--- /dev/null
+From cc29c70dd581f85ee7a3e7980fb031f90b90a2ab Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Wed, 22 Apr 2009 00:49:51 -0700
+Subject: net/netrom: Fix socket locking
+
+upstream commit: cc29c70dd581f85ee7a3e7980fb031f90b90a2ab
+
+Patch "af_rose/x25: Sanity check the maximum user frame size"
+(commit 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9) from Alan Cox got
+locking wrong. If we bail out due to user frame size being too large,
+we must unlock the socket beforehand.
+
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+in net-2.6 on way to Linus
+
+ net/netrom/af_netrom.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -1084,8 +1084,10 @@ static int nr_sendmsg(struct kiocb *iocb
+
+ /* Build a packet - the conventional user limit is 236 bytes. We can
+ do ludicrously large NetROM frames but must not overflow */
+- if (len > 65536)
+- return -EMSGSIZE;
++ if (len > 65536) {
++ err = -EMSGSIZE;
++ goto out;
++ }
+
+ SOCK_DEBUG(sk, "NET/ROM: sendto: building packet.\n");
+ size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN;
dm-path-selector-use-module-refcount-directly.patch
dm-table-fix-upgrade-mode-race.patch
af_rose-x25-sanity-check-the-maximum-user-frame-size.patch
+net-netrom-fix-socket-locking.patch
crypto-shash-fix-unaligned-calculation-with-short-length.patch
acer-wmi-blacklist-acer-aspire-one.patch
kprobes-fix-locking-imbalance-in-kretprobes.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
