This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].

The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.

I've fixed this problem by:

 (1) declaring that caller of __keyring_search_one() must guarantee that
     the keyring is a keyring; and

 (2) making key_create_or_update() check that the keyring is a keyring,
     and return -ENOTDIR if it isn't.

This can be tested by:

	keyctl add user b b `keyctl add user a a @s`
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (35 commits)
  [IPV6]: Deinline few large functions in inet6 code
  [IPV4] ip_fragment: Always compute hash with ipfrag_lock held.
  [NETFILTER]: Fix DNAT in LOCAL_OUT
  [X25]: Restore skb->dev setting in x25_type_trans().
  [NET]: Fix hotplug race during device registration.
  [IPV6]: Unexport secure_ipv6_port_ephemeral
  [NETFILTER]: Fix build with CONFIG_NETFILTER=y/m on IA64
  [NET]: More kzalloc conversions.
  [NET] kzalloc: use in alloc_netdev
  [PKT_SCHED] act_police: Rename methods.
  [TG3]: Speed up SRAM access (2nd version)
  [TG3]: Kill some less useful flags
  [NETFILTER]: H.323 helper: remove changelog
  [NETFILTER]: Convert conntrack/ipt_REJECT to new checksumming functions
  [NETFILTER]: Add address family specific checksum helpers
  [NETFILTER]: Introduce infrastructure for address family specific operations
  [NETFILTER]: Fix IP_NF_CONNTRACK_NETLINK dependency
  [NETFILTER]: H.323 helper: add parameter 'default_rrq_ttl'
  [NETFILTER]: H.323 helper: make get_h245_addr() static
  [NETFILTER]: H.323 helper: change EXPORT_SYMBOL to EXPORT_SYMBOL_GPL
  ...

Otherwise the build breaks with EXPERIMENTAL disabled
because SPARSEMEM will not get selected properly.  See
mm/Kconfig for how that works.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

1) Take doc-book function comment from i386 implementation.
2) cacheline align call_lock, taken from powerpc
3) Need memory barrier after setting call_data
4) Remove timeout
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This makes debugging things a little bit easier.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

GDB uses a PTRACE_PEEKUSR call with offset 0 to see
if a thread is alive, so provide a success return for
this particular special case.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Deinline a few functions which produce 200+ bytes of code.

Size  Uses Wasted Name and definition
===== ==== ====== ================================================
  429    3    818 __inet6_lookup        include/net/inet6_hashtables.h
  404    2    384 __inet6_lookup_established    include/net/inet6_hashtables.h
  206    3    372 __inet6_hash  include/net/inet6_hashtables.h
Signed-off-by: NDenis Vlasenko <vda@ilport.com.ua>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Otherwise we could compute an inaccurate hash due to the
random seed changing.

Noticed by Zach Brown and patch is based upon some feedback
from Herbert Xu.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Noticed by Pascal Schlafer.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

From: Thomas de Grenier de Latour <degrenier@easyconnect.fr>

On Sun, 9 Apr 2006 21:56:59 +0400,
Sergey Vlasov <vsu@altlinux.ru> wrote:

> However, show_address() does not output anything unless
> dev->reg_state == NETREG_REGISTERED - and this state is set by
> netdev_run_todo() only after netdev_register_sysfs() returns, so in
> the meantime (while netdev_register_sysfs() is busy adding the
> "statistics" attribute group) some process may see an empty "address"
> attribute.

I've tried the attached patch, suggested by Sergey Vlasov on
hotplug-devel@, and as far as i can test it works just fine.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch removes the unused EXPORT_SYMBOL(secure_ipv6_port_ephemeral).
Signed-off-by: NAdrian Bunk <bunk@stusta.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Can't build with CONFIG_NETFILTER=y/m on IA64, there's a missing
#include in net/ipv6/netfilter.c

net/ipv6/netfilter.c: In function `nf_ip6_checksum':
net/ipv6/netfilter.c:92: warning: implicit declaration of function
`csum_ipv6_magic'
Signed-off-by: NBrian Haley <brian.haley@hp.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Noticed this use, fixed it.
Signed-off-by: NPaolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Rename policer specific _generic_ methods to be specific to
_act_police_
Signed-off-by: NJamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Speed up SRAM read and write functions if possible by using MMIO
instead of config. cycles. With this change, the post reset signature
done at the end of D3 power change must now be moved before the D3
power change.

IBM reported a problem on powerpc blades during ethtool self test that
was caused by the memory test taking excessively long. Config.  cycles
are very slow on powerpc and the memory test can take more than 10
seconds to complete using config. cycles.

David Miller informed me that an earlier version of the patch caused
problems on sparc64 systems with built-in tg3 chips. This version
fixes the problem by excluding all SUN built-in tg3 chips from doing
MMIO SRAM access.

TG3_FLAG_EEPROM_WRITE_PROT is also set unconditionally when
TG3_FLG2_SUN_570X is set. This should be sane as all SUN chips are
built-in and do not require Vaux switching.
Signed-off-by: NMichael Chan <mchan@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Kill the TG3_FLAG_NO_{TX|RX}_PSEUDO_CSUM flags because they are not
very useful. This will free up some bits for new flags.
Signed-off-by: NMichael Chan <mchan@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Besides removing lots of duplicate code, all converted users benefit
from improved HW checksum error handling. Tested with and without HW
checksums in almost all combinations.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add checksum operation which takes care of verifying the checksum and
dealing with HW checksum errors and avoids multiple checksum
operations by setting ip_summed to CHECKSUM_UNNECESSARY after
successful verification.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Change the queue rerouter intrastructure to a generic usable
infrastructure for address family specific operations as a base for
some cleanups.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

When NAT is built as a module, ip_conntrack_netlink can not be linked
statically.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

default_rrq_ttl is used when no TTL is included in the RRQ.
Signed-off-by: NJing Min Zhao <zhaojingmin@users.sourceforge.net>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NJing Min Zhao <zhaojingmin@users.sourceforge.net>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NJing Min Zhao <zhaojingmin@users.sourceforge.net>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Move prototypes of NAT callbacks to ip_conntrack_h323.h. Because the
use of typedefs as arguments, some header files need to be moved as
well.
Signed-off-by: NJing Min Zhao <zhaojingmin@users.sourceforge.net>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Fix section mismatch warnings caused by netfilter's init_or_cleanup
functions used in many places by splitting the init from the cleanup
parts.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Clean up hook registration by makeing use of the new mass registration and
unregistration helpers.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch enables support for the Sigmatel's STIR421x IrDA chip.
Once patched with Sigmatel's firmware, this chip "almost" follows the
USB-IrDA spec. Thus this patch is against irda-usb.[ch].

The code has been tested by Nick Fedchik on an STIR4210 chipset based
dongle.
Signed-off-by: NSamuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch integrates the smcinit code into the smsc-ircc driver.
Some laptops have their smsc-ircc chip not properly configured by the
BIOS and needs some preconfiguration. Currently, this can be done from
userspace with smcinit, a utility that comes with the irda-utils
package. It messes with ioports and PCI settings, from userspace.  Now
with this patch, if we happen to be on one of the known to be faulty
laptops, we preconfigure the chip from the driver.

Patch from Linus Walleij <triad@df.lth.se>
Signed-off-by: NSamuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch changes GRE and SIT to generate port unreachable instead of
protocol unreachable errors when we can't find a matching tunnel for a
packet.

This removes the ambiguity as to whether the error is caused by no
tunnel being found or by the lack of support for the given tunnel
type.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

this fixes coverity bug id #1068.
hci_send_sco() frees skb if (skb->len > hdev->sco_mtu).
Since it returns a negative error value only in this case, we
can directly return here.
Signed-off-by: NEric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch fixes a memory leak (buf wasn't freed) spotted by the
Coverity checker.
Signed-off-by: NAdrian Bunk <bunk@stusta.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch fixes an off-by-21-or-49 error ;-) spotted by the Coverity
checker.
Signed-off-by: NAdrian Bunk <bunk@stusta.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Set .name in netconsole's struct console to identify the
struct's owner.
Signed-off-by: NRandy Dunlap <rdunlap@xenotime.net>
Acked-by: NMatt Mackall <mpm@selenic.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch moves the sending of ICMP messages when there are no IPv4/IPv6
tunnels present to tunnel4/tunnel6 respectively.  Please note that for now
if xfrm4_tunnel/xfrm6_tunnel is loaded then no ICMP messages will ever be
sent.  This is similar to how we handle AH/ESP/IPCOMP.

This move fixes the bug where we always send an ICMP message when there is
no ip6_tunnel device present for a given packet even if it is later handled
by IPsec.  It also causes ICMP messages to be sent when no IPIP tunnel is
present.

I've decided to use the "port unreachable" ICMP message over the current
value of "address unreachable" (and "protocol unreachable" by GRE) because
it is not ambiguous unlike the other ones which can be triggered by other
conditions.  There seems to be no standard specifying what value must be
used so this change should be OK.  In fact we should change GRE to use
this value as well.

Incidentally, this patch also fixes a fairly serious bug in xfrm6_tunnel
where we don't check whether the embedded IPv6 header is present before
dereferencing it for the inside source address.

This patch is inspired by a previous patch by Hugo Santos <hsantos@av.it.pt>.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>