--- /dev/null
+From linux-kernel-owner+chrisw=40osdl.org-S932397AbVHRS7i@vger.kernel.org Thu Aug 18 12:00:13 2005
+Date: Thu, 18 Aug 2005 20:59:37 +0200
+From: Patrick McHardy <kaber@trash.net>
+To: Ollie Wild <aaw@rincewind.tv>
+CC: linux-kernel@vger.kernel.org, Maillist netdev <netdev@oss.sgi.com>
+Subject: [IPV4]: Fix DST leak in icmp_push_reply()
+
+Based upon a bug report and initial patch by
+Ollie Wild.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ net/ipv4/icmp.c | 12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+Index: linux-2.6.12.y/net/ipv4/icmp.c
+===================================================================
+--- linux-2.6.12.y.orig/net/ipv4/icmp.c
++++ linux-2.6.12.y/net/ipv4/icmp.c
+@@ -349,12 +349,12 @@ static void icmp_push_reply(struct icmp_
+ {
+ struct sk_buff *skb;
+
+- ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
+- icmp_param->data_len+icmp_param->head_len,
+- icmp_param->head_len,
+- ipc, rt, MSG_DONTWAIT);
+-
+- if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
++ if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
++ icmp_param->data_len+icmp_param->head_len,
++ icmp_param->head_len,
++ ipc, rt, MSG_DONTWAIT) < 0)
++ ip_flush_pending_frames(icmp_socket->sk);
++ else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
+ struct icmphdr *icmph = skb->h.icmph;
+ unsigned int csum = 0;
+ struct sk_buff *skb1;
--- /dev/null
+From linux-kernel-owner+chrisw=40osdl.org-S932372AbVHWUZ3@vger.kernel.org Tue Aug 23 13:25:47 2005
+Date: Tue, 23 Aug 2005 22:25:14 +0200
+From: Jan Blunck <j.blunck@tu-harburg.de>
+To: Ingo Oeser <ioe-lkml@rameria.de>
+CC: linux-scsi@vger.kernel.org, Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org
+Subject: [PATCH] sg.c: fix a memory leak in devices seq_file implementation (2nd)
+
+I know that scsi procfs is legacy code but this is a fix for a memory leak.
+
+While reading through sg.c I realized that the implementation of
+/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
+pointer returned by the next() iterator method. Since next() might
+return NULL or an error this is wrong. This patch fixes it through using
+the seq_files private field for holding the reference to the iterator
+object.
+
+Here is a small bash script to trigger the leak. Use slabtop to watch
+the size-32 usage grow and grow.
+
+#!/bin/sh
+
+while true; do
+ cat /proc/scsi/sg/devices > /dev/null
+done
+
+Signed-off-by: Jan Blunck <j.blunck@tu-harburg.de>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ drivers/scsi/sg.c | 15 ++++++++-------
+ 1 files changed, 8 insertions(+), 7 deletions(-)
+
+Index: linux-2.6.12.y/drivers/scsi/sg.c
+===================================================================
+--- linux-2.6.12.y.orig/drivers/scsi/sg.c
++++ linux-2.6.12.y/drivers/scsi/sg.c
+@@ -2969,23 +2969,22 @@ static void * dev_seq_start(struct seq_f
+ {
+ struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
+
++ s->private = it;
+ if (! it)
+ return NULL;
++
+ if (NULL == sg_dev_arr)
+- goto err1;
++ return NULL;
+ it->index = *pos;
+ it->max = sg_last_dev();
+ if (it->index >= it->max)
+- goto err1;
++ return NULL;
+ return it;
+-err1:
+- kfree(it);
+- return NULL;
+ }
+
+ static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
+ {
+- struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
++ struct sg_proc_deviter * it = s->private;
+
+ *pos = ++it->index;
+ return (it->index < it->max) ? it : NULL;
+@@ -2993,7 +2992,9 @@ static void * dev_seq_next(struct seq_fi
+
+ static void dev_seq_stop(struct seq_file *s, void *v)
+ {
+- kfree (v);
++ struct sg_proc_deviter * it = s->private;
++
++ kfree (it);
+ }
+
+ static int sg_proc_open_dev(struct inode *inode, struct file *file)
--- /dev/null
+From linux-kernel-owner+chrisw=40osdl.org-S1751397AbVHVWiz@vger.kernel.org Mon Aug 22 15:40:19 2005
+Date: Mon, 22 Aug 2005 14:02:39 +0800
+From: lepton <ytht.net@gmail.com>
+To: dbrownell@users.sourceforge.net
+Cc: linux-kernel@vger.kernel.org
+Subject: [PATCH] fix gl_skb/skb type error in genelink driver in usbnet
+
+I think there is a type error when port genelink driver to 2.6..
+With this error, a linux host will panic when it link with a windows
+host.
+
+Cc: David Brownell <david-b@pacbell.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ drivers/usb/net/usbnet.c | 2 +-
+ 1 files changed, 1 insertion(+), 1 deletion(-)
+
+Index: linux-2.6.12.y/drivers/usb/net/usbnet.c
+===================================================================
+--- linux-2.6.12.y.orig/drivers/usb/net/usbnet.c
++++ linux-2.6.12.y/drivers/usb/net/usbnet.c
+@@ -1922,7 +1922,7 @@ static int genelink_rx_fixup (struct usb
+
+ // copy the packet data to the new skb
+ memcpy(skb_put(gl_skb, size), packet->packet_data, size);
+- skb_return (dev, skb);
++ skb_return (dev, gl_skb);
+ }
+
+ // advance to the next packet
--- /dev/null
+From foo@baz.com Thu Aug 18 12:00:13 2005
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Sat, 6 Aug 2005 13:33:15 +0000 (-0700)
+Subject: [IPSEC] Restrict socket policy loading to CAP_NET_ADMIN - CAN-2005-2555
+
+The interface needs much redesigning if we wish to allow
+normal users to do this in some way.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ net/ipv4/ip_sockglue.c | 3 +++
+ net/ipv6/ipv6_sockglue.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+Index: linux-2.6.12.y/net/ipv4/ip_sockglue.c
+===================================================================
+--- linux-2.6.12.y.orig/net/ipv4/ip_sockglue.c
++++ linux-2.6.12.y/net/ipv4/ip_sockglue.c
+@@ -848,6 +848,9 @@ mc_msf_out:
+
+ case IP_IPSEC_POLICY:
+ case IP_XFRM_POLICY:
++ err = -EPERM;
++ if (!capable(CAP_NET_ADMIN))
++ break;
+ err = xfrm_user_policy(sk, optname, optval, optlen);
+ break;
+
+Index: linux-2.6.12.y/net/ipv6/ipv6_sockglue.c
+===================================================================
+--- linux-2.6.12.y.orig/net/ipv6/ipv6_sockglue.c
++++ linux-2.6.12.y/net/ipv6/ipv6_sockglue.c
+@@ -503,6 +503,9 @@ done:
+ break;
+ case IPV6_IPSEC_POLICY:
+ case IPV6_XFRM_POLICY:
++ retv = -EPERM;
++ if (!capable(CAP_NET_ADMIN))
++ break;
+ retv = xfrm_user_policy(sk, optname, optval, optlen);
+ break;
+
--- /dev/null
+From foo@baz.com Thu Aug 18 12:00:13 2005
+From: Patrick McHardy <kaber@trash.net>
+Date: Wed Aug 17 12:04:22 2005 -0700
+Subject: [IPV6]: Fix SKB leak in ip6_input_finish()
+
+Changing it to how ip_input handles should fix it.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ net/ipv6/ip6_input.c | 9 +++++----
+ 1 files changed, 5 insertions(+), 4 deletions(-)
+
+Index: linux-2.6.12.y/net/ipv6/ip6_input.c
+===================================================================
+--- linux-2.6.12.y.orig/net/ipv6/ip6_input.c
++++ linux-2.6.12.y/net/ipv6/ip6_input.c
+@@ -198,12 +198,13 @@ resubmit:
+ if (!raw_sk) {
+ if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+ IP6_INC_STATS_BH(IPSTATS_MIB_INUNKNOWNPROTOS);
+- icmpv6_param_prob(skb, ICMPV6_UNK_NEXTHDR, nhoff);
++ icmpv6_send(skb, ICMPV6_PARAMPROB,
++ ICMPV6_UNK_NEXTHDR, nhoff,
++ skb->dev);
+ }
+- } else {
++ } else
+ IP6_INC_STATS_BH(IPSTATS_MIB_INDELIVERS);
+- kfree_skb(skb);
+- }
++ kfree_skb(skb);
+ }
+ rcu_read_unlock();
+ return 0;
--- /dev/null
+From linux-kernel-owner+chrisw=40osdl.org-S1751189AbVHQS3c@vger.kernel.org Wed Aug 17 11:30:11 2005
+From: "Bhavesh P. Davda" <bhavesh@avaya.com>
+To: linux-kernel@vger.kernel.org, torvalds@osdl.org
+Cc: "Kathleen Glass" <kkglass@avaya.com>, "James E Rhodes" <jrhodes@avaya.com>
+Subject: [PATCH] NPTL signal delivery deadlock fix
+
+This bug is quite subtle and only happens in a very interesting
+situation where a real-time threaded process is in the middle of a
+coredump when someone whacks it with a SIGKILL. However, this deadlock
+leaves the system pretty hosed and you have to reboot to recover.
+
+Not good for real-time priority-preemption applications like our
+telephony application, with 90+ real-time (SCHED_FIFO and SCHED_RR)
+processes, many of them multi-threaded, interacting with each other for
+high volume call processing.
+
+Acked-by: Roland McGrath <roland@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ kernel/signal.c | 2 +-
+ 1 files changed, 1 insertion(+), 1 deletion(-)
+
+Index: linux-2.6.12.y/kernel/signal.c
+===================================================================
+--- linux-2.6.12.y.orig/kernel/signal.c
++++ linux-2.6.12.y/kernel/signal.c
+@@ -686,7 +686,7 @@ static void handle_stop_signal(int sig,
+ {
+ struct task_struct *t;
+
+- if (p->flags & SIGNAL_GROUP_EXIT)
++ if (p->signal->flags & SIGNAL_GROUP_EXIT)
+ /*
+ * The process is in the middle of dying already.
+ */
--- /dev/null
+ipsec-socket-policy-use-cap.patch
+nptl-signal-delivery-deadlock-fix.patch
+zlib-revert-broken-change.patch
+fix-dst-leak-in-icmp_push_reply.patch
+genelink-usbnet-skb-typo.patch
+fix-memory-leak-in-sg.c-seq_file.patch
+ipv6-skb-leak.patch
--- /dev/null
+From plasmaroo@gentoo.org Wed Aug 17 13:19:31 2005
+Date: Wed, 17 Aug 2005 21:19:24 +0100
+Subject: [PATCH] Revert unnecessary zlib_inflate/inftrees.c fix
+
+From: Linus Torvalds <torvalds@osdl.org>
+
+It turns out that empty distance code tables are not an error, and that
+a compressed block with only literals can validly have an empty table
+and should not be flagged as a data error.
+
+Some old versions of gzip had problems with this case, but it does not
+affect the zlib code in the kernel.
+
+Analysis and explanations thanks to Sergey Vlasov <vsu@altlinux.ru>
+
+Cc: Sergey Vlasov <vsu@altlinux.ru>
+Cc: Tavis Ormandy <taviso@gentoo.org>
+Cc: Tim Yamin <plasmaroo@gentoo.org>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ lib/zlib_inflate/inftrees.c | 2 +-
+ 1 files changed, 1 insertion(+), 1 deletion(-)
+
+Index: linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+===================================================================
+--- linux-2.6.12.y.orig/lib/zlib_inflate/inftrees.c
++++ linux-2.6.12.y/lib/zlib_inflate/inftrees.c
+@@ -141,7 +141,7 @@ static int huft_build(
+ {
+ *t = NULL;
+ *m = 0;
+- return Z_DATA_ERROR;
++ return Z_OK;
+ }
+
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
