linux-toradex.git/net/key, branch v2.6.25.17 Linux kernel for Apalis and Colibri modules af_key: Fix selector family initialization. 2008-06-16T20:19:52+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2008-05-21T20:26:11+00:00 7e9402be41bbaa44c56f995b2ebecb123ff5a251 [ upstream commit: 4da5105687e0993a3bbdcffd89b2b94d9377faab ] This propagates the xfrm_user fix made in commit bcf0dda8d2408fe1c1040cdec5a98e5fcad2ac72 ("[XFRM]: xfrm_user: fix selector family initialization") Based upon a bug report from, and tested by, Alan Swanson. Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
[ upstream commit: 4da5105687e0993a3bbdcffd89b2b94d9377faab ]

This propagates the xfrm_user fix made in commit
bcf0dda8d2408fe1c1040cdec5a98e5fcad2ac72 ("[XFRM]: xfrm_user: fix
selector family initialization")

Based upon a bug report from, and tested by, Alan Swanson.

Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
IPSEC: Fix catch-22 with algorithm IDs above 31 2008-05-01T21:44:33+00:00 Herbert Xu herbert@gondor.apana.org.au 2008-04-25T08:41:47+00:00 ec6c4d0ac90344251c631a58493ac680a19eca8a [ Upstream commit: c5d18e984a313adf5a1a4ae69e0b1d93cf410229 ] As it stands it's impossible to use any authentication algorithms with an ID above 31 portably. It just happens to work on x86 but fails miserably on ppc64. The reason is that we're using a bit mask to check the algorithm ID but the mask is only 32 bits wide. After looking at how this is used in the field, I have concluded that in the long term we should phase out state matching by IDs because this is made superfluous by the reqid feature. For current applications, the best solution IMHO is to allow all algorithms when the bit masks are all ~0. The following patch does exactly that. This bug was identified by IBM when testing on the ppc64 platform using the NULL authentication algorithm which has an ID of 251. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
[ Upstream commit: c5d18e984a313adf5a1a4ae69e0b1d93cf410229 ]

As it stands it's impossible to use any authentication algorithms
with an ID above 31 portably.  It just happens to work on x86 but
fails miserably on ppc64.

The reason is that we're using a bit mask to check the algorithm
ID but the mask is only 32 bits wide.

After looking at how this is used in the field, I have concluded
that in the long term we should phase out state matching by IDs
because this is made superfluous by the reqid feature.  For current
applications, the best solution IMHO is to allow all algorithms when
the bit masks are all ~0.

The following patch does exactly that.

This bug was identified by IBM when testing on the ppc64 platform
using the NULL authentication algorithm which has an ID of 251.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24T21:51:51+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2008-03-24T21:51:51+00:00 df9dcb4588aca9cc243cf1f3f454361a84e1cbdb Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix oops by converting to proc_net_*(). 2008-02-27T06:23:31+00:00 David S. Miller davem@davemloft.net 2008-02-27T06:20:44+00:00 d9595a7b9c777d45a74774f1428c263a0a47f4c0 To make sure the procfs visibility occurs after the ->proc_fs ops are setup, use proc_net_fops_create() and proc_net_remove(). This also fixes an OOPS after module unload in that the name string for remove was wrong, so it wouldn't actually be removed. That bug was introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9 ("[KEY]: Clean up proc files creation a bit.") Signed-off-by: David S. Miller <davem@davemloft.net> 
To make sure the procfs visibility occurs after the ->proc_fs ops are
setup, use proc_net_fops_create() and proc_net_remove().

This also fixes an OOPS after module unload in that the name string
for remove was wrong, so it wouldn't actually be removed.  That bug
was introduced by commit 61145aa1a12401ac71bcc450a58c773dd6e2bfb9
("[KEY]: Clean up proc files creation a bit.")

Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix bug in spdadd 2008-02-14T22:51:38+00:00 Kazunori MIYAZAWA kazunori@miyazawa.org 2008-02-14T22:51:38+00:00 a4d6b8af1e92daa872f55d06415b76c35f44d8bd This patch fix a BUG when adding spds which have same selector. Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch fix a BUG when adding spds which have same selector.

Signed-off-by: Kazunori MIYAZAWA <kazunori@miyazawa.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[KEY]: Convert net/pfkey to use seq files. 2008-02-10T07:20:06+00:00 Pavel Emelyanov xemul@openvz.org 2008-02-10T07:20:06+00:00 bd2f747658b303d9b08d2c5bc815022d825a5e3c The seq files API disposes the caller of the difficulty of checking file position, the length of data to produce and the size of provided buffer. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
The seq files API disposes the caller of the difficulty of
checking file position, the length of data to produce and
the size of provided buffer.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[KEY]: Clean up proc files creation a bit. 2008-02-10T07:19:14+00:00 Pavel Emelyanov xemul@openvz.org 2008-02-10T07:19:14+00:00 61145aa1a12401ac71bcc450a58c773dd6e2bfb9 Mainly this removes ifdef-s from inside the ipsec_pfkey_init. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Mainly this removes ifdef-s from inside the ipsec_pfkey_init.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] switch audit_get_loginuid() to task_struct * 2008-02-01T19:04:59+00:00 Al Viro viro@zeniv.linux.org.uk 2008-01-10T09:20:52+00:00 0c11b9428f619ab377c92eff2f160a834a6585dd all callers pass something->audit_context Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
all callers pass something->audit_context

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[XFRM] xfrm_policy_destroy: Rename and relative fixes. 2008-01-28T23:00:46+00:00 WANG Cong xiyou.wangcong@gmail.com 2008-01-08T06:34:29+00:00 64c31b3f76482bb64459e786f9eca3bd0164d153 Since __xfrm_policy_destroy is used to destory the resources allocated by xfrm_policy_alloc. So using the name __xfrm_policy_destroy is not correspond with xfrm_policy_alloc. Rename it to xfrm_policy_destroy. And along with some instances that call xfrm_policy_alloc but not using xfrm_policy_destroy to destroy the resource, fix them. Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
Since __xfrm_policy_destroy is used to destory the resources
allocated by xfrm_policy_alloc. So using the name
__xfrm_policy_destroy is not correspond with xfrm_policy_alloc.
Rename it to xfrm_policy_destroy.

And along with some instances that call xfrm_policy_alloc
but not using xfrm_policy_destroy to destroy the resource,
fix them.

Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[AF_KEY]: Fix skb leak on pfkey_send_migrate() error 2008-01-21T04:31:45+00:00 Patrick McHardy kaber@trash.net 2008-01-21T01:24:29+00:00 d4782c323d10d3698b71b6a6b3c7bdad33824658 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>