1. 29 11月, 2007 4 次提交
    • P
      [BRIDGE]: Lost call to br_fdb_fini() in br_init() error path · 17efdd45
      Pavel Emelyanov 提交于
      In case the br_netfilter_init() (or any subsequent call) 
      fails, the br_fdb_fini() must be called to free the allocated
      in br_fdb_init() br_fdb_cache kmem cache.
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      17efdd45
    • F
      [UNIX]: EOF on non-blocking SOCK_SEQPACKET · 0a112258
      Florian Zumbiehl 提交于
      I am not absolutely sure whether this actually is a bug (as in: I've got
      no clue what the standards say or what other implementations do), but at
      least I was pretty surprised when I noticed that a recv() on a
      non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
      oriented, after all) where the remote end has closed the connection
      returned -1 (EAGAIN) rather than 0 to indicate end of file.
      
      This is a test case:
      
      | #include <sys/types.h>
      | #include <unistd.h>
      | #include <sys/socket.h>
      | #include <sys/un.h>
      | #include <fcntl.h>
      | #include <string.h>
      | #include <stdlib.h>
      | 
      | int main(){
      | 	int sock;
      | 	struct sockaddr_un addr;
      | 	char buf[4096];
      | 	int pfds[2];
      | 
      | 	pipe(pfds);
      | 	sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
      | 	addr.sun_family=AF_UNIX;
      | 	strcpy(addr.sun_path,"/tmp/foobar_testsock");
      | 	bind(sock,(struct sockaddr *)&addr,sizeof(addr));
      | 	listen(sock,1);
      | 	if(fork()){
      | 		close(sock);
      | 		sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
      | 		connect(sock,(struct sockaddr *)&addr,sizeof(addr));
      | 		fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
      | 		close(pfds[1]);
      | 		read(pfds[0],buf,sizeof(buf));
      | 		recv(sock,buf,sizeof(buf),0); // <-- this one
      | 	}else accept(sock,NULL,NULL);
      | 	exit(0);
      | }
      
      If you try it, make sure /tmp/foobar_testsock doesn't exist.
      
      The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
      patch that fixes that.
      Signed-off-by: NFlorian Zumbiehl <florz@florz.de>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0a112258
    • J
      [VLAN]: Fix nested VLAN transmit bug · 6ab3b487
      Joonwoo Park 提交于
      Fix misbehavior of vlan_dev_hard_start_xmit() for recursive encapsulations.
      Signed-off-by: NJoonwoo Park <joonwpark81@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      6ab3b487
    • J
      [SUNGEM]: Fix NAPI regression with reset work · dde655c9
      Johannes Berg 提交于
      sungem's gem_reset_task() will unconditionally try to disable NAPI even
      when it's called while the interface is not operating and hence the NAPI
      struct isn't enabled. Make napi_disable() depend on gp->running.
      
      Also removes a superfluous test of gp->running in the same function.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      dde655c9
  2. 27 11月, 2007 2 次提交
  3. 26 11月, 2007 4 次提交
    • A
      [IPV4]: Remove bogus ifdef mess in arp_process · 3660019e
      Adrian Bunk 提交于
      The #ifdef's in arp_process() were not only a mess, they were also wrong 
      in the CONFIG_NET_ETHERNET=n and (CONFIG_NETDEV_1000=y or 
      CONFIG_NETDEV_10000=y) cases.
      
      Since they are not required this patch removes them.
      
      Also removed are some #ifdef's around #include's that caused compile 
      errors after this change.
      Signed-off-by: NAdrian Bunk <bunk@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      3660019e
    • H
      [SKBUFF]: Free old skb properly in skb_morph · 2d4baff8
      Herbert Xu 提交于
      The skb_morph function only freed the data part of the dst skb, but leaked
      the auxiliary data such as the netfilter fields.  This patch fixes this by
      moving the relevant parts from __kfree_skb to skb_release_all and calling
      it in skb_morph.
      
      It also makes kfree_skbmem static since it's no longer called anywhere else
      and it now no longer does skb_release_data.
      
      Thanks to Yasuyuki KOZAKAI for finding this problem and posting a patch for
      it.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      2d4baff8
    • P
      [IPV4]: Fix memory leak in inet_hashtables.h when NUMA is on · 218ad12f
      Pavel Emelyanov 提交于
      The inet_ehash_locks_alloc() looks like this:
      
      #ifdef CONFIG_NUMA
      	if (size > PAGE_SIZE)
      		x = vmalloc(...);
      	else
      #endif
      		x = kmalloc(...);
      
      Unlike it, the inet_ehash_locks_alloc() looks like this:
      
      #ifdef CONFIG_NUMA
      	if (size > PAGE_SIZE)
      		vfree(x);
      	else
      #else
      		kfree(x);
      #endif
      
      The error is obvious - if the NUMA is on and the size
      is less than the PAGE_SIZE we leak the pointer (kfree is
      inside the #else branch).
      
      Compiler doesn't warn us because after the kfree(x) there's
      a "x = NULL" assignment, so here's another (minor?) bug: we 
      don't set x to NULL under certain circumstances.
      
      Boring explanation, I know... Patch explains it better.
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      218ad12f
    • H
      [IPSEC]: Temporarily remove locks around copying of non-atomic fields · 8053fc3d
      Herbert Xu 提交于
      The change 050f009e
      
      	[IPSEC]: Lock state when copying non-atomic fields to user-space
      
      caused a regression.
      
      Ingo Molnar reports that it causes a potential dead-lock found by the
      lock validator as it tries to take x->lock within xfrm_state_lock while
      numerous other sites take the locks in opposite order.
      
      For 2.6.24, the best fix is to simply remove the added locks as that puts
      us back in the same state as we've been in for years.  For later kernels
      a proper fix would be to reverse the locking order for every xfrm state
      user such that if x->lock is taken together with xfrm_state_lock then
      it is to be taken within it.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8053fc3d
  4. 23 11月, 2007 2 次提交
  5. 22 11月, 2007 5 次提交
  6. 21 11月, 2007 11 次提交
  7. 20 11月, 2007 12 次提交