From: Greg Kroah-Hartman Date: Thu, 13 Dec 2007 04:47:44 +0000 (-0800) Subject: more 2.6.23 network patches X-Git-Tag: v2.6.23.10~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a5a08aa517038f9998f6c67b6f1c9242dc00e62;p=thirdparty%2Fkernel%2Fstable-queue.git more 2.6.23 network patches --- diff --git a/queue-2.6.23/bridge-lost-call-to-br_fdb_fini-in-br_init-error-path.patch b/queue-2.6.23/bridge-lost-call-to-br_fdb_fini-in-br_init-error-path.patch new file mode 100644 index 00000000000..71f2ebc252a --- /dev/null +++ b/queue-2.6.23/bridge-lost-call-to-br_fdb_fini-in-br_init-error-path.patch @@ -0,0 +1,46 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:26 2007 +From: Pavel Emelyanov +Date: Tue, 11 Dec 2007 09:39:30 +0800 +Subject: BRIDGE: Lost call to br_fdb_fini() in br_init() error path +To: stable@kernel.org, bunk@kernel.org, +Message-ID: + + +From: Pavel Emelyanov + +[BRIDGE]: Lost call to br_fdb_fini() in br_init() error path + +[ Upstream commit: 17efdd45755c0eb8d1418a1368ef7c7ebbe98c6e ] + +In case the br_netfilter_init() (or any subsequent call) +fails, the br_fdb_fini() must be called to free the allocated +in br_fdb_init() br_fdb_cache kmem cache. + +Signed-off-by: Pavel Emelyanov +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/bridge/br.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -39,7 +39,7 @@ static int __init br_init(void) + + err = br_fdb_init(); + if (err) +- goto err_out1; ++ goto err_out; + + err = br_netfilter_init(); + if (err) +@@ -65,6 +65,8 @@ err_out3: + err_out2: + br_netfilter_fini(); + err_out1: ++ br_fdb_fini(); ++err_out: + llc_sap_put(br_stp_sap); + return err; + } diff --git a/queue-2.6.23/decnet-dn_nl_deladdr-almost-always-returns-no-error.patch b/queue-2.6.23/decnet-dn_nl_deladdr-almost-always-returns-no-error.patch new file mode 100644 index 00000000000..bd0761827ba --- /dev/null +++ b/queue-2.6.23/decnet-dn_nl_deladdr-almost-always-returns-no-error.patch @@ -0,0 +1,52 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:29 2007 +From: Pavel Emelyanov +Date: Tue, 11 Dec 2007 09:39:32 +0800 +Subject: DECNET: dn_nl_deladdr() almost always returns no error +To: stable@kernel.org, +Message-ID: + + +From: Pavel Emelyanov + +[DECNET]: dn_nl_deladdr() almost always returns no error + +[ Upstream commit: 3ccd86241b277249d5ac08e91eddfade47184520 ] + +As far as I see from the err variable initialization +the dn_nl_deladdr() routine was designed to report errors +like "EADDRNOTAVAIL" and probaby "ENODEV". + +But the code sets this err to 0 after the first nlmsg_parse +and goes on, returning this 0 in any case. + +Signed-off-by: Pavel Emelyanov +Acked-by: Steven Whitehouse +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/decnet/dn_dev.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/decnet/dn_dev.c ++++ b/net/decnet/dn_dev.c +@@ -650,16 +650,18 @@ static int dn_nl_deladdr(struct sk_buff + struct dn_dev *dn_db; + struct ifaddrmsg *ifm; + struct dn_ifaddr *ifa, **ifap; +- int err = -EADDRNOTAVAIL; ++ int err; + + err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy); + if (err < 0) + goto errout; + ++ err = -ENODEV; + ifm = nlmsg_data(nlh); + if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL) + goto errout; + ++ err = -EADDRNOTAVAIL; + for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) { + if (tb[IFA_LOCAL] && + nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2)) diff --git a/queue-2.6.23/ipv6-restore-ipv6-when-mtu-is-big-enough.patch b/queue-2.6.23/ipv6-restore-ipv6-when-mtu-is-big-enough.patch new file mode 100644 index 00000000000..78715bbb98f --- /dev/null +++ b/queue-2.6.23/ipv6-restore-ipv6-when-mtu-is-big-enough.patch @@ -0,0 +1,65 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:29 2007 +From: Evgeniy Polyakov +Date: Tue, 11 Dec 2007 09:39:34 +0800 +Subject: IPV6: Restore IPv6 when MTU is big enough +To: stable@kernel.org, bunk@kernel.org, +Message-ID: + + +From: Evgeniy Polyakov + +[IPV6]: Restore IPv6 when MTU is big enough + +[ Upstream commit: d31c7b8fa303eb81311f27b80595b8d2cbeef950 ] + +Avaid provided test application, so bug got fixed. + +IPv6 addrconf removes ipv6 inner device from netdev each time cmu +changes and new value is less than IPV6_MIN_MTU (1280 bytes). +When mtu is changed and new value is greater than IPV6_MIN_MTU, +it does not add ipv6 addresses and inner device bac. + +This patch fixes that. + +Tested with Avaid's application, which works ok now. + +Signed-off-by: Evgeniy Polyakov +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv6/addrconf.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -2281,6 +2281,9 @@ static int addrconf_notify(struct notifi + break; + } + ++ if (!idev && dev->mtu >= IPV6_MIN_MTU) ++ idev = ipv6_add_dev(dev); ++ + if (idev) + idev->if_flags |= IF_READY; + } else { +@@ -2345,12 +2348,18 @@ static int addrconf_notify(struct notifi + break; + + case NETDEV_CHANGEMTU: +- if ( idev && dev->mtu >= IPV6_MIN_MTU) { ++ if (idev && dev->mtu >= IPV6_MIN_MTU) { + rt6_mtu_change(dev, dev->mtu); + idev->cnf.mtu6 = dev->mtu; + break; + } + ++ if (!idev && dev->mtu >= IPV6_MIN_MTU) { ++ idev = ipv6_add_dev(dev); ++ if (idev) ++ break; ++ } ++ + /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */ + + case NETDEV_DOWN: diff --git a/queue-2.6.23/netfilter-fix-forgotten-module-release-in-xt_connmark-and-xt_connsecmark.patch b/queue-2.6.23/netfilter-fix-forgotten-module-release-in-xt_connmark-and-xt_connsecmark.patch new file mode 100644 index 00000000000..adfca41f533 --- /dev/null +++ b/queue-2.6.23/netfilter-fix-forgotten-module-release-in-xt_connmark-and-xt_connsecmark.patch @@ -0,0 +1,86 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:36 2007 +From: Jan Engelhardt +Date: Tue, 11 Dec 2007 09:39:40 +0800 +Subject: NETFILTER: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK +To: stable@kernel.org, +Message-ID: + + +From: Jan Engelhardt + +[NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK + +[ Upstream commit: 67b4af297033f5f65999885542f95ba7b562848a ] + +Fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK + +When xt_CONNMARK is used outside the mangle table and the user specified +"--restore-mark", the connmark_tg_check() function will (correctly) +error out, but (incorrectly) forgets to release the L3 conntrack module. +Same for xt_CONNSECMARK. + +Fix is to move the call to acquire the L3 module after the basic +constraint checks. + +Signed-off-by: Jan Engelhardt +Signed-off-by: Patrick McHardy +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/xt_CONNMARK.c | 10 +++++----- + net/netfilter/xt_CONNSECMARK.c | 10 +++++----- + 2 files changed, 10 insertions(+), 10 deletions(-) + +--- a/net/netfilter/xt_CONNMARK.c ++++ b/net/netfilter/xt_CONNMARK.c +@@ -85,11 +85,6 @@ checkentry(const char *tablename, + { + const struct xt_connmark_target_info *matchinfo = targinfo; + +- if (nf_ct_l3proto_try_module_get(target->family) < 0) { +- printk(KERN_WARNING "can't load conntrack support for " +- "proto=%d\n", target->family); +- return false; +- } + if (matchinfo->mode == XT_CONNMARK_RESTORE) { + if (strcmp(tablename, "mangle") != 0) { + printk(KERN_WARNING "CONNMARK: restore can only be " +@@ -102,6 +97,11 @@ checkentry(const char *tablename, + printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n"); + return false; + } ++ if (nf_ct_l3proto_try_module_get(target->family) < 0) { ++ printk(KERN_WARNING "can't load conntrack support for " ++ "proto=%d\n", target->family); ++ return false; ++ } + return true; + } + +--- a/net/netfilter/xt_CONNSECMARK.c ++++ b/net/netfilter/xt_CONNSECMARK.c +@@ -91,11 +91,6 @@ static bool checkentry(const char *table + { + const struct xt_connsecmark_target_info *info = targinfo; + +- if (nf_ct_l3proto_try_module_get(target->family) < 0) { +- printk(KERN_WARNING "can't load conntrack support for " +- "proto=%d\n", target->family); +- return false; +- } + switch (info->mode) { + case CONNSECMARK_SAVE: + case CONNSECMARK_RESTORE: +@@ -106,6 +101,11 @@ static bool checkentry(const char *table + return false; + } + ++ if (nf_ct_l3proto_try_module_get(target->family) < 0) { ++ printk(KERN_WARNING "can't load conntrack support for " ++ "proto=%d\n", target->family); ++ return false; ++ } + return true; + } + diff --git a/queue-2.6.23/rxrpc-add-missing-select-on-crypto.patch b/queue-2.6.23/rxrpc-add-missing-select-on-crypto.patch new file mode 100644 index 00000000000..9e5546e5057 --- /dev/null +++ b/queue-2.6.23/rxrpc-add-missing-select-on-crypto.patch @@ -0,0 +1,34 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:26 2007 +From: David Howells +Date: Tue, 11 Dec 2007 09:39:36 +0800 +Subject: RXRPC: Add missing select on CRYPTO +To: stable@kernel.org, +Message-ID: + + +From: David Howells + +[RXRPC]: Add missing select on CRYPTO + +[ Upstream commit: d5a784b3719ae364f49ecff12a0248f6e4252720 ] + +AF_RXRPC uses the crypto services, so should depend on or select CRYPTO. + +Signed-off-by: David Howells +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/rxrpc/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/rxrpc/Kconfig ++++ b/net/rxrpc/Kconfig +@@ -5,6 +5,7 @@ + config AF_RXRPC + tristate "RxRPC session sockets" + depends on INET && EXPERIMENTAL ++ select CRYPTO + select KEYS + help + Say Y or M here to include support for RxRPC session sockets (just diff --git a/queue-2.6.23/series b/queue-2.6.23/series index 0d34581f3aa..b3d4db0391c 100644 --- a/queue-2.6.23/series +++ b/queue-2.6.23/series @@ -44,3 +44,12 @@ crypto-api-fix-potential-race-in-crypto_remove_spawn.patch tcp-fix-tcp-header-misalignment.patch tcp-mtuprobe-fix-potential-sk_send_head-corruption.patch pfkey-sending-an-sadb_get-responds-with-an-sadb_get.patch +bridge-lost-call-to-br_fdb_fini-in-br_init-error-path.patch +rxrpc-add-missing-select-on-crypto.patch +textsearch-do-not-allow-zero-length-patterns-in-the-textsearch-infrastructure.patch +vlan-fix-nested-vlan-transmit-bug.patch +decnet-dn_nl_deladdr-almost-always-returns-no-error.patch +ipv6-restore-ipv6-when-mtu-is-big-enough.patch +tcp-illinois-incorrect-beta-usage.patch +unix-eof-on-non-blocking-sock_seqpacket.patch +netfilter-fix-forgotten-module-release-in-xt_connmark-and-xt_connsecmark.patch diff --git a/queue-2.6.23/tcp-illinois-incorrect-beta-usage.patch b/queue-2.6.23/tcp-illinois-incorrect-beta-usage.patch new file mode 100644 index 00000000000..c997ace47b4 --- /dev/null +++ b/queue-2.6.23/tcp-illinois-incorrect-beta-usage.patch @@ -0,0 +1,45 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:29 2007 +From: Stephen Hemminger +Date: Tue, 11 Dec 2007 09:39:37 +0800 +Subject: TCP: illinois: Incorrect beta usage +To: stable@kernel.org, +Message-ID: + + +From: Stephen Hemminger + +[TCP] illinois: Incorrect beta usage + +[ Upstream commit: a357dde9df33f28611e6a3d4f88265e39bcc8880 ] + +Lachlan Andrew observed that my TCP-Illinois implementation uses the +beta value incorrectly: +The parameter beta in the paper specifies the amount to decrease +*by*: that is, on loss, + W <- W - beta*W +but in tcp_illinois_ssthresh() uses beta as the amount +to decrease *to*: W <- beta*W + +This bug makes the Linux TCP-Illinois get less-aggressive on uncongested network, +hurting performance. Note: since the base beta value is .5, it has no +impact on a congested network. + +Signed-off-by: Stephen Hemminger +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/tcp_illinois.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/tcp_illinois.c ++++ b/net/ipv4/tcp_illinois.c +@@ -298,7 +298,7 @@ static u32 tcp_illinois_ssthresh(struct + struct illinois *ca = inet_csk_ca(sk); + + /* Multiplicative decrease */ +- return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U); ++ return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U); + } + + diff --git a/queue-2.6.23/textsearch-do-not-allow-zero-length-patterns-in-the-textsearch-infrastructure.patch b/queue-2.6.23/textsearch-do-not-allow-zero-length-patterns-in-the-textsearch-infrastructure.patch new file mode 100644 index 00000000000..23c04d3a8d5 --- /dev/null +++ b/queue-2.6.23/textsearch-do-not-allow-zero-length-patterns-in-the-textsearch-infrastructure.patch @@ -0,0 +1,57 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:26 2007 +From: Pablo Neira Ayuso +Date: Tue, 11 Dec 2007 09:39:38 +0800 +Subject: TEXTSEARCH: Do not allow zero length patterns in the textsearch infrastructure +To: stable@kernel.org, +Message-ID: + + +From: Pablo Neira Ayuso + +[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure + +[ Upstream commit: e03ba84adb62fbc6049325a5bc00ef6932fa5e39 ] + +If a zero length pattern is passed then return EINVAL. +Avoids infinite loops (bm) or invalid memory accesses (kmp). + +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Patrick McHardy +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + lib/textsearch.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/lib/textsearch.c ++++ b/lib/textsearch.c +@@ -7,7 +7,7 @@ + * 2 of the License, or (at your option) any later version. + * + * Authors: Thomas Graf +- * Pablo Neira Ayuso ++ * Pablo Neira Ayuso + * + * ========================================================================== + * +@@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous( + * the various search algorithms. + * + * Returns a new textsearch configuration according to the specified +- * parameters or a ERR_PTR(). ++ * parameters or a ERR_PTR(). If a zero length pattern is passed, this ++ * function returns EINVAL. + */ + struct ts_config *textsearch_prepare(const char *algo, const void *pattern, + unsigned int len, gfp_t gfp_mask, int flags) +@@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(con + struct ts_config *conf; + struct ts_ops *ops; + ++ if (len == 0) ++ return ERR_PTR(-EINVAL); ++ + ops = lookup_ts_algo(algo); + #ifdef CONFIG_KMOD + /* diff --git a/queue-2.6.23/unix-eof-on-non-blocking-sock_seqpacket.patch b/queue-2.6.23/unix-eof-on-non-blocking-sock_seqpacket.patch new file mode 100644 index 00000000000..92d42003ef0 --- /dev/null +++ b/queue-2.6.23/unix-eof-on-non-blocking-sock_seqpacket.patch @@ -0,0 +1,87 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:35 2007 +From: Florian Zumbiehl +Date: Tue, 11 Dec 2007 09:39:39 +0800 +Subject: UNIX: EOF on non-blocking SOCK_SEQPACKET +To: stable@kernel.org, bunk@kernel.org, +Message-ID: + + +From: Florian Zumbiehl + +[UNIX]: EOF on non-blocking SOCK_SEQPACKET + +[ Upstream commit: 0a11225887fe6cbccd882404dc36ddc50f47daf9 ] + +I am not absolutely sure whether this actually is a bug (as in: I've got +no clue what the standards say or what other implementations do), but at +least I was pretty surprised when I noticed that a recv() on a +non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection +oriented, after all) where the remote end has closed the connection +returned -1 (EAGAIN) rather than 0 to indicate end of file. + +This is a test case: + +| #include +| #include +| #include +| #include +| #include +| #include +| #include +| +| int main(){ +| int sock; +| struct sockaddr_un addr; +| char buf[4096]; +| int pfds[2]; +| +| pipe(pfds); +| sock=socket(PF_UNIX,SOCK_SEQPACKET,0); +| addr.sun_family=AF_UNIX; +| strcpy(addr.sun_path,"/tmp/foobar_testsock"); +| bind(sock,(struct sockaddr *)&addr,sizeof(addr)); +| listen(sock,1); +| if(fork()){ +| close(sock); +| sock=socket(PF_UNIX,SOCK_SEQPACKET,0); +| connect(sock,(struct sockaddr *)&addr,sizeof(addr)); +| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK); +| close(pfds[1]); +| read(pfds[0],buf,sizeof(buf)); +| recv(sock,buf,sizeof(buf),0); // <-- this one +| }else accept(sock,NULL,NULL); +| exit(0); +| } + +If you try it, make sure /tmp/foobar_testsock doesn't exist. + +The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a +patch that fixes that. + +Signed-off-by: Florian Zumbiehl +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/unix/af_unix.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1632,8 +1632,15 @@ static int unix_dgram_recvmsg(struct kio + mutex_lock(&u->readlock); + + skb = skb_recv_datagram(sk, flags, noblock, &err); +- if (!skb) ++ if (!skb) { ++ unix_state_lock(sk); ++ /* Signal EOF on disconnected non-blocking SEQPACKET socket. */ ++ if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && ++ (sk->sk_shutdown & RCV_SHUTDOWN)) ++ err = 0; ++ unix_state_unlock(sk); + goto out_unlock; ++ } + + wake_up_interruptible(&u->peer_wait); + diff --git a/queue-2.6.23/vlan-fix-nested-vlan-transmit-bug.patch b/queue-2.6.23/vlan-fix-nested-vlan-transmit-bug.patch new file mode 100644 index 00000000000..9e1633acde3 --- /dev/null +++ b/queue-2.6.23/vlan-fix-nested-vlan-transmit-bug.patch @@ -0,0 +1,36 @@ +From stable-bounces@linux.kernel.org Mon Dec 10 20:32:26 2007 +From: Joonwoo Park +Date: Tue, 11 Dec 2007 09:39:35 +0800 +Subject: VLAN: Fix nested VLAN transmit bug +To: stable@kernel.org, bunk@kernel.org, +Message-ID: + + +From: Joonwoo Park + +[VLAN]: Fix nested VLAN transmit bug + +[ Upstream commit: 6ab3b487db77fa98a24560f11a5a8e744b98d877 ] + +Fix misbehavior of vlan_dev_hard_start_xmit() for recursive encapsulations. + +Signed-off-by: Joonwoo Park +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + net/8021q/vlan_dev.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/8021q/vlan_dev.c ++++ b/net/8021q/vlan_dev.c +@@ -459,7 +459,8 @@ int vlan_dev_hard_start_xmit(struct sk_b + * OTHER THINGS LIKE FDDI/TokenRing/802.3 SNAPs... + */ + +- if (veth->h_vlan_proto != htons(ETH_P_8021Q)) { ++ if (veth->h_vlan_proto != htons(ETH_P_8021Q) || ++ VLAN_DEV_INFO(dev)->flags & VLAN_FLAG_REORDER_HDR) { + int orig_headroom = skb_headroom(skb); + unsigned short veth_TCI; +