From: Chris Wright Date: Wed, 6 Dec 2006 00:26:53 +0000 (-0800) Subject: xfrm fix for 2.6.18/19 (from DaveM) X-Git-Tag: v2.6.19.1~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c44ce078cc3ad1f7af62080768352bc7632e947f;p=thirdparty%2Fkernel%2Fstable-queue.git xfrm fix for 2.6.18/19 (from DaveM) dm-snapshot fix, 2.6.18 only (from Milan Broz) tokenring fix, 2.6.19 only (from DaveM) --- diff --git a/queue-2.6.18/dm-snapshot-fix-freeing-pending-exception.patch b/queue-2.6.18/dm-snapshot-fix-freeing-pending-exception.patch new file mode 100644 index 00000000000..7f11c1c5744 --- /dev/null +++ b/queue-2.6.18/dm-snapshot-fix-freeing-pending-exception.patch @@ -0,0 +1,33 @@ +From stable-bounces@linux.kernel.org Tue Dec 5 07:16:43 2006 +Message-ID: <45758C16.5010905@redhat.com> +Date: Tue, 05 Dec 2006 16:11:18 +0100 +From: Milan Broz +To: stable@kernel.org +Cc: device-mapper development , Alasdair G Kergon +Subject: dm snapshot: fix freeing pending exception + +Fix oops when removing full snapshot +kernel bugzilla bug 7040 + +If a snapshot became invalid (full) while there is outstanding +pending_exception, pending_complete() forgets to remove +the corresponding exception from its exception table before freeing it. + +Already fixed in 2.6.19. + +Signed-off-by: Milan Broz +Signed-off-by: Chris Wright +--- + drivers/md/dm-snap.c | 1 + + 1 file changed, 1 insertion(+) + +--- linux-2.6.18.5.orig/drivers/md/dm-snap.c ++++ linux-2.6.18.5/drivers/md/dm-snap.c +@@ -691,6 +691,7 @@ static void pending_complete(struct pend + + free_exception(e); + ++ remove_exception(&pe->e); + error_snapshot_bios(pe); + goto out; + } diff --git a/queue-2.6.18/series b/queue-2.6.18/series index c1331e74b90..5562ad727c7 100644 --- a/queue-2.6.18/series +++ b/queue-2.6.18/series @@ -8,3 +8,5 @@ dm-crypt-fix-data-corruption-with-dm-crypt-over-raid5.patch netfilter-ip_tables-revision-support-for-compat-code.patch pkt_sched-act_gact-division-by-zero.patch sunhme-fix-for-sunhme-failures-on-x86.patch +xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch +dm-snapshot-fix-freeing-pending-exception.patch diff --git a/queue-2.6.18/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch b/queue-2.6.18/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch new file mode 100644 index 00000000000..8d9a4a3c780 --- /dev/null +++ b/queue-2.6.18/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch @@ -0,0 +1,40 @@ +From stable-bounces@linux.kernel.org Mon Dec 4 20:06:40 2006 +Date: Mon, 04 Dec 2006 20:01:31 -0800 (PST) +Message-Id: <20061204.200131.36665929.davem@davemloft.net> +To: stable@kernel.org +From: David Miller +Cc: bunk@stusta.de +Subject: XFRM: Use output device disable_xfrm for forwarded packets + +Currently the behaviour of disable_xfrm is inconsistent between +locally generated and forwarded packets. For locally generated +packets disable_xfrm disables the policy lookup if it is set on +the output device, for forwarded traffic however it looks at the +input device. This makes it impossible to disable xfrm on all +devices but a dummy device and use normal routing to direct +traffic to that device. + +Always use the output device when checking disable_xfrm. + +Signed-off-by: Patrick McHardy +Signed-off-by: David S. Miller +Signed-off-by: Chris Wright +--- +commit 9be2b4e36fb04bbc968693ef95a75acc17cf2931 +Author: Patrick McHardy +Date: Mon Dec 4 19:59:00 2006 -0800 + + net/ipv4/route.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.18.5.orig/net/ipv4/route.c ++++ linux-2.6.18.5/net/ipv4/route.c +@@ -1775,7 +1775,7 @@ static inline int __mkroute_input(struct + #endif + if (in_dev->cnf.no_policy) + rth->u.dst.flags |= DST_NOPOLICY; +- if (in_dev->cnf.no_xfrm) ++ if (out_dev->cnf.no_xfrm) + rth->u.dst.flags |= DST_NOXFRM; + rth->fl.fl4_dst = daddr; + rth->rt_dst = daddr; diff --git a/queue-2.6.19/series b/queue-2.6.19/series index 18ced6356a1..f459ad7a51a 100644 --- a/queue-2.6.19/series +++ b/queue-2.6.19/series @@ -15,3 +15,5 @@ netfilter-bridge-netfilter-deal-with-martians-correctly.patch softmac-fix-unbalanced-mutex_lock-unlock-in-ieee80211softmac_wx_set_mlme.patch ib-ucm-fix-deadlock-in-cleanup.patch do_coredump-and-not-stopping-rewrite-attacks.patch +tokenring-remote-memory-corruptor-in-ibmtr.c.patch +xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch diff --git a/queue-2.6.19/tokenring-remote-memory-corruptor-in-ibmtr.c.patch b/queue-2.6.19/tokenring-remote-memory-corruptor-in-ibmtr.c.patch new file mode 100644 index 00000000000..e2d5c1eaf3a --- /dev/null +++ b/queue-2.6.19/tokenring-remote-memory-corruptor-in-ibmtr.c.patch @@ -0,0 +1,35 @@ +From stable-bounces@linux.kernel.org Mon Dec 4 20:02:22 2006 +Date: Mon, 04 Dec 2006 19:57:11 -0800 (PST) +Message-Id: <20061204.195711.45741021.davem@davemloft.net> +To: stable@kernel.org +From: David Miller +Subject: TOKENRING: Remote memory corruptor in ibmtr.c + +ip_summed changes last summer had missed that one. As the result, +we have ip_summed interpreted as CHECKSUM_PARTIAL now. IOW, +->csum is interpreted as offset of checksum in the packet. net/core/* +will both read and modify the value as that offset, with obvious +reasons. At the very least it's a remote memory corruptor. + +Signed-off-by: Al Viro +Signed-off-by: David S. Miller +Signed-off-by: Chris Wright +--- +commit b1875feda8c1735915e12d953acba85d96129f6a +Author: Al Viro +Date: Mon Dec 4 19:37:42 2006 -0800 + + drivers/net/tokenring/ibmtr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.19.orig/drivers/net/tokenring/ibmtr.c ++++ linux-2.6.19/drivers/net/tokenring/ibmtr.c +@@ -1826,7 +1826,7 @@ static void tr_rx(struct net_device *dev + skb->protocol = tr_type_trans(skb, dev); + if (IPv4_p) { + skb->csum = chksum; +- skb->ip_summed = 1; ++ skb->ip_summed = CHECKSUM_COMPLETE; + } + netif_rx(skb); + dev->last_rx = jiffies; diff --git a/queue-2.6.19/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch b/queue-2.6.19/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch new file mode 100644 index 00000000000..bc013305b45 --- /dev/null +++ b/queue-2.6.19/xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch @@ -0,0 +1,42 @@ +From stable-bounces@linux.kernel.org Mon Dec 4 20:06:40 2006 +Date: Mon, 04 Dec 2006 20:01:31 -0800 (PST) +Message-Id: <20061204.200131.36665929.davem@davemloft.net> +To: stable@kernel.org +From: David Miller +Cc: bunk@stusta.de +Subject: XFRM: Use output device disable_xfrm for forwarded packets + +From: Patrick McHardy + +Currently the behaviour of disable_xfrm is inconsistent between +locally generated and forwarded packets. For locally generated +packets disable_xfrm disables the policy lookup if it is set on +the output device, for forwarded traffic however it looks at the +input device. This makes it impossible to disable xfrm on all +devices but a dummy device and use normal routing to direct +traffic to that device. + +Always use the output device when checking disable_xfrm. + +Signed-off-by: Patrick McHardy +Signed-off-by: David S. Miller +Signed-off-by: Chris Wright +--- +commit 9be2b4e36fb04bbc968693ef95a75acc17cf2931 +Author: Patrick McHardy +Date: Mon Dec 4 19:59:00 2006 -0800 + + net/ipv4/route.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.19.orig/net/ipv4/route.c ++++ linux-2.6.19/net/ipv4/route.c +@@ -1784,7 +1784,7 @@ static inline int __mkroute_input(struct + #endif + if (in_dev->cnf.no_policy) + rth->u.dst.flags |= DST_NOPOLICY; +- if (in_dev->cnf.no_xfrm) ++ if (out_dev->cnf.no_xfrm) + rth->u.dst.flags |= DST_NOXFRM; + rth->fl.fl4_dst = daddr; + rth->rt_dst = daddr;