--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jun 6 10:20:18 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080606171602.28057.10402.sendpatchset@localhost.localdomain>
+Date: Fri, 6 Jun 2008 19:16:04 +0200 (MEST)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: netfilter: nf_conntrack_expect: fix error path unwind in nf_conntrack_expect_init()
+
+upstream commit: 12293bf91126ad253a25e2840b307fdc7c2754c3
+
+Signed-off-by: Alexey Dobriyan <adobriyan@parallels.com>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/netfilter/nf_conntrack_expect.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/nf_conntrack_expect.c
++++ b/net/netfilter/nf_conntrack_expect.c
+@@ -550,10 +550,10 @@ int __init nf_conntrack_expect_init(void
+ return 0;
+
+ err3:
++ kmem_cache_destroy(nf_ct_expect_cachep);
++err2:
+ nf_ct_free_hashtable(nf_ct_expect_hash, nf_ct_expect_vmalloc,
+ nf_ct_expect_hsize);
+-err2:
+- kmem_cache_destroy(nf_ct_expect_cachep);
+ err1:
+ return err;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jun 6 10:21:53 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080606171605.28057.8694.sendpatchset@localhost.localdomain>
+Date: Fri, 6 Jun 2008 19:16:07 +0200 (MEST)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: netfilter: nf_conntrack_ipv6: fix inconsistent lock state in nf_ct_frag6_gather()
+
+upstream commit: b9c698964614f71b9c8afeca163a945b4c2e2d20
+
+[ 63.531438] =================================
+[ 63.531520] [ INFO: inconsistent lock state ]
+[ 63.531520] 2.6.26-rc4 #7
+[ 63.531520] ---------------------------------
+[ 63.531520] inconsistent {softirq-on-W} -> {in-softirq-W} usage.
+[ 63.531520] tcpsic6/3864 [HC0[0]:SC1[1]:HE1:SE0] takes:
+[ 63.531520] (&q->lock#2){-+..}, at: [<c07175b0>] ipv6_frag_rcv+0xd0/0xbd0
+[ 63.531520] {softirq-on-W} state was registered at:
+[ 63.531520] [<c0143bba>] __lock_acquire+0x3aa/0x1080
+[ 63.531520] [<c0144906>] lock_acquire+0x76/0xa0
+[ 63.531520] [<c07a8f0b>] _spin_lock+0x2b/0x40
+[ 63.531520] [<c0727636>] nf_ct_frag6_gather+0x3f6/0x910
+ ...
+
+According to this and another similar lockdep report inet_fragment
+locks are taken from nf_ct_frag6_gather() with softirqs enabled, but
+these locks are mainly used in softirq context, so disabling BHs is
+necessary.
+
+Reported-and-tested-by: Eric Sesterhenn <snakebyte@gmx.de>
+Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/ipv6/netfilter/nf_conntrack_reasm.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
+@@ -209,7 +209,9 @@ fq_find(__be32 id, struct in6_addr *src,
+ arg.dst = dst;
+ hash = ip6qhashfn(id, src, dst);
+
++ local_bh_disable();
+ q = inet_frag_find(&nf_init_frags, &nf_frags, &arg, hash);
++ local_bh_enable();
+ if (q == NULL)
+ goto oom;
+
+@@ -638,10 +640,10 @@ struct sk_buff *nf_ct_frag6_gather(struc
+ goto ret_orig;
+ }
+
+- spin_lock(&fq->q.lock);
++ spin_lock_bh(&fq->q.lock);
+
+ if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) {
+- spin_unlock(&fq->q.lock);
++ spin_unlock_bh(&fq->q.lock);
+ pr_debug("Can't insert skb to queue\n");
+ fq_put(fq);
+ goto ret_orig;
+@@ -652,7 +654,7 @@ struct sk_buff *nf_ct_frag6_gather(struc
+ if (ret_skb == NULL)
+ pr_debug("Can't reassemble fragmented packets\n");
+ }
+- spin_unlock(&fq->q.lock);
++ spin_unlock_bh(&fq->q.lock);
+
+ fq_put(fq);
+ return ret_skb;
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jun 6 10:21:20 2008
+From: Patrick McHardy <kaber@trash.net>
+To: stable@kernel.org
+Message-Id: <20080606171604.28057.17617.sendpatchset@localhost.localdomain>
+Date: Fri, 6 Jun 2008 19:16:05 +0200 (MEST)
+Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
+Subject: netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state
+
+upstream commit: d2ee3f2c4b1db1320c1efb4dcaceeaf6c7e6c2d3
+
+In xt_connlimit match module, the counter of an IP is decreased when
+the TCP packet is go through the chain with ip_conntrack state TW.
+Well, it's very natural that the server and client close the socket
+with FIN packet. But when the client/server close the socket with RST
+packet(using so_linger), the counter for this connection still exsit.
+The following patch can fix it which is based on linux-2.6.25.4
+
+Signed-off-by: Dong Wei <dwei.zh@gmail.com>
+Acked-by: Jan Engelhardt <jengelh@medozas.de>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+
+ net/netfilter/xt_connlimit.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/xt_connlimit.c
++++ b/net/netfilter/xt_connlimit.c
+@@ -75,7 +75,8 @@ static inline bool already_closed(const
+ u_int16_t proto = conn->tuplehash[0].tuple.dst.protonum;
+
+ if (proto == IPPROTO_TCP)
+- return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT;
++ return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT ||
++ conn->proto.tcp.state == TCP_CONNTRACK_CLOSE;
+ else
+ return 0;
+ }
hid-split-numlock-emulation-quirk-from-hid_quirk_apple_has_fn.patch
make-acpi-cpufreq-more-robust-against-bios-freq-changes-behind-our-back.patch
x86-fpu-fix-config_preempt-y-corruption-of-application-s-fpu-stack.patch
+netfilter-nf_conntrack_expect-fix-error-path-unwind-in-nf_conntrack_expect_init.patch
+netfilter-xt_connlimit-fix-accouning-when-receive-rst-packet-in-established-state.patch
+netfilter-nf_conntrack_ipv6-fix-inconsistent-lock-state-in-nf_ct_frag6_gather.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
