25 Jan, 2007
1 commit
-
Fix the Oops in http://bugzilla.linux-nfs.org/show_bug.cgi?id=138
We shouldn't be calling rpc_release_task() for tasks that are not active.Signed-off-by: Trond Myklebust
Signed-off-by: Linus Torvalds
24 Jan, 2007
15 commits
-
> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -462,24 +461,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,> - if (!init_tag) {
> - struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
> - if (!reply)
> - goto nomem;This introduced a compiler warning, easily fixed.
Signed-off-by: Brian Haley
Signed-off-by: David S. Miller -
I think the return value of rt6_nlmsg_size() should includes the
amount of RTA_METRICS.Signed-off-by: Noriaki TAKAMIYA
Acked-by: Thomas Graf
Signed-off-by: David S. Miller -
The patch "Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE"
changed to unconditional copying of ip_summed field from collapsed
skb. This patch reverts this change.The majority of substantial work including heavy testing
and diagnosing by: Michael Tokarev
Possible reasons pointed by: Herbert Xu and Patrick McHardy.Signed-off-by: Jarek Poplawski
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
I encountered a kernel panic with my test program, which is a very
simple IPv6 client-server program.The server side sets IPV6_RECVPKTINFO on a listening socket, and the
client side just sends a message to the server. Then the kernel panic
occurs on the server. (If you need the test program, please let me
know. I can provide it.)This problem happens because a skb is forcibly freed in
tcp_rcv_state_process().When a socket in listening state(TCP_LISTEN) receives a syn packet,
then tcp_v6_conn_request() will be called from
tcp_rcv_state_process(). If the tcp_v6_conn_request() successfully
returns, the skb would be discarded by __kfree_skb().However, in case of a listening socket which was already set
IPV6_RECVPKTINFO, an address of the skb will be stored in
treq->pktopts and a ref count of the skb will be incremented in
tcp_v6_conn_request(). But, even if the skb is still in use, the skb
will be freed. Then someone still using the freed skb will cause the
kernel panic.I suggest to use kfree_skb() instead of __kfree_skb().
Signed-off-by: Masayuki Nakagawa
Signed-off-by: David S. Miller -
The recent hashing introduced an off-by-one bug in policy list insertion.
Instead of adding after the last entry with a lesser or equal priority,
we're adding after the successor of that entry.This patch fixes this and also adds a warning if we detect a duplicate
entry in the policy list. This should never happen due to this if clause.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
__x25_find_socket does a sock_hold.
This adds a missing sock_put in x25_receive_data.Signed-off-by: Andrew Hendry
Signed-off-by: David S. Miller -
Currently, when association enters SHUTDOWN state,the
implementation will SACK any DATA first and then transmit
the SHUTDOWN chunk. This is against the order required by
2960bis spec. SHUTDOWN must always be first, followed by
SACK. This change forces this order and also enables bundling.Signed-off-by: Vlad Yasevich
Signed-off-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
Consider the chunk as Out-of-the-Blue if we don't have
an endpoint. Otherwise discard it as before.Signed-off-by: Vlad Yasevich
Signed-off-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
Verify init_tag and a_rwnd mandatory parameters in INIT and
INIT-ACK chunks.Signed-off-by: Vlad Yasevich
Signed-off-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
sctp_process_missing_param() needs to use the SCTP_ERROR_MISS_PARAM
error cause value.Signed-off-by: Vlad Yasevich
Signed-off-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Join all-node multicast group after assignment of dev->ip6_ptr
because it must be assigned when ipv6_dev_mc_inc() is called.
This fixes Bug#7817, reported by .Closes: 7817
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
When old flow cache entries that are not at the head of their chain
trigger a transient security error they get unlinked along with all
the entries preceding them in the chain. The preceding entries are
not freed correctly.This patch fixes this by simply leaving the entry around. It's based
on a suggestion by Venkat Yekkirala.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Change my email address to reflect OSDL merger.
Signed-off-by: Stephen Hemminger
[ The irony. Somebody still has his sign-off message hardcoded
in a script or his brainstem ;^]
Signed-off-by: Linus Torvalds
23 Jan, 2007
2 commits
-
The PSM values below 0x1001 of L2CAP are reserved for well known
services. Restrict the possibility to bind them to privileged
users.Signed-off-by: Marcel Holtmann
-
The PSM value in the L2CAP socket list must be converted to host
order before printing it.Signed-off-by: Marcel Holtmann
10 Jan, 2007
5 commits
-
inetdev_init out label moved after RCU assignment
(final suggestion by Herbert Xu)Signed-off-by: Jarek Poplawski
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
A quick patch to change the inet_sock->is_icsk assignment to better fit with
existing kernel coding style.Signed-off-by: Paul Moore
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
The subh->err_hdr should point to the error header, not the data.
Signed-off-by: Vlad Yasevich
Signed-off-by: Sridhar Samudrala
Signed-off-by: David S. Miller -
When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.For now simply accept those packets to avoid the hanging connections.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When IPv6 connection tracking splits up a defragmented packet into
its original fragments, the packets are taken from a list and are
passed to the network stack with skb->next still set. This causes
dev_hard_start_xmit to treat them as GSO fragments, resulting in
a use after free when connection tracking handles the next fragment.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
09 Jan, 2007
9 commits
-
This fixes the ftp stalls present in the current kernels.
All credit goes to Komuro for tracking
this down. The patch is untested but it looks *cough* obviously
correct.Signed-off-by: Craig Schlenter
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller -
->helper is uninitialized in the expectation registered by the netbios_ns
helper and it later copied to the expected connection, which causes invalid
memory dereferences when trying to call the helper.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The current netlbl_cipsov4_add_common() function has two problems which are
fixed with this patch. The first is an off-by-one bug where it is possibile to
overflow the doi_def->tags[] array. The second is a bug where the same
doi_def->tags[] array was not always fully initialized, which caused sporadic
failures.Signed-off-by: Paul Moore
Signed-off-by: James Morris -
In the case the device registration for a new Bluetooth low-level
connection fails there is no need to unregister it when the temporary
data structure has been removed.Signed-off-by: Marcel Holtmann
-
When calling send() with a zero length parameter on a RFCOMM socket
it returns a positive value. In this rare case the variable err is
used uninitialized and unfortunately its value is returned.Signed-off-by: Marcel Holtmann
-
If the DLC device is no longer attached to the TTY device, then return
errors or default values for various callbacks of the TTY layer.Signed-off-by: Marcel Holtmann
-
With malformed packets it might be possible to overwrite internal
CMTP and CAPI data structures. This patch adds additional length
checks to prevent these kinds of remote attacks.Signed-off-by: Marcel Holtmann
-
Trivial. Newlines missing on the SOCK_DEBUG's for X.25 facility
negotiation.Signed-off-by: Andrew Hendry
Signed-off-by: David S. Miller -
The inet_create() and inet6_create() functions incorrectly set the
inet_sock->is_icsk field. Both functions assume that the is_icsk field is
large enough to hold at least a INET_PROTOSW_ICSK value when it is actually
only a single bit. This patch corrects the assignment by doing a boolean
comparison whose result will safely fit into a single bit field.Signed-off-by: Paul Moore
Signed-off-by: David S. Miller
05 Jan, 2007
6 commits
-
It is important that we only assign dev->ip{,6}_ptr
only after all portions of the inet{,6} are setup.Otherwise we can receive packets before the multicast
spinlocks et al. are initialized.Signed-off-by: David L Stevens
Signed-off-by: David S. Miller -
We cannot compute the gap until we know we have a 'struct ebt_entry' and
not 'struct ebt_entries'. Failure to check can cause crash.Tested-by: Santiago Garcia Mantinan
Acked-by: Al Viro
Signed-off-by: Chuck Ebbert
Signed-off-by: Andrew Morton
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Check the return value of nfct_nat() in device_cmp(), we might very well
have non NAT conntrack entries as well (Netfilter bugzilla #528).Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Packets generated by the REJECT target in the output chain have a local
destination address and a foreign source address. Make sure not to use
the foreign source address for the output route lookup.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Used by compat code offsets of entries should be 'unsigned int' as entries
array size has this dimension.Signed-off-by: Dmitry Mishin
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Jan, 2007
2 commits
-
This patch adds a proper prototype for x25_init_timers() in
include/net/x25.hSigned-off-by: Adrian Bunk
Signed-off-by: David S. Miller -
This patch removes redundant argument check for module_put().
Signed-off-by: Mariusz Kozlowski
Signed-off-by: David S. Miller
