Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.16 2006-03-19T21:20:06Z 2006-03-19T21:20:06Z Ralf Baechle DL5RB ralf@linux-mips.org 2006-03-19T21:20:06Z urn:sha1:c7c694d196a39af6e644e24279953d04f30362db If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3 (or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall through the switch statement without calling ax25_send_iframe() or any other function that would eventually free skbn thus leaking the packet. Fix by restricting the sysctl inferface to allow only actually supported AX.25 dialects. The system administration mistake needed for this to happen is rather unlikely, so this is an uncritical hole. Coverity #651. Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-03-18T00:05:43Z Alexey Kuznetsov kuznet@ms2.inr.ac.ru 2006-03-18T00:05:43Z urn:sha1:265a92856b17524c87da0258ac0d3cec80ae1d35 It is broken, the condition is checked out of socket lock. It is wonderful the bug survived for so long time. [ This fixes bugzilla #6233: race condition in tcp_sendmsg when connection became established ] Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-27T21:00:40Z Herbert Xu herbert@gondor.apana.org.au 2006-02-27T21:00:40Z urn:sha1:752c1f4c78fe86d0fd6497387f763306b0d8fc53 The only reason post_input exists at all is that it gives us the potential to adjust the checksums incrementally in future which we ought to do. However, after thinking about it for a bit we can adjust the checksums without using this post_input stuff at all. The crucial point is that only the inner-most NAT-T SA needs to be considered when adjusting checksums. What's more, the checksum adjustment comes down to a single u32 due to the linearity of IP checksums. We just happen to have a spare u32 lying around in our skb structure :) When ip_summed is set to CHECKSUM_NONE on input, the value of skb->csum is currently unused. All we have to do is to make that the checksum adjustment and voila, there goes all the post_input and decap structures! I've left in the decap data structures for now since it's intricately woven into the sec_path stuff. We can kill them later too. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-24T00:10:53Z Herbert Xu herbert@gondor.apana.org.au 2006-02-22T22:47:13Z urn:sha1:21380b81ef8699179b535e197a95b891a7badac7 We often just do an atomic_dec(&x->refcnt) on an xfrm_state object because we know there is more than 1 reference remaining and thus we can elide the heavier xfrm_state_put() call. Do this behind an inline function called __xfrm_state_put() so that is more obvious and also to allow us to more cleanly add refcount debugging later. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-15T23:10:22Z Patrick McHardy kaber@trash.net 2006-02-15T23:10:22Z urn:sha1:48d5cad87c3a4998d0bda16ccfb5c60dfe4de5fb When a packet matching an IPsec policy is SNATed so it doesn't match any policy anymore it looses its xfrm bundle, which makes xfrm4_output_finish crash because of a NULL pointer dereference. This patch directs these packets to the original output path instead. Since the packets have already passed the POST_ROUTING hook, but need to start at the beginning of the original output path which includes another POST_ROUTING invocation, a flag is added to the IPCB to indicate that the packet was rerouted and doesn't need to pass the POST_ROUTING hook again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-13T23:40:55Z David S. Miller davem@sunset.davemloft.net 2006-02-13T23:40:55Z urn:sha1:15c38c6ecd772ae4cc497955f916f40e803e7528 2006-02-13T23:34:11Z Joe Perches joe@perches.com 2006-02-13T23:34:11Z urn:sha1:7a11c4d0635d9f6995736390b8c3346fe6f63d57 From: Joe Perches <joe@perches.com> Based upon a patch by Dave Jones. Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-13T10:39:57Z Marcel Holtmann marcel@holtmann.org 2006-02-13T10:39:57Z urn:sha1:56f3a40a5e7586043260669cc794e56fa58339e1 This patch reduces the default L2CAP MTU for all RFCOMM connections from 1024 to 1013 to improve the interoperability with some broken RFCOMM implementations. To make this more flexible the L2CAP MTU becomes also a module parameter and so it can changed at runtime. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 2006-02-10T00:58:46Z Samuel Ortiz samuel.ortiz@nokia.com 2006-02-10T00:58:46Z urn:sha1:d93077fb0e7cb9d4f4094a649501d840c55fdc8b This patch set IrDA's addr_len properly, i.e to 4 bytes, the size of the IrLAP device address. Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2006-02-05T07:51:17Z Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2006-02-04T10:12:14Z urn:sha1:ddc8d029ac6813827849801bce2d8c8813070db6 __nf_conntrack_{l3}proto_find() doesn't check the passed protocol family, then it's possible to touch out of the array which has only AF_MAX items. Spotted by Pablo Neira Ayuso. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>