From: Greg Kroah-Hartman Date: Tue, 7 Aug 2007 17:09:52 +0000 (-0700) Subject: more 2.6.22 patches X-Git-Tag: v2.6.22.2~6 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=7e2df49266d6f0f627ef862785eb7f6e35a94085;p=thirdparty%2Fkernel%2Fstable-queue.git more 2.6.22 patches --- diff --git a/queue-2.6.22/nf_conntrack-don-t-track-locally-generated-special-icmp-error.patch b/queue-2.6.22/nf_conntrack-don-t-track-locally-generated-special-icmp-error.patch new file mode 100644 index 00000000000..4b91e582703 --- /dev/null +++ b/queue-2.6.22/nf_conntrack-don-t-track-locally-generated-special-icmp-error.patch @@ -0,0 +1,71 @@ +From stable-bounces@linux.kernel.org Tue Jul 17 08:25:30 2007 +From: Yasuyuki Kozakai +Date: Tue, 17 Jul 2007 17:25:10 +0200 +Subject: nf_conntrack: don't track locally generated special ICMP error +To: stable@kernel.org +Cc: Netfilter Development Mailinglist , "David S. Miller" , Yasuyuki KOZAKAI , Adrian Bunk +Message-ID: <469CDF56.80600@trash.net> + +From: Yasuyuki Kozakai + +[NETFILTER]: nf_conntrack: don't track locally generated special ICMP error + +The conntrack assigned to locally generated ICMP error is usually the one +assigned to the original packet which has caused the error. But if +the original packet is handled as invalid by nf_conntrack, no conntrack +is assigned to the original packet. Then nf_ct_attach() cannot assign +any conntrack to the ICMP error packet. In that case the current +nf_conntrack_icmp assigns appropriate conntrack to it. But the current +code mistakes the direction of the packet. As a result, NAT code mistakes +the address to be mangled. + +To fix the bug, this changes nf_conntrack_icmp not to assign conntrack +to such ICMP error. Actually no address is necessary to be mangled +in this case. + +Spotted by Jordan Russell. + +Signed-off-by: Yasuyuki Kozakai + +Upstream commit ID: 130e7a83d7ec8c5c673225e0fa8ea37b1ed507a5 + +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 22 +++++----------------- + 1 file changed, 5 insertions(+), 17 deletions(-) + +--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c ++++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +@@ -189,25 +189,13 @@ icmp_error_message(struct sk_buff *skb, + + h = nf_conntrack_find_get(&innertuple, NULL); + if (!h) { +- /* Locally generated ICMPs will match inverted if they +- haven't been SNAT'ed yet */ +- /* FIXME: NAT code has to handle half-done double NAT --RR */ +- if (hooknum == NF_IP_LOCAL_OUT) +- h = nf_conntrack_find_get(&origtuple, NULL); +- +- if (!h) { +- DEBUGP("icmp_error_message: no match\n"); +- return -NF_ACCEPT; +- } +- +- /* Reverse direction from that found */ +- if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) +- *ctinfo += IP_CT_IS_REPLY; +- } else { +- if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) +- *ctinfo += IP_CT_IS_REPLY; ++ DEBUGP("icmp_error_message: no match\n"); ++ return -NF_ACCEPT; + } + ++ if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) ++ *ctinfo += IP_CT_IS_REPLY; ++ + /* Update skb to refer to this connection */ + skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general; + skb->nfctinfo = *ctinfo; diff --git a/queue-2.6.22/proc-net-anycast6-unbalanced-inet6_dev-refcnt.patch b/queue-2.6.22/proc-net-anycast6-unbalanced-inet6_dev-refcnt.patch new file mode 100644 index 00000000000..c04ee7e2e7c --- /dev/null +++ b/queue-2.6.22/proc-net-anycast6-unbalanced-inet6_dev-refcnt.patch @@ -0,0 +1,29 @@ +From aa6e4a96e7589948fe770744f7bb4f0f743dddaa Mon Sep 17 00:00:00 2001 +From: David Stevens +Date: Mon, 26 Feb 2007 16:28:56 -0800 +Subject: IPV6: /proc/net/anycast6 unbalanced inet6_dev refcnt + +From: David Stevens + +Reading /proc/net/anycast6 when there is no anycast address +on an interface results in an ever-increasing inet6_dev reference +count, as well as a reference to the netdevice you can't get rid of. + +Signed-off-by: David S. Miller +Cc: Marcus Meissner +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv6/anycast.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv6/anycast.c ++++ b/net/ipv6/anycast.c +@@ -66,6 +66,7 @@ ip6_onlink(struct in6_addr *addr, struct + break; + } + read_unlock_bh(&idev->lock); ++ in6_dev_put(idev); + } + rcu_read_unlock(); + return onlink; diff --git a/queue-2.6.22/series b/queue-2.6.22/series index 31132a01a90..45067a1175d 100644 --- a/queue-2.6.22/series +++ b/queue-2.6.22/series @@ -75,3 +75,6 @@ cr_backlight_probe-allocates-too-little-storage-for-struct-cr_panel.patch acpi-dock-fix-opps-after-dock-driver-fails-to-initialize.patch hangup-tty-before-releasing-rfcomm_dev.patch keep-rfcomm_dev-on-the-list-until-it-is-freed.patch +nf_conntrack-don-t-track-locally-generated-special-icmp-error.patch +proc-net-anycast6-unbalanced-inet6_dev-refcnt.patch +sysfs-release-mutex-when-kmalloc-failed-in-sysfs_open_file.patch diff --git a/queue-2.6.22/sysfs-release-mutex-when-kmalloc-failed-in-sysfs_open_file.patch b/queue-2.6.22/sysfs-release-mutex-when-kmalloc-failed-in-sysfs_open_file.patch new file mode 100644 index 00000000000..ceb7936abb0 --- /dev/null +++ b/queue-2.6.22/sysfs-release-mutex-when-kmalloc-failed-in-sysfs_open_file.patch @@ -0,0 +1,30 @@ +From stable-bounces@linux.kernel.org Thu Jul 12 22:25:46 2007 +From: YOSHIFUJI Hideaki +Date: Thu, 12 Jul 2007 22:24:52 -0700 +Subject: sysfs: release mutex when kmalloc() failed in sysfs_open_file(). +To: YOSHIFUJI Hideaki +Cc: gregkh@suse.de, linux-kernel@vger.kernel.org, stable@kernel.org +Message-ID: <20070712222452.8f14a7db.akpm@linux-foundation.org> + + +From: YOSHIFUJI Hideaki + + + +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/sysfs/file.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/sysfs/file.c ++++ b/fs/sysfs/file.c +@@ -283,6 +283,7 @@ static int sysfs_open_file(struct inode + mutex_lock(&inode->i_mutex); + if (!(set = inode->i_private)) { + if (!(set = inode->i_private = kmalloc(sizeof(struct sysfs_buffer_collection), GFP_KERNEL))) { ++ mutex_unlock(&inode->i_mutex); + error = -ENOMEM; + goto Done; + } else {