aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [PATCH] zoned vm counters: create vmstat.c/.h from page_alloc.c/.hChristoph Lameter2006-06-307-549/+569
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NOTE: ZVC are *not* the lightweight event counters. ZVCs are reliable whereas event counters do not need to be. Zone based VM statistics are necessary to be able to determine what the state of memory in one zone is. In a NUMA system this can be helpful for local reclaim and other memory optimizations that may be able to shift VM load in order to get more balanced memory use. It is also useful to know how the computing load affects the memory allocations on various zones. This patchset allows the retrieval of that data from userspace. The patchset introduces a framework for counters that is a cross between the existing page_stats --which are simply global counters split per cpu-- and the approach of deferred incremental updates implemented for nr_pagecache. Small per cpu 8 bit counters are added to struct zone. If the counter exceeds certain thresholds then the counters are accumulated in an array of atomic_long in the zone and in a global array that sums up all zone values. The small 8 bit counters are next to the per cpu page pointers and so they will be in high in the cpu cache when pages are allocated and freed. Access to VM counter information for a zone and for the whole machine is then possible by simply indexing an array (Thanks to Nick Piggin for pointing out that approach). The access to the total number of pages of various types does no longer require the summing up of all per cpu counters. Benefits of this patchset right now: - Ability for UP and SMP configuration to determine how memory is balanced between the DMA, NORMAL and HIGHMEM zones. - loops over all processors are avoided in writeback and reclaim paths. We can avoid caching the writeback information because the needed information is directly accessible. - Special handling for nr_pagecache removed. - zone_reclaim_interval vanishes since VM stats can now determine when it is worth to do local reclaim. - Fast inline per node page state determination. - Accurate counters in /sys/devices/system/node/node*/meminfo. Current counters are counting simply which processor allocated a page somewhere and guestimate based on that. So the counters were not useful to show the actual distribution of page use on a specific zone. - The swap_prefetch patch requires per node statistics in order to figure out when processors of a node can prefetch. This patch provides some of the needed numbers. - Detailed VM counters available in more /proc and /sys status files. References to earlier discussions: V1 http://marc.theaimsgroup.com/?l=linux-kernel&m=113511649910826&w=2 V2 http://marc.theaimsgroup.com/?l=linux-kernel&m=114980851924230&w=2 V3 http://marc.theaimsgroup.com/?l=linux-kernel&m=115014697910351&w=2 V4 http://marc.theaimsgroup.com/?l=linux-kernel&m=115024767318740&w=2 Performance tests with AIM7 did not show any regressions. Seems to be a tad faster even. Tested on ia64/NUMA. Builds fine on i386, SMP / UP. Includes fixes for s390/arm/uml arch code. This patch: Move counter code from page_alloc.c/page-flags.h to vmstat.c/h. Create vmstat.c/vmstat.h by separating the counter code and the proc functions. Move the vm_stat_text array before zoneinfo_show. [akpm@osdl.org: s390 build fix] [akpm@osdl.org: HOTPLUG_CPU build fix] Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fix ISTALLION=yAdrian Bunk2006-06-301-15/+2
| | | | | | | | | | | | | | | | | | drivers/char/istallion.c: In function ‘stli_initbrds’: drivers/char/istallion.c:4150: error: implicit declaration of function ‘stli_parsebrd’ drivers/char/istallion.c:4150: error: ‘stli_brdsp’ undeclared (first use in this function) drivers/char/istallion.c:4150: error: (Each undeclared identifier is reported only once drivers/char/istallion.c:4150: error: for each function it appears in.) drivers/char/istallion.c:4164: error: implicit declaration of function ‘stli_argbrds’ While I was at it, I also removed the #ifdef MODULE around the initialation code to allow it to perhaps work when built into the kernel and made a needlessly global function static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] msr.c: use register_hotcpu_notifier()Andrew Morton2006-06-301-3/+6
| | | | | | | | | register_cpu_notifier() cannot do anything in a module, in a !CONFIG_HOTPLUG_CPU kernel. Cc: Chandra Seetharaman <sekharan@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fix platform_device_put/del mishapsIngo Molnar2006-06-302-5/+6
| | | | | | | | | | | This fixes drivers/char/pc8736x_gpio.c and drivers/char/scx200_gpio.c to use the platform_device_del/put ops correctly. Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Jim Cromie <jim.cromie@gmail.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fix drivers/video/imacfb.c compilationIngo Molnar2006-06-301-4/+0
| | | | | | | | | | | Fix build error on x86_64. There's nothing even remotely close to imacmp_seg in the kernel, so I removed the whole line. Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Edgar Hucek <hostmaster@ed-soft.at> Cc: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2006-06-2921-97/+131
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2 * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2: ocfs2: remove redundant NULL checks in ocfs2_direct_IO_get_blocks() ocfs2: clean up some osb fields ocfs2: fix init of uuid_net_key ocfs2: silence a debug print ocfs2: silence ENOENT during lookup of broken links ocfs2: Cleanup message prints ocfs2: silence -EEXIST from ocfs2_extent_map_insert/lookup [PATCH] fs/ocfs2/dlm/dlmrecovery.c: make dlm_lockres_master_requery() static ocfs2: warn the user on a dead timeout mismatch ocfs2: OCFS2_FS must depend on SYSFS ocfs2: Compile-time disabling of ocfs2 debugging output. configfs: Clear up a few extra spaces where there should be TABs. configfs: Release memory in configfs_example.
| * ocfs2: remove redundant NULL checks in ocfs2_direct_IO_get_blocks()Florin Malita2006-06-291-8/+1
| | | | | | | | | | Signed-off-by: Florin Malita <fmalita@gmail.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: clean up some osb fieldsMark Fasheh2006-06-294-42/+4
| | | | | | | | | | | | | | | | Get rid of osb->uuid, osb->proc_sub_dir, and osb->osb_id. Those fields were unused, or could easily be removed. As a result, we also no longer need MAX_OSB_ID or ocfs2_globals_lock. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: fix init of uuid_net_keyMark Fasheh2006-06-291-1/+1
| | | | | | | | | | | | ocfs2_initialize_super() should be copying from the beginning of the uuid. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: silence a debug printMark Fasheh2006-06-291-1/+1
| | | | | | | | Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: silence ENOENT during lookup of broken linksSunil Mushran2006-06-291-1/+1
| | | | | | | | | | Signed-off-by: Sunil Mushran <sunil.mushran@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: Cleanup message printsSunil Mushran2006-06-293-18/+20
| | | | | | | | | | Signed-off-by: Sunil Mushran <sunil.mushran@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: silence -EEXIST from ocfs2_extent_map_insert/lookupJoel Becker2006-06-291-7/+22
| | | | | | | | | | Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * [PATCH] fs/ocfs2/dlm/dlmrecovery.c: make dlm_lockres_master_requery() staticAdrian Bunk2006-06-292-4/+6
| | | | | | | | | | | | | | dlm_lockres_master_requery() became global without any external usage. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: warn the user on a dead timeout mismatchMark Fasheh2006-06-292-0/+21
| | | | | | | | | | | | | | Print a warning to the user when a node with a different dead count joins the region. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: OCFS2_FS must depend on SYSFSAdrian Bunk2006-06-291-1/+1
| | | | | | | | | | Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * ocfs2: Compile-time disabling of ocfs2 debugging output.Joel Becker2006-06-294-7/+35
| | | | | | | | | | | | | | | | Give gcc the chance to compile out the debug logging code in ocfs2. This saves some size at the expense of being able to debug the code. Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * configfs: Clear up a few extra spaces where there should be TABs.Joel Becker2006-06-292-4/+4
| | | | | | | | | | Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * configfs: Release memory in configfs_example.Joel Becker2006-06-291-4/+15
| | | | | | | | | | | | | | The configfs_example module was missing a ->release(). Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2006-06-2989-148/+520
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (30 commits) [TIPC]: Initial activation message now includes TIPC version number [TIPC]: Improve response to requests for node/link information [TIPC]: Fixed skb_under_panic caused by tipc_link_bundle_buf [IrDA]: Fix the AU1000 FIR dependencies [IrDA]: Fix RCU lock pairing on error path [XFRM]: unexport xfrm_state_mtu [NET]: make skb_release_data() static [NETFILTE] ipv4: Fix typo (Bugzilla #6753) [IrDA]: MCS7780 usb_driver struct should be static [BNX2]: Turn off link during shutdown [BNX2]: Use dev_kfree_skb() instead of the _irq version [ATM]: basic sysfs support for ATM devices [ATM]: [suni] change suni_init to __devinit [ATM]: [iphase] should be __devinit not __init [ATM]: [idt77105] should be __devinit not __init [BNX2]: Add NETIF_F_TSO_ECN [NET]: Add ECN support for TSO [AF_UNIX]: Datagram getpeersec [NET]: Fix logical error in skb_gso_ok [PKT_SCHED]: PSCHED_TADD() and PSCHED_TADD2() can result,tv_usec >= 1000000 ...
| * | [TIPC]: Initial activation message now includes TIPC version numberAllan Stephens2006-06-291-1/+2
| | | | | | | | | | | | | | | | | | Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [TIPC]: Improve response to requests for node/link informationAllan Stephens2006-06-292-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now allocates reply space for "get links" request based on number of actual links, not number of potential links. Also, limits reply to "get links" and "get nodes" requests to 32KB to match capabilities of tipc-config utility that issued request. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com>
| * | [TIPC]: Fixed skb_under_panic caused by tipc_link_bundle_bufAllan Stephens2006-06-291-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now determines tailroom of bundle buffer by directly inspection of buffer. Previously, buffer was assumed to have a max capacity equal to the link MTU, but the addition of link MTU negotiation means that the link MTU can increase after the bundle buffer is allocated. Signed-off-by: Allan Stephens <allan.stephens@windriver.com> Signed-off-by: Per Liden <per.liden@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IrDA]: Fix the AU1000 FIR dependenciesAdrian Bunk2006-06-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AU1000 FIR is broken, it should depend on SOC_AU1000. Spotted by Jean-Luc Leger. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IrDA]: Fix RCU lock pairing on error pathJosh Triplett2006-06-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | irlan_client_discovery_indication calls rcu_read_lock and rcu_read_unlock, but returns without unlocking in an error case. Fix that by replacing the return with a goto so that the rcu_read_unlock always gets executed. Signed-off-by: Josh Triplett <josh@freedesktop.org> Acked-by: Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by: Samuel Ortiz samuel@sortiz.org <> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [XFRM]: unexport xfrm_state_mtuAdrian Bunk2006-06-291-2/+0
| | | | | | | | | | | | | | | | | | | | | This patch removes the unused EXPORT_SYMBOL(xfrm_state_mtu). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: make skb_release_data() staticAdrian Bunk2006-06-293-3/+1
| | | | | | | | | | | | | | | | | | | | | skb_release_data() no longer has any users in other files. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTE] ipv4: Fix typo (Bugzilla #6753)Matt LaPlante2006-06-291-1/+1
| | | | | | | | | | | | | | | | | | This patch fixes bugzilla #6753, a typo in the netfilter Kconfig Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IrDA]: MCS7780 usb_driver struct should be staticAdrian Bunk2006-06-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This patch makes a needlessly global struct static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [BNX2]: Turn off link during shutdownMichael Chan2006-06-292-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Minor change in shutdown logic to effect a link down. Update version to 1.4.43. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [BNX2]: Use dev_kfree_skb() instead of the _irq versionMichael Chan2006-06-291-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | Change all dev_kfree_skb_irq() and dev_kfree_skb_any() to dev_kfree_skb(). These calls are never used in irq context. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [ATM]: basic sysfs support for ATM devicesRoman Kagan2006-06-297-6/+209
| | | | | | | | | | | | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [ATM]: [suni] change suni_init to __devinitChas Williams2006-06-292-2/+2
| | | | | | | | | | | | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [ATM]: [iphase] should be __devinit not __initChas Williams2006-06-291-2/+2
| | | | | | | | | | | | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [ATM]: [idt77105] should be __devinit not __initChas Williams2006-06-292-2/+2
| | | | | | | | | | | | | | | Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [BNX2]: Add NETIF_F_TSO_ECNMichael Chan2006-06-291-2/+12
| | | | | | | | | | | | | | | | | | | | | Add NETIF_F_TSO_ECN feature for all bnx2 hardware. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: Add ECN support for TSOMichael Chan2006-06-297-12/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the current TSO implementation, NETIF_F_TSO and ECN cannot be turned on together in a TCP connection. The problem is that most hardware that supports TSO does not handle CWR correctly if it is set in the TSO packet. Correct handling requires CWR to be set in the first packet only if it is set in the TSO header. This patch adds the ability to turn on NETIF_F_TSO and ECN using GSO if necessary to handle TSO packets with CWR set. Hardware that handles CWR correctly can turn on NETIF_F_TSO_ECN in the dev-> features flag. All TSO packets with CWR set will have the SKB_GSO_TCPV4_ECN set. If the output device does not have the NETIF_F_TSO_ECN feature set, GSO will split the packet up correctly with CWR only set in the first segment. With help from Herbert Xu <herbert@gondor.apana.org.au>. Since ECN can always be enabled with TSO, the SOCK_NO_LARGESEND sock flag is completely removed. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [AF_UNIX]: Datagram getpeersecCatherine Zhang2006-06-2926-3/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the auxiliary data mechanism of recvmsg. Patch purpose: This patch enables a security-aware application to retrieve the security context of the peer of a Unix datagram socket. The application can then use this security context to determine the security context for processing on behalf of the peer who sent the packet. Patch design and implementation: The design and implementation is very similar to the UDP case for INET sockets. Basically we build upon the existing Unix domain socket API for retrieving user credentials. Linux offers the API for obtaining user credentials via ancillary messages (i.e., out of band/control messages that are bundled together with a normal message). To retrieve the security context, the application first indicates to the kernel such desire by setting the SO_PASSSEC option via getsockopt. Then the application retrieves the security context using the auxiliary data mechanism. An example server application for Unix datagram socket should look like this: toggle = 1; toggle_len = sizeof(toggle); setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len); recvmsg(sockfd, &msg_hdr, 0); if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) { cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr); if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) && cmsg_hdr->cmsg_level == SOL_SOCKET && cmsg_hdr->cmsg_type == SCM_SECURITY) { memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext)); } } sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow a server socket to receive security context of the peer. Testing: We have tested the patch by setting up Unix datagram client and server applications. We verified that the server can retrieve the security context using the auxiliary data mechanism of recvmsg. Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com> Acked-by: Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: Fix logical error in skb_gso_okHerbert Xu2006-06-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The test in skb_gso_ok is backwards. Noticed by Michael Chan <mchan@broadcom.com>. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [PKT_SCHED]: PSCHED_TADD() and PSCHED_TADD2() can result,tv_usec >= 1000000Shuya MAEDA2006-06-291-6/+12
| | | | | | | | | | | | | | | Signed-off-by: Shuya MAEDA <maeda-sxb@necst.nec.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: Make illegal_highdma more analHerbert Xu2006-06-291-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than having illegal_highdma as a macro when HIGHMEM is off, we can turn it into an inline function that returns zero. This will catch callers that give it bad arguments. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [TCP]: Export accept queue len of a TCP listening socket via rx_queueSridhar Samudrala2006-06-293-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While debugging a TCP server hang issue, we noticed that currently there is no way for a user to get the acceptq backlog value for a TCP listen socket. All the standard networking utilities that display socket info like netstat, ss and /proc/net/tcp have 2 fields called rx_queue and tx_queue. These fields do not mean much for listening sockets. This patch uses one of these unused fields(rx_queue) to export the accept queue len for listening sockets. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETLINK]: Encapsulate eff_cap usage within security framework.Darrel Goeddel2006-06-2912-34/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NET]: Added GSO header verificationHerbert Xu2006-06-2910-27/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When GSO packets come from an untrusted source (e.g., a Xen guest domain), we need to verify the header integrity before passing it to the hardware. Since the first step in GSO is to verify the header, we can reuse that code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this bit set can only be fed directly to devices with the corresponding bit NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb is fed to the GSO engine which will allow the packet to be sent to the hardware if it passes the header check. This patch changes the sg flag to a full features flag. The same method can be used to implement TSO ECN support. We simply have to mark packets with CWR set with SKB_GSO_ECN so that only hardware with a corresponding NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment the packet, or segment the first MTU and pass the rest to the hardware for further segmentation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: statistic match: add missing Kconfig help textPatrick McHardy2006-06-291-1/+4
| | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev ↵Patrick McHardy2006-06-292-4/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | disappears When a device that is acting as a bridge port is unregistered, the ip_queue/nfnetlink_queue notifier doesn't check if its one of physindev/physoutdev and doesn't release the references if it is. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: xt_sctp: fix --chunk-types matchingJorge Matias2006-06-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | xt_sctp uses an incorrect header offset when --chunk-types is used. Signed-off-by: Jorge Matias <jorge.matias@motorola.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: xt_tcpudp: fix double unregistration in error pathYuri Gushin2006-06-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "xt_unregister_match(AF_INET, &tcp_matchstruct)" is called twice, leaving "udp_matchstruct" registered, in case of a failure in the registration of the udp6 structure. Signed-off-by: Yuri Gushin <yuri@ecl-labs.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: nf_conntrack: Fix undefined references to local_bh_*Yasuyuki Kozakai2006-06-292-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CC net/netfilter/nf_conntrack_proto_sctp.o net/netfilter/nf_conntrack_proto_sctp.c: In function `sctp_print_conntrack': net/netfilter/nf_conntrack_proto_sctp.c:206: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_proto_sctp.c:208: warning: implicit declaration of function `local_bh_enable' CC net/netfilter/nf_conntrack_netlink.o net/netfilter/nf_conntrack_netlink.c: In function `ctnetlink_dump_table': net/netfilter/nf_conntrack_netlink.c:429: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_netlink.c:452: warning: implicit declaration of function `local_bh_enable' Spotted by Toralf Förster Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER]: x_tables: fix xt_register_table error propagationPatrick McHardy2006-06-293-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | When xt_register_table fails the error is not properly propagated back. Based on patch by Lepton Wu <ytht.net@gmail.com>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>