up events when we're already up.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
These days the link watch mechanism is an integral part of the
network subsystem as it manages the carrier status. So it now
makes sense to allocate some memory for it in net_device rather
than allocating it on demand.
In fact, this is necessary because we can't tolerate a memory
allocation failure since that means we'd have to potentially
throw a link up event away.
It also simplifies the code greatly.
In doing so I discovered a subtle race condition in the use
of singleevent. This race condition still exists (and is
somewhat magnified) without singleevent but it's now plugged
thanks to an smp_mb__before_clear_bit.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
A trivial fix to (what looks like) an unintentional fall-through in the
HCI line discipline.
Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Normally a serial Bluetooth device is opened, TIOSETD'ed to N_HCI line
discipline, HCIUARTSETPROTO'ed and finally closed. In case the device
fails to HCIUARTSETPROTO, closing it produces a NULL pointer dereference.
Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Adding HCIUARTGETDEVICE makes it possible to get the HCI device number
that is attached to a given serial device. This is required during the
initialization process of some Bluetooth chips.
Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
In preparation for struct class_device -> struct device input core
conversion, switch to using input_dev->dev.parent when specifying
device position in sysfs tree.
Also, do not access input_dev->private directly, use helpers and
do not use kfree() on input device, use input_free_device() instead.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
In 9d6a8c5c21 we changed posix_test_lock
to modify its single file_lock argument instead of taking separate input
and output arguments. This makes it no longer safe to set the output
lock's fl_type to F_UNLCK before looking for a conflict, since that
means searching for a conflict against a lock with type F_UNLCK.
This fixes a regression which causes F_GETLK to incorrectly report no
conflict on most filesystems (including any filesystem that doesn't do
its own locking).
Also fix posix_lock_to_flock() to copy the lock type. This isn't
strictly necessary, since the caller already does this; but it seems
less likely to cause confusion in the future.
Thanks to Doug Chapman for the bug report.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Acked-by: Doug Chapman <doug.chapman@hp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
[WATCHDOG] MTX-1 Watchdog driver
[WATCHDOG] s3c2410_wdt - initialize watchdog irq resource
[WATCHDOG] Kconfig menuconfig patch
[WATCHDOG] pcwd.c: Port to the new device driver model
[WATCHDOG] use mutex instead of semaphore in Berkshire USB-PC Watchdog driver
[WATCHDOG] the scheduled removal of the i8xx_tco watchdog driver
[WATCHDOG] Semi-typical watchdog bug re early misc_register()
[WATCHDOG] add support for the w83627thf chipset.
A small regression appears to have been introduced in the recent patch
"cleanup compat ioctl handling", which was included in Linus' tree after
2.6.20.
siocdevprivate_ioctl() is no longer defined if CONFIG_NET is undefined,
whereas previously it was a dummy function in this case.
This causes compilation with CONFIG_COMPAT but without CONFIG_NET to fail.
fs/compat_ioctl.c: In function `compat_sys_ioctl':
fs/compat_ioctl.c:3571: warning: implicit declaration of function `siocdevprivate_ioctl'
Cc: Christoph Hellwig <hch@lst.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/input/misc/ixp4xx-beeper.c: In function 'ixp4xx_spkr_event':
drivers/input/misc/ixp4xx-beeper.c:54: error: 'input_dev' undeclared (first use in this function)
drivers/input/misc/ixp4xx-beeper.c:54: error: (Each undeclared identifier is reported only once
drivers/input/misc/ixp4xx-beeper.c:54: error: for each function it appears in.)
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com>
Acked-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (24 commits)
[POWERPC] Fix compile error with kexec and CONFIG_SMP=n
[POWERPC] Split initrd logic out of early_init_dt_scan_chosen() to fix warning
[POWERPC] Fix warning in hpte_decode(), and generalize it
[POWERPC] Minor pSeries IOMMU debug cleanup
[POWERPC] PS3: Fix sys manager build error
[POWERPC] Assorted janitorial EEH cleanups
[POWERPC] We don't define CONFIG_HAVE_ARCH_EARLY_PFN_TO_NID
[POWERPC] pmu_sys_suspended is only defined for PPC32
[POWERPC] Fix incorrect calculation of I/O window addresses
[POWERPC] celleb: Update celleb_defconfig
[POWERPC] celleb: Fix parsing of machine type hack command line option
[POWERPC] celleb: Fix PCI config space accesses to subordinate buses
[POWERPC] celleb: Fix support for multiple PCI domains
[POWERPC] Wire up sys_utimensat
[POWERPC] CPM_UART: Removed __init from cpm_uart_init_portdesc to fix warning
[POWERPC] User rheap from arch/powerpc/lib
[POWERPC] 83xx: Fix the PCI ranges in the MPC834x_MDS device tree.
[POWERPC] 83xx: Fix the PCI ranges in the MPC832x_MDS device tree.
[POWERPC] CPM_UART: cpm_uart_set_termios should take ktermios, not termios
[POWERPC] Change rheap functions to use ulongs instead of pointers
...
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Use alloc_pci_dev() in PCI bus probes.
[SPARC64]: Bump PROMINTR_MAX to 32.
[SPARC64]: Fix recursion in PROM tree building.
[SERIAL] sunzilog: Interrupt enable before ISR handler installed
[SPARC64] PCI: Consolidate PCI access code into pci_common.c
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
acpi,msi-laptop: Fall back to EC polling mode for MSI laptop specific EC commands
sony-laptop: rename SONY_LAPTOP_OLD to a more meaningful SONYPI_COMPAT
asus-laptop: version bump and lindent
asus-laptop: fix light sens init
asus-laptop: add GPS support
asus-laptop: notify ALL events
ACPICA: Lindent
ACPI: created a dedicated workqueue for notify() execution
Revert "ACPICA: fix AML mutex re-entrancy"
Revert "Execute AML Notify() requests on stack."
Revert "ACPICA: revert "acpi_serialize" changes"
ACPI: delete un-reliable concept of cooling mode
ACPI: thermal trip points are read-only
* 'juju' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: (138 commits)
firewire: Convert OHCI driver to use standard goto unwinding for error handling.
firewire: Always use parens with sizeof.
firewire: Drop single buffer request support.
firewire: Add a comment to describe why we split the sg list.
firewire: Return SCSI_MLQUEUE_HOST_BUSY for out of memory cases in queuecommand.
firewire: Handle the last few DMA mapping error cases.
firewire: Allocate scsi_host up front and allocate the sbp2_device as hostdata.
firewire: Provide module aliase for backwards compatibility.
firewire: Add to fw-core-y instead of assigning fw-core-objs in Makefile.
firewire: Break out shared IEEE1394 constant to separate header file.
firewire: Use linux/*.h instead of asm/*.h header files.
firewire: Uppercase most macro names.
firewire: Coding style cleanup: no spaces after function names.
firewire: Convert card_rwsem to a regular mutex.
firewire: Clean up comment style.
firewire: Use lib/ implementation of CRC ITU-T.
CRC ITU-T V.41
firewire: Rename fw-device-cdev.c to fw-cdev.c and move header to include/linux.
firewire: Future proof the iso ioctls by adding a handle for the iso context.
firewire: Add read/write and size annotations to IOC numbers.
...
Acked-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Only shows up while building sim_defconfig because CONFIG_ACPI=n
there, and all of the uses of cpe_poll_timer are inside #ifdef CONFIG_ACPI.
Signed-off-by: Tony Luck <tony.luck@intel.com>
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] update default configuration.
[S390] Kconfig: no wireless on s390.
[S390] Kconfig: use common Kconfig files for s390.
[S390] Kconfig: common config options for s390.
[S390] Kconfig: unwanted menus for s390.
[S390] Kconfig: menus with depends on HAS_IOMEM.
[S390] Kconfig: refine depends statements.
[S390] Avoid compile warning.
[S390] qdio: re-add lost perf_stats.tl_runs change in qdio_handle_pci
[S390] Avoid sparse warnings.
[S390] dasd: Fix modular build.
[S390] monreader inlining cleanup.
[S390] cio: Make some structures and a function static.
[S390] cio: Get rid of _ccw_device_get_device_number().
[S390] fix subsystem removal fallout
arch/ia64/sn/kernel/xpc_partition.c:578: warning: long unsigned int format, different type arg (arg 3)
arch/ia64/sn/kernel/xpnet.c:349: warning: int format, different type arg (arg 7)
arch/ia64/sn/kernel/xpnet.c:349: warning: int format, different type arg (arg 8)
Signed-off-by: Tony Luck <tony.luck@intel.com>
Lots of places where we passed a "struct pci_device *" rather than
a "struct device *". One place where we used a "%s" in the format,
but forgot to provide an argument.
Acked-by: John Keller <jpk@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Amy Griffis