Commit Graph

154348 Commits

Author SHA1 Message Date
Herbert Xu
58e2e7d591 rndis_host: Use netdev stats structure
Now that netdev has its own stats structure we should use that
instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 19:46:45 -07:00
Herbert Xu
a22d2b36a2 net1080: Use netdev stats structure
Now that netdev has its own stats structure we should use that
instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 19:46:43 -07:00
Herbert Xu
9612101cb3 dm9601: Use netdev stats structure
Now that netdev has its own stats structure we should use that
instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 19:46:43 -07:00
Herbert Xu
eaea43abf3 cdc_eem: Use netdev stats structure
Now that netdev has its own stats structure we should use that
instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 19:46:41 -07:00
Jarek Poplawski
008440e3ad ipv4: Fix fib_trie rebalancing, part 3
Alas current delaying of freeing old tnodes by RCU in trie_rebalance
is still not enough because we can free a top tnode before updating a
t->trie pointer.

Reported-by: Pawel Staszewski <pstaszewski@itcare.pl>
Tested-by: Pawel Staszewski <pstaszewski@itcare.pl>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 12:48:38 -07:00
Naohiro Ooiwa
01e5329814 bnx2x: Fix the behavior of ethtool when ONBOOT=no
This is the same fix as commit
7959ea254e ("bnx2: Fix the behavior of
ethtool when ONBOOT=no"), but for bnx2x:

--------------------
    When configure in ifcfg-eth* is ONBOOT=no,
    the behavior of ethtool command is wrong.
    
        # grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-eth2
        ONBOOT=no
        # ethtool eth2 | tail -n1
                Link detected: yes
    
    I think "Link detected" should be "no".
--------------------

Signed-off-by: Naohiro Ooiwa <nooiwa@miraclelinux.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-30 12:44:19 -07:00
Wei Yongjun
ff0ac74afb sctp: xmit sctp packet always return no route error
Commit 'net: skb->dst accessors'(adf30907d6)
broken the sctp protocol stack, the sctp packet can never be sent out after
Eric Dumazet's patch, which have typo in the sctp code.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Vlad Yasevich <vladisalv.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:41:53 -07:00
Graf Yang
d51e9b0d94 net/irda: convert bfin_sir to net_device_ops
Signed-off-by: Graf Yang <graf.yang@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:41:49 -07:00
Wei Yongjun
1802571b98 xfrm: use xfrm_addr_cmp() instead of compare addresses directly
Clean up to use xfrm_addr_cmp() instead of compare addresses directly.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:41:46 -07:00
Herbert Xu
6828b92bd2 tcp: Do not tack on TSO data to non-TSO packet
If a socket starts out on a non-TSO route, and then switches to
a TSO route, then we will tack on data to the tail of the tx queue
even if it started out life as non-TSO.  This is suboptimal because
all of it will then be copied and checksummed unnecessarily.

This patch fixes this by ensuring that skb->ip_summed is set to
CHECKSUM_PARTIAL before appending extra data beyond the MSS.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:41:43 -07:00
Herbert Xu
8e5b9dda99 tcp: Stop non-TSO packets morphing into TSO
If a socket starts out on a non-TSO route, and then switches to
a TSO route, then the tail on the tx queue can morph into a TSO
packet, causing mischief because the rest of the stack does not
expect a partially linear TSO packet.

This patch fixes this by ensuring that skb->ip_summed is set to
CHECKSUM_PARTIAL before declaring a packet as TSO.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-29 19:41:39 -07:00
David S. Miller
9c0346bd08 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lowpan/lowpan 2009-06-29 19:23:53 -07:00
David S. Miller
53bd9728bf Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2009-06-29 19:22:31 -07:00
Dmitry Eremin-Solenikov
dfd06fe824 nl802154: add module license and description
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
2009-06-29 18:20:28 +04:00
Dmitry Eremin-Solenikov
932c1329ac nl802154: fix Oops in ieee802154_nl_get_dev
ieee802154_nl_get_dev() lacks check for the existance of the device
that was returned by dev_get_XXX, thus resulting in Oops for non-existing
devices. Fix it.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
2009-06-29 18:20:27 +04:00
Dmitry Eremin-Solenikov
e0af6062aa MAINTAINERS: ieee802154 lists are moderated for non-subscribers.
Note that our mailing list is moderated for non-subscribers.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
2009-06-29 18:19:59 +04:00
Jan Engelhardt
d6d3f08b0f netfilter: xtables: conntrack match revision 2
As reported by Philip, the UNTRACKED state bit does not fit within
the 8-bit state_mask member. Enlarge state_mask and give status_mask
a few more bits too.

Reported-by: Philip Craig <philipc@snapgear.com>
References: http://markmail.org/thread/b7eg6aovfh4agyz7
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-29 14:31:46 +02:00
Jaswinder Singh Rajput
8a3af79361 netfilter: headers_check fix: linux/netfilter/xt_osf.h
fix the following 'make headers_check' warnings:

  usr/include/linux/netfilter/xt_osf.h:40: found __[us]{8,16,32,64} type without #include <linux/types.h>

Signed-off-by: Jaswinder Singh Rajput <jaswinderrajput@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-29 14:28:27 +02:00
Patrick McHardy
a3a9f79e36 netfilter: tcp conntrack: fix unacknowledged data detection with NAT
When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.

Fix by updating the highest seen sequence number in both directions after
packet mangling.

Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-29 14:07:56 +02:00
Ajit Khaparde
bd46cb6cf1 be2net: Fix to avoid a crash seen on PPC with LRO and Jumbo frames.
While testing the driver on PPC, we ran into a crash with LRO, Jumbo frames.
With CONFIG_PPC_64K_PAGES configured (a default in PPC), MAX_SKB_FRAGS drops to 3 and we were crossing the array limits on skb_shinfo(skb)->frags[].
Now we coalesce the frags from the same physical page into one slot in
skb_shinfo(skb)->frags[] and go to the next index when the frag is from

different physical page.

This patch is against the net-2.6 tree.

Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-28 17:34:25 -07:00
Herbert Xu
ff780cd8f2 gro: Flush GRO packets in napi_disable_pending path
When NAPI is disabled while we're in net_rx_action, we end up
calling __napi_complete without flushing GRO packets.  This is
a bug as it would cause the GRO packets to linger, of course it
also literally BUGs to catch error like this :)

This patch changes it to napi_complete, with the obligatory IRQ
reenabling.  This should be safe because we've only just disabled
IRQs and it does not materially affect the test conditions in
between.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 19:27:04 -07:00
Herbert Xu
71f9dacd2e inet: Call skb_orphan before tproxy activates
As transparent proxying looks up the socket early and assigns
it to the skb for later processing, we must drop any existing
socket ownership prior to that in order to distinguish between
the case where tproxy is active and where it is not.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 19:22:37 -07:00
Jesper Dangaard Brouer
4a27096bbe mac80211: Use rcu_barrier() on unload.
The mac80211 module uses rcu_call() thus it should use rcu_barrier()
on module unload.

The rcu_barrier() is placed in mech.c ieee80211_stop_mesh() which is
invoked from ieee80211_stop() in case vif.type == NL80211_IFTYPE_MESH_POINT.

Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 13:51:36 -07:00
Jesper Dangaard Brouer
75de874f5c sunrpc: Use rcu_barrier() on unload.
The sunrpc module uses rcu_call() thus it should use rcu_barrier() on
module unload.

Have not verified that the possibility for new call_rcu() callbacks
has been disabled.  As a hint for checking, the functions calling
call_rcu() (unx_destroy_cred and generic_destroy_cred) are
registered as crdestroy function pointer in struct rpc_credops.

Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 13:51:34 -07:00
Jesper Dangaard Brouer
473c22d759 bridge: Use rcu_barrier() instead of syncronize_net() on unload.
When unloading modules that uses call_rcu() callbacks, then we must
use rcu_barrier().  This module uses syncronize_net() which is not
enough to be sure that all callback has been completed.

Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 13:51:32 -07:00
Jesper Dangaard Brouer
1f2ccd00f2 ipv6: Use rcu_barrier() on module unload.
The ipv6 module uses rcu_call() thus it should use rcu_barrier() on
module unload.

Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 13:51:31 -07:00
Jesper Dangaard Brouer
10e8544801 decnet: Use rcu_barrier() on module unload.
The decnet module unloading as been disabled with a '#if 0' statement,
because it have had issues.

We add a rcu_barrier() anyhow for correctness.

The maintainer (Chrissie Caulfield) will look into the unload issue
when time permits.

Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Chrissie Caulfield <christine.caulfield@googlemail.com>
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 13:51:27 -07:00
Anton Vorontsov
b9389796fa sky2: Fix checksum endianness
sky2 driver on PowerPC targets floods kernel log with following errors:

  eth1: hw csum failure.
  Call Trace:
  [ef84b8a0] [c00075e4] show_stack+0x50/0x160 (unreliable)
  [ef84b8d0] [c02fa178] netdev_rx_csum_fault+0x3c/0x5c
  [ef84b8f0] [c02f6920] __skb_checksum_complete_head+0x7c/0x84
  [ef84b900] [c02f693c] __skb_checksum_complete+0x14/0x24
  [ef84b910] [c0337e08] tcp_v4_rcv+0x4c8/0x6f8
  [ef84b940] [c031a9c8] ip_local_deliver+0x98/0x210
  [ef84b960] [c031a788] ip_rcv+0x38c/0x534
  [ef84b990] [c0300338] netif_receive_skb+0x260/0x36c
  [ef84b9c0] [c025de00] sky2_poll+0x5dc/0xcf8
  [ef84ba20] [c02fb7fc] net_rx_action+0xc0/0x144

The NIC is Yukon-2 EC chip revision 1.

Converting checksum field from le16 to CPU byte order fixes the issue.

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-26 09:28:42 -07:00
Nicolas Reinecke
30767636e5 mdio add missing GPL flag
Add missing GPL flag and description.

mdio: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint

Signed-off-by: Nicolas Reinecke <nr <at> das-labor.org>
Acked-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 20:06:34 -07:00
roel kluin
37c8ae3acf sh_eth: remove redundant test on unsigned
Unsigned boguscnt cannot be less than 0.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 20:03:56 -07:00
Ionut Nicu
e2a61fa313 fsl_pq_mdio: Fix fsl_pq_mdio to work with modules
This patch fixes the case when ucc_geth or gianfar are compiled
as modules. Without this patch the call to phy_connect() fails.

Signed-off-by: Ionut Nicu <ionut.nicu@freescale.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 20:03:53 -07:00
Jens Rosenboom
a1faa69810 ipv6: avoid wraparound for expired preferred lifetime
Avoid showing wrong high values when the preferred lifetime of an address
is expired.

Signed-off-by: Jens Rosenboom <me@jayr.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 20:03:50 -07:00
Wei Yongjun
1ac530b355 tcp: missing check ACK flag of received segment in FIN-WAIT-2 state
RFC0793 defined that in FIN-WAIT-2 state if the ACK bit is off drop
the segment and return[Page 72]. But this check is missing in function
tcp_timewait_state_process(). This cause the segment with FIN flag but
no ACK has two diffent action:

Case 1:
    Node A                      Node B
              <-------------    FIN,ACK
                                (enter FIN-WAIT-1)
    ACK       ------------->
                                (enter FIN-WAIT-2)
    FIN       ------------->    discard
                                (move sk to tw list)

Case 2:
    Node A                      Node B
              <-------------    FIN,ACK
                                (enter FIN-WAIT-1)
    ACK       ------------->
                                (enter FIN-WAIT-2)
                                (move sk to tw list)
    FIN       ------------->

              <-------------    ACK

This patch fixed the problem.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 20:03:15 -07:00
Jesper Dangaard Brouer
308ff823eb nf_conntrack: Use rcu_barrier()
RCU barriers, rcu_barrier(), is inserted two places.

 In nf_conntrack_expect.c nf_conntrack_expect_fini() before the
 kmem_cache_destroy().  Firstly to make sure the callback to the
 nf_ct_expect_free_rcu() code is still around.  Secondly because I'm
 unsure about the consequence of having in flight
 nf_ct_expect_free_rcu/kmem_cache_free() calls while doing a
 kmem_cache_destroy() slab destroy.

 And in nf_conntrack_extend.c nf_ct_extend_unregister(), inorder to
 wait for completion of callbacks to __nf_ct_ext_free_rcu(), which is
 invoked by __nf_ct_ext_add().  It might be more efficient to call
 rcu_barrier() in nf_conntrack_core.c nf_conntrack_cleanup_net(), but
 thats make it more difficult to read the code (as the callback code
 in located in nf_conntrack_extend.c).

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-25 16:32:52 +02:00
Brandon Philips
d8146bb23e atl1*: add device_set_wakeup_enable to atl1*_set_wol
Tell PCI core that atl1* device can wakeup the system when WOL is
enabled by calling device_set_wakeup_enable.

Joerg noted that his atl1e device WOL fine after enabling it with
ethtool and changing /sys/class/net/eth0/device/power/wakeup to enabled
Tested on atl1e: https://bugzilla.novell.com/show_bug.cgi?id=493214

Tested by: Joerg Reuter <jreuter@novell.com>
Signed-off-by: Brandon Philips <bphilips@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 02:58:17 -07:00
Rémi Denis-Courmont
2be6fa4c7e Phonet: generate Netlink RTM_DELADDR when destroying a device
Netlink address deletion events were not sent when a network device
vanished neither when Phonet was unloaded.

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 02:58:16 -07:00
Rémi Denis-Courmont
c7a1a4c80f Phonet: publicize the Netlink notification function
Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 02:58:15 -07:00
David S. Miller
11687a1099 Revert "veth: prevent oops caused by netdev destructor"
This reverts commit ae0e8e8220.

This change had two problems:

1) Since it frees the stats in the drivers' close method, we
   can OOPS in the transmit routine.

2) stats are no longer remembered across ifdown/ifup which
   disagrees with how every other device operates.

Thanks to analysis and test patch from Serge E. Hallyn
and initial OOPS report by Sachin Sant.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-25 02:45:42 -07:00
Florian Fainelli
6a9b654616 cpmac: fix compilation failure introduced with netdev_ops conversion
This patch fixes and obvious typo in the netdev_ops initialization:
ndo_so_ioctl should be ndo_do_ioctl.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-24 18:03:11 -07:00
Herbert Xu
245acb8772 ipsec: Fix name of CAST algorithm
Our CAST algorithm is called cast5, not cast128.  Clearly nobody
has ever used it :)

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-24 18:03:10 -07:00
Linus Torvalds
28d0325ce6 Linux 2.6.31-rc1 2009-06-24 16:25:37 -07:00
Linus Torvalds
236e946b53 Revert "PCI: use ACPI _CRS data by default"
This reverts commit 9e9f46c44e.

Quoting from the commit message:

 "At this point, it seems to solve more problems than it causes, so let's
  try using it by default.  It's an easy revert if it ends up causing
  trouble."

And guess what? The _CRS code causes trouble.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-24 16:23:03 -07:00
Linus Torvalds
f27884aead Merge git://git.infradead.org/battery-2.6
* git://git.infradead.org/battery-2.6:
  da9030_battery: Fix race between event handler and monitor
  Add MAX17040 Fuel Gauge driver
  w1: ds2760_battery: add support for sleep mode feature
  w1: ds2760: add support for EEPROM read and write
  ds2760_battery: cleanups in ds2760_battery_probe()
2009-06-24 14:35:57 -07:00
Linus Torvalds
c622304825 Merge branches 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/{vfs-2.6,audit-current}
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
  another race fix in jfs_check_acl()
  Get "no acls for this inode" right, fix shmem breakage
  inline functions left without protection of ifdef (acl)

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  audit: inode watches depend on CONFIG_AUDIT not CONFIG_AUDIT_SYSCALL
2009-06-24 14:17:14 -07:00
Al Viro
d5bb68adda another race fix in jfs_check_acl()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-06-24 17:02:42 -04:00
Al Viro
72c04902d1 Get "no acls for this inode" right, fix shmem breakage
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-06-24 16:58:48 -04:00
Eric Paris
3a6a6c16be audit: inode watches depend on CONFIG_AUDIT not CONFIG_AUDIT_SYSCALL
Even though one cannot make use of the audit watch code without
CONFIG_AUDIT_SYSCALL the spaghetti nature of the audit code means that
the audit rule filtering requires that it at least be compiled.

Thus build the audit_watch code when we build auditfilter like it was
before cfcad62c74

Clearly this is a point of potential future cleanup..

Reported-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-06-24 16:42:05 -04:00
Markus Trippelsdorf
641cf4a668 inline functions left without protection of ifdef (acl)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-06-24 16:34:50 -04:00
Linus Torvalds
bd453cd487 Merge branch 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  futex: Fix the write access fault problem for real
2009-06-24 13:33:19 -07:00
Thomas Gleixner
d0725992c8 futex: Fix the write access fault problem for real
commit 64d1304a64 (futex: setup writeable mapping for futex ops which
modify user space data) did address only half of the problem of write
access faults.

The patch was made on two wrong assumptions:

1) access_ok(VERIFY_WRITE,...) would actually check write access.

   On x86 it does _NOT_. It's a pure address range check.

2) a RW mapped region can not go away under us.

   That's wrong as well. Nobody can prevent another thread to call
   mprotect(PROT_READ) on that region where the futex resides. If that
   call hits between the get_user_pages_fast() verification and the
   actual write access in the atomic region we are toast again.

The solution is to not rely on access_ok and get_user() for any write
access related fault on private and shared futexes. Instead we need to
fault it in with verification of write access.

There is no generic non destructive write mechanism which would fault
the user page in trough a #PF, but as we already know that we will
fault we can as well call get_user_pages() directly and avoid the #PF
overhead.

If get_user_pages() returns -EFAULT we know that we can not fix it
anymore and need to bail out to user space.

Remove a bunch of confusing comments on this issue as well.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@kernel.org
2009-06-24 21:27:35 +02:00